imapext-2007
diff src/c-client/auth_md5.c @ 0:ada5e610ab86
imap-2007e
| author | yuuji@gentei.org |
|---|---|
| date | Mon, 14 Sep 2009 15:17:45 +0900 |
| parents | |
| children | 28a55bc1110c |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/src/c-client/auth_md5.c Mon Sep 14 15:17:45 2009 +0900 1.3 @@ -0,0 +1,495 @@ 1.4 +/* ======================================================================== 1.5 + * Copyright 1988-2007 University of Washington 1.6 + * 1.7 + * Licensed under the Apache License, Version 2.0 (the "License"); 1.8 + * you may not use this file except in compliance with the License. 1.9 + * You may obtain a copy of the License at 1.10 + * 1.11 + * http://www.apache.org/licenses/LICENSE-2.0 1.12 + * 1.13 + * 1.14 + * ======================================================================== 1.15 + */ 1.16 + 1.17 +/* 1.18 + * Program: CRAM-MD5 authenticator 1.19 + * 1.20 + * Author: Mark Crispin 1.21 + * Networks and Distributed Computing 1.22 + * Computing & Communications 1.23 + * University of Washington 1.24 + * Administration Building, AG-44 1.25 + * Seattle, WA 98195 1.26 + * Internet: MRC@CAC.Washington.EDU 1.27 + * 1.28 + * Date: 21 October 1998 1.29 + * Last Edited: 30 January 2007 1.30 + */ 1.31 + 1.32 +/* MD5 context */ 1.33 + 1.34 +#define MD5BLKLEN 64 /* MD5 block length */ 1.35 +#define MD5DIGLEN 16 /* MD5 digest length */ 1.36 + 1.37 +typedef struct { 1.38 + unsigned long chigh; /* high 32bits of byte count */ 1.39 + unsigned long clow; /* low 32bits of byte count */ 1.40 + unsigned long state[4]; /* state (ABCD) */ 1.41 + unsigned char buf[MD5BLKLEN]; /* input buffer */ 1.42 + unsigned char *ptr; /* buffer position */ 1.43 +} MD5CONTEXT; 1.44 + 1.45 + 1.46 +/* Prototypes */ 1.47 + 1.48 +long auth_md5_valid (void); 1.49 +long auth_md5_client (authchallenge_t challenger,authrespond_t responder, 1.50 + char *service,NETMBX *mb,void *stream, 1.51 + unsigned long *trial,char *user); 1.52 +char *auth_md5_server (authresponse_t responder,int argc,char *argv[]); 1.53 +char *auth_md5_pwd (char *user); 1.54 +char *apop_login (char *chal,char *user,char *md5,int argc,char *argv[]); 1.55 +char *hmac_md5 (char *text,unsigned long tl,char *key,unsigned long kl); 1.56 +void md5_init (MD5CONTEXT *ctx); 1.57 +void md5_update (MD5CONTEXT *ctx,unsigned char *data,unsigned long len); 1.58 +void md5_final (unsigned char *digest,MD5CONTEXT *ctx); 1.59 +static void md5_transform (unsigned long *state,unsigned char *block); 1.60 +static void md5_encode (unsigned char *dst,unsigned long *src,int len); 1.61 +static void md5_decode (unsigned long *dst,unsigned char *src,int len); 1.62 + 1.63 + 1.64 +/* Authenticator linkage */ 1.65 + 1.66 +AUTHENTICATOR auth_md5 = { 1.67 + AU_SECURE, /* secure authenticator */ 1.68 + "CRAM-MD5", /* authenticator name */ 1.69 + auth_md5_valid, /* check if valid */ 1.70 + auth_md5_client, /* client method */ 1.71 + auth_md5_server, /* server method */ 1.72 + NIL /* next authenticator */ 1.73 +}; 1.74 + 1.75 +/* Check if CRAM-MD5 valid on this system 1.76 + * Returns: T, always 1.77 + */ 1.78 + 1.79 +long auth_md5_valid (void) 1.80 +{ 1.81 + struct stat sbuf; 1.82 + /* server forbids MD5 if no MD5 enable file */ 1.83 + if (stat (MD5ENABLE,&sbuf)) auth_md5.server = NIL; 1.84 + return T; /* MD5 is otherwise valid */ 1.85 +} 1.86 + 1.87 + 1.88 +/* Client authenticator 1.89 + * Accepts: challenger function 1.90 + * responder function 1.91 + * SASL service name 1.92 + * parsed network mailbox structure 1.93 + * stream argument for functions 1.94 + * pointer to current trial count 1.95 + * returned user name 1.96 + * Returns: T if success, NIL otherwise, number of trials incremented if retry 1.97 + */ 1.98 + 1.99 +long auth_md5_client (authchallenge_t challenger,authrespond_t responder, 1.100 + char *service,NETMBX *mb,void *stream, 1.101 + unsigned long *trial,char *user) 1.102 +{ 1.103 + char pwd[MAILTMPLEN]; 1.104 + void *challenge; 1.105 + unsigned long clen; 1.106 + long ret = NIL; 1.107 + /* get challenge */ 1.108 + if (challenge = (*challenger) (stream,&clen)) { 1.109 + pwd[0] = NIL; /* prompt user */ 1.110 + mm_login (mb,user,pwd,*trial); 1.111 + if (!pwd[0]) { /* user requested abort */ 1.112 + fs_give ((void **) &challenge); 1.113 + (*responder) (stream,NIL,0); 1.114 + *trial = 0; /* cancel subsequent attempts */ 1.115 + ret = LONGT; /* will get a BAD response back */ 1.116 + } 1.117 + else { /* got password, build response */ 1.118 + sprintf (pwd,"%.65s %.33s",user,hmac_md5 (challenge,clen, 1.119 + pwd,strlen (pwd))); 1.120 + fs_give ((void **) &challenge); 1.121 + /* send credentials, allow retry if OK */ 1.122 + if ((*responder) (stream,pwd,strlen (pwd))) { 1.123 + if (challenge = (*challenger) (stream,&clen)) 1.124 + fs_give ((void **) &challenge); 1.125 + else { 1.126 + ++*trial; /* can try again if necessary */ 1.127 + ret = LONGT; /* check the authentication */ 1.128 + } 1.129 + } 1.130 + } 1.131 + } 1.132 + memset (pwd,0,MAILTMPLEN); /* erase password in case not overwritten */ 1.133 + if (!ret) *trial = 65535; /* don't retry if bad protocol */ 1.134 + return ret; 1.135 +} 1.136 + 1.137 +/* Server authenticator 1.138 + * Accepts: responder function 1.139 + * argument count 1.140 + * argument vector 1.141 + * Returns: authenticated user name or NIL 1.142 + * 1.143 + * This is much hairier than it needs to be due to the necessary of zapping 1.144 + * the password data. 1.145 + */ 1.146 + 1.147 +static int md5try = MAXLOGINTRIALS; 1.148 + 1.149 +char *auth_md5_server (authresponse_t responder,int argc,char *argv[]) 1.150 +{ 1.151 + char *ret = NIL; 1.152 + char *p,*u,*user,*authuser,*hash,chal[MAILTMPLEN]; 1.153 + unsigned long cl,pl; 1.154 + /* generate challenge */ 1.155 + sprintf (chal,"<%lu.