+// Domain to use for mangling
+__constant u8 domain[] = "flypig.co.uk";
+__constant u32x domain_len = 12;
+
+// Characters used for base64 encoding
+__constant char b64_table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+// Perform an MD5 transform step
+// Should be called through hmac_md5_pad_mangle and hmac_md5_run_mangle
+void md5_transform_mangle (const u32x w0[4], const u32x w1[4], const u32x w2[4], const u32x w3[4], u32x digest[4])
+{
+ u32x a = digest[0];
+ u32x b = digest[1];
+ u32x c = digest[2];
+ u32x d = digest[3];
+
+ u32x w0_t = w0[0];
+ u32x w1_t = w0[1];
+ u32x w2_t = w0[2];
+ u32x w3_t = w0[3];
+ u32x w4_t = w1[0];
+ u32x w5_t = w1[1];
+ u32x w6_t = w1[2];
+ u32x w7_t = w1[3];
+ u32x w8_t = w2[0];
+ u32x w9_t = w2[1];
+ u32x wa_t = w2[2];
+ u32x wb_t = w2[3];
+ u32x wc_t = w3[0];
+ u32x wd_t = w3[1];
+ u32x we_t = w3[2];
+ u32x wf_t = w3[3];
+
+ MD5_STEP (MD5_Fo, a, b, c, d, w0_t, MD5C00, MD5S00);
+ MD5_STEP (MD5_Fo, d, a, b, c, w1_t, MD5C01, MD5S01);
+ MD5_STEP (MD5_Fo, c, d, a, b, w2_t, MD5C02, MD5S02);
+ MD5_STEP (MD5_Fo, b, c, d, a, w3_t, MD5C03, MD5S03);
+ MD5_STEP (MD5_Fo, a, b, c, d, w4_t, MD5C04, MD5S00);
+ MD5_STEP (MD5_Fo, d, a, b, c, w5_t, MD5C05, MD5S01);
+ MD5_STEP (MD5_Fo, c, d, a, b, w6_t, MD5C06, MD5S02);
+ MD5_STEP (MD5_Fo, b, c, d, a, w7_t, MD5C07, MD5S03);
+ MD5_STEP (MD5_Fo, a, b, c, d, w8_t, MD5C08, MD5S00);
+ MD5_STEP (MD5_Fo, d, a, b, c, w9_t, MD5C09, MD5S01);
+ MD5_STEP (MD5_Fo, c, d, a, b, wa_t, MD5C0a, MD5S02);
+ MD5_STEP (MD5_Fo, b, c, d, a, wb_t, MD5C0b, MD5S03);
+ MD5_STEP (MD5_Fo, a, b, c, d, wc_t, MD5C0c, MD5S00);
+ MD5_STEP (MD5_Fo, d, a, b, c, wd_t, MD5C0d, MD5S01);
+ MD5_STEP (MD5_Fo, c, d, a, b, we_t, MD5C0e, MD5S02);
+ MD5_STEP (MD5_Fo, b, c, d, a, wf_t, MD5C0f, MD5S03);
+
+ MD5_STEP (MD5_Go, a, b, c, d, w1_t, MD5C10, MD5S10);
+ MD5_STEP (MD5_Go, d, a, b, c, w6_t, MD5C11, MD5S11);
+ MD5_STEP (MD5_Go, c, d, a, b, wb_t, MD5C12, MD5S12);
+ MD5_STEP (MD5_Go, b, c, d, a, w0_t, MD5C13, MD5S13);
+ MD5_STEP (MD5_Go, a, b, c, d, w5_t, MD5C14, MD5S10);
+ MD5_STEP (MD5_Go, d, a, b, c, wa_t, MD5C15, MD5S11);
+ MD5_STEP (MD5_Go, c, d, a, b, wf_t, MD5C16, MD5S12);
+ MD5_STEP (MD5_Go, b, c, d, a, w4_t, MD5C17, MD5S13);
+ MD5_STEP (MD5_Go, a, b, c, d, w9_t, MD5C18, MD5S10);
+ MD5_STEP (MD5_Go, d, a, b, c, we_t, MD5C19, MD5S11);
+ MD5_STEP (MD5_Go, c, d, a, b, w3_t, MD5C1a, MD5S12);
+ MD5_STEP (MD5_Go, b, c, d, a, w8_t, MD5C1b, MD5S13);
+ MD5_STEP (MD5_Go, a, b, c, d, wd_t, MD5C1c, MD5S10);
+ MD5_STEP (MD5_Go, d, a, b, c, w2_t, MD5C1d, MD5S11);
+ MD5_STEP (MD5_Go, c, d, a, b, w7_t, MD5C1e, MD5S12);
