00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036
00037
00038
00039
00040
00041
00042
00043
00044 #include "aesopt.h"
00045
00046 #if defined(__cplusplus)
00047 extern "C"
00048 {
00049 #endif
00050
00051
00052
00053
00054
00055
00056
00057
00058
00059
00060
00061
00062
00063
00064
00065
00066
00067
00068
00069 #define ke4(k,i) \
00070 { k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+5] = ss[1] ^= ss[0]; \
00071 k[4*(i)+6] = ss[2] ^= ss[1]; k[4*(i)+7] = ss[3] ^= ss[2]; \
00072 }
00073 #define kel4(k,i) \
00074 { k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+5] = ss[1] ^= ss[0]; \
00075 k[4*(i)+6] = ss[2] ^= ss[1]; k[4*(i)+7] = ss[3] ^= ss[2]; \
00076 }
00077
00078 #define ke6(k,i) \
00079 { k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 7] = ss[1] ^= ss[0]; \
00080 k[6*(i)+ 8] = ss[2] ^= ss[1]; k[6*(i)+ 9] = ss[3] ^= ss[2]; \
00081 k[6*(i)+10] = ss[4] ^= ss[3]; k[6*(i)+11] = ss[5] ^= ss[4]; \
00082 }
00083 #define kel6(k,i) \
00084 { k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 7] = ss[1] ^= ss[0]; \
00085 k[6*(i)+ 8] = ss[2] ^= ss[1]; k[6*(i)+ 9] = ss[3] ^= ss[2]; \
00086 }
00087
00088 #define ke8(k,i) \
00089 { k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 9] = ss[1] ^= ss[0]; \
00090 k[8*(i)+10] = ss[2] ^= ss[1]; k[8*(i)+11] = ss[3] ^= ss[2]; \
00091 k[8*(i)+12] = ss[4] ^= ls_box(ss[3],0); k[8*(i)+13] = ss[5] ^= ss[4]; \
00092 k[8*(i)+14] = ss[6] ^= ss[5]; k[8*(i)+15] = ss[7] ^= ss[6]; \
00093 }
00094 #define kel8(k,i) \
00095 { k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 9] = ss[1] ^= ss[0]; \
00096 k[8*(i)+10] = ss[2] ^= ss[1]; k[8*(i)+11] = ss[3] ^= ss[2]; \
00097 }
00098
00099 #if defined(ENCRYPTION_KEY_SCHEDULE)
00100
00101 #if defined(AES_128) || defined(AES_VAR)
00102
00103 aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1])
00104 { aes_32t ss[4];
00105
00106 cx->ks[0] = ss[0] = word_in(in_key, 0);
00107 cx->ks[1] = ss[1] = word_in(in_key, 1);
00108 cx->ks[2] = ss[2] = word_in(in_key, 2);
00109 cx->ks[3] = ss[3] = word_in(in_key, 3);
00110
00111 #if ENC_UNROLL == NONE
00112 { aes_32t i;
00113
00114 for(i = 0; i < ((11 * N_COLS - 1) / 4); ++i)
00115 ke4(cx->ks, i);
00116 }
00117 #else
00118 ke4(cx->ks, 0); ke4(cx->ks, 1);
00119 ke4(cx->ks, 2); ke4(cx->ks, 3);
00120 ke4(cx->ks, 4); ke4(cx->ks, 5);
00121 ke4(cx->ks, 6); ke4(cx->ks, 7);
00122 ke4(cx->ks, 8); kel4(cx->ks, 9);
00123 #endif
00124
00125
00126
00127 cx->ks[53] = cx->ks[45] = 0;
00128 cx->ks[52] = 10;
00129 #ifdef AES_ERR_CHK
00130 return aes_good;
00131 #endif
00132 }
00133
00134 #endif
00135
00136 #if defined(AES_192) || defined(AES_VAR)
00137
00138 aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1])
00139 { aes_32t ss[6];
