aboutsummaryrefslogtreecommitdiff
path: root/src/daemon/https/lgl
diff options
context:
space:
mode:
Diffstat (limited to 'src/daemon/https/lgl')
-rw-r--r--src/daemon/https/lgl/Makefile.am11
-rw-r--r--src/daemon/https/lgl/gc-libgcrypt.c40
-rw-r--r--src/daemon/https/lgl/gc-pbkdf2-sha1.c185
-rw-r--r--src/daemon/https/lgl/gc.h140
-rw-r--r--src/daemon/https/lgl/hmac-md5.c81
-rw-r--r--src/daemon/https/lgl/hmac-sha1.c81
-rw-r--r--src/daemon/https/lgl/hmac.h41
-rw-r--r--src/daemon/https/lgl/md5.c453
-rw-r--r--src/daemon/https/lgl/md5.h128
-rw-r--r--src/daemon/https/lgl/memxor.c35
-rw-r--r--src/daemon/https/lgl/memxor.h31
-rw-r--r--src/daemon/https/lgl/rijndael-alg-fst.c1093
-rw-r--r--src/daemon/https/lgl/rijndael-alg-fst.h67
-rw-r--r--src/daemon/https/lgl/rijndael-api-fst.c519
-rw-r--r--src/daemon/https/lgl/rijndael-api-fst.h207
-rw-r--r--src/daemon/https/lgl/sha1.c419
-rw-r--r--src/daemon/https/lgl/sha1.h87
-rw-r--r--src/daemon/https/lgl/strverscmp.c130
-rw-r--r--src/daemon/https/lgl/strverscmp.h24
19 files changed, 1 insertions, 3771 deletions
diff --git a/src/daemon/https/lgl/Makefile.am b/src/daemon/https/lgl/Makefile.am
index bf0faf11..7db09d80 100644
--- a/src/daemon/https/lgl/Makefile.am
+++ b/src/daemon/https/lgl/Makefile.am
@@ -9,15 +9,6 @@ noinst_LTLIBRARIES = liblgl.la
9 9
10liblgl_la_LDFLAGS = -lgcrypt 10liblgl_la_LDFLAGS = -lgcrypt
11liblgl_la_SOURCES = \ 11liblgl_la_SOURCES = \
12 sha1.c sha1.h \
13 gc-libgcrypt.c \ 12 gc-libgcrypt.c \
14 rijndael-api-fst.c rijndael-api-fst.h \ 13 gc.h
15 gc-pbkdf2-sha1.c gc.h \
16 rijndael-alg-fst.c rijndael-alg-fst.h \
17 hmac-md5.c hmac.h \
18 hmac-sha1.c \
19 memxor.c memxor.h\
20 strverscmp.c strverscmp.h \
21 md5.c md5.h
22
23 14
diff --git a/src/daemon/https/lgl/gc-libgcrypt.c b/src/daemon/https/lgl/gc-libgcrypt.c
index 3653f0fc..2247e18d 100644
--- a/src/daemon/https/lgl/gc-libgcrypt.c
+++ b/src/daemon/https/lgl/gc-libgcrypt.c
@@ -416,43 +416,3 @@ MHD_gc_hash_close (MHD_gc_hash_handle handle)
416 free (ctx); 416 free (ctx);
417} 417}
418 418
419#ifdef GNULIB_GC_HMAC_SHA1
420Gc_rc
421MHD_gc_MHD_hmac_sha1 (const void *key,
422 size_t keylen, const void *in, size_t inlen,
423 char *resbuf)
424{
425 size_t hlen = gcry_md_get_algo_dlen (GCRY_MD_SHA1);
426 gcry_md_hd_t mdh;
427 unsigned char *hash;
428 gpg_error_t err;
429
430 assert (hlen == GC_SHA1_DIGEST_SIZE);
431
432 err = gcry_md_open (&mdh, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
433 if (err != GPG_ERR_NO_ERROR)
434 return GC_INVALID_HASH;
435
436 err = gcry_md_setkey (mdh, key, keylen);
437 if (err != GPG_ERR_NO_ERROR)
438 {
439 gcry_md_close (mdh);
440 return GC_INVALID_HASH;
441 }
442
443 gcry_md_write (mdh, in, inlen);
444
445 hash = gcry_md_read (mdh, GCRY_MD_SHA1);
446 if (hash == NULL)
447 {
448 gcry_md_close (mdh);
449 return GC_INVALID_HASH;
450 }
451
452 memcpy (resbuf, hash, hlen);
453
454 gcry_md_close (mdh);
455
456 return GC_OK;
457}
458#endif
diff --git a/src/daemon/https/lgl/gc-pbkdf2-sha1.c b/src/daemon/https/lgl/gc-pbkdf2-sha1.c
deleted file mode 100644
index f58ba491..00000000
--- a/src/daemon/https/lgl/gc-pbkdf2-sha1.c
+++ /dev/null
@@ -1,185 +0,0 @@
1/* gc-pbkdf2-sha1.c --- Password-Based Key Derivation Function a'la PKCS#5
2 Copyright (C) 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU Lesser General Public License as published by
6 the Free Software Foundation; either version 2.1, or (at your option)
7 any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU Lesser General Public License for more details.
13
14 You should have received a copy of the GNU Lesser General Public License
15 along with this program; if not, write to the Free Software Foundation,
16 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
17
18/* Written by Simon Josefsson. The comments in this file are taken
19 from RFC 2898. */
20
21#include "MHD_config.h"
22
23#include "gc.h"
24
25#include <stdlib.h>
26#include <string.h>
27
28/*
29 * 5.2 PBKDF2
30 *
31 * PBKDF2 applies a pseudorandom function (see Appendix B.1 for an
32 * example) to derive keys. The length of the derived key is essentially
33 * unbounded. (However, the maximum effective search space for the
34 * derived key may be limited by the structure of the underlying
35 * pseudorandom function. See Appendix B.1 for further discussion.)
36 * PBKDF2 is recommended for new applications.
37 *
38 * PBKDF2 (P, S, c, dkLen)
39 *
40 * Options: PRF underlying pseudorandom function (hLen
41 * denotes the length in octets of the
42 * pseudorandom function output)
43 *
44 * Input: P password, an octet string (ASCII or UTF-8)
45 * S salt, an octet string
46 * c iteration count, a positive integer
47 * dkLen intended length in octets of the derived
48 * key, a positive integer, at most
49 * (2^32 - 1) * hLen
50 *
51 * Output: DK derived key, a dkLen-octet string
52 */
53
54Gc_rc
55MHD_gc_pbkdf2_sha1 (const char *P, size_t Plen,
56 const char *S, size_t Slen,
57 unsigned int c, char *DK, size_t dkLen)
58{
59 unsigned int hLen = 20;
60 char U[20];
61 char T[20];
62 unsigned int u;
63 unsigned int l;
64 unsigned int r;
65 unsigned int i;
66 unsigned int k;
67 int rc;
68 char *tmp;
69 size_t tmplen = Slen + 4;
70
71 if (c == 0)
72 return GC_PKCS5_INVALID_ITERATION_COUNT;
73
74 if (dkLen == 0)
75 return GC_PKCS5_INVALID_DERIVED_KEY_LENGTH;
76
77 /*
78 *
79 * Steps:
80 *
81 * 1. If dkLen > (2^32 - 1) * hLen, output "derived key too long" and
82 * stop.
83 */
84
85 if (dkLen > 4294967295U)
86 return GC_PKCS5_DERIVED_KEY_TOO_LONG;
87
88 /*
89 * 2. Let l be the number of hLen-octet blocks in the derived key,
90 * rounding up, and let r be the number of octets in the last
91 * block:
92 *
93 * l = CEIL (dkLen / hLen) ,
94 * r = dkLen - (l - 1) * hLen .
95 *
96 * Here, CEIL (x) is the "ceiling" function, i.e. the smallest
97 * integer greater than, or equal to, x.
98 */
99
100 l = ((dkLen - 1) / hLen) + 1;
101 r = dkLen - (l - 1) * hLen;
102
103 /*
104 * 3. For each block of the derived key apply the function F defined
105 * below to the password P, the salt S, the iteration count c, and
106 * the block index to compute the block:
107 *
108 * T_1 = F (P, S, c, 1) ,
109 * T_2 = F (P, S, c, 2) ,
110 * ...
111 * T_l = F (P, S, c, l) ,
112 *
113 * where the function F is defined as the exclusive-or sum of the
114 * first c iterates of the underlying pseudorandom function PRF
115 * applied to the password P and the concatenation of the salt S
116 * and the block index i:
117 *
118 * F (P, S, c, i) = U_1 \xor U_2 \xor ... \xor U_c
119 *
120 * where
121 *
122 * U_1 = PRF (P, S || INT (i)) ,
123 * U_2 = PRF (P, U_1) ,
124 * ...
125 * U_c = PRF (P, U_{c-1}) .
126 *
127 * Here, INT (i) is a four-octet encoding of the integer i, most
128 * significant octet first.
129 *
130 * 4. Concatenate the blocks and extract the first dkLen octets to
131 * produce a derived key DK:
132 *
133 * DK = T_1 || T_2 || ... || T_l<0..r-1>
134 *
135 * 5. Output the derived key DK.
136 *
137 * Note. The construction of the function F follows a "belt-and-
138 * suspenders" approach. The iterates U_i are computed recursively to
139 * remove a degree of parallelism from an opponent; they are exclusive-
140 * ored together to reduce concerns about the recursion degenerating
141 * into a small set of values.
142 *
143 */
144
145 tmp = malloc (tmplen);
146 if (tmp == NULL)
147 return GC_MALLOC_ERROR;
148
149 memcpy (tmp, S, Slen);
150
151 for (i = 1; i <= l; i++)
152 {
153 memset (T, 0, hLen);
154
155 for (u = 1; u <= c; u++)
156 {
157 if (u == 1)
158 {
159 tmp[Slen + 0] = (i & 0xff000000) >> 24;
160 tmp[Slen + 1] = (i & 0x00ff0000) >> 16;
161 tmp[Slen + 2] = (i & 0x0000ff00) >> 8;
162 tmp[Slen + 3] = (i & 0x000000ff) >> 0;
163
164 rc = MHD_gc_MHD_hmac_sha1 (P, Plen, tmp, tmplen, U);
165 }
166 else
167 rc = MHD_gc_MHD_hmac_sha1 (P, Plen, U, hLen, U);
168
169 if (rc != GC_OK)
170 {
171 free (tmp);
172 return rc;
173 }
174
175 for (k = 0; k < hLen; k++)
176 T[k] ^= U[k];
177 }
178
179 memcpy (DK + (i - 1) * hLen, T, i == l ? r : hLen);
180 }
181
182 free (tmp);
183
184 return GC_OK;
185}
diff --git a/src/daemon/https/lgl/gc.h b/src/daemon/https/lgl/gc.h
index dc873a54..30c4e45b 100644
--- a/src/daemon/https/lgl/gc.h
+++ b/src/daemon/https/lgl/gc.h
@@ -169,144 +169,4 @@ Gc_rc MHD_gc_pbkdf2_sha1 (const char *P,
169 size_t Slen, unsigned int c, char *DK, 169 size_t Slen, unsigned int c, char *DK,
170 size_t dkLen); 170 size_t dkLen);
171 171
172/*
173 TODO:
174
175 From: Simon Josefsson <jas@extundo.com>
176 Subject: Re: generic crypto
177 Newsgroups: gmane.comp.lib.gnulib.bugs
178 Cc: bug-gnulib@gnu.org
179 Date: Fri, 07 Oct 2005 12:50:57 +0200
180 Mail-Copies-To: nobody
181
182 Paul Eggert <eggert@CS.UCLA.EDU> writes:
183
184 > Simon Josefsson <jas@extundo.com> writes:
185 >
186 >> * Perhaps the /dev/?random reading should be separated into a separate
187 >> module? It might be useful outside of the gc layer too.
188 >
189 > Absolutely. I've been meaning to do that for months (for a "shuffle"
190 > program I want to add to coreutils), but hadn't gotten around to it.
191 > It would have to be generalized a bit. I'd like to have the file
192 > descriptor cached, for example.
193
194 I'll write a separate module for that part.
195
196 I think we should even add a good PRNG that is re-seeded from
197 /dev/?random frequently. GnuTLS can need a lot of random data on a
198 big server, more than /dev/random can supply. And /dev/urandom might
199 not be strong enough. Further, the security of /dev/?random can also
200 be questionable.
201
202 >> I'm also not sure about the names of those functions, they suggest
203 >> a more higher-level API than what is really offered (i.e., the
204 >> names "nonce" and "pseudo_random" and "random" imply certain
205 >> cryptographic properties).
206 >
207 > Could you expand a bit more on that? What is the relationship between
208 > nonce/pseudorandom/random and the /dev/ values you are using?
209
210 There is none, that is the problem.
211
212 Applications generally need different kind of "random" numbers.
213 Sometimes they just need some random data and doesn't care whether it
214 is possible for an attacker to compute the string (aka a "nonce").
215 Sometimes they need data that is very difficult to compute (i.e.,
216 computing it require inverting SHA1 or similar). Sometimes they need
217 data that is not possible to compute, i.e., it wants real entropy
218 collected over time on the system. Collecting the last kind of random
219 data is very expensive, so it must not be used too often. The second
220 kind of random data ("pseudo random") is typically generated by
221 seeding a good PRNG with a couple of hundred bytes of real entropy
222 from the "real random" data pool. The "nonce" is usually computed
223 using the PRNG as well, because PRNGs are usually fast.
224
225 Pseudo-random data is typically used for session keys. Strong random
226 data is often used to generate long-term keys (e.g., private RSA
227 keys).
228
229 Of course, there are many subtleties. There are several different
230 kind of nonce:s. Sometimes a nonce is just an ever-increasing
231 integer, starting from 0. Sometimes it is assumed to be unlikely to
232 be the same as previous nonces, but without a requirement that the
233 nonce is possible to guess. MD5(system clock) would thus suffice, if
234 it isn't called too often. You can guess what the next value will be,
235 but it will always be different.
236
237 The problem is that /dev/?random doesn't offer any kind of semantic
238 guarantees. But applications need an API that make that promise.
239
240 I think we should do this in several steps:
241
242 1) Write a module that can read from /dev/?random.
243
244 2) Add a module for a known-good PRNG suitable for random number
245 generation, that can be continuously re-seeded.
246
247 3) Add a high-level module that provide various different randomness
248 functions. One for nonces, perhaps even different kind of nonces,
249 one for pseudo random data, and one for strong random data. It is
250 not clear whether we can hope to achieve the last one in a portable
251 way.
252
253 Further, it would be useful to allow users to provide their own
254 entropy source as a file, used to seed the PRNG or initialize the
255 strong randomness pool. This is used on embedded platforms that
256 doesn't have enough interrupts to hope to generate good random data.
257
258 > For example, why not use OpenBSD's /dev/arandom?
259
260 I don't trust ARC4. For example, recent cryptographic efforts
261 indicate that you must throw away the first 512 bytes generated from
262 the PRNG for it to be secure. I don't know whether OpenBSD do this.
263 Further, I recall some eprint paper on RC4 security that didn't
264 inspire confidence.
265
266 While I trust the random devices in OpenBSD more than
267 Solaris/AIX/HPUX/etc, I think that since we need something better on
268 Solaris/AIX/HPUX we'd might as well use it on OpenBSD or even Linux
269 too.
270
271 > Here is one thought. The user could specify a desired quality level
272 > range, and the implementation then would supply random data that is at
273 > least as good as the lower bound of the range. I.e., ihe
274 > implementation refuses to produce any random data if it can't generate
275 > data that is at least as good as the lower end of the range. The
276 > upper bound of the range is advice from the user not to be any more
277 > expensive than that, but the implementation can ignore the advice if
278 > it doesn't have anything cheaper.
279
280 I'm not sure this is a good idea. Users can't really be expected to
281 understand this. Further, applications need many different kind of
282 random data. Selecting the randomness level for each by the user will
283 be too complicated.
284
285 I think it is better if the application decide, from its cryptographic
286 requirement, what entropy quality it require, and call the proper API.
287 Meeting the implied semantic properties should be the job for gnulib.
288
289 >> Perhaps MHD_gc_dev_random and MHD_gc_dev_urandom?
290 >
291 > To some extent. I'd rather insulate the user from the details of
292 > where the random numbers come from. On the other hand we need to
293 > provide a way for applications to specify a file that contains
294 > random bits, so that people can override the defaults.
295
296 Agreed.
297
298 This may require some thinking before it is finalized. Is it ok to
299 install the GC module as-is meanwhile? Then I can continue to add the
300 stuff that GnuTLS need, and then come back to re-working the
301 randomness module. That way, we have two different projects that use
302 the code. GnuTLS includes the same randomness code that was in GNU
303 SASL and that is in the current gc module. I feel much more
304 comfortable working in small steps at a time, rather then working on
305 this for a long time in gnulib and only later integrate the stuff in
306 GnuTLS.
307
308 Thanks,
309 Simon
310 */
311
312#endif /* GC_H */ 172#endif /* GC_H */
diff --git a/src/daemon/https/lgl/hmac-md5.c b/src/daemon/https/lgl/hmac-md5.c
deleted file mode 100644
index 1fd943f0..00000000
--- a/src/daemon/https/lgl/hmac-md5.c
+++ /dev/null
@@ -1,81 +0,0 @@
1/* hmac-md5.c -- hashed message authentication codes
2 Copyright (C) 2005, 2006 Free Software Foundation, Inc.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU Lesser General Public License as published by
6 the Free Software Foundation; either version 2.1, or (at your option)
7 any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU Lesser General Public License for more details.
