search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
release 0.92.3
[cntlm.git] / xcrypt.c
blob609e010153d0aeff5eda23a2ae9362487d4c8861
1 /* des.c --- DES and Triple-DES encryption/decryption Algorithm
2 * Copyright (C) 1998, 1999, 2001, 2002, 2003, 2004, 2005, 2006, 2007
3 * Free Software Foundation, Inc.
4 *
5 * This file is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published
7 * by the Free Software Foundation; either version 2, or (at your
8 * option) any later version.
9 *
10 * This file is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this file; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
18 * 02110-1301, USA.
19 *
20 * ----------------------------------------------------------------------
21 * Functions to compute MD4 message digest of files or memory blocks.
22 * according to the definition of MD4 in RFC 1320 from April 1992. Copyright
23 * (C) 1995,1996,1997,1999,2000,2001,2002,2003,2005,2006 Free Software
24 * Foundation, Inc.
25 *
26 * This program is free software; you can redistribute it and/or modify it
27 * under the terms of the GNU General Public License as published by the
28 * Free Software Foundation; either version 2, or (at your option) any
29 * later version.
30 *
31 * This program is distributed in the hope that it will be useful,
32 * but WITHOUT ANY WARRANTY; without even the implied warranty of
33 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
34 * GNU General Public License for more details.
35 *
36 * You should have received a copy of the GNU General Public License
37 * along with this program; if not, write to the Free Software Foundation,
38 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
39 */
40
41 #include <sys/types.h>
42 #include <stddef.h>
43 #include <stdlib.h>
44 #include <string.h>
45 #include <stdbool.h>
46 #include <stdint.h>
47
48 #include "xcrypt.h"
49 #include "swap.h"
50
51 #define SWAP(n) U32LE(n)
52
53 #define BLOCKSIZE 4096
54 #if BLOCKSIZE % 64 != 0
55 # error "invalid BLOCKSIZE"
56 #endif
57
58 /*
59 * To check alignment gcc has an appropriate operator. Other compilers don't.
60 */
61 # if __GNUC__ >= 2
62 # define UNALIGNED_P(p) (((uintptr_t) p) % __alignof__ (uint32_t) != 0)
63 # else
64 # define alignof(type) offsetof (struct { char c; type x; }, x)
65 # define UNALIGNED_P(p) (((size_t) p) % alignof (uint32_t) != 0)
66 # endif
67
68 # define MD4_DIGEST_SIZE 16
69
70 /* MD4 round constants */
71 #define K1 0x5a827999
72 #define K2 0x6ed9eba1
73
74 /* Round functions. */
75 #define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
76 #define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
77 #define H(x, y, z) ((x) ^ (y) ^ (z))
78 #define rol(x, n) (((x) << (n)) | ((uint32_t) (x) >> (32 - (n))))
79 #define R1(a,b,c,d,k,s) a=rol(a+F(b,c,d)+x[k],s);
80 #define R2(a,b,c,d,k,s) a=rol(a+G(b,c,d)+x[k]+K1,s);
81 #define R3(a,b,c,d,k,s) a=rol(a+H(b,c,d)+x[k]+K2,s);
82
83 /* This array contains the bytes used to pad the buffer to the next
84 64-byte boundary. (RFC 1320, 3.1: Step 1) */
85 static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
86
87 /*
88 * The s-box values are permuted according to the 'primitive function P'
89 * and are rotated one bit to the left.
90 */
91 static const uint32_t sbox1[64] = {
92 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404,
93 0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400,
94 0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400,
95 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
96 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404,
97 0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000,
98 0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000,
99 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
100 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404,
101 0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000,
102 0x00010004, 0x00010400, 0x00000000, 0x01010004
103 };
104
105 static const uint32_t sbox2[64] = {
106 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020,
107 0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000,
108 0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020,
109 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
110 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000,
111 0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000,
112 0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000,
113 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
114 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020,
115 0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020,
116 0x80000000, 0x80100020, 0x80108020, 0x00108000
117 };
118
119 static const uint32_t sbox3[64] = {
120 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000,
121 0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000,
122 0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008,
123 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
124 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208,
125 0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208,
126 0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008,
127 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
128 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208,
129 0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000,
130 0x00020208, 0x00000008, 0x08020008, 0x00020200
131 };
132
133 static const uint32_t sbox4[64] = {
134 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081,
135 0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081,
136 0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000,
137 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
138 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080,
139 0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081,
140 0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080,
141 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
142 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001,
143 0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001,
144 0x00000080, 0x00800000, 0x00002000, 0x00802080
145 };
146
147 static const uint32_t sbox5[64] = {
148 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100,
149 0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100,
150 0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000,
151 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
152 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000,
153 0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000,
154 0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000,
155 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
156 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000,
157 0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000,
158 0x00000000, 0x40080000, 0x02080100, 0x40000100
159 };
160
161 static const uint32_t sbox6[64] = {
162 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010,
163 0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010,
164 0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010,
165 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
166 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000,
167 0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000,
168 0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000,
169 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
170 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000,
171 0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000,
172 0x20404000, 0x20000000, 0x00400010, 0x20004010
173 };
174
175 static const uint32_t sbox7[64] = {
176 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802,
177 0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002,
178 0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802,
179 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
180 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002,
181 0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802,
182 0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000,
183 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
184 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000,
185 0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800,
186 0x04000002, 0x04000800, 0x00000800, 0x00200002
187 };
188
189 static const uint32_t sbox8[64] = {
190 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040,
191 0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000,
192 0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040,
193 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
194 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000,
195 0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000,
196 0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040,
197 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
198 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000,
199 0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040,
200 0x00001040, 0x00040040, 0x10000000, 0x10041000
201 };
202
203 /*
204 * These two tables are part of the 'permuted choice 1' function.
