00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036
00037
00038
00039
00040 #include "aesopt.h"
00041
00042 #if defined(__cplusplus)
00043 extern "C"
00044 {
00045 #endif
00046
00047
00048
00049
00050
00051
00052
00053
00054
00055
00056
00057
00058
00059
00060
00061
00062
00063
00064
00065 #define ke4(k,i) \
00066 { k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+5] = ss[1] ^= ss[0]; \
00067 k[4*(i)+6] = ss[2] ^= ss[1]; k[4*(i)+7] = ss[3] ^= ss[2]; \
00068 }
00069 #define kel4(k,i) \
00070 { k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+5] = ss[1] ^= ss[0]; \
00071 k[4*(i)+6] = ss[2] ^= ss[1]; k[4*(i)+7] = ss[3] ^= ss[2]; \
00072 }
00073
00074 #define ke6(k,i) \
00075 { k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 7] = ss[1] ^= ss[0]; \
00076 k[6*(i)+ 8] = ss[2] ^= ss[1]; k[6*(i)+ 9] = ss[3] ^= ss[2]; \
00077 k[6*(i)+10] = ss[4] ^= ss[3]; k[6*(i)+11] = ss[5] ^= ss[4]; \
00078 }
00079 #define kel6(k,i) \
00080 { k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 7] = ss[1] ^= ss[0]; \
00081 k[6*(i)+ 8] = ss[2] ^= ss[1]; k[6*(i)+ 9] = ss[3] ^= ss[2]; \
00082 }
00083
00084 #define ke8(k,i) \
00085 { k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 9] = ss[1] ^= ss[0]; \
00086 k[8*(i)+10] = ss[2] ^= ss[1]; k[8*(i)+11] = ss[3] ^= ss[2]; \
00087 k[8*(i)+12] = ss[4] ^= ls_box(ss[3],0); k[8*(i)+13] = ss[5] ^= ss[4]; \
00088 k[8*(i)+14] = ss[6] ^= ss[5]; k[8*(i)+15] = ss[7] ^= ss[6]; \
00089 }
00090 #define kel8(k,i) \
00091 { k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 9] = ss[1] ^= ss[0]; \
00092 k[8*(i)+10] = ss[2] ^= ss[1]; k[8*(i)+11] = ss[3] ^= ss[2]; \
00093 }
00094
00095 #if defined(ENCRYPTION_KEY_SCHEDULE)
00096
00097 #if defined(AES_128) || defined(AES_VAR)
00098
00099 aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1])
00100 { aes_32t ss[4];
00101
00102 cx->ks[0] = ss[0] = word_in(in_key, 0);
00103 cx->ks[1] = ss[1] = word_in(in_key, 1);
00104 cx->ks[2] = ss[2] = word_in(in_key, 2);
00105 cx->ks[3] = ss[3] = word_in(in_key, 3);
00106
00107 #if ENC_UNROLL == NONE
00108 { aes_32t i;
00109
00110 for(i = 0; i < ((11 * N_COLS - 1) / 4); ++i)
00111 ke4(cx->ks, i);
00112 }
00113 #else
00114 ke4(cx->ks, 0); ke4(cx->ks, 1);
00115 ke4(cx->ks, 2); ke4(cx->ks, 3);
00116 ke4(cx->ks, 4); ke4(cx->ks, 5);
00117 ke4(cx->ks, 6); ke4(cx->ks, 7);
00118 ke4(cx->ks, 8); kel4(cx->ks, 9);
00119 #endif
00120
00121
00122
00123 cx->ks[53] = cx->ks[45] = 0;
00124 cx->ks[52] = 10;
00125 #ifdef AES_ERR_CHK
00126 return aes_good;
00127 #endif
00128 }
00129
00130 #endif
00131
00132 #if defined(AES_192) || defined(AES_VAR)
00133
00134 aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1])
00135 { aes_32t ss[6];
00136
