]> git.saurik.com Git - apple/mdnsresponder.git/blob - mDNSCore/DNSDigest.c
projects / apple / mdnsresponder.git / blob
? search:


370e70643667434e6d467a79c8556936ea4b1e2a
[apple/mdnsresponder.git] / mDNSCore / DNSDigest.c
1 /*
2 * Copyright (c) 2002-2003 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved.
7 *
8 * This file contains Original Code and/or Modifications of Original Code
9 * as defined in and that are subject to the Apple Public Source License
10 * Version 2.0 (the 'License'). You may not use this file except in
11 * compliance with the License. Please obtain a copy of the License at
12 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * file.
14 *
15 * The Original Code and all software distributed under the License are
16 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
17 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
18 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
20 * Please see the License for the specific language governing rights and
21 * limitations under the License.
22 *
23 * @APPLE_LICENSE_HEADER_END@
24
25 Change History (most recent first):
26
27 $Log: DNSDigest.c,v $
28 Revision 1.6 2004/06/02 00:17:46 ksekar
29 Referenced original OpenSSL license headers in source file description.
30
31 Revision 1.5 2004/05/20 18:37:37 cheshire
32 Fix compiler warnings
33
34 Revision 1.4 2004/04/22 20:28:20 cheshire
35 Use existing facility of PutResourceRecordTTL() to update count field for us
36
37 Revision 1.3 2004/04/22 03:05:28 cheshire
38 kDNSClass_ANY should be kDNSQClass_ANY
39
40 Revision 1.2 2004/04/15 00:51:28 bradley
41 Minor tweaks for Windows and C++ builds. Added casts for signed/unsigned integers and 64-bit pointers.
42 Prefix some functions with mDNS to avoid conflicts. Disable benign warnings on Microsoft compilers.
43
44 Revision 1.1 2004/04/14 23:09:28 ksekar
45 Support for TSIG signed dynamic updates.
46
47
48
49 */
50
51
52 #ifdef __cplusplus
53 extern "C" {
54 #endif
55
56 #include "mDNSClientAPI.h"
57 #include "DNSCommon.h"
58
59 // Disable certain benign warnings with Microsoft compilers
60 #if(defined(_MSC_VER))
61 // Disable "conditional expression is constant" warning for debug macros.
62 // Otherwise, this generates warnings for the perfectly natural construct "while(1)"
63 // If someone knows a variant way of writing "while(1)" that doesn't generate warning messages, please let us know
64 #pragma warning(disable:4127)
65 #endif
66
67 // ***************************************************************************
68 #if COMPILER_LIKES_PRAGMA_MARK
69 #pragma mark - MD5 Hash Functions
70 #endif
71
72
73 /* The source for the has is derived CommonCrypto files CommonDigest.h, md32_common.h, md5_locl.h, md5_locl.h, and openssl/md5.h.
74 * The following changes have been made to the original sources:
75 * replaced CC_LONG w/ mDNSu32
76 * replaced CC_MD5* with MD5*
77 * replaced CC_LONG w/ mDNSu32, removed conditional #defines from md5.h
78 * removed extern decls for MD5_Init/Update/Final from CommonDigest.h
79 * removed APPLE_COMMON_DIGEST specific #defines from md5_locl.h
80 *
81 * Note: machine archetecure specific conditionals from the original sources are turned off, but are left in the code
82 * to aid in platform-specific optimizations and debugging.
83 * Sources originally distributed under the following license headers:
84 * CommonDigest.c - APSL
85 *
86 * md32_Common.h
87 * ====================================================================
88 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
89 *
90 * Redistribution and use in source and binary forms, with or without
91 * modification, are permitted provided that the following conditions
92 * are met:
93 *
94 * 1. Redistributions of source code must retain the above copyright
95 * notice, this list of conditions and the following disclaimer.
96 *
97 * 2. Redistributions in binary form must reproduce the above copyright
98 * notice, this list of conditions and the following disclaimer in
99 * the documentation and/or other materials provided with the
100 * distribution.
101 *
102 * 3. All advertising materials mentioning features or use of this
103 * software must display the following acknowledgment:
104 * "This product includes software developed by the OpenSSL Project
105 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
106 *
107 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
108 * endorse or promote products derived from this software without
109 * prior written permission. For written permission, please contact
110 * licensing@OpenSSL.org.
111 *
112 * 5. Products derived from this software may not be called "OpenSSL"
113 * nor may "OpenSSL" appear in their names without prior written
114 * permission of the OpenSSL Project.
115 *
116 * 6. Redistributions of any form whatsoever must retain the following
117 * acknowledgment:
118 * "This product includes software developed by the OpenSSL Project
119 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
120 *
121 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
122 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
123 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
124 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
125 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
126 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
127 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
128 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
129 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
130 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
131 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
132 * OF THE POSSIBILITY OF SUCH DAMAGE.
133 *
134 *
135 * md5_dgst.c, md5_locl.h
136 * ====================================================================
137 *
138 * This product includes cryptographic software written by Eric Young
139 * (eay@cryptsoft.com). This product includes software written by Tim
140 * Hudson (tjh@cryptsoft.com).
141 *
142 * Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
143 * All rights reserved.
144 *
145 * This package is an SSL implementation written
146 * by Eric Young (eay@cryptsoft.com).
147 * The implementation was written so as to conform with Netscapes SSL.
148 *
149 * This library is free for commercial and non-commercial use as long as
150 * the following conditions are aheared to. The following conditions
151 * apply to all code found in this distribution, be it the RC4, RSA,
152 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
153 * included with this distribution is covered by the same copyright terms
154 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
155 *
156 * Copyright remains Eric Young's, and as such any Copyright notices in
157 * the code are not to be removed.
158 * If this package is used in a product, Eric Young should be given attribution
159 * as the author of the parts of the library used.
160 * This can be in the form of a textual message at program startup or
161 * in documentation (online or textual) provided with the package.
162 *
163 * Redistribution and use in source and binary forms, with or without
164 * modification, are permitted provided that the following conditions
165 * are met:
166 * 1. Redistributions of source code must retain the copyright
167 * notice, this list of conditions and the following disclaimer.
168 * 2. Redistributions in binary form must reproduce the above copyright
169 * notice, this list of conditions and the following disclaimer in the
170 * documentation and/or other materials provided with the distribution.
171 * 3. All advertising materials mentioning features or use of this software
172 * must display the following acknowledgement:
173 * "This product includes cryptographic software written by
174 * Eric Young (eay@cryptsoft.com)"
175 * The word 'cryptographic' can be left out if the rouines from the library
176 * being used are not cryptographic related :-).
177 * 4. If you include any Windows specific code (or a derivative thereof) from
178 * the apps directory (application code) you must include an acknowledgement:
179 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
180 *
181 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
182 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
183 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
184 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
185 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
186 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
187 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
188 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
189 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
190 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
191 * SUCH DAMAGE.
192 *
193 * The licence and distribution terms for any publically available version or
194 * derivative of this code cannot be changed. i.e. this code cannot simply be
195 * copied and put under another distribution licence
196 * [including the GNU Public Licence.]
