1/* md5.c - Functions to compute MD5 message digest of files or memory blocks
2   according to the definition of MD5 in RFC 1321 from April 1992.
3   Copyright (C) 1995, 1996 Free Software Foundation, Inc.
4   This file is part of the GNU C library.
5
6   The GNU C Library is free software; you can redistribute it and/or
7   modify it under the terms of the GNU Library General Public License as
8   published by the Free Software Foundation; either version 2 of the
9   License, or (at your option) any later version.
10
11   The GNU C Library is distributed in the hope that it will be useful,
12   but WITHOUT ANY WARRANTY; without even the implied warranty of
13   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14   Library General Public License for more details.
15
16   You should have received a copy of the GNU Library General Public
17   License along with the GNU C Library; see the file COPYING.LIB.  If not,
18   write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
19   Boston, MA 02111-1307, USA.  */
20
21/* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995.  */
22
23#ifdef HAVE_CONFIG_H
24# include <config.h>
25#endif
26
27#ifdef USE_MD5
28
29#include <stdlib.h>
30#ifdef HAVE_STRING_H
31# include <string.h>
32#else
33# include <strings.h>
34#endif
35
36#include "md5.h"
37
38#ifdef _LIBC
39# include <endian.h>
40# if __BYTE_ORDER == __BIG_ENDIAN
41#  define WORDS_BIGENDIAN 1
42# endif
43#endif
44
45#if defined(WORDS_BIGENDIAN) || defined(_BIG_ENDIAN)
46# define SWAP(n)							\
47    (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
48#else
49# define SWAP(n) (n)
50#endif
51
52
53/* This array contains the bytes used to pad the buffer to the next
54   64-byte boundary.  (RFC 1321, 3.1: Step 1)  */
55static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ...  */ };
56
57
58/* Initialize structure containing state of computation.
59   (RFC 1321, 3.3: Step 3)  */
60void
61md5_init_ctx (struct md5_ctx *ctx)
62{
63  ctx->A = 0x67452301;
64  ctx->B = 0xefcdab89;
65  ctx->C = 0x98badcfe;
66  ctx->D = 0x10325476;
67
68  ctx->total[0] = ctx->total[1] = 0;
69  ctx->buflen = 0;
70}
71
72/* Put result from CTX in first 16 bytes following RESBUF.  The result
73   must be in little endian byte order.
74
75   IMPORTANT: On some systems it is required that RESBUF is correctly
76   aligned for a 32 bits value.  */
77void *
78md5_read_ctx (const struct md5_ctx *ctx, void *resbuf)
79{
80  ((md5_uint32 *) resbuf)[0] = SWAP (ctx->A);
81  ((md5_uint32 *) resbuf)[1] = SWAP (ctx->B);
82  ((md5_uint32 *) resbuf)[2] = SWAP (ctx->C);
83  ((md5_uint32 *) resbuf)[3] = SWAP (ctx->D);
84
85  return resbuf;
86}
87
88/* Process the remaining bytes in the internal buffer and the usual
89   prolog according to the standard and write the result to RESBUF.
