aboutsummaryrefslogtreecommitdiff
path: root/libbb/hash_md5_sha.c
diff options
context:
space:
mode:
authorDenys Vlasenko <dvlasenk@redhat.com>2010-10-18 13:47:47 +0200
committerDenys Vlasenko <dvlasenk@redhat.com>2010-10-18 13:47:47 +0200
commitb5aa1d95a158683d936ea41eed0513aa20ed2e74 (patch)
treecfb04f3c13e5f2fef0778af7199efcca29b7a0e9 /libbb/hash_md5_sha.c
parenteb7fe6dbf5bc93a229379a8047539dd8b90e0974 (diff)
downloadbusybox-w32-b5aa1d95a158683d936ea41eed0513aa20ed2e74.tar.gz
busybox-w32-b5aa1d95a158683d936ea41eed0513aa20ed2e74.tar.bz2
busybox-w32-b5aa1d95a158683d936ea41eed0513aa20ed2e74.zip
libbb/hash_sha.c -> libbb/hash_md5_sha.c
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Diffstat (limited to 'libbb/hash_md5_sha.c')
-rw-r--r--libbb/hash_md5_sha.c962
1 files changed, 962 insertions, 0 deletions
diff --git a/libbb/hash_md5_sha.c b/libbb/hash_md5_sha.c
new file mode 100644
index 000000000..3e708ef7e
--- /dev/null
+++ b/libbb/hash_md5_sha.c
@@ -0,0 +1,962 @@
1/* vi: set sw=4 ts=4: */
2/*
3 * Based on shasum from http://www.netsw.org/crypto/hash/
4 * Majorly hacked up to use Dr Brian Gladman's sha1 code
5 *
6 * Copyright (C) 2002 Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
7 * Copyright (C) 2003 Glenn L. McGrath
8 * Copyright (C) 2003 Erik Andersen
9 *
10 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
11 *
12 * ---------------------------------------------------------------------------
13 * Issue Date: 10/11/2002
14 *
15 * This is a byte oriented version of SHA1 that operates on arrays of bytes
16 * stored in memory. It runs at 22 cycles per byte on a Pentium P4 processor
17 *
18 * ---------------------------------------------------------------------------
19 *
20 * SHA256 and SHA512 parts are:
21 * Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>.
22 * Shrank by Denys Vlasenko.
23 *
24 * ---------------------------------------------------------------------------
25 *
26 * The best way to test random blocksizes is to go to coreutils/md5_sha1_sum.c
27 * and replace "4096" with something like "2000 + time(NULL) % 2097",
28 * then rebuild and compare "shaNNNsum bigfile" results.
29 */
30
31#include "libbb.h"
32
33/* gcc 4.2.1 optimizes rotr64 better with inline than with macro
34 * (for rotX32, there is no difference). Why? My guess is that
35 * macro requires clever common subexpression elimination heuristics
36 * in gcc, while inline basically forces it to happen.
37 */
38//#define rotl32(x,n) (((x) << (n)) | ((x) >> (32 - (n))))
39static ALWAYS_INLINE uint32_t rotl32(uint32_t x, unsigned n)
40{
41 return (x << n) | (x >> (32 - n));
42}
43//#define rotr32(x,n) (((x) >> (n)) | ((x) << (32 - (n))))
44static ALWAYS_INLINE uint32_t rotr32(uint32_t x, unsigned n)
45{
46 return (x >> n) | (x << (32 - n));
47}
48/* rotr64 in needed for sha512 only: */
49//#define rotr64(x,n) (((x) >> (n)) | ((x) << (64 - (n))))
50static ALWAYS_INLINE uint64_t rotr64(uint64_t x, unsigned n)
51{
52 return (x >> n) | (x << (64 - n));
53}
54
55
56static void FAST_FUNC sha1_process_block64(sha1_ctx_t *ctx)
57{
58 unsigned t;
59 uint32_t W[80], a, b, c, d, e;
60 const uint32_t *words = (uint32_t*) ctx->wbuffer;
61
62 for (t = 0; t < 16; ++t)
63 W[t] = SWAP_BE32(words[t]);
64 for (/*t = 16*/; t < 80; ++t) {
65 uint32_t T = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16];
66 W[t] = rotl32(T, 1);
67 }
68
69 a = ctx->hash[0];
70 b = ctx->hash[1];
71 c = ctx->hash[2];
72 d = ctx->hash[3];
73 e = ctx->hash[4];
74
75#undef ch
76#undef parity
77#undef maj
78#undef rnd
79#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
80#define parity(x,y,z) ((x) ^ (y) ^ (z))
81#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
82/* A normal version as set out in the FIPS. */
83#define rnd(f,k) \
84 do { \
85 uint32_t T = a; \
86 a = rotl32(a, 5) + f(b, c, d) + e + k + W[t]; \
87 e = d; \
88 d = c; \
89 c = rotl32(b, 30); \
90 b = T; \
91 } while (0)
92
93 for (t = 0; t < 20; ++t)
94 rnd(ch, 0x5a827999);
95
96 for (/*t = 20*/; t < 40; ++t)
97 rnd(parity, 0x6ed9eba1);
98
99 for (/*t = 40*/; t < 60; ++t)
100 rnd(maj, 0x8f1bbcdc);
101
102 for (/*t = 60*/; t < 80; ++t)
103 rnd(parity, 0xca62c1d6);
104#undef ch
105#undef parity
106#undef maj
107#undef rnd
108
109 ctx->hash[0] += a;
110 ctx->hash[1] += b;
111 ctx->hash[2] += c;
112 ctx->hash[3] += d;
113 ctx->hash[4] += e;
114}
115
116/* Constants for SHA512 from FIPS 180-2:4.2.3.
