1 /* $FreeBSD: src/sys/crypto/md5.h,v 1.4 2002/03/20 05:13:50 alfred Exp $ */
2 /* $KAME: md5.h,v 1.4 2000/03/27 04:36:22 sumikawa Exp $ */
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #ifndef _NETINET6_MD5_H_
34 #define _NETINET6_MD5_H_
38 typedef long unsigned int u_int32_t;
39 typedef long long unsigned int u_int64_t;
40 typedef unsigned char u_int8_t;
41 typedef unsigned int u_int;
42 typedef unsigned long u_long;
43 typedef unsigned char u_char;
47 u_int32_t md5_state32[4];
48 u_int8_t md5_state8[16];
51 #define md5_sta md5_st.md5_state32[0]
52 #define md5_stb md5_st.md5_state32[1]
53 #define md5_stc md5_st.md5_state32[2]
54 #define md5_std md5_st.md5_state32[3]
55 #define md5_st8 md5_st.md5_state8
58 u_int64_t md5_count64;
59 u_int8_t md5_count8[8];
61 #define md5_n md5_count.md5_count64
62 #define md5_n8 md5_count.md5_count8
65 u_int8_t md5_buf[MD5_BUFLEN];
68 extern void md5_init(md5_ctxt *);
69 extern void md5_loop(md5_ctxt *, const u_int8_t *, u_int);
70 extern void md5_pad(md5_ctxt *);
71 extern void md5_result(u_int8_t *, md5_ctxt *);
74 #define MD5_CTX md5_ctxt
75 #define MD5Init(x) md5_init((x))
76 #define MD5Update(x, y, z) md5_loop((x), (y), (z))
77 #define MD5Final(x, y) \
80 md5_result((x), (y)); \
83 #endif /* ! _NETINET6_MD5_H_*/
86 * Copyright (c) 2003 Poul-Henning Kamp
88 * University of California. All rights reserved.
89 * All rights reserved.
91 * Redistribution and use in source and binary forms, with or without
92 * modification, are permitted provided that the following conditions
94 * 1. Redistributions of source code must retain the above copyright
95 * notice, this list of conditions and the following disclaimer.
96 * 2. Redistributions in binary form must reproduce the above copyright
97 * notice, this list of conditions and the following disclaimer in the
98 * documentation and/or other materials provided with the distribution.
99 * 3. Neither the name of the author nor the names of any co-contributors
100 * may be used to endorse or promote products derived from this software
101 * without specific prior written permission.
103 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
104 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
105 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
106 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
107 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
108 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
109 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
110 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
111 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
112 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
124 static char itoa64[] = /* 0 ... 63 => ascii - 64 */
125 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
128 _crypt_to64(char *s, u_long v, int n)
131 *s++ = itoa64[v&0x3f];
136 char * crypt_md5(const char *pw, const char *salt)
142 u_char final[MD5_SIZE];
143 static const char *sp, *ep;
144 static char passwd[120], *p;
145 static const char *magic = "$1$";
147 /* Refine the Salt first */
150 /* If it starts with the magic string, then skip that */
151 if(!strncmp(sp, magic, strlen(magic)))
154 /* It stops at the first '$', max 8 chars */
155 for(ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
158 /* get the length of the true salt */
163 /* The password first, since that is what is most unknown */
164 MD5Update(&ctx, (const u_char *)pw, strlen(pw));
166 /* Then our magic string */
167 MD5Update(&ctx, (const u_char *)magic, strlen(magic));
169 /* Then the raw salt */
170 MD5Update(&ctx, (const u_char *)sp, (u_int)sl);
172 /* Then just as many characters of the MD5(pw,salt,pw) */
174 MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
175 MD5Update(&ctx1, (const u_char *)sp, (u_int)sl);
176 MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
177 MD5Final(final, &ctx1);
178 for(pl = (int)strlen(pw); pl > 0; pl -= MD5_SIZE)
179 MD5Update(&ctx, (const u_char *)final,
180 (u_int)(pl > MD5_SIZE ? MD5_SIZE : pl));
182 /* Don't leave anything around in vm they could use. */
183 memset(final, 0, sizeof(final));
185 /* Then something really weird... */
186 for (i = strlen(pw); i; i >>= 1)
188 MD5Update(&ctx, (const u_char *)final, 1);
190 MD5Update(&ctx, (const u_char *)pw, 1);
192 /* Now make the output string */
193 strcpy(passwd, magic);
194 strncat(passwd, sp, (u_int)sl);
197 MD5Final(final, &ctx);
200 * and now, just to make sure things don't run too fast
201 * On a 60 Mhz Pentium this takes 34 msec, so you would
202 * need 30 seconds to build a 1000 entry dictionary...