197 *
198 */
199
200 //from CommonDigest.h
201
202 #define MD5_DIGEST_LENGTH 16 /* digest length in bytes */
203 #define MD5_BLOCK_BYTES 64 /* block size in bytes */
204 #define MD5_BLOCK_LONG (MD5_BLOCK_BYTES / sizeof(mDNSu32))
205
206 typedef struct MD5state_st
207 {
208 mDNSu32 A,B,C,D;
209 mDNSu32 Nl,Nh;
210 mDNSu32 data[MD5_BLOCK_LONG];
211 int num;
212 } MD5_CTX;
213
214
215 // from openssl/md5.h
216
217 #define MD5_CBLOCK 64
218 #define MD5_LBLOCK (MD5_CBLOCK/4)
219 #define MD5_DIGEST_LENGTH 16
220
221 int MD5_Init(MD5_CTX *c);
222 int MD5_Update(MD5_CTX *c, const void *data, unsigned long len);
223 int MD5_Final(unsigned char *md, MD5_CTX *c);
224 void MD5_Transform(MD5_CTX *c, const unsigned char *b);
225
226 // From md5_locl.h
227
228 #ifndef MD5_LONG_LOG2
229 #define MD5_LONG_LOG2 2 /* default to 32 bits */
230 #endif
231
232 #ifdef MD5_ASM
233 # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
234 # define md5_block_host_order md5_block_asm_host_order
235 # elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC)
236 void md5_block_asm_data_order_aligned (MD5_CTX *c, const mDNSu32 *p,int num);
237 # define HASH_BLOCK_DATA_ORDER_ALIGNED md5_block_asm_data_order_aligned
238 # endif
239 #endif
240
241 void md5_block_host_order (MD5_CTX *c, const void *p,int num);
242 void md5_block_data_order (MD5_CTX *c, const void *p,int num);
243
244 #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
245 /*
246 * *_block_host_order is expected to handle aligned data while
247 * *_block_data_order - unaligned. As algorithm and host (x86)
248 * are in this case of the same "endianness" these two are
249 * otherwise indistinguishable. But normally you don't want to
250 * call the same function because unaligned access in places
251 * where alignment is expected is usually a "Bad Thing". Indeed,
252 * on RISCs you get punished with BUS ERROR signal or *severe*
253 * performance degradation. Intel CPUs are in turn perfectly
254 * capable of loading unaligned data without such drastic side
255 * effect. Yes, they say it's slower than aligned load, but no
256 * exception is generated and therefore performance degradation
257 * is *incomparable* with RISCs. What we should weight here is
258 * costs of unaligned access against costs of aligning data.
259 * According to my measurements allowing unaligned access results
260 * in ~9% performance improvement on Pentium II operating at
261 * 266MHz. I won't be surprised if the difference will be higher
262 * on faster systems:-)
263 *
264 * <appro@fy.chalmers.se>
265 */
266 #define md5_block_data_order md5_block_host_order
267 #endif
268
269 #define DATA_ORDER_IS_LITTLE_ENDIAN
270
271 #define HASH_LONG mDNSu32
272 #define HASH_LONG_LOG2 MD5_LONG_LOG2
273 #define HASH_CTX MD5_CTX
274 #define HASH_CBLOCK MD5_CBLOCK
275 #define HASH_LBLOCK MD5_LBLOCK
276
277 #define HASH_UPDATE MD5_Update
278 #define HASH_TRANSFORM MD5_Transform
279 #define HASH_FINAL MD5_Final
280
281 #define HASH_MAKE_STRING(c,s) do { \
282 unsigned long ll; \
283 ll=(c)->A; HOST_l2c(ll,(s)); \
284 ll=(c)->B; HOST_l2c(ll,(s)); \
285 ll=(c)->C; HOST_l2c(ll,(s)); \
286 ll=(c)->D; HOST_l2c(ll,(s)); \
287 } while (0)
288 #define HASH_BLOCK_HOST_ORDER md5_block_host_order
289 #if !defined(L_ENDIAN) || defined(md5_block_data_order)
290 #define HASH_BLOCK_DATA_ORDER md5_block_data_order
291 /*
292 * Little-endians (Intel and Alpha) feel better without this.
293 * It looks like memcpy does better job than generic
294 * md5_block_data_order on copying-n-aligning input data.
295 * But frankly speaking I didn't expect such result on Alpha.
296 * On the other hand I've got this with egcs-1.0.2 and if
297 * program is compiled with another (better?) compiler it
298 * might turn out other way around.
299 *
300 * <appro@fy.chalmers.se>
301 */
302 #endif
303
304
305 // from md32_common.h
306
307 /*
308 * This is a generic 32 bit "collector" for message digest algorithms.
309 * Whenever needed it collects input character stream into chunks of
310 * 32 bit values and invokes a block function that performs actual hash
311 * calculations.
312 *
313 * Porting guide.
314 *
315 * Obligatory macros:
316 *
317 * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
318 * this macro defines byte order of input stream.
319 * HASH_CBLOCK
320 * size of a unit chunk HASH_BLOCK operates on.
321 * HASH_LONG
322 * has to be at lest 32 bit wide, if it's wider, then
323 * HASH_LONG_LOG2 *has to* be defined along
324 * HASH_CTX
325 * context structure that at least contains following
326 * members:
327 * typedef struct {
328 * ...
329 * HASH_LONG Nl,Nh;
330 * HASH_LONG data[HASH_LBLOCK];
331 * int num;
332 * ...
333 * } HASH_CTX;
334 * HASH_UPDATE
335 * name of "Update" function, implemented here.
336 * HASH_TRANSFORM
337 * name of "Transform" function, implemented here.
338 * HASH_FINAL
339 * name of "Final" function, implemented here.
340 * HASH_BLOCK_HOST_ORDER
341 * name of "block" function treating *aligned* input message
342 * in host byte order, implemented externally.
343 * HASH_BLOCK_DATA_ORDER
344 * name of "block" function treating *unaligned* input message
345 * in original (data) byte order, implemented externally (it
346 * actually is optional if data and host are of the same
347 * "endianess").
348 * HASH_MAKE_STRING
349 * macro convering context variables to an ASCII hash string.
350 *
351 * Optional macros:
352 *
353 * B_ENDIAN or L_ENDIAN
354 * defines host byte-order.
355 * HASH_LONG_LOG2
356 * defaults to 2 if not states otherwise.
357 * HASH_LBLOCK
358 * assumed to be HASH_CBLOCK/4 if not stated otherwise.
359 * HASH_BLOCK_DATA_ORDER_ALIGNED
360 * alternative "block" function capable of treating
361 * aligned input message in original (data) order,
362 * implemented externally.
363 *
364 * MD5 example:
365 *
366 * #define DATA_ORDER_IS_LITTLE_ENDIAN
367 *
368 * #define HASH_LONG mDNSu32
369 * #define HASH_LONG_LOG2 mDNSu32_LOG2
370 * #define HASH_CTX MD5_CTX
371 * #define HASH_CBLOCK MD5_CBLOCK
372 * #define HASH_LBLOCK MD5_LBLOCK
373 * #define HASH_UPDATE MD5_Update
374 * #define HASH_TRANSFORM MD5_Transform
375 * #define HASH_FINAL MD5_Final
376 * #define HASH_BLOCK_HOST_ORDER md5_block_host_order
377 * #define HASH_BLOCK_DATA_ORDER md5_block_data_order
378 *
379 * <appro@fy.chalmers.se>
380 */
381
382 #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
383 #error "DATA_ORDER must be defined!"
384 #endif
385
386 #ifndef HASH_CBLOCK
387 #error "HASH_CBLOCK must be defined!"
