Sergey Pastor / 1

Webserver+3d print

Dependents:   Nucleo

cyclone_crypto/aes.c@0:8918a71cdbe9, 2017-02-04 (annotated)

Committer:
Sergunb
Date:
Sat Feb 04 18:15:49 2017 +0000
Revision:
0:8918a71cdbe9
nothing else

Who changed what in which revision?

UserRevisionLine numberNew contents of line
Sergunb 0:8918a71cdbe9 1 /**
Sergunb 0:8918a71cdbe9 2 * @file aes.c
Sergunb 0:8918a71cdbe9 3 * @brief AES (Advanced Encryption Standard)
Sergunb 0:8918a71cdbe9 4 *
Sergunb 0:8918a71cdbe9 5 * @section License
Sergunb 0:8918a71cdbe9 6 *
Sergunb 0:8918a71cdbe9 7 * Copyright (C) 2010-2017 Oryx Embedded SARL. All rights reserved.
Sergunb 0:8918a71cdbe9 8 *
Sergunb 0:8918a71cdbe9 9 * This file is part of CycloneCrypto Open.
Sergunb 0:8918a71cdbe9 10 *
Sergunb 0:8918a71cdbe9 11 * This program is free software; you can redistribute it and/or
Sergunb 0:8918a71cdbe9 12 * modify it under the terms of the GNU General Public License
Sergunb 0:8918a71cdbe9 13 * as published by the Free Software Foundation; either version 2
Sergunb 0:8918a71cdbe9 14 * of the License, or (at your option) any later version.
Sergunb 0:8918a71cdbe9 15 *
Sergunb 0:8918a71cdbe9 16 * This program is distributed in the hope that it will be useful,
Sergunb 0:8918a71cdbe9 17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
Sergunb 0:8918a71cdbe9 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Sergunb 0:8918a71cdbe9 19 * GNU General Public License for more details.
Sergunb 0:8918a71cdbe9 20 *
Sergunb 0:8918a71cdbe9 21 * You should have received a copy of the GNU General Public License
Sergunb 0:8918a71cdbe9 22 * along with this program; if not, write to the Free Software Foundation,
Sergunb 0:8918a71cdbe9 23 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Sergunb 0:8918a71cdbe9 24 *
Sergunb 0:8918a71cdbe9 25 * @section Description
Sergunb 0:8918a71cdbe9 26 *
Sergunb 0:8918a71cdbe9 27 * AES is an encryption standard based on Rijndael algorithm, a symmetric block
Sergunb 0:8918a71cdbe9 28 * cipher that can process data blocks of 128 bits, using cipher keys with
Sergunb 0:8918a71cdbe9 29 * lengths of 128, 192, and 256 bits. Refer to FIPS 197 for more details
Sergunb 0:8918a71cdbe9 30 *
Sergunb 0:8918a71cdbe9 31 * @author Oryx Embedded SARL (www.oryx-embedded.com)
Sergunb 0:8918a71cdbe9 32 * @version 1.7.6
Sergunb 0:8918a71cdbe9 33 **/
Sergunb 0:8918a71cdbe9 34
Sergunb 0:8918a71cdbe9 35 //Switch to the appropriate trace level
Sergunb 0:8918a71cdbe9 36 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
Sergunb 0:8918a71cdbe9 37
Sergunb 0:8918a71cdbe9 38 //Dependencies
Sergunb 0:8918a71cdbe9 39 #include <string.h>
Sergunb 0:8918a71cdbe9 40 #include "crypto.h"
Sergunb 0:8918a71cdbe9 41 #include "aes.h"
Sergunb 0:8918a71cdbe9 42
Sergunb 0:8918a71cdbe9 43 //Check crypto library configuration
Sergunb 0:8918a71cdbe9 44 #if (AES_SUPPORT == ENABLED)
Sergunb 0:8918a71cdbe9 45
Sergunb 0:8918a71cdbe9 46 //Substitution table used by encryption algorithm (S-box)
Sergunb 0:8918a71cdbe9 47 static const uint8_t sbox[256] =
Sergunb 0:8918a71cdbe9 48 {
Sergunb 0:8918a71cdbe9 49 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
Sergunb 0:8918a71cdbe9 50 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
Sergunb 0:8918a71cdbe9 51 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
Sergunb 0:8918a71cdbe9 52 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
Sergunb 0:8918a71cdbe9 53 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
Sergunb 0:8918a71cdbe9 54 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
Sergunb 0:8918a71cdbe9 55 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
Sergunb 0:8918a71cdbe9 56 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
Sergunb 0:8918a71cdbe9 57 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
Sergunb 0:8918a71cdbe9 58 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
Sergunb 0:8918a71cdbe9 59 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
Sergunb 0:8918a71cdbe9 60 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
Sergunb 0:8918a71cdbe9 61 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
Sergunb 0:8918a71cdbe9 62 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
