1 /* md5.c - MD5 Message-Digest Algorithm
2 * Copyright (C) 1995, 1996, 1998, 1999 Free Software Foundation, Inc.
3 *
4 * according to the definition of MD5 in RFC 1321 from April 1992.
5 * NOTE: This is *not* the same file as the one from glibc.
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 3, or (at your option) any
10 * later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20 /* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995. */
21 /* heavily modified for GnuPG by <werner.koch@guug.de> */
22 /* modified again for Sylpheed by <wk@gnupg.org> 2001-02-11 */
23
24
25 /* Test values:
26 * "" D4 1D 8C D9 8F 00 B2 04 E9 80 09 98 EC F8 42 7E
27 * "a" 0C C1 75 B9 C0 F1 B6 A8 31 C3 99 E2 69 77 26 61
28 * "abc 90 01 50 98 3C D2 4F B0 D6 96 3F 7D 28 E1 7F 72
29 * "message digest" F9 6B 69 7D 7C B7 93 8D 52 5A 2F 31 AA F1 61 D0
30 */
31
32 #include <config.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <assert.h>
37 #include <sys/types.h>
38 #include <sys/stat.h>
39 #include <fcntl.h>
40 #include <unistd.h>
41
42 #include <glib.h>
43 #include <glib/gstdio.h>
44
45 #include "md5.h"
46
47 /****************
48 * Rotate a 32 bit integer by n bytes
49 */
50 #if defined(__GNUC__) && defined(__i386__)
51 static inline u32
rol(u32 x,int n)52 rol( u32 x, int n)
53 {
54 __asm__("roll %%cl,%0"
55 :"=r" (x)
56 :"0" (x),"c" (n));
57 return x;
58 }
59 #else
60 #define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) )
61 #endif
62
63
64 static void
md5_init(MD5_CONTEXT * ctx)65 md5_init(MD5_CONTEXT *ctx)
66 {
67 ctx->A = 0x67452301;
68 ctx->B = 0xefcdab89;
69 ctx->C = 0x98badcfe;
70 ctx->D = 0x10325476;
71
72 ctx->nblocks = 0;
73 ctx->count = 0;
74 ctx->finalized = 0;
75 }
76
77 /* These are the four functions used in the four steps of the MD5 algorithm
78 and defined in the RFC 1321. The first function is a little bit optimized
79 (as found in Colin Plumbs public domain implementation). */
80 /* #define FF(b, c, d) ((b & c) | (~b & d)) */
81 #define FF(b, c, d) (d ^ (b & (c ^ d)))
82 #define FG(b, c, d) FF (d, b, c)
83 #define FH(b, c, d) (b ^ c ^ d)
84 #define FI(b, c, d) (c ^ (b | ~d))
85
86
87 /****************
88 * transform n*64 bytes
89 */
90 static void
transform(MD5_CONTEXT * ctx,const unsigned char * data)91 transform(MD5_CONTEXT *ctx, const unsigned char *data)
92 {
93 u32 correct_words[16];
94 u32 A = ctx->A;
95 u32 B = ctx->B;
96 u32 C = ctx->C;
97 u32 D = ctx->D;
98 u32 *cwp = correct_words;
99
100 #ifdef BIG_ENDIAN_HOST
101 {
102 int i;
103 unsigned char *p2;
104 const unsigned char *p1;
105
106 for (i = 0, p1 = data, p2 = (unsigned char*)correct_words;
107 i < 16; i++, p2 += 4) {
108 p2[3] = *p1++;
109 p2[2] = *p1++;
110 p2[1] = *p1++;
111 p2[0] = *p1++;
112 }
113 }
114 #else
115 memcpy(correct_words, data, 64);
116 #endif
117
118
119 #define OP(a, b, c, d, s, T) \
120 do { \
121 a += FF (b, c, d) + (*cwp++) + T; \
122 a = rol(a, s); \
123 a += b; \
124 } while (0)
125
126 /* Before we start, one word about the strange constants.
