md4c.c revision 84211 
1/* MD4C.C - RSA Data Security, Inc., MD4 message-digest algorithm
2 */
3
4#include <sys/cdefs.h>
5__FBSDID("$FreeBSD: head/lib/libmd/md4c.c 84211 2001-09-30 21:56:22Z dillon $");
6
7/* Copyright (C) 1990-2, RSA Data Security, Inc. All rights reserved.
8
9   License to copy and use this software is granted provided that it
10   is identified as the "RSA Data Security, Inc. MD4 Message-Digest
11   Algorithm" in all material mentioning or referencing this software
12   or this function.
13
14   License is also granted to make and use derivative works provided
15   that such works are identified as "derived from the RSA Data
16   Security, Inc. MD4 Message-Digest Algorithm" in all material
17   mentioning or referencing the derived work.
18
19   RSA Data Security, Inc. makes no representations concerning either
20   the merchantability of this software or the suitability of this
21   software for any particular purpose. It is provided "as is"
22   without express or implied warranty of any kind.
23
24   These notices must be retained in any copies of any part of this
25   documentation and/or software.
26 */
27
28#include <sys/types.h>
29#include <string.h>
30#include "md4.h"
31
32typedef unsigned char *POINTER;
33typedef u_int16_t UINT2;
34typedef u_int32_t UINT4;
35
36#define PROTO_LIST(list) list
37
38/* Constants for MD4Transform routine.
39 */
40#define S11 3
41#define S12 7
42#define S13 11
43#define S14 19
44#define S21 3
45#define S22 5
46#define S23 9
47#define S24 13
48#define S31 3
49#define S32 9
50#define S33 11
51#define S34 15
52
53static void MD4Transform PROTO_LIST ((UINT4 [4], const unsigned char [64]));
54static void Encode PROTO_LIST
55  ((unsigned char *, UINT4 *, unsigned int));
56static void Decode PROTO_LIST
57  ((UINT4 *, const unsigned char *, unsigned int));
58
59static unsigned char PADDING[64] = {
60  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
61  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
62  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
63};
64
65/* F, G and H are basic MD4 functions.
66 */
67#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
68#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
69#define H(x, y, z) ((x) ^ (y) ^ (z))
70
71/* ROTATE_LEFT rotates x left n bits.
72 */
73#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
74
75/* FF, GG and HH are transformations for rounds 1, 2 and 3 */
76/* Rotation is separate from addition to prevent recomputation */
77#define FF(a, b, c, d, x, s) { \
78    (a) += F ((b), (c), (d)) + (x); \
79    (a) = ROTATE_LEFT ((a), (s)); \
80  }
81#define GG(a, b, c, d, x, s) { \
82    (a) += G ((b), (c), (d)) + (x) + (UINT4)0x5a827999; \
83    (a) = ROTATE_LEFT ((a), (s)); \
84  }
85#define HH(a, b, c, d, x, s) { \
86    (a) += H ((b), (c), (d)) + (x) + (UINT4)0x6ed9eba1; \
87    (a) = ROTATE_LEFT ((a), (s)); \
88  }
89
90/* MD4 initialization. Begins an MD4 operation, writing a new context.
91 */
92void MD4Init (context)
93MD4_CTX *context;                                        /* context */
94{
95  context->count[0] = context->count[1] = 0;
96
97  /* Load magic initialization constants.
98   */
99  context->state[0] = 0x67452301;
100  context->state[1] = 0xefcdab89;
101  context->state[2] = 0x98badcfe;
102  context->state[3] = 0x10325476;
103}
104
105/* MD4 block update operation. Continues an MD4 message-digest
106     operation, processing another message block, and updating the
107     context.
108 */
109void MD4Update (context, input, inputLen)
110MD4_CTX *context;                                        /* context */
111const unsigned char *input;                                /* input block */
112unsigned int inputLen;                     /* length of input block */
113{
114  unsigned int i, index, partLen;
115
116  /* Compute number of bytes mod 64 */
117  index = (unsigned int)((context->count[0] >> 3) & 0x3F);
118  /* Update number of bits */
119  if ((context->count[0] += ((UINT4)inputLen << 3))
120      < ((UINT4)inputLen << 3))
121    context->count[1]++;
122  context->count[1] += ((UINT4)inputLen >> 29);
123
124  partLen = 64 - index;
125  /* Transform as many times as possible.
126   */
127  if (inputLen >= partLen) {
128    memcpy
129      ((POINTER)&context->buffer[index], (POINTER)input, partLen);
130    MD4Transform (context->state, context->buffer);
131
132    for (i = partLen; i + 63 < inputLen; i += 64)
133      MD4Transform (context->state, &input[i]);
134
135    index = 0;
136  }
137  else
138    i = 0;
139
140  /* Buffer remaining input */
141  memcpy
142    ((POINTER)&context->buffer[index], (POINTER)&input[i],
143     inputLen-i);
144}
145
146/* MD4 padding. */
147void MD4Pad (context)
148MD4_CTX *context;                                        /* context */
149{
150  unsigned char bits[8];
151  unsigned int index, padLen;
152
153  /* Save number of bits */
154  Encode (bits, context->count, 8);
155
156  /* Pad out to 56 mod 64.
