[irc/evilnet/x3.git] / src / md5.c

/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm */

/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
rights reserved.

License to copy and use this software is granted provided that it
is identified as the "RSA Data Security, Inc. MD5 Message-Digest
Algorithm" in all material mentioning or referencing this software
or this function.

License is also granted to make and use derivative works provided
that such works are identified as "derived from the RSA Data
Security, Inc. MD5 Message-Digest Algorithm" in all material
mentioning or referencing the derived work.

RSA Data Security, Inc. makes no representations concerning either
the merchantability of this software or the suitability of this
software for any particular purpose. It is provided "as is"
without express or implied warranty of any kind.

These notices must be retained in any copies of any part of this
documentation and/or software.
 */

#include "common.h"
#include "md5.h"

/* Constants for MD5Transform routine.
 */
#define S11 7
#define S12 12
#define S13 17
#define S14 22
#define S21 5
#define S22 9
#define S23 14
#define S24 20
#define S31 4
#define S32 11
#define S33 16
#define S34 23
#define S41 6
#define S42 10
#define S43 15
#define S44 21

static void MD5Transform PROTO_LIST ((UINT4 [4], unsigned char [64]));
static void Encode PROTO_LIST
  ((unsigned char *, UINT4 *, unsigned int));
static void Decode PROTO_LIST
  ((UINT4 *, unsigned char *, unsigned int));

static unsigned char PADDING[64] = {
  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};

/* F, G, H and I are basic MD5 functions.
 */
#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
#define H(x, y, z) ((x) ^ (y) ^ (z))
#define I(x, y, z) ((y) ^ ((x) | (~z)))

/* ROTATE_LEFT rotates x left n bits. */
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))

/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
Rotation is separate from addition to prevent recomputation.
 */
#define FF(a, b, c, d, x, s, ac) { \
 (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
 (a) = ROTATE_LEFT ((a), (s)); \
 (a) += (b); \
  }
#define GG(a, b, c, d, x, s, ac) { \
 (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
 (a) = ROTATE_LEFT ((a), (s)); \
 (a) += (b); \
  }
#define HH(a, b, c, d, x, s, ac) { \
 (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
 (a) = ROTATE_LEFT ((a), (s)); \
 (a) += (b); \
  }
#define II(a, b, c, d, x, s, ac) { \
 (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
 (a) = ROTATE_LEFT ((a), (s)); \
 (a) += (b); \
  }

/* MD5 initialization. Begins an MD5 operation, writing a new context. */
void MD5Init (context)
MD5_CTX *context;                                        /* context */
{
  context->count[0] = context->count[1] = 0;
  /* Load magic initialization constants. */
  context->state[0] = 0x67452301;
  context->state[1] = 0xefcdab89;
  context->state[2] = 0x98badcfe;
  context->state[3] = 0x10325476;
}

/* MD5 block update operation. Continues an MD5 message-digest
  operation, processing another message block, and updating the
  context.
 */
void MD5Update (context, input, inputLen)
MD5_CTX *context;                                        /* context */
unsigned char *input;                                /* input block */
unsigned int inputLen;                     /* length of input block */
{
  unsigned int i, index, partLen;

  /* Compute number of bytes mod 64 */
  index = (unsigned int)((context->count[0] >> 3) & 0x3F);

  /* Update number of bits */
  if ((context->count[0] += ((UINT4)inputLen << 3))
      < ((UINT4)inputLen << 3))
      context->count[1]++;
  context->count[1] += ((UINT4)inputLen >> 29);

  partLen = 64 - index;

  /* Transform as many times as possible. */
  if (inputLen >= partLen) {
      memcpy((POINTER)&context->buffer[index], (POINTER)input, partLen);
      MD5Transform (context->state, context->buffer);

      for (i = partLen; i + 63 < inputLen; i += 64)
	  MD5Transform (context->state, &input[i]);

      index = 0;
  }
  else
    i = 0;

  /* Buffer remaining input */
  memcpy((POINTER)&context->buffer[index], (POINTER)&input[i],
  inputLen-i);
}