13
14 You should have received a copy of the GNU Lesser General Public License
15 along with this program; if not, write to the Free Software Foundation,
16 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
17
18/* Written by Simon Josefsson. */
19
20#include "MHD_config.h"
21
22#include "hmac.h"
23
24#include "memxor.h"
25#include "md5.h"
26
27#include <string.h>
28
29#define IPAD 0x36
30#define OPAD 0x5c
31
32int
33MHD_hmac_md5 (const void *key, size_t keylen,
34 const void *in, size_t inlen, void *resbuf)
35{
36 struct MHD_md5_ctx inner;
37 struct MHD_md5_ctx outer;
38 char optkeybuf[16];
39 char block[64];
40 char innerhash[16];
41
42 /* Reduce the key's size, so that it becomes <= 64 bytes large. */
43
44 if (keylen > 64)
45 {
46 struct MHD_md5_ctx keyhash;
47
48 MHD_md5_init_ctx (&keyhash);
49 MHD_md5_process_bytes (key, keylen, &keyhash);
50 MHD_md5_finish_ctx (&keyhash, optkeybuf);
51
52 key = optkeybuf;
53 keylen = 16;
54 }
55
56 /* Compute INNERHASH from KEY and IN. */
57
58 MHD_md5_init_ctx (&inner);
59
60 memset (block, IPAD, sizeof (block));
61 MHD_memxor (block, key, keylen);
62
63 MHD_md5_process_block (block, 64, &inner);
64 MHD_md5_process_bytes (in, inlen, &inner);
65
66 MHD_md5_finish_ctx (&inner, innerhash);
67
68 /* Compute result from KEY and INNERHASH. */
69
70 MHD_md5_init_ctx (&outer);
71
72 memset (block, OPAD, sizeof (block));
73 MHD_memxor (block, key, keylen);
74
75 MHD_md5_process_block (block, 64, &outer);
76 MHD_md5_process_bytes (innerhash, 16, &outer);
77
78 MHD_md5_finish_ctx (&outer, resbuf);
79
80 return 0;
81}
diff --git a/src/daemon/https/lgl/hmac-sha1.c b/src/daemon/https/lgl/hmac-sha1.c
deleted file mode 100644
index 4d2e4f37..00000000
--- a/src/daemon/https/lgl/hmac-sha1.c
+++ /dev/null
@@ -1,81 +0,0 @@
1/* hmac-sha1.c -- hashed message authentication codes
2 Copyright (C) 2005, 2006 Free Software Foundation, Inc.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU Lesser General Public License as published by
6 the Free Software Foundation; either version 2.1, or (at your option)
7 any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU Lesser General Public License for more details.
13
14 You should have received a copy of the GNU Lesser General Public License
15 along with this program; if not, write to the Free Software Foundation,
16 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
17
18/* Written by Simon Josefsson. */
19
20#include "MHD_config.h"
21
22#include "hmac.h"
23
24#include "memxor.h"
25#include "sha1.h"
26
27#include <string.h>
28
29#define IPAD 0x36
30#define OPAD 0x5c
31
32int
33MHD_hmac_sha1 (const void *key, size_t keylen,
34 const void *in, size_t inlen, void *resbuf)
35{
36 struct MHD_sha1_ctx inner;
37 struct MHD_sha1_ctx outer;
38 char optkeybuf[20];
39 char block[64];
40 char innerhash[20];
41
42 /* Reduce the key's size, so that it becomes <= 64 bytes large. */
43
44 if (keylen > 64)
45 {
46 struct MHD_sha1_ctx keyhash;
47
48 MHD_sha1_init_ctx (&keyhash);
49 MHD_sha1_process_bytes (key, keylen, &keyhash);
50 MHD_sha1_finish_ctx (&keyhash, optkeybuf);
51
52 key = optkeybuf;
53 keylen = 20;
54 }
55
56 /* Compute INNERHASH from KEY and IN. */
57
58 MHD_sha1_init_ctx (&inner);
59
60 memset (block, IPAD, sizeof (block));
61 MHD_memxor (block, key, keylen);
62
63 MHD_sha1_process_block (block, 64, &inner);
64 MHD_sha1_process_bytes (in, inlen, &inner);
65
66 MHD_sha1_finish_ctx (&inner, innerhash);
67
68 /* Compute result from KEY and INNERHASH. */
69
70 MHD_sha1_init_ctx (&outer);
71
72 memset (block, OPAD, sizeof (block));
73 MHD_memxor (block, key, keylen);
74
75 MHD_sha1_process_block (block, 64, &outer);
76 MHD_sha1_process_bytes (innerhash, 20, &outer);
77
78 MHD_sha1_finish_ctx (&outer, resbuf);
79
80 return 0;
81}
diff --git a/src/daemon/https/lgl/hmac.h b/src/daemon/https/lgl/hmac.h
deleted file mode 100644
index c4791504..00000000
--- a/src/daemon/https/lgl/hmac.h
+++ /dev/null
@@ -1,41 +0,0 @@
1/* hmac.h -- hashed message authentication codes
2 Copyright (C) 2005 Free Software Foundation, Inc.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU Lesser General Public License as published by
6 the Free Software Foundation; either version 2.1, or (at your option)
7 any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU Lesser General Public License for more details.
13
14 You should have received a copy of the GNU Lesser General Public License
15 along with this program; if not, write to the Free Software Foundation,
16 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
17
18/* Written by Simon Josefsson. */
19
20#ifndef HMAC_H
21# define HMAC_H 1
22
23#include <stddef.h>
24
25/* Compute Hashed Message Authentication Code with MD5, as described
26 in RFC 2104, over BUFFER data of BUFLEN bytes using the KEY of
27 KEYLEN bytes, writing the output to pre-allocated 16 byte minimum
28 RESBUF buffer. Return 0 on success. */
29int
30MHD_hmac_md5 (const void *key, size_t keylen,
31 const void *buffer, size_t buflen, void *resbuf);
32
33/* Compute Hashed Message Authentication Code with SHA-1, over BUFFER
34 data of BUFLEN bytes using the KEY of KEYLEN bytes, writing the
35 output to pre-allocated 20 byte minimum RESBUF buffer. Return 0 on
36 success. */
37int
38MHD_hmac_sha1 (const void *key, size_t keylen,
39 const void *in, size_t inlen, void *resbuf);
40
41#endif /* HMAC_H */
diff --git a/src/daemon/https/lgl/md5.c b/src/daemon/https/lgl/md5.c
deleted file mode 100644
index 8cca27f5..00000000
--- a/src/daemon/https/lgl/md5.c
+++ /dev/null
@@ -1,453 +0,0 @@
1/* Functions to compute MD5 message digest of files or memory blocks.
2 according to the definition of MD5 in RFC 1321 from April 1992.
3 Copyright (C) 1995,1996,1997,1999,2000,2001,2005,2006
4 Free Software Foundation, Inc.
5 This file is part of the GNU C Library.
6
7 This program is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by the
9 Free Software Foundation; either version 2.1, or (at your option) any
10 later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU Lesser General Public License for more details.
16
17 You should have received a copy of the GNU Lesser General Public License
18 along with this program; if not, write to the Free Software Foundation,
19 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
20
21/* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995. */
22
23#include "MHD_config.h"
24
25#include "md5.h"
26
27#include <stddef.h>
28#include <stdlib.h>
29#include <string.h>
30#include <sys/types.h>
31
32#if USE_UNLOCKED_IO
33# include "unlocked-io.h"
34#endif
35
36#ifdef _LIBC
37# include <endian.h>
38# if __BYTE_ORDER == __BIG_ENDIAN
39# define WORDS_BIGENDIAN 1
40# endif
41/* We need to keep the namespace clean so define the MD5 function
42 protected using leading __ . */
43# define MHD_md5_init_ctx __MHD_md5_init_ctx
44# define MHD_md5_process_block __MHD_md5_process_block
45# define MHD_md5_process_bytes __MHD_md5_process_bytes
46# define MHD_md5_finish_ctx __MHD_md5_finish_ctx
47# define MHD_md5_read_ctx __MHD_md5_read_ctx
48# define MHD_md5_stream __MHD_md5_stream
49# define MHD_md5_buffer __MHD_md5_buffer
50#endif
51
52#ifdef WORDS_BIGENDIAN
53# define SWAP(n) \
54 (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
55#else
56# define SWAP(n) (n)
57#endif
58
59#define BLOCKSIZE 4096
60#if BLOCKSIZE % 64 != 0
61# error "invalid BLOCKSIZE"
62#endif
63
64/* This array contains the bytes used to pad the buffer to the next
65 64-byte boundary. (RFC 1321, 3.1: Step 1) */
66static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
67
68
69/* Initialize structure containing state of computation.
70 (RFC 1321, 3.3: Step 3) */
71void
72MHD_md5_init_ctx (struct MHD_md5_ctx *ctx)
73{
74 ctx->A = 0x67452301;
75 ctx->B = 0xefcdab89;
76 ctx->C = 0x98badcfe;
77 ctx->D = 0x10325476;
78
79 ctx->total[0] = ctx->total[1] = 0;
80 ctx->buflen = 0;
81}
82
83/* Put result from CTX in first 16 bytes following RESBUF. The result
84 must be in little endian byte order.
85
86 IMPORTANT: On some systems it is required that RESBUF is correctly
87 aligned for a 32-bit value. */
88void *
89MHD_md5_read_ctx (const struct MHD_md5_ctx *ctx, void *resbuf)
90{
91 ((uint32_t *) resbuf)[0] = SWAP (ctx->A);
92 ((uint32_t *) resbuf)[1] = SWAP (ctx->B);
93 ((uint32_t *) resbuf)[2] = SWAP (ctx->C);
94 ((uint32_t *) resbuf)[3] = SWAP (ctx->D);
95
96 return resbuf;
97}
98
99/* Process the remaining bytes in the internal buffer and the usual
100 prolog according to the standard and write the result to RESBUF.
101
102 IMPORTANT: On some systems it is required that RESBUF is correctly
103 aligned for a 32-bit value. */
104void *
105MHD_md5_finish_ctx (struct MHD_md5_ctx *ctx, void *resbuf)
106{
107 /* Take yet unprocessed bytes into account. */
108 uint32_t bytes = ctx->buflen;
109 size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4;
110
111 /* Now count remaining bytes. */
112 ctx->total[0] += bytes;
113 if (ctx->total[0] < bytes)
114 ++ctx->total[1];
115
116 /* Put the 64-bit file length in *bits* at the end of the buffer. */
117 ctx->buffer[size - 2] = SWAP (ctx->total[0] << 3);
118 ctx->buffer[size - 1] = SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29));
119
120 memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes);
121
122 /* Process last bytes. */
123 MHD_md5_process_block (ctx->buffer, size * 4, ctx);
124
125 return MHD_md5_read_ctx (ctx, resbuf);
126}
127
128/* Compute MD5 message digest for bytes read from STREAM. The
129 resulting message digest number will be written into the 16 bytes
130 beginning at RESBLOCK. */
131int
132MHD_md5_stream (FILE * stream, void *resblock)
133{
134 struct MHD_md5_ctx ctx;
135 char buffer[BLOCKSIZE + 72];
136 size_t sum;
137
138 /* Initialize the computation context. */
139 MHD_md5_init_ctx (&ctx);
140
141 /* Iterate over full file contents. */
142 while (1)
143 {
144 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
145 computation function processes the whole buffer so that with the
146 next round of the loop another block can be read. */
147 size_t n;
148 sum = 0;
149
150 /* Read block. Take care for partial reads. */
151 while (1)
152 {
153 n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
154
155 sum += n;
156
157 if (sum == BLOCKSIZE)
158 break;
159
160 if (n == 0)
161 {
162 /* Check for the error flag IFF N == 0, so that we don't
163 exit the loop after a partial read due to e.g., EAGAIN
164 or EWOULDBLOCK. */
165 if (ferror (stream))
166 return 1;
167 goto process_partial_block;
168 }
169
170 /* We've read at least one byte, so ignore errors. But always
171 check for EOF, since feof may be true even though N > 0.
172 Otherwise, we could end up calling fread after EOF. */
173 if (feof (stream))
174 goto process_partial_block;
175 }
176
177 /* Process buffer with BLOCKSIZE bytes. Note that
178 BLOCKSIZE % 64 == 0
179 */
180 MHD_md5_process_block (buffer, BLOCKSIZE, &ctx);
181 }
182
183process_partial_block:
184
185 /* Process any remaining bytes. */
186 if (sum > 0)
187 MHD_md5_process_bytes (buffer, sum, &ctx);
188
189 /* Construct result in desired memory. */
190 MHD_md5_finish_ctx (&ctx, resblock);
191 return 0;
192}
193
194/* Compute MD5 message digest for LEN bytes beginning at BUFFER. The
195 result is always in little endian byte order, so that a byte-wise
196 output yields to the wanted ASCII representation of the message
197 digest. */
198void *
199MHD_md5_buffer (const char *buffer, size_t len, void *resblock)
200{
201 struct MHD_md5_ctx ctx;
202
203 /* Initialize the computation context. */
204 MHD_md5_init_ctx (&ctx);
205
206 /* Process whole buffer but last len % 64 bytes. */
207 MHD_md5_process_bytes (buffer, len, &ctx);
208
209 /* Put result in desired memory area. */
210 return MHD_md5_finish_ctx (&ctx, resblock);
211}
212
213
214void
215MHD_md5_process_bytes (const void *buffer, size_t len,
216 struct MHD_md5_ctx *ctx)
217{
218 /* When we already have some bits in our internal buffer concatenate
219 both inputs first. */
220 if (ctx->buflen != 0)
221 {
222 size_t left_over = ctx->buflen;
223 size_t add = 128 - left_over > len ? len : 128 - left_over;
224
225 memcpy (&((char *) ctx->buffer)[left_over], buffer, add);
226 ctx->buflen += add;
227
228 if (ctx->buflen > 64)
229 {
230 MHD_md5_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
231
232 ctx->buflen &= 63;
233 /* The regions in the following copy operation cannot overlap. */
234 memcpy (ctx->buffer,
235 &((char *) ctx->buffer)[(left_over + add) & ~63],
236 ctx->buflen);
237 }
238
239 buffer = (const char *) buffer + add;
240 len -= add;
241 }
242
243 /* Process available complete blocks. */
244 if (len >= 64)
245 {
246#if !_STRING_ARCH_unaligned
247# define alignof(type) offsetof (struct { char c; type x; }, x)
248# define UNALIGNED_P(p) (((size_t) p) % alignof (uint32_t) != 0)
249 if (UNALIGNED_P (buffer))
250 while (len > 64)
251 {
252 MHD_md5_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx);
253 buffer = (const char *) buffer + 64;
254 len -= 64;
255 }
256 else
257#endif
258 {
259 MHD_md5_process_block (buffer, len & ~63, ctx);
260 buffer = (const char *) buffer + (len & ~63);
261 len &= 63;
262 }
263 }
264
265 /* Move remaining bytes in internal buffer. */
266 if (len > 0)
267 {
268 size_t left_over = ctx->buflen;
269
270 memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
271 left_over += len;
272 if (left_over >= 64)
273 {
274 MHD_md5_process_block (ctx->buffer, 64, ctx);
275 left_over -= 64;
276 memcpy (ctx->buffer, &ctx->buffer[16], left_over);
277 }
278 ctx->buflen = left_over;
279 }
280}
281
282
283/* These are the four functions used in the four steps of the MD5 algorithm
284 and defined in the RFC 1321. The first function is a little bit optimized
285 (as found in Colin Plumbs public domain implementation). */
286/* #define FF(b, c, d) ((b & c) | (~b & d)) */
287#define FF(b, c, d) (d ^ (b & (c ^ d)))
288#define FG(b, c, d) FF (d, b, c)
289#define FH(b, c, d) (b ^ c ^ d)
290#define FI(b, c, d) (c ^ (b | ~d))
291
292/* Process LEN bytes of BUFFER, accumulating context into CTX.
293 It is assumed that LEN % 64 == 0. */
294
295void
296MHD_md5_process_block (const void *buffer, size_t len,
297 struct MHD_md5_ctx *ctx)
298{
299 uint32_t correct_words[16];
300 const uint32_t *words = buffer;
301 size_t nwords = len / sizeof (uint32_t);
302 const uint32_t *endp = words + nwords;
303 uint32_t A = ctx->A;
304 uint32_t B = ctx->B;
305 uint32_t C = ctx->C;
306 uint32_t D = ctx->D;
307
308 /* First increment the byte count. RFC 1321 specifies the possible
309 length of the file up to 2^64 bits. Here we only compute the
310 number of bytes. Do a double word increment. */
311 ctx->total[0] += len;
312 if (ctx->total[0] < len)
313 ++ctx->total[1];
314
315 /* Process all bytes in the buffer with 64 bytes in each round of
316 the loop. */
317 while (words < endp)
318 {
319 uint32_t *cwp = correct_words;
320 uint32_t A_save = A;
321 uint32_t B_save = B;
322 uint32_t C_save = C;
323 uint32_t D_save = D;
324
325 /* First round: using the given function, the context and a constant
326 the next context is computed. Because the algorithms processing
327 unit is a 32-bit word and it is determined to work on words in
328 little endian byte order we perhaps have to change the byte order
329 before the computation. To reduce the work for the next steps
330 we store the swapped words in the array CORRECT_WORDS. */
331
332#define OP(a, b, c, d, s, T) \
333 do \
334 { \
335 a += FF (b, c, d) + (*cwp++ = SWAP (*words)) + T; \
336 ++words; \
337 CYCLIC (a, s); \
338 a += b; \
339 } \
340 while (0)
341
342 /* It is unfortunate that C does not provide an operator for
343 cyclic rotation. Hope the C compiler is smart enough. */
344#define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s)))
345
346 /* Before we start, one word to the strange constants.
