2 *************************************************************************
4 * 5F., No.36, Taiyuan St., Jhubei City,
8 * (c) Copyright 2002-2007, Ralink Technology, Inc.
10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License as published by *
12 * the Free Software Foundation; either version 2 of the License, or *
13 * (at your option) any later version. *
15 * This program is distributed in the hope that it will be useful, *
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
18 * GNU General Public License for more details. *
20 * You should have received a copy of the GNU General Public License *
21 * along with this program; if not, write to the *
22 * Free Software Foundation, Inc., *
23 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 *************************************************************************
34 -------- ---------- ----------------------------------------------
35 Name Date Modification logs
37 Rita 11-23-04 Modify MD5 and SHA-1
38 Rita 10-14-05 Modify SHA-1 in big-endian platform
40 #include "../rt_config.h"
44 * @key: pointer to the key used for MAC generation
45 * @key_len: length of the key in bytes
46 * @data: pointer to the data area for which the MAC is generated
47 * @data_len: length of the data in bytes
48 * @mac: pointer to the buffer holding space for the MAC; the buffer should
49 * have space for 128-bit (16 bytes) MD5 hash value
51 * md5_mac() determines the message authentication code by using secure hash
52 * MD5(key | data | key).
54 void md5_mac(u8 *key, size_t key_len, u8 *data, size_t data_len, u8 *mac)
59 MD5Update(&context, key, key_len);
60 MD5Update(&context, data, data_len);
61 MD5Update(&context, key, key_len);
62 MD5Final(mac, &context);
67 * @key: pointer to the key used for MAC generation
68 * @key_len: length of the key in bytes
69 * @data: pointer to the data area for which the MAC is generated
70 * @data_len: length of the data in bytes
71 * @mac: pointer to the buffer holding space for the MAC; the buffer should
72 * have space for 128-bit (16 bytes) MD5 hash value
74 * hmac_md5() determines the message authentication code using HMAC-MD5.
75 * This implementation is based on the sample code presented in RFC 2104.
77 void hmac_md5(u8 *key, size_t key_len, u8 *data, size_t data_len, u8 *mac)
80 u8 k_ipad[65]; /* inner padding - key XORd with ipad */
81 u8 k_opad[65]; /* outer padding - key XORd with opad */
85 //assert(key != NULL && data != NULL && mac != NULL);
87 /* if key is longer than 64 bytes reset it to key = MD5(key) */
92 MD5Update(&ttcontext, key, key_len);
93 MD5Final(tk, &ttcontext);
94 //key=(PUCHAR)ttcontext.buf;
99 /* the HMAC_MD5 transform looks like:
101 * MD5(K XOR opad, MD5(K XOR ipad, text))
103 * where K is an n byte key
104 * ipad is the byte 0x36 repeated 64 times
105 * opad is the byte 0x5c repeated 64 times
106 * and text is the data being protected */
108 /* start out by storing key in pads */
109 NdisZeroMemory(k_ipad, sizeof(k_ipad));
110 NdisZeroMemory(k_opad, sizeof(k_opad));
111 //assert(key_len < sizeof(k_ipad));
112 NdisMoveMemory(k_ipad, key, key_len);
113 NdisMoveMemory(k_opad, key, key_len);
115 /* XOR key with ipad and opad values */
116 for (i = 0; i < 64; i++) {
121 /* perform inner MD5 */
122 MD5Init(&context); /* init context for 1st pass */
123 MD5Update(&context, k_ipad, 64); /* start with inner pad */
124 MD5Update(&context, data, data_len); /* then text of datagram */
125 MD5Final(mac, &context); /* finish up 1st pass */
127 /* perform outer MD5 */
128 MD5Init(&context); /* init context for 2nd pass */
129 MD5Update(&context, k_opad, 64); /* start with outer pad */
130 MD5Update(&context, mac, 16); /* then results of 1st hash */
131 MD5Final(mac, &context); /* finish up 2nd pass */
134 #define byteReverse(buf, len) /* Nothing */
136 /* ========================== MD5 implementation =========================== */
137 // four base functions for MD5
138 #define MD5_F1(x, y, z) (((x) & (y)) | ((~x) & (z)))
139 #define MD5_F2(x, y, z) (((x) & (z)) | ((y) & (~z)))
140 #define MD5_F3(x, y, z) ((x) ^ (y) ^ (z))
141 #define MD5_F4(x, y, z) ((y) ^ ((x) | (~z)))
142 #define CYCLIC_LEFT_SHIFT(w, s) (((w) << (s)) | ((w) >> (32-(s))))
144 #define MD5Step(f, w, x, y, z, data, t, s) \
145 ( w += f(x, y, z) + data + t, w = (CYCLIC_LEFT_SHIFT(w, s)) & 0xffffffff, w += x )
149 * Function Description:
150 * Initiate MD5 Context satisfied in RFC 1321
153 * pCtx Pointer to MD5 context
158 VOID MD5Init(MD5_CTX *pCtx)
160 pCtx->Buf[0]=0x67452301;
161 pCtx->Buf[1]=0xefcdab89;
162 pCtx->Buf[2]=0x98badcfe;
163 pCtx->Buf[3]=0x10325476;
165 pCtx->LenInBitCount[0]=0;
166 pCtx->LenInBitCount[1]=0;
171 * Function Description:
172 * Update MD5 Context, allow of an arrary of octets as the next portion
176 * pCtx Pointer to MD5 context
177 * pData Pointer to input data
178 * LenInBytes The length of input data (unit: byte)
184 * Called after MD5Init or MD5Update(itself)
186 VOID MD5Update(MD5_CTX *pCtx, UCHAR *pData, UINT32 LenInBytes)
