sandbox / mbedtls

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Fork of mbedtls by Christopher Haster

source/aes.c@4:bef26f687287, 2016-04-07 (annotated)

Committer:
Brian Daniels
Date:
Thu Apr 07 11:11:18 2016 +0100
Revision:
4:bef26f687287
Parent:
1:24750b9ad5ef 
Adding ported selftest test case

Who changed what in which revision?

UserRevisionLine numberNew contents of line
Christopher Haster 1:24750b9ad5ef 1 /*
Christopher Haster 1:24750b9ad5ef 2 * FIPS-197 compliant AES implementation
Christopher Haster 1:24750b9ad5ef 3 *
Christopher Haster 1:24750b9ad5ef 4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Christopher Haster 1:24750b9ad5ef 5 * SPDX-License-Identifier: Apache-2.0
Christopher Haster 1:24750b9ad5ef 6 *
Christopher Haster 1:24750b9ad5ef 7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
Christopher Haster 1:24750b9ad5ef 8 * not use this file except in compliance with the License.
Christopher Haster 1:24750b9ad5ef 9 * You may obtain a copy of the License at
Christopher Haster 1:24750b9ad5ef 10 *
Christopher Haster 1:24750b9ad5ef 11 * http://www.apache.org/licenses/LICENSE-2.0
Christopher Haster 1:24750b9ad5ef 12 *
Christopher Haster 1:24750b9ad5ef 13 * Unless required by applicable law or agreed to in writing, software
Christopher Haster 1:24750b9ad5ef 14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
Christopher Haster 1:24750b9ad5ef 15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Christopher Haster 1:24750b9ad5ef 16 * See the License for the specific language governing permissions and
Christopher Haster 1:24750b9ad5ef 17 * limitations under the License.
Christopher Haster 1:24750b9ad5ef 18 *
Christopher Haster 1:24750b9ad5ef 19 * This file is part of mbed TLS (https://tls.mbed.org)
Christopher Haster 1:24750b9ad5ef 20 */
Christopher Haster 1:24750b9ad5ef 21 /*
Christopher Haster 1:24750b9ad5ef 22 * The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
Christopher Haster 1:24750b9ad5ef 23 *
Christopher Haster 1:24750b9ad5ef 24 * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
Christopher Haster 1:24750b9ad5ef 25 * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
Christopher Haster 1:24750b9ad5ef 26 */
Christopher Haster 1:24750b9ad5ef 27
Christopher Haster 1:24750b9ad5ef 28 #if !defined(MBEDTLS_CONFIG_FILE)
Christopher Haster 1:24750b9ad5ef 29 #include "mbedtls/config.h"
Christopher Haster 1:24750b9ad5ef 30 #else
Christopher Haster 1:24750b9ad5ef 31 #include MBEDTLS_CONFIG_FILE
Christopher Haster 1:24750b9ad5ef 32 #endif
Christopher Haster 1:24750b9ad5ef 33
Christopher Haster 1:24750b9ad5ef 34 #if defined(MBEDTLS_AES_C)
Christopher Haster 1:24750b9ad5ef 35
Christopher Haster 1:24750b9ad5ef 36 #include <string.h>
Christopher Haster 1:24750b9ad5ef 37
Christopher Haster 1:24750b9ad5ef 38 #include "mbedtls/aes.h"
Christopher Haster 1:24750b9ad5ef 39 #if defined(MBEDTLS_PADLOCK_C)
Christopher Haster 1:24750b9ad5ef 40 #include "mbedtls/padlock.h"
Christopher Haster 1:24750b9ad5ef 41 #endif
Christopher Haster 1:24750b9ad5ef 42 #if defined(MBEDTLS_AESNI_C)
Christopher Haster 1:24750b9ad5ef 43 #include "mbedtls/aesni.h"
Christopher Haster 1:24750b9ad5ef 44 #endif
Christopher Haster 1:24750b9ad5ef 45
Christopher Haster 1:24750b9ad5ef 46 #if defined(MBEDTLS_SELF_TEST)
Christopher Haster 1:24750b9ad5ef 47 #if defined(MBEDTLS_PLATFORM_C)
Christopher Haster 1:24750b9ad5ef 48 #include "mbedtls/platform.h"
Christopher Haster 1:24750b9ad5ef 49 #else
Christopher Haster 1:24750b9ad5ef 50 #include <stdio.h>
Christopher Haster 1:24750b9ad5ef 51 #define mbedtls_printf printf
Christopher Haster 1:24750b9ad5ef 52 #endif /* MBEDTLS_PLATFORM_C */
Christopher Haster 1:24750b9ad5ef 53 #endif /* MBEDTLS_SELF_TEST */
Christopher Haster 1:24750b9ad5ef 54
Christopher Haster 1:24750b9ad5ef 55 #if !defined(MBEDTLS_AES_ALT)
Christopher Haster 1:24750b9ad5ef 56
Christopher Haster 1:24750b9ad5ef 57 /* Implementation that should never be optimized out by the compiler */
Christopher Haster 1:24750b9ad5ef 58 static void mbedtls_zeroize( void *v, size_t n ) {
Christopher Haster 1:24750b9ad5ef 59 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
Christopher Haster 1:24750b9ad5ef 60 }
Christopher Haster 1:24750b9ad5ef 61
Christopher Haster 1:24750b9ad5ef 62 /*
Christopher Haster 1:24750b9ad5ef 63 * 32-bit integer manipulation macros (little endian)
Christopher Haster 1:24750b9ad5ef 64 */
Christopher Haster 1:24750b9ad5ef 65 #ifndef GET_UINT32_LE
Christopher Haster 1:24750b9ad5ef 66 #define GET_UINT32_LE(n,b,i) \
Christopher Haster 1:24750b9ad5ef 67 { \
Christopher Haster 1:24750b9ad5ef 68 (n) = ( (uint32_t) (b)[(i) ] ) \
Christopher Haster 1:24750b9ad5ef 69 | ( (uint32_t) (b)[(i) + 1] << 8 ) \
Christopher Haster 1:24750b9ad5ef 70 | ( (uint32_t) (b)[(i) + 2] << 16 ) \
Christopher Haster 1:24750b9ad5ef 71 | ( (uint32_t) (b)[(i) + 3] << 24 ); \
Christopher Haster 1:24750b9ad5ef 72 }
Christopher Haster 1:24750b9ad5ef 73 #endif
Christopher Haster 1:24750b9ad5ef 74
Christopher Haster 1:24750b9ad5ef 75 #ifndef PUT_UINT32_LE
Christopher Haster 1:24750b9ad5ef 76 #define PUT_UINT32_LE(n,b,i) \
Christopher Haster 1:24750b9ad5ef 77 { \
Christopher Haster 1:24750b9ad5ef 78 (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
Christopher Haster 1:24750b9ad5ef 79 (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
Christopher Haster 1:24750b9ad5ef 80 (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
Christopher Haster 1:24750b9ad5ef 81 (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
Christopher Haster 1:24750b9ad5ef 82 }
Christopher Haster 1:24750b9ad5ef 83 #endif
Christopher Haster 1:24750b9ad5ef 84
Christopher Haster 1:24750b9ad5ef 85 #if defined(MBEDTLS_PADLOCK_C) && \
Christopher Haster 1:24750b9ad5ef 86 ( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) )
Christopher Haster 1:24750b9ad5ef 87 static int aes_padlock_ace = -1;
Christopher Haster 1:24750b9ad5ef 88 #endif
Christopher Haster 1:24750b9ad5ef 89
Christopher Haster 1:24750b9ad5ef 90 #if defined(MBEDTLS_AES_ROM_TABLES)
Christopher Haster 1:24750b9ad5ef 91 /*
Christopher Haster 1:24750b9ad5ef 92 * Forward S-box
Christopher Haster 1:24750b9ad5ef 93 */
Christopher Haster 1:24750b9ad5ef 94 static const unsigned char FSb[256] =
Christopher Haster 1:24750b9ad5ef 95 {
Christopher Haster 1:24750b9ad5ef 96 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
Christopher Haster 1:24750b9ad5ef 97 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
Christopher Haster 1:24750b9ad5ef 98 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
Christopher Haster 1:24750b9ad5ef 99 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
Christopher Haster 1:24750b9ad5ef 100 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
Christopher Haster 1:24750b9ad5ef 101 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
Christopher Haster 1:24750b9ad5ef 102 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
Christopher Haster 1:24750b9ad5ef 103 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
Christopher Haster 1:24750b9ad5ef 104 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
Christopher Haster 1:24750b9ad5ef 105 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
Christopher Haster 1:24750b9ad5ef 106 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
Christopher Haster 1:24750b9ad5ef 107 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
Christopher Haster 1:24750b9ad5ef 108 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
Christopher Haster 1:24750b9ad5ef 109 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
Christopher Haster 1:24750b9ad5ef 110 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
Christopher Haster 1:24750b9ad5ef 111 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
Christopher Haster 1:24750b9ad5ef 112 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
Christopher Haster 1:24750b9ad5ef 113 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
Christopher Haster 1:24750b9ad5ef 114 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
Christopher Haster 1:24750b9ad5ef 115 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
Christopher Haster 1:24750b9ad5ef 116 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
Christopher Haster 1:24750b9ad5ef 117 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
Christopher Haster 1:24750b9ad5ef 118 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
Christopher Haster 1:24750b9ad5ef 119 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
Christopher Haster 1:24750b9ad5ef 120 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
Christopher Haster 1:24750b9ad5ef 121 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
Christopher Haster 1:24750b9ad5ef 122 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
Christopher Haster 1:24750b9ad5ef 123 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
Christopher Haster 1:24750b9ad5ef 124 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
Christopher Haster 1:24750b9ad5ef 125 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
Christopher Haster 1:24750b9ad5ef 126 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
Christopher Haster 1:24750b9ad5ef 127 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
Christopher Haster 1:24750b9ad5ef 128 };
Christopher Haster 1:24750b9ad5ef 129
Christopher Haster 1:24750b9ad5ef 130 /*
Christopher Haster 1:24750b9ad5ef 131 * Forward tables
Christopher Haster 1:24750b9ad5ef 132 */
Christopher Haster 1:24750b9ad5ef 133 #define FT \
Christopher Haster 1:24750b9ad5ef 134 \
Christopher Haster 1:24750b9ad5ef 135 V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \
Christopher Haster 1:24750b9ad5ef 136 V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \
Christopher Haster 1:24750b9ad5ef 137 V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \
Christopher Haster 1:24750b9ad5ef 138 V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \
Christopher Haster 1:24750b9ad5ef 139 V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \
Christopher Haster 1:24750b9ad5ef 140 V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \
Christopher Haster 1:24750b9ad5ef 141 V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \
Christopher Haster 1:24750b9ad5ef 142 V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \
Christopher Haster 1:24750b9ad5ef 143 V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \
Christopher Haster 1:24750b9ad5ef 144 V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \
Christopher Haster 1:24750b9ad5ef 145 V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \
Christopher Haster 1:24750b9ad5ef 146 V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \
Christopher Haster 1:24750b9ad5ef 147 V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \
Christopher Haster 1:24750b9ad5ef 148 V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \
Christopher Haster 1:24750b9ad5ef 149 V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \
Christopher Haster 1:24750b9ad5ef 150 V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \
Christopher Haster 1:24750b9ad5ef 151 V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \
Christopher Haster 1:24750b9ad5ef 152 V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \
Christopher Haster 1:24750b9ad5ef 153 V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \
Christopher Haster 1:24750b9ad5ef 154 V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \
Christopher Haster 1:24750b9ad5ef 155 V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \
Christopher Haster 1:24750b9ad5ef 156 V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \
Christopher Haster 1:24750b9ad5ef 157 V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \
Christopher Haster 1:24750b9ad5ef 158 V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \
Christopher Haster 1:24750b9ad5ef 159 V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \
Christopher Haster 1:24750b9ad5ef 160 V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \
Christopher Haster 1:24750b9ad5ef 161 V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \
Christopher Haster 1:24750b9ad5ef 162 V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \
Christopher Haster 1:24750b9ad5ef 163 V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \
Christopher Haster 1:24750b9ad5ef 164 V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \
Christopher Haster 1:24750b9ad5ef 165 V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \
Christopher Haster 1:24750b9ad5ef 166 V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \
Christopher Haster 1:24750b9ad5ef 167 V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \
Christopher Haster 1:24750b9ad5ef 168 V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \
Christopher Haster 1:24750b9ad5ef 169 V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \
Christopher Haster 1:24750b9ad5ef 170 V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \
Christopher Haster 1:24750b9ad5ef 171 V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \
Christopher Haster 1:24750b9ad5ef 172 V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \
Christopher Haster 1:24750b9ad5ef 173 V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \
Christopher Haster 1:24750b9ad5ef 174 V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \
Christopher Haster 1:24750b9ad5ef 175 V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \
Christopher Haster 1:24750b9ad5ef 176 V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \
Christopher Haster 1:24750b9ad5ef 177 V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \
Christopher Haster 1:24750b9ad5ef 178 V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \
Christopher Haster 1:24750b9ad5ef 179 V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \
Christopher Haster 1:24750b9ad5ef 180 V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \
Christopher Haster 1:24750b9ad5ef 181 V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \
Christopher Haster 1:24750b9ad5ef 182 V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \
Christopher Haster 1:24750b9ad5ef 183 V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \
Christopher Haster 1:24750b9ad5ef 184 V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \
Christopher Haster 1:24750b9ad5ef 185 V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \
Christopher Haster 1:24750b9ad5ef 186 V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \
Christopher Haster 1:24750b9ad5ef 187 V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \
Christopher Haster 1:24750b9ad5ef 188 V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \
Christopher Haster 1:24750b9ad5ef 189 V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \
Christopher Haster 1:24750b9ad5ef 190 V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \
Christopher Haster 1:24750b9ad5ef 191 V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \
Christopher Haster 1:24750b9ad5ef 192 V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \
Christopher Haster 1:24750b9ad5ef 193 V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \
Christopher Haster 1:24750b9ad5ef 194 V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \
Christopher Haster 1:24750b9ad5ef 195 V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \
Christopher Haster 1:24750b9ad5ef 196 V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \
Christopher Haster 1:24750b9ad5ef 197 V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \
Christopher Haster 1:24750b9ad5ef 198 V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C)
Christopher Haster 1:24750b9ad5ef 199
Christopher Haster 1:24750b9ad5ef 200 #define V(a,b,c,d) 0x##a##b##c##d
Christopher Haster 1:24750b9ad5ef 201 static const uint32_t FT0[256] = { FT };
Christopher Haster 1:24750b9ad5ef 202 #undef V
Christopher Haster 1:24750b9ad5ef 203
Christopher Haster 1:24750b9ad5ef 204 #define V(a,b,c,d) 0x##b##c##d##a
Christopher Haster 1:24750b9ad5ef 205 static const uint32_t FT1[256] = { FT };
Christopher Haster 1:24750b9ad5ef 206 #undef V
Christopher Haster 1:24750b9ad5ef 207
Christopher Haster 1:24750b9ad5ef 208 #define V(a,b,c,d) 0x##c##d##a##b
Christopher Haster 1:24750b9ad5ef 209 static const uint32_t FT2[256] = { FT };
Christopher Haster 1:24750b9ad5ef 210 #undef V
Christopher Haster 1:24750b9ad5ef 211
Christopher Haster 1:24750b9ad5ef 212 #define V(a,b,c,d) 0x##d##a##b##c
Christopher Haster 1:24750b9ad5ef 213 static const uint32_t FT3[256] = { FT };
Christopher Haster 1:24750b9ad5ef 214 #undef V
Christopher Haster 1:24750b9ad5ef 215
Christopher Haster 1:24750b9ad5ef 216 #undef FT
Christopher Haster 1:24750b9ad5ef 217
Christopher Haster 1:24750b9ad5ef 218 /*
Christopher Haster 1:24750b9ad5ef 219 * Reverse S-box
Christopher Haster 1:24750b9ad5ef 220 */
Christopher Haster 1:24750b9ad5ef 221 static const unsigned char RSb[256] =
Christopher Haster 1:24750b9ad5ef 222 {
Christopher Haster 1:24750b9ad5ef 223 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
Christopher Haster 1:24750b9ad5ef 224 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
Christopher Haster 1:24750b9ad5ef 225 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
Christopher Haster 1:24750b9ad5ef 226 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
Christopher Haster 1:24750b9ad5ef 227 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D,
Christopher Haster 1:24750b9ad5ef 228 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
Christopher Haster 1:24750b9ad5ef 229 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2,
Christopher Haster 1:24750b9ad5ef 230 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
Christopher Haster 1:24750b9ad5ef 231 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
Christopher Haster 1:24750b9ad5ef 232 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
Christopher Haster 1:24750b9ad5ef 233 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA,
Christopher Haster 1:24750b9ad5ef 234 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
Christopher Haster 1:24750b9ad5ef 235 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A,
Christopher Haster 1:24750b9ad5ef 236 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
Christopher Haster 1:24750b9ad5ef 237 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
Christopher Haster 1:24750b9ad5ef 238 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
Christopher Haster 1:24750b9ad5ef 239 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA,
Christopher Haster 1:24750b9ad5ef 240 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
Christopher Haster 1:24750b9ad5ef 241 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85,
Christopher Haster 1:24750b9ad5ef 242 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
Christopher Haster 1:24750b9ad5ef 243 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
Christopher Haster 1:24750b9ad5ef 244 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
Christopher Haster 1:24750b9ad5ef 245 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20,
Christopher Haster 1:24750b9ad5ef 246 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
Christopher Haster 1:24750b9ad5ef 247 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31,
Christopher Haster 1:24750b9ad5ef 248 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
Christopher Haster 1:24750b9ad5ef 249 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
Christopher Haster 1:24750b9ad5ef 250 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
Christopher Haster 1:24750b9ad5ef 251 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0,
Christopher Haster 1:24750b9ad5ef 252 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
Christopher Haster 1:24750b9ad5ef 253 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
Christopher Haster 1:24750b9ad5ef 254 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
Christopher Haster 1:24750b9ad5ef 255 };
Christopher Haster 1:24750b9ad5ef 256
Christopher Haster 1:24750b9ad5ef 257 /*
Christopher Haster 1:24750b9ad5ef 258 * Reverse tables
Christopher Haster 1:24750b9ad5ef 259 */
Christopher Haster 1:24750b9ad5ef 260 #define RT \
Christopher Haster 1:24750b9ad5ef 261 \
Christopher Haster 1:24750b9ad5ef 262 V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \
Christopher Haster 1:24750b9ad5ef 263 V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \
Christopher Haster 1:24750b9ad5ef 264 V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \
Christopher Haster 1:24750b9ad5ef 265 V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \
Christopher Haster 1:24750b9ad5ef 266 V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \
Christopher Haster 1:24750b9ad5ef 267 V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \
Christopher Haster 1:24750b9ad5ef 268 V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \
Christopher Haster 1:24750b9ad5ef 269 V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \
Christopher Haster 1:24750b9ad5ef 270 V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \
Christopher Haster 1:24750b9ad5ef 271 V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \
Christopher Haster 1:24750b9ad5ef 272 V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \
Christopher Haster 1:24750b9ad5ef 273 V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \
Christopher Haster 1:24750b9ad5ef 274 V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \
Christopher Haster 1:24750b9ad5ef 275 V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \
Christopher Haster 1:24750b9ad5ef 276 V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \
Christopher Haster 1:24750b9ad5ef 277 V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \
Christopher Haster 1:24750b9ad5ef 278 V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \
Christopher Haster 1:24750b9ad5ef 279 V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \
Christopher Haster 1:24750b9ad5ef 280 V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \
Christopher Haster 1:24750b9ad5ef 281 V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \
Christopher Haster 1:24750b9ad5ef 282 V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \
Christopher Haster 1:24750b9ad5ef 283 V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \
Christopher Haster 1:24750b9ad5ef 284 V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \
Christopher Haster 1:24750b9ad5ef 285 V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \
Christopher Haster 1:24750b9ad5ef 286 V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \
Christopher Haster 1:24750b9ad5ef 287 V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \
Christopher Haster 1:24750b9ad5ef 288 V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \
Christopher Haster 1:24750b9ad5ef 289 V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \
Christopher Haster 1:24750b9ad5ef 290 V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \
Christopher Haster 1:24750b9ad5ef 291 V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \
Christopher Haster 1:24750b9ad5ef 292 V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \
Christopher Haster 1:24750b9ad5ef 293 V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \
Christopher Haster 1:24750b9ad5ef 294 V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \
Christopher Haster 1:24750b9ad5ef 295 V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \
Christopher Haster 1:24750b9ad5ef 296 V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \
Christopher Haster 1:24750b9ad5ef 297 V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \
Christopher Haster 1:24750b9ad5ef 298 V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \
Christopher Haster 1:24750b9ad5ef 299 V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \
Christopher Haster 1:24750b9ad5ef 300 V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \
Christopher Haster 1:24750b9ad5ef 301 V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \
Christopher Haster 1:24750b9ad5ef 302 V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \
Christopher Haster 1:24750b9ad5ef 303 V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \
Christopher Haster 1:24750b9ad5ef 304 V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \
Christopher Haster 1:24750b9ad5ef 305 V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \
Christopher Haster 1:24750b9ad5ef 306 V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \
Christopher Haster 1:24750b9ad5ef 307 V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \
Christopher Haster 1:24750b9ad5ef 308 V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \
Christopher Haster 1:24750b9ad5ef 309 V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \
Christopher Haster 1:24750b9ad5ef 310 V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \
Christopher Haster 1:24750b9ad5ef 311 V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \
Christopher Haster 1:24750b9ad5ef 312 V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \
Christopher Haster 1:24750b9ad5ef 313 V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \
Christopher Haster 1:24750b9ad5ef 314 V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \
Christopher Haster 1:24750b9ad5ef 315 V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \
Christopher Haster 1:24750b9ad5ef 316 V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \
Christopher Haster 1:24750b9ad5ef 317 V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \
Christopher Haster 1:24750b9ad5ef 318 V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \
Christopher Haster 1:24750b9ad5ef 319 V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \
Christopher Haster 1:24750b9ad5ef 320 V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \
Christopher Haster 1:24750b9ad5ef 321 V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \
Christopher Haster 1:24750b9ad5ef 322 V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \
Christopher Haster 1:24750b9ad5ef 323 V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \
Christopher Haster 1:24750b9ad5ef 324 V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \
Christopher Haster 1:24750b9ad5ef 325 V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
Christopher Haster 1:24750b9ad5ef 326
Christopher Haster 1:24750b9ad5ef 327 #define V(a,b,c,d) 0x##a##b##c##d
Christopher Haster 1:24750b9ad5ef 328 static const uint32_t RT0[256] = { RT };
Christopher Haster 1:24750b9ad5ef 329 #undef V
Christopher Haster 1:24750b9ad5ef 330
Christopher Haster 1:24750b9ad5ef 331 #define V(a,b,c,d) 0x##b##c##d##a
Christopher Haster 1:24750b9ad5ef 332 static const uint32_t RT1[256] = { RT };
Christopher Haster 1:24750b9ad5ef 333 #undef V
Christopher Haster 1:24750b9ad5ef 334
Christopher Haster 1:24750b9ad5ef 335 #define V(a,b,c,d) 0x##c##d##a##b
Christopher Haster 1:24750b9ad5ef 336 static const uint32_t RT2[256] = { RT };
Christopher Haster 1:24750b9ad5ef 337 #undef V
Christopher Haster 1:24750b9ad5ef 338
Christopher Haster 1:24750b9ad5ef 339 #define V(a,b,c,d) 0x##d##a##b##c
Christopher Haster 1:24750b9ad5ef 340 static const uint32_t RT3[256] = { RT };
Christopher Haster 1:24750b9ad5ef 341 #undef V
Christopher Haster 1:24750b9ad5ef 342
Christopher Haster 1:24750b9ad5ef 343 #undef RT
Christopher Haster 1:24750b9ad5ef 344
Christopher Haster 1:24750b9ad5ef 345 /*
Christopher Haster 1:24750b9ad5ef 346 * Round constants
Christopher Haster 1:24750b9ad5ef 347 */
Christopher Haster 1:24750b9ad5ef 348 static const uint32_t RCON[10] =
Christopher Haster 1:24750b9ad5ef 349 {
Christopher Haster 1:24750b9ad5ef 350 0x00000001, 0x00000002, 0x00000004, 0x00000008,
Christopher Haster 1:24750b9ad5ef 351 0x00000010, 0x00000020, 0x00000040, 0x00000080,
Christopher Haster 1:24750b9ad5ef 352 0x0000001B, 0x00000036
Christopher Haster 1:24750b9ad5ef 353 };
Christopher Haster 1:24750b9ad5ef 354
Christopher Haster 1:24750b9ad5ef 355 #else /* MBEDTLS_AES_ROM_TABLES */
Christopher Haster 1:24750b9ad5ef 356
Christopher Haster 1:24750b9ad5ef 357 /*
Christopher Haster 1:24750b9ad5ef 358 * Forward S-box & tables
Christopher Haster 1:24750b9ad5ef 359 */
Christopher Haster 1:24750b9ad5ef 360 static unsigned char FSb[256];
Christopher Haster 1:24750b9ad5ef 361 static uint32_t FT0[256];
Christopher Haster 1:24750b9ad5ef 362 static uint32_t FT1[256];
Christopher Haster 1:24750b9ad5ef 363 static uint32_t FT2[256];
Christopher Haster 1:24750b9ad5ef 364 static uint32_t FT3[256];
Christopher Haster 1:24750b9ad5ef 365
Christopher Haster 1:24750b9ad5ef 366 /*
Christopher Haster 1:24750b9ad5ef 367 * Reverse S-box & tables
Christopher Haster 1:24750b9ad5ef 368 */
Christopher Haster 1:24750b9ad5ef 369 static unsigned char RSb[256];
Christopher Haster 1:24750b9ad5ef 370 static uint32_t RT0[256];
Christopher Haster 1:24750b9ad5ef 371 static uint32_t RT1[256];
Christopher Haster 1:24750b9ad5ef 372 static uint32_t RT2[256];
Christopher Haster 1:24750b9ad5ef 373 static uint32_t RT3[256];
Christopher Haster 1:24750b9ad5ef 374
Christopher Haster 1:24750b9ad5ef 375 /*
Christopher Haster 1:24750b9ad5ef 376 * Round constants
Christopher Haster 1:24750b9ad5ef 377 */
Christopher Haster 1:24750b9ad5ef 378 static uint32_t RCON[10];
Christopher Haster 1:24750b9ad5ef 379
Christopher Haster 1:24750b9ad5ef 380 /*
Christopher Haster 1:24750b9ad5ef 381 * Tables generation code
Christopher Haster 1:24750b9ad5ef 382 */
Christopher Haster 1:24750b9ad5ef 383 #define ROTL8(x) ( ( x << 8 ) & 0xFFFFFFFF ) | ( x >> 24 )
Christopher Haster 1:24750b9ad5ef 384 #define XTIME(x) ( ( x << 1 ) ^ ( ( x & 0x80 ) ? 0x1B : 0x00 ) )
Christopher Haster 1:24750b9ad5ef 385 #define MUL(x,y) ( ( x && y ) ? pow[(log[x]+log[y]) % 255] : 0 )
Christopher Haster 1:24750b9ad5ef 386
Christopher Haster 1:24750b9ad5ef 387 static int aes_init_done = 0;
Christopher Haster 1:24750b9ad5ef 388
Christopher Haster 1:24750b9ad5ef 389 static void aes_gen_tables( void )
Christopher Haster 1:24750b9ad5ef 390 {
Christopher Haster 1:24750b9ad5ef 391 int i, x, y, z;
Christopher Haster 1:24750b9ad5ef 392 int pow[256];
Christopher Haster 1:24750b9ad5ef 393 int log[256];
Christopher Haster 1:24750b9ad5ef 394
Christopher Haster 1:24750b9ad5ef 395 /*
Christopher Haster 1:24750b9ad5ef 396 * compute pow and log tables over GF(2^8)
Christopher Haster 1:24750b9ad5ef 397 */
Christopher Haster 1:24750b9ad5ef 398 for( i = 0, x = 1; i < 256; i++ )
Christopher Haster 1:24750b9ad5ef 399 {
Christopher Haster 1:24750b9ad5ef 400 pow[i] = x;
Christopher Haster 1:24750b9ad5ef 401 log[x] = i;
Christopher Haster 1:24750b9ad5ef 402 x = ( x ^ XTIME( x ) ) & 0xFF;
Christopher Haster 1:24750b9ad5ef 403 }
Christopher Haster 1:24750b9ad5ef 404
Christopher Haster 1:24750b9ad5ef 405 /*
Christopher Haster 1:24750b9ad5ef 406 * calculate the round constants
Christopher Haster 1:24750b9ad5ef 407 */
Christopher Haster 1:24750b9ad5ef 408 for( i = 0, x = 1; i < 10; i++ )
Christopher Haster 1:24750b9ad5ef 409 {
Christopher Haster 1:24750b9ad5ef 410 RCON[i] = (uint32_t) x;
Christopher Haster 1:24750b9ad5ef 411 x = XTIME( x ) & 0xFF;
Christopher Haster 1:24750b9ad5ef 412 }
Christopher Haster 1:24750b9ad5ef 413
Christopher Haster 1:24750b9ad5ef 414 /*
Christopher Haster 1:24750b9ad5ef 415 * generate the forward and reverse S-boxes
Christopher Haster 1:24750b9ad5ef 416 */
Christopher Haster 1:24750b9ad5ef 417 FSb[0x00] = 0x63;
Christopher Haster 1:24750b9ad5ef 418 RSb[0x63] = 0x00;
Christopher Haster 1:24750b9ad5ef 419
Christopher Haster 1:24750b9ad5ef 420 for( i = 1; i < 256; i++ )
Christopher Haster 1:24750b9ad5ef 421 {
Christopher Haster 1:24750b9ad5ef 422 x = pow[255 - log[i]];
Christopher Haster 1:24750b9ad5ef 423
Christopher Haster 1:24750b9ad5ef 424 y = x; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
Christopher Haster 1:24750b9ad5ef 425 x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
Christopher Haster 1:24750b9ad5ef 426 x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
Christopher Haster 1:24750b9ad5ef 427 x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
Christopher Haster 1:24750b9ad5ef 428 x ^= y ^ 0x63;
Christopher Haster 1:24750b9ad5ef 429
Christopher Haster 1:24750b9ad5ef 430 FSb[i] = (unsigned char) x;
Christopher Haster 1:24750b9ad5ef 431 RSb[x] = (unsigned char) i;
Christopher Haster 1:24750b9ad5ef 432 }
Christopher Haster 1:24750b9ad5ef 433
Christopher Haster 1:24750b9ad5ef 434 /*
Christopher Haster 1:24750b9ad5ef 435 * generate the forward and reverse tables
Christopher Haster 1:24750b9ad5ef 436 */
Christopher Haster 1:24750b9ad5ef 437 for( i = 0; i < 256; i++ )
Christopher Haster 1:24750b9ad5ef 438 {
Christopher Haster 1:24750b9ad5ef 439 x = FSb[i];
Christopher Haster 1:24750b9ad5ef 440 y = XTIME( x ) & 0xFF;
Christopher Haster 1:24750b9ad5ef 441 z = ( y ^ x ) & 0xFF;
Christopher Haster 1:24750b9ad5ef 442
Christopher Haster 1:24750b9ad5ef 443 FT0[i] = ( (uint32_t) y ) ^
Christopher Haster 1:24750b9ad5ef 444 ( (uint32_t) x << 8 ) ^
Christopher Haster 1:24750b9ad5ef 445 ( (uint32_t) x << 16 ) ^
Christopher Haster 1:24750b9ad5ef 446 ( (uint32_t) z << 24 );
Christopher Haster 1:24750b9ad5ef 447
Christopher Haster 1:24750b9ad5ef 448 FT1[i] = ROTL8( FT0[i] );
Christopher Haster 1:24750b9ad5ef 449 FT2[i] = ROTL8( FT1[i] );
Christopher Haster 1:24750b9ad5ef 450 FT3[i] = ROTL8( FT2[i] );
Christopher Haster 1:24750b9ad5ef 451
Christopher Haster 1:24750b9ad5ef 452 x = RSb[i];
Christopher Haster 1:24750b9ad5ef 453
Christopher Haster 1:24750b9ad5ef 454 RT0[i] = ( (uint32_t) MUL( 0x0E, x ) ) ^
Christopher Haster 1:24750b9ad5ef 455 ( (uint32_t) MUL( 0x09, x ) << 8 ) ^
Christopher Haster 1:24750b9ad5ef 456 ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^
Christopher Haster 1:24750b9ad5ef 457 ( (uint32_t) MUL( 0x0B, x ) << 24 );
Christopher Haster 1:24750b9ad5ef 458
Christopher Haster 1:24750b9ad5ef 459 RT1[i] = ROTL8( RT0[i] );
Christopher Haster 1:24750b9ad5ef 460 RT2[i] = ROTL8( RT1[i] );
Christopher Haster 1:24750b9ad5ef 461 RT3[i] = ROTL8( RT2[i] );
Christopher Haster 1:24750b9ad5ef 462 }
Christopher Haster 1:24750b9ad5ef 463 }
Christopher Haster 1:24750b9ad5ef 464
Christopher Haster 1:24750b9ad5ef 465 #endif /* MBEDTLS_AES_ROM_TABLES */
Christopher Haster 1:24750b9ad5ef 466
Christopher Haster 1:24750b9ad5ef 467 void mbedtls_aes_init( mbedtls_aes_context *ctx )
Christopher Haster 1:24750b9ad5ef 468 {
Christopher Haster 1:24750b9ad5ef 469 memset( ctx, 0, sizeof( mbedtls_aes_context ) );
Christopher Haster 1:24750b9ad5ef 470 }
Christopher Haster 1:24750b9ad5ef 471
Christopher Haster 1:24750b9ad5ef 472 void mbedtls_aes_free( mbedtls_aes_context *ctx )
Christopher Haster 1:24750b9ad5ef 473 {
Christopher Haster 1:24750b9ad5ef 474 if( ctx == NULL )
Christopher Haster 1:24750b9ad5ef 475 return;
Christopher Haster 1:24750b9ad5ef 476
Christopher Haster 1:24750b9ad5ef 477 mbedtls_zeroize( ctx, sizeof( mbedtls_aes_context ) );
Christopher Haster 1:24750b9ad5ef 478 }
Christopher Haster 1:24750b9ad5ef 479
Christopher Haster 1:24750b9ad5ef 480 /*
Christopher Haster 1:24750b9ad5ef 481 * AES key schedule (encryption)
Christopher Haster 1:24750b9ad5ef 482 */
Christopher Haster 1:24750b9ad5ef 483 #if !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
Christopher Haster 1:24750b9ad5ef 484 int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
Christopher Haster 1:24750b9ad5ef 485 unsigned int keybits )
Christopher Haster 1:24750b9ad5ef 486 {
Christopher Haster 1:24750b9ad5ef 487 unsigned int i;
Christopher Haster 1:24750b9ad5ef 488 uint32_t *RK;
Christopher Haster 1:24750b9ad5ef 489
Christopher Haster 1:24750b9ad5ef 490 #if !defined(MBEDTLS_AES_ROM_TABLES)
Christopher Haster 1:24750b9ad5ef 491 if( aes_init_done == 0 )
Christopher Haster 1:24750b9ad5ef 492 {
Christopher Haster 1:24750b9ad5ef 493 aes_gen_tables();
Christopher Haster 1:24750b9ad5ef 494 aes_init_done = 1;
Christopher Haster 1:24750b9ad5ef 495
Christopher Haster 1:24750b9ad5ef 496 }
Christopher Haster 1:24750b9ad5ef 497 #endif
Christopher Haster 1:24750b9ad5ef 498
Christopher Haster 1:24750b9ad5ef 499 switch( keybits )
Christopher Haster 1:24750b9ad5ef 500 {
Christopher Haster 1:24750b9ad5ef 501 case 128: ctx->nr = 10; break;
Christopher Haster 1:24750b9ad5ef 502 case 192: ctx->nr = 12; break;
Christopher Haster 1:24750b9ad5ef 503 case 256: ctx->nr = 14; break;
Christopher Haster 1:24750b9ad5ef 504 default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
Christopher Haster 1:24750b9ad5ef 505 }
Christopher Haster 1:24750b9ad5ef 506
Christopher Haster 1:24750b9ad5ef 507 #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
Christopher Haster 1:24750b9ad5ef 508 if( aes_padlock_ace == -1 )
Christopher Haster 1:24750b9ad5ef 509 aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
Christopher Haster 1:24750b9ad5ef 510
