md5.c 9.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /*
  3. * MD5 and HMAC-MD5 library functions
  4. *
  5. * md5_block_generic() is derived from cryptoapi implementation, originally
  6. * based on the public domain implementation written by Colin Plumb in 1993.
  7. *
  8. * Copyright (c) Cryptoapi developers.
  9. * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
  10. * Copyright 2025 Google LLC
  11. */
  12. #include <crypto/hmac.h>
  13. #include <crypto/md5.h>
  14. #include <linux/export.h>
  15. #include <linux/kernel.h>
  16. #include <linux/module.h>
  17. #include <linux/string.h>
  18. #include <linux/unaligned.h>
  19. #include <linux/wordpart.h>
  20. static const struct md5_block_state md5_iv = {
  21. .h = { MD5_H0, MD5_H1, MD5_H2, MD5_H3 },
  22. };
  23. #define F1(x, y, z) (z ^ (x & (y ^ z)))
  24. #define F2(x, y, z) F1(z, x, y)
  25. #define F3(x, y, z) (x ^ y ^ z)
  26. #define F4(x, y, z) (y ^ (x | ~z))
  27. #define MD5STEP(f, w, x, y, z, in, s) \
  28. (w += f(x, y, z) + in, w = rol32(w, s) + x)
  29. static void md5_block_generic(struct md5_block_state *state,
  30. const u8 data[MD5_BLOCK_SIZE])
  31. {
  32. u32 in[MD5_BLOCK_WORDS];
  33. u32 a, b, c, d;
  34. memcpy(in, data, MD5_BLOCK_SIZE);
  35. le32_to_cpu_array(in, ARRAY_SIZE(in));
  36. a = state->h[0];
  37. b = state->h[1];
  38. c = state->h[2];
  39. d = state->h[3];
  40. MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7);
  41. MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
  42. MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17);
  43. MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
  44. MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
  45. MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12);
  46. MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17);
  47. MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22);
  48. MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7);
  49. MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
  50. MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
  51. MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
  52. MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7);
  53. MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
  54. MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
  55. MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
  56. MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5);
  57. MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9);
  58. MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
  59. MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
  60. MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5);
  61. MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9);
  62. MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
  63. MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
  64. MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
  65. MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
  66. MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
  67. MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20);
  68. MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
  69. MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
  70. MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14);
  71. MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
  72. MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4);
  73. MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11);
  74. MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
  75. MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
  76. MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4);
  77. MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
  78. MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
  79. MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
