From 12cdc41dceac45f20549a019042f41745c940daa Mon Sep 17 00:00:00 2001 From: Marco van Wieringen Date: Sun, 15 Jun 2014 17:34:10 +0200 Subject: [PATCH] Sync md5 and sha1 code to what others use. We have stuff that could make some distributions scream that things might be not fully opensource so we sync here to what other projects use e.g. a fully public domain version of sha1 and md5. When things are compiled using OpenSSL we even fall back to their implementation of md5 and don't compile an own version at all. The rest of the code was changed to use the new context names and the small change in the function names. --- src/dird/dird_conf.h | 2 +- src/dird/inc_conf.c | 6 +- src/dird/job.c | 4 +- src/lib/crypto_gnutls.c | 4 +- src/lib/crypto_none.c | 4 +- src/lib/crypto_nss.c | 4 +- src/lib/hmac.c | 26 +- src/lib/md5.c | 601 +++++++++++++++++--------------------- src/lib/md5.h | 76 ++--- src/lib/res.c | 8 +- src/lib/sha1.c | 621 +++++++++------------------------------- src/lib/sha1.h | 113 ++------ src/lib/util.c | 14 +- 13 files changed, 495 insertions(+), 988 deletions(-) diff --git a/src/dird/dird_conf.h b/src/dird/dird_conf.h index 72ec3dd1d63..368b970dcfd 100644 --- a/src/dird/dird_conf.h +++ b/src/dird/dird_conf.h @@ -536,7 +536,7 @@ class FILESETRES { INCEXE **exclude_items; int32_t num_excludes; bool have_MD5; /* Set if MD5 initialized */ - struct MD5Context md5c; /* MD5 of include/exclude */ + MD5_CTX md5c; /* MD5 of include/exclude */ char MD5[30]; /* Base 64 representation of MD5 */ bool ignore_fs_changes; /* Don't force Full if FS changed */ bool enable_vss; /* Enable Volume Shadow Copy */ diff --git a/src/dird/inc_conf.c b/src/dird/inc_conf.c index 352a06da492..020f333eeab 100644 --- a/src/dird/inc_conf.c +++ b/src/dird/inc_conf.c @@ -580,7 +580,7 @@ static void store_fname(LEX *lc, RES_ITEM *item, int index, int pass, bool exclu } case T_QUOTED_STRING: if (res_all->res_fs.have_MD5) { - MD5Update(&res_all->res_fs.md5c, (unsigned char *)lc->str, lc->str_len); + MD5_Update(&res_all->res_fs.md5c, (unsigned char *)lc->str, lc->str_len); } incexe = &res_incexe; if (incexe->name_list.size() == 0) { @@ -624,7 +624,7 @@ static void store_plugin_name(LEX *lc, RES_ITEM *item, int index, int pass, bool } case T_QUOTED_STRING: if (res_all->res_fs.have_MD5) { - MD5Update(&res_all->res_fs.md5c, (unsigned char *)lc->str, lc->str_len); + MD5_Update(&res_all->res_fs.md5c, (unsigned char *)lc->str, lc->str_len); } incexe = &res_incexe; if (incexe->plugin_list.size() == 0) { @@ -672,7 +672,7 @@ static void store_newinc(LEX *lc, RES_ITEM *item, int index, int pass) URES *res_all = (URES *)my_config->m_res_all; if (!res_all->res_fs.have_MD5) { - MD5Init(&res_all->res_fs.md5c); + MD5_Init(&res_all->res_fs.md5c); res_all->res_fs.have_MD5 = true; } memset(&res_incexe, 0, sizeof(res_incexe)); diff --git a/src/dird/job.c b/src/dird/job.c index 2a814fd31a3..268d3ec7a2d 100644 --- a/src/dird/job.c +++ b/src/dird/job.c @@ -1183,10 +1183,10 @@ bool get_or_create_fileset_record(JCR *jcr) memset(&fsr, 0, sizeof(fsr)); bstrncpy(fsr.FileSet, jcr->res.fileset->hdr.name, sizeof(fsr.FileSet)); if (jcr->res.fileset->have_MD5) { - struct MD5Context md5c; + MD5_CTX md5c; unsigned char digest[MD5HashSize]; memcpy(&md5c, &jcr->res.fileset->md5c, sizeof(md5c)); - MD5Final(digest, &md5c); + MD5_Final(digest, &md5c); /* * Keep the flag (last arg) set to false otherwise old FileSets will * get new MD5 sums and the user will get Full backups on everything diff --git a/src/lib/crypto_gnutls.c b/src/lib/crypto_gnutls.c index c3ad66af03b..8998b9476f3 100644 --- a/src/lib/crypto_gnutls.c +++ b/src/lib/crypto_gnutls.c @@ -42,8 +42,8 @@ struct Digest { crypto_digest_t type; JCR *jcr; union { - SHA1Context sha1; - MD5Context md5; + SHA1_CTX sha1; + MD5_CTX md5; }; }; diff --git a/src/lib/crypto_none.c b/src/lib/crypto_none.c index acceb7dc788..360b19b2a5e 100644 --- a/src/lib/crypto_none.c +++ b/src/lib/crypto_none.c @@ -36,8 +36,8 @@ struct Digest { crypto_digest_t type; JCR *jcr; union { - SHA1Context sha1; - MD5Context md5; + SHA1_CTX sha1; + MD5_CTX md5; }; }; diff --git a/src/lib/crypto_nss.c b/src/lib/crypto_nss.c index 7fa9ee390bb..64cf92d0c73 100644 --- a/src/lib/crypto_nss.c +++ b/src/lib/crypto_nss.c @@ -38,8 +38,8 @@ struct Digest { crypto_digest_t type; JCR *jcr; union { - SHA1Context sha1; - MD5Context md5; + SHA1_CTX sha1; + MD5_CTX md5; }; }; diff --git a/src/lib/hmac.c b/src/lib/hmac.c index 2658e029964..e009beeab0f 100644 --- a/src/lib/hmac.c +++ b/src/lib/hmac.c @@ -39,7 +39,7 @@ hmac_md5( int key_len, /* length of authentication key */ uint8_t *hmac) /* returned hmac-md5 */ { - MD5Context md5c; + MD5_CTX md5c; uint8_t k_ipad[PAD_LEN]; /* inner padding - key XORd with ipad */ uint8_t k_opad[PAD_LEN]; /* outer padding - key XORd with opad */ uint8_t keysig[SIG_LEN]; @@ -47,11 +47,11 @@ hmac_md5( /* if key is longer than PAD length, reset it to key=MD5(key) */ if (key_len > PAD_LEN) { - MD5Context md5key; + MD5_CTX md5key; - MD5Init(&md5key); - MD5Update(&md5key, key, key_len); - MD5Final(keysig, &md5key); + MD5_Init(&md5key); + MD5_Update(&md5key, key, key_len); + MD5_Final(keysig, &md5key); key = keysig; key_len = SIG_LEN; @@ -81,16 +81,16 @@ hmac_md5( } /* perform inner MD5 */ - MD5Init(&md5c); /* start inner hash */ - MD5Update(&md5c, k_ipad, PAD_LEN); /* hash inner pad */ - MD5Update(&md5c, text, text_len); /* hash text */ - MD5Final(hmac, &md5c); /* store inner hash */ + MD5_Init(&md5c); /* start inner hash */ + MD5_Update(&md5c, k_ipad, PAD_LEN); /* hash inner pad */ + MD5_Update(&md5c, text, text_len); /* hash text */ + MD5_Final(hmac, &md5c); /* store inner hash */ /* perform outer MD5 */ - MD5Init(&md5c); /* start outer hash */ - MD5Update(&md5c, k_opad, PAD_LEN); /* hash outer pad */ - MD5Update(&md5c, hmac, SIG_LEN); /* hash inner hash */ - MD5Final(hmac, &md5c); /* store results */ + MD5_Init(&md5c); /* start outer hash */ + MD5_Update(&md5c, k_opad, PAD_LEN); /* hash outer pad */ + MD5_Update(&md5c, hmac, SIG_LEN); /* hash inner hash */ + MD5_Final(hmac, &md5c); /* store results */ } /* Test Vectors (Trailing '\0' of a character string not included in test): diff --git a/src/lib/md5.c