]> git.saurik.com Git - apple/mdnsresponder.git/blob - mDNSCore/DNSDigest.c
projects / apple / mdnsresponder.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
mDNSResponder-878.50.17.tar.gz
[apple/mdnsresponder.git] / mDNSCore / DNSDigest.c
1 /* -*- Mode: C; tab-width: 4 -*-
2 *
3 * Copyright (c) 2002-2011 Apple Inc. All rights reserved.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18 #ifdef __cplusplus
19 extern "C" {
20 #endif
21
22 #include "mDNSEmbeddedAPI.h"
23 #include "DNSCommon.h"
24
25 // Disable certain benign warnings with Microsoft compilers
26 #if (defined(_MSC_VER))
27 // Disable "conditional expression is constant" warning for debug macros.
28 // Otherwise, this generates warnings for the perfectly natural construct "while(1)"
29 // If someone knows a variant way of writing "while(1)" that doesn't generate warning messages, please let us know
30 #pragma warning(disable:4127)
31 #endif
32
33
34 // ***************************************************************************
35 #if COMPILER_LIKES_PRAGMA_MARK
36 #pragma mark - Byte Swapping Functions
37 #endif
38
39 mDNSlocal mDNSu16 NToH16(mDNSu8 * bytes)
40 {
41 return (mDNSu16)((mDNSu16)bytes[0] << 8 | (mDNSu16)bytes[1]);
42 }
43
44 mDNSlocal mDNSu32 NToH32(mDNSu8 * bytes)
45 {
46 return (mDNSu32)((mDNSu32) bytes[0] << 24 | (mDNSu32) bytes[1] << 16 | (mDNSu32) bytes[2] << 8 | (mDNSu32)bytes[3]);
47 }
48
49 // ***************************************************************************
50 #if COMPILER_LIKES_PRAGMA_MARK
51 #pragma mark - MD5 Hash Functions
52 #endif
53
54
55 /* The source for the has is derived CommonCrypto files CommonDigest.h, md32_common.h, md5_locl.h, md5_locl.h, and openssl/md5.h.
56 * The following changes have been made to the original sources:
57 * replaced CC_LONG w/ mDNSu32
58 * replaced CC_MD5* with MD5*
59 * replaced CC_LONG w/ mDNSu32, removed conditional #defines from md5.h
60 * removed extern decls for MD5_Init/Update/Final from CommonDigest.h
61 * removed APPLE_COMMON_DIGEST specific #defines from md5_locl.h
62 *
63 * Note: machine archetecure specific conditionals from the original sources are turned off, but are left in the code
64 * to aid in platform-specific optimizations and debugging.
65 * Sources originally distributed under the following license headers:
66 * CommonDigest.h - APSL
67 *
68 * md32_Common.h
69 * ====================================================================
70 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
71 *
72 * Redistribution and use in source and binary forms, with or without
73 * modification, are permitted provided that the following conditions
74 * are met:
75 *
76 * 1. Redistributions of source code must retain the above copyright
77 * notice, this list of conditions and the following disclaimer.
78 *
79 * 2. Redistributions in binary form must reproduce the above copyright
80 * notice, this list of conditions and the following disclaimer in
81 * the documentation and/or other materials provided with the
82 * distribution.
83 *
84 * 3. All advertising materials mentioning features or use of this
85 * software must display the following acknowledgment:
86 * "This product includes software developed by the OpenSSL Project
87 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
88 *
89 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
90 * endorse or promote products derived from this software without
91 * prior written permission. For written permission, please contact
92 * licensing@OpenSSL.org.
93 *
94 * 5. Products derived from this software may not be called "OpenSSL"
95 * nor may "OpenSSL" appear in their names without prior written
96 * permission of the OpenSSL Project.
97 *
98 * 6. Redistributions of any form whatsoever must retain the following
99 * acknowledgment:
100 * "This product includes software developed by the OpenSSL Project
101 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
102 *
103 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
104 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
105 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
106 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
107 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
108 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
109 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
110 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
111 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
112 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
113 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
114 * OF THE POSSIBILITY OF SUCH DAMAGE.
115 *
116 *
117 * md5_dgst.c, md5_locl.h
118 * ====================================================================
119 *
120 * This product includes cryptographic software written by Eric Young
121 * (eay@cryptsoft.com). This product includes software written by Tim
122 * Hudson (tjh@cryptsoft.com).
123 *
124 * Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
125 * All rights reserved.
126 *
127 * This package is an SSL implementation written
128 * by Eric Young (eay@cryptsoft.com).
129 * The implementation was written so as to conform with Netscapes SSL.
130 *
131 * This library is free for commercial and non-commercial use as long as
132 * the following conditions are aheared to. The following conditions
133 * apply to all code found in this distribution, be it the RC4, RSA,
134 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
135 * included with this distribution is covered by the same copyright terms
136 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
137 *
138 * Copyright remains Eric Young's, and as such any Copyright notices in
139 * the code are not to be removed.
140 * If this package is used in a product, Eric Young should be given attribution
141 * as the author of the parts of the library used.
142 * This can be in the form of a textual message at program startup or
143 * in documentation (online or textual) provided with the package.
144 *
145 * Redistribution and use in source and binary forms, with or without
146 * modification, are permitted provided that the following conditions
147 * are met:
148 * 1. Redistributions of source code must retain the copyright
149 * notice, this list of conditions and the following disclaimer.
150 * 2. Redistributions in binary form must reproduce the above copyright
151 * notice, this list of conditions and the following disclaimer in the
152 * documentation and/or other materials provided with the distribution.
153 * 3. All advertising materials mentioning features or use of this software
154 * must display the following acknowledgement:
155 * "This product includes cryptographic software written by
156 * Eric Young (eay@cryptsoft.com)"
157 * The word 'cryptographic' can be left out if the rouines from the library
158 * being used are not cryptographic related :-).
159 * 4. If you include any Windows specific code (or a derivative thereof) from
160 * the apps directory (application code) you must include an acknowledgement:
161 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
162 *
163 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
164 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
165 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
166 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
167 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
168 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
169 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
170 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
171 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
172 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
173 * SUCH DAMAGE.
174 *
175 * The licence and distribution terms for any publically available version or
176 * derivative of this code cannot be changed. i.e. this code cannot simply be
177 * copied and put under another distribution licence
178 * [including the GNU Public Licence.]
179 *
180 */
181
182 //from CommonDigest.h
183
184
185
186 // from openssl/md5.h
187
188 #define MD5_CBLOCK 64
189 #define MD5_LBLOCK (MD5_CBLOCK/4)
190 #define MD5_DIGEST_LENGTH 16
191
192 void MD5_Transform(MD5_CTX *c, const unsigned char *b);
193
194 // From md5_locl.h
195
196 #ifndef MD5_LONG_LOG2
197 #define MD5_LONG_LOG2 2 /* default to 32 bits */
198 #endif
199
200 #ifdef MD5_ASM
201 # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
202 # define md5_block_host_order md5_block_asm_host_order
203 # elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC)
204 void md5_block_asm_data_order_aligned (MD5_CTX *c, const mDNSu32 *p,int num);
205 # define HASH_BLOCK_DATA_ORDER_ALIGNED md5_block_asm_data_order_aligned
206 # endif
207 #endif
208
209 void md5_block_host_order (MD5_CTX *c, const void *p,int num);
210 void md5_block_data_order (MD5_CTX *c, const void *p,int num);
211
212 #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
213 /*
214 * *_block_host_order is expected to handle aligned data while
215 * *_block_data_order - unaligned. As algorithm and host (x86)
216 * are in this case of the same "endianness" these two are
217 * otherwise indistinguishable. But normally you don't want to
218 * call the same function because unaligned access in places
219 * where alignment is expected is usually a "Bad Thing". Indeed,
220 * on RISCs you get punished with BUS ERROR signal or *severe*
221 * performance degradation. Intel CPUs are in turn perfectly
222 * capable of loading unaligned data without such drastic side
223 * effect. Yes, they say it's slower than aligned load, but no
224 * exception is generated and therefore performance degradation
225 * is *incomparable* with RISCs. What we should weight here is
226 * costs of unaligned access against costs of aligning data.