205 * In this implementation several speed improvements are done.
206 */
207 static const uint32_t leftkey_swap[16] = {
208 0x00000000, 0x00000001, 0x00000100, 0x00000101,
209 0x00010000, 0x00010001, 0x00010100, 0x00010101,
210 0x01000000, 0x01000001, 0x01000100, 0x01000101,
211 0x01010000, 0x01010001, 0x01010100, 0x01010101
212 };
213
214 static const uint32_t rightkey_swap[16] = {
215 0x00000000, 0x01000000, 0x00010000, 0x01010000,
216 0x00000100, 0x01000100, 0x00010100, 0x01010100,
217 0x00000001, 0x01000001, 0x00010001, 0x01010001,
218 0x00000101, 0x01000101, 0x00010101, 0x01010101,
219 };
220
221 /*
222 * Numbers of left shifts per round for encryption subkeys. To
223 * calculate the decryption subkeys we just reverse the ordering of
224 * the calculated encryption subkeys, so there is no need for a
225 * decryption rotate tab.
226 */
227 static const unsigned char encrypt_rotate_tab[16] = {
228 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
229 };
230
231 /*
232 * Table with weak DES keys sorted in ascending order. In DES there
233 * are 64 known keys which are weak. They are weak because they
234 * produce only one, two or four different subkeys in the subkey
235 * scheduling process. The keys in this table have all their parity
236 * bits cleared.
237 */
238 static const unsigned char weak_keys[64][8] = {
239 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /*w */
240 {0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e},
241 {0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0},
242 {0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe},
243 {0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e}, /*sw */
244 {0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00},
245 {0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe},
246 {0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0},
247 {0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0}, /*sw */
248 {0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe},
249 {0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00},
250 {0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e},
251 {0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe}, /*sw */
252 {0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0},
253 {0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e},
254 {0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00},
255 {0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e},
256 {0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00}, /*sw */
257 {0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe},
258 {0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0},
259 {0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00},
260 {0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e}, /*w */
261 {0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0},
262 {0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe},
263 {0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe},
264 {0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0}, /*sw */
265 {0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e},
266 {0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00},
267 {0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0},
268 {0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe}, /*sw */
269 {0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00},
270 {0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e},
271 {0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0},
272 {0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe},
273 {0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00}, /*sw */
274 {0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e},
275 {0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe},
276 {0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0},
277 {0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e}, /*sw */
278 {0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00},
279 {0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00},
280 {0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e},
281 {0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0}, /*w */
282 {0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe},
283 {0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e},
284 {0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00},
285 {0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe}, /*sw */
286 {0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0},
287 {0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe},
288 {0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0},
289 {0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e},
290 {0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00}, /*sw */
291 {0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0},
292 {0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe},
293 {0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00},
294 {0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e}, /*sw */
295 {0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e},
296 {0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00},
297 {0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe},
298 {0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0}, /*sw */
299 {0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00},
300 {0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e},
301 {0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0},
302 {0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe} /*w */
303 };
304
305
306 bool gl_des_is_weak_key (const char * key) {
307 char work[8];
308 int i, left, right, middle, cmp_result;
309
310 /* clear parity bits */
311 for (i = 0; i < 8; ++i)
312 work[i] = ((unsigned char)key[i]) & 0xfe;
313
314 /* binary search in the weak key table */
315 left = 0;
316 right = 63;
317 while (left <= right)
318 {
319 middle = (left + right) / 2;
320
321 if (!(cmp_result = memcmp (work, weak_keys[middle], 8)))
322 return -1;
323
324 if (cmp_result > 0)
325 left = middle + 1;
326 else
327 right = middle - 1;
328 }
329
330 return 0;
331 }
332
333 /*
334 * Macro to swap bits across two words.
335 */
336 #define DO_PERMUTATION(a, temp, b, offset, mask) \
337 temp = ((a>>offset) ^ b) & mask; \
338 b ^= temp; \
339 a ^= temp<<offset;
340
341
342 /*
343 * This performs the 'initial permutation' of the data to be encrypted
344 * or decrypted. Additionally the resulting two words are rotated one bit
345 * to the left.
346 */
347 #define INITIAL_PERMUTATION(left, temp, right) \
348 DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f) \
349 DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
350 DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
351 DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
352 right = (right << 1) | (right >> 31); \
353 temp = (left ^ right) & 0xaaaaaaaa; \
354 right ^= temp; \
355 left ^= temp; \
356 left = (left << 1) | (left >> 31);
357
358 /*
359 * The 'inverse initial permutation'.
360 */
361 #define FINAL_PERMUTATION(left, temp, right) \
362 left = (left << 31) | (left >> 1); \
363 temp = (left ^ right) & 0xaaaaaaaa; \
364 left ^= temp; \
365 right ^= temp; \
366 right = (right << 31) | (right >> 1); \
367 DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
368 DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
369 DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
370 DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)
371
372
373 /*
374 * A full DES round including 'expansion function', 'sbox substitution'
375 * and 'primitive function P' but without swapping the left and right word.
376 * Please note: The data in 'from' and 'to' is already rotated one bit to
377 * the left, done in the initial permutation.
378 */
379 #define DES_ROUND(from, to, work, subkey) \
380 work = from ^ *subkey++; \
381 to ^= sbox8[ work & 0x3f ]; \
382 to ^= sbox6[ (work>>8) & 0x3f ]; \
383 to ^= sbox4[ (work>>16) & 0x3f ]; \
384 to ^= sbox2[ (work>>24) & 0x3f ]; \
385 work = ((from << 28) | (from >> 4)) ^ *subkey++; \
386 to ^= sbox7[ work & 0x3f ]; \
387 to ^= sbox5[ (work>>8) & 0x3f ]; \
388 to ^= sbox3[ (work>>16) & 0x3f ]; \
389 to ^= sbox1[ (work>>24) & 0x3f ];
390
391 /*
392 * Macros to convert 8 bytes from/to 32bit words.