193 temp = pCtx->LenInBitCount[0];
195 pCtx->LenInBitCount[0] = (UINT32) (pCtx->LenInBitCount[0] + (LenInBytes << 3));
197 if (pCtx->LenInBitCount[0] < temp)
198 pCtx->LenInBitCount[1]++; //carry in
200 pCtx->LenInBitCount[1] += LenInBytes >> 29;
203 temp = (temp >> 3) & 0x3f;
205 // process lacks of 64-byte data
208 UCHAR *pAds = (UCHAR *) pCtx->Input + temp;
210 if ((temp+LenInBytes) < 64)
212 NdisMoveMemory(pAds, (UCHAR *)pData, LenInBytes);
216 NdisMoveMemory(pAds, (UCHAR *)pData, 64-temp);
217 byteReverse(pCtx->Input, 16);
218 MD5Transform(pCtx->Buf, (UINT32 *)pCtx->Input);
221 LenInBytes -= 64-temp;
222 } // end of if (temp)
225 TfTimes = (LenInBytes >> 6);
227 for (i=TfTimes; i>0; i--)
229 NdisMoveMemory(pCtx->Input, (UCHAR *)pData, 64);
230 byteReverse(pCtx->Input, 16);
231 MD5Transform(pCtx->Buf, (UINT32 *)pCtx->Input);
236 // buffering lacks of 64-byte data
238 NdisMoveMemory(pCtx->Input, (UCHAR *)pData, LenInBytes);
244 * Function Description:
245 * Append padding bits and length of original message in the tail
246 * The message digest has to be completed in the end
249 * Digest Output of Digest-Message for MD5
250 * pCtx Pointer to MD5 context
256 * Called after MD5Update
258 VOID MD5Final(UCHAR Digest[16], MD5_CTX *pCtx)
265 Remainder = (UCHAR)((pCtx->LenInBitCount[0] >> 3) & 0x3f);
267 PadLenInBytes = (Remainder < 56) ? (56-Remainder) : (120-Remainder);
269 pAppend = (UCHAR *)pCtx->Input + Remainder;
271 // padding bits without crossing block(64-byte based) boundary
277 NdisZeroMemory((UCHAR *)pCtx->Input + Remainder+1, PadLenInBytes);
279 // add data-length field, from low to high
282 pCtx->Input[56+i] = (UCHAR)((pCtx->LenInBitCount[0] >> (i << 3)) & 0xff);
283 pCtx->Input[60+i] = (UCHAR)((pCtx->LenInBitCount[1] >> (i << 3)) & 0xff);
286 byteReverse(pCtx->Input, 16);
287 MD5Transform(pCtx->Buf, (UINT32 *)pCtx->Input);
290 // padding bits with crossing block(64-byte based) boundary
293 // the first block ===
297 NdisZeroMemory((UCHAR *)pCtx->Input + Remainder+1, (64-Remainder-1));
298 PadLenInBytes -= (64 - Remainder - 1);
300 byteReverse(pCtx->Input, 16);
301 MD5Transform(pCtx->Buf, (UINT32 *)pCtx->Input);
304 // the second block ===
305 NdisZeroMemory((UCHAR *)pCtx->Input, PadLenInBytes);
307 // add data-length field
310 pCtx->Input[56+i] = (UCHAR)((pCtx->LenInBitCount[0] >> (i << 3)) & 0xff);
311 pCtx->Input[60+i] = (UCHAR)((pCtx->LenInBitCount[1] >> (i << 3)) & 0xff);
314 byteReverse(pCtx->Input, 16);
315 MD5Transform(pCtx->Buf, (UINT32 *)pCtx->Input);
319 NdisMoveMemory((UCHAR *)Digest, (UINT32 *)pCtx->Buf, 16); // output
320 byteReverse((UCHAR *)Digest, 4);
321 NdisZeroMemory(pCtx, sizeof(pCtx)); // memory free
326 * Function Description:
327 * The central algorithm of MD5, consists of four rounds and sixteen
331 * Buf Buffers of four states (output: 16 bytes)
332 * Mes Input data (input: 64 bytes)
338 * Called by MD5Update or MD5Final
340 VOID MD5Transform(UINT32 Buf[4], UINT32 Mes[16])
345 static UCHAR LShiftVal[16] =
354 // [equal to 4294967296*abs(sin(index))]
355 static UINT32 MD5Table[64] =
357 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee,
358 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
359 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
360 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
362 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
363 0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8,
364 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed,
365 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
367 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
368 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
369 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x04881d05,
370 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
372 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039,
373 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
374 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
375 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391
383 // 64 steps in MD5 algorithm
386 MD5Step(MD5_F1, Reg[0], Reg[1], Reg[2], Reg[3], Mes[i],
387 MD5Table[i], LShiftVal[i & 0x3]);
389 // one-word right shift
396 for (i=16; i<32; i++)
398 MD5Step(MD5_F2, Reg[0], Reg[1], Reg[2], Reg[3], Mes[(5*(i & 0xf)+1) & 0xf],
399 MD5Table[i], LShiftVal[(0x1 << 2)+(i & 0x3)]);
401 // one-word right shift
408 for (i=32; i<48; i++)
410 MD5Step(MD5_F3, Reg[0], Reg[1], Reg[2], Reg[3], Mes[(3*(i & 0xf)+5) & 0xf],
411 MD5Table[i], LShiftVal[(0x1 << 3)+(i & 0x3)]);
413 // one-word right shift
420 for (i=48; i<64; i++)
422 MD5Step(MD5_F4, Reg[0], Reg[1], Reg[2], Reg[3], Mes[(7*(i & 0xf)) & 0xf],
423 MD5Table[i], LShiftVal[(0x3 << 2)+(i & 0x3)]);
425 // one-word right shift
442 /* ========================= SHA-1 implementation ========================== */
443 // four base functions for SHA-1
444 #define SHA1_F1(b, c, d) (((b) & (c)) | ((~b) & (d)))
445 #define SHA1_F2(b, c, d) ((b) ^ (c) ^ (d))
