Webserver+3d print
Embed:
(wiki syntax)
Show/hide line numbers
aria.c
Go to the documentation of this file.
00001 /** 00002 * @file aria.c 00003 * @brief ARIA encryption algorithm 00004 * 00005 * @section License 00006 * 00007 * Copyright (C) 2010-2017 Oryx Embedded SARL. All rights reserved. 00008 * 00009 * This file is part of CycloneCrypto Open. 00010 * 00011 * This program is free software; you can redistribute it and/or 00012 * modify it under the terms of the GNU General Public License 00013 * as published by the Free Software Foundation; either version 2 00014 * of the License, or (at your option) any later version. 00015 * 00016 * This program is distributed in the hope that it will be useful, 00017 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00018 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00019 * GNU General Public License for more details. 00020 * 00021 * You should have received a copy of the GNU General Public License 00022 * along with this program; if not, write to the Free Software Foundation, 00023 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 00024 * 00025 * @section Description 00026 * 00027 * ARIA is a 128-bit block cipher with 128-, 192-, and 256-bit keys. The 00028 * algorithm consists of a key scheduling part and data randomizing part. 00029 * Refer to RFC 5794 for more details 00030 * 00031 * @author Oryx Embedded SARL (www.oryx-embedded.com) 00032 * @version 1.7.6 00033 **/ 00034 00035 //Switch to the appropriate trace level 00036 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL 00037 00038 //Dependencies 00039 #include <string.h> 00040 #include "crypto.h" 00041 #include "aria.h" 00042 #include "debug.h" 00043 00044 //Check crypto library configuration 00045 #if (ARIA_SUPPORT == ENABLED) 00046 00047 //Move operation 00048 #define MOV128(b, a) \ 00049 { \ 00050 (b)[0] = (a)[0]; \ 00051 (b)[1] = (a)[1]; \ 00052 (b)[2] = (a)[2]; \ 00053 (b)[3] = (a)[3]; \ 00054 } 00055 00056 //XOR operation 00057 #define XOR128(b, a) \ 00058 { \ 00059 (b)[0] ^= (a)[0]; \ 00060 (b)[1] ^= (a)[1]; \ 00061 (b)[2] ^= (a)[2]; \ 00062 (b)[3] ^= (a)[3]; \ 00063 } 00064 00065 //Rotate left operation 00066 #define ROL128(b, a, n) \ 00067 { \ 00068 (b)[0] = ((a)[((n) / 32 + 0) % 4] << ((n) % 32)) | ((a)[((n) / 32 + 1) % 4] >> (32 - ((n) % 32))); \ 00069 (b)[1] = ((a)[((n) / 32 + 1) % 4] << ((n) % 32)) | ((a)[((n) / 32 + 2) % 4] >> (32 - ((n) % 32))); \ 00070 (b)[2] = ((a)[((n) / 32 + 2) % 4] << ((n) % 32)) | ((a)[((n) / 32 + 3) % 4] >> (32 - ((n) % 32))); \ 00071 (b)[3] = ((a)[((n) / 32 + 3) % 4] << ((n) % 32)) | ((a)[((n) / 32 + 0) % 4] >> (32 - ((n) % 32))); \ 00072 } 00073 00074 //Substitution layer SL1 00075 #define SL1(b, a) \ 00076 { \ 00077 uint8_t *x = (uint8_t *) (a); \ 00078 uint8_t *y = (uint8_t *) (b); \ 00079 y[0] = sb1[x[0]]; \ 00080 y[1] = sb2[x[1]]; \ 00081 y[2] = sb3[x[2]]; \ 00082 y[3] = sb4[x[3]]; \ 00083 y[4] = sb1[x[4]]; \ 00084 y[5] = sb2[x[5]]; \ 00085 y[6] = sb3[x[6]]; \ 00086 y[7] = sb4[x[7]]; \ 00087 y[8] = sb1[x[8]]; \ 00088 y[9] = sb2[x[9]]; \ 00089 y[10] = sb3[x[10]]; \ 00090 y[11] = sb4[x[11]]; \ 00091 y[12] = sb1[x[12]]; \ 00092 y[13] = sb2[x[13]]; \ 00093 y[14] = sb3[x[14]]; \ 00094 y[15] = sb4[x[15]]; \ 00095 } 00096 00097 //Substitution layer SL2 00098 #define SL2(b, a) \ 00099 { \ 00100 uint8_t *x = (uint8_t *) (a); \ 00101 uint8_t *y = (uint8_t *) (b); \ 00102 y[0] = sb3[x[0]]; \ 00103 y[1] = sb4[x[1]]; \ 00104 y[2] = sb1[x[2]]; \ 00105 y[3] = sb2[x[3]]; \ 00106 y[4] = sb3[x[4]]; \ 00107 y[5] = sb4[x[5]]; \ 00108 y[6] = sb1[x[6]]; \ 00109 y[7] = sb2[x[7]]; \ 00110 y[8] = sb3[x[8]]; \ 00111 y[9] = sb4[x[9]]; \ 00112 y[10] = sb1[x[10]]; \ 00113 y[11] = sb2[x[11]]; \ 00114 y[12] = sb3[x[12]]; \ 00115 y[13] = sb4[x[13]]; \ 00116 y[14] = sb1[x[14]]; \ 00117 y[15] = sb2[x[15]]; \ 00118 } 00119 00120 //Diffusion layer 00121 #define A(b, a) \ 00122 { \ 00123 uint8_t *x = (uint8_t *) (a); \ 00124 uint8_t *y = (uint8_t *) (b); \ 00125 y[0] = x[3] ^ x[4] ^ x[6] ^ x[8] ^ x[9] ^ x[13] ^ x[14]; \ 00126 y[1] = x[2] ^ x[5] ^ x[7] ^ x[8] ^ x[9] ^ x[12] ^ x[15]; \ 00127 y[2] = x[1] ^ x[4] ^ x[6] ^ x[10] ^ x[11] ^ x[12] ^ x[15]; \ 00128 y[3] = x[0] ^ x[5] ^ x[7] ^ x[10] ^ x[11] ^ x[13] ^ x[14]; \ 00129 y[4] = x[0] ^ x[2] ^ x[5] ^ x[8] ^ x[11] ^ x[14] ^ x[15]; \ 00130 y[5] = x[1] ^ x[3] ^ x[4] ^ x[9] ^ x[10] ^ x[14] ^ x[15]; \ 00131 y[6] = x[0] ^ x[2] ^ x[7] ^ x[9] ^ x[10] ^ x[12] ^ x[13]; \ 00132 y[7] = x[1] ^ x[3] ^ x[6] ^ x[8] ^ x[11] ^ x[12] ^ x[13]; \ 00133 y[8] = x[0] ^ x[1] ^ x[4] ^ x[7] ^ x[10] ^ x[13] ^ x[15]; \ 00134 y[9] = x[0] ^ x[1] ^ x[5] ^ x[6] ^ x[11] ^ x[12] ^ x[14]; \ 00135 y[10] = x[2] ^ x[3] ^ x[5] ^ x[6] ^ x[8] ^ x[13] ^ x[15]; \ 00136 y[11] = x[2] ^ x[3] ^ x[4] ^ x[7] ^ x[9] ^ x[12] ^ x[14]; \ 00137 y[12] = x[1] ^ x[2] ^ x[6] ^ x[7] ^ x[9] ^ x[11] ^ x[12]; \ 00138 y[13] = x[0] ^ x[3] ^ x[6] ^ x[7] ^ x[8] ^ x[10] ^ x[13]; \ 00139 y[14] = x[0] ^ x[3] ^ x[4] ^ x[5] ^ x[9] ^ x[11] ^ x[14]; \ 00140 y[15] = x[1] ^ x[2] ^ x[4] ^ x[5] ^ x[8] ^ x[10] ^ x[15]; \ 00141 } 00142 00143 //S-box 1 00144 static const uint8_t sb1[256] = 00145 { 00146 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, 00147 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, 00148 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15, 00149 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75, 00150 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, 00151 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF, 