/* MD5 finalization. Ends an MD5 message-digest operation, writing the
  the message digest and zeroizing the context.
 */
void MD5Final (digest, context)
unsigned char digest[16];                         /* message digest */
MD5_CTX *context;                                       /* context */
{
  unsigned char bits[8];
  unsigned int index, padLen;

  /* Save number of bits */
  Encode (bits, context->count, 8);

  /* Pad out to 56 mod 64. */
  index = (unsigned int)((context->count[0] >> 3) & 0x3f);
  padLen = (index < 56) ? (56 - index) : (120 - index);
  MD5Update (context, PADDING, padLen);

  /* Append length (before padding) */
  MD5Update (context, bits, 8);

  /* Store state in digest */
  Encode (digest, context->state, 16);

  /* Zeroize sensitive information. */
  memset ((POINTER)context, 0, sizeof (*context));
}

/* MD5 basic transformation. Transforms state based on block. */
static void MD5Transform (state, block)
UINT4 state[4];
unsigned char block[64];
{
  UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];

  Decode (x, block, 64);

  /* Round 1 */
  FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
  FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
  FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
  FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
  FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
  FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
  FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
  FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
  FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
  FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
  FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
  FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
  FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
  FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
  FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
  FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */

 /* Round 2 */
  GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
  GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
  GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
  GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
  GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
  GG (d, a, b, c, x[10], S22,  0x2441453); /* 22 */
  GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
  GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
  GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
  GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
  GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
  GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
  GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
  GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
  GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
  GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */

  /* Round 3 */
  HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
  HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
  HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
  HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
  HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
  HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
  HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
  HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
  HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
  HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
  HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
  HH (b, c, d, a, x[ 6], S34,  0x4881d05); /* 44 */
  HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
  HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
  HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
  HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */

  /* Round 4 */
  II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
  II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
  II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
  II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
  II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
  II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
  II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
  II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
  II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
  II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
  II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
  II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
  II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
  II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
  II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
  II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */

  state[0] += a;
  state[1] += b;
  state[2] += c;
  state[3] += d;

  /* Zeroize sensitive information. */
  memset ((POINTER)x, 0, sizeof (x));
}

/* Encodes input (UINT4) into output (unsigned char). Assumes len is
  a multiple of 4.
 */
static void Encode (output, input, len)
unsigned char *output;
UINT4 *input;
unsigned int len;
{
  unsigned int i, j;

  for (i = 0, j = 0; j < len; i++, j += 4) {
    output[j] = (unsigned char)(input[i] & 0xff);
    output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
    output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
    output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
  }
}

/* Decodes input (unsigned char) into output (UINT4). Assumes len is
  a multiple of 4.
 */
static void Decode (output, input, len)
UINT4 *output;
unsigned char *input;
unsigned int len;
{
  unsigned int i, j;

  for (i = 0, j = 0; j < len; i++, j += 4)
    output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
      (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
}

static const char *
cryptpass_real(const char *pass, char *buffer, int seed)
{
    static const char hex_digits[] = "0123456789ABCDEF";
    MD5_CTX ctx;
    unsigned int len, i, j;
    unsigned char temp[64], buff[16];

    /* first: generate seed */
    if (seed) {
        for (i=j=0; j<4; j++) {
            temp[i++] = hex_digits[(seed >> (28 - 8*j)) & 15];
            temp[i++] = hex_digits[(seed >> (24 - 8*j)) & 15];
        }
        /* fill temp buffer with password, 1 and then 0's */
        j = strlen(pass);
        if ((sizeof(temp) - i) < j) j = sizeof(temp) - i;
        memcpy(temp+i, pass, j);
        i += j;
        if (i < sizeof(temp)) temp[i++] = '1';
        while (i < sizeof(temp)) temp[i++] = '0';
    } else {
        i = 0;
        /* next: duplicate password to fill temp buffer */
        len = strlen(pass);
        for (j=0; i<sizeof(temp); i++) {
            temp[i] = pass[j];
            if (++j == len) j = 0;
        }
    }
    /* next: compute MD5 digest of repeated password */
    MD5Init(&ctx);
    MD5Update(&ctx, temp, sizeof(temp));
    MD5Final(buff, &ctx);
    /* finally: write digest to output buffer */
    if (seed) {
        buffer[0] = '$';
        for (i=0,j=1; i<4; i++) {
            buffer[j++] = hex_digits[(seed >> (28 - 8*i)) & 15];
            buffer[j++] = hex_digits[(seed >> (24 - 8*i)) & 15];
        }
    } else {
        j = 0;
    }
    for (i=0; i<sizeof(buff); i++) {
	buffer[j++] = hex_digits[buff[i] >> 4];
	buffer[j++] = hex_digits[buff[i] & 15];
    }
    buffer[j] = 0;
    return buffer;
}