446 #define SHA1_F3(b, c, d) (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
449 #define SHA1Step(f, a, b, c, d, e, w, k) \
450 ( e += ( f(b, c, d) + w + k + CYCLIC_LEFT_SHIFT(a, 5)) & 0xffffffff, \
451 b = CYCLIC_LEFT_SHIFT(b, 30) )
453 //Initiate SHA-1 Context satisfied in RFC 3174
454 VOID SHAInit(SHA_CTX *pCtx)
456 pCtx->Buf[0]=0x67452301;
457 pCtx->Buf[1]=0xefcdab89;
458 pCtx->Buf[2]=0x98badcfe;
459 pCtx->Buf[3]=0x10325476;
460 pCtx->Buf[4]=0xc3d2e1f0;
462 pCtx->LenInBitCount[0]=0;
463 pCtx->LenInBitCount[1]=0;
467 * Function Description:
468 * Update SHA-1 Context, allow of an arrary of octets as the next
469 * portion of the message
472 * pCtx Pointer to SHA-1 context
473 * pData Pointer to input data
474 * LenInBytes The length of input data (unit: byte)
477 * error indicate more than pow(2,64) bits of data
480 * Called after SHAInit or SHAUpdate(itself)
482 UCHAR SHAUpdate(SHA_CTX *pCtx, UCHAR *pData, UINT32 LenInBytes)
489 temp1 = pCtx->LenInBitCount[0];
490 temp2 = pCtx->LenInBitCount[1];
492 pCtx->LenInBitCount[0] = (UINT32) (pCtx->LenInBitCount[0] + (LenInBytes << 3));
493 if (pCtx->LenInBitCount[0] < temp1)
494 pCtx->LenInBitCount[1]++; //carry in
497 pCtx->LenInBitCount[1] = (UINT32) (pCtx->LenInBitCount[1] +(LenInBytes >> 29));
498 if (pCtx->LenInBitCount[1] < temp2)
499 return (err); //check total length of original data
503 temp1 = (temp1 >> 3) & 0x3f;
505 // process lacks of 64-byte data
508 UCHAR *pAds = (UCHAR *) pCtx->Input + temp1;
510 if ((temp1+LenInBytes) < 64)
512 NdisMoveMemory(pAds, (UCHAR *)pData, LenInBytes);
516 NdisMoveMemory(pAds, (UCHAR *)pData, 64-temp1);
517 byteReverse((UCHAR *)pCtx->Input, 16);
519 NdisZeroMemory((UCHAR *)pCtx->Input + 64, 16);
520 SHATransform(pCtx->Buf, (UINT32 *)pCtx->Input);
523 LenInBytes -= 64-temp1;
524 } // end of if (temp1)
527 TfTimes = (LenInBytes >> 6);
529 for (i=TfTimes; i>0; i--)
531 NdisMoveMemory(pCtx->Input, (UCHAR *)pData, 64);
532 byteReverse((UCHAR *)pCtx->Input, 16);
534 NdisZeroMemory((UCHAR *)pCtx->Input + 64, 16);
535 SHATransform(pCtx->Buf, (UINT32 *)pCtx->Input);
540 // buffering lacks of 64-byte data
542 NdisMoveMemory(pCtx->Input, (UCHAR *)pData, LenInBytes);
548 // Append padding bits and length of original message in the tail
549 // The message digest has to be completed in the end
550 VOID SHAFinal(SHA_CTX *pCtx, UCHAR Digest[20])
557 Remainder = (UCHAR)((pCtx->LenInBitCount[0] >> 3) & 0x3f);
559 pAppend = (UCHAR *)pCtx->Input + Remainder;
561 PadLenInBytes = (Remainder < 56) ? (56-Remainder) : (120-Remainder);
563 // padding bits without crossing block(64-byte based) boundary
569 NdisZeroMemory((UCHAR *)pCtx->Input + Remainder+1, PadLenInBytes);
571 // add data-length field, from high to low
574 pCtx->Input[56+i] = (UCHAR)((pCtx->LenInBitCount[1] >> ((3-i) << 3)) & 0xff);
575 pCtx->Input[60+i] = (UCHAR)((pCtx->LenInBitCount[0] >> ((3-i) << 3)) & 0xff);
578 byteReverse((UCHAR *)pCtx->Input, 16);
579 NdisZeroMemory((UCHAR *)pCtx->Input + 64, 14);
580 SHATransform(pCtx->Buf, (UINT32 *)pCtx->Input);
583 // padding bits with crossing block(64-byte based) boundary
586 // the first block ===
590 NdisZeroMemory((UCHAR *)pCtx->Input + Remainder+1, (64-Remainder-1));
591 PadLenInBytes -= (64 - Remainder - 1);
593 byteReverse((UCHAR *)pCtx->Input, 16);
594 NdisZeroMemory((UCHAR *)pCtx->Input + 64, 16);
595 SHATransform(pCtx->Buf, (UINT32 *)pCtx->Input);
598 // the second block ===
599 NdisZeroMemory((UCHAR *)pCtx->Input, PadLenInBytes);
601 // add data-length field
604 pCtx->Input[56+i] = (UCHAR)((pCtx->LenInBitCount[1] >> ((3-i) << 3)) & 0xff);
605 pCtx->Input[60+i] = (UCHAR)((pCtx->LenInBitCount[0] >> ((3-i) << 3)) & 0xff);
608 byteReverse((UCHAR *)pCtx->Input, 16);
609 NdisZeroMemory((UCHAR *)pCtx->Input + 64, 16);
610 SHATransform(pCtx->Buf, (UINT32 *)pCtx->Input);
614 //Output, bytereverse
617 Digest [i] = (UCHAR)(pCtx->Buf[i>>2] >> 8*(3-(i & 0x3)));
620 NdisZeroMemory(pCtx, sizeof(pCtx)); // memory free
624 // The central algorithm of SHA-1, consists of four rounds and
625 // twenty steps per round
626 VOID SHATransform(UINT32 Buf[5], UINT32 Mes[20])
632 static UINT32 SHA1Table[4] = { 0x5a827999, 0x6ed9eba1,
633 0x8f1bbcdc, 0xca62c1d6 };
641 //the first octet of a word is stored in the 0th element, bytereverse
642 for(i = 0; i < 16; i++)
644 W[i] = (Mes[i] >> 24) & 0xff;
645 W[i] |= (Mes[i] >> 8 ) & 0xff00;
646 W[i] |= (Mes[i] << 8 ) & 0xff0000;
647 W[i] |= (Mes[i] << 24) & 0xff000000;
651 for (i = 0; i < 64; i++)
652 W[16+i] = CYCLIC_LEFT_SHIFT(W[i] ^ W[2+i] ^ W[8+i] ^ W[13+i], 1);
655 // 80 steps in SHA-1 algorithm
659 SHA1Step(SHA1_F1, Reg[0], Reg[1], Reg[2], Reg[3], Reg[4],
662 else if (i>=20 && i<40)
663 SHA1Step(SHA1_F2, Reg[0], Reg[1], Reg[2], Reg[3], Reg[4],
666 else if (i>=40 && i<60)
667 SHA1Step(SHA1_F3, Reg[0], Reg[1], Reg[2], Reg[3], Reg[4],
671 SHA1Step(SHA1_F2, Reg[0], Reg[1], Reg[2], Reg[3], Reg[4],
675 // one-word right shift
693 /* ========================= AES En/Decryption ========================== */
696 static uint32 FSb[256] =