388 #endif
389 #ifndef HASH_LONG
390 #error "HASH_LONG must be defined!"
391 #endif
392 #ifndef HASH_CTX
393 #error "HASH_CTX must be defined!"
394 #endif
395
396 #ifndef HASH_UPDATE
397 #error "HASH_UPDATE must be defined!"
398 #endif
399 #ifndef HASH_TRANSFORM
400 #error "HASH_TRANSFORM must be defined!"
401 #endif
402 #ifndef HASH_FINAL
403 #error "HASH_FINAL must be defined!"
404 #endif
405
406 #ifndef HASH_BLOCK_HOST_ORDER
407 #error "HASH_BLOCK_HOST_ORDER must be defined!"
408 #endif
409
410 #if 0
411 /*
412 * Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED
413 * isn't defined.
414 */
415 #ifndef HASH_BLOCK_DATA_ORDER
416 #error "HASH_BLOCK_DATA_ORDER must be defined!"
417 #endif
418 #endif
419
420 #ifndef HASH_LBLOCK
421 #define HASH_LBLOCK (HASH_CBLOCK/4)
422 #endif
423
424 #ifndef HASH_LONG_LOG2
425 #define HASH_LONG_LOG2 2
426 #endif
427
428 /*
429 * Engage compiler specific rotate intrinsic function if available.
430 */
431 #undef ROTATE
432 #ifndef PEDANTIC
433 # if 0 /* defined(_MSC_VER) */
434 # define ROTATE(a,n) _lrotl(a,n)
435 # elif defined(__MWERKS__)
436 # if defined(__POWERPC__)
437 # define ROTATE(a,n) (unsigned MD32_REG_T)__rlwinm((int)a,n,0,31)
438 # elif defined(__MC68K__)
439 /* Motorola specific tweak. <appro@fy.chalmers.se> */
440 # define ROTATE(a,n) ( n<24 ? __rol(a,n) : __ror(a,32-n) )
441 # else
442 # define ROTATE(a,n) __rol(a,n)
443 # endif
444 # elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
445 /*
446 * Some GNU C inline assembler templates. Note that these are
447 * rotates by *constant* number of bits! But that's exactly
448 * what we need here...
449 *
450 * <appro@fy.chalmers.se>
451 */
452 # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
453 # define ROTATE(a,n) ({ register unsigned int ret; \
454 asm ( \
455 "roll %1,%0" \
456 : "=r"(ret) \
457 : "I"(n), "0"(a) \
458 : "cc"); \
459 ret; \
460 })
461 # elif defined(__powerpc) || defined(__ppc)
462 # define ROTATE(a,n) ({ register unsigned int ret; \
463 asm ( \
464 "rlwinm %0,%1,%2,0,31" \
465 : "=r"(ret) \
466 : "r"(a), "I"(n)); \
467 ret; \
468 })
469 # endif
470 # endif
471
472 /*
473 * Engage compiler specific "fetch in reverse byte order"
474 * intrinsic function if available.
475 */
476 # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
477 /* some GNU C inline assembler templates by <appro@fy.chalmers.se> */
478 # if (defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)) && !defined(I386_ONLY)
479 # define BE_FETCH32(a) ({ register unsigned int l=(a);\
480 asm ( \
481 "bswapl %0" \
482 : "=r"(l) : "0"(l)); \
483 l; \
484 })
485 # elif defined(__powerpc)
486 # define LE_FETCH32(a) ({ register unsigned int l; \
487 asm ( \
488 "lwbrx %0,0,%1" \
489 : "=r"(l) \
490 : "r"(a)); \
491 l; \
492 })
493
494 # elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC)
495 # define LE_FETCH32(a) ({ register unsigned int l; \
496 asm ( \
497 "lda [%1]#ASI_PRIMARY_LITTLE,%0"\
498 : "=r"(l) \
499 : "r"(a)); \
500 l; \
501 })
502 # endif
503 # endif
504 #endif /* PEDANTIC */
505
506 #if HASH_LONG_LOG2==2 /* Engage only if sizeof(HASH_LONG)== 4 */
507 /* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
508 #ifdef ROTATE
509 /* 5 instructions with rotate instruction, else 9 */
510 #define REVERSE_FETCH32(a,l) ( \
511 l=*(const HASH_LONG *)(a), \
512 ((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24))) \
513 )
514 #else
515 /* 6 instructions with rotate instruction, else 8 */
516 #define REVERSE_FETCH32(a,l) ( \
517 l=*(const HASH_LONG *)(a), \
518 l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)), \
519 ROTATE(l,16) \
520 )
521 /*
522 * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|...
523 * It's rewritten as above for two reasons:
524 * - RISCs aren't good at long constants and have to explicitely
525 * compose 'em with several (well, usually 2) instructions in a
526 * register before performing the actual operation and (as you
527 * already realized:-) having same constant should inspire the
528 * compiler to permanently allocate the only register for it;
529 * - most modern CPUs have two ALUs, but usually only one has
530 * circuitry for shifts:-( this minor tweak inspires compiler
531 * to schedule shift instructions in a better way...
532 *
533 * <appro@fy.chalmers.se>
534 */
535 #endif
536 #endif
537
538 #ifndef ROTATE
539 #define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
540 #endif
541
542 /*
543 * Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED
544 * and HASH_BLOCK_HOST_ORDER ought to be the same if input data
545 * and host are of the same "endianess". It's possible to mask
546 * this with blank #define HASH_BLOCK_DATA_ORDER though...
547 *
548 * <appro@fy.chalmers.se>
549 */
550 #if defined(B_ENDIAN)
551 # if defined(DATA_ORDER_IS_BIG_ENDIAN)
552 # if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
553 # define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER
554 # endif
555 # elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
556 # ifndef HOST_FETCH32
557 # ifdef LE_FETCH32
558 # define HOST_FETCH32(p,l) LE_FETCH32(p)
559 # elif defined(REVERSE_FETCH32)
560 # define HOST_FETCH32(p,l) REVERSE_FETCH32(p,l)
561 # endif
562 # endif
563 # endif
564 #elif defined(L_ENDIAN)
565 # if defined(DATA_ORDER_IS_LITTLE_ENDIAN)
566 # if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
567 # define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER
568 # endif
569 # elif defined(DATA_ORDER_IS_BIG_ENDIAN)
570 # ifndef HOST_FETCH32
571 # ifdef BE_FETCH32
572 # define HOST_FETCH32(p,l) BE_FETCH32(p)
573 # elif defined(REVERSE_FETCH32)
574 # define HOST_FETCH32(p,l) REVERSE_FETCH32(p,l)
575 # endif
576 # endif
577 # endif
578 #endif
579
580 #if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
581 #ifndef HASH_BLOCK_DATA_ORDER
582 #error "HASH_BLOCK_DATA_ORDER must be defined!"
