1 /*
2 *************************************************************************
3 * Ralink Tech Inc.
4 * 5F., No.36, Taiyuan St., Jhubei City,
5 * Hsinchu County 302,
6 * Taiwan, R.O.C.
7 *
8 * (c) Copyright 2002-2007, Ralink Technology, Inc.
9 *
10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License as published by *
12 * the Free Software Foundation; either version 2 of the License, or *
13 * (at your option) any later version. *
14 * *
15 * This program is distributed in the hope that it will be useful, *
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
18 * GNU General Public License for more details. *
19 * *
20 * You should have received a copy of the GNU General Public License *
21 * along with this program; if not, write to the *
22 * Free Software Foundation, Inc., *
23 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
24 * *
25 *************************************************************************
26
27 Module Name:
28 md5.c
29
30 Abstract:
31
32 Revision History:
33 Who When What
34 -------- ---------- ----------------------------------------------
35 Name Date Modification logs
36 jan 10-28-03 Initial
37 Rita 11-23-04 Modify MD5 and SHA-1
38 Rita 10-14-05 Modify SHA-1 in big-endian platform
39 */
40 #include "../rt_config.h"
41
42 /**
43 * md5_mac:
44 * @key: pointer to the key used for MAC generation
45 * @key_len: length of the key in bytes
46 * @data: pointer to the data area for which the MAC is generated
47 * @data_len: length of the data in bytes
48 * @mac: pointer to the buffer holding space for the MAC; the buffer should
49 * have space for 128-bit (16 bytes) MD5 hash value
50 *
51 * md5_mac() determines the message authentication code by using secure hash
52 * MD5(key | data | key).
53 */
md5_mac(u8 * key,size_t key_len,u8 * data,size_t data_len,u8 * mac)54 void md5_mac(u8 *key, size_t key_len, u8 *data, size_t data_len, u8 *mac)
55 {
56 MD5_CTX context;
57
58 MD5Init(&context);
59 MD5Update(&context, key, key_len);
60 MD5Update(&context, data, data_len);
61 MD5Update(&context, key, key_len);
62 MD5Final(mac, &context);
63 }
64
65 /**
66 * hmac_md5:
67 * @key: pointer to the key used for MAC generation
68 * @key_len: length of the key in bytes
69 * @data: pointer to the data area for which the MAC is generated
70 * @data_len: length of the data in bytes
71 * @mac: pointer to the buffer holding space for the MAC; the buffer should
72 * have space for 128-bit (16 bytes) MD5 hash value
73 *
74 * hmac_md5() determines the message authentication code using HMAC-MD5.
75 * This implementation is based on the sample code presented in RFC 2104.
76 */
hmac_md5(u8 * key,size_t key_len,u8 * data,size_t data_len,u8 * mac)77 void hmac_md5(u8 *key, size_t key_len, u8 *data, size_t data_len, u8 *mac)
78 {
79 MD5_CTX context;
80 u8 k_ipad[65]; /* inner padding - key XORd with ipad */
81 u8 k_opad[65]; /* outer padding - key XORd with opad */
82 u8 tk[16];
83 int i;
84
85 //assert(key != NULL && data != NULL && mac != NULL);
86
87 /* if key is longer than 64 bytes reset it to key = MD5(key) */
88 if (key_len > 64) {
89 MD5_CTX ttcontext;
90
91 MD5Init(&ttcontext);
92 MD5Update(&ttcontext, key, key_len);
93 MD5Final(tk, &ttcontext);
94 //key=(PUCHAR)ttcontext.buf;
95 key = tk;
96 key_len = 16;
97 }
98
99 /* the HMAC_MD5 transform looks like:
100 *
101 * MD5(K XOR opad, MD5(K XOR ipad, text))
102 *
103 * where K is an n byte key
104 * ipad is the byte 0x36 repeated 64 times
105 * opad is the byte 0x5c repeated 64 times
106 * and text is the data being protected */
107
108 /* start out by storing key in pads */
109 NdisZeroMemory(k_ipad, sizeof(k_ipad));
110 NdisZeroMemory(k_opad, sizeof(k_opad));
111 //assert(key_len < sizeof(k_ipad));
112 NdisMoveMemory(k_ipad, key, key_len);
113 NdisMoveMemory(k_opad, key, key_len);
114
115 /* XOR key with ipad and opad values */
116 for (i = 0; i < 64; i++) {
117 k_ipad[i] ^= 0x36;
118 k_opad[i] ^= 0x5c;
119 }
120
121 /* perform inner MD5 */
122 MD5Init(&context); /* init context for 1st pass */
123 MD5Update(&context, k_ipad, 64); /* start with inner pad */
124 MD5Update(&context, data, data_len); /* then text of datagram */
125 MD5Final(mac, &context); /* finish up 1st pass */
126
127 /* perform outer MD5 */
128 MD5Init(&context); /* init context for 2nd pass */
129 MD5Update(&context, k_opad, 64); /* start with outer pad */
130 MD5Update(&context, mac, 16); /* then results of 1st hash */
131 MD5Final(mac, &context); /* finish up 2nd pass */
132 }
133
134 #ifndef RT_BIG_ENDIAN
135 #define byteReverse(buf, len) /* Nothing */
136 #else
137 void byteReverse(unsigned char *buf, unsigned longs);
byteReverse(unsigned char * buf,unsigned longs)138 void byteReverse(unsigned char *buf, unsigned longs)
139 {
140 do {
141 *(UINT32 *)buf = SWAP32(*(UINT32 *)buf);
142 buf += 4;
143 } while (--longs);
144 }
145 #endif
146
147
148 /* ========================== MD5 implementation =========================== */
149 // four base functions for MD5
150 #define MD5_F1(x, y, z) (((x) & (y)) | ((~x) & (z)))
151 #define MD5_F2(x, y, z) (((x) & (z)) | ((y) & (~z)))
152 #define MD5_F3(x, y, z) ((x) ^ (y) ^ (z))
153 #define MD5_F4(x, y, z) ((y) ^ ((x) | (~z)))
154 #define CYCLIC_LEFT_SHIFT(w, s) (((w) << (s)) | ((w) >> (32-(s))))
155
156 #define MD5Step(f, w, x, y, z, data, t, s) \
157 ( w += f(x, y, z) + data + t, w = (CYCLIC_LEFT_SHIFT(w, s)) & 0xffffffff, w += x )
158
159
160 /*
161 * Function Description:
162 * Initiate MD5 Context satisfied in RFC 1321
163 *
164 * Arguments:
165 * pCtx Pointer to MD5 context
166 *
167 * Return Value:
168 * None
169 */
MD5Init(MD5_CTX * pCtx)170 VOID MD5Init(MD5_CTX *pCtx)
171 {
172 pCtx->Buf[0]=0x67452301;
173 pCtx->Buf[1]=0xefcdab89;
174 pCtx->Buf[2]=0x98badcfe;
175 pCtx->Buf[3]=0x10325476;
176
177 pCtx->LenInBitCount[0]=0;
178 pCtx->LenInBitCount[1]=0;
179 }
180
181
182 /*
183 * Function Description:
184 * Update MD5 Context, allow of an arrary of octets as the next portion
185 * of the message