117 * SHA256 constants from FIPS 180-2:4.2.2
118 * are the most significant half of first 64 elements
119 * of the same array.
120 */
121static const uint64_t sha_K[80] = {
122 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
123 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
124 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
125 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
126 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
127 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
128 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
129 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
130 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
131 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
132 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
133 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
134 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
135 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
136 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
137 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
138 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
139 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
140 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
141 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
142 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
143 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
144 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
145 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
146 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
147 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
148 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
149 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
150 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
151 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
152 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
153 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
154 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, /* [64]+ are used for sha512 only */
155 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
156 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
157 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
158 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
159 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
160 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
161 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
162};
163
164#undef Ch
165#undef Maj
166#undef S0
167#undef S1
168#undef R0
169#undef R1
170
171static void FAST_FUNC sha256_process_block64(sha256_ctx_t *ctx)
172{
173 unsigned t;
174 uint32_t W[64], a, b, c, d, e, f, g, h;
175 const uint32_t *words = (uint32_t*) ctx->wbuffer;
176
177 /* Operators defined in FIPS 180-2:4.1.2. */
178#define Ch(x, y, z) ((x & y) ^ (~x & z))
179#define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
180#define S0(x) (rotr32(x, 2) ^ rotr32(x, 13) ^ rotr32(x, 22))
181#define S1(x) (rotr32(x, 6) ^ rotr32(x, 11) ^ rotr32(x, 25))
182#define R0(x) (rotr32(x, 7) ^ rotr32(x, 18) ^ (x >> 3))
183#define R1(x) (rotr32(x, 17) ^ rotr32(x, 19) ^ (x >> 10))
184
185 /* Compute the message schedule according to FIPS 180-2:6.2.2 step 2. */
186 for (t = 0; t < 16; ++t)
187 W[t] = SWAP_BE32(words[t]);
188 for (/*t = 16*/; t < 64; ++t)
189 W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16];
190
191 a = ctx->hash[0];
192 b = ctx->hash[1];
193 c = ctx->hash[2];
194 d = ctx->hash[3];
195 e = ctx->hash[4];
196 f = ctx->hash[5];
197 g = ctx->hash[6];
198 h = ctx->hash[7];
199
200 /* The actual computation according to FIPS 180-2:6.2.2 step 3. */
