1 /* md5.c - Functions to compute MD5 message digest of files or memory blocks
2 according to the definition of MD5 in RFC 1321 from April 1992.
3 Copyright (C) 1995 Software Foundation, Inc.
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2, or (at your option)
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19 /* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>. */
25 #include <sys/types.h>
29 #ifdef WORDS_BIGENDIAN
31 (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
37 /* This array contains the bytes used to pad the buffer to the next
38 64-byte boundary. (RFC 1321, 3.1: Step 1) */
39 static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
42 /* Initialize structure containing state of computation.
43 (RFC 1321, 3.3: Step 3) */
54 /* Put result from CTX in first 16 bytes following RESBUF. The result must
55 be in little endian byte order. */
57 md5_read_ctx (ctx, resbuf)
58 const struct md5_ctx *ctx;
61 ((md5_uint32 *) resbuf)[0] = SWAP (ctx->A);
62 ((md5_uint32 *) resbuf)[1] = SWAP (ctx->B);
63 ((md5_uint32 *) resbuf)[2] = SWAP (ctx->C);
64 ((md5_uint32 *) resbuf)[3] = SWAP (ctx->D);
69 /* Compute MD5 message digest for bytes read from STREAM. The
70 resulting message digest number will be written into the 16 bytes
71 beginning at RESBLOCK. */
73 md5_stream (stream, resblock)
77 /* Important: BLOCKSIZE must be a multiple of 64. */
78 #define BLOCKSIZE 4096
81 char buffer[BLOCKSIZE + 72];
84 /* Initialize the computation context. */
90 /* Iterate over full file contents. */
93 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
94 computation function processes the whole buffer so that with the
95 next round of the loop another block can be read. */
99 /* Read block. Take care for partial reads. */
102 n = fread (buffer, 1, BLOCKSIZE - sum, stream);
106 while (sum < BLOCKSIZE && n != 0);
107 if (n == 0 && ferror (stream))
110 /* RFC 1321 specifies the possible length of the file up to 2^64 bits.
111 Here we only compute the number of bytes. Do a double word
117 /* If end of file is reached, end the loop. */
121 /* Process buffer with BLOCKSIZE bytes. Note that
124 md5_process_block (buffer, BLOCKSIZE, &ctx);
127 /* We can copy 64 byte because the buffer is always big enough. FILLBUF
128 contains the needed bits. */
129 memcpy (&buffer[sum], fillbuf, 64);
131 /* Compute amount of padding bytes needed. Alignment is done to
133 There is always at least one byte padded. I.e. even the alignment
134 is correctly aligned 64 padding bytes are added. */
136 pad = pad >= 56 ? 64 + 56 - pad : 56 - pad;
138 /* Put the 64-bit file length in *bits* at the end of the buffer. */
139 *(md5_uint32 *) &buffer[sum + pad] = SWAP (len[0] << 3);
140 *(md5_uint32 *) &buffer[sum + pad + 4] = SWAP ((len[1] << 3)
143 /* Process last bytes. */
144 md5_process_block (buffer, sum + pad + 8, &ctx);
146 /* Construct result in desired memory. */
147 md5_read_ctx (&ctx, resblock);
151 /* Compute MD5 message digest for LEN bytes beginning at BUFFER. The
152 result is always in little endian byte order, so that a byte-wise
