diff options
Diffstat (limited to 'drivers/staging/rt2860/common/md5.c')
-rw-r--r-- | drivers/staging/rt2860/common/md5.c | 1427 |
1 files changed, 1427 insertions, 0 deletions
diff --git a/drivers/staging/rt2860/common/md5.c b/drivers/staging/rt2860/common/md5.c new file mode 100644 index 00000000000..774776b4b8c --- /dev/null +++ b/drivers/staging/rt2860/common/md5.c | |||
@@ -0,0 +1,1427 @@ | |||
1 | /* | ||
2 | ************************************************************************* | ||
3 | * Ralink Tech Inc. | ||
4 | * 5F., No.36, Taiyuan St., Jhubei City, | ||
5 | * Hsinchu County 302, | ||
6 | * Taiwan, R.O.C. | ||
7 | * | ||
8 | * (c) Copyright 2002-2007, Ralink Technology, Inc. | ||
9 | * | ||
10 | * This program is free software; you can redistribute it and/or modify * | ||
11 | * it under the terms of the GNU General Public License as published by * | ||
12 | * the Free Software Foundation; either version 2 of the License, or * | ||
13 | * (at your option) any later version. * | ||
14 | * * | ||
15 | * This program is distributed in the hope that it will be useful, * | ||
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * | ||
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * | ||
18 | * GNU General Public License for more details. * | ||
19 | * * | ||
20 | * You should have received a copy of the GNU General Public License * | ||
21 | * along with this program; if not, write to the * | ||
22 | * Free Software Foundation, Inc., * | ||
23 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * | ||
24 | * * | ||
25 | ************************************************************************* | ||
26 | |||
27 | Module Name: | ||
28 | md5.c | ||
29 | |||
30 | Abstract: | ||
31 | |||
32 | Revision History: | ||
33 | Who When What | ||
34 | -------- ---------- ---------------------------------------------- | ||
35 | Name Date Modification logs | ||
36 | jan 10-28-03 Initial | ||
37 | Rita 11-23-04 Modify MD5 and SHA-1 | ||
38 | Rita 10-14-05 Modify SHA-1 in big-endian platform | ||
39 | */ | ||
40 | #include "../rt_config.h" | ||
41 | |||
42 | /** | ||
43 | * md5_mac: | ||
44 | * @key: pointer to the key used for MAC generation | ||
45 | * @key_len: length of the key in bytes | ||
46 | * @data: pointer to the data area for which the MAC is generated | ||
47 | * @data_len: length of the data in bytes | ||
48 | * @mac: pointer to the buffer holding space for the MAC; the buffer should | ||
49 | * have space for 128-bit (16 bytes) MD5 hash value | ||
50 | * | ||
51 | * md5_mac() determines the message authentication code by using secure hash | ||
52 | * MD5(key | data | key). | ||
53 | */ | ||
54 | void md5_mac(u8 *key, size_t key_len, u8 *data, size_t data_len, u8 *mac) | ||
55 | { | ||
56 | MD5_CTX context; | ||
57 | |||
58 | MD5Init(&context); | ||
59 | MD5Update(&context, key, key_len); | ||
60 | MD5Update(&context, data, data_len); | ||
61 | MD5Update(&context, key, key_len); | ||
62 | MD5Final(mac, &context); | ||
63 | } | ||
64 | |||
65 | /** | ||
66 | * hmac_md5: | ||
67 | * @key: pointer to the key used for MAC generation | ||
68 | * @key_len: length of the key in bytes | ||
69 | * @data: pointer to the data area for which the MAC is generated | ||
70 | * @data_len: length of the data in bytes | ||
71 | * @mac: pointer to the buffer holding space for the MAC; the buffer should | ||
72 | * have space for 128-bit (16 bytes) MD5 hash value | ||
73 | * | ||
74 | * hmac_md5() determines the message authentication code using HMAC-MD5. | ||
75 | * This implementation is based on the sample code presented in RFC 2104. | ||
76 | */ | ||
77 | void hmac_md5(u8 *key, size_t key_len, u8 *data, size_t data_len, u8 *mac) | ||
78 | { | ||
79 | MD5_CTX context; | ||
80 | u8 k_ipad[65]; /* inner padding - key XORd with ipad */ | ||
81 | u8 k_opad[65]; /* outer padding - key XORd with opad */ | ||
82 | u8 tk[16]; | ||
83 | int i; | ||
84 | |||
85 | //assert(key != NULL && data != NULL && mac != NULL); | ||
86 | |||
87 | /* if key is longer than 64 bytes reset it to key = MD5(key) */ | ||
88 | if (key_len > 64) { | ||
89 | MD5_CTX ttcontext; | ||
90 | |||
91 | MD5Init(&ttcontext); | ||
92 | MD5Update(&ttcontext, key, key_len); | ||
93 | MD5Final(tk, &ttcontext); | ||
94 | //key=(PUCHAR)ttcontext.buf; | ||
95 | key = tk; | ||
96 | key_len = 16; | ||
97 | } | ||
98 | |||
99 | /* the HMAC_MD5 transform looks like: | ||
100 | * | ||
101 | * MD5(K XOR opad, MD5(K XOR ipad, text)) | ||
102 | * | ||
103 | * where K is an n byte key | ||
104 | * ipad is the byte 0x36 repeated 64 times | ||
105 | * opad is the byte 0x5c repeated 64 times | ||
106 | * and text is the data being protected */ | ||
107 | |||
108 | /* start out by storing key in pads */ | ||
109 | NdisZeroMemory(k_ipad, sizeof(k_ipad)); | ||
110 | NdisZeroMemory(k_opad, sizeof(k_opad)); | ||
111 | //assert(key_len < sizeof(k_ipad)); | ||
112 | NdisMoveMemory(k_ipad, key, key_len); | ||
113 | NdisMoveMemory(k_opad, key, key_len); | ||
114 | |||
115 | /* XOR key with ipad and opad values */ | ||
116 | for (i = 0; i < 64; i++) { | ||
117 | k_ipad[i] ^= 0x36; | ||
118 | k_opad[i] ^= 0x5c; | ||
119 | } | ||
120 | |||
121 | /* perform inner MD5 */ | ||
122 | MD5Init(&context); /* init context for 1st pass */ | ||
123 | MD5Update(&context, k_ipad, 64); /* start with inner pad */ | ||
124 | MD5Update(&context, data, data_len); /* then text of datagram */ | ||
125 | MD5Final(mac, &context); /* finish up 1st pass */ | ||
126 | |||
127 | /* perform outer MD5 */ | ||
128 | MD5Init(&context); /* init context for 2nd pass */ | ||
129 | MD5Update(&context, k_opad, 64); /* start with outer pad */ | ||
130 | MD5Update(&context, mac, 16); /* then results of 1st hash */ | ||
131 | MD5Final(mac, &context); /* finish up 2nd pass */ | ||
132 | } | ||
133 | |||
134 | #ifndef RT_BIG_ENDIAN | ||
135 | #define byteReverse(buf, len) /* Nothing */ | ||
136 | #else | ||
137 | void byteReverse(unsigned char *buf, unsigned longs); | ||
138 | void byteReverse(unsigned char *buf, unsigned longs) | ||
139 | { | ||
140 | do { | ||
141 | *(UINT32 *)buf = SWAP32(*(UINT32 *)buf); | ||
142 | buf += 4; | ||
143 | } while (--longs); | ||
144 | } | ||
145 | #endif | ||
146 | |||
147 | |||
148 | /* ========================== MD5 implementation =========================== */ | ||
149 | // four base functions for MD5 | ||
150 | #define MD5_F1(x, y, z) (((x) & (y)) | ((~x) & (z))) | ||
151 | #define MD5_F2(x, y, z) (((x) & (z)) | ((y) & (~z))) | ||
152 | #define MD5_F3(x, y, z) ((x) ^ (y) ^ (z)) | ||
153 | #define MD5_F4(x, y, z) ((y) ^ ((x) | (~z))) | ||
154 | #define CYCLIC_LEFT_SHIFT(w, s) (((w) << (s)) | ((w) >> (32-(s)))) | ||
155 | |||
156 | #define MD5Step(f, w, x, y, z, data, t, s) \ | ||
157 | ( w += f(x, y, z) + data + t, w = (CYCLIC_LEFT_SHIFT(w, s)) & 0xffffffff, w += x ) | ||
158 | |||
159 | |||
160 | /* | ||
161 | * Function Description: | ||
162 | * Initiate MD5 Context satisfied in RFC 1321 | ||
163 | * | ||
164 | * Arguments: | ||
165 | * pCtx Pointer to MD5 context | ||
166 | * | ||
167 | * Return Value: | ||
168 | * None | ||
169 | */ | ||
170 | VOID MD5Init(MD5_CTX *pCtx) | ||
171 | { | ||
