1 /*
2 * This code implements the MD5 message-digest algorithm.
3 * The algorithm is due to Ron Rivest. This code was
4 * written by Colin Plumb in 1993, no copyright is claimed.
5 * This code is in the public domain; do with it what you wish.
6 *
7 * Equivalent code is available from RSA Data Security, Inc.
8 * This code has been tested against that, and is equivalent,
9 * except that you don't need to include two pages of legalese
10 * with every copy.
11 *
12 * To compute the message digest of a chunk of bytes, declare an
13 * MD5Context structure, pass it to MD5Init, call MD5Update as
14 * needed on buffers full of bytes, and then call MD5Final, which
15 * will fill a supplied 16-byte array with the digest.
16 */
17
18 /* This code was modified in 1997 by Jim Kingdon of Cyclic Software to
19 not require an integer type which is exactly 32 bits. This work
20 draws on the changes for the same purpose by Tatu Ylonen
21 <ylo@cs.hut.fi> as part of SSH, but since I didn't actually use
22 that code, there is no copyright issue. I hereby disclaim
23 copyright in any changes I have made; this code remains in the
24 public domain. */
25
26 #ifdef HAVE_CONFIG_H
27 #include <config.h>
28 #endif
29
30 #include "defs.h"
31 #include "md5.h"
32
33 /* Little-endian byte-swapping routines. Note that these do not
34 depend on the size of datatypes such as uint32, nor do they require
35 us to detect the endianness of the machine we are running on. It
36 is possible they should be macros for speed, but I would be
37 surprised if they were a performance bottleneck for MD5. */
38
39 static uint32
getu32(addr)40 getu32 (addr)
41 const unsigned char *addr;
42 {
43 return (((((unsigned long)addr[3] << 8) | addr[2]) << 8)
44 | addr[1]) << 8 | addr[0];
45 }
46
47 static void
putu32(data,addr)48 putu32 (data, addr)
49 uint32 data;
50 unsigned char *addr;
51 {
52 addr[0] = (unsigned char)data;
53 addr[1] = (unsigned char)(data >> 8);
54 addr[2] = (unsigned char)(data >> 16);
55 addr[3] = (unsigned char)(data >> 24);
56 }
57
58 /*
59 * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
60 * initialization constants.
61 */
62 void
MD5Init(ctx)63 MD5Init(ctx)
64 struct MD5Context *ctx;
65 {
66 ctx->buf[0] = 0x67452301;
67 ctx->buf[1] = 0xefcdab89;
68 ctx->buf[2] = 0x98badcfe;
69 ctx->buf[3] = 0x10325476;
70
71 ctx->bits[0] = 0;
72 ctx->bits[1] = 0;
73 }
74
75 /*
76 * Update context to reflect the concatenation of another buffer full
77 * of bytes.
78 */
79 void
MD5Update(ctx,buf,len)80 MD5Update(ctx, buf, len)
81 struct MD5Context *ctx;
82 unsigned char const *buf;
83 unsigned len;
84 {
85 uint32 t;
86
87 /* Update bitcount */
88
89 t = ctx->bits[0];
90 if ((ctx->bits[0] = (t + ((uint32)len << 3)) & 0xffffffff) < t)
91 ctx->bits[1]++; /* Carry from low to high */
92 ctx->bits[1] += len >> 29;
93
94 t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */
95
96 /* Handle any leading odd-sized chunks */
97
98 if ( t ) {
99 unsigned char *p = ctx->in + t;
100
101 t = 64-t;
102 if (len < t) {
103 memcpy(p, buf, len);
104 return;
105 }
106 memcpy(p, buf, t);
107 MD5Transform(ctx->buf, ctx->in);
108 buf += t;
109 len -= t;
110 }
111
112 /* Process data in 64-byte chunks */
113
114 while (len >= 64) {
115 memcpy(ctx->in, buf, 64);
116 MD5Transform(ctx->buf, ctx->in);
117 buf += 64;
118 len -= 64;