583 #endif
584 #endif
585
586 #if defined(DATA_ORDER_IS_BIG_ENDIAN)
587
588 #define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \
589 l|=(((unsigned long)(*((c)++)))<<16), \
590 l|=(((unsigned long)(*((c)++)))<< 8), \
591 l|=(((unsigned long)(*((c)++))) ), \
592 l)
593 #define HOST_p_c2l(c,l,n) { \
594 switch (n) { \
595 case 0: l =((unsigned long)(*((c)++)))<<24; \
596 case 1: l|=((unsigned long)(*((c)++)))<<16; \
597 case 2: l|=((unsigned long)(*((c)++)))<< 8; \
598 case 3: l|=((unsigned long)(*((c)++))); \
599 } }
600 #define HOST_p_c2l_p(c,l,sc,len) { \
601 switch (sc) { \
602 case 0: l =((unsigned long)(*((c)++)))<<24; \
603 if (--len == 0) break; \
604 case 1: l|=((unsigned long)(*((c)++)))<<16; \
605 if (--len == 0) break; \
606 case 2: l|=((unsigned long)(*((c)++)))<< 8; \
607 } }
608 /* NOTE the pointer is not incremented at the end of this */
609 #define HOST_c2l_p(c,l,n) { \
610 l=0; (c)+=n; \
611 switch (n) { \
612 case 3: l =((unsigned long)(*(--(c))))<< 8; \
613 case 2: l|=((unsigned long)(*(--(c))))<<16; \
614 case 1: l|=((unsigned long)(*(--(c))))<<24; \
615 } }
616 #define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
617 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
618 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
619 *((c)++)=(unsigned char)(((l) )&0xff), \
620 l)
621
622 #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
623
624 #define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
625 l|=(((unsigned long)(*((c)++)))<< 8), \
626 l|=(((unsigned long)(*((c)++)))<<16), \
627 l|=(((unsigned long)(*((c)++)))<<24), \
628 l)
629 #define HOST_p_c2l(c,l,n) { \
630 switch (n) { \
631 case 0: l =((unsigned long)(*((c)++))); \
632 case 1: l|=((unsigned long)(*((c)++)))<< 8; \
633 case 2: l|=((unsigned long)(*((c)++)))<<16; \
634 case 3: l|=((unsigned long)(*((c)++)))<<24; \
635 } }
636 #define HOST_p_c2l_p(c,l,sc,len) { \
637 switch (sc) { \
638 case 0: l =((unsigned long)(*((c)++))); \
639 if (--len == 0) break; \
640 case 1: l|=((unsigned long)(*((c)++)))<< 8; \
641 if (--len == 0) break; \
642 case 2: l|=((unsigned long)(*((c)++)))<<16; \
643 } }
644 /* NOTE the pointer is not incremented at the end of this */
645 #define HOST_c2l_p(c,l,n) { \
646 l=0; (c)+=n; \
647 switch (n) { \
648 case 3: l =((unsigned long)(*(--(c))))<<16; \
649 case 2: l|=((unsigned long)(*(--(c))))<< 8; \
650 case 1: l|=((unsigned long)(*(--(c)))); \
651 } }
652 #define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
653 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
654 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
655 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
656 l)
657
658 #endif
659
660 /*
661 * Time for some action:-)
662 */
663
664 int HASH_UPDATE (HASH_CTX *c, const void *data_, mDNSu32 len)
665 {
666 const unsigned char *data=(const unsigned char *)data_;
667 register HASH_LONG * p;
668 register unsigned long l;
669 int sw,sc,ew,ec;
670
671 if (len==0) return 1;
672
673 l=(c->Nl+(len<<3))&0xffffffffL;
674 /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
675 * Wei Dai <weidai@eskimo.com> for pointing it out. */
676 if (l < c->Nl) /* overflow */
677 c->Nh++;
678 c->Nh+=(len>>29);
679 c->Nl=l;
680
681 if (c->num != 0)
682 {
683 p=c->data;
684 sw=c->num>>2;
685 sc=c->num&0x03;
686
687 if ((c->num+len) >= HASH_CBLOCK)
688 {
689 l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l;
690 for (; sw<HASH_LBLOCK; sw++)
691 {
692 HOST_c2l(data,l); p[sw]=l;
693 }
694 HASH_BLOCK_HOST_ORDER (c,p,1);
695 len-=(HASH_CBLOCK-c->num);
696 c->num=0;
697 /* drop through and do the rest */
698 }
699 else
700 {
701 c->num+=len;
702 if ((sc+len) < 4) /* ugly, add char's to a word */
703 {
704 l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l;
705 }
706 else
707 {
708 ew=(c->num>>2);
709 ec=(c->num&0x03);
710 if (sc)
711 l=p[sw];
712 HOST_p_c2l(data,l,sc);
713 p[sw++]=l;
714 for (; sw < ew; sw++)
715 {
716 HOST_c2l(data,l); p[sw]=l;
717 }
718 if (ec)
719 {
720 HOST_c2l_p(data,l,ec); p[sw]=l;
721 }
722 }
723 return 1;
724 }
725 }
726
727 sw=(int)(len/HASH_CBLOCK);
728 if (sw > 0)
729 {
730 #if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
731 /*
732 * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined
733 * only if sizeof(HASH_LONG)==4.
734 */
735 if ((((unsigned long)data)%4) == 0)
736 {
737 /* data is properly aligned so that we can cast it: */
738 HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,sw);
739 sw*=HASH_CBLOCK;
740 data+=sw;
741 len-=sw;
742 }
743 else
744 #if !defined(HASH_BLOCK_DATA_ORDER)
745 while (sw--)
746 {
747 memcpy (p=c->data,data,HASH_CBLOCK);
748 HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1);
749 data+=HASH_CBLOCK;
750 len-=HASH_CBLOCK;
751 }
752 #endif
753 #endif
754 #if defined(HASH_BLOCK_DATA_ORDER)
755 {
756 HASH_BLOCK_DATA_ORDER(c,data,sw);
757 sw*=HASH_CBLOCK;
758 data+=sw;
759 len-=sw;
760 }
761 #endif
762 }
763
764 if (len!=0)
765 {
766 p = c->data;
767 c->num = (int)len;
768 ew=(int)(len>>2); /* words to copy */
769 ec=(int)(len&0x03);
770 for (; ew; ew--,p++)
771 {
772 HOST_c2l(data,l); *p=l;
773 }
774 HOST_c2l_p(data,l,ec);
775 *p=l;
776 }
777 return 1;
778 }
779
780
781 void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data)
782 {
783 #if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
784 if ((((unsigned long)data)%4) == 0)
785 /* data is properly aligned so that we can cast it: */
786 HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,1);
787 else
788 #if !defined(HASH_BLOCK_DATA_ORDER)
789 {
790 memcpy (c->data,data,HASH_CBLOCK);
791 HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1);
792 }
793 #endif
794 #endif
795 #if defined(HASH_BLOCK_DATA_ORDER)
796 HASH_BLOCK_DATA_ORDER (c,data,1);
797 #endif
798 }
799
800
801 int HASH_FINAL (unsigned char *md, HASH_CTX *c)
802 {
803 register HASH_LONG *p;
804 register unsigned long l;
805 register int i,j;
806 static const unsigned char end[4]={0x80,0x00,0x00,0x00};
807 const unsigned char *cp=end;
808
809 /* c->num should definitly have room for at least one more byte. */
810 p=c->data;
811 i=c->num>>2;
812 j=c->num&0x03;
813
814 #if 0
815 /* purify often complains about the following line as an
816 * Uninitialized Memory Read. While this can be true, the
817 * following p_c2l macro will reset l when that case is true.