Christopher Haster 1:24750b9ad5ef 511 if( aes_padlock_ace )
Christopher Haster 1:24750b9ad5ef 512 ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16( ctx->buf );
Christopher Haster 1:24750b9ad5ef 513 else
Christopher Haster 1:24750b9ad5ef 514 #endif
Christopher Haster 1:24750b9ad5ef 515 ctx->rk = RK = ctx->buf;
Christopher Haster 1:24750b9ad5ef 516
Christopher Haster 1:24750b9ad5ef 517 #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
Christopher Haster 1:24750b9ad5ef 518 if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
Christopher Haster 1:24750b9ad5ef 519 return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) );
Christopher Haster 1:24750b9ad5ef 520 #endif
Christopher Haster 1:24750b9ad5ef 521
Christopher Haster 1:24750b9ad5ef 522 for( i = 0; i < ( keybits >> 5 ); i++ )
Christopher Haster 1:24750b9ad5ef 523 {
Christopher Haster 1:24750b9ad5ef 524 GET_UINT32_LE( RK[i], key, i << 2 );
Christopher Haster 1:24750b9ad5ef 525 }
Christopher Haster 1:24750b9ad5ef 526
Christopher Haster 1:24750b9ad5ef 527 switch( ctx->nr )
Christopher Haster 1:24750b9ad5ef 528 {
Christopher Haster 1:24750b9ad5ef 529 case 10:
Christopher Haster 1:24750b9ad5ef 530
Christopher Haster 1:24750b9ad5ef 531 for( i = 0; i < 10; i++, RK += 4 )
Christopher Haster 1:24750b9ad5ef 532 {
Christopher Haster 1:24750b9ad5ef 533 RK[4] = RK[0] ^ RCON[i] ^
Christopher Haster 1:24750b9ad5ef 534 ( (uint32_t) FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^
Christopher Haster 1:24750b9ad5ef 535 ( (uint32_t) FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^
Christopher Haster 1:24750b9ad5ef 536 ( (uint32_t) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^
Christopher Haster 1:24750b9ad5ef 537 ( (uint32_t) FSb[ ( RK[3] ) & 0xFF ] << 24 );
Christopher Haster 1:24750b9ad5ef 538
Christopher Haster 1:24750b9ad5ef 539 RK[5] = RK[1] ^ RK[4];
Christopher Haster 1:24750b9ad5ef 540 RK[6] = RK[2] ^ RK[5];
Christopher Haster 1:24750b9ad5ef 541 RK[7] = RK[3] ^ RK[6];
Christopher Haster 1:24750b9ad5ef 542 }
Christopher Haster 1:24750b9ad5ef 543 break;
Christopher Haster 1:24750b9ad5ef 544
Christopher Haster 1:24750b9ad5ef 545 case 12:
Christopher Haster 1:24750b9ad5ef 546
Christopher Haster 1:24750b9ad5ef 547 for( i = 0; i < 8; i++, RK += 6 )
Christopher Haster 1:24750b9ad5ef 548 {
Christopher Haster 1:24750b9ad5ef 549 RK[6] = RK[0] ^ RCON[i] ^
Christopher Haster 1:24750b9ad5ef 550 ( (uint32_t) FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^
Christopher Haster 1:24750b9ad5ef 551 ( (uint32_t) FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^
Christopher Haster 1:24750b9ad5ef 552 ( (uint32_t) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^
Christopher Haster 1:24750b9ad5ef 553 ( (uint32_t) FSb[ ( RK[5] ) & 0xFF ] << 24 );
Christopher Haster 1:24750b9ad5ef 554
Christopher Haster 1:24750b9ad5ef 555 RK[7] = RK[1] ^ RK[6];
Christopher Haster 1:24750b9ad5ef 556 RK[8] = RK[2] ^ RK[7];
Christopher Haster 1:24750b9ad5ef 557 RK[9] = RK[3] ^ RK[8];
Christopher Haster 1:24750b9ad5ef 558 RK[10] = RK[4] ^ RK[9];
Christopher Haster 1:24750b9ad5ef 559 RK[11] = RK[5] ^ RK[10];
Christopher Haster 1:24750b9ad5ef 560 }
Christopher Haster 1:24750b9ad5ef 561 break;
Christopher Haster 1:24750b9ad5ef 562
Christopher Haster 1:24750b9ad5ef 563 case 14:
Christopher Haster 1:24750b9ad5ef 564
Christopher Haster 1:24750b9ad5ef 565 for( i = 0; i < 7; i++, RK += 8 )
Christopher Haster 1:24750b9ad5ef 566 {
Christopher Haster 1:24750b9ad5ef 567 RK[8] = RK[0] ^ RCON[i] ^
Christopher Haster 1:24750b9ad5ef 568 ( (uint32_t) FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^
Christopher Haster 1:24750b9ad5ef 569 ( (uint32_t) FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^
Christopher Haster 1:24750b9ad5ef 570 ( (uint32_t) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^
Christopher Haster 1:24750b9ad5ef 571 ( (uint32_t) FSb[ ( RK[7] ) & 0xFF ] << 24 );
Christopher Haster 1:24750b9ad5ef 572
Christopher Haster 1:24750b9ad5ef 573 RK[9] = RK[1] ^ RK[8];
Christopher Haster 1:24750b9ad5ef 574 RK[10] = RK[2] ^ RK[9];
Christopher Haster 1:24750b9ad5ef 575 RK[11] = RK[3] ^ RK[10];
Christopher Haster 1:24750b9ad5ef 576
Christopher Haster 1:24750b9ad5ef 577 RK[12] = RK[4] ^
Christopher Haster 1:24750b9ad5ef 578 ( (uint32_t) FSb[ ( RK[11] ) & 0xFF ] ) ^
Christopher Haster 1:24750b9ad5ef 579 ( (uint32_t) FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^
Christopher Haster 1:24750b9ad5ef 580 ( (uint32_t) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^
Christopher Haster 1:24750b9ad5ef 581 ( (uint32_t) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 );
Christopher Haster 1:24750b9ad5ef 582
Christopher Haster 1:24750b9ad5ef 583 RK[13] = RK[5] ^ RK[12];
Christopher Haster 1:24750b9ad5ef 584 RK[14] = RK[6] ^ RK[13];
Christopher Haster 1:24750b9ad5ef 585 RK[15] = RK[7] ^ RK[14];
Christopher Haster 1:24750b9ad5ef 586 }
Christopher Haster 1:24750b9ad5ef 587 break;
Christopher Haster 1:24750b9ad5ef 588 }
Christopher Haster 1:24750b9ad5ef 589
Christopher Haster 1:24750b9ad5ef 590 return( 0 );
Christopher Haster 1:24750b9ad5ef 591 }
Christopher Haster 1:24750b9ad5ef 592 #endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */
Christopher Haster 1:24750b9ad5ef 593
Christopher Haster 1:24750b9ad5ef 594 /*
Christopher Haster 1:24750b9ad5ef 595 * AES key schedule (decryption)
Christopher Haster 1:24750b9ad5ef 596 */
Christopher Haster 1:24750b9ad5ef 597 #if !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
Christopher Haster 1:24750b9ad5ef 598 int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
Christopher Haster 1:24750b9ad5ef 599 unsigned int keybits )
Christopher Haster 1:24750b9ad5ef 600 {
Christopher Haster 1:24750b9ad5ef 601 int i, j, ret;
Christopher Haster 1:24750b9ad5ef 602 mbedtls_aes_context cty;
Christopher Haster 1:24750b9ad5ef 603 uint32_t *RK;
Christopher Haster 1:24750b9ad5ef 604 uint32_t *SK;
Christopher Haster 1:24750b9ad5ef 605
Christopher Haster 1:24750b9ad5ef 606 mbedtls_aes_init( &cty );
Christopher Haster 1:24750b9ad5ef 607
Christopher Haster 1:24750b9ad5ef 608 #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
Christopher Haster 1:24750b9ad5ef 609 if( aes_padlock_ace == -1 )
Christopher Haster 1:24750b9ad5ef 610 aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
Christopher Haster 1:24750b9ad5ef 611
Christopher Haster 1:24750b9ad5ef 612 if( aes_padlock_ace )
Christopher Haster 1:24750b9ad5ef 613 ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16( ctx->buf );
Christopher Haster 1:24750b9ad5ef 614 else
Christopher Haster 1:24750b9ad5ef 615 #endif
Christopher Haster 1:24750b9ad5ef 616 ctx->rk = RK = ctx->buf;
Christopher Haster 1:24750b9ad5ef 617
Christopher Haster 1:24750b9ad5ef 618 /* Also checks keybits */
Christopher Haster 1:24750b9ad5ef 619 if( ( ret = mbedtls_aes_setkey_enc( &cty, key, keybits ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 620 goto exit;
Christopher Haster 1:24750b9ad5ef 621
Christopher Haster 1:24750b9ad5ef 622 ctx->nr = cty.nr;
Christopher Haster 1:24750b9ad5ef 623
Christopher Haster 1:24750b9ad5ef 624 #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
Christopher Haster 1:24750b9ad5ef 625 if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
Christopher Haster 1:24750b9ad5ef 626 {
Christopher Haster 1:24750b9ad5ef 627 mbedtls_aesni_inverse_key( (unsigned char *) ctx->rk,
Christopher Haster 1:24750b9ad5ef 628 (const unsigned char *) cty.rk, ctx->nr );
Christopher Haster 1:24750b9ad5ef 629 goto exit;
Christopher Haster 1:24750b9ad5ef 630 }
Christopher Haster 1:24750b9ad5ef 631 #endif
Christopher Haster 1:24750b9ad5ef 632
Christopher Haster 1:24750b9ad5ef 633 SK = cty.rk + cty.nr * 4;
Christopher Haster 1:24750b9ad5ef 634
Christopher Haster 1:24750b9ad5ef 635 *RK++ = *SK++;
Christopher Haster 1:24750b9ad5ef 636 *RK++ = *SK++;
Christopher Haster 1:24750b9ad5ef 637 *RK++ = *SK++;
Christopher Haster 1:24750b9ad5ef 638 *RK++ = *SK++;
Christopher Haster 1:24750b9ad5ef 639
Christopher Haster 1:24750b9ad5ef 640 for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 )
Christopher Haster 1:24750b9ad5ef 641 {
Christopher Haster 1:24750b9ad5ef 642 for( j = 0; j < 4; j++, SK++ )
Christopher Haster 1:24750b9ad5ef 643 {
Christopher Haster 1:24750b9ad5ef 644 *RK++ = RT0[ FSb[ ( *SK ) & 0xFF ] ] ^
Christopher Haster 1:24750b9ad5ef 645 RT1[ FSb[ ( *SK >> 8 ) & 0xFF ] ] ^
Christopher Haster 1:24750b9ad5ef 646 RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^
Christopher Haster 1:24750b9ad5ef 647 RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ];
Christopher Haster 1:24750b9ad5ef 648 }
Christopher Haster 1:24750b9ad5ef 649 }
Christopher Haster 1:24750b9ad5ef 650
Christopher Haster 1:24750b9ad5ef 651 *RK++ = *SK++;
Christopher Haster 1:24750b9ad5ef 652 *RK++ = *SK++;
Christopher Haster 1:24750b9ad5ef 653 *RK++ = *SK++;
Christopher Haster 1:24750b9ad5ef 654 *RK++ = *SK++;
Christopher Haster 1:24750b9ad5ef 655
Christopher Haster 1:24750b9ad5ef 656 exit:
Christopher Haster 1:24750b9ad5ef 657 mbedtls_aes_free( &cty );
Christopher Haster 1:24750b9ad5ef 658
Christopher Haster 1:24750b9ad5ef 659 return( ret );
Christopher Haster 1:24750b9ad5ef 660 }
Christopher Haster 1:24750b9ad5ef 661 #endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */
Christopher Haster 1:24750b9ad5ef 662
Christopher Haster 1:24750b9ad5ef 663 #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
Christopher Haster 1:24750b9ad5ef 664 { \
Christopher Haster 1:24750b9ad5ef 665 X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 666 FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 667 FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 668 FT3[ ( Y3 >> 24 ) & 0xFF ]; \
Christopher Haster 1:24750b9ad5ef 669 \
Christopher Haster 1:24750b9ad5ef 670 X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 671 FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 672 FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 673 FT3[ ( Y0 >> 24 ) & 0xFF ]; \
Christopher Haster 1:24750b9ad5ef 674 \
Christopher Haster 1:24750b9ad5ef 675 X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 676 FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 677 FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 678 FT3[ ( Y1 >> 24 ) & 0xFF ]; \
Christopher Haster 1:24750b9ad5ef 679 \
Christopher Haster 1:24750b9ad5ef 680 X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 681 FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 682 FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 683 FT3[ ( Y2 >> 24 ) & 0xFF ]; \
Christopher Haster 1:24750b9ad5ef 684 }
Christopher Haster 1:24750b9ad5ef 685
Christopher Haster 1:24750b9ad5ef 686 #define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
Christopher Haster 1:24750b9ad5ef 687 { \
Christopher Haster 1:24750b9ad5ef 688 X0 = *RK++ ^ RT0[ ( Y0 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 689 RT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 690 RT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 691 RT3[ ( Y1 >> 24 ) & 0xFF ]; \
Christopher Haster 1:24750b9ad5ef 692 \
Christopher Haster 1:24750b9ad5ef 693 X1 = *RK++ ^ RT0[ ( Y1 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 694 RT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 695 RT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 696 RT3[ ( Y2 >> 24 ) & 0xFF ]; \
Christopher Haster 1:24750b9ad5ef 697 \
Christopher Haster 1:24750b9ad5ef 698 X2 = *RK++ ^ RT0[ ( Y2 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 699 RT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 700 RT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 701 RT3[ ( Y3 >> 24 ) & 0xFF ]; \
Christopher Haster 1:24750b9ad5ef 702 \
Christopher Haster 1:24750b9ad5ef 703 X3 = *RK++ ^ RT0[ ( Y3 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 704 RT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 705 RT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
Christopher Haster 1:24750b9ad5ef 706 RT3[ ( Y0 >> 24 ) & 0xFF ]; \
Christopher Haster 1:24750b9ad5ef 707 }
Christopher Haster 1:24750b9ad5ef 708
Christopher Haster 1:24750b9ad5ef 709 /*
Christopher Haster 1:24750b9ad5ef 710 * AES-ECB block encryption
Christopher Haster 1:24750b9ad5ef 711 */