172 | pCtx->Buf[0]=0x67452301; | ||
173 | pCtx->Buf[1]=0xefcdab89; | ||
174 | pCtx->Buf[2]=0x98badcfe; | ||
175 | pCtx->Buf[3]=0x10325476; | ||
176 | |||
177 | pCtx->LenInBitCount[0]=0; | ||
178 | pCtx->LenInBitCount[1]=0; | ||
179 | } | ||
180 | |||
181 | |||
182 | /* | ||
183 | * Function Description: | ||
184 | * Update MD5 Context, allow of an arrary of octets as the next portion | ||
185 | * of the message | ||
186 | * | ||
187 | * Arguments: | ||
188 | * pCtx Pointer to MD5 context | ||
189 | * pData Pointer to input data | ||
190 | * LenInBytes The length of input data (unit: byte) | ||
191 | * | ||
192 | * Return Value: | ||
193 | * None | ||
194 | * | ||
195 | * Note: | ||
196 | * Called after MD5Init or MD5Update(itself) | ||
197 | */ | ||
198 | VOID MD5Update(MD5_CTX *pCtx, UCHAR *pData, UINT32 LenInBytes) | ||
199 | { | ||
200 | |||
201 | UINT32 TfTimes; | ||
202 | UINT32 temp; | ||
203 | unsigned int i; | ||
204 | |||
205 | temp = pCtx->LenInBitCount[0]; | ||
206 | |||
207 | pCtx->LenInBitCount[0] = (UINT32) (pCtx->LenInBitCount[0] + (LenInBytes << 3)); | ||
208 | |||
209 | if (pCtx->LenInBitCount[0] < temp) | ||
210 | pCtx->LenInBitCount[1]++; //carry in | ||
211 | |||
212 | pCtx->LenInBitCount[1] += LenInBytes >> 29; | ||
213 | |||
214 | // mod 64 bytes | ||
215 | temp = (temp >> 3) & 0x3f; | ||
216 | |||
217 | // process lacks of 64-byte data | ||
218 | if (temp) | ||
219 | { | ||
220 | UCHAR *pAds = (UCHAR *) pCtx->Input + temp; | ||
221 | |||
222 | if ((temp+LenInBytes) < 64) | ||
223 | { | ||
224 | NdisMoveMemory(pAds, (UCHAR *)pData, LenInBytes); | ||
225 | return; | ||
226 | } | ||
227 | |||
228 | NdisMoveMemory(pAds, (UCHAR *)pData, 64-temp); | ||
229 | byteReverse(pCtx->Input, 16); | ||
230 | MD5Transform(pCtx->Buf, (UINT32 *)pCtx->Input); | ||
231 | |||
232 | pData += 64-temp; | ||
233 | LenInBytes -= 64-temp; | ||
234 | } // end of if (temp) | ||
235 | |||
236 | |||
237 | TfTimes = (LenInBytes >> 6); | ||
238 | |||
239 | for (i=TfTimes; i>0; i--) | ||
240 | { | ||
241 | NdisMoveMemory(pCtx->Input, (UCHAR *)pData, 64); | ||
242 | byteReverse(pCtx->Input, 16); | ||
243 | MD5Transform(pCtx->Buf, (UINT32 *)pCtx->Input); | ||
244 | pData += 64; | ||
245 | LenInBytes -= 64; | ||
246 | } // end of for | ||
247 | |||
248 | // buffering lacks of 64-byte data | ||
249 | if(LenInBytes) | ||
250 | NdisMoveMemory(pCtx->Input, (UCHAR *)pData, LenInBytes); | ||
251 | |||
252 | } | ||
253 | |||
254 | |||
255 | /* | ||
256 | * Function Description: | ||
257 | * Append padding bits and length of original message in the tail | ||
258 | * The message digest has to be completed in the end | ||
259 | * | ||
260 | * Arguments: | ||
261 | * Digest Output of Digest-Message for MD5 | ||
262 | * pCtx Pointer to MD5 context | ||
263 | * | ||
264 | * Return Value: | ||
265 | * None | ||
266 | * | ||
267 | * Note: | ||
268 | * Called after MD5Update | ||
269 | */ | ||
270 | VOID MD5Final(UCHAR Digest[16], MD5_CTX *pCtx) | ||
271 | { | ||
272 | UCHAR Remainder; | ||
273 | UCHAR PadLenInBytes; | ||
274 | UCHAR *pAppend=0; | ||
275 | unsigned int i; | ||
276 | |||
277 | Remainder = (UCHAR)((pCtx->LenInBitCount[0] >> 3) & 0x3f); | ||
278 | |||
279 | PadLenInBytes = (Remainder < 56) ? (56-Remainder) : (120-Remainder); | ||
280 | |||
281 | pAppend = (UCHAR *)pCtx->Input + Remainder; | ||
282 | |||
283 | // padding bits without crossing block(64-byte based) boundary | ||
284 | if (Remainder < 56) | ||
285 | { | ||
286 | *pAppend = 0x80; | ||
287 | PadLenInBytes --; | ||
288 | |||
289 | NdisZeroMemory((UCHAR *)pCtx->Input + Remainder+1, PadLenInBytes); | ||
290 | |||
291 | // add data-length field, from low to high | ||
292 | for (i=0; i<4; i++) | ||
293 | { | ||
294 | pCtx->Input[56+i] = (UCHAR)((pCtx->LenInBitCount[0] >> (i << 3)) & 0xff); | ||
295 | pCtx->Input[60+i] = (UCHAR)((pCtx->LenInBitCount[1] >> (i << 3)) & 0xff); | ||
296 | } | ||
297 | |||
298 | byteReverse(pCtx->Input, 16); | ||
299 | MD5Transform(pCtx->Buf, (UINT32 *)pCtx->Input); | ||
300 | } // end of if | ||
301 | |||
302 | // padding bits with crossing block(64-byte based) boundary | ||
303 | else | ||
304 | { | ||
305 | // the first block === | ||
306 | *pAppend = 0x80; | ||
307 | PadLenInBytes --; | ||
308 | |||
309 | NdisZeroMemory((UCHAR *)pCtx->Input + Remainder+1, (64-Remainder-1)); | ||
310 | PadLenInBytes -= (64 - Remainder - 1); | ||
311 | |||
312 | byteReverse(pCtx->Input, 16); | ||
313 | MD5Transform(pCtx->Buf, (UINT32 *)pCtx->Input); | ||
314 | |||
315 | |||
316 | // the second block === | ||
317 | NdisZeroMemory((UCHAR *)pCtx->Input, PadLenInBytes); | ||
318 | |||
319 | // add data-length field | ||
320 | for (i=0; i<4; i++) | ||
321 | { | ||
322 | pCtx->Input[56+i] = (UCHAR)((pCtx->LenInBitCount[0] >> (i << 3)) & 0xff); | ||
323 | pCtx->Input[60+i] = (UCHAR)((pCtx->LenInBitCount[1] >> (i << 3)) & 0xff); | ||
324 | } | ||
325 | |||
326 | byteReverse(pCtx->Input, 16); | ||
327 | MD5Transform(pCtx->Buf, (UINT32 *)pCtx->Input); | ||
328 | } // end of else | ||
329 | |||
330 | |||
331 | NdisMoveMemory((UCHAR *)Digest, (UINT32 *)pCtx->Buf, 16); // output | ||
332 | byteReverse((UCHAR *)Digest, 4); | ||
333 | NdisZeroMemory(pCtx, sizeof(pCtx)); // memory free | ||
334 | } | ||
335 | |||
336 | |||
337 | /* | ||
338 | * Function Description: | ||
339 | * The central algorithm of MD5, consists of four rounds and sixteen | ||
340 | * steps per round | ||
341 | * | ||
342 | * Arguments: | ||
343 | * Buf Buffers of four states (output: 16 bytes) | ||
344 | * Mes Input data (input: 64 bytes) | ||
345 | * | ||
346 | * Return Value: | ||
347 | * None | ||
348 | * | ||
349 | * Note: | ||
350 | * Called by MD5Update or MD5Final | ||
351 | */ | ||
352 | VOID MD5Transform(UINT32 Buf[4], UINT32 Mes[16]) | ||
353 | { | ||
354 | UINT32 Reg[4], Temp; | ||
355 | unsigned int i; | ||
356 | |||
357 | static UCHAR LShiftVal[16] = | ||
358 | { | ||
359 | 7, 12, 17, 22, | ||
360 | 5, 9 , 14, 20, | ||
361 | 4, 11, 16, 23, | ||
362 | 6, 10, 15, 21, | ||
363 | }; | ||
364 | |||
365 | |||
366 | // [equal to 4294967296*abs(sin(index))] | ||
367 | static UINT32 MD5Table[64] = | ||
368 | { | ||
369 | 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, | ||
370 | 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501, | ||
371 | 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be, | ||
372 | 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821, | ||
373 | |||
374 | 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa, | ||
375 | 0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8, | ||
376 | 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed, | ||
377 | 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a, | ||
378 | |||
379 | 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c, | ||
380 | 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70, | ||
381 | 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x04881d05, | ||
382 | 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665, | ||
383 | |||
384 | 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039, | ||
385 | 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1, | ||