201 for (t = 0; t < 64; ++t) {
202 /* Need to fetch upper half of sha_K[t]
203 * (I hope compiler is clever enough to just fetch
204 * upper half)
205 */
206 uint32_t K_t = sha_K[t] >> 32;
207 uint32_t T1 = h + S1(e) + Ch(e, f, g) + K_t + W[t];
208 uint32_t T2 = S0(a) + Maj(a, b, c);
209 h = g;
210 g = f;
211 f = e;
212 e = d + T1;
213 d = c;
214 c = b;
215 b = a;
216 a = T1 + T2;
217 }
218#undef Ch
219#undef Maj
220#undef S0
221#undef S1
222#undef R0
223#undef R1
224 /* Add the starting values of the context according to FIPS 180-2:6.2.2
225 step 4. */
226 ctx->hash[0] += a;
227 ctx->hash[1] += b;
228 ctx->hash[2] += c;
229 ctx->hash[3] += d;
230 ctx->hash[4] += e;
231 ctx->hash[5] += f;
232 ctx->hash[6] += g;
233 ctx->hash[7] += h;
234}
235
236static void FAST_FUNC sha512_process_block128(sha512_ctx_t *ctx)
237{
238 unsigned t;
239 uint64_t W[80];
240 /* On i386, having assignments here (not later as sha256 does)
241 * produces 99 bytes smaller code with gcc 4.3.1
242 */
243 uint64_t a = ctx->hash[0];
244 uint64_t b = ctx->hash[1];
245 uint64_t c = ctx->hash[2];
246 uint64_t d = ctx->hash[3];
247 uint64_t e = ctx->hash[4];
248 uint64_t f = ctx->hash[5];
249 uint64_t g = ctx->hash[6];
250 uint64_t h = ctx->hash[7];
251 const uint64_t *words = (uint64_t*) ctx->wbuffer;
252
253 /* Operators defined in FIPS 180-2:4.1.2. */
254#define Ch(x, y, z) ((x & y) ^ (~x & z))
255#define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
256#define S0(x) (rotr64(x, 28) ^ rotr64(x, 34) ^ rotr64(x, 39))
257#define S1(x) (rotr64(x, 14) ^ rotr64(x, 18) ^ rotr64(x, 41))
258#define R0(x) (rotr64(x, 1) ^ rotr64(x, 8) ^ (x >> 7))
259#define R1(x) (rotr64(x, 19) ^ rotr64(x, 61) ^ (x >> 6))
260
261 /* Compute the message schedule according to FIPS 180-2:6.3.2 step 2. */
262 for (t = 0; t < 16; ++t)
263 W[t] = SWAP_BE64(words[t]);
264 for (/*t = 16*/; t < 80; ++t)
265 W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16];
266
267 /* The actual computation according to FIPS 180-2:6.3.2 step 3. */
268 for (t = 0; t < 80; ++t) {
269 uint64_t T1 = h + S1(e) + Ch(e, f, g) + sha_K[t] + W[t];
270 uint64_t T2 = S0(a) + Maj(a, b, c);
271 h = g;
272 g = f;
273 f = e;
274 e = d + T1;
275 d = c;
276 c = b;
277 b = a;
278 a = T1 + T2;
279 }
280#undef Ch
281#undef Maj
282#undef S0
283#undef S1
284#undef R0
285#undef R1
286 /* Add the starting values of the context according to FIPS 180-2:6.3.2
287 step 4. */
288 ctx->hash[0] += a;
289 ctx->hash[1] += b;
290 ctx->hash[2] += c;
291 ctx->hash[3] += d;
292 ctx->hash[4] += e;
293 ctx->hash[5] += f;
294 ctx->hash[6] += g;
295 ctx->hash[7] += h;
296}
297
298
299void FAST_FUNC sha1_begin(sha1_ctx_t *ctx)
300{
301 ctx->hash[0] = 0x67452301;
302 ctx->hash[1] = 0xefcdab89;
303 ctx->hash[2] = 0x98badcfe;
304 ctx->hash[3] = 0x10325476;
305 ctx->hash[4] = 0xc3d2e1f0;
306 ctx->total64 = 0;
307 ctx->process_block = sha1_process_block64;
308}
309
310static const uint32_t init256[] = {
311 0x6a09e667,
312 0xbb67ae85,
313 0x3c6ef372,
314 0xa54ff53a,
315 0x510e527f,
316 0x9b05688c,
317 0x1f83d9ab,
318 0x5be0cd19,
319 0,
320 0,
321};
322static const uint32_t init512_lo[] = {
323 0xf3bcc908,
324 0x84caa73b,
325 0xfe94f82b,
326 0x5f1d36f1,
327 0xade682d1,
328 0x2b3e6c1f,
329 0xfb41bd6b,
330 0x137e2179,
331 0,
332 0,
333};
334
335/* Initialize structure containing state of computation.
336 (FIPS 180-2:5.3.2) */
337void FAST_FUNC sha256_begin(sha256_ctx_t *ctx)
338{
339 memcpy(ctx->hash, init256, sizeof(init256));
340 /*ctx->total64 = 0; - done by extending init256 with two 32-bit zeros */
341 ctx->process_block = sha256_process_block64;
342}
343
344/* Initialize structure containing state of computation.
