1 |
joko |
1.1 |
|
2 |
|
|
|
3 |
|
|
|
4 |
|
|
|
5 |
|
|
|
6 |
|
|
Network Working Group R. Rivest |
7 |
|
|
Request for Comments: 1321 MIT Laboratory for Computer Science |
8 |
|
|
and RSA Data Security, Inc. |
9 |
|
|
April 1992 |
10 |
|
|
|
11 |
|
|
|
12 |
|
|
The MD5 Message-Digest Algorithm |
13 |
|
|
|
14 |
|
|
Status of this Memo |
15 |
|
|
|
16 |
|
|
This memo provides information for the Internet community. It does |
17 |
|
|
not specify an Internet standard. Distribution of this memo is |
18 |
|
|
unlimited. |
19 |
|
|
|
20 |
|
|
Acknowlegements |
21 |
|
|
|
22 |
|
|
We would like to thank Don Coppersmith, Burt Kaliski, Ralph Merkle, |
23 |
|
|
David Chaum, and Noam Nisan for numerous helpful comments and |
24 |
|
|
suggestions. |
25 |
|
|
|
26 |
|
|
Table of Contents |
27 |
|
|
|
28 |
|
|
1. Executive Summary 1 |
29 |
|
|
2. Terminology and Notation 2 |
30 |
|
|
3. MD5 Algorithm Description 3 |
31 |
|
|
4. Summary 6 |
32 |
|
|
5. Differences Between MD4 and MD5 6 |
33 |
|
|
References 7 |
34 |
|
|
APPENDIX A - Reference Implementation 7 |
35 |
|
|
Security Considerations 21 |
36 |
|
|
Author's Address 21 |
37 |
|
|
|
38 |
|
|
1. Executive Summary |
39 |
|
|
|
40 |
|
|
This document describes the MD5 message-digest algorithm. The |
41 |
|
|
algorithm takes as input a message of arbitrary length and produces |
42 |
|
|
as output a 128-bit "fingerprint" or "message digest" of the input. |
43 |
|
|
It is conjectured that it is computationally infeasible to produce |
44 |
|
|
two messages having the same message digest, or to produce any |
45 |
|
|
message having a given prespecified target message digest. The MD5 |
46 |
|
|
algorithm is intended for digital signature applications, where a |
47 |
|
|
large file must be "compressed" in a secure manner before being |
48 |
|
|
encrypted with a private (secret) key under a public-key cryptosystem |
49 |
|
|
such as RSA. |
50 |
|
|
|
51 |
|
|
|
52 |
|
|
|
53 |
|
|
|
54 |
|
|
|
55 |
|
|
|
56 |
|
|
|
57 |
|
|
Rivest [Page 1] |
58 |
|
|
|
59 |
|
|
RFC 1321 MD5 Message-Digest Algorithm April 1992 |
60 |
|
|
|
61 |
|
|
|
62 |
|
|
The MD5 algorithm is designed to be quite fast on 32-bit machines. In |
63 |
|
|
addition, the MD5 algorithm does not require any large substitution |
64 |
|
|
tables; the algorithm can be coded quite compactly. |
65 |
|
|
|
66 |
|
|
The MD5 algorithm is an extension of the MD4 message-digest algorithm |
67 |
|
|
1,2]. MD5 is slightly slower than MD4, but is more "conservative" in |
68 |
|
|
design. MD5 was designed because it was felt that MD4 was perhaps |
69 |
|
|
being adopted for use more quickly than justified by the existing |
70 |
|
|
critical review; because MD4 was designed to be exceptionally fast, |
71 |
|
|
it is "at the edge" in terms of risking successful cryptanalytic |
72 |
|
|
attack. MD5 backs off a bit, giving up a little in speed for a much |
73 |
|
|
greater likelihood of ultimate security. It incorporates some |
74 |
|
|
suggestions made by various reviewers, and contains additional |
75 |
|
|
optimizations. The MD5 algorithm is being placed in the public domain |
76 |
|
|
for review and possible adoption as a standard. |
77 |
|
|
|
78 |
|
|
For OSI-based applications, MD5's object identifier is |
79 |
|
|
|
80 |
|
|
md5 OBJECT IDENTIFIER ::= |
81 |
|
|
iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 5} |
82 |
|
|
|
83 |
|
|
In the X.509 type AlgorithmIdentifier [3], the parameters for MD5 |
84 |
|
|
should have type NULL. |
85 |
|
|
|
86 |
|
|
2. Terminology and Notation |
87 |
|
|
|
88 |
|
|
In this document a "word" is a 32-bit quantity and a "byte" is an |
89 |
|
|
eight-bit quantity. A sequence of bits can be interpreted in a |
90 |
|
|
natural manner as a sequence of bytes, where each consecutive group |
91 |
|
|
of eight bits is interpreted as a byte with the high-order (most |
92 |
|
|
significant) bit of each byte listed first. Similarly, a sequence of |
93 |
|
|
bytes can be interpreted as a sequence of 32-bit words, where each |
94 |
|
|
consecutive group of four bytes is interpreted as a word with the |
95 |
|
|
low-order (least significant) byte given first. |
96 |
|
|
|
97 |
|
|
Let x_i denote "x sub i". If the subscript is an expression, we |
98 |
|
|
surround it in braces, as in x_{i+1}. Similarly, we use ^ for |
99 |
|
|
superscripts (exponentiation), so that x^i denotes x to the i-th |
100 |
|
|
power. |
101 |
|
|
|
102 |
|
|
Let the symbol "+" denote addition of words (i.e., modulo-2^32 |
103 |
|
|
addition). Let X <<< s denote the 32-bit value obtained by circularly |
104 |
|
|
shifting (rotating) X left by s bit positions. Let not(X) denote the |
105 |
|
|
bit-wise complement of X, and let X v Y denote the bit-wise OR of X |
106 |
|
|
and Y. Let X xor Y denote the bit-wise XOR of X and Y, and let XY |
107 |
|
|
denote the bit-wise AND of X and Y. |
108 |
|
|
|
109 |
|
|
|
110 |
|
|
|
111 |
|
|
|
112 |
|
|
|
113 |
|
|
Rivest [Page 2] |
114 |
|
|
|
115 |
|
|
RFC 1321 MD5 Message-Digest Algorithm April 1992 |
116 |
|
|
|
117 |
|
|
|
118 |
|
|
3. MD5 Algorithm Description |
119 |
|
|
|
120 |
|
|
We begin by supposing that we have a b-bit message as input, and that |
121 |
|
|
we wish to find its message digest. Here b is an arbitrary |
122 |
|
|
nonnegative integer; b may be zero, it need not be a multiple of |
123 |
|
|
eight, and it may be arbitrarily large. We imagine the bits of the |
124 |
|
|
message written down as follows: |
125 |
|
|
|
126 |
|
|
m_0 m_1 ... m_{b-1} |
127 |
|
|
|
128 |
|
|
The following five steps are performed to compute the message digest |
129 |
|
|
of the message. |
130 |
|
|
|
131 |
|
|
