Added replacement MD4 implementation

This commit is contained in:
akallabeth 2022-10-18 13:51:09 +02:00
parent cfca31d384
commit 095f1dca62
6 changed files with 421 additions and 31 deletions

View File

@ -66,6 +66,7 @@ option(WITH_SMARTCARD_INSPECT "Enable SmartCard API Inspector" OFF)
option(WITH_DEBUG_MUTEX "Print mutex debug messages" ${DEFAULT_DEBUG_OPTION})
option(WITH_ICU "Use ICU for unicode conversion" OFF)
option(WITH_GSSAPI "Compile support for kerberos authentication. (EXPERIMENTAL)" OFF)
option(WITH_INTERNAL_MD4 "Use compiled in md4 hash functions instead of OpenSSL/MBedTLS" OFF)
if ( (WITH_GSSAPI) AND (NOT GSS_FOUND))
message(WARNING "-DWITH_GSSAPI=ON is set, but not GSSAPI implementation was found, disabling")
elseif(WITH_GSSAPI)

View File

@ -29,6 +29,7 @@
#cmakedefine WITH_NATIVE_SSPI
#cmakedefine WITH_ICU
#cmakedefine WITH_SPNEGO
#cmakedefine WITH_INTERNAL_MD4
#cmakedefine WITH_DEBUG_NTLM
#cmakedefine WITH_DEBUG_THREADS

View File

@ -15,13 +15,21 @@
# See the License for the specific language governing permissions and
# limitations under the License.
winpr_module_add(
set(SRCS
hash.c
rand.c
cipher.c
cert.c
crypto.c
crypto.h)
crypto.h
)
if (WITH_INTERNAL_MD4)
list(APPEND SRCS md4.c md4.h)
endif()
winpr_module_add(
${SRCS}
)
if(OPENSSL_FOUND)
winpr_include_directory_add(${OPENSSL_INCLUDE_DIR})