+ MD5_STEP (MD5_Go, b, c, d, a, wc_t, MD5C1f, MD5S13);
+
+ MD5_STEP (MD5_H, a, b, c, d, w5_t, MD5C20, MD5S20);
+ MD5_STEP (MD5_H, d, a, b, c, w8_t, MD5C21, MD5S21);
+ MD5_STEP (MD5_H, c, d, a, b, wb_t, MD5C22, MD5S22);
+ MD5_STEP (MD5_H, b, c, d, a, we_t, MD5C23, MD5S23);
+ MD5_STEP (MD5_H, a, b, c, d, w1_t, MD5C24, MD5S20);
+ MD5_STEP (MD5_H, d, a, b, c, w4_t, MD5C25, MD5S21);
+ MD5_STEP (MD5_H, c, d, a, b, w7_t, MD5C26, MD5S22);
+ MD5_STEP (MD5_H, b, c, d, a, wa_t, MD5C27, MD5S23);
+ MD5_STEP (MD5_H, a, b, c, d, wd_t, MD5C28, MD5S20);
+ MD5_STEP (MD5_H, d, a, b, c, w0_t, MD5C29, MD5S21);
+ MD5_STEP (MD5_H, c, d, a, b, w3_t, MD5C2a, MD5S22);
+ MD5_STEP (MD5_H, b, c, d, a, w6_t, MD5C2b, MD5S23);
+ MD5_STEP (MD5_H, a, b, c, d, w9_t, MD5C2c, MD5S20);
+ MD5_STEP (MD5_H, d, a, b, c, wc_t, MD5C2d, MD5S21);
+ MD5_STEP (MD5_H, c, d, a, b, wf_t, MD5C2e, MD5S22);
+ MD5_STEP (MD5_H, b, c, d, a, w2_t, MD5C2f, MD5S23);
+
+ MD5_STEP (MD5_I, a, b, c, d, w0_t, MD5C30, MD5S30);
+ MD5_STEP (MD5_I, d, a, b, c, w7_t, MD5C31, MD5S31);
+ MD5_STEP (MD5_I, c, d, a, b, we_t, MD5C32, MD5S32);
+ MD5_STEP (MD5_I, b, c, d, a, w5_t, MD5C33, MD5S33);
+ MD5_STEP (MD5_I, a, b, c, d, wc_t, MD5C34, MD5S30);
+ MD5_STEP (MD5_I, d, a, b, c, w3_t, MD5C35, MD5S31);
+ MD5_STEP (MD5_I, c, d, a, b, wa_t, MD5C36, MD5S32);
+ MD5_STEP (MD5_I, b, c, d, a, w1_t, MD5C37, MD5S33);
+ MD5_STEP (MD5_I, a, b, c, d, w8_t, MD5C38, MD5S30);
+ MD5_STEP (MD5_I, d, a, b, c, wf_t, MD5C39, MD5S31);
+ MD5_STEP (MD5_I, c, d, a, b, w6_t, MD5C3a, MD5S32);
+ MD5_STEP (MD5_I, b, c, d, a, wd_t, MD5C3b, MD5S33);
+ MD5_STEP (MD5_I, a, b, c, d, w4_t, MD5C3c, MD5S30);
+ MD5_STEP (MD5_I, d, a, b, c, wb_t, MD5C3d, MD5S31);
+ MD5_STEP (MD5_I, c, d, a, b, w2_t, MD5C3e, MD5S32);
+ MD5_STEP (MD5_I, b, c, d, a, w9_t, MD5C3f, MD5S33);
+
+ digest[0] += a;
+ digest[1] += b;
+ digest[2] += c;
+ digest[3] += d;
+}
+
+// Set up the HMAC-MD5 process
+// The ipad and opad arrays can be retained to run multiple HMAC-MD5 processes
+// without having to recalculate
+// w0, w1, w2, w3 - contain up to 64 bytes of the HMAC key
+// ipad, opad - contain the returned data to pass into the next call
+void hmac_md5_pad_mangle (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[4], u32x opad[4])
+{
+ w0[0] = w0[0] ^ 0x36363636;
+ w0[1] = w0[1] ^ 0x36363636;
+ w0[2] = w0[2] ^ 0x36363636;
+ w0[3] = w0[3] ^ 0x36363636;
+ w1[0] = w1[0] ^ 0x36363636;
+ w1[1] = w1[1] ^ 0x36363636;
+ w1[2] = w1[2] ^ 0x36363636;
+ w1[3] = w1[3] ^ 0x36363636;
+ w2[0] = w2[0] ^ 0x36363636;
+ w2[1] = w2[1] ^ 0x36363636;
+ w2[2] = w2[2] ^ 0x36363636;
+ w2[3] = w2[3] ^ 0x36363636;
+ w3[0] = w3[0] ^ 0x36363636;
