1 /* $FreeBSD: src/sys/crypto/md5.h,v 1.4 2002/03/20 05:13:50 alfred Exp $ */
2 /* $KAME: md5.h,v 1.4 2000/03/27 04:36:22 sumikawa Exp $ */
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #ifndef _NETINET6_MD5_H_
36 #define _NETINET6_MD5_H_
40 typedef long unsigned int u_int32_t;
41 typedef long long unsigned int u_int64_t;
42 typedef unsigned char u_int8_t;
43 typedef unsigned int u_int;
44 typedef unsigned long u_long;
45 typedef unsigned char u_char;
49 u_int32_t md5_state32[4];
50 u_int8_t md5_state8[16];
53 #define md5_sta md5_st.md5_state32[0]
54 #define md5_stb md5_st.md5_state32[1]
55 #define md5_stc md5_st.md5_state32[2]
56 #define md5_std md5_st.md5_state32[3]
57 #define md5_st8 md5_st.md5_state8
60 u_int64_t md5_count64;
61 u_int8_t md5_count8[8];
63 #define md5_n md5_count.md5_count64
64 #define md5_n8 md5_count.md5_count8
67 u_int8_t md5_buf[MD5_BUFLEN];
70 static void md5_init(md5_ctxt *);
71 static void md5_loop(md5_ctxt *, const u_int8_t *, u_int);
72 static void md5_pad(md5_ctxt *);
73 static void md5_result(u_int8_t *, md5_ctxt *);
76 #define MD5_CTX md5_ctxt
77 #define MD5Init(x) md5_init((x))
78 #define MD5Update(x, y, z) md5_loop((x), (y), (z))
79 #define MD5Final(x, y) \
82 md5_result((x), (y)); \
85 #endif /* ! _NETINET6_MD5_H_*/
88 * Copyright (c) 2003 Poul-Henning Kamp
90 * University of California. All rights reserved.
91 * All rights reserved.
93 * Redistribution and use in source and binary forms, with or without
94 * modification, are permitted provided that the following conditions
96 * 1. Redistributions of source code must retain the above copyright
97 * notice, this list of conditions and the following disclaimer.
98 * 2. Redistributions in binary form must reproduce the above copyright
99 * notice, this list of conditions and the following disclaimer in the
100 * documentation and/or other materials provided with the distribution.
101 * 3. Neither the name of the author nor the names of any co-contributors
102 * may be used to endorse or promote products derived from this software
103 * without specific prior written permission.
105 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
106 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
107 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
108 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
109 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
110 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
111 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
112 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
113 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
114 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
126 static char itoa64[] = /* 0 ... 63 => ascii - 64 */
127 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
130 _crypt_to64(char *s, u_long v, int n)
133 *s++ = itoa64[v&0x3f];
138 char * crypt_md5(const char *pw, const char *salt)
144 u_char final[MD5_SIZE];
145 static const char *sp, *ep;
146 static char passwd[120], *p;
147 static const char *magic = "$1$";
149 /* Refine the Salt first */
152 /* If it starts with the magic string, then skip that */
153 if(!strncmp(sp, magic, strlen(magic)))
156 /* It stops at the first '$', max 8 chars */
157 for(ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
160 /* get the length of the true salt */
165 /* The password first, since that is what is most unknown */
166 MD5Update(&ctx, (const u_char *)pw, strlen(pw));
168 /* Then our magic string */
169 MD5Update(&ctx, (const u_char *)magic, strlen(magic));
171 /* Then the raw salt */
172 MD5Update(&ctx, (const u_char *)sp, (u_int)sl);
174 /* Then just as many characters of the MD5(pw,salt,pw) */
176 MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
177 MD5Update(&ctx1, (const u_char *)sp, (u_int)sl);
178 MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
179 MD5Final(final, &ctx1);
180 for(pl = (int)strlen(pw); pl > 0; pl -= MD5_SIZE)
181 MD5Update(&ctx, (const u_char *)final,
182 (u_int)(pl > MD5_SIZE ? MD5_SIZE : pl));
184 /* Don't leave anything around in vm they could use. */
185 memset(final, 0, sizeof(final));
187 /* Then something really weird... */
188 for (i = strlen(pw); i; i >>= 1)
190 MD5Update(&ctx, (const u_char *)final, 1);
192 MD5Update(&ctx, (const u_char *)pw, 1);
194 /* Now make the output string */
195 strcpy(passwd, magic);
196 strncat(passwd, sp, (u_int)sl);
199 MD5Final(final, &ctx);
202 * and now, just to make sure things don't run too fast
203 * On a 60 Mhz Pentium this takes 34 msec, so you would
204 * need 30 seconds to build a 1000 entry dictionary...
