1169695Skan/* md5.c - Functions to compute MD5 message digest of files or memory blocks 2169695Skan according to the definition of MD5 in RFC 1321 from April 1992. 3169695Skan Copyright (C) 1995, 1996 Free Software Foundation, Inc. 4169695Skan 5169695Skan NOTE: This source is derived from an old version taken from the GNU C 6169695Skan Library (glibc). 7169695Skan 8169695Skan This program is free software; you can redistribute it and/or modify it 9169695Skan under the terms of the GNU General Public License as published by the 10169695Skan Free Software Foundation; either version 2, or (at your option) any 11169695Skan later version. 12169695Skan 13169695Skan This program is distributed in the hope that it will be useful, 14169695Skan but WITHOUT ANY WARRANTY; without even the implied warranty of 15169695Skan MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16169695Skan GNU General Public License for more details. 17169695Skan 18169695Skan You should have received a copy of the GNU General Public License 19169695Skan along with this program; if not, write to the Free Software Foundation, 20169695Skan Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ 21169695Skan 22169695Skan/* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995. */ 23169695Skan 24169695Skan#ifdef HAVE_CONFIG_H 25169695Skan# include <config.h> 26169695Skan#endif 27169695Skan 28169695Skan#include <sys/types.h> 29169695Skan 30169695Skan#if STDC_HEADERS || defined _LIBC 31169695Skan# include <stdlib.h> 32169695Skan# include <string.h> 33169695Skan#else 34169695Skan# ifndef HAVE_MEMCPY 35169695Skan# define memcpy(d, s, n) bcopy ((s), (d), (n)) 36169695Skan# endif 37169695Skan#endif 38169695Skan 39169695Skan#include "ansidecl.h" 40169695Skan#include "md5.h" 41169695Skan 42169695Skan#ifdef _LIBC 43169695Skan# include <endian.h> 44169695Skan# if __BYTE_ORDER == __BIG_ENDIAN 45169695Skan# define WORDS_BIGENDIAN 1 46169695Skan# endif 47169695Skan#endif 48169695Skan 49169695Skan#ifdef WORDS_BIGENDIAN 50169695Skan# define SWAP(n) \ 51169695Skan (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24)) 52169695Skan#else 53169695Skan# define SWAP(n) (n) 54169695Skan#endif 55169695Skan 56169695Skan 57169695Skan/* This array contains the bytes used to pad the buffer to the next 58169695Skan 64-byte boundary. (RFC 1321, 3.1: Step 1) */ 59169695Skanstatic const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; 60169695Skan 61169695Skan 62169695Skan/* Initialize structure containing state of computation. 63169695Skan (RFC 1321, 3.3: Step 3) */ 64169695Skanvoid 65169695Skanmd5_init_ctx (struct md5_ctx *ctx) 66169695Skan{ 67169695Skan ctx->A = (md5_uint32) 0x67452301; 68169695Skan ctx->B = (md5_uint32) 0xefcdab89; 69169695Skan ctx->C = (md5_uint32) 0x98badcfe; 70169695Skan ctx->D = (md5_uint32) 0x10325476; 71169695Skan 72169695Skan ctx->total[0] = ctx->total[1] = 0; 73169695Skan ctx->buflen = 0; 74169695Skan} 75169695Skan 76169695Skan/* Put result from CTX in first 16 bytes following RESBUF. The result 77169695Skan must be in little endian byte order. 