Sergunb 0:8918a71cdbe9 63 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
Sergunb 0:8918a71cdbe9 64 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
Sergunb 0:8918a71cdbe9 65 };
Sergunb 0:8918a71cdbe9 66
Sergunb 0:8918a71cdbe9 67 //Substitution table used by decryption algorithm (inverse S-box)
Sergunb 0:8918a71cdbe9 68 static const uint8_t isbox[256] =
Sergunb 0:8918a71cdbe9 69 {
Sergunb 0:8918a71cdbe9 70 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
Sergunb 0:8918a71cdbe9 71 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
Sergunb 0:8918a71cdbe9 72 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
Sergunb 0:8918a71cdbe9 73 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
Sergunb 0:8918a71cdbe9 74 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
Sergunb 0:8918a71cdbe9 75 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
Sergunb 0:8918a71cdbe9 76 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
Sergunb 0:8918a71cdbe9 77 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
Sergunb 0:8918a71cdbe9 78 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
Sergunb 0:8918a71cdbe9 79 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
Sergunb 0:8918a71cdbe9 80 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
Sergunb 0:8918a71cdbe9 81 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
Sergunb 0:8918a71cdbe9 82 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
Sergunb 0:8918a71cdbe9 83 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
Sergunb 0:8918a71cdbe9 84 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
Sergunb 0:8918a71cdbe9 85 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
Sergunb 0:8918a71cdbe9 86 };
Sergunb 0:8918a71cdbe9 87
Sergunb 0:8918a71cdbe9 88 //Precalculated table (encryption)
Sergunb 0:8918a71cdbe9 89 static const uint32_t te[256] =
Sergunb 0:8918a71cdbe9 90 {
Sergunb 0:8918a71cdbe9 91 0xA56363C6, 0x847C7CF8, 0x997777EE, 0x8D7B7BF6, 0x0DF2F2FF, 0xBD6B6BD6, 0xB16F6FDE, 0x54C5C591,
Sergunb 0:8918a71cdbe9 92 0x50303060, 0x03010102, 0xA96767CE, 0x7D2B2B56, 0x19FEFEE7, 0x62D7D7B5, 0xE6ABAB4D, 0x9A7676EC,
Sergunb 0:8918a71cdbe9 93 0x45CACA8F, 0x9D82821F, 0x40C9C989, 0x877D7DFA, 0x15FAFAEF, 0xEB5959B2, 0xC947478E, 0x0BF0F0FB,
Sergunb 0:8918a71cdbe9 94 0xECADAD41, 0x67D4D4B3, 0xFDA2A25F, 0xEAAFAF45, 0xBF9C9C23, 0xF7A4A453, 0x967272E4, 0x5BC0C09B,
Sergunb 0:8918a71cdbe9 95 0xC2B7B775, 0x1CFDFDE1, 0xAE93933D, 0x6A26264C, 0x5A36366C, 0x413F3F7E, 0x02F7F7F5, 0x4FCCCC83,
Sergunb 0:8918a71cdbe9 96 0x5C343468, 0xF4A5A551, 0x34E5E5D1, 0x08F1F1F9, 0x937171E2, 0x73D8D8AB, 0x53313162, 0x3F15152A,
Sergunb 0:8918a71cdbe9 97 0x0C040408, 0x52C7C795, 0x65232346, 0x5EC3C39D, 0x28181830, 0xA1969637, 0x0F05050A, 0xB59A9A2F,
Sergunb 0:8918a71cdbe9 98 0x0907070E, 0x36121224, 0x9B80801B, 0x3DE2E2DF, 0x26EBEBCD, 0x6927274E, 0xCDB2B27F, 0x9F7575EA,
Sergunb 0:8918a71cdbe9 99 0x1B090912, 0x9E83831D, 0x742C2C58, 0x2E1A1A34, 0x2D1B1B36, 0xB26E6EDC, 0xEE5A5AB4, 0xFBA0A05B,
Sergunb 0:8918a71cdbe9 100 0xF65252A4, 0x4D3B3B76, 0x61D6D6B7, 0xCEB3B37D, 0x7B292952, 0x3EE3E3DD, 0x712F2F5E, 0x97848413,
Sergunb 0:8918a71cdbe9 101 0xF55353A6, 0x68D1D1B9, 0x00000000, 0x2CEDEDC1, 0x60202040, 0x1FFCFCE3, 0xC8B1B179, 0xED5B5BB6,
Sergunb 0:8918a71cdbe9 102 0xBE6A6AD4, 0x46CBCB8D, 0xD9BEBE67, 0x4B393972, 0xDE4A4A94, 0xD44C4C98, 0xE85858B0, 0x4ACFCF85,
Sergunb 0:8918a71cdbe9 103 0x6BD0D0BB, 0x2AEFEFC5, 0xE5AAAA4F, 0x16FBFBED, 0xC5434386, 0xD74D4D9A, 0x55333366, 0x94858511,
Sergunb 0:8918a71cdbe9 104 0xCF45458A, 0x10F9F9E9, 0x06020204, 0x817F7FFE, 0xF05050A0, 0x443C3C78, 0xBA9F9F25, 0xE3A8A84B,
Sergunb 0:8918a71cdbe9 105 0xF35151A2, 0xFEA3A35D, 0xC0404080, 0x8A8F8F05, 0xAD92923F, 0xBC9D9D21, 0x48383870, 0x04F5F5F1,
Sergunb 0:8918a71cdbe9 106 0xDFBCBC63, 0xC1B6B677, 0x75DADAAF, 0x63212142, 0x30101020, 0x1AFFFFE5, 0x0EF3F3FD, 0x6DD2D2BF,
Sergunb 0:8918a71cdbe9 107 0x4CCDCD81, 0x140C0C18, 0x35131326, 0x2FECECC3, 0xE15F5FBE, 0xA2979735, 0xCC444488, 0x3917172E,
Sergunb 0:8918a71cdbe9 108 0x57C4C493, 0xF2A7A755, 0x827E7EFC, 0x473D3D7A, 0xAC6464C8, 0xE75D5DBA, 0x2B191932, 0x957373E6,
Sergunb 0:8918a71cdbe9 109 0xA06060C0, 0x98818119, 0xD14F4F9E, 0x7FDCDCA3, 0x66222244, 0x7E2A2A54, 0xAB90903B, 0x8388880B,