206 for(i = 0; i < 1000; i++) {
209 MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
211 MD5Update(&ctx1, (const u_char *)final, MD5_SIZE);
214 MD5Update(&ctx1, (const u_char *)sp, (u_int)sl);
217 MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
220 MD5Update(&ctx1, (const u_char *)final, MD5_SIZE);
222 MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
223 MD5Final(final, &ctx1);
226 p = passwd + strlen(passwd);
228 l = (final[ 0]<<16) | (final[ 6]<<8) | final[12];
229 _crypt_to64(p, l, 4); p += 4;
230 l = (final[ 1]<<16) | (final[ 7]<<8) | final[13];
231 _crypt_to64(p, l, 4); p += 4;
232 l = (final[ 2]<<16) | (final[ 8]<<8) | final[14];
233 _crypt_to64(p, l, 4); p += 4;
234 l = (final[ 3]<<16) | (final[ 9]<<8) | final[15];
235 _crypt_to64(p, l, 4); p += 4;
236 l = (final[ 4]<<16) | (final[10]<<8) | final[ 5];
237 _crypt_to64(p, l, 4); p += 4;
239 _crypt_to64(p, l, 2); p += 2;
242 /* Don't leave anything around in vm they could use. */
243 memset(final, 0, sizeof(final));
248 /* $KAME: md5.c,v 1.5 2000/11/08 06:13:08 itojun Exp $ */
250 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
251 * All rights reserved.
253 * Redistribution and use in source and binary forms, with or without
254 * modification, are permitted provided that the following conditions
256 * 1. Redistributions of source code must retain the above copyright
257 * notice, this list of conditions and the following disclaimer.
258 * 2. Redistributions in binary form must reproduce the above copyright
259 * notice, this list of conditions and the following disclaimer in the
260 * documentation and/or other materials provided with the distribution.
261 * 3. Neither the name of the project nor the names of its contributors
262 * may be used to endorse or promote products derived from this software
263 * without specific prior written permission.
265 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
266 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
267 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
268 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
269 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
270 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
271 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
272 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
273 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
274 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
278 #define SHIFT(X, s) (((X) << (s)) | ((X) >> (32 - (s))))
280 #define F(X, Y, Z) (((X) & (Y)) | ((~X) & (Z)))
281 #define G(X, Y, Z) (((X) & (Z)) | ((Y) & (~Z)))
282 #define H(X, Y, Z) ((X) ^ (Y) ^ (Z))
283 #define I(X, Y, Z) ((Y) ^ ((X) | (~Z)))
