1 // Copyright 2013 The Rust Project Developers. See the COPYRIGHT 2 // file at the top-level directory of this distribution and at 3 // http://rust-lang.org/COPYRIGHT. 4 // 5 // Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or 6 // http://www.apache.org/licenses/LICENSE-2.0> or the MIT license 7 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your 8 // option. This file may not be copied, modified, or distributed 9 // except according to those terms. 10 11 use cryptoutil::{write_u32_le, read_u32v_le, FixedBuffer, FixedBuffer64, StandardPadding}; 12 use digest::Digest; 13 use step_by::RangeExt; 14 15 16 // A structure that represents that state of a digest computation for the MD5 digest function 17 struct Md5State { 18 s0: u32, 19 s1: u32, 20 s2: u32, 21 s3: u32 22 } 23 24 impl Md5State { new() -> Md5State25 fn new() -> Md5State { 26 Md5State { 27 s0: 0x67452301, 28 s1: 0xefcdab89, 29 s2: 0x98badcfe, 30 s3: 0x10325476 31 } 32 } 33 reset(&mut self)34 fn reset(&mut self) { 35 self.s0 = 0x67452301; 36 self.s1 = 0xefcdab89; 37 self.s2 = 0x98badcfe; 38 self.s3 = 0x10325476; 39 } 40 process_block(&mut self, input: &[u8])41 fn process_block(&mut self, input: &[u8]) { 42 fn f(u: u32, v: u32, w: u32) -> u32 { 43 (u & v) | (!u & w) 44 } 45 46 fn g(u: u32, v: u32, w: u32) -> u32 { 47 (u & w) | (v & !w) 48 } 49 50 fn h(u: u32, v: u32, w: u32) -> u32 { 51 u ^ v ^ w 52 } 53 54 fn i(u: u32, v: u32, w: u32) -> u32 { 55 v ^ (u | !w) 56 } 57 58 fn op_f(w: u32, x: u32, y: u32, z: u32, m: u32, s: u32) -> u32 { 59 w.wrapping_add(f(x, y, z)).wrapping_add(m).rotate_left(s).wrapping_add(x) 60 } 61 62 fn op_g(w: u32, x: u32, y: u32, z: u32, m: u32, s: u32) -> u32 { 63 w.wrapping_add(g(x, y, z)).wrapping_add(m).rotate_left(s).wrapping_add(x) 64 } 65 66 fn op_h(w: u32, x: u32, y: u32, z: u32, m: u32, s: u32) -> u32 { 67 w.wrapping_add(h(x, y, z)).wrapping_add(m).rotate_left(s).wrapping_add(x) 68 } 69 70 fn op_i(w: u32, x: u32, y: u32, z: u32, m: u32, s: u32) -> u32 { 71 w.wrapping_add(i(x, y, z)).wrapping_add(m).rotate_left(s).wrapping_add(x) 72 } 73 74 let mut a = self.s0; 75 let mut b = self.s1; 76 let mut c = self.s2; 77 let mut d = self.s3; 78 79 let mut data = [0u32; 16]; 80 81 read_u32v_le(&mut data, input); 82 83 // round 1 84 for i in (0..16).step_up(4) { 85 a = op_f(a, b, c, d, data[i].wrapping_add(C1[i]), 7); 86 d = op_f(d, a, b, c, data[i + 1].wrapping_add(C1[i + 1]), 12); 87 c = op_f(c, d, a, b, data[i + 2].wrapping_add(C1[i + 2]), 17); 88 b = op_f(b, c, d, a, data[i + 3].wrapping_add(C1[i + 3]), 22); 89 } 90 91 // round 2 92 let mut t = 1; 93 for i in (0..16).step_up(4) { 94 a = op_g(a, b, c, d, data[t & 0x0f].wrapping_add(C2[i]), 5); 95 d = op_g(d, a, b, c, data[(t + 5) & 0x0f].wrapping_add(C2[i + 1]), 9); 96 c = op_g(c, d, a, b, data[(t + 10) & 0x0f].wrapping_add(C2[i + 2]), 14); 97 b = op_g(b, c, d, a, data[(t + 15) & 0x0f].wrapping_add(C2[i + 3]), 20); 98 t += 20; 99 } 100 101 // round 3 102 t = 5; 103 for i in (0..16).step_up(4) { 104 a = op_h(a, b, c, d, data[t & 0x0f].wrapping_add(C3[i]), 4); 105 d = op_h(d, a, b, c, data[(t + 3) & 0x0f].wrapping_add(C3[i + 1]), 11); 