Akshay Mishra / LoRaWAN-lib

to be used with the DSPLoRa module (minor changes wrt transmit power)

Dependents:   DSP_LoRaWAN

Fork of LoRaWAN-lib by S P

crypto/aes.cpp@0:91d1a7783bb9, 2015-10-20 (annotated)

Committer:
mluis
Date:
Tue Oct 20 13:21:26 2015 +0000
Revision:
0:91d1a7783bb9
Library creation synchronized with GitHub LoRaMac-node v3.4 (https://github.com/Lora-net/LoRaMac-node)

Who changed what in which revision?

UserRevisionLine numberNew contents of line
mluis 0:91d1a7783bb9 1 /*
mluis 0:91d1a7783bb9 2 ---------------------------------------------------------------------------
mluis 0:91d1a7783bb9 3 Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
mluis 0:91d1a7783bb9 4
mluis 0:91d1a7783bb9 5 LICENSE TERMS
mluis 0:91d1a7783bb9 6
mluis 0:91d1a7783bb9 7 The redistribution and use of this software (with or without changes)
mluis 0:91d1a7783bb9 8 is allowed without the payment of fees or royalties provided that:
mluis 0:91d1a7783bb9 9
mluis 0:91d1a7783bb9 10 1. source code distributions include the above copyright notice, this
mluis 0:91d1a7783bb9 11 list of conditions and the following disclaimer;
mluis 0:91d1a7783bb9 12
mluis 0:91d1a7783bb9 13 2. binary distributions include the above copyright notice, this list
mluis 0:91d1a7783bb9 14 of conditions and the following disclaimer in their documentation;
mluis 0:91d1a7783bb9 15
mluis 0:91d1a7783bb9 16 3. the name of the copyright holder is not used to endorse products
mluis 0:91d1a7783bb9 17 built using this software without specific written permission.
mluis 0:91d1a7783bb9 18
mluis 0:91d1a7783bb9 19 DISCLAIMER
mluis 0:91d1a7783bb9 20
mluis 0:91d1a7783bb9 21 This software is provided 'as is' with no explicit or implied warranties
mluis 0:91d1a7783bb9 22 in respect of its properties, including, but not limited to, correctness
mluis 0:91d1a7783bb9 23 and/or fitness for purpose.
mluis 0:91d1a7783bb9 24 ---------------------------------------------------------------------------
mluis 0:91d1a7783bb9 25 Issue 09/09/2006
mluis 0:91d1a7783bb9 26
mluis 0:91d1a7783bb9 27 This is an AES implementation that uses only 8-bit byte operations on the
mluis 0:91d1a7783bb9 28 cipher state (there are options to use 32-bit types if available).
mluis 0:91d1a7783bb9 29
mluis 0:91d1a7783bb9 30 The combination of mix columns and byte substitution used here is based on
mluis 0:91d1a7783bb9 31 that developed by Karl Malbrain. His contribution is acknowledged.
mluis 0:91d1a7783bb9 32 */
mluis 0:91d1a7783bb9 33
mluis 0:91d1a7783bb9 34 /* define if you have a fast memcpy function on your system */
mluis 0:91d1a7783bb9 35 #if 0
mluis 0:91d1a7783bb9 36 # define HAVE_MEMCPY
mluis 0:91d1a7783bb9 37 # include <string.h>
mluis 0:91d1a7783bb9 38 # if defined( _MSC_VER )
mluis 0:91d1a7783bb9 39 # include <intrin.h>
mluis 0:91d1a7783bb9 40 # pragma intrinsic( memcpy )
mluis 0:91d1a7783bb9 41 # endif
mluis 0:91d1a7783bb9 42 #endif
mluis 0:91d1a7783bb9 43
mluis 0:91d1a7783bb9 44
mluis 0:91d1a7783bb9 45 #include "mbed.h"
mluis 0:91d1a7783bb9 46
mluis 0:91d1a7783bb9 47 /* define if you have fast 32-bit types on your system */
mluis 0:91d1a7783bb9 48 #if 1
mluis 0:91d1a7783bb9 49 # define HAVE_UINT_32T
mluis 0:91d1a7783bb9 50 #endif
mluis 0:91d1a7783bb9 51
mluis 0:91d1a7783bb9 52 /* define if you don't want any tables */
mluis 0:91d1a7783bb9 53 #if 1
mluis 0:91d1a7783bb9 54 # define USE_TABLES
mluis 0:91d1a7783bb9 55 #endif
mluis 0:91d1a7783bb9 56
mluis 0:91d1a7783bb9 57 /* On Intel Core 2 duo VERSION_1 is faster */
mluis 0:91d1a7783bb9 58
mluis 0:91d1a7783bb9 59 /* alternative versions (test for performance on your system) */
mluis 0:91d1a7783bb9 60 #if 1
mluis 0:91d1a7783bb9 61 # define VERSION_1
mluis 0:91d1a7783bb9 62 #endif
mluis 0:91d1a7783bb9 63
mluis 0:91d1a7783bb9 64 #include "aes.h"
mluis 0:91d1a7783bb9 65
mluis 0:91d1a7783bb9 66 #if defined( HAVE_UINT_32T )
mluis 0:91d1a7783bb9 67 typedef unsigned long uint_32t;
mluis 0:91d1a7783bb9 68 #endif
mluis 0:91d1a7783bb9 69
mluis 0:91d1a7783bb9 70 /* functions for finite field multiplication in the AES Galois field */
mluis 0:91d1a7783bb9 71
mluis 0:91d1a7783bb9 72 #define WPOLY 0x011b
mluis 0:91d1a7783bb9 73 #define BPOLY 0x1b
mluis 0:91d1a7783bb9 74 #define DPOLY 0x008d
mluis 0:91d1a7783bb9 75
mluis 0:91d1a7783bb9 76 #define f1(x) (x)
mluis 0:91d1a7783bb9 77 #define f2(x) ((x << 1) ^ (((x >> 7) & 1) * WPOLY))
mluis 0:91d1a7783bb9 78 #define f4(x) ((x << 2) ^ (((x >> 6) & 1) * WPOLY) ^ (((x >> 6) & 2) * WPOLY))
mluis 0:91d1a7783bb9 79 #define f8(x) ((x << 3) ^ (((x >> 5) & 1) * WPOLY) ^ (((x >> 5) & 2) * WPOLY) \
mluis 0:91d1a7783bb9 80 ^ (((x >> 5) & 4) * WPOLY))
mluis 0:91d1a7783bb9 81 #define d2(x) (((x) >> 1) ^ ((x) & 1 ? DPOLY : 0))
mluis 0:91d1a7783bb9 82
mluis 0:91d1a7783bb9 83 #define f3(x) (f2(x) ^ x)
mluis 0:91d1a7783bb9 84 #define f9(x) (f8(x) ^ x)
mluis 0:91d1a7783bb9 85 #define fb(x) (f8(x) ^ f2(x) ^ x)
mluis 0:91d1a7783bb9 86 #define fd(x) (f8(x) ^ f4(x) ^ x)
mluis 0:91d1a7783bb9 87 #define fe(x) (f8(x) ^ f4(x) ^ f2(x))
mluis 0:91d1a7783bb9 88
mluis 0:91d1a7783bb9 89 #if defined( USE_TABLES )
mluis 0:91d1a7783bb9 90
mluis 0:91d1a7783bb9 91 #define sb_data(w) { /* S Box data values */ \
mluis 0:91d1a7783bb9 92 w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\
mluis 0:91d1a7783bb9 93 w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\
mluis 0:91d1a7783bb9 94 w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\
mluis 0:91d1a7783bb9 95 w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\
mluis 0:91d1a7783bb9 96 w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\
mluis 0:91d1a7783bb9 97 w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\
mluis 0:91d1a7783bb9 98 w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\
mluis 0:91d1a7783bb9 99 w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\
mluis 0:91d1a7783bb9 100 w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\
mluis 0:91d1a7783bb9 101 w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\
mluis 0:91d1a7783bb9 102 w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\
mluis 0:91d1a7783bb9 103 w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\
mluis 0:91d1a7783bb9 104 w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\
mluis 0:91d1a7783bb9 105 w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\
