aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman
diff options
context:
space:
mode:
Diffstat (limited to 'src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman')
-rw-r--r--src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/Readme.txt25
-rw-r--r--src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aes.h137
-rw-r--r--src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aescrypt.cpp303
-rw-r--r--src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aeskey.cpp455
-rw-r--r--src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aesopt.h955
-rw-r--r--src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aestab.cpp223
-rw-r--r--src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/fileenc.cpp140
-rw-r--r--src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/fileenc.h114
-rw-r--r--src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/hmac.cpp142
-rw-r--r--src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/hmac.h95
-rw-r--r--src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/prng.cpp146
-rw-r--r--src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/prng.h74
-rw-r--r--src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/pwd2key.cpp186
-rw-r--r--src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/pwd2key.h50
-rw-r--r--src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha1.cpp237
-rw-r--r--src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha1.h68
-rw-r--r--src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha2.cpp626
-rw-r--r--src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha2.h160
18 files changed, 4136 insertions, 0 deletions
diff --git a/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/Readme.txt b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/Readme.txt
new file mode 100644
index 0000000..86842c2
--- /dev/null
+++ b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/Readme.txt
@@ -0,0 +1,25 @@
1A File Encryption Utility - VC++ 7.1 project Instructions
2
31. Unzip the enclosed files into a suitable VC++ project directory.
42. Obtain the bzip2 source code from http://sources.redhat.com/bzip2/
5 and unzip the files into the bzip2 sub-directory.
63. Compile the bzip2 project to give a static library
74. Compile the encfile project.
85. The executable encfile.exe is now ready for use:
9
10 enfile password filename
11
12 If the filename does not have the extension 'enc', it is assumed to
13 be a normal file that will then be encrypted to a file with the same
14 name but with an added extension 'enc'.
15
16 If the filename has the extension 'enc' its is assumed to be an
17 encrypted file that will be decrypted to a file with the same name
18 but without the 'enc' extension.
19
20The default HASH function is SHA1, which is set up by defining USE_SHA1 in
21compiling the project. If USE_SHA256 is defined instead then SHA256 is used.
22
23Brian Gladman
24
25
diff --git a/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aes.h b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aes.h
new file mode 100644
index 0000000..127c886
--- /dev/null
+++ b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aes.h
@@ -0,0 +1,137 @@
1/*
2 ---------------------------------------------------------------------------
3 Copyright (c) 2003, Dr Brian Gladman < >, Worcester, UK.
4 All rights reserved.
5
6 LICENSE TERMS
7
8 The free distribution and use of this software in both source and binary
9 form is allowed (with or without changes) provided that:
10
11 1. distributions of this source code include the above copyright
12 notice, this list of conditions and the following disclaimer;
13
14 2. distributions in binary form include the above copyright
15 notice, this list of conditions and the following disclaimer
16 in the documentation and/or other associated materials;
17
18 3. the copyright holder's name is not used to endorse products
19 built using this software without specific written permission.
20
21 ALTERNATIVELY, provided that this notice is retained in full, this product
22 may be distributed under the terms of the GNU General Public License (GPL),
23 in which case the provisions of the GPL apply INSTEAD OF those given above.
24
25 DISCLAIMER
26
27 This software is provided 'as is' with no explicit or implied warranties
28 in respect of its properties, including, but not limited to, correctness
29 and/or fitness for purpose.
30 ---------------------------------------------------------------------------
31 Issue Date: 26/08/2003
32
33 This file contains the definitions required to use AES in C. See aesopt.h
34 for optimisation details.
35*/
36
37#ifndef _AES_H
38#define _AES_H
39
40#include "irrMath.h"
41
42#define AES_128 /* define if AES with 128 bit keys is needed */
43#define AES_192 /* define if AES with 192 bit keys is needed */
44#define AES_256 /* define if AES with 256 bit keys is needed */
45#define AES_VAR /* define if a variable key size is needed */
46
47/* The following must also be set in assembler files if being used */
48
49#define AES_ENCRYPT /* if support for encryption is needed */
50#define AES_DECRYPT /* if support for decryption is needed */
51#define AES_ERR_CHK /* for parameter checks & error return codes */
52
53typedef irr::u8 aes_08t;
54typedef irr::u32 aes_32t;
55
56#define AES_BLOCK_SIZE 16 /* the AES block size in bytes */
57#define N_COLS 4 /* the number of columns in the state */
58
59/* a maximum of 60 32-bit words are needed for the key schedule */
60#define KS_LENGTH 64
61
62#ifdef AES_ERR_CHK
63#define aes_ret int
64#define aes_good 0
65#define aes_error -1
66#else
67#define aes_ret void
68#endif
69
70#ifndef AES_DLL /* implement normal/DLL functions */
71#define aes_rval aes_ret
72#else
73#define aes_rval aes_ret __declspec(dllexport) _stdcall
74#endif
75
76/* This routine must be called before first use if non-static */
77/* tables are being used */
78
79void gen_tabs(void);
80
81/* The key length (klen) is input in bytes when it is in the range */
82/* 16 <= klen <= 32 or in bits when in the range 128 <= klen <= 256 */
83
84#ifdef AES_ENCRYPT
85
86typedef struct
87{
88 aes_32t ks[KS_LENGTH];
89} aes_encrypt_ctx;
90
91#if defined(AES_128) || defined(AES_VAR)
92aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1]);
93#endif
94
95#if defined(AES_192) || defined(AES_VAR)
96aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1]);
97#endif
98
99#if defined(AES_256) || defined(AES_VAR)
100aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1]);
101#endif
102
103#if defined(AES_VAR)
104aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1]);
105#endif
106
107aes_rval aes_encrypt(const void *in_blk, void *out_blk, const aes_encrypt_ctx cx[1]);
108#endif
109
110#ifdef AES_DECRYPT
111
112typedef struct
113{
114 aes_32t ks[KS_LENGTH];
115} aes_decrypt_ctx;
116
117#if defined(AES_128) || defined(AES_VAR)
118aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1]);
119#endif
120
121#if defined(AES_192) || defined(AES_VAR)
122aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1]);
123#endif
124
125#if defined(AES_256) || defined(AES_VAR)
126aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1]);
127#endif
128
129#if defined(AES_VAR)
130aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1]);
131#endif
132
133aes_rval aes_decrypt(const void *in_blk, void *out_blk, const aes_decrypt_ctx cx[1]);
134#endif
135
136#endif
137
diff --git a/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aescrypt.cpp b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aescrypt.cpp
new file mode 100644
index 0000000..8d1feee
--- /dev/null
+++ b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aescrypt.cpp
@@ -0,0 +1,303 @@
1/*
2 ---------------------------------------------------------------------------
3 Copyright (c) 2003, Dr Brian Gladman < >, Worcester, UK.
4 All rights reserved.
5
6 LICENSE TERMS
7
8 The free distribution and use of this software in both source and binary
9 form is allowed (with or without changes) provided that:
10
11 1. distributions of this source code include the above copyright
12 notice, this list of conditions and the following disclaimer;
13
14 2. distributions in binary form include the above copyright
15 notice, this list of conditions and the following disclaimer
16 in the documentation and/or other associated materials;
17
18 3. the copyright holder's name is not used to endorse products
19 built using this software without specific written permission.
20
21 ALTERNATIVELY, provided that this notice is retained in full, this product
22 may be distributed under the terms of the GNU General Public License (GPL),
23 in which case the provisions of the GPL apply INSTEAD OF those given above.
24
25 DISCLAIMER
26
27 This software is provided 'as is' with no explicit or implied warranties
28 in respect of its properties, including, but not limited to, correctness
29 and/or fitness for purpose.
30 ---------------------------------------------------------------------------
31 Issue Date: 26/08/2003
32
33 This file contains the code for implementing encryption and decryption
34 for AES (Rijndael) for block and key sizes of 16, 24 and 32 bytes. It
35 can optionally be replaced by code written in assembler using NASM. For
36 further details see the file aesopt.h
37*/
38
39#include "aesopt.h"
40
41#define si(y,x,k,c) (s(y,c) = word_in(x, c) ^ (k)[c])
42#define so(y,x,c) word_out(y, c, s(x,c))
43
44#if defined(ARRAYS)
45#define locals(y,x) x[4],y[4]
46#else
47#define locals(y,x) x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3
48#endif
49
50#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \
51 s(y,2) = s(x,2); s(y,3) = s(x,3);
52#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3)
53#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3)
54#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3)
55
56#if defined(ENCRYPTION) && !defined(AES_ASM)
57
58/* Visual C++ .Net v7.1 provides the fastest encryption code when using
59 Pentium optimization with small code but this is poor for decryption
60 so we need to control this with the following VC++ pragmas
61*/
62
63#if defined(_MSC_VER)
64#pragma optimize( "s", on )
65#endif
66
67/* Given the column (c) of the output state variable, the following
68 macros give the input state variables which are needed in its
69 computation for each row (r) of the state. All the alternative
70 macros give the same end values but expand into different ways
71 of calculating these values. In particular the complex macro
72 used for dynamically variable block sizes is designed to expand
73 to a compile time constant whenever possible but will expand to
74 conditional clauses on some branches (I am grateful to Frank
75 Yellin for this construction)
76*/
77
78#define fwd_var(x,r,c)\
79 ( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\
80 : r == 1 ? ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0))\
81 : r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\
82 : ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2)))
83
84#if defined(FT4_SET)
85#undef dec_fmvars
86#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,n),fwd_var,rf1,c))
87#elif defined(FT1_SET)
88#undef dec_fmvars
89#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(f,n),fwd_var,rf1,c))
90#else
91#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ fwd_mcol(no_table(x,t_use(s,box),fwd_var,rf1,c)))
92#endif
93
94#if defined(FL4_SET)
95#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,l),fwd_var,rf1,c))
96#elif defined(FL1_SET)
97#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(f,l),fwd_var,rf1,c))
98#else
99#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(s,box),fwd_var,rf1,c))
100#endif
101
102aes_rval aes_encrypt(const void *in_blk, void *out_blk, const aes_encrypt_ctx cx[1])
103{ aes_32t locals(b0, b1);
104 const aes_32t *kp = cx->ks;
105#ifdef dec_fmvars
106 dec_fmvars; /* declare variables for fwd_mcol() if needed */
107#endif
108
109 aes_32t nr = (kp[45] ^ kp[52] ^ kp[53] ? kp[52] : 14);
110
111#ifdef AES_ERR_CHK
112 if( (nr != 10 || !(kp[0] | kp[3] | kp[4]))
113 && (nr != 12 || !(kp[0] | kp[5] | kp[6]))
114 && (nr != 14 || !(kp[0] | kp[7] | kp[8])) )
115 return aes_error;
116#endif
117
118 state_in(b0, in_blk, kp);
119
120#if (ENC_UNROLL == FULL)
121
122 switch(nr)
123 {
124 case 14:
125 round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
126 round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
127 kp += 2 * N_COLS;
128 case 12:
129 round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
130 round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
131 kp += 2 * N_COLS;
132 case 10:
133 round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
134 round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
135 round(fwd_rnd, b1, b0, kp + 3 * N_COLS);
136 round(fwd_rnd, b0, b1, kp + 4 * N_COLS);
137 round(fwd_rnd, b1, b0, kp + 5 * N_COLS);
138 round(fwd_rnd, b0, b1, kp + 6 * N_COLS);
139 round(fwd_rnd, b1, b0, kp + 7 * N_COLS);
140 round(fwd_rnd, b0, b1, kp + 8 * N_COLS);
141 round(fwd_rnd, b1, b0, kp + 9 * N_COLS);
142 round(fwd_lrnd, b0, b1, kp +10 * N_COLS);
143 }
144
145#else
146
147#if (ENC_UNROLL == PARTIAL)
148 { aes_32t rnd;
149 for(rnd = 0; rnd < (nr >> 1) - 1; ++rnd)
150 {
151 kp += N_COLS;
152 round(fwd_rnd, b1, b0, kp);
153 kp += N_COLS;
154 round(fwd_rnd, b0, b1, kp);
155 }
156 kp += N_COLS;
157 round(fwd_rnd, b1, b0, kp);
158#else
159 { aes_32t rnd;
160 for(rnd = 0; rnd < nr - 1; ++rnd)
161 {
162 kp += N_COLS;
163 round(fwd_rnd, b1, b0, kp);
164 l_copy(b0, b1);
165 }
166#endif
167 kp += N_COLS;
168 round(fwd_lrnd, b0, b1, kp);
169 }
170#endif
171
172 state_out(out_blk, b0);
173#ifdef AES_ERR_CHK
174 return aes_good;
175#endif
176}
177
178#endif
179
180#if defined(DECRYPTION) && !defined(AES_ASM)
181
182/* Visual C++ .Net v7.1 provides the fastest encryption code when using
183 Pentium optimization with small code but this is poor for decryption
184 so we need to control this with the following VC++ pragmas
185*/
186
187#if defined(_MSC_VER)
188#pragma optimize( "t", on )
189#endif
190
191/* Given the column (c) of the output state variable, the following
192 macros give the input state variables which are needed in its
193 computation for each row (r) of the state. All the alternative
194 macros give the same end values but expand into different ways
195 of calculating these values. In particular the complex macro
196 used for dynamically variable block sizes is designed to expand
197 to a compile time constant whenever possible but will expand to
198 conditional clauses on some branches (I am grateful to Frank
199 Yellin for this construction)
200*/
201
202#define inv_var(x,r,c)\
203 ( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\
204 : r == 1 ? ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2))\
205 : r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\
206 : ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0)))
207
208#if defined(IT4_SET)
209#undef dec_imvars
210#define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,n),inv_var,rf1,c))
211#elif defined(IT1_SET)
212#undef dec_imvars
213#define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(i,n),inv_var,rf1,c))
214#else
215#define inv_rnd(y,x,k,c) (s(y,c) = inv_mcol((k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c)))
216#endif
217
218#if defined(IL4_SET)
219#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,l),inv_var,rf1,c))
220#elif defined(IL1_SET)
221#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(i,l),inv_var,rf1,c))
222#else
223#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c))
224#endif
225
226aes_rval aes_decrypt(const void *in_blk, void *out_blk, const aes_decrypt_ctx cx[1])
227{ aes_32t locals(b0, b1);
228#ifdef dec_imvars
229 dec_imvars; /* declare variables for inv_mcol() if needed */
230#endif
231
232 aes_32t nr = (cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] ? cx->ks[52] : 14);
233 const aes_32t *kp = cx->ks + nr * N_COLS;
234
235#ifdef AES_ERR_CHK
236 if( (nr != 10 || !(cx->ks[0] | cx->ks[3] | cx->ks[4]))
237 && (nr != 12 || !(cx->ks[0] | cx->ks[5] | cx->ks[6]))
238 && (nr != 14 || !(cx->ks[0] | cx->ks[7] | cx->ks[8])) )
239 return aes_error;
240#endif
241
242 state_in(b0, in_blk, kp);
243
244#if (DEC_UNROLL == FULL)
245
246 switch(nr)
247 {
248 case 14:
249 round(inv_rnd, b1, b0, kp - 1 * N_COLS);
250 round(inv_rnd, b0, b1, kp - 2 * N_COLS);
251 kp -= 2 * N_COLS;
252 case 12:
253 round(inv_rnd, b1, b0, kp - 1 * N_COLS);
254 round(inv_rnd, b0, b1, kp - 2 * N_COLS);
255 kp -= 2 * N_COLS;
256 case 10:
257 round(inv_rnd, b1, b0, kp - 1 * N_COLS);
258 round(inv_rnd, b0, b1, kp - 2 * N_COLS);
259 round(inv_rnd, b1, b0, kp - 3 * N_COLS);
260 round(inv_rnd, b0, b1, kp - 4 * N_COLS);
261 round(inv_rnd, b1, b0, kp - 5 * N_COLS);
262 round(inv_rnd, b0, b1, kp - 6 * N_COLS);
263 round(inv_rnd, b1, b0, kp - 7 * N_COLS);
264 round(inv_rnd, b0, b1, kp - 8 * N_COLS);
265 round(inv_rnd, b1, b0, kp - 9 * N_COLS);
266 round(inv_lrnd, b0, b1, kp - 10 * N_COLS);
267 }
268
269#else
270
271#if (DEC_UNROLL == PARTIAL)
272 { aes_32t rnd;
273 for(rnd = 0; rnd < (nr >> 1) - 1; ++rnd)
274 {
275 kp -= N_COLS;
276 round(inv_rnd, b1, b0, kp);
277 kp -= N_COLS;
278 round(inv_rnd, b0, b1, kp);
279 }
280 kp -= N_COLS;
281 round(inv_rnd, b1, b0, kp);
282#else
283 { aes_32t rnd;
284 for(rnd = 0; rnd < nr - 1; ++rnd)
285 {
286 kp -= N_COLS;
287 round(inv_rnd, b1, b0, kp);
288 l_copy(b0, b1);
289 }
290#endif
291 kp -= N_COLS;
292 round(inv_lrnd, b0, b1, kp);
293 }
294#endif
295
296 state_out(out_blk, b0);
297#ifdef AES_ERR_CHK
298 return aes_good;
299#endif
300}
301
302#endif
303
diff --git a/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aeskey.cpp b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aeskey.cpp
new file mode 100644
index 0000000..12d4cbb
--- /dev/null
+++ b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aeskey.cpp
@@ -0,0 +1,455 @@
1/*
2 ---------------------------------------------------------------------------
3 Copyright (c) 2003, Dr Brian Gladman < >, Worcester, UK.
4 All rights reserved.
5
6 LICENSE TERMS
7
8 The free distribution and use of this software in both source and binary
9 form is allowed (with or without changes) provided that:
10
11 1. distributions of this source code include the above copyright
12 notice, this list of conditions and the following disclaimer;
13
14 2. distributions in binary form include the above copyright
15 notice, this list of conditions and the following disclaimer
16 in the documentation and/or other associated materials;
17
18 3. the copyright holder's name is not used to endorse products
19 built using this software without specific written permission.
20
21 ALTERNATIVELY, provided that this notice is retained in full, this product
22 may be distributed under the terms of the GNU General Public License (GPL),
23 in which case the provisions of the GPL apply INSTEAD OF those given above.
24
25 DISCLAIMER
26
27 This software is provided 'as is' with no explicit or implied warranties
28 in respect of its properties, including, but not limited to, correctness
29 and/or fitness for purpose.
30 ---------------------------------------------------------------------------
31 Issue Date: 26/08/2003
32
33 This file contains the code for implementing the key schedule for AES
34 (Rijndael) for block and key sizes of 16, 24, and 32 bytes. See aesopt.h
35 for further details including optimisation.
36*/
37
38#include "aesopt.h"
39
40/* Initialise the key schedule from the user supplied key. The key
41 length can be specified in bytes, with legal values of 16, 24
42 and 32, or in bits, with legal values of 128, 192 and 256. These
43 values correspond with Nk values of 4, 6 and 8 respectively.