285 #define ROUND1(a, b, c, d, k, s, i) { \
286 (a) = (a) + F((b), (c), (d)) + X[(k)] + T[(i)]; \
287 (a) = SHIFT((a), (s)); \
291 #define ROUND2(a, b, c, d, k, s, i) { \
292 (a) = (a) + G((b), (c), (d)) + X[(k)] + T[(i)]; \
293 (a) = SHIFT((a), (s)); \
297 #define ROUND3(a, b, c, d, k, s, i) { \
298 (a) = (a) + H((b), (c), (d)) + X[(k)] + T[(i)]; \
299 (a) = SHIFT((a), (s)); \
303 #define ROUND4(a, b, c, d, k, s, i) { \
304 (a) = (a) + I((b), (c), (d)) + X[(k)] + T[(i)]; \
305 (a) = SHIFT((a), (s)); \
329 #define MD5_A0 0x67452301
330 #define MD5_B0 0xefcdab89
331 #define MD5_C0 0x98badcfe
332 #define MD5_D0 0x10325476
334 /* Integer part of 4294967296 times abs(sin(i)), where i is in radians. */
335 static const u_int32_t T[65] = {
337 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee,
338 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
339 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
340 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
342 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
343 0xd62f105d, 0x2441453, 0xd8a1e681, 0xe7d3fbc8,
344 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed,
345 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
347 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
348 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
349 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05,
350 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
352 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039,
353 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
354 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
355 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391,
358 static const u_int8_t md5_paddat[MD5_BUFLEN] = {
359 0x80, 0, 0, 0, 0, 0, 0, 0,
360 0, 0, 0, 0, 0, 0, 0, 0,
361 0, 0, 0, 0, 0, 0, 0, 0,
362 0, 0, 0, 0, 0, 0, 0, 0,
363 0, 0, 0, 0, 0, 0, 0, 0,
364 0, 0, 0, 0, 0, 0, 0, 0,
365 0, 0, 0, 0, 0, 0, 0, 0,
366 0, 0, 0, 0, 0, 0, 0, 0,
369 static void md5_calc(u_int8_t *, md5_ctxt *);
371 static void md5_init(ctxt)
376 ctxt->md5_sta = MD5_A0;
377 ctxt->md5_stb = MD5_B0;
378 ctxt->md5_stc = MD5_C0;
379 ctxt->md5_std = MD5_D0;
380 bzero(ctxt->md5_buf, sizeof(ctxt->md5_buf));
383 static void md5_loop(ctxt, input, len)
385 const u_int8_t *input;
386 u_int len; /* number of bytes */
390 ctxt->md5_n += len * 8; /* byte to bit */
391 gap = MD5_BUFLEN - ctxt->md5_i;
394 bcopy((void *)input, (void *)(ctxt->md5_buf + ctxt->md5_i),
396 md5_calc(ctxt->md5_buf, ctxt);
398 for (i = gap; i + MD5_BUFLEN <= len; i += MD5_BUFLEN) {
399 md5_calc((u_int8_t *)(input + i), ctxt);
402 ctxt->md5_i = len - i;
