1 /* md5.c - MD5 Message-Digest Algorithm
2 * Copyright (C) 1995, 1996, 1998, 1999 Free Software Foundation, Inc.
4 * according to the definition of MD5 in RFC 1321 from April 1992.
5 * NOTE: This is *not* the same file as the one from glibc.
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2, or (at your option) any
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software Foundation,
19 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21 /* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995. */
22 /* heavily modified for GnuPG by <werner.koch@guug.de> */
23 /* modified again for Sylpheed by <wk@gnupg.org> 2001-02-11 */
27 * "" D4 1D 8C D9 8F 00 B2 04 E9 80 09 98 EC F8 42 7E
28 * "a" 0C C1 75 B9 C0 F1 B6 A8 31 C3 99 E2 69 77 26 61
29 * "abc 90 01 50 98 3C D2 4F B0 D6 96 3F 7D 28 E1 7F 72
30 * "message digest" F9 6B 69 7D 7C B7 93 8D 52 5A 2F 31 AA F1 61 D0
42 * Rotate a 32 bit integer by n bytes
44 #if defined(__GNUC__) && defined(__i386__)
48 __asm__("roll %%cl,%0"
54 #define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) )
59 md5_init(MD5_CONTEXT *ctx)
71 /* These are the four functions used in the four steps of the MD5 algorithm
72 and defined in the RFC 1321. The first function is a little bit optimized
73 (as found in Colin Plumbs public domain implementation). */
74 /* #define FF(b, c, d) ((b & c) | (~b & d)) */
75 #define FF(b, c, d) (d ^ (b & (c ^ d)))
76 #define FG(b, c, d) FF (d, b, c)
77 #define FH(b, c, d) (b ^ c ^ d)
78 #define FI(b, c, d) (c ^ (b | ~d))
82 * transform n*64 bytes
85 transform(MD5_CONTEXT *ctx, const unsigned char *data)
87 u32 correct_words[16];
92 u32 *cwp = correct_words;
94 #ifdef BIG_ENDIAN_HOST
97 unsigned char *p2, *p1;
99 for (i = 0, p1 = data, p2 = (unsigned char*)correct_words;
100 i < 16; i++, p2 += 4) {
108 memcpy(correct_words, data, 64);
112 #define OP(a, b, c, d, s, T) \
114 a += FF (b, c, d) + (*cwp++) + T; \
119 /* Before we start, one word about the strange constants.
120 They are defined in RFC 1321 as
122 T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64
126 OP (A, B, C, D, 7, 0xd76aa478);
127 OP (D, A, B, C, 12, 0xe8c7b756);
128 OP (C, D, A, B, 17, 0x242070db);
129 OP (B, C, D, A, 22, 0xc1bdceee);
130 OP (A, B, C, D, 7, 0xf57c0faf);
131 OP (D, A, B, C, 12, 0x4787c62a);
132 OP (C, D, A, B, 17, 0xa8304613);
133 OP (B, C, D, A, 22, 0xfd469501);
134 OP (A, B, C, D, 7, 0x698098d8);
135 OP (D, A, B, C, 12, 0x8b44f7af);
136 OP (C, D, A, B, 17, 0xffff5bb1);
137 OP (B, C, D, A, 22, 0x895cd7be);
138 OP (A, B, C, D, 7, 0x6b901122);
139 OP (D, A, B, C, 12, 0xfd987193);
140 OP (C, D, A, B, 17, 0xa679438e);
141 OP (B, C, D, A, 22, 0x49b40821);
144 #define OP(f, a, b, c, d, k, s, T) \
146 a += f (b, c, d) + correct_words[k] + T; \
152 OP (FG, A, B, C, D, 1, 5, 0xf61e2562);
153 OP (FG, D, A, B, C, 6, 9, 0xc040b340);
154 OP (FG, C, D, A, B, 11, 14, 0x265e5a51);