+ w3[1] = w3[1] ^ 0x36363636;
+ w3[2] = w3[2] ^ 0x36363636;
+ w3[3] = w3[3] ^ 0x36363636;
+
+ ipad[0] = MD5M_A;
+ ipad[1] = MD5M_B;
+ ipad[2] = MD5M_C;
+ ipad[3] = MD5M_D;
+
+ md5_transform_mangle (w0, w1, w2, w3, ipad);
+
+ w0[0] = w0[0] ^ 0x6a6a6a6a;
+ w0[1] = w0[1] ^ 0x6a6a6a6a;
+ w0[2] = w0[2] ^ 0x6a6a6a6a;
+ w0[3] = w0[3] ^ 0x6a6a6a6a;
+ w1[0] = w1[0] ^ 0x6a6a6a6a;
+ w1[1] = w1[1] ^ 0x6a6a6a6a;
+ w1[2] = w1[2] ^ 0x6a6a6a6a;
+ w1[3] = w1[3] ^ 0x6a6a6a6a;
+ w2[0] = w2[0] ^ 0x6a6a6a6a;
+ w2[1] = w2[1] ^ 0x6a6a6a6a;
+ w2[2] = w2[2] ^ 0x6a6a6a6a;
+ w2[3] = w2[3] ^ 0x6a6a6a6a;
+ w3[0] = w3[0] ^ 0x6a6a6a6a;
+ w3[1] = w3[1] ^ 0x6a6a6a6a;
+ w3[2] = w3[2] ^ 0x6a6a6a6a;
+ w3[3] = w3[3] ^ 0x6a6a6a6a;
+
+ opad[0] = MD5M_A;
+ opad[1] = MD5M_B;
+ opad[2] = MD5M_C;
+ opad[3] = MD5M_D;
+
+ md5_transform_mangle (w0, w1, w2, w3, opad);
+}
+
+// Continue the HMAC-MD5 process
+// It's up to the caller to add the final length and padding terminators
+// hmac_md5_pad_mangle call, which can be used across multiple HMACs
+// w0, w1, w2, w3 - contain up to 64 bytes of data to HMAC
+// ipad, opad - should contain the output from the
+// digest - the 16-byte result of the HMAC
+void hmac_md5_run_mangle (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[4], u32x opad[4], u32x digest[4])
+{
+ digest[0] = ipad[0];
+ digest[1] = ipad[1];
+ digest[2] = ipad[2];
+ digest[3] = ipad[3];
+
+ md5_transform_mangle (w0, w1, w2, w3, digest);
+
+ w0[0] = digest[0];
+ w0[1] = digest[1];
+ w0[2] = digest[2];
+ w0[3] = digest[3];
+ w1[0] = 0x80;
+ w1[1] = 0;
+ w1[2] = 0;
+ w1[3] = 0;
+ w2[0] = 0;
+ w2[1] = 0;
+ w2[2] = 0;
+ w2[3] = 0;
+ w3[0] = 0;
+ w3[1] = 0;
+ w3[2] = (64 + 16) * 8;
+ w3[3] = 0;
+
+ digest[0] = opad[0];
+ digest[1] = opad[1];
+ digest[2] = opad[2];
+ digest[3] = opad[3];
+
+ md5_transform_mangle (w0, w1, w2, w3, digest);
+}
+
+// Perfrom an HMAC-MD5 with the given key and using the domain constant as the
+// data to HMAC
+// in_key - the key to use (the user's password)
+// key-len - the length of the key in bytes
+// out_digest - returns the 16 byte result
+void md5hmac_domain_mangle (u8 const *const in_key, const u32x key_len, u8 out_digest[16])
+{
+ u32 pos;
+
+ // Data
+ u32x data_buf[16];
+
+ for (pos = 0; pos < domain_len; pos++)
+ {
+ ((u8 *) data_buf)[pos] = domain[pos];
+ }
+ for (pos = domain_len; pos < 64; pos++)
+ {
+ ((u8 *) data_buf)[pos] = 0;
+ }
+
+ // Key
+ u32x key_buf[16];
+
+ for (pos = 0; pos < key_len; pos++)
+ {
+ ((u8 *) key_buf)[pos] = in_key[pos];
+ }
+ for (pos = key_len; pos < 64; pos++)
+ {
+ ((u8 *) key_buf)[pos] = 0;
+ }
+
+ // Pads
+ u32x ipad[4];
+ u32x opad[4];
