md4.c 8.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281
  1. /*
  2. * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc.
  3. * MD4 Message-Digest Algorithm (RFC 1320).
  4. *
  5. * Homepage:
  6. * http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4
  7. *
  8. * Author:
  9. * Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
  10. *
  11. * This software was written by Alexander Peslyak in 2001. No copyright is
  12. * claimed, and the software is hereby placed in the public domain.
  13. * In case this attempt to disclaim copyright and place the software in the
  14. * public domain is deemed null and void, then the software is
  15. * Copyright (c) 2001 Alexander Peslyak and it is hereby released to the
  16. * general public under the following terms:
  17. *
  18. * Redistribution and use in source and binary forms, with or without
  19. * modification, are permitted.
  20. *
  21. * There's ABSOLUTELY NO WARRANTY, express or implied.
  22. *
  23. * (This is a heavily cut-down "BSD license".)
  24. *
  25. * This differs from Colin Plumb's older public domain implementation in that
  26. * no exactly 32-bit integer data type is required (any 32-bit or wider
  27. * unsigned integer data type will do), there's no compile-time endianness
  28. * configuration, and the function prototypes match OpenSSL's. No code from
  29. * Colin Plumb's implementation has been reused; this comment merely compares
  30. * the properties of the two independent implementations.
  31. *
  32. * The primary goals of this implementation are portability and ease of use.
  33. * It is meant to be fast, but not as fast as possible. Some known
  34. * optimizations are not included to reduce source code size and avoid
  35. * compile-time configuration.
  36. */
  37. #ifndef HAVE_OPENSSL
  38. #include <string.h>
  39. #include "md4.h"
  40. /*
  41. * The basic MD4 functions.
  42. *
  43. * F and G are optimized compared to their RFC 1320 definitions, with the
  44. * optimization for F borrowed from Colin Plumb's MD5 implementation.
  45. */
  46. #define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
  47. #define G(x, y, z) (((x) & ((y) | (z))) | ((y) & (z)))
  48. #define H(x, y, z) ((x) ^ (y) ^ (z))
  49. /*
  50. * The MD4 transformation for all three rounds.
  51. */
  52. #define STEP(f, a, b, c, d, x, s) \
  53. (a) += f((b), (c), (d)) + (x); \
  54. (a) = (((a) << (s)) | (((a) & 0xffffffff) >> (32 - (s))));
  55. /*
  56. * SET reads 4 input bytes in little-endian byte order and stores them
  57. * in a properly aligned word in host byte order.
  58. *
  59. * The check for little-endian architectures that tolerate unaligned
  60. * memory accesses is just an optimization. Nothing will break if it
  61. * doesn't work.
  62. */
  63. #if defined(__i386__) || defined(__x86_64__) || defined(__vax__)
  64. #define SET(n) \
  65. (*(MD4_u32plus *)&ptr[(n) * 4])
  66. #define GET(n) \
  67. SET(n)
  68. #else
  69. #define SET(n) \
  70. (ctx->block[(n)] = \
  71. (MD4_u32plus)ptr[(n) * 4] | \
  72. ((MD4_u32plus)ptr[(n) * 4 + 1] << 8) | \
  73. ((MD4_u32plus)ptr[(n) * 4 + 2] << 16) | \
  74. ((MD4_u32plus)ptr[(n) * 4 + 3] << 24))
  75. #define GET(n) \
  76. (ctx->block[(n)])
  77. #endif
  78. /*
  79. * This processes one or more 64-byte data blocks, but does NOT update
  80. * the bit counters. There are no alignment requirements.