00140
00141 cx->ks[0] = ss[0] = word_in(in_key, 0);
00142 cx->ks[1] = ss[1] = word_in(in_key, 1);
00143 cx->ks[2] = ss[2] = word_in(in_key, 2);
00144 cx->ks[3] = ss[3] = word_in(in_key, 3);
00145 cx->ks[4] = ss[4] = word_in(in_key, 4);
00146 cx->ks[5] = ss[5] = word_in(in_key, 5);
00147
00148 #if ENC_UNROLL == NONE
00149 { aes_32t i;
00150
00151 for(i = 0; i < (13 * N_COLS - 1) / 6; ++i)
00152 ke6(cx->ks, i);
00153 }
00154 #else
00155 ke6(cx->ks, 0); ke6(cx->ks, 1);
00156 ke6(cx->ks, 2); ke6(cx->ks, 3);
00157 ke6(cx->ks, 4); ke6(cx->ks, 5);
00158 ke6(cx->ks, 6); kel6(cx->ks, 7);
00159 #endif
00160
00161
00162
00163 cx->ks[53] = cx->ks[45];
00164 cx->ks[52] = 12;
00165 #ifdef AES_ERR_CHK
00166 return aes_good;
00167 #endif
00168 }
00169
00170 #endif
00171
00172 #if defined(AES_256) || defined(AES_VAR)
00173
00174 aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1])
00175 { aes_32t ss[8];
00176
00177 cx->ks[0] = ss[0] = word_in(in_key, 0);
00178 cx->ks[1] = ss[1] = word_in(in_key, 1);
00179 cx->ks[2] = ss[2] = word_in(in_key, 2);
00180 cx->ks[3] = ss[3] = word_in(in_key, 3);
00181 cx->ks[4] = ss[4] = word_in(in_key, 4);
00182 cx->ks[5] = ss[5] = word_in(in_key, 5);
00183 cx->ks[6] = ss[6] = word_in(in_key, 6);
00184 cx->ks[7] = ss[7] = word_in(in_key, 7);
00185
00186 #if ENC_UNROLL == NONE
00187 { aes_32t i;
00188
00189 for(i = 0; i < (15 * N_COLS - 1) / 8; ++i)
00190 ke8(cx->ks, i);
00191 }
00192 #else
00193 ke8(cx->ks, 0); ke8(cx->ks, 1);
00194 ke8(cx->ks, 2); ke8(cx->ks, 3);
00195 ke8(cx->ks, 4); ke8(cx->ks, 5);
00196 kel8(cx->ks, 6);
00197 #endif
00198 #ifdef AES_ERR_CHK
00199 return aes_good;
00200 #endif
00201 }
00202
00203 #endif
00204
00205 #if defined(AES_VAR)
00206
00207 aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1])
00208 {
00209 switch(key_len)
00210 {
00211 #ifdef AES_ERR_CHK
00212 case 16: case 128: return aes_encrypt_key128(in_key, cx);
00213 case 24: case 192: return aes_encrypt_key192(in_key, cx);
00214 case 32: case 256: return aes_encrypt_key256(in_key, cx);
00215 default: return aes_error;
00216 #else
00217 case 16: case 128: aes_encrypt_key128(in_key, cx); return;
00218 case 24: case 192: aes_encrypt_key192(in_key, cx); return;
00219 case 32: case 256: aes_encrypt_key256(in_key, cx); return;
00220 #endif
00221 }
00222 }
00223
00224 #endif
00225
00226 #endif
00227
00228 #if defined(DECRYPTION_KEY_SCHEDULE)
00229
00230 #if DEC_ROUND == NO_TABLES
00231 #define ff(x) (x)
00232 #else
00233 #define ff(x) inv_mcol(x)
00234 #ifdef dec_imvars
00235 #define d_vars dec_imvars
00236 #endif
00237 #endif
00238
00239 #if 1
00240 #define kdf4(k,i) \
00241 { ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; ss[1] = ss[1] ^ ss[3]; ss[2] = ss[2] ^ ss[3]; ss[3] = ss[3]; \
