1 /* md5.c - MD5 Message-Digest Algorithm
2 * Copyright (C) 1995, 1996, 1998, 1999 Free Software Foundation, Inc.
4 * according to the definition of MD5 in RFC 1321 from April 1992.
5 * NOTE: This is *not* the same file as the one from glibc.
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2, or (at your option) any
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software Foundation,
19 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21 /* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995. */
22 /* heavily modified for GnuPG by <werner.koch@guug.de> */
23 /* modified again for Sylpheed by <wk@gnupg.org> 2001-02-11 */
27 * "" D4 1D 8C D9 8F 00 B2 04 E9 80 09 98 EC F8 42 7E
28 * "a" 0C C1 75 B9 C0 F1 B6 A8 31 C3 99 E2 69 77 26 61
29 * "abc 90 01 50 98 3C D2 4F B0 D6 96 3F 7D 28 E1 7F 72
30 * "message digest" F9 6B 69 7D 7C B7 93 8D 52 5A 2F 31 AA F1 61 D0
44 * Rotate a 32 bit integer by n bytes
46 #if defined(__GNUC__) && defined(__i386__)
50 __asm__("roll %%cl,%0"
56 #define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) )
61 md5_init(MD5_CONTEXT
*ctx
)
73 /* These are the four functions used in the four steps of the MD5 algorithm
74 and defined in the RFC 1321. The first function is a little bit optimized
75 (as found in Colin Plumbs public domain implementation). */
76 /* #define FF(b, c, d) ((b & c) | (~b & d)) */
77 #define FF(b, c, d) (d ^ (b & (c ^ d)))
78 #define FG(b, c, d) FF (d, b, c)
79 #define FH(b, c, d) (b ^ c ^ d)
80 #define FI(b, c, d) (c ^ (b | ~d))
84 * transform n*64 bytes
87 transform(MD5_CONTEXT
*ctx
, const unsigned char *data
)
89 u32 correct_words
[16];
94 u32
*cwp
= correct_words
;
96 #ifdef BIG_ENDIAN_HOST
99 const unsigned char *p2
, *p1
;
101 for (i
= 0, p1
= data
, p2
= (unsigned char*)correct_words
;
102 i
< 16; i
++, p2
+= 4) {
110 memcpy(correct_words
, data
, 64);
114 #define OP(a, b, c, d, s, T) \
116 a += FF (b, c, d) + (*cwp++) + T; \
121 /* Before we start, one word about the strange constants.
122 They are defined in RFC 1321 as
124 T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64
128 OP (A
, B
, C
, D
, 7, 0xd76aa478);
129 OP (D
, A
, B
, C
, 12, 0xe8c7b756);
130 OP (C
, D
, A
, B
, 17, 0x242070db);
131 OP (B
, C
, D
, A
, 22, 0xc1bdceee);
132 OP (A
, B
, C
, D
, 7, 0xf57c0faf);
133 OP (D
, A
, B
, C
, 12, 0x4787c62a);
134 OP (C
, D
, A
, B
, 17, 0xa8304613);
135 OP (B
, C
, D
, A
, 22, 0xfd469501);
136 OP (A
, B
, C
, D
, 7, 0x698098d8);
137 OP (D
, A
, B
, C
, 12, 0x8b44f7af);
138 OP (C
, D
, A
, B
, 17, 0xffff5bb1);
139 OP (B
, C
, D
, A
, 22, 0x895cd7be);
140 OP (A
, B
, C
, D
, 7, 0x6b901122);
141 OP (D
, A
, B
, C
, 12, 0xfd987193);
142 OP (C
, D
, A
, B
, 17, 0xa679438e);
143 OP (B
, C
, D
, A
, 22, 0x49b40821);
146 #define OP(f, a, b, c, d, k, s, T) \
148 a += f (b, c, d) + correct_words[k] + T; \
154 OP (FG
, A
, B
, C
, D
, 1, 5, 0xf61e2562);
155 OP (FG
, D
, A
, B
, C
, 6, 9, 0xc040b340);
156 OP (FG
, C
, D
, A
, B
, 11, 14, 0x265e5a51);
157 OP (FG
, B
, C
, D
, A
, 0, 20, 0xe9b6c7aa);
158 OP (FG
, A
, B