345 (FIPS 180-2:5.3.3) */
346void FAST_FUNC sha512_begin(sha512_ctx_t *ctx)
347{
348 int i;
349 /* Two extra iterations zero out ctx->total64[] */
350 for (i = 0; i < 8+2; i++)
351 ctx->hash[i] = ((uint64_t)(init256[i]) << 32) + init512_lo[i];
352 /*ctx->total64[0] = ctx->total64[1] = 0; - already done */
353}
354
355
356/* Used also for sha256 */
357void FAST_FUNC sha1_hash(sha1_ctx_t *ctx, const void *buffer, size_t len)
358{
359 unsigned bufpos = ctx->total64 & 63;
360 unsigned remaining;
361
362 ctx->total64 += len;
363#if 0
364 remaining = 64 - bufpos;
365
366 /* Hash whole blocks */
367 while (len >= remaining) {
368 memcpy(ctx->wbuffer + bufpos, buffer, remaining);
369 buffer = (const char *)buffer + remaining;
370 len -= remaining;
371 remaining = 64;
372 bufpos = 0;
373 ctx->process_block(ctx);
374 }
375
376 /* Save last, partial blosk */
377 memcpy(ctx->wbuffer + bufpos, buffer, len);
378#else
379 /* Tiny bit smaller code */
380 while (1) {
381 remaining = 64 - bufpos;
382 if (remaining > len)
383 remaining = len;
384 /* Copy data into aligned buffer */
385 memcpy(ctx->wbuffer + bufpos, buffer, remaining);
386 len -= remaining;
387 buffer = (const char *)buffer + remaining;
388 bufpos += remaining;
389 /* clever way to do "if (bufpos != 64) break; ... ; bufpos = 0;" */
390 bufpos -= 64;
391 if (bufpos != 0)
392 break;
393 /* Buffer is filled up, process it */
394 ctx->process_block(ctx);
395 /*bufpos = 0; - already is */
396 }
397#endif
398}
399
400void FAST_FUNC sha512_hash(sha512_ctx_t *ctx, const void *buffer, size_t len)
401{
402 unsigned bufpos = ctx->total64[0] & 127;
403 unsigned remaining;
404
405 /* First increment the byte count. FIPS 180-2 specifies the possible
406 length of the file up to 2^128 _bits_.
407 We compute the number of _bytes_ and convert to bits later. */
408 ctx->total64[0] += len;
409 if (ctx->total64[0] < len)
410 ctx->total64[1]++;
411#if 0
412 remaining = 128 - bufpos;
413
414 /* Hash whole blocks */
415 while (len >= remaining) {
416 memcpy(ctx->wbuffer + bufpos, buffer, remaining);
417 buffer = (const char *)buffer + remaining;
418 len -= remaining;
419 remaining = 128;
420 bufpos = 0;
421 sha512_process_block128(ctx);
422 }
423
424 /* Save last, partial blosk */
425 memcpy(ctx->wbuffer + bufpos, buffer, len);
426#else
427 while (1) {
428 remaining = 128 - bufpos;
429 if (remaining > len)
430 remaining = len;
431 /* Copy data into aligned buffer */
432 memcpy(ctx->wbuffer + bufpos, buffer, remaining);
433 len -= remaining;
434 buffer = (const char *)buffer + remaining;
435 bufpos += remaining;
436 /* clever way to do "if (bufpos != 128) break; ... ; bufpos = 0;" */
437 bufpos -= 128;
438 if (bufpos != 0)
439 break;
440 /* Buffer is filled up, process it */
441 sha512_process_block128(ctx);
442 /*bufpos = 0; - already is */
443 }
444#endif
445}
446
447
448/* Used also for sha256 */
449void FAST_FUNC sha1_end(sha1_ctx_t *ctx, void *resbuf)
450{
451 unsigned bufpos = ctx->total64 & 63;
452
453 /* Pad the buffer to the next 64-byte boundary with 0x80,0,0,0... */
454 ctx->wbuffer[bufpos++] = 0x80;
455
456 /* This loop iterates either once or twice, no more, no less */
457 while (1) {
458 unsigned remaining = 64 - bufpos;
459 memset(ctx->wbuffer + bufpos, 0, remaining);
460 /* Do we have enough space for the length count? */
461 if (remaining >= 8) {
462 /* Store the 64-bit counter of bits in the buffer in BE format */
463 uint64_t t = ctx->total64 << 3;
464 t = SWAP_BE64(t);
465 /* wbuffer is suitably aligned for this */
466 *(uint64_t *) (&ctx->wbuffer[64 - 8]) = t;
467 }
468 ctx->process_block(ctx);
469 if (remaining >= 8)
470 break;
471 bufpos = 0;
472 }
473
474 bufpos = (ctx->process_block == sha1_process_block64) ? 5 : 8;
475 /* This way we do not impose alignment constraints on resbuf: */
476 if (BB_LITTLE_ENDIAN) {
477 unsigned i;
478 for (i = 0; i < bufpos; ++i)
479 ctx->hash[i] = SWAP_BE32(ctx->hash[i]);
480 }
481 memcpy(resbuf, ctx->hash, sizeof(ctx->hash[0]) * bufpos);
482}
483
484void FAST_FUNC sha512_end(sha512_ctx_t *ctx, void *resbuf)
485{
486 unsigned bufpos = ctx->total64[0] & 127;
487
488 /* Pad the buffer to the next 128-byte boundary with 0x80,0,0,0... */
489 ctx->wbuffer[bufpos++] = 0x80;
490
491 while (1) {
492 unsigned remaining = 128 - bufpos;
493 memset(ctx->wbuffer + bufpos, 0, remaining);
494 if (remaining >= 16) {
495 /* Store the 128-bit counter of bits in the buffer in BE format */
496 uint64_t t;
497 t = ctx->total64[0] << 3;
498 t = SWAP_BE64(t);
499 *(uint64_t *) (&ctx->wbuffer[128 - 8]) = t;
500 t = (ctx->total64[1] << 3) | (ctx->total64[0] >> 61);
501 t = SWAP_BE64(t);
502 *(uint64_t *) (&ctx->wbuffer[128 - 16]) = t;
503 }
504 sha512_process_block128(ctx);
505 if (remaining >= 16)
506 break;
507 bufpos = 0;
508 }
509
510 if (BB_LITTLE_ENDIAN) {
511 unsigned i;
512 for (i = 0; i < ARRAY_SIZE(ctx->hash); ++i)
513 ctx->hash[i] = SWAP_BE64(ctx->hash[i]);
514 }
515 memcpy(resbuf, ctx->hash, sizeof(ctx->hash));
516}
517
518
519/*
520 * Compute MD5 checksum of strings according to the
521 * definition of MD5 in RFC 1321 from April 1992.