b/src/lib/md5.c index 4c34a988a6e..52d96accd30 100644 --- a/src/lib/md5.c +++ b/src/lib/md5.c @@ -1,373 +1,296 @@ /* - BAREOSĀ® - Backup Archiving REcovery Open Sourced - - Copyright (C) 2000-2011 Free Software Foundation Europe e.V. - - This program is Free Software; you can redistribute it and/or - modify it under the terms of version three of the GNU Affero General Public - License as published by the Free Software Foundation and included - in the file LICENSE. - - This program is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - 02110-1301, USA. -*/ -/* - * This code implements the MD5 message-digest algorithm. - * The algorithm is due to Ron Rivest. This code was - * written by Colin Plumb in 1993, no copyright is claimed. - * This code is in the public domain; do with it what you wish. + * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc. + * MD5 Message-Digest Algorithm (RFC 1321). + * + * Homepage: + * http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5 + * + * Author: + * Alexander Peslyak, better known as Solar Designer + * + * This software was written by Alexander Peslyak in 2001. No copyright is + * claimed, and the software is hereby placed in the public domain. + * In case this attempt to disclaim copyright and place the software in the + * public domain is deemed null and void, then the software is + * Copyright (c) 2001 Alexander Peslyak and it is hereby released to the + * general public under the following terms: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted. * - * Equivalent code is available from RSA Data Security, Inc. - * This code has been tested against that, and is equivalent, - * except that you don't need to include two pages of legalese - * with every copy. + * There's ABSOLUTELY NO WARRANTY, express or implied. * - * To compute the message digest of a chunk of bytes, declare an - * MD5Context structure, pass it to MD5Init, call MD5Update as - * needed on buffers full of bytes, and then call MD5Final, which - * will fill a supplied 16-byte array with the digest. + * (This is a heavily cut-down "BSD license".) * + * This differs from Colin Plumb's older public domain implementation in that + * no exactly 32-bit integer data type is required (any 32-bit or wider + * unsigned integer data type will do), there's no compile-time endianness + * configuration, and the function prototypes match OpenSSL's. No code from + * Colin Plumb's implementation has been reused; this comment merely compares + * the properties of the two independent implementations. + * + * The primary goals of this implementation are portability and ease of use. + * It is meant to be fast, but not as fast as possible. Some known + * optimizations are not included to reduce source code size and avoid + * compile-time configuration. */ -/* Brutally hacked by John Walker back from ANSI C to K&R (no - prototypes) to maintain the tradition that Netfone will compile - with Sun's original "cc". */ +#ifndef HAVE_OPENSSL + +#include -#include "bareos.h" +#include "md5.h" /* - * Note: this code is harmless on little-endian machines. We'll swap the bytes - * on big-endian machines. + * The basic MD5 functions. + * + * F and G are optimized compared to their RFC 1321 definitions for + * architectures that lack an AND-NOT instruction, just like in Colin Plumb's + * implementation. */ -static void byteReverse(unsigned char *buf, unsigned longs) -{ - uint32_t t; - if (bigendian()) { - do { - t = (uint32_t) ((unsigned) buf[3] << 8 | buf[2]) << 16 | - ((unsigned) buf[1] << 8 | buf[0]); - *(uint32_t *) buf = t; - buf += 4; - } while (--longs); - } -} +#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) +#define G(x, y, z) ((y) ^ ((z) & ((x) ^ (y)))) +#define H(x, y, z) (((x) ^ (y)) ^ (z)) +#define H2(x, y, z) ((x) ^ ((y) ^ (z))) +#define I(x, y, z) ((y) ^ ((x) | ~(z))) /* - * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious - * initialization constants. + * The MD5 transformation for all four rounds. */ -void MD5Init(struct MD5Context *ctx) -{ - ctx->buf[0] = 0x67452301; - ctx->buf[1] = 0xefcdab89; - ctx->buf[2] = 0x98badcfe; - ctx->buf[3] = 0x10325476; +#define STEP(f, a, b, c, d, x, t, s) \ + (a) += f((b), (c), (d)) + (x) + (t); \ + (a) = (((a) << (s)) | (((a) & 0xffffffff) >> (32 - (s)))); \ + (a) += (b); - ctx->bits[0] = 0; - ctx->bits[1] = 0; -} +/* + * SET reads 4 input bytes in little-endian byte order and stores them + * in a properly aligned word in host byte order. + * + * The check for little-endian architectures that tolerate unaligned + * memory accesses is just an optimization. Nothing will break if it + * doesn't work. + */ +#if defined(__i386__) || defined(__x86_64__) || defined(__vax__) +#define SET(n) \ + (*(MD5_u32plus *)&ptr[(n) * 4]) +#define GET(n) \ + SET(n) +#else +#define SET(n) \ + (ctx->block[(n)] = \ + (MD5_u32plus)ptr[(n) * 4] | \ + ((MD5_u32plus)ptr[(n) * 4 + 1] << 8) | \ + ((MD5_u32plus)ptr[(n) * 4 + 2] << 16) | \ + ((MD5_u32plus)ptr[(n) * 4 + 3] << 24)) +#define GET(n) \ + (ctx->block[(n)]) +#endif /* - * Update context to reflect the concatenation of another buffer full - * of bytes. + * This processes one or more 64-byte data blocks, but does NOT update + * the bit counters. There are no alignment requirements. */ -void MD5Update(struct MD5Context *ctx, unsigned char *buf, unsigned len) +static const void *body(MD5_CTX *ctx, const void *data, unsigned long size) { - uint32_t t; - - /* Update bitcount */ - - t = ctx->bits[0]; - if ((ctx->bits[0] = t + ((uint32_t) len << 3)) < t) - ctx->bits[1]++; /* Carry from low to high */ - ctx->bits[1] += len >> 29; - - t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */ - - /* Handle any leading odd-sized chunks */ - - if (t) { - unsigned char *p = (unsigned char *) ctx->in + t; - - t = 64 - t; - if (len < t) { - memcpy(p, buf, len); - return; - } - memcpy(p, buf, t); - byteReverse(ctx->in, 16); - MD5Transform(ctx->buf, (uint32_t *) ctx->in); - buf += t; - len -= t; - } - /* Process data in 64-byte chunks */ - - while (len >= 64) { - memcpy(ctx->in, buf, 64); - byteReverse(ctx->in, 16); - MD5Transform(ctx->buf, (uint32_t *) ctx->in); - buf += 64; - len -= 64; - } - - /* Handle