Statistics
| Revision:

root / src / md5.c @ 1

History | View | Annotate | Download (11.1 KB)

1
/* md5.c - MD5 Message-Digest Algorithm
2
 *        Copyright (C) 1995, 1996, 1998, 1999 Free Software Foundation, Inc.
3
 *
4
 * according to the definition of MD5 in RFC 1321 from April 1992.
5
 * NOTE: This is *not* the same file as the one from glibc.
6
 *
7
 * This program is free software; you can redistribute it and/or modify it
8
 * under the terms of the GNU General Public License as published by the
9
 * Free Software Foundation; either version 2, or (at your option) any
10
 * later version.
11
 *
12
 * This program is distributed in the hope that it will be useful,
13
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15
 * GNU General Public License for more details.
16
 *
17
 * You should have received a copy of the GNU General Public License
18
 * along with this program; if not, write to the Free Software Foundation,
19
 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
20
 */
21
/* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995.  */
22
/* heavily modified for GnuPG by <werner.koch@guug.de> */
23
/* modified again for Sylpheed by <wk@gnupg.org> 2001-02-11 */
24

    
25

    
26
/* Test values:
27
 * ""                  D4 1D 8C D9 8F 00 B2 04  E9 80 09 98 EC F8 42 7E
28
 * "a"                 0C C1 75 B9 C0 F1 B6 A8  31 C3 99 E2 69 77 26 61
29
 * "abc                90 01 50 98 3C D2 4F B0  D6 96 3F 7D 28 E1 7F 72
30
 * "message digest"    F9 6B 69 7D 7C B7 93 8D  52 5A 2F 31 AA F1 61 D0
31
 */
32

    
33
#include <config.h>
34
#include <stdio.h>
35
#include <stdlib.h>
36
#include <string.h>
37
#include <assert.h>
38

    
39
#include "utils.h"
40
#include "md5.h"
41

    
42

    
43
/****************
44
 * Rotate a 32 bit integer by n bytes
45
 */
46
#if defined(__GNUC__) && defined(__i386__)
47
static inline u32
48
rol( u32 x, int n)
49
{
50
        __asm__("roll %%cl,%0"
51
                :"=r" (x)
52
                :"0" (x),"c" (n));
53
        return x;
54
}
55
#else
56
#define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) )
57
#endif
58

    
59

    
60
void
61
md5_init(MD5_CONTEXT *ctx)
62
{
63
        ctx->A = 0x67452301;
64
        ctx->B = 0xefcdab89;
65
        ctx->C = 0x98badcfe;
66
        ctx->D = 0x10325476;
67

    
68
        ctx->nblocks = 0;
69
        ctx->count = 0;
70
        ctx->finalized = 0;
71
}
72

    
73
/* These are the four functions used in the four steps of the MD5 algorithm
74
   and defined in the RFC 1321.  The first function is a little bit optimized
75
   (as found in Colin Plumbs public domain implementation).  */
76
/* #define FF(b, c, d) ((b & c) | (~b & d)) */
77
#define FF(b, c, d) (d ^ (b & (c ^ d)))
78
#define FG(b, c, d) FF (d, b, c)
79
#define FH(b, c, d) (b ^ c ^ d)
80
#define FI(b, c, d) (c ^ (b | ~d))
81

    
82

    
83
/****************
84
 * transform n*64 bytes
85
 */
86
static void
87
transform(MD5_CONTEXT *ctx, const unsigned char *data)
88
{
89
        u32 correct_words[16];
90
        u32 A = ctx->A;
91
        u32 B = ctx->B;
92
        u32 C = ctx->C;
93
        u32 D = ctx->D;
94
        u32 *cwp = correct_words;
95

    
96
#ifdef BIG_ENDIAN_HOST
97
        {
98
                int i;
99
                unsigned char *p2, *p1;
100

    
101
                for (i = 0, p1 = data, p2 = (unsigned char*)correct_words;
102
                     i < 16; i++, p2 += 4) {
103
                        p2[3] = *p1++;
104
                        p2[2] = *p1++;
105
                        p2[1] = *p1++;
106
                        p2[0] = *p1++;
107
                }
108
        }
109
#else
110
        memcpy(correct_words, data, 64);
111
#endif
112

    
113

    
114
#define OP(a, b, c, d, s, T)                                \
115
        do {                                                \
116
                a += FF (b, c, d) + (*cwp++) + T;         \
117
                a = rol(a, s);                                \
118
                a += b;                                        \
119
        } while (0)
120

    
121
        /* Before we start, one word about the strange constants.
122
           They are defined in RFC 1321 as
123