227 * According to my measurements allowing unaligned access results
228 * in ~9% performance improvement on Pentium II operating at
229 * 266MHz. I won't be surprised if the difference will be higher
230 * on faster systems:-)
231 *
232 * <appro@fy.chalmers.se>
233 */
234 #define md5_block_data_order md5_block_host_order
235 #endif
236
237 #define DATA_ORDER_IS_LITTLE_ENDIAN
238
239 #define HASH_LONG mDNSu32
240 #define HASH_LONG_LOG2 MD5_LONG_LOG2
241 #define HASH_CTX MD5_CTX
242 #define HASH_CBLOCK MD5_CBLOCK
243 #define HASH_LBLOCK MD5_LBLOCK
244
245 #define HASH_UPDATE MD5_Update
246 #define HASH_TRANSFORM MD5_Transform
247 #define HASH_FINAL MD5_Final
248
249 #define HASH_MAKE_STRING(c,s) do { \
250 unsigned long ll; \
251 ll=(c)->A; HOST_l2c(ll,(s)); \
252 ll=(c)->B; HOST_l2c(ll,(s)); \
253 ll=(c)->C; HOST_l2c(ll,(s)); \
254 ll=(c)->D; HOST_l2c(ll,(s)); \
255 } while (0)
256 #define HASH_BLOCK_HOST_ORDER md5_block_host_order
257 #if !defined(L_ENDIAN) || defined(md5_block_data_order)
258 #define HASH_BLOCK_DATA_ORDER md5_block_data_order
259 /*
260 * Little-endians (Intel and Alpha) feel better without this.
261 * It looks like memcpy does better job than generic
262 * md5_block_data_order on copying-n-aligning input data.
263 * But frankly speaking I didn't expect such result on Alpha.
264 * On the other hand I've got this with egcs-1.0.2 and if
265 * program is compiled with another (better?) compiler it
266 * might turn out other way around.
267 *
268 * <appro@fy.chalmers.se>
269 */
270 #endif
271
272
273 // from md32_common.h
274
275 /*
276 * This is a generic 32 bit "collector" for message digest algorithms.
277 * Whenever needed it collects input character stream into chunks of
278 * 32 bit values and invokes a block function that performs actual hash
279 * calculations.
280 *
281 * Porting guide.
282 *
283 * Obligatory macros:
284 *
285 * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
286 * this macro defines byte order of input stream.
287 * HASH_CBLOCK
288 * size of a unit chunk HASH_BLOCK operates on.
289 * HASH_LONG
290 * has to be at lest 32 bit wide, if it's wider, then
291 * HASH_LONG_LOG2 *has to* be defined along
292 * HASH_CTX
293 * context structure that at least contains following
294 * members:
295 * typedef struct {
296 * ...
297 * HASH_LONG Nl,Nh;
298 * HASH_LONG data[HASH_LBLOCK];
299 * int num;
300 * ...
301 * } HASH_CTX;
302 * HASH_UPDATE
303 * name of "Update" function, implemented here.
304 * HASH_TRANSFORM
305 * name of "Transform" function, implemented here.
306 * HASH_FINAL
307 * name of "Final" function, implemented here.
308 * HASH_BLOCK_HOST_ORDER
309 * name of "block" function treating *aligned* input message
310 * in host byte order, implemented externally.
311 * HASH_BLOCK_DATA_ORDER
312 * name of "block" function treating *unaligned* input message
313 * in original (data) byte order, implemented externally (it
314 * actually is optional if data and host are of the same
315 * "endianess").
316 * HASH_MAKE_STRING
317 * macro convering context variables to an ASCII hash string.
318 *
319 * Optional macros:
320 *
321 * B_ENDIAN or L_ENDIAN
322 * defines host byte-order.
323 * HASH_LONG_LOG2
324 * defaults to 2 if not states otherwise.
325 * HASH_LBLOCK
326 * assumed to be HASH_CBLOCK/4 if not stated otherwise.
327 * HASH_BLOCK_DATA_ORDER_ALIGNED
328 * alternative "block" function capable of treating
329 * aligned input message in original (data) order,
330 * implemented externally.
331 *
332 * MD5 example:
333 *
334 * #define DATA_ORDER_IS_LITTLE_ENDIAN
335 *
336 * #define HASH_LONG mDNSu32
337 * #define HASH_LONG_LOG2 mDNSu32_LOG2
338 * #define HASH_CTX MD5_CTX
339 * #define HASH_CBLOCK MD5_CBLOCK
340 * #define HASH_LBLOCK MD5_LBLOCK
341 * #define HASH_UPDATE MD5_Update
342 * #define HASH_TRANSFORM MD5_Transform
343 * #define HASH_FINAL MD5_Final
344 * #define HASH_BLOCK_HOST_ORDER md5_block_host_order
345 * #define HASH_BLOCK_DATA_ORDER md5_block_data_order
346 *
347 * <appro@fy.chalmers.se>
348 */
349
350 #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
351 #error "DATA_ORDER must be defined!"
352 #endif
353
354 #ifndef HASH_CBLOCK
355 #error "HASH_CBLOCK must be defined!"
356 #endif
357 #ifndef HASH_LONG
358 #error "HASH_LONG must be defined!"
359 #endif
360 #ifndef HASH_CTX
361 #error "HASH_CTX must be defined!"
362 #endif
363
364 #ifndef HASH_UPDATE
365 #error "HASH_UPDATE must be defined!"
366 #endif
367 #ifndef HASH_TRANSFORM
368 #error "HASH_TRANSFORM must be defined!"
369 #endif
370 #ifndef HASH_FINAL
371 #error "HASH_FINAL must be defined!"
372 #endif
373
374 #ifndef HASH_BLOCK_HOST_ORDER
375 #error "HASH_BLOCK_HOST_ORDER must be defined!"
376 #endif
377
378 #if 0
379 /*
380 * Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED
381 * isn't defined.
382 */
383 #ifndef HASH_BLOCK_DATA_ORDER
384 #error "HASH_BLOCK_DATA_ORDER must be defined!"
385 #endif
386 #endif
387
388 #ifndef HASH_LBLOCK
389 #define HASH_LBLOCK (HASH_CBLOCK/4)
390 #endif
391
392 #ifndef HASH_LONG_LOG2
393 #define HASH_LONG_LOG2 2
394 #endif
395
396 /*
397 * Engage compiler specific rotate intrinsic function if available.
398 */
399 #undef ROTATE
400 #ifndef PEDANTIC
401 # if 0 /* defined(_MSC_VER) */
402 # define ROTATE(a,n) _lrotl(a,n)
403 # elif defined(__MWERKS__)
404 # if defined(__POWERPC__)
405 # define ROTATE(a,n) (unsigned MD32_REG_T)__rlwinm((int)a,n,0,31)
406 # elif defined(__MC68K__)
407 /* Motorola specific tweak. <appro@fy.chalmers.se> */
408 # define ROTATE(a,n) (n<24 ? __rol(a,n) : __ror(a,32-n))
409 # else
410 # define ROTATE(a,n) __rol(a,n)
411 # endif
412 # elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
413 /*
414 * Some GNU C inline assembler templates. Note that these are
415 * rotates by *constant* number of bits! But that's exactly
416 * what we need here...
417 *
418 * <appro@fy.chalmers.se>
419 */
420 /*
421 * LLVM is more strict about compatibility of types between input & output constraints,
422 * but we want these to be rotations of 32 bits, not 64, so we explicitly drop the
423 * most significant bytes by casting to an unsigned int.