119 }
120
121 /* Handle any remaining bytes of data. */
122
123 memcpy(ctx->in, buf, len);
124 }
125
126 /*
127 * Final wrapup - pad to 64-byte boundary with the bit pattern
128 * 1 0* (64-bit count of bits processed, MSB-first)
129 */
130 void
MD5Final(digest,ctx)131 MD5Final(digest, ctx)
132 unsigned char digest[16];
133 struct MD5Context *ctx;
134 {
135 unsigned count;
136 unsigned char *p;
137
138 /* Compute number of bytes mod 64 */
139 count = (ctx->bits[0] >> 3) & 0x3F;
140
141 /* Set the first char of padding to 0x80. This is safe since there is
142 always at least one byte free */
143 p = ctx->in + count;
144 *p++ = 0x80;
145
146 /* Bytes of padding needed to make 64 bytes */
147 count = 64 - 1 - count;
148
149 /* Pad out to 56 mod 64 */
150 if (count < 8) {
151 /* Two lots of padding: Pad the first block to 64 bytes */
152 memset(p, 0, count);
153 MD5Transform(ctx->buf, ctx->in);
154
155 /* Now fill the next block with 56 bytes */
156 memset(ctx->in, 0, 56);
157 } else {
158 /* Pad block to 56 bytes */
159 memset(p, 0, count-8);
160 }
161
162 /* Append length in bits and transform */
163 putu32(ctx->bits[0], ctx->in + 56);
164 putu32(ctx->bits[1], ctx->in + 60);
165
166 MD5Transform(ctx->buf, ctx->in);
167 putu32(ctx->buf[0], digest);
168 putu32(ctx->buf[1], digest + 4);
169 putu32(ctx->buf[2], digest + 8);
170 putu32(ctx->buf[3], digest + 12);
171 memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
172 }
173
174 #ifndef ASM_MD5
175
176 /* The four core functions - F1 is optimized somewhat */
177
178 /* #define F1(x, y, z) (x & y | ~x & z) */
179 #define F1(x, y, z) (z ^ (x & (y ^ z)))
180 #define F2(x, y, z) F1(z, x, y)
181 #define F3(x, y, z) (x ^ y ^ z)
182 #define F4(x, y, z) (y ^ (x | ~z))
183
184 /* This is the central step in the MD5 algorithm. */
185 #define MD5STEP(f, w, x, y, z, data, s) \
186 ( w += f(x, y, z) + data, w &= 0xffffffff, w = w<<s | w>>(32-s), w += x )
187
188 /*
189 * The core of the MD5 algorithm, this alters an existing MD5 hash to
190 * reflect the addition of 16 longwords of new data. MD5Update blocks
191 * the data and converts bytes into longwords for this routine.
192 */
193 void
MD5Transform(buf,inraw)194 MD5Transform(buf, inraw)
195 uint32 buf[4];
196 const unsigned char inraw[64];
197 {
198 register uint32 a, b, c, d;
199 uint32 in[16];
200 int i;
201
202 for (i = 0; i < 16; ++i)
203 in[i] = getu32 (inraw + 4 * i);
204
205 a = buf[0];
206 b = buf[1];
207 c = buf[2];
208 d = buf[3];
209
210 MD5STEP(F1, a, b, c, d, in[ 0]+0xd76aa478, 7);
211 MD5STEP(F1, d, a, b, c, in[ 1]+0xe8c7b756, 12);
212 MD5STEP(F1, c, d, a, b, in[ 2]+0x242070db, 17);
213 MD5STEP(F1, b, c, d, a, in[ 3]+0xc1bdceee, 22);
214 MD5STEP(F1, a, b, c, d, in[ 4]+0xf57c0faf, 7);
215 MD5STEP(F1, d, a, b, c, in[ 5]+0x4787c62a, 12);
216 MD5STEP(F1, c, d, a, b, in[ 6]+0xa8304613, 17);
217 MD5STEP(F1, b, c, d, a, in[ 7]+0xfd469501, 22);
218 MD5STEP(F1, a, b, c, d, in[ 8]+0x698098d8, 7);
219 MD5STEP(F1, d, a, b, c, in[ 9]+0x8b44f7af, 12);
220 MD5STEP(F1, c, d, a, b, in[10]+0xffff5bb1, 17);
221 MD5STEP(F1, b, c, d, a, in[11]+0x895cd7be, 22);
222 MD5STEP(F1, a, b, c, d, in[12]+0x6b901122, 7);
223 MD5STEP(F1, d, a, b, c, in[13]+0xfd987193, 12);
224 MD5STEP(F1, c, d, a, b, in[14]+0xa679438e, 17);
225 MD5STEP(F1, b, c, d, a, in[15]+0x49b40821, 22);
226