  81. */
  82. static const void *body(MD4_CTX *ctx, const void *data, unsigned long size)
  83. {
  84. const unsigned char *ptr;
  85. MD4_u32plus a, b, c, d;
  86. MD4_u32plus saved_a, saved_b, saved_c, saved_d;
  87. ptr = (const unsigned char *)data;
  88. a = ctx->a;
  89. b = ctx->b;
  90. c = ctx->c;
  91. d = ctx->d;
  92. do
  93. {
  94. saved_a = a;
  95. saved_b = b;
  96. saved_c = c;
  97. saved_d = d;
  98. /* Round 1 */
  99. STEP(F, a, b, c, d, SET(0), 3)
  100. STEP(F, d, a, b, c, SET(1), 7)
  101. STEP(F, c, d, a, b, SET(2), 11)
  102. STEP(F, b, c, d, a, SET(3), 19)
  103. STEP(F, a, b, c, d, SET(4), 3)
  104. STEP(F, d, a, b, c, SET(5), 7)
  105. STEP(F, c, d, a, b, SET(6), 11)
  106. STEP(F, b, c, d, a, SET(7), 19)
  107. STEP(F, a, b, c, d, SET(8), 3)
  108. STEP(F, d, a, b, c, SET(9), 7)
  109. STEP(F, c, d, a, b, SET(10), 11)
  110. STEP(F, b, c, d, a, SET(11), 19)
  111. STEP(F, a, b, c, d, SET(12), 3)
  112. STEP(F, d, a, b, c, SET(13), 7)
  113. STEP(F, c, d, a, b, SET(14), 11)
  114. STEP(F, b, c, d, a, SET(15), 19)
  115. /* Round 2 */
  116. STEP(G, a, b, c, d, GET(0) + 0x5a827999, 3)
  117. STEP(G, d, a, b, c, GET(4) + 0x5a827999, 5)
  118. STEP(G, c, d, a, b, GET(8) + 0x5a827999, 9)
  119. STEP(G, b, c, d, a, GET(12) + 0x5a827999, 13)
  120. STEP(G, a, b, c, d, GET(1) + 0x5a827999, 3)
  121. STEP(G, d, a, b, c, GET(5) + 0x5a827999, 5)
  122. STEP(G, c, d, a, b, GET(9) + 0x5a827999, 9)
  123. STEP(G, b, c, d, a, GET(13) + 0x5a827999, 13)
  124. STEP(G, a, b, c, d, GET(2) + 0x5a827999, 3)
  125. STEP(G, d, a, b, c, GET(6) + 0x5a827999, 5)
  126. STEP(G, c, d, a, b, GET(10) + 0x5a827999, 9)
  127. STEP(G, b, c, d, a, GET(14) + 0x5a827999, 13)
  128. STEP(G, a, b, c, d, GET(3) + 0x5a827999, 3)
  129. STEP(G, d, a, b, c, GET(7) + 0x5a827999, 5)
  130. STEP(G, c, d, a, b, GET(11) + 0x5a827999, 9)
  131. STEP(G, b, c, d, a, GET(15) + 0x5a827999, 13)
  132. /* Round 3 */
  133. STEP(H, a, b, c, d, GET(0) + 0x6ed9eba1, 3)
  134. STEP(H, d, a, b, c, GET(8) + 0x6ed9eba1, 9)
  135. STEP(H, c, d, a, b, GET(4) + 0x6ed9eba1, 11)
  136. STEP(H, b, c, d, a, GET(12) + 0x6ed9eba1, 15)
  137. STEP(H, a, b, c, d, GET(2) + 0x6ed9eba1, 3)
  138. STEP(H, d, a, b, c, GET(10) + 0x6ed9eba1, 9)
  139. STEP(H, c, d, a, b, GET(6) + 0x6ed9eba1, 11)
  140. STEP(H, b, c, d, a, GET(14) + 0x6ed9eba1, 15)
  141. STEP(H, a, b, c, d, GET(1) + 0x6ed9eba1, 3)
  142. STEP(H, d, a, b, c, GET(9) + 0x6ed9eba1, 9)
  143. STEP(H, c, d, a, b, GET(5) + 0x6ed9eba1, 11)
  144. STEP(H, b, c, d, a, GET(13) + 0x6ed9eba1, 15)
  145. STEP(H, a, b, c, d, GET(3) + 0x6ed9eba1, 3)
  146. STEP(H, d, a, b, c, GET(11) + 0x6ed9eba1, 9)
  147. STEP(H, c, d, a, b, GET(7) + 0x6ed9eba1, 11)