818 * This is because j&0x03 contains the number of 'valid' bytes
819 * already in p[i]. If and only if j&0x03 == 0, the UMR will
820 * occur but this is also the only time p_c2l will do
821 * l= *(cp++) instead of l|= *(cp++)
822 * Many thanks to Alex Tang <altitude@cic.net> for pickup this
823 * 'potential bug' */
824 #ifdef PURIFY
825 if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */
826 #endif
827 l=p[i];
828 #else
829 l = (j==0) ? 0 : p[i];
830 #endif
831 HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */
832
833 if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */
834 {
835 if (i<HASH_LBLOCK) p[i]=0;
836 HASH_BLOCK_HOST_ORDER (c,p,1);
837 i=0;
838 }
839 for (; i<(HASH_LBLOCK-2); i++)
840 p[i]=0;
841
842 #if defined(DATA_ORDER_IS_BIG_ENDIAN)
843 p[HASH_LBLOCK-2]=c->Nh;
844 p[HASH_LBLOCK-1]=c->Nl;
845 #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
846 p[HASH_LBLOCK-2]=c->Nl;
847 p[HASH_LBLOCK-1]=c->Nh;
848 #endif
849 HASH_BLOCK_HOST_ORDER (c,p,1);
850
851 #ifndef HASH_MAKE_STRING
852 #error "HASH_MAKE_STRING must be defined!"
853 #else
854 HASH_MAKE_STRING(c,md);
855 #endif
856
857 c->num=0;
858 /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
859 * but I'm not worried :-)
860 OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
861 */
862 return 1;
863 }
864
865 #ifndef MD32_REG_T
866 #define MD32_REG_T long
867 /*
868 * This comment was originaly written for MD5, which is why it
869 * discusses A-D. But it basically applies to all 32-bit digests,
870 * which is why it was moved to common header file.
871 *
872 * In case you wonder why A-D are declared as long and not
873 * as mDNSu32. Doing so results in slight performance
874 * boost on LP64 architectures. The catch is we don't
875 * really care if 32 MSBs of a 64-bit register get polluted
876 * with eventual overflows as we *save* only 32 LSBs in
877 * *either* case. Now declaring 'em long excuses the compiler
878 * from keeping 32 MSBs zeroed resulting in 13% performance
879 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
880 * Well, to be honest it should say that this *prevents*
881 * performance degradation.
882 * <appro@fy.chalmers.se>
883 * Apparently there're LP64 compilers that generate better
884 * code if A-D are declared int. Most notably GCC-x86_64
885 * generates better code.
886 * <appro@fy.chalmers.se>
887 */
888 #endif
889
890
891 // from md5_locl.h (continued)
892
893 /*
894 #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
895 #define G(x,y,z) (((x) & (z)) | ((y) & (~(z))))
896 */
897
898 /* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
899 * simplified to the code below. Wei attributes these optimizations
900 * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
901 */
902 #define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d))
903 #define G(b,c,d) ((((b) ^ (c)) & (d)) ^ (c))
904 #define H(b,c,d) ((b) ^ (c) ^ (d))
905 #define I(b,c,d) (((~(d)) | (b)) ^ (c))
906
907 #define R0(a,b,c,d,k,s,t) { \
908 a+=((k)+(t)+F((b),(c),(d))); \
909 a=ROTATE(a,s); \
910 a+=b; };\
911
912 #define R1(a,b,c,d,k,s,t) { \
913 a+=((k)+(t)+G((b),(c),(d))); \
914 a=ROTATE(a,s); \
915 a+=b; };
916
917 #define R2(a,b,c,d,k,s,t) { \
918 a+=((k)+(t)+H((b),(c),(d))); \
919 a=ROTATE(a,s); \
920 a+=b; };
921
922 #define R3(a,b,c,d,k,s,t) { \
923 a+=((k)+(t)+I((b),(c),(d))); \
924 a=ROTATE(a,s); \
925 a+=b; };
926
927 // from md5_dgst.c
928
929
930 /* Implemented from RFC1321 The MD5 Message-Digest Algorithm
931 */
932
933 #define INIT_DATA_A (unsigned long)0x67452301L
934 #define INIT_DATA_B (unsigned long)0xefcdab89L
935 #define INIT_DATA_C (unsigned long)0x98badcfeL
936 #define INIT_DATA_D (unsigned long)0x10325476L
937
938 int MD5_Init(MD5_CTX *c)
939 {
940 c->A=INIT_DATA_A;
941 c->B=INIT_DATA_B;
942 c->C=INIT_DATA_C;
943 c->D=INIT_DATA_D;
944 c->Nl=0;
945 c->Nh=0;
946 c->num=0;
947 return 1;
948 }
949
950 #ifndef md5_block_host_order
951 void md5_block_host_order (MD5_CTX *c, const void *data, int num)
952 {
953 const mDNSu32 *X=(const mDNSu32 *)data;
954 register unsigned MD32_REG_T A,B,C,D;
955
956 A=c->A;
957 B=c->B;
958 C=c->C;
959 D=c->D;
960
961 for (;num--;X+=HASH_LBLOCK)
962 {
963 /* Round 0 */
964 R0(A,B,C,D,X[ 0], 7,0xd76aa478L);
965 R0(D,A,B,C,X[ 1],12,0xe8c7b756L);
966 R0(C,D,A,B,X[ 2],17,0x242070dbL);
967 R0(B,C,D,A,X[ 3],22,0xc1bdceeeL);
968 R0(A,B,C,D,X[ 4], 7,0xf57c0fafL);
969 R0(D,A,B,C,X[ 5],12,0x4787c62aL);
970 R0(C,D,A,B,X[ 6],17,0xa8304613L);
971 R0(B,C,D,A,X[ 7],22,0xfd469501L);
972 R0(A,B,C,D,X[ 8], 7,0x698098d8L);
973 R0(D,A,B,C,X[ 9],12,0x8b44f7afL);
974 R0(C,D,A,B,X[10],17,0xffff5bb1L);
975 R0(B,C,D,A,X[11],22,0x895cd7beL);
976 R0(A,B,C,D,X[12], 7,0x6b901122L);
977 R0(D,A,B,C,X[13],12,0xfd987193L);
978 R0(C,D,A,B,X[14],17,0xa679438eL);
979 R0(B,C,D,A,X[15],22,0x49b40821L);
980 /* Round 1 */
