xref: /freebsd/sys/crypto/md5c.c (revision 51e8e8b0f36933814b1be08913857727876aece5) 
1 /*-
2  * Copyright (c) 2024, 2025 Robert Clausecker <fuz@FreeBSD.org>
3  *
4  * SPDX-License-Identifier: BSD-2-Clause
5  */
6 
7 #include <sys/endian.h>
8 #include <sys/types.h>
9 #include <sys/md5.h>
10 
11 #ifdef _KERNEL
12 #include <sys/param.h>
13 #include <sys/stdint.h>
14 #include <sys/systm.h>
15 #define assert(expr) MPASS(expr)
16 #else
17 #include <assert.h>
18 #include <stdint.h>
19 #include <string.h>
20 #include <strings.h>
21 #endif /* defined(_KERNEL) */
22 
23 #define md5block _libmd_md5block
24 #ifdef MD5_ASM
25 extern void	md5block(MD5_CTX *, const void *, size_t);
26 #else
27 static void	md5block(MD5_CTX *, const void *, size_t);
28 #endif
29 
30 /* don't unroll in bootloader */
31 #ifdef STANDALONE_SMALL
32 #define UNROLL
33 #else
34 #define UNROLL _Pragma("unroll")
35 #endif
36 
37 void
38 MD5Init(MD5_CTX *ctx)
39 {
40 	ctx->state[0] = 0x67452301;
41 	ctx->state[1] = 0xefcdab89;
42 	ctx->state[2] = 0x98badcfe;
43 	ctx->state[3] = 0x10325476;
44 
45 	ctx->count[0] = 0;
46 	ctx->count[1] = 0;
47 }
48 
49 void
50 MD5Update(MD5_CTX *ctx, const void *data, unsigned int len)
51 {
52 	uint64_t nn;
53 	const char *p = data;
54 	unsigned num;
55 
56 	num = ctx->count[0] % MD5_BLOCK_LENGTH;
57 	nn = (uint64_t)ctx->count[0] | (uint64_t)ctx->count[1] << 32;
58 	nn += len;
59 	ctx->count[0] = (uint32_t)nn;
60 	ctx->count[1] = (uint32_t)(nn >> 32);
61 
62 	if (num > 0) {
63 		unsigned int n = MD5_BLOCK_LENGTH - num;
64 
65 		if (n > len)
66 			n = len;
67 
68 		memcpy((char *)ctx->buffer + num, p, n);
69 		num += n;
70 		if (num == MD5_BLOCK_LENGTH)
71 			md5block(ctx, (void *)ctx->buffer, MD5_BLOCK_LENGTH);
72 
73 		p += n;
74 		len -= n;
75 	}
76 
77 	if (len >= MD5_BLOCK_LENGTH) {
78 		unsigned n = len & ~(unsigned)(MD5_BLOCK_LENGTH - 1);
79 
80 		md5block(ctx, p, n);
81 		p += n;
82 		len -= n;
83 	}
84 
85 	if (len > 0)
86 		memcpy((void *)ctx->buffer, p, len);
87 }
88 
89 static void
90 MD5Pad(MD5_CTX *ctx)
91 {
92 	uint64_t len;
93 	unsigned t;
94 	unsigned char tmp[MD5_BLOCK_LENGTH + sizeof(uint64_t)] = {0x80, 0};
95 
96 	len = (uint64_t)ctx->count[0] | (uint64_t)ctx->count[1] << 32;
97 	t = 64 + 56 - ctx->count[0] % 64;
98 	if (t > 64)
99 		t -= 64;
100 
101 	/* length in bits */
102 	len <<= 3;
103 	le64enc(tmp + t, len);
104 	MD5Update(ctx, tmp, t + 8);
105 	assert(ctx->count[0] % MD5_BLOCK_LENGTH == 0);
106 }
107 
108 void
109 MD5Final(unsigned char md[16], MD5_CTX *ctx)
110 {
111 	MD5Pad(ctx);
112 
113 	le32enc(md +  0, ctx->state[0]);
114 	le32enc(md +  4, ctx->state[1]);
115 	le32enc(md +  8, ctx->state[2]);
116 	le32enc(md + 12, ctx->state[3]);
117 
118 	explicit_bzero(ctx, sizeof(ctx));
119 }
120 
121 #ifndef MD5_ASM
122 static const uint32_t K[64] = {
123 	0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee,
124 	0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
125 	0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
126 	0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
127 	0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
128 	0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8,
129 	0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed,
130 	0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
131 	0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
132 	0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
133 	0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x04881d05,
134 	0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
135 	0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039,
136 	0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
137 	0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
138 	0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391,
139 };
140 
141 static inline uint32_t