mluis 0:91d1a7783bb9 106 w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\
mluis 0:91d1a7783bb9 107 w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\
mluis 0:91d1a7783bb9 108 w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\
mluis 0:91d1a7783bb9 109 w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\
mluis 0:91d1a7783bb9 110 w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\
mluis 0:91d1a7783bb9 111 w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\
mluis 0:91d1a7783bb9 112 w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\
mluis 0:91d1a7783bb9 113 w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\
mluis 0:91d1a7783bb9 114 w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\
mluis 0:91d1a7783bb9 115 w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\
mluis 0:91d1a7783bb9 116 w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\
mluis 0:91d1a7783bb9 117 w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\
mluis 0:91d1a7783bb9 118 w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\
mluis 0:91d1a7783bb9 119 w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\
mluis 0:91d1a7783bb9 120 w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\
mluis 0:91d1a7783bb9 121 w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\
mluis 0:91d1a7783bb9 122 w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\
mluis 0:91d1a7783bb9 123 w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16) }
mluis 0:91d1a7783bb9 124
mluis 0:91d1a7783bb9 125 #define isb_data(w) { /* inverse S Box data values */ \
mluis 0:91d1a7783bb9 126 w(0x52), w(0x09), w(0x6a), w(0xd5), w(0x30), w(0x36), w(0xa5), w(0x38),\
mluis 0:91d1a7783bb9 127 w(0xbf), w(0x40), w(0xa3), w(0x9e), w(0x81), w(0xf3), w(0xd7), w(0xfb),\
mluis 0:91d1a7783bb9 128 w(0x7c), w(0xe3), w(0x39), w(0x82), w(0x9b), w(0x2f), w(0xff), w(0x87),\
mluis 0:91d1a7783bb9 129 w(0x34), w(0x8e), w(0x43), w(0x44), w(0xc4), w(0xde), w(0xe9), w(0xcb),\
mluis 0:91d1a7783bb9 130 w(0x54), w(0x7b), w(0x94), w(0x32), w(0xa6), w(0xc2), w(0x23), w(0x3d),\
mluis 0:91d1a7783bb9 131 w(0xee), w(0x4c), w(0x95), w(0x0b), w(0x42), w(0xfa), w(0xc3), w(0x4e),\
mluis 0:91d1a7783bb9 132 w(0x08), w(0x2e), w(0xa1), w(0x66), w(0x28), w(0xd9), w(0x24), w(0xb2),\
mluis 0:91d1a7783bb9 133 w(0x76), w(0x5b), w(0xa2), w(0x49), w(0x6d), w(0x8b), w(0xd1), w(0x25),\
mluis 0:91d1a7783bb9 134 w(0x72), w(0xf8), w(0xf6), w(0x64), w(0x86), w(0x68), w(0x98), w(0x16),\
mluis 0:91d1a7783bb9 135 w(0xd4), w(0xa4), w(0x5c), w(0xcc), w(0x5d), w(0x65), w(0xb6), w(0x92),\
mluis 0:91d1a7783bb9 136 w(0x6c), w(0x70), w(0x48), w(0x50), w(0xfd), w(0xed), w(0xb9), w(0xda),\
mluis 0:91d1a7783bb9 137 w(0x5e), w(0x15), w(0x46), w(0x57), w(0xa7), w(0x8d), w(0x9d), w(0x84),\
mluis 0:91d1a7783bb9 138 w(0x90), w(0xd8), w(0xab), w(0x00), w(0x8c), w(0xbc), w(0xd3), w(0x0a),\
mluis 0:91d1a7783bb9 139 w(0xf7), w(0xe4), w(0x58), w(0x05), w(0xb8), w(0xb3), w(0x45), w(0x06),\
mluis 0:91d1a7783bb9 140 w(0xd0), w(0x2c), w(0x1e), w(0x8f), w(0xca), w(0x3f), w(0x0f), w(0x02),\
mluis 0:91d1a7783bb9 141 w(0xc1), w(0xaf), w(0xbd), w(0x03), w(0x01), w(0x13), w(0x8a), w(0x6b),\
mluis 0:91d1a7783bb9 142 w(0x3a), w(0x91), w(0x11), w(0x41), w(0x4f), w(0x67), w(0xdc), w(0xea),\
mluis 0:91d1a7783bb9 143 w(0x97), w(0xf2), w(0xcf), w(0xce), w(0xf0), w(0xb4), w(0xe6), w(0x73),\
mluis 0:91d1a7783bb9 144 w(0x96), w(0xac), w(0x74), w(0x22), w(0xe7), w(0xad), w(0x35), w(0x85),\
mluis 0:91d1a7783bb9 145 w(0xe2), w(0xf9), w(0x37), w(0xe8), w(0x1c), w(0x75), w(0xdf), w(0x6e),\
mluis 0:91d1a7783bb9 146 w(0x47), w(0xf1), w(0x1a), w(0x71), w(0x1d), w(0x29), w(0xc5), w(0x89),\
mluis 0:91d1a7783bb9 147 w(0x6f), w(0xb7), w(0x62), w(0x0e), w(0xaa), w(0x18), w(0xbe), w(0x1b),\
mluis 0:91d1a7783bb9 148 w(0xfc), w(0x56), w(0x3e), w(0x4b), w(0xc6), w(0xd2), w(0x79), w(0x20),\
mluis 0:91d1a7783bb9 149 w(0x9a), w(0xdb), w(0xc0), w(0xfe), w(0x78), w(0xcd), w(0x5a), w(0xf4),\
mluis 0:91d1a7783bb9 150 w(0x1f), w(0xdd), w(0xa8), w(0x33), w(0x88), w(0x07), w(0xc7), w(0x31),\
mluis 0:91d1a7783bb9 151 w(0xb1), w(0x12), w(0x10), w(0x59), w(0x27), w(0x80), w(0xec), w(0x5f),\
mluis 0:91d1a7783bb9 152 w(0x60), w(0x51), w(0x7f), w(0xa9), w(0x19), w(0xb5), w(0x4a), w(0x0d),\
mluis 0:91d1a7783bb9 153 w(0x2d), w(0xe5), w(0x7a), w(0x9f), w(0x93), w(0xc9), w(0x9c), w(0xef),\
mluis 0:91d1a7783bb9 154 w(0xa0), w(0xe0), w(0x3b), w(0x4d), w(0xae), w(0x2a), w(0xf5), w(0xb0),\
mluis 0:91d1a7783bb9 155 w(0xc8), w(0xeb), w(0xbb), w(0x3c), w(0x83), w(0x53), w(0x99), w(0x61),\
mluis 0:91d1a7783bb9 156 w(0x17), w(0x2b), w(0x04), w(0x7e), w(0xba), w(0x77), w(0xd6), w(0x26),\
mluis 0:91d1a7783bb9 157 w(0xe1), w(0x69), w(0x14), w(0x63), w(0x55), w(0x21), w(0x0c), w(0x7d) }
mluis 0:91d1a7783bb9 158
mluis 0:91d1a7783bb9 159 #define mm_data(w) { /* basic data for forming finite field tables */ \
mluis 0:91d1a7783bb9 160 w(0x00), w(0x01), w(0x02), w(0x03), w(0x04), w(0x05), w(0x06), w(0x07),\
mluis 0:91d1a7783bb9 161 w(0x08), w(0x09), w(0x0a), w(0x0b), w(0x0c), w(0x0d), w(0x0e), w(0x0f),\
mluis 0:91d1a7783bb9 162 w(0x10), w(0x11), w(0x12), w(0x13), w(0x14), w(0x15), w(0x16), w(0x17),\
mluis 0:91d1a7783bb9 163 w(0x18), w(0x19), w(0x1a), w(0x1b), w(0x1c), w(0x1d), w(0x1e), w(0x1f),\
mluis 0:91d1a7783bb9 164 w(0x20), w(0x21), w(0x22), w(0x23), w(0x24), w(0x25), w(0x26), w(0x27),\
mluis 0:91d1a7783bb9 165 w(0x28), w(0x29), w(0x2a), w(0x2b), w(0x2c), w(0x2d), w(0x2e), w(0x2f),\
mluis 0:91d1a7783bb9 166 w(0x30), w(0x31), w(0x32), w(0x33), w(0x34), w(0x35), w(0x36), w(0x37),\
mluis 0:91d1a7783bb9 167 w(0x38), w(0x39), w(0x3a), w(0x3b), w(0x3c), w(0x3d), w(0x3e), w(0x3f),\
mluis 0:91d1a7783bb9 168 w(0x40), w(0x41), w(0x42), w(0x43), w(0x44), w(0x45), w(0x46), w(0x47),\
mluis 0:91d1a7783bb9 169 w(0x48), w(0x49), w(0x4a), w(0x4b), w(0x4c), w(0x4d), w(0x4e), w(0x4f),\
mluis 0:91d1a7783bb9 170 w(0x50), w(0x51), w(0x52), w(0x53), w(0x54), w(0x55), w(0x56), w(0x57),\
mluis 0:91d1a7783bb9 171 w(0x58), w(0x59), w(0x5a), w(0x5b), w(0x5c), w(0x5d), w(0x5e), w(0x5f),\
mluis 0:91d1a7783bb9 172 w(0x60), w(0x61), w(0x62), w(0x63), w(0x64), w(0x65), w(0x66), w(0x67),\
mluis 0:91d1a7783bb9 173 w(0x68), w(0x69), w(0x6a), w(0x6b), w(0x6c), w(0x6d), w(0x6e), w(0x6f),\
mluis 0:91d1a7783bb9 174 w(0x70), w(0x71), w(0x72), w(0x73), w(0x74), w(0x75), w(0x76), w(0x77),\
mluis 0:91d1a7783bb9 175 w(0x78), w(0x79), w(0x7a), w(0x7b), w(0x7c), w(0x7d), w(0x7e), w(0x7f),\