204 for(i = 0; i < 1000; i++) {
207 MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
209 MD5Update(&ctx1, (const u_char *)final, MD5_SIZE);
212 MD5Update(&ctx1, (const u_char *)sp, (u_int)sl);
215 MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
218 MD5Update(&ctx1, (const u_char *)final, MD5_SIZE);
220 MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
221 MD5Final(final, &ctx1);
224 p = passwd + strlen(passwd);
226 l = (final[ 0]<<16) | (final[ 6]<<8) | final[12];
227 _crypt_to64(p, l, 4); p += 4;
228 l = (final[ 1]<<16) | (final[ 7]<<8) | final[13];
229 _crypt_to64(p, l, 4); p += 4;
230 l = (final[ 2]<<16) | (final[ 8]<<8) | final[14];
231 _crypt_to64(p, l, 4); p += 4;
232 l = (final[ 3]<<16) | (final[ 9]<<8) | final[15];
233 _crypt_to64(p, l, 4); p += 4;
234 l = (final[ 4]<<16) | (final[10]<<8) | final[ 5];
235 _crypt_to64(p, l, 4); p += 4;
237 _crypt_to64(p, l, 2); p += 2;
240 /* Don't leave anything around in vm they could use. */
241 memset(final, 0, sizeof(final));
246 /* $KAME: md5.c,v 1.5 2000/11/08 06:13:08 itojun Exp $ */
248 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
249 * All rights reserved.
251 * Redistribution and use in source and binary forms, with or without
252 * modification, are permitted provided that the following conditions
254 * 1. Redistributions of source code must retain the above copyright
255 * notice, this list of conditions and the following disclaimer.
256 * 2. Redistributions in binary form must reproduce the above copyright
257 * notice, this list of conditions and the following disclaimer in the
258 * documentation and/or other materials provided with the distribution.
259 * 3. Neither the name of the project nor the names of its contributors
260 * may be used to endorse or promote products derived from this software
261 * without specific prior written permission.
263 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
264 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
265 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
266 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
267 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
268 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
269 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
270 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
271 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
272 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
276 #define SHIFT(X, s) (((X) << (s)) | ((X) >> (32 - (s))))
278 #define F(X, Y, Z) (((X) & (Y)) | ((~X) & (Z)))
279 #define G(X, Y, Z) (((X) & (Z)) | ((Y) & (~Z)))
280 #define H(X, Y, Z) ((X) ^ (Y) ^ (Z))
