3 * The MD2 hash function, described in RFC 1319.
6 /* nettle, low-level cryptographics library
8 * Copyright (C) 2003 Niels Möller, Andreas Sigfridsson
10 * The nettle library is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU Lesser General Public License as published by
12 * the Free Software Foundation; either version 2.1 of the License, or (at your
13 * option) any later version.
15 * The nettle library is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
17 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
18 * License for more details.
20 * You should have received a copy of the GNU Lesser General Public License
21 * along with the nettle library; see the file COPYING.LIB. If not, write to
22 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
26 /* This code originates from the Python Cryptography Toolkit, version 1.0.1.
27 Further hacked by Andreas Sigfridsson and Niels Möller. Original license:
29 ===================================================================
30 Distribute and use freely; there are no restrictions on further
31 dissemination and usage except those imposed by the laws of your
32 country of residence. This software is provided "as is" without
33 warranty of fitness for use or suitability for any purpose, express
34 or implied. Use at your own risk or not at all.
35 ===================================================================
37 Incorporating the code into commercial products is permitted; you do
38 not have to make source available or contribute your changes back
39 (though that would be nice).
56 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
57 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
58 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
59 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
60 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
61 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
62 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
63 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
64 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
65 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
66 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
67 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
68 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
69 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
70 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
71 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
72 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
73 31, 26, 219, 153, 141, 51, 159, 17, 131, 20
77 md2_transform(struct md2_ctx *ctx, const uint8_t *data)
82 memcpy(ctx->X + 16, data, MD2_DATA_SIZE);
84 for (i = 0, t = ctx->C[15];
87 ctx->X[2 * MD2_DATA_SIZE + i]
88 = ctx->X[i] ^ ctx->X[MD2_DATA_SIZE + i];
89 t = (ctx->C[i] ^= S[data[i]^t]);
93 t = (t + i) & 0xff, i++)
96 for (j = 0; j < 3 * MD2_DATA_SIZE; j++)
97 t = (ctx->X[j] ^= S[t]);
103 md2_final(struct md2_ctx *ctx)
105 unsigned left = MD2_DATA_SIZE - ctx->index;
106 memset(ctx->block + ctx->index, left, left);
107 md2_transform(ctx, ctx->block);
112 md2_init(struct md2_ctx *ctx)
114 memset(ctx, 0, sizeof(*ctx));
118 md2_update(struct md2_ctx *ctx,
124 /* Try to fill partial block */
125 unsigned left = MD2_DATA_SIZE - ctx->index;
128 memcpy(ctx->block + ctx->index, data, length);
129 ctx->index += length;
130 return; /* Finished */
134 memcpy(ctx->block + ctx->index, data, left);
135 md2_transform(ctx, ctx->block);
140 while (length >= MD2_DATA_SIZE)
142 md2_transform(ctx, data);
143 data += MD2_DATA_SIZE;
144 length -= MD2_DATA_SIZE;
146 if ((ctx->index = length)) /* This assignment is intended */
147 /* Buffer leftovers */
148 memcpy(ctx->block, data, length);
152 md2_digest(struct md2_ctx *ctx,
158 assert(length <= MD2_DIGEST_SIZE);
160 left = MD2_DATA_SIZE - ctx->index;
161 memset(ctx->block + ctx->index, left, left);
162 md2_transform(ctx, ctx->block);
164 md2_transform(ctx, ctx->C);
165 memcpy(digest, ctx->X, length);