981 R1(A,B,C,D,X[ 1], 5,0xf61e2562L);
982 R1(D,A,B,C,X[ 6], 9,0xc040b340L);
983 R1(C,D,A,B,X[11],14,0x265e5a51L);
984 R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL);
985 R1(A,B,C,D,X[ 5], 5,0xd62f105dL);
986 R1(D,A,B,C,X[10], 9,0x02441453L);
987 R1(C,D,A,B,X[15],14,0xd8a1e681L);
988 R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L);
989 R1(A,B,C,D,X[ 9], 5,0x21e1cde6L);
990 R1(D,A,B,C,X[14], 9,0xc33707d6L);
991 R1(C,D,A,B,X[ 3],14,0xf4d50d87L);
992 R1(B,C,D,A,X[ 8],20,0x455a14edL);
993 R1(A,B,C,D,X[13], 5,0xa9e3e905L);
994 R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L);
995 R1(C,D,A,B,X[ 7],14,0x676f02d9L);
996 R1(B,C,D,A,X[12],20,0x8d2a4c8aL);
997 /* Round 2 */
998 R2(A,B,C,D,X[ 5], 4,0xfffa3942L);
999 R2(D,A,B,C,X[ 8],11,0x8771f681L);
1000 R2(C,D,A,B,X[11],16,0x6d9d6122L);
1001 R2(B,C,D,A,X[14],23,0xfde5380cL);
1002 R2(A,B,C,D,X[ 1], 4,0xa4beea44L);
1003 R2(D,A,B,C,X[ 4],11,0x4bdecfa9L);
1004 R2(C,D,A,B,X[ 7],16,0xf6bb4b60L);
1005 R2(B,C,D,A,X[10],23,0xbebfbc70L);
1006 R2(A,B,C,D,X[13], 4,0x289b7ec6L);
1007 R2(D,A,B,C,X[ 0],11,0xeaa127faL);
1008 R2(C,D,A,B,X[ 3],16,0xd4ef3085L);
1009 R2(B,C,D,A,X[ 6],23,0x04881d05L);
1010 R2(A,B,C,D,X[ 9], 4,0xd9d4d039L);
1011 R2(D,A,B,C,X[12],11,0xe6db99e5L);
1012 R2(C,D,A,B,X[15],16,0x1fa27cf8L);
1013 R2(B,C,D,A,X[ 2],23,0xc4ac5665L);
1014 /* Round 3 */
1015 R3(A,B,C,D,X[ 0], 6,0xf4292244L);
1016 R3(D,A,B,C,X[ 7],10,0x432aff97L);
1017 R3(C,D,A,B,X[14],15,0xab9423a7L);
1018 R3(B,C,D,A,X[ 5],21,0xfc93a039L);
1019 R3(A,B,C,D,X[12], 6,0x655b59c3L);
1020 R3(D,A,B,C,X[ 3],10,0x8f0ccc92L);
1021 R3(C,D,A,B,X[10],15,0xffeff47dL);
1022 R3(B,C,D,A,X[ 1],21,0x85845dd1L);
1023 R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL);
1024 R3(D,A,B,C,X[15],10,0xfe2ce6e0L);
1025 R3(C,D,A,B,X[ 6],15,0xa3014314L);
1026 R3(B,C,D,A,X[13],21,0x4e0811a1L);
1027 R3(A,B,C,D,X[ 4], 6,0xf7537e82L);
1028 R3(D,A,B,C,X[11],10,0xbd3af235L);
1029 R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL);
1030 R3(B,C,D,A,X[ 9],21,0xeb86d391L);
1031
1032 A = c->A += A;
1033 B = c->B += B;
1034 C = c->C += C;
1035 D = c->D += D;
1036 }
1037 }
1038 #endif
1039
1040 #ifndef md5_block_data_order
1041 #ifdef X
1042 #undef X
1043 #endif
1044 void md5_block_data_order (MD5_CTX *c, const void *data_, int num)
1045 {
1046 const unsigned char *data=data_;
1047 register unsigned MD32_REG_T A,B,C,D,l;
1048 #ifndef MD32_XARRAY
1049 /* See comment in crypto/sha/sha_locl.h for details. */
1050 unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
1051 XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
1052 # define X(i) XX##i
1053 #else
1054 mDNSu32 XX[MD5_LBLOCK];
1055 # define X(i) XX[i]
1056 #endif
1057
1058 A=c->A;
1059 B=c->B;
1060 C=c->C;
1061 D=c->D;
1062
1063 for (;num--;)
1064 {
1065 HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l;
1066 /* Round 0 */
1067 R0(A,B,C,D,X( 0), 7,0xd76aa478L); HOST_c2l(data,l); X( 2)=l;
1068 R0(D,A,B,C,X( 1),12,0xe8c7b756L); HOST_c2l(data,l); X( 3)=l;
1069 R0(C,D,A,B,X( 2),17,0x242070dbL); HOST_c2l(data,l); X( 4)=l;
1070 R0(B,C,D,A,X( 3),22,0xc1bdceeeL); HOST_c2l(data,l); X( 5)=l;
1071 R0(A,B,C,D,X( 4), 7,0xf57c0fafL); HOST_c2l(data,l); X( 6)=l;
1072 R0(D,A,B,C,X( 5),12,0x4787c62aL); HOST_c2l(data,l); X( 7)=l;
1073 R0(C,D,A,B,X( 6),17,0xa8304613L); HOST_c2l(data,l); X( 8)=l;
1074 R0(B,C,D,A,X( 7),22,0xfd469501L); HOST_c2l(data,l); X( 9)=l;
1075 R0(A,B,C,D,X( 8), 7,0x698098d8L); HOST_c2l(data,l); X(10)=l;
1076 R0(D,A,B,C,X( 9),12,0x8b44f7afL); HOST_c2l(data,l); X(11)=l;
1077 R0(C,D,A,B,X(10),17,0xffff5bb1L); HOST_c2l(data,l); X(12)=l;
1078 R0(B,C,D,A,X(11),22,0x895cd7beL); HOST_c2l(data,l); X(13)=l;
1079 R0(A,B,C,D,X(12), 7,0x6b901122L); HOST_c2l(data,l); X(14)=l;
1080 R0(D,A,B,C,X(13),12,0xfd987193L); HOST_c2l(data,l); X(15)=l;
1081 R0(C,D,A,B,X(14),17,0xa679438eL);
1082 R0(B,C,D,A,X(15),22,0x49b40821L);
1083 /* Round 1 */
1084 R1(A,B,C,D,X( 1), 5,0xf61e2562L);
1085 R1(D,A,B,C,X( 6), 9,0xc040b340L);
1086 R1(C,D,A,B,X(11),14,0x265e5a51L);
1087 R1(B,C,D,A,X( 0),20,0xe9b6c7aaL);
1088 R1(A,B,C,D,X( 5), 5,0xd62f105dL);
1089 R1(D,A,B,C,X(10), 9,0x02441453L);
1090 R1(C,D,A,B,X(15),14,0xd8a1e681L);
1091 R1(B,C,D,A,X( 4),20,0xe7d3fbc8L);
1092 R1(A,B,C,D,X( 9), 5,0x21e1cde6L);
1093 R1(D,A,B,C,X(14), 9,0xc33707d6L);
1094 R1(C,D,A,B,X( 3),14,0xf4d50d87L);
1095 R1(B,C,D,A,X( 8),20,0x455a14edL);
1096 R1(A,B,C,D,X(13), 5,0xa9e3e905L);
1097 R1(D,A,B,C,X( 2), 9,0xfcefa3f8L);
1098 R1(C,D,A,B,X( 7),14,0x676f02d9L);
1099 R1(B,C,D,A,X(12),20,0x8d2a4c8aL);
1100 /* Round 2 */
1101 R2(A,B,C,D,X( 5), 4,0xfffa3942L);
1102 R2(D,A,B,C,X( 8),11,0x8771f681L);
1103 R2(C,D,A,B,X(11),16,0x6d9d6122L);
1104 R2(B,C,D,A,X(14),23,0xfde5380cL);
1105 R2(A,B,C,D,X( 1), 4,0xa4beea44L);
1106 R2(D,A,B,C,X( 4),11,0x4bdecfa9L);
1107 R2(C,D,A,B,X( 7),16,0xf6bb4b60L);
1108 R2(B,C,D,A,X(10),23,0xbebfbc70L);
