├── .gitignore
├── LICENSE
├── README.md
├── sdata-tool.sln
└── src
├── aes.c
├── aes.h
├── sdata-tool.cpp
├── sdata-tool.h
├── sdata-tool.vcxproj
├── sdata-tool.vcxproj.filters
├── sdata-tool.vcxproj.user
├── sha1.cpp
└── sha1.h
/.gitignore:
--------------------------------------------------------------------------------
1 | # Compiled Object files
2 | *.slo
3 | *.lo
4 | *.o
5 |
6 | # Compiled Dynamic libraries
7 | *.so
8 | *.dylib
9 |
10 | # Compiled Static libraries
11 | *.lai
12 | *.la
13 | *.a
14 |
15 | # Unwanted files and folders
16 | src/Debug
17 | src/Release
18 | bin/*
19 | *.opensdf
20 | *.suo
21 | *.sdf
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | GNU GENERAL PUBLIC LICENSE
2 | Version 2, June 1991
3 |
4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
6 | Everyone is permitted to copy and distribute verbatim copies
7 | of this license document, but changing it is not allowed.
8 |
9 | Preamble
10 |
11 | The licenses for most software are designed to take away your
12 | freedom to share and change it. By contrast, the GNU General Public
13 | License is intended to guarantee your freedom to share and change free
14 | software--to make sure the software is free for all its users. This
15 | General Public License applies to most of the Free Software
16 | Foundation's software and to any other program whose authors commit to
17 | using it. (Some other Free Software Foundation software is covered by
18 | the GNU Lesser General Public License instead.) You can apply it to
19 | your programs, too.
20 |
21 | When we speak of free software, we are referring to freedom, not
22 | price. Our General Public Licenses are designed to make sure that you
23 | have the freedom to distribute copies of free software (and charge for
24 | this service if you wish), that you receive source code or can get it
25 | if you want it, that you can change the software or use pieces of it
26 | in new free programs; and that you know you can do these things.
27 |
28 | To protect your rights, we need to make restrictions that forbid
29 | anyone to deny you these rights or to ask you to surrender the rights.
30 | These restrictions translate to certain responsibilities for you if you
31 | distribute copies of the software, or if you modify it.
32 |
33 | For example, if you distribute copies of such a program, whether
34 | gratis or for a fee, you must give the recipients all the rights that
35 | you have. You must make sure that they, too, receive or can get the
36 | source code. And you must show them these terms so they know their
37 | rights.
38 |
39 | We protect your rights with two steps: (1) copyright the software, and
40 | (2) offer you this license which gives you legal permission to copy,
41 | distribute and/or modify the software.
42 |
43 | Also, for each author's protection and ours, we want to make certain
44 | that everyone understands that there is no warranty for this free
45 | software. If the software is modified by someone else and passed on, we
46 | want its recipients to know that what they have is not the original, so
47 | that any problems introduced by others will not reflect on the original
48 | authors' reputations.
49 |
50 | Finally, any free program is threatened constantly by software
51 | patents. We wish to avoid the danger that redistributors of a free
52 | program will individually obtain patent licenses, in effect making the
53 | program proprietary. To prevent this, we have made it clear that any
54 | patent must be licensed for everyone's free use or not licensed at all.
55 |
56 | The precise terms and conditions for copying, distribution and
57 | modification follow.
58 |
59 | GNU GENERAL PUBLIC LICENSE
60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
61 |
62 | 0. This License applies to any program or other work which contains
63 | a notice placed by the copyright holder saying it may be distributed
64 | under the terms of this General Public License. The "Program", below,
65 | refers to any such program or work, and a "work based on the Program"
66 | means either the Program or any derivative work under copyright law:
67 | that is to say, a work containing the Program or a portion of it,
68 | either verbatim or with modifications and/or translated into another
69 | language. (Hereinafter, translation is included without limitation in
70 | the term "modification".) Each licensee is addressed as "you".
71 |
72 | Activities other than copying, distribution and modification are not
73 | covered by this License; they are outside its scope. The act of
74 | running the Program is not restricted, and the output from the Program
75 | is covered only if its contents constitute a work based on the
76 | Program (independent of having been made by running the Program).
77 | Whether that is true depends on what the Program does.
78 |
79 | 1. You may copy and distribute verbatim copies of the Program's
80 | source code as you receive it, in any medium, provided that you
81 | conspicuously and appropriately publish on each copy an appropriate
82 | copyright notice and disclaimer of warranty; keep intact all the
83 | notices that refer to this License and to the absence of any warranty;
84 | and give any other recipients of the Program a copy of this License
85 | along with the Program.
86 |
87 | You may charge a fee for the physical act of transferring a copy, and
88 | you may at your option offer warranty protection in exchange for a fee.
89 |
90 | 2. You may modify your copy or copies of the Program or any portion
91 | of it, thus forming a work based on the Program, and copy and
92 | distribute such modifications or work under the terms of Section 1
93 | above, provided that you also meet all of these conditions:
94 |
95 | a) You must cause the modified files to carry prominent notices
96 | stating that you changed the files and the date of any change.
97 |
98 | b) You must cause any work that you distribute or publish, that in
99 | whole or in part contains or is derived from the Program or any
100 | part thereof, to be licensed as a whole at no charge to all third
101 | parties under the terms of this License.
102 |
103 | c) If the modified program normally reads commands interactively
104 | when run, you must cause it, when started running for such
105 | interactive use in the most ordinary way, to print or display an
106 | announcement including an appropriate copyright notice and a
107 | notice that there is no warranty (or else, saying that you provide
108 | a warranty) and that users may redistribute the program under
109 | these conditions, and telling the user how to view a copy of this
110 | License. (Exception: if the Program itself is interactive but
111 | does not normally print such an announcement, your work based on
112 | the Program is not required to print an announcement.)
113 |
114 | These requirements apply to the modified work as a whole. If
115 | identifiable sections of that work are not derived from the Program,
116 | and can be reasonably considered independent and separate works in
117 | themselves, then this License, and its terms, do not apply to those
118 | sections when you distribute them as separate works. But when you
119 | distribute the same sections as part of a whole which is a work based
120 | on the Program, the distribution of the whole must be on the terms of
121 | this License, whose permissions for other licensees extend to the
122 | entire whole, and thus to each and every part regardless of who wrote it.
123 |
124 | Thus, it is not the intent of this section to claim rights or contest
125 | your rights to work written entirely by you; rather, the intent is to
126 | exercise the right to control the distribution of derivative or
127 | collective works based on the Program.
128 |
129 | In addition, mere aggregation of another work not based on the Program
130 | with the Program (or with a work based on the Program) on a volume of
131 | a storage or distribution medium does not bring the other work under
132 | the scope of this License.
133 |
134 | 3. You may copy and distribute the Program (or a work based on it,
135 | under Section 2) in object code or executable form under the terms of
136 | Sections 1 and 2 above provided that you also do one of the following:
137 |
138 | a) Accompany it with the complete corresponding machine-readable
139 | source code, which must be distributed under the terms of Sections
140 | 1 and 2 above on a medium customarily used for software interchange; or,
141 |
142 | b) Accompany it with a written offer, valid for at least three
143 | years, to give any third party, for a charge no more than your
144 | cost of physically performing source distribution, a complete
145 | machine-readable copy of the corresponding source code, to be
146 | distributed under the terms of Sections 1 and 2 above on a medium
147 | customarily used for software interchange; or,
148 |
149 | c) Accompany it with the information you received as to the offer
150 | to distribute corresponding source code. (This alternative is
151 | allowed only for noncommercial distribution and only if you
152 | received the program in object code or executable form with such
153 | an offer, in accord with Subsection b above.)
154 |
155 | The source code for a work means the preferred form of the work for
156 | making modifications to it. For an executable work, complete source
157 | code means all the source code for all modules it contains, plus any
158 | associated interface definition files, plus the scripts used to
159 | control compilation and installation of the executable. However, as a
160 | special exception, the source code distributed need not include
161 | anything that is normally distributed (in either source or binary
162 | form) with the major components (compiler, kernel, and so on) of the
163 | operating system on which the executable runs, unless that component
164 | itself accompanies the executable.
165 |
166 | If distribution of executable or object code is made by offering
167 | access to copy from a designated place, then offering equivalent
168 | access to copy the source code from the same place counts as
169 | distribution of the source code, even though third parties are not
170 | compelled to copy the source along with the object code.
171 |
172 | 4. You may not copy, modify, sublicense, or distribute the Program
173 | except as expressly provided under this License. Any attempt
174 | otherwise to copy, modify, sublicense or distribute the Program is
175 | void, and will automatically terminate your rights under this License.
176 | However, parties who have received copies, or rights, from you under
177 | this License will not have their licenses terminated so long as such
178 | parties remain in full compliance.
179 |
180 | 5. You are not required to accept this License, since you have not
181 | signed it. However, nothing else grants you permission to modify or
182 | distribute the Program or its derivative works. These actions are
183 | prohibited by law if you do not accept this License. Therefore, by
184 | modifying or distributing the Program (or any work based on the
185 | Program), you indicate your acceptance of this License to do so, and
186 | all its terms and conditions for copying, distributing or modifying
187 | the Program or works based on it.
188 |
189 | 6. Each time you redistribute the Program (or any work based on the
190 | Program), the recipient automatically receives a license from the
191 | original licensor to copy, distribute or modify the Program subject to
192 | these terms and conditions. You may not impose any further
193 | restrictions on the recipients' exercise of the rights granted herein.
194 | You are not responsible for enforcing compliance by third parties to
195 | this License.
196 |
197 | 7. If, as a consequence of a court judgment or allegation of patent
198 | infringement or for any other reason (not limited to patent issues),
199 | conditions are imposed on you (whether by court order, agreement or
200 | otherwise) that contradict the conditions of this License, they do not
201 | excuse you from the conditions of this License. If you cannot
202 | distribute so as to satisfy simultaneously your obligations under this
203 | License and any other pertinent obligations, then as a consequence you
204 | may not distribute the Program at all. For example, if a patent
205 | license would not permit royalty-free redistribution of the Program by
206 | all those who receive copies directly or indirectly through you, then
207 | the only way you could satisfy both it and this License would be to
208 | refrain entirely from distribution of the Program.
209 |
210 | If any portion of this section is held invalid or unenforceable under
211 | any particular circumstance, the balance of the section is intended to
212 | apply and the section as a whole is intended to apply in other
213 | circumstances.
214 |
215 | It is not the purpose of this section to induce you to infringe any
216 | patents or other property right claims or to contest validity of any
217 | such claims; this section has the sole purpose of protecting the
218 | integrity of the free software distribution system, which is
219 | implemented by public license practices. Many people have made
220 | generous contributions to the wide range of software distributed
221 | through that system in reliance on consistent application of that
222 | system; it is up to the author/donor to decide if he or she is willing
223 | to distribute software through any other system and a licensee cannot
224 | impose that choice.
225 |
226 | This section is intended to make thoroughly clear what is believed to
227 | be a consequence of the rest of this License.
228 |
229 | 8. If the distribution and/or use of the Program is restricted in
230 | certain countries either by patents or by copyrighted interfaces, the
231 | original copyright holder who places the Program under this License
232 | may add an explicit geographical distribution limitation excluding
233 | those countries, so that distribution is permitted only in or among
234 | countries not thus excluded. In such case, this License incorporates
235 | the limitation as if written in the body of this License.