386 | 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1, | ||
387 | 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391 | ||
388 | }; | ||
389 | |||
390 | |||
391 | for (i=0; i<4; i++) | ||
392 | Reg[i]=Buf[i]; | ||
393 | |||
394 | |||
395 | // 64 steps in MD5 algorithm | ||
396 | for (i=0; i<16; i++) | ||
397 | { | ||
398 | MD5Step(MD5_F1, Reg[0], Reg[1], Reg[2], Reg[3], Mes[i], | ||
399 | MD5Table[i], LShiftVal[i & 0x3]); | ||
400 | |||
401 | // one-word right shift | ||
402 | Temp = Reg[3]; | ||
403 | Reg[3] = Reg[2]; | ||
404 | Reg[2] = Reg[1]; | ||
405 | Reg[1] = Reg[0]; | ||
406 | Reg[0] = Temp; | ||
407 | } | ||
408 | for (i=16; i<32; i++) | ||
409 | { | ||
410 | MD5Step(MD5_F2, Reg[0], Reg[1], Reg[2], Reg[3], Mes[(5*(i & 0xf)+1) & 0xf], | ||
411 | MD5Table[i], LShiftVal[(0x1 << 2)+(i & 0x3)]); | ||
412 | |||
413 | // one-word right shift | ||
414 | Temp = Reg[3]; | ||
415 | Reg[3] = Reg[2]; | ||
416 | Reg[2] = Reg[1]; | ||
417 | Reg[1] = Reg[0]; | ||
418 | Reg[0] = Temp; | ||
419 | } | ||
420 | for (i=32; i<48; i++) | ||
421 | { | ||
422 | MD5Step(MD5_F3, Reg[0], Reg[1], Reg[2], Reg[3], Mes[(3*(i & 0xf)+5) & 0xf], | ||
423 | MD5Table[i], LShiftVal[(0x1 << 3)+(i & 0x3)]); | ||
424 | |||
425 | // one-word right shift | ||
426 | Temp = Reg[3]; | ||
427 | Reg[3] = Reg[2]; | ||
428 | Reg[2] = Reg[1]; | ||
429 | Reg[1] = Reg[0]; | ||
430 | Reg[0] = Temp; | ||
431 | } | ||
432 | for (i=48; i<64; i++) | ||
433 | { | ||
434 | MD5Step(MD5_F4, Reg[0], Reg[1], Reg[2], Reg[3], Mes[(7*(i & 0xf)) & 0xf], | ||
435 | MD5Table[i], LShiftVal[(0x3 << 2)+(i & 0x3)]); | ||
436 | |||
437 | // one-word right shift | ||
438 | Temp = Reg[3]; | ||
439 | Reg[3] = Reg[2]; | ||
440 | Reg[2] = Reg[1]; | ||
441 | Reg[1] = Reg[0]; | ||
442 | Reg[0] = Temp; | ||
443 | } | ||
444 | |||
445 | |||
446 | // (temporary)output | ||
447 | for (i=0; i<4; i++) | ||
448 | Buf[i] += Reg[i]; | ||
449 | |||
450 | } | ||
451 | |||
452 | |||
453 | |||
454 | /* ========================= SHA-1 implementation ========================== */ | ||
455 | // four base functions for SHA-1 | ||
456 | #define SHA1_F1(b, c, d) (((b) & (c)) | ((~b) & (d))) | ||
457 | #define SHA1_F2(b, c, d) ((b) ^ (c) ^ (d)) | ||
458 | #define SHA1_F3(b, c, d) (((b) & (c)) | ((b) & (d)) | ((c) & (d))) | ||
459 | |||
460 | |||
461 | #define SHA1Step(f, a, b, c, d, e, w, k) \ | ||
462 | ( e += ( f(b, c, d) + w + k + CYCLIC_LEFT_SHIFT(a, 5)) & 0xffffffff, \ | ||
463 | b = CYCLIC_LEFT_SHIFT(b, 30) ) | ||
464 | |||
465 | //Initiate SHA-1 Context satisfied in RFC 3174 | ||
466 | VOID SHAInit(SHA_CTX *pCtx) | ||
467 | { | ||
468 | pCtx->Buf[0]=0x67452301; | ||
469 | pCtx->Buf[1]=0xefcdab89; | ||
470 | pCtx->Buf[2]=0x98badcfe; | ||
471 | pCtx->Buf[3]=0x10325476; | ||
472 | pCtx->Buf[4]=0xc3d2e1f0; | ||
473 | |||
474 | pCtx->LenInBitCount[0]=0; | ||
475 | pCtx->LenInBitCount[1]=0; | ||
476 | } | ||
477 | |||
478 | /* | ||
479 | * Function Description: | ||
480 | * Update SHA-1 Context, allow of an arrary of octets as the next | ||
481 | * portion of the message | ||
482 | * | ||
483 | * Arguments: | ||
484 | * pCtx Pointer to SHA-1 context | ||
485 | * pData Pointer to input data | ||
486 | * LenInBytes The length of input data (unit: byte) | ||
487 | * | ||
488 | * Return Value: | ||
489 | * error indicate more than pow(2,64) bits of data | ||
490 | * | ||
491 | * Note: | ||
492 | * Called after SHAInit or SHAUpdate(itself) | ||
493 | */ | ||
494 | UCHAR SHAUpdate(SHA_CTX *pCtx, UCHAR *pData, UINT32 LenInBytes) | ||
495 | { | ||
496 | UINT32 TfTimes; | ||
497 | UINT32 temp1,temp2; | ||
498 | unsigned int i; | ||
499 | UCHAR err=1; | ||
500 | |||
501 | temp1 = pCtx->LenInBitCount[0]; | ||
502 | temp2 = pCtx->LenInBitCount[1]; | ||
503 | |||
504 | pCtx->LenInBitCount[0] = (UINT32) (pCtx->LenInBitCount[0] + (LenInBytes << 3)); | ||
505 | if (pCtx->LenInBitCount[0] < temp1) | ||
506 | pCtx->LenInBitCount[1]++; //carry in | ||
507 | |||
508 | |||
509 | pCtx->LenInBitCount[1] = (UINT32) (pCtx->LenInBitCount[1] +(LenInBytes >> 29)); | ||
510 | if (pCtx->LenInBitCount[1] < temp2) | ||
511 | return (err); //check total length of original data | ||
512 | |||
513 | |||
514 | // mod 64 bytes | ||
515 | temp1 = (temp1 >> 3) & 0x3f; | ||
516 | |||
517 | // process lacks of 64-byte data | ||
518 | if (temp1) | ||
519 | { | ||
520 | UCHAR *pAds = (UCHAR *) pCtx->Input + temp1; | ||
521 | |||
522 | if ((temp1+LenInBytes) < 64) | ||
523 | { | ||
524 | NdisMoveMemory(pAds, (UCHAR *)pData, LenInBytes); | ||
525 | return (0); | ||
526 | } | ||
527 | |||
528 | NdisMoveMemory(pAds, (UCHAR *)pData, 64-temp1); | ||
529 | byteReverse((UCHAR *)pCtx->Input, 16); | ||
530 | |||
531 | NdisZeroMemory((UCHAR *)pCtx->Input + 64, 16); | ||
532 | SHATransform(pCtx->Buf, (UINT32 *)pCtx->Input); | ||
533 | |||
534 | pData += 64-temp1; | ||
535 | LenInBytes -= 64-temp1; | ||
536 | } // end of if (temp1) | ||
537 | |||
538 | |||
539 | TfTimes = (LenInBytes >> 6); | ||
540 | |||
541 | for (i=TfTimes; i>0; i--) | ||
542 | { | ||
543 | NdisMoveMemory(pCtx->Input, (UCHAR *)pData, 64); | ||
544 | byteReverse((UCHAR *)pCtx->Input, 16); | ||
545 | |||
546 | NdisZeroMemory((UCHAR *)pCtx->Input + 64, 16); | ||
547 | SHATransform(pCtx->Buf, (UINT32 *)pCtx->Input); | ||
548 | pData += 64; | ||
549 | LenInBytes -= 64; | ||
550 | } // end of for | ||
551 | |||
552 | // buffering lacks of 64-byte data | ||
553 | if(LenInBytes) | ||
554 | NdisMoveMemory(pCtx->Input, (UCHAR *)pData, LenInBytes); | ||
555 | |||
556 | return (0); | ||
557 | |||
558 | } | ||
559 | |||
560 | // Append padding bits and length of original message in the tail | ||
561 | // The message digest has to be completed in the end | ||
562 | VOID SHAFinal(SHA_CTX *pCtx, UCHAR Digest[20]) | ||
563 | { | ||
564 | UCHAR Remainder; | ||
565 | UCHAR PadLenInBytes; | ||
566 | UCHAR *pAppend=0; | ||
567 | unsigned int i; | ||
568 | |||
569 | Remainder = (UCHAR)((pCtx->LenInBitCount[0] >> 3) & 0x3f); | ||
570 | |||
571 | pAppend = (UCHAR *)pCtx->Input + Remainder; | ||
572 | |||
573 | PadLenInBytes = (Remainder < 56) ? (56-Remainder) : (120-Remainder); | ||
574 | |||
575 | // padding bits without crossing block(64-byte based) boundary | ||
576 | if (Remainder < 56) | ||
577 | { | ||
578 | *pAppend = 0x80; | ||
579 | PadLenInBytes --; | ||
580 | |||
581 | NdisZeroMemory((UCHAR *)pCtx->Input + Remainder+1, PadLenInBytes); | ||
582 | |||
583 | // add data-length field, from high to low | ||
584 | for (i=0; i<4; i++) | ||
585 | { | ||
586 | pCtx->Input[56+i] = (UCHAR)((pCtx->LenInBitCount[1] >> ((3-i) << 3)) & 0xff); | ||
587 | pCtx->Input[60+i] = (UCHAR)((pCtx->LenInBitCount[0] >> ((3-i) << 3)) & 0xff); | ||
588 | } | ||
589 | |||
590 | byteReverse((UCHAR *)pCtx->Input, 16); | ||
591 | NdisZeroMemory((UCHAR *)pCtx->Input + 64, 14); | ||
592 | SHATransform(pCtx->Buf, (UINT32 *)pCtx->Input); | ||
593 | } // end of if | ||
594 | |||
595 | // padding bits with crossing block(64-byte based) boundary | ||
596 | else | ||
597 | { | ||
598 | // the first block === | ||
599 | *pAppend = 0x80; | ||
600 | PadLenInBytes --; | ||
601 | |||
602 | NdisZeroMemory((UCHAR *)pCtx->Input + Remainder+1, (64-Remainder-1)); | ||
