]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_cryptkit/lib/ckMD5.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57740.51.3.tar.gz
[apple/security.git] / OSX / libsecurity_cryptkit / lib / ckMD5.c
1 /*
2 File: MD5.c
3
4 Written by: Colin Plumb
5
6 Copyright: Copyright (c) 1998,2011,2014 Apple Inc. All Rights Reserved.
7
8 Change History (most recent first):
9
10 <7> 10/06/98 ap Changed to compile with C++.
11
12 To Do:
13 */
14
15 /* Copyright (c) 1998,2011,2014 Apple Inc. All Rights Reserved.
16 *
17 * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT
18 * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE
19 * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE, INC. AND THE
20 * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE,
21 * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL
22 * EXPOSE YOU TO LIABILITY.
23 ***************************************************************************
24 *
25 * MD5.c
26 */
27
28 /*
29 * This code implements the MD5 message-digest algorithm.
30 * The algorithm is due to Ron Rivest. This code was
31 * written by Colin Plumb in 1993, no copyright is claimed.
32 * This code is in the public domain; do with it what you wish.
33 *
34 * Equivalent code is available from RSA Data Security, Inc.
35 * This code has been tested against that, and is equivalent,
36 * except that you don't need to include two pages of legalese
37 * with every copy.
38 *
39 * To compute the message digest of a chunk of bytes, declare an
40 * MD5Context structure, pass it to MD5Init, call MD5Update as
41 * needed on buffers full of bytes, and then call MD5Final, which
42 * will fill a supplied 16-byte array with the digest.
43 */
44
45 /*
46 * Revision History
47 * ----------------
48 * 06 Feb 1997 at Apple
49 * Fixed endian-dependent cast in MD5Final()
50 * Made byteReverse() tolerant of platform-dependent alignment
51 * restrictions
52 */
53
54 #include "ckconfig.h"
55
56 #if CRYPTKIT_MD5_ENABLE && !CRYPTKIT_LIBMD_DIGEST
57
58 #include "ckMD5.h"
59 #include "platform.h"
60 #include "byteRep.h"
61 #include <stdlib.h>
62
63
64 #define MD5_DEBUG 0
65
66 #if MD5_DEBUG
67 static inline void dumpCtx(MD5Context *ctx, char *label)
68 {
69 int i;
70
71 printf("%s\n", label);
72 printf("buf = ");
73 for(i=0; i<4; i++) {
74 printf("%x:", ctx->buf[i]);
75 }
76 printf("\nbits: %d:%d\n", ctx->bits[0], ctx->bits[1]);
77 printf("in[]:\n ");
78 for(i=0; i<64; i++) {
79 printf("%02x:", ctx->in[i]);
80 if((i % 16) == 15) {
81 printf("\n ");
82 }
83 }
84 printf("\n");
85 }
86 #else // MD5_DEBUG
87 #define dumpCtx(ctx, label)
88 #endif // MD5_DEBUG
89
90 static void MD5Transform(UINT32 buf[4], UINT32 const in[16]);
91
92 #if __LITTLE_ENDIAN__
93 #define byteReverse(buf, len) /* Nothing */
94 #else
95 static void byteReverse(unsigned char *buf, unsigned longs);
96
97 #ifndef ASM_MD5
98 /*
99 * Note: this code is harmless on little-endian machines.
100 */
101 static void byteReverse(unsigned char *buf, unsigned longs)
102 {
103 #if old_way
104 /*
105 * this code is NOT harmless on big-endian machine which require
106 * natural alignment.
107 */
108 UINT32 t;
109 do {
110 t = (UINT32) ((unsigned) buf[3] << 8 | buf[2]) << 16 |
111 ((unsigned) buf[1] << 8 | buf[0]);
112 *(UINT32 *) buf = t;
113 buf += 4;
114 } while (--longs);
115 #else // new_way
116
117 unsigned char t;
118 do {
119 t = buf[0];
120 buf[0] = buf[3];
121 buf[3] = t;
122 t = buf[1];
123 buf[1] = buf[2];
124 buf[2] = t;
125 buf += 4;
126 } while (--longs);
127 #endif // old_way
128 }
129 #endif // ASM_MD5
130 #endif // __LITTLE_ENDIAN__
131
132 /*
133 * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
134 * initialization constants.
135 */
136 void MD5Init(MD5Context *ctx)
137 {
138 ctx->buf[0] = 0x67452301;
139 ctx->buf[1] = 0xefcdab89;
140 ctx->buf[2] = 0x98badcfe;
141 ctx->buf[3] = 0x10325476;
142
143 ctx->bits[0] = 0;
144 ctx->bits[1] = 0;
145 }
146
147 /*
148 * Update context to reflect the concatenation of another buffer full
149 * of bytes.