236 |
237 | 9. The Free Software Foundation may publish revised and/or new versions
238 | of the General Public License from time to time. Such new versions will
239 | be similar in spirit to the present version, but may differ in detail to
240 | address new problems or concerns.
241 |
242 | Each version is given a distinguishing version number. If the Program
243 | specifies a version number of this License which applies to it and "any
244 | later version", you have the option of following the terms and conditions
245 | either of that version or of any later version published by the Free
246 | Software Foundation. If the Program does not specify a version number of
247 | this License, you may choose any version ever published by the Free Software
248 | Foundation.
249 |
250 | 10. If you wish to incorporate parts of the Program into other free
251 | programs whose distribution conditions are different, write to the author
252 | to ask for permission. For software which is copyrighted by the Free
253 | Software Foundation, write to the Free Software Foundation; we sometimes
254 | make exceptions for this. Our decision will be guided by the two goals
255 | of preserving the free status of all derivatives of our free software and
256 | of promoting the sharing and reuse of software generally.
257 |
258 | NO WARRANTY
259 |
260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
268 | REPAIR OR CORRECTION.
269 |
270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
278 | POSSIBILITY OF SUCH DAMAGES.
279 |
280 | END OF TERMS AND CONDITIONS
281 |
282 | How to Apply These Terms to Your New Programs
283 |
284 | If you develop a new program, and you want it to be of the greatest
285 | possible use to the public, the best way to achieve this is to make it
286 | free software which everyone can redistribute and change under these terms.
287 |
288 | To do so, attach the following notices to the program. It is safest
289 | to attach them to the start of each source file to most effectively
290 | convey the exclusion of warranty; and each file should have at least
291 | the "copyright" line and a pointer to where the full notice is found.
292 |
293 | {description}
294 | Copyright (C) {year} {fullname}
295 |
296 | This program is free software; you can redistribute it and/or modify
297 | it under the terms of the GNU General Public License as published by
298 | the Free Software Foundation; either version 2 of the License, or
299 | (at your option) any later version.
300 |
301 | This program is distributed in the hope that it will be useful,
302 | but WITHOUT ANY WARRANTY; without even the implied warranty of
303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
304 | GNU General Public License for more details.
305 |
306 | You should have received a copy of the GNU General Public License along
307 | with this program; if not, write to the Free Software Foundation, Inc.,
308 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
309 |
310 | Also add information on how to contact you by electronic and paper mail.
311 |
312 | If the program is interactive, make it output a short notice like this
313 | when it starts in an interactive mode:
314 |
315 | Gnomovision version 69, Copyright (C) year name of author
316 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
317 | This is free software, and you are welcome to redistribute it
318 | under certain conditions; type `show c' for details.
319 |
320 | The hypothetical commands `show w' and `show c' should show the appropriate
321 | parts of the General Public License. Of course, the commands you use may
322 | be called something other than `show w' and `show c'; they could even be
323 | mouse-clicks or menu items--whatever suits your program.
324 |
325 | You should also get your employer (if you work as a programmer) or your
326 | school, if any, to sign a "copyright disclaimer" for the program, if
327 | necessary. Here is a sample; alter the names:
328 |
329 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program
330 | `Gnomovision' (which makes passes at compilers) written by James Hacker.
331 |
332 | {signature of Ty Coon}, 1 April 1989
333 | Ty Coon, President of Vice
334 |
335 | This General Public License does not permit incorporating your program into
336 | proprietary programs. If your program is a subroutine library, you may
337 | consider it more useful to permit linking proprietary applications with the
338 | library. If this is what you want to do, use the GNU Lesser General
339 | Public License instead of this License.
340 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | SDATA Tool
2 | ==========
3 |
4 | Small tool to unpack and decrypt SDATA files from PS3 games.
5 | - Supports all SDATA versions.
6 | - Supports decompression.
7 |
8 | Tool written by **AlexAltea** and **Hykem**.
9 | Special thanks to **BlackDaemon**.
10 |
--------------------------------------------------------------------------------
/sdata-tool.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 2012
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sdata-tool", "src\sdata-tool.vcxproj", "{B86E1508-26B6-465B-ABEC-A35E07E2A187}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Win32 = Debug|Win32
9 | Release|Win32 = Release|Win32
10 | EndGlobalSection
11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | {B86E1508-26B6-465B-ABEC-A35E07E2A187}.Debug|Win32.ActiveCfg = Debug|Win32
13 | {B86E1508-26B6-465B-ABEC-A35E07E2A187}.Debug|Win32.Build.0 = Debug|Win32
14 | {B86E1508-26B6-465B-ABEC-A35E07E2A187}.Release|Win32.ActiveCfg = Release|Win32
15 | {B86E1508-26B6-465B-ABEC-A35E07E2A187}.Release|Win32.Build.0 = Release|Win32
16 | EndGlobalSection
17 | GlobalSection(SolutionProperties) = preSolution
18 | HideSolutionNode = FALSE
19 | EndGlobalSection
20 | EndGlobal
21 |
--------------------------------------------------------------------------------
/src/aes.c:
--------------------------------------------------------------------------------
1 | /*
2 | * FIPS-197 compliant AES implementation
3 | *
4 | * Copyright (C) 2006-2013, Brainspark B.V.
5 | *
6 | * This file is part of PolarSSL (http://www.polarssl.org)
7 | * Lead Maintainer: Paul Bakker
8 | *
9 | * All rights reserved.
10 | *
11 | * This program is free software; you can redistribute it and/or modify
12 | * it under the terms of the GNU General Public License as published by
13 | * the Free Software Foundation; either version 2 of the License, or
14 | * (at your option) any later version.
15 | *
16 | * This program is distributed in the hope that it will be useful,
17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 | * GNU General Public License for more details.
20 | *
21 | * You should have received a copy of the GNU General Public License along
22 | * with this program; if not, write to the Free Software Foundation, Inc.,
23 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 | */
25 | /*
26 | * The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
27 | *
28 | * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
29 | * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
30 | */
31 |
32 | #include "aes.h"
33 |
34 | /*
35 | * 32-bit integer manipulation macros (little endian)
36 | */
37 | #ifndef GET_UINT32_LE
38 | #define GET_UINT32_LE(n,b,i) \
39 | { \
40 | (n) = ( (uint32_t) (b)[(i) ] ) \
41 | | ( (uint32_t) (b)[(i) + 1] << 8 ) \
42 | | ( (uint32_t) (b)[(i) + 2] << 16 ) \
43 | | ( (uint32_t) (b)[(i) + 3] << 24 ); \
44 | }
45 | #endif
46 |
47 | #ifndef PUT_UINT32_LE
48 | #define PUT_UINT32_LE(n,b,i) \
49 | { \
50 | (b)[(i) ] = (unsigned char) ( (n) ); \
51 | (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
52 | (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
53 | (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
54 | }
55 | #endif
56 |
57 | #if defined(POLARSSL_AES_ROM_TABLES)
58 | /*
59 | * Forward S-box
60 | */
61 | static const unsigned char FSb[256] =
62 | {
63 | 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
64 | 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
65 | 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
66 | 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
67 | 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
68 | 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
69 | 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
70 | 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
71 | 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
72 | 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
73 | 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
74 | 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
75 | 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
76 | 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
77 | 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
78 | 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
79 | 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
80 | 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
81 | 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
82 | 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
83 | 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
84 | 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
85 | 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
86 | 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
87 | 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
88 | 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
89 | 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
90 | 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
91 | 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
92 | 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
93 | 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
94 | 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
95 | };
96 |
97 | /*
98 | * Forward tables
99 | */
100 | #define FT \
101 | \
102 | V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \
103 | V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \
104 | V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \
105 | V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \
106 | V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \
107 | V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \
108 | V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \
109 | V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \
110 | V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \
111 | V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \
112 | V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \
113 | V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \
114 | V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \
115 | V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \
116 | V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \
117 | V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \
118 | V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \
119 | V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \
120 | V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \
121 | V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \
122 | V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \
123 | V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \
124 | V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \
125 | V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \
126 | V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \
127 | V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \
128 | V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \
129 | V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \
130 | V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \
131 | V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \
132 | V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \
133 | V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \
134 | V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \
135 | V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \
136 | V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \
137 | V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \
138 | V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \
139 | V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \
140 | V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \
141 | V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \
142 | V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \
143 | V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \
144 | V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \
145 | V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \
146 | V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \
147 | V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \
148 | V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \
149 | V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \
150 | V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \
151 | V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \
152 | V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \
153 | V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \
154 | V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \
155 | V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \
156 | V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \
157 | V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \
158 | V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \
159 | V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \
160 | V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \
161 | V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \
162 | V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \
163 | V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \
164 | V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \
165 | V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C)
166 |
167 | #define V(a,b,c,d) 0x##a##b##c##d
168 | static const uint32_t FT0[256] = { FT };
169 | #undef V
170 |
171 | #define V(a,b,c,d) 0x##b##c##d##a
172 | static const uint32_t FT1[256] = { FT };
173 | #undef V
174 |
175 | #define V(a,b,c,d) 0x##c##d##a##b
176 | static const uint32_t FT2[256] = { FT };
177 | #undef V
178 |
179 | #define V(a,b,c,d) 0x##d##a##b##c
180 | static const uint32_t FT3[256] = { FT };
181 | #undef V
182 |
183 | #undef FT
184 |
185 | /*
186 | * Reverse S-box
187 | */
188 | static const unsigned char RSb[256] =
189 | {
190 | 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
191 | 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
192 | 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
193 | 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
194 | 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D,
195 | 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
196 | 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2,
197 | 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
198 | 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
199 | 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
200 | 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA,
201 | 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
202 | 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A,
203 | 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
204 | 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
205 | 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
206 | 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA,
207 | 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
208 | 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85,
209 | 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
210 | 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
211 | 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
212 | 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20,
213 | 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
214 | 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31,
215 | 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
216 | 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
217 | 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
218 | 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0,
219 | 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
220 | 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
221 | 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
222 | };
223 |
224 | /*
225 | * Reverse tables
226 | */
227 | #define RT \
228 | \
229 | V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \
230 | V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \
231 | V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \
232 | V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \
233 | V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \
234 | V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \
235 | V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \
236 | V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \
237 | V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \
238 | V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \
239 | V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \
240 | V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \
241 | V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \
242 | V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \
243 | V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \
244 | V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \
245 | V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \
246 | V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \
247 | V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \
248 | V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \
249 | V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \
250 | V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \
251 | V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \
252 | V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \
253 | V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \
254 | V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \
255 | V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \
256 | V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \
257 | V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \
258 | V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \
259 | V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \
260 | V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \
261 | V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \
262 | V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \
263 | V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \
264 | V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \
265 | V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \
266 | V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \
267 | V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \
268 | V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \
269 | V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \
270 | V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \
271 | V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \
272 | V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \
273 | V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \
274 | V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \
275 | V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \
276 | V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \
277 | V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \
278 | V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \
279 | V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \
280 | V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \
281 | V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \
282 | V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \
283 | V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \
284 | V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \
285 | V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \
286 | V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \
287 | V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \
288 | V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \
289 | V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \
290 | V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \
291 | V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \
292 | V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
293 |
294 | #define V(a,b,c,d) 0x##a##b##c##d
295 | static const uint32_t RT0[256] = { RT };
296 | #undef V
297 |
298 | #define V(a,b,c,d) 0x##b##c##d##a
299 | static const uint32_t RT1[256] = { RT };
300 | #undef V
301 |
302 | #define V(a,b,c,d) 0x##c##d##a##b
303 | static const uint32_t RT2[256] = { RT };
304 | #undef V
305 |
306 | #define V(a,b,c,d) 0x##d##a##b##c
307 | static const uint32_t RT3[256] = { RT };
308 | #undef V
309 |
310 | #undef RT
311 |
312 | /*
313 | * Round constants
314 | */
315 | static const uint32_t RCON[10] =
316 | {
317 | 0x00000001, 0x00000002, 0x00000004, 0x00000008,
318 | 0x00000010, 0x00000020, 0x00000040, 0x00000080,
319 | 0x0000001B, 0x00000036
320 | };
321 |
322 | #else
323 |
324 | /*
325 | * Forward S-box & tables
326 | */
327 | static unsigned char FSb[256];
328 | static uint32_t FT0[256];
329 | static uint32_t FT1[256];
330 | static uint32_t FT2[256];
331 | static uint32_t FT3[256];
332 |
333 | /*
334 | * Reverse S-box & tables
335 | */
336 | static unsigned char RSb[256];
337 | static uint32_t RT0[256];
338 | static uint32_t RT1[256];
339 | static uint32_t RT2[256];
340 | static uint32_t RT3[256];
341 |
342 | /*
343 | * Round constants
344 | */
345 | static uint32_t RCON[10];
346 |
347 | /*
348 | * Tables generation code
349 | */
350 | #define ROTL8(x) ( ( x << 8 ) & 0xFFFFFFFF ) | ( x >> 24 )
351 | #define XTIME(x) ( ( x << 1 ) ^ ( ( x & 0x80 ) ? 0x1B : 0x00 ) )
352 | #define MUL(x,y) ( ( x && y ) ? pow[(log[x]+log[y]) % 255] : 0 )
353 |
354 | static int aes_init_done = 0;
355 |
356 | static void aes_gen_tables( void )
357 | {
358 | int i, x, y, z;
359 | int pow[256];
360 | int log[256];
361 |
362 | /*
363 | * compute pow and log tables over GF(2^8)
364 | */
365 | for( i = 0, x = 1; i < 256; i++ )
366 | {
367 | pow[i] = x;
368 | log[x] = i;
369 | x = ( x ^ XTIME( x ) ) & 0xFF;
370 | }
371 |
372 | /*
373 | * calculate the round constants
374 | */
375 | for( i = 0, x = 1; i < 10; i++ )
376 | {
377 | RCON[i] = (uint32_t) x;
378 | x = XTIME( x ) & 0xFF;
379 | }
380 |
381 | /*
382 | * generate the forward and reverse S-boxes
383 | */
384 | FSb[0x00] = 0x63;
385 | RSb[0x63] = 0x00;
386 |
387 | for( i = 1; i < 256; i++ )
388 | {
389 | x = pow[255 - log[i]];
390 |
391 | y = x; y = ( (y << 1) | (y >> 7) ) & 0xFF;
392 | x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF;
393 | x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF;
394 | x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF;
395 | x ^= y ^ 0x63;
396 |
397 | FSb[i] = (unsigned char) x;
398 | RSb[x] = (unsigned char) i;
399 | }
400 |
401 | /*
402 | * generate the forward and reverse tables
403 | */
404 | for( i = 0; i < 256; i++ )
405 | {
406 | x = FSb[i];
407 | y = XTIME( x ) & 0xFF;
408 | z = ( y ^ x ) & 0xFF;
409 |
410 | FT0[i] = ( (uint32_t) y ) ^
411 | ( (uint32_t) x << 8 ) ^
412 | ( (uint32_t) x << 16 ) ^
413 | ( (uint32_t) z << 24 );
414 |
415 | FT1[i] = ROTL8( FT0[i] );
416 | FT2[i] = ROTL8( FT1[i] );
417 | FT3[i] = ROTL8( FT2[i] );
418 |
419 | x = RSb[i];
420 |
421 | RT0[i] = ( (uint32_t) MUL( 0x0E, x ) ) ^
422 | ( (uint32_t) MUL( 0x09, x ) << 8 ) ^
423 | ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^
424 | ( (uint32_t) MUL( 0x0B, x ) << 24 );
425 |
426 | RT1[i] = ROTL8( RT0[i] );
427 | RT2[i] = ROTL8( RT1[i] );
428 | RT3[i] = ROTL8( RT2[i] );
429 | }
430 | }
431 |
432 | #endif
433 |
434 | /*
435 | * AES key schedule (encryption)
436 | */
437 | int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned int keysize )
438 | {
439 | unsigned int i;
440 | uint32_t *RK;
441 |
442 | #if !defined(POLARSSL_AES_ROM_TABLES)
443 | if( aes_init_done == 0 )
444 | {
445 | aes_gen_tables();
446 | aes_init_done = 1;
447 |
448 | }
449 | #endif
450 |
451 | switch( keysize )
452 | {
453 | case 128: ctx->nr = 10; break;
454 | case 192: ctx->nr = 12; break;
455 | case 256: ctx->nr = 14; break;
456 | default : return( POLARSSL_ERR_AES_INVALID_KEY_LENGTH );
457 | }
458 |
459 | ctx->rk = RK = ctx->buf;
460 |
461 | for( i = 0; i < (keysize >> 5); i++ )
462 | {
463 | GET_UINT32_LE( RK[i], key, i << 2 );
464 | }
465 |
466 | switch( ctx->nr )
467 | {
468 | case 10:
469 |
470 | for( i = 0; i < 10; i++, RK += 4 )
471 | {
472 | RK[4] = RK[0] ^ RCON[i] ^
473 | ( (uint32_t) FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^
474 | ( (uint32_t) FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^
475 | ( (uint32_t) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^
476 | ( (uint32_t) FSb[ ( RK[3] ) & 0xFF ] << 24 );
477 |
478 | RK[5] = RK[1] ^ RK[4];
479 | RK[6] = RK[2] ^ RK[5];
480 | RK[7] = RK[3] ^ RK[6];
481 | }
482 | break;
483 |
484 | case 12:
485 |
486 | for( i = 0; i < 8; i++, RK += 6 )
487 | {
488 | RK[6] = RK[0] ^ RCON[i] ^
489 | ( (uint32_t) FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^
490 | ( (uint32_t) FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^
491 | ( (uint32_t) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^
492 | ( (uint32_t) FSb[ ( RK[5] ) & 0xFF ] << 24 );
493 |
494 | RK[7] = RK[1] ^ RK[6];
495 | RK[8] = RK[2] ^ RK[7];
496 | RK[9] = RK[3] ^ RK[8];
497 | RK[10] = RK[4] ^ RK[9];
498 | RK[11] = RK[5] ^ RK[10];
499 | }
500 | break;
501 |
502 | case 14:
503 |
504 | for( i = 0; i < 7; i++, RK += 8 )
505 | {
506 | RK[8] = RK[0] ^ RCON[i] ^
507 | ( (uint32_t) FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^
508 | ( (uint32_t) FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^
509 | ( (uint32_t) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^
510 | ( (uint32_t) FSb[ ( RK[7] ) & 0xFF ] << 24 );
511 |
512 | RK[9] = RK[1] ^ RK[8];
513 | RK[10] = RK[2] ^ RK[9];
514 | RK[11] = RK[3] ^ RK[10];
515 |
516 | RK[12] = RK[4] ^
517 | ( (uint32_t) FSb[ ( RK[11] ) & 0xFF ] ) ^
518 | ( (uint32_t) FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^
519 | ( (uint32_t) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^
520 | ( (uint32_t) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 );
521 |
522 | RK[13] = RK[5] ^ RK[12];
523 | RK[14] = RK[6] ^ RK[13];
524 | RK[15] = RK[7] ^ RK[14];
525 | }
526 | break;
527 |
528 | default:
529 |
530 | break;
531 | }