424 */
425 # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
426 # define ROTATE(a,n) ({ register unsigned int ret; \
427 asm ( \
428 "roll %1,%0" \
429 : "=r" (ret) \
430 : "I" (n), "0" ((unsigned int)a) \
431 : "cc"); \
432 ret; \
433 })
434 # elif defined(__powerpc) || defined(__ppc)
435 # define ROTATE(a,n) ({ register unsigned int ret; \
436 asm ( \
437 "rlwinm %0,%1,%2,0,31" \
438 : "=r" (ret) \
439 : "r" (a), "I" (n)); \
440 ret; \
441 })
442 # endif
443 # endif
444
445 /*
446 * Engage compiler specific "fetch in reverse byte order"
447 * intrinsic function if available.
448 */
449 # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
450 /* some GNU C inline assembler templates by <appro@fy.chalmers.se> */
451 # if (defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)) && !defined(I386_ONLY)
452 # define BE_FETCH32(a) ({ register unsigned int l=(a); \
453 asm ( \
454 "bswapl %0" \
455 : "=r" (l) : "0" (l)); \
456 l; \
457 })
458 # elif defined(__powerpc)
459 # define LE_FETCH32(a) ({ register unsigned int l; \
460 asm ( \
461 "lwbrx %0,0,%1" \
462 : "=r" (l) \
463 : "r" (a)); \
464 l; \
465 })
466
467 # elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC)
468 # define LE_FETCH32(a) ({ register unsigned int l; \
469 asm ( \
470 "lda [%1]#ASI_PRIMARY_LITTLE,%0" \
471 : "=r" (l) \
472 : "r" (a)); \
473 l; \
474 })
475 # endif
476 # endif
477 #endif /* PEDANTIC */
478
479 #if HASH_LONG_LOG2==2 /* Engage only if sizeof(HASH_LONG)== 4 */
480 /* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
481 #ifdef ROTATE
482 /* 5 instructions with rotate instruction, else 9 */
483 #define REVERSE_FETCH32(a,l) ( \
484 l=*(const HASH_LONG *)(a), \
485 ((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24))) \
486 )
487 #else
488 /* 6 instructions with rotate instruction, else 8 */
489 #define REVERSE_FETCH32(a,l) ( \
490 l=*(const HASH_LONG *)(a), \
491 l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)), \
492 ROTATE(l,16) \
493 )
494 /*
495 * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|...
496 * It's rewritten as above for two reasons:
497 * - RISCs aren't good at long constants and have to explicitely
498 * compose 'em with several (well, usually 2) instructions in a
499 * register before performing the actual operation and (as you
500 * already realized:-) having same constant should inspire the
501 * compiler to permanently allocate the only register for it;
502 * - most modern CPUs have two ALUs, but usually only one has
503 * circuitry for shifts:-( this minor tweak inspires compiler
504 * to schedule shift instructions in a better way...
505 *
506 * <appro@fy.chalmers.se>
507 */
508 #endif
509 #endif
510
511 #ifndef ROTATE
512 #define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
513 #endif
514
515 /*
516 * Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED
517 * and HASH_BLOCK_HOST_ORDER ought to be the same if input data
518 * and host are of the same "endianess". It's possible to mask
519 * this with blank #define HASH_BLOCK_DATA_ORDER though...
520 *
521 * <appro@fy.chalmers.se>
522 */
523 #if defined(B_ENDIAN)
524 # if defined(DATA_ORDER_IS_BIG_ENDIAN)
525 # if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
526 # define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER
527 # endif
528 # elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
529 # ifndef HOST_FETCH32
530 # ifdef LE_FETCH32
531 # define HOST_FETCH32(p,l) LE_FETCH32(p)
532 # elif defined(REVERSE_FETCH32)
533 # define HOST_FETCH32(p,l) REVERSE_FETCH32(p,l)
534 # endif
535 # endif
536 # endif
537 #elif defined(L_ENDIAN)
538 # if defined(DATA_ORDER_IS_LITTLE_ENDIAN)
539 # if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
540 # define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER
541 # endif
542 # elif defined(DATA_ORDER_IS_BIG_ENDIAN)
543 # ifndef HOST_FETCH32
544 # ifdef BE_FETCH32
545 # define HOST_FETCH32(p,l) BE_FETCH32(p)
546 # elif defined(REVERSE_FETCH32)
547 # define HOST_FETCH32(p,l) REVERSE_FETCH32(p,l)
548 # endif
549 # endif
550 # endif
551 #endif
552
553 #if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
554 #ifndef HASH_BLOCK_DATA_ORDER
555 #error "HASH_BLOCK_DATA_ORDER must be defined!"
556 #endif
557 #endif
558
559 // None of the invocations of the following macros actually use the result,
560 // so cast them to void to avoid any compiler warnings/errors about not using
561 // the result (e.g. when using clang).
562 // If the resultant values need to be used at some point, these must be changed.
563 #define HOST_c2l(c,l) ((void)_HOST_c2l(c,l))
564 #define HOST_l2c(l,c) ((void)_HOST_l2c(l,c))
565
566 #if defined(DATA_ORDER_IS_BIG_ENDIAN)
567
568 #define _HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \
569 l|=(((unsigned long)(*((c)++)))<<16), \
570 l|=(((unsigned long)(*((c)++)))<< 8), \
571 l|=(((unsigned long)(*((c)++))) ), \
572 l)
573 #define HOST_p_c2l(c,l,n) { \
574 switch (n) { \
575 case 0: l =((unsigned long)(*((c)++)))<<24; \
576 case 1: l|=((unsigned long)(*((c)++)))<<16; \
577 case 2: l|=((unsigned long)(*((c)++)))<< 8; \
578 case 3: l|=((unsigned long)(*((c)++))); \
579 } }
580 #define HOST_p_c2l_p(c,l,sc,len) { \
581 switch (sc) { \
582 case 0: l =((unsigned long)(*((c)++)))<<24; \
583 if (--len == 0) break; \
584 case 1: l|=((unsigned long)(*((c)++)))<<16; \
585 if (--len == 0) break; \
586 case 2: l|=((unsigned long)(*((c)++)))<< 8; \
587 } }
588 /* NOTE the pointer is not incremented at the end of this */
589 #define HOST_c2l_p(c,l,n) { \
590 l=0; (c)+=n; \
591 switch (n) { \
592 case 3: l =((unsigned long)(*(--(c))))<< 8; \
593 case 2: l|=((unsigned long)(*(--(c))))<<16; \
594 case 1: l|=((unsigned long)(*(--(c))))<<24; \
595 } }
596 #define _HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
597 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
598 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
599 *((c)++)=(unsigned char)(((l) )&0xff), \
600 l)
601
602 #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
603
604 #define _HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
605 l|=(((unsigned long)(*((c)++)))<< 8), \
606 l|=(((unsigned long)(*((c)++)))<<16), \
607 l|=(((unsigned long)(*((c)++)))<<24), \
608 l)
609 #define HOST_p_c2l(c,l,n) { \
610 switch (n) { \
611 case 0: l =((unsigned long)(*((c)++))); \
612 case 1: l|=((unsigned long)(*((c)++)))<< 8; \
613 case 2: l|=((unsigned long)(*((c)++)))<<16; \
614 case 3: l|=((unsigned long)(*((c)++)))<<24; \
615 } }
616 #define HOST_p_c2l_p(c,l,sc,len) { \
617 switch (sc) { \
618 case 0: l =((unsigned long)(*((c)++))); \
619 if (--len == 0) break; \
620 case 1: l|=((unsigned long)(*((c)++)))<< 8; \
621 if (--len == 0) break; \
622 case 2: l|=((unsigned long)(*((c)++)))<<16; \
623 } }
624 /* NOTE the pointer is not incremented at the end of this */
625 #define HOST_c2l_p(c,l,n) { \
626 l=0; (c)+=n; \
627 switch (n) { \
628 case 3: l =((unsigned long)(*(--(c))))<<16; \
629 case 2: l|=((unsigned long)(*(--(c))))<< 8; \
630 case 1: l|=((unsigned long)(*(--(c)))); \
631 } }
632 #define _HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
633 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
634 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
635 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
636 l)
637
638 #endif
639
640 /*
641 * Time for some action:-)
642 */
643
644 int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len)
645 {
646 const unsigned char *data=(const unsigned char *)data_;
647 register HASH_LONG * p;
648 register unsigned long l;
649 int sw,sc,ew,ec;
650
651 if (len==0) return 1;
652
653 l=(c->Nl+(len<<3))&0xffffffffL;
654 /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
655 * Wei Dai <weidai@eskimo.com> for pointing it out. */
656 if (l < c->Nl) /* overflow */
657 c->Nh++;
658 c->Nh+=(len>>29);
659 c->Nl=l;
660
661 if (c->num != 0)
662 {
663 p=c->data;
664 sw=c->num>>2;
665 sc=c->num&0x03;
666
667 if ((c->num+len) >= HASH_CBLOCK)
668 {
669 l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l;
670 for (; sw<HASH_LBLOCK; sw++)
671 {
672 HOST_c2l(data,l); p[sw]=l;
673 }
674 HASH_BLOCK_HOST_ORDER (c,p,1);
675 len-=(HASH_CBLOCK-c->num);
676 c->num=0;
677 /* drop through and do the rest */
678 }
679 else
680 {
681 c->num+=len;
682 if ((sc+len) < 4) /* ugly, add char's to a word */
683 {
684 l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l;
685 }
686 else
687 {
688 ew=(c->num>>2);
689 ec=(c->num&0x03);
690 if (sc)
691 l=p[sw];
692 HOST_p_c2l(data,l,sc);
693 p[sw++]=l;
694 for (; sw < ew; sw++)
695 {
696 HOST_c2l(data,l); p[sw]=l;
697 }
698 if (ec)
699 {
700 HOST_c2l_p(data,l,ec); p[sw]=l;
701 }
702 }
703 return 1;
704 }
705 }
706
707 sw=(int)(len/HASH_CBLOCK);
708 if (sw > 0)
709 {
710 #if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
711 /*
712 * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined
713 * only if sizeof(HASH_LONG)==4.