522 *
523 * Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995.
524 *
525 * Copyright (C) 1995-1999 Free Software Foundation, Inc.
526 * Copyright (C) 2001 Manuel Novoa III
527 * Copyright (C) 2003 Glenn L. McGrath
528 * Copyright (C) 2003 Erik Andersen
529 *
530 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
531 */
532
533/* 0: fastest, 3: smallest */
534#if CONFIG_MD5_SIZE_VS_SPEED < 0
535# define MD5_SIZE_VS_SPEED 0
536#elif CONFIG_MD5_SIZE_VS_SPEED > 3
537# define MD5_SIZE_VS_SPEED 3
538#else
539# define MD5_SIZE_VS_SPEED CONFIG_MD5_SIZE_VS_SPEED
540#endif
541
542/* Initialize structure containing state of computation.
543 * (RFC 1321, 3.3: Step 3)
544 */
545void FAST_FUNC md5_begin(md5_ctx_t *ctx)
546{
547 ctx->A = 0x67452301;
548 ctx->B = 0xefcdab89;
549 ctx->C = 0x98badcfe;
550 ctx->D = 0x10325476;
551 ctx->total64 = 0;
552}
553
554/* These are the four functions used in the four steps of the MD5 algorithm
555 * and defined in the RFC 1321. The first function is a little bit optimized
556 * (as found in Colin Plumbs public domain implementation).
557 * #define FF(b, c, d) ((b & c) | (~b & d))
558 */
559#undef FF
560#undef FG
561#undef FH
562#undef FI
563#define FF(b, c, d) (d ^ (b & (c ^ d)))
564#define FG(b, c, d) FF(d, b, c)
565#define FH(b, c, d) (b ^ c ^ d)
566#define FI(b, c, d) (c ^ (b | ~d))
567
568/* Hash a single block, 64 bytes long and 4-byte aligned */
569static void md5_process_block64(md5_ctx_t *ctx)
570{
571#if MD5_SIZE_VS_SPEED > 0
572 /* Before we start, one word to the strange constants.
573 They are defined in RFC 1321 as
574 T[i] = (int)(4294967296.0 * fabs(sin(i))), i=1..64
575 */
576 static const uint32_t C_array[] = {
577 /* round 1 */
578 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee,
579 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
580 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
581 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
582 /* round 2 */
583 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
584 0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8,
585 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed,
586 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
587 /* round 3 */
588 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
589 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
590 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05,
591 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
592 /* round 4 */
593 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039,
594 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
595 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
596 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391
597 };
598 static const char P_array[] ALIGN1 = {
599# if MD5_SIZE_VS_SPEED > 1
600 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, /* 1 */
601# endif
602 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, /* 2 */
603 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2, /* 3 */
604 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9 /* 4 */
605 };
606#endif
607 uint32_t *words = (void*) ctx->wbuffer;
608 uint32_t A = ctx->A;
609 uint32_t B = ctx->B;
610 uint32_t C = ctx->C;
611 uint32_t D = ctx->D;
612
613#if MD5_SIZE_VS_SPEED >= 2 /* 2 or 3 */
614
615 static const char S_array[] ALIGN1 = {
616 7, 12, 17, 22,
617 5, 9, 14, 20,
618 4, 11, 16, 23,
619 6, 10, 15, 21
620 };
621 const uint32_t *pc;
622 const char *pp;
623 const char *ps;
624 int i;
625 uint32_t temp;
626
627# if BB_BIG_ENDIAN