00137 cx->ks[0] = ss[0] = word_in(in_key, 0);
00138 cx->ks[1] = ss[1] = word_in(in_key, 1);
00139 cx->ks[2] = ss[2] = word_in(in_key, 2);
00140 cx->ks[3] = ss[3] = word_in(in_key, 3);
00141 cx->ks[4] = ss[4] = word_in(in_key, 4);
00142 cx->ks[5] = ss[5] = word_in(in_key, 5);
00143
00144 #if ENC_UNROLL == NONE
00145 { aes_32t i;
00146
00147 for(i = 0; i < (13 * N_COLS - 1) / 6; ++i)
00148 ke6(cx->ks, i);
00149 }
00150 #else
00151 ke6(cx->ks, 0); ke6(cx->ks, 1);
00152 ke6(cx->ks, 2); ke6(cx->ks, 3);
00153 ke6(cx->ks, 4); ke6(cx->ks, 5);
00154 ke6(cx->ks, 6); kel6(cx->ks, 7);
00155 #endif
00156
00157
00158
00159 cx->ks[53] = cx->ks[45];
00160 cx->ks[52] = 12;
00161 #ifdef AES_ERR_CHK
00162 return aes_good;
00163 #endif
00164 }
00165
00166 #endif
00167
00168 #if defined(AES_256) || defined(AES_VAR)
00169
00170 aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1])
00171 { aes_32t ss[8];
00172
00173 cx->ks[0] = ss[0] = word_in(in_key, 0);
00174 cx->ks[1] = ss[1] = word_in(in_key, 1);
00175 cx->ks[2] = ss[2] = word_in(in_key, 2);
00176 cx->ks[3] = ss[3] = word_in(in_key, 3);
00177 cx->ks[4] = ss[4] = word_in(in_key, 4);
00178 cx->ks[5] = ss[5] = word_in(in_key, 5);
00179 cx->ks[6] = ss[6] = word_in(in_key, 6);
00180 cx->ks[7] = ss[7] = word_in(in_key, 7);
00181
00182 #if ENC_UNROLL == NONE
00183 { aes_32t i;
00184
00185 for(i = 0; i < (15 * N_COLS - 1) / 8; ++i)
00186 ke8(cx->ks, i);
00187 }
00188 #else
00189 ke8(cx->ks, 0); ke8(cx->ks, 1);
00190 ke8(cx->ks, 2); ke8(cx->ks, 3);
00191 ke8(cx->ks, 4); ke8(cx->ks, 5);
00192 kel8(cx->ks, 6);
00193 #endif
00194 #ifdef AES_ERR_CHK
00195 return aes_good;
00196 #endif
00197 }
00198
00199 #endif
00200
00201 #if defined(AES_VAR)
00202
00203 aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1])
00204 {
00205 switch(key_len)
00206 {
00207 #ifdef AES_ERR_CHK
00208 case 16: case 128: return aes_encrypt_key128(in_key, cx);
00209 case 24: case 192: return aes_encrypt_key192(in_key, cx);
00210 case 32: case 256: return aes_encrypt_key256(in_key, cx);
00211 default: return aes_error;
00212 #else
00213 case 16: case 128: aes_encrypt_key128(in_key, cx); return;
00214 case 24: case 192: aes_encrypt_key192(in_key, cx); return;
00215 case 32: case 256: aes_encrypt_key256(in_key, cx); return;
00216 #endif
00217 }
00218 }
00219
00220 #endif
00221
00222 #endif
00223
00224 #if defined(DECRYPTION_KEY_SCHEDULE)
00225
00226 #if DEC_ROUND == NO_TABLES
00227 #define ff(x) (x)
00228 #else
00229 #define ff(x) inv_mcol(x)
00230 #ifdef dec_imvars
00231 #define d_vars dec_imvars
00232 #endif
00233 #endif
00234
00235 #if 1
00236 #define kdf4(k,i) \
00237 { ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; ss[1] = ss[1] ^ ss[3]; ss[2] = ss[2] ^ ss[3]; ss[3] = ss[3]; \