186 *
187 * Arguments:
188 * pCtx Pointer to MD5 context
189 * pData Pointer to input data
190 * LenInBytes The length of input data (unit: byte)
191 *
192 * Return Value:
193 * None
194 *
195 * Note:
196 * Called after MD5Init or MD5Update(itself)
197 */
MD5Update(MD5_CTX * pCtx,UCHAR * pData,UINT32 LenInBytes)198 VOID MD5Update(MD5_CTX *pCtx, UCHAR *pData, UINT32 LenInBytes)
199 {
200
201 UINT32 TfTimes;
202 UINT32 temp;
203 unsigned int i;
204
205 temp = pCtx->LenInBitCount[0];
206
207 pCtx->LenInBitCount[0] = (UINT32) (pCtx->LenInBitCount[0] + (LenInBytes << 3));
208
209 if (pCtx->LenInBitCount[0] < temp)
210 pCtx->LenInBitCount[1]++; //carry in
211
212 pCtx->LenInBitCount[1] += LenInBytes >> 29;
213
214 // mod 64 bytes
215 temp = (temp >> 3) & 0x3f;
216
217 // process lacks of 64-byte data
218 if (temp)
219 {
220 UCHAR *pAds = (UCHAR *) pCtx->Input + temp;
221
222 if ((temp+LenInBytes) < 64)
223 {
224 NdisMoveMemory(pAds, (UCHAR *)pData, LenInBytes);
225 return;
226 }
227
228 NdisMoveMemory(pAds, (UCHAR *)pData, 64-temp);
229 byteReverse(pCtx->Input, 16);
230 MD5Transform(pCtx->Buf, (UINT32 *)pCtx->Input);
231
232 pData += 64-temp;
233 LenInBytes -= 64-temp;
234 } // end of if (temp)
235
236
237 TfTimes = (LenInBytes >> 6);
238
239 for (i=TfTimes; i>0; i--)
240 {
241 NdisMoveMemory(pCtx->Input, (UCHAR *)pData, 64);
242 byteReverse(pCtx->Input, 16);
243 MD5Transform(pCtx->Buf, (UINT32 *)pCtx->Input);
244 pData += 64;
245 LenInBytes -= 64;
246 } // end of for
247
248 // buffering lacks of 64-byte data
249 if(LenInBytes)
250 NdisMoveMemory(pCtx->Input, (UCHAR *)pData, LenInBytes);
251
252 }
253
254
255 /*
256 * Function Description:
257 * Append padding bits and length of original message in the tail
258 * The message digest has to be completed in the end
259 *
260 * Arguments:
261 * Digest Output of Digest-Message for MD5
262 * pCtx Pointer to MD5 context
263 *
264 * Return Value:
265 * None
266 *
267 * Note:
268 * Called after MD5Update
269 */
MD5Final(UCHAR Digest[16],MD5_CTX * pCtx)270 VOID MD5Final(UCHAR Digest[16], MD5_CTX *pCtx)
271 {
272 UCHAR Remainder;
273 UCHAR PadLenInBytes;
274 UCHAR *pAppend=0;
275 unsigned int i;
276
277 Remainder = (UCHAR)((pCtx->LenInBitCount[0] >> 3) & 0x3f);
278
279 PadLenInBytes = (Remainder < 56) ? (56-Remainder) : (120-Remainder);
280
281 pAppend = (UCHAR *)pCtx->Input + Remainder;
282
283 // padding bits without crossing block(64-byte based) boundary
284 if (Remainder < 56)
285 {
286 *pAppend = 0x80;
287 PadLenInBytes --;
288
289 NdisZeroMemory((UCHAR *)pCtx->Input + Remainder+1, PadLenInBytes);
290
291 // add data-length field, from low to high
292 for (i=0; i<4; i++)
293 {
294 pCtx->Input[56+i] = (UCHAR)((pCtx->LenInBitCount[0] >> (i << 3)) & 0xff);
295 pCtx->Input[60+i] = (UCHAR)((pCtx->LenInBitCount[1] >> (i << 3)) & 0xff);
296 }
297
298 byteReverse(pCtx->Input, 16);
299 MD5Transform(pCtx->Buf, (UINT32 *)pCtx->Input);
300 } // end of if
301
302 // padding bits with crossing block(64-byte based) boundary
303 else
304 {
305 // the first block ===
306 *pAppend = 0x80;
307 PadLenInBytes --;
308
309 NdisZeroMemory((UCHAR *)pCtx->Input + Remainder+1, (64-Remainder-1));
310 PadLenInBytes -= (64 - Remainder - 1);
311
312 byteReverse(pCtx->Input, 16);
313 MD5Transform(pCtx->Buf, (UINT32 *)pCtx->Input);
314
315
316 // the second block ===
317 NdisZeroMemory((UCHAR *)pCtx->Input, PadLenInBytes);
318
319 // add data-length field
320 for (i=0; i<4; i++)
321 {
322 pCtx->Input[56+i] = (UCHAR)((pCtx->LenInBitCount[0] >> (i << 3)) & 0xff);
323 pCtx->Input[60+i] = (UCHAR)((pCtx->LenInBitCount[1] >> (i << 3)) & 0xff);
324 }
325
326 byteReverse(pCtx->Input, 16);
327 MD5Transform(pCtx->Buf, (UINT32 *)pCtx->Input);
328 } // end of else
329
330
331 NdisMoveMemory((UCHAR *)Digest, (UINT32 *)pCtx->Buf, 16); // output
332 byteReverse((UCHAR *)Digest, 4);
333 NdisZeroMemory(pCtx, sizeof(pCtx)); // memory free
334 }
335
336
337 /*
338 * Function Description:
339 * The central algorithm of MD5, consists of four rounds and sixteen
340 * steps per round
341 *
342 * Arguments:
343 * Buf Buffers of four states (output: 16 bytes)
344 * Mes Input data (input: 64 bytes)
345 *
346 * Return Value:
347 * None
348 *
349 * Note:
350 * Called by MD5Update or MD5Final
351 */
MD5Transform(UINT32 Buf[4],UINT32 Mes[16])352 VOID MD5Transform(UINT32 Buf[4], UINT32 Mes[16])
353 {
354 UINT32 Reg[4], Temp;
355 unsigned int i;
356
357 static UCHAR LShiftVal[16] =
358 {
359 7, 12, 17, 22,
360 5, 9 , 14, 20,
361 4, 11, 16, 23,
362 6, 10, 15, 21,
363 };
364
365
366 // [equal to 4294967296*abs(sin(index))]
367 static UINT32 MD5Table[64] =
368 {
369 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee,
370 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
371 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
372 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
373
374 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
375 0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8,
376 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed,
377 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
378
379 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
380 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
381 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x04881d05,
382 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
383
384 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039,
385 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
386 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
387 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391
388 };
389
390
391 for (i=0; i<4; i++)
392 Reg[i]=Buf[i];
393
394
395 // 64 steps in MD5 algorithm
396 for (i=0; i<16; i++)
397 {
398 MD5Step(MD5_F1, Reg[0], Reg[1], Reg[2], Reg[3], Mes[i],
399 MD5Table[i], LShiftVal[i & 0x3]);
400
401 // one-word right shift
402 Temp = Reg[3];
403 Reg[3] = Reg[2];
404 Reg[2] = Reg[1];
405 Reg[1] = Reg[0];
406 Reg[0] = Temp;
407 }
408 for (i=16; i<32; i++)