44
45 The following macros implement a single cycle in the key
46 schedule generation process. The number of cycles needed
47 for each cx->n_col and nk value is:
48
49 nk = 4 5 6 7 8
50 ------------------------------
51 cx->n_col = 4 10 9 8 7 7
52 cx->n_col = 5 14 11 10 9 9
53 cx->n_col = 6 19 15 12 11 11
54 cx->n_col = 7 21 19 16 13 14
55 cx->n_col = 8 29 23 19 17 14
56*/
57
58#define ke4(k,i) \
59{ k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+5] = ss[1] ^= ss[0]; \
60 k[4*(i)+6] = ss[2] ^= ss[1]; k[4*(i)+7] = ss[3] ^= ss[2]; \
61}
62#define kel4(k,i) \
63{ k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+5] = ss[1] ^= ss[0]; \
64 k[4*(i)+6] = ss[2] ^= ss[1]; k[4*(i)+7] = ss[3] ^= ss[2]; \
65}
66
67#define ke6(k,i) \
68{ k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 7] = ss[1] ^= ss[0]; \
69 k[6*(i)+ 8] = ss[2] ^= ss[1]; k[6*(i)+ 9] = ss[3] ^= ss[2]; \
70 k[6*(i)+10] = ss[4] ^= ss[3]; k[6*(i)+11] = ss[5] ^= ss[4]; \
71}
72#define kel6(k,i) \
73{ k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 7] = ss[1] ^= ss[0]; \
74 k[6*(i)+ 8] = ss[2] ^= ss[1]; k[6*(i)+ 9] = ss[3] ^= ss[2]; \
75}
76
77#define ke8(k,i) \
78{ k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 9] = ss[1] ^= ss[0]; \
79 k[8*(i)+10] = ss[2] ^= ss[1]; k[8*(i)+11] = ss[3] ^= ss[2]; \
80 k[8*(i)+12] = ss[4] ^= ls_box(ss[3],0); k[8*(i)+13] = ss[5] ^= ss[4]; \
81 k[8*(i)+14] = ss[6] ^= ss[5]; k[8*(i)+15] = ss[7] ^= ss[6]; \
82}
83#define kel8(k,i) \
84{ k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 9] = ss[1] ^= ss[0]; \
85 k[8*(i)+10] = ss[2] ^= ss[1]; k[8*(i)+11] = ss[3] ^= ss[2]; \
86}
87
88#if defined(ENCRYPTION_KEY_SCHEDULE)
89
90#if defined(AES_128) || defined(AES_VAR)
91
92aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1])
93{ aes_32t ss[4];
94
95 cx->ks[0] = ss[0] = word_in(in_key, 0);
96 cx->ks[1] = ss[1] = word_in(in_key, 1);
97 cx->ks[2] = ss[2] = word_in(in_key, 2);
98 cx->ks[3] = ss[3] = word_in(in_key, 3);
99
100#if ENC_UNROLL == NONE
101 { aes_32t i;
102
103 for(i = 0; i < ((11 * N_COLS - 1) / 4); ++i)
104 ke4(cx->ks, i);
105 }
106#else
107 ke4(cx->ks, 0); ke4(cx->ks, 1);
108 ke4(cx->ks, 2); ke4(cx->ks, 3);
109 ke4(cx->ks, 4); ke4(cx->ks, 5);
110 ke4(cx->ks, 6); ke4(cx->ks, 7);
111 ke4(cx->ks, 8); kel4(cx->ks, 9);
112#endif
113
114 /* cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] is zero for a 256 bit */
115 /* key and must be non-zero for 128 and 192 bits keys */
116 cx->ks[53] = cx->ks[45] = 0;
117 cx->ks[52] = 10;
118#ifdef AES_ERR_CHK
119 return aes_good;
120#endif
121}
122
123#endif
124
125#if defined(AES_192) || defined(AES_VAR)
126
127aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1])
128{ aes_32t ss[6];
129
130 cx->ks[0] = ss[0] = word_in(in_key, 0);
131 cx->ks[1] = ss[1] = word_in(in_key, 1);
132 cx->ks[2] = ss[2] = word_in(in_key, 2);
133 cx->ks[3] = ss[3] = word_in(in_key, 3);
134 cx->ks[4] = ss[4] = word_in(in_key, 4);
135 cx->ks[5] = ss[5] = word_in(in_key, 5);
136
137#if ENC_UNROLL == NONE
138 { aes_32t i;
139
140 for(i = 0; i < (13 * N_COLS - 1) / 6; ++i)
141 ke6(cx->ks, i);
142 }
143#else
144 ke6(cx->ks, 0); ke6(cx->ks, 1);
145 ke6(cx->ks, 2); ke6(cx->ks, 3);
146 ke6(cx->ks, 4); ke6(cx->ks, 5);
147 ke6(cx->ks, 6); kel6(cx->ks, 7);
148#endif
149
150 /* cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] is zero for a 256 bit */
151 /* key and must be non-zero for 128 and 192 bits keys */
152 cx->ks[53] = cx->ks[45];
153 cx->ks[52] = 12;
154#ifdef AES_ERR_CHK
155 return aes_good;
156#endif
157}
158
159#endif
160
161#if defined(AES_256) || defined(AES_VAR)
162
163aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1])
164{ aes_32t ss[8];
165
166 cx->ks[0] = ss[0] = word_in(in_key, 0);
167 cx->ks[1] = ss[1] = word_in(in_key, 1);
168 cx->ks[2] = ss[2] = word_in(in_key, 2);
169 cx->ks[3] = ss[3] = word_in(in_key, 3);
170 cx->ks[4] = ss[4] = word_in(in_key, 4);
171 cx->ks[5] = ss[5] = word_in(in_key, 5);
172 cx->ks[6] = ss[6] = word_in(in_key, 6);
173 cx->ks[7] = ss[7] = word_in(in_key, 7);
174
175#if ENC_UNROLL == NONE
176 { aes_32t i;
177
178 for(i = 0; i < (15 * N_COLS - 1) / 8; ++i)
179 ke8(cx->ks, i);
180 }
181#else
182 ke8(cx->ks, 0); ke8(cx->ks, 1);
183 ke8(cx->ks, 2); ke8(cx->ks, 3);
184 ke8(cx->ks, 4); ke8(cx->ks, 5);
185 kel8(cx->ks, 6);
186#endif
187#ifdef AES_ERR_CHK
188 return aes_good;
189#endif
190}
191
192#endif
193
194#if defined(AES_VAR)
195
196aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1])
197{
198 switch(key_len)
199 {
200#ifdef AES_ERR_CHK
201 case 16: case 128: return aes_encrypt_key128(in_key, cx);
202 case 24: case 192: return aes_encrypt_key192(in_key, cx);
203 case 32: case 256: return aes_encrypt_key256(in_key, cx);
204 default: return aes_error;
205#else
206 case 16: case 128: aes_encrypt_key128(in_key, cx); return;
207 case 24: case 192: aes_encrypt_key192(in_key, cx); return;
208 case 32: case 256: aes_encrypt_key256(in_key, cx); return;
209#endif
210 }
211}
212
213#endif
214
215#endif
216
217#if defined(DECRYPTION_KEY_SCHEDULE)
218
219#if DEC_ROUND == NO_TABLES
220#define ff(x) (x)
221#else
222#define ff(x) inv_mcol(x)
223#ifdef dec_imvars
224#define d_vars dec_imvars
225#endif
226#endif
227
228#if 1
229#define kdf4(k,i) \
230{ ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; ss[1] = ss[1] ^ ss[3]; ss[2] = ss[2] ^ ss[3]; ss[3] = ss[3]; \
231 ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
232 ss[4] ^= k[4*(i)]; k[4*(i)+4] = ff(ss[4]); ss[4] ^= k[4*(i)+1]; k[4*(i)+5] = ff(ss[4]); \
233 ss[4] ^= k[4*(i)+2]; k[4*(i)+6] = ff(ss[4]); ss[4] ^= k[4*(i)+3]; k[4*(i)+7] = ff(ss[4]); \
234}
235#define kd4(k,i) \
236{ ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; ss[4] = ff(ss[4]); \
237 k[4*(i)+4] = ss[4] ^= k[4*(i)]; k[4*(i)+5] = ss[4] ^= k[4*(i)+1]; \
238 k[4*(i)+6] = ss[4] ^= k[4*(i)+2]; k[4*(i)+7] = ss[4] ^= k[4*(i)+3]; \
239}
240#define kdl4(k,i) \
241{ ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
242 k[4*(i)+4] = (ss[0] ^= ss[1]) ^ ss[2] ^ ss[3]; k[4*(i)+5] = ss[1] ^ ss[3]; \
243 k[4*(i)+6] = ss[0]; k[4*(i)+7] = ss[1]; \
244}
245#else
246#define kdf4(k,i) \
247{ ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+ 4] = ff(ss[0]); ss[1] ^= ss[0]; k[4*(i)+ 5] = ff(ss[1]); \
248 ss[2] ^= ss[1]; k[4*(i)+ 6] = ff(ss[2]); ss[3] ^= ss[2]; k[4*(i)+ 7] = ff(ss[3]); \
249}
250#define kd4(k,i) \
251{ ss[4] = ls_box(ss[3],3) ^ t_use(r,c)[i]; \
252 ss[0] ^= ss[4]; ss[4] = ff(ss[4]); k[4*(i)+ 4] = ss[4] ^= k[4*(i)]; \
253 ss[1] ^= ss[0]; k[4*(i)+ 5] = ss[4] ^= k[4*(i)+ 1]; \
254 ss[2] ^= ss[1]; k[4*(i)+ 6] = ss[4] ^= k[4*(i)+ 2]; \
255 ss[3] ^= ss[2]; k[4*(i)+ 7] = ss[4] ^= k[4*(i)+ 3]; \
256}
257#define kdl4(k,i) \
258{ ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+ 4] = ss[0]; ss[1] ^= ss[0]; k[4*(i)+ 5] = ss[1]; \
259 ss[2] ^= ss[1]; k[4*(i)+ 6] = ss[2]; ss[3] ^= ss[2]; k[4*(i)+ 7] = ss[3]; \
260}
261#endif
262
263#define kdf6(k,i) \
264{ ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 6] = ff(ss[0]); ss[1] ^= ss[0]; k[6*(i)+ 7] = ff(ss[1]); \
265 ss[2] ^= ss[1]; k[6*(i)+ 8] = ff(ss[2]); ss[3] ^= ss[2]; k[6*(i)+ 9] = ff(ss[3]); \
266 ss[4] ^= ss[3]; k[6*(i)+10] = ff(ss[4]); ss[5] ^= ss[4]; k[6*(i)+11] = ff(ss[5]); \
267}
268#define kd6(k,i) \
269{ ss[6] = ls_box(ss[5],3) ^ t_use(r,c)[i]; \
270 ss[0] ^= ss[6]; ss[6] = ff(ss[6]); k[6*(i)+ 6] = ss[6] ^= k[6*(i)]; \
271 ss[1] ^= ss[0]; k[6*(i)+ 7] = ss[6] ^= k[6*(i)+ 1]; \
272 ss[2] ^= ss[1]; k[6*(i)+ 8] = ss[6] ^= k[6*(i)+ 2]; \
273 ss[3] ^= ss[2]; k[6*(i)+ 9] = ss[6] ^= k[6*(i)+ 3]; \
274 ss[4] ^= ss[3]; k[6*(i)+10] = ss[6] ^= k[6*(i)+ 4]; \
275 ss[5] ^= ss[4]; k[6*(i)+11] = ss[6] ^= k[6*(i)+ 5]; \
276}
277#define kdl6(k,i) \
278{ ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 6] = ss[0]; ss[1] ^= ss[0]; k[6*(i)+ 7] = ss[1]; \
279 ss[2] ^= ss[1]; k[6*(i)+ 8] = ss[2]; ss[3] ^= ss[2]; k[6*(i)+ 9] = ss[3]; \
280}
281
282#define kdf8(k,i) \
283{ ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 8] = ff(ss[0]); ss[1] ^= ss[0]; k[8*(i)+ 9] = ff(ss[1]); \
284 ss[2] ^= ss[1]; k[8*(i)+10] = ff(ss[2]); ss[3] ^= ss[2]; k[8*(i)+11] = ff(ss[3]); \
285 ss[4] ^= ls_box(ss[3],0); k[8*(i)+12] = ff(ss[4]); ss[5] ^= ss[4]; k[8*(i)+13] = ff(ss[5]); \
286 ss[6] ^= ss[5]; k[8*(i)+14] = ff(ss[6]); ss[7] ^= ss[6]; k[8*(i)+15] = ff(ss[7]); \
287}
288#define kd8(k,i) \
289{ aes_32t g = ls_box(ss[7],3) ^ t_use(r,c)[i]; \
290 ss[0] ^= g; g = ff(g); k[8*(i)+ 8] = g ^= k[8*(i)]; \
291 ss[1] ^= ss[0]; k[8*(i)+ 9] = g ^= k[8*(i)+ 1]; \
292 ss[2] ^= ss[1]; k[8*(i)+10] = g ^= k[8*(i)+ 2]; \
293 ss[3] ^= ss[2]; k[8*(i)+11] = g ^= k[8*(i)+ 3]; \
294 g = ls_box(ss[3],0); \
295 ss[4] ^= g; g = ff(g); k[8*(i)+12] = g ^= k[8*(i)+ 4]; \
296 ss[5] ^= ss[4]; k[8*(i)+13] = g ^= k[8*(i)+ 5]; \
297 ss[6] ^= ss[5]; k[8*(i)+14] = g ^= k[8*(i)+ 6]; \
298 ss[7] ^= ss[6]; k[8*(i)+15] = g ^= k[8*(i)+ 7]; \
299}
300#define kdl8(k,i) \
301{ ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 8] = ss[0]; ss[1] ^= ss[0]; k[8*(i)+ 9] = ss[1]; \
302 ss[2] ^= ss[1]; k[8*(i)+10] = ss[2]; ss[3] ^= ss[2]; k[8*(i)+11] = ss[3]; \
303}
304
305#if defined(AES_128) || defined(AES_VAR)
306
307aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1])
308{ aes_32t ss[5];
309#ifdef d_vars
310 d_vars;
311#endif
312 cx->ks[0] = ss[0] = word_in(in_key, 0);
313 cx->ks[1] = ss[1] = word_in(in_key, 1);
314 cx->ks[2] = ss[2] = word_in(in_key, 2);
315 cx->ks[3] = ss[3] = word_in(in_key, 3);
316
317#if DEC_UNROLL == NONE
318 { aes_32t i;
319
320 for(i = 0; i < (11 * N_COLS - 1) / 4; ++i)
321 ke4(cx->ks, i);
322#if !(DEC_ROUND == NO_TABLES)
323 for(i = N_COLS; i < 10 * N_COLS; ++i)
324 cx->ks[i] = inv_mcol(cx->ks[i]);
325#endif
326 }
327#else
328 kdf4(cx->ks, 0); kd4(cx->ks, 1);
329 kd4(cx->ks, 2); kd4(cx->ks, 3);
330 kd4(cx->ks, 4); kd4(cx->ks, 5);
331 kd4(cx->ks, 6); kd4(cx->ks, 7);
332 kd4(cx->ks, 8); kdl4(cx->ks, 9);
333#endif
334
335 /* cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] is zero for a 256 bit */
336 /* key and must be non-zero for 128 and 192 bits keys */
337 cx->ks[53] = cx->ks[45] = 0;
338 cx->ks[52] = 10;
339#ifdef AES_ERR_CHK
340 return aes_good;
341#endif
342}
343
344#endif
345
346#if defined(AES_192) || defined(AES_VAR)
347
348aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1])
349{ aes_32t ss[7];
350#ifdef d_vars
351 d_vars;
352#endif
353 cx->ks[0] = ss[0] = word_in(in_key, 0);
354 cx->ks[1] = ss[1] = word_in(in_key, 1);
355 cx->ks[2] = ss[2] = word_in(in_key, 2);
356 cx->ks[3] = ss[3] = word_in(in_key, 3);
357
358#if DEC_UNROLL == NONE
359 cx->ks[4] = ss[4] = word_in(in_key, 4);
360 cx->ks[5] = ss[5] = word_in(in_key, 5);
361 { aes_32t i;
362
363 for(i = 0; i < (13 * N_COLS - 1) / 6; ++i)
364 ke6(cx->ks, i);
365#if !(DEC_ROUND == NO_TABLES)
366 for(i = N_COLS; i < 12 * N_COLS; ++i)
367 cx->ks[i] = inv_mcol(cx->ks[i]);
368#endif
369 }
370#else
371 cx->ks[4] = ff(ss[4] = word_in(in_key, 4));
372 cx->ks[5] = ff(ss[5] = word_in(in_key, 5));
373 kdf6(cx->ks, 0); kd6(cx->ks, 1);
374 kd6(cx->ks, 2); kd6(cx->ks, 3);
375 kd6(cx->ks, 4); kd6(cx->ks, 5);
376 kd6(cx->ks, 6); kdl6(cx->ks, 7);
377#endif
378
379 /* cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] is zero for a 256 bit */
380 /* key and must be non-zero for 128 and 192 bits keys */
381 cx->ks[53] = cx->ks[45];
382 cx->ks[52] = 12;
383#ifdef AES_ERR_CHK
384 return aes_good;
385#endif
386}
387
388#endif
389
390#if defined(AES_256) || defined(AES_VAR)
391
392aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1])
393{ aes_32t ss[8];
394#ifdef d_vars
395 d_vars;
396#endif
397 cx->ks[0] = ss[0] = word_in(in_key, 0);
398 cx->ks[1] = ss[1] = word_in(in_key, 1);
399 cx->ks[2] = ss[2] = word_in(in_key, 2);
400 cx->ks[3] = ss[3] = word_in(in_key, 3);
401
402#if DEC_UNROLL == NONE
403 cx->ks[4] = ss[4] = word_in(in_key, 4);
404 cx->ks[5] = ss[5] = word_in(in_key, 5);
405 cx->ks[6] = ss[6] = word_in(in_key, 6);
406 cx->ks[7] = ss[7] = word_in(in_key, 7);
407 { aes_32t i;
408
409 for(i = 0; i < (15 * N_COLS - 1) / 8; ++i)
410 ke8(cx->ks, i);
411#if !(DEC_ROUND == NO_TABLES)
412 for(i = N_COLS; i < 14 * N_COLS; ++i)
413 cx->ks[i] = inv_mcol(cx->ks[i]);
414#endif
415 }
416#else
417 cx->ks[4] = ff(ss[4] = word_in(in_key, 4));
418 cx->ks[5] = ff(ss[5] = word_in(in_key, 5));
419 cx->ks[6] = ff(ss[6] = word_in(in_key, 6));
420 cx->ks[7] = ff(ss[7] = word_in(in_key, 7));
421 kdf8(cx->ks, 0); kd8(cx->ks, 1);
422 kd8(cx->ks, 2); kd8(cx->ks, 3);
423 kd8(cx->ks, 4); kd8(cx->ks, 5);
424 kdl8(cx->ks, 6);
425#endif
426#ifdef AES_ERR_CHK
427 return aes_good;
428#endif
429}
430
431#endif
432
433#if defined(AES_VAR)
434
435aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1])
436{
437 switch(key_len)
438 {
439#ifdef AES_ERR_CHK
440 case 16: case 128: return aes_decrypt_key128(in_key, cx);
441 case 24: case 192: return aes_decrypt_key192(in_key, cx);
442 case 32: case 256: return aes_decrypt_key256(in_key, cx);
443 default: return aes_error;
444#else
445 case 16: case 128: aes_decrypt_key128(in_key, cx); return;
446 case 24: case 192: aes_decrypt_key192(in_key, cx); return;
447 case 32: case 256: aes_decrypt_key256(in_key, cx); return;
448#endif
449 }
450}
451
452#endif
453
454#endif
455
diff --git a/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aesopt.h b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aesopt.h
new file mode 100644
index 0000000..9c0d842
--- /dev/null
+++ b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aesopt.h
@@ -0,0 +1,955 @@
1/*
2 ---------------------------------------------------------------------------
3 Copyright (c) 2003, Dr Brian Gladman < >, Worcester, UK.
4 All rights reserved.
5
6 LICENSE TERMS
7
8 The free distribution and use of this software in both source and binary
9 form is allowed (with or without changes) provided that:
10
11 1. distributions of this source code include the above copyright
12 notice, this list of conditions and the following disclaimer;
13
14 2. distributions in binary form include the above copyright
15 notice, this list of conditions and the following disclaimer
16 in the documentation and/or other associated materials;
17
18 3. the copyright holder's name is not used to endorse products
19 built using this software without specific written permission.
20
21 ALTERNATIVELY, provided that this notice is retained in full, this product
22 may be distributed under the terms of the GNU General Public License (GPL),
23 in which case the provisions of the GPL apply INSTEAD OF those given above.
24
25 DISCLAIMER
26
27 This software is provided 'as is' with no explicit or implied warranties
28 in respect of its properties, including, but not limited to, correctness
29 and/or fitness for purpose.
30 ---------------------------------------------------------------------------
31 Issue Date: 26/08/2003
32
33 My thanks go to Dag Arne Osvik for devising the schemes used here for key
34 length derivation from the form of the key schedule
35
36 This file contains the compilation options for AES (Rijndael) and code
37 that is common across encryption, key scheduling and table generation.
38
39 OPERATION
40
41 These source code files implement the AES algorithm Rijndael designed by
42 Joan Daemen and Vincent Rijmen. This version is designed for the standard
43 block size of 16 bytes and for key sizes of 128, 192 and 256 bits (16, 24
44 and 32 bytes).
45
46 This version is designed for flexibility and speed using operations on
47 32-bit words rather than operations on bytes. It can be compiled with
48 either big or little endian internal byte order but is faster when the
49 native byte order for the processor is used.
50
51 THE CIPHER INTERFACE
52
53 The cipher interface is implemented as an array of bytes in which lower
54 AES bit sequence indexes map to higher numeric significance within bytes.
55
56 aes_08t (an unsigned 8-bit type)
57 aes_32t (an unsigned 32-bit type)
58 struct aes_encrypt_ctx (structure for the cipher encryption context)
59 struct aes_decrypt_ctx (structure for the cipher decryption context)
60 aes_rval the function return type
61
62 C subroutine calls:
63
64 aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1]);
65 aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1]);
66 aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1]);
67 aes_rval aes_encrypt(const void *in_blk,
68 void *out_blk, const aes_encrypt_ctx cx[1]);
69
70 aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1]);
71 aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1]);
72 aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1]);
73 aes_rval aes_decrypt(const void *in_blk,
74 void *out_blk, const aes_decrypt_ctx cx[1]);
75
76 IMPORTANT NOTE: If you are using this C interface with dynamic tables make sure that
77 you call genTabs() before AES is used so that the tables are initialised.
78
79 C++ aes class subroutines:
80
81 Class AESencrypt for encryption
82
83 Construtors:
84 AESencrypt(void)
85 AESencrypt(const void *in_key) - 128 bit key
86 Members:
87 void key128(const void *in_key)
88 void key192(const void *in_key)
89 void key256(const void *in_key)
90 void encrypt(const void *in_blk, void *out_blk) const
91
92 Class AESdecrypt for encryption
93 Construtors:
94 AESdecrypt(void)
95 AESdecrypt(const void *in_key) - 128 bit key
96 Members:
97 void key128(const void *in_key)
98 void key192(const void *in_key)
99 void key256(const void *in_key)
100 void decrypt(const void *in_blk, void *out_blk) const
101
102 COMPILATION
103
104 The files used to provide AES (Rijndael) are
105
106 a. aes.h for the definitions needed for use in C.
107 b. aescpp.h for the definitions needed for use in C++.
108 c. aesopt.h for setting compilation options (also includes common code).
109 d. aescrypt.c for encryption and decrytpion, or
110 e. aeskey.c for key scheduling.
111 f. aestab.c for table loading or generation.
112 g. aescrypt.asm for encryption and decryption using assembler code.
113 h. aescrypt.mmx.asm for encryption and decryption using MMX assembler.
114
115 To compile AES (Rijndael) for use in C code use aes.h and set the
116 defines here for the facilities you need (key lengths, encryption
117 and/or decryption). Do not define AES_DLL or AES_CPP. Set the options
118 for optimisations and table sizes here.
119
120 To compile AES (Rijndael) for use in in C++ code use aescpp.h but do
121 not define AES_DLL
122
123 To compile AES (Rijndael) in C as a Dynamic Link Library DLL) use
124 aes.h and include the AES_DLL define.