281 #define I(X, Y, Z) ((Y) ^ ((X) | (~Z)))
283 #define ROUND1(a, b, c, d, k, s, i) { \
284 (a) = (a) + F((b), (c), (d)) + X[(k)] + T[(i)]; \
285 (a) = SHIFT((a), (s)); \
289 #define ROUND2(a, b, c, d, k, s, i) { \
290 (a) = (a) + G((b), (c), (d)) + X[(k)] + T[(i)]; \
291 (a) = SHIFT((a), (s)); \
295 #define ROUND3(a, b, c, d, k, s, i) { \
296 (a) = (a) + H((b), (c), (d)) + X[(k)] + T[(i)]; \
297 (a) = SHIFT((a), (s)); \
301 #define ROUND4(a, b, c, d, k, s, i) { \
302 (a) = (a) + I((b), (c), (d)) + X[(k)] + T[(i)]; \
303 (a) = SHIFT((a), (s)); \
327 #define MD5_A0 0x67452301
328 #define MD5_B0 0xefcdab89
329 #define MD5_C0 0x98badcfe
330 #define MD5_D0 0x10325476
332 /* Integer part of 4294967296 times abs(sin(i)), where i is in radians. */
333 static const u_int32_t T[65] = {
335 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee,
336 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
337 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
338 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
340 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
341 0xd62f105d, 0x2441453, 0xd8a1e681, 0xe7d3fbc8,
342 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed,
343 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
345 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
346 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
347 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05,
348 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
350 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039,
351 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
352 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
353 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391,
356 static const u_int8_t md5_paddat[MD5_BUFLEN] = {
357 0x80, 0, 0, 0, 0, 0, 0, 0,
358 0, 0, 0, 0, 0, 0, 0, 0,
359 0, 0, 0, 0, 0, 0, 0, 0,
360 0, 0, 0, 0, 0, 0, 0, 0,
361 0, 0, 0, 0, 0, 0, 0, 0,
362 0, 0, 0, 0, 0, 0, 0, 0,
363 0, 0, 0, 0, 0, 0, 0, 0,
364 0, 0, 0, 0, 0, 0, 0, 0,
367 static void md5_calc(u_int8_t *, md5_ctxt *);
374 ctxt->md5_sta = MD5_A0;
375 ctxt->md5_stb = MD5_B0;
376 ctxt->md5_stc = MD5_C0;
377 ctxt->md5_std = MD5_D0;
378 bzero(ctxt->md5_buf, sizeof(ctxt->md5_buf));
381 void md5_loop(ctxt, input, len)
383 const u_int8_t *input;
384 u_int len; /* number of bytes */
388 ctxt->md5_n += len * 8; /* byte to bit */
389 gap = MD5_BUFLEN - ctxt->md5_i;
392 bcopy((void *)input, (void *)(ctxt->md5_buf + ctxt->md5_i),
394 md5_calc(ctxt->md5_buf, ctxt);
396 for (i = gap; i + MD5_BUFLEN <= len; i += MD5_BUFLEN) {
397 md5_calc((u_int8_t *)(input + i), ctxt);
400 ctxt->md5_i = len - i;