409 {
410 MD5Step(MD5_F2, Reg[0], Reg[1], Reg[2], Reg[3], Mes[(5*(i & 0xf)+1) & 0xf],
411 MD5Table[i], LShiftVal[(0x1 << 2)+(i & 0x3)]);
412
413 // one-word right shift
414 Temp = Reg[3];
415 Reg[3] = Reg[2];
416 Reg[2] = Reg[1];
417 Reg[1] = Reg[0];
418 Reg[0] = Temp;
419 }
420 for (i=32; i<48; i++)
421 {
422 MD5Step(MD5_F3, Reg[0], Reg[1], Reg[2], Reg[3], Mes[(3*(i & 0xf)+5) & 0xf],
423 MD5Table[i], LShiftVal[(0x1 << 3)+(i & 0x3)]);
424
425 // one-word right shift
426 Temp = Reg[3];
427 Reg[3] = Reg[2];
428 Reg[2] = Reg[1];
429 Reg[1] = Reg[0];
430 Reg[0] = Temp;
431 }
432 for (i=48; i<64; i++)
433 {
434 MD5Step(MD5_F4, Reg[0], Reg[1], Reg[2], Reg[3], Mes[(7*(i & 0xf)) & 0xf],
435 MD5Table[i], LShiftVal[(0x3 << 2)+(i & 0x3)]);
436
437 // one-word right shift
438 Temp = Reg[3];
439 Reg[3] = Reg[2];
440 Reg[2] = Reg[1];
441 Reg[1] = Reg[0];
442 Reg[0] = Temp;
443 }
444
445
446 // (temporary)output
447 for (i=0; i<4; i++)
448 Buf[i] += Reg[i];
449
450 }
451
452
453
454 /* ========================= SHA-1 implementation ========================== */
455 // four base functions for SHA-1
456 #define SHA1_F1(b, c, d) (((b) & (c)) | ((~b) & (d)))
457 #define SHA1_F2(b, c, d) ((b) ^ (c) ^ (d))
458 #define SHA1_F3(b, c, d) (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
459
460
461 #define SHA1Step(f, a, b, c, d, e, w, k) \
462 ( e += ( f(b, c, d) + w + k + CYCLIC_LEFT_SHIFT(a, 5)) & 0xffffffff, \
463 b = CYCLIC_LEFT_SHIFT(b, 30) )
464
465 //Initiate SHA-1 Context satisfied in RFC 3174
SHAInit(SHA_CTX * pCtx)466 VOID SHAInit(SHA_CTX *pCtx)
467 {
468 pCtx->Buf[0]=0x67452301;
469 pCtx->Buf[1]=0xefcdab89;
470 pCtx->Buf[2]=0x98badcfe;
471 pCtx->Buf[3]=0x10325476;
472 pCtx->Buf[4]=0xc3d2e1f0;
473
474 pCtx->LenInBitCount[0]=0;
475 pCtx->LenInBitCount[1]=0;
476 }
477
478 /*
479 * Function Description:
480 * Update SHA-1 Context, allow of an arrary of octets as the next
481 * portion of the message
482 *
483 * Arguments:
484 * pCtx Pointer to SHA-1 context
485 * pData Pointer to input data
486 * LenInBytes The length of input data (unit: byte)
487 *
488 * Return Value:
489 * error indicate more than pow(2,64) bits of data
490 *
491 * Note:
492 * Called after SHAInit or SHAUpdate(itself)
493 */
SHAUpdate(SHA_CTX * pCtx,UCHAR * pData,UINT32 LenInBytes)494 UCHAR SHAUpdate(SHA_CTX *pCtx, UCHAR *pData, UINT32 LenInBytes)
495 {
496 UINT32 TfTimes;
497 UINT32 temp1,temp2;
498 unsigned int i;
499 UCHAR err=1;
500
501 temp1 = pCtx->LenInBitCount[0];
502 temp2 = pCtx->LenInBitCount[1];
503
504 pCtx->LenInBitCount[0] = (UINT32) (pCtx->LenInBitCount[0] + (LenInBytes << 3));
505 if (pCtx->LenInBitCount[0] < temp1)
506 pCtx->LenInBitCount[1]++; //carry in
507
508
509 pCtx->LenInBitCount[1] = (UINT32) (pCtx->LenInBitCount[1] +(LenInBytes >> 29));
510 if (pCtx->LenInBitCount[1] < temp2)
511 return (err); //check total length of original data
512
513
514 // mod 64 bytes
515 temp1 = (temp1 >> 3) & 0x3f;
516
517 // process lacks of 64-byte data
518 if (temp1)
519 {
520 UCHAR *pAds = (UCHAR *) pCtx->Input + temp1;
521
522 if ((temp1+LenInBytes) < 64)
523 {
524 NdisMoveMemory(pAds, (UCHAR *)pData, LenInBytes);
525 return (0);
526 }
527
528 NdisMoveMemory(pAds, (UCHAR *)pData, 64-temp1);
529 byteReverse((UCHAR *)pCtx->Input, 16);
530
531 NdisZeroMemory((UCHAR *)pCtx->Input + 64, 16);
532 SHATransform(pCtx->Buf, (UINT32 *)pCtx->Input);
533
534 pData += 64-temp1;
535 LenInBytes -= 64-temp1;
536 } // end of if (temp1)
537
538
539 TfTimes = (LenInBytes >> 6);
540
541 for (i=TfTimes; i>0; i--)
542 {
543 NdisMoveMemory(pCtx->Input, (UCHAR *)pData, 64);
544 byteReverse((UCHAR *)pCtx->Input, 16);
545
546 NdisZeroMemory((UCHAR *)pCtx->Input + 64, 16);
547 SHATransform(pCtx->Buf, (UINT32 *)pCtx->Input);
548 pData += 64;
549 LenInBytes -= 64;
550 } // end of for
551
552 // buffering lacks of 64-byte data
553 if(LenInBytes)
554 NdisMoveMemory(pCtx->Input, (UCHAR *)pData, LenInBytes);
555
556 return (0);
557
558 }
559
560 // Append padding bits and length of original message in the tail
561 // The message digest has to be completed in the end
SHAFinal(SHA_CTX * pCtx,UCHAR Digest[20])562 VOID SHAFinal(SHA_CTX *pCtx, UCHAR Digest[20])
563 {
564 UCHAR Remainder;
565 UCHAR PadLenInBytes;
566 UCHAR *pAppend=0;
567 unsigned int i;
568
569 Remainder = (UCHAR)((pCtx->LenInBitCount[0] >> 3) & 0x3f);
570
571 pAppend = (UCHAR *)pCtx->Input + Remainder;
572
573 PadLenInBytes = (Remainder < 56) ? (56-Remainder) : (120-Remainder);
574
575 // padding bits without crossing block(64-byte based) boundary
576 if (Remainder < 56)
577 {
578 *pAppend = 0x80;
579 PadLenInBytes --;
580
581 NdisZeroMemory((UCHAR *)pCtx->Input + Remainder+1, PadLenInBytes);
582
583 // add data-length field, from high to low
584 for (i=0; i<4; i++)
585 {
586 pCtx->Input[56+i] = (UCHAR)((pCtx->LenInBitCount[1] >> ((3-i) << 3)) & 0xff);
587 pCtx->Input[60+i] = (UCHAR)((pCtx->LenInBitCount[0] >> ((3-i) << 3)) & 0xff);
588 }
589
590 byteReverse((UCHAR *)pCtx->Input, 16);
591 NdisZeroMemory((UCHAR *)pCtx->Input + 64, 14);
592 SHATransform(pCtx->Buf, (UINT32 *)pCtx->Input);
593 } // end of if
594
595 // padding bits with crossing block(64-byte based) boundary
596 else
597 {
598 // the first block ===
599 *pAppend = 0x80;
600 PadLenInBytes --;
601
602 NdisZeroMemory((UCHAR *)pCtx->Input + Remainder+1, (64-Remainder-1));
603 PadLenInBytes -= (64 - Remainder - 1);
604
605 byteReverse((UCHAR *)pCtx->Input, 16);
606 NdisZeroMemory((UCHAR *)pCtx->Input + 64, 16);
607 SHATransform(pCtx->Buf, (UINT32 *)pCtx->Input);
608
609
610 // the second block ===
611 NdisZeroMemory((UCHAR *)pCtx->Input, PadLenInBytes);
612
613 // add data-length field
614 for (i=0; i<4; i++)
615 {
616 pCtx->Input[56+i] = (UCHAR)((pCtx->LenInBitCount[1] >> ((3-i) << 3)) & 0xff);
617 pCtx->Input[60+i] = (UCHAR)((pCtx->LenInBitCount[0] >> ((3-i) << 3)) & 0xff);
618 }
619
620 byteReverse((UCHAR *)pCtx->Input, 16);
621 NdisZeroMemory((UCHAR *)pCtx->Input + 64, 16);
622 SHATransform(pCtx->Buf, (UINT32 *)pCtx->Input);