125
126 CONFIGURATION OPTIONS (here and in aes.h)
127
128 a. set AES_DLL in aes.h if AES (Rijndael) is to be compiled as a DLL
129 b. You may need to set PLATFORM_BYTE_ORDER to define the byte order.
130 c. If you want the code to run in a specific internal byte order, then
131 ALGORITHM_BYTE_ORDER must be set accordingly.
132 d. set other configuration options decribed below.
133*/
134
135#ifndef _AESOPT_H
136#define _AESOPT_H
137
138#include "aes.h"
139
140/* CONFIGURATION - USE OF DEFINES
141
142 Later in this section there are a number of defines that control the
143 operation of the code. In each section, the purpose of each define is
144 explained so that the relevant form can be included or excluded by
145 setting either 1's or 0's respectively on the branches of the related
146 #if clauses.
147*/
148
149/* BYTE ORDER IN 32-BIT WORDS
150
151 To obtain the highest speed on processors with 32-bit words, this code
152 needs to determine the byte order of the target machine. The following
153 block of code is an attempt to capture the most obvious ways in which
154 various environemnts define byte order. It may well fail, in which case
155 the definitions will need to be set by editing at the points marked
156 **** EDIT HERE IF NECESSARY **** below. My thanks to Peter Gutmann for
157 some of these defines (from cryptlib).
158*/
159
160#define BRG_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */
161#define BRG_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */
162
163#ifdef __BIG_ENDIAN__
164#define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
165#else
166#define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
167#endif
168
169/* SOME LOCAL DEFINITIONS */
170
171#define NO_TABLES 0
172#define ONE_TABLE 1
173#define FOUR_TABLES 4
174#define NONE 0
175#define PARTIAL 1
176#define FULL 2
177
178#define aes_sw32 Byteswap::byteswap
179
180/* 1. FUNCTIONS REQUIRED
181
182 This implementation provides subroutines for encryption, decryption
183 and for setting the three key lengths (separately) for encryption
184 and decryption. When the assembler code is not being used the following
185 definition blocks allow the selection of the routines that are to be
186 included in the compilation.
187*/
188#ifdef AES_ENCRYPT
189#define ENCRYPTION
190#define ENCRYPTION_KEY_SCHEDULE
191#endif
192
193#ifdef AES_DECRYPT
194#define DECRYPTION
195#define DECRYPTION_KEY_SCHEDULE
196#endif
197
198/* 2. ASSEMBLER SUPPORT
199
200 This define (which can be on the command line) enables the use of the
201 assembler code routines for encryption and decryption with the C code
202 only providing key scheduling
203*/
204#if 0
205#define AES_ASM
206#endif
207
208/* 3. BYTE ORDER WITHIN 32 BIT WORDS
209
210 The fundamental data processing units in Rijndael are 8-bit bytes. The
211 input, output and key input are all enumerated arrays of bytes in which
212 bytes are numbered starting at zero and increasing to one less than the
213 number of bytes in the array in question. This enumeration is only used
214 for naming bytes and does not imply any adjacency or order relationship
215 from one byte to another. When these inputs and outputs are considered
216 as bit sequences, bits 8*n to 8*n+7 of the bit sequence are mapped to
217 byte[n] with bit 8n+i in the sequence mapped to bit 7-i within the byte.
218 In this implementation bits are numbered from 0 to 7 starting at the
219 numerically least significant end of each byte (bit n represents 2^n).
220
221 However, Rijndael can be implemented more efficiently using 32-bit
222 words by packing bytes into words so that bytes 4*n to 4*n+3 are placed
223 into word[n]. While in principle these bytes can be assembled into words
224 in any positions, this implementation only supports the two formats in
225 which bytes in adjacent positions within words also have adjacent byte
226 numbers. This order is called big-endian if the lowest numbered bytes
227 in words have the highest numeric significance and little-endian if the
228 opposite applies.
229
230 This code can work in either order irrespective of the order used by the
231 machine on which it runs. Normally the internal byte order will be set
232 to the order of the processor on which the code is to be run but this
233 define can be used to reverse this in special situations
234
235 NOTE: Assembler code versions rely on PLATFORM_BYTE_ORDER being set
236*/
237#if 1 || defined(AES_ASM)
238#define ALGORITHM_BYTE_ORDER PLATFORM_BYTE_ORDER
239#elif 0
240#define ALGORITHM_BYTE_ORDER BRG_LITTLE_ENDIAN
241#elif 0
242#define ALGORITHM_BYTE_ORDER BRG_BIG_ENDIAN
243#else
244#error The algorithm byte order is not defined
245#endif
246
247/* 4. FAST INPUT/OUTPUT OPERATIONS.
248
249 On some machines it is possible to improve speed by transferring the
250 bytes in the input and output arrays to and from the internal 32-bit
251 variables by addressing these arrays as if they are arrays of 32-bit
252 words. On some machines this will always be possible but there may
253 be a large performance penalty if the byte arrays are not aligned on
254 the normal word boundaries. On other machines this technique will
255 lead to memory access errors when such 32-bit word accesses are not
256 properly aligned. The option SAFE_IO avoids such problems but will
257 often be slower on those machines that support misaligned access
258 (especially so if care is taken to align the input and output byte
259 arrays on 32-bit word boundaries). If SAFE_IO is not defined it is
260 assumed that access to byte arrays as if they are arrays of 32-bit
261 words will not cause problems when such accesses are misaligned.
262*/
263#if 1 && !defined(_MSC_VER)
264#define SAFE_IO
265#endif
266
267/* 5. LOOP UNROLLING
268
269 The code for encryption and decrytpion cycles through a number of rounds
270 that can be implemented either in a loop or by expanding the code into a
271 long sequence of instructions, the latter producing a larger program but
272 one that will often be much faster. The latter is called loop unrolling.
273 There are also potential speed advantages in expanding two iterations in
274 a loop with half the number of iterations, which is called partial loop
275 unrolling. The following options allow partial or full loop unrolling
276 to be set independently for encryption and decryption
277*/
278#if 1
279#define ENC_UNROLL FULL
280#elif 0
281#define ENC_UNROLL PARTIAL
282#else
283#define ENC_UNROLL NONE
284#endif
285
286#if 1
287#define DEC_UNROLL FULL
288#elif 0
289#define DEC_UNROLL PARTIAL
290#else
291#define DEC_UNROLL NONE
292#endif
293
294/* 6. FAST FINITE FIELD OPERATIONS
295
296 If this section is included, tables are used to provide faster finite
297 field arithmetic (this has no effect if FIXED_TABLES is defined).
298*/
299#if 0
300#define FF_TABLES
301#endif
302
303/* 7. INTERNAL STATE VARIABLE FORMAT
304
305 The internal state of Rijndael is stored in a number of local 32-bit
306 word varaibles which can be defined either as an array or as individual
307 names variables. Include this section if you want to store these local
308 varaibles in arrays. Otherwise individual local variables will be used.
309*/
310#if 1
311#define ARRAYS
312#endif
313
314/* In this implementation the columns of the state array are each held in
315 32-bit words. The state array can be held in various ways: in an array
316 of words, in a number of individual word variables or in a number of
317 processor registers. The following define maps a variable name x and
318 a column number c to the way the state array variable is to be held.
319 The first define below maps the state into an array x[c] whereas the
320 second form maps the state into a number of individual variables x0,
321 x1, etc. Another form could map individual state colums to machine
322 register names.
323*/
324
325#if defined(ARRAYS)
326#define s(x,c) x[c]
327#else
328#define s(x,c) x##c
329#endif
330
331/* 8. FIXED OR DYNAMIC TABLES
332
333 When this section is included the tables used by the code are compiled
334 statically into the binary file. Otherwise the subroutine gen_tabs()
335 must be called to compute them before the code is first used.
336*/
337#if 1
338#define FIXED_TABLES
339#define DO_TABLES
340#endif
341
342/* 9. TABLE ALIGNMENT
343
344 On some systems speed will be improved by aligning the AES large lookup
345 tables on particular boundaries. This define should be set to a power of
346 two giving the desired alignment. It can be left undefined if alignment
347 is not needed. This option is specific to the Microsft VC++ compiler -
348 it seems to sometimes cause trouble for the VC++ version 6 compiler.
349*/
350
351#if 0 && defined(_MSC_VER) && (_MSC_VER >= 1300)
352#define TABLE_ALIGN 64
353#endif
354
355/* 10. INTERNAL TABLE CONFIGURATION
356
357 This cipher proceeds by repeating in a number of cycles known as 'rounds'
358 which are implemented by a round function which can optionally be speeded
359 up using tables. The basic tables are each 256 32-bit words, with either
360 one or four tables being required for each round function depending on
361 how much speed is required. The encryption and decryption round functions
362 are different and the last encryption and decrytpion round functions are
363 different again making four different round functions in all.
364
365 This means that:
366 1. Normal encryption and decryption rounds can each use either 0, 1
367 or 4 tables and table spaces of 0, 1024 or 4096 bytes each.
368 2. The last encryption and decryption rounds can also use either 0, 1
369 or 4 tables and table spaces of 0, 1024 or 4096 bytes each.
370
371 Include or exclude the appropriate definitions below to set the number
372 of tables used by this implementation.
373*/
374
375#if 1 /* set tables for the normal encryption round */
376#define ENC_ROUND FOUR_TABLES
377#elif 0
378#define ENC_ROUND ONE_TABLE
379#else
380#define ENC_ROUND NO_TABLES
381#endif
382
383#if 1 /* set tables for the last encryption round */
384#define LAST_ENC_ROUND FOUR_TABLES
385#elif 0
386#define LAST_ENC_ROUND ONE_TABLE
387#else
388#define LAST_ENC_ROUND NO_TABLES
389#endif
390
391#if 1 /* set tables for the normal decryption round */
392#define DEC_ROUND FOUR_TABLES
393#elif 0
394#define DEC_ROUND ONE_TABLE
395#else
396#define DEC_ROUND NO_TABLES
397#endif
398
399#if 1 /* set tables for the last decryption round */
400#define LAST_DEC_ROUND FOUR_TABLES
401#elif 0
402#define LAST_DEC_ROUND ONE_TABLE
403#else
404#define LAST_DEC_ROUND NO_TABLES
405#endif
406
407/* The decryption key schedule can be speeded up with tables in the same
408 way that the round functions can. Include or exclude the following
409 defines to set this requirement.
410*/
411#if 1
412#define KEY_SCHED FOUR_TABLES
413#elif 0
414#define KEY_SCHED ONE_TABLE
415#else
416#define KEY_SCHED NO_TABLES
417#endif
418
419/* END OF CONFIGURATION OPTIONS */
420
421#define RC_LENGTH (5 * (AES_BLOCK_SIZE / 4 - 2))
422
423/* Disable or report errors on some combinations of options */
424
425#if ENC_ROUND == NO_TABLES && LAST_ENC_ROUND != NO_TABLES
426#undef LAST_ENC_ROUND
427#define LAST_ENC_ROUND NO_TABLES
428#elif ENC_ROUND == ONE_TABLE && LAST_ENC_ROUND == FOUR_TABLES
429#undef LAST_ENC_ROUND
430#define LAST_ENC_ROUND ONE_TABLE
431#endif
432
433#if ENC_ROUND == NO_TABLES && ENC_UNROLL != NONE
434#undef ENC_UNROLL
435#define ENC_UNROLL NONE
436#endif
437
438#if DEC_ROUND == NO_TABLES && LAST_DEC_ROUND != NO_TABLES
439#undef LAST_DEC_ROUND
440#define LAST_DEC_ROUND NO_TABLES
441#elif DEC_ROUND == ONE_TABLE && LAST_DEC_ROUND == FOUR_TABLES
442#undef LAST_DEC_ROUND
443#define LAST_DEC_ROUND ONE_TABLE
444#endif
445
446#if DEC_ROUND == NO_TABLES && DEC_UNROLL != NONE
447#undef DEC_UNROLL
448#define DEC_UNROLL NONE
449#endif
450
451/* upr(x,n): rotates bytes within words by n positions, moving bytes to
452 higher index positions with wrap around into low positions
453 ups(x,n): moves bytes by n positions to higher index positions in
454 words but without wrap around
455 bval(x,n): extracts a byte from a word
456
457 NOTE: The definitions given here are intended only for use with
458 unsigned variables and with shift counts that are compile
459 time constants
460*/
461
462#if (ALGORITHM_BYTE_ORDER == BRG_LITTLE_ENDIAN)
463#define upr(x,n) (((aes_32t)(x) << (8 * (n))) | ((aes_32t)(x) >> (32 - 8 * (n))))
464#define ups(x,n) ((aes_32t) (x) << (8 * (n)))
465#define bval(x,n) ((aes_08t)((x) >> (8 * (n))))
466#define bytes2word(b0, b1, b2, b3) \
467 (((aes_32t)(b3) << 24) | ((aes_32t)(b2) << 16) | ((aes_32t)(b1) << 8) | (b0))
468#endif
469
470#if (ALGORITHM_BYTE_ORDER == BRG_BIG_ENDIAN)
471#define upr(x,n) (((aes_32t)(x) >> (8 * (n))) | ((aes_32t)(x) << (32 - 8 * (n))))
472#define ups(x,n) ((aes_32t) (x) >> (8 * (n))))
473#define bval(x,n) ((aes_08t)((x) >> (24 - 8 * (n))))
474#define bytes2word(b0, b1, b2, b3) \
475 (((aes_32t)(b0) << 24) | ((aes_32t)(b1) << 16) | ((aes_32t)(b2) << 8) | (b3))
476#endif
477
478#if defined(SAFE_IO)
479
480#define word_in(x,c) bytes2word(((aes_08t*)(x)+4*c)[0], ((aes_08t*)(x)+4*c)[1], \
481 ((aes_08t*)(x)+4*c)[2], ((aes_08t*)(x)+4*c)[3])
482#define word_out(x,c,v) { ((aes_08t*)(x)+4*c)[0] = bval(v,0); ((aes_08t*)(x)+4*c)[1] = bval(v,1); \
483 ((aes_08t*)(x)+4*c)[2] = bval(v,2); ((aes_08t*)(x)+4*c)[3] = bval(v,3); }
484
485#elif (ALGORITHM_BYTE_ORDER == PLATFORM_BYTE_ORDER)
486
487#define word_in(x,c) (*((aes_32t*)(x)+(c)))
488#define word_out(x,c,v) (*((aes_32t*)(x)+(c)) = (v))
489
490#else
491
492#define word_in(x,c) aes_sw32(*((aes_32t*)(x)+(c)))
493#define word_out(x,c,v) (*((aes_32t*)(x)+(c)) = aes_sw32(v))
494
495#endif
496
497/* the finite field modular polynomial and elements */
498
499#define WPOLY 0x011b
500#define BPOLY 0x1b
501
502/* multiply four bytes in GF(2^8) by 'x' {02} in parallel */
503
504#define m1 0x80808080
505#define m2 0x7f7f7f7f
506#define gf_mulx(x) ((((x) & m2) << 1) ^ ((((x) & m1) >> 7) * BPOLY))
507
508/* The following defines provide alternative definitions of gf_mulx that might
509 give improved performance if a fast 32-bit multiply is not available. Note
510 that a temporary variable u needs to be defined where gf_mulx is used.
511
512#define gf_mulx(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6))
513#define m4 (0x01010101 * BPOLY)
514#define gf_mulx(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4)
515*/
516
517/* Work out which tables are needed for the different options */
518
519#ifdef AES_ASM
520#ifdef ENC_ROUND
521#undef ENC_ROUND
522#endif
523#define ENC_ROUND FOUR_TABLES
524#ifdef LAST_ENC_ROUND
525#undef LAST_ENC_ROUND
526#endif
527#define LAST_ENC_ROUND FOUR_TABLES
528#ifdef DEC_ROUND
529#undef DEC_ROUND
530#endif
531#define DEC_ROUND FOUR_TABLES
532#ifdef LAST_DEC_ROUND
533#undef LAST_DEC_ROUND
534#endif
535#define LAST_DEC_ROUND FOUR_TABLES
536#ifdef KEY_SCHED
537#undef KEY_SCHED
538#define KEY_SCHED FOUR_TABLES
539#endif
540#endif
541
542#if defined(ENCRYPTION) || defined(AES_ASM)
543#if ENC_ROUND == ONE_TABLE
544#define FT1_SET
545#elif ENC_ROUND == FOUR_TABLES
546#define FT4_SET
547#else
548#define SBX_SET
549#endif
550#if LAST_ENC_ROUND == ONE_TABLE
551#define FL1_SET
552#elif LAST_ENC_ROUND == FOUR_TABLES
553#define FL4_SET
554#elif !defined(SBX_SET)
555#define SBX_SET
556#endif
557#endif
558
559#if defined(DECRYPTION) || defined(AES_ASM)
560#if DEC_ROUND == ONE_TABLE
561#define IT1_SET
562#elif DEC_ROUND == FOUR_TABLES
563#define IT4_SET
564#else
565#define ISB_SET
566#endif
567#if LAST_DEC_ROUND == ONE_TABLE
568#define IL1_SET
569#elif LAST_DEC_ROUND == FOUR_TABLES
570#define IL4_SET
571#elif !defined(ISB_SET)
572#define ISB_SET
573#endif
574#endif
575
576#if defined(ENCRYPTION_KEY_SCHEDULE) || defined(DECRYPTION_KEY_SCHEDULE)
577#if KEY_SCHED == ONE_TABLE
578#define LS1_SET
579#define IM1_SET
580#elif KEY_SCHED == FOUR_TABLES
581#define LS4_SET
582#define IM4_SET
583#elif !defined(SBX_SET)
584#define SBX_SET
585#endif
586#endif
587
588/* generic definitions of Rijndael macros that use tables */
589
590#define no_table(x,box,vf,rf,c) bytes2word( \
591 box[bval(vf(x,0,c),rf(0,c))], \
592 box[bval(vf(x,1,c),rf(1,c))], \
593 box[bval(vf(x,2,c),rf(2,c))], \
594 box[bval(vf(x,3,c),rf(3,c))])
595
596#define one_table(x,op,tab,vf,rf,c) \
597 ( tab[bval(vf(x,0,c),rf(0,c))] \
598 ^ op(tab[bval(vf(x,1,c),rf(1,c))],1) \
599 ^ op(tab[bval(vf(x,2,c),rf(2,c))],2) \
600 ^ op(tab[bval(vf(x,3,c),rf(3,c))],3))
601
602#define four_tables(x,tab,vf,rf,c) \
603 ( tab[0][bval(vf(x,0,c),rf(0,c))] \
604 ^ tab[1][bval(vf(x,1,c),rf(1,c))] \
605 ^ tab[2][bval(vf(x,2,c),rf(2,c))] \
606 ^ tab[3][bval(vf(x,3,c),rf(3,c))])
607
608#define vf1(x,r,c) (x)
609#define rf1(r,c) (r)
610#define rf2(r,c) ((8+r-c)&3)
611
612/* perform forward and inverse column mix operation on four bytes in long word x in */
613/* parallel. NOTE: x must be a simple variable, NOT an expression in these macros. */
614
615#if defined(FM4_SET) /* not currently used */
616#define fwd_mcol(x) four_tables(x,t_use(f,m),vf1,rf1,0)
617#elif defined(FM1_SET) /* not currently used */
618#define fwd_mcol(x) one_table(x,upr,t_use(f,m),vf1,rf1,0)
619#else
620#define dec_fmvars aes_32t g2
621#define fwd_mcol(x) (g2 = gf_mulx(x), g2 ^ upr((x) ^ g2, 3) ^ upr((x), 2) ^ upr((x), 1))
622#endif
623
624#if defined(IM4_SET)
625#define inv_mcol(x) four_tables(x,t_use(i,m),vf1,rf1,0)
626#elif defined(IM1_SET)
627#define inv_mcol(x) one_table(x,upr,t_use(i,m),vf1,rf1,0)
628#else
629#define dec_imvars aes_32t g2, g4, g9
630#define inv_mcol(x) (g2 = gf_mulx(x), g4 = gf_mulx(g2), g9 = (x) ^ gf_mulx(g4), g4 ^= g9, \
631 (x) ^ g2 ^ g4 ^ upr(g2 ^ g9, 3) ^ upr(g4, 2) ^ upr(g9, 1))
632#endif
633
634#if defined(FL4_SET)
635#define ls_box(x,c) four_tables(x,t_use(f,l),vf1,rf2,c)
636#elif defined(LS4_SET)
637#define ls_box(x,c) four_tables(x,t_use(l,s),vf1,rf2,c)
638#elif defined(FL1_SET)
639#define ls_box(x,c) one_table(x,upr,t_use(f,l),vf1,rf2,c)
640#elif defined(LS1_SET)
641#define ls_box(x,c) one_table(x,upr,t_use(l,s),vf1,rf2,c)
642#else
643#define ls_box(x,c) no_table(x,t_use(s,box),vf1,rf2,c)
644#endif
645
646/* If there are no global variables, the definitions here can be
647 used to put the AES tables in a structure so that a pointer
648 can then be added to the AES context to pass them to the AES
649 routines that need them. If this facility is used, the calling
650 program has to ensure that this pointer is managed appropriately.
651 In particular, the value of the t_dec(in,it) item in the table
652 structure must be set to zero in order to ensure that the tables
653 are initialised. In practice the three code sequences in aeskey.c
654 that control the calls to gen_tabs() and the gen_tabs() routine
655 itself will have to be changed for a specific implementation. If
656 global variables are available it will generally be preferable to
657 use them with the precomputed FIXED_TABLES option that uses static
658 global tables.
