1*38c8a9a5SSteve French // SPDX-License-Identifier: GPL-2.0
2*38c8a9a5SSteve French /*
3*38c8a9a5SSteve French * Cryptographic API.
4*38c8a9a5SSteve French *
5*38c8a9a5SSteve French * MD4 Message Digest Algorithm (RFC1320).
6*38c8a9a5SSteve French *
7*38c8a9a5SSteve French * Implementation derived from Andrew Tridgell and Steve French's
8*38c8a9a5SSteve French * CIFS MD4 implementation, and the cryptoapi implementation
9*38c8a9a5SSteve French * originally based on the public domain implementation written
10*38c8a9a5SSteve French * by Colin Plumb in 1993.
11*38c8a9a5SSteve French *
12*38c8a9a5SSteve French * Copyright (c) Andrew Tridgell 1997-1998.
13*38c8a9a5SSteve French * Modified by Steve French (sfrench@us.ibm.com) 2002
14*38c8a9a5SSteve French * Copyright (c) Cryptoapi developers.
15*38c8a9a5SSteve French * Copyright (c) 2002 David S. Miller (davem@redhat.com)
16*38c8a9a5SSteve French * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
17*38c8a9a5SSteve French *
18*38c8a9a5SSteve French */
19*38c8a9a5SSteve French #include <linux/init.h>
20*38c8a9a5SSteve French #include <linux/kernel.h>
21*38c8a9a5SSteve French #include <linux/module.h>
22*38c8a9a5SSteve French #include <linux/string.h>
23*38c8a9a5SSteve French #include <linux/types.h>
24*38c8a9a5SSteve French #include <asm/byteorder.h>
25*38c8a9a5SSteve French #include "md4.h"
26*38c8a9a5SSteve French
27*38c8a9a5SSteve French MODULE_LICENSE("GPL");
28*38c8a9a5SSteve French
lshift(u32 x,unsigned int s)29*38c8a9a5SSteve French static inline u32 lshift(u32 x, unsigned int s)
30*38c8a9a5SSteve French {
31*38c8a9a5SSteve French x &= 0xFFFFFFFF;
32*38c8a9a5SSteve French return ((x << s) & 0xFFFFFFFF) | (x >> (32 - s));
33*38c8a9a5SSteve French }
34*38c8a9a5SSteve French
F(u32 x,u32 y,u32 z)35*38c8a9a5SSteve French static inline u32 F(u32 x, u32 y, u32 z)
36*38c8a9a5SSteve French {
37*38c8a9a5SSteve French return (x & y) | ((~x) & z);
38*38c8a9a5SSteve French }
39*38c8a9a5SSteve French
G(u32 x,u32 y,u32 z)40*38c8a9a5SSteve French static inline u32 G(u32 x, u32 y, u32 z)
41*38c8a9a5SSteve French {
42*38c8a9a5SSteve French return (x & y) | (x & z) | (y & z);
43*38c8a9a5SSteve French }
44*38c8a9a5SSteve French
H(u32 x,u32 y,u32 z)45*38c8a9a5SSteve French static inline u32 H(u32 x, u32 y, u32 z)
46*38c8a9a5SSteve French {
47*38c8a9a5SSteve French return x ^ y ^ z;
48*38c8a9a5SSteve French }
49*38c8a9a5SSteve French
50*38c8a9a5SSteve French #define ROUND1(a,b,c,d,k,s) (a = lshift(a + F(b,c,d) + k, s))
51*38c8a9a5SSteve French #define ROUND2(a,b,c,d,k,s) (a = lshift(a + G(b,c,d) + k + (u32)0x5A827999,s))
52*38c8a9a5SSteve French #define ROUND3(a,b,c,d,k,s) (a = lshift(a + H(b,c,d) + k + (u32)0x6ED9EBA1,s))
53*38c8a9a5SSteve French
md4_transform(u32 * hash,u32 const * in)54*38c8a9a5SSteve French static void md4_transform(u32 *hash, u32 const *in)
55*38c8a9a5SSteve French {
56*38c8a9a5SSteve French u32 a, b, c, d;
57*38c8a9a5SSteve French
58*38c8a9a5SSteve French a = hash[0];
59*38c8a9a5SSteve French b = hash[1];
60*38c8a9a5SSteve French c = hash[2];
61*38c8a9a5SSteve French d = hash[3];
62*38c8a9a5SSteve French
63*38c8a9a5SSteve French ROUND1(a, b, c, d, in[0], 3);
64*38c8a9a5SSteve French ROUND1(d, a, b, c, in[1], 7);
65*38c8a9a5SSteve French ROUND1(c, d, a, b, in[2], 11);
66*38c8a9a5SSteve French ROUND1(b, c, d, a, in[3], 19);
67*38c8a9a5SSteve French ROUND1(a, b, c, d, in[4], 3);
