1 /* md5.c - Functions to compute MD5 message digest of files or memory blocks
2 according to the definition of MD5 in RFC 1321 from April 1992.
3 Copyright (C) 1995 Software Foundation, Inc.
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2, or (at your option)
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software Foundation,
17 Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
19 /* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>. */
25 #include <sys/types.h>
32 # define memcpy(d, s, n) bcopy ((s), (d), (n))
38 #ifdef WORDS_BIGENDIAN
40 (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
46 /* This array contains the bytes used to pad the buffer to the next
47 64-byte boundary. (RFC 1321, 3.1: Step 1) */
48 static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
51 /* Initialize structure containing state of computation.
52 (RFC 1321, 3.3: Step 3) */
63 /* Put result from CTX in first 16 bytes following RESBUF. The result must
64 be in little endian byte order. */
66 md5_read_ctx (ctx, resbuf)
67 const struct md5_ctx *ctx;
70 ((md5_uint32 *) resbuf)[0] = SWAP (ctx->A);
71 ((md5_uint32 *) resbuf)[1] = SWAP (ctx->B);
72 ((md5_uint32 *) resbuf)[2] = SWAP (ctx->C);
73 ((md5_uint32 *) resbuf)[3] = SWAP (ctx->D);
78 /* Compute MD5 message digest for bytes read from STREAM. The
79 resulting message digest number will be written into the 16 bytes
80 beginning at RESBLOCK. */
82 md5_stream (stream, resblock)
86 /* Important: BLOCKSIZE must be a multiple of 64. */
87 #define BLOCKSIZE 4096
90 char buffer[BLOCKSIZE + 72];
93 /* Initialize the computation context. */
99 /* Iterate over full file contents. */
102 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
103 computation function processes the whole buffer so that with the
104 next round of the loop another block can be read. */
108 /* Read block. Take care for partial reads. */
111 n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
115 while (sum < BLOCKSIZE && n != 0);
116 if (n == 0 && ferror (stream))
119 /* RFC 1321 specifies the possible length of the file up to 2^64 bits.
120 Here we only compute the number of bytes. Do a double word
126 /* If end of file is reached, end the loop. */
130 /* Process buffer with BLOCKSIZE bytes. Note that
133 md5_process_block (buffer, BLOCKSIZE, &ctx);
136 /* We can copy 64 byte because the buffer is always big enough. FILLBUF
137 contains the needed bits. */
138 memcpy (&buffer[sum], fillbuf, 64);
140 /* Compute amount of padding bytes needed. Alignment is done to
142 There is always at least one byte padded. I.e. even the alignment
143 is correctly aligned 64 padding bytes are added. */
145 pad = pad >= 56 ? 64 + 56 - pad : 56 - pad;
147 /* Put the 64-bit file length in *bits* at the end of the buffer. */
148 *(md5_uint32 *) &buffer[sum + pad] = SWAP (len[0] << 3);
149 *(md5_uint32 *) &buffer[sum + pad + 4] = SWAP ((len[1] << 3)
152 /* Process last bytes. */
153 md5_process_block (buffer, sum + pad + 8, &ctx);
155 /* Construct result in desired memory. */
156 md5_read_ctx (&ctx, resblock);
160 /* Compute MD5 message digest for LEN bytes beginning at BUFFER. The
