diff options
author | Denys Vlasenko <dvlasenk@redhat.com> | 2010-10-18 13:47:47 +0200 |
---|---|---|
committer | Denys Vlasenko <dvlasenk@redhat.com> | 2010-10-18 13:47:47 +0200 |
commit | b5aa1d95a158683d936ea41eed0513aa20ed2e74 (patch) | |
tree | cfb04f3c13e5f2fef0778af7199efcca29b7a0e9 /libbb/hash_md5_sha.c | |
parent | eb7fe6dbf5bc93a229379a8047539dd8b90e0974 (diff) | |
download | busybox-w32-b5aa1d95a158683d936ea41eed0513aa20ed2e74.tar.gz busybox-w32-b5aa1d95a158683d936ea41eed0513aa20ed2e74.tar.bz2 busybox-w32-b5aa1d95a158683d936ea41eed0513aa20ed2e74.zip |
libbb/hash_sha.c -> libbb/hash_md5_sha.c
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Diffstat (limited to 'libbb/hash_md5_sha.c')
-rw-r--r-- | libbb/hash_md5_sha.c | 962 |
1 files changed, 962 insertions, 0 deletions
diff --git a/libbb/hash_md5_sha.c b/libbb/hash_md5_sha.c new file mode 100644 index 000000000..3e708ef7e --- /dev/null +++ b/libbb/hash_md5_sha.c | |||
@@ -0,0 +1,962 @@ | |||
1 | /* vi: set sw=4 ts=4: */ | ||
2 | /* | ||
3 | * Based on shasum from http://www.netsw.org/crypto/hash/ | ||
4 | * Majorly hacked up to use Dr Brian Gladman's sha1 code | ||
5 | * | ||
6 | * Copyright (C) 2002 Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK. | ||
7 | * Copyright (C) 2003 Glenn L. McGrath | ||
8 | * Copyright (C) 2003 Erik Andersen | ||
9 | * | ||
10 | * Licensed under GPLv2 or later, see file LICENSE in this source tree. | ||
11 | * | ||
12 | * --------------------------------------------------------------------------- | ||
13 | * Issue Date: 10/11/2002 | ||
14 | * | ||
15 | * This is a byte oriented version of SHA1 that operates on arrays of bytes | ||
16 | * stored in memory. It runs at 22 cycles per byte on a Pentium P4 processor | ||
17 | * | ||
18 | * --------------------------------------------------------------------------- | ||
19 | * | ||
20 | * SHA256 and SHA512 parts are: | ||
21 | * Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>. | ||
22 | * Shrank by Denys Vlasenko. | ||
23 | * | ||
24 | * --------------------------------------------------------------------------- | ||
25 | * | ||
26 | * The best way to test random blocksizes is to go to coreutils/md5_sha1_sum.c | ||
27 | * and replace "4096" with something like "2000 + time(NULL) % 2097", | ||
28 | * then rebuild and compare "shaNNNsum bigfile" results. | ||
29 | */ | ||
30 | |||
31 | #include "libbb.h" | ||
32 | |||
33 | /* gcc 4.2.1 optimizes rotr64 better with inline than with macro | ||
34 | * (for rotX32, there is no difference). Why? My guess is that | ||
35 | * macro requires clever common subexpression elimination heuristics | ||
36 | * in gcc, while inline basically forces it to happen. | ||
37 | */ | ||
38 | //#define rotl32(x,n) (((x) << (n)) | ((x) >> (32 - (n)))) | ||
39 | static ALWAYS_INLINE uint32_t rotl32(uint32_t x, unsigned n) | ||
40 | { | ||
41 | return (x << n) | (x >> (32 - n)); | ||
42 | } | ||
43 | //#define rotr32(x,n) (((x) >> (n)) | ((x) << (32 - (n)))) | ||
44 | static ALWAYS_INLINE uint32_t rotr32(uint32_t x, unsigned n) | ||
45 | { | ||
46 | return (x >> n) | (x << (32 - n)); | ||
47 | } | ||
48 | /* rotr64 in needed for sha512 only: */ | ||
49 | //#define rotr64(x,n) (((x) >> (n)) | ((x) << (64 - (n)))) | ||
50 | static ALWAYS_INLINE uint64_t rotr64(uint64_t x, unsigned n) | ||
51 | { | ||
52 | return (x >> n) | (x << (64 - n)); | ||
53 | } | ||
54 | |||
55 | |||
56 | static void FAST_FUNC sha1_process_block64(sha1_ctx_t *ctx) | ||
57 | { | ||
58 | unsigned t; | ||
59 | uint32_t W[80], a, b, c, d, e; | ||
60 | const uint32_t *words = (uint32_t*) ctx->wbuffer; | ||
61 | |||
62 | for (t = 0; t < 16; ++t) | ||
63 | W[t] = SWAP_BE32(words[t]); | ||
64 | for (/*t = 16*/; t < 80; ++t) { | ||
65 | uint32_t T = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16]; | ||
66 | W[t] = rotl32(T, 1); | ||
67 | } | ||
68 | |||
69 | a = ctx->hash[0]; | ||
70 | b = ctx->hash[1]; | ||
71 | c = ctx->hash[2]; | ||
72 | d = ctx->hash[3]; | ||
73 | e = ctx->hash[4]; | ||
74 | |||
75 | #undef ch | ||
76 | #undef parity | ||
77 | #undef maj | ||
78 | #undef rnd | ||
79 | #define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) | ||
80 | #define parity(x,y,z) ((x) ^ (y) ^ (z)) | ||
81 | #define maj(x,y,z) (((x) & (y)) | ((z) & ((x) | (y)))) | ||
82 | /* A normal version as set out in the FIPS. */ | ||
83 | #define rnd(f,k) \ | ||
84 | do { \ | ||
85 | uint32_t T = a; \ | ||
86 | a = rotl32(a, 5) + f(b, c, d) + e + k + W[t]; \ | ||
87 | e = d; \ | ||
88 | d = c; \ | ||
89 | c = rotl32(b, 30); \ | ||
90 | b = T; \ | ||
91 | } while (0) | ||
92 | |||
93 | for (t = 0; t < 20; ++t) | ||
94 | rnd(ch, 0x5a827999); | ||