any remaining bytes of data. */ - - memcpy(ctx->in, buf, len); + const unsigned char *ptr; + MD5_u32plus a, b, c, d; + MD5_u32plus saved_a, saved_b, saved_c, saved_d; + + ptr = (const unsigned char *)data; + + a = ctx->a; + b = ctx->b; + c = ctx->c; + d = ctx->d; + + do { + saved_a = a; + saved_b = b; + saved_c = c; + saved_d = d; + +/* Round 1 */ + STEP(F, a, b, c, d, SET(0), 0xd76aa478, 7) + STEP(F, d, a, b, c, SET(1), 0xe8c7b756, 12) + STEP(F, c, d, a, b, SET(2), 0x242070db, 17) + STEP(F, b, c, d, a, SET(3), 0xc1bdceee, 22) + STEP(F, a, b, c, d, SET(4), 0xf57c0faf, 7) + STEP(F, d, a, b, c, SET(5), 0x4787c62a, 12) + STEP(F, c, d, a, b, SET(6), 0xa8304613, 17) + STEP(F, b, c, d, a, SET(7), 0xfd469501, 22) + STEP(F, a, b, c, d, SET(8), 0x698098d8, 7) + STEP(F, d, a, b, c, SET(9), 0x8b44f7af, 12) + STEP(F, c, d, a, b, SET(10), 0xffff5bb1, 17) + STEP(F, b, c, d, a, SET(11), 0x895cd7be, 22) + STEP(F, a, b, c, d, SET(12), 0x6b901122, 7) + STEP(F, d, a, b, c, SET(13), 0xfd987193, 12) + STEP(F, c, d, a, b, SET(14), 0xa679438e, 17) + STEP(F, b, c, d, a, SET(15), 0x49b40821, 22) + +/* Round 2 */ + STEP(G, a, b, c, d, GET(1), 0xf61e2562, 5) + STEP(G, d, a, b, c, GET(6), 0xc040b340, 9) + STEP(G, c, d, a, b, GET(11), 0x265e5a51, 14) + STEP(G, b, c, d, a, GET(0), 0xe9b6c7aa, 20) + STEP(G, a, b, c, d, GET(5), 0xd62f105d, 5) + STEP(G, d, a, b, c, GET(10), 0x02441453, 9) + STEP(G, c, d, a, b, GET(15), 0xd8a1e681, 14) + STEP(G, b, c, d, a, GET(4), 0xe7d3fbc8, 20) + STEP(G, a, b, c, d, GET(9), 0x21e1cde6, 5) + STEP(G, d, a, b, c, GET(14), 0xc33707d6, 9) + STEP(G, c, d, a, b, GET(3), 0xf4d50d87, 14) + STEP(G, b, c, d, a, GET(8), 0x455a14ed, 20) + STEP(G, a, b, c, d, GET(13), 0xa9e3e905, 5) + STEP(G, d, a, b, c, GET(2), 0xfcefa3f8, 9) + STEP(G, c, d, a, b, GET(7), 0x676f02d9, 14) + STEP(G, b, c, d, a, GET(12), 0x8d2a4c8a, 20) + +/* Round 3 */ + STEP(H, a, b, c, d, GET(5), 0xfffa3942, 4) + STEP(H2, d, a, b, c, GET(8), 0x8771f681, 11) + STEP(H, c, d, a, b, GET(11), 0x6d9d6122, 16) + STEP(H2, b, c, d, a, GET(14), 0xfde5380c, 23) + STEP(H, a, b, c, d, GET(1), 0xa4beea44, 4) + STEP(H2, d, a, b, c, GET(4), 0x4bdecfa9, 11) + STEP(H, c, d, a, b, GET(7), 0xf6bb4b60, 16) + STEP(H2, b, c, d, a, GET(10), 0xbebfbc70, 23) + STEP(H, a, b, c, d, GET(13), 0x289b7ec6, 4) + STEP(H2, d, a, b, c, GET(0), 0xeaa127fa, 11) + STEP(H, c, d, a, b, GET(3), 0xd4ef3085, 16) + STEP(H2, b, c, d, a, GET(6), 0x04881d05, 23) + STEP(H, a, b, c, d, GET(9), 0xd9d4d039, 4) + STEP(H2, d, a, b, c, GET(12), 0xe6db99e5, 11) + STEP(H, c, d, a, b, GET(15), 0x1fa27cf8, 16) + STEP(H2, b, c, d, a, GET(2), 0xc4ac5665, 23) + +/* Round 4 */ + STEP(I, a, b, c, d, GET(0), 0xf4292244, 6) + STEP(I, d, a, b, c, GET(7), 0x432aff97, 10) + STEP(I, c, d, a, b, GET(14), 0xab9423a7, 15) + STEP(I, b, c, d, a, GET(5), 0xfc93a039, 21) + STEP(I, a, b, c, d, GET(12), 0x655b59c3, 6) + STEP(I, d, a, b, c, GET(3), 0x8f0ccc92, 10) + STEP(I, c, d, a, b, GET(10), 0xffeff47d, 15) + STEP(I, b, c, d, a, GET(1), 0x85845dd1, 21) + STEP(I, a, b, c, d, GET(8), 0x6fa87e4f, 6) + STEP(I, d, a, b, c, GET(15), 0xfe2ce6e0, 10) + STEP(I, c, d, a, b, GET(6), 0xa3014314, 15) + STEP(I, b, c, d, a, GET(13), 0x4e0811a1, 21) + STEP(I, a, b, c, d, GET(4), 0xf7537e82, 6) + STEP(I, d, a, b, c, GET(11), 0xbd3af235, 10) + STEP(I, c, d, a, b, GET(2), 0x2ad7d2bb, 15) + STEP(I, b, c, d, a, GET(9), 0xeb86d391, 21) + + a += saved_a; + b += saved_b; + c += saved_c; + d += saved_d; + + ptr += 64; + } while (size -= 64); + + ctx->a = a; + ctx->b = b; + ctx->c = c; + ctx->d = d; + + return ptr; } -/* - * Final wrapup - pad to 64-byte boundary with the bit pattern - * 1 0* (64-bit count of bits processed, MSB-first) - */ -void MD5Final(unsigned char digest[16], struct MD5Context *ctx) +void MD5_Init(MD5_CTX *ctx) { - unsigned count; - unsigned char *p; - - /* Compute number of bytes mod 64 */ - count = (ctx->bits[0] >> 3) & 0x3F; - - /* Set the first char of padding to 0x80. This is safe since there is - always at least one byte free */ - p = ctx->in + count; - *p++ = 0x80; - - /* Bytes of padding needed to make 64 bytes */ - count = 64 - 1 - count; - - /* Pad out to 56 mod 64 */ - if (count < 8) { - /* Two lots of padding: Pad the first block to 64 bytes */ - memset(p, 0, count); - byteReverse(ctx->in, 16); - MD5Transform(ctx->buf, (uint32_t *) ctx->in); - - /* Now fill the next block with 56 bytes */ - memset(ctx->in, 0, 56); - } else { - /* Pad block to 56 bytes */ - memset(p, 0, count - 8); - } - byteReverse(ctx->in, 14); - - /* Append length in bits and transform */ - ((uint32_t *) ctx->in)[14] = ctx->bits[0]; - ((uint32_t *) ctx->in)[15] = ctx->bits[1]; - - MD5Transform(ctx->buf, (uint32_t *) ctx->in); - byteReverse((unsigned char *) ctx->buf, 4); - memcpy(digest, ctx->buf, 16); - memset(ctx, 0, sizeof(MD5Context)); /* In case it's sensitive */ + ctx->a = 0x67452301; + ctx->b = 0xefcdab89; + ctx->c = 0x98badcfe; + ctx->d = 0x10325476; + + ctx->lo = 0; + ctx->hi = 0; } +void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size) +{ + MD5_u32plus saved_lo; + unsigned long used, available; -/* The four core functions - F1 is optimized somewhat */ + saved_lo = ctx->lo; + if ((ctx->lo = (saved_lo + size) & 0x1fffffff) < saved_lo) + ctx->hi++; + ctx->hi += size >> 29; -/* #define F1(x, y, z) (x & y | ~x & z) */ -#define F1(x, y, z) (z ^ (x & (y ^ z))) -#define F2(x, y, z) F1(z, x, y) -#define F3(x, y, z) (x ^ y ^ z) -#define F4(x, y, z) (y ^ (x | ~z)) + used = saved_lo & 0x3f; -/* This is the central step in the MD5 algorithm. */ -#define MD5STEP(f, w, x, y, z, data, s) \ - ( w += f(x, y, z) + data, w = w<>(32-s), w += x ) + if (used) { + available = 64 - used; -/* - * The core of the MD5 algorithm, this alters an existing MD5 hash to - * reflect the addition of 16 longwords of new data. MD5Update blocks - * the data and converts bytes into longwords for this routine. - */ -void MD5Transform(uint32_t buf[4], uint32_t in[16]) -{ - uint32_t a, b, c, d; - - a = buf[0]; - b = buf[1]; - c = buf[2]; - d = buf[3]; - - MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); - MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); - MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); - MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); - MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); - MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); - MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); - MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); - MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); - MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); - MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); - MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); - MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); - MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); - MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); - MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); - - MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); - MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); - MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); - MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); - MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); - MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); - MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); - MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); - MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); - MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); - MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); - MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); - MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); - MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); - MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); - MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); - - MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); - MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); - MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); - MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); - MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); - MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); - MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); - MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); - MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); - MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); - MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); - MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); - MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); - MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); - MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); - MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); - - MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); - MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); - MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); - MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); - MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); - MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); - MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); - MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); - MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); - MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); - MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); - MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); - MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); - MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); - MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); - MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); - - buf[0] += a; - buf[1] += b; - buf[2] += c; - buf[3] += d; -} + if (size < available) { + memcpy(&ctx->buffer[used], data, size); + return; + } -#ifdef MD5_SUM -#define OUTPUT_BASE64 1 + memcpy(&ctx->buffer[used], data, available); + data = (const unsigned char *)data + available; + size -= available; + body(ctx, ctx->buffer, 64); + } -static void usage() -{ - fprintf(stderr, -"\n" -"Usage: md5sum [-d decode] \n" -" -d decode the data file\n" -" -? print this message.\n" -"\n\n"); - - exit(1); -} + if (size >= 64) { + data = body(ctx, data, size & ~(unsigned long)0x3f); + size &= 0x3f; + } -static bool decode = false; + memcpy(ctx->buffer, data, size); +} -/* - * Reads a single ASCII file and prints the HEX md5 sum. - */ -#include -int main(int argc, char *argv[]) +void MD5_Final(unsigned char *result, MD5_CTX *ctx) { - FILE *fd; - MD5Context ctx; - char buf[5000]; - char signature[20]; - int ch; - - while ((ch = getopt(argc, argv, "d?")) != -1) { - switch (ch) { - case 'd': - decode = true; - break; - case '?': - default: - usage(); - } - } - - argc -= optind; - argv += optind; - - if (argc < 1) { - printf("Must have filename\n"); - exit(1); - } - - fd = fopen(argv[0], "rb"); - if (!fd) { - printf("Could not open %s: ERR=%s\n", argv[0], strerror(errno)); - exit(1); - } - if (decode) { - goto decode_it; - } - MD5Init(&ctx); - while (fgets(buf, sizeof(buf), fd)) { - MD5Update(&ctx, (unsigned char *)buf, strlen(buf)); - } - MD5Final((unsigned char *)signature, &ctx); - for (int i=0; i < 16; i++) { - printf("%02x", signature[i]& 0xFF); - } -#ifdef OUTPUT_BASE64 - char MD5buf[40]; /* 24 should do */ - memset(MD5buf, 0, 40); - bin_to_base64(MD5buf, sizeof(MD5buf), (char *)signature, 16, true); /* encode 16 bytes */ - printf(" %s", MD5buf); -#endif - printf(" %s\n", argv[0]); - exit(0); - -decode_it: - while (fgets(buf, sizeof(buf), fd)) { - char bin[40]; - unsigned char *p = (unsigned char *)buf; - unsigned char ch; - int val; - for (int i=0; i < 16; i++) { - if (*p <= '9') { - val = *p - '0'; - } else { - val = *p - 'a' + 10; - } - ch = val << 4; - p++; - if (*p <= '9') { - val = *p - '0'; - } else { - val = *p - 'a' + 10; - } - signature[i] = ch + val; - p++; - } - signature[16] = 0; - printf("%s", buf); - bin_to_base64(bin, sizeof(bin), (char *)signature, 16, true); - printf("%s\n", bin); - } - fclose(fd); + unsigned long used, available; + + used = ctx->lo & 0x3f; + + ctx->buffer[used++] = 0x80; + + available = 64 - used; + + if (available < 8) { + memset(&ctx->buffer[used], 0, available); + body(ctx, ctx->buffer, 64); + used = 