2 *************************************************************************
4 * 5F., No.36, Taiyuan St., Jhubei City,
8 * (c) Copyright 2002-2007, Ralink Technology, Inc.
10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License as published by *
12 * the Free Software Foundation; either version 2 of the License, or *
13 * (at your option) any later version. *
15 * This program is distributed in the hope that it will be useful, *
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
18 * GNU General Public License for more details. *
20 * You should have received a copy of the GNU General Public License *
21 * along with this program; if not, write to the *
22 * Free Software Foundation, Inc., *
23 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 *************************************************************************
34 -------- ---------- ----------------------------------------------
35 Name Date Modification logs
37 Rita 11-23-04 Modify MD5 and SHA-1
38 Rita 10-14-05 Modify SHA-1 in big-endian platform
40 #include "../rt_config.h"
44 * @key: pointer to the key used for MAC generation
45 * @key_len: length of the key in bytes
46 * @data: pointer to the data area for which the MAC is generated
47 * @data_len: length of the data in bytes
48 * @mac: pointer to the buffer holding space for the MAC; the buffer should
49 * have space for 128-bit (16 bytes) MD5 hash value
51 * md5_mac() determines the message authentication code by using secure hash
52 * MD5(key | data | key).
54 void md5_mac(u8 *key, size_t key_len, u8 *data, size_t data_len, u8 *mac)
59 MD5Update(&context, key, key_len);
60 MD5Update(&context, data, data_len);
61 MD5Update(&context, key, key_len);
62 MD5Final(mac, &context);
67 * @key: pointer to the key used for MAC generation
68 * @key_len: length of the key in bytes
69 * @data: pointer to the data area for which the MAC is generated
70 * @data_len: length of the data in bytes
71 * @mac: pointer to the buffer holding space for the MAC; the buffer should
72 * have space for 128-bit (16 bytes) MD5 hash value
74 * hmac_md5() determines the message authentication code using HMAC-MD5.
75 * This implementation is based on the sample code presented in RFC 2104.
77 void hmac_md5(u8 *key, size_t key_len, u8 *data, size_t data_len, u8 *mac)
80 u8 k_ipad[65]; /* inner padding - key XORd with ipad */
81 u8 k_opad[65]; /* outer padding - key XORd with opad */
85 //assert(key != NULL && data != NULL && mac != NULL);
87 /* if key is longer than 64 bytes reset it to key = MD5(key) */
92 MD5Update(&ttcontext, key, key_len);
93 MD5Final(tk, &ttcontext);
94 //key=(PUCHAR)ttcontext.buf;
99 /* the HMAC_MD5 transform looks like:
101 * MD5(K XOR opad, MD5(K XOR ipad, text))
103 * where K is an n byte key
104 * ipad is the byte 0x36 repeated 64 times
105 * opad is the byte 0x5c repeated 64 times
106 * and text is the data being protected */
108 /* start out by storing key in pads */
109 NdisZeroMemory(k_ipad, sizeof(k_ipad));
110 NdisZeroMemory(k_opad, sizeof(k_opad));
111 //assert(key_len < sizeof(k_ipad));
112 NdisMoveMemory(k_ipad, key, key_len);
113 NdisMoveMemory(k_opad, key, key_len);
115 /* XOR key with ipad and opad values */
116 for (i = 0; i < 64; i++) {
121 /* perform inner MD5 */
122 MD5Init(&context); /* init context for 1st pass */
123 MD5Update(&context, k_ipad, 64); /* start with inner pad */
124 MD5Update(&context, data, data_len); /* then text of datagram */
125 MD5Final(mac, &context); /* finish up 1st pass */
127 /* perform outer MD5 */
128 MD5Init(&context); /* init context for 2nd pass */
129 MD5Update(&context, k_opad, 64); /* start with outer pad */
130 MD5Update(&context, mac, 16); /* then results of 1st hash */
131 MD5Final(mac, &context); /* finish up 2nd pass */
134 #ifndef RT_BIG_ENDIAN
135 #define byteReverse(buf, len) /* Nothing */
137 void byteReverse(unsigned char *buf, unsigned longs);
138 void byteReverse(unsigned char *buf, unsigned longs)
141 *(UINT32 *)buf = SWAP32(*(UINT32 *)buf);
148 /* ========================== MD5 implementation =========================== */
149 // four base functions for MD5
150 #define MD5_F1(x, y, z) (((x) & (y)) | ((~x) & (z)))
151 #define MD5_F2(x, y, z) (((x) & (z)) | ((y) & (~z)))
152 #define MD5_F3(x, y, z) ((x) ^ (y) ^ (z))
153 #define MD5_F4(x, y, z) ((y) ^ ((x) | (~z)))
154 #define CYCLIC_LEFT_SHIFT(w, s) (((w) << (s)) | ((w) >> (32-(s))))
156 #define MD5Step(f, w, x, y, z, data, t, s) \
157 ( w += f(x, y, z) + data + t, w = (CYCLIC_LEFT_SHIFT(w, s)) & 0xffffffff, w += x )
161 * Function Description:
162 * Initiate MD5 Context satisfied in RFC 1321
165 * pCtx Pointer to MD5 context
170 VOID MD5Init(MD5_CTX *pCtx)
172 pCtx->Buf[0]=0x67452301;
173 pCtx->Buf[1]=0xefcdab89;
174 pCtx->Buf[2]=0x98badcfe;
175 pCtx->Buf[3]=0x10325476;
177 pCtx->LenInBitCount[0]=0;
178 pCtx->LenInBitCount[1]=0;
183 * Function Description:
184 * Update MD5 Context, allow of an arrary of octets as the next portion
188 * pCtx Pointer to MD5 context
189 * pData Pointer to input data