227 MD5STEP(F2, a, b, c, d, in[ 1]+0xf61e2562, 5);
228 MD5STEP(F2, d, a, b, c, in[ 6]+0xc040b340, 9);
229 MD5STEP(F2, c, d, a, b, in[11]+0x265e5a51, 14);
230 MD5STEP(F2, b, c, d, a, in[ 0]+0xe9b6c7aa, 20);
231 MD5STEP(F2, a, b, c, d, in[ 5]+0xd62f105d, 5);
232 MD5STEP(F2, d, a, b, c, in[10]+0x02441453, 9);
233 MD5STEP(F2, c, d, a, b, in[15]+0xd8a1e681, 14);
234 MD5STEP(F2, b, c, d, a, in[ 4]+0xe7d3fbc8, 20);
235 MD5STEP(F2, a, b, c, d, in[ 9]+0x21e1cde6, 5);
236 MD5STEP(F2, d, a, b, c, in[14]+0xc33707d6, 9);
237 MD5STEP(F2, c, d, a, b, in[ 3]+0xf4d50d87, 14);
238 MD5STEP(F2, b, c, d, a, in[ 8]+0x455a14ed, 20);
239 MD5STEP(F2, a, b, c, d, in[13]+0xa9e3e905, 5);
240 MD5STEP(F2, d, a, b, c, in[ 2]+0xfcefa3f8, 9);
241 MD5STEP(F2, c, d, a, b, in[ 7]+0x676f02d9, 14);
242 MD5STEP(F2, b, c, d, a, in[12]+0x8d2a4c8a, 20);
243
244 MD5STEP(F3, a, b, c, d, in[ 5]+0xfffa3942, 4);
245 MD5STEP(F3, d, a, b, c, in[ 8]+0x8771f681, 11);
246 MD5STEP(F3, c, d, a, b, in[11]+0x6d9d6122, 16);
247 MD5STEP(F3, b, c, d, a, in[14]+0xfde5380c, 23);
248 MD5STEP(F3, a, b, c, d, in[ 1]+0xa4beea44, 4);
249 MD5STEP(F3, d, a, b, c, in[ 4]+0x4bdecfa9, 11);
250 MD5STEP(F3, c, d, a, b, in[ 7]+0xf6bb4b60, 16);
251 MD5STEP(F3, b, c, d, a, in[10]+0xbebfbc70, 23);
252 MD5STEP(F3, a, b, c, d, in[13]+0x289b7ec6, 4);
253 MD5STEP(F3, d, a, b, c, in[ 0]+0xeaa127fa, 11);
254 MD5STEP(F3, c, d, a, b, in[ 3]+0xd4ef3085, 16);
255 MD5STEP(F3, b, c, d, a, in[ 6]+0x04881d05, 23);
256 MD5STEP(F3, a, b, c, d, in[ 9]+0xd9d4d039, 4);
257 MD5STEP(F3, d, a, b, c, in[12]+0xe6db99e5, 11);
258 MD5STEP(F3, c, d, a, b, in[15]+0x1fa27cf8, 16);
259 MD5STEP(F3, b, c, d, a, in[ 2]+0xc4ac5665, 23);
260
261 MD5STEP(F4, a, b, c, d, in[ 0]+0xf4292244, 6);
262 MD5STEP(F4, d, a, b, c, in[ 7]+0x432aff97, 10);
263 MD5STEP(F4, c, d, a, b, in[14]+0xab9423a7, 15);
264 MD5STEP(F4, b, c, d, a, in[ 5]+0xfc93a039, 21);
265 MD5STEP(F4, a, b, c, d, in[12]+0x655b59c3, 6);
266 MD5STEP(F4, d, a, b, c, in[ 3]+0x8f0ccc92, 10);
267 MD5STEP(F4, c, d, a, b, in[10]+0xffeff47d, 15);
268 MD5STEP(F4, b, c, d, a, in[ 1]+0x85845dd1, 21);
269 MD5STEP(F4, a, b, c, d, in[ 8]+0x6fa87e4f, 6);
270 MD5STEP(F4, d, a, b, c, in[15]+0xfe2ce6e0, 10);
271 MD5STEP(F4, c, d, a, b, in[ 6]+0xa3014314, 15);
272 MD5STEP(F4, b, c, d, a, in[13]+0x4e0811a1, 21);
273 MD5STEP(F4, a, b, c, d, in[ 4]+0xf7537e82, 6);
274 MD5STEP(F4, d, a, b, c, in[11]+0xbd3af235, 10);
275 MD5STEP(F4, c, d, a, b, in[ 2]+0x2ad7d2bb, 15);
276 MD5STEP(F4, b, c, d, a, in[ 9]+0xeb86d391, 21);
277
278 buf[0] += a;
279 buf[1] += b;
280 buf[2] += c;
281 buf[3] += d;
282 }
283 #endif
284
285 #ifdef TEST
286 /* Simple test program. Can use it to manually run the tests from
287 RFC1321 for example. */
288 #include <stdio.h>
289
290 int
main(int argc,char ** argv)291 main (int argc, char **argv)
292 {
293 struct MD5Context context;
294 unsigned char checksum[16];
295 int i;
296 int j;
297
298 if (argc < 2)
299 {
300 fprintf (stderr, "usage: %s string-to-hash\n", argv[0]);
301 exit (1);
302 }
303 for (j = 1; j < argc; ++j)
304 {
305 printf ("MD5 (\"%s\") = ", argv[j]);
306 MD5Init (&context);
307 MD5Update (&context, argv[j], strlen (argv[j]));
308 MD5Final (checksum, &context);
309 for (i = 0; i < 16; i++)
310 {
311 printf ("%02x", (unsigned int) checksum[i]);
312 }
313 printf ("\n");
314 }
315 return 0;
316 }
317 #endif /* TEST */
318