00152 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8, 00153 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, 00154 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73, 00155 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB, 00156 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, 00157 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08, 00158 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A, 00159 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, 00160 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF, 00161 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16 00162 }; 00163 00164 //S-box 2 00165 static const uint8_t sb2[256] = 00166 { 00167 0xE2, 0x4E, 0x54, 0xFC, 0x94, 0xC2, 0x4A, 0xCC, 0x62, 0x0D, 0x6A, 0x46, 0x3C, 0x4D, 0x8B, 0xD1, 00168 0x5E, 0xFA, 0x64, 0xCB, 0xB4, 0x97, 0xBE, 0x2B, 0xBC, 0x77, 0x2E, 0x03, 0xD3, 0x19, 0x59, 0xC1, 00169 0x1D, 0x06, 0x41, 0x6B, 0x55, 0xF0, 0x99, 0x69, 0xEA, 0x9C, 0x18, 0xAE, 0x63, 0xDF, 0xE7, 0xBB, 00170 0x00, 0x73, 0x66, 0xFB, 0x96, 0x4C, 0x85, 0xE4, 0x3A, 0x09, 0x45, 0xAA, 0x0F, 0xEE, 0x10, 0xEB, 00171 0x2D, 0x7F, 0xF4, 0x29, 0xAC, 0xCF, 0xAD, 0x91, 0x8D, 0x78, 0xC8, 0x95, 0xF9, 0x2F, 0xCE, 0xCD, 00172 0x08, 0x7A, 0x88, 0x38, 0x5C, 0x83, 0x2A, 0x28, 0x47, 0xDB, 0xB8, 0xC7, 0x93, 0xA4, 0x12, 0x53, 00173 0xFF, 0x87, 0x0E, 0x31, 0x36, 0x21, 0x58, 0x48, 0x01, 0x8E, 0x37, 0x74, 0x32, 0xCA, 0xE9, 0xB1, 00174 0xB7, 0xAB, 0x0C, 0xD7, 0xC4, 0x56, 0x42, 0x26, 0x07, 0x98, 0x60, 0xD9, 0xB6, 0xB9, 0x11, 0x40, 00175 0xEC, 0x20, 0x8C, 0xBD, 0xA0, 0xC9, 0x84, 0x04, 0x49, 0x23, 0xF1, 0x4F, 0x50, 0x1F, 0x13, 0xDC, 00176 0xD8, 0xC0, 0x9E, 0x57, 0xE3, 0xC3, 0x7B, 0x65, 0x3B, 0x02, 0x8F, 0x3E, 0xE8, 0x25, 0x92, 0xE5, 00177 0x15, 0xDD, 0xFD, 0x17, 0xA9, 0xBF, 0xD4, 0x9A, 0x7E, 0xC5, 0x39, 0x67, 0xFE, 0x76, 0x9D, 0x43, 00178 0xA7, 0xE1, 0xD0, 0xF5, 0x68, 0xF2, 0x1B, 0x34, 0x70, 0x05, 0xA3, 0x8A, 0xD5, 0x79, 0x86, 0xA8, 00179 0x30, 0xC6, 0x51, 0x4B, 0x1E, 0xA6, 0x27, 0xF6, 0x35, 0xD2, 0x6E, 0x24, 0x16, 0x82, 0x5F, 0xDA, 00180 0xE6, 0x75, 0xA2, 0xEF, 0x2C, 0xB2, 0x1C, 0x9F, 0x5D, 0x6F, 0x80, 0x0A, 0x72, 0x44, 0x9B, 0x6C, 00181 0x90, 0x0B, 0x5B, 0x33, 0x7D, 0x5A, 0x52, 0xF3, 0x61, 0xA1, 0xF7, 0xB0, 0xD6, 0x3F, 0x7C, 0x6D, 00182 0xED, 0x14, 0xE0, 0xA5, 0x3D, 0x22, 0xB3, 0xF8, 0x89, 0xDE, 0x71, 0x1A, 0xAF, 0xBA, 0xB5, 0x81 00183 }; 00184 00185 //S-box 3 00186 static const uint8_t sb3[256] = 00187 { 00188 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB, 00189 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB, 00190 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E, 00191 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25, 00192 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92, 00193 