├── .gitignore
├── LICENSE
├── Linux
├── Makefile
├── aes.c
├── aes.h
├── lz.c
├── lz.h
├── make_npdata.c
├── make_npdata.h
├── sha1.c
├── sha1.h
├── utils.c
└── utils.h
├── README.md
└── Windows
├── make_npdata.sln
└── src
├── aes.cpp
├── aes.h
├── lz.cpp
├── lz.h
├── make_npdata.cpp
├── make_npdata.h
├── make_npdata.vcxproj
├── make_npdata.vcxproj.filters
├── make_npdata.vcxproj.user
├── sha1.cpp
├── sha1.h
├── utils.cpp
└── utils.h
/.gitignore:
--------------------------------------------------------------------------------
1 | # Compiled Object files
2 | *.slo
3 | *.lo
4 | *.o
5 |
6 | # Compiled Dynamic libraries
7 | *.so
8 | *.dylib
9 |
10 | # Compiled Static libraries
11 | *.lai
12 | *.la
13 | *.a
14 |
15 | # Unwanted files and folders
16 | src/Debug
17 | src/Release
18 | bin/*
19 | *.opensdf
20 | *.suo
21 | *.sdf
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | GNU GENERAL PUBLIC LICENSE
2 | Version 3, 29 June 2007
3 |
4 | Copyright (C) 2007 Free Software Foundation, Inc.
5 | Everyone is permitted to copy and distribute verbatim copies
6 | of this license document, but changing it is not allowed.
7 |
8 | Preamble
9 |
10 | The GNU General Public License is a free, copyleft license for
11 | software and other kinds of works.
12 |
13 | The licenses for most software and other practical works are designed
14 | to take away your freedom to share and change the works. By contrast,
15 | the GNU General Public License is intended to guarantee your freedom to
16 | share and change all versions of a program--to make sure it remains free
17 | software for all its users. We, the Free Software Foundation, use the
18 | GNU General Public License for most of our software; it applies also to
19 | any other work released this way by its authors. You can apply it to
20 | your programs, too.
21 |
22 | When we speak of free software, we are referring to freedom, not
23 | price. Our General Public Licenses are designed to make sure that you
24 | have the freedom to distribute copies of free software (and charge for
25 | them if you wish), that you receive source code or can get it if you
26 | want it, that you can change the software or use pieces of it in new
27 | free programs, and that you know you can do these things.
28 |
29 | To protect your rights, we need to prevent others from denying you
30 | these rights or asking you to surrender the rights. Therefore, you have
31 | certain responsibilities if you distribute copies of the software, or if
32 | you modify it: responsibilities to respect the freedom of others.
33 |
34 | For example, if you distribute copies of such a program, whether
35 | gratis or for a fee, you must pass on to the recipients the same
36 | freedoms that you received. You must make sure that they, too, receive
37 | or can get the source code. And you must show them these terms so they
38 | know their rights.
39 |
40 | Developers that use the GNU GPL protect your rights with two steps:
41 | (1) assert copyright on the software, and (2) offer you this License
42 | giving you legal permission to copy, distribute and/or modify it.
43 |
44 | For the developers' and authors' protection, the GPL clearly explains
45 | that there is no warranty for this free software. For both users' and
46 | authors' sake, the GPL requires that modified versions be marked as
47 | changed, so that their problems will not be attributed erroneously to
48 | authors of previous versions.
49 |
50 | Some devices are designed to deny users access to install or run
51 | modified versions of the software inside them, although the manufacturer
52 | can do so. This is fundamentally incompatible with the aim of
53 | protecting users' freedom to change the software. The systematic
54 | pattern of such abuse occurs in the area of products for individuals to
55 | use, which is precisely where it is most unacceptable. Therefore, we
56 | have designed this version of the GPL to prohibit the practice for those
57 | products. If such problems arise substantially in other domains, we
58 | stand ready to extend this provision to those domains in future versions
59 | of the GPL, as needed to protect the freedom of users.
60 |
61 | Finally, every program is threatened constantly by software patents.
62 | States should not allow patents to restrict development and use of
63 | software on general-purpose computers, but in those that do, we wish to
64 | avoid the special danger that patents applied to a free program could
65 | make it effectively proprietary. To prevent this, the GPL assures that
66 | patents cannot be used to render the program non-free.
67 |
68 | The precise terms and conditions for copying, distribution and
69 | modification follow.
70 |
71 | TERMS AND CONDITIONS
72 |
73 | 0. Definitions.
74 |
75 | "This License" refers to version 3 of the GNU General Public License.
76 |
77 | "Copyright" also means copyright-like laws that apply to other kinds of
78 | works, such as semiconductor masks.
79 |
80 | "The Program" refers to any copyrightable work licensed under this
81 | License. Each licensee is addressed as "you". "Licensees" and
82 | "recipients" may be individuals or organizations.
83 |
84 | To "modify" a work means to copy from or adapt all or part of the work
85 | in a fashion requiring copyright permission, other than the making of an
86 | exact copy. The resulting work is called a "modified version" of the
87 | earlier work or a work "based on" the earlier work.
88 |
89 | A "covered work" means either the unmodified Program or a work based
90 | on the Program.
91 |
92 | To "propagate" a work means to do anything with it that, without
93 | permission, would make you directly or secondarily liable for
94 | infringement under applicable copyright law, except executing it on a
95 | computer or modifying a private copy. Propagation includes copying,
96 | distribution (with or without modification), making available to the
97 | public, and in some countries other activities as well.
98 |
99 | To "convey" a work means any kind of propagation that enables other
100 | parties to make or receive copies. Mere interaction with a user through
101 | a computer network, with no transfer of a copy, is not conveying.
102 |
103 | An interactive user interface displays "Appropriate Legal Notices"
104 | to the extent that it includes a convenient and prominently visible
105 | feature that (1) displays an appropriate copyright notice, and (2)
106 | tells the user that there is no warranty for the work (except to the
107 | extent that warranties are provided), that licensees may convey the
108 | work under this License, and how to view a copy of this License. If
109 | the interface presents a list of user commands or options, such as a
110 | menu, a prominent item in the list meets this criterion.
111 |
112 | 1. Source Code.
113 |
114 | The "source code" for a work means the preferred form of the work
115 | for making modifications to it. "Object code" means any non-source
116 | form of a work.
117 |
118 | A "Standard Interface" means an interface that either is an official
119 | standard defined by a recognized standards body, or, in the case of
120 | interfaces specified for a particular programming language, one that
121 | is widely used among developers working in that language.
122 |
123 | The "System Libraries" of an executable work include anything, other
124 | than the work as a whole, that (a) is included in the normal form of
125 | packaging a Major Component, but which is not part of that Major
126 | Component, and (b) serves only to enable use of the work with that
127 | Major Component, or to implement a Standard Interface for which an
128 | implementation is available to the public in source code form. A
129 | "Major Component", in this context, means a major essential component
130 | (kernel, window system, and so on) of the specific operating system
131 | (if any) on which the executable work runs, or a compiler used to
132 | produce the work, or an object code interpreter used to run it.
133 |
134 | The "Corresponding Source" for a work in object code form means all
135 | the source code needed to generate, install, and (for an executable
136 | work) run the object code and to modify the work, including scripts to
137 | control those activities. However, it does not include the work's
138 | System Libraries, or general-purpose tools or generally available free
139 | programs which are used unmodified in performing those activities but
140 | which are not part of the work. For example, Corresponding Source
141 | includes interface definition files associated with source files for
142 | the work, and the source code for shared libraries and dynamically
143 | linked subprograms that the work is specifically designed to require,
144 | such as by intimate data communication or control flow between those
145 | subprograms and other parts of the work.
146 |
147 | The Corresponding Source need not include anything that users
148 | can regenerate automatically from other parts of the Corresponding
149 | Source.
150 |
151 | The Corresponding Source for a work in source code form is that
152 | same work.
153 |
154 | 2. Basic Permissions.
155 |
156 | All rights granted under this License are granted for the term of
157 | copyright on the Program, and are irrevocable provided the stated
158 | conditions are met. This License explicitly affirms your unlimited
159 | permission to run the unmodified Program. The output from running a
160 | covered work is covered by this License only if the output, given its
161 | content, constitutes a covered work. This License acknowledges your
162 | rights of fair use or other equivalent, as provided by copyright law.
163 |
164 | You may make, run and propagate covered works that you do not
165 | convey, without conditions so long as your license otherwise remains
166 | in force. You may convey covered works to others for the sole purpose
167 | of having them make modifications exclusively for you, or provide you
168 | with facilities for running those works, provided that you comply with
169 | the terms of this License in conveying all material for which you do
170 | not control copyright. Those thus making or running the covered works
171 | for you must do so exclusively on your behalf, under your direction
172 | and control, on terms that prohibit them from making any copies of
173 | your copyrighted material outside their relationship with you.
174 |
175 | Conveying under any other circumstances is permitted solely under
176 | the conditions stated below. Sublicensing is not allowed; section 10
177 | makes it unnecessary.
178 |
179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
180 |
181 | No covered work shall be deemed part of an effective technological
182 | measure under any applicable law fulfilling obligations under article
183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
184 | similar laws prohibiting or restricting circumvention of such
185 | measures.
186 |
187 | When you convey a covered work, you waive any legal power to forbid
188 | circumvention of technological measures to the extent such circumvention
189 | is effected by exercising rights under this License with respect to
190 | the covered work, and you disclaim any intention to limit operation or
191 | modification of the work as a means of enforcing, against the work's
192 | users, your or third parties' legal rights to forbid circumvention of
193 | technological measures.
194 |
195 | 4. Conveying Verbatim Copies.
196 |
197 | You may convey verbatim copies of the Program's source code as you
198 | receive it, in any medium, provided that you conspicuously and
199 | appropriately publish on each copy an appropriate copyright notice;
200 | keep intact all notices stating that this License and any
201 | non-permissive terms added in accord with section 7 apply to the code;
202 | keep intact all notices of the absence of any warranty; and give all
203 | recipients a copy of this License along with the Program.
204 |
205 | You may charge any price or no price for each copy that you convey,
206 | and you may offer support or warranty protection for a fee.
207 |
208 | 5. Conveying Modified Source Versions.
209 |
210 | You may convey a work based on the Program, or the modifications to
211 | produce it from the Program, in the form of source code under the
212 | terms of section 4, provided that you also meet all of these conditions:
213 |
214 | a) The work must carry prominent notices stating that you modified
215 | it, and giving a relevant date.
216 |
217 | b) The work must carry prominent notices stating that it is
218 | released under this License and any conditions added under section
219 | 7. This requirement modifies the requirement in section 4 to
220 | "keep intact all notices".
221 |
222 | c) You must license the entire work, as a whole, under this
223 | License to anyone who comes into possession of a copy. This
224 | License will therefore apply, along with any applicable section 7
225 | additional terms, to the whole of the work, and all its parts,
226 | regardless of how they are packaged. This License gives no
227 | permission to license the work in any other way, but it does not
228 | invalidate such permission if you have separately received it.
229 |
230 | d) If the work has interactive user interfaces, each must display
231 | Appropriate Legal Notices; however, if the Program has interactive
232 | interfaces that do not display Appropriate Legal Notices, your
233 | work need not make them do so.
234 |
235 | A compilation of a covered work with other separate and independent
236 | works, which are not by their nature extensions of the covered work,
237 | and which are not combined with it such as to form a larger program,
238 | in or on a volume of a storage or distribution medium, is called an
239 | "aggregate" if the compilation and its resulting copyright are not
240 | used to limit the access or legal rights of the compilation's users
241 | beyond what the individual works permit. Inclusion of a covered work
242 | in an aggregate does not cause this License to apply to the other
243 | parts of the aggregate.
244 |
245 | 6. Conveying Non-Source Forms.
246 |
247 | You may convey a covered work in object code form under the terms
248 | of sections 4 and 5, provided that you also convey the
249 | machine-readable Corresponding Source under the terms of this License,
250 | in one of these ways:
251 |
252 | a) Convey the object code in, or embodied in, a physical product
253 | (including a physical distribution medium), accompanied by the
254 | Corresponding Source fixed on a durable physical medium
255 | customarily used for software interchange.
256 |
257 | b) Convey the object code in, or embodied in, a physical product
258 | (including a physical distribution medium), accompanied by a
259 | written offer, valid for at least three years and valid for as
260 | long as you offer spare parts or customer support for that product
261 | model, to give anyone who possesses the object code either (1) a
262 | copy of the Corresponding Source for all the software in the
263 | product that is covered by this License, on a durable physical
264 | medium customarily used for software interchange, for a price no
265 | more than your reasonable cost of physically performing this
266 | conveying of source, or (2) access to copy the
267 | Corresponding Source from a network server at no charge.
268 |
269 | c) Convey individual copies of the object code with a copy of the
270 | written offer to provide the Corresponding Source. This
271 | alternative is allowed only occasionally and noncommercially, and
272 | only if you received the object code with such an offer, in accord
273 | with subsection 6b.
274 |
275 | d) Convey the object code by offering access from a designated
276 | place (gratis or for a charge), and offer equivalent access to the
277 | Corresponding Source in the same way through the same place at no
278 | further charge. You need not require recipients to copy the
279 | Corresponding Source along with the object code. If the place to
280 | copy the object code is a network server, the Corresponding Source
281 | may be on a different server (operated by you or a third party)
282 | that supports equivalent copying facilities, provided you maintain
283 | clear directions next to the object code saying where to find the
284 | Corresponding Source. Regardless of what server hosts the
285 | Corresponding Source, you remain obligated to ensure that it is
286 | available for as long as needed to satisfy these requirements.
287 |
288 | e) Convey the object code using peer-to-peer transmission, provided
289 | you inform other peers where the object code and Corresponding
290 | Source of the work are being offered to the general public at no
291 | charge under subsection 6d.
292 |
293 | A separable portion of the object code, whose source code is excluded
294 | from the Corresponding Source as a System Library, need not be
295 | included in conveying the object code work.
296 |
297 | A "User Product" is either (1) a "consumer product", which means any
298 | tangible personal property which is normally used for personal, family,
299 | or household purposes, or (2) anything designed or sold for incorporation
300 | into a dwelling. In determining whether a product is a consumer product,
301 | doubtful cases shall be resolved in favor of coverage. For a particular
302 | product received by a particular user, "normally used" refers to a
303 | typical or common use of that class of product, regardless of the status
304 | of the particular user or of the way in which the particular user
305 | actually uses, or expects or is expected to use, the product. A product
306 | is a consumer product regardless of whether the product has substantial
307 | commercial, industrial or non-consumer uses, unless such uses represent
308 | the only significant mode of use of the product.
309 |
310 | "Installation Information" for a User Product means any methods,
311 | procedures, authorization keys, or other information required to install
312 | and execute modified versions of a covered work in that User Product from
313 | a modified version of its Corresponding Source. The information must
314 | suffice to ensure that the continued functioning of the modified object
315 | code is in no case prevented or interfered with solely because
316 | modification has been made.
317 |
318 | If you convey an object code work under this section in, or with, or
319 | specifically for use in, a User Product, and the conveying occurs as
320 | part of a transaction in which the right of possession and use of the
321 | User Product is transferred to the recipient in perpetuity or for a
322 | fixed term (regardless of how the transaction is characterized), the
323 | Corresponding Source conveyed under this section must be accompanied
324 | by the Installation Information. But this requirement does not apply
325 | if neither you nor any third party retains the ability to install
326 | modified object code on the User Product (for example, the work has
327 | been installed in ROM).
328 |
329 | The requirement to provide Installation Information does not include a
330 | requirement to continue to provide support service, warranty, or updates
331 | for a work that has been modified or installed by the recipient, or for
332 | the User Product in which it has been modified or installed. Access to a
333 | network may be denied when the modification itself materially and
334 | adversely affects the operation of the network or violates the rules and
335 | protocols for communication across the network.
336 |
337 | Corresponding Source conveyed, and Installation Information provided,
338 | in accord with this section must be in a format that is publicly
339 | documented (and with an implementation available to the public in
340 | source code form), and must require no special password or key for
341 | unpacking, reading or copying.
342 |
343 | 7. Additional Terms.
344 |
345 | "Additional permissions" are terms that supplement the terms of this
346 | License by making exceptions from one or more of its conditions.
347 | Additional permissions that are applicable to the entire Program shall
348 | be treated as though they were included in this License, to the extent
349 | that they are valid under applicable law. If additional permissions
350 | apply only to part of the Program, that part may be used separately
351 | under those permissions, but the entire Program remains governed by
352 | this License without regard to the additional permissions.
353 |
354 | When you convey a copy of a covered work, you may at your option
355 | remove any additional permissions from that copy, or from any part of
356 | it. (Additional permissions may be written to require their own
357 | removal in certain cases when you modify the work.) You may place
358 | additional permissions on material, added by you to a covered work,
359 | for which you have or can give appropriate copyright permission.
360 |
361 | Notwithstanding any other provision of this License, for material you
362 | add to a covered work, you may (if authorized by the copyright holders of
363 | that material) supplement the terms of this License with terms:
364 |
365 | a) Disclaiming warranty or limiting liability differently from the
366 | terms of sections 15 and 16 of this License; or
367 |
368 | b) Requiring preservation of specified reasonable legal notices or
369 | author attributions in that material or in the Appropriate Legal
370 | Notices displayed by works containing it; or
371 |
372 | c) Prohibiting misrepresentation of the origin of that material, or
373 | requiring that modified versions of such material be marked in
374 | reasonable ways as different from the original version; or
375 |
376 | d) Limiting the use for publicity purposes of names of licensors or
377 | authors of the material; or
378 |
379 | e) Declining to grant rights under trademark law for use of some
380 | trade names, trademarks, or service marks; or
381 |
382 | f) Requiring indemnification of licensors and authors of that
383 | material by anyone who conveys the material (or modified versions of
384 | it) with contractual assumptions of liability to the recipient, for
385 | any liability that these contractual assumptions directly impose on
386 | those licensors and authors.
387 |
388 | All other non-permissive additional terms are considered "further
389 | restrictions" within the meaning of section 10. If the Program as you
390 | received it, or any part of it, contains a notice stating that it is
391 | governed by this License along with a term that is a further
392 | restriction, you may remove that term. If a license document contains
393 | a further restriction but permits relicensing or conveying under this
394 | License, you may add to a covered work material governed by the terms
395 | of that license document, provided that the further restriction does
396 | not survive such relicensing or conveying.
397 |
398 | If you add terms to a covered work in accord with this section, you
399 | must place, in the relevant source files, a statement of the
400 | additional terms that apply to those files, or a notice indicating
401 | where to find the applicable terms.
402 |
403 | Additional terms, permissive or non-permissive, may be stated in the
404 | form of a separately written license, or stated as exceptions;
405 | the above requirements apply either way.
406 |
407 | 8. Termination.
408 |
409 | You may not propagate or modify a covered work except as expressly
410 | provided under this License. Any attempt otherwise to propagate or
411 | modify it is void, and will automatically terminate your rights under
412 | this License (including any patent licenses granted under the third
413 | paragraph of section 11).
414 |
415 | However, if you cease all violation of this License, then your
416 | license from a particular copyright holder is reinstated (a)
417 | provisionally, unless and until the copyright holder explicitly and
418 | finally terminates your license, and (b) permanently, if the copyright
419 | holder fails to notify you of the violation by some reasonable means
420 | prior to 60 days after the cessation.
421 |
422 | Moreover, your license from a particular copyright holder is
423 | reinstated permanently if the copyright holder notifies you of the
424 | violation by some reasonable means, this is the first time you have
425 | received notice of violation of this License (for any work) from that
426 | copyright holder, and you cure the violation prior to 30 days after
427 | your receipt of the notice.
428 |
429 | Termination of your rights under this section does not terminate the
430 | licenses of parties who have received copies or rights from you under
431 | this License. If your rights have been terminated and not permanently
432 | reinstated, you do not qualify to receive new licenses for the same
433 | material under section 10.
434 |
435 | 9. Acceptance Not Required for Having Copies.
436 |
437 | You are not required to accept this License in order to receive or
438 | run a copy of the Program. Ancillary propagation of a covered work
439 | occurring solely as a consequence of using peer-to-peer transmission
440 | to receive a copy likewise does not require acceptance. However,
441 | nothing other than this License grants you permission to propagate or
442 | modify any covered work. These actions infringe copyright if you do
443 | not accept this License. Therefore, by modifying or propagating a
444 | covered work, you indicate your acceptance of this License to do so.
445 |
446 | 10. Automatic Licensing of Downstream Recipients.
447 |
448 | Each time you convey a covered work, the recipient automatically
449 | receives a license from the original licensors, to run, modify and
450 | propagate that work, subject to this License. You are not responsible
451 | for enforcing compliance by third parties with this License.
452 |
453 | An "entity transaction" is a transaction transferring control of an
454 | organization, or substantially all assets of one, or subdividing an
455 | organization, or merging organizations. If propagation of a covered
456 | work results from an entity transaction, each party to that
457 | transaction who receives a copy of the work also receives whatever
458 | licenses to the work the party's predecessor in interest had or could
459 | give under the previous paragraph, plus a right to possession of the
460 | Corresponding Source of the work from the predecessor in interest, if
461 | the predecessor has it or can get it with reasonable efforts.
462 |
463 | You may not impose any further restrictions on the exercise of the
464 | rights granted or affirmed under this License. For example, you may
465 | not impose a license fee, royalty, or other charge for exercise of
466 | rights granted under this License, and you may not initiate litigation
467 | (including a cross-claim or counterclaim in a lawsuit) alleging that
468 | any patent claim is infringed by making, using, selling, offering for
469 | sale, or importing the Program or any portion of it.
470 |
471 | 11. Patents.
472 |
473 | A "contributor" is a copyright holder who authorizes use under this
474 | License of the Program or a work on which the Program is based. The
475 | work thus licensed is called the contributor's "contributor version".
476 |
477 | A contributor's "essential patent claims" are all patent claims
478 | owned or controlled by the contributor, whether already acquired or
479 | hereafter acquired, that would be infringed by some manner, permitted
480 | by this License, of making, using, or selling its contributor version,
481 | but do not include claims that would be infringed only as a
482 | consequence of further modification of the contributor version. For
483 | purposes of this definition, "control" includes the right to grant
484 | patent sublicenses in a manner consistent with the requirements of
485 | this License.
486 |
487 | Each contributor grants you a non-exclusive, worldwide, royalty-free
488 | patent license under the contributor's essential patent claims, to
489 | make, use, sell, offer for sale, import and otherwise run, modify and
490 | propagate the contents of its contributor version.
491 |
492 | In the following three paragraphs, a "patent license" is any express
493 | agreement or commitment, however denominated, not to enforce a patent
494 | (such as an express permission to practice a patent or covenant not to
495 | sue for patent infringement). To "grant" such a patent license to a
496 | party means to make such an agreement or commitment not to enforce a
497 | patent against the party.