90
91   IMPORTANT: On some systems it is required that RESBUF is correctly
92   aligned for a 32 bits value.  */
93void *
94md5_finish_ctx (struct md5_ctx *ctx, void *resbuf)
95{
96  /* Take yet unprocessed bytes into account.  */
97  md5_uint32 bytes = ctx->buflen;
98  size_t pad;
99
100  /* Now count remaining bytes.  */
101  ctx->total[0] += bytes;
102  if (ctx->total[0] < bytes)
103    ++ctx->total[1];
104
105  pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes;
106  memcpy (&ctx->buffer[bytes], fillbuf, pad);
107
108  /* Put the 64-bit file length in *bits* at the end of the buffer.  */
109  *(md5_uint32 *) &ctx->buffer[bytes + pad] = SWAP (ctx->total[0] << 3);
110  *(md5_uint32 *) &ctx->buffer[bytes + pad + 4] = SWAP ((ctx->total[1] << 3) |
111							(ctx->total[0] >> 29));
112
113  /* Process last bytes.  */
114  md5_process_block (ctx->buffer, bytes + pad + 8, ctx);
115
116  return md5_read_ctx (ctx, resbuf);
117}
118
119/* Compute MD5 message digest for bytes read from STREAM.  The
120   resulting message digest number will be written into the 16 bytes
121   beginning at RESBLOCK.  */
122int
123md5_stream (FILE *stream, void *resblock)
124{
125  /* Important: BLOCKSIZE must be a multiple of 64.  */
126#define BLOCKSIZE 4096
127  struct md5_ctx ctx;
128  char buffer[BLOCKSIZE + 72];
129  size_t sum;
130
131  /* Initialize the computation context.  */
132  md5_init_ctx (&ctx);
133
134  /* Iterate over full file contents.  */
135  while (1)
136    {
137      /* We read the file in blocks of BLOCKSIZE bytes.  One call of the
138	 computation function processes the whole buffer so that with the
139	 next round of the loop another block can be read.  */
140      size_t n;
141      sum = 0;
142
143      /* Read block.  Take care for partial reads.  */
144      do
145	{
146	  n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
147
148	  sum += n;
149	}
150      while (sum < BLOCKSIZE && n != 0);
151      if (n == 0 && ferror (stream))
152        return 1;
153
154      /* If end of file is reached, end the loop.  */
155      if (n == 0)
156	break;
157
158      /* Process buffer with BLOCKSIZE bytes.  Note that
159			BLOCKSIZE % 64 == 0
160       */
161      md5_process_block (buffer, BLOCKSIZE, &ctx);
162    }
163
164  /* Add the last bytes if necessary.  */
165  if (sum > 0)
166    md5_process_bytes (buffer, sum, &ctx);
167
168  /* Construct result in desired memory.  */
169  md5_finish_ctx (&ctx, resblock);
170  return 0;
171}
172
173/* Compute MD5 message digest for LEN bytes beginning at BUFFER.  The
174   result is always in little endian byte order, so that a byte-wise
175   output yields to the wanted ASCII representation of the message
176   digest.  */
177void *
178md5_buffer (const char *buffer, size_t len, void *resblock)
179{
180  struct md5_ctx ctx;
181
182  /* Initialize the computation context.  */
183  md5_init_ctx (&ctx);
184
185  /* Process whole buffer but last len % 64 bytes.  */
186  md5_process_bytes (buffer, len, &ctx);
187
188  /* Put result in desired memory area.  */
189  return md5_finish_ctx (&ctx, resblock);
190}
191
192
193void
194md5_process_bytes (const void *buffer, size_t len, struct md5_ctx *ctx)
195{
196  /* When we already have some bits in our internal buffer concatenate
197     both inputs first.  */
198  if (ctx->buflen != 0)
199    {
200      size_t left_over = ctx->buflen;
201      size_t add = 128 - left_over > len ? len : 128 - left_over;
202
203      memcpy (&ctx->buffer[left_over], buffer, add);
204      ctx->buflen += add;
205
206      if (left_over + add > 64)
207	{
208	  md5_process_block (ctx->buffer, (left_over + add) & ~63, ctx);
209	  /* The regions in the following copy operation cannot overlap.  */
210	  memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~63],
211		  (left_over + add) & 63);
212	  ctx->buflen = (left_over + add) & 63;
213	}
214
215      buffer = (const char *) buffer + add;
216      len -= add;
217    }
218
219  /* Process available complete blocks.  */
220  if (len > 64)
221    {
222      md5_process_block (buffer, len & ~63, ctx);
223      buffer = (const char *) buffer + (len & ~63);
224      len &= 63;
225    }
226
227  /* Move remaining bytes in internal buffer.  */
228  if (len > 0)
229    {
230      memcpy (ctx->buffer, buffer, len);
231      ctx->buflen = len;
232    }
233}
234
235
236/* These are the four functions used in the four steps of the MD5 algorithm
237   and defined in the RFC 1321.  The first function is a little bit optimized
238   (as found in Colin Plumbs public domain implementation).  */
239/* #define FF(b, c, d) ((b & c) | (~b & d)) */
240#define FF(b, c, d) (d ^ (b & (c ^ d)))
241#define FG(b, c, d) FF (d, b, c)
242#define FH(b, c, d) (b ^ c ^ d)
243#define FI(b, c, d) (c ^ (b | ~d))
244
245/* Process LEN bytes of BUFFER, accumulating context into CTX.