347 They are defined in RFC 1321 as
348
349 T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64
350
351 Here is an equivalent invocation using Perl:
352
353 perl -e 'foreach(1..64){printf "0x%08x\n", int (4294967296 * abs (sin $_))}'
354 */
355
356 /* Round 1. */
357 OP (A, B, C, D, 7, 0xd76aa478);
358 OP (D, A, B, C, 12, 0xe8c7b756);
359 OP (C, D, A, B, 17, 0x242070db);
360 OP (B, C, D, A, 22, 0xc1bdceee);
361 OP (A, B, C, D, 7, 0xf57c0faf);
362 OP (D, A, B, C, 12, 0x4787c62a);
363 OP (C, D, A, B, 17, 0xa8304613);
364 OP (B, C, D, A, 22, 0xfd469501);
365 OP (A, B, C, D, 7, 0x698098d8);
366 OP (D, A, B, C, 12, 0x8b44f7af);
367 OP (C, D, A, B, 17, 0xffff5bb1);
368 OP (B, C, D, A, 22, 0x895cd7be);
369 OP (A, B, C, D, 7, 0x6b901122);
370 OP (D, A, B, C, 12, 0xfd987193);
371 OP (C, D, A, B, 17, 0xa679438e);
372 OP (B, C, D, A, 22, 0x49b40821);
373
374 /* For the second to fourth round we have the possibly swapped words
375 in CORRECT_WORDS. Redefine the macro to take an additional first
376 argument specifying the function to use. */
377#undef OP
378#define OP(f, a, b, c, d, k, s, T) \
379 do \
380 { \
381 a += f (b, c, d) + correct_words[k] + T; \
382 CYCLIC (a, s); \
383 a += b; \
384 } \
385 while (0)
386
387 /* Round 2. */
388 OP (FG, A, B, C, D, 1, 5, 0xf61e2562);
389 OP (FG, D, A, B, C, 6, 9, 0xc040b340);
390 OP (FG, C, D, A, B, 11, 14, 0x265e5a51);
391 OP (FG, B, C, D, A, 0, 20, 0xe9b6c7aa);
392 OP (FG, A, B, C, D, 5, 5, 0xd62f105d);
393 OP (FG, D, A, B, C, 10, 9, 0x02441453);
394 OP (FG, C, D, A, B, 15, 14, 0xd8a1e681);
395 OP (FG, B, C, D, A, 4, 20, 0xe7d3fbc8);
396 OP (FG, A, B, C, D, 9, 5, 0x21e1cde6);
397 OP (FG, D, A, B, C, 14, 9, 0xc33707d6);
398 OP (FG, C, D, A, B, 3, 14, 0xf4d50d87);
399 OP (FG, B, C, D, A, 8, 20, 0x455a14ed);
400 OP (FG, A, B, C, D, 13, 5, 0xa9e3e905);
401 OP (FG, D, A, B, C, 2, 9, 0xfcefa3f8);
402 OP (FG, C, D, A, B, 7, 14, 0x676f02d9);
403 OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a);
404
405 /* Round 3. */
406 OP (FH, A, B, C, D, 5, 4, 0xfffa3942);
407 OP (FH, D, A, B, C, 8, 11, 0x8771f681);
408 OP (FH, C, D, A, B, 11, 16, 0x6d9d6122);
409 OP (FH, B, C, D, A, 14, 23, 0xfde5380c);
410 OP (FH, A, B, C, D, 1, 4, 0xa4beea44);
411 OP (FH, D, A, B, C, 4, 11, 0x4bdecfa9);
412 OP (FH, C, D, A, B, 7, 16, 0xf6bb4b60);
413 OP (FH, B, C, D, A, 10, 23, 0xbebfbc70);
414 OP (FH, A, B, C, D, 13, 4, 0x289b7ec6);
415 OP (FH, D, A, B, C, 0, 11, 0xeaa127fa);
416 OP (FH, C, D, A, B, 3, 16, 0xd4ef3085);
417 OP (FH, B, C, D, A, 6, 23, 0x04881d05);
418 OP (FH, A, B, C, D, 9, 4, 0xd9d4d039);
419 OP (FH, D, A, B, C, 12, 11, 0xe6db99e5);
420 OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8);
421 OP (FH, B, C, D, A, 2, 23, 0xc4ac5665);
422
423 /* Round 4. */
424 OP (FI, A, B, C, D, 0, 6, 0xf4292244);
425 OP (FI, D, A, B, C, 7, 10, 0x432aff97);
426 OP (FI, C, D, A, B, 14, 15, 0xab9423a7);
427 OP (FI, B, C, D, A, 5, 21, 0xfc93a039);
428 OP (FI, A, B, C, D, 12, 6, 0x655b59c3);
429 OP (FI, D, A, B, C, 3, 10, 0x8f0ccc92);
430 OP (FI, C, D, A, B, 10, 15, 0xffeff47d);
431 OP (FI, B, C, D, A, 1, 21, 0x85845dd1);
432 OP (FI, A, B, C, D, 8, 6, 0x6fa87e4f);
433 OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0);
434 OP (FI, C, D, A, B, 6, 15, 0xa3014314);
435 OP (FI, B, C, D, A, 13, 21, 0x4e0811a1);
436 OP (FI, A, B, C, D, 4, 6, 0xf7537e82);
437 OP (FI, D, A, B, C, 11, 10, 0xbd3af235);
438 OP (FI, C, D, A, B, 2, 15, 0x2ad7d2bb);
439 OP (FI, B, C, D, A, 9, 21, 0xeb86d391);
440
441 /* Add the starting values of the context. */
442 A += A_save;
443 B += B_save;
444 C += C_save;
445 D += D_save;
446 }
447
448 /* Put checksum in context given as argument. */
449 ctx->A = A;
450 ctx->B = B;
451 ctx->C = C;
452 ctx->D = D;
453}
diff --git a/src/daemon/https/lgl/md5.h b/src/daemon/https/lgl/md5.h
deleted file mode 100644
index 94247e46..00000000
--- a/src/daemon/https/lgl/md5.h
+++ /dev/null
@@ -1,128 +0,0 @@
1/* Declaration of functions and data types used for MD5 sum computing
2 library functions.
3 Copyright (C) 1995-1997,1999,2000,2001,2004,2005,2006
4 Free Software Foundation, Inc.
5 This file is part of the GNU C Library.
6
7 This program is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by the
9 Free Software Foundation; either version 2.1, or (at your option) any
10 later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU Lesser General Public License for more details.
16
17 You should have received a copy of the GNU Lesser General Public License
18 along with this program; if not, write to the Free Software Foundation,
19 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
20
21#ifndef _MD5_H
22#define _MD5_H 1
23
24#include <stdio.h>
25#include <stdint.h>
26
27#define MD5_DIGEST_SIZE 16
28#define MD5_BLOCK_SIZE 64
29
30#ifndef __GNUC_PREREQ
31# if defined __GNUC__ && defined __GNUC_MINOR__
32# define __GNUC_PREREQ(maj, min) \
33 ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
34# else
35# define __GNUC_PREREQ(maj, min) 0
36# endif
37#endif
38
39#ifndef __THROW
40# if defined __cplusplus && __GNUC_PREREQ (2,8)
41# define __THROW throw ()
42# else
43# define __THROW
44# endif
45#endif
46
47#ifndef _LIBC
48# define __MHD_md5_buffer MHD_md5_buffer
49# define __MHD_md5_finish_ctx MHD_md5_finish_ctx
50# define __MHD_md5_init_ctx MHD_md5_init_ctx
51# define __MHD_md5_process_block MHD_md5_process_block
52# define __MHD_md5_process_bytes MHD_md5_process_bytes
53# define __MHD_md5_read_ctx MHD_md5_read_ctx
54# define __MHD_md5_stream MHD_md5_stream
55#endif
56
57/* Structure to save state of computation between the single steps. */
58struct MHD_md5_ctx
59{
60 uint32_t A;
61 uint32_t B;
62 uint32_t C;
63 uint32_t D;
64
65 uint32_t total[2];
66 uint32_t buflen;
67 uint32_t buffer[32];
68};
69
70/*
71 * The following three functions are build up the low level used in
72 * the functions `MHD_md5_stream' and `MHD_md5_buffer'.
73 */
74
75/* Initialize structure containing state of computation.
76 (RFC 1321, 3.3: Step 3) */
77extern void
78__MHD_md5_init_ctx (struct MHD_md5_ctx *ctx)
79 __THROW;
80
81/* Starting with the result of former calls of this function (or the
82 initialization function update the context for the next LEN bytes
83 starting at BUFFER.
84 It is necessary that LEN is a multiple of 64!!! */
85 extern void __MHD_md5_process_block (const void *buffer, size_t len,
86 struct MHD_md5_ctx *ctx) __THROW;
87
88/* Starting with the result of former calls of this function (or the
89 initialization function update the context for the next LEN bytes
90 starting at BUFFER.
91 It is NOT required that LEN is a multiple of 64. */
92 extern void __MHD_md5_process_bytes (const void *buffer, size_t len,
93 struct MHD_md5_ctx *ctx) __THROW;
94
95/* Process the remaining bytes in the buffer and put result from CTX
96 in first 16 bytes following RESBUF. The result is always in little
97 endian byte order, so that a byte-wise output yields to the wanted
98 ASCII representation of the message digest.
99
100 IMPORTANT: On some systems, RESBUF must be aligned to a 32-bit
101 boundary. */
102 extern void *__MHD_md5_finish_ctx (struct MHD_md5_ctx *ctx,
103 void *resbuf) __THROW;
104
105
106/* Put result from CTX in first 16 bytes following RESBUF. The result is
107 always in little endian byte order, so that a byte-wise output yields
108 to the wanted ASCII representation of the message digest.
109
110 IMPORTANT: On some systems, RESBUF must be aligned to a 32-bit
111 boundary. */
112 extern void *__MHD_md5_read_ctx (const struct MHD_md5_ctx *ctx,
113 void *resbuf) __THROW;
114
115
116/* Compute MD5 message digest for bytes read from STREAM. The
117 resulting message digest number will be written into the 16 bytes
118 beginning at RESBLOCK. */
119 extern int __MHD_md5_stream (FILE * stream, void *resblock) __THROW;
120
121/* Compute MD5 message digest for LEN bytes beginning at BUFFER. The
122 result is always in little endian byte order, so that a byte-wise
123 output yields to the wanted ASCII representation of the message
124 digest. */
125 extern void *__MHD_md5_buffer (const char *buffer, size_t len,
126 void *resblock) __THROW;
127
128#endif /* md5.h */
diff --git a/src/daemon/https/lgl/memxor.c b/src/daemon/https/lgl/memxor.c
deleted file mode 100644
index 46c6542e..00000000
--- a/src/daemon/https/lgl/memxor.c
+++ /dev/null
@@ -1,35 +0,0 @@
1/* MHD_memxor.c -- perform binary exclusive OR operation of two memory blocks.
2 Copyright (C) 2005, 2006 Free Software Foundation, Inc.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU Lesser General Public License as published by
6 the Free Software Foundation; either version 2.1, or (at your option)
7 any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU Lesser General Public License for more details.
13
14 You should have received a copy of the GNU Lesser General Public License
15 along with this program; if not, write to the Free Software Foundation,
16 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
17
18/* Written by Simon Josefsson. The interface was inspired by MHD_memxor
19 in Niels Möller's Nettle. */
20
21#include "MHD_config.h"
22
23#include "memxor.h"
24
25void *
26MHD_memxor (void * dest, const void * src, size_t n)
27{
28 char const *s = src;
29 char *d = dest;
30
31 for (; n > 0; n--)
32 *d++ ^= *s++;
33
34 return dest;
35}
diff --git a/src/daemon/https/lgl/memxor.h b/src/daemon/https/lgl/memxor.h
deleted file mode 100644
index 6ccb3ba6..00000000
--- a/src/daemon/https/lgl/memxor.h
+++ /dev/null
@@ -1,31 +0,0 @@
1/* MHD_memxor.h -- perform binary exclusive OR operation on memory blocks.
2 Copyright (C) 2005 Free Software Foundation, Inc.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU Lesser General Public License as published by
6 the Free Software Foundation; either version 2.1, or (at your option)
7 any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU Lesser General Public License for more details.
13
14 You should have received a copy of the GNU Lesser General Public License
15 along with this program; if not, write to the Free Software Foundation,
16 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
17
18/* Written by Simon Josefsson. The interface was inspired by MHD_memxor
19 in Niels Möller's Nettle. */
20
21#ifndef MEMXOR_H
22# define MEMXOR_H
23
24#include <stddef.h>
25
26/* Compute binary exclusive OR of memory areas DEST and SRC, putting
27 the result in DEST, of length N bytes. Returns a pointer to
28 DEST. */
29void *MHD_memxor (void * dest, const void * src, size_t n);
30
31#endif /* MEMXOR_H */
diff --git a/src/daemon/https/lgl/rijndael-alg-fst.c b/src/daemon/https/lgl/rijndael-alg-fst.c
deleted file mode 100644
index 516fff15..00000000
--- a/src/daemon/https/lgl/rijndael-alg-fst.c
+++ /dev/null
@@ -1,1093 +0,0 @@
1/* rijndael-alg-fst.c --- Rijndael cipher implementation.
2 * Copyright (C) 2005, 2006 Free Software Foundation, Inc.
3 *
4 * This file is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU Lesser General Public License as published
6 * by the Free Software Foundation; either version 2.1, or (at your
7 * option) any later version.
8 *
9 * This file is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public License
15 * along with this file; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17 * 02110-1301, USA.
18 *
19 */
20
21/* Adapted for gnulib by Simon Josefsson.
22 *
23 * Based on public domain "Optimised C code" retrieved from (SHA1
24 * 7c8e4b00d06685d1dbc6724a9e0d502353de339e):
25 * http://www.iaik.tu-graz.ac.at/research/krypto/AES/old/~rijmen/rijndael/rijndael-fst-3.0.zip
26 */
27
28#include "MHD_config.h"
29
30/**
31 * rijndael-alg-fst.c
32 *
33 * @version 3.0 (December 2000)
34 *
35 * Optimised ANSI C code for the Rijndael cipher (now AES)
36 *
37 * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
38 * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
39 * @author Paulo Barreto <paulo.barreto@terra.com.br>
40 *
41 * This code is hereby placed in the public domain.
