1 /* $FreeBSD: src/sys/crypto/md5.h,v 1.4 2002/03/20 05:13:50 alfred Exp $ */
2 /* $KAME: md5.h,v 1.4 2000/03/27 04:36:22 sumikawa Exp $ */
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include "../config.h"
38 #ifndef _NETINET6_MD5_H_
39 #define _NETINET6_MD5_H_
44 #define LITTLE_ENDIAN 1
50 #ifdef WORDS_BIGENDIAN
51 #define BYTE_ORDER BIG_ENDIAN
53 #define BYTE_ORDER LITTLE_ENDIAN
57 typedef long unsigned int u_int32_t;
58 typedef long long unsigned int u_int64_t;
59 typedef unsigned char u_int8_t;
60 typedef unsigned int u_int;
61 typedef unsigned long u_long;
62 typedef unsigned char u_char;
66 u_int32_t md5_state32[4];
67 u_int8_t md5_state8[16];
70 #define md5_sta md5_st.md5_state32[0]
71 #define md5_stb md5_st.md5_state32[1]
72 #define md5_stc md5_st.md5_state32[2]
73 #define md5_std md5_st.md5_state32[3]
74 #define md5_st8 md5_st.md5_state8
77 u_int64_t md5_count64;
78 u_int8_t md5_count8[8];
80 #define md5_n md5_count.md5_count64
81 #define md5_n8 md5_count.md5_count8
84 u_int8_t md5_buf[MD5_BUFLEN];
87 static void md5_init(md5_ctxt *);
88 static void md5_loop(md5_ctxt *, const u_int8_t *, u_int);
89 static void md5_pad(md5_ctxt *);
90 static void md5_result(u_int8_t *, md5_ctxt *);
93 #define MD5_CTX md5_ctxt
94 #define MD5Init(x) md5_init((x))
95 #define MD5Update(x, y, z) md5_loop((x), (y), (z))
96 #define MD5Final(x, y) \
99 md5_result((x), (y)); \
102 #endif /* ! _NETINET6_MD5_H_*/
105 * Copyright (c) 2003 Poul-Henning Kamp
107 * University of California. All rights reserved.
108 * All rights reserved.
110 * Redistribution and use in source and binary forms, with or without
111 * modification, are permitted provided that the following conditions
113 * 1. Redistributions of source code must retain the above copyright
114 * notice, this list of conditions and the following disclaimer.
115 * 2. Redistributions in binary form must reproduce the above copyright
116 * notice, this list of conditions and the following disclaimer in the
117 * documentation and/or other materials provided with the distribution.
118 * 3. Neither the name of the author nor the names of any co-contributors
119 * may be used to endorse or promote products derived from this software
120 * without specific prior written permission.
122 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
123 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
124 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
125 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
126 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
127 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
128 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
129 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
130 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
131 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
141 void bcopy(const void*src, void*dest, int len)
143 memcpy(dest, src, len);
148 void bzero(void*mem, int len)
157 static char itoa64[] = /* 0 ... 63 => ascii - 64 */
158 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
161 _crypt_to64(char *s, u_long v, int n)
164 *s++ = itoa64[v&0x3f];
169 void hash_md5(const unsigned char*buf, int len, unsigned char*dest)
171 u_char final[MD5_SIZE];
175 MD5Update(&ctx, buf, len);
176 MD5Final(dest, &ctx);
181 MD5_CTX* ctx = malloc(sizeof(MD5_CTX));
182 memset(ctx, 0, sizeof(MD5_CTX));
186 void update_md5(void*ctx, unsigned char*data, int len)
188 MD5Update(ctx, data, len);
190 void finish_md5(void*ctx, unsigned char*dest)
197 char * crypt_md5(const char *pw, const char *salt)