3.1 Step 1. Append Padding Bits |
132 |
|
|
|
133 |
|
|
The message is "padded" (extended) so that its length (in bits) is |
134 |
|
|
congruent to 448, modulo 512. That is, the message is extended so |
135 |
|
|
that it is just 64 bits shy of being a multiple of 512 bits long. |
136 |
|
|
Padding is always performed, even if the length of the message is |
137 |
|
|
already congruent to 448, modulo 512. |
138 |
|
|
|
139 |
|
|
Padding is performed as follows: a single "1" bit is appended to the |
140 |
|
|
message, and then "0" bits are appended so that the length in bits of |
141 |
|
|
the padded message becomes congruent to 448, modulo 512. In all, at |
142 |
|
|
least one bit and at most 512 bits are appended. |
143 |
|
|
|
144 |
|
|
3.2 Step 2. Append Length |
145 |
|
|
|
146 |
|
|
A 64-bit representation of b (the length of the message before the |
147 |
|
|
padding bits were added) is appended to the result of the previous |
148 |
|
|
step. In the unlikely event that b is greater than 2^64, then only |
149 |
|
|
the low-order 64 bits of b are used. (These bits are appended as two |
150 |
|
|
32-bit words and appended low-order word first in accordance with the |
151 |
|
|
previous conventions.) |
152 |
|
|
|
153 |
|
|
At this point the resulting message (after padding with bits and with |
154 |
|
|
b) has a length that is an exact multiple of 512 bits. Equivalently, |
155 |
|
|
this message has a length that is an exact multiple of 16 (32-bit) |
156 |
|
|
words. Let M[0 ... N-1] denote the words of the resulting message, |
157 |
|
|
where N is a multiple of 16. |
158 |
|
|
|
159 |
|
|
3.3 Step 3. Initialize MD Buffer |
160 |
|
|
|
161 |
|
|
A four-word buffer (A,B,C,D) is used to compute the message digest. |
162 |
|
|
Here each of A, B, C, D is a 32-bit register. These registers are |
163 |
|
|
initialized to the following values in hexadecimal, low-order bytes |
164 |
|
|
first): |
165 |
|
|
|
166 |
|
|
|
167 |
|
|
|
168 |
|
|
|
169 |
|
|
Rivest [Page 3] |
170 |
|
|
|
171 |
|
|
RFC 1321 MD5 Message-Digest Algorithm April 1992 |
172 |
|
|
|
173 |
|
|
|
174 |
|
|
word A: 01 23 45 67 |
175 |
|
|
word B: 89 ab cd ef |
176 |
|
|
word C: fe dc ba 98 |
177 |
|
|
word D: 76 54 32 10 |
178 |
|
|
|
179 |
|
|
3.4 Step 4. Process Message in 16-Word Blocks |
180 |
|
|
|
181 |
|
|
We first define four auxiliary functions that each take as input |
182 |
|
|
three 32-bit words and produce as output one 32-bit word. |
183 |
|
|
|
184 |
|
|
F(X,Y,Z) = XY v not(X) Z |
185 |
|
|
G(X,Y,Z) = XZ v Y not(Z) |
186 |
|
|
H(X,Y,Z) = X xor Y xor Z |
187 |
|
|
I(X,Y,Z) = Y xor (X v not(Z)) |
188 |
|
|
|
189 |
|
|
In each bit position F acts as a conditional: if X then Y else Z. |
190 |
|
|
The function F could have been defined using + instead of v since XY |
191 |
|
|
and not(X)Z will never have 1's in the same bit position.) It is |
192 |
|
|
interesting to note that if the bits of X, Y, and Z are independent |
193 |
|
|
and unbiased, the each bit of F(X,Y,Z) will be independent and |
194 |
|
|
unbiased. |
195 |
|
|
|
196 |
|
|
The functions G, H, and I are similar to the function F, in that they |
197 |
|
|
act in "bitwise parallel" to produce their output from the bits of X, |
198 |
|
|
Y, and Z, in such a manner that if the corresponding bits of X, Y, |
199 |
|
|
and Z are independent and unbiased, then each bit of G(X,Y,Z), |
200 |
|
|
H(X,Y,Z), and I(X,Y,Z) will be independent and unbiased. Note that |
201 |
|
|
the function H is the bit-wise "xor" or "parity" function of its |
202 |
|
|
inputs. |
203 |
|
|
|
204 |
|
|
This step uses a 64-element table T[1 ... 64] constructed from the |
205 |
|
|
sine function. Let T[i] denote the i-th element of the table, which |
206 |
|
|
is equal to the integer part of 4294967296 times abs(sin(i)), where i |
207 |
|
|
is in radians. The elements of the table are given in the appendix. |
208 |
|
|
|
209 |
|
|
Do the following: |
210 |
|
|
|
211 |
|
|
/* Process each 16-word block. */ |
212 |
|
|
For i = 0 to N/16-1 do |
213 |
|
|
|
214 |
|
|
/* Copy block i into X. */ |
215 |
|
|
For j = 0 to 15 do |
216 |
|
|
Set X[j] to M[i*16+j]. |
217 |
|
|
end /* of loop on j */ |
218 |
|
|
|
219 |
|
|
/* Save A as AA, B as BB, C as CC, and D as DD. */ |
220 |
|
|
AA = A |
221 |
|
|
BB = B |
222 |
|
|
|
223 |
|
|
|
224 |
|
|
|
225 |
|
|
Rivest [Page 4] |
226 |
|
|
|
227 |
|
|
RFC 1321 MD5 Message-Digest Algorithm April 1992 |
228 |
|
|
|
229 |
|
|
|
230 |
|
|
CC = C |
231 |
|
|
DD = D |
232 |
|
|
|
233 |
|
|
/* Round 1. */ |
234 |
|
|
/* Let [abcd k s i] denote the operation |
235 |
|
|
a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s). */ |
236 |
|
|
/* Do the following 16 operations. */ |
237 |
|
|
[ABCD 0 7 1] [DABC 1 12 2] [CDAB 2 17 3] [BCDA 3 22 4] |
238 |
|
|
[ABCD 4 7 5] [DABC 5 12 6] [CDAB 6 17 7] [BCDA 7 22 8] |
239 |
|
|
[ABCD 8 7 9] [DABC 9 12 10] [CDAB 10 17 11] [BCDA 11 22 12] |
240 |
|
|
[ABCD 12 7 13] [DABC 13 12 14] [CDAB 14 17 15] [BCDA 15 22 16] |
241 |
|
|
|
242 |
|
|
/* Round 2. */ |
243 |
|
|
/* Let [abcd k s i] denote the operation |
244 |
|
|
a = b + ((a + G(b,c,d) + X[k] + T[i]) <<< s). */ |
245 |
|
|
/* Do the following 16 operations. */ |
246 |
|
|
[ABCD 1 5 17] [DABC 6 9 18] [CDAB 11 14 19] [BCDA 0 20 20] |
247 |
|
|
[ABCD 5 5 21] [DABC 10 9 22] [CDAB 15 14 23] [BCDA 4 20 24] |
248 |
|
|
[ABCD 9 5 25] [DABC 14 9 26] [CDAB 3 14 27] [BCDA 8 20 28] |
249 |
|
|
[ABCD 13 5 29] [DABC 2 9 30] [CDAB 7 14 31] [BCDA 12 20 32] |
250 |
|
|
|
251 |
|
|
/* Round 3. */ |
252 |
|
|
/* Let [abcd k s t] denote the operation |
253 |
|
|
a = b + ((a + H(b,c,d) + X[k] + T[i]) <<< s). */ |
254 |
|
|
/* Do the following 16 operations. */ |