127 They are defined in RFC 1321 as
128
129 T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64
130 */
131
132 /* Round 1. */
133 OP (A, B, C, D, 7, 0xd76aa478);
134 OP (D, A, B, C, 12, 0xe8c7b756);
135 OP (C, D, A, B, 17, 0x242070db);
136 OP (B, C, D, A, 22, 0xc1bdceee);
137 OP (A, B, C, D, 7, 0xf57c0faf);
138 OP (D, A, B, C, 12, 0x4787c62a);
139 OP (C, D, A, B, 17, 0xa8304613);
140 OP (B, C, D, A, 22, 0xfd469501);
141 OP (A, B, C, D, 7, 0x698098d8);
142 OP (D, A, B, C, 12, 0x8b44f7af);
143 OP (C, D, A, B, 17, 0xffff5bb1);
144 OP (B, C, D, A, 22, 0x895cd7be);
145 OP (A, B, C, D, 7, 0x6b901122);
146 OP (D, A, B, C, 12, 0xfd987193);
147 OP (C, D, A, B, 17, 0xa679438e);
148 OP (B, C, D, A, 22, 0x49b40821);
149
150 #undef OP
151 #define OP(f, a, b, c, d, k, s, T) \
152 do { \
153 a += f (b, c, d) + correct_words[k] + T; \
154 a = rol(a, s); \
155 a += b; \
156 } while (0)
157
158 /* Round 2. */
159 OP (FG, A, B, C, D, 1, 5, 0xf61e2562);
160 OP (FG, D, A, B, C, 6, 9, 0xc040b340);
161 OP (FG, C, D, A, B, 11, 14, 0x265e5a51);
162 OP (FG, B, C, D, A, 0, 20, 0xe9b6c7aa);
163 OP (FG, A, B, C, D, 5, 5, 0xd62f105d);
164 OP (FG, D, A, B, C, 10, 9, 0x02441453);
165 OP (FG, C, D, A, B, 15, 14, 0xd8a1e681);
166 OP (FG, B, C, D, A, 4, 20, 0xe7d3fbc8);
167 OP (FG, A, B, C, D, 9, 5, 0x21e1cde6);
168 OP (FG, D, A, B, C, 14, 9, 0xc33707d6);
169 OP (FG, C, D, A, B, 3, 14, 0xf4d50d87);
170 OP (FG, B, C, D, A, 8, 20, 0x455a14ed);
171 OP (FG, A, B, C, D, 13, 5, 0xa9e3e905);
172 OP (FG, D, A, B, C, 2, 9, 0xfcefa3f8);
173 OP (FG, C, D, A, B, 7, 14, 0x676f02d9);
174 OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a);
175
176 /* Round 3. */
177 OP (FH, A, B, C, D, 5, 4, 0xfffa3942);
178 OP (FH, D, A, B, C, 8, 11, 0x8771f681);
179 OP (FH, C, D, A, B, 11, 16, 0x6d9d6122);
180 OP (FH, B, C, D, A, 14, 23, 0xfde5380c);
181 OP (FH, A, B, C, D, 1, 4, 0xa4beea44);
182 OP (FH, D, A, B, C, 4, 11, 0x4bdecfa9);
183 OP (FH, C, D, A, B, 7, 16, 0xf6bb4b60);
184 OP (FH, B, C, D, A, 10, 23, 0xbebfbc70);
185 OP (FH, A, B, C, D, 13, 4, 0x289b7ec6);
186 OP (FH, D, A, B, C, 0, 11, 0xeaa127fa);
187 OP (FH, C, D, A, B, 3, 16, 0xd4ef3085);
188 OP (FH, B, C, D, A, 6, 23, 0x04881d05);
189 OP (FH, A, B, C, D, 9, 4, 0xd9d4d039);