Christopher Haster 1:24750b9ad5ef 712 #if !defined(MBEDTLS_AES_ENCRYPT_ALT)
Christopher Haster 1:24750b9ad5ef 713 void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
Christopher Haster 1:24750b9ad5ef 714 const unsigned char input[16],
Christopher Haster 1:24750b9ad5ef 715 unsigned char output[16] )
Christopher Haster 1:24750b9ad5ef 716 {
Christopher Haster 1:24750b9ad5ef 717 int i;
Christopher Haster 1:24750b9ad5ef 718 uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
Christopher Haster 1:24750b9ad5ef 719
Christopher Haster 1:24750b9ad5ef 720 RK = ctx->rk;
Christopher Haster 1:24750b9ad5ef 721
Christopher Haster 1:24750b9ad5ef 722 GET_UINT32_LE( X0, input, 0 ); X0 ^= *RK++;
Christopher Haster 1:24750b9ad5ef 723 GET_UINT32_LE( X1, input, 4 ); X1 ^= *RK++;
Christopher Haster 1:24750b9ad5ef 724 GET_UINT32_LE( X2, input, 8 ); X2 ^= *RK++;
Christopher Haster 1:24750b9ad5ef 725 GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++;
Christopher Haster 1:24750b9ad5ef 726
Christopher Haster 1:24750b9ad5ef 727 for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
Christopher Haster 1:24750b9ad5ef 728 {
Christopher Haster 1:24750b9ad5ef 729 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
Christopher Haster 1:24750b9ad5ef 730 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
Christopher Haster 1:24750b9ad5ef 731 }
Christopher Haster 1:24750b9ad5ef 732
Christopher Haster 1:24750b9ad5ef 733 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
Christopher Haster 1:24750b9ad5ef 734
Christopher Haster 1:24750b9ad5ef 735 X0 = *RK++ ^ \
Christopher Haster 1:24750b9ad5ef 736 ( (uint32_t) FSb[ ( Y0 ) & 0xFF ] ) ^
Christopher Haster 1:24750b9ad5ef 737 ( (uint32_t) FSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
Christopher Haster 1:24750b9ad5ef 738 ( (uint32_t) FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
Christopher Haster 1:24750b9ad5ef 739 ( (uint32_t) FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
Christopher Haster 1:24750b9ad5ef 740
Christopher Haster 1:24750b9ad5ef 741 X1 = *RK++ ^ \
Christopher Haster 1:24750b9ad5ef 742 ( (uint32_t) FSb[ ( Y1 ) & 0xFF ] ) ^
Christopher Haster 1:24750b9ad5ef 743 ( (uint32_t) FSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
Christopher Haster 1:24750b9ad5ef 744 ( (uint32_t) FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
Christopher Haster 1:24750b9ad5ef 745 ( (uint32_t) FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
Christopher Haster 1:24750b9ad5ef 746
Christopher Haster 1:24750b9ad5ef 747 X2 = *RK++ ^ \
Christopher Haster 1:24750b9ad5ef 748 ( (uint32_t) FSb[ ( Y2 ) & 0xFF ] ) ^
Christopher Haster 1:24750b9ad5ef 749 ( (uint32_t) FSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
Christopher Haster 1:24750b9ad5ef 750 ( (uint32_t) FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
Christopher Haster 1:24750b9ad5ef 751 ( (uint32_t) FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
Christopher Haster 1:24750b9ad5ef 752
Christopher Haster 1:24750b9ad5ef 753 X3 = *RK++ ^ \
Christopher Haster 1:24750b9ad5ef 754 ( (uint32_t) FSb[ ( Y3 ) & 0xFF ] ) ^
Christopher Haster 1:24750b9ad5ef 755 ( (uint32_t) FSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
Christopher Haster 1:24750b9ad5ef 756 ( (uint32_t) FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
Christopher Haster 1:24750b9ad5ef 757 ( (uint32_t) FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
Christopher Haster 1:24750b9ad5ef 758
Christopher Haster 1:24750b9ad5ef 759 PUT_UINT32_LE( X0, output, 0 );
Christopher Haster 1:24750b9ad5ef 760 PUT_UINT32_LE( X1, output, 4 );
Christopher Haster 1:24750b9ad5ef 761 PUT_UINT32_LE( X2, output, 8 );
Christopher Haster 1:24750b9ad5ef 762 PUT_UINT32_LE( X3, output, 12 );
Christopher Haster 1:24750b9ad5ef 763 }
Christopher Haster 1:24750b9ad5ef 764 #endif /* !MBEDTLS_AES_ENCRYPT_ALT */
Christopher Haster 1:24750b9ad5ef 765
Christopher Haster 1:24750b9ad5ef 766 /*
Christopher Haster 1:24750b9ad5ef 767 * AES-ECB block decryption
Christopher Haster 1:24750b9ad5ef 768 */
Christopher Haster 1:24750b9ad5ef 769 #if !defined(MBEDTLS_AES_DECRYPT_ALT)
Christopher Haster 1:24750b9ad5ef 770 void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
Christopher Haster 1:24750b9ad5ef 771 const unsigned char input[16],
Christopher Haster 1:24750b9ad5ef 772 unsigned char output[16] )
Christopher Haster 1:24750b9ad5ef 773 {
Christopher Haster 1:24750b9ad5ef 774 int i;
Christopher Haster 1:24750b9ad5ef 775 uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
Christopher Haster 1:24750b9ad5ef 776
Christopher Haster 1:24750b9ad5ef 777 RK = ctx->rk;
Christopher Haster 1:24750b9ad5ef 778
Christopher Haster 1:24750b9ad5ef 779 GET_UINT32_LE( X0, input, 0 ); X0 ^= *RK++;
Christopher Haster 1:24750b9ad5ef 780 GET_UINT32_LE( X1, input, 4 ); X1 ^= *RK++;
Christopher Haster 1:24750b9ad5ef 781 GET_UINT32_LE( X2, input, 8 ); X2 ^= *RK++;
Christopher Haster 1:24750b9ad5ef 782 GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++;
Christopher Haster 1:24750b9ad5ef 783
Christopher Haster 1:24750b9ad5ef 784 for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
Christopher Haster 1:24750b9ad5ef 785 {
Christopher Haster 1:24750b9ad5ef 786 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
Christopher Haster 1:24750b9ad5ef 787 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
Christopher Haster 1:24750b9ad5ef 788 }
Christopher Haster 1:24750b9ad5ef 789
Christopher Haster 1:24750b9ad5ef 790 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
Christopher Haster 1:24750b9ad5ef 791
Christopher Haster 1:24750b9ad5ef 792 X0 = *RK++ ^ \
Christopher Haster 1:24750b9ad5ef 793 ( (uint32_t) RSb[ ( Y0 ) & 0xFF ] ) ^
Christopher Haster 1:24750b9ad5ef 794 ( (uint32_t) RSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
Christopher Haster 1:24750b9ad5ef 795 ( (uint32_t) RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
Christopher Haster 1:24750b9ad5ef 796 ( (uint32_t) RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
Christopher Haster 1:24750b9ad5ef 797
Christopher Haster 1:24750b9ad5ef 798 X1 = *RK++ ^ \
Christopher Haster 1:24750b9ad5ef 799 ( (uint32_t) RSb[ ( Y1 ) & 0xFF ] ) ^
Christopher Haster 1:24750b9ad5ef 800 ( (uint32_t) RSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
Christopher Haster 1:24750b9ad5ef 801 ( (uint32_t) RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
Christopher Haster 1:24750b9ad5ef 802 ( (uint32_t) RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
Christopher Haster 1:24750b9ad5ef 803
Christopher Haster 1:24750b9ad5ef 804 X2 = *RK++ ^ \
Christopher Haster 1:24750b9ad5ef 805 ( (uint32_t) RSb[ ( Y2 ) & 0xFF ] ) ^
Christopher Haster 1:24750b9ad5ef 806 ( (uint32_t) RSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
Christopher Haster 1:24750b9ad5ef 807 ( (uint32_t) RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
Christopher Haster 1:24750b9ad5ef 808 ( (uint32_t) RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
Christopher Haster 1:24750b9ad5ef 809
Christopher Haster 1:24750b9ad5ef 810 X3 = *RK++ ^ \
Christopher Haster 1:24750b9ad5ef 811 ( (uint32_t) RSb[ ( Y3 ) & 0xFF ] ) ^
Christopher Haster 1:24750b9ad5ef 812 ( (uint32_t) RSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
Christopher Haster 1:24750b9ad5ef 813 ( (uint32_t) RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
Christopher Haster 1:24750b9ad5ef 814 ( (uint32_t) RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
Christopher Haster 1:24750b9ad5ef 815
Christopher Haster 1:24750b9ad5ef 816 PUT_UINT32_LE( X0, output, 0 );
Christopher Haster 1:24750b9ad5ef 817 PUT_UINT32_LE( X1, output, 4 );
Christopher Haster 1:24750b9ad5ef 818 PUT_UINT32_LE( X2, output, 8 );
Christopher Haster 1:24750b9ad5ef 819 PUT_UINT32_LE( X3, output, 12 );
Christopher Haster 1:24750b9ad5ef 820 }
Christopher Haster 1:24750b9ad5ef 821 #endif /* !MBEDTLS_AES_DECRYPT_ALT */
Christopher Haster 1:24750b9ad5ef 822
Christopher Haster 1:24750b9ad5ef 823 /*
Christopher Haster 1:24750b9ad5ef 824 * AES-ECB block encryption/decryption
Christopher Haster 1:24750b9ad5ef 825 */
Christopher Haster 1:24750b9ad5ef 826 int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
Christopher Haster 1:24750b9ad5ef 827 int mode,
Christopher Haster 1:24750b9ad5ef 828 const unsigned char input[16],
Christopher Haster 1:24750b9ad5ef 829 unsigned char output[16] )
Christopher Haster 1:24750b9ad5ef 830 {
Christopher Haster 1:24750b9ad5ef 831 #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
Christopher Haster 1:24750b9ad5ef 832 if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
Christopher Haster 1:24750b9ad5ef 833 return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) );
Christopher Haster 1:24750b9ad5ef 834 #endif
Christopher Haster 1:24750b9ad5ef 835
Christopher Haster 1:24750b9ad5ef 836 #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
Christopher Haster 1:24750b9ad5ef 837 if( aes_padlock_ace )
Christopher Haster 1:24750b9ad5ef 838 {
Christopher Haster 1:24750b9ad5ef 839 if( mbedtls_padlock_xcryptecb( ctx, mode, input, output ) == 0 )
Christopher Haster 1:24750b9ad5ef 840 return( 0 );
Christopher Haster 1:24750b9ad5ef 841
Christopher Haster 1:24750b9ad5ef 842 // If padlock data misaligned, we just fall back to
Christopher Haster 1:24750b9ad5ef 843 // unaccelerated mode
Christopher Haster 1:24750b9ad5ef 844 //
Christopher Haster 1:24750b9ad5ef 845 }
Christopher Haster 1:24750b9ad5ef 846 #endif
Christopher Haster 1:24750b9ad5ef 847
Christopher Haster 1:24750b9ad5ef 848 if( mode == MBEDTLS_AES_ENCRYPT )
Christopher Haster 1:24750b9ad5ef 849 mbedtls_aes_encrypt( ctx, input, output );
Christopher Haster 1:24750b9ad5ef 850 else
Christopher Haster 1:24750b9ad5ef 851 mbedtls_aes_decrypt( ctx, input, output );
Christopher Haster 1:24750b9ad5ef 852
Christopher Haster 1:24750b9ad5ef 853 return( 0 );
Christopher Haster 1:24750b9ad5ef 854 }
Christopher Haster 1:24750b9ad5ef 855
Christopher Haster 1:24750b9ad5ef 856 #if defined(MBEDTLS_CIPHER_MODE_CBC)
Christopher Haster 1:24750b9ad5ef 857 /*
Christopher Haster 1:24750b9ad5ef 858 * AES-CBC buffer encryption/decryption
Christopher Haster 1:24750b9ad5ef 859 */
Christopher Haster 1:24750b9ad5ef 860 int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
Christopher Haster 1:24750b9ad5ef 861 int mode,
Christopher Haster 1:24750b9ad5ef 862 size_t length,
Christopher Haster 1:24750b9ad5ef 863 unsigned char iv[16],
Christopher Haster 1:24750b9ad5ef 864 const unsigned char *input,
Christopher Haster 1:24750b9ad5ef 865 unsigned char *output )
Christopher Haster 1:24750b9ad5ef 866 {
Christopher Haster 1:24750b9ad5ef 867 int i;
Christopher Haster 1:24750b9ad5ef 868 unsigned char temp[16];
Christopher Haster 1:24750b9ad5ef 869
Christopher Haster 1:24750b9ad5ef 870 if( length % 16 )
Christopher Haster 1:24750b9ad5ef 871 return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
Christopher Haster 1:24750b9ad5ef 872
Christopher Haster 1:24750b9ad5ef 873 #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
Christopher Haster 1:24750b9ad5ef 874 if( aes_padlock_ace )
Christopher Haster 1:24750b9ad5ef 875 {
Christopher Haster 1:24750b9ad5ef 876 if( mbedtls_padlock_xcryptcbc( ctx, mode, length, iv, input, output ) == 0 )
Christopher Haster 1:24750b9ad5ef 877 return( 0 );
Christopher Haster 1:24750b9ad5ef 878
Christopher Haster 1:24750b9ad5ef 879 // If padlock data misaligned, we just fall back to
Christopher Haster 1:24750b9ad5ef 880 // unaccelerated mode
Christopher Haster 1:24750b9ad5ef 881 //
Christopher Haster 1:24750b9ad5ef 882 }
Christopher Haster 1:24750b9ad5ef 883 #endif
Christopher Haster 1:24750b9ad5ef 884
Christopher Haster 1:24750b9ad5ef 885 if( mode == MBEDTLS_AES_DECRYPT )
Christopher Haster 1:24750b9ad5ef 886 {
Christopher Haster 1:24750b9ad5ef 887 while( length > 0 )
Christopher Haster 1:24750b9ad5ef 888 {
Christopher Haster 1:24750b9ad5ef 889 memcpy( temp, input, 16 );
Christopher Haster 1:24750b9ad5ef 890 mbedtls_aes_crypt_ecb( ctx, mode, input, output );
Christopher Haster 1:24750b9ad5ef 891
Christopher Haster 1:24750b9ad5ef 892 for( i = 0; i < 16; i++ )
Christopher Haster 1:24750b9ad5ef 893 output[i] = (unsigned char)( output[i] ^ iv[i] );