mluis 0:91d1a7783bb9 176 w(0x80), w(0x81), w(0x82), w(0x83), w(0x84), w(0x85), w(0x86), w(0x87),\
mluis 0:91d1a7783bb9 177 w(0x88), w(0x89), w(0x8a), w(0x8b), w(0x8c), w(0x8d), w(0x8e), w(0x8f),\
mluis 0:91d1a7783bb9 178 w(0x90), w(0x91), w(0x92), w(0x93), w(0x94), w(0x95), w(0x96), w(0x97),\
mluis 0:91d1a7783bb9 179 w(0x98), w(0x99), w(0x9a), w(0x9b), w(0x9c), w(0x9d), w(0x9e), w(0x9f),\
mluis 0:91d1a7783bb9 180 w(0xa0), w(0xa1), w(0xa2), w(0xa3), w(0xa4), w(0xa5), w(0xa6), w(0xa7),\
mluis 0:91d1a7783bb9 181 w(0xa8), w(0xa9), w(0xaa), w(0xab), w(0xac), w(0xad), w(0xae), w(0xaf),\
mluis 0:91d1a7783bb9 182 w(0xb0), w(0xb1), w(0xb2), w(0xb3), w(0xb4), w(0xb5), w(0xb6), w(0xb7),\
mluis 0:91d1a7783bb9 183 w(0xb8), w(0xb9), w(0xba), w(0xbb), w(0xbc), w(0xbd), w(0xbe), w(0xbf),\
mluis 0:91d1a7783bb9 184 w(0xc0), w(0xc1), w(0xc2), w(0xc3), w(0xc4), w(0xc5), w(0xc6), w(0xc7),\
mluis 0:91d1a7783bb9 185 w(0xc8), w(0xc9), w(0xca), w(0xcb), w(0xcc), w(0xcd), w(0xce), w(0xcf),\
mluis 0:91d1a7783bb9 186 w(0xd0), w(0xd1), w(0xd2), w(0xd3), w(0xd4), w(0xd5), w(0xd6), w(0xd7),\
mluis 0:91d1a7783bb9 187 w(0xd8), w(0xd9), w(0xda), w(0xdb), w(0xdc), w(0xdd), w(0xde), w(0xdf),\
mluis 0:91d1a7783bb9 188 w(0xe0), w(0xe1), w(0xe2), w(0xe3), w(0xe4), w(0xe5), w(0xe6), w(0xe7),\
mluis 0:91d1a7783bb9 189 w(0xe8), w(0xe9), w(0xea), w(0xeb), w(0xec), w(0xed), w(0xee), w(0xef),\
mluis 0:91d1a7783bb9 190 w(0xf0), w(0xf1), w(0xf2), w(0xf3), w(0xf4), w(0xf5), w(0xf6), w(0xf7),\
mluis 0:91d1a7783bb9 191 w(0xf8), w(0xf9), w(0xfa), w(0xfb), w(0xfc), w(0xfd), w(0xfe), w(0xff) }
mluis 0:91d1a7783bb9 192
mluis 0:91d1a7783bb9 193 static const uint_8t sbox[256] = sb_data(f1);
mluis 0:91d1a7783bb9 194
mluis 0:91d1a7783bb9 195 #if defined( AES_DEC_PREKEYED )
mluis 0:91d1a7783bb9 196 static const uint_8t isbox[256] = isb_data(f1);
mluis 0:91d1a7783bb9 197 #endif
mluis 0:91d1a7783bb9 198
mluis 0:91d1a7783bb9 199 static const uint_8t gfm2_sbox[256] = sb_data(f2);
mluis 0:91d1a7783bb9 200 static const uint_8t gfm3_sbox[256] = sb_data(f3);
mluis 0:91d1a7783bb9 201
mluis 0:91d1a7783bb9 202 #if defined( AES_DEC_PREKEYED )
mluis 0:91d1a7783bb9 203 static const uint_8t gfmul_9[256] = mm_data(f9);
mluis 0:91d1a7783bb9 204 static const uint_8t gfmul_b[256] = mm_data(fb);
mluis 0:91d1a7783bb9 205 static const uint_8t gfmul_d[256] = mm_data(fd);
mluis 0:91d1a7783bb9 206 static const uint_8t gfmul_e[256] = mm_data(fe);
mluis 0:91d1a7783bb9 207 #endif
mluis 0:91d1a7783bb9 208
mluis 0:91d1a7783bb9 209 #define s_box(x) sbox[(x)]
mluis 0:91d1a7783bb9 210 #if defined( AES_DEC_PREKEYED )
mluis 0:91d1a7783bb9 211 #define is_box(x) isbox[(x)]
mluis 0:91d1a7783bb9 212 #endif
mluis 0:91d1a7783bb9 213 #define gfm2_sb(x) gfm2_sbox[(x)]
mluis 0:91d1a7783bb9 214 #define gfm3_sb(x) gfm3_sbox[(x)]
mluis 0:91d1a7783bb9 215 #if defined( AES_DEC_PREKEYED )
mluis 0:91d1a7783bb9 216 #define gfm_9(x) gfmul_9[(x)]
mluis 0:91d1a7783bb9 217 #define gfm_b(x) gfmul_b[(x)]
mluis 0:91d1a7783bb9 218 #define gfm_d(x) gfmul_d[(x)]
mluis 0:91d1a7783bb9 219 #define gfm_e(x) gfmul_e[(x)]
mluis 0:91d1a7783bb9 220 #endif
mluis 0:91d1a7783bb9 221 #else
mluis 0:91d1a7783bb9 222
mluis 0:91d1a7783bb9 223 /* this is the high bit of x right shifted by 1 */
mluis 0:91d1a7783bb9 224 /* position. Since the starting polynomial has */
mluis 0:91d1a7783bb9 225 /* 9 bits (0x11b), this right shift keeps the */
mluis 0:91d1a7783bb9 226 /* values of all top bits within a byte */
mluis 0:91d1a7783bb9 227
mluis 0:91d1a7783bb9 228 static uint_8t hibit(const uint_8t x)
mluis 0:91d1a7783bb9 229 { uint_8t r = (uint_8t)((x >> 1) | (x >> 2));
mluis 0:91d1a7783bb9 230
mluis 0:91d1a7783bb9 231 r |= (r >> 2);
mluis 0:91d1a7783bb9 232 r |= (r >> 4);
mluis 0:91d1a7783bb9 233 return (r + 1) >> 1;
mluis 0:91d1a7783bb9 234 }
mluis 0:91d1a7783bb9 235
mluis 0:91d1a7783bb9 236 /* return the inverse of the finite field element x */
mluis 0:91d1a7783bb9 237
mluis 0:91d1a7783bb9 238 static uint_8t gf_inv(const uint_8t x)
mluis 0:91d1a7783bb9 239 { uint_8t p1 = x, p2 = BPOLY, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0;
mluis 0:91d1a7783bb9 240
mluis 0:91d1a7783bb9 241 if(x < 2)
mluis 0:91d1a7783bb9 242 return x;
mluis 0:91d1a7783bb9 243
mluis 0:91d1a7783bb9 244 for( ; ; )
mluis 0:91d1a7783bb9 245 {
mluis 0:91d1a7783bb9 246 if(n1)
mluis 0:91d1a7783bb9 247 while(n2 >= n1) /* divide polynomial p2 by p1 */
mluis 0:91d1a7783bb9 248 {
mluis 0:91d1a7783bb9 249 n2 /= n1; /* shift smaller polynomial left */
mluis 0:91d1a7783bb9 250 p2 ^= (p1 * n2) & 0xff; /* and remove from larger one */
mluis 0:91d1a7783bb9 251 v2 ^= (v1 * n2); /* shift accumulated value and */
mluis 0:91d1a7783bb9 252 n2 = hibit(p2); /* add into result */
mluis 0:91d1a7783bb9 253 }
mluis 0:91d1a7783bb9 254 else
mluis 0:91d1a7783bb9 255 return v1;
mluis 0:91d1a7783bb9 256
mluis 0:91d1a7783bb9 257 if(n2) /* repeat with values swapped */
mluis 0:91d1a7783bb9 258 while(n1 >= n2)
mluis 0:91d1a7783bb9 259 {
mluis 0:91d1a7783bb9 260 n1 /= n2;
mluis 0:91d1a7783bb9 261 p1 ^= p2 * n1;
mluis 0:91d1a7783bb9 262 v1 ^= v2 * n1;
mluis 0:91d1a7783bb9 263 n1 = hibit(p1);
mluis 0:91d1a7783bb9 264 }
mluis 0:91d1a7783bb9 265 else
mluis 0:91d1a7783bb9 266 return v2;
mluis 0:91d1a7783bb9 267 }
mluis 0:91d1a7783bb9 268 }
mluis 0:91d1a7783bb9 269
mluis 0:91d1a7783bb9 270 /* The forward and inverse affine transformations used in the S-box */
mluis 0:91d1a7783bb9 271 uint_8t fwd_affine(const uint_8t x)
mluis 0:91d1a7783bb9 272 {
mluis 0:91d1a7783bb9 273 #if defined( HAVE_UINT_32T )
mluis 0:91d1a7783bb9 274 uint_32t w = x;
mluis 0:91d1a7783bb9 275 w ^= (w << 1) ^ (w << 2) ^ (w << 3) ^ (w << 4);
mluis 0:91d1a7783bb9 276 return 0x63 ^ ((w ^ (w >> 8)) & 0xff);
mluis 0:91d1a7783bb9 277 #else
mluis 0:91d1a7783bb9 278 return 0x63 ^ x ^ (x << 1) ^ (x << 2) ^ (x << 3) ^ (x << 4)
mluis 0:91d1a7783bb9 279 ^ (x >> 7) ^ (x >> 6) ^ (x >> 5) ^ (x >> 4);
mluis 0:91d1a7783bb9 280 #endif
mluis 0:91d1a7783bb9 281 }
mluis 0:91d1a7783bb9 282
mluis 0:91d1a7783bb9 283 uint_8t inv_affine(const uint_8t x)
mluis 0:91d1a7783bb9 284 {
mluis 0:91d1a7783bb9 285 #if defined( HAVE_UINT_32T )
mluis 0:91d1a7783bb9 286 uint_32t w = x;
mluis 0:91d1a7783bb9 287 w = (w << 1) ^ (w << 3) ^ (w << 6);
mluis 0:91d1a7783bb9 288 return 0x05 ^ ((w ^ (w >> 8)) & 0xff);
mluis 0:91d1a7783bb9 289 #else