623 } // end of else
624
625
626 //Output, bytereverse
627 for (i=0; i<20; i++)
628 {
629 Digest [i] = (UCHAR)(pCtx->Buf[i>>2] >> 8*(3-(i & 0x3)));
630 }
631
632 NdisZeroMemory(pCtx, sizeof(pCtx)); // memory free
633 }
634
635
636 // The central algorithm of SHA-1, consists of four rounds and
637 // twenty steps per round
SHATransform(UINT32 Buf[5],UINT32 Mes[20])638 VOID SHATransform(UINT32 Buf[5], UINT32 Mes[20])
639 {
640 UINT32 Reg[5],Temp;
641 unsigned int i;
642 UINT32 W[80];
643
644 static UINT32 SHA1Table[4] = { 0x5a827999, 0x6ed9eba1,
645 0x8f1bbcdc, 0xca62c1d6 };
646
647 Reg[0]=Buf[0];
648 Reg[1]=Buf[1];
649 Reg[2]=Buf[2];
650 Reg[3]=Buf[3];
651 Reg[4]=Buf[4];
652
653 //the first octet of a word is stored in the 0th element, bytereverse
654 for(i = 0; i < 16; i++)
655 {
656 W[i] = (Mes[i] >> 24) & 0xff;
657 W[i] |= (Mes[i] >> 8 ) & 0xff00;
658 W[i] |= (Mes[i] << 8 ) & 0xff0000;
659 W[i] |= (Mes[i] << 24) & 0xff000000;
660 }
661
662
663 for (i = 0; i < 64; i++)
664 W[16+i] = CYCLIC_LEFT_SHIFT(W[i] ^ W[2+i] ^ W[8+i] ^ W[13+i], 1);
665
666
667 // 80 steps in SHA-1 algorithm
668 for (i=0; i<80; i++)
669 {
670 if (i<20)
671 SHA1Step(SHA1_F1, Reg[0], Reg[1], Reg[2], Reg[3], Reg[4],
672 W[i], SHA1Table[0]);
673
674 else if (i>=20 && i<40)
675 SHA1Step(SHA1_F2, Reg[0], Reg[1], Reg[2], Reg[3], Reg[4],
676 W[i], SHA1Table[1]);
677
678 else if (i>=40 && i<60)
679 SHA1Step(SHA1_F3, Reg[0], Reg[1], Reg[2], Reg[3], Reg[4],
680 W[i], SHA1Table[2]);
681
682 else
683 SHA1Step(SHA1_F2, Reg[0], Reg[1], Reg[2], Reg[3], Reg[4],
684 W[i], SHA1Table[3]);
685
686
687 // one-word right shift
688 Temp = Reg[4];
689 Reg[4] = Reg[3];
690 Reg[3] = Reg[2];
691 Reg[2] = Reg[1];
692 Reg[1] = Reg[0];
693 Reg[0] = Temp;
694
695 } // end of for-loop
696
697
698 // (temporary)output
699 for (i=0; i<5; i++)
700 Buf[i] += Reg[i];
701
702 }
703
704
705 /* ========================= AES En/Decryption ========================== */
706
707 /* forward S-box */
708 static uint32 FSb[256] =
709 {
710 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
711 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
712 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
713 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
714 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
715 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
716 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
717 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
718 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
719 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
720 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
721 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
722 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
723 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
724 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
725 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
726 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
727 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
728 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
729 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
730 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
731 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
732 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
733 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
734 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
735 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
736 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
737 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
738 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
739 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
740 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
741 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
742 };
743
744 /* forward table */
745 #define FT \
746 \
747 V(C6,63,63,A5), V(F8,7C,7C,84), V(EE,77,77,99), V(F6,7B,7B,8D), \
748 V(FF,F2,F2,0D), V(D6,6B,6B,BD), V(DE,6F,6F,B1), V(91,C5,C5,54), \
749 V(60,30,30,50), V(02,01,01,03), V(CE,67,67,A9), V(56,2B,2B,7D), \
750 V(E7,FE,FE,19), V(B5,D7,D7,62), V(4D,AB,AB,E6), V(EC,76,76,9A), \
751 V(8F,CA,CA,45), V(1F,82,82,9D), V(89,C9,C9,40), V(FA,7D,7D,87), \
752 V(EF,FA,FA,15), V(B2,59,59,EB), V(8E,47,47,C9), V(FB,F0,F0,0B), \
753 V(41,AD,AD,EC), V(B3,D4,D4,67), V(5F,A2,A2,FD), V(45,AF,AF,EA), \
754 V(23,9C,9C,BF), V(53,A4,A4,F7), V(E4,72,72,96), V(9B,C0,C0,5B), \
755 V(75,B7,B7,C2), V(E1,FD,FD,1C), V(3D,93,93,AE), V(4C,26,26,6A), \
756 V(6C,36,36,5A), V(7E,3F,3F,41), V(F5,F7,F7,02), V(83,CC,CC,4F), \
757 V(68,34,34,5C), V(51,A5,A5,F4), V(D1,E5,E5,34), V(F9,F1,F1,08), \
758 V(E2,71,71,93), V(AB,D8,D8,73), V(62,31,31,53), V(2A,15,15,3F), \
759 V(08,04,04,0C), V(95,C7,C7,52), V(46,23,23,65), V(9D,C3,C3,5E), \
760 V(30,18,18,28), V(37,96,96,A1), V(0A,05,05,0F), V(2F,9A,9A,B5), \
761 V(0E,07,07,09), V(24,12,12,36), V(1B,80,80,9B), V(DF,E2,E2,3D), \
762 V(CD,EB,EB,26), V(4E,27,27,69), V(7F,B2,B2,CD), V(EA,75,75,9F), \
763 V(12,09,09,1B), V(1D,83,83,9E), V(58,2C,2C,74), V(34,1A,1A,2E), \
764 V(36,1B,1B,2D), V(DC,6E,6E,B2), V(B4,5A,5A,EE), V(5B,A0,A0,FB), \
765 V(A4,52,52,F6), V(76,3B,3B,4D), V(B7,D6,D6,61), V(7D,B3,B3,CE), \
766 V(52,29,29,7B), V(DD,E3,E3,3E), V(5E,2F,2F,71), V(13,84,84,97), \
767 V(A6,53,53,F5), V(B9,D1,D1,68), V(00,00,00,00), V(C1,ED,ED,2C), \
768 V(40,20,20,60), V(E3,FC,FC,1F), V(79,B1,B1,C8), V(B6,5B,5B,ED), \
769 V(D4,6A,6A,BE), V(8D,CB,CB,46), V(67,BE,BE,D9), V(72,39,39,4B), \
770 V(94,4A,4A,DE), V(98,4C,4C,D4), V(B0,58,58,E8), V(85,CF,CF,4A), \
771 V(BB,D0,D0,6B), V(C5,EF,EF,2A), V(4F,AA,AA,E5), V(ED,FB,FB,16), \
772 V(86,43,43,C5), V(9A,4D,4D,D7), V(66,33,33,55), V(11,85,85,94), \
773 V(8A,45,45,CF), V(E9,F9,F9,10), V(04,02,02,06), V(FE,7F,7F,81), \
774 V(A0,50,50,F0), V(78,3C,3C,44), V(25,9F,9F,BA), V(4B,A8,A8,E3), \
775 V(A2,51,51,F3), V(5D,A3,A3,FE), V(80,40,40,C0), V(05,8F,8F,8A), \
