From 06f719fd79fe15ce6fd5431bc58fcb22851de24d Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Mon, 18 Oct 2010 10:38:18 +0200 Subject: libbb: rename hash source files. no code changes Signed-off-by: Denys Vlasenko --- libbb/Kbuild.src | 6 +- libbb/hash_md5.c | 442 +++++++++++++++++++++++++++++++++++++++++ libbb/hash_md5prime.c | 460 +++++++++++++++++++++++++++++++++++++++++++ libbb/hash_sha.c | 530 ++++++++++++++++++++++++++++++++++++++++++++++++++ libbb/md5.c | 442 ----------------------------------------- libbb/md5prime.c | 460 ------------------------------------------- libbb/sha1.c | 530 -------------------------------------------------- 7 files changed, 1435 insertions(+), 1435 deletions(-) create mode 100644 libbb/hash_md5.c create mode 100644 libbb/hash_md5prime.c create mode 100644 libbb/hash_sha.c delete mode 100644 libbb/md5.c delete mode 100644 libbb/md5prime.c delete mode 100644 libbb/sha1.c (limited to 'libbb') diff --git a/libbb/Kbuild.src b/libbb/Kbuild.src index b02fcfe74..0fd730247 100644 --- a/libbb/Kbuild.src +++ b/libbb/Kbuild.src @@ -59,9 +59,10 @@ lib-y += login.o lib-y += make_directory.o lib-y += makedev.o lib-y += match_fstype.o -lib-y += md5.o +lib-y += hash_md5.o # Alternative (disabled) implementation -#lib-y += md5prime.o +#lib-y += hash_md5prime.o +lib-y += hash_sha.o lib-y += messages.o lib-y += mode_string.o lib-y += obscure.o @@ -90,7 +91,6 @@ lib-y += safe_poll.o lib-y += safe_strncpy.o lib-y += safe_write.o lib-y += setup_environment.o -lib-y += sha1.o lib-y += signals.o lib-y += simplify_path.o lib-y += single_argv.o diff --git a/libbb/hash_md5.c b/libbb/hash_md5.c new file mode 100644 index 000000000..051c8ede4 --- /dev/null +++ b/libbb/hash_md5.c @@ -0,0 +1,442 @@ +/* vi: set sw=4 ts=4: */ +/* + * Compute MD5 checksum of strings according to the + * definition of MD5 in RFC 1321 from April 1992. + * + * Written by Ulrich Drepper , 1995. + * + * Copyright (C) 1995-1999 Free Software Foundation, Inc. + * Copyright (C) 2001 Manuel Novoa III + * Copyright (C) 2003 Glenn L. McGrath + * Copyright (C) 2003 Erik Andersen + * + * Licensed under GPLv2 or later, see file LICENSE in this source tree. + */ + +#include "libbb.h" + +/* 0: fastest, 3: smallest */ +#if CONFIG_MD5_SIZE_VS_SPEED < 0 +# define MD5_SIZE_VS_SPEED 0 +#elif CONFIG_MD5_SIZE_VS_SPEED > 3 +# define MD5_SIZE_VS_SPEED 3 +#else +# define MD5_SIZE_VS_SPEED CONFIG_MD5_SIZE_VS_SPEED +#endif + +/* Initialize structure containing state of computation. + * (RFC 1321, 3.3: Step 3) + */ +void FAST_FUNC md5_begin(md5_ctx_t *ctx) +{ + ctx->A = 0x67452301; + ctx->B = 0xefcdab89; + ctx->C = 0x98badcfe; + ctx->D = 0x10325476; + ctx->total64 = 0; +} + +/* These are the four functions used in the four steps of the MD5 algorithm + * and defined in the RFC 1321. The first function is a little bit optimized + * (as found in Colin Plumbs public domain implementation). + * #define FF(b, c, d) ((b & c) | (~b & d)) + */ +#define FF(b, c, d) (d ^ (b & (c ^ d))) +#define FG(b, c, d) FF(d, b, c) +#define FH(b, c, d) (b ^ c ^ d) +#define FI(b, c, d) (c ^ (b | ~d)) + +#define rotl32(w, s) (((w) << (s)) | ((w) >> (32 - (s)))) + +/* Hash a single block, 64 bytes long and 4-byte aligned */ +static void md5_process_block64(md5_ctx_t *ctx) +{ +#if MD5_SIZE_VS_SPEED > 0 + /* Before we start, one word to the strange constants. + They are defined in RFC 1321 as + T[i] = (int)(4294967296.0 * fabs(sin(i))), i=1..64 + */ + static const uint32_t C_array[] = { + /* round 1 */ + 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, + 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501, + 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be, + 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821, + /* round 2 */ + 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa, + 0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8, + 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed, + 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a, + /* round 3 */ + 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c, + 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70, + 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05, + 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665, + /* round 4 */ + 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039, + 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1, + 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1, + 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391 + }; + static const char P_array[] ALIGN1 = { +# if MD5_SIZE_VS_SPEED > 1 + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, /* 1 */ +# endif + 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, /* 2 */ + 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2, /* 3 */ + 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9 /* 4 */ + }; +#endif + uint32_t *words = (void*) ctx->wbuffer; + uint32_t A = ctx->A; + uint32_t B = ctx->B; + uint32_t C = ctx->C; + uint32_t D = ctx->D; + +#if MD5_SIZE_VS_SPEED >= 2 /* 2 or 3 */ + + static const char S_array[] ALIGN1 = { + 7, 12, 17, 22, + 5, 9, 14, 20, + 4, 11, 16, 23, + 6, 10, 15, 21 + }; + const uint32_t *pc; + const char *pp; + const char *ps; + int i; + uint32_t temp; + +# if BB_BIG_ENDIAN + for (i = 0; i < 16; i++) + words[i] = SWAP_LE32(words[i]); +# endif + +# if MD5_SIZE_VS_SPEED == 3 + pc = C_array; + pp = P_array; + ps = S_array - 4; + + for (i = 0; i < 64; i++) { + if ((i & 0x0f) == 0) + ps += 4; + temp = A; + switch (i >> 4) { + case 0: + temp += FF(B, C, D); + break; + case 1: + temp += FG(B, C, D); + break; + case 2: + temp += FH(B, C, D); + break; + case 3: + temp += FI(B, C, D); + } + temp += words[(int) (*pp++)] + *pc++; + temp = rotl32(temp, ps[i & 3]); + temp += B; + A = D; + D = C; + C = B; + B = temp; + } +# else /* MD5_SIZE_VS_SPEED == 2 */ + pc = C_array; + pp = P_array; + ps = S_array; + + for (i = 0; i < 16; i++) { + temp = A + FF(B, C, D) + words[(int) (*pp++)] + *pc++; + temp = rotl32(temp, ps[i & 3]); + temp += B; + A = D; + D = C; + C = B; + B = temp; + } + ps += 4; + for (i = 0; i < 16; i++) { + temp = A + FG(B, C, D) + words[(int) (*pp++)] + *pc++; + temp = rotl32(temp, ps[i & 3]); + temp += B; + A = D; + D = C; + C = B; + B = temp; + } + ps += 4; + for (i = 0; i < 16; i++) { + temp = A + FH(B, C, D) + words[(int) (*pp++)] + *pc++; + temp = rotl32(temp, ps[i & 3]); + temp += B; + A = D; + D = C; + C = B; + B = temp; + } + ps += 4; + for (i = 0; i < 16; i++) { + temp = A + FI(B, C, D) + words[(int) (*pp++)] + *pc++; + temp = rotl32(temp, ps[i & 3]); + temp += B; + A = D; + D = C; + C = B; + B = temp; + } +# endif + /* Add checksum to the starting values */ + ctx->A += A; + ctx->B += B; + ctx->C += C; + ctx->D += D; + +#else /* MD5_SIZE_VS_SPEED == 0 or 1 */ + + uint32_t A_save = A; + uint32_t B_save = B; + uint32_t C_save = C; + uint32_t D_save = D; +# if MD5_SIZE_VS_SPEED == 1 + const uint32_t *pc; + const char *pp; + int i; +# endif + + /* First round: using the given function, the context and a constant + the next context is computed. Because the algorithm's processing + unit is a 32-bit word and it is determined to work on words in + little endian byte order we perhaps have to change the byte order + before the computation. To reduce the work for the next steps + we save swapped words in WORDS array. */ +# undef OP +# define OP(a, b, c, d, s, T) \ + do { \ + a += FF(b, c, d) + (*words IF_BIG_ENDIAN(= SWAP_LE32(*words))) + T; \ + words++; \ + a = rotl32(a, s); \ + a += b; \ + } while (0) + + /* Round 1 */ +# if MD5_SIZE_VS_SPEED == 1 + pc = C_array; + for (i = 0; i < 4; i++) { + OP(A, B, C, D, 7, *pc++); + OP(D, A, B, C, 12, *pc++); + OP(C, D, A, B, 17, *pc++); + OP(B, C, D, A, 22, *pc++); + } +# else + OP(A, B, C, D, 7, 0xd76aa478); + OP(D, A, B, C, 12, 0xe8c7b756); + OP(C, D, A, B, 17, 0x242070db); + OP(B, C, D, A, 22, 0xc1bdceee); + OP(A, B, C, D, 7, 0xf57c0faf); + OP(D, A, B, C, 12, 0x4787c62a); + OP(C, D, A, B, 17, 0xa8304613); + OP(B, C, D, A, 22, 0xfd469501); + OP(A, B, C, D, 7, 0x698098d8); + OP(D, A, B, C, 12, 0x8b44f7af); + OP(C, D, A, B, 17, 0xffff5bb1); + OP(B, C, D, A, 22, 0x895cd7be); + OP(A, B, C, D, 7, 0x6b901122); + OP(D, A, B, C, 12, 0xfd987193); + OP(C, D, A, B, 17, 0xa679438e); + OP(B, C, D, A, 22, 0x49b40821); +# endif + words -= 16; + + /* For the second to fourth round we have the possibly swapped words + in WORDS. Redefine the macro to take an additional first + argument specifying the function to use. */ +# undef OP +# define OP(f, a, b, c, d, k, s, T) \ + do { \ + a += f(b, c, d) + words[k] + T; \ + a = rotl32(a, s); \ + a += b; \ + } while (0) + + /* Round 2 */ +# if MD5_SIZE_VS_SPEED == 1 + pp = P_array; + for (i = 0; i < 4; i++) { + OP(FG, A, B, C, D, (int) (*pp++), 5, *pc++); + OP(FG, D, A, B, C, (int) (*pp++), 9, *pc++); + OP(FG, C, D, A, B, (int) (*pp++), 14, *pc++); + OP(FG, B, C, D, A, (int) (*pp++), 20, *pc++); + } +# else + OP(FG, A, B, C, D, 1, 5, 0xf61e2562); + OP(FG, D, A, B, C, 6, 9, 0xc040b340); + OP(FG, C, D, A, B, 11, 14, 0x265e5a51); + OP(FG, B, C, D, A, 0, 20, 0xe9b6c7aa); + OP(FG, A, B, C, D, 5, 5, 0xd62f105d); + OP(FG, D, A, B, C, 10, 9, 0x02441453); + OP(FG, C, D, A, B, 15, 14, 0xd8a1e681); + OP(FG, B, C, D, A, 4, 20, 0xe7d3fbc8); + OP(FG, A, B, C, D, 9, 5, 0x21e1cde6); + OP(FG, D, A, B, C, 14, 9, 0xc33707d6); + OP(FG, C, D, A, B, 3, 14, 0xf4d50d87); + OP(FG, B, C, D, A, 8, 20, 0x455a14ed); + OP(FG, A, B, C, D, 13, 5, 0xa9e3e905); + OP(FG, D, A, B, C, 2, 9, 0xfcefa3f8); + OP(FG, C, D, A, B, 7, 14, 0x676f02d9); + OP(FG, B, C, D, A, 12, 20, 0x8d2a4c8a); +# endif + + /* Round 3 */ +# if MD5_SIZE_VS_SPEED == 1 + for (i = 0; i < 4; i++) { + OP(FH, A, B, C, D, (int) (*pp++), 4, *pc++); + OP(FH, D, A, B, C, (int) (*pp++), 11, *pc++); + OP(FH, C, D, A, B, (int) (*pp++), 16, *pc++); + OP(FH, B, C, D, A, (int) (*pp++), 23, *pc++); + } +# else + OP(FH, A, B, C, D, 5, 4, 0xfffa3942); + OP(FH, D, A, B, C, 8, 11, 0x8771f681); + OP(FH, C, D, A, B, 11, 16, 0x6d9d6122); + OP(FH, B, C, D, A, 14, 23, 0xfde5380c); + OP(FH, A, B, C, D, 1, 4, 0xa4beea44); + OP(FH, D, A, B, C, 4, 11, 0x4bdecfa9); + OP(FH, C, D, A, B, 7, 16, 0xf6bb4b60); + OP(FH, B, C, D, A, 10, 23, 0xbebfbc70); + OP(FH, A, B, C, D, 13, 4, 0x289b7ec6); + OP(FH, D, A, B, C, 0, 11, 0xeaa127fa); + OP(FH, C, D, A, B, 3, 16, 0xd4ef3085); + OP(FH, B, C, D, A, 6, 23, 0x04881d05); + OP(FH, A, B, C, D, 9, 4, 0xd9d4d039); + OP(FH, D, A, B, C, 12, 11, 0xe6db99e5); + OP(FH, C, D, A, B, 15, 16, 0x1fa27cf8); + OP(FH, B, C, D, A, 2, 23, 0xc4ac5665); +# endif + + /* Round 4 */ +# if MD5_SIZE_VS_SPEED == 1 + for (i = 0; i < 4; i++) { + OP(FI, A, B, C, D, (int) (*pp++), 6, *pc++); + OP(FI, D, A, B, C, (int) (*pp++), 10, *pc++); + OP(FI, C, D, A, B, (int) (*pp++), 15, *pc++); + OP(FI, B, C, D, A, (int) (*pp++), 21, *pc++); + } +# else + OP(FI, A, B, C, D, 0, 6, 0xf4292244); + OP(FI, D, A, B, C, 7, 10, 0x432aff97); + OP(FI, C, D, A, B, 14, 15, 0xab9423a7); + OP(FI, B, C, D, A, 5, 21, 0xfc93a039); + OP(FI, A, B, C, D, 12, 6, 0x655b59c3); + OP(FI, D, A, B, C, 3, 10, 0x8f0ccc92); + OP(FI, C, D, A, B, 10, 15, 0xffeff47d); + OP(FI, B, C, D, A, 1, 21, 0x85845dd1); + OP(FI, A, B, C, D, 