393 */
394 #define READ_64BIT_DATA(data, left, right) \
395 left = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; \
396 right = (data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7];
397
398 #define WRITE_64BIT_DATA(data, left, right) \
399 data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; \
400 data[2] = (left >> 8) &0xff; data[3] = left &0xff; \
401 data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff; \
402 data[6] = (right >> 8) &0xff; data[7] = right &0xff;
403
404 /*
405 * des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for
406 * 16 encryption rounds.
407 * To calculate subkeys for decryption the caller
408 * have to reorder the generated subkeys.
409 *
410 * rawkey: 8 Bytes of key data
411 * subkey: Array of at least 32 uint32_ts. Will be filled
412 * with calculated subkeys.
413 *
414 */
415 static void des_key_schedule (const char * _rawkey, uint32_t * subkey) {
416 const unsigned char *rawkey = (const unsigned char *) _rawkey;
417 uint32_t left, right, work;
418 int round;
419
420 READ_64BIT_DATA (rawkey, left, right)
421 DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
422 DO_PERMUTATION (right, work, left, 0, 0x10101010)
423 left = ((leftkey_swap[(left >> 0) & 0xf] << 3)
424 | (leftkey_swap[(left >> 8) & 0xf] << 2)
425 | (leftkey_swap[(left >> 16) & 0xf] << 1)
426 | (leftkey_swap[(left >> 24) & 0xf])
427 | (leftkey_swap[(left >> 5) & 0xf] << 7)
428 | (leftkey_swap[(left >> 13) & 0xf] << 6)
429 | (leftkey_swap[(left >> 21) & 0xf] << 5)
430 | (leftkey_swap[(left >> 29) & 0xf] << 4));
431
432 left &= 0x0fffffff;
433
434 right = ((rightkey_swap[(right >> 1) & 0xf] << 3)
435 | (rightkey_swap[(right >> 9) & 0xf] << 2)
436 | (rightkey_swap[(right >> 17) & 0xf] << 1)
437 | (rightkey_swap[(right >> 25) & 0xf])
438 | (rightkey_swap[(right >> 4) & 0xf] << 7)
439 | (rightkey_swap[(right >> 12) & 0xf] << 6)
440 | (rightkey_swap[(right >> 20) & 0xf] << 5)
441 | (rightkey_swap[(right >> 28) & 0xf] << 4));
442
443 right &= 0x0fffffff;
444
445 for (round = 0; round < 16; ++round)
446 {
447 left = ((left << encrypt_rotate_tab[round])
448 | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
449 right = ((right << encrypt_rotate_tab[round])
450 | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
451
452 *subkey++ = (((left << 4) & 0x24000000)
453 | ((left << 28) & 0x10000000)
454 | ((left << 14) & 0x08000000)
455 | ((left << 18) & 0x02080000)
456 | ((left << 6) & 0x01000000)
457 | ((left << 9) & 0x00200000)
458 | ((left >> 1) & 0x00100000)
459 | ((left << 10) & 0x00040000)
460 | ((left << 2) & 0x00020000)
461 | ((left >> 10) & 0x00010000)
462 | ((right >> 13) & 0x00002000)
463 | ((right >> 4) & 0x00001000)
464 | ((right << 6) & 0x00000800)
465 | ((right >> 1) & 0x00000400)
466 | ((right >> 14) & 0x00000200)
467 | (right & 0x00000100)
468 | ((right >> 5) & 0x00000020)
469 | ((right >> 10) & 0x00000010)
470 | ((right >> 3) & 0x00000008)
471 | ((right >> 18) & 0x00000004)
472 | ((right >> 26) & 0x00000002)
473 | ((right >> 24) & 0x00000001));
474
475 *subkey++ = (((left << 15) & 0x20000000)
476 | ((left << 17) & 0x10000000)
477 | ((left << 10) & 0x08000000)
478 | ((left << 22) & 0x04000000)
479 | ((left >> 2) & 0x02000000)
480 | ((left << 1) & 0x01000000)
481 | ((left << 16) & 0x00200000)
482 | ((left << 11) & 0x00100000)
483 | ((left << 3) & 0x00080000)
484 | ((left >> 6) & 0x00040000)
485 | ((left << 15) & 0x00020000)
486 | ((left >> 4) & 0x00010000)
487 | ((right >> 2) & 0x00002000)
488 | ((right << 8) & 0x00001000)
489 | ((right >> 14) & 0x00000808)
490 | ((right >> 9) & 0x00000400)
491 | ((right) & 0x00000200)
492 | ((right << 7) & 0x00000100)
493 | ((right >> 7) & 0x00000020)
494 | ((right >> 3) & 0x00000011)
495 | ((right << 2) & 0x00000004)
496 | ((right >> 21) & 0x00000002));
497 }
498 }
499
500 void gl_des_setkey (gl_des_ctx *ctx, const char * key) {
501 int i;
502
503 des_key_schedule (key, ctx->encrypt_subkeys);
504
505 for (i = 0; i < 32; i += 2)
506 {
507 ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30 - i];
508 ctx->decrypt_subkeys[i + 1] = ctx->encrypt_subkeys[31 - i];
509 }
510 }
511
512 bool gl_des_makekey (gl_des_ctx *ctx, const char * key, size_t keylen) {
513 if (keylen != 8)
514 return false;
515
516 gl_des_setkey (ctx, key);
517
518 return !gl_des_is_weak_key (key);
519 }
520
521 void gl_des_ecb_crypt (gl_des_ctx *ctx, const char * _from, char * _to, int mode) {
522 const unsigned char *from = (const unsigned char *) _from;
523 unsigned char *to = (unsigned char *) _to;
524 uint32_t left, right, work;
525 uint32_t *keys;
526
527 keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
528
529 READ_64BIT_DATA (from, left, right)
530 INITIAL_PERMUTATION (left, work, right)
531 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
532 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
533 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
534 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
535 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
536 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
537 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
538 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
539 FINAL_PERMUTATION (right, work, left)
540 WRITE_64BIT_DATA (to, right, left)
541 }
542
543 /* Process LEN bytes of BUFFER, accumulating context into CTX.
