Hannes Tschofenig
Example program to test AES-GCM functionality. Used for a workshop
Embed:
(wiki syntax)
Show/hide line numbers
aes.c
00001 /* 00002 * FIPS-197 compliant AES implementation 00003 * 00004 * Copyright (C) 2006-2014, Brainspark B.V. 00005 * 00006 * This file is part of PolarSSL (http://www.polarssl.org) 00007 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> 00008 * 00009 * All rights reserved. 00010 * 00011 * This program is free software; you can redistribute it and/or modify 00012 * it under the terms of the GNU General Public License as published by 00013 * the Free Software Foundation; either version 2 of the License, or 00014 * (at your option) any later version. 00015 * 00016 * This program is distributed in the hope that it will be useful, 00017 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00018 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00019 * GNU General Public License for more details. 00020 * 00021 * You should have received a copy of the GNU General Public License along 00022 * with this program; if not, write to the Free Software Foundation, Inc., 00023 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 00024 */ 00025 /* 00026 * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. 00027 * 00028 * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf 00029 * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf 00030 */ 00031 00032 #if !defined(POLARSSL_CONFIG_FILE) 00033 #include "polarssl/config.h" 00034 #else 00035 #include POLARSSL_CONFIG_FILE 00036 #endif 00037 00038 #if defined(POLARSSL_AES_C) 00039 00040 #include "polarssl/aes.h" 00041 #if defined(POLARSSL_PADLOCK_C) 00042 #include "polarssl/padlock.h" 00043 #endif 00044 #if defined(POLARSSL_AESNI_C) 00045 #include "polarssl/aesni.h" 00046 #endif 00047 00048 #if defined(POLARSSL_PLATFORM_C) 00049 #include "polarssl/platform.h" 00050 #else 00051 #define polarssl_printf printf 00052 #endif 00053 00054 #if !defined(POLARSSL_AES_ALT) 00055 00056 /* 00057 * 32-bit integer manipulation macros (little endian) 00058 */ 00059 #ifndef GET_UINT32_LE 00060 #define GET_UINT32_LE(n,b,i) \ 00061 { \ 00062 (n) = ( (uint32_t) (b)[(i) ] ) \ 00063 | ( (uint32_t) (b)[(i) + 1] << 8 ) \ 00064 | ( (uint32_t) (b)[(i) + 2] << 16 ) \ 00065 | ( (uint32_t) (b)[(i) + 3] << 24 ); \ 00066 } 00067 #endif 00068 00069 #ifndef PUT_UINT32_LE 00070 #define PUT_UINT32_LE(n,b,i) \ 00071 { \ 00072 (b)[(i) ] = (unsigned char) ( (n) ); \ 00073 (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \ 00074 (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \ 00075 (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \ 00076 } 00077 #endif 00078 00079 #if defined(POLARSSL_PADLOCK_C) && \ 00080 ( defined(POLARSSL_HAVE_X86) || defined(PADLOCK_ALIGN16) ) 00081 static int aes_padlock_ace = -1; 00082 #endif 00083 00084 #if defined(POLARSSL_AES_ROM_TABLES) 00085 /* 00086 * Forward S-box 00087 */ 00088 static const unsigned char FSb[256] = 00089 { 00090 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 00091 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, 00092 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 00093 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, 00094 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 00095 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15, 00096 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 00097 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75, 00098 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 00099 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, 00100 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 00101 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF, 00102 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 00103 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8, 00104 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 00105 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, 00106 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 00107 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73, 00108 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 00109 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB, 00110 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 00111 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, 00112 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 00113 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08, 00114 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 00115 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A, 00116 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 00117 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, 00118 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 00119 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF, 00120 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 00121 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16 00122 }; 00123 00124 /* 00125 * Forward tables 00126 */ 00127 #define FT \ 00128 \ 00129 V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \ 00130 V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \ 00131 V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \ 00132 V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \ 00133 V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \ 00134 V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \ 00135 V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \ 00136 V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \ 00137 V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \ 00138 V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \ 00139 V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \ 00140 V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \ 00141 V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \ 00142 V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \ 00143 V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \ 00144 V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \ 00145 V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \ 00146 V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \ 00147 V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \ 00148 V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \ 00149 V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \ 00150 V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \ 00151 V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \ 00152 V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \ 00153 V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \ 00154 V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \ 00155 V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \ 00156 V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \ 00157 V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \ 00158 V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \ 00159 V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \ 00160 V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \ 00161 V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \ 00162 V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \ 00163 V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \ 00164 V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \ 00165 V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \ 00166 V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \ 00167 V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \ 00168 V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \ 00169 V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \ 00170 V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \ 00171 V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \ 00172 V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \ 00173 V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \ 00174 V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \ 00175 V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \ 00176 V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \ 00177 V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \ 00178 V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \ 00179 V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \ 00180 V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \ 00181 V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \ 00182 V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \ 00183 V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \ 00184 V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \ 00185 V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \ 00186 V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \ 00187 V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \ 00188 V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \ 00189 V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \ 00190 V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \ 00191 V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \ 00192 V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C) 00193 00194 #define V(a,b,c,d) 0x##a##b##c##d 00195 static const uint32_t FT0[256] = { FT }; 00196 #undef V 00197 00198 #define V(a,b,c,d) 0x##b##c##d##a 00199 static const uint32_t FT1[256] = { FT }; 00200 #undef V 00201 00202 #define V(a,b,c,d) 0x##c##d##a##b 00203 static const uint32_t FT2[256] = { FT }; 00204 #undef V 00205 00206 #define V(a,b,c,d) 0x##d##a##b##c 00207 static const uint32_t FT3[256] = { FT }; 00208 #undef V 00209 00210 #undef FT 00211 00212 /* 00213 * Reverse S-box 00214 */ 00215 static const unsigned char RSb[256] = 00216 { 00217 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 00218 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB, 00219 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 00220 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB, 00221 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 00222 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E, 00223 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 00224 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25, 00225 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 00226 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92, 00227 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 00228 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84, 00229 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 00230 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06, 00231 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 00232 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B, 00233 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 00234 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73, 00235 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 00236 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E, 00237 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 00238 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B, 00239 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 00240 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4, 00241 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 00242 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F, 00243 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 00244 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF, 00245 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 00246 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61, 00247 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 00248 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D 00249 }; 00250 00251 /* 00252 * Reverse tables 00253 */ 00254 #define RT \ 00255 \ 00256 V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \ 00257 V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \ 00258 V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \ 00259 V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \ 00260 V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \ 00261 V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \ 00262 