714 */
715 if ((((unsigned long)data)%4) == 0)
716 {
717 /* data is properly aligned so that we can cast it: */
718 HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,sw);
719 sw*=HASH_CBLOCK;
720 data+=sw;
721 len-=sw;
722 }
723 else
724 #if !defined(HASH_BLOCK_DATA_ORDER)
725 while (sw--)
726 {
727 mDNSPlatformMemCopy(p=c->data,data,HASH_CBLOCK);
728 HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1);
729 data+=HASH_CBLOCK;
730 len-=HASH_CBLOCK;
731 }
732 #endif
733 #endif
734 #if defined(HASH_BLOCK_DATA_ORDER)
735 {
736 HASH_BLOCK_DATA_ORDER(c,data,sw);
737 sw*=HASH_CBLOCK;
738 data+=sw;
739 len-=sw;
740 }
741 #endif
742 }
743
744 if (len!=0)
745 {
746 p = c->data;
747 c->num = (int)len;
748 ew=(int)(len>>2); /* words to copy */
749 ec=(int)(len&0x03);
750 for (; ew; ew--,p++)
751 {
752 HOST_c2l(data,l); *p=l;
753 }
754 HOST_c2l_p(data,l,ec);
755 *p=l;
756 }
757 return 1;
758 }
759
760
761 void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data)
762 {
763 #if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
764 if ((((unsigned long)data)%4) == 0)
765 /* data is properly aligned so that we can cast it: */
766 HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,1);
767 else
768 #if !defined(HASH_BLOCK_DATA_ORDER)
769 {
770 mDNSPlatformMemCopy(c->data,data,HASH_CBLOCK);
771 HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1);
772 }
773 #endif
774 #endif
775 #if defined(HASH_BLOCK_DATA_ORDER)
776 HASH_BLOCK_DATA_ORDER (c,data,1);
777 #endif
778 }
779
780
781 int HASH_FINAL (unsigned char *md, HASH_CTX *c)
782 {
783 register HASH_LONG *p;
784 register unsigned long l;
785 register int i,j;
786 static const unsigned char end[4]={0x80,0x00,0x00,0x00};
787 const unsigned char *cp=end;
788
789 /* c->num should definitly have room for at least one more byte. */
790 p=c->data;
791 i=c->num>>2;
792 j=c->num&0x03;
793
794 #if 0
795 /* purify often complains about the following line as an
796 * Uninitialized Memory Read. While this can be true, the
797 * following p_c2l macro will reset l when that case is true.
798 * This is because j&0x03 contains the number of 'valid' bytes
799 * already in p[i]. If and only if j&0x03 == 0, the UMR will
800 * occur but this is also the only time p_c2l will do
801 * l= *(cp++) instead of l|= *(cp++)
802 * Many thanks to Alex Tang <altitude@cic.net> for pickup this
803 * 'potential bug' */
804 #ifdef PURIFY
805 if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */
806 #endif
807 l=p[i];
808 #else
809 l = (j==0) ? 0 : p[i];
810 #endif
811 HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */
812
813 if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */
814 {
815 if (i<HASH_LBLOCK) p[i]=0;
816 HASH_BLOCK_HOST_ORDER (c,p,1);
817 i=0;
818 }
819 for (; i<(HASH_LBLOCK-2); i++)
820 p[i]=0;
821
822 #if defined(DATA_ORDER_IS_BIG_ENDIAN)
823 p[HASH_LBLOCK-2]=c->Nh;
824 p[HASH_LBLOCK-1]=c->Nl;
825 #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
826 p[HASH_LBLOCK-2]=c->Nl;
827 p[HASH_LBLOCK-1]=c->Nh;
828 #endif
829 HASH_BLOCK_HOST_ORDER (c,p,1);
830
831 #ifndef HASH_MAKE_STRING
832 #error "HASH_MAKE_STRING must be defined!"
833 #else
834 HASH_MAKE_STRING(c,md);
835 #endif
836
837 c->num=0;
838 /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
839 * but I'm not worried :-)
840 OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
841 */
842 return 1;
843 }
844
845 #ifndef MD32_REG_T
846 #define MD32_REG_T long
847 /*
848 * This comment was originaly written for MD5, which is why it
849 * discusses A-D. But it basically applies to all 32-bit digests,
850 * which is why it was moved to common header file.
851 *
852 * In case you wonder why A-D are declared as long and not
853 * as mDNSu32. Doing so results in slight performance
854 * boost on LP64 architectures. The catch is we don't
855 * really care if 32 MSBs of a 64-bit register get polluted
856 * with eventual overflows as we *save* only 32 LSBs in
857 * *either* case. Now declaring 'em long excuses the compiler
858 * from keeping 32 MSBs zeroed resulting in 13% performance
859 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
860 * Well, to be honest it should say that this *prevents*
861 * performance degradation.
862 * <appro@fy.chalmers.se>
863 * Apparently there're LP64 compilers that generate better
864 * code if A-D are declared int. Most notably GCC-x86_64
865 * generates better code.