603 | PadLenInBytes -= (64 - Remainder - 1); | ||
604 | |||
605 | byteReverse((UCHAR *)pCtx->Input, 16); | ||
606 | NdisZeroMemory((UCHAR *)pCtx->Input + 64, 16); | ||
607 | SHATransform(pCtx->Buf, (UINT32 *)pCtx->Input); | ||
608 | |||
609 | |||
610 | // the second block === | ||
611 | NdisZeroMemory((UCHAR *)pCtx->Input, PadLenInBytes); | ||
612 | |||
613 | // add data-length field | ||
614 | for (i=0; i<4; i++) | ||
615 | { | ||
616 | pCtx->Input[56+i] = (UCHAR)((pCtx->LenInBitCount[1] >> ((3-i) << 3)) & 0xff); | ||
617 | pCtx->Input[60+i] = (UCHAR)((pCtx->LenInBitCount[0] >> ((3-i) << 3)) & 0xff); | ||
618 | } | ||
619 | |||
620 | byteReverse((UCHAR *)pCtx->Input, 16); | ||
621 | NdisZeroMemory((UCHAR *)pCtx->Input + 64, 16); | ||
622 | SHATransform(pCtx->Buf, (UINT32 *)pCtx->Input); | ||
623 | } // end of else | ||
624 | |||
625 | |||
626 | //Output, bytereverse | ||
627 | for (i=0; i<20; i++) | ||
628 | { | ||
629 | Digest [i] = (UCHAR)(pCtx->Buf[i>>2] >> 8*(3-(i & 0x3))); | ||
630 | } | ||
631 | |||
632 | NdisZeroMemory(pCtx, sizeof(pCtx)); // memory free | ||
633 | } | ||
634 | |||
635 | |||
636 | // The central algorithm of SHA-1, consists of four rounds and | ||
637 | // twenty steps per round | ||
638 | VOID SHATransform(UINT32 Buf[5], UINT32 Mes[20]) | ||
639 | { | ||
640 | UINT32 Reg[5],Temp; | ||
641 | unsigned int i; | ||
642 | UINT32 W[80]; | ||
643 | |||
644 | static UINT32 SHA1Table[4] = { 0x5a827999, 0x6ed9eba1, | ||
645 | 0x8f1bbcdc, 0xca62c1d6 }; | ||
646 | |||
647 | Reg[0]=Buf[0]; | ||
648 | Reg[1]=Buf[1]; | ||
649 | Reg[2]=Buf[2]; | ||
650 | Reg[3]=Buf[3]; | ||
651 | Reg[4]=Buf[4]; | ||
652 | |||
653 | //the first octet of a word is stored in the 0th element, bytereverse | ||
654 | for(i = 0; i < 16; i++) | ||
655 | { | ||
656 | W[i] = (Mes[i] >> 24) & 0xff; | ||
657 | W[i] |= (Mes[i] >> 8 ) & 0xff00; | ||
658 | W[i] |= (Mes[i] << 8 ) & 0xff0000; | ||
659 | W[i] |= (Mes[i] << 24) & 0xff000000; | ||
660 | } | ||
661 | |||
662 | |||
663 | for (i = 0; i < 64; i++) | ||
664 | W[16+i] = CYCLIC_LEFT_SHIFT(W[i] ^ W[2+i] ^ W[8+i] ^ W[13+i], 1); | ||
665 | |||
666 | |||
667 | // 80 steps in SHA-1 algorithm | ||
668 | for (i=0; i<80; i++) | ||
669 | { | ||
670 | if (i<20) | ||
671 | SHA1Step(SHA1_F1, Reg[0], Reg[1], Reg[2], Reg[3], Reg[4], | ||
672 | W[i], SHA1Table[0]); | ||
673 | |||
674 | else if (i>=20 && i<40) | ||
675 | SHA1Step(SHA1_F2, Reg[0], Reg[1], Reg[2], Reg[3], Reg[4], | ||
676 | W[i], SHA1Table[1]); | ||
677 | |||
678 | else if (i>=40 && i<60) | ||
679 | SHA1Step(SHA1_F3, Reg[0], Reg[1], Reg[2], Reg[3], Reg[4], | ||
680 | W[i], SHA1Table[2]); | ||
681 | |||
682 | else | ||
683 | SHA1Step(SHA1_F2, Reg[0], Reg[1], Reg[2], Reg[3], Reg[4], | ||
684 | W[i], SHA1Table[3]); | ||
685 | |||
686 | |||
687 | // one-word right shift | ||
688 | Temp = Reg[4]; | ||
689 | Reg[4] = Reg[3]; | ||
690 | Reg[3] = Reg[2]; | ||
691 | Reg[2] = Reg[1]; | ||
692 | Reg[1] = Reg[0]; | ||
693 | Reg[0] = Temp; | ||
694 | |||
695 | } // end of for-loop | ||
696 | |||
697 | |||
698 | // (temporary)output | ||
699 | for (i=0; i<5; i++) | ||
700 | Buf[i] += Reg[i]; | ||
701 | |||
702 | } | ||
703 | |||
704 | |||
705 | /* ========================= AES En/Decryption ========================== */ | ||
706 | |||
707 | /* forward S-box */ | ||
708 | static uint32 FSb[256] = | ||
709 | { | ||
710 | 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, | ||
711 | 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, | ||
712 | 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, | ||
713 | 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, | ||
714 | 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, | ||
715 | 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15, | ||
716 | 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, | ||
717 | 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75, | ||
718 | 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, | ||
719 | 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, | ||
720 | 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, | ||
721 | 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF, | ||
722 | 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, | ||
723 | 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8, | ||
724 | 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, | ||
725 | 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, | ||
726 | 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, | ||
727 | 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73, | ||
728 | 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, | ||
729 | 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB, | ||
730 | 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, | ||
731 | 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, | ||
732 | 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, | ||
733 | 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08, | ||
734 | 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, | ||
735 | 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A, | ||
736 | 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, | ||
737 | 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, | ||
738 | 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, | ||
739 | 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF, | ||
740 | 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, | ||
741 | 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16 | ||
742 | }; | ||
743 | |||
744 | /* forward table */ | ||
745 | #define FT \ | ||
746 | \ | ||
747 | V(C6,63,63,A5), V(F8,7C,7C,84), V(EE,77,77,99), V(F6,7B,7B,8D), \ | ||
748 | V(FF,F2,F2,0D), V(D6,6B,6B,BD), V(DE,6F,6F,B1), V(91,C5,C5,54), \ | ||
749 | V(60,30,30,50), V(02,01,01,03), V(CE,67,67,A9), V(56,2B,2B,7D), \ | ||
750 | V(E7,FE,FE,19), V(B5,D7,D7,62), V(4D,AB,AB,E6), V(EC,76,76,9A), \ | ||
751 | V(8F,CA,CA,45), V(1F,82,82,9D), V(89,C9,C9,40), V(FA,7D,7D,87), \ | ||
752 | V(EF,FA,FA,15), V(B2,59,59,EB), V(8E,47,47,C9), V(FB,F0,F0,0B), \ | ||
753 | V(41,AD,AD,EC), V(B3,D4,D4,67), V(5F,A2,A2,FD), V(45,AF,AF,EA), \ | ||
754 | V(23,9C,9C,BF), V(53,A4,A4,F7), V(E4,72,72,96), V(9B,C0,C0,5B), \ | ||
755 | V(75,B7,B7,C2), V(E1,FD,FD,1C), V(3D,93,93,AE), V(4C,26,26,6A), \ | ||
756 | V(6C,36,36,5A), V(7E,3F,3F,41), V(F5,F7,F7,02), V(83,CC,CC,4F), \ | ||
757 | V(68,34,34,5C), V(51,A5,A5,F4), V(D1,E5,E5,34), V(F9,F1,F1,08), \ | ||
758 | V(E2,71,71,93), V(AB,D8,D8,73), V(62,31,31,53), V(2A,15,15,3F), \ | ||
759 | V(08,04,04,0C), V(95,C7,C7,52), V(46,23,23,65), V(9D,C3,C3,5E), \ | ||
760 | V(30,18,18,28), V(37,96,96,A1), V(0A,05,05,0F), V(2F,9A,9A,B5), \ | ||
761 | V(0E,07,07,09), V(24,12,12,36), V(1B,80,80,9B), V(DF,E2,E2,3D), \ | ||
762 | V(CD,EB,EB,26), V(4E,27,27,69), V(7F,B2,B2,CD), V(EA,75,75,9F), \ | ||
763 | V(12,09,09,1B), V(1D,83,83,9E), V(58,2C,2C,74), V(34,1A,1A,2E), \ | ||
764 | V(36,1B,1B,2D), V(DC,6E,6E,B2), V(B4,5A,5A,EE), V(5B,A0,A0,FB), \ | ||
765 | V(A4,52,52,F6), V(76,3B,3B,4D), V(B7,D6,D6,61), V(7D,B3,B3,CE), \ | ||
766 | V(52,29,29,7B), V(DD,E3,E3,3E), V(5E,2F,2F,71), V(13,84,84,97), \ | ||
767 | V(A6,53,53,F5), V(B9,D1,D1,68), V(00,00,00,00), V(C1,ED,ED,2C), \ | ||