532 |
533 | return( 0 );
534 | }
535 |
536 | /*
537 | * AES key schedule (decryption)
538 | */
539 | int aes_setkey_dec( aes_context *ctx, const unsigned char *key, unsigned int keysize )
540 | {
541 | int i, j;
542 | aes_context cty;
543 | uint32_t *RK;
544 | uint32_t *SK;
545 | int ret;
546 |
547 | switch( keysize )
548 | {
549 | case 128: ctx->nr = 10; break;
550 | case 192: ctx->nr = 12; break;
551 | case 256: ctx->nr = 14; break;
552 | default : return( POLARSSL_ERR_AES_INVALID_KEY_LENGTH );
553 | }
554 |
555 | ctx->rk = RK = ctx->buf;
556 |
557 | ret = aes_setkey_enc( &cty, key, keysize );
558 | if( ret != 0 )
559 | return( ret );
560 |
561 | SK = cty.rk + cty.nr * 4;
562 |
563 | *RK++ = *SK++;
564 | *RK++ = *SK++;
565 | *RK++ = *SK++;
566 | *RK++ = *SK++;
567 |
568 | for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 )
569 | {
570 | for( j = 0; j < 4; j++, SK++ )
571 | {
572 | *RK++ = RT0[ FSb[ ( *SK ) & 0xFF ] ] ^
573 | RT1[ FSb[ ( *SK >> 8 ) & 0xFF ] ] ^
574 | RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^
575 | RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ];
576 | }
577 | }
578 |
579 | *RK++ = *SK++;
580 | *RK++ = *SK++;
581 | *RK++ = *SK++;
582 | *RK++ = *SK++;
583 |
584 | memset( &cty, 0, sizeof( aes_context ) );
585 |
586 | return( 0 );
587 | }
588 |
589 | #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
590 | { \
591 | X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \
592 | FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
593 | FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
594 | FT3[ ( Y3 >> 24 ) & 0xFF ]; \
595 | \
596 | X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \
597 | FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
598 | FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
599 | FT3[ ( Y0 >> 24 ) & 0xFF ]; \
600 | \
601 | X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \
602 | FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
603 | FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
604 | FT3[ ( Y1 >> 24 ) & 0xFF ]; \
605 | \
606 | X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \
607 | FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
608 | FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
609 | FT3[ ( Y2 >> 24 ) & 0xFF ]; \
610 | }
611 |
612 | #define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
613 | { \
614 | X0 = *RK++ ^ RT0[ ( Y0 ) & 0xFF ] ^ \
615 | RT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
616 | RT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
617 | RT3[ ( Y1 >> 24 ) & 0xFF ]; \
618 | \
619 | X1 = *RK++ ^ RT0[ ( Y1 ) & 0xFF ] ^ \
620 | RT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
621 | RT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
622 | RT3[ ( Y2 >> 24 ) & 0xFF ]; \
623 | \
624 | X2 = *RK++ ^ RT0[ ( Y2 ) & 0xFF ] ^ \
625 | RT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
626 | RT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
627 | RT3[ ( Y3 >> 24 ) & 0xFF ]; \
628 | \
629 | X3 = *RK++ ^ RT0[ ( Y3 ) & 0xFF ] ^ \
630 | RT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
631 | RT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
632 | RT3[ ( Y0 >> 24 ) & 0xFF ]; \
633 | }
634 |
635 | /*
636 | * AES-ECB block encryption/decryption
637 | */
638 | int aes_crypt_ecb( aes_context *ctx,
639 | int mode,
640 | const unsigned char input[16],
641 | unsigned char output[16] )
642 | {
643 | int i;
644 | uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
645 |
646 | RK = ctx->rk;
647 |
648 | GET_UINT32_LE( X0, input, 0 ); X0 ^= *RK++;
649 | GET_UINT32_LE( X1, input, 4 ); X1 ^= *RK++;
650 | GET_UINT32_LE( X2, input, 8 ); X2 ^= *RK++;
651 | GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++;
652 |
653 | if( mode == AES_DECRYPT )
654 | {
655 | for( i = (ctx->nr >> 1) - 1; i > 0; i-- )
656 | {
657 | AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
658 | AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
659 | }
660 |
661 | AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
662 |
663 | X0 = *RK++ ^ \
664 | ( (uint32_t) RSb[ ( Y0 ) & 0xFF ] ) ^
665 | ( (uint32_t) RSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
666 | ( (uint32_t) RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
667 | ( (uint32_t) RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
668 |
669 | X1 = *RK++ ^ \
670 | ( (uint32_t) RSb[ ( Y1 ) & 0xFF ] ) ^
671 | ( (uint32_t) RSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
672 | ( (uint32_t) RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
673 | ( (uint32_t) RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
674 |
675 | X2 = *RK++ ^ \
676 | ( (uint32_t) RSb[ ( Y2 ) & 0xFF ] ) ^
677 | ( (uint32_t) RSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
678 | ( (uint32_t) RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
679 | ( (uint32_t) RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
680 |
681 | X3 = *RK++ ^ \
682 | ( (uint32_t) RSb[ ( Y3 ) & 0xFF ] ) ^
683 | ( (uint32_t) RSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
684 | ( (uint32_t) RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
685 | ( (uint32_t) RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
686 | }
687 | else /* AES_ENCRYPT */
688 | {
689 | for( i = (ctx->nr >> 1) - 1; i > 0; i-- )
690 | {
691 | AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
692 | AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
693 | }
694 |
695 | AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
696 |
697 | X0 = *RK++ ^ \
698 | ( (uint32_t) FSb[ ( Y0 ) & 0xFF ] ) ^
699 | ( (uint32_t) FSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
700 | ( (uint32_t) FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
701 | ( (uint32_t) FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
702 |
703 | X1 = *RK++ ^ \
704 | ( (uint32_t) FSb[ ( Y1 ) & 0xFF ] ) ^
705 | ( (uint32_t) FSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
706 | ( (uint32_t) FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
707 | ( (uint32_t) FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
708 |
709 | X2 = *RK++ ^ \
710 | ( (uint32_t) FSb[ ( Y2 ) & 0xFF ] ) ^
711 | ( (uint32_t) FSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
712 | ( (uint32_t) FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
713 | ( (uint32_t) FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
714 |
715 | X3 = *RK++ ^ \
716 | ( (uint32_t) FSb[ ( Y3 ) & 0xFF ] ) ^
717 | ( (uint32_t) FSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
718 | ( (uint32_t) FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
719 | ( (uint32_t) FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
720 | }
721 |
722 | PUT_UINT32_LE( X0, output, 0 );
723 | PUT_UINT32_LE( X1, output, 4 );
724 | PUT_UINT32_LE( X2, output, 8 );
725 | PUT_UINT32_LE( X3, output, 12 );
726 |
727 | return( 0 );
728 | }
729 |
730 | /*
731 | * AES-CBC buffer encryption/decryption
732 | */
733 | int aes_crypt_cbc( aes_context *ctx,
734 | int mode,
735 | size_t length,
736 | unsigned char iv[16],
737 | const unsigned char *input,
738 | unsigned char *output )
739 | {
740 | int i;
741 | unsigned char temp[16];
742 |
743 | if( length % 16 )
744 | return( POLARSSL_ERR_AES_INVALID_INPUT_LENGTH );
745 |
746 | if( mode == AES_DECRYPT )
747 | {
748 | while( length > 0 )
749 | {
750 | memcpy( temp, input, 16 );
751 | aes_crypt_ecb( ctx, mode, input, output );
752 |
753 | for( i = 0; i < 16; i++ )
754 | output[i] = (unsigned char)( output[i] ^ iv[i] );
755 |
756 | memcpy( iv, temp, 16 );
757 |
758 | input += 16;
759 | output += 16;
760 | length -= 16;
761 | }
762 | }
763 | else
764 | {
765 | while( length > 0 )
766 | {
767 | for( i = 0; i < 16; i++ )
768 | output[i] = (unsigned char)( input[i] ^ iv[i] );
769 |
770 | aes_crypt_ecb( ctx, mode, output, output );
771 | memcpy( iv, output, 16 );
772 |
773 | input += 16;
774 | output += 16;
775 | length -= 16;
776 | }
777 | }
778 |
779 | return( 0 );
780 | }
781 |
782 | /*
783 | * AES-CFB128 buffer encryption/decryption
784 | */
785 | int aes_crypt_cfb128( aes_context *ctx,
786 | int mode,
787 | size_t length,
788 | size_t *iv_off,
789 | unsigned char iv[16],
790 | const unsigned char *input,
791 | unsigned char *output )
792 | {
793 | int c;
794 | size_t n = *iv_off;
795 |
796 | if( mode == AES_DECRYPT )
797 | {
798 | while( length-- )
799 | {
800 | if( n == 0 )
801 | aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
802 |
803 | c = *input++;
804 | *output++ = (unsigned char)( c ^ iv[n] );
805 | iv[n] = (unsigned char) c;
806 |
807 | n = (n + 1) & 0x0F;
808 | }
809 | }
810 | else
811 | {
812 | while( length-- )
813 | {
814 | if( n == 0 )
815 | aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
816 |
817 | iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
818 |
819 | n = (n + 1) & 0x0F;
820 | }
821 | }
822 |
823 | *iv_off = n;
824 |
825 | return( 0 );
826 | }
827 |
828 | /*
829 | * AES-CTR buffer encryption/decryption
830 | */
831 | int aes_crypt_ctr( aes_context *ctx,
832 | size_t length,
833 | size_t *nc_off,
834 | unsigned char nonce_counter[16],
835 | unsigned char stream_block[16],
836 | const unsigned char *input,
837 | unsigned char *output )
838 | {
839 | int c, i;
840 | size_t n = *nc_off;
841 |
842 | while( length-- )
843 | {
844 | if( n == 0 ) {
845 | aes_crypt_ecb( ctx, AES_ENCRYPT, nonce_counter, stream_block );
846 |
847 | for( i = 16; i > 0; i-- )
848 | if( ++nonce_counter[i - 1] != 0 )
849 | break;
850 | }
851 | c = *input++;
852 | *output++ = (unsigned char)( c ^ stream_block[n] );
853 |
854 | n = (n + 1) & 0x0F;
855 | }
856 |
857 | *nc_off = n;
858 |
859 | return( 0 );
860 | }
861 |
862 | /* AES-CMAC */
863 |
864 | unsigned char const_Rb[16] = {
865 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
866 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87
867 | };
868 | unsigned char const_Zero[16] = {
869 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
870 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
871 | };
872 |
873 | void leftshift_onebit(unsigned char *input, unsigned char *output)
874 | {
875 | int i;
876 | unsigned char overflow = 0;
877 |
878 | for (i = 15; i >= 0; i--)
879 | {
880 | output[i] = input[i] << 1;
881 | output[i] |= overflow;
882 | overflow = (input[i] & 0x80) ? 1 : 0;
883 | }
884 | }
885 |
886 | void xor_128(unsigned char *a, unsigned char *b, unsigned char *out)
887 | {
888 | int i;
889 | for (i = 0; i < 16; i++)
890 | out[i] = a[i] ^ b[i];
891 | }
892 |
893 | void generate_subkey(aes_context *ctx, unsigned char *K1, unsigned char *K2)
894 | {
895 | unsigned char L[16];
896 | unsigned char Z[16];
897 | unsigned char tmp[16];
898 |
899 | int i;
900 | for (i = 0; i < 16; i++) Z[i] = 0;
901 |
902 | aes_crypt_ecb(ctx, AES_ENCRYPT, Z, L);
903 |
904 | if ((L[0] & 0x80) == 0)
905 | {
906 | leftshift_onebit(L,K1);
907 | } else {
908 | leftshift_onebit(L,tmp);
909 | xor_128(tmp,const_Rb,K1);
910 | }
911 |
912 | if ((K1[0] & 0x80) == 0)
913 | {
914 | leftshift_onebit(K1,K2);
915 | } else {
916 | leftshift_onebit(K1,tmp);
917 | xor_128(tmp,const_Rb,K2);
918 | }
919 | }
920 |
921 | void padding (unsigned char *lastb, unsigned char *pad, int length)
922 | {
923 | int i;
924 | for (i = 0; i < 16; i++)
925 | {
926 | if (i < length)
927 | pad[i] = lastb[i];
928 | else if (i == length)
929 | pad[i] = 0x80;
930 | else
931 | pad[i] = 0x00;
932 | }
933 | }
934 |
935 | void aes_cmac(aes_context *ctx, int length, unsigned char *input, unsigned char *output)
936 | {
937 | unsigned char X[16], Y[16], M_last[16], padded[16];
938 | unsigned char K1[16], K2[16];
939 | int n, i, flag;
940 | generate_subkey(ctx, K1, K2);
941 |
942 | n = (length + 15) / 16;
943 | if (n == 0)
944 | {
945 | n = 1;
946 | flag = 0;
947 | } else {
948 | if ((length % 16) == 0)
949 | flag = 1;
950 | else
951 | flag = 0;
952 | }
953 |
954 | if (flag)
955 | {
956 | xor_128(&input[16 * (n - 1)], K1, M_last);
957 | } else {
958 | padding(&input[16 * (n - 1)], padded, length % 16);
959 | xor_128(padded, K2, M_last);
960 | }
961 |
962 | for (i = 0; i < 16; i++) X[i] = 0;
963 | for (i = 0; i < n - 1; i++)
964 | {
965 | xor_128(X, &input[16*i], Y);
966 | aes_crypt_ecb(ctx, AES_ENCRYPT, Y, X);
967 | }
968 |
969 | xor_128(X,M_last,Y);
970 | aes_crypt_ecb(ctx, AES_ENCRYPT, Y, X);
971 |
972 | for (i = 0; i < 16; i++)
973 | output[i] = X[i];
974 | }
--------------------------------------------------------------------------------
/src/aes.h:
--------------------------------------------------------------------------------
1 | /**
2 | * \file aes.h
3 | *
4 | * \brief AES block cipher
5 | *
6 | * Copyright (C) 2006-2013, Brainspark B.V.
7 | *
8 | * This file is part of PolarSSL (http://www.polarssl.org)
9 | * Lead Maintainer: Paul Bakker
10 | *
11 | * All rights reserved.
12 | *
13 | * This program is free software; you can redistribute it and/or modify
14 | * it under the terms of the GNU General Public License as published by
15 | * the Free Software Foundation; either version 2 of the License, or
16 | * (at your option) any later version.
17 | *
18 | * This program is distributed in the hope that it will be useful,
19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 | * GNU General Public License for more details.