View File

@ -19,7 +19,7 @@
#include <winpr/config.h>
#include <winpr/crt.h>
#include <winpr/assert.h>
#include <winpr/crypto.h>
#ifdef WITH_OPENSSL
@ -37,6 +37,10 @@
#include <mbedtls/md.h>
#endif
#if defined(WITH_INTERNAL_MD4)
#include "md4.h"
#endif
/**
* HMAC
*/
@ -336,34 +340,56 @@ out:
* Generic Digest API
*/
WINPR_DIGEST_CTX* winpr_Digest_New(void)
struct winpr_digest_ctx_private_st
{
WINPR_DIGEST_CTX* ctx = NULL;
WINPR_MD_TYPE md;
#if defined(WITH_INTERNAL_MD4)
WINPR_MD4_CTX md4;
#endif
#if defined(WITH_OPENSSL)
EVP_MD_CTX* mdctx;
#endif
#if defined(WITH_MBEDTLS)
mbedtls_md_context_t* mdctx;
#endif
};
WINPR_DIGEST_CTX* winpr_Digest_New(void)
{
WINPR_DIGEST_CTX* ctx = calloc(1, sizeof(WINPR_DIGEST_CTX));
if (!ctx)
return NULL;
#if defined(WITH_OPENSSL)
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
mdctx = EVP_MD_CTX_create();
ctx->mdctx = EVP_MD_CTX_create();
#else
mdctx = EVP_MD_CTX_new();
ctx->mdctx = EVP_MD_CTX_new();
#endif
ctx = (WINPR_DIGEST_CTX*)mdctx;
if (!ctx->mdctx)
goto fail;
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* mdctx;
mdctx = (mbedtls_md_context_t*)calloc(1, sizeof(mbedtls_md_context_t));
ctx->mdctx = (mbedtls_md_context_t*)calloc(1, sizeof(mbedtls_md_context_t));
if (mdctx)
mbedtls_md_init(mdctx);
if (!ctx->mdctx)
goto fail;
ctx = (WINPR_DIGEST_CTX*)mdctx;
mbedtls_md_init(ctx->mdctx);
#endif
return ctx;
fail:
winpr_Digest_Free(ctx);
}
#if defined(WITH_OPENSSL)
static BOOL winpr_Digest_Init_Internal(WINPR_DIGEST_CTX* ctx, const EVP_MD* evp)
{
EVP_MD_CTX* mdctx = (EVP_MD_CTX*)ctx;
WINPR_ASSERT(ctx);
EVP_MD_CTX* mdctx = ctx->mdctx;
if (!mdctx || !evp)
return FALSE;
@ -377,7 +403,8 @@ static BOOL winpr_Digest_Init_Internal(WINPR_DIGEST_CTX* ctx, const EVP_MD* evp)
#elif defined(WITH_MBEDTLS)
static BOOL winpr_Digest_Init_Internal(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md)
{
mbedtls_md_context_t* mdctx = (mbedtls_md_context_t*)ctx;
WINPR_ASSERT(ctx);
mbedtls_md_context_t* mdctx = ctx->mdctx;
mbedtls_md_type_t md_type = winpr_mbedtls_get_md_type(md);
const mbedtls_md_info_t* md_info = mbedtls_md_info_from_type(md_type);
@ -401,15 +428,16 @@ static BOOL winpr_Digest_Init_Internal(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md)
BOOL winpr_Digest_Init_Allow_FIPS(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md)
{
WINPR_ASSERT(ctx);
#if defined(WITH_OPENSSL)
EVP_MD_CTX* mdctx = (EVP_MD_CTX*)ctx;
const EVP_MD* evp = winpr_openssl_get_evp_md(md);
/* Only MD5 is supported for FIPS allow override */
if (md != WINPR_MD_MD5)
return FALSE;
EVP_MD_CTX_set_flags(mdctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_MD_CTX_set_flags(ctx->mdctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
return winpr_Digest_Init_Internal(ctx, evp);
#elif defined(WITH_MBEDTLS)
@ -423,6 +451,20 @@ BOOL winpr_Digest_Init_Allow_FIPS(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md)
BOOL winpr_Digest_Init(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md)
{
WINPR_ASSERT(ctx);
ctx->md = md;
switch (md)
{
#if defined(WITH_INTERNAL_MD4)
case WINPR_MD_MD4:
winpr_MD4_Init(&ctx->md4);
return TRUE;
#endif
default:
break;
}
#if defined(WITH_OPENSSL)
const EVP_MD* evp = winpr_openssl_get_evp_md(md);
return winpr_Digest_Init_Internal(ctx, evp);
@ -433,14 +475,27 @@ BOOL winpr_Digest_Init(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md)
BOOL winpr_Digest_Update(WINPR_DIGEST_CTX* ctx, const BYTE* input, size_t ilen)
{
WINPR_ASSERT(ctx);
switch (ctx->md)
{
#if defined(WITH_INTERNAL_MD4)
case WINPR_MD_MD4:
winpr_MD4_Update(&ctx->md4, input, ilen);
return TRUE;
#endif
default:
break;
}
#if defined(WITH_OPENSSL)
EVP_MD_CTX* mdctx = (EVP_MD_CTX*)ctx;
EVP_MD_CTX* mdctx = ctx->mdctx;
if (EVP_DigestUpdate(mdctx, input, ilen) != 1)
return FALSE;
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* mdctx = (mbedtls_md_context_t*)ctx;
mbedtls_md_context_t* mdctx = ctx->mdctx;
if (mbedtls_md_update(mdctx, input, ilen) != 0)
return FALSE;
@ -451,14 +506,30 @@ BOOL winpr_Digest_Update(WINPR_DIGEST_CTX* ctx, const BYTE* input, size_t ilen)
BOOL winpr_Digest_Final(WINPR_DIGEST_CTX* ctx, BYTE* output, size_t olen)
{
WINPR_ASSERT(ctx);
switch (ctx->md)
{
#if defined(WITH_INTERNAL_MD4)
case WINPR_MD_MD4:
if (olen < WINPR_MD4_DIGEST_LENGTH)
return FALSE;
winpr_MD4_Final(output, &ctx->md4);
return TRUE;
#endif
default:
break;
}
#if defined(WITH_OPENSSL)
EVP_MD_CTX* mdctx = (EVP_MD_CTX*)ctx;
EVP_MD_CTX* mdctx = ctx->mdctx;
if (EVP_DigestFinal_ex(mdctx, output, NULL) == 1)
return TRUE;
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* mdctx = (mbedtls_md_context_t*)ctx;
mbedtls_md_context_t* mdctx = ctx->mdctx;
if (mbedtls_md_finish(mdctx, output) == 0)
return TRUE;
@ -470,28 +541,25 @@ BOOL winpr_Digest_Final(WINPR_DIGEST_CTX* ctx, BYTE* output, size_t olen)
void winpr_Digest_Free(WINPR_DIGEST_CTX* ctx)
{
#if defined(WITH_OPENSSL)
EVP_MD_CTX* mdctx = (EVP_MD_CTX*)ctx;
if (mdctx)
if (ctx->mdctx)
{
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
EVP_MD_CTX_destroy(mdctx);
EVP_MD_CTX_destroy(ctx->mdctx);
#else
EVP_MD_CTX_free(mdctx);
EVP_MD_CTX_free(ctx->mdctx);
#endif
}
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* mdctx = (mbedtls_md_context_t*)ctx;
if (mdctx)
if (ctx->mdctx)
{
mbedtls_md_free(mdctx);
free(mdctx);
mbedtls_md_free(ctx->mdctx);
free(ctx->mdctx);
}
#endif
free(ctx);
}
BOOL winpr_Digest_Allow_FIPS(WINPR_MD_TYPE md, const BYTE* input, size_t ilen, BYTE* output,