0; + available = 64; + } + + memset(&ctx->buffer[used], 0, available - 8); + + ctx->lo <<= 3; + ctx->buffer[56] = ctx->lo; + ctx->buffer[57] = ctx->lo >> 8; + ctx->buffer[58] = ctx->lo >> 16; + ctx->buffer[59] = ctx->lo >> 24; + ctx->buffer[60] = ctx->hi; + ctx->buffer[61] = ctx->hi >> 8; + ctx->buffer[62] = ctx->hi >> 16; + ctx->buffer[63] = ctx->hi >> 24; + + body(ctx, ctx->buffer, 64); + + result[0] = ctx->a; + result[1] = ctx->a >> 8; + result[2] = ctx->a >> 16; + result[3] = ctx->a >> 24; + result[4] = ctx->b; + result[5] = ctx->b >> 8; + result[6] = ctx->b >> 16; + result[7] = ctx->b >> 24; + result[8] = ctx->c; + result[9] = ctx->c >> 8; + result[10] = ctx->c >> 16; + result[11] = ctx->c >> 24; + result[12] = ctx->d; + result[13] = ctx->d >> 8; + result[14] = ctx->d >> 16; + result[15] = ctx->d >> 24; + + memset(ctx, 0, sizeof(*ctx)); } + #endif diff --git a/src/lib/md5.h b/src/lib/md5.h index 5e6860aacb3..6ee126dcb9e 100644 --- a/src/lib/md5.h +++ b/src/lib/md5.h @@ -1,45 +1,49 @@ /* - BAREOSĀ® - Backup Archiving REcovery Open Sourced - - Copyright (C) 2001-2006 Free Software Foundation Europe e.V. - - This program is Free Software; you can redistribute it and/or - modify it under the terms of version three of the GNU Affero General Public - License as published by the Free Software Foundation and included - in the file LICENSE. - - This program is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - 02110-1301, USA. -*/ -/* - * BAREOS MD5 definitions + * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc. + * MD5 Message-Digest Algorithm (RFC 1321). + * + * Homepage: + * http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5 * - * Kern Sibbald, 2001 + * Author: + * Alexander Peslyak, better known as Solar Designer + * + * This software was written by Alexander Peslyak in 2001. No copyright is + * claimed, and the software is hereby placed in the public domain. + * In case this attempt to disclaim copyright and place the software in the + * public domain is deemed null and void, then the software is + * Copyright (c) 2001 Alexander Peslyak and it is hereby released to the + * general public under the following terms: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted. + * + * There's ABSOLUTELY NO WARRANTY, express or implied. + * + * See md5.c for more information. */ -#ifndef __BMD5_H -#define __BMD5_H - +#ifndef MD5HashSize #define MD5HashSize 16 +#endif + +#ifdef HAVE_OPENSSL +#include +#elif !defined(_MD5_H) +#define _MD5_H -struct MD5Context { - uint32_t buf[4]; - uint32_t bits[2]; - uint8_t in[64]; -}; +/* Any 32-bit or wider unsigned integer data type will do */ +typedef unsigned int MD5_u32plus; -typedef struct MD5Context MD5Context; +typedef struct { + MD5_u32plus lo, hi; + MD5_u32plus a, b, c, d; + unsigned char buffer[64]; + MD5_u32plus block[16]; +} MD5_CTX; -void MD5Init(struct MD5Context *ctx); -void MD5Update(struct MD5Context *ctx, unsigned char *buf, unsigned len); -void MD5Final(unsigned char digest[16], struct MD5Context *ctx); -void MD5Transform(uint32_t buf[4], uint32_t in[16]); +extern void MD5_Init(MD5_CTX *ctx); +extern void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size); +extern void MD5_Final(unsigned char *result, MD5_CTX *ctx); -#endif /* !__BMD5_H */ +#endif diff --git a/src/lib/res.c b/src/lib/res.c index de03301828c..3b0c323f1e9 100644 --- a/src/lib/res.c +++ b/src/lib/res.c @@ -399,13 +399,13 @@ static void store_md5password(LEX *lc, RES_ITEM *item, int index, int pass) pwd->value = bstrdup(lc->str + 5); } else { unsigned int i, j; - struct MD5Context md5c; + MD5_CTX md5c; unsigned char digest[CRYPTO_DIGEST_MD5_SIZE]; char sig[100]; - MD5Init(&md5c); - MD5Update(&md5c, (unsigned char *) (lc->str), lc->str_len); - MD5Final(digest, &md5c); + MD5_Init(&md5c); + MD5_Update(&md5c, (unsigned char *) (lc->str), lc->str_len); + MD5_Final(digest, &md5c); for (i = j = 0; i < sizeof(digest); i++) { sprintf(&sig[j], "%02x", digest[i]); j += 2; diff --git a/src/lib/sha1.c b/src/lib/sha1.c index 7e58128c1f7..7eb341304bc 100644 --- a/src/lib/sha1.c +++ b/src/lib/sha1.c @@ -1,510 +1,169 @@ /* - * sha1.c - * - * Description: - * This file implements the Secure Hashing Algorithm 1 as - * defined in FIPS PUB 180-1 published April 17, 1995. - * - * The SHA-1, produces a 160-bit message digest for a given - * data stream. It should take about 2**n steps to find a - * message with the same digest as a given message and - * 2**(n/2) to find any two messages with the same digest, - * when n is the digest size in bits. Therefore, this - * algorithm can serve as a means of providing a - * "fingerprint" for a message. - * - * Portability Issues: - * SHA-1 is defined in terms of 32-bit "words". This code - * uses (included via "sha1.h" to define 32 and 8 - * bit unsigned integer types. If your C compiler does not - * support 32 bit unsigned integers, this code is not - * appropriate. - * - * Caveats: - * SHA-1 is designed to work with messages less than 2^64 bits - * long. Although SHA-1 allows a message digest to be generated - * for messages of any number of bits less than 2^64, this - * implementation only works with messages with a length that is - * a multiple of the size of an 8-bit character. - * - * See sha1.h for copyright - */ +SHA-1 in C +By Steve Reid +100% Public Domain + +Test Vectors (from FIPS PUB 180-1) +"abc" + A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D +"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 +A million repetitions of "a" + 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F +*/ + +/* #define LITTLE_ENDIAN * This should be #define'd if true. */ +#if __LITTLE_ENDIAN__ +#define LITTLE_ENDIAN +#endif +/* #define SHA1HANDSOFF * Copies data before messing with it. */ -#include "sha1.h" +#include +#include -/* - * Define the SHA1 circular left shift macro - */ -#define SHA1CircularShift(bits,word) \ - (((word) << (bits)) | ((word) >> (32-(bits)))) +#include "sha1.h" -/* Local Function Prototyptes */ -static void SHA1PadMessage(SHA1Context *); -static void SHA1ProcessMessageBlock(SHA1Context *); +void SHA1Transform(u_int32_t state[5], u_int8_t buffer[64]); -/* - * SHA1Init - * - * Description: - * This function will initialize the SHA1Context in preparation - * for computing a new SHA1 message digest. - * - * Parameters: - * context: [in/out] - * The context to reset. - * - * Returns: - * sha Error Code. - * - */ -int SHA1Init(SHA1Context *context) -{ - if (!context) - { - return shaNull; - } +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) - context->Length_Low = 0; - context->Length_High = 0; - context->Message_Block_Index = 0; +/* blk0() and blk() perform the initial expand. */ +/* I got the idea of expanding during the round function from SSLeay */ +#ifdef LITTLE_ENDIAN +#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ + |(rol(block->l[i],8)&0x00FF00FF)) +#else +#define blk0(i) block->l[i] +#endif +#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ + ^block->l[(i+2)&15]^block->l[i&15],1)) - context->Intermediate_Hash[0] = 0x67452301; - context->Intermediate_Hash[1] = 0xEFCDAB89; - context->Intermediate_Hash[2] = 0x98BADCFE; - context->Intermediate_Hash[3] = 0x10325476; - context->Intermediate_Hash[4] = 0xC3D2E1F0; +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); - context->Computed = 0; - context->Corrupted = 0; - return shaSuccess; -} +/* Hash a single 512-bit block. This is the core of the algorithm. */ -/* - * SHA1Final - * - * Description: - * This function will return the 160-bit message digest into the - * Message_Digest array provided by the caller. - * NOTE: The first octet of hash is stored in the 0th element, - * the last octet of hash in the 19th element. - * - * Parameters: - * context: [in/out] - * The context to use to calculate the SHA-1 hash. - * Message_Digest: [out] - * Where the digest is returned. - * - * Returns: - * sha Error Code. - * - */ -int SHA1Final(SHA1Context *context, - uint8_t Message_Digest[SHA1HashSize]) +void SHA1Transform(u_int32_t state[5], u_int8_t buffer[64]) { - int i; - - if (!context || !Message_Digest) { - return shaNull; - } - - if (context->Corrupted) { - return context->Corrupted; - } - - if (!context->Computed) { - SHA1PadMessage(context); - for(i=0; i<64; ++i) { - /* message may be sensitive, clear it out */ - context->Message_Block[i] = 0; - } - context->Length_Low = 0; /* and clear length */ - context->Length_High = 0; - context->Computed = 1; - - } - - for(i = 0; i < SHA1HashSize; ++i) { - Message_Digest[i] = context->Intermediate_Hash[i>>2] - >> 8 * ( 3 - ( i & 0x03 ) ); - } - - return shaSuccess; +u_int32_t a, b, c, d, e; +typedef union { + u_int8_t c[64]; + u_int32_t l[16]; +} CHAR64LONG16; +CHAR64LONG16* block; +#ifdef SHA1HANDSOFF +static u_int8_t workspace[64]; + block = (CHAR64LONG16*)workspace; + memcpy(block, buffer, 64); +#else + block = (CHAR64LONG16*)buffer; +#endif + /* Copy context->state[] to working vars */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + /* 4 rounds of 20 operations each. Loop unrolled. */ + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + /* Wipe variables */ + a = b = c = d = e = 0; } -/* - * SHA1Update - * - * Description: - * This function accepts an array of octets as the next portion - * of the message. - * - * Parameters: - * context: [in/out] - * The SHA context to update - * message_array: [in] - * An array of characters representing the next portion of - * the message. - * length: [in] - * The length of the message in message_array - * - * Returns: - * sha Error Code. - * - */ -int SHA1Update(SHA1Context *context, - const uint8_t *message_array, - unsigned length) -{ - if (!length) { - return shaSuccess; - } - - if (!context || !message_array) { - return shaNull; - } - - if (context->Computed) { - context->Corrupted = shaStateError; - - return shaStateError; - } - - if (context->Corrupted) { - return context->Corrupted; - } - while(length-- && !context->Corrupted) { - context->Message_Block[context->Message_Block_Index++] = - (*message_array & 0xFF); - - context->Length_Low += 8; - if (context->Length_Low == 0) { - context->Length_High++; - if (context->Length_High == 0) { - /* Message is too long */ - context->Corrupted = 1; - } - } - - if (context->Message_Block_Index == 64) { - SHA1ProcessMessageBlock(context); - } - message_array++; - } - - return shaSuccess; -} +/* SHA1Init - Initialize new context */ -/* - * SHA1ProcessMessageBlock - * - * Description: - * This function will process the next 512 bits of the message - * stored in the Message_Block array. - * - * Parameters: - * None. - * - * Returns: - * Nothing. - * - * Comments: - - * Many of the variable names in this code, especially the - * single character names, were used because those were the - * names used in the publication. - * - * - */ -static void SHA1ProcessMessageBlock(SHA1Context *context) +void SHA1Init(SHA1_CTX* context) { - const uint32_t K[] = { /* Constants defined in SHA-1 */ - 0x5A827999, - 0x6ED9EBA1, - 0x8F1BBCDC, - 0xCA62C1D6 - }; - int t; /* Loop counter */ - uint32_t temp; /* Temporary word value */ - uint32_t W[80]; /* Word sequence */ - uint32_t A, B, C, D, E; /* Word buffers */ - - /* - * Initialize the first 16 words in the array W - */ - for(t = 0; t < 16; t++) { - W[t] = context->Message_Block[t * 4] << 24; - W[t] |= context->Message_Block[t * 4 + 1] << 16; - W[t] |= context->Message_Block[t * 4 + 2] << 8; - W[t] |= context->Message_Block[t * 4 + 3]; - } - - for(t = 16; t < 80; t++) { - W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]); - } - - A = context->Intermediate_Hash[0]; - B = context->Intermediate_Hash[1]; - C = context->Intermediate_Hash[2]; - D = context->Intermediate_Hash[3]; - E = context->Intermediate_Hash[4]; - - for(t = 0; t < 20; t++) { - temp = SHA1CircularShift(5,A) + - ((B & C) | ((~B) & D)) + E + W[t] + K[0]; - E = D; - D = C; - C = SHA1CircularShift(30,B); - - B = A; - A = temp; - } - - for(t = 20; t < 40; t++) { - temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1]; - E = D; - D = C; - C = SHA1CircularShift(30,B); - B = A; - A = temp; - } - - for(t = 40; t < 60; t++) { - temp = SHA1CircularShift(5,A) + - ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2]; - E = D; - D = C; - C = SHA1CircularShift(30,B); - B = A; - A = temp; - } - - for(t = 60; t < 80; t++) { - temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3]; - E = D; - D = C; - C = SHA1CircularShift(30,B); - B = A; - A = temp; - } - - context->Intermediate_Hash[0] += A; - context->Intermediate_Hash[1] += B; - context->Intermediate_Hash[2] += C; - context->Intermediate_Hash[3] += D; - context->Intermediate_Hash[4] += E; - - context->Message_Block_Index = 0; + /* SHA1 initialization constants */ + context->state[0] = 0x67452301; + context->state[1] = 0xEFCDAB89; + context->state[2] = 0x98BADCFE; + context->state[3] = 0x10325476; + context->state[4] = 0xC3D2E1F0; + context->count[0] = context->count[1] = 0; } -/* - * SHA1PadMessage - * - * Description: - * According to the standard, the message must be padded to an even - * 512 bits. The first padding bit must be a '1'. The last 64 - * bits represent the length of the original message. All bits in - * between should be 0. This function will pad the message - * according to those rules by filling the Message_Block array - * accordingly. It will also call the ProcessMessageBlock function - * provided appropriately. When it returns, it can be assumed that - * the message digest has been computed. - * - * Parameters: - * context: [in/out] - * The context to pad - * ProcessMessageBlock: [in] - * The appropriate SHA*ProcessMessageBlock function - * Returns: - * Nothing. - * - */ +/* Run your data through this. */ -static void SHA1PadMessage(SHA1Context *context) +void SHA1Update(SHA1_CTX* context, u_int8_t* data, unsigned int len) { - /* - * Check to see if the current message block is too small to hold - * the initial padding bits and length. If so, we will pad the - * block, process it, and then continue padding into a second - * block. - */ - if (context->Message_Block_Index > 55) { - context->Message_Block[context->Message_Block_Index++] = 0x80; - while(context->Message_Block_Index < 64) { - context->Message_Block[context->Message_Block_Index++] = 0; - } - - SHA1ProcessMessageBlock(context); - - while(context->Message_Block_Index < 56) { - context->Message_Block[context->Message_Block_Index++] = 0; - } - } else { - context->Message_Block[context->Message_Block_Index++] = 0x80; - while(context->Message_Block_Index < 56) { - - context->Message_Block[context->Message_Block_Index++] = 0; +unsigned int i, j; + + j = (context->count[0] >> 3) & 63; + if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++; + context->count[1] += (len >> 29); + if ((j + len) > 63) { + memcpy(&context->buffer[j], data, (i = 64-j)); + SHA1Transform(context->state, context->buffer); + for ( ; i + 63 < len; i += 64) { + SHA1Transform(context->state, &data[i]); } + j = 0; } - - /* - * Store the message length as the last 8 octets - */ - context->Message_Block[56] = context->Length_High >> 24; - context->Message_Block[57] = context->Length_High >> 16; - context->Message_Block[58] = context->Length_High >> 8; - context->Message_Block[59] = context->Length_High; - context->Message_Block[60] = context->Length_Low >> 24; - context->Message_Block[61] = context->Length_Low >> 16; - context->Message_Block[62] = context->Length_Low >> 8; - context->Message_Block[63] = context->Length_Low; - - SHA1ProcessMessageBlock(context); + else i = 0; + memcpy(&context->buffer[j], &data[i], len - i); } -#ifdef TEST_DRIVER - -/* - * sha1test.c - * - * Description: - * This file will exercise the SHA-1 code performing the three - * tests documented in FIPS PUB 180-1 plus one which calls - * SHA1Input with an exact multiple of 512 bits, plus a few - * error test checks. - * - * Portability Issues: - * None. - * - */ - -#include -#include -#include -#include "sha1.h" -/* - * Define patterns for testing - */ -#define TEST1 "abc" -#define TEST2a "abcdbcdecdefdefgefghfghighijhi" +/* Add padding and return the message digest. */ -#define TEST2b "jkijkljklmklmnlmnomnopnopq" -#define TEST2 TEST2a TEST2b -#define TEST3 "a" -#define TEST4a "01234567012345670123456701234567" -#define TEST4b "01234567012345670123456701234567" - /* an exact multiple of 512 bits */ -#define TEST4 TEST4a TEST4b -char *testarray[4] = +void SHA1Final(u_int8_t digest[20], SHA1_CTX* context) { - TEST1, - TEST2, - TEST3, - TEST4 -}; -long int repeatcount[4] = { 1, 1, 1000000, 10 }; -char *resultarray[4] = -{ - "A9 99 3E 36 47 06 81 6A BA 3E 25 71 78 50 C2 6C 9C D0 D8 9D", - "84 98 3E 44 1C 3B D2 6E BA AE 4A A1 F9 51 29 E5 E5 46 70 F1", - "34 AA 97 3C D4 C4 DA A4 F6 1E EB 2B DB AD 27 31 65 34 01 6F", - "DE A3 56 A2 CD DD 90 C7 A7 EC ED C5 EB B5 63 93 4F 46 04 52" -}; - -int main() -{ - SHA1Context sha; - int i, j, err; - uint8_t Message_Digest[20]; - - /* - * Perform SHA-1 tests - */ - for(j = 0; j < 4; ++j) { - printf( "\nTest %d: %d, '%s'\n", - j+1, - repeatcount[j], - testarray[j]); - - err = SHA1Init(&sha); - if (err) { - fprintf(stderr, "SHA1Reset Error %d.\n", err ); - break; /* out of for j loop */ - } - - for(i = 0; i < repeatcount[j]; ++i) { - - err = SHA1Input(&sha, - (const unsigned char *) testarray[j], - strlen(testarray[j])); - if (err) { - fprintf(stderr, "SHA1Input Error %d.\n", err ); - break; /* out of for i loop */ - } - } - - err = SHA1Final(&sha, Message_Digest); - if (err) { - fprintf(stderr, - "SHA1Result Error %d, could not compute message digest.\n", - err ); - } - else - { - printf("\t"); - for(i = 0; i < 20 ; ++i) { - printf("%02X ", Message_Digest[i]); - } - printf("\n"); - } - printf("Should match:\n"); - printf("\t%s\n", resultarray[j]); - } - - /* Test some error returns */ - err = SHA1Input(&sha,(const unsigned char *) testarray[1], 1); - printf ("\nError %d. Should be %d.\n", err, shaStateError ); - err = SHA1Init(0); - printf ("\nError %d. Should be %d.\n", err, shaNull ); - return 0; -} - -#endif /* TEST_DRIVER */ - -#ifdef SHA1_SUM -/* - * Reads a single ASCII file and prints the HEX sha1 sum. - */ -#include -int main(int argc, char *argv[]) -{ - FILE *fd; - SHA1Context ctx; - char buf[5000]; - char signature[25]; - - if (argc < 1) { - printf("Must have filename\n"); - exit(1); - } - fd = fopen(argv[1], "rb"); - if (!fd) { - berrno be; - printf("Could not open %s: ERR=%s\n", argv[1], be.bstrerror(errno)); - exit(1); - } - SHA1Init(&ctx); - while (fgets(buf, sizeof(buf), fd)) { - SHA1Update(&ctx, (unsigned char *)buf, strlen(buf)); - } - SHA1Final(&ctx, (unsigned char *)signature); - for (int i=0; i < 20; i++) { - printf("%02x", signature[i]& 0xFF); - } - printf(" %s\n", argv[1]); - fclose(fd); -} +u_int32_t i, j; +u_int8_t finalcount[8]; + + for (i = 0; i < 8; i++) { + finalcount[i] = (u_int8_t)((context->count[(i >= 4 ? 