698 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
699 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
700 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
701 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
702 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
703 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
704 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
705 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
706 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
707 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
708 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
709 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
710 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
711 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
712 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
713 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
714 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
715 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
716 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
717 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
718 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
719 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
720 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
721 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
722 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
723 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
724 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
725 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
726 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
727 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
728 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
729 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
735 V(C6,63,63,A5), V(F8,7C,7C,84), V(EE,77,77,99), V(F6,7B,7B,8D), \
736 V(FF,F2,F2,0D), V(D6,6B,6B,BD), V(DE,6F,6F,B1), V(91,C5,C5,54), \
737 V(60,30,30,50), V(02,01,01,03), V(CE,67,67,A9), V(56,2B,2B,7D), \
738 V(E7,FE,FE,19), V(B5,D7,D7,62), V(4D,AB,AB,E6), V(EC,76,76,9A), \
739 V(8F,CA,CA,45), V(1F,82,82,9D), V(89,C9,C9,40), V(FA,7D,7D,87), \
740 V(EF,FA,FA,15), V(B2,59,59,EB), V(8E,47,47,C9), V(FB,F0,F0,0B), \
741 V(41,AD,AD,EC), V(B3,D4,D4,67), V(5F,A2,A2,FD), V(45,AF,AF,EA), \
742 V(23,9C,9C,BF), V(53,A4,A4,F7), V(E4,72,72,96), V(9B,C0,C0,5B), \
743 V(75,B7,B7,C2), V(E1,FD,FD,1C), V(3D,93,93,AE), V(4C,26,26,6A), \
744 V(6C,36,36,5A), V(7E,3F,3F,41), V(F5,F7,F7,02), V(83,CC,CC,4F), \
745 V(68,34,34,5C), V(51,A5,A5,F4), V(D1,E5,E5,34), V(F9,F1,F1,08), \
746 V(E2,71,71,93), V(AB,D8,D8,73), V(62,31,31,53), V(2A,15,15,3F), \
747 V(08,04,04,0C), V(95,C7,C7,52), V(46,23,23,65), V(9D,C3,C3,5E), \
748 V(30,18,18,28), V(37,96,96,A1), V(0A,05,05,0F), V(2F,9A,9A,B5), \
749 V(0E,07,07,09), V(24,12,12,36), V(1B,80,80,9B), V(DF,E2,E2,3D), \
750 V(CD,EB,EB,26), V(4E,27,27,69), V(7F,B2,B2,CD), V(EA,75,75,9F), \
751 V(12,09,09,1B), V(1D,83,83,9E), V(58,2C,2C,74), V(34,1A,1A,2E), \
752 V(36,1B,1B,2D), V(DC,6E,6E,B2), V(B4,5A,5A,EE), V(5B,A0,A0,FB), \
753 V(A4,52,52,F6), V(76,3B,3B,4D), V(B7,D6,D6,61), V(7D,B3,B3,CE), \
754 V(52,29,29,7B), V(DD,E3,E3,3E), V(5E,2F,2F,71), V(13,84,84,97), \
755 V(A6,53,53,F5), V(B9,D1,D1,68), V(00,00,00,00), V(C1,ED,ED,2C), \
756 V(40,20,20,60), V(E3,FC,FC,1F), V(79,B1,B1,C8), V(B6,5B,5B,ED), \
757 V(D4,6A,6A,BE), V(8D,CB,CB,46), V(67,BE,BE,D9), V(72,39,39,4B), \
758 V(94,4A,4A,DE), V(98,4C,4C,D4), V(B0,58,58,E8), V(85,CF,CF,4A), \
759 V(BB,D0,D0,6B), V(C5,EF,EF,2A), V(4F,AA,AA,E5), V(ED,FB,FB,16), \
760 V(86,43,43,C5), V(9A,4D,4D,D7), V(66,33,33,55), V(11,85,85,94), \
761 V(8A,45,45,CF), V(E9,F9,F9,10), V(04,02,02,06), V(FE,7F,7F,81), \
762 V(A0,50,50,F0), V(78,3C,3C,44), V(25,9F,9F,BA), V(4B,A8,A8,E3), \
763 V(A2,51,51,F3), V(5D,A3,A3,FE), V(80,40,40,C0), V(05,8F,8F,8A), \
764 V(3F,92,92,AD), V(21,9D,9D,BC), V(70,38,38,48), V(F1,F5,F5,04), \
765 V(63,BC,BC,DF), V(77,B6,B6,C1), V(AF,DA,DA,75), V(42,21,21,63), \
766 V(20,10,10,30), V(E5,FF,FF,1A), V(FD,F3,F3,0E), V(BF,D2,D2,6D), \
767 V(81,CD,CD,4C), V(18,0C,0C,14), V(26,13,13,35), V(C3,EC,EC,2F), \
768 V(BE,5F,5F,E1), V(35,97,97,A2), V(88,44,44,CC), V(2E,17,17,39), \
769 V(93,C4,C4,57), V(55,A7,A7,F2), V(FC,7E,7E,82), V(7A,3D,3D,47), \
770 V(C8,64,64,AC), V(BA,5D,5D,E7), V(32,19,19,2B), V(E6,73,73,95), \
771 V(C0,60,60,A0), V(19,81,81,98), V(9E,4F,4F,D1), V(A3,DC,DC,7F), \
772 V(44,22,22,66), V(54,2A,2A,7E), V(3B,90,90,AB), V(0B,88,88,83), \
773 V(8C,46,46,CA), V(C7,EE,EE,29), V(6B,B8,B8,D3), V(28,14,14,3C), \
774 V(A7,DE,DE,79), V(BC,5E,5E,E2), V(16,0B,0B,1D), V(AD,DB,DB,76), \
775 V(DB,E0,E0,3B), V(64,32,32,56), V(74,3A,3A,4E), V(14,0A,0A,1E), \
776 V(92,49,49,DB), V(0C,06,06,0A), V(48,24,24,6C), V(B8,5C,5C,E4), \
777 V(9F,C2,C2,5D), V(BD,D3,D3,6E), V(43,AC,AC,EF), V(C4,62,62,A6), \
778 V(39,91,91,A8), V(31,95,95,A4), V(D3,E4,E4,37), V(F2,79,79,8B), \
779 V(D5,E7,E7,32), V(8B,C8,C8,43), V(6E,37,37,59), V(DA,6D,6D,B7), \