42 *
43 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
44 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
45 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
46 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
47 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
48 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
49 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
50 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
51 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
52 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
53 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
54 */
55
56#include "rijndael-alg-fst.h"
57
58/*
59Te0[x] = S [x].[02, 01, 01, 03];
60Te1[x] = S [x].[03, 02, 01, 01];
61Te2[x] = S [x].[01, 03, 02, 01];
62Te3[x] = S [x].[01, 01, 03, 02];
63Te4[x] = S [x].[01, 01, 01, 01];
64
65Td0[x] = Si[x].[0e, 09, 0d, 0b];
66Td1[x] = Si[x].[0b, 0e, 09, 0d];
67Td2[x] = Si[x].[0d, 0b, 0e, 09];
68Td3[x] = Si[x].[09, 0d, 0b, 0e];
69Td4[x] = Si[x].[01, 01, 01, 01];
70*/
71
72static const uint32_t Te0[256] = {
73 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
74 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554,
75 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d,
76 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,
77 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87,
78 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
79 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea,
80 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,
81 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
82 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f,
83 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108,
84 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
85 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e,
86 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5,
87 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
88 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,
89 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e,
90 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
91 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce,
92 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,
93 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c,
94 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed,
95 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b,
96 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
97 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16,
98 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594,
99 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81,
100 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,
101 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a,
102 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
103 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163,
104 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,
105 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
106 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739,
107 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47,
108 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
109 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f,
110 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883,
111 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
112 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,
113 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e,
114 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4,
115 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6,
116 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,
117 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
118 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0,
119 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25,
120 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
121 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72,
122 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651,
123 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
124 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85,
125 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa,
126 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12,
127 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0,
128 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,
129 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
130 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7,
131 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920,
132 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
133 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17,
134 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8,
135 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
136 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a,
137};
138
139static const uint32_t Te1[256] = {
140 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b,
141 0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5,
142 0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b,
143 0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676,
144 0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d,
145 0x15effafa, 0xebb25959, 0xc98e4747, 0x0bfbf0f0,
146 0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf,
147 0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0,
148 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626,
149 0x5a6c3636, 0x417e3f3f, 0x02f5f7f7, 0x4f83cccc,
150 0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x08f9f1f1,
151 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515,
152 0x0c080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3,
153 0x28301818, 0xa1379696, 0x0f0a0505, 0xb52f9a9a,
154 0x090e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2,
155 0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575,
156 0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a,
157 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0,
158 0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3,
159 0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484,
160 0xf5a65353, 0x68b9d1d1, 0x00000000, 0x2cc1eded,
161 0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b,
162 0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939,
163 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf,
164 0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb,
165 0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585,
166 0xcf8a4545, 0x10e9f9f9, 0x06040202, 0x81fe7f7f,
167 0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8,
168 0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f,
169 0xad3f9292, 0xbc219d9d, 0x48703838, 0x04f1f5f5,
170 0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121,
171 0x30201010, 0x1ae5ffff, 0x0efdf3f3, 0x6dbfd2d2,
172 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec,
173 0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717,
174 0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d,
175 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373,
176 0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc,
177 0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888,
178 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414,
179 0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb,
180 0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a,
181 0xdb924949, 0x0a0c0606, 0x6c482424, 0xe4b85c5c,
182 0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262,
183 0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979,
184 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d,
185 0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9,
186 0xb4d86c6c, 0xfaac5656, 0x07f3f4f4, 0x25cfeaea,
187 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808,
188 0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e,
189 0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6,
190 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f,
191 0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a,
192 0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666,
193 0xd8904848, 0x05060303, 0x01f7f6f6, 0x121c0e0e,
194 0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9,
195 0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e,
196 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111,
197 0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494,
198 0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9,
199 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf,
200 0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d,
201 0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868,
202 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f,
203 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616,
204};
205
206static const uint32_t Te2[256] = {
207 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b,
208 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5,
209 0x30506030, 0x01030201, 0x67a9ce67, 0x2b7d562b,
210 0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76,
211 0xca458fca, 0x829d1f82, 0xc94089c9, 0x7d87fa7d,
212 0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0,
213 0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af,
214 0x9cbf239c, 0xa4f753a4, 0x7296e472, 0xc05b9bc0,
215 0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26,
216 0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc,
217 0x345c6834, 0xa5f451a5, 0xe534d1e5, 0xf108f9f1,
218 0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15,
219 0x040c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3,
220 0x18283018, 0x96a13796, 0x050f0a05, 0x9ab52f9a,
221 0x07090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2,
222 0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75,
223 0x091b1209, 0x839e1d83, 0x2c74582c, 0x1a2e341a,
224 0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0,
225 0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3,
226 0x297b5229, 0xe33edde3, 0x2f715e2f, 0x84971384,
227 0x53f5a653, 0xd168b9d1, 0x00000000, 0xed2cc1ed,
228 0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b,
229 0x6abed46a, 0xcb468dcb, 0xbed967be, 0x394b7239,
230 0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf,
231 0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb,
232 0x43c58643, 0x4dd79a4d, 0x33556633, 0x85941185,
233 0x45cf8a45, 0xf910e9f9, 0x02060402, 0x7f81fe7f,
234 0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8,
235 0x51f3a251, 0xa3fe5da3, 0x40c08040, 0x8f8a058f,
236 0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5,
237 0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221,
238 0x10302010, 0xff1ae5ff, 0xf30efdf3, 0xd26dbfd2,
239 0xcd4c81cd, 0x0c14180c, 0x13352613, 0xec2fc3ec,
240 0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17,
241 0xc45793c4, 0xa7f255a7, 0x7e82fc7e, 0x3d477a3d,
242 0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673,
243 0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc,
244 0x22664422, 0x2a7e542a, 0x90ab3b90, 0x88830b88,
245 0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814,
246 0xde79a7de, 0x5ee2bc5e, 0x0b1d160b, 0xdb76addb,
247 0xe03bdbe0, 0x32566432, 0x3a4e743a, 0x0a1e140a,
248 0x49db9249, 0x060a0c06, 0x246c4824, 0x5ce4b85c,
249 0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462,
250 0x91a83991, 0x95a43195, 0xe437d3e4, 0x798bf279,
251 0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d,
252 0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9,
253 0x6cb4d86c, 0x56faac56, 0xf407f3f4, 0xea25cfea,
254 0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x08181008,
255 0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e,
256 0x1c24381c, 0xa6f157a6, 0xb4c773b4, 0xc65197c6,
257 0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f,
258 0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a,
259 0x7090e070, 0x3e427c3e, 0xb5c471b5, 0x66aacc66,
260 0x48d89048, 0x03050603, 0xf601f7f6, 0x0e121c0e,
261 0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9,
262 0x86911786, 0xc15899c1, 0x1d273a1d, 0x9eb9279e,
263 0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211,
264 0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394,
265 0x9bb62d9b, 0x1e223c1e, 0x87921587, 0xe920c9e9,
266 0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df,
267 0x8c8f038c, 0xa1f859a1, 0x89800989, 0x0d171a0d,
268 0xbfda65bf, 0xe631d7e6, 0x42c68442, 0x68b8d068,
269 0x41c38241, 0x99b02999, 0x2d775a2d, 0x0f111e0f,
270 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16,
271};
272
273static const uint32_t Te3[256] = {
274 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6,
275 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491,
276 0x30305060, 0x01010302, 0x6767a9ce, 0x2b2b7d56,
277 0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec,
278 0xcaca458f, 0x82829d1f, 0xc9c94089, 0x7d7d87fa,
279 0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb,
280 0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45,
281 0x9c9cbf23, 0xa4a4f753, 0x727296e4, 0xc0c05b9b,
282 0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c,
283 0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83,
284 0x34345c68, 0xa5a5f451, 0xe5e534d1, 0xf1f108f9,
285 0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a,
286 0x04040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d,
287 0x18182830, 0x9696a137, 0x05050f0a, 0x9a9ab52f,
288 0x0707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf,
289 0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea,
290 0x09091b12, 0x83839e1d, 0x2c2c7458, 0x1a1a2e34,
291 0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b,
292 0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d,
293 0x29297b52, 0xe3e33edd, 0x2f2f715e, 0x84849713,
294 0x5353f5a6, 0xd1d168b9, 0x00000000, 0xeded2cc1,
295 0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6,
296 0x6a6abed4, 0xcbcb468d, 0xbebed967, 0x39394b72,
297 0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85,
298 0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed,
299 0x4343c586, 0x4d4dd79a, 0x33335566, 0x85859411,
300 0x4545cf8a, 0xf9f910e9, 0x02020604, 0x7f7f81fe,
301 0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b,
302 0x5151f3a2, 0xa3a3fe5d, 0x4040c080, 0x8f8f8a05,
303 0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1,
304 0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342,
305 0x10103020, 0xffff1ae5, 0xf3f30efd, 0xd2d26dbf,
306 0xcdcd4c81, 0x0c0c1418, 0x13133526, 0xecec2fc3,
307 0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e,
308 0xc4c45793, 0xa7a7f255, 0x7e7e82fc, 0x3d3d477a,
309 0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6,
310 0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3,
311 0x22226644, 0x2a2a7e54, 0x9090ab3b, 0x8888830b,
312 0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28,
313 0xdede79a7, 0x5e5ee2bc, 0x0b0b1d16, 0xdbdb76ad,
314 0xe0e03bdb, 0x32325664, 0x3a3a4e74, 0x0a0a1e14,
315 0x4949db92, 0x06060a0c, 0x24246c48, 0x5c5ce4b8,
316 0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4,
317 0x9191a839, 0x9595a431, 0xe4e437d3, 0x79798bf2,
318 0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da,
319 0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049,
320 0x6c6cb4d8, 0x5656faac, 0xf4f407f3, 0xeaea25cf,
321 0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x08081810,
322 0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c,
323 0x1c1c2438, 0xa6a6f157, 0xb4b4c773, 0xc6c65197,
324 0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e,
325 0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f,
326 0x707090e0, 0x3e3e427c, 0xb5b5c471, 0x6666aacc,
327 0x4848d890, 0x03030506, 0xf6f601f7, 0x0e0e121c,
328 0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069,
329 0x86869117, 0xc1c15899, 0x1d1d273a, 0x9e9eb927,
330 0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322,
331 0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733,
332 0x9b9bb62d, 0x1e1e223c, 0x87879215, 0xe9e920c9,
333 0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5,
334 0x8c8c8f03, 0xa1a1f859, 0x89898009, 0x0d0d171a,
335 0xbfbfda65, 0xe6e631d7, 0x4242c684, 0x6868b8d0,
336 0x4141c382, 0x9999b029, 0x2d2d775a, 0x0f0f111e,
337 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c,
338};
339
340static const uint32_t Te4[256] = {
341 0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b,
342 0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5,
343 0x30303030, 0x01010101, 0x67676767, 0x2b2b2b2b,
344 0xfefefefe, 0xd7d7d7d7, 0xabababab, 0x76767676,
345 0xcacacaca, 0x82828282, 0xc9c9c9c9, 0x7d7d7d7d,
346 0xfafafafa, 0x59595959, 0x47474747, 0xf0f0f0f0,
347 0xadadadad, 0xd4d4d4d4, 0xa2a2a2a2, 0xafafafaf,
348 0x9c9c9c9c, 0xa4a4a4a4, 0x72727272, 0xc0c0c0c0,
349 0xb7b7b7b7, 0xfdfdfdfd, 0x93939393, 0x26262626,
350 0x36363636, 0x3f3f3f3f, 0xf7f7f7f7, 0xcccccccc,
351 0x34343434, 0xa5a5a5a5, 0xe5e5e5e5, 0xf1f1f1f1,
352 0x71717171, 0xd8d8d8d8, 0x31313131, 0x15151515,
353 0x04040404, 0xc7c7c7c7, 0x23232323, 0xc3c3c3c3,
354 0x18181818, 0x96969696, 0x05050505, 0x9a9a9a9a,
355 0x07070707, 0x12121212, 0x80808080, 0xe2e2e2e2,
356 0xebebebeb, 0x27272727, 0xb2b2b2b2, 0x75757575,
357 0x09090909, 0x83838383, 0x2c2c2c2c, 0x1a1a1a1a,
358 0x1b1b1b1b, 0x6e6e6e6e, 0x5a5a5a5a, 0xa0a0a0a0,
359 0x52525252, 0x3b3b3b3b, 0xd6d6d6d6, 0xb3b3b3b3,
360 0x29292929, 0xe3e3e3e3, 0x2f2f2f2f, 0x84848484,
361 0x53535353, 0xd1d1d1d1, 0x00000000, 0xedededed,
362 0x20202020, 0xfcfcfcfc, 0xb1b1b1b1, 0x5b5b5b5b,
363 0x6a6a6a6a, 0xcbcbcbcb, 0xbebebebe, 0x39393939,
364 0x4a4a4a4a, 0x4c4c4c4c, 0x58585858, 0xcfcfcfcf,
365 0xd0d0d0d0, 0xefefefef, 0xaaaaaaaa, 0xfbfbfbfb,
366 0x43434343, 0x4d4d4d4d, 0x33333333, 0x85858585,
367 0x45454545, 0xf9f9f9f9, 0x02020202, 0x7f7f7f7f,
368 0x50505050, 0x3c3c3c3c, 0x9f9f9f9f, 0xa8a8a8a8,
369 0x51515151, 0xa3a3a3a3, 0x40404040, 0x8f8f8f8f,
370 0x92929292, 0x9d9d9d9d, 0x38383838, 0xf5f5f5f5,
371 0xbcbcbcbc, 0xb6b6b6b6, 0xdadadada, 0x21212121,
372 0x10101010, 0xffffffff, 0xf3f3f3f3, 0xd2d2d2d2,
373 0xcdcdcdcd, 0x0c0c0c0c, 0x13131313, 0xecececec,
374 0x5f5f5f5f, 0x97979797, 0x44444444, 0x17171717,
375 0xc4c4c4c4, 0xa7a7a7a7, 0x7e7e7e7e, 0x3d3d3d3d,
376 0x64646464, 0x5d5d5d5d, 0x19191919, 0x73737373,
377 0x60606060, 0x81818181, 0x4f4f4f4f, 0xdcdcdcdc,
378 0x22222222, 0x2a2a2a2a, 0x90909090, 0x88888888,
379 0x46464646, 0xeeeeeeee, 0xb8b8b8b8, 0x14141414,
380 0xdededede, 0x5e5e5e5e, 0x0b0b0b0b, 0xdbdbdbdb,
381 0xe0e0e0e0, 0x32323232, 0x3a3a3a3a, 0x0a0a0a0a,
382 0x49494949, 0x06060606, 0x24242424, 0x5c5c5c5c,
383 0xc2c2c2c2, 0xd3d3d3d3, 0xacacacac, 0x62626262,
384 0x91919191, 0x95959595, 0xe4e4e4e4, 0x79797979,
385 0xe7e7e7e7, 0xc8c8c8c8, 0x37373737, 0x6d6d6d6d,
386 0x8d8d8d8d, 0xd5d5d5d5, 0x4e4e4e4e, 0xa9a9a9a9,
387 0x6c6c6c6c, 0x56565656, 0xf4f4f4f4, 0xeaeaeaea,
388 0x65656565, 0x7a7a7a7a, 0xaeaeaeae, 0x08080808,
389 0xbabababa, 0x78787878, 0x25252525, 0x2e2e2e2e,
390 0x1c1c1c1c, 0xa6a6a6a6, 0xb4b4b4b4, 0xc6c6c6c6,
391 0xe8e8e8e8, 0xdddddddd, 0x74747474, 0x1f1f1f1f,
392 0x4b4b4b4b, 0xbdbdbdbd, 0x8b8b8b8b, 0x8a8a8a8a,
393 0x70707070, 0x3e3e3e3e, 0xb5b5b5b5, 0x66666666,
394 0x48484848, 0x03030303, 0xf6f6f6f6, 0x0e0e0e0e,
395 0x61616161, 0x35353535, 0x57575757, 0xb9b9b9b9,
396 0x86868686, 0xc1c1c1c1, 0x1d1d1d1d, 0x9e9e9e9e,
397 0xe1e1e1e1, 0xf8f8f8f8, 0x98989898, 0x11111111,
398 0x69696969, 0xd9d9d9d9, 0x8e8e8e8e, 0x94949494,
399 0x9b9b9b9b, 0x1e1e1e1e, 0x87878787, 0xe9e9e9e9,
400 0xcececece, 0x55555555, 0x28282828, 0xdfdfdfdf,
401 0x8c8c8c8c, 0xa1a1a1a1, 0x89898989, 0x0d0d0d0d,
402 0xbfbfbfbf, 0xe6e6e6e6, 0x42424242, 0x68686868,
403 0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f,
404 0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616,
405};
406
407static const uint32_t Td0[256] = {
408 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96,
409 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393,
410 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
411 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f,
412 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1,
413 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,
414 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da,
415 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844,
416 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
417 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4,
418 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45,
419 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
420 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7,
421 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a,
422 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,
423 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c,
424 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1,
425 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a,
426 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75,
427 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051,
428 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,
429 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff,
430 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77,
431 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb,
432 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000,
433 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e,
434 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927,
435 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a,
436 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e,
437 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,
438 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d,
439 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8,
440 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,
441 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34,
442 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163,
443 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
444 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d,
445 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0,
446 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,
447 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef,
448 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36,
449 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,
450 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662,
451 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5,
452 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
453 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b,
454 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8,
455 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
456 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6,
457 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0,
458 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,
459 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f,
460 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df,
461 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
462 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e,
463 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713,
464 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,
465 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c,
466 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf,
467 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
468 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f,
469 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541,
470 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190,
471 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742,
472};
473
474static const uint32_t Td1[256] = {
475 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e,
476 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303,
477 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c,
478 0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3,
479 0x49deb15a, 0x6725ba1b, 0x9845ea0e, 0xe15dfec0,
480 0x02c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9,
481 0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259,
482 0x2dd4be83, 0xd3587421, 0x2949e069, 0x448ec9c8,
483 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971,
484 0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a,
485 0x1863df4a, 0x82e51a31, 0x60975133, 0x4562537f,
486 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b,
487 0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8,
488 0x23ab73d3, 0xe2724b02, 0x57e31f8f, 0x2a6655ab,