155 OP (FG, B, C, D, A, 0, 20, 0xe9b6c7aa);
156 OP (FG, A, B, C, D, 5, 5, 0xd62f105d);
157 OP (FG, D, A, B, C, 10, 9, 0x02441453);
158 OP (FG, C, D, A, B, 15, 14, 0xd8a1e681);
159 OP (FG, B, C, D, A, 4, 20, 0xe7d3fbc8);
160 OP (FG, A, B, C, D, 9, 5, 0x21e1cde6);
161 OP (FG, D, A, B, C, 14, 9, 0xc33707d6);
162 OP (FG, C, D, A, B, 3, 14, 0xf4d50d87);
163 OP (FG, B, C, D, A, 8, 20, 0x455a14ed);
164 OP (FG, A, B, C, D, 13, 5, 0xa9e3e905);
165 OP (FG, D, A, B, C, 2, 9, 0xfcefa3f8);
166 OP (FG, C, D, A, B, 7, 14, 0x676f02d9);
167 OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a);
170 OP (FH, A, B, C, D, 5, 4, 0xfffa3942);
171 OP (FH, D, A, B, C, 8, 11, 0x8771f681);
172 OP (FH, C, D, A, B, 11, 16, 0x6d9d6122);
173 OP (FH, B, C, D, A, 14, 23, 0xfde5380c);
174 OP (FH, A, B, C, D, 1, 4, 0xa4beea44);
175 OP (FH, D, A, B, C, 4, 11, 0x4bdecfa9);
176 OP (FH, C, D, A, B, 7, 16, 0xf6bb4b60);
177 OP (FH, B, C, D, A, 10, 23, 0xbebfbc70);
178 OP (FH, A, B, C, D, 13, 4, 0x289b7ec6);
179 OP (FH, D, A, B, C, 0, 11, 0xeaa127fa);
180 OP (FH, C, D, A, B, 3, 16, 0xd4ef3085);
181 OP (FH, B, C, D, A, 6, 23, 0x04881d05);
182 OP (FH, A, B, C, D, 9, 4, 0xd9d4d039);
183 OP (FH, D, A, B, C, 12, 11, 0xe6db99e5);
184 OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8);
185 OP (FH, B, C, D, A, 2, 23, 0xc4ac5665);
188 OP (FI, A, B, C, D, 0, 6, 0xf4292244);
189 OP (FI, D, A, B, C, 7, 10, 0x432aff97);
190 OP (FI, C, D, A, B, 14, 15, 0xab9423a7);
191 OP (FI, B, C, D, A, 5, 21, 0xfc93a039);
192 OP (FI, A, B, C, D, 12, 6, 0x655b59c3);
193 OP (FI, D, A, B, C, 3, 10, 0x8f0ccc92);
194 OP (FI, C, D, A, B, 10, 15, 0xffeff47d);
195 OP (FI, B, C, D, A, 1, 21, 0x85845dd1);
196 OP (FI, A, B, C, D, 8, 6, 0x6fa87e4f);
197 OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0);
198 OP (FI, C, D, A, B, 6, 15, 0xa3014314);
199 OP (FI, B, C, D, A, 13, 21, 0x4e0811a1);
200 OP (FI, A, B, C, D, 4, 6, 0xf7537e82);
201 OP (FI, D, A, B, C, 11, 10, 0xbd3af235);
202 OP (FI, C, D, A, B, 2, 15, 0x2ad7d2bb);
203 OP (FI, B, C, D, A, 9, 21, 0xeb86d391);
205 /* Put checksum in context given as argument. */
214 /* The routine updates the message-digest context to
215 * account for the presence of each of the characters inBuf[0..inLen-1]
216 * in the message whose digest is being computed.
219 md5_update(MD5_CONTEXT *hd, const unsigned char *inbuf, size_t inlen)
221 if (hd->count == 64) { /* flush the buffer */
222 transform( hd, hd->buf );
229 for (; inlen && hd->count < 64; inlen--)
230 hd->buf[hd->count++] = *inbuf++;
231 md5_update(hd, NULL, 0);
236 while (inlen >= 64) {
237 transform(hd, inbuf);
244 for (; inlen && hd->count < 64; inlen--)
245 hd->buf[hd->count++] = *inbuf++;
250 /* The routine final terminates the message-digest computation and
251 * ends with the desired message digest in mdContext->digest[0...15].
252 * The handle is prepared for a new MD5 cycle.
253 * Returns 16 bytes representing the digest.