161 result is always in little endian byte order, so that a byte-wise
162 output yields to the wanted ASCII representation of the message
165 md5_buffer (buffer, len, resblock)
171 char restbuf[64 + 72];
172 size_t blocks = len & ~63;
175 /* Initialize the computation context. */
178 /* Process whole buffer but last len % 64 bytes. */
179 md5_process_block (buffer, blocks, &ctx);
181 /* REST bytes are not processed yet. */
183 /* Copy to own buffer. */
184 memcpy (restbuf, &buffer[blocks], rest);
185 /* Append needed fill bytes at end of buffer. We can copy 64 byte
186 because the buffer is always big enough. */
187 memcpy (&restbuf[rest], fillbuf, 64);
189 /* PAD bytes are used for padding to correct alignment. Note that
190 always at least one byte is padded. */
191 pad = rest >= 56 ? 64 + 56 - rest : 56 - rest;
193 /* Put length of buffer in *bits* in last eight bytes. */
194 *(md5_uint32 *) &restbuf[rest + pad] = (md5_uint32) SWAP (len << 3);
195 *(md5_uint32 *) &restbuf[rest + pad + 4] = (md5_uint32) SWAP (len >> 29);
197 /* Process last bytes. */
198 md5_process_block (restbuf, rest + pad + 8, &ctx);
200 /* Put result in desired memory area. */
201 return md5_read_ctx (&ctx, resblock);
205 /* These are the four functions used in the four steps of the MD5 algorithm
206 and defined in the RFC 1321. The first function is a little bit optimized
207 (as found in Colin Plumbs public domain implementation). */
208 /* #define FF(b, c, d) ((b & c) | (~b & d)) */
209 #define FF(b, c, d) (d ^ (b & (c ^ d)))
210 #define FG(b, c, d) FF (d, b, c)
211 #define FH(b, c, d) (b ^ c ^ d)
212 #define FI(b, c, d) (c ^ (b | ~d))
214 /* Process LEN bytes of BUFFER, accumulating context into CTX.
215 It is assumed that LEN % 64 == 0. */
218 md5_process_block (buffer, len, ctx)
223 md5_uint32 correct_words[16];
224 const md5_uint32 *words = buffer;
225 size_t nwords = len / sizeof (md5_uint32);
226 const md5_uint32 *endp = words + nwords;
227 md5_uint32 A = ctx->A;
228 md5_uint32 B = ctx->B;
229 md5_uint32 C = ctx->C;
230 md5_uint32 D = ctx->D;
232 /* Process all bytes in the buffer with 64 bytes in each round of
236 md5_uint32 *cwp = correct_words;
237 md5_uint32 A_save = A;
238 md5_uint32 B_save = B;
239 md5_uint32 C_save = C;
240 md5_uint32 D_save = D;
242 /* First round: using the given function, the context and a constant
243 the next context is computed. Because the algorithms processing
244 unit is a 32-bit word and it is determined to work on words in
245 little endian byte order we perhaps have to change the byte order
246 before the computation. To reduce the work for the next steps
247 we store the swapped words in the array CORRECT_WORDS. */
249 #define OP(a, b, c, d, s, T) \
252 a += FF (b, c, d) + (*cwp++ = SWAP (*words)) + T; \
259 /* It is unfortunate that C does not provide an operator for
260 cyclic rotation. Hope the C compiler is smart enough. */
261 #define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s)))
263 /* Before we start, one word to the strange constants.
264 They are defined in RFC 1321 as
266 T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64