401 bcopy((void *)(input + i), (void *)ctxt->md5_buf, ctxt->md5_i);
403 bcopy((void *)input, (void *)(ctxt->md5_buf + ctxt->md5_i),
414 /* Don't count up padding. Keep md5_n. */
415 gap = MD5_BUFLEN - ctxt->md5_i;
418 (void *)(ctxt->md5_buf + ctxt->md5_i),
419 gap - sizeof(ctxt->md5_n));
421 /* including gap == 8 */
422 bcopy(md5_paddat, (void *)(ctxt->md5_buf + ctxt->md5_i),
424 md5_calc(ctxt->md5_buf, ctxt);
425 bcopy((md5_paddat + gap),
426 (void *)ctxt->md5_buf,
427 MD5_BUFLEN - sizeof(ctxt->md5_n));
431 #if BYTE_ORDER == LITTLE_ENDIAN
432 bcopy(&ctxt->md5_n8[0], &ctxt->md5_buf[56], 8);
434 #if BYTE_ORDER == BIG_ENDIAN
435 ctxt->md5_buf[56] = ctxt->md5_n8[7];
436 ctxt->md5_buf[57] = ctxt->md5_n8[6];
437 ctxt->md5_buf[58] = ctxt->md5_n8[5];
438 ctxt->md5_buf[59] = ctxt->md5_n8[4];
439 ctxt->md5_buf[60] = ctxt->md5_n8[3];
440 ctxt->md5_buf[61] = ctxt->md5_n8[2];
441 ctxt->md5_buf[62] = ctxt->md5_n8[1];
442 ctxt->md5_buf[63] = ctxt->md5_n8[0];
445 md5_calc(ctxt->md5_buf, ctxt);
448 void md5_result(digest, ctxt)
453 #if BYTE_ORDER == LITTLE_ENDIAN
454 bcopy(&ctxt->md5_st8[0], digest, 16);
456 #if BYTE_ORDER == BIG_ENDIAN
457 digest[ 0] = ctxt->md5_st8[ 3]; digest[ 1] = ctxt->md5_st8[ 2];
458 digest[ 2] = ctxt->md5_st8[ 1]; digest[ 3] = ctxt->md5_st8[ 0];
459 digest[ 4] = ctxt->md5_st8[ 7]; digest[ 5] = ctxt->md5_st8[ 6];
460 digest[ 6] = ctxt->md5_st8[ 5]; digest[ 7] = ctxt->md5_st8[ 4];
461 digest[ 8] = ctxt->md5_st8[11]; digest[ 9] = ctxt->md5_st8[10];
462 digest[10] = ctxt->md5_st8[ 9]; digest[11] = ctxt->md5_st8[ 8];
463 digest[12] = ctxt->md5_st8[15]; digest[13] = ctxt->md5_st8[14];
464 digest[14] = ctxt->md5_st8[13]; digest[15] = ctxt->md5_st8[12];
468 #if BYTE_ORDER == BIG_ENDIAN
472 static void md5_calc(b64, ctxt)
476 u_int32_t A = ctxt->md5_sta;
477 u_int32_t B = ctxt->md5_stb;
478 u_int32_t C = ctxt->md5_stc;
479 u_int32_t D = ctxt->md5_std;
480 #if BYTE_ORDER == LITTLE_ENDIAN
481 u_int32_t *X = (u_int32_t *)b64;
483 #if BYTE_ORDER == BIG_ENDIAN
485 /* what a brute force but fast! */
486 u_int8_t *y = (u_int8_t *)X;
487 y[ 0] = b64[ 3]; y[ 1] = b64[ 2]; y[ 2] = b64[ 1]; y[ 3] = b64[ 0];
488 y[ 4] = b64[ 7]; y[ 5] = b64[ 6]; y[ 6] = b64[ 5]; y[ 7] = b64[ 4];
489 y[ 8] = b64[11]; y[ 9] = b64[10]; y[10] = b64[ 9]; y[11] = b64[ 8];
490 y[12] = b64[15]; y[13] = b64[14]; y[14] = b64[13]; y[15] = b64[12];
491 y[16] = b64[19]; y[17] = b64[18]; y[18] = b64[17]; y[19] = b64[16];
492 y[20] = b64[23]; y[21] = b64[22]; y[22] = b64[21]; y[23] = b64[20];
493 y[24] = b64[27]; y[25] = b64[26]; y[26] = b64[25]; y[27] = b64[24];
494 y[28] = b64[31]; y[29] = b64[30]; y[30] = b64[29]; y[31] = b64[28];
495 y[32] = b64[35]; y[33] = b64[34]; y[34] = b64[33]; y[35] = b64[32];