768 | V(40,20,20,60), V(E3,FC,FC,1F), V(79,B1,B1,C8), V(B6,5B,5B,ED), \ | ||
769 | V(D4,6A,6A,BE), V(8D,CB,CB,46), V(67,BE,BE,D9), V(72,39,39,4B), \ | ||
770 | V(94,4A,4A,DE), V(98,4C,4C,D4), V(B0,58,58,E8), V(85,CF,CF,4A), \ | ||
771 | V(BB,D0,D0,6B), V(C5,EF,EF,2A), V(4F,AA,AA,E5), V(ED,FB,FB,16), \ | ||
772 | V(86,43,43,C5), V(9A,4D,4D,D7), V(66,33,33,55), V(11,85,85,94), \ | ||
773 | V(8A,45,45,CF), V(E9,F9,F9,10), V(04,02,02,06), V(FE,7F,7F,81), \ | ||
774 | V(A0,50,50,F0), V(78,3C,3C,44), V(25,9F,9F,BA), V(4B,A8,A8,E3), \ | ||
775 | V(A2,51,51,F3), V(5D,A3,A3,FE), V(80,40,40,C0), V(05,8F,8F,8A), \ | ||
776 | V(3F,92,92,AD), V(21,9D,9D,BC), V(70,38,38,48), V(F1,F5,F5,04), \ | ||
777 | V(63,BC,BC,DF), V(77,B6,B6,C1), V(AF,DA,DA,75), V(42,21,21,63), \ | ||
778 | V(20,10,10,30), V(E5,FF,FF,1A), V(FD,F3,F3,0E), V(BF,D2,D2,6D), \ | ||
779 | V(81,CD,CD,4C), V(18,0C,0C,14), V(26,13,13,35), V(C3,EC,EC,2F), \ | ||
780 | V(BE,5F,5F,E1), V(35,97,97,A2), V(88,44,44,CC), V(2E,17,17,39), \ | ||
781 | V(93,C4,C4,57), V(55,A7,A7,F2), V(FC,7E,7E,82), V(7A,3D,3D,47), \ | ||
782 | V(C8,64,64,AC), V(BA,5D,5D,E7), V(32,19,19,2B), V(E6,73,73,95), \ | ||
783 | V(C0,60,60,A0), V(19,81,81,98), V(9E,4F,4F,D1), V(A3,DC,DC,7F), \ | ||
784 | V(44,22,22,66), V(54,2A,2A,7E), V(3B,90,90,AB), V(0B,88,88,83), \ | ||
785 | V(8C,46,46,CA), V(C7,EE,EE,29), V(6B,B8,B8,D3), V(28,14,14,3C), \ | ||
786 | V(A7,DE,DE,79), V(BC,5E,5E,E2), V(16,0B,0B,1D), V(AD,DB,DB,76), \ | ||
787 | V(DB,E0,E0,3B), V(64,32,32,56), V(74,3A,3A,4E), V(14,0A,0A,1E), \ | ||
788 | V(92,49,49,DB), V(0C,06,06,0A), V(48,24,24,6C), V(B8,5C,5C,E4), \ | ||
789 | V(9F,C2,C2,5D), V(BD,D3,D3,6E), V(43,AC,AC,EF), V(C4,62,62,A6), \ | ||
790 | V(39,91,91,A8), V(31,95,95,A4), V(D3,E4,E4,37), V(F2,79,79,8B), \ | ||
791 | V(D5,E7,E7,32), V(8B,C8,C8,43), V(6E,37,37,59), V(DA,6D,6D,B7), \ | ||
792 | V(01,8D,8D,8C), V(B1,D5,D5,64), V(9C,4E,4E,D2), V(49,A9,A9,E0), \ | ||
793 | V(D8,6C,6C,B4), V(AC,56,56,FA), V(F3,F4,F4,07), V(CF,EA,EA,25), \ | ||
794 | V(CA,65,65,AF), V(F4,7A,7A,8E), V(47,AE,AE,E9), V(10,08,08,18), \ | ||
795 | V(6F,BA,BA,D5), V(F0,78,78,88), V(4A,25,25,6F), V(5C,2E,2E,72), \ | ||
796 | V(38,1C,1C,24), V(57,A6,A6,F1), V(73,B4,B4,C7), V(97,C6,C6,51), \ | ||
797 | V(CB,E8,E8,23), V(A1,DD,DD,7C), V(E8,74,74,9C), V(3E,1F,1F,21), \ | ||
798 | V(96,4B,4B,DD), V(61,BD,BD,DC), V(0D,8B,8B,86), V(0F,8A,8A,85), \ | ||
799 | V(E0,70,70,90), V(7C,3E,3E,42), V(71,B5,B5,C4), V(CC,66,66,AA), \ | ||
800 | V(90,48,48,D8), V(06,03,03,05), V(F7,F6,F6,01), V(1C,0E,0E,12), \ | ||
801 | V(C2,61,61,A3), V(6A,35,35,5F), V(AE,57,57,F9), V(69,B9,B9,D0), \ | ||
802 | V(17,86,86,91), V(99,C1,C1,58), V(3A,1D,1D,27), V(27,9E,9E,B9), \ | ||
803 | V(D9,E1,E1,38), V(EB,F8,F8,13), V(2B,98,98,B3), V(22,11,11,33), \ | ||
804 | V(D2,69,69,BB), V(A9,D9,D9,70), V(07,8E,8E,89), V(33,94,94,A7), \ | ||
805 | V(2D,9B,9B,B6), V(3C,1E,1E,22), V(15,87,87,92), V(C9,E9,E9,20), \ | ||
806 | V(87,CE,CE,49), V(AA,55,55,FF), V(50,28,28,78), V(A5,DF,DF,7A), \ | ||
807 | V(03,8C,8C,8F), V(59,A1,A1,F8), V(09,89,89,80), V(1A,0D,0D,17), \ | ||
808 | V(65,BF,BF,DA), V(D7,E6,E6,31), V(84,42,42,C6), V(D0,68,68,B8), \ | ||
809 | V(82,41,41,C3), V(29,99,99,B0), V(5A,2D,2D,77), V(1E,0F,0F,11), \ | ||
810 | V(7B,B0,B0,CB), V(A8,54,54,FC), V(6D,BB,BB,D6), V(2C,16,16,3A) | ||
811 | |||
812 | #define V(a,b,c,d) 0x##a##b##c##d | ||
813 | static uint32 FT0[256] = { FT }; | ||
814 | #undef V | ||
815 | |||
816 | #define V(a,b,c,d) 0x##d##a##b##c | ||
817 | static uint32 FT1[256] = { FT }; | ||
818 | #undef V | ||
819 | |||
820 | #define V(a,b,c,d) 0x##c##d##a##b | ||
821 | static uint32 FT2[256] = { FT }; | ||
822 | #undef V | ||
823 | |||
824 | #define V(a,b,c,d) 0x##b##c##d##a | ||
825 | static uint32 FT3[256] = { FT }; | ||
826 | #undef V | ||
827 | |||
828 | #undef FT | ||
829 | |||
830 | /* reverse S-box */ | ||
831 | |||
832 | static uint32 RSb[256] = | ||
833 | { | ||
834 | 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, | ||
835 | 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB, | ||
836 | 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, | ||
837 | 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB, | ||
838 | 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, | ||
839 | 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E, | ||
840 | 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, | ||
841 | 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25, | ||
842 | 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, | ||
843 | 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92, | ||
844 | 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, | ||
845 | 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84, | ||
846 | 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, | ||
847 | 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06, | ||
848 | 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, | ||
849 | 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B, | ||
850 | 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, | ||
851 | 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73, | ||
852 | 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, | ||
853 | 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E, | ||
854 | 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, | ||
855 | 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B, | ||
856 | 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, | ||
857 | 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4, | ||
858 | 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, | ||
859 | 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F, | ||
860 | 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, | ||
861 | 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF, | ||
862 | 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, | ||
863 | 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61, | ||
864 | 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, | ||
865 | 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D | ||
866 | }; | ||
867 | |||
868 | /* reverse table */ | ||
869 | |||
870 | #define RT \ | ||
871 | \ | ||
872 | V(51,F4,A7,50), V(7E,41,65,53), V(1A,17,A4,C3), V(3A,27,5E,96), \ | ||
873 | V(3B,AB,6B,CB), V(1F,9D,45,F1), V(AC,FA,58,AB), V(4B,E3,03,93), \ | ||
874 | V(20,30,FA,55), V(AD,76,6D,F6), V(88,CC,76,91), V(F5,02,4C,25), \ | ||
875 | V(4F,E5,D7,FC), V(C5,2A,CB,D7), V(26,35,44,80), V(B5,62,A3,8F), \ | ||
876 | V(DE,B1,5A,49), V(25,BA,1B,67), V(45,EA,0E,98), V(5D,FE,C0,E1), \ | ||
877 | V(C3,2F,75,02), V(81,4C,F0,12), V(8D,46,97,A3), V(6B,D3,F9,C6), \ | ||
878 | V(03,8F,5F,E7), V(15,92,9C,95), V(BF,6D,7A,EB), V(95,52,59,DA), \ | ||
879 | V(D4,BE,83,2D), V(58,74,21,D3), V(49,E0,69,29), V(8E,C9,C8,44), \ | ||
880 | V(75,C2,89,6A), V(F4,8E,79,78), V(99,58,3E,6B), V(27,B9,71,DD), \ | ||
881 | V(BE,E1,4F,B6), V(F0,88,AD,17), V(C9,20,AC,66), V(7D,CE,3A,B4), \ | ||
882 | V(63,DF,4A,18), V(E5,1A,31,82), V(97,51,33,60), V(62,53,7F,45), \ | ||
883 | V(B1,64,77,E0), V(BB,6B,AE,84), V(FE,81,A0,1C), V(F9,08,2B,94), \ | ||
884 | V(70,48,68,58), V(8F,45,FD,19), V(94,DE,6C,87), V(52,7B,F8,B7), \ | ||
