diff options
Diffstat (limited to 'lib/crypto')
-rw-r--r-- | lib/crypto/arcfour.c | 91 | ||||
-rw-r--r-- | lib/crypto/arcfour.h | 15 | ||||
-rw-r--r-- | lib/crypto/config.mk | 18 | ||||
-rw-r--r-- | lib/crypto/crc32.c | 104 | ||||
-rw-r--r-- | lib/crypto/crc32.h | 1 | ||||
-rw-r--r-- | lib/crypto/crypto.h | 28 | ||||
-rw-r--r-- | lib/crypto/hmacmd5.c | 117 | ||||
-rw-r--r-- | lib/crypto/hmacmd5.h | 41 | ||||
-rw-r--r-- | lib/crypto/hmacmd5test.c | 101 | ||||
-rw-r--r-- | lib/crypto/hmacsha256.c | 91 | ||||
-rw-r--r-- | lib/crypto/hmacsha256.h | 38 | ||||
-rw-r--r-- | lib/crypto/md4.c | 177 | ||||
-rw-r--r-- | lib/crypto/md4.h | 1 | ||||
-rw-r--r-- | lib/crypto/md4test.c | 83 | ||||
-rw-r--r-- | lib/crypto/md5.c | 248 | ||||
-rw-r--r-- | lib/crypto/md5.h | 19 | ||||
-rw-r--r-- | lib/crypto/md5test.c | 93 | ||||
-rw-r--r-- | lib/crypto/sha256.c | 253 | ||||
-rw-r--r-- | lib/crypto/sha256.h | 91 |
19 files changed, 1610 insertions, 0 deletions
diff --git a/lib/crypto/arcfour.c b/lib/crypto/arcfour.c new file mode 100644 index 0000000000..c57e05d0e9 --- /dev/null +++ b/lib/crypto/arcfour.c @@ -0,0 +1,91 @@ +/* + Unix SMB/CIFS implementation. + + An implementation of the arcfour algorithm + + Copyright (C) Andrew Tridgell 1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "../lib/crypto/arcfour.h" + +/* initialise the arcfour sbox with key */ +_PUBLIC_ void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key) +{ + int ind; + uint8_t j = 0; + for (ind = 0; ind < sizeof(state->sbox); ind++) { + state->sbox[ind] = (uint8_t)ind; + } + + for (ind = 0; ind < sizeof(state->sbox); ind++) { + uint8_t tc; + + j += (state->sbox[ind] + key->data[ind%key->length]); + + tc = state->sbox[ind]; + state->sbox[ind] = state->sbox[j]; + state->sbox[j] = tc; + } + state->index_i = 0; + state->index_j = 0; +} + +/* crypt the data with arcfour */ +_PUBLIC_ void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int len) +{ + int ind; + + for (ind = 0; ind < len; ind++) { + uint8_t tc; + uint8_t t; + + state->index_i++; + state->index_j += state->sbox[state->index_i]; + + tc = state->sbox[state->index_i]; + state->sbox[state->index_i] = state->sbox[state->index_j]; + state->sbox[state->index_j] = tc; + + t = state->sbox[state->index_i] + state->sbox[state->index_j]; + data[ind] = data[ind] ^ state->sbox[t]; + } +} + +/* + arcfour encryption with a blob key +*/ +_PUBLIC_ void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key) +{ + struct arcfour_state state; + arcfour_init(&state, key); + arcfour_crypt_sbox(&state, data, len); +} + +/* + a variant that assumes a 16 byte key. This should be removed + when the last user is gone +*/ +_PUBLIC_ void arcfour_crypt(uint8_t *data, const uint8_t keystr[16], int len) +{ + DATA_BLOB key = data_blob(keystr, 16); + + arcfour_crypt_blob(data, len, &key); + + data_blob_free(&key); +} + + diff --git a/lib/crypto/arcfour.h b/lib/crypto/arcfour.h new file mode 100644 index 0000000000..501b3f2fab --- /dev/null +++ b/lib/crypto/arcfour.h @@ -0,0 +1,15 @@ +#ifndef ARCFOUR_HEADER_H +#define ARCFOUR_HEADER_H + +struct arcfour_state { + uint8_t sbox[256]; + uint8_t index_i; + uint8_t index_j; +}; + +void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key); +void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int len); +void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key); +void arcfour_crypt(uint8_t *data, const uint8_t keystr[16], int len); + +#endif /* ARCFOUR_HEADER_H */ diff --git a/lib/crypto/config.mk b/lib/crypto/config.mk new file mode 100644 index 0000000000..ee111bd088 --- /dev/null +++ b/lib/crypto/config.mk @@ -0,0 +1,18 @@ +############################## +# Start SUBSYSTEM LIBCRYPTO +[SUBSYSTEM::LIBCRYPTO] +# End SUBSYSTEM LIBCRYPTO +############################## + +LIBCRYPTO_OBJ_FILES = $(addprefix $(libcryptosrcdir)/, \ + crc32.o md5.o hmacmd5.o md4.o \ + arcfour.o sha256.o hmacsha256.o) + +[MODULE::TORTURE_LIBCRYPTO] +SUBSYSTEM = smbtorture +PRIVATE_DEPENDENCIES = LIBCRYPTO + +TORTURE_LIBCRYPTO_OBJ_FILES = $(addprefix $(libcryptosrcdir)/, \ + md4test.o md5test.o hmacmd5test.o) + +$(eval $(call proto_header_template,$(libcryptosrcdir)/test_proto.h,$(TORTURE_LIBCRYPTO_OBJ_FILES:.o=.c))) diff --git a/lib/crypto/crc32.c b/lib/crypto/crc32.c new file mode 100644 index 0000000000..e6cc529767 --- /dev/null +++ b/lib/crypto/crc32.c @@ -0,0 +1,104 @@ +/*- + * COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or + * code or tables extracted from it, as desired without restriction. + * + * First, the polynomial itself and its table of feedback terms. The + * polynomial is + * X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 + * + * Note that we take it "backwards" and put the highest-order term in + * the lowest-order bit. The X^32 term is "implied"; the LSB is the + * X^31 term, etc. The X^0 term (usually shown as "+1") results in + * the MSB being 1 + * + * Note that the usual hardware shift register implementation, which + * is what we're using (we're merely optimizing it by doing eight-bit + * chunks at a time) shifts bits into the lowest-order term. In our + * implementation, that means shifting towards the right. Why do we + * do it this way? Because the calculated CRC must be transmitted in + * order from highest-order term to lowest-order term. UARTs transmit + * characters in order from LSB to MSB. By storing the CRC this way + * we hand it to the UART in the order low-byte to high-byte; the UART + * sends each low-bit to hight-bit; and the result is transmission