md4c.c revision 50476 
1/* MD4C.C - RSA Data Security, Inc., MD4 message-digest algorithm
2 * $FreeBSD: head/lib/libmd/md4c.c 50476 1999-08-28 00:22:10Z peter $
3 */
4
5/* Copyright (C) 1990-2, RSA Data Security, Inc. All rights reserved.
6
7   License to copy and use this software is granted provided that it
8   is identified as the "RSA Data Security, Inc. MD4 Message-Digest
9   Algorithm" in all material mentioning or referencing this software
10   or this function.
11
12   License is also granted to make and use derivative works provided
13   that such works are identified as "derived from the RSA Data
14   Security, Inc. MD4 Message-Digest Algorithm" in all material
15   mentioning or referencing the derived work.
16
17   RSA Data Security, Inc. makes no representations concerning either
18   the merchantability of this software or the suitability of this
19   software for any particular purpose. It is provided "as is"
20   without express or implied warranty of any kind.
21
22   These notices must be retained in any copies of any part of this
23   documentation and/or software.
24 */
25
26#include <sys/types.h>
27#include <string.h>
28#include "md4.h"
29
30typedef unsigned char *POINTER;
31typedef u_int16_t UINT2;
32typedef u_int32_t UINT4;
33
34#define PROTO_LIST(list) list
35
36/* Constants for MD4Transform routine.
37 */
38#define S11 3
39#define S12 7
40#define S13 11
41#define S14 19
42#define S21 3
43#define S22 5
44#define S23 9
45#define S24 13
46#define S31 3
47#define S32 9
48#define S33 11
49#define S34 15
50
51static void MD4Transform PROTO_LIST ((UINT4 [4], const unsigned char [64]));
52static void Encode PROTO_LIST
53  ((unsigned char *, UINT4 *, unsigned int));
54static void Decode PROTO_LIST
55  ((UINT4 *, const unsigned char *, unsigned int));
56
57static unsigned char PADDING[64] = {
58  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
59  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
60  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
61};
62
63/* F, G and H are basic MD4 functions.
64 */
65#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
66#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
67#define H(x, y, z) ((x) ^ (y) ^ (z))
68
69/* ROTATE_LEFT rotates x left n bits.
70 */
71#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
72
73/* FF, GG and HH are transformations for rounds 1, 2 and 3 */
74/* Rotation is separate from addition to prevent recomputation */
75#define FF(a, b, c, d, x, s) { \
76    (a) += F ((b), (c), (d)) + (x); \
77    (a) = ROTATE_LEFT ((a), (s)); \
78  }
79#define GG(a, b, c, d, x, s) { \
80    (a) += G ((b), (c), (d)) + (x) + (UINT4)0x5a827999; \
81    (a) = ROTATE_LEFT ((a), (s)); \
82  }
83#define HH(a, b, c, d, x, s) { \
84    (a) += H ((b), (c), (d)) + (x) + (UINT4)0x6ed9eba1; \
85    (a) = ROTATE_LEFT ((a), (s)); \
86  }
87
88/* MD4 initialization. Begins an MD4 operation, writing a new context.
89 */
90void MD4Init (context)
91MD4_CTX *context;                                        /* context */
92{
93  context->count[0] = context->count[1] = 0;
94
95  /* Load magic initialization constants.
96   */
97  context->state[0] = 0x67452301;
98  context->state[1] = 0xefcdab89;
99  context->state[2] = 0x98badcfe;
100  context->state[3] = 0x10325476;
101}
102
103/* MD4 block update operation. Continues an MD4 message-digest
104     operation, processing another message block, and updating the
105     context.
106 */
107void MD4Update (context, input, inputLen)
108MD4_CTX *context;                                        /* context */
109const unsigned char *input;                                /* input block */
110unsigned int inputLen;                     /* length of input block */
111{
112  unsigned int i, index, partLen;
113
114  /* Compute number of bytes mod 64 */
115  index = (unsigned int)((context->count[0] >> 3) & 0x3F);
116  /* Update number of bits */
117  if ((context->count[0] += ((UINT4)inputLen << 3))
118      < ((UINT4)inputLen << 3))
119    context->count[1]++;
120  context->count[1] += ((UINT4)inputLen >> 29);
121
122  partLen = 64 - index;
123  /* Transform as many times as possible.
124   */
125  if (inputLen >= partLen) {
126    memcpy
127      ((POINTER)&context->buffer[index], (POINTER)input, partLen);
128    MD4Transform (context->state, context->buffer);
129
130    for (i = partLen; i + 63 < inputLen; i += 64)
131      MD4Transform (context->state, &input[i]);
132
133    index = 0;
134  }
135  else
136    i = 0;
137
138  /* Buffer remaining input */
139  memcpy
140    ((POINTER)&context->buffer[index], (POINTER)&input[i],
141     inputLen-i);
142}
143
144/* MD4 padding. */
145void MD4Pad (context)
146MD4_CTX *context;                                        /* context */
147{
148  unsigned char bits[8];
149  unsigned int index, padLen;
150
151  /* Save number of bits */
152  Encode (bits, context->count, 8);
153
154  /* Pad out to 56 mod 64.
155   */
156  index = (unsigned int)((context->count[0] >> 3) & 0x3f);
157  padLen = (index < 56) ? (56 - index) : (120 - index);
158  MD4Update (context, PADDING, padLen);
159
160  /* Append length (before padding) */
161  MD4Update (context, bits, 8);
162}
163
164/* MD4 finalization. Ends an MD4 message-digest operation, writing the
165     the message digest and zeroizing the context.