mluis 0:91d1a7783bb9 290 return 0x05 ^ (x << 1) ^ (x << 3) ^ (x << 6)
mluis 0:91d1a7783bb9 291 ^ (x >> 7) ^ (x >> 5) ^ (x >> 2);
mluis 0:91d1a7783bb9 292 #endif
mluis 0:91d1a7783bb9 293 }
mluis 0:91d1a7783bb9 294
mluis 0:91d1a7783bb9 295 #define s_box(x) fwd_affine(gf_inv(x))
mluis 0:91d1a7783bb9 296 #define is_box(x) gf_inv(inv_affine(x))
mluis 0:91d1a7783bb9 297 #define gfm2_sb(x) f2(s_box(x))
mluis 0:91d1a7783bb9 298 #define gfm3_sb(x) f3(s_box(x))
mluis 0:91d1a7783bb9 299 #define gfm_9(x) f9(x)
mluis 0:91d1a7783bb9 300 #define gfm_b(x) fb(x)
mluis 0:91d1a7783bb9 301 #define gfm_d(x) fd(x)
mluis 0:91d1a7783bb9 302 #define gfm_e(x) fe(x)
mluis 0:91d1a7783bb9 303
mluis 0:91d1a7783bb9 304 #endif
mluis 0:91d1a7783bb9 305
mluis 0:91d1a7783bb9 306 #if defined( HAVE_MEMCPY )
mluis 0:91d1a7783bb9 307 # define block_copy_nn(d, s, l) memcpy(d, s, l)
mluis 0:91d1a7783bb9 308 # define block_copy(d, s) memcpy(d, s, N_BLOCK)
mluis 0:91d1a7783bb9 309 #else
mluis 0:91d1a7783bb9 310 # define block_copy_nn(d, s, l) copy_block_nn(d, s, l)
mluis 0:91d1a7783bb9 311 # define block_copy(d, s) copy_block(d, s)
mluis 0:91d1a7783bb9 312 #endif
mluis 0:91d1a7783bb9 313
mluis 0:91d1a7783bb9 314 static void copy_block( void *d, const void *s )
mluis 0:91d1a7783bb9 315 {
mluis 0:91d1a7783bb9 316 #if defined( HAVE_UINT_32T )
mluis 0:91d1a7783bb9 317 ((uint_32t*)d)[ 0] = ((uint_32t*)s)[ 0];
mluis 0:91d1a7783bb9 318 ((uint_32t*)d)[ 1] = ((uint_32t*)s)[ 1];
mluis 0:91d1a7783bb9 319 ((uint_32t*)d)[ 2] = ((uint_32t*)s)[ 2];
mluis 0:91d1a7783bb9 320 ((uint_32t*)d)[ 3] = ((uint_32t*)s)[ 3];
mluis 0:91d1a7783bb9 321 #else
mluis 0:91d1a7783bb9 322 ((uint_8t*)d)[ 0] = ((uint_8t*)s)[ 0];
mluis 0:91d1a7783bb9 323 ((uint_8t*)d)[ 1] = ((uint_8t*)s)[ 1];
mluis 0:91d1a7783bb9 324 ((uint_8t*)d)[ 2] = ((uint_8t*)s)[ 2];
mluis 0:91d1a7783bb9 325 ((uint_8t*)d)[ 3] = ((uint_8t*)s)[ 3];
mluis 0:91d1a7783bb9 326 ((uint_8t*)d)[ 4] = ((uint_8t*)s)[ 4];
mluis 0:91d1a7783bb9 327 ((uint_8t*)d)[ 5] = ((uint_8t*)s)[ 5];
mluis 0:91d1a7783bb9 328 ((uint_8t*)d)[ 6] = ((uint_8t*)s)[ 6];
mluis 0:91d1a7783bb9 329 ((uint_8t*)d)[ 7] = ((uint_8t*)s)[ 7];
mluis 0:91d1a7783bb9 330 ((uint_8t*)d)[ 8] = ((uint_8t*)s)[ 8];
mluis 0:91d1a7783bb9 331 ((uint_8t*)d)[ 9] = ((uint_8t*)s)[ 9];
mluis 0:91d1a7783bb9 332 ((uint_8t*)d)[10] = ((uint_8t*)s)[10];
mluis 0:91d1a7783bb9 333 ((uint_8t*)d)[11] = ((uint_8t*)s)[11];
mluis 0:91d1a7783bb9 334 ((uint_8t*)d)[12] = ((uint_8t*)s)[12];
mluis 0:91d1a7783bb9 335 ((uint_8t*)d)[13] = ((uint_8t*)s)[13];
mluis 0:91d1a7783bb9 336 ((uint_8t*)d)[14] = ((uint_8t*)s)[14];
mluis 0:91d1a7783bb9 337 ((uint_8t*)d)[15] = ((uint_8t*)s)[15];
mluis 0:91d1a7783bb9 338 #endif
mluis 0:91d1a7783bb9 339 }
mluis 0:91d1a7783bb9 340
mluis 0:91d1a7783bb9 341 static void copy_block_nn( uint_8t * d, const uint_8t *s, uint_8t nn )
mluis 0:91d1a7783bb9 342 {
mluis 0:91d1a7783bb9 343 while( nn-- )
mluis 0:91d1a7783bb9 344 //*((uint_8t*)d)++ = *((uint_8t*)s)++;
mluis 0:91d1a7783bb9 345 *d++ = *s++;
mluis 0:91d1a7783bb9 346 }
mluis 0:91d1a7783bb9 347
mluis 0:91d1a7783bb9 348 static void xor_block( void *d, const void *s )
mluis 0:91d1a7783bb9 349 {
mluis 0:91d1a7783bb9 350 #if defined( HAVE_UINT_32T )
mluis 0:91d1a7783bb9 351 ((uint_32t*)d)[ 0] ^= ((uint_32t*)s)[ 0];
mluis 0:91d1a7783bb9 352 ((uint_32t*)d)[ 1] ^= ((uint_32t*)s)[ 1];
mluis 0:91d1a7783bb9 353 ((uint_32t*)d)[ 2] ^= ((uint_32t*)s)[ 2];
mluis 0:91d1a7783bb9 354 ((uint_32t*)d)[ 3] ^= ((uint_32t*)s)[ 3];
mluis 0:91d1a7783bb9 355 #else
mluis 0:91d1a7783bb9 356 ((uint_8t*)d)[ 0] ^= ((uint_8t*)s)[ 0];
mluis 0:91d1a7783bb9 357 ((uint_8t*)d)[ 1] ^= ((uint_8t*)s)[ 1];
mluis 0:91d1a7783bb9 358 ((uint_8t*)d)[ 2] ^= ((uint_8t*)s)[ 2];
mluis 0:91d1a7783bb9 359 ((uint_8t*)d)[ 3] ^= ((uint_8t*)s)[ 3];
mluis 0:91d1a7783bb9 360 ((uint_8t*)d)[ 4] ^= ((uint_8t*)s)[ 4];
mluis 0:91d1a7783bb9 361 ((uint_8t*)d)[ 5] ^= ((uint_8t*)s)[ 5];
mluis 0:91d1a7783bb9 362 ((uint_8t*)d)[ 6] ^= ((uint_8t*)s)[ 6];
mluis 0:91d1a7783bb9 363 ((uint_8t*)d)[ 7] ^= ((uint_8t*)s)[ 7];
mluis 0:91d1a7783bb9 364 ((uint_8t*)d)[ 8] ^= ((uint_8t*)s)[ 8];
mluis 0:91d1a7783bb9 365 ((uint_8t*)d)[ 9] ^= ((uint_8t*)s)[ 9];
mluis 0:91d1a7783bb9 366 ((uint_8t*)d)[10] ^= ((uint_8t*)s)[10];
mluis 0:91d1a7783bb9 367 ((uint_8t*)d)[11] ^= ((uint_8t*)s)[11];
mluis 0:91d1a7783bb9 368 ((uint_8t*)d)[12] ^= ((uint_8t*)s)[12];
mluis 0:91d1a7783bb9 369 ((uint_8t*)d)[13] ^= ((uint_8t*)s)[13];
mluis 0:91d1a7783bb9 370 ((uint_8t*)d)[14] ^= ((uint_8t*)s)[14];
mluis 0:91d1a7783bb9 371 ((uint_8t*)d)[15] ^= ((uint_8t*)s)[15];
mluis 0:91d1a7783bb9 372 #endif
mluis 0:91d1a7783bb9 373 }
mluis 0:91d1a7783bb9 374
mluis 0:91d1a7783bb9 375 static void copy_and_key( void *d, const void *s, const void *k )
mluis 0:91d1a7783bb9 376 {
mluis 0:91d1a7783bb9 377 #if defined( HAVE_UINT_32T )
mluis 0:91d1a7783bb9 378 ((uint_32t*)d)[ 0] = ((uint_32t*)s)[ 0] ^ ((uint_32t*)k)[ 0];
mluis 0:91d1a7783bb9 379 ((uint_32t*)d)[ 1] = ((uint_32t*)s)[ 1] ^ ((uint_32t*)k)[ 1];
mluis 0:91d1a7783bb9 380 ((uint_32t*)d)[ 2] = ((uint_32t*)s)[ 2] ^ ((uint_32t*)k)[ 2];
mluis 0:91d1a7783bb9 381 ((uint_32t*)d)[ 3] = ((uint_32t*)s)[ 3] ^ ((uint_32t*)k)[ 3];
mluis 0:91d1a7783bb9 382 #elif 1
mluis 0:91d1a7783bb9 383 ((uint_8t*)d)[ 0] = ((uint_8t*)s)[ 0] ^ ((uint_8t*)k)[ 0];
mluis 0:91d1a7783bb9 384 ((uint_8t*)d)[ 1] = ((uint_8t*)s)[ 1] ^ ((uint_8t*)k)[ 1];
mluis 0:91d1a7783bb9 385 ((uint_8t*)d)[ 2] = ((uint_8t*)s)[ 2] ^ ((uint_8t*)k)[ 2];
mluis 0:91d1a7783bb9 386 ((uint_8t*)d)[ 3] = ((uint_8t*)s)[ 3] ^ ((uint_8t*)k)[ 3];
mluis 0:91d1a7783bb9 387 ((uint_8t*)d)[ 4] = ((uint_8t*)s)[ 4] ^ ((uint_8t*)k)[ 4];
mluis 0:91d1a7783bb9 388 ((uint_8t*)d)[ 5] = ((uint_8t*)s)[ 5] ^ ((uint_8t*)k)[ 5];
mluis 0:91d1a7783bb9 389 ((uint_8t*)d)[ 6] = ((uint_8t*)s)[ 6] ^ ((uint_8t*)k)[ 6];
mluis 0:91d1a7783bb9 390 ((uint_8t*)d)[ 7] = ((uint_8t*)s)[ 7] ^ ((uint_8t*)k)[ 7];
mluis 0:91d1a7783bb9 391 ((uint_8t*)d)[ 8] = ((uint_8t*)s)[ 8] ^ ((uint_8t*)k)[ 8];
mluis 0:91d1a7783bb9 392 ((uint_8t*)d)[ 9] = ((uint_8t*)s)[ 9] ^ ((uint_8t*)k)[ 9];
mluis 0:91d1a7783bb9 393 ((uint_8t*)d)[10] = ((uint_8t*)s)[10] ^ ((uint_8t*)k)[10];
mluis 0:91d1a7783bb9 394 ((uint_8t*)d)[11] = ((uint_8t*)s)[11] ^ ((uint_8t*)k)[11];
mluis 0:91d1a7783bb9 395 ((uint_8t*)d)[12] = ((uint_8t*)s)[12] ^ ((uint_8t*)k)[12];
mluis 0:91d1a7783bb9 396 ((uint_8t*)d)[13] = ((uint_8t*)s)[13] ^ ((uint_8t*)k)[13];