bit + * by bit from highest- to lowest-order term without requiring any bit + * shuffling on our part. Reception works similarly + * + * The feedback terms table consists of 256, 32-bit entries. Notes + * + * The table can be generated at runtime if desired; code to do so + * is shown later. It might not be obvious, but the feedback + * terms simply represent the results of eight shift/xor opera + * tions for all combinations of data and CRC register values + * + * The values must be right-shifted by eight bits by the "updcrc + * logic; the shift must be unsigned (bring in zeroes). On some + * hardware you could probably optimize the shift in assembler by + * using byte-swap instructions + * polynomial $edb88320 + * + * + * CRC32 code derived from work by Gary S. Brown. + */ + +#include "includes.h" +#include "../lib/crypto/crc32.h" + +static const uint32_t crc32_tab[] = { + 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, + 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, + 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, + 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, + 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, + 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, + 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, + 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, + 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, + 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, + 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, + 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, + 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, + 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, + 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, + 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, + 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, + 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, + 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, + 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, + 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, + 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, + 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, + 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, + 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, + 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, + 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, + 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, + 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, + 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, + 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28, + 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, + 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, + 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, + 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, + 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, + 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, + 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, + 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, + 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, + 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, + 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, + 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d +}; + +uint32_t crc32_calc_buffer(const uint8_t *buf, size_t size) +{ + const uint8_t *p; + uint32_t crc; + + p = buf; + crc = ~0U; + + while (size--) + crc = crc32_tab[(crc ^ *p++) & 0xFF] ^ (crc >> 8); + + return crc ^ ~0U; +} diff --git a/lib/crypto/crc32.h b/lib/crypto/crc32.h new file mode 100644 index 0000000000..7854abf865 --- /dev/null +++ b/lib/crypto/crc32.h @@ -0,0 +1 @@ +uint32_t crc32_calc_buffer(const uint8_t *buf, size_t size); diff --git a/lib/crypto/crypto.h b/lib/crypto/crypto.h new file mode 100644 index 0000000000..0a43cbe7d4 --- /dev/null +++ b/lib/crypto/crypto.h @@ -0,0 +1,28 @@ +/* + Unix SMB/CIFS implementation. + + Copyright (C) Andrew Tridgell 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "../lib/crypto/crc32.h" +#include "../lib/crypto/md4.h" +#include "../lib/crypto/md5.h" +#include "../lib/crypto/hmacmd5.h" +#include "../lib/crypto/sha256.h" +#include "../lib/crypto/hmacsha256.h" +#include "../lib/crypto/arcfour.h" + + diff --git a/lib/crypto/hmacmd5.c b/lib/crypto/hmacmd5.c new file mode 100644 index 0000000000..0c8d1ab598 --- /dev/null +++ b/lib/crypto/hmacmd5.c @@ -0,0 +1,117 @@ +/* + Unix SMB/CIFS implementation. + HMAC MD5 code for use in NTLMv2 + Copyright (C) Luke Kenneth Casson Leighton 1996-2000 + Copyright (C) Andrew Tridgell 1992-2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +/* taken direct from rfc2104 implementation and modified for suitable use + * for ntlmv2. + */ + +#include "includes.h" +#include "../lib/crypto/hmacmd5.h" + +/*********************************************************************** + the rfc 2104 version of hmac_md5 initialisation. +***********************************************************************/ +_PUBLIC_ void hmac_md5_init_rfc2104(const uint8_t *key, int key_len, HMACMD5Context *ctx) +{ + int i; + uint8_t tk[16]; + + /* if key is longer than 64 bytes reset it to key=MD5(key) */ + if (key_len > 64) + { + struct MD5Context tctx; + + MD5Init(&tctx); + MD5Update(&tctx, key, key_len); + MD5Final(tk, &tctx); + + key = tk; + key_len = 16; + } + + /* start out by storing key in pads */ + ZERO_STRUCT(ctx->k_ipad); + ZERO_STRUCT(ctx->k_opad); + memcpy( ctx->k_ipad, key, key_len); + memcpy( ctx->k_opad, key, key_len); + + /* XOR