1 // Copyright 2009 The Archiveopteryx Developers <info@aox.org>
2
3 #include "md5.h"
4
5 #include "estring.h"
6 #include "buffer.h"
7
8 // memmove, memset, memcpy
9 #include <string.h>
10
11
12 static void swapBytes( char *, int );
13
14
15 /*! \class MD5 md5.h
16 Implements the MD5 message-digest algorithm (RFC 1321).
17
18 Based on public-domain code written by Colin Plumb in 1993.
19 */
20
21 /*! Creates and initialises an empty MD5 object. */
22
MD5()23 MD5::MD5()
24 {
25 init();
26 }
27
28
29 /*! Initialises an MD5 context for use. */
30
init()31 void MD5::init()
32 {
33 int i = 0;
34 while ( i < 64 )
35 in[i++] = 0;
36
37 buf[0] = 0x67452301;
38 buf[1] = 0xefcdab89;
39 buf[2] = 0x98badcfe;
40 buf[3] = 0x10325476;
41
42 bits[0] = 0;
43 bits[1] = 0;
44
45 finalised = false;
46 }
47
48
49 /*! Updates the MD5 context to reflect the concatenation of \a len bytes
50 from \a str.
51 */
52
add(const char * str,uint len)53 void MD5::add( const char *str, uint len )
54 {
55 uint32 t;
56
57 /* It's not possible to add() data, call hash(), then add more data
58 and call hash() again, because hash() destroys the accumulated
59 input buffer. */
60
61 if ( finalised )
62 init();
63
64 /* Update bitcount. */
65 t = bits[0];
66 bits[0] = t + ((uint32) len << 3);
67 if ( bits[0] < t )
68 bits[1]++;
69 bits[1] += len >> 29;
70
71 t = (t >> 3) & 0x3f;
72
73 /* Handle any leading odd-sized chunks. */
74 if ( t != 0 ) {
75 char *p = in + t;
76
77 t = 64 - t;
78 if ( len < t ) {
79 memmove( p, str, len );
80 return;
81 }
82
83 memmove( p, str, t );
84 swapBytes( in, 16 );
85 transform();
86
87 str += t;
88 len -= t;
89 }
90
91 /* Process 64-byte chunks. */
92 while ( len >= 64 ) {
93 memmove( in, str, 64 );
94 swapBytes( in, 16 );
95 transform();
96
97 str += 64;
98 len -= 64;
99 }
100
101 /* Save the rest for later. */
102 memmove( in, str, len );
103 }
104
105
106 /*! \overload
107 As above, but adds data from the EString \a s.
108 */
109
add(const EString & s)110 void MD5::add( const EString &s )
111 {
112 add( s.data(), s.length() );
113 }
114
115
116 /*! Returns the 16-byte MD5 hash of the bytes add()ed so far. */
117
hash()118 EString MD5::hash()
119 {
120 uint count;
121 char *p;
122
123 if ( finalised )
124 return EString( (char *)buf, 16 );
125
126 /* Compute number of bytes mod 64. */
127 count = (bits[0] >> 3) & 0x3F;
128
129 /* Set the first char of padding to 0x80. This is safe since there is
130 always at least one byte free. */
131 p = in + count;
132 *p++ = 0x80;
133
134 /* Bytes of padding needed to make 64 bytes. */
135 count = 64 - 1 - count;
136
137 /* Pad out to 56 mod 64. */
138 if ( count < 8 ) {
139 /* Two lots of padding: Pad the first block to 64 bytes. */
140 memset( p, 0, count );
141 swapBytes( in, 16 );
142 transform();
143
144 /* Now fill the next block with 56 bytes. */
145 memset( in, 0, 56 );
146 } else {
147 /* Pad block to 56 bytes. */
148 memset(p, 0, count - 8);
149 }
150 swapBytes( in, 14 );
151
152 /* Append length in bits and transform. */
153 ((uint32 *)in)[14] = bits[0];
154 ((uint32 *)in)[15] = bits[1];
155 transform();
156 swapBytes( (char *)buf, 4 );
157
158 finalised = true;
159 return EString( (char *)buf, 16 );
160 }
161
162
163 /*! \overload
164 Returns the MD5 hash of the EString \a s.
165 */
166
hash(const EString & s)167 EString MD5::hash( const EString &s )
168 {
169 MD5 ctx;
170
171 ctx.add( s );
172 return ctx.hash();