124
           T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64
125
         */
126

    
127
        /* Round 1.  */
128
        OP (A, B, C, D,  7, 0xd76aa478);
129
        OP (D, A, B, C, 12, 0xe8c7b756);
130
        OP (C, D, A, B, 17, 0x242070db);
131
        OP (B, C, D, A, 22, 0xc1bdceee);
132
        OP (A, B, C, D,  7, 0xf57c0faf);
133
        OP (D, A, B, C, 12, 0x4787c62a);
134
        OP (C, D, A, B, 17, 0xa8304613);
135
        OP (B, C, D, A, 22, 0xfd469501);
136
        OP (A, B, C, D,  7, 0x698098d8);
137
        OP (D, A, B, C, 12, 0x8b44f7af);
138
        OP (C, D, A, B, 17, 0xffff5bb1);
139
        OP (B, C, D, A, 22, 0x895cd7be);
140
        OP (A, B, C, D,  7, 0x6b901122);
141
        OP (D, A, B, C, 12, 0xfd987193);
142
        OP (C, D, A, B, 17, 0xa679438e);
143
        OP (B, C, D, A, 22, 0x49b40821);
144

    
145
#undef OP
146
#define OP(f, a, b, c, d, k, s, T)  \
147
        do {                                                        \
148
                a += f (b, c, d) + correct_words[k] + T;        \
149
                a = rol(a, s);                                        \
150
                a += b;                                         \
151
        } while (0)
152

    
153
        /* Round 2.  */
154
        OP (FG, A, B, C, D,  1,  5, 0xf61e2562);
155
        OP (FG, D, A, B, C,  6,  9, 0xc040b340);
156
        OP (FG, C, D, A, B, 11, 14, 0x265e5a51);
157
        OP (FG, B, C, D, A,  0, 20, 0xe9b6c7aa);
158
        OP (FG, A, B, C, D,  5,  5, 0xd62f105d);
159
        OP (FG, D, A, B, C, 10,  9, 0x02441453);
160
        OP (FG, C, D, A, B, 15, 14, 0xd8a1e681);
161
        OP (FG, B, C, D, A,  4, 20, 0xe7d3fbc8);
162
        OP (FG, A, B, C, D,  9,  5, 0x21e1cde6);
163
        OP (FG, D, A, B, C, 14,  9, 0xc33707d6);
164
        OP (FG, C, D, A, B,  3, 14, 0xf4d50d87);
165
        OP (FG, B, C, D, A,  8, 20, 0x455a14ed);
166
        OP (FG, A, B, C, D, 13,  5, 0xa9e3e905);
167
        OP (FG, D, A, B, C,  2,  9, 0xfcefa3f8);
168
        OP (FG, C, D, A, B,  7, 14, 0x676f02d9);
169
        OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a);
170

    
171
        /* Round 3.  */
172
        OP (FH, A, B, C, D,  5,  4, 0xfffa3942);
173
        OP (FH, D, A, B, C,  8, 11, 0x8771f681);
174
        OP (FH, C, D, A, B, 11, 16, 0x6d9d6122);
175
        OP (FH, B, C, D, A, 14, 23, 0xfde5380c);
176
        OP (FH, A, B, C, D,  1,  4, 0xa4beea44);
177
        OP (FH, D, A, B, C,  4, 11, 0x4bdecfa9);
178
        OP (FH, C, D, A, B,  7, 16, 0xf6bb4b60);
179
        OP (FH, B, C, D, A, 10, 23, 0xbebfbc70);
180
        OP (FH, A, B, C, D, 13,  4, 0x289b7ec6);
181
        OP (FH, D, A, B, C,  0, 11, 0xeaa127fa);
182
        OP (FH, C, D, A, B,  3, 16, 0xd4ef3085);
183
        OP (FH, B, C, D, A,  6, 23, 0x04881d05);
184
        OP (FH, A, B, C, D,  9,  4, 0xd9d4d039);
185
        OP (FH, D, A, B, C, 12, 11, 0xe6db99e5);
186
        OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8);
187
        OP (FH, B, C, D, A,  2, 23, 0xc4ac5665);
188