266
winpr/libwinpr/crypto/md4.c Normal file
View File

@ -0,0 +1,266 @@
/*
* This is an OpenSSL-compatible implementation of the RSA Data Security, Inc.
* MD4 Message-Digest Algorithm (RFC 1320).
*
* Homepage:
* http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4
*
* Author:
* Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
*
* This software was written by Alexander Peslyak in 2001. No copyright is
* claimed, and the software is hereby placed in the public domain.
* In case this attempt to disclaim copyright and place the software in the
* public domain is deemed null and void, then the software is
* Copyright (c) 2001 Alexander Peslyak and it is hereby released to the
* general public under the following terms:
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted.
*
* There's ABSOLUTELY NO WARRANTY, express or implied.
*
* (This is a heavily cut-down "BSD license".)
*
* This differs from Colin Plumb's older public domain implementation in that
* no exactly 32-bit integer data type is required (any 32-bit or wider
* unsigned integer data type will do), there's no compile-time endianness
* configuration, and the function prototypes match OpenSSL's. No code from
* Colin Plumb's implementation has been reused; this comment merely compares
* the properties of the two independent implementations.
*
* The primary goals of this implementation are portability and ease of use.
* It is meant to be fast, but not as fast as possible. Some known
* optimizations are not included to reduce source code size and avoid
* compile-time configuration.
*/
#include <string.h>
#include "md4.h"
/*
* The basic MD4 functions.
*
* F and G are optimized compared to their RFC 1320 definitions, with the
* optimization for F borrowed from Colin Plumb's MD5 implementation.
*/
#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
#define G(x, y, z) (((x) & ((y) | (z))) | ((y) & (z)))
#define H(x, y, z) ((x) ^ (y) ^ (z))
/*
* The MD4 transformation for all three rounds.
*/
#define STEP(f, a, b, c, d, x, s) \
(a) += f((b), (c), (d)) + (x); \
(a) = (((a) << (s)) | (((a)&0xffffffff) >> (32 - (s))));
/*
* SET reads 4 input bytes in little-endian byte order and stores them in a
* properly aligned word in host byte order.
*
* The check for little-endian architectures that tolerate unaligned memory
* accesses is just an optimization. Nothing will break if it fails to detect
* a suitable architecture.
*
* Unfortunately, this optimization may be a C strict aliasing rules violation
* if the caller's data buffer has effective type that cannot be aliased by
* winpr_MD4_u32plus. In practice, this problem may occur if these MD4 routines are
* inlined into a calling function, or with future and dangerously advanced
* link-time optimizations. For the time being, keeping these MD4 routines in
* their own translation unit avoids the problem.
*/
#if defined(__i386__) || defined(__x86_64__) || defined(__vax__)
#define SET(n) (*(winpr_MD4_u32plus*)&ptr[(n)*4])
#define GET(n) SET(n)
#else
#define SET(n) \
(ctx->block[(n)] = (winpr_MD4_u32plus)ptr[(n)*4] | ((winpr_MD4_u32plus)ptr[(n)*4 + 1] << 8) | \
((winpr_MD4_u32plus)ptr[(n)*4 + 2] << 16) | \
((winpr_MD4_u32plus)ptr[(n)*4 + 3] << 24))
#define GET(n) (ctx->block[(n)])
#endif
/*
* This processes one or more 64-byte data blocks, but does NOT update the bit
* counters. There are no alignment requirements.
*/
static const void* body(WINPR_MD4_CTX* ctx, const void* data, unsigned long size)
{
const unsigned char* ptr;
winpr_MD4_u32plus a, b, c, d;
winpr_MD4_u32plus saved_a, saved_b, saved_c, saved_d;
const winpr_MD4_u32plus ac1 = 0x5a827999, ac2 = 0x6ed9eba1;
