1 /* md5.c - Functions to compute MD5 message digest of files or memory blocks
2 according to the definition of MD5 in RFC 1321 from April 1992.
3 Copyright (C) 1995 Software Foundation, Inc.
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2, or (at your option)
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19 /* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>. */
25 #include <sys/types.h>
29 #ifdef WORDS_BIGENDIAN
31 (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
37 /* This array contains the bytes used to pad the buffer to the next
38 64-byte boundary. (RFC 1321, 3.1: Step 1) */
39 static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
42 /* Initialize structure containing state of computation.
43 (RFC 1321, 3.3: Step 3) */
54 /* Put result from CTX in first 16 bytes following RESBUF. The result must
55 be in little endian byte order. */
57 md5_read_ctx (ctx, resbuf)
58 const struct md5_ctx *ctx;
61 ((md5_uint32 *) resbuf)[0] = SWAP (ctx->A);
62 ((md5_uint32 *) resbuf)[1] = SWAP (ctx->B);
63 ((md5_uint32 *) resbuf)[2] = SWAP (ctx->C);
64 ((md5_uint32 *) resbuf)[3] = SWAP (ctx->D);
69 /* Compute MD5 message digest for bytes read from STREAM. The
70 resulting message digest number will be written into the 16 bytes
71 beginning at RESBLOCK. */
73 md5_stream (stream, resblock)
77 /* Important: BLOCKSIZE must be a multiple of 64. */
78 #define BLOCKSIZE 4096
81 char buffer[BLOCKSIZE + 72];
84 /* Initialize the computation context. */
90 /* Iterate over full file contents. */
93 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
94 computation function processes the whole buffer so that with the
95 next round of the loop another block can be read. */
99 /* Read block. Take care for partial reads. */
102 n = fread (buffer, 1, BLOCKSIZE - sum, stream);
106 while (sum < BLOCKSIZE && n != 0);
108 /* RFC 1321 specifies the possible length of the file up to 2^64 bits.
109 Here we only compute the number of bytes. Do a double word
115 /* If end of file is reached, end the loop. */
119 /* Process buffer with BLOCKSIZE bytes. Note that
122 md5_process_block (buffer, BLOCKSIZE, &ctx);
125 /* We can copy 64 byte because the buffer is always big enough. FILLBUF
126 contains the needed bits. */
127 memcpy (&buffer[sum], fillbuf, 64);
129 /* Compute amount of padding bytes needed. Alignment is done to
131 There is always at least one byte padded. I.e. even the alignment
132 is correctly aligned 64 padding bytes are added. */
134 pad = pad >= 56 ? 64 + 56 - pad : 56 - pad;
136 /* Put the 64-bit file length in *bits* at the end of the buffer. */
137 *(md5_uint32 *) &buffer[sum + pad] = SWAP (len[0] << 3);
138 *(md5_uint32 *) &buffer[sum + pad + 4] = SWAP ((len[1] << 3) | (len[0] >> 29));
140 /* Process last bytes. */
141 md5_process_block (buffer, sum + pad + 8, &ctx);
143 /* Construct result in desired memory. */
144 return md5_read_ctx (&ctx, resblock);
147 /* Compute MD5 message digest for LEN bytes beginning at BUFFER. The
148 result is always in little endian byte order, so that a byte-wise