mluis 0:91d1a7783bb9 397 ((uint_8t*)d)[14] = ((uint_8t*)s)[14] ^ ((uint_8t*)k)[14];
mluis 0:91d1a7783bb9 398 ((uint_8t*)d)[15] = ((uint_8t*)s)[15] ^ ((uint_8t*)k)[15];
mluis 0:91d1a7783bb9 399 #else
mluis 0:91d1a7783bb9 400 block_copy(d, s);
mluis 0:91d1a7783bb9 401 xor_block(d, k);
mluis 0:91d1a7783bb9 402 #endif
mluis 0:91d1a7783bb9 403 }
mluis 0:91d1a7783bb9 404
mluis 0:91d1a7783bb9 405 static void add_round_key( uint_8t d[N_BLOCK], const uint_8t k[N_BLOCK] )
mluis 0:91d1a7783bb9 406 {
mluis 0:91d1a7783bb9 407 xor_block(d, k);
mluis 0:91d1a7783bb9 408 }
mluis 0:91d1a7783bb9 409
mluis 0:91d1a7783bb9 410 static void shift_sub_rows( uint_8t st[N_BLOCK] )
mluis 0:91d1a7783bb9 411 { uint_8t tt;
mluis 0:91d1a7783bb9 412
mluis 0:91d1a7783bb9 413 st[ 0] = s_box(st[ 0]); st[ 4] = s_box(st[ 4]);
mluis 0:91d1a7783bb9 414 st[ 8] = s_box(st[ 8]); st[12] = s_box(st[12]);
mluis 0:91d1a7783bb9 415
mluis 0:91d1a7783bb9 416 tt = st[1]; st[ 1] = s_box(st[ 5]); st[ 5] = s_box(st[ 9]);
mluis 0:91d1a7783bb9 417 st[ 9] = s_box(st[13]); st[13] = s_box( tt );
mluis 0:91d1a7783bb9 418
mluis 0:91d1a7783bb9 419 tt = st[2]; st[ 2] = s_box(st[10]); st[10] = s_box( tt );
mluis 0:91d1a7783bb9 420 tt = st[6]; st[ 6] = s_box(st[14]); st[14] = s_box( tt );
mluis 0:91d1a7783bb9 421
mluis 0:91d1a7783bb9 422 tt = st[15]; st[15] = s_box(st[11]); st[11] = s_box(st[ 7]);
mluis 0:91d1a7783bb9 423 st[ 7] = s_box(st[ 3]); st[ 3] = s_box( tt );
mluis 0:91d1a7783bb9 424 }
mluis 0:91d1a7783bb9 425
mluis 0:91d1a7783bb9 426 #if defined( AES_DEC_PREKEYED )
mluis 0:91d1a7783bb9 427
mluis 0:91d1a7783bb9 428 static void inv_shift_sub_rows( uint_8t st[N_BLOCK] )
mluis 0:91d1a7783bb9 429 { uint_8t tt;
mluis 0:91d1a7783bb9 430
mluis 0:91d1a7783bb9 431 st[ 0] = is_box(st[ 0]); st[ 4] = is_box(st[ 4]);
mluis 0:91d1a7783bb9 432 st[ 8] = is_box(st[ 8]); st[12] = is_box(st[12]);
mluis 0:91d1a7783bb9 433
mluis 0:91d1a7783bb9 434 tt = st[13]; st[13] = is_box(st[9]); st[ 9] = is_box(st[5]);
mluis 0:91d1a7783bb9 435 st[ 5] = is_box(st[1]); st[ 1] = is_box( tt );
mluis 0:91d1a7783bb9 436
mluis 0:91d1a7783bb9 437 tt = st[2]; st[ 2] = is_box(st[10]); st[10] = is_box( tt );
mluis 0:91d1a7783bb9 438 tt = st[6]; st[ 6] = is_box(st[14]); st[14] = is_box( tt );
mluis 0:91d1a7783bb9 439
mluis 0:91d1a7783bb9 440 tt = st[3]; st[ 3] = is_box(st[ 7]); st[ 7] = is_box(st[11]);
mluis 0:91d1a7783bb9 441 st[11] = is_box(st[15]); st[15] = is_box( tt );
mluis 0:91d1a7783bb9 442 }
mluis 0:91d1a7783bb9 443
mluis 0:91d1a7783bb9 444 #endif
mluis 0:91d1a7783bb9 445
mluis 0:91d1a7783bb9 446 #if defined( VERSION_1 )
mluis 0:91d1a7783bb9 447 static void mix_sub_columns( uint_8t dt[N_BLOCK] )
mluis 0:91d1a7783bb9 448 { uint_8t st[N_BLOCK];
mluis 0:91d1a7783bb9 449 block_copy(st, dt);
mluis 0:91d1a7783bb9 450 #else
mluis 0:91d1a7783bb9 451 static void mix_sub_columns( uint_8t dt[N_BLOCK], uint_8t st[N_BLOCK] )
mluis 0:91d1a7783bb9 452 {
mluis 0:91d1a7783bb9 453 #endif
mluis 0:91d1a7783bb9 454 dt[ 0] = gfm2_sb(st[0]) ^ gfm3_sb(st[5]) ^ s_box(st[10]) ^ s_box(st[15]);
mluis 0:91d1a7783bb9 455 dt[ 1] = s_box(st[0]) ^ gfm2_sb(st[5]) ^ gfm3_sb(st[10]) ^ s_box(st[15]);
mluis 0:91d1a7783bb9 456 dt[ 2] = s_box(st[0]) ^ s_box(st[5]) ^ gfm2_sb(st[10]) ^ gfm3_sb(st[15]);
mluis 0:91d1a7783bb9 457 dt[ 3] = gfm3_sb(st[0]) ^ s_box(st[5]) ^ s_box(st[10]) ^ gfm2_sb(st[15]);
mluis 0:91d1a7783bb9 458
mluis 0:91d1a7783bb9 459 dt[ 4] = gfm2_sb(st[4]) ^ gfm3_sb(st[9]) ^ s_box(st[14]) ^ s_box(st[3]);
mluis 0:91d1a7783bb9 460 dt[ 5] = s_box(st[4]) ^ gfm2_sb(st[9]) ^ gfm3_sb(st[14]) ^ s_box(st[3]);
mluis 0:91d1a7783bb9 461 dt[ 6] = s_box(st[4]) ^ s_box(st[9]) ^ gfm2_sb(st[14]) ^ gfm3_sb(st[3]);
mluis 0:91d1a7783bb9 462 dt[ 7] = gfm3_sb(st[4]) ^ s_box(st[9]) ^ s_box(st[14]) ^ gfm2_sb(st[3]);
mluis 0:91d1a7783bb9 463
mluis 0:91d1a7783bb9 464 dt[ 8] = gfm2_sb(st[8]) ^ gfm3_sb(st[13]) ^ s_box(st[2]) ^ s_box(st[7]);
mluis 0:91d1a7783bb9 465 dt[ 9] = s_box(st[8]) ^ gfm2_sb(st[13]) ^ gfm3_sb(st[2]) ^ s_box(st[7]);
mluis 0:91d1a7783bb9 466 dt[10] = s_box(st[8]) ^ s_box(st[13]) ^ gfm2_sb(st[2]) ^ gfm3_sb(st[7]);
mluis 0:91d1a7783bb9 467 dt[11] = gfm3_sb(st[8]) ^ s_box(st[13]) ^ s_box(st[2]) ^ gfm2_sb(st[7]);
mluis 0:91d1a7783bb9 468
mluis 0:91d1a7783bb9 469 dt[12] = gfm2_sb(st[12]) ^ gfm3_sb(st[1]) ^ s_box(st[6]) ^ s_box(st[11]);
mluis 0:91d1a7783bb9 470 dt[13] = s_box(st[12]) ^ gfm2_sb(st[1]) ^ gfm3_sb(st[6]) ^ s_box(st[11]);
mluis 0:91d1a7783bb9 471 dt[14] = s_box(st[12]) ^ s_box(st[1]) ^ gfm2_sb(st[6]) ^ gfm3_sb(st[11]);
mluis 0:91d1a7783bb9 472 dt[15] = gfm3_sb(st[12]) ^ s_box(st[1]) ^ s_box(st[6]) ^ gfm2_sb(st[11]);
mluis 0:91d1a7783bb9 473 }
mluis 0:91d1a7783bb9 474
mluis 0:91d1a7783bb9 475 #if defined( AES_DEC_PREKEYED )
mluis 0:91d1a7783bb9 476
mluis 0:91d1a7783bb9 477 #if defined( VERSION_1 )
mluis 0:91d1a7783bb9 478 static void inv_mix_sub_columns( uint_8t dt[N_BLOCK] )
mluis 0:91d1a7783bb9 479 { uint_8t st[N_BLOCK];
mluis 0:91d1a7783bb9 480 block_copy(st, dt);
mluis 0:91d1a7783bb9 481 #else
mluis 0:91d1a7783bb9 482 static void inv_mix_sub_columns( uint_8t dt[N_BLOCK], uint_8t st[N_BLOCK] )
mluis 0:91d1a7783bb9 483 {
mluis 0:91d1a7783bb9 484 #endif
mluis 0:91d1a7783bb9 485 dt[ 0] = is_box(gfm_e(st[ 0]) ^ gfm_b(st[ 1]) ^ gfm_d(st[ 2]) ^ gfm_9(st[ 3]));
mluis 0:91d1a7783bb9 486 dt[ 5] = is_box(gfm_9(st[ 0]) ^ gfm_e(st[ 1]) ^ gfm_b(st[ 2]) ^ gfm_d(st[ 3]));
mluis 0:91d1a7783bb9 487 dt[10] = is_box(gfm_d(st[ 0]) ^ gfm_9(st[ 1]) ^ gfm_e(st[ 2]) ^ gfm_b(st[ 3]));
mluis 0:91d1a7783bb9 488 dt[15] = is_box(gfm_b(st[ 0]) ^ gfm_d(st[ 1]) ^ gfm_9(st[ 2]) ^ gfm_e(st[ 3]));
mluis 0:91d1a7783bb9 489
mluis 0:91d1a7783bb9 490 dt[ 4] = is_box(gfm_e(st[ 4]) ^ gfm_b(st[ 5]) ^ gfm_d(st[ 6]) ^ gfm_9(st[ 7]));
mluis 0:91d1a7783bb9 491 dt[ 9] = is_box(gfm_9(st[ 4]) ^ gfm_e(st[ 5]) ^ gfm_b(st[ 6]) ^ gfm_d(st[ 7]));
mluis 0:91d1a7783bb9 492 dt[14] = is_box(gfm_d(st[ 4]) ^ gfm_9(st[ 5]) ^ gfm_e(st[ 6]) ^ gfm_b(st[ 7]));
mluis 0:91d1a7783bb9 493 dt[ 3] = is_box(gfm_b(st[ 4]) ^ gfm_d(st[ 5]) ^ gfm_9(st[ 6]) ^ gfm_e(st[ 7]));
mluis 0:91d1a7783bb9 494
mluis 0:91d1a7783bb9 495 dt[ 8] = is_box(gfm_e(st[ 8]) ^ gfm_b(st[ 9]) ^ gfm_d(st[10]) ^ gfm_9(st[11]));
mluis 0:91d1a7783bb9 496 dt[13] = is_box(gfm_9(st[ 8]) ^ gfm_e(st[ 9]) ^ gfm_b(st[10]) ^ gfm_d(st[11]));
mluis 0:91d1a7783bb9 497 dt[ 2] = is_box(gfm_d(st[ 8]) ^ gfm_9(st[ 9]) ^ gfm_e(st[10]) ^ gfm_b(st[11]));
