• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2024 The ChromiumOS Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 // Simple implementation of MD5 based heavily around the pseudocode in the
6 // Wikipedia article on this topic: https://en.wikipedia.org/wiki/MD5
7 
8 // The Wikipedia article pseudocode is not idiomatic Rust. To keep the variables
9 // as closely matched to the pseudocode some of the warning are turned off.
10 #![allow(non_snake_case)]
11 #![allow(non_upper_case_globals)]
12 const shift_amounts: [u8; 64] = [
13     7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22, 5, 9, 14, 20, 5, 9, 14, 20, 5, 9,
14     14, 20, 5, 9, 14, 20, 4, 11, 16, 23, 4, 11, 16, 23, 4, 11, 16, 23, 4, 11, 16, 23, 6, 10, 15,
15     21, 6, 10, 15, 21, 6, 10, 15, 21, 6, 10, 15, 21,
16 ];
17 
18 const K: [u32; 64] = [
19     0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
20     0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be, 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
21     0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa, 0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8,
22     0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed, 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
23     0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c, 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
24     0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x04881d05, 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
25     0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039, 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
26     0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1, 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391,
27 ];
28 
29 const init_a: u32 = 0x67452301;
30 const init_b: u32 = 0xefcdab89;
31 const init_c: u32 = 0x98badcfe;
32 const init_d: u32 = 0x10325476;
33 
bytes_to_words(chunk: &[u8]) -> Vec<u32>34 fn bytes_to_words(chunk: &[u8]) -> Vec<u32> {
35     assert_eq!(chunk.len() % 4, 0);
36     let mut ret: Vec<u32> = vec![0; chunk.len() / 4];
37     for i in 0..chunk.len() {
38         ret[i / 4] |= u32::from(chunk[i]) << ((i % 4) * 8);
39     }
40 
41     ret
42 }
43 
left_rotate(x: u32, n: u8) -> u3244 fn left_rotate(x: u32, n: u8) -> u32 {
45     (x << n) | (x >> (32 - n))
46 }
47 
little_to_big_endian(x: u32) -> u3248 fn little_to_big_endian(x: u32) -> u32 {
49     ((x >> 24) & 0x000000FF)
50         | ((x >> 8) & 0x0000FF00)
51         | ((x << 8) & 0x00FF0000)
52         | ((x << 24) & 0xFF000000)
53 }
54 
55 #[allow(unused_comparisons)]
process_chunk(byte_chunk: &[u8], a0: u32, b0: u32, c0: u32, d0: u32) -> (u32, u32, u32, u32)56 fn process_chunk(byte_chunk: &[u8], a0: u32, b0: u32, c0: u32, d0: u32) -> (u32, u32, u32, u32) {
57     assert_eq!(byte_chunk.len(), 64);
58 
59     let mut A = a0;
60     let mut B = b0;
61     let mut C = c0;
62     let mut D = d0;
63 
64     let chunk = bytes_to_words(byte_chunk);
65 
66     for i in 0..64 {
67         let mut F: u32 = 0;
68         let mut g: usize = 0;
69         if (0..=15).contains(&i) {
70             F = (B & C) | ((!B) & D);
71             g = i
72         } else if (16..=31).contains(&i) {
73             F = (D & B) | ((!D) & C);
74             g = (5 * i + 1) % 16;
75         } else if (32..=47).contains(&i) {
76             F = B ^ C ^ D;
77             g = (3 * i + 5) % 16;
78         } else if (48..=63).contains(&i) {
79             F = C ^ (B | (!D));
80             g = (7 * i) % 16;
81         }
82         F = F.wrapping_add(A).wrapping_add(K[i]).wrapping_add(chunk[g]);
83         A = D;
84         D = C;
85         C = B;
86         B = B.wrapping_add(left_rotate(F, shift_amounts[i]));
