1 /* vi: set sw=4 ts=4: */
3 * md5.c - Compute MD5 checksum of strings according to the
4 * definition of MD5 in RFC 1321 from April 1992.
6 * Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995.
8 * Copyright (C) 1995-1999 Free Software Foundation, Inc.
9 * Copyright (C) 2001 Manuel Novoa III
10 * Copyright (C) 2003 Glenn L. McGrath
11 * Copyright (C) 2003 Erik Andersen
13 * Licensed under the GPL v2 or later, see the file LICENSE in this tarball.
18 /* 0: fastest, 3: smallest */
19 #if CONFIG_MD5_SIZE_VS_SPEED < 0
20 # define MD5_SIZE_VS_SPEED 0
21 #elif CONFIG_MD5_SIZE_VS_SPEED > 3
22 # define MD5_SIZE_VS_SPEED 3
24 # define MD5_SIZE_VS_SPEED CONFIG_MD5_SIZE_VS_SPEED
27 /* Initialize structure containing state of computation.
28 * (RFC 1321, 3.3: Step 3)
30 void FAST_FUNC md5_begin(md5_ctx_t *ctx)
40 /* These are the four functions used in the four steps of the MD5 algorithm
41 * and defined in the RFC 1321. The first function is a little bit optimized
42 * (as found in Colin Plumbs public domain implementation).
43 * #define FF(b, c, d) ((b & c) | (~b & d))
45 #define FF(b, c, d) (d ^ (b & (c ^ d)))
46 #define FG(b, c, d) FF(d, b, c)
47 #define FH(b, c, d) (b ^ c ^ d)
48 #define FI(b, c, d) (c ^ (b | ~d))
50 #define rotl32(w, s) (((w) << (s)) | ((w) >> (32 - (s))))
52 /* Hash a single block, 64 bytes long and 4-byte aligned. */
53 static void md5_hash_block(const void *buffer, md5_ctx_t *ctx)
55 uint32_t correct_words[16];
56 const uint32_t *words = buffer;
58 #if MD5_SIZE_VS_SPEED > 0
59 static const uint32_t C_array[] = {
61 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee,
62 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
63 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
64 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
66 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
67 0xd62f105d, 0x2441453, 0xd8a1e681, 0xe7d3fbc8,
68 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed,
69 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
71 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
72 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
73 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05,
74 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
76 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039,
77 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
78 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
79 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391
81 static const char P_array[] ALIGN1 = {
82 # if MD5_SIZE_VS_SPEED > 1
83 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, /* 1 */
85 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, /* 2 */
86 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2, /* 3 */
87 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9 /* 4 */
89 # if MD5_SIZE_VS_SPEED > 1
90 static const char S_array[] ALIGN1 = {
96 # endif /* MD5_SIZE_VS_SPEED > 1 */
103 /* Process all bytes in the buffer with 64 bytes in each round of
105 uint32_t *cwp = correct_words;
111 #if MD5_SIZE_VS_SPEED > 1
118 for (i = 0; i < 16; i++)
119 cwp[i] = SWAP_LE32(words[i]);
122 # if MD5_SIZE_VS_SPEED > 2
127 for (i = 0; i < 64; i++) {
144 temp += cwp[(int) (*pp++)] + *pc++;
145 temp = rotl32(temp, ps[i & 3]);
157 for (i = 0; i < 16; i++) {
158 temp = A + FF(B, C, D) + cwp[(int) (*pp++)] + *pc++;
159 temp = rotl32(temp, ps[i & 3]);
167 for (i = 0; i < 16; i++) {
168 temp = A + FG(B, C, D) + cwp[(int) (*pp++)] + *pc++;
169 temp = rotl32(temp, ps[i & 3]);
177 for (i = 0; i < 16; i++) {
178 temp = A + FH(B, C, D) + cwp[(int) (*pp++)] + *pc++;
179 temp = rotl32(temp, ps[i & 3]);
187 for (i = 0; i < 16; i++) {
188 temp = A + FI(B, C, D) + cwp[(int) (*pp++)] + *pc++;
189 temp = rotl32(temp, ps[i & 3]);
197 # endif /* MD5_SIZE_VS_SPEED > 2 */
199 /* First round: using the given function, the context and a constant
200 the next context is computed. Because the algorithms processing
201 unit is a 32-bit word and it is determined to work on words in
202 little endian byte order we perhaps have to change the byte order
203 before the computation. To reduce the work for the next steps
204 we store the swapped words in the array CORRECT_WORDS. */
205 # define OP(a, b, c, d, s, T) \
207 a += FF(b, c, d) + (*cwp++ = SWAP_LE32(*words)) + T; \
213 /* Before we start, one word to the strange constants.