+
+ hmac_md5_pad_mangle (key_buf, key_buf + 4, key_buf + 8, key_buf + 12, ipad, opad);
+
+ // Loop (except this time we don't actually loop)
+ append_0x80_2x4_VV (data_buf, data_buf + 4, domain_len);
+
+ data_buf[14] = (64 + domain_len) * 8;
+
+ hmac_md5_run_mangle (data_buf, data_buf + 4, data_buf + 8, data_buf + 12, ipad, opad, (u32x *) out_digest);
+}
+
+// Base64 encode a string
+// base64_hash - the returned hahs
+// len - the length of the input string
+// base64_plain - the string to encode
+// returns the length of the final encoding
+u32 b64_encode_mangle (u8 * base64_hash, const u32 len, const u8 * base64_plain)
+{
+ u8 *out_ptr = (u8 *) base64_hash;
+ u8 *in_ptr = (u8 *) base64_plain;
+ u32 out_len;
+
+ u32 i;
+
+ // Encode the easy iniitial characters
+ out_len = 0;
+ for (i = 0; i < (len - 2); i += 3)
+ {
+ char out_val0 = b64_table[((in_ptr[0] >> 2) & 0x3f)];
+ char out_val1 = b64_table[((in_ptr[0] << 4) & 0x30) | ((in_ptr[1] >> 4) & 0x0f)];
+ char out_val2 = b64_table[((in_ptr[1] << 2) & 0x3c) | ((in_ptr[2] >> 6) & 0x03)];
+ char out_val3 = b64_table[((in_ptr[2] >> 0) & 0x3f)];
+
+ out_ptr[0] = out_val0 & 0x7f;
+ out_ptr[1] = out_val1 & 0x7f;
+ out_ptr[2] = out_val2 & 0x7f;
+ out_ptr[3] = out_val3 & 0x7f;
+
+ in_ptr += 3;
+ out_ptr += 4;
+ out_len += 4;
+ }
+ // Deal with the awkward terminating characters if there are any
+ if (i == (len - 1))
+ {
+ // Input string has one hanging character
+ char out_val0 = b64_table[((in_ptr[0] >> 2) & 0x3f)];
+ char out_val1 = b64_table[((in_ptr[0] << 4) & 0x30)];
+
+ out_ptr[0] = out_val0 & 0x7f;
+ out_ptr[1] = out_val1 & 0x7f;
+ out_ptr[2] = '=';
+ out_ptr[3] = '=';
+
+ in_ptr += 3;
+ out_ptr += 4;
+ out_len += 4;
+ }
+ if (i == (len - 2))
+ {
+ // Input string has two hanging characters
+ char out_val0 = b64_table[((in_ptr[0] >> 2) & 0x3f)];
+ char out_val1 = b64_table[((in_ptr[0] << 4) & 0x30) | ((in_ptr[1] >> 4) & 0x0f)];
+ char out_val2 = b64_table[((in_ptr[1] << 2) & 0x3c)];
+
+ out_ptr[0] = out_val0 & 0x7f;
+ out_ptr[1] = out_val1 & 0x7f;
+ out_ptr[2] = out_val2 & 0x7f;
+ out_ptr[3] = '=';
+
+ in_ptr += 3;
+ out_ptr += 4;
+ out_len += 4;
+ }
+
+ return out_len;
+}
+
+// Determine whether a given string contains non-alphanumeric values
+// A non-alphanumeric is anything except a-z, A-Z, 0-9
+// data - the string to check
+// length - the length of the string
+// returns true if there's a non-alphanumeric value, false o/w
+bool containsnonalphanumeric_mangle (u8 * data, u32 length)
+{
+ bool nonalphanumeric;
+ u32 pos;
+ char check;
+ u32 startingSize;
+
+ nonalphanumeric = false;
+ // Check each character individually