544 It is assumed that LEN % 64 == 0. */
545 void md4_process_block (const void *buffer, size_t len, struct md4_ctx *ctx) {
546 const uint32_t *words = buffer;
547 size_t nwords = len / sizeof (uint32_t);
548 const uint32_t *endp = words + nwords;
549 uint32_t x[16];
550 uint32_t A = ctx->A;
551 uint32_t B = ctx->B;
552 uint32_t C = ctx->C;
553 uint32_t D = ctx->D;
554
555 /* First increment the byte count. RFC 1320 specifies the possible
556 length of the file up to 2^64 bits. Here we only compute the
557 number of bytes. Do a double word increment. */
558 ctx->total[0] += len;
559 if (ctx->total[0] < len)
560 ++ctx->total[1];
561
562 /* Process all bytes in the buffer with 64 bytes in each round of
563 the loop. */
564 while (words < endp)
565 {
566 int t;
567 for (t = 0; t < 16; t++)
568 {
569 x[t] = SWAP (*words);
570 words++;
571 }
572
573 /* Round 1. */
574 R1 (A, B, C, D, 0, 3);
575 R1 (D, A, B, C, 1, 7);
576 R1 (C, D, A, B, 2, 11);
577 R1 (B, C, D, A, 3, 19);
578 R1 (A, B, C, D, 4, 3);
579 R1 (D, A, B, C, 5, 7);
580 R1 (C, D, A, B, 6, 11);
581 R1 (B, C, D, A, 7, 19);
582 R1 (A, B, C, D, 8, 3);
583 R1 (D, A, B, C, 9, 7);
584 R1 (C, D, A, B, 10, 11);
585 R1 (B, C, D, A, 11, 19);
586 R1 (A, B, C, D, 12, 3);
587 R1 (D, A, B, C, 13, 7);
588 R1 (C, D, A, B, 14, 11);
589 R1 (B, C, D, A, 15, 19);
590
591 /* Round 2. */
592 R2 (A, B, C, D, 0, 3);
593 R2 (D, A, B, C, 4, 5);
594 R2 (C, D, A, B, 8, 9);
595 R2 (B, C, D, A, 12, 13);
596 R2 (A, B, C, D, 1, 3);
597 R2 (D, A, B, C, 5, 5);
598 R2 (C, D, A, B, 9, 9);
599 R2 (B, C, D, A, 13, 13);
600 R2 (A, B, C, D, 2, 3);
601 R2 (D, A, B, C, 6, 5);
602 R2 (C, D, A, B, 10, 9);
603 R2 (B, C, D, A, 14, 13);
604 R2 (A, B, C, D, 3, 3);
605 R2 (D, A, B, C, 7, 5);
606 R2 (C, D, A, B, 11, 9);
607 R2 (B, C, D, A, 15, 13);
608
609 /* Round 3. */
610 R3 (A, B, C, D, 0, 3);
611 R3 (D, A, B, C, 8, 9);
612 R3 (C, D, A, B, 4, 11);
613 R3 (B, C, D, A, 12, 15);
614 R3 (A, B, C, D, 2, 3);
615 R3 (D, A, B, C, 10, 9);
616 R3 (C, D, A, B, 6, 11);
617 R3 (B, C, D, A, 14, 15);
618 R3 (A, B, C, D, 1, 3);
619 R3 (D, A, B, C, 9, 9);
620 R3 (C, D, A, B, 5, 11);
621 R3 (B, C, D, A, 13, 15);
622 R3 (A, B, C, D, 3, 3);
623 R3 (D, A, B, C, 11, 9);
624 R3 (C, D, A, B, 7, 11);
625 R3 (B, C, D, A, 15, 15);
626
627 A = ctx->A += A;
628 B = ctx->B += B;
629 C = ctx->C += C;
630 D = ctx->D += D;
631 }
632 }
633
634 /* Initialize structure containing state of computation.
635 (RFC 1320, 3.3: Step 3) */
636 void md4_init_ctx (struct md4_ctx *ctx) {
637 ctx->A = 0x67452301;
638 ctx->B = 0xefcdab89;
639 ctx->C = 0x98badcfe;
640 ctx->D = 0x10325476;
641
642 ctx->total[0] = ctx->total[1] = 0;
643 ctx->buflen = 0;
644 }
645
646 /* Put result from CTX in first 16 bytes following RESBUF. The result
647 must be in little endian byte order.
648
649 IMPORTANT: On some systems it is required that RESBUF is correctly
650 aligned for a 32 bits value. */
651 void * md4_read_ctx (const struct md4_ctx *ctx, void *resbuf) {
652 ((uint32_t *) resbuf)[0] = SWAP (ctx->A);
653 ((uint32_t *) resbuf)[1] = SWAP (ctx->B);
654 ((uint32_t *) resbuf)[2] = SWAP (ctx->C);
655 ((uint32_t *) resbuf)[3] = SWAP (ctx->D);
656
657 return resbuf;
658 }
659
660 /* Process the remaining bytes in the internal buffer and the usual
661 prolog according to the standard and write the result to RESBUF.