00238 ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
00239 ss[4] ^= k[4*(i)]; k[4*(i)+4] = ff(ss[4]); ss[4] ^= k[4*(i)+1]; k[4*(i)+5] = ff(ss[4]); \
00240 ss[4] ^= k[4*(i)+2]; k[4*(i)+6] = ff(ss[4]); ss[4] ^= k[4*(i)+3]; k[4*(i)+7] = ff(ss[4]); \
00241 }
00242 #define kd4(k,i) \
00243 { ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; ss[4] = ff(ss[4]); \
00244 k[4*(i)+4] = ss[4] ^= k[4*(i)]; k[4*(i)+5] = ss[4] ^= k[4*(i)+1]; \
00245 k[4*(i)+6] = ss[4] ^= k[4*(i)+2]; k[4*(i)+7] = ss[4] ^= k[4*(i)+3]; \
00246 }
00247 #define kdl4(k,i) \
00248 { ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
00249 k[4*(i)+4] = (ss[0] ^= ss[1]) ^ ss[2] ^ ss[3]; k[4*(i)+5] = ss[1] ^ ss[3]; \
00250 k[4*(i)+6] = ss[0]; k[4*(i)+7] = ss[1]; \
00251 }
00252 #else
00253 #define kdf4(k,i) \
00254 { ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+ 4] = ff(ss[0]); ss[1] ^= ss[0]; k[4*(i)+ 5] = ff(ss[1]); \
00255 ss[2] ^= ss[1]; k[4*(i)+ 6] = ff(ss[2]); ss[3] ^= ss[2]; k[4*(i)+ 7] = ff(ss[3]); \
00256 }
00257 #define kd4(k,i) \
00258 { ss[4] = ls_box(ss[3],3) ^ t_use(r,c)[i]; \
00259 ss[0] ^= ss[4]; ss[4] = ff(ss[4]); k[4*(i)+ 4] = ss[4] ^= k[4*(i)]; \
00260 ss[1] ^= ss[0]; k[4*(i)+ 5] = ss[4] ^= k[4*(i)+ 1]; \
00261 ss[2] ^= ss[1]; k[4*(i)+ 6] = ss[4] ^= k[4*(i)+ 2]; \
00262 ss[3] ^= ss[2]; k[4*(i)+ 7] = ss[4] ^= k[4*(i)+ 3]; \
00263 }
00264 #define kdl4(k,i) \
00265 { ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+ 4] = ss[0]; ss[1] ^= ss[0]; k[4*(i)+ 5] = ss[1]; \
00266 ss[2] ^= ss[1]; k[4*(i)+ 6] = ss[2]; ss[3] ^= ss[2]; k[4*(i)+ 7] = ss[3]; \
00267 }
00268 #endif
00269
00270 #define kdf6(k,i) \
00271 { ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 6] = ff(ss[0]); ss[1] ^= ss[0]; k[6*(i)+ 7] = ff(ss[1]); \
00272 ss[2] ^= ss[1]; k[6*(i)+ 8] = ff(ss[2]); ss[3] ^= ss[2]; k[6*(i)+ 9] = ff(ss[3]); \
00273 ss[4] ^= ss[3]; k[6*(i)+10] = ff(ss[4]); ss[5] ^= ss[4]; k[6*(i)+11] = ff(ss[5]); \
00274 }
00275 #define kd6(k,i) \
00276 { ss[6] = ls_box(ss[5],3) ^ t_use(r,c)[i]; \
00277 ss[0] ^= ss[6]; ss[6] = ff(ss[6]); k[6*(i)+ 6] = ss[6] ^= k[6*(i)]; \
00278 ss[1] ^= ss[0]; k[6*(i)+ 7] = ss[6] ^= k[6*(i)+ 1]; \
00279 ss[2] ^= ss[1]; k[6*(i)+ 8] = ss[6] ^= k[6*(i)+ 2]; \
00280 ss[3] ^= ss[2]; k[6*(i)+ 9] = ss[6] ^= k[6*(i)+ 3]; \
00281 ss[4] ^= ss[3]; k[6*(i)+10] = ss[6] ^= k[6*(i)+ 4]; \
00282 ss[5] ^= ss[4]; k[6*(i)+11] = ss[6] ^= k[6*(i)+ 5]; \
00283 }
00284 #define kdl6(k,i) \
00285 { ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 6] = ss[0]; ss[1] ^= ss[0]; k[6*(i)+ 7] = ss[1]; \
00286 ss[2] ^= ss[1]; k[6*(i)+ 8] = ss[2]; ss[3] ^= ss[2]; k[6*(i)+ 9] = ss[3]; \
00287 }
00288
00289 #define kdf8(k,i) \
