2 * MD4 (RFC-1320) message digest.
3 * Modified from MD5 code by Andrey Panin <pazke@donpac.ru>
5 * Written by Solar Designer <solar@openwall.com> in 2001, and placed in
6 * the public domain. There's absolutely no warranty.
8 * This differs from Colin Plumb's older public domain implementation in
9 * that no 32-bit integer data type is required, there's no compile-time
10 * endianness configuration, and the function prototypes match OpenSSL's.
11 * The primary goals are portability and ease of use.
13 * This implementation is meant to be fast, but not as fast as possible.
14 * Some known optimizations are not included to reduce source code size
15 * and avoid compile-time configuration.
23 * The basic MD4 functions.
25 #define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
26 #define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
27 #define H(x, y, z) ((x) ^ (y) ^ (z))
30 * The MD4 transformation for all four rounds.
32 #define STEP(f, a, b, c, d, x, s) \
33 (a) += f((b), (c), (d)) + (x); \
34 (a) = ((a) << (s)) | ((a) >> (32 - (s)))
38 * SET reads 4 input bytes in little-endian byte order and stores them
39 * in a properly aligned word in host byte order.
41 * The check for little-endian architectures which tolerate unaligned
42 * memory accesses is just an optimization. Nothing will break if it
45 #if defined(__i386__) || defined(__x86_64__)
47 (*(const quint32 *)&ptr[(n) * 4])
53 (quint32)ptr[(n) * 4] | \
54 ((quint32)ptr[(n) * 4 + 1] << 8) | \
55 ((quint32)ptr[(n) * 4 + 2] << 16) | \
56 ((quint32)ptr[(n) * 4 + 3] << 24))
62 * This processes one or more 64-byte data blocks, but does NOT update
63 * the bit counters. There're no alignment requirements.
65 static const unsigned char *body(struct md4_context *ctx, const unsigned char *data, size_t size)
67 const unsigned char *ptr;
69 quint32 saved_a, saved_b, saved_c, saved_d;
85 STEP(F, a, b, c, d, SET( 0), 3);
86 STEP(F, d, a, b, c, SET( 1), 7);
87 STEP(F, c, d, a, b, SET( 2), 11);
88 STEP(F, b, c, d, a, SET( 3), 19);
90 STEP(F, a, b, c, d, SET( 4), 3);
91 STEP(F, d, a, b, c, SET( 5), 7);
92 STEP(F, c, d, a, b, SET( 6), 11);
93 STEP(F, b, c, d, a, SET( 7), 19);
95 STEP(F, a, b, c, d, SET( 8), 3);
96 STEP(F, d, a, b, c, SET( 9), 7);
97 STEP(F, c, d, a, b, SET(10), 11);
98 STEP(F, b, c, d, a, SET(11), 19);
100 STEP(F, a, b, c, d, SET(12), 3);
101 STEP(F, d, a, b, c, SET(13), 7);
102 STEP(F, c, d, a, b, SET(14), 11);
103 STEP(F, b, c, d, a, SET(15), 19);
105 STEP(G, a, b, c, d, GET( 0) + 0x5A827999, 3);
106 STEP(G, d, a, b, c, GET( 4) + 0x5A827999, 5);
107 STEP(G, c, d, a, b, GET( 8) + 0x5A827999, 9);
108 STEP(G, b, c, d, a, GET(12) + 0x5A827999, 13);
110 STEP(G, a, b, c, d, GET( 1) + 0x5A827999, 3);
111 STEP(G, d, a, b, c, GET( 5) + 0x5A827999, 5);
112 STEP(G, c, d, a, b, GET( 9) + 0x5A827999, 9);