166 */
167void MD4Final (digest, context)
168unsigned char digest[16];                         /* message digest */
169MD4_CTX *context;                                        /* context */
170{
171  /* Do padding */
172  MD4Pad (context);
173
174  /* Store state in digest */
175  Encode (digest, context->state, 16);
176
177  /* Zeroize sensitive information.
178   */
179  memset ((POINTER)context, 0, sizeof (*context));
180}
181
182/* MD4 basic transformation. Transforms state based on block.
183 */
184static void MD4Transform (state, block)
185UINT4 state[4];
186const unsigned char block[64];
187{
188  UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
189
190  Decode (x, block, 64);
191
192  /* Round 1 */
193  FF (a, b, c, d, x[ 0], S11); /* 1 */
194  FF (d, a, b, c, x[ 1], S12); /* 2 */
195  FF (c, d, a, b, x[ 2], S13); /* 3 */
196  FF (b, c, d, a, x[ 3], S14); /* 4 */
197  FF (a, b, c, d, x[ 4], S11); /* 5 */
198  FF (d, a, b, c, x[ 5], S12); /* 6 */
199  FF (c, d, a, b, x[ 6], S13); /* 7 */
200  FF (b, c, d, a, x[ 7], S14); /* 8 */
201  FF (a, b, c, d, x[ 8], S11); /* 9 */
202  FF (d, a, b, c, x[ 9], S12); /* 10 */
203  FF (c, d, a, b, x[10], S13); /* 11 */
204  FF (b, c, d, a, x[11], S14); /* 12 */
205  FF (a, b, c, d, x[12], S11); /* 13 */
206  FF (d, a, b, c, x[13], S12); /* 14 */
207  FF (c, d, a, b, x[14], S13); /* 15 */
208  FF (b, c, d, a, x[15], S14); /* 16 */
209
210  /* Round 2 */
211  GG (a, b, c, d, x[ 0], S21); /* 17 */
212  GG (d, a, b, c, x[ 4], S22); /* 18 */
213  GG (c, d, a, b, x[ 8], S23); /* 19 */
214  GG (b, c, d, a, x[12], S24); /* 20 */
215  GG (a, b, c, d, x[ 1], S21); /* 21 */
216  GG (d, a, b, c, x[ 5], S22); /* 22 */
217  GG (c, d, a, b, x[ 9], S23); /* 23 */
218  GG (b, c, d, a, x[13], S24); /* 24 */
219  GG (a, b, c, d, x[ 2], S21); /* 25 */
220  GG (d, a, b, c, x[ 6], S22); /* 26 */
221  GG (c, d, a, b, x[10], S23); /* 27 */
222  GG (b, c, d, a, x[14], S24); /* 28 */
223  GG (a, b, c, d, x[ 3], S21); /* 29 */
224  GG (d, a, b, c, x[ 7], S22); /* 30 */
225  GG (c, d, a, b, x[11], S23); /* 31 */
226  GG (b, c, d, a, x[15], S24); /* 32 */
227
228  /* Round 3 */
229  HH (a, b, c, d, x[ 0], S31); /* 33 */
230  HH (d, a, b, c, x[ 8], S32); /* 34 */
231  HH (c, d, a, b, x[ 4], S33); /* 35 */
232  HH (b, c, d, a, x[12], S34); /* 36 */
233  HH (a, b, c, d, x[ 2], S31); /* 37 */
234  HH (d, a, b, c, x[10], S32); /* 38 */
235  HH (c, d, a, b, x[ 6], S33); /* 39 */
236  HH (b, c, d, a, x[14], S34); /* 40 */
237  HH (a, b, c, d, x[ 1], S31); /* 41 */
238  HH (d, a, b, c, x[ 9], S32); /* 42 */
239  HH (c, d, a, b, x[ 5], S33); /* 43 */
240  HH (b, c, d, a, x[13], S34); /* 44 */
241  HH (a, b, c, d, x[ 3], S31); /* 45 */
242  HH (d, a, b, c, x[11], S32); /* 46 */
243  HH (c, d, a, b, x[ 7], S33); /* 47 */
244  HH (b, c, d, a, x[15], S34); /* 48 */
245
246  state[0] += a;
247  state[1] += b;
248  state[2] += c;
249  state[3] += d;
250
251  /* Zeroize sensitive information.
252   */
253  memset ((POINTER)x, 0, sizeof (x));
254}
255
256/* Encodes input (UINT4) into output (unsigned char). Assumes len is
257     a multiple of 4.
258 */
259static void Encode (output, input, len)
260unsigned char *output;
261UINT4 *input;
262unsigned int len;
263{
264  unsigned int i, j;
265
266  for (i = 0, j = 0; j < len; i++, j += 4) {
267    output[j] = (unsigned char)(input[i] & 0xff);
268    output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
269    output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
270    output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
271  }
272}
273
274/* Decodes input (unsigned char) into output (UINT4). Assumes len is
275     a multiple of 4.
276 */
277static void Decode (output, input, len)
278
279UINT4 *output;
280const unsigned char *input;
281unsigned int len;
282{
283  unsigned int i, j;
284
285  for (i = 0, j = 0; j < len; i++, j += 4)
286    output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
287      (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
288}
289