8, 6, 0x6fa87e4f); + OP(FI, D, A, B, C, 15, 10, 0xfe2ce6e0); + OP(FI, C, D, A, B, 6, 15, 0xa3014314); + OP(FI, B, C, D, A, 13, 21, 0x4e0811a1); + OP(FI, A, B, C, D, 4, 6, 0xf7537e82); + OP(FI, D, A, B, C, 11, 10, 0xbd3af235); + OP(FI, C, D, A, B, 2, 15, 0x2ad7d2bb); + OP(FI, B, C, D, A, 9, 21, 0xeb86d391); +# endif + /* Add checksum to the starting values */ + ctx->A = A_save + A; + ctx->B = B_save + B; + ctx->C = C_save + C; + ctx->D = D_save + D; +#endif +} + +/* Feed data through a temporary buffer to call md5_hash_aligned_block() + * with chunks of data that are 4-byte aligned and a multiple of 64 bytes. + * This function's internal buffer remembers previous data until it has 64 + * bytes worth to pass on. Call md5_end() to flush this buffer. */ +void FAST_FUNC md5_hash(md5_ctx_t *ctx, const void *buffer, size_t len) +{ + unsigned bufpos = ctx->total64 & 63; + unsigned remaining; + + /* RFC 1321 specifies the possible length of the file up to 2^64 bits. + * Here we only track the number of bytes. */ + ctx->total64 += len; +#if 0 + remaining = 64 - bufpos; + + /* Hash whole blocks */ + while (len >= remaining) { + memcpy(ctx->wbuffer + bufpos, buffer, remaining); + buffer = (const char *)buffer + remaining; + len -= remaining; + remaining = 64; + bufpos = 0; + md5_process_block64(ctx); + } + + /* Save last, partial blosk */ + memcpy(ctx->wbuffer + bufpos, buffer, len); +#else + /* Tiny bit smaller code */ + while (1) { + remaining = 64 - bufpos; + if (remaining > len) + remaining = len; + /* Copy data into aligned buffer */ + memcpy(ctx->wbuffer + bufpos, buffer, remaining); + len -= remaining; + buffer = (const char *)buffer + remaining; + bufpos += remaining; + /* clever way to do "if (bufpos != 64) break; ... ; bufpos = 0;" */ + bufpos -= 64; + if (bufpos != 0) + break; + /* Buffer is filled up, process it */ + md5_process_block64(ctx); + /*bufpos = 0; - already is */ + } +#endif +} + +/* Process the remaining bytes in the buffer and put result from CTX + * in first 16 bytes following RESBUF. The result is always in little + * endian byte order, so that a byte-wise output yields to the wanted + * ASCII representation of the message digest. + */ +void FAST_FUNC md5_end(md5_ctx_t *ctx, void *resbuf) +{ + unsigned bufpos = ctx->total64 & 63; + /* Pad the buffer to the next 64-byte boundary with 0x80,0,0,0... */ + ctx->wbuffer[bufpos++] = 0x80; + + /* This loop iterates either once or twice, no more, no less */ + while (1) { + unsigned remaining = 64 - bufpos; + memset(ctx->wbuffer + bufpos, 0, remaining); + /* Do we have enough space for the length count? */ + if (remaining >= 8) { + /* Store the 64-bit counter of bits in the buffer in BE format */ + uint64_t t = ctx->total64 << 3; + unsigned i; + for (i = 0; i < 8; i++) { + ctx->wbuffer[56 + i] = t; + t >>= 8; + } + } + md5_process_block64(ctx); + if (remaining >= 8) + break; + bufpos = 0; + } + + /* The MD5 result is in little endian byte order. + * We (ab)use the fact that A-D are consecutive in memory. + */ +#if BB_BIG_ENDIAN + ctx->A = SWAP_LE32(ctx->A); + ctx->B = SWAP_LE32(ctx->B); + ctx->C = SWAP_LE32(ctx->C); + ctx->D = SWAP_LE32(ctx->D); +#endif + memcpy(resbuf, &ctx->A, sizeof(ctx->A) * 4); +} diff --git a/libbb/hash_md5prime.c b/libbb/hash_md5prime.c new file mode 100644 index 000000000..7986f4d29 --- /dev/null +++ b/libbb/hash_md5prime.c @@ -0,0 +1,460 @@ +/* This file is not used by busybox right now. + * However, the code here seems to be a tiny bit smaller + * than one in md5.c. Need to investigate which one + * is better overall... + * Hint: grep for md5prime to find places where you can switch + * md5.c/md5prime.c + */ + +/* + * MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm + * + * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + * rights reserved. + * + * License to copy and use this software is granted provided that it + * is identified as the "RSA Data Security, Inc. MD5 Message-Digest + * Algorithm" in all material mentioning or referencing this software + * or this function. + * + * License is also granted to make and use derivative works provided + * that such works are identified as "derived from the RSA Data + * Security, Inc. MD5 Message-Digest Algorithm" in all material + * mentioning or referencing the derived work. + * + * RSA Data Security, Inc. makes no representations concerning either + * the merchantability of this software or the suitability of this + * software for any particular purpose. It is provided "as is" + * without express or implied warranty of any kind. + * + * These notices must be retained in any copies of any part of this + * documentation and/or software. + * + * $FreeBSD: src/lib/libmd/md5c.c,v 1.9.2.1 1999/08/29 14:57:12 peter Exp $ + * + * This code is the same as the code published by RSA Inc. It has been + * edited for clarity and style only. + * + * ---------------------------------------------------------------------------- + * The md5_crypt() function was taken from freeBSD's libcrypt and contains + * this license: + * "THE BEER-WARE LICENSE" (Revision 42): + * wrote this file. As long as you retain this notice you + * can do whatever you want with this stuff. If we meet some day, and you think + * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp + * + * $FreeBSD: src/lib/libcrypt/crypt.c,v 1.7.2.1 1999/08/29 14:56:33 peter Exp $ + * + * ---------------------------------------------------------------------------- + * On April 19th, 2001 md5_crypt() was modified to make it reentrant + * by Erik Andersen + * + * June 28, 2001 Manuel Novoa III + * + * "Un-inlined" code using loops and static const tables in order to + * reduce generated code size (on i386 from approx 4k to approx 2.5k). + * + * June 29, 2001 Manuel Novoa III + * + * Completely removed static PADDING array. + * + * Reintroduced the loop unrolling in md5_transform and added the + * MD5_SIZE_VS_SPEED option for configurability. Define below as: + * 0 fully unrolled loops + * 1 partially unrolled (4 ops per loop) + * 2 no unrolling -- introduces the need to swap 4 variables (slow) + * 3 no unrolling and all 4 loops merged into one with switch + * in each loop (glacial) + * On i386, sizes are roughly (-Os -fno-builtin): + * 0: 3k 1: 2.5k 2: 2.2k 3: 2k + * + * Since SuSv3 does not require crypt_r, modified again August 7, 2002 + * by Erik Andersen to remove reentrance stuff... + */ + +#include "libbb.h" + +/* 1: fastest, 3: smallest */ +#if CONFIG_MD5_SIZE_VS_SPEED < 1 +# define MD5_SIZE_VS_SPEED 1 +#elif CONFIG_MD5_SIZE_VS_SPEED > 3 +# define MD5_SIZE_VS_SPEED 3 +#else +# define MD5_SIZE_VS_SPEED CONFIG_MD5_SIZE_VS_SPEED +#endif + +#if BB_LITTLE_ENDIAN +#define memcpy32_cpu2le memcpy +#define memcpy32_le2cpu memcpy +#else +/* Encodes input (uint32_t) into output (unsigned char). + * Assumes len is a multiple of 4. */ +static void +memcpy32_cpu2le(unsigned char *output, uint32_t *input, unsigned len) +{ + unsigned i, j; + for (i = 0, j = 0; j < len; i++, j += 4) { + output[j] = input[i]; + output[j+1] = (input[i] >> 8); + output[j+2] = (input[i] >> 16); + output[j+3] = (input[i] >> 24); + } +} +/* Decodes input (unsigned char) into output (uint32_t). + * Assumes len is a multiple of 4. */ +static void +memcpy32_le2cpu(uint32_t *output, const unsigned char *input, unsigned len) +{ + unsigned i, j; + for (i = 0, j = 0; j < len; i++, j += 4) + output[i] = ((uint32_t)input[j]) + | (((uint32_t)input[j+1]) << 8) + | (((uint32_t)input[j+2]) << 16) + | (((uint32_t)input[j+3]) << 24); +} +#endif /* i386 */ + +/* F, G, H and I are basic MD5 functions. */ +#define F(x, y, z) (((x) & (y)) | (~(x) & (z))) +#define G(x, y, z) (((x) & (z)) | ((y) & ~(z))) +#define H(x, y, z) ((x) ^ (y) ^ (z)) +#define I(x, y, z) ((y) ^ ((x) | ~(z))) + +/* rotl32 rotates x left n bits. */ +#define rotl32(x, n) (((x) << (n)) | ((x) >> (32 - (n)))) + +/* + * FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. + * Rotation is separate from addition to prevent recomputation. + */ +#define FF(a, b, c, d, x, s, ac) { \ + (a) += F((b), (c), (d)) + (x) + (uint32_t)(ac); \ + (a) = rotl32((a), (s)); \ + (a) += (b); \ + } +#define GG(a, b, c, d, x, s, ac) { \ + (a) += G((b), (c), (d)) + (x) + (uint32_t)(ac); \ + (a) = rotl32((a), (s)); \ + (a) += (b); \ + } +#define HH(a, b, c, d, x, s, ac) { \ + (a) += H((b), (c), (d)) + (x) + (uint32_t)(ac); \ + (a) = rotl32((a), (s)); \ + (a) += (b); \ + } +#define II(a, b, c, d, x, s, ac) { \ + (a) += I((b), (c), (d)) + (x) + (uint32_t)(ac); \ + (a) = rotl32((a), (s)); \ + (a) += (b); \ + } + +/* MD5 basic transformation. Transforms state based on block. */ +static void md5_transform(uint32_t state[4], const unsigned char block[64]) +{ + uint32_t a, b, c, d, x[16]; +#if MD5_SIZE_VS_SPEED > 1 + uint32_t temp; + const unsigned char *ps; + + static const unsigned char S[] = { + 7, 12, 17, 22, + 5, 9, 14, 20, + 4, 11, 16, 23, + 6, 10, 15, 21 + }; +#endif /* MD5_SIZE_VS_SPEED > 1 */ + +#if MD5_SIZE_VS_SPEED > 0 + const uint32_t *pc; + const unsigned char *pp; + int i; + + static const uint32_t C[] = { + /* round 1 */ + 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, + 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501, + 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be, + 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821, + /* round 2 */ + 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa, + 0xd62f105d, 0x2441453, 0xd8a1e681, 0xe7d3fbc8, + 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed, + 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a, + /* round 3 */ + 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c, + 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70, + 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05, + 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665, + /* round 4 */ + 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039, + 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1, + 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1, + 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391 + }; + static const unsigned char P[] = { + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, /* 1 */ + 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, /* 2 */ + 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2, /* 3 */ + 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9 /* 4 */ + }; + +#endif /* MD5_SIZE_VS_SPEED > 0 */ + + memcpy32_le2cpu(x, block, 64); + + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + +#if MD5_SIZE_VS_SPEED > 2 + pc = C; + pp = P; + ps = S - 4; + for (i = 0; i < 64; i++) { + if ((i & 0x0f) == 0) ps += 4; + temp = a; + switch (i>>4) { + case 0: + temp += F(b, c, d); + break; + case 1: + temp += G(b, c, d); + break; + case 2: + temp += H(b, c, d); + break; + case 3: + temp += I(b, c, d); + break; + } + temp += x[*pp++] + *pc++; + temp = rotl32(temp, ps[i & 3]); + temp += b; + a = d; d = c; c = b; b = temp; + } +#elif MD5_SIZE_VS_SPEED > 1 + pc = C; + pp = P; + ps = S; + /* Round 1 */ + for (i = 0; i < 16; i++) { + FF(a, b, c, d, x[*pp], ps[i & 0x3], *pc); pp++; pc++; + temp = d; d = c; c = b; b = a; a = temp; + } + /* Round 2 */ + ps += 4; + for (; i < 32; i++) { + GG(a, b, c, d, x[*pp], ps[i & 0x3], *pc); pp++; pc++; + temp = d; d = c; c = b; b = a; a = temp; + } + /* Round 3 */ + ps += 4; + for (; i < 48; i++) { + HH(a, b, c, d, x[*pp], ps[i & 0x3], *pc); pp++; pc++; + temp = d; d = c; c = b; b = a; a = temp; + } + /* Round 4 */ + ps += 4; + for (; i < 64; i++) { + II(a, b, c, d, x[*pp], ps[i & 0x3], *pc); pp++; pc++; + temp = d; d = c; c = b; b = a; a = temp; + } +#elif MD5_SIZE_VS_SPEED > 0 + pc = C; + pp = P; + /* Round 1 */ + for (i = 0; i < 4; i++) { + FF(a, b, c, d, x[*pp], 7, *pc); pp++; pc++; + FF(d, a, b, c, x[*pp], 12, *pc); pp++; pc++; + FF(c, d, a, b, x[*pp], 17, *pc); pp++; pc++; + FF(b, c, d, a, x[*pp], 22, *pc); pp++; pc++; + } + /* Round 2 */ + for (i = 0; i < 4; i++) { + GG(a, b, c, d, x[*pp], 5, *pc); pp++; pc++; + GG(d, a, b, c, x[*pp], 9, *pc); pp++; pc++; + GG(c, d, a, b, x[*pp], 14, *pc); pp++; pc++; + GG(b, c, d, a, x[*pp], 20, *pc); pp++; pc++; + } + /* Round 3 */ + for (i = 0; i < 4; i++) { + HH(a, b, c, d, x[*pp], 4, *pc); pp++; pc++; + HH(d, a, b, c, x[*pp], 11, *pc); pp++; pc++; + HH(c, d, a, b, x[*pp], 16, *pc); pp++; pc++; + HH(b, c, d, a, x[*pp], 23, *pc); pp++; pc++; + } + /* Round 4 */ + for (i = 0; i < 4; i++) { + II(a, b, c, d, x[*pp], 6, *pc); pp++; pc++; + II(d, a, b, c, x[*pp], 10, *pc); pp++; pc++; + II(c, d, a, b, x[*pp], 15, *pc); pp++; pc++; + II(b, c, d, a, x[*pp], 21, *pc); pp++; pc++; + } +#else + /* Round 1 */ +#define S11 7 +#define S12 12 +#define S13 17 +#define S14 22 + FF(a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ + FF(d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ + FF(c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ + FF(b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ + FF(a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ + FF(d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ + FF(c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ + FF(b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ + FF(a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ + FF(d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ + FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ + FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ + FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ + FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ + FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ + FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ + /* Round 2 */ +#define S21 5 +#define S22 9 +#define S23 14 +#define S24 20 + GG(a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ + GG(d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ + GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ + GG(b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ + GG(a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ + GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */ + GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ + GG(b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ + GG(a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ + GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ + GG(c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ + GG(b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ + GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ + GG(d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ + GG(c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ + GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ + /* Round 3 */ +#define S31 4 +#define S32 11 +#define S33 16 +#define S34 23 + HH(a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ + HH(d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ + HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ + HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ + HH(a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ + HH(d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ + HH(c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ + HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ + HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ + HH(d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ + HH(c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ + HH(b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ + HH(a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ + HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ + HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ + HH(b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ + /* Round 4 */ +#define S41 6 +#define S42 10 +#define S43 15 +#define S44 21 + II(a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ + II(d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ + II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ + II(b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ + II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ + II(d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ + II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ + II(b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ + II(a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ + II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ + II(c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ + II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ + II(a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ + II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ + II(c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ + II(b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ +#endif + + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + + /* Zeroize sensitive information. */ + memset(x, 0, sizeof(x)); +} + + +/* MD5 initialization. */ +void FAST_FUNC md5_begin(md5_ctx_t *context) +{ + context->count[0] = context->count[1] = 0; + /* Load magic initialization constants. */ + context->state[0] = 0x67452301; + context->state[1] = 0xefcdab89; + context->state[2] = 0x98badcfe; + context->state[3] = 0x10325476; +} + +/* + * MD5 block update operation. Continues an MD5 message-digest + * operation, processing another message block, and updating + * the context. + */ +void FAST_FUNC md5_hash(const void *buffer, size_t inputLen, md5_ctx_t *context) +{ + unsigned i, idx, partLen; + const unsigned char *input = buffer; + + /* Compute number of bytes mod 64 */ + idx = (context->count[0] >> 3) & 0x3F; + + /* Update number of bits */ + context->count[0] += (inputLen << 3); + if (context->count[0] < (inputLen << 3)) + context->count[1]++; + context->count[1] += (inputLen >> 29); + + /* Transform as many times as possible. */ + i = 0; + partLen = 64 - idx; + if (inputLen >= partLen) { + memcpy(&context->buffer[idx], input, partLen); + md5_transform(context->state, context->buffer); + for (i = partLen; i + 63 < inputLen; i += 64) + md5_transform(context->state, &input[i]); + idx = 0; + } + + /* Buffer remaining input */ + memcpy(&context->buffer[idx], &input[i], inputLen - i); +} + +/* + * MD5 finalization. Ends an MD5 message-digest operation, + * writing the message digest. + */ +void FAST_FUNC md5_end(void *digest, md5_ctx_t *context) +{ + unsigned idx, padLen; + unsigned char bits[8]; + unsigned char padding[64]; + + /* Add padding followed by original length. */ + memset(padding, 0, sizeof(padding)); + padding[0] = 0x80; + /* save number of bits */ + memcpy32_cpu2le(bits, context->count, 8); + /* pad out to 56 mod 64 */ + idx = (context->count[0] >> 3) & 0x3f; + padLen = (idx < 56) ? (56 - idx) : (120 - idx); + md5_hash(padding, padLen, context); + /* append length (before padding) */ + md5_hash(bits, 8, context); + + /* Store state in digest */ + memcpy32_cpu2le(digest, context->state, 16); +} diff --git a/libbb/hash_sha.c b/libbb/hash_sha.c new file mode 100644 index 000000000..d79291148 --- /dev/null +++ b/libbb/hash_sha.c @@ -0,0 +1,530 @@ +/* vi: set sw=4 ts=4: */ +/* + * Based on shasum from http://www.netsw.org/crypto/hash/ + * Majorly hacked up to use Dr Brian Gladman's sha1 code + * + * Copyright (C) 2002 Dr Brian Gladman , Worcester, UK. + * Copyright (C) 2003 Glenn L. McGrath + * Copyright (C) 2003 Erik Andersen + * + * Licensed under GPLv2 or later, see file LICENSE in this source tree. + * + * --------------------------------------------------------------------------- + * Issue Date: 10/11/2002 + * + * This is a byte oriented version of SHA1 that operates on arrays of bytes + * stored in memory. It runs at 22 cycles per byte on a Pentium P4 processor + * + * --------------------------------------------------------------------------- + * + * SHA256 and SHA512 parts are: + * Released into the Public Domain by Ulrich Drepper . + * Shrank by Denys Vlasenko. + * + * --------------------------------------------------------------------------- + * + * The best way to test random blocksizes is to go to coreutils/md5_sha1_sum.c + * and replace "4096" with something like "2000 + time(NULL) % 2097", + * then rebuild and compare "shaNNNsum bigfile" results. + */ + +#include "libbb.h" + +/* gcc 4.2.1 optimizes rotr64 better with inline than with macro + * (for rotX32, there is no difference). Why? My guess is that + * macro requires clever common subexpression elimination heuristics + * in gcc, while inline basically forces it to happen. + */ +//#define rotl32(x,n) (((x) << (n)) | ((x) >> (32 - (n)))) +static ALWAYS_INLINE uint32_t rotl32(uint32_t x, unsigned n) +{ + return (x << n) | (x >> (32 - n)); +} +//#define rotr32(x,n) (((x) >> (n)) | ((x) << (32 - (n)))) +static ALWAYS_INLINE uint32_t rotr32(uint32_t x, unsigned n) +{ + return (x >> n) | (x << (32 - n)); +} +/* rotr64 in needed for sha512 only: */ +//#define rotr64(x,n) (((x) >> (n)) | ((x) << (64 - (n)))) +static ALWAYS_INLINE uint64_t rotr64(uint64_t x, unsigned n) +{ + return (x >> n) | (x << (64 - n)); +} +#if BB_LITTLE_ENDIAN +/* ALWAYS_INLINE below would hurt code size, using plain inline: */ +static inline uint64_t hton64(uint64_t v) +{ + return (((uint64_t)htonl(v)) << 32) | htonl(v >> 32); +} +#else +#define hton64(v) (v) +#endif +#define ntoh64(v) hton64(v) + + +/* Some arch headers have conflicting defines */ +#undef ch +#undef parity +#undef maj +#undef rnd + +static void FAST_FUNC sha1_process_block64(sha1_ctx_t *ctx) +{ + unsigned t; + uint32_t W[80], a, b, c, d, e; + const uint32_t *words = (uint32_t*) ctx->wbuffer; + + for (t = 0; t < 16; ++t) + W[t] = ntohl(words[t]); + for (/*t = 16*/; t < 80; ++t) { + uint32_t T = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16]; + W[t] = rotl32(T, 1); + } + + a = ctx->hash[0]; + b = ctx->hash[1]; + c = ctx->hash[2]; + d = ctx->hash[3]; + e = ctx->hash[4]; + +/* Reverse byte order in 32-bit words */ +#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) +#define parity(x,y,z) ((x) ^ (y) ^ (z)) +#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) | (y)))) +/* A normal version as set out in the FIPS. This version uses */ +/* partial loop unrolling and is optimised for the Pentium 4 */ +#define rnd(f,k) \ + do { \ + uint32_t T = a; \ + a = rotl32(a, 5) + f(b, c, d) + e + k + W[t]; \ + e = d; \ + d = c; \ + c = rotl32(b, 30); \ + b = T; \ + } while (0) + + for (t = 0; t < 20; ++t) + rnd(ch, 0x5a827999); + + for (/*t = 20*/; t < 40; ++t) + rnd(parity, 0x6ed9eba1); + + for (/*t = 40*/; t < 60; ++t) + rnd(maj, 0x8f1bbcdc); + + for (/*t = 60*/; t < 80; ++t) + rnd(parity, 0xca62c1d6); +#undef ch +#undef parity +#undef maj +#undef rnd + + ctx->hash[0] += a; + ctx->hash[1] += b; + ctx->hash[2] += c; + ctx->hash[3] += d; + ctx->hash[4] += e; +} + +/* Constants for SHA512 from FIPS 180-2:4.2.3. + * SHA256 constants from FIPS 180-2:4.2.2 + * are the most significant half of first 64 elements + * of the same array. + */ +static const uint64_t sha_K[80] = { + 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, + 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, + 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, + 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, + 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, + 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, + 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, + 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, + 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, + 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, + 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, + 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, + 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, + 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, + 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, + 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, + 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, + 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, + 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, + 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, + 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, + 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, + 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, + 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, + 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, + 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, + 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, + 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, + 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, + 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, + 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, + 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, + 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, /* [64]+ are used for sha512 only */ + 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, + 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, + 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, + 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, + 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, + 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, + 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL +}; + +#undef Ch +#undef Maj +#undef S0 +#undef S1 +#undef R0 +#undef R1 + +static void FAST_FUNC sha256_process_block64(sha256_ctx_t *ctx) +{ + unsigned t; + uint32_t W[64], a, b, c, d, e, f, g, h; + const uint32_t *words = (uint32_t*) ctx->wbuffer; + + /* Operators defined in FIPS 180-2:4.1.2. */ +#define Ch(x, y, z) ((x & y) ^ (~x & z)) +#define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z)) +#define S0(x) (rotr32(x, 2) ^ rotr32(x, 13) ^ rotr32(x, 22)) +#define S1(x) (rotr32(x, 6) ^ rotr32(x, 11) ^ rotr32(x, 25)) +#define R0(x) (rotr32(x, 7) ^ rotr32(x, 18) ^ (x >> 3)) +#define R1(x) (rotr32(x, 17) ^ rotr32(x, 19) ^ (x >> 10)) + + /* Compute the message schedule according to FIPS 180-2:6.2.2 step 2. */ + for (t = 0; t < 16; ++t) + W[t] = ntohl(words[t]); + for (/*t = 16*/; t < 64; ++t) + W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16]; + + a = ctx->hash[0]; + b = ctx->hash[1]; + c = ctx->hash[2]; + d = ctx->hash[3]; + e = ctx->hash[4]; + f = ctx->hash[5]; + g = ctx->hash[6]; + h = ctx->hash[7]; + + /* The actual computation according to FIPS 180-2:6.2.2 step 3. */ + for (t = 0; t < 64; ++t) { + /* Need to fetch upper half of sha_K[t] + * (I hope compiler is clever enough to just fetch + * upper half) + */ + uint32_t K_t = sha_K[t] >> 32; + uint32_t T1 = h + S1(e) + Ch(e, f, g) + K_t + W[t]; + uint32_t T2 = S0(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + } +#undef Ch +#undef Maj +#undef S0 +#undef S1 +#undef R0 +#undef R1 + /* Add the starting values of the context according to FIPS 180-2:6.2.2 + step 4. */ + ctx->hash[0] += a; + ctx->hash[1] += b; + ctx->hash[2] += c; + ctx->hash[3] += d; + ctx->hash[4] += e; + ctx->hash[5] += f; + ctx->hash[6] += g; + ctx->hash[7] += h; +} + +static void FAST_FUNC sha512_process_block128(sha512_ctx_t *ctx) +{ + unsigned t; + uint64_t W[80]; + /* On i386, having assignments here (not later as sha256 does) + * produces 99 bytes smaller code with gcc 4.3.1 + */ + uint64_t a = ctx->hash[0]; + uint64_t b = ctx->hash[1]; + uint64_t c = ctx->hash[2]; + uint64_t d = ctx->hash[3]; + uint64_t e = ctx->hash[4]; + uint64_t f = ctx->hash[5]; + uint64_t g = ctx->hash[6]; + uint64_t h = ctx->hash[7]; + const uint64_t *words = (uint64_t*) ctx->wbuffer; + + /* Operators defined in FIPS 180-2:4.1.2. */ +#define Ch(x, y, z) ((x & y) ^ (~x & z)) +#define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z)) +#define S0(x) (rotr64(x, 28) ^ rotr64(x, 34) ^ rotr64(x, 39)) +#define S1(x) (rotr64(x, 14) ^ rotr64(x, 18) ^ rotr64(x, 41)) +#define R0(x) (rotr64(x, 1) ^ rotr64(x, 8) ^ (x >> 7)) +#define R1(x) (rotr64(x, 19) ^ rotr64(x, 61) ^ (x >> 6)) + + /* Compute the message schedule according to FIPS 180-2:6.3.2 step 2. */ + for (t = 0; t < 16; ++t) + W[t] = ntoh64(words[t]); + for (/*t = 16*/; t < 80; ++t) + W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16]; + + /* The actual computation according to FIPS 180-2:6.3.2 step 3. */ + for (t = 0; t < 80; ++t) { + uint64_t T1 = h + S1(e) + Ch(e, f, g) + sha_K[t] + W[t]; + uint64_t T2 = S0(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + } +#undef Ch +#undef Maj +#undef S0 +#undef S1 +#undef R0 +#undef R1 + /* Add the starting values of the context according to FIPS 180-2:6.3.2 + step 4. */ + ctx->hash[0] += a; + ctx->hash[1] += b; + ctx->hash[2] += c; + ctx->hash[3] += d; + ctx->hash[4] += e; + ctx->hash[5] += f; + ctx->hash[6] += g; + ctx->hash[7] += h; +} + + +void FAST_FUNC sha1_begin(sha1_ctx_t *ctx) +{ + ctx->hash[0] = 0x67452301; + ctx->hash[1] = 0xefcdab89; + ctx->hash[2] = 0x98badcfe; + ctx->hash[3] = 0x10325476; + ctx->hash[4] = 0xc3d2e1f0; + ctx->total64 = 0; + ctx->process_block = sha1_process_block64; +} + +static const uint32_t init256[] = { + 0x6a09e667, + 0xbb67ae85, + 0x3c6ef372, + 0xa54ff53a, + 0x510e527f, + 0x9b05688c, + 0x1f83d9ab, + 0x5be0cd19, + 0, + 0, +}; +static const uint32_t init512_lo[] = { + 0xf3bcc908, + 0x84caa73b, + 0xfe94f82b, + 0x5f1d36f1, + 0xade682d1, + 0x2b3e6c1f, + 0xfb41bd6b, + 0x137e2179, + 0, + 0, +}; + +/* Initialize structure containing state of computation. + (FIPS 180-2:5.3.2) */ +void FAST_FUNC sha256_begin(sha256_ctx_t *ctx) +{ + memcpy(ctx->hash, init256, sizeof(init256)); + /*ctx->total64 = 0; - done by extending init256 with two 32-bit zeros */ + ctx->process_block = sha256_process_block64; +} + +/* Initialize structure containing state of computation. + (FIPS 180-2:5.3.3) */ +void FAST_FUNC sha512_begin(sha512_ctx_t *ctx) +{ + int i; + /* Two extra iterations zero out ctx->total64[] */ + for (i = 0; i < 8+2; i++) + ctx->hash[i] = ((uint64_t)(init256[i]) << 32) + init512_lo[i]; + /*ctx->total64[0] = ctx->total64[1] = 0; - already done */ +} + + +/* Used also for sha256 */ +void FAST_FUNC sha1_hash(sha1_ctx_t *ctx, const void *buffer, size_t len) +{ + unsigned bufpos = ctx->total64 & 63; + unsigned remaining; + + ctx->total64 += len; +#if 0 + remaining = 64 - bufpos; + + /* Hash whole blocks */ + while (len >= remaining) { + memcpy(ctx->wbuffer + bufpos, buffer, remaining); + buffer = (const char *)buffer + remaining; + len -= remaining; + remaining = 64; + bufpos = 0; + ctx->process_block(ctx); + } + + /* Save last, partial blosk */ + memcpy(ctx->wbuffer + bufpos, buffer, len); +#else + /* Tiny bit smaller code */ + while (1) { + remaining = 64 - bufpos; + if (remaining > len) + remaining = len; + /* Copy data into aligned buffer */ + memcpy(ctx->wbuffer + bufpos, buffer, remaining); + len -= remaining; + buffer = (const char *)buffer + remaining; + bufpos += remaining; + /* clever way to do "if (bufpos != 64) break; ... ; bufpos = 0;" */ + bufpos -= 64; + if (bufpos != 0) + break; + /* Buffer is filled up, process it */ + ctx->process_block(ctx); + /*bufpos = 0; - already is */ + } +#endif +} + +void FAST_FUNC sha512_hash(sha512_ctx_t *ctx, const void *buffer, size_t len) +{ + unsigned bufpos = ctx->total64[0] & 127; + unsigned remaining; + + /* First increment the byte count. FIPS 180-2 specifies the possible + length of the file up to 2^128 _bits_. + We compute the number of _bytes_ and convert to bits later. */ + ctx->total64[0] += len; + if (ctx->total64[0] < len) + ctx->total64[1]++; +#if 0 + remaining = 128 - bufpos; + + /* Hash whole blocks */ + while (len >= remaining) { + memcpy(ctx->wbuffer + bufpos, buffer, remaining); + buffer = (const char *)buffer + remaining; + len -= remaining; + remaining = 128; + bufpos = 0; + sha512_process_block128(ctx); + } + + /* Save last, partial blosk */ + memcpy(ctx->wbuffer + bufpos, buffer, len); +#else + while (1) { + remaining = 128 - bufpos; + if (remaining > len) + remaining = len; + /* Copy data into aligned buffer */ + memcpy(ctx->wbuffer + bufpos, buffer, remaining); + len -= remaining; + buffer = (const char *)buffer + remaining; + bufpos += remaining; + /* clever way to do "if (bufpos != 128) break; ... ; bufpos = 0;" */ + bufpos -= 128; + if (bufpos != 0) + break; + /* Buffer is filled up, process it */ + sha512_process_block128(ctx); + /*bufpos = 0; - already is */ + } +#endif +} + + +/* Used also for sha256 */ +void FAST_FUNC sha1_end(sha1_ctx_t *ctx, void *resbuf) +{ + unsigned bufpos = ctx->total64 & 63; + + /* Pad the buffer to the next 64-byte boundary with 0x80,0,0,0... */ + ctx->wbuffer[bufpos++] = 0x80; + + /* This loop iterates either once or twice, no more, no less */ + while (1) { + unsigned remaining = 64 - bufpos; + memset(ctx->wbuffer + bufpos, 0, remaining); + /* Do we have enough space for the length count? */ + if (remaining >= 8) { + /* Store the 64-bit counter of bits in the buffer in BE format */ + uint64_t t = ctx->total64 << 3; + t = hton64(t); + /* wbuffer is suitably aligned for this */ + *(uint64_t *) (&ctx->wbuffer[64 - 8]) = t; + } + ctx->process_block(ctx); + if (remaining >= 8) + break; + bufpos = 0; + } + + bufpos = (ctx->process_block == sha1_process_block64) ? 