866 * <appro@fy.chalmers.se>
867 */
868 #endif
869
870
871 // from md5_locl.h (continued)
872
873 /*
874 #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
875 #define G(x,y,z) (((x) & (z)) | ((y) & (~(z))))
876 */
877
878 /* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
879 * simplified to the code below. Wei attributes these optimizations
880 * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
881 */
882 #define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d))
883 #define G(b,c,d) ((((b) ^ (c)) & (d)) ^ (c))
884 #define H(b,c,d) ((b) ^ (c) ^ (d))
885 #define I(b,c,d) (((~(d)) | (b)) ^ (c))
886
887 #define R0(a,b,c,d,k,s,t) { \
888 a+=((k)+(t)+F((b),(c),(d))); \
889 a=ROTATE(a,s); \
890 a+=b; }; \
891
892 #define R1(a,b,c,d,k,s,t) { \
893 a+=((k)+(t)+G((b),(c),(d))); \
894 a=ROTATE(a,s); \
895 a+=b; };
896
897 #define R2(a,b,c,d,k,s,t) { \
898 a+=((k)+(t)+H((b),(c),(d))); \
899 a=ROTATE(a,s); \
900 a+=b; };
901
902 #define R3(a,b,c,d,k,s,t) { \
903 a+=((k)+(t)+I((b),(c),(d))); \
904 a=ROTATE(a,s); \
905 a+=b; };
906
907 // from md5_dgst.c
908
909
910 /* Implemented from RFC1321 The MD5 Message-Digest Algorithm
911 */
912
913 #define INIT_DATA_A (unsigned long)0x67452301L
914 #define INIT_DATA_B (unsigned long)0xefcdab89L
915 #define INIT_DATA_C (unsigned long)0x98badcfeL
916 #define INIT_DATA_D (unsigned long)0x10325476L
917
918 int MD5_Init(MD5_CTX *c)
919 {
920 c->A=INIT_DATA_A;
921 c->B=INIT_DATA_B;
922 c->C=INIT_DATA_C;
923 c->D=INIT_DATA_D;
924 c->Nl=0;
925 c->Nh=0;
926 c->num=0;
927 return 1;
928 }
929
930 #ifndef md5_block_host_order
931 void md5_block_host_order (MD5_CTX *c, const void *data, int num)
932 {
933 const mDNSu32 *X=(const mDNSu32 *)data;
934 register unsigned MD32_REG_T A,B,C,D;
935
936 A=c->A;
937 B=c->B;
938 C=c->C;
939 D=c->D;
940
941 for (; num--; X+=HASH_LBLOCK)
942 {
943 /* Round 0 */
944 R0(A,B,C,D,X[ 0], 7,0xd76aa478L);
945 R0(D,A,B,C,X[ 1],12,0xe8c7b756L);
946 R0(C,D,A,B,X[ 2],17,0x242070dbL);
947 R0(B,C,D,A,X[ 3],22,0xc1bdceeeL);
948 R0(A,B,C,D,X[ 4], 7,0xf57c0fafL);
949 R0(D,A,B,C,X[ 5],12,0x4787c62aL);
950 R0(C,D,A,B,X[ 6],17,0xa8304613L);
951 R0(B,C,D,A,X[ 7],22,0xfd469501L);
952 R0(A,B,C,D,X[ 8], 7,0x698098d8L);
953 R0(D,A,B,C,X[ 9],12,0x8b44f7afL);
954 R0(C,D,A,B,X[10],17,0xffff5bb1L);
955 R0(B,C,D,A,X[11],22,0x895cd7beL);
956 R0(A,B,C,D,X[12], 7,0x6b901122L);
957 R0(D,A,B,C,X[13],12,0xfd987193L);
958 R0(C,D,A,B,X[14],17,0xa679438eL);
959 R0(B,C,D,A,X[15],22,0x49b40821L);
960 /* Round 1 */
961 R1(A,B,C,D,X[ 1], 5,0xf61e2562L);
962 R1(D,A,B,C,X[ 6], 9,0xc040b340L);
963 R1(C,D,A,B,X[11],14,0x265e5a51L);
964 R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL);
965 R1(A,B,C,D,X[ 5], 5,0xd62f105dL);
966 R1(D,A,B,C,X[10], 9,0x02441453L);
967 R1(C,D,A,B,X[15],14,0xd8a1e681L);
968 R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L);
969 R1(A,B,C,D,X[ 9], 5,0x21e1cde6L);
970 R1(D,A,B,C,X[14], 9,0xc33707d6L);
971 R1(C,D,A,B,X[ 3],14,0xf4d50d87L);
972 R1(B,C,D,A,X[ 8],20,0x455a14edL);
973 R1(A,B,C,D,X[13], 5,0xa9e3e905L);
974 R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L);
975 R1(C,D,A,B,X[ 7],14,0x676f02d9L);
976 R1(B,C,D,A,X[12],20,0x8d2a4c8aL);
977 /* Round 2 */
978 R2(A,B,C,D,X[ 5], 4,0xfffa3942L);
979 R2(D,A,B,C,X[ 8],11,0x8771f681L);
980 R2(C,D,A,B,X[11],16,0x6d9d6122L);
981 R2(B,C,D,A,X[14],23,0xfde5380cL);
982 R2(A,B,C,D,X[ 1], 4,0xa4beea44L);
983 R2(D,A,B,C,X[ 4],11,0x4bdecfa9L);
984 R2(C,D,A,B,X[ 7],16,0xf6bb4b60L);
985 R2(B,C,D,A,X[10],23,0xbebfbc70L);
986 R2(A,B,C,D,X[13], 4,0x289b7ec6L);
987 R2(D,A,B,C,X[ 0],11,0xeaa127faL);
988 R2(C,D,A,B,X[ 3],16,0xd4ef3085L);
989 R2(B,C,D,A,X[ 6],23,0x04881d05L);
990 R2(A,B,C,D,X[ 9], 4,0xd9d4d039L);
991 R2(D,A,B,C,X[12],11,0xe6db99e5L);
992 R2(C,D,A,B,X[15],16,0x1fa27cf8L);
993 R2(B,C,D,A,X[ 2],23,0xc4ac5665L);
994 /* Round 3 */
995 R3(A,B,C,D,X[ 0], 6,0xf4292244L);
996 R3(D,A,B,C,X[ 7],10,0x432aff97L);
997 R3(C,D,A,B,X[14],15,0xab9423a7L);
998 R3(B,C,D,A,X[ 5],21,0xfc93a039L);
999 R3(A,B,C,D,X[12], 6,0x655b59c3L);
1000 R3(D,A,B,C,X[ 3],10,0x8f0ccc92L);
1001 R3(C,D,A,B,X[10],15,0xffeff47dL);
1002 R3(B,C,D,A,X[ 1],21,0x85845dd1L);
1003 R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL);
1004 R3(D,A,B,C,X[15],10,0xfe2ce6e0L);
1005 R3(C,D,A,B,X[ 6],15,0xa3014314L);
1006 R3(B,C,D,A,X[13],21,0x4e0811a1L);
1007 R3(A,B,C,D,X[ 4], 6,0xf7537e82L);
1008 R3(D,A,B,C,X[11],10,0xbd3af235L);
1009 R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL);
1010 R3(B,C,D,A,X[ 9],21,0xeb86d391L);
1011
1012 A = c->A += A;
1013 B = c->B += B;
1014 C = c->C += C;
1015 D = c->D += D;
1016 }
1017 }
1018 #endif
1019
1020 #ifndef md5_block_data_order
1021 #ifdef X
1022 #undef X
1023 #endif
1024 void md5_block_data_order (MD5_CTX *c, const void *data_, int num)
1025 {
1026 const unsigned char *data=data_;
1027 register unsigned MD32_REG_T A,B,C,D,l;
1028 #ifndef MD32_XARRAY
1029 /* See comment in crypto/sha/sha_locl.h for details. */
1030 unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
1031 XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
1032 # define X(i) XX ## i
1033 #else
1034 mDNSu32 XX[MD5_LBLOCK];
1035 # define X(i) XX[i]
1036 #endif
1037
1038 A=c->A;
1039 B=c->B;
1040 C=c->C;
1041 D=c->D;
1042
1043 for (; num--;)
1044 {
1045 HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l;
1046 /* Round 0 */
1047 R0(A,B,C,D,X( 0), 7,0xd76aa478L); HOST_c2l(data,l); X( 2)=l;