498 |
499 | If you convey a covered work, knowingly relying on a patent license,
500 | and the Corresponding Source of the work is not available for anyone
501 | to copy, free of charge and under the terms of this License, through a
502 | publicly available network server or other readily accessible means,
503 | then you must either (1) cause the Corresponding Source to be so
504 | available, or (2) arrange to deprive yourself of the benefit of the
505 | patent license for this particular work, or (3) arrange, in a manner
506 | consistent with the requirements of this License, to extend the patent
507 | license to downstream recipients. "Knowingly relying" means you have
508 | actual knowledge that, but for the patent license, your conveying the
509 | covered work in a country, or your recipient's use of the covered work
510 | in a country, would infringe one or more identifiable patents in that
511 | country that you have reason to believe are valid.
512 |
513 | If, pursuant to or in connection with a single transaction or
514 | arrangement, you convey, or propagate by procuring conveyance of, a
515 | covered work, and grant a patent license to some of the parties
516 | receiving the covered work authorizing them to use, propagate, modify
517 | or convey a specific copy of the covered work, then the patent license
518 | you grant is automatically extended to all recipients of the covered
519 | work and works based on it.
520 |
521 | A patent license is "discriminatory" if it does not include within
522 | the scope of its coverage, prohibits the exercise of, or is
523 | conditioned on the non-exercise of one or more of the rights that are
524 | specifically granted under this License. You may not convey a covered
525 | work if you are a party to an arrangement with a third party that is
526 | in the business of distributing software, under which you make payment
527 | to the third party based on the extent of your activity of conveying
528 | the work, and under which the third party grants, to any of the
529 | parties who would receive the covered work from you, a discriminatory
530 | patent license (a) in connection with copies of the covered work
531 | conveyed by you (or copies made from those copies), or (b) primarily
532 | for and in connection with specific products or compilations that
533 | contain the covered work, unless you entered into that arrangement,
534 | or that patent license was granted, prior to 28 March 2007.
535 |
536 | Nothing in this License shall be construed as excluding or limiting
537 | any implied license or other defenses to infringement that may
538 | otherwise be available to you under applicable patent law.
539 |
540 | 12. No Surrender of Others' Freedom.
541 |
542 | If conditions are imposed on you (whether by court order, agreement or
543 | otherwise) that contradict the conditions of this License, they do not
544 | excuse you from the conditions of this License. If you cannot convey a
545 | covered work so as to satisfy simultaneously your obligations under this
546 | License and any other pertinent obligations, then as a consequence you may
547 | not convey it at all. For example, if you agree to terms that obligate you
548 | to collect a royalty for further conveying from those to whom you convey
549 | the Program, the only way you could satisfy both those terms and this
550 | License would be to refrain entirely from conveying the Program.
551 |
552 | 13. Use with the GNU Affero General Public License.
553 |
554 | Notwithstanding any other provision of this License, you have
555 | permission to link or combine any covered work with a work licensed
556 | under version 3 of the GNU Affero General Public License into a single
557 | combined work, and to convey the resulting work. The terms of this
558 | License will continue to apply to the part which is the covered work,
559 | but the special requirements of the GNU Affero General Public License,
560 | section 13, concerning interaction through a network will apply to the
561 | combination as such.
562 |
563 | 14. Revised Versions of this License.
564 |
565 | The Free Software Foundation may publish revised and/or new versions of
566 | the GNU General Public License from time to time. Such new versions will
567 | be similar in spirit to the present version, but may differ in detail to
568 | address new problems or concerns.
569 |
570 | Each version is given a distinguishing version number. If the
571 | Program specifies that a certain numbered version of the GNU General
572 | Public License "or any later version" applies to it, you have the
573 | option of following the terms and conditions either of that numbered
574 | version or of any later version published by the Free Software
575 | Foundation. If the Program does not specify a version number of the
576 | GNU General Public License, you may choose any version ever published
577 | by the Free Software Foundation.
578 |
579 | If the Program specifies that a proxy can decide which future
580 | versions of the GNU General Public License can be used, that proxy's
581 | public statement of acceptance of a version permanently authorizes you
582 | to choose that version for the Program.
583 |
584 | Later license versions may give you additional or different
585 | permissions. However, no additional obligations are imposed on any
586 | author or copyright holder as a result of your choosing to follow a
587 | later version.
588 |
589 | 15. Disclaimer of Warranty.
590 |
591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
599 |
600 | 16. Limitation of Liability.
601 |
602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
610 | SUCH DAMAGES.
611 |
612 | 17. Interpretation of Sections 15 and 16.
613 |
614 | If the disclaimer of warranty and limitation of liability provided
615 | above cannot be given local legal effect according to their terms,
616 | reviewing courts shall apply local law that most closely approximates
617 | an absolute waiver of all civil liability in connection with the
618 | Program, unless a warranty or assumption of liability accompanies a
619 | copy of the Program in return for a fee.
620 |
621 | END OF TERMS AND CONDITIONS
622 |
623 | How to Apply These Terms to Your New Programs
624 |
625 | If you develop a new program, and you want it to be of the greatest
626 | possible use to the public, the best way to achieve this is to make it
627 | free software which everyone can redistribute and change under these terms.
628 |
629 | To do so, attach the following notices to the program. It is safest
630 | to attach them to the start of each source file to most effectively
631 | state the exclusion of warranty; and each file should have at least
632 | the "copyright" line and a pointer to where the full notice is found.
633 |
634 |
635 | Copyright (C)
636 |
637 | This program is free software: you can redistribute it and/or modify
638 | it under the terms of the GNU General Public License as published by
639 | the Free Software Foundation, either version 3 of the License, or
640 | (at your option) any later version.
641 |
642 | This program is distributed in the hope that it will be useful,
643 | but WITHOUT ANY WARRANTY; without even the implied warranty of
644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
645 | GNU General Public License for more details.
646 |
647 | You should have received a copy of the GNU General Public License
648 | along with this program. If not, see .
649 |
650 | Also add information on how to contact you by electronic and paper mail.
651 |
652 | If the program does terminal interaction, make it output a short
653 | notice like this when it starts in an interactive mode:
654 |
655 | Copyright (C)
656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
657 | This is free software, and you are welcome to redistribute it
658 | under certain conditions; type `show c' for details.
659 |
660 | The hypothetical commands `show w' and `show c' should show the appropriate
661 | parts of the General Public License. Of course, your program's commands
662 | might be different; for a GUI interface, you would use an "about box".
663 |
664 | You should also get your employer (if you work as a programmer) or school,
665 | if any, to sign a "copyright disclaimer" for the program, if necessary.
666 | For more information on this, and how to apply and follow the GNU GPL, see
667 | .
668 |
669 | The GNU General Public License does not permit incorporating your program
670 | into proprietary programs. If your program is a subroutine library, you
671 | may consider it more useful to permit linking proprietary applications with
672 | the library. If this is what you want to do, use the GNU Lesser General
673 | Public License instead of this License. But first, please read
674 | .
--------------------------------------------------------------------------------
/Linux/Makefile:
--------------------------------------------------------------------------------
1 | CC = gcc
2 | CFLAGS =
3 |
4 | ifeq ($(DEBUG), 1)
5 | CFLAGS+=-g -O0
6 | else
7 | CFLAGS+=-O2
8 | endif
9 |
10 | TARGET = make_npdata
11 | OBJS = make_npdata.o aes.o sha1.o lz.o utils.o
12 |
13 | all: $(TARGET)
14 |
15 | $(TARGET): $(OBJS)
16 | $(CC) $(CFLAGS) -o $@ $(OBJS)
17 |
18 |
19 |
--------------------------------------------------------------------------------
/Linux/aes.c:
--------------------------------------------------------------------------------
1 | /*
2 | * FIPS-197 compliant AES implementation
3 | *
4 | * Copyright (C) 2006-2013, Brainspark B.V.
5 | *
6 | * This file is part of PolarSSL (http://www.polarssl.org)
7 | * Lead Maintainer: Paul Bakker
8 | *
9 | * All rights reserved.
10 | *
11 | * This program is free software; you can redistribute it and/or modify
12 | * it under the terms of the GNU General Public License as published by
13 | * the Free Software Foundation; either version 2 of the License, or
14 | * (at your option) any later version.
15 | *
16 | * This program is distributed in the hope that it will be useful,
17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 | * GNU General Public License for more details.
20 | *
21 | * You should have received a copy of the GNU General Public License along
22 | * with this program; if not, write to the Free Software Foundation, Inc.,
23 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 | */
25 | /*
26 | * The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
27 | *
28 | * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
29 | * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
30 | */
31 |
32 | #include "aes.h"
33 |
34 | /*
35 | * 32-bit integer manipulation macros (little endian)
36 | */
37 | #ifndef GET_UINT32_LE
38 | #define GET_UINT32_LE(n,b,i) \
39 | { \
40 | (n) = ( (uint32_t) (b)[(i) ] ) \
41 | | ( (uint32_t) (b)[(i) + 1] << 8 ) \
42 | | ( (uint32_t) (b)[(i) + 2] << 16 ) \
43 | | ( (uint32_t) (b)[(i) + 3] << 24 ); \
44 | }
45 | #endif
46 |
47 | #ifndef PUT_UINT32_LE
48 | #define PUT_UINT32_LE(n,b,i) \
49 | { \
50 | (b)[(i) ] = (unsigned char) ( (n) ); \
51 | (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
52 | (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
53 | (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
54 | }
55 | #endif
56 |
57 | #if defined(POLARSSL_AES_ROM_TABLES)
58 | /*
59 | * Forward S-box
60 | */
61 | static const unsigned char FSb[256] =
62 | {
63 | 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
64 | 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
65 | 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
66 | 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
67 | 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
68 | 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
69 | 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
70 | 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
71 | 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
72 | 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
73 | 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
74 | 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
75 | 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
76 | 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
77 | 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
78 | 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
79 | 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
80 | 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
81 | 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
82 | 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
83 | 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
84 | 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
85 | 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
86 | 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
87 | 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
88 | 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
89 | 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
90 | 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
91 | 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
92 | 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
93 | 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
94 | 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
95 | };
96 |
97 | /*
98 | * Forward tables
99 | */
100 | #define FT \
101 | \
102 | V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \
103 | V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \
104 | V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \
105 | V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \
106 | V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \
107 | V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \
108 | V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \
109 | V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \
110 | V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \
111 | V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \
112 | V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \
113 | V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \
114 | V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \
115 | V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \
116 | V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \
117 | V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \
118 | V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \
119 | V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \
120 | V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \
121 | V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \
122 | V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \
123 | V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \
124 | V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \
125 | V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \
126 | V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \
127 | V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \
128 | V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \
129 | V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \
130 | V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \
131 | V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \
132 | V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \
133 | V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \
134 | V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \
135 | V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \
136 | V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \
137 | V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \
138 | V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \
139 | V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \
140 | V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \
141 | V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \
142 | V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \
143 | V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \
144 | V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \
145 | V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \
146 | V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \
147 | V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \
148 | V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \
149 | V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \
150 | V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \
151 | V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \
152 | V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \
153 | V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \
154 | V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \
155 | V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \
156 | V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \
157 | V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \
158 | V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \
159 | V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \
160 | V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \
161 | V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \
162 | V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \
163 | V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \
164 | V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \
165 | V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C)
166 |
167 | #define V(a,b,c,d) 0x##a##b##c##d
168 | static const uint32_t FT0[256] = { FT };
169 | #undef V
170 |
171 | #define V(a,b,c,d) 0x##b##c##d##a
172 | static const uint32_t FT1[256] = { FT };
173 | #undef V
174 |
175 | #define V(a,b,c,d) 0x##c##d##a##b
176 | static const uint32_t FT2[256] = { FT };
177 | #undef V
178 |
179 | #define V(a,b,c,d) 0x##d##a##b##c
180 | static const uint32_t FT3[256] = { FT };
181 | #undef V
182 |
183 | #undef FT
184 |
185 | /*
186 | * Reverse S-box
187 | */
188 | static const unsigned char RSb[256] =
189 | {
190 | 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
191 | 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
192 | 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
193 | 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
194 | 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D,
195 | 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
196 | 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2,
197 | 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
198 | 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
199 | 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
200 | 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA,
201 | 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
202 | 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A,
203 | 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
204 | 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
205 | 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
206 | 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA,
207 | 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
208 | 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85,
209 | 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
210 | 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
211 | 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
212 | 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20,
213 | 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
214 | 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31,
215 | 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
216 | 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
217 | 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
218 | 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0,
219 | 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
220 | 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
221 | 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
222 | };
223 |
224 | /*
225 | * Reverse tables
226 | */
227 | #define RT \
228 | \
229 | V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \
230 | V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \
231 | V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \
232 | V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \
233 | V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \
234 | V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \
235 | V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \
236 | V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \
237 | V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \
238 | V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \
239 | V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \
240 | V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \
241 | V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \
242 | V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \
243 | V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \
244 | V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \
245 | V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \
246 | V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \
247 | V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \
248 | V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \
249 | V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \
250 | V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \
251 | V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \
252 | V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \
253 | V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \
254 | V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \
255 | V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \
256 | V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \
257 | V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \
258 | V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \
259 | V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \
260 | V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \
261 | V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \
262 | V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \
263 | V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \
264 | V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \
265 | V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \
266 | V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \
267 | V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \
268 | V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \
269 | V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \
270 | V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \
271 | V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \
272 | V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \
273 | V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \
274 | V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \
275 | V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \
276 | V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \
277 | V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \
278 | V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \
279 | V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \
280 | V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \
281 | V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \
282 | V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \
283 | V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \
284 | V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \
285 | V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \
286 | V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \
287 | V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \
288 | V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \
289 | V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \
290 | V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \
291 | V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \
292 | V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
293 |
294 | #define V(a,b,c,d) 0x##a##b##c##d
295 | static const uint32_t RT0[256] = { RT };
296 | #undef V
297 |
298 | #define V(a,b,c,d) 0x##b##c##d##a
299 | static const uint32_t RT1[256] = { RT };
300 | #undef V
301 |
302 | #define V(a,b,c,d) 0x##c##d##a##b
303 | static const uint32_t RT2[256] = { RT };
304 | #undef V
305 |
306 | #define V(a,b,c,d) 0x##d##a##b##c
307 | static const uint32_t RT3[256] = { RT };
308 | #undef V
309 |
310 | #undef RT
311 |
312 | /*
313 | * Round constants
314 | */
315 | static const uint32_t RCON[10] =
316 | {
317 | 0x00000001, 0x00000002, 0x00000004, 0x00000008,
318 | 0x00000010, 0x00000020, 0x00000040, 0x00000080,
319 | 0x0000001B, 0x00000036
320 | };
321 |
322 | #else
323 |
324 | /*
325 | * Forward S-box & tables
326 | */
327 | static unsigned char FSb[256];
328 | static uint32_t FT0[256];
329 | static uint32_t FT1[256];
330 | static uint32_t FT2[256];
331 | static uint32_t FT3[256];
332 |
333 | /*
334 | * Reverse S-box & tables
335 | */
336 | static unsigned char RSb[256];
337 | static uint32_t RT0[256];
338 | static uint32_t RT1[256];
339 | static uint32_t RT2[256];
340 | static uint32_t RT3[256];
341 |
342 | /*
343 | * Round constants
344 | */
345 | static uint32_t RCON[10];
346 |
347 | /*
348 | * Tables generation code
349 | */
350 | #define ROTL8(x) ( ( x << 8 ) & 0xFFFFFFFF ) | ( x >> 24 )
351 | #define XTIME(x) ( ( x << 1 ) ^ ( ( x & 0x80 ) ? 0x1B : 0x00 ) )
352 | #define MUL(x,y) ( ( x && y ) ? pow[(log[x]+log[y]) % 255] : 0 )
353 |
354 | static int aes_init_done = 0;
355 |
356 | static void aes_gen_tables( void )
357 | {
358 | int i, x, y, z;
359 | int pow[256];
360 | int log[256];
361 |
362 | /*
363 | * compute pow and log tables over GF(2^8)
364 | */
365 | for( i = 0, x = 1; i < 256; i++ )
366 | {
367 | pow[i] = x;
368 | log[x] = i;
369 | x = ( x ^ XTIME( x ) ) & 0xFF;
370 | }
371 |
372 | /*
373 | * calculate the round constants
374 | */
375 | for( i = 0, x = 1; i < 10; i++ )
376 | {
377 | RCON[i] = (uint32_t) x;
378 | x = XTIME( x ) & 0xFF;
379 | }
380 |
381 | /*
382 | * generate the forward and reverse S-boxes
383 | */
384 | FSb[0x00] = 0x63;
385 | RSb[0x63] = 0x00;
386 |
387 | for( i = 1; i < 256; i++ )
388 | {
389 | x = pow[255 - log[i]];
390 |
391 | y = x; y = ( (y << 1) | (y >> 7) ) & 0xFF;
392 | x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF;
393 | x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF;
394 | x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF;
395 | x ^= y ^ 0x63;
396 |
397 | FSb[i] = (unsigned char) x;
398 | RSb[x] = (unsigned char) i;
399 | }