22 | *
23 | * You should have received a copy of the GNU General Public License along
24 | * with this program; if not, write to the Free Software Foundation, Inc.,
25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 | */
27 | #include
28 |
29 | #ifdef _MSC_VER
30 | #include
31 | typedef UINT32 uint32_t;
32 | #else
33 | #include
34 | #endif
35 |
36 | #define AES_ENCRYPT 1
37 | #define AES_DECRYPT 0
38 |
39 | #define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
40 | #define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
41 |
42 | // Regular implementation
43 | //
44 |
45 | /**
46 | * \brief AES context structure
47 | */
48 | typedef struct
49 | {
50 | int nr; /*!< number of rounds */
51 | uint32_t *rk; /*!< AES round keys */
52 | uint32_t buf[68]; /*!< unaligned data */
53 | }
54 | aes_context;
55 |
56 | #ifdef __cplusplus
57 | extern "C" {
58 | #endif
59 |
60 | /**
61 | * \brief AES key schedule (encryption)
62 | *
63 | * \param ctx AES context to be initialized
64 | * \param key encryption key
65 | * \param keysize must be 128, 192 or 256
66 | *
67 | * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
68 | */
69 | int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned int keysize );
70 |
71 | /**
72 | * \brief AES key schedule (decryption)
73 | *
74 | * \param ctx AES context to be initialized
75 | * \param key decryption key
76 | * \param keysize must be 128, 192 or 256
77 | *
78 | * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
79 | */
80 | int aes_setkey_dec( aes_context *ctx, const unsigned char *key, unsigned int keysize );
81 |
82 | /**
83 | * \brief AES-ECB block encryption/decryption
84 | *
85 | * \param ctx AES context
86 | * \param mode AES_ENCRYPT or AES_DECRYPT
87 | * \param input 16-byte input block
88 | * \param output 16-byte output block
89 | *
90 | * \return 0 if successful
91 | */
92 | int aes_crypt_ecb( aes_context *ctx,
93 | int mode,
94 | const unsigned char input[16],
95 | unsigned char output[16] );
96 |
97 | /**
98 | * \brief AES-CBC buffer encryption/decryption
99 | * Length should be a multiple of the block
100 | * size (16 bytes)
101 | *
102 | * \param ctx AES context
103 | * \param mode AES_ENCRYPT or AES_DECRYPT
104 | * \param length length of the input data
105 | * \param iv initialization vector (updated after use)
106 | * \param input buffer holding the input data
107 | * \param output buffer holding the output data
108 | *
109 | * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_INPUT_LENGTH
110 | */
111 | int aes_crypt_cbc( aes_context *ctx,
112 | int mode,
113 | size_t length,
114 | unsigned char iv[16],
115 | const unsigned char *input,
116 | unsigned char *output );
117 |
118 | /**
119 | * \brief AES-CFB128 buffer encryption/decryption.
120 | *
121 | * Note: Due to the nature of CFB you should use the same key schedule for
122 | * both encryption and decryption. So a context initialized with
123 | * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
124 | *
125 | * both
126 | * \param ctx AES context
127 | * \param mode AES_ENCRYPT or AES_DECRYPT
128 | * \param length length of the input data
129 | * \param iv_off offset in IV (updated after use)
130 | * \param iv initialization vector (updated after use)
131 | * \param input buffer holding the input data
132 | * \param output buffer holding the output data
133 | *
134 | * \return 0 if successful
135 | */
136 | int aes_crypt_cfb128( aes_context *ctx,
137 | int mode,
138 | size_t length,
139 | size_t *iv_off,
140 | unsigned char iv[16],
141 | const unsigned char *input,
142 | unsigned char *output );
143 |
144 | /**
145 | * \brief AES-CTR buffer encryption/decryption
146 | *
147 | * Warning: You have to keep the maximum use of your counter in mind!
148 | *
149 | * Note: Due to the nature of CTR you should use the same key schedule for
150 | * both encryption and decryption. So a context initialized with
151 | * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
152 | *
153 | * \param length The length of the data
154 | * \param nc_off The offset in the current stream_block (for resuming
155 | * within current cipher stream). The offset pointer to
156 | * should be 0 at the start of a stream.
157 | * \param nonce_counter The 128-bit nonce and counter.
158 | * \param stream_block The saved stream-block for resuming. Is overwritten
159 | * by the function.
160 | * \param input The input data stream
161 | * \param output The output data stream
162 | *
163 | * \return 0 if successful
164 | */
165 | int aes_crypt_ctr( aes_context *ctx,
166 | size_t length,
167 | size_t *nc_off,
168 | unsigned char nonce_counter[16],
169 | unsigned char stream_block[16],
170 | const unsigned char *input,
171 | unsigned char *output );
172 |
173 | void aes_cmac(aes_context *ctx, int length, unsigned char *input, unsigned char *output);
174 |
175 | #ifdef __cplusplus
176 | }
177 | #endif
--------------------------------------------------------------------------------
/src/sdata-tool.cpp:
--------------------------------------------------------------------------------
1 | #define _CRT_SECURE_NO_WARNINGS
2 | #include "sdata-tool.h"
3 |
4 | typedef unsigned long long u64;
5 |
6 | // Auxiliary functions (endian swap and xor).
7 | inline int se32(int i)
8 | {
9 | return ((i & 0xFF000000) >> 24) | ((i & 0xFF0000) >> 8) | ((i & 0xFF00) << 8) | ((i & 0xFF) << 24);
10 | }
11 |
12 | inline u64 se64(u64 i)
13 | {
14 | return ((i & 0x00000000000000ff) << 56) | ((i & 0x000000000000ff00) << 40) |
15 | ((i & 0x0000000000ff0000) << 24) | ((i & 0x00000000ff000000) << 8) |
16 | ((i & 0x000000ff00000000) >> 8) | ((i & 0x0000ff0000000000) >> 24) |
17 | ((i & 0x00ff000000000000) >> 40) | ((i & 0xff00000000000000) >> 56);
18 | }
19 |
20 | void xor(unsigned char *dest, unsigned char *src1, unsigned char *src2, int size)
21 | {
22 | int i;
23 | for(i = 0; i < size; i++)
24 | {
25 | dest[i] = src1[i] ^ src2[i];
26 | }
27 | }
28 |
29 | // Crypto functions (AES128-CBC, AES128-ECB, SHA1-HMAC and AES-CMAC).
30 | void aescbc128_decrypt(unsigned char *key, unsigned char *iv, unsigned char *in, unsigned char *out, int len)
31 | {
32 | aes_context ctx;
33 | aes_setkey_dec(&ctx, key, 128);
34 | aes_crypt_cbc(&ctx, AES_DECRYPT, len, iv, in, out);
35 |
36 | // Reset the IV.
37 | memset(iv, 0, 0x10);
38 | }
39 |
40 | void aesecb128_encrypt(unsigned char *key, unsigned char *in, unsigned char *out)
41 | {
42 | aes_context ctx;
43 | aes_setkey_enc(&ctx, key, 128);
44 | aes_crypt_ecb(&ctx, AES_ENCRYPT, in, out);
45 | }
46 |
47 | bool hmac_hash_compare(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash)
48 | {
49 | unsigned char *out = new unsigned char[key_len];
50 |
51 | sha1_hmac(key, key_len, in, in_len, out);
52 |
53 | for (int i = 0; i < 0x10; i++)
54 | {
55 | if (out[i] != hash[i])
56 | {
57 | delete[] out;
58 | return false;
59 | }
60 | }
61 |
62 | delete[] out;
63 |
64 | return true;
65 | }
66 |
67 | bool cmac_hash_compare(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash)
68 | {
69 | unsigned char *out = new unsigned char[key_len];
70 |
71 | aes_context ctx;
72 | aes_setkey_enc(&ctx, key, 128);
73 | aes_cmac(&ctx, in_len, in, out);
74 |
75 | for (int i = 0; i < key_len; i++)
76 | {
77 | if (out[i] != hash[i])
78 | {
79 | delete[] out;
80 | return false;
81 | }
82 | }
83 |
84 | delete[] out;
85 |
86 | return true;
87 | }
88 |
89 | void generate_key(int crypto_mode, int version, unsigned char *key_final, unsigned char *iv_final, unsigned char *key, unsigned char *iv) {
90 | int mode = (int) (crypto_mode & 0xF0000000);
91 | switch (mode) {
92 | case 0x10000000:
93 | // Encrypted ERK.
94 | // Decrypt the key with EDAT_KEY + EDAT_IV and copy the original IV.
95 | aescbc128_decrypt(version ? EDAT_KEY_1 : EDAT_KEY_0, EDAT_IV, key, key_final, 0x10);
96 | memcpy(iv_final, iv, 0x10);
97 | break;
98 | case 0x20000000:
99 | // Default ERK.
100 | // Use EDAT_KEY and EDAT_IV.
101 | memcpy(key_final, version ? EDAT_KEY_1 : EDAT_KEY_0, 0x10);
102 | memcpy(iv_final, EDAT_IV, 0x10);
103 | break;
104 | case 0x00000000:
105 | // Unencrypted ERK.
106 | // Use the original key and iv.
107 | memcpy(key_final, key, 0x10);
108 | memcpy(iv_final, iv, 0x10);
109 | break;
110 | };
111 | }
112 |
113 | void generate_hash(int hash_mode, int version, unsigned char *hash_final, unsigned char *hash) {
114 | int mode = (int) (hash_mode & 0xF0000000);
115 | switch (mode) {
116 | case 0x10000000:
117 | // Encrypted HASH.
118 | // Decrypt the hash with EDAT_KEY + EDAT_IV.
119 | aescbc128_decrypt(version ? EDAT_KEY_1 : EDAT_KEY_0, EDAT_IV, hash, hash_final, 0x10);
120 | break;
121 | case 0x20000000:
122 | // Default HASH.
123 | // Use EDAT_HASH.
124 | memcpy(hash_final, version ? EDAT_HASH_1 : EDAT_HASH_0, 0x10);
125 | break;
126 | case 0x00000000:
127 | // Unencrypted ERK.
128 | // Use the original hash.
129 | memcpy(hash_final, hash, 0x10);
130 | break;
131 | };
132 | }
133 |
134 | bool crypto(int hash_mode, int crypto_mode, int version, unsigned char *in, unsigned char *out, int lenght, unsigned char *key, unsigned char *iv, unsigned char *hash, unsigned char *test_hash)
135 | {
136 | // Setup buffers for key, iv and hash.
137 | unsigned char key_final[0x10] = {};
138 | unsigned char iv_final[0x10] = {};
139 | unsigned char hash_final_10[0x10] = {};
140 | unsigned char hash_final_14[0x14] = {};
141 |
142 | // Generate crypto key and hash.
143 | generate_key(crypto_mode, version, key_final, iv_final, key, iv);
144 | if ((hash_mode & 0xFF) == 0x01)
145 | generate_hash(hash_mode, version, hash_final_14, hash);
146 | else
147 | generate_hash(hash_mode, version, hash_final_10, hash);
148 |
149 | if ((crypto_mode & 0xFF) == 0x01) // No algorithm.