Sergunb 0:8918a71cdbe9 110 0xCA46468C, 0x29EEEEC7, 0xD3B8B86B, 0x3C141428, 0x79DEDEA7, 0xE25E5EBC, 0x1D0B0B16, 0x76DBDBAD,
Sergunb 0:8918a71cdbe9 111 0x3BE0E0DB, 0x56323264, 0x4E3A3A74, 0x1E0A0A14, 0xDB494992, 0x0A06060C, 0x6C242448, 0xE45C5CB8,
Sergunb 0:8918a71cdbe9 112 0x5DC2C29F, 0x6ED3D3BD, 0xEFACAC43, 0xA66262C4, 0xA8919139, 0xA4959531, 0x37E4E4D3, 0x8B7979F2,
Sergunb 0:8918a71cdbe9 113 0x32E7E7D5, 0x43C8C88B, 0x5937376E, 0xB76D6DDA, 0x8C8D8D01, 0x64D5D5B1, 0xD24E4E9C, 0xE0A9A949,
Sergunb 0:8918a71cdbe9 114 0xB46C6CD8, 0xFA5656AC, 0x07F4F4F3, 0x25EAEACF, 0xAF6565CA, 0x8E7A7AF4, 0xE9AEAE47, 0x18080810,
Sergunb 0:8918a71cdbe9 115 0xD5BABA6F, 0x887878F0, 0x6F25254A, 0x722E2E5C, 0x241C1C38, 0xF1A6A657, 0xC7B4B473, 0x51C6C697,
Sergunb 0:8918a71cdbe9 116 0x23E8E8CB, 0x7CDDDDA1, 0x9C7474E8, 0x211F1F3E, 0xDD4B4B96, 0xDCBDBD61, 0x868B8B0D, 0x858A8A0F,
Sergunb 0:8918a71cdbe9 117 0x907070E0, 0x423E3E7C, 0xC4B5B571, 0xAA6666CC, 0xD8484890, 0x05030306, 0x01F6F6F7, 0x120E0E1C,
Sergunb 0:8918a71cdbe9 118 0xA36161C2, 0x5F35356A, 0xF95757AE, 0xD0B9B969, 0x91868617, 0x58C1C199, 0x271D1D3A, 0xB99E9E27,
Sergunb 0:8918a71cdbe9 119 0x38E1E1D9, 0x13F8F8EB, 0xB398982B, 0x33111122, 0xBB6969D2, 0x70D9D9A9, 0x898E8E07, 0xA7949433,
Sergunb 0:8918a71cdbe9 120 0xB69B9B2D, 0x221E1E3C, 0x92878715, 0x20E9E9C9, 0x49CECE87, 0xFF5555AA, 0x78282850, 0x7ADFDFA5,
Sergunb 0:8918a71cdbe9 121 0x8F8C8C03, 0xF8A1A159, 0x80898909, 0x170D0D1A, 0xDABFBF65, 0x31E6E6D7, 0xC6424284, 0xB86868D0,
Sergunb 0:8918a71cdbe9 122 0xC3414182, 0xB0999929, 0x772D2D5A, 0x110F0F1E, 0xCBB0B07B, 0xFC5454A8, 0xD6BBBB6D, 0x3A16162C
Sergunb 0:8918a71cdbe9 123 };
Sergunb 0:8918a71cdbe9 124
Sergunb 0:8918a71cdbe9 125 //Precalculated table (decryption)
Sergunb 0:8918a71cdbe9 126 static const uint32_t td[256] =
Sergunb 0:8918a71cdbe9 127 {
Sergunb 0:8918a71cdbe9 128 0x50A7F451, 0x5365417E, 0xC3A4171A, 0x965E273A, 0xCB6BAB3B, 0xF1459D1F, 0xAB58FAAC, 0x9303E34B,
Sergunb 0:8918a71cdbe9 129 0x55FA3020, 0xF66D76AD, 0x9176CC88, 0x254C02F5, 0xFCD7E54F, 0xD7CB2AC5, 0x80443526, 0x8FA362B5,
Sergunb 0:8918a71cdbe9 130 0x495AB1DE, 0x671BBA25, 0x980EEA45, 0xE1C0FE5D, 0x02752FC3, 0x12F04C81, 0xA397468D, 0xC6F9D36B,
Sergunb 0:8918a71cdbe9 131 0xE75F8F03, 0x959C9215, 0xEB7A6DBF, 0xDA595295, 0x2D83BED4, 0xD3217458, 0x2969E049, 0x44C8C98E,
Sergunb 0:8918a71cdbe9 132 0x6A89C275, 0x78798EF4, 0x6B3E5899, 0xDD71B927, 0xB64FE1BE, 0x17AD88F0, 0x66AC20C9, 0xB43ACE7D,
Sergunb 0:8918a71cdbe9 133 0x184ADF63, 0x82311AE5, 0x60335197, 0x457F5362, 0xE07764B1, 0x84AE6BBB, 0x1CA081FE, 0x942B08F9,
Sergunb 0:8918a71cdbe9 134 0x58684870, 0x19FD458F, 0x876CDE94, 0xB7F87B52, 0x23D373AB, 0xE2024B72, 0x578F1FE3, 0x2AAB5566,
Sergunb 0:8918a71cdbe9 135 0x0728EBB2, 0x03C2B52F, 0x9A7BC586, 0xA50837D3, 0xF2872830, 0xB2A5BF23, 0xBA6A0302, 0x5C8216ED,
Sergunb 0:8918a71cdbe9 136 0x2B1CCF8A, 0x92B479A7, 0xF0F207F3, 0xA1E2694E, 0xCDF4DA65, 0xD5BE0506, 0x1F6234D1, 0x8AFEA6C4,
Sergunb 0:8918a71cdbe9 137 0x9D532E34, 0xA055F3A2, 0x32E18A05, 0x75EBF6A4, 0x39EC830B, 0xAAEF6040, 0x069F715E, 0x51106EBD,
Sergunb 0:8918a71cdbe9 138 0xF98A213E, 0x3D06DD96, 0xAE053EDD, 0x46BDE64D, 0xB58D5491, 0x055DC471, 0x6FD40604, 0xFF155060,
Sergunb 0:8918a71cdbe9 139 0x24FB9819, 0x97E9BDD6, 0xCC434089, 0x779ED967, 0xBD42E8B0, 0x888B8907, 0x385B19E7, 0xDBEEC879,
Sergunb 0:8918a71cdbe9 140 0x470A7CA1, 0xE90F427C, 0xC91E84F8, 0x00000000, 0x83868009, 0x48ED2B32, 0xAC70111E, 0x4E725A6C,
Sergunb 0:8918a71cdbe9 141 0xFBFF0EFD, 0x5638850F, 0x1ED5AE3D, 0x27392D36, 0x64D90F0A, 0x21A65C68, 0xD1545B9B, 0x3A2E3624,
Sergunb 0:8918a71cdbe9 142 0xB1670A0C, 0x0FE75793, 0xD296EEB4, 0x9E919B1B, 0x4FC5C080, 0xA220DC61, 0x694B775A, 0x161A121C,
Sergunb 0:8918a71cdbe9 143 0x0ABA93E2, 0xE52AA0C0, 0x43E0223C, 0x1D171B12, 0x0B0D090E, 0xADC78BF2, 0xB9A8B62D, 0xC8A91E14,
Sergunb 0:8918a71cdbe9 144 0x8519F157, 0x4C0775AF, 0xBBDD99EE, 0xFD607FA3, 0x9F2601F7, 0xBCF5725C, 0xC53B6644, 0x347EFB5B,
Sergunb 0:8918a71cdbe9 145 0x7629438B, 0xDCC623CB, 0x68FCEDB6, 0x63F1E4B8, 0xCADC31D7, 0x10856342, 0x40229713, 0x2011C684,
Sergunb 0:8918a71cdbe9 146 0x7D244A85, 0xF83DBBD2, 0x1132F9AE, 0x6DA129C7, 0x4B2F9E1D, 0xF330B2DC, 0xEC52860D, 0xD0E3C177,