255 |
|
|
[ABCD 5 4 33] [DABC 8 11 34] [CDAB 11 16 35] [BCDA 14 23 36] |
256 |
|
|
[ABCD 1 4 37] [DABC 4 11 38] [CDAB 7 16 39] [BCDA 10 23 40] |
257 |
|
|
[ABCD 13 4 41] [DABC 0 11 42] [CDAB 3 16 43] [BCDA 6 23 44] |
258 |
|
|
[ABCD 9 4 45] [DABC 12 11 46] [CDAB 15 16 47] [BCDA 2 23 48] |
259 |
|
|
|
260 |
|
|
/* Round 4. */ |
261 |
|
|
/* Let [abcd k s t] denote the operation |
262 |
|
|
a = b + ((a + I(b,c,d) + X[k] + T[i]) <<< s). */ |
263 |
|
|
/* Do the following 16 operations. */ |
264 |
|
|
[ABCD 0 6 49] [DABC 7 10 50] [CDAB 14 15 51] [BCDA 5 21 52] |
265 |
|
|
[ABCD 12 6 53] [DABC 3 10 54] [CDAB 10 15 55] [BCDA 1 21 56] |
266 |
|
|
[ABCD 8 6 57] [DABC 15 10 58] [CDAB 6 15 59] [BCDA 13 21 60] |
267 |
|
|
[ABCD 4 6 61] [DABC 11 10 62] [CDAB 2 15 63] [BCDA 9 21 64] |
268 |
|
|
|
269 |
|
|
/* Then perform the following additions. (That is increment each |
270 |
|
|
of the four registers by the value it had before this block |
271 |
|
|
was started.) */ |
272 |
|
|
A = A + AA |
273 |
|
|
B = B + BB |
274 |
|
|
C = C + CC |
275 |
|
|
D = D + DD |
276 |
|
|
|
277 |
|
|
end /* of loop on i */ |
278 |
|
|
|
279 |
|
|
|
280 |
|
|
|
281 |
|
|
Rivest [Page 5] |
282 |
|
|
|
283 |
|
|
RFC 1321 MD5 Message-Digest Algorithm April 1992 |
284 |
|
|
|
285 |
|
|
|
286 |
|
|
3.5 Step 5. Output |
287 |
|
|
|
288 |
|
|
The message digest produced as output is A, B, C, D. That is, we |
289 |
|
|
begin with the low-order byte of A, and end with the high-order byte |
290 |
|
|
of D. |
291 |
|
|
|
292 |
|
|
This completes the description of MD5. A reference implementation in |
293 |
|
|
C is given in the appendix. |
294 |
|
|
|
295 |
|
|
4. Summary |
296 |
|
|
|
297 |
|
|
The MD5 message-digest algorithm is simple to implement, and provides |
298 |
|
|
a "fingerprint" or message digest of a message of arbitrary length. |
299 |
|
|
It is conjectured that the difficulty of coming up with two messages |
300 |
|
|
having the same message digest is on the order of 2^64 operations, |
301 |
|
|
and that the difficulty of coming up with any message having a given |
302 |
|
|
message digest is on the order of 2^128 operations. The MD5 algorithm |
303 |
|
|
has been carefully scrutinized for weaknesses. It is, however, a |
304 |
|
|
relatively new algorithm and further security analysis is of course |
305 |
|
|
justified, as is the case with any new proposal of this sort. |
306 |
|
|
|
307 |
|
|
5. Differences Between MD4 and MD5 |
308 |
|
|
|
309 |
|
|
The following are the differences between MD4 and MD5: |
310 |
|
|
|
311 |
|
|
1. A fourth round has been added. |
312 |
|
|
|
313 |
|
|
2. Each step now has a unique additive constant. |
314 |
|
|
|
315 |
|
|
3. The function g in round 2 was changed from (XY v XZ v YZ) to |
316 |
|
|
(XZ v Y not(Z)) to make g less symmetric. |
317 |
|
|
|
318 |
|
|
4. Each step now adds in the result of the previous step. This |
319 |
|
|
promotes a faster "avalanche effect". |
320 |
|
|
|
321 |
|
|
5. The order in which input words are accessed in rounds 2 and |
322 |
|
|
3 is changed, to make these patterns less like each other. |
323 |
|
|
|
324 |
|
|
6. The shift amounts in each round have been approximately |
325 |
|
|
optimized, to yield a faster "avalanche effect." The shifts in |
326 |
|
|
different rounds are distinct. |
327 |
|
|
|
328 |
|
|
|
329 |
|
|
|
330 |
|
|
|
331 |
|
|
|
332 |
|
|
|
333 |
|
|
|
334 |
|
|
|
335 |
|
|
|
336 |
|
|
|
337 |
|
|
Rivest [Page 6] |
338 |
|
|
|
339 |
|
|
RFC 1321 MD5 Message-Digest Algorithm April 1992 |
340 |
|
|
|
341 |
|
|
|
342 |
|
|
References |
343 |
|
|
|
344 |
|
|
[1] Rivest, R., "The MD4 Message Digest Algorithm", RFC 1320, MIT and |
345 |
|
|
RSA Data Security, Inc., April 1992. |
346 |
|
|
|
347 |
|
|
[2] Rivest, R., "The MD4 message digest algorithm", in A.J. Menezes |
348 |
|
|
and S.A. Vanstone, editors, Advances in Cryptology - CRYPTO '90 |
349 |
|
|
Proceedings, pages 303-311, Springer-Verlag, 1991. |
350 |
|
|
|
351 |
|
|
[3] CCITT Recommendation X.509 (1988), "The Directory - |
352 |
|
|
Authentication Framework." |
353 |
|
|
|
354 |
|
|
APPENDIX A - Reference Implementation |
355 |
|
|
|
356 |
|
|
This appendix contains the following files taken from RSAREF: A |
357 |
|
|
Cryptographic Toolkit for Privacy-Enhanced Mail: |
358 |
|
|
|
359 |
|
|
global.h -- global header file |
360 |
|
|
|
361 |
|
|
md5.h -- header file for MD5 |
362 |
|
|
|
363 |
|
|
md5c.c -- source code for MD5 |
364 |
|
|
|
365 |
|
|
For more information on RSAREF, send email to <rsaref@rsa.com>. |
366 |
|
|
|
367 |
|
|
The appendix also includes the following file: |
368 |
|
|
|
369 |
|
|
mddriver.c -- test driver for MD2, MD4 and MD5 |
370 |
|
|
|
371 |
|
|
The driver compiles for MD5 by default but can compile for MD2 or MD4 |
372 |
|
|
if the symbol MD is defined on the C compiler command line as 2 or 4. |
373 |
|
|
|
374 |
|
|
The implementation is portable and should work on many different |
375 |
|
|
plaforms. However, it is not difficult to optimize the implementation |
376 |
|
|
on particular platforms, an exercise left to the reader. For example, |
377 |
|
|
on "little-endian" platforms where the lowest-addressed byte in a 32- |
378 |
|
|
bit word is the least significant and there are no alignment |
379 |
|
|
restrictions, the call to Decode in MD5Transform can be replaced with |
380 |
|
|
a typecast. |
381 |
|
|
|
382 |
|
|
A.1 global.h |
383 |
|
|
|
384 |
|
|
/* GLOBAL.H - RSAREF types and constants |
385 |
|
|
*/ |
386 |
|
|
|
387 |
|
|
/* PROTOTYPES should be set to one if and only if the compiler supports |
388 |
|
|
function argument prototyping. |
389 |
|
|
The following makes PROTOTYPES default to 0 if it has not already |