00242 ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
00243 ss[4] ^= k[4*(i)]; k[4*(i)+4] = ff(ss[4]); ss[4] ^= k[4*(i)+1]; k[4*(i)+5] = ff(ss[4]); \
00244 ss[4] ^= k[4*(i)+2]; k[4*(i)+6] = ff(ss[4]); ss[4] ^= k[4*(i)+3]; k[4*(i)+7] = ff(ss[4]); \
00245 }
00246 #define kd4(k,i) \
00247 { ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; ss[4] = ff(ss[4]); \
00248 k[4*(i)+4] = ss[4] ^= k[4*(i)]; k[4*(i)+5] = ss[4] ^= k[4*(i)+1]; \
00249 k[4*(i)+6] = ss[4] ^= k[4*(i)+2]; k[4*(i)+7] = ss[4] ^= k[4*(i)+3]; \
00250 }
00251 #define kdl4(k,i) \
00252 { ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
00253 k[4*(i)+4] = (ss[0] ^= ss[1]) ^ ss[2] ^ ss[3]; k[4*(i)+5] = ss[1] ^ ss[3]; \
00254 k[4*(i)+6] = ss[0]; k[4*(i)+7] = ss[1]; \
00255 }
00256 #else
00257 #define kdf4(k,i) \
00258 { ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+ 4] = ff(ss[0]); ss[1] ^= ss[0]; k[4*(i)+ 5] = ff(ss[1]); \
00259 ss[2] ^= ss[1]; k[4*(i)+ 6] = ff(ss[2]); ss[3] ^= ss[2]; k[4*(i)+ 7] = ff(ss[3]); \
00260 }
00261 #define kd4(k,i) \
00262 { ss[4] = ls_box(ss[3],3) ^ t_use(r,c)[i]; \
00263 ss[0] ^= ss[4]; ss[4] = ff(ss[4]); k[4*(i)+ 4] = ss[4] ^= k[4*(i)]; \
00264 ss[1] ^= ss[0]; k[4*(i)+ 5] = ss[4] ^= k[4*(i)+ 1]; \
00265 ss[2] ^= ss[1]; k[4*(i)+ 6] = ss[4] ^= k[4*(i)+ 2]; \
00266 ss[3] ^= ss[2]; k[4*(i)+ 7] = ss[4] ^= k[4*(i)+ 3]; \
00267 }
00268 #define kdl4(k,i) \
00269 { ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+ 4] = ss[0]; ss[1] ^= ss[0]; k[4*(i)+ 5] = ss[1]; \
00270 ss[2] ^= ss[1]; k[4*(i)+ 6] = ss[2]; ss[3] ^= ss[2]; k[4*(i)+ 7] = ss[3]; \
00271 }
00272 #endif
00273
00274 #define kdf6(k,i) \
00275 { ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 6] = ff(ss[0]); ss[1] ^= ss[0]; k[6*(i)+ 7] = ff(ss[1]); \
00276 ss[2] ^= ss[1]; k[6*(i)+ 8] = ff(ss[2]); ss[3] ^= ss[2]; k[6*(i)+ 9] = ff(ss[3]); \
00277 ss[4] ^= ss[3]; k[6*(i)+10] = ff(ss[4]); ss[5] ^= ss[4]; k[6*(i)+11] = ff(ss[5]); \
00278 }
00279 #define kd6(k,i) \
00280 { ss[6] = ls_box(ss[5],3) ^ t_use(r,c)[i]; \
00281 ss[0] ^= ss[6]; ss[6] = ff(ss[6]); k[6*(i)+ 6] = ss[6] ^= k[6*(i)]; \
00282 ss[1] ^= ss[0]; k[6*(i)+ 7] = ss[6] ^= k[6*(i)+ 1]; \
00283 ss[2] ^= ss[1]; k[6*(i)+ 8] = ss[6] ^= k[6*(i)+ 2]; \
00284 ss[3] ^= ss[2]; k[6*(i)+ 9] = ss[6] ^= k[6*(i)+ 3]; \
00285 ss[4] ^= ss[3]; k[6*(i)+10] = ss[6] ^= k[6*(i)+ 4]; \
00286 ss[5] ^= ss[4]; k[6*(i)+11] = ss[6] ^= k[6*(i)+ 5]; \
00287 }
00288 #define kdl6(k,i) \
00289 { ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 6] = ss[0]; ss[1] ^= ss[0]; k[6*(i)+ 7] = ss[1]; \
00290 ss[2] ^= ss[1]; k[6*(i)+ 8] = ss[2]; ss[3] ^= ss[2]; k[6*(i)+ 9] = ss[3]; \
00291 }
00292
00293 #define kdf8(k,i) \