496 y[36] = b64[39]; y[37] = b64[38]; y[38] = b64[37]; y[39] = b64[36];
497 y[40] = b64[43]; y[41] = b64[42]; y[42] = b64[41]; y[43] = b64[40];
498 y[44] = b64[47]; y[45] = b64[46]; y[46] = b64[45]; y[47] = b64[44];
499 y[48] = b64[51]; y[49] = b64[50]; y[50] = b64[49]; y[51] = b64[48];
500 y[52] = b64[55]; y[53] = b64[54]; y[54] = b64[53]; y[55] = b64[52];
501 y[56] = b64[59]; y[57] = b64[58]; y[58] = b64[57]; y[59] = b64[56];
502 y[60] = b64[63]; y[61] = b64[62]; y[62] = b64[61]; y[63] = b64[60];
505 ROUND1(A, B, C, D, 0, Sa, 1); ROUND1(D, A, B, C, 1, Sb, 2);
506 ROUND1(C, D, A, B, 2, Sc, 3); ROUND1(B, C, D, A, 3, Sd, 4);
507 ROUND1(A, B, C, D, 4, Sa, 5); ROUND1(D, A, B, C, 5, Sb, 6);
508 ROUND1(C, D, A, B, 6, Sc, 7); ROUND1(B, C, D, A, 7, Sd, 8);
509 ROUND1(A, B, C, D, 8, Sa, 9); ROUND1(D, A, B, C, 9, Sb, 10);
510 ROUND1(C, D, A, B, 10, Sc, 11); ROUND1(B, C, D, A, 11, Sd, 12);
511 ROUND1(A, B, C, D, 12, Sa, 13); ROUND1(D, A, B, C, 13, Sb, 14);
512 ROUND1(C, D, A, B, 14, Sc, 15); ROUND1(B, C, D, A, 15, Sd, 16);
514 ROUND2(A, B, C, D, 1, Se, 17); ROUND2(D, A, B, C, 6, Sf, 18);
515 ROUND2(C, D, A, B, 11, Sg, 19); ROUND2(B, C, D, A, 0, Sh, 20);
516 ROUND2(A, B, C, D, 5, Se, 21); ROUND2(D, A, B, C, 10, Sf, 22);
517 ROUND2(C, D, A, B, 15, Sg, 23); ROUND2(B, C, D, A, 4, Sh, 24);
518 ROUND2(A, B, C, D, 9, Se, 25); ROUND2(D, A, B, C, 14, Sf, 26);
519 ROUND2(C, D, A, B, 3, Sg, 27); ROUND2(B, C, D, A, 8, Sh, 28);
520 ROUND2(A, B, C, D, 13, Se, 29); ROUND2(D, A, B, C, 2, Sf, 30);
521 ROUND2(C, D, A, B, 7, Sg, 31); ROUND2(B, C, D, A, 12, Sh, 32);
523 ROUND3(A, B, C, D, 5, Si, 33); ROUND3(D, A, B, C, 8, Sj, 34);
524 ROUND3(C, D, A, B, 11, Sk, 35); ROUND3(B, C, D, A, 14, Sl, 36);
525 ROUND3(A, B, C, D, 1, Si, 37); ROUND3(D, A, B, C, 4, Sj, 38);
526 ROUND3(C, D, A, B, 7, Sk, 39); ROUND3(B, C, D, A, 10, Sl, 40);
527 ROUND3(A, B, C, D, 13, Si, 41); ROUND3(D, A, B, C, 0, Sj, 42);
528 ROUND3(C, D, A, B, 3, Sk, 43); ROUND3(B, C, D, A, 6, Sl, 44);
529 ROUND3(A, B, C, D, 9, Si, 45); ROUND3(D, A, B, C, 12, Sj, 46);
530 ROUND3(C, D, A, B, 15, Sk, 47); ROUND3(B, C, D, A, 2, Sl, 48);
532 ROUND4(A, B, C, D, 0, Sm, 49); ROUND4(D, A, B, C, 7, Sn, 50);
533 ROUND4(C, D, A, B, 14, So, 51); ROUND4(B, C, D, A, 5, Sp, 52);
534 ROUND4(A, B, C, D, 12, Sm, 53); ROUND4(D, A, B, C, 3, Sn, 54);
535 ROUND4(C, D, A, B, 10, So, 55); ROUND4(B, C, D, A, 1, Sp, 56);
536 ROUND4(A, B, C, D, 8, Sm, 57); ROUND4(D, A, B, C, 15, Sn, 58);
537 ROUND4(C, D, A, B, 6, So, 59); ROUND4(B, C, D, A, 13, Sp, 60);
538 ROUND4(A, B, C, D, 4, Sm, 61); ROUND4(D, A, B, C, 11, Sn, 62);
539 ROUND4(C, D, A, B, 2, So, 63); ROUND4(B, C, D, A, 9, Sp, 64);