400 |
401 | /*
402 | * generate the forward and reverse tables
403 | */
404 | for( i = 0; i < 256; i++ )
405 | {
406 | x = FSb[i];
407 | y = XTIME( x ) & 0xFF;
408 | z = ( y ^ x ) & 0xFF;
409 |
410 | FT0[i] = ( (uint32_t) y ) ^
411 | ( (uint32_t) x << 8 ) ^
412 | ( (uint32_t) x << 16 ) ^
413 | ( (uint32_t) z << 24 );
414 |
415 | FT1[i] = ROTL8( FT0[i] );
416 | FT2[i] = ROTL8( FT1[i] );
417 | FT3[i] = ROTL8( FT2[i] );
418 |
419 | x = RSb[i];
420 |
421 | RT0[i] = ( (uint32_t) MUL( 0x0E, x ) ) ^
422 | ( (uint32_t) MUL( 0x09, x ) << 8 ) ^
423 | ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^
424 | ( (uint32_t) MUL( 0x0B, x ) << 24 );
425 |
426 | RT1[i] = ROTL8( RT0[i] );
427 | RT2[i] = ROTL8( RT1[i] );
428 | RT3[i] = ROTL8( RT2[i] );
429 | }
430 | }
431 |
432 | #endif
433 |
434 | /*
435 | * AES key schedule (encryption)
436 | */
437 | int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned int keysize )
438 | {
439 | unsigned int i;
440 | uint32_t *RK;
441 |
442 | #if !defined(POLARSSL_AES_ROM_TABLES)
443 | if( aes_init_done == 0 )
444 | {
445 | aes_gen_tables();
446 | aes_init_done = 1;
447 |
448 | }
449 | #endif
450 |
451 | switch( keysize )
452 | {
453 | case 128: ctx->nr = 10; break;
454 | case 192: ctx->nr = 12; break;
455 | case 256: ctx->nr = 14; break;
456 | default : return( POLARSSL_ERR_AES_INVALID_KEY_LENGTH );
457 | }
458 |
459 | ctx->rk = RK = ctx->buf;
460 |
461 | for( i = 0; i < (keysize >> 5); i++ )
462 | {
463 | GET_UINT32_LE( RK[i], key, i << 2 );
464 | }
465 |
466 | switch( ctx->nr )
467 | {
468 | case 10:
469 |
470 | for( i = 0; i < 10; i++, RK += 4 )
471 | {
472 | RK[4] = RK[0] ^ RCON[i] ^
473 | ( (uint32_t) FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^
474 | ( (uint32_t) FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^
475 | ( (uint32_t) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^
476 | ( (uint32_t) FSb[ ( RK[3] ) & 0xFF ] << 24 );
477 |
478 | RK[5] = RK[1] ^ RK[4];
479 | RK[6] = RK[2] ^ RK[5];
480 | RK[7] = RK[3] ^ RK[6];
481 | }
482 | break;
483 |
484 | case 12:
485 |
486 | for( i = 0; i < 8; i++, RK += 6 )
487 | {
488 | RK[6] = RK[0] ^ RCON[i] ^
489 | ( (uint32_t) FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^
490 | ( (uint32_t) FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^
491 | ( (uint32_t) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^
492 | ( (uint32_t) FSb[ ( RK[5] ) & 0xFF ] << 24 );
493 |
494 | RK[7] = RK[1] ^ RK[6];
495 | RK[8] = RK[2] ^ RK[7];
496 | RK[9] = RK[3] ^ RK[8];
497 | RK[10] = RK[4] ^ RK[9];
498 | RK[11] = RK[5] ^ RK[10];
499 | }
500 | break;
501 |
502 | case 14:
503 |
504 | for( i = 0; i < 7; i++, RK += 8 )
505 | {
506 | RK[8] = RK[0] ^ RCON[i] ^
507 | ( (uint32_t) FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^
508 | ( (uint32_t) FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^
509 | ( (uint32_t) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^
510 | ( (uint32_t) FSb[ ( RK[7] ) & 0xFF ] << 24 );
511 |
512 | RK[9] = RK[1] ^ RK[8];
513 | RK[10] = RK[2] ^ RK[9];
514 | RK[11] = RK[3] ^ RK[10];
515 |
516 | RK[12] = RK[4] ^
517 | ( (uint32_t) FSb[ ( RK[11] ) & 0xFF ] ) ^
518 | ( (uint32_t) FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^
519 | ( (uint32_t) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^
520 | ( (uint32_t) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 );
521 |
522 | RK[13] = RK[5] ^ RK[12];
523 | RK[14] = RK[6] ^ RK[13];
524 | RK[15] = RK[7] ^ RK[14];
525 | }
526 | break;
527 |
528 | default:
529 |
530 | break;
531 | }
532 |
533 | return( 0 );
534 | }
535 |
536 | /*
537 | * AES key schedule (decryption)
538 | */
539 | int aes_setkey_dec( aes_context *ctx, const unsigned char *key, unsigned int keysize )
540 | {
541 | int i, j;
542 | aes_context cty;
543 | uint32_t *RK;
544 | uint32_t *SK;
545 | int ret;
546 |
547 | switch( keysize )
548 | {
549 | case 128: ctx->nr = 10; break;
550 | case 192: ctx->nr = 12; break;
551 | case 256: ctx->nr = 14; break;
552 | default : return( POLARSSL_ERR_AES_INVALID_KEY_LENGTH );
553 | }
554 |
555 | ctx->rk = RK = ctx->buf;
556 |
557 | ret = aes_setkey_enc( &cty, key, keysize );
558 | if( ret != 0 )
559 | return( ret );
560 |
561 | SK = cty.rk + cty.nr * 4;
562 |
563 | *RK++ = *SK++;
564 | *RK++ = *SK++;
565 | *RK++ = *SK++;
566 | *RK++ = *SK++;
567 |
568 | for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 )
569 | {
570 | for( j = 0; j < 4; j++, SK++ )
571 | {
572 | *RK++ = RT0[ FSb[ ( *SK ) & 0xFF ] ] ^
573 | RT1[ FSb[ ( *SK >> 8 ) & 0xFF ] ] ^
574 | RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^
575 | RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ];
576 | }
577 | }
578 |
579 | *RK++ = *SK++;
580 | *RK++ = *SK++;
581 | *RK++ = *SK++;
582 | *RK++ = *SK++;
583 |
584 | memset( &cty, 0, sizeof( aes_context ) );
585 |
586 | return( 0 );
587 | }
588 |
589 | #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
590 | { \
591 | X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \
592 | FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
593 | FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
594 | FT3[ ( Y3 >> 24 ) & 0xFF ]; \
595 | \
596 | X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \
597 | FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
598 | FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
599 | FT3[ ( Y0 >> 24 ) & 0xFF ]; \
600 | \
601 | X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \
602 | FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
603 | FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
604 | FT3[ ( Y1 >> 24 ) & 0xFF ]; \
605 | \
606 | X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \
607 | FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
608 | FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
609 | FT3[ ( Y2 >> 24 ) & 0xFF ]; \
610 | }
611 |
612 | #define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
613 | { \
614 | X0 = *RK++ ^ RT0[ ( Y0 ) & 0xFF ] ^ \
615 | RT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
616 | RT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
617 | RT3[ ( Y1 >> 24 ) & 0xFF ]; \
618 | \
619 | X1 = *RK++ ^ RT0[ ( Y1 ) & 0xFF ] ^ \
620 | RT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
621 | RT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
622 | RT3[ ( Y2 >> 24 ) & 0xFF ]; \
623 | \
624 | X2 = *RK++ ^ RT0[ ( Y2 ) & 0xFF ] ^ \
625 | RT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
626 | RT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
627 | RT3[ ( Y3 >> 24 ) & 0xFF ]; \
628 | \
629 | X3 = *RK++ ^ RT0[ ( Y3 ) & 0xFF ] ^ \
630 | RT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
631 | RT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
632 | RT3[ ( Y0 >> 24 ) & 0xFF ]; \
633 | }
634 |
635 | /*
636 | * AES-ECB block encryption/decryption
637 | */
638 | int aes_crypt_ecb( aes_context *ctx,
639 | int mode,
640 | const unsigned char input[16],
641 | unsigned char output[16] )
642 | {
643 | int i;
644 | uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
645 |
646 | RK = ctx->rk;
647 |
648 | GET_UINT32_LE( X0, input, 0 ); X0 ^= *RK++;
649 | GET_UINT32_LE( X1, input, 4 ); X1 ^= *RK++;
650 | GET_UINT32_LE( X2, input, 8 ); X2 ^= *RK++;
651 | GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++;
652 |
653 | if( mode == AES_DECRYPT )
654 | {
655 | for( i = (ctx->nr >> 1) - 1; i > 0; i-- )
656 | {
657 | AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
658 | AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
659 | }
660 |
661 | AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
662 |
663 | X0 = *RK++ ^ \
664 | ( (uint32_t) RSb[ ( Y0 ) & 0xFF ] ) ^
665 | ( (uint32_t) RSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
666 | ( (uint32_t) RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
667 | ( (uint32_t) RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
668 |
669 | X1 = *RK++ ^ \
670 | ( (uint32_t) RSb[ ( Y1 ) & 0xFF ] ) ^
671 | ( (uint32_t) RSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
672 | ( (uint32_t) RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
673 | ( (uint32_t) RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
674 |
675 | X2 = *RK++ ^ \
676 | ( (uint32_t) RSb[ ( Y2 ) & 0xFF ] ) ^
677 | ( (uint32_t) RSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
678 | ( (uint32_t) RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
679 | ( (uint32_t) RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
680 |
681 | X3 = *RK++ ^ \
682 | ( (uint32_t) RSb[ ( Y3 ) & 0xFF ] ) ^
683 | ( (uint32_t) RSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
684 | ( (uint32_t) RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
685 | ( (uint32_t) RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
686 | }
687 | else /* AES_ENCRYPT */
688 | {
689 | for( i = (ctx->nr >> 1) - 1; i > 0; i-- )
690 | {
691 | AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
692 | AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
693 | }
694 |
695 | AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
696 |
697 | X0 = *RK++ ^ \
698 | ( (uint32_t) FSb[ ( Y0 ) & 0xFF ] ) ^
699 | ( (uint32_t) FSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
700 | ( (uint32_t) FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
701 | ( (uint32_t) FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
702 |
703 | X1 = *RK++ ^ \
704 | ( (uint32_t) FSb[ ( Y1 ) & 0xFF ] ) ^
705 | ( (uint32_t) FSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
706 | ( (uint32_t) FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
707 | ( (uint32_t) FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
708 |
709 | X2 = *RK++ ^ \
710 | ( (uint32_t) FSb[ ( Y2 ) & 0xFF ] ) ^
711 | ( (uint32_t) FSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
712 | ( (uint32_t) FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
713 | ( (uint32_t) FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
714 |
715 | X3 = *RK++ ^ \
716 | ( (uint32_t) FSb[ ( Y3 ) & 0xFF ] ) ^
717 | ( (uint32_t) FSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
718 | ( (uint32_t) FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
719 | ( (uint32_t) FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
720 | }
721 |
722 | PUT_UINT32_LE( X0, output, 0 );
723 | PUT_UINT32_LE( X1, output, 4 );
724 | PUT_UINT32_LE( X2, output, 8 );
725 | PUT_UINT32_LE( X3, output, 12 );
726 |
727 | return( 0 );
728 | }
729 |
730 | /*
731 | * AES-CBC buffer encryption/decryption
732 | */
733 | int aes_crypt_cbc( aes_context *ctx,
734 | int mode,
735 | size_t length,
736 | unsigned char iv[16],
737 | const unsigned char *input,
738 | unsigned char *output )
739 | {
740 | int i;
741 | unsigned char temp[16];
742 |
743 | if( length % 16 )
744 | return( POLARSSL_ERR_AES_INVALID_INPUT_LENGTH );
745 |
746 | if( mode == AES_DECRYPT )
747 | {
748 | while( length > 0 )
749 | {
750 | memcpy( temp, input, 16 );
751 | aes_crypt_ecb( ctx, mode, input, output );
752 |
753 | for( i = 0; i < 16; i++ )
754 | output[i] = (unsigned char)( output[i] ^ iv[i] );
755 |
756 | memcpy( iv, temp, 16 );
757 |
758 | input += 16;
759 | output += 16;
760 | length -= 16;
761 | }
762 | }
763 | else
764 | {
765 | while( length > 0 )
766 | {
767 | for( i = 0; i < 16; i++ )
768 | output[i] = (unsigned char)( input[i] ^ iv[i] );
769 |
770 | aes_crypt_ecb( ctx, mode, output, output );
771 | memcpy( iv, output, 16 );
772 |
773 | input += 16;
774 | output += 16;
775 | length -= 16;
776 | }
777 | }
778 |
779 | return( 0 );
780 | }
781 |
782 | /*
783 | * AES-CFB128 buffer encryption/decryption
784 | */
785 | int aes_crypt_cfb128( aes_context *ctx,
786 | int mode,
787 | size_t length,
788 | size_t *iv_off,
789 | unsigned char iv[16],
790 | const unsigned char *input,
791 | unsigned char *output )
792 | {
793 | int c;
794 | size_t n = *iv_off;
795 |
796 | if( mode == AES_DECRYPT )
797 | {
798 | while( length-- )
799 | {
800 | if( n == 0 )
801 | aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
802 |
803 | c = *input++;
804 | *output++ = (unsigned char)( c ^ iv[n] );
805 | iv[n] = (unsigned char) c;
806 |
807 | n = (n + 1) & 0x0F;
808 | }
809 | }
810 | else
811 | {
812 | while( length-- )
813 | {
814 | if( n == 0 )
815 | aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
816 |
817 | iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
818 |
819 | n = (n + 1) & 0x0F;
820 | }
821 | }
822 |
823 | *iv_off = n;
824 |
825 | return( 0 );
826 | }
827 |
828 | /*
829 | * AES-CTR buffer encryption/decryption
830 | */
831 | int aes_crypt_ctr( aes_context *ctx,
832 | size_t length,
833 | size_t *nc_off,
834 | unsigned char nonce_counter[16],
835 | unsigned char stream_block[16],
836 | const unsigned char *input,
837 | unsigned char *output )
838 | {
839 | int c, i;
840 | size_t n = *nc_off;
841 |
842 | while( length-- )
843 | {
844 | if( n == 0 ) {
845 | aes_crypt_ecb( ctx, AES_ENCRYPT, nonce_counter, stream_block );
846 |
847 | for( i = 16; i > 0; i-- )
848 | if( ++nonce_counter[i - 1] != 0 )
849 | break;
850 | }
851 | c = *input++;
852 | *output++ = (unsigned char)( c ^ stream_block[n] );
853 |
854 | n = (n + 1) & 0x0F;
855 | }
856 |
857 | *nc_off = n;
858 |
859 | return( 0 );
860 | }
861 |
862 | /* AES-CMAC */
863 |
864 | unsigned char const_Rb[16] = {
865 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
866 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87
867 | };
868 | unsigned char const_Zero[16] = {
869 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
870 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
871 | };
872 |
873 | void leftshift_onebit(unsigned char *input, unsigned char *output)
874 | {
875 | int i;
876 | unsigned char overflow = 0;
877 |
878 | for (i = 15; i >= 0; i--)
879 | {
880 | output[i] = input[i] << 1;
881 | output[i] |= overflow;
882 | overflow = (input[i] & 0x80) ? 1 : 0;
883 | }
884 | }
885 |
886 | void xor_128(unsigned char *a, unsigned char *b, unsigned char *out)
887 | {
888 | int i;
889 | for (i = 0; i < 16; i++)
890 | out[i] = a[i] ^ b[i];
891 | }
892 |
893 | void generate_subkey(aes_context *ctx, unsigned char *K1, unsigned char *K2)
894 | {
895 | unsigned char L[16];
896 | unsigned char Z[16];
897 | unsigned char tmp[16];
898 |
899 | int i;
900 | for (i = 0; i < 16; i++) Z[i] = 0;
901 |
902 | aes_crypt_ecb(ctx, AES_ENCRYPT, Z, L);
903 |
904 | if ((L[0] & 0x80) == 0)
905 | {
906 | leftshift_onebit(L,K1);
907 | } else {
908 | leftshift_onebit(L,tmp);
909 | xor_128(tmp,const_Rb,K1);
910 | }
911 |
912 | if ((K1[0] & 0x80) == 0)
913 | {
914 | leftshift_onebit(K1,K2);
915 | } else {
916 | leftshift_onebit(K1,tmp);
917 | xor_128(tmp,const_Rb,K2);
918 | }
919 | }
920 |
921 | void padding (unsigned char *lastb, unsigned char *pad, int length)
922 | {
923 | int i;
924 | for (i = 0; i < 16; i++)
925 | {
926 | if (i < length)
927 | pad[i] = lastb[i];
928 | else if (i == length)
929 | pad[i] = 0x80;
930 | else
931 | pad[i] = 0x00;
932 | }
933 | }
934 |
935 | void aes_cmac(aes_context *ctx, int length, unsigned char *input, unsigned char *output)
936 | {
937 | unsigned char X[16], Y[16], M_last[16], padded[16];
938 | unsigned char K1[16], K2[16];
939 | int n, i, flag;
940 | generate_subkey(ctx, K1, K2);
941 |
942 | n = (length + 15) / 16;
943 | if (n == 0)
944 | {
945 | n = 1;
946 | flag = 0;
947 | } else {
948 | if ((length % 16) == 0)
949 | flag = 1;
950 | else
951 | flag = 0;
952 | }
953 |
954 | if (flag)
955 | {
956 | xor_128(&input[16 * (n - 1)], K1, M_last);
957 | } else {
958 | padding(&input[16 * (n - 1)], padded, length % 16);
959 | xor_128(padded, K2, M_last);
960 | }
961 |
962 | for (i = 0; i < 16; i++) X[i] = 0;
963 | for (i = 0; i < n - 1; i++)
964 | {
965 | xor_128(X, &input[16*i], Y);
966 | aes_crypt_ecb(ctx, AES_ENCRYPT, Y, X);
967 | }
968 |
969 | xor_128(X,M_last,Y);
970 | aes_crypt_ecb(ctx, AES_ENCRYPT, Y, X);
971 |
972 | for (i = 0; i < 16; i++)
973 | output[i] = X[i];
974 | }
--------------------------------------------------------------------------------
/Linux/aes.h:
--------------------------------------------------------------------------------
1 | /**
2 | * \file aes.h
3 | *
4 | * \brief AES block cipher
5 | *
6 | * Copyright (C) 2006-2013, Brainspark B.V.
7 | *
8 | * This file is part of PolarSSL (http://www.polarssl.org)
9 | * Lead Maintainer: Paul Bakker
10 | *
11 | * All rights reserved.
12 | *
13 | * This program is free software; you can redistribute it and/or modify
14 | * it under the terms of the GNU General Public License as published by
15 | * the Free Software Foundation; either version 2 of the License, or
16 | * (at your option) any later version.
17 | *
18 | * This program is distributed in the hope that it will be useful,
19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 | * GNU General Public License for more details.
22 | *
23 | * You should have received a copy of the GNU General Public License along
24 | * with this program; if not, write to the Free Software Foundation, Inc.,
25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 | */
27 | #include
28 |
29 | #ifdef _MSC_VER
30 | #include
31 | typedef UINT32 uint32_t;
32 | #else
33 | #include
34 | #endif
35 |
36 | #define AES_ENCRYPT 1
37 | #define AES_DECRYPT 0
38 |
39 | #define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
40 | #define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
41 |
42 | // Regular implementation
43 | //
44 |
45 | /**
46 | * \brief AES context structure
47 | */
48 | typedef struct
49 | {
50 | int nr; /*!< number of rounds */
51 | uint32_t *rk; /*!< AES round keys */
52 | uint32_t buf[68]; /*!< unaligned data */
53 | }
54 | aes_context;
55 |
56 | #ifdef __cplusplus
57 | extern "C" {
58 | #endif
59 |
60 | /**
61 | * \brief AES key schedule (encryption)
62 | *
63 | * \param ctx AES context to be initialized
64 | * \param key encryption key
65 | * \param keysize must be 128, 192 or 256
66 | *
67 | * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
68 | */
69 | int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned int keysize );
70 |
71 | /**
72 | * \brief AES key schedule (decryption)
73 | *
74 | * \param ctx AES context to be initialized
75 | * \param key decryption key
76 | * \param keysize must be 128, 192 or 256
77 | *
78 | * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
79 | */
80 | int aes_setkey_dec( aes_context *ctx, const unsigned char *key, unsigned int keysize );
81 |
82 | /**
83 | * \brief AES-ECB block encryption/decryption
84 | *
85 | * \param ctx AES context
86 | * \param mode AES_ENCRYPT or AES_DECRYPT
87 | * \param input 16-byte input block
88 | * \param output 16-byte output block
89 | *
90 | * \return 0 if successful
91 | */
92 | int aes_crypt_ecb( aes_context *ctx,
93 | int mode,
94 | const unsigned char input[16],
95 | unsigned char output[16] );
96 |
97 | /**
98 | * \brief AES-CBC buffer encryption/decryption
99 | * Length should be a multiple of the block
100 | * size (16 bytes)
101 | *
102 | * \param ctx AES context
103 | * \param mode AES_ENCRYPT or AES_DECRYPT
104 | * \param length length of the input data
105 | * \param iv initialization vector (updated after use)
106 | * \param input buffer holding the input data
107 | * \param output buffer holding the output data
108 | *
109 | * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_INPUT_LENGTH
110 | */
111 | int aes_crypt_cbc( aes_context *ctx,
112 | int mode,
113 | size_t length,
114 | unsigned char iv[16],
115 | const unsigned char *input,
116 | unsigned char *output );
117 |
118 | /**
119 | * \brief AES-CFB128 buffer encryption/decryption.
120 | *
121 | * Note: Due to the nature of CFB you should use the same key schedule for
122 | * both encryption and decryption. So a context initialized with
123 | * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
124 | *
125 | * both
126 | * \param ctx AES context
127 | * \param mode AES_ENCRYPT or AES_DECRYPT
128 | * \param length length of the input data
129 | * \param iv_off offset in IV (updated after use)
130 | * \param iv initialization vector (updated after use)
131 | * \param input buffer holding the input data
132 | * \param output buffer holding the output data
133 | *
134 | * \return 0 if successful
135 | */
136 | int aes_crypt_cfb128( aes_context *ctx,
137 | int mode,
138 | size_t length,
139 | size_t *iv_off,
140 | unsigned char iv[16],
141 | const unsigned char *input,
142 | unsigned char *output );
143 |
144 | /**
145 | * \brief AES-CTR buffer encryption/decryption
146 | *
147 | * Warning: You have to keep the maximum use of your counter in mind!
148 | *
149 | * Note: Due to the nature of CTR you should use the same key schedule for
150 | * both encryption and decryption. So a context initialized with
151 | * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
152 | *
153 | * \param length The length of the data
154 | * \param nc_off The offset in the current stream_block (for resuming
155 | * within current cipher stream). The offset pointer to
156 | * should be 0 at the start of a stream.
157 | * \param nonce_counter The 128-bit nonce and counter.
158 | * \param stream_block The saved stream-block for resuming. Is overwritten
159 | * by the function.
160 | * \param input The input data stream
161 | * \param output The output data stream
162 | *
163 | * \return 0 if successful
164 | */
165 | int aes_crypt_ctr( aes_context *ctx,
166 | size_t length,
167 | size_t *nc_off,
168 | unsigned char nonce_counter[16],
169 | unsigned char stream_block[16],
170 | const unsigned char *input,
171 | unsigned char *output );
172 |
173 | void aes_cmac(aes_context *ctx, int length, unsigned char *input, unsigned char *output);
174 |
175 | #ifdef __cplusplus
176 | }
177 | #endif
--------------------------------------------------------------------------------
/Linux/lz.c:
--------------------------------------------------------------------------------
1 | // Copyright (C) 2014 Hykem
2 | // Licensed under the terms of the GNU GPL, version 3
3 | // http://www.gnu.org/licenses/gpl-3.0.txt
4 |
5 | #include "lz.h"
6 |
7 | void decode_range(unsigned int *range, unsigned int *code, unsigned char **src)
8 | {
9 | if (!((*range) >> 24))
10 | {
11 | (*range) <<= 8;
12 | *code = ((*code) << 8) + (*src)++[5];
13 | }
14 | }
15 |
16 | int decode_bit(unsigned int *range, unsigned int *code, int *index, unsigned char **src, unsigned char *c)
17 | {
18 | decode_range(range, code, src);
19 |
20 | unsigned int val = ((*range) >> 8) * (*c);
21 |
22 | *c -= ((*c) >> 3);
23 | if (index) (*index) <<= 1;
24 |
25 | if (*code < val)
26 | {
27 | *range = val;
28 | *c += 31;
29 | if (index) (*index)++;
30 | return 1;
31 | }
32 | else
33 | {
34 | *code -= val;
35 | *range -= val;
36 | return 0;
37 | }
38 | }
39 |
40 | int decode_number(unsigned char *ptr, int index, int *bit_flag, unsigned int *range, unsigned int *code, unsigned char **src)
41 | {
42 | int i = 1;
43 |
44 | if (index >= 3)
45 | {
46 | decode_bit(range, code, &i, src, ptr + 0x18);
47 | if (index >= 4)
48 | {
49 | decode_bit(range, code, &i, src, ptr + 0x18);
50 | if (index >= 5)
51 | {
52 | decode_range(range, code, src);
53 | for (; index >= 5; index--)
54 | {
55 | i <<= 1;
56 | (*range) >>= 1;
57 | if (*code < *range)
58 | i++;
59 | else
60 | (*code) -= *range;
61 | }
62 | }
63 | }
64 | }
65 |
66 | *bit_flag = decode_bit(range, code, &i, src, ptr);
67 |
68 | if (index >= 1)
69 | {
70 | decode_bit(range, code, &i, src, ptr + 0x8);
71 | if (index >= 2)
72 | {
73 | decode_bit(range, code, &i, src, ptr + 0x10);
74 | }
75 | }
76 |
77 | return i;
78 | }
79 |
80 | int decode_word(unsigned char *ptr, int index, int *bit_flag, unsigned int *range, unsigned int *code, unsigned char **src)
81 | {
82 | int i = 1;
83 | index /= 8;
84 |
85 | if (index >= 3)
86 | {
87 | decode_bit(range, code, &i, src, ptr + 4);
88 | if (index >= 4)
89 | {
90 | decode_bit(range, code, &i, src, ptr + 4);
91 | if (index >= 5)
92 | {
93 | decode_range(range, code, src);
94 | for (; index >= 5; index--)
95 | {
96 | i <<= 1;
97 | (*range) >>= 1;
98 | if (*code < *range)
99 | i++;
100 | else
101 | (*code) -= *range;
102 | }
103 | }
104 | }
105 | }
106 |
107 | *bit_flag = decode_bit(range, code, &i, src, ptr);
108 |
109 | if (index >= 1)
110 | {
111 | decode_bit(range, code, &i, src, ptr + 1);
112 | if (index >= 2)
113 | {
114 | decode_bit(range, code, &i, src, ptr + 2);
115 | }
116 | }
117 |
118 | return i;
119 | }
120 |
121 | int decompress(unsigned char *out, unsigned char *in, unsigned int size)
122 | {
123 | int result;
124 |
125 | unsigned char *tmp = (unsigned char *) malloc (0xCC8);
126 |
127 | int offset = 0;
128 | int bit_flag = 0;
129 | int data_length = 0;
130 | int data_offset = 0;
131 |
132 | unsigned char *tmp_sect1, *tmp_sect2, *tmp_sect3;
133 | unsigned char *buf_start, *buf_end;
134 | unsigned char prev = 0;
135 |
136 | unsigned char *start = out;
137 | unsigned char *end = (out + size);
138 | unsigned char head = in[0];
139 |
140 | unsigned int range = 0xFFFFFFFF;
141 | unsigned int code = (in[1] << 24) | (in[2] << 16) | (in[3] << 8) | in[4];
142 |
143 | if (head < 0) // Check if we have a valid starting byte.
144 | {
145 | // The dictionary header is invalid, the data is not compressed.
146 | result = -1;
147 | if (code <= size)
148 | {
149 | memcpy(out, (const void *)(in + 5), code);
150 | result = (start - out);
151 | }
152 | }
153 | else
154 | {
155 | // Set up a temporary buffer (sliding window).
156 | memset(tmp, 0x80, 0xCA8);
157 | while (1)
158 | {
159 | // Start reading at 0xB68.
160 | tmp_sect1 = tmp + offset + 0xB68;
161 | if (!decode_bit(&range, &code, 0, &in, tmp_sect1)) // Raw char.
162 | {
163 | // Adjust offset and check for stream end.
164 | if (offset > 0) offset--;
165 | if (start == end) return (start - out);
166 |
167 | // Locate first section.
168 | int sect = (((((((int)(start - out)) & 7) << 8) + prev) >> head) & 7) * 0xFF - 1;
169 | tmp_sect1 = tmp + sect;
170 | int index = 1;
171 |
172 | // Read, decode and write back.
173 | do
174 | {
175 | decode_bit(&range, &code, &index, &in, tmp_sect1 + index);
176 | } while ((index >> 8) == 0);
177 |
178 | // Save index.
179 | *start++ = index;
180 | }
181 | else // Compressed char stream.
182 | {
183 | int index = -1;
184 |
185 | // Identify the data length bit field.
186 | do
187 | {
188 | tmp_sect1 += 8;
189 | bit_flag = decode_bit(&range, &code, 0, &in, tmp_sect1);
190 | index += bit_flag;
191 | } while ((bit_flag != 0) && (index < 6));
192 |
193 | // Default block size is 0x160.