776 V(3F,92,92,AD), V(21,9D,9D,BC), V(70,38,38,48), V(F1,F5,F5,04), \
777 V(63,BC,BC,DF), V(77,B6,B6,C1), V(AF,DA,DA,75), V(42,21,21,63), \
778 V(20,10,10,30), V(E5,FF,FF,1A), V(FD,F3,F3,0E), V(BF,D2,D2,6D), \
779 V(81,CD,CD,4C), V(18,0C,0C,14), V(26,13,13,35), V(C3,EC,EC,2F), \
780 V(BE,5F,5F,E1), V(35,97,97,A2), V(88,44,44,CC), V(2E,17,17,39), \
781 V(93,C4,C4,57), V(55,A7,A7,F2), V(FC,7E,7E,82), V(7A,3D,3D,47), \
782 V(C8,64,64,AC), V(BA,5D,5D,E7), V(32,19,19,2B), V(E6,73,73,95), \
783 V(C0,60,60,A0), V(19,81,81,98), V(9E,4F,4F,D1), V(A3,DC,DC,7F), \
784 V(44,22,22,66), V(54,2A,2A,7E), V(3B,90,90,AB), V(0B,88,88,83), \
785 V(8C,46,46,CA), V(C7,EE,EE,29), V(6B,B8,B8,D3), V(28,14,14,3C), \
786 V(A7,DE,DE,79), V(BC,5E,5E,E2), V(16,0B,0B,1D), V(AD,DB,DB,76), \
787 V(DB,E0,E0,3B), V(64,32,32,56), V(74,3A,3A,4E), V(14,0A,0A,1E), \
788 V(92,49,49,DB), V(0C,06,06,0A), V(48,24,24,6C), V(B8,5C,5C,E4), \
789 V(9F,C2,C2,5D), V(BD,D3,D3,6E), V(43,AC,AC,EF), V(C4,62,62,A6), \
790 V(39,91,91,A8), V(31,95,95,A4), V(D3,E4,E4,37), V(F2,79,79,8B), \
791 V(D5,E7,E7,32), V(8B,C8,C8,43), V(6E,37,37,59), V(DA,6D,6D,B7), \
792 V(01,8D,8D,8C), V(B1,D5,D5,64), V(9C,4E,4E,D2), V(49,A9,A9,E0), \
793 V(D8,6C,6C,B4), V(AC,56,56,FA), V(F3,F4,F4,07), V(CF,EA,EA,25), \
794 V(CA,65,65,AF), V(F4,7A,7A,8E), V(47,AE,AE,E9), V(10,08,08,18), \
795 V(6F,BA,BA,D5), V(F0,78,78,88), V(4A,25,25,6F), V(5C,2E,2E,72), \
796 V(38,1C,1C,24), V(57,A6,A6,F1), V(73,B4,B4,C7), V(97,C6,C6,51), \
797 V(CB,E8,E8,23), V(A1,DD,DD,7C), V(E8,74,74,9C), V(3E,1F,1F,21), \
798 V(96,4B,4B,DD), V(61,BD,BD,DC), V(0D,8B,8B,86), V(0F,8A,8A,85), \
799 V(E0,70,70,90), V(7C,3E,3E,42), V(71,B5,B5,C4), V(CC,66,66,AA), \
800 V(90,48,48,D8), V(06,03,03,05), V(F7,F6,F6,01), V(1C,0E,0E,12), \
801 V(C2,61,61,A3), V(6A,35,35,5F), V(AE,57,57,F9), V(69,B9,B9,D0), \
802 V(17,86,86,91), V(99,C1,C1,58), V(3A,1D,1D,27), V(27,9E,9E,B9), \
803 V(D9,E1,E1,38), V(EB,F8,F8,13), V(2B,98,98,B3), V(22,11,11,33), \
804 V(D2,69,69,BB), V(A9,D9,D9,70), V(07,8E,8E,89), V(33,94,94,A7), \
805 V(2D,9B,9B,B6), V(3C,1E,1E,22), V(15,87,87,92), V(C9,E9,E9,20), \
806 V(87,CE,CE,49), V(AA,55,55,FF), V(50,28,28,78), V(A5,DF,DF,7A), \
807 V(03,8C,8C,8F), V(59,A1,A1,F8), V(09,89,89,80), V(1A,0D,0D,17), \
808 V(65,BF,BF,DA), V(D7,E6,E6,31), V(84,42,42,C6), V(D0,68,68,B8), \
809 V(82,41,41,C3), V(29,99,99,B0), V(5A,2D,2D,77), V(1E,0F,0F,11), \
810 V(7B,B0,B0,CB), V(A8,54,54,FC), V(6D,BB,BB,D6), V(2C,16,16,3A)
811
812 #define V(a,b,c,d) 0x##a##b##c##d
813 static uint32 FT0[256] = { FT };
814 #undef V
815
816 #define V(a,b,c,d) 0x##d##a##b##c
817 static uint32 FT1[256] = { FT };
818 #undef V
819
820 #define V(a,b,c,d) 0x##c##d##a##b
821 static uint32 FT2[256] = { FT };
822 #undef V
823
824 #define V(a,b,c,d) 0x##b##c##d##a
825 static uint32 FT3[256] = { FT };
826 #undef V
827
828 #undef FT
829
830 /* reverse S-box */
831
832 static uint32 RSb[256] =
833 {
834 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
835 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
836 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
837 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
838 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D,
839 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
840 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2,
841 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
842 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
843 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
844 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA,
845 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
846 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A,
847 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
848 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
849 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
850 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA,
851 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
852 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85,
853 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
854 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
855 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
856 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20,
857 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
858 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31,
859 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
860 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
861 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
862 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0,
863 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
864 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
865 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
866 };
867
868 /* reverse table */
869
870 #define RT \
871 \
872 V(51,F4,A7,50), V(7E,41,65,53), V(1A,17,A4,C3), V(3A,27,5E,96), \
873 V(3B,AB,6B,CB), V(1F,9D,45,F1), V(AC,FA,58,AB), V(4B,E3,03,93), \
874 V(20,30,FA,55), V(AD,76,6D,F6), V(88,CC,76,91), V(F5,02,4C,25), \
875 V(4F,E5,D7,FC), V(C5,2A,CB,D7), V(26,35,44,80), V(B5,62,A3,8F), \
876 V(DE,B1,5A,49), V(25,BA,1B,67), V(45,EA,0E,98), V(5D,FE,C0,E1), \
877 V(C3,2F,75,02), V(81,4C,F0,12), V(8D,46,97,A3), V(6B,D3,F9,C6), \
878 V(03,8F,5F,E7), V(15,92,9C,95), V(BF,6D,7A,EB), V(95,52,59,DA), \
879 V(D4,BE,83,2D), V(58,74,21,D3), V(49,E0,69,29), V(8E,C9,C8,44), \
880 V(75,C2,89,6A), V(F4,8E,79,78), V(99,58,3E,6B), V(27,B9,71,DD), \
881 V(BE,E1,4F,B6), V(F0,88,AD,17), V(C9,20,AC,66), V(7D,CE,3A,B4), \
882 V(63,DF,4A,18), V(E5,1A,31,82), V(97,51,33,60), V(62,53,7F,45), \
883 V(B1,64,77,E0), V(BB,6B,AE,84), V(FE,81,A0,1C), V(F9,08,2B,94), \
884 V(70,48,68,58), V(8F,45,FD,19), V(94,DE,6C,87), V(52,7B,F8,B7), \
885 V(AB,73,D3,23), V(72,4B,02,E2), V(E3,1F,8F,57), V(66,55,AB,2A), \
886 V(B2,EB,28,07), V(2F,B5,C2,03), V(86,C5,7B,9A), V(D3,37,08,A5), \
887 V(30,28,87,F2), V(23,BF,A5,B2), V(02,03,6A,BA), V(ED,16,82,5C), \
888 V(8A,CF,1C,2B), V(A7,79,B4,92), V(F3,07,F2,F0), V(4E,69,E2,A1), \