95 | |||
96 | for (/*t = 20*/; t < 40; ++t) | ||
97 | rnd(parity, 0x6ed9eba1); | ||
98 | |||
99 | for (/*t = 40*/; t < 60; ++t) | ||
100 | rnd(maj, 0x8f1bbcdc); | ||
101 | |||
102 | for (/*t = 60*/; t < 80; ++t) | ||
103 | rnd(parity, 0xca62c1d6); | ||
104 | #undef ch | ||
105 | #undef parity | ||
106 | #undef maj | ||
107 | #undef rnd | ||
108 | |||
109 | ctx->hash[0] += a; | ||
110 | ctx->hash[1] += b; | ||
111 | ctx->hash[2] += c; | ||
112 | ctx->hash[3] += d; | ||
113 | ctx->hash[4] += e; | ||
114 | } | ||
115 | |||
116 | /* Constants for SHA512 from FIPS 180-2:4.2.3. | ||
117 | * SHA256 constants from FIPS 180-2:4.2.2 | ||
118 | * are the most significant half of first 64 elements | ||
119 | * of the same array. | ||
120 | */ | ||
121 | static const uint64_t sha_K[80] = { | ||
122 | 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, | ||
123 | 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, | ||
124 | 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, | ||
125 | 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, | ||
126 | 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, | ||
127 | 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, | ||
128 | 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, | ||
129 | 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, | ||
130 | 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, | ||
131 | 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, | ||
132 | 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, | ||
133 | 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, | ||
134 | 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, | ||
135 | 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, | ||
136 | 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, | ||
137 | 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, | ||
138 | 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, | ||
139 | 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, | ||
140 | 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, | ||
141 | 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, | ||
142 | 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, | ||
143 | 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, | ||
144 | 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, | ||
145 | 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, | ||
146 | 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, | ||
147 | 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, | ||
148 | 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, | ||
149 | 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, | ||
150 | 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, | ||
151 | 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, | ||
152 | 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, | ||
153 | 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, | ||
154 | 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, /* [64]+ are used for sha512 only */ | ||
155 | 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, | ||
156 | 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, | ||
157 | 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, | ||
158 | 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, | ||
159 | 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, | ||
160 | 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, | ||
161 | 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL | ||
162 | }; | ||
163 | |||
164 | #undef Ch | ||
165 | #undef Maj | ||
166 | #undef S0 | ||
167 | #undef S1 | ||
168 | #undef R0 | ||
169 | #undef R1 | ||
170 | |||
171 | static void FAST_FUNC sha256_process_block64(sha256_ctx_t *ctx) | ||
172 | { | ||
173 | unsigned t; | ||
174 | uint32_t W[64], a, b, c, d, e, f, g, h; | ||
175 | const uint32_t *words = (uint32_t*) ctx->wbuffer; | ||
176 | |||
177 | /* Operators defined in FIPS 180-2:4.1.2. */ | ||
178 | #define Ch(x, y, z) ((x & y) ^ (~x & z)) | ||
179 | #define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z)) | ||
180 | #define S0(x) (rotr32(x, 2) ^ rotr32(x, 13) ^ rotr32(x, 22)) | ||
181 | #define S1(x) (rotr32(x, 6) ^ rotr32(x, 11) ^ rotr32(x, 25)) | ||
182 | #define R0(x) (rotr32(x, 7) ^ rotr32(x, 18) ^ (x >> 3)) | ||
183 | #define R1(x) (rotr32(x, 17) ^ rotr32(x, 19) ^ (x >> 10)) | ||
184 | |||
185 | /* Compute the message schedule according to FIPS 180-2:6.2.2 step 2. */ | ||
186 | for (t = 0; t < 16; ++t) | ||
187 | W[t] = SWAP_BE32(words[t]); | ||
188 | for (/*t = 16*/; t < 64; ++t) | ||
189 | W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16]; | ||
190 | |||
191 | a = ctx->hash[0]; | ||