403 bcopy((void *)(input + i), (void *)ctxt->md5_buf, ctxt->md5_i);
405 bcopy((void *)input, (void *)(ctxt->md5_buf + ctxt->md5_i),
411 static void md5_pad(ctxt)
416 /* Don't count up padding. Keep md5_n. */
417 gap = MD5_BUFLEN - ctxt->md5_i;
420 (void *)(ctxt->md5_buf + ctxt->md5_i),
421 gap - sizeof(ctxt->md5_n));
423 /* including gap == 8 */
424 bcopy(md5_paddat, (void *)(ctxt->md5_buf + ctxt->md5_i),
426 md5_calc(ctxt->md5_buf, ctxt);
427 bcopy((md5_paddat + gap),
428 (void *)ctxt->md5_buf,
429 MD5_BUFLEN - sizeof(ctxt->md5_n));
433 #if BYTE_ORDER == LITTLE_ENDIAN
434 bcopy(&ctxt->md5_n8[0], &ctxt->md5_buf[56], 8);
436 #if BYTE_ORDER == BIG_ENDIAN
437 ctxt->md5_buf[56] = ctxt->md5_n8[7];
438 ctxt->md5_buf[57] = ctxt->md5_n8[6];
439 ctxt->md5_buf[58] = ctxt->md5_n8[5];
440 ctxt->md5_buf[59] = ctxt->md5_n8[4];
441 ctxt->md5_buf[60] = ctxt->md5_n8[3];
442 ctxt->md5_buf[61] = ctxt->md5_n8[2];
443 ctxt->md5_buf[62] = ctxt->md5_n8[1];
444 ctxt->md5_buf[63] = ctxt->md5_n8[0];
447 md5_calc(ctxt->md5_buf, ctxt);
450 static void md5_result(digest, ctxt)
455 #if BYTE_ORDER == LITTLE_ENDIAN
456 bcopy(&ctxt->md5_st8[0], digest, 16);
458 #if BYTE_ORDER == BIG_ENDIAN
459 digest[ 0] = ctxt->md5_st8[ 3]; digest[ 1] = ctxt->md5_st8[ 2];
460 digest[ 2] = ctxt->md5_st8[ 1]; digest[ 3] = ctxt->md5_st8[ 0];
461 digest[ 4] = ctxt->md5_st8[ 7]; digest[ 5] = ctxt->md5_st8[ 6];
462 digest[ 6] = ctxt->md5_st8[ 5]; digest[ 7] = ctxt->md5_st8[ 4];
463 digest[ 8] = ctxt->md5_st8[11]; digest[ 9] = ctxt->md5_st8[10];
464 digest[10] = ctxt->md5_st8[ 9]; digest[11] = ctxt->md5_st8[ 8];
465 digest[12] = ctxt->md5_st8[15]; digest[13] = ctxt->md5_st8[14];
466 digest[14] = ctxt->md5_st8[13]; digest[15] = ctxt->md5_st8[12];
470 #if BYTE_ORDER == BIG_ENDIAN
474 static void md5_calc(b64, ctxt)
478 u_int32_t A = ctxt->md5_sta;
479 u_int32_t B = ctxt->md5_stb;
480 u_int32_t C = ctxt->md5_stc;
481 u_int32_t D = ctxt->md5_std;
482 #if BYTE_ORDER == LITTLE_ENDIAN
483 u_int32_t *X = (u_int32_t *)b64;
485 #if BYTE_ORDER == BIG_ENDIAN
487 /* what a brute force but fast! */
488 u_int8_t *y = (u_int8_t *)X;
489 y[ 0] = b64[ 3]; y[ 1] = b64[ 2]; y[ 2] = b64[ 1]; y[ 3] = b64[ 0];
490 y[ 4] = b64[ 7]; y[ 5] = b64[ 6]; y[ 6] = b64[ 5]; y[ 7] = b64[ 4];
491 y[ 8] = b64[11]; y[ 9] = b64[10]; y[10] = b64[ 9]; y[11] = b64[ 8];
492 y[12] = b64[15]; y[13] = b64[14]; y[14] = b64[13]; y[15] = b64[12];
493 y[16] = b64[19]; y[17] = b64[18]; y[18] = b64[17]; y[19] = b64[16];
494 y[20] = b64[23]; y[21] = b64[22]; y[22] = b64[21]; y[23] = b64[20];
495 y[24] = b64[27]; y[25] = b64[26]; y[26] = b64[25]; y[27] = b64[24];
496 y[28] = b64[31]; y[29] = b64[30]; y[30] = b64[29]; y[31] = b64[28];