150 | {
151 | memcpy(out, in, lenght);
152 | }
153 | else if ((crypto_mode & 0xFF) == 0x02) // AES128-CBC
154 | {
155 | aescbc128_decrypt(key_final, iv_final, in, out, lenght);
156 | }
157 | else
158 | {
159 | printf("ERROR: Unknown crypto algorithm!\n");
160 | return false;
161 | }
162 |
163 | if ((hash_mode & 0xFF) == 0x01) // 0x14 SHA1-HMAC
164 | {
165 | return hmac_hash_compare(hash_final_14, 0x14, in, lenght, test_hash);
166 | }
167 | else if ((hash_mode & 0xFF) == 0x02) // 0x10 AES-CMAC
168 | {
169 | return cmac_hash_compare(hash_final_10, 0x10, in, lenght, test_hash);
170 | }
171 | else if ((hash_mode & 0xFF) == 0x04) //0x10 SHA1-HMAC
172 | {
173 | return hmac_hash_compare(hash_final_10, 0x10, in, lenght, test_hash);
174 | }
175 | else
176 | {
177 | printf("ERROR: Unknown hashing algorithm!\n");
178 | return false;
179 | }
180 | }
181 |
182 | unsigned char* dec_section(unsigned char* metadata) {
183 | unsigned char* dec = new unsigned char[0x10];
184 | dec[0x00] = (metadata[0xC] ^ metadata[0x8] ^ metadata[0x10]);
185 | dec[0x01] = (metadata[0xD] ^ metadata[0x9] ^ metadata[0x11]);
186 | dec[0x02] = (metadata[0xE] ^ metadata[0xA] ^ metadata[0x12]);
187 | dec[0x03] = (metadata[0xF] ^ metadata[0xB] ^ metadata[0x13]);
188 | dec[0x04] = (metadata[0x4] ^ metadata[0x8] ^ metadata[0x14]);
189 | dec[0x05] = (metadata[0x5] ^ metadata[0x9] ^ metadata[0x15]);
190 | dec[0x06] = (metadata[0x6] ^ metadata[0xA] ^ metadata[0x16]);
191 | dec[0x07] = (metadata[0x7] ^ metadata[0xB] ^ metadata[0x17]);
192 | dec[0x08] = (metadata[0xC] ^ metadata[0x0] ^ metadata[0x18]);
193 | dec[0x09] = (metadata[0xD] ^ metadata[0x1] ^ metadata[0x19]);
194 | dec[0x0A] = (metadata[0xE] ^ metadata[0x2] ^ metadata[0x1A]);
195 | dec[0x0B] = (metadata[0xF] ^ metadata[0x3] ^ metadata[0x1B]);
196 | dec[0x0C] = (metadata[0x4] ^ metadata[0x0] ^ metadata[0x1C]);
197 | dec[0x0D] = (metadata[0x5] ^ metadata[0x1] ^ metadata[0x1D]);
198 | dec[0x0E] = (metadata[0x6] ^ metadata[0x2] ^ metadata[0x1E]);
199 | dec[0x0F] = (metadata[0x7] ^ metadata[0x3] ^ metadata[0x1F]);
200 | return dec;
201 | }
202 |
203 | unsigned char* get_block_key(int block, NPD_HEADER *npd) {
204 | unsigned char empty_key[0x10] = {};
205 | unsigned char* src_key = (npd->version <= 1) ? empty_key : npd->dev_hash;
206 | unsigned char* dest_key = new unsigned char[0x10];
207 | memcpy(dest_key, src_key, 0xC);
208 | dest_key[0xC] = (block >> 24 & 0xFF);
209 | dest_key[0xD] = (block >> 16 & 0xFF);
210 | dest_key[0xE] = (block >> 8 & 0xFF);
211 | dest_key[0xF] = (block & 0xFF);
212 | return dest_key;
213 | }
214 |
215 | // SDAT functions.
216 | int sdata_decompress(unsigned char *out, unsigned char *in, unsigned int size)
217 | {
218 | char *tmp = new char[3272];
219 | char *p;
220 | char *p2;
221 | char *sub;
222 | char *sub2;
223 | char *sub3;
224 | int offset;
225 | int index;
226 | int index2;
227 | int unk;
228 |
229 | int flag;
230 | int flag2;
231 | unsigned int c;
232 | int cc;
233 | int sp;
234 | unsigned int sc;
235 | int scc;
236 | char st;
237 | char t;
238 | unsigned int n_size;
239 | unsigned int r_size;
240 | signed int f_size;
241 | signed int b_size;
242 | signed int diff;
243 | signed int diff_pad;
244 |
245 | int pos;
246 | int end;
247 | int n_end;
248 | signed int end_size;
249 | int chunk_size;
250 | char pad;
251 | unsigned int remainder;
252 | int result;
253 |
254 | offset = 0;
255 | index = 0;
256 | remainder = -1;
257 | end = (int)((char *)out + size);
258 | pos = (int)in;
259 | pad = *in;
260 | chunk_size = (*(in + 1) << 24) | (*(in + 2) << 16) | (*(in + 3) << 8) | *(in + 4);
261 |
262 | if (*in >= 0) // Check if we have a valid starting byte.
263 | {
264 | memset(tmp, 128, 0xCA8u);
265 | end_size = 0;
266 | while (1)
267 | {
268 | while (1)
269 | {
270 | p = &tmp[offset];
271 | c = (unsigned char)tmp[offset + 2920];
272 |
273 | if (!(remainder >> 24))
274 | {
275 | int add = *(unsigned char *)(pos + 5);
276 | remainder <<= 8;
277 | ++pos;
278 | chunk_size = (chunk_size << 8) + add;
279 | }
280 |
281 | cc = c - (c >> 3);
282 | r_size = c * (remainder >> 8);
283 | f_size = (unsigned int)chunk_size < r_size;
284 |
285 | if ((unsigned int)chunk_size < r_size)
286 | break;
287 |
288 | remainder -= r_size;
289 | chunk_size -= r_size;
290 | p[2920] = cc;
291 | offset = (offset - 1) & ((u64)~(offset - 1) >> 32);
292 |
293 | if (out == (void *)end)
294 | return -1;
295 |
296 | sub = &tmp[255 * ((((((unsigned char)out & 7) << 8) | index & 0xFFFFF8FFu) >> pad) & 7)];
297 | index = 1;
298 |
299 | do
300 | {
301 | sp = (int)&sub[index];
302 | sc = (unsigned char)sub[index - 1];
303 |
304 | if (!(remainder >> 24))
305 | {
306 | int add = *(unsigned char *)(pos++ + 5);
307 | remainder <<= 8;
308 | chunk_size = (chunk_size << 8) + add;
309 | }
310 |
311 | index *= 2;
312 | n_size = sc * (remainder >> 8);
313 | scc = sc - (sc >> 3);
314 | st = scc;
315 |
316 | if ((unsigned int)chunk_size < n_size)
317 | {
318 | remainder = n_size;
319 | ++index;
320 | st = scc + 31;
321 | }
322 | else
323 | {
324 | remainder -= n_size;
325 | chunk_size -= n_size;
326 | }
327 | *(unsigned char *)(sp - 1) = st;
328 | }
329 | while (index <= 255);
330 |
331 | out += 1;
332 | ++end_size;
333 | *(out - 1) = index;
334 | }
335 |
336 | remainder = c * (remainder >> 8);
337 | p[2920] = cc + 31;
338 | index = -1;
339 |
340 | while (1)
341 | {
342 | c = (unsigned char)p[2928];
343 |
344 | if (!(r_size >> 24))
345 | {
346 | int add = *(unsigned char *)(pos++ + 5);
347 | remainder = r_size << 8;
348 | chunk_size = (chunk_size << 8) + add;
349 | }
350 |
351 | p += 8;
352 | r_size = c * (remainder >> 8);
353 | cc = c - (c >> 3);
354 |
355 | if ((unsigned int)chunk_size >= r_size)
356 | break;
357 |
358 | remainder = r_size;
359 | p[2920] = cc + 31;
360 | ++index;
361 |
362 | if (index == 6)
363 | goto SKIP;
364 |
365 | }
366 | remainder -= r_size;
367 | chunk_size -= r_size;
368 | p[2920] = cc;
369 | SKIP:
370 | p2 = &tmp[index];
371 | if (index >= 0)
372 | {
373 | sub3 = &tmp[offset & 7 | 8 * (((unsigned int)out << index) & 3) | 32 * index];
374 | flag = index - 3;
375 | c = (unsigned char)sub3[2984];
376 |
377 | if (!(remainder >> 24))
378 | {
379 | int add = *(unsigned char *)(pos++ + 5);
380 | remainder <<= 8;
381 | chunk_size = (chunk_size << 8) + add;
382 | }
383 |
384 | n_size = c * (remainder >> 8);
385 | cc = c - (c >> 3);
386 | t = cc;
387 | index2 = 2;
388 |
389 | if ((unsigned int)chunk_size >= n_size)
390 | {
391 | remainder -= n_size;
392 | chunk_size -= n_size;
393 | }
394 | else
395 | {
396 | remainder = n_size;
397 | index2 = 3;
398 | t = cc + 31;
399 | }
400 |
401 | if (flag < 0)
402 | {
403 | sub3[2984] = t;
404 | }
405 | else
406 | {
407 | if (flag <= 0)
408 | {
409 | sub3[2984] = t;
410 | }
411 | else
412 | {
413 | c = (unsigned char)t;
414 |
415 | if (!(remainder >> 24))
416 | {
417 | int add = *(unsigned char *)(pos++ + 5);
418 | remainder <<= 8;
419 | chunk_size = (chunk_size << 8) + add;
420 | }
421 | index2 *= 2;
422 | n_size = c * (remainder >> 8);
423 | cc = c - (c >> 3);
424 | t = cc;
425 |
426 | if ((unsigned int)chunk_size >= n_size)
427 | {
428 | remainder -= n_size;
429 | chunk_size -= n_size;
430 | }
431 | else
432 | {
433 | remainder = n_size;
434 | ++index2;
435 | t = cc + 31;
436 | }
437 | sub3[2984] = t;
438 |
439 | if (flag != 1)
440 | {
441 | if (!(remainder >> 24))
442 | {
443 | int add = *(unsigned char *)(pos + 5);
444 | remainder <<= 8;
445 | ++pos;
446 | chunk_size = (chunk_size << 8) + add;
447 | }
448 | do
449 | {
450 | remainder >>= 1;
451 | index2 = ((unsigned int)chunk_size < remainder) + 2 * index2;
452 |
453 | if ((unsigned int)chunk_size >= remainder)
454 | chunk_size -= remainder;
455 |
456 | --flag;
457 | }
458 | while (flag != 1);
459 | }
460 | }
461 | c = (unsigned char)sub3[3008];
462 |
463 | if (!(remainder >> 24))
464 | {
465 | int add = *(unsigned char *)(pos + 5);
466 | remainder <<= 8;
467 | ++pos;
468 | chunk_size = (chunk_size << 8) + add;
469 | }
470 | index2 *= 2;
471 | n_size = c * (remainder >> 8);
472 | cc = c - (c >> 3);
473 | t = cc;
474 |
475 | if ((unsigned int)chunk_size >= n_size)
476 | {
477 | remainder -= n_size;
478 | chunk_size -= n_size;
479 | }
480 | else
481 | {
482 | remainder = n_size;
483 | ++index2;
484 | t = cc + 31;
485 | }
486 | sub3[3008] = t;
487 | }
488 | if (index > 0)
489 | {
490 | c = (unsigned char)sub3[2992];
491 |
492 | if (!(remainder >> 24))
493 | {
494 | int add = *(unsigned char *)(pos++ + 5);
495 | remainder <<= 8;
496 | chunk_size = (chunk_size << 8) + add;
497 | }
498 |
499 | index2 *= 2;
500 | n_size = c * (remainder >> 8);
501 | cc = c - (c >> 3);
502 | t = cc;
503 |
504 | if ((unsigned int)chunk_size >= n_size)
505 | {