const char *
cryptpass(const char *pass, char *buffer)
{
    int seed;
    do { seed = rand(); } while (!seed);
    return cryptpass_real(pass, buffer, seed);
}

int
checkpass(const char *pass, const char *crypt)
{
    char new_crypt[MD5_CRYPT_LENGTH], hseed[9];
    int seed;

    if (crypt[0] == '$') {
        /* new-style crypt, use "seed" after '$' */
        strncpy(hseed, crypt+1, 8);
        hseed[8] = 0;
        seed = strtoul(hseed, NULL, 16);
    } else {
        /* old-style crypt, use "seed" of 0 */
        seed = 0;
    }
    cryptpass_real(pass, new_crypt, seed);
    return !strcmp(crypt, new_crypt);
}
Commit	Line	Data
d76ed9a9	1	/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm */
	2
	3	/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
	4	rights reserved.
	5
	6	License to copy and use this software is granted provided that it
	7	is identified as the "RSA Data Security, Inc. MD5 Message-Digest
	8	Algorithm" in all material mentioning or referencing this software
	9	or this function.
	10
	11	License is also granted to make and use derivative works provided
	12	that such works are identified as "derived from the RSA Data
	13	Security, Inc. MD5 Message-Digest Algorithm" in all material
	14	mentioning or referencing the derived work.
	15
	16	RSA Data Security, Inc. makes no representations concerning either
	17	the merchantability of this software or the suitability of this
	18	software for any particular purpose. It is provided "as is"
	19	without express or implied warranty of any kind.
	20
	21	These notices must be retained in any copies of any part of this
	22	documentation and/or software.
	23	*/
	24
	25	#include "common.h"
	26	#include "md5.h"
	27
	28	/* Constants for MD5Transform routine.
	29	*/
	30	#define S11 7
	31	#define S12 12
	32	#define S13 17
	33	#define S14 22
	34	#define S21 5
	35	#define S22 9
	36	#define S23 14
	37	#define S24 20
	38	#define S31 4
	39	#define S32 11
	40	#define S33 16
	41	#define S34 23
	42	#define S41 6
	43	#define S42 10
	44	#define S43 15
	45	#define S44 21
	46
	47	static void MD5Transform PROTO_LIST ((UINT4 [4], unsigned char [64]));
	48	static void Encode PROTO_LIST
	49	((unsigned char , UINT4 , unsigned int));
	50	static void Decode PROTO_LIST
	51	((UINT4 , unsigned char , unsigned int));
	52
	53	static unsigned char PADDING[64] = {
	54	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	55	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	56	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
	57	};
	58
	59	/* F, G, H and I are basic MD5 functions.
	60	*/
	61	#define F(x, y, z) (((x) & (y)) \| ((~x) & (z)))
	62	#define G(x, y, z) (((x) & (z)) \| ((y) & (~z)))
	63	#define H(x, y, z) ((x) ^ (y) ^ (z))
	64	#define I(x, y, z) ((y) ^ ((x) \| (~z)))
65
66	/* ROTATE_LEFT rotates x left n bits. */
67	#define ROTATE_LEFT(x, n) (((x) << (n)) \| ((x) >> (32-(n))))
68
69	/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
70	Rotation is separate from addition to prevent recomputation.
71	*/
72	#define FF(a, b, c, d, x, s, ac) { \
73	(a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
74	(a) = ROTATE_LEFT ((a), (s)); \
75	(a) += (b); \
76	}
77	#define GG(a, b, c, d, x, s, ac) { \
78	(a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
79	(a) = ROTATE_LEFT ((a), (s)); \
80	(a) += (b); \
81	}
82	#define HH(a, b, c, d, x, s, ac) { \
83	(a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
84	(a) = ROTATE_LEFT ((a), (s)); \
85	(a) += (b); \
86	}
87	#define II(a, b, c, d, x, s, ac) { \
88	(a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
89	(a) = ROTATE_LEFT ((a), (s)); \
90	(a) += (b); \
91	}
92
93	/* MD5 initialization. Begins an MD5 operation, writing a new context. */
94	void MD5Init (context)
95	MD5_CTX context; / context */
96	{
97	context->count[0] = context->count[1] = 0;
98	/* Load magic initialization constants. */
99	context->state[0] = 0x67452301;
100	context->state[1] = 0xefcdab89;
101	context->state[2] = 0x98badcfe;
102	context->state[3] = 0x10325476;
103	}
104
105	/* MD5 block update operation. Continues an MD5 message-digest
106	operation, processing another message block, and updating the
107	context.
108	*/
109	void MD5Update (context, input, inputLen)
110	MD5_CTX context; / context */
111	unsigned char input; / input block */
112	unsigned int inputLen; /* length of input block */
113	{
114	unsigned int i, index, partLen;
115
116	/* Compute number of bytes mod 64 */
117	index = (unsigned int)((context->count[0] >> 3) & 0x3F);