78169695Skan 79169695Skan IMPORTANT: On some systems it is required that RESBUF is correctly 80169695Skan aligned for a 32 bits value. */ 81169695Skanvoid * 82169695Skanmd5_read_ctx (const struct md5_ctx *ctx, void *resbuf) 83169695Skan{ 84169695Skan ((md5_uint32 *) resbuf)[0] = SWAP (ctx->A); 85169695Skan ((md5_uint32 *) resbuf)[1] = SWAP (ctx->B); 86169695Skan ((md5_uint32 *) resbuf)[2] = SWAP (ctx->C); 87169695Skan ((md5_uint32 *) resbuf)[3] = SWAP (ctx->D); 88169695Skan 89169695Skan return resbuf; 90169695Skan} 91169695Skan 92169695Skan/* Process the remaining bytes in the internal buffer and the usual 93169695Skan prolog according to the standard and write the result to RESBUF. 94169695Skan 95169695Skan IMPORTANT: On some systems it is required that RESBUF is correctly 96169695Skan aligned for a 32 bits value. */ 97169695Skanvoid * 98169695Skanmd5_finish_ctx (struct md5_ctx *ctx, void *resbuf) 99169695Skan{ 100169695Skan /* Take yet unprocessed bytes into account. */ 101169695Skan md5_uint32 bytes = ctx->buflen; 102169695Skan size_t pad; 103169695Skan 104169695Skan /* Now count remaining bytes. */ 105169695Skan ctx->total[0] += bytes; 106169695Skan if (ctx->total[0] < bytes) 107169695Skan ++ctx->total[1]; 108169695Skan 109169695Skan pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes; 110169695Skan memcpy (&ctx->buffer[bytes], fillbuf, pad); 111169695Skan 112169695Skan /* Put the 64-bit file length in *bits* at the end of the buffer. */ 113169695Skan *(md5_uint32 *) &ctx->buffer[bytes + pad] = SWAP (ctx->total[0] << 3); 114169695Skan *(md5_uint32 *) &ctx->buffer[bytes + pad + 4] = SWAP ((ctx->total[1] << 3) | 115169695Skan (ctx->total[0] >> 29)); 116169695Skan 117169695Skan /* Process last bytes. */ 118169695Skan md5_process_block (ctx->buffer, bytes + pad + 8, ctx); 119169695Skan 120169695Skan return md5_read_ctx (ctx, resbuf); 121169695Skan} 122169695Skan 123169695Skan/* Compute MD5 message digest for bytes read from STREAM. The 124169695Skan resulting message digest number will be written into the 16 bytes 125169695Skan beginning at RESBLOCK. */ 126169695Skanint 127169695Skanmd5_stream (FILE *stream, void *resblock) 128169695Skan{ 129169695Skan /* Important: BLOCKSIZE must be a multiple of 64. */ 130169695Skan#define BLOCKSIZE 4096 131169695Skan struct md5_ctx ctx; 132169695Skan char buffer[BLOCKSIZE + 72]; 133169695Skan size_t sum; 134169695Skan 135169695Skan /* Initialize the computation context. */ 136169695Skan md5_init_ctx (&ctx); 137169695Skan 138169695Skan /* Iterate over full file contents. */ 139169695Skan while (1) 140169695Skan { 141169695Skan /* We read the file in blocks of BLOCKSIZE bytes. One call of the 142169695Skan computation function processes the whole buffer so that with the 143169695Skan next round of the loop another block can be read. */ 144169695Skan size_t n; 145169695Skan sum = 0; 146169695Skan 147169695Skan /* Read block. Take care for partial reads. */ 148169695Skan do 149169695Skan { 150169695Skan n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); 151169695Skan 