, C
, D
, 5, 5, 0xd62f105d);
159 OP (FG
, D
, A
, B
, C
, 10, 9, 0x02441453);
160 OP (FG
, C
, D
, A
, B
, 15, 14, 0xd8a1e681);
161 OP (FG
, B
, C
, D
, A
, 4, 20, 0xe7d3fbc8);
162 OP (FG
, A
, B
, C
, D
, 9, 5, 0x21e1cde6);
163 OP (FG
, D
, A
, B
, C
, 14, 9, 0xc33707d6);
164 OP (FG
, C
, D
, A
, B
, 3, 14, 0xf4d50d87);
165 OP (FG
, B
, C
, D
, A
, 8, 20, 0x455a14ed);
166 OP (FG
, A
, B
, C
, D
, 13, 5, 0xa9e3e905);
167 OP (FG
, D
, A
, B
, C
, 2, 9, 0xfcefa3f8);
168 OP (FG
, C
, D
, A
, B
, 7, 14, 0x676f02d9);
169 OP (FG
, B
, C
, D
, A
, 12, 20, 0x8d2a4c8a);
172 OP (FH
, A
, B
, C
, D
, 5, 4, 0xfffa3942);
173 OP (FH
, D
, A
, B
, C
, 8, 11, 0x8771f681);
174 OP (FH
, C
, D
, A
, B
, 11, 16, 0x6d9d6122);
175 OP (FH
, B
, C
, D
, A
, 14, 23, 0xfde5380c);
176 OP (FH
, A
, B
, C
, D
, 1, 4, 0xa4beea44);
177 OP (FH
, D
, A
, B
, C
, 4, 11, 0x4bdecfa9);
178 OP (FH
, C
, D
, A
, B
, 7, 16, 0xf6bb4b60);
179 OP (FH
, B
, C
, D
, A
, 10, 23, 0xbebfbc70);
180 OP (FH
, A
, B
, C
, D
, 13, 4, 0x289b7ec6);
181 OP (FH
, D
, A
, B
, C
, 0, 11, 0xeaa127fa);
182 OP (FH
, C
, D
, A
, B
, 3, 16, 0xd4ef3085);
183 OP (FH
, B
, C
, D
, A
, 6, 23, 0x04881d05);
184 OP (FH
, A
, B
, C
, D
, 9, 4, 0xd9d4d039);
185 OP (FH
, D
, A
, B
, C
, 12, 11, 0xe6db99e5);
186 OP (FH
, C
, D
, A
, B
, 15, 16, 0x1fa27cf8);
187 OP (FH
, B
, C
, D
, A
, 2, 23, 0xc4ac5665);
190 OP (FI
, A
, B
, C
, D
, 0, 6, 0xf4292244);
191 OP (FI
, D
, A
, B
, C
, 7, 10, 0x432aff97);
192 OP (FI
, C
, D
, A
, B
, 14, 15, 0xab9423a7);
193 OP (FI
, B
, C
, D
, A
, 5, 21, 0xfc93a039);
194 OP (FI
, A
, B
, C
, D
, 12, 6, 0x655b59c3);
195 OP (FI
, D
, A
, B
, C
, 3, 10, 0x8f0ccc92);
196 OP (FI
, C
, D
, A
, B
, 10, 15, 0xffeff47d);
197 OP (FI
, B
, C
, D
, A
, 1, 21, 0x85845dd1);
198 OP (FI
, A
, B
, C
, D
, 8, 6, 0x6fa87e4f);
199 OP (FI
, D
, A
, B
, C
, 15, 10, 0xfe2ce6e0);
200 OP (FI
, C
, D
, A
, B
, 6, 15, 0xa3014314);
201 OP (FI
, B
, C
, D
, A
, 13, 21, 0x4e0811a1);
202 OP (FI
, A
, B
, C
, D
, 4, 6, 0xf7537e82);
203 OP (FI
, D
, A
, B
, C
, 11, 10, 0xbd3af235);
204 OP (FI
, C
, D
, A
, B
, 2, 15, 0x2ad7d2bb);
205 OP (FI
, B
, C
, D
, A
, 9, 21, 0xeb86d391);
207 /* Put checksum in context given as argument. */
216 /* The routine updates the message-digest context to
217 * account for the presence of each of the characters inBuf[0..inLen-1]
218 * in the message whose digest is being computed.
221 md5_update(MD5_CONTEXT
*hd
, const unsigned char *inbuf
, size_t inlen
)
223 if (hd
->count
== 64) { /* flush the buffer */
224 transform( hd
, hd
->buf
);
231 for (; inlen
&& hd
->count
< 64; inlen
--)
232 hd
->buf
[hd
->count
++] = *inbuf
++;
233 md5_update(hd
, NULL
, 0);
238 while (inlen
>= 64) {
239 transform(hd
, inbuf
);
246 for (; inlen
&& hd
->count
< 64; inlen
--)
247 hd
->buf
[hd
->count
++] = *inbuf
++;
252 /* The routine final terminates the message-digest computation and
253 * ends with the desired message digest in mdContext->digest[0...15].
254 * The handle is prepared for a new MD5 cycle.
255 * Returns 16 bytes representing the digest.