Sergunb 0:8918a71cdbe9 147 0x6C16B32B, 0x99B970A9, 0xFA489411, 0x2264E947, 0xC48CFCA8, 0x1A3FF0A0, 0xD82C7D56, 0xEF903322,
Sergunb 0:8918a71cdbe9 148 0xC74E4987, 0xC1D138D9, 0xFEA2CA8C, 0x360BD498, 0xCF81F5A6, 0x28DE7AA5, 0x268EB7DA, 0xA4BFAD3F,
Sergunb 0:8918a71cdbe9 149 0xE49D3A2C, 0x0D927850, 0x9BCC5F6A, 0x62467E54, 0xC2138DF6, 0xE8B8D890, 0x5EF7392E, 0xF5AFC382,
Sergunb 0:8918a71cdbe9 150 0xBE805D9F, 0x7C93D069, 0xA92DD56F, 0xB31225CF, 0x3B99ACC8, 0xA77D1810, 0x6E639CE8, 0x7BBB3BDB,
Sergunb 0:8918a71cdbe9 151 0x097826CD, 0xF418596E, 0x01B79AEC, 0xA89A4F83, 0x656E95E6, 0x7EE6FFAA, 0x08CFBC21, 0xE6E815EF,
Sergunb 0:8918a71cdbe9 152 0xD99BE7BA, 0xCE366F4A, 0xD4099FEA, 0xD67CB029, 0xAFB2A431, 0x31233F2A, 0x3094A5C6, 0xC066A235,
Sergunb 0:8918a71cdbe9 153 0x37BC4E74, 0xA6CA82FC, 0xB0D090E0, 0x15D8A733, 0x4A9804F1, 0xF7DAEC41, 0x0E50CD7F, 0x2FF69117,
Sergunb 0:8918a71cdbe9 154 0x8DD64D76, 0x4DB0EF43, 0x544DAACC, 0xDF0496E4, 0xE3B5D19E, 0x1B886A4C, 0xB81F2CC1, 0x7F516546,
Sergunb 0:8918a71cdbe9 155 0x04EA5E9D, 0x5D358C01, 0x737487FA, 0x2E410BFB, 0x5A1D67B3, 0x52D2DB92, 0x335610E9, 0x1347D66D,
Sergunb 0:8918a71cdbe9 156 0x8C61D79A, 0x7A0CA137, 0x8E14F859, 0x893C13EB, 0xEE27A9CE, 0x35C961B7, 0xEDE51CE1, 0x3CB1477A,
Sergunb 0:8918a71cdbe9 157 0x59DFD29C, 0x3F73F255, 0x79CE1418, 0xBF37C773, 0xEACDF753, 0x5BAAFD5F, 0x146F3DDF, 0x86DB4478,
Sergunb 0:8918a71cdbe9 158 0x81F3AFCA, 0x3EC468B9, 0x2C342438, 0x5F40A3C2, 0x72C31D16, 0x0C25E2BC, 0x8B493C28, 0x41950DFF,
Sergunb 0:8918a71cdbe9 159 0x7101A839, 0xDEB30C08, 0x9CE4B4D8, 0x90C15664, 0x6184CB7B, 0x70B632D5, 0x745C6C48, 0x4257B8D0
Sergunb 0:8918a71cdbe9 160 };
Sergunb 0:8918a71cdbe9 161
Sergunb 0:8918a71cdbe9 162 //Round constant word array
Sergunb 0:8918a71cdbe9 163 static const uint32_t rcon[11] =
Sergunb 0:8918a71cdbe9 164 {
Sergunb 0:8918a71cdbe9 165 0x00000000,
Sergunb 0:8918a71cdbe9 166 0x00000001,
Sergunb 0:8918a71cdbe9 167 0x00000002,
Sergunb 0:8918a71cdbe9 168 0x00000004,
Sergunb 0:8918a71cdbe9 169 0x00000008,
Sergunb 0:8918a71cdbe9 170 0x00000010,
Sergunb 0:8918a71cdbe9 171 0x00000020,
Sergunb 0:8918a71cdbe9 172 0x00000040,
Sergunb 0:8918a71cdbe9 173 0x00000080,
Sergunb 0:8918a71cdbe9 174 0x0000001B,
Sergunb 0:8918a71cdbe9 175 0x00000036
Sergunb 0:8918a71cdbe9 176 };
Sergunb 0:8918a71cdbe9 177
Sergunb 0:8918a71cdbe9 178 //Common interface for encryption algorithms
Sergunb 0:8918a71cdbe9 179 const CipherAlgo aesCipherAlgo =
Sergunb 0:8918a71cdbe9 180 {
Sergunb 0:8918a71cdbe9 181 "AES",
Sergunb 0:8918a71cdbe9 182 sizeof(AesContext),
Sergunb 0:8918a71cdbe9 183 CIPHER_ALGO_TYPE_BLOCK,
Sergunb 0:8918a71cdbe9 184 AES_BLOCK_SIZE,
Sergunb 0:8918a71cdbe9 185 (CipherAlgoInit) aesInit,
Sergunb 0:8918a71cdbe9 186 NULL,
Sergunb 0:8918a71cdbe9 187 NULL,
Sergunb 0:8918a71cdbe9 188 (CipherAlgoEncryptBlock) aesEncryptBlock,
Sergunb 0:8918a71cdbe9 189 (CipherAlgoDecryptBlock) aesDecryptBlock
Sergunb 0:8918a71cdbe9 190 };
Sergunb 0:8918a71cdbe9 191
Sergunb 0:8918a71cdbe9 192
Sergunb 0:8918a71cdbe9 193 /**
Sergunb 0:8918a71cdbe9 194 * @brief Key expansion
Sergunb 0:8918a71cdbe9 195 * @param[in] context Pointer to the AES context to initialize
Sergunb 0:8918a71cdbe9 196 * @param[in] key Pointer to the key
Sergunb 0:8918a71cdbe9 197 * @param[in] keyLength Length of the key
Sergunb 0:8918a71cdbe9 198 * @return Error code
Sergunb 0:8918a71cdbe9 199 **/
Sergunb 0:8918a71cdbe9 200
Sergunb 0:8918a71cdbe9 201 error_t aesInit(AesContext *context, const uint8_t *key, size_t keyLength)
Sergunb 0:8918a71cdbe9 202 {
Sergunb 0:8918a71cdbe9 203 uint_t i;
Sergunb 0:8918a71cdbe9 204 uint32_t temp;
Sergunb 0:8918a71cdbe9 205 size_t keyScheduleSize;
Sergunb 0:8918a71cdbe9 206
Sergunb 0:8918a71cdbe9 207 //10 rounds are required for 128-bit key
Sergunb 0:8918a71cdbe9 208 if(keyLength == 16)
Sergunb 0:8918a71cdbe9 209 context->nr = 10;
Sergunb 0:8918a71cdbe9 210 //12 rounds are required for 192-bit key
Sergunb 0:8918a71cdbe9 211 else if(keyLength == 24)
Sergunb 0:8918a71cdbe9 212 context->nr = 12;
Sergunb 0:8918a71cdbe9 213 //14 rounds are required for 256-bit key
Sergunb 0:8918a71cdbe9 214 else if(keyLength == 32)
Sergunb 0:8918a71cdbe9 215 context->nr = 14;
Sergunb 0:8918a71cdbe9 216 //Key length is not supported...