628 for (i = 0; i < 16; i++)
629 words[i] = SWAP_LE32(words[i]);
630# endif
631
632# if MD5_SIZE_VS_SPEED == 3
633 pc = C_array;
634 pp = P_array;
635 ps = S_array - 4;
636
637 for (i = 0; i < 64; i++) {
638 if ((i & 0x0f) == 0)
639 ps += 4;
640 temp = A;
641 switch (i >> 4) {
642 case 0:
643 temp += FF(B, C, D);
644 break;
645 case 1:
646 temp += FG(B, C, D);
647 break;
648 case 2:
649 temp += FH(B, C, D);
650 break;
651 case 3:
652 temp += FI(B, C, D);
653 }
654 temp += words[(int) (*pp++)] + *pc++;
655 temp = rotl32(temp, ps[i & 3]);
656 temp += B;
657 A = D;
658 D = C;
659 C = B;
660 B = temp;
661 }
662# else /* MD5_SIZE_VS_SPEED == 2 */
663 pc = C_array;
664 pp = P_array;
665 ps = S_array;
666
667 for (i = 0; i < 16; i++) {
668 temp = A + FF(B, C, D) + words[(int) (*pp++)] + *pc++;
669 temp = rotl32(temp, ps[i & 3]);
670 temp += B;
671 A = D;
672 D = C;
673 C = B;
674 B = temp;
675 }
676 ps += 4;
677 for (i = 0; i < 16; i++) {
678 temp = A + FG(B, C, D) + words[(int) (*pp++)] + *pc++;
679 temp = rotl32(temp, ps[i & 3]);
680 temp += B;
681 A = D;
682 D = C;
683 C = B;
684 B = temp;
685 }
686 ps += 4;
687 for (i = 0; i < 16; i++) {
688 temp = A + FH(B, C, D) + words[(int) (*pp++)] + *pc++;
689 temp = rotl32(temp, ps[i & 3]);
690 temp += B;
691 A = D;
692 D = C;
693 C = B;
694 B = temp;
695 }
696 ps += 4;
697 for (i = 0; i < 16; i++) {
698 temp = A + FI(B, C, D) + words[(int) (*pp++)] + *pc++;
699 temp = rotl32(temp, ps[i & 3]);
700 temp += B;
701 A = D;
702 D = C;
703 C = B;
704 B = temp;
705 }
706# endif
707 /* Add checksum to the starting values */
708 ctx->A += A;
709 ctx->B += B;
710 ctx->C += C;
711 ctx->D += D;
712
713#else /* MD5_SIZE_VS_SPEED == 0 or 1 */
714
715 uint32_t A_save = A;
716 uint32_t B_save = B;
717 uint32_t C_save = C;
718 uint32_t D_save = D;
719# if MD5_SIZE_VS_SPEED == 1
720 const uint32_t *pc;
721 const char *pp;
722 int i;
723# endif
724
725 /* First round: using the given function, the context and a constant
726 the next context is computed. Because the algorithm's processing
727 unit is a 32-bit word and it is determined to work on words in
728 little endian byte order we perhaps have to change the byte order
729 before the computation. To reduce the work for the next steps
730 we save swapped words in WORDS array. */
731# undef OP
732# define OP(a, b, c, d, s, T) \
733 do { \
734 a += FF(b, c, d) + (*words IF_BIG_ENDIAN(= SWAP_LE32(*words))) + T; \
735 words++; \
736 a = rotl32(a, s); \
737 a += b; \
738 } while (0)
739
740 /* Round 1 */
741# if MD5_SIZE_VS_SPEED == 1
742 pc = C_array;
743 for (i = 0; i < 4; i++) {
744 OP(A, B, C, D, 7, *pc++);
745 OP(D, A, B, C, 12, *pc++);
746 OP(C, D, A, B, 17, *pc++);
747 OP(B, C, D, A, 22, *pc++);
748 }
749# else
750 OP(A, B, C, D, 7, 0xd76aa478);
751 OP(D, A, B, C, 12, 0xe8c7b756);
752 OP(C, D, A, B, 17, 0x242070db);
753 OP(B, C, D, A, 22, 0xc1bdceee);
754 OP(A, B, C, D, 7, 0xf57c0faf);
755 OP(D, A, B, C, 12, 0x4787c62a);
756 OP(C, D, A, B, 17, 0xa8304613);
757 OP(B, C, D, A, 22, 0xfd469501);
758 OP(A, B, C, D, 7, 0x698098d8);
759 OP(D, A, B, C, 12, 0x8b44f7af);
760 OP(C, D, A, B, 17, 0xffff5bb1);
761 OP(B, C, D, A, 22, 0x895cd7be);
762 OP(A, B, C, D, 7, 0x6b901122);
763 OP(D, A, B, C, 12, 0xfd987193);
764 OP(C, D, A, B, 17, 0xa679438e);
765 OP(B, C, D, A, 22, 0x49b40821);
766# endif
767 words -= 16;
768
769 /* For the second to fourth round we have the possibly swapped words
770 in WORDS. Redefine the macro to take an additional first
771 argument specifying the function to use. */
772# undef OP