506 | remainder -= n_size;
507 | chunk_size -= n_size;
508 | }
509 | else
510 | {
511 | remainder = n_size;
512 | ++index2;
513 | t = cc + 31;
514 | }
515 | sub3[2992] = t;
516 |
517 | if (index != 1)
518 | {
519 | c = (unsigned char)sub3[3000];
520 |
521 | if (!(remainder >> 24))
522 | {
523 | int add = *(unsigned char *)(pos + 5);
524 | remainder <<= 8;
525 | ++pos;
526 | chunk_size = (chunk_size << 8) + add;
527 | }
528 |
529 | index2 *= 2;
530 | n_size = c * (remainder >> 8);
531 | cc = c - (c >> 3);
532 | t = cc;
533 |
534 | if ((unsigned int)chunk_size >= n_size)
535 | {
536 | remainder -= n_size;
537 | chunk_size -= n_size;
538 | }
539 | else
540 | {
541 | remainder = n_size;
542 | ++index2;
543 | t = cc + 31;
544 | }
545 | sub3[3000] = t;
546 | }
547 | }
548 | f_size = index2;
549 |
550 | if (index2 == 255)
551 | break;
552 | }
553 | index = 8;
554 | b_size = 352;
555 |
556 | if (f_size <= 2)
557 | {
558 | p2 += 248;
559 | b_size = 64;
560 | }
561 | do
562 | {
563 | unk = (int)&p2[index];
564 |
565 | if (!(remainder >> 24))
566 | {
567 | int add = *(unsigned char *)(pos++ + 5);
568 | remainder <<= 8;
569 | chunk_size = (chunk_size << 8) + add;
570 | }
571 |
572 | c = *(unsigned char *)(unk + 2033);
573 | index *= 2;
574 | n_size = c * (remainder >> 8);
575 | cc = c - (c >> 3);
576 | t = cc;
577 |
578 | if ((unsigned int)chunk_size < n_size)
579 | {
580 | remainder = n_size;
581 | t = cc + 31;
582 | index += 8;
583 | }
584 | else
585 | {
586 | remainder -= n_size;
587 | chunk_size -= n_size;
588 | }
589 | *(unsigned char *)(unk + 2033) = t;
590 | diff = index - b_size;
591 | }
592 | while ((index - b_size) < 0);
593 |
594 | if (index != b_size)
595 | {
596 | diff_pad = diff >> 3;
597 | flag = diff_pad - 1;
598 | flag2 = diff_pad - 4;
599 | sub2 = &tmp[32 * (diff_pad - 1)];
600 | c = (unsigned char)sub2[2344];
601 |
602 | if (!(remainder >> 24))
603 | {
604 | int add = *(unsigned char *)(pos + 5);
605 | remainder <<= 8;
606 | ++pos;
607 | chunk_size = (chunk_size << 8) + add;
608 | }
609 |
610 | n_size = c * (remainder >> 8);
611 | cc = c - (c >> 3);
612 | t = cc;
613 | index2 = 2;
614 |
615 | if ((unsigned int)chunk_size >= n_size)
616 | {
617 | remainder -= n_size;
618 | chunk_size -= n_size;
619 | }
620 | else
621 | {
622 | remainder = n_size;
623 | index2 = 3;
624 | t = cc + 31;
625 | }
626 |
627 | if (flag2 < 0)
628 | {
629 | sub2[2344] = t;
630 | }
631 | else
632 | {
633 | if (flag2 <= 0)
634 | {
635 | sub2[2344] = t;
636 | }
637 | else
638 | {
639 | c = (unsigned char)t;
640 |
641 | if (!(remainder >> 24))
642 | {
643 | int add = *(unsigned char *)(pos++ + 5);
644 | remainder <<= 8;
645 | chunk_size = (chunk_size << 8) + add;
646 | }
647 |
648 | index2 *= 2;
649 | n_size = c * (remainder >> 8);
650 | cc = c - (c >> 3);
651 | t = cc;
652 |
653 | if ((unsigned int)chunk_size >= n_size)
654 | {
655 | remainder -= n_size;
656 | chunk_size -= n_size;
657 | }
658 | else
659 | {
660 | remainder = n_size;
661 | ++index2;
662 | t = cc + 31;
663 | }
664 | sub2[2344] = t;
665 |
666 | if (flag2 != 1)
667 | {
668 | if (!(remainder >> 24))
669 | {
670 | int add = *(unsigned char *)(pos + 5);
671 | remainder <<= 8;
672 | ++pos;
673 | chunk_size = (chunk_size << 8) + add;
674 | }
675 | do
676 | {
677 | remainder >>= 1;
678 | index2 = ((unsigned int)chunk_size < remainder) + 2 * index2;
679 |
680 | if ((unsigned int)chunk_size >= remainder)
681 | chunk_size -= remainder;
682 |
683 | --flag2;
684 | }
685 | while (flag2 != 1);
686 | }
687 | }
688 | c = (unsigned char)sub2[2368];
689 |
690 | if (!(remainder >> 24))
691 | {
692 | int add = *(unsigned char *)(pos + 5);
693 | remainder <<= 8;
694 | ++pos;
695 | chunk_size = (chunk_size << 8) + add;
696 | }
697 |
698 | index2 *= 2;
699 | n_size = c * (remainder >> 8);
700 | cc = c - (c >> 3);
701 | t = cc;
702 |
703 | if ((unsigned int)chunk_size >= n_size)
704 | {
705 | remainder -= n_size;
706 | chunk_size -= n_size;
707 | }
708 | else
709 | {
710 | remainder = n_size;
711 | ++index2;
712 | t = cc + 31;
713 | }
714 | sub2[2368] = t;
715 | }
716 | if (flag > 0)
717 | {
718 | c = (unsigned char)sub2[2352];
719 | if (!(remainder >> 24))
720 | {
721 | int add = *(unsigned char *)(pos++ + 5);
722 | remainder <<= 8;
723 | chunk_size = (chunk_size << 8) + add;
724 | }
725 | index2 *= 2;
726 | n_size = c * (remainder >> 8);
727 | cc = c - (c >> 3);
728 | t = cc;
729 | if ((unsigned int)chunk_size >= n_size)
730 | {
731 | remainder -= n_size;
732 | chunk_size -= n_size;
733 | }
734 | else
735 | {
736 | remainder = n_size;
737 | ++index2;
738 | t = cc + 31;
739 | }
740 | sub2[2352] = t;
741 | if (flag != 1)
742 | {
743 | c = (unsigned char)sub2[2360];
744 | if (!(remainder >> 24))
745 | {
746 | int add = *(unsigned char *)(pos + 5);
747 | remainder <<= 8;
748 | ++pos;
749 | chunk_size = (chunk_size << 8) + add;
750 | }
751 | index2 *= 2;
752 | n_size = c * (remainder >> 8);
753 | cc = c - (c >> 3);
754 | t = cc;
755 |
756 | if ((unsigned int)chunk_size >= n_size)
757 | {
758 | remainder -= n_size;
759 | chunk_size -= n_size;
760 | }
761 | else
762 | {
763 | remainder = n_size;
764 | ++index2;
765 | t = cc + 31;
766 | }
767 | sub2[2360] = t;
768 | }
769 | }
770 | diff = index2 - 1;
771 | }
772 |
773 | if (end_size <= diff)
774 | return -1;
775 |
776 | index = *(out - diff - 1);
777 | n_end = (int)(out + f_size);
778 | offset = (((unsigned char)f_size + (unsigned char)out) & 1) + 6;
779 |
780 | if ((unsigned int)(out + f_size) >= (unsigned int)end)
781 | return -1;
782 |
783 | do
784 | {
785 | out += 1;
786 | ++end_size;
787 | *(out - 1) = index;
788 | index = *(out - diff - 1);
789 | }
790 | while (out != (void *)n_end);
791 |
792 | out += 1;
793 | ++end_size;
794 | *((unsigned char *)out - 1) = index;
795 | }
796 | result = end_size;
797 | }
798 | else // Starting byte is invalid.
799 | {
800 | result = -1;
801 | if (chunk_size <= (int)size)
802 | {
803 | memcpy(out, (const void *)(in + 5), chunk_size);
804 | result = chunk_size;
805 | }
806 | }
807 | delete[] tmp;
808 |
809 | return result;
810 | }
811 |
812 | int sdata_decrypt(FILE *in, FILE *out, SDAT_HEADER *sdat, NPD_HEADER *npd, unsigned char* crypt_key)
813 | {
814 | // Get metadata info and setup buffers.
815 | int block_num = (int) ((sdat->file_size + sdat->block_size - 1) / sdat->block_size);
816 | int metadata_section_size = ((sdat->flags & SDAT_COMPRESSED_FLAG) != 0 || (sdat->flags & SDAT_FLAG_0x20) != 0) ? 0x20 : 0x10;
817 | int metadata_offset = 0x100;
818 |
819 | unsigned char *enc_data;
820 | unsigned char *dec_data;
821 | unsigned char *b_key;
822 | unsigned char *iv;
823 |
824 | unsigned char empty_iv[0x10] = {};
825 |
826 | // Decrypt the metadata.
827 | int i;
828 | for (i = 0; i < block_num; i++) {
829 | fseek(in, metadata_offset + i * metadata_section_size, SEEK_SET);
830 | unsigned char hash_result[0x10];
831 | long offset;
832 | int lenght;
833 | int compression_end = 0;
834 |
835 | if ((sdat->flags & SDAT_COMPRESSED_FLAG) != 0) {
836 | unsigned char metadata[0x20];
837 | fread(metadata, 0x20, 1, in);
838 |
839 | // If the data is compressed, decrypt the metadata.
840 | unsigned char *result = dec_section(metadata);
841 | offset = ((se32(*(int*)&result[0]) << 4) | (se32(*(int*)&result[4])));
842 | lenght = se32(*(int*)&result[8]);
843 | compression_end = se32(*(int*)&result[12]);
844 | delete[] result;
845 |
846 | memcpy(hash_result, metadata, 0x10);
847 | } else if ((sdat->flags & SDAT_FLAG_0x20) != 0) {
848 | unsigned char metadata[0x20];
849 | fread(metadata, 0x20, 1, in);
850 |
851 | // If FLAG 0x20 is set, apply custom xor.
852 | int j;
853 | for (j = 0; j < 0x10; j++) {
854 | hash_result[j] = (unsigned char)(metadata[j] ^ metadata[j+0x10]);
855 | }
856 |
857 | offset = metadata_offset + i * sdat->block_size + (i + 1) * metadata_section_size;
858 | lenght = sdat->block_size;
859 | if (i == (block_num - 1)) {
860 | lenght = (int) (sdat->file_size % sdat->block_size);
861 | }
862 | } else {
863 | fread(hash_result, 0x10, 1, in);
864 | offset = metadata_offset + i * sdat->block_size + block_num * metadata_section_size;
865 | lenght = sdat->block_size;
866 | if (i == (block_num - 1)) {
867 | lenght = (int) (sdat->file_size % sdat->block_size);
868 | }
869 |
870 | }
871 |
872 | // Locate the real data.
873 | int pad_lenght = lenght;
874 | lenght = (int) ((pad_lenght + 0xF) & 0xFFFFFFF0);
875 | fseek(in, offset, SEEK_SET);
876 |
877 | // Setup buffers for decryption and read the data.
878 | enc_data = new unsigned char[lenght];
879 | dec_data = new unsigned char[lenght];
880 | unsigned char key_result[0x10];
881 | unsigned char hash[0x10];
882 | fread(enc_data, lenght, 1, in);
883 |
884 | // Generate a key for the current block.