118
119	/* Update number of bits */
120	if ((context->count[0] += ((UINT4)inputLen << 3))
121	< ((UINT4)inputLen << 3))
122	context->count[1]++;
123	context->count[1] += ((UINT4)inputLen >> 29);
124
125	partLen = 64 - index;
126
127	/* Transform as many times as possible. */
128	if (inputLen >= partLen) {
129	memcpy((POINTER)&context->buffer[index], (POINTER)input, partLen);
130	MD5Transform (context->state, context->buffer);
131
132	for (i = partLen; i + 63 < inputLen; i += 64)
133	MD5Transform (context->state, &input[i]);
134
135	index = 0;
136	}
137	else
138	i = 0;
139
140	/* Buffer remaining input */
141	memcpy((POINTER)&context->buffer[index], (POINTER)&input[i],
142	inputLen-i);
143	}
144
145	/* MD5 finalization. Ends an MD5 message-digest operation, writing the
146	the message digest and zeroizing the context.
147	*/
148	void MD5Final (digest, context)
149	unsigned char digest[16]; /* message digest */
150	MD5_CTX context; / context */
151	{
152	unsigned char bits[8];
153	unsigned int index, padLen;
154
155	/* Save number of bits */
156	Encode (bits, context->count, 8);
157
158	/* Pad out to 56 mod 64. */
159	index = (unsigned int)((context->count[0] >> 3) & 0x3f);
160	padLen = (index < 56) ? (56 - index) : (120 - index);
161	MD5Update (context, PADDING, padLen);
162
163	/* Append length (before padding) */
164	MD5Update (context, bits, 8);
165
166	/* Store state in digest */
167	Encode (digest, context->state, 16);
168
169	/* Zeroize sensitive information. */
170	memset ((POINTER)context, 0, sizeof (*context));
171	}
172
173	/* MD5 basic transformation. Transforms state based on block. */
174	static void MD5Transform (state, block)
175	UINT4 state[4];
176	unsigned char block[64];
177	{
178	UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
179
180	Decode (x, block, 64);
181
182	/* Round 1 */
183	FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
184	FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
185	FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
186	FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
187	FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
188	FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
189	FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
190	FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
191	FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
192	FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
193	FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
194	FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
195	FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
196	FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
197	FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
198	FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
199
200	/* Round 2 */
201	GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
202	GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
203	GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
204	GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
205	GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
206	GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */
207	GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
208	GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
209	GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
210	GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
211	GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
212	GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
213	GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
214	GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
215	GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
216	GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
217
218	/* Round 3 */
219	HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
220	HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
221	HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
222	HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
223	HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
224	HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
225	HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
226	HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
227	HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
228	HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
229	HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
230	HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */
231	HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
232	HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
233	HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
234	HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
235
236	/* Round 4 */
237	II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
238	II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
239	II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
240	II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
241	II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
242	II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
243	II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
244	II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
245	II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
246	II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
247	II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
248	II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
249	II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
250	II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
251	II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
252	II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
253
254	state[0] += a;
255	state[1] += b;
256	state[2] += c;
257	state[3] += d;
258
259	/* Zeroize sensitive information. */
260	memset ((POINTER)x, 0, sizeof (x));
261	}
262
263	/* Encodes input (UINT4) into output (unsigned char). Assumes len is
264	a multiple of 4.
265	*/
266	static void Encode (output, input, len)
267	unsigned char *output;
268	UINT4 *input;
269	unsigned int len;
270	{
271	unsigned int i, j;
272
273	for (i = 0, j = 0; j < len; i++, j += 4) {
274	output[j] = (unsigned char)(input[i] & 0xff);
275	output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
276	output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
277	output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
278	}
279	}
280
281	/* Decodes input (unsigned char) into output (UINT4). Assumes len is
282	a multiple of 4.
283	*/
284	static void Decode (output, input, len)
285	UINT4 *output;
286	unsigned char *input;
287	unsigned int len;
288	{
289	unsigned int i, j;
290
291	for (i = 0, j = 0; j < len; i++, j += 4)
292	output[i] = ((UINT4)input[j]) \| (((UINT4)input[j+1]) << 8) \|
293	(((UINT4)input[j+2]) << 16) \| (((UINT4)input[j+3]) << 24);
294	}
295
296	static const char *
297	cryptpass_real(const char pass, char buffer, int seed)
298	{
299	static const char hex_digits[] = "0123456789ABCDEF";
300	MD5_CTX ctx;
301	unsigned int len, i, j;
302	unsigned char temp[64], buff[16];
303
304	/* first: generate seed */
305	if (seed) {
306	for (i=j=0; j<4; j++) {
307	temp[i++] = hex_digits[(seed >> (28 - 8*j)) & 15];
308	temp[i++] = hex_digits[(seed >> (24 - 8*j)) & 15];
309	}
310	/* fill temp buffer with password, 1 and then 0's */
311	j = strlen(pass);
312	if ((sizeof(temp) - i) < j) j = sizeof(temp) - i;
313	memcpy(temp+i, pass, j);
314	i += j;
315	if (i < sizeof(temp)) temp[i++] = '1';
316	while (i < sizeof(temp)) temp[i++] = '0';
317	} else {
318	i = 0;
319	/* next: duplicate password to fill temp buffer */
320	len = strlen(pass);
321	for (j=0; i<sizeof(temp); i++) {
322	temp[i] = pass[j];
323	if (++j == len) j = 0;
324	}
325	}
326	/* next: compute MD5 digest of repeated password */
327	MD5Init(&ctx);
328	MD5Update(&ctx, temp, sizeof(temp));
329	MD5Final(buff, &ctx);
330	/* finally: write digest to output buffer */
331	if (seed) {
332	buffer[0] = '$';
333	for (i=0,j=1; i<4; i++) {
334	buffer[j++] = hex_digits[(seed >> (28 - 8*i)) & 15];
335	buffer[j++] = hex_digits[(seed >> (24 - 8*i)) & 15];
336	}
337	} else {
338	j = 0;
339	}
340	for (i=0; i<sizeof(buff); i++) {
341	buffer[j++] = hex_digits[buff[i] >> 4];
342	buffer[j++] = hex_digits[buff[i] & 15];
343	}
344	buffer[j] = 0;
345	return buffer;
346	}
347
348	const char *
349	cryptpass(const char pass, char buffer)
350	{
351	int seed;
352	do { seed = rand(); } while (!seed);
353	return cryptpass_real(pass, buffer, seed);
354	}
355
356	int
357	checkpass(const char pass, const char crypt)
358	{
359	char new_crypt[MD5_CRYPT_LENGTH], hseed[9];
360	int seed;
361
362	if (crypt[0] == '$') {
363	/* new-style crypt, use "seed" after '$' */
364	strncpy(hseed, crypt+1, 8);
365	hseed[8] = 0;
366	seed = strtoul(hseed, NULL, 16);
367	} else {
368	/* old-style crypt, use "seed" of 0 */
369	seed = 0;
370	}
371	cryptpass_real(pass, new_crypt, seed);
372	return !strcmp(crypt, new_crypt);
373	}