190 OP (FH, D, A, B, C, 12, 11, 0xe6db99e5);
191 OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8);
192 OP (FH, B, C, D, A, 2, 23, 0xc4ac5665);
193
194 /* Round 4. */
195 OP (FI, A, B, C, D, 0, 6, 0xf4292244);
196 OP (FI, D, A, B, C, 7, 10, 0x432aff97);
197 OP (FI, C, D, A, B, 14, 15, 0xab9423a7);
198 OP (FI, B, C, D, A, 5, 21, 0xfc93a039);
199 OP (FI, A, B, C, D, 12, 6, 0x655b59c3);
200 OP (FI, D, A, B, C, 3, 10, 0x8f0ccc92);
201 OP (FI, C, D, A, B, 10, 15, 0xffeff47d);
202 OP (FI, B, C, D, A, 1, 21, 0x85845dd1);
203 OP (FI, A, B, C, D, 8, 6, 0x6fa87e4f);
204 OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0);
205 OP (FI, C, D, A, B, 6, 15, 0xa3014314);
206 OP (FI, B, C, D, A, 13, 21, 0x4e0811a1);
207 OP (FI, A, B, C, D, 4, 6, 0xf7537e82);
208 OP (FI, D, A, B, C, 11, 10, 0xbd3af235);
209 OP (FI, C, D, A, B, 2, 15, 0x2ad7d2bb);
210 OP (FI, B, C, D, A, 9, 21, 0xeb86d391);
211
212 /* Put checksum in context given as argument. */
213 ctx->A += A;
214 ctx->B += B;
215 ctx->C += C;
216 ctx->D += D;
217 }
218
219
220
221 /* The routine updates the message-digest context to
222 * account for the presence of each of the characters inBuf[0..inLen-1]
223 * in the message whose digest is being computed.
224 */
225 static void
md5_update(MD5_CONTEXT * hd,const unsigned char * inbuf,size_t inlen)226 md5_update(MD5_CONTEXT *hd, const unsigned char *inbuf, size_t inlen)
227 {
228 if (hd->count == 64) { /* flush the buffer */
229 transform( hd, hd->buf );
230 hd->count = 0;
231 hd->nblocks++;
232 }
233 if (!inbuf)
234 return;
235 if (hd->count) {
236 for (; inlen && hd->count < 64; inlen--)
237 hd->buf[hd->count++] = *inbuf++;
238 md5_update(hd, NULL, 0);
239 if (!inlen)
240 return;
241 }
242
243 while (inlen >= 64) {
244 transform(hd, inbuf);
245 hd->count = 0;
246 hd->nblocks++;
247 inlen -= 64;
248 inbuf += 64;
249 }
250
251 for (; inlen && hd->count < 64; inlen--)
252 hd->buf[hd->count++] = *inbuf++;
253 }
254
255
256
257 /* The routine final terminates the message-digest computation and
258 * ends with the desired message digest in mdContext->digest[0...15].
259 * The handle is prepared for a new MD5 cycle.
260 * Returns 16 bytes representing the digest.