1048 R0(D,A,B,C,X( 1),12,0xe8c7b756L); HOST_c2l(data,l); X( 3)=l;
1049 R0(C,D,A,B,X( 2),17,0x242070dbL); HOST_c2l(data,l); X( 4)=l;
1050 R0(B,C,D,A,X( 3),22,0xc1bdceeeL); HOST_c2l(data,l); X( 5)=l;
1051 R0(A,B,C,D,X( 4), 7,0xf57c0fafL); HOST_c2l(data,l); X( 6)=l;
1052 R0(D,A,B,C,X( 5),12,0x4787c62aL); HOST_c2l(data,l); X( 7)=l;
1053 R0(C,D,A,B,X( 6),17,0xa8304613L); HOST_c2l(data,l); X( 8)=l;
1054 R0(B,C,D,A,X( 7),22,0xfd469501L); HOST_c2l(data,l); X( 9)=l;
1055 R0(A,B,C,D,X( 8), 7,0x698098d8L); HOST_c2l(data,l); X(10)=l;
1056 R0(D,A,B,C,X( 9),12,0x8b44f7afL); HOST_c2l(data,l); X(11)=l;
1057 R0(C,D,A,B,X(10),17,0xffff5bb1L); HOST_c2l(data,l); X(12)=l;
1058 R0(B,C,D,A,X(11),22,0x895cd7beL); HOST_c2l(data,l); X(13)=l;
1059 R0(A,B,C,D,X(12), 7,0x6b901122L); HOST_c2l(data,l); X(14)=l;
1060 R0(D,A,B,C,X(13),12,0xfd987193L); HOST_c2l(data,l); X(15)=l;
1061 R0(C,D,A,B,X(14),17,0xa679438eL);
1062 R0(B,C,D,A,X(15),22,0x49b40821L);
1063 /* Round 1 */
1064 R1(A,B,C,D,X( 1), 5,0xf61e2562L);
1065 R1(D,A,B,C,X( 6), 9,0xc040b340L);
1066 R1(C,D,A,B,X(11),14,0x265e5a51L);
1067 R1(B,C,D,A,X( 0),20,0xe9b6c7aaL);
1068 R1(A,B,C,D,X( 5), 5,0xd62f105dL);
1069 R1(D,A,B,C,X(10), 9,0x02441453L);
1070 R1(C,D,A,B,X(15),14,0xd8a1e681L);
1071 R1(B,C,D,A,X( 4),20,0xe7d3fbc8L);
1072 R1(A,B,C,D,X( 9), 5,0x21e1cde6L);
1073 R1(D,A,B,C,X(14), 9,0xc33707d6L);
1074 R1(C,D,A,B,X( 3),14,0xf4d50d87L);
1075 R1(B,C,D,A,X( 8),20,0x455a14edL);
1076 R1(A,B,C,D,X(13), 5,0xa9e3e905L);
1077 R1(D,A,B,C,X( 2), 9,0xfcefa3f8L);
1078 R1(C,D,A,B,X( 7),14,0x676f02d9L);
1079 R1(B,C,D,A,X(12),20,0x8d2a4c8aL);
1080 /* Round 2 */
1081 R2(A,B,C,D,X( 5), 4,0xfffa3942L);
1082 R2(D,A,B,C,X( 8),11,0x8771f681L);
1083 R2(C,D,A,B,X(11),16,0x6d9d6122L);
1084 R2(B,C,D,A,X(14),23,0xfde5380cL);
1085 R2(A,B,C,D,X( 1), 4,0xa4beea44L);
1086 R2(D,A,B,C,X( 4),11,0x4bdecfa9L);
1087 R2(C,D,A,B,X( 7),16,0xf6bb4b60L);
1088 R2(B,C,D,A,X(10),23,0xbebfbc70L);
1089 R2(A,B,C,D,X(13), 4,0x289b7ec6L);
1090 R2(D,A,B,C,X( 0),11,0xeaa127faL);
1091 R2(C,D,A,B,X( 3),16,0xd4ef3085L);
1092 R2(B,C,D,A,X( 6),23,0x04881d05L);
1093 R2(A,B,C,D,X( 9), 4,0xd9d4d039L);
1094 R2(D,A,B,C,X(12),11,0xe6db99e5L);
1095 R2(C,D,A,B,X(15),16,0x1fa27cf8L);
1096 R2(B,C,D,A,X( 2),23,0xc4ac5665L);
1097 /* Round 3 */
1098 R3(A,B,C,D,X( 0), 6,0xf4292244L);
1099 R3(D,A,B,C,X( 7),10,0x432aff97L);
1100 R3(C,D,A,B,X(14),15,0xab9423a7L);
1101 R3(B,C,D,A,X( 5),21,0xfc93a039L);
1102 R3(A,B,C,D,X(12), 6,0x655b59c3L);
1103 R3(D,A,B,C,X( 3),10,0x8f0ccc92L);
1104 R3(C,D,A,B,X(10),15,0xffeff47dL);
1105 R3(B,C,D,A,X( 1),21,0x85845dd1L);
1106 R3(A,B,C,D,X( 8), 6,0x6fa87e4fL);
1107 R3(D,A,B,C,X(15),10,0xfe2ce6e0L);
1108 R3(C,D,A,B,X( 6),15,0xa3014314L);
1109 R3(B,C,D,A,X(13),21,0x4e0811a1L);
1110 R3(A,B,C,D,X( 4), 6,0xf7537e82L);
1111 R3(D,A,B,C,X(11),10,0xbd3af235L);
1112 R3(C,D,A,B,X( 2),15,0x2ad7d2bbL);
1113 R3(B,C,D,A,X( 9),21,0xeb86d391L);
1114
1115 A = c->A += A;
1116 B = c->B += B;
1117 C = c->C += C;
1118 D = c->D += D;
1119 }
1120 }
1121 #endif
1122
1123
1124 // ***************************************************************************
1125 #if COMPILER_LIKES_PRAGMA_MARK
1126 #pragma mark - base64 -> binary conversion
1127 #endif
1128
1129 static const char Base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
1130 static const char Pad64 = '=';
1131
1132
1133 #define mDNSisspace(x) (x == '\t' || x == '\n' || x == '\v' || x == '\f' || x == '\r' || x == ' ')
1134
1135 mDNSlocal const char *mDNSstrchr(const char *s, int c)
1136 {
1137 while (1)
1138 {
1139 if (c == *s) return s;
1140 if (!*s) return mDNSNULL;
1141 s++;
1142 }
1143 }
1144
1145 // skips all whitespace anywhere.
1146 // converts characters, four at a time, starting at (or after)
1147 // src from base - 64 numbers into three 8 bit bytes in the target area.
1148 // it returns the number of data bytes stored at the target, or -1 on error.
1149 // adapted from BIND sources
1150
1151 mDNSlocal mDNSs32 DNSDigest_Base64ToBin(const char *src, mDNSu8 *target, mDNSu32 targsize)
1152 {
1153 int tarindex, state, ch;
1154 const char *pos;
1155
1156 state = 0;
1157 tarindex = 0;
1158
1159 while ((ch = *src++) != '\0') {
1160 if (mDNSisspace(ch)) /* Skip whitespace anywhere. */
1161 continue;
1162
1163 if (ch == Pad64)
1164 break;
1165
1166 pos = mDNSstrchr(Base64, ch);
1167 if (pos == 0) /* A non-base64 character. */
1168 return (-1);
1169
1170 switch (state) {
1171 case 0:
1172 if (target) {
1173 if ((mDNSu32)tarindex >= targsize)
1174 return (-1);
1175 target[tarindex] = (mDNSu8)((pos - Base64) << 2);
1176 }
1177 state = 1;
1178 break;
1179 case 1:
1180 if (target) {
1181 if ((mDNSu32)tarindex + 1 >= targsize)
1182 return (-1);
1183 target[tarindex] |= (pos - Base64) >> 4;
1184 target[tarindex+1] = (mDNSu8)(((pos - Base64) & 0x0f) << 4);
1185 }
1186 tarindex++;
1187 state = 2;
1188 break;
1189 case 2:
1190 if (target) {
1191 if ((mDNSu32)tarindex + 1 >= targsize)
1192 return (-1);
1193 target[tarindex] |= (pos - Base64) >> 2;
1194 target[tarindex+1] = (mDNSu8)(((pos - Base64) & 0x03) << 6);
1195 }
1196 tarindex++;
1197 state = 3;
1198 break;
1199 case 3:
1200 if (target) {
1201 if ((mDNSu32)tarindex >= targsize)
1202 return (-1);
1203 target[tarindex] |= (pos - Base64);
1204 }
1205 tarindex++;
1206 state = 0;
1207 break;
1208 default:
1209 return -1;
1210 }
1211 }
1212
1213 /*
1214 * We are done decoding Base-64 chars. Let's see if we ended
1215 * on a byte boundary, and/or with erroneous trailing characters.