  80. MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
  81. MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
  82. MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
  83. MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23);
  84. MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
  85. MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
  86. MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
  87. MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
  88. MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6);
  89. MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10);
  90. MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
  91. MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21);
  92. MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
  93. MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
  94. MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
  95. MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21);
  96. MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
  97. MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
  98. MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15);
  99. MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
  100. MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6);
  101. MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
  102. MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
  103. MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21);
  104. state->h[0] += a;
  105. state->h[1] += b;
  106. state->h[2] += c;
  107. state->h[3] += d;
  108. }
  109. static void __maybe_unused md5_blocks_generic(struct md5_block_state *state,
  110. const u8 *data, size_t nblocks)
  111. {
  112. do {
  113. md5_block_generic(state, data);
  114. data += MD5_BLOCK_SIZE;
  115. } while (--nblocks);
  116. }
  117. #ifdef CONFIG_CRYPTO_LIB_MD5_ARCH
  118. #include "md5.h" /* $(SRCARCH)/md5.h */
  119. #else
  120. #define md5_blocks md5_blocks_generic
  121. #endif
  122. void md5_init(struct md5_ctx *ctx)
  123. {
  124. ctx->state = md5_iv;
  125. ctx->bytecount = 0;
  126. }
  127. EXPORT_SYMBOL_GPL(md5_init);
  128. void md5_update(struct md5_ctx *ctx, const u8 *data, size_t len)
  129. {
  130. size_t partial = ctx->bytecount % MD5_BLOCK_SIZE;
  131. ctx->bytecount += len;
  132. if (partial + len >= MD5_BLOCK_SIZE) {
  133. size_t nblocks;
  134. if (partial) {
  135. size_t l = MD5_BLOCK_SIZE - partial;
  136. memcpy(&ctx->buf[partial], data, l);
  137. data += l;
  138. len -= l;
  139. md5_blocks(&ctx->state, ctx->buf, 1);
  140. }
  141. nblocks = len / MD5_BLOCK_SIZE;
  142. len %= MD5_BLOCK_SIZE;
  143. if (nblocks) {
  144. md5_blocks(&ctx->state, data, nblocks);
  145. data += nblocks * MD5_BLOCK_SIZE;
  146. }
  147. partial = 0;
  148. }
  149. if (len)
  150. memcpy(&ctx->buf[partial], data, len);
  151. }
  152. EXPORT_SYMBOL_GPL(md5_update);
  153. static void __md5_final(struct md5_ctx *ctx, u8 out[MD5_DIGEST_SIZE])
  154. {
  155. u64 bitcount = ctx->bytecount << 3;
  156. size_t partial = ctx->bytecount % MD5_BLOCK_SIZE;
  157. ctx->buf[partial++] = 0x80;
  158. if (partial > MD5_BLOCK_SIZE - 8) {
  159. memset(&ctx->buf[partial], 0, MD5_BLOCK_SIZE - partial);
  160. md5_blocks(&ctx->state, ctx->buf, 1);
  161. partial = 0;
  162. }
  163. memset(&ctx->buf[partial], 0, MD5_BLOCK_SIZE - 8 - partial);
  164. *(__le64 *)&ctx->buf[MD5_BLOCK_SIZE - 8] = cpu_to_le64(bitcount);
  165. md5_blocks(&ctx->state, ctx->buf, 1);
  166. cpu_to_le32_array(ctx->state.h, ARRAY_SIZE(ctx->state.h));
  167. memcpy(out, ctx->state.h, MD5_DIGEST_SIZE);
  168. }
  169. void md5_final(struct md5_ctx *ctx, u8 out[MD5_DIGEST_SIZE])
  170. {
  171. __md5_final(ctx, out);
  172. memzero_explicit(ctx, sizeof(*ctx));
  173. }
  174. EXPORT_SYMBOL_GPL(md5_final);
  175. void md5(const u8 *data, size_t len, u8 out[MD5_DIGEST_SIZE])