390 |
|
|
|
391 |
|
|
|
392 |
|
|
|
393 |
|
|
Rivest [Page 7] |
394 |
|
|
|
395 |
|
|
RFC 1321 MD5 Message-Digest Algorithm April 1992 |
396 |
|
|
|
397 |
|
|
|
398 |
|
|
been defined with C compiler flags. |
399 |
|
|
*/ |
400 |
|
|
#ifndef PROTOTYPES |
401 |
|
|
#define PROTOTYPES 0 |
402 |
|
|
#endif |
403 |
|
|
|
404 |
|
|
/* POINTER defines a generic pointer type */ |
405 |
|
|
typedef unsigned char *POINTER; |
406 |
|
|
|
407 |
|
|
/* UINT2 defines a two byte word */ |
408 |
|
|
typedef unsigned short int UINT2; |
409 |
|
|
|
410 |
|
|
/* UINT4 defines a four byte word */ |
411 |
|
|
typedef unsigned long int UINT4; |
412 |
|
|
|
413 |
|
|
/* PROTO_LIST is defined depending on how PROTOTYPES is defined above. |
414 |
|
|
If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it |
415 |
|
|
returns an empty list. |
416 |
|
|
*/ |
417 |
|
|
#if PROTOTYPES |
418 |
|
|
#define PROTO_LIST(list) list |
419 |
|
|
#else |
420 |
|
|
#define PROTO_LIST(list) () |
421 |
|
|
#endif |
422 |
|
|
|
423 |
|
|
A.2 md5.h |
424 |
|
|
|
425 |
|
|
/* MD5.H - header file for MD5C.C |
426 |
|
|
*/ |
427 |
|
|
|
428 |
|
|
/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All |
429 |
|
|
rights reserved. |
430 |
|
|
|
431 |
|
|
License to copy and use this software is granted provided that it |
432 |
|
|
is identified as the "RSA Data Security, Inc. MD5 Message-Digest |
433 |
|
|
Algorithm" in all material mentioning or referencing this software |
434 |
|
|
or this function. |
435 |
|
|
|
436 |
|
|
License is also granted to make and use derivative works provided |
437 |
|
|
that such works are identified as "derived from the RSA Data |
438 |
|
|
Security, Inc. MD5 Message-Digest Algorithm" in all material |
439 |
|
|
mentioning or referencing the derived work. |
440 |
|
|
|
441 |
|
|
RSA Data Security, Inc. makes no representations concerning either |
442 |
|
|
the merchantability of this software or the suitability of this |
443 |
|
|
software for any particular purpose. It is provided "as is" |
444 |
|
|
without express or implied warranty of any kind. |
445 |
|
|
|
446 |
|
|
|
447 |
|
|
|
448 |
|
|
|
449 |
|
|
Rivest [Page 8] |
450 |
|
|
|
451 |
|
|
RFC 1321 MD5 Message-Digest Algorithm April 1992 |
452 |
|
|
|
453 |
|
|
|
454 |
|
|
These notices must be retained in any copies of any part of this |
455 |
|
|
documentation and/or software. |
456 |
|
|
*/ |
457 |
|
|
|
458 |
|
|
/* MD5 context. */ |
459 |
|
|
typedef struct { |
460 |
|
|
UINT4 state[4]; /* state (ABCD) */ |
461 |
|
|
UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ |
462 |
|
|
unsigned char buffer[64]; /* input buffer */ |
463 |
|
|
} MD5_CTX; |
464 |
|
|
|
465 |
|
|
void MD5Init PROTO_LIST ((MD5_CTX *)); |
466 |
|
|
void MD5Update PROTO_LIST |
467 |
|
|
((MD5_CTX *, unsigned char *, unsigned int)); |
468 |
|
|
void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *)); |
469 |
|
|
|
470 |
|
|
A.3 md5c.c |
471 |
|
|
|
472 |
|
|
/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm |
473 |
|
|
*/ |
474 |
|
|
|
475 |
|
|
/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All |
476 |
|
|
rights reserved. |
477 |
|
|
|
478 |
|
|
License to copy and use this software is granted provided that it |
479 |
|
|
is identified as the "RSA Data Security, Inc. MD5 Message-Digest |
480 |
|
|
Algorithm" in all material mentioning or referencing this software |
481 |
|
|
or this function. |
482 |
|
|
|
483 |
|
|
License is also granted to make and use derivative works provided |
484 |
|
|
that such works are identified as "derived from the RSA Data |
485 |
|
|
Security, Inc. MD5 Message-Digest Algorithm" in all material |
486 |
|
|
mentioning or referencing the derived work. |
487 |
|
|
|
488 |
|
|
RSA Data Security, Inc. makes no representations concerning either |
489 |
|
|
the merchantability of this software or the suitability of this |
490 |
|
|
software for any particular purpose. It is provided "as is" |
491 |
|
|
without express or implied warranty of any kind. |
492 |
|
|
|
493 |
|
|
These notices must be retained in any copies of any part of this |
494 |
|
|
documentation and/or software. |
495 |
|
|
*/ |
496 |
|
|
|
497 |
|
|
#include "global.h" |
498 |
|
|
#include "md5.h" |
499 |
|
|
|
500 |
|
|
/* Constants for MD5Transform routine. |
501 |
|
|
*/ |
502 |
|
|
|
503 |
|
|
|
504 |
|
|
|
505 |
|
|
Rivest [Page 9] |
506 |
|
|
|
507 |
|
|
RFC 1321 MD5 Message-Digest Algorithm April 1992 |
508 |
|
|
|
509 |
|
|
|
510 |
|
|
#define S11 7 |
511 |
|
|
#define S12 12 |
512 |
|
|
#define S13 17 |
513 |
|
|
#define S14 22 |
514 |
|
|
#define S21 5 |
515 |
|
|
#define S22 9 |
516 |
|
|
#define S23 14 |
517 |
|
|
#define S24 20 |
518 |
|
|
#define S31 4 |
519 |
|
|
#define S32 11 |
520 |
|
|
#define S33 16 |
521 |
|
|
#define S34 23 |
522 |
|
|
#define S41 6 |
523 |
|
|
#define S42 10 |
524 |
|
|
#define S43 15 |
525 |
|
|
#define S44 21 |
526 |
|
|
|
527 |
|
|
static void MD5Transform PROTO_LIST ((UINT4 [4], unsigned char [64])); |
528 |
|
|
static void Encode PROTO_LIST |
529 |
|
|
((unsigned char *, UINT4 *, unsigned int)); |
530 |
|
|
static void Decode PROTO_LIST |
531 |
|
|
((UINT4 *, unsigned char *, unsigned int)); |
532 |
|
|
static void MD5_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int)); |
533 |
|
|
static void MD5_memset PROTO_LIST ((POINTER, int, unsigned int)); |
534 |
|
|
|
535 |
|
|
static unsigned char PADDING[64] = { |
536 |
|
|
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
537 |
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
538 |
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 |
539 |
|
|
}; |
540 |
|
|
|
541 |
|
|