Christopher Haster 1:24750b9ad5ef 894
Christopher Haster 1:24750b9ad5ef 895 memcpy( iv, temp, 16 );
Christopher Haster 1:24750b9ad5ef 896
Christopher Haster 1:24750b9ad5ef 897 input += 16;
Christopher Haster 1:24750b9ad5ef 898 output += 16;
Christopher Haster 1:24750b9ad5ef 899 length -= 16;
Christopher Haster 1:24750b9ad5ef 900 }
Christopher Haster 1:24750b9ad5ef 901 }
Christopher Haster 1:24750b9ad5ef 902 else
Christopher Haster 1:24750b9ad5ef 903 {
Christopher Haster 1:24750b9ad5ef 904 while( length > 0 )
Christopher Haster 1:24750b9ad5ef 905 {
Christopher Haster 1:24750b9ad5ef 906 for( i = 0; i < 16; i++ )
Christopher Haster 1:24750b9ad5ef 907 output[i] = (unsigned char)( input[i] ^ iv[i] );
Christopher Haster 1:24750b9ad5ef 908
Christopher Haster 1:24750b9ad5ef 909 mbedtls_aes_crypt_ecb( ctx, mode, output, output );
Christopher Haster 1:24750b9ad5ef 910 memcpy( iv, output, 16 );
Christopher Haster 1:24750b9ad5ef 911
Christopher Haster 1:24750b9ad5ef 912 input += 16;
Christopher Haster 1:24750b9ad5ef 913 output += 16;
Christopher Haster 1:24750b9ad5ef 914 length -= 16;
Christopher Haster 1:24750b9ad5ef 915 }
Christopher Haster 1:24750b9ad5ef 916 }
Christopher Haster 1:24750b9ad5ef 917
Christopher Haster 1:24750b9ad5ef 918 return( 0 );
Christopher Haster 1:24750b9ad5ef 919 }
Christopher Haster 1:24750b9ad5ef 920 #endif /* MBEDTLS_CIPHER_MODE_CBC */
Christopher Haster 1:24750b9ad5ef 921
Christopher Haster 1:24750b9ad5ef 922 #if defined(MBEDTLS_CIPHER_MODE_CFB)
Christopher Haster 1:24750b9ad5ef 923 /*
Christopher Haster 1:24750b9ad5ef 924 * AES-CFB128 buffer encryption/decryption
Christopher Haster 1:24750b9ad5ef 925 */
Christopher Haster 1:24750b9ad5ef 926 int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
Christopher Haster 1:24750b9ad5ef 927 int mode,
Christopher Haster 1:24750b9ad5ef 928 size_t length,
Christopher Haster 1:24750b9ad5ef 929 size_t *iv_off,
Christopher Haster 1:24750b9ad5ef 930 unsigned char iv[16],
Christopher Haster 1:24750b9ad5ef 931 const unsigned char *input,
Christopher Haster 1:24750b9ad5ef 932 unsigned char *output )
Christopher Haster 1:24750b9ad5ef 933 {
Christopher Haster 1:24750b9ad5ef 934 int c;
Christopher Haster 1:24750b9ad5ef 935 size_t n = *iv_off;
Christopher Haster 1:24750b9ad5ef 936
Christopher Haster 1:24750b9ad5ef 937 if( mode == MBEDTLS_AES_DECRYPT )
Christopher Haster 1:24750b9ad5ef 938 {
Christopher Haster 1:24750b9ad5ef 939 while( length-- )
Christopher Haster 1:24750b9ad5ef 940 {
Christopher Haster 1:24750b9ad5ef 941 if( n == 0 )
Christopher Haster 1:24750b9ad5ef 942 mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
Christopher Haster 1:24750b9ad5ef 943
Christopher Haster 1:24750b9ad5ef 944 c = *input++;
Christopher Haster 1:24750b9ad5ef 945 *output++ = (unsigned char)( c ^ iv[n] );
Christopher Haster 1:24750b9ad5ef 946 iv[n] = (unsigned char) c;
Christopher Haster 1:24750b9ad5ef 947
Christopher Haster 1:24750b9ad5ef 948 n = ( n + 1 ) & 0x0F;
Christopher Haster 1:24750b9ad5ef 949 }
Christopher Haster 1:24750b9ad5ef 950 }
Christopher Haster 1:24750b9ad5ef 951 else
Christopher Haster 1:24750b9ad5ef 952 {
Christopher Haster 1:24750b9ad5ef 953 while( length-- )
Christopher Haster 1:24750b9ad5ef 954 {
Christopher Haster 1:24750b9ad5ef 955 if( n == 0 )
Christopher Haster 1:24750b9ad5ef 956 mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
Christopher Haster 1:24750b9ad5ef 957
Christopher Haster 1:24750b9ad5ef 958 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
Christopher Haster 1:24750b9ad5ef 959
Christopher Haster 1:24750b9ad5ef 960 n = ( n + 1 ) & 0x0F;
Christopher Haster 1:24750b9ad5ef 961 }
Christopher Haster 1:24750b9ad5ef 962 }
Christopher Haster 1:24750b9ad5ef 963
Christopher Haster 1:24750b9ad5ef 964 *iv_off = n;
Christopher Haster 1:24750b9ad5ef 965
Christopher Haster 1:24750b9ad5ef 966 return( 0 );
Christopher Haster 1:24750b9ad5ef 967 }
Christopher Haster 1:24750b9ad5ef 968
Christopher Haster 1:24750b9ad5ef 969 /*
Christopher Haster 1:24750b9ad5ef 970 * AES-CFB8 buffer encryption/decryption
Christopher Haster 1:24750b9ad5ef 971 */
Christopher Haster 1:24750b9ad5ef 972 int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
Christopher Haster 1:24750b9ad5ef 973 int mode,
Christopher Haster 1:24750b9ad5ef 974 size_t length,
Christopher Haster 1:24750b9ad5ef 975 unsigned char iv[16],
Christopher Haster 1:24750b9ad5ef 976 const unsigned char *input,
Christopher Haster 1:24750b9ad5ef 977 unsigned char *output )
Christopher Haster 1:24750b9ad5ef 978 {
Christopher Haster 1:24750b9ad5ef 979 unsigned char c;
Christopher Haster 1:24750b9ad5ef 980 unsigned char ov[17];
Christopher Haster 1:24750b9ad5ef 981
Christopher Haster 1:24750b9ad5ef 982 while( length-- )
Christopher Haster 1:24750b9ad5ef 983 {
Christopher Haster 1:24750b9ad5ef 984 memcpy( ov, iv, 16 );
Christopher Haster 1:24750b9ad5ef 985 mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
Christopher Haster 1:24750b9ad5ef 986
Christopher Haster 1:24750b9ad5ef 987 if( mode == MBEDTLS_AES_DECRYPT )
Christopher Haster 1:24750b9ad5ef 988 ov[16] = *input;
Christopher Haster 1:24750b9ad5ef 989
Christopher Haster 1:24750b9ad5ef 990 c = *output++ = (unsigned char)( iv[0] ^ *input++ );
Christopher Haster 1:24750b9ad5ef 991
Christopher Haster 1:24750b9ad5ef 992 if( mode == MBEDTLS_AES_ENCRYPT )
Christopher Haster 1:24750b9ad5ef 993 ov[16] = c;
Christopher Haster 1:24750b9ad5ef 994
Christopher Haster 1:24750b9ad5ef 995 memcpy( iv, ov + 1, 16 );
Christopher Haster 1:24750b9ad5ef 996 }
Christopher Haster 1:24750b9ad5ef 997
Christopher Haster 1:24750b9ad5ef 998 return( 0 );
Christopher Haster 1:24750b9ad5ef 999 }
Christopher Haster 1:24750b9ad5ef 1000 #endif /*MBEDTLS_CIPHER_MODE_CFB */
Christopher Haster 1:24750b9ad5ef 1001
Christopher Haster 1:24750b9ad5ef 1002 #if defined(MBEDTLS_CIPHER_MODE_CTR)
Christopher Haster 1:24750b9ad5ef 1003 /*
Christopher Haster 1:24750b9ad5ef 1004 * AES-CTR buffer encryption/decryption
Christopher Haster 1:24750b9ad5ef 1005 */
Christopher Haster 1:24750b9ad5ef 1006 int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
Christopher Haster 1:24750b9ad5ef 1007 size_t length,
Christopher Haster 1:24750b9ad5ef 1008 size_t *nc_off,
Christopher Haster 1:24750b9ad5ef 1009 unsigned char nonce_counter[16],
Christopher Haster 1:24750b9ad5ef 1010 unsigned char stream_block[16],
Christopher Haster 1:24750b9ad5ef 1011 const unsigned char *input,
Christopher Haster 1:24750b9ad5ef 1012 unsigned char *output )
Christopher Haster 1:24750b9ad5ef 1013 {
Christopher Haster 1:24750b9ad5ef 1014 int c, i;
Christopher Haster 1:24750b9ad5ef 1015 size_t n = *nc_off;
Christopher Haster 1:24750b9ad5ef 1016
Christopher Haster 1:24750b9ad5ef 1017 while( length-- )
Christopher Haster 1:24750b9ad5ef 1018 {
Christopher Haster 1:24750b9ad5ef 1019 if( n == 0 ) {
Christopher Haster 1:24750b9ad5ef 1020 mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
Christopher Haster 1:24750b9ad5ef 1021
Christopher Haster 1:24750b9ad5ef 1022 for( i = 16; i > 0; i-- )
Christopher Haster 1:24750b9ad5ef 1023 if( ++nonce_counter[i - 1] != 0 )
Christopher Haster 1:24750b9ad5ef 1024 break;
Christopher Haster 1:24750b9ad5ef 1025 }
Christopher Haster 1:24750b9ad5ef 1026 c = *input++;
Christopher Haster 1:24750b9ad5ef 1027 *output++ = (unsigned char)( c ^ stream_block[n] );
Christopher Haster 1:24750b9ad5ef 1028
Christopher Haster 1:24750b9ad5ef 1029 n = ( n + 1 ) & 0x0F;
Christopher Haster 1:24750b9ad5ef 1030 }
Christopher Haster 1:24750b9ad5ef 1031
Christopher Haster 1:24750b9ad5ef 1032 *nc_off = n;
Christopher Haster 1:24750b9ad5ef 1033
Christopher Haster 1:24750b9ad5ef 1034 return( 0 );
Christopher Haster 1:24750b9ad5ef 1035 }
Christopher Haster 1:24750b9ad5ef 1036 #endif /* MBEDTLS_CIPHER_MODE_CTR */
Christopher Haster 1:24750b9ad5ef 1037
Christopher Haster 1:24750b9ad5ef 1038 #endif /* !MBEDTLS_AES_ALT */
Christopher Haster 1:24750b9ad5ef 1039
Christopher Haster 1:24750b9ad5ef 1040 #if defined(MBEDTLS_SELF_TEST)
Christopher Haster 1:24750b9ad5ef 1041 /*
Christopher Haster 1:24750b9ad5ef 1042 * AES test vectors from:
Christopher Haster 1:24750b9ad5ef 1043 *
Christopher Haster 1:24750b9ad5ef 1044 * http://csrc.nist.gov/archive/aes/rijndael/rijndael-vals.zip
Christopher Haster 1:24750b9ad5ef 1045 */
Christopher Haster 1:24750b9ad5ef 1046 static const unsigned char aes_test_ecb_dec[3][16] =
Christopher Haster 1:24750b9ad5ef 1047 {
Christopher Haster 1:24750b9ad5ef 1048 { 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58,
Christopher Haster 1:24750b9ad5ef 1049 0x33, 0x03, 0x91, 0x7E, 0x6B, 0xE9, 0xEB, 0xE0 },
Christopher Haster 1:24750b9ad5ef 1050 { 0x48, 0xE3, 0x1E, 0x9E, 0x25, 0x67, 0x18, 0xF2,
Christopher Haster 1:24750b9ad5ef 1051 0x92, 0x29, 0x31, 0x9C, 0x19, 0xF1, 0x5B, 0xA4 },
Christopher Haster 1:24750b9ad5ef 1052 { 0x05, 0x8C, 0xCF, 0xFD, 0xBB, 0xCB, 0x38, 0x2D,
Christopher Haster 1:24750b9ad5ef 1053 0x1F, 0x6F, 0x56, 0x58, 0x5D, 0x8A, 0x4A, 0xDE }
Christopher Haster 1:24750b9ad5ef 1054 };
Christopher Haster 1:24750b9ad5ef 1055
Christopher Haster 1:24750b9ad5ef 1056 static const unsigned char aes_test_ecb_enc[3][16] =
Christopher Haster 1:24750b9ad5ef 1057 {
Christopher Haster 1:24750b9ad5ef 1058 { 0xC3, 0x4C, 0x05, 0x2C, 0xC0, 0xDA, 0x8D, 0x73,
Christopher Haster 1:24750b9ad5ef 1059 0x45, 0x1A, 0xFE, 0x5F, 0x03, 0xBE, 0x29, 0x7F },
Christopher Haster 1:24750b9ad5ef 1060 { 0xF3, 0xF6, 0x75, 0x2A, 0xE8, 0xD7, 0x83, 0x11,
Christopher Haster 1:24750b9ad5ef 1061 0x38, 0xF0, 0x41, 0x56, 0x06, 0x31, 0xB1, 0x14 },
Christopher Haster 1:24750b9ad5ef 1062 { 0x8B, 0x79, 0xEE, 0xCC, 0x93, 0xA0, 0xEE, 0x5D,
Christopher Haster 1:24750b9ad5ef 1063 0xFF, 0x30, 0xB4, 0xEA, 0x21, 0x63, 0x6D, 0xA4 }
Christopher Haster 1:24750b9ad5ef 1064 };
Christopher Haster 1:24750b9ad5ef 1065
Christopher Haster 1:24750b9ad5ef 1066 #if defined(MBEDTLS_CIPHER_MODE_CBC)
Christopher Haster 1:24750b9ad5ef 1067 static const unsigned char aes_test_cbc_dec[3][16] =
Christopher Haster 1:24750b9ad5ef 1068 {
Christopher Haster 1:24750b9ad5ef 1069 { 0xFA, 0xCA, 0x37, 0xE0, 0xB0, 0xC8, 0x53, 0x73,
Christopher Haster 1:24750b9ad5ef 1070 0xDF, 0x70, 0x6E, 0x73, 0xF7, 0xC9, 0xAF, 0x86 },
Christopher Haster 1:24750b9ad5ef 1071 { 0x5D, 0xF6, 0x78, 0xDD, 0x17, 0xBA, 0x4E, 0x75,
Christopher Haster 1:24750b9ad5ef 1072 0xB6, 0x17, 0x68, 0xC6, 0xAD, 0xEF, 0x7C, 0x7B },
Christopher Haster 1:24750b9ad5ef 1073 { 0x48, 0x04, 0xE1, 0x81, 0x8F, 0xE6, 0x29, 0x75,
Christopher Haster 1:24750b9ad5ef 1074 0x19, 0xA3, 0xE8, 0x8C, 0x57, 0x31, 0x04, 0x13 }
Christopher Haster 1:24750b9ad5ef 1075 };
Christopher Haster 1:24750b9ad5ef 1076
Christopher Haster 1:24750b9ad5ef 1077 static const unsigned char aes_test_cbc_enc[3][16] =
Christopher Haster 1:24750b9ad5ef 1078 {
Christopher Haster 1:24750b9ad5ef 1079 { 0x8A, 0x05, 0xFC, 0x5E, 0x09, 0x5A, 0xF4, 0x84,
Christopher Haster 1:24750b9ad5ef 1080 0x8A, 0x08, 0xD3, 0x28, 0xD3, 0x68, 0x8E, 0x3D },
Christopher Haster 1:24750b9ad5ef 1081 { 0x7B, 0xD9, 0x66, 0xD5, 0x3A, 0xD8, 0xC1, 0xBB,
Christopher Haster 1:24750b9ad5ef 1082 0x85, 0xD2, 0xAD, 0xFA, 0xE8, 0x7B, 0xB1, 0x04 },
Christopher Haster 1:24750b9ad5ef 1083 { 0xFE, 0x3C, 0x53, 0x65, 0x3E, 0x2F, 0x45, 0xB5,
Christopher Haster 1:24750b9ad5ef 1084 0x6F, 0xCD, 0x88, 0xB2, 0xCC, 0x89, 0x8F, 0xF0 }
Christopher Haster 1:24750b9ad5ef 1085 };
Christopher Haster 1:24750b9ad5ef 1086 #endif /* MBEDTLS_CIPHER_MODE_CBC */
Christopher Haster 1:24750b9ad5ef 1087
Christopher Haster 1:24750b9ad5ef 1088 #if defined(MBEDTLS_CIPHER_MODE_CFB)
Christopher Haster 1:24750b9ad5ef 1089 /*
Christopher Haster 1:24750b9ad5ef 1090 * AES-CFB128 test vectors from:
Christopher Haster 1:24750b9ad5ef 1091 *
Christopher Haster 1:24750b9ad5ef 1092 * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Christopher Haster 1:24750b9ad5ef 1093 */
Christopher Haster 1:24750b9ad5ef 1094 static const unsigned char aes_test_cfb128_key[3][32] =
Christopher Haster 1:24750b9ad5ef 1095 {
Christopher Haster 1:24750b9ad5ef 1096 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
Christopher Haster 1:24750b9ad5ef 1097 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C },
Christopher Haster 1:24750b9ad5ef 1098 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