149 output yields to the wanted ASCII representation of the message
152 md5_buffer (buffer, len, resblock)
158 char restbuf[64 + 72];
159 size_t blocks = len & ~63;
162 /* Initialize the computation context. */
165 /* Process whole buffer but last len % 64 bytes. */
166 md5_process_block (buffer, blocks, &ctx);
168 /* REST bytes are not processed yet. */
170 /* Copy to own buffer. */
171 memcpy (restbuf, &buffer[blocks], rest);
172 /* Append needed fill bytes at end of buffer. We can copy 64 byte
173 because the buffer is always big enough. */
174 memcpy (&restbuf[rest], fillbuf, 64);
176 /* PAD bytes are used for padding to correct alignment. Note that
177 always at least one byte is padded. */
178 pad = rest >= 56 ? 64 + 56 - rest : 56 - rest;
180 /* Put length of buffer in *bits* in last eight bytes. */
181 *(md5_uint32 *) &restbuf[rest + pad] = SWAP (len << 3);
182 *(md5_uint32 *) &restbuf[rest + pad + 4] = SWAP (len >> 29);
184 /* Process last bytes. */
185 md5_process_block (restbuf, rest + pad + 8, &ctx);
187 /* Put result in desired memory area. */
188 return md5_read_ctx (&ctx, resblock);
192 /* These are the four functions used in the four steps of the MD5 algorithm
193 and defined in the RFC 1321. The first function is a little bit optimized
194 (as found in Colin Plumbs public domain implementation). */
195 /* #define FF(b, c, d) ((b & c) | (~b & d)) */
196 #define FF(b, c, d) (d ^ (b & (c ^ d)))
197 #define FG(b, c, d) FF (d, b, c)
198 #define FH(b, c, d) (b ^ c ^ d)
199 #define FI(b, c, d) (c ^ (b | ~d))
201 /* Process LEN bytes of BUFFER, accumulating context into CTX.
202 It is assumed that LEN % 64 == 0. */
205 md5_process_block (buffer, len, ctx)
210 md5_uint32 correct_words[16];
211 const md5_uint32 *words = buffer;
212 size_t nwords = len / sizeof (md5_uint32);
213 const md5_uint32 *endp = words + nwords;
214 md5_uint32 A = ctx->A;
215 md5_uint32 B = ctx->B;
216 md5_uint32 C = ctx->C;
217 md5_uint32 D = ctx->D;
219 /* Process all bytes in the buffer with 64 bytes in each round of
223 md5_uint32 *cwp = correct_words;
224 md5_uint32 A_save = A;
225 md5_uint32 B_save = B;
226 md5_uint32 C_save = C;
227 md5_uint32 D_save = D;
229 /* First round: using the given function, the context and a constant
230 the next context is computed. Because the algorithms processing
231 unit is a 32-bit word and it is determined to work on words in
232 little endian byte order we perhaps have to change the byte order
233 before the computation. To reduce the work for the next steps
234 we store the swapped words in the array CORRECT_WORDS. */
236 #define OP(a, b, c, d, s, T) \
239 a += FF (b, c, d) + (*cwp++ = SWAP (*words)) + T; \
246 /* It is unfortunate that C does not provide an operator for
247 cyclic rotation. Hope the C compiler is smart enough. */
248 #define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s)))
250 /* Before we start, one word to the strange constants.
251 They are defined in RFC 1321 as
253 T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64
257 OP (A, B, C, D, 7, 0xd76aa478);
258 OP (D, A, B, C, 12, 0xe8c7b756);
