1/* Functions to compute MD5 message digest of files or memory blocks. 2 according to the definition of MD5 in RFC 1321 from April 1992. 3 Copyright (C) 1995,1996,1997,1999,2000,2001,2005 Red Hat, Inc. 4 This file is part of Red Hat elfutils. 5 Written by Ulrich Drepper <drepper@redhat.com>, 1995. 6 7 Red Hat elfutils is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License as published by the 9 Free Software Foundation; version 2 of the License. 10 11 Red Hat elfutils is distributed in the hope that it will be useful, but 12 WITHOUT ANY WARRANTY; without even the implied warranty of 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 General Public License for more details. 15 16 You should have received a copy of the GNU General Public License along 17 with Red Hat elfutils; if not, write to the Free Software Foundation, 18 Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA. 19 20 Red Hat elfutils is an included package of the Open Invention Network. 21 An included package of the Open Invention Network is a package for which 22 Open Invention Network licensees cross-license their patents. No patent 23 license is granted, either expressly or impliedly, by designation as an 24 included package. Should you wish to participate in the Open Invention 25 Network licensing program, please visit www.openinventionnetwork.com 26 <http://www.openinventionnetwork.com>. */ 27 28#ifdef HAVE_CONFIG_H 29# include <config.h> 30#endif 31 32#include <endian.h> 33#include <stdlib.h> 34#include <string.h> 35#include <sys/types.h> 36 37#include "md5.h" 38 39#if __BYTE_ORDER == __BIG_ENDIAN 40# define SWAP(n) \ 41 (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24)) 42#else 43# define SWAP(n) (n) 44#endif 45 46 47/* This array contains the bytes used to pad the buffer to the next 48 64-byte boundary. (RFC 1321, 3.1: Step 1) */ 49static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; 50 51 52/* Initialize structure containing state of computation. 53 (RFC 1321, 3.3: Step 3) */ 54void 55md5_init_ctx (ctx) 56 struct md5_ctx *ctx; 57{ 58 ctx->A = 0x67452301; 59 ctx->B = 0xefcdab89; 60 ctx->C = 0x98badcfe; 61 ctx->D = 0x10325476; 62 63 ctx->total[0] = ctx->total[1] = 0; 64 ctx->buflen = 0; 65} 66 67/* Put result from CTX in first 16 bytes following RESBUF. The result 68 must be in little endian byte order. 69 70 IMPORTANT: On some systems it is required that RESBUF is correctly 71 aligned for a 32 bits value. */ 72void * 73md5_read_ctx (ctx, resbuf) 74 const struct md5_ctx *ctx; 75 void *resbuf; 76{ 77 ((md5_uint32 *) resbuf)[0] = SWAP (ctx->A); 78 ((md5_uint32 *) resbuf)[1] = SWAP (ctx->B); 79 ((md5_uint32 *) resbuf)[2] = SWAP (ctx->C); 80 ((md5_uint32 *) resbuf)[3] = SWAP (ctx->D); 81 82 return resbuf; 83} 84 85/* Process the remaining bytes in the internal buffer and the usual 86 prolog according to the standard and write the result to RESBUF. 87 88 IMPORTANT: On some systems it is required that RESBUF is correctly 89 aligned for a 32 bits value. */ 90void * 91md5_finish_ctx (ctx, resbuf) 92 struct md5_ctx *ctx; 93 void *resbuf; 94{ 95 /* Take yet unprocessed bytes into account. */ 96 md5_uint32 bytes = ctx->buflen; 97 size_t pad; 98 99 /* Now count remaining bytes. */ 100 ctx->total[0] += bytes; 101 if (ctx->total[0] < bytes) 102 ++ctx->total[1]; 103 104 pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes; 105 memcpy (&ctx->buffer[bytes], fillbuf, pad); 106 107 /* Put the 64-bit file