192 | b = ctx->hash[1]; | ||
193 | c = ctx->hash[2]; | ||
194 | d = ctx->hash[3]; | ||
195 | e = ctx->hash[4]; | ||
196 | f = ctx->hash[5]; | ||
197 | g = ctx->hash[6]; | ||
198 | h = ctx->hash[7]; | ||
199 | |||
200 | /* The actual computation according to FIPS 180-2:6.2.2 step 3. */ | ||
201 | for (t = 0; t < 64; ++t) { | ||
202 | /* Need to fetch upper half of sha_K[t] | ||
203 | * (I hope compiler is clever enough to just fetch | ||
204 | * upper half) | ||
205 | */ | ||
206 | uint32_t K_t = sha_K[t] >> 32; | ||
207 | uint32_t T1 = h + S1(e) + Ch(e, f, g) + K_t + W[t]; | ||
208 | uint32_t T2 = S0(a) + Maj(a, b, c); | ||
209 | h = g; | ||
210 | g = f; | ||
211 | f = e; | ||
212 | e = d + T1; | ||
213 | d = c; | ||
214 | c = b; | ||
215 | b = a; | ||
216 | a = T1 + T2; | ||
217 | } | ||
218 | #undef Ch | ||
219 | #undef Maj | ||
220 | #undef S0 | ||
221 | #undef S1 | ||
222 | #undef R0 | ||
223 | #undef R1 | ||
224 | /* Add the starting values of the context according to FIPS 180-2:6.2.2 | ||
225 | step 4. */ | ||
226 | ctx->hash[0] += a; | ||
227 | ctx->hash[1] += b; | ||
228 | ctx->hash[2] += c; | ||
229 | ctx->hash[3] += d; | ||
230 | ctx->hash[4] += e; | ||
231 | ctx->hash[5] += f; | ||
232 | ctx->hash[6] += g; | ||
233 | ctx->hash[7] += h; | ||
234 | } | ||
235 | |||
236 | static void FAST_FUNC sha512_process_block128(sha512_ctx_t *ctx) | ||
237 | { | ||
238 | unsigned t; | ||
239 | uint64_t W[80]; | ||
240 | /* On i386, having assignments here (not later as sha256 does) | ||
241 | * produces 99 bytes smaller code with gcc 4.3.1 | ||
242 | */ | ||
243 | uint64_t a = ctx->hash[0]; | ||
244 | uint64_t b = ctx->hash[1]; | ||
245 | uint64_t c = ctx->hash[2]; | ||
246 | uint64_t d = ctx->hash[3]; | ||
247 | uint64_t e = ctx->hash[4]; | ||
248 | uint64_t f = ctx->hash[5]; | ||
249 | uint64_t g = ctx->hash[6]; | ||
250 | uint64_t h = ctx->hash[7]; | ||
251 | const uint64_t *words = (uint64_t*) ctx->wbuffer; | ||
252 | |||
253 | /* Operators defined in FIPS 180-2:4.1.2. */ | ||
254 | #define Ch(x, y, z) ((x & y) ^ (~x & z)) | ||
255 | #define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z)) | ||
256 | #define S0(x) (rotr64(x, 28) ^ rotr64(x, 34) ^ rotr64(x, 39)) | ||
257 | #define S1(x) (rotr64(x, 14) ^ rotr64(x, 18) ^ rotr64(x, 41)) | ||
258 | #define R0(x) (rotr64(x, 1) ^ rotr64(x, 8) ^ (x >> 7)) | ||
259 | #define R1(x) (rotr64(x, 19) ^ rotr64(x, 61) ^ (x >> 6)) | ||
260 | |||
261 | /* Compute the message schedule according to FIPS 180-2:6.3.2 step 2. */ | ||
262 | for (t = 0; t < 16; ++t) | ||
263 | W[t] = SWAP_BE64(words[t]); | ||
264 | for (/*t = 16*/; t < 80; ++t) | ||
265 | W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16]; | ||
266 | |||
267 | /* The actual computation according to FIPS 180-2:6.3.2 step 3. */ | ||
268 | for (t = 0; t < 80; ++t) { | ||
269 | uint64_t T1 = h + S1(e) + Ch(e, f, g) + sha_K[t] + W[t]; | ||
270 | uint64_t T2 = S0(a) + Maj(a, b, c); | ||
271 | h = g; | ||
272 | g = f; | ||
273 | f = e; | ||
274 | e = d + T1; | ||
275 | d = c; | ||
276 | c = b; | ||
277 | b = a; | ||
278 | a = T1 + T2; | ||
279 | } | ||
280 | #undef Ch | ||
281 | #undef Maj | ||
282 | #undef S0 | ||
283 | #undef S1 | ||
284 | #undef R0 | ||
285 | #undef R1 | ||
286 | /* Add the starting values of the context according to FIPS 180-2:6.3.2 | ||
287 | step 4. */ | ||
288 | ctx->hash[0] += a; | ||
289 | ctx->hash[1] += b; | ||
290 | ctx->hash[2] += c; | ||
291 | ctx->hash[3] += d; | ||
292 | ctx->hash[4] += e; | ||
293 | ctx->hash[5] += f; | ||
294 | ctx->hash[6] += g; | ||
295 | ctx->hash[7] += h; | ||
296 | } | ||
297 | |||
298 | |||
299 | void FAST_FUNC sha1_begin(sha1_ctx_t *ctx) | ||
300 | { | ||
301 | ctx->hash[0] = 0x67452301; | ||
302 | ctx->hash[1] = 0xefcdab89; | ||
303 | ctx->hash[2] = 0x98badcfe; | ||
304 | ctx->hash[3] = 0x10325476; | ||
305 | ctx->hash[4] = 0xc3d2e1f0; | ||
306 | ctx->total64 = 0; | ||
307 | ctx->process_block = sha1_process_block64; | ||
308 | } | ||
309 | |||
310 | static const uint32_t init256[] = { | ||
311 | 0x6a09e667, | ||
312 | 0xbb67ae85, | ||
313 | 0x3c6ef372, | ||
314 | 0xa54ff53a, | ||
315 | 0x510e527f, | ||
316 | 0x9b05688c, | ||
317 | 0x1f83d9ab, | ||
318 | 0x5be0cd19, | ||
319 | 0, | ||
320 | 0, | ||
321 | }; | ||
322 | static const uint32_t init512_lo[] = { | ||
323 | 0xf3bcc908, | ||
324 | 0x84caa73b, | ||
325 | 0xfe94f82b, | ||
326 | 0x5f1d36f1, | ||
327 | 0xade682d1, | ||
328 | 0x2b3e6c1f, | ||
329 | 0xfb41bd6b, | ||
330 | 0x137e2179, | ||
331 | 0, | ||
332 | 0, | ||
333 | }; | ||
334 | |||
335 | /* Initialize structure containing state of computation. | ||
336 | (FIPS 180-2:5.3.2) */ | ||