ptr = (const unsigned char*)data;
a = ctx->a;
b = ctx->b;
c = ctx->c;
d = ctx->d;
do
{
saved_a = a;
saved_b = b;
saved_c = c;
saved_d = d;
/* Round 1 */
STEP(F, a, b, c, d, SET(0), 3)
STEP(F, d, a, b, c, SET(1), 7)
STEP(F, c, d, a, b, SET(2), 11)
STEP(F, b, c, d, a, SET(3), 19)
STEP(F, a, b, c, d, SET(4), 3)
STEP(F, d, a, b, c, SET(5), 7)
STEP(F, c, d, a, b, SET(6), 11)
STEP(F, b, c, d, a, SET(7), 19)
STEP(F, a, b, c, d, SET(8), 3)
STEP(F, d, a, b, c, SET(9), 7)
STEP(F, c, d, a, b, SET(10), 11)
STEP(F, b, c, d, a, SET(11), 19)
STEP(F, a, b, c, d, SET(12), 3)
STEP(F, d, a, b, c, SET(13), 7)
STEP(F, c, d, a, b, SET(14), 11)
STEP(F, b, c, d, a, SET(15), 19)
/* Round 2 */
STEP(G, a, b, c, d, GET(0) + ac1, 3)
STEP(G, d, a, b, c, GET(4) + ac1, 5)
STEP(G, c, d, a, b, GET(8) + ac1, 9)
STEP(G, b, c, d, a, GET(12) + ac1, 13)
STEP(G, a, b, c, d, GET(1) + ac1, 3)
STEP(G, d, a, b, c, GET(5) + ac1, 5)
STEP(G, c, d, a, b, GET(9) + ac1, 9)
STEP(G, b, c, d, a, GET(13) + ac1, 13)
STEP(G, a, b, c, d, GET(2) + ac1, 3)
STEP(G, d, a, b, c, GET(6) + ac1, 5)
STEP(G, c, d, a, b, GET(10) + ac1, 9)
STEP(G, b, c, d, a, GET(14) + ac1, 13)
STEP(G, a, b, c, d, GET(3) + ac1, 3)
STEP(G, d, a, b, c, GET(7) + ac1, 5)
STEP(G, c, d, a, b, GET(11) + ac1, 9)
STEP(G, b, c, d, a, GET(15) + ac1, 13)
/* Round 3 */
STEP(H, a, b, c, d, GET(0) + ac2, 3)
STEP(H, d, a, b, c, GET(8) + ac2, 9)
STEP(H, c, d, a, b, GET(4) + ac2, 11)
STEP(H, b, c, d, a, GET(12) + ac2, 15)
STEP(H, a, b, c, d, GET(2) + ac2, 3)
STEP(H, d, a, b, c, GET(10) + ac2, 9)
STEP(H, c, d, a, b, GET(6) + ac2, 11)
STEP(H, b, c, d, a, GET(14) + ac2, 15)
STEP(H, a, b, c, d, GET(1) + ac2, 3)
STEP(H, d, a, b, c, GET(9) + ac2, 9)
STEP(H, c, d, a, b, GET(5) + ac2, 11)
STEP(H, b, c, d, a, GET(13) + ac2, 15)
STEP(H, a, b, c, d, GET(3) + ac2, 3)
STEP(H, d, a, b, c, GET(11) + ac2, 9)
STEP(H, c, d, a, b, GET(7) + ac2, 11)
STEP(H, b, c, d, a, GET(15) + ac2, 15)
a += saved_a;
b += saved_b;
c += saved_c;
d += saved_d;
ptr += 64;
} while (size -= 64);
ctx->a = a;
ctx->b = b;
ctx->c = c;
ctx->d = d;
return ptr;
}
void winpr_MD4_Init(WINPR_MD4_CTX* ctx)
{
ctx->a = 0x67452301;
ctx->b = 0xefcdab89;
ctx->c = 0x98badcfe;
ctx->d = 0x10325476;
ctx->lo = 0;
ctx->hi = 0;
}
void winpr_MD4_Update(WINPR_MD4_CTX* ctx, const void* data, unsigned long size)
{
winpr_MD4_u32plus saved_lo;
unsigned long used, available;
saved_lo = ctx->lo;
if ((ctx->lo = (saved_lo + size) & 0x1fffffff) < saved_lo)
ctx->hi++;
ctx->hi += size >> 29;
used = saved_lo & 0x3f;
if (used)
{
available = 64 - used;
if (size < available)
{
memcpy(&ctx->buffer[used], data, size);
return;
}
memcpy(&ctx->buffer[used], data, available);
data = (const unsigned char*)data + available;
size -= available;
body(ctx, ctx->buffer, 64);
}
if (size >= 64)
{
data = body(ctx, data, size & ~(unsigned long)0x3f);
size &= 0x3f;
}
memcpy(ctx->buffer, data, size);
}
#define OUT(dst, src) \
(dst)[0] = (unsigned char)(src); \
(dst)[1] = (unsigned char)((src) >> 8); \
(dst)[2] = (unsigned char)((src) >> 16); \
(dst)[3] = (unsigned char)((src) >> 24);
void winpr_MD4_Final(unsigned char* result, WINPR_MD4_CTX* ctx)
{
unsigned long used, available;
used = ctx->lo & 0x3f;
ctx->buffer[used++] = 0x80;
available = 64 - used;
if (available < 8)
{
memset(&ctx->buffer[used], 0, available);
body(ctx, ctx->buffer, 64);
used = 0;
available = 64;
}
memset(&ctx->buffer[used], 0, available - 8);
ctx->lo <<= 3;
OUT(&ctx->buffer[56], ctx->lo)
OUT(&ctx->buffer[60], ctx->hi)
body(ctx, ctx->buffer, 64);
OUT(&result[0], ctx->a)
OUT(&result[4], ctx->b)
OUT(&result[8], ctx->c)
OUT(&result[12], ctx->d)
memset(ctx, 0, sizeof(*ctx));
}