885 | V(AB,73,D3,23), V(72,4B,02,E2), V(E3,1F,8F,57), V(66,55,AB,2A), \ | ||
886 | V(B2,EB,28,07), V(2F,B5,C2,03), V(86,C5,7B,9A), V(D3,37,08,A5), \ | ||
887 | V(30,28,87,F2), V(23,BF,A5,B2), V(02,03,6A,BA), V(ED,16,82,5C), \ | ||
888 | V(8A,CF,1C,2B), V(A7,79,B4,92), V(F3,07,F2,F0), V(4E,69,E2,A1), \ | ||
889 | V(65,DA,F4,CD), V(06,05,BE,D5), V(D1,34,62,1F), V(C4,A6,FE,8A), \ | ||
890 | V(34,2E,53,9D), V(A2,F3,55,A0), V(05,8A,E1,32), V(A4,F6,EB,75), \ | ||
891 | V(0B,83,EC,39), V(40,60,EF,AA), V(5E,71,9F,06), V(BD,6E,10,51), \ | ||
892 | V(3E,21,8A,F9), V(96,DD,06,3D), V(DD,3E,05,AE), V(4D,E6,BD,46), \ | ||
893 | V(91,54,8D,B5), V(71,C4,5D,05), V(04,06,D4,6F), V(60,50,15,FF), \ | ||
894 | V(19,98,FB,24), V(D6,BD,E9,97), V(89,40,43,CC), V(67,D9,9E,77), \ | ||
895 | V(B0,E8,42,BD), V(07,89,8B,88), V(E7,19,5B,38), V(79,C8,EE,DB), \ | ||
896 | V(A1,7C,0A,47), V(7C,42,0F,E9), V(F8,84,1E,C9), V(00,00,00,00), \ | ||
897 | V(09,80,86,83), V(32,2B,ED,48), V(1E,11,70,AC), V(6C,5A,72,4E), \ | ||
898 | V(FD,0E,FF,FB), V(0F,85,38,56), V(3D,AE,D5,1E), V(36,2D,39,27), \ | ||
899 | V(0A,0F,D9,64), V(68,5C,A6,21), V(9B,5B,54,D1), V(24,36,2E,3A), \ | ||
900 | V(0C,0A,67,B1), V(93,57,E7,0F), V(B4,EE,96,D2), V(1B,9B,91,9E), \ | ||
901 | V(80,C0,C5,4F), V(61,DC,20,A2), V(5A,77,4B,69), V(1C,12,1A,16), \ | ||
902 | V(E2,93,BA,0A), V(C0,A0,2A,E5), V(3C,22,E0,43), V(12,1B,17,1D), \ | ||
903 | V(0E,09,0D,0B), V(F2,8B,C7,AD), V(2D,B6,A8,B9), V(14,1E,A9,C8), \ | ||
904 | V(57,F1,19,85), V(AF,75,07,4C), V(EE,99,DD,BB), V(A3,7F,60,FD), \ | ||
905 | V(F7,01,26,9F), V(5C,72,F5,BC), V(44,66,3B,C5), V(5B,FB,7E,34), \ | ||
906 | V(8B,43,29,76), V(CB,23,C6,DC), V(B6,ED,FC,68), V(B8,E4,F1,63), \ | ||
907 | V(D7,31,DC,CA), V(42,63,85,10), V(13,97,22,40), V(84,C6,11,20), \ | ||
908 | V(85,4A,24,7D), V(D2,BB,3D,F8), V(AE,F9,32,11), V(C7,29,A1,6D), \ | ||
909 | V(1D,9E,2F,4B), V(DC,B2,30,F3), V(0D,86,52,EC), V(77,C1,E3,D0), \ | ||
910 | V(2B,B3,16,6C), V(A9,70,B9,99), V(11,94,48,FA), V(47,E9,64,22), \ | ||
911 | V(A8,FC,8C,C4), V(A0,F0,3F,1A), V(56,7D,2C,D8), V(22,33,90,EF), \ | ||
912 | V(87,49,4E,C7), V(D9,38,D1,C1), V(8C,CA,A2,FE), V(98,D4,0B,36), \ | ||
913 | V(A6,F5,81,CF), V(A5,7A,DE,28), V(DA,B7,8E,26), V(3F,AD,BF,A4), \ | ||
914 | V(2C,3A,9D,E4), V(50,78,92,0D), V(6A,5F,CC,9B), V(54,7E,46,62), \ | ||
915 | V(F6,8D,13,C2), V(90,D8,B8,E8), V(2E,39,F7,5E), V(82,C3,AF,F5), \ | ||
916 | V(9F,5D,80,BE), V(69,D0,93,7C), V(6F,D5,2D,A9), V(CF,25,12,B3), \ | ||
917 | V(C8,AC,99,3B), V(10,18,7D,A7), V(E8,9C,63,6E), V(DB,3B,BB,7B), \ | ||
918 | V(CD,26,78,09), V(6E,59,18,F4), V(EC,9A,B7,01), V(83,4F,9A,A8), \ | ||
919 | V(E6,95,6E,65), V(AA,FF,E6,7E), V(21,BC,CF,08), V(EF,15,E8,E6), \ | ||
920 | V(BA,E7,9B,D9), V(4A,6F,36,CE), V(EA,9F,09,D4), V(29,B0,7C,D6), \ | ||
921 | V(31,A4,B2,AF), V(2A,3F,23,31), V(C6,A5,94,30), V(35,A2,66,C0), \ | ||
922 | V(74,4E,BC,37), V(FC,82,CA,A6), V(E0,90,D0,B0), V(33,A7,D8,15), \ | ||
923 | V(F1,04,98,4A), V(41,EC,DA,F7), V(7F,CD,50,0E), V(17,91,F6,2F), \ | ||
924 | V(76,4D,D6,8D), V(43,EF,B0,4D), V(CC,AA,4D,54), V(E4,96,04,DF), \ | ||
925 | V(9E,D1,B5,E3), V(4C,6A,88,1B), V(C1,2C,1F,B8), V(46,65,51,7F), \ | ||
926 | V(9D,5E,EA,04), V(01,8C,35,5D), V(FA,87,74,73), V(FB,0B,41,2E), \ | ||
927 | V(B3,67,1D,5A), V(92,DB,D2,52), V(E9,10,56,33), V(6D,D6,47,13), \ | ||
928 | V(9A,D7,61,8C), V(37,A1,0C,7A), V(59,F8,14,8E), V(EB,13,3C,89), \ | ||
929 | V(CE,A9,27,EE), V(B7,61,C9,35), V(E1,1C,E5,ED), V(7A,47,B1,3C), \ | ||
930 | V(9C,D2,DF,59), V(55,F2,73,3F), V(18,14,CE,79), V(73,C7,37,BF), \ | ||
931 | V(53,F7,CD,EA), V(5F,FD,AA,5B), V(DF,3D,6F,14), V(78,44,DB,86), \ | ||
932 | V(CA,AF,F3,81), V(B9,68,C4,3E), V(38,24,34,2C), V(C2,A3,40,5F), \ | ||
933 | V(16,1D,C3,72), V(BC,E2,25,0C), V(28,3C,49,8B), V(FF,0D,95,41), \ | ||
934 | V(39,A8,01,71), V(08,0C,B3,DE), V(D8,B4,E4,9C), V(64,56,C1,90), \ | ||
935 | V(7B,CB,84,61), V(D5,32,B6,70), V(48,6C,5C,74), V(D0,B8,57,42) | ||
936 | |||
937 | #define V(a,b,c,d) 0x##a##b##c##d | ||
938 | static uint32 RT0[256] = { RT }; | ||
939 | #undef V | ||
940 | |||
941 | #define V(a,b,c,d) 0x##d##a##b##c | ||
942 | static uint32 RT1[256] = { RT }; | ||
943 | #undef V | ||
944 | |||
945 | #define V(a,b,c,d) 0x##c##d##a##b | ||
946 | static uint32 RT2[256] = { RT }; | ||
947 | #undef V | ||
948 | |||
949 | #define V(a,b,c,d) 0x##b##c##d##a | ||
950 | static uint32 RT3[256] = { RT }; | ||
951 | #undef V | ||
952 | |||
953 | #undef RT | ||
954 | |||
955 | /* round constants */ | ||
956 | |||
957 | static uint32 RCON[10] = | ||
958 | { | ||
959 | 0x01000000, 0x02000000, 0x04000000, 0x08000000, | ||
960 | 0x10000000, 0x20000000, 0x40000000, 0x80000000, | ||
961 | 0x1B000000, 0x36000000 | ||
962 | }; | ||
963 | |||
964 | /* key schedule tables */ | ||
965 | |||
966 | static int KT_init = 1; | ||
967 | |||
968 | static uint32 KT0[256]; | ||
969 | static uint32 KT1[256]; | ||
970 | static uint32 KT2[256]; | ||
971 | static uint32 KT3[256]; | ||
972 | |||
973 | /* platform-independant 32-bit integer manipulation macros */ | ||
974 | |||
975 | #define GET_UINT32(n,b,i) \ | ||
976 | { \ | ||
977 | (n) = ( (uint32) (b)[(i) ] << 24 ) \ | ||
978 | | ( (uint32) (b)[(i) + 1] << 16 ) \ | ||
979 | | ( (uint32) (b)[(i) + 2] << 8 ) \ | ||
980 | | ( (uint32) (b)[(i) + 3] ); \ | ||
981 | } | ||
982 | |||
983 | #define PUT_UINT32(n,b,i) \ | ||
984 | { \ | ||
985 | (b)[(i) ] = (uint8) ( (n) >> 24 ); \ | ||
986 | (b)[(i) + 1] = (uint8) ( (n) >> 16 ); \ | ||
987 | (b)[(i) + 2] = (uint8) ( (n) >> 8 ); \ | ||
988 | (b)[(i) + 3] = (uint8) ( (n) ); \ | ||
989 | } | ||
990 | |||
991 | /* AES key scheduling routine */ | ||
992 | |||
993 | int rtmp_aes_set_key( aes_context *ctx, uint8 *key, int nbits ) | ||
994 | { | ||
995 | int i; | ||
996 | uint32 *RK, *SK; | ||
997 | |||
998 | switch( nbits ) | ||
999 | { | ||
1000 | case 128: ctx->nr = 10; break; | ||
1001 | case 192: ctx->nr = 12; break; | ||
1002 | case 256: ctx->nr = 14; break; | ||
1003 | default : return( 1 ); | ||
1004 | } | ||
1005 | |||
1006 | RK = ctx->erk; | ||
1007 | |||
1008 | for( i = 0; i < (nbits >> 5); i++ ) | ||
1009 | { | ||
1010 | GET_UINT32( RK[i], key, i * 4 ); | ||
1011 | } | ||
1012 | |||
1013 | /* setup encryption round keys */ | ||
1014 | |||
1015 | switch( nbits ) | ||
1016 | { | ||
1017 | case 128: | ||
1018 | |||
1019 | for( i = 0; i < 10; i++, RK += 4 ) | ||
1020 | { | ||
1021 | RK[4] = RK[0] ^ RCON[i] ^ | ||
1022 | ( FSb[ (uint8) ( RK[3] >> 16 ) ] << 24 ) ^ | ||
1023 | ( FSb[ (uint8) ( RK[3] >> 8 ) ] << 16 ) ^ | ||
1024 | ( FSb[ (uint8) ( RK[3] ) ] << 8 ) ^ | ||
1025 | ( FSb[ (uint8) ( RK[3] >> 24 ) ] ); | ||
1026 | |||
1027 | RK[5] = RK[1] ^ RK[4]; | ||
1028 | RK[6] = RK[2] ^ RK[5]; | ||
1029 | RK[7] = RK[3] ^ RK[6]; | ||
1030 | } | ||
1031 | break; | ||
1032 | |||
1033 | case 192: | ||
1034 | |||
1035 | for( i = 0; i < 8; i++, RK += 6 ) | ||
1036 | { | ||
1037 | RK[6] = RK[0] ^ RCON[i] ^ | ||
1038 | ( FSb[ (uint8) ( RK[5] >> 16 ) ] << 24 ) ^ | ||
1039 | ( FSb[ (uint8) ( RK[5] >> 8 ) ] << 16 ) ^ | ||
1040 | ( FSb[ (uint8) ( RK[5] ) ] << 8 ) ^ | ||
1041 | ( FSb[ (uint8) ( RK[5] >> 24 ) ] ); | ||
1042 | |||
1043 | RK[7] = RK[1] ^ RK[6]; | ||