337 | void FAST_FUNC sha256_begin(sha256_ctx_t *ctx) | ||
338 | { | ||
339 | memcpy(ctx->hash, init256, sizeof(init256)); | ||
340 | /*ctx->total64 = 0; - done by extending init256 with two 32-bit zeros */ | ||
341 | ctx->process_block = sha256_process_block64; | ||
342 | } | ||
343 | |||
344 | /* Initialize structure containing state of computation. | ||
345 | (FIPS 180-2:5.3.3) */ | ||
346 | void FAST_FUNC sha512_begin(sha512_ctx_t *ctx) | ||
347 | { | ||
348 | int i; | ||
349 | /* Two extra iterations zero out ctx->total64[] */ | ||
350 | for (i = 0; i < 8+2; i++) | ||
351 | ctx->hash[i] = ((uint64_t)(init256[i]) << 32) + init512_lo[i]; | ||
352 | /*ctx->total64[0] = ctx->total64[1] = 0; - already done */ | ||
353 | } | ||
354 | |||
355 | |||
356 | /* Used also for sha256 */ | ||
357 | void FAST_FUNC sha1_hash(sha1_ctx_t *ctx, const void *buffer, size_t len) | ||
358 | { | ||
359 | unsigned bufpos = ctx->total64 & 63; | ||
360 | unsigned remaining; | ||
361 | |||
362 | ctx->total64 += len; | ||
363 | #if 0 | ||
364 | remaining = 64 - bufpos; | ||
365 | |||
366 | /* Hash whole blocks */ | ||
367 | while (len >= remaining) { | ||
368 | memcpy(ctx->wbuffer + bufpos, buffer, remaining); | ||
369 | buffer = (const char *)buffer + remaining; | ||
370 | len -= remaining; | ||
371 | remaining = 64; | ||
372 | bufpos = 0; | ||
373 | ctx->process_block(ctx); | ||
374 | } | ||
375 | |||
376 | /* Save last, partial blosk */ | ||
377 | memcpy(ctx->wbuffer + bufpos, buffer, len); | ||
378 | #else | ||
379 | /* Tiny bit smaller code */ | ||
380 | while (1) { | ||
381 | remaining = 64 - bufpos; | ||
382 | if (remaining > len) | ||
383 | remaining = len; | ||
384 | /* Copy data into aligned buffer */ | ||
385 | memcpy(ctx->wbuffer + bufpos, buffer, remaining); | ||
386 | len -= remaining; | ||
387 | buffer = (const char *)buffer + remaining; | ||
388 | bufpos += remaining; | ||
389 | /* clever way to do "if (bufpos != 64) break; ... ; bufpos = 0;" */ | ||
390 | bufpos -= 64; | ||
391 | if (bufpos != 0) | ||
392 | break; | ||
393 | /* Buffer is filled up, process it */ | ||
394 | ctx->process_block(ctx); | ||
395 | /*bufpos = 0; - already is */ | ||
396 | } | ||
397 | #endif | ||
398 | } | ||
399 | |||
400 | void FAST_FUNC sha512_hash(sha512_ctx_t *ctx, const void *buffer, size_t len) | ||
401 | { | ||
402 | unsigned bufpos = ctx->total64[0] & 127; | ||
403 | unsigned remaining; | ||
404 | |||
405 | /* First increment the byte count. FIPS 180-2 specifies the possible | ||
406 | length of the file up to 2^128 _bits_. | ||
407 | We compute the number of _bytes_ and convert to bits later. */ | ||
408 | ctx->total64[0] += len; | ||
409 | if (ctx->total64[0] < len) | ||
410 | ctx->total64[1]++; | ||
411 | #if 0 | ||
412 | remaining = 128 - bufpos; | ||
413 | |||
414 | /* Hash whole blocks */ | ||
415 | while (len >= remaining) { | ||
416 | memcpy(ctx->wbuffer + bufpos, buffer, remaining); | ||
417 | buffer = (const char *)buffer + remaining; | ||
418 | len -= remaining; | ||
419 | remaining = 128; | ||
420 | bufpos = 0; | ||
421 | sha512_process_block128(ctx); | ||
422 | } | ||
423 | |||
424 | /* Save last, partial blosk */ | ||
425 | memcpy(ctx->wbuffer + bufpos, buffer, len); | ||
426 | #else | ||
427 | while (1) { | ||
428 | remaining = 128 - bufpos; | ||
429 | if (remaining > len) | ||
430 | remaining = len; | ||
431 | /* Copy data into aligned buffer */ | ||
432 | memcpy(ctx->wbuffer + bufpos, buffer, remaining); | ||
433 | len -= remaining; | ||
434 | buffer = (const char *)buffer + remaining; | ||
435 | bufpos += remaining; | ||
436 | /* clever way to do "if (bufpos != 128) break; ... ; bufpos = 0;" */ | ||
437 | bufpos -= 128; | ||
438 | if (bufpos != 0) | ||
439 | break; | ||
440 | /* Buffer is filled up, process it */ | ||
441 | sha512_process_block128(ctx); | ||
442 | /*bufpos = 0; - already is */ | ||
443 | } | ||
444 | #endif | ||
445 | } | ||
446 | |||
447 | |||
448 | /* Used also for sha256 */ | ||
449 | void FAST_FUNC sha1_end(sha1_ctx_t *ctx, void *resbuf) | ||
450 | { | ||
451 | unsigned bufpos = ctx->total64 & 63; | ||
452 | |||
453 | /* Pad the buffer to the next 64-byte boundary with 0x80,0,0,0... */ | ||
454 | ctx->wbuffer[bufpos++] = 0x80; | ||
455 | |||
456 | /* This loop iterates either once or twice, no more, no less */ | ||
457 | while (1) { | ||
458 | unsigned remaining = 64 - bufpos; | ||
459 | memset(ctx->wbuffer + bufpos, 0, remaining); | ||
460 | /* Do we have enough space for the length count? */ | ||
461 | if (remaining >= 8) { | ||
462 | /* Store the 64-bit counter of bits in the buffer in BE format */ | ||
463 | uint64_t t = ctx->total64 << 3; | ||