153 output yields to the wanted ASCII representation of the message
156 md5_buffer (buffer, len, resblock)
162 char restbuf[64 + 72];
163 size_t blocks = len & ~63;
166 /* Initialize the computation context. */
169 /* Process whole buffer but last len % 64 bytes. */
170 md5_process_block (buffer, blocks, &ctx);
172 /* REST bytes are not processed yet. */
174 /* Copy to own buffer. */
175 memcpy (restbuf, &buffer[blocks], rest);
176 /* Append needed fill bytes at end of buffer. We can copy 64 byte
177 because the buffer is always big enough. */
178 memcpy (&restbuf[rest], fillbuf, 64);
180 /* PAD bytes are used for padding to correct alignment. Note that
181 always at least one byte is padded. */
182 pad = rest >= 56 ? 64 + 56 - rest : 56 - rest;
184 /* Put length of buffer in *bits* in last eight bytes. */
185 *(md5_uint32 *) &restbuf[rest + pad] = SWAP (len << 3);
186 *(md5_uint32 *) &restbuf[rest + pad + 4] = SWAP (len >> 29);
188 /* Process last bytes. */
189 md5_process_block (restbuf, rest + pad + 8, &ctx);
191 /* Put result in desired memory area. */
192 return md5_read_ctx (&ctx, resblock);
196 /* These are the four functions used in the four steps of the MD5 algorithm
197 and defined in the RFC 1321. The first function is a little bit optimized
198 (as found in Colin Plumbs public domain implementation). */
199 /* #define FF(b, c, d) ((b & c) | (~b & d)) */
200 #define FF(b, c, d) (d ^ (b & (c ^ d)))
201 #define FG(b, c, d) FF (d, b, c)
202 #define FH(b, c, d) (b ^ c ^ d)
203 #define FI(b, c, d) (c ^ (b | ~d))
205 /* Process LEN bytes of BUFFER, accumulating context into CTX.
206 It is assumed that LEN % 64 == 0. */
209 md5_process_block (buffer, len, ctx)
214 md5_uint32 correct_words[16];
215 const md5_uint32 *words = buffer;
216 size_t nwords = len / sizeof (md5_uint32);
217 const md5_uint32 *endp = words + nwords;
218 md5_uint32 A = ctx->A;
219 md5_uint32 B = ctx->B;
220 md5_uint32 C = ctx->C;
221 md5_uint32 D = ctx->D;
223 /* Process all bytes in the buffer with 64 bytes in each round of
227 md5_uint32 *cwp = correct_words;
228 md5_uint32 A_save = A;
229 md5_uint32 B_save = B;
230 md5_uint32 C_save = C;
231 md5_uint32 D_save = D;
233 /* First round: using the given function, the context and a constant
234 the next context is computed. Because the algorithms processing
235 unit is a 32-bit word and it is determined to work on words in
236 little endian byte order we perhaps have to change the byte order
237 before the computation. To reduce the work for the next steps
238 we store the swapped words in the array CORRECT_WORDS. */
240 #define OP(a, b, c, d, s, T) \
243 a += FF (b, c, d) + (*cwp++ = SWAP (*words)) + T; \
250 /* It is unfortunate that C does not provide an operator for
251 cyclic rotation. Hope the C compiler is smart enough. */
252 #define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s)))
254 /* Before we start, one word to the strange constants.
255 They are defined in RFC 1321 as
257 T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64
261 OP (A, B, C, D, 7, 0xd76aa478);
262 OP (D, A, B, C, 12, 0xe8c7b756);