780 V(01,8D,8D,8C), V(B1,D5,D5,64), V(9C,4E,4E,D2), V(49,A9,A9,E0), \
781 V(D8,6C,6C,B4), V(AC,56,56,FA), V(F3,F4,F4,07), V(CF,EA,EA,25), \
782 V(CA,65,65,AF), V(F4,7A,7A,8E), V(47,AE,AE,E9), V(10,08,08,18), \
783 V(6F,BA,BA,D5), V(F0,78,78,88), V(4A,25,25,6F), V(5C,2E,2E,72), \
784 V(38,1C,1C,24), V(57,A6,A6,F1), V(73,B4,B4,C7), V(97,C6,C6,51), \
785 V(CB,E8,E8,23), V(A1,DD,DD,7C), V(E8,74,74,9C), V(3E,1F,1F,21), \
786 V(96,4B,4B,DD), V(61,BD,BD,DC), V(0D,8B,8B,86), V(0F,8A,8A,85), \
787 V(E0,70,70,90), V(7C,3E,3E,42), V(71,B5,B5,C4), V(CC,66,66,AA), \
788 V(90,48,48,D8), V(06,03,03,05), V(F7,F6,F6,01), V(1C,0E,0E,12), \
789 V(C2,61,61,A3), V(6A,35,35,5F), V(AE,57,57,F9), V(69,B9,B9,D0), \
790 V(17,86,86,91), V(99,C1,C1,58), V(3A,1D,1D,27), V(27,9E,9E,B9), \
791 V(D9,E1,E1,38), V(EB,F8,F8,13), V(2B,98,98,B3), V(22,11,11,33), \
792 V(D2,69,69,BB), V(A9,D9,D9,70), V(07,8E,8E,89), V(33,94,94,A7), \
793 V(2D,9B,9B,B6), V(3C,1E,1E,22), V(15,87,87,92), V(C9,E9,E9,20), \
794 V(87,CE,CE,49), V(AA,55,55,FF), V(50,28,28,78), V(A5,DF,DF,7A), \
795 V(03,8C,8C,8F), V(59,A1,A1,F8), V(09,89,89,80), V(1A,0D,0D,17), \
796 V(65,BF,BF,DA), V(D7,E6,E6,31), V(84,42,42,C6), V(D0,68,68,B8), \
797 V(82,41,41,C3), V(29,99,99,B0), V(5A,2D,2D,77), V(1E,0F,0F,11), \
798 V(7B,B0,B0,CB), V(A8,54,54,FC), V(6D,BB,BB,D6), V(2C,16,16,3A)
800 #define V(a,b,c,d) 0x##a##b##c##d
801 static uint32 FT0[256] = { FT };
804 #define V(a,b,c,d) 0x##d##a##b##c
805 static uint32 FT1[256] = { FT };
808 #define V(a,b,c,d) 0x##c##d##a##b
809 static uint32 FT2[256] = { FT };
812 #define V(a,b,c,d) 0x##b##c##d##a
813 static uint32 FT3[256] = { FT };
820 static uint32 RSb[256] =
822 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
823 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
824 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
825 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
826 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D,
827 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
828 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2,
829 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
830 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
831 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
832 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA,
833 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
834 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A,
835 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
836 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
837 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
838 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA,
839 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
840 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85,
841 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
842 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
843 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
844 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20,
845 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
846 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31,
847 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
848 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
849 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
850 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0,
851 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
852 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
853 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
860 V(51,F4,A7,50), V(7E,41,65,53), V(1A,17,A4,C3), V(3A,27,5E,96), \
861 V(3B,AB,6B,CB), V(1F,9D,45,F1), V(AC,FA,58,AB), V(4B,E3,03,93), \
862 V(20,30,FA,55), V(AD,76,6D,F6), V(88,CC,76,91), V(F5,02,4C,25), \
863 V(4F,E5,D7,FC), V(C5,2A,CB,D7), V(26,35,44,80), V(B5,62,A3,8F), \
864 V(DE,B1,5A,49), V(25,BA,1B,67), V(45,EA,0E,98), V(5D,FE,C0,E1), \
865 V(C3,2F,75,02), V(81,4C,F0,12), V(8D,46,97,A3), V(6B,D3,F9,C6), \
866 V(03,8F,5F,E7), V(15,92,9C,95), V(BF,6D,7A,EB), V(95,52,59,DA), \
867 V(D4,BE,83,2D), V(58,74,21,D3), V(49,E0,69,29), V(8E,C9,C8,44), \
868 V(75,C2,89,6A), V(F4,8E,79,78), V(99,58,3E,6B), V(27,B9,71,DD), \
869 V(BE,E1,4F,B6), V(F0,88,AD,17), V(C9,20,AC,66), V(7D,CE,3A,B4), \
870 V(63,DF,4A,18), V(E5,1A,31,82), V(97,51,33,60), V(62,53,7F,45), \
871 V(B1,64,77,E0), V(BB,6B,AE,84), V(FE,81,A0,1C), V(F9,08,2B,94), \
872 V(70,48,68,58), V(8F,45,FD,19), V(94,DE,6C,87), V(52,7B,F8,B7), \
873 V(AB,73,D3,23), V(72,4B,02,E2), V(E3,1F,8F,57), V(66,55,AB,2A), \
874 V(B2,EB,28,07), V(2F,B5,C2,03), V(86,C5,7B,9A), V(D3,37,08,A5), \
875 V(30,28,87,F2), V(23,BF,A5,B2), V(02,03,6A,BA), V(ED,16,82,5C), \
876 V(8A,CF,1C,2B), V(A7,79,B4,92), V(F3,07,F2,F0), V(4E,69,E2,A1), \
877 V(65,DA,F4,CD), V(06,05,BE,D5), V(D1,34,62,1F), V(C4,A6,FE,8A), \
878 V(34,2E,53,9D), V(A2,F3,55,A0), V(05,8A,E1,32), V(A4,F6,EB,75), \
879 V(0B,83,EC,39), V(40,60,EF,AA), V(5E,71,9F,06), V(BD,6E,10,51), \
880 V(3E,21,8A,F9), V(96,DD,06,3D), V(DD,3E,05,AE), V(4D,E6,BD,46), \