key with ipad and opad values */ + for (i=0; i<64; i++) + { + ctx->k_ipad[i] ^= 0x36; + ctx->k_opad[i] ^= 0x5c; + } + + MD5Init(&ctx->ctx); + MD5Update(&ctx->ctx, ctx->k_ipad, 64); +} + +/*********************************************************************** + the microsoft version of hmac_md5 initialisation. +***********************************************************************/ +_PUBLIC_ void hmac_md5_init_limK_to_64(const uint8_t *key, int key_len, + HMACMD5Context *ctx) +{ + /* if key is longer than 64 bytes truncate it */ + if (key_len > 64) + { + key_len = 64; + } + + hmac_md5_init_rfc2104(key, key_len, ctx); +} + +/*********************************************************************** + update hmac_md5 "inner" buffer +***********************************************************************/ +_PUBLIC_ void hmac_md5_update(const uint8_t *text, int text_len, HMACMD5Context *ctx) +{ + MD5Update(&ctx->ctx, text, text_len); /* then text of datagram */ +} + +/*********************************************************************** + finish off hmac_md5 "inner" buffer and generate outer one. +***********************************************************************/ +_PUBLIC_ void hmac_md5_final(uint8_t *digest, HMACMD5Context *ctx) +{ + struct MD5Context ctx_o; + + MD5Final(digest, &ctx->ctx); + + MD5Init(&ctx_o); + MD5Update(&ctx_o, ctx->k_opad, 64); + MD5Update(&ctx_o, digest, 16); + MD5Final(digest, &ctx_o); +} + +/*********************************************************** + single function to calculate an HMAC MD5 digest from data. + use the microsoft hmacmd5 init method because the key is 16 bytes. +************************************************************/ +_PUBLIC_ void hmac_md5(const uint8_t key[16], const uint8_t *data, int data_len, uint8_t *digest) +{ + HMACMD5Context ctx; + hmac_md5_init_limK_to_64(key, 16, &ctx); + if (data_len != 0) + { + hmac_md5_update(data, data_len, &ctx); + } + hmac_md5_final(digest, &ctx); +} diff --git a/lib/crypto/hmacmd5.h b/lib/crypto/hmacmd5.h new file mode 100644 index 0000000000..91b8ca586c --- /dev/null +++ b/lib/crypto/hmacmd5.h @@ -0,0 +1,41 @@ +/* + Unix SMB/CIFS implementation. + Interface header: HMAC MD5 code + Copyright (C) Luke Kenneth Casson Leighton 1996-1999 + Copyright (C) Andrew Tridgell 1992-1999 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _HMAC_MD5_H +#define _HMAC_MD5_H + +#include "../lib/crypto/md5.h" + +typedef struct +{ + struct MD5Context ctx; + uint8_t k_ipad[65]; + uint8_t k_opad[65]; + +} HMACMD5Context; + +void hmac_md5_init_limK_to_64(const uint8_t *key, int key_len, + HMACMD5Context *ctx); +void hmac_md5_update(const uint8_t *text, int text_len, HMACMD5Context *ctx); +void hmac_md5_final(uint8_t *digest, HMACMD5Context *ctx); +void hmac_md5(const uint8_t key[16], const uint8_t *data, int data_len, uint8_t *digest); +void hmac_md5_init_rfc2104(const uint8_t *key, int key_len, HMACMD5Context *ctx); + +#endif /* _HMAC_MD5_H */ diff --git a/lib/crypto/hmacmd5test.c b/lib/crypto/hmacmd5test.c new file mode 100644 index 0000000000..77f305a5d3 --- /dev/null +++ b/lib/crypto/hmacmd5test.c @@ -0,0 +1,101 @@ +/* + Unix SMB/CIFS implementation. + HMAC MD5 tests + Copyright (C) Stefan Metzmacher 2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ +#include "includes.h" +#include "../lib/crypto/crypto.h" + +struct torture_context; + +static DATA_BLOB data_blob_repeat_byte(uint8_t byte, size_t length) +{ + DATA_BLOB b = data_blob(NULL, length); + memset(b.data, byte, length); + return b; +} + +/* + This uses the test values from rfc 2104, 2202 +*/ +bool torture_local_crypto_hmacmd5(struct torture_context *torture) +{ + bool ret = true; + uint32_t i; + struct { + DATA_BLOB key; + DATA_BLOB data; + DATA_BLOB md5; + } testarray[8]; + + TALLOC_CTX *tctx = talloc_new(torture); + if (!tctx) { return false; }; + + testarray[0].key = data_blob_repeat_byte(0x0b, 16); + testarray[0].data = data_blob_string_const("Hi There"); + testarray[0].md5 = strhex_to_data_blob(tctx, "9294727a3638bb1c13f48ef8158bfc9d"); + + testarray[1].key = data_blob_string_const("Jefe"); + testarray[1].data = data_blob_string_const("what do ya want for nothing?"); + testarray[1].md5 = strhex_to_data_blob(tctx, "750c783e6ab0b503eaa86e310a5db738"); + + testarray[2].key = data_blob_repeat_byte(0xaa, 16); + testarray[2].data = data_blob_repeat_byte(0xdd, 50); + testarray[2].md5 = strhex_to_data_blob(tctx, "56be34521d144c88dbb8c733f0e8b3f6"); + + testarray[3].key = strhex_to_data_blob(tctx, "0102030405060708090a0b0c0d0e0f10111213141516171819"); + testarray[3].data = data_blob_repeat_byte(0xcd, 50); + testarray[3].md5 = strhex_to_data_blob(tctx, "697eaf0aca3a3aea3a75164746ffaa79"); + + testarray[4].key = data_blob_repeat_byte(0x0c, 16); + testarray[4].data = data_blob_string_const("Test With Truncation"); + testarray[4].md5 = strhex_to_data_blob(tctx, "56461ef2342edc00f9bab995690efd4c"); + + testarray[5].key = data_blob_repeat_byte(0xaa, 80); + testarray[5].data = data_blob_string_const("Test Using Larger Than Block-Size Key - Hash Key First"); + testarray[5].md5 = strhex_to_data_blob(tctx, "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd"); + + testarray[6].key = data_blob_repeat_byte(0xaa, 80); + testarray[6].data = data_blob_string_const("Test Using Larger Than Block-Size Key " + "and Larger Than One Block-Size Data"); + testarray[6].md5 = strhex_to_data_blob(tctx, "6f630fad67cda0ee1fb1f562db3aa53e"); + + testarray[7].key = data_blob(NULL, 0); + + for (i=0; testarray[i].key.data; i++) { + HMACMD5Context ctx; + uint8_t md5[16]; + int e; + + hmac_md5_init_rfc2104(testarray[i].key.data, testarray[i].key.length, &ctx); + hmac_md5_update(testarray[i].data.data, testarray[i].data.length, &ctx); + hmac_md5_final(md5, &ctx); + + e = memcmp(testarray[i].md5.data, + md5, + MIN(testarray[i].md5.length, sizeof(md5))); + if (e != 0) { + printf("hmacmd5 test[%u]: failed\n", i); + dump_data(0, testarray[i].key.data, testarray[i].key.length); + dump_data(0, testarray[i].data.data, testarray[i].data.length); + dump_data(0, testarray[i].md5.data, testarray[i].md5.length); + dump_data(0, md5, sizeof(md5)); + ret = false; + } + } + talloc_free(tctx); + return ret; +} diff --git a/lib/crypto/hmacsha256.c b/lib/crypto/hmacsha256.c new file mode 100644 index 0000000000..53d4fe3883 --- /dev/null +++ b/lib/crypto/hmacsha256.c @@ -0,0 +1,91 @@ +/* + Unix SMB/CIFS implementation. + + Interface header: HMAC SHA-256 code + + Copyright (C) Andrew Tridgell 2008 + + based in hmacsha1.c which is: + Copyright (C) Stefan Metzmacher + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +/* + taken direct from rfc2202 implementation and modified for suitable use + */ + +#include "includes.h" +#include "../lib/crypto/crypto.h" + +/*********************************************************************** + the rfc 2104/2202 version of hmac_sha256 initialisation. +***********************************************************************/ +_PUBLIC_ void hmac_sha256_init(const uint8_t *key, size_t key_len, struct HMACSHA256Context *ctx) +{ + int i; + uint8_t tk[SHA256_DIGEST_LENGTH]; + + /* if key is longer than 64 bytes reset it to key=HASH(key) */ + if (key_len > 64) + { + SHA256_CTX tctx; + + SHA256_Init(&tctx); + SHA256_Update(&tctx, key, key_len); + SHA256_Final(tk, &tctx); + + key = tk; + key_len = SHA256_DIGEST_LENGTH; + } + + /* start out by storing key in pads */ + ZERO_STRUCT(ctx->k_ipad); + ZERO_STRUCT(ctx->k_opad); + memcpy( ctx->k_ipad, key, key_len); + memcpy( ctx->k_opad, key, key_len); + + /* XOR key with ipad and opad values */ + for (i=0; i<64; i++) + { + ctx->k_ipad[i] ^= 0x36; + ctx->k_opad[i] ^= 0x5c; + } + + SHA256_Init(&ctx->ctx); + SHA256_Update(&ctx->ctx, ctx->k_ipad, 64); +} + +/*********************************************************************** + update hmac_sha256 "inner" buffer +***********************************************************************/ +_PUBLIC_ void hmac_sha256_update(const uint8_t *data, size_t data_len, struct HMACSHA256Context *ctx) +{ + SHA256_Update(&ctx->ctx, data, data_len); /* then text of datagram */ +} + +/*********************************************************************** + finish off hmac_sha256 "inner" buffer and generate outer one. +***********************************************************************/ +_PUBLIC_ void hmac_sha256_final(uint8_t digest[SHA256_DIGEST_LENGTH], struct HMACSHA256Context *ctx) +{ + SHA256_CTX ctx_o; + + SHA256_Final(digest, &ctx->ctx); + + SHA256_Init(&ctx_o); + SHA256_Update(&ctx_o, ctx->k_opad, 64); + SHA256_Update(&ctx_o, digest, SHA256_DIGEST_LENGTH); + SHA256_Final(digest, &ctx_o); +} diff --git a/lib/crypto/hmacsha256.h b/lib/crypto/hmacsha256.h new file mode 100644 index 0000000000..8960c636c1 --- /dev/null +++ b/lib/crypto/hmacsha256.h @@ -0,0 +1,38 @@ +/* + Unix SMB/CIFS implementation. + + Interface header: HMAC SHA256 code + + Copyright (C) Andrew Tridgell 2008 + + based on hmacsha1.h which is: + + Copyright (C) Stefan Metzmacher 2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _HMAC_SHA256_H + +struct HMACSHA256Context { + SHA256_CTX ctx; + uint8_t k_ipad[65]; + uint8_t k_opad[65]; +}; + +void hmac_sha256_init(const uint8_t *key, size_t key_len, struct HMACSHA256Context *ctx); +void hmac_sha256_update(const uint8_t *data, size_t data_len, struct HMACSHA256Context *ctx); +void hmac_sha256_final(uint8_t digest[20], struct HMACSHA256Context *ctx); + +#endif /* _HMAC_SHA256_H */ diff --git a/lib/crypto/md4.c b/lib/crypto/md4.c new file mode 100644 index 0000000000..aea2c821c5 --- /dev/null +++ b/lib/crypto/md4.c @@ -0,0 +1,177 @@ +/* + Unix SMB/CIFS implementation. + a implementation of MD4 designed for use in the SMB authentication protocol + Copyright (C) Andrew Tridgell 1997-1998. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "../lib/crypto/md4.h" + +/* NOTE: This code makes no attempt to be fast! + + It assumes that a int is at least 32 bits long +*/ + +struct mdfour_state { + uint32_t A, B, C, D; +}; + +static uint32_t F(uint32_t X, uint32_t Y, uint32_t Z) +{ + return (X&Y) | ((~X)&Z); +} + +static uint32_t G(uint32_t X, uint32_t Y, uint32_t Z) +{ + return (X&Y) | (X&Z) | (Y&Z); +} + +static uint32_t H(uint32_t X, uint32_t Y, uint32_t Z) +{ + return X^Y^Z; +} + +static uint32_t lshift(uint32_t x, int s) +{ + x &= 0xFFFFFFFF; + return ((x<<s)&0xFFFFFFFF) | (x>>(32-s)); +} + +#define ROUND1(a,b,c,d,k,s) a = lshift(a + F(b,c,d) + X[k], s) +#define ROUND2(a,b,c,d,k,s) a = lshift(a + G(b,c,d) + X[k] + (uint32_t)0x5A827999,s) +#define ROUND3(a,b,c,d,k,s) a = lshift(a + H(b,c,d) + X[k] + (uint32_t)0x6ED9EBA1,s) + +/* this applies md4 to 64 byte chunks */ +static void mdfour64(struct mdfour_state *s, uint32_t *M) +{ + int j; + uint32_t AA, BB, CC, DD; + uint32_t X[16]; + + for (j=0;j<16;j++) + X[j] = M[j]; + + AA = s->A; BB = s->B; CC = s->C; DD = s->D; + + ROUND1(s->A,s->B,s->C,s->D, 0, 3); ROUND1(s->D,s->A,s->B,s->C, 1, 7); + ROUND1(s->C,s->D,s->A,s->B, 2, 