/* F, G, H and I are basic MD5 functions. |
542 |
|
|
*/ |
543 |
|
|
#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) |
544 |
|
|
#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) |
545 |
|
|
#define H(x, y, z) ((x) ^ (y) ^ (z)) |
546 |
|
|
#define I(x, y, z) ((y) ^ ((x) | (~z))) |
547 |
|
|
|
548 |
|
|
/* ROTATE_LEFT rotates x left n bits. |
549 |
|
|
*/ |
550 |
|
|
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) |
551 |
|
|
|
552 |
|
|
/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. |
553 |
|
|
Rotation is separate from addition to prevent recomputation. |
554 |
|
|
*/ |
555 |
|
|
#define FF(a, b, c, d, x, s, ac) { \ |
556 |
|
|
(a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ |
557 |
|
|
(a) = ROTATE_LEFT ((a), (s)); \ |
558 |
|
|
|
559 |
|
|
|
560 |
|
|
|
561 |
|
|
Rivest [Page 10] |
562 |
|
|
|
563 |
|
|
RFC 1321 MD5 Message-Digest Algorithm April 1992 |
564 |
|
|
|
565 |
|
|
|
566 |
|
|
(a) += (b); \ |
567 |
|
|
} |
568 |
|
|
#define GG(a, b, c, d, x, s, ac) { \ |
569 |
|
|
(a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ |
570 |
|
|
(a) = ROTATE_LEFT ((a), (s)); \ |
571 |
|
|
(a) += (b); \ |
572 |
|
|
} |
573 |
|
|
#define HH(a, b, c, d, x, s, ac) { \ |
574 |
|
|
(a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ |
575 |
|
|
(a) = ROTATE_LEFT ((a), (s)); \ |
576 |
|
|
(a) += (b); \ |
577 |
|
|
} |
578 |
|
|
#define II(a, b, c, d, x, s, ac) { \ |
579 |
|
|
(a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ |
580 |
|
|
(a) = ROTATE_LEFT ((a), (s)); \ |
581 |
|
|
(a) += (b); \ |
582 |
|
|
} |
583 |
|
|
|
584 |
|
|
/* MD5 initialization. Begins an MD5 operation, writing a new context. |
585 |
|
|
*/ |
586 |
|
|
void MD5Init (context) |
587 |
|
|
MD5_CTX *context; /* context */ |
588 |
|
|
{ |
589 |
|
|
context->count[0] = context->count[1] = 0; |
590 |
|
|
/* Load magic initialization constants. |
591 |
|
|
*/ |
592 |
|
|
context->state[0] = 0x67452301; |
593 |
|
|
context->state[1] = 0xefcdab89; |
594 |
|
|
context->state[2] = 0x98badcfe; |
595 |
|
|
context->state[3] = 0x10325476; |
596 |
|
|
} |
597 |
|
|
|
598 |
|
|
/* MD5 block update operation. Continues an MD5 message-digest |
599 |
|
|
operation, processing another message block, and updating the |
600 |
|
|
context. |
601 |
|
|
*/ |
602 |
|
|
void MD5Update (context, input, inputLen) |
603 |
|
|
MD5_CTX *context; /* context */ |
604 |
|
|
unsigned char *input; /* input block */ |
605 |
|
|
unsigned int inputLen; /* length of input block */ |
606 |
|
|
{ |
607 |
|
|
unsigned int i, index, partLen; |
608 |
|
|
|
609 |
|
|
/* Compute number of bytes mod 64 */ |
610 |
|
|
index = (unsigned int)((context->count[0] >> 3) & 0x3F); |
611 |
|
|
|
612 |
|
|
/* Update number of bits */ |
613 |
|
|
if ((context->count[0] += ((UINT4)inputLen << 3)) |
614 |
|
|
|
615 |
|
|
|
616 |
|
|
|
617 |
|
|
Rivest [Page 11] |
618 |
|
|
|
619 |
|
|
RFC 1321 MD5 Message-Digest Algorithm April 1992 |
620 |
|
|
|
621 |
|
|
|
622 |
|
|
< ((UINT4)inputLen << 3)) |
623 |
|
|
context->count[1]++; |
624 |
|
|
context->count[1] += ((UINT4)inputLen >> 29); |
625 |
|
|
|
626 |
|
|
partLen = 64 - index; |
627 |
|
|
|
628 |
|
|
/* Transform as many times as possible. |
629 |
|
|
*/ |
630 |
|
|
if (inputLen >= partLen) { |
631 |
|
|
MD5_memcpy |
632 |
|
|
((POINTER)&context->buffer[index], (POINTER)input, partLen); |
633 |
|
|
MD5Transform (context->state, context->buffer); |
634 |
|
|
|
635 |
|
|
for (i = partLen; i + 63 < inputLen; i += 64) |
636 |
|
|
MD5Transform (context->state, &input[i]); |
637 |
|
|
|
638 |
|
|
index = 0; |
639 |
|
|
} |
640 |
|
|
else |
641 |
|
|
i = 0; |
642 |
|
|
|
643 |
|
|
/* Buffer remaining input */ |
644 |
|
|
MD5_memcpy |
645 |
|
|
((POINTER)&context->buffer[index], (POINTER)&input[i], |
646 |
|
|
inputLen-i); |
647 |
|
|
} |
648 |
|
|
|
649 |
|
|
/* MD5 finalization. Ends an MD5 message-digest operation, writing the |
650 |
|
|
the message digest and zeroizing the context. |
651 |
|
|
*/ |
652 |
|
|
void MD5Final (digest, context) |
653 |
|
|
unsigned char digest[16]; /* message digest */ |
654 |
|
|
MD5_CTX *context; /* context */ |
655 |
|
|
{ |
656 |
|
|
unsigned char bits[8]; |
657 |
|
|
unsigned int index, padLen; |
658 |
|
|
|
659 |
|
|
/* Save number of bits */ |
660 |
|
|
Encode (bits, context->count, 8); |
661 |
|
|
|
662 |
|
|
/* Pad out to 56 mod 64. |
663 |
|
|
*/ |
664 |
|
|
index = (unsigned int)((context->count[0] >> 3) & 0x3f); |
665 |
|
|
padLen = (index < 56) ? (56 - index) : (120 - index); |
666 |
|
|
MD5Update (context, PADDING, padLen); |
667 |
|
|
|
668 |
|
|
/* Append length (before padding) */ |
669 |
|
|
MD5Update (context, bits, 8); |
670 |
|
|
|
671 |
|
|
|
672 |
|
|
|
673 |
|
|
Rivest [Page 12] |
674 |
|
|
|
675 |
|
|
RFC 1321 MD5 Message-Digest Algorithm April 1992 |
676 |
|
|
|
677 |
|
|
|
678 |
|
|
/* Store state in digest */ |
679 |
|
|
Encode (digest, context->state, 16); |
680 |
|
|
|
681 |
|
|
/* Zeroize sensitive information. |
682 |
|
|
*/ |
683 |
|
|
MD5_memset ((POINTER)context, 0, sizeof (*context)); |
684 |
|
|
} |
685 |
|
|
|
686 |
|
|
/* MD5 basic transformation. Transforms state based on block. |
687 |
|
|
*/ |
688 |
|
|
static void MD5Transform (state, block) |
689 |
|
|
UINT4 state[4]; |
690 |
|
|
unsigned char block[64]; |
691 |
|
|
{ |
692 |
|
|
UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; |
693 |
|
|
|
694 |
|
|
Decode (x, block, 64); |
695 |
|
|
|
696 |
|
|
/* Round 1 */ |
697 |
|
|
FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ |
698 |
|
|
FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ |
699 |
|
|
FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ |
700 |
|
|
FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ |
701 |
|
|
FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ |
702 |
|
|
FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ |
703 |
|
|
FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ |
704 |
|
|
FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ |
705 |
|
|
FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ |
706 |
|
|
FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ |
707 |
|
|
FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ |
708 |
|
|
FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ |
709 |
|
|
FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ |
710 |
|
|
FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ |
711 |
|
|
FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ |
712 |
|
|
FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ |
713 |
|
|
|
714 |
|
|
/* Round 2 */ |
715 |
|
|
GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ |
716 |
|
|
GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ |
717 |
|
|
GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ |
718 |
|
|
GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ |
719 |
|
|
GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ |
720 |
|
|
GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ |
721 |
|
|
GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ |
722 |
|
|
GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ |
723 |
|
|
GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ |
724 |
|
|
GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ |
725 |
|
|
GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ |
726 |
|
|
|
727 |
|
|
|
728 |
|
|
|
729 |
|
|
Rivest [Page 13] |
730 |
|
|
|
731 |
|
|
RFC 1321 MD5 Message-Digest Algorithm April 1992 |
732 |
|
|
|
733 |
|
|
|
734 |
|
|
GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ |
735 |
|
|
GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ |
736 |
|
|
GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ |
737 |
|
|
GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ |
738 |
|
|
GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ |
739 |
|
|
|
740 |
|
|
/* Round 3 */ |
741 |
|
|
HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ |
742 |
|
|
HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ |
743 |
|
|
HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ |
744 |
|
|
HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ |
745 |
|
|
HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ |
746 |
|
|
HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ |
747 |
|
|
HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ |
748 |
|
|
HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ |
749 |
|
|
HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ |
750 |
|
|
HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ |
751 |
|
|
HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ |
752 |
|
|
HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ |
753 |
|
|
HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ |
754 |
|
|
HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ |
755 |
|
|
HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ |
756 |
|
|
HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ |
757 |
|
|
|
758 |
|
|
/* Round 4 */ |
759 |
|
|
II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ |
760 |
|
|
II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ |
761 |
|
|
II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ |
762 |
|
|
II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ |
763 |
|
|
II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ |
764 |
|
|
II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ |
765 |
|
|
II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ |
766 |
|
|
II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ |
767 |
|
|
II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ |
768 |
|
|
II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ |
769 |
|
|
II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ |
770 |
|
|
II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ |
771 |
|
|
II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ |
772 |
|
|
II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ |
773 |
|
|
II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ |
774 |
|
|
II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ |
775 |
|
|
|
776 |
|
|
state[0] += a; |
777 |
|
|
state[1] += b; |
778 |
|
|
state[2] += c; |
779 |
|
|
state[3] += d; |
780 |
|
|
|
781 |
|
|
/* Zeroize sensitive information. |
782 |
|
|
|
783 |
|
|
|
784 |
|
|
|
785 |
|
|
Rivest [Page 14] |
786 |
|
|
|
787 |
|
|
RFC 1321 MD5 Message-Digest Algorithm April 1992 |
788 |
|
|
|
789 |
|
|
|
790 |
|
|
*/ |
791 |
|
|
MD5_memset ((POINTER)x, 0, sizeof (x)); |
792 |
|
|
} |
793 |
|
|
|
794 |
|
|
/* Encodes input (UINT4) into output (unsigned char). Assumes len is |
795 |
|
|
a multiple of 4. |
796 |
|
|
*/ |
797 |
|
|
static void Encode (output, input, len) |
798 |
|
|
unsigned char *output; |
799 |
|
|
UINT4 *input; |
800 |
|
|
unsigned int len; |
801 |
|
|
{ |
802 |
|
|
unsigned int i, j; |
803 |
|
|
|
804 |
|
|
for (i = 0, j = 0; j < len; i++, j += 4) { |
805 |
|
|
output[j] = (unsigned char)(input[i] & 0xff); |
806 |
|
|
output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); |
807 |
|
|
output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); |
808 |
|
|
output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); |
809 |
|
|
} |
810 |
|
|
} |
811 |
|
|
|
812 |
|
|
/* Decodes input (unsigned char) into output (UINT4). Assumes len is |
813 |
|
|
a multiple of 4. |
814 |
|
|
*/ |
815 |
|
|