190 * LenInBytes The length of input data (unit: byte)
196 * Called after MD5Init or MD5Update(itself)
198 VOID MD5Update(MD5_CTX *pCtx, UCHAR *pData, UINT32 LenInBytes)
205 temp = pCtx->LenInBitCount[0];
207 pCtx->LenInBitCount[0] = (UINT32) (pCtx->LenInBitCount[0] + (LenInBytes << 3));
209 if (pCtx->LenInBitCount[0] < temp)
210 pCtx->LenInBitCount[1]++; //carry in
212 pCtx->LenInBitCount[1] += LenInBytes >> 29;
215 temp = (temp >> 3) & 0x3f;
217 // process lacks of 64-byte data
220 UCHAR *pAds = (UCHAR *) pCtx->Input + temp;
222 if ((temp+LenInBytes) < 64)
224 NdisMoveMemory(pAds, (UCHAR *)pData, LenInBytes);
228 NdisMoveMemory(pAds, (UCHAR *)pData, 64-temp);
229 byteReverse(pCtx->Input, 16);
230 MD5Transform(pCtx->Buf, (UINT32 *)pCtx->Input);
233 LenInBytes -= 64-temp;
234 } // end of if (temp)
237 TfTimes = (LenInBytes >> 6);
239 for (i=TfTimes; i>0; i--)
241 NdisMoveMemory(pCtx->Input, (UCHAR *)pData, 64);
242 byteReverse(pCtx->Input, 16);
243 MD5Transform(pCtx->Buf, (UINT32 *)pCtx->Input);
248 // buffering lacks of 64-byte data
250 NdisMoveMemory(pCtx->Input, (UCHAR *)pData, LenInBytes);
256 * Function Description:
257 * Append padding bits and length of original message in the tail
258 * The message digest has to be completed in the end
261 * Digest Output of Digest-Message for MD5
262 * pCtx Pointer to MD5 context
268 * Called after MD5Update
270 VOID MD5Final(UCHAR Digest[16], MD5_CTX *pCtx)
277 Remainder = (UCHAR)((pCtx->LenInBitCount[0] >> 3) & 0x3f);
279 PadLenInBytes = (Remainder < 56) ? (56-Remainder) : (120-Remainder);
281 pAppend = (UCHAR *)pCtx->Input + Remainder;
283 // padding bits without crossing block(64-byte based) boundary
289 NdisZeroMemory((UCHAR *)pCtx->Input + Remainder+1, PadLenInBytes);
291 // add data-length field, from low to high
294 pCtx->Input[56+i] = (UCHAR)((pCtx->LenInBitCount[0] >> (i << 3)) & 0xff);
295 pCtx->Input[60+i] = (UCHAR)((pCtx->LenInBitCount[1] >> (i << 3)) & 0xff);
298 byteReverse(pCtx->Input, 16);
299 MD5Transform(pCtx->Buf, (UINT32 *)pCtx->Input);
302 // padding bits with crossing block(64-byte based) boundary
305 // the first block ===
309 NdisZeroMemory((UCHAR *)pCtx->Input + Remainder+1, (64-Remainder-1));
310 PadLenInBytes -= (64 - Remainder - 1);
312 byteReverse(pCtx->Input, 16);
313 MD5Transform(pCtx->Buf, (UINT32 *)pCtx->Input);
316 // the second block ===
317 NdisZeroMemory((UCHAR *)pCtx->Input, PadLenInBytes);
319 // add data-length field
322 pCtx->Input[56+i] = (UCHAR)((pCtx->LenInBitCount[0] >> (i << 3)) & 0xff);
323 pCtx->Input[60+i] = (UCHAR)((pCtx->LenInBitCount[1] >> (i << 3)) & 0xff);
326 byteReverse(pCtx->Input, 16);
327 MD5Transform(pCtx->Buf, (UINT32 *)pCtx->Input);
331 NdisMoveMemory((UCHAR *)Digest, (UINT32 *)pCtx->Buf, 16); // output
332 byteReverse((UCHAR *)Digest, 4);
333 NdisZeroMemory(pCtx, sizeof(pCtx)); // memory free
338 * Function Description:
339 * The central algorithm of MD5, consists of four rounds and sixteen
343 * Buf Buffers of four states (output: 16 bytes)
344 * Mes Input data (input: 64 bytes)
350 * Called by MD5Update or MD5Final
352 VOID MD5Transform(UINT32 Buf[4], UINT32 Mes[16])
357 static UCHAR LShiftVal[16] =
366 // [equal to 4294967296*abs(sin(index))]
367 static UINT32 MD5Table[64] =
369 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee,
370 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
371 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
372 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
374 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
375 0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8,
376 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed,
377 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
379 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
380 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
381 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x04881d05,
382 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
384 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039,
385 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
386 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
387 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391
395 // 64 steps in MD5 algorithm
398 MD5Step(MD5_F1, Reg[0], Reg[1], Reg[2], Reg[3], Mes[i],
399 MD5Table[i], LShiftVal[i & 0x3]);
401 // one-word right shift
408 for (i=16; i<32; i++)
410 MD5Step(MD5_F2, Reg[0], Reg[1], Reg[2], Reg[3], Mes[(5*(i & 0xf)+1) & 0xf],
411 MD5Table[i], LShiftVal[(0x1 << 2)+(i & 0x3)]);
413 // one-word right shift
420 for (i=32; i<48; i++)
422 MD5Step(MD5_F3, Reg[0], Reg[1], Reg[2], Reg[3], Mes[(3*(i & 0xf)+5) & 0xf],
423 MD5Table[i], LShiftVal[(0x1 << 3)+(i & 0x3)]);
425 // one-word right shift
432 for (i=48; i<64; i++)
434 MD5Step(MD5_F4, Reg[0], Reg[1], Reg[2], Reg[3], Mes[(7*(i & 0xf)) & 0xf],
435 MD5Table[i], LShiftVal[(0x3 << 2)+(i & 0x3)]);
437 // one-word right shift
454 /* ========================= SHA-1 implementation ========================== */
455 // four base functions for SHA-1