246   It is assumed that LEN % 64 == 0.  */
247
248void
249md5_process_block (const void *buffer, size_t len, struct md5_ctx *ctx)
250{
251  md5_uint32 correct_words[16];
252  const md5_uint32 *words = buffer;
253  size_t nwords = len / sizeof (md5_uint32);
254  const md5_uint32 *endp = words + nwords;
255  md5_uint32 A = ctx->A;
256  md5_uint32 B = ctx->B;
257  md5_uint32 C = ctx->C;
258  md5_uint32 D = ctx->D;
259
260  /* First increment the byte count.  RFC 1321 specifies the possible
261     length of the file up to 2^64 bits.  Here we only compute the
262     number of bytes.  Do a double word increment.  */
263  ctx->total[0] += len;
264  if (ctx->total[0] < len)
265    ++ctx->total[1];
266
267  /* Process all bytes in the buffer with 64 bytes in each round of
268     the loop.  */
269  while (words < endp)
270    {
271      md5_uint32 *cwp = correct_words;
272      md5_uint32 A_save = A;
273      md5_uint32 B_save = B;
274      md5_uint32 C_save = C;
275      md5_uint32 D_save = D;
276
277      /* First round: using the given function, the context and a constant
278	 the next context is computed.  Because the algorithms processing
279	 unit is a 32-bit word and it is determined to work on words in
280	 little endian byte order we perhaps have to change the byte order
281	 before the computation.  To reduce the work for the next steps
282	 we store the swapped words in the array CORRECT_WORDS.  */
283
284#define OP(a, b, c, d, s, T)						\
285      do								\
286        {								\
287	  a += FF (b, c, d) + (*cwp++ = SWAP (*words)) + T;		\
288	  ++words;							\
289	  CYCLIC (a, s);						\
290	  a += b;							\
291        }								\
292      while (0)
293
294      /* It is unfortunate that C does not provide an operator for
295	 cyclic rotation.  Hope the C compiler is smart enough.  */
296#define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s)))
297
298      /* Before we start, one word to the strange constants.
299	 They are defined in RFC 1321 as
300
301	 T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64
302       */
303
304      /* Round 1.  */
305      OP (A, B, C, D,  7, 0xd76aa478);
306      OP (D, A, B, C, 12, 0xe8c7b756);
307      OP (C, D, A, B, 17, 0x242070db);
308      OP (B, C, D, A, 22, 0xc1bdceee);
309      OP (A, B, C, D,  7, 0xf57c0faf);
310      OP (D, A, B, C, 12, 0x4787c62a);
311      OP (C, D, A, B, 17, 0xa8304613);
312      OP (B, C, D, A, 22, 0xfd469501);
313      OP (A, B, C, D,  7, 0x698098d8);
314      OP (D, A, B, C, 12, 0x8b44f7af);
315      OP (C, D, A, B, 17, 0xffff5bb1);
316      OP (B, C, D, A, 22, 0x895cd7be);
317      OP (A, B, C, D,  7, 0x6b901122);
318      OP (D, A, B, C, 12, 0xfd987193);
319      OP (C, D, A, B, 17, 0xa679438e);
320      OP (B, C, D, A, 22, 0x49b40821);
321
322      /* For the second to fourth round we have the possibly swapped words
323	 in CORRECT_WORDS.  Redefine the macro to take an additional first
324	 argument specifying the function to use.  */
325#undef OP
326#define OP(f, a, b, c, d, k, s, T)					\
