1 // Domain to use for mangling
2 __constant u8 domain[] = "flypig.co.uk";
3 __constant u32x domain_len = 12;
5 // Characters used for base64 encoding
6 __constant char b64_table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
8 // Perform an MD5 transform step
9 // Should be called through hmac_md5_pad_mangle and hmac_md5_run_mangle
10 void md5_transform_mangle (const u32x w0[4], const u32x w1[4], const u32x w2[4], const u32x w3[4], u32x digest[4])
34 MD5_STEP (MD5_Fo, a, b, c, d, w0_t, MD5C00, MD5S00);
35 MD5_STEP (MD5_Fo, d, a, b, c, w1_t, MD5C01, MD5S01);
36 MD5_STEP (MD5_Fo, c, d, a, b, w2_t, MD5C02, MD5S02);
37 MD5_STEP (MD5_Fo, b, c, d, a, w3_t, MD5C03, MD5S03);
38 MD5_STEP (MD5_Fo, a, b, c, d, w4_t, MD5C04, MD5S00);
39 MD5_STEP (MD5_Fo, d, a, b, c, w5_t, MD5C05, MD5S01);
40 MD5_STEP (MD5_Fo, c, d, a, b, w6_t, MD5C06, MD5S02);
41 MD5_STEP (MD5_Fo, b, c, d, a, w7_t, MD5C07, MD5S03);
42 MD5_STEP (MD5_Fo, a, b, c, d, w8_t, MD5C08, MD5S00);
43 MD5_STEP (MD5_Fo, d, a, b, c, w9_t, MD5C09, MD5S01);
44 MD5_STEP (MD5_Fo, c, d, a, b, wa_t, MD5C0a, MD5S02);
45 MD5_STEP (MD5_Fo, b, c, d, a, wb_t, MD5C0b, MD5S03);
46 MD5_STEP (MD5_Fo, a, b, c, d, wc_t, MD5C0c, MD5S00);
47 MD5_STEP (MD5_Fo, d, a, b, c, wd_t, MD5C0d, MD5S01);
48 MD5_STEP (MD5_Fo, c, d, a, b, we_t, MD5C0e, MD5S02);
49 MD5_STEP (MD5_Fo, b, c, d, a, wf_t, MD5C0f, MD5S03);
51 MD5_STEP (MD5_Go, a, b, c, d, w1_t, MD5C10, MD5S10);
52 MD5_STEP (MD5_Go, d, a, b, c, w6_t, MD5C11, MD5S11);
53 MD5_STEP (MD5_Go, c, d, a, b, wb_t, MD5C12, MD5S12);
54 MD5_STEP (MD5_Go, b, c, d, a, w0_t, MD5C13, MD5S13);
55 MD5_STEP (MD5_Go, a, b, c, d, w5_t, MD5C14, MD5S10);
56 MD5_STEP (MD5_Go, d, a, b, c, wa_t, MD5C15, MD5S11);
57 MD5_STEP (MD5_Go, c, d, a, b, wf_t, MD5C16, MD5S12);
58 MD5_STEP (MD5_Go, b, c, d, a, w4_t, MD5C17, MD5S13);
59 MD5_STEP (MD5_Go, a, b, c, d, w9_t, MD5C18, MD5S10);
60 MD5_STEP (MD5_Go, d, a, b, c, we_t, MD5C19, MD5S11);
61 MD5_STEP (MD5_Go, c, d, a, b, w3_t, MD5C1a, MD5S12);
62 MD5_STEP (MD5_Go, b, c, d, a, w8_t, MD5C1b, MD5S13);
63 MD5_STEP (MD5_Go, a, b, c, d, wd_t, MD5C1c, MD5S10);
64 MD5_STEP (MD5_Go, d, a, b, c, w2_t, MD5C1d, MD5S11);
65 MD5_STEP (MD5_Go, c, d, a, b, w7_t, MD5C1e, MD5S12);
66 MD5_STEP (MD5_Go, b, c, d, a, wc_t, MD5C1f, MD5S13);
68 MD5_STEP (MD5_H, a, b, c, d, w5_t, MD5C20, MD5S20);
69 MD5_STEP (MD5_H, d, a, b, c, w8_t, MD5C21, MD5S21);
70 MD5_STEP (MD5_H, c, d, a, b, wb_t, MD5C22, MD5S22);
71 MD5_STEP (MD5_H, b, c, d, a, we_t, MD5C23, MD5S23);
72 MD5_STEP (MD5_H, a, b, c, d, w1_t, MD5C24, MD5S20);
73 MD5_STEP (MD5_H, d, a, b, c, w4_t, MD5C25, MD5S21);
74 MD5_STEP (MD5_H, c, d, a, b, w7_t, MD5C26, MD5S22);
75 MD5_STEP (MD5_H, b, c, d, a, wa_t, MD5C27, MD5S23);
76 MD5_STEP (MD5_H, a, b, c, d, wd_t, MD5C28, MD5S20);
77 MD5_STEP (MD5_H, d, a, b, c, w0_t, MD5C29, MD5S21);
78 MD5_STEP (MD5_H, c, d, a, b, w3_t, MD5C2a, MD5S22);
79 MD5_STEP (MD5_H, b, c, d, a, w6_t, MD5C2b, MD5S23);
80 MD5_STEP (MD5_H, a, b, c, d, w9_t, MD5C2c, MD5S20);
81 MD5_STEP (MD5_H, d, a, b, c, wc_t, MD5C2d, MD5S21);
82 MD5_STEP (MD5_H, c, d, a, b, wf_t, MD5C2e, MD5S22);
83 MD5_STEP (MD5_H, b, c, d, a, w2_t, MD5C2f, MD5S23);
85 MD5_STEP (MD5_I, a, b, c, d, w0_t, MD5C30, MD5S30);
86 MD5_STEP (MD5_I, d, a, b, c, w7_t, MD5C31, MD5S31);
87 MD5_STEP (MD5_I, c, d, a, b, we_t, MD5C32, MD5S32);