00294 { ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 8] = ff(ss[0]); ss[1] ^= ss[0]; k[8*(i)+ 9] = ff(ss[1]); \
00295 ss[2] ^= ss[1]; k[8*(i)+10] = ff(ss[2]); ss[3] ^= ss[2]; k[8*(i)+11] = ff(ss[3]); \
00296 ss[4] ^= ls_box(ss[3],0); k[8*(i)+12] = ff(ss[4]); ss[5] ^= ss[4]; k[8*(i)+13] = ff(ss[5]); \
00297 ss[6] ^= ss[5]; k[8*(i)+14] = ff(ss[6]); ss[7] ^= ss[6]; k[8*(i)+15] = ff(ss[7]); \
00298 }
00299 #define kd8(k,i) \
00300 { aes_32t g = ls_box(ss[7],3) ^ t_use(r,c)[i]; \
00301 ss[0] ^= g; g = ff(g); k[8*(i)+ 8] = g ^= k[8*(i)]; \
00302 ss[1] ^= ss[0]; k[8*(i)+ 9] = g ^= k[8*(i)+ 1]; \
00303 ss[2] ^= ss[1]; k[8*(i)+10] = g ^= k[8*(i)+ 2]; \
00304 ss[3] ^= ss[2]; k[8*(i)+11] = g ^= k[8*(i)+ 3]; \
00305 g = ls_box(ss[3],0); \
00306 ss[4] ^= g; g = ff(g); k[8*(i)+12] = g ^= k[8*(i)+ 4]; \
00307 ss[5] ^= ss[4]; k[8*(i)+13] = g ^= k[8*(i)+ 5]; \
00308 ss[6] ^= ss[5]; k[8*(i)+14] = g ^= k[8*(i)+ 6]; \
00309 ss[7] ^= ss[6]; k[8*(i)+15] = g ^= k[8*(i)+ 7]; \
00310 }
00311 #define kdl8(k,i) \
00312 { ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 8] = ss[0]; ss[1] ^= ss[0]; k[8*(i)+ 9] = ss[1]; \
00313 ss[2] ^= ss[1]; k[8*(i)+10] = ss[2]; ss[3] ^= ss[2]; k[8*(i)+11] = ss[3]; \
00314 }
00315
00316 #if defined(AES_128) || defined(AES_VAR)
00317
00318 aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1])
00319 { aes_32t ss[5];
00320 #ifdef d_vars
00321 d_vars;
00322 #endif
00323 cx->ks[0] = ss[0] = word_in(in_key, 0);
00324 cx->ks[1] = ss[1] = word_in(in_key, 1);
00325 cx->ks[2] = ss[2] = word_in(in_key, 2);
00326 cx->ks[3] = ss[3] = word_in(in_key, 3);
00327
00328 #if DEC_UNROLL == NONE
00329 { aes_32t i;
00330
00331 for(i = 0; i < (11 * N_COLS - 1) / 4; ++i)
00332 ke4(cx->ks, i);
00333 #if !(DEC_ROUND == NO_TABLES)
00334 for(i = N_COLS; i < 10 * N_COLS; ++i)
00335 cx->ks[i] = inv_mcol(cx->ks[i]);
00336 #endif
00337 }
00338 #else
00339 kdf4(cx->ks, 0); kd4(cx->ks, 1);
00340 kd4(cx->ks, 2); kd4(cx->ks, 3);
00341 kd4(cx->ks, 4); kd4(cx->ks, 5);
00342 kd4(cx->ks, 6); kd4(cx->ks, 7);
00343 kd4(cx->ks, 8); kdl4(cx->ks, 9);
00344 #endif
00345
00346
00347
00348 cx->ks[53] = cx->ks[45] = 0;
00349 cx->ks[52] = 10;
00350 #ifdef AES_ERR_CHK
00351 return aes_good;
00352 #endif
00353 }
00354
00355 #endif
00356
00357 #if defined(AES_192) || defined(AES_VAR)
00358
00359 aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1])
00360 { aes_32t ss[7];
00361 #ifdef d_vars
00362 d_vars;
00363 #endif
00364 cx->ks[0] = ss[0] = word_in(in_key, 0);
00365 cx->ks[1] = ss[1] = word_in(in_key, 1);
00366 cx->ks[2] = ss[2] = word_in(in_key, 2);
00367 cx->ks[3] = ss[3] = word_in(in_key, 3);
00368
00369 #if DEC_UNROLL == NONE
00370 cx->ks[4] = ss[4] = word_in(in_key, 4);