456 #define SHA1_F1(b, c, d) (((b) & (c)) | ((~b) & (d)))
457 #define SHA1_F2(b, c, d) ((b) ^ (c) ^ (d))
458 #define SHA1_F3(b, c, d) (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
461 #define SHA1Step(f, a, b, c, d, e, w, k) \
462 ( e += ( f(b, c, d) + w + k + CYCLIC_LEFT_SHIFT(a, 5)) & 0xffffffff, \
463 b = CYCLIC_LEFT_SHIFT(b, 30) )
465 //Initiate SHA-1 Context satisfied in RFC 3174
466 VOID SHAInit(SHA_CTX *pCtx)
468 pCtx->Buf[0]=0x67452301;
469 pCtx->Buf[1]=0xefcdab89;
470 pCtx->Buf[2]=0x98badcfe;
471 pCtx->Buf[3]=0x10325476;
472 pCtx->Buf[4]=0xc3d2e1f0;
474 pCtx->LenInBitCount[0]=0;
475 pCtx->LenInBitCount[1]=0;
479 * Function Description:
480 * Update SHA-1 Context, allow of an arrary of octets as the next
481 * portion of the message
484 * pCtx Pointer to SHA-1 context
485 * pData Pointer to input data
486 * LenInBytes The length of input data (unit: byte)
489 * error indicate more than pow(2,64) bits of data
492 * Called after SHAInit or SHAUpdate(itself)
494 UCHAR SHAUpdate(SHA_CTX *pCtx, UCHAR *pData, UINT32 LenInBytes)
501 temp1 = pCtx->LenInBitCount[0];
502 temp2 = pCtx->LenInBitCount[1];
504 pCtx->LenInBitCount[0] = (UINT32) (pCtx->LenInBitCount[0] + (LenInBytes << 3));
505 if (pCtx->LenInBitCount[0] < temp1)
506 pCtx->LenInBitCount[1]++; //carry in
509 pCtx->LenInBitCount[1] = (UINT32) (pCtx->LenInBitCount[1] +(LenInBytes >> 29));
510 if (pCtx->LenInBitCount[1] < temp2)
511 return (err); //check total length of original data
515 temp1 = (temp1 >> 3) & 0x3f;
517 // process lacks of 64-byte data
520 UCHAR *pAds = (UCHAR *) pCtx->Input + temp1;
522 if ((temp1+LenInBytes) < 64)
524 NdisMoveMemory(pAds, (UCHAR *)pData, LenInBytes);
528 NdisMoveMemory(pAds, (UCHAR *)pData, 64-temp1);
529 byteReverse((UCHAR *)pCtx->Input, 16);
531 NdisZeroMemory((UCHAR *)pCtx->Input + 64, 16);
532 SHATransform(pCtx->Buf, (UINT32 *)pCtx->Input);
535 LenInBytes -= 64-temp1;
536 } // end of if (temp1)
539 TfTimes = (LenInBytes >> 6);
541 for (i=TfTimes; i>0; i--)
543 NdisMoveMemory(pCtx->Input, (UCHAR *)pData, 64);
544 byteReverse((UCHAR *)pCtx->Input, 16);
546 NdisZeroMemory((UCHAR *)pCtx->Input + 64, 16);
547 SHATransform(pCtx->Buf, (UINT32 *)pCtx->Input);
552 // buffering lacks of 64-byte data
554 NdisMoveMemory(pCtx->Input, (UCHAR *)pData, LenInBytes);
560 // Append padding bits and length of original message in the tail
561 // The message digest has to be completed in the end
562 VOID SHAFinal(SHA_CTX *pCtx, UCHAR Digest[20])
569 Remainder = (UCHAR)((pCtx->LenInBitCount[0] >> 3) & 0x3f);
571 pAppend = (UCHAR *)pCtx->Input + Remainder;
573 PadLenInBytes = (Remainder < 56) ? (56-Remainder) : (120-Remainder);
575 // padding bits without crossing block(64-byte based) boundary
581 NdisZeroMemory((UCHAR *)pCtx->Input + Remainder+1, PadLenInBytes);
583 // add data-length field, from high to low
586 pCtx->Input[56+i] = (UCHAR)((pCtx->LenInBitCount[1] >> ((3-i) << 3)) & 0xff);
587 pCtx->Input[60+i] = (UCHAR)((pCtx->LenInBitCount[0] >> ((3-i) << 3)) & 0xff);
590 byteReverse((UCHAR *)pCtx->Input, 16);
591 NdisZeroMemory((UCHAR *)pCtx->Input + 64, 14);
592 SHATransform(pCtx->Buf, (UINT32 *)pCtx->Input);
595 // padding bits with crossing block(64-byte based) boundary
598 // the first block ===
602 NdisZeroMemory((UCHAR *)pCtx->Input + Remainder+1, (64-Remainder-1));
603 PadLenInBytes -= (64 - Remainder - 1);
605 byteReverse((UCHAR *)pCtx->Input, 16);
606 NdisZeroMemory((UCHAR *)pCtx->Input + 64, 16);
607 SHATransform(pCtx->Buf, (UINT32 *)pCtx->Input);
610 // the second block ===
611 NdisZeroMemory((UCHAR *)pCtx->Input, PadLenInBytes);
613 // add data-length field
616 pCtx->Input[56+i] = (UCHAR)((pCtx->LenInBitCount[1] >> ((3-i) << 3)) & 0xff);
617 pCtx->Input[60+i] = (UCHAR)((pCtx->LenInBitCount[0] >> ((3-i) << 3)) & 0xff);
620 byteReverse((UCHAR *)pCtx->Input, 16);
621 NdisZeroMemory((UCHAR *)pCtx->Input + 64, 16);
622 SHATransform(pCtx->Buf, (UINT32 *)pCtx->Input);
626 //Output, bytereverse
629 Digest [i] = (UCHAR)(pCtx->Buf[i>>2] >> 8*(3-(i & 0x3)));
632 NdisZeroMemory(pCtx, sizeof(pCtx)); // memory free
636 // The central algorithm of SHA-1, consists of four rounds and
637 // twenty steps per round
638 VOID SHATransform(UINT32 Buf[5], UINT32 Mes[20])
644 static UINT32 SHA1Table[4] = { 0x5a827999, 0x6ed9eba1,
645 0x8f1bbcdc, 0xca62c1d6 };
653 //the first octet of a word is stored in the 0th element, bytereverse
654 for(i = 0; i < 16; i++)
656 W[i] = (Mes[i] >> 24) & 0xff;
657 W[i] |= (Mes[i] >> 8 ) & 0xff00;
658 W[i] |= (Mes[i] << 8 ) & 0xff0000;
659 W[i] |= (Mes[i] << 24) & 0xff000000;
663 for (i = 0; i < 64; i++)
664 W[16+i] = CYCLIC_LEFT_SHIFT(W[i] ^ W[2+i] ^ W[8+i] ^ W[13+i], 1);
667 // 80 steps in SHA-1 algorithm
671 SHA1Step(SHA1_F1, Reg[0], Reg[1], Reg[2], Reg[3], Reg[4],
674 else if (i>=20 && i<40)
675 SHA1Step(SHA1_F2, Reg[0], Reg[1], Reg[2], Reg[3], Reg[4],
678 else if (i>=40 && i<60)
679 SHA1Step(SHA1_F3, Reg[0], Reg[1], Reg[2], Reg[3], Reg[4],
683 SHA1Step(SHA1_F2, Reg[0], Reg[1], Reg[2], Reg[3], Reg[4],
687 // one-word right shift