static void Decode (output, input, len) |
816 |
|
|
UINT4 *output; |
817 |
|
|
unsigned char *input; |
818 |
|
|
unsigned int len; |
819 |
|
|
{ |
820 |
|
|
unsigned int i, j; |
821 |
|
|
|
822 |
|
|
for (i = 0, j = 0; j < len; i++, j += 4) |
823 |
|
|
output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | |
824 |
|
|
(((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24); |
825 |
|
|
} |
826 |
|
|
|
827 |
|
|
/* Note: Replace "for loop" with standard memcpy if possible. |
828 |
|
|
*/ |
829 |
|
|
|
830 |
|
|
static void MD5_memcpy (output, input, len) |
831 |
|
|
POINTER output; |
832 |
|
|
POINTER input; |
833 |
|
|
unsigned int len; |
834 |
|
|
{ |
835 |
|
|
unsigned int i; |
836 |
|
|
|
837 |
|
|
for (i = 0; i < len; i++) |
838 |
|
|
|
839 |
|
|
|
840 |
|
|
|
841 |
|
|
Rivest [Page 15] |
842 |
|
|
|
843 |
|
|
RFC 1321 MD5 Message-Digest Algorithm April 1992 |
844 |
|
|
|
845 |
|
|
|
846 |
|
|
output[i] = input[i]; |
847 |
|
|
} |
848 |
|
|
|
849 |
|
|
/* Note: Replace "for loop" with standard memset if possible. |
850 |
|
|
*/ |
851 |
|
|
static void MD5_memset (output, value, len) |
852 |
|
|
POINTER output; |
853 |
|
|
int value; |
854 |
|
|
unsigned int len; |
855 |
|
|
{ |
856 |
|
|
unsigned int i; |
857 |
|
|
|
858 |
|
|
for (i = 0; i < len; i++) |
859 |
|
|
((char *)output)[i] = (char)value; |
860 |
|
|
} |
861 |
|
|
|
862 |
|
|
A.4 mddriver.c |
863 |
|
|
|
864 |
|
|
/* MDDRIVER.C - test driver for MD2, MD4 and MD5 |
865 |
|
|
*/ |
866 |
|
|
|
867 |
|
|
/* Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All |
868 |
|
|
rights reserved. |
869 |
|
|
|
870 |
|
|
RSA Data Security, Inc. makes no representations concerning either |
871 |
|
|
the merchantability of this software or the suitability of this |
872 |
|
|
software for any particular purpose. It is provided "as is" |
873 |
|
|
without express or implied warranty of any kind. |
874 |
|
|
|
875 |
|
|
These notices must be retained in any copies of any part of this |
876 |
|
|
documentation and/or software. |
877 |
|
|
*/ |
878 |
|
|
|
879 |
|
|
/* The following makes MD default to MD5 if it has not already been |
880 |
|
|
defined with C compiler flags. |
881 |
|
|
*/ |
882 |
|
|
#ifndef MD |
883 |
|
|
#define MD MD5 |
884 |
|
|
#endif |
885 |
|
|
|
886 |
|
|
#include <stdio.h> |
887 |
|
|
#include <time.h> |
888 |
|
|
#include <string.h> |
889 |
|
|
#include "global.h" |
890 |
|
|
#if MD == 2 |
891 |
|
|
#include "md2.h" |
892 |
|
|
#endif |
893 |
|
|
#if MD == 4 |
894 |
|
|
|
895 |
|
|
|
896 |
|
|
|
897 |
|
|
Rivest [Page 16] |
898 |
|
|
|
899 |
|
|
RFC 1321 MD5 Message-Digest Algorithm April 1992 |
900 |
|
|
|
901 |
|
|
|
902 |
|
|
#include "md4.h" |
903 |
|
|
#endif |
904 |
|
|
#if MD == 5 |
905 |
|
|
#include "md5.h" |
906 |
|
|
#endif |
907 |
|
|
|
908 |
|
|
/* Length of test block, number of test blocks. |
909 |
|
|
*/ |
910 |
|
|
#define TEST_BLOCK_LEN 1000 |
911 |
|
|
#define TEST_BLOCK_COUNT 1000 |
912 |
|
|
|
913 |
|
|
static void MDString PROTO_LIST ((char *)); |
914 |
|
|
static void MDTimeTrial PROTO_LIST ((void)); |
915 |
|
|
static void MDTestSuite PROTO_LIST ((void)); |
916 |
|
|
static void MDFile PROTO_LIST ((char *)); |
917 |
|
|
static void MDFilter PROTO_LIST ((void)); |
918 |
|
|
static void MDPrint PROTO_LIST ((unsigned char [16])); |
919 |
|
|
|
920 |
|
|
#if MD == 2 |
921 |
|
|
#define MD_CTX MD2_CTX |
922 |
|
|
#define MDInit MD2Init |
923 |
|
|
#define MDUpdate MD2Update |
924 |
|
|
#define MDFinal MD2Final |
925 |
|
|
#endif |
926 |
|
|
#if MD == 4 |
927 |
|
|
#define MD_CTX MD4_CTX |
928 |
|
|
#define MDInit MD4Init |
929 |
|
|
#define MDUpdate MD4Update |
930 |
|
|
#define MDFinal MD4Final |
931 |
|
|
#endif |
932 |
|
|
#if MD == 5 |
933 |
|
|
#define MD_CTX MD5_CTX |
934 |
|
|
#define MDInit MD5Init |
935 |
|
|
#define MDUpdate MD5Update |
936 |
|
|
#define MDFinal MD5Final |
937 |
|
|
#endif |
938 |
|
|
|
939 |
|
|
/* Main driver. |
940 |
|
|
|
941 |
|
|
Arguments (may be any combination): |
942 |
|
|
-sstring - digests string |
943 |
|
|
-t - runs time trial |
944 |
|
|
-x - runs test script |
945 |
|
|
filename - digests file |
946 |
|
|
(none) - digests standard input |
947 |
|
|
*/ |
948 |
|
|
int main (argc, argv) |
949 |
|
|
int argc; |
950 |
|
|
|
951 |
|
|
|
952 |
|
|
|
953 |
|
|
Rivest [Page 17] |
954 |
|
|
|
955 |
|
|
RFC 1321 MD5 Message-Digest Algorithm April 1992 |
956 |
|
|
|
957 |
|
|
|
958 |
|
|
char *argv[]; |
959 |
|
|
{ |
960 |
|
|
int i; |
961 |
|
|
|
962 |
|
|
if (argc > 1) |
963 |
|
|
for (i = 1; i < argc; i++) |
964 |
|
|
if (argv[i][0] == '-' && argv[i][1] == 's') |
965 |
|
|
MDString (argv[i] + 2); |
966 |
|
|
else if (strcmp (argv[i], "-t") == 0) |
967 |
|
|
MDTimeTrial (); |
968 |
|
|
else if (strcmp (argv[i], "-x") == 0) |
969 |
|
|
MDTestSuite (); |
970 |
|
|
else |
971 |
|
|
MDFile (argv[i]); |
972 |
|
|
else |
973 |
|
|
MDFilter (); |
974 |
|
|
|
975 |
|
|
return (0); |
976 |
|
|
} |
977 |
|
|
|
978 |
|
|
/* Digests a string and prints the result. |
979 |
|
|
*/ |
980 |
|
|
static void MDString (string) |
981 |
|
|
char *string; |
982 |
|
|
{ |
983 |
|
|
MD_CTX context; |
984 |
|
|
unsigned char digest[16]; |
985 |
|
|
unsigned int len = strlen (string); |
986 |
|
|
|
987 |
|
|
MDInit (&context); |
988 |
|
|
MDUpdate (&context, string, len); |
989 |
|
|
MDFinal (digest, &context); |
990 |
|
|
|
991 |
|
|
printf ("MD%d (\"%s\") = ", MD, string); |
992 |
|
|
MDPrint (digest); |
993 |
|
|
printf ("\n"); |
994 |
|
|
} |
995 |
|
|
|
996 |
|
|
/* Measures the time to digest TEST_BLOCK_COUNT TEST_BLOCK_LEN-byte |
997 |
|
|
blocks. |
998 |
|
|
*/ |
999 |
|
|
static void MDTimeTrial () |
1000 |
|
|
{ |
1001 |
|
|
MD_CTX context; |
1002 |