259 do_final(MD5_CONTEXT
*hd
)
264 md5_update(hd
, NULL
, 0); /* flush */
268 if ((lsb
= t
<< 6) < t
) /* multiply by 64 to make a byte count */
272 if ((lsb
= t
+ hd
->count
) < t
) /* add the count */
275 if ((lsb
= t
<< 3) < t
) /* multiply by 8 to make a bit count */
279 if (hd
->count
< 56) { /* enough room */
280 hd
->buf
[hd
->count
++] = 0x80; /* pad */
281 while(hd
->count
< 56)
282 hd
->buf
[hd
->count
++] = 0; /* pad */
283 } else { /* need one extra block */
284 hd
->buf
[hd
->count
++] = 0x80; /* pad character */
285 while (hd
->count
< 64)
286 hd
->buf
[hd
->count
++] = 0;
287 md5_update(hd
, NULL
, 0); /* flush */
288 memset(hd
->buf
, 0, 56); /* fill next block with zeroes */
291 /* append the 64 bit count */
293 hd
->buf
[57] = lsb
>> 8;
294 hd
->buf
[58] = lsb
>> 16;
295 hd
->buf
[59] = lsb
>> 24;
297 hd
->buf
[61] = msb
>> 8;
298 hd
->buf
[62] = msb
>> 16;
299 hd
->buf
[63] = msb
>> 24;
300 transform(hd
, hd
->buf
);
303 #ifdef BIG_ENDIAN_HOST
304 #define X(a) do { *p++ = hd->##a ; *p++ = hd->##a >> 8; \
305 *p++ = hd->##a >> 16; *p++ = hd->##a >> 24; } while(0)
306 #else /* little endian */
307 /*#define X(a) do { *(u32*)p = hd->##a ; p += 4; } while(0)*/
308 /* Unixware's cpp doesn't like the above construct so we do it his way:
309 * (reported by Allan Clark) */
310 #define X(a) do { *(u32*)p = (*hd).a ; p += 4; } while(0)
321 md5_final(unsigned char *digest
, MD5_CONTEXT
*ctx
)
325 memcpy(digest
, ctx
->buf
, 16);
329 * Creates a MD5 digest in hex fomrat (lowercase letters) from the
330 * string S. hextdigest but be buffer of at lease 33 bytes!
333 md5_hex_digest(char *hexdigest
, const unsigned char *s
)
337 unsigned char digest
[16];
340 md5_update(&context
, s
, strlen(s
));
341 md5_final(digest
, &context
);
343 for (i
= 0; i
< 16; i
++)
344 sprintf(hexdigest
+ 2 * i
, "%02x", digest
[i
]);
349 ** Function: md5_hmac
350 ** taken from the file rfc2104.txt
351 ** written by Martin Schaaf <mascha@ma-scha.de>
354 md5_hmac(unsigned char *digest
,
355 const unsigned char* text
, int text_len
,
356 const unsigned char* key
, int key_len
)
359 unsigned char k_ipad
[64]; /* inner padding -
362 unsigned char k_opad
[64]; /* outer padding -
365 /* unsigned char tk[16]; */
368 /* start out by storing key in pads */
369 memset(k_ipad
, 0, sizeof k_ipad
);
370 memset(k_opad
, 0, sizeof k_opad
);
372 /* if key is longer than 64 bytes reset it to key=MD5(key) */
376 md5_update(&tctx
, key
, key_len
);
377 md5_final(k_ipad
, &tctx
);
378 md5_final(k_opad
, &tctx
);
380 memcpy(k_ipad
, key
, key_len
);
381 memcpy(k_opad
, key
, key_len
);
385 * the HMAC_MD5 transform looks like:
387 * MD5(K XOR opad, MD5(K XOR ipad, text))
389 * where K is an n byte key
390 * ipad is the byte 0x36 repeated 64 times
391 * opad is the byte 0x5c repeated 64 times
392 * and text is the data being protected
396 /* XOR key with ipad and opad values */
397 for (i
= 0; i
< 64; i
++) {
405 md5_init(&context
); /* init context for 1st
407 md5_update(&context
, k_ipad
, 64); /* start with inner pad */
408 md5_update(&context
, text
, text_len
); /* then text of datagram */
409 md5_final(digest
, &context
); /* finish up 1st pass */
413 md5_init(&context
); /* init context for 2nd
415 md5_update(&context
, k_opad
, 64); /* start with outer pad */
416 md5_update(&context
, digest
, 16); /* then results of 1st
418 md5_final(digest
, &context
); /* finish up 2nd pass */
423 md5_hex_hmac(char *hexdigest
,
424 const unsigned char* text
, int text_len
,
425 const unsigned char* key
, int key_len
)
427 unsigned char digest
[16];
430 md5_hmac(digest
, text
, text_len
, key
, key_len
);
431 for (i
= 0; i
< 16; i
++)
432 sprintf(hexdigest
+ 2 * i
, "%02x", digest
[i
]);