length in *bits* at the end of the buffer. */ 108 *(md5_uint32 *) &ctx->buffer[bytes + pad] = SWAP (ctx->total[0] << 3); 109 *(md5_uint32 *) &ctx->buffer[bytes + pad + 4] = SWAP ((ctx->total[1] << 3) | 110 (ctx->total[0] >> 29)); 111 112 /* Process last bytes. */ 113 md5_process_block (ctx->buffer, bytes + pad + 8, ctx); 114 115 return md5_read_ctx (ctx, resbuf); 116} 117 118 119#ifdef NEED_MD5_STREAM 120/* Compute MD5 message digest for bytes read from STREAM. The 121 resulting message digest number will be written into the 16 bytes 122 beginning at RESBLOCK. */ 123int 124md5_stream (stream, resblock) 125 FILE *stream; 126 void *resblock; 127{ 128 /* Important: BLOCKSIZE must be a multiple of 64. */ 129#define BLOCKSIZE 4096 130 struct md5_ctx ctx; 131 char buffer[BLOCKSIZE + 72]; 132 size_t sum; 133 134 /* Initialize the computation context. */ 135 md5_init_ctx (&ctx); 136 137 /* Iterate over full file contents. */ 138 while (1) 139 { 140 /* We read the file in blocks of BLOCKSIZE bytes. One call of the 141 computation function processes the whole buffer so that with the 142 next round of the loop another block can be read. */ 143 size_t n; 144 sum = 0; 145 146 /* Read block. Take care for partial reads. */ 147 do 148 { 149 n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); 150 151 sum += n; 152 } 153 while (sum < BLOCKSIZE && n != 0); 154 if (n == 0 && ferror (stream)) 155 return 1; 156 157 /* If end of file is reached, end the loop. */ 158 if (n == 0) 159 break; 160 161 /* Process buffer with BLOCKSIZE bytes. Note that 162 BLOCKSIZE % 64 == 0 163 */ 164 md5_process_block (buffer, BLOCKSIZE, &ctx); 165 } 166 167 /* Add the last bytes if necessary. */ 168 if (sum > 0) 169 md5_process_bytes (buffer, sum, &ctx); 170 171 /* Construct result in desired memory. */ 172 md5_finish_ctx (&ctx, resblock); 173 return 0; 174} 175#endif 176 177 178#ifdef NEED_MD5_BUFFER 179/* Compute MD5 message digest for LEN bytes beginning at BUFFER. The 180 result is always in little endian byte order, so that a byte-wise 181 output yields to the wanted ASCII representation of the message 182 digest. */ 183void * 184md5_buffer (buffer, len, resblock) 185 const char *buffer; 186 size_t len; 187 void *resblock; 188{ 189 struct md5_ctx ctx; 190 191 /* Initialize the computation context. */ 192 md5_init_ctx (&ctx); 193 194 /* Process whole buffer but last len % 64 bytes. */ 195 md5_process_bytes (buffer, len, &ctx); 196 197 /* Put result in desired memory area. */ 198 return md5_finish_ctx (&ctx, resblock); 199} 200#endif 201 202 203void 204md5_process_bytes (buffer, len, ctx) 205 const void *buffer; 206 size_t len; 207 struct md5_ctx *ctx; 208{ 209 /* When we already have some bits in our internal buffer concatenate 210 both inputs first. */ 211 if (ctx->buflen != 0) 212 { 213 size_t left_over = ctx->buflen; 214 size_t add = 128 - left_over > len ? len : 128 - left_over; 215 216 memcpy (&ctx->buffer[left_over], buffer, add); 217 ctx->buflen += add; 218 219 if (ctx->buflen > 64) 220 { 221 md5_process_block (ctx->buffer, ctx->buflen & ~63, ctx); 222 223 ctx->buflen &= 63; 224 /* The regions in the following copy operation cannot overlap. */ 225 memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~63], 226 ctx->buflen); 227 } 228 229 buffer = (const char *) buffer + add; 230 len -= add; 231 } 232 233 /* Process available complete blocks. */ 234 if (len >= 64) 235 { 236#if !