mluis 0:91d1a7783bb9 498 dt[ 7] = is_box(gfm_b(st[ 8]) ^ gfm_d(st[ 9]) ^ gfm_9(st[10]) ^ gfm_e(st[11]));
mluis 0:91d1a7783bb9 499
mluis 0:91d1a7783bb9 500 dt[12] = is_box(gfm_e(st[12]) ^ gfm_b(st[13]) ^ gfm_d(st[14]) ^ gfm_9(st[15]));
mluis 0:91d1a7783bb9 501 dt[ 1] = is_box(gfm_9(st[12]) ^ gfm_e(st[13]) ^ gfm_b(st[14]) ^ gfm_d(st[15]));
mluis 0:91d1a7783bb9 502 dt[ 6] = is_box(gfm_d(st[12]) ^ gfm_9(st[13]) ^ gfm_e(st[14]) ^ gfm_b(st[15]));
mluis 0:91d1a7783bb9 503 dt[11] = is_box(gfm_b(st[12]) ^ gfm_d(st[13]) ^ gfm_9(st[14]) ^ gfm_e(st[15]));
mluis 0:91d1a7783bb9 504 }
mluis 0:91d1a7783bb9 505
mluis 0:91d1a7783bb9 506 #endif
mluis 0:91d1a7783bb9 507
mluis 0:91d1a7783bb9 508 #if defined( AES_ENC_PREKEYED ) || defined( AES_DEC_PREKEYED )
mluis 0:91d1a7783bb9 509
mluis 0:91d1a7783bb9 510 /* Set the cipher key for the pre-keyed version */
mluis 0:91d1a7783bb9 511
mluis 0:91d1a7783bb9 512 return_type aes_set_key( const unsigned char key[], length_type keylen, aes_context ctx[1] )
mluis 0:91d1a7783bb9 513 {
mluis 0:91d1a7783bb9 514 uint_8t cc, rc, hi;
mluis 0:91d1a7783bb9 515
mluis 0:91d1a7783bb9 516 switch( keylen )
mluis 0:91d1a7783bb9 517 {
mluis 0:91d1a7783bb9 518 case 16:
mluis 0:91d1a7783bb9 519 case 24:
mluis 0:91d1a7783bb9 520 case 32:
mluis 0:91d1a7783bb9 521 break;
mluis 0:91d1a7783bb9 522 default:
mluis 0:91d1a7783bb9 523 ctx->rnd = 0;
mluis 0:91d1a7783bb9 524 return ( uint_8t )-1;
mluis 0:91d1a7783bb9 525 }
mluis 0:91d1a7783bb9 526 block_copy_nn(ctx->ksch, key, keylen);
mluis 0:91d1a7783bb9 527 hi = (keylen + 28) << 2;
mluis 0:91d1a7783bb9 528 ctx->rnd = (hi >> 4) - 1;
mluis 0:91d1a7783bb9 529 for( cc = keylen, rc = 1; cc < hi; cc += 4 )
mluis 0:91d1a7783bb9 530 { uint_8t tt, t0, t1, t2, t3;
mluis 0:91d1a7783bb9 531
mluis 0:91d1a7783bb9 532 t0 = ctx->ksch[cc - 4];
mluis 0:91d1a7783bb9 533 t1 = ctx->ksch[cc - 3];
mluis 0:91d1a7783bb9 534 t2 = ctx->ksch[cc - 2];
mluis 0:91d1a7783bb9 535 t3 = ctx->ksch[cc - 1];
mluis 0:91d1a7783bb9 536 if( cc % keylen == 0 )
mluis 0:91d1a7783bb9 537 {
mluis 0:91d1a7783bb9 538 tt = t0;
mluis 0:91d1a7783bb9 539 t0 = s_box(t1) ^ rc;
mluis 0:91d1a7783bb9 540 t1 = s_box(t2);
mluis 0:91d1a7783bb9 541 t2 = s_box(t3);
mluis 0:91d1a7783bb9 542 t3 = s_box(tt);
mluis 0:91d1a7783bb9 543 rc = f2(rc);
mluis 0:91d1a7783bb9 544 }
mluis 0:91d1a7783bb9 545 else if( keylen > 24 && cc % keylen == 16 )
mluis 0:91d1a7783bb9 546 {
mluis 0:91d1a7783bb9 547 t0 = s_box(t0);
mluis 0:91d1a7783bb9 548 t1 = s_box(t1);
mluis 0:91d1a7783bb9 549 t2 = s_box(t2);
mluis 0:91d1a7783bb9 550 t3 = s_box(t3);
mluis 0:91d1a7783bb9 551 }
mluis 0:91d1a7783bb9 552 tt = cc - keylen;
mluis 0:91d1a7783bb9 553 ctx->ksch[cc + 0] = ctx->ksch[tt + 0] ^ t0;
mluis 0:91d1a7783bb9 554 ctx->ksch[cc + 1] = ctx->ksch[tt + 1] ^ t1;
mluis 0:91d1a7783bb9 555 ctx->ksch[cc + 2] = ctx->ksch[tt + 2] ^ t2;
mluis 0:91d1a7783bb9 556 ctx->ksch[cc + 3] = ctx->ksch[tt + 3] ^ t3;
mluis 0:91d1a7783bb9 557 }
mluis 0:91d1a7783bb9 558 return 0;
mluis 0:91d1a7783bb9 559 }
mluis 0:91d1a7783bb9 560
mluis 0:91d1a7783bb9 561 #endif
mluis 0:91d1a7783bb9 562
mluis 0:91d1a7783bb9 563 #if defined( AES_ENC_PREKEYED )
mluis 0:91d1a7783bb9 564
mluis 0:91d1a7783bb9 565 /* Encrypt a single block of 16 bytes */
mluis 0:91d1a7783bb9 566
mluis 0:91d1a7783bb9 567 return_type aes_encrypt( const unsigned char in[N_BLOCK], unsigned char out[N_BLOCK], const aes_context ctx[1] )
mluis 0:91d1a7783bb9 568 {
mluis 0:91d1a7783bb9 569 if( ctx->rnd )
mluis 0:91d1a7783bb9 570 {
mluis 0:91d1a7783bb9 571 uint_8t s1[N_BLOCK], r;
mluis 0:91d1a7783bb9 572 copy_and_key( s1, in, ctx->ksch );
mluis 0:91d1a7783bb9 573
mluis 0:91d1a7783bb9 574 for( r = 1 ; r < ctx->rnd ; ++r )
mluis 0:91d1a7783bb9 575 #if defined( VERSION_1 )
mluis 0:91d1a7783bb9 576 {
mluis 0:91d1a7783bb9 577 mix_sub_columns( s1 );
mluis 0:91d1a7783bb9 578 add_round_key( s1, ctx->ksch + r * N_BLOCK);
mluis 0:91d1a7783bb9 579 }
mluis 0:91d1a7783bb9 580 #else
mluis 0:91d1a7783bb9 581 { uint_8t s2[N_BLOCK];
mluis 0:91d1a7783bb9 582 mix_sub_columns( s2, s1 );
mluis 0:91d1a7783bb9 583 copy_and_key( s1, s2, ctx->ksch + r * N_BLOCK);
mluis 0:91d1a7783bb9 584 }
mluis 0:91d1a7783bb9 585 #endif
mluis 0:91d1a7783bb9 586 shift_sub_rows( s1 );
mluis 0:91d1a7783bb9 587 copy_and_key( out, s1, ctx->ksch + r * N_BLOCK );
mluis 0:91d1a7783bb9 588 }
mluis 0:91d1a7783bb9 589 else
mluis 0:91d1a7783bb9 590 return ( uint_8t )-1;
mluis 0:91d1a7783bb9 591 return 0;
mluis 0:91d1a7783bb9 592 }
mluis 0:91d1a7783bb9 593
mluis 0:91d1a7783bb9 594 /* CBC encrypt a number of blocks (input and return an IV) */
mluis 0:91d1a7783bb9 595
mluis 0:91d1a7783bb9 596 return_type aes_cbc_encrypt( const unsigned char *in, unsigned char *out,
mluis 0:91d1a7783bb9 597 int n_block, unsigned char iv[N_BLOCK], const aes_context ctx[1] )
mluis 0:91d1a7783bb9 598 {
mluis 0:91d1a7783bb9 599
mluis 0:91d1a7783bb9 600 while(n_block--)
mluis 0:91d1a7783bb9 601 {
mluis 0:91d1a7783bb9 602 xor_block(iv, in);
mluis 0:91d1a7783bb9 603 if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
mluis 0:91d1a7783bb9 604 return EXIT_FAILURE;
mluis 0:91d1a7783bb9 605 //memcpy(out, iv, N_BLOCK);
mluis 0:91d1a7783bb9 606 block_copy(out, iv);
mluis 0:91d1a7783bb9 607 in += N_BLOCK;
mluis 0:91d1a7783bb9 608 out += N_BLOCK;
mluis 0:91d1a7783bb9 609 }
mluis 0:91d1a7783bb9 610 return EXIT_SUCCESS;
mluis 0:91d1a7783bb9 611 }
mluis 0:91d1a7783bb9 612
mluis 0:91d1a7783bb9 613 #endif
mluis 0:91d1a7783bb9 614
mluis 0:91d1a7783bb9 615 #if defined( AES_DEC_PREKEYED )
mluis 0:91d1a7783bb9 616
mluis 0:91d1a7783bb9 617 /* Decrypt a single block of 16 bytes */
mluis 0:91d1a7783bb9 618
mluis 0:91d1a7783bb9 619 return_type aes_decrypt( const unsigned char in[N_BLOCK], unsigned char out[N_BLOCK], const aes_context ctx[1] )
mluis 0:91d1a7783bb9 620 {
mluis 0:91d1a7783bb9 621 if( ctx->rnd )
mluis 0:91d1a7783bb9 622 {
mluis 0:91d1a7783bb9 623 uint_8t s1[N_BLOCK], r;
mluis 0:91d1a7783bb9 624 copy_and_key( s1, in, ctx->ksch + ctx->rnd * N_BLOCK );
mluis 0:91d1a7783bb9 625 inv_shift_sub_rows( s1 );
mluis 0:91d1a7783bb9 626
mluis 0:91d1a7783bb9 627 for( r = ctx->rnd ; --r ; )
mluis 0:91d1a7783bb9 628 #if defined( VERSION_1 )
mluis 0:91d1a7783bb9 629 {
mluis 0:91d1a7783bb9 630 add_round_key( s1, ctx->ksch + r * N_BLOCK );
mluis 0:91d1a7783bb9 631 inv_mix_sub_columns( s1 );