00290 { ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 8] = ff(ss[0]); ss[1] ^= ss[0]; k[8*(i)+ 9] = ff(ss[1]); \
00291 ss[2] ^= ss[1]; k[8*(i)+10] = ff(ss[2]); ss[3] ^= ss[2]; k[8*(i)+11] = ff(ss[3]); \
00292 ss[4] ^= ls_box(ss[3],0); k[8*(i)+12] = ff(ss[4]); ss[5] ^= ss[4]; k[8*(i)+13] = ff(ss[5]); \
00293 ss[6] ^= ss[5]; k[8*(i)+14] = ff(ss[6]); ss[7] ^= ss[6]; k[8*(i)+15] = ff(ss[7]); \
00294 }
00295 #define kd8(k,i) \
00296 { aes_32t g = ls_box(ss[7],3) ^ t_use(r,c)[i]; \
00297 ss[0] ^= g; g = ff(g); k[8*(i)+ 8] = g ^= k[8*(i)]; \
00298 ss[1] ^= ss[0]; k[8*(i)+ 9] = g ^= k[8*(i)+ 1]; \
00299 ss[2] ^= ss[1]; k[8*(i)+10] = g ^= k[8*(i)+ 2]; \
00300 ss[3] ^= ss[2]; k[8*(i)+11] = g ^= k[8*(i)+ 3]; \
00301 g = ls_box(ss[3],0); \
00302 ss[4] ^= g; g = ff(g); k[8*(i)+12] = g ^= k[8*(i)+ 4]; \
00303 ss[5] ^= ss[4]; k[8*(i)+13] = g ^= k[8*(i)+ 5]; \
00304 ss[6] ^= ss[5]; k[8*(i)+14] = g ^= k[8*(i)+ 6]; \
00305 ss[7] ^= ss[6]; k[8*(i)+15] = g ^= k[8*(i)+ 7]; \
00306 }
00307 #define kdl8(k,i) \
00308 { ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 8] = ss[0]; ss[1] ^= ss[0]; k[8*(i)+ 9] = ss[1]; \
00309 ss[2] ^= ss[1]; k[8*(i)+10] = ss[2]; ss[3] ^= ss[2]; k[8*(i)+11] = ss[3]; \
00310 }
00311
00312 #if defined(AES_128) || defined(AES_VAR)
00313
00314 aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1])
00315 { aes_32t ss[5];
00316 #ifdef d_vars
00317 d_vars;
00318 #endif
00319 cx->ks[0] = ss[0] = word_in(in_key, 0);
00320 cx->ks[1] = ss[1] = word_in(in_key, 1);
00321 cx->ks[2] = ss[2] = word_in(in_key, 2);
00322 cx->ks[3] = ss[3] = word_in(in_key, 3);
00323
00324 #if DEC_UNROLL == NONE
00325 { aes_32t i;
00326
00327 for(i = 0; i < (11 * N_COLS - 1) / 4; ++i)
00328 ke4(cx->ks, i);
00329 #if !(DEC_ROUND == NO_TABLES)
00330 for(i = N_COLS; i < 10 * N_COLS; ++i)
00331 cx->ks[i] = inv_mcol(cx->ks[i]);
00332 #endif
00333 }
00334 #else
00335 kdf4(cx->ks, 0); kd4(cx->ks, 1);
00336 kd4(cx->ks, 2); kd4(cx->ks, 3);
00337 kd4(cx->ks, 4); kd4(cx->ks, 5);
00338 kd4(cx->ks, 6); kd4(cx->ks, 7);
00339 kd4(cx->ks, 8); kdl4(cx->ks, 9);
00340 #endif
00341
00342
00343
00344 cx->ks[53] = cx->ks[45] = 0;
00345 cx->ks[52] = 10;
00346 #ifdef AES_ERR_CHK
00347 return aes_good;
00348 #endif
00349 }
00350
00351 #endif
00352
00353 #if defined(AES_192) || defined(AES_VAR)
00354
00355 aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1])
00356 { aes_32t ss[7];
00357 #ifdef d_vars
00358 d_vars;
00359 #endif
00360 cx->ks[0] = ss[0] = word_in(in_key, 0);
00361 cx->ks[1] = ss[1] = word_in(in_key, 1);
00362 cx->ks[2] = ss[2] = word_in(in_key, 2);
00363 cx->ks[3] = ss[3] = word_in(in_key, 3);
00364
00365 #if DEC_UNROLL == NONE
00366 cx->ks[4] = ss[4] = word_in(in_key, 4);