489 0x07b2eb28, 0x032fb5c2, 0x9a86c57b, 0xa5d33708,
490 0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682,
491 0x2b8acf1c, 0x92a779b4, 0xf0f307f2, 0xa14e69e2,
492 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe,
493 0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb,
494 0x390b83ec, 0xaa4060ef, 0x065e719f, 0x51bd6e10,
495 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd,
496 0xb591548d, 0x0571c45d, 0x6f0406d4, 0xff605015,
497 0x241998fb, 0x97d6bde9, 0xcc894043, 0x7767d99e,
498 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee,
499 0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x00000000,
500 0x83098086, 0x48322bed, 0xac1e1170, 0x4e6c5a72,
501 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39,
502 0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e,
503 0xb10c0a67, 0x0f9357e7, 0xd2b4ee96, 0x9e1b9b91,
504 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a,
505 0x0ae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17,
506 0x0b0e090d, 0xadf28bc7, 0xb92db6a8, 0xc8141ea9,
507 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60,
508 0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e,
509 0x768b4329, 0xdccb23c6, 0x68b6edfc, 0x63b8e4f1,
510 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611,
511 0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1,
512 0x4b1d9e2f, 0xf3dcb230, 0xec0d8652, 0xd077c1e3,
513 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964,
514 0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390,
515 0xc787494e, 0xc1d938d1, 0xfe8ccaa2, 0x3698d40b,
516 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf,
517 0xe42c3a9d, 0x0d507892, 0x9b6a5fcc, 0x62547e46,
518 0xc2f68d13, 0xe890d8b8, 0x5e2e39f7, 0xf582c3af,
519 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512,
520 0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb,
521 0x09cd2678, 0xf46e5918, 0x01ec9ab7, 0xa8834f9a,
522 0x65e6956e, 0x7eaaffe6, 0x0821bccf, 0xe6ef15e8,
523 0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c,
524 0xaf31a4b2, 0x312a3f23, 0x30c6a594, 0xc035a266,
525 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8,
526 0x4af10498, 0xf741ecda, 0x0e7fcd50, 0x2f1791f6,
527 0x8d764dd6, 0x4d43efb0, 0x54ccaa4d, 0xdfe49604,
528 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551,
529 0x049d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41,
530 0x5ab3671d, 0x5292dbd2, 0x33e91056, 0x136dd647,
531 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c,
532 0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1,
533 0x599cd2df, 0x3f55f273, 0x791814ce, 0xbf73c737,
534 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db,
535 0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340,
536 0x72161dc3, 0x0cbce225, 0x8b283c49, 0x41ff0d95,
537 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1,
538 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857,
539};
540
541static const uint32_t Td2[256] = {
542 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27,
543 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x03934be3,
544 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502,
545 0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562,
546 0x5a49deb1, 0x1b6725ba, 0x0e9845ea, 0xc0e15dfe,
547 0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3,
548 0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552,
549 0x832dd4be, 0x21d35874, 0x692949e0, 0xc8448ec9,
550 0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9,
551 0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce,
552 0x4a1863df, 0x3182e51a, 0x33609751, 0x7f456253,
553 0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908,
554 0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b,
555 0xd323ab73, 0x02e2724b, 0x8f57e31f, 0xab2a6655,
556 0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x08a5d337,
557 0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16,
558 0x1c2b8acf, 0xb492a779, 0xf2f0f307, 0xe2a14e69,
559 0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6,
560 0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6,
561 0xec390b83, 0xefaa4060, 0x9f065e71, 0x1051bd6e,
562 0x8af93e21, 0x063d96dd, 0x05aedd3e, 0xbd464de6,
563 0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050,
564 0xfb241998, 0xe997d6bd, 0x43cc8940, 0x9e7767d9,
565 0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8,
566 0x0a47a17c, 0x0fe97c42, 0x1ec9f884, 0x00000000,
567 0x86830980, 0xed48322b, 0x70ac1e11, 0x724e6c5a,
568 0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d,
569 0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436,
570 0x67b10c0a, 0xe70f9357, 0x96d2b4ee, 0x919e1b9b,
571 0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12,
572 0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b,
573 0x0d0b0e09, 0xc7adf28b, 0xa8b92db6, 0xa9c8141e,
574 0x198557f1, 0x074caf75, 0xddbbee99, 0x60fda37f,
575 0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb,
576 0x29768b43, 0xc6dccb23, 0xfc68b6ed, 0xf163b8e4,
577 0xdccad731, 0x85104263, 0x22401397, 0x112084c6,
578 0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729,
579 0x2f4b1d9e, 0x30f3dcb2, 0x52ec0d86, 0xe3d077c1,
580 0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9,
581 0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233,
582 0x4ec78749, 0xd1c1d938, 0xa2fe8cca, 0x0b3698d4,
583 0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad,
584 0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e,
585 0x13c2f68d, 0xb8e890d8, 0xf75e2e39, 0xaff582c3,
586 0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25,
587 0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b,
588 0x7809cd26, 0x18f46e59, 0xb701ec9a, 0x9aa8834f,
589 0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15,
590 0x9bd9bae7, 0x36ce4a6f, 0x09d4ea9f, 0x7cd629b0,
591 0xb2af31a4, 0x23312a3f, 0x9430c6a5, 0x66c035a2,
592 0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7,
593 0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791,
594 0xd68d764d, 0xb04d43ef, 0x4d54ccaa, 0x04dfe496,
595 0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665,
596 0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b,
597 0x1d5ab367, 0xd25292db, 0x5633e910, 0x47136dd6,
598 0x618c9ad7, 0x0c7a37a1, 0x148e59f8, 0x3c89eb13,
599 0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47,
600 0xdf599cd2, 0x733f55f2, 0xce791814, 0x37bf73c7,
601 0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844,
602 0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3,
603 0xc372161d, 0x250cbce2, 0x498b283c, 0x9541ff0d,
604 0x017139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456,
605 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8,
606};
607
608static const uint32_t Td3[256] = {
609 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a,
610 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b,
611 0x30fa5520, 0x766df6ad, 0xcc769188, 0x024c25f5,
612 0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5,
613 0xb15a49de, 0xba1b6725, 0xea0e9845, 0xfec0e15d,
614 0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b,
615 0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95,
616 0xbe832dd4, 0x7421d358, 0xe0692949, 0xc9c8448e,
617 0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27,
618 0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d,
619 0xdf4a1863, 0x1a3182e5, 0x51336097, 0x537f4562,
620 0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x082b94f9,
621 0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752,
622 0x73d323ab, 0x4b02e272, 0x1f8f57e3, 0x55ab2a66,
623 0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3,
624 0x2887f230, 0xbfa5b223, 0x036aba02, 0x16825ced,
625 0xcf1c2b8a, 0x79b492a7, 0x07f2f0f3, 0x69e2a14e,
626 0xdaf4cd65, 0x05bed506, 0x34621fd1, 0xa6fe8ac4,
627 0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4,
628 0x83ec390b, 0x60efaa40, 0x719f065e, 0x6e1051bd,
629 0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d,
630 0x548db591, 0xc45d0571, 0x06d46f04, 0x5015ff60,
631 0x98fb2419, 0xbde997d6, 0x4043cc89, 0xd99e7767,
632 0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79,
633 0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x00000000,
634 0x80868309, 0x2bed4832, 0x1170ac1e, 0x5a724e6c,
635 0x0efffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736,
636 0x0fd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24,
637 0x0a67b10c, 0x57e70f93, 0xee96d2b4, 0x9b919e1b,
638 0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c,
639 0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12,
640 0x090d0b0e, 0x8bc7adf2, 0xb6a8b92d, 0x1ea9c814,
641 0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3,
642 0x01269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b,
643 0x4329768b, 0x23c6dccb, 0xedfc68b6, 0xe4f163b8,
644 0x31dccad7, 0x63851042, 0x97224013, 0xc6112084,
645 0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7,
646 0x9e2f4b1d, 0xb230f3dc, 0x8652ec0d, 0xc1e3d077,
647 0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247,
648 0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22,
649 0x494ec787, 0x38d1c1d9, 0xcaa2fe8c, 0xd40b3698,
650 0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f,
651 0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254,
652 0x8d13c2f6, 0xd8b8e890, 0x39f75e2e, 0xc3aff582,
653 0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf,
654 0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb,
655 0x267809cd, 0x5918f46e, 0x9ab701ec, 0x4f9aa883,
656 0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef,
657 0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629,
658 0xa4b2af31, 0x3f23312a, 0xa59430c6, 0xa266c035,
659 0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533,
660 0x04984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17,
661 0x4dd68d76, 0xefb04d43, 0xaa4d54cc, 0x9604dfe4,
662 0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46,
663 0x5eea049d, 0x8c355d01, 0x877473fa, 0x0b412efb,
664 0x671d5ab3, 0xdbd25292, 0x105633e9, 0xd647136d,
665 0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb,
666 0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a,
667 0xd2df599c, 0xf2733f55, 0x14ce7918, 0xc737bf73,
668 0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678,
669 0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2,
670 0x1dc37216, 0xe2250cbc, 0x3c498b28, 0x0d9541ff,
671 0xa8017139, 0x0cb3de08, 0xb4e49cd8, 0x56c19064,
672 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0,
673};
674
675static const uint32_t Td4[256] = {
676 0x52525252, 0x09090909, 0x6a6a6a6a, 0xd5d5d5d5,
677 0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838,
678 0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e,
679 0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb,
680 0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282,
681 0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787,
682 0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444,
683 0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb,
684 0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232,
685 0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d,
686 0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0x0b0b0b0b,
687 0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e,
688 0x08080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666,
689 0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2,
690 0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949,
691 0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525,
692 0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464,
693 0x86868686, 0x68686868, 0x98989898, 0x16161616,
694 0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc,
695 0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292,
696 0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050,
697 0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada,
698 0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757,
699 0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484,
700 0x90909090, 0xd8d8d8d8, 0xabababab, 0x00000000,
701 0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0x0a0a0a0a,
702 0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x05050505,
703 0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x06060606,
704 0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f,
705 0xcacacaca, 0x3f3f3f3f, 0x0f0f0f0f, 0x02020202,
706 0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x03030303,
707 0x01010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b,
708 0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141,
709 0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea,
710 0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece,
711 0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373,
712 0x96969696, 0xacacacac, 0x74747474, 0x22222222,
713 0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585,
714 0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8,
715 0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e,
716 0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171,
717 0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989,
718 0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0x0e0e0e0e,
719 0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b,
720 0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b,
721 0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020,
722 0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe,
723 0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4,
724 0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333,
725 0x88888888, 0x07070707, 0xc7c7c7c7, 0x31313131,
726 0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959,
727 0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f,
728 0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9,
729 0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0x0d0d0d0d,
730 0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f,
731 0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef,
732 0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d,
733 0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0,
734 0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c,
735 0x83838383, 0x53535353, 0x99999999, 0x61616161,
736 0x17171717, 0x2b2b2b2b, 0x04040404, 0x7e7e7e7e,
737 0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626,
738 0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363,
739 0x55555555, 0x21212121, 0x0c0c0c0c, 0x7d7d7d7d,
740};
741
742static const uint32_t rcon[] = {
743 0x01000000, 0x02000000, 0x04000000, 0x08000000,
744 0x10000000, 0x20000000, 0x40000000, 0x80000000,
745 0x1B000000, 0x36000000
746 /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
747};
748
749#define GETU32(pt) (((uint32_t)((pt)[0] & 0xFF) << 24) ^ \
750 ((uint32_t)((pt)[1] & 0xFF) << 16) ^ \
751 ((uint32_t)((pt)[2] & 0xFF) << 8) ^ \
752 ((uint32_t)((pt)[3] & 0xFF)))
753#define PUTU32(ct, st) { \
754 (ct)[0] = (char)((st) >> 24); \
755 (ct)[1] = (char)((st) >> 16); \
756 (ct)[2] = (char)((st) >> 8); \
757 (ct)[3] = (char)(st); }
758
759/**
760 * Expand the cipher key into the encryption key schedule.
761 *
762 * @return the number of rounds for the given cipher key size.
763 */
764int
765MHD_rijndaelKeySetupEnc (uint32_t rk[ /*4*(Nr + 1) */ ],
766 const char cipherKey[], size_t keyBits)
767{
768 size_t i = 0;
769 uint32_t temp;
770
771 rk[0] = GETU32 (cipherKey);
772 rk[1] = GETU32 (cipherKey + 4);
773 rk[2] = GETU32 (cipherKey + 8);
774 rk[3] = GETU32 (cipherKey + 12);
775 if (keyBits == 128)
776 {
777 for (;;)
778 {
779 temp = rk[3];
780 rk[4] = rk[0] ^
781 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
782 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
783 (Te4[(temp) & 0xff] & 0x0000ff00) ^
784 (Te4[(temp >> 24)] & 0x000000ff) ^ rcon[i];
785 rk[5] = rk[1] ^ rk[4];
786 rk[6] = rk[2] ^ rk[5];
787 rk[7] = rk[3] ^ rk[6];
788 if (++i == 10)
789 {
790 return 10;
791 }
792 rk += 4;
793 }
794 }
795 rk[4] = GETU32 (cipherKey + 16);
796 rk[5] = GETU32 (cipherKey + 20);
797 if (keyBits == 192)
798 {
799 for (;;)
800 {
801 temp = rk[5];
802 rk[6] = rk[0] ^
803 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
804 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
805 (Te4[(temp) & 0xff] & 0x0000ff00) ^
806 (Te4[(temp >> 24)] & 0x000000ff) ^ rcon[i];
807 rk[7] = rk[1] ^ rk[6];
808 rk[8] = rk[2] ^ rk[7];
809 rk[9] = rk[3] ^ rk[8];
810 if (++i == 8)
811 {
812 return 12;
813 }
814 rk[10] = rk[4] ^ rk[9];
815 rk[11] = rk[5] ^ rk[10];
816 rk += 6;
817 }
818 }
819 rk[6] = GETU32 (cipherKey + 24);
820 rk[7] = GETU32 (cipherKey + 28);
821 if (keyBits == 256)
822 {
823 for (;;)
824 {
825 temp = rk[7];
826 rk[8] = rk[0] ^
827 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
828 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
829 (Te4[(temp) & 0xff] & 0x0000ff00) ^
830 (Te4[(temp >> 24)] & 0x000000ff) ^ rcon[i];
831 rk[9] = rk[1] ^ rk[8];
832 rk[10] = rk[2] ^ rk[9];
833 rk[11] = rk[3] ^ rk[10];
834 if (++i == 7)
835 {
836 return 14;
837 }
838 temp = rk[11];
839 rk[12] = rk[4] ^
840 (Te4[(temp >> 24)] & 0xff000000) ^
841 (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
842 (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^
843 (Te4[(temp) & 0xff] & 0x000000ff);
844 rk[13] = rk[5] ^ rk[12];
845 rk[14] = rk[6] ^ rk[13];
846 rk[15] = rk[7] ^ rk[14];
847
848 rk += 8;
849 }
850 }
851 return 0;
852}
853
854/**
855 * Expand the cipher key into the decryption key schedule.
856 *
857 * @return the number of rounds for the given cipher key size.
858 */
859int
860MHD_rijndaelKeySetupDec (uint32_t rk[ /*4*(Nr + 1) */ ],
861 const char cipherKey[], size_t keyBits)
862{
863 size_t Nr, i, j;
864 uint32_t temp;
865
866 /* expand the cipher key: */
867 Nr = MHD_rijndaelKeySetupEnc (rk, cipherKey, keyBits);
868 /* invert the order of the round keys: */
869 for (i = 0, j = 4 * Nr; i < j; i += 4, j -= 4)
870 {
871 temp = rk[i];
872 rk[i] = rk[j];
873 rk[j] = temp;
874 temp = rk[i + 1];
875 rk[i + 1] = rk[j + 1];
876 rk[j + 1] = temp;
877 temp = rk[i + 2];
878 rk[i + 2] = rk[j + 2];
879 rk[j + 2] = temp;
880 temp = rk[i + 3];
881 rk[i + 3] = rk[j + 3];
882 rk[j + 3] = temp;
883 }
884 /* apply the inverse MixColumn transform to all round keys but the
885 first and the last: */
886 for (i = 1; i < Nr; i++)
887 {
888 rk += 4;
889 rk[0] =
890 Td0[Te4[(rk[0] >> 24)] & 0xff] ^
891 Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
892 Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^
893 Td3[Te4[(rk[0]) & 0xff] & 0xff];
894 rk[1] =
895 Td0[Te4[(rk[1] >> 24)] & 0xff] ^
896 Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
897 Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^
898 Td3[Te4[(rk[1]) & 0xff] & 0xff];
899 rk[2] =
900 Td0[Te4[(rk[2] >> 24)] & 0xff] ^
901 Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
902 Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^
903 Td3[Te4[(rk[2]) & 0xff] & 0xff];
904 rk[3] =
905 Td0[Te4[(rk[3] >> 24)] & 0xff] ^
906 Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
907 Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^
908 Td3[Te4[(rk[3]) & 0xff] & 0xff];
909 }
910 return Nr;
911}
912
913void
914MHD_rijndaelEncrypt (const uint32_t rk[ /*4*(Nr + 1) */ ], size_t Nr,
915 const char pt[16], char ct[16])
916{
917 uint32_t s0, s1, s2, s3, t0, t1, t2, t3;
918 size_t r;
919
920 /*
921 * map byte array block to cipher state
922 * and add initial round key:
923 */
924 s0 = GETU32 (pt) ^ rk[0];
925 s1 = GETU32 (pt + 4) ^ rk[1];
926 s2 = GETU32 (pt + 8) ^ rk[2];
927 s3 = GETU32 (pt + 12) ^ rk[3];
928 /*
929 * Nr - 1 full rounds:
930 */
931 r = Nr >> 1;
932 for (;;)
933 {
934 t0 =
935 Te0[(s0 >> 24)] ^
936 Te1[(s1 >> 16) & 0xff] ^
937 Te2[(s2 >> 8) & 0xff] ^ Te3[(s3) & 0xff] ^ rk[4];
938 t1 =
939 Te0[(s1 >> 24)] ^
940 Te1[(s2 >> 16) & 0xff] ^
941 Te2[(s3 >> 8) & 0xff] ^ Te3[(s0) & 0xff] ^ rk[5];
942 t2 =
943 Te0[(s2 >> 24)] ^
944 Te1[(s3 >> 16) & 0xff] ^
945 Te2[(s0 >> 8) & 0xff] ^ Te3[(s1) & 0xff] ^ rk[6];
946 t3 =
947 Te0[(s3 >> 24)] ^
948 Te1[(s0 >> 16) & 0xff] ^
949 Te2[(s1 >> 8) & 0xff] ^ Te3[(s2) & 0xff] ^ rk[7];
950
951 rk += 8;
952 if (--r == 0)
953 {
954 break;
955 }
956
957 s0 =
958 Te0[(t0 >> 24)] ^
959 Te1[(t1 >> 16) & 0xff] ^
960 Te2[(t2 >> 8) & 0xff] ^ Te3[(t3) & 0xff] ^ rk[0];
961 s1 =
962 Te0[(t1 >> 24)] ^
963 Te1[(t2 >> 16) & 0xff] ^
964 Te2[(t3 >> 8) & 0xff] ^ Te3[(t0) & 0xff] ^ rk[1];
965 s2 =
966 Te0[(t2 >> 24)] ^
967 Te1[(t3 >> 16) & 0xff] ^
968 Te2[(t0 >> 8) & 0xff] ^ Te3[(t1) & 0xff] ^ rk[2];
969 s3 =
970 Te0[(t3 >> 24)] ^
971 Te1[(t0 >> 16) & 0xff] ^
972 Te2[(t1 >> 8) & 0xff] ^ Te3[(t2) & 0xff] ^ rk[3];
973 }
974 /*
975 * apply last round and
976 * map cipher state to byte array block:
977 */
978 s0 =
979 (Te4[(t0 >> 24)] & 0xff000000) ^
980 (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
981 (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
982 (Te4[(t3) & 0xff] & 0x000000ff) ^ rk[0];
983 PUTU32 (ct, s0);
984 s1 =
985 (Te4[(t1 >> 24)] & 0xff000000) ^
986 (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
987 (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
988 (Te4[(t0) & 0xff] & 0x000000ff) ^ rk[1];
989 PUTU32 (ct + 4, s1);
990 s2 =
991 (Te4[(t2 >> 24)] & 0xff000000) ^
992 (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
993 (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
994 (Te4[(t1) & 0xff] & 0x000000ff) ^ rk[2];
995 PUTU32 (ct + 8, s2);
996 s3 =
997 (Te4[(t3 >> 24)] & 0xff000000) ^
998 (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
999 (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
1000 (Te4[(t2) & 0xff] & 0x000000ff) ^ rk[3];
1001 PUTU32 (ct + 12, s3);
1002}
1003
1004void
1005MHD_rijndaelDecrypt (const uint32_t rk[ /*4*(Nr + 1) */ ], size_t Nr,
1006 const char ct[16], char pt[16])
1007{
1008 uint32_t s0, s1, s2, s3, t0, t1, t2, t3;
1009 size_t r;
1010
1011 /*
1012 * map byte array block to cipher state
1013 * and add initial round key:
1014 */
1015 s0 = GETU32 (ct) ^ rk[0];
1016 s1 = GETU32 (ct + 4) ^ rk[1];
1017 s2 = GETU32 (ct + 8) ^ rk[2];
1018 s3 = GETU32 (ct + 12) ^ rk[3];
1019 /*
1020 * Nr - 1 full rounds:
1021 */
1022 r = Nr >> 1;
1023 for (;;)
1024 {
1025 t0 =
1026 Td0[(s0 >> 24)] ^
1027 Td1[(s3 >> 16) & 0xff] ^
1028 Td2[(s2 >> 8) & 0xff] ^ Td3[(s1) & 0xff] ^ rk[4];
1029 t1 =
1030 Td0[(s1 >> 24)] ^
1031 Td1[(s0 >> 16) & 0xff] ^
1032 Td2[(s3 >> 8) & 0xff] ^ Td3[(s2) & 0xff] ^ rk[5];
1033 t2 =
1034 Td0[(s2 >> 24)] ^
1035 Td1[(s1 >> 16) & 0xff] ^
1036 Td2[(s0 >> 8) & 0xff] ^ Td3[(s3) & 0xff] ^ rk[6];
1037 t3 =
1038 Td0[(s3 >> 24)] ^
1039 Td1[(s2 >> 16) & 0xff] ^
1040 Td2[(s1 >> 8) & 0xff] ^ Td3[(s0) & 0xff] ^ rk[7];
1041
1042 rk += 8;
1043 if (--r == 0)
1044 {
1045 break;
1046 }
1047
1048 s0 =
1049 Td0[(t0 >> 24)] ^
1050 Td1[(t3 >> 16) & 0xff] ^
1051 Td2[(t2 >> 8) & 0xff] ^ Td3[(t1) & 0xff] ^ rk[0];
1052 s1 =
1053 Td0[(t1 >> 24)] ^
1054 Td1[(t0 >> 16) & 0xff] ^
1055 Td2[(t3 >> 8) & 0xff] ^ Td3[(t2) & 0xff] ^ rk[1];
1056 s2 =
1057 Td0[(t2 >> 24)] ^
1058 Td1[(t1 >> 16) & 0xff] ^
1059 Td2[(t0 >> 8) & 0xff] ^ Td3[(t3) & 0xff] ^ rk[2];
1060 s3 =
1061 Td0[(t3 >> 24)] ^
1062 Td1[(t2 >> 16) & 0xff] ^
1063 Td2[(t1 >> 8) & 0xff] ^ Td3[(t0) & 0xff] ^ rk[3];
1064 }
1065 /*
1066 * apply last round and
1067 * map cipher state to byte array block:
1068 */
1069 s0 =
1070 (Td4[(t0 >> 24)] & 0xff000000) ^
1071 (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1072 (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
1073 (Td4[(t1) & 0xff] & 0x000000ff) ^ rk[0];
1074 PUTU32 (pt, s0);
1075 s1 =
1076 (Td4[(t1 >> 24)] & 0xff000000) ^
1077 (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1078 (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
1079 (Td4[(t2) & 0xff] & 0x000000ff) ^ rk[1];
1080 PUTU32 (pt + 4, s1);
1081 s2 =
1082 (Td4[(t2 >> 24)] & 0xff000000) ^
1083 (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1084 (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
1085 (Td4[(t3) & 0xff] & 0x000000ff) ^ rk[2];
1086 PUTU32 (pt + 8, s2);
1087 s3 =
1088 (Td4[(t3 >> 24)] & 0xff000000) ^
1089 (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1090 (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
1091 (Td4[(t0) & 0xff] & 0x000000ff) ^ rk[3];
1092 PUTU32 (pt + 12, s3);
1093}
diff --git a/src/daemon/https/lgl/rijndael-alg-fst.h b/src/daemon/https/lgl/rijndael-alg-fst.h
deleted file mode 100644
index b04c1deb..00000000
--- a/src/daemon/https/lgl/rijndael-alg-fst.h
+++ /dev/null
@@ -1,67 +0,0 @@
1/* rijndael-alg-fst.h --- Rijndael cipher implementation.