194 | int b_size = 0x160;
195 | tmp_sect2 = tmp + index + 0x7F1;
196 |
197 | // If the data length was found, parse it as a number.
198 | if ((index >= 0) || (bit_flag != 0))
199 | {
200 | // Locate next section.
201 | int sect = (index << 5) | (((((int)(start - out)) << index) & 3) << 3) | (offset & 7);
202 | tmp_sect1 = tmp + 0xBA8 + sect;
203 |
204 | // Decode the data length (8 bit fields).
205 | data_length = decode_number(tmp_sect1, index, &bit_flag, &range, &code, &in);
206 | if (data_length == 0xFF) return (start - out); // End of stream.
207 | }
208 | else
209 | {
210 | // Assume one byte of advance.
211 | data_length = 1;
212 | }
213 |
214 | // If we got valid parameters, seek to find data offset.
215 | if ((data_length <= 2))
216 | {
217 | tmp_sect2 += 0xF8;
218 | b_size = 0x40; // Block size is now 0x40.
219 | }
220 |
221 | int diff = 0;
222 | int shift = 1;
223 |
224 | // Identify the data offset bit field.
225 | do
226 | {
227 | diff = (shift << 4) - b_size;
228 | bit_flag = decode_bit(&range, &code, &shift, &in, tmp_sect2 + (shift << 3));
229 | } while (diff < 0);
230 |
231 | // If the data offset was found, parse it as a number.
232 | if ((diff > 0) || (bit_flag != 0))
233 | {
234 | // Adjust diff if needed.
235 | if (bit_flag == 0) diff -= 8;
236 |
237 | // Locate section.
238 | tmp_sect3 = tmp + 0x928 + diff;
239 |
240 | // Decode the data offset (1 bit fields).
241 | data_offset = decode_word(tmp_sect3, diff, &bit_flag, &range, &code, &in);
242 | }
243 | else
244 | {
245 | // Assume one byte of advance.
246 | data_offset = 1;
247 | }
248 |
249 | // Set buffer start/end.
250 | buf_start = start - data_offset;
251 | buf_end = start + data_length + 1;
252 |
253 | // Underflow.
254 | if (buf_start < out)
255 | return -1;
256 |
257 | // Overflow.
258 | if (buf_end > end)
259 | return -1;
260 |
261 | // Update offset.
262 | offset = ((((int)(buf_end - out)) + 1) & 1) + 6;
263 |
264 | // Copy data.
265 | do
266 | {
267 | *start++ = *buf_start++;
268 | } while (start < buf_end);
269 |
270 | }
271 | prev = *(start - 1);
272 | }
273 | result = (start - out);
274 | }
275 | free(tmp);
276 | return result;
277 | }
--------------------------------------------------------------------------------
/Linux/lz.h:
--------------------------------------------------------------------------------
1 | // Copyright (C) 2014 Hykem
2 | // Licensed under the terms of the GNU GPL, version 3
3 | // http://www.gnu.org/licenses/gpl-3.0.txt
4 |
5 | // Reverse-engineered custom Lempel–Ziv–Markov based compression.
6 |
7 | #include
8 | #include
9 |
10 | void decode_range(unsigned int *range, unsigned int *code, unsigned char **src);
11 | int decode_bit(unsigned int *range, unsigned int *code, int *index, unsigned char **src, unsigned char *c);
12 | int decode_number(unsigned char *ptr, int index, int *bit_flag, unsigned int *range, unsigned int *code, unsigned char **src);
13 | int decode_word(unsigned char *ptr, int index, int *bit_flag, unsigned int *range, unsigned int *code, unsigned char **src);
14 | int decompress(unsigned char *out, unsigned char *in, unsigned int size);
--------------------------------------------------------------------------------
/Linux/make_npdata.h:
--------------------------------------------------------------------------------
1 | // Copyright (C) 2014 Hykem
2 | // Licensed under the terms of the GNU GPL, version 3
3 | // http://www.gnu.org/licenses/gpl-3.0.txt
4 |
5 | #include
6 | #include
7 | #include "utils.h"
8 |
9 | #define SDAT_FLAG 0x01000000
10 | #define EDAT_COMPRESSED_FLAG 0x00000001
11 | #define EDAT_FLAG_0x02 0x00000002
12 | #define EDAT_ENCRYPTED_KEY_FLAG 0x00000008
13 | #define EDAT_FLAG_0x10 0x00000010
14 | #define EDAT_FLAG_0x20 0x00000020
15 | #define EDAT_DEBUG_DATA_FLAG 0x80000000
16 |
17 | unsigned char SDAT_KEY[] = {0x0D, 0x65, 0x5E, 0xF8, 0xE6, 0x74, 0xA9, 0x8A, 0xB8, 0x50, 0x5C, 0xFA, 0x7D, 0x01, 0x29, 0x33};
18 | unsigned char EDAT_KEY_0[] = {0xBE, 0x95, 0x9C, 0xA8, 0x30, 0x8D, 0xEF, 0xA2, 0xE5, 0xE1, 0x80, 0xC6, 0x37, 0x12, 0xA9, 0xAE};
19 | unsigned char EDAT_HASH_0[] = {0xEF, 0xFE, 0x5B, 0xD1, 0x65, 0x2E, 0xEB, 0xC1, 0x19, 0x18, 0xCF, 0x7C, 0x04, 0xD4, 0xF0, 0x11};
20 | unsigned char EDAT_KEY_1[] = {0x4C, 0xA9, 0xC1, 0x4B, 0x01, 0xC9, 0x53, 0x09, 0x96, 0x9B, 0xEC, 0x68, 0xAA, 0x0B, 0xC0, 0x81};
21 | unsigned char EDAT_HASH_1[] = {0x3D, 0x92, 0x69, 0x9B, 0x70, 0x5B, 0x07, 0x38, 0x54, 0xD8, 0xFC, 0xC6, 0xC7, 0x67, 0x27, 0x47};
22 | unsigned char EDAT_IV[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
23 |
24 | unsigned char NPDRM_PSP_KEY_1[] = {0x2A, 0x6A, 0xFB, 0xCF, 0x43, 0xD1, 0x57, 0x9F, 0x7D, 0x73, 0x87, 0x41, 0xA1, 0x3B, 0xD4, 0x2E};
25 | unsigned char NPDRM_PSP_KEY_2[] = {0x0D, 0xB8, 0x57, 0x32, 0x36, 0x6C, 0xD7, 0x34, 0xFC, 0x87, 0x9E, 0x74, 0x33, 0x43, 0xBB, 0x4F};
26 | unsigned char NPDRM_PSX_KEY[] = {0x52, 0xC0, 0xB5, 0xCA, 0x76, 0xD6, 0x13, 0x4B, 0xB4, 0x5F, 0xC6, 0x6C, 0xA6, 0x37, 0xF2, 0xC1};
27 | unsigned char NPDRM_KLIC_KEY[] = {0xF2, 0xFB, 0xCA, 0x7A, 0x75, 0xB0, 0x4E, 0xDC, 0x13, 0x90, 0x63, 0x8C, 0xCD, 0xFD, 0xD1, 0xEE};
28 | unsigned char NPDRM_OMAC_KEY_1[] = {0x72, 0xF9, 0x90, 0x78, 0x8F, 0x9C, 0xFF, 0x74, 0x57, 0x25, 0xF0, 0x8E, 0x4C, 0x12, 0x83, 0x87};
29 | unsigned char NPDRM_OMAC_KEY_2[] = {0x6B, 0xA5, 0x29, 0x76, 0xEF, 0xDA, 0x16, 0xEF, 0x3C, 0x33, 0x9F, 0xB2, 0x97, 0x1E, 0x25, 0x6B};
30 | unsigned char NPDRM_OMAC_KEY_3[] = {0x9B, 0x51, 0x5F, 0xEA, 0xCF, 0x75, 0x06, 0x49, 0x81, 0xAA, 0x60, 0x4D, 0x91, 0xA5, 0x4E, 0x97};
31 |
32 | unsigned char RAP_KEY[] = {0x86, 0x9F, 0x77, 0x45, 0xC1, 0x3F, 0xD8, 0x90, 0xCC, 0xF2, 0x91, 0x88, 0xE3, 0xCC, 0x3E, 0xDF};
33 | unsigned char RAP_PBOX[] = {0x0C, 0x03, 0x06, 0x04, 0x01, 0x0B, 0x0F, 0x08, 0x02, 0x07, 0x00, 0x05, 0x0A, 0x0E, 0x0D, 0x09};
34 | unsigned char RAP_E1[] = {0xA9, 0x3E, 0x1F, 0xD6, 0x7C, 0x55, 0xA3, 0x29, 0xB7, 0x5F, 0xDD, 0xA6, 0x2A, 0x95, 0xC7, 0xA5};
35 | unsigned char RAP_E2[] = {0x67, 0xD4, 0x5D, 0xA3, 0x29, 0x6D, 0x00, 0x6A, 0x4E, 0x7C, 0x53, 0x7B, 0xF5, 0x53, 0x8C, 0x74};
36 |
37 | typedef struct
38 | {
39 | unsigned char magic[4];
40 | int version;
41 | int license;
42 | int type;
43 | unsigned char content_id[0x30];
44 | unsigned char digest[0x10];
45 | unsigned char title_hash[0x10];
46 | unsigned char dev_hash[0x10];
47 | unsigned long long unk1;
48 | unsigned long long unk2;
49 | } NPD_HEADER;
50 |
51 | typedef struct
52 | {
53 | int flags;
54 | int block_size;
55 | unsigned long long file_size;
56 | } EDAT_HEADER;
--------------------------------------------------------------------------------
/Linux/sha1.c:
--------------------------------------------------------------------------------
1 | /*
2 | * FIPS-180-1 compliant SHA-1 implementation
3 | *
4 | * Copyright (C) 2006-2013, Brainspark B.V.
5 | *
6 | * This file is part of PolarSSL (http://www.polarssl.org)
7 | * Lead Maintainer: Paul Bakker
8 | *
9 | * All rights reserved.
10 | *
11 | * This program is free software; you can redistribute it and/or modify
12 | * it under the terms of the GNU General Public License as published by
13 | * the Free Software Foundation; either version 2 of the License, or
14 | * (at your option) any later version.
15 | *
16 | * This program is distributed in the hope that it will be useful,
17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 | * GNU General Public License for more details.
20 | *
21 | * You should have received a copy of the GNU General Public License along
22 | * with this program; if not, write to the Free Software Foundation, Inc.,
23 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 | */
25 | /*
26 | * The SHA-1 standard was published by NIST in 1993.
27 | *
28 | * http://www.itl.nist.gov/fipspubs/fip180-1.htm
29 | */
30 | #include "sha1.h"
31 |
32 | /*
33 | * 32-bit integer manipulation macros (big endian)
34 | */
35 | #ifndef GET_UINT32_BE
36 | #define GET_UINT32_BE(n,b,i) \
37 | { \
38 | (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
39 | | ( (uint32_t) (b)[(i) + 1] << 16 ) \
40 | | ( (uint32_t) (b)[(i) + 2] << 8 ) \
41 | | ( (uint32_t) (b)[(i) + 3] ); \
42 | }
43 | #endif
44 |
45 | #ifndef PUT_UINT32_BE
46 | #define PUT_UINT32_BE(n,b,i) \
47 | { \
48 | (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
49 | (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
50 | (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
51 | (b)[(i) + 3] = (unsigned char) ( (n) ); \
52 | }
53 | #endif
54 |
55 | /*
56 | * SHA-1 context setup
57 | */
58 | void sha1_starts( sha1_context *ctx )
59 | {
60 | ctx->total[0] = 0;
61 | ctx->total[1] = 0;
62 |
63 | ctx->state[0] = 0x67452301;
64 | ctx->state[1] = 0xEFCDAB89;
65 | ctx->state[2] = 0x98BADCFE;
66 | ctx->state[3] = 0x10325476;
67 | ctx->state[4] = 0xC3D2E1F0;
68 | }
69 |
70 | void sha1_process( sha1_context *ctx, const unsigned char data[64] )
71 | {
72 | uint32_t temp, W[16], A, B, C, D, E;
73 |
74 | GET_UINT32_BE( W[ 0], data, 0 );
75 | GET_UINT32_BE( W[ 1], data, 4 );
76 | GET_UINT32_BE( W[ 2], data, 8 );
77 | GET_UINT32_BE( W[ 3], data, 12 );
78 | GET_UINT32_BE( W[ 4], data, 16 );
79 | GET_UINT32_BE( W[ 5], data, 20 );
80 | GET_UINT32_BE( W[ 6], data, 24 );
81 | GET_UINT32_BE( W[ 7], data, 28 );
82 | GET_UINT32_BE( W[ 8], data, 32 );
83 | GET_UINT32_BE( W[ 9], data, 36 );
84 | GET_UINT32_BE( W[10], data, 40 );
85 | GET_UINT32_BE( W[11], data, 44 );
86 | GET_UINT32_BE( W[12], data, 48 );
87 | GET_UINT32_BE( W[13], data, 52 );
88 | GET_UINT32_BE( W[14], data, 56 );
89 | GET_UINT32_BE( W[15], data, 60 );
90 |
91 | #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
92 |
93 | #define R(t) \
94 | ( \
95 | temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
96 | W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
97 | ( W[t & 0x0F] = S(temp,1) ) \
98 | )
99 |
100 | #define P(a,b,c,d,e,x) \
101 | { \
102 | e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
103 | }
104 |
105 | A = ctx->state[0];
106 | B = ctx->state[1];
107 | C = ctx->state[2];
108 | D = ctx->state[3];
109 | E = ctx->state[4];
110 |
111 | #define F(x,y,z) (z ^ (x & (y ^ z)))
112 | #define K 0x5A827999
113 |
114 | P( A, B, C, D, E, W[0] );
115 | P( E, A, B, C, D, W[1] );
116 | P( D, E, A, B, C, W[2] );
117 | P( C, D, E, A, B, W[3] );
118 | P( B, C, D, E, A, W[4] );
119 | P( A, B, C, D, E, W[5] );
120 | P( E, A, B, C, D, W[6] );
121 | P( D, E, A, B, C, W[7] );
122 | P( C, D, E, A, B, W[8] );
123 | P( B, C, D, E, A, W[9] );
124 | P( A, B, C, D, E, W[10] );
125 | P( E, A, B, C, D, W[11] );
126 | P( D, E, A, B, C, W[12] );
127 | P( C, D, E, A, B, W[13] );
128 | P( B, C, D, E, A, W[14] );
129 | P( A, B, C, D, E, W[15] );
130 | P( E, A, B, C, D, R(16) );
131 | P( D, E, A, B, C, R(17) );
132 | P( C, D, E, A, B, R(18) );
133 | P( B, C, D, E, A, R(19) );
134 |
135 | #undef K
136 | #undef F
137 |
138 | #define F(x,y,z) (x ^ y ^ z)
139 | #define K 0x6ED9EBA1
140 |
141 | P( A, B, C, D, E, R(20) );
142 | P( E, A, B, C, D, R(21) );
143 | P( D, E, A, B, C, R(22) );
144 | P( C, D, E, A, B, R(23) );
145 | P( B, C, D, E, A, R(24) );
146 | P( A, B, C, D, E, R(25) );
147 | P( E, A, B, C, D, R(26) );
148 | P( D, E, A, B, C, R(27) );
149 | P( C, D, E, A, B, R(28) );
150 | P( B, C, D, E, A, R(29) );
151 | P( A, B, C, D, E, R(30) );
152 | P( E, A, B, C, D, R(31) );
153 | P( D, E, A, B, C, R(32) );
154 | P( C, D, E, A, B, R(33) );
155 | P( B, C, D, E, A, R(34) );
156 | P( A, B, C, D, E, R(35) );
157 | P( E, A, B, C, D, R(36) );
158 | P( D, E, A, B, C, R(37) );
159 | P( C, D, E, A, B, R(38) );
160 | P( B, C, D, E, A, R(39) );
161 |
162 | #undef K
163 | #undef F
164 |
165 | #define F(x,y,z) ((x & y) | (z & (x | y)))
166 | #define K 0x8F1BBCDC
167 |
168 | P( A, B, C, D, E, R(40) );
169 | P( E, A, B, C, D, R(41) );
170 | P( D, E, A, B, C, R(42) );
171 | P( C, D, E, A, B, R(43) );
172 | P( B, C, D, E, A, R(44) );
173 | P( A, B, C, D, E, R(45) );
174 | P( E, A, B, C, D, R(46) );
175 | P( D, E, A, B, C, R(47) );
176 | P( C, D, E, A, B, R(48) );
177 | P( B, C, D, E, A, R(49) );
178 | P( A, B, C, D, E, R(50) );
179 | P( E, A, B, C, D, R(51) );
180 | P( D, E, A, B, C, R(52) );
181 | P( C, D, E, A, B, R(53) );
182 | P( B, C, D, E, A, R(54) );
183 | P( A, B, C, D, E, R(55) );
184 | P( E, A, B, C, D, R(56) );
185 | P( D, E, A, B, C, R(57) );
186 | P( C, D, E, A, B, R(58) );
187 | P( B, C, D, E, A, R(59) );
188 |
189 | #undef K
190 | #undef F
191 |
192 | #define F(x,y,z) (x ^ y ^ z)
193 | #define K 0xCA62C1D6
194 |
195 | P( A, B, C, D, E, R(60) );
196 | P( E, A, B, C, D, R(61) );
197 | P( D, E, A, B, C, R(62) );
198 | P( C, D, E, A, B, R(63) );
199 | P( B, C, D, E, A, R(64) );
200 | P( A, B, C, D, E, R(65) );
201 | P( E, A, B, C, D, R(66) );
202 | P( D, E, A, B, C, R(67) );
203 | P( C, D, E, A, B, R(68) );
204 | P( B, C, D, E, A, R(69) );
205 | P( A, B, C, D, E, R(70) );
206 | P( E, A, B, C, D, R(71) );
207 | P( D, E, A, B, C, R(72) );
208 | P( C, D, E, A, B, R(73) );
209 | P( B, C, D, E, A, R(74) );
210 | P( A, B, C, D, E, R(75) );
211 | P( E, A, B, C, D, R(76) );
212 | P( D, E, A, B, C, R(77) );
213 | P( C, D, E, A, B, R(78) );
214 | P( B, C, D, E, A, R(79) );
215 |
216 | #undef K
217 | #undef F
218 |
219 | ctx->state[0] += A;
220 | ctx->state[1] += B;
221 | ctx->state[2] += C;
222 | ctx->state[3] += D;
223 | ctx->state[4] += E;
224 | }
225 |
226 | /*
227 | * SHA-1 process buffer
228 | */
229 | void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
230 | {
231 | size_t fill;
232 | uint32_t left;
233 |
234 | if( ilen <= 0 )
235 | return;
236 |
237 | left = ctx->total[0] & 0x3F;
238 | fill = 64 - left;
239 |
240 | ctx->total[0] += (uint32_t) ilen;
241 | ctx->total[0] &= 0xFFFFFFFF;
242 |
243 | if( ctx->total[0] < (uint32_t) ilen )
244 | ctx->total[1]++;
245 |
246 | if( left && ilen >= fill )
247 | {
248 | memcpy( (void *) (ctx->buffer + left), input, fill );
249 | sha1_process( ctx, ctx->buffer );
250 | input += fill;
251 | ilen -= fill;
252 | left = 0;
253 | }
254 |
255 | while( ilen >= 64 )
256 | {
257 | sha1_process( ctx, input );
258 | input += 64;
259 | ilen -= 64;
260 | }
261 |
262 | if( ilen > 0 )
263 | memcpy( (void *) (ctx->buffer + left), input, ilen );
264 | }
265 |
266 | static const unsigned char sha1_padding[64] =
267 | {
268 | 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
269 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
270 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
271 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
272 | };
273 |
274 | /*
275 | * SHA-1 final digest
276 | */
277 | void sha1_finish( sha1_context *ctx, unsigned char output[20] )
278 | {
279 | uint32_t last, padn;
280 | uint32_t high, low;
281 | unsigned char msglen[8];
282 |
283 | high = ( ctx->total[0] >> 29 )
284 | | ( ctx->total[1] << 3 );
285 | low = ( ctx->total[0] << 3 );
286 |
287 | PUT_UINT32_BE( high, msglen, 0 );
288 | PUT_UINT32_BE( low, msglen, 4 );
289 |
290 | last = ctx->total[0] & 0x3F;
291 | padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
292 |
293 | sha1_update( ctx, sha1_padding, padn );
294 | sha1_update( ctx, msglen, 8 );
295 |
296 | PUT_UINT32_BE( ctx->state[0], output, 0 );
297 | PUT_UINT32_BE( ctx->state[1], output, 4 );
298 | PUT_UINT32_BE( ctx->state[2], output, 8 );
299 | PUT_UINT32_BE( ctx->state[3], output, 12 );
300 | PUT_UINT32_BE( ctx->state[4], output, 16 );
301 | }
302 |
303 | /*
304 | * output = SHA-1( input buffer )
305 | */
306 | void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
307 | {
308 | sha1_context ctx;
309 |
310 | sha1_starts( &ctx );
311 | sha1_update( &ctx, input, ilen );
312 | sha1_finish( &ctx, output );
313 |
314 | memset( &ctx, 0, sizeof( sha1_context ) );
315 | }
316 |
317 | /*
318 | * SHA-1 HMAC context setup
319 | */
320 | void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keylen )
321 | {
322 | size_t i;
323 | unsigned char sum[20];
324 |
325 | if( keylen > 64 )
326 | {
327 | sha1( key, keylen, sum );
328 | keylen = 20;
329 | key = sum;
330 | }
331 |
332 | memset( ctx->ipad, 0x36, 64 );
333 | memset( ctx->opad, 0x5C, 64 );
334 |
335 | for( i = 0; i < keylen; i++ )
336 | {
337 | ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
338 | ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
339 | }
340 |
341 | sha1_starts( ctx );
342 | sha1_update( ctx, ctx->ipad, 64 );
343 |
344 | memset( sum, 0, sizeof( sum ) );
345 | }
346 |
347 | /*
348 | * SHA-1 HMAC process buffer
349 | */
350 | void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
351 | {
352 | sha1_update( ctx, input, ilen );
353 | }
354 |
355 | /*
356 | * SHA-1 HMAC final digest
357 | */
358 | void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
359 | {
360 | unsigned char tmpbuf[20];
361 |
362 | sha1_finish( ctx, tmpbuf );
363 | sha1_starts( ctx );
364 | sha1_update( ctx, ctx->opad, 64 );
365 | sha1_update( ctx, tmpbuf, 20 );
366 | sha1_finish( ctx, output );
367 |
368 | memset( tmpbuf, 0, sizeof( tmpbuf ) );
369 | }
370 |
371 | /*
372 | * SHA1 HMAC context reset
373 | */
374 | void sha1_hmac_reset( sha1_context *ctx )
375 | {
376 | sha1_starts( ctx );
377 | sha1_update( ctx, ctx->ipad, 64 );
378 | }
379 |
380 | /*
381 | * output = HMAC-SHA-1( hmac key, input buffer )
382 | */
383 | void sha1_hmac( const unsigned char *key, size_t keylen,
384 | const unsigned char *input, size_t ilen,
385 | unsigned char output[20] )
386 | {
387 | sha1_context ctx;
388 |
389 | sha1_hmac_starts( &ctx, key, keylen );
390 | sha1_hmac_update( &ctx, input, ilen );
391 | sha1_hmac_finish( &ctx, output );
392 |
393 | memset( &ctx, 0, sizeof( sha1_context ) );
394 | }
--------------------------------------------------------------------------------
/Linux/sha1.h:
--------------------------------------------------------------------------------
1 | /**
2 | * \file sha1.h
3 | *
4 | * \brief SHA-1 cryptographic hash function
5 | *
6 | * Copyright (C) 2006-2013, Brainspark B.V.