5 : 8; + /* This way we do not impose alignment constraints on resbuf: */ + if (BB_LITTLE_ENDIAN) { + unsigned i; + for (i = 0; i < bufpos; ++i) + ctx->hash[i] = htonl(ctx->hash[i]); + } + memcpy(resbuf, ctx->hash, sizeof(ctx->hash[0]) * bufpos); +} + +void FAST_FUNC sha512_end(sha512_ctx_t *ctx, void *resbuf) +{ + unsigned bufpos = ctx->total64[0] & 127; + + /* Pad the buffer to the next 128-byte boundary with 0x80,0,0,0... */ + ctx->wbuffer[bufpos++] = 0x80; + + while (1) { + unsigned remaining = 128 - bufpos; + memset(ctx->wbuffer + bufpos, 0, remaining); + if (remaining >= 16) { + /* Store the 128-bit counter of bits in the buffer in BE format */ + uint64_t t; + t = ctx->total64[0] << 3; + t = hton64(t); + *(uint64_t *) (&ctx->wbuffer[128 - 8]) = t; + t = (ctx->total64[1] << 3) | (ctx->total64[0] >> 61); + t = hton64(t); + *(uint64_t *) (&ctx->wbuffer[128 - 16]) = t; + } + sha512_process_block128(ctx); + if (remaining >= 16) + break; + bufpos = 0; + } + + if (BB_LITTLE_ENDIAN) { + unsigned i; + for (i = 0; i < ARRAY_SIZE(ctx->hash); ++i) + ctx->hash[i] = hton64(ctx->hash[i]); + } + memcpy(resbuf, ctx->hash, sizeof(ctx->hash)); +} diff --git a/libbb/md5.c b/libbb/md5.c deleted file mode 100644 index 051c8ede4..000000000 --- a/libbb/md5.c +++ /dev/null @@ -1,442 +0,0 @@ -/* vi: set sw=4 ts=4: */ -/* - * Compute MD5 checksum of strings according to the - * definition of MD5 in RFC 1321 from April 1992. - * - * Written by Ulrich Drepper , 1995. - * - * Copyright (C) 1995-1999 Free Software Foundation, Inc. - * Copyright (C) 2001 Manuel Novoa III - * Copyright (C) 2003 Glenn L. McGrath - * Copyright (C) 2003 Erik Andersen - * - * Licensed under GPLv2 or later, see file LICENSE in this source tree. - */ - -#include "libbb.h" - -/* 0: fastest, 3: smallest */ -#if CONFIG_MD5_SIZE_VS_SPEED < 0 -# define MD5_SIZE_VS_SPEED 0 -#elif CONFIG_MD5_SIZE_VS_SPEED > 3 -# define MD5_SIZE_VS_SPEED 3 -#else -# define MD5_SIZE_VS_SPEED CONFIG_MD5_SIZE_VS_SPEED -#endif - -/* Initialize structure containing state of computation. - * (RFC 1321, 3.3: Step 3) - */ -void FAST_FUNC md5_begin(md5_ctx_t *ctx) -{ - ctx->A = 0x67452301; - ctx->B = 0xefcdab89; - ctx->C = 0x98badcfe; - ctx->D = 0x10325476; - ctx->total64 = 0; -} - -/* These are the four functions used in the four steps of the MD5 algorithm - * and defined in the RFC 1321. The first function is a little bit optimized - * (as found in Colin Plumbs public domain implementation). - * #define FF(b, c, d) ((b & c) | (~b & d)) - */ -#define FF(b, c, d) (d ^ (b & (c ^ d))) -#define FG(b, c, d) FF(d, b, c) -#define FH(b, c, d) (b ^ c ^ d) -#define FI(b, c, d) (c ^ (b | ~d)) - -#define rotl32(w, s) (((w) << (s)) | ((w) >> (32 - (s)))) - -/* Hash a single block, 64 bytes long and 4-byte aligned */ -static void md5_process_block64(md5_ctx_t *ctx) -{ -#if MD5_SIZE_VS_SPEED > 0 - /* Before we start, one word to the strange constants. - They are defined in RFC 1321 as - T[i] = (int)(4294967296.0 * fabs(sin(i))), i=1..64 - */ - static const uint32_t C_array[] = { - /* round 1 */ - 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, - 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501, - 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be, - 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821, - /* round 2 */ - 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa, - 0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8, - 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed, - 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a, - /* round 3 */ - 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c, - 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70, - 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05, - 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665, - /* round 4 */ - 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039, - 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1, - 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1, - 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391 - }; - static const char P_array[] ALIGN1 = { -# if MD5_SIZE_VS_SPEED > 1 - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, /* 1 */ -# endif - 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, /* 2 */ - 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2, /* 3 */ - 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9 /* 4 */ - }; -#endif - uint32_t *words = (void*) ctx->wbuffer; - uint32_t A = ctx->A; - uint32_t B = ctx->B; - uint32_t C = ctx->C; - uint32_t D = ctx->D; - -#if MD5_SIZE_VS_SPEED >= 2 /* 2 or 3 */ - - static const char S_array[] ALIGN1 = { - 7, 12, 17, 22, - 5, 9, 14, 20, - 4, 11, 16, 23, - 6, 10, 15, 21 - }; - const uint32_t *pc; - const char *pp; - const char *ps; - int i; - uint32_t temp; - -# if BB_BIG_ENDIAN - for (i = 0; i < 16; i++) - words[i] = SWAP_LE32(words[i]); -# endif - -# if MD5_SIZE_VS_SPEED == 3 - pc = C_array; - pp = P_array; - ps = S_array - 4; - - for (i = 0; i < 64; i++) { - if ((i & 0x0f) == 0) - ps += 4; - temp = A; - switch (i >> 4) { - case 0: - temp += FF(B, C, D); - break; - case 1: - temp += FG(B, C, D); - break; - case 2: - temp += FH(B, C, D); - break; - case 3: - temp += FI(B, C, D); - } - temp += words[(int) (*pp++)] + *pc++; - temp = rotl32(temp, ps[i & 3]); - temp += B; - A = D; - D = C; - C = B; - B = temp; - } -# else /* MD5_SIZE_VS_SPEED == 2 */ - pc = C_array; - pp = P_array; - ps = S_array; - - for (i = 0; i < 16; i++) { - temp = A + FF(B, C, D) + words[(int) (*pp++)] + *pc++; - temp = rotl32(temp, ps[i & 3]); - temp += B; - A = D; - D = C; - C = B; - B = temp; - } - ps += 4; - for (i = 0; i < 16; i++) { - temp = A + FG(B, C, D) + words[(int) (*pp++)] + *pc++; - temp = rotl32(temp, ps[i & 3]); - temp += B; - A = D; - D = C; - C = B; - B = temp; - } - ps += 4; - for (i = 0; i < 16; i++) { - temp = A + FH(B, C, D) + words[(int) (*pp++)] + *pc++; - temp = rotl32(temp, ps[i & 3]); - temp += B; - A = D; - D = C; - C = B; - B = temp; - } - ps += 4; - for (i = 0; i < 16; i++) { - temp = A + FI(B, C, D) + words[(int) (*pp++)] + *pc++; - temp = rotl32(temp, ps[i & 3]); - temp += B; - A = D; - D = C; - C = B; - B = temp; - } -# endif - /* Add checksum to the starting values */ - ctx->A += A; - ctx->B += B; - ctx->C += C; - ctx->D += D; - -#else /* MD5_SIZE_VS_SPEED == 0 or 1 */ - - uint32_t A_save = A; - uint32_t B_save = B; - uint32_t C_save = C; - uint32_t D_save = D; -# if MD5_SIZE_VS_SPEED == 1 - const uint32_t *pc; - const char *pp; - int i; -# endif - - /* First round: using the given function, the context and a constant - the next context is computed. Because the algorithm's processing - unit is a 32-bit word and it is determined to work on words in - little endian byte order we perhaps have to change the byte order - before the computation. To reduce the work for the next steps - we save swapped words in WORDS array. */ -# undef OP -# define OP(a, b, c, d, s, T) \ - do { \ - a += FF(b, c, d) + (*words IF_BIG_ENDIAN(= SWAP_LE32(*words))) + T; \ - words++; \ - a = rotl32(a, s); \ - a += b; \ - } while (0) - - /* Round 1 */ -# if MD5_SIZE_VS_SPEED == 1 - pc = C_array; - for (i = 0; i < 4; i++) { - OP(A, B, C, D, 7, *pc++); - OP(D, A, B, C, 12, *pc++); - OP(C, D, A, B, 17, *pc++); - OP(B, C, D, A, 22, *pc++); - } -# else - OP(A, B, C, D, 7, 0xd76aa478); - OP(D, A, B, C, 12, 0xe8c7b756); - OP(C, D, A, B, 17, 0x242070db); - OP(B, C, D, A, 22, 0xc1bdceee); - OP(A, B, C, D, 7, 0xf57c0faf); - OP(D, A, B, C, 12, 0x4787c62a); - OP(C, D, A, B, 17, 0xa8304613); - OP(B, C, D, A, 22, 0xfd469501); - OP(A, B, C, D, 7, 0x698098d8); - OP(D, A, B, C, 12, 0x8b44f7af); - OP(C, D, A, B, 17, 0xffff5bb1); - OP(B, C, D, A, 22, 0x895cd7be); - OP(A, B, C, D, 7, 0x6b901122); - OP(D, A, B, C, 12, 0xfd987193); - OP(C, D, A, B, 17, 0xa679438e); - OP(B, C, D, A, 22, 0x49b40821); -# endif - words -= 16; - - /* For the second to fourth round we have the possibly swapped words - in WORDS. Redefine the macro to take an additional first - argument specifying the function to use. */ -# undef OP -# define OP(f, a, b, c, d, k, s, T) \ - do { \ - a += f(b, c, d) + words[k] + T; \ - a = rotl32(a, s); \ - a += b; \ - } while (0) - - /* Round 2 */ -# if MD5_SIZE_VS_SPEED == 1 - pp = P_array; - for (i = 0; i < 4; i++) { - OP(FG, A, B, C, D, (int) (*pp++), 5, *pc++); - OP(FG, D, A, B, C, (int) (*pp++), 9, *pc++); - OP(FG, C, D, A, B, (int) (*pp++), 14, *pc++); - OP(FG, B, C, D, A, (int) (*pp++), 20, *pc++); - } -# else - OP(FG, A, B, C, D, 1, 5, 0xf61e2562); - OP(FG, D, A, B, C, 6, 9, 0xc040b340); - OP(FG, C, D, A, B, 11, 14, 0x265e5a51); - OP(FG, B, C, D, A, 0, 20, 0xe9b6c7aa); - OP(FG, A, B, C, D, 5, 5, 0xd62f105d); - OP(FG, D, A, B, C, 10, 9, 0x02441453); - OP(FG, C, D, A, B, 15, 14, 0xd8a1e681); - OP(FG, B, C, D, A, 4, 20, 0xe7d3fbc8); - OP(FG, A, B, C, D, 9, 5, 0x21e1cde6); - OP(FG, D, A, B, C, 14, 9, 0xc33707d6); - OP(FG, C, D, A, B, 3, 14, 0xf4d50d87); - OP(FG, B, C, D, A, 8, 20, 0x455a14ed); - OP(FG, A, B, C, D, 13, 5, 0xa9e3e905); - OP(FG, D, A, B, C, 2, 9, 0xfcefa3f8); - OP(FG, C, D, A, B, 7, 14, 0x676f02d9); - OP(FG, B, C, D, A, 12, 20, 0x8d2a4c8a); -# endif - - /* Round 3 */ -# if MD5_SIZE_VS_SPEED == 1 - for (i = 0; i < 4; i++) { - OP(FH, A, B, C, D, (int) (*pp++), 4, *pc++); - OP(FH, D, A, B, C, (int) (*pp++), 11, *pc++); - OP(FH, C, D, A, B, (int) (*pp++), 16, *pc++); - OP(FH, B, C, D, A, (int) (*pp++), 23, *pc++); - } -# else - OP(FH, A, B, C, D, 5, 4, 0xfffa3942); - OP(FH, D, A, B, C, 8, 11, 0x8771f681); - OP(FH, C, D, A, B, 11, 16, 0x6d9d6122); - OP(FH, B, C, D, A, 14, 23, 0xfde5380c); - OP(FH, A, B, C, D, 1, 4, 0xa4beea44); - OP(FH, D, A, B, C, 4, 11, 0x4bdecfa9); - OP(FH, C, D, A, B, 7, 16, 0xf6bb4b60); - OP(FH, B, C, D, A, 10, 23, 0xbebfbc70); - OP(FH, A, B, C, D, 13, 4, 0x289b7ec6); - OP(FH, D, A, B, C, 0, 11, 0xeaa127fa); - OP(FH, C, D, A, B, 3, 16, 0xd4ef3085); - OP(FH, B, C, D, A, 6, 23, 0x04881d05); - OP(FH, A, B, C, D, 9, 4, 0xd9d4d039); - OP(FH, D, A, B, C, 12, 11, 0xe6db99e5); - OP(FH, C, D, A, B, 15, 16, 0x1fa27cf8); - OP(FH, B, C, D, A, 2, 23, 0xc4ac5665); -# endif - - /* Round 4 */ -# if MD5_SIZE_VS_SPEED == 1 - for (i = 0; i < 4; i++) { - OP(FI, A, B, C, D, (int) (*pp++), 6, *pc++); - OP(FI, D, A, B, C, (int) (*pp++), 10, *pc++); - OP(FI, C, D, A, B, (int) (*pp++), 15, *pc++); - OP(FI, B, C, D, A, (int) (*pp++), 21, *pc++); - } -# else - OP(FI, A, B, C, D, 0, 6, 0xf4292244); - OP(FI, D, A, B, C, 7, 10, 0x432aff97); - OP(FI, C, D, A, B, 14, 15, 0xab9423a7); - OP(FI, B, C, D, A, 5, 21, 0xfc93a039); - OP(FI, A, B, C, D, 12, 6, 0x655b59c3); - OP(FI, D, A, B, C, 3, 10, 0x8f0ccc92); - OP(FI, C, D, A, B, 10, 15, 0xffeff47d); - OP(FI, B, C, D, A, 1, 21, 0x85845dd1); - OP(FI, A, B, C, D, 8, 6, 0x6fa87e4f); - OP(FI, D, A, B, C, 15, 10, 0xfe2ce6e0); - OP(FI, C, D, A, B, 6, 15, 0xa3014314); - OP(FI, B, C, D, A, 13, 21, 0x4e0811a1); - OP(FI, A, B, C, D, 4, 6, 0xf7537e82); - OP(FI, D, A, B, C, 11, 10, 0xbd3af235); - OP(FI, C, D, A, B, 2, 15, 0x2ad7d2bb); - OP(FI, B, C, D, A, 9, 21, 0xeb86d391); -# endif - /* Add checksum to the starting values */ - ctx->A = A_save + A; - ctx->B = B_save + B; - ctx->C = C_save + C; - ctx->D = D_save + D; -#endif -} - -/* Feed data through a temporary buffer to call md5_hash_aligned_block() - * with chunks of data that are 4-byte aligned and a multiple of 64 bytes. - * This function's internal buffer remembers previous data until it has 64 - * bytes worth to pass on. Call md5_end() to flush this buffer. */ -void FAST_FUNC md5_hash(md5_ctx_t *ctx, const void *buffer, size_t len) -{ - unsigned bufpos = ctx->total64 & 63; - unsigned remaining; - - /* RFC 1321 specifies the possible length of the file up to 2^64 bits. - * Here we only track the number of bytes. */ - ctx->total64 += len; -#if 0 - remaining = 64 - bufpos; - - /* Hash whole blocks */ - while (len >= remaining) { - memcpy(ctx->wbuffer + bufpos, buffer, remaining); - buffer = (const char *)buffer + remaining; - len -= remaining; - remaining = 64; - bufpos = 0; - md5_process_block64(ctx); - } - - /* Save last, partial blosk */ - memcpy(ctx->wbuffer + bufpos, buffer, len); -#else - /* Tiny bit smaller code */ - while (1) { - remaining = 64 - bufpos; - if (remaining > len) - remaining = len; - /* Copy data into aligned buffer */ - memcpy(ctx->wbuffer + bufpos, buffer, remaining); - len -= remaining; - buffer = (const char *)buffer + remaining; - bufpos += remaining; - /* clever way to do "if (bufpos != 64) break; ... ; bufpos = 0;" */ - bufpos -= 64; - if (bufpos != 0) - break; - /* Buffer is filled up, process it */ - md5_process_block64(ctx); - /*bufpos = 0; - already is */ - } -#endif -} - -/* Process the remaining bytes in the buffer and put result from CTX - * in first 16 bytes following RESBUF. The result is always in little - * endian byte order, so that a byte-wise output yields to the wanted - * ASCII representation of the message digest. - */ -void FAST_FUNC md5_end(md5_ctx_t *ctx, void *resbuf) -{ - unsigned bufpos = ctx->total64 & 63; - /* Pad the buffer to the next 64-byte boundary with 0x80,0,0,0... */ - ctx->wbuffer[bufpos++] = 0x80; - - /* This loop iterates either once or twice, no more, no less */ - while (1) { - unsigned remaining = 64 - bufpos; - memset(ctx->wbuffer + bufpos, 0, remaining); - /* Do we have enough space for the length count? */ - if (remaining >= 8) { - /* Store the 64-bit counter of bits in the buffer in BE format */ - uint64_t t = ctx->total64 << 3; - unsigned i; - for (i = 0; i < 8; i++) { - ctx->wbuffer[56 + i] = t; - t >>= 8; - } - } - md5_process_block64(ctx); - if (remaining >= 8) - break; - bufpos = 0; - } - - /* The MD5 result is in little endian byte order. - * We (ab)use the fact that A-D are consecutive in memory. - */ -#if BB_BIG_ENDIAN - ctx->A = SWAP_LE32(ctx->A); - ctx->B = SWAP_LE32(ctx->B); - ctx->C = SWAP_LE32(ctx->C); - ctx->D = SWAP_LE32(ctx->D); -#endif - memcpy(resbuf, &ctx->A, sizeof(ctx->A) * 4); -} diff --git a/libbb/md5prime.c b/libbb/md5prime.c deleted file mode 100644 index 7986f4d29..000000000 --- a/libbb/md5prime.c +++ /dev/null @@ -1,460 +0,0 @@ -/* This file is not used by busybox right now. - * However, the code here seems to be a tiny bit smaller - * than one in md5.c. Need to investigate which one - * is better overall... - * Hint: grep for md5prime to find places where you can switch - * md5.c/md5prime.c - */ - -/* - * MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm - * - * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All - * rights reserved. - * - * License to copy and use this software is granted provided that it - * is identified as the "RSA Data Security, Inc. MD5 Message-Digest - * Algorithm" in all material mentioning or referencing this software - * or this function. - * - * License is also granted to make and use derivative works provided - * that such works are identified as "derived from the RSA Data - * Security, Inc. MD5 Message-Digest Algorithm" in all material - * mentioning or referencing the derived work. - * - * RSA Data Security, Inc. makes no representations concerning either - * the merchantability of this software or the suitability of this - * software for any particular purpose. It is provided "as is" - * without express or implied warranty of any kind. - * - * These notices must be retained in any copies of any part of this - * documentation and/or software. - * - * $FreeBSD: src/lib/libmd/md5c.c,v 1.9.2.1 1999/08/29 14:57:12 peter Exp $ - * - * This code is the same as the code published by RSA Inc. It has been - * edited for clarity and style only. - * - * ---------------------------------------------------------------------------- - * The md5_crypt() function was taken from freeBSD's libcrypt and contains - * this license: - * "THE BEER-WARE LICENSE" (Revision 42): - * wrote this file. As long as you retain this notice you - * can do whatever you want with this stuff. If we meet some day, and you think - * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp - * - * $FreeBSD: src/lib/libcrypt/crypt.c,v 1.7.2.1 1999/08/29 14:56:33 peter Exp $ - * - * ---------------------------------------------------------------------------- - * On April 19th, 2001 md5_crypt() was modified to make it reentrant - * by Erik Andersen - * - * June 28, 2001 Manuel Novoa III - * - * "Un-inlined" code using loops and static const tables in order to - * reduce generated code size (on i386 from approx 4k to approx 2.5k). - * - * June 29, 2001 Manuel Novoa III - * - * Completely removed static PADDING array. - * - * Reintroduced the loop unrolling in md5_transform and added the - * MD5_SIZE_VS_SPEED option for configurability. Define below as: - * 0 fully unrolled loops - * 1 partially unrolled (4 ops per loop) - * 2 no unrolling -- introduces the need to swap 4 variables (slow) - * 3 no unrolling and all 4 loops merged into one with switch - * in each loop (glacial) - * On i386, sizes are roughly (-Os -fno-builtin): - * 0: 3k 1: 2.5k 2: 2.2k 3: 2k - * - * Since SuSv3 does not require crypt_r, modified again August 7, 2002 - * by Erik Andersen to remove reentrance stuff... - */ - -#include "libbb.h" - -/* 1: fastest, 3: smallest */ -#if CONFIG_MD5_SIZE_VS_SPEED < 1 -# define MD5_SIZE_VS_SPEED 1 -#elif CONFIG_MD5_SIZE_VS_SPEED > 3 -# define MD5_SIZE_VS_SPEED 3 -#else -# define MD5_SIZE_VS_SPEED CONFIG_MD5_SIZE_VS_SPEED -#endif - -#if BB_LITTLE_ENDIAN -#define memcpy32_cpu2le memcpy -#define memcpy32_le2cpu memcpy -#else -/* Encodes input (uint32_t) into output (unsigned char). - * Assumes len is a multiple of 4. */ -static void -memcpy32_cpu2le(unsigned char *output, uint32_t *input, unsigned len) -{ - unsigned i, j; - for (i = 0, j = 0; j < len; i++, j += 4) { - output[j] = input[i]; - output[j+1] = (input[i] >> 8); - output[j+2] = (input[i] >> 16); - output[j+3] = (input[i] >> 24); - } -} -/* Decodes input (unsigned char) into output (uint32_t). - * Assumes len is a multiple of 4. */ -static void -memcpy32_le2cpu(uint32_t *output, const unsigned char *input, unsigned len) -{ - unsigned i, j; - for (i = 0, j = 0; j < len; i++, j += 4) - output[i] = ((uint32_t)input[j]) - | (((uint32_t)input[j+1]) << 8) - | (((uint32_t)input[j+2]) << 16) - | (((uint32_t)input[j+3]) << 24); -} -#endif /* i386 */ - -/* F, G, H and I are basic MD5 functions. */ -#define F(x, y, z) (((x) & (y)) | (~(x) & (z))) -#define G(x, y, z) (((x) & (z)) | ((y) & ~(z))) -#define H(x, y, z) ((x) ^ (y) ^ (z)) -#define I(x, y, z) ((y) ^ ((x) | ~(z))) - -/* rotl32 rotates x left n bits. */ -#define rotl32(x, n) (((x) << (n)) | ((x) >> (32 - (n)))) - -/* - * FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. - * Rotation is separate from addition to prevent recomputation. - */ -#define FF(a, b, c, d, x, s, ac) { \ - (a) += F((b), (c), (d)) + (x) + (uint32_t)(ac); \ - (a) = rotl32((a), (s)); \ - (a) += (b); \ - } -#define GG(a, b, c, d, x, s, ac) { \ - (a) += G((b), (c), (d)) + (x) + (uint32_t)(ac); \ - (a) = rotl32((a), (s)); \ - (a) += (b); \ - } -#define HH(a, b, c, d, x, s, ac) { \ - (a) += H((b), (c), (d)) + (x) + (uint32_t)(ac); \ - (a) = rotl32((a), (s)); \ - (a) += (b); \ - } -#define II(a, b, c, d, x, s, ac) { \ - (a) += I((b), (c), (d)) + (x) + (uint32_t)(ac); \ - (a) = rotl32((a), (s)); \ - (a) += (b); \ - } - -/* MD5 basic transformation. Transforms state based on block. */ -static void md5_transform(uint32_t state[4], const unsigned char block[64]) -{ - uint32_t a, b, c, d, x[16]; -#if MD5_SIZE_VS_SPEED > 1 - uint32_t temp; - const unsigned char *ps; - - static const unsigned char S[] = { - 7, 12, 17, 22, - 5, 9, 14, 20, - 4, 11, 16, 23, - 6, 10, 15, 21 - }; -#endif /* MD5_SIZE_VS_SPEED > 1 */ - -#if MD5_SIZE_VS_SPEED > 0 - const uint32_t *pc; - const unsigned char *pp; - int i; - - static const uint32_t C[] = { - /* round 1 */ - 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, - 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501, - 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be, - 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821, - /* round 2 */ - 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa, - 0xd62f105d, 0x2441453, 0xd8a1e681, 0xe7d3fbc8, - 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed, - 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a, - /* round 3 */ - 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c, - 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70, - 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05, - 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665, - /* round 4 */ - 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039, - 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1, - 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1, - 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391 - }; - static const unsigned char P[] = { - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, /* 1 */ - 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, /* 2 */ - 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2, /* 3 */ - 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9 /* 4 */ - }; - -#endif /* MD5_SIZE_VS_SPEED > 0 */ - - memcpy32_le2cpu(x, block, 64); - - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - -#if MD5_SIZE_VS_SPEED > 2 - pc = C; - pp = P; - ps = S - 4; - for (i = 0; i < 64; i++) { - if ((i & 0x0f) == 0) ps += 4; - temp = a; - switch (i>>4) { - case 0: - temp += F(b, c, d); - break; - case 1: - temp += G(b, c, d); - break; - case 2: - temp += H(b, c, d); - break; - case 3: - temp += I(b, c, d); - break; - } - temp += x[*pp++] + *pc++; - temp = rotl32(temp, ps[i & 3]); - temp += b; - a = d; d = c; c = b; b = temp; - } -#elif MD5_SIZE_VS_SPEED > 1 - pc = C; - pp = P; - ps = S; - /* Round 1 */ - for (i = 0; i < 16; i++) { - FF(a, b, c, d, x[*pp], ps[i & 0x3], *pc); pp++; pc++; - temp = d; d = c; c = b; b = a; a = temp; - } - /* Round 2 */ - ps += 4; - for (; i < 32; i++) { - GG(a, b, c, d, x[*pp], ps[i & 0x3], *pc); pp++; pc++; - temp = d; d = c; c = b; b = a; a = temp; - } - /* Round 3 */ - ps += 4; - for (; i < 48; i++) { - HH(a, b, c, d, x[*pp], ps[i & 0x3], *pc); pp++; pc++; - temp = d; d = c; c = b; b = a; a = temp; - } - /* Round 4 */ - ps += 4; - for (; i < 64; i++) { - II(a, b, c, d, x[*pp], ps[i & 0x3], *pc); pp++; pc++; - temp = d; d = c; c = b; b = a; a = temp; - } -#elif MD5_SIZE_VS_SPEED > 0 - pc = C; - pp = P; - /* Round 1 */ - for (i = 0; i < 4; i++) { - FF(a, b, c, d, x[*pp], 7, *pc); pp++; pc++; - FF(d, a, b, c, x[*pp], 12, *pc); pp++; pc++; - FF(c, d, a, b, x[*pp], 17, *pc); pp++; pc++; - FF(b, c, d, a, x[*pp], 22, *pc); pp++; pc++; - } - /* Round 2 */ - for (i = 0; i < 4; i++) { - GG(a, b, c, d, x[*pp], 