1/*
2 * This code implements the MD5 message-digest algorithm.
3 * The algorithm is due to Ron Rivest.  This code was
4 * written by Colin Plumb in 1993, no copyright is claimed.
5 * This code is in the public domain; do with it what you wish.
6 *
7 * Equivalent code is available from RSA Data Security, Inc.
8 * This code has been tested against that, and is equivalent,
9 * except that you don't need to include two pages of legalese
10 * with every copy.
11 *
12 * To compute the message digest of a chunk of bytes, declare an
13 * MD5Context structure, pass it to MD5Init, call MD5Update as
14 * needed on buffers full of bytes, and then call MD5Final, which
15 * will fill a supplied 16-byte array with the digest.
16 */
17
18/* This code was modified in 1997 by Jim Kingdon of Cyclic Software to
19   not require an integer type which is exactly 32 bits.  This work
20   draws on the changes for the same purpose by Tatu Ylonen
21   <ylo@cs.hut.fi> as part of SSH, but since I didn't actually use
22   that code, there is no copyright issue.  I hereby disclaim
23   copyright in any changes I have made; this code remains in the
24   public domain.  */
25
26/* Note regarding cvs_* namespace: this avoids potential conflicts
27   with libraries such as some versions of Kerberos.  No particular
28   need to worry about whether the system supplies an MD5 library, as
29   this file is only about 3k of object code.  */
30
31#include <util.h>
32
33#include "md5.h"
34
35/* Little-endian byte-swapping routines.  Note that these do not
36   depend on the size of datatypes such as cvs_uint32, nor do they require
37   us to detect the endianness of the machine we are running on.  It
38   is possible they should be macros for speed, but I would be
39   surprised if they were a performance bottleneck for MD5.  */
40
41static unsigned long
42getu32(const unsigned char *addr)
43{
44        return (((((unsigned long)addr[3] << 8) | addr[2]) << 8)
45                | addr[1]) << 8 | addr[0];
46}
47
48static void
49putu32(unsigned long data, unsigned char *addr)
50{
51        addr[0] = (unsigned char)data;
52        addr[1] = (unsigned char)(data >> 8);
53        addr[2] = (unsigned char)(data >> 16);
54        addr[3] = (unsigned char)(data >> 24);
55}
56
57/*
58 * Start MD5 accumulation.  Set bit count to 0 and buffer to mysterious
59 * initialization constants.
60 */
61void
62yasm_md5_init(yasm_md5_context *ctx)
63{
64        ctx->buf[0] = 0x67452301;
65        ctx->buf[1] = 0xefcdab89;
66        ctx->buf[2] = 0x98badcfe;
67        ctx->buf[3] = 0x10325476;
68
69        ctx->bits[0] = 0;
70        ctx->bits[1] = 0;
71}
72
73/*
74 * Update context to reflect the concatenation of another buffer full
75 * of bytes.
76 */
77void
78yasm_md5_update(yasm_md5_context *ctx, unsigned char const *buf,
79                unsigned long len)
80{
81        unsigned long t;
82
83        /* Update bitcount */
84
85        t = ctx->bits[0];
86        if ((ctx->bits[0] = (t + ((unsigned long)len << 3)) & 0xffffffff) < t)
87                ctx->bits[1]++; /* Carry from low to high */
88        ctx->bits[1] += len >> 29;
89
90        t = (t >> 3) & 0x3f;    /* Bytes already in shsInfo->data */
91
92        /* Handle any leading odd-sized chunks */
93
94        if ( t ) {
95                unsigned char *p = ctx->in + t;
96
97                t = 64-t;
98                if (len < t) {
99                        memcpy(p, buf, len);
100                        return;
101                }
102                memcpy(p, buf, t);
103                yasm_md5_transform (ctx->buf, ctx->in);
104                buf += t;
105                len -= t;
106        }
107
108        /* Process data in 64-byte chunks */
109
110        while (len >= 64) {
111                memcpy(ctx->in, buf, 64);
112                yasm_md5_transform (ctx->buf, ctx->in);