173 }
174
175
176 /*! \overload
177 Returns the MD5 hash of the Buffer \a s.
178 */
179
hash(const Buffer & s)180 EString MD5::hash( const Buffer &s )
181 {
182 return hash( s.string(s.size()) );
183 }
184
185
186 /*! Returns the HMAC-MD5 digest of \a secret and \a text as a 32-char
187 hex string with lowercase letters. (RFC 2104)
188 */
189
HMAC(const EString & secret,const EString & text)190 EString MD5::HMAC( const EString &secret, const EString &text )
191 {
192 uint i, len;
193 EString s, t;
194 char kopad[64], kipad[64];
195
196 /* Hash overly long keys. */
197 if ( secret.length() > 64 )
198 s = MD5::hash( secret );
199 else
200 s = secret;
201 len = s.length();
202
203 /* Prepare padded key blocks: kopad[0..63] = key[0..63]^opad[0..63],
204 where key[n >= len] = 0, and opad[0 <= n < 64] = 0x5c. Similarly
205 for kipad, where ipad[0 <= n < 64] = 0x36. */
206
207 i = 0;
208 while ( i < len ) {
209 kipad[i] = s[i] ^0x36;
210 kopad[i] = s[i] ^0x5c;
211 i++;
212 }
213 memset( kipad+len, (char)0^0x36, 64-len );
214 memset( kopad+len, (char)0^0x5c, 64-len );
215
216 /* Compute HMAC-MD5 digest: MD5( kopad, MD5( kipad, text )) */
217 MD5 ih, oh;
218
219 oh.add( (char *)kopad, 64 );
220 ih.add( (char *)kipad, 64 );
221 ih.add( text );
222 oh.add( ih.hash() );
223
224 return oh.hash();
225 }
226
227
228 /* The four core functions - F1 is optimized somewhat */
229
230 /* #define F1(x, y, z) (x & y | ~x & z) */
231 #define F1(x, y, z) (z ^ (x & (y ^ z)))
232 #define F2(x, y, z) F1(z, x, y)
233 #define F3(x, y, z) (x ^ y ^ z)
234 #define F4(x, y, z) (y ^ (x | ~z))
235
236 /* This is the central step in the MD5 algorithm. */
237 #define MD5STEP(f, w, x, y, z, data, s) \
238 ( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x )
239
240 /*! The basic MD5 transformation: updates the MD5 hash context based on
241 the next 64 bit block of input. (Padding, if necessary, is handled
242 by the caller.)
243 */
244
transform()245 void MD5::transform()
246 {
247 uint32 a, b, c, d;
248 uint32 *inw = (uint32 *)in;
249
250 a = buf[0];
251 b = buf[1];
252 c = buf[2];
253 d = buf[3];
254
255 MD5STEP(F1, a, b, c, d, inw[0] + 0xd76aa478, 7);
256 MD5STEP(F1, d, a, b, c, inw[1] + 0xe8c7b756, 12);
257 MD5STEP(F1, c, d, a, b, inw[2] + 0x242070db, 17);
258 MD5STEP(F1, b, c, d, a, inw[3] + 0xc1bdceee, 22);
259 MD5STEP(F1, a, b, c, d, inw[4] + 0xf57c0faf, 7);
260 MD5STEP(F1, d, a, b, c, inw[5] + 0x4787c62a, 12);
261 MD5STEP(F1, c, d, a, b, inw[6] + 0xa8304613, 17);
262 MD5STEP(F1, b, c, d, a, inw[7] + 0xfd469501, 22);
263 MD5STEP(F1, a, b, c, d, inw[8] + 0x698098d8, 7);
264 MD5STEP(F1, d, a, b, c, inw[9] + 0x8b44f7af, 12);
265 MD5STEP(F1, c, d, a, b, inw[10] + 0xffff5bb1, 17);
266 MD5STEP(F1, b, c, d, a, inw[11] + 0x895cd7be, 22);
267 MD5STEP(F1, a, b, c, d, inw[12] + 0x6b901122, 7);
268 MD5STEP(F1, d, a, b, c, inw[13] + 0xfd987193, 12);
269 MD5STEP(F1, c, d, a, b, inw[14] + 0xa679438e, 17);
270 MD5STEP(F1, b, c, d, a, inw[15] + 0x49b40821, 22);
271
272 MD5STEP(F2, a, b, c, d, inw[1] + 0xf61e2562, 5);
273 MD5STEP(F2, d, a, b, c, inw[6] + 0xc040b340, 9);