881 V(91,54,8D,B5), V(71,C4,5D,05), V(04,06,D4,6F), V(60,50,15,FF), \
882 V(19,98,FB,24), V(D6,BD,E9,97), V(89,40,43,CC), V(67,D9,9E,77), \
883 V(B0,E8,42,BD), V(07,89,8B,88), V(E7,19,5B,38), V(79,C8,EE,DB), \
884 V(A1,7C,0A,47), V(7C,42,0F,E9), V(F8,84,1E,C9), V(00,00,00,00), \
885 V(09,80,86,83), V(32,2B,ED,48), V(1E,11,70,AC), V(6C,5A,72,4E), \
886 V(FD,0E,FF,FB), V(0F,85,38,56), V(3D,AE,D5,1E), V(36,2D,39,27), \
887 V(0A,0F,D9,64), V(68,5C,A6,21), V(9B,5B,54,D1), V(24,36,2E,3A), \
888 V(0C,0A,67,B1), V(93,57,E7,0F), V(B4,EE,96,D2), V(1B,9B,91,9E), \
889 V(80,C0,C5,4F), V(61,DC,20,A2), V(5A,77,4B,69), V(1C,12,1A,16), \
890 V(E2,93,BA,0A), V(C0,A0,2A,E5), V(3C,22,E0,43), V(12,1B,17,1D), \
891 V(0E,09,0D,0B), V(F2,8B,C7,AD), V(2D,B6,A8,B9), V(14,1E,A9,C8), \
892 V(57,F1,19,85), V(AF,75,07,4C), V(EE,99,DD,BB), V(A3,7F,60,FD), \
893 V(F7,01,26,9F), V(5C,72,F5,BC), V(44,66,3B,C5), V(5B,FB,7E,34), \
894 V(8B,43,29,76), V(CB,23,C6,DC), V(B6,ED,FC,68), V(B8,E4,F1,63), \
895 V(D7,31,DC,CA), V(42,63,85,10), V(13,97,22,40), V(84,C6,11,20), \
896 V(85,4A,24,7D), V(D2,BB,3D,F8), V(AE,F9,32,11), V(C7,29,A1,6D), \
897 V(1D,9E,2F,4B), V(DC,B2,30,F3), V(0D,86,52,EC), V(77,C1,E3,D0), \
898 V(2B,B3,16,6C), V(A9,70,B9,99), V(11,94,48,FA), V(47,E9,64,22), \
899 V(A8,FC,8C,C4), V(A0,F0,3F,1A), V(56,7D,2C,D8), V(22,33,90,EF), \
900 V(87,49,4E,C7), V(D9,38,D1,C1), V(8C,CA,A2,FE), V(98,D4,0B,36), \
901 V(A6,F5,81,CF), V(A5,7A,DE,28), V(DA,B7,8E,26), V(3F,AD,BF,A4), \
902 V(2C,3A,9D,E4), V(50,78,92,0D), V(6A,5F,CC,9B), V(54,7E,46,62), \
903 V(F6,8D,13,C2), V(90,D8,B8,E8), V(2E,39,F7,5E), V(82,C3,AF,F5), \
904 V(9F,5D,80,BE), V(69,D0,93,7C), V(6F,D5,2D,A9), V(CF,25,12,B3), \
905 V(C8,AC,99,3B), V(10,18,7D,A7), V(E8,9C,63,6E), V(DB,3B,BB,7B), \
906 V(CD,26,78,09), V(6E,59,18,F4), V(EC,9A,B7,01), V(83,4F,9A,A8), \
907 V(E6,95,6E,65), V(AA,FF,E6,7E), V(21,BC,CF,08), V(EF,15,E8,E6), \
908 V(BA,E7,9B,D9), V(4A,6F,36,CE), V(EA,9F,09,D4), V(29,B0,7C,D6), \
909 V(31,A4,B2,AF), V(2A,3F,23,31), V(C6,A5,94,30), V(35,A2,66,C0), \
910 V(74,4E,BC,37), V(FC,82,CA,A6), V(E0,90,D0,B0), V(33,A7,D8,15), \
911 V(F1,04,98,4A), V(41,EC,DA,F7), V(7F,CD,50,0E), V(17,91,F6,2F), \
912 V(76,4D,D6,8D), V(43,EF,B0,4D), V(CC,AA,4D,54), V(E4,96,04,DF), \
913 V(9E,D1,B5,E3), V(4C,6A,88,1B), V(C1,2C,1F,B8), V(46,65,51,7F), \
914 V(9D,5E,EA,04), V(01,8C,35,5D), V(FA,87,74,73), V(FB,0B,41,2E), \
915 V(B3,67,1D,5A), V(92,DB,D2,52), V(E9,10,56,33), V(6D,D6,47,13), \
916 V(9A,D7,61,8C), V(37,A1,0C,7A), V(59,F8,14,8E), V(EB,13,3C,89), \
917 V(CE,A9,27,EE), V(B7,61,C9,35), V(E1,1C,E5,ED), V(7A,47,B1,3C), \
918 V(9C,D2,DF,59), V(55,F2,73,3F), V(18,14,CE,79), V(73,C7,37,BF), \
919 V(53,F7,CD,EA), V(5F,FD,AA,5B), V(DF,3D,6F,14), V(78,44,DB,86), \
920 V(CA,AF,F3,81), V(B9,68,C4,3E), V(38,24,34,2C), V(C2,A3,40,5F), \
921 V(16,1D,C3,72), V(BC,E2,25,0C), V(28,3C,49,8B), V(FF,0D,95,41), \
922 V(39,A8,01,71), V(08,0C,B3,DE), V(D8,B4,E4,9C), V(64,56,C1,90), \
923 V(7B,CB,84,61), V(D5,32,B6,70), V(48,6C,5C,74), V(D0,B8,57,42)
925 #define V(a,b,c,d) 0x##a##b##c##d
926 static uint32 RT0[256] = { RT };
929 #define V(a,b,c,d) 0x##d##a##b##c
930 static uint32 RT1[256] = { RT };
933 #define V(a,b,c,d) 0x##c##d##a##b
934 static uint32 RT2[256] = { RT };
937 #define V(a,b,c,d) 0x##b##c##d##a
938 static uint32 RT3[256] = { RT };
943 /* round constants */
945 static uint32 RCON[10] =
947 0x01000000, 0x02000000, 0x04000000, 0x08000000,
948 0x10000000, 0x20000000, 0x40000000, 0x80000000,
949 0x1B000000, 0x36000000
952 /* key schedule tables */
954 static int KT_init = 1;
956 static uint32 KT0[256];
957 static uint32 KT1[256];
958 static uint32 KT2[256];
959 static uint32 KT3[256];
961 /* platform-independant 32-bit integer manipulation macros */
963 #define GET_UINT32(n,b,i) \
965 (n) = ( (uint32) (b)[(i) ] << 24 ) \
966 | ( (uint32) (b)[(i) + 1] << 16 ) \
967 | ( (uint32) (b)[(i) + 2] << 8 ) \
968 | ( (uint32) (b)[(i) + 3] ); \
971 #define PUT_UINT32(n,b,i) \
973 (b)[(i) ] = (uint8) ( (n) >> 24 ); \
974 (b)[(i) + 1] = (uint8) ( (n) >> 16 ); \
975 (b)[(i) + 2] = (uint8) ( (n) >> 8 ); \
976 (b)[(i) + 3] = (uint8) ( (n) ); \
979 /* AES key scheduling routine */
981 int rtmp_aes_set_key( aes_context *ctx, uint8 *key, int nbits )
988 case 128: ctx->nr = 10; break;
989 case 192: ctx->nr = 12; break;
990 case 256: ctx->nr = 14; break;
991 default : return( 1 );
996 for( i = 0; i < (nbits >> 5); i++ )
998 GET_UINT32( RK[i], key, i * 4 );
1001 /* setup encryption round keys */
1007 for( i = 0; i < 10; i++, RK += 4 )
1009 RK[4] = RK[0] ^ RCON[i] ^
1010 ( FSb[ (uint8) ( RK[3] >> 16 ) ] << 24 ) ^
1011 ( FSb[ (uint8) ( RK[3] >> 8 ) ] << 16 ) ^
1012 ( FSb[ (uint8) ( RK[3] ) ] << 8 ) ^
1013 ( FSb[ (uint8) ( RK[3] >> 24 ) ] );
1015 RK[5] = RK[1] ^ RK[4];
1016 RK[6] = RK[2] ^ RK[5];
1017 RK[7] = RK[3] ^ RK[6];
1023 for( i = 0; i < 8; i++, RK += 6 )
1025 RK[6] = RK[0] ^ RCON[i] ^
1026 ( FSb[ (uint8) ( RK[5] >> 16 ) ] << 24 ) ^
1027 ( FSb[ (uint8) ( RK[5] >> 8 ) ] << 16 ) ^
1028 ( FSb[ (uint8) ( RK[5] ) ] << 8 ) ^