88 MD5_STEP (MD5_I, b, c, d, a, w5_t, MD5C33, MD5S33);
89 MD5_STEP (MD5_I, a, b, c, d, wc_t, MD5C34, MD5S30);
90 MD5_STEP (MD5_I, d, a, b, c, w3_t, MD5C35, MD5S31);
91 MD5_STEP (MD5_I, c, d, a, b, wa_t, MD5C36, MD5S32);
92 MD5_STEP (MD5_I, b, c, d, a, w1_t, MD5C37, MD5S33);
93 MD5_STEP (MD5_I, a, b, c, d, w8_t, MD5C38, MD5S30);
94 MD5_STEP (MD5_I, d, a, b, c, wf_t, MD5C39, MD5S31);
95 MD5_STEP (MD5_I, c, d, a, b, w6_t, MD5C3a, MD5S32);
96 MD5_STEP (MD5_I, b, c, d, a, wd_t, MD5C3b, MD5S33);
97 MD5_STEP (MD5_I, a, b, c, d, w4_t, MD5C3c, MD5S30);
98 MD5_STEP (MD5_I, d, a, b, c, wb_t, MD5C3d, MD5S31);
99 MD5_STEP (MD5_I, c, d, a, b, w2_t, MD5C3e, MD5S32);
100 MD5_STEP (MD5_I, b, c, d, a, w9_t, MD5C3f, MD5S33);
108 // Set up the HMAC-MD5 process
109 // The ipad and opad arrays can be retained to run multiple HMAC-MD5 processes
110 // without having to recalculate
111 // w0, w1, w2, w3 - contain up to 64 bytes of the HMAC key
112 // ipad, opad - contain the returned data to pass into the next call
113 void hmac_md5_pad_mangle (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[4], u32x opad[4])
115 w0[0] = w0[0] ^ 0x36363636;
116 w0[1] = w0[1] ^ 0x36363636;
117 w0[2] = w0[2] ^ 0x36363636;
118 w0[3] = w0[3] ^ 0x36363636;
119 w1[0] = w1[0] ^ 0x36363636;
120 w1[1] = w1[1] ^ 0x36363636;
121 w1[2] = w1[2] ^ 0x36363636;
122 w1[3] = w1[3] ^ 0x36363636;
123 w2[0] = w2[0] ^ 0x36363636;
124 w2[1] = w2[1] ^ 0x36363636;
125 w2[2] = w2[2] ^ 0x36363636;
126 w2[3] = w2[3] ^ 0x36363636;
127 w3[0] = w3[0] ^ 0x36363636;
128 w3[1] = w3[1] ^ 0x36363636;
129 w3[2] = w3[2] ^ 0x36363636;
130 w3[3] = w3[3] ^ 0x36363636;
137 md5_transform_mangle (w0, w1, w2, w3, ipad);
139 w0[0] = w0[0] ^ 0x6a6a6a6a;
140 w0[1] = w0[1] ^ 0x6a6a6a6a;
141 w0[2] = w0[2] ^ 0x6a6a6a6a;
142 w0[3] = w0[3] ^ 0x6a6a6a6a;
143 w1[0] = w1[0] ^ 0x6a6a6a6a;
144 w1[1] = w1[1] ^ 0x6a6a6a6a;
145 w1[2] = w1[2] ^ 0x6a6a6a6a;
146 w1[3] = w1[3] ^ 0x6a6a6a6a;
147 w2[0] = w2[0] ^ 0x6a6a6a6a;
148 w2[1] = w2[1] ^ 0x6a6a6a6a;
149 w2[2] = w2[2] ^ 0x6a6a6a6a;
150 w2[3] = w2[3] ^ 0x6a6a6a6a;
151 w3[0] = w3[0] ^ 0x6a6a6a6a;
152 w3[1] = w3[1] ^ 0x6a6a6a6a;
153 w3[2] = w3[2] ^ 0x6a6a6a6a;
154 w3[3] = w3[3] ^ 0x6a6a6a6a;
161 md5_transform_mangle (w0, w1, w2, w3, opad);
164 // Continue the HMAC-MD5 process
165 // It's up to the caller to add the final length and padding terminators
166 // hmac_md5_pad_mangle call, which can be used across multiple HMACs
167 // w0, w1, w2, w3 - contain up to 64 bytes of data to HMAC
168 // ipad, opad - should contain the output from the
169 // digest - the 16-byte result of the HMAC
170 void hmac_md5_run_mangle (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[4], u32x opad[4], u32x digest[4])
177 md5_transform_mangle (w0, w1, w2, w3, digest);
193 w3[2] = (64 + 16) * 8;
201 md5_transform_mangle (w0, w1, w2, w3, digest);
204 // Perfrom an HMAC-MD5 with the given key and using the domain constant as the
206 // in_key - the key to use (the user's password)
207 // key-len - the length of the key in bytes
208 // out_digest - returns the 16 byte result
209 void md5hmac_domain_mangle (u8 const *const in_key, const u32x key_len, u8 out_digest[16])
216 for (pos = 0; pos < domain_len; pos++)
218 ((u8 *) data_buf)[pos] = domain[pos];
220 for (pos = domain_len; pos < 64; pos++)
222 ((u8 *) data_buf)[pos] = 0;