  176. {
  177. struct md5_ctx ctx;
  178. md5_init(&ctx);
  179. md5_update(&ctx, data, len);
  180. md5_final(&ctx, out);
  181. }
  182. EXPORT_SYMBOL_GPL(md5);
  183. static void __hmac_md5_preparekey(struct md5_block_state *istate,
  184. struct md5_block_state *ostate,
  185. const u8 *raw_key, size_t raw_key_len)
  186. {
  187. union {
  188. u8 b[MD5_BLOCK_SIZE];
  189. unsigned long w[MD5_BLOCK_SIZE / sizeof(unsigned long)];
  190. } derived_key = { 0 };
  191. if (unlikely(raw_key_len > MD5_BLOCK_SIZE))
  192. md5(raw_key, raw_key_len, derived_key.b);
  193. else
  194. memcpy(derived_key.b, raw_key, raw_key_len);
  195. for (size_t i = 0; i < ARRAY_SIZE(derived_key.w); i++)
  196. derived_key.w[i] ^= REPEAT_BYTE(HMAC_IPAD_VALUE);
  197. *istate = md5_iv;
  198. md5_blocks(istate, derived_key.b, 1);
  199. for (size_t i = 0; i < ARRAY_SIZE(derived_key.w); i++)
  200. derived_key.w[i] ^= REPEAT_BYTE(HMAC_OPAD_VALUE ^
  201. HMAC_IPAD_VALUE);
  202. *ostate = md5_iv;
  203. md5_blocks(ostate, derived_key.b, 1);
  204. memzero_explicit(&derived_key, sizeof(derived_key));
  205. }
  206. void hmac_md5_preparekey(struct hmac_md5_key *key,
  207. const u8 *raw_key, size_t raw_key_len)
  208. {
  209. __hmac_md5_preparekey(&key->istate, &key->ostate, raw_key, raw_key_len);
  210. }
  211. EXPORT_SYMBOL_GPL(hmac_md5_preparekey);
  212. void hmac_md5_init(struct hmac_md5_ctx *ctx, const struct hmac_md5_key *key)
  213. {
  214. ctx->hash_ctx.state = key->istate;
  215. ctx->hash_ctx.bytecount = MD5_BLOCK_SIZE;
  216. ctx->ostate = key->ostate;
  217. }
  218. EXPORT_SYMBOL_GPL(hmac_md5_init);
  219. void hmac_md5_init_usingrawkey(struct hmac_md5_ctx *ctx,
  220. const u8 *raw_key, size_t raw_key_len)
  221. {
  222. __hmac_md5_preparekey(&ctx->hash_ctx.state, &ctx->ostate,
  223. raw_key, raw_key_len);
  224. ctx->hash_ctx.bytecount = MD5_BLOCK_SIZE;
  225. }
  226. EXPORT_SYMBOL_GPL(hmac_md5_init_usingrawkey);
  227. void hmac_md5_final(struct hmac_md5_ctx *ctx, u8 out[MD5_DIGEST_SIZE])
  228. {
  229. /* Generate the padded input for the outer hash in ctx->hash_ctx.buf. */
  230. __md5_final(&ctx->hash_ctx, ctx->hash_ctx.buf);
  231. memset(&ctx->hash_ctx.buf[MD5_DIGEST_SIZE], 0,
  232. MD5_BLOCK_SIZE - MD5_DIGEST_SIZE);
  233. ctx->hash_ctx.buf[MD5_DIGEST_SIZE] = 0x80;
  234. *(__le64 *)&ctx->hash_ctx.buf[MD5_BLOCK_SIZE - 8] =
  235. cpu_to_le64(8 * (MD5_BLOCK_SIZE + MD5_DIGEST_SIZE));
  236. /* Compute the outer hash, which gives the HMAC value. */
  237. md5_blocks(&ctx->ostate, ctx->hash_ctx.buf, 1);
  238. cpu_to_le32_array(ctx->ostate.h, ARRAY_SIZE(ctx->ostate.h));
  239. memcpy(out, ctx->ostate.h, MD5_DIGEST_SIZE);
  240. memzero_explicit(ctx, sizeof(*ctx));
  241. }
  242. EXPORT_SYMBOL_GPL(hmac_md5_final);
  243. void hmac_md5(const struct hmac_md5_key *key,
  244. const u8 *data, size_t data_len, u8 out[MD5_DIGEST_SIZE])
  245. {
  246. struct hmac_md5_ctx ctx;
  247. hmac_md5_init(&ctx, key);
  248. hmac_md5_update(&ctx, data, data_len);
  249. hmac_md5_final(&ctx, out);
  250. }
  251. EXPORT_SYMBOL_GPL(hmac_md5);
  252. void hmac_md5_usingrawkey(const u8 *raw_key, size_t raw_key_len,
  253. const u8 *data, size_t data_len,
  254. u8 out[MD5_DIGEST_SIZE])
  255. {
  256. struct hmac_md5_ctx ctx;
  257. hmac_md5_init_usingrawkey(&ctx, raw_key, raw_key_len);
  258. hmac_md5_update(&ctx, data, data_len);
  259. hmac_md5_final(&ctx, out);
  260. }
  261. EXPORT_SYMBOL_GPL(hmac_md5_usingrawkey);
  262. #ifdef md5_mod_init_arch
  263. static int __init md5_mod_init(void)
  264. {
  265. md5_mod_init_arch();
  266. return 0;
  267. }
  268. subsys_initcall(md5_mod_init);
  269. static void __exit md5_mod_exit(void)
  270. {
  271. }
  272. module_exit(md5_mod_exit);
  273. #endif
  274. MODULE_DESCRIPTION("MD5 and HMAC-MD5 library functions");
  275. MODULE_LICENSE("GPL");