261 */
262
263 static void
do_final(MD5_CONTEXT * hd)264 do_final(MD5_CONTEXT *hd)
265 {
266 u32 t, msb, lsb;
267 unsigned char *p;
268
269 md5_update(hd, NULL, 0); /* flush */
270
271 msb = 0;
272 t = hd->nblocks;
273 if ((lsb = t << 6) < t) /* multiply by 64 to make a byte count */
274 msb++;
275 msb += t >> 26;
276 t = lsb;
277 if ((lsb = t + hd->count) < t) /* add the count */
278 msb++;
279 t = lsb;
280 if ((lsb = t << 3) < t) /* multiply by 8 to make a bit count */
281 msb++;
282 msb += t >> 29;
283
284 if (hd->count < 56) { /* enough room */
285 hd->buf[hd->count++] = 0x80; /* pad */
286 while(hd->count < 56)
287 hd->buf[hd->count++] = 0; /* pad */
288 } else { /* need one extra block */
289 hd->buf[hd->count++] = 0x80; /* pad character */
290 while (hd->count < 64)
291 hd->buf[hd->count++] = 0;
292 md5_update(hd, NULL, 0); /* flush */
293 memset(hd->buf, 0, 56); /* fill next block with zeroes */
294 }
295
296 /* append the 64 bit count */
297 hd->buf[56] = lsb ;
298 hd->buf[57] = lsb >> 8;
299 hd->buf[58] = lsb >> 16;
300 hd->buf[59] = lsb >> 24;
301 hd->buf[60] = msb ;
302 hd->buf[61] = msb >> 8;
303 hd->buf[62] = msb >> 16;
304 hd->buf[63] = msb >> 24;
305 transform(hd, hd->buf);
306
307 p = hd->buf;
308 #ifdef BIG_ENDIAN_HOST
309 #define X(a) do { *p++ = hd->a ; *p++ = hd->a >> 8; \
310 *p++ = hd->a >> 16; *p++ = hd->a >> 24; } while(0)
311 #else /* little endian */
312 /*#define X(a) do { *(u32*)p = hd->##a ; p += 4; } while(0)*/
313 /* Unixware's cpp doesn't like the above construct so we do it his way:
314 * (reported by Allan Clark) */
315 #define X(a) do { *(u32*)p = (*hd).a ; p += 4; } while(0)
316 #endif
317 X(A);
318 X(B);
319 X(C);
320 X(D);
321 #undef X
322 hd->finalized = 1;
323 }
324
325 static void
md5_final(unsigned char * digest,MD5_CONTEXT * ctx)326 md5_final(unsigned char *digest, MD5_CONTEXT *ctx)
327 {
328 if (!ctx->finalized)
329 do_final(ctx);
330 memcpy(digest, ctx->buf, 16);
331 }
332
333 /*
334 * Creates a MD5 digest in hex fomrat (lowercase letters) from the
335 * string S. hextdigest but be buffer of at lease 33 bytes!
336 */
337 static void
md5_hex_digest_binary(char * hexdigest,const unsigned char * s,size_t len)338 md5_hex_digest_binary(char *hexdigest, const unsigned char *s, size_t len)
339 {
340 int i;
341 MD5_CONTEXT context;
342 unsigned char digest[16];
343
344 md5_init(&context);
345 md5_update(&context, s, len);
346 md5_final(digest, &context);
347
348 for (i = 0; i < 16; i++)
349 sprintf(hexdigest + 2 * i, "%02x", digest[i]);
350 }
351
352 int
md5_hex_digest_file(char * hexdigest,const unsigned char * file)353 md5_hex_digest_file(char *hexdigest, const unsigned char *file)
354 {
355 int READ_BLOCK_SIZE=4096;
356 int len;
357 char *buf = malloc(READ_BLOCK_SIZE); /* alloc the first block */
358 char *lastp = buf; /* point to the start of the buffer */
359 size_t total = 0; /* total length read */
360 int num_alloc = 1; /* number of blocks allocated */
361 int fd = g_open(file, O_RDONLY, 0);
362
363 if (fd == -1) {
364 FILE_OP_ERROR(file, "open");
365 free(buf);
366 return -1;
367 }
368
369 while ((len = read(fd, lastp, READ_BLOCK_SIZE)) > 0) { /* read one block (which is allocated) */
370 total += len; /* update the total length */
371 num_alloc++; /* increase number of allocs */
372 buf = realloc(buf, READ_BLOCK_SIZE*num_alloc); /* allocate one more block for next read */
373 lastp = buf+total; /* point to the end of read stuff to buf */
374 }
375
376 close(fd);
377 md5_hex_digest_binary(hexdigest, buf, total);
378 free(buf);
379 // printf("%s %s\n", hexdigest, file);
380 return 0;
381 }
382
383 /*
384 * Creates a MD5 digest in hex fomrat (lowercase letters) from the
385 * string S. hextdigest but be buffer of at lease 33 bytes!