889 V(65,DA,F4,CD), V(06,05,BE,D5), V(D1,34,62,1F), V(C4,A6,FE,8A), \
890 V(34,2E,53,9D), V(A2,F3,55,A0), V(05,8A,E1,32), V(A4,F6,EB,75), \
891 V(0B,83,EC,39), V(40,60,EF,AA), V(5E,71,9F,06), V(BD,6E,10,51), \
892 V(3E,21,8A,F9), V(96,DD,06,3D), V(DD,3E,05,AE), V(4D,E6,BD,46), \
893 V(91,54,8D,B5), V(71,C4,5D,05), V(04,06,D4,6F), V(60,50,15,FF), \
894 V(19,98,FB,24), V(D6,BD,E9,97), V(89,40,43,CC), V(67,D9,9E,77), \
895 V(B0,E8,42,BD), V(07,89,8B,88), V(E7,19,5B,38), V(79,C8,EE,DB), \
896 V(A1,7C,0A,47), V(7C,42,0F,E9), V(F8,84,1E,C9), V(00,00,00,00), \
897 V(09,80,86,83), V(32,2B,ED,48), V(1E,11,70,AC), V(6C,5A,72,4E), \
898 V(FD,0E,FF,FB), V(0F,85,38,56), V(3D,AE,D5,1E), V(36,2D,39,27), \
899 V(0A,0F,D9,64), V(68,5C,A6,21), V(9B,5B,54,D1), V(24,36,2E,3A), \
900 V(0C,0A,67,B1), V(93,57,E7,0F), V(B4,EE,96,D2), V(1B,9B,91,9E), \
901 V(80,C0,C5,4F), V(61,DC,20,A2), V(5A,77,4B,69), V(1C,12,1A,16), \
902 V(E2,93,BA,0A), V(C0,A0,2A,E5), V(3C,22,E0,43), V(12,1B,17,1D), \
903 V(0E,09,0D,0B), V(F2,8B,C7,AD), V(2D,B6,A8,B9), V(14,1E,A9,C8), \
904 V(57,F1,19,85), V(AF,75,07,4C), V(EE,99,DD,BB), V(A3,7F,60,FD), \
905 V(F7,01,26,9F), V(5C,72,F5,BC), V(44,66,3B,C5), V(5B,FB,7E,34), \
906 V(8B,43,29,76), V(CB,23,C6,DC), V(B6,ED,FC,68), V(B8,E4,F1,63), \
907 V(D7,31,DC,CA), V(42,63,85,10), V(13,97,22,40), V(84,C6,11,20), \
908 V(85,4A,24,7D), V(D2,BB,3D,F8), V(AE,F9,32,11), V(C7,29,A1,6D), \
909 V(1D,9E,2F,4B), V(DC,B2,30,F3), V(0D,86,52,EC), V(77,C1,E3,D0), \
910 V(2B,B3,16,6C), V(A9,70,B9,99), V(11,94,48,FA), V(47,E9,64,22), \
911 V(A8,FC,8C,C4), V(A0,F0,3F,1A), V(56,7D,2C,D8), V(22,33,90,EF), \
912 V(87,49,4E,C7), V(D9,38,D1,C1), V(8C,CA,A2,FE), V(98,D4,0B,36), \
913 V(A6,F5,81,CF), V(A5,7A,DE,28), V(DA,B7,8E,26), V(3F,AD,BF,A4), \
914 V(2C,3A,9D,E4), V(50,78,92,0D), V(6A,5F,CC,9B), V(54,7E,46,62), \
915 V(F6,8D,13,C2), V(90,D8,B8,E8), V(2E,39,F7,5E), V(82,C3,AF,F5), \
916 V(9F,5D,80,BE), V(69,D0,93,7C), V(6F,D5,2D,A9), V(CF,25,12,B3), \
917 V(C8,AC,99,3B), V(10,18,7D,A7), V(E8,9C,63,6E), V(DB,3B,BB,7B), \
918 V(CD,26,78,09), V(6E,59,18,F4), V(EC,9A,B7,01), V(83,4F,9A,A8), \
919 V(E6,95,6E,65), V(AA,FF,E6,7E), V(21,BC,CF,08), V(EF,15,E8,E6), \
920 V(BA,E7,9B,D9), V(4A,6F,36,CE), V(EA,9F,09,D4), V(29,B0,7C,D6), \
921 V(31,A4,B2,AF), V(2A,3F,23,31), V(C6,A5,94,30), V(35,A2,66,C0), \
922 V(74,4E,BC,37), V(FC,82,CA,A6), V(E0,90,D0,B0), V(33,A7,D8,15), \
923 V(F1,04,98,4A), V(41,EC,DA,F7), V(7F,CD,50,0E), V(17,91,F6,2F), \
924 V(76,4D,D6,8D), V(43,EF,B0,4D), V(CC,AA,4D,54), V(E4,96,04,DF), \
925 V(9E,D1,B5,E3), V(4C,6A,88,1B), V(C1,2C,1F,B8), V(46,65,51,7F), \
926 V(9D,5E,EA,04), V(01,8C,35,5D), V(FA,87,74,73), V(FB,0B,41,2E), \
927 V(B3,67,1D,5A), V(92,DB,D2,52), V(E9,10,56,33), V(6D,D6,47,13), \
928 V(9A,D7,61,8C), V(37,A1,0C,7A), V(59,F8,14,8E), V(EB,13,3C,89), \
929 V(CE,A9,27,EE), V(B7,61,C9,35), V(E1,1C,E5,ED), V(7A,47,B1,3C), \
930 V(9C,D2,DF,59), V(55,F2,73,3F), V(18,14,CE,79), V(73,C7,37,BF), \
931 V(53,F7,CD,EA), V(5F,FD,AA,5B), V(DF,3D,6F,14), V(78,44,DB,86), \
932 V(CA,AF,F3,81), V(B9,68,C4,3E), V(38,24,34,2C), V(C2,A3,40,5F), \
933 V(16,1D,C3,72), V(BC,E2,25,0C), V(28,3C,49,8B), V(FF,0D,95,41), \
934 V(39,A8,01,71), V(08,0C,B3,DE), V(D8,B4,E4,9C), V(64,56,C1,90), \
935 V(7B,CB,84,61), V(D5,32,B6,70), V(48,6C,5C,74), V(D0,B8,57,42)
936
937 #define V(a,b,c,d) 0x##a##b##c##d
938 static uint32 RT0[256] = { RT };
939 #undef V
940
941 #define V(a,b,c,d) 0x##d##a##b##c
942 static uint32 RT1[256] = { RT };
943 #undef V
944
945 #define V(a,b,c,d) 0x##c##d##a##b
946 static uint32 RT2[256] = { RT };
947 #undef V
948
949 #define V(a,b,c,d) 0x##b##c##d##a
950 static uint32 RT3[256] = { RT };
951 #undef V
952
953 #undef RT
954
955 /* round constants */
956
957 static uint32 RCON[10] =
958 {
959 0x01000000, 0x02000000, 0x04000000, 0x08000000,
960 0x10000000, 0x20000000, 0x40000000, 0x80000000,
961 0x1B000000, 0x36000000
962 };
963
964 /* key schedule tables */
965
966 static int KT_init = 1;
967
968 static uint32 KT0[256];
969 static uint32 KT1[256];
970 static uint32 KT2[256];
971 static uint32 KT3[256];
972
973 /* platform-independant 32-bit integer manipulation macros */
974
975 #define GET_UINT32(n,b,i) \
976 { \
977 (n) = ( (uint32) (b)[(i) ] << 24 ) \
978 | ( (uint32) (b)[(i) + 1] << 16 ) \
979 | ( (uint32) (b)[(i) + 2] << 8 ) \
980 | ( (uint32) (b)[(i) + 3] ); \
981 }
982
983 #define PUT_UINT32(n,b,i) \
984 { \
985 (b)[(i) ] = (uint8) ( (n) >> 24 ); \
986 (b)[(i) + 1] = (uint8) ( (n) >> 16 ); \
987 (b)[(i) + 2] = (uint8) ( (n) >> 8 ); \
988 (b)[(i) + 3] = (uint8) ( (n) ); \
989 }
990
991 /* AES key scheduling routine */
992
rtmp_aes_set_key(aes_context * ctx,uint8 * key,int nbits)993 int rtmp_aes_set_key( aes_context *ctx, uint8 *key, int nbits )
994 {
995 int i;
996 uint32 *RK, *SK;
997
998 switch( nbits )
999 {
1000 case 128: ctx->nr = 10; break;
1001 case 192: ctx->nr = 12; break;
1002 case 256: ctx->nr = 14; break;
1003 default : return( 1 );
1004 }
1005
1006 RK = ctx->erk;
1007
1008 for( i = 0; i < (nbits >> 5); i++ )
1009 {
1010 GET_UINT32( RK[i], key, i * 4 );
1011 }
1012
1013 /* setup encryption round keys */
1014
1015 switch( nbits )
1016 {
1017 case 128:
1018
1019 for( i = 0; i < 10; i++, RK += 4 )
1020 {
1021 RK[4] = RK[0] ^ RCON[i] ^
1022 ( FSb[ (uint8) ( RK[3] >> 16 ) ] << 24 ) ^
1023 ( FSb[ (uint8) ( RK[3] >> 8 ) ] << 16 ) ^
1024 ( FSb[ (uint8) ( RK[3] ) ] << 8 ) ^
1025 ( FSb[ (uint8) ( RK[3] >> 24 ) ] );
1026
1027 RK[5] = RK[1] ^ RK[4];
1028 RK[6] = RK[2] ^ RK[5];
1029 RK[7] = RK[3] ^ RK[6];
1030 }
1031 break;
1032
1033 case 192:
1034
1035 for( i = 0; i < 8; i++, RK += 6 )
1036 {
1037 RK[6] = RK[0] ^ RCON[i] ^
1038 ( FSb[ (uint8) ( RK[5] >> 16 ) ] << 24 ) ^
1039 ( FSb[ (uint8) ( RK[5] >> 8 ) ] << 16 ) ^
1040 ( FSb[ (uint8) ( RK[5] ) ] << 8 ) ^
1041 ( FSb[ (uint8) ( RK[5] >> 24 ) ] );
1042
1043 RK[7] = RK[1] ^ RK[6];
1044 RK[8] = RK[2] ^ RK[7];
1045 RK[9] = RK[3] ^ RK[8];
1046 RK[10] = RK[4] ^ RK[9];
1047 RK[11] = RK[5] ^ RK[10];
1048 }
1049 break;
