/* Functions to compute MD5 message digest of files or memory blocks.

   according to the definition of MD5 in RFC 1321 from April 1992.

   Copyright (C) 1995-2017 Free Software Foundation, Inc.

   This library is free software; you can redistribute it and/or

   modify it under the terms of the GNU Lesser General Public License

   as published by the Free Software Foundation; either version 2.1 of

   the License, or (at your option) any later version.

   This library is distributed in the hope that it will be useful,

   but WITHOUT ANY WARRANTY; without even the implied warranty of

   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

   GNU Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public

   License along with this library; if not, see

   <https://www.gnu.org/licenses/>.  */

/* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995.  */

#include "crypt-port.h"

#include "alg-md5.h"

#include "byteorder.h"

#if INCLUDE_md5 || INCLUDE_sunmd5

static void md5_process_block (const void *buffer, size_t len,

                               struct md5_ctx *ctx);

/* Initialize structure containing state of computation.

   (RFC 1321, 3.3: Step 3)  */

void

md5_init_ctx (struct md5_ctx *ctx)

{

  ctx->A = 0x67452301;

  ctx->B = 0xefcdab89;

  ctx->C = 0x98badcfe;

  ctx->D = 0x10325476;

  ctx->total = 0;

  ctx->buflen = 0;

}

/* Put result from CTX in first 16 bytes following RESBUF.  The result

   will be in little endian byte order.  */

static void *

md5_read_ctx (struct md5_ctx *ctx, void *resbuf)

{

  unsigned char *buf = resbuf;

  cpu_to_le32 (buf +  0, ctx->A);

  cpu_to_le32 (buf +  4, ctx->B);

  cpu_to_le32 (buf +  8, ctx->C);

  cpu_to_le32 (buf + 12, ctx->D);

  XCRYPT_SECURE_MEMSET (ctx, sizeof(*ctx));

  return resbuf;

}

/* Process the remaining bytes in the internal buffer and the usual

   prolog according to the standard and write the result to RESBUF.  */

void *

md5_finish_ctx (struct md5_ctx *ctx, void *resbuf)

{

  /* Take yet unprocessed bytes into account.  */

  uint32_t bytes = ctx->buflen;

  size_t pad;

  /* Now count remaining bytes.  */

  ctx->total += bytes;

  pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes;

  /* The first byte of padding should be 0x80 and the rest should be

     zero.  (RFC 1321, 3.1: Step 1) */

  ctx->buffer[bytes] = 0x80u;

  XCRYPT_SECURE_MEMSET (&ctx->buffer[bytes+1], pad-1);

  /* Put the 64-bit file length in little-endian *bits* at the end of

     the buffer.  */

  cpu_to_le64 (&ctx->buffer[bytes + pad], ctx->total << 3);

  /* Process last bytes.  */

  md5_process_block (ctx->buffer, bytes + pad + 8, ctx);

  return md5_read_ctx (ctx, resbuf);

}

void

md5_process_bytes (const void *buffer, size_t len, struct md5_ctx *ctx)

{

  /* When we already have some bits in our internal buffer concatenate

     both inputs first.  */

  if (ctx->buflen != 0)

    {

      uint32_t left_over = ctx->buflen;

      uint32_t add = 128 - left_over > len ? (uint32_t)len : 128 - left_over;

      memcpy (&ctx->buffer[left_over], buffer, add);

      ctx->buflen += add;

      if (ctx->buflen > 64)

        {

          md5_process_block (ctx->buffer, ctx->buflen & ~63u, ctx);

          ctx->buflen &= 63;

          /* The regions in the following copy operation cannot overlap.  */

          memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~63u],

                  ctx->buflen);

        }

      buffer = (const char *) buffer + add;

      len -= add;

    }

  /* Process available complete blocks.  */

  if (len > 64)

    {

      md5_process_block (buffer, len & ~63u, ctx);

      buffer = (const char *) buffer + (len & ~63u);

      len &= 63;

    }

  /* Move remaining bytes in internal buffer.  */

  if (len > 0)

