OLD | NEW |
(Empty) | |
| 1 // This is mozilla/security/manager/ssl/src/md4.c, CVS rev. 1.1, with trivial |
| 2 // changes to port it to our source tree. |
| 3 // |
| 4 // WARNING: MD4 is cryptographically weak. Do not use MD4 except in NTLM |
| 5 // authentication. |
| 6 |
| 7 /* vim:set ts=2 sw=2 et cindent: */ |
| 8 /* ***** BEGIN LICENSE BLOCK ***** |
| 9 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 10 * |
| 11 * The contents of this file are subject to the Mozilla Public License Version |
| 12 * 1.1 (the "License"); you may not use this file except in compliance with |
| 13 * the License. You may obtain a copy of the License at |
| 14 * http://www.mozilla.org/MPL/ |
| 15 * |
| 16 * Software distributed under the License is distributed on an "AS IS" basis, |
| 17 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License |
| 18 * for the specific language governing rights and limitations under the |
| 19 * License. |
| 20 * |
| 21 * The Original Code is Mozilla. |
| 22 * |
| 23 * The Initial Developer of the Original Code is IBM Corporation. |
| 24 * Portions created by IBM Corporation are Copyright (C) 2003 |
| 25 * IBM Corporation. All Rights Reserved. |
| 26 * |
| 27 * Contributor(s): |
| 28 * Darin Fisher <darin@meer.net> |
| 29 * |
| 30 * Alternatively, the contents of this file may be used under the terms of |
| 31 * either the GNU General Public License Version 2 or later (the "GPL"), or |
| 32 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), |
| 33 * in which case the provisions of the GPL or the LGPL are applicable instead |
| 34 * of those above. If you wish to allow use of your version of this file only |
| 35 * under the terms of either the GPL or the LGPL, and not to allow others to |
| 36 * use your version of this file under the terms of the MPL, indicate your |
| 37 * decision by deleting the provisions above and replace them with the notice |
| 38 * and other provisions required by the GPL or the LGPL. If you do not delete |
| 39 * the provisions above, a recipient may use your version of this file under |
| 40 * the terms of any one of the MPL, the GPL or the LGPL. |
| 41 * |
| 42 * ***** END LICENSE BLOCK ***** */ |
| 43 |
| 44 /* |
| 45 * "clean room" MD4 implementation (see RFC 1320) |
| 46 */ |
| 47 |
| 48 #include "net/http/md4.h" |
| 49 |
| 50 #include <string.h> |
| 51 |
| 52 typedef uint32 Uint32; |
| 53 typedef uint8 Uint8; |
| 54 |
| 55 /* the "conditional" function */ |
| 56 #define F(x,y,z) (((x) & (y)) | (~(x) & (z))) |
| 57 |
| 58 /* the "majority" function */ |
| 59 #define G(x,y,z) (((x) & (y)) | ((x) & (z)) | ((y) & (z))) |
| 60 |
| 61 /* the "parity" function */ |
| 62 #define H(x,y,z) ((x) ^ (y) ^ (z)) |
| 63 |
| 64 /* rotate n-bits to the left */ |
| 65 #define ROTL(x,n) (((x) << (n)) | ((x) >> (0x20 - n))) |
| 66 |
| 67 /* round 1: [abcd k s]: a = (a + F(b,c,d) + X[k]) <<< s */ |
| 68 #define RD1(a,b,c,d,k,s) a += F(b,c,d) + X[k]; a = ROTL(a,s) |
| 69 |
| 70 /* round 2: [abcd k s]: a = (a + G(b,c,d) + X[k] + MAGIC) <<< s */ |
| 71 #define RD2(a,b,c,d,k,s) a += G(b,c,d) + X[k] + 0x5A827999; a = ROTL(a,s) |
| 72 |
| 73 /* round 3: [abcd k s]: a = (a + H(b,c,d) + X[k] + MAGIC) <<< s */ |
| 74 #define RD3(a,b,c,d,k,s) a += H(b,c,d) + X[k] + 0x6ED9EBA1; a = ROTL(a,s) |
| 75 |
| 76 /* converts from word array to byte array, len is number of bytes */ |
| 77 static void w2b(Uint8 *out, const Uint32 *in, Uint32 len) |
| 78 { |
