00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036
00037
00038
00039
00040
00041
00042
00043
00044 #if defined(__cplusplus)
00045 extern "C"
00046 {
00047 #endif
00048
00049 #ifndef HAVE_CRYPTO
00050
00051 #include "aesopt.h"
00052
00053
00054
00055
00056
00057
00058
00059
00060
00061
00062
00063
00064
00065
00066
00067
00068
00069
00070
00071 #define ke4(k,i) \
00072 { k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+5] = ss[1] ^= ss[0]; \
00073 k[4*(i)+6] = ss[2] ^= ss[1]; k[4*(i)+7] = ss[3] ^= ss[2]; \
00074 }
00075 #define kel4(k,i) \
00076 { k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+5] = ss[1] ^= ss[0]; \
00077 k[4*(i)+6] = ss[2] ^= ss[1]; k[4*(i)+7] = ss[3] ^= ss[2]; \
00078 }
00079
00080 #define ke6(k,i) \
00081 { k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 7] = ss[1] ^= ss[0]; \
00082 k[6*(i)+ 8] = ss[2] ^= ss[1]; k[6*(i)+ 9] = ss[3] ^= ss[2]; \
00083 k[6*(i)+10] = ss[4] ^= ss[3]; k[6*(i)+11] = ss[5] ^= ss[4]; \
00084 }
00085 #define kel6(k,i) \
00086 { k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 7] = ss[1] ^= ss[0]; \
00087 k[6*(i)+ 8] = ss[2] ^= ss[1]; k[6*(i)+ 9] = ss[3] ^= ss[2]; \
00088 }
00089
00090 #define ke8(k,i) \
00091 { k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 9] = ss[1] ^= ss[0]; \
00092 k[8*(i)+10] = ss[2] ^= ss[1]; k[8*(i)+11] = ss[3] ^= ss[2]; \
00093 k[8*(i)+12] = ss[4] ^= ls_box(ss[3],0); k[8*(i)+13] = ss[5] ^= ss[4]; \
00094 k[8*(i)+14] = ss[6] ^= ss[5]; k[8*(i)+15] = ss[7] ^= ss[6]; \
00095 }
00096 #define kel8(k,i) \
00097 { k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 9] = ss[1] ^= ss[0]; \
00098 k[8*(i)+10] = ss[2] ^= ss[1]; k[8*(i)+11] = ss[3] ^= ss[2]; \
00099 }
00100
00101 #if defined(ENCRYPTION_KEY_SCHEDULE)
00102
00103 #if defined(AES_128) || defined(AES_VAR)
00104
00105 aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1])
00106 { aes_32t ss[4];
00107
00108 cx->ks[0] = ss[0] = word_in(in_key, 0);
00109 cx->ks[1] = ss[1] = word_in(in_key, 1);
00110 cx->ks[2] = ss[2] = word_in(in_key, 2);
00111 cx->ks[3] = ss[3] = word_in(in_key, 3);
00112
00113 #if ENC_UNROLL == NONE
00114 { aes_32t i;
00115
00116 for(i = 0; i < ((11 * N_COLS - 1) / 4); ++i)
00117 ke4(cx->ks, i);
00118 }
00119 #else
00120 ke4(cx->ks, 0); ke4(cx->ks, 1);
00121 ke4(cx->ks, 2); ke4(cx->ks, 3);
00122 ke4(cx->ks, 4); ke4(cx->ks, 5);
00123 ke4(cx->ks, 6); ke4(cx->ks, 7);
00124 ke4(cx->ks, 8); kel4(cx->ks, 9);
00125 #endif
00126
00127
00128
00129 cx->ks[53] = cx->ks[45] = 0;
00130 cx->ks[52] = 10;
00131 #ifdef AES_ERR_CHK
00132 return aes_good;
00133 #endif
00134 }
00135
00136 #endif
00137
00138 #if defined(AES_192) || defined(AES_VAR)
00139
00140 aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1])
