00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036
00037
00038 #include "aesopt.h"
00039
00040 #if defined(__cplusplus)
00041 extern "C"
00042 {
00043 #endif
00044
00045
00046
00047
00048
00049
00050
00051
00052
00053
00054
00055
00056
00057
00058
00059
00060
00061
00062
00063 #define ke4(k,i) \
00064 { k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+5] = ss[1] ^= ss[0]; \
00065 k[4*(i)+6] = ss[2] ^= ss[1]; k[4*(i)+7] = ss[3] ^= ss[2]; \
00066 }
00067 #define kel4(k,i) \
00068 { k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+5] = ss[1] ^= ss[0]; \
00069 k[4*(i)+6] = ss[2] ^= ss[1]; k[4*(i)+7] = ss[3] ^= ss[2]; \
00070 }
00071
00072 #define ke6(k,i) \
00073 { k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 7] = ss[1] ^= ss[0]; \
00074 k[6*(i)+ 8] = ss[2] ^= ss[1]; k[6*(i)+ 9] = ss[3] ^= ss[2]; \
00075 k[6*(i)+10] = ss[4] ^= ss[3]; k[6*(i)+11] = ss[5] ^= ss[4]; \
00076 }
00077 #define kel6(k,i) \
00078 { k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 7] = ss[1] ^= ss[0]; \
00079 k[6*(i)+ 8] = ss[2] ^= ss[1]; k[6*(i)+ 9] = ss[3] ^= ss[2]; \
00080 }
00081
00082 #define ke8(k,i) \
00083 { k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 9] = ss[1] ^= ss[0]; \
00084 k[8*(i)+10] = ss[2] ^= ss[1]; k[8*(i)+11] = ss[3] ^= ss[2]; \
00085 k[8*(i)+12] = ss[4] ^= ls_box(ss[3],0); k[8*(i)+13] = ss[5] ^= ss[4]; \
00086 k[8*(i)+14] = ss[6] ^= ss[5]; k[8*(i)+15] = ss[7] ^= ss[6]; \
00087 }
00088 #define kel8(k,i) \
00089 { k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 9] = ss[1] ^= ss[0]; \
00090 k[8*(i)+10] = ss[2] ^= ss[1]; k[8*(i)+11] = ss[3] ^= ss[2]; \
00091 }
00092
00093 #if defined(ENCRYPTION_KEY_SCHEDULE)
00094
00095 #if defined(AES_128) || defined(AES_VAR)
00096
00097 aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1])
00098 { aes_32t ss[4];
00099
00100 cx->ks[0] = ss[0] = word_in(in_key, 0);
00101 cx->ks[1] = ss[1] = word_in(in_key, 1);
00102 cx->ks[2] = ss[2] = word_in(in_key, 2);
00103 cx->ks[3] = ss[3] = word_in(in_key, 3);
00104
00105 #if ENC_UNROLL == NONE
00106 { aes_32t i;
00107
00108 for(i = 0; i < ((11 * N_COLS - 1) / 4); ++i)
00109 ke4(cx->ks, i);
00110 }
00111 #else
00112 ke4(cx->ks, 0); ke4(cx->ks, 1);
00113 ke4(cx->ks, 2); ke4(cx->ks, 3);
00114 ke4(cx->ks, 4); ke4(cx->ks, 5);
00115 ke4(cx->ks, 6); ke4(cx->ks, 7);
00116 ke4(cx->ks, 8); kel4(cx->ks, 9);
00117 #endif
00118
00119
00120
00121 cx->ks[53] = cx->ks[45] = 0;
00122 cx->ks[52] = 10;
00123 #ifdef AES_ERR_CHK
00124 return aes_good;
00125 #endif
00126 }
00127
00128 #endif
00129
00130 #if defined(AES_192) || defined(AES_VAR)
00131
00132 aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1])
00133 { aes_32t ss[6];
00134