+ for (pos = 0; (pos < length) && !nonalphanumeric; pos++)
+ {
+ check = data[pos];
+ if (!((check >= 'a') && (check <= 'z')) && !((check >= 'A') && (check <= 'Z')) && !((check >= '0') && (check <= '9')) && !(check == '_'))
+ {
+ nonalphanumeric = true;
+ }
+ }
+
+ return nonalphanumeric;
+}
+
+// Determine whether a string contains any value between a given range
+// password - the string to check
+// length - the length of the string to check
+// start - the inclusive lower bound of the range to check between
+// end - the inclusive upper bound of the range to check between
+// returns true if the string contains a value that falls in the range
+// returns false o/w
+bool contains_mangle (u8 const *password, u32 length, u8 start, u8 end)
+{
+ bool doescontain = false;
+ u32 pos;
+
+ // Check each character individually
+ for (pos = 0; (pos < length) && (doescontain == false); pos++)
+ {
+ if ((password[pos] >= start) && (password[pos] <= end))
+ {
+ doescontain = true;
+ }
+ }
+
+ return doescontain;
+}
+
+// Rotate the characters in a string to the left by the given number of
+// characters
+// torotate - the string to rotate
+// length - the length of the string to rotate
+// steps - the number of steps to rotate to the left by
+void rotate_string_mangle (u8 * torotate, u32 length, u32 steps)
+{
+ u8 scratch[64];
+ u32 pos;
+
+ // Create a rotated copy in a temporary buffer
+ for (pos = 0; pos < length; pos++)
+ {
+ scratch[pos] = torotate[(pos + steps) % length];
+ }
+
+ // Copy the result back into the original buffer
+ for (pos = 0; pos < length; pos++)
+ {
+ torotate[pos] = scratch[pos];
+ }
+}
+
+// Perform the mangle operation on the string to be hashed
+// w0, w1 - the string to be mangled
+// in_len - the length of the string to be mangled
+u32x mangle (u32x w0[4], u32x w1[4], const u32x in_len)
+{
+ u32x out_len = in_len;
+
+ u32 digest[4];
+ u32 data[8];
+ u32 hash[8];
+ u32 i;
+ u32 size;
+ u32 extrasize;
+ u32 startingsize;
+ bool nonalphanumeric;
+ u32 extrapos;
+ u8 next;
+
+ hash[0] = w0[0];
+ hash[1] = w0[1];
+ hash[2] = w0[2];
+ hash[3] = w0[3];
+ hash[4] = w1[0];
+ hash[5] = w1[1];
+ hash[6] = w1[2];
+ hash[7] = w1[3];
+
+ // HMAC-MD5 the domain name using the password as the key
+ md5hmac_domain_mangle ((u8 *) hash, in_len, (u8 *) digest);
+
+ // Check whether the original password contains non-alphanumeric values
+ nonalphanumeric = containsnonalphanumeric_mangle ((u8 *) hash, in_len);
+
+ w0[0] = digest[0];
+ w0[1] = digest[1];
+ w0[2] = digest[2];
+ w0[3] = digest[3];
+ w1[0] = 0;
+ w1[1] = 0;
+ w1[2] = 0;
+ w1[3] = 0;
+