View File

@ -0,0 +1,46 @@
/*
* This is an OpenSSL-compatible implementation of the RSA Data Security, Inc.
* MD4 Message-Digest Algorithm (RFC 1320).
*
* Homepage:
* http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4
*
* Author:
* Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
*
* This software was written by Alexander Peslyak in 2001. No copyright is
* claimed, and the software is hereby placed in the public domain.
* In case this attempt to disclaim copyright and place the software in the
* public domain is deemed null and void, then the software is
* Copyright (c) 2001 Alexander Peslyak and it is hereby released to the
* general public under the following terms:
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted.
*
* There's ABSOLUTELY NO WARRANTY, express or implied.
*
* See md4.c for more information.
*/
#if !defined(WINPR_MD4_H)
#define WINPR_MD4_H
#include <winpr/wtypes.h>
/* Any 32-bit or wider unsigned integer data type will do */
typedef UINT32 winpr_MD4_u32plus;
typedef struct
{
winpr_MD4_u32plus lo, hi;
winpr_MD4_u32plus a, b, c, d;
unsigned char buffer[64];
winpr_MD4_u32plus block[16];
} WINPR_MD4_CTX;
extern void winpr_MD4_Init(WINPR_MD4_CTX* ctx);
extern void winpr_MD4_Update(WINPR_MD4_CTX* ctx, const void* data, unsigned long size);
extern void winpr_MD4_Final(unsigned char* result, WINPR_MD4_CTX* ctx);
#endif