203 u_char final[MD5_SIZE];
204 static const char *sp, *ep;
205 static char passwd[120], *p;
206 static const char *magic = "$1$";
208 /* Refine the Salt first */
211 /* If it starts with the magic string, then skip that */
212 if(!strncmp(sp, magic, strlen(magic)))
215 /* It stops at the first '$', max 8 chars */
216 for(ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
219 /* get the length of the true salt */
224 /* The password first, since that is what is most unknown */
225 MD5Update(&ctx, (const u_char *)pw, strlen(pw));
227 /* Then our magic string */
228 MD5Update(&ctx, (const u_char *)magic, strlen(magic));
230 /* Then the raw salt */
231 MD5Update(&ctx, (const u_char *)sp, (u_int)sl);
233 /* Then just as many characters of the MD5(pw,salt,pw) */
235 MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
236 MD5Update(&ctx1, (const u_char *)sp, (u_int)sl);
237 MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
238 MD5Final(final, &ctx1);
239 for(pl = (int)strlen(pw); pl > 0; pl -= MD5_SIZE)
240 MD5Update(&ctx, (const u_char *)final,
241 (u_int)(pl > MD5_SIZE ? MD5_SIZE : pl));
243 /* Don't leave anything around in vm they could use. */
244 memset(final, 0, sizeof(final));
246 /* Then something really weird... */
247 for (i = strlen(pw); i; i >>= 1)
249 MD5Update(&ctx, (const u_char *)final, 1);
251 MD5Update(&ctx, (const u_char *)pw, 1);
253 /* Now make the output string */
254 strcpy(passwd, magic);
255 strncat(passwd, sp, (u_int)sl);
258 MD5Final(final, &ctx);
261 * and now, just to make sure things don't run too fast
262 * On a 60 Mhz Pentium this takes 34 msec, so you would
263 * need 30 seconds to build a 1000 entry dictionary...
265 for(i = 0; i < 1000; i++) {
268 MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
270 MD5Update(&ctx1, (const u_char *)final, MD5_SIZE);
273 MD5Update(&ctx1, (const u_char *)sp, (u_int)sl);
276 MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
279 MD5Update(&ctx1, (const u_char *)final, MD5_SIZE);
281 MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
282 MD5Final(final, &ctx1);
285 p = passwd + strlen(passwd);
287 l = (final[ 0]<<16) | (final[ 6]<<8) | final[12];
288 _crypt_to64(p, l, 4); p += 4;
289 l = (final[ 1]<<16) | (final[ 7]<<8) | final[13];
290 _crypt_to64(p, l, 4); p += 4;
291 l = (final[ 2]<<16) | (final[ 8]<<8) | final[14];
292 _crypt_to64(p, l, 4); p += 4;
293 l = (final[ 3]<<16) | (final[ 9]<<8) | final[15];
294 _crypt_to64(p, l, 4); p += 4;
295 l = (final[ 4]<<16) | (final[10]<<8) | final[ 5];
296 _crypt_to64(p, l, 4); p += 4;
298 _crypt_to64(p, l, 2); p += 2;
301 /* Don't leave anything around in vm they could use. */
302 memset(final, 0, sizeof(final));
307 /* $KAME: md5.c,v 1.5 2000/11/08 06:13:08 itojun Exp $ */
309 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
310 * All rights reserved.
312 * Redistribution and use in source and binary forms, with or without
313 * modification, are permitted provided that the following conditions
315 * 1. Redistributions of source code must retain the above copyright
316 * notice, this list of conditions and the following disclaimer.
317 * 2. Redistributions in binary form must reproduce the above copyright
318 * notice, this list of conditions and the following disclaimer in the
319 * documentation and/or other materials provided with the distribution.
320 * 3. Neither the name of the project nor the names of its contributors
321 * may be used to endorse or promote products derived from this software
322 * without specific prior written permission.