00135 cx->ks[0] = ss[0] = word_in(in_key, 0);
00136 cx->ks[1] = ss[1] = word_in(in_key, 1);
00137 cx->ks[2] = ss[2] = word_in(in_key, 2);
00138 cx->ks[3] = ss[3] = word_in(in_key, 3);
00139 cx->ks[4] = ss[4] = word_in(in_key, 4);
00140 cx->ks[5] = ss[5] = word_in(in_key, 5);
00141
00142 #if ENC_UNROLL == NONE
00143 { aes_32t i;
00144
00145 for(i = 0; i < (13 * N_COLS - 1) / 6; ++i)
00146 ke6(cx->ks, i);
00147 }
00148 #else
00149 ke6(cx->ks, 0); ke6(cx->ks, 1);
00150 ke6(cx->ks, 2); ke6(cx->ks, 3);
00151 ke6(cx->ks, 4); ke6(cx->ks, 5);
00152 ke6(cx->ks, 6); kel6(cx->ks, 7);
00153 #endif
00154
00155
00156
00157 cx->ks[53] = cx->ks[45];
00158 cx->ks[52] = 12;
00159 #ifdef AES_ERR_CHK
00160 return aes_good;
00161 #endif
00162 }
00163
00164 #endif
00165
00166 #if defined(AES_256) || defined(AES_VAR)
00167
00168 aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1])
00169 { aes_32t ss[8];
00170
00171 cx->ks[0] = ss[0] = word_in(in_key, 0);
00172 cx->ks[1] = ss[1] = word_in(in_key, 1);
00173 cx->ks[2] = ss[2] = word_in(in_key, 2);
00174 cx->ks[3] = ss[3] = word_in(in_key, 3);
00175 cx->ks[4] = ss[4] = word_in(in_key, 4);
00176 cx->ks[5] = ss[5] = word_in(in_key, 5);
00177 cx->ks[6] = ss[6] = word_in(in_key, 6);
00178 cx->ks[7] = ss[7] = word_in(in_key, 7);
00179
00180 #if ENC_UNROLL == NONE
00181 { aes_32t i;
00182
00183 for(i = 0; i < (15 * N_COLS - 1) / 8; ++i)
00184 ke8(cx->ks, i);
00185 }
00186 #else
00187 ke8(cx->ks, 0); ke8(cx->ks, 1);
00188 ke8(cx->ks, 2); ke8(cx->ks, 3);
00189 ke8(cx->ks, 4); ke8(cx->ks, 5);
00190 kel8(cx->ks, 6);
00191 #endif
00192 #ifdef AES_ERR_CHK
00193 return aes_good;
00194 #endif
00195 }
00196
00197 #endif
00198
00199 #if defined(AES_VAR)
00200
00201 aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1])
00202 {
00203 switch(key_len)
00204 {
00205 #ifdef AES_ERR_CHK
00206 case 16: case 128: return aes_encrypt_key128(in_key, cx);
00207 case 24: case 192: return aes_encrypt_key192(in_key, cx);
00208 case 32: case 256: return aes_encrypt_key256(in_key, cx);
00209 default: return aes_error;
00210 #else
00211 case 16: case 128: aes_encrypt_key128(in_key, cx); return;
00212 case 24: case 192: aes_encrypt_key192(in_key, cx); return;
00213 case 32: case 256: aes_encrypt_key256(in_key, cx); return;
00214 #endif
00215 }
00216 }
00217
00218 #endif
00219
00220 #endif
00221
00222 #if defined(DECRYPTION_KEY_SCHEDULE)
00223
00224 #if DEC_ROUND == NO_TABLES
00225 #define ff(x) (x)
00226 #else
00227 #define ff(x) inv_mcol(x)
00228 #ifdef dec_imvars
00229 #define d_vars dec_imvars
00230 #endif
00231 #endif
00232
00233 #if 1
00234 #define kdf4(k,i) \
00235 { ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; ss[1] = ss[1] ^ ss[3]; ss[2] = ss[2] ^ ss[3]; ss[3] = ss[3]; \