00141 { aes_32t ss[6];
00142
00143 cx->ks[0] = ss[0] = word_in(in_key, 0);
00144 cx->ks[1] = ss[1] = word_in(in_key, 1);
00145 cx->ks[2] = ss[2] = word_in(in_key, 2);
00146 cx->ks[3] = ss[3] = word_in(in_key, 3);
00147 cx->ks[4] = ss[4] = word_in(in_key, 4);
00148 cx->ks[5] = ss[5] = word_in(in_key, 5);
00149
00150 #if ENC_UNROLL == NONE
00151 { aes_32t i;
00152
00153 for(i = 0; i < (13 * N_COLS - 1) / 6; ++i)
00154 ke6(cx->ks, i);
00155 }
00156 #else
00157 ke6(cx->ks, 0); ke6(cx->ks, 1);
00158 ke6(cx->ks, 2); ke6(cx->ks, 3);
00159 ke6(cx->ks, 4); ke6(cx->ks, 5);
00160 ke6(cx->ks, 6); kel6(cx->ks, 7);
00161 #endif
00162
00163
00164
00165 cx->ks[53] = cx->ks[45];
00166 cx->ks[52] = 12;
00167 #ifdef AES_ERR_CHK
00168 return aes_good;
00169 #endif
00170 }
00171
00172 #endif
00173
00174 #if defined(AES_256) || defined(AES_VAR)
00175
00176 aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1])
00177 { aes_32t ss[8];
00178
00179 cx->ks[0] = ss[0] = word_in(in_key, 0);
00180 cx->ks[1] = ss[1] = word_in(in_key, 1);
00181 cx->ks[2] = ss[2] = word_in(in_key, 2);
00182 cx->ks[3] = ss[3] = word_in(in_key, 3);
00183 cx->ks[4] = ss[4] = word_in(in_key, 4);
00184 cx->ks[5] = ss[5] = word_in(in_key, 5);
00185 cx->ks[6] = ss[6] = word_in(in_key, 6);
00186 cx->ks[7] = ss[7] = word_in(in_key, 7);
00187
00188 #if ENC_UNROLL == NONE
00189 { aes_32t i;
00190
00191 for(i = 0; i < (15 * N_COLS - 1) / 8; ++i)
00192 ke8(cx->ks, i);
00193 }
00194 #else
00195 ke8(cx->ks, 0); ke8(cx->ks, 1);
00196 ke8(cx->ks, 2); ke8(cx->ks, 3);
00197 ke8(cx->ks, 4); ke8(cx->ks, 5);
00198 kel8(cx->ks, 6);
00199 #endif
00200 #ifdef AES_ERR_CHK
00201 return aes_good;
00202 #endif
00203 }
00204
00205 #endif
00206
00207 #if defined(AES_VAR)
00208
00209 aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1])
00210 {
00211 switch(key_len)
00212 {
00213 #ifdef AES_ERR_CHK
00214 case 16: case 128: return aes_encrypt_key128(in_key, cx);
00215 case 24: case 192: return aes_encrypt_key192(in_key, cx);
00216 case 32: case 256: return aes_encrypt_key256(in_key, cx);
00217 default: return aes_error;
00218 #else
00219 case 16: case 128: aes_encrypt_key128(in_key, cx); return;
00220 case 24: case 192: aes_encrypt_key192(in_key, cx); return;
00221 case 32: case 256: aes_encrypt_key256(in_key, cx); return;
00222 #endif
00223 }
00224 }
00225
00226 #endif
00227
00228 #endif
00229
00230 #if defined(DECRYPTION_KEY_SCHEDULE)
00231
00232 #if DEC_ROUND == NO_TABLES
00233 #define ff(x) (x)
00234 #else
00235 #define ff(x) inv_mcol(x)
00236 #ifdef dec_imvars
00237 #define d_vars dec_imvars
00238 #endif
00239 #endif
00240
00241 #if 1
00242 #define kdf4(k,i) \
00243 { ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; ss[1] = ss[1] ^ ss[3]; ss[2] = ss[2] ^ ss[3]; ss[3] = ss[3]; \
