2 * md4c.c MD4 message-digest algorithm
6 * This file is licensed under the LGPL, but is largely derived
7 * from public domain source code.
10 #include <freeradius-devel/ident.h>
13 #include <freeradius-devel/autoconf.h>
16 * FORCE MD4 TO USE OUR MD4 HEADER FILE!
17 * If we don't do this, it might pick up the systems broken MD4.
19 #include "../include/md4.h"
21 void fr_md4_calc(output, input, inlen)
22 unsigned char *output;
23 const unsigned char *input; /* input block */
24 unsigned int inlen; /* length of input block */
29 fr_MD4Update(&context, input, inlen);
30 fr_MD4Final(output, &context);
33 #ifndef WITH_OPENSSL_MD4
34 /* The below was retrieved from
35 * http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/lib/libc/hash/md4.c?rev=1.2
36 * with the following changes:
37 * CVS-$OpenBSD stuff deleted
38 * #includes commented out.
39 * Support context->count as uint32_t[2] instead of uint64_t
40 * Add htole32 define from http://www.squid-cache.org/mail-archive/squid-dev/200307/0130.html
41 * (The bswap32 definition in the patch.)
42 * This is only used on BIG_ENDIAN systems, so we can always swap the bits.
43 * change BYTE_ORDER == LITTLE_ENDIAN (OpenBSD-defined) to WORDS_BIGENDIAN (autoconf-defined)
47 * This code implements the MD4 message-digest algorithm.
48 * The algorithm is due to Ron Rivest. This code was
49 * written by Colin Plumb in 1993, no copyright is claimed.
50 * This code is in the public domain; do with it what you wish.
51 * Todd C. Miller modified the MD5 code to do MD4 based on RFC 1186.
53 * Equivalent code is available from RSA Data Security, Inc.
54 * This code has been tested against that, and is equivalent,
55 * except that you don't need to include two pages of legalese
58 * To compute the message digest of a chunk of bytes, declare an
59 * MD4Context structure, pass it to fr_MD4Init, call fr_MD4Update as
60 * needed on buffers full of bytes, and then call fr_MD4Final, which
61 * will fill a supplied 16-byte array with the digest.
64 /*#include <sys/types.h>*/
65 /*#include <string.h>*/
68 /*#if BYTE_ORDER == LITTLE_ENDIAN*/
69 #ifndef WORDS_BIGENDIAN
71 #define htole32_4(buf) /* Nothing */
72 #define htole32_14(buf) /* Nothing */
73 #define htole32_16(buf) /* Nothing */
78 (((((uint32_t)x) & 0xff000000) >> 24) | \
79 ((((uint32_t)x) & 0x00ff0000) >> 8) | \
80 ((((uint32_t)x) & 0x0000ff00) << 8) | \
81 ((((uint32_t)x) & 0x000000ff) << 24))
83 #define htole32_4(buf) do { \
84 (buf)[ 0] = htole32((buf)[ 0]); \
85 (buf)[ 1] = htole32((buf)[ 1]); \
86 (buf)[ 2] = htole32((buf)[ 2]); \
87 (buf)[ 3] = htole32((buf)[ 3]); \
90 #define htole32_14(buf) do { \
91 (buf)[ 0] = htole32((buf)[ 0]); \
92 (buf)[ 1] = htole32((buf)[ 1]); \
93 (buf)[ 2] = htole32((buf)[ 2]); \
94 (buf)[ 3] = htole32((buf)[ 3]); \
95 (buf)[ 4] = htole32((buf)[ 4]); \
96 (buf)[ 5] = htole32((buf)[ 5]); \
97 (buf)[ 6] = htole32((buf)[ 6]); \
98 (buf)[ 7] = htole32((buf)[ 7]); \
99 (buf)[ 8] = htole32((buf)[ 8]); \
100 (buf)[ 9] = htole32((buf)[ 9]); \
101 (buf)[10] = htole32((buf)[10]); \
102 (buf)[11] = htole32((buf)[11]); \
103 (buf)[12] = htole32((buf)[12]); \
104 (buf)[13] = htole32((buf)[13]); \
107 #define htole32_16(buf) do { \
108 (buf)[ 0] = htole32((buf)[ 0]); \
109 (buf)[ 1] = htole32((buf)[ 1]); \
110 (buf)[ 2] = htole32((buf)[ 2]); \
111 (buf)[ 3] = htole32((buf)[ 3]); \
112 (buf)[ 4] = htole32((buf)[ 4]); \
113 (buf)[ 5] = htole32((buf)[ 5]); \
114 (buf)[ 6] = htole32((buf)[ 6]); \
115 (buf)[ 7] = htole32((buf)[ 7]); \
116 (buf)[ 8] = htole32((buf)[ 8]); \
117 (buf)[ 9] = htole32((buf)[ 9]); \
118 (buf)[10] = htole32((buf)[10]); \
119 (buf)[11] = htole32((buf)[11]); \
120 (buf)[12] = htole32((buf)[12]); \
121 (buf)[13] = htole32((buf)[13]); \
122 (buf)[14] = htole32((buf)[14]); \
123 (buf)[15] = htole32((buf)[15]); \
129 * Start MD4 accumulation.