228 for (pos = 0; pos < key_len; pos++)
230 ((u8 *) key_buf)[pos] = in_key[pos];
232 for (pos = key_len; pos < 64; pos++)
234 ((u8 *) key_buf)[pos] = 0;
241 hmac_md5_pad_mangle (key_buf, key_buf + 4, key_buf + 8, key_buf + 12, ipad, opad);
243 // Loop (except this time we don't actually loop)
244 append_0x80_2x4_VV (data_buf, data_buf + 4, domain_len);
246 data_buf[14] = (64 + domain_len) * 8;
248 hmac_md5_run_mangle (data_buf, data_buf + 4, data_buf + 8, data_buf + 12, ipad, opad, (u32x *) out_digest);
251 // Base64 encode a string
252 // base64_hash - the returned hahs
253 // len - the length of the input string
254 // base64_plain - the string to encode
255 // returns the length of the final encoding
256 u32 b64_encode_mangle (u8 * base64_hash, const u32 len, const u8 * base64_plain)
258 u8 *out_ptr = (u8 *) base64_hash;
259 u8 *in_ptr = (u8 *) base64_plain;
264 // Encode the easy iniitial characters
266 for (i = 0; i < (len - 2); i += 3)
268 char out_val0 = b64_table[((in_ptr[0] >> 2) & 0x3f)];
269 char out_val1 = b64_table[((in_ptr[0] << 4) & 0x30) | ((in_ptr[1] >> 4) & 0x0f)];
270 char out_val2 = b64_table[((in_ptr[1] << 2) & 0x3c) | ((in_ptr[2] >> 6) & 0x03)];
271 char out_val3 = b64_table[((in_ptr[2] >> 0) & 0x3f)];
273 out_ptr[0] = out_val0 & 0x7f;
274 out_ptr[1] = out_val1 & 0x7f;
275 out_ptr[2] = out_val2 & 0x7f;
276 out_ptr[3] = out_val3 & 0x7f;
282 // Deal with the awkward terminating characters if there are any
285 // Input string has one hanging character
286 char out_val0 = b64_table[((in_ptr[0] >> 2) & 0x3f)];
287 char out_val1 = b64_table[((in_ptr[0] << 4) & 0x30)];
289 out_ptr[0] = out_val0 & 0x7f;
290 out_ptr[1] = out_val1 & 0x7f;
300 // Input string has two hanging characters
301 char out_val0 = b64_table[((in_ptr[0] >> 2) & 0x3f)];
302 char out_val1 = b64_table[((in_ptr[0] << 4) & 0x30) | ((in_ptr[1] >> 4) & 0x0f)];
303 char out_val2 = b64_table[((in_ptr[1] << 2) & 0x3c)];
305 out_ptr[0] = out_val0 & 0x7f;
306 out_ptr[1] = out_val1 & 0x7f;
307 out_ptr[2] = out_val2 & 0x7f;
318 // Determine whether a given string contains non-alphanumeric values
319 // A non-alphanumeric is anything except a-z, A-Z, 0-9
320 // data - the string to check
321 // length - the length of the string
322 // returns true if there's a non-alphanumeric value, false o/w
323 bool containsnonalphanumeric_mangle (u8 * data, u32 length)
325 bool nonalphanumeric;
330 nonalphanumeric = false;
331 // Check each character individually
332 for (pos = 0; (pos < length) && !nonalphanumeric; pos++)
335 if (!((check >= 'a') && (check <= 'z')) && !((check >= 'A') && (check <= 'Z')) && !((check >= '0') && (check <= '9')) && !(check == '_'))
337 nonalphanumeric = true;
341 return nonalphanumeric;
344 // Determine whether a string contains any value between a given range
345 // password - the string to check
346 // length - the length of the string to check
347 // start - the inclusive lower bound of the range to check between
348 // end - the inclusive upper bound of the range to check between
349 // returns true if the string contains a value that falls in the range
351 bool contains_mangle (u8 const *password, u32 length, u8 start, u8 end)
353 bool doescontain = false;
356 // Check each character individually
357 for (pos = 0; (pos < length) && (doescontain == false); pos++)