464 | t = SWAP_BE64(t); | ||
465 | /* wbuffer is suitably aligned for this */ | ||
466 | *(uint64_t *) (&ctx->wbuffer[64 - 8]) = t; | ||
467 | } | ||
468 | ctx->process_block(ctx); | ||
469 | if (remaining >= 8) | ||
470 | break; | ||
471 | bufpos = 0; | ||
472 | } | ||
473 | |||
474 | bufpos = (ctx->process_block == sha1_process_block64) ? 5 : 8; | ||
475 | /* This way we do not impose alignment constraints on resbuf: */ | ||
476 | if (BB_LITTLE_ENDIAN) { | ||
477 | unsigned i; | ||
478 | for (i = 0; i < bufpos; ++i) | ||
479 | ctx->hash[i] = SWAP_BE32(ctx->hash[i]); | ||
480 | } | ||
481 | memcpy(resbuf, ctx->hash, sizeof(ctx->hash[0]) * bufpos); | ||
482 | } | ||
483 | |||
484 | void FAST_FUNC sha512_end(sha512_ctx_t *ctx, void *resbuf) | ||
485 | { | ||
486 | unsigned bufpos = ctx->total64[0] & 127; | ||
487 | |||
488 | /* Pad the buffer to the next 128-byte boundary with 0x80,0,0,0... */ | ||
489 | ctx->wbuffer[bufpos++] = 0x80; | ||
490 | |||
491 | while (1) { | ||
492 | unsigned remaining = 128 - bufpos; | ||
493 | memset(ctx->wbuffer + bufpos, 0, remaining); | ||
494 | if (remaining >= 16) { | ||
495 | /* Store the 128-bit counter of bits in the buffer in BE format */ | ||
496 | uint64_t t; | ||
497 | t = ctx->total64[0] << 3; | ||
498 | t = SWAP_BE64(t); | ||
499 | *(uint64_t *) (&ctx->wbuffer[128 - 8]) = t; | ||
500 | t = (ctx->total64[1] << 3) | (ctx->total64[0] >> 61); | ||
501 | t = SWAP_BE64(t); | ||
502 | *(uint64_t *) (&ctx->wbuffer[128 - 16]) = t; | ||
503 | } | ||
504 | sha512_process_block128(ctx); | ||
505 | if (remaining >= 16) | ||
506 | break; | ||
507 | bufpos = 0; | ||
508 | } | ||
509 | |||
510 | if (BB_LITTLE_ENDIAN) { | ||
511 | unsigned i; | ||
512 | for (i = 0; i < ARRAY_SIZE(ctx->hash); ++i) | ||
513 | ctx->hash[i] = SWAP_BE64(ctx->hash[i]); | ||
514 | } | ||
515 | memcpy(resbuf, ctx->hash, sizeof(ctx->hash)); | ||
516 | } | ||
517 | |||
518 | |||
519 | /* | ||
520 | * Compute MD5 checksum of strings according to the | ||
521 | * definition of MD5 in RFC 1321 from April 1992. | ||
522 | * | ||
523 | * Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995. | ||
524 | * | ||
525 | * Copyright (C) 1995-1999 Free Software Foundation, Inc. | ||
526 | * Copyright (C) 2001 Manuel Novoa III | ||
527 | * Copyright (C) 2003 Glenn L. McGrath | ||
528 | * Copyright (C) 2003 Erik Andersen | ||
529 | * | ||
530 | * Licensed under GPLv2 or later, see file LICENSE in this source tree. | ||
531 | */ | ||
532 | |||
533 | /* 0: fastest, 3: smallest */ | ||
534 | #if CONFIG_MD5_SIZE_VS_SPEED < 0 | ||
535 | # define MD5_SIZE_VS_SPEED 0 | ||
536 | #elif CONFIG_MD5_SIZE_VS_SPEED > 3 | ||
537 | # define MD5_SIZE_VS_SPEED 3 | ||
538 | #else | ||
539 | # define MD5_SIZE_VS_SPEED CONFIG_MD5_SIZE_VS_SPEED | ||
540 | #endif | ||
541 | |||
542 | /* Initialize structure containing state of computation. | ||
543 | * (RFC 1321, 3.3: Step 3) | ||
544 | */ | ||
545 | void FAST_FUNC md5_begin(md5_ctx_t *ctx) | ||
546 | { | ||
547 | ctx->A = 0x67452301; | ||
548 | ctx->B = 0xefcdab89; | ||
549 | ctx->C = 0x98badcfe; | ||
550 | ctx->D = 0x10325476; | ||
551 | ctx->total64 = 0; | ||
552 | } | ||
553 | |||
554 | /* These are the four functions used in the four steps of the MD5 algorithm | ||
555 | * and defined in the RFC 1321. The first function is a little bit optimized | ||
556 | * (as found in Colin Plumbs public domain implementation). | ||
557 | * #define FF(b, c, d) ((b & c) | (~b & d)) | ||
558 | */ | ||
559 | #undef FF | ||
560 | #undef FG | ||
561 | #undef FH | ||
562 | #undef FI | ||
563 | #define FF(b, c, d) (d ^ (b & (c ^ d))) | ||
564 | #define FG(b, c, d) FF(d, b, c) | ||
565 | #define FH(b, c, d) (b ^ c ^ d) | ||
566 | #define FI(b, c, d) (c ^ (b | ~d)) | ||
567 | |||
568 | /* Hash a single block, 64 bytes long and 4-byte aligned */ | ||
569 | static void md5_process_block64(md5_ctx_t *ctx) | ||
570 | { | ||
571 | #if MD5_SIZE_VS_SPEED > 0 | ||
572 | /* Before we start, one word to the strange constants. | ||
573 | They are defined in RFC 1321 as | ||
574 | T[i] = (int)(4294967296.0 * fabs(sin(i))), i=1..64 | ||
575 | */ | ||
576 | static const uint32_t C_array[] = { | ||
577 | /* round 1 */ | ||
578 | 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, | ||
579 | 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501, | ||
580 | 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be, | ||
581 | 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821, | ||
582 | /* round 2 */ | ||
583 | 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa, | ||
584 | 0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8, | ||
585 | 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed, | ||