5, *pc); pp++; pc++; - GG(d, a, b, c, x[*pp], 9, *pc); pp++; pc++; - GG(c, d, a, b, x[*pp], 14, *pc); pp++; pc++; - GG(b, c, d, a, x[*pp], 20, *pc); pp++; pc++; - } - /* Round 3 */ - for (i = 0; i < 4; i++) { - HH(a, b, c, d, x[*pp], 4, *pc); pp++; pc++; - HH(d, a, b, c, x[*pp], 11, *pc); pp++; pc++; - HH(c, d, a, b, x[*pp], 16, *pc); pp++; pc++; - HH(b, c, d, a, x[*pp], 23, *pc); pp++; pc++; - } - /* Round 4 */ - for (i = 0; i < 4; i++) { - II(a, b, c, d, x[*pp], 6, *pc); pp++; pc++; - II(d, a, b, c, x[*pp], 10, *pc); pp++; pc++; - II(c, d, a, b, x[*pp], 15, *pc); pp++; pc++; - II(b, c, d, a, x[*pp], 21, *pc); pp++; pc++; - } -#else - /* Round 1 */ -#define S11 7 -#define S12 12 -#define S13 17 -#define S14 22 - FF(a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ - FF(d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ - FF(c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ - FF(b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ - FF(a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ - FF(d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ - FF(c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ - FF(b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ - FF(a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ - FF(d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ - FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ - FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ - FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ - FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ - FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ - FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ - /* Round 2 */ -#define S21 5 -#define S22 9 -#define S23 14 -#define S24 20 - GG(a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ - GG(d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ - GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ - GG(b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ - GG(a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ - GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */ - GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ - GG(b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ - GG(a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ - GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ - GG(c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ - GG(b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ - GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ - GG(d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ - GG(c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ - GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ - /* Round 3 */ -#define S31 4 -#define S32 11 -#define S33 16 -#define S34 23 - HH(a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ - HH(d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ - HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ - HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ - HH(a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ - HH(d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ - HH(c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ - HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ - HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ - HH(d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ - HH(c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ - HH(b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ - HH(a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ - HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ - HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ - HH(b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ - /* Round 4 */ -#define S41 6 -#define S42 10 -#define S43 15 -#define S44 21 - II(a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ - II(d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ - II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ - II(b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ - II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ - II(d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ - II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ - II(b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ - II(a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ - II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ - II(c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ - II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ - II(a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ - II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ - II(c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ - II(b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ -#endif - - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - - /* Zeroize sensitive information. */ - memset(x, 0, sizeof(x)); -} - - -/* MD5 initialization. */ -void FAST_FUNC md5_begin(md5_ctx_t *context) -{ - context->count[0] = context->count[1] = 0; - /* Load magic initialization constants. */ - context->state[0] = 0x67452301; - context->state[1] = 0xefcdab89; - context->state[2] = 0x98badcfe; - context->state[3] = 0x10325476; -} - -/* - * MD5 block update operation. Continues an MD5 message-digest - * operation, processing another message block, and updating - * the context. - */ -void FAST_FUNC md5_hash(const void *buffer, size_t inputLen, md5_ctx_t *context) -{ - unsigned i, idx, partLen; - const unsigned char *input = buffer; - - /* Compute number of bytes mod 64 */ - idx = (context->count[0] >> 3) & 0x3F; - - /* Update number of bits */ - context->count[0] += (inputLen << 3); - if (context->count[0] < (inputLen << 3)) - context->count[1]++; - context->count[1] += (inputLen >> 29); - - /* Transform as many times as possible. */ - i = 0; - partLen = 64 - idx; - if (inputLen >= partLen) { - memcpy(&context->buffer[idx], input, partLen); - md5_transform(context->state, context->buffer); - for (i = partLen; i + 63 < inputLen; i += 64) - md5_transform(context->state, &input[i]); - idx = 0; - } - - /* Buffer remaining input */ - memcpy(&context->buffer[idx], &input[i], inputLen - i); -} - -/* - * MD5 finalization. Ends an MD5 message-digest operation, - * writing the message digest. - */ -void FAST_FUNC md5_end(void *digest, md5_ctx_t *context) -{ - unsigned idx, padLen; - unsigned char bits[8]; - unsigned char padding[64]; - - /* Add padding followed by original length. */ - memset(padding, 0, sizeof(padding)); - padding[0] = 0x80; - /* save number of bits */ - memcpy32_cpu2le(bits, context->count, 8); - /* pad out to 56 mod 64 */ - idx = (context->count[0] >> 3) & 0x3f; - padLen = (idx < 56) ? (56 - idx) : (120 - idx); - md5_hash(padding, padLen, context); - /* append length (before padding) */ - md5_hash(bits, 8, context); - - /* Store state in digest */ - memcpy32_cpu2le(digest, context->state, 16); -} diff --git a/libbb/sha1.c b/libbb/sha1.c deleted file mode 100644 index d79291148..000000000 --- a/libbb/sha1.c +++ /dev/null @@ -1,530 +0,0 @@ -/* vi: set sw=4 ts=4: */ -/* - * Based on shasum from http://www.netsw.org/crypto/hash/ - * Majorly hacked up to use Dr Brian Gladman's sha1 code - * - * Copyright (C) 2002 Dr Brian Gladman , Worcester, UK. - * Copyright (C) 2003 Glenn L. McGrath - * Copyright (C) 2003 Erik Andersen - * - * Licensed under GPLv2 or later, see file LICENSE in this source tree. - * - * --------------------------------------------------------------------------- - * Issue Date: 10/11/2002 - * - * This is a byte oriented version of SHA1 that operates on arrays of bytes - * stored in memory. It runs at 22 cycles per byte on a Pentium P4 processor - * - * --------------------------------------------------------------------------- - * - * SHA256 and SHA512 parts are: - * Released into the Public Domain by Ulrich Drepper . - * Shrank by Denys Vlasenko. - * - * --------------------------------------------------------------------------- - * - * The best way to test random blocksizes is to go to coreutils/md5_sha1_sum.c - * and replace "4096" with something like "2000 + time(NULL) % 2097", - * then rebuild and compare "shaNNNsum bigfile" results. - */ - -#include "libbb.h" - -/* gcc 4.2.1 optimizes rotr64 better with inline than with macro - * (for rotX32, there is no difference). Why? My guess is that - * macro requires clever common subexpression elimination heuristics - * in gcc, while inline basically forces it to happen. - */ -//#define rotl32(x,n) (((x) << (n)) | ((x) >> (32 - (n)))) -static ALWAYS_INLINE uint32_t rotl32(uint32_t x, unsigned n) -{ - return (x << n) | (x >> (32 - n)); -} -//#define rotr32(x,n) (((x) >> (n)) | ((x) << (32 - (n)))) -static ALWAYS_INLINE uint32_t rotr32(uint32_t x, unsigned n) -{ - return (x >> n) | (x << (32 - n)); -} -/* rotr64 in needed for sha512 only: */ -//#define rotr64(x,n) (((x) >> (n)) | ((x) << (64 - (n)))) -static ALWAYS_INLINE uint64_t rotr64(uint64_t x, unsigned n) -{ - return (x >> n) | (x << (64 - n)); -} -#if BB_LITTLE_ENDIAN -/* ALWAYS_INLINE below would hurt code size, using plain inline: */ -static inline uint64_t hton64(uint64_t v) -{ - return (((uint64_t)htonl(v)) << 32) | htonl(v >> 32); -} -#else -#define hton64(v) (v) -#endif -#define ntoh64(v) hton64(v) - - -/* Some arch headers have conflicting defines */ -#undef ch -#undef parity -#undef maj -#undef rnd - -static void FAST_FUNC sha1_process_block64(sha1_ctx_t *ctx) -{ - unsigned t; - uint32_t W[80], a, b, c, d, e; - const uint32_t *words = (uint32_t*) ctx->wbuffer; - - for (t = 0; t < 16; ++t) - W[t] = ntohl(words[t]); - for (/*t = 16*/; t < 80; ++t) { - uint32_t T = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16]; - W[t] = rotl32(T, 1); - } - - a = ctx->hash[0]; - b = ctx->hash[1]; - c = ctx->hash[2]; - d = ctx->hash[3]; - e = ctx->hash[4]; - -/* Reverse byte order in 32-bit words */ -#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) -#define parity(x,y,z) ((x) ^ (y) ^ (z)) -#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) | (y)))) -/* A normal version as set out in the FIPS. This version uses */ -/* partial loop unrolling and is optimised for the Pentium 4 */ -#define rnd(f,k) \ - do { \ - uint32_t T = a; \ - a = rotl32(a, 5) + f(b, c, d) + e + k + W[t]; \ - e = d; \ - d = c; \ - c = rotl32(b, 30); \ - b = T; \ - } while (0) - - for (t = 0; t < 20; ++t) - rnd(ch, 0x5a827999); - - for (/*t = 20*/; t < 40; ++t) - rnd(parity, 0x6ed9eba1); - - for (/*t = 40*/; t < 60; ++t) - rnd(maj, 0x8f1bbcdc); - - for (/*t = 60*/; t < 80; ++t) - rnd(parity, 0xca62c1d6); -#undef ch -#undef parity -#undef maj -#undef rnd - - ctx->hash[0] += a; - ctx->hash[1] += b; - ctx->hash[2] += c; - ctx->hash[3] += d; - ctx->hash[4] += e; -} - -/* Constants for SHA512 from FIPS 180-2:4.2.3. - * SHA256 constants from FIPS 180-2:4.2.2 - * are the most significant half of first 64 elements - * of the same array. - */ -static const uint64_t sha_K[80] = { - 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, - 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, - 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, - 