885 | b_key = get_block_key(i, npd);
886 |
887 | // Encrypt the block key with the crypto key.
888 | aesecb128_encrypt(crypt_key, b_key, key_result);
889 | if ((sdat->flags & SDAT_FLAG_0x10) != 0) {
890 | aesecb128_encrypt(crypt_key, key_result, hash); // If FLAG 0x10 is set, encrypt again to get the final hash.
891 | } else {
892 | memcpy(hash, key_result, 0x10);
893 | }
894 |
895 | // Setup the crypto and hashing mode based on the extra flags.
896 | int crypto_mode = ((sdat->flags & SDAT_FLAG_0x02) == 0) ? 0x2 : 0x1;
897 | int hash_mode;
898 |
899 | if ((sdat->flags & SDAT_FLAG_0x10) == 0) {
900 | hash_mode = 0x02;
901 | } else if ((sdat->flags & SDAT_FLAG_0x20) == 0) {
902 | hash_mode = 0x04;
903 | } else {
904 | hash_mode = 0x01;
905 | }
906 |
907 | if ((sdat->flags & SDAT_ENCRYPTED_KEY_FLAG) != 0) {
908 | crypto_mode |= 0x10000000;
909 | hash_mode |= 0x10000000;
910 | }
911 |
912 | if ((sdat->flags & SDAT_DEBUG_DATA_FLAG) != 0) {
913 | // Reset the flags.
914 | crypto_mode |= 0x01000000;
915 | hash_mode |= 0x01000000;
916 | // Simply copy the data without the header or the footer.
917 | memcpy(dec_data, enc_data, lenght);
918 | } else {
919 | // IV is null if NPD version is 1 or 0.
920 | iv = (npd->version <= 1) ? empty_iv : npd->digest;
921 | // Call main crypto routine on this data block.
922 | if (!crypto(hash_mode, crypto_mode, (npd->version == 4), enc_data, dec_data, lenght, key_result, iv, hash, hash_result))
923 | return 1;
924 | }
925 |
926 | // Apply additional compression if needed and write the decrypted data.
927 | if (((sdat->flags & SDAT_COMPRESSED_FLAG) != 0) && compression_end) {
928 | int decomp_size = (int)sdat->file_size;
929 | unsigned char *decomp_data = new unsigned char[decomp_size];
930 | memset(decomp_data, 0, decomp_size);
931 |
932 | printf("Decompressing SDATA...\n");
933 | int res = sdata_decompress(decomp_data, dec_data, decomp_size);
934 | fwrite(decomp_data, res, 1, out);
935 |
936 | printf("Compressed block size: %d\n", pad_lenght);
937 | printf("Decompressed block size: %d\n", res);
938 |
939 | sdat->file_size -= res;
940 |
941 | if (sdat->file_size == 0)
942 | {
943 | if (res < 0)
944 | printf("SDATA decompression failed!\n");
945 | else
946 | printf("SDATA successfully decompressed!\n");
947 | }
948 |
949 | delete[] decomp_data;
950 | } else {
951 | fwrite(dec_data, pad_lenght, 1, out);
952 | }
953 |
954 | delete[] enc_data;
955 | delete[] dec_data;
956 | }
957 |
958 | return 0;
959 | }
960 |
961 | int sdata_check(unsigned char *key, SDAT_HEADER *sdat, NPD_HEADER *npd, FILE *f)
962 | {
963 | fseek(f, 0, SEEK_SET);
964 | unsigned char *header = new unsigned char[0xA0];
965 | unsigned char *tmp = new unsigned char[0xA0];
966 | unsigned char *hash_result = new unsigned char[0x10];
967 |
968 | // Check NPD version and SDAT flags.
969 | if ((npd->version == 0) || (npd->version == 1))
970 | {
971 | if (sdat->flags & 0x7EFFFFFE)
972 | {
973 | printf("ERROR: Bad header flags!\n");
974 | return 1;
975 | }
976 | }
977 | else if (npd->version == 2)
978 | {
979 | if (sdat->flags & 0x7EFFFFE0)
980 | {
981 | printf("ERROR: Bad header flags!\n");
982 | return 1;
983 | }
984 | }
985 | else if ((npd->version == 3) || (npd->version == 4))
986 | {
987 | if (sdat->flags & 0x7EFFFFC0)
988 | {
989 | printf("ERROR: Bad header flags!\n");
990 | return 1;
991 | }
992 | }
993 | else
994 | {
995 | printf("ERROR: Unknown version!\n");
996 | return 1;
997 | }
998 |
999 | // Read in the file header.
1000 | fread(header, 0xA0, 1, f);
1001 | fread(hash_result, 0x10, 1, f);
1002 |
1003 | // Setup the hashing mode and the crypto mode used in the file.
1004 | int crypto_mode = 0x1;
1005 | int hash_mode = ((sdat->flags & SDAT_ENCRYPTED_KEY_FLAG) == 0) ? 0x00000002 : 0x10000002;
1006 | if ((sdat->flags & SDAT_DEBUG_DATA_FLAG) != 0) {
1007 | printf("DEBUG data detected!\n");
1008 | hash_mode |= 0x01000000;
1009 | }
1010 |
1011 | // Setup header key and iv buffers.
1012 | unsigned char header_key[0x10] = {};
1013 | unsigned char header_iv[0x10] = {};
1014 |
1015 | // Test the header hash (located at offset 0xA0).
1016 | if (!crypto(hash_mode, crypto_mode, (npd->version == 4), header, tmp, 0xA0, header_key, header_iv, key, hash_result))
1017 | printf("WARNING: Header hash is invalid!\n");
1018 |
1019 | // Parse the metadata info.
1020 | int metadata_section_size = 0x10;
1021 | if (((sdat->flags & SDAT_COMPRESSED_FLAG) != 0)) {
1022 | printf("COMPRESSED data detected!\n");
1023 | metadata_section_size = 0x20;
1024 | }
1025 | int block_num = (int) ((sdat->file_size + sdat->block_size - 11) / sdat->block_size);
1026 | int bytes_read = 0;
1027 | int metadata_offset = 0x100;
1028 |
1029 | long bytes_to_read = metadata_section_size * block_num;
1030 | while (bytes_to_read > 0) {
1031 | // Locate the metadata blocks.
1032 | int block_size = (0x3C00 > bytes_to_read) ? (int) bytes_to_read : 0x3C00; // 0x3C00 is the maximum block size.
1033 | fseek(f, metadata_offset + bytes_read, SEEK_SET);
1034 | unsigned char *data = new unsigned char[block_size];
1035 |
1036 | // Read in the metadata.
1037 | tmp = new unsigned char[block_size];
1038 | fread(data, block_size, 1, f);
1039 |
1040 | // Check the generated hash against the metadata hash located at offset 0x90 in the header.
1041 | memset(hash_result, 0, 0x10);
1042 | fseek(f, 0x90, SEEK_SET);
1043 | fread(hash_result, 0x10, 1, f);
1044 |
1045 | // Generate the hash for this block.
1046 | if (!crypto(hash_mode, crypto_mode, (npd->version == 4), data, tmp, block_size, header_key, header_iv, key, hash_result))
1047 | printf("WARNING: Metadata hash from block 0x%08x is invalid!\n", metadata_offset + bytes_read);
1048 |
1049 | // Adjust sizes.
1050 | bytes_read += block_size;
1051 | bytes_to_read -= block_size;
1052 |
1053 | delete[] data;
1054 | }
1055 |
1056 | // Cleanup.
1057 | delete[] header;
1058 | delete[] tmp;
1059 | delete[] hash_result;
1060 |
1061 | return 0;
1062 | }
1063 |
1064 | void sdata_extract(FILE *input, FILE *output)
1065 | {
1066 | // Setup NPD and SDAT structs.
1067 | NPD_HEADER *NPD = new NPD_HEADER();
1068 | SDAT_HEADER *SDAT = new SDAT_HEADER();
1069 |
1070 | // Read in the NPD and SDAT headers.
1071 | char npd_header[0x80];
1072 | char sdat_header[0x10];
1073 | fread(npd_header, sizeof(npd_header), 1, input);
1074 | fread(sdat_header, sizeof(sdat_header), 1, input);
1075 |
1076 | memcpy(NPD->magic, npd_header, 4);
1077 | NPD->version = se32(*(int*)&npd_header[4]);
1078 | NPD->license = se32(*(int*)&npd_header[8]);
1079 | NPD->type = se32(*(int*)&npd_header[12]);
1080 | memcpy(NPD->content_id, (unsigned char*)&npd_header[16], 0x30);
1081 | memcpy(NPD->digest, (unsigned char*)&npd_header[64], 0x10);
1082 | memcpy(NPD->title_hash, (unsigned char*)&npd_header[80], 0x10);
1083 | memcpy(NPD->dev_hash, (unsigned char*)&npd_header[96], 0x10);
1084 | NPD->unk1 = se64(*(u64*)&npd_header[112]);
1085 | NPD->unk2 = se64(*(u64*)&npd_header[120]);
1086 |
1087 | unsigned char npd_magic[4] = {0x4E, 0x50, 0x44, 0x00}; //NPD0
1088 | if(memcmp(NPD->magic, npd_magic, 4)) {
1089 | printf("ERROR: File has invalid NPD header.");
1090 | return;
1091 | }
1092 |
1093 | SDAT->flags = se32(*(int*)&sdat_header[0]);
1094 | SDAT->block_size = se32(*(int*)&sdat_header[4]);
1095 | SDAT->file_size = se64(*(u64*)&sdat_header[8]);
1096 |
1097 | if(!(SDAT->flags & SDAT_FLAG)) {
1098 | printf("ERROR: File is not SDAT.");
1099 | return;
1100 | }
1101 |
1102 | printf("NPD HEADER\n");
1103 | printf("NPD version: %d\n", NPD->version);
1104 | printf("NPD license: %d\n", NPD->license);
1105 | printf("NPD type: %d\n", NPD->type);
1106 | printf("\n");
1107 | printf("SDAT HEADER\n");
1108 | printf("SDAT flags: 0x%08X\n", SDAT->flags);
1109 | printf("SDAT block size: 0x%08X\n", SDAT->block_size);
1110 | printf("SDAT file size: 0x%08X\n", SDAT->file_size);
1111 | printf("\n");
1112 |
1113 | // Generate decryption key.
1114 | unsigned char *key = new unsigned char[0x10];
1115 | xor(key, NPD->dev_hash, SDAT_KEY, 0x10);
1116 |
1117 | int i;
1118 | printf("DECRYPTION KEY: ");
1119 | for(i = 0; i < 0x10; i++)
1120 | printf("%02X", key[i]);
1121 | printf("\n\n");
1122 |
1123 | printf("Parsing SDATA...\n");
1124 | if (sdata_check(key, SDAT, NPD, input))
1125 | printf("SDATA parsing failed!\n");
1126 |
1127 | printf("\n");
1128 |
1129 | printf("Decrypting SDATA...\n");
1130 | if (sdata_decrypt(input, output, SDAT, NPD, key))
1131 | printf("SDATA decryption failed!");
1132 | else
1133 | printf("File successfully decrypted!");
1134 |
1135 | delete[] key;
1136 | delete NPD;
1137 | delete SDAT;
1138 | }
1139 |
1140 | int main(int argc, char **argv)
1141 | {
1142 | if (argc <= 1){
1143 | printf("Usage: sdata-tool