_STRING_ARCH_unaligned 237/* To check alignment gcc has an appropriate operator. Other 238 compilers don't. */ 239# if __GNUC__ >= 2 240# define UNALIGNED_P(p) (((md5_uintptr) p) % __alignof__ (md5_uint32) != 0) 241# else 242# define UNALIGNED_P(p) (((md5_uintptr) p) % sizeof (md5_uint32) != 0) 243# endif 244 if (UNALIGNED_P (buffer)) 245 while (len > 64) 246 { 247 md5_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx); 248 buffer = (const char *) buffer + 64; 249 len -= 64; 250 } 251 else 252#endif 253 { 254 md5_process_block (buffer, len & ~63, ctx); 255 buffer = (const char *) buffer + (len & ~63); 256 len &= 63; 257 } 258 } 259 260 /* Move remaining bytes in internal buffer. */ 261 if (len > 0) 262 { 263 size_t left_over = ctx->buflen; 264 265 memcpy (&ctx->buffer[left_over], buffer, len); 266 left_over += len; 267 if (left_over >= 64) 268 { 269 md5_process_block (ctx->buffer, 64, ctx); 270 left_over -= 64; 271 memcpy (ctx->buffer, &ctx->buffer[64], left_over); 272 } 273 ctx->buflen = left_over; 274 } 275} 276 277 278/* These are the four functions used in the four steps of the MD5 algorithm 279 and defined in the RFC 1321. The first function is a little bit optimized 280 (as found in Colin Plumbs public domain implementation). */ 281/* #define FF(b, c, d) ((b & c) | (~b & d)) */ 282#define FF(b, c, d) (d ^ (b & (c ^ d))) 283#define FG(b, c, d) FF (d, b, c) 284#define FH(b, c, d) (b ^ c ^ d) 285#define FI(b, c, d) (c ^ (b | ~d)) 286 287/* Process LEN bytes of BUFFER, accumulating context into CTX. 288 It is assumed that LEN % 64 == 0. */ 289 290void 291md5_process_block (buffer, len, ctx) 292 const void *buffer; 293 size_t len; 294 struct md5_ctx *ctx; 295{ 296 md5_uint32 correct_words[16]; 297 const md5_uint32 *words = buffer; 298 size_t nwords = len / sizeof (md5_uint32); 299 const md5_uint32 *endp = words + nwords; 300 md5_uint32 A = ctx->A; 301 md5_uint32 B = ctx->B; 302 md5_uint32 C = ctx->C; 303 md5_uint32 D = ctx->D; 304 305 /* First increment the byte count. RFC 1321 specifies the possible 306 length of the file up to 2^64 bits. Here we only compute the 307 number of bytes. Do a double word increment. */ 308 ctx->total[0] += len; 309 if (ctx->total[0] < len) 310 ++ctx->total[1]; 311 312 /* Process all bytes in the buffer with 64 bytes in each round of 313 the loop. */ 314 while (words < endp) 315 { 316 md5_uint32 *cwp = correct_words; 317 md5_uint32 A_save = A; 318 md5_uint32 B_save = B; 319 md5_uint32 C_save = C; 320 md5_uint32 D_save = D; 321 322 /* First round: using the given function, the context and a constant 323 the next context is computed. Because the algorithms processing 324 unit is a 32-bit word and it is determined to work on words in 325 little endian byte order we perhaps have to change the byte order 326 before the computation. To reduce the work for the next steps 327 we store the swapped words in the array CORRECT_WORDS. */ 328 329#define OP(a, b, c, d, s, T) \ 330 do \ 331 { \ 332 a += FF (b, c, d) + (*cwp++ = SWAP (*words)) + T; \ 333 ++words; \ 334 CYCLIC (a, s); \ 335 a += b; \ 336 } \ 337 while (0) 338 339 /* It is unfortunate that C does not provide an operator for 340 cyclic rotation. Hope the C compiler is smart enough. */ 341#define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s))) 342 343 /* Before we start, one word to the strange constants. 