Sergunb 0:8918a71cdbe9 217 else
Sergunb 0:8918a71cdbe9 218 return ERROR_INVALID_KEY_LENGTH;
Sergunb 0:8918a71cdbe9 219
Sergunb 0:8918a71cdbe9 220 //Determine the number of 32-bit words in the key
Sergunb 0:8918a71cdbe9 221 keyLength /= 4;
Sergunb 0:8918a71cdbe9 222
Sergunb 0:8918a71cdbe9 223 //Copy the original key
Sergunb 0:8918a71cdbe9 224 for(i = 0; i < keyLength; i++)
Sergunb 0:8918a71cdbe9 225 context->ek[i] = LOAD32LE(key + (i * 4));
Sergunb 0:8918a71cdbe9 226
Sergunb 0:8918a71cdbe9 227 //The size of the key schedule depends on the number of rounds
Sergunb 0:8918a71cdbe9 228 keyScheduleSize = 4 * (context->nr + 1);
Sergunb 0:8918a71cdbe9 229
Sergunb 0:8918a71cdbe9 230 //Generate the key schedule (encryption)
Sergunb 0:8918a71cdbe9 231 for(i = keyLength; i < keyScheduleSize; i++)
Sergunb 0:8918a71cdbe9 232 {
Sergunb 0:8918a71cdbe9 233 //Save previous word
Sergunb 0:8918a71cdbe9 234 temp = context->ek[i - 1];
Sergunb 0:8918a71cdbe9 235
Sergunb 0:8918a71cdbe9 236 //Apply transformation
Sergunb 0:8918a71cdbe9 237 if((i % keyLength) == 0)
Sergunb 0:8918a71cdbe9 238 {
Sergunb 0:8918a71cdbe9 239 context->ek[i] = sbox[(temp >> 8) & 0xFF];
Sergunb 0:8918a71cdbe9 240 context->ek[i] |= (sbox[(temp >> 16) & 0xFF] << 8);
Sergunb 0:8918a71cdbe9 241 context->ek[i] |= (sbox[(temp >> 24) & 0xFF] << 16);
Sergunb 0:8918a71cdbe9 242 context->ek[i] |= (sbox[temp & 0xFF] << 24);
Sergunb 0:8918a71cdbe9 243 context->ek[i] ^= rcon[i / keyLength];
Sergunb 0:8918a71cdbe9 244 }
Sergunb 0:8918a71cdbe9 245 else if(keyLength > 6 && (i % keyLength) == 4)
Sergunb 0:8918a71cdbe9 246 {
Sergunb 0:8918a71cdbe9 247 context->ek[i] = sbox[temp & 0xFF];
Sergunb 0:8918a71cdbe9 248 context->ek[i] |= (sbox[(temp >> 8) & 0xFF] << 8);
Sergunb 0:8918a71cdbe9 249 context->ek[i] |= (sbox[(temp >> 16) & 0xFF] << 16);
Sergunb 0:8918a71cdbe9 250 context->ek[i] |= (sbox[(temp >> 24) & 0xFF] << 24);
Sergunb 0:8918a71cdbe9 251 }
Sergunb 0:8918a71cdbe9 252 else
Sergunb 0:8918a71cdbe9 253 {
Sergunb 0:8918a71cdbe9 254 context->ek[i] = temp;
Sergunb 0:8918a71cdbe9 255 }
Sergunb 0:8918a71cdbe9 256
Sergunb 0:8918a71cdbe9 257 //Update the key schedule
Sergunb 0:8918a71cdbe9 258 context->ek[i] ^= context->ek[i - keyLength];
Sergunb 0:8918a71cdbe9 259 }
Sergunb 0:8918a71cdbe9 260
Sergunb 0:8918a71cdbe9 261 //Generate the key schedule (decryption)
Sergunb 0:8918a71cdbe9 262 for(i = 0; i < keyScheduleSize; i++)
Sergunb 0:8918a71cdbe9 263 {
Sergunb 0:8918a71cdbe9 264 //Apply the InvMixColumns transformation to all round keys
Sergunb 0:8918a71cdbe9 265 //but the first and the last
Sergunb 0:8918a71cdbe9 266 if(i < 4 || i >= (keyScheduleSize - 4))
Sergunb 0:8918a71cdbe9 267 {
Sergunb 0:8918a71cdbe9 268 context->dk[i] = context->ek[i];
Sergunb 0:8918a71cdbe9 269 }
Sergunb 0:8918a71cdbe9 270 else
Sergunb 0:8918a71cdbe9 271 {
Sergunb 0:8918a71cdbe9 272 context->dk[i] = td[sbox[context->ek[i] & 0xFF]];
Sergunb 0:8918a71cdbe9 273 temp = td[sbox[(context->ek[i] >> 8) & 0xFF]];
Sergunb 0:8918a71cdbe9 274 context->dk[i] ^= ROL32(temp, 8);
Sergunb 0:8918a71cdbe9 275 temp = td[sbox[(context->ek[i] >> 16) & 0xFF]];
Sergunb 0:8918a71cdbe9 276 context->dk[i] ^= ROL32(temp, 16);
Sergunb 0:8918a71cdbe9 277 temp = td[sbox[(context->ek[i] >> 24) & 0xFF]];
Sergunb 0:8918a71cdbe9 278 context->dk[i] ^= ROL32(temp, 24);
Sergunb 0:8918a71cdbe9 279 }
Sergunb 0:8918a71cdbe9 280 }
Sergunb 0:8918a71cdbe9 281
Sergunb 0:8918a71cdbe9 282 //No error to report
Sergunb 0:8918a71cdbe9 283 return NO_ERROR;
Sergunb 0:8918a71cdbe9 284 }
Sergunb 0:8918a71cdbe9 285
Sergunb 0:8918a71cdbe9 286
Sergunb 0:8918a71cdbe9 287 /**
Sergunb 0:8918a71cdbe9 288 * @brief Encrypt a 16-byte block using AES algorithm
