2
Copyright (C) 1990-2, RSA Data Security, Inc. All rights reserved.
4
License to copy and use this software is granted provided that it
5
is identified as the "RSA Data Security, Inc. MD4 Message-Digest
6
Algorithm" in all material mentioning or referencing this software
9
License is also granted to make and use derivative works provided
10
that such works are identified as "derived from the RSA Data
11
Security, Inc. MD4 Message-Digest Algorithm" in all material
12
mentioning or referencing the derived work.
14
RSA Data Security, Inc. makes no representations concerning either
15
the merchantability of this software or the suitability of this
16
software for any particular purpose. It is provided "as is"
17
without express or implied warranty of any kind.
19
These notices must be retained in any copies of any part of this
20
documentation and/or software.
25
/* NSS crypto library does not provide the MD4 hash algorithm, so that we have
26
* a local implementation of it */
32
typedef unsigned int UINT4;
34
typedef struct MD4Context {
35
UINT4 state[4]; /* state (ABCD) */
36
UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */
37
unsigned char buffer[64]; /* input buffer */
40
/* Constants for MD4Transform routine.
55
static void MD4Transform(UINT4 [4], const unsigned char [64]);
56
static void Encode(unsigned char *, UINT4 *, unsigned int);
57
static void Decode(UINT4 *, const unsigned char *, unsigned int);
59
static unsigned char PADDING[64] = {
60
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
61
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
62
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
65
/* F, G and H are basic MD4 functions.
67
#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
68
#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
69
#define H(x, y, z) ((x) ^ (y) ^ (z))
71
/* ROTATE_LEFT rotates x left n bits.
73
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
75
/* FF, GG and HH are transformations for rounds 1, 2 and 3 */
76
/* Rotation is separate from addition to prevent recomputation */
77
#define FF(a, b, c, d, x, s) { \
78
(a) += F ((b), (c), (d)) + (x); \
79
(a) = ROTATE_LEFT ((a), (s)); \
81
#define GG(a, b, c, d, x, s) { \
82
(a) += G ((b), (c), (d)) + (x) + (UINT4)0x5a827999; \
83
(a) = ROTATE_LEFT ((a), (s)); \
85
#define HH(a, b, c, d, x, s) { \
86
(a) += H ((b), (c), (d)) + (x) + (UINT4)0x6ed9eba1; \
87
(a) = ROTATE_LEFT ((a), (s)); \
90
/* MD4 initialization. Begins an MD4 operation, writing a new context.
92
static void MD4Init(MD4_CTX *context)
94
context->count[0] = context->count[1] = 0;
96
/* Load magic initialization constants.
98
context->state[0] = 0x67452301;
99
context->state[1] = 0xefcdab89;
100
context->state[2] = 0x98badcfe;
101
context->state[3] = 0x10325476;
104
/* MD4 block update operation. Continues an MD4 message-digest
105
operation, processing another message block, and updating the
108
static void MD4Update(MD4_CTX *context, const unsigned char *input,
109
unsigned int inputLen)
111
unsigned int i, bufindex, partLen;
113
/* Compute number of bytes mod 64 */
114
bufindex = (unsigned int)((context->count[0] >> 3) & 0x3F);
115
/* Update number of bits */
116
if ((context->count[0] += ((UINT4)inputLen << 3))
117
< ((UINT4)inputLen << 3))
119
context->count[1] += ((UINT4)inputLen >> 29);
121
partLen = 64 - bufindex;
122
/* Transform as many times as possible.
124
if (inputLen >= partLen) {
125
memcpy(&context->buffer[bufindex], input, partLen);
126
MD4Transform (context->state, context->buffer);
128
for (i = partLen; i + 63 < inputLen; i += 64)
129
MD4Transform (context->state, &input[i]);
136
/* Buffer remaining input */
137
memcpy(&context->buffer[bufindex], &input[i], inputLen-i);
141
static void MD4Pad(MD4_CTX *context)
143
unsigned char bits[8];
144
unsigned int bufindex, padLen;
146
/* Save number of bits */
147
Encode (bits, context->count, 8);
149
/* Pad out to 56 mod 64.
151
bufindex = (unsigned int)((context->count[0] >> 3) & 0x3f);
152
padLen = (bufindex < 56) ? (56 - bufindex) : (120 - bufindex);
153
MD4Update (context, PADDING, padLen);
155
/* Append length (before padding) */
156
MD4Update (context, bits, 8);
159
/* MD4 finalization. Ends an MD4 message-digest operation, writing the
160
the message digest and zeroizing the context.