1029 ( FSb[ (uint8) ( RK[5] >> 24 ) ] );
1031 RK[7] = RK[1] ^ RK[6];
1032 RK[8] = RK[2] ^ RK[7];
1033 RK[9] = RK[3] ^ RK[8];
1034 RK[10] = RK[4] ^ RK[9];
1035 RK[11] = RK[5] ^ RK[10];
1041 for( i = 0; i < 7; i++, RK += 8 )
1043 RK[8] = RK[0] ^ RCON[i] ^
1044 ( FSb[ (uint8) ( RK[7] >> 16 ) ] << 24 ) ^
1045 ( FSb[ (uint8) ( RK[7] >> 8 ) ] << 16 ) ^
1046 ( FSb[ (uint8) ( RK[7] ) ] << 8 ) ^
1047 ( FSb[ (uint8) ( RK[7] >> 24 ) ] );
1049 RK[9] = RK[1] ^ RK[8];
1050 RK[10] = RK[2] ^ RK[9];
1051 RK[11] = RK[3] ^ RK[10];
1054 ( FSb[ (uint8) ( RK[11] >> 24 ) ] << 24 ) ^
1055 ( FSb[ (uint8) ( RK[11] >> 16 ) ] << 16 ) ^
1056 ( FSb[ (uint8) ( RK[11] >> 8 ) ] << 8 ) ^
1057 ( FSb[ (uint8) ( RK[11] ) ] );
1059 RK[13] = RK[5] ^ RK[12];
1060 RK[14] = RK[6] ^ RK[13];
1061 RK[15] = RK[7] ^ RK[14];
1066 /* setup decryption round keys */
1070 for( i = 0; i < 256; i++ )
1072 KT0[i] = RT0[ FSb[i] ];
1073 KT1[i] = RT1[ FSb[i] ];
1074 KT2[i] = RT2[ FSb[i] ];
1075 KT3[i] = RT3[ FSb[i] ];
1088 for( i = 1; i < ctx->nr; i++ )
1092 *SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^
1093 KT1[ (uint8) ( *RK >> 16 ) ] ^
1094 KT2[ (uint8) ( *RK >> 8 ) ] ^
1095 KT3[ (uint8) ( *RK ) ]; RK++;
1097 *SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^
1098 KT1[ (uint8) ( *RK >> 16 ) ] ^
1099 KT2[ (uint8) ( *RK >> 8 ) ] ^
1100 KT3[ (uint8) ( *RK ) ]; RK++;
1102 *SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^
1103 KT1[ (uint8) ( *RK >> 16 ) ] ^
1104 KT2[ (uint8) ( *RK >> 8 ) ] ^
1105 KT3[ (uint8) ( *RK ) ]; RK++;
1107 *SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^
1108 KT1[ (uint8) ( *RK >> 16 ) ] ^
1109 KT2[ (uint8) ( *RK >> 8 ) ] ^
1110 KT3[ (uint8) ( *RK ) ]; RK++;
1123 /* AES 128-bit block encryption routine */
1125 void rtmp_aes_encrypt(aes_context *ctx, uint8 input[16], uint8 output[16] )
1127 uint32 *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
1130 GET_UINT32( X0, input, 0 ); X0 ^= RK[0];
1131 GET_UINT32( X1, input, 4 ); X1 ^= RK[1];
1132 GET_UINT32( X2, input, 8 ); X2 ^= RK[2];
1133 GET_UINT32( X3, input, 12 ); X3 ^= RK[3];
1135 #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
1139 X0 = RK[0] ^ FT0[ (uint8) ( Y0 >> 24 ) ] ^ \
1140 FT1[ (uint8) ( Y1 >> 16 ) ] ^ \
1141 FT2[ (uint8) ( Y2 >> 8 ) ] ^ \
1142 FT3[ (uint8) ( Y3 ) ]; \
1144 X1 = RK[1] ^ FT0[ (uint8) ( Y1 >> 24 ) ] ^ \
1145 FT1[ (uint8) ( Y2 >> 16 ) ] ^ \
1146 FT2[ (uint8) ( Y3 >> 8 ) ] ^ \
1147 FT3[ (uint8) ( Y0 ) ]; \
1149 X2 = RK[2] ^ FT0[ (uint8) ( Y2 >> 24 ) ] ^ \
1150 FT1[ (uint8) ( Y3 >> 16 ) ] ^ \
1151 FT2[ (uint8) ( Y0 >> 8 ) ] ^ \
1152 FT3[ (uint8) ( Y1 ) ]; \
1154 X3 = RK[3] ^ FT0[ (uint8) ( Y3 >> 24 ) ] ^ \
1155 FT1[ (uint8) ( Y0 >> 16 ) ] ^ \
1156 FT2[ (uint8) ( Y1 >> 8 ) ] ^ \
1157 FT3[ (uint8) ( Y2 ) ]; \
1160 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 1 */
1161 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 2 */
1162 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 3 */
1163 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 4 */
1164 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 5 */
1165 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 6 */
1166 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 7 */
1167 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 8 */
1168 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 9 */
1172 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 10 */
1173 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 11 */
1178 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 12 */
1179 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 13 */
1186 X0 = RK[0] ^ ( FSb[ (uint8) ( Y0 >> 24 ) ] << 24 ) ^
1187 ( FSb[ (uint8) ( Y1 >> 16 ) ] << 16 ) ^
1188 ( FSb[ (uint8) ( Y2 >> 8 ) ] << 8 ) ^
1189 ( FSb[ (uint8) ( Y3 ) ] );
1191 X1 = RK[1] ^ ( FSb[ (uint8) ( Y1 >> 24 ) ] << 24 ) ^
1192 ( FSb[ (uint8) ( Y2 >> 16 ) ] << 16 ) ^
1193 ( FSb[ (uint8) ( Y3 >> 8 ) ] << 8 ) ^
1194 ( FSb[ (uint8) ( Y0 ) ] );
1196 X2 = RK[2] ^ ( FSb[ (uint8) ( Y2 >> 24 ) ] << 24 ) ^
1197 ( FSb[ (uint8) ( Y3 >> 16 ) ] << 16 ) ^
1198 ( FSb[ (uint8) ( Y0 >> 8 ) ] << 8 ) ^
1199 ( FSb[ (uint8) ( Y1 ) ] );
1201 X3 = RK[3] ^ ( FSb[ (uint8) ( Y3 >> 24 ) ] << 24 ) ^
1202 ( FSb[ (uint8) ( Y0 >> 16 ) ] << 16 ) ^
1203 ( FSb[ (uint8) ( Y1 >> 8 ) ] << 8 ) ^
1204 ( FSb[ (uint8) ( Y2 ) ] );
1206 PUT_UINT32( X0, output, 0 );
1207 PUT_UINT32( X1, output, 4 );
1208 PUT_UINT32( X2, output, 8 );
1209 PUT_UINT32( X3, output, 12 );
1212 /* AES 128-bit block decryption routine */
1214 void rtmp_aes_decrypt( aes_context *ctx, uint8 input[16], uint8 output[16] )
1216 uint32 *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
1220 GET_UINT32( X0, input, 0 ); X0 ^= RK[0];
1221 GET_UINT32( X1, input, 4 ); X1 ^= RK[1];
1222 GET_UINT32( X2, input, 8 ); X2 ^= RK[2];
1223 GET_UINT32( X3, input, 12 ); X3 ^= RK[3];
1225 #define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
1229 X0 = RK[0] ^ RT0[ (uint8) ( Y0 >> 24 ) ] ^ \
1230 RT1[ (uint8) ( Y3 >> 16 ) ] ^ \
1231 RT2[ (uint8) ( Y2 >> 8 ) ] ^ \
