]> git.saurik.com Git - apple/javascriptcore.git/blob - wtf/MD5.cpp
JavaScriptCore-721.26.tar.gz
[apple/javascriptcore.git] / wtf / MD5.cpp
1 // The original file was copied from sqlite, and was in the public domain.
2 // Modifications Copyright 2006 Google Inc. All Rights Reserved
3 /*
4 * Copyright (C) 2010 Google Inc. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are
8 * met:
9 *
10 * * Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * * Redistributions in binary form must reproduce the above
13 * copyright notice, this list of conditions and the following disclaimer
14 * in the documentation and/or other materials provided with the
15 * distribution.
16 * * Neither the name of Google Inc. nor the names of its
17 * contributors may be used to endorse or promote products derived from
18 * this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 */
32 /*
33 * This code implements the MD5 message-digest algorithm.
34 * The algorithm is due to Ron Rivest. This code was
35 * written by Colin Plumb in 1993, no copyright is claimed.
36 * This code is in the public domain; do with it what you wish.
37 *
38 * Equivalent code is available from RSA Data Security, Inc.
39 * This code has been tested against that, and is equivalent,
40 * except that you don't need to include two pages of legalese
41 * with every copy.
42 *
43 * To compute the message digest of a chunk of bytes, construct an
44 * MD5 instance, call addBytes as needed on buffers full of bytes,
45 * and then call checksum, which will fill a supplied 16-byte array
46 * with the digest.
47 */
48
49 #include "config.h"
50 #include "MD5.h"
51
52 #include "Assertions.h"
53 #ifndef NDEBUG
54 #include "StringExtras.h"
55 #include "text/CString.h"
56 #endif
57
58 namespace WTF {
59
60 #ifdef NDEBUG
61 static inline void testMD5() { }
62 #else
63 // MD5 test case.
64 static bool isTestMD5Done;
65
66 static void expectMD5(CString input, CString expected)
67 {
68 MD5 md5;
69 md5.addBytes(reinterpret_cast<const uint8_t*>(input.data()), input.length());
70 Vector<uint8_t, 16> digest = md5.checksum();
71 char* buf = 0;
72 CString actual = CString::newUninitialized(32, buf);
73 for (size_t i = 0; i < 16; i++) {
74 snprintf(buf, 3, "%02x", digest.at(i));
75 buf += 2;
76 }
77 ASSERT_WITH_MESSAGE(actual == expected, "input:%s[%d] actual:%s expected:%s", input.data(), input.length(), actual.data(), expected.data());
78 }
79
80 static void testMD5()
81 {
82 if (isTestMD5Done)
83 return;
84 isTestMD5Done = true;
85
86 // MD5 Test suite from http://www.ietf.org/rfc/rfc1321.txt
87 expectMD5("", "d41d8cd98f00b204e9800998ecf8427e");
88 expectMD5("a", "0cc175b9c0f1b6a831c399e269772661");
89 expectMD5("abc", "900150983cd24fb0d6963f7d28e17f72");
90 expectMD5("message digest", "f96b697d7cb7938d525a2f31aaf161d0");
91 expectMD5("abcdefghijklmnopqrstuvwxyz", "c3fcd3d76192e4007dfb496cca67e13b");
92 expectMD5("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "d174ab98d277d9f5a5611c2c9f419d9f");
93 expectMD5("12345678901234567890123456789012345678901234567890123456789012345678901234567890", "57edf4a22be3c955ac49da2e2107b67a");
94 }
95 #endif
96
97 // Note: this code is harmless on little-endian machines.
98
99 static void reverseBytes(uint8_t* buf, unsigned longs)
100 {
101 ASSERT(longs > 0);
102 do {
103 uint32_t t = static_cast<uint32_t>(buf[3] << 8 | buf[2]) << 16 | buf[1] << 8 | buf[0];
104 ASSERT_WITH_MESSAGE(!(reinterpret_cast<uintptr_t>(buf) % sizeof(t)), "alignment error of buf");
105 *reinterpret_cast<uint32_t *>(buf) = t;
106 buf += 4;
107 } while (--longs);
108 }
109
110 // The four core functions.
111 // F1 is originally defined as (x & y | ~x & z), but optimized somewhat: 4 bit ops -> 3 bit ops.
112 #define F1(x, y, z) (z ^ (x & (y ^ z)))
113 #define F2(x, y, z) F1(z, x, y)
114 #define F3(x, y, z) (x ^ y ^ z)
115 #define F4(x, y, z) (y ^ (x | ~z))
116
117 // This is the central step in the MD5 algorithm.