1050
1051 case 256:
1052
1053 for( i = 0; i < 7; i++, RK += 8 )
1054 {
1055 RK[8] = RK[0] ^ RCON[i] ^
1056 ( FSb[ (uint8) ( RK[7] >> 16 ) ] << 24 ) ^
1057 ( FSb[ (uint8) ( RK[7] >> 8 ) ] << 16 ) ^
1058 ( FSb[ (uint8) ( RK[7] ) ] << 8 ) ^
1059 ( FSb[ (uint8) ( RK[7] >> 24 ) ] );
1060
1061 RK[9] = RK[1] ^ RK[8];
1062 RK[10] = RK[2] ^ RK[9];
1063 RK[11] = RK[3] ^ RK[10];
1064
1065 RK[12] = RK[4] ^
1066 ( FSb[ (uint8) ( RK[11] >> 24 ) ] << 24 ) ^
1067 ( FSb[ (uint8) ( RK[11] >> 16 ) ] << 16 ) ^
1068 ( FSb[ (uint8) ( RK[11] >> 8 ) ] << 8 ) ^
1069 ( FSb[ (uint8) ( RK[11] ) ] );
1070
1071 RK[13] = RK[5] ^ RK[12];
1072 RK[14] = RK[6] ^ RK[13];
1073 RK[15] = RK[7] ^ RK[14];
1074 }
1075 break;
1076 }
1077
1078 /* setup decryption round keys */
1079
1080 if( KT_init )
1081 {
1082 for( i = 0; i < 256; i++ )
1083 {
1084 KT0[i] = RT0[ FSb[i] ];
1085 KT1[i] = RT1[ FSb[i] ];
1086 KT2[i] = RT2[ FSb[i] ];
1087 KT3[i] = RT3[ FSb[i] ];
1088 }
1089
1090 KT_init = 0;
1091 }
1092
1093 SK = ctx->drk;
1094
1095 *SK++ = *RK++;
1096 *SK++ = *RK++;
1097 *SK++ = *RK++;
1098 *SK++ = *RK++;
1099
1100 for( i = 1; i < ctx->nr; i++ )
1101 {
1102 RK -= 8;
1103
1104 *SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^
1105 KT1[ (uint8) ( *RK >> 16 ) ] ^
1106 KT2[ (uint8) ( *RK >> 8 ) ] ^
1107 KT3[ (uint8) ( *RK ) ]; RK++;
1108
1109 *SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^
1110 KT1[ (uint8) ( *RK >> 16 ) ] ^
1111 KT2[ (uint8) ( *RK >> 8 ) ] ^
1112 KT3[ (uint8) ( *RK ) ]; RK++;
1113
1114 *SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^
1115 KT1[ (uint8) ( *RK >> 16 ) ] ^
1116 KT2[ (uint8) ( *RK >> 8 ) ] ^
1117 KT3[ (uint8) ( *RK ) ]; RK++;
1118
1119 *SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^
1120 KT1[ (uint8) ( *RK >> 16 ) ] ^
1121 KT2[ (uint8) ( *RK >> 8 ) ] ^
1122 KT3[ (uint8) ( *RK ) ]; RK++;
1123 }
1124
1125 RK -= 8;
1126
1127 *SK++ = *RK++;
1128 *SK++ = *RK++;
1129 *SK++ = *RK++;
1130 *SK++ = *RK++;
1131
1132 return( 0 );
1133 }
1134
1135 /* AES 128-bit block encryption routine */
1136
rtmp_aes_encrypt(aes_context * ctx,uint8 input[16],uint8 output[16])1137 void rtmp_aes_encrypt(aes_context *ctx, uint8 input[16], uint8 output[16] )
1138 {
1139 uint32 *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
1140
1141 RK = ctx->erk;
1142 GET_UINT32( X0, input, 0 ); X0 ^= RK[0];
1143 GET_UINT32( X1, input, 4 ); X1 ^= RK[1];
1144 GET_UINT32( X2, input, 8 ); X2 ^= RK[2];
1145 GET_UINT32( X3, input, 12 ); X3 ^= RK[3];
1146
1147 #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
1148 { \
1149 RK += 4; \
1150 \
1151 X0 = RK[0] ^ FT0[ (uint8) ( Y0 >> 24 ) ] ^ \
1152 FT1[ (uint8) ( Y1 >> 16 ) ] ^ \
1153 FT2[ (uint8) ( Y2 >> 8 ) ] ^ \
1154 FT3[ (uint8) ( Y3 ) ]; \
1155 \
1156 X1 = RK[1] ^ FT0[ (uint8) ( Y1 >> 24 ) ] ^ \
1157 FT1[ (uint8) ( Y2 >> 16 ) ] ^ \
1158 FT2[ (uint8) ( Y3 >> 8 ) ] ^ \
1159 FT3[ (uint8) ( Y0 ) ]; \
1160 \
1161 X2 = RK[2] ^ FT0[ (uint8) ( Y2 >> 24 ) ] ^ \
1162 FT1[ (uint8) ( Y3 >> 16 ) ] ^ \
1163 FT2[ (uint8) ( Y0 >> 8 ) ] ^ \
1164 FT3[ (uint8) ( Y1 ) ]; \
1165 \
1166 X3 = RK[3] ^ FT0[ (uint8) ( Y3 >> 24 ) ] ^ \
1167 FT1[ (uint8) ( Y0 >> 16 ) ] ^ \
1168 FT2[ (uint8) ( Y1 >> 8 ) ] ^ \
1169 FT3[ (uint8) ( Y2 ) ]; \
1170 }
1171
1172 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 1 */
1173 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 2 */
1174 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 3 */
1175 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 4 */
1176 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 5 */
1177 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 6 */
1178 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 7 */
1179 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 8 */
1180 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 9 */
1181
1182 if( ctx->nr > 10 )
1183 {
1184 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 10 */
1185 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 11 */
1186 }
1187
1188 if( ctx->nr > 12 )
1189 {
1190 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 12 */
1191 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 13 */
1192 }
1193
1194 /* last round */
1195
1196 RK += 4;
1197
1198 X0 = RK[0] ^ ( FSb[ (uint8) ( Y0 >> 24 ) ] << 24 ) ^
1199 ( FSb[ (uint8) ( Y1 >> 16 ) ] << 16 ) ^
1200 ( FSb[ (uint8) ( Y2 >> 8 ) ] << 8 ) ^
1201 ( FSb[ (uint8) ( Y3 ) ] );
1202
1203 X1 = RK[1] ^ ( FSb[ (uint8) ( Y1 >> 24 ) ] << 24 ) ^
1204 ( FSb[ (uint8) ( Y2 >> 16 ) ] << 16 ) ^
1205 ( FSb[ (uint8) ( Y3 >> 8 ) ] << 8 ) ^
1206 ( FSb[ (uint8) ( Y0 ) ] );
1207
1208 X2 = RK[2] ^ ( FSb[ (uint8) ( Y2 >> 24 ) ] << 24 ) ^
1209 ( FSb[ (uint8) ( Y3 >> 16 ) ] << 16 ) ^
1210 ( FSb[ (uint8) ( Y0 >> 8 ) ] << 8 ) ^
1211 ( FSb[ (uint8) ( Y1 ) ] );
1212
1213 X3 = RK[3] ^ ( FSb[ (uint8) ( Y3 >> 24 ) ] << 24 ) ^
1214 ( FSb[ (uint8) ( Y0 >> 16 ) ] << 16 ) ^
1215 ( FSb[ (uint8) ( Y1 >> 8 ) ] << 8 ) ^
1216 ( FSb[ (uint8) ( Y2 ) ] );
1217
1218 PUT_UINT32( X0, output, 0 );
1219 PUT_UINT32( X1, output, 4 );
1220 PUT_UINT32( X2, output, 8 );
1221 PUT_UINT32( X3, output, 12 );
1222 }
1223
1224 /* AES 128-bit block decryption routine */
1225
rtmp_aes_decrypt(aes_context * ctx,uint8 input[16],uint8 output[16])1226 void rtmp_aes_decrypt( aes_context *ctx, uint8 input[16], uint8 output[16] )
1227 {
1228 uint32 *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
1229
1230 RK = ctx->drk;
1231
1232 GET_UINT32( X0, input, 0 ); X0 ^= RK[0];
1233 GET_UINT32( X1, input, 4 ); X1 ^= RK[1];
1234 GET_UINT32( X2, input, 8 ); X2 ^= RK[2];
1235 GET_UINT32( X3, input, 12 ); X3 ^= RK[3];
1236
1237 #define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
1238 { \
1239 RK += 4; \
1240 \
1241 X0 = RK[0] ^ RT0[ (uint8) ( Y0 >> 24 ) ] ^ \
1242 RT1[ (uint8) ( Y3 >> 16 ) ] ^ \
1243 RT2[ (uint8) ( Y2 >> 8 ) ] ^ \
1244 RT3[ (uint8) ( Y1 ) ]; \
1245 \
1246 X1 = RK[1] ^ RT0[ (uint8) ( Y1 >> 24 ) ] ^ \
1247 RT1[ (uint8) ( Y0 >> 16 ) ] ^ \
1248 RT2[ (uint8) ( Y3 >> 8 ) ] ^ \
1249 RT3[ (uint8) ( Y2 ) ]; \
1250 \
