xref: /reactos/sdk/lib/cryptlib/md4.c (revision d6eebaa4) 
1 /*
2  * Copyright (C) 2001 Nikos Mavroyanopoulos
3  * Copyright (C) 2004 Hans Leidekker
4  *
5  * This library is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU Lesser General Public
7  * License as published by the Free Software Foundation; either
8  * version 2.1 of the License, or (at your option) any later version.
9  *
10  * This library is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13  * Lesser General Public License for more details.
14  *
15  * You should have received a copy of the GNU Lesser General Public
16  * License along with this library; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
18  */
19 
20 /*
21  * This code implements the MD4 message-digest algorithm.
22  * It is based on code in the public domain written by Colin
23  * Plumb in 1993. The algorithm is due to Ron Rivest.
24  *
25  * Equivalent code is available from RSA Data Security, Inc.
26  * This code has been tested against that, and is equivalent,
27  * except that you don't need to include two pages of legalese
28  * with every copy.
29  *
30  * To compute the message digest of a chunk of bytes, declare an
31  * MD4_CTX structure, pass it to MD4Init, call MD4Update as
32  * needed on buffers full of bytes, and then call MD4Final, which
33  * will fill a supplied 16-byte array with the digest.
34  */
35 
36 #include "md4.h"
37 #include "util.h"
38 
39 static void MD4Transform( unsigned int buf[4], unsigned int const in[16] );
40 
41 /*
42  * Start MD4 accumulation.  Set bit count to 0 and buffer to mysterious
43  * initialization constants.
44  */
45 VOID NTAPI MD4Init( MD4_CTX *ctx )
46 {
47     ctx->buf[0] = 0x67452301;
48     ctx->buf[1] = 0xefcdab89;
49     ctx->buf[2] = 0x98badcfe;
50     ctx->buf[3] = 0x10325476;
51 
52     ctx->i[0] = ctx->i[1] = 0;
53 }
54 
55 /*
56  * Update context to reflect the concatenation of another buffer full
57  * of bytes.
58  */
59 VOID NTAPI MD4Update( MD4_CTX *ctx, const unsigned char *buf, unsigned int len )
60 {
61     register unsigned int t;
62 
63     /* Update bitcount */
64     t = ctx->i[0];
65 
66     if ((ctx->i[0] = t + (len << 3)) < t)
67         ctx->i[1]++;        /* Carry from low to high */
68 
69     ctx->i[1] += len >> 29;
70     t = (t >> 3) & 0x3f;
71 
72     /* Handle any leading odd-sized chunks */
73     if (t)
74     {
75         unsigned char *p = (unsigned char *)ctx->in + t;
76         t = 64 - t;
77 
78         if (len < t)
79         {
80             memcpy( p, buf, len );
81             return;
82         }
83 
84         memcpy( p, buf, t );
85         byteReverse( ctx->in, 16 );
86 
87         MD4Transform( ctx->buf, (unsigned int *)ctx->in );
88 
89         buf += t;
90         len -= t;
91     }
92 
93     /* Process data in 64-byte chunks */
94     while (len >= 64)
95     {
96         memcpy( ctx->in, buf, 64 );
97         byteReverse( ctx->in, 16 );
98 
99         MD4Transform( ctx->buf, (unsigned int *)ctx->in );
100 
101         buf += 64;
102         len -= 64;
103     }
104 
105     /* Handle any remaining bytes of data. */
106     memcpy( ctx->in, buf, len );
107 }
108 
109 /*
110  * Final wrapup - pad to 64-byte boundary with the bit pattern
111  * 1 0* (64-bit count of bits processed, MSB-first)
112  */
113 VOID NTAPI MD4Final( MD4_CTX *ctx )
114 {
115     unsigned int count;
116     unsigned char *p;
117 
118     /* Compute number of bytes mod 64 */
119     count = (ctx->i[0] >> 3) & 0x3F;
120 
121     /* Set the first char of padding to 0x80.  This is safe since there is
122        always at least one byte free */
123     p = ctx->in + count;
124     *p++ = 0x80;
125 
126     /* Bytes of padding needed to make 64 bytes */
127     count = 64 - 1 - count;
128 
129     /* Pad out to 56 mod 64 */