V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \ 00263 V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \ 00264 V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \ 00265 V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \ 00266 V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \ 00267 V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \ 00268 V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \ 00269 V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \ 00270 V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \ 00271 V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \ 00272 V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \ 00273 V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \ 00274 V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \ 00275 V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \ 00276 V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \ 00277 V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \ 00278 V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \ 00279 V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \ 00280 V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \ 00281 V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \ 00282 V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \ 00283 V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \ 00284 V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \ 00285 V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \ 00286 V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \ 00287 V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \ 00288 V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \ 00289 V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \ 00290 V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \ 00291 V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \ 00292 V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \ 00293 V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \ 00294 V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \ 00295 V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \ 00296 V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \ 00297 V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \ 00298 V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \ 00299 V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \ 00300 V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \ 00301 V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \ 00302 V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \ 00303 V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \ 00304 V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \ 00305 V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \ 00306 V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \ 00307 V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \ 00308 V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \ 00309 V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \ 00310 V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \ 00311 V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \ 00312 V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \ 00313 V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \ 00314 V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \ 00315 V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \ 00316 V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \ 00317 V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \ 00318 V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \ 00319 V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0) 00320 00321 #define V(a,b,c,d) 0x##a##b##c##d 00322 static const uint32_t RT0[256] = { RT }; 00323 #undef V 00324 00325 #define V(a,b,c,d) 0x##b##c##d##a 00326 static const uint32_t RT1[256] = { RT }; 00327 #undef V 00328 00329 #define V(a,b,c,d) 0x##c##d##a##b 00330 static const uint32_t RT2[256] = { RT }; 00331 #undef V 00332 00333 #define V(a,b,c,d) 0x##d##a##b##c 00334 static const uint32_t RT3[256] = { RT }; 00335 #undef V 00336 00337 #undef RT 00338 00339 /* 00340 * Round constants 00341 */ 00342 static const uint32_t RCON[10] = 00343 { 00344 0x00000001, 0x00000002, 0x00000004, 0x00000008, 00345 0x00000010, 0x00000020, 0x00000040, 0x00000080, 00346 0x0000001B, 0x00000036 00347 }; 00348 00349 #else /* POLARSSL_AES_ROM_TABLES */ 00350 00351 /* 00352 * Forward S-box & tables 00353 */ 00354 static unsigned char FSb[256]; 00355 static uint32_t FT0[256]; 00356 static uint32_t FT1[256]; 00357 static uint32_t FT2[256]; 00358 static uint32_t FT3[256]; 00359 00360 /* 00361 * Reverse S-box & tables 00362 */ 00363 static unsigned char RSb[256]; 00364 static uint32_t RT0[256]; 00365 static uint32_t RT1[256]; 00366 static uint32_t RT2[256]; 00367 static uint32_t RT3[256]; 00368 00369 /* 00370 * Round constants 00371 */ 00372 static uint32_t RCON[10]; 00373 00374 /* 00375 * Tables generation code 00376 */ 00377 #define ROTL8(x) ( ( x << 8 ) & 0xFFFFFFFF ) | ( x >> 24 ) 00378 #define XTIME(x) ( ( x << 1 ) ^ ( ( x & 0x80 ) ? 0x1B : 0x00 ) ) 00379 #define MUL(x,y) ( ( x && y ) ? pow[(log[x]+log[y]) % 255] : 0 ) 00380 00381 static int aes_init_done = 0; 00382 00383 static void aes_gen_tables( void ) 00384 { 00385 int i, x, y, z; 00386 int pow[256]; 00387 int log[256]; 00388 00389 /* 00390 * compute pow and log tables over GF(2^8) 00391 */ 00392 for( i = 0, x = 1; i < 256; i++ ) 00393 { 00394 pow[i] = x; 00395 log[x] = i; 00396 x = ( x ^ XTIME( x ) ) & 0xFF; 00397 } 00398 00399 /* 00400 * calculate the round constants 00401 */ 00402 for( i = 0, x = 1; i < 10; i++ ) 00403 { 00404 RCON[i] = (uint32_t) x; 00405 x = XTIME( x ) & 0xFF; 00406 } 00407 00408 /* 00409 * generate the forward and reverse S-boxes 00410 */ 00411 FSb[0x00] = 0x63; 00412 RSb[0x63] = 0x00; 00413 00414 for( i = 1; i < 256; i++ ) 00415 { 00416 x = pow[255 - log[i]]; 00417 00418 y = x; y = ( (y << 1) | (y >> 7) ) & 0xFF; 00419 x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF; 00420 