130 * Set bit count to 0 and buffer to mysterious initialization constants.
133 fr_MD4Init(FR_MD4_CTX *ctx)
137 ctx->state[0] = 0x67452301;
138 ctx->state[1] = 0xefcdab89;
139 ctx->state[2] = 0x98badcfe;
140 ctx->state[3] = 0x10325476;
144 * Update context to reflect the concatenation of another buffer full
148 fr_MD4Update(FR_MD4_CTX *ctx, const unsigned char *buf, size_t len)
152 /* Bytes already stored in ctx->buffer */
153 count = (uint32_t)((ctx->count[0] >> 3) & 0x3f);
155 /* Update bitcount */
156 /* ctx->count += (uint64_t)len << 3;*/
157 if ((ctx->count[0] += ((uint32_t)len << 3)) < (uint32_t)len) {
158 /* Overflowed ctx->count[0] */
161 ctx->count[1] += ((uint32_t)len >> 29);
163 /* Handle any leading odd-sized chunks */
165 unsigned char *p = (unsigned char *)ctx->buffer + count;
167 count = MD4_BLOCK_LENGTH - count;
172 memcpy(p, buf, count);
173 htole32_16((uint32_t *)ctx->buffer);
174 fr_MD4Transform(ctx->state, ctx->buffer);
179 /* Process data in MD4_BLOCK_LENGTH-byte chunks */
180 while (len >= MD4_BLOCK_LENGTH) {
181 memcpy(ctx->buffer, buf, MD4_BLOCK_LENGTH);
182 htole32_16((uint32_t *)ctx->buffer);
183 fr_MD4Transform(ctx->state, ctx->buffer);
184 buf += MD4_BLOCK_LENGTH;
185 len -= MD4_BLOCK_LENGTH;
188 /* Handle any remaining bytes of data. */
189 memcpy(ctx->buffer, buf, len);
193 * Final wrapup - pad to 64-byte boundary with the bit pattern
194 * 1 0* (64-bit count of bits processed, MSB-first)
197 fr_MD4Final(unsigned char digest[MD4_DIGEST_LENGTH], FR_MD4_CTX *ctx)
202 /* number of bytes mod 64 */
203 count = (uint32_t)(ctx->count[0] >> 3) & 0x3f;
206 * Set the first char of padding to 0x80.
207 * This is safe since there is always at least one byte free.
209 p = ctx->buffer + count;
212 /* Bytes of padding needed to make 64 bytes */
213 count = 64 - 1 - count;
215 /* Pad out to 56 mod 64 */
217 /* Two lots of padding: Pad the first block to 64 bytes */
219 htole32_16((uint32_t *)ctx->buffer);
220 fr_MD4Transform(ctx->state, ctx->buffer);
222 /* Now fill the next block with 56 bytes */
223 memset(ctx->buffer, 0, 56);
225 /* Pad block to 56 bytes */
226 memset(p, 0, count - 8);
228 htole32_14((uint32_t *)ctx->buffer);
230 /* Append bit count and transform */
231 ((uint32_t *)ctx->buffer)[14] = ctx->count[0];
232 ((uint32_t *)ctx->buffer)[15] = ctx->count[1];
234 fr_MD4Transform(ctx->state, ctx->buffer);
235 htole32_4(ctx->state);
236 memcpy(digest, ctx->state, MD4_DIGEST_LENGTH);
237 memset(ctx, 0, sizeof(*ctx)); /* in case it's sensitive */
241 /* The three core functions - F1 is optimized somewhat */
243 /* #define F1(x, y, z) (x & y | ~x & z) */
244 #define F1(x, y, z) (z ^ (x & (y ^ z)))
245 #define F2(x, y, z) ((x & y) | (x & z) | (y & z))
246 #define F3(x, y, z) (x ^ y ^ z)
248 /* This is the central step in the MD4 algorithm. */
249 #define MD4STEP(f, w, x, y, z, data, s) \
250 ( w += f(x, y, z) + data, w = w<<s | w>>(32-s) )
253 * The core of the MD4 algorithm, this alters an existing MD4 hash to
254 * reflect the addition of 16 longwords of new data. fr_MD4Update blocks
255 * the data and converts bytes into longwords for this routine.