00236 ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
00237 ss[4] ^= k[4*(i)]; k[4*(i)+4] = ff(ss[4]); ss[4] ^= k[4*(i)+1]; k[4*(i)+5] = ff(ss[4]); \
00238 ss[4] ^= k[4*(i)+2]; k[4*(i)+6] = ff(ss[4]); ss[4] ^= k[4*(i)+3]; k[4*(i)+7] = ff(ss[4]); \
00239 }
00240 #define kd4(k,i) \
00241 { ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; ss[4] = ff(ss[4]); \
00242 k[4*(i)+4] = ss[4] ^= k[4*(i)]; k[4*(i)+5] = ss[4] ^= k[4*(i)+1]; \
00243 k[4*(i)+6] = ss[4] ^= k[4*(i)+2]; k[4*(i)+7] = ss[4] ^= k[4*(i)+3]; \
00244 }
00245 #define kdl4(k,i) \
00246 { ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
00247 k[4*(i)+4] = (ss[0] ^= ss[1]) ^ ss[2] ^ ss[3]; k[4*(i)+5] = ss[1] ^ ss[3]; \
00248 k[4*(i)+6] = ss[0]; k[4*(i)+7] = ss[1]; \
00249 }
00250 #else
00251 #define kdf4(k,i) \
00252 { ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+ 4] = ff(ss[0]); ss[1] ^= ss[0]; k[4*(i)+ 5] = ff(ss[1]); \
00253 ss[2] ^= ss[1]; k[4*(i)+ 6] = ff(ss[2]); ss[3] ^= ss[2]; k[4*(i)+ 7] = ff(ss[3]); \
00254 }
00255 #define kd4(k,i) \
00256 { ss[4] = ls_box(ss[3],3) ^ t_use(r,c)[i]; \
00257 ss[0] ^= ss[4]; ss[4] = ff(ss[4]); k[4*(i)+ 4] = ss[4] ^= k[4*(i)]; \
00258 ss[1] ^= ss[0]; k[4*(i)+ 5] = ss[4] ^= k[4*(i)+ 1]; \
00259 ss[2] ^= ss[1]; k[4*(i)+ 6] = ss[4] ^= k[4*(i)+ 2]; \
00260 ss[3] ^= ss[2]; k[4*(i)+ 7] = ss[4] ^= k[4*(i)+ 3]; \
00261 }
00262 #define kdl4(k,i) \
00263 { ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+ 4] = ss[0]; ss[1] ^= ss[0]; k[4*(i)+ 5] = ss[1]; \
00264 ss[2] ^= ss[1]; k[4*(i)+ 6] = ss[2]; ss[3] ^= ss[2]; k[4*(i)+ 7] = ss[3]; \
00265 }
00266 #endif
00267
00268 #define kdf6(k,i) \
00269 { ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 6] = ff(ss[0]); ss[1] ^= ss[0]; k[6*(i)+ 7] = ff(ss[1]); \
00270 ss[2] ^= ss[1]; k[6*(i)+ 8] = ff(ss[2]); ss[3] ^= ss[2]; k[6*(i)+ 9] = ff(ss[3]); \
00271 ss[4] ^= ss[3]; k[6*(i)+10] = ff(ss[4]); ss[5] ^= ss[4]; k[6*(i)+11] = ff(ss[5]); \
00272 }
00273 #define kd6(k,i) \
00274 { ss[6] = ls_box(ss[5],3) ^ t_use(r,c)[i]; \
00275 ss[0] ^= ss[6]; ss[6] = ff(ss[6]); k[6*(i)+ 6] = ss[6] ^= k[6*(i)]; \
00276 ss[1] ^= ss[0]; k[6*(i)+ 7] = ss[6] ^= k[6*(i)+ 1]; \
00277 ss[2] ^= ss[1]; k[6*(i)+ 8] = ss[6] ^= k[6*(i)+ 2]; \
00278 ss[3] ^= ss[2]; k[6*(i)+ 9] = ss[6] ^= k[6*(i)+ 3]; \
00279 ss[4] ^= ss[3]; k[6*(i)+10] = ss[6] ^= k[6*(i)+ 4]; \
00280 ss[5] ^= ss[4]; k[6*(i)+11] = ss[6] ^= k[6*(i)+ 5]; \
00281 }
00282 #define kdl6(k,i) \
00283 { ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 6] = ss[0]; ss[1] ^= ss[0]; k[6*(i)+ 7] = ss[1]; \
00284 ss[2] ^= ss[1]; k[6*(i)+ 8] = ss[2]; ss[3] ^= ss[2]; k[6*(i)+ 9] = ss[3]; \
00285 }
00286
00287 #define kdf8(k,i) \
