1 /* MD5.java -- 2 Copyright (C) 2001, 2002, 2006 Free Software Foundation, Inc. 3 4 This file is a part of GNU Classpath. 5 6 GNU Classpath is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License as published by 8 the Free Software Foundation; either version 2 of the License, or (at 9 your option) any later version. 10 11 GNU Classpath is distributed in the hope that it will be useful, but 12 WITHOUT ANY WARRANTY; without even the implied warranty of 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 General Public License for more details. 15 16 You should have received a copy of the GNU General Public License 17 along with GNU Classpath; if not, write to the Free Software 18 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 19 USA 20 21 Linking this library statically or dynamically with other modules is 22 making a combined work based on this library. Thus, the terms and 23 conditions of the GNU General Public License cover the whole 24 combination. 25 26 As a special exception, the copyright holders of this library give you 27 permission to link this library with independent modules to produce an 28 executable, regardless of the license terms of these independent 29 modules, and to copy and distribute the resulting executable under 30 terms of your choice, provided that you also meet, for each linked 31 independent module, the terms and conditions of the license of that 32 module. An independent module is a module which is not derived from 33 or based on this library. If you modify this library, you may extend 34 this exception to your version of the library, but you are not 35 obligated to do so. If you do not wish to do so, delete this 36 exception statement from your version. */ 37 38 39 package gnu.java.security.hash; 40 41 import gnu.java.security.Registry; 42 import gnu.java.security.util.Util; 43 44 /** 45 * The MD5 message-digest algorithm takes as input a message of arbitrary 46 * length and produces as output a 128-bit "fingerprint" or "message digest" of 47 * the input. It is conjectured that it is computationally infeasible to 48 * produce two messages having the same message digest, or to produce any 49 * message having a given prespecified target message digest. 50 * <p> 51 * References: 52 * <ol> 53 * <li>The <a href="http://www.ietf.org/rfc/rfc1321.txt">MD5</a> Message- 54 * Digest Algorithm.<br> 55 * R. Rivest.</li> 56 * </ol> 57 */ 58 public class MD5 59 extends BaseHash 60 { 61 private static final int BLOCK_SIZE = 64; // inner block size in bytes 62 63 private static final String DIGEST0 = "D41D8CD98F00B204E9800998ECF8427E"; 64 65 /** caches the result of the correctness test, once executed. */ 66 private static Boolean valid; 67 68 /** 128-bit interim result. */ 69 private int h0, h1, h2, h3; 70 71 /** Trivial 0-arguments constructor. */ MD5()72 public MD5() 73 { 74 super(Registry.MD5_HASH, 16, BLOCK_SIZE); 75 } 76 77 /** 78 * Private constructor for cloning purposes. 79 * 80 * @param md the instance to clone. 