705 /* ========================= AES En/Decryption ========================== */
708 static uint32 FSb[256] =
710 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
711 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
712 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
713 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
714 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
715 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
716 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
717 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
718 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
719 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
720 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
721 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
722 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
723 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
724 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
725 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
726 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
727 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
728 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
729 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
730 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
731 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
732 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
733 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
734 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
735 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
736 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
737 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
738 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
739 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
740 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
741 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
747 V(C6,63,63,A5), V(F8,7C,7C,84), V(EE,77,77,99), V(F6,7B,7B,8D), \
748 V(FF,F2,F2,0D), V(D6,6B,6B,BD), V(DE,6F,6F,B1), V(91,C5,C5,54), \
749 V(60,30,30,50), V(02,01,01,03), V(CE,67,67,A9), V(56,2B,2B,7D), \
750 V(E7,FE,FE,19), V(B5,D7,D7,62), V(4D,AB,AB,E6), V(EC,76,76,9A), \
751 V(8F,CA,CA,45), V(1F,82,82,9D), V(89,C9,C9,40), V(FA,7D,7D,87), \
752 V(EF,FA,FA,15), V(B2,59,59,EB), V(8E,47,47,C9), V(FB,F0,F0,0B), \
753 V(41,AD,AD,EC), V(B3,D4,D4,67), V(5F,A2,A2,FD), V(45,AF,AF,EA), \
754 V(23,9C,9C,BF), V(53,A4,A4,F7), V(E4,72,72,96), V(9B,C0,C0,5B), \
755 V(75,B7,B7,C2), V(E1,FD,FD,1C), V(3D,93,93,AE), V(4C,26,26,6A), \
756 V(6C,36,36,5A), V(7E,3F,3F,41), V(F5,F7,F7,02), V(83,CC,CC,4F), \
757 V(68,34,34,5C), V(51,A5,A5,F4), V(D1,E5,E5,34), V(F9,F1,F1,08), \
758 V(E2,71,71,93), V(AB,D8,D8,73), V(62,31,31,53), V(2A,15,15,3F), \
759 V(08,04,04,0C), V(95,C7,C7,52), V(46,23,23,65), V(9D,C3,C3,5E), \
760 V(30,18,18,28), V(37,96,96,A1), V(0A,05,05,0F), V(2F,9A,9A,B5), \
761 V(0E,07,07,09), V(24,12,12,36), V(1B,80,80,9B), V(DF,E2,E2,3D), \
762 V(CD,EB,EB,26), V(4E,27,27,69), V(7F,B2,B2,CD), V(EA,75,75,9F), \
763 V(12,09,09,1B), V(1D,83,83,9E), V(58,2C,2C,74), V(34,1A,1A,2E), \
764 V(36,1B,1B,2D), V(DC,6E,6E,B2), V(B4,5A,5A,EE), V(5B,A0,A0,FB), \
765 V(A4,52,52,F6), V(76,3B,3B,4D), V(B7,D6,D6,61), V(7D,B3,B3,CE), \
766 V(52,29,29,7B), V(DD,E3,E3,3E), V(5E,2F,2F,71), V(13,84,84,97), \
767 V(A6,53,53,F5), V(B9,D1,D1,68), V(00,00,00,00), V(C1,ED,ED,2C), \
768 V(40,20,20,60), V(E3,FC,FC,1F), V(79,B1,B1,C8), V(B6,5B,5B,ED), \
769 V(D4,6A,6A,BE), V(8D,CB,CB,46), V(67,BE,BE,D9), V(72,39,39,4B), \
770 V(94,4A,4A,DE), V(98,4C,4C,D4), V(B0,58,58,E8), V(85,CF,CF,4A), \
771 V(BB,D0,D0,6B), V(C5,EF,EF,2A), V(4F,AA,AA,E5), V(ED,FB,FB,16), \
772 V(86,43,43,C5), V(9A,4D,4D,D7), V(66,33,33,55), V(11,85,85,94), \
773 V(8A,45,45,CF), V(E9,F9,F9,10), V(04,02,02,06), V(FE,7F,7F,81), \
774 V(A0,50,50,F0), V(78,3C,3C,44), V(25,9F,9F,BA), V(4B,A8,A8,E3), \
775 V(A2,51,51,F3), V(5D,A3,A3,FE), V(80,40,40,C0), V(05,8F,8F,8A), \
776 V(3F,92,92,AD), V(21,9D,9D,BC), V(70,38,38,48), V(F1,F5,F5,04), \
777 V(63,BC,BC,DF), V(77,B6,B6,C1), V(AF,DA,DA,75), V(42,21,21,63), \
778 V(20,10,10,30), V(E5,FF,FF,1A), V(FD,F3,F3,0E), V(BF,D2,D2,6D), \
779 V(81,CD,CD,4C), V(18,0C,0C,14), V(26,13,13,35), V(C3,EC,EC,2F), \
780 V(BE,5F,5F,E1), V(35,97,97,A2), V(88,44,44,CC), V(2E,17,17,39), \
781 V(93,C4,C4,57), V(55,A7,A7,F2), V(FC,7E,7E,82), V(7A,3D,3D,47), \
782 V(C8,64,64,AC), V(BA,5D,5D,E7), V(32,19,19,2B), V(E6,73,73,95), \
783 V(C0,60,60,A0), V(19,81,81,98), V(9E,4F,4F,D1), V(A3,DC,DC,7F), \
784 V(44,22,22,66), V(54,2A,2A,7E), V(3B,90,90,AB), V(0B,88,88,83), \
785 V(8C,46,46,CA), V(C7,EE,EE,29), V(6B,B8,B8,D3), V(28,14,14,3C), \
786 V(A7,DE,DE,79), V(BC,5E,5E,E2), V(16,0B,0B,1D), V(AD,DB,DB,76), \
787 V(DB,E0,E0,3B), V(64,32,32,56), V(74,3A,3A,4E), V(14,0A,0A,1E), \
788 V(92,49,49,DB), V(0C,06,06,0A), V(48,24,24,6C), V(B8,5C,5C,E4), \
789 V(9F,C2,C2,5D), V(BD,D3,D3,6E), V(43,AC,AC,EF), V(C4,62,62,A6), \
790 V(39,91,91,A8), V(31,95,95,A4), V(D3,E4,E4,37), V(F2,79,79,8B), \