00288 { ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 8] = ff(ss[0]); ss[1] ^= ss[0]; k[8*(i)+ 9] = ff(ss[1]); \
00289 ss[2] ^= ss[1]; k[8*(i)+10] = ff(ss[2]); ss[3] ^= ss[2]; k[8*(i)+11] = ff(ss[3]); \
00290 ss[4] ^= ls_box(ss[3],0); k[8*(i)+12] = ff(ss[4]); ss[5] ^= ss[4]; k[8*(i)+13] = ff(ss[5]); \
00291 ss[6] ^= ss[5]; k[8*(i)+14] = ff(ss[6]); ss[7] ^= ss[6]; k[8*(i)+15] = ff(ss[7]); \
00292 }
00293 #define kd8(k,i) \
00294 { aes_32t g = ls_box(ss[7],3) ^ t_use(r,c)[i]; \
00295 ss[0] ^= g; g = ff(g); k[8*(i)+ 8] = g ^= k[8*(i)]; \
00296 ss[1] ^= ss[0]; k[8*(i)+ 9] = g ^= k[8*(i)+ 1]; \
00297 ss[2] ^= ss[1]; k[8*(i)+10] = g ^= k[8*(i)+ 2]; \
00298 ss[3] ^= ss[2]; k[8*(i)+11] = g ^= k[8*(i)+ 3]; \
00299 g = ls_box(ss[3],0); \
00300 ss[4] ^= g; g = ff(g); k[8*(i)+12] = g ^= k[8*(i)+ 4]; \
00301 ss[5] ^= ss[4]; k[8*(i)+13] = g ^= k[8*(i)+ 5]; \
00302 ss[6] ^= ss[5]; k[8*(i)+14] = g ^= k[8*(i)+ 6]; \
00303 ss[7] ^= ss[6]; k[8*(i)+15] = g ^= k[8*(i)+ 7]; \
00304 }
00305 #define kdl8(k,i) \
00306 { ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 8] = ss[0]; ss[1] ^= ss[0]; k[8*(i)+ 9] = ss[1]; \
00307 ss[2] ^= ss[1]; k[8*(i)+10] = ss[2]; ss[3] ^= ss[2]; k[8*(i)+11] = ss[3]; \
00308 }
00309
00310 #if defined(AES_128) || defined(AES_VAR)
00311
00312 aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1])
00313 { aes_32t ss[5];
00314 #ifdef d_vars
00315 d_vars;
00316 #endif
00317 cx->ks[0] = ss[0] = word_in(in_key, 0);
00318 cx->ks[1] = ss[1] = word_in(in_key, 1);
00319 cx->ks[2] = ss[2] = word_in(in_key, 2);
00320 cx->ks[3] = ss[3] = word_in(in_key, 3);
00321
00322 #if DEC_UNROLL == NONE
00323 { aes_32t i;
00324
00325 for(i = 0; i < (11 * N_COLS - 1) / 4; ++i)
00326 ke4(cx->ks, i);
00327 #if !(DEC_ROUND == NO_TABLES)
00328 for(i = N_COLS; i < 10 * N_COLS; ++i)
00329 cx->ks[i] = inv_mcol(cx->ks[i]);
00330 #endif
00331 }
00332 #else
00333 kdf4(cx->ks, 0); kd4(cx->ks, 1);
00334 kd4(cx->ks, 2); kd4(cx->ks, 3);
00335 kd4(cx->ks, 4); kd4(cx->ks, 5);
00336 kd4(cx->ks, 6); kd4(cx->ks, 7);
00337 kd4(cx->ks, 8); kdl4(cx->ks, 9);
00338 #endif
00339
00340
00341
00342 cx->ks[53] = cx->ks[45] = 0;
00343 cx->ks[52] = 10;
00344 #ifdef AES_ERR_CHK
00345 return aes_good;
00346 #endif
00347 }
00348
00349 #endif
00350
00351 #if defined(AES_192) || defined(AES_VAR)
00352
00353 aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1])
00354 { aes_32t ss[7];
00355 #ifdef d_vars
00356 d_vars;
00357 #endif
00358 cx->ks[0] = ss[0] = word_in(in_key, 0);
00359 cx->ks[1] = ss[1] = word_in(in_key, 1);
00360 cx->ks[2] = ss[2] = word_in(in_key, 2);
00361 cx->ks[3] = ss[3] = word_in(in_key, 3);
00362
00363 #if DEC_UNROLL == NONE
00364 cx->ks[4] = ss[4] = word_in(in_key, 4);
00365 cx->ks[5] = ss[5] = word_in(in_key, 5);