152169695Skan sum += n; 153169695Skan } 154169695Skan while (sum < BLOCKSIZE && n != 0); 155169695Skan if (n == 0 && ferror (stream)) 156169695Skan return 1; 157169695Skan 158169695Skan /* If end of file is reached, end the loop. */ 159169695Skan if (n == 0) 160169695Skan break; 161169695Skan 162169695Skan /* Process buffer with BLOCKSIZE bytes. Note that 163169695Skan BLOCKSIZE % 64 == 0 164169695Skan */ 165169695Skan md5_process_block (buffer, BLOCKSIZE, &ctx); 166169695Skan } 167169695Skan 168169695Skan /* Add the last bytes if necessary. */ 169169695Skan if (sum > 0) 170169695Skan md5_process_bytes (buffer, sum, &ctx); 171169695Skan 172169695Skan /* Construct result in desired memory. */ 173169695Skan md5_finish_ctx (&ctx, resblock); 174169695Skan return 0; 175169695Skan} 176169695Skan 177169695Skan/* Compute MD5 message digest for LEN bytes beginning at BUFFER. The 178169695Skan result is always in little endian byte order, so that a byte-wise 179169695Skan output yields to the wanted ASCII representation of the message 180169695Skan digest. */ 181169695Skanvoid * 182169695Skanmd5_buffer (const char *buffer, size_t len, void *resblock) 183169695Skan{ 184169695Skan struct md5_ctx ctx; 185169695Skan 186169695Skan /* Initialize the computation context. */ 187169695Skan md5_init_ctx (&ctx); 188169695Skan 189169695Skan /* Process whole buffer but last len % 64 bytes. */ 190169695Skan md5_process_bytes (buffer, len, &ctx); 191169695Skan 192169695Skan /* Put result in desired memory area. */ 193169695Skan return md5_finish_ctx (&ctx, resblock); 194169695Skan} 195169695Skan 196169695Skan 197169695Skanvoid 198169695Skanmd5_process_bytes (const void *buffer, size_t len, struct md5_ctx *ctx) 199169695Skan{ 200169695Skan /* When we already have some bits in our internal buffer concatenate 201169695Skan both inputs first. */ 202169695Skan if (ctx->buflen != 0) 203169695Skan { 204169695Skan size_t left_over = ctx->buflen; 205169695Skan size_t add = 128 - left_over > len ? len : 128 - left_over; 206169695Skan 207169695Skan memcpy (&ctx->buffer[left_over], buffer, add); 208169695Skan ctx->buflen += add; 209169695Skan 210169695Skan if (left_over + add > 64) 211169695Skan { 212169695Skan md5_process_block (ctx->buffer, (left_over + add) & ~63, ctx); 213169695Skan /* The regions in the following copy operation cannot overlap. */ 214169695Skan memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~63], 215169695Skan (left_over + add) & 63); 216169695Skan ctx->buflen = (left_over + add) & 63; 217169695Skan } 218169695Skan 219169695Skan buffer = (const void *) ((const char *) buffer + add); 220169695Skan len -= add; 221169695Skan } 222169695Skan 223169695Skan /* Process available complete blocks. */ 224169695Skan if (len > 64) 225169695Skan { 226169695Skan#if !