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, - 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, - 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, - 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, - 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, - 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, - 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, - 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, - 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, - 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, - 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, - 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, - 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, - 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, - 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, - 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, - 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, - 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, - 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, - 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, - 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, - 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, - 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, - 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, - 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, - 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, - 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, - 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, - 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, - 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, /* [64]+ are used for sha512 only */ - 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, - 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, - 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, - 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, - 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, - 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, - 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL -}; - -#undef Ch -#undef Maj -#undef S0 -#undef S1 -#undef R0 -#undef R1 - -static void FAST_FUNC sha256_process_block64(sha256_ctx_t *ctx) -{ - unsigned t; - uint32_t W[64], a, b, c, d, e, f, g, h; - const uint32_t *words = (uint32_t*) ctx->wbuffer; - - /* Operators defined in FIPS 180-2:4.1.2. */ -#define Ch(x, y, z) ((x & y) ^ (~x & z)) -#define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z)) -#define S0(x) (rotr32(x, 2) ^ rotr32(x, 13) ^ rotr32(x, 22)) -#define S1(x) (rotr32(x, 6) ^ rotr32(x, 11) ^ rotr32(x, 25)) -#define R0(x) (rotr32(x, 7) ^ rotr32(x, 18) ^ (x >> 3)) -#define R1(x) (rotr32(x, 17) ^ rotr32(x, 19) ^ (x >> 10)) - - /* Compute the message schedule according to FIPS 180-2:6.2.2 step 2. */ - for (t = 0; t < 16; ++t) - W[t] = ntohl(words[t]); - for (/*t = 16*/; t < 64; ++t) - W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16]; - - a = ctx->hash[0]; - b = ctx->hash[1]; - c = ctx->hash[2]; - d = ctx->hash[3]; - e = ctx->hash[4]; - f = ctx->hash[5]; - g = ctx->hash[6]; - h = ctx->hash[7]; - - /* The actual computation according to FIPS 180-2:6.2.2 step 3. */ - for (t = 0; t < 64; ++t) { - /* Need to fetch upper half of sha_K[t] - * (I hope compiler is clever enough to just fetch - * upper half) - */ - uint32_t K_t = sha_K[t] >> 32; - uint32_t T1 = h + S1(e) + Ch(e, f, g) + K_t + W[t]; - uint32_t T2 = S0(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - } -#undef Ch -#undef Maj -#undef S0 -#undef S1 -#undef R0 -#undef R1 - /* Add the starting values of the context according to FIPS 180-2:6.2.2 - step 4. */ - ctx->hash[0] += a; - ctx->hash[1] += b; - ctx->hash[2] += c; - ctx->hash[3] += d; - ctx->hash[4] += e; - ctx->hash[5] += f; - ctx->hash[6] += g; - ctx->hash[7] += h; -} - -static void FAST_FUNC sha512_process_block128(sha512_ctx_t *ctx) -{ - unsigned t; - uint64_t W[80]; - /* On i386, having assignments here (not later as sha256 does) - * produces 99 bytes smaller code with gcc 4.3.1 - */ - uint64_t a = ctx->hash[0]; - uint64_t b = ctx->hash[1]; - uint64_t c = ctx->hash[2]; - uint64_t d = ctx->hash[3]; - uint64_t e = ctx->hash[4]; - uint64_t f = ctx->hash[5]; - uint64_t g = ctx->hash[6]; - uint64_t h = ctx->hash[7]; - const uint64_t *words = (uint64_t*) ctx->wbuffer; - - /* Operators defined in FIPS 180-2:4.1.2. */ -#define Ch(x, y, z) ((x & y) ^ (~x & z)) -#define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z)) -#define S0(x) (rotr64(x, 28) ^ rotr64(x, 34) ^ rotr64(x, 39)) -#define S1(x) (rotr64(x, 14) ^ rotr64(x, 18) ^ rotr64(x, 41)) -#define R0(x) (rotr64(x, 1) ^ rotr64(x, 8) ^ (x >> 7)) -#define R1(x) (rotr64(x, 19) ^ rotr64(x, 61) ^ (x >> 6)) - - /* Compute the message schedule according to FIPS 180-2:6.3.2 step 2. */ - for (t = 0; t < 16; ++t) - W[t] = ntoh64(words[t]); - for (/*t = 16*/; t < 80; ++t) - W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16]; - - /* The actual computation according to FIPS 180-2:6.3.2 step 3. */ - for (t = 0; t < 80; ++t) { - uint64_t T1 = h + S1(e) + Ch(e, f, g) + sha_K[t] + W[t]; - uint64_t T2 = S0(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - } -#undef Ch -#undef Maj -#undef S0 -#undef S1 -#undef R0 -#undef R1 - /* Add the starting values of the context according to FIPS 180-2:6.3.2 - step 4. */ - ctx->hash[0] += a; - ctx->hash[1] += b; - ctx->hash[2] += c; - ctx->hash[3] += d; - ctx->hash[4] += e; - ctx->hash[5] += f; - ctx->hash[6] += g; - ctx->hash[7] += h; -} - - -void FAST_FUNC sha1_begin(sha1_ctx_t *ctx) -{ - ctx->hash[0] = 0x67452301; - ctx->hash[1] = 0xefcdab89; - ctx->hash[2] = 0x98badcfe; - ctx->hash[3] = 0x10325476; - ctx->hash[4] = 0xc3d2e1f0; - ctx->total64 = 0; - ctx->process_block = sha1_process_block64; -} - -static const uint32_t init256[] = { - 0x6a09e667, - 0xbb67ae85, - 0x3c6ef372, - 0xa54ff53a, - 0x510e527f, - 0x9b05688c, - 0x1f83d9ab, - 0x5be0cd19, - 0, - 0, -}; -static const uint32_t init512_lo[] = { - 0xf3bcc908, - 0x84caa73b, - 0xfe94f82b, - 0x5f1d36f1, - 0xade682d1, - 0x2b3e6c1f, - 0xfb41bd6b, - 0x137e2179, - 0, - 0, -}; - -/* Initialize structure containing state of computation. - (FIPS 180-2:5.3.2) */ -void FAST_FUNC sha256_begin(sha256_ctx_t *ctx) -{ - memcpy(ctx->hash, init256, sizeof(init256)); - /*ctx->total64 = 0; - done by extending init256 with two 32-bit zeros */ - ctx->process_block = sha256_process_block64; -} - -/* Initialize structure containing state of computation. - (FIPS 180-2:5.3.3) */ -void FAST_FUNC sha512_begin(sha512_ctx_t *ctx) -{ - int i; - /* Two extra iterations zero out ctx->total64[] */ - for (i = 0; i < 8+2; i++) - ctx->hash[i] = ((uint64_t)(init256[i]) << 32) + init512_lo[i]; - /*ctx->total64[0] = ctx->total64[1] = 0; - already done */ -} - - -/* Used also for sha256 */ -void FAST_FUNC sha1_hash(sha1_ctx_t *ctx, const void *buffer, size_t len) -{ - unsigned bufpos = ctx->total64 & 63; - unsigned remaining; - - ctx->total64 += len; -#if 0 - remaining = 64 - bufpos; - - /* Hash whole blocks */ - while (len >= remaining) { - memcpy(ctx->wbuffer + bufpos, buffer, remaining); - buffer = (const char *)buffer + remaining; - len -= remaining; - remaining = 64; - bufpos = 0; - ctx->process_block(ctx); - } - - /* Save last, partial blosk */ - memcpy(ctx->wbuffer + bufpos, buffer, len); -#else - /* Tiny bit smaller code */ - while (1) { - remaining = 64 - bufpos; - if (remaining > len) - remaining = len; - /* Copy data into aligned buffer */ - memcpy(ctx->wbuffer + bufpos, buffer, remaining); - len -= remaining; - buffer = (const char *)buffer + remaining; - bufpos += remaining; - /* clever way to do "if (bufpos != 64) break; ... ; bufpos = 0;" */ - bufpos -= 64; - if (bufpos != 0) - break; - /* Buffer is filled up, process it */ - ctx->process_block(ctx); - /*bufpos = 0; - already is */ - } -#endif -} - -void FAST_FUNC sha512_hash(sha512_ctx_t *ctx, const void *buffer, size_t len) -{ - unsigned bufpos = ctx->total64[0] & 127; - unsigned remaining; - - /* First increment the byte count. FIPS 180-2 specifies the possible - length of the file up to 2^128 _bits_. - We compute the number of _bytes_ and convert to bits later. */ - ctx->total64[0] += len; - if (ctx->total64[0] < len) - ctx->total64[1]++; -#if 0 - remaining = 128 - bufpos; - - /* Hash whole blocks */ - while (len >= remaining) { - memcpy(ctx->wbuffer + bufpos, buffer, remaining); - buffer = (const char *)buffer + remaining; - len -= remaining; - remaining = 128; - bufpos = 0; - sha512_process_block128(ctx); - } - - /* Save last, partial blosk */ - memcpy(ctx->wbuffer + bufpos, buffer, len); -#else - while (1) { - remaining = 128 - bufpos; - if (remaining > len) - remaining = len; - /* Copy data into aligned buffer */ - memcpy(ctx->wbuffer + bufpos, buffer, remaining); - len -= remaining; - buffer = (const char *)buffer + remaining; - bufpos += remaining; - /* clever way to do "if (bufpos != 128) break; ... ; bufpos = 0;" */ - bufpos -= 128; - if (bufpos != 0) - break; - /* Buffer is filled up, process it */ - sha512_process_block128(ctx); - /*bufpos = 0; - already is */ - } -#endif -} - - -/* Used also for sha256 */ -void FAST_FUNC sha1_end(sha1_ctx_t *ctx, void *resbuf) -{ - unsigned bufpos = ctx->total64 & 63; - - /* Pad the buffer to the next 64-byte boundary with 0x80,0,0,0... */ - ctx->wbuffer[bufpos++] = 0x80; - - /* This loop iterates either once or twice, no more, no less */ - while (1) { - unsigned remaining = 64 - bufpos; - memset(ctx->wbuffer + bufpos, 0, remaining); - /* Do we have enough space for the length count? */ - if (remaining >= 8) { - /* Store the 64-bit counter of bits in the buffer in BE format */ - uint64_t t = ctx->total64 << 3; - t = hton64(t); - /* wbuffer is suitably aligned for this */ - *(uint64_t *) (&ctx->wbuffer[64 - 8]) = t; - } - ctx->process_block(ctx); - if (remaining >= 8) - break; - bufpos = 0; - } - - bufpos = (ctx->process_block == sha1_process_block64) ? 5 : 8; - /* This way we do not impose alignment constraints on resbuf: */ - if (BB_LITTLE_ENDIAN) { - unsigned i; - for (i = 0; i < bufpos; ++i) - ctx->hash[i] = htonl(ctx->hash[i]); - } - memcpy(resbuf, ctx->hash, sizeof(ctx->hash[0]) * bufpos); -} - -void FAST_FUNC sha512_end(sha512_ctx_t *ctx, void *resbuf) -{ - unsigned bufpos = ctx->total64[0] & 127; - - /* Pad the buffer to the next 128-byte boundary with 0x80,0,0,0... */ - ctx->wbuffer[bufpos++] = 0x80; - - while (1) { - unsigned remaining = 128 - bufpos; - memset(ctx->wbuffer + bufpos, 0, remaining); - if (remaining >= 16) { - /* Store the 128-bit counter of bits in the buffer in BE format */ - uint64_t t; - t = ctx->total64[0] << 3; - t = hton64(t); - *(uint64_t *) (&ctx->wbuffer[128 - 8]) = t; - t = (ctx->total64[1] << 3) | (ctx->total64[0] >> 61); - t = hton64(t); - *(uint64_t *) (&ctx->wbuffer[128 - 16]) = t; - } - sha512_process_block128(ctx); - if (remaining >= 16) - break; - bufpos = 0; - } - - if (BB_LITTLE_ENDIAN) { - unsigned i; - for (i = 0; i < ARRAY_SIZE(ctx->hash); ++i) - ctx->hash[i] = hton64(ctx->hash[i]); - } - memcpy(resbuf, ctx->hash, sizeof(ctx->hash)); -} -- cgit v1.2.3