Sergunb 0:8918a71cdbe9 289 * @param[in] context Pointer to the AES context
Sergunb 0:8918a71cdbe9 290 * @param[in] input Plaintext block to encrypt
Sergunb 0:8918a71cdbe9 291 * @param[out] output Ciphertext block resulting from encryption
Sergunb 0:8918a71cdbe9 292 **/
Sergunb 0:8918a71cdbe9 293
Sergunb 0:8918a71cdbe9 294 void aesEncryptBlock(AesContext *context, const uint8_t *input, uint8_t *output)
Sergunb 0:8918a71cdbe9 295 {
Sergunb 0:8918a71cdbe9 296 uint_t i;
Sergunb 0:8918a71cdbe9 297 uint32_t s0;
Sergunb 0:8918a71cdbe9 298 uint32_t s1;
Sergunb 0:8918a71cdbe9 299 uint32_t s2;
Sergunb 0:8918a71cdbe9 300 uint32_t s3;
Sergunb 0:8918a71cdbe9 301 uint32_t t0;
Sergunb 0:8918a71cdbe9 302 uint32_t t1;
Sergunb 0:8918a71cdbe9 303 uint32_t t2;
Sergunb 0:8918a71cdbe9 304 uint32_t t3;
Sergunb 0:8918a71cdbe9 305 uint32_t temp;
Sergunb 0:8918a71cdbe9 306
Sergunb 0:8918a71cdbe9 307 //Copy the plaintext to the state array
Sergunb 0:8918a71cdbe9 308 s0 = LOAD32LE(input + 0);
Sergunb 0:8918a71cdbe9 309 s1 = LOAD32LE(input + 4);
Sergunb 0:8918a71cdbe9 310 s2 = LOAD32LE(input + 8);
Sergunb 0:8918a71cdbe9 311 s3 = LOAD32LE(input + 12);
Sergunb 0:8918a71cdbe9 312
Sergunb 0:8918a71cdbe9 313 //Initial round key addition
Sergunb 0:8918a71cdbe9 314 s0 ^= context->ek[0];
Sergunb 0:8918a71cdbe9 315 s1 ^= context->ek[1];
Sergunb 0:8918a71cdbe9 316 s2 ^= context->ek[2];
Sergunb 0:8918a71cdbe9 317 s3 ^= context->ek[3];
Sergunb 0:8918a71cdbe9 318
Sergunb 0:8918a71cdbe9 319 //The number of rounds depends on the key length
Sergunb 0:8918a71cdbe9 320 for(i = 1; i < context->nr; i++)
Sergunb 0:8918a71cdbe9 321 {
Sergunb 0:8918a71cdbe9 322 //Apply round function
Sergunb 0:8918a71cdbe9 323 t0 = te[s0 & 0xFF];
Sergunb 0:8918a71cdbe9 324 temp = te[(s1 >> 8) & 0xFF];
Sergunb 0:8918a71cdbe9 325 t0 ^= ROL32(temp, 8);
Sergunb 0:8918a71cdbe9 326 temp = te[(s2 >> 16) & 0xFF];
Sergunb 0:8918a71cdbe9 327 t0 ^= ROL32(temp, 16);
Sergunb 0:8918a71cdbe9 328 temp = te[(s3 >> 24) & 0xFF];
Sergunb 0:8918a71cdbe9 329 t0 ^= ROL32(temp, 24);
Sergunb 0:8918a71cdbe9 330
Sergunb 0:8918a71cdbe9 331 t1 = te[s1 & 0xFF];
Sergunb 0:8918a71cdbe9 332 temp = te[(s2 >> 8) & 0xFF];
Sergunb 0:8918a71cdbe9 333 t1 ^= ROL32(temp, 8);
Sergunb 0:8918a71cdbe9 334 temp = te[(s3 >> 16) & 0xFF];
Sergunb 0:8918a71cdbe9 335 t1 ^= ROL32(temp, 16);
Sergunb 0:8918a71cdbe9 336 temp = te[(s0 >> 24) & 0xFF];
Sergunb 0:8918a71cdbe9 337 t1 ^= ROL32(temp, 24);
Sergunb 0:8918a71cdbe9 338
Sergunb 0:8918a71cdbe9 339 t2 = te[s2 & 0xFF];
Sergunb 0:8918a71cdbe9 340 temp = te[(s3 >> 8) & 0xFF];
Sergunb 0:8918a71cdbe9 341 t2 ^= ROL32(temp, 8);
Sergunb 0:8918a71cdbe9 342 temp = te[(s0 >> 16) & 0xFF];
Sergunb 0:8918a71cdbe9 343 t2 ^= ROL32(temp, 16);
Sergunb 0:8918a71cdbe9 344 temp = te[(s1 >> 24) & 0xFF];
Sergunb 0:8918a71cdbe9 345 t2 ^= ROL32(temp, 24);
Sergunb 0:8918a71cdbe9 346
Sergunb 0:8918a71cdbe9 347 t3 = te[s3 & 0xFF];
Sergunb 0:8918a71cdbe9 348 temp = te[(s0 >> 8) & 0xFF];
Sergunb 0:8918a71cdbe9 349 t3 ^= ROL32(temp, 8);
Sergunb 0:8918a71cdbe9 350 temp = te[(s1 >> 16) & 0xFF];
Sergunb 0:8918a71cdbe9 351 t3 ^= ROL32(temp, 16);
Sergunb 0:8918a71cdbe9 352 temp = te[(s2 >> 24) & 0xFF];
Sergunb 0:8918a71cdbe9 353 t3 ^= ROL32(temp, 24);
Sergunb 0:8918a71cdbe9 354
Sergunb 0:8918a71cdbe9 355 //Round key addition
Sergunb 0:8918a71cdbe9 356 s0 = t0 ^ context->ek[i * 4];
Sergunb 0:8918a71cdbe9 357 s1 = t1 ^ context->ek[i * 4 + 1];
Sergunb 0:8918a71cdbe9 358 s2 = t2 ^ context->ek[i * 4 + 2];
Sergunb 0:8918a71cdbe9 359 s3 = t3 ^ context->ek[i * 4 + 3];
Sergunb 0:8918a71cdbe9 360 }
Sergunb 0:8918a71cdbe9 361
Sergunb 0:8918a71cdbe9 362 //The last round differs slightly from the first rounds
Sergunb 0:8918a71cdbe9 363 t0 = sbox[s0 & 0xFF];