791 V(D5,E7,E7,32), V(8B,C8,C8,43), V(6E,37,37,59), V(DA,6D,6D,B7), \
792 V(01,8D,8D,8C), V(B1,D5,D5,64), V(9C,4E,4E,D2), V(49,A9,A9,E0), \
793 V(D8,6C,6C,B4), V(AC,56,56,FA), V(F3,F4,F4,07), V(CF,EA,EA,25), \
794 V(CA,65,65,AF), V(F4,7A,7A,8E), V(47,AE,AE,E9), V(10,08,08,18), \
795 V(6F,BA,BA,D5), V(F0,78,78,88), V(4A,25,25,6F), V(5C,2E,2E,72), \
796 V(38,1C,1C,24), V(57,A6,A6,F1), V(73,B4,B4,C7), V(97,C6,C6,51), \
797 V(CB,E8,E8,23), V(A1,DD,DD,7C), V(E8,74,74,9C), V(3E,1F,1F,21), \
798 V(96,4B,4B,DD), V(61,BD,BD,DC), V(0D,8B,8B,86), V(0F,8A,8A,85), \
799 V(E0,70,70,90), V(7C,3E,3E,42), V(71,B5,B5,C4), V(CC,66,66,AA), \
800 V(90,48,48,D8), V(06,03,03,05), V(F7,F6,F6,01), V(1C,0E,0E,12), \
801 V(C2,61,61,A3), V(6A,35,35,5F), V(AE,57,57,F9), V(69,B9,B9,D0), \
802 V(17,86,86,91), V(99,C1,C1,58), V(3A,1D,1D,27), V(27,9E,9E,B9), \
803 V(D9,E1,E1,38), V(EB,F8,F8,13), V(2B,98,98,B3), V(22,11,11,33), \
804 V(D2,69,69,BB), V(A9,D9,D9,70), V(07,8E,8E,89), V(33,94,94,A7), \
805 V(2D,9B,9B,B6), V(3C,1E,1E,22), V(15,87,87,92), V(C9,E9,E9,20), \
806 V(87,CE,CE,49), V(AA,55,55,FF), V(50,28,28,78), V(A5,DF,DF,7A), \
807 V(03,8C,8C,8F), V(59,A1,A1,F8), V(09,89,89,80), V(1A,0D,0D,17), \
808 V(65,BF,BF,DA), V(D7,E6,E6,31), V(84,42,42,C6), V(D0,68,68,B8), \
809 V(82,41,41,C3), V(29,99,99,B0), V(5A,2D,2D,77), V(1E,0F,0F,11), \
810 V(7B,B0,B0,CB), V(A8,54,54,FC), V(6D,BB,BB,D6), V(2C,16,16,3A)
812 #define V(a,b,c,d) 0x##a##b##c##d
813 static uint32 FT0[256] = { FT };
816 #define V(a,b,c,d) 0x##d##a##b##c
817 static uint32 FT1[256] = { FT };
820 #define V(a,b,c,d) 0x##c##d##a##b
821 static uint32 FT2[256] = { FT };
824 #define V(a,b,c,d) 0x##b##c##d##a
825 static uint32 FT3[256] = { FT };
832 static uint32 RSb[256] =
834 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
835 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
836 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
837 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
838 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D,
839 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
840 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2,
841 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
842 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
843 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
844 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA,
845 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
846 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A,
847 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
848 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
849 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
850 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA,
851 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
852 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85,
853 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
854 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
855 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
856 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20,
857 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
858 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31,
859 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
860 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
861 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
862 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0,
863 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
864 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
865 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
872 V(51,F4,A7,50), V(7E,41,65,53), V(1A,17,A4,C3), V(3A,27,5E,96), \
873 V(3B,AB,6B,CB), V(1F,9D,45,F1), V(AC,FA,58,AB), V(4B,E3,03,93), \
874 V(20,30,FA,55), V(AD,76,6D,F6), V(88,CC,76,91), V(F5,02,4C,25), \
875 V(4F,E5,D7,FC), V(C5,2A,CB,D7), V(26,35,44,80), V(B5,62,A3,8F), \
876 V(DE,B1,5A,49), V(25,BA,1B,67), V(45,EA,0E,98), V(5D,FE,C0,E1), \
877 V(C3,2F,75,02), V(81,4C,F0,12), V(8D,46,97,A3), V(6B,D3,F9,C6), \
878 V(03,8F,5F,E7), V(15,92,9C,95), V(BF,6D,7A,EB), V(95,52,59,DA), \
879 V(D4,BE,83,2D), V(58,74,21,D3), V(49,E0,69,29), V(8E,C9,C8,44), \
880 V(75,C2,89,6A), V(F4,8E,79,78), V(99,58,3E,6B), V(27,B9,71,DD), \
881 V(BE,E1,4F,B6), V(F0,88,AD,17), V(C9,20,AC,66), V(7D,CE,3A,B4), \
882 V(63,DF,4A,18), V(E5,1A,31,82), V(97,51,33,60), V(62,53,7F,45), \
883 V(B1,64,77,E0), V(BB,6B,AE,84), V(FE,81,A0,1C), V(F9,08,2B,94), \
884 V(70,48,68,58), V(8F,45,FD,19), V(94,DE,6C,87), V(52,7B,F8,B7), \
885 V(AB,73,D3,23), V(72,4B,02,E2), V(E3,1F,8F,57), V(66,55,AB,2A), \
886 V(B2,EB,28,07), V(2F,B5,C2,03), V(86,C5,7B,9A), V(D3,37,08,A5), \
887 V(30,28,87,F2), V(23,BF,A5,B2), V(02,03,6A,BA), V(ED,16,82,5C), \
888 V(8A,CF,1C,2B), V(A7,79,B4,92), V(F3,07,F2,F0), V(4E,69,E2,A1), \
889 V(65,DA,F4,CD), V(06,05,BE,D5), V(D1,34,62,1F), V(C4,A6,FE,8A), \
890 V(34,2E,53,9D), V(A2,F3,55,A0), V(05,8A,E1,32), V(A4,F6,EB,75), \
891 V(0B,83,EC,39), V(40,60,EF,AA), V(5E,71,9F,06), V(BD,6E,10,51), \