773# define OP(f, a, b, c, d, k, s, T) \
774 do { \
775 a += f(b, c, d) + words[k] + T; \
776 a = rotl32(a, s); \
777 a += b; \
778 } while (0)
779
780 /* Round 2 */
781# if MD5_SIZE_VS_SPEED == 1
782 pp = P_array;
783 for (i = 0; i < 4; i++) {
784 OP(FG, A, B, C, D, (int) (*pp++), 5, *pc++);
785 OP(FG, D, A, B, C, (int) (*pp++), 9, *pc++);
786 OP(FG, C, D, A, B, (int) (*pp++), 14, *pc++);
787 OP(FG, B, C, D, A, (int) (*pp++), 20, *pc++);
788 }
789# else
790 OP(FG, A, B, C, D, 1, 5, 0xf61e2562);
791 OP(FG, D, A, B, C, 6, 9, 0xc040b340);
792 OP(FG, C, D, A, B, 11, 14, 0x265e5a51);
793 OP(FG, B, C, D, A, 0, 20, 0xe9b6c7aa);
794 OP(FG, A, B, C, D, 5, 5, 0xd62f105d);
795 OP(FG, D, A, B, C, 10, 9, 0x02441453);
796 OP(FG, C, D, A, B, 15, 14, 0xd8a1e681);
797 OP(FG, B, C, D, A, 4, 20, 0xe7d3fbc8);
798 OP(FG, A, B, C, D, 9, 5, 0x21e1cde6);
799 OP(FG, D, A, B, C, 14, 9, 0xc33707d6);
800 OP(FG, C, D, A, B, 3, 14, 0xf4d50d87);
801 OP(FG, B, C, D, A, 8, 20, 0x455a14ed);
802 OP(FG, A, B, C, D, 13, 5, 0xa9e3e905);
803 OP(FG, D, A, B, C, 2, 9, 0xfcefa3f8);
804 OP(FG, C, D, A, B, 7, 14, 0x676f02d9);
805 OP(FG, B, C, D, A, 12, 20, 0x8d2a4c8a);
806# endif
807
808 /* Round 3 */
809# if MD5_SIZE_VS_SPEED == 1
810 for (i = 0; i < 4; i++) {
811 OP(FH, A, B, C, D, (int) (*pp++), 4, *pc++);
812 OP(FH, D, A, B, C, (int) (*pp++), 11, *pc++);
813 OP(FH, C, D, A, B, (int) (*pp++), 16, *pc++);
814 OP(FH, B, C, D, A, (int) (*pp++), 23, *pc++);
815 }
816# else
817 OP(FH, A, B, C, D, 5, 4, 0xfffa3942);
818 OP(FH, D, A, B, C, 8, 11, 0x8771f681);
819 OP(FH, C, D, A, B, 11, 16, 0x6d9d6122);
820 OP(FH, B, C, D, A, 14, 23, 0xfde5380c);
821 OP(FH, A, B, C, D, 1, 4, 0xa4beea44);
822 OP(FH, D, A, B, C, 4, 11, 0x4bdecfa9);
823 OP(FH, C, D, A, B, 7, 16, 0xf6bb4b60);
824 OP(FH, B, C, D, A, 10, 23, 0xbebfbc70);
825 OP(FH, A, B, C, D, 13, 4, 0x289b7ec6);
826 OP(FH, D, A, B, C, 0, 11, 0xeaa127fa);
827 OP(FH, C, D, A, B, 3, 16, 0xd4ef3085);
828 OP(FH, B, C, D, A, 6, 23, 0x04881d05);
829 OP(FH, A, B, C, D, 9, 4, 0xd9d4d039);
830 OP(FH, D, A, B, C, 12, 11, 0xe6db99e5);
831 OP(FH, C, D, A, B, 15, 16, 0x1fa27cf8);
832 OP(FH, B, C, D, A, 2, 23, 0xc4ac5665);
833# endif
834
835 /* Round 4 */
836# if MD5_SIZE_VS_SPEED == 1
837 for (i = 0; i < 4; i++) {
838 OP(FI, A, B, C, D, (int) (*pp++), 6, *pc++);
839 OP(FI, D, A, B, C, (int) (*pp++), 10, *pc++);
840 OP(FI, C, D, A, B, (int) (*pp++), 15, *pc++);
841 OP(FI, B, C, D, A, (int) (*pp++), 21, *pc++);
842 }
843# else
844 OP(FI, A, B, C, D, 0, 6, 0xf4292244);
845 OP(FI, D, A, B, C, 7, 10, 0x432aff97);
846 OP(FI, C, D, A, B, 14, 15, 0xab9423a7);
847 OP(FI, B, C, D, A, 5, 21, 0xfc93a039);
848 OP(FI, A, B, C, D, 12, 6, 0x655b59c3);
849 OP(FI, D, A, B, C, 3, 10, 0x8f0ccc92);
850 OP(FI, C, D, A, B, 10, 15, 0xffeff47d);
851 OP(FI, B, C, D, A, 1, 21, 0x85845dd1);
852 OP(FI, A, B, C, D, 8, 6, 0x6fa87e4f);
853 OP(FI, D, A, B, C, 15, 10, 0xfe2ce6e0);
854 OP(FI, C, D, A, B, 6, 15, 0xa3014314);
855 OP(FI, B, C, D, A, 13, 21, 0x4e0811a1);
856 OP(FI, A, B, C, D, 4, 6, 0xf7537e82);
857 OP(FI, D, A, B, C, 11, 10, 0xbd3af235);
858 OP(FI, C, D, A, B, 2, 15, 0x2ad7d2bb);
859 OP(FI, B, C, D, A, 9, 21, 0xeb86d391);
860# undef OP
861# endif
862 /* Add checksum to the starting values */
863 ctx->A = A_save + A;
864 ctx->B = B_save + B;
865 ctx->C = C_save + C;
866 ctx->D = D_save + D;
867#endif
868}
869#undef FF
870#undef FG
871#undef FH
872#undef FI
873
874/* Feed data through a temporary buffer to call md5_hash_aligned_block()
875 * with chunks of data that are 4-byte aligned and a multiple of 64 bytes.
