2 * Copyright (C) 2001 Nikos Mavroyanopoulos
3 * Copyright (C) 2004 Hans Leidekker
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 * This code implements the MD4 message-digest algorithm.
22 * It is based on code in the public domain written by Colin
23 * Plumb in 1993. The algorithm is due to Ron Rivest.
25 * Equivalent code is available from RSA Data Security, Inc.
26 * This code has been tested against that, and is equivalent,
27 * except that you don't need to include two pages of legalese
30 * To compute the message digest of a chunk of bytes, declare an
31 * MD4_CTX structure, pass it to MD4Init, call MD4Update as
32 * needed on buffers full of bytes, and then call MD4Final, which
33 * will fill a supplied 16-byte array with the digest.
45 unsigned char digest[16];
48 static void MD4Transform( unsigned int buf[4], unsigned int const in[16] );
51 * Note: this code is harmless on little-endian machines.
53 static void byteReverse( unsigned char *buf, unsigned longs )
58 t = (unsigned int)((unsigned)buf[3] << 8 | buf[2]) << 16 |
59 ((unsigned)buf[1] << 8 | buf[0]);
60 *(unsigned int *)buf = t;
66 * Start MD4 accumulation. Set bit count to 0 and buffer to mysterious
67 * initialization constants.
69 VOID WINAPI MD4Init( MD4_CTX *ctx )
71 ctx->buf[0] = 0x67452301;
72 ctx->buf[1] = 0xefcdab89;
73 ctx->buf[2] = 0x98badcfe;
74 ctx->buf[3] = 0x10325476;
76 ctx->i[0] = ctx->i[1] = 0;
80 * Update context to reflect the concatenation of another buffer full
83 VOID WINAPI MD4Update( MD4_CTX *ctx, const unsigned char *buf, unsigned int len )
85 register unsigned int t;
90 if ((ctx->i[0] = t + ((unsigned int)len << 3)) < t)
91 ctx->i[1]++; /* Carry from low to high */
93 ctx->i[1] += len >> 29;
96 /* Handle any leading odd-sized chunks */
99 unsigned char *p = (unsigned char *)ctx->in + t;
104 memcpy( p, buf, len );
109 byteReverse( ctx->in, 16 );
111 MD4Transform( ctx->buf, (unsigned int *)ctx->in );
117 /* Process data in 64-byte chunks */
120 memcpy( ctx->in, buf, 64 );
121 byteReverse( ctx->in, 16 );
123 MD4Transform( ctx->buf, (unsigned int *)ctx->in );
129 /* Handle any remaining bytes of data. */
130 memcpy( ctx->in, buf, len );
134 * Final wrapup - pad to 64-byte boundary with the bit pattern
135 * 1 0* (64-bit count of bits processed, MSB-first)
137 VOID WINAPI MD4Final( MD4_CTX *ctx )
142 /* Compute number of bytes mod 64 */
143 count = (ctx->i[0] >> 3) & 0x3F;
145 /* Set the first char of padding to 0x80. This is safe since there is
146 always at least one byte free */
150 /* Bytes of padding needed to make 64 bytes */
151 count = 64 - 1 - count;
153 /* Pad out to 56 mod 64 */
156 /* Two lots of padding: Pad the first block to 64 bytes */
157 memset( p, 0, count );
158 byteReverse( ctx->in, 16 );
159 MD4Transform( ctx->buf, (unsigned int *)ctx->in );
161 /* Now fill the next block with 56 bytes */