324 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
325 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
326 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
327 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
328 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
329 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
330 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
331 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
332 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
333 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
337 #define SHIFT(X, s) (((X) << (s)) | ((X) >> (32 - (s))))
339 #define F(X, Y, Z) (((X) & (Y)) | ((~X) & (Z)))
340 #define G(X, Y, Z) (((X) & (Z)) | ((Y) & (~Z)))
341 #define H(X, Y, Z) ((X) ^ (Y) ^ (Z))
342 #define I(X, Y, Z) ((Y) ^ ((X) | (~Z)))
344 #define ROUND1(a, b, c, d, k, s, i) { \
345 (a) = (a) + F((b), (c), (d)) + X[(k)] + T[(i)]; \
346 (a) = SHIFT((a), (s)); \
350 #define ROUND2(a, b, c, d, k, s, i) { \
351 (a) = (a) + G((b), (c), (d)) + X[(k)] + T[(i)]; \
352 (a) = SHIFT((a), (s)); \
356 #define ROUND3(a, b, c, d, k, s, i) { \
357 (a) = (a) + H((b), (c), (d)) + X[(k)] + T[(i)]; \
358 (a) = SHIFT((a), (s)); \
362 #define ROUND4(a, b, c, d, k, s, i) { \
363 (a) = (a) + I((b), (c), (d)) + X[(k)] + T[(i)]; \
364 (a) = SHIFT((a), (s)); \
388 #define MD5_A0 0x67452301
389 #define MD5_B0 0xefcdab89
390 #define MD5_C0 0x98badcfe
391 #define MD5_D0 0x10325476
393 /* Integer part of 4294967296 times abs(sin(i)), where i is in radians. */
394 static const u_int32_t T[65] = {
396 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee,
397 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
398 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
399 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
401 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
402 0xd62f105d, 0x2441453, 0xd8a1e681, 0xe7d3fbc8,
403 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed,
404 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
406 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
407 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
408 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05,
409 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
411 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039,
412 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
413 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
414 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391,
417 static const u_int8_t md5_paddat[MD5_BUFLEN] = {
418 0x80, 0, 0, 0, 0, 0, 0, 0,
419 0, 0, 0, 0, 0, 0, 0, 0,
420 0, 0, 0, 0, 0, 0, 0, 0,
421 0, 0, 0, 0, 0, 0, 0, 0,
422 0, 0, 0, 0, 0, 0, 0, 0,
423 0, 0, 0, 0, 0, 0, 0, 0,
424 0, 0, 0, 0, 0, 0, 0, 0,
425 0, 0, 0, 0, 0, 0, 0, 0,
428 static void md5_calc(u_int8_t *, md5_ctxt *);
430 static void md5_init(md5_ctxt *ctxt)
434 ctxt->md5_sta = MD5_A0;
435 ctxt->md5_stb = MD5_B0;