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84, 00194 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06, 00195 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B, 00196 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73, 00197 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E, 00198 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B, 00199 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4, 00200 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F, 00201 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF, 00202 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61, 00203 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D 00204 }; 00205 00206 //S-box 4 00207 static const uint8_t sb4[256] = 00208 { 00209 0x30, 0x68, 0x99, 0x1B, 0x87, 0xB9, 0x21, 0x78, 0x50, 0x39, 0xDB, 0xE1, 0x72, 0x09, 0x62, 0x3C, 00210 0x3E, 0x7E, 0x5E, 0x8E, 0xF1, 0xA0, 0xCC, 0xA3, 0x2A, 0x1D, 0xFB, 0xB6, 0xD6, 0x20, 0xC4, 0x8D, 00211 0x81, 0x65, 0xF5, 0x89, 0xCB, 0x9D, 0x77, 0xC6, 0x57, 0x43, 0x56, 0x17, 0xD4, 0x40, 0x1A, 0x4D, 00212 0xC0, 0x63, 0x6C, 0xE3, 0xB7, 0xC8, 0x64, 0x6A, 0x53, 0xAA, 0x38, 0x98, 0x0C, 0xF4, 0x9B, 0xED, 00213 0x7F, 0x22, 0x76, 0xAF, 0xDD, 0x3A, 0x0B, 0x58, 0x67, 0x88, 0x06, 0xC3, 0x35, 0x0D, 0x01, 0x8B, 00214 0x8C, 0xC2, 0xE6, 0x5F, 0x02, 0x24, 0x75, 0x93, 0x66, 0x1E, 0xE5, 0xE2, 0x54, 0xD8, 0x10, 0xCE, 00215 0x7A, 0xE8, 0x08, 0x2C, 0x12, 0x97, 0x32, 0xAB, 0xB4, 0x27, 0x0A, 0x23, 0xDF, 0xEF, 0xCA, 0xD9, 00216 0xB8, 0xFA, 0xDC, 0x31, 0x6B, 0xD1, 0xAD, 0x19, 0x49, 0xBD, 0x51, 0x96, 0xEE, 0xE4, 0xA8, 0x41, 00217 0xDA, 0xFF, 0xCD, 0x55, 0x86, 0x36, 0xBE, 0x61, 0x52, 0xF8, 0xBB, 0x0E, 0x82, 0x48, 0x69, 0x9A, 00218 0xE0, 0x47, 0x9E, 0x5C, 0x04, 0x4B, 0x34, 0x15, 0x79, 0x26, 0xA7, 0xDE, 0x29, 0xAE, 0x92, 0xD7, 00219 0x84, 0xE9, 0xD2, 0xBA, 0x5D, 0xF3, 0xC5, 0xB0, 0xBF, 0xA4, 0x3B, 0x71, 0x44, 0x46, 0x2B, 0xFC, 00220 0xEB, 0x6F, 0xD5, 0xF6, 0x14, 0xFE, 0x7C, 0x70, 0x5A, 0x7D, 0xFD, 0x2F, 0x18, 0x83, 0x16, 0xA5, 00221 0x91, 0x1F, 0x05, 0x95, 0x74, 0xA9, 0xC1, 0x5B, 0x4A, 0x85, 0x6D, 0x13, 0x07, 0x4F, 0x4E, 0x45, 00222 0xB2, 0x0F, 0xC9, 0x1C, 0xA6, 0xBC, 0xEC, 0x73, 0x90, 0x7B, 0xCF, 0x59, 0x8F, 0xA1, 0xF9, 0x2D, 00223 0xF2, 0xB1, 0x00, 0x94, 0x37, 0x9F, 0xD0, 0x2E, 0x9C, 0x6E, 0x28, 0x3F, 0x80, 0xF0, 0x3D, 0xD3, 00224 0x25, 0x8A, 0xB5, 0xE7, 0x42, 0xB3, 0xC7, 0xEA, 0xF7, 0x4C, 0x11, 0x33, 0x03, 0xA2, 0xAC, 0x60 00225 }; 00226 00227 //Key scheduling constants 00228 static const uint32_t c[12] = 00229 { 00230 BETOH32(0x517CC1B7), BETOH32(0x27220A94), BETOH32(0xFE13ABE8), BETOH32(0xFA9A6EE0), 00231 BETOH32(0x6DB14ACC), BETOH32(0x9E21C820), BETOH32(0xFF28B1D5), BETOH32(0xEF5DE2B0), 00232 BETOH32(0xDB92371D), BETOH32(0x2126E970), BETOH32(0x03249775), BETOH32(0x04E8C90E) 