359 if ((password[pos] >= start) && (password[pos] <= end))
368 // Rotate the characters in a string to the left by the given number of
370 // torotate - the string to rotate
371 // length - the length of the string to rotate
372 // steps - the number of steps to rotate to the left by
373 void rotate_string_mangle (u8 * torotate, u32 length, u32 steps)
378 // Create a rotated copy in a temporary buffer
379 for (pos = 0; pos < length; pos++)
381 scratch[pos] = torotate[(pos + steps) % length];
384 // Copy the result back into the original buffer
385 for (pos = 0; pos < length; pos++)
387 torotate[pos] = scratch[pos];
391 // Perform the mangle operation on the string to be hashed
392 // w0, w1 - the string to be mangled
393 // in_len - the length of the string to be mangled
394 u32x mangle (u32x w0[4], u32x w1[4], const u32x in_len)
396 u32x out_len = in_len;
405 bool nonalphanumeric;
418 // HMAC-MD5 the domain name using the password as the key
419 md5hmac_domain_mangle ((u8 *) hash, in_len, (u8 *) digest);
421 // Check whether the original password contains non-alphanumeric values
422 nonalphanumeric = containsnonalphanumeric_mangle ((u8 *) hash, in_len);
433 // Base64 encode the HMAC; this will be what we use to generate the password
434 out_len = b64_encode_mangle ((u8 *) hash, 16, (u8 *) w0);
436 out_len = 22; // b64 encoding will produce 24 bytes output, but last two will be "=="
440 // for (i = out_len; i < 32; i++) {
441 // ((u8 *)hash)[i] = 0;
444 startingsize = size - 4;
445 startingsize = (startingsize < extrasize) ? startingsize : extrasize;
447 // Transfer the intial portion for output
448 for (i = 0; i < startingsize; i++)
450 ((u8 *) data)[i] = ((u8 *) hash)[i];
452 for (i = startingsize; i < 32; i++)
454 ((u8 *) data)[i] = 0;
457 extrapos = startingsize;
461 next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0;
463 if (!contains_mangle ((u8 *) data, startingsize, 'A', 'Z'))
465 next = 'A' + (next % ('Z' - 'A' + 1));
467 ((u8 *) data)[startingsize] = next;
471 next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0;
473 if (!contains_mangle ((u8 *) data, startingsize, 'a', 'z'))
475 next = 'a' + (next % ('z' - 'a' + 1));
477 ((u8 *) data)[startingsize] = next;
481 next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0;
483 if (!contains_mangle ((u8 *) data, startingsize, '0', '9'))
485 next = '0' + (next % ('9' - '0' + 1));
487 ((u8 *) data)[startingsize] = next;
491 if (containsnonalphanumeric_mangle ((u8 *) data, startingsize) && nonalphanumeric)
493 next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0;
500 ((u8 *) data)[startingsize] = next;
503 // If there's no alphanumeric values in the original password
504 // remove them from the result
505 if (!nonalphanumeric)
507 for (i = 0; i < startingsize; i++)
509 if (containsnonalphanumeric_mangle (((u8 *) data) + i, 1))
511 next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0;
513 next = 'A' + (next % ('Z' - 'A' + 1));
514 ((u8 *) data)[i] = next;
519 // Rotate the result to ranomise where the non-alphanumerics are
520 next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0;
521 rotate_string_mangle ((u8 *) data, startingsize, next);
522 ((u8 *) data)[startingsize] = 0;
524 out_len = startingsize;
526 // Copy th result into the output buffer