270 OP (A, B, C, D, 7, 0xd76aa478);
271 OP (D, A, B, C, 12, 0xe8c7b756);
272 OP (C, D, A, B, 17, 0x242070db);
273 OP (B, C, D, A, 22, 0xc1bdceee);
274 OP (A, B, C, D, 7, 0xf57c0faf);
275 OP (D, A, B, C, 12, 0x4787c62a);
276 OP (C, D, A, B, 17, 0xa8304613);
277 OP (B, C, D, A, 22, 0xfd469501);
278 OP (A, B, C, D, 7, 0x698098d8);
279 OP (D, A, B, C, 12, 0x8b44f7af);
280 OP (C, D, A, B, 17, 0xffff5bb1);
281 OP (B, C, D, A, 22, 0x895cd7be);
282 OP (A, B, C, D, 7, 0x6b901122);
283 OP (D, A, B, C, 12, 0xfd987193);
284 OP (C, D, A, B, 17, 0xa679438e);
285 OP (B, C, D, A, 22, 0x49b40821);
287 /* For the second to fourth round we have the possibly swapped words
288 in CORRECT_WORDS. Redefine the macro to take an additional first
289 argument specifying the function to use. */
291 #define OP(f, a, b, c, d, k, s, T) \
294 a += f (b, c, d) + correct_words[k] + T; \
301 OP (FG, A, B, C, D, 1, 5, 0xf61e2562);
302 OP (FG, D, A, B, C, 6, 9, 0xc040b340);
303 OP (FG, C, D, A, B, 11, 14, 0x265e5a51);
304 OP (FG, B, C, D, A, 0, 20, 0xe9b6c7aa);
305 OP (FG, A, B, C, D, 5, 5, 0xd62f105d);
306 OP (FG, D, A, B, C, 10, 9, 0x02441453);
307 OP (FG, C, D, A, B, 15, 14, 0xd8a1e681);
308 OP (FG, B, C, D, A, 4, 20, 0xe7d3fbc8);
309 OP (FG, A, B, C, D, 9, 5, 0x21e1cde6);
310 OP (FG, D, A, B, C, 14, 9, 0xc33707d6);
311 OP (FG, C, D, A, B, 3, 14, 0xf4d50d87);
312 OP (FG, B, C, D, A, 8, 20, 0x455a14ed);
313 OP (FG, A, B, C, D, 13, 5, 0xa9e3e905);
314 OP (FG, D, A, B, C, 2, 9, 0xfcefa3f8);
315 OP (FG, C, D, A, B, 7, 14, 0x676f02d9);
316 OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a);
319 OP (FH, A, B, C, D, 5, 4, 0xfffa3942);
320 OP (FH, D, A, B, C, 8, 11, 0x8771f681);
321 OP (FH, C, D, A, B, 11, 16, 0x6d9d6122);
322 OP (FH, B, C, D, A, 14, 23, 0xfde5380c);
323 OP (FH, A, B, C, D, 1, 4, 0xa4beea44);
324 OP (FH, D, A, B, C, 4, 11, 0x4bdecfa9);
325 OP (FH, C, D, A, B, 7, 16, 0xf6bb4b60);
326 OP (FH, B, C, D, A, 10, 23, 0xbebfbc70);
327 OP (FH, A, B, C, D, 13, 4, 0x289b7ec6);
328 OP (FH, D, A, B, C, 0, 11, 0xeaa127fa);
329 OP (FH, C, D, A, B, 3, 16, 0xd4ef3085);
330 OP (FH, B, C, D, A, 6, 23, 0x04881d05);
331 OP (FH, A, B, C, D, 9, 4, 0xd9d4d039);
332 OP (FH, D, A, B, C, 12, 11, 0xe6db99e5);
333 OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8);
334 OP (FH, B, C, D, A, 2, 23, 0xc4ac5665);
337 OP (FI, A, B, C, D, 0, 6, 0xf4292244);
338 OP (FI, D, A, B, C, 7, 10, 0x432aff97);
339 OP (FI, C, D, A, B, 14, 15, 0xab9423a7);
340 OP (FI, B, C, D, A, 5, 21, 0xfc93a039);
341 OP (FI, A, B, C, D, 12, 6, 0x655b59c3);
342 OP (FI, D, A, B, C, 3, 10, 0x8f0ccc92);
343 OP (FI, C, D, A, B, 10, 15, 0xffeff47d);
344 OP (FI, B, C, D, A, 1, 21, 0x85845dd1);
345 OP (FI, A, B, C, D, 8, 6, 0x6fa87e4f);
346 OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0);
347 OP (FI, C, D, A, B, 6, 15, 0xa3014314);
348 OP (FI, B, C, D, A, 13, 21, 0x4e0811a1);
349 OP (FI, A, B, C, D, 4, 6, 0xf7537e82);
350 OP (FI, D, A, B, C, 11, 10, 0xbd3af235);
351 OP (FI, C, D, A, B, 2, 15, 0x2ad7d2bb);
352 OP (FI, B, C, D, A, 9, 21, 0xeb86d391);
354 /* Add the starting values of the context. */
361 /* Put checksum in context given as argument. */