157   */
158  index = (unsigned int)((context->count[0] >> 3) & 0x3f);
159  padLen = (index < 56) ? (56 - index) : (120 - index);
160  MD4Update (context, PADDING, padLen);
161
162  /* Append length (before padding) */
163  MD4Update (context, bits, 8);
164}
165
166/* MD4 finalization. Ends an MD4 message-digest operation, writing the
167     the message digest and zeroizing the context.
168 */
169void MD4Final (digest, context)
170unsigned char digest[16];                         /* message digest */
171MD4_CTX *context;                                        /* context */
172{
173  /* Do padding */
174  MD4Pad (context);
175
176  /* Store state in digest */
177  Encode (digest, context->state, 16);
178
179  /* Zeroize sensitive information.
180   */
181  memset ((POINTER)context, 0, sizeof (*context));
182}
183
184/* MD4 basic transformation. Transforms state based on block.
185 */
186static void MD4Transform (state, block)
187UINT4 state[4];
188const unsigned char block[64];
189{
190  UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
191
192  Decode (x, block, 64);
193
194  /* Round 1 */
195  FF (a, b, c, d, x[ 0], S11); /* 1 */
196  FF (d, a, b, c, x[ 1], S12); /* 2 */
197  FF (c, d, a, b, x[ 2], S13); /* 3 */
198  FF (b, c, d, a, x[ 3], S14); /* 4 */
199  FF (a, b, c, d, x[ 4], S11); /* 5 */
200  FF (d, a, b, c, x[ 5], S12); /* 6 */
201  FF (c, d, a, b, x[ 6], S13); /* 7 */
202  FF (b, c, d, a, x[ 7], S14); /* 8 */
203  FF (a, b, c, d, x[ 8], S11); /* 9 */
204  FF (d, a, b, c, x[ 9], S12); /* 10 */
205  FF (c, d, a, b, x[10], S13); /* 11 */
206  FF (b, c, d, a, x[11], S14); /* 12 */
207  FF (a, b, c, d, x[12], S11); /* 13 */
208  FF (d, a, b, c, x[13], S12); /* 14 */
209  FF (c, d, a, b, x[14], S13); /* 15 */
210  FF (b, c, d, a, x[15], S14); /* 16 */
211
212  /* Round 2 */
213  GG (a, b, c, d, x[ 0], S21); /* 17 */
214  GG (d, a, b, c, x[ 4], S22); /* 18 */
215  GG (c, d, a, b, x[ 8], S23); /* 19 */
216  GG (b, c, d, a, x[12], S24); /* 20 */
217  GG (a, b, c, d, x[ 1], S21); /* 21 */
218  GG (d, a, b, c, x[ 5], S22); /* 22 */
219  GG (c, d, a, b, x[ 9], S23); /* 23 */
220  GG (b, c, d, a, x[13], S24); /* 24 */
221  GG (a, b, c, d, x[ 2], S21); /* 25 */
222  GG (d, a, b, c, x[ 6], S22); /* 26 */
223  GG (c, d, a, b, x[10], S23); /* 27 */
224  GG (b, c, d, a, x[14], S24); /* 28 */
225  GG (a, b, c, d, x[ 3], S21); /* 29 */
226  GG (d, a, b, c, x[ 7], S22); /* 30 */
227  GG (c, d, a, b, x[11], S23); /* 31 */
228  GG (b, c, d, a, x[15], S24); /* 32 */
229
230  /* Round 3 */
231  HH (a, b, c, d, x[ 0], S31); /* 33 */
232  HH (d, a, b, c, x[ 8], S32); /* 34 */
233  HH (c, d, a, b, x[ 4], S33); /* 35 */
234  HH (b, c, d, a, x[12], S34); /* 36 */
235  HH (a, b, c, d, x[ 2], S31); /* 37 */
236  HH (d, a, b, c, x[10], S32); /* 38 */
237  HH (c, d, a, b, x[ 6], S33); /* 39 */
238  HH (b, c, d, a, x[14], S34); /* 40 */
239  HH (a, b, c, d, x[ 1], S31); /* 41 */
240  HH (d, a, b, c, x[ 9], S32); /* 42 */
241  HH (c, d, a, b, x[ 5], S33); /* 43 */
242  HH (b, c, d, a, x[13], S34); /* 44 */
243  HH (a, b, c, d, x[ 3], S31); /* 45 */
244  HH (d, a, b, c, x[11], S32); /* 46 */
245  HH (c, d, a, b, x[ 7], S33); /* 47 */
246  HH (b, c, d, a, x[15], S34); /* 48 */
247
248  state[0] += a;
249  state[1] += b;
250  state[2] += c;
251  state[3] += d;
252
253  /* Zeroize sensitive information.
254   */
255  memset ((POINTER)x, 0, sizeof (x));
256}
257
258/* Encodes input (UINT4) into output (unsigned char). Assumes len is
259     a multiple of 4.
260 */
261static void Encode (output, input, len)
262unsigned char *output;
263UINT4 *input;
264unsigned int len;
265{
266  unsigned int i, j;
267
268  for (i = 0, j = 0; j < len; i++, j += 4) {
269    output[j] = (unsigned char)(input[i] & 0xff);
270    output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
271    output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
272    output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
273  }
274}
275
276/* Decodes input (unsigned char) into output (UINT4). Assumes len is
277     a multiple of 4.
278 */
279static void Decode (output, input, len)
280
281UINT4 *output;
282const unsigned char *input;
283unsigned int len;
284{
285  unsigned int i, j;
286
287  for (i = 0, j = 0; j < len; i++, j += 4)
288    output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
289      (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
290}
291