274 MD5STEP(F2, c, d, a, b, inw[11] + 0x265e5a51, 14);
275 MD5STEP(F2, b, c, d, a, inw[0] + 0xe9b6c7aa, 20);
276 MD5STEP(F2, a, b, c, d, inw[5] + 0xd62f105d, 5);
277 MD5STEP(F2, d, a, b, c, inw[10] + 0x02441453, 9);
278 MD5STEP(F2, c, d, a, b, inw[15] + 0xd8a1e681, 14);
279 MD5STEP(F2, b, c, d, a, inw[4] + 0xe7d3fbc8, 20);
280 MD5STEP(F2, a, b, c, d, inw[9] + 0x21e1cde6, 5);
281 MD5STEP(F2, d, a, b, c, inw[14] + 0xc33707d6, 9);
282 MD5STEP(F2, c, d, a, b, inw[3] + 0xf4d50d87, 14);
283 MD5STEP(F2, b, c, d, a, inw[8] + 0x455a14ed, 20);
284 MD5STEP(F2, a, b, c, d, inw[13] + 0xa9e3e905, 5);
285 MD5STEP(F2, d, a, b, c, inw[2] + 0xfcefa3f8, 9);
286 MD5STEP(F2, c, d, a, b, inw[7] + 0x676f02d9, 14);
287 MD5STEP(F2, b, c, d, a, inw[12] + 0x8d2a4c8a, 20);
288
289 MD5STEP(F3, a, b, c, d, inw[5] + 0xfffa3942, 4);
290 MD5STEP(F3, d, a, b, c, inw[8] + 0x8771f681, 11);
291 MD5STEP(F3, c, d, a, b, inw[11] + 0x6d9d6122, 16);
292 MD5STEP(F3, b, c, d, a, inw[14] + 0xfde5380c, 23);
293 MD5STEP(F3, a, b, c, d, inw[1] + 0xa4beea44, 4);
294 MD5STEP(F3, d, a, b, c, inw[4] + 0x4bdecfa9, 11);
295 MD5STEP(F3, c, d, a, b, inw[7] + 0xf6bb4b60, 16);
296 MD5STEP(F3, b, c, d, a, inw[10] + 0xbebfbc70, 23);
297 MD5STEP(F3, a, b, c, d, inw[13] + 0x289b7ec6, 4);
298 MD5STEP(F3, d, a, b, c, inw[0] + 0xeaa127fa, 11);
299 MD5STEP(F3, c, d, a, b, inw[3] + 0xd4ef3085, 16);
300 MD5STEP(F3, b, c, d, a, inw[6] + 0x04881d05, 23);
301 MD5STEP(F3, a, b, c, d, inw[9] + 0xd9d4d039, 4);
302 MD5STEP(F3, d, a, b, c, inw[12] + 0xe6db99e5, 11);
303 MD5STEP(F3, c, d, a, b, inw[15] + 0x1fa27cf8, 16);
304 MD5STEP(F3, b, c, d, a, inw[2] + 0xc4ac5665, 23);
305
306 MD5STEP(F4, a, b, c, d, inw[0] + 0xf4292244, 6);
307 MD5STEP(F4, d, a, b, c, inw[7] + 0x432aff97, 10);
308 MD5STEP(F4, c, d, a, b, inw[14] + 0xab9423a7, 15);
309 MD5STEP(F4, b, c, d, a, inw[5] + 0xfc93a039, 21);
310 MD5STEP(F4, a, b, c, d, inw[12] + 0x655b59c3, 6);
311 MD5STEP(F4, d, a, b, c, inw[3] + 0x8f0ccc92, 10);
312 MD5STEP(F4, c, d, a, b, inw[10] + 0xffeff47d, 15);
313 MD5STEP(F4, b, c, d, a, inw[1] + 0x85845dd1, 21);
314 MD5STEP(F4, a, b, c, d, inw[8] + 0x6fa87e4f, 6);
315 MD5STEP(F4, d, a, b, c, inw[15] + 0xfe2ce6e0, 10);
316 MD5STEP(F4, c, d, a, b, inw[6] + 0xa3014314, 15);
317 MD5STEP(F4, b, c, d, a, inw[13] + 0x4e0811a1, 21);
318 MD5STEP(F4, a, b, c, d, inw[4] + 0xf7537e82, 6);
319 MD5STEP(F4, d, a, b, c, inw[11] + 0xbd3af235, 10);
320 MD5STEP(F4, c, d, a, b, inw[2] + 0x2ad7d2bb, 15);
321 MD5STEP(F4, b, c, d, a, inw[9] + 0xeb86d391, 21);
322
323 buf[0] += a;
324 buf[1] += b;
325 buf[2] += c;
326 buf[3] += d;
327 }
328
329
330 /* Swap bytes (for big-endian systems). */
331
swapBytes(char * buf,int n)332 static void swapBytes( char *buf, int n )
333 {
334 uint32 t;
335
336 /* This function is harmless on little-endian machines, and required
337 on big-endian ones, so we run it anyway. */
338
339 do {
340 t = (uint32)((unsigned) buf[3] << 8 | buf[2]) << 16 |
341 ((unsigned) buf[1] << 8 | buf[0]);
342 *(uint32 *)buf = t;
343 buf += 4;
344 }
345 while ( --n > 0 );
346 }
347
348
349