1216 */
1217
1218 if (ch == Pad64) { /* We got a pad char. */
1219 ch = *src++; /* Skip it, get next. */
1220 switch (state) {
1221 case 0: /* Invalid = in first position */
1222 case 1: /* Invalid = in second position */
1223 return (-1);
1224
1225 case 2: /* Valid, means one byte of info */
1226 /* Skip any number of spaces. */
1227 for ((void)mDNSNULL; ch != '\0'; ch = *src++)
1228 if (!mDNSisspace(ch))
1229 break;
1230 /* Make sure there is another trailing = sign. */
1231 if (ch != Pad64)
1232 return (-1);
1233 ch = *src++; /* Skip the = */
1234 /* Fall through to "single trailing =" case. */
1235 /* FALLTHROUGH */
1236
1237 case 3: /* Valid, means two bytes of info */
1238 /*
1239 * We know this char is an =. Is there anything but
1240 * whitespace after it?
1241 */
1242 for ((void)mDNSNULL; ch != '\0'; ch = *src++)
1243 if (!mDNSisspace(ch))
1244 return (-1);
1245
1246 /*
1247 * Now make sure for cases 2 and 3 that the "extra"
1248 * bits that slopped past the last full byte were
1249 * zeros. If we don't check them, they become a
1250 * subliminal channel.
1251 */
1252 if (target && target[tarindex] != 0)
1253 return (-1);
1254 }
1255 } else {
1256 /*
1257 * We ended by seeing the end of the string. Make sure we
1258 * have no partial bytes lying around.
1259 */
1260 if (state != 0)
1261 return (-1);
1262 }
1263
1264 return (tarindex);
1265 }
1266
1267
1268 // ***************************************************************************
1269 #if COMPILER_LIKES_PRAGMA_MARK
1270 #pragma mark - API exported to mDNS Core
1271 #endif
1272
1273 // Constants
1274 #define HMAC_IPAD 0x36
1275 #define HMAC_OPAD 0x5c
1276 #define MD5_LEN 16
1277
1278 #define HMAC_MD5_AlgName (*(const domainname*) "\010" "hmac-md5" "\007" "sig-alg" "\003" "reg" "\003" "int")
1279
1280 // Adapted from Appendix, RFC 2104
1281 mDNSlocal void DNSDigest_ConstructHMACKey(DomainAuthInfo *info, const mDNSu8 *key, mDNSu32 len)
1282 {
1283 MD5_CTX k;
1284 mDNSu8 buf[MD5_LEN];
1285 int i;
1286
1287 // If key is longer than HMAC_LEN reset it to MD5(key)
1288 if (len > HMAC_LEN)
1289 {
1290 MD5_Init(&k);
1291 MD5_Update(&k, key, len);
1292 MD5_Final(buf, &k);
1293 key = buf;
1294 len = MD5_LEN;
1295 }
1296
1297 // store key in pads
1298 mDNSPlatformMemZero(info->keydata_ipad, HMAC_LEN);
1299 mDNSPlatformMemZero(info->keydata_opad, HMAC_LEN);
1300 mDNSPlatformMemCopy(info->keydata_ipad, key, len);
1301 mDNSPlatformMemCopy(info->keydata_opad, key, len);
1302
1303 // XOR key with ipad and opad values
1304 for (i = 0; i < HMAC_LEN; i++)
1305 {
1306 info->keydata_ipad[i] ^= HMAC_IPAD;
1307 info->keydata_opad[i] ^= HMAC_OPAD;
1308 }
1309
1310 }
1311
1312 mDNSexport mDNSs32 DNSDigest_ConstructHMACKeyfromBase64(DomainAuthInfo *info, const char *b64key)
1313 {
1314 mDNSu8 keybuf[1024];
1315 mDNSs32 keylen = DNSDigest_Base64ToBin(b64key, keybuf, sizeof(keybuf));
1316 if (keylen < 0) return(keylen);
1317 DNSDigest_ConstructHMACKey(info, keybuf, (mDNSu32)keylen);
1318 return(keylen);
1319 }
1320
1321 mDNSexport void DNSDigest_SignMessage(DNSMessage *msg, mDNSu8 **end, DomainAuthInfo *info, mDNSu16 tcode)
1322 {
1323 AuthRecord tsig;
1324 mDNSu8 *rdata, *const countPtr = (mDNSu8 *)&msg->h.numAdditionals; // Get existing numAdditionals value
1325 mDNSu32 utc32;
1326 mDNSu8 utc48[6];
1327 mDNSu8 digest[MD5_LEN];
1328 mDNSu8 *ptr = *end;
1329 mDNSu32 len;
1330 mDNSOpaque16 buf;
1331 MD5_CTX c;
1332 mDNSu16 numAdditionals = (mDNSu16)((mDNSu16)countPtr[0] << 8 | countPtr[1]);
1333
1334 // Init MD5 context, digest inner key pad and message
1335 MD5_Init(&c);
1336 MD5_Update(&c, info->keydata_ipad, HMAC_LEN);
1337 MD5_Update(&c, (mDNSu8 *)msg, (unsigned long)(*end - (mDNSu8 *)msg));
1338
1339 // Construct TSIG RR, digesting variables as apporpriate
1340 mDNS_SetupResourceRecord(&tsig, mDNSNULL, 0, kDNSType_TSIG, 0, kDNSRecordTypeKnownUnique, AuthRecordAny, mDNSNULL, mDNSNULL);
1341
1342 // key name
1343 AssignDomainName(&tsig.namestorage, &info->keyname);
1344 MD5_Update(&c, info->keyname.c, DomainNameLength(&info->keyname));
1345
1346 // class
1347 tsig.resrec.rrclass = kDNSQClass_ANY;
1348 buf = mDNSOpaque16fromIntVal(kDNSQClass_ANY);
1349 MD5_Update(&c, buf.b, sizeof(mDNSOpaque16));
1350
1351 // ttl
1352 tsig.resrec.rroriginalttl = 0;
1353 MD5_Update(&c, (mDNSu8 *)&tsig.resrec.rroriginalttl, sizeof(tsig.resrec.rroriginalttl));
1354
1355 // alg name
1356 AssignDomainName(&tsig.resrec.rdata->u.name, &HMAC_MD5_AlgName);
1357 len = DomainNameLength(&HMAC_MD5_AlgName);
1358 rdata = tsig.resrec.rdata->u.data + len;
1359 MD5_Update(&c, HMAC_MD5_AlgName.c, len);
1360
1361 // time
1362 // get UTC (universal time), convert to 48-bit unsigned in network byte order
1363 utc32 = (mDNSu32)mDNSPlatformUTC();
1364 if (utc32 == (unsigned)-1) { LogMsg("ERROR: DNSDigest_SignMessage - mDNSPlatformUTC returned bad time -1"); *end = mDNSNULL; }
1365 utc48[0] = 0;
1366 utc48[1] = 0;
1367 utc48[2] = (mDNSu8)((utc32 >> 24) & 0xff);
1368 utc48[3] = (mDNSu8)((utc32 >> 16) & 0xff);
1369 utc48[4] = (mDNSu8)((utc32 >> 8) & 0xff);
1370 utc48[5] = (mDNSu8)( utc32 & 0xff);
1371
1372 mDNSPlatformMemCopy(rdata, utc48, 6);
1373 rdata += 6;
1374 MD5_Update(&c, utc48, 6);
1375
1376 // 300 sec is fudge recommended in RFC 2485
1377 rdata[0] = (mDNSu8)((300 >> 8) & 0xff);
1378 rdata[1] = (mDNSu8)( 300 & 0xff);