892 V(3E,21,8A,F9), V(96,DD,06,3D), V(DD,3E,05,AE), V(4D,E6,BD,46), \
893 V(91,54,8D,B5), V(71,C4,5D,05), V(04,06,D4,6F), V(60,50,15,FF), \
894 V(19,98,FB,24), V(D6,BD,E9,97), V(89,40,43,CC), V(67,D9,9E,77), \
895 V(B0,E8,42,BD), V(07,89,8B,88), V(E7,19,5B,38), V(79,C8,EE,DB), \
896 V(A1,7C,0A,47), V(7C,42,0F,E9), V(F8,84,1E,C9), V(00,00,00,00), \
897 V(09,80,86,83), V(32,2B,ED,48), V(1E,11,70,AC), V(6C,5A,72,4E), \
898 V(FD,0E,FF,FB), V(0F,85,38,56), V(3D,AE,D5,1E), V(36,2D,39,27), \
899 V(0A,0F,D9,64), V(68,5C,A6,21), V(9B,5B,54,D1), V(24,36,2E,3A), \
900 V(0C,0A,67,B1), V(93,57,E7,0F), V(B4,EE,96,D2), V(1B,9B,91,9E), \
901 V(80,C0,C5,4F), V(61,DC,20,A2), V(5A,77,4B,69), V(1C,12,1A,16), \
902 V(E2,93,BA,0A), V(C0,A0,2A,E5), V(3C,22,E0,43), V(12,1B,17,1D), \
903 V(0E,09,0D,0B), V(F2,8B,C7,AD), V(2D,B6,A8,B9), V(14,1E,A9,C8), \
904 V(57,F1,19,85), V(AF,75,07,4C), V(EE,99,DD,BB), V(A3,7F,60,FD), \
905 V(F7,01,26,9F), V(5C,72,F5,BC), V(44,66,3B,C5), V(5B,FB,7E,34), \
906 V(8B,43,29,76), V(CB,23,C6,DC), V(B6,ED,FC,68), V(B8,E4,F1,63), \
907 V(D7,31,DC,CA), V(42,63,85,10), V(13,97,22,40), V(84,C6,11,20), \
908 V(85,4A,24,7D), V(D2,BB,3D,F8), V(AE,F9,32,11), V(C7,29,A1,6D), \
909 V(1D,9E,2F,4B), V(DC,B2,30,F3), V(0D,86,52,EC), V(77,C1,E3,D0), \
910 V(2B,B3,16,6C), V(A9,70,B9,99), V(11,94,48,FA), V(47,E9,64,22), \
911 V(A8,FC,8C,C4), V(A0,F0,3F,1A), V(56,7D,2C,D8), V(22,33,90,EF), \
912 V(87,49,4E,C7), V(D9,38,D1,C1), V(8C,CA,A2,FE), V(98,D4,0B,36), \
913 V(A6,F5,81,CF), V(A5,7A,DE,28), V(DA,B7,8E,26), V(3F,AD,BF,A4), \
914 V(2C,3A,9D,E4), V(50,78,92,0D), V(6A,5F,CC,9B), V(54,7E,46,62), \
915 V(F6,8D,13,C2), V(90,D8,B8,E8), V(2E,39,F7,5E), V(82,C3,AF,F5), \
916 V(9F,5D,80,BE), V(69,D0,93,7C), V(6F,D5,2D,A9), V(CF,25,12,B3), \
917 V(C8,AC,99,3B), V(10,18,7D,A7), V(E8,9C,63,6E), V(DB,3B,BB,7B), \
918 V(CD,26,78,09), V(6E,59,18,F4), V(EC,9A,B7,01), V(83,4F,9A,A8), \
919 V(E6,95,6E,65), V(AA,FF,E6,7E), V(21,BC,CF,08), V(EF,15,E8,E6), \
920 V(BA,E7,9B,D9), V(4A,6F,36,CE), V(EA,9F,09,D4), V(29,B0,7C,D6), \
921 V(31,A4,B2,AF), V(2A,3F,23,31), V(C6,A5,94,30), V(35,A2,66,C0), \
922 V(74,4E,BC,37), V(FC,82,CA,A6), V(E0,90,D0,B0), V(33,A7,D8,15), \
923 V(F1,04,98,4A), V(41,EC,DA,F7), V(7F,CD,50,0E), V(17,91,F6,2F), \
924 V(76,4D,D6,8D), V(43,EF,B0,4D), V(CC,AA,4D,54), V(E4,96,04,DF), \
925 V(9E,D1,B5,E3), V(4C,6A,88,1B), V(C1,2C,1F,B8), V(46,65,51,7F), \
926 V(9D,5E,EA,04), V(01,8C,35,5D), V(FA,87,74,73), V(FB,0B,41,2E), \
927 V(B3,67,1D,5A), V(92,DB,D2,52), V(E9,10,56,33), V(6D,D6,47,13), \
928 V(9A,D7,61,8C), V(37,A1,0C,7A), V(59,F8,14,8E), V(EB,13,3C,89), \
929 V(CE,A9,27,EE), V(B7,61,C9,35), V(E1,1C,E5,ED), V(7A,47,B1,3C), \
930 V(9C,D2,DF,59), V(55,F2,73,3F), V(18,14,CE,79), V(73,C7,37,BF), \
931 V(53,F7,CD,EA), V(5F,FD,AA,5B), V(DF,3D,6F,14), V(78,44,DB,86), \
932 V(CA,AF,F3,81), V(B9,68,C4,3E), V(38,24,34,2C), V(C2,A3,40,5F), \
933 V(16,1D,C3,72), V(BC,E2,25,0C), V(28,3C,49,8B), V(FF,0D,95,41), \
934 V(39,A8,01,71), V(08,0C,B3,DE), V(D8,B4,E4,9C), V(64,56,C1,90), \
935 V(7B,CB,84,61), V(D5,32,B6,70), V(48,6C,5C,74), V(D0,B8,57,42)
937 #define V(a,b,c,d) 0x##a##b##c##d
938 static uint32 RT0[256] = { RT };
941 #define V(a,b,c,d) 0x##d##a##b##c
942 static uint32 RT1[256] = { RT };
945 #define V(a,b,c,d) 0x##c##d##a##b
946 static uint32 RT2[256] = { RT };
949 #define V(a,b,c,d) 0x##b##c##d##a
950 static uint32 RT3[256] = { RT };
955 /* round constants */
957 static uint32 RCON[10] =
959 0x01000000, 0x02000000, 0x04000000, 0x08000000,
960 0x10000000, 0x20000000, 0x40000000, 0x80000000,
961 0x1B000000, 0x36000000
964 /* key schedule tables */
966 static int KT_init = 1;
968 static uint32 KT0[256];
969 static uint32 KT1[256];
970 static uint32 KT2[256];
971 static uint32 KT3[256];
973 /* platform-independant 32-bit integer manipulation macros */
975 #define GET_UINT32(n,b,i) \
977 (n) = ( (uint32) (b)[(i) ] << 24 ) \
978 | ( (uint32) (b)[(i) + 1] << 16 ) \
979 | ( (uint32) (b)[(i) + 2] << 8 ) \
980 | ( (uint32) (b)[(i) + 3] ); \
983 #define PUT_UINT32(n,b,i) \
985 (b)[(i) ] = (uint8) ( (n) >> 24 ); \
986 (b)[(i) + 1] = (uint8) ( (n) >> 16 ); \
987 (b)[(i) + 2] = (uint8) ( (n) >> 8 ); \
988 (b)[(i) + 3] = (uint8) ( (n) ); \
991 /* AES key scheduling routine */
993 int rtmp_aes_set_key( aes_context *ctx, uint8 *key, int nbits )
1000 case 128: ctx->nr = 10; break;
1001 case 192: ctx->nr = 12; break;
1002 case 256: ctx->nr = 14; break;
1003 default : return( 1 );
1008 for( i = 0; i < (nbits >> 5); i++ )
1010 GET_UINT32( RK[i], key, i * 4 );
1013 /* setup encryption round keys */
1019 for( i = 0; i < 10; i++, RK += 4 )
1021 RK[4] = RK[0] ^ RCON[i] ^
1022 ( FSb[ (uint8) ( RK[3] >> 16 ) ] << 24 ) ^
1023 ( FSb[ (uint8) ( RK[3] >> 8 ) ] << 16 ) ^
1024 ( FSb[ (uint8) ( RK[3] ) ] << 8 ) ^
1025 ( FSb[ (uint8) ( RK[3] >> 24 ) ] );
1027 RK[5] = RK[1] ^ RK[4];
1028 RK[6] = RK[2] ^ RK[5];
1029 RK[7] = RK[3] ^ RK[6];
1035 for( i = 0; i < 8; i++, RK += 6 )
1037 RK[6] = RK[0] ^ RCON[i] ^
1038 ( FSb[ (uint8) ( RK[5] >> 16 ) ] << 24 ) ^
1039 ( FSb[ (uint8) ( RK[5] >> 8 ) ] << 16 ) ^