662
663 IMPORTANT: On some systems it is required that RESBUF is correctly
664 aligned for a 32 bits value. */
665 void * md4_finish_ctx (struct md4_ctx *ctx, void *resbuf) {
666 /* Take yet unprocessed bytes into account. */
667 uint32_t bytes = ctx->buflen;
668 size_t pad;
669
670 /* Now count remaining bytes. */
671 ctx->total[0] += bytes;
672 if (ctx->total[0] < bytes)
673 ++ctx->total[1];
674
675 pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes;
676 memcpy (&((char*)ctx->buffer)[bytes], fillbuf, pad);
677
678 /* Put the 64-bit file length in *bits* at the end of the buffer. */
679 ctx->buffer[(bytes + pad) / 4] = SWAP (ctx->total[0] << 3);
680 ctx->buffer[(bytes + pad) / 4 + 1] = SWAP ((ctx->total[1] << 3) |
681 (ctx->total[0] >> 29));
682
683 /* Process last bytes. */
684 md4_process_block (ctx->buffer, bytes + pad + 8, ctx);
685
686 return md4_read_ctx (ctx, resbuf);
687 }
688
689 void md4_process_bytes (const void *buffer, size_t len, struct md4_ctx *ctx) {
690 /* When we already have some bits in our internal buffer concatenate
691 both inputs first. */
692 if (ctx->buflen != 0)
693 {
694 size_t left_over = ctx->buflen;
695 size_t add = 128 - left_over > len ? len : 128 - left_over;
696
697 memcpy (&((char*)ctx->buffer)[left_over], buffer, add);
698 ctx->buflen += add;
699
700 if (ctx->buflen > 64)
701 {
702 md4_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
703
704 ctx->buflen &= 63;
705 /* The regions in the following copy operation cannot overlap. */
706 memcpy (ctx->buffer, &((char*)ctx->buffer)[(left_over + add) & ~63],
707 ctx->buflen);
708 }
709
710 buffer = (const char *) buffer + add;
711 len -= add;
712 }
713
714 /* Process available complete blocks. */
715 if (len >= 64)
716 {
717 #if !_STRING_ARCH_unaligned
718 if (UNALIGNED_P (buffer))
719 while (len > 64)
720 {
721 md4_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx);
722 buffer = (const char *) buffer + 64;
723 len -= 64;
724 }
725 else
726 #endif
727 {
728 md4_process_block (buffer, len & ~63, ctx);
729 buffer = (const char *) buffer + (len & ~63);
730 len &= 63;
731 }
732 }
733
734 /* Move remaining bytes in internal buffer. */
735 if (len > 0)
736 {
737 size_t left_over = ctx->buflen;
738
739 memcpy (&((char*)ctx->buffer)[left_over], buffer, len);
740 left_over += len;
741 if (left_over >= 64)
742 {
743 md4_process_block (ctx->buffer, 64, ctx);
744 left_over -= 64;
745 memcpy (ctx->buffer, &ctx->buffer[16], left_over);
746 }
747 ctx->buflen = left_over;
748 }
749 }
750
751 /* Compute MD4 message digest for bytes read from STREAM. The
752 resulting message digest number will be written into the 16 bytes
753 beginning at RESBLOCK. */
754 int md4_stream (FILE * stream, void *resblock) {
755 struct md4_ctx ctx;
756 char buffer[BLOCKSIZE + 72];
757 size_t sum;
758
759 /* Initialize the computation context. */
760 md4_init_ctx (&ctx);
761
762 /* Iterate over full file contents. */
763 while (1)
764 {
765 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
766 computation function processes the whole buffer so that with the
767 next round of the loop another block can be read. */
768 size_t n;
769 sum = 0;
770
771 /* Read block. Take care for partial reads. */
772 while (1)
773 {
774 n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
775
776 sum += n;
777
778 if (sum == BLOCKSIZE)
779 break;
780
781 if (n == 0)
782 {
783 /* Check for the error flag IFF N == 0, so that we don't
784 exit the loop after a partial read due to e.g., EAGAIN
785 or EWOULDBLOCK. */
786 if (ferror (stream))
787 return 1;
788 goto process_partial_block;
789 }
790
791 /* We've read at least one byte, so ignore errors. But always
792 check for EOF, since feof may be true even though N > 0.