00244 ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
00245 ss[4] ^= k[4*(i)]; k[4*(i)+4] = ff(ss[4]); ss[4] ^= k[4*(i)+1]; k[4*(i)+5] = ff(ss[4]); \
00246 ss[4] ^= k[4*(i)+2]; k[4*(i)+6] = ff(ss[4]); ss[4] ^= k[4*(i)+3]; k[4*(i)+7] = ff(ss[4]); \
00247 }
00248 #define kd4(k,i) \
00249 { ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; ss[4] = ff(ss[4]); \
00250 k[4*(i)+4] = ss[4] ^= k[4*(i)]; k[4*(i)+5] = ss[4] ^= k[4*(i)+1]; \
00251 k[4*(i)+6] = ss[4] ^= k[4*(i)+2]; k[4*(i)+7] = ss[4] ^= k[4*(i)+3]; \
00252 }
00253 #define kdl4(k,i) \
00254 { ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
00255 k[4*(i)+4] = (ss[0] ^= ss[1]) ^ ss[2] ^ ss[3]; k[4*(i)+5] = ss[1] ^ ss[3]; \
00256 k[4*(i)+6] = ss[0]; k[4*(i)+7] = ss[1]; \
00257 }
00258 #else
00259 #define kdf4(k,i) \
00260 { ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+ 4] = ff(ss[0]); ss[1] ^= ss[0]; k[4*(i)+ 5] = ff(ss[1]); \
00261 ss[2] ^= ss[1]; k[4*(i)+ 6] = ff(ss[2]); ss[3] ^= ss[2]; k[4*(i)+ 7] = ff(ss[3]); \
00262 }
00263 #define kd4(k,i) \
00264 { ss[4] = ls_box(ss[3],3) ^ t_use(r,c)[i]; \
00265 ss[0] ^= ss[4]; ss[4] = ff(ss[4]); k[4*(i)+ 4] = ss[4] ^= k[4*(i)]; \
00266 ss[1] ^= ss[0]; k[4*(i)+ 5] = ss[4] ^= k[4*(i)+ 1]; \
00267 ss[2] ^= ss[1]; k[4*(i)+ 6] = ss[4] ^= k[4*(i)+ 2]; \
00268 ss[3] ^= ss[2]; k[4*(i)+ 7] = ss[4] ^= k[4*(i)+ 3]; \
00269 }
00270 #define kdl4(k,i) \
00271 { ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+ 4] = ss[0]; ss[1] ^= ss[0]; k[4*(i)+ 5] = ss[1]; \
00272 ss[2] ^= ss[1]; k[4*(i)+ 6] = ss[2]; ss[3] ^= ss[2]; k[4*(i)+ 7] = ss[3]; \
00273 }
00274 #endif
00275
00276 #define kdf6(k,i) \
00277 { ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 6] = ff(ss[0]); ss[1] ^= ss[0]; k[6*(i)+ 7] = ff(ss[1]); \
00278 ss[2] ^= ss[1]; k[6*(i)+ 8] = ff(ss[2]); ss[3] ^= ss[2]; k[6*(i)+ 9] = ff(ss[3]); \
00279 ss[4] ^= ss[3]; k[6*(i)+10] = ff(ss[4]); ss[5] ^= ss[4]; k[6*(i)+11] = ff(ss[5]); \
00280 }
00281 #define kd6(k,i) \
00282 { ss[6] = ls_box(ss[5],3) ^ t_use(r,c)[i]; \
00283 ss[0] ^= ss[6]; ss[6] = ff(ss[6]); k[6*(i)+ 6] = ss[6] ^= k[6*(i)]; \
00284 ss[1] ^= ss[0]; k[6*(i)+ 7] = ss[6] ^= k[6*(i)+ 1]; \
00285 ss[2] ^= ss[1]; k[6*(i)+ 8] = ss[6] ^= k[6*(i)+ 2]; \
00286 ss[3] ^= ss[2]; k[6*(i)+ 9] = ss[6] ^= k[6*(i)+ 3]; \
00287 ss[4] ^= ss[3]; k[6*(i)+10] = ss[6] ^= k[6*(i)+ 4]; \
00288 ss[5] ^= ss[4]; k[6*(i)+11] = ss[6] ^= k[6*(i)+ 5]; \
00289 }
00290 #define kdl6(k,i) \
00291 { ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 6] = ss[0]; ss[1] ^= ss[0]; k[6*(i)+ 7] = ss[1]; \
00292 ss[2] ^= ss[1]; k[6*(i)+ 8] = ss[2]; ss[3] ^= ss[2]; k[6*(i)+ 9] = ss[3]; \
00293 }
00294
00295 #define kdf8(k,i) \