1040 ( FSb[ (uint8) ( RK[5] ) ] << 8 ) ^
1041 ( FSb[ (uint8) ( RK[5] >> 24 ) ] );
1043 RK[7] = RK[1] ^ RK[6];
1044 RK[8] = RK[2] ^ RK[7];
1045 RK[9] = RK[3] ^ RK[8];
1046 RK[10] = RK[4] ^ RK[9];
1047 RK[11] = RK[5] ^ RK[10];
1053 for( i = 0; i < 7; i++, RK += 8 )
1055 RK[8] = RK[0] ^ RCON[i] ^
1056 ( FSb[ (uint8) ( RK[7] >> 16 ) ] << 24 ) ^
1057 ( FSb[ (uint8) ( RK[7] >> 8 ) ] << 16 ) ^
1058 ( FSb[ (uint8) ( RK[7] ) ] << 8 ) ^
1059 ( FSb[ (uint8) ( RK[7] >> 24 ) ] );
1061 RK[9] = RK[1] ^ RK[8];
1062 RK[10] = RK[2] ^ RK[9];
1063 RK[11] = RK[3] ^ RK[10];
1066 ( FSb[ (uint8) ( RK[11] >> 24 ) ] << 24 ) ^
1067 ( FSb[ (uint8) ( RK[11] >> 16 ) ] << 16 ) ^
1068 ( FSb[ (uint8) ( RK[11] >> 8 ) ] << 8 ) ^
1069 ( FSb[ (uint8) ( RK[11] ) ] );
1071 RK[13] = RK[5] ^ RK[12];
1072 RK[14] = RK[6] ^ RK[13];
1073 RK[15] = RK[7] ^ RK[14];
1078 /* setup decryption round keys */
1082 for( i = 0; i < 256; i++ )
1084 KT0[i] = RT0[ FSb[i] ];
1085 KT1[i] = RT1[ FSb[i] ];
1086 KT2[i] = RT2[ FSb[i] ];
1087 KT3[i] = RT3[ FSb[i] ];
1100 for( i = 1; i < ctx->nr; i++ )
1104 *SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^
1105 KT1[ (uint8) ( *RK >> 16 ) ] ^
1106 KT2[ (uint8) ( *RK >> 8 ) ] ^
1107 KT3[ (uint8) ( *RK ) ]; RK++;
1109 *SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^
1110 KT1[ (uint8) ( *RK >> 16 ) ] ^
1111 KT2[ (uint8) ( *RK >> 8 ) ] ^
1112 KT3[ (uint8) ( *RK ) ]; RK++;
1114 *SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^
1115 KT1[ (uint8) ( *RK >> 16 ) ] ^
1116 KT2[ (uint8) ( *RK >> 8 ) ] ^
1117 KT3[ (uint8) ( *RK ) ]; RK++;
1119 *SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^
1120 KT1[ (uint8) ( *RK >> 16 ) ] ^
1121 KT2[ (uint8) ( *RK >> 8 ) ] ^
1122 KT3[ (uint8) ( *RK ) ]; RK++;
1135 /* AES 128-bit block encryption routine */
1137 void rtmp_aes_encrypt(aes_context *ctx, uint8 input[16], uint8 output[16] )
1139 uint32 *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
1142 GET_UINT32( X0, input, 0 ); X0 ^= RK[0];
1143 GET_UINT32( X1, input, 4 ); X1 ^= RK[1];
1144 GET_UINT32( X2, input, 8 ); X2 ^= RK[2];
1145 GET_UINT32( X3, input, 12 ); X3 ^= RK[3];
1147 #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
1151 X0 = RK[0] ^ FT0[ (uint8) ( Y0 >> 24 ) ] ^ \
1152 FT1[ (uint8) ( Y1 >> 16 ) ] ^ \
1153 FT2[ (uint8) ( Y2 >> 8 ) ] ^ \
1154 FT3[ (uint8) ( Y3 ) ]; \
1156 X1 = RK[1] ^ FT0[ (uint8) ( Y1 >> 24 ) ] ^ \
1157 FT1[ (uint8) ( Y2 >> 16 ) ] ^ \
1158 FT2[ (uint8) ( Y3 >> 8 ) ] ^ \
1159 FT3[ (uint8) ( Y0 ) ]; \
1161 X2 = RK[2] ^ FT0[ (uint8) ( Y2 >> 24 ) ] ^ \
1162 FT1[ (uint8) ( Y3 >> 16 ) ] ^ \
1163 FT2[ (uint8) ( Y0 >> 8 ) ] ^ \
1164 FT3[ (uint8) ( Y1 ) ]; \
1166 X3 = RK[3] ^ FT0[ (uint8) ( Y3 >> 24 ) ] ^ \
1167 FT1[ (uint8) ( Y0 >> 16 ) ] ^ \
1168 FT2[ (uint8) ( Y1 >> 8 ) ] ^ \
1169 FT3[ (uint8) ( Y2 ) ]; \
1172 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 1 */
1173 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 2 */
1174 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 3 */
1175 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 4 */
1176 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 5 */
1177 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 6 */
1178 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 7 */
1179 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 8 */
1180 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 9 */
1184 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 10 */
1185 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 11 */
1190 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 12 */
1191 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 13 */
1198 X0 = RK[0] ^ ( FSb[ (uint8) ( Y0 >> 24 ) ] << 24 ) ^
1199 ( FSb[ (uint8) ( Y1 >> 16 ) ] << 16 ) ^
1200 ( FSb[ (uint8) ( Y2 >> 8 ) ] << 8 ) ^
1201 ( FSb[ (uint8) ( Y3 ) ] );
1203 X1 = RK[1] ^ ( FSb[ (uint8) ( Y1 >> 24 ) ] << 24 ) ^
1204 ( FSb[ (uint8) ( Y2 >> 16 ) ] << 16 ) ^
1205 ( FSb[ (uint8) ( Y3 >> 8 ) ] << 8 ) ^
1206 ( FSb[ (uint8) ( Y0 ) ] );
1208 X2 = RK[2] ^ ( FSb[ (uint8) ( Y2 >> 24 ) ] << 24 ) ^
1209 ( FSb[ (uint8) ( Y3 >> 16 ) ] << 16 ) ^
1210 ( FSb[ (uint8) ( Y0 >> 8 ) ] << 8 ) ^
1211 ( FSb[ (uint8) ( Y1 ) ] );
1213 X3 = RK[3] ^ ( FSb[ (uint8) ( Y3 >> 24 ) ] << 24 ) ^
1214 ( FSb[ (uint8) ( Y0 >> 16 ) ] << 16 ) ^
1215 ( FSb[ (uint8) ( Y1 >> 8 ) ] << 8 ) ^
1216 ( FSb[ (uint8) ( Y2 ) ] );
1218 PUT_UINT32( X0, output, 0 );
1219 PUT_UINT32( X1, output, 4 );
1220 PUT_UINT32( X2, output, 8 );
1221 PUT_UINT32( X3, output, 12 );
1224 /* AES 128-bit block decryption routine */
1226 void rtmp_aes_decrypt( aes_context *ctx, uint8 input[16], uint8 output[16] )
1228 uint32 *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
1232 GET_UINT32( X0, input, 0 ); X0 ^= RK[0];
1233 GET_UINT32( X1, input, 4 ); X1 ^= RK[1];
1234 GET_UINT32( X2, input, 8 ); X2 ^= RK[2];
1235 GET_UINT32( X3, input, 12 ); X3 ^= RK[3];
1237 #define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
1241 X0 = RK[0] ^ RT0[ (uint8) ( Y0 >> 24 ) ] ^ \
1242 RT1[ (uint8) ( Y3 >> 16 ) ] ^ \