793 Otherwise, we could end up calling fread after EOF. */
794 if (feof (stream))
795 goto process_partial_block;
796 }
797
798 /* Process buffer with BLOCKSIZE bytes. Note that
799 BLOCKSIZE % 64 == 0
800 */
801 md4_process_block (buffer, BLOCKSIZE, &ctx);
802 }
803
804 process_partial_block:;
805
806 /* Process any remaining bytes. */
807 if (sum > 0)
808 md4_process_bytes (buffer, sum, &ctx);
809
810 /* Construct result in desired memory. */
811 md4_finish_ctx (&ctx, resblock);
812 return 0;
813 }
814
815 /* Compute MD4 message digest for LEN bytes beginning at BUFFER. The
816 result is always in little endian byte order, so that a byte-wise
817 output yields to the wanted ASCII representation of the message
818 digest. */
819 void * md4_buffer (const char *buffer, size_t len, void *resblock) {
820 struct md4_ctx ctx;
821
822 /* Initialize the computation context. */
823 md4_init_ctx (&ctx);
824
825 /* Process whole buffer but last len % 64 bytes. */
826 md4_process_bytes (buffer, len, &ctx);
827
828 /* Put result in desired memory area. */
829 return md4_finish_ctx (&ctx, resblock);
830 }
831
832 void * memxor (void *dest, const void *src, size_t n) {
833 char const *s = src;
834 char *d = dest;
835
836 for (; n > 0; n--)
837 *d++ ^= *s++;
838
839 return dest;
840 }
841
842 int hmac_md5 (const void *key, size_t keylen, const void *in, size_t inlen, void *resbuf)
843 {
844 struct md5_ctx inner;
845 struct md5_ctx outer;
846 char optkeybuf[16];
847 char block[64];
848 char innerhash[16];
849
850 /* Reduce the key's size, so that it becomes <= 64 bytes large. */
851
852 if (keylen > 64)
853 {
854 struct md5_ctx keyhash;
855
856 md5_init_ctx (&keyhash);
857 md5_process_bytes (key, keylen, &keyhash);
858 md5_finish_ctx (&keyhash, optkeybuf);
859
860 key = optkeybuf;
861 keylen = 16;
862 }
863
864 /* Compute INNERHASH from KEY and IN. */
865
866 md5_init_ctx (&inner);
867
868 memset (block, IPAD, sizeof (block));
869 memxor (block, key, keylen);
870
871 md5_process_block (block, 64, &inner);
872 md5_process_bytes (in, inlen, &inner);
873
874 md5_finish_ctx (&inner, innerhash);
875
876 /* Compute result from KEY and INNERHASH. */
877
878 md5_init_ctx (&outer);
879
880 memset (block, OPAD, sizeof (block));
881 memxor (block, key, keylen);
882
883 md5_process_block (block, 64, &outer);
884 md5_process_bytes (innerhash, 16, &outer);
885
886 md5_finish_ctx (&outer, resbuf);
887
888 return 0;
889 }
890
891
892
893 /* Initialize structure containing state of computation.
894 (RFC 1321, 3.3: Step 3) */
895 void
896 md5_init_ctx (struct md5_ctx *ctx)
897 {
898 ctx->A = 0x67452301;
899 ctx->B = 0xefcdab89;
900 ctx->C = 0x98badcfe;
901 ctx->D = 0x10325476;
902
903 ctx->total[0] = ctx->total[1] = 0;
904 ctx->buflen = 0;
905 }
906
907 /* Put result from CTX in first 16 bytes following RESBUF. The result
908 must be in little endian byte order.
909
910 IMPORTANT: On some systems it is required that RESBUF is correctly
911 aligned for a 32-bit value. */
912 void *
913 md5_read_ctx (const struct md5_ctx *ctx, void *resbuf)
914 {
915 ((uint32_t *) resbuf)[0] = SWAP (ctx->A);
916 ((uint32_t *) resbuf)[1] = SWAP (ctx->B);
917 ((uint32_t *) resbuf)[2] = SWAP (ctx->C);
918 ((uint32_t *) resbuf)[3] = SWAP (ctx->D);
919
920 return resbuf;
921 }
922
923 /* Process the remaining bytes in the internal buffer and the usual
924 prolog according to the standard and write the result to RESBUF.
925
926 IMPORTANT: On some systems it is required that RESBUF is correctly
927 aligned for a 32-bit value. */
928 void *
929 md5_finish_ctx (struct md5_ctx *ctx, void *resbuf)
930 {
931 /* Take yet unprocessed bytes into account. */
932 uint32_t bytes = ctx->buflen;
933 size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4;
934
935 /* Now count remaining bytes. */
936 ctx->total[0] += bytes;
937 if (ctx->total[0] < bytes)
938 ++ctx->total[1];
939
940 /* Put the 64-bit file length in *bits* at the end of the buffer. */
941 ctx->buffer[size - 2] = SWAP (ctx->total[0] << 3);
942 ctx->buffer[size - 1] = SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29));
943
944 memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes);
945
946 /* Process last bytes. */
947 md5_process_block (ctx->buffer, size * 4, ctx);
948
949 return md5_read_ctx (ctx, resbuf);
950 }
951
952 /* Compute MD5 message digest for bytes read from STREAM. The
953 resulting message digest number will be written into the 16 bytes
954 beginning at RESBLOCK. */
955 int
956 md5_stream (FILE *stream, void *resblock)
957 {
958 struct md5_ctx ctx;
959 char buffer[BLOCKSIZE + 72];
960 size_t sum;
961
962 /* Initialize the computation context. */
963 md5_init_ctx (&ctx);
964
965 /* Iterate over full file contents. */
966 while (1)
967 {
968 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
969 computation function processes the whole buffer so that with the
970 next round of the loop another block can be read. */
971 size_t n;
972 sum = 0;
973
974 /* Read block. Take care for partial reads. */
975 while (1)
976 {
977 n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
978
979 sum += n;
980
981 if (sum == BLOCKSIZE)
982 break;
983
984 if (n == 0)
985 {
986 /* Check for the error flag IFF N == 0, so that we don't
987 exit the loop after a partial read due to e.g., EAGAIN
988 or EWOULDBLOCK. */
989 if (ferror (stream))
990 return 1;
991 goto process_partial_block;
992 }
993
994 /* We've read at least one byte, so ignore errors. But always
995 check for EOF, since feof may be true even though N > 0.