00296 { ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 8] = ff(ss[0]); ss[1] ^= ss[0]; k[8*(i)+ 9] = ff(ss[1]); \
00297 ss[2] ^= ss[1]; k[8*(i)+10] = ff(ss[2]); ss[3] ^= ss[2]; k[8*(i)+11] = ff(ss[3]); \
00298 ss[4] ^= ls_box(ss[3],0); k[8*(i)+12] = ff(ss[4]); ss[5] ^= ss[4]; k[8*(i)+13] = ff(ss[5]); \
00299 ss[6] ^= ss[5]; k[8*(i)+14] = ff(ss[6]); ss[7] ^= ss[6]; k[8*(i)+15] = ff(ss[7]); \
00300 }
00301 #define kd8(k,i) \
00302 { aes_32t g = ls_box(ss[7],3) ^ t_use(r,c)[i]; \
00303 ss[0] ^= g; g = ff(g); k[8*(i)+ 8] = g ^= k[8*(i)]; \
00304 ss[1] ^= ss[0]; k[8*(i)+ 9] = g ^= k[8*(i)+ 1]; \
00305 ss[2] ^= ss[1]; k[8*(i)+10] = g ^= k[8*(i)+ 2]; \
00306 ss[3] ^= ss[2]; k[8*(i)+11] = g ^= k[8*(i)+ 3]; \
00307 g = ls_box(ss[3],0); \
00308 ss[4] ^= g; g = ff(g); k[8*(i)+12] = g ^= k[8*(i)+ 4]; \
00309 ss[5] ^= ss[4]; k[8*(i)+13] = g ^= k[8*(i)+ 5]; \
00310 ss[6] ^= ss[5]; k[8*(i)+14] = g ^= k[8*(i)+ 6]; \
00311 ss[7] ^= ss[6]; k[8*(i)+15] = g ^= k[8*(i)+ 7]; \
00312 }
00313 #define kdl8(k,i) \
00314 { ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 8] = ss[0]; ss[1] ^= ss[0]; k[8*(i)+ 9] = ss[1]; \
00315 ss[2] ^= ss[1]; k[8*(i)+10] = ss[2]; ss[3] ^= ss[2]; k[8*(i)+11] = ss[3]; \
00316 }
00317
00318 #if defined(AES_128) || defined(AES_VAR)
00319
00320 aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1])
00321 { aes_32t ss[5];
00322 #ifdef d_vars
00323 d_vars;
00324 #endif
00325 cx->ks[0] = ss[0] = word_in(in_key, 0);
00326 cx->ks[1] = ss[1] = word_in(in_key, 1);
00327 cx->ks[2] = ss[2] = word_in(in_key, 2);
00328 cx->ks[3] = ss[3] = word_in(in_key, 3);
00329
00330 #if DEC_UNROLL == NONE
00331 { aes_32t i;
00332
00333 for(i = 0; i < (11 * N_COLS - 1) / 4; ++i)
00334 ke4(cx->ks, i);
00335 #if !(DEC_ROUND == NO_TABLES)
00336 for(i = N_COLS; i < 10 * N_COLS; ++i)
00337 cx->ks[i] = inv_mcol(cx->ks[i]);
00338 #endif
00339 }
00340 #else
00341 kdf4(cx->ks, 0); kd4(cx->ks, 1);
00342 kd4(cx->ks, 2); kd4(cx->ks, 3);
00343 kd4(cx->ks, 4); kd4(cx->ks, 5);
00344 kd4(cx->ks, 6); kd4(cx->ks, 7);
00345 kd4(cx->ks, 8); kdl4(cx->ks, 9);
00346 #endif
00347
00348
00349
00350 cx->ks[53] = cx->ks[45] = 0;
00351 cx->ks[52] = 10;
00352 #ifdef AES_ERR_CHK
00353 return aes_good;
00354 #endif
00355 }
00356
00357 #endif
00358
00359 #if defined(AES_192) || defined(AES_VAR)
00360
00361 aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1])
00362 { aes_32t ss[7];
00363 #ifdef d_vars
00364 d_vars;
00365 #endif
00366 cx->ks[0] = ss[0] = word_in(in_key, 0);
00367 cx->ks[1] = ss[1] = word_in(in_key, 1);
00368 cx->ks[2] = ss[2] = word_in(in_key, 2);
00369 cx->ks[3] = ss[3] = word_in(in_key, 3);
00370
00371 #if DEC_UNROLL == NONE
00372 cx->ks[4] = ss[4] = word_in(in_key, 4);
00373 cx->ks[5] = ss[5] = word_in(in_key, 5);
