/src/BearSSL/src/hash/md5.c

Source
/*
 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
 *
 * Permission is hereby granted, free of charge, to any person obtaining 
 * a copy of this software and associated documentation files (the
 * "Software"), to deal in the Software without restriction, including
 * without limitation the rights to use, copy, modify, merge, publish,
 * distribute, sublicense, and/or sell copies of the Software, and to
 * permit persons to whom the Software is furnished to do so, subject to
 * the following conditions:
 *
 * The above copyright notice and this permission notice shall be 
 * included in all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 
 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */

#include "inner.h"

#define F(B, C, D)     ((((C) ^ (D)) & (B)) ^ (D))
#define G(B, C, D)     ((((C) ^ (B)) & (D)) ^ (C))
#define H(B, C, D)     ((B) ^ (C) ^ (D))
#define I(B, C, D)     ((C) ^ ((B) | ~(D)))

#define ROTL(x, n)    (((x) << (n)) | ((x) >> (32 - (n))))

/* see inner.h */
const uint32_t br_md5_IV[4] = {
  0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476
};

static const uint32_t K[64] = {
  0xD76AA478, 0xE8C7B756, 0x242070DB, 0xC1BDCEEE,
  0xF57C0FAF, 0x4787C62A, 0xA8304613, 0xFD469501,
  0x698098D8, 0x8B44F7AF, 0xFFFF5BB1, 0x895CD7BE,
  0x6B901122, 0xFD987193, 0xA679438E, 0x49B40821,

  0xF61E2562, 0xC040B340, 0x265E5A51, 0xE9B6C7AA,
  0xD62F105D, 0x02441453, 0xD8A1E681, 0xE7D3FBC8,
  0x21E1CDE6, 0xC33707D6, 0xF4D50D87, 0x455A14ED,
  0xA9E3E905, 0xFCEFA3F8, 0x676F02D9, 0x8D2A4C8A,

  0xFFFA3942, 0x8771F681, 0x6D9D6122, 0xFDE5380C,
  0xA4BEEA44, 0x4BDECFA9, 0xF6BB4B60, 0xBEBFBC70,
  0x289B7EC6, 0xEAA127FA, 0xD4EF3085, 0x04881D05,
  0xD9D4D039, 0xE6DB99E5, 0x1FA27CF8, 0xC4AC5665,

  0xF4292244, 0x432AFF97, 0xAB9423A7, 0xFC93A039,
  0x655B59C3, 0x8F0CCC92, 0xFFEFF47D, 0x85845DD1,
  0x6FA87E4F, 0xFE2CE6E0, 0xA3014314, 0x4E0811A1,
  0xF7537E82, 0xBD3AF235, 0x2AD7D2BB, 0xEB86D391
};

static const unsigned char MP[48] = {
  1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12,
  5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2,
  0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9
};

/* see inner.h */
void
br_md5_round(const unsigned char *buf, uint32_t *val)
{
  uint32_t m[16];
  uint32_t a, b, c, d;
  int i;

  a = val[0];
  b = val[1];
  c = val[2];
  d = val[3];
  /* obsolete
  for (i = 0; i < 16; i ++) {
    m[i] = br_dec32le(buf + (i << 2));
  }
  */
  br_range_dec32le(m, 16, buf);

  for (i = 0; i < 16; i += 4) {
    a = b + ROTL(a + F(b, c, d) + m[i + 0] + K[i + 0],  7);
    d = a + ROTL(d + F(a, b, c) + m[i + 1] + K[i + 1], 12);
    c = d + ROTL(c + F(d, a, b) + m[i + 2] + K[i + 2], 17);
    b = c + ROTL(b + F(c, d, a) + m[i + 3] + K[i + 3], 22);
  }
  for (i = 16; i < 32; i += 4) {
    a = b + ROTL(a + G(b, c, d) + m[MP[i - 16]] + K[i + 0],  5);
    d = a + ROTL(d + G(a, b, c) + m[MP[i - 15]] + K[i + 1],  9);
    c = d + ROTL(c + G(d, a, b) + m[MP[i - 14]] + K[i + 2], 14);
    b = c + ROTL(b + G(c, d, a) + m[MP[i - 13]] + K[i + 3], 20);
  }
  for (i = 32; i < 48; i += 4) {
    a = b + ROTL(a + H(b, c, d) + m[MP[i - 16]] + K[i + 0],  4);
    d = a + ROTL(d + H(a, b, c) + m[MP[i - 15]] + K[i + 1], 11);
    c = d + ROTL(c + H(d, a, b) + m[MP[i - 14]] + K[i + 2], 16);
    b = c + ROTL(b + H(c, d, a) + m[MP[i - 13]] + K[i + 3], 23);
  }
  for (i = 48; i < 64; i += 4) {
    a = b + ROTL(a + I(b, c, d) + m[MP[i - 16]] + K[i + 0],  6);
    d = a + ROTL(d + I(a, b, c) + m[MP[i - 15]] + K[i + 1], 10);
    c = d + ROTL(c + I(d, a, b) + m[MP[i - 14]] + K[i + 2], 15);
    b = c + ROTL(b + I(c, d, a) + m[MP[i - 13]] + K[i + 3], 21);
  }

