OLD | NEW |
| (Empty) |
1 // The original file was copied from sqlite, and was in the public domain. | |
2 // Modifications Copyright 2006 Google Inc. All Rights Reserved | |
3 /* | |
4 * Copyright (C) 2010 Google Inc. All rights reserved. | |
5 * | |
6 * Redistribution and use in source and binary forms, with or without | |
7 * modification, are permitted provided that the following conditions are | |
8 * met: | |
9 * | |
10 * * Redistributions of source code must retain the above copyright | |
11 * notice, this list of conditions and the following disclaimer. | |
12 * * Redistributions in binary form must reproduce the above | |
13 * copyright notice, this list of conditions and the following disclaimer | |
14 * in the documentation and/or other materials provided with the | |
15 * distribution. | |
16 * * Neither the name of Google Inc. nor the names of its | |
17 * contributors may be used to endorse or promote products derived from | |
18 * this software without specific prior written permission. | |
19 * | |
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
23 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
24 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | |
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
31 */ | |
32 /* | |
33 * This code implements the MD5 message-digest algorithm. | |
34 * The algorithm is due to Ron Rivest. This code was | |
35 * written by Colin Plumb in 1993, no copyright is claimed. | |
36 * This code is in the public domain; do with it what you wish. | |
37 * | |
38 * Equivalent code is available from RSA Data Security, Inc. | |
39 * This code has been tested against that, and is equivalent, | |
40 * except that you don't need to include two pages of legalese | |
41 * with every copy. | |
42 * | |
43 * To compute the message digest of a chunk of bytes, construct an | |
44 * MD5 instance, call addBytes as needed on buffers full of bytes, | |
45 * and then call checksum, which will fill a supplied 16-byte array | |
46 * with the digest. | |
47 */ | |
48 | |
49 #include "config.h" | |
50 #include "MD5.h" | |
51 | |
52 #include "Assertions.h" | |
53 #ifndef NDEBUG | |
54 #include "StringExtras.h" | |
55 #include "text/CString.h" | |
56 #endif | |
57 #include <wtf/StdLibExtras.h> | |
58 | |
59 namespace WTF { | |
60 | |
61 #ifdef NDEBUG | |
62 static inline void testMD5() { } | |
63 #else | |
64 // MD5 test case. | |
65 static bool isTestMD5Done; | |
66 | |
67 static void expectMD5(CString input, CString expected) | |
68 { | |
69 MD5 md5; | |
70 md5.addBytes(reinterpret_cast<const uint8_t*>(input.data()), input.length())
; | |
71 Vector<uint8_t, 16> digest; | |
72 md5.checksum(digest); | |
73 char* buf = 0; | |
74 CString actual = CString::newUninitialized(32, buf); | |
75 for (size_t i = 0; i < 16; i++) { | |
76 snprintf(buf, 3, "%02x", digest.at(i)); | |
77 buf += 2; | |
78 } | |
79 ASSERT_WITH_MESSAGE(actual == expected, "input:%s[%lu] actual:%s expected:%s
", input.data(), static_cast<unsigned long>(input.length()), actual.data(), expe