130     if (count < 8)
131     {
132         /* Two lots of padding:  Pad the first block to 64 bytes */
133         memset( p, 0, count );
134         byteReverse( ctx->in, 16 );
135         MD4Transform( ctx->buf, (unsigned int *)ctx->in );
136 
137         /* Now fill the next block with 56 bytes */
138         memset( ctx->in, 0, 56 );
139     }
140     else
141     {
142         /* Pad block to 56 bytes */
143         memset( p, 0, count - 8 );
144     }
145 
146     byteReverse( ctx->in, 14 );
147 
148     /* Append length in bits and transform */
149     ((unsigned int *)ctx->in)[14] = ctx->i[0];
150     ((unsigned int *)ctx->in)[15] = ctx->i[1];
151 
152     MD4Transform( ctx->buf, (unsigned int *)ctx->in );
153     byteReverse( (unsigned char *)ctx->buf, 4 );
154     memcpy( ctx->digest, ctx->buf, 16 );
155     memset(ctx->in, 0, sizeof(ctx->in));
156 }
157 
158 /* The three core functions */
159 
160 #define rotl32(x,n)  (((x) << ((unsigned int)(n))) | ((x) >> (32 - (unsigned int)(n))))
161 
162 #define F( x, y, z ) (((x) & (y)) | ((~x) & (z)))
163 #define G( x, y, z ) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
164 #define H( x, y, z ) ((x) ^ (y) ^ (z))
165 
166 #define FF( a, b, c, d, x, s ) { \
167     (a) += F( (b), (c), (d) ) + (x); \
168     (a) = rotl32( (a), (s) ); \
169   }
170 #define GG( a, b, c, d, x, s ) { \
171     (a) += G( (b), (c), (d) ) + (x) + (unsigned int)0x5a827999; \
172     (a) = rotl32( (a), (s) ); \
173   }
174 #define HH( a, b, c, d, x, s ) { \
175     (a) += H( (b), (c), (d) ) + (x) + (unsigned int)0x6ed9eba1; \
176     (a) = rotl32( (a), (s) ); \
177   }
178 
179 /*
180  * The core of the MD4 algorithm
181  */
182 static void MD4Transform( unsigned int buf[4], const unsigned int in[16] )
183 {
184     register unsigned int a, b, c, d;
185 
186     a = buf[0];
187     b = buf[1];
188     c = buf[2];
189     d = buf[3];
190 
191     FF( a, b, c, d, in[0], 3 );
192     FF( d, a, b, c, in[1], 7 );
193     FF( c, d, a, b, in[2], 11 );
194     FF( b, c, d, a, in[3], 19 );
195     FF( a, b, c, d, in[4], 3 );
196     FF( d, a, b, c, in[5], 7 );
197     FF( c, d, a, b, in[6], 11 );
198     FF( b, c, d, a, in[7], 19 );
199     FF( a, b, c, d, in[8], 3 );
200     FF( d, a, b, c, in[9], 7 );
201     FF( c, d, a, b, in[10], 11 );
202     FF( b, c, d, a, in[11], 19 );
203     FF( a, b, c, d, in[12], 3 );
204     FF( d, a, b, c, in[13], 7 );
205     FF( c, d, a, b, in[14], 11 );
206     FF( b, c, d, a, in[15], 19 );
207 
208     GG( a, b, c, d, in[0], 3 );
209     GG( d, a, b, c, in[4], 5 );
210     GG( c, d, a, b, in[8], 9 );
211     GG( b, c, d, a, in[12], 13 );
212     GG( a, b, c, d, in[1], 3 );
213     GG( d, a, b, c, in[5], 5 );
214     GG( c, d, a, b, in[9], 9 );
215     GG( b, c, d, a, in[13], 13 );
216     GG( a, b, c, d, in[2], 3 );
217     GG( d, a, b, c, in[6], 5 );
218     GG( c, d, a, b, in[10], 9 );
219     GG( b, c, d, a, in[14], 13 );
220     GG( a, b, c, d, in[3], 3 );
221     GG( d, a, b, c, in[7], 5 );
222     GG( c, d, a, b, in[11], 9 );
223     GG( b, c, d, a, in[15], 13 );
224 
225     HH( a, b, c, d, in[0], 3 );
226     HH( d, a, b, c, in[8], 9 );
227     HH( c, d, a, b, in[4], 11 );
228     HH( b, c, d, a, in[12], 15 );
229     HH( a, b, c, d, in[2], 3 );
230     HH( d, a, b, c, in[10], 9 );
231     HH( c, d, a, b, in[6], 11 );
232     HH( b, c, d, a, in[14], 15 );
233     HH( a, b, c, d, in[1], 3 );
234     HH( d, a, b, c, in[9], 9 );
235     HH( c, d, a, b, in[5], 11 );
236     HH( b, c, d, a, in[13], 15 );
237     HH( a, b, c, d, in[3], 3 );
238     HH( d, a, b, c, in[11], 9 );
239     HH( c, d, a, b, in[7], 11 );
240     HH( b, c, d, a, in[15], 15 );
241 
242     buf[0] += a;
243     buf[1] += b;
244     buf[2] += c;
245     buf[3] += d;
246 }
247 
248