68*38c8a9a5SSteve French ROUND1(d, a, b, c, in[5], 7);
69*38c8a9a5SSteve French ROUND1(c, d, a, b, in[6], 11);
70*38c8a9a5SSteve French ROUND1(b, c, d, a, in[7], 19);
71*38c8a9a5SSteve French ROUND1(a, b, c, d, in[8], 3);
72*38c8a9a5SSteve French ROUND1(d, a, b, c, in[9], 7);
73*38c8a9a5SSteve French ROUND1(c, d, a, b, in[10], 11);
74*38c8a9a5SSteve French ROUND1(b, c, d, a, in[11], 19);
75*38c8a9a5SSteve French ROUND1(a, b, c, d, in[12], 3);
76*38c8a9a5SSteve French ROUND1(d, a, b, c, in[13], 7);
77*38c8a9a5SSteve French ROUND1(c, d, a, b, in[14], 11);
78*38c8a9a5SSteve French ROUND1(b, c, d, a, in[15], 19);
79*38c8a9a5SSteve French
80*38c8a9a5SSteve French ROUND2(a, b, c, d, in[0], 3);
81*38c8a9a5SSteve French ROUND2(d, a, b, c, in[4], 5);
82*38c8a9a5SSteve French ROUND2(c, d, a, b, in[8], 9);
83*38c8a9a5SSteve French ROUND2(b, c, d, a, in[12], 13);
84*38c8a9a5SSteve French ROUND2(a, b, c, d, in[1], 3);
85*38c8a9a5SSteve French ROUND2(d, a, b, c, in[5], 5);
86*38c8a9a5SSteve French ROUND2(c, d, a, b, in[9], 9);
87*38c8a9a5SSteve French ROUND2(b, c, d, a, in[13], 13);
88*38c8a9a5SSteve French ROUND2(a, b, c, d, in[2], 3);
89*38c8a9a5SSteve French ROUND2(d, a, b, c, in[6], 5);
90*38c8a9a5SSteve French ROUND2(c, d, a, b, in[10], 9);
91*38c8a9a5SSteve French ROUND2(b, c, d, a, in[14], 13);
92*38c8a9a5SSteve French ROUND2(a, b, c, d, in[3], 3);
93*38c8a9a5SSteve French ROUND2(d, a, b, c, in[7], 5);
94*38c8a9a5SSteve French ROUND2(c, d, a, b, in[11], 9);
95*38c8a9a5SSteve French ROUND2(b, c, d, a, in[15], 13);
96*38c8a9a5SSteve French
97*38c8a9a5SSteve French ROUND3(a, b, c, d, in[0], 3);
98*38c8a9a5SSteve French ROUND3(d, a, b, c, in[8], 9);
99*38c8a9a5SSteve French ROUND3(c, d, a, b, in[4], 11);
100*38c8a9a5SSteve French ROUND3(b, c, d, a, in[12], 15);
101*38c8a9a5SSteve French ROUND3(a, b, c, d, in[2], 3);
102*38c8a9a5SSteve French ROUND3(d, a, b, c, in[10], 9);
103*38c8a9a5SSteve French ROUND3(c, d, a, b, in[6], 11);
104*38c8a9a5SSteve French ROUND3(b, c, d, a, in[14], 15);
105*38c8a9a5SSteve French ROUND3(a, b, c, d, in[1], 3);
106*38c8a9a5SSteve French ROUND3(d, a, b, c, in[9], 9);
107*38c8a9a5SSteve French ROUND3(c, d, a, b, in[5], 11);
108*38c8a9a5SSteve French ROUND3(b, c, d, a, in[13], 15);
109*38c8a9a5SSteve French ROUND3(a, b, c, d, in[3], 3);
110*38c8a9a5SSteve French ROUND3(d, a, b, c, in[11], 9);
111*38c8a9a5SSteve French ROUND3(c, d, a, b, in[7], 11);
112*38c8a9a5SSteve French ROUND3(b, c, d, a, in[15], 15);
113*38c8a9a5SSteve French
114*38c8a9a5SSteve French hash[0] += a;
115*38c8a9a5SSteve French hash[1] += b;
116*38c8a9a5SSteve French hash[2] += c;
117*38c8a9a5SSteve French hash[3] += d;
118*38c8a9a5SSteve French }
119*38c8a9a5SSteve French
md4_transform_helper(struct md4_ctx * ctx)120*38c8a9a5SSteve French static inline void md4_transform_helper(struct md4_ctx *ctx)
121*38c8a9a5SSteve French {
122*38c8a9a5SSteve French le32_to_cpu_array(ctx->block, ARRAY_SIZE(ctx->block));
123*38c8a9a5SSteve French md4_transform(ctx->hash, ctx->block);
124*38c8a9a5SSteve French }
125*38c8a9a5SSteve French
cifs_md4_init(struct md4_ctx * mctx)126*38c8a9a5SSteve French int cifs_md4_init(struct md4_ctx *mctx)
127*38c8a9a5SSteve French {
128*38c8a9a5SSteve French memset(mctx, 0, sizeof(struct md4_ctx));
129*38c8a9a5SSteve French mctx->hash[0] = 0x67452301;
130*38c8a9a5SSteve French mctx->hash[1] = 0xefcdab89;