586 | 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a, | ||
587 | /* round 3 */ | ||
588 | 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c, | ||
589 | 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70, | ||
590 | 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05, | ||
591 | 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665, | ||
592 | /* round 4 */ | ||
593 | 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039, | ||
594 | 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1, | ||
595 | 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1, | ||
596 | 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391 | ||
597 | }; | ||
598 | static const char P_array[] ALIGN1 = { | ||
599 | # if MD5_SIZE_VS_SPEED > 1 | ||
600 | 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, /* 1 */ | ||
601 | # endif | ||
602 | 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, /* 2 */ | ||
603 | 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2, /* 3 */ | ||
604 | 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9 /* 4 */ | ||
605 | }; | ||
606 | #endif | ||
607 | uint32_t *words = (void*) ctx->wbuffer; | ||
608 | uint32_t A = ctx->A; | ||
609 | uint32_t B = ctx->B; | ||
610 | uint32_t C = ctx->C; | ||
611 | uint32_t D = ctx->D; | ||
612 | |||
613 | #if MD5_SIZE_VS_SPEED >= 2 /* 2 or 3 */ | ||
614 | |||
615 | static const char S_array[] ALIGN1 = { | ||
616 | 7, 12, 17, 22, | ||
617 | 5, 9, 14, 20, | ||
618 | 4, 11, 16, 23, | ||
619 | 6, 10, 15, 21 | ||
620 | }; | ||
621 | const uint32_t *pc; | ||
622 | const char *pp; | ||
623 | const char *ps; | ||
624 | int i; | ||
625 | uint32_t temp; | ||
626 | |||
627 | # if BB_BIG_ENDIAN | ||
628 | for (i = 0; i < 16; i++) | ||
629 | words[i] = SWAP_LE32(words[i]); | ||
630 | # endif | ||
631 | |||
632 | # if MD5_SIZE_VS_SPEED == 3 | ||
633 | pc = C_array; | ||
634 | pp = P_array; | ||
635 | ps = S_array - 4; | ||
636 | |||
637 | for (i = 0; i < 64; i++) { | ||
638 | if ((i & 0x0f) == 0) | ||
639 | ps += 4; | ||
640 | temp = A; | ||
641 | switch (i >> 4) { | ||
642 | case 0: | ||
643 | temp += FF(B, C, D); | ||
644 | break; | ||
645 | case 1: | ||
646 | temp += FG(B, C, D); | ||
647 | break; | ||
648 | case 2: | ||
649 | temp += FH(B, C, D); | ||
650 | break; | ||
651 | case 3: | ||
652 | temp += FI(B, C, D); | ||
653 | } | ||
654 | temp += words[(int) (*pp++)] + *pc++; | ||
655 | temp = rotl32(temp, ps[i & 3]); | ||
656 | temp += B; | ||
657 | A = D; | ||
658 | D = C; | ||
659 | C = B; | ||
660 | B = temp; | ||
661 | } | ||
662 | # else /* MD5_SIZE_VS_SPEED == 2 */ | ||
663 | pc = C_array; | ||
664 | pp = P_array; | ||
665 | ps = S_array; | ||
666 | |||
667 | for (i = 0; i < 16; i++) { | ||
668 | temp = A + FF(B, C, D) + words[(int) (*pp++)] + *pc++; | ||
669 | temp = rotl32(temp, ps[i & 3]); | ||
670 | temp += B; | ||
671 | A = D; | ||
672 | D = C; | ||
673 | C = B; | ||
674 | B = temp; | ||
675 | } | ||
676 | ps += 4; | ||
677 | for (i = 0; i < 16; i++) { | ||
678 | temp = A + FG(B, C, D) + words[(int) (*pp++)] + *pc++; | ||
679 | temp = rotl32(temp, ps[i & 3]); | ||
680 | temp += B; | ||
681 | A = D; | ||
682 | D = C; | ||
683 | C = B; | ||
684 | B = temp; | ||
685 | } | ||
686 | ps += 4; | ||
687 | for (i = 0; i < 16; i++) { | ||
688 | temp = A + FH(B, C, D) + words[(int) (*pp++)] + *pc++; | ||
689 | temp = rotl32(temp, ps[i & 3]); | ||
690 | temp += B; | ||
691 | A = D; | ||
692 | D = C; | ||
693 | C = B; | ||
694 | B = temp; | ||
695 | } | ||
696 | ps += 4; | ||
697 | for (i = 0; i < 16; i++) { | ||
698 | temp = A + FI(B, C, D) + words[(int) (*pp++)] + *pc++; | ||
699 | temp = rotl32(temp, ps[i & 3]); | ||
700 | temp += B; | ||
701 | A = D; | ||
702 | D = C; | ||
703 | C = B; | ||
704 | B = temp; | ||
705 | } | ||
706 | # endif | ||
707 | /* Add checksum to the starting values */ | ||
708 | ctx->A += A; | ||
709 | ctx->B += B; | ||
710 | ctx->C += C; | ||
711 | ctx->D += D; | ||
712 | |||
713 | #else /* MD5_SIZE_VS_SPEED == 0 or 1 */ | ||
714 | |||
715 | uint32_t A_save = A; | ||
716 | uint32_t B_save = B; | ||
717 | uint32_t C_save = C; | ||
718 | uint32_t D_save = D; | ||
719 | # if MD5_SIZE_VS_SPEED == 1 | ||
720 | const uint32_t *pc; | ||
721 | const char *pp; | ||
722 | int i; | ||
723 | # endif | ||
724 | |||
725 | /* First round: using the given function, the context and a constant | ||
726 | the next context is computed. Because the algorithm's processing | ||
727 | unit is a 32-bit word and it is determined to work on words in | ||
728 | little endian byte order we perhaps have to change the byte order | ||
729 | before the computation. To reduce the work for the next steps | ||