436 ctxt->md5_stc = MD5_C0;
437 ctxt->md5_std = MD5_D0;
438 bzero(ctxt->md5_buf, sizeof(ctxt->md5_buf));
441 static void md5_loop(md5_ctxt *ctxt, const u_int8_t *input, u_int len)
445 ctxt->md5_n += len * 8; /* byte to bit */
446 gap = MD5_BUFLEN - ctxt->md5_i;
449 bcopy((void *)input, (void *)(ctxt->md5_buf + ctxt->md5_i),
451 md5_calc(ctxt->md5_buf, ctxt);
453 for (i = gap; i + MD5_BUFLEN <= len; i += MD5_BUFLEN) {
454 md5_calc((u_int8_t *)(input + i), ctxt);
457 ctxt->md5_i = len - i;
458 bcopy((void *)(input + i), (void *)ctxt->md5_buf, ctxt->md5_i);
460 bcopy((void *)input, (void *)(ctxt->md5_buf + ctxt->md5_i),
466 static void md5_pad(md5_ctxt *ctxt)
470 /* Don't count up padding. Keep md5_n. */
471 gap = MD5_BUFLEN - ctxt->md5_i;
474 (void *)(ctxt->md5_buf + ctxt->md5_i),
475 gap - sizeof(ctxt->md5_n));
477 /* including gap == 8 */
478 bcopy(md5_paddat, (void *)(ctxt->md5_buf + ctxt->md5_i),
480 md5_calc(ctxt->md5_buf, ctxt);
481 bcopy((md5_paddat + gap),
482 (void *)ctxt->md5_buf,
483 MD5_BUFLEN - sizeof(ctxt->md5_n));
487 #if BYTE_ORDER == LITTLE_ENDIAN
488 bcopy(&ctxt->md5_n8[0], &ctxt->md5_buf[56], 8);
490 #if BYTE_ORDER == BIG_ENDIAN
491 ctxt->md5_buf[56] = ctxt->md5_n8[7];
492 ctxt->md5_buf[57] = ctxt->md5_n8[6];
493 ctxt->md5_buf[58] = ctxt->md5_n8[5];
494 ctxt->md5_buf[59] = ctxt->md5_n8[4];
495 ctxt->md5_buf[60] = ctxt->md5_n8[3];
496 ctxt->md5_buf[61] = ctxt->md5_n8[2];
497 ctxt->md5_buf[62] = ctxt->md5_n8[1];
498 ctxt->md5_buf[63] = ctxt->md5_n8[0];
501 md5_calc(ctxt->md5_buf, ctxt);
504 static void md5_result(u_int8_t *digest, md5_ctxt *ctxt)
507 #if BYTE_ORDER == LITTLE_ENDIAN
508 bcopy(&ctxt->md5_st8[0], digest, 16);
510 #if BYTE_ORDER == BIG_ENDIAN
511 digest[ 0] = ctxt->md5_st8[ 3]; digest[ 1] = ctxt->md5_st8[ 2];
512 digest[ 2] = ctxt->md5_st8[ 1]; digest[ 3] = ctxt->md5_st8[ 0];
513 digest[ 4] = ctxt->md5_st8[ 7]; digest[ 5] = ctxt->md5_st8[ 6];
514 digest[ 6] = ctxt->md5_st8[ 5]; digest[ 7] = ctxt->md5_st8[ 4];
515 digest[ 8] = ctxt->md5_st8[11]; digest[ 9] = ctxt->md5_st8[10];
516 digest[10] = ctxt->md5_st8[ 9]; digest[11] = ctxt->md5_st8[ 8];
517 digest[12] = ctxt->md5_st8[15]; digest[13] = ctxt->md5_st8[14];
518 digest[14] = ctxt->md5_st8[13]; digest[15] = ctxt->md5_st8[12];
522 static void md5_calc(u_int8_t *b64, md5_ctxt *ctxt)
524 u_int32_t A = ctxt->md5_sta;
525 u_int32_t B = ctxt->md5_stb;
526 u_int32_t C = ctxt->md5_stc;
527 u_int32_t D = ctxt->md5_std;
528 #if BYTE_ORDER == LITTLE_ENDIAN
529 u_int32_t *X = (u_int32_t *)b64;
531 #if BYTE_ORDER == BIG_ENDIAN
534 /* what a brute force but fast! */
535 u_int8_t *y = (u_int8_t *)X;
536 y[ 0] = b64[ 3]; y[ 1] = b64[ 2]; y[ 2] = b64[ 1]; y[ 3] = b64[ 0];
537 y[ 4] = b64[ 7]; y[ 5] = b64[ 6]; y[ 6] = b64[ 5]; y[ 7] = b64[ 4];
538 y[ 8] = b64[11]; y[ 9] = b64[10]; y[10] = b64[ 9]; y[11] = b64[ 8];
539 y[12] = b64[15]; y[13] = b64[14]; y[14] = b64[13]; y[15] = b64[12];
540 y[16] = b64[19]; y[17] = b64[18]; y[18] = b64[17]; y[19] = b64[16];