659
660 The following defines can be used to control the way the tables
661 are defined, initialised and used in embedded environments that
662 require special features for these purposes
663
664 the 't_dec' construction is used to declare fixed table arrays
665 the 't_set' construction is used to set fixed table values
666 the 't_use' construction is used to access fixed table values
667
668 256 byte tables:
669
670 t_xxx(s,box) => forward S box
671 t_xxx(i,box) => inverse S box
672
673 256 32-bit word OR 4 x 256 32-bit word tables:
674
675 t_xxx(f,n) => forward normal round
676 t_xxx(f,l) => forward last round
677 t_xxx(i,n) => inverse normal round
678 t_xxx(i,l) => inverse last round
679 t_xxx(l,s) => key schedule table
680 t_xxx(i,m) => key schedule table
681
682 Other variables and tables:
683
684 t_xxx(r,c) => the rcon table
685*/
686
687#define t_dec(m,n) t_##m##n
688#define t_set(m,n) t_##m##n
689#define t_use(m,n) t_##m##n
690
691#if defined(DO_TABLES) /* declare and instantiate tables */
692
693/* finite field arithmetic operations for table generation */
694
695#if defined(FIXED_TABLES) || !defined(FF_TABLES)
696
697#define f2(x) ((x<<1) ^ (((x>>7) & 1) * WPOLY))
698#define f4(x) ((x<<2) ^ (((x>>6) & 1) * WPOLY) ^ (((x>>6) & 2) * WPOLY))
699#define f8(x) ((x<<3) ^ (((x>>5) & 1) * WPOLY) ^ (((x>>5) & 2) * WPOLY) \
700 ^ (((x>>5) & 4) * WPOLY))
701#define f3(x) (f2(x) ^ x)
702#define f9(x) (f8(x) ^ x)
703#define fb(x) (f8(x) ^ f2(x) ^ x)
704#define fd(x) (f8(x) ^ f4(x) ^ x)
705#define fe(x) (f8(x) ^ f4(x) ^ f2(x))
706
707#else
708
709#define f2(x) ((x) ? pow[log[x] + 0x19] : 0)
710#define f3(x) ((x) ? pow[log[x] + 0x01] : 0)
711#define f9(x) ((x) ? pow[log[x] + 0xc7] : 0)
712#define fb(x) ((x) ? pow[log[x] + 0x68] : 0)
713#define fd(x) ((x) ? pow[log[x] + 0xee] : 0)
714#define fe(x) ((x) ? pow[log[x] + 0xdf] : 0)
715#define fi(x) ((x) ? pow[ 255 - log[x]] : 0)
716
717#endif
718
719#if defined(FIXED_TABLES) /* declare and set values for static tables */
720
721#define sb_data(w) \
722 w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\
723 w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\
724 w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\
725 w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\
726 w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\
727 w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\
728 w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\
729 w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\
730 w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\
731 w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\
732 w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\
733 w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\
734 w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\
735 w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\
736 w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\
737 w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\
738 w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\
739 w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\
740 w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\
741 w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\
742 w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\
743 w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\
744 w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\
745 w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\
746 w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\
747 w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\
748 w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\
749 w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\
750 w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\
751 w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\
752 w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\
753 w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16)
754
755#define isb_data(w) \
756 w(0x52), w(0x09), w(0x6a), w(0xd5), w(0x30), w(0x36), w(0xa5), w(0x38),\
757 w(0xbf), w(0x40), w(0xa3), w(0x9e), w(0x81), w(0xf3), w(0xd7), w(0xfb),\
758 w(0x7c), w(0xe3), w(0x39), w(0x82), w(0x9b), w(0x2f), w(0xff), w(0x87),\
759 w(0x34), w(0x8e), w(0x43), w(0x44), w(0xc4), w(0xde), w(0xe9), w(0xcb),\
760 w(0x54), w(0x7b), w(0x94), w(0x32), w(0xa6), w(0xc2), w(0x23), w(0x3d),\
761 w(0xee), w(0x4c), w(0x95), w(0x0b), w(0x42), w(0xfa), w(0xc3), w(0x4e),\
762 w(0x08), w(0x2e), w(0xa1), w(0x66), w(0x28), w(0xd9), w(0x24), w(0xb2),\
763 w(0x76), w(0x5b), w(0xa2), w(0x49), w(0x6d), w(0x8b), w(0xd1), w(0x25),\
764 w(0x72), w(0xf8), w(0xf6), w(0x64), w(0x86), w(0x68), w(0x98), w(0x16),\
765 w(0xd4), w(0xa4), w(0x5c), w(0xcc), w(0x5d), w(0x65), w(0xb6), w(0x92),\
766 w(0x6c), w(0x70), w(0x48), w(0x50), w(0xfd), w(0xed), w(0xb9), w(0xda),\
767 w(0x5e), w(0x15), w(0x46), w(0x57), w(0xa7), w(0x8d), w(0x9d), w(0x84),\
768 w(0x90), w(0xd8), w(0xab), w(0x00), w(0x8c), w(0xbc), w(0xd3), w(0x0a),\
769 w(0xf7), w(0xe4), w(0x58), w(0x05), w(0xb8), w(0xb3), w(0x45), w(0x06),\
770 w(0xd0), w(0x2c), w(0x1e), w(0x8f), w(0xca), w(0x3f), w(0x0f), w(0x02),\
771 w(0xc1), w(0xaf), w(0xbd), w(0x03), w(0x01), w(0x13), w(0x8a), w(0x6b),\
772 w(0x3a), w(0x91), w(0x11), w(0x41), w(0x4f), w(0x67), w(0xdc), w(0xea),\
773 w(0x97), w(0xf2), w(0xcf), w(0xce), w(0xf0), w(0xb4), w(0xe6), w(0x73),\
774 w(0x96), w(0xac), w(0x74), w(0x22), w(0xe7), w(0xad), w(0x35), w(0x85),\
775 w(0xe2), w(0xf9), w(0x37), w(0xe8), w(0x1c), w(0x75), w(0xdf), w(0x6e),\
776 w(0x47), w(0xf1), w(0x1a), w(0x71), w(0x1d), w(0x29), w(0xc5), w(0x89),\
777 w(0x6f), w(0xb7), w(0x62), w(0x0e), w(0xaa), w(0x18), w(0xbe), w(0x1b),\
778 w(0xfc), w(0x56), w(0x3e), w(0x4b), w(0xc6), w(0xd2), w(0x79), w(0x20),\
779 w(0x9a), w(0xdb), w(0xc0), w(0xfe), w(0x78), w(0xcd), w(0x5a), w(0xf4),\
780 w(0x1f), w(0xdd), w(0xa8), w(0x33), w(0x88), w(0x07), w(0xc7), w(0x31),\
781 w(0xb1), w(0x12), w(0x10), w(0x59), w(0x27), w(0x80), w(0xec), w(0x5f),\
782 w(0x60), w(0x51), w(0x7f), w(0xa9), w(0x19), w(0xb5), w(0x4a), w(0x0d),\
783 w(0x2d), w(0xe5), w(0x7a), w(0x9f), w(0x93), w(0xc9), w(0x9c), w(0xef),\
784 w(0xa0), w(0xe0), w(0x3b), w(0x4d), w(0xae), w(0x2a), w(0xf5), w(0xb0),\
785 w(0xc8), w(0xeb), w(0xbb), w(0x3c), w(0x83), w(0x53), w(0x99), w(0x61),\
786 w(0x17), w(0x2b), w(0x04), w(0x7e), w(0xba), w(0x77), w(0xd6), w(0x26),\
787 w(0xe1), w(0x69), w(0x14), w(0x63), w(0x55), w(0x21), w(0x0c), w(0x7d),
788
789#define mm_data(w) \
790 w(0x00), w(0x01), w(0x02), w(0x03), w(0x04), w(0x05), w(0x06), w(0x07),\
791 w(0x08), w(0x09), w(0x0a), w(0x0b), w(0x0c), w(0x0d), w(0x0e), w(0x0f),\
792 w(0x10), w(0x11), w(0x12), w(0x13), w(0x14), w(0x15), w(0x16), w(0x17),\
793 w(0x18), w(0x19), w(0x1a), w(0x1b), w(0x1c), w(0x1d), w(0x1e), w(0x1f),\
794 w(0x20), w(0x21), w(0x22), w(0x23), w(0x24), w(0x25), w(0x26), w(0x27),\
795 w(0x28), w(0x29), w(0x2a), w(0x2b), w(0x2c), w(0x2d), w(0x2e), w(0x2f),\
796 w(0x30), w(0x31), w(0x32), w(0x33), w(0x34), w(0x35), w(0x36), w(0x37),\
797 w(0x38), w(0x39), w(0x3a), w(0x3b), w(0x3c), w(0x3d), w(0x3e), w(0x3f),\
798 w(0x40), w(0x41), w(0x42), w(0x43), w(0x44), w(0x45), w(0x46), w(0x47),\
799 w(0x48), w(0x49), w(0x4a), w(0x4b), w(0x4c), w(0x4d), w(0x4e), w(0x4f),\
800 w(0x50), w(0x51), w(0x52), w(0x53), w(0x54), w(0x55), w(0x56), w(0x57),\
801 w(0x58), w(0x59), w(0x5a), w(0x5b), w(0x5c), w(0x5d), w(0x5e), w(0x5f),\
802 w(0x60), w(0x61), w(0x62), w(0x63), w(0x64), w(0x65), w(0x66), w(0x67),\
803 w(0x68), w(0x69), w(0x6a), w(0x6b), w(0x6c), w(0x6d), w(0x6e), w(0x6f),\
804 w(0x70), w(0x71), w(0x72), w(0x73), w(0x74), w(0x75), w(0x76), w(0x77),\
805 w(0x78), w(0x79), w(0x7a), w(0x7b), w(0x7c), w(0x7d), w(0x7e), w(0x7f),\
806 w(0x80), w(0x81), w(0x82), w(0x83), w(0x84), w(0x85), w(0x86), w(0x87),\
807 w(0x88), w(0x89), w(0x8a), w(0x8b), w(0x8c), w(0x8d), w(0x8e), w(0x8f),\
808 w(0x90), w(0x91), w(0x92), w(0x93), w(0x94), w(0x95), w(0x96), w(0x97),\
809 w(0x98), w(0x99), w(0x9a), w(0x9b), w(0x9c), w(0x9d), w(0x9e), w(0x9f),\
810 w(0xa0), w(0xa1), w(0xa2), w(0xa3), w(0xa4), w(0xa5), w(0xa6), w(0xa7),\
811 w(0xa8), w(0xa9), w(0xaa), w(0xab), w(0xac), w(0xad), w(0xae), w(0xaf),\
812 w(0xb0), w(0xb1), w(0xb2), w(0xb3), w(0xb4), w(0xb5), w(0xb6), w(0xb7),\
813 w(0xb8), w(0xb9), w(0xba), w(0xbb), w(0xbc), w(0xbd), w(0xbe), w(0xbf),\
814 w(0xc0), w(0xc1), w(0xc2), w(0xc3), w(0xc4), w(0xc5), w(0xc6), w(0xc7),\
815 w(0xc8), w(0xc9), w(0xca), w(0xcb), w(0xcc), w(0xcd), w(0xce), w(0xcf),\
816 w(0xd0), w(0xd1), w(0xd2), w(0xd3), w(0xd4), w(0xd5), w(0xd6), w(0xd7),\
817 w(0xd8), w(0xd9), w(0xda), w(0xdb), w(0xdc), w(0xdd), w(0xde), w(0xdf),\
818 w(0xe0), w(0xe1), w(0xe2), w(0xe3), w(0xe4), w(0xe5), w(0xe6), w(0xe7),\
819 w(0xe8), w(0xe9), w(0xea), w(0xeb), w(0xec), w(0xed), w(0xee), w(0xef),\
820 w(0xf0), w(0xf1), w(0xf2), w(0xf3), w(0xf4), w(0xf5), w(0xf6), w(0xf7),\
821 w(0xf8), w(0xf9), w(0xfa), w(0xfb), w(0xfc), w(0xfd), w(0xfe), w(0xff)
822
823#define h0(x) (x)
824
825/* These defines are used to ensure tables are generated in the
826 right format depending on the internal byte order required
827*/
828
829#define w0(p) bytes2word(p, 0, 0, 0)
830#define w1(p) bytes2word(0, p, 0, 0)
831#define w2(p) bytes2word(0, 0, p, 0)
832#define w3(p) bytes2word(0, 0, 0, p)
833
834#define u0(p) bytes2word(f2(p), p, p, f3(p))
835#define u1(p) bytes2word(f3(p), f2(p), p, p)
836#define u2(p) bytes2word(p, f3(p), f2(p), p)
837#define u3(p) bytes2word(p, p, f3(p), f2(p))
838
839#define v0(p) bytes2word(fe(p), f9(p), fd(p), fb(p))
840#define v1(p) bytes2word(fb(p), fe(p), f9(p), fd(p))
841#define v2(p) bytes2word(fd(p), fb(p), fe(p), f9(p))
842#define v3(p) bytes2word(f9(p), fd(p), fb(p), fe(p))
843
844const aes_32t t_dec(r,c)[RC_LENGTH] =
845{
846 w0(0x01), w0(0x02), w0(0x04), w0(0x08), w0(0x10),
847 w0(0x20), w0(0x40), w0(0x80), w0(0x1b), w0(0x36)
848};
849
850#if defined(__BORLANDC__)
851 #define concat(s1, s2) s1##s2
852 #define d_1(t,n,b,v) const t n[256] = { b(concat(v,0)) }
853 #define d_4(t,n,b,v) const t n[4][256] = { { b(concat(v,0)) }, { b(concat(v,1)) }, { b(concat(v,2)) }, { b(concat(v,3)) } }
854#else
855 #define d_1(t,n,b,v) const t n[256] = { b(v##0) }
856 #define d_4(t,n,b,v) const t n[4][256] = { { b(v##0) }, { b(v##1) }, { b(v##2) }, { b(v##3) } }
857#endif
858
859#else /* declare and instantiate tables for dynamic value generation in in tab.c */
860
861aes_32t t_dec(r,c)[RC_LENGTH];
862
863#define d_1(t,n,b,v) t n[256]
864#define d_4(t,n,b,v) t n[4][256]
865
866#endif
867
868#else /* declare tables without instantiation */
869
870#if defined(FIXED_TABLES)
871
872extern const aes_32t t_dec(r,c)[RC_LENGTH];
873
874#if defined(_MSC_VER) && defined(TABLE_ALIGN)
875#define d_1(t,n,b,v) extern __declspec(align(TABLE_ALIGN)) const t n[256]
876#define d_4(t,n,b,v) extern __declspec(align(TABLE_ALIGN)) const t n[4][256]
877#else
878#define d_1(t,n,b,v) extern const t n[256]
879#define d_4(t,n,b,v) extern const t n[4][256]
880#endif
881#else
882
883extern aes_32t t_dec(r,c)[RC_LENGTH];
884
885#if defined(_MSC_VER) && defined(TABLE_ALIGN)
886#define d_1(t,n,b,v) extern __declspec(align(TABLE_ALIGN)) t n[256]
887#define d_4(t,n,b,v) extern __declspec(align(TABLE_ALIGN)) t n[4][256]
888#else
889#define d_1(t,n,b,v) extern t n[256]
890#define d_4(t,n,b,v) extern t n[4][256]
891#endif
892#endif
893
894#endif
895
896#ifdef SBX_SET
897 d_1(aes_08t, t_dec(s,box), sb_data, h);
898#endif
899#ifdef ISB_SET
900 d_1(aes_08t, t_dec(i,box), isb_data, h);
901#endif
902
903#ifdef FT1_SET
904 d_1(aes_32t, t_dec(f,n), sb_data, u);
905#endif
906#ifdef FT4_SET
907 d_4(aes_32t, t_dec(f,n), sb_data, u);
908#endif
909
910#ifdef FL1_SET
911 d_1(aes_32t, t_dec(f,l), sb_data, w);
912#endif
913#ifdef FL4_SET
914 d_4(aes_32t, t_dec(f,l), sb_data, w);
915#endif
916
917#ifdef IT1_SET
918 d_1(aes_32t, t_dec(i,n), isb_data, v);
919#endif
920#ifdef IT4_SET
921 d_4(aes_32t, t_dec(i,n), isb_data, v);
922#endif
923
924#ifdef IL1_SET
925 d_1(aes_32t, t_dec(i,l), isb_data, w);
926#endif
927#ifdef IL4_SET
928 d_4(aes_32t, t_dec(i,l), isb_data, w);
929#endif
930
931#ifdef LS1_SET
932#ifdef FL1_SET
933#undef LS1_SET
934#else
935 d_1(aes_32t, t_dec(l,s), sb_data, w);
936#endif
937#endif
938
939#ifdef LS4_SET
940#ifdef FL4_SET
941#undef LS4_SET
942#else
943 d_4(aes_32t, t_dec(l,s), sb_data, w);
944#endif
945#endif
946
947#ifdef IM1_SET
948 d_1(aes_32t, t_dec(i,m), mm_data, v);
949#endif
950#ifdef IM4_SET
951 d_4(aes_32t, t_dec(i,m), mm_data, v);
952#endif
953
954#endif
955
diff --git a/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aestab.cpp b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aestab.cpp
new file mode 100644
index 0000000..e94aa76
--- /dev/null
+++ b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aestab.cpp
@@ -0,0 +1,223 @@
1/*
2 ---------------------------------------------------------------------------
3 Copyright (c) 2003, Dr Brian Gladman < >, Worcester, UK.
4 All rights reserved.
5
6 LICENSE TERMS
7
8 The free distribution and use of this software in both source and binary
9 form is allowed (with or without changes) provided that:
10
11 1. distributions of this source code include the above copyright
12 notice, this list of conditions and the following disclaimer;
13
14 2. distributions in binary form include the above copyright
15 notice, this list of conditions and the following disclaimer
16 in the documentation and/or other associated materials;
17
18 3. the copyright holder's name is not used to endorse products
19 built using this software without specific written permission.
20
21 ALTERNATIVELY, provided that this notice is retained in full, this product
22 may be distributed under the terms of the GNU General Public License (GPL),
23 in which case the provisions of the GPL apply INSTEAD OF those given above.
24
25 DISCLAIMER
26
27 This software is provided 'as is' with no explicit or implied warranties
28 in respect of its properties, including, but not limited to, correctness
29 and/or fitness for purpose.
30 ---------------------------------------------------------------------------
31 Issue Date: 26/08/2003
32
33*/
34
35#define DO_TABLES
36
37#include "aesopt.h"
38
39#if defined(FIXED_TABLES)
40
41/* implemented in case of wrong call for fixed tables */
42
43void gen_tabs(void)
44{
45}
46
47#else /* dynamic table generation */
48
49#if !defined(FF_TABLES)
50
51/* Generate the tables for the dynamic table option
52
53 It will generally be sensible to use tables to compute finite
54 field multiplies and inverses but where memory is scarse this
55 code might sometimes be better. But it only has effect during
56 initialisation so its pretty unimportant in overall terms.