    
189
        /* Round 4.  */
190
        OP (FI, A, B, C, D,  0,  6, 0xf4292244);
191
        OP (FI, D, A, B, C,  7, 10, 0x432aff97);
192
        OP (FI, C, D, A, B, 14, 15, 0xab9423a7);
193
        OP (FI, B, C, D, A,  5, 21, 0xfc93a039);
194
        OP (FI, A, B, C, D, 12,  6, 0x655b59c3);
195
        OP (FI, D, A, B, C,  3, 10, 0x8f0ccc92);
196
        OP (FI, C, D, A, B, 10, 15, 0xffeff47d);
197
        OP (FI, B, C, D, A,  1, 21, 0x85845dd1);
198
        OP (FI, A, B, C, D,  8,  6, 0x6fa87e4f);
199
        OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0);
200
        OP (FI, C, D, A, B,  6, 15, 0xa3014314);
201
        OP (FI, B, C, D, A, 13, 21, 0x4e0811a1);
202
        OP (FI, A, B, C, D,  4,  6, 0xf7537e82);
203
        OP (FI, D, A, B, C, 11, 10, 0xbd3af235);
204
        OP (FI, C, D, A, B,  2, 15, 0x2ad7d2bb);
205
        OP (FI, B, C, D, A,  9, 21, 0xeb86d391);
206

    
207
        /* Put checksum in context given as argument.  */
208
        ctx->A += A;
209
        ctx->B += B;
210
        ctx->C += C;
211
        ctx->D += D;
212
}
213

    
214

    
215

    
216
/* The routine updates the message-digest context to
217
 * account for the presence of each of the characters inBuf[0..inLen-1]
218
 * in the message whose digest is being computed.
219
 */
220
void
221
md5_update(MD5_CONTEXT *hd, const unsigned char *inbuf, size_t inlen)
222
{
223
        if (hd->count == 64) { /* flush the buffer */
224
                transform( hd, hd->buf );
225
                hd->count = 0;
226
                hd->nblocks++;
227
        }
228
        if (!inbuf)
229
                return;
230
        if (hd->count) {
231
                for (; inlen && hd->count < 64; inlen--)
232
                        hd->buf[hd->count++] = *inbuf++;
233
                md5_update(hd, NULL, 0);
234
                if (!inlen)
235
                        return;
236
        }
237

    
238
        while (inlen >= 64) {
239
                transform(hd, inbuf);
240
                hd->count = 0;
241
                hd->nblocks++;
242
                inlen -= 64;
243
                inbuf += 64;
244
        }
245

    
246
        for (; inlen && hd->count < 64; inlen--)
247
                hd->buf[hd->count++] = *inbuf++;
248
}
249

    
250

    
251

    
252
/* The routine final terminates the message-digest computation and
253
 * ends with the desired message digest in mdContext->digest[0...15].
254
 * The handle is prepared for a new MD5 cycle.
255
 * Returns 16 bytes representing the digest.
256
 */
257

    
258
static void
259
do_final(MD5_CONTEXT *hd)
260
{
261
        u32 t, msb, lsb;
262
        unsigned char *p;
263

    
264
        md5_update(hd, NULL, 0); /* flush */
265

    
266
        msb = 0;
267
        t = hd->nblocks;
268
        if ((lsb = t << 6) < t) /* multiply by 64 to make a byte count */
269
                msb++;
270
        msb += t >> 26;
271
        t = lsb;
272
        if ((lsb = t + hd->count) < t) /* add the count */
273
                msb++;
274
        t = lsb;
275
        if ((lsb = t << 3) < t) /* multiply by 8 to make a bit count */
276
                msb++;
277
        msb += t >> 29;
278

    
279
        if (hd->count < 56) { /* enough room */
280
                hd->buf[hd->count++] = 0x80; /* pad */
281
                while(hd->count < 56)
282
                        hd->buf[hd->count++] = 0;  /* pad */
283
        } else { /* need one extra block */
284
                hd->buf[hd->count++] = 0x80; /* pad character */
285
                while (hd->count < 64)
286
                        hd->buf[hd->count++] = 0;
287
                md5_update(hd, NULL, 0);  /* flush */
288
                memset(hd->buf, 0, 56); /* fill next block with zeroes */
289
        }
290

    
291
        /* append the 64 bit count */
292
        hd->buf[56] = lsb      ;
293
        hd->buf[57] = lsb >>  8;
294
        hd->buf[58] = lsb >> 16;
295
        hd->buf[59] = lsb >> 24;
296
        hd->buf[60] = msb      ;
297
        hd->buf[61] = msb >>  8;
298
        hd->buf[62] = msb >> 16;
299
        hd->buf[63] = msb >> 24;
300
        transform(hd, hd->buf);
301

