2 * md4c.c MD4 message-digest algorithm
6 * This file is licensed under the LGPL, but is largely derived
7 * from public domain source code.
10 #include <freeradius-devel/ident.h>
13 #include <freeradius-devel/autoconf.h>
16 * FORCE MD4 TO USE OUR MD4 HEADER FILE!
17 * If we don't do this, it might pick up the systems broken MD4.
19 #include "../include/md4.h"
21 void md4_calc(output, input, inlen)
22 unsigned char *output;
23 const unsigned char *input; /* input block */
24 unsigned int inlen; /* length of input block */
29 MD4Update(&context, input, inlen);
30 MD4Final(output, &context);
33 /* The below was retrieved from
34 * http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/lib/libc/hash/md4.c?rev=1.2
35 * with the following changes:
36 * CVS-$OpenBSD stuff deleted
37 * #includes commented out.
38 * Support context->count as uint32_t[2] instead of uint64_t
39 * Add htole32 define from http://www.squid-cache.org/mail-archive/squid-dev/200307/0130.html
40 * (The bswap32 definition in the patch.)
41 * This is only used on BIG_ENDIAN systems, so we can always swap the bits.
42 * change BYTE_ORDER == LITTLE_ENDIAN (OpenBSD-defined) to WORDS_BIGENDIAN (autoconf-defined)
46 * This code implements the MD4 message-digest algorithm.
47 * The algorithm is due to Ron Rivest. This code was
48 * written by Colin Plumb in 1993, no copyright is claimed.
49 * This code is in the public domain; do with it what you wish.
50 * Todd C. Miller modified the MD5 code to do MD4 based on RFC 1186.
52 * Equivalent code is available from RSA Data Security, Inc.
53 * This code has been tested against that, and is equivalent,
54 * except that you don't need to include two pages of legalese
57 * To compute the message digest of a chunk of bytes, declare an
58 * MD4Context structure, pass it to MD4Init, call MD4Update as
59 * needed on buffers full of bytes, and then call MD4Final, which
60 * will fill a supplied 16-byte array with the digest.
63 /*#include <sys/types.h>*/
64 /*#include <string.h>*/
67 /*#if BYTE_ORDER == LITTLE_ENDIAN*/
68 #ifndef WORDS_BIGENDIAN
70 #define htole32_4(buf) /* Nothing */
71 #define htole32_14(buf) /* Nothing */
72 #define htole32_16(buf) /* Nothing */
77 (((((uint32_t)x) & 0xff000000) >> 24) | \
78 ((((uint32_t)x) & 0x00ff0000) >> 8) | \
79 ((((uint32_t)x) & 0x0000ff00) << 8) | \
80 ((((uint32_t)x) & 0x000000ff) << 24))
82 #define htole32_4(buf) do { \
83 (buf)[ 0] = htole32((buf)[ 0]); \
84 (buf)[ 1] = htole32((buf)[ 1]); \
85 (buf)[ 2] = htole32((buf)[ 2]); \
86 (buf)[ 3] = htole32((buf)[ 3]); \
89 #define htole32_14(buf) do { \
90 (buf)[ 0] = htole32((buf)[ 0]); \
91 (buf)[ 1] = htole32((buf)[ 1]); \
92 (buf)[ 2] = htole32((buf)[ 2]); \
93 (buf)[ 3] = htole32((buf)[ 3]); \
94 (buf)[ 4] = htole32((buf)[ 4]); \
95 (buf)[ 5] = htole32((buf)[ 5]); \
96 (buf)[ 6] = htole32((buf)[ 6]); \
97 (buf)[ 7] = htole32((buf)[ 7]); \
98 (buf)[ 8] = htole32((buf)[ 8]); \
99 (buf)[ 9] = htole32((buf)[ 9]); \
100 (buf)[10] = htole32((buf)[10]); \
101 (buf)[11] = htole32((buf)[11]); \
102 (buf)[12] = htole32((buf)[12]); \
103 (buf)[13] = htole32((buf)[13]); \
106 #define htole32_16(buf) do { \
107 (buf)[ 0] = htole32((buf)[ 0]); \
108 (buf)[ 1] = htole32((buf)[ 1]); \
109 (buf)[ 2] = htole32((buf)[ 2]); \
110 (buf)[ 3] = htole32((buf)[ 3]); \
111 (buf)[ 4] = htole32((buf)[ 4]); \
112 (buf)[ 5] = htole32((buf)[ 5]); \
113 (buf)[ 6] = htole32((buf)[ 6]); \
114 (buf)[ 7] = htole32((buf)[ 7]); \
115 (buf)[ 8] = htole32((buf)[ 8]); \
116 (buf)[ 9] = htole32((buf)[ 9]); \
117 (buf)[10] = htole32((buf)[10]); \
118 (buf)[11] = htole32((buf)[11]); \
119 (buf)[12] = htole32((buf)[12]); \
120 (buf)[13] = htole32((buf)[13]); \
121 (buf)[14] = htole32((buf)[14]); \
122 (buf)[15] = htole32((buf)[15]); \
128 * Start MD4 accumulation.