_STRING_ARCH_unaligned 227169695Skan/* To check alignment gcc has an appropriate operator. Other 228169695Skan compilers don't. */ 229169695Skan# if __GNUC__ >= 2 230169695Skan# define UNALIGNED_P(p) (((md5_uintptr) p) % __alignof__ (md5_uint32) != 0) 231169695Skan# else 232169695Skan# define UNALIGNED_P(p) (((md5_uintptr) p) % sizeof (md5_uint32) != 0) 233169695Skan# endif 234169695Skan if (UNALIGNED_P (buffer)) 235169695Skan while (len > 64) 236169695Skan { 237169695Skan md5_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx); 238169695Skan buffer = (const char *) buffer + 64; 239169695Skan len -= 64; 240169695Skan } 241169695Skan else 242169695Skan#endif 243169695Skan md5_process_block (buffer, len & ~63, ctx); 244169695Skan buffer = (const void *) ((const char *) buffer + (len & ~63)); 245169695Skan len &= 63; 246169695Skan } 247169695Skan 248169695Skan /* Move remaining bytes in internal buffer. */ 249169695Skan if (len > 0) 250169695Skan { 251169695Skan memcpy (ctx->buffer, buffer, len); 252169695Skan ctx->buflen = len; 253169695Skan } 254169695Skan} 255169695Skan 256169695Skan 257169695Skan/* These are the four functions used in the four steps of the MD5 algorithm 258169695Skan and defined in the RFC 1321. The first function is a little bit optimized 259169695Skan (as found in Colin Plumbs public domain implementation). */ 260169695Skan/* #define FF(b, c, d) ((b & c) | (~b & d)) */ 261169695Skan#define FF(b, c, d) (d ^ (b & (c ^ d))) 262169695Skan#define FG(b, c, d) FF (d, b, c) 263169695Skan#define FH(b, c, d) (b ^ c ^ d) 264169695Skan#define FI(b, c, d) (c ^ (b | ~d)) 265169695Skan 266169695Skan/* Process LEN bytes of BUFFER, accumulating context into CTX. 267169695Skan It is assumed that LEN % 64 == 0. */ 268169695Skan 269169695Skanvoid 270169695Skanmd5_process_block (const void *buffer, size_t len, struct md5_ctx *ctx) 271169695Skan{ 272169695Skan md5_uint32 correct_words[16]; 273169695Skan const md5_uint32 *words = (const md5_uint32 *) buffer; 274169695Skan size_t nwords = len / sizeof (md5_uint32); 275169695Skan const md5_uint32 *endp = words + nwords; 276169695Skan md5_uint32 A = ctx->A; 277169695Skan md5_uint32 B = ctx->B; 278169695Skan md5_uint32 C = ctx->C; 279169695Skan md5_uint32 D = ctx->D; 280169695Skan 281169695Skan /* First increment the byte count. RFC 1321 specifies the possible 282169695Skan length of the file up to 2^64 bits. Here we only compute the 283169695Skan number of bytes. Do a double word increment. */ 284169695Skan ctx->total[0] += len; 285169695Skan if (ctx->total[0] < len) 286169695Skan ++ctx->total[1]; 287169695Skan 288169695Skan /* Process all bytes in the buffer with 64 bytes in each round of 289169695Skan the loop. */ 290169695Skan while (words < endp) 291169695Skan { 292169695Skan md5_uint32 *cwp = correct_words; 293169695Skan md5_uint32 A_save = A; 294169695Skan md5_uint32 B_save = B; 295169695Skan md5_uint32 C_save = C; 296169695Skan md5_uint32 D_save = D; 297169695Skan 298169695Skan /* First round: using the given function, the context and a constant 299169695Skan the next context is computed. Because the algorithms processing 300169695Skan unit is a 32-bit word and it is determined to work on words in 301169695Skan little endian byte order we perhaps have to change the byte order 302169695Skan before the computation. To