| 79 Uint8 *bp; const Uint32 *wp, *wpend; |
| 80 |
| 81 bp = out; |
| 82 wp = in; |
| 83 wpend = wp + (len >> 2); |
| 84 |
| 85 for (; wp != wpend; ++wp, bp += 4) |
| 86 { |
| 87 bp[0] = (Uint8) ((*wp ) & 0xFF); |
| 88 bp[1] = (Uint8) ((*wp >> 8) & 0xFF); |
| 89 bp[2] = (Uint8) ((*wp >> 16) & 0xFF); |
| 90 bp[3] = (Uint8) ((*wp >> 24) & 0xFF); |
| 91 } |
| 92 } |
| 93 |
| 94 /* converts from byte array to word array, len is number of bytes */ |
| 95 static void b2w(Uint32 *out, const Uint8 *in, Uint32 len) |
| 96 { |
| 97 Uint32 *wp; const Uint8 *bp, *bpend; |
| 98 |
| 99 wp = out; |
| 100 bp = in; |
| 101 bpend = in + len; |
| 102 |
| 103 for (; bp != bpend; bp += 4, ++wp) |
| 104 { |
| 105 *wp = (Uint32) (bp[0] ) | |
| 106 (Uint32) (bp[1] << 8) | |
| 107 (Uint32) (bp[2] << 16) | |
| 108 (Uint32) (bp[3] << 24); |
| 109 } |
| 110 } |
| 111 |
| 112 /* update state: data is 64 bytes in length */ |
| 113 static void md4step(Uint32 state[4], const Uint8 *data) |
| 114 { |
| 115 Uint32 A, B, C, D, X[16]; |
| 116 |
| 117 b2w(X, data, 64); |
| 118 |
| 119 A = state[0]; |
| 120 B = state[1]; |
| 121 C = state[2]; |
| 122 D = state[3]; |
| 123 |
| 124 RD1(A,B,C,D, 0,3); RD1(D,A,B,C, 1,7); RD1(C,D,A,B, 2,11); RD1(B,C,D,A, 3,19); |
| 125 RD1(A,B,C,D, 4,3); RD1(D,A,B,C, 5,7); RD1(C,D,A,B, 6,11); RD1(B,C,D,A, 7,19); |
| 126 RD1(A,B,C,D, 8,3); RD1(D,A,B,C, 9,7); RD1(C,D,A,B,10,11); RD1(B,C,D,A,11,19); |
| 127 RD1(A,B,C,D,12,3); RD1(D,A,B,C,13,7); RD1(C,D,A,B,14,11); RD1(B,C,D,A,15,19); |
| 128 |
| 129 RD2(A,B,C,D, 0,3); RD2(D,A,B,C, 4,5); RD2(C,D,A,B, 8, 9); RD2(B,C,D,A,12,13); |
| 130 RD2(A,B,C,D, 1,3); RD2(D,A,B,C, 5,5); RD2(C,D,A,B, 9, 9); RD2(B,C,D,A,13,13); |
| 131 RD2(A,B,C,D, 2,3); RD2(D,A,B,C, 6,5); RD2(C,D,A,B,10, 9); RD2(B,C,D,A,14,13); |
| 132 RD2(A,B,C,D, 3,3); RD2(D,A,B,C, 7,5); RD2(C,D,A,B,11, 9); RD2(B,C,D,A,15,13); |
| 133 |
| 134 RD3(A,B,C,D, 0,3); RD3(D,A,B,C, 8,9); RD3(C,D,A,B, 4,11); RD3(B,C,D,A,12,15); |
| 135 RD3(A,B,C,D, 2,3); RD3(D,A,B,C,10,9); RD3(C,D,A,B, 6,11); RD3(B,C,D,A,14,15); |
| 136 RD3(A,B,C,D, 1,3); RD3(D,A,B,C, 9,9); RD3(C,D,A,B, 5,11); RD3(B,C,D,A,13,15); |
| 137 RD3(A,B,C,D, 3,3); RD3(D,A,B,C,11,9); RD3(C,D,A,B, 7,11); RD3(B,C,D,A,15,15); |
| 138 |
| 139 state[0] += A; |
| 140 state[1] += B; |
| 141 state[2] += C; |
| 142 state[3] += D; |
| 143 } |
| 144 |
| 145 namespace net { |
| 146 namespace weak_crypto { |
| 147 |
| 148 void MD4Sum(const Uint8 *input, Uint32 inputLen, Uint8 *result) |
| 149 { |
| 150 Uint8 final[128]; |
| 151 Uint32 i, n, m, state[4]; |
| 152 |
| 153 /* magic initial states */ |
| 154 state[0] = 0x67452301; |
| 155 state[1] = 0xEFCDAB89; |
| 156 state[2] = 0x98BADCFE; |
| 157 state[3] = 0x10325476; |
| 158 |
| 159 /* compute number of complete 64-byte segments contained in input */ |
| 160 m = inputLen >> 6; |
| 161 |
| 162 /* digest first m segments */ |
| 163 for (i=0; i<m; ++i) |
| 164 md4step(state, (input + (i << 6))); |
| 165 |
| 166 /* build final buffer */ |
| 167 n = inputLen % 64; |
| 168 memcpy(final, input + (m << 6), n); |
| 169 final[n] = 0x80; |
| 170 memset(final + n + 1, 0, 120 - (n + 1)); |
| 171 |
| 172 inputLen = inputLen << 3; |
| 173 w2b(final + (n >= 56 ? 120 : 56), &inputLen, 4); |
| 174 |
| 175 md4step(state, final); |
| 176 if (n >= 56) |
| 177 md4step(state, final + 64); |
| 178 |
| 179 /* copy state to result */ |
| 180 w2b(result, state, 16); |
| 181 } |
| 182 |
| 183 } // namespace net::weak_crypto |
| 184 } // namespace net |
OLD | NEW |