162
static void MD4Final (unsigned char digest[16], MD4_CTX *context)
167
/* Store state in digest */
168
Encode (digest, context->state, 16);
170
/* Zeroize sensitive information.
172
memset(context, 0, sizeof(*context));
175
/* MD4 basic transformation. Transforms state based on block.
177
static void MD4Transform (UINT4 state[4], const unsigned char block[64])
179
UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
181
Decode (x, block, 64);
184
FF (a, b, c, d, x[ 0], S11); /* 1 */
185
FF (d, a, b, c, x[ 1], S12); /* 2 */
186
FF (c, d, a, b, x[ 2], S13); /* 3 */
187
FF (b, c, d, a, x[ 3], S14); /* 4 */
188
FF (a, b, c, d, x[ 4], S11); /* 5 */
189
FF (d, a, b, c, x[ 5], S12); /* 6 */
190
FF (c, d, a, b, x[ 6], S13); /* 7 */
191
FF (b, c, d, a, x[ 7], S14); /* 8 */
192
FF (a, b, c, d, x[ 8], S11); /* 9 */
193
FF (d, a, b, c, x[ 9], S12); /* 10 */
194
FF (c, d, a, b, x[10], S13); /* 11 */
195
FF (b, c, d, a, x[11], S14); /* 12 */
196
FF (a, b, c, d, x[12], S11); /* 13 */
197
FF (d, a, b, c, x[13], S12); /* 14 */
198
FF (c, d, a, b, x[14], S13); /* 15 */
199
FF (b, c, d, a, x[15], S14); /* 16 */
202
GG (a, b, c, d, x[ 0], S21); /* 17 */
203
GG (d, a, b, c, x[ 4], S22); /* 18 */
204
GG (c, d, a, b, x[ 8], S23); /* 19 */
205
GG (b, c, d, a, x[12], S24); /* 20 */
206
GG (a, b, c, d, x[ 1], S21); /* 21 */
207
GG (d, a, b, c, x[ 5], S22); /* 22 */
208
GG (c, d, a, b, x[ 9], S23); /* 23 */
209
GG (b, c, d, a, x[13], S24); /* 24 */
210
GG (a, b, c, d, x[ 2], S21); /* 25 */
211
GG (d, a, b, c, x[ 6], S22); /* 26 */
212
GG (c, d, a, b, x[10], S23); /* 27 */
213
GG (b, c, d, a, x[14], S24); /* 28 */
214
GG (a, b, c, d, x[ 3], S21); /* 29 */
215
GG (d, a, b, c, x[ 7], S22); /* 30 */
216
GG (c, d, a, b, x[11], S23); /* 31 */
217
GG (b, c, d, a, x[15], S24); /* 32 */
220
HH (a, b, c, d, x[ 0], S31); /* 33 */
221
HH (d, a, b, c, x[ 8], S32); /* 34 */
222
HH (c, d, a, b, x[ 4], S33); /* 35 */
223
HH (b, c, d, a, x[12], S34); /* 36 */
224
HH (a, b, c, d, x[ 2], S31); /* 37 */
225
HH (d, a, b, c, x[10], S32); /* 38 */
226
HH (c, d, a, b, x[ 6], S33); /* 39 */
227
HH (b, c, d, a, x[14], S34); /* 40 */
228
HH (a, b, c, d, x[ 1], S31); /* 41 */
229
HH (d, a, b, c, x[ 9], S32); /* 42 */
230
HH (c, d, a, b, x[ 5], S33); /* 43 */
231
HH (b, c, d, a, x[13], S34); /* 44 */
232
HH (a, b, c, d, x[ 3], S31); /* 45 */
233
HH (d, a, b, c, x[11], S32); /* 46 */
234
HH (c, d, a, b, x[ 7], S33); /* 47 */
235
HH (b, c, d, a, x[15], S34); /* 48 */
242
/* Zeroize sensitive information.
244
memset(x, 0, sizeof(x));
247
/* Encodes input (UINT4) into output (unsigned char). Assumes len is
250
static void Encode(unsigned char *output, UINT4 *input, unsigned int len)
254
for (i = 0, j = 0; j < len; i++, j += 4) {
255
output[j] = (unsigned char)(input[i] & 0xff);
256
output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
257
output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
258
output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
262
/* Decodes input (unsigned char) into output (UINT4). Assumes len is
265
static void Decode (UINT4 *output, const unsigned char *input, unsigned int len)
269
for (i = 0, j = 0; j < len; i++, j += 4)
270
output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
271
(((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
274
void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len)
278
MD4Update(&ctx, input, (unsigned int)len);
279
MD4Final(output, &ctx);