1109 R2(A,B,C,D,X(13), 4,0x289b7ec6L);
1110 R2(D,A,B,C,X( 0),11,0xeaa127faL);
1111 R2(C,D,A,B,X( 3),16,0xd4ef3085L);
1112 R2(B,C,D,A,X( 6),23,0x04881d05L);
1113 R2(A,B,C,D,X( 9), 4,0xd9d4d039L);
1114 R2(D,A,B,C,X(12),11,0xe6db99e5L);
1115 R2(C,D,A,B,X(15),16,0x1fa27cf8L);
1116 R2(B,C,D,A,X( 2),23,0xc4ac5665L);
1117 /* Round 3 */
1118 R3(A,B,C,D,X( 0), 6,0xf4292244L);
1119 R3(D,A,B,C,X( 7),10,0x432aff97L);
1120 R3(C,D,A,B,X(14),15,0xab9423a7L);
1121 R3(B,C,D,A,X( 5),21,0xfc93a039L);
1122 R3(A,B,C,D,X(12), 6,0x655b59c3L);
1123 R3(D,A,B,C,X( 3),10,0x8f0ccc92L);
1124 R3(C,D,A,B,X(10),15,0xffeff47dL);
1125 R3(B,C,D,A,X( 1),21,0x85845dd1L);
1126 R3(A,B,C,D,X( 8), 6,0x6fa87e4fL);
1127 R3(D,A,B,C,X(15),10,0xfe2ce6e0L);
1128 R3(C,D,A,B,X( 6),15,0xa3014314L);
1129 R3(B,C,D,A,X(13),21,0x4e0811a1L);
1130 R3(A,B,C,D,X( 4), 6,0xf7537e82L);
1131 R3(D,A,B,C,X(11),10,0xbd3af235L);
1132 R3(C,D,A,B,X( 2),15,0x2ad7d2bbL);
1133 R3(B,C,D,A,X( 9),21,0xeb86d391L);
1134
1135 A = c->A += A;
1136 B = c->B += B;
1137 C = c->C += C;
1138 D = c->D += D;
1139 }
1140 }
1141 #endif
1142
1143
1144
1145 // ***************************************************************************
1146 #if COMPILER_LIKES_PRAGMA_MARK
1147 #pragma mark - base64 -> binary conversion
1148 #endif
1149
1150 static const char Base64[] =
1151 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
1152 static const char Pad64 = '=';
1153
1154
1155 #define mDNSisspace(x) (x == '\t' || x == '\n' || x == '\v' || x == '\f' || x == '\r' || x == ' ')
1156
1157 static const char *mDNSstrchr(const char *s, int c)
1158 {
1159 while (1)
1160 {
1161 if (c == *s) return s;
1162 if (!*s) return mDNSNULL;
1163 s++;
1164 }
1165 }
1166
1167 // skips all whitespace anywhere.
1168 // converts characters, four at a time, starting at (or after)
1169 // src from base - 64 numbers into three 8 bit bytes in the target area.
1170 // it returns the number of data bytes stored at the target, or -1 on error.
1171 // adapted from BIND sources
1172
1173 mDNSexport mDNSs32 DNSDigest_Base64ToBin(const char *src, mDNSu8 *target, mDNSu32 targsize)
1174 {
1175 int tarindex, state, ch;
1176 const char *pos;
1177
1178 state = 0;
1179 tarindex = 0;
1180
1181 while ((ch = *src++) != '\0') {
1182 if (mDNSisspace(ch)) /* Skip whitespace anywhere. */
1183 continue;
1184
1185 if (ch == Pad64)
1186 break;
1187
1188 pos = mDNSstrchr(Base64, ch);
1189 if (pos == 0) /* A non-base64 character. */
1190 return (-1);
1191
1192 switch (state) {
1193 case 0:
1194 if (target) {
1195 if ((mDNSu32)tarindex >= targsize)
1196 return (-1);
1197 target[tarindex] = (mDNSu8)((pos - Base64) << 2);
1198 }
1199 state = 1;
1200 break;
1201 case 1:
1202 if (target) {
1203 if ((mDNSu32)tarindex + 1 >= targsize)
1204 return (-1);
1205 target[tarindex] |= (pos - Base64) >> 4;
1206 target[tarindex+1] = (mDNSu8)(((pos - Base64) & 0x0f) << 4);
1207 }
1208 tarindex++;
1209 state = 2;
1210 break;
1211 case 2:
1212 if (target) {
1213 if ((mDNSu32)tarindex + 1 >= targsize)
1214 return (-1);
1215 target[tarindex] |= (pos - Base64) >> 2;
1216 target[tarindex+1] = (mDNSu8)(((pos - Base64) & 0x03) << 6);
1217 }
1218 tarindex++;
1219 state = 3;
1220 break;
1221 case 3:
1222 if (target) {
1223 if ((mDNSu32)tarindex >= targsize)
1224 return (-1);
1225 target[tarindex] |= (pos - Base64);
1226 }
1227 tarindex++;
1228 state = 0;
1229 break;
1230 default:
1231 return -1;
1232 }
1233 }
1234
1235 /*
1236 * We are done decoding Base-64 chars. Let's see if we ended
1237 * on a byte boundary, and/or with erroneous trailing characters.
1238 */
1239
1240 if (ch == Pad64) { /* We got a pad char. */
1241 ch = *src++; /* Skip it, get next. */
1242 switch (state) {
1243 case 0: /* Invalid = in first position */
1244 case 1: /* Invalid = in second position */
1245 return (-1);
1246
1247 case 2: /* Valid, means one byte of info */
1248 /* Skip any number of spaces. */
1249 for ((void)mDNSNULL; ch != '\0'; ch = *src++)
1250 if (!mDNSisspace(ch))
1251 break;
1252 /* Make sure there is another trailing = sign. */
1253 if (ch != Pad64)
1254 return (-1);
1255 ch = *src++; /* Skip the = */
1256 /* Fall through to "single trailing =" case. */
1257 /* FALLTHROUGH */
1258
1259 case 3: /* Valid, means two bytes of info */
1260 /*
1261 * We know this char is an =. Is there anything but
1262 * whitespace after it?
1263 */
1264 for ((void)mDNSNULL; ch != '\0'; ch = *src++)
1265 if (!mDNSisspace(ch))
1266 return (-1);
1267
1268 /*
1269 * Now make sure for cases 2 and 3 that the "extra"
1270 * bits that slopped past the last full byte were
1271 * zeros. If we don't check them, they become a
1272 * subliminal channel.
1273 */
1274 if (target && target[tarindex] != 0)
1275 return (-1);
1276 }
1277 } else {
1278 /*
1279 * We ended by seeing the end of the string. Make sure we
1280 * have no partial bytes lying around.