mluis 0:91d1a7783bb9 632 }
mluis 0:91d1a7783bb9 633 #else
mluis 0:91d1a7783bb9 634 { uint_8t s2[N_BLOCK];
mluis 0:91d1a7783bb9 635 copy_and_key( s2, s1, ctx->ksch + r * N_BLOCK );
mluis 0:91d1a7783bb9 636 inv_mix_sub_columns( s1, s2 );
mluis 0:91d1a7783bb9 637 }
mluis 0:91d1a7783bb9 638 #endif
mluis 0:91d1a7783bb9 639 copy_and_key( out, s1, ctx->ksch );
mluis 0:91d1a7783bb9 640 }
mluis 0:91d1a7783bb9 641 else
mluis 0:91d1a7783bb9 642 return -1;
mluis 0:91d1a7783bb9 643 return 0;
mluis 0:91d1a7783bb9 644 }
mluis 0:91d1a7783bb9 645
mluis 0:91d1a7783bb9 646 /* CBC decrypt a number of blocks (input and return an IV) */
mluis 0:91d1a7783bb9 647
mluis 0:91d1a7783bb9 648 return_type aes_cbc_decrypt( const unsigned char *in, unsigned char *out,
mluis 0:91d1a7783bb9 649 int n_block, unsigned char iv[N_BLOCK], const aes_context ctx[1] )
mluis 0:91d1a7783bb9 650 {
mluis 0:91d1a7783bb9 651 while(n_block--)
mluis 0:91d1a7783bb9 652 { uint_8t tmp[N_BLOCK];
mluis 0:91d1a7783bb9 653
mluis 0:91d1a7783bb9 654 //memcpy(tmp, in, N_BLOCK);
mluis 0:91d1a7783bb9 655 block_copy(tmp, in);
mluis 0:91d1a7783bb9 656 if(aes_decrypt(in, out, ctx) != EXIT_SUCCESS)
mluis 0:91d1a7783bb9 657 return EXIT_FAILURE;
mluis 0:91d1a7783bb9 658 xor_block(out, iv);
mluis 0:91d1a7783bb9 659 //memcpy(iv, tmp, N_BLOCK);
mluis 0:91d1a7783bb9 660 block_copy(iv, tmp);
mluis 0:91d1a7783bb9 661 in += N_BLOCK;
mluis 0:91d1a7783bb9 662 out += N_BLOCK;
mluis 0:91d1a7783bb9 663 }
mluis 0:91d1a7783bb9 664 return EXIT_SUCCESS;
mluis 0:91d1a7783bb9 665 }
mluis 0:91d1a7783bb9 666
mluis 0:91d1a7783bb9 667 #endif
mluis 0:91d1a7783bb9 668
mluis 0:91d1a7783bb9 669 #if defined( AES_ENC_128_OTFK )
mluis 0:91d1a7783bb9 670
mluis 0:91d1a7783bb9 671 /* The 'on the fly' encryption key update for for 128 bit keys */
mluis 0:91d1a7783bb9 672
mluis 0:91d1a7783bb9 673 static void update_encrypt_key_128( uint_8t k[N_BLOCK], uint_8t *rc )
mluis 0:91d1a7783bb9 674 { uint_8t cc;
mluis 0:91d1a7783bb9 675
mluis 0:91d1a7783bb9 676 k[0] ^= s_box(k[13]) ^ *rc;
mluis 0:91d1a7783bb9 677 k[1] ^= s_box(k[14]);
mluis 0:91d1a7783bb9 678 k[2] ^= s_box(k[15]);
mluis 0:91d1a7783bb9 679 k[3] ^= s_box(k[12]);
mluis 0:91d1a7783bb9 680 *rc = f2( *rc );
mluis 0:91d1a7783bb9 681
mluis 0:91d1a7783bb9 682 for(cc = 4; cc < 16; cc += 4 )
mluis 0:91d1a7783bb9 683 {
mluis 0:91d1a7783bb9 684 k[cc + 0] ^= k[cc - 4];
mluis 0:91d1a7783bb9 685 k[cc + 1] ^= k[cc - 3];
mluis 0:91d1a7783bb9 686 k[cc + 2] ^= k[cc - 2];
mluis 0:91d1a7783bb9 687 k[cc + 3] ^= k[cc - 1];
mluis 0:91d1a7783bb9 688 }
mluis 0:91d1a7783bb9 689 }
mluis 0:91d1a7783bb9 690
mluis 0:91d1a7783bb9 691 /* Encrypt a single block of 16 bytes with 'on the fly' 128 bit keying */
mluis 0:91d1a7783bb9 692
mluis 0:91d1a7783bb9 693 void aes_encrypt_128( const unsigned char in[N_BLOCK], unsigned char out[N_BLOCK],
mluis 0:91d1a7783bb9 694 const unsigned char key[N_BLOCK], unsigned char o_key[N_BLOCK] )
mluis 0:91d1a7783bb9 695 { uint_8t s1[N_BLOCK], r, rc = 1;
mluis 0:91d1a7783bb9 696
mluis 0:91d1a7783bb9 697 if(o_key != key)
mluis 0:91d1a7783bb9 698 block_copy( o_key, key );
mluis 0:91d1a7783bb9 699 copy_and_key( s1, in, o_key );
mluis 0:91d1a7783bb9 700
mluis 0:91d1a7783bb9 701 for( r = 1 ; r < 10 ; ++r )
mluis 0:91d1a7783bb9 702 #if defined( VERSION_1 )
mluis 0:91d1a7783bb9 703 {
mluis 0:91d1a7783bb9 704 mix_sub_columns( s1 );
mluis 0:91d1a7783bb9 705 update_encrypt_key_128( o_key, &rc );
mluis 0:91d1a7783bb9 706 add_round_key( s1, o_key );
mluis 0:91d1a7783bb9 707 }
mluis 0:91d1a7783bb9 708 #else
mluis 0:91d1a7783bb9 709 { uint_8t s2[N_BLOCK];
mluis 0:91d1a7783bb9 710 mix_sub_columns( s2, s1 );
mluis 0:91d1a7783bb9 711 update_encrypt_key_128( o_key, &rc );
mluis 0:91d1a7783bb9 712 copy_and_key( s1, s2, o_key );
mluis 0:91d1a7783bb9 713 }
mluis 0:91d1a7783bb9 714 #endif
mluis 0:91d1a7783bb9 715
mluis 0:91d1a7783bb9 716 shift_sub_rows( s1 );
mluis 0:91d1a7783bb9 717 update_encrypt_key_128( o_key, &rc );
mluis 0:91d1a7783bb9 718 copy_and_key( out, s1, o_key );
mluis 0:91d1a7783bb9 719 }
mluis 0:91d1a7783bb9 720
mluis 0:91d1a7783bb9 721 #endif
mluis 0:91d1a7783bb9 722
mluis 0:91d1a7783bb9 723 #if defined( AES_DEC_128_OTFK )
mluis 0:91d1a7783bb9 724
mluis 0:91d1a7783bb9 725 /* The 'on the fly' decryption key update for for 128 bit keys */
mluis 0:91d1a7783bb9 726
mluis 0:91d1a7783bb9 727 static void update_decrypt_key_128( uint_8t k[N_BLOCK], uint_8t *rc )
mluis 0:91d1a7783bb9 728 { uint_8t cc;
mluis 0:91d1a7783bb9 729
mluis 0:91d1a7783bb9 730 for( cc = 12; cc > 0; cc -= 4 )
mluis 0:91d1a7783bb9 731 {
mluis 0:91d1a7783bb9 732 k[cc + 0] ^= k[cc - 4];
mluis 0:91d1a7783bb9 733 k[cc + 1] ^= k[cc - 3];
mluis 0:91d1a7783bb9 734 k[cc + 2] ^= k[cc - 2];
mluis 0:91d1a7783bb9 735 k[cc + 3] ^= k[cc - 1];
mluis 0:91d1a7783bb9 736 }
mluis 0:91d1a7783bb9 737 *rc = d2(*rc);
mluis 0:91d1a7783bb9 738 k[0] ^= s_box(k[13]) ^ *rc;
mluis 0:91d1a7783bb9 739 k[1] ^= s_box(k[14]);
mluis 0:91d1a7783bb9 740 k[2] ^= s_box(k[15]);
mluis 0:91d1a7783bb9 741 k[3] ^= s_box(k[12]);
mluis 0:91d1a7783bb9 742 }
mluis 0:91d1a7783bb9 743
mluis 0:91d1a7783bb9 744 /* Decrypt a single block of 16 bytes with 'on the fly' 128 bit keying */
mluis 0:91d1a7783bb9 745
mluis 0:91d1a7783bb9 746 void aes_decrypt_128( const unsigned char in[N_BLOCK], unsigned char out[N_BLOCK],
mluis 0:91d1a7783bb9 747 const unsigned char key[N_BLOCK], unsigned char o_key[N_BLOCK] )
mluis 0:91d1a7783bb9 748 {
mluis 0:91d1a7783bb9 749 uint_8t s1[N_BLOCK], r, rc = 0x6c;
mluis 0:91d1a7783bb9 750 if(o_key != key)
mluis 0:91d1a7783bb9 751 block_copy( o_key, key );
mluis 0:91d1a7783bb9 752
mluis 0:91d1a7783bb9 753 copy_and_key( s1, in, o_key );
mluis 0:91d1a7783bb9 754 inv_shift_sub_rows( s1 );
mluis 0:91d1a7783bb9 755
mluis 0:91d1a7783bb9 756 for( r = 10 ; --r ; )
mluis 0:91d1a7783bb9 757 #if defined( VERSION_1 )
mluis 0:91d1a7783bb9 758 {
mluis 0:91d1a7783bb9 759 update_decrypt_key_128( o_key, &rc );
mluis 0:91d1a7783bb9 760 add_round_key( s1, o_key );
mluis 0:91d1a7783bb9 761 inv_mix_sub_columns( s1 );
mluis 0:91d1a7783bb9 762 }
mluis 0:91d1a7783bb9 763 #else
mluis 0:91d1a7783bb9 764 { uint_8t s2[N_BLOCK];
mluis 0:91d1a7783bb9 765 update_decrypt_key_128( o_key, &rc );
mluis 0:91d1a7783bb9 766 copy_and_key( s2, s1, o_key );
mluis 0:91d1a7783bb9 767 inv_mix_sub_columns( s1, s2 );
mluis 0:91d1a7783bb9 768 }
mluis 0:91d1a7783bb9 769 #endif