214 They are defined in RFC 1321 as
215 T[i] = (int)(4294967296.0 * fabs(sin(i))), i=1..64
218 # if MD5_SIZE_VS_SPEED == 1
222 # endif /* MD5_SIZE_VS_SPEED */
225 # if MD5_SIZE_VS_SPEED == 1
227 for (i = 0; i < 4; i++) {
228 OP(A, B, C, D, 7, *pc++);
229 OP(D, A, B, C, 12, *pc++);
230 OP(C, D, A, B, 17, *pc++);
231 OP(B, C, D, A, 22, *pc++);
234 OP(A, B, C, D, 7, 0xd76aa478);
235 OP(D, A, B, C, 12, 0xe8c7b756);
236 OP(C, D, A, B, 17, 0x242070db);
237 OP(B, C, D, A, 22, 0xc1bdceee);
238 OP(A, B, C, D, 7, 0xf57c0faf);
239 OP(D, A, B, C, 12, 0x4787c62a);
240 OP(C, D, A, B, 17, 0xa8304613);
241 OP(B, C, D, A, 22, 0xfd469501);
242 OP(A, B, C, D, 7, 0x698098d8);
243 OP(D, A, B, C, 12, 0x8b44f7af);
244 OP(C, D, A, B, 17, 0xffff5bb1);
245 OP(B, C, D, A, 22, 0x895cd7be);
246 OP(A, B, C, D, 7, 0x6b901122);
247 OP(D, A, B, C, 12, 0xfd987193);
248 OP(C, D, A, B, 17, 0xa679438e);
249 OP(B, C, D, A, 22, 0x49b40821);
250 # endif/* MD5_SIZE_VS_SPEED == 1 */
252 /* For the second to fourth round we have the possibly swapped words
253 in CORRECT_WORDS. Redefine the macro to take an additional first
254 argument specifying the function to use. */
256 # define OP(f, a, b, c, d, k, s, T) \
258 a += f(b, c, d) + correct_words[k] + T; \
264 # if MD5_SIZE_VS_SPEED == 1
266 for (i = 0; i < 4; i++) {
267 OP(FG, A, B, C, D, (int) (*pp++), 5, *pc++);
268 OP(FG, D, A, B, C, (int) (*pp++), 9, *pc++);
269 OP(FG, C, D, A, B, (int) (*pp++), 14, *pc++);
270 OP(FG, B, C, D, A, (int) (*pp++), 20, *pc++);
273 OP(FG, A, B, C, D, 1, 5, 0xf61e2562);
274 OP(FG, D, A, B, C, 6, 9, 0xc040b340);
275 OP(FG, C, D, A, B, 11, 14, 0x265e5a51);
276 OP(FG, B, C, D, A, 0, 20, 0xe9b6c7aa);
277 OP(FG, A, B, C, D, 5, 5, 0xd62f105d);
278 OP(FG, D, A, B, C, 10, 9, 0x02441453);
279 OP(FG, C, D, A, B, 15, 14, 0xd8a1e681);
280 OP(FG, B, C, D, A, 4, 20, 0xe7d3fbc8);
281 OP(FG, A, B, C, D, 9, 5, 0x21e1cde6);
282 OP(FG, D, A, B, C, 14, 9, 0xc33707d6);
283 OP(FG, C, D, A, B, 3, 14, 0xf4d50d87);
284 OP(FG, B, C, D, A, 8, 20, 0x455a14ed);
285 OP(FG, A, B, C, D, 13, 5, 0xa9e3e905);
286 OP(FG, D, A, B, C, 2, 9, 0xfcefa3f8);
287 OP(FG, C, D, A, B, 7, 14, 0x676f02d9);
288 OP(FG, B, C, D, A, 12, 20, 0x8d2a4c8a);
289 # endif/* MD5_SIZE_VS_SPEED == 1 */
292 # if MD5_SIZE_VS_SPEED == 1
293 for (i = 0; i < 4; i++) {
294 OP(FH, A, B, C, D, (int) (*pp++), 4, *pc++);
295 OP(FH, D, A, B, C, (int) (*pp++), 11, *pc++);
296 OP(FH, C, D, A, B, (int) (*pp++), 16, *pc++);
297 OP(FH, B, C, D, A, (int) (*pp++), 23, *pc++);
300 OP(FH, A, B, C, D, 5, 4, 0xfffa3942);
301 OP(FH, D, A, B, C, 8, 11, 0x8771f681);
302 OP(FH, C, D, A, B, 11, 16, 0x6d9d6122);
303 OP(FH, B, C, D, A, 14, 23, 0xfde5380c);
304 OP(FH, A, B, C, D, 1, 4, 0xa4beea44);
305 OP(FH, D, A, B, C, 4, 11, 0x4bdecfa9);
306 OP(FH, C, D, A, B, 7, 16, 0xf6bb4b60);
307 OP(FH, B, C, D, A, 10, 23, 0xbebfbc70);
308 OP(FH, A, B, C, D, 13, 4, 0x289b7ec6);
309 OP(FH, D, A, B, C, 0, 11, 0xeaa127fa);
310 OP(FH, C, D, A, B, 3, 16, 0xd4ef3085);
311 OP(FH, B, C, D, A, 6, 23, 0x04881d05);
312 OP(FH, A, B, C, D, 9, 4, 0xd9d4d039);
313 OP(FH, D, A, B, C, 12, 11, 0xe6db99e5);
314 OP(FH, C, D, A, B, 15, 16, 0x1fa27cf8);
315 OP(FH, B, C, D, A, 2, 23, 0xc4ac5665);