7 | *
8 | * This file is part of PolarSSL (http://www.polarssl.org)
9 | * Lead Maintainer: Paul Bakker
10 | *
11 | * All rights reserved.
12 | *
13 | * This program is free software; you can redistribute it and/or modify
14 | * it under the terms of the GNU General Public License as published by
15 | * the Free Software Foundation; either version 2 of the License, or
16 | * (at your option) any later version.
17 | *
18 | * This program is distributed in the hope that it will be useful,
19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 | * GNU General Public License for more details.
22 | *
23 | * You should have received a copy of the GNU General Public License along
24 | * with this program; if not, write to the Free Software Foundation, Inc.,
25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 | */
27 | #include
28 |
29 | #ifdef _MSC_VER
30 | #include
31 | typedef UINT32 uint32_t;
32 | #else
33 | #include
34 | #endif
35 |
36 | #define POLARSSL_ERR_SHA1_FILE_IO_ERROR -0x0076 /**< Read/write error in file. */
37 |
38 | // Regular implementation
39 | //
40 |
41 | /**
42 | * \brief SHA-1 context structure
43 | */
44 | typedef struct
45 | {
46 | uint32_t total[2]; /*!< number of bytes processed */
47 | uint32_t state[5]; /*!< intermediate digest state */
48 | unsigned char buffer[64]; /*!< data block being processed */
49 |
50 | unsigned char ipad[64]; /*!< HMAC: inner padding */
51 | unsigned char opad[64]; /*!< HMAC: outer padding */
52 | }
53 | sha1_context;
54 |
55 | #ifdef __cplusplus
56 | extern "C" {
57 | #endif
58 |
59 | /**
60 | * \brief SHA-1 context setup
61 | *
62 | * \param ctx context to be initialized
63 | */
64 | void sha1_starts( sha1_context *ctx );
65 |
66 | /**
67 | * \brief SHA-1 process buffer
68 | *
69 | * \param ctx SHA-1 context
70 | * \param input buffer holding the data
71 | * \param ilen length of the input data
72 | */
73 | void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen );
74 |
75 | /**
76 | * \brief SHA-1 final digest
77 | *
78 | * \param ctx SHA-1 context
79 | * \param output SHA-1 checksum result
80 | */
81 | void sha1_finish( sha1_context *ctx, unsigned char output[20] );
82 |
83 | /* Internal use */
84 | void sha1_process( sha1_context *ctx, const unsigned char data[64] );
85 |
86 | #ifdef __cplusplus
87 | }
88 | #endif
89 |
90 | #ifdef __cplusplus
91 | extern "C" {
92 | #endif
93 |
94 | /**
95 | * \brief Output = SHA-1( input buffer )
96 | *
97 | * \param input buffer holding the data
98 | * \param ilen length of the input data
99 | * \param output SHA-1 checksum result
100 | */
101 | void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] );
102 |
103 | /**
104 | * \brief Output = SHA-1( file contents )
105 | *
106 | * \param path input file name
107 | * \param output SHA-1 checksum result
108 | *
109 | * \return 0 if successful, or POLARSSL_ERR_SHA1_FILE_IO_ERROR
110 | */
111 | int sha1_file( const char *path, unsigned char output[20] );
112 |
113 | /**
114 | * \brief SHA-1 HMAC context setup
115 | *
116 | * \param ctx HMAC context to be initialized
117 | * \param key HMAC secret key
118 | * \param keylen length of the HMAC key
119 | */
120 | void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keylen );
121 |
122 | /**
123 | * \brief SHA-1 HMAC process buffer
124 | *
125 | * \param ctx HMAC context
126 | * \param input buffer holding the data
127 | * \param ilen length of the input data
128 | */
129 | void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, size_t ilen );
130 |
131 | /**
132 | * \brief SHA-1 HMAC final digest
133 | *
134 | * \param ctx HMAC context
135 | * \param output SHA-1 HMAC checksum result
136 | */
137 | void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] );
138 |
139 | /**
140 | * \brief SHA-1 HMAC context reset
141 | *
142 | * \param ctx HMAC context to be reset
143 | */
144 | void sha1_hmac_reset( sha1_context *ctx );
145 |
146 | /**
147 | * \brief Output = HMAC-SHA-1( hmac key, input buffer )
148 | *
149 | * \param key HMAC secret key
150 | * \param keylen length of the HMAC key
151 | * \param input buffer holding the data
152 | * \param ilen length of the input data
153 | * \param output HMAC-SHA-1 result
154 | */
155 | void sha1_hmac( const unsigned char *key, size_t keylen,
156 | const unsigned char *input, size_t ilen,
157 | unsigned char output[20] );
158 |
159 | #ifdef __cplusplus
160 | }
161 | #endif
--------------------------------------------------------------------------------
/Linux/utils.c:
--------------------------------------------------------------------------------
1 | // Copyright (C) 2014 Hykem
2 | // Licensed under the terms of the GNU GPL, version 3
3 | // http://www.gnu.org/licenses/gpl-3.0.txt
4 |
5 | #include "utils.h"
6 | #include
7 | #include
8 |
9 | // Auxiliary functions (endian swap, xor and prng).
10 | short se16(short i)
11 | {
12 | return (((i & 0xFF00) >> 8) | ((i & 0xFF) << 8));
13 | }
14 |
15 | int se32(int i)
16 | {
17 | return ((i & 0xFF000000) >> 24) | ((i & 0xFF0000) >> 8) | ((i & 0xFF00) << 8) | ((i & 0xFF) << 24);
18 | }
19 |
20 | u64 se64(u64 i)
21 | {
22 | return ((i & 0x00000000000000ff) << 56) | ((i & 0x000000000000ff00) << 40) |
23 | ((i & 0x0000000000ff0000) << 24) | ((i & 0x00000000ff000000) << 8) |
24 | ((i & 0x000000ff00000000) >> 8) | ((i & 0x0000ff0000000000) >> 24) |
25 | ((i & 0x00ff000000000000) >> 40) | ((i & 0xff00000000000000) >> 56);
26 | }
27 |
28 | void xor(unsigned char *dest, unsigned char *src1, unsigned char *src2, int size)
29 | {
30 | int i;
31 | for(i = 0; i < size; i++)
32 | {
33 | dest[i] = src1[i] ^ src2[i];
34 | }
35 | }
36 |
37 | void prng(unsigned char *dest, int size)
38 | {
39 | unsigned char *buffer = (unsigned char *) malloc (size);
40 | srand((u32)time(0));
41 |
42 | int i;
43 | for(i = 0; i < size; i++)
44 | buffer[i] = (unsigned char)(rand() & 0xFF);
45 |
46 | memcpy(dest, buffer, size);
47 |
48 | free(buffer);
49 | }
50 |
51 | // Hex string conversion auxiliary functions.
52 | u64 hex_to_u64(const char* hex_str)
53 | {
54 | u32 length = strlen(hex_str);
55 | u64 tmp = 0;
56 | u64 result = 0;
57 | char c;
58 |
59 | while (length--)
60 | {
61 | c = *hex_str++;
62 | if((c >= '0') && (c <= '9'))
63 | tmp = c - '0';
64 | else if((c >= 'a') && (c <= 'f'))
65 | tmp = c - 'a' + 10;
66 | else if((c >= 'A') && (c <= 'F'))
67 | tmp = c - 'A' + 10;
68 | else
69 | tmp = 0;
70 | result |= (tmp << (length * 4));
71 | }
72 |
73 | return result;
74 | }
75 |
76 | void hex_to_bytes(unsigned char *data, const char *hex_str, unsigned int str_length)
77 | {
78 | u32 data_length = str_length / 2;
79 | char tmp_buf[3] = {0, 0, 0};
80 |
81 | // Don't convert if the string length is odd.
82 | if (!(str_length % 2))
83 | {
84 | u8 *out = (u8 *) malloc (str_length * sizeof(u8));
85 | u8 *pos = out;
86 |
87 | while (str_length--)
88 | {
89 | tmp_buf[0] = *hex_str++;
90 | tmp_buf[1] = *hex_str++;
91 |
92 | *pos++ = (u8)(hex_to_u64(tmp_buf) & 0xFF);
93 | }
94 |
95 | // Copy back to our array.
96 | memcpy(data, out, data_length);
97 | }
98 | }
99 |
100 | bool is_hex(const char* hex_str, unsigned int str_length)
101 | {
102 | static const char hex_chars[] = "0123456789abcdefABCDEF";
103 |
104 | if (hex_str == NULL)
105 | return false;
106 |
107 | unsigned int i;
108 | for (i = 0; i < str_length; i++)
109 | {
110 | if (strchr(hex_chars, hex_str[i]) == 0)
111 | return false;
112 | }
113 |
114 | return true;
115 | }
116 |
117 | // Crypto functions (AES128-CBC, AES128-ECB, SHA1-HMAC and AES-CMAC).
118 | void aescbc128_decrypt(unsigned char *key, unsigned char *iv, unsigned char *in, unsigned char *out, int len)
119 | {
120 | aes_context ctx;
121 | aes_setkey_dec(&ctx, key, 128);
122 | aes_crypt_cbc(&ctx, AES_DECRYPT, len, iv, in, out);
123 |
124 | // Reset the IV.
125 | memset(iv, 0, 0x10);
126 | }
127 |
128 | void aescbc128_encrypt(unsigned char *key, unsigned char *iv, unsigned char *in, unsigned char *out, int len)
129 | {
130 | aes_context ctx;
131 | aes_setkey_enc(&ctx, key, 128);
132 | aes_crypt_cbc(&ctx, AES_ENCRYPT, len, iv, in, out);
133 |
134 | // Reset the IV.
135 | memset(iv, 0, 0x10);
136 | }
137 |
138 | void aesecb128_encrypt(unsigned char *key, unsigned char *in, unsigned char *out)
139 | {
140 | aes_context ctx;
141 | aes_setkey_enc(&ctx, key, 128);
142 | aes_crypt_ecb(&ctx, AES_ENCRYPT, in, out);
143 | }
144 |
145 | bool hmac_hash_compare(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash)
146 | {
147 | unsigned char *out = (unsigned char *) malloc (key_len);
148 |
149 | sha1_hmac(key, key_len, in, in_len, out);
150 |
151 | int i;
152 | for (i = 0; i < 0x10; i++)
153 | {
154 | if (out[i] != hash[i])
155 | {
156 | free(out);
157 | return false;
158 | }
159 | }
160 |
161 | free(out);
162 |
163 | return true;
164 | }
165 |
166 | void hmac_hash_forge(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash)
167 | {
168 | sha1_hmac(key, key_len, in, in_len, hash);
169 | }
170 |
171 | bool cmac_hash_compare(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash)
172 | {
173 | unsigned char *out = (unsigned char *) malloc (key_len);
174 |
175 | aes_context ctx;
176 | aes_setkey_enc(&ctx, key, 128);
177 | aes_cmac(&ctx, in_len, in, out);
178 |
179 | int i;
180 | for (i = 0; i < 0x10; i++)
181 | {
182 | if (out[i] != hash[i])
183 | {
184 | free(out);
185 | return false;
186 | }
187 | }
188 |
189 | free(out);
190 |
191 | return true;
192 | }
193 |
194 | void cmac_hash_forge(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash)
195 | {
196 | aes_context ctx;
197 | aes_setkey_enc(&ctx, key, 128);
198 | aes_cmac(&ctx, in_len, in, hash);
199 | }
--------------------------------------------------------------------------------
/Linux/utils.h:
--------------------------------------------------------------------------------
1 | // Copyright (C) 2014 Hykem
2 | // Licensed under the terms of the GNU GPL, version 3
3 | // http://www.gnu.org/licenses/gpl-3.0.txt
4 |
5 | #include
6 | #include "aes.h"
7 | #include "sha1.h"
8 | #include "lz.h"
9 |
10 | typedef unsigned long long u64;
11 | typedef unsigned int u32;
12 | typedef unsigned short u16;
13 | typedef unsigned char u8;
14 |
15 | // Auxiliary functions (endian swap, xor and prng).
16 | short se16(short i);
17 | int se32(int i);
18 | u64 se64(u64 i);
19 | void xor(unsigned char *dest, unsigned char *src1, unsigned char *src2, int size);
20 | void prng(unsigned char *dest, int size);
21 |
22 | // Hex string conversion auxiliary functions.
23 | u64 hex_to_u64(const char* hex_str);
24 | void hex_to_bytes(unsigned char *data, const char *hex_str, unsigned int str_length);
25 | bool is_hex(const char* hex_str, unsigned int str_length);
26 |
27 | // Crypto functions (AES128-CBC, AES128-ECB, SHA1-HMAC and AES-CMAC).
28 | void aescbc128_decrypt(unsigned char *key, unsigned char *iv, unsigned char *in, unsigned char *out, int len);
29 | void aescbc128_encrypt(unsigned char *key, unsigned char *iv, unsigned char *in, unsigned char *out, int len);
30 | void aesecb128_encrypt(unsigned char *key, unsigned char *in, unsigned char *out);
31 | bool hmac_hash_compare(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash);
32 | void hmac_hash_forge(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash);
33 | bool cmac_hash_compare(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash);
34 | void cmac_hash_forge(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash);
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | make_npdata
2 | ==========
3 |
4 | Tool to encrypt/decrypt/bruteforce EDAT/SDAT files from PS3 games. Written by **Hykem**.
5 |
6 | This tool aims to provide a fully working open-source solution for EDAT/SDAT file handling.
7 | It supports EDAT/SDAT decryption and decompression, encryption (compression is not yet implemented)
8 | and dev_klic brute-forcing.
9 |
10 | Credits
11 | -------
12 |
13 | JuanNadie (original EDAT algorithm implementation and research)
14 |
15 | flat_z (rap2rifkey algorithm)
16 |
17 | Snowydew, KDSBest and qoobz (EDAT related tools and source code)
18 |
--------------------------------------------------------------------------------
/Windows/make_npdata.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 2012
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "make_npdata", "src\make_npdata.vcxproj", "{B86E1508-26B6-465B-ABEC-A35E07E2A187}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Win32 = Debug|Win32
9 | Release|Win32 = Release|Win32
10 | EndGlobalSection
11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | {B86E1508-26B6-465B-ABEC-A35E07E2A187}.Debug|Win32.ActiveCfg = Debug|Win32
13 | {B86E1508-26B6-465B-ABEC-A35E07E2A187}.Debug|Win32.Build.0 = Debug|Win32
14 | {B86E1508-26B6-465B-ABEC-A35E07E2A187}.Release|Win32.ActiveCfg = Release|Win32
15 | {B86E1508-26B6-465B-ABEC-A35E07E2A187}.Release|Win32.Build.0 = Release|Win32
16 | EndGlobalSection
17 | GlobalSection(SolutionProperties) = preSolution
18 | HideSolutionNode = FALSE
19 | EndGlobalSection
20 | EndGlobal
21 |
--------------------------------------------------------------------------------
/Windows/src/aes.cpp:
--------------------------------------------------------------------------------
1 | /*
2 | * FIPS-197 compliant AES implementation
3 | *
4 | * Copyright (C) 2006-2013, Brainspark B.V.
5 | *
6 | * This file is part of PolarSSL (http://www.polarssl.org)
7 | * Lead Maintainer: Paul Bakker
8 | *
9 | * All rights reserved.
10 | *
11 | * This program is free software; you can redistribute it and/or modify
12 | * it under the terms of the GNU General Public License as published by
13 | * the Free Software Foundation; either version 2 of the License, or
14 | * (at your option) any later version.
15 | *
16 | * This program is distributed in the hope that it will be useful,
17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 | * GNU General Public License for more details.
20 | *
21 | * You should have received a copy of the GNU General Public License along
22 | * with this program; if not, write to the Free Software Foundation, Inc.,
23 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 | */
25 | /*
26 | * The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
27 | *
28 | * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
29 | * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
30 | */
31 |
32 | #include "aes.h"
33 |
34 | /*
35 | * 32-bit integer manipulation macros (little endian)
36 | */
37 | #ifndef GET_UINT32_LE
38 | #define GET_UINT32_LE(n,b,i) \
39 | { \
40 | (n) = ( (uint32_t) (b)[(i) ] ) \
41 | | ( (uint32_t) (b)[(i) + 1] << 8 ) \
42 | | ( (uint32_t) (b)[(i) + 2] << 16 ) \
43 | | ( (uint32_t) (b)[(i) + 3] << 24 ); \
44 | }
45 | #endif
46 |
47 | #ifndef PUT_UINT32_LE
48 | #define PUT_UINT32_LE(n,b,i) \
49 | { \
50 | (b)[(i) ] = (unsigned char) ( (n) ); \
51 | (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
52 | (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
53 | (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
54 | }
55 | #endif
56 |
57 | #if defined(POLARSSL_AES_ROM_TABLES)
58 | /*
59 | * Forward S-box
60 | */
61 | static const unsigned char FSb[256] =
62 | {
63 | 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
64 | 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
65 | 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
66 | 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
67 | 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
68 | 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
69 | 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
70 | 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
71 | 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
72 | 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
73 | 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
74 | 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
75 | 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
76 | 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
77 | 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
78 | 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
79 | 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
80 | 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
81 | 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
82 | 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
83 | 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
84 | 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
85 | 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
86 | 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
87 | 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
88 | 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
89 | 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
90 | 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
91 | 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
92 | 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
93 | 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
94 | 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
95 | };
96 |
97 | /*
98 | * Forward tables
99 | */
100 | #define FT \
101 | \
102 | V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \
103 | V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \
104 | V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \
105 | V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \
106 | V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \
107 | V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \
108 | V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \
109 | V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \
110 | V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \
111 | V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \
112 | V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \
113 | V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \
114 | V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \
115 | V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \
116 | V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \
117 | V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \
118 | V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \
119 | V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \
120 | V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \
121 | V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \
122 | V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \
123 | V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \
124 | V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \
125 | V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \
126 | V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \
127 | V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \
128 | V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \
129 | V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \
130 | V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \
131 | V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \
132 | V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \
133 | V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \
134 | V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \
135 | V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \
136 | V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \
137 | V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \
138 | V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \
139 | V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \
140 | V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \
141 | V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \
142 | V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \
143 | V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \
144 | V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \
145 | V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \
146 | V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \
147 | V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \
148 | V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \
149 | V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \
150 | V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \
151 | V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \
152 | V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \
153 | V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \
154 | V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \
155 | V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \
156 | V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \
157 | V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \
158 | V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \
159 | V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \
160 | V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \
161 | V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \
162 | V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \
163 | V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \
164 | V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \
165 | V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C)
166 |
167 | #define V(a,b,c,d) 0x##a##b##c##d
168 | static const uint32_t FT0[256] = { FT };
169 | #undef V
170 |
171 | #define V(a,b,c,d) 0x##b##c##d##a
172 | static const uint32_t FT1[256] = { FT };
173 | #undef V
174 |
175 | #define V(a,b,c,d) 0x##c##d##a##b
176 | static const uint32_t FT2[256] = { FT };
177 | #undef V
178 |
179 | #define V(a,b,c,d) 0x##d##a##b##c
180 | static const uint32_t FT3[256] = { FT };
181 | #undef V
182 |
183 | #undef FT
184 |
185 | /*
186 | * Reverse S-box
187 | */
188 | static const unsigned char RSb[256] =
189 | {
190 | 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
191 | 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
192 | 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
193 | 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
194 | 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D,
195 | 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
196 | 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2,
197 | 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
198 | 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
199 | 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
200 | 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA,
201 | 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
202 | 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A,
203 | 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
204 | 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
205 | 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
206 | 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA,
207 | 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
208 | 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85,
209 | 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
210 | 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
211 | 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
212 | 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20,
213 | 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
214 | 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31,
215 | 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
216 | 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
217 | 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
218 | 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0,
219 | 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
220 | 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
221 | 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
222 | };
223 |
224 | /*
225 | * Reverse tables
226 | */
227 | #define RT \
228 | \
229 | V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \
230 | V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \
231 | V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \
232 | V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \
233 | V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \
234 | V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \
235 | V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \
236 | V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \
237 | V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \
238 | V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \
239 | V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \
240 | V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \
241 | V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \
242 | V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \
243 | V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \
244 | V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \
245 | V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \
246 | V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \
247 | V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \
248 | V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \
249 | V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \
250 | V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \
251 | V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \
252 | V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \
253 | V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \
254 | V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \
255 | V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \
256 | V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \
257 | V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \
258 | V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \
259 | V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \
260 | V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \
261 | V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \
262 | V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \
263 | V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \
264 | V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \
265 | V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \
266 | V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \
267 | V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \
268 | V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \
269 | V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \
270 | V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \
271 | V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \
272 | V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \
273 | V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \
274 | V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \
275 | V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \
276 | V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \
277 | V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \
278 | V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \
279 | V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \
280 | V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \
281 | V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \
282 | V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \
283 | V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \
284 | V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \
285 | V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \
286 | V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \
287 | V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \
288 | V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \
289 | V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \
290 | V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \
291 | V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \
292 | V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
293 |
294 | #define V(a,b,c,d) 0x##a##b##c##d
295 | static const uint32_t RT0[256] = { RT };
296 | #undef V
297 |
298 | #define V(a,b,c,d) 0x##b##c##d##a
299 | static const uint32_t RT1[256] = { RT };
300 | #undef V
301 |
302 | #define V(a,b,c,d) 0x##c##d##a##b
303 | static const uint32_t RT2[256] = { RT };
304 | #undef V
305 |
306 | #define V(a,b,c,d) 0x##d##a##b##c
307 | static const uint32_t RT3[256] = { RT };
308 | #undef V
309 |
310 | #undef RT
311 |
312 | /*
313 | * Round constants
314 | */
315 | static const uint32_t RCON[10] =
316 | {
317 | 0x00000001, 0x00000002, 0x00000004, 0x00000008,
318 | 0x00000010, 0x00000020, 0x00000040, 0x00000080,
319 | 0x0000001B, 0x00000036
320 | };
321 |
322 | #else
323 |
324 | /*
325 | * Forward S-box & tables
326 | */
327 | static unsigned char FSb[256];
328 | static uint32_t FT0[256];
329 | static uint32_t FT1[256];
330 | static uint32_t FT2[256];
331 | static uint32_t FT3[256];
332 |
333 | /*
334 | * Reverse S-box & tables
335 | */
336 | static unsigned char RSb[256];
337 | static uint32_t RT0[256];
338 | static uint32_t RT1[256];
339 | static uint32_t RT2[256];
340 | static uint32_t RT3[256];
341 |
342 | /*
343 | * Round constants
344 | */
345 | static uint32_t RCON[10];
346 |
347 | /*
348 | * Tables generation code
349 | */
350 | #define ROTL8(x) ( ( x << 8 ) & 0xFFFFFFFF ) | ( x >> 24 )
351 | #define XTIME(x) ( ( x << 1 ) ^ ( ( x & 0x80 ) ? 0x1B : 0x00 ) )
352 | #define MUL(x,y) ( ( x && y ) ? pow[(log[x]+log[y]) % 255] : 0 )
353 |
354 | static int aes_init_done = 0;
355 |
356 | static void aes_gen_tables( void )
357 | {
358 | int i, x, y, z;
359 | int pow[256];
360 | int log[256];
361 |
362 | /*
363 | * compute pow and log tables over GF(2^8)
364 | */
365 | for( i = 0, x = 1; i < 256; i++ )
366 | {
367 | pow[i] = x;
368 | log[x] = i;
369 | x = ( x ^ XTIME( x ) ) & 0xFF;
370 | }
371 |
372 | /*
373 | * calculate the round constants
374 | */
375 | for( i = 0, x = 1; i < 10; i++ )
376 | {
377 | RCON[i] = (uint32_t) x;
378 | x = XTIME( x ) & 0xFF;
379 | }
380 |
381 | /*
382 | * generate the forward and reverse S-boxes
383 | */
384 | FSb[0x00] = 0x63;
385 | RSb[0x63] = 0x00;
386 |
387 | for( i = 1; i < 256; i++ )
388 | {
389 | x = pow[255 - log[i]];
390 |
391 | y = x; y = ( (y << 1) | (y >> 7) ) & 0xFF;
392 | x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF;
393 | x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF;
394 | x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF;
395 | x ^= y ^ 0x63;
396 |
397 | FSb[i] = (unsigned char) x;
398 | RSb[x] = (unsigned char) i;
399 | }
400 |
401 | /*
402 | * generate the forward and reverse tables
403 | */
404 | for( i = 0; i < 256; i++ )
405 | {
406 | x = FSb[i];
407 | y = XTIME( x ) & 0xFF;
408 | z = ( y ^ x ) & 0xFF;
409 |
410 | FT0[i] = ( (uint32_t) y ) ^
411 | ( (uint32_t) x << 8 ) ^
412 | ( (uint32_t) x << 16 ) ^
413 | ( (uint32_t) z << 24 );
414 |
415 | FT1[i] = ROTL8( FT0[i] );
416 | FT2[i] = ROTL8( FT1[i] );
417 | FT3[i] = ROTL8( FT2[i] );
418 |
419 | x = RSb[i];
420 |
421 | RT0[i] = ( (uint32_t) MUL( 0x0E, x ) ) ^
422 | ( (uint32_t) MUL( 0x09, x ) << 8 ) ^
423 | ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^
424 | ( (uint32_t) MUL( 0x0B, x ) << 24 );
425 |
426 | RT1[i] = ROTL8( RT0[i] );
427 | RT2[i] = ROTL8( RT1[i] );
428 | RT3[i] = ROTL8( RT2[i] );
429 | }
430 | }
431 |
432 | #endif
433 |
434 | /*
435 | * AES key schedule (encryption)
436 | */
437 | int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned int keysize )
438 | {
439 | unsigned int i;
440 | uint32_t *RK;
441 |
442 | #if !defined(POLARSSL_AES_ROM_TABLES)
443 | if( aes_init_done == 0 )
444 | {
445 | aes_gen_tables();
446 | aes_init_done = 1;
447 |
448 | }
449 | #endif
450 |
451 | switch( keysize )
452 | {
453 | case 128: ctx->nr = 10; break;
454 | case 192: ctx->nr = 12; break;
455 | case 256: ctx->nr = 14; break;
456 | default : return( POLARSSL_ERR_AES_INVALID_KEY_LENGTH );
457 | }
458 |
459 | ctx->rk = RK = ctx->buf;
460 |
461 | for( i = 0; i < (keysize >> 5); i++ )
462 | {
463 | GET_UINT32_LE( RK[i], key, i << 2 );
464 | }
465 |
466 | switch( ctx->nr )
467 | {
468 | case 10:
469 |
470 | for( i = 0; i < 10; i++, RK += 4 )
471 | {
472 | RK[4] = RK[0] ^ RCON[i] ^
473 | ( (uint32_t) FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^
474 | ( (uint32_t) FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^
475 | ( (uint32_t) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^
476 | ( (uint32_t) FSb[ ( RK[3] ) & 0xFF ] << 24 );
477 |
478 | RK[5] = RK[1] ^ RK[4];
479 | RK[6] = RK[2] ^ RK[5];
480 | RK[7] = RK[3] ^ RK[6];
481 | }
482 | break;
483 |
484 | case 12:
485 |
486 | for( i = 0; i < 8; i++, RK += 6 )
487 | {
488 | RK[6] = RK[0] ^ RCON[i] ^
489 | ( (uint32_t) FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^
490 | ( (uint32_t) FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^
491 | ( (uint32_t) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^
492 | ( (uint32_t) FSb[ ( RK[5] ) & 0xFF ] << 24 );
493 |
494 | RK[7] = RK[1] ^ RK[6];
495 | RK[8] = RK[2] ^ RK[7];
496 | RK[9] = RK[3] ^ RK[8];
497 | RK[10] = RK[4] ^ RK[9];
498 | RK[11] = RK[5] ^ RK[10];
499 | }
500 | break;
501 |
502 | case 14:
503 |
504 | for( i = 0; i < 7; i++, RK += 8 )
505 | {
506 | RK[8] = RK[0] ^ RCON[i] ^
507 | ( (uint32_t) FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^
508 | ( (uint32_t) FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^
509 | ( (uint32_t) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^
510 | ( (uint32_t) FSb[ ( RK[7] ) & 0xFF ] << 24 );
511 |
512 | RK[9] = RK[1] ^ RK[8];
513 | RK[10] = RK[2] ^ RK[9];
514 | RK[11] = RK[3] ^ RK[10];
515 |
516 | RK[12] = RK[4] ^
517 | ( (uint32_t) FSb[ ( RK[11] ) & 0xFF ] ) ^
518 | ( (uint32_t) FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^
519 | ( (uint32_t) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^
520 | ( (uint32_t) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 );
521 |
522 | RK[13] = RK[5] ^ RK[12];
523 | RK[14] = RK[6] ^ RK[13];
524 | RK[15] = RK[7] ^ RK[14];
525 | }
526 | break;
527 |
528 | default:
529 |
530 | break;
531 | }
532 |
533 | return( 0 );
534 | }
535 |
536 | /*
537 | * AES key schedule (decryption)
538 | */
539 | int aes_setkey_dec( aes_context *ctx, const unsigned char *key, unsigned int keysize )
540 | {
541 | int i, j;
542 | aes_context cty;
543 | uint32_t *RK;
544 | uint32_t *SK;
545 | int ret;
546 |
547 | switch( keysize )
548 | {
549 | case 128: ctx->nr = 10; break;
550 | case 192: ctx->nr = 12; break;
551 | case 256: ctx->nr = 14; break;
552 | default : return( POLARSSL_ERR_AES_INVALID_KEY_LENGTH );
553 | }
554 |
555 | ctx->rk = RK = ctx->buf;
556 |
557 | ret = aes_setkey_enc( &cty, key, keysize );
558 | if( ret != 0 )
559 | return( ret );
560 |
561 | SK = cty.rk + cty.nr * 4;
562 |
563 | *RK++ = *SK++;
564 | *RK++ = *SK++;
565 | *RK++ = *SK++;
566 | *RK++ = *SK++;
567 |
568 | for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 )
569 | {
570 | for( j = 0; j < 4; j++, SK++ )
571 | {
572 | *RK++ = RT0[ FSb[ ( *SK ) & 0xFF ] ] ^
573 | RT1[ FSb[ ( *SK >> 8 ) & 0xFF ] ] ^
574 | RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^
575 | RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ];
576 | }
577 | }
578 |
579 | *RK++ = *SK++;
580 | *RK++ = *SK++;
581 | *RK++ = *SK++;
582 | *RK++ = *SK++;
583 |
584 | memset( &cty, 0, sizeof( aes_context ) );
585 |
586 | return( 0 );
587 | }
588 |
589 | #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
590 | { \
591 | X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \
592 | FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
593 | FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
594 | FT3[ ( Y3 >> 24 ) & 0xFF ]; \
595 | \
596 | X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \
597 | FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
598 | FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
599 | FT3[ ( Y0 >> 24 ) & 0xFF ]; \
600 | \
601 | X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \
602 | FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
603 | FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
604 | FT3[ ( Y1 >> 24 ) & 0xFF ]; \
605 | \
606 | X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \
607 | FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
608 | FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
609 | FT3[ ( Y2 >> 24 ) & 0xFF ]; \
610 | }
611 |
612 | #define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
613 | { \
614 | X0 = *RK++ ^ RT0[ ( Y0 ) & 0xFF ] ^ \
615 | RT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
616 | RT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
617 | RT3[ ( Y1 >> 24 ) & 0xFF ]; \
618 | \
619 | X1 = *RK++ ^ RT0[ ( Y1 ) & 0xFF ] ^ \
620 | RT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
621 | RT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
622 | RT3[ ( Y2 >> 24 ) & 0xFF ]; \
623 | \
624 | X2 = *RK++ ^ RT0[ ( Y2 ) & 0xFF ] ^ \
625 | RT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
626 | RT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
627 | RT3[ ( Y3 >> 24 ) & 0xFF ]; \
628 | \
629 | X3 = *RK++ ^ RT0[ ( Y3 ) & 0xFF ] ^ \
630 | RT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
631 | RT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
632 | RT3[ ( Y0 >> 24 ) & 0xFF ]; \
633 | }
634 |
635 | /*
636 | * AES-ECB block encryption/decryption
637 | */
638 | int aes_crypt_ecb( aes_context *ctx,
639 | int mode,
640 | const unsigned char input[16],
641 | unsigned char output[16] )
642 | {
643 | int i;
644 | uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
645 |
646 | RK = ctx->rk;
647 |
648 | GET_UINT32_LE( X0, input, 0 ); X0 ^= *RK++;
649 | GET_UINT32_LE( X1, input, 4 ); X1 ^= *RK++;
650 | GET_UINT32_LE( X2, input, 8 ); X2 ^= *RK++;
651 | GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++;
652 |
653 | if( mode == AES_DECRYPT )
654 | {
655 | for( i = (ctx->nr >> 1) - 1; i > 0; i-- )
656 | {
657 | AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
658 | AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
659 | }
660 |
661 | AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
662 |
663 | X0 = *RK++ ^ \
664 | ( (uint32_t) RSb[ ( Y0 ) & 0xFF ] ) ^
665 | ( (uint32_t) RSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
666 | ( (uint32_t) RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
667 | ( (uint32_t) RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
668 |
669 | X1 = *RK++ ^ \
670 | ( (uint32_t) RSb[ ( Y1 ) & 0xFF ] ) ^
671 | ( (uint32_t) RSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
672 | ( (uint32_t) RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
673 | ( (uint32_t) RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
674 |
675 | X2 = *RK++ ^ \
676 | ( (uint32_t) RSb[ ( Y2 ) & 0xFF ] ) ^
677 | ( (uint32_t) RSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
678 | ( (uint32_t) RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
679 | ( (uint32_t) RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
680 |
681 | X3 = *RK++ ^ \
682 | ( (uint32_t) RSb[ ( Y3 ) & 0xFF ] ) ^
683 | ( (uint32_t) RSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
684 | ( (uint32_t) RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
685 | ( (uint32_t) RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
686 | }
687 | else /* AES_ENCRYPT */
688 | {
689 | for( i = (ctx->nr >> 1) - 1; i > 0; i-- )
690 | {
691 | AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
692 | AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
693 | }
694 |
695 | AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
696 |
697 | X0 = *RK++ ^ \
698 | ( (uint32_t) FSb[ ( Y0 ) & 0xFF ] ) ^
699 | ( (uint32_t) FSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
700 | ( (uint32_t) FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
701 | ( (uint32_t) FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
702 |
703 | X1 = *RK++ ^ \
704 | ( (uint32_t) FSb[ ( Y1 ) & 0xFF ] ) ^
705 | ( (uint32_t) FSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
706 | ( (uint32_t) FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
707 | ( (uint32_t) FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
708 |
709 | X2 = *RK++ ^ \
710 | ( (uint32_t) FSb[ ( Y2 ) & 0xFF ] ) ^
711 | ( (uint32_t) FSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
712 | ( (uint32_t) FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
713 | ( (uint32_t) FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
714 |
715 | X3 = *RK++ ^ \
716 | ( (uint32_t) FSb[ ( Y3 ) & 0xFF ] ) ^
717 | ( (uint32_t) FSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
718 | ( (uint32_t) FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
719 | ( (uint32_t) FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
720 | }
721 |
722 | PUT_UINT32_LE( X0, output, 0 );
723 | PUT_UINT32_LE( X1, output, 4 );
724 | PUT_UINT32_LE( X2, output, 8 );
725 | PUT_UINT32_LE( X3, output, 12 );
726 |
727 | return( 0 );
728 | }
729 |
730 | /*
731 | * AES-CBC buffer encryption/decryption
732 | */
733 | int aes_crypt_cbc( aes_context *ctx,
734 | int mode,
735 | size_t length,
736 | unsigned char iv[16],
737 | const unsigned char *input,
738 | unsigned char *output )
739 | {
740 | int i;
741 | unsigned char temp[16];
742 |
743 | if( length % 16 )
744 | return( POLARSSL_ERR_AES_INVALID_INPUT_LENGTH );
745 |
746 | if( mode == AES_DECRYPT )
747 | {
748 | while( length > 0 )
749 | {
750 | memcpy( temp, input, 16 );
751 | aes_crypt_ecb( ctx, mode, input, output );
752 |
753 | for( i = 0; i < 16; i++ )
754 | output[i] = (unsigned char)( output[i] ^ iv[i] );
755 |
756 | memcpy( iv, temp, 16 );
757 |
758 | input += 16;
759 | output += 16;
760 | length -= 16;
761 | }
762 | }
763 | else
764 | {
765 | while( length > 0 )
766 | {
767 | for( i = 0; i < 16; i++ )
768 | output[i] = (unsigned char)( input[i] ^ iv[i] );
769 |
770 | aes_crypt_ecb( ctx, mode, output, output );
771 | memcpy( iv, output, 16 );
772 |
773 | input += 16;
774 | output += 16;
775 | length -= 16;
776 | }
777 | }
778 |
779 | return( 0 );
780 | }
781 |
782 | /*
783 | * AES-CFB128 buffer encryption/decryption
784 | */
785 | int aes_crypt_cfb128( aes_context *ctx,
786 | int mode,
787 | size_t length,
788 | size_t *iv_off,
789 | unsigned char iv[16],
790 | const unsigned char *input,
791 | unsigned char *output )
792 | {
793 | int c;
794 | size_t n = *iv_off;
795 |
796 | if( mode == AES_DECRYPT )
797 | {
798 | while( length-- )
799 | {
800 | if( n == 0 )
801 | aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
802 |
803 | c = *input++;
804 | *output++ = (unsigned char)( c ^ iv[n] );
805 | iv[n] = (unsigned char) c;
806 |
807 | n = (n + 1) & 0x0F;
808 | }
809 | }
810 | else
811 | {
812 | while( length-- )
813 | {
814 | if( n == 0 )
815 | aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
816 |
817 | iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
818 |
819 | n = (n + 1) & 0x0F;
820 | }
821 | }
822 |
823 | *iv_off = n;
824 |
825 | return( 0 );
826 | }
827 |
828 | /*
829 | * AES-CTR buffer encryption/decryption
830 | */
831 | int aes_crypt_ctr( aes_context *ctx,
832 | size_t length,
833 | size_t *nc_off,
834 | unsigned char nonce_counter[16],
835 | unsigned char stream_block[16],
836 | const unsigned char *input,
837 | unsigned char *output )
838 | {
839 | int c, i;
840 | size_t n = *nc_off;
841 |
842 | while( length-- )
843 | {
844 | if( n == 0 ) {
845 | aes_crypt_ecb( ctx, AES_ENCRYPT, nonce_counter, stream_block );
846 |
847 | for( i = 16; i > 0; i-- )
848 | if( ++nonce_counter[i - 1] != 0 )
849 | break;
850 | }
851 | c = *input++;
852 | *output++ = (unsigned char)( c ^ stream_block[n] );
853 |
854 | n = (n + 1) & 0x0F;
855 | }
856 |
857 | *nc_off = n;
858 |
859 | return( 0 );
860 | }
861 |
862 | /* AES-CMAC */
863 |
864 | unsigned char const_Rb[16] = {
865 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
866 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87
867 | };
868 | unsigned char const_Zero[16] = {
869 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
870 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
871 | };
872 |
873 | void leftshift_onebit(unsigned char *input, unsigned char *output)
874 | {
875 | int i;
876 | unsigned char overflow = 0;
877 |
878 | for (i = 15; i >= 0; i--)
879 | {
880 | output[i] = input[i] << 1;
881 | output[i] |= overflow;
882 | overflow = (input[i] & 0x80) ? 1 : 0;
883 | }
884 | }
885 |
886 | void xor_128(unsigned char *a, unsigned char *b, unsigned char *out)
887 | {
888 | int i;
889 | for (i = 0; i < 16; i++)
890 | out[i] = a[i] ^ b[i];
891 | }
892 |
893 | void generate_subkey(aes_context *ctx, unsigned char *K1, unsigned char *K2)
894 | {
895 | unsigned char L[16];
896 | unsigned char Z[16];
897 | unsigned char tmp[16];
898 |
899 | int i;
900 | for (i = 0; i < 16; i++) Z[i] = 0;
901 |
902 | aes_crypt_ecb(ctx, AES_ENCRYPT, Z, L);
903 |
904 | if ((L[0] & 0x80) == 0)
905 | {
906 | leftshift_onebit(L,K1);
907 | } else {
908 | leftshift_onebit(L,tmp);
909 | xor_128(tmp,const_Rb,K1);
910 | }
911 |
912 | if ((K1[0] & 0x80) == 0)
913 | {
914 | leftshift_onebit(K1,K2);
915 | } else {
916 | leftshift_onebit(K1,tmp);
917 | xor_128(tmp,const_Rb,K2);
918 | }
919 | }
920 |
921 | void padding (unsigned char *lastb, unsigned char *pad, int length)
922 | {
923 | int i;
924 | for (i = 0; i < 16; i++)
925 | {
926 | if (i < length)
927 | pad[i] = lastb[i];
928 | else if (i == length)
929 | pad[i] = 0x80;
930 | else
931 | pad[i] = 0x00;
932 | }
933 | }
934 |
935 | void aes_cmac(aes_context *ctx, int length, unsigned char *input, unsigned char *output)
936 | {
937 | unsigned char X[16], Y[16], M_last[16], padded[16];
938 | unsigned char K1[16], K2[16];
939 | int n, i, flag;
940 | generate_subkey(ctx, K1, K2);
941 |
942 | n = (length + 15) / 16;
943 | if (n == 0)
944 | {
945 | n = 1;
946 | flag = 0;
947 | } else {
948 | if ((length % 16) == 0)
949 | flag = 1;
950 | else
951 | flag = 0;
952 | }
953 |
954 | if (flag)
955 | {
956 | xor_128(&input[16 * (n - 1)], K1, M_last);
957 | } else {
958 | padding(&input[16 * (n - 1)], padded, length % 16);
959 | xor_128(padded, K2, M_last);
960 | }
961 |
962 | for (i = 0; i < 16; i++) X[i] = 0;
963 | for (i = 0; i < n - 1; i++)
964 | {
965 | xor_128(X, &input[16*i], Y);
966 | aes_crypt_ecb(ctx, AES_ENCRYPT, Y, X);
967 | }
968 |
969 | xor_128(X,M_last,Y);
970 | aes_crypt_ecb(ctx, AES_ENCRYPT, Y, X);
971 |
972 | for (i = 0; i < 16; i++)
973 | output[i] = X[i];
974 | }
--------------------------------------------------------------------------------
/Windows/src/aes.h:
--------------------------------------------------------------------------------
1 | /**
2 | * \file aes.h
3 | *
4 | * \brief AES block cipher
5 | *
6 | * Copyright (C) 2006-2013, Brainspark B.V.
7 | *
8 | * This file is part of PolarSSL (http://www.polarssl.org)
9 | * Lead Maintainer: Paul Bakker
10 | *
11 | * All rights reserved.
12 | *
13 | * This program is free software; you can redistribute it and/or modify
14 | * it under the terms of the GNU General Public License as published by
15 | * the Free Software Foundation; either version 2 of the License, or
16 | * (at your option) any later version.
17 | *
18 | * This program is distributed in the hope that it will be useful,
19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 | * GNU General Public License for more details.
22 | *
23 | * You should have received a copy of the GNU General Public License along
24 | * with this program; if not, write to the Free Software Foundation, Inc.,
25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 | */
27 | #include
28 |
29 | #ifdef _MSC_VER
30 | #include
31 | typedef UINT32 uint32_t;
32 | #else
33 | #include
34 | #endif
35 |
36 | #define AES_ENCRYPT 1
37 | #define AES_DECRYPT 0
38 |
39 | #define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
40 | #define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
41 |
42 | // Regular implementation
43 | //
44 |
45 | /**
46 | * \brief AES context structure
47 | */
48 | typedef struct
49 | {
50 | int nr; /*!< number of rounds */
51 | uint32_t *rk; /*!< AES round keys */
52 | uint32_t buf[68]; /*!< unaligned data */
53 | }
54 | aes_context;
55 |
56 | #ifdef __cplusplus
57 | extern "C" {
58 | #endif
59 |
60 | /**
61 | * \brief AES key schedule (encryption)
62 | *
63 | * \param ctx AES context to be initialized
64 | * \param key encryption key
65 | * \param keysize must be 128, 192 or 256
66 | *
67 | * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
68 | */
69 | int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned int keysize );
70 |
71 | /**
72 | * \brief AES key schedule (decryption)
73 | *
74 | * \param ctx AES context to be initialized
75 | * \param key decryption key
76 | * \param keysize must be 128, 192 or 256
77 | *
78 | * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
79 | */
80 | int aes_setkey_dec( aes_context *ctx, const unsigned char *key, unsigned int keysize );
81 |
82 | /**
83 | * \brief AES-ECB block encryption/decryption
84 | *
85 | * \param ctx AES context
86 | * \param mode AES_ENCRYPT or AES_DECRYPT
87 | * \param input 16-byte input block
88 | * \param output 16-byte output block
89 | *
90 | * \return 0 if successful
91 | */
92 | int aes_crypt_ecb( aes_context *ctx,
93 | int mode,
94 | const unsigned char input[16],
95 | unsigned char output[16] );
96 |
97 | /**
98 | * \brief AES-CBC buffer encryption/decryption
99 | * Length should be a multiple of the block
100 | * size (16 bytes)
101 | *
102 | * \param ctx AES context
103 | * \param mode AES_ENCRYPT or AES_DECRYPT
104 | * \param length length of the input data
105 | * \param iv initialization vector (updated after use)
106 | * \param input buffer holding the input data
107 | * \param output buffer holding the output data
108 | *
109 | * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_INPUT_LENGTH
110 | */
111 | int aes_crypt_cbc( aes_context *ctx,
112 | int mode,
113 | size_t length,
114 | unsigned char iv[16],
115 | const unsigned char *input,
116 | unsigned char *output );
117 |
118 | /**
119 | * \brief AES-CFB128 buffer encryption/decryption.
