1// Copyright 2009 The Go Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5//go:generate go run gen.go -output md5block.go 6 7// Package md5 implements the MD5 hash algorithm as defined in RFC 1321. 8// 9// MD5 is cryptographically broken and should not be used for secure 10// applications. 11package md5 12 13import ( 14 "crypto" 15 "errors" 16 "hash" 17 "internal/byteorder" 18) 19 20func init() { 21 crypto.RegisterHash(crypto.MD5, New) 22} 23 24// The size of an MD5 checksum in bytes. 25const Size = 16 26 27// The blocksize of MD5 in bytes. 28const BlockSize = 64 29 30const ( 31 init0 = 0x67452301 32 init1 = 0xEFCDAB89 33 init2 = 0x98BADCFE 34 init3 = 0x10325476 35) 36 37// digest represents the partial evaluation of a checksum. 38type digest struct { 39 s [4]uint32 40 x [BlockSize]byte 41 nx int 42 len uint64 43} 44 45func (d *digest) Reset() { 46 d.s[0] = init0 47 d.s[1] = init1 48 d.s[2] = init2 49 d.s[3] = init3 50 d.nx = 0 51 d.len = 0 52} 53 54const ( 55 magic = "md5\x01" 56 marshaledSize = len(magic) + 4*4 + BlockSize + 8 57) 58 59func (d *digest) MarshalBinary() ([]byte, error) { 60 b := make([]byte, 0, marshaledSize) 61 b = append(b, magic...) 62 b = byteorder.BeAppendUint32(b, d.s[0]) 63 b = byteorder.BeAppendUint32(b, d.s[1]) 64 b = byteorder.BeAppendUint32(b, d.s[2]) 65 b = byteorder.BeAppendUint32(b, d.s[3]) 66 b = append(b, d.x[:d.nx]...) 67 b = b[:len(b)+len(d.x)-d.nx] // already zero 68 b = byteorder.BeAppendUint64(b, d.len) 69 return b, nil 70} 71 72func (d *digest) UnmarshalBinary(b []byte) error { 73 if len(b) < len(magic) || string(b[:len(magic)]) != magic { 74 return errors.New("crypto/md5: invalid hash state identifier") 75 } 76 if len(b) != marshaledSize { 77 return errors.New("crypto/md5: invalid hash state size") 78 } 79 b = b[len(magic):] 80 b, d.s[0] = consumeUint32(b) 81 b, d.s[1] = consumeUint32(b) 82 b, d.s[2] = consumeUint32(b) 83 b, d.s[3] = consumeUint32(b) 84 b = b[copy(d.x[:], b):] 85 b, d.len = consumeUint64(b) 86 d.nx = int(d.len % BlockSize) 87 return nil 88} 89 90func consumeUint64(b []byte) ([]byte, uint64) { 91 return b[8:], byteorder.BeUint64(b[0:8]) 92} 93 94func consumeUint32(b []byte) ([]byte, uint32) { 95 return b[4:], byteorder.BeUint32(b[0:4]) 96} 97 98// New returns a new hash.Hash computing the MD5 checksum. The Hash also 99// implements [encoding.BinaryMarshaler] and [encoding.BinaryUnmarshaler] to 100// marshal and unmarshal the internal state of the hash. 101func New() hash.Hash { 102 d := new(digest) 103 d.Reset() 104 return d 105} 106 107func (d *digest) Size() int { return Size } 108 109func (d *digest) BlockSize() int { return BlockSize } 110 111func (d *digest) Write(p []byte) (nn int, err error) { 112 // Note that we currently call block or blockGeneric 113 // directly (guarded using haveAsm) because this allows 114 // escape analysis to see that p and d don't escape. 115 nn = len(p) 116 d.len += uint64(nn) 117 if d.nx > 0 { 118 n := copy(d.x[d.nx:], p) 119 d.nx += n 120 if d.nx == BlockSize { 121 if haveAsm { 122 block(d, d.x[:]) 123 } else { 124 blockGeneric(d, d.x[:]) 125 } 126 d.nx = 0 127 } 128 p = p[n:] 129 } 130 if len(p) >= BlockSize { 131 n := len(p) &^ (BlockSize - 1) 132 if haveAsm { 133 block(d, p[:n]) 134 } else { 135 blockGeneric(d, p[:n]) 136 } 137 p = p[n:] 138 } 139 if len(p) > 0 { 140 d.nx = copy(d.x[:], p) 141 } 142 return 143} 144 145func (d *digest) Sum(in []byte) []byte { 146 // Make a copy of d so that caller can keep writing and summing. 147 d0 := *d 148 hash := d0.checkSum() 149 return append(in, hash[:]...) 150} 151 152func (d *digest) checkSum() [Size]byte { 153 // Append 0x80 to the end of the message and then append zeros 154 // until the length is a multiple of 56 bytes. Finally append 155 // 8 bytes representing the message length in bits. 156 // 157 // 1 byte end marker :: 0-63 padding bytes :: 8 byte length 158 tmp := [1 + 63 + 8]byte{0x80} 159 pad := (55 - d.len) % 64 // calculate number of padding bytes 160 byteorder.LePutUint64(tmp[1+pad:], d.len<<3) // append length in bits 161 d.Write(tmp[:1+pad+8]) 162 163 // The previous write ensures that a whole number of 164 // blocks (i.e. a multiple of 64 bytes) have been hashed. 165 if d.nx != 0 { 166 panic("d.nx != 0") 167 } 168 169 var digest [Size]byte 170 byteorder.LePutUint32(digest[0:], d.s[0]) 171 byteorder.LePutUint32(digest[4:], d.s[1]) 172 byteorder.LePutUint32(digest[8:], d.s[2]) 173 byteorder.LePutUint32(digest[12:], d.s[3]) 174 return digest 175} 176 177// Sum returns the MD5 checksum of the data. 178func Sum(data []byte) [Size]byte { 179 var d digest 180 d.Reset() 181 d.Write(data) 182 return d.checkSum() 183} 184