57*/
58
59/* return 2 ^ (n - 1) where n is the bit number of the highest bit
60 set in x with x in the range 1 < x < 0x00000200. This form is
61 used so that locals within fi can be bytes rather than words
62*/
63
64static aes_08t hibit(const aes_32t x)
65{ aes_08t r = (aes_08t)((x >> 1) | (x >> 2));
66
67 r |= (r >> 2);
68 r |= (r >> 4);
69 return (r + 1) >> 1;
70}
71
72/* return the inverse of the finite field element x */
73
74static aes_08t fi(const aes_08t x)
75{ aes_08t p1 = x, p2 = BPOLY, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0;
76
77 if(x < 2) return x;
78
79 for(;;)
80 {
81 if(!n1) return v1;
82
83 while(n2 >= n1)
84 {
85 n2 /= n1; p2 ^= p1 * n2; v2 ^= v1 * n2; n2 = hibit(p2);
86 }
87
88 if(!n2) return v2;
89
90 while(n1 >= n2)
91 {
92 n1 /= n2; p1 ^= p2 * n1; v1 ^= v2 * n1; n1 = hibit(p1);
93 }
94 }
95}
96
97#endif
98
99/* The forward and inverse affine transformations used in the S-box */
100
101#define fwd_affine(x) \
102 (w = (aes_32t)x, w ^= (w<<1)^(w<<2)^(w<<3)^(w<<4), 0x63^(aes_08t)(w^(w>>8)))
103
104#define inv_affine(x) \
105 (w = (aes_32t)x, w = (w<<1)^(w<<3)^(w<<6), 0x05^(aes_08t)(w^(w>>8)))
106
107static int init = 0;
108
109void gen_tabs(void)
110{ aes_32t i, w;
111
112#if defined(FF_TABLES)
113
114 aes_08t pow[512], log[256];
115
116 if(init) return;
117 /* log and power tables for GF(2^8) finite field with
118 WPOLY as modular polynomial - the simplest primitive
119 root is 0x03, used here to generate the tables
120 */
121
122 i = 0; w = 1;
123 do
124 {
125 pow[i] = (aes_08t)w;
126 pow[i + 255] = (aes_08t)w;
127 log[w] = (aes_08t)i++;
128 w ^= (w << 1) ^ (w & 0x80 ? WPOLY : 0);
129 }
130 while (w != 1);
131
132#else
133 if(init) return;
134#endif
135
136 for(i = 0, w = 1; i < RC_LENGTH; ++i)
137 {
138 t_set(r,c)[i] = bytes2word(w, 0, 0, 0);
139 w = f2(w);
140 }
141
142 for(i = 0; i < 256; ++i)
143 { aes_08t b;
144
145 b = fwd_affine(fi((aes_08t)i));
146 w = bytes2word(f2(b), b, b, f3(b));
147
148#ifdef SBX_SET
149 t_set(s,box)[i] = b;
150#endif
151
152#ifdef FT1_SET /* tables for a normal encryption round */
153 t_set(f,n)[i] = w;
154#endif
155#ifdef FT4_SET
156 t_set(f,n)[0][i] = w;
157 t_set(f,n)[1][i] = upr(w,1);
158 t_set(f,n)[2][i] = upr(w,2);
159 t_set(f,n)[3][i] = upr(w,3);
160#endif
161 w = bytes2word(b, 0, 0, 0);
162
163#ifdef FL1_SET /* tables for last encryption round (may also */
164 t_set(f,l)[i] = w; /* be used in the key schedule) */
165#endif
166#ifdef FL4_SET
167 t_set(f,l)[0][i] = w;
168 t_set(f,l)[1][i] = upr(w,1);
169 t_set(f,l)[2][i] = upr(w,2);
170 t_set(f,l)[3][i] = upr(w,3);
171#endif
172
173#ifdef LS1_SET /* table for key schedule if t_set(f,l) above is */
174 t_set(l,s)[i] = w; /* not of the required form */
175#endif
176#ifdef LS4_SET
177 t_set(l,s)[0][i] = w;
178 t_set(l,s)[1][i] = upr(w,1);
179 t_set(l,s)[2][i] = upr(w,2);
180 t_set(l,s)[3][i] = upr(w,3);
181#endif
182
183 b = fi(inv_affine((aes_08t)i));
184 w = bytes2word(fe(b), f9(b), fd(b), fb(b));
185
186#ifdef IM1_SET /* tables for the inverse mix column operation */
187 t_set(i,m)[b] = w;
188#endif
189#ifdef IM4_SET
190 t_set(i,m)[0][b] = w;
191 t_set(i,m)[1][b] = upr(w,1);
192 t_set(i,m)[2][b] = upr(w,2);
193 t_set(i,m)[3][b] = upr(w,3);
194#endif
195
196#ifdef ISB_SET
197 t_set(i,box)[i] = b;
198#endif
199#ifdef IT1_SET /* tables for a normal decryption round */
200 t_set(i,n)[i] = w;
201#endif
202#ifdef IT4_SET
203 t_set(i,n)[0][i] = w;
204 t_set(i,n)[1][i] = upr(w,1);
205 t_set(i,n)[2][i] = upr(w,2);
206 t_set(i,n)[3][i] = upr(w,3);
207#endif
208 w = bytes2word(b, 0, 0, 0);
209#ifdef IL1_SET /* tables for last decryption round */
210 t_set(i,l)[i] = w;
211#endif
212#ifdef IL4_SET
213 t_set(i,l)[0][i] = w;
214 t_set(i,l)[1][i] = upr(w,1);
215 t_set(i,l)[2][i] = upr(w,2);
216 t_set(i,l)[3][i] = upr(w,3);
217#endif
218 }
219 init = 1;
220}
221
222#endif
223
diff --git a/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/fileenc.cpp b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/fileenc.cpp
new file mode 100644
index 0000000..4e76c77
--- /dev/null
+++ b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/fileenc.cpp
@@ -0,0 +1,140 @@
1/*
2 ---------------------------------------------------------------------------
3 Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
4 All rights reserved.
5
6 LICENSE TERMS
7
8 The free distribution and use of this software in both source and binary
9 form is allowed (with or without changes) provided that:
10
11 1. distributions of this source code include the above copyright
12 notice, this list of conditions and the following disclaimer;
13
14 2. distributions in binary form include the above copyright
15 notice, this list of conditions and the following disclaimer
16 in the documentation and/or other associated materials;
17
18 3. the copyright holder's name is not used to endorse products
19 built using this software without specific written permission.
20
21 ALTERNATIVELY, provided that this notice is retained in full, this product
22 may be distributed under the terms of the GNU General Public License (GPL),
23 in which case the provisions of the GPL apply INSTEAD OF those given above.
24
25 DISCLAIMER
26
27 This software is provided 'as is' with no explicit or implied warranties
28 in respect of its properties, including, but not limited to, correctness
29 and/or fitness for purpose.
30 -------------------------------------------------------------------------
31 Issue Date: 26/08/2003
32
33 This file implements password based file encryption and authentication
34 using AES in CTR mode, HMAC-SHA1 authentication and RFC2898 password
35 based key derivation.
36
37*/
38
39#include <memory.h>
40
41#include "fileenc.h"
42
43/* subroutine for data encryption/decryption */
44/* this could be speeded up a lot by aligning */
45/* buffers and using 32 bit operations */
46
47static void encr_data(unsigned char data[], unsigned long d_len, fcrypt_ctx cx[1])
48{
49 unsigned long i = 0, pos = cx->encr_pos;
50
51 while(i < d_len)
52 {
53 if(pos == BLOCK_SIZE)
54 { unsigned int j = 0;
55 /* increment encryption nonce */
56 while(j < 8 && !++cx->nonce[j])
57 ++j;
58 /* encrypt the nonce to form next xor buffer */
59 aes_encrypt(cx->nonce, cx->encr_bfr, cx->encr_ctx);
60 pos = 0;
61 }
62
63 data[i++] ^= cx->encr_bfr[pos++];
64 }
65
66 cx->encr_pos = pos;
67}
68
69int fcrypt_init(
70 int mode, /* the mode to be used (input) */
71 const unsigned char pwd[], /* the user specified password (input) */
72 unsigned int pwd_len, /* the length of the password (input) */
73 const unsigned char salt[], /* the salt (input) */
74#ifdef PASSWORD_VERIFIER
75 unsigned char pwd_ver[PWD_VER_LENGTH], /* 2 byte password verifier (output) */
76#endif
77 fcrypt_ctx cx[1]) /* the file encryption context (output) */
78{
79 unsigned char kbuf[2 * MAX_KEY_LENGTH + PWD_VER_LENGTH];
80
81 if(pwd_len > MAX_PWD_LENGTH)
82 return PASSWORD_TOO_LONG;
83
84 if(mode < 1 || mode > 3)
85 return BAD_MODE;
86
87 cx->mode = mode;
88 cx->pwd_len = pwd_len;
89 /* initialise the encryption nonce and buffer pos */
90 cx->encr_pos = BLOCK_SIZE;
91
92 /* if we need a random component in the encryption */
93 /* nonce, this is where it would have to be set */
94 memset(cx->nonce, 0, BLOCK_SIZE * sizeof(unsigned char));
95 /* initialise for authentication */
96 hmac_sha_begin(cx->auth_ctx);
97
98 /* derive the encryption and authetication keys and the password verifier */
99 derive_key(pwd, pwd_len, salt, SALT_LENGTH(mode), KEYING_ITERATIONS,
100 kbuf, 2 * KEY_LENGTH(mode) + PWD_VER_LENGTH);
101 /* set the encryption key */
102 aes_encrypt_key(kbuf, KEY_LENGTH(mode), cx->encr_ctx);
103 /* set the authentication key */
104 hmac_sha_key(kbuf + KEY_LENGTH(mode), KEY_LENGTH(mode), cx->auth_ctx);
105#ifdef PASSWORD_VERIFIER
106 memcpy(pwd_ver, kbuf + 2 * KEY_LENGTH(mode), PWD_VER_LENGTH);
107#endif
108 /* clear the buffer holding the derived key values */
109 memset(kbuf, 0, 2 * KEY_LENGTH(mode) + PWD_VER_LENGTH);
110
111 return GOOD_RETURN;
112}
113
114/* perform 'in place' encryption and authentication */
115
116void fcrypt_encrypt(unsigned char data[], unsigned int data_len, fcrypt_ctx cx[1])
117{
118 encr_data(data, data_len, cx);
119 hmac_sha_data(data, data_len, cx->auth_ctx);
120}
121
122/* perform 'in place' authentication and decryption */
123
124void fcrypt_decrypt(unsigned char data[], unsigned int data_len, fcrypt_ctx cx[1])
125{
126 hmac_sha_data(data, data_len, cx->auth_ctx);
127 encr_data(data, data_len, cx);
128}
129
130/* close encryption/decryption and return the MAC value */
131
132int fcrypt_end(unsigned char mac[], fcrypt_ctx cx[1])
133{
134 unsigned int res = cx->mode;
135
136 hmac_sha_end(mac, MAC_LENGTH(cx->mode), cx->auth_ctx);
137 memset(cx, 0, sizeof(fcrypt_ctx)); /* clear the encryption context */
138 return MAC_LENGTH(res); /* return MAC length in bytes */
139}
140
diff --git a/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/fileenc.h b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/fileenc.h
new file mode 100644
index 0000000..ba5cabc
--- /dev/null
+++ b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/fileenc.h
@@ -0,0 +1,114 @@
1/*
2 ---------------------------------------------------------------------------
3 Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
4 All rights reserved.
5
6 LICENSE TERMS
7
8 The free distribution and use of this software in both source and binary
9 form is allowed (with or without changes) provided that:
10
11 1. distributions of this source code include the above copyright
12 notice, this list of conditions and the following disclaimer;
13
14 2. distributions in binary form include the above copyright
15 notice, this list of conditions and the following disclaimer
16 in the documentation and/or other associated materials;
17
18 3. the copyright holder's name is not used to endorse products
19 built using this software without specific written permission.
20
21 ALTERNATIVELY, provided that this notice is retained in full, this product
22 may be distributed under the terms of the GNU General Public License (GPL),
23 in which case the provisions of the GPL apply INSTEAD OF those given above.
24
25 DISCLAIMER
26
27 This software is provided 'as is' with no explicit or implied warranties
28 in respect of its properties, including, but not limited to, correctness
29 and/or fitness for purpose.
30 ---------------------------------------------------------------------------
31 Issue Date: 24/01/2003
32
33 This file contains the header file for fileenc.c, which implements password
34 based file encryption and authentication using AES in CTR mode, HMAC-SHA1
35 authentication and RFC2898 password based key derivation.
36*/
37
38#ifndef _FENC_H
39#define _FENC_H
40
41#include "aes.h"
42#include "hmac.h"
43#include "pwd2key.h"
44
45#define BLOCK_SIZE AES_BLOCK_SIZE
46#define PASSWORD_VERIFIER
47
48#define MAX_KEY_LENGTH 32
49#define MAX_PWD_LENGTH 128
50#define MAX_SALT_LENGTH 16
51#define KEYING_ITERATIONS 1000
52
53#ifdef PASSWORD_VERIFIER
54#define PWD_VER_LENGTH 2
55#else
56#define PWD_VER_LENGTH 0
57#endif
58
59#define GOOD_RETURN 0
60#define PASSWORD_TOO_LONG -100
61#define BAD_MODE -101
62
63/*
64 Field lengths (in bytes) versus File Encryption Mode (0 < mode < 4)
65
66 Mode Key Salt MAC Overhead
67 1 16 8 10 18
68 2 24 12 10 22
69 3 32 16 10 26
70
71 The following macros assume that the mode value is correct.
72*/
73
74#define KEY_LENGTH(mode) (8 * (mode & 3) + 8)
75#define SALT_LENGTH(mode) (4 * (mode & 3) + 4)
76#define MAC_LENGTH(mode) (10)
77
78/* the context for file encryption */
79
80typedef struct
81{ unsigned char nonce[BLOCK_SIZE]; /* the CTR nonce */
82 unsigned char encr_bfr[BLOCK_SIZE]; /* encrypt buffer */
83 aes_encrypt_ctx encr_ctx[1]; /* encryption context */
84 hmac_ctx auth_ctx[1]; /* authentication context */
85 unsigned int encr_pos; /* block position (enc) */
86 unsigned int pwd_len; /* password length */
87 unsigned int mode; /* File encryption mode */
88} fcrypt_ctx;
89
90/* initialise file encryption or decryption */
91
92int fcrypt_init(
93 int mode, /* the mode to be used (input) */
94 const unsigned char pwd[], /* the user specified password (input) */
95 unsigned int pwd_len, /* the length of the password (input) */
96 const unsigned char salt[], /* the salt (input) */
97#ifdef PASSWORD_VERIFIER
98 unsigned char pwd_ver[PWD_VER_LENGTH], /* 2 byte password verifier (output) */
99#endif
100 fcrypt_ctx cx[1]); /* the file encryption context (output) */
101
102/* perform 'in place' encryption or decryption and authentication */
103
104void fcrypt_encrypt(unsigned char data[], unsigned int data_len, fcrypt_ctx cx[1]);
105void fcrypt_decrypt(unsigned char data[], unsigned int data_len, fcrypt_ctx cx[1]);
106
107/* close encryption/decryption and return the MAC value */
108/* the return value is the length of the MAC */
109
110int fcrypt_end(unsigned char mac[], /* the MAC value (output) */
111 fcrypt_ctx cx[1]); /* the context (input) */
112
113#endif
114
diff --git a/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/hmac.cpp b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/hmac.cpp
new file mode 100644
index 0000000..b24294d
--- /dev/null
+++ b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/hmac.cpp
@@ -0,0 +1,142 @@
1/*
2 ---------------------------------------------------------------------------
3 Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
4 All rights reserved.
5
6 LICENSE TERMS
7
8 The free distribution and use of this software in both source and binary
9 form is allowed (with or without changes) provided that:
10
11 1. distributions of this source code include the above copyright
12 notice, this list of conditions and the following disclaimer;
13
14 2. distributions in binary form include the above copyright
15 notice, this list of conditions and the following disclaimer
16 in the documentation and/or other associated materials;
17
18 3. the copyright holder's name is not used to endorse products
19 built using this software without specific written permission.
20
21 ALTERNATIVELY, provided that this notice is retained in full, this product
22 may be distributed under the terms of the GNU General Public License (GPL),
23 in which case the provisions of the GPL apply INSTEAD OF those given above.
24
25 DISCLAIMER
26
27 This software is provided 'as is' with no explicit or implied warranties
28 in respect of its properties, including, but not limited to, correctness
29 and/or fitness for purpose.
30 ---------------------------------------------------------------------------
31 Issue Date: 26/08/2003
32 Includes a bugfix from Dr Brian Gladman made on 16/04/2012 for compiling on 64-bit
33
34 This is an implementation of HMAC, the FIPS standard keyed hash function
35*/
36
37
38#include "hmac.h"
39
40#define HMAC_IPAD (0x36 * (((unsigned long)-1) / 0xff))
41#define HMAC_OPAD (0x5c * (((unsigned long)-1) / 0xff))
42
43/* initialise the HMAC context to zero */
44void hmac_sha_begin(hmac_ctx cx[1])
45{
46 memset(cx, 0, sizeof(hmac_ctx));
47}
48
49/* input the HMAC key (can be called multiple times) */
50int hmac_sha_key(const unsigned char key[], unsigned long key_len, hmac_ctx cx[1])
51{
52 if(cx->klen == HMAC_IN_DATA) /* error if further key input */
53 return HMAC_BAD_MODE; /* is attempted in data mode */
54
55 if(cx->klen + key_len > HMAC_HASH_INPUT_SIZE) /* if the key has to be hashed */
56 {
57 if(cx->klen <= HMAC_HASH_INPUT_SIZE) /* if the hash has not yet been */
58 { /* started, initialise it and */
59 sha_begin(cx->ctx); /* hash stored key characters */
60 sha_hash(cx->key, cx->klen, cx->ctx);
61 }
62
63 sha_hash(key, key_len, cx->ctx); /* hash long key data into hash */
64 }
65 else /* otherwise store key data */
66 memcpy(cx->key + cx->klen, key, key_len);
67
68 cx->klen += key_len; /* update the key length count */
69 return HMAC_OK;
70}
71
72/* input the HMAC data (can be called multiple times) - */
73/* note that this call terminates the key input phase */
74void hmac_sha_data(const unsigned char data[], unsigned long data_len, hmac_ctx cx[1])
75{ unsigned int i;
76
77 if(cx->klen != HMAC_IN_DATA) /* if not yet in data phase */
78 {
79 if(cx->klen > HMAC_HASH_INPUT_SIZE) /* if key is being hashed */
80 { /* complete the hash and */
81 sha_end(cx->key, cx->ctx); /* store the result as the */
82 cx->klen = HMAC_HASH_OUTPUT_SIZE; /* key and set new length */
83 }
84
85 /* pad the key if necessary */
86 memset(cx->key + cx->klen, 0, HMAC_HASH_INPUT_SIZE - cx->klen);
87
88 /* xor ipad into key value */
89 for(i = 0; i < HMAC_HASH_INPUT_SIZE / sizeof(unsigned long); ++i)
90 ((unsigned long*)cx->key)[i] ^= HMAC_IPAD;
91
92 /* and start hash operation */
93 sha_begin(cx->ctx);
94 sha_hash(cx->key, HMAC_HASH_INPUT_SIZE, cx->ctx);
95
96 /* mark as now in data mode */
97 cx->klen = HMAC_IN_DATA;
98 }
99
100 /* hash the data (if any) */
101 if(data_len)
102 sha_hash(data, data_len, cx->ctx);
103}
104
105/* compute and output the MAC value */
106void hmac_sha_end(unsigned char mac[], unsigned long mac_len, hmac_ctx cx[1])
107{ unsigned char dig[HMAC_HASH_OUTPUT_SIZE];
108 unsigned int i;
109
110 /* if no data has been entered perform a null data phase */
111 if(cx->klen != HMAC_IN_DATA)
112 hmac_sha_data((const unsigned char*)0, 0, cx);
113
114 sha_end(dig, cx->ctx); /* complete the inner hash */
115
116 /* set outer key value using opad and removing ipad */
117 for(i = 0; i < HMAC_HASH_INPUT_SIZE / sizeof(unsigned long); ++i)
118 ((unsigned long*)cx->key)[i] ^= HMAC_OPAD ^ HMAC_IPAD;
119
120 /* perform the outer hash operation */
121 sha_begin(cx->ctx);
122 sha_hash(cx->key, HMAC_HASH_INPUT_SIZE, cx->ctx);
123 sha_hash(dig, HMAC_HASH_OUTPUT_SIZE, cx->ctx);
124 sha_end(dig, cx->ctx);
125
126 /* output the hash value */
127 for(i = 0; i < mac_len; ++i)
128 mac[i] = dig[i];
129}
130
131/* 'do it all in one go' subroutine */
132void hmac_sha(const unsigned char key[], unsigned long key_len,
133 const unsigned char data[], unsigned long data_len,
134 unsigned char mac[], unsigned long mac_len)
135{ hmac_ctx cx[1];
136
137 hmac_sha_begin(cx);
138 hmac_sha_key(key, key_len, cx);
139 hmac_sha_data(data, data_len, cx);
140 hmac_sha_end(mac, mac_len, cx);
141}
142
diff --git a/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/hmac.h b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/hmac.h
new file mode 100644
index 0000000..284c50f
--- /dev/null
+++ b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/hmac.h
@@ -0,0 +1,95 @@
1/*
2 ---------------------------------------------------------------------------
3 Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
4 All rights reserved.
5
6 LICENSE TERMS
7
8 The free distribution and use of this software in both source and binary
9 form is allowed (with or without changes) provided that:
10
11 1. distributions of this source code include the above copyright
12 notice, this list of conditions and the following disclaimer;
13
14 2. distributions in binary form include the above copyright
15 notice, this list of conditions and the following disclaimer
16 in the documentation and/or other associated materials;
17
18 3. the copyright holder's name is not used to endorse products
19 built using this software without specific written permission.
20
21 ALTERNATIVELY, provided that this notice is retained in full, this product
22 may be distributed under the terms of the GNU General Public License (GPL),
23 in which case the provisions of the GPL apply INSTEAD OF those given above.
24
25 DISCLAIMER
26
27 This software is provided 'as is' with no explicit or implied warranties
28 in respect of its properties, including, but not limited to, correctness
29 and/or fitness for purpose.
30 ---------------------------------------------------------------------------
31 Issue Date: 26/08/2003
32 Includes a bugfix from Dr Brian Gladman made on 16/04/2012 for compiling on 64-bit
33
34 This is an implementation of HMAC, the FIPS standard keyed hash function
35*/
36
37#ifndef _HMAC_H
38#define _HMAC_H
39
40#include <memory.h>
41
42#define USE_SHA1 // Irrlicht only cares about SHA1 for now
43#if !defined(USE_SHA1) && !defined(USE_SHA256)
44#error define USE_SHA1 or USE_SHA256 to set the HMAC hash algorithm
45#endif
46
47#ifdef USE_SHA1
48
49#include "sha1.h"
50
51#define HMAC_HASH_INPUT_SIZE SHA1_BLOCK_SIZE
52#define HMAC_HASH_OUTPUT_SIZE SHA1_DIGEST_SIZE
53#define sha_ctx sha1_ctx
54#define sha_begin sha1_begin
55#define sha_hash sha1_hash
56#define sha_end sha1_end
57
58#endif
59
60#ifdef USE_SHA256
61
62#include "sha2.h"
63
64#define HMAC_HASH_INPUT_SIZE SHA256_BLOCK_SIZE
65#define HMAC_HASH_OUTPUT_SIZE SHA256_DIGEST_SIZE
66#define sha_ctx sha256_ctx
67#define sha_begin sha256_begin
68#define sha_hash sha256_hash
69#define sha_end sha256_end
70
71#endif
72
73#define HMAC_OK 0
74#define HMAC_BAD_MODE -1
75#define HMAC_IN_DATA 0xffffffff
76
77typedef struct
78{ unsigned char key[HMAC_HASH_INPUT_SIZE];
79 sha_ctx ctx[1];
80 unsigned long klen;
81} hmac_ctx;
82
83void hmac_sha_begin(hmac_ctx cx[1]);
84
85int hmac_sha_key(const unsigned char key[], unsigned long key_len, hmac_ctx cx[1]);
86
87void hmac_sha_data(const unsigned char data[], unsigned long data_len, hmac_ctx cx[1]);
88
89void hmac_sha_end(unsigned char mac[], unsigned long mac_len, hmac_ctx cx[1]);
90
91void hmac_sha(const unsigned char key[], unsigned long key_len,
92 const unsigned char data[], unsigned long data_len,
93 unsigned char mac[], unsigned long mac_len);
94
95#endif
diff --git a/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/prng.cpp b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/prng.cpp
new file mode 100644
index 0000000..d5800b3
--- /dev/null
+++ b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/prng.cpp
@@ -0,0 +1,146 @@
1/*
2 ---------------------------------------------------------------------------
3 Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
4 All rights reserved.
5
6 LICENSE TERMS
7
8 The free distribution and use of this software in both source and binary
9 form is allowed (with or without changes) provided that:
10
11 1. distributions of this source code include the above copyright
12 notice, this list of conditions and the following disclaimer;
13
14 2. distributions in binary form include the above copyright
15 notice, this list of conditions and the following disclaimer
16 in the documentation and/or other associated materials;
17
18 3. the copyright holder's name is not used to endorse products
19 built using this software without specific written permission.