120 | *
121 | * Note: Due to the nature of CFB you should use the same key schedule for
122 | * both encryption and decryption. So a context initialized with
123 | * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
124 | *
125 | * both
126 | * \param ctx AES context
127 | * \param mode AES_ENCRYPT or AES_DECRYPT
128 | * \param length length of the input data
129 | * \param iv_off offset in IV (updated after use)
130 | * \param iv initialization vector (updated after use)
131 | * \param input buffer holding the input data
132 | * \param output buffer holding the output data
133 | *
134 | * \return 0 if successful
135 | */
136 | int aes_crypt_cfb128( aes_context *ctx,
137 | int mode,
138 | size_t length,
139 | size_t *iv_off,
140 | unsigned char iv[16],
141 | const unsigned char *input,
142 | unsigned char *output );
143 |
144 | /**
145 | * \brief AES-CTR buffer encryption/decryption
146 | *
147 | * Warning: You have to keep the maximum use of your counter in mind!
148 | *
149 | * Note: Due to the nature of CTR you should use the same key schedule for
150 | * both encryption and decryption. So a context initialized with
151 | * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
152 | *
153 | * \param length The length of the data
154 | * \param nc_off The offset in the current stream_block (for resuming
155 | * within current cipher stream). The offset pointer to
156 | * should be 0 at the start of a stream.
157 | * \param nonce_counter The 128-bit nonce and counter.
158 | * \param stream_block The saved stream-block for resuming. Is overwritten
159 | * by the function.
160 | * \param input The input data stream
161 | * \param output The output data stream
162 | *
163 | * \return 0 if successful
164 | */
165 | int aes_crypt_ctr( aes_context *ctx,
166 | size_t length,
167 | size_t *nc_off,
168 | unsigned char nonce_counter[16],
169 | unsigned char stream_block[16],
170 | const unsigned char *input,
171 | unsigned char *output );
172 |
173 | void aes_cmac(aes_context *ctx, int length, unsigned char *input, unsigned char *output);
174 |
175 | #ifdef __cplusplus
176 | }
177 | #endif
--------------------------------------------------------------------------------
/Windows/src/lz.cpp:
--------------------------------------------------------------------------------
1 | // Copyright (C) 2014 Hykem
2 | // Licensed under the terms of the GNU GPL, version 3
3 | // http://www.gnu.org/licenses/gpl-3.0.txt
4 |
5 | #include "lz.h"
6 |
7 | void decode_range(unsigned int *range, unsigned int *code, unsigned char **src)
8 | {
9 | if (!((*range) >> 24))
10 | {
11 | (*range) <<= 8;
12 | *code = ((*code) << 8) + (*src)++[5];
13 | }
14 | }
15 |
16 | int decode_bit(unsigned int *range, unsigned int *code, int *index, unsigned char **src, unsigned char *c)
17 | {
18 | decode_range(range, code, src);
19 |
20 | unsigned int val = ((*range) >> 8) * (*c);
21 |
22 | *c -= ((*c) >> 3);
23 | if (index) (*index) <<= 1;
24 |
25 | if (*code < val)
26 | {
27 | *range = val;
28 | *c += 31;
29 | if (index) (*index)++;
30 | return 1;
31 | }
32 | else
33 | {
34 | *code -= val;
35 | *range -= val;
36 | return 0;
37 | }
38 | }
39 |
40 | int decode_number(unsigned char *ptr, int index, int *bit_flag, unsigned int *range, unsigned int *code, unsigned char **src)
41 | {
42 | int i = 1;
43 |
44 | if (index >= 3)
45 | {
46 | decode_bit(range, code, &i, src, ptr + 0x18);
47 | if (index >= 4)
48 | {
49 | decode_bit(range, code, &i, src, ptr + 0x18);
50 | if (index >= 5)
51 | {
52 | decode_range(range, code, src);
53 | for (; index >= 5; index--)
54 | {
55 | i <<= 1;
56 | (*range) >>= 1;
57 | if (*code < *range)
58 | i++;
59 | else
60 | (*code) -= *range;
61 | }
62 | }
63 | }
64 | }
65 |
66 | *bit_flag = decode_bit(range, code, &i, src, ptr);
67 |
68 | if (index >= 1)
69 | {
70 | decode_bit(range, code, &i, src, ptr + 0x8);
71 | if (index >= 2)
72 | {
73 | decode_bit(range, code, &i, src, ptr + 0x10);
74 | }
75 | }
76 |
77 | return i;
78 | }
79 |
80 | int decode_word(unsigned char *ptr, int index, int *bit_flag, unsigned int *range, unsigned int *code, unsigned char **src)
81 | {
82 | int i = 1;
83 | index /= 8;
84 |
85 | if (index >= 3)
86 | {
87 | decode_bit(range, code, &i, src, ptr + 4);
88 | if (index >= 4)
89 | {
90 | decode_bit(range, code, &i, src, ptr + 4);
91 | if (index >= 5)
92 | {
93 | decode_range(range, code, src);
94 | for (; index >= 5; index--)
95 | {
96 | i <<= 1;
97 | (*range) >>= 1;
98 | if (*code < *range)
99 | i++;
100 | else
101 | (*code) -= *range;
102 | }
103 | }
104 | }
105 | }
106 |
107 | *bit_flag = decode_bit(range, code, &i, src, ptr);
108 |
109 | if (index >= 1)
110 | {
111 | decode_bit(range, code, &i, src, ptr + 1);
112 | if (index >= 2)
113 | {
114 | decode_bit(range, code, &i, src, ptr + 2);
115 | }
116 | }
117 |
118 | return i;
119 | }
120 |
121 | int decompress(unsigned char *out, unsigned char *in, unsigned int size)
122 | {
123 | int result;
124 |
125 | unsigned char *tmp = new unsigned char[0xCC8];
126 |
127 | int offset = 0;
128 | int bit_flag = 0;
129 | int data_length = 0;
130 | int data_offset = 0;
131 |
132 | unsigned char *tmp_sect1, *tmp_sect2, *tmp_sect3;
133 | unsigned char *buf_start, *buf_end;
134 | unsigned char prev = 0;
135 |
136 | unsigned char *start = out;
137 | unsigned char *end = (out + size);
138 | unsigned char head = in[0];
139 |
140 | unsigned int range = 0xFFFFFFFF;
141 | unsigned int code = (in[1] << 24) | (in[2] << 16) | (in[3] << 8) | in[4];
142 |
143 | if (head < 0) // Check if we have a valid starting byte.
144 | {
145 | // The dictionary header is invalid, the data is not compressed.
146 | result = -1;
147 | if (code <= size)
148 | {
149 | memcpy(out, (const void *)(in + 5), code);
150 | result = (start - out);
151 | }
152 | }
153 | else
154 | {
155 | // Set up a temporary buffer (sliding window).
156 | memset(tmp, 0x80, 0xCA8);
157 | while (1)
158 | {
159 | // Start reading at 0xB68.
160 | tmp_sect1 = tmp + offset + 0xB68;
161 | if (!decode_bit(&range, &code, 0, &in, tmp_sect1)) // Raw char.
162 | {
163 | // Adjust offset and check for stream end.
164 | if (offset > 0) offset--;
165 | if (start == end) return (start - out);
166 |
167 | // Locate first section.
168 | int sect = (((((((int)(start - out)) & 7) << 8) + prev) >> head) & 7) * 0xFF - 1;
169 | tmp_sect1 = tmp + sect;
170 | int index = 1;
171 |
172 | // Read, decode and write back.
173 | do
174 | {
175 | decode_bit(&range, &code, &index, &in, tmp_sect1 + index);
176 | } while ((index >> 8) == 0);
177 |
178 | // Save index.
179 | *start++ = index;
180 | }
181 | else // Compressed char stream.
182 | {
183 | int index = -1;
184 |
185 | // Identify the data length bit field.
186 | do
187 | {
188 | tmp_sect1 += 8;
189 | bit_flag = decode_bit(&range, &code, 0, &in, tmp_sect1);
190 | index += bit_flag;
191 | } while ((bit_flag != 0) && (index < 6));
192 |
193 | // Default block size is 0x160.
194 | int b_size = 0x160;
195 | tmp_sect2 = tmp + index + 0x7F1;
196 |
197 | // If the data length was found, parse it as a number.
198 | if ((index >= 0) || (bit_flag != 0))
199 | {
200 | // Locate next section.
201 | int sect = (index << 5) | (((((int)(start - out)) << index) & 3) << 3) | (offset & 7);
202 | tmp_sect1 = tmp + 0xBA8 + sect;
203 |
204 | // Decode the data length (8 bit fields).
205 | data_length = decode_number(tmp_sect1, index, &bit_flag, &range, &code, &in);
206 | if (data_length == 0xFF) return (start - out); // End of stream.
207 | }
208 | else
209 | {
210 | // Assume one byte of advance.
211 | data_length = 1;
212 | }
213 |
214 | // If we got valid parameters, seek to find data offset.
215 | if ((data_length <= 2))
216 | {
217 | tmp_sect2 += 0xF8;
218 | b_size = 0x40; // Block size is now 0x40.
219 | }
220 |
221 | int diff = 0;
222 | int shift = 1;
223 |
224 | // Identify the data offset bit field.
225 | do
226 | {
227 | diff = (shift << 4) - b_size;
228 | bit_flag = decode_bit(&range, &code, &shift, &in, tmp_sect2 + (shift << 3));
229 | } while (diff < 0);
230 |
231 | // If the data offset was found, parse it as a number.
232 | if ((diff > 0) || (bit_flag != 0))
233 | {
234 | // Adjust diff if needed.
235 | if (bit_flag == 0) diff -= 8;
236 |
237 | // Locate section.
238 | tmp_sect3 = tmp + 0x928 + diff;
239 |
240 | // Decode the data offset (1 bit fields).
241 | data_offset = decode_word(tmp_sect3, diff, &bit_flag, &range, &code, &in);
242 | }
243 | else
244 | {
245 | // Assume one byte of advance.
246 | data_offset = 1;
247 | }
248 |
249 | // Set buffer start/end.
250 | buf_start = start - data_offset;
251 | buf_end = start + data_length + 1;
252 |
253 | // Underflow.
254 | if (buf_start < out)
255 | return -1;
256 |
257 | // Overflow.
258 | if (buf_end > end)
259 | return -1;
260 |
261 | // Update offset.
262 | offset = ((((int)(buf_end - out)) + 1) & 1) + 6;
263 |
264 | // Copy data.
265 | do
266 | {
267 | *start++ = *buf_start++;
268 | } while (start < buf_end);
269 |
270 | }
271 | prev = *(start - 1);
272 | }
273 | result = (start - out);
274 | }
275 | delete[] tmp;
276 | return result;
277 | }
--------------------------------------------------------------------------------
/Windows/src/lz.h:
--------------------------------------------------------------------------------
1 | // Copyright (C) 2014 Hykem
2 | // Licensed under the terms of the GNU GPL, version 3
3 | // http://www.gnu.org/licenses/gpl-3.0.txt
4 |
5 | // Reverse-engineered custom Lempel–Ziv–Markov based compression.
6 |
7 | #include
8 |
9 | void decode_range(unsigned int *range, unsigned int *code, unsigned char **src);
10 | int decode_bit(unsigned int *range, unsigned int *code, int *index, unsigned char **src, unsigned char *c);
11 | int decode_number(unsigned char *ptr, int index, int *bit_flag, unsigned int *range, unsigned int *code, unsigned char **src);
12 | int decode_word(unsigned char *ptr, int index, int *bit_flag, unsigned int *range, unsigned int *code, unsigned char **src);
13 | int decompress(unsigned char *out, unsigned char *in, unsigned int size);
--------------------------------------------------------------------------------
/Windows/src/make_npdata.h:
--------------------------------------------------------------------------------
1 | // Copyright (C) 2014 Hykem
2 | // Licensed under the terms of the GNU GPL, version 3
3 | // http://www.gnu.org/licenses/gpl-3.0.txt
4 |
5 | #include
6 | #include
7 | #include "utils.h"
8 |
9 | #define SDAT_FLAG 0x01000000
10 | #define EDAT_COMPRESSED_FLAG 0x00000001
11 | #define EDAT_FLAG_0x02 0x00000002
12 | #define EDAT_ENCRYPTED_KEY_FLAG 0x00000008
13 | #define EDAT_FLAG_0x10 0x00000010
14 | #define EDAT_FLAG_0x20 0x00000020
15 | #define EDAT_DEBUG_DATA_FLAG 0x80000000
16 |
17 | unsigned char SDAT_KEY[] = {0x0D, 0x65, 0x5E, 0xF8, 0xE6, 0x74, 0xA9, 0x8A, 0xB8, 0x50, 0x5C, 0xFA, 0x7D, 0x01, 0x29, 0x33};
18 | unsigned char EDAT_KEY_0[] = {0xBE, 0x95, 0x9C, 0xA8, 0x30, 0x8D, 0xEF, 0xA2, 0xE5, 0xE1, 0x80, 0xC6, 0x37, 0x12, 0xA9, 0xAE};
19 | unsigned char EDAT_HASH_0[] = {0xEF, 0xFE, 0x5B, 0xD1, 0x65, 0x2E, 0xEB, 0xC1, 0x19, 0x18, 0xCF, 0x7C, 0x04, 0xD4, 0xF0, 0x11};
20 | unsigned char EDAT_KEY_1[] = {0x4C, 0xA9, 0xC1, 0x4B, 0x01, 0xC9, 0x53, 0x09, 0x96, 0x9B, 0xEC, 0x68, 0xAA, 0x0B, 0xC0, 0x81};
21 | unsigned char EDAT_HASH_1[] = {0x3D, 0x92, 0x69, 0x9B, 0x70, 0x5B, 0x07, 0x38, 0x54, 0xD8, 0xFC, 0xC6, 0xC7, 0x67, 0x27, 0x47};
22 | unsigned char EDAT_IV[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
23 |
24 | unsigned char NPDRM_PSP_KEY_1[] = {0x2A, 0x6A, 0xFB, 0xCF, 0x43, 0xD1, 0x57, 0x9F, 0x7D, 0x73, 0x87, 0x41, 0xA1, 0x3B, 0xD4, 0x2E};
25 | unsigned char NPDRM_PSP_KEY_2[] = {0x0D, 0xB8, 0x57, 0x32, 0x36, 0x6C, 0xD7, 0x34, 0xFC, 0x87, 0x9E, 0x74, 0x33, 0x43, 0xBB, 0x4F};
26 | unsigned char NPDRM_PSX_KEY[] = {0x52, 0xC0, 0xB5, 0xCA, 0x76, 0xD6, 0x13, 0x4B, 0xB4, 0x5F, 0xC6, 0x6C, 0xA6, 0x37, 0xF2, 0xC1};
27 | unsigned char NPDRM_KLIC_KEY[] = {0xF2, 0xFB, 0xCA, 0x7A, 0x75, 0xB0, 0x4E, 0xDC, 0x13, 0x90, 0x63, 0x8C, 0xCD, 0xFD, 0xD1, 0xEE};
28 | unsigned char NPDRM_OMAC_KEY_1[] = {0x72, 0xF9, 0x90, 0x78, 0x8F, 0x9C, 0xFF, 0x74, 0x57, 0x25, 0xF0, 0x8E, 0x4C, 0x12, 0x83, 0x87};
29 | unsigned char NPDRM_OMAC_KEY_2[] = {0x6B, 0xA5, 0x29, 0x76, 0xEF, 0xDA, 0x16, 0xEF, 0x3C, 0x33, 0x9F, 0xB2, 0x97, 0x1E, 0x25, 0x6B};
30 | unsigned char NPDRM_OMAC_KEY_3[] = {0x9B, 0x51, 0x5F, 0xEA, 0xCF, 0x75, 0x06, 0x49, 0x81, 0xAA, 0x60, 0x4D, 0x91, 0xA5, 0x4E, 0x97};
31 |
32 | unsigned char RAP_KEY[] = {0x86, 0x9F, 0x77, 0x45, 0xC1, 0x3F, 0xD8, 0x90, 0xCC, 0xF2, 0x91, 0x88, 0xE3, 0xCC, 0x3E, 0xDF};
33 | unsigned char RAP_PBOX[] = {0x0C, 0x03, 0x06, 0x04, 0x01, 0x0B, 0x0F, 0x08, 0x02, 0x07, 0x00, 0x05, 0x0A, 0x0E, 0x0D, 0x09};
34 | unsigned char RAP_E1[] = {0xA9, 0x3E, 0x1F, 0xD6, 0x7C, 0x55, 0xA3, 0x29, 0xB7, 0x5F, 0xDD, 0xA6, 0x2A, 0x95, 0xC7, 0xA5};
35 | unsigned char RAP_E2[] = {0x67, 0xD4, 0x5D, 0xA3, 0x29, 0x6D, 0x00, 0x6A, 0x4E, 0x7C, 0x53, 0x7B, 0xF5, 0x53, 0x8C, 0x74};
36 |
37 | typedef struct
38 | {
39 | unsigned char magic[4];
40 | int version;
41 | int license;
42 | int type;
43 | unsigned char content_id[0x30];
44 | unsigned char digest[0x10];
45 | unsigned char title_hash[0x10];
46 | unsigned char dev_hash[0x10];
47 | unsigned long long unk1;
48 | unsigned long long unk2;
49 | } NPD_HEADER;
50 |
51 | typedef struct
52 | {
53 | int flags;
54 | int block_size;
55 | unsigned long long file_size;
56 | } EDAT_HEADER;
--------------------------------------------------------------------------------
/Windows/src/make_npdata.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 |
14 | {B86E1508-26B6-465B-ABEC-A35E07E2A187}
15 | make_npdata
16 | make_npdata
17 |
18 |
19 |
20 | Application
21 | true
22 | v110
23 | MultiByte
24 |
25 |
26 | Application
27 | false
28 | v110
29 | true
30 | MultiByte
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 | ..\bin
44 | make_npdata.debug
45 |
46 |
47 | ..\bin
48 | make_npdata
49 |
50 |
51 |
52 | Level3
53 | Disabled
54 | true
55 |
56 |
57 | true
58 |
59 |
60 |
61 |
62 | Level3
63 | MaxSpeed
64 | true
65 | true
66 | true
67 |
68 |
69 | true
70 | true
71 | true
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
--------------------------------------------------------------------------------
/Windows/src/make_npdata.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 | Source Files
23 |
24 |
25 | Source Files
26 |
27 |
28 | Source Files
29 |
30 |
31 | Source Files
32 |
33 |
34 |
35 |
36 | Source Files
37 |
38 |
39 | Source Files
40 |
41 |
42 | Source Files
43 |
44 |
45 | Source Files
46 |
47 |
48 | Source Files
49 |
50 |
51 |
--------------------------------------------------------------------------------
/Windows/src/make_npdata.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/Windows/src/sha1.cpp:
--------------------------------------------------------------------------------
1 | /*
2 | * FIPS-180-1 compliant SHA-1 implementation
3 | *
4 | * Copyright (C) 2006-2013, Brainspark B.V.
5 | *
6 | * This file is part of PolarSSL (http://www.polarssl.org)
7 | * Lead Maintainer: Paul Bakker
8 | *
9 | * All rights reserved.
10 | *
11 | * This program is free software; you can redistribute it and/or modify
12 | * it under the terms of the GNU General Public License as published by
13 | * the Free Software Foundation; either version 2 of the License, or
14 | * (at your option) any later version.
15 | *
16 | * This program is distributed in the hope that it will be useful,
17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 | * GNU General Public License for more details.
20 | *
21 | * You should have received a copy of the GNU General Public License along
22 | * with this program; if not, write to the Free Software Foundation, Inc.,
23 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 | */
25 | /*
26 | * The SHA-1 standard was published by NIST in 1993.