x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF; 00421 x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF; 00422 x ^= y ^ 0x63; 00423 00424 FSb[i] = (unsigned char) x; 00425 RSb[x] = (unsigned char) i; 00426 } 00427 00428 /* 00429 * generate the forward and reverse tables 00430 */ 00431 for( i = 0; i < 256; i++ ) 00432 { 00433 x = FSb[i]; 00434 y = XTIME( x ) & 0xFF; 00435 z = ( y ^ x ) & 0xFF; 00436 00437 FT0[i] = ( (uint32_t) y ) ^ 00438 ( (uint32_t) x << 8 ) ^ 00439 ( (uint32_t) x << 16 ) ^ 00440 ( (uint32_t) z << 24 ); 00441 00442 FT1[i] = ROTL8( FT0[i] ); 00443 FT2[i] = ROTL8( FT1[i] ); 00444 FT3[i] = ROTL8( FT2[i] ); 00445 00446 x = RSb[i]; 00447 00448 RT0[i] = ( (uint32_t) MUL( 0x0E, x ) ) ^ 00449 ( (uint32_t) MUL( 0x09, x ) << 8 ) ^ 00450 ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^ 00451 ( (uint32_t) MUL( 0x0B, x ) << 24 ); 00452 00453 RT1[i] = ROTL8( RT0[i] ); 00454 RT2[i] = ROTL8( RT1[i] ); 00455 RT3[i] = ROTL8( RT2[i] ); 00456 } 00457 } 00458 00459 #endif /* POLARSSL_AES_ROM_TABLES */ 00460 00461 /* 00462 * AES key schedule (encryption) 00463 */ 00464 int aes_setkey_enc( aes_context *ctx, const unsigned char *key, 00465 unsigned int keysize ) 00466 { 00467 unsigned int i; 00468 uint32_t *RK; 00469 00470 #if !defined(POLARSSL_AES_ROM_TABLES) 00471 if( aes_init_done == 0 ) 00472 { 00473 aes_gen_tables(); 00474 aes_init_done = 1; 00475 00476 } 00477 #endif 00478 00479 switch( keysize ) 00480 { 00481 case 128: ctx->nr = 10; break; 00482 case 192: ctx->nr = 12; break; 00483 case 256: ctx->nr = 14; break; 00484 default : return( POLARSSL_ERR_AES_INVALID_KEY_LENGTH ); 00485 } 00486 00487 #if defined(POLARSSL_PADLOCK_C) && defined(PADLOCK_ALIGN16) 00488 if( aes_padlock_ace == -1 ) 00489 aes_padlock_ace = padlock_supports( PADLOCK_ACE ); 00490 00491 if( aes_padlock_ace ) 00492 ctx->rk = RK = PADLOCK_ALIGN16( ctx->buf ); 00493 else 00494 #endif 00495 ctx->rk = RK = ctx->buf ; 00496 00497 #if defined(POLARSSL_AESNI_C) && defined(POLARSSL_HAVE_X86_64) 00498 if( aesni_supports( POLARSSL_AESNI_AES ) ) 00499 return( aesni_setkey_enc( (unsigned char *) ctx->rk , key, keysize ) ); 00500 #endif 00501 00502 for( i = 0; i < (keysize >> 5); i++ ) 00503 { 00504 GET_UINT32_LE( RK[i], key, i << 2 ); 00505 } 00506 00507 switch( ctx->nr ) 00508 { 00509 case 10: 00510 00511 for( i = 0; i < 10; i++, RK += 4 ) 00512 { 00513 RK[4] = RK[0] ^ RCON[i] ^ 00514 ( (uint32_t) FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^ 00515 ( (uint32_t) FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^ 00516 ( (uint32_t) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^ 00517 ( (uint32_t) FSb[ ( RK[3] ) & 0xFF ] << 24 ); 00518 00519 RK[5] = RK[1] ^ RK[4]; 00520 RK[6] = RK[2] ^ RK[5]; 00521 RK[7] = RK[3] ^ RK[6]; 00522 } 00523 break; 00524 00525 case 12: 00526 00527 for( i = 0; i < 8; i++, RK += 6 ) 00528 { 00529 RK[6] = RK[0] ^ RCON[i] ^ 00530 ( (uint32_t) FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^ 00531 ( (uint32_t) FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^ 00532 ( (uint32_t) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^ 00533 ( (uint32_t) FSb[ ( RK[5] ) & 0xFF ] << 24 ); 00534 00535 RK[7] = RK[1] ^ RK[6]; 00536 RK[8] = RK[2] ^ RK[7]; 00537 RK[9] = RK[3] ^ RK[8]; 00538 RK[10] = RK[4] ^ RK[9]; 00539 RK[11] = RK[5] ^ RK[10]; 00540 } 00541 break; 00542 00543 case 14: 00544 00545 for( i = 0; i < 7; i++, RK += 8 ) 00546 { 00547 RK[8] = RK[0] ^ RCON[i] ^ 00548 ( (uint32_t) FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^ 00549 ( (uint32_t) FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^ 00550 ( (uint32_t) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^ 00551 ( (uint32_t) FSb[ ( RK[7] ) & 0xFF ] << 24 ); 00552 00553 RK[9] = RK[1] ^ RK[8]; 00554 RK[10] = RK[2] ^ RK[9]; 00555 RK[11] = RK[3] ^ RK[10]; 00556 00557 RK[12] = RK[4] ^ 00558 ( (uint32_t) FSb[ ( RK[11] ) & 0xFF ] ) ^ 00559 ( (uint32_t) FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^ 00560 ( (uint32_t) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^ 00561 ( (uint32_t) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 ); 00562 00563 RK[13] = RK[5] ^ RK[12]; 00564 RK[14] = RK[6] ^ RK[13]; 00565 RK[15] = RK[7] ^ RK[14]; 00566 } 00567 break; 00568 00569 default: 00570 00571 break; 00572 } 00573 00574 return( 0 ); 00575 } 00576 00577 /* 00578 * AES key schedule (decryption) 00579 */ 00580 int aes_setkey_dec( aes_context *ctx, const unsigned char *key, 00581 unsigned int keysize ) 00582 { 00583 int i, j; 00584 aes_context cty; 00585 uint32_t *RK; 00586 uint32_t *SK; 00587 int ret; 00588 00589 switch( keysize ) 00590 { 00591 case 128: ctx->nr = 10; break; 00592 case 192: ctx->nr = 12; break; 00593 case 256: ctx->nr = 14; break; 00594 default : return( POLARSSL_ERR_AES_INVALID_KEY_LENGTH ); 00595 } 00596 00597 #if defined(POLARSSL_PADLOCK_C) && defined(PADLOCK_ALIGN16) 00598 if( aes_padlock_ace == -1 ) 00599 aes_padlock_ace = padlock_supports( PADLOCK_ACE ); 00600 00601 if( aes_padlock_ace ) 00602 ctx->rk = RK = PADLOCK_ALIGN16( ctx->buf ); 00603 else 00604 #endif 00605 ctx->rk = RK = ctx->buf ; 00606 00607 ret = aes_setkey_enc( &cty, key, keysize ); 00608 if( ret != 0 ) 00609 return( ret ); 00610 00611 #if defined(POLARSSL_AESNI_C) && defined(POLARSSL_HAVE_X86_64) 00612 if( aesni_supports( POLARSSL_AESNI_AES ) ) 00613 { 00614 aesni_inverse_key( (unsigned char *) ctx->rk , 00615 (const unsigned char *) cty.rk , ctx->nr ); 00616 goto done; 00617 } 00618 #endif 00619 00620 SK = cty.rk + cty.nr * 4; 00621 00622 *RK++ = *SK++; 00623 *RK++ = *SK++; 00624 *RK++ = *SK++; 00625 *RK++ = *SK++; 00626 00627 for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 ) 00628 { 00629 for( j = 0; j < 4; j++, SK++ ) 00630 { 00631 *RK++ = RT0[ FSb[ ( *SK ) & 0xFF ] ] ^ 00632 RT1[ FSb[ ( *SK >> 8 ) & 0xFF ] ] ^ 00633 RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^ 00634 RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ]; 00635 } 00636 } 00637 00638 *RK++ = *SK++; 00639 *RK++ = *SK++; 00640 *RK++ = *SK++; 00641 *RK++ = *SK++; 00642 00643 #if defined(POLARSSL_AESNI_C) && defined(POLARSSL_HAVE_X86_64) 00644 done: 00645 #endif 00646 memset( &cty, 0, sizeof( aes_context ) ); 00647 00648 return( 0 ); 00649 } 00650 00651 #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ 00652 { \ 00653 X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \ 00654 FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \ 00655 FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \ 00656 FT3[ ( Y3 >> 24 ) & 0xFF ]; \ 00657 \ 00658 X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \ 00659 FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \ 00660 FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \ 00661 FT3[ ( Y0 >> 24 ) & 0xFF ]; \ 00662 \ 00663 X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \ 00664 FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \ 00665 FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \ 00666 FT3[ ( Y1 >> 24 ) & 0xFF ]; \ 00667 \ 00668 X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \ 00669 FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \ 00670 FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \ 00671 FT3[ ( Y2 >> 24 ) & 0xFF ]; \ 00672 } 00673 00674 #define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ 00675 { \ 00676 X0 = *RK++ ^ RT0[ ( Y0 ) & 0xFF ] ^ \ 00677 RT1[ ( Y3 >> 8 ) & 0xFF ] ^ \ 00678 RT2[ ( Y2 >> 16 ) & 0xFF ] ^ \ 00679 RT3[ ( Y1 >> 24 ) & 0xFF ]; \ 00680 \ 00681 X1 = *RK++ ^ RT0[ ( Y1 ) & 0xFF ] ^ \ 00682 RT1[ ( Y0 >> 8 ) & 0xFF ] ^ \ 00683 RT2[ ( Y3 >> 16 ) & 0xFF ] ^ \ 00684 RT3[ ( Y2 >> 24 ) & 0xFF ]; \ 00685 \ 00686 X2 = *RK++ ^ RT0[ ( Y2 ) & 0xFF ] ^ \ 00687 RT1[ ( Y1 >> 8 ) & 0xFF ] ^ \ 00688 RT2[ ( Y0 >> 16 ) & 0xFF ] ^ \ 00689 RT3[ ( Y3 >> 24 ) & 0xFF ]; \ 00690 \ 00691 X3 = *RK++ ^ RT0[ ( Y3 ) & 0xFF ] ^ \ 00692 RT1[ ( Y2 >> 8 ) & 0xFF ] ^ \ 00693 RT2[ ( Y1 >> 16 ) & 0xFF ] ^ \ 00694 RT3[ ( Y0 >> 24 ) & 0xFF ]; \ 00695 } 00696 00697 /* 00698 * AES-ECB block encryption/decryption 00699 */ 00700 int aes_crypt_ecb( aes_context *ctx, 00701 int mode, 00702 const unsigned char input[16], 00703 unsigned char output[16] ) 00704 { 00705 int i; 00706 uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3; 00707 00708 #if defined(POLARSSL_AESNI_C) && defined(POLARSSL_HAVE_X86_64) 00709 if( aesni_supports( POLARSSL_AESNI_AES ) ) 00710 return( aesni_crypt_ecb( ctx, mode, input, output ) ); 00711 #endif 00712 00713 #if defined(POLARSSL_PADLOCK_C) && defined(POLARSSL_HAVE_X86) 00714 if( aes_padlock_ace ) 00715 { 00716 if( padlock_xcryptecb( ctx, mode, input, output ) == 0 ) 00717 return( 0 ); 00718 00719 // If padlock data misaligned, we just fall back to 00720 // unaccelerated mode 00721 // 00722 } 00723 #endif 00724 00725 RK = ctx->rk ; 00726 00727 GET_UINT32_LE( X0, input, 0 ); X0 ^= *RK++; 00728 GET_UINT32_LE( X1, input, 4 ); X1 ^= *RK++; 00729 GET_UINT32_LE( X2, input, 8 ); X2 ^= *RK++; 00730 GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++; 00731 00732 if( mode == AES_DECRYPT ) 00733 { 00734 for( i = (ctx->nr >> 1) - 1; i > 0; i-- ) 00735 { 00736 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); 00737 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); 00738 } 00739 00740 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); 00741 00742 X0 = *RK++ ^ \ 00743 ( (uint32_t) RSb[ ( Y0 ) & 0xFF ] ) ^ 00744 ( (uint32_t) RSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^ 00745 ( (uint32_t) RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^ 00746 ( (uint32_t) RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 ); 00747 00748 X1 = *RK++ ^ \ 00749 ( (uint32_t) RSb[ ( Y1 ) & 0xFF ] ) ^ 00750 ( (uint32_t) RSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^ 00751 ( (uint32_t) RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^ 00752 ( (uint32_t) RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 ); 00753 00754 X2 = *RK++ ^ \ 00755 ( (uint32_t) RSb[ ( Y2 ) & 0xFF ] ) ^ 00756 ( (uint32_t) RSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^ 00757 ( (uint32_t) RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^ 00758 ( (uint32_t) RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 ); 00759 00760 X3 = *RK++ ^ \ 00761 ( (uint32_t) RSb[ ( Y3 ) & 0xFF ] ) ^ 00762 ( (uint32_t) RSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^ 00763 ( (uint32_t) RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^ 00764 ( (uint32_t) RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 ); 00765 } 00766 else /* AES_ENCRYPT */ 00767 { 00768 for( i = (ctx->nr >> 1) - 1; i > 0; i-- ) 00769 { 00770 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); 00771 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); 00772 } 00773 00774 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); 00775 00776 X0 = *RK++ ^ \ 00777 ( (uint32_t) FSb[ ( Y0 ) & 0xFF ] ) ^ 00778 ( (uint32_t) FSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^ 00779 ( (uint32_t) FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^ 00780 ( (uint32_t) FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 ); 00781 00782 X1 = *RK++ ^ \ 00783 ( (uint32_t) FSb[ ( Y1 ) & 0xFF ] ) ^ 00784 ( (uint32_t) FSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^ 00785 ( (uint32_t) FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^ 00786 ( (uint32_t) FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 ); 00787 00788 X2 = *RK++ ^ \ 00789 ( (uint32_t) FSb[ ( Y2 ) & 0xFF ] ) ^ 00790 ( (uint32_t) FSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^ 00791 ( (uint32_t) FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^ 00792 ( (uint32_t) FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 ); 00793 00794 X3 = *RK++ ^ \ 00795 ( (uint32_t) FSb[ ( Y3 ) & 0xFF ] ) ^ 00796 ( (uint32_t) FSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^ 00797 ( (uint32_t) FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^ 00798 ( (uint32_t) FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 ); 00799 } 00800 00801 PUT_UINT32_LE( X0, output, 0 ); 00802 PUT_UINT32_LE( X1, output, 4 ); 00803 PUT_UINT32_LE( X2, output, 8 ); 00804 PUT_UINT32_LE( X3, output, 12 ); 00805 00806 return( 0 ); 00807 } 00808 00809 #if defined(POLARSSL_CIPHER_MODE_CBC) 00810 /* 00811 * AES-CBC buffer encryption/decryption 00812 */ 00813 int aes_crypt_cbc( aes_context *ctx, 00814 int mode, 00815 size_t length, 00816 unsigned char iv[16], 00817 const unsigned char *input, 00818 unsigned char *output ) 00819 { 00820 int i; 00821 unsigned char temp[16]; 00822 00823 if( length % 16 ) 00824 return( POLARSSL_ERR_AES_INVALID_INPUT_LENGTH ); 00825 00826 #if defined(POLARSSL_PADLOCK_C) && defined(POLARSSL_HAVE_X86) 00827 if( aes_padlock_ace ) 00828 { 00829 if( padlock_xcryptcbc( ctx, mode, length, iv, input, output ) == 0 ) 00830 return( 0 ); 00831 00832 // If padlock data misaligned, we just fall back to 00833 // unaccelerated mode 00834 // 00835 } 00836 #endif 00837 00838 if( mode == AES_DECRYPT ) 00839 { 00840 while( length > 0 ) 00841 { 00842 memcpy( temp, input, 16 ); 00843 aes_crypt_ecb( ctx, mode, input, output ); 00844 00845 for( i = 0; i < 16; i++ ) 00846 output[i] = (unsigned char)( output[i] ^ iv[i] ); 00847 00848 memcpy( iv, temp, 16 ); 00849 00850 input += 16; 00851 output += 16; 00852 length -= 16; 00853 } 00854 } 00855 else 00856 { 00857 while( length > 0 ) 00858 { 00859 for( i = 0; i < 16; i++ ) 00860 output[i] = (unsigned char)( input[i] ^ iv[i] ); 00861 00862 aes_crypt_ecb( ctx, mode, output, output ); 00863 memcpy( iv, output, 16 ); 00864 00865 input += 16; 00866 output += 16; 00867 length -= 16; 00868 } 00869 } 00870 00871 return( 0 ); 00872 } 00873 #endif /* POLARSSL_CIPHER_MODE_CBC */ 00874 00875 #if defined(POLARSSL_CIPHER_MODE_CFB) 00876 /* 00877 * AES-CFB128 buffer encryption/decryption 00878 */ 00879 int aes_crypt_cfb128( aes_context *ctx, 00880 int mode, 00881 size_t length, 00882 size_t *iv_off, 00883 unsigned char iv[16], 00884 const unsigned char *input, 00885 unsigned char *output ) 00886 { 00887 int c; 00888 size_t n = *iv_off; 00889 00890 if( mode == AES_DECRYPT ) 00891 { 00892 while( length-- ) 00893 { 00894 if( n == 0 ) 00895 aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); 00896 00897 c = *input++; 00898 *output++ = (unsigned char)( c ^ iv[n] ); 00899 iv[n] = (unsigned char) c; 00900 00901 n = (n + 1) & 0x0F; 00902 } 00903 } 00904 else 00905 { 00906 while( length-- ) 00907 { 00908 if( n == 0 ) 00909 aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); 00910 00911 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); 00912 00913 n = (n + 1) & 0x0F; 00914 } 00915 } 00916 00917 *iv_off = n; 00918 00919 return( 0 ); 00920 } 00921 00922 /* 00923 * AES-CFB8 buffer encryption/decryption 00924 */ 00925 #include <stdio.h> 00926 int aes_crypt_cfb8( aes_context *ctx, 00927 int mode, 00928 size_t length, 00929 unsigned char iv[16], 00930 const unsigned char *input, 00931 unsigned char *output ) 00932 { 00933 unsigned char c; 00934 unsigned char ov[17]; 00935 00936 while( length-- ) 00937 { 00938 memcpy(ov, iv, 16); 00939 aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); 00940 00941 if( mode == AES_DECRYPT ) 00942 ov[16] = *input; 00943 00944 c = *output++ = (unsigned char)( iv[0] ^ *input++ ); 00945 00946 if( mode == AES_ENCRYPT ) 00947 ov[16] = c; 00948 00949 memcpy(iv, ov + 1, 16); 00950 } 00951 00952 return( 0 ); 00953 } 00954 #endif /*POLARSSL_CIPHER_MODE_CFB */ 00955 00956 #if defined(POLARSSL_CIPHER_MODE_CTR) 00957 /* 00958 * AES-CTR buffer encryption/decryption 00959 */ 00960 int aes_crypt_ctr( aes_context *ctx, 00961 size_t length, 00962 size_t *nc_off, 00963 unsigned char nonce_counter[16], 00964 unsigned char stream_block[16], 00965 const unsigned char *input, 00966 unsigned char *output ) 00967 { 00968 int c, i; 00969 size_t n = *nc_off; 00970 00971 while( length-- ) 00972 { 00973 if( n == 0 ) { 00974 aes_crypt_ecb( ctx, AES_ENCRYPT, nonce_counter, stream_block ); 00975 00976 for( i = 16; i > 0; i-- ) 00977 if( ++nonce_counter[i - 1] != 0 ) 00978 break; 00979 } 00980 c = *input++; 00981 *output++ = (unsigned char)( c ^ stream_block[n] ); 00982 00983 n = (n + 1) & 0x0F; 00984 } 00985 00986 *nc_off = n; 00987 00988 return( 0 ); 00989 } 00990 #endif /* POLARSSL_CIPHER_MODE_CTR */ 00991 00992 #endif /* !POLARSSL_AES_ALT */ 00993 00994 #if defined(POLARSSL_SELF_TEST) 00995 00996 #include <stdio.h> 00997 00998 /* 00999 * AES test vectors from: 01000 * 01001 * http://csrc.nist.gov/archive/aes/rijndael/rijndael-vals.zip 01002 */ 01003 static const unsigned char aes_test_ecb_dec[3][16] = 01004 { 01005 { 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58, 01006 0x33, 0x03, 0x91, 0x7E, 0x6B, 0xE9, 0xEB, 0xE0 }, 01007 { 0x48, 0xE3, 0x1E, 0x9E, 0x25, 0x67, 0x18, 0xF2, 01008 0x92, 0x29, 0x31, 0x9C, 0x19, 0xF1, 0x5B, 0xA4 }, 01009 { 0x05, 0x8C, 0xCF, 0xFD, 0xBB, 0xCB, 0x38, 0x2D, 01010 0x1F, 0x6F, 0x56, 0x58, 0x5D, 0x8A, 0x4A, 0xDE } 01011 }; 01012 01013 static const unsigned char aes_test_ecb_enc[3][16] = 01014 { 01015 { 0xC3, 0x4C, 0x05, 0x2C, 0xC0, 0xDA, 0x8D, 0x73, 01016 0x45, 0x1A, 0xFE, 0x5F, 0x03, 0xBE, 0x29, 0x7F }, 01017 { 0xF3, 0xF6, 0x75, 0x2A, 0xE8, 0xD7, 0x83, 0x11, 01018 0x38, 0xF0, 0x41, 0x56, 0x06, 0x31, 0xB1, 0x14 }, 01019 { 0x8B, 0x79, 0xEE, 0xCC, 0x93, 0xA0, 0xEE, 0x5D, 01020 0xFF, 0x30, 0xB4, 0xEA, 0x21, 0x63, 0x6D, 0xA4 } 01021 }; 01022 01023 #if defined(POLARSSL_CIPHER_MODE_CBC) 01024 static const unsigned char aes_test_cbc_dec[3][16] = 01025 { 01026 { 0xFA, 0xCA, 0x37, 0xE0, 0xB0, 0xC8, 0x53, 0x73, 01027 0xDF, 0x70, 0x6E, 0x73, 0xF7, 0xC9, 0xAF, 0x86 }, 01028 { 0x5D, 0xF6, 0x78, 0xDD, 0x17, 0xBA, 0x4E, 0x75, 01029 0xB6, 0x17, 0x68, 0xC6, 0xAD, 0xEF, 0x7C, 0x7B }, 01030 { 0x48, 0x04, 0xE1, 0x81, 0x8F, 0xE6, 0x29, 0x75, 01031 0x19, 0xA3, 0xE8, 0x8C, 0x57, 0x31, 0x04, 0x13 } 01032 }; 01033 01034 static const unsigned char aes_test_cbc_enc[3][16] = 01035 { 01036 { 0x8A, 0x05, 0xFC, 