20
21 ALTERNATIVELY, provided that this notice is retained in full, this product
22 may be distributed under the terms of the GNU General Public License (GPL),
23 in which case the provisions of the GPL apply INSTEAD OF those given above.
24
25 DISCLAIMER
26
27 This software is provided 'as is' with no explicit or implied warranties
28 in respect of its properties, including, but not limited to, correctness
29 and/or fitness for purpose.
30 ---------------------------------------------------------------------------
31 Issue Date: 24/01/2003
32
33 This file implements a random data pool based on the use of an external
34 entropy function. It is based on the ideas advocated by Peter Gutmann in
35 his work on pseudo random sequence generators. It is not a 'paranoid'
36 random sequence generator and no attempt is made to protect the pool
37 from prying eyes either by memory locking or by techniques to obscure
38 its location in memory.
39*/
40
41#include <memory.h>
42#include "prng.h"
43
44/* mix a random data pool using the SHA1 compression function (as */
45/* suggested by Peter Gutmann in his paper on random pools) */
46
47static void prng_mix(unsigned char buf[])
48{ unsigned int i, len;
49 sha1_ctx ctx[1];
50
51 /*lint -e{663} unusual array to pointer conversion */
52 for(i = 0; i < PRNG_POOL_SIZE; i += SHA1_DIGEST_SIZE)
53 {
54 /* copy digest size pool block into SHA1 hash block */
55 memcpy(ctx->hash, buf + (i ? i : PRNG_POOL_SIZE)
56 - SHA1_DIGEST_SIZE, SHA1_DIGEST_SIZE);
57
58 /* copy data from pool into the SHA1 data buffer */
59 len = PRNG_POOL_SIZE - i;
60 memcpy(ctx->wbuf, buf + i, (len > SHA1_BLOCK_SIZE ? SHA1_BLOCK_SIZE : len));
61
62 if(len < SHA1_BLOCK_SIZE)
63 memcpy(((char*)ctx->wbuf) + len, buf, SHA1_BLOCK_SIZE - len);
64
65 /* compress using the SHA1 compression function */
66 sha1_compile(ctx);
67
68 /* put digest size block back into the random pool */
69 memcpy(buf + i, ctx->hash, SHA1_DIGEST_SIZE);
70 }
71}
72
73/* refresh the output buffer and update the random pool by adding */
74/* entropy and remixing */
75
76static void update_pool(prng_ctx ctx[1])
77{ unsigned int i = 0;
78
79 /* transfer random pool data to the output buffer */
80 memcpy(ctx->obuf, ctx->rbuf, PRNG_POOL_SIZE);
81
82 /* enter entropy data into the pool */
83 while(i < PRNG_POOL_SIZE)
84 i += ctx->entropy(ctx->rbuf + i, PRNG_POOL_SIZE - i);
85
86 /* invert and xor the original pool data into the pool */
87 for(i = 0; i < PRNG_POOL_SIZE; ++i)
88 ctx->rbuf[i] ^= ~ctx->obuf[i];
89
90 /* mix the pool and the output buffer */
91 prng_mix(ctx->rbuf);
92 prng_mix(ctx->obuf);
93}
94
95void prng_init(prng_entropy_fn fun, prng_ctx ctx[1])
96{ int i;
97
98 /* clear the buffers and the counter in the context */
99 memset(ctx, 0, sizeof(prng_ctx));
100
101 /* set the pointer to the entropy collection function */
102 ctx->entropy = fun;
103
104 /* initialise the random data pool */
105 update_pool(ctx);
106
107 /* mix the pool a minimum number of times */
108 for(i = 0; i < PRNG_MIN_MIX; ++i)
109 prng_mix(ctx->rbuf);
110
111 /* update the pool to prime the pool output buffer */
112 update_pool(ctx);
113}
114
115/* provide random bytes from the random data pool */
116
117void prng_rand(unsigned char data[], unsigned int data_len, prng_ctx ctx[1])
118{ unsigned char *rp = data;
119 unsigned int len, pos = ctx->pos;
120
121 while(data_len)
122 {
123 /* transfer 'data_len' bytes (or the number of bytes remaining */
124 /* the pool output buffer if less) into the output */
125 len = (data_len < PRNG_POOL_SIZE - pos ? data_len : PRNG_POOL_SIZE - pos);
126 memcpy(rp, ctx->obuf + pos, len);
127 rp += len; /* update ouput buffer position pointer */
128 pos += len; /* update pool output buffer pointer */
129 data_len -= len; /* update the remaining data count */
130
131 /* refresh the random pool if necessary */
132 if(pos == PRNG_POOL_SIZE)
133 {
134 update_pool(ctx); pos = 0;
135 }
136 }
137
138 ctx->pos = pos;
139}
140
141void prng_end(prng_ctx ctx[1])
142{
143 /* ensure the data in the context is destroyed */
144 memset(ctx, 0, sizeof(prng_ctx));
145}
146
diff --git a/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/prng.h b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/prng.h
new file mode 100644
index 0000000..a81ed8e
--- /dev/null
+++ b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/prng.h
@@ -0,0 +1,74 @@
1/*
2 ---------------------------------------------------------------------------
3 Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
4 All rights reserved.
5
6 LICENSE TERMS
7
8 The free distribution and use of this software in both source and binary
9 form is allowed (with or without changes) provided that:
10
11 1. distributions of this source code include the above copyright
12 notice, this list of conditions and the following disclaimer;
13
14 2. distributions in binary form include the above copyright
15 notice, this list of conditions and the following disclaimer
16 in the documentation and/or other associated materials;
17
18 3. the copyright holder's name is not used to endorse products
19 built using this software without specific written permission.
20
21 ALTERNATIVELY, provided that this notice is retained in full, this product
22 may be distributed under the terms of the GNU General Public License (GPL),
23 in which case the provisions of the GPL apply INSTEAD OF those given above.
24
25 DISCLAIMER
26
27 This software is provided 'as is' with no explicit or implied warranties
28 in respect of its properties, including, but not limited to, correctness
29 and/or fitness for purpose.
30 ---------------------------------------------------------------------------
31 Issue Date: 24/01/2003
32
33 This is the header file for an implementation of a random data pool based on
34 the use of an external entropy function (inspired by Peter Gutmann's work).
35*/
36
37#ifndef _PRNG_H
38#define _PRNG_H
39
40#include "sha1.h"
41
42#define PRNG_POOL_LEN 256 /* minimum random pool size */
43#define PRNG_MIN_MIX 20 /* min initial pool mixing iterations */
44
45/* ensure that pool length is a multiple of the SHA1 digest size */
46
47#define PRNG_POOL_SIZE (SHA1_DIGEST_SIZE * (1 + (PRNG_POOL_LEN - 1) / SHA1_DIGEST_SIZE))
48
49/* A function for providing entropy is a parameter in the prng_init() */
50/* call. This function has the following form and returns a maximum */
51/* of 'len' bytes of pseudo random data in the buffer 'buf'. It can */
52/* return less than 'len' bytes but will be repeatedly called for more */
53/* data in this case. */
54
55typedef int (*prng_entropy_fn)(unsigned char buf[], unsigned int len);
56
57typedef struct
58{ unsigned char rbuf[PRNG_POOL_SIZE]; /* the random pool */
59 unsigned char obuf[PRNG_POOL_SIZE]; /* pool output buffer */
60 unsigned int pos; /* output buffer position */
61 prng_entropy_fn entropy; /* entropy function pointer */
62} prng_ctx;
63
64/* initialise the random stream generator */
65void prng_init(prng_entropy_fn fun, prng_ctx ctx[1]);
66
67/* obtain random bytes from the generator */
68void prng_rand(unsigned char data[], unsigned int data_len, prng_ctx ctx[1]);
69
70/* close the random stream generator */
71void prng_end(prng_ctx ctx[1]);
72
73#endif
74
diff --git a/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/pwd2key.cpp b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/pwd2key.cpp
new file mode 100644
index 0000000..051e45b
--- /dev/null
+++ b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/pwd2key.cpp
@@ -0,0 +1,186 @@
1/*
2 ---------------------------------------------------------------------------
3 Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
4 All rights reserved.
5
6 LICENSE TERMS
7
8 The free distribution and use of this software in both source and binary
9 form is allowed (with or without changes) provided that:
10
11 1. distributions of this source code include the above copyright
12 notice, this list of conditions and the following disclaimer;
13
14 2. distributions in binary form include the above copyright
15 notice, this list of conditions and the following disclaimer
16 in the documentation and/or other associated materials;
17
18 3. the copyright holder's name is not used to endorse products
19 built using this software without specific written permission.
20
21 ALTERNATIVELY, provided that this notice is retained in full, this product
22 may be distributed under the terms of the GNU General Public License (GPL),
23 in which case the provisions of the GPL apply INSTEAD OF those given above.
24
25 DISCLAIMER
26
27 This software is provided 'as is' with no explicit or implied warranties
28 in respect of its properties, including, but not limited to, correctness
29 and/or fitness for purpose.
30 ---------------------------------------------------------------------------
31 Issue Date: 26/08/2003
32
33 This is an implementation of RFC2898, which specifies key derivation from
34 a password and a salt value.
35*/
36
37#include <memory.h>
38#include "hmac.h"
39
40void derive_key(const unsigned char pwd[], /* the PASSWORD */
41 unsigned int pwd_len, /* and its length */
42 const unsigned char salt[], /* the SALT and its */
43 unsigned int salt_len, /* length */
44 unsigned int iter, /* the number of iterations */
45 unsigned char key[], /* space for the output key */
46 unsigned int key_len)/* and its required length */
47{
48 unsigned int i, j, k, n_blk;
49 unsigned char uu[HMAC_HASH_OUTPUT_SIZE], ux[HMAC_HASH_OUTPUT_SIZE];
50 hmac_ctx c1[1], c2[1], c3[1];
51
52 /* set HMAC context (c1) for password */
53 hmac_sha_begin(c1);
54 hmac_sha_key(pwd, pwd_len, c1);
55
56 /* set HMAC context (c2) for password and salt */
57 memcpy(c2, c1, sizeof(hmac_ctx));
58 hmac_sha_data(salt, salt_len, c2);
59
60 /* find the number of SHA blocks in the key */
61 n_blk = 1 + (key_len - 1) / HMAC_HASH_OUTPUT_SIZE;
62
63 for(i = 0; i < n_blk; ++i) /* for each block in key */
64 {
65 /* ux[] holds the running xor value */
66 memset(ux, 0, HMAC_HASH_OUTPUT_SIZE);
67
68 /* set HMAC context (c3) for password and salt */
69 memcpy(c3, c2, sizeof(hmac_ctx));
70
71 /* enter additional data for 1st block into uu */
72 uu[0] = (unsigned char)((i + 1) >> 24);
73 uu[1] = (unsigned char)((i + 1) >> 16);
74 uu[2] = (unsigned char)((i + 1) >> 8);
75 uu[3] = (unsigned char)(i + 1);
76
77 /* this is the key mixing iteration */
78 for(j = 0, k = 4; j < iter; ++j)
79 {
80 /* add previous round data to HMAC */
81 hmac_sha_data(uu, k, c3);
82
83 /* obtain HMAC for uu[] */
84 hmac_sha_end(uu, HMAC_HASH_OUTPUT_SIZE, c3);
85
86 /* xor into the running xor block */
87 for(k = 0; k < HMAC_HASH_OUTPUT_SIZE; ++k)
88 ux[k] ^= uu[k];
89
90 /* set HMAC context (c3) for password */
91 memcpy(c3, c1, sizeof(hmac_ctx));
92 }
93
94 /* compile key blocks into the key output */
95 j = 0; k = i * HMAC_HASH_OUTPUT_SIZE;
96 while(j < HMAC_HASH_OUTPUT_SIZE && k < key_len)
97 key[k++] = ux[j++];
98 }
99}
100
101#ifdef TEST
102
103#include <stdio.h>
104
105struct
106{ unsigned int pwd_len;
107 unsigned int salt_len;
108 unsigned int it_count;
109 unsigned char *pwd;
110 unsigned char salt[32];
111 unsigned char key[32];
112} tests[] =
113{
114 { 8, 4, 5, (unsigned char*)"password",
115 {
116 0x12, 0x34, 0x56, 0x78
117 },
118 {
119 0x5c, 0x75, 0xce, 0xf0, 0x1a, 0x96, 0x0d, 0xf7,
120 0x4c, 0xb6, 0xb4, 0x9b, 0x9e, 0x38, 0xe6, 0xb5
121 }
122 },
123 { 8, 8, 5, (unsigned char*)"password",
124 {
125 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12
126 },
127 {
128 0xd1, 0xda, 0xa7, 0x86, 0x15, 0xf2, 0x87, 0xe6,
129 0xa1, 0xc8, 0xb1, 0x20, 0xd7, 0x06, 0x2a, 0x49
130 }
131 },
132 { 8, 21, 1, (unsigned char*)"password",
133 {
134 "ATHENA.MIT.EDUraeburn"
135 },
136 {
137 0xcd, 0xed, 0xb5, 0x28, 0x1b, 0xb2, 0xf8, 0x01,
138 0x56, 0x5a, 0x11, 0x22, 0xb2, 0x56, 0x35, 0x15
139 }
140 },
141 { 8, 21, 2, (unsigned char*)"password",
142 {
143 "ATHENA.MIT.EDUraeburn"
144 },
145 {
146 0x01, 0xdb, 0xee, 0x7f, 0x4a, 0x9e, 0x24, 0x3e,
147 0x98, 0x8b, 0x62, 0xc7, 0x3c, 0xda, 0x93, 0x5d
148 }
149 },
150 { 8, 21, 1200, (unsigned char*)"password",
151 {
152 "ATHENA.MIT.EDUraeburn"
153 },
154 {
155 0x5c, 0x08, 0xeb, 0x61, 0xfd, 0xf7, 0x1e, 0x4e,
156 0x4e, 0xc3, 0xcf, 0x6b, 0xa1, 0xf5, 0x51, 0x2b
157 }
158 }
159};
160
161int main()
162{ unsigned int i, j, key_len = 256;
163 unsigned char key[256];
164
165 printf("\nTest of RFC2898 Password Based Key Derivation");
166 for(i = 0; i < 5; ++i)
167 {
168 derive_key(tests[i].pwd, tests[i].pwd_len, tests[i].salt,
169 tests[i].salt_len, tests[i].it_count, key, key_len);
170
171 printf("\ntest %i: ", i + 1);
172 printf("key %s", memcmp(tests[i].key, key, 16) ? "is bad" : "is good");
173 for(j = 0; j < key_len && j < 64; j += 4)
174 {
175 if(j % 16 == 0)
176 printf("\n");
177 printf("0x%02x%02x%02x%02x ", key[j], key[j + 1], key[j + 2], key[j + 3]);
178 }
179 printf(j < key_len ? " ... \n" : "\n");
180 }
181 printf("\n");
182 return 0;
183}
184
185#endif
186
diff --git a/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/pwd2key.h b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/pwd2key.h
new file mode 100644
index 0000000..f5248ad
--- /dev/null
+++ b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/pwd2key.h
@@ -0,0 +1,50 @@
1/*
2 ---------------------------------------------------------------------------
3 Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
4 All rights reserved.
5
6 LICENSE TERMS
7
8 The free distribution and use of this software in both source and binary
9 form is allowed (with or without changes) provided that:
10
11 1. distributions of this source code include the above copyright
12 notice, this list of conditions and the following disclaimer;
13
14 2. distributions in binary form include the above copyright
15 notice, this list of conditions and the following disclaimer
16 in the documentation and/or other associated materials;
17
18 3. the copyright holder's name is not used to endorse products
19 built using this software without specific written permission.
20
21 ALTERNATIVELY, provided that this notice is retained in full, this product
22 may be distributed under the terms of the GNU General Public License (GPL),
23 in which case the provisions of the GPL apply INSTEAD OF those given above.
24
25 DISCLAIMER
26
27 This software is provided 'as is' with no explicit or implied warranties
28 in respect of its properties, including, but not limited to, correctness
29 and/or fitness for purpose.
30 ---------------------------------------------------------------------------
31 Issue Date: 26/08/2003
32
33 This is an implementation of RFC2898, which specifies key derivation from
34 a password and a salt value.
35*/
36
37#ifndef PWD2KEY_H
38#define PWD2KEY_H
39
40void derive_key(
41 const unsigned char pwd[], /* the PASSWORD, and */
42 unsigned int pwd_len, /* its length */
43 const unsigned char salt[], /* the SALT and its */
44 unsigned int salt_len, /* length */
45 unsigned int iter, /* the number of iterations */
46 unsigned char key[], /* space for the output key */
47 unsigned int key_len); /* and its required length */
48
49#endif
50
diff --git a/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha1.cpp b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha1.cpp
new file mode 100644
index 0000000..8a91768
--- /dev/null
+++ b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha1.cpp
@@ -0,0 +1,237 @@
1/*
2 ---------------------------------------------------------------------------
3 Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
4 All rights reserved.
5
6 LICENSE TERMS
7
8 The free distribution and use of this software in both source and binary
9 form is allowed (with or without changes) provided that:
10
11 1. distributions of this source code include the above copyright
12 notice, this list of conditions and the following disclaimer;
13
14 2. distributions in binary form include the above copyright
15 notice, this list of conditions and the following disclaimer
16 in the documentation and/or other associated materials;
17
18 3. the copyright holder's name is not used to endorse products
19 built using this software without specific written permission.
20
21 ALTERNATIVELY, provided that this notice is retained in full, this product
22 may be distributed under the terms of the GNU General Public License (GPL),
23 in which case the provisions of the GPL apply INSTEAD OF those given above.
24
25 DISCLAIMER
26
27 This software is provided 'as is' with no explicit or implied warranties
28 in respect of its properties, including, but not limited to, correctness
29 and/or fitness for purpose.
30 ---------------------------------------------------------------------------
31 Issue Date: 26/08/2003
32
33 This is a byte oriented version of SHA1 that operates on arrays of bytes
34 stored in memory. It runs at 22 cycles per byte on a Pentium P4 processor
35*/
36
37#include <string.h> /* for memcpy() etc. */
38#include <stdlib.h> /* for _lrotl with VC++ */
39
40#include "sha1.h"
41#include "../os.h"
42
43/*
44 To obtain the highest speed on processors with 32-bit words, this code
45 needs to determine the order in which bytes are packed into such words.
46 The following block of code is an attempt to capture the most obvious
47 ways in which various environemnts specify their endian definitions.
48 It may well fail, in which case the definitions will need to be set by
49 editing at the points marked **** EDIT HERE IF NECESSARY **** below.
50*/
51
52/* BYTE ORDER IN 32-BIT WORDS
53
54 To obtain the highest speed on processors with 32-bit words, this code
55 needs to determine the byte order of the target machine. The following
56 block of code is an attempt to capture the most obvious ways in which
57 various environemnts define byte order. It may well fail, in which case
58 the definitions will need to be set by editing at the points marked
59 **** EDIT HERE IF NECESSARY **** below. My thanks to Peter Gutmann for
60 some of these defines (from cryptlib).
