md4c.c revision 314144 
11539Srgrimes/* MD4C.C - RSA Data Security, Inc., MD4 message-digest algorithm
21539Srgrimes */
31539Srgrimes
41539Srgrimes#include <sys/cdefs.h>
51539Srgrimes__FBSDID("$FreeBSD: stable/10/lib/libmd/md4c.c 314144 2017-02-23 16:07:45Z avg $");
61539Srgrimes
71539Srgrimes/* Copyright (C) 1990-2, RSA Data Security, Inc. All rights reserved.
81539Srgrimes
91539Srgrimes   License to copy and use this software is granted provided that it
101539Srgrimes   is identified as the "RSA Data Security, Inc. MD4 Message-Digest
111539Srgrimes   Algorithm" in all material mentioning or referencing this software
121539Srgrimes   or this function.
131539Srgrimes
141539Srgrimes   License is also granted to make and use derivative works provided
151539Srgrimes   that such works are identified as "derived from the RSA Data
161539Srgrimes   Security, Inc. MD4 Message-Digest Algorithm" in all material
171539Srgrimes   mentioning or referencing the derived work.
181539Srgrimes
191539Srgrimes   RSA Data Security, Inc. makes no representations concerning either
201539Srgrimes   the merchantability of this software or the suitability of this
211539Srgrimes   software for any particular purpose. It is provided "as is"
221539Srgrimes   without express or implied warranty of any kind.
231539Srgrimes
241539Srgrimes   These notices must be retained in any copies of any part of this
251539Srgrimes   documentation and/or software.
261539Srgrimes */
271539Srgrimes
281539Srgrimes#include <sys/types.h>
291539Srgrimes#include <string.h>
301539Srgrimes#include "md4.h"
311539Srgrimes
321539Srgrimestypedef unsigned char *POINTER;
331539Srgrimestypedef const unsigned char *CONST_POINTER;
3451794Smarceltypedef u_int16_t UINT2;
351539Srgrimestypedef u_int32_t UINT4;
361539Srgrimes
379343Sbde#define PROTO_LIST(list) list
389343Sbde
391539Srgrimes/* Constants for MD4Transform routine.
401539Srgrimes */
41102227Smike#define S11 3
421539Srgrimes#define S12 7
431539Srgrimes#define S13 11
44104582Smike#define S14 19
45105107Smike#define S21 3
46105107Smike#define S22 5
47105107Smike#define S23 9
48105107Smike#define S24 13
491539Srgrimes#define S31 3
501539Srgrimes#define S32 9
5147289Speter#define S33 11
521539Srgrimes#define S34 15
531539Srgrimes
54105013Smikestatic void MD4Transform PROTO_LIST ((UINT4 [4], const unsigned char [64]));
55104582Smikestatic void Encode PROTO_LIST
56104582Smike  ((unsigned char *, UINT4 *, unsigned int));
57104582Smikestatic void Decode PROTO_LIST
58104582Smike  ((UINT4 *, const unsigned char *, unsigned int));
59104582Smike
60104582Smikestatic unsigned char PADDING[64] = {
611539Srgrimes  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
6293032Simp  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
63104582Smike  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
64105013Smike};
65102227Smike
66104368Srobert/* F, G and H are basic MD4 functions.
67104368Srobert */
6893032Simp#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
6993032Simp#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
7093032Simp#define H(x, y, z) ((x) ^ (y) ^ (z))
7193032Simp
7293032Simp/* ROTATE_LEFT rotates x left n bits.
7393032Simp */
74104368Srobert#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
7593032Simp
76104989Smike/* FF, GG and HH are transformations for rounds 1, 2 and 3 */
77104582Smike/* Rotation is separate from addition to prevent recomputation */
7834319Sdufault#define FF(a, b, c, d, x, s) { \
79105013Smike    (a) += F ((b), (c), (d)) + (x); \
80151395Sdavidxu    (a) = ROTATE_LEFT ((a), (s)); \
81151318Sdavidxu  }
82105107Smike#define GG(a, b, c, d, x, s) { \
83104582Smike    (a) += G ((b), (c), (d)) + (x) + (UINT4)0x5a827999; \
84104368Srobert    (a) = ROTATE_LEFT ((a), (s)); \
85104582Smike  }
86104582Smike#define HH(a, b, c, d, x, s) { \
8734319Sdufault    (a) += H ((b), (c), (d)) + (x) + (UINT4)0x6ed9eba1; \
88105013Smike    (a) = ROTATE_LEFT ((a), (s)); \
89102227Smike  }
90104368Srobert
9193032Simp/* MD4 initialization. Begins an MD4 operation, writing a new context.