00233 }; 00234 00235 //Common interface for encryption algorithms 00236 const CipherAlgo ariaCipherAlgo = 00237 { 00238 "ARIA", 00239 sizeof(AriaContext), 00240 CIPHER_ALGO_TYPE_BLOCK, 00241 ARIA_BLOCK_SIZE, 00242 (CipherAlgoInit) ariaInit, 00243 NULL, 00244 NULL, 00245 (CipherAlgoEncryptBlock) ariaEncryptBlock, 00246 (CipherAlgoDecryptBlock) ariaDecryptBlock 00247 }; 00248 00249 00250 /** 00251 * @brief Odd round function 00252 * @param[in,out] d 128-bit string 00253 * @param[in] rk 128-bit string 00254 **/ 00255 00256 static void OF(uint32_t *d, const uint32_t *rk) 00257 { 00258 uint32_t t[4]; 00259 00260 //XOR D with RK 00261 XOR128(d, rk); 00262 //Substitution layer SL1 00263 SL1(t, d); 00264 //Diffusion layer 00265 A(d, t); 00266 } 00267 00268 00269 /** 00270 * @brief Even round function 00271 * @param[in,out] d 128-bit string 00272 * @param[in] rk 128-bit string 00273 **/ 00274 00275 static void EF(uint32_t *d, const uint32_t *rk) 00276 { 00277 uint32_t t[4]; 00278 00279 //XOR D with RK 00280 XOR128(d, rk); 00281 //Substitution layer SL2 00282 SL2(t, d); 00283 //Diffusion layer 00284 A(d, t); 00285 } 00286 00287 00288 /** 00289 * @brief Initialize a ARIA context using the supplied key 00290 * @param[in] context Pointer to the ARIA context to initialize 00291 * @param[in] key Pointer to the key 00292 * @param[in] keyLength Length of the key 00293 * @return Error code 00294 **/ 00295 00296 error_t ariaInit(AriaContext *context, const uint8_t *key, size_t keyLength) 00297 { 00298 uint_t i; 00299 uint32_t *ek; 00300 uint32_t *dk; 00301 const uint32_t *ck1; 00302 const uint32_t *ck2; 00303 const uint32_t *ck3; 00304 uint32_t w[16]; 00305 00306 //128-bit master key? 00307 if(keyLength == 16) 00308 { 00309 //Select the relevant constants 00310 ck1 = c + 0; 00311 ck2 = c + 4; 00312 ck3 = c + 8; 00313 //The number of rounds depends on the size of the master key 00314 context->nr = 12; 00315 } 00316 //192-bit master key? 00317 else if(keyLength == 24) 00318 { 00319 //Select the relevant constants 00320 ck1 = c + 4; 00321 ck2 = c + 8; 00322 ck3 = c + 0; 00323 //The number of rounds depends on the size of the master key 00324 context->nr = 14; 00325 } 00326 //256-bit master key? 00327 else if(keyLength == 32) 00328 { 00329 //Select the relevant constants 00330 ck1 = c + 8; 00331 ck2 = c + 0; 00332 ck3 = c + 4; 00333 //The number of rounds depends on the size of the master key 00334 context->nr = 16; 00335 } 00336 else 00337 { 00338 //Report an error 00339 return ERROR_INVALID_KEY_LENGTH; 00340 } 00341 00342 //Compute 128-bit values KL and KR 00343 memset(w, 0, sizeof(w)); 00344 memcpy(w, key, keyLength); 00345 00346 //Save KR... 00347 MOV128(w + 8, w + 4); 00348 00349 //Compute