263 OP (C, D, A, B, 17, 0x242070db);
264 OP (B, C, D, A, 22, 0xc1bdceee);
265 OP (A, B, C, D, 7, 0xf57c0faf);
266 OP (D, A, B, C, 12, 0x4787c62a);
267 OP (C, D, A, B, 17, 0xa8304613);
268 OP (B, C, D, A, 22, 0xfd469501);
269 OP (A, B, C, D, 7, 0x698098d8);
270 OP (D, A, B, C, 12, 0x8b44f7af);
271 OP (C, D, A, B, 17, 0xffff5bb1);
272 OP (B, C, D, A, 22, 0x895cd7be);
273 OP (A, B, C, D, 7, 0x6b901122);
274 OP (D, A, B, C, 12, 0xfd987193);
275 OP (C, D, A, B, 17, 0xa679438e);
276 OP (B, C, D, A, 22, 0x49b40821);
278 /* For the second to fourth round we have the possibly swapped words
279 in CORRECT_WORDS. Redefine the macro to take an additional first
280 argument specifying the function to use. */
282 #define OP(f, a, b, c, d, k, s, T) \
285 a += f (b, c, d) + correct_words[k] + T; \
292 OP (FG, A, B, C, D, 1, 5, 0xf61e2562);
293 OP (FG, D, A, B, C, 6, 9, 0xc040b340);
294 OP (FG, C, D, A, B, 11, 14, 0x265e5a51);
295 OP (FG, B, C, D, A, 0, 20, 0xe9b6c7aa);
296 OP (FG, A, B, C, D, 5, 5, 0xd62f105d);
297 OP (FG, D, A, B, C, 10, 9, 0x02441453);
298 OP (FG, C, D, A, B, 15, 14, 0xd8a1e681);
299 OP (FG, B, C, D, A, 4, 20, 0xe7d3fbc8);
300 OP (FG, A, B, C, D, 9, 5, 0x21e1cde6);
301 OP (FG, D, A, B, C, 14, 9, 0xc33707d6);
302 OP (FG, C, D, A, B, 3, 14, 0xf4d50d87);
303 OP (FG, B, C, D, A, 8, 20, 0x455a14ed);
304 OP (FG, A, B, C, D, 13, 5, 0xa9e3e905);
305 OP (FG, D, A, B, C, 2, 9, 0xfcefa3f8);
306 OP (FG, C, D, A, B, 7, 14, 0x676f02d9);
307 OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a);
310 OP (FH, A, B, C, D, 5, 4, 0xfffa3942);
311 OP (FH, D, A, B, C, 8, 11, 0x8771f681);
312 OP (FH, C, D, A, B, 11, 16, 0x6d9d6122);
313 OP (FH, B, C, D, A, 14, 23, 0xfde5380c);
314 OP (FH, A, B, C, D, 1, 4, 0xa4beea44);
315 OP (FH, D, A, B, C, 4, 11, 0x4bdecfa9);
316 OP (FH, C, D, A, B, 7, 16, 0xf6bb4b60);
317 OP (FH, B, C, D, A, 10, 23, 0xbebfbc70);
318 OP (FH, A, B, C, D, 13, 4, 0x289b7ec6);
319 OP (FH, D, A, B, C, 0, 11, 0xeaa127fa);
320 OP (FH, C, D, A, B, 3, 16, 0xd4ef3085);
321 OP (FH, B, C, D, A, 6, 23, 0x04881d05);
322 OP (FH, A, B, C, D, 9, 4, 0xd9d4d039);
323 OP (FH, D, A, B, C, 12, 11, 0xe6db99e5);
324 OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8);
325 OP (FH, B, C, D, A, 2, 23, 0xc4ac5665);
328 OP (FI, A, B, C, D, 0, 6, 0xf4292244);
329 OP (FI, D, A, B, C, 7, 10, 0x432aff97);
330 OP (FI, C, D, A, B, 14, 15, 0xab9423a7);
331 OP (FI, B, C, D, A, 5, 21, 0xfc93a039);
332 OP (FI, A, B, C, D, 12, 6, 0x655b59c3);
333 OP (FI, D, A, B, C, 3, 10, 0x8f0ccc92);
334 OP (FI, C, D, A, B, 10, 15, 0xffeff47d);
335 OP (FI, B, C, D, A, 1, 21, 0x85845dd1);
336 OP (FI, A, B, C, D, 8, 6, 0x6fa87e4f);
337 OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0);
338 OP (FI, C, D, A, B, 6, 15, 0xa3014314);
339 OP (FI, B, C, D, A, 13, 21, 0x4e0811a1);
340 OP (FI, A, B, C, D, 4, 6, 0xf7537e82);
341 OP (FI, D, A, B, C, 11, 10, 0xbd3af235);
342 OP (FI, C, D, A, B, 2, 15, 0x2ad7d2bb);
343 OP (FI, B, C, D, A, 9, 21, 0xeb86d391);
345 /* Add the starting values of the context. */
352 /* Put checksum in context given as argument. */