xref: /freebsd/lib/libmd/mdX.3 (revision 0bf48626aaa33768078f5872b922b1487b3a9296)
1.\"
2.\" ----------------------------------------------------------------------------
3.\" "THE BEER-WARE LICENSE" (Revision 42):
4.\" <phk@FreeBSD.org> wrote this file.  As long as you retain this notice you
5.\" can do whatever you want with this stuff. If we meet some day, and you think
6.\" this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
7.\" ----------------------------------------------------------------------------
8.\"
9.\" $FreeBSD$
10.\"
11.Dd May 21, 2019
12.Dt MDX 3
13.Os
14.Sh NAME
15.Nm MDXInit ,
16.Nm MDXUpdate ,
17.Nm MDXPad ,
18.Nm MDXFinal ,
19.Nm MDXEnd ,
20.Nm MDXFile ,
21.Nm MDXFileChunk ,
22.Nm MDXData
23.Nd calculate the RSA Data Security, Inc., ``MDX'' message digest
24.Sh LIBRARY
25.Lb libmd
26.Sh SYNOPSIS
27.In sys/types.h
28.In mdX.h
29.Ft void
30.Fn MDXInit "MDX_CTX *context"
31.Ft void
32.Fn MDXUpdate "MDX_CTX *context" "const void *data" "unsigned int len"
33.Ft void
34.Fn MDXPad "MDX_CTX *context"
35.Ft void
36.Fn MDXFinal "unsigned char digest[16]" "MDX_CTX *context"
37.Ft "char *"
38.Fn MDXEnd "MDX_CTX *context" "char *buf"
39.Ft "char *"
40.Fn MDXFile "const char *filename" "char *buf"
41.Ft "char *"
42.Fn MDXFileChunk "const char *filename" "char *buf" "off_t offset" "off_t length"
43.Ft "char *"
44.Fn MDXData "const void *data" "unsigned int len" "char *buf"
45.Sh DESCRIPTION
46The MDX functions calculate a 128-bit cryptographic checksum (digest)
47for any number of input bytes.
48A cryptographic checksum is a one-way
49hash-function, that is, you cannot find (except by exhaustive search)
50the input corresponding to a particular output.
51This net result is a
52.Dq fingerprint
53of the input-data, which does not disclose the actual input.
54.Pp
55MD4 is the fastest and MD5 is somewhat slower.
56MD4 has now been broken; it should only be used where necessary for
57backward compatibility.
58MD5 has not yet (1999-02-11) been broken, but sufficient attacks have been
59made that its security is in some doubt.
60The attacks on both MD4 and MD5
61are both in the nature of finding
62.Dq collisions
63\[en]
64that is, multiple
65inputs which hash to the same value; it is still unlikely for an attacker
66to be able to determine the exact original input given a hash value.
67.Pp
68The
69.Fn MDXInit ,
70.Fn MDXUpdate ,
71and
72.Fn MDXFinal
73functions are the core functions.
74Allocate an
75.Vt MDX_CTX ,
76initialize it with
77.Fn MDXInit ,
78run over the data with
79.Fn MDXUpdate ,
80and finally extract the result using
81.Fn MDXFinal ,
82which will also erase the
83.Vt MDX_CTX .
84.Pp
85The
86.Fn MDXPad
87function can be used to pad message data in same way
88as done by
89.Fn MDXFinal
90without terminating calculation.
91.Pp
92The
93.Fn MDXEnd
94function is a wrapper for
95.Fn MDXFinal
96which converts the return value to a 33-character
97(including the terminating '\e0')
98.Tn ASCII
99string which represents the 128 bits in hexadecimal.
100.Pp
101The
102.Fn MDXFile
103function calculates the digest of a file, and uses
104.Fn MDXEnd
105to return the result.
106If the file cannot be opened, a null pointer is returned.
107The
108.Fn MDXFileChunk
109function is similar to
110.Fn MDXFile ,
111but it only calculates the digest over a byte-range of the file specified,
112starting at
113.Fa offset
114and spanning
115.Fa length
116bytes.
117If the
118.Fa length
119parameter is specified as 0, or more than the length of the remaining part
120of the file,
121.Fn MDXFileChunk
122calculates the digest from
123.Fa offset
124to the end of file.
125The
126.Fn MDXData
127function calculates the digest of a chunk of data in memory, and uses
128.Fn MDXEnd
129to return the result.
130.Pp
131When using
132.Fn MDXEnd ,
133.Fn MDXFile ,
134or
135.Fn MDXData ,
136the
137.Fa buf
138argument can be a null pointer, in which case the returned string
139is allocated with
140.Xr malloc 3
141and subsequently must be explicitly deallocated using
142.Xr free 3
143after use.
144If the
145.Fa buf
146argument is non-null it must point to at least 33 characters of buffer space.
147.Sh ERRORS
148The
149.Fn MDXEnd
150function called with a null buf argument may fail and return NULL if:
151.Bl -tag -width Er
152.It Bq Er ENOMEM
153Insufficient storage space is available.
154.El
155.Pp
156The
157.Fn MDXFile
158and
159.Fn MDXFileChunk
160may return NULL when underlying
161.Xr open 2 ,
162.Xr fstat 2 ,
163.Xr lseek 2 ,
164or
165.Xr MDXEnd 2
166fail.
167.Sh SEE ALSO
168.Xr md4 3 ,
169.Xr md5 3 ,
170.Xr ripemd 3 ,
171.Xr sha 3 ,
172.Xr sha256 3 ,
173.Xr sha512 3 ,
174.Xr skein 3
175.Rs
176.%A R. Rivest
177.%T The MD4 Message-Digest Algorithm
178.%O RFC 1186
179.Re
180.Rs
181.%A R. Rivest
182.%T The MD5 Message-Digest Algorithm
183.%O RFC 1321
184.Re
185.Rs
186.%A H. Dobbertin
187.%T Alf Swindles Ann
188.%J CryptoBytes
189.%N 1(3):5
190.%D 1995
191.Re
192.Rs
193.%A MJ. B. Robshaw
194.%T On Recent Results for MD2, MD4 and MD5
195.%J RSA Laboratories Bulletin
196.%N 4
197.%D November 12, 1996
198.Re
199.Sh HISTORY
200These functions appeared in
201.Fx 2.0 .
202.Sh AUTHORS
203The original MDX routines were developed by
204.Tn RSA
205Data Security, Inc., and published in the above references.
206This code is derived directly from these implementations by
207.An Poul-Henning Kamp Aq Mt phk@FreeBSD.org .
208.Pp
209Phk ristede runen.
210.Sh BUGS
211The
212.Tn MD5
213algorithm has been proven to be vulnerable to practical collision
214attacks and should not be relied upon to produce unique outputs,
215.Em nor should they be used as part of a cryptographic signature scheme.
216