  val[0] += a;
  val[1] += b;
  val[2] += c;
  val[3] += d;
}

/* see bearssl.h */
void
br_md5_init(br_md5_context *cc)
{
  cc->vtable = &br_md5_vtable;
  memcpy(cc->val, br_md5_IV, sizeof cc->val);
  cc->count = 0;
}

/* see bearssl.h */
void
br_md5_update(br_md5_context *cc, const void *data, size_t len)
{
  const unsigned char *buf;
  size_t ptr;

  buf = data;
  ptr = (size_t)cc->count & 63;
  while (len > 0) {
    size_t clen;

    clen = 64 - ptr;
    if (clen > len) {
      clen = len;
    }
    memcpy(cc->buf + ptr, buf, clen);
    ptr += clen;
    buf += clen;
    len -= clen;
    cc->count += (uint64_t)clen;
    if (ptr == 64) {
      br_md5_round(cc->buf, cc->val);
      ptr = 0;
    }
  }
}

/* see bearssl.h */
void
br_md5_out(const br_md5_context *cc, void *dst)
{
  unsigned char buf[64];
  uint32_t val[4];
  size_t ptr;

  ptr = (size_t)cc->count & 63;
  memcpy(buf, cc->buf, ptr);
  memcpy(val, cc->val, sizeof val);
  buf[ptr ++] = 0x80;
  if (ptr > 56) {
    memset(buf + ptr, 0, 64 - ptr);
    br_md5_round(buf, val);
    memset(buf, 0, 56);
  } else {
    memset(buf + ptr, 0, 56 - ptr);
  }
  br_enc64le(buf + 56, cc->count << 3);
  br_md5_round(buf, val);
  br_range_enc32le(dst, val, 4);
}

/* see bearssl.h */
uint64_t
br_md5_state(const br_md5_context *cc, void *dst)
{
  br_range_enc32le(dst, cc->val, 4);
  return cc->count;
}

/* see bearssl.h */
void
br_md5_set_state(br_md5_context *cc, const void *stb, uint64_t count)
{
  br_range_dec32le(cc->val, 4, stb);
  cc->count = count;
}

/* see bearssl.h */
const br_hash_class br_md5_vtable = {
  sizeof(br_md5_context),
  BR_HASHDESC_ID(br_md5_ID)
    | BR_HASHDESC_OUT(16)
    | BR_HASHDESC_STATE(16)
    | BR_HASHDESC_LBLEN(6)
    | BR_HASHDESC_MD_PADDING,
  (void (*)(const br_hash_class **))&br_md5_init,
  (void (*)(const br_hash_class **, const void *, size_t))&br_md5_update,
  (void (*)(const br_hash_class *const *, void *))&br_md5_out,
  (uint64_t (*)(const br_hash_class *const *, void *))&br_md5_state,
  (void (*)(const br_hash_class **, const void *, uint64_t))
    &br_md5_set_state
};