reduce the work for the next steps 303169695Skan we store the swapped words in the array CORRECT_WORDS. */ 304169695Skan 305169695Skan#define OP(a, b, c, d, s, T) \ 306169695Skan do \ 307169695Skan { \ 308169695Skan a += FF (b, c, d) + (*cwp++ = SWAP (*words)) + T; \ 309169695Skan ++words; \ 310169695Skan CYCLIC (a, s); \ 311169695Skan a += b; \ 312169695Skan } \ 313169695Skan while (0) 314169695Skan 315169695Skan /* It is unfortunate that C does not provide an operator for 316169695Skan cyclic rotation. Hope the C compiler is smart enough. */ 317169695Skan#define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s))) 318169695Skan 319169695Skan /* Before we start, one word to the strange constants. 320169695Skan They are defined in RFC 1321 as 321169695Skan 322169695Skan T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64 323169695Skan */ 324169695Skan 325169695Skan /* Round 1. */ 326169695Skan OP (A, B, C, D, 7, (md5_uint32) 0xd76aa478); 327169695Skan OP (D, A, B, C, 12, (md5_uint32) 0xe8c7b756); 328169695Skan OP (C, D, A, B, 17, (md5_uint32) 0x242070db); 329169695Skan OP (B, C, D, A, 22, (md5_uint32) 0xc1bdceee); 330169695Skan OP (A, B, C, D, 7, (md5_uint32) 0xf57c0faf); 331169695Skan OP (D, A, B, C, 12, (md5_uint32) 0x4787c62a); 332169695Skan OP (C, D, A, B, 17, (md5_uint32) 0xa8304613); 333169695Skan OP (B, C, D, A, 22, (md5_uint32) 0xfd469501); 334169695Skan OP (A, B, C, D, 7, (md5_uint32) 0x698098d8); 335169695Skan OP (D, A, B, C, 12, (md5_uint32) 0x8b44f7af); 336169695Skan OP (C, D, A, B, 17, (md5_uint32) 0xffff5bb1); 337169695Skan OP (B, C, D, A, 22, (md5_uint32) 0x895cd7be); 338169695Skan OP (A, B, C, D, 7, (md5_uint32) 0x6b901122); 339169695Skan OP (D, A, B, C, 12, (md5_uint32) 0xfd987193); 340169695Skan OP (C, D, A, B, 17, (md5_uint32) 0xa679438e); 341169695Skan OP (B, C, D, A, 22, (md5_uint32) 0x49b40821); 342169695Skan 343169695Skan /* For the second to fourth round we have the possibly swapped words 344169695Skan in CORRECT_WORDS. Redefine the macro to take an additional first 345169695Skan argument specifying the function to use. */ 346169695Skan#undef OP 347169695Skan#define OP(a, b, c, d, k, s, T) \ 348169695Skan do \ 349169695Skan { \ 350169695Skan a += FX (b, c, d) + correct_words[k] + T; \ 351169695Skan CYCLIC (a, s); \ 352169695Skan a += b; \ 353169695Skan } \ 354169695Skan while (0) 355169695Skan 356169695Skan#define FX(b, c, d) FG (b, c, d) 357169695Skan 358169695Skan /* Round 2. */ 359169695Skan OP (A, B, C, D, 1, 5, (md5_uint32) 0xf61e2562); 360169695Skan OP (D, A, B, C, 6, 9, (md5_uint32) 0xc040b340); 361169695Skan OP (C, D, A, B, 11, 14, (md5_uint32) 0x265e5a51); 362169695Skan OP (B, C, D, A, 0, 20, (md5_uint32) 0xe9b6c7aa); 363169695Skan OP (A, B, C, D, 5, 5, (md5_uint32) 0xd62f105d); 364169695Skan OP (D, A, B, C, 10, 9, (md5_uint32) 0x02441453); 365169695Skan OP (C, D, A, B, 15, 14, (md5_uint32) 0xd8a1e681); 366169695Skan OP (B, C, D, A, 4, 20, (md5_uint32) 0xe7d3fbc8); 367169695Skan OP (A, B, C, D, 9, 5, (md5_uint32) 0x21e1cde6); 368169695Skan OP (D, A, B, C, 14, 9, (md5_uint32) 