27 | *
28 | * http://www.itl.nist.gov/fipspubs/fip180-1.htm
29 | */
30 | #include "sha1.h"
31 |
32 | /*
33 | * 32-bit integer manipulation macros (big endian)
34 | */
35 | #ifndef GET_UINT32_BE
36 | #define GET_UINT32_BE(n,b,i) \
37 | { \
38 | (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
39 | | ( (uint32_t) (b)[(i) + 1] << 16 ) \
40 | | ( (uint32_t) (b)[(i) + 2] << 8 ) \
41 | | ( (uint32_t) (b)[(i) + 3] ); \
42 | }
43 | #endif
44 |
45 | #ifndef PUT_UINT32_BE
46 | #define PUT_UINT32_BE(n,b,i) \
47 | { \
48 | (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
49 | (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
50 | (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
51 | (b)[(i) + 3] = (unsigned char) ( (n) ); \
52 | }
53 | #endif
54 |
55 | /*
56 | * SHA-1 context setup
57 | */
58 | void sha1_starts( sha1_context *ctx )
59 | {
60 | ctx->total[0] = 0;
61 | ctx->total[1] = 0;
62 |
63 | ctx->state[0] = 0x67452301;
64 | ctx->state[1] = 0xEFCDAB89;
65 | ctx->state[2] = 0x98BADCFE;
66 | ctx->state[3] = 0x10325476;
67 | ctx->state[4] = 0xC3D2E1F0;
68 | }
69 |
70 | void sha1_process( sha1_context *ctx, const unsigned char data[64] )
71 | {
72 | uint32_t temp, W[16], A, B, C, D, E;
73 |
74 | GET_UINT32_BE( W[ 0], data, 0 );
75 | GET_UINT32_BE( W[ 1], data, 4 );
76 | GET_UINT32_BE( W[ 2], data, 8 );
77 | GET_UINT32_BE( W[ 3], data, 12 );
78 | GET_UINT32_BE( W[ 4], data, 16 );
79 | GET_UINT32_BE( W[ 5], data, 20 );
80 | GET_UINT32_BE( W[ 6], data, 24 );
81 | GET_UINT32_BE( W[ 7], data, 28 );
82 | GET_UINT32_BE( W[ 8], data, 32 );
83 | GET_UINT32_BE( W[ 9], data, 36 );
84 | GET_UINT32_BE( W[10], data, 40 );
85 | GET_UINT32_BE( W[11], data, 44 );
86 | GET_UINT32_BE( W[12], data, 48 );
87 | GET_UINT32_BE( W[13], data, 52 );
88 | GET_UINT32_BE( W[14], data, 56 );
89 | GET_UINT32_BE( W[15], data, 60 );
90 |
91 | #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
92 |
93 | #define R(t) \
94 | ( \
95 | temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
96 | W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
97 | ( W[t & 0x0F] = S(temp,1) ) \
98 | )
99 |
100 | #define P(a,b,c,d,e,x) \
101 | { \
102 | e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
103 | }
104 |
105 | A = ctx->state[0];
106 | B = ctx->state[1];
107 | C = ctx->state[2];
108 | D = ctx->state[3];
109 | E = ctx->state[4];
110 |
111 | #define F(x,y,z) (z ^ (x & (y ^ z)))
112 | #define K 0x5A827999
113 |
114 | P( A, B, C, D, E, W[0] );
115 | P( E, A, B, C, D, W[1] );
116 | P( D, E, A, B, C, W[2] );
117 | P( C, D, E, A, B, W[3] );
118 | P( B, C, D, E, A, W[4] );
119 | P( A, B, C, D, E, W[5] );
120 | P( E, A, B, C, D, W[6] );
121 | P( D, E, A, B, C, W[7] );
122 | P( C, D, E, A, B, W[8] );
123 | P( B, C, D, E, A, W[9] );
124 | P( A, B, C, D, E, W[10] );
125 | P( E, A, B, C, D, W[11] );
126 | P( D, E, A, B, C, W[12] );
127 | P( C, D, E, A, B, W[13] );
128 | P( B, C, D, E, A, W[14] );
129 | P( A, B, C, D, E, W[15] );
130 | P( E, A, B, C, D, R(16) );
131 | P( D, E, A, B, C, R(17) );
132 | P( C, D, E, A, B, R(18) );
133 | P( B, C, D, E, A, R(19) );
134 |
135 | #undef K
136 | #undef F
137 |
138 | #define F(x,y,z) (x ^ y ^ z)
139 | #define K 0x6ED9EBA1
140 |
141 | P( A, B, C, D, E, R(20) );
142 | P( E, A, B, C, D, R(21) );
143 | P( D, E, A, B, C, R(22) );
144 | P( C, D, E, A, B, R(23) );
145 | P( B, C, D, E, A, R(24) );
146 | P( A, B, C, D, E, R(25) );
147 | P( E, A, B, C, D, R(26) );
148 | P( D, E, A, B, C, R(27) );
149 | P( C, D, E, A, B, R(28) );
150 | P( B, C, D, E, A, R(29) );
151 | P( A, B, C, D, E, R(30) );
152 | P( E, A, B, C, D, R(31) );
153 | P( D, E, A, B, C, R(32) );
154 | P( C, D, E, A, B, R(33) );
155 | P( B, C, D, E, A, R(34) );
156 | P( A, B, C, D, E, R(35) );
157 | P( E, A, B, C, D, R(36) );
158 | P( D, E, A, B, C, R(37) );
159 | P( C, D, E, A, B, R(38) );
160 | P( B, C, D, E, A, R(39) );
161 |
162 | #undef K
163 | #undef F
164 |
165 | #define F(x,y,z) ((x & y) | (z & (x | y)))
166 | #define K 0x8F1BBCDC
167 |
168 | P( A, B, C, D, E, R(40) );
169 | P( E, A, B, C, D, R(41) );
170 | P( D, E, A, B, C, R(42) );
171 | P( C, D, E, A, B, R(43) );
172 | P( B, C, D, E, A, R(44) );
173 | P( A, B, C, D, E, R(45) );
174 | P( E, A, B, C, D, R(46) );
175 | P( D, E, A, B, C, R(47) );
176 | P( C, D, E, A, B, R(48) );
177 | P( B, C, D, E, A, R(49) );
178 | P( A, B, C, D, E, R(50) );
179 | P( E, A, B, C, D, R(51) );
180 | P( D, E, A, B, C, R(52) );
181 | P( C, D, E, A, B, R(53) );
182 | P( B, C, D, E, A, R(54) );
183 | P( A, B, C, D, E, R(55) );
184 | P( E, A, B, C, D, R(56) );
185 | P( D, E, A, B, C, R(57) );
186 | P( C, D, E, A, B, R(58) );
187 | P( B, C, D, E, A, R(59) );
188 |
189 | #undef K
190 | #undef F
191 |
192 | #define F(x,y,z) (x ^ y ^ z)
193 | #define K 0xCA62C1D6
194 |
195 | P( A, B, C, D, E, R(60) );
196 | P( E, A, B, C, D, R(61) );
197 | P( D, E, A, B, C, R(62) );
198 | P( C, D, E, A, B, R(63) );
199 | P( B, C, D, E, A, R(64) );
200 | P( A, B, C, D, E, R(65) );
201 | P( E, A, B, C, D, R(66) );
202 | P( D, E, A, B, C, R(67) );
203 | P( C, D, E, A, B, R(68) );
204 | P( B, C, D, E, A, R(69) );
205 | P( A, B, C, D, E, R(70) );
206 | P( E, A, B, C, D, R(71) );
207 | P( D, E, A, B, C, R(72) );
208 | P( C, D, E, A, B, R(73) );
209 | P( B, C, D, E, A, R(74) );
210 | P( A, B, C, D, E, R(75) );
211 | P( E, A, B, C, D, R(76) );
212 | P( D, E, A, B, C, R(77) );
213 | P( C, D, E, A, B, R(78) );
214 | P( B, C, D, E, A, R(79) );
215 |
216 | #undef K
217 | #undef F
218 |
219 | ctx->state[0] += A;
220 | ctx->state[1] += B;
221 | ctx->state[2] += C;
222 | ctx->state[3] += D;
223 | ctx->state[4] += E;
224 | }
225 |
226 | /*
227 | * SHA-1 process buffer
228 | */
229 | void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
230 | {
231 | size_t fill;
232 | uint32_t left;
233 |
234 | if( ilen <= 0 )
235 | return;
236 |
237 | left = ctx->total[0] & 0x3F;
238 | fill = 64 - left;
239 |
240 | ctx->total[0] += (uint32_t) ilen;
241 | ctx->total[0] &= 0xFFFFFFFF;
242 |
243 | if( ctx->total[0] < (uint32_t) ilen )
244 | ctx->total[1]++;
245 |
246 | if( left && ilen >= fill )
247 | {
248 | memcpy( (void *) (ctx->buffer + left), input, fill );
249 | sha1_process( ctx, ctx->buffer );
250 | input += fill;
251 | ilen -= fill;
252 | left = 0;
253 | }
254 |
255 | while( ilen >= 64 )
256 | {
257 | sha1_process( ctx, input );
258 | input += 64;
259 | ilen -= 64;
260 | }
261 |
262 | if( ilen > 0 )
263 | memcpy( (void *) (ctx->buffer + left), input, ilen );
264 | }
265 |
266 | static const unsigned char sha1_padding[64] =
267 | {
268 | 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
269 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
270 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
271 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
272 | };
273 |
274 | /*
275 | * SHA-1 final digest
276 | */
277 | void sha1_finish( sha1_context *ctx, unsigned char output[20] )
278 | {
279 | uint32_t last, padn;
280 | uint32_t high, low;
281 | unsigned char msglen[8];
282 |
283 | high = ( ctx->total[0] >> 29 )
284 | | ( ctx->total[1] << 3 );
285 | low = ( ctx->total[0] << 3 );
286 |
287 | PUT_UINT32_BE( high, msglen, 0 );
288 | PUT_UINT32_BE( low, msglen, 4 );
289 |
290 | last = ctx->total[0] & 0x3F;
291 | padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
292 |
293 | sha1_update( ctx, sha1_padding, padn );
294 | sha1_update( ctx, msglen, 8 );
295 |
296 | PUT_UINT32_BE( ctx->state[0], output, 0 );
297 | PUT_UINT32_BE( ctx->state[1], output, 4 );
298 | PUT_UINT32_BE( ctx->state[2], output, 8 );
299 | PUT_UINT32_BE( ctx->state[3], output, 12 );
300 | PUT_UINT32_BE( ctx->state[4], output, 16 );
301 | }
302 |
303 | /*
304 | * output = SHA-1( input buffer )
305 | */
306 | void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
307 | {
308 | sha1_context ctx;
309 |
310 | sha1_starts( &ctx );
311 | sha1_update( &ctx, input, ilen );
312 | sha1_finish( &ctx, output );
313 |
314 | memset( &ctx, 0, sizeof( sha1_context ) );
315 | }
316 |
317 | /*
318 | * SHA-1 HMAC context setup
319 | */
320 | void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keylen )
321 | {
322 | size_t i;
323 | unsigned char sum[20];
324 |
325 | if( keylen > 64 )
326 | {
327 | sha1( key, keylen, sum );
328 | keylen = 20;
329 | key = sum;
330 | }
331 |
332 | memset( ctx->ipad, 0x36, 64 );
333 | memset( ctx->opad, 0x5C, 64 );
334 |
335 | for( i = 0; i < keylen; i++ )
336 | {
337 | ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
338 | ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
339 | }
340 |
341 | sha1_starts( ctx );
342 | sha1_update( ctx, ctx->ipad, 64 );
343 |
344 | memset( sum, 0, sizeof( sum ) );
345 | }
346 |
347 | /*
348 | * SHA-1 HMAC process buffer
349 | */
350 | void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
351 | {
352 | sha1_update( ctx, input, ilen );
353 | }
354 |
355 | /*
356 | * SHA-1 HMAC final digest
357 | */
358 | void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
359 | {
360 | unsigned char tmpbuf[20];
361 |
362 | sha1_finish( ctx, tmpbuf );
363 | sha1_starts( ctx );
364 | sha1_update( ctx, ctx->opad, 64 );
365 | sha1_update( ctx, tmpbuf, 20 );
366 | sha1_finish( ctx, output );
367 |
368 | memset( tmpbuf, 0, sizeof( tmpbuf ) );
369 | }
370 |
371 | /*
372 | * SHA1 HMAC context reset
373 | */
374 | void sha1_hmac_reset( sha1_context *ctx )
375 | {
376 | sha1_starts( ctx );
377 | sha1_update( ctx, ctx->ipad, 64 );
378 | }
379 |
380 | /*
381 | * output = HMAC-SHA-1( hmac key, input buffer )
382 | */
383 | void sha1_hmac( const unsigned char *key, size_t keylen,
384 | const unsigned char *input, size_t ilen,
385 | unsigned char output[20] )
386 | {
387 | sha1_context ctx;
388 |
389 | sha1_hmac_starts( &ctx, key, keylen );
390 | sha1_hmac_update( &ctx, input, ilen );
391 | sha1_hmac_finish( &ctx, output );
392 |
393 | memset( &ctx, 0, sizeof( sha1_context ) );
394 | }
--------------------------------------------------------------------------------
/Windows/src/sha1.h:
--------------------------------------------------------------------------------
1 | /**
2 | * \file sha1.h
3 | *
4 | * \brief SHA-1 cryptographic hash function
5 | *
6 | * Copyright (C) 2006-2013, Brainspark B.V.
7 | *
8 | * This file is part of PolarSSL (http://www.polarssl.org)
9 | * Lead Maintainer: Paul Bakker
10 | *
11 | * All rights reserved.
12 | *
13 | * This program is free software; you can redistribute it and/or modify
14 | * it under the terms of the GNU General Public License as published by
15 | * the Free Software Foundation; either version 2 of the License, or
16 | * (at your option) any later version.
17 | *
18 | * This program is distributed in the hope that it will be useful,
19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 | * GNU General Public License for more details.
22 | *
23 | * You should have received a copy of the GNU General Public License along
24 | * with this program; if not, write to the Free Software Foundation, Inc.,
25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 | */
27 | #include
28 |
29 | #ifdef _MSC_VER
30 | #include
31 | typedef UINT32 uint32_t;
32 | #else
33 | #include
34 | #endif
35 |
36 | #define POLARSSL_ERR_SHA1_FILE_IO_ERROR -0x0076 /**< Read/write error in file. */
37 |
38 | // Regular implementation
39 | //
40 |
41 | /**
42 | * \brief SHA-1 context structure
43 | */
44 | typedef struct
45 | {
46 | uint32_t total[2]; /*!< number of bytes processed */
47 | uint32_t state[5]; /*!< intermediate digest state */
48 | unsigned char buffer[64]; /*!< data block being processed */
49 |
50 | unsigned char ipad[64]; /*!< HMAC: inner padding */
51 | unsigned char opad[64]; /*!< HMAC: outer padding */
52 | }
53 | sha1_context;
54 |
55 | #ifdef __cplusplus
56 | extern "C" {
57 | #endif
58 |
59 | /**
60 | * \brief SHA-1 context setup
61 | *
62 | * \param ctx context to be initialized
63 | */
64 | void sha1_starts( sha1_context *ctx );
65 |
66 | /**
67 | * \brief SHA-1 process buffer
68 | *
69 | * \param ctx SHA-1 context
70 | * \param input buffer holding the data
71 | * \param ilen length of the input data
72 | */
73 | void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen );
74 |
75 | /**
76 | * \brief SHA-1 final digest
77 | *
78 | * \param ctx SHA-1 context
79 | * \param output SHA-1 checksum result
80 | */
81 | void sha1_finish( sha1_context *ctx, unsigned char output[20] );
82 |
83 | /* Internal use */
84 | void sha1_process( sha1_context *ctx, const unsigned char data[64] );
85 |
86 | #ifdef __cplusplus
87 | }
88 | #endif
89 |
90 | #ifdef __cplusplus
91 | extern "C" {
92 | #endif
93 |
94 | /**
95 | * \brief Output = SHA-1( input buffer )
96 | *
97 | * \param input buffer holding the data
98 | * \param ilen length of the input data
99 | * \param output SHA-1 checksum result
100 | */
101 | void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] );
102 |
103 | /**
104 | * \brief Output = SHA-1( file contents )
105 | *
106 | * \param path input file name
107 | * \param output SHA-1 checksum result
108 | *
109 | * \return 0 if successful, or POLARSSL_ERR_SHA1_FILE_IO_ERROR
110 | */
111 | int sha1_file( const char *path, unsigned char output[20] );
112 |
113 | /**
114 | * \brief SHA-1 HMAC context setup
115 | *
116 | * \param ctx HMAC context to be initialized
117 | * \param key HMAC secret key
118 | * \param keylen length of the HMAC key
119 | */
120 | void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keylen );
121 |
122 | /**
123 | * \brief SHA-1 HMAC process buffer
124 | *
125 | * \param ctx HMAC context
126 | * \param input buffer holding the data
127 | * \param ilen length of the input data
128 | */
129 | void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, size_t ilen );
130 |
131 | /**
132 | * \brief SHA-1 HMAC final digest
133 | *
134 | * \param ctx HMAC context
135 | * \param output SHA-1 HMAC checksum result
136 | */
137 | void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] );
138 |
139 | /**
140 | * \brief SHA-1 HMAC context reset
141 | *
142 | * \param ctx HMAC context to be reset
143 | */
144 | void sha1_hmac_reset( sha1_context *ctx );
145 |
146 | /**
147 | * \brief Output = HMAC-SHA-1( hmac key, input buffer )
148 | *
149 | * \param key HMAC secret key
150 | * \param keylen length of the HMAC key
151 | * \param input buffer holding the data
152 | * \param ilen length of the input data
153 | * \param output HMAC-SHA-1 result
154 | */
155 | void sha1_hmac( const unsigned char *key, size_t keylen,
156 | const unsigned char *input, size_t ilen,
157 | unsigned char output[20] );
158 |
159 | #ifdef __cplusplus
160 | }
161 | #endif
--------------------------------------------------------------------------------
/Windows/src/utils.cpp:
--------------------------------------------------------------------------------
1 | // Copyright (C) 2014 Hykem
2 | // Licensed under the terms of the GNU GPL, version 3
3 | // http://www.gnu.org/licenses/gpl-3.0.txt
4 |
5 | #include "utils.h"
6 | #include
7 | #include
8 |
9 | // Auxiliary functions (endian swap, xor and prng).
10 | short se16(short i)
11 | {
12 | return (((i & 0xFF00) >> 8) | ((i & 0xFF) << 8));
13 | }
14 |
15 | int se32(int i)
16 | {
17 | return ((i & 0xFF000000) >> 24) | ((i & 0xFF0000) >> 8) | ((i & 0xFF00) << 8) | ((i & 0xFF) << 24);
18 | }
19 |
20 | u64 se64(u64 i)
21 | {
22 | return ((i & 0x00000000000000ff) << 56) | ((i & 0x000000000000ff00) << 40) |
23 | ((i & 0x0000000000ff0000) << 24) | ((i & 0x00000000ff000000) << 8) |
24 | ((i & 0x000000ff00000000) >> 8) | ((i & 0x0000ff0000000000) >> 24) |
25 | ((i & 0x00ff000000000000) >> 40) | ((i & 0xff00000000000000) >> 56);
26 | }
27 |
28 | void xor(unsigned char *dest, unsigned char *src1, unsigned char *src2, int size)
29 | {
30 | int i;
31 | for(i = 0; i < size; i++)
32 | {
33 | dest[i] = src1[i] ^ src2[i];
34 | }
35 | }
36 |
37 | void prng(unsigned char *dest, int size)
38 | {
39 | unsigned char *buffer = new unsigned char[size];
40 | srand((u32)time(0));
41 |
42 | int i;
43 | for(i = 0; i < size; i++)
44 | buffer[i] = (unsigned char)(rand() & 0xFF);
45 |
46 | memcpy(dest, buffer, size);
47 |
48 | delete[] buffer;
49 | }
50 |
51 | // Hex string conversion auxiliary functions.
52 | u64 hex_to_u64(const char* hex_str)
53 | {
54 | u32 length = strlen(hex_str);
55 | u64 tmp = 0;
56 | u64 result = 0;
57 | char c;
58 |
59 | while (length--)
60 | {
61 | c = *hex_str++;
62 | if((c >= '0') && (c <= '9'))
63 | tmp = c - '0';
64 | else if((c >= 'a') && (c <= 'f'))
65 | tmp = c - 'a' + 10;
66 | else if((c >= 'A') && (c <= 'F'))
67 | tmp = c - 'A' + 10;
68 | else
69 | tmp = 0;
70 | result |= (tmp << (length * 4));
71 | }
72 |
73 | return result;
74 | }
75 |
76 | void hex_to_bytes(unsigned char *data, const char *hex_str, unsigned int str_length)
77 | {
78 | u32 data_length = str_length / 2;
79 | char tmp_buf[3] = {0, 0, 0};
80 |
81 | // Don't convert if the string length is odd.
82 | if (!(str_length % 2))
83 | {
84 | u8 *out = (u8 *) malloc (str_length * sizeof(u8));
85 | u8 *pos = out;
86 |
87 | while (str_length--)
88 | {
89 | tmp_buf[0] = *hex_str++;
90 | tmp_buf[1] = *hex_str++;
91 |
92 | *pos++ = (u8)(hex_to_u64(tmp_buf) & 0xFF);
93 | }
94 |
95 | // Copy back to our array.
96 | memcpy(data, out, data_length);
97 | }
98 | }
99 |
100 | bool is_hex(const char* hex_str, unsigned int str_length)
101 | {
102 | static const char hex_chars[] = "0123456789abcdefABCDEF";
103 |
104 | if (hex_str == NULL)
105 | return false;
106 |
107 | unsigned int i;
108 | for (i = 0; i < str_length; i++)
109 | {
110 | if (strchr(hex_chars, hex_str[i]) == 0)
111 | return false;
112 | }
113 |
114 | return true;
115 | }
116 |
117 | // Crypto functions (AES128-CBC, AES128-ECB, SHA1-HMAC and AES-CMAC).
118 | void aescbc128_decrypt(unsigned char *key, unsigned char *iv, unsigned char *in, unsigned char *out, int len)
119 | {
120 | aes_context ctx;
121 | aes_setkey_dec(&ctx, key, 128);
122 | aes_crypt_cbc(&ctx, AES_DECRYPT, len, iv, in, out);
123 |
124 | // Reset the IV.
125 | memset(iv, 0, 0x10);
126 | }
127 |
128 | void aescbc128_encrypt(unsigned char *key, unsigned char *iv, unsigned char *in, unsigned char *out, int len)
129 | {
130 | aes_context ctx;
131 | aes_setkey_enc(&ctx, key, 128);
132 | aes_crypt_cbc(&ctx, AES_ENCRYPT, len, iv, in, out);
133 |
134 | // Reset the IV.
135 | memset(iv, 0, 0x10);
136 | }
137 |
138 | void aesecb128_encrypt(unsigned char *key, unsigned char *in, unsigned char *out)
139 | {
140 | aes_context ctx;
141 | aes_setkey_enc(&ctx, key, 128);
142 | aes_crypt_ecb(&ctx, AES_ENCRYPT, in, out);
143 | }
144 |
145 | bool hmac_hash_compare(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash)
146 | {
147 | unsigned char *out = new unsigned char[key_len];
148 |
149 | sha1_hmac(key, key_len, in, in_len, out);
150 |
151 | for (int i = 0; i < 0x10; i++)
152 | {
153 | if (out[i] != hash[i])
154 | {
155 | delete[] out;
156 | return false;
157 | }
158 | }
159 |
160 | delete[] out;
161 |
162 | return true;
163 | }
164 |
165 | void hmac_hash_forge(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash)
166 | {
167 | sha1_hmac(key, key_len, in, in_len, hash);
168 | }
169 |
170 | bool cmac_hash_compare(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash)
171 | {
172 | unsigned char *out = new unsigned char[key_len];
173 |
174 | aes_context ctx;
175 | aes_setkey_enc(&ctx, key, 128);
176 | aes_cmac(&ctx, in_len, in, out);
177 |
178 | for (int i = 0; i < 0x10; i++)
179 | {
180 | if (out[i] != hash[i])
181 | {
182 | delete[] out;
183 | return false;
184 | }
185 | }
186 |
187 | delete[] out;
188 |
189 | return true;
190 | }
191 |
192 | void cmac_hash_forge(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash)
193 | {
194 | aes_context ctx;
195 | aes_setkey_enc(&ctx, key, 128);
196 | aes_cmac(&ctx, in_len, in, hash);
197 | }
--------------------------------------------------------------------------------
/Windows/src/utils.h:
--------------------------------------------------------------------------------
1 | // Copyright (C) 2014 Hykem
2 | // Licensed under the terms of the GNU GPL, version 3
3 | // http://www.gnu.org/licenses/gpl-3.0.txt
4 |
5 | #include
6 | #include "aes.h"
7 | #include "sha1.h"
8 | #include "lz.h"
9 |
10 | typedef unsigned long long u64;
11 | typedef unsigned int u32;
12 | typedef unsigned short u16;
13 | typedef unsigned char u8;
14 |
15 | // Auxiliary functions (endian swap, xor and prng).
16 | short se16(short i);
17 | int se32(int i);
18 | u64 se64(u64 i);
19 | void xor(unsigned char *dest, unsigned char *src1, unsigned char *src2, int size);
20 | void prng(unsigned char *dest, int size);
21 |
22 | // Hex string conversion auxiliary functions.
23 | u64 hex_to_u64(const char* hex_str);
24 | void hex_to_bytes(unsigned char *data, const char *hex_str, unsigned int str_length);
25 | bool is_hex(const char* hex_str, unsigned int str_length);
26 |
27 | // Crypto functions (AES128-CBC, AES128-ECB, SHA1-HMAC and AES-CMAC).
28 | void aescbc128_decrypt(unsigned char *key, unsigned char *iv, unsigned char *in, unsigned char *out, int len);
29 | void aescbc128_encrypt(unsigned char *key, unsigned char *iv, unsigned char *in, unsigned char *out, int len);
30 | void aesecb128_encrypt(unsigned char *key, unsigned char *in, unsigned char *out);
31 | bool hmac_hash_compare(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash);
32 | void hmac_hash_forge(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash);
33 | bool cmac_hash_compare(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash);
34 | void cmac_hash_forge(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash);
--------------------------------------------------------------------------------