Christopher Haster 1:24750b9ad5ef 1099 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
Christopher Haster 1:24750b9ad5ef 1100 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B },
Christopher Haster 1:24750b9ad5ef 1101 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
Christopher Haster 1:24750b9ad5ef 1102 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
Christopher Haster 1:24750b9ad5ef 1103 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
Christopher Haster 1:24750b9ad5ef 1104 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
Christopher Haster 1:24750b9ad5ef 1105 };
Christopher Haster 1:24750b9ad5ef 1106
Christopher Haster 1:24750b9ad5ef 1107 static const unsigned char aes_test_cfb128_iv[16] =
Christopher Haster 1:24750b9ad5ef 1108 {
Christopher Haster 1:24750b9ad5ef 1109 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
Christopher Haster 1:24750b9ad5ef 1110 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
Christopher Haster 1:24750b9ad5ef 1111 };
Christopher Haster 1:24750b9ad5ef 1112
Christopher Haster 1:24750b9ad5ef 1113 static const unsigned char aes_test_cfb128_pt[64] =
Christopher Haster 1:24750b9ad5ef 1114 {
Christopher Haster 1:24750b9ad5ef 1115 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
Christopher Haster 1:24750b9ad5ef 1116 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
Christopher Haster 1:24750b9ad5ef 1117 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
Christopher Haster 1:24750b9ad5ef 1118 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51,
Christopher Haster 1:24750b9ad5ef 1119 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
Christopher Haster 1:24750b9ad5ef 1120 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF,
Christopher Haster 1:24750b9ad5ef 1121 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17,
Christopher Haster 1:24750b9ad5ef 1122 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10
Christopher Haster 1:24750b9ad5ef 1123 };
Christopher Haster 1:24750b9ad5ef 1124
Christopher Haster 1:24750b9ad5ef 1125 static const unsigned char aes_test_cfb128_ct[3][64] =
Christopher Haster 1:24750b9ad5ef 1126 {
Christopher Haster 1:24750b9ad5ef 1127 { 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20,
Christopher Haster 1:24750b9ad5ef 1128 0x33, 0x34, 0x49, 0xF8, 0xE8, 0x3C, 0xFB, 0x4A,
Christopher Haster 1:24750b9ad5ef 1129 0xC8, 0xA6, 0x45, 0x37, 0xA0, 0xB3, 0xA9, 0x3F,
Christopher Haster 1:24750b9ad5ef 1130 0xCD, 0xE3, 0xCD, 0xAD, 0x9F, 0x1C, 0xE5, 0x8B,
Christopher Haster 1:24750b9ad5ef 1131 0x26, 0x75, 0x1F, 0x67, 0xA3, 0xCB, 0xB1, 0x40,
Christopher Haster 1:24750b9ad5ef 1132 0xB1, 0x80, 0x8C, 0xF1, 0x87, 0xA4, 0xF4, 0xDF,
Christopher Haster 1:24750b9ad5ef 1133 0xC0, 0x4B, 0x05, 0x35, 0x7C, 0x5D, 0x1C, 0x0E,
Christopher Haster 1:24750b9ad5ef 1134 0xEA, 0xC4, 0xC6, 0x6F, 0x9F, 0xF7, 0xF2, 0xE6 },
Christopher Haster 1:24750b9ad5ef 1135 { 0xCD, 0xC8, 0x0D, 0x6F, 0xDD, 0xF1, 0x8C, 0xAB,
Christopher Haster 1:24750b9ad5ef 1136 0x34, 0xC2, 0x59, 0x09, 0xC9, 0x9A, 0x41, 0x74,
Christopher Haster 1:24750b9ad5ef 1137 0x67, 0xCE, 0x7F, 0x7F, 0x81, 0x17, 0x36, 0x21,
Christopher Haster 1:24750b9ad5ef 1138 0x96, 0x1A, 0x2B, 0x70, 0x17, 0x1D, 0x3D, 0x7A,
Christopher Haster 1:24750b9ad5ef 1139 0x2E, 0x1E, 0x8A, 0x1D, 0xD5, 0x9B, 0x88, 0xB1,
Christopher Haster 1:24750b9ad5ef 1140 0xC8, 0xE6, 0x0F, 0xED, 0x1E, 0xFA, 0xC4, 0xC9,
Christopher Haster 1:24750b9ad5ef 1141 0xC0, 0x5F, 0x9F, 0x9C, 0xA9, 0x83, 0x4F, 0xA0,
Christopher Haster 1:24750b9ad5ef 1142 0x42, 0xAE, 0x8F, 0xBA, 0x58, 0x4B, 0x09, 0xFF },
Christopher Haster 1:24750b9ad5ef 1143 { 0xDC, 0x7E, 0x84, 0xBF, 0xDA, 0x79, 0x16, 0x4B,
Christopher Haster 1:24750b9ad5ef 1144 0x7E, 0xCD, 0x84, 0x86, 0x98, 0x5D, 0x38, 0x60,
Christopher Haster 1:24750b9ad5ef 1145 0x39, 0xFF, 0xED, 0x14, 0x3B, 0x28, 0xB1, 0xC8,
Christopher Haster 1:24750b9ad5ef 1146 0x32, 0x11, 0x3C, 0x63, 0x31, 0xE5, 0x40, 0x7B,
Christopher Haster 1:24750b9ad5ef 1147 0xDF, 0x10, 0x13, 0x24, 0x15, 0xE5, 0x4B, 0x92,
Christopher Haster 1:24750b9ad5ef 1148 0xA1, 0x3E, 0xD0, 0xA8, 0x26, 0x7A, 0xE2, 0xF9,
Christopher Haster 1:24750b9ad5ef 1149 0x75, 0xA3, 0x85, 0x74, 0x1A, 0xB9, 0xCE, 0xF8,
Christopher Haster 1:24750b9ad5ef 1150 0x20, 0x31, 0x62, 0x3D, 0x55, 0xB1, 0xE4, 0x71 }
Christopher Haster 1:24750b9ad5ef 1151 };
Christopher Haster 1:24750b9ad5ef 1152 #endif /* MBEDTLS_CIPHER_MODE_CFB */
Christopher Haster 1:24750b9ad5ef 1153
Christopher Haster 1:24750b9ad5ef 1154 #if defined(MBEDTLS_CIPHER_MODE_CTR)
Christopher Haster 1:24750b9ad5ef 1155 /*
Christopher Haster 1:24750b9ad5ef 1156 * AES-CTR test vectors from:
Christopher Haster 1:24750b9ad5ef 1157 *
Christopher Haster 1:24750b9ad5ef 1158 * http://www.faqs.org/rfcs/rfc3686.html
Christopher Haster 1:24750b9ad5ef 1159 */
Christopher Haster 1:24750b9ad5ef 1160
Christopher Haster 1:24750b9ad5ef 1161 static const unsigned char aes_test_ctr_key[3][16] =
Christopher Haster 1:24750b9ad5ef 1162 {
Christopher Haster 1:24750b9ad5ef 1163 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
Christopher Haster 1:24750b9ad5ef 1164 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
Christopher Haster 1:24750b9ad5ef 1165 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
Christopher Haster 1:24750b9ad5ef 1166 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
Christopher Haster 1:24750b9ad5ef 1167 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
Christopher Haster 1:24750b9ad5ef 1168 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
Christopher Haster 1:24750b9ad5ef 1169 };
Christopher Haster 1:24750b9ad5ef 1170
Christopher Haster 1:24750b9ad5ef 1171 static const unsigned char aes_test_ctr_nonce_counter[3][16] =
Christopher Haster 1:24750b9ad5ef 1172 {
Christopher Haster 1:24750b9ad5ef 1173 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
Christopher Haster 1:24750b9ad5ef 1174 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
Christopher Haster 1:24750b9ad5ef 1175 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
Christopher Haster 1:24750b9ad5ef 1176 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
Christopher Haster 1:24750b9ad5ef 1177 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
Christopher Haster 1:24750b9ad5ef 1178 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
Christopher Haster 1:24750b9ad5ef 1179 };
Christopher Haster 1:24750b9ad5ef 1180
Christopher Haster 1:24750b9ad5ef 1181 static const unsigned char aes_test_ctr_pt[3][48] =
Christopher Haster 1:24750b9ad5ef 1182 {
Christopher Haster 1:24750b9ad5ef 1183 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
Christopher Haster 1:24750b9ad5ef 1184 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
Christopher Haster 1:24750b9ad5ef 1185
Christopher Haster 1:24750b9ad5ef 1186 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
Christopher Haster 1:24750b9ad5ef 1187 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
Christopher Haster 1:24750b9ad5ef 1188 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
Christopher Haster 1:24750b9ad5ef 1189 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
Christopher Haster 1:24750b9ad5ef 1190
Christopher Haster 1:24750b9ad5ef 1191 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
Christopher Haster 1:24750b9ad5ef 1192 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
Christopher Haster 1:24750b9ad5ef 1193 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
Christopher Haster 1:24750b9ad5ef 1194 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
Christopher Haster 1:24750b9ad5ef 1195 0x20, 0x21, 0x22, 0x23 }
Christopher Haster 1:24750b9ad5ef 1196 };
Christopher Haster 1:24750b9ad5ef 1197
Christopher Haster 1:24750b9ad5ef 1198 static const unsigned char aes_test_ctr_ct[3][48] =
Christopher Haster 1:24750b9ad5ef 1199 {
Christopher Haster 1:24750b9ad5ef 1200 { 0xE4, 0x09, 0x5D, 0x4F, 0xB7, 0xA7, 0xB3, 0x79,
Christopher Haster 1:24750b9ad5ef 1201 0x2D, 0x61, 0x75, 0xA3, 0x26, 0x13, 0x11, 0xB8 },
Christopher Haster 1:24750b9ad5ef 1202 { 0x51, 0x04, 0xA1, 0x06, 0x16, 0x8A, 0x72, 0xD9,
Christopher Haster 1:24750b9ad5ef 1203 0x79, 0x0D, 0x41, 0xEE, 0x8E, 0xDA, 0xD3, 0x88,
Christopher Haster 1:24750b9ad5ef 1204 0xEB, 0x2E, 0x1E, 0xFC, 0x46, 0xDA, 0x57, 0xC8,
Christopher Haster 1:24750b9ad5ef 1205 0xFC, 0xE6, 0x30, 0xDF, 0x91, 0x41, 0xBE, 0x28 },
Christopher Haster 1:24750b9ad5ef 1206 { 0xC1, 0xCF, 0x48, 0xA8, 0x9F, 0x2F, 0xFD, 0xD9,
Christopher Haster 1:24750b9ad5ef 1207 0xCF, 0x46, 0x52, 0xE9, 0xEF, 0xDB, 0x72, 0xD7,
Christopher Haster 1:24750b9ad5ef 1208 0x45, 0x40, 0xA4, 0x2B, 0xDE, 0x6D, 0x78, 0x36,
Christopher Haster 1:24750b9ad5ef 1209 0xD5, 0x9A, 0x5C, 0xEA, 0xAE, 0xF3, 0x10, 0x53,
Christopher Haster 1:24750b9ad5ef 1210 0x25, 0xB2, 0x07, 0x2F }
Christopher Haster 1:24750b9ad5ef 1211 };
Christopher Haster 1:24750b9ad5ef 1212
Christopher Haster 1:24750b9ad5ef 1213 static const int aes_test_ctr_len[3] =
Christopher Haster 1:24750b9ad5ef 1214 { 16, 32, 36 };
Christopher Haster 1:24750b9ad5ef 1215 #endif /* MBEDTLS_CIPHER_MODE_CTR */
Christopher Haster 1:24750b9ad5ef 1216
Christopher Haster 1:24750b9ad5ef 1217 /*
Christopher Haster 1:24750b9ad5ef 1218 * Checkup routine
Christopher Haster 1:24750b9ad5ef 1219 */
Christopher Haster 1:24750b9ad5ef 1220 int mbedtls_aes_self_test( int verbose )
Christopher Haster 1:24750b9ad5ef 1221 {
Christopher Haster 1:24750b9ad5ef 1222 int ret = 0, i, j, u, v;
Christopher Haster 1:24750b9ad5ef 1223 unsigned char key[32];
Christopher Haster 1:24750b9ad5ef 1224 unsigned char buf[64];
Christopher Haster 1:24750b9ad5ef 1225 unsigned char iv[16];
Christopher Haster 1:24750b9ad5ef 1226 #if defined(MBEDTLS_CIPHER_MODE_CBC)
Christopher Haster 1:24750b9ad5ef 1227 unsigned char prv[16];
Christopher Haster 1:24750b9ad5ef 1228 #endif
Christopher Haster 1:24750b9ad5ef 1229 #if defined(MBEDTLS_CIPHER_MODE_CTR) || defined(MBEDTLS_CIPHER_MODE_CFB)
Christopher Haster 1:24750b9ad5ef 1230 size_t offset;
Christopher Haster 1:24750b9ad5ef 1231 #endif
Christopher Haster 1:24750b9ad5ef 1232 #if defined(MBEDTLS_CIPHER_MODE_CTR)
Christopher Haster 1:24750b9ad5ef 1233 int len;
Christopher Haster 1:24750b9ad5ef 1234 unsigned char nonce_counter[16];
Christopher Haster 1:24750b9ad5ef 1235 unsigned char stream_block[16];
Christopher Haster 1:24750b9ad5ef 1236 #endif
Christopher Haster 1:24750b9ad5ef 1237 mbedtls_aes_context ctx;
Christopher Haster 1:24750b9ad5ef 1238
Christopher Haster 1:24750b9ad5ef 1239 memset( key, 0, 32 );
Christopher Haster 1:24750b9ad5ef 1240 mbedtls_aes_init( &ctx );
Christopher Haster 1:24750b9ad5ef 1241
Christopher Haster 1:24750b9ad5ef 1242 /*
Christopher Haster 1:24750b9ad5ef 1243 * ECB mode
Christopher Haster 1:24750b9ad5ef 1244 */
Christopher Haster 1:24750b9ad5ef 1245 for( i = 0; i < 6; i++ )
Christopher Haster 1:24750b9ad5ef 1246 {
Christopher Haster 1:24750b9ad5ef 1247 u = i >> 1;
Christopher Haster 1:24750b9ad5ef 1248 v = i & 1;
Christopher Haster 1:24750b9ad5ef 1249
Christopher Haster 1:24750b9ad5ef 1250 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 1251 mbedtls_printf( " AES-ECB-%3d (%s): ", 128 + u * 64,
Christopher Haster 1:24750b9ad5ef 1252 ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
Christopher Haster 1:24750b9ad5ef 1253
Christopher Haster 1:24750b9ad5ef 1254 memset( buf, 0, 16 );
Christopher Haster 1:24750b9ad5ef 1255
Christopher Haster 1:24750b9ad5ef 1256 if( v == MBEDTLS_AES_DECRYPT )
Christopher Haster 1:24750b9ad5ef 1257 {
Christopher Haster 1:24750b9ad5ef 1258 mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 );
Christopher Haster 1:24750b9ad5ef 1259
Christopher Haster 1:24750b9ad5ef 1260 for( j = 0; j < 10000; j++ )
Christopher Haster 1:24750b9ad5ef 1261 mbedtls_aes_crypt_ecb( &ctx, v, buf, buf );
Christopher Haster 1:24750b9ad5ef 1262
Christopher Haster 1:24750b9ad5ef 1263 if( memcmp( buf, aes_test_ecb_dec[u], 16 ) != 0 )
Christopher Haster 1:24750b9ad5ef 1264 {
Christopher Haster 1:24750b9ad5ef 1265 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 1266 mbedtls_printf( "failed\n" );
Christopher Haster 1:24750b9ad5ef 1267
Christopher Haster 1:24750b9ad5ef 1268 ret = 1;
Christopher Haster 1:24750b9ad5ef 1269 goto exit;
Christopher Haster 1:24750b9ad5ef 1270 }
Christopher Haster 1:24750b9ad5ef 1271 }
Christopher Haster 1:24750b9ad5ef 1272 else