1232 RT3[ (uint8) ( Y1 ) ]; \
1234 X1 = RK[1] ^ RT0[ (uint8) ( Y1 >> 24 ) ] ^ \
1235 RT1[ (uint8) ( Y0 >> 16 ) ] ^ \
1236 RT2[ (uint8) ( Y3 >> 8 ) ] ^ \
1237 RT3[ (uint8) ( Y2 ) ]; \
1239 X2 = RK[2] ^ RT0[ (uint8) ( Y2 >> 24 ) ] ^ \
1240 RT1[ (uint8) ( Y1 >> 16 ) ] ^ \
1241 RT2[ (uint8) ( Y0 >> 8 ) ] ^ \
1242 RT3[ (uint8) ( Y3 ) ]; \
1244 X3 = RK[3] ^ RT0[ (uint8) ( Y3 >> 24 ) ] ^ \
1245 RT1[ (uint8) ( Y2 >> 16 ) ] ^ \
1246 RT2[ (uint8) ( Y1 >> 8 ) ] ^ \
1247 RT3[ (uint8) ( Y0 ) ]; \
1250 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 1 */
1251 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 2 */
1252 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 3 */
1253 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 4 */
1254 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 5 */
1255 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 6 */
1256 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 7 */
1257 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 8 */
1258 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 9 */
1262 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 10 */
1263 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 11 */
1268 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 12 */
1269 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 13 */
1276 X0 = RK[0] ^ ( RSb[ (uint8) ( Y0 >> 24 ) ] << 24 ) ^
1277 ( RSb[ (uint8) ( Y3 >> 16 ) ] << 16 ) ^
1278 ( RSb[ (uint8) ( Y2 >> 8 ) ] << 8 ) ^
1279 ( RSb[ (uint8) ( Y1 ) ] );
1281 X1 = RK[1] ^ ( RSb[ (uint8) ( Y1 >> 24 ) ] << 24 ) ^
1282 ( RSb[ (uint8) ( Y0 >> 16 ) ] << 16 ) ^
1283 ( RSb[ (uint8) ( Y3 >> 8 ) ] << 8 ) ^
1284 ( RSb[ (uint8) ( Y2 ) ] );
1286 X2 = RK[2] ^ ( RSb[ (uint8) ( Y2 >> 24 ) ] << 24 ) ^
1287 ( RSb[ (uint8) ( Y1 >> 16 ) ] << 16 ) ^
1288 ( RSb[ (uint8) ( Y0 >> 8 ) ] << 8 ) ^
1289 ( RSb[ (uint8) ( Y3 ) ] );
1291 X3 = RK[3] ^ ( RSb[ (uint8) ( Y3 >> 24 ) ] << 24 ) ^
1292 ( RSb[ (uint8) ( Y2 >> 16 ) ] << 16 ) ^
1293 ( RSb[ (uint8) ( Y1 >> 8 ) ] << 8 ) ^
1294 ( RSb[ (uint8) ( Y0 ) ] );
1296 PUT_UINT32( X0, output, 0 );
1297 PUT_UINT32( X1, output, 4 );
1298 PUT_UINT32( X2, output, 8 );
1299 PUT_UINT32( X3, output, 12 );
1303 ========================================================================
1305 Routine Description:
1314 ========================================================================
1324 UCHAR k_ipad[65]; /* inner padding - key XORd with ipad */
1325 UCHAR k_opad[65]; /* outer padding - key XORd with opad */
1328 // if key is longer than 64 bytes reset it to key=SHA1(key)
1333 SHAUpdate(&tctx, key, key_len);
1334 SHAFinal(&tctx, key);
1337 NdisZeroMemory(k_ipad, sizeof(k_ipad));
1338 NdisZeroMemory(k_opad, sizeof(k_opad));
1339 NdisMoveMemory(k_ipad, key, key_len);
1340 NdisMoveMemory(k_opad, key, key_len);
1342 // XOR key with ipad and opad values
1343 for (i = 0; i < 64; i++)
1349 // perform inner SHA1
1350 SHAInit(&context); /* init context for 1st pass */
1351 SHAUpdate(&context, k_ipad, 64); /* start with inner pad */
1352 SHAUpdate(&context, text, text_len); /* then text of datagram */
1353 SHAFinal(&context, digest); /* finish up 1st pass */
1355 //perform outer SHA1
1356 SHAInit(&context); /* init context for 2nd pass */
1357 SHAUpdate(&context, k_opad, 64); /* start with outer pad */
1358 SHAUpdate(&context, digest, 20); /* then results of 1st hash */
1359 SHAFinal(&context, digest); /* finish up 2nd pass */
1364 * F(P, S, c, i) = U1 xor U2 xor ... Uc
1365 * U1 = PRF(P, S || Int(i))
1370 void F(char *password, unsigned char *ssid, int ssidlength, int iterations, int count, unsigned char *output)
1372 unsigned char digest[36], digest1[SHA_DIGEST_LEN];
1375 /* U1 = PRF(P, S || int(i)) */
1376 memcpy(digest, ssid, ssidlength);
1377 digest[ssidlength] = (unsigned char)((count>>24) & 0xff);
1378 digest[ssidlength+1] = (unsigned char)((count>>16) & 0xff);
1379 digest[ssidlength+2] = (unsigned char)((count>>8) & 0xff);
1380 digest[ssidlength+3] = (unsigned char)(count & 0xff);
1381 HMAC_SHA1(digest, ssidlength+4, (unsigned char*) password, (int) strlen(password), digest1); // for WPA update
1384 memcpy(output, digest1, SHA_DIGEST_LEN);
1386 for (i = 1; i < iterations; i++)
1388 /* Un = PRF(P, Un-1) */
1389 HMAC_SHA1(digest1, SHA_DIGEST_LEN, (unsigned char*) password, (int) strlen(password), digest); // for WPA update
1390 memcpy(digest1, digest, SHA_DIGEST_LEN);
1392 /* output = output xor Un */
1393 for (j = 0; j < SHA_DIGEST_LEN; j++)
1395 output[j] ^= digest[j];
1400 * password - ascii string up to 63 characters in length
1401 * ssid - octet string up to 32 octets
1402 * ssidlength - length of ssid in octets
1403 * output must be 40 octets in length and outputs 256 bits of key
1405 int PasswordHash(char *password, unsigned char *ssid, int ssidlength, unsigned char *output)
1407 if ((strlen(password) > 63) || (ssidlength > 32))
1410 F(password, ssid, ssidlength, 4096, 1, output);
1411 F(password, ssid, ssidlength, 4096, 2, &output[SHA_DIGEST_LEN]);
projects / linux-2.6 / blob