11); ROUND1(s->B,s->C,s->D,s->A, 3, 19); + ROUND1(s->A,s->B,s->C,s->D, 4, 3); ROUND1(s->D,s->A,s->B,s->C, 5, 7); + ROUND1(s->C,s->D,s->A,s->B, 6, 11); ROUND1(s->B,s->C,s->D,s->A, 7, 19); + ROUND1(s->A,s->B,s->C,s->D, 8, 3); ROUND1(s->D,s->A,s->B,s->C, 9, 7); + ROUND1(s->C,s->D,s->A,s->B, 10, 11); ROUND1(s->B,s->C,s->D,s->A, 11, 19); + ROUND1(s->A,s->B,s->C,s->D, 12, 3); ROUND1(s->D,s->A,s->B,s->C, 13, 7); + ROUND1(s->C,s->D,s->A,s->B, 14, 11); ROUND1(s->B,s->C,s->D,s->A, 15, 19); + + ROUND2(s->A,s->B,s->C,s->D, 0, 3); ROUND2(s->D,s->A,s->B,s->C, 4, 5); + ROUND2(s->C,s->D,s->A,s->B, 8, 9); ROUND2(s->B,s->C,s->D,s->A, 12, 13); + ROUND2(s->A,s->B,s->C,s->D, 1, 3); ROUND2(s->D,s->A,s->B,s->C, 5, 5); + ROUND2(s->C,s->D,s->A,s->B, 9, 9); ROUND2(s->B,s->C,s->D,s->A, 13, 13); + ROUND2(s->A,s->B,s->C,s->D, 2, 3); ROUND2(s->D,s->A,s->B,s->C, 6, 5); + ROUND2(s->C,s->D,s->A,s->B, 10, 9); ROUND2(s->B,s->C,s->D,s->A, 14, 13); + ROUND2(s->A,s->B,s->C,s->D, 3, 3); ROUND2(s->D,s->A,s->B,s->C, 7, 5); + ROUND2(s->C,s->D,s->A,s->B, 11, 9); ROUND2(s->B,s->C,s->D,s->A, 15, 13); + + ROUND3(s->A,s->B,s->C,s->D, 0, 3); ROUND3(s->D,s->A,s->B,s->C, 8, 9); + ROUND3(s->C,s->D,s->A,s->B, 4, 11); ROUND3(s->B,s->C,s->D,s->A, 12, 15); + ROUND3(s->A,s->B,s->C,s->D, 2, 3); ROUND3(s->D,s->A,s->B,s->C, 10, 9); + ROUND3(s->C,s->D,s->A,s->B, 6, 11); ROUND3(s->B,s->C,s->D,s->A, 14, 15); + ROUND3(s->A,s->B,s->C,s->D, 1, 3); ROUND3(s->D,s->A,s->B,s->C, 9, 9); + ROUND3(s->C,s->D,s->A,s->B, 5, 11); ROUND3(s->B,s->C,s->D,s->A, 13, 15); + ROUND3(s->A,s->B,s->C,s->D, 3, 3); ROUND3(s->D,s->A,s->B,s->C, 11, 9); + ROUND3(s->C,s->D,s->A,s->B, 7, 11); ROUND3(s->B,s->C,s->D,s->A, 15, 15); + + s->A += AA; + s->B += BB; + s->C += CC; + s->D += DD; + + s->A &= 0xFFFFFFFF; + s->B &= 0xFFFFFFFF; + s->C &= 0xFFFFFFFF; + s->D &= 0xFFFFFFFF; + + for (j=0;j<16;j++) + X[j] = 0; +} + +static void copy64(uint32_t *M, const uint8_t *in) +{ + int i; + + for (i=0;i<16;i++) + M[i] = (in[i*4+3]<<24) | (in[i*4+2]<<16) | + (in[i*4+1]<<8) | (in[i*4+0]<<0); +} + +static void copy4(uint8_t *out, uint32_t x) +{ + out[0] = x&0xFF; + out[1] = (x>>8)&0xFF; + out[2] = (x>>16)&0xFF; + out[3] = (x>>24)&0xFF; +} + +/** + * produce a md4 message digest from data of length n bytes + */ +_PUBLIC_ void mdfour(uint8_t *out, const uint8_t *in, int n) +{ + uint8_t buf[128]; + uint32_t M[16]; + uint32_t b = n * 8; + int i; + struct mdfour_state state; + + state.A = 0x67452301; + state.B = 0xefcdab89; + state.C = 0x98badcfe; + state.D = 0x10325476; + + while (n > 64) { + copy64(M, in); + mdfour64(&state, M); + in += 64; + n -= 64; + } + + for (i=0;i<128;i++) + buf[i] = 0; + memcpy(buf, in, n); + buf[n] = 0x80; + + if (n <= 55) { + copy4(buf+56, b); + copy64(M, buf); + mdfour64(&state, M); + } else { + copy4(buf+120, b); + copy64(M, buf); + mdfour64(&state, M); + copy64(M, buf+64); + mdfour64(&state, M); + } + + for (i=0;i<128;i++) + buf[i] = 0; + copy64(M, buf); + + copy4(out, state.A); + copy4(out+4, state.B); + copy4(out+8, state.C); + copy4(out+12, state.D); +} + + diff --git a/lib/crypto/md4.h b/lib/crypto/md4.h new file mode 100644 index 0000000000..234e488e4f --- /dev/null +++ b/lib/crypto/md4.h @@ -0,0 +1 @@ +void mdfour(uint8_t *out, const uint8_t *in, int n); diff --git a/lib/crypto/md4test.c b/lib/crypto/md4test.c new file mode 100644 index 0000000000..a6080cff82 --- /dev/null +++ b/lib/crypto/md4test.c @@ -0,0 +1,83 @@ +/* + Unix SMB/CIFS implementation. + MD4 tests + Copyright (C) Stefan Metzmacher 2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "../lib/crypto/crypto.h" + +struct torture_context; + +/* + This uses the test values from rfc1320 +*/ +bool torture_local_crypto_md4(struct torture_context *torture) +{ + bool ret = true; + uint32_t i; + struct { + const char *data; + const char *md4; + } testarray[] = { + { + .data = "", + .md4 = "31d6cfe0d16ae931b73c59d7e0c089c0" + },{ + .data = "a", + .md4 = "bde52cb31de33e46245e05fbdbd6fb24" + },{ + .data = "abc", + .md4 = "a448017aaf21d8525fc10ae87aa6729d" + },{ + .data = "message digest", + .md4 = "d9130a8164549fe818874806e1c7014b" + },{ + .data = "abcdefghijklmnopqrstuvwxyz", + .md4 = "d79e1c308aa5bbcdeea8ed63df412da9" + },{ + .data = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", + .md4 = "043f8582f241db351ce627e153e7f0e4" + },{ + .data = "12345678901234567890123456789012345678901234567890123456789012345678901234567890", + .md4 = "e33b4ddc9c38f2199c3e7b164fcc0536" + } + }; + + for (i=0; i < ARRAY_SIZE(testarray); i++) { + uint8_t md4[16]; + int e; + DATA_BLOB data; + DATA_BLOB md4blob; + + data = data_blob_string_const(testarray[i].data); + md4blob = strhex_to_data_blob(NULL, testarray[i].md4); + + mdfour(md4, data.data, data.length); + + e = memcmp(md4blob.data, md4, MIN(md4blob.length, sizeof(md4))); + if (e != 0) { + printf("md4 test[%u]: failed\n", i); + dump_data(0, data.data, data.length); + dump_data(0, md4blob.data, md4blob.length); + dump_data(0, md4, sizeof(md4)); + ret = false; + } + talloc_free(md4blob.data); + } + + return ret; +} diff --git a/lib/crypto/md5.c b/lib/crypto/md5.c new file mode 100644 index 0000000000..584c46ef2d --- /dev/null +++ b/lib/crypto/md5.c @@ -0,0 +1,248 @@ +/* + * This code implements the MD5 message-digest algorithm. + * The algorithm is due to Ron Rivest. This code was + * written by Colin Plumb in 1993, no copyright is claimed. + * This code is in the public domain; do with it what you wish. + * + * Equivalent code is available from RSA Data Security, Inc. + * This code has been tested against that, and