2 * Copyright (C) 2005 Free Software Foundation, Inc.
3 *
4 * This file is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU Lesser General Public License as published
6 * by the Free Software Foundation; either version 2.1, or (at your
7 * option) any later version.
8 *
9 * This file is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public License
15 * along with this file; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17 * 02110-1301, USA.
18 *
19 */
20
21/* Adapted for gnulib by Simon Josefsson. */
22
23/**
24 * rijndael-alg-fst.h
25 *
26 * @version 3.0 (December 2000)
27 *
28 * Optimised ANSI C code for the Rijndael cipher (now AES)
29 *
30 * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
31 * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
32 * @author Paulo Barreto <paulo.barreto@terra.com.br>
33 *
34 * This code is hereby placed in the public domain.
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
37 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
38 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
39 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
40 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
41 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
42 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
43 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
44 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
45 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
46 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
47 */
48#ifndef __RIJNDAEL_ALG_FST_H
49#define __RIJNDAEL_ALG_FST_H
50
51#include <stdint.h>
52#include <stddef.h>
53
54#define RIJNDAEL_MAXKC (256/32)
55#define RIJNDAEL_MAXKB (256/8)
56#define RIJNDAEL_MAXNR 14
57
58int MHD_rijndaelKeySetupEnc (uint32_t rk[ /*4*(Nr + 1) */ ],
59 const char cipherKey[], size_t keyBits);
60int MHD_rijndaelKeySetupDec (uint32_t rk[ /*4*(Nr + 1) */ ],
61 const char cipherKey[], size_t keyBits);
62void MHD_rijndaelEncrypt (const uint32_t rk[ /*4*(Nr + 1) */ ], size_t Nr,
63 const char pt[16], char ct[16]);
64void MHD_rijndaelDecrypt (const uint32_t rk[ /*4*(Nr + 1) */ ], size_t Nr,
65 const char ct[16], char pt[16]);
66
67#endif /* __RIJNDAEL_ALG_FST_H */
diff --git a/src/daemon/https/lgl/rijndael-api-fst.c b/src/daemon/https/lgl/rijndael-api-fst.c
deleted file mode 100644
index d4196948..00000000
--- a/src/daemon/https/lgl/rijndael-api-fst.c
+++ /dev/null
@@ -1,519 +0,0 @@
1/* rijndael-api-fst.c --- Rijndael cipher implementation.
2 * Copyright (C) 2005, 2006 Free Software Foundation, Inc.
3 *
4 * This file is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU Lesser General Public License as published
6 * by the Free Software Foundation; either version 2.1, or (at your
7 * option) any later version.
8 *
9 * This file is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public License
15 * along with this file; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17 * 02110-1301, USA.
18 *
19 */
20
21/* Adapted for gnulib by Simon Josefsson.
22 *
23 * Based on public domain "Optimised C code" retrieved from (SHA1
24 * 7c8e4b00d06685d1dbc6724a9e0d502353de339e):
25 * http://www.iaik.tu-graz.ac.at/research/krypto/AES/old/~rijmen/rijndael/rijndael-fst-3.0.zip
26 */
27
28#include "MHD_config.h"
29
30/**
31 * rijndael-api-fst.c
32 *
33 * @version 2.9 (December 2000)
34 *
35 * Optimised ANSI C code for the Rijndael cipher (now AES)
36 *
37 * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
38 * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
39 * @author Paulo Barreto <paulo.barreto@terra.com.br>
40 *
41 * This code is hereby placed in the public domain.
42 *
43 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
44 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
45 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
46 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
47 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
48 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
49 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
50 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
51 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
52 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
53 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
54 *
55 * Acknowledgements:
56 *
57 * We are deeply indebted to the following people for their bug reports,
58 * fixes, and improvement suggestions to this implementation. Though we
59 * tried to list all contributions, we apologise in advance for any
60 * missing reference.
61 *
62 * Andrew Bales <Andrew.Bales@Honeywell.com>
63 * Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
64 * John Skodon <skodonj@webquill.com>
65 */
66
67#include "rijndael-alg-fst.h"
68#include "rijndael-api-fst.h"
69
70#include <assert.h>
71#include <stdlib.h>
72#include <string.h>
73
74rijndael_rc
75MHD_rijndaelMakeKey (rijndaelKeyInstance * key, rijndael_direction direction,
76 size_t keyLen, const char *keyMaterial)
77{
78 size_t i;
79 char *keyMat;
80 char cipherKey[RIJNDAEL_MAXKB];
81
82 if (key == NULL)
83 {
84 return RIJNDAEL_BAD_KEY_INSTANCE;
85 }
86
87 if ((direction == RIJNDAEL_DIR_ENCRYPT)
88 || (direction == RIJNDAEL_DIR_DECRYPT))
89 {
90 key->direction = direction;
91 }
92 else
93 {
94 return RIJNDAEL_BAD_KEY_DIR;
95 }
96
97 if ((keyLen == 128) || (keyLen == 192) || (keyLen == 256))
98 {
99 key->keyLen = keyLen;
100 }
101 else
102 {
103 return RIJNDAEL_BAD_KEY_MAT;
104 }
105
106 if (keyMaterial != NULL)
107 {
108 strncpy (key->keyMaterial, keyMaterial, keyLen / 4);
109 }
110
111 /* initialize key schedule: */
112 keyMat = key->keyMaterial;
113 for (i = 0; i < key->keyLen / 8; i++)
114 {
115 char t, v;
116
117 t = *keyMat++;
118 if ((t >= '0') && (t <= '9'))
119 v = (t - '0') << 4;
120 else if ((t >= 'a') && (t <= 'f'))
121 v = (t - 'a' + 10) << 4;
122 else if ((t >= 'A') && (t <= 'F'))
123 v = (t - 'A' + 10) << 4;
124 else
125 return RIJNDAEL_BAD_KEY_MAT;
126
127 t = *keyMat++;
128 if ((t >= '0') && (t <= '9'))
129 v ^= (t - '0');
130 else if ((t >= 'a') && (t <= 'f'))
131 v ^= (t - 'a' + 10);
132 else if ((t >= 'A') && (t <= 'F'))
133 v ^= (t - 'A' + 10);
134 else
135 return RIJNDAEL_BAD_KEY_MAT;
136
137 cipherKey[i] = v;
138 }
139 if (direction == RIJNDAEL_DIR_ENCRYPT)
140 {
141 key->Nr = MHD_rijndaelKeySetupEnc (key->rk, cipherKey, keyLen);
142 }
143 else
144 {
145 key->Nr = MHD_rijndaelKeySetupDec (key->rk, cipherKey, keyLen);
146 }
147 MHD_rijndaelKeySetupEnc (key->ek, cipherKey, keyLen);
148 return 0;
149}
150
151rijndael_rc
152MHD_MHD_rijndaelCipherInit (rijndaelCipherInstance * cipher,
153 rijndael_mode mode, const char *IV)
154{
155 if ((mode == RIJNDAEL_MODE_ECB) || (mode == RIJNDAEL_MODE_CBC)
156 || (mode == RIJNDAEL_MODE_CFB1))
157 {
158 cipher->mode = mode;
159 }
160 else
161 {
162 return RIJNDAEL_BAD_CIPHER_MODE;
163 }
164 if (IV != NULL)
165 {
166 int i;
167 for (i = 0; i < RIJNDAEL_MAX_IV_SIZE; i++)
168 {
169 int t, j;
170
171 t = IV[2 * i];
172 if ((t >= '0') && (t <= '9'))
173 j = (t - '0') << 4;
174 else if ((t >= 'a') && (t <= 'f'))
175 j = (t - 'a' + 10) << 4;
176 else if ((t >= 'A') && (t <= 'F'))
177 j = (t - 'A' + 10) << 4;
178 else
179 return RIJNDAEL_BAD_CIPHER_INSTANCE;
180
181 t = IV[2 * i + 1];
182 if ((t >= '0') && (t <= '9'))
183 j ^= (t - '0');
184 else if ((t >= 'a') && (t <= 'f'))
185 j ^= (t - 'a' + 10);
186 else if ((t >= 'A') && (t <= 'F'))
187 j ^= (t - 'A' + 10);
188 else
189 return RIJNDAEL_BAD_CIPHER_INSTANCE;
190
191 cipher->IV[i] = (uint8_t) j;
192 }
193 }
194 else
195 {
196 memset (cipher->IV, 0, RIJNDAEL_MAX_IV_SIZE);
197 }
198 return 0;
199}
200
201int
202MHD_rijndaelBlockEncrypt (rijndaelCipherInstance * cipher,
203 const rijndaelKeyInstance * key,
204 const char *input, size_t inputLen, char *outBuffer)
205{
206 size_t i, k, t, numBlocks;
207 char block[16], *iv;
208
209 if (cipher == NULL || key == NULL || key->direction == RIJNDAEL_DIR_DECRYPT)
210 {
211 return RIJNDAEL_BAD_CIPHER_STATE;
212 }
213 if (input == NULL || inputLen <= 0)
214 {
215 return 0; /* nothing to do */
216 }
217
218 numBlocks = inputLen / 128;
219
220 switch (cipher->mode)
221 {
222 case RIJNDAEL_MODE_ECB:
223 for (i = numBlocks; i > 0; i--)
224 {
225 MHD_rijndaelEncrypt (key->rk, key->Nr, input, outBuffer);
226 input += 16;
227 outBuffer += 16;
228 }
229 break;
230
231 case RIJNDAEL_MODE_CBC:
232 iv = cipher->IV;
233 for (i = numBlocks; i > 0; i--)
234 {
235 ((uint32_t *) block)[0] = ((uint32_t *) input)[0] ^
236 ((uint32_t *) iv)[0];
237 ((uint32_t *) block)[1] = ((uint32_t *) input)[1] ^
238 ((uint32_t *) iv)[1];
239 ((uint32_t *) block)[2] = ((uint32_t *) input)[2] ^
240 ((uint32_t *) iv)[2];
241 ((uint32_t *) block)[3] = ((uint32_t *) input)[3] ^
242 ((uint32_t *) iv)[3];
243 MHD_rijndaelEncrypt (key->rk, key->Nr, block, outBuffer);
244 memcpy (cipher->IV, outBuffer, 16);
245 input += 16;
246 outBuffer += 16;
247 }
248 break;
249
250 case RIJNDAEL_MODE_CFB1:
251 iv = cipher->IV;
252 for (i = numBlocks; i > 0; i--)
253 {
254 memcpy (outBuffer, input, 16);
255 for (k = 0; k < 128; k++)
256 {
257 MHD_rijndaelEncrypt (key->ek, key->Nr, iv, block);
258 outBuffer[k >> 3] ^= (block[0] & 0x80U) >> (k & 7);
259 for (t = 0; t < 15; t++)
260 {
261 iv[t] = (iv[t] << 1) | (iv[t + 1] >> 7);
262 }
263 iv[15] = (iv[15] << 1) |
264 ((outBuffer[k >> 3] >> (7 - (k & 7))) & 1);
265 }
266 outBuffer += 16;
267 input += 16;
268 }
269 break;
270
271 default:
272 return RIJNDAEL_BAD_CIPHER_STATE;
273 }
274
275 return 128 * numBlocks;
276}
277
278int
279MHD_rijndaelPadEncrypt (rijndaelCipherInstance * cipher,
280 const rijndaelKeyInstance * key,
281 const char *input, size_t inputOctets,
282 char *outBuffer)
283{
284 size_t i, numBlocks, padLen;
285 char block[16], *iv;
286
287 if (cipher == NULL || key == NULL || key->direction == RIJNDAEL_DIR_DECRYPT)
288 {
289 return RIJNDAEL_BAD_CIPHER_STATE;
290 }
291 if (input == NULL || inputOctets <= 0)
292 {
293 return 0; /* nothing to do */
294 }
295
296 numBlocks = inputOctets / 16;
297
298 switch (cipher->mode)
299 {
300 case RIJNDAEL_MODE_ECB:
301 for (i = numBlocks; i > 0; i--)
302 {
303 MHD_rijndaelEncrypt (key->rk, key->Nr, input, outBuffer);
304 input += 16;
305 outBuffer += 16;
306 }
307 padLen = 16 - (inputOctets - 16 * numBlocks);
308 assert (padLen > 0 && padLen <= 16);
309 memcpy (block, input, 16 - padLen);
310 memset (block + 16 - padLen, padLen, padLen);
311 MHD_rijndaelEncrypt (key->rk, key->Nr, block, outBuffer);
312 break;
313
314 case RIJNDAEL_MODE_CBC:
315 iv = cipher->IV;
316 for (i = numBlocks; i > 0; i--)
317 {
318 ((uint32_t *) block)[0] = ((uint32_t *) input)[0] ^
319 ((uint32_t *) iv)[0];
320 ((uint32_t *) block)[1] = ((uint32_t *) input)[1] ^
321 ((uint32_t *) iv)[1];
322 ((uint32_t *) block)[2] = ((uint32_t *) input)[2] ^
323 ((uint32_t *) iv)[2];
324 ((uint32_t *) block)[3] = ((uint32_t *) input)[3] ^
325 ((uint32_t *) iv)[3];
326 MHD_rijndaelEncrypt (key->rk, key->Nr, block, outBuffer);
327 memcpy (cipher->IV, outBuffer, 16);
328 input += 16;
329 outBuffer += 16;
330 }
331 padLen = 16 - (inputOctets - 16 * numBlocks);
332 assert (padLen > 0 && padLen <= 16);
333 for (i = 0; i < 16 - padLen; i++)
334 {
335 block[i] = input[i] ^ iv[i];
336 }
337 for (i = 16 - padLen; i < 16; i++)
338 {
339 block[i] = (char) padLen ^ iv[i];
340 }
341 MHD_rijndaelEncrypt (key->rk, key->Nr, block, outBuffer);
342 memcpy (cipher->IV, outBuffer, 16);
343 break;
344
345 default:
346 return RIJNDAEL_BAD_CIPHER_STATE;
347 }
348
349 return 16 * (numBlocks + 1);
350}
351
352int
353MHD_rijndaelBlockDecrypt (rijndaelCipherInstance * cipher,
354 const rijndaelKeyInstance * key,
355 const char *input, size_t inputLen, char *outBuffer)
356{
357 size_t i, k, t, numBlocks;
358 char block[16], *iv;
359
360 if (cipher == NULL
361 || key == NULL
362 || (cipher->mode != RIJNDAEL_MODE_CFB1
363 && key->direction == RIJNDAEL_DIR_ENCRYPT))
364 {
365 return RIJNDAEL_BAD_CIPHER_STATE;
366 }
367 if (input == NULL || inputLen <= 0)
368 {
369 return 0; /* nothing to do */
370 }
371
372 numBlocks = inputLen / 128;
373
374 switch (cipher->mode)
375 {
376 case RIJNDAEL_MODE_ECB:
377 for (i = numBlocks; i > 0; i--)
378 {
379 MHD_rijndaelDecrypt (key->rk, key->Nr, input, outBuffer);
380 input += 16;
381 outBuffer += 16;
382 }
383 break;
384
385 case RIJNDAEL_MODE_CBC:
386 iv = cipher->IV;
387 for (i = numBlocks; i > 0; i--)
388 {
389 MHD_rijndaelDecrypt (key->rk, key->Nr, input, block);
390 ((uint32_t *) block)[0] ^= ((uint32_t *) iv)[0];
391 ((uint32_t *) block)[1] ^= ((uint32_t *) iv)[1];
392 ((uint32_t *) block)[2] ^= ((uint32_t *) iv)[2];
393 ((uint32_t *) block)[3] ^= ((uint32_t *) iv)[3];
394 memcpy (cipher->IV, input, 16);
395 memcpy (outBuffer, block, 16);
396 input += 16;
397 outBuffer += 16;
398 }
399 break;
400
401 case RIJNDAEL_MODE_CFB1:
402 iv = cipher->IV;
403 for (i = numBlocks; i > 0; i--)
404 {
405 memcpy (outBuffer, input, 16);
406 for (k = 0; k < 128; k++)
407 {
408 MHD_rijndaelEncrypt (key->ek, key->Nr, iv, block);
409 for (t = 0; t < 15; t++)
410 {
411 iv[t] = (iv[t] << 1) | (iv[t + 1] >> 7);
412 }
413 iv[15] = (iv[15] << 1) | ((input[k >> 3] >> (7 - (k & 7))) & 1);
414 outBuffer[k >> 3] ^= (block[0] & 0x80U) >> (k & 7);
415 }
416 outBuffer += 16;
417 input += 16;
418 }
419 break;
420
421 default:
422 return RIJNDAEL_BAD_CIPHER_STATE;
423 }
424
425 return 128 * numBlocks;
426}
427
428int
429MHD_rijndaelPadDecrypt (rijndaelCipherInstance * cipher,
430 const rijndaelKeyInstance * key,
431 const char *input, size_t inputOctets,
432 char *outBuffer)
433{
434 size_t i, numBlocks, padLen;
435 char block[16];
436
437 if (cipher == NULL || key == NULL || key->direction == RIJNDAEL_DIR_ENCRYPT)
438 {
439 return RIJNDAEL_BAD_CIPHER_STATE;
440 }
441 if (input == NULL || inputOctets <= 0)
442 {
443 return 0; /* nothing to do */
444 }
445 if (inputOctets % 16 != 0)
446 {
447 return RIJNDAEL_BAD_DATA;
448 }
449
450 numBlocks = inputOctets / 16;
451
452 switch (cipher->mode)
453 {
454 case RIJNDAEL_MODE_ECB:
455 /* all blocks but last */
456 for (i = numBlocks - 1; i > 0; i--)
457 {
458 MHD_rijndaelDecrypt (key->rk, key->Nr, input, outBuffer);
459 input += 16;
460 outBuffer += 16;
461 }
462 /* last block */
463 MHD_rijndaelDecrypt (key->rk, key->Nr, input, block);
464 padLen = block[15];
465 if (padLen >= 16)
466 {
467 return RIJNDAEL_BAD_DATA;
468 }
469 for (i = 16 - padLen; i < 16; i++)
470 {
471 if (block[i] != padLen)
472 {
473 return RIJNDAEL_BAD_DATA;
474 }
475 }
476 memcpy (outBuffer, block, 16 - padLen);
477 break;
478
479 case RIJNDAEL_MODE_CBC:
480 /* all blocks but last */
481 for (i = numBlocks - 1; i > 0; i--)
482 {
483 MHD_rijndaelDecrypt (key->rk, key->Nr, input, block);
484 ((uint32_t *) block)[0] ^= ((uint32_t *) cipher->IV)[0];
485 ((uint32_t *) block)[1] ^= ((uint32_t *) cipher->IV)[1];
486 ((uint32_t *) block)[2] ^= ((uint32_t *) cipher->IV)[2];
487 ((uint32_t *) block)[3] ^= ((uint32_t *) cipher->IV)[3];
488 memcpy (cipher->IV, input, 16);
489 memcpy (outBuffer, block, 16);
490 input += 16;
491 outBuffer += 16;
492 }
493 /* last block */
494 MHD_rijndaelDecrypt (key->rk, key->Nr, input, block);
495 ((uint32_t *) block)[0] ^= ((uint32_t *) cipher->IV)[0];
496 ((uint32_t *) block)[1] ^= ((uint32_t *) cipher->IV)[1];
497 ((uint32_t *) block)[2] ^= ((uint32_t *) cipher->IV)[2];
498 ((uint32_t *) block)[3] ^= ((uint32_t *) cipher->IV)[3];
499 padLen = block[15];
500 if (padLen <= 0 || padLen > 16)
501 {
502 return RIJNDAEL_BAD_DATA;
503 }
504 for (i = 16 - padLen; i < 16; i++)
505 {
506 if (block[i] != padLen)
507 {
508 return RIJNDAEL_BAD_DATA;
509 }
510 }
511 memcpy (outBuffer, block, 16 - padLen);
512 break;
513
514 default:
515 return RIJNDAEL_BAD_CIPHER_STATE;
516 }
517
518 return 16 * numBlocks - padLen;
519}
diff --git a/src/daemon/https/lgl/rijndael-api-fst.h b/src/daemon/https/lgl/rijndael-api-fst.h
deleted file mode 100644
index 893021fc..00000000
--- a/src/daemon/https/lgl/rijndael-api-fst.h
+++ /dev/null
@@ -1,207 +0,0 @@
1/* rijndael-api-fst.h --- Rijndael cipher implementation.