0xc33707d6); 369169695Skan OP (C, D, A, B, 3, 14, (md5_uint32) 0xf4d50d87); 370169695Skan OP (B, C, D, A, 8, 20, (md5_uint32) 0x455a14ed); 371169695Skan OP (A, B, C, D, 13, 5, (md5_uint32) 0xa9e3e905); 372169695Skan OP (D, A, B, C, 2, 9, (md5_uint32) 0xfcefa3f8); 373169695Skan OP (C, D, A, B, 7, 14, (md5_uint32) 0x676f02d9); 374169695Skan OP (B, C, D, A, 12, 20, (md5_uint32) 0x8d2a4c8a); 375169695Skan 376169695Skan#undef FX 377169695Skan#define FX(b, c, d) FH (b, c, d) 378169695Skan 379169695Skan /* Round 3. */ 380169695Skan OP (A, B, C, D, 5, 4, (md5_uint32) 0xfffa3942); 381169695Skan OP (D, A, B, C, 8, 11, (md5_uint32) 0x8771f681); 382169695Skan OP (C, D, A, B, 11, 16, (md5_uint32) 0x6d9d6122); 383169695Skan OP (B, C, D, A, 14, 23, (md5_uint32) 0xfde5380c); 384169695Skan OP (A, B, C, D, 1, 4, (md5_uint32) 0xa4beea44); 385169695Skan OP (D, A, B, C, 4, 11, (md5_uint32) 0x4bdecfa9); 386169695Skan OP (C, D, A, B, 7, 16, (md5_uint32) 0xf6bb4b60); 387169695Skan OP (B, C, D, A, 10, 23, (md5_uint32) 0xbebfbc70); 388169695Skan OP (A, B, C, D, 13, 4, (md5_uint32) 0x289b7ec6); 389169695Skan OP (D, A, B, C, 0, 11, (md5_uint32) 0xeaa127fa); 390169695Skan OP (C, D, A, B, 3, 16, (md5_uint32) 0xd4ef3085); 391169695Skan OP (B, C, D, A, 6, 23, (md5_uint32) 0x04881d05); 392169695Skan OP (A, B, C, D, 9, 4, (md5_uint32) 0xd9d4d039); 393169695Skan OP (D, A, B, C, 12, 11, (md5_uint32) 0xe6db99e5); 394169695Skan OP (C, D, A, B, 15, 16, (md5_uint32) 0x1fa27cf8); 395169695Skan OP (B, C, D, A, 2, 23, (md5_uint32) 0xc4ac5665); 396169695Skan 397169695Skan#undef FX 398169695Skan#define FX(b, c, d) FI (b, c, d) 399169695Skan 400169695Skan /* Round 4. */ 401169695Skan OP (A, B, C, D, 0, 6, (md5_uint32) 0xf4292244); 402169695Skan OP (D, A, B, C, 7, 10, (md5_uint32) 0x432aff97); 403169695Skan OP (C, D, A, B, 14, 15, (md5_uint32) 0xab9423a7); 404169695Skan OP (B, C, D, A, 5, 21, (md5_uint32) 0xfc93a039); 405169695Skan OP (A, B, C, D, 12, 6, (md5_uint32) 0x655b59c3); 406169695Skan OP (D, A, B, C, 3, 10, (md5_uint32) 0x8f0ccc92); 407169695Skan OP (C, D, A, B, 10, 15, (md5_uint32) 0xffeff47d); 408169695Skan OP (B, C, D, A, 1, 21, (md5_uint32) 0x85845dd1); 409169695Skan OP (A, B, C, D, 8, 6, (md5_uint32) 0x6fa87e4f); 410169695Skan OP (D, A, B, C, 15, 10, (md5_uint32) 0xfe2ce6e0); 411169695Skan OP (C, D, A, B, 6, 15, (md5_uint32) 0xa3014314); 412169695Skan OP (B, C, D, A, 13, 21, (md5_uint32) 0x4e0811a1); 413169695Skan OP (A, B, C, D, 4, 6, (md5_uint32) 0xf7537e82); 414169695Skan OP (D, A, B, C, 11, 10, (md5_uint32) 0xbd3af235); 415169695Skan OP (C, D, A, B, 2, 15, (md5_uint32) 0x2ad7d2bb); 416169695Skan OP (B, C, D, A, 9, 21, (md5_uint32) 0xeb86d391); 417169695Skan 418169695Skan /* Add the starting values of the context. */ 419169695Skan A += A_save; 420169695Skan B += B_save; 421169695Skan C += C_save; 422169695Skan D += D_save; 423169695Skan } 424169695Skan 425169695Skan /* Put checksum in context given as argument. */ 426169695Skan ctx->A = A; 427169695Skan ctx->B = B; 428169695Skan ctx->C = C; 429169695Skan ctx->D = D; 430169695Skan} 431