118 #define MD5STEP(f, w, x, y, z, data, s) \
119 (w += f(x, y, z) + data, w = w << s | w >> (32 - s), w += x)
120
121 static void MD5Transform(uint32_t buf[4], const uint32_t in[16])
122 {
123 uint32_t a = buf[0];
124 uint32_t b = buf[1];
125 uint32_t c = buf[2];
126 uint32_t d = buf[3];
127
128 MD5STEP(F1, a, b, c, d, in[ 0]+0xd76aa478, 7);
129 MD5STEP(F1, d, a, b, c, in[ 1]+0xe8c7b756, 12);
130 MD5STEP(F1, c, d, a, b, in[ 2]+0x242070db, 17);
131 MD5STEP(F1, b, c, d, a, in[ 3]+0xc1bdceee, 22);
132 MD5STEP(F1, a, b, c, d, in[ 4]+0xf57c0faf, 7);
133 MD5STEP(F1, d, a, b, c, in[ 5]+0x4787c62a, 12);
134 MD5STEP(F1, c, d, a, b, in[ 6]+0xa8304613, 17);
135 MD5STEP(F1, b, c, d, a, in[ 7]+0xfd469501, 22);
136 MD5STEP(F1, a, b, c, d, in[ 8]+0x698098d8, 7);
137 MD5STEP(F1, d, a, b, c, in[ 9]+0x8b44f7af, 12);
138 MD5STEP(F1, c, d, a, b, in[10]+0xffff5bb1, 17);
139 MD5STEP(F1, b, c, d, a, in[11]+0x895cd7be, 22);
140 MD5STEP(F1, a, b, c, d, in[12]+0x6b901122, 7);
141 MD5STEP(F1, d, a, b, c, in[13]+0xfd987193, 12);
142 MD5STEP(F1, c, d, a, b, in[14]+0xa679438e, 17);
143 MD5STEP(F1, b, c, d, a, in[15]+0x49b40821, 22);
144
145 MD5STEP(F2, a, b, c, d, in[ 1]+0xf61e2562, 5);
146 MD5STEP(F2, d, a, b, c, in[ 6]+0xc040b340, 9);
147 MD5STEP(F2, c, d, a, b, in[11]+0x265e5a51, 14);
148 MD5STEP(F2, b, c, d, a, in[ 0]+0xe9b6c7aa, 20);
149 MD5STEP(F2, a, b, c, d, in[ 5]+0xd62f105d, 5);
150 MD5STEP(F2, d, a, b, c, in[10]+0x02441453, 9);
151 MD5STEP(F2, c, d, a, b, in[15]+0xd8a1e681, 14);
152 MD5STEP(F2, b, c, d, a, in[ 4]+0xe7d3fbc8, 20);
153 MD5STEP(F2, a, b, c, d, in[ 9]+0x21e1cde6, 5);
154 MD5STEP(F2, d, a, b, c, in[14]+0xc33707d6, 9);
155 MD5STEP(F2, c, d, a, b, in[ 3]+0xf4d50d87, 14);
156 MD5STEP(F2, b, c, d, a, in[ 8]+0x455a14ed, 20);
157 MD5STEP(F2, a, b, c, d, in[13]+0xa9e3e905, 5);
158 MD5STEP(F2, d, a, b, c, in[ 2]+0xfcefa3f8, 9);
159 MD5STEP(F2, c, d, a, b, in[ 7]+0x676f02d9, 14);
160 MD5STEP(F2, b, c, d, a, in[12]+0x8d2a4c8a, 20);
161
162 MD5STEP(F3, a, b, c, d, in[ 5]+0xfffa3942, 4);
163 MD5STEP(F3, d, a, b, c, in[ 8]+0x8771f681, 11);
164 MD5STEP(F3, c, d, a, b, in[11]+0x6d9d6122, 16);
165 MD5STEP(F3, b, c, d, a, in[14]+0xfde5380c, 23);
166 MD5STEP(F3, a, b, c, d, in[ 1]+0xa4beea44, 4);
167 MD5STEP(F3, d, a, b, c, in[ 4]+0x4bdecfa9, 11);
168 MD5STEP(F3, c, d, a, b, in[ 7]+0xf6bb4b60, 16);
169 MD5STEP(F3, b, c, d, a, in[10]+0xbebfbc70, 23);
170 MD5STEP(F3, a, b, c, d, in[13]+0x289b7ec6, 4);
171 MD5STEP(F3, d, a, b, c, in[ 0]+0xeaa127fa, 11);
172 MD5STEP(F3, c, d, a, b, in[ 3]+0xd4ef3085, 16);
173 MD5STEP(F3, b, c, d, a, in[ 6]+0x04881d05, 23);
174 MD5STEP(F3, a, b, c, d, in[ 9]+0xd9d4d039, 4);
175 MD5STEP(F3, d, a, b, c, in[12]+0xe6db99e5, 11);
176 MD5STEP(F3, c, d, a, b, in[15]+0x1fa27cf8, 16);
177 MD5STEP(F3, b, c, d, a, in[ 2]+0xc4ac5665, 23);
178
179 MD5STEP(F4, a, b, c, d, in[ 0]+0xf4292244, 6);
180 MD5STEP(F4, d, a, b, c, in[ 7]+0x432aff97, 10);
181 MD5STEP(F4, c, d, a, b, in[14]+0xab9423a7, 15);
182 MD5STEP(F4, b, c, d, a, in[ 5]+0xfc93a039, 21);
183 MD5STEP(F4, a, b, c, d, in[12]+0x655b59c3, 6);
184 MD5STEP(F4, d, a, b, c, in[ 3]+0x8f0ccc92, 10);
185 MD5STEP(F4, c, d, a, b, in[10]+0xffeff47d, 15);
186 MD5STEP(F4, b, c, d, a, in[ 1]+0x85845dd1, 21);
187 MD5STEP(F4, a, b, c, d, in[ 8]+0x6fa87e4f, 6);