    {

      uint32_t left_over = ctx->buflen;

      memcpy (&ctx->buffer[left_over], buffer, len);

      left_over += (uint32_t)len;

      if (left_over >= 64)

        {

          md5_process_block (ctx->buffer, 64, ctx);

          left_over -= 64;

          memcpy (ctx->buffer, &ctx->buffer[64], left_over);

        }

      ctx->buflen = left_over;

    }

}

/* These are the four functions used in the four steps of the MD5 algorithm

   and defined in the RFC 1321.  The first function is a little bit optimized

   (as found in Colin Plumbs public domain implementation).  */

/* #define FF(b, c, d) ((b & c) | (~b & d)) */

#define FF(b, c, d) (d ^ (b & (c ^ d)))

#define FG(b, c, d) FF (d, b, c)

#define FH(b, c, d) (b ^ c ^ d)

#define FI(b, c, d) (c ^ (b | ~d))

/* Process LEN bytes of BUFFER, accumulating context into CTX.

   It is assumed that LEN % 64 == 0.  */

static void

md5_process_block (const void *buffer, size_t len, struct md5_ctx *ctx)

{

  const unsigned char *p = buffer;

  const unsigned char *endp = p + len;

  uint32_t A = ctx->A;

  uint32_t B = ctx->B;

  uint32_t C = ctx->C;

  uint32_t D = ctx->D;

  /* First increment the byte count.  RFC 1321 specifies the possible

     length of the file up to 2^64 bits.  Here we only compute the

     number of bytes.  */

  ctx->total += len;

  /* Process all bytes in the buffer with 64 bytes in each round of

     the loop.  */

  while (p < endp)

    {

      uint32_t *cwp = ctx->correct_words;

      uint32_t A_save = A;

      uint32_t B_save = B;

      uint32_t C_save = C;

      uint32_t D_save = D;

      /* First round: using the given function, the context and a constant

         the next context is computed.  Because the algorithms processing

         unit is a 32-bit word and it is determined to work on words in

         little endian byte order we perhaps have to change the byte order

         before the computation.  To reduce the work for the next steps

         we store the swapped words in the array CORRECT_WORDS.  */

#define OP(a, b, c, d, s, T)                                            \

      do                                                                \

        {                                                               \

          uint32_t word = le32_to_cpu (p);                              \

          p += 4;                                                       \

          *cwp++ = word;                                                \

          a += FF (b, c, d) + word + T;                                 \

          CYCLIC (a, s);                                                \

          a += b;                                                       \

        }                                                               \

      while (0)

      /* It is unfortunate that C does not provide an operator for

         cyclic rotation.  Hope the C compiler is smart enough.  */

#define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s)))

      /* Before we start, one word to the strange constants.

         They are defined in RFC 1321 as

         T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64

       */

      /* Round 1.  */

      OP (A, B, C, D,  7, 0xd76aa478);

      OP (D, A, B, C, 12, 0xe8c7b756);

      OP (C, D, A, B, 17, 0x242070db);

      OP (B, C, D, A, 22, 0xc1bdceee);

      OP (A, B, C, D,  7, 0xf57c0faf);

      OP (D, A, B, C, 12, 0x4787c62a);

      OP (C, D, A, B, 17, 0xa8304613);

      OP (B, C, D, A, 22, 0xfd469501);

      OP (A, B, C, D,  7, 0x698098d8);

      OP (D, A, B, C, 12, 0x8b44f7af);

      OP (C, D, A, B, 17, 0xffff5bb1);

      OP (B, C, D, A, 22, 0x895cd7be);

      OP (A, B, C, D,  7, 0x6b901122);

      OP (D, A, B, C, 12, 0xfd987193);

      OP (C, D, A, B, 17, 0xa679438e);

      OP (B, C, D, A, 22, 0x49b40821);

      /* For the second to fourth round we have the possibly swapped words

         in CORRECT_WORDS.  Redefine the macro to take an additional first

         argument specifying the function to use.  */

#undef OP

#define OP(f, a, b, c, d, k, s, T)                                      \

      do                                                                \

        {                                                               \

          a += f (b, c, d) + ctx->correct_words[k] + T;                 \

          CYCLIC (a, s);                                                \

          a += b;                                                       \

        }                                                               \

      while (0)