Coverage Report

Created: 2024-06-28 06:08

Line	Count	Source
1		/*
2		* Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3		*
4		* Permission is hereby granted, free of charge, to any person obtaining
5		* a copy of this software and associated documentation files (the
6		* "Software"), to deal in the Software without restriction, including
7		* without limitation the rights to use, copy, modify, merge, publish,
8		* distribute, sublicense, and/or sell copies of the Software, and to
9		* permit persons to whom the Software is furnished to do so, subject to
10		* the following conditions:
11		*
12		* The above copyright notice and this permission notice shall be
13		* included in all copies or substantial portions of the Software.
14		*
15		* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16		* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17		* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18		* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19		* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20		* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21		* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22		* SOFTWARE.
23		*/
24
25		#include "inner.h"
26
27		#define F(B, C, D) ((((C) ^ (D)) & (B)) ^ (D))
28		#define G(B, C, D) ((((C) ^ (B)) & (D)) ^ (C))
29		#define H(B, C, D) ((B) ^ (C) ^ (D))
30		#define I(B, C, D) ((C) ^ ((B) \| ~(D)))
31
32	12.8M	#define ROTL(x, n) (((x) << (n)) \| ((x) >> (32 - (n))))
33
34		/* see inner.h */
35		const uint32_t br_md5_IV[4] = {
36		0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476
37		};
38
39		static const uint32_t K[64] = {
40		0xD76AA478, 0xE8C7B756, 0x242070DB, 0xC1BDCEEE,
41		0xF57C0FAF, 0x4787C62A, 0xA8304613, 0xFD469501,
42		0x698098D8, 0x8B44F7AF, 0xFFFF5BB1, 0x895CD7BE,
43		0x6B901122, 0xFD987193, 0xA679438E, 0x49B40821,
44
45		0xF61E2562, 0xC040B340, 0x265E5A51, 0xE9B6C7AA,
46		0xD62F105D, 0x02441453, 0xD8A1E681, 0xE7D3FBC8,
47		0x21E1CDE6, 0xC33707D6, 0xF4D50D87, 0x455A14ED,
48		0xA9E3E905, 0xFCEFA3F8, 0x676F02D9, 0x8D2A4C8A,
49
50		0xFFFA3942, 0x8771F681, 0x6D9D6122, 0xFDE5380C,
51		0xA4BEEA44, 0x4BDECFA9, 0xF6BB4B60, 0xBEBFBC70,
52		0x289B7EC6, 0xEAA127FA, 0xD4EF3085, 0x04881D05,
53		0xD9D4D039, 0xE6DB99E5, 0x1FA27CF8, 0xC4AC5665,
54
55		0xF4292244, 0x432AFF97, 0xAB9423A7, 0xFC93A039,
56		0x655B59C3, 0x8F0CCC92, 0xFFEFF47D, 0x85845DD1,
57		0x6FA87E4F, 0xFE2CE6E0, 0xA3014314, 0x4E0811A1,
58		0xF7537E82, 0xBD3AF235, 0x2AD7D2BB, 0xEB86D391
59		};
60
61		static const unsigned char MP[48] = {
62		1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12,
63		5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2,
64		0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9
65		};
66
67		/* see inner.h */
68		void
69		br_md5_round(const unsigned char buf, uint32_t val)
70	200k	{
71	200k	uint32_t m[16];
72	200k	uint32_t a, b, c, d;
73	200k	int i;
74
75	200k	a = val[0];
76	200k	b = val[1];
77	200k	c = val[2];
78	200k	d = val[3];
79		/* obsolete
80		for (i = 0; i < 16; i ++) {
81		m[i] = br_dec32le(buf + (i << 2));
82		}
83		*/
84	200k	br_range_dec32le(m, 16, buf);
85
86	1.00M	for (i = 0; i < 16; i += 4) {
87	801k	a = b + ROTL(a + F(b, c, d) + m[i + 0] + K[i + 0], 7);
88	801k	d = a + ROTL(d + F(a, b, c) + m[i + 1] + K[i + 1], 12);
89	801k	c = d + ROTL(c + F(d, a, b) + m[i + 2] + K[i + 2], 17);
90	801k	b = c + ROTL(b + F(c, d, a) + m[i + 3] + K[i + 3], 22);
91	801k	}
92	1.00M	for (i = 16; i < 32; i += 4) {
93	801k	a = b + ROTL(a + G(b, c, d) + m[MP[i - 16]] + K[i + 0], 5);