2 * Copyright (C) 2005 Free Software Foundation, Inc.
3 *
4 * This file is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU Lesser General Public License as published
6 * by the Free Software Foundation; either version 2.1, or (at your
7 * option) any later version.
8 *
9 * This file is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public License
15 * along with this file; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17 * 02110-1301, USA.
18 *
19 */
20
21/* Adapted for gnulib by Simon Josefsson. */
22
23/**
24 * rijndael-api-fst.h
25 *
26 * @version 2.9 (December 2000)
27 *
28 * Optimised ANSI C code for the Rijndael cipher (now AES)
29 *
30 * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
31 * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
32 * @author Paulo Barreto <paulo.barreto@terra.com.br>
33 *
34 * This code is hereby placed in the public domain.
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
37 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
38 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
39 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
40 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
41 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
42 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
43 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
44 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
45 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
46 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
47 *
48 * Acknowledgements:
49 *
50 * We are deeply indebted to the following people for their bug reports,
51 * fixes, and improvement suggestions to this implementation. Though we
52 * tried to list all contributions, we apologise in advance for any
53 * missing reference.
54 *
55 * Andrew Bales <Andrew.Bales@Honeywell.com>
56 * Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
57 * John Skodon <skodonj@webquill.com>
58 */
59
60#ifndef __RIJNDAEL_API_FST_H
61#define __RIJNDAEL_API_FST_H
62
63#include "rijndael-alg-fst.h"
64
65#include <stdio.h>
66
67/* Default number of bits in a cipher block */
68#define RIJNDAEL_BITSPERBLOCK 128
69
70/* Number of ASCII char's needed to represent a key */
71#define RIJNDAEL_MAX_KEY_SIZE 64
72
73/* Number bytes needed to represent an IV */
74#define RIJNDAEL_MAX_IV_SIZE 16
75
76typedef enum
77{
78 /* Key direction is invalid, e.g., unknown value */
79 RIJNDAEL_BAD_KEY_DIR = -1,
80 /* Key material not of correct length */
81 RIJNDAEL_BAD_KEY_MAT = -2,
82 /* Key passed is not valid */
83 RIJNDAEL_BAD_KEY_INSTANCE = -3,
84 /* Params struct passed to cipherInit invalid */
85 RIJNDAEL_BAD_CIPHER_MODE = -4,
86 /* Cipher in wrong state (e.g., not initialized) */
87 RIJNDAEL_BAD_CIPHER_STATE = -5,
88 RIJNDAEL_BAD_BLOCK_LENGTH = -6,
89 RIJNDAEL_BAD_CIPHER_INSTANCE = -7,
90 /* Data contents are invalid, e.g., invalid padding */
91 RIJNDAEL_BAD_DATA = -8,
92 /* Unknown error */
93 RIJNDAEL_BAD_OTHER = -9
94} rijndael_rc;
95
96typedef enum
97{
98 RIJNDAEL_DIR_ENCRYPT = 0, /* Are we encrypting? */
99 RIJNDAEL_DIR_DECRYPT = 1 /* Are we decrypting? */
100} rijndael_direction;
101
102typedef enum
103{
104 RIJNDAEL_MODE_ECB = 1, /* Are we ciphering in ECB mode? */
105 RIJNDAEL_MODE_CBC = 2, /* Are we ciphering in CBC mode? */
106 RIJNDAEL_MODE_CFB1 = 3 /* Are we ciphering in 1-bit CFB mode? */
107} rijndael_mode;
108
109/* The structure for key information */
110typedef struct
111{
112 /* Key used for encrypting or decrypting? */
113 rijndael_direction direction;
114 /* Length of the key */
115 size_t keyLen;
116 /* Raw key data in ASCII, e.g., user input or KAT values */
117 char keyMaterial[RIJNDAEL_MAX_KEY_SIZE + 1];
118 /* key-length-dependent number of rounds */
119 int Nr;
120 /* key schedule */
121 uint32_t rk[4 * (RIJNDAEL_MAXNR + 1)];
122 /* CFB1 key schedule (encryption only) */
123 uint32_t ek[4 * (RIJNDAEL_MAXNR + 1)];
124} rijndaelKeyInstance;
125
126/* The structure for cipher information */
127typedef struct
128{ /* changed order of the components */
129 rijndael_mode mode; /* MODE_ECB, MODE_CBC, or MODE_CFB1 */
130 /* A possible Initialization Vector for ciphering */
131 char IV[RIJNDAEL_MAX_IV_SIZE];
132} rijndaelCipherInstance;
133
134/* Function prototypes */
135
136/* Create KEY, for encryption or decryption depending on DIRECTION,
137 from KEYMATERIAL, a hex string, of KEYLEN size. KEYLEN should be
138 128, 192 or 256. Returns 0 on success, or an error code. */
139extern rijndael_rc
140MHD_rijndaelMakeKey (rijndaelKeyInstance * key, rijndael_direction direction,
141 size_t keyLen, const char *keyMaterial);
142
143/* Initialize cipher state CIPHER for encryption MODE (e.g.,
144 RIJNDAEL_MODE_CBC) with initialization vector IV, a hex string of
145 2*RIJNDAEL_MAX_IV_SIZE length. IV may be NULL for modes that do
146 not need an IV (i.e., RIJNDAEL_MODE_ECB). */
147extern rijndael_rc
148MHD_MHD_rijndaelCipherInit (rijndaelCipherInstance * cipher,
149 rijndael_mode mode, const char *IV);
150
151/* Encrypt data in INPUT, of INPUTLEN/8 bytes length, placing the
152 output in the pre-allocated OUTBUFFER which must hold at least
153 INPUTLEN/8 bytes of data. The CIPHER is used as state, and must be
154 initialized with MHD_MHD_rijndaelCipherInit before calling this function.
155 The encryption KEY must be initialized with MHD_rijndaelMakeKey before
156 calling this function. Return the number of bits written, or a
157 negative rijndael_rc error code. */
158extern int
159MHD_rijndaelBlockEncrypt (rijndaelCipherInstance * cipher,
160 const rijndaelKeyInstance * key,
161 const char *input, size_t inputLen,
162 char *outBuffer);
163
164/* Encrypt data in INPUT, of INPUTOCTETS bytes length, placing the
165 output in the pre-allocated OUTBUFFER which must hold at least
166 INPUTOCTETS aligned to the next block size boundary.
167 Ciphertext-Stealing as described in RFC 2040 is used to encrypt
168 partial blocks. The CIPHER is used as state, and must be
169 initialized with MHD_MHD_rijndaelCipherInit before calling this function.
170 The encryption KEY must be initialized with MHD_rijndaelMakeKey before
171 calling this function. Return the number of bits written, or a
172 negative rijndael_rc error code. */
173extern int
174MHD_rijndaelPadEncrypt (rijndaelCipherInstance * cipher,
175 const rijndaelKeyInstance * key,
176 const char *input, size_t inputOctets,
177 char *outBuffer);
178
179/* Decrypt data in INPUT, of INPUTLEN/8 bytes length, placing the
180 output in the pre-allocated OUTBUFFER which must hold at least
181 INPUTLEN/8 bytes of data. The CIPHER is used as state, and must be
182 initialized with MHD_MHD_rijndaelCipherInit before calling this function.
183 The encryption KEY must be initialized with MHD_rijndaelMakeKey before
184 calling this function. Return the number of bits written, or a
185 negative rijndael_rc error code. */
186extern int
187MHD_rijndaelBlockDecrypt (rijndaelCipherInstance * cipher,
188 const rijndaelKeyInstance * key,
189 const char *input, size_t inputLen,
190 char *outBuffer);
191
192/* Decrypt data in INPUT, of INPUTOCTETS bytes length, placing the
193 output in the pre-allocated OUTBUFFER which must hold at least
194 INPUTOCTETS aligned to the next block size boundary.
195 Ciphertext-Stealing as described in RFC 2040 is used to encrypt
196 partial blocks. The CIPHER is used as state, and must be
197 initialized with MHD_MHD_rijndaelCipherInit before calling this function.
198 The encryption KEY must be initialized with MHD_rijndaelMakeKey before
199 calling this function. Return the number of bits written, or a
200 negative rijndael_rc error code. */
201extern int
202MHD_rijndaelPadDecrypt (rijndaelCipherInstance * cipher,
203 const rijndaelKeyInstance * key,
204 const char *input, size_t inputOctets,
205 char *outBuffer);
206
207#endif /* __RIJNDAEL_API_FST_H */
diff --git a/src/daemon/https/lgl/sha1.c b/src/daemon/https/lgl/sha1.c
deleted file mode 100644
index 573e7c69..00000000
--- a/src/daemon/https/lgl/sha1.c
+++ /dev/null
@@ -1,419 +0,0 @@
1/* sha1.c - Functions to compute SHA1 message digest of files or
2 memory blocks according to the NIST specification FIPS-180-1.
3
4 Copyright (C) 2000, 2001, 2003, 2004, 2005, 2006 Free Software
5 Foundation, Inc.
6
7 This program is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by the
9 Free Software Foundation; either version 2.1, or (at your option) any
10 later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU Lesser General Public License for more details.
16
17 You should have received a copy of the GNU Lesser General Public License
18 along with this program; if not, write to the Free Software Foundation,
19 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
20
21/* Written by Scott G. Miller
22 Credits:
23 Robert Klep <robert@ilse.nl> -- Expansion function fix
24*/
25
26#include "MHD_config.h"
27
28#include "sha1.h"
29
30#include <stddef.h>
31#include <string.h>
32
33#if USE_UNLOCKED_IO
34# include "unlocked-io.h"
35#endif
36
37#ifdef WORDS_BIGENDIAN
38# define SWAP(n) (n)
39#else
40# define SWAP(n) \
41 (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
42#endif
43
44#define BLOCKSIZE 4096
45#if BLOCKSIZE % 64 != 0
46# error "invalid BLOCKSIZE"
47#endif
48
49/* This array contains the bytes used to pad the buffer to the next
50 64-byte boundary. (RFC 1321, 3.1: Step 1) */
51static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
52
53
54/* Take a pointer to a 160 bit block of data (five 32 bit ints) and
55 initialize it to the start constants of the SHA1 algorithm. This
56 must be called before using hash in the call to MHD_sha1_hash. */
57void
58MHD_sha1_init_ctx (struct MHD_sha1_ctx *ctx)
59{
60 ctx->A = 0x67452301;
61 ctx->B = 0xefcdab89;
62 ctx->C = 0x98badcfe;
63 ctx->D = 0x10325476;
64 ctx->E = 0xc3d2e1f0;
65
66 ctx->total[0] = ctx->total[1] = 0;
67 ctx->buflen = 0;
68}
69
70/* Put result from CTX in first 20 bytes following RESBUF. The result
71 must be in little endian byte order.
72
73 IMPORTANT: On some systems it is required that RESBUF is correctly
74 aligned for a 32-bit value. */
75void *
76MHD_sha1_read_ctx (const struct MHD_sha1_ctx *ctx, void *resbuf)
77{
78 ((uint32_t *) resbuf)[0] = SWAP (ctx->A);
79 ((uint32_t *) resbuf)[1] = SWAP (ctx->B);
80 ((uint32_t *) resbuf)[2] = SWAP (ctx->C);
81 ((uint32_t *) resbuf)[3] = SWAP (ctx->D);
82 ((uint32_t *) resbuf)[4] = SWAP (ctx->E);
83
84 return resbuf;
85}
86
87/* Process the remaining bytes in the internal buffer and the usual
88 prolog according to the standard and write the result to RESBUF.
89
90 IMPORTANT: On some systems it is required that RESBUF is correctly
91 aligned for a 32-bit value. */
92void *
93MHD_sha1_finish_ctx (struct MHD_sha1_ctx *ctx, void *resbuf)
94{
95 /* Take yet unprocessed bytes into account. */
96 uint32_t bytes = ctx->buflen;
97 size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4;
98
99 /* Now count remaining bytes. */
100 ctx->total[0] += bytes;
101 if (ctx->total[0] < bytes)
102 ++ctx->total[1];
103
104 /* Put the 64-bit file length in *bits* at the end of the buffer. */
105 ctx->buffer[size - 2] = SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29));
106 ctx->buffer[size - 1] = SWAP (ctx->total[0] << 3);
107
108 memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes);
109
110 /* Process last bytes. */
111 MHD_sha1_process_block (ctx->buffer, size * 4, ctx);
112
113 return MHD_sha1_read_ctx (ctx, resbuf);
114}
115
116/* Compute SHA1 message digest for bytes read from STREAM. The
117 resulting message digest number will be written into the 16 bytes
118 beginning at RESBLOCK. */
119int
120MHD_sha1_stream (FILE * stream, void *resblock)
121{
122 struct MHD_sha1_ctx ctx;
123 char buffer[BLOCKSIZE + 72];
124 size_t sum;
125
126 /* Initialize the computation context. */
127 MHD_sha1_init_ctx (&ctx);
128
129 /* Iterate over full file contents. */
130 while (1)
131 {
132 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
133 computation function processes the whole buffer so that with the
134 next round of the loop another block can be read. */
135 size_t n;
136 sum = 0;
137
138 /* Read block. Take care for partial reads. */
139 while (1)
140 {
141 n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
142
143 sum += n;
144
145 if (sum == BLOCKSIZE)
146 break;
147
148 if (n == 0)
149 {
150 /* Check for the error flag IFF N == 0, so that we don't
151 exit the loop after a partial read due to e.g., EAGAIN
152 or EWOULDBLOCK. */
153 if (ferror (stream))
154 return 1;
155 goto process_partial_block;
156 }
157
158 /* We've read at least one byte, so ignore errors. But always
159 check for EOF, since feof may be true even though N > 0.