106 c = op_h(c, d, a, b, data[(t + 6) & 0x0f].wrapping_add(C3[i + 2]), 16); 107 b = op_h(b, c, d, a, data[(t + 9) & 0x0f].wrapping_add(C3[i + 3]), 23); 108 t += 12; 109 } 110 111 // round 4 112 t = 0; 113 for i in (0..16).step_up(4) { 114 a = op_i(a, b, c, d, data[t & 0x0f].wrapping_add(C4[i]), 6); 115 d = op_i(d, a, b, c, data[(t + 7) & 0x0f].wrapping_add(C4[i + 1]), 10); 116 c = op_i(c, d, a, b, data[(t + 14) & 0x0f].wrapping_add(C4[i + 2]), 15); 117 b = op_i(b, c, d, a, data[(t + 21) & 0x0f].wrapping_add(C4[i + 3]), 21); 118 t += 28; 119 } 120 121 self.s0 = self.s0.wrapping_add(a); 122 self.s1 = self.s1.wrapping_add(b); 123 self.s2 = self.s2.wrapping_add(c); 124 self.s3 = self.s3.wrapping_add(d); 125 } 126 } 127 128 // Round 1 constants 129 static C1: [u32; 16] = [ 130 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501, 131 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be, 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821 132 ]; 133 134 // Round 2 constants 135 static C2: [u32; 16] = [ 136 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa, 0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8, 137 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed, 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a 138 ]; 139 140 // Round 3 constants 141 static C3: [u32; 16] = [ 142 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c, 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70, 143 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x04881d05, 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665 144 ]; 145 146 // Round 4 constants 147 static C4: [u32; 16] = [ 148 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039, 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1, 149 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1, 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391 150 ]; 151 152 153 /// The MD5 Digest algorithm 154 pub struct Md5 { 155 length_bytes: u64, 156 buffer: FixedBuffer64, 157 state: Md5State, 158 finished: bool, 159 } 160 161 impl Md5 { 162 /// Construct a new instance of the MD5 Digest. new() -> Md5163 pub fn new() -> Md5 { 164 Md5 { 165 length_bytes: 0, 166 buffer: FixedBuffer64::new(), 167 state: Md5State::new(), 168 finished: false 169 } 170 } 171 } 172 173 impl Digest for Md5 { input(&mut self, input: &[u8])174 fn input(&mut self, input: &[u8]) { 175 assert!(!self.finished); 176 // Unlike Sha1 and Sha2, the length value in MD5 is defined as the length of the message mod 177 // 2^64 - ie: integer overflow is OK. 178 self.length_bytes += input.len() as u64; 179 let self_state = &mut self.state; 180 self.buffer.input(input, |d: &[u8]| { self_state.process_block(d);} 181 ); 182 } 183 reset(&mut self)184 fn reset(&mut self) { 185 self.length_bytes = 0; 186 self.buffer.reset(); 187 self.state.reset(); 188 self.finished = false; 189 } 190 result(&mut self, out: &mut [u8])191 fn result(&mut self, out: &mut [u8]) { 192 if !self.finished { 193 let self_state = &mut self.state; 194 self.buffer.standard_padding(8, |d: &[u8]| { self_state.process_block(d); }); 195 write_u32_le(self.buffer.next(4), (self.length_bytes << 3) as u32); 196 write_u32_le(self.buffer.next(4), (self.length_bytes >> 29) as u32); 197 self_state.process_block(self.buffer.full_buffer()); 198 self.finished = true; 199 } 200 201 write_u32_le(&mut out[0..4], self.state.s0); 202 write_u32_le(&mut out[4..8], self.state.s1); 203 write_u32_le(&mut out[8..12], self.state.s2); 204 write_u32_le(&mut out[12..16], self.state.s3); 205 } 206 output_bits(&self) -> usize207 fn output_bits(&self) -> usize { 128 } 208 block_size(&self) -> usize209 fn block_size(&self) -> usize { 64 } 210 } 211 212 213 #[cfg(test)] 214 mod tests { 215 use cryptoutil::test::test_digest_1million_random; 216 use digest::Digest; 217 use md5::Md5; 218 219 220 struct Test { 221 input: &'static str, 222 output_str: &'static str, 223 } 224 test_hash<D: Digest>(sh: &mut D, tests: &[Test])225 fn test_hash<D: Digest>(sh: &mut D, tests: &[Test]) { 226 // Test that it works when accepting the message all at once 227 for t in tests.iter() { 228 sh.input_str(t.input); 229 230 let out_str = sh.result_str(); 231 assert_eq!(out_str, t.output_str); 232 233 sh.reset(); 234 } 235 236 // Test that it works when accepting the message in pieces 237 for t in tests.iter() { 238 let len = t.input.len(); 239 let mut left = len; 240 while left > 0 { 241 let take = (left + 1) / 2; 242 sh.input_str(&t.input[len - left..take + len - left]); 243 left = left - take; 244 } 245 246 let out_str = sh.result_str(); 247 assert_eq!(out_str, t.output_str); 248 249 sh.reset(); 250 } 251 } 252 253 #[test] test_md5()254 fn test_md5() { 255 // Examples from wikipedia 256 let wikipedia_tests = vec![ 257 Test { 258 input: "", 259 output_str: "d41d8cd98f00b204e9800998ecf8427e" 260 }, 261 Test { 262 input: "The quick brown fox jumps over the lazy dog", 263 output_str: "9e107d9d372bb6826bd81d3542a419d6" 264 }, 265 Test { 266 input: "The quick brown fox jumps over the lazy dog.", 267 output_str: "e4d909c290d0fb1ca068ffaddf22cbd0" 268 }, 269 ]; 270 271 let tests = wikipedia_tests; 272 273 let mut sh = Md5::new(); 274 275 test_hash(&mut sh, &tests[..]); 276 } 277 278 #[test] test_1million_random_md5()279 fn test_1million_random_md5() { 280 let mut sh = Md5::new(); 281 test_digest_1million_random( 282 &mut sh, 283 64, 284 "7707d6ae4e027c70eea2a935c2296f21"); 285 } 286 } 287 288 289 #[cfg(all(test, feature = "with-bench"))] 290 mod bench { 291 use test::Bencher; 292 293 use digest::Digest; 294 use md5::Md5; 295 296 297 #[bench] md5_10(bh: & mut Bencher)298 pub fn md5_10(bh: & mut Bencher) { 299 let mut sh = Md5::new(); 300 let bytes = [1u8; 10]; 301 bh.iter( || { 302 sh.input(&bytes); 303 }); 304 bh.bytes = bytes.len() as u64; 305 } 306 307 #[bench] md5_1k(bh: & mut Bencher)308 pub fn md5_1k(bh: & mut Bencher) { 309 let mut sh = Md5::new(); 310 let bytes = [1u8; 1024]; 311 bh.iter( || { 312 sh.input(&bytes); 313 }); 314 bh.bytes = bytes.len() as u64; 315 } 316 317 #[bench] md5_64k(bh: & mut Bencher)318 pub fn md5_64k(bh: & mut Bencher) { 319 let mut sh = Md5::new(); 320 let bytes = [1u8; 65536]; 321 bh.iter( || { 322 sh.input(&bytes); 323 }); 324 bh.bytes = bytes.len() as u64; 325 } 326 } 327