intermediate values W0, W1, W2, and W3 00350 MOV128(w + 4, w + 0); 00351 OF(w + 4, ck1); 00352 XOR128(w + 4, w + 8); 00353 00354 MOV128(w + 8, w + 4); 00355 EF(w + 8, ck2); 00356 XOR128(w + 8, w + 0); 00357 00358 MOV128(w + 12, w + 8); 00359 OF(w + 12, ck3); 00360 XOR128(w + 12, w + 4); 00361 00362 //Convert from big-endian byte order to host byte order 00363 for(i = 0; i < 16; i++) 00364 w[i] = betoh32(w[i]); 00365 00366 //Point to the encryption round keys 00367 ek = context->ek; 00368 00369 //Compute ek1, ..., ek17 as follow 00370 ROL128(ek + 0, w + 4, 109); 00371 XOR128(ek + 0, w + 0); 00372 ROL128(ek + 4, w + 8, 109); 00373 XOR128(ek + 4, w + 4); 00374 ROL128(ek + 8, w + 12, 109); 00375 XOR128(ek + 8, w + 8); 00376 ROL128(ek + 12, w + 0, 109); 00377 XOR128(ek + 12, w + 12); 00378 ROL128(ek + 16, w + 4, 97); 00379 XOR128(ek + 16, w + 0); 00380 ROL128(ek + 20, w + 8, 97); 00381 XOR128(ek + 20, w + 4); 00382 ROL128(ek + 24, w + 12, 97); 00383 XOR128(ek + 24, w + 8); 00384 ROL128(ek + 28, w + 0, 97); 00385 XOR128(ek + 28, w + 12); 00386 ROL128(ek + 32, w + 4, 61); 00387 XOR128(ek + 32, w + 0); 00388 ROL128(ek + 36, w + 8, 61); 00389 XOR128(ek + 36, w + 4); 00390 ROL128(ek + 40, w + 12, 61); 00391 XOR128(ek + 40, w + 8); 00392 ROL128(ek + 44, w + 0, 61); 00393 XOR128(ek + 44, w + 12); 00394 ROL128(ek + 48, w + 4, 31); 00395 XOR128(ek + 48, w + 0); 00396 ROL128(ek + 52, w + 8, 31); 00397 XOR128(ek + 52, w + 4); 00398 ROL128(ek + 56, w + 12, 31); 00399 XOR128(ek + 56, w + 8); 00400 ROL128(ek + 60, w + 0, 31); 00401 XOR128(ek + 60, w + 12); 00402 ROL128(ek + 64, w + 4, 19); 00403 XOR128(ek + 64, w + 0); 00404 00405 //Convert from host byte order to big-endian byte order 00406 for(i = 0; i < 68; i++) 00407 ek[i] = htobe32(ek[i]); 00408 00409 //Decryption round keys are derived from the encryption round keys 00410 dk = context->dk; 00411 //Compute dk1 00412 MOV128(dk + 0, ek + context->nr * 4); 00413 00414 //Compute dk2, ..., dk(n) 00415 for(i = 1; i < context->nr; i++) 00416 A(dk + i * 4, ek + (context->nr - i) * 4); 00417 00418 //Compute dk(n + 1) 00419 MOV128(dk + i * 4, ek + 0); 00420 00421 //No error to report 00422 return NO_ERROR; 00423 } 00424 00425 00426 /** 00427 * @brief Encrypt a 16-byte block using ARIA algorithm 00428 * @param[in] context Pointer to the ARIA context 00429 * @param[in] input Plaintext block to encrypt 00430 * @param[out] output Ciphertext block resulting from encryption 00431 **/ 00432 00433 void ariaEncryptBlock(AriaContext *context, const uint8_t *input, uint8_t *output) 00434 { 00435 uint32_t *ek; 00436 uint32_t p[4]; 00437 uint32_t q[4]; 00438 00439 //Copy the plaintext to the buffer 00440 memcpy(p, input, ARIA_BLOCK_SIZE); 00441 00442 //Point to the