Christopher Haster 1:24750b9ad5ef 1273 {
Christopher Haster 1:24750b9ad5ef 1274 mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );
Christopher Haster 1:24750b9ad5ef 1275
Christopher Haster 1:24750b9ad5ef 1276 for( j = 0; j < 10000; j++ )
Christopher Haster 1:24750b9ad5ef 1277 mbedtls_aes_crypt_ecb( &ctx, v, buf, buf );
Christopher Haster 1:24750b9ad5ef 1278
Christopher Haster 1:24750b9ad5ef 1279 if( memcmp( buf, aes_test_ecb_enc[u], 16 ) != 0 )
Christopher Haster 1:24750b9ad5ef 1280 {
Christopher Haster 1:24750b9ad5ef 1281 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 1282 mbedtls_printf( "failed\n" );
Christopher Haster 1:24750b9ad5ef 1283
Christopher Haster 1:24750b9ad5ef 1284 ret = 1;
Christopher Haster 1:24750b9ad5ef 1285 goto exit;
Christopher Haster 1:24750b9ad5ef 1286 }
Christopher Haster 1:24750b9ad5ef 1287 }
Christopher Haster 1:24750b9ad5ef 1288
Christopher Haster 1:24750b9ad5ef 1289 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 1290 mbedtls_printf( "passed\n" );
Christopher Haster 1:24750b9ad5ef 1291 }
Christopher Haster 1:24750b9ad5ef 1292
Christopher Haster 1:24750b9ad5ef 1293 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 1294 mbedtls_printf( "\n" );
Christopher Haster 1:24750b9ad5ef 1295
Christopher Haster 1:24750b9ad5ef 1296 #if defined(MBEDTLS_CIPHER_MODE_CBC)
Christopher Haster 1:24750b9ad5ef 1297 /*
Christopher Haster 1:24750b9ad5ef 1298 * CBC mode
Christopher Haster 1:24750b9ad5ef 1299 */
Christopher Haster 1:24750b9ad5ef 1300 for( i = 0; i < 6; i++ )
Christopher Haster 1:24750b9ad5ef 1301 {
Christopher Haster 1:24750b9ad5ef 1302 u = i >> 1;
Christopher Haster 1:24750b9ad5ef 1303 v = i & 1;
Christopher Haster 1:24750b9ad5ef 1304
Christopher Haster 1:24750b9ad5ef 1305 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 1306 mbedtls_printf( " AES-CBC-%3d (%s): ", 128 + u * 64,
Christopher Haster 1:24750b9ad5ef 1307 ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
Christopher Haster 1:24750b9ad5ef 1308
Christopher Haster 1:24750b9ad5ef 1309 memset( iv , 0, 16 );
Christopher Haster 1:24750b9ad5ef 1310 memset( prv, 0, 16 );
Christopher Haster 1:24750b9ad5ef 1311 memset( buf, 0, 16 );
Christopher Haster 1:24750b9ad5ef 1312
Christopher Haster 1:24750b9ad5ef 1313 if( v == MBEDTLS_AES_DECRYPT )
Christopher Haster 1:24750b9ad5ef 1314 {
Christopher Haster 1:24750b9ad5ef 1315 mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 );
Christopher Haster 1:24750b9ad5ef 1316
Christopher Haster 1:24750b9ad5ef 1317 for( j = 0; j < 10000; j++ )
Christopher Haster 1:24750b9ad5ef 1318 mbedtls_aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
Christopher Haster 1:24750b9ad5ef 1319
Christopher Haster 1:24750b9ad5ef 1320 if( memcmp( buf, aes_test_cbc_dec[u], 16 ) != 0 )
Christopher Haster 1:24750b9ad5ef 1321 {
Christopher Haster 1:24750b9ad5ef 1322 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 1323 mbedtls_printf( "failed\n" );
Christopher Haster 1:24750b9ad5ef 1324
Christopher Haster 1:24750b9ad5ef 1325 ret = 1;
Christopher Haster 1:24750b9ad5ef 1326 goto exit;
Christopher Haster 1:24750b9ad5ef 1327 }
Christopher Haster 1:24750b9ad5ef 1328 }
Christopher Haster 1:24750b9ad5ef 1329 else
Christopher Haster 1:24750b9ad5ef 1330 {
Christopher Haster 1:24750b9ad5ef 1331 mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );
Christopher Haster 1:24750b9ad5ef 1332
Christopher Haster 1:24750b9ad5ef 1333 for( j = 0; j < 10000; j++ )
Christopher Haster 1:24750b9ad5ef 1334 {
Christopher Haster 1:24750b9ad5ef 1335 unsigned char tmp[16];
Christopher Haster 1:24750b9ad5ef 1336
Christopher Haster 1:24750b9ad5ef 1337 mbedtls_aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
Christopher Haster 1:24750b9ad5ef 1338
Christopher Haster 1:24750b9ad5ef 1339 memcpy( tmp, prv, 16 );
Christopher Haster 1:24750b9ad5ef 1340 memcpy( prv, buf, 16 );
Christopher Haster 1:24750b9ad5ef 1341 memcpy( buf, tmp, 16 );
Christopher Haster 1:24750b9ad5ef 1342 }
Christopher Haster 1:24750b9ad5ef 1343
Christopher Haster 1:24750b9ad5ef 1344 if( memcmp( prv, aes_test_cbc_enc[u], 16 ) != 0 )
Christopher Haster 1:24750b9ad5ef 1345 {
Christopher Haster 1:24750b9ad5ef 1346 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 1347 mbedtls_printf( "failed\n" );
Christopher Haster 1:24750b9ad5ef 1348
Christopher Haster 1:24750b9ad5ef 1349 ret = 1;
Christopher Haster 1:24750b9ad5ef 1350 goto exit;
Christopher Haster 1:24750b9ad5ef 1351 }
Christopher Haster 1:24750b9ad5ef 1352 }
Christopher Haster 1:24750b9ad5ef 1353
Christopher Haster 1:24750b9ad5ef 1354 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 1355 mbedtls_printf( "passed\n" );
Christopher Haster 1:24750b9ad5ef 1356 }
Christopher Haster 1:24750b9ad5ef 1357
Christopher Haster 1:24750b9ad5ef 1358 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 1359 mbedtls_printf( "\n" );
Christopher Haster 1:24750b9ad5ef 1360 #endif /* MBEDTLS_CIPHER_MODE_CBC */
Christopher Haster 1:24750b9ad5ef 1361
Christopher Haster 1:24750b9ad5ef 1362 #if defined(MBEDTLS_CIPHER_MODE_CFB)
Christopher Haster 1:24750b9ad5ef 1363 /*
Christopher Haster 1:24750b9ad5ef 1364 * CFB128 mode
Christopher Haster 1:24750b9ad5ef 1365 */
Christopher Haster 1:24750b9ad5ef 1366 for( i = 0; i < 6; i++ )
Christopher Haster 1:24750b9ad5ef 1367 {
Christopher Haster 1:24750b9ad5ef 1368 u = i >> 1;
Christopher Haster 1:24750b9ad5ef 1369 v = i & 1;
Christopher Haster 1:24750b9ad5ef 1370
Christopher Haster 1:24750b9ad5ef 1371 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 1372 mbedtls_printf( " AES-CFB128-%3d (%s): ", 128 + u * 64,
Christopher Haster 1:24750b9ad5ef 1373 ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
Christopher Haster 1:24750b9ad5ef 1374
Christopher Haster 1:24750b9ad5ef 1375 memcpy( iv, aes_test_cfb128_iv, 16 );
Christopher Haster 1:24750b9ad5ef 1376 memcpy( key, aes_test_cfb128_key[u], 16 + u * 8 );
Christopher Haster 1:24750b9ad5ef 1377
Christopher Haster 1:24750b9ad5ef 1378 offset = 0;
Christopher Haster 1:24750b9ad5ef 1379 mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );
Christopher Haster 1:24750b9ad5ef 1380
Christopher Haster 1:24750b9ad5ef 1381 if( v == MBEDTLS_AES_DECRYPT )
Christopher Haster 1:24750b9ad5ef 1382 {
Christopher Haster 1:24750b9ad5ef 1383 memcpy( buf, aes_test_cfb128_ct[u], 64 );
Christopher Haster 1:24750b9ad5ef 1384 mbedtls_aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf );
Christopher Haster 1:24750b9ad5ef 1385
Christopher Haster 1:24750b9ad5ef 1386 if( memcmp( buf, aes_test_cfb128_pt, 64 ) != 0 )
Christopher Haster 1:24750b9ad5ef 1387 {
Christopher Haster 1:24750b9ad5ef 1388 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 1389 mbedtls_printf( "failed\n" );
Christopher Haster 1:24750b9ad5ef 1390
Christopher Haster 1:24750b9ad5ef 1391 ret = 1;
Christopher Haster 1:24750b9ad5ef 1392 goto exit;
Christopher Haster 1:24750b9ad5ef 1393 }
Christopher Haster 1:24750b9ad5ef 1394 }
Christopher Haster 1:24750b9ad5ef 1395 else
Christopher Haster 1:24750b9ad5ef 1396 {
Christopher Haster 1:24750b9ad5ef 1397 memcpy( buf, aes_test_cfb128_pt, 64 );
Christopher Haster 1:24750b9ad5ef 1398 mbedtls_aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf );
Christopher Haster 1:24750b9ad5ef 1399
Christopher Haster 1:24750b9ad5ef 1400 if( memcmp( buf, aes_test_cfb128_ct[u], 64 ) != 0 )
Christopher Haster 1:24750b9ad5ef 1401 {
Christopher Haster 1:24750b9ad5ef 1402 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 1403 mbedtls_printf( "failed\n" );
Christopher Haster 1:24750b9ad5ef 1404
Christopher Haster 1:24750b9ad5ef 1405 ret = 1;
Christopher Haster 1:24750b9ad5ef 1406 goto exit;
Christopher Haster 1:24750b9ad5ef 1407 }
Christopher Haster 1:24750b9ad5ef 1408 }
Christopher Haster 1:24750b9ad5ef 1409
Christopher Haster 1:24750b9ad5ef 1410 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 1411 mbedtls_printf( "passed\n" );
Christopher Haster 1:24750b9ad5ef 1412 }
Christopher Haster 1:24750b9ad5ef 1413
Christopher Haster 1:24750b9ad5ef 1414 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 1415 mbedtls_printf( "\n" );
Christopher Haster 1:24750b9ad5ef 1416 #endif /* MBEDTLS_CIPHER_MODE_CFB */
Christopher Haster 1:24750b9ad5ef 1417
Christopher Haster 1:24750b9ad5ef 1418 #if defined(MBEDTLS_CIPHER_MODE_CTR)
Christopher Haster 1:24750b9ad5ef 1419 /*
Christopher Haster 1:24750b9ad5ef 1420 * CTR mode
Christopher Haster 1:24750b9ad5ef 1421 */
Christopher Haster 1:24750b9ad5ef 1422 for( i = 0; i < 6; i++ )
Christopher Haster 1:24750b9ad5ef 1423 {
Christopher Haster 1:24750b9ad5ef 1424 u = i >> 1;
Christopher Haster 1:24750b9ad5ef 1425 v = i & 1;
Christopher Haster 1:24750b9ad5ef 1426
Christopher Haster 1:24750b9ad5ef 1427 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 1428 mbedtls_printf( " AES-CTR-128 (%s): ",
Christopher Haster 1:24750b9ad5ef 1429 ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
Christopher Haster 1:24750b9ad5ef 1430
Christopher Haster 1:24750b9ad5ef 1431 memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 );
Christopher Haster 1:24750b9ad5ef 1432 memcpy( key, aes_test_ctr_key[u], 16 );
Christopher Haster 1:24750b9ad5ef 1433
Christopher Haster 1:24750b9ad5ef 1434 offset = 0;
Christopher Haster 1:24750b9ad5ef 1435 mbedtls_aes_setkey_enc( &ctx, key, 128 );
Christopher Haster 1:24750b9ad5ef 1436
Christopher Haster 1:24750b9ad5ef 1437 if( v == MBEDTLS_AES_DECRYPT )
Christopher Haster 1:24750b9ad5ef 1438 {
Christopher Haster 1:24750b9ad5ef 1439 len = aes_test_ctr_len[u];
Christopher Haster 1:24750b9ad5ef 1440 memcpy( buf, aes_test_ctr_ct[u], len );
Christopher Haster 1:24750b9ad5ef 1441
Christopher Haster 1:24750b9ad5ef 1442 mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
Christopher Haster 1:24750b9ad5ef 1443 buf, buf );
Christopher Haster 1:24750b9ad5ef 1444
Christopher Haster 1:24750b9ad5ef 1445 if( memcmp( buf, aes_test_ctr_pt[u], len ) != 0 )
Christopher Haster 1:24750b9ad5ef 1446 {
Christopher Haster 1:24750b9ad5ef 1447 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 1448 mbedtls_printf( "failed\n" );
Christopher Haster 1:24750b9ad5ef 1449
Christopher Haster 1:24750b9ad5ef 1450 ret = 1;
Christopher Haster 1:24750b9ad5ef 1451 goto exit;
Christopher Haster 1:24750b9ad5ef 1452 }
Christopher Haster 1:24750b9ad5ef 1453 }
Christopher Haster 1:24750b9ad5ef 1454 else
Christopher Haster 1:24750b9ad5ef 1455 {
Christopher Haster 1:24750b9ad5ef 1456 len = aes_test_ctr_len[u];
Christopher Haster 1:24750b9ad5ef 1457 memcpy( buf, aes_test_ctr_pt[u], len );
Christopher Haster 1:24750b9ad5ef 1458
Christopher Haster 1:24750b9ad5ef 1459 mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
Christopher Haster 1:24750b9ad5ef 1460 buf, buf );
Christopher Haster 1:24750b9ad5ef 1461
Christopher Haster 1:24750b9ad5ef 1462 if( memcmp( buf, aes_test_ctr_ct[u], len ) != 0 )
Christopher Haster 1:24750b9ad5ef 1463 {
Christopher Haster 1:24750b9ad5ef 1464 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 1465 mbedtls_printf( "failed\n" );
Christopher Haster 1:24750b9ad5ef 1466
Christopher Haster 1:24750b9ad5ef 1467 ret = 1;
Christopher Haster 1:24750b9ad5ef 1468 goto exit;
Christopher Haster 1:24750b9ad5ef 1469 }
Christopher Haster 1:24750b9ad5ef 1470 }
Christopher Haster 1:24750b9ad5ef 1471
Christopher Haster 1:24750b9ad5ef 1472 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 1473 mbedtls_printf( "passed\n" );
Christopher Haster 1:24750b9ad5ef 1474 }
Christopher Haster 1:24750b9ad5ef 1475
Christopher Haster 1:24750b9ad5ef 1476 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 1477 mbedtls_printf( "\n" );
Christopher Haster 1:24750b9ad5ef 1478 #endif /* MBEDTLS_CIPHER_MODE_CTR */
Christopher Haster 1:24750b9ad5ef 1479
Christopher Haster 1:24750b9ad5ef 1480 ret = 0;
Christopher Haster 1:24750b9ad5ef 1481
Christopher Haster 1:24750b9ad5ef 1482 exit:
Christopher Haster 1:24750b9ad5ef 1483 mbedtls_aes_free( &ctx );
Christopher Haster 1:24750b9ad5ef 1484
Christopher Haster 1:24750b9ad5ef 1485 return( ret );
Christopher Haster 1:24750b9ad5ef 1486 }
Christopher Haster 1:24750b9ad5ef 1487
Christopher Haster 1:24750b9ad5ef 1488 #endif /* MBEDTLS_SELF_TEST */
Christopher Haster 1:24750b9ad5ef 1489
Christopher Haster 1:24750b9ad5ef 1490 #endif /* MBEDTLS_AES_C */