1281 */
1282 if (state != 0)
1283 return (-1);
1284 }
1285
1286 return (tarindex);
1287 }
1288
1289
1290 // ***************************************************************************
1291 #if COMPILER_LIKES_PRAGMA_MARK
1292 #pragma mark - API exported to mDNS Core
1293 #endif
1294
1295 // Constants
1296 #define HMAC_IPAD 0x36
1297 #define HMAC_OPAD 0x5c
1298 #define MD5_LEN 16
1299
1300 static domainname HMAC_MD5_AlgName = { { '\010', 'h', 'm', 'a', 'c', '-', 'm', 'd', '5',
1301 '\007', 's', 'i', 'g', '-', 'a', 'l', 'g',
1302 '\003', 'r', 'e', 'g',
1303 '\003', 'i', 'n', 't',
1304 '\0' } };
1305 // Adapted from Appendix, RFC 2104
1306 mDNSexport void DNSDigest_ConstructHMACKey(uDNS_AuthInfo *info, mDNSu8 *key, mDNSu32 len)
1307 {
1308 MD5_CTX k;
1309 mDNSu8 buf[MD5_LEN];
1310 int i;
1311
1312 // If key is longer than HMAC_LEN reset it to MD5(key)
1313 if (len > HMAC_LEN)
1314 {
1315 MD5_Init(&k);
1316 MD5_Update(&k, key, len);
1317 MD5_Final(buf, &k);
1318 key = buf;
1319 len = MD5_LEN;
1320 }
1321
1322 // store key in pads
1323 mDNSPlatformMemZero(info->key.ipad, HMAC_LEN);
1324 mDNSPlatformMemZero(info->key.opad, HMAC_LEN);
1325 mDNSPlatformMemCopy(key, info->key.ipad, len);
1326 mDNSPlatformMemCopy(key, info->key.opad, len);
1327
1328 // XOR key with ipad and opad values
1329 for (i = 0; i < HMAC_LEN; i++)
1330 {
1331 info->key.ipad[i] ^= HMAC_IPAD;
1332 info->key.opad[i] ^= HMAC_OPAD;
1333 }
1334
1335 }
1336
1337 mDNSexport mDNSu8 *DNSDigest_SignMessage(DNSMessage *msg, mDNSu8 **end, mDNSu16 *numAdditionals, uDNS_AuthInfo *info)
1338 {
1339 AuthRecord tsig;
1340 mDNSu8 *countPtr, *rdata;
1341 mDNSu32 utc32;
1342 mDNSu8 utc48[6];
1343 mDNSu8 digest[MD5_LEN];
1344 mDNSu8 *ptr = *end;
1345 mDNSu32 len;
1346 mDNSOpaque16 buf;
1347 MD5_CTX c;
1348
1349 // Init MD5 context, digest inner key pad and message
1350 MD5_Init(&c);
1351 MD5_Update(&c, info->key.ipad, HMAC_LEN);
1352 MD5_Update(&c, (mDNSu8 *)msg, (unsigned long)(*end - (mDNSu8 *)msg));
1353
1354 // Construct TSIG RR, digesting variables as apporpriate
1355 mDNSPlatformMemZero(&tsig, sizeof(AuthRecord));
1356 mDNS_SetupResourceRecord(&tsig, mDNSNULL, 0, kDNSType_TSIG, 0, kDNSRecordTypeKnownUnique, mDNSNULL, mDNSNULL);
1357 rdata = tsig.resrec.rdata->u.data;
1358
1359 // key name
1360 mDNSPlatformStrCopy(info->keyname.c, tsig.resrec.name.c);
1361 MD5_Update(&c, info->keyname.c, mDNSPlatformStrLen(info->keyname.c)+1);
1362
1363 // class
1364 tsig.resrec.rrclass = kDNSQClass_ANY;
1365 buf = mDNSOpaque16fromIntVal(kDNSQClass_ANY);
1366 MD5_Update(&c, buf.b, sizeof(mDNSOpaque16));
1367
1368 // ttl
1369 tsig.resrec.rroriginalttl = 0;
1370 MD5_Update(&c, (mDNSu8 *)&tsig.resrec.rroriginalttl, sizeof(tsig.resrec.rroriginalttl));
1371
1372 // alg name
1373 mDNSPlatformStrCopy(HMAC_MD5_AlgName.c, rdata);
1374 len = mDNSPlatformStrLen(HMAC_MD5_AlgName.c) + 1;
1375 rdata += len;
1376 MD5_Update(&c, HMAC_MD5_AlgName.c, len);
1377
1378 // time
1379 // get UTC (universal time), convert to 48-bit unsigned in network byte order
1380 utc32 = (mDNSu32)mDNSPlatformUTC();
1381 if (utc32 == (unsigned)-1) { LogMsg("ERROR: DNSDigest_SignMessage - mDNSPlatformUTC returned bad time -1"); return mDNSNULL; }
1382 utc48[0] = 0;
1383 utc48[1] = 0;
1384 utc48[2] = (mDNSu8)((utc32 >> 24) & 0xff);
1385 utc48[3] = (mDNSu8)((utc32 >> 16) & 0xff);
1386 utc48[4] = (mDNSu8)((utc32 >> 8) & 0xff);
1387 utc48[5] = (mDNSu8)( utc32 & 0xff);
1388
1389 mDNSPlatformMemCopy(utc48, rdata, 6);
1390 rdata += 6;
1391 MD5_Update(&c, utc48, 6);
1392
1393 // fudge
1394 buf = mDNSOpaque16fromIntVal(300); // 300 sec is fudge recommended in RFC 2485
1395 ((mDNSOpaque16 *)rdata)->NotAnInteger = buf.NotAnInteger;
1396 rdata += sizeof(mDNSOpaque16);
1397 MD5_Update(&c, buf.b, sizeof(mDNSOpaque16));
1398
1399 // digest error and other data len (both zero) - we'll add them to the rdata later
1400 buf.NotAnInteger = 0;
1401 MD5_Update(&c, buf.b, sizeof(mDNSOpaque16)); // error
1402 MD5_Update(&c, buf.b, sizeof(mDNSOpaque16)); // other data len
1403
1404 // finish the message & tsig var hash
1405 MD5_Final(digest, &c);
1406
1407 // perform outer MD5 (outer key pad, inner digest)
1408 MD5_Init(&c);
1409 MD5_Update(&c, info->key.opad, HMAC_LEN);
1410 MD5_Update(&c, digest, MD5_LEN);
1411 MD5_Final(digest, &c);
1412
1413 // set remaining rdata fields
1414 *(mDNSOpaque16 *)rdata = mDNSOpaque16fromIntVal(MD5_LEN); // MAC size
1415 rdata += sizeof(mDNSOpaque16);
1416 mDNSPlatformMemCopy(digest, rdata, MD5_LEN); // MAC
1417 rdata += MD5_LEN;
1418 ((mDNSOpaque16 *)rdata)->NotAnInteger = msg->h.id.NotAnInteger; // original ID
1419 rdata += sizeof(mDNSOpaque16);
1420 ((mDNSOpaque16 *)rdata)->NotAnInteger = 0; // no error
1421 rdata += sizeof(mDNSOpaque16);
1422 ((mDNSOpaque16 *)rdata)->NotAnInteger = 0; // other data len
1423 rdata += sizeof(mDNSOpaque16);
1424
1425 tsig.resrec.rdlength = (mDNSu16)(rdata - tsig.resrec.rdata->u.data);
1426 *end = PutResourceRecordTTL(msg, ptr, numAdditionals, &tsig.resrec, 0);
1427 if (!*end) { LogMsg("ERROR: DNSDigest_SignMessage - could not put TSIG"); return mDNSNULL; }
1428
1429 // update num additionals
1430 countPtr = (mDNSu8 *)&msg->h.numAdditionals; // increment (network-byte ordered) header value
1431 *countPtr++ = (mDNSu8)(*numAdditionals >> 8);
1432 *countPtr++ = (mDNSu8)(*numAdditionals & 0xFF);
1433
1434 return *end;
1435 }
1436
1437
1438 #ifdef __cplusplus
1439 }
1440 #endif
mirror of mDNSResponder