730 | we save swapped words in WORDS array. */ | ||
731 | # undef OP | ||
732 | # define OP(a, b, c, d, s, T) \ | ||
733 | do { \ | ||
734 | a += FF(b, c, d) + (*words IF_BIG_ENDIAN(= SWAP_LE32(*words))) + T; \ | ||
735 | words++; \ | ||
736 | a = rotl32(a, s); \ | ||
737 | a += b; \ | ||
738 | } while (0) | ||
739 | |||
740 | /* Round 1 */ | ||
741 | # if MD5_SIZE_VS_SPEED == 1 | ||
742 | pc = C_array; | ||
743 | for (i = 0; i < 4; i++) { | ||
744 | OP(A, B, C, D, 7, *pc++); | ||
745 | OP(D, A, B, C, 12, *pc++); | ||
746 | OP(C, D, A, B, 17, *pc++); | ||
747 | OP(B, C, D, A, 22, *pc++); | ||
748 | } | ||
749 | # else | ||
750 | OP(A, B, C, D, 7, 0xd76aa478); | ||
751 | OP(D, A, B, C, 12, 0xe8c7b756); | ||
752 | OP(C, D, A, B, 17, 0x242070db); | ||
753 | OP(B, C, D, A, 22, 0xc1bdceee); | ||
754 | OP(A, B, C, D, 7, 0xf57c0faf); | ||
755 | OP(D, A, B, C, 12, 0x4787c62a); | ||
756 | OP(C, D, A, B, 17, 0xa8304613); | ||
757 | OP(B, C, D, A, 22, 0xfd469501); | ||
758 | OP(A, B, C, D, 7, 0x698098d8); | ||
759 | OP(D, A, B, C, 12, 0x8b44f7af); | ||
760 | OP(C, D, A, B, 17, 0xffff5bb1); | ||
761 | OP(B, C, D, A, 22, 0x895cd7be); | ||
762 | OP(A, B, C, D, 7, 0x6b901122); | ||
763 | OP(D, A, B, C, 12, 0xfd987193); | ||
764 | OP(C, D, A, B, 17, 0xa679438e); | ||
765 | OP(B, C, D, A, 22, 0x49b40821); | ||
766 | # endif | ||
767 | words -= 16; | ||
768 | |||
769 | /* For the second to fourth round we have the possibly swapped words | ||
770 | in WORDS. Redefine the macro to take an additional first | ||
771 | argument specifying the function to use. */ | ||
772 | # undef OP | ||
773 | # define OP(f, a, b, c, d, k, s, T) \ | ||
774 | do { \ | ||
775 | a += f(b, c, d) + words[k] + T; \ | ||
776 | a = rotl32(a, s); \ | ||
777 | a += b; \ | ||
778 | } while (0) | ||
779 | |||
780 | /* Round 2 */ | ||
781 | # if MD5_SIZE_VS_SPEED == 1 | ||
782 | pp = P_array; | ||
783 | for (i = 0; i < 4; i++) { | ||
784 | OP(FG, A, B, C, D, (int) (*pp++), 5, *pc++); | ||
785 | OP(FG, D, A, B, C, (int) (*pp++), 9, *pc++); | ||
786 | OP(FG, C, D, A, B, (int) (*pp++), 14, *pc++); | ||
787 | OP(FG, B, C, D, A, (int) (*pp++), 20, *pc++); | ||
788 | } | ||
789 | # else | ||
790 | OP(FG, A, B, C, D, 1, 5, 0xf61e2562); | ||
791 | OP(FG, D, A, B, C, 6, 9, 0xc040b340); | ||
792 | OP(FG, C, D, A, B, 11, 14, 0x265e5a51); | ||
793 | OP(FG, B, C, D, A, 0, 20, 0xe9b6c7aa); | ||
794 | OP(FG, A, B, C, D, 5, 5, 0xd62f105d); | ||
795 | OP(FG, D, A, B, C, 10, 9, 0x02441453); | ||
796 | OP(FG, C, D, A, B, 15, 14, 0xd8a1e681); | ||
797 | OP(FG, B, C, D, A, 4, 20, 0xe7d3fbc8); | ||
798 | OP(FG, A, B, C, D, 9, 5, 0x21e1cde6); | ||
799 | OP(FG, D, A, B, C, 14, 9, 0xc33707d6); | ||
800 | OP(FG, C, D, A, B, 3, 14, 0xf4d50d87); | ||
801 | OP(FG, B, C, D, A, 8, 20, 0x455a14ed); | ||
802 | OP(FG, A, B, C, D, 13, 5, 0xa9e3e905); | ||
803 | OP(FG, D, A, B, C, 2, 9, 0xfcefa3f8); | ||
804 | OP(FG, C, D, A, B, 7, 14, 0x676f02d9); | ||
805 | OP(FG, B, C, D, A, 12, 20, 0x8d2a4c8a); | ||
806 | # endif | ||
807 | |||
808 | /* Round 3 */ | ||
809 | # if MD5_SIZE_VS_SPEED == 1 | ||
810 | for (i = 0; i < 4; i++) { | ||
811 | OP(FH, A, B, C, D, (int) (*pp++), 4, *pc++); | ||
812 | OP(FH, D, A, B, C, (int) (*pp++), 11, *pc++); | ||
813 | OP(FH, C, D, A, B, (int) (*pp++), 16, *pc++); | ||
814 | OP(FH, B, C, D, A, (int) (*pp++), 23, *pc++); | ||
815 | } | ||
816 | # else | ||
817 | OP(FH, A, B, C, D, 5, 4, 0xfffa3942); | ||
818 | OP(FH, D, A, B, C, 8, 11, 0x8771f681); | ||
819 | OP(FH, C, D, A, B, 11, 16, 0x6d9d6122); | ||
820 | OP(FH, B, C, D, A, 14, 23, 0xfde5380c); | ||
821 | OP(FH, A, B, C, D, 1, 4, 0xa4beea44); | ||
822 | OP(FH, D, A, B, C, 4, 11, 0x4bdecfa9); | ||
823 | OP(FH, C, D, A, B, 7, 16, 0xf6bb4b60); | ||
824 | OP(FH, B, C, D, A, 10, 23, 0xbebfbc70); | ||
825 | OP(FH, A, B, C, D, 13, 4, 0x289b7ec6); | ||
826 | OP(FH, D, A, B, C, 0, 11, 0xeaa127fa); | ||
827 | OP(FH, C, D, A, B, 3, 16, 0xd4ef3085); | ||
828 | OP(FH, B, C, D, A, 6, 23, 0x04881d05); | ||
829 | OP(FH, A, B, C, D, 9, 4, 0xd9d4d039); | ||
830 | OP(FH, D, A, B, C, 12, 11, 0xe6db99e5); | ||
831 | OP(FH, C, D, A, B, 15, 16, 0x1fa27cf8); | ||
832 | OP(FH, B, C, D, A, 2, 23, 0xc4ac5665); | ||
833 | # endif | ||
834 | |||
835 | /* Round 4 */ | ||
836 | # if MD5_SIZE_VS_SPEED == 1 | ||
837 | for (i = 0; i < 4; i++) { | ||
838 | OP(FI, A, B, C, D, (int) (*pp++), 6, *pc++); | ||
839 | OP(FI, D, A, B, C, (int) (*pp++), 10, *pc++); | ||
840 | OP(FI, C, D, A, B, (int) (*pp++), 15, *pc++); | ||
841 | OP(FI, B, C, D, A, (int) (*pp++), 21, *pc++); | ||
842 | } | ||
843 | # else | ||
844 | OP(FI, A, B, C, D, 0, 6, 0xf4292244); | ||
845 | OP(FI, D, A, B, C, 7, 10, 0x432aff97); | ||