92104582Smike */
93104582Smikevoid MD4Init (context)
94105013SmikeMD4_CTX *context;                                        /* context */
95105013Smike{
96105013Smike  context->count[0] = context->count[1] = 0;
97105013Smike
98104582Smike  /* Load magic initialization constants.
99104582Smike   */
100105107Smike  context->state[0] = 0x67452301;
10193032Simp  context->state[1] = 0xefcdab89;
10293032Simp  context->state[2] = 0x98badcfe;
10393032Simp  context->state[3] = 0x10325476;
10493032Simp}
10593032Simp
106104582Smike/* MD4 block update operation. Continues an MD4 message-digest
1071539Srgrimes     operation, processing another message block, and updating the
1081539Srgrimes     context.
1099343Sbde */
110void MD4Update (context, in, inputLen)
111MD4_CTX *context;                                        /* context */
112const void *in;                                /* input block */
113unsigned int inputLen;                     /* length of input block */
114{
115  unsigned int i, idx, partLen;
116  const unsigned char *input = in;
117
118  /* Compute number of bytes mod 64 */
119  idx = (unsigned int)((context->count[0] >> 3) & 0x3F);
120  /* Update number of bits */
121  if ((context->count[0] += ((UINT4)inputLen << 3))
122      < ((UINT4)inputLen << 3))
123    context->count[1]++;
124  context->count[1] += ((UINT4)inputLen >> 29);
125
126  partLen = 64 - idx;
127  /* Transform as many times as possible.
128   */
129  if (inputLen >= partLen) {
130    memcpy
131      ((POINTER)&context->buffer[idx], (CONST_POINTER)input, partLen);
132    MD4Transform (context->state, context->buffer);
133
134    for (i = partLen; i + 63 < inputLen; i += 64)
135      MD4Transform (context->state, &input[i]);
136
137    idx = 0;
138  }
139  else
140    i = 0;
141
142  /* Buffer remaining input */
143  memcpy
144    ((POINTER)&context->buffer[idx], (CONST_POINTER)&input[i],
145     inputLen-i);
146}
147
148/* MD4 padding. */
149void MD4Pad (context)
150MD4_CTX *context;                                        /* context */
151{
152  unsigned char bits[8];
153  unsigned int idx, padLen;
154
155  /* Save number of bits */
156  Encode (bits, context->count, 8);
157
158  /* Pad out to 56 mod 64.
159   */
160  idx = (unsigned int)((context->count[0] >> 3) & 0x3f);
161  padLen = (idx < 56) ? (56 - idx) : (120 - idx);
162  MD4Update (context, PADDING, padLen);
163
164  /* Append length (before padding) */
165  MD4Update (context, bits, 8);
166}
167
168/* MD4 finalization. Ends an MD4 message-digest operation, writing the
169     the message digest and zeroizing the context.
170 */
171void MD4Final (digest, context)
172unsigned char digest[16];                         /* message digest */
173MD4_CTX *context;                                        /* context */
174{
175  /* Do padding */
176  MD4Pad (context);
177
178  /* Store state in digest */
179  Encode (digest, context->state, 16);
180
181  /* Zeroize sensitive information.
182   */
183  memset ((POINTER)context, 0, sizeof (*context));
184}
185
186/* MD4 basic transformation. Transforms state based on block.