00374 { aes_32t i;
00375
00376 for(i = 0; i < (13 * N_COLS - 1) / 6; ++i)
00377 ke6(cx->ks, i);
00378 #if !(DEC_ROUND == NO_TABLES)
00379 for(i = N_COLS; i < 12 * N_COLS; ++i)
00380 cx->ks[i] = inv_mcol(cx->ks[i]);
00381 #endif
00382 }
00383 #else
00384 cx->ks[4] = ff(ss[4] = word_in(in_key, 4));
00385 cx->ks[5] = ff(ss[5] = word_in(in_key, 5));
00386 kdf6(cx->ks, 0); kd6(cx->ks, 1);
00387 kd6(cx->ks, 2); kd6(cx->ks, 3);
00388 kd6(cx->ks, 4); kd6(cx->ks, 5);
00389 kd6(cx->ks, 6); kdl6(cx->ks, 7);
00390 #endif
00391
00392
00393
00394 cx->ks[53] = cx->ks[45];
00395 cx->ks[52] = 12;
00396 #ifdef AES_ERR_CHK
00397 return aes_good;
00398 #endif
00399 }
00400
00401 #endif
00402
00403 #if defined(AES_256) || defined(AES_VAR)
00404
00405 aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1])
00406 { aes_32t ss[8];
00407 #ifdef d_vars
00408 d_vars;
00409 #endif
00410 cx->ks[0] = ss[0] = word_in(in_key, 0);
00411 cx->ks[1] = ss[1] = word_in(in_key, 1);
00412 cx->ks[2] = ss[2] = word_in(in_key, 2);
00413 cx->ks[3] = ss[3] = word_in(in_key, 3);
00414
00415 #if DEC_UNROLL == NONE
00416 cx->ks[4] = ss[4] = word_in(in_key, 4);
00417 cx->ks[5] = ss[5] = word_in(in_key, 5);
00418 cx->ks[6] = ss[6] = word_in(in_key, 6);
00419 cx->ks[7] = ss[7] = word_in(in_key, 7);
00420 { aes_32t i;
00421
00422 for(i = 0; i < (15 * N_COLS - 1) / 8; ++i)
00423 ke8(cx->ks, i);
00424 #if !(DEC_ROUND == NO_TABLES)
00425 for(i = N_COLS; i < 14 * N_COLS; ++i)
00426 cx->ks[i] = inv_mcol(cx->ks[i]);
00427 #endif
00428 }
00429 #else
00430 cx->ks[4] = ff(ss[4] = word_in(in_key, 4));
00431 cx->ks[5] = ff(ss[5] = word_in(in_key, 5));
00432 cx->ks[6] = ff(ss[6] = word_in(in_key, 6));
00433 cx->ks[7] = ff(ss[7] = word_in(in_key, 7));
00434 kdf8(cx->ks, 0); kd8(cx->ks, 1);
00435 kd8(cx->ks, 2); kd8(cx->ks, 3);
00436 kd8(cx->ks, 4); kd8(cx->ks, 5);
00437 kdl8(cx->ks, 6);
00438 #endif
00439 #ifdef AES_ERR_CHK
00440 return aes_good;
00441 #endif
00442 }
00443
00444 #endif
00445
00446 #if defined(AES_VAR)
00447
00448 aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1])
00449 {
00450 switch(key_len)
00451 {
00452 #ifdef AES_ERR_CHK
00453 case 16: case 128: return aes_decrypt_key128(in_key, cx);
00454 case 24: case 192: return aes_decrypt_key192(in_key, cx);
00455 case 32: case 256: return aes_decrypt_key256(in_key, cx);
00456 default: return aes_error;
00457 #else
00458 case 16: case 128: aes_decrypt_key128(in_key, cx); return;
00459 case 24: case 192: aes_decrypt_key192(in_key, cx); return;
00460 case 32: case 256: aes_decrypt_key256(in_key, cx); return;
00461 #endif
00462 }
00463 }
00464
00465 #endif
00466
00467 #endif
00468
00469 #endif
00470
00471 #if defined(__cplusplus)
00472 }
00473 #endif