316 # endif/* MD5_SIZE_VS_SPEED == 1 */
319 # if MD5_SIZE_VS_SPEED == 1
320 for (i = 0; i < 4; i++) {
321 OP(FI, A, B, C, D, (int) (*pp++), 6, *pc++);
322 OP(FI, D, A, B, C, (int) (*pp++), 10, *pc++);
323 OP(FI, C, D, A, B, (int) (*pp++), 15, *pc++);
324 OP(FI, B, C, D, A, (int) (*pp++), 21, *pc++);
327 OP(FI, A, B, C, D, 0, 6, 0xf4292244);
328 OP(FI, D, A, B, C, 7, 10, 0x432aff97);
329 OP(FI, C, D, A, B, 14, 15, 0xab9423a7);
330 OP(FI, B, C, D, A, 5, 21, 0xfc93a039);
331 OP(FI, A, B, C, D, 12, 6, 0x655b59c3);
332 OP(FI, D, A, B, C, 3, 10, 0x8f0ccc92);
333 OP(FI, C, D, A, B, 10, 15, 0xffeff47d);
334 OP(FI, B, C, D, A, 1, 21, 0x85845dd1);
335 OP(FI, A, B, C, D, 8, 6, 0x6fa87e4f);
336 OP(FI, D, A, B, C, 15, 10, 0xfe2ce6e0);
337 OP(FI, C, D, A, B, 6, 15, 0xa3014314);
338 OP(FI, B, C, D, A, 13, 21, 0x4e0811a1);
339 OP(FI, A, B, C, D, 4, 6, 0xf7537e82);
340 OP(FI, D, A, B, C, 11, 10, 0xbd3af235);
341 OP(FI, C, D, A, B, 2, 15, 0x2ad7d2bb);
342 OP(FI, B, C, D, A, 9, 21, 0xeb86d391);
343 # endif /* MD5_SIZE_VS_SPEED == 1 */
344 #endif /* MD5_SIZE_VS_SPEED > 1 */
346 /* Add the starting values of the context. */
352 /* Put checksum in context given as argument. */
359 /* Feed data through a temporary buffer to call md5_hash_aligned_block()
360 * with chunks of data that are 4-byte aligned and a multiple of 64 bytes.
361 * This function's internal buffer remembers previous data until it has 64
362 * bytes worth to pass on. Call md5_end() to flush this buffer. */
363 void FAST_FUNC md5_hash(const void *buffer, size_t len, md5_ctx_t *ctx)
365 char *buf = (char *)buffer;
367 /* RFC 1321 specifies the possible length of the file up to 2^64 bits,
368 * Here we only track the number of bytes. */
371 /* Process all input. */
373 unsigned i = 64 - ctx->buflen;
375 /* Copy data into aligned buffer. */
376 if (i > len) i = len;
377 memcpy(ctx->buffer + ctx->buflen, buf, i);
382 /* When buffer fills up, process it. */
383 if (ctx->buflen == 64) {
384 md5_hash_block(ctx->buffer, ctx);
390 /* Process the remaining bytes in the buffer and put result from CTX
391 * in first 16 bytes following RESBUF. The result is always in little
392 * endian byte order, so that a byte-wise output yields to the wanted
393 * ASCII representation of the message digest.
395 * IMPORTANT: On some systems it is required that RESBUF is correctly
396 * aligned for a 32 bits value.
398 void FAST_FUNC md5_end(void *resbuf, md5_ctx_t *ctx)
400 char *buf = ctx->buffer;
403 /* Pad data to block size. */
404 buf[ctx->buflen++] = 0x80;
405 memset(buf + ctx->buflen, 0, 128 - ctx->buflen);
407 /* Put the 64-bit file length in *bits* at the end of the buffer. */
409 if (ctx->buflen > 56)
411 for (i = 0; i < 8; i++)
412 buf[56 + i] = ctx->total >> (i*8);
414 /* Process last bytes. */
415 if (buf != ctx->buffer)
416 md5_hash_block(ctx->buffer, ctx);
417 md5_hash_block(buf, ctx);
419 /* The MD5 result is in little endian byte order.
420 * We (ab)use the fact that A-D are consecutive in memory.
423 ctx->A = SWAP_LE32(ctx->A);
424 ctx->B = SWAP_LE32(ctx->B);
425 ctx->C = SWAP_LE32(ctx->C);
426 ctx->D = SWAP_LE32(ctx->D);
428 memcpy(resbuf, &ctx->A, sizeof(ctx->A) * 4);