160 Otherwise, we could end up calling fread after EOF. */
161 if (feof (stream))
162 goto process_partial_block;
163 }
164
165 /* Process buffer with BLOCKSIZE bytes. Note that
166 BLOCKSIZE % 64 == 0
167 */
168 MHD_sha1_process_block (buffer, BLOCKSIZE, &ctx);
169 }
170
171process_partial_block:;
172
173 /* Process any remaining bytes. */
174 if (sum > 0)
175 MHD_sha1_process_bytes (buffer, sum, &ctx);
176
177 /* Construct result in desired memory. */
178 MHD_sha1_finish_ctx (&ctx, resblock);
179 return 0;
180}
181
182/* Compute SHA1 message digest for LEN bytes beginning at BUFFER. The
183 result is always in little endian byte order, so that a byte-wise
184 output yields to the wanted ASCII representation of the message
185 digest. */
186void *
187MHD_sha1_buffer (const char *buffer, size_t len, void *resblock)
188{
189 struct MHD_sha1_ctx ctx;
190
191 /* Initialize the computation context. */
192 MHD_sha1_init_ctx (&ctx);
193
194 /* Process whole buffer but last len % 64 bytes. */
195 MHD_sha1_process_bytes (buffer, len, &ctx);
196
197 /* Put result in desired memory area. */
198 return MHD_sha1_finish_ctx (&ctx, resblock);
199}
200
201void
202MHD_sha1_process_bytes (const void *buffer, size_t len,
203 struct MHD_sha1_ctx *ctx)
204{
205 /* When we already have some bits in our internal buffer concatenate
206 both inputs first. */
207 if (ctx->buflen != 0)
208 {
209 size_t left_over = ctx->buflen;
210 size_t add = 128 - left_over > len ? len : 128 - left_over;
211
212 memcpy (&((char *) ctx->buffer)[left_over], buffer, add);
213 ctx->buflen += add;
214
215 if (ctx->buflen > 64)
216 {
217 MHD_sha1_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
218
219 ctx->buflen &= 63;
220 /* The regions in the following copy operation cannot overlap. */
221 memcpy (ctx->buffer,
222 &((char *) ctx->buffer)[(left_over + add) & ~63],
223 ctx->buflen);
224 }
225
226 buffer = (const char *) buffer + add;
227 len -= add;
228 }
229
230 /* Process available complete blocks. */
231 if (len >= 64)
232 {
233#if !_STRING_ARCH_unaligned
234# define alignof(type) offsetof (struct { char c; type x; }, x)
235# define UNALIGNED_P(p) (((size_t) p) % alignof (uint32_t) != 0)
236 if (UNALIGNED_P (buffer))
237 while (len > 64)
238 {
239 MHD_sha1_process_block (memcpy (ctx->buffer, buffer, 64), 64,
240 ctx);
241 buffer = (const char *) buffer + 64;
242 len -= 64;
243 }
244 else
245#endif
246 {
247 MHD_sha1_process_block (buffer, len & ~63, ctx);
248 buffer = (const char *) buffer + (len & ~63);
249 len &= 63;
250 }
251 }
252
253 /* Move remaining bytes in internal buffer. */
254 if (len > 0)
255 {
256 size_t left_over = ctx->buflen;
257
258 memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
259 left_over += len;
260 if (left_over >= 64)
261 {
262 MHD_sha1_process_block (ctx->buffer, 64, ctx);
263 left_over -= 64;
264 memcpy (ctx->buffer, &ctx->buffer[16], left_over);
265 }
266 ctx->buflen = left_over;
267 }
268}
269
270/* --- Code below is the primary difference between md5.c and sha1.c --- */
271
272/* SHA1 round constants */
273#define K1 0x5a827999
274#define K2 0x6ed9eba1
275#define K3 0x8f1bbcdc
276#define K4 0xca62c1d6
277
278/* Round functions. Note that F2 is the same as F4. */
279#define F1(B,C,D) ( D ^ ( B & ( C ^ D ) ) )
280#define F2(B,C,D) (B ^ C ^ D)
281#define F3(B,C,D) ( ( B & C ) | ( D & ( B | C ) ) )
282#define F4(B,C,D) (B ^ C ^ D)
283
284/* Process LEN bytes of BUFFER, accumulating context into CTX.
285 It is assumed that LEN % 64 == 0.
286 Most of this code comes from GnuPG's cipher/sha1.c. */
287
288void
289MHD_sha1_process_block (const void *buffer, size_t len,
290 struct MHD_sha1_ctx *ctx)
291{
292 const uint32_t *words = buffer;
293 size_t nwords = len / sizeof (uint32_t);
294 const uint32_t *endp = words + nwords;
295 uint32_t x[16];
296 uint32_t a = ctx->A;
297 uint32_t b = ctx->B;
298 uint32_t c = ctx->C;
299 uint32_t d = ctx->D;
300 uint32_t e = ctx->E;
301
302 /* First increment the byte count. RFC 1321 specifies the possible
303 length of the file up to 2^64 bits. Here we only compute the
304 number of bytes. Do a double word increment. */
305 ctx->total[0] += len;
306 if (ctx->total[0] < len)
307 ++ctx->total[1];
308
309#define rol(x, n) (((x) << (n)) | ((uint32_t) (x) >> (32 - (n))))
310
311#define M(I) ( tm = x[I&0x0f] ^ x[(I-14)&0x0f] \
312 ^ x[(I-8)&0x0f] ^ x[(I-3)&0x0f] \
313 , (x[I&0x0f] = rol(tm, 1)) )
314
315#define R(A,B,C,D,E,F,K,M) do { E += rol( A, 5 ) \
316 + F( B, C, D ) \
317 + K \
318 + M; \
319 B = rol( B, 30 ); \
320 } while(0)
321
322 while (words < endp)
323 {
324 uint32_t tm;
325 int t;
326 for (t = 0; t < 16; t++)
327 {
328 x[t] = SWAP (*words);
329 words++;
330 }
331
332 R (a, b, c, d, e, F1, K1, x[0]);
333 R (e, a, b, c, d, F1, K1, x[1]);
334 R (d, e, a, b, c, F1, K1, x[2]);
335 R (c, d, e, a, b, F1, K1, x[3]);
336 R (b, c, d, e, a, F1, K1, x[4]);
337 R (a, b, c, d, e, F1, K1, x[5]);
338 R (e, a, b, c, d, F1, K1, x[6]);
339 R (d, e, a, b, c, F1, K1, x[7]);
340 R (c, d, e, a, b, F1, K1, x[8]);
341 R (b, c, d, e, a, F1, K1, x[9]);
342 R (a, b, c, d, e, F1, K1, x[10]);
343 R (e, a, b, c, d, F1, K1, x[11]);
344 R (d, e, a, b, c, F1, K1, x[12]);
345 R (c, d, e, a, b, F1, K1, x[13]);
346 R (b, c, d, e, a, F1, K1, x[14]);
347 R (a, b, c, d, e, F1, K1, x[15]);
348 R (e, a, b, c, d, F1, K1, M (16));
349 R (d, e, a, b, c, F1, K1, M (17));
350 R (c, d, e, a, b, F1, K1, M (18));
351 R (b, c, d, e, a, F1, K1, M (19));
352 R (a, b, c, d, e, F2, K2, M (20));
353 R (e, a, b, c, d, F2, K2, M (21));
354 R (d, e, a, b, c, F2, K2, M (22));
355 R (c, d, e, a, b, F2, K2, M (23));
356 R (b, c, d, e, a, F2, K2, M (24));
357 R (a, b, c, d, e, F2, K2, M (25));
358 R (e, a, b, c, d, F2, K2, M (26));
359 R (d, e, a, b, c, F2, K2, M (27));
360 R (c, d, e, a, b, F2, K2, M (28));
361 R (b, c, d, e, a, F2, K2, M (29));
362 R (a, b, c, d, e, F2, K2, M (30));
363 R (e, a, b, c, d, F2, K2, M (31));
364 R (d, e, a, b, c, F2, K2, M (32));
365 R (c, d, e, a, b, F2, K2, M (33));
366 R (b, c, d, e, a, F2, K2, M (34));
367 R (a, b, c, d, e, F2, K2, M (35));
368 R (e, a, b, c, d, F2, K2, M (36));
369 R (d, e, a, b, c, F2, K2, M (37));
370 R (c, d, e, a, b, F2, K2, M (38));
371 R (b, c, d, e, a, F2, K2, M (39));
372 R (a, b, c, d, e, F3, K3, M (40));
373 R (e, a, b, c, d, F3, K3, M (41));
374 R (d, e, a, b, c, F3, K3, M (42));
375 R (c, d, e, a, b, F3, K3, M (43));
376 R (b, c, d, e, a, F3, K3, M (44));
377 R (a, b, c, d, e, F3, K3, M (45));
378 R (e, a, b, c, d, F3, K3, M (46));
379 R (d, e, a, b, c, F3, K3, M (47));
380 R (c, d, e, a, b, F3, K3, M (48));
381 R (b, c, d, e, a, F3, K3, M (49));
382 R (a, b, c, d, e, F3, K3, M (50));
383 R (e, a, b, c, d, F3, K3, M (51));
384 R (d, e, a, b, c, F3, K3, M (52));
385 R (c, d, e, a, b, F3, K3, M (53));
386 R (b, c, d, e, a, F3, K3, M (54));
387 R (a, b, c, d, e, F3, K3, M (55));
388 R (e, a, b, c, d, F3, K3, M (56));
389 R (d, e, a, b, c, F3, K3, M (57));
390 R (c, d, e, a, b, F3, K3, M (58));
391 R (b, c, d, e, a, F3, K3, M (59));
392 R (a, b, c, d, e, F4, K4, M (60));
393 R (e, a, b, c, d, F4, K4, M (61));
394 R (d, e, a, b, c, F4, K4, M (62));
395 R (c, d, e, a, b, F4, K4, M (63));
396 R (b, c, d, e, a, F4, K4, M (64));
397 R (a, b, c, d, e, F4, K4, M (65));
398 R (e, a, b, c, d, F4, K4, M (66));
399 R (d, e, a, b, c, F4, K4, M (67));
400 R (c, d, e, a, b, F4, K4, M (68));
401 R (b, c, d, e, a, F4, K4, M (69));
402 R (a, b, c, d, e, F4, K4, M (70));
403 R (e, a, b, c, d, F4, K4, M (71));
404 R (d, e, a, b, c, F4, K4, M (72));
405 R (c, d, e, a, b, F4, K4, M (73));
406 R (b, c, d, e, a, F4, K4, M (74));
407 R (a, b, c, d, e, F4, K4, M (75));
408 R (e, a, b, c, d, F4, K4, M (76));
409 R (d, e, a, b, c, F4, K4, M (77));
410 R (c, d, e, a, b, F4, K4, M (78));
411 R (b, c, d, e, a, F4, K4, M (79));
412
413 a = ctx->A += a;
414 b = ctx->B += b;
415 c = ctx->C += c;
416 d = ctx->D += d;
417 e = ctx->E += e;
418 }
419}
diff --git a/src/daemon/https/lgl/sha1.h b/src/daemon/https/lgl/sha1.h
deleted file mode 100644
index b6e40cdb..00000000
--- a/src/daemon/https/lgl/sha1.h
+++ /dev/null
@@ -1,87 +0,0 @@
1/* Declarations of functions and data types used for SHA1 sum
2 library functions.
3 Copyright (C) 2000, 2001, 2003, 2005, 2006 Free Software Foundation, Inc.
4
5 This program is free software; you can redistribute it and/or modify it
6 under the terms of the GNU Lesser General Public License as published by the
7 Free Software Foundation; either version 2.1, or (at your option) any
8 later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public License
16 along with this program; if not, write to the Free Software Foundation,
17 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
18
19#ifndef SHA1_H
20# define SHA1_H 1
21
22# include <stdio.h>
23# include <stdint.h>
24
25/* Structure to save state of computation between the single steps. */
26struct MHD_sha1_ctx
27{
28 uint32_t A;
29 uint32_t B;
30 uint32_t C;
31 uint32_t D;
32 uint32_t E;
33
34 uint32_t total[2];
35 uint32_t buflen;
36 uint32_t buffer[32];
37};
38
39
40/* Initialize structure containing state of computation. */
41extern void MHD_sha1_init_ctx (struct MHD_sha1_ctx *ctx);
42
43/* Starting with the result of former calls of this function (or the
44 initialization function update the context for the next LEN bytes
45 starting at BUFFER.
46 It is necessary that LEN is a multiple of 64!!! */
47extern void MHD_sha1_process_block (const void *buffer, size_t len,
48 struct MHD_sha1_ctx *ctx);
49
50/* Starting with the result of former calls of this function (or the
51 initialization function update the context for the next LEN bytes
52 starting at BUFFER.
53 It is NOT required that LEN is a multiple of 64. */
54extern void MHD_sha1_process_bytes (const void *buffer, size_t len,
55 struct MHD_sha1_ctx *ctx);
56
57/* Process the remaining bytes in the buffer and put result from CTX
58 in first 20 bytes following RESBUF. The result is always in little
59 endian byte order, so that a byte-wise output yields to the wanted
60 ASCII representation of the message digest.
61
62 IMPORTANT: On some systems it is required that RESBUF be correctly
63 aligned for a 32 bits value. */
64extern void *MHD_sha1_finish_ctx (struct MHD_sha1_ctx *ctx, void *resbuf);
65
66
67/* Put result from CTX in first 20 bytes following RESBUF. The result is
68 always in little endian byte order, so that a byte-wise output yields
69 to the wanted ASCII representation of the message digest.
70
71 IMPORTANT: On some systems it is required that RESBUF is correctly
72 aligned for a 32 bits value. */
73extern void *MHD_sha1_read_ctx (const struct MHD_sha1_ctx *ctx, void *resbuf);
74
75
76/* Compute SHA1 message digest for bytes read from STREAM. The
77 resulting message digest number will be written into the 20 bytes
78 beginning at RESBLOCK. */
79extern int MHD_sha1_stream (FILE * stream, void *resblock);
80
81/* Compute SHA1 message digest for LEN bytes beginning at BUFFER. The
82 result is always in little endian byte order, so that a byte-wise
83 output yields to the wanted ASCII representation of the message
84 digest. */
85extern void *MHD_sha1_buffer (const char *buffer, size_t len, void *resblock);
86
87#endif
diff --git a/src/daemon/https/lgl/strverscmp.c b/src/daemon/https/lgl/strverscmp.c
deleted file mode 100644
index 83971034..00000000
--- a/src/daemon/https/lgl/strverscmp.c
+++ /dev/null
@@ -1,130 +0,0 @@
1/* Compare strings while treating digits characters numerically.
2 Copyright (C) 1997, 2000, 2002, 2004, 2006 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4 Contributed by Jean-François Bignolles <bignolle@ecoledoc.ibp.fr>, 1997.
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1, or (at your option)
9 any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License along
17 with this program; if not, write to the Free Software Foundation,
18 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
19
20#if !_LIBC
21#include "MHD_config.h"
22#endif
23
24#include <string.h>
25#include <ctype.h>
26
27/* states: S_N: normal, S_I: comparing integral part, S_F: comparing
28 fractional parts, S_Z: idem but with leading Zeroes only */
29#define S_N 0x0
30#define S_I 0x4
31#define S_F 0x8
32#define S_Z 0xC
33
34/* result_type: CMP: return diff; LEN: compare using len_diff/diff */
35#define CMP 2
36#define LEN 3
37
38
39/* ISDIGIT differs from isdigit, as follows:
40 - Its arg may be any int or unsigned int; it need not be an unsigned char
41 or EOF.
42 - It's typically faster.
43 POSIX says that only '0' through '9' are digits. Prefer ISDIGIT to
44 isdigit unless it's important to use the locale's definition
45 of `digit' even when the host does not conform to POSIX. */
46#define ISDIGIT(c) ((unsigned int) (c) - '0' <= 9)
47
48#undef __MHD_strverscmp
49#undef MHD_strverscmp
50
51#ifndef weak_alias
52# define __MHD_strverscmp MHD_strverscmp
53#endif
54
55/* Compare S1 and S2 as strings holding indices/version numbers,
56 returning less than, equal to or greater than zero if S1 is less than,
57 equal to or greater than S2 (for more info, see the texinfo doc).
58*/
59
60int
61__MHD_strverscmp (const char *s1, const char *s2)
62{
63 const unsigned char *p1 = (const unsigned char *) s1;
64 const unsigned char *p2 = (const unsigned char *) s2;
65 unsigned char c1, c2;
66 int state;
67 int diff;
68
69 /* Symbol(s) 0 [1-9] others (padding)
70 Transition (10) 0 (01) d (00) x (11) - */
71 static const unsigned int next_state[] = {
72 /* state x d 0 - */
73 /* S_N */ S_N, S_I, S_Z, S_N,
74 /* S_I */ S_N, S_I, S_I, S_I,
75 /* S_F */ S_N, S_F, S_F, S_F,
76 /* S_Z */ S_N, S_F, S_Z, S_Z
77 };
78
79 static const int result_type[] = {
80 /* state x/x x/d x/0 x/- d/x d/d d/0 d/-
81 0/x 0/d 0/0 0/- -/x -/d -/0 -/- */
82
83 /* S_N */ CMP, CMP, CMP, CMP, CMP, LEN, CMP, CMP,
84 CMP, CMP, CMP, CMP, CMP, CMP, CMP, CMP,
85 /* S_I */ CMP, -1, -1, CMP, 1, LEN, LEN, CMP,
86 1, LEN, LEN, CMP, CMP, CMP, CMP, CMP,
87 /* S_F */ CMP, CMP, CMP, CMP, CMP, LEN, CMP, CMP,
88 CMP, CMP, CMP, CMP, CMP, CMP, CMP, CMP,
89 /* S_Z */ CMP, 1, 1, CMP, -1, CMP, CMP, CMP,
90 -1, CMP, CMP, CMP
91 };
92
93 if (p1 == p2)
94 return 0;
95
96 c1 = *p1++;
97 c2 = *p2++;
98 /* Hint: '0' is a digit too. */
99 state = S_N | ((c1 == '0') + (ISDIGIT (c1) != 0));
100
101 while ((diff = c1 - c2) == 0 && c1 != '\0')
102 {
103 state = next_state[state];
104 c1 = *p1++;
105 c2 = *p2++;
106 state |= (c1 == '0') + (ISDIGIT (c1) != 0);
107 }
108
109 state = result_type[state << 2 | ((c2 == '0') + (ISDIGIT (c2) != 0))];
110
111 switch (state)
112 {
113 case CMP:
114 return diff;
115
116 case LEN:
117 while (ISDIGIT (*p1++))
118 if (!ISDIGIT (*p2++))
119 return 1;
120
121 return ISDIGIT (*p2) ? -1 : diff;
122
123 default:
124 return state;
125 }
126}
127
128#ifdef weak_alias
129weak_alias (__MHD_strverscmp, MHD_strverscmp)
130#endif
diff --git a/src/daemon/https/lgl/strverscmp.h b/src/daemon/https/lgl/strverscmp.h
deleted file mode 100644
index 48919889..00000000
--- a/src/daemon/https/lgl/strverscmp.h
+++ /dev/null
@@ -1,24 +0,0 @@
1/* Compare strings while treating digits characters numerically.
2
3 Copyright (C) 1997, 2003 Free Software Foundation, Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU Lesser General Public License as published by
7 the Free Software Foundation; either version 2.1, or (at your option)
8 any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public License
16 along with this program; if not, write to the Free Software Foundation,
17 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
18
19#ifndef STRVERSCMP_H_
20# define STRVERSCMP_H_
21
22int MHD_strverscmp (const char *, const char *);
23
24#endif /* not STRVERSCMP_H_ */
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 05:13:32 +0000