187 */
188static void MD4Transform (state, block)
189UINT4 state[4];
190const unsigned char block[64];
191{
192  UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
193
194  Decode (x, block, 64);
195
196  /* Round 1 */
197  FF (a, b, c, d, x[ 0], S11); /* 1 */
198  FF (d, a, b, c, x[ 1], S12); /* 2 */
199  FF (c, d, a, b, x[ 2], S13); /* 3 */
200  FF (b, c, d, a, x[ 3], S14); /* 4 */
201  FF (a, b, c, d, x[ 4], S11); /* 5 */
202  FF (d, a, b, c, x[ 5], S12); /* 6 */
203  FF (c, d, a, b, x[ 6], S13); /* 7 */
204  FF (b, c, d, a, x[ 7], S14); /* 8 */
205  FF (a, b, c, d, x[ 8], S11); /* 9 */
206  FF (d, a, b, c, x[ 9], S12); /* 10 */
207  FF (c, d, a, b, x[10], S13); /* 11 */
208  FF (b, c, d, a, x[11], S14); /* 12 */
209  FF (a, b, c, d, x[12], S11); /* 13 */
210  FF (d, a, b, c, x[13], S12); /* 14 */
211  FF (c, d, a, b, x[14], S13); /* 15 */
212  FF (b, c, d, a, x[15], S14); /* 16 */
213
214  /* Round 2 */
215  GG (a, b, c, d, x[ 0], S21); /* 17 */
216  GG (d, a, b, c, x[ 4], S22); /* 18 */
217  GG (c, d, a, b, x[ 8], S23); /* 19 */
218  GG (b, c, d, a, x[12], S24); /* 20 */
219  GG (a, b, c, d, x[ 1], S21); /* 21 */
220  GG (d, a, b, c, x[ 5], S22); /* 22 */
221  GG (c, d, a, b, x[ 9], S23); /* 23 */
222  GG (b, c, d, a, x[13], S24); /* 24 */
223  GG (a, b, c, d, x[ 2], S21); /* 25 */
224  GG (d, a, b, c, x[ 6], S22); /* 26 */
225  GG (c, d, a, b, x[10], S23); /* 27 */
226  GG (b, c, d, a, x[14], S24); /* 28 */
227  GG (a, b, c, d, x[ 3], S21); /* 29 */
228  GG (d, a, b, c, x[ 7], S22); /* 30 */
229  GG (c, d, a, b, x[11], S23); /* 31 */
230  GG (b, c, d, a, x[15], S24); /* 32 */
231
232  /* Round 3 */
233  HH (a, b, c, d, x[ 0], S31); /* 33 */
234  HH (d, a, b, c, x[ 8], S32); /* 34 */
235  HH (c, d, a, b, x[ 4], S33); /* 35 */
236  HH (b, c, d, a, x[12], S34); /* 36 */
237  HH (a, b, c, d, x[ 2], S31); /* 37 */
238  HH (d, a, b, c, x[10], S32); /* 38 */
239  HH (c, d, a, b, x[ 6], S33); /* 39 */
240  HH (b, c, d, a, x[14], S34); /* 40 */
241  HH (a, b, c, d, x[ 1], S31); /* 41 */
242  HH (d, a, b, c, x[ 9], S32); /* 42 */
243  HH (c, d, a, b, x[ 5], S33); /* 43 */
244  HH (b, c, d, a, x[13], S34); /* 44 */
245  HH (a, b, c, d, x[ 3], S31); /* 45 */
246  HH (d, a, b, c, x[11], S32); /* 46 */
247  HH (c, d, a, b, x[ 7], S33); /* 47 */
248  HH (b, c, d, a, x[15], S34); /* 48 */
249
250  state[0] += a;
251  state[1] += b;
252  state[2] += c;
253  state[3] += d;
254
255  /* Zeroize sensitive information.
256   */
257  memset ((POINTER)x, 0, sizeof (x));
258}
259
260/* Encodes input (UINT4) into output (unsigned char). Assumes len is
261     a multiple of 4.
262 */
263static void Encode (output, input, len)
264unsigned char *output;
265UINT4 *input;
266unsigned int len;
267{
268  unsigned int i, j;
269
270  for (i = 0, j = 0; j < len; i++, j += 4) {
271    output[j] = (unsigned char)(input[i] & 0xff);
272    output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
273    output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
274    output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
275  }
276}
277
278/* Decodes input (unsigned char) into output (UINT4). Assumes len is
279     a multiple of 4.
280 */
281static void Decode (output, input, len)
282
283UINT4 *output;
284const unsigned char *input;
285unsigned int len;
286{
287  unsigned int i, j;
288
289  for (i = 0, j = 0; j < len; i++, j += 4)
290    output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
291      (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
292}
293
294#undef MD4Init
295__weak_reference(_libmd_MD4Init, MD4Init);
296#undef MD4Update
297__weak_reference(_libmd_MD4Update, MD4Update);
298#undef MD4Pad
299__weak_reference(_libmd_MD4Pad, MD4Pad);
300#undef MD4Final
301__weak_reference(_libmd_MD4Final, MD4Final);
302