259 OP (C, D, A, B, 17, 0x242070db);
260 OP (B, C, D, A, 22, 0xc1bdceee);
261 OP (A, B, C, D, 7, 0xf57c0faf);
262 OP (D, A, B, C, 12, 0x4787c62a);
263 OP (C, D, A, B, 17, 0xa8304613);
264 OP (B, C, D, A, 22, 0xfd469501);
265 OP (A, B, C, D, 7, 0x698098d8);
266 OP (D, A, B, C, 12, 0x8b44f7af);
267 OP (C, D, A, B, 17, 0xffff5bb1);
268 OP (B, C, D, A, 22, 0x895cd7be);
269 OP (A, B, C, D, 7, 0x6b901122);
270 OP (D, A, B, C, 12, 0xfd987193);
271 OP (C, D, A, B, 17, 0xa679438e);
272 OP (B, C, D, A, 22, 0x49b40821);
274 /* For the second to fourth round we have the possibly swapped words
275 in CORRECT_WORDS. Redefine the macro to take an additional first
276 argument specifying the function to use. */
278 #define OP(f, a, b, c, d, k, s, T) \
281 a += f (b, c, d) + correct_words[k] + T; \
288 OP (FG, A, B, C, D, 1, 5, 0xf61e2562);
289 OP (FG, D, A, B, C, 6, 9, 0xc040b340);
290 OP (FG, C, D, A, B, 11, 14, 0x265e5a51);
291 OP (FG, B, C, D, A, 0, 20, 0xe9b6c7aa);
292 OP (FG, A, B, C, D, 5, 5, 0xd62f105d);
293 OP (FG, D, A, B, C, 10, 9, 0x02441453);
294 OP (FG, C, D, A, B, 15, 14, 0xd8a1e681);
295 OP (FG, B, C, D, A, 4, 20, 0xe7d3fbc8);
296 OP (FG, A, B, C, D, 9, 5, 0x21e1cde6);
297 OP (FG, D, A, B, C, 14, 9, 0xc33707d6);
298 OP (FG, C, D, A, B, 3, 14, 0xf4d50d87);
299 OP (FG, B, C, D, A, 8, 20, 0x455a14ed);
300 OP (FG, A, B, C, D, 13, 5, 0xa9e3e905);
301 OP (FG, D, A, B, C, 2, 9, 0xfcefa3f8);
302 OP (FG, C, D, A, B, 7, 14, 0x676f02d9);
303 OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a);
306 OP (FH, A, B, C, D, 5, 4, 0xfffa3942);
307 OP (FH, D, A, B, C, 8, 11, 0x8771f681);
308 OP (FH, C, D, A, B, 11, 16, 0x6d9d6122);
309 OP (FH, B, C, D, A, 14, 23, 0xfde5380c);
310 OP (FH, A, B, C, D, 1, 4, 0xa4beea44);
311 OP (FH, D, A, B, C, 4, 11, 0x4bdecfa9);
312 OP (FH, C, D, A, B, 7, 16, 0xf6bb4b60);
313 OP (FH, B, C, D, A, 10, 23, 0xbebfbc70);
314 OP (FH, A, B, C, D, 13, 4, 0x289b7ec6);
315 OP (FH, D, A, B, C, 0, 11, 0xeaa127fa);
316 OP (FH, C, D, A, B, 3, 16, 0xd4ef3085);
317 OP (FH, B, C, D, A, 6, 23, 0x04881d05);
318 OP (FH, A, B, C, D, 9, 4, 0xd9d4d039);
319 OP (FH, D, A, B, C, 12, 11, 0xe6db99e5);
320 OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8);
321 OP (FH, B, C, D, A, 2, 23, 0xc4ac5665);
324 OP (FI, A, B, C, D, 0, 6, 0xf4292244);
325 OP (FI, D, A, B, C, 7, 10, 0x432aff97);
326 OP (FI, C, D, A, B, 14, 15, 0xab9423a7);
327 OP (FI, B, C, D, A, 5, 21, 0xfc93a039);
328 OP (FI, A, B, C, D, 12, 6, 0x655b59c3);
329 OP (FI, D, A, B, C, 3, 10, 0x8f0ccc92);
330 OP (FI, C, D, A, B, 10, 15, 0xffeff47d);
331 OP (FI, B, C, D, A, 1, 21, 0x85845dd1);
332 OP (FI, A, B, C, D, 8, 6, 0x6fa87e4f);
333 OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0);
334 OP (FI, C, D, A, B, 6, 15, 0xa3014314);
335 OP (FI, B, C, D, A, 13, 21, 0x4e0811a1);
336 OP (FI, A, B, C, D, 4, 6, 0xf7537e82);
337 OP (FI, D, A, B, C, 11, 10, 0xbd3af235);
338 OP (FI, C, D, A, B, 2, 15, 0x2ad7d2bb);
339 OP (FI, B, C, D, A, 9, 21, 0xeb86d391);
341 /* Add the starting values of the context. */
348 /* Put checksum in context given as argument. */