541 y[20] = b64[23]; y[21] = b64[22]; y[22] = b64[21]; y[23] = b64[20];
542 y[24] = b64[27]; y[25] = b64[26]; y[26] = b64[25]; y[27] = b64[24];
543 y[28] = b64[31]; y[29] = b64[30]; y[30] = b64[29]; y[31] = b64[28];
544 y[32] = b64[35]; y[33] = b64[34]; y[34] = b64[33]; y[35] = b64[32];
545 y[36] = b64[39]; y[37] = b64[38]; y[38] = b64[37]; y[39] = b64[36];
546 y[40] = b64[43]; y[41] = b64[42]; y[42] = b64[41]; y[43] = b64[40];
547 y[44] = b64[47]; y[45] = b64[46]; y[46] = b64[45]; y[47] = b64[44];
548 y[48] = b64[51]; y[49] = b64[50]; y[50] = b64[49]; y[51] = b64[48];
549 y[52] = b64[55]; y[53] = b64[54]; y[54] = b64[53]; y[55] = b64[52];
550 y[56] = b64[59]; y[57] = b64[58]; y[58] = b64[57]; y[59] = b64[56];
551 y[60] = b64[63]; y[61] = b64[62]; y[62] = b64[61]; y[63] = b64[60];
554 ROUND1(A, B, C, D, 0, Sa, 1); ROUND1(D, A, B, C, 1, Sb, 2);
555 ROUND1(C, D, A, B, 2, Sc, 3); ROUND1(B, C, D, A, 3, Sd, 4);
556 ROUND1(A, B, C, D, 4, Sa, 5); ROUND1(D, A, B, C, 5, Sb, 6);
557 ROUND1(C, D, A, B, 6, Sc, 7); ROUND1(B, C, D, A, 7, Sd, 8);
558 ROUND1(A, B, C, D, 8, Sa, 9); ROUND1(D, A, B, C, 9, Sb, 10);
559 ROUND1(C, D, A, B, 10, Sc, 11); ROUND1(B, C, D, A, 11, Sd, 12);
560 ROUND1(A, B, C, D, 12, Sa, 13); ROUND1(D, A, B, C, 13, Sb, 14);
561 ROUND1(C, D, A, B, 14, Sc, 15); ROUND1(B, C, D, A, 15, Sd, 16);
563 ROUND2(A, B, C, D, 1, Se, 17); ROUND2(D, A, B, C, 6, Sf, 18);
564 ROUND2(C, D, A, B, 11, Sg, 19); ROUND2(B, C, D, A, 0, Sh, 20);
565 ROUND2(A, B, C, D, 5, Se, 21); ROUND2(D, A, B, C, 10, Sf, 22);
566 ROUND2(C, D, A, B, 15, Sg, 23); ROUND2(B, C, D, A, 4, Sh, 24);
567 ROUND2(A, B, C, D, 9, Se, 25); ROUND2(D, A, B, C, 14, Sf, 26);
568 ROUND2(C, D, A, B, 3, Sg, 27); ROUND2(B, C, D, A, 8, Sh, 28);
569 ROUND2(A, B, C, D, 13, Se, 29); ROUND2(D, A, B, C, 2, Sf, 30);
570 ROUND2(C, D, A, B, 7, Sg, 31); ROUND2(B, C, D, A, 12, Sh, 32);
572 ROUND3(A, B, C, D, 5, Si, 33); ROUND3(D, A, B, C, 8, Sj, 34);
573 ROUND3(C, D, A, B, 11, Sk, 35); ROUND3(B, C, D, A, 14, Sl, 36);
574 ROUND3(A, B, C, D, 1, Si, 37); ROUND3(D, A, B, C, 4, Sj, 38);
575 ROUND3(C, D, A, B, 7, Sk, 39); ROUND3(B, C, D, A, 10, Sl, 40);
576 ROUND3(A, B, C, D, 13, Si, 41); ROUND3(D, A, B, C, 0, Sj, 42);
577 ROUND3(C, D, A, B, 3, Sk, 43); ROUND3(B, C, D, A, 6, Sl, 44);
578 ROUND3(A, B, C, D, 9, Si, 45); ROUND3(D, A, B, C, 12, Sj, 46);
579 ROUND3(C, D, A, B, 15, Sk, 47); ROUND3(B, C, D, A, 2, Sl, 48);
581 ROUND4(A, B, C, D, 0, Sm, 49); ROUND4(D, A, B, C, 7, Sn, 50);
582 ROUND4(C, D, A, B, 14, So, 51); ROUND4(B, C, D, A, 5, Sp, 52);
583 ROUND4(A, B, C, D, 12, Sm, 53); ROUND4(D, A, B, C, 3, Sn, 54);
584 ROUND4(C, D, A, B, 10, So, 55); ROUND4(B, C, D, A, 1, Sp, 56);
585 ROUND4(A, B, C, D, 8, Sm, 57); ROUND4(D, A, B, C, 15, Sn, 58);
586 ROUND4(C, D, A, B, 6, So, 59); ROUND4(B, C, D, A, 13, Sp, 60);
587 ROUND4(A, B, C, D, 4, Sm, 61); ROUND4(D, A, B, C, 11, Sn, 62);
588 ROUND4(C, D, A, B, 2, So, 63); ROUND4(B, C, D, A, 9, Sp, 64);