xref: /linux/fs/smb/common/cifs_md4.c (revision 24168c5e6dfbdd5b414f048f47f75d64533296ca) 
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Cryptographic API.
4  *
5  * MD4 Message Digest Algorithm (RFC1320).
6  *
7  * Implementation derived from Andrew Tridgell and Steve French's
8  * CIFS MD4 implementation, and the cryptoapi implementation
9  * originally based on the public domain implementation written
10  * by Colin Plumb in 1993.
11  *
12  * Copyright (c) Andrew Tridgell 1997-1998.
13  * Modified by Steve French (sfrench@us.ibm.com) 2002
14  * Copyright (c) Cryptoapi developers.
15  * Copyright (c) 2002 David S. Miller (davem@redhat.com)
16  * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
17  *
18  */
19 #include <linux/init.h>
20 #include <linux/kernel.h>
21 #include <linux/module.h>
22 #include <linux/string.h>
23 #include <linux/types.h>
24 #include <asm/byteorder.h>
25 #include "md4.h"
26 
27 MODULE_LICENSE("GPL");
28 
29 static inline u32 lshift(u32 x, unsigned int s)
30 {
31 	x &= 0xFFFFFFFF;
32 	return ((x << s) & 0xFFFFFFFF) | (x >> (32 - s));
33 }
34 
35 static inline u32 F(u32 x, u32 y, u32 z)
36 {
37 	return (x & y) | ((~x) & z);
38 }
39 
40 static inline u32 G(u32 x, u32 y, u32 z)
41 {
42 	return (x & y) | (x & z) | (y & z);
43 }
44 
45 static inline u32 H(u32 x, u32 y, u32 z)
46 {
47 	return x ^ y ^ z;
48 }
49 
50 #define ROUND1(a,b,c,d,k,s) (a = lshift(a + F(b,c,d) + k, s))
51 #define ROUND2(a,b,c,d,k,s) (a = lshift(a + G(b,c,d) + k + (u32)0x5A827999,s))
52 #define ROUND3(a,b,c,d,k,s) (a = lshift(a + H(b,c,d) + k + (u32)0x6ED9EBA1,s))
53 
54 static void md4_transform(u32 *hash, u32 const *in)
55 {
56 	u32 a, b, c, d;
57 
58 	a = hash[0];
59 	b = hash[1];
60 	c = hash[2];
61 	d = hash[3];
62 
63 	ROUND1(a, b, c, d, in[0], 3);
64 	ROUND1(d, a, b, c, in[1], 7);
65 	ROUND1(c, d, a, b, in[2], 11);
66 	ROUND1(b, c, d, a, in[3], 19);
67 	ROUND1(a, b, c, d, in[4], 3);
68 	ROUND1(d, a, b, c, in[5], 7);
69 	ROUND1(c, d, a, b, in[6], 11);
70 	ROUND1(b, c, d, a, in[7], 19);
71 	ROUND1(a, b, c, d, in[8], 3);
72 	ROUND1(d, a, b, c, in[9], 7);
73 	ROUND1(c, d, a, b, in[10], 11);
74 	ROUND1(b, c, d, a, in[11], 19);
75 	ROUND1(a, b, c, d, in[12], 3);
76 	ROUND1(d, a, b, c, in[13], 7);
77 	ROUND1(c, d, a, b, in[14], 11);
78 	ROUND1(b, c, d, a, in[15], 19);
79 
80 	ROUND2(a, b, c, d, in[0], 3);
81 	ROUND2(d, a, b, c, in[4], 5);
82 	ROUND2(c, d, a, b, in[8], 9);
83 	ROUND2(b, c, d, a, in[12], 13);
84 	ROUND2(a, b, c, d, in[1], 3);
85 	ROUND2(d, a, b, c, in[5], 5);
86 	ROUND2(c, d, a, b, in[9], 9);
87 	ROUND2(b, c, d, a, in[13], 13);
88 	ROUND2(a, b, c, d, in[2], 3);
89 	ROUND2(d, a, b, c, in[6], 5);
90 	ROUND2(c, d, a, b, in[10], 9);
91 	ROUND2(b, c, d, a, in[14], 13);
92 	ROUND2(a, b, c, d, in[3], 3);
93 	ROUND2(d, a, b, c, in[7], 5);
94 	ROUND2(c, d, a, b, in[11], 9);
95 	ROUND2(b, c, d, a, in[15], 13);
96 