cted.data()); | |
80 } | |
81 | |
82 static void testMD5() | |
83 { | |
84 if (isTestMD5Done) | |
85 return; | |
86 isTestMD5Done = true; | |
87 | |
88 // MD5 Test suite from http://www.ietf.org/rfc/rfc1321.txt | |
89 expectMD5("", "d41d8cd98f00b204e9800998ecf8427e"); | |
90 expectMD5("a", "0cc175b9c0f1b6a831c399e269772661"); | |
91 expectMD5("abc", "900150983cd24fb0d6963f7d28e17f72"); | |
92 expectMD5("message digest", "f96b697d7cb7938d525a2f31aaf161d0"); | |
93 expectMD5("abcdefghijklmnopqrstuvwxyz", "c3fcd3d76192e4007dfb496cca67e13b"); | |
94 expectMD5("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
"d174ab98d277d9f5a5611c2c9f419d9f"); | |
95 expectMD5("12345678901234567890123456789012345678901234567890123456789012345
678901234567890", "57edf4a22be3c955ac49da2e2107b67a"); | |
96 } | |
97 #endif | |
98 | |
99 // Note: this code is harmless on little-endian machines. | |
100 | |
101 static void reverseBytes(uint8_t* buf, unsigned longs) | |
102 { | |
103 ASSERT(longs > 0); | |
104 do { | |
105 uint32_t t = static_cast<uint32_t>(buf[3] << 8 | buf[2]) << 16 | buf[1]
<< 8 | buf[0]; | |
106 ASSERT_WITH_MESSAGE(!(reinterpret_cast<uintptr_t>(buf) % sizeof(t)), "al
ignment error of buf"); | |
107 *reinterpret_cast_ptr<uint32_t *>(buf) = t; | |
108 buf += 4; | |
109 } while (--longs); | |
110 } | |
111 | |
112 // The four core functions. | |
113 // F1 is originally defined as (x & y | ~x & z), but optimized somewhat: 4 bit o
ps -> 3 bit ops. | |
114 #define F1(x, y, z) (z ^ (x & (y ^ z))) | |
115 #define F2(x, y, z) F1(z, x, y) | |
116 #define F3(x, y, z) (x ^ y ^ z) | |
117 #define F4(x, y, z) (y ^ (x | ~z)) | |
118 | |
119 // This is the central step in the MD5 algorithm. | |
120 #define MD5STEP(f, w, x, y, z, data, s) \ | |
121 (w += f(x, y, z) + data, w = w << s | w >> (32 - s), w += x) | |
122 | |
123 static void MD5Transform(uint32_t buf[4], const uint32_t in[16]) | |
124 { | |
125 uint32_t a = buf[0]; | |
126 uint32_t b = buf[1]; | |
127 uint32_t c = buf[2]; | |
128 uint32_t d = buf[3]; | |
129 | |
130 MD5STEP(F1, a, b, c, d, in[ 0]+0xd76aa478, 7); | |
131 MD5STEP(F1, d, a, b, c, in[ 1]+0xe8c7b756, 12); | |
132 MD5STEP(F1, c, d, a, b, in[ 2]+0x242070db, 17); | |
133 MD5STEP(F1, b, c, d, a, in[ 3]+0xc1bdceee, 22); | |
134 MD5STEP(F1, a, b, c, d, in[ 4]+0xf57c0faf, 7); | |
135 MD5STEP(F1, d, a, b, c, in[ 5]+0x4787c62a, 12); | |
136 MD5STEP(F1, c, d, a, b, in[ 6]+0xa8304613, 17); | |
137 MD5STEP(F1, b, c, d, a, in[ 7]+0xfd469501, 22); | |
138 MD5STEP(F1, a, b, c, d, in[ 8]+0x698098d8, 7); | |
139 MD5STEP(F1, d, a, b, c, in[ 9]+0x8b44f7af, 12); | |
140 MD5STEP(F1, c, d, a, b, in[10]+0xffff5bb1, 17); | |
141 MD5STEP(F1, b, c, d, a, in[11]+0x895cd7be, 22); | |
142 MD5STEP(F1, a, b, c, d, in[12]+0x6b901122, 7); | |
143 MD5STEP(F1, d, a, b, c, in[13]+0xfd987193, 12); | |
144 MD5STEP(F1, c, d, a, b, in[14]+0xa679438e, 17); | |
145 MD5STEP(F1, b, c, d, a, in[15]+0x49b40821, 22); | |
146 | |
147 MD5STEP(F2, a, b, c, d, in[ 1]+0xf61e2562, 5); | |
148 MD5STEP(F2, d, a, b, c, in[ 6]+0xc040b340, 9); | |