257 do_final(MD5_CONTEXT *hd)
262 md5_update(hd, NULL, 0); /* flush */
266 if ((lsb = t << 6) < t) /* multiply by 64 to make a byte count */
270 if ((lsb = t + hd->count) < t) /* add the count */
273 if ((lsb = t << 3) < t) /* multiply by 8 to make a bit count */
277 if (hd->count < 56) { /* enough room */
278 hd->buf[hd->count++] = 0x80; /* pad */
279 while(hd->count < 56)
280 hd->buf[hd->count++] = 0; /* pad */
281 } else { /* need one extra block */
282 hd->buf[hd->count++] = 0x80; /* pad character */
283 while (hd->count < 64)
284 hd->buf[hd->count++] = 0;
285 md5_update(hd, NULL, 0); /* flush */
286 memset(hd->buf, 0, 56); /* fill next block with zeroes */
289 /* append the 64 bit count */
291 hd->buf[57] = lsb >> 8;
292 hd->buf[58] = lsb >> 16;
293 hd->buf[59] = lsb >> 24;
295 hd->buf[61] = msb >> 8;
296 hd->buf[62] = msb >> 16;
297 hd->buf[63] = msb >> 24;
298 transform(hd, hd->buf);
301 #ifdef BIG_ENDIAN_HOST
302 #define X(a) do { *p++ = hd->a ; *p++ = hd->a >> 8; \
303 *p++ = hd->a >> 16; *p++ = hd->a >> 24; } while(0)
304 #else /* little endian */
305 /*#define X(a) do { *(u32*)p = hd->##a ; p += 4; } while(0)*/
306 /* Unixware's cpp doesn't like the above construct so we do it his way:
307 * (reported by Allan Clark) */
308 #define X(a) do { *(u32*)p = (*hd).a ; p += 4; } while(0)
319 md5_final(unsigned char *digest, MD5_CONTEXT *ctx)
323 memcpy(digest, ctx->buf, 16);
327 * Creates a MD5 digest in hex fomrat (lowercase letters) from the
328 * string S. hextdigest but be buffer of at lease 33 bytes!
331 md5_hex_digest(char *hexdigest, const unsigned char *s)
335 unsigned char digest[16];
338 md5_update(&context, s, strlen(s));
339 md5_final(digest, &context);
341 for (i = 0; i < 16; i++)
342 sprintf(hexdigest + 2 * i, "%02x", digest[i]);
347 ** Function: md5_hmac
348 ** taken from the file rfc2104.txt
349 ** written by Martin Schaaf <mascha@ma-scha.de>
352 md5_hmac(unsigned char *digest,
353 const unsigned char* text, int text_len,
354 const unsigned char* key, int key_len)
357 unsigned char k_ipad[64]; /* inner padding -
360 unsigned char k_opad[64]; /* outer padding -
363 /* unsigned char tk[16]; */
366 /* start out by storing key in pads */
367 memset(k_ipad, 0, sizeof k_ipad);
368 memset(k_opad, 0, sizeof k_opad);
370 /* if key is longer than 64 bytes reset it to key=MD5(key) */
374 md5_update(&tctx, key, key_len);
375 md5_final(k_ipad, &tctx);
376 md5_final(k_opad, &tctx);
378 memcpy(k_ipad, key, key_len);
379 memcpy(k_opad, key, key_len);
383 * the HMAC_MD5 transform looks like:
385 * MD5(K XOR opad, MD5(K XOR ipad, text))
387 * where K is an n byte key
388 * ipad is the byte 0x36 repeated 64 times
389 * opad is the byte 0x5c repeated 64 times
390 * and text is the data being protected
394 /* XOR key with ipad and opad values */
395 for (i = 0; i < 64; i++) {
403 md5_init(&context); /* init context for 1st
405 md5_update(&context, k_ipad, 64); /* start with inner pad */
406 md5_update(&context, text, text_len); /* then text of datagram */
407 md5_final(digest, &context); /* finish up 1st pass */
411 md5_init(&context); /* init context for 2nd
413 md5_update(&context, k_opad, 64); /* start with outer pad */
414 md5_update(&context, digest, 16); /* then results of 1st
416 md5_final(digest, &context); /* finish up 2nd pass */
421 md5_hex_hmac(char *hexdigest,
422 const unsigned char* text, int text_len,
423 const unsigned char* key, int key_len)
425 unsigned char digest[16];
428 md5_hmac(digest, text, text_len, key, key_len);
429 for (i = 0; i < 16; i++)
430 sprintf(hexdigest + 2 * i, "%02x", digest[i]);