%lu@%s>",(unsigned long) getpid (), 1.156 + (unsigned long) time (0),mylocalhost ()); 1.157 + /* send challenge, get user and hash */ 1.158 + if (user = (*responder) (chal,cl = strlen (chal),NIL)) { 1.159 + /* got user, locate hash */ 1.160 + if (hash = strrchr (user,' ')) { 1.161 + *hash++ = '\0'; /* tie off user */ 1.162 + /* see if authentication user */ 1.163 + if (authuser = strchr (user,'*')) *authuser++ = '\0'; 1.164 + /* get password */ 1.165 + if (p = auth_md5_pwd ((authuser && *authuser) ? authuser : user)) { 1.166 + pl = strlen (p); 1.167 + u = (md5try && !strcmp (hash,hmac_md5 (chal,cl,p,pl))) ? user : NIL; 1.168 + memset (p,0,pl); /* erase sensitive information */ 1.169 + fs_give ((void **) &p); /* flush erased password */ 1.170 + /* now log in for real */ 1.171 + if (u && authserver_login (u,authuser,argc,argv)) ret = myusername (); 1.172 + else if (md5try) --md5try; 1.173 + } 1.174 + } 1.175 + fs_give ((void **) &user); 1.176 + } 1.177 + if (!ret) sleep (3); /* slow down possible cracker */ 1.178 + return ret; 1.179 +} 1.180 + 1.181 +/* Return MD5 password for user 1.182 + * Accepts: user name 1.183 + * Returns: plaintext password if success, else NIL 1.184 + * 1.185 + * This is much hairier than it needs to be due to the necessary of zapping 1.186 + * the password data. That's why we don't use stdio here. 1.187 + */ 1.188 + 1.189 +char *auth_md5_pwd (char *user) 1.190 +{ 1.191 + struct stat sbuf; 1.192 + int fd = open (MD5ENABLE,O_RDONLY,NIL); 1.193 + unsigned char *s,*t,*buf,*lusr,*lret; 1.194 + char *r; 1.195 + char *ret = NIL; 1.196 + if (fd >= 0) { /* found the file? */ 1.197 + fstat (fd,&sbuf); /* yes, slurp it into memory */ 1.198 + read (fd,buf = (char *) fs_get (sbuf.st_size + 1),sbuf.st_size); 1.199 + /* see if any uppercase characters in user */ 1.200 + for (s = user; *s && ((*s < 'A') || (*s > 'Z')); s++); 1.201 + /* yes, make lowercase copy */ 1.202 + lusr = *s ? lcase (cpystr (user)) : NIL; 1.203 + for (s = strtok_r ((char *) buf,"\015\012",&r),lret = NIL; s; 1.204 + s = ret ? NIL : strtok_r (NIL,"\015\012",&r)) 1.205 + /* must be valid entry line */ 1.206 + if (*s && (*s != '#') && (t = strchr (s,'\t')) && t[1]) { 1.207 + *t++ = '\0'; /* found tab, tie off user, point to pwd */ 1.208 + if (!strcmp (s,user)) ret = cpystr (t); 1.209 + else if (lusr && !lret) if (!strcmp (s,lusr)) lret = t; 1.210 + } 1.211 + /* accept case-independent name */ 1.212 + if (!ret && lret) ret = cpystr (lret); 1.213 + /* don't need lowercase copy any more */ 1.214 + if (lusr) fs_give ((void **) &lusr); 1.215 + /* erase sensitive information from buffer */ 1.216 + memset (buf,0,sbuf.st_size + 1); 1.217 + fs_give ((void **) &buf); /* flush the buffer */ 1.218 + close (fd); /* don't need file any longer */ 1.219 + } 1.220 + return ret; /* return password */ 1.221 +} 1.222 + 1.223 +/* APOP server login 1.224 + * Accepts: challenge 1.225 + * desired user name 1.226 + * purported MD5 1.227 + * argument count 1.228 + * argument vector 1.229 + * Returns: authenticated user name or NIL 1.230 + */ 1.231 + 1.232 +char *apop_login (char *chal,char *user,char *md5,int argc,char *argv[]) 1.233 +{ 1.234 + int i,j; 1.235 + char *ret = NIL; 1.236 + char *s,*authuser,tmp[MAILTMPLEN]; 1.237 + unsigned char digest[MD5DIGLEN]; 1.238 + MD5CONTEXT ctx; 1.239 + char *hex = "0123456789abcdef"; 1.240 + /* see if authentication user */ 1.241 + if (authuser = strchr (user,'*')) *authuser++ = '\0'; 1.242 + /* get password */ 1.243 + if (s = auth_md5_pwd ((authuser && *authuser) ? authuser : user)) { 1.244 + md5_init (&ctx); /* initialize MD5 context */ 1.245 + /* build string to get MD5 digest */ 1.246 + sprintf (tmp,"%.128s%.128s",chal,s); 1.247 + memset (s,0,strlen (s)); /* erase sensitive information */ 1.248 + fs_give ((void **) &s); /* flush erased password */ 1.249 + md5_update (&ctx,(unsigned char *) tmp,strlen (tmp)); 1.250 + memset (tmp,0,MAILTMPLEN); /* erase sensitive information */ 1.251 + md5_final (digest,&ctx); 1.252 + /* convert to printable hex */ 1.253 + for (i = 0, s = tmp; i < MD5DIGLEN; i++) { 1.254 + *s++ = hex[(j = digest[i]) >> 4]; 1.255 + *s++ = hex[j & 0xf]; 1.256 + } 1.257 + *s = '\0'; /* tie off hash text */ 1.258 + memset (digest,0,MD5DIGLEN);/* erase sensitive information */ 1.259 + if (md5try && !strcmp (md5,tmp) && 1.260 + authserver_login (user,authuser,argc,argv)) 1.261 + ret = cpystr (myusername ()); 1.262 + else if (md5try) --md5try; 1.263 + memset (tmp,0,MAILTMPLEN); /* erase sensitive information */ 1.264 + } 1.265 + if (!ret) sleep (3); /* slow down possible cracker */ 1.266 + return ret; 1.267 +} 1.268 + 1.269 +/* 1.270 + * RFC 2104 HMAC hashing 1.271 + * Accepts: text to hash 1.272 + * text length 1.273 + * key 1.274 + * key length 1.275 + * Returns: hash as text, always 1.276 + */ 1.277 + 1.278 +char *hmac_md5 (char *text,unsigned long tl,char *key,unsigned long kl) 1.279 +{ 1.280 + int i,j; 1.281 + static char hshbuf[2*MD5DIGLEN + 1]; 1.282 + char *s; 1.283 + MD5CONTEXT ctx; 1.284 + char *hex = "0123456789abcdef"; 1.285 + unsigned char digest[MD5DIGLEN],k_ipad[MD5BLKLEN+1],k_opad[MD5BLKLEN+1]; 1.286 + if (kl > MD5BLKLEN) { /* key longer than pad length? */ 1.287 + md5_init (&ctx); /* yes, set key as MD5(key) */ 1.288 + md5_update (&ctx,(unsigned char *) key,kl); 1.289 + md5_final (digest,&ctx); 1.290 + key = (char *) digest; 1.291 + kl = MD5DIGLEN; 1.292 + } 1.293 + memcpy (k_ipad,key,kl); /* store key in pads */ 1.294 + memset (k_ipad+kl,0,(MD5BLKLEN+1)-kl); 1.295 + memcpy (k_opad,k_ipad,MD5BLKLEN+1); 1.296 + /* XOR key with ipad and opad values */ 1.297 + for (i = 0; i < MD5BLKLEN; i++) { 1.298 + k_ipad[i] ^= 0x36; 1.299 + k_opad[i] ^= 0x5c; 1.300 + } 1.301 + md5_init (&ctx); /* inner MD5: hash ipad and text */ 1.302 + md5_update (&ctx,k_ipad,MD5BLKLEN); 1.303 + md5_update (&ctx,(unsigned char *) text,tl); 1.304 + md5_final (digest,&ctx); 1.305 + md5_init (&ctx); /* outer MD5: hash opad and inner results */ 1.306 + md5_update (&ctx,k_opad,MD5BLKLEN); 1.307 + md5_update (&ctx,digest,MD5DIGLEN); 1.308 + md5_final (digest,&ctx); 1.309 + /* convert to printable hex */ 1.310 + for (i = 0, s = hshbuf; i < MD5DIGLEN; i++) { 1.311 + *s++ = hex[(j = digest[i]) >> 4]; 1.312 + *s++ = hex[j & 0xf]; 1.313 + } 1.314 + *s = '\0'; /* tie off hash text */ 1.315 + return hshbuf; 1.316 +} 1.317 + 1.318 +/* Everything after this point is derived from the RSA Data Security, Inc. 1.319 + * MD5 Message-Digest Algorithm 1.320 + */ 1.321 + 1.322 +/* You may wonder why these strange "a &= 0xffffffff;" statements are here. 1.323 + * This is to ensure correct results on machines with a unsigned long size of 1.324 + * larger than 32 bits. 1.325 + */ 1.326 + 1.327 +#define RND1(a,b,c,d,x,s,ac) \ 1.328 + a += ((b & c) | (d & ~b)) + x + (unsigned long) ac; \ 1.329 + a &= 0xffffffff; \ 1.330 + a = b + ((a << s) | (a >> (32 - s))); 1.331 + 1.332 +#define RND2(a,b,c,d,x,s,ac) \ 1.333 + a += ((b & d) | (c & ~d)) + x + (unsigned long) ac; \ 1.334 + a &= 0xffffffff; \ 1.335 + a = b + ((a << s) | (a >> (32 - s))); 1.336 + 1.337 +#define RND3(a,b,c,d,x,s,ac) \ 1.338 + a += (b ^ c ^ d) + x + (unsigned long) ac; \ 1.339 + a &= 0xffffffff; \ 1.340 + a = b + ((a << s) | (a >> (32 - s))); 1.341 + 1.342 +#define RND4(a,b,c,d,x,s,ac) \ 1.343 + a += (c ^ (b | ~d)) + x + (unsigned long) ac; \ 1.344 + a &= 0xffffffff; \ 1.345 + a = b + ((a << s) | (a >> (32 - s))); 1.346 + 1.347 +/* Initialize MD5 context 1.348 + * Accepts: context to initialize 1.349 + */ 1.350 + 1.351 +void md5_init (MD5CONTEXT *ctx) 1.352 +{ 1.353 + ctx->clow = ctx->chigh = 0; /* initialize byte count to zero */ 1.354 + /* initialization constants */ 1.355 + ctx->state[0] = 0x67452301; ctx->state[1] = 0xefcdab89; 1.356 + ctx->state[2] = 0x98badcfe; ctx->state[3] = 0x10325476; 1.357 + ctx->ptr = ctx->buf; /* reset buffer pointer */ 1.358 +} 1.359 + 1.360 + 1.361 +/* MD5 add data to context 1.362 + * Accepts: context 1.363 + * input data 1.364 + * length of data 1.365 + */ 1.366 + 1.367 +void md5_update (MD5CONTEXT *ctx,unsigned char *data,unsigned long len) 1.368 +{ 1.369 + unsigned long i = (ctx->buf + MD5BLKLEN) - ctx->ptr; 1.370 + /* update double precision number of bytes */ 1.371 + if ((ctx->clow += len) < len) ctx->chigh++; 1.372 + while (i <= len) { /* copy/transform data, 64 bytes at a time */ 1.373 + memcpy (ctx->ptr,data,i); /* fill up 64 byte chunk */ 1.374 + md5_transform (ctx->state,ctx->ptr = ctx->buf); 1.375 + data += i,len -= i,i = MD5BLKLEN; 1.376 + } 1.377 + memcpy (ctx->ptr,data,len); /* copy final bit of data in buffer */ 1.378 + ctx->ptr += len; /* update buffer pointer */ 1.379 +} 1.380 + 1.381 +/* MD5 Finalization 1.382 + * Accepts: destination digest 1.383 + * context 1.384 + */ 1.385 + 1.386 +void md5_final (unsigned char *digest,MD5CONTEXT *ctx) 1.387 +{ 1.388 + unsigned long i,bits[2]; 1.389 + bits[0] = ctx->clow << 3; /* calculate length in bits (before padding) */ 1.390 + bits[1] = (ctx->chigh << 3) + (ctx->clow >> 29); 1.391 + *ctx->ptr++ = 0x80; /* padding byte */ 1.392 + if ((i = (ctx->buf + MD5BLKLEN) - ctx->ptr) < 8) { 1.393 + memset (ctx->ptr,0,i); /* pad out buffer with zeros */ 1.394 + md5_transform (ctx->state,ctx->buf); 1.395 + /* pad out with zeros, leaving 8 bytes */ 1.396 + memset (ctx->buf,0,MD5BLKLEN - 8); 1.397 + ctx->ptr = ctx->buf + MD5BLKLEN - 8; 1.398 + } 1.399 + else if (i -= 8) { /* need to pad this buffer? */ 1.400 + memset (ctx->ptr,0,i); /* yes, pad out with zeros, leaving 8 bytes */ 1.401 + ctx->ptr += i; 1.402 + } 1.403 + md5_encode (ctx->ptr,bits,2); /* make LSB-first length */ 1.404 + md5_transform (ctx->state,ctx->buf); 1.405 + /* store state in digest */ 1.406 + md5_encode (digest,ctx->state,4); 1.407 + /* erase context */ 1.408 + memset (ctx,0,sizeof (MD5CONTEXT)); 1.409 +} 1.410 + 1.411 +/* MD5 basic transformation 1.412 + * Accepts: state vector 1.413 + * current 64-byte block 1.414 + */ 1.415 + 1.416 +static void md5_transform (unsigned long *state,unsigned char *block) 1.417 +{ 1.418 + unsigned long a = state[0],b = state[1],c = state[2],d = state[3],x[16]; 1.419 + md5_decode (x,block,16); /* decode into 16 longs */ 1.420 + /* round 1 */ 1.421 + RND1 (a,b,c,d,x[ 0], 7,0xd76aa478); RND1 (d,a,b,c,x[ 1],12,0xe8c7b756); 1.422 + RND1 (c,d,a,b,x[ 2],17,0x242070db); RND1 (b,c,d,a,x[ 3],22,0xc1bdceee); 1.423 + RND1 (a,b,c,d,x[ 4], 7,0xf57c0faf); RND1 (d,a,b,c,x[ 5],12,0x4787c62a); 1.424 + RND1 (c,d,a,b,x[ 6],17,0xa8304613); RND1 (b,c,d,a,x[ 7],22,0xfd469501); 1.425 + RND1 (a,b,c,d,x[ 8], 7,0x698098d8); RND1 (d,a,b,c,x[ 9],12,0x8b44f7af); 1.426 + RND1 (c,d,a,b,x[10],17,0xffff5bb1); RND1 (b,c,d,a,x[11],22,0x895cd7be); 1.427 + RND1 (a,b,c,d,x[12], 7,0x6b901122); RND1 (d,a,b,c,x[13],12,0xfd987193); 1.428 + RND1 (c,d,a,b,x[14],17,0xa679438e); RND1 (b,c,d,a,x[15],22,0x49b40821); 1.429 + /* round 2 */ 1.430 + RND2 (a,b,c,d,x[ 1], 5,0xf61e2562); RND2 (d,a,b,c,x[ 6], 9,0xc040b340); 1.431 + RND2 (c,d,a,b,x[11],14,0x265e5a51); RND2 (b,c,d,a,x[ 0],20,0xe9b6c7aa); 1.432 + RND2 (a,b,c,d,x[ 5], 5,0xd62f105d); RND2 (d,a,b,c,x[10], 9, 0x2441453); 1.433 + RND2 (c,d,a,b,x[15],14,0xd8a1e681); RND2 (b,c,d,a,x[ 4],20,0xe7d3fbc8); 1.434 + RND2 (a,b,c,d,x[ 9], 5,0x21e1cde6); RND2 (d,a,b,c,x[14], 9,0xc33707d6); 1.435 + RND2 (c,d,a,b,x[ 3],14,0xf4d50d87); RND2 (b,c,d,a,x[ 8],20,0x455a14ed); 1.436 + RND2 (a,b,c,d,x[13], 5,0xa9e3e905); RND2 (d,a,b,c,x[ 2], 9,0xfcefa3f8); 1.437 + RND2 (c,d,a,b,x[ 7],14,0x676f02d9); RND2 (b,c,d,a,x[12],20,0x8d2a4c8a); 1.438 + /* round 3 */ 1.439 + RND3 (a,b,c,d,x[ 5], 4,0xfffa3942); RND3 (d,a,b,c,x[ 8],11,0x8771f681); 1.440 + RND3 (c,d,a,b,x[11],16,0x6d9d6122); RND3 (b,c,d,a,x[14],23,0xfde5380c); 1.441 + RND3 (a,b,c,d,x[ 1], 4,0xa4beea44); RND3 (d,a,b,c,x[ 4],11,0x4bdecfa9); 1.442 + RND3 (c,d,a,b,x[ 7],16,0xf6bb4b60); RND3 (b,c,d,a,x[10],23,0xbebfbc70); 1.443 + RND3 (a,b,c,d,x[13], 4,0x289b7ec6); RND3 (d,a,b,c,x[ 0],11,0xeaa127fa); 1.444 + RND3 (c,d,a,b,x[ 3],16,0xd4ef3085); RND3 (b,c,d,a,x[ 6],23, 0x4881d05); 1.445 + RND3 (a,b,c,d,x[ 9], 4,0xd9d4d039); RND3 (d,a,b,c,x[12],11,0xe6db99e5); 1.446 + RND3 (c,d,a,b,x[15],16,0x1fa27cf8); RND3 (b,c,d,a,x[ 2],23,0xc4ac5665); 1.447 + /* round 4 */ 1.448 + RND4 (a,b,c,d,x[ 0], 6,0xf4292244); RND4 (d,a,b,c,x[ 7],10,0x432aff97); 1.449 + RND4 (c,d,a,b,x[14],15,0xab9423a7); RND4 (b,c,d,a,x[ 5],21,0xfc93a039); 1.450 + RND4 (a,b,c,d,x[12], 6,0x655b59c3); RND4 (d,a,b,c,x[ 3],10,0x8f0ccc92); 1.451 + RND4 (c,d,a,b,x[10],15,0xffeff47d); RND4 (b,c,d,a,x[ 1],21,0x85845dd1); 1.452 + RND4 (a,b,c,d,x[ 8], 6,0x6fa87e4f); RND4 (d,a,b,c,x[15],10,0xfe2ce6e0); 1.453 + RND4 (c,d,a,b,x[ 6],15,0xa3014314); RND4 (b,c,d,a,x[13],21,0x4e0811a1); 1.454 + RND4 (a,b,c,d,x[ 4], 6,0xf7537e82); RND4 (d,a,b,c,x[11],10,0xbd3af235); 1.455 + RND4 (c,d,a,b,x[ 2],15,0x2ad7d2bb); RND4 (b,c,d,a,x[ 9],21,0xeb86d391); 1.456 + /* update state */ 1.457 + state[0] += a; state[1] += b; state[2] += c; state[3] += d; 1.458 + memset (x,0,sizeof (x)); /* erase sensitive data */ 1.459 +} 1.460 + 1.461 +/* You may wonder why these strange "& 0xff" maskings are here. This is to 1.462 + * ensure correct results on machines with a char size of larger than 8 bits. 1.463 + * For example, the KCC compiler on the PDP-10 uses 9-bit chars. 1.464 + */ 1.465 + 1.466 +/* MD5 encode unsigned long into LSB-first bytes 1.467 + * Accepts: destination pointer 1.468 + * source 1.469 + * length of source 1.470 + */ 1.471 + 1.472 +static void md5_encode (unsigned char *dst,unsigned long *src,int len) 1.473 +{ 1.474 + int i; 1.475 + for (i = 0; i < len; i++) { 1.476 + *dst++ = (unsigned char) (src[i] & 0xff); 1.477 + *dst++ = (unsigned char) ((src[i] >> 8) & 0xff); 1.478 + *dst++ = (unsigned char) ((src[i] >> 16) & 0xff); 1.479 + *dst++ = (unsigned char) ((src[i] >> 24) & 0xff); 1.480 + } 1.481 +} 1.482 + 1.483 + 1.484 +/* MD5 decode LSB-first bytes into unsigned long 1.485 + * Accepts: destination pointer 1.486 + * source 1.487 + * length of destination 1.488 + */ 1.489 + 1.490 +static void md5_decode (unsigned long *dst,unsigned char *src,int len) 1.491 +{ 1.492 + int i, j; 1.493 + for (i = 0, j = 0; i < len; i++, j += 4) 1.494 + dst[i] = ((unsigned long) (src[j] & 0xff)) | 1.495 + (((unsigned long) (src[j+1] & 0xff)) << 8) | 1.496 + (((unsigned long) (src[j+2] & 0xff)) << 16) | 1.497 + (((unsigned long) (src[j+3] & 0xff)) << 24); 1.498 +}