149 MD5STEP(F2, c, d, a, b, in[11]+0x265e5a51, 14); | |
150 MD5STEP(F2, b, c, d, a, in[ 0]+0xe9b6c7aa, 20); | |
151 MD5STEP(F2, a, b, c, d, in[ 5]+0xd62f105d, 5); | |
152 MD5STEP(F2, d, a, b, c, in[10]+0x02441453, 9); | |
153 MD5STEP(F2, c, d, a, b, in[15]+0xd8a1e681, 14); | |
154 MD5STEP(F2, b, c, d, a, in[ 4]+0xe7d3fbc8, 20); | |
155 MD5STEP(F2, a, b, c, d, in[ 9]+0x21e1cde6, 5); | |
156 MD5STEP(F2, d, a, b, c, in[14]+0xc33707d6, 9); | |
157 MD5STEP(F2, c, d, a, b, in[ 3]+0xf4d50d87, 14); | |
158 MD5STEP(F2, b, c, d, a, in[ 8]+0x455a14ed, 20); | |
159 MD5STEP(F2, a, b, c, d, in[13]+0xa9e3e905, 5); | |
160 MD5STEP(F2, d, a, b, c, in[ 2]+0xfcefa3f8, 9); | |
161 MD5STEP(F2, c, d, a, b, in[ 7]+0x676f02d9, 14); | |
162 MD5STEP(F2, b, c, d, a, in[12]+0x8d2a4c8a, 20); | |
163 | |
164 MD5STEP(F3, a, b, c, d, in[ 5]+0xfffa3942, 4); | |
165 MD5STEP(F3, d, a, b, c, in[ 8]+0x8771f681, 11); | |
166 MD5STEP(F3, c, d, a, b, in[11]+0x6d9d6122, 16); | |
167 MD5STEP(F3, b, c, d, a, in[14]+0xfde5380c, 23); | |
168 MD5STEP(F3, a, b, c, d, in[ 1]+0xa4beea44, 4); | |
169 MD5STEP(F3, d, a, b, c, in[ 4]+0x4bdecfa9, 11); | |
170 MD5STEP(F3, c, d, a, b, in[ 7]+0xf6bb4b60, 16); | |
171 MD5STEP(F3, b, c, d, a, in[10]+0xbebfbc70, 23); | |
172 MD5STEP(F3, a, b, c, d, in[13]+0x289b7ec6, 4); | |
173 MD5STEP(F3, d, a, b, c, in[ 0]+0xeaa127fa, 11); | |
174 MD5STEP(F3, c, d, a, b, in[ 3]+0xd4ef3085, 16); | |
175 MD5STEP(F3, b, c, d, a, in[ 6]+0x04881d05, 23); | |
176 MD5STEP(F3, a, b, c, d, in[ 9]+0xd9d4d039, 4); | |
177 MD5STEP(F3, d, a, b, c, in[12]+0xe6db99e5, 11); | |
178 MD5STEP(F3, c, d, a, b, in[15]+0x1fa27cf8, 16); | |
179 MD5STEP(F3, b, c, d, a, in[ 2]+0xc4ac5665, 23); | |
180 | |
181 MD5STEP(F4, a, b, c, d, in[ 0]+0xf4292244, 6); | |
182 MD5STEP(F4, d, a, b, c, in[ 7]+0x432aff97, 10); | |
183 MD5STEP(F4, c, d, a, b, in[14]+0xab9423a7, 15); | |
184 MD5STEP(F4, b, c, d, a, in[ 5]+0xfc93a039, 21); | |
185 MD5STEP(F4, a, b, c, d, in[12]+0x655b59c3, 6); | |
186 MD5STEP(F4, d, a, b, c, in[ 3]+0x8f0ccc92, 10); | |
187 MD5STEP(F4, c, d, a, b, in[10]+0xffeff47d, 15); | |
188 MD5STEP(F4, b, c, d, a, in[ 1]+0x85845dd1, 21); | |
189 MD5STEP(F4, a, b, c, d, in[ 8]+0x6fa87e4f, 6); | |
190 MD5STEP(F4, d, a, b, c, in[15]+0xfe2ce6e0, 10); | |
191 MD5STEP(F4, c, d, a, b, in[ 6]+0xa3014314, 15); | |
192 MD5STEP(F4, b, c, d, a, in[13]+0x4e0811a1, 21); | |
193 MD5STEP(F4, a, b, c, d, in[ 4]+0xf7537e82, 6); | |
194 MD5STEP(F4, d, a, b, c, in[11]+0xbd3af235, 10); | |
195 MD5STEP(F4, c, d, a, b, in[ 2]+0x2ad7d2bb, 15); | |
196 MD5STEP(F4, b, c, d, a, in[ 9]+0xeb86d391, 21); | |
197 | |
198 buf[0] += a; | |
199 buf[1] += b; | |
200 buf[2] += c; | |
201 buf[3] += d; | |
202 } | |
203 | |
204 MD5::MD5() | |
205 { | |
206 // FIXME: Move unit tests somewhere outside the constructor. See bug 55853. | |
207 testMD5(); | |
208 m_buf[0] = 0x67452301; | |
209 m_buf[1] = 0xefcdab89; | |
210 m_buf[2] = 0x98badcfe; | |
211 m_buf[3] = 0x10325476; | |
212 m_bits[0] = 0; | |
213 m_bits[1] = 0; | |
214 memset(m_in, 0, sizeof(m_in)); | |