    
302
        p = hd->buf;
303
#ifdef BIG_ENDIAN_HOST
304
#define X(a) do { *p++ = hd->a      ; *p++ = hd->a >> 8;      \
305
                  *p++ = hd->a >> 16; *p++ = hd->a >> 24; } while(0)
306
#else /* little endian */
307
        /*#define X(a) do { *(u32*)p = hd->##a ; p += 4; } while(0)*/
308
        /* Unixware's cpp doesn't like the above construct so we do it his way:
309
         * (reported by Allan Clark) */
310
#define X(a) do { *(u32*)p = (*hd).a ; p += 4; } while(0)
311
#endif
312
        X(A);
313
        X(B);
314
        X(C);
315
        X(D);
316
#undef X
317
        hd->finalized = 1;
318
}
319

    
320
void
321
md5_final(unsigned char *digest, MD5_CONTEXT *ctx)
322
{
323
        if (!ctx->finalized)
324
                do_final(ctx);
325
        memcpy(digest, ctx->buf, 16);
326
}
327

    
328
/*
329
 * Creates a MD5 digest in hex fomrat (lowercase letters) from the
330
 * string S.  hextdigest but be buffer of at lease 33 bytes!
331
 */
332
void
333
md5_hex_digest(char *hexdigest, const unsigned char *s)
334
{
335
        int i;
336
        MD5_CONTEXT context;
337
        unsigned char digest[16];
338

    
339
        md5_init(&context);
340
        md5_update(&context, s, strlen(s));
341
        md5_final(digest, &context);
342

    
343
        for (i = 0; i < 16; i++)
344
                sprintf(hexdigest + 2 * i, "%02x", digest[i]);
345
}
346

    
347

    
348
/*
349
** Function: md5_hmac
350
** taken from the file rfc2104.txt
351
** written by Martin Schaaf <mascha@ma-scha.de>
352
*/
353
void
354
md5_hmac(unsigned char *digest,
355
         const unsigned char* text, int text_len,
356
         const unsigned char* key, int key_len)
357
{
358
        MD5_CONTEXT context;
359
        unsigned char k_ipad[64];    /* inner padding -
360
                                      * key XORd with ipad
361
                                      */
362
        unsigned char k_opad[64];    /* outer padding -
363
                                      * key XORd with opad
364
                                      */
365
        /* unsigned char tk[16]; */
366
        int i;
367

    
368
        /* start out by storing key in pads */
369
        memset(k_ipad, 0, sizeof k_ipad);
370
        memset(k_opad, 0, sizeof k_opad);
371
        if (key_len > 64) {
372
                /* if key is longer than 64 bytes reset it to key=MD5(key) */
373
                MD5_CONTEXT tctx;
374

    
375
                md5_init(&tctx);
376
                md5_update(&tctx, key, key_len);
377
                md5_final(k_ipad, &tctx);
378
                md5_final(k_opad, &tctx);
379
        } else {
380
                memcpy(k_ipad, key, key_len);
381
                memcpy(k_opad, key, key_len);
382
        }
383

    
384
        /*
385
         * the HMAC_MD5 transform looks like:
386
         *
387
         * MD5(K XOR opad, MD5(K XOR ipad, text))
388
         *
389
         * where K is an n byte key
390
         * ipad is the byte 0x36 repeated 64 times
391
         * opad is the byte 0x5c repeated 64 times
392
         * and text is the data being protected
393
         */
394

    
395

    
396
        /* XOR key with ipad and opad values */
397
        for (i = 0; i < 64; i++) {
398
                k_ipad[i] ^= 0x36;
399
                k_opad[i] ^= 0x5c;
400
        }
401

    
402
        /*
403
         * perform inner MD5
404
         */
405
        md5_init(&context);                      /* init context for 1st
406
                                               * pass */
407
        md5_update(&context, k_ipad, 64);     /* start with inner pad */
408
        md5_update(&context, text, text_len); /* then text of datagram */
409
        md5_final(digest, &context);              /* finish up 1st pass */
410
        /*
411
         * perform outer MD5
412
         */
413
        md5_init(&context);                      /* init context for 2nd
414
                                               * pass */
415
        md5_update(&context, k_opad, 64);     /* start with outer pad */
416
        md5_update(&context, digest, 16);     /* then results of 1st
417
                                               * hash */
418
        md5_final(digest, &context);              /* finish up 2nd pass */
419
}
420

    
421

    
422
void
423
md5_hex_hmac(char *hexdigest,
424
             const unsigned char* text, int text_len,
425
             const unsigned char* key, int key_len)
426
{
427
        unsigned char digest[16];
428
        int i;
429

    
430
        md5_hmac(digest, text, text_len, key, key_len);
431
        for (i = 0; i < 16; i++)
432
                sprintf(hexdigest + 2 * i, "%02x", digest[i]);
433
}