0x5E, 0x09, 0x5A, 0xF4, 0x84, 01037 0x8A, 0x08, 0xD3, 0x28, 0xD3, 0x68, 0x8E, 0x3D }, 01038 { 0x7B, 0xD9, 0x66, 0xD5, 0x3A, 0xD8, 0xC1, 0xBB, 01039 0x85, 0xD2, 0xAD, 0xFA, 0xE8, 0x7B, 0xB1, 0x04 }, 01040 { 0xFE, 0x3C, 0x53, 0x65, 0x3E, 0x2F, 0x45, 0xB5, 01041 0x6F, 0xCD, 0x88, 0xB2, 0xCC, 0x89, 0x8F, 0xF0 } 01042 }; 01043 #endif /* POLARSSL_CIPHER_MODE_CBC */ 01044 01045 #if defined(POLARSSL_CIPHER_MODE_CFB) 01046 /* 01047 * AES-CFB128 test vectors from: 01048 * 01049 * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf 01050 */ 01051 static const unsigned char aes_test_cfb128_key[3][32] = 01052 { 01053 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 01054 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }, 01055 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, 01056 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, 01057 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }, 01058 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, 01059 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, 01060 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, 01061 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 } 01062 }; 01063 01064 static const unsigned char aes_test_cfb128_iv[16] = 01065 { 01066 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 01067 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F 01068 }; 01069 01070 static const unsigned char aes_test_cfb128_pt[64] = 01071 { 01072 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 01073 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, 01074 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, 01075 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51, 01076 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11, 01077 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF, 01078 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17, 01079 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10 01080 }; 01081 01082 static const unsigned char aes_test_cfb128_ct[3][64] = 01083 { 01084 { 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 01085 0x33, 0x34, 0x49, 0xF8, 0xE8, 0x3C, 0xFB, 0x4A, 01086 0xC8, 0xA6, 0x45, 0x37, 0xA0, 0xB3, 0xA9, 0x3F, 01087 0xCD, 0xE3, 0xCD, 0xAD, 0x9F, 0x1C, 0xE5, 0x8B, 01088 0x26, 0x75, 0x1F, 0x67, 0xA3, 0xCB, 0xB1, 0x40, 01089 0xB1, 0x80, 0x8C, 0xF1, 0x87, 0xA4, 0xF4, 0xDF, 01090 0xC0, 0x4B, 0x05, 0x35, 0x7C, 0x5D, 0x1C, 0x0E, 01091 0xEA, 0xC4, 0xC6, 0x6F, 0x9F, 0xF7, 0xF2, 0xE6 }, 01092 { 0xCD, 0xC8, 0x0D, 0x6F, 0xDD, 0xF1, 0x8C, 0xAB, 01093 0x34, 0xC2, 0x59, 0x09, 0xC9, 0x9A, 0x41, 0x74, 01094 0x67, 0xCE, 0x7F, 0x7F, 0x81, 0x17, 0x36, 0x21, 01095 0x96, 0x1A, 0x2B, 0x70, 0x17, 0x1D, 0x3D, 0x7A, 01096 0x2E, 0x1E, 0x8A, 0x1D, 0xD5, 0x9B, 0x88, 0xB1, 01097 0xC8, 0xE6, 0x0F, 0xED, 0x1E, 0xFA, 0xC4, 0xC9, 01098 0xC0, 0x5F, 0x9F, 0x9C, 0xA9, 0x83, 0x4F, 0xA0, 01099 0x42, 0xAE, 0x8F, 0xBA, 0x58, 0x4B, 0x09, 0xFF }, 01100 { 0xDC, 0x7E, 0x84, 0xBF, 0xDA, 0x79, 0x16, 0x4B, 01101 0x7E, 0xCD, 0x84, 0x86, 0x98, 0x5D, 0x38, 0x60, 01102 0x39, 0xFF, 0xED, 0x14, 0x3B, 0x28, 0xB1, 0xC8, 01103 0x32, 0x11, 0x3C, 0x63, 0x31, 0xE5, 0x40, 0x7B, 01104 0xDF, 0x10, 0x13, 0x24, 0x15, 0xE5, 0x4B, 0x92, 01105 0xA1, 0x3E, 0xD0, 0xA8, 0x26, 0x7A, 0xE2, 0xF9, 01106 0x75, 0xA3, 0x85, 0x74, 0x1A, 0xB9, 0xCE, 0xF8, 01107 0x20, 0x31, 0x62, 0x3D, 0x55, 0xB1, 0xE4, 0x71 } 01108 }; 01109 #endif /* POLARSSL_CIPHER_MODE_CFB */ 01110 01111 #if defined(POLARSSL_CIPHER_MODE_CTR) 01112 /* 01113 * AES-CTR test vectors from: 01114 * 01115 * http://www.faqs.org/rfcs/rfc3686.html 01116 */ 01117 01118 static const unsigned char aes_test_ctr_key[3][16] = 01119 { 01120 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC, 01121 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E }, 01122 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7, 01123 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 }, 01124 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8, 01125 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC } 01126 }; 01127 01128 static const unsigned char aes_test_ctr_nonce_counter[3][16] = 01129 { 01130 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 01131 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, 01132 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59, 01133 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 }, 01134 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F, 01135 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 } 01136 }; 01137 01138 static const unsigned char aes_test_ctr_pt[3][48] = 01139 { 01140 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62, 01141 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 }, 01142 01143 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 01144 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 01145 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 01146 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }, 01147 01148 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 01149 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 01150 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 01151 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 01152 0x20, 0x21, 0x22, 0x23 } 01153 }; 01154 01155 static const unsigned char aes_test_ctr_ct[3][48] = 01156 { 01157 { 0xE4, 0x09, 0x5D, 0x4F, 0xB7, 0xA7, 0xB3, 0x79, 01158 0x2D, 0x61, 0x75, 0xA3, 0x26, 0x13, 0x11, 0xB8 }, 01159 { 0x51, 0x04, 0xA1, 0x06, 0x16, 0x8A, 0x72, 0xD9, 01160 0x79, 0x0D, 0x41, 0xEE, 0x8E, 0xDA, 0xD3, 0x88, 01161 0xEB, 0x2E, 0x1E, 0xFC, 0x46, 0xDA, 0x57, 0xC8, 01162 0xFC, 0xE6, 0x30, 0xDF, 0x91, 0x41, 0xBE, 0x28 }, 01163 { 0xC1, 0xCF, 0x48, 0xA8, 0x9F, 0x2F, 0xFD, 0xD9, 01164 0xCF, 0x46, 0x52, 0xE9, 0xEF, 0xDB, 0x72, 0xD7, 01165 0x45, 0x40, 0xA4, 0x2B, 0xDE, 0x6D, 0x78, 0x36, 01166 0xD5, 0x9A, 0x5C, 0xEA, 0xAE, 0xF3, 0x10, 0x53, 01167 0x25, 0xB2, 0x07, 0x2F } 01168 }; 01169 01170 static const int aes_test_ctr_len[3] = 01171 { 16, 32, 36 }; 01172 #endif /* POLARSSL_CIPHER_MODE_CTR */ 01173 01174 /* 01175 * Checkup routine 01176 */ 01177 int aes_self_test( int verbose ) 01178 { 01179 int i, j, u, v; 01180 unsigned char key[32]; 01181 unsigned char buf[64]; 01182 unsigned char iv[16]; 01183 #if defined(POLARSSL_CIPHER_MODE_CBC) 01184 unsigned char prv[16]; 01185 #endif 01186 #if defined(POLARSSL_CIPHER_MODE_CTR) || defined(POLARSSL_CIPHER_MODE_CFB) 01187 size_t offset; 01188 #endif 01189 #if defined(POLARSSL_CIPHER_MODE_CTR) 01190 int len; 01191 unsigned char nonce_counter[16]; 01192 unsigned char stream_block[16]; 01193 #endif 01194 aes_context ctx; 01195 01196 memset( key, 0, 32 ); 01197 01198 /* 01199 * ECB mode 01200 */ 01201 for( i = 0; i < 6; i++ ) 01202 { 01203 u = i >> 1; 01204 v = i & 1; 01205 01206 if( verbose != 0 ) 01207 polarssl_printf( " AES-ECB-%3d (%s): ", 128 + u * 64, 01208 ( v == AES_DECRYPT ) ? "dec" : "enc" ); 01209 01210 memset( buf, 0, 16 ); 01211 01212 if( v == AES_DECRYPT ) 01213 { 01214 aes_setkey_dec( &ctx, key, 128 + u * 64 ); 01215 01216 for( j = 0; j < 10000; j++ ) 01217 aes_crypt_ecb( &ctx, v, buf, buf ); 01218 01219 if( memcmp( buf, aes_test_ecb_dec[u], 16 ) != 0 ) 01220 { 01221 if( verbose != 0 ) 01222 polarssl_printf( "failed\n" ); 01223 01224 return( 1 ); 01225 } 01226 } 01227 else 01228 { 01229 aes_setkey_enc( &ctx, key, 128 + u * 64 ); 01230 01231 for( j = 0; j < 10000; j++ ) 01232 aes_crypt_ecb( &ctx, v, buf, buf ); 01233 01234 if( memcmp( buf, aes_test_ecb_enc[u], 16 ) != 0 ) 01235 { 01236 if( verbose != 0 ) 01237 polarssl_printf( "failed\n" ); 01238 01239 return( 1 ); 01240 } 01241 } 01242 01243 if( verbose != 0 ) 01244 polarssl_printf( "passed\n" ); 01245 } 01246 01247 if( verbose != 0 ) 01248 polarssl_printf( "\n" ); 01249 01250 #if defined(POLARSSL_CIPHER_MODE_CBC) 01251 /* 01252 * CBC mode 01253 */ 01254 for( i = 0; i < 6; i++ ) 01255 { 01256 u = i >> 1; 01257 v = i & 1; 01258 01259 if( verbose != 0 ) 01260 polarssl_printf( " AES-CBC-%3d (%s): ", 128 + u * 64, 01261 ( v == AES_DECRYPT ) ? "dec" : "enc" ); 01262 01263 memset( iv , 0, 16 ); 01264 memset( prv, 0, 16 ); 01265 memset( buf, 0, 16 ); 01266 01267 if( v == AES_DECRYPT ) 01268 { 01269 aes_setkey_dec( &ctx, key, 128 + u * 64 ); 01270 01271 for( j = 0; j < 10000; j++ ) 01272 aes_crypt_cbc( &ctx, v, 16, iv, buf, buf ); 01273 01274 if( memcmp( buf, aes_test_cbc_dec[u], 16 ) != 0 ) 01275 { 01276 if( verbose != 0 ) 01277 polarssl_printf( "failed\n" ); 01278 01279 return( 1 ); 01280 } 01281 } 01282 else 01283 { 01284 aes_setkey_enc( &ctx, key, 128 + u * 64 ); 01285 01286 for( j = 0; j < 10000; j++ ) 01287 { 01288 unsigned char tmp[16]; 01289 01290 aes_crypt_cbc( &ctx, v, 16, iv, buf, buf ); 01291 01292 memcpy( tmp, prv, 16 ); 01293 memcpy( prv, buf, 16 ); 01294 memcpy( buf, tmp, 16 ); 01295 } 01296 01297 if( memcmp( prv, aes_test_cbc_enc[u], 16 ) != 0 ) 01298 { 01299 if( verbose != 0 ) 01300 polarssl_printf( "failed\n" ); 01301 01302 return( 1 ); 01303 } 01304 } 01305 01306 if( verbose != 0 ) 01307 polarssl_printf( "passed\n" ); 01308 } 01309 01310 if( verbose != 0 ) 01311 polarssl_printf( "\n" ); 01312 #endif /* POLARSSL_CIPHER_MODE_CBC */ 01313 01314 #if defined(POLARSSL_CIPHER_MODE_CFB) 01315 /* 01316 * CFB128 mode 01317 */ 01318 for( i = 0; i < 6; i++ ) 01319 { 01320 u = i >> 1; 01321 v = i & 1; 01322 01323 if( verbose != 0 ) 01324 polarssl_printf( " AES-CFB128-%3d (%s): ", 128 + u * 64, 01325 ( v == AES_DECRYPT ) ? "dec" : "enc" ); 01326 01327 memcpy( iv, aes_test_cfb128_iv, 16 ); 01328 memcpy( key, aes_test_cfb128_key[u], 16 + u * 8 ); 01329 01330 offset = 0; 01331 aes_setkey_enc( &ctx, key, 128 + u * 64 ); 01332 01333 if( v == AES_DECRYPT ) 01334 { 01335 memcpy( buf, aes_test_cfb128_ct[u], 64 ); 01336 aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf ); 01337 01338 if( memcmp( buf, aes_test_cfb128_pt, 64 ) != 0 ) 01339 { 01340 if( verbose != 0 ) 01341 polarssl_printf( "failed\n" ); 01342 01343 return( 1 ); 01344 } 01345 } 01346 else 01347 { 01348 memcpy( buf, aes_test_cfb128_pt, 64 ); 01349 aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf ); 01350 01351 if( memcmp( buf, aes_test_cfb128_ct[u], 64 ) != 0 ) 01352 { 01353 if( verbose != 0 ) 01354 polarssl_printf( "failed\n" ); 01355 01356 return( 1 ); 01357 } 01358 } 01359 01360 if( verbose != 0 ) 01361 polarssl_printf( "passed\n" ); 01362 } 01363 01364 if( verbose != 0 ) 01365 polarssl_printf( "\n" ); 01366 #endif /* POLARSSL_CIPHER_MODE_CFB */ 01367 01368 #if defined(POLARSSL_CIPHER_MODE_CTR) 01369 /* 01370 * CTR mode 01371 */ 01372 for( i = 0; i < 6; i++ ) 01373 { 01374 u = i >> 1; 01375 v = i & 1; 01376 01377 if( verbose != 0 ) 01378 polarssl_printf( " AES-CTR-128 (%s): ", 01379 ( v == AES_DECRYPT ) ? "dec" : "enc" ); 01380 01381 memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 ); 01382 memcpy( key, aes_test_ctr_key[u], 16 ); 01383 01384 offset = 0; 01385 aes_setkey_enc( &ctx, key, 128 ); 01386 01387 if( v == AES_DECRYPT ) 01388 { 01389 len = aes_test_ctr_len[u]; 01390 memcpy( buf, aes_test_ctr_ct[u], len ); 01391 01392 aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, 01393 buf, buf ); 01394 01395 if( memcmp( buf, aes_test_ctr_pt[u], len ) != 0 ) 01396 { 01397 if( verbose != 0 ) 01398 polarssl_printf( "failed\n" ); 01399 01400 return( 1 ); 01401 } 01402 } 01403 else 01404 { 01405 len = aes_test_ctr_len[u]; 01406 memcpy( buf, aes_test_ctr_pt[u], len ); 01407 01408 aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, 01409 buf, buf ); 01410 01411 if( memcmp( buf, aes_test_ctr_ct[u], len ) != 0 ) 01412 { 01413 if( verbose != 0 ) 01414 polarssl_printf( "failed\n" ); 01415 01416 return( 1 ); 01417 } 01418 } 01419 01420 if( verbose != 0 ) 01421 polarssl_printf( "passed\n" ); 01422 } 01423 01424 if( verbose != 0 ) 01425 polarssl_printf( "\n" ); 01426 #endif /* POLARSSL_CIPHER_MODE_CTR */ 01427 01428 return( 0 ); 01429 } 01430 01431 #endif /* POLARSSL_SELF_TEST */ 01432 01433 #endif /* POLARSSL_AES_C */ 01434 01435
Generated on Tue Jul 12 2022 19:40:14 by
1.7.2