327      do 								\
328	{								\
329	  a += f (b, c, d) + correct_words[k] + T;			\
330	  CYCLIC (a, s);						\
331	  a += b;							\
332	}								\
333      while (0)
334
335      /* Round 2.  */
336      OP (FG, A, B, C, D,  1,  5, 0xf61e2562);
337      OP (FG, D, A, B, C,  6,  9, 0xc040b340);
338      OP (FG, C, D, A, B, 11, 14, 0x265e5a51);
339      OP (FG, B, C, D, A,  0, 20, 0xe9b6c7aa);
340      OP (FG, A, B, C, D,  5,  5, 0xd62f105d);
341      OP (FG, D, A, B, C, 10,  9, 0x02441453);
342      OP (FG, C, D, A, B, 15, 14, 0xd8a1e681);
343      OP (FG, B, C, D, A,  4, 20, 0xe7d3fbc8);
344      OP (FG, A, B, C, D,  9,  5, 0x21e1cde6);
345      OP (FG, D, A, B, C, 14,  9, 0xc33707d6);
346      OP (FG, C, D, A, B,  3, 14, 0xf4d50d87);
347      OP (FG, B, C, D, A,  8, 20, 0x455a14ed);
348      OP (FG, A, B, C, D, 13,  5, 0xa9e3e905);
349      OP (FG, D, A, B, C,  2,  9, 0xfcefa3f8);
350      OP (FG, C, D, A, B,  7, 14, 0x676f02d9);
351      OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a);
352
353      /* Round 3.  */
354      OP (FH, A, B, C, D,  5,  4, 0xfffa3942);
355      OP (FH, D, A, B, C,  8, 11, 0x8771f681);
356      OP (FH, C, D, A, B, 11, 16, 0x6d9d6122);
357      OP (FH, B, C, D, A, 14, 23, 0xfde5380c);
358      OP (FH, A, B, C, D,  1,  4, 0xa4beea44);
359      OP (FH, D, A, B, C,  4, 11, 0x4bdecfa9);
360      OP (FH, C, D, A, B,  7, 16, 0xf6bb4b60);
361      OP (FH, B, C, D, A, 10, 23, 0xbebfbc70);
362      OP (FH, A, B, C, D, 13,  4, 0x289b7ec6);
363      OP (FH, D, A, B, C,  0, 11, 0xeaa127fa);
364      OP (FH, C, D, A, B,  3, 16, 0xd4ef3085);
365      OP (FH, B, C, D, A,  6, 23, 0x04881d05);
366      OP (FH, A, B, C, D,  9,  4, 0xd9d4d039);
367      OP (FH, D, A, B, C, 12, 11, 0xe6db99e5);
368      OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8);
369      OP (FH, B, C, D, A,  2, 23, 0xc4ac5665);
370
371      /* Round 4.  */
372      OP (FI, A, B, C, D,  0,  6, 0xf4292244);
373      OP (FI, D, A, B, C,  7, 10, 0x432aff97);
374      OP (FI, C, D, A, B, 14, 15, 0xab9423a7);
375      OP (FI, B, C, D, A,  5, 21, 0xfc93a039);
376      OP (FI, A, B, C, D, 12,  6, 0x655b59c3);
377      OP (FI, D, A, B, C,  3, 10, 0x8f0ccc92);
378      OP (FI, C, D, A, B, 10, 15, 0xffeff47d);
379      OP (FI, B, C, D, A,  1, 21, 0x85845dd1);
380      OP (FI, A, B, C, D,  8,  6, 0x6fa87e4f);
381      OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0);
382      OP (FI, C, D, A, B,  6, 15, 0xa3014314);
383      OP (FI, B, C, D, A, 13, 21, 0x4e0811a1);
384      OP (FI, A, B, C, D,  4,  6, 0xf7537e82);
385      OP (FI, D, A, B, C, 11, 10, 0xbd3af235);
386      OP (FI, C, D, A, B,  2, 15, 0x2ad7d2bb);
387      OP (FI, B, C, D, A,  9, 21, 0xeb86d391);
388
389      /* Add the starting values of the context.  */
390      A += A_save;
391      B += B_save;
392      C += C_save;
393      D += D_save;
394    }
395
396  /* Put checksum in context given as argument.  */
397  ctx->A = A;
398  ctx->B = B;
399  ctx->C = C;
400  ctx->D = D;
401}
402#endif
403