142 rol32(uint32_t a, int b)
143 {
144 	return (a << b | a >> (32 - b));
145 }
146 
147 static void
148 md5block(MD5_CTX *ctx, const void *data, size_t len)
149 {
150 	uint32_t m[16], a0, b0, c0, d0;
151 	const char *p = data;
152 
153 	a0 = ctx->state[0];
154 	b0 = ctx->state[1];
155 	c0 = ctx->state[2];
156 	d0 = ctx->state[3];
157 
158 	while (len >= MD5_BLOCK_LENGTH) {
159 		size_t i;
160 		uint32_t a = a0, b = b0, c = c0, d = d0, f, tmp;
161 
162 		UNROLL
163 		for (i = 0; i < 16; i++)
164 			m[i] = le32dec(p + 4*i);
165 
166 		UNROLL
167 		for (i = 0; i < 16; i += 4) {
168 			f = d ^ (b & (c ^ d));
169 			tmp = d;
170 			d = c;
171 			c = b;
172 			b += rol32(a + f + K[i] + m[i], 7);
173 			a = tmp;
174 
175 			f = d ^ (b & (c ^ d));
176 			tmp = d;
177 			d = c;
178 			c = b;
179 			b += rol32(a + f + K[i + 1] + m[i + 1], 12);
180 			a = tmp;
181 
182 			f = d ^ (b & (c ^ d));
183 			tmp = d;
184 			d = c;
185 			c = b;
186 			b += rol32(a + f + K[i + 2] + m[i + 2], 17);
187 			a = tmp;
188 
189 			f = d ^ (b & (c ^ d));
190 			tmp = d;
191 			d = c;
192 			c = b;
193 			b += rol32(a + f + K[i + 3] + m[i + 3], 22);
194 			a = tmp;
195 		}
196 
197 		UNROLL
198 		for (; i < 32; i += 4) {
199 			f = c ^ (d & (b ^ c));
200 			tmp = d;
201 			d = c;
202 			c = b;
203 			b += rol32(a + f + K[i] + m[(5*i + 1) % 16], 5);
204 			a = tmp;
205 
206 			f = c ^ (d & (b ^ c));
207 			tmp = d;
208 			d = c;
209 			c = b;
210 			b += rol32(a + f + K[i + 1] + m[(5*i + 6) % 16], 9);
211 			a = tmp;
212 
213 			f = c ^ (d & (b ^ c));
214 			tmp = d;
215 			d = c;
216 			c = b;
217 			b += rol32(a + f + K[i + 2] + m[(5*i + 11) % 16], 14);
218 			a = tmp;
219 
220 			f = c ^ (d & (b ^ c));
221 			tmp = d;
222 			d = c;
223 			c = b;
224 			b += rol32(a + f + K[i + 3] + m[5*i % 16], 20);
225 			a = tmp;
226 		}
227 
228 		UNROLL
229 		for (; i < 48; i += 4) {
230 			f = b ^ c ^ d;
231 			tmp = d;
232 			d = c;
233 			c = b;
234 			b += rol32(a + f + K[i] + m[(3*i + 5) % 16], 4);
235 			a = tmp;
236 
237 			f = b ^ c ^ d;
238 			tmp = d;
239 			d = c;
240 			c = b;
241 			b += rol32(a + f + K[i + 1] + m[(3*i + 8) % 16], 11);
242 			a = tmp;
243 
244 			f = b ^ c ^ d;
245 			tmp = d;
246 			d = c;
247 			c = b;
248 			b += rol32(a + f + K[i + 2] + m[(3*i + 11) % 16], 16);
249 			a = tmp;
250 
251 			f = b ^ c ^ d;
252 			tmp = d;
253 			d = c;
254 			c = b;
255 			b += rol32(a + f + K[i + 3] + m[(3*i + 14) % 16], 23);
256 			a = tmp;
257 		}
258 
259 		UNROLL
260 		for (; i < 64; i += 4) {
261 			f = c ^ (b | ~d);
262 			tmp = d;
263 			d = c;
264 			c = b;
265 			b += rol32(a + f + K[i] + m[7*i % 16], 6);
266 			a = tmp;
267 
268 			f = c ^ (b | ~d);
269 			tmp = d;
270 			d = c;
271 			c = b;
272 			b += rol32(a + f + K[i + 1] + m[(7*i + 7) % 16], 10);
273 			a = tmp;
274 
275 			f = c ^ (b | ~d);
276 			tmp = d;
277 			d = c;
278 			c = b;
279 			b += rol32(a + f + K[i + 2] + m[(7*i + 14) % 16], 15);
280 			a = tmp;
281 
282 			f = c ^ (b | ~d);
283 			tmp = d;
284 			d = c;
285 			c = b;
286 			b += rol32(a + f + K[i + 3] + m[(7*i + 5) % 16], 21);
287 			a = tmp;
288 		}
289 
290 		a0 += a;
291 		b0 += b;
292 		c0 += c;
293 		d0 += d;
294 
295 		p += MD5_BLOCK_LENGTH;
296 		len -= MD5_BLOCK_LENGTH;
297 	}
298 
299 	ctx->state[0] = a0;
300 	ctx->state[1] = b0;
301 	ctx->state[2] = c0;
302 	ctx->state[3] = d0;
303 }
304 #endif /* !defined(MD5_ASM) */
305 
306 #ifdef WEAK_REFS
307 /* When building libmd, provide weak references. Note: this is not
308    activated in the context of compiling these sources for internal
309    use in libcrypt.
310  */
311 #undef MD5Init
312 __weak_reference(_libmd_MD5Init, MD5Init);
313 #undef MD5Update
314 __weak_reference(_libmd_MD5Update, MD5Update);
315 #undef MD5Final
316 __weak_reference(_libmd_MD5Final, MD5Final);
317 #endif
318