0 : 1)] + >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ + } + SHA1Update(context, (u_int8_t *)"\200", 1); + while ((context->count[0] & 504) != 448) { + SHA1Update(context, (u_int8_t *)"\0", 1); + } + SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ + for (i = 0; i < 20; i++) { + digest[i] = (u_int8_t) + ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); + } + /* Wipe variables */ + i = j = 0; + memset(context->buffer, 0, 64); + memset(context->state, 0, 20); + memset(context->count, 0, 8); + memset(&finalcount, 0, 8); +#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */ + SHA1Transform(context->state, context->buffer); #endif +} diff --git a/src/lib/sha1.h b/src/lib/sha1.h index 3c8e6952c5f..b0d91e3a7c3 100644 --- a/src/lib/sha1.h +++ b/src/lib/sha1.h @@ -1,50 +1,9 @@ +/* $OpenBSD: sha1.h,v 1.5 2007/09/10 22:19:42 henric Exp $ */ + /* - * sha1.h - * - * Description: - * This is the header file for code which implements the Secure - * Hashing Algorithm 1 as defined in FIPS PUB 180-1 published - * April 17, 1995. - * - * Many of the variable names in this code, especially the - * single character names, were used because those were the names - * used in the publication. - * - * Please read the file sha1.c for more information. - * - * Full Copyright Statement - * - * Copyright (C) The Internet Society (2001). All Rights Reserved. - * - * This document and translations of it may be copied and furnished to - * others, and derivative works that comment on or otherwise explain it - * or assist in its implementation may be prepared, copied, published - * and distributed, in whole or in part, without restriction of any - * kind, provided that the above copyright notice and this paragraph are - * included on all such copies and derivative works. However, this - * document itself may not be modified in any way, such as by removing - * the copyright notice or references to the Internet Society or other - * Internet organizations, except as needed for the purpose of - * developing Internet standards in which case the procedures for - * copyrights defined in the Internet Standards process must be - * followed, or as required to translate it into languages other than - * English. - * - * The limited permissions granted above are perpetual and will not be - * revoked by the Internet Society or its successors or assigns. - * - * This document and the information contained herein is provided on an - * "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING - * TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING - * BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION - * HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF - * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - * - * Acknowledgement - * - * Funding for the RFC Editor function is currently provided by the - * Internet Society. - * + * SHA-1 in C + * By Steve Reid + * 100% Public Domain */ #ifndef _SHA1_H_ @@ -52,56 +11,18 @@ #include "bareos.h" -/* - * If you do not have the ISO standard stdint.h header file, then you - * must typdef the following: - * name meaning - * uint32_t unsigned 32 bit integer - * uint8_t unsigned 8 bit integer (i.e., unsigned char) - * int32_t integer of 32 bits - * - */ - -#ifndef _SHA_enum_ -#define _SHA_enum_ -enum -{ - shaSuccess = 0, - shaNull, /* Null pointer parameter */ - shaInputTooLong, /* input data too long */ - shaStateError /* called Input after Result */ -}; -#endif -#define SHA1HashSize 20 - -/* - * This structure will hold context information for the SHA-1 - * hashing operation - */ -typedef struct SHA1Context -{ - uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */ - - uint32_t Length_Low; /* Message length in bits */ - uint32_t Length_High; /* Message length in bits */ - - /* Index into message block array */ - int32_t Message_Block_Index; - uint8_t Message_Block[64]; /* 512-bit message blocks */ +#define SHA1_BLOCK_LENGTH 64 +#define SHA1_DIGEST_LENGTH 20 - int Computed; /* Is the digest computed? */ - int Corrupted; /* Is the message digest corrupted? */ -} SHA1Context; - -/* - * Function Prototypes - */ +typedef struct { + u_int32_t state[5]; + u_int32_t count[2]; + unsigned char buffer[SHA1_BLOCK_LENGTH]; +} SHA1_CTX; -int SHA1Init(SHA1Context *); -int SHA1Update(SHA1Context *, - const uint8_t *, - unsigned int); -int SHA1Final(SHA1Context *, - uint8_t Message_Digest[SHA1HashSize]); +void SHA1Init(SHA1_CTX * context); +void SHA1Transform(u_int32_t state[5], const unsigned char buffer[SHA1_BLOCK_LENGTH]); +void SHA1Update(SHA1_CTX *context, const unsigned char *data, unsigned int len); +void SHA1Final(unsigned char digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context); -#endif +#endif /* _SHA1_H_ */ diff --git a/src/lib/util.c b/src/lib/util.c index f43a122f9bc..f6b6bdb45ac 100644 --- a/src/lib/util.c +++ b/src/lib/util.c @@ -618,7 +618,7 @@ int do_shell_expansion(char *name, int name_len) void make_session_key(char *key, char *seed, int mode) { int j, k; - struct MD5Context md5c; + MD5_CTX md5c; unsigned char md5key[16], md5key1[16]; char s[1024]; @@ -671,13 +671,13 @@ void make_session_key(char *key, char *seed, int mode) bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)getuid()); bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)getgid()); #endif - MD5Init(&md5c); - MD5Update(&md5c, (uint8_t *)s, strlen(s)); - MD5Final(md5key, &md5c); + MD5_Init(&md5c); + MD5_Update(&md5c, (uint8_t *)s, strlen(s)); + MD5_Final(md5key, &md5c); bsnprintf(s + strlen(s), ss, "%lu", (uint32_t)((time(NULL) + 65121) ^ 0x375F)); - MD5Init(&md5c); - MD5Update(&md5c, (uint8_t *)s, strlen(s)); - MD5Final(md5key1, &md5c); + MD5_Init(&md5c); + MD5_Update(&md5c, (uint8_t *)s, strlen(s)); + MD5_Final(md5key1, &md5c); #define nextrand (md5key[j] ^ md5key1[j]) if (mode) { for (j = k = 0; j < 16; j++) {