258 fr_MD4Transform(uint32_t buf[4], const unsigned char inc[MD4_BLOCK_LENGTH])
261 const uint32_t *in = (const uint32_t *)inc;
268 MD4STEP(F1, a, b, c, d, in[ 0], 3);
269 MD4STEP(F1, d, a, b, c, in[ 1], 7);
270 MD4STEP(F1, c, d, a, b, in[ 2], 11);
271 MD4STEP(F1, b, c, d, a, in[ 3], 19);
272 MD4STEP(F1, a, b, c, d, in[ 4], 3);
273 MD4STEP(F1, d, a, b, c, in[ 5], 7);
274 MD4STEP(F1, c, d, a, b, in[ 6], 11);
275 MD4STEP(F1, b, c, d, a, in[ 7], 19);
276 MD4STEP(F1, a, b, c, d, in[ 8], 3);
277 MD4STEP(F1, d, a, b, c, in[ 9], 7);
278 MD4STEP(F1, c, d, a, b, in[10], 11);
279 MD4STEP(F1, b, c, d, a, in[11], 19);
280 MD4STEP(F1, a, b, c, d, in[12], 3);
281 MD4STEP(F1, d, a, b, c, in[13], 7);
282 MD4STEP(F1, c, d, a, b, in[14], 11);
283 MD4STEP(F1, b, c, d, a, in[15], 19);
285 MD4STEP(F2, a, b, c, d, in[ 0] + 0x5a827999, 3);
286 MD4STEP(F2, d, a, b, c, in[ 4] + 0x5a827999, 5);
287 MD4STEP(F2, c, d, a, b, in[ 8] + 0x5a827999, 9);
288 MD4STEP(F2, b, c, d, a, in[12] + 0x5a827999, 13);
289 MD4STEP(F2, a, b, c, d, in[ 1] + 0x5a827999, 3);
290 MD4STEP(F2, d, a, b, c, in[ 5] + 0x5a827999, 5);
291 MD4STEP(F2, c, d, a, b, in[ 9] + 0x5a827999, 9);
292 MD4STEP(F2, b, c, d, a, in[13] + 0x5a827999, 13);
293 MD4STEP(F2, a, b, c, d, in[ 2] + 0x5a827999, 3);
294 MD4STEP(F2, d, a, b, c, in[ 6] + 0x5a827999, 5);
295 MD4STEP(F2, c, d, a, b, in[10] + 0x5a827999, 9);
296 MD4STEP(F2, b, c, d, a, in[14] + 0x5a827999, 13);
297 MD4STEP(F2, a, b, c, d, in[ 3] + 0x5a827999, 3);
298 MD4STEP(F2, d, a, b, c, in[ 7] + 0x5a827999, 5);
299 MD4STEP(F2, c, d, a, b, in[11] + 0x5a827999, 9);
300 MD4STEP(F2, b, c, d, a, in[15] + 0x5a827999, 13);
302 MD4STEP(F3, a, b, c, d, in[ 0] + 0x6ed9eba1, 3);
303 MD4STEP(F3, d, a, b, c, in[ 8] + 0x6ed9eba1, 9);
304 MD4STEP(F3, c, d, a, b, in[ 4] + 0x6ed9eba1, 11);
305 MD4STEP(F3, b, c, d, a, in[12] + 0x6ed9eba1, 15);
306 MD4STEP(F3, a, b, c, d, in[ 2] + 0x6ed9eba1, 3);
307 MD4STEP(F3, d, a, b, c, in[10] + 0x6ed9eba1, 9);
308 MD4STEP(F3, c, d, a, b, in[ 6] + 0x6ed9eba1, 11);
309 MD4STEP(F3, b, c, d, a, in[14] + 0x6ed9eba1, 15);
310 MD4STEP(F3, a, b, c, d, in[ 1] + 0x6ed9eba1, 3);
311 MD4STEP(F3, d, a, b, c, in[ 9] + 0x6ed9eba1, 9);
312 MD4STEP(F3, c, d, a, b, in[ 5] + 0x6ed9eba1, 11);
313 MD4STEP(F3, b, c, d, a, in[13] + 0x6ed9eba1, 15);
314 MD4STEP(F3, a, b, c, d, in[ 3] + 0x6ed9eba1, 3);
315 MD4STEP(F3, d, a, b, c, in[11] + 0x6ed9eba1, 9);
316 MD4STEP(F3, c, d, a, b, in[ 7] + 0x6ed9eba1, 11);
317 MD4STEP(F3, b, c, d, a, in[15] + 0x6ed9eba1, 15);