  148. STEP(H, b, c, d, a, GET(15) + 0x6ed9eba1, 15)
  149. a += saved_a;
  150. b += saved_b;
  151. c += saved_c;
  152. d += saved_d;
  153. ptr += 64;
  154. }
  155. while (size -= 64);
  156. ctx->a = a;
  157. ctx->b = b;
  158. ctx->c = c;
  159. ctx->d = d;
  160. return ptr;
  161. }
  162. void MD4_Init(MD4_CTX *ctx)
  163. {
  164. ctx->a = 0x67452301;
  165. ctx->b = 0xefcdab89;
  166. ctx->c = 0x98badcfe;
  167. ctx->d = 0x10325476;
  168. ctx->lo = 0;
  169. ctx->hi = 0;
  170. }
  171. void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
  172. {
  173. MD4_u32plus saved_lo;
  174. unsigned long used, available;
  175. saved_lo = ctx->lo;
  176. if ((ctx->lo = (saved_lo + size) & 0x1fffffff) < saved_lo)
  177. ctx->hi++;
  178. ctx->hi += size >> 29;
  179. used = saved_lo & 0x3f;
  180. if (used)
  181. {
  182. available = 64 - used;
  183. if (size < available)
  184. {
  185. memcpy(&ctx->buffer[used], data, size);
  186. return;
  187. }
  188. memcpy(&ctx->buffer[used], data, available);
  189. data = (const unsigned char *)data + available;
  190. size -= available;
  191. body(ctx, ctx->buffer, 64);
  192. }
  193. if (size >= 64)
  194. {
  195. data = body(ctx, data, size & ~(unsigned long)0x3f);
  196. size &= 0x3f;
  197. }
  198. memcpy(ctx->buffer, data, size);
  199. }
  200. void MD4_Final(unsigned char *result, MD4_CTX *ctx)
  201. {
  202. unsigned long used, available;
  203. used = ctx->lo & 0x3f;
  204. ctx->buffer[used++] = 0x80;
  205. available = 64 - used;
  206. if (available < 8)
  207. {
  208. memset(&ctx->buffer[used], 0, available);
  209. body(ctx, ctx->buffer, 64);
  210. used = 0;
  211. available = 64;
  212. }
  213. memset(&ctx->buffer[used], 0, available - 8);
  214. ctx->lo <<= 3;
  215. ctx->buffer[56] = ctx->lo;
  216. ctx->buffer[57] = ctx->lo >> 8;
  217. ctx->buffer[58] = ctx->lo >> 16;
  218. ctx->buffer[59] = ctx->lo >> 24;
  219. ctx->buffer[60] = ctx->hi;
  220. ctx->buffer[61] = ctx->hi >> 8;
  221. ctx->buffer[62] = ctx->hi >> 16;
  222. ctx->buffer[63] = ctx->hi >> 24;
  223. body(ctx, ctx->buffer, 64);
  224. result[0] = ctx->a;
  225. result[1] = ctx->a >> 8;
  226. result[2] = ctx->a >> 16;
  227. result[3] = ctx->a >> 24;
  228. result[4] = ctx->b;
  229. result[5] = ctx->b >> 8;
  230. result[6] = ctx->b >> 16;
  231. result[7] = ctx->b >> 24;
  232. result[8] = ctx->c;
  233. result[9] = ctx->c >> 8;
  234. result[10] = ctx->c >> 16;
  235. result[11] = ctx->c >> 24;
  236. result[12] = ctx->d;
  237. result[13] = ctx->d >> 8;
  238. result[14] = ctx->d >> 16;
  239. result[15] = ctx->d >> 24;
  240. memset(ctx, 0, sizeof(*ctx));
  241. }
  242. #endif