150 */
151 void MD5Update(MD5Context *ctx, unsigned char const *buf, unsigned len)
152 {
153 UINT32 t;
154
155 dumpCtx(ctx, "MD5.c update top");
156 /* Update bitcount */
157
158 t = ctx->bits[0];
159 if ((ctx->bits[0] = t + ((UINT32) len << 3)) < t)
160 ctx->bits[1]++; /* Carry from low to high */
161 ctx->bits[1] += len >> 29;
162
163 t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */
164
165 /* Handle any leading odd-sized chunks */
166
167 if (t) {
168 unsigned char *p = (unsigned char *) ctx->in + t;
169
170 t = 64 - t;
171 if (len < t) {
172 memcpy(p, buf, len);
173 return;
174 }
175 memcpy(p, buf, t);
176 byteReverse(ctx->in, 16);
177 MD5Transform(ctx->buf, (UINT32 *) ctx->in);
178 dumpCtx(ctx, "update - return from transform (1)");
179 buf += t;
180 len -= t;
181 }
182 /* Process data in 64-byte chunks */
183
184 while (len >= 64) {
185 memcpy(ctx->in, buf, 64);
186 byteReverse(ctx->in, 16);
187 MD5Transform(ctx->buf, (UINT32 *) ctx->in);
188 dumpCtx(ctx, "update - return from transform (2)");
189 buf += 64;
190 len -= 64;
191 }
192
193 /* Handle any remaining bytes of data. */
194
195 memcpy(ctx->in, buf, len);
196 }
197
198 /*
199 * Final wrapup - pad to 64-byte boundary with the bit pattern
200 * 1 0* (64-bit count of bits processed, MSB-first)
201 */
202 void MD5Final(MD5Context *ctx, unsigned char *digest)
203 {
204 unsigned count;
205 unsigned char *p;
206
207 dumpCtx(ctx, "final top");
208
209 /* Compute number of bytes mod 64 */
210 count = (ctx->bits[0] >> 3) & 0x3F;
211
212 /* Set the first char of padding to 0x80. This is safe since there is
213 always at least one byte free */
214 p = ctx->in + count;
215 *p++ = 0x80;
216 #if MD5_DEBUG
217 printf("in[%d] = %x\n", count, ctx->in[count]);
218 #endif
219 /* Bytes of padding needed to make 64 bytes */
220 count = 64 - 1 - count;
221
222 /* Pad out to 56 mod 64 */
223 dumpCtx(ctx, "final, before pad");
224 if (count < 8) {
225 /* Two lots of padding: Pad the first block to 64 bytes */
226 bzero(p, count);
227 byteReverse(ctx->in, 16);
228 MD5Transform(ctx->buf, (UINT32 *) ctx->in);
229
230 /* Now fill the next block with 56 bytes */
231 bzero(ctx->in, 56);
232 } else {
233 /* Pad block to 56 bytes */
234 bzero(p, count - 8);
235 }
236 byteReverse(ctx->in, 14);
237
238 /* Append length in bits and transform */
239 #if old_way
240 /*
241 * On a little endian machine, this writes the l.s. byte of
242 * the bit count to ctx->in[56] and the m.s byte of the bit count to
243 * ctx->in[63].
244 */
245 ((UINT32 *) ctx->in)[14] = ctx->bits[0];
246 ((UINT32 *) ctx->in)[15] = ctx->bits[1];
247 #else // new_way
248 intToByteRep(ctx->bits[0], &ctx->in[56]);
249 intToByteRep(ctx->bits[1], &ctx->in[60]);
250 #endif // new_way
251
252 dumpCtx(ctx, "last transform");
253 MD5Transform(ctx->buf, (UINT32 *) ctx->in);
254 byteReverse((unsigned char *) ctx->buf, 4);
255 memcpy(digest, ctx->buf, MD5_DIGEST_SIZE);
256 dumpCtx(ctx, "final end");
257
258 bzero(ctx, sizeof(*ctx)); /* In case it's sensitive */
259 }
260
261 #ifndef ASM_MD5
262
263 /* The four core functions - F1 is optimized somewhat */
264
265 /* #define F1(x, y, z) (x & y | ~x & z) */
266 #define F1(x, y, z) (z ^ (x & (y ^ z)))
267 #define F2(x, y, z) F1(z, x, y)
268 #define F3(x, y, z) (x ^ y ^ z)
269 #define F4(x, y, z) (y ^ (x | ~z))
270
271 /* This is the central step in the MD5 algorithm. */
272 #define MD5STEP(f, w, x, y, z, data, s) \
273 ( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x )
274
275 /*
276 * The core of the MD5 algorithm, this alters an existing MD5 hash to
277 * reflect the addition of 16 longwords of new data. MD5Update blocks
278 * the data and converts bytes into longwords for this routine.
279 */
280 static void MD5Transform(UINT32 buf[4], UINT32 const in[16])
281 {
282 register UINT32 a, b, c, d;
283
284 a = buf[0];
285 b = buf[1];
286 c = buf[2];
287 d = buf[3];
288
289 MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7);
290 MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
291 MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17);
292 MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
293 MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
294 MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12);
295 MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17);
296 MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22);
297 MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7);
298 MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
299 MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
300 MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
301 MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7);
302 MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
303 MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
304 MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
305
306 MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5);
307 MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9);
308 MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
309 MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
310 MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5);
311 MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9);
312 MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
313 MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
314 MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
315 MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
316 MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
317 MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20);
318 MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
319 MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
320 MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14);
321 MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
322
323 MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4);
324 MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11);
325 MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
326 MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
327 MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4);
328 MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
329 MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
330 MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
331 MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
332 MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
333 MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
334 MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23);
335 MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
336 MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
337 MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
338 MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
339
340 MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6);
341 MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10);
342 MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
343 MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21);
344 MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
345 MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
346 MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
347 MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21);
348 MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
349 MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
350 MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15);
351 MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
352 MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6);
353 MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
354 MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
355 MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21);
356
357 buf[0] += a;
358 buf[1] += b;
359 buf[2] += c;
360 buf[3] += d;
361 }
362
363 #endif /* ASM_MD5 */
364
365 #endif /* CRYPTKIT_MD5_ENABLE && CRYPTKIT_LIBMD_DIGEST */
mirror of Security