97 	ROUND3(a, b, c, d, in[0], 3);
98 	ROUND3(d, a, b, c, in[8], 9);
99 	ROUND3(c, d, a, b, in[4], 11);
100 	ROUND3(b, c, d, a, in[12], 15);
101 	ROUND3(a, b, c, d, in[2], 3);
102 	ROUND3(d, a, b, c, in[10], 9);
103 	ROUND3(c, d, a, b, in[6], 11);
104 	ROUND3(b, c, d, a, in[14], 15);
105 	ROUND3(a, b, c, d, in[1], 3);
106 	ROUND3(d, a, b, c, in[9], 9);
107 	ROUND3(c, d, a, b, in[5], 11);
108 	ROUND3(b, c, d, a, in[13], 15);
109 	ROUND3(a, b, c, d, in[3], 3);
110 	ROUND3(d, a, b, c, in[11], 9);
111 	ROUND3(c, d, a, b, in[7], 11);
112 	ROUND3(b, c, d, a, in[15], 15);
113 
114 	hash[0] += a;
115 	hash[1] += b;
116 	hash[2] += c;
117 	hash[3] += d;
118 }
119 
120 static inline void md4_transform_helper(struct md4_ctx *ctx)
121 {
122 	le32_to_cpu_array(ctx->block, ARRAY_SIZE(ctx->block));
123 	md4_transform(ctx->hash, ctx->block);
124 }
125 
126 int cifs_md4_init(struct md4_ctx *mctx)
127 {
128 	memset(mctx, 0, sizeof(struct md4_ctx));
129 	mctx->hash[0] = 0x67452301;
130 	mctx->hash[1] = 0xefcdab89;
131 	mctx->hash[2] = 0x98badcfe;
132 	mctx->hash[3] = 0x10325476;
133 	mctx->byte_count = 0;
134 
135 	return 0;
136 }
137 EXPORT_SYMBOL_GPL(cifs_md4_init);
138 
139 int cifs_md4_update(struct md4_ctx *mctx, const u8 *data, unsigned int len)
140 {
141 	const u32 avail = sizeof(mctx->block) - (mctx->byte_count & 0x3f);
142 
143 	mctx->byte_count += len;
144 
145 	if (avail > len) {
146 		memcpy((char *)mctx->block + (sizeof(mctx->block) - avail),
147 		       data, len);
148 		return 0;
149 	}
150 
151 	memcpy((char *)mctx->block + (sizeof(mctx->block) - avail),
152 	       data, avail);
153 
154 	md4_transform_helper(mctx);
155 	data += avail;
156 	len -= avail;
157 
158 	while (len >= sizeof(mctx->block)) {
159 		memcpy(mctx->block, data, sizeof(mctx->block));
160 		md4_transform_helper(mctx);
161 		data += sizeof(mctx->block);
162 		len -= sizeof(mctx->block);
163 	}
164 
165 	memcpy(mctx->block, data, len);
166 
167 	return 0;
168 }
169 EXPORT_SYMBOL_GPL(cifs_md4_update);
170 
171 int cifs_md4_final(struct md4_ctx *mctx, u8 *out)
172 {
173 	const unsigned int offset = mctx->byte_count & 0x3f;
174 	char *p = (char *)mctx->block + offset;
175 	int padding = 56 - (offset + 1);
176 
177 	*p++ = 0x80;
178 	if (padding < 0) {
179 		memset(p, 0x00, padding + sizeof(u64));
180 		md4_transform_helper(mctx);
181 		p = (char *)mctx->block;
182 		padding = 56;
183 	}
184 
185 	memset(p, 0, padding);
186 	mctx->block[14] = mctx->byte_count << 3;
187 	mctx->block[15] = mctx->byte_count >> 29;
188 	le32_to_cpu_array(mctx->block, (sizeof(mctx->block) -
189 			  sizeof(u64)) / sizeof(u32));
190 	md4_transform(mctx->hash, mctx->block);
191 	cpu_to_le32_array(mctx->hash, ARRAY_SIZE(mctx->hash));
192 	memcpy(out, mctx->hash, sizeof(mctx->hash));
193 	memset(mctx, 0, sizeof(*mctx));
194 
195 	return 0;
196 }
197 EXPORT_SYMBOL_GPL(cifs_md4_final);
198