      /* Round 2.  */

      OP (FG, A, B, C, D,  1,  5, 0xf61e2562);

      OP (FG, D, A, B, C,  6,  9, 0xc040b340);

      OP (FG, C, D, A, B, 11, 14, 0x265e5a51);

      OP (FG, B, C, D, A,  0, 20, 0xe9b6c7aa);

      OP (FG, A, B, C, D,  5,  5, 0xd62f105d);

      OP (FG, D, A, B, C, 10,  9, 0x02441453);

      OP (FG, C, D, A, B, 15, 14, 0xd8a1e681);

      OP (FG, B, C, D, A,  4, 20, 0xe7d3fbc8);

      OP (FG, A, B, C, D,  9,  5, 0x21e1cde6);

      OP (FG, D, A, B, C, 14,  9, 0xc33707d6);

      OP (FG, C, D, A, B,  3, 14, 0xf4d50d87);

      OP (FG, B, C, D, A,  8, 20, 0x455a14ed);

      OP (FG, A, B, C, D, 13,  5, 0xa9e3e905);

      OP (FG, D, A, B, C,  2,  9, 0xfcefa3f8);

      OP (FG, C, D, A, B,  7, 14, 0x676f02d9);

      OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a);

      /* Round 3.  */

      OP (FH, A, B, C, D,  5,  4, 0xfffa3942);

      OP (FH, D, A, B, C,  8, 11, 0x8771f681);

      OP (FH, C, D, A, B, 11, 16, 0x6d9d6122);

      OP (FH, B, C, D, A, 14, 23, 0xfde5380c);

      OP (FH, A, B, C, D,  1,  4, 0xa4beea44);

      OP (FH, D, A, B, C,  4, 11, 0x4bdecfa9);

      OP (FH, C, D, A, B,  7, 16, 0xf6bb4b60);

      OP (FH, B, C, D, A, 10, 23, 0xbebfbc70);

      OP (FH, A, B, C, D, 13,  4, 0x289b7ec6);

      OP (FH, D, A, B, C,  0, 11, 0xeaa127fa);

      OP (FH, C, D, A, B,  3, 16, 0xd4ef3085);

      OP (FH, B, C, D, A,  6, 23, 0x04881d05);

      OP (FH, A, B, C, D,  9,  4, 0xd9d4d039);

      OP (FH, D, A, B, C, 12, 11, 0xe6db99e5);

      OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8);

      OP (FH, B, C, D, A,  2, 23, 0xc4ac5665);

      /* Round 4.  */

      OP (FI, A, B, C, D,  0,  6, 0xf4292244);

      OP (FI, D, A, B, C,  7, 10, 0x432aff97);

      OP (FI, C, D, A, B, 14, 15, 0xab9423a7);

      OP (FI, B, C, D, A,  5, 21, 0xfc93a039);

      OP (FI, A, B, C, D, 12,  6, 0x655b59c3);

      OP (FI, D, A, B, C,  3, 10, 0x8f0ccc92);

      OP (FI, C, D, A, B, 10, 15, 0xffeff47d);

      OP (FI, B, C, D, A,  1, 21, 0x85845dd1);

      OP (FI, A, B, C, D,  8,  6, 0x6fa87e4f);

      OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0);

      OP (FI, C, D, A, B,  6, 15, 0xa3014314);

      OP (FI, B, C, D, A, 13, 21, 0x4e0811a1);

      OP (FI, A, B, C, D,  4,  6, 0xf7537e82);

      OP (FI, D, A, B, C, 11, 10, 0xbd3af235);

      OP (FI, C, D, A, B,  2, 15, 0x2ad7d2bb);

      OP (FI, B, C, D, A,  9, 21, 0xeb86d391);

      /* Add the starting values of the context.  */

      A += A_save;

      B += B_save;

      C += C_save;

      D += D_save;

    }

  /* Put checksum in context given as argument.  */

  ctx->A = A;

  ctx->B = B;

  ctx->C = C;

  ctx->D = D;

}

#endif