113                buf += 64;
114                len -= 64;
115        }
116
117        /* Handle any remaining bytes of data. */
118
119        memcpy(ctx->in, buf, len);
120}
121
122/*
123 * Final wrapup - pad to 64-byte boundary with the bit pattern
124 * 1 0* (64-bit count of bits processed, MSB-first)
125 */
126void
127yasm_md5_final(unsigned char digest[16], yasm_md5_context *ctx)
128{
129        unsigned count;
130        unsigned char *p;
131
132        /* Compute number of bytes mod 64 */
133        count = (ctx->bits[0] >> 3) & 0x3F;
134
135        /* Set the first char of padding to 0x80.  This is safe since there is
136           always at least one byte free */
137        p = ctx->in + count;
138        *p++ = 0x80;
139
140        /* Bytes of padding needed to make 64 bytes */
141        count = 64 - 1 - count;
142
143        /* Pad out to 56 mod 64 */
144        if (count < 8) {
145                /* Two lots of padding:  Pad the first block to 64 bytes */
146                memset(p, 0, count);
147                yasm_md5_transform (ctx->buf, ctx->in);
148
149                /* Now fill the next block with 56 bytes */
150                memset(ctx->in, 0, 56);
151        } else {
152                /* Pad block to 56 bytes */
153                memset(p, 0, count-8);
154        }
155
156        /* Append length in bits and transform */
157        putu32(ctx->bits[0], ctx->in + 56);
158        putu32(ctx->bits[1], ctx->in + 60);
159
160        yasm_md5_transform (ctx->buf, ctx->in);
161        putu32(ctx->buf[0], digest);
162        putu32(ctx->buf[1], digest + 4);
163        putu32(ctx->buf[2], digest + 8);
164        putu32(ctx->buf[3], digest + 12);
165        memset(ctx, 0, sizeof(*ctx));    /* In case it's sensitive */
166}
167
168#ifndef ASM_MD5
169
170/* The four core functions - F1 is optimized somewhat */
171
172/* #define F1(x, y, z) (x & y | ~x & z) */
173#define F1(x, y, z) (z ^ (x & (y ^ z)))
174#define F2(x, y, z) F1(z, x, y)
175#define F3(x, y, z) (x ^ y ^ z)
176#define F4(x, y, z) (y ^ (x | ~z))
177
178/* This is the central step in the MD5 algorithm. */
179#define MD5STEP(f, w, x, y, z, data, s) \
180        ( w += f(x, y, z) + data, w &= 0xffffffff, w = w<<s | w>>(32-s), w += x )
181
182/*
183 * The core of the MD5 algorithm, this alters an existing MD5 hash to
184 * reflect the addition of 16 longwords of new data.  MD5Update blocks
185 * the data and converts bytes into longwords for this routine.
186 */
187void
188yasm_md5_transform(unsigned long buf[4], const unsigned char inraw[64])
189{
190        register unsigned long a, b, c, d;
191        unsigned long in[16];
192        int i;
193
194        for (i = 0; i < 16; ++i)
195                in[i] = getu32 (inraw + 4 * i);
196
197        a = buf[0];
198        b = buf[1];
199        c = buf[2];
200        d = buf[3];
201
202        MD5STEP(F1, a, b, c, d, in[ 0]+0xd76aa478,  7);
203        MD5STEP(F1, d, a, b, c, in[ 1]+0xe8c7b756, 12);
204        MD5STEP(F1, c, d, a, b, in[ 2]+0x242070db, 17);
205        MD5STEP(F1, b, c, d, a, in[ 3]+0xc1bdceee, 22);
206        MD5STEP(F1, a, b, c, d, in[ 4]+0xf57c0faf,  7);
207        MD5STEP(F1, d, a, b, c, in[ 5]+0x4787c62a, 12);
208        MD5STEP(F1, c, d, a, b, in[ 6]+0xa8304613, 17);
209        MD5STEP(F1, b, c, d, a, in[ 7]+0xfd469501, 22);
210        MD5STEP(F1, a, b, c, d, in[ 8]+0x698098d8,  7);
211        MD5STEP(F1, d, a, b, c, in[ 9]+0x8b44f7af, 12);
212        MD5STEP(F1, c, d, a, b, in[10]+0xffff5bb1, 17);
213        MD5STEP(F1, b, c, d, a, in[11]+0x895cd7be, 22);
214        MD5STEP(F1, a, b, c, d, in[12]+0x6b901122,  7);
215        MD5STEP(F1, d, a, b, c, in[13]+0xfd987193, 12);
216        MD5STEP(F1, c, d, a, b, in[14]+0xa679438e, 17);
217        MD5STEP(F1, b, c, d, a, in[15]+0x49b40821, 22);
218
219        MD5STEP(F2, a, b, c, d, in[ 1]+0xf61e2562,  5);