61*/
62
63#define BRG_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */
64#define BRG_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */
65
66#ifdef __BIG_ENDIAN__
67#define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
68#else
69#define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
70#endif
71
72#define rotl32(x,n) (((x) << n) | ((x) >> (32 - n)))
73
74#if (PLATFORM_BYTE_ORDER == BRG_BIG_ENDIAN)
75#define swap_b32(x) (x)
76#else
77#define swap_b32(x) irr::os::Byteswap::byteswap(x)
78#endif
79
80#define SHA1_MASK (SHA1_BLOCK_SIZE - 1)
81
82#if 1
83
84#define ch(x,y,z) (((x) & (y)) ^ (~(x) & (z)))
85#define parity(x,y,z) ((x) ^ (y) ^ (z))
86#define maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
87
88#else /* Discovered Rich Schroeppel and Colin Plumb */
89
90#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
91#define parity(x,y,z) ((x) ^ (y) ^ (z))
92#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y))))
93
94#endif
95
96/* A normal version as set out in the FIPS */
97
98#define rnd(f,k) \
99 t = a; a = rotl32(a,5) + f(b,c,d) + e + k + w[i]; \
100 e = d; d = c; c = rotl32(b, 30); b = t
101
102void sha1_compile(sha1_ctx ctx[1])
103{ sha1_32t w[80], i, a, b, c, d, e, t;
104
105 /* note that words are compiled from the buffer into 32-bit */
106 /* words in big-endian order so an order reversal is needed */
107 /* here on little endian machines */
108 for(i = 0; i < SHA1_BLOCK_SIZE / 4; ++i)
109 w[i] = swap_b32(ctx->wbuf[i]);
110
111 for(i = SHA1_BLOCK_SIZE / 4; i < 80; ++i)
112 w[i] = rotl32(w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16], 1);
113
114 a = ctx->hash[0];
115 b = ctx->hash[1];
116 c = ctx->hash[2];
117 d = ctx->hash[3];
118 e = ctx->hash[4];
119
120 for(i = 0; i < 20; ++i)
121 {
122 rnd(ch, 0x5a827999);
123 }
124
125 for(i = 20; i < 40; ++i)
126 {
127 rnd(parity, 0x6ed9eba1);
128 }
129
130 for(i = 40; i < 60; ++i)
131 {
132 rnd(maj, 0x8f1bbcdc);
133 }
134
135 for(i = 60; i < 80; ++i)
136 {
137 rnd(parity, 0xca62c1d6);
138 }
139
140 ctx->hash[0] += a;
141 ctx->hash[1] += b;
142 ctx->hash[2] += c;
143 ctx->hash[3] += d;
144 ctx->hash[4] += e;
145}
146
147void sha1_begin(sha1_ctx ctx[1])
148{
149 ctx->count[0] = ctx->count[1] = 0;
150 ctx->hash[0] = 0x67452301;
151 ctx->hash[1] = 0xefcdab89;
152 ctx->hash[2] = 0x98badcfe;
153 ctx->hash[3] = 0x10325476;
154 ctx->hash[4] = 0xc3d2e1f0;
155}
156
157/* SHA1 hash data in an array of bytes into hash buffer and */
158/* call the hash_compile function as required. */
159
160void sha1_hash(const unsigned char data[], unsigned long len, sha1_ctx ctx[1])
161{ sha1_32t pos = (sha1_32t)(ctx->count[0] & SHA1_MASK),
162 space = SHA1_BLOCK_SIZE - pos;
163 const unsigned char *sp = data;
164
165 if((ctx->count[0] += len) < len)
166 ++(ctx->count[1]);
167
168 while(len >= space) /* tranfer whole blocks if possible */
169 {
170 memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space);
171 sp += space; len -= space; space = SHA1_BLOCK_SIZE; pos = 0;
172 sha1_compile(ctx);
173 }
174
175 /*lint -e{803} conceivable data overrun */
176 memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len);
177}
178
179/* SHA1 final padding and digest calculation */
180
181#if (PLATFORM_BYTE_ORDER == BRG_LITTLE_ENDIAN)
182static sha1_32t mask[4] =
183 { 0x00000000, 0x000000ff, 0x0000ffff, 0x00ffffff };
184static sha1_32t bits[4] =
185 { 0x00000080, 0x00008000, 0x00800000, 0x80000000 };
186#else
187static sha1_32t mask[4] =
188 { 0x00000000, 0xff000000, 0xffff0000, 0xffffff00 };
189static sha1_32t bits[4] =
190 { 0x80000000, 0x00800000, 0x00008000, 0x00000080 };
191#endif
192
193void sha1_end(unsigned char hval[], sha1_ctx ctx[1])
194{ sha1_32t i = (sha1_32t)(ctx->count[0] & SHA1_MASK);
195
196 /* mask out the rest of any partial 32-bit word and then set */
197 /* the next byte to 0x80. On big-endian machines any bytes in */
198 /* the buffer will be at the top end of 32 bit words, on little */
199 /* endian machines they will be at the bottom. Hence the AND */
200 /* and OR masks above are reversed for little endian systems */
201 /* Note that we can always add the first padding byte at this */
202 /* point because the buffer always has at least one empty slot */
203 ctx->wbuf[i >> 2] = (ctx->wbuf[i >> 2] & mask[i & 3]) | bits[i & 3];
204
205 /* we need 9 or more empty positions, one for the padding byte */
206 /* (above) and eight for the length count. If there is not */
207 /* enough space pad and empty the buffer */
208 if(i > SHA1_BLOCK_SIZE - 9)
209 {
210 if(i < 60) ctx->wbuf[15] = 0;
211 sha1_compile(ctx);
212 i = 0;
213 }
214 else /* compute a word index for the empty buffer positions */
215 i = (i >> 2) + 1;
216
217 while(i < 14) /* and zero pad all but last two positions */
218 ctx->wbuf[i++] = 0;
219
220 /* assemble the eight byte counter in in big-endian format */
221 ctx->wbuf[14] = swap_b32((ctx->count[1] << 3) | (ctx->count[0] >> 29));
222 ctx->wbuf[15] = swap_b32(ctx->count[0] << 3);
223
224 sha1_compile(ctx);
225
226 /* extract the hash value as bytes in case the hash buffer is */
227 /* misaligned for 32-bit words */
228 for(i = 0; i < SHA1_DIGEST_SIZE; ++i)
229 hval[i] = (unsigned char)(ctx->hash[i >> 2] >> (8 * (~i & 3)));
230}
231
232void sha1(unsigned char hval[], const unsigned char data[], unsigned long len)
233{ sha1_ctx cx[1];
234
235 sha1_begin(cx); sha1_hash(data, len, cx); sha1_end(hval, cx);
236}
237
diff --git a/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha1.h b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha1.h
new file mode 100644
index 0000000..0b39f5c
--- /dev/null
+++ b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha1.h
@@ -0,0 +1,68 @@
1/*
2 ---------------------------------------------------------------------------
3 Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
4 All rights reserved.
5
6 LICENSE TERMS
7
8 The free distribution and use of this software in both source and binary
9 form is allowed (with or without changes) provided that:
10
11 1. distributions of this source code include the above copyright
12 notice, this list of conditions and the following disclaimer;
13
14 2. distributions in binary form include the above copyright
15 notice, this list of conditions and the following disclaimer
16 in the documentation and/or other associated materials;
17
18 3. the copyright holder's name is not used to endorse products
19 built using this software without specific written permission.
20
21 ALTERNATIVELY, provided that this notice is retained in full, this product
22 may be distributed under the terms of the GNU General Public License (GPL),
23 in which case the provisions of the GPL apply INSTEAD OF those given above.
24
25 DISCLAIMER
26
27 This software is provided 'as is' with no explicit or implied warranties
28 in respect of its properties, including, but not limited to, correctness
29 and/or fitness for purpose.
30 ---------------------------------------------------------------------------
31 Issue Date: 26/08/2003
32*/
33
34#ifndef _SHA1_H
35#define _SHA1_H
36
37#include <limits.h>
38
39#define SHA1_BLOCK_SIZE 64
40#define SHA1_DIGEST_SIZE 20
41
42/* define an unsigned 32-bit type */
43
44#if UINT_MAX == 0xffffffff
45 typedef unsigned int sha1_32t;
46#elif ULONG_MAX == 0xffffffff
47 typedef unsigned long sha1_32t;
48#else
49#error Please define sha1_32t as an unsigned 32 bit type in sha2.h
50#endif
51
52/* type to hold the SHA256 context */
53
54typedef struct
55{ sha1_32t count[2];
56 sha1_32t hash[5];
57 sha1_32t wbuf[16];
58} sha1_ctx;
59
60void sha1_compile(sha1_ctx ctx[1]);
61
62void sha1_begin(sha1_ctx ctx[1]);
63void sha1_hash(const unsigned char data[], unsigned long len, sha1_ctx ctx[1]);
64void sha1_end(unsigned char hval[], sha1_ctx ctx[1]);
65void sha1(unsigned char hval[], const unsigned char data[], unsigned long len);
66
67#endif
68
diff --git a/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha2.cpp b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha2.cpp
new file mode 100644
index 0000000..5be1bbf
--- /dev/null
+++ b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha2.cpp
@@ -0,0 +1,626 @@
1/*
2 ---------------------------------------------------------------------------
3 Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
4 All rights reserved.
5
6 LICENSE TERMS
7
8 The free distribution and use of this software in both source and binary
9 form is allowed (with or without changes) provided that:
10
11 1. distributions of this source code include the above copyright
12 notice, this list of conditions and the following disclaimer;
13
14 2. distributions in binary form include the above copyright
15 notice, this list of conditions and the following disclaimer
16 in the documentation and/or other associated materials;
17
18 3. the copyright holder's name is not used to endorse products
19 built using this software without specific written permission.
20
21 ALTERNATIVELY, provided that this notice is retained in full, this product
22 may be distributed under the terms of the GNU General Public License (GPL),
23 in which case the provisions of the GPL apply INSTEAD OF those given above.
24
25 DISCLAIMER
26
27 This software is provided 'as is' with no explicit or implied warranties
28 in respect of its properties, including, but not limited to, correctness
29 and/or fitness for purpose.
30 ---------------------------------------------------------------------------
31 Issue Date: 26/08/2003
32
33 This is a byte oriented version of SHA2 that operates on arrays of bytes
34 stored in memory. This code implements sha256, sha384 and sha512 but the
35 latter two functions rely on efficient 64-bit integer operations that
36 may not be very efficient on 32-bit machines
37
38 The sha256 functions use a type 'sha256_ctx' to hold details of the
39 current hash state and uses the following three calls:
40
41 void sha256_begin(sha256_ctx ctx[1])
42 void sha256_hash(const unsigned char data[],
43 unsigned long len, sha256_ctx ctx[1])
44 void sha256_end(unsigned char hval[], sha256_ctx ctx[1])
45
46 The first subroutine initialises a hash computation by setting up the
47 context in the sha256_ctx context. The second subroutine hashes 8-bit
48 bytes from array data[] into the hash state withinh sha256_ctx context,
49 the number of bytes to be hashed being given by the the unsigned long
50 integer len. The third subroutine completes the hash calculation and
51 places the resulting digest value in the array of 8-bit bytes hval[].
52
53 The sha384 and sha512 functions are similar and use the interfaces:
54
55 void sha384_begin(sha384_ctx ctx[1]);
56 void sha384_hash(const unsigned char data[],
57 unsigned long len, sha384_ctx ctx[1]);
58 void sha384_end(unsigned char hval[], sha384_ctx ctx[1]);
59
60 void sha512_begin(sha512_ctx ctx[1]);
61 void sha512_hash(const unsigned char data[],
62 unsigned long len, sha512_ctx ctx[1]);
63 void sha512_end(unsigned char hval[], sha512_ctx ctx[1]);
64
65 In addition there is a function sha2 that can be used to call all these
66 functions using a call with a hash length parameter as follows:
67
68 int sha2_begin(unsigned long len, sha2_ctx ctx[1]);
69 void sha2_hash(const unsigned char data[],
70 unsigned long len, sha2_ctx ctx[1]);
71 void sha2_end(unsigned char hval[], sha2_ctx ctx[1]);
72
73 My thanks to Erik Andersen <andersen@codepoet.org> for testing this code
74 on big-endian systems and for his assistance with corrections
75*/
76
77/* define the hash functions that you need */
78
79#define SHA_2 /* for dynamic hash length */
80#define SHA_256
81#define SHA_384
82#define SHA_512
83
84#include <string.h> /* for memcpy() etc. */
85#include <stdlib.h> /* for _lrotr with VC++ */
86
87#include "sha2.h"
88#include "../os.h"
89
90/* BYTE ORDER IN 32-BIT WORDS
91
92 To obtain the highest speed on processors with 32-bit words, this code
93 needs to determine the byte order of the target machine. The following
94 block of code is an attempt to capture the most obvious ways in which
95 various environemnts define byte order. It may well fail, in which case
96 the definitions will need to be set by editing at the points marked
97 **** EDIT HERE IF NECESSARY **** below. My thanks to Peter Gutmann for
98 some of these defines (from cryptlib).
99*/
100
101#define BRG_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */
102#define BRG_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */
103
104#ifdef __BIG_ENDIAN__
105#define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
106#else
107#define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
108#endif
109
110#ifdef _MSC_VER
111#pragma intrinsic(memcpy)
112#endif
113
114#define rotr32(x,n) (((x) >> n) | ((x) << (32 - n)))
115
116#if !defined(bswap_32)
117#define bswap_32(x) irr::os::Byteswap::byteswap(x)
118#endif
119
120#if (PLATFORM_BYTE_ORDER == BRG_LITTLE_ENDIAN)
121#define SWAP_BYTES
122#else
123#undef SWAP_BYTES
124#endif
125
126#if defined(SHA_2) || defined(SHA_256)
127
128#define SHA256_MASK (SHA256_BLOCK_SIZE - 1)
129
130#if defined(SWAP_BYTES)
131#define bsw_32(p,n) { int _i = (n); while(_i--) p[_i] = bswap_32(p[_i]); }
132#else
133#define bsw_32(p,n)
134#endif
135
136/* SHA256 mixing function definitions */
137
138#if 0
139
140#define ch(x,y,z) (((x) & (y)) ^ (~(x) & (z)))
141#define maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
142
143#else /* Thanks to Rich Schroeppel and Colin Plumb for the following */
144
145#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
146#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y))))
147
148#endif
149
150#define s256_0(x) (rotr32((x), 2) ^ rotr32((x), 13) ^ rotr32((x), 22))
151#define s256_1(x) (rotr32((x), 6) ^ rotr32((x), 11) ^ rotr32((x), 25))
152#define g256_0(x) (rotr32((x), 7) ^ rotr32((x), 18) ^ ((x) >> 3))
153#define g256_1(x) (rotr32((x), 17) ^ rotr32((x), 19) ^ ((x) >> 10))
154
155/* rotated SHA256 round definition. Rather than swapping variables as in */
156/* FIPS-180, different variables are 'rotated' on each round, returning */
157/* to their starting positions every eight rounds */
158
159#define h2(i) p[i & 15] += \
160 g256_1(p[(i + 14) & 15]) + p[(i + 9) & 15] + g256_0(p[(i + 1) & 15])
161
162#define h2_cycle(i,j) \
163 v[(7 - i) & 7] += (j ? h2(i) : p[i & 15]) + k256[i + j] \
164 + s256_1(v[(4 - i) & 7]) + ch(v[(4 - i) & 7], v[(5 - i) & 7], v[(6 - i) & 7]); \
165 v[(3 - i) & 7] += v[(7 - i) & 7]; \
166 v[(7 - i) & 7] += s256_0(v[(0 - i) & 7]) + maj(v[(0 - i) & 7], v[(1 - i) & 7], v[(2 - i) & 7])
167
168/* SHA256 mixing data */
169
170const sha2_32t k256[64] =
171{ n_u32(428a2f98), n_u32(71374491), n_u32(b5c0fbcf), n_u32(e9b5dba5),
172 n_u32(3956c25b), n_u32(59f111f1), n_u32(923f82a4), n_u32(ab1c5ed5),
173 n_u32(d807aa98), n_u32(12835b01), n_u32(243185be), n_u32(550c7dc3),
174 n_u32(72be5d74), n_u32(80deb1fe), n_u32(9bdc06a7), n_u32(c19bf174),
175 n_u32(e49b69c1), n_u32(efbe4786), n_u32(0fc19dc6), n_u32(240ca1cc),
176 n_u32(2de92c6f), n_u32(4a7484aa), n_u32(5cb0a9dc), n_u32(76f988da),
177 n_u32(983e5152), n_u32(a831c66d), n_u32(b00327c8), n_u32(bf597fc7),
178 n_u32(c6e00bf3), n_u32(d5a79147), n_u32(06ca6351), n_u32(14292967),
179 n_u32(27b70a85), n_u32(2e1b2138), n_u32(4d2c6dfc), n_u32(53380d13),
180 n_u32(650a7354), n_u32(766a0abb), n_u32(81c2c92e), n_u32(92722c85),
181 n_u32(a2bfe8a1), n_u32(a81a664b), n_u32(c24b8b70), n_u32(c76c51a3),
182 n_u32(d192e819), n_u32(d6990624), n_u32(f40e3585), n_u32(106aa070),
183 n_u32(19a4c116), n_u32(1e376c08), n_u32(2748774c), n_u32(34b0bcb5),
184 n_u32(391c0cb3), n_u32(4ed8aa4a), n_u32(5b9cca4f), n_u32(682e6ff3),
185 n_u32(748f82ee), n_u32(78a5636f), n_u32(84c87814), n_u32(8cc70208),
186 n_u32(90befffa), n_u32(a4506ceb), n_u32(bef9a3f7), n_u32(c67178f2),
187};
188
189/* SHA256 initialisation data */
190
191const sha2_32t i256[8] =
192{
193 n_u32(6a09e667), n_u32(bb67ae85), n_u32(3c6ef372), n_u32(a54ff53a),
194 n_u32(510e527f), n_u32(9b05688c), n_u32(1f83d9ab), n_u32(5be0cd19)
195};
196
197sha2_void sha256_begin(sha256_ctx ctx[1])
198{
199 ctx->count[0] = ctx->count[1] = 0;
200 memcpy(ctx->hash, i256, 8 * sizeof(sha2_32t));
201}
202
203/* Compile 64 bytes of hash data into SHA256 digest value */
204/* NOTE: this routine assumes that the byte order in the */
205/* ctx->wbuf[] at this point is in such an order that low */
206/* address bytes in the ORIGINAL byte stream placed in this */
207/* buffer will now go to the high end of words on BOTH big */
208/* and little endian systems */
209
210sha2_void sha256_compile(sha256_ctx ctx[1])
211{ sha2_32t v[8], j, *p = ctx->wbuf;
212
213 memcpy(v, ctx->hash, 8 * sizeof(sha2_32t));
214
215 for(j = 0; j < 64; j += 16)
216 {
217 h2_cycle( 0, j); h2_cycle( 1, j); h2_cycle( 2, j); h2_cycle( 3, j);
218 h2_cycle( 4, j); h2_cycle( 5, j); h2_cycle( 6, j); h2_cycle( 7, j);
219 h2_cycle( 8, j); h2_cycle( 9, j); h2_cycle(10, j); h2_cycle(11, j);
220 h2_cycle(12, j); h2_cycle(13, j); h2_cycle(14, j); h2_cycle(15, j);
221 }
222
223 ctx->hash[0] += v[0]; ctx->hash[1] += v[1]; ctx->hash[2] += v[2]; ctx->hash[3] += v[3];
224 ctx->hash[4] += v[4]; ctx->hash[5] += v[5]; ctx->hash[6] += v[6]; ctx->hash[7] += v[7];
225}
226
227/* SHA256 hash data in an array of bytes into hash buffer */
228/* and call the hash_compile function as required. */
229
230sha2_void sha256_hash(const unsigned char data[], unsigned long len, sha256_ctx ctx[1])
231{ sha2_32t pos = (sha2_32t)(ctx->count[0] & SHA256_MASK),
232 space = SHA256_BLOCK_SIZE - pos;
233 const unsigned char *sp = data;
234
235 if((ctx->count[0] += len) < len)
236 ++(ctx->count[1]);
237
238 while(len >= space) /* tranfer whole blocks while possible */
239 {
240 memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space);
241 sp += space; len -= space; space = SHA256_BLOCK_SIZE; pos = 0;
242 bsw_32(ctx->wbuf, SHA256_BLOCK_SIZE >> 2)
243 sha256_compile(ctx);
244 }
245
246 memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len);
247}
248
249/* SHA256 Final padding and digest calculation */
250
251static sha2_32t m1[4] =
252{
253 n_u32(00000000), n_u32(ff000000), n_u32(ffff0000), n_u32(ffffff00)
254};
255
256static sha2_32t b1[4] =
257{
258 n_u32(80000000), n_u32(00800000), n_u32(00008000), n_u32(00000080)
259};
260
261sha2_void sha256_end(unsigned char hval[], sha256_ctx ctx[1])