996 Otherwise, we could end up calling fread after EOF. */
997 if (feof (stream))
998 goto process_partial_block;
999 }
1000
1001 /* Process buffer with BLOCKSIZE bytes. Note that
1002 BLOCKSIZE % 64 == 0
1003 */
1004 md5_process_block (buffer, BLOCKSIZE, &ctx);
1005 }
1006
1007 process_partial_block:
1008
1009 /* Process any remaining bytes. */
1010 if (sum > 0)
1011 md5_process_bytes (buffer, sum, &ctx);
1012
1013 /* Construct result in desired memory. */
1014 md5_finish_ctx (&ctx, resblock);
1015 return 0;
1016 }
1017
1018 /* Compute MD5 message digest for LEN bytes beginning at BUFFER. The
1019 result is always in little endian byte order, so that a byte-wise
1020 output yields to the wanted ASCII representation of the message
1021 digest. */
1022 void *
1023 md5_buffer (const char *buffer, size_t len, void *resblock)
1024 {
1025 struct md5_ctx ctx;
1026
1027 /* Initialize the computation context. */
1028 md5_init_ctx (&ctx);
1029
1030 /* Process whole buffer but last len % 64 bytes. */
1031 md5_process_bytes (buffer, len, &ctx);
1032
1033 /* Put result in desired memory area. */
1034 return md5_finish_ctx (&ctx, resblock);
1035 }
1036
1037
1038 void
1039 md5_process_bytes (const void *buffer, size_t len, struct md5_ctx *ctx)
1040 {
1041 /* When we already have some bits in our internal buffer concatenate
1042 both inputs first. */
1043 if (ctx->buflen != 0)
1044 {
1045 size_t left_over = ctx->buflen;
1046 size_t add = 128 - left_over > len ? len : 128 - left_over;
1047
1048 memcpy (&((char *) ctx->buffer)[left_over], buffer, add);
1049 ctx->buflen += add;
1050
1051 if (ctx->buflen > 64)
1052 {
1053 md5_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
1054
1055 ctx->buflen &= 63;
1056 /* The regions in the following copy operation cannot overlap. */
1057 memcpy (ctx->buffer,
1058 &((char *) ctx->buffer)[(left_over + add) & ~63],
1059 ctx->buflen);
1060 }
1061
1062 buffer = (const char *) buffer + add;
1063 len -= add;
1064 }
1065
1066 /* Process available complete blocks. */
1067 if (len >= 64)
1068 {
1069 #if !_STRING_ARCH_unaligned
1070 if (UNALIGNED_P (buffer))
1071 while (len > 64)
1072 {
1073 md5_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx);
1074 buffer = (const char *) buffer + 64;
1075 len -= 64;
1076 }
1077 else
1078 #endif
1079 {
1080 md5_process_block (buffer, len & ~63, ctx);
1081 buffer = (const char *) buffer + (len & ~63);
1082 len &= 63;
1083 }
1084 }
1085
1086 /* Move remaining bytes in internal buffer. */
1087 if (len > 0)
1088 {
1089 size_t left_over = ctx->buflen;
1090
1091 memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
1092 left_over += len;
1093 if (left_over >= 64)
1094 {
1095 md5_process_block (ctx->buffer, 64, ctx);
1096 left_over -= 64;
1097 memcpy (ctx->buffer, &ctx->buffer[16], left_over);
1098 }
1099 ctx->buflen = left_over;
1100 }
1101 }
1102
1103
1104 /* These are the four functions used in the four steps of the MD5 algorithm
1105 and defined in the RFC 1321. The first function is a little bit optimized
1106 (as found in Colin Plumbs public domain implementation). */
1107 /* #define FF(b, c, d) ((b & c) | (~b & d)) */
1108 #define FF(b, c, d) (d ^ (b & (c ^ d)))
1109 #define FG(b, c, d) FF (d, b, c)
1110 #define FH(b, c, d) (b ^ c ^ d)
1111 #define FI(b, c, d) (c ^ (b | ~d))
1112
1113 /* Process LEN bytes of BUFFER, accumulating context into CTX.
1114 It is assumed that LEN % 64 == 0. */
1115
1116 void
1117 md5_process_block (const void *buffer, size_t len, struct md5_ctx *ctx)
1118 {
1119 uint32_t correct_words[16];
1120 const uint32_t *words = buffer;
1121 size_t nwords = len / sizeof (uint32_t);
1122 const uint32_t *endp = words + nwords;
1123 uint32_t A = ctx->A;
1124 uint32_t B = ctx->B;
1125 uint32_t C = ctx->C;
1126 uint32_t D = ctx->D;
1127
1128 /* First increment the byte count. RFC 1321 specifies the possible
1129 length of the file up to 2^64 bits. Here we only compute the
1130 number of bytes. Do a double word increment. */
1131 ctx->total[0] += len;
1132 if (ctx->total[0] < len)
1133 ++ctx->total[1];
1134
1135 /* Process all bytes in the buffer with 64 bytes in each round of
1136 the loop. */
1137 while (words < endp)
1138 {
1139 uint32_t *cwp = correct_words;
1140 uint32_t A_save = A;
1141 uint32_t B_save = B;
1142 uint32_t C_save = C;
1143 uint32_t D_save = D;
1144
1145 /* First round: using the given function, the context and a constant
1146 the next context is computed. Because the algorithms processing
1147 unit is a 32-bit word and it is determined to work on words in
1148 little endian byte order we perhaps have to change the byte order
1149 before the computation. To reduce the work for the next steps
1150 we store the swapped words in the array CORRECT_WORDS. */
1151
1152 #define OP(a, b, c, d, s, T) \
1153 do \
1154 { \
1155 a += FF (b, c, d) + (*cwp++ = SWAP (*words)) + T; \
1156 ++words; \
1157 CYCLIC (a, s); \
1158 a += b; \
1159 } \
1160 while (0)
1161
1162 /* It is unfortunate that C does not provide an operator for
1163 cyclic rotation. Hope the C compiler is smart enough. */
1164 #define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s)))
1165
1166 /* Before we start, one word to the strange constants.