129 * Set bit count to 0 and buffer to mysterious initialization constants.
132 MD4Init(MD4_CTX *ctx)
136 ctx->state[0] = 0x67452301;
137 ctx->state[1] = 0xefcdab89;
138 ctx->state[2] = 0x98badcfe;
139 ctx->state[3] = 0x10325476;
143 * Update context to reflect the concatenation of another buffer full
147 MD4Update(MD4_CTX *ctx, const unsigned char *buf, size_t len)
151 /* Bytes already stored in ctx->buffer */
152 count = (uint32_t)((ctx->count[0] >> 3) & 0x3f);
154 /* Update bitcount */
155 /* ctx->count += (uint64_t)len << 3;*/
156 if ((ctx->count[0] += ((uint32_t)len << 3)) < (uint32_t)len) {
157 /* Overflowed ctx->count[0] */
160 ctx->count[1] += ((uint32_t)len >> 29);
162 /* Handle any leading odd-sized chunks */
164 unsigned char *p = (unsigned char *)ctx->buffer + count;
166 count = MD4_BLOCK_LENGTH - count;
171 memcpy(p, buf, count);
172 htole32_16((uint32_t *)ctx->buffer);
173 MD4Transform(ctx->state, ctx->buffer);
178 /* Process data in MD4_BLOCK_LENGTH-byte chunks */
179 while (len >= MD4_BLOCK_LENGTH) {
180 memcpy(ctx->buffer, buf, MD4_BLOCK_LENGTH);
181 htole32_16((uint32_t *)ctx->buffer);
182 MD4Transform(ctx->state, ctx->buffer);
183 buf += MD4_BLOCK_LENGTH;
184 len -= MD4_BLOCK_LENGTH;
187 /* Handle any remaining bytes of data. */
188 memcpy(ctx->buffer, buf, len);
192 * Final wrapup - pad to 64-byte boundary with the bit pattern
193 * 1 0* (64-bit count of bits processed, MSB-first)
196 MD4Final(unsigned char digest[MD4_DIGEST_LENGTH], MD4_CTX *ctx)
201 /* number of bytes mod 64 */
202 count = (uint32_t)(ctx->count[0] >> 3) & 0x3f;
205 * Set the first char of padding to 0x80.
206 * This is safe since there is always at least one byte free.
208 p = ctx->buffer + count;
211 /* Bytes of padding needed to make 64 bytes */
212 count = 64 - 1 - count;
214 /* Pad out to 56 mod 64 */
216 /* Two lots of padding: Pad the first block to 64 bytes */
218 htole32_16((uint32_t *)ctx->buffer);
219 MD4Transform(ctx->state, ctx->buffer);
221 /* Now fill the next block with 56 bytes */
222 memset(ctx->buffer, 0, 56);
224 /* Pad block to 56 bytes */
225 memset(p, 0, count - 8);
227 htole32_14((uint32_t *)ctx->buffer);
229 /* Append bit count and transform */
230 ((uint32_t *)ctx->buffer)[14] = ctx->count[0];
231 ((uint32_t *)ctx->buffer)[15] = ctx->count[1];
233 MD4Transform(ctx->state, ctx->buffer);
234 htole32_4(ctx->state);
235 memcpy(digest, ctx->state, MD4_DIGEST_LENGTH);
236 memset(ctx, 0, sizeof(*ctx)); /* in case it's sensitive */
240 /* The three core functions - F1 is optimized somewhat */
242 /* #define F1(x, y, z) (x & y | ~x & z) */
243 #define F1(x, y, z) (z ^ (x & (y ^ z)))
244 #define F2(x, y, z) ((x & y) | (x & z) | (y & z))
245 #define F3(x, y, z) (x ^ y ^ z)
247 /* This is the central step in the MD4 algorithm. */
248 #define MD4STEP(f, w, x, y, z, data, s) \
249 ( w += f(x, y, z) + data, w = w<<s | w>>(32-s) )
252 * The core of the MD4 algorithm, this alters an existing MD4 hash to
253 * reflect the addition of 16 longwords of new data. MD4Update blocks
254 * the data and converts bytes into longwords for this routine.