|
|
time_t endTime, startTime; |
1003 |
|
|
unsigned char block[TEST_BLOCK_LEN], digest[16]; |
1004 |
|
|
unsigned int i; |
1005 |
|
|
|
1006 |
|
|
|
1007 |
|
|
|
1008 |
|
|
|
1009 |
|
|
Rivest [Page 18] |
1010 |
|
|
|
1011 |
|
|
RFC 1321 MD5 Message-Digest Algorithm April 1992 |
1012 |
|
|
|
1013 |
|
|
|
1014 |
|
|
printf |
1015 |
|
|
("MD%d time trial. Digesting %d %d-byte blocks ...", MD, |
1016 |
|
|
TEST_BLOCK_LEN, TEST_BLOCK_COUNT); |
1017 |
|
|
|
1018 |
|
|
/* Initialize block */ |
1019 |
|
|
for (i = 0; i < TEST_BLOCK_LEN; i++) |
1020 |
|
|
block[i] = (unsigned char)(i & 0xff); |
1021 |
|
|
|
1022 |
|
|
/* Start timer */ |
1023 |
|
|
time (&startTime); |
1024 |
|
|
|
1025 |
|
|
/* Digest blocks */ |
1026 |
|
|
MDInit (&context); |
1027 |
|
|
for (i = 0; i < TEST_BLOCK_COUNT; i++) |
1028 |
|
|
MDUpdate (&context, block, TEST_BLOCK_LEN); |
1029 |
|
|
MDFinal (digest, &context); |
1030 |
|
|
|
1031 |
|
|
/* Stop timer */ |
1032 |
|
|
time (&endTime); |
1033 |
|
|
|
1034 |
|
|
printf (" done\n"); |
1035 |
|
|
printf ("Digest = "); |
1036 |
|
|
MDPrint (digest); |
1037 |
|
|
printf ("\nTime = %ld seconds\n", (long)(endTime-startTime)); |
1038 |
|
|
printf |
1039 |
|
|
("Speed = %ld bytes/second\n", |
1040 |
|
|
(long)TEST_BLOCK_LEN * (long)TEST_BLOCK_COUNT/(endTime-startTime)); |
1041 |
|
|
} |
1042 |
|
|
|
1043 |
|
|
/* Digests a reference suite of strings and prints the results. |
1044 |
|
|
*/ |
1045 |
|
|
static void MDTestSuite () |
1046 |
|
|
{ |
1047 |
|
|
printf ("MD%d test suite:\n", MD); |
1048 |
|
|
|
1049 |
|
|
MDString (""); |
1050 |
|
|
MDString ("a"); |
1051 |
|
|
MDString ("abc"); |
1052 |
|
|
MDString ("message digest"); |
1053 |
|
|
MDString ("abcdefghijklmnopqrstuvwxyz"); |
1054 |
|
|
MDString |
1055 |
|
|
("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"); |
1056 |
|
|
MDString |
1057 |
|
|
("1234567890123456789012345678901234567890\ |
1058 |
|
|
1234567890123456789012345678901234567890"); |
1059 |
|
|
} |
1060 |
|
|
|
1061 |
|
|
/* Digests a file and prints the result. |
1062 |
|
|
|
1063 |
|
|
|
1064 |
|
|
|
1065 |
|
|
Rivest [Page 19] |
1066 |
|
|
|
1067 |
|
|
RFC 1321 MD5 Message-Digest Algorithm April 1992 |
1068 |
|
|
|
1069 |
|
|
|
1070 |
|
|
*/ |
1071 |
|
|
static void MDFile (filename) |
1072 |
|
|
char *filename; |
1073 |
|
|
{ |
1074 |
|
|
FILE *file; |
1075 |
|
|
MD_CTX context; |
1076 |
|
|
int len; |
1077 |
|
|
unsigned char buffer[1024], digest[16]; |
1078 |
|
|
|
1079 |
|
|
if ((file = fopen (filename, "rb")) == NULL) |
1080 |
|
|
printf ("%s can't be opened\n", filename); |
1081 |
|
|
|
1082 |
|
|
else { |
1083 |
|
|
MDInit (&context); |
1084 |
|
|
while (len = fread (buffer, 1, 1024, file)) |
1085 |
|
|
MDUpdate (&context, buffer, len); |
1086 |
|
|
MDFinal (digest, &context); |
1087 |
|
|
|
1088 |
|
|
fclose (file); |
1089 |
|
|
|
1090 |
|
|
printf ("MD%d (%s) = ", MD, filename); |
1091 |
|
|
MDPrint (digest); |
1092 |
|
|
printf ("\n"); |
1093 |
|
|
} |
1094 |
|
|
} |
1095 |
|
|
|
1096 |
|
|
/* Digests the standard input and prints the result. |
1097 |
|
|
*/ |
1098 |
|
|
static void MDFilter () |
1099 |
|
|
{ |
1100 |
|
|
MD_CTX context; |
1101 |
|
|
int len; |
1102 |
|
|
unsigned char buffer[16], digest[16]; |
1103 |
|
|
|
1104 |
|
|
MDInit (&context); |
1105 |
|
|
while (len = fread (buffer, 1, 16, stdin)) |
1106 |
|
|
MDUpdate (&context, buffer, len); |
1107 |
|
|
MDFinal (digest, &context); |
1108 |
|
|
|
1109 |
|
|
MDPrint (digest); |
1110 |
|
|
printf ("\n"); |
1111 |
|
|
} |
1112 |
|
|
|
1113 |
|
|
/* Prints a message digest in hexadecimal. |
1114 |
|
|
*/ |
1115 |
|
|
static void MDPrint (digest) |
1116 |
|
|
unsigned char digest[16]; |
1117 |
|
|
{ |
1118 |
|
|
|
1119 |
|
|
|
1120 |
|
|
|
1121 |
|
|
Rivest [Page 20] |
1122 |
|
|
|
1123 |
|
|
RFC 1321 MD5 Message-Digest Algorithm April 1992 |
1124 |
|
|
|
1125 |
|
|
|
1126 |
|
|
unsigned int i; |
1127 |
|
|
|
1128 |
|
|
for (i = 0; i < 16; i++) |
1129 |
|
|
printf ("%02x", digest[i]); |
1130 |
|
|
} |
1131 |
|
|
|
1132 |
|
|
A.5 Test suite |
1133 |
|
|
|
1134 |
|
|
The MD5 test suite (driver option "-x") should print the following |
1135 |
|
|
results: |
1136 |
|
|
|
1137 |
|
|
MD5 test suite: |
1138 |
|
|
MD5 ("") = d41d8cd98f00b204e9800998ecf8427e |
1139 |
|
|
MD5 ("a") = 0cc175b9c0f1b6a831c399e269772661 |
1140 |
|
|
MD5 ("abc") = 900150983cd24fb0d6963f7d28e17f72 |
1141 |
|
|
MD5 ("message digest") = f96b697d7cb7938d525a2f31aaf161d0 |
1142 |
|
|
MD5 ("abcdefghijklmnopqrstuvwxyz") = c3fcd3d76192e4007dfb496cca67e13b |
1143 |
|
|
MD5 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = |
1144 |
|
|
d174ab98d277d9f5a5611c2c9f419d9f |
1145 |
|
|
MD5 ("123456789012345678901234567890123456789012345678901234567890123456 |
1146 |
|
|
78901234567890") = 57edf4a22be3c955ac49da2e2107b67a |
1147 |
|
|
|
1148 |
|
|
Security Considerations |
1149 |
|
|
|
1150 |
|
|
The level of security discussed in this memo is considered to be |
1151 |
|
|
sufficient for implementing very high security hybrid digital- |
1152 |
|
|
signature schemes based on MD5 and a public-key cryptosystem. |
1153 |
|
|
|
1154 |
|
|
Author's Address |
1155 |
|
|
|
1156 |
|
|
Ronald L. Rivest |
1157 |
|
|
Massachusetts Institute of Technology |
1158 |
|
|
Laboratory for Computer Science |
1159 |
|
|
NE43-324 |
1160 |
|
|
545 Technology Square |
1161 |
|
|
Cambridge, MA 02139-1986 |
1162 |
|
|
|
1163 |
|
|
Phone: (617) 253-5880 |
1164 |
|
|
EMail: rivest@theory.lcs.mit.edu |
1165 |
|
|
|
1166 |
|
|
|
1167 |
|
|
|
1168 |
|
|
|
1169 |
|
|
|
1170 |
|
|
|
1171 |
|
|
|
1172 |
|
|
|
1173 |
|
|
|
1174 |
|
|
|
1175 |
|
|
|
1176 |
|
|
|
1177 |
|
|
Rivest [Page 21] |
1178 |
|
|
|
1179 |
|
|
|