846 | OP(FI, C, D, A, B, 14, 15, 0xab9423a7); | ||
847 | OP(FI, B, C, D, A, 5, 21, 0xfc93a039); | ||
848 | OP(FI, A, B, C, D, 12, 6, 0x655b59c3); | ||
849 | OP(FI, D, A, B, C, 3, 10, 0x8f0ccc92); | ||
850 | OP(FI, C, D, A, B, 10, 15, 0xffeff47d); | ||
851 | OP(FI, B, C, D, A, 1, 21, 0x85845dd1); | ||
852 | OP(FI, A, B, C, D, 8, 6, 0x6fa87e4f); | ||
853 | OP(FI, D, A, B, C, 15, 10, 0xfe2ce6e0); | ||
854 | OP(FI, C, D, A, B, 6, 15, 0xa3014314); | ||
855 | OP(FI, B, C, D, A, 13, 21, 0x4e0811a1); | ||
856 | OP(FI, A, B, C, D, 4, 6, 0xf7537e82); | ||
857 | OP(FI, D, A, B, C, 11, 10, 0xbd3af235); | ||
858 | OP(FI, C, D, A, B, 2, 15, 0x2ad7d2bb); | ||
859 | OP(FI, B, C, D, A, 9, 21, 0xeb86d391); | ||
860 | # undef OP | ||
861 | # endif | ||
862 | /* Add checksum to the starting values */ | ||
863 | ctx->A = A_save + A; | ||
864 | ctx->B = B_save + B; | ||
865 | ctx->C = C_save + C; | ||
866 | ctx->D = D_save + D; | ||
867 | #endif | ||
868 | } | ||
869 | #undef FF | ||
870 | #undef FG | ||
871 | #undef FH | ||
872 | #undef FI | ||
873 | |||
874 | /* Feed data through a temporary buffer to call md5_hash_aligned_block() | ||
875 | * with chunks of data that are 4-byte aligned and a multiple of 64 bytes. | ||
876 | * This function's internal buffer remembers previous data until it has 64 | ||
877 | * bytes worth to pass on. Call md5_end() to flush this buffer. */ | ||
878 | void FAST_FUNC md5_hash(md5_ctx_t *ctx, const void *buffer, size_t len) | ||
879 | { | ||
880 | unsigned bufpos = ctx->total64 & 63; | ||
881 | unsigned remaining; | ||
882 | |||
883 | /* RFC 1321 specifies the possible length of the file up to 2^64 bits. | ||
884 | * Here we only track the number of bytes. */ | ||
885 | ctx->total64 += len; | ||
886 | #if 0 | ||
887 | remaining = 64 - bufpos; | ||
888 | |||
889 | /* Hash whole blocks */ | ||
890 | while (len >= remaining) { | ||
891 | memcpy(ctx->wbuffer + bufpos, buffer, remaining); | ||
892 | buffer = (const char *)buffer + remaining; | ||
893 | len -= remaining; | ||
894 | remaining = 64; | ||
895 | bufpos = 0; | ||
896 | md5_process_block64(ctx); | ||
897 | } | ||
898 | |||
899 | /* Save last, partial blosk */ | ||
900 | memcpy(ctx->wbuffer + bufpos, buffer, len); | ||
901 | #else | ||
902 | /* Tiny bit smaller code */ | ||
903 | while (1) { | ||
904 | remaining = 64 - bufpos; | ||
905 | if (remaining > len) | ||
906 | remaining = len; | ||
907 | /* Copy data into aligned buffer */ | ||
908 | memcpy(ctx->wbuffer + bufpos, buffer, remaining); | ||
909 | len -= remaining; | ||
910 | buffer = (const char *)buffer + remaining; | ||
911 | bufpos += remaining; | ||
912 | /* clever way to do "if (bufpos != 64) break; ... ; bufpos = 0;" */ | ||
913 | bufpos -= 64; | ||
914 | if (bufpos != 0) | ||
915 | break; | ||
916 | /* Buffer is filled up, process it */ | ||
917 | md5_process_block64(ctx); | ||
918 | /*bufpos = 0; - already is */ | ||
919 | } | ||
920 | #endif | ||
921 | } | ||
922 | |||
923 | /* Process the remaining bytes in the buffer and put result from CTX | ||
924 | * in first 16 bytes following RESBUF. The result is always in little | ||
925 | * endian byte order, so that a byte-wise output yields to the wanted | ||
926 | * ASCII representation of the message digest. | ||
927 | */ | ||
928 | void FAST_FUNC md5_end(md5_ctx_t *ctx, void *resbuf) | ||
929 | { | ||
930 | unsigned bufpos = ctx->total64 & 63; | ||
931 | /* Pad the buffer to the next 64-byte boundary with 0x80,0,0,0... */ | ||
932 | ctx->wbuffer[bufpos++] = 0x80; | ||
933 | |||
934 | /* This loop iterates either once or twice, no more, no less */ | ||
935 | while (1) { | ||
936 | unsigned remaining = 64 - bufpos; | ||
937 | memset(ctx->wbuffer + bufpos, 0, remaining); | ||
938 | /* Do we have enough space for the length count? */ | ||
939 | if (remaining >= 8) { | ||
940 | /* Store the 64-bit counter of bits in the buffer in LE format */ | ||
941 | uint64_t t = ctx->total64 << 3; | ||
942 | t = SWAP_LE64(t); | ||
943 | /* wbuffer is suitably aligned for this */ | ||
944 | *(uint64_t *) (&ctx->wbuffer[64 - 8]) = t; | ||
945 | } | ||
946 | md5_process_block64(ctx); | ||
947 | if (remaining >= 8) | ||
948 | break; | ||
949 | bufpos = 0; | ||
950 | } | ||
951 | |||
952 | /* The MD5 result is in little endian byte order. | ||
953 | * We (ab)use the fact that A-D are consecutive in memory. | ||
954 | */ | ||
955 | #if BB_BIG_ENDIAN | ||
956 | ctx->A = SWAP_LE32(ctx->A); | ||
957 | ctx->B = SWAP_LE32(ctx->B); | ||
958 | ctx->C = SWAP_LE32(ctx->C); | ||
959 | ctx->D = SWAP_LE32(ctx->D); | ||
960 | #endif | ||
961 | memcpy(resbuf, &ctx->A, sizeof(ctx->A) * 4); | ||
962 | } | ||