Sergunb 0:8918a71cdbe9 364 t0 |= sbox[(s1 >> 8) & 0xFF] << 8;
Sergunb 0:8918a71cdbe9 365 t0 |= sbox[(s2 >> 16) & 0xFF] << 16;
Sergunb 0:8918a71cdbe9 366 t0 |= sbox[(s3 >> 24) & 0xFF] << 24;
Sergunb 0:8918a71cdbe9 367
Sergunb 0:8918a71cdbe9 368 t1 = sbox[s1 & 0xFF];
Sergunb 0:8918a71cdbe9 369 t1 |= sbox[(s2 >> 8) & 0xFF] << 8;
Sergunb 0:8918a71cdbe9 370 t1 |= sbox[(s3 >> 16) & 0xFF] << 16;
Sergunb 0:8918a71cdbe9 371 t1 |= sbox[(s0 >> 24) & 0xFF] << 24;
Sergunb 0:8918a71cdbe9 372
Sergunb 0:8918a71cdbe9 373 t2 = sbox[s2 & 0xFF];
Sergunb 0:8918a71cdbe9 374 t2 |= sbox[(s3 >> 8) & 0xFF] << 8;
Sergunb 0:8918a71cdbe9 375 t2 |= sbox[(s0 >> 16) & 0xFF] << 16;
Sergunb 0:8918a71cdbe9 376 t2 |= sbox[(s1 >> 24) & 0xFF] << 24;
Sergunb 0:8918a71cdbe9 377
Sergunb 0:8918a71cdbe9 378 t3 = sbox[s3 & 0xFF];
Sergunb 0:8918a71cdbe9 379 t3 |= sbox[(s0 >> 8) & 0xFF] << 8;
Sergunb 0:8918a71cdbe9 380 t3 |= sbox[(s1 >> 16) & 0xFF] << 16;
Sergunb 0:8918a71cdbe9 381 t3 |= sbox[(s2 >> 24) & 0xFF] << 24;
Sergunb 0:8918a71cdbe9 382
Sergunb 0:8918a71cdbe9 383 //Last round key addition
Sergunb 0:8918a71cdbe9 384 s0 = t0 ^ context->ek[context->nr * 4];
Sergunb 0:8918a71cdbe9 385 s1 = t1 ^ context->ek[context->nr * 4 + 1];
Sergunb 0:8918a71cdbe9 386 s2 = t2 ^ context->ek[context->nr * 4 + 2];
Sergunb 0:8918a71cdbe9 387 s3 = t3 ^ context->ek[context->nr * 4 + 3];
Sergunb 0:8918a71cdbe9 388
Sergunb 0:8918a71cdbe9 389 //The final state is then copied to the output
Sergunb 0:8918a71cdbe9 390 STORE32LE(s0, output + 0);
Sergunb 0:8918a71cdbe9 391 STORE32LE(s1, output + 4);
Sergunb 0:8918a71cdbe9 392 STORE32LE(s2, output + 8);
Sergunb 0:8918a71cdbe9 393 STORE32LE(s3, output + 12);
Sergunb 0:8918a71cdbe9 394 }
Sergunb 0:8918a71cdbe9 395
Sergunb 0:8918a71cdbe9 396
Sergunb 0:8918a71cdbe9 397 /**
Sergunb 0:8918a71cdbe9 398 * @brief Decrypt a 16-byte block using AES algorithm
Sergunb 0:8918a71cdbe9 399 * @param[in] context Pointer to the AES context
Sergunb 0:8918a71cdbe9 400 * @param[in] input Ciphertext block to decrypt
Sergunb 0:8918a71cdbe9 401 * @param[out] output Plaintext block resulting from decryption
Sergunb 0:8918a71cdbe9 402 **/
Sergunb 0:8918a71cdbe9 403
Sergunb 0:8918a71cdbe9 404 void aesDecryptBlock(AesContext *context, const uint8_t *input, uint8_t *output)
Sergunb 0:8918a71cdbe9 405 {
Sergunb 0:8918a71cdbe9 406 uint_t i;
Sergunb 0:8918a71cdbe9 407 uint32_t s0;
Sergunb 0:8918a71cdbe9 408 uint32_t s1;
Sergunb 0:8918a71cdbe9 409 uint32_t s2;
Sergunb 0:8918a71cdbe9 410 uint32_t s3;
Sergunb 0:8918a71cdbe9 411 uint32_t t0;
Sergunb 0:8918a71cdbe9 412 uint32_t t1;
Sergunb 0:8918a71cdbe9 413 uint32_t t2;
Sergunb 0:8918a71cdbe9 414 uint32_t t3;
Sergunb 0:8918a71cdbe9 415 uint32_t temp;
Sergunb 0:8918a71cdbe9 416
Sergunb 0:8918a71cdbe9 417 //Copy the ciphertext to the state array
Sergunb 0:8918a71cdbe9 418 s0 = LOAD32LE(input + 0);
Sergunb 0:8918a71cdbe9 419 s1 = LOAD32LE(input + 4);
Sergunb 0:8918a71cdbe9 420 s2 = LOAD32LE(input + 8);
Sergunb 0:8918a71cdbe9 421 s3 = LOAD32LE(input + 12);
Sergunb 0:8918a71cdbe9 422
Sergunb 0:8918a71cdbe9 423 //Initial round key addition
Sergunb 0:8918a71cdbe9 424 s0 ^= context->dk[context->nr * 4];
Sergunb 0:8918a71cdbe9 425 s1 ^= context->dk[context->nr * 4 + 1];
Sergunb 0:8918a71cdbe9 426 s2 ^= context->dk[context->nr * 4 + 2];
Sergunb 0:8918a71cdbe9 427 s3 ^= context->dk[context->nr * 4 + 3];
Sergunb 0:8918a71cdbe9 428
Sergunb 0:8918a71cdbe9 429 //The number of rounds depends on the key length
Sergunb 0:8918a71cdbe9 430 for(i = context->nr - 1; i >= 1; i--)
Sergunb 0:8918a71cdbe9 431 {
Sergunb 0:8918a71cdbe9 432 //Apply round function
Sergunb 0:8918a71cdbe9 433 t0 = td[s0 & 0xFF];
Sergunb 0:8918a71cdbe9 434 temp = td[(s3 >> 8) & 0xFF];