1251 X2 = RK[2] ^ RT0[ (uint8) ( Y2 >> 24 ) ] ^ \
1252 RT1[ (uint8) ( Y1 >> 16 ) ] ^ \
1253 RT2[ (uint8) ( Y0 >> 8 ) ] ^ \
1254 RT3[ (uint8) ( Y3 ) ]; \
1255 \
1256 X3 = RK[3] ^ RT0[ (uint8) ( Y3 >> 24 ) ] ^ \
1257 RT1[ (uint8) ( Y2 >> 16 ) ] ^ \
1258 RT2[ (uint8) ( Y1 >> 8 ) ] ^ \
1259 RT3[ (uint8) ( Y0 ) ]; \
1260 }
1261
1262 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 1 */
1263 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 2 */
1264 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 3 */
1265 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 4 */
1266 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 5 */
1267 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 6 */
1268 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 7 */
1269 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 8 */
1270 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 9 */
1271
1272 if( ctx->nr > 10 )
1273 {
1274 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 10 */
1275 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 11 */
1276 }
1277
1278 if( ctx->nr > 12 )
1279 {
1280 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 12 */
1281 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 13 */
1282 }
1283
1284 /* last round */
1285
1286 RK += 4;
1287
1288 X0 = RK[0] ^ ( RSb[ (uint8) ( Y0 >> 24 ) ] << 24 ) ^
1289 ( RSb[ (uint8) ( Y3 >> 16 ) ] << 16 ) ^
1290 ( RSb[ (uint8) ( Y2 >> 8 ) ] << 8 ) ^
1291 ( RSb[ (uint8) ( Y1 ) ] );
1292
1293 X1 = RK[1] ^ ( RSb[ (uint8) ( Y1 >> 24 ) ] << 24 ) ^
1294 ( RSb[ (uint8) ( Y0 >> 16 ) ] << 16 ) ^
1295 ( RSb[ (uint8) ( Y3 >> 8 ) ] << 8 ) ^
1296 ( RSb[ (uint8) ( Y2 ) ] );
1297
1298 X2 = RK[2] ^ ( RSb[ (uint8) ( Y2 >> 24 ) ] << 24 ) ^
1299 ( RSb[ (uint8) ( Y1 >> 16 ) ] << 16 ) ^
1300 ( RSb[ (uint8) ( Y0 >> 8 ) ] << 8 ) ^
1301 ( RSb[ (uint8) ( Y3 ) ] );
1302
1303 X3 = RK[3] ^ ( RSb[ (uint8) ( Y3 >> 24 ) ] << 24 ) ^
1304 ( RSb[ (uint8) ( Y2 >> 16 ) ] << 16 ) ^
1305 ( RSb[ (uint8) ( Y1 >> 8 ) ] << 8 ) ^
1306 ( RSb[ (uint8) ( Y0 ) ] );
1307
1308 PUT_UINT32( X0, output, 0 );
1309 PUT_UINT32( X1, output, 4 );
1310 PUT_UINT32( X2, output, 8 );
1311 PUT_UINT32( X3, output, 12 );
1312 }
1313
1314 /*
1315 ========================================================================
1316
1317 Routine Description:
1318 SHA1 function
1319
1320 Arguments:
1321
1322 Return Value:
1323
1324 Note:
1325
1326 ========================================================================
1327 */
HMAC_SHA1(IN UCHAR * text,IN UINT text_len,IN UCHAR * key,IN UINT key_len,IN UCHAR * digest)1328 VOID HMAC_SHA1(
1329 IN UCHAR *text,
1330 IN UINT text_len,
1331 IN UCHAR *key,
1332 IN UINT key_len,
1333 IN UCHAR *digest)
1334 {
1335 SHA_CTX context;
1336 UCHAR k_ipad[65]; /* inner padding - key XORd with ipad */
1337 UCHAR k_opad[65]; /* outer padding - key XORd with opad */
1338 INT i;
1339
1340 // if key is longer than 64 bytes reset it to key=SHA1(key)
1341 if (key_len > 64)
1342 {
1343 SHA_CTX tctx;
1344 SHAInit(&tctx);
1345 SHAUpdate(&tctx, key, key_len);
1346 SHAFinal(&tctx, key);
1347 key_len = 20;
1348 }
1349 NdisZeroMemory(k_ipad, sizeof(k_ipad));
1350 NdisZeroMemory(k_opad, sizeof(k_opad));
1351 NdisMoveMemory(k_ipad, key, key_len);
1352 NdisMoveMemory(k_opad, key, key_len);
1353
1354 // XOR key with ipad and opad values
1355 for (i = 0; i < 64; i++)
1356 {
1357 k_ipad[i] ^= 0x36;
1358 k_opad[i] ^= 0x5c;
1359 }
1360
1361 // perform inner SHA1
1362 SHAInit(&context); /* init context for 1st pass */
1363 SHAUpdate(&context, k_ipad, 64); /* start with inner pad */
1364 SHAUpdate(&context, text, text_len); /* then text of datagram */
1365 SHAFinal(&context, digest); /* finish up 1st pass */
1366
1367 //perform outer SHA1
1368 SHAInit(&context); /* init context for 2nd pass */
1369 SHAUpdate(&context, k_opad, 64); /* start with outer pad */
1370 SHAUpdate(&context, digest, 20); /* then results of 1st hash */
1371 SHAFinal(&context, digest); /* finish up 2nd pass */
1372
1373 }
1374
1375 /*
1376 * F(P, S, c, i) = U1 xor U2 xor ... Uc
1377 * U1 = PRF(P, S || Int(i))
1378 * U2 = PRF(P, U1)
1379 * Uc = PRF(P, Uc-1)
1380 */
1381
F(char * password,unsigned char * ssid,int ssidlength,int iterations,int count,unsigned char * output)1382 void F(char *password, unsigned char *ssid, int ssidlength, int iterations, int count, unsigned char *output)
1383 {
1384 unsigned char digest[36], digest1[SHA_DIGEST_LEN];
1385 int i, j;
1386
1387 /* U1 = PRF(P, S || int(i)) */
1388 memcpy(digest, ssid, ssidlength);
1389 digest[ssidlength] = (unsigned char)((count>>24) & 0xff);
1390 digest[ssidlength+1] = (unsigned char)((count>>16) & 0xff);
1391 digest[ssidlength+2] = (unsigned char)((count>>8) & 0xff);
1392 digest[ssidlength+3] = (unsigned char)(count & 0xff);
1393 HMAC_SHA1(digest, ssidlength+4, (unsigned char*) password, (int) strlen(password), digest1); // for WPA update
1394
1395 /* output = U1 */
1396 memcpy(output, digest1, SHA_DIGEST_LEN);
1397
1398 for (i = 1; i < iterations; i++)
1399 {
1400 /* Un = PRF(P, Un-1) */
1401 HMAC_SHA1(digest1, SHA_DIGEST_LEN, (unsigned char*) password, (int) strlen(password), digest); // for WPA update
1402 memcpy(digest1, digest, SHA_DIGEST_LEN);
1403
1404 /* output = output xor Un */
1405 for (j = 0; j < SHA_DIGEST_LEN; j++)
1406 {
1407 output[j] ^= digest[j];
1408 }
1409 }
1410 }
1411 /*
1412 * password - ascii string up to 63 characters in length
1413 * ssid - octet string up to 32 octets
1414 * ssidlength - length of ssid in octets
1415 * output must be 40 octets in length and outputs 256 bits of key
1416 */
PasswordHash(char * password,unsigned char * ssid,int ssidlength,unsigned char * output)1417 int PasswordHash(char *password, unsigned char *ssid, int ssidlength, unsigned char *output)
1418 {
1419 if ((strlen(password) > 63) || (ssidlength > 32))
1420 return 0;
1421
1422 F(password, ssid, ssidlength, 4096, 1, output);
1423 F(password, ssid, ssidlength, 4096, 2, &output[SHA_DIGEST_LEN]);
1424 return 1;
1425 }
1426
1427
1428