00366 { aes_32t i;
00367
00368 for(i = 0; i < (13 * N_COLS - 1) / 6; ++i)
00369 ke6(cx->ks, i);
00370 #if !(DEC_ROUND == NO_TABLES)
00371 for(i = N_COLS; i < 12 * N_COLS; ++i)
00372 cx->ks[i] = inv_mcol(cx->ks[i]);
00373 #endif
00374 }
00375 #else
00376 cx->ks[4] = ff(ss[4] = word_in(in_key, 4));
00377 cx->ks[5] = ff(ss[5] = word_in(in_key, 5));
00378 kdf6(cx->ks, 0); kd6(cx->ks, 1);
00379 kd6(cx->ks, 2); kd6(cx->ks, 3);
00380 kd6(cx->ks, 4); kd6(cx->ks, 5);
00381 kd6(cx->ks, 6); kdl6(cx->ks, 7);
00382 #endif
00383
00384
00385
00386 cx->ks[53] = cx->ks[45];
00387 cx->ks[52] = 12;
00388 #ifdef AES_ERR_CHK
00389 return aes_good;
00390 #endif
00391 }
00392
00393 #endif
00394
00395 #if defined(AES_256) || defined(AES_VAR)
00396
00397 aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1])
00398 { aes_32t ss[8];
00399 #ifdef d_vars
00400 d_vars;
00401 #endif
00402 cx->ks[0] = ss[0] = word_in(in_key, 0);
00403 cx->ks[1] = ss[1] = word_in(in_key, 1);
00404 cx->ks[2] = ss[2] = word_in(in_key, 2);
00405 cx->ks[3] = ss[3] = word_in(in_key, 3);
00406
00407 #if DEC_UNROLL == NONE
00408 cx->ks[4] = ss[4] = word_in(in_key, 4);
00409 cx->ks[5] = ss[5] = word_in(in_key, 5);
00410 cx->ks[6] = ss[6] = word_in(in_key, 6);
00411 cx->ks[7] = ss[7] = word_in(in_key, 7);
00412 { aes_32t i;
00413
00414 for(i = 0; i < (15 * N_COLS - 1) / 8; ++i)
00415 ke8(cx->ks, i);
00416 #if !(DEC_ROUND == NO_TABLES)
00417 for(i = N_COLS; i < 14 * N_COLS; ++i)
00418 cx->ks[i] = inv_mcol(cx->ks[i]);
00419 #endif
00420 }
00421 #else
00422 cx->ks[4] = ff(ss[4] = word_in(in_key, 4));
00423 cx->ks[5] = ff(ss[5] = word_in(in_key, 5));
00424 cx->ks[6] = ff(ss[6] = word_in(in_key, 6));
00425 cx->ks[7] = ff(ss[7] = word_in(in_key, 7));
00426 kdf8(cx->ks, 0); kd8(cx->ks, 1);
00427 kd8(cx->ks, 2); kd8(cx->ks, 3);
00428 kd8(cx->ks, 4); kd8(cx->ks, 5);
00429 kdl8(cx->ks, 6);
00430 #endif
00431 #ifdef AES_ERR_CHK
00432 return aes_good;
00433 #endif
00434 }
00435
00436 #endif
00437
00438 #if defined(AES_VAR)
00439
00440 aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1])
00441 {
00442 switch(key_len)
00443 {
00444 #ifdef AES_ERR_CHK
00445 case 16: case 128: return aes_decrypt_key128(in_key, cx);
00446 case 24: case 192: return aes_decrypt_key192(in_key, cx);
00447 case 32: case 256: return aes_decrypt_key256(in_key, cx);
00448 default: return aes_error;
00449 #else
00450 case 16: case 128: aes_decrypt_key128(in_key, cx); return;
00451 case 24: case 192: aes_decrypt_key192(in_key, cx); return;
00452 case 32: case 256: aes_decrypt_key256(in_key, cx); return;
00453 #endif
00454 }
00455 }
00456
00457 #endif
00458
00459 #endif
00460
00461 #if defined(__cplusplus)
00462 }
00463 #endif