188 MD5STEP(F4, d, a, b, c, in[15]+0xfe2ce6e0, 10);
189 MD5STEP(F4, c, d, a, b, in[ 6]+0xa3014314, 15);
190 MD5STEP(F4, b, c, d, a, in[13]+0x4e0811a1, 21);
191 MD5STEP(F4, a, b, c, d, in[ 4]+0xf7537e82, 6);
192 MD5STEP(F4, d, a, b, c, in[11]+0xbd3af235, 10);
193 MD5STEP(F4, c, d, a, b, in[ 2]+0x2ad7d2bb, 15);
194 MD5STEP(F4, b, c, d, a, in[ 9]+0xeb86d391, 21);
195
196 buf[0] += a;
197 buf[1] += b;
198 buf[2] += c;
199 buf[3] += d;
200 }
201
202 MD5::MD5()
203 {
204 testMD5();
205 m_buf[0] = 0x67452301;
206 m_buf[1] = 0xefcdab89;
207 m_buf[2] = 0x98badcfe;
208 m_buf[3] = 0x10325476;
209 m_bits[0] = 0;
210 m_bits[1] = 0;
211 memset(m_in, 0, sizeof(m_in));
212 ASSERT_WITH_MESSAGE(!(reinterpret_cast<uintptr_t>(m_in) % sizeof(uint32_t)), "alignment error of m_in");
213 }
214
215 void MD5::addBytes(const uint8_t* input, size_t length)
216 {
217 const uint8_t* buf = input;
218
219 // Update bitcount
220 uint32_t t = m_bits[0];
221 m_bits[0] = t + (length << 3);
222 if (m_bits[0] < t)
223 m_bits[1]++; // Carry from low to high
224 m_bits[1] += length >> 29;
225
226 t = (t >> 3) & 0x3f; // Bytes already in shsInfo->data
227
228 // Handle any leading odd-sized chunks
229
230 if (t) {
231 uint8_t* p = m_in + t;
232
233 t = 64 - t;
234 if (length < t) {
235 memcpy(p, buf, length);
236 return;
237 }
238 memcpy(p, buf, t);
239 reverseBytes(m_in, 16);
240 MD5Transform(m_buf, reinterpret_cast<uint32_t*>(m_in)); // m_in is 4-byte aligned.
241 buf += t;
242 length -= t;
243 }
244
245 // Process data in 64-byte chunks
246
247 while (length >= 64) {
248 memcpy(m_in, buf, 64);
249 reverseBytes(m_in, 16);
250 MD5Transform(m_buf, reinterpret_cast<uint32_t*>(m_in)); // m_in is 4-byte aligned.
251 buf += 64;
252 length -= 64;
253 }
254
255 // Handle any remaining bytes of data.
256 memcpy(m_in, buf, length);
257 }
258
259 Vector<uint8_t, 16> MD5::checksum()
260 {
261 // Compute number of bytes mod 64
262 unsigned count = (m_bits[0] >> 3) & 0x3F;
263
264 // Set the first char of padding to 0x80. This is safe since there is
265 // always at least one byte free
266 uint8_t* p = m_in + count;
267 *p++ = 0x80;
268
269 // Bytes of padding needed to make 64 bytes
270 count = 64 - 1 - count;
271
272 // Pad out to 56 mod 64
273 if (count < 8) {
274 // Two lots of padding: Pad the first block to 64 bytes
275 memset(p, 0, count);
276 reverseBytes(m_in, 16);
277 MD5Transform(m_buf, reinterpret_cast<uint32_t *>(m_in)); // m_in is 4-byte aligned.
278
279 // Now fill the next block with 56 bytes
280 memset(m_in, 0, 56);
281 } else {
282 // Pad block to 56 bytes
283 memset(p, 0, count - 8);
284 }
285 reverseBytes(m_in, 14);
286
287 // Append length in bits and transform
288 // m_in is 4-byte aligned.
289 (reinterpret_cast<uint32_t*>(m_in))[14] = m_bits[0];
290 (reinterpret_cast<uint32_t*>(m_in))[15] = m_bits[1];
291
292 MD5Transform(m_buf, reinterpret_cast<uint32_t*>(m_in));
293 reverseBytes(reinterpret_cast<uint8_t*>(m_buf), 4);
294 Vector<uint8_t, 16> digest;
295 digest.append(reinterpret_cast<uint8_t*>(m_buf), 16);
296
297 // In case it's sensitive
298 memset(m_buf, 0, sizeof(m_buf));
299 memset(m_bits, 0, sizeof(m_bits));
300 memset(m_in, 0, sizeof(m_in));
301 return digest;
302 }
303
304 } // namespace WTF