Sergunb 0:8918a71cdbe9 435 t0 ^= ROL32(temp, 8);
Sergunb 0:8918a71cdbe9 436 temp = td[(s2 >> 16) & 0xFF];
Sergunb 0:8918a71cdbe9 437 t0 ^= ROL32(temp, 16);
Sergunb 0:8918a71cdbe9 438 temp = td[(s1 >> 24) & 0xFF];
Sergunb 0:8918a71cdbe9 439 t0 ^= ROL32(temp, 24);
Sergunb 0:8918a71cdbe9 440
Sergunb 0:8918a71cdbe9 441 t1 = td[s1 & 0xFF];
Sergunb 0:8918a71cdbe9 442 temp = td[(s0 >> 8) & 0xFF];
Sergunb 0:8918a71cdbe9 443 t1 ^= ROL32(temp, 8);
Sergunb 0:8918a71cdbe9 444 temp = td[(s3 >> 16) & 0xFF];
Sergunb 0:8918a71cdbe9 445 t1 ^= ROL32(temp, 16);
Sergunb 0:8918a71cdbe9 446 temp = td[(s2 >> 24) & 0xFF];
Sergunb 0:8918a71cdbe9 447 t1 ^= ROL32(temp, 24);
Sergunb 0:8918a71cdbe9 448
Sergunb 0:8918a71cdbe9 449 t2 = td[s2 & 0xFF];
Sergunb 0:8918a71cdbe9 450 temp = td[(s1 >> 8) & 0xFF];
Sergunb 0:8918a71cdbe9 451 t2 ^= ROL32(temp, 8);
Sergunb 0:8918a71cdbe9 452 temp = td[(s0 >> 16) & 0xFF];
Sergunb 0:8918a71cdbe9 453 t2 ^= ROL32(temp, 16);
Sergunb 0:8918a71cdbe9 454 temp = td[(s3 >> 24) & 0xFF];
Sergunb 0:8918a71cdbe9 455 t2 ^= ROL32(temp, 24);
Sergunb 0:8918a71cdbe9 456
Sergunb 0:8918a71cdbe9 457 t3 = td[s3 & 0xFF];
Sergunb 0:8918a71cdbe9 458 temp = td[(s2 >> 8) & 0xFF];
Sergunb 0:8918a71cdbe9 459 t3 ^= ROL32(temp, 8);
Sergunb 0:8918a71cdbe9 460 temp = td[(s1 >> 16) & 0xFF];
Sergunb 0:8918a71cdbe9 461 t3 ^= ROL32(temp, 16);
Sergunb 0:8918a71cdbe9 462 temp = td[(s0 >> 24) & 0xFF];
Sergunb 0:8918a71cdbe9 463 t3 ^= ROL32(temp, 24);
Sergunb 0:8918a71cdbe9 464
Sergunb 0:8918a71cdbe9 465 //Round key addition
Sergunb 0:8918a71cdbe9 466 s0 = t0 ^ context->dk[i * 4];
Sergunb 0:8918a71cdbe9 467 s1 = t1 ^ context->dk[i * 4 + 1];
Sergunb 0:8918a71cdbe9 468 s2 = t2 ^ context->dk[i * 4 + 2];
Sergunb 0:8918a71cdbe9 469 s3 = t3 ^ context->dk[i * 4 + 3];
Sergunb 0:8918a71cdbe9 470 }
Sergunb 0:8918a71cdbe9 471
Sergunb 0:8918a71cdbe9 472 //The last round differs slightly from the first rounds
Sergunb 0:8918a71cdbe9 473 t0 = isbox[s0 & 0xFF];
Sergunb 0:8918a71cdbe9 474 t0 |= isbox[(s3 >> 8) & 0xFF] << 8;
Sergunb 0:8918a71cdbe9 475 t0 |= isbox[(s2 >> 16) & 0xFF] << 16;
Sergunb 0:8918a71cdbe9 476 t0 |= isbox[(s1 >> 24) & 0xFF] << 24;
Sergunb 0:8918a71cdbe9 477
Sergunb 0:8918a71cdbe9 478 t1 = isbox[s1 & 0xFF];
Sergunb 0:8918a71cdbe9 479 t1 |= isbox[(s0 >> 8) & 0xFF] << 8;
Sergunb 0:8918a71cdbe9 480 t1 |= isbox[(s3 >> 16) & 0xFF] << 16;
Sergunb 0:8918a71cdbe9 481 t1 |= isbox[(s2 >> 24) & 0xFF] << 24;
Sergunb 0:8918a71cdbe9 482
Sergunb 0:8918a71cdbe9 483 t2 = isbox[s2 & 0xFF];
Sergunb 0:8918a71cdbe9 484 t2 |= isbox[(s1 >> 8) & 0xFF] << 8;
Sergunb 0:8918a71cdbe9 485 t2 |= isbox[(s0 >> 16) & 0xFF] << 16;
Sergunb 0:8918a71cdbe9 486 t2 |= isbox[(s3 >> 24) & 0xFF] << 24;
Sergunb 0:8918a71cdbe9 487
Sergunb 0:8918a71cdbe9 488 t3 = isbox[s3 & 0xFF];
Sergunb 0:8918a71cdbe9 489 t3 |= isbox[(s2 >> 8) & 0xFF] << 8;
Sergunb 0:8918a71cdbe9 490 t3 |= isbox[(s1 >> 16) & 0xFF] << 16;
Sergunb 0:8918a71cdbe9 491 t3 |= isbox[(s0 >> 24) & 0xFF] << 24;
Sergunb 0:8918a71cdbe9 492
Sergunb 0:8918a71cdbe9 493 //Last round key addition
Sergunb 0:8918a71cdbe9 494 s0 = t0 ^ context->dk[0];
Sergunb 0:8918a71cdbe9 495 s1 = t1 ^ context->dk[1];
Sergunb 0:8918a71cdbe9 496 s2 = t2 ^ context->dk[2];
Sergunb 0:8918a71cdbe9 497 s3 = t3 ^ context->dk[3];
Sergunb 0:8918a71cdbe9 498
Sergunb 0:8918a71cdbe9 499 //The final state is then copied to the output
Sergunb 0:8918a71cdbe9 500 STORE32LE(s0, output + 0);
Sergunb 0:8918a71cdbe9 501 STORE32LE(s1, output + 4);
Sergunb 0:8918a71cdbe9 502 STORE32LE(s2, output + 8);
Sergunb 0:8918a71cdbe9 503 STORE32LE(s3, output + 12);
Sergunb 0:8918a71cdbe9 504 }
Sergunb 0:8918a71cdbe9 505
Sergunb 0:8918a71cdbe9 506 #endif
Sergunb 0:8918a71cdbe9 507