81 */ MD5(MD5 md)82 private MD5(MD5 md) 83 { 84 this(); 85 86 this.h0 = md.h0; 87 this.h1 = md.h1; 88 this.h2 = md.h2; 89 this.h3 = md.h3; 90 this.count = md.count; 91 this.buffer = (byte[]) md.buffer.clone(); 92 } 93 clone()94 public Object clone() 95 { 96 return new MD5(this); 97 } 98 transform(byte[] in, int i)99 protected synchronized void transform(byte[] in, int i) 100 { 101 int X0 = (in[i++] & 0xFF) 102 | (in[i++] & 0xFF) << 8 103 | (in[i++] & 0xFF) << 16 104 | in[i++] << 24; 105 int X1 = (in[i++] & 0xFF) 106 | (in[i++] & 0xFF) << 8 107 | (in[i++] & 0xFF) << 16 108 | in[i++] << 24; 109 int X2 = (in[i++] & 0xFF) 110 | (in[i++] & 0xFF) << 8 111 | (in[i++] & 0xFF) << 16 112 | in[i++] << 24; 113 int X3 = (in[i++] & 0xFF) 114 | (in[i++] & 0xFF) << 8 115 | (in[i++] & 0xFF) << 16 116 | in[i++] << 24; 117 int X4 = (in[i++] & 0xFF) 118 | (in[i++] & 0xFF) << 8 119 | (in[i++] & 0xFF) << 16 120 | in[i++] << 24; 121 int X5 = (in[i++] & 0xFF) 122 | (in[i++] & 0xFF) << 8 123 | (in[i++] & 0xFF) << 16 124 | in[i++] << 24; 125 int X6 = (in[i++] & 0xFF) 126 | (in[i++] & 0xFF) << 8 127 | (in[i++] & 0xFF) << 16 128 | in[i++] << 24; 129 int X7 = (in[i++] & 0xFF) 130 | (in[i++] & 0xFF) << 8 131 | (in[i++] & 0xFF) << 16 132 | in[i++] << 24; 133 int X8 = (in[i++] & 0xFF) 134 | (in[i++] & 0xFF) << 8 135 | (in[i++] & 0xFF) << 16 136 | in[i++] << 24; 137 int X9 = (in[i++] & 0xFF) 138 | (in[i++] & 0xFF) << 8 139 | (in[i++] & 0xFF) << 16 140 | in[i++] << 24; 141 int X10 = (in[i++] & 0xFF) 142 | (in[i++] & 0xFF) << 8 143 | (in[i++] & 0xFF) << 16 144 | in[i++] << 24; 145 int X11 = (in[i++] & 0xFF) 146 | (in[i++] & 0xFF) << 8 147 | (in[i++] & 0xFF) << 16 148 | in[i++] << 24; 149 int X12 = (in[i++] & 0xFF) 150 | (in[i++] & 0xFF) << 8 151 | (in[i++] & 0xFF) << 16 152 | in[i++] << 24; 153 int X13 = (in[i++] & 0xFF) 154 | (in[i++] & 0xFF) << 8 155 | (in[i++] & 0xFF) << 16 156 | in[i++] << 24; 157 int X14 = (in[i++] & 0xFF) 158 | (in[i++] & 0xFF) << 8 159 | (in[i++] & 0xFF) << 16 160 | in[i++] << 24; 161 int X15 = (in[i++] & 0xFF) 162 | (in[i++] & 0xFF) << 8 163 | (in[i++] & 0xFF) << 16 164 | in[i] << 24; 165 int A = h0; 166 int B = h1; 167 int C = h2; 168 int D = h3; 169 // hex constants are from md5.c in FSF Gnu Privacy Guard 0.9.2 170 // round 1 171 A += ((B & C) | (~B & D)) + X0 + 0xD76AA478; 172 A = B + (A << 7 | A >>> -7); 173 D += ((A & B) | (~A & C)) + X1 + 0xE8C7B756; 174 D = A + (D << 12 | D >>> -12); 175 C += ((D & A) | (~D & B)) + X2 + 0x242070DB; 176 C = D + (C << 17 | C >>> -17); 177 B += ((C & D) | (~C & A)) + X3 + 0xC1BDCEEE; 178 B = C + (B << 22 | B >>> -22); 179 180 A += ((B & C) | (~B & D)) + X4 + 0xF57C0FAF; 181 A = B + (A << 7 | A >>> -7); 182 D += ((A & B) | (~A & C)) + X5 + 0x4787C62A; 183 D = A + (D << 12 | D >>> -12); 184 C += ((D & A) | (~D & B)) + X6 + 0xA8304613; 185 C = D + (C << 17 | C >>> -17); 186 B += ((C & D) | (~C & A)) + X7 + 0xFD469501; 187 B = C + (B << 22 | B >>> -22); 188 189 A += ((B & C) | (~B & D)) + X8 + 0x698098D8; 190 A = B + (A << 7 | A >>> -7); 191 D += ((A & B) | (~A & C)) + X9 + 0x8B44F7AF; 192 D = A + (D << 12 | D >>> -12); 193 C += ((D & A) | (~D & B)) + X10 + 0xFFFF5BB1; 194 C = D + (C << 17 | C >>> -17); 195 B += ((C & D) | (~C & A)) + X11 + 0x895CD7BE; 196 B = C + (B << 22 | B >>> -22); 197 198 A += ((B & C) | (~B & D)) + X12 + 0x6B901122; 199 A = B + (A << 7 | A >>> -7); 200 D += ((A & B) | (~A & C)) + X13 + 0xFD987193; 201 D = A + (D << 12 | D >>> -12); 202 C += ((D & A) | (~D & B)) + X14 + 0xA679438E; 203 C = D + (C << 17 | C >>> -17); 204 B += ((C & D) | (~C & A)) + X15 + 0x49B40821; 205 B = C + (B << 22 | B >>> -22); 206 207 // round 2 208 A += ((B & D) | (C & ~D)) + X1 + 0xF61E2562; 209 A = B + (A << 5 | A >>> -5); 210 D += ((A & C) | (B & ~C)) + X6 + 0xC040B340; 211 D = A + (D << 9 | D >>> -9); 212 C += ((D & B) | (A & ~B)) + X11 + 0x265E5A51; 213 C = D + (C << 14 | C >>> -14); 214 B += ((C & A) | (D & ~A)) + X0 + 0xE9B6C7AA; 215 B = C + (B << 20 | B >>> -20); 216 217 A += ((B & D) | (C & ~D)) + X5 + 0xD62F105D; 218 A = B + (A << 5 | A >>> -5); 219 D += ((A & C) | (B & ~C)) + X10 + 0x02441453; 220 D = A + (D << 9 | D >>> -9); 221 C += ((D & B) | (A & ~B)) + X15 + 0xD8A1E681; 222 C = D + (C << 14 | C >>> -14); 223 B += ((C & A) | (D & ~A)) + X4 + 0xE7D3FBC8; 224 B = C + (B << 20 | B >>> -20); 225 226 A += ((B & D) | (C & ~D)) + X9 + 0x21E1CDE6; 227 A = B + (A << 5 | A >>> -5); 228 D += ((A & C) | (B & ~C)) + X14 + 0xC33707D6; 229 D = A + (D << 9 | D >>> -9); 230 C += ((D & B) | (A & ~B)) + X3 + 0xF4D50D87; 231 C = D + (C << 14 | C >>> -14); 232 B += ((C & A) | (D & ~A)) + X8 + 0x455A14ED; 233 B = C + (B << 20 | B >>> -20); 234 235 A += ((B & D) | (C & ~D)) + X13 + 0xA9E3E905; 236 A = B + (A << 5 | A >>> -5); 237 D += ((A & C) | (B & ~C)) + X2 + 0xFCEFA3F8; 238 D = A + (D << 9 | D >>> -9); 239 C += ((D & B) | (A & ~B)) + X7 + 0x676F02D9; 240 C = D + (C << 14 | C >>> -14); 241 B += ((C & A) | (D & ~A)) + X12 + 0x8D2A4C8A; 242 B = C + (B << 20 | B >>> -20); 243 244 // round 3 245 A += (B ^ C ^ D) + X5 + 0xFFFA3942; 246 A = B + (A << 4 | A >>> -4); 247 D += (A ^ B ^ C) + X8 + 0x8771F681; 248 D = A + (D << 11 | D >>> -11); 249 C += (D ^ A ^ B) + X11 + 0x6D9D6122; 250 C = D + (C << 16 | C >>> -16); 251 B += (C ^ D ^ A) + X14 + 0xFDE5380C; 252 B = C + (B << 23 | B >>> -23); 253 254 A += (B ^ C ^ D) + X1 + 0xA4BEEA44; 255 A = B + (A << 4 | A >>> -4); 256 D += (A ^ B ^ C) + X4 + 0x4BDECFA9; 257 D = A + (D << 11 | D >>> -11); 258 C += (D ^ A ^ B) + X7 + 0xF6BB4B60; 259 C = D + (C << 16 | C >>> -16); 260 B += (C ^ D ^ A) + X10 + 0xBEBFBC70; 261 B = C + (B << 23 | B >>> -23); 262 263 A += (B ^ C ^ D) + X13 + 0x289B7EC6; 264 A = B + (A << 4 | A >>> -4); 265 D += (A ^ B ^ C) + X0 + 0xEAA127FA; 266 D = A + (D << 11 | D >>> -11); 267 C += (D ^ A ^ B) + X3 + 0xD4EF3085; 268 C = D + (C << 16 | C >>> -16); 269 B += (C ^ D ^ A) + X6 + 0x04881D05; 270 B = C + (B << 23 | B >>> -23); 271 272 A += (B ^ C ^ D) + X9 + 0xD9D4D039; 273 A = B + (A << 4 | A >>> -4); 274 D += (A ^ B ^ C) + X12 + 0xE6DB99E5; 275 D = A + (D << 11 | D >>> -11); 276 C += (D ^ A ^ B) + X15 + 0x1FA27CF8; 277 C = D + (C << 16 | C >>> -16); 278 B += (C ^ D ^ A) + X2 + 0xC4AC5665; 279 B = C + (B << 23 | B >>> -23); 280 281 // round 4 282 A += (C ^ (B | ~D)) + X0 + 0xF4292244; 283 A = B + (A << 6 | A >>> -6); 284 D += (B ^ (A | ~C)) + X7 + 0x432AFF97; 285 D = A + (D << 10 | D >>> -10); 286 C += (A ^ (D | ~B)) + X14 + 0xAB9423A7; 287 C = D + (C << 15 | C >>> -15); 288 B += (D ^ (C | ~A)) + X5 + 0xFC93A039; 289 B = C + (B << 21 | B >>> -21); 290 291 A += (C ^ (B | ~D)) + X12 + 0x655B59C3; 292 A = B + (A << 6 | A >>> -6); 293 D += (B ^ (A | ~C)) + X3 + 0x8F0CCC92; 294 D = A + (D << 10 | D >>> -10); 295 C += (A ^ (D | ~B)) + X10 + 0xFFEFF47D; 296 C = D + (C << 15 | C >>> -15); 297 B += (D ^ (C | ~A)) + X1 + 0x85845dd1; 298 B = C + (B << 21 | B >>> -21); 299 300 A += (C ^ (B | ~D)) + X8 + 0x6FA87E4F; 301 A = B + (A << 6 | A >>> -6); 302 D += (B ^ (A | ~C)) + X15 + 0xFE2CE6E0; 303 D = A + (D << 10 | D >>> -10); 304 C += (A ^ (D | ~B)) + X6 + 0xA3014314; 305 C = D + (C << 15 | C >>> -15); 306 B += (D ^ (C | ~A)) + X13 + 0x4E0811A1; 307 B = C + (B << 21 | B >>> -21); 308 309 A += (C ^ (B | ~D)) + X4 + 0xF7537E82; 310 A = B + (A << 6 | A >>> -6); 311 D += (B ^ (A | ~C)) + X11 + 0xBD3AF235; 312 D = A + (D << 10 | D >>> -10); 313 C += (A ^ (D | ~B)) + X2 + 0x2AD7D2BB; 314 C = D + (C << 15 | C >>> -15); 315 B += (D ^ (C | ~A)) + X9 + 0xEB86D391; 316 B = C + (B << 21 | B >>> -21); 317 318 h0 += A; 319 h1 += B; 320 h2 += C; 321 h3 += D; 322 } 323 padBuffer()324 protected byte[] padBuffer() 325 { 326 int n = (int)(count % BLOCK_SIZE); 327 int padding = (n < 56) ? (56 - n) : (120 - n); 328 byte[] result = new byte[padding + 8]; 329 // padding is always binary 1 followed by binary 0s 330 result[0] = (byte) 0x80; 331 // save number of bits, casting the long to an array of 8 bytes 332 long bits = count << 3; 333 result[padding++] = (byte) bits; 334 result[padding++] = (byte)(bits >>> 8); 335 result[padding++] = (byte)(bits >>> 16); 336 result[padding++] = (byte)(bits >>> 24); 337 result[padding++] = (byte)(bits >>> 32); 338 result[padding++] = (byte)(bits >>> 40); 339 result[padding++] = (byte)(bits >>> 48); 340 result[padding ] = (byte)(bits >>> 56); 341 return result; 342 } 343 getResult()344 protected byte[] getResult() 345 { 346 return new byte[] { 347 (byte) h0, (byte)(h0 >>> 8), (byte)(h0 >>> 16), (byte)(h0 >>> 24), 348 (byte) h1, (byte)(h1 >>> 8), (byte)(h1 >>> 16), (byte)(h1 >>> 24), 349 (byte) h2, (byte)(h2 >>> 8), (byte)(h2 >>> 16), (byte)(h2 >>> 24), 350 (byte) h3, (byte)(h3 >>> 8), (byte)(h3 >>> 16), (byte)(h3 >>> 24) }; 351 } 352 resetContext()353 protected void resetContext() 354 { 355 // magic MD5/RIPEMD128 initialisation constants 356 h0 = 0x67452301; 357 h1 = 0xEFCDAB89; 358 h2 = 0x98BADCFE; 359 h3 = 0x10325476; 360 } 361 selfTest()362 public boolean selfTest() 363 { 364 if (valid == null) 365 { 366 String d = Util.toString(new MD5().digest()); 367 valid = Boolean.valueOf(DIGEST0.equals(d)); 368 } 369 return valid.booleanValue(); 370 } 371 } 372