00371 cx->ks[5] = ss[5] = word_in(in_key, 5);
00372 { aes_32t i;
00373
00374 for(i = 0; i < (13 * N_COLS - 1) / 6; ++i)
00375 ke6(cx->ks, i);
00376 #if !(DEC_ROUND == NO_TABLES)
00377 for(i = N_COLS; i < 12 * N_COLS; ++i)
00378 cx->ks[i] = inv_mcol(cx->ks[i]);
00379 #endif
00380 }
00381 #else
00382 cx->ks[4] = ff(ss[4] = word_in(in_key, 4));
00383 cx->ks[5] = ff(ss[5] = word_in(in_key, 5));
00384 kdf6(cx->ks, 0); kd6(cx->ks, 1);
00385 kd6(cx->ks, 2); kd6(cx->ks, 3);
00386 kd6(cx->ks, 4); kd6(cx->ks, 5);
00387 kd6(cx->ks, 6); kdl6(cx->ks, 7);
00388 #endif
00389
00390
00391
00392 cx->ks[53] = cx->ks[45];
00393 cx->ks[52] = 12;
00394 #ifdef AES_ERR_CHK
00395 return aes_good;
00396 #endif
00397 }
00398
00399 #endif
00400
00401 #if defined(AES_256) || defined(AES_VAR)
00402
00403 aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1])
00404 { aes_32t ss[8];
00405 #ifdef d_vars
00406 d_vars;
00407 #endif
00408 cx->ks[0] = ss[0] = word_in(in_key, 0);
00409 cx->ks[1] = ss[1] = word_in(in_key, 1);
00410 cx->ks[2] = ss[2] = word_in(in_key, 2);
00411 cx->ks[3] = ss[3] = word_in(in_key, 3);
00412
00413 #if DEC_UNROLL == NONE
00414 cx->ks[4] = ss[4] = word_in(in_key, 4);
00415 cx->ks[5] = ss[5] = word_in(in_key, 5);
00416 cx->ks[6] = ss[6] = word_in(in_key, 6);
00417 cx->ks[7] = ss[7] = word_in(in_key, 7);
00418 { aes_32t i;
00419
00420 for(i = 0; i < (15 * N_COLS - 1) / 8; ++i)
00421 ke8(cx->ks, i);
00422 #if !(DEC_ROUND == NO_TABLES)
00423 for(i = N_COLS; i < 14 * N_COLS; ++i)
00424 cx->ks[i] = inv_mcol(cx->ks[i]);
00425 #endif
00426 }
00427 #else
00428 cx->ks[4] = ff(ss[4] = word_in(in_key, 4));
00429 cx->ks[5] = ff(ss[5] = word_in(in_key, 5));
00430 cx->ks[6] = ff(ss[6] = word_in(in_key, 6));
00431 cx->ks[7] = ff(ss[7] = word_in(in_key, 7));
00432 kdf8(cx->ks, 0); kd8(cx->ks, 1);
00433 kd8(cx->ks, 2); kd8(cx->ks, 3);
00434 kd8(cx->ks, 4); kd8(cx->ks, 5);
00435 kdl8(cx->ks, 6);
00436 #endif
00437 #ifdef AES_ERR_CHK
00438 return aes_good;
00439 #endif
00440 }
00441
00442 #endif
00443
00444 #if defined(AES_VAR)
00445
00446 aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1])
00447 {
00448 switch(key_len)
00449 {
00450 #ifdef AES_ERR_CHK
00451 case 16: case 128: return aes_decrypt_key128(in_key, cx);
00452 case 24: case 192: return aes_decrypt_key192(in_key, cx);
00453 case 32: case 256: return aes_decrypt_key256(in_key, cx);
00454 default: return aes_error;
00455 #else
00456 case 16: case 128: aes_decrypt_key128(in_key, cx); return;
00457 case 24: case 192: aes_decrypt_key192(in_key, cx); return;
00458 case 32: case 256: aes_decrypt_key256(in_key, cx); return;
00459 #endif
00460 }
00461 }
00462
00463 #endif
00464
00465 #endif
00466
00467 #if defined(__cplusplus)
00468 }
00469 #endif