encryption round keys 00443 ek = context->ek; 00444 00445 //Apply 11 rounds 00446 OF(p, ek + 0); 00447 EF(p, ek + 4); 00448 OF(p, ek + 8); 00449 EF(p, ek + 12); 00450 OF(p, ek + 16); 00451 EF(p, ek + 20); 00452 OF(p, ek + 24); 00453 EF(p, ek + 28); 00454 OF(p, ek + 32); 00455 EF(p, ek + 36); 00456 OF(p, ek + 40); 00457 00458 //128-bit master keys require a total of 12 rounds 00459 if(context->nr == 12) 00460 { 00461 XOR128(p, ek + 44); 00462 SL2(q, p); 00463 XOR128(q, ek + 48); 00464 } 00465 //192-bit master keys require a total of 14 rounds 00466 else if(context->nr == 14) 00467 { 00468 EF(p, ek + 44); 00469 OF(p, ek + 48); 00470 XOR128(p, ek + 52); 00471 SL2(q, p); 00472 XOR128(q, ek + 56); 00473 } 00474 //256-bit master keys require a total of 16 rounds 00475 else 00476 { 00477 EF(p, ek + 44); 00478 OF(p, ek + 48); 00479 EF(p, ek + 52); 00480 OF(p, ek + 56); 00481 XOR128(p, ek + 60); 00482 SL2(q, p); 00483 XOR128(q, ek + 64); 00484 } 00485 00486 //Copy the resulting ciphertext from the buffer 00487 memcpy(output, q, ARIA_BLOCK_SIZE); 00488 } 00489 00490 00491 /** 00492 * @brief Decrypt a 16-byte block using ARIA algorithm 00493 * @param[in] context Pointer to the ARIA context 00494 * @param[in] input Ciphertext block to decrypt 00495 * @param[out] output Plaintext block resulting from decryption 00496 **/ 00497 00498 void ariaDecryptBlock(AriaContext *context, const uint8_t *input, uint8_t *output) 00499 { 00500 uint32_t *dk; 00501 uint32_t p[4]; 00502 uint32_t q[4]; 00503 00504 //Copy the ciphertext to the buffer 00505 memcpy(p, input, ARIA_BLOCK_SIZE); 00506 00507 //Point to the decryption round keys 00508 dk = context->dk; 00509 00510 //Apply 11 rounds 00511 OF(p, dk + 0); 00512 EF(p, dk + 4); 00513 OF(p, dk + 8); 00514 EF(p, dk + 12); 00515 OF(p, dk + 16); 00516 EF(p, dk + 20); 00517 OF(p, dk + 24); 00518 EF(p, dk + 28); 00519 OF(p, dk + 32); 00520 EF(p, dk + 36); 00521 OF(p, dk + 40); 00522 00523 //128-bit master keys require a total of 12 rounds 00524 if(context->nr == 12) 00525 { 00526 XOR128(p, dk + 44); 00527 SL2(q, p); 00528 XOR128(q, dk + 48); 00529 } 00530 //192-bit master keys require a total of 14 rounds 00531 else if(context->nr == 14) 00532 { 00533 EF(p, dk + 44); 00534 OF(p, dk + 48); 00535 XOR128(p, dk + 52); 00536 SL2(q, p); 00537 XOR128(q, dk + 56); 00538 } 00539 //256-bit master keys require a total of 16 rounds 00540 else 00541 { 00542 EF(p, dk + 44); 00543 OF(p, dk + 48); 00544 EF(p, dk + 52); 00545 OF(p, dk + 56); 00546 XOR128(p, dk + 60); 00547 SL2(q, p); 00548 XOR128(q, dk + 64); 00549 } 00550 00551 //The resulting value is the plaintext 00552 memcpy(output, q, ARIA_BLOCK_SIZE); 00553 } 00554 00555 #endif 00556
Generated on Tue Jul 12 2022 17:10:12 by
1.7.2