497 y[32] = b64[35]; y[33] = b64[34]; y[34] = b64[33]; y[35] = b64[32];
498 y[36] = b64[39]; y[37] = b64[38]; y[38] = b64[37]; y[39] = b64[36];
499 y[40] = b64[43]; y[41] = b64[42]; y[42] = b64[41]; y[43] = b64[40];
500 y[44] = b64[47]; y[45] = b64[46]; y[46] = b64[45]; y[47] = b64[44];
501 y[48] = b64[51]; y[49] = b64[50]; y[50] = b64[49]; y[51] = b64[48];
502 y[52] = b64[55]; y[53] = b64[54]; y[54] = b64[53]; y[55] = b64[52];
503 y[56] = b64[59]; y[57] = b64[58]; y[58] = b64[57]; y[59] = b64[56];
504 y[60] = b64[63]; y[61] = b64[62]; y[62] = b64[61]; y[63] = b64[60];
507 ROUND1(A, B, C, D, 0, Sa, 1); ROUND1(D, A, B, C, 1, Sb, 2);
508 ROUND1(C, D, A, B, 2, Sc, 3); ROUND1(B, C, D, A, 3, Sd, 4);
509 ROUND1(A, B, C, D, 4, Sa, 5); ROUND1(D, A, B, C, 5, Sb, 6);
510 ROUND1(C, D, A, B, 6, Sc, 7); ROUND1(B, C, D, A, 7, Sd, 8);
511 ROUND1(A, B, C, D, 8, Sa, 9); ROUND1(D, A, B, C, 9, Sb, 10);
512 ROUND1(C, D, A, B, 10, Sc, 11); ROUND1(B, C, D, A, 11, Sd, 12);
513 ROUND1(A, B, C, D, 12, Sa, 13); ROUND1(D, A, B, C, 13, Sb, 14);
514 ROUND1(C, D, A, B, 14, Sc, 15); ROUND1(B, C, D, A, 15, Sd, 16);
516 ROUND2(A, B, C, D, 1, Se, 17); ROUND2(D, A, B, C, 6, Sf, 18);
517 ROUND2(C, D, A, B, 11, Sg, 19); ROUND2(B, C, D, A, 0, Sh, 20);
518 ROUND2(A, B, C, D, 5, Se, 21); ROUND2(D, A, B, C, 10, Sf, 22);
519 ROUND2(C, D, A, B, 15, Sg, 23); ROUND2(B, C, D, A, 4, Sh, 24);
520 ROUND2(A, B, C, D, 9, Se, 25); ROUND2(D, A, B, C, 14, Sf, 26);
521 ROUND2(C, D, A, B, 3, Sg, 27); ROUND2(B, C, D, A, 8, Sh, 28);
522 ROUND2(A, B, C, D, 13, Se, 29); ROUND2(D, A, B, C, 2, Sf, 30);
523 ROUND2(C, D, A, B, 7, Sg, 31); ROUND2(B, C, D, A, 12, Sh, 32);
525 ROUND3(A, B, C, D, 5, Si, 33); ROUND3(D, A, B, C, 8, Sj, 34);
526 ROUND3(C, D, A, B, 11, Sk, 35); ROUND3(B, C, D, A, 14, Sl, 36);
527 ROUND3(A, B, C, D, 1, Si, 37); ROUND3(D, A, B, C, 4, Sj, 38);
528 ROUND3(C, D, A, B, 7, Sk, 39); ROUND3(B, C, D, A, 10, Sl, 40);
529 ROUND3(A, B, C, D, 13, Si, 41); ROUND3(D, A, B, C, 0, Sj, 42);
530 ROUND3(C, D, A, B, 3, Sk, 43); ROUND3(B, C, D, A, 6, Sl, 44);
531 ROUND3(A, B, C, D, 9, Si, 45); ROUND3(D, A, B, C, 12, Sj, 46);
532 ROUND3(C, D, A, B, 15, Sk, 47); ROUND3(B, C, D, A, 2, Sl, 48);
534 ROUND4(A, B, C, D, 0, Sm, 49); ROUND4(D, A, B, C, 7, Sn, 50);
535 ROUND4(C, D, A, B, 14, So, 51); ROUND4(B, C, D, A, 5, Sp, 52);
536 ROUND4(A, B, C, D, 12, Sm, 53); ROUND4(D, A, B, C, 3, Sn, 54);
537 ROUND4(C, D, A, B, 10, So, 55); ROUND4(B, C, D, A, 1, Sp, 56);
538 ROUND4(A, B, C, D, 8, Sm, 57); ROUND4(D, A, B, C, 15, Sn, 58);
539 ROUND4(C, D, A, B, 6, So, 59); ROUND4(B, C, D, A, 13, Sp, 60);
540 ROUND4(A, B, C, D, 4, Sm, 61); ROUND4(D, A, B, C, 11, Sn, 62);
541 ROUND4(C, D, A, B, 2, So, 63); ROUND4(B, C, D, A, 9, Sp, 64);