215 ASSERT_WITH_MESSAGE(!(reinterpret_cast<uintptr_t>(m_in) % sizeof(uint32_t)),
"alignment error of m_in"); | |
216 } | |
217 | |
218 void MD5::addBytes(const uint8_t* input, size_t length) | |
219 { | |
220 const uint8_t* buf = input; | |
221 | |
222 // Update bitcount | |
223 uint32_t t = m_bits[0]; | |
224 m_bits[0] = t + (length << 3); | |
225 if (m_bits[0] < t) | |
226 m_bits[1]++; // Carry from low to high | |
227 m_bits[1] += length >> 29; | |
228 | |
229 t = (t >> 3) & 0x3f; // Bytes already in shsInfo->data | |
230 | |
231 // Handle any leading odd-sized chunks | |
232 | |
233 if (t) { | |
234 uint8_t* p = m_in + t; | |
235 | |
236 t = 64 - t; | |
237 if (length < t) { | |
238 memcpy(p, buf, length); | |
239 return; | |
240 } | |
241 memcpy(p, buf, t); | |
242 reverseBytes(m_in, 16); | |
243 MD5Transform(m_buf, reinterpret_cast_ptr<uint32_t*>(m_in)); // m_in is 4
-byte aligned. | |
244 buf += t; | |
245 length -= t; | |
246 } | |
247 | |
248 // Process data in 64-byte chunks | |
249 | |
250 while (length >= 64) { | |
251 memcpy(m_in, buf, 64); | |
252 reverseBytes(m_in, 16); | |
253 MD5Transform(m_buf, reinterpret_cast_ptr<uint32_t*>(m_in)); // m_in is 4
-byte aligned. | |
254 buf += 64; | |
255 length -= 64; | |
256 } | |
257 | |
258 // Handle any remaining bytes of data. | |
259 memcpy(m_in, buf, length); | |
260 } | |
261 | |
262 void MD5::checksum(Vector<uint8_t, 16>& digest) | |
263 { | |
264 // Compute number of bytes mod 64 | |
265 unsigned count = (m_bits[0] >> 3) & 0x3F; | |
266 | |
267 // Set the first char of padding to 0x80. This is safe since there is | |
268 // always at least one byte free | |
269 uint8_t* p = m_in + count; | |
270 *p++ = 0x80; | |
271 | |
272 // Bytes of padding needed to make 64 bytes | |
273 count = 64 - 1 - count; | |
274 | |
275 // Pad out to 56 mod 64 | |
276 if (count < 8) { | |
277 // Two lots of padding: Pad the first block to 64 bytes | |
278 memset(p, 0, count); | |
279 reverseBytes(m_in, 16); | |
280 MD5Transform(m_buf, reinterpret_cast_ptr<uint32_t *>(m_in)); // m_in is
4-byte aligned. | |
281 | |
282 // Now fill the next block with 56 bytes | |
283 memset(m_in, 0, 56); | |
284 } else { | |
285 // Pad block to 56 bytes | |
286 memset(p, 0, count - 8); | |
287 } | |
288 reverseBytes(m_in, 14); | |
289 | |
290 // Append length in bits and transform | |
291 // m_in is 4-byte aligned. | |
292 (reinterpret_cast_ptr<uint32_t*>(m_in))[14] = m_bits[0]; | |
293 (reinterpret_cast_ptr<uint32_t*>(m_in))[15] = m_bits[1]; | |
294 | |
295 MD5Transform(m_buf, reinterpret_cast_ptr<uint32_t*>(m_in)); | |
296 reverseBytes(reinterpret_cast<uint8_t*>(m_buf), 4); | |
297 | |
298 // Now, m_buf contains checksum result. | |
299 if (!digest.isEmpty()) | |
300 digest.clear(); | |
301 digest.append(reinterpret_cast<uint8_t*>(m_buf), 16); | |
302 | |
303 // In case it's sensitive | |
304 memset(m_buf, 0, sizeof(m_buf)); | |
305 memset(m_bits, 0, sizeof(m_bits)); | |
306 memset(m_in, 0, sizeof(m_in)); | |
307 } | |
308 | |
309 } // namespace WTF | |
OLD | NEW |