1044 | RK[8] = RK[2] ^ RK[7]; | ||
1045 | RK[9] = RK[3] ^ RK[8]; | ||
1046 | RK[10] = RK[4] ^ RK[9]; | ||
1047 | RK[11] = RK[5] ^ RK[10]; | ||
1048 | } | ||
1049 | break; | ||
1050 | |||
1051 | case 256: | ||
1052 | |||
1053 | for( i = 0; i < 7; i++, RK += 8 ) | ||
1054 | { | ||
1055 | RK[8] = RK[0] ^ RCON[i] ^ | ||
1056 | ( FSb[ (uint8) ( RK[7] >> 16 ) ] << 24 ) ^ | ||
1057 | ( FSb[ (uint8) ( RK[7] >> 8 ) ] << 16 ) ^ | ||
1058 | ( FSb[ (uint8) ( RK[7] ) ] << 8 ) ^ | ||
1059 | ( FSb[ (uint8) ( RK[7] >> 24 ) ] ); | ||
1060 | |||
1061 | RK[9] = RK[1] ^ RK[8]; | ||
1062 | RK[10] = RK[2] ^ RK[9]; | ||
1063 | RK[11] = RK[3] ^ RK[10]; | ||
1064 | |||
1065 | RK[12] = RK[4] ^ | ||
1066 | ( FSb[ (uint8) ( RK[11] >> 24 ) ] << 24 ) ^ | ||
1067 | ( FSb[ (uint8) ( RK[11] >> 16 ) ] << 16 ) ^ | ||
1068 | ( FSb[ (uint8) ( RK[11] >> 8 ) ] << 8 ) ^ | ||
1069 | ( FSb[ (uint8) ( RK[11] ) ] ); | ||
1070 | |||
1071 | RK[13] = RK[5] ^ RK[12]; | ||
1072 | RK[14] = RK[6] ^ RK[13]; | ||
1073 | RK[15] = RK[7] ^ RK[14]; | ||
1074 | } | ||
1075 | break; | ||
1076 | } | ||
1077 | |||
1078 | /* setup decryption round keys */ | ||
1079 | |||
1080 | if( KT_init ) | ||
1081 | { | ||
1082 | for( i = 0; i < 256; i++ ) | ||
1083 | { | ||
1084 | KT0[i] = RT0[ FSb[i] ]; | ||
1085 | KT1[i] = RT1[ FSb[i] ]; | ||
1086 | KT2[i] = RT2[ FSb[i] ]; | ||
1087 | KT3[i] = RT3[ FSb[i] ]; | ||
1088 | } | ||
1089 | |||
1090 | KT_init = 0; | ||
1091 | } | ||
1092 | |||
1093 | SK = ctx->drk; | ||
1094 | |||
1095 | *SK++ = *RK++; | ||
1096 | *SK++ = *RK++; | ||
1097 | *SK++ = *RK++; | ||
1098 | *SK++ = *RK++; | ||
1099 | |||
1100 | for( i = 1; i < ctx->nr; i++ ) | ||
1101 | { | ||
1102 | RK -= 8; | ||
1103 | |||
1104 | *SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^ | ||
1105 | KT1[ (uint8) ( *RK >> 16 ) ] ^ | ||
1106 | KT2[ (uint8) ( *RK >> 8 ) ] ^ | ||
1107 | KT3[ (uint8) ( *RK ) ]; RK++; | ||
1108 | |||
1109 | *SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^ | ||
1110 | KT1[ (uint8) ( *RK >> 16 ) ] ^ | ||
1111 | KT2[ (uint8) ( *RK >> 8 ) ] ^ | ||
1112 | KT3[ (uint8) ( *RK ) ]; RK++; | ||
1113 | |||
1114 | *SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^ | ||
1115 | KT1[ (uint8) ( *RK >> 16 ) ] ^ | ||
1116 | KT2[ (uint8) ( *RK >> 8 ) ] ^ | ||
1117 | KT3[ (uint8) ( *RK ) ]; RK++; | ||
1118 | |||
1119 | *SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^ | ||
1120 | KT1[ (uint8) ( *RK >> 16 ) ] ^ | ||
1121 | KT2[ (uint8) ( *RK >> 8 ) ] ^ | ||
1122 | KT3[ (uint8) ( *RK ) ]; RK++; | ||
1123 | } | ||
1124 | |||
1125 | RK -= 8; | ||
1126 | |||
1127 | *SK++ = *RK++; | ||
1128 | *SK++ = *RK++; | ||
1129 | *SK++ = *RK++; | ||
1130 | *SK++ = *RK++; | ||
1131 | |||
1132 | return( 0 ); | ||
1133 | } | ||
1134 | |||
1135 | /* AES 128-bit block encryption routine */ | ||
1136 | |||
1137 | void rtmp_aes_encrypt(aes_context *ctx, uint8 input[16], uint8 output[16] ) | ||
1138 | { | ||
1139 | uint32 *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3; | ||
1140 | |||
1141 | RK = ctx->erk; | ||
1142 | GET_UINT32( X0, input, 0 ); X0 ^= RK[0]; | ||
1143 | GET_UINT32( X1, input, 4 ); X1 ^= RK[1]; | ||
1144 | GET_UINT32( X2, input, 8 ); X2 ^= RK[2]; | ||
1145 | GET_UINT32( X3, input, 12 ); X3 ^= RK[3]; | ||
1146 | |||
1147 | #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ | ||
1148 | { \ | ||
1149 | RK += 4; \ | ||
1150 | \ | ||
1151 | X0 = RK[0] ^ FT0[ (uint8) ( Y0 >> 24 ) ] ^ \ | ||
1152 | FT1[ (uint8) ( Y1 >> 16 ) ] ^ \ | ||
1153 | FT2[ (uint8) ( Y2 >> 8 ) ] ^ \ | ||
1154 | FT3[ (uint8) ( Y3 ) ]; \ | ||
1155 | \ | ||
1156 | X1 = RK[1] ^ FT0[ (uint8) ( Y1 >> 24 ) ] ^ \ | ||
1157 | FT1[ (uint8) ( Y2 >> 16 ) ] ^ \ | ||
1158 | FT2[ (uint8) ( Y3 >> 8 ) ] ^ \ | ||
1159 | FT3[ (uint8) ( Y0 ) ]; \ | ||
1160 | \ | ||
1161 | X2 = RK[2] ^ FT0[ (uint8) ( Y2 >> 24 ) ] ^ \ | ||
1162 | FT1[ (uint8) ( Y3 >> 16 ) ] ^ \ | ||
1163 | FT2[ (uint8) ( Y0 >> 8 ) ] ^ \ | ||
1164 | FT3[ (uint8) ( Y1 ) ]; \ | ||
1165 | \ | ||
1166 | X3 = RK[3] ^ FT0[ (uint8) ( Y3 >> 24 ) ] ^ \ | ||
1167 | FT1[ (uint8) ( Y0 >> 16 ) ] ^ \ | ||
1168 | FT2[ (uint8) ( Y1 >> 8 ) ] ^ \ | ||
1169 | FT3[ (uint8) ( Y2 ) ]; \ | ||
1170 | } | ||
1171 | |||
1172 | AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 1 */ | ||
1173 | AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 2 */ | ||
1174 | AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 3 */ | ||
1175 | AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 4 */ | ||
1176 | AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 5 */ | ||
1177 | AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 6 */ | ||
1178 | AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 7 */ | ||
1179 | AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 8 */ | ||
1180 | AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 9 */ | ||
1181 | |||
1182 | if( ctx->nr > 10 ) | ||
1183 | { | ||
1184 | AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 10 */ | ||
1185 | AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 11 */ | ||
1186 | } | ||
1187 | |||
1188 | if( ctx->nr > 12 ) | ||
1189 | { | ||
1190 | AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 12 */ | ||
1191 | AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 13 */ | ||
1192 | } | ||
1193 | |||
1194 | /* last round */ | ||
1195 | |||
1196 | RK += 4; | ||
1197 | |||
1198 | X0 = RK[0] ^ ( FSb[ (uint8) ( Y0 >> 24 ) ] << 24 ) ^ | ||
1199 | ( FSb[ (uint8) ( Y1 >> 16 ) ] << 16 ) ^ | ||
1200 | ( FSb[ (uint8) ( Y2 >> 8 ) ] << 8 ) ^ | ||
1201 | ( FSb[ (uint8) ( Y3 ) ] ); | ||
1202 | |||
1203 | X1 = RK[1] ^ ( FSb[ (uint8) ( Y1 >> 24 ) ] << 24 ) ^ | ||
1204 | ( FSb[ (uint8) ( Y2 >> 16 ) ] << 16 ) ^ | ||
1205 | ( FSb[ (uint8) ( Y3 >> 8 ) ] << 8 ) ^ | ||
1206 | ( FSb[ (uint8) ( Y0 ) ] ); | ||
1207 | |||
1208 | X2 = RK[2] ^ ( FSb[ (uint8) ( Y2 >> 24 ) ] << 24 ) ^ | ||
1209 | ( FSb[ (uint8) ( Y3 >> 16 ) ] << 16 ) ^ | ||
1210 | ( FSb[ (uint8) ( Y0 >> 8 ) ] << 8 ) ^ | ||
1211 | ( FSb[ (uint8) ( Y1 ) ] ); | ||
1212 | |||
1213 | X3 = RK[3] ^ ( FSb[ (uint8) ( Y3 >> 24 ) ] << 24 ) ^ | ||
1214 | ( FSb[ (uint8) ( Y0 >> 16 ) ] << 16 ) ^ | ||
1215 | ( FSb[ (uint8) ( Y1 >> 8 ) ] << 8 ) ^ | ||
1216 | ( FSb[ (uint8) ( Y2 ) ] ); | ||
1217 | |||
1218 | PUT_UINT32( X0, output, 0 ); | ||
1219 | PUT_UINT32( X1, output, 4 ); | ||
1220 | PUT_UINT32( X2, output, 8 ); | ||
1221 | PUT_UINT32( X3, output, 12 ); | ||
1222 | } | ||
1223 | |||
1224 | /* AES 128-bit block decryption routine */ | ||
1225 | |||
1226 | void rtmp_aes_decrypt( aes_context *ctx, uint8 input[16], uint8 output[16] ) | ||
1227 | { | ||
1228 | uint32 *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3; | ||
1229 | |||
1230 | RK = ctx->drk; | ||
1231 | |||
1232 | GET_UINT32( X0, input, 0 ); X0 ^= RK[0]; | ||
1233 | GET_UINT32( X1, input, 4 ); X1 ^= RK[1]; | ||
1234 | GET_UINT32( X2, input, 8 ); X2 ^= RK[2]; | ||
1235 | GET_UINT32( X3, input, 12 ); X3 ^= RK[3]; | ||
1236 | |||
1237 | #define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ | ||
1238 | { \ | ||
1239 | RK += 4; \ | ||
1240 | \ | ||
1241 | X0 = RK[0] ^ RT0[ (uint8) ( Y0 >> 24 ) ] ^ \ | ||
1242 | RT1[ (uint8) ( Y3 >> 16 ) ] ^ \ | ||
1243 | RT2[ (uint8) ( Y2 >> 8 ) ] ^ \ | ||