00367 cx->ks[5] = ss[5] = word_in(in_key, 5);
00368 { aes_32t i;
00369
00370 for(i = 0; i < (13 * N_COLS - 1) / 6; ++i)
00371 ke6(cx->ks, i);
00372 #if !(DEC_ROUND == NO_TABLES)
00373 for(i = N_COLS; i < 12 * N_COLS; ++i)
00374 cx->ks[i] = inv_mcol(cx->ks[i]);
00375 #endif
00376 }
00377 #else
00378 cx->ks[4] = ff(ss[4] = word_in(in_key, 4));
00379 cx->ks[5] = ff(ss[5] = word_in(in_key, 5));
00380 kdf6(cx->ks, 0); kd6(cx->ks, 1);
00381 kd6(cx->ks, 2); kd6(cx->ks, 3);
00382 kd6(cx->ks, 4); kd6(cx->ks, 5);
00383 kd6(cx->ks, 6); kdl6(cx->ks, 7);
00384 #endif
00385
00386
00387
00388 cx->ks[53] = cx->ks[45];
00389 cx->ks[52] = 12;
00390 #ifdef AES_ERR_CHK
00391 return aes_good;
00392 #endif
00393 }
00394
00395 #endif
00396
00397 #if defined(AES_256) || defined(AES_VAR)
00398
00399 aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1])
00400 { aes_32t ss[8];
00401 #ifdef d_vars
00402 d_vars;
00403 #endif
00404 cx->ks[0] = ss[0] = word_in(in_key, 0);
00405 cx->ks[1] = ss[1] = word_in(in_key, 1);
00406 cx->ks[2] = ss[2] = word_in(in_key, 2);
00407 cx->ks[3] = ss[3] = word_in(in_key, 3);
00408
00409 #if DEC_UNROLL == NONE
00410 cx->ks[4] = ss[4] = word_in(in_key, 4);
00411 cx->ks[5] = ss[5] = word_in(in_key, 5);
00412 cx->ks[6] = ss[6] = word_in(in_key, 6);
00413 cx->ks[7] = ss[7] = word_in(in_key, 7);
00414 { aes_32t i;
00415
00416 for(i = 0; i < (15 * N_COLS - 1) / 8; ++i)
00417 ke8(cx->ks, i);
00418 #if !(DEC_ROUND == NO_TABLES)
00419 for(i = N_COLS; i < 14 * N_COLS; ++i)
00420 cx->ks[i] = inv_mcol(cx->ks[i]);
00421 #endif
00422 }
00423 #else
00424 cx->ks[4] = ff(ss[4] = word_in(in_key, 4));
00425 cx->ks[5] = ff(ss[5] = word_in(in_key, 5));
00426 cx->ks[6] = ff(ss[6] = word_in(in_key, 6));
00427 cx->ks[7] = ff(ss[7] = word_in(in_key, 7));
00428 kdf8(cx->ks, 0); kd8(cx->ks, 1);
00429 kd8(cx->ks, 2); kd8(cx->ks, 3);
00430 kd8(cx->ks, 4); kd8(cx->ks, 5);
00431 kdl8(cx->ks, 6);
00432 #endif
00433 #ifdef AES_ERR_CHK
00434 return aes_good;
00435 #endif
00436 }
00437
00438 #endif
00439
00440 #if defined(AES_VAR)
00441
00442 aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1])
00443 {
00444 switch(key_len)
00445 {
00446 #ifdef AES_ERR_CHK
00447 case 16: case 128: return aes_decrypt_key128(in_key, cx);
00448 case 24: case 192: return aes_decrypt_key192(in_key, cx);
00449 case 32: case 256: return aes_decrypt_key256(in_key, cx);
00450 default: return aes_error;
00451 #else
00452 case 16: case 128: aes_decrypt_key128(in_key, cx); return;
00453 case 24: case 192: aes_decrypt_key192(in_key, cx); return;
00454 case 32: case 256: aes_decrypt_key256(in_key, cx); return;
00455 #endif
00456 }
00457 }
00458
00459 #endif
00460
00461 #endif
00462
00463 #if defined(__cplusplus)
00464 }
00465 #endif