113 STEP(G, b, c, d, a, GET(13) + 0x5A827999, 13);
115 STEP(G, a, b, c, d, GET( 2) + 0x5A827999, 3);
116 STEP(G, d, a, b, c, GET( 6) + 0x5A827999, 5);
117 STEP(G, c, d, a, b, GET(10) + 0x5A827999, 9);
118 STEP(G, b, c, d, a, GET(14) + 0x5A827999, 13);
120 STEP(G, a, b, c, d, GET( 3) + 0x5A827999, 3);
121 STEP(G, d, a, b, c, GET( 7) + 0x5A827999, 5);
122 STEP(G, c, d, a, b, GET(11) + 0x5A827999, 9);
123 STEP(G, b, c, d, a, GET(15) + 0x5A827999, 13);
125 STEP(H, a, b, c, d, GET( 0) + 0x6ED9EBA1, 3);
126 STEP(H, d, a, b, c, GET( 8) + 0x6ED9EBA1, 9);
127 STEP(H, c, d, a, b, GET( 4) + 0x6ED9EBA1, 11);
128 STEP(H, b, c, d, a, GET(12) + 0x6ED9EBA1, 15);
130 STEP(H, a, b, c, d, GET( 2) + 0x6ED9EBA1, 3);
131 STEP(H, d, a, b, c, GET(10) + 0x6ED9EBA1, 9);
132 STEP(H, c, d, a, b, GET( 6) + 0x6ED9EBA1, 11);
133 STEP(H, b, c, d, a, GET(14) + 0x6ED9EBA1, 15);
135 STEP(H, a, b, c, d, GET( 1) + 0x6ED9EBA1, 3);
136 STEP(H, d, a, b, c, GET( 9) + 0x6ED9EBA1, 9);
137 STEP(H, c, d, a, b, GET( 5) + 0x6ED9EBA1, 11);
138 STEP(H, b, c, d, a, GET(13) + 0x6ED9EBA1, 15);
140 STEP(H, a, b, c, d, GET( 3) + 0x6ED9EBA1, 3);
141 STEP(H, d, a, b, c, GET(11) + 0x6ED9EBA1, 9);
142 STEP(H, c, d, a, b, GET( 7) + 0x6ED9EBA1, 11);
143 STEP(H, b, c, d, a, GET(15) + 0x6ED9EBA1, 15);
151 } while (size -= 64);
161 static void md4_init(struct md4_context *ctx)
172 static void md4_update(struct md4_context *ctx, const unsigned char *data, size_t size)
176 unsigned long used, free;
179 if ((ctx->lo = (saved_lo + size) & 0x1fffffff) < saved_lo)
181 ctx->hi += size >> 29;
183 used = saved_lo & 0x3f;
189 memcpy(&ctx->buffer[used], data, size);
193 memcpy(&ctx->buffer[used], data, free);
194 data = (const unsigned char *) data + free;
196 body(ctx, ctx->buffer, 64);
200 data = body(ctx, data, size & ~(unsigned long)0x3f);
204 memcpy(ctx->buffer, data, size);
207 static void md4_final(struct md4_context *ctx, unsigned char result[MD4_RESULTLEN])
210 unsigned long used, free;
212 used = ctx->lo & 0x3f;
214 ctx->buffer[used++] = 0x80;
219 memset(&ctx->buffer[used], 0, free);
220 body(ctx, ctx->buffer, 64);
225 memset(&ctx->buffer[used], 0, free - 8);
228 ctx->buffer[56] = ctx->lo;
229 ctx->buffer[57] = ctx->lo >> 8;
230 ctx->buffer[58] = ctx->lo >> 16;
231 ctx->buffer[59] = ctx->lo >> 24;
232 ctx->buffer[60] = ctx->hi;
233 ctx->buffer[61] = ctx->hi >> 8;
234 ctx->buffer[62] = ctx->hi >> 16;
235 ctx->buffer[63] = ctx->hi >> 24;
237 body(ctx, ctx->buffer, 64);
240 result[1] = ctx->a >> 8;
241 result[2] = ctx->a >> 16;
242 result[3] = ctx->a >> 24;
244 result[5] = ctx->b >> 8;
245 result[6] = ctx->b >> 16;
246 result[7] = ctx->b >> 24;
248 result[9] = ctx->c >> 8;
249 result[10] = ctx->c >> 16;
250 result[11] = ctx->c >> 24;
252 result[13] = ctx->d >> 8;
253 result[14] = ctx->d >> 16;
254 result[15] = ctx->d >> 24;
256 memset(ctx, 0, sizeof(*ctx));