876 * This function's internal buffer remembers previous data until it has 64
877 * bytes worth to pass on. Call md5_end() to flush this buffer. */
878void FAST_FUNC md5_hash(md5_ctx_t *ctx, const void *buffer, size_t len)
879{
880 unsigned bufpos = ctx->total64 & 63;
881 unsigned remaining;
882
883 /* RFC 1321 specifies the possible length of the file up to 2^64 bits.
884 * Here we only track the number of bytes. */
885 ctx->total64 += len;
886#if 0
887 remaining = 64 - bufpos;
888
889 /* Hash whole blocks */
890 while (len >= remaining) {
891 memcpy(ctx->wbuffer + bufpos, buffer, remaining);
892 buffer = (const char *)buffer + remaining;
893 len -= remaining;
894 remaining = 64;
895 bufpos = 0;
896 md5_process_block64(ctx);
897 }
898
899 /* Save last, partial blosk */
900 memcpy(ctx->wbuffer + bufpos, buffer, len);
901#else
902 /* Tiny bit smaller code */
903 while (1) {
904 remaining = 64 - bufpos;
905 if (remaining > len)
906 remaining = len;
907 /* Copy data into aligned buffer */
908 memcpy(ctx->wbuffer + bufpos, buffer, remaining);
909 len -= remaining;
910 buffer = (const char *)buffer + remaining;
911 bufpos += remaining;
912 /* clever way to do "if (bufpos != 64) break; ... ; bufpos = 0;" */
913 bufpos -= 64;
914 if (bufpos != 0)
915 break;
916 /* Buffer is filled up, process it */
917 md5_process_block64(ctx);
918 /*bufpos = 0; - already is */
919 }
920#endif
921}
922
923/* Process the remaining bytes in the buffer and put result from CTX
924 * in first 16 bytes following RESBUF. The result is always in little
925 * endian byte order, so that a byte-wise output yields to the wanted
926 * ASCII representation of the message digest.
927 */
928void FAST_FUNC md5_end(md5_ctx_t *ctx, void *resbuf)
929{
930 unsigned bufpos = ctx->total64 & 63;
931 /* Pad the buffer to the next 64-byte boundary with 0x80,0,0,0... */
932 ctx->wbuffer[bufpos++] = 0x80;
933
934 /* This loop iterates either once or twice, no more, no less */
935 while (1) {
936 unsigned remaining = 64 - bufpos;
937 memset(ctx->wbuffer + bufpos, 0, remaining);
938 /* Do we have enough space for the length count? */
939 if (remaining >= 8) {
940 /* Store the 64-bit counter of bits in the buffer in LE format */
941 uint64_t t = ctx->total64 << 3;
942 t = SWAP_LE64(t);
943 /* wbuffer is suitably aligned for this */
944 *(uint64_t *) (&ctx->wbuffer[64 - 8]) = t;
945 }
946 md5_process_block64(ctx);
947 if (remaining >= 8)
948 break;
949 bufpos = 0;
950 }
951
952 /* The MD5 result is in little endian byte order.
953 * We (ab)use the fact that A-D are consecutive in memory.
954 */
955#if BB_BIG_ENDIAN
956 ctx->A = SWAP_LE32(ctx->A);
957 ctx->B = SWAP_LE32(ctx->B);
958 ctx->C = SWAP_LE32(ctx->C);
959 ctx->D = SWAP_LE32(ctx->D);
960#endif
961 memcpy(resbuf, &ctx->A, sizeof(ctx->A) * 4);
962}