1167 They are defined in RFC 1321 as
1168
1169 T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64
1170
1171 Here is an equivalent invocation using Perl:
1172
1173 perl -e 'foreach(1..64){printf "0x%08x\n", int (4294967296 * abs (sin $_))}'
1174 */
1175
1176 /* Round 1. */
1177 OP (A, B, C, D, 7, 0xd76aa478);
1178 OP (D, A, B, C, 12, 0xe8c7b756);
1179 OP (C, D, A, B, 17, 0x242070db);
1180 OP (B, C, D, A, 22, 0xc1bdceee);
1181 OP (A, B, C, D, 7, 0xf57c0faf);
1182 OP (D, A, B, C, 12, 0x4787c62a);
1183 OP (C, D, A, B, 17, 0xa8304613);
1184 OP (B, C, D, A, 22, 0xfd469501);
1185 OP (A, B, C, D, 7, 0x698098d8);
1186 OP (D, A, B, C, 12, 0x8b44f7af);
1187 OP (C, D, A, B, 17, 0xffff5bb1);
1188 OP (B, C, D, A, 22, 0x895cd7be);
1189 OP (A, B, C, D, 7, 0x6b901122);
1190 OP (D, A, B, C, 12, 0xfd987193);
1191 OP (C, D, A, B, 17, 0xa679438e);
1192 OP (B, C, D, A, 22, 0x49b40821);
1193
1194 /* For the second to fourth round we have the possibly swapped words
1195 in CORRECT_WORDS. Redefine the macro to take an additional first
1196 argument specifying the function to use. */
1197 #undef OP
1198 #define OP(f, a, b, c, d, k, s, T) \
1199 do \
1200 { \
1201 a += f (b, c, d) + correct_words[k] + T; \
1202 CYCLIC (a, s); \
1203 a += b; \
1204 } \
1205 while (0)
1206
1207 /* Round 2. */
1208 OP (FG, A, B, C, D, 1, 5, 0xf61e2562);
1209 OP (FG, D, A, B, C, 6, 9, 0xc040b340);
1210 OP (FG, C, D, A, B, 11, 14, 0x265e5a51);
1211 OP (FG, B, C, D, A, 0, 20, 0xe9b6c7aa);
1212 OP (FG, A, B, C, D, 5, 5, 0xd62f105d);
1213 OP (FG, D, A, B, C, 10, 9, 0x02441453);
1214 OP (FG, C, D, A, B, 15, 14, 0xd8a1e681);
1215 OP (FG, B, C, D, A, 4, 20, 0xe7d3fbc8);
1216 OP (FG, A, B, C, D, 9, 5, 0x21e1cde6);
1217 OP (FG, D, A, B, C, 14, 9, 0xc33707d6);
1218 OP (FG, C, D, A, B, 3, 14, 0xf4d50d87);
1219 OP (FG, B, C, D, A, 8, 20, 0x455a14ed);
1220 OP (FG, A, B, C, D, 13, 5, 0xa9e3e905);
1221 OP (FG, D, A, B, C, 2, 9, 0xfcefa3f8);
1222 OP (FG, C, D, A, B, 7, 14, 0x676f02d9);
1223 OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a);
1224
1225 /* Round 3. */
1226 OP (FH, A, B, C, D, 5, 4, 0xfffa3942);
1227 OP (FH, D, A, B, C, 8, 11, 0x8771f681);
1228 OP (FH, C, D, A, B, 11, 16, 0x6d9d6122);
1229 OP (FH, B, C, D, A, 14, 23, 0xfde5380c);
1230 OP (FH, A, B, C, D, 1, 4, 0xa4beea44);
1231 OP (FH, D, A, B, C, 4, 11, 0x4bdecfa9);
1232 OP (FH, C, D, A, B, 7, 16, 0xf6bb4b60);
1233 OP (FH, B, C, D, A, 10, 23, 0xbebfbc70);
1234 OP (FH, A, B, C, D, 13, 4, 0x289b7ec6);
1235 OP (FH, D, A, B, C, 0, 11, 0xeaa127fa);
1236 OP (FH, C, D, A, B, 3, 16, 0xd4ef3085);
1237 OP (FH, B, C, D, A, 6, 23, 0x04881d05);
1238 OP (FH, A, B, C, D, 9, 4, 0xd9d4d039);
1239 OP (FH, D, A, B, C, 12, 11, 0xe6db99e5);
1240 OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8);
1241 OP (FH, B, C, D, A, 2, 23, 0xc4ac5665);
1242
1243 /* Round 4. */
1244 OP (FI, A, B, C, D, 0, 6, 0xf4292244);
1245 OP (FI, D, A, B, C, 7, 10, 0x432aff97);
1246 OP (FI, C, D, A, B, 14, 15, 0xab9423a7);
1247 OP (FI, B, C, D, A, 5, 21, 0xfc93a039);
1248 OP (FI, A, B, C, D, 12, 6, 0x655b59c3);
1249 OP (FI, D, A, B, C, 3, 10, 0x8f0ccc92);
1250 OP (FI, C, D, A, B, 10, 15, 0xffeff47d);
1251 OP (FI, B, C, D, A, 1, 21, 0x85845dd1);
1252 OP (FI, A, B, C, D, 8, 6, 0x6fa87e4f);
1253 OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0);
1254 OP (FI, C, D, A, B, 6, 15, 0xa3014314);
1255 OP (FI, B, C, D, A, 13, 21, 0x4e0811a1);
1256 OP (FI, A, B, C, D, 4, 6, 0xf7537e82);
1257 OP (FI, D, A, B, C, 11, 10, 0xbd3af235);
1258 OP (FI, C, D, A, B, 2, 15, 0x2ad7d2bb);
1259 OP (FI, B, C, D, A, 9, 21, 0xeb86d391);
1260
1261 /* Add the starting values of the context. */
1262 A += A_save;
1263 B += B_save;
1264 C += C_save;
1265 D += D_save;
1266 }
1267
1268 /* Put checksum in context given as argument. */
1269 ctx->A = A;
1270 ctx->B = B;
1271 ctx->C = C;
1272 ctx->D = D;
1273 }
1274
Fork of cntlm