386 */
387 void
md5_hex_digest(char * hexdigest,const unsigned char * s)388 md5_hex_digest(char *hexdigest, const unsigned char *s)
389 {
390 g_return_if_fail(hexdigest != NULL);
391 g_return_if_fail(s != NULL);
392 md5_hex_digest_binary(hexdigest, s, strlen(s));
393 }
394
395 /*
396 ** Function: md5_hmac
397 ** taken from the file rfc2104.txt
398 ** written by Martin Schaaf <mascha@ma-scha.de>
399 */
400 static void
md5_hmac(unsigned char * digest,const unsigned char * text,int text_len,const unsigned char * key,int key_len)401 md5_hmac(unsigned char *digest,
402 const unsigned char* text, int text_len,
403 const unsigned char* key, int key_len)
404 {
405 MD5_CONTEXT context;
406 unsigned char k_ipad[64]; /* inner padding -
407 * key XORd with ipad
408 */
409 unsigned char k_opad[64]; /* outer padding -
410 * key XORd with opad
411 */
412 /* unsigned char tk[16]; */
413 int i;
414
415 /* start out by storing key in pads */
416 memset(k_ipad, 0, sizeof k_ipad);
417 memset(k_opad, 0, sizeof k_opad);
418 if (key_len > 64) {
419 /* if key is longer than 64 bytes reset it to key=MD5(key) */
420 MD5_CONTEXT tctx;
421
422 md5_init(&tctx);
423 md5_update(&tctx, key, key_len);
424 md5_final(k_ipad, &tctx);
425 md5_final(k_opad, &tctx);
426 } else {
427 memcpy(k_ipad, key, key_len);
428 memcpy(k_opad, key, key_len);
429 }
430
431 /*
432 * the HMAC_MD5 transform looks like:
433 *
434 * MD5(K XOR opad, MD5(K XOR ipad, text))
435 *
436 * where K is an n byte key
437 * ipad is the byte 0x36 repeated 64 times
438 * opad is the byte 0x5c repeated 64 times
439 * and text is the data being protected
440 */
441
442
443 /* XOR key with ipad and opad values */
444 for (i = 0; i < 64; i++) {
445 k_ipad[i] ^= 0x36;
446 k_opad[i] ^= 0x5c;
447 }
448
449 /*
450 * perform inner MD5
451 */
452 md5_init(&context); /* init context for 1st
453 * pass */
454 md5_update(&context, k_ipad, 64); /* start with inner pad */
455 md5_update(&context, text, text_len); /* then text of datagram */
456 md5_final(digest, &context); /* finish up 1st pass */
457 /*
458 * perform outer MD5
459 */
460 md5_init(&context); /* init context for 2nd
461 * pass */
462 md5_update(&context, k_opad, 64); /* start with outer pad */
463 md5_update(&context, digest, 16); /* then results of 1st
464 * hash */
465 md5_final(digest, &context); /* finish up 2nd pass */
466 }
467
468
469 void
md5_hex_hmac(char * hexdigest,const unsigned char * text,int text_len,const unsigned char * key,int key_len)470 md5_hex_hmac(char *hexdigest,
471 const unsigned char* text, int text_len,
472 const unsigned char* key, int key_len)
473 {
474 unsigned char digest[16];
475 int i;
476
477 g_return_if_fail(key != NULL);
478 g_return_if_fail(key_len >= 0);
479 g_return_if_fail(text != NULL);
480 g_return_if_fail(text_len >= 0);
481 g_return_if_fail(hexdigest != NULL);
482
483 md5_hmac(digest, text, text_len, key, key_len);
484 for (i = 0; i < 16; i++)
485 sprintf(hexdigest + 2 * i, "%02x", digest[i]);
486 }
487