1244 | RT3[ (uint8) ( Y1 ) ]; \ | ||
1245 | \ | ||
1246 | X1 = RK[1] ^ RT0[ (uint8) ( Y1 >> 24 ) ] ^ \ | ||
1247 | RT1[ (uint8) ( Y0 >> 16 ) ] ^ \ | ||
1248 | RT2[ (uint8) ( Y3 >> 8 ) ] ^ \ | ||
1249 | RT3[ (uint8) ( Y2 ) ]; \ | ||
1250 | \ | ||
1251 | X2 = RK[2] ^ RT0[ (uint8) ( Y2 >> 24 ) ] ^ \ | ||
1252 | RT1[ (uint8) ( Y1 >> 16 ) ] ^ \ | ||
1253 | RT2[ (uint8) ( Y0 >> 8 ) ] ^ \ | ||
1254 | RT3[ (uint8) ( Y3 ) ]; \ | ||
1255 | \ | ||
1256 | X3 = RK[3] ^ RT0[ (uint8) ( Y3 >> 24 ) ] ^ \ | ||
1257 | RT1[ (uint8) ( Y2 >> 16 ) ] ^ \ | ||
1258 | RT2[ (uint8) ( Y1 >> 8 ) ] ^ \ | ||
1259 | RT3[ (uint8) ( Y0 ) ]; \ | ||
1260 | } | ||
1261 | |||
1262 | AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 1 */ | ||
1263 | AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 2 */ | ||
1264 | AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 3 */ | ||
1265 | AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 4 */ | ||
1266 | AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 5 */ | ||
1267 | AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 6 */ | ||
1268 | AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 7 */ | ||
1269 | AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 8 */ | ||
1270 | AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 9 */ | ||
1271 | |||
1272 | if( ctx->nr > 10 ) | ||
1273 | { | ||
1274 | AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 10 */ | ||
1275 | AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 11 */ | ||
1276 | } | ||
1277 | |||
1278 | if( ctx->nr > 12 ) | ||
1279 | { | ||
1280 | AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 12 */ | ||
1281 | AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 13 */ | ||
1282 | } | ||
1283 | |||
1284 | /* last round */ | ||
1285 | |||
1286 | RK += 4; | ||
1287 | |||
1288 | X0 = RK[0] ^ ( RSb[ (uint8) ( Y0 >> 24 ) ] << 24 ) ^ | ||
1289 | ( RSb[ (uint8) ( Y3 >> 16 ) ] << 16 ) ^ | ||
1290 | ( RSb[ (uint8) ( Y2 >> 8 ) ] << 8 ) ^ | ||
1291 | ( RSb[ (uint8) ( Y1 ) ] ); | ||
1292 | |||
1293 | X1 = RK[1] ^ ( RSb[ (uint8) ( Y1 >> 24 ) ] << 24 ) ^ | ||
1294 | ( RSb[ (uint8) ( Y0 >> 16 ) ] << 16 ) ^ | ||
1295 | ( RSb[ (uint8) ( Y3 >> 8 ) ] << 8 ) ^ | ||
1296 | ( RSb[ (uint8) ( Y2 ) ] ); | ||
1297 | |||
1298 | X2 = RK[2] ^ ( RSb[ (uint8) ( Y2 >> 24 ) ] << 24 ) ^ | ||
1299 | ( RSb[ (uint8) ( Y1 >> 16 ) ] << 16 ) ^ | ||
1300 | ( RSb[ (uint8) ( Y0 >> 8 ) ] << 8 ) ^ | ||
1301 | ( RSb[ (uint8) ( Y3 ) ] ); | ||
1302 | |||
1303 | X3 = RK[3] ^ ( RSb[ (uint8) ( Y3 >> 24 ) ] << 24 ) ^ | ||
1304 | ( RSb[ (uint8) ( Y2 >> 16 ) ] << 16 ) ^ | ||
1305 | ( RSb[ (uint8) ( Y1 >> 8 ) ] << 8 ) ^ | ||
1306 | ( RSb[ (uint8) ( Y0 ) ] ); | ||
1307 | |||
1308 | PUT_UINT32( X0, output, 0 ); | ||
1309 | PUT_UINT32( X1, output, 4 ); | ||
1310 | PUT_UINT32( X2, output, 8 ); | ||
1311 | PUT_UINT32( X3, output, 12 ); | ||
1312 | } | ||
1313 | |||
1314 | /* | ||
1315 | ======================================================================== | ||
1316 | |||
1317 | Routine Description: | ||
1318 | SHA1 function | ||
1319 | |||
1320 | Arguments: | ||
1321 | |||
1322 | Return Value: | ||
1323 | |||
1324 | Note: | ||
1325 | |||
1326 | ======================================================================== | ||
1327 | */ | ||
1328 | VOID HMAC_SHA1( | ||
1329 | IN UCHAR *text, | ||
1330 | IN UINT text_len, | ||
1331 | IN UCHAR *key, | ||
1332 | IN UINT key_len, | ||
1333 | IN UCHAR *digest) | ||
1334 | { | ||
1335 | SHA_CTX context; | ||
1336 | UCHAR k_ipad[65]; /* inner padding - key XORd with ipad */ | ||
1337 | UCHAR k_opad[65]; /* outer padding - key XORd with opad */ | ||
1338 | INT i; | ||
1339 | |||
1340 | // if key is longer than 64 bytes reset it to key=SHA1(key) | ||
1341 | if (key_len > 64) | ||
1342 | { | ||
1343 | SHA_CTX tctx; | ||
1344 | SHAInit(&tctx); | ||
1345 | SHAUpdate(&tctx, key, key_len); | ||
1346 | SHAFinal(&tctx, key); | ||
1347 | key_len = 20; | ||
1348 | } | ||
1349 | NdisZeroMemory(k_ipad, sizeof(k_ipad)); | ||
1350 | NdisZeroMemory(k_opad, sizeof(k_opad)); | ||
1351 | NdisMoveMemory(k_ipad, key, key_len); | ||
1352 | NdisMoveMemory(k_opad, key, key_len); | ||
1353 | |||
1354 | // XOR key with ipad and opad values | ||
1355 | for (i = 0; i < 64; i++) | ||
1356 | { | ||
1357 | k_ipad[i] ^= 0x36; | ||
1358 | k_opad[i] ^= 0x5c; | ||
1359 | } | ||
1360 | |||
1361 | // perform inner SHA1 | ||
1362 | SHAInit(&context); /* init context for 1st pass */ | ||
1363 | SHAUpdate(&context, k_ipad, 64); /* start with inner pad */ | ||
1364 | SHAUpdate(&context, text, text_len); /* then text of datagram */ | ||
1365 | SHAFinal(&context, digest); /* finish up 1st pass */ | ||
1366 | |||
1367 | //perform outer SHA1 | ||
1368 | SHAInit(&context); /* init context for 2nd pass */ | ||
1369 | SHAUpdate(&context, k_opad, 64); /* start with outer pad */ | ||
1370 | SHAUpdate(&context, digest, 20); /* then results of 1st hash */ | ||
1371 | SHAFinal(&context, digest); /* finish up 2nd pass */ | ||
1372 | |||
1373 | } | ||
1374 | |||
1375 | /* | ||
1376 | * F(P, S, c, i) = U1 xor U2 xor ... Uc | ||
1377 | * U1 = PRF(P, S || Int(i)) | ||
1378 | * U2 = PRF(P, U1) | ||
1379 | * Uc = PRF(P, Uc-1) | ||
1380 | */ | ||
1381 | |||
1382 | void F(char *password, unsigned char *ssid, int ssidlength, int iterations, int count, unsigned char *output) | ||
1383 | { | ||
1384 | unsigned char digest[36], digest1[SHA_DIGEST_LEN]; | ||
1385 | int i, j; | ||
1386 | |||
1387 | /* U1 = PRF(P, S || int(i)) */ | ||
1388 | memcpy(digest, ssid, ssidlength); | ||
1389 | digest[ssidlength] = (unsigned char)((count>>24) & 0xff); | ||
1390 | digest[ssidlength+1] = (unsigned char)((count>>16) & 0xff); | ||
1391 | digest[ssidlength+2] = (unsigned char)((count>>8) & 0xff); | ||
1392 | digest[ssidlength+3] = (unsigned char)(count & 0xff); | ||
1393 | HMAC_SHA1(digest, ssidlength+4, (unsigned char*) password, (int) strlen(password), digest1); // for WPA update | ||
1394 | |||
1395 | /* output = U1 */ | ||
1396 | memcpy(output, digest1, SHA_DIGEST_LEN); | ||
1397 | |||
1398 | for (i = 1; i < iterations; i++) | ||
1399 | { | ||
1400 | /* Un = PRF(P, Un-1) */ | ||
1401 | HMAC_SHA1(digest1, SHA_DIGEST_LEN, (unsigned char*) password, (int) strlen(password), digest); // for WPA update | ||
1402 | memcpy(digest1, digest, SHA_DIGEST_LEN); | ||
1403 | |||
1404 | /* output = output xor Un */ | ||
1405 | for (j = 0; j < SHA_DIGEST_LEN; j++) | ||
1406 | { | ||
1407 | output[j] ^= digest[j]; | ||
1408 | } | ||
1409 | } | ||
1410 | } | ||
1411 | /* | ||
1412 | * password - ascii string up to 63 characters in length | ||
1413 | * ssid - octet string up to 32 octets | ||
1414 | * ssidlength - length of ssid in octets | ||
1415 | * output must be 40 octets in length and outputs 256 bits of key | ||
1416 | */ | ||
1417 | int PasswordHash(char *password, unsigned char *ssid, int ssidlength, unsigned char *output) | ||
1418 | { | ||
1419 | if ((strlen(password) > 63) || (ssidlength > 32)) | ||
1420 | return 0; | ||
1421 | |||
1422 | F(password, ssid, ssidlength, 4096, 1, output); | ||
1423 | F(password, ssid, ssidlength, 4096, 2, &output[SHA_DIGEST_LEN]); | ||
1424 | return 1; | ||
1425 | } | ||
1426 | |||
1427 | |||