+ // Base64 encode the HMAC; this will be what we use to generate the password
+ out_len = b64_encode_mangle ((u8 *) hash, 16, (u8 *) w0);
+
+ out_len = 22; // b64 encoding will produce 24 bytes output, but last two will be "=="
+ extrasize = 22;
+ size = in_len + 2;
+
+ // for (i = out_len; i < 32; i++) {
+ // ((u8 *)hash)[i] = 0;
+ // }
+
+ startingsize = size - 4;
+ startingsize = (startingsize < extrasize) ? startingsize : extrasize;
+
+ // Transfer the intial portion for output
+ for (i = 0; i < startingsize; i++)
+ {
+ ((u8 *) data)[i] = ((u8 *) hash)[i];
+ }
+ for (i = startingsize; i < 32; i++)
+ {
+ ((u8 *) data)[i] = 0;
+ }
+
+ extrapos = startingsize;
+
+ // Add the extras
+ // Capital letter
+ next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0;
+ extrapos++;
+ if (!contains_mangle ((u8 *) data, startingsize, 'A', 'Z'))
+ {
+ next = 'A' + (next % ('Z' - 'A' + 1));
+ }
+ ((u8 *) data)[startingsize] = next;
+ startingsize++;
+
+ // Lower case letter
+ next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0;
+ extrapos++;
+ if (!contains_mangle ((u8 *) data, startingsize, 'a', 'z'))
+ {
+ next = 'a' + (next % ('z' - 'a' + 1));
+ }
+ ((u8 *) data)[startingsize] = next;
+ startingsize++;
+
+ // Number
+ next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0;
+ extrapos++;
+ if (!contains_mangle ((u8 *) data, startingsize, '0', '9'))
+ {
+ next = '0' + (next % ('9' - '0' + 1));
+ }
+ ((u8 *) data)[startingsize] = next;
+ startingsize++;
+
+ // Non alphanumeric
+ if (containsnonalphanumeric_mangle ((u8 *) data, startingsize) && nonalphanumeric)
+ {
+ next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0;
+ extrapos++;
+ }
+ else
+ {
+ next = '+';
+ }
+ ((u8 *) data)[startingsize] = next;
+ startingsize++;
+
+ // If there's no alphanumeric values in the original password
+ // remove them from the result
+ if (!nonalphanumeric)
+ {
+ for (i = 0; i < startingsize; i++)
+ {
+ if (containsnonalphanumeric_mangle (((u8 *) data) + i, 1))
+ {
+ next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0;
+ extrapos++;
+ next = 'A' + (next % ('Z' - 'A' + 1));
+ ((u8 *) data)[i] = next;
+ }
+ }
+ }
+
+ // Rotate the result to ranomise where the non-alphanumerics are
+ next = (extrapos < extrasize) ? ((u8 *) hash)[extrapos] : 0;
+ rotate_string_mangle ((u8 *) data, startingsize, next);
+ ((u8 *) data)[startingsize] = 0;
+
+ out_len = startingsize;
+
+ // Copy th result into the output buffer
+ w0[0] = data[0];
+ w0[1] = data[1];
+ w0[2] = data[2];
+ w0[3] = data[3];
+ w1[0] = data[4];
+ w1[1] = data[5];
+ w1[2] = data[6];
+ w1[3] = data[7];
+
+ return (out_len);
+}