220        MD5STEP(F2, d, a, b, c, in[ 6]+0xc040b340,  9);
221        MD5STEP(F2, c, d, a, b, in[11]+0x265e5a51, 14);
222        MD5STEP(F2, b, c, d, a, in[ 0]+0xe9b6c7aa, 20);
223        MD5STEP(F2, a, b, c, d, in[ 5]+0xd62f105d,  5);
224        MD5STEP(F2, d, a, b, c, in[10]+0x02441453,  9);
225        MD5STEP(F2, c, d, a, b, in[15]+0xd8a1e681, 14);
226        MD5STEP(F2, b, c, d, a, in[ 4]+0xe7d3fbc8, 20);
227        MD5STEP(F2, a, b, c, d, in[ 9]+0x21e1cde6,  5);
228        MD5STEP(F2, d, a, b, c, in[14]+0xc33707d6,  9);
229        MD5STEP(F2, c, d, a, b, in[ 3]+0xf4d50d87, 14);
230        MD5STEP(F2, b, c, d, a, in[ 8]+0x455a14ed, 20);
231        MD5STEP(F2, a, b, c, d, in[13]+0xa9e3e905,  5);
232        MD5STEP(F2, d, a, b, c, in[ 2]+0xfcefa3f8,  9);
233        MD5STEP(F2, c, d, a, b, in[ 7]+0x676f02d9, 14);
234        MD5STEP(F2, b, c, d, a, in[12]+0x8d2a4c8a, 20);
235
236        MD5STEP(F3, a, b, c, d, in[ 5]+0xfffa3942,  4);
237        MD5STEP(F3, d, a, b, c, in[ 8]+0x8771f681, 11);
238        MD5STEP(F3, c, d, a, b, in[11]+0x6d9d6122, 16);
239        MD5STEP(F3, b, c, d, a, in[14]+0xfde5380c, 23);
240        MD5STEP(F3, a, b, c, d, in[ 1]+0xa4beea44,  4);
241        MD5STEP(F3, d, a, b, c, in[ 4]+0x4bdecfa9, 11);
242        MD5STEP(F3, c, d, a, b, in[ 7]+0xf6bb4b60, 16);
243        MD5STEP(F3, b, c, d, a, in[10]+0xbebfbc70, 23);
244        MD5STEP(F3, a, b, c, d, in[13]+0x289b7ec6,  4);
245        MD5STEP(F3, d, a, b, c, in[ 0]+0xeaa127fa, 11);
246        MD5STEP(F3, c, d, a, b, in[ 3]+0xd4ef3085, 16);
247        MD5STEP(F3, b, c, d, a, in[ 6]+0x04881d05, 23);
248        MD5STEP(F3, a, b, c, d, in[ 9]+0xd9d4d039,  4);
249        MD5STEP(F3, d, a, b, c, in[12]+0xe6db99e5, 11);
250        MD5STEP(F3, c, d, a, b, in[15]+0x1fa27cf8, 16);
251        MD5STEP(F3, b, c, d, a, in[ 2]+0xc4ac5665, 23);
252
253        MD5STEP(F4, a, b, c, d, in[ 0]+0xf4292244,  6);
254        MD5STEP(F4, d, a, b, c, in[ 7]+0x432aff97, 10);
255        MD5STEP(F4, c, d, a, b, in[14]+0xab9423a7, 15);
256        MD5STEP(F4, b, c, d, a, in[ 5]+0xfc93a039, 21);
257        MD5STEP(F4, a, b, c, d, in[12]+0x655b59c3,  6);
258        MD5STEP(F4, d, a, b, c, in[ 3]+0x8f0ccc92, 10);
259        MD5STEP(F4, c, d, a, b, in[10]+0xffeff47d, 15);
260        MD5STEP(F4, b, c, d, a, in[ 1]+0x85845dd1, 21);
261        MD5STEP(F4, a, b, c, d, in[ 8]+0x6fa87e4f,  6);
262        MD5STEP(F4, d, a, b, c, in[15]+0xfe2ce6e0, 10);
263        MD5STEP(F4, c, d, a, b, in[ 6]+0xa3014314, 15);
264        MD5STEP(F4, b, c, d, a, in[13]+0x4e0811a1, 21);
265        MD5STEP(F4, a, b, c, d, in[ 4]+0xf7537e82,  6);
266        MD5STEP(F4, d, a, b, c, in[11]+0xbd3af235, 10);
267        MD5STEP(F4, c, d, a, b, in[ 2]+0x2ad7d2bb, 15);
268        MD5STEP(F4, b, c, d, a, in[ 9]+0xeb86d391, 21);
269
270        buf[0] += a;
271        buf[1] += b;
272        buf[2] += c;
273        buf[3] += d;
274}
275#endif
276
277#ifdef TEST
278/* Simple test program.  Can use it to manually run the tests from
279   RFC1321 for example.  */
280#include <stdio.h>
281
282int
283main (int argc, char **argv)
284{
285        yasm_md5_context context;
286        unsigned char checksum[16];
287        int i;
288        int j;
289
290        if (argc < 2)
291        {
292                fprintf (stderr, "usage: %s string-to-hash\n", argv[0]);
293                exit (1);
294        }
295        for (j = 1; j < argc; ++j)
296        {
297                printf ("MD5 (\"%s\") = ", argv[j]);
298                yasm_md5_init (&context);
299                yasm_md5_update (&context, argv[j], strlen (argv[j]));
300                yasm_md5_final (checksum, &context);
301                for (i = 0; i < 16; i++)
302                {
303                        printf ("%02x", (unsigned int) checksum[i]);
304                }
305                printf ("\n");
306        }
307        return 0;
308}
309#endif /* TEST */
310