262{ sha2_32t i = (sha2_32t)(ctx->count[0] & SHA256_MASK);
263
264 bsw_32(ctx->wbuf, (i + 3) >> 2)
265 /* bytes in the buffer are now in an order in which references */
266 /* to 32-bit words will put bytes with lower addresses into the */
267 /* top of 32 bit words on BOTH big and little endian machines */
268
269 /* we now need to mask valid bytes and add the padding which is */
270 /* a single 1 bit and as many zero bits as necessary. */
271 ctx->wbuf[i >> 2] = (ctx->wbuf[i >> 2] & m1[i & 3]) | b1[i & 3];
272
273 /* we need 9 or more empty positions, one for the padding byte */
274 /* (above) and eight for the length count. If there is not */
275 /* enough space pad and empty the buffer */
276 if(i > SHA256_BLOCK_SIZE - 9)
277 {
278 if(i < 60) ctx->wbuf[15] = 0;
279 sha256_compile(ctx);
280 i = 0;
281 }
282 else /* compute a word index for the empty buffer positions */
283 i = (i >> 2) + 1;
284
285 while(i < 14) /* and zero pad all but last two positions */
286 ctx->wbuf[i++] = 0;
287
288 /* the following 32-bit length fields are assembled in the */
289 /* wrong byte order on little endian machines but this is */
290 /* corrected later since they are only ever used as 32-bit */
291 /* word values. */
292
293 ctx->wbuf[14] = (ctx->count[1] << 3) | (ctx->count[0] >> 29);
294 ctx->wbuf[15] = ctx->count[0] << 3;
295
296 sha256_compile(ctx);
297
298 /* extract the hash value as bytes in case the hash buffer is */
299 /* mislaigned for 32-bit words */
300 for(i = 0; i < SHA256_DIGEST_SIZE; ++i)
301 hval[i] = (unsigned char)(ctx->hash[i >> 2] >> (8 * (~i & 3)));
302}
303
304sha2_void sha256(unsigned char hval[], const unsigned char data[], unsigned long len)
305{ sha256_ctx cx[1];
306
307 sha256_begin(cx); sha256_hash(data, len, cx); sha256_end(hval, cx);
308}
309
310#endif
311
312#if defined(SHA_2) || defined(SHA_384) || defined(SHA_512)
313
314#define SHA512_MASK (SHA512_BLOCK_SIZE - 1)
315
316#define rotr64(x,n) (((x) >> n) | ((x) << (64 - n)))
317
318#if !defined(bswap_64)
319#define bswap_64(x) ((((sha2_64t)(bswap_32((sha2_32t)(x)))) << 32) | (bswap_32((sha2_32t)((x) >> 32))))
320#endif
321
322#if defined(SWAP_BYTES)
323#define bsw_64(p,n) { int _i = (n); while(_i--) p[_i] = bswap_64(p[_i]); }
324#else
325#define bsw_64(p,n)
326#endif
327
328/* SHA512 mixing function definitions */
329
330#define s512_0(x) (rotr64((x), 28) ^ rotr64((x), 34) ^ rotr64((x), 39))
331#define s512_1(x) (rotr64((x), 14) ^ rotr64((x), 18) ^ rotr64((x), 41))
332#define g512_0(x) (rotr64((x), 1) ^ rotr64((x), 8) ^ ((x) >> 7))
333#define g512_1(x) (rotr64((x), 19) ^ rotr64((x), 61) ^ ((x) >> 6))
334
335/* rotated SHA512 round definition. Rather than swapping variables as in */
336/* FIPS-180, different variables are 'rotated' on each round, returning */
337/* to their starting positions every eight rounds */
338
339#define h5(i) ctx->wbuf[i & 15] += \
340 g512_1(ctx->wbuf[(i + 14) & 15]) + ctx->wbuf[(i + 9) & 15] + g512_0(ctx->wbuf[(i + 1) & 15])
341
342#define h5_cycle(i,j) \
343 v[(7 - i) & 7] += (j ? h5(i) : ctx->wbuf[i & 15]) + k512[i + j] \
344 + s512_1(v[(4 - i) & 7]) + ch(v[(4 - i) & 7], v[(5 - i) & 7], v[(6 - i) & 7]); \
345 v[(3 - i) & 7] += v[(7 - i) & 7]; \
346 v[(7 - i) & 7] += s512_0(v[(0 - i) & 7]) + maj(v[(0 - i) & 7], v[(1 - i) & 7], v[(2 - i) & 7])
347
348/* SHA384/SHA512 mixing data */
349
350const sha2_64t k512[80] =
351{
352 n_u64(428a2f98d728ae22), n_u64(7137449123ef65cd),
353 n_u64(b5c0fbcfec4d3b2f), n_u64(e9b5dba58189dbbc),
354 n_u64(3956c25bf348b538), n_u64(59f111f1b605d019),
355 n_u64(923f82a4af194f9b), n_u64(ab1c5ed5da6d8118),
356 n_u64(d807aa98a3030242), n_u64(12835b0145706fbe),
357 n_u64(243185be4ee4b28c), n_u64(550c7dc3d5ffb4e2),
358 n_u64(72be5d74f27b896f), n_u64(80deb1fe3b1696b1),
359 n_u64(9bdc06a725c71235), n_u64(c19bf174cf692694),
360 n_u64(e49b69c19ef14ad2), n_u64(efbe4786384f25e3),
361 n_u64(0fc19dc68b8cd5b5), n_u64(240ca1cc77ac9c65),
362 n_u64(2de92c6f592b0275), n_u64(4a7484aa6ea6e483),
363 n_u64(5cb0a9dcbd41fbd4), n_u64(76f988da831153b5),
364 n_u64(983e5152ee66dfab), n_u64(a831c66d2db43210),
365 n_u64(b00327c898fb213f), n_u64(bf597fc7beef0ee4),
366 n_u64(c6e00bf33da88fc2), n_u64(d5a79147930aa725),
367 n_u64(06ca6351e003826f), n_u64(142929670a0e6e70),
368 n_u64(27b70a8546d22ffc), n_u64(2e1b21385c26c926),
369 n_u64(4d2c6dfc5ac42aed), n_u64(53380d139d95b3df),
370 n_u64(650a73548baf63de), n_u64(766a0abb3c77b2a8),
371 n_u64(81c2c92e47edaee6), n_u64(92722c851482353b),
372 n_u64(a2bfe8a14cf10364), n_u64(a81a664bbc423001),
373 n_u64(c24b8b70d0f89791), n_u64(c76c51a30654be30),
374 n_u64(d192e819d6ef5218), n_u64(d69906245565a910),
375 n_u64(f40e35855771202a), n_u64(106aa07032bbd1b8),
376 n_u64(19a4c116b8d2d0c8), n_u64(1e376c085141ab53),
377 n_u64(2748774cdf8eeb99), n_u64(34b0bcb5e19b48a8),
378 n_u64(391c0cb3c5c95a63), n_u64(4ed8aa4ae3418acb),
379 n_u64(5b9cca4f7763e373), n_u64(682e6ff3d6b2b8a3),
380 n_u64(748f82ee5defb2fc), n_u64(78a5636f43172f60),
381 n_u64(84c87814a1f0ab72), n_u64(8cc702081a6439ec),
382 n_u64(90befffa23631e28), n_u64(a4506cebde82bde9),
383 n_u64(bef9a3f7b2c67915), n_u64(c67178f2e372532b),
384 n_u64(ca273eceea26619c), n_u64(d186b8c721c0c207),
385 n_u64(eada7dd6cde0eb1e), n_u64(f57d4f7fee6ed178),
386 n_u64(06f067aa72176fba), n_u64(0a637dc5a2c898a6),
387 n_u64(113f9804bef90dae), n_u64(1b710b35131c471b),
388 n_u64(28db77f523047d84), n_u64(32caab7b40c72493),
389 n_u64(3c9ebe0a15c9bebc), n_u64(431d67c49c100d4c),
390 n_u64(4cc5d4becb3e42b6), n_u64(597f299cfc657e2a),
391 n_u64(5fcb6fab3ad6faec), n_u64(6c44198c4a475817)
392};
393
394/* Compile 64 bytes of hash data into SHA384/SHA512 digest value */
395
396sha2_void sha512_compile(sha512_ctx ctx[1])
397{ sha2_64t v[8];
398 sha2_32t j;
399
400 memcpy(v, ctx->hash, 8 * sizeof(sha2_64t));
401
402 for(j = 0; j < 80; j += 16)
403 {
404 h5_cycle( 0, j); h5_cycle( 1, j); h5_cycle( 2, j); h5_cycle( 3, j);
405 h5_cycle( 4, j); h5_cycle( 5, j); h5_cycle( 6, j); h5_cycle( 7, j);
406 h5_cycle( 8, j); h5_cycle( 9, j); h5_cycle(10, j); h5_cycle(11, j);
407 h5_cycle(12, j); h5_cycle(13, j); h5_cycle(14, j); h5_cycle(15, j);
408 }
409
410 ctx->hash[0] += v[0]; ctx->hash[1] += v[1]; ctx->hash[2] += v[2]; ctx->hash[3] += v[3];
411 ctx->hash[4] += v[4]; ctx->hash[5] += v[5]; ctx->hash[6] += v[6]; ctx->hash[7] += v[7];
412}
413
414/* Compile 128 bytes of hash data into SHA256 digest value */
415/* NOTE: this routine assumes that the byte order in the */
416/* ctx->wbuf[] at this point is in such an order that low */
417/* address bytes in the ORIGINAL byte stream placed in this */
418/* buffer will now go to the high end of words on BOTH big */
419/* and little endian systems */
420
421sha2_void sha512_hash(const unsigned char data[], unsigned long len, sha512_ctx ctx[1])
422{ sha2_32t pos = (sha2_32t)(ctx->count[0] & SHA512_MASK),
423 space = SHA512_BLOCK_SIZE - pos;
424 const unsigned char *sp = data;
425
426 if((ctx->count[0] += len) < len)
427 ++(ctx->count[1]);
428
429 while(len >= space) /* tranfer whole blocks while possible */
430 {
431 memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space);
432 sp += space; len -= space; space = SHA512_BLOCK_SIZE; pos = 0;
433 bsw_64(ctx->wbuf, SHA512_BLOCK_SIZE >> 3);
434 sha512_compile(ctx);
435 }
436
437 memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len);
438}
439
440/* SHA384/512 Final padding and digest calculation */
441
442static sha2_64t m2[8] =
443{
444 n_u64(0000000000000000), n_u64(ff00000000000000),
445 n_u64(ffff000000000000), n_u64(ffffff0000000000),
446 n_u64(ffffffff00000000), n_u64(ffffffffff000000),
447 n_u64(ffffffffffff0000), n_u64(ffffffffffffff00)
448};
449
450static sha2_64t b2[8] =
451{
452 n_u64(8000000000000000), n_u64(0080000000000000),
453 n_u64(0000800000000000), n_u64(0000008000000000),
454 n_u64(0000000080000000), n_u64(0000000000800000),
455 n_u64(0000000000008000), n_u64(0000000000000080)
456};
457
458static void sha_end(unsigned char hval[], sha512_ctx ctx[1], const unsigned int hlen)
459{ sha2_32t i = (sha2_32t)(ctx->count[0] & SHA512_MASK);
460
461 bsw_64(ctx->wbuf, (i + 7) >> 3);
462
463 /* bytes in the buffer are now in an order in which references */
464 /* to 64-bit words will put bytes with lower addresses into the */
465 /* top of 64 bit words on BOTH big and little endian machines */
466
467 /* we now need to mask valid bytes and add the padding which is */
468 /* a single 1 bit and as many zero bits as necessary. */
469 ctx->wbuf[i >> 3] = (ctx->wbuf[i >> 3] & m2[i & 7]) | b2[i & 7];
470
471 /* we need 17 or more empty byte positions, one for the padding */
472 /* byte (above) and sixteen for the length count. If there is */
473 /* not enough space pad and empty the buffer */
474 if(i > SHA512_BLOCK_SIZE - 17)
475 {
476 if(i < 120) ctx->wbuf[15] = 0;
477 sha512_compile(ctx);
478 i = 0;
479 }
480 else
481 i = (i >> 3) + 1;
482
483 while(i < 14)
484 ctx->wbuf[i++] = 0;
485
486 /* the following 64-bit length fields are assembled in the */
487 /* wrong byte order on little endian machines but this is */
488 /* corrected later since they are only ever used as 64-bit */
489 /* word values. */
490
491 ctx->wbuf[14] = (ctx->count[1] << 3) | (ctx->count[0] >> 61);
492 ctx->wbuf[15] = ctx->count[0] << 3;
493
494 sha512_compile(ctx);
495
496 /* extract the hash value as bytes in case the hash buffer is */
497 /* misaligned for 32-bit words */
498 for(i = 0; i < hlen; ++i)
499 hval[i] = (unsigned char)(ctx->hash[i >> 3] >> (8 * (~i & 7)));
500}
501
502#endif
503
504#if defined(SHA_2) || defined(SHA_384)
505
506/* SHA384 initialisation data */
507
508const sha2_64t i384[80] =
509{
510 n_u64(cbbb9d5dc1059ed8), n_u64(629a292a367cd507),
511 n_u64(9159015a3070dd17), n_u64(152fecd8f70e5939),
512 n_u64(67332667ffc00b31), n_u64(8eb44a8768581511),
513 n_u64(db0c2e0d64f98fa7), n_u64(47b5481dbefa4fa4)
514};
515
516sha2_void sha384_begin(sha384_ctx ctx[1])
517{
518 ctx->count[0] = ctx->count[1] = 0;
519 memcpy(ctx->hash, i384, 8 * sizeof(sha2_64t));
520}
521
522sha2_void sha384_end(unsigned char hval[], sha384_ctx ctx[1])
523{
524 sha_end(hval, ctx, SHA384_DIGEST_SIZE);
525}
526
527sha2_void sha384(unsigned char hval[], const unsigned char data[], unsigned long len)
528{ sha384_ctx cx[1];
529
530 sha384_begin(cx); sha384_hash(data, len, cx); sha384_end(hval, cx);
531}
532
533#endif
534
535#if defined(SHA_2) || defined(SHA_512)
536
537/* SHA512 initialisation data */
538
539const sha2_64t i512[80] =
540{
541 n_u64(6a09e667f3bcc908), n_u64(bb67ae8584caa73b),
542 n_u64(3c6ef372fe94f82b), n_u64(a54ff53a5f1d36f1),
543 n_u64(510e527fade682d1), n_u64(9b05688c2b3e6c1f),
544 n_u64(1f83d9abfb41bd6b), n_u64(5be0cd19137e2179)
545};
546
547sha2_void sha512_begin(sha512_ctx ctx[1])
548{
549 ctx->count[0] = ctx->count[1] = 0;
550 memcpy(ctx->hash, i512, 8 * sizeof(sha2_64t));
551}
552
553sha2_void sha512_end(unsigned char hval[], sha512_ctx ctx[1])
554{
555 sha_end(hval, ctx, SHA512_DIGEST_SIZE);
556}
557
558sha2_void sha512(unsigned char hval[], const unsigned char data[], unsigned long len)
559{ sha512_ctx cx[1];
560
561 sha512_begin(cx); sha512_hash(data, len, cx); sha512_end(hval, cx);
562}
563
564#endif
565
566#if defined(SHA_2)
567
568#define CTX_256(x) ((x)->uu->ctx256)
569#define CTX_384(x) ((x)->uu->ctx512)
570#define CTX_512(x) ((x)->uu->ctx512)
571
572/* SHA2 initialisation */
573
574sha2_int sha2_begin(unsigned long len, sha2_ctx ctx[1])
575{ unsigned long l = len;
576 switch(len)
577 {
578 case 256: l = len >> 3;
579 case 32: CTX_256(ctx)->count[0] = CTX_256(ctx)->count[1] = 0;
580 memcpy(CTX_256(ctx)->hash, i256, 32); break;
581 case 384: l = len >> 3;
582 case 48: CTX_384(ctx)->count[0] = CTX_384(ctx)->count[1] = 0;
583 memcpy(CTX_384(ctx)->hash, i384, 64); break;
584 case 512: l = len >> 3;
585 case 64: CTX_512(ctx)->count[0] = CTX_512(ctx)->count[1] = 0;
586 memcpy(CTX_512(ctx)->hash, i512, 64); break;
587 default: return SHA2_BAD;
588 }
589
590 ctx->sha2_len = l; return SHA2_GOOD;
591}
592
593sha2_void sha2_hash(const unsigned char data[], unsigned long len, sha2_ctx ctx[1])
594{
595 switch(ctx->sha2_len)
596 {
597 case 32: sha256_hash(data, len, CTX_256(ctx)); return;
598 case 48: sha384_hash(data, len, CTX_384(ctx)); return;
599 case 64: sha512_hash(data, len, CTX_512(ctx)); return;
600 }
601}
602
603sha2_void sha2_end(unsigned char hval[], sha2_ctx ctx[1])
604{
605 switch(ctx->sha2_len)
606 {
607 case 32: sha256_end(hval, CTX_256(ctx)); return;
608 case 48: sha_end(hval, CTX_384(ctx), SHA384_DIGEST_SIZE); return;
609 case 64: sha_end(hval, CTX_512(ctx), SHA512_DIGEST_SIZE); return;
610 }
611}
612
613sha2_int sha2(unsigned char hval[], unsigned long size,
614 const unsigned char data[], unsigned long len)
615{ sha2_ctx cx[1];
616
617 if(sha2_begin(size, cx) == SHA2_GOOD)
618 {
619 sha2_hash(data, len, cx); sha2_end(hval, cx); return SHA2_GOOD;
620 }
621 else
622 return SHA2_BAD;
623}
624
625#endif
626
diff --git a/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha2.h b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha2.h
new file mode 100644
index 0000000..d901b80
--- /dev/null
+++ b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha2.h
@@ -0,0 +1,160 @@
1/*
2 ---------------------------------------------------------------------------
3 Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
4 All rights reserved.
5
6 LICENSE TERMS
7
8 The free distribution and use of this software in both source and binary
9 form is allowed (with or without changes) provided that:
10
11 1. distributions of this source code include the above copyright
12 notice, this list of conditions and the following disclaimer;
13
14 2. distributions in binary form include the above copyright
15 notice, this list of conditions and the following disclaimer
16 in the documentation and/or other associated materials;
17
18 3. the copyright holder's name is not used to endorse products
19 built using this software without specific written permission.
20
21 ALTERNATIVELY, provided that this notice is retained in full, this product
22 may be distributed under the terms of the GNU General Public License (GPL),
23 in which case the provisions of the GPL apply INSTEAD OF those given above.
24
25 DISCLAIMER
26
27 This software is provided 'as is' with no explicit or implied warranties
28 in respect of its properties, including, but not limited to, correctness
29 and/or fitness for purpose.
30 ---------------------------------------------------------------------------
31 Issue Date: 26/08/2003
32*/
33
34#ifndef _SHA2_H
35#define _SHA2_H
36
37#include "irrMath.h"
38
39/* Defines for suffixes to 32 and 64 bit unsigned numeric values */
40
41#define sfx_lo(x,y) x##y
42#define sfx_hi(x,y) sfx_lo(x,y)
43#define n_u32(p) sfx_hi(0x##p,s_u32)
44#define n_u64(p) sfx_hi(0x##p,s_u64)
45
46/* define an unsigned 32-bit type */
47
48#if UINT_MAX == 0xffffffff
49 typedef unsigned int sha2_32t;
50 #define s_u32 u
51#elif ULONG_MAX == 0xffffffff
52 typedef unsigned long sha2_32t;
53 #define s_u32 ul
54#else
55#error Please define sha2_32t as an unsigned 32 bit type in sha2.h
56#endif
57
58/* define an unsigned 64-bit type */
59
60#if defined(_MSC_VER) || defined(__BORLANDC__)
61#if (_MSC_VER < 1300) || (__BORLANDC__ < 0x582)
62 typedef unsigned __int64 sha2_64t;
63 #define s_u64 ui64
64#elif ULONG_MAX == 0xffffffffffffffff
65 typedef unsigned long sha2_64t;
66 #define s_u64 ul
67#elif ULONG_MAX == 0xffffffff
68 typedef unsigned long long sha2_64t; /* a somewhat dangerous guess */
69 #define s_u64 ull
70#else
71#error Please define sha2_64t as an unsigned 64 bit type in sha2.h
72#endif
73#else
74#ifdef _IRR_SOLARIS_PLATFORM_
75#include <sys/int_types.h>
76#else
77#include <stdint.h>
78#endif
79 typedef int64_t sha2_64t;
80#if __WORDSIZE==64
81#define s_u64 ul
82#else
83#define s_u64 ull
84#endif
85#endif
86
87#define SHA256_DIGEST_SIZE 32
88#define SHA384_DIGEST_SIZE 48
89#define SHA512_DIGEST_SIZE 64
90
91#define SHA256_BLOCK_SIZE 64
92#define SHA384_BLOCK_SIZE 128
93#define SHA512_BLOCK_SIZE 128
94
95#define SHA2_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
96
97#define SHA2_GOOD 0
98#define SHA2_BAD 1
99
100/* type to hold the SHA256 context */
101
102typedef struct
103{ sha2_32t count[2];
104 sha2_32t hash[8];
105 sha2_32t wbuf[16];
106} sha256_ctx;
107
108/* type to hold the SHA384/512 context */
109
110typedef struct
111{ sha2_64t count[2];
112 sha2_64t hash[8];
113 sha2_64t wbuf[16];
114} sha512_ctx;
115
116typedef sha512_ctx sha384_ctx;
117
118/* type to hold a SHA2 context (256/384/512) */
119
120typedef struct
121{ union
122 { sha256_ctx ctx256[1];
123 sha512_ctx ctx512[1];
124 } uu[1];
125 sha2_32t sha2_len;
126} sha2_ctx;
127
128#ifndef SHA2_DLL /* implement normal or DLL functions */
129#define sha2_void void
130#define sha2_int int
131#else
132#define sha2_void void __declspec(dllexport) _stdcall
133#define sha2_int int __declspec(dllexport) _stdcall
134#endif
135
136sha2_void sha256_compile(sha256_ctx ctx[1]);
137sha2_void sha512_compile(sha512_ctx ctx[1]);
138
139sha2_void sha256_begin(sha256_ctx ctx[1]);
140sha2_void sha256_hash(const unsigned char data[], unsigned long len, sha256_ctx ctx[1]);
141sha2_void sha256_end(unsigned char hval[], sha256_ctx ctx[1]);
142sha2_void sha256(unsigned char hval[], const unsigned char data[], unsigned long len);
143
144sha2_void sha384_begin(sha384_ctx ctx[1]);
145#define sha384_hash sha512_hash
146sha2_void sha384_end(unsigned char hval[], sha384_ctx ctx[1]);
147sha2_void sha384(unsigned char hval[], const unsigned char data[], unsigned long len);
148
149sha2_void sha512_begin(sha512_ctx ctx[1]);
150sha2_void sha512_hash(const unsigned char data[], unsigned long len, sha512_ctx ctx[1]);
151sha2_void sha512_end(unsigned char hval[], sha512_ctx ctx[1]);
152sha2_void sha512(unsigned char hval[], const unsigned char data[], unsigned long len);
153
154sha2_int sha2_begin(unsigned long size, sha2_ctx ctx[1]);
155sha2_void sha2_hash(const unsigned char data[], unsigned long len, sha2_ctx ctx[1]);
156sha2_void sha2_end(unsigned char hval[], sha2_ctx ctx[1]);
157sha2_int sha2(unsigned char hval[], unsigned long size, const unsigned char data[], unsigned long len);
158
159#endif
160
generated by cgit v1.1 at 2024-06-11 08:54:06 +0000