162 memset( ctx->in, 0, 56 );
166 /* Pad block to 56 bytes */
167 memset( p, 0, count - 8 );
170 byteReverse( ctx->in, 14 );
172 /* Append length in bits and transform */
173 ((unsigned int *)ctx->in)[14] = ctx->i[0];
174 ((unsigned int *)ctx->in)[15] = ctx->i[1];
176 MD4Transform( ctx->buf, (unsigned int *)ctx->in );
177 byteReverse( (unsigned char *)ctx->buf, 4 );
178 memcpy( ctx->digest, ctx->buf, 16 );
181 /* The three core functions */
183 #define rotl32(x,n) (((x) << ((unsigned int)(n))) | ((x) >> (32 - (unsigned int)(n))))
185 #define F( x, y, z ) (((x) & (y)) | ((~x) & (z)))
186 #define G( x, y, z ) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
187 #define H( x, y, z ) ((x) ^ (y) ^ (z))
189 #define FF( a, b, c, d, x, s ) { \
190 (a) += F( (b), (c), (d) ) + (x); \
191 (a) = rotl32( (a), (s) ); \
193 #define GG( a, b, c, d, x, s ) { \
194 (a) += G( (b), (c), (d) ) + (x) + (unsigned int)0x5a827999; \
195 (a) = rotl32( (a), (s) ); \
197 #define HH( a, b, c, d, x, s ) { \
198 (a) += H( (b), (c), (d) ) + (x) + (unsigned int)0x6ed9eba1; \
199 (a) = rotl32( (a), (s) ); \
203 * The core of the MD4 algorithm
205 static void MD4Transform( unsigned int buf[4], const unsigned int in[16] )
207 register unsigned int a, b, c, d;
214 FF( a, b, c, d, in[0], 3 );
215 FF( d, a, b, c, in[1], 7 );
216 FF( c, d, a, b, in[2], 11 );
217 FF( b, c, d, a, in[3], 19 );
218 FF( a, b, c, d, in[4], 3 );
219 FF( d, a, b, c, in[5], 7 );
220 FF( c, d, a, b, in[6], 11 );
221 FF( b, c, d, a, in[7], 19 );
222 FF( a, b, c, d, in[8], 3 );
223 FF( d, a, b, c, in[9], 7 );
224 FF( c, d, a, b, in[10], 11 );
225 FF( b, c, d, a, in[11], 19 );
226 FF( a, b, c, d, in[12], 3 );
227 FF( d, a, b, c, in[13], 7 );
228 FF( c, d, a, b, in[14], 11 );
229 FF( b, c, d, a, in[15], 19 );
231 GG( a, b, c, d, in[0], 3 );
232 GG( d, a, b, c, in[4], 5 );
233 GG( c, d, a, b, in[8], 9 );
234 GG( b, c, d, a, in[12], 13 );
235 GG( a, b, c, d, in[1], 3 );
236 GG( d, a, b, c, in[5], 5 );
237 GG( c, d, a, b, in[9], 9 );
238 GG( b, c, d, a, in[13], 13 );
239 GG( a, b, c, d, in[2], 3 );
240 GG( d, a, b, c, in[6], 5 );
241 GG( c, d, a, b, in[10], 9 );
242 GG( b, c, d, a, in[14], 13 );
243 GG( a, b, c, d, in[3], 3 );
244 GG( d, a, b, c, in[7], 5 );
245 GG( c, d, a, b, in[11], 9 );
246 GG( b, c, d, a, in[15], 13 );
248 HH( a, b, c, d, in[0], 3 );
249 HH( d, a, b, c, in[8], 9 );
250 HH( c, d, a, b, in[4], 11 );
251 HH( b, c, d, a, in[12], 15 );
252 HH( a, b, c, d, in[2], 3 );
253 HH( d, a, b, c, in[10], 9 );
254 HH( c, d, a, b, in[6], 11 );
255 HH( b, c, d, a, in[14], 15 );
256 HH( a, b, c, d, in[1], 3 );
257 HH( d, a, b, c, in[9], 9 );
258 HH( c, d, a, b, in[5], 11 );
259 HH( b, c, d, a, in[13], 15 );
260 HH( a, b, c, d, in[3], 3 );
261 HH( d, a, b, c, in[11], 9 );
262 HH( c, d, a, b, in[7], 11 );
263 HH( b, c, d, a, in[15], 15 );