94	801k	d = a + ROTL(d + G(a, b, c) + m[MP[i - 15]] + K[i + 1], 9);
95	801k	c = d + ROTL(c + G(d, a, b) + m[MP[i - 14]] + K[i + 2], 14);
96	801k	b = c + ROTL(b + G(c, d, a) + m[MP[i - 13]] + K[i + 3], 20);
97	801k	}
98	1.00M	for (i = 32; i < 48; i += 4) {
99	801k	a = b + ROTL(a + H(b, c, d) + m[MP[i - 16]] + K[i + 0], 4);
100	801k	d = a + ROTL(d + H(a, b, c) + m[MP[i - 15]] + K[i + 1], 11);
101	801k	c = d + ROTL(c + H(d, a, b) + m[MP[i - 14]] + K[i + 2], 16);
102	801k	b = c + ROTL(b + H(c, d, a) + m[MP[i - 13]] + K[i + 3], 23);
103	801k	}
104	1.00M	for (i = 48; i < 64; i += 4) {
105	801k	a = b + ROTL(a + I(b, c, d) + m[MP[i - 16]] + K[i + 0], 6);
106	801k	d = a + ROTL(d + I(a, b, c) + m[MP[i - 15]] + K[i + 1], 10);
107	801k	c = d + ROTL(c + I(d, a, b) + m[MP[i - 14]] + K[i + 2], 15);
108	801k	b = c + ROTL(b + I(c, d, a) + m[MP[i - 13]] + K[i + 3], 21);
109	801k	}
110
111	200k	val[0] += a;
112	200k	val[1] += b;
113	200k	val[2] += c;
114	200k	val[3] += d;
115	200k	}
116
117		/* see bearssl.h */
118		void
119		br_md5_init(br_md5_context *cc)
120	49.1k	{
121	49.1k	cc->vtable = &br_md5_vtable;
122	49.1k	memcpy(cc->val, br_md5_IV, sizeof cc->val);
123	49.1k	cc->count = 0;
124	49.1k	}
125
126		/* see bearssl.h */
127		void
128		br_md5_update(br_md5_context cc, const void data, size_t len)
129	289k	{
130	289k	const unsigned char *buf;
131	289k	size_t ptr;
132
133	289k	buf = data;
134	289k	ptr = (size_t)cc->count & 63;
135	456k	while (len > 0) {
136	166k	size_t clen;
137
138	166k	clen = 64 - ptr;
139	166k	if (clen > len) {
140	63.2k	clen = len;
141	63.2k	}
142	166k	memcpy(cc->buf + ptr, buf, clen);
143	166k	ptr += clen;
144	166k	buf += clen;
145	166k	len -= clen;
146	166k	cc->count += (uint64_t)clen;
147	166k	if (ptr == 64) {
148	103k	br_md5_round(cc->buf, cc->val);
149	103k	ptr = 0;
150	103k	}
151	166k	}
152	289k	}
153
154		/* see bearssl.h */
155		void
156		br_md5_out(const br_md5_context cc, void dst)
157	47.0k	{
158	47.0k	unsigned char buf[64];
159	47.0k	uint32_t val[4];
160	47.0k	size_t ptr;
161
162	47.0k	ptr = (size_t)cc->count & 63;
163	47.0k	memcpy(buf, cc->buf, ptr);
164	47.0k	memcpy(val, cc->val, sizeof val);
165	47.0k	buf[ptr ++] = 0x80;
166	47.0k	if (ptr > 56) {
167	1.21k	memset(buf + ptr, 0, 64 - ptr);
168	1.21k	br_md5_round(buf, val);
169	1.21k	memset(buf, 0, 56);
170	45.8k	} else {
171	45.8k	memset(buf + ptr, 0, 56 - ptr);
172	45.8k	}
173	47.0k	br_enc64le(buf + 56, cc->count << 3);
174	47.0k	br_md5_round(buf, val);
175	47.0k	br_range_enc32le(dst, val, 4);
176	47.0k	}
177
178		/* see bearssl.h */
179		uint64_t
180		br_md5_state(const br_md5_context cc, void dst)
181	2.09k	{
182	2.09k	br_range_enc32le(dst, cc->val, 4);
183	2.09k	return cc->count;
184	2.09k	}
185
186		/* see bearssl.h */
187		void
188		br_md5_set_state(br_md5_context cc, const void stb, uint64_t count)
189	46.4k	{
190	46.4k	br_range_dec32le(cc->val, 4, stb);
191	46.4k	cc->count = count;
192	46.4k	}
193
194		/* see bearssl.h */
195		const br_hash_class br_md5_vtable = {
196		sizeof(br_md5_context),
197		BR_HASHDESC_ID(br_md5_ID)
198		\| BR_HASHDESC_OUT(16)
199		\| BR_HASHDESC_STATE(16)
200		\| BR_HASHDESC_LBLEN(6)
201		\| BR_HASHDESC_MD_PADDING,
202		(void ()(const br_hash_class *))&br_md5_init,
203		(void ()(const br_hash_class , const void , size_t))&br_md5_update,
204		(void ()(const br_hash_class const , void ))&br_md5_out,
205		(uint64_t ()(const br_hash_class const , void ))&br_md5_state,
206		(void ()(const br_hash_class , const void , uint64_t))
207		&br_md5_set_state
208		};