257 MD4Transform(uint32_t buf[4], const unsigned char inc[MD4_BLOCK_LENGTH])
260 const uint32_t *in = (const uint32_t *)inc;
267 MD4STEP(F1, a, b, c, d, in[ 0], 3);
268 MD4STEP(F1, d, a, b, c, in[ 1], 7);
269 MD4STEP(F1, c, d, a, b, in[ 2], 11);
270 MD4STEP(F1, b, c, d, a, in[ 3], 19);
271 MD4STEP(F1, a, b, c, d, in[ 4], 3);
272 MD4STEP(F1, d, a, b, c, in[ 5], 7);
273 MD4STEP(F1, c, d, a, b, in[ 6], 11);
274 MD4STEP(F1, b, c, d, a, in[ 7], 19);
275 MD4STEP(F1, a, b, c, d, in[ 8], 3);
276 MD4STEP(F1, d, a, b, c, in[ 9], 7);
277 MD4STEP(F1, c, d, a, b, in[10], 11);
278 MD4STEP(F1, b, c, d, a, in[11], 19);
279 MD4STEP(F1, a, b, c, d, in[12], 3);
280 MD4STEP(F1, d, a, b, c, in[13], 7);
281 MD4STEP(F1, c, d, a, b, in[14], 11);
282 MD4STEP(F1, b, c, d, a, in[15], 19);
284 MD4STEP(F2, a, b, c, d, in[ 0] + 0x5a827999, 3);
285 MD4STEP(F2, d, a, b, c, in[ 4] + 0x5a827999, 5);
286 MD4STEP(F2, c, d, a, b, in[ 8] + 0x5a827999, 9);
287 MD4STEP(F2, b, c, d, a, in[12] + 0x5a827999, 13);
288 MD4STEP(F2, a, b, c, d, in[ 1] + 0x5a827999, 3);
289 MD4STEP(F2, d, a, b, c, in[ 5] + 0x5a827999, 5);
290 MD4STEP(F2, c, d, a, b, in[ 9] + 0x5a827999, 9);
291 MD4STEP(F2, b, c, d, a, in[13] + 0x5a827999, 13);
292 MD4STEP(F2, a, b, c, d, in[ 2] + 0x5a827999, 3);
293 MD4STEP(F2, d, a, b, c, in[ 6] + 0x5a827999, 5);
294 MD4STEP(F2, c, d, a, b, in[10] + 0x5a827999, 9);
295 MD4STEP(F2, b, c, d, a, in[14] + 0x5a827999, 13);
296 MD4STEP(F2, a, b, c, d, in[ 3] + 0x5a827999, 3);
297 MD4STEP(F2, d, a, b, c, in[ 7] + 0x5a827999, 5);
298 MD4STEP(F2, c, d, a, b, in[11] + 0x5a827999, 9);
299 MD4STEP(F2, b, c, d, a, in[15] + 0x5a827999, 13);
301 MD4STEP(F3, a, b, c, d, in[ 0] + 0x6ed9eba1, 3);
302 MD4STEP(F3, d, a, b, c, in[ 8] + 0x6ed9eba1, 9);
303 MD4STEP(F3, c, d, a, b, in[ 4] + 0x6ed9eba1, 11);
304 MD4STEP(F3, b, c, d, a, in[12] + 0x6ed9eba1, 15);
305 MD4STEP(F3, a, b, c, d, in[ 2] + 0x6ed9eba1, 3);
306 MD4STEP(F3, d, a, b, c, in[10] + 0x6ed9eba1, 9);
307 MD4STEP(F3, c, d, a, b, in[ 6] + 0x6ed9eba1, 11);
308 MD4STEP(F3, b, c, d, a, in[14] + 0x6ed9eba1, 15);
309 MD4STEP(F3, a, b, c, d, in[ 1] + 0x6ed9eba1, 3);
310 MD4STEP(F3, d, a, b, c, in[ 9] + 0x6ed9eba1, 9);
311 MD4STEP(F3, c, d, a, b, in[ 5] + 0x6ed9eba1, 11);
312 MD4STEP(F3, b, c, d, a, in[13] + 0x6ed9eba1, 15);
313 MD4STEP(F3, a, b, c, d, in[ 3] + 0x6ed9eba1, 3);
314 MD4STEP(F3, d, a, b, c, in[11] + 0x6ed9eba1, 9);
315 MD4STEP(F3, c, d, a, b, in[ 7] + 0x6ed9eba1, 11);
316 MD4STEP(F3, b, c, d, a, in[15] + 0x6ed9eba1, 15);