1243 RT2[ (uint8) ( Y2 >> 8 ) ] ^ \
1244 RT3[ (uint8) ( Y1 ) ]; \
1246 X1 = RK[1] ^ RT0[ (uint8) ( Y1 >> 24 ) ] ^ \
1247 RT1[ (uint8) ( Y0 >> 16 ) ] ^ \
1248 RT2[ (uint8) ( Y3 >> 8 ) ] ^ \
1249 RT3[ (uint8) ( Y2 ) ]; \
1251 X2 = RK[2] ^ RT0[ (uint8) ( Y2 >> 24 ) ] ^ \
1252 RT1[ (uint8) ( Y1 >> 16 ) ] ^ \
1253 RT2[ (uint8) ( Y0 >> 8 ) ] ^ \
1254 RT3[ (uint8) ( Y3 ) ]; \
1256 X3 = RK[3] ^ RT0[ (uint8) ( Y3 >> 24 ) ] ^ \
1257 RT1[ (uint8) ( Y2 >> 16 ) ] ^ \
1258 RT2[ (uint8) ( Y1 >> 8 ) ] ^ \
1259 RT3[ (uint8) ( Y0 ) ]; \
1262 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 1 */
1263 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 2 */
1264 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 3 */
1265 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 4 */
1266 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 5 */
1267 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 6 */
1268 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 7 */
1269 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 8 */
1270 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 9 */
1274 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 10 */
1275 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 11 */
1280 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 12 */
1281 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 13 */
1288 X0 = RK[0] ^ ( RSb[ (uint8) ( Y0 >> 24 ) ] << 24 ) ^
1289 ( RSb[ (uint8) ( Y3 >> 16 ) ] << 16 ) ^
1290 ( RSb[ (uint8) ( Y2 >> 8 ) ] << 8 ) ^
1291 ( RSb[ (uint8) ( Y1 ) ] );
1293 X1 = RK[1] ^ ( RSb[ (uint8) ( Y1 >> 24 ) ] << 24 ) ^
1294 ( RSb[ (uint8) ( Y0 >> 16 ) ] << 16 ) ^
1295 ( RSb[ (uint8) ( Y3 >> 8 ) ] << 8 ) ^
1296 ( RSb[ (uint8) ( Y2 ) ] );
1298 X2 = RK[2] ^ ( RSb[ (uint8) ( Y2 >> 24 ) ] << 24 ) ^
1299 ( RSb[ (uint8) ( Y1 >> 16 ) ] << 16 ) ^
1300 ( RSb[ (uint8) ( Y0 >> 8 ) ] << 8 ) ^
1301 ( RSb[ (uint8) ( Y3 ) ] );
1303 X3 = RK[3] ^ ( RSb[ (uint8) ( Y3 >> 24 ) ] << 24 ) ^
1304 ( RSb[ (uint8) ( Y2 >> 16 ) ] << 16 ) ^
1305 ( RSb[ (uint8) ( Y1 >> 8 ) ] << 8 ) ^
1306 ( RSb[ (uint8) ( Y0 ) ] );
1308 PUT_UINT32( X0, output, 0 );
1309 PUT_UINT32( X1, output, 4 );
1310 PUT_UINT32( X2, output, 8 );
1311 PUT_UINT32( X3, output, 12 );
1315 ========================================================================
1317 Routine Description:
1326 ========================================================================
1336 UCHAR k_ipad[65]; /* inner padding - key XORd with ipad */
1337 UCHAR k_opad[65]; /* outer padding - key XORd with opad */
1340 // if key is longer than 64 bytes reset it to key=SHA1(key)
1345 SHAUpdate(&tctx, key, key_len);
1346 SHAFinal(&tctx, key);
1349 NdisZeroMemory(k_ipad, sizeof(k_ipad));
1350 NdisZeroMemory(k_opad, sizeof(k_opad));
1351 NdisMoveMemory(k_ipad, key, key_len);
1352 NdisMoveMemory(k_opad, key, key_len);
1354 // XOR key with ipad and opad values
1355 for (i = 0; i < 64; i++)
1361 // perform inner SHA1
1362 SHAInit(&context); /* init context for 1st pass */
1363 SHAUpdate(&context, k_ipad, 64); /* start with inner pad */
1364 SHAUpdate(&context, text, text_len); /* then text of datagram */
1365 SHAFinal(&context, digest); /* finish up 1st pass */
1367 //perform outer SHA1
1368 SHAInit(&context); /* init context for 2nd pass */
1369 SHAUpdate(&context, k_opad, 64); /* start with outer pad */
1370 SHAUpdate(&context, digest, 20); /* then results of 1st hash */
1371 SHAFinal(&context, digest); /* finish up 2nd pass */
1376 * F(P, S, c, i) = U1 xor U2 xor ... Uc
1377 * U1 = PRF(P, S || Int(i))
1382 void F(char *password, unsigned char *ssid, int ssidlength, int iterations, int count, unsigned char *output)
1384 unsigned char digest[36], digest1[SHA_DIGEST_LEN];
1387 /* U1 = PRF(P, S || int(i)) */
1388 memcpy(digest, ssid, ssidlength);
1389 digest[ssidlength] = (unsigned char)((count>>24) & 0xff);
1390 digest[ssidlength+1] = (unsigned char)((count>>16) & 0xff);
1391 digest[ssidlength+2] = (unsigned char)((count>>8) & 0xff);
1392 digest[ssidlength+3] = (unsigned char)(count & 0xff);
1393 HMAC_SHA1(digest, ssidlength+4, (unsigned char*) password, (int) strlen(password), digest1); // for WPA update
1396 memcpy(output, digest1, SHA_DIGEST_LEN);
1398 for (i = 1; i < iterations; i++)
1400 /* Un = PRF(P, Un-1) */
1401 HMAC_SHA1(digest1, SHA_DIGEST_LEN, (unsigned char*) password, (int) strlen(password), digest); // for WPA update
1402 memcpy(digest1, digest, SHA_DIGEST_LEN);
1404 /* output = output xor Un */
1405 for (j = 0; j < SHA_DIGEST_LEN; j++)
1407 output[j] ^= digest[j];
1412 * password - ascii string up to 63 characters in length
1413 * ssid - octet string up to 32 octets
1414 * ssidlength - length of ssid in octets
1415 * output must be 40 octets in length and outputs 256 bits of key
1417 int PasswordHash(char *password, unsigned char *ssid, int ssidlength, unsigned char *output)
1419 if ((strlen(password) > 63) || (ssidlength > 32))
1422 F(password, ssid, ssidlength, 4096, 1, output);
1423 F(password, ssid, ssidlength, 4096, 2, &output[SHA_DIGEST_LEN]);
projects / linux-2.6 / blob