1379 MD5_Update(&c, rdata, sizeof(mDNSOpaque16));
1380 rdata += sizeof(mDNSOpaque16);
1381
1382 // digest error (tcode) and other data len (zero) - we'll add them to the rdata later
1383 buf.b[0] = (mDNSu8)((tcode >> 8) & 0xff);
1384 buf.b[1] = (mDNSu8)( tcode & 0xff);
1385 MD5_Update(&c, buf.b, sizeof(mDNSOpaque16)); // error
1386 buf.NotAnInteger = 0;
1387 MD5_Update(&c, buf.b, sizeof(mDNSOpaque16)); // other data len
1388
1389 // finish the message & tsig var hash
1390 MD5_Final(digest, &c);
1391
1392 // perform outer MD5 (outer key pad, inner digest)
1393 MD5_Init(&c);
1394 MD5_Update(&c, info->keydata_opad, HMAC_LEN);
1395 MD5_Update(&c, digest, MD5_LEN);
1396 MD5_Final(digest, &c);
1397
1398 // set remaining rdata fields
1399 rdata[0] = (mDNSu8)((MD5_LEN >> 8) & 0xff);
1400 rdata[1] = (mDNSu8)( MD5_LEN & 0xff);
1401 rdata += sizeof(mDNSOpaque16);
1402 mDNSPlatformMemCopy(rdata, digest, MD5_LEN); // MAC
1403 rdata += MD5_LEN;
1404 rdata[0] = msg->h.id.b[0]; // original ID
1405 rdata[1] = msg->h.id.b[1];
1406 rdata[2] = (mDNSu8)((tcode >> 8) & 0xff);
1407 rdata[3] = (mDNSu8)( tcode & 0xff);
1408 rdata[4] = 0; // other data len
1409 rdata[5] = 0;
1410 rdata += 6;
1411
1412 tsig.resrec.rdlength = (mDNSu16)(rdata - tsig.resrec.rdata->u.data);
1413 *end = PutResourceRecordTTLJumbo(msg, ptr, &numAdditionals, &tsig.resrec, 0);
1414 if (!*end) { LogMsg("ERROR: DNSDigest_SignMessage - could not put TSIG"); *end = mDNSNULL; return; }
1415
1416 // Write back updated numAdditionals value
1417 countPtr[0] = (mDNSu8)(numAdditionals >> 8);
1418 countPtr[1] = (mDNSu8)(numAdditionals & 0xFF);
1419 }
1420
1421 mDNSexport mDNSBool DNSDigest_VerifyMessage(DNSMessage *msg, mDNSu8 *end, LargeCacheRecord * lcr, DomainAuthInfo *info, mDNSu16 * rcode, mDNSu16 * tcode)
1422 {
1423 mDNSu8 * ptr = (mDNSu8*) &lcr->r.resrec.rdata->u.data;
1424 mDNSs32 now;
1425 mDNSs32 then;
1426 mDNSu8 thisDigest[MD5_LEN];
1427 mDNSu8 thatDigest[MD5_LEN];
1428 mDNSOpaque16 buf;
1429 mDNSu8 utc48[6];
1430 mDNSs32 delta;
1431 mDNSu16 fudge;
1432 domainname * algo;
1433 MD5_CTX c;
1434 mDNSBool ok = mDNSfalse;
1435
1436 // We only support HMAC-MD5 for now
1437
1438 algo = (domainname*) ptr;
1439
1440 if (!SameDomainName(algo, &HMAC_MD5_AlgName))
1441 {
1442 LogMsg("ERROR: DNSDigest_VerifyMessage - TSIG algorithm not supported: %##s", algo->c);
1443 *rcode = kDNSFlag1_RC_NotAuth;
1444 *tcode = TSIG_ErrBadKey;
1445 ok = mDNSfalse;
1446 goto exit;
1447 }
1448
1449 ptr += DomainNameLength(algo);
1450
1451 // Check the times
1452
1453 now = mDNSPlatformUTC();
1454 if (now == -1)
1455 {
1456 LogMsg("ERROR: DNSDigest_VerifyMessage - mDNSPlatformUTC returned bad time -1");
1457 *rcode = kDNSFlag1_RC_NotAuth;
1458 *tcode = TSIG_ErrBadTime;
1459 ok = mDNSfalse;
1460 goto exit;
1461 }
1462
1463 // Get the 48 bit time field, skipping over the first word
1464
1465 utc48[0] = *ptr++;
1466 utc48[1] = *ptr++;
1467 utc48[2] = *ptr++;
1468 utc48[3] = *ptr++;
1469 utc48[4] = *ptr++;
1470 utc48[5] = *ptr++;
1471
1472 then = (mDNSs32)NToH32(utc48 + sizeof(mDNSu16));
1473
1474 fudge = NToH16(ptr);
1475
1476 ptr += sizeof(mDNSu16);
1477
1478 delta = (now > then) ? now - then : then - now;
1479
1480 if (delta > fudge)
1481 {
1482 LogMsg("ERROR: DNSDigest_VerifyMessage - time skew > %d", fudge);
1483 *rcode = kDNSFlag1_RC_NotAuth;
1484 *tcode = TSIG_ErrBadTime;
1485 ok = mDNSfalse;
1486 goto exit;
1487 }
1488
1489 // MAC size
1490
1491 ptr += sizeof(mDNSu16);
1492
1493 // MAC
1494
1495 mDNSPlatformMemCopy(thatDigest, ptr, MD5_LEN);
1496
1497 // Init MD5 context, digest inner key pad and message
1498
1499 MD5_Init(&c);
1500 MD5_Update(&c, info->keydata_ipad, HMAC_LEN);
1501 MD5_Update(&c, (mDNSu8*) msg, (unsigned long)(end - (mDNSu8*) msg));
1502
1503 // Key name
1504
1505 MD5_Update(&c, lcr->r.resrec.name->c, DomainNameLength(lcr->r.resrec.name));
1506
1507 // Class name
1508
1509 buf = mDNSOpaque16fromIntVal(lcr->r.resrec.rrclass);
1510 MD5_Update(&c, buf.b, sizeof(mDNSOpaque16));
1511
1512 // TTL
1513
1514 MD5_Update(&c, (mDNSu8*) &lcr->r.resrec.rroriginalttl, sizeof(lcr->r.resrec.rroriginalttl));
1515
1516 // Algorithm
1517
1518 MD5_Update(&c, algo->c, DomainNameLength(algo));
1519
1520 // Time
1521
1522 MD5_Update(&c, utc48, 6);
1523
1524 // Fudge
1525
1526 buf = mDNSOpaque16fromIntVal(fudge);
1527 MD5_Update(&c, buf.b, sizeof(mDNSOpaque16));
1528
1529 // Digest error and other data len (both zero) - we'll add them to the rdata later
1530
1531 buf.NotAnInteger = 0;
1532 MD5_Update(&c, buf.b, sizeof(mDNSOpaque16)); // error
1533 MD5_Update(&c, buf.b, sizeof(mDNSOpaque16)); // other data len
1534
1535 // Finish the message & tsig var hash
1536
1537 MD5_Final(thisDigest, &c);
1538
1539 // perform outer MD5 (outer key pad, inner digest)
1540
1541 MD5_Init(&c);
1542 MD5_Update(&c, info->keydata_opad, HMAC_LEN);
1543 MD5_Update(&c, thisDigest, MD5_LEN);
1544 MD5_Final(thisDigest, &c);
1545
1546 if (!mDNSPlatformMemSame(thisDigest, thatDigest, MD5_LEN))
1547 {
1548 LogMsg("ERROR: DNSDigest_VerifyMessage - bad signature");
1549 *rcode = kDNSFlag1_RC_NotAuth;
1550 *tcode = TSIG_ErrBadSig;
1551 ok = mDNSfalse;
1552 goto exit;
1553 }
1554
1555 // set remaining rdata fields
1556 ok = mDNStrue;
1557
1558 exit:
1559
1560 return ok;
1561 }
1562
1563
1564 #ifdef __cplusplus
1565 }
1566 #endif
mirror of mDNSResponder