344 They are defined in RFC 1321 as 345 346 T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64 347 */ 348 349 /* Round 1. */ 350 OP (A, B, C, D, 7, 0xd76aa478); 351 OP (D, A, B, C, 12, 0xe8c7b756); 352 OP (C, D, A, B, 17, 0x242070db); 353 OP (B, C, D, A, 22, 0xc1bdceee); 354 OP (A, B, C, D, 7, 0xf57c0faf); 355 OP (D, A, B, C, 12, 0x4787c62a); 356 OP (C, D, A, B, 17, 0xa8304613); 357 OP (B, C, D, A, 22, 0xfd469501); 358 OP (A, B, C, D, 7, 0x698098d8); 359 OP (D, A, B, C, 12, 0x8b44f7af); 360 OP (C, D, A, B, 17, 0xffff5bb1); 361 OP (B, C, D, A, 22, 0x895cd7be); 362 OP (A, B, C, D, 7, 0x6b901122); 363 OP (D, A, B, C, 12, 0xfd987193); 364 OP (C, D, A, B, 17, 0xa679438e); 365 OP (B, C, D, A, 22, 0x49b40821); 366 367 /* For the second to fourth round we have the possibly swapped words 368 in CORRECT_WORDS. Redefine the macro to take an additional first 369 argument specifying the function to use. */ 370#undef OP 371#define OP(f, a, b, c, d, k, s, T) \ 372 do \ 373 { \ 374 a += f (b, c, d) + correct_words[k] + T; \ 375 CYCLIC (a, s); \ 376 a += b; \ 377 } \ 378 while (0) 379 380 /* Round 2. */ 381 OP (FG, A, B, C, D, 1, 5, 0xf61e2562); 382 OP (FG, D, A, B, C, 6, 9, 0xc040b340); 383 OP (FG, C, D, A, B, 11, 14, 0x265e5a51); 384 OP (FG, B, C, D, A, 0, 20, 0xe9b6c7aa); 385 OP (FG, A, B, C, D, 5, 5, 0xd62f105d); 386 OP (FG, D, A, B, C, 10, 9, 0x02441453); 387 OP (FG, C, D, A, B, 15, 14, 0xd8a1e681); 388 OP (FG, B, C, D, A, 4, 20, 0xe7d3fbc8); 389 OP (FG, A, B, C, D, 9, 5, 0x21e1cde6); 390 OP (FG, D, A, B, C, 14, 9, 0xc33707d6); 391 OP (FG, C, D, A, B, 3, 14, 0xf4d50d87); 392 OP (FG, B, C, D, A, 8, 20, 0x455a14ed); 393 OP (FG, A, B, C, D, 13, 5, 0xa9e3e905); 394 OP (FG, D, A, B, C, 2, 9, 0xfcefa3f8); 395 OP (FG, C, D, A, B, 7, 14, 0x676f02d9); 396 OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a); 397 398 /* Round 3. */ 399 OP (FH, A, B, C, D, 5, 4, 0xfffa3942); 400 OP (FH, D, A, B, C, 8, 11, 0x8771f681); 401 OP (FH, C, D, A, B, 11, 16, 0x6d9d6122); 402 OP (FH, B, C, D, A, 14, 23, 0xfde5380c); 403 OP (FH, A, B, C, D, 1, 4, 0xa4beea44); 404 OP (FH, D, A, B, C, 4, 11, 0x4bdecfa9); 405 OP (FH, C, D, A, B, 7, 16, 0xf6bb4b60); 406 OP (FH, B, C, D, A, 10, 23, 0xbebfbc70); 407 OP (FH, A, B, C, D, 13, 4, 0x289b7ec6); 408 OP (FH, D, A, B, C, 0, 11, 0xeaa127fa); 409 OP (FH, C, D, A, B, 3, 16, 0xd4ef3085); 410 OP (FH, B, C, D, A, 6, 23, 0x04881d05); 411 OP (FH, A, B, C, D, 9, 4, 0xd9d4d039); 412 OP (FH, D, A, B, C, 12, 11, 0xe6db99e5); 413 OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8); 414 OP (FH, B, C, D, A, 2, 23, 0xc4ac5665); 415 416 /* Round 4. */ 417 OP (FI, A, B, C, D, 0, 6, 0xf4292244); 418 OP (FI, D, A, B, C, 7, 10, 0x432aff97); 419 OP (FI, C, D, A, B, 14, 15, 0xab9423a7); 420 OP (FI, B, C, D, A, 5, 21, 0xfc93a039); 421 OP (FI, A, B, C, D, 12, 6, 0x655b59c3); 422 OP (FI, D, A, B, C, 3, 10, 0x8f0ccc92); 423 OP (FI, C, D, A, B, 10, 15, 0xffeff47d); 424 OP (FI, B, C, D, A, 1, 21, 0x85845dd1); 425 OP (FI, A, B, C, D, 8, 6, 0x6fa87e4f); 426 OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0); 427 OP (FI, C, D, A, B, 6, 15, 0xa3014314); 428 OP (FI, B, C, D, A, 13, 21, 0x4e0811a1); 429 OP (FI, A, B, C, D, 4, 6, 0xf7537e82); 430 OP (FI, D, A, B, C, 11, 10, 0xbd3af235); 431 OP (FI, C, D, A, B, 2, 15, 0x2ad7d2bb); 432 OP (FI, B, C, D, A, 9, 21, 0xeb86d391); 433 434 /* Add the starting values of the context. */ 435 A += A_save; 436 B += B_save; 437 C += C_save; 438 D += D_save; 439 } 440 441 /* Put checksum in context given as argument. */ 442 ctx->A = A; 443 ctx->B = B; 444 ctx->C = C; 445 ctx->D = D; 446} 447