87     }
88 
89     (a0.wrapping_add(A), b0.wrapping_add(B), c0.wrapping_add(C), d0.wrapping_add(D))
90 }
91 
pad(input: &[u8], len_already_processed: u64) -> Vec<u8>92 fn pad(input: &[u8], len_already_processed: u64) -> Vec<u8> {
93     let orig_len = (input.len() as u64).wrapping_mul(8).wrapping_add(len_already_processed);
94     let mut ret = input.to_vec();
95 
96     ret.push(0x80);
97     while (ret.len() % 64) != 56 {
98         ret.push(0x00);
99     }
100 
101     ret.push((orig_len & 0xFF) as u8);
102     ret.push(((orig_len >> 8) & 0xFF) as u8);
103     ret.push(((orig_len >> 16) & 0xFF) as u8);
104     ret.push(((orig_len >> 24) & 0xFF) as u8);
105     ret.push(((orig_len >> 32) & 0xFF) as u8);
106     ret.push(((orig_len >> 40) & 0xFF) as u8);
107     ret.push(((orig_len >> 48) & 0xFF) as u8);
108     ret.push(((orig_len >> 56) & 0xFF) as u8);
109 
110     ret
111 }
112 
md5_digest_padded( padded_input: &[u8], mut A: u32, mut B: u32, mut C: u32, mut D: u32, ) -> String113 fn md5_digest_padded(
114     padded_input: &[u8],
115     mut A: u32,
116     mut B: u32,
117     mut C: u32,
118     mut D: u32,
119 ) -> String {
120     assert_eq!(padded_input.len() % 64, 0);
121 
122     for i in 0..(padded_input.len() / 64) {
123         (A, B, C, D) = process_chunk(&padded_input[(i * 64)..((i + 1) * 64)], A, B, C, D);
124     }
125 
126     // The final hash should just be bytes, not little endian words.
127     A = little_to_big_endian(A);
128     B = little_to_big_endian(B);
129     C = little_to_big_endian(C);
130     D = little_to_big_endian(D);
131 
132     format!("{:08x}{:08x}{:08x}{:08x}", A, B, C, D)
133 }
134 
md5_digest(input: &[u8]) -> String135 pub fn md5_digest(input: &[u8]) -> String {
136     let padded_input = pad(input, 0);
137     md5_digest_padded(&padded_input, init_a, init_b, init_c, init_d)
138 }
139 
140 pub struct MD5Context {
141     A: u32,
142     B: u32,
143     C: u32,
144     D: u32,
145     len_already_processed: u64,
146     buffer: Vec<u8>,
147 }
148 
149 impl MD5Context {
new() -> Self150     pub fn new() -> Self {
151         Self {
152             A: init_a,
153             B: init_b,
154             C: init_c,
155             D: init_d,
156             len_already_processed: 0,
157             buffer: Vec::new(),
158         }
159     }
160 
consume(&mut self, input: &[u8])161     pub fn consume(&mut self, input: &[u8]) {
162         self.buffer.append(&mut input.to_vec());
163         while self.buffer.len() >= 64 {
164             (self.A, self.B, self.C, self.D) =
165                 process_chunk(&self.buffer[0..64], self.A, self.B, self.C, self.D);
166             self.len_already_processed = self.len_already_processed.wrapping_add(64 * 8);
167             self.buffer.drain(0..64);
168         }
169     }
170 
flush(&mut self) -> String171     pub fn flush(&mut self) -> String {
172         let padded_buffer = pad(&self.buffer[..], self.len_already_processed);
173         let ret = md5_digest_padded(&padded_buffer, self.A, self.B, self.C, self.D);
174         *self = Self::new();
175         ret
176     }
177 }
178 
179 #[cfg(test)]
180 mod tests {
181     use super::md5_digest;
182 
183     #[test]
digest_simple_strings()184     fn digest_simple_strings() {
185         assert_eq!(md5_digest("".as_bytes()), "d41d8cd98f00b204e9800998ecf8427e");
186         assert_eq!(
187             md5_digest("The quick brown fox jumps over the lazy dog".as_bytes()),
188             "9e107d9d372bb6826bd81d3542a419d6"
189         );
190         assert_eq!(
191             md5_digest("The quick brown fox jumps over the lazy dog.".as_bytes()),
192             "e4d909c290d0fb1ca068ffaddf22cbd0"
193         );
194     }
195 }
196