is equivalent, + * except that you don't need to include two pages of legalese + * with every copy. + * + * To compute the message digest of a chunk of bytes, declare an + * MD5Context structure, pass it to MD5Init, call MD5Update as + * needed on buffers full of bytes, and then call MD5Final, which + * will fill a supplied 16-byte array with the digest. + */ + +/* This code slightly modified to fit into Samba by + abartlet@samba.org Jun 2001 */ + +#include "includes.h" + +#include "md5.h" + + +static void MD5Transform(uint32_t buf[4], uint32_t const in[16]); + +/* + * Note: this code is harmless on little-endian machines. + */ +static void byteReverse(uint8_t *buf, uint_t longs) +{ + uint32_t t; + do { + t = (uint32_t) ((uint_t) buf[3] << 8 | buf[2]) << 16 | + ((uint_t) buf[1] << 8 | buf[0]); + *(uint32_t *) buf = t; + buf += 4; + } while (--longs); +} + +/* + * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious + * initialization constants. + */ +_PUBLIC_ void MD5Init(struct MD5Context *ctx) +{ + ctx->buf[0] = 0x67452301; + ctx->buf[1] = 0xefcdab89; + ctx->buf[2] = 0x98badcfe; + ctx->buf[3] = 0x10325476; + + ctx->bits[0] = 0; + ctx->bits[1] = 0; +} + +/* + * Update context to reflect the concatenation of another buffer full + * of bytes. + */ +_PUBLIC_ void MD5Update(struct MD5Context *ctx, const uint8_t *buf, size_t len) +{ + register uint32_t t; + + /* Update bitcount */ + + t = ctx->bits[0]; + if ((ctx->bits[0] = t + ((uint32_t) len << 3)) < t) + ctx->bits[1]++; /* Carry from low to high */ + ctx->bits[1] += len >> 29; + + t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */ + + /* Handle any leading odd-sized chunks */ + + if (t) { + uint8_t *p = (uint8_t *) ctx->in + t; + + t = 64 - t; + if (len < t) { + memmove(p, buf, len); + return; + } + memmove(p, buf, t); + byteReverse(ctx->in, 16); + MD5Transform(ctx->buf, (uint32_t *) ctx->in); + buf += t; + len -= t; + } + /* Process data in 64-byte chunks */ + + while (len >= 64) { + memmove(ctx->in, buf, 64); + byteReverse(ctx->in, 16); + MD5Transform(ctx->buf, (uint32_t *) ctx->in); + buf += 64; + len -= 64; + } + + /* Handle any remaining bytes of data. */ + + memmove(ctx->in, buf, len); +} + +/* + * Final wrapup - pad to 64-byte boundary with the bit pattern + * 1 0* (64-bit count of bits processed, MSB-first) + */ +_PUBLIC_ void MD5Final(uint8_t digest[16], struct MD5Context *ctx) +{ + uint_t count; + uint8_t *p; + + /* Compute number of bytes mod 64 */ + count = (ctx->bits[0] >> 3) & 0x3F; + + /* Set the first char of padding to 0x80. This is safe since there is + always at least one byte free */ + p = ctx->in + count; + *p++ = 0x80; + + /* Bytes of padding needed to make 64 bytes */ + count = 64 - 1 - count; + + /* Pad out to 56 mod 64 */ + if (count < 8) { + /* Two lots of padding: Pad the first block to 64 bytes */ + memset(p, 0, count); + byteReverse(ctx->in, 16); + MD5Transform(ctx->buf, (uint32_t *) ctx->in); + + /* Now fill the next block with 56 bytes */ + memset(ctx->in, 0, 56); + } else { + /* Pad block to 56 bytes */ + memset(p, 0, count - 8); + } + byteReverse(ctx->in, 14); + + /* Append length in bits and transform */ + ((uint32_t *) ctx->in)[14] = ctx->bits[0]; + ((uint32_t *) ctx->in)[15] = ctx->bits[1]; + + MD5Transform(ctx->buf, (uint32_t *) ctx->in); + byteReverse((uint8_t *) ctx->buf, 4); + memmove(digest, ctx->buf, 16); + memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ +} + +/* The four core functions - F1 is optimized somewhat */ + +/* #define F1(x, y, z) (x & y | ~x & z) */ +#define F1(x, y, z) (z ^ (x & (y ^ z))) +#define F2(x, y, z) F1(z, x, y) +#define F3(x, y, z) (x ^ y ^ z) +#define F4(x, y, z) (y ^ (x | ~z)) + +/* This is the central step in the MD5 algorithm. */ +#define MD5STEP(f, w, x, y, z, data, s) \ + ( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x ) + +/* + * The core of the MD5 algorithm, this alters an existing MD5 hash to + * reflect the addition of 16 longwords of new data. MD5Update blocks + * the data and converts bytes into longwords for this routine. + */ +static void MD5Transform(uint32_t buf[4], uint32_t const in[16]) +{ + register uint32_t a, b, c, d; + + a = buf[0]; + b = buf[1]; + c = buf[2]; + d = buf[3]; + + MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); + MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); + MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); + MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); + MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); + MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); + MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); + MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); + MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); + MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); + MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); + MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); + MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); + MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); + MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); + MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); + + MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); + MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); + MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); + MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); + MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); + MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); + MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); + MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); + MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); + MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); + MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); + MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); + MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); + MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); + MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); + MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); + + MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); + MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); + MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); + MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); + MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); + MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); + MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); + MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); + MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); + MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); + MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); + MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); + MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); + MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); + MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); + MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); + + MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); + MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); + MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); + MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); + MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); + MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); + MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); + MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); + MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); + MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); + MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); + MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); + MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); + MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); + MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); + MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); + + buf[0] += a; + buf[1] += b; + buf[2] += c; + buf[3] += d; +} diff --git a/lib/crypto/md5.h b/lib/crypto/md5.h new file mode 100644 index 0000000000..4064d6f003 --- /dev/null +++ b/lib/crypto/md5.h @@ -0,0 +1,19 @@ +#ifndef MD5_H +#define MD5_H +#ifndef HEADER_MD5_H +/* Try to avoid clashes with OpenSSL */ +#define HEADER_MD5_H +#endif + +struct MD5Context { + uint32_t buf[4]; + uint32_t bits[2]; + uint8_t in[64]; +}; + +void MD5Init(struct MD5Context *context); +void MD5Update(struct MD5Context *context, const uint8_t *buf, + size_t len); +void MD5Final(uint8_t digest[16], struct MD5Context *context); + +#endif /* !MD5_H */ diff --git a/lib/crypto/md5test.c b/lib/crypto/md5test.c new file mode 100644 index 0000000000..7223af2114 --- /dev/null +++ b/lib/crypto/md5test.c @@ -0,0 +1,93 @@ +/* + Unix SMB/CIFS implementation. + MD5 tests + Copyright (C) Stefan Metzmacher + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "../lib/crypto/crypto.h" + +struct torture_context; + +/* + This uses the test values from rfc1321 +*/ +bool torture_local_crypto_md5(struct torture_context *torture) +{ + bool ret = true; + uint32_t i; + struct { + const char *data; + const char *md5; + } testarray[] = { + { + .data = "", + .md5 = "d41d8cd98f00b204e9800998ecf8427e" + },{ + .data = "a", + .md5 = "0cc175b9c0f1b6a831c399e269772661" + },{ + .data = "abc", + .md5 = "900150983cd24fb0d6963f7d28e17f72" + },{ + .data = "message digest", + .md5 = "f96b697d7cb7938d525a2f31aaf161d0" + },{ + .data = "abcdefghijklmnopqrstuvwxyz", + .md5 = "c3fcd3d76192e4007dfb496cca67e13b" + },{ + .data = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" + "0123456789", + .md5 = "d174ab98d277d9f5a5611c2c9f419d9f" + },{ + .data = "123456789012345678901234567890" + "123456789012345678901234567890" + "12345678901234567890", + .md5 = "57edf4a22be3c955ac49da2e2107b67a" + } + }; + + for (i=0; i < ARRAY_SIZE(testarray); i++) { + struct MD5Context ctx; + uint8_t md5[16]; + int e; + + DATA_BLOB data; + DATA_BLOB md5blob; + + data = data_blob_string_const(testarray[i].data); + md5blob = strhex_to_data_blob(NULL, testarray[i].md5); + + MD5Init(&ctx); + MD5Update(&ctx, data.data, data.length); + MD5Final(md5, &ctx); + + e = memcmp(md5blob.data, + md5, + MIN(md5blob.length, sizeof(md5))); + if (e != 0) { + printf("md5 test[%u]: failed\n", i); + dump_data(0, data.data, data.length); + dump_data(0, md5blob.data, md5blob.length); + dump_data(0, md5, sizeof(md5)); + ret = false; + } + talloc_free(md5blob.data); + } + + return ret; +} diff --git a/lib/crypto/sha256.c b/lib/crypto/sha256.c new file mode 100644 index 0000000000..a2def25814 --- /dev/null +++ b/lib/crypto/sha256.c @@ -0,0 +1,253 @@ +/* + based on heildal lib/hcrypto/sha256.c. Copied to lib/crypto to avoid a link + problem. Hopefully will be removed once we solve this link problem + + (tridge) + */ + +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "includes.h" +#include "sha256.h" + +#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + +#define ROTR(x,n) (((x)>>(n)) | ((x) << (32 - (n)))) + +#define Sigma0(x) (ROTR(x,2) ^ ROTR(x,13) ^ ROTR(x,22)) +#define Sigma1(x) (ROTR(x,6) ^ ROTR(x,11) ^ ROTR(x,25)) +#define sigma0(x) (ROTR(x,7) ^ ROTR(x,18) ^ ((x)>>3)) +#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ ((x)>>10)) + +#define A m->counter[0] +#define B m->counter[1] +#define C m->counter[2] +#define D m->counter[3] +#define E m->counter[4] +#define F m->counter[5] +#define G m->counter[6] +#define H m->counter[7] + +static const uint32_t constant_256[64] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +}; + +void +SHA256_Init (SHA256_CTX *m) +{ + m->sz[0] = 0; + m->sz[1] = 0; + A = 0x6a09e667; + B = 0xbb67ae85; + C = 0x3c6ef372; + D = 0xa54ff53a; + E = 0x510e527f; + F = 0x9b05688c; + G = 0x1f83d9ab; + H = 0x5be0cd19; +} + +static void +calc (SHA256_CTX *m, uint32_t *in) +{ + uint32_t AA, BB, CC, DD, EE, FF, GG, HH; + uint32_t data[64]; + int i; + + AA = A; + BB = B; + CC = C; + DD = D; + EE = E; + FF = F; + GG = G; + HH = H; + + for (i = 0; i < 16; ++i) + data[i] = in[i]; + for (i = 16; i < 64; ++i) + data[i] = sigma1(data[i-2]) + data[i-7] + + sigma0(data[i-15]) + data[i - 16]; + + for (i = 0; i < 64; i++) { + uint32_t T1, T2; + + T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_256[i] + data[i]; + T2 = Sigma0(AA) + Maj(AA,BB,CC); + + HH = GG; + GG = FF; + FF = EE; + EE = DD + T1; + DD = CC; + CC = BB; + BB = AA; + AA = T1 + T2; + } + + A += AA; + B += BB; + C += CC; + D += DD; + E += EE; + F += FF; + G += GG; + H += HH; +} + +/* + * From `Performance analysis of MD5' by Joseph D. Touch <touch@isi.edu> + */ + +#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) +/* Vector Crays doesn't have a good 32-bit type, or more precisely, + int32_t as defined by <bind/bitypes.h> isn't 32 bits, and we don't + want to depend in being able to redefine this type. To cope with + this we have to clamp the result in some places to [0,2^32); no + need to do this on other machines. Did I say this was a mess? + */ + +#ifdef _CRAY +#define CRAYFIX(X) ((X) & 0xffffffff) +#else +#define CRAYFIX(X) (X) +#endif + +static inline uint32_t +cshift (uint32_t x, unsigned int n) +{ + x = CRAYFIX(x); + return CRAYFIX((x << n) | (x >> (32 - n))); +} + +static inline uint32_t +swap_uint32_t (uint32_t t) +{ + uint32_t temp1, temp2; + + temp1 = cshift(t, 16); + temp2 = temp1 >> 8; + temp1 &= 0x00ff00ff; + temp2 &= 0x00ff00ff; + temp1 <<= 8; + return temp1 | temp2; +} +#endif + +struct x32{ + unsigned int a:32; + unsigned int b:32; +}; + +void +SHA256_Update (SHA256_CTX *m, const void *v, size_t len) +{ + const unsigned char *p = v; + size_t old_sz = m->sz[0]; + size_t offset; + + m->sz[0] += len * 8; + if (m->sz[0] < old_sz) + ++m->sz[1]; + offset = (old_sz / 8) % 64; + while(len > 0){ + size_t l = MIN(len, 64 - offset); + memcpy(m->save + offset, p, l); + offset += l; + p += l; + len -= l; + if(offset == 64){ +#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) + int i; + uint32_t current[16]; + struct x32 *u = (struct x32*)m->save; + for(i = 0; i < 8; i++){ + current[2*i+0] = swap_uint32_t(u[i].a); + current[2*i+1] = swap_uint32_t(u[i].b); + } + calc(m, current); +#else + calc(m, (uint32_t*)m->save); +#endif + offset = 0; + } + } +} + +void +SHA256_Final (void *res, SHA256_CTX *m) +{ + unsigned char zeros[72]; + unsigned offset = (m->sz[0] / 8) % 64; + unsigned int dstart = (120 - offset - 1) % 64 + 1; + + *zeros = 0x80; + memset (zeros + 1, 0, sizeof(zeros) - 1); + zeros[dstart+7] = (m->sz[0] >> 0) & 0xff; + zeros[dstart+6] = (m->sz[0] >> 8) & 0xff; + zeros[dstart+5] = (m->sz[0] >> 16) & 0xff; + zeros[dstart+4] = (m->sz[0] >> 24) & 0xff; + zeros[dstart+3] = (m->sz[1] >> 0) & 0xff; + zeros[dstart+2] = (m->sz[1] >> 8) & 0xff; + zeros[dstart+1] = (m->sz[1] >> 16) & 0xff; + zeros[dstart+0] = (m->sz[1] >> 24) & 0xff; + SHA256_Update (m, zeros, dstart + 8); + { + int i; + unsigned char *r = (unsigned char*)res; + + for (i = 0; i < 8; ++i) { + r[4*i+3] = m->counter[i] & 0xFF; + r[4*i+2] = (m->counter[i] >> 8) & 0xFF; + r[4*i+1] = (m->counter[i] >> 16) & 0xFF; + r[4*i] = (m->counter[i] >> 24) & 0xFF; + } + } +} diff --git a/lib/crypto/sha256.h b/lib/crypto/sha256.h new file mode 100644 index 0000000000..4a5f2cbe94 --- /dev/null +++ b/lib/crypto/sha256.h @@ -0,0 +1,91 @@ +/* + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: sha.h 17450 2006-05-05 11:11:43Z lha $ */ + +#ifndef HEIM_SHA_H +/* + based on heildal lib/hcrypto/sha.h. Copied to lib/crypto to avoid a link + problem. Hopefully will be removed once we solve this link problem + + (tridge) + */ +#define HEIM_SHA_H 1 + +#if 0 +/* symbol renaming */ +#define SHA1_Init hc_SHA1_Init +#define SHA1_Update hc_SHA1_Update +#define SHA1_Final hc_SHA1_Final +#define SHA256_Init hc_SHA256_Init +#define SHA256_Update hc_SHA256_Update +#define SHA256_Final hc_SHA256_Final +#endif + +/* + * SHA-1 + */ + +#define SHA_DIGEST_LENGTH 20 + +struct sha { + unsigned int sz[2]; + uint32_t counter[5]; + unsigned char save[64]; +}; + +typedef struct sha SHA_CTX; + +void SHA1_Init (struct sha *m); +void SHA1_Update (struct sha *m, const void *v, size_t len); +void SHA1_Final (void *res, struct sha *m); + +/* + * SHA-2 256 + */ + +#define SHA256_DIGEST_LENGTH 32 + +struct hc_sha256state { + unsigned int sz[2]; + uint32_t counter[8]; + unsigned char save[64]; +}; + +typedef struct hc_sha256state SHA256_CTX; + +void SHA256_Init (SHA256_CTX *); +void SHA256_Update (SHA256_CTX *, const void *, size_t); +void SHA256_Final (void *, SHA256_CTX *); + +#endif /* HEIM_SHA_H */ |