131*38c8a9a5SSteve French mctx->hash[2] = 0x98badcfe;
132*38c8a9a5SSteve French mctx->hash[3] = 0x10325476;
133*38c8a9a5SSteve French mctx->byte_count = 0;
134*38c8a9a5SSteve French
135*38c8a9a5SSteve French return 0;
136*38c8a9a5SSteve French }
137*38c8a9a5SSteve French EXPORT_SYMBOL_GPL(cifs_md4_init);
138*38c8a9a5SSteve French
cifs_md4_update(struct md4_ctx * mctx,const u8 * data,unsigned int len)139*38c8a9a5SSteve French int cifs_md4_update(struct md4_ctx *mctx, const u8 *data, unsigned int len)
140*38c8a9a5SSteve French {
141*38c8a9a5SSteve French const u32 avail = sizeof(mctx->block) - (mctx->byte_count & 0x3f);
142*38c8a9a5SSteve French
143*38c8a9a5SSteve French mctx->byte_count += len;
144*38c8a9a5SSteve French
145*38c8a9a5SSteve French if (avail > len) {
146*38c8a9a5SSteve French memcpy((char *)mctx->block + (sizeof(mctx->block) - avail),
147*38c8a9a5SSteve French data, len);
148*38c8a9a5SSteve French return 0;
149*38c8a9a5SSteve French }
150*38c8a9a5SSteve French
151*38c8a9a5SSteve French memcpy((char *)mctx->block + (sizeof(mctx->block) - avail),
152*38c8a9a5SSteve French data, avail);
153*38c8a9a5SSteve French
154*38c8a9a5SSteve French md4_transform_helper(mctx);
155*38c8a9a5SSteve French data += avail;
156*38c8a9a5SSteve French len -= avail;
157*38c8a9a5SSteve French
158*38c8a9a5SSteve French while (len >= sizeof(mctx->block)) {
159*38c8a9a5SSteve French memcpy(mctx->block, data, sizeof(mctx->block));
160*38c8a9a5SSteve French md4_transform_helper(mctx);
161*38c8a9a5SSteve French data += sizeof(mctx->block);
162*38c8a9a5SSteve French len -= sizeof(mctx->block);
163*38c8a9a5SSteve French }
164*38c8a9a5SSteve French
165*38c8a9a5SSteve French memcpy(mctx->block, data, len);
166*38c8a9a5SSteve French
167*38c8a9a5SSteve French return 0;
168*38c8a9a5SSteve French }
169*38c8a9a5SSteve French EXPORT_SYMBOL_GPL(cifs_md4_update);
170*38c8a9a5SSteve French
cifs_md4_final(struct md4_ctx * mctx,u8 * out)171*38c8a9a5SSteve French int cifs_md4_final(struct md4_ctx *mctx, u8 *out)
172*38c8a9a5SSteve French {
173*38c8a9a5SSteve French const unsigned int offset = mctx->byte_count & 0x3f;
174*38c8a9a5SSteve French char *p = (char *)mctx->block + offset;
175*38c8a9a5SSteve French int padding = 56 - (offset + 1);
176*38c8a9a5SSteve French
177*38c8a9a5SSteve French *p++ = 0x80;
178*38c8a9a5SSteve French if (padding < 0) {
179*38c8a9a5SSteve French memset(p, 0x00, padding + sizeof(u64));
180*38c8a9a5SSteve French md4_transform_helper(mctx);
181*38c8a9a5SSteve French p = (char *)mctx->block;
182*38c8a9a5SSteve French padding = 56;
183*38c8a9a5SSteve French }
184*38c8a9a5SSteve French
185*38c8a9a5SSteve French memset(p, 0, padding);
186*38c8a9a5SSteve French mctx->block[14] = mctx->byte_count << 3;
187*38c8a9a5SSteve French mctx->block[15] = mctx->byte_count >> 29;
188*38c8a9a5SSteve French le32_to_cpu_array(mctx->block, (sizeof(mctx->block) -
189*38c8a9a5SSteve French sizeof(u64)) / sizeof(u32));
190*38c8a9a5SSteve French md4_transform(mctx->hash, mctx->block);
191*38c8a9a5SSteve French cpu_to_le32_array(mctx->hash, ARRAY_SIZE(mctx->hash));
192*38c8a9a5SSteve French memcpy(out, mctx->hash, sizeof(mctx->hash));
193*38c8a9a5SSteve French memset(mctx, 0, sizeof(*mctx));
194*38c8a9a5SSteve French
195*38c8a9a5SSteve French return 0;
196*38c8a9a5SSteve French }
197*38c8a9a5SSteve French EXPORT_SYMBOL_GPL(cifs_md4_final);
198