mluis 0:91d1a7783bb9 770 update_decrypt_key_128( o_key, &rc );
mluis 0:91d1a7783bb9 771 copy_and_key( out, s1, o_key );
mluis 0:91d1a7783bb9 772 }
mluis 0:91d1a7783bb9 773
mluis 0:91d1a7783bb9 774 #endif
mluis 0:91d1a7783bb9 775
mluis 0:91d1a7783bb9 776 #if defined( AES_ENC_256_OTFK )
mluis 0:91d1a7783bb9 777
mluis 0:91d1a7783bb9 778 /* The 'on the fly' encryption key update for for 256 bit keys */
mluis 0:91d1a7783bb9 779
mluis 0:91d1a7783bb9 780 static void update_encrypt_key_256( uint_8t k[2 * N_BLOCK], uint_8t *rc )
mluis 0:91d1a7783bb9 781 { uint_8t cc;
mluis 0:91d1a7783bb9 782
mluis 0:91d1a7783bb9 783 k[0] ^= s_box(k[29]) ^ *rc;
mluis 0:91d1a7783bb9 784 k[1] ^= s_box(k[30]);
mluis 0:91d1a7783bb9 785 k[2] ^= s_box(k[31]);
mluis 0:91d1a7783bb9 786 k[3] ^= s_box(k[28]);
mluis 0:91d1a7783bb9 787 *rc = f2( *rc );
mluis 0:91d1a7783bb9 788
mluis 0:91d1a7783bb9 789 for(cc = 4; cc < 16; cc += 4)
mluis 0:91d1a7783bb9 790 {
mluis 0:91d1a7783bb9 791 k[cc + 0] ^= k[cc - 4];
mluis 0:91d1a7783bb9 792 k[cc + 1] ^= k[cc - 3];
mluis 0:91d1a7783bb9 793 k[cc + 2] ^= k[cc - 2];
mluis 0:91d1a7783bb9 794 k[cc + 3] ^= k[cc - 1];
mluis 0:91d1a7783bb9 795 }
mluis 0:91d1a7783bb9 796
mluis 0:91d1a7783bb9 797 k[16] ^= s_box(k[12]);
mluis 0:91d1a7783bb9 798 k[17] ^= s_box(k[13]);
mluis 0:91d1a7783bb9 799 k[18] ^= s_box(k[14]);
mluis 0:91d1a7783bb9 800 k[19] ^= s_box(k[15]);
mluis 0:91d1a7783bb9 801
mluis 0:91d1a7783bb9 802 for( cc = 20; cc < 32; cc += 4 )
mluis 0:91d1a7783bb9 803 {
mluis 0:91d1a7783bb9 804 k[cc + 0] ^= k[cc - 4];
mluis 0:91d1a7783bb9 805 k[cc + 1] ^= k[cc - 3];
mluis 0:91d1a7783bb9 806 k[cc + 2] ^= k[cc - 2];
mluis 0:91d1a7783bb9 807 k[cc + 3] ^= k[cc - 1];
mluis 0:91d1a7783bb9 808 }
mluis 0:91d1a7783bb9 809 }
mluis 0:91d1a7783bb9 810
mluis 0:91d1a7783bb9 811 /* Encrypt a single block of 16 bytes with 'on the fly' 256 bit keying */
mluis 0:91d1a7783bb9 812
mluis 0:91d1a7783bb9 813 void aes_encrypt_256( const unsigned char in[N_BLOCK], unsigned char out[N_BLOCK],
mluis 0:91d1a7783bb9 814 const unsigned char key[2 * N_BLOCK], unsigned char o_key[2 * N_BLOCK] )
mluis 0:91d1a7783bb9 815 {
mluis 0:91d1a7783bb9 816 uint_8t s1[N_BLOCK], r, rc = 1;
mluis 0:91d1a7783bb9 817 if(o_key != key)
mluis 0:91d1a7783bb9 818 {
mluis 0:91d1a7783bb9 819 block_copy( o_key, key );
mluis 0:91d1a7783bb9 820 block_copy( o_key + 16, key + 16 );
mluis 0:91d1a7783bb9 821 }
mluis 0:91d1a7783bb9 822 copy_and_key( s1, in, o_key );
mluis 0:91d1a7783bb9 823
mluis 0:91d1a7783bb9 824 for( r = 1 ; r < 14 ; ++r )
mluis 0:91d1a7783bb9 825 #if defined( VERSION_1 )
mluis 0:91d1a7783bb9 826 {
mluis 0:91d1a7783bb9 827 mix_sub_columns(s1);
mluis 0:91d1a7783bb9 828 if( r & 1 )
mluis 0:91d1a7783bb9 829 add_round_key( s1, o_key + 16 );
mluis 0:91d1a7783bb9 830 else
mluis 0:91d1a7783bb9 831 {
mluis 0:91d1a7783bb9 832 update_encrypt_key_256( o_key, &rc );
mluis 0:91d1a7783bb9 833 add_round_key( s1, o_key );
mluis 0:91d1a7783bb9 834 }
mluis 0:91d1a7783bb9 835 }
mluis 0:91d1a7783bb9 836 #else
mluis 0:91d1a7783bb9 837 { uint_8t s2[N_BLOCK];
mluis 0:91d1a7783bb9 838 mix_sub_columns( s2, s1 );
mluis 0:91d1a7783bb9 839 if( r & 1 )
mluis 0:91d1a7783bb9 840 copy_and_key( s1, s2, o_key + 16 );
mluis 0:91d1a7783bb9 841 else
mluis 0:91d1a7783bb9 842 {
mluis 0:91d1a7783bb9 843 update_encrypt_key_256( o_key, &rc );
mluis 0:91d1a7783bb9 844 copy_and_key( s1, s2, o_key );
mluis 0:91d1a7783bb9 845 }
mluis 0:91d1a7783bb9 846 }
mluis 0:91d1a7783bb9 847 #endif
mluis 0:91d1a7783bb9 848
mluis 0:91d1a7783bb9 849 shift_sub_rows( s1 );
mluis 0:91d1a7783bb9 850 update_encrypt_key_256( o_key, &rc );
mluis 0:91d1a7783bb9 851 copy_and_key( out, s1, o_key );
mluis 0:91d1a7783bb9 852 }
mluis 0:91d1a7783bb9 853
mluis 0:91d1a7783bb9 854 #endif
mluis 0:91d1a7783bb9 855
mluis 0:91d1a7783bb9 856 #if defined( AES_DEC_256_OTFK )
mluis 0:91d1a7783bb9 857
mluis 0:91d1a7783bb9 858 /* The 'on the fly' encryption key update for for 256 bit keys */
mluis 0:91d1a7783bb9 859
mluis 0:91d1a7783bb9 860 static void update_decrypt_key_256( uint_8t k[2 * N_BLOCK], uint_8t *rc )
mluis 0:91d1a7783bb9 861 { uint_8t cc;
mluis 0:91d1a7783bb9 862
mluis 0:91d1a7783bb9 863 for(cc = 28; cc > 16; cc -= 4)
mluis 0:91d1a7783bb9 864 {
mluis 0:91d1a7783bb9 865 k[cc + 0] ^= k[cc - 4];
mluis 0:91d1a7783bb9 866 k[cc + 1] ^= k[cc - 3];
mluis 0:91d1a7783bb9 867 k[cc + 2] ^= k[cc - 2];
mluis 0:91d1a7783bb9 868 k[cc + 3] ^= k[cc - 1];
mluis 0:91d1a7783bb9 869 }
mluis 0:91d1a7783bb9 870
mluis 0:91d1a7783bb9 871 k[16] ^= s_box(k[12]);
mluis 0:91d1a7783bb9 872 k[17] ^= s_box(k[13]);
mluis 0:91d1a7783bb9 873 k[18] ^= s_box(k[14]);
mluis 0:91d1a7783bb9 874 k[19] ^= s_box(k[15]);
mluis 0:91d1a7783bb9 875
mluis 0:91d1a7783bb9 876 for(cc = 12; cc > 0; cc -= 4)
mluis 0:91d1a7783bb9 877 {
mluis 0:91d1a7783bb9 878 k[cc + 0] ^= k[cc - 4];
mluis 0:91d1a7783bb9 879 k[cc + 1] ^= k[cc - 3];
mluis 0:91d1a7783bb9 880 k[cc + 2] ^= k[cc - 2];
mluis 0:91d1a7783bb9 881 k[cc + 3] ^= k[cc - 1];
mluis 0:91d1a7783bb9 882 }
mluis 0:91d1a7783bb9 883
mluis 0:91d1a7783bb9 884 *rc = d2(*rc);
mluis 0:91d1a7783bb9 885 k[0] ^= s_box(k[29]) ^ *rc;
mluis 0:91d1a7783bb9 886 k[1] ^= s_box(k[30]);
mluis 0:91d1a7783bb9 887 k[2] ^= s_box(k[31]);
mluis 0:91d1a7783bb9 888 k[3] ^= s_box(k[28]);
mluis 0:91d1a7783bb9 889 }
mluis 0:91d1a7783bb9 890
mluis 0:91d1a7783bb9 891 /* Decrypt a single block of 16 bytes with 'on the fly'
mluis 0:91d1a7783bb9 892 256 bit keying
mluis 0:91d1a7783bb9 893 */
mluis 0:91d1a7783bb9 894 void aes_decrypt_256( const unsigned char in[N_BLOCK], unsigned char out[N_BLOCK],
mluis 0:91d1a7783bb9 895 const unsigned char key[2 * N_BLOCK], unsigned char o_key[2 * N_BLOCK] )
mluis 0:91d1a7783bb9 896 {
mluis 0:91d1a7783bb9 897 uint_8t s1[N_BLOCK], r, rc = 0x80;
mluis 0:91d1a7783bb9 898
mluis 0:91d1a7783bb9 899 if(o_key != key)
mluis 0:91d1a7783bb9 900 {
mluis 0:91d1a7783bb9 901 block_copy( o_key, key );
mluis 0:91d1a7783bb9 902 block_copy( o_key + 16, key + 16 );
mluis 0:91d1a7783bb9 903 }
mluis 0:91d1a7783bb9 904
mluis 0:91d1a7783bb9 905 copy_and_key( s1, in, o_key );
mluis 0:91d1a7783bb9 906 inv_shift_sub_rows( s1 );
mluis 0:91d1a7783bb9 907
mluis 0:91d1a7783bb9 908 for( r = 14 ; --r ; )
mluis 0:91d1a7783bb9 909 #if defined( VERSION_1 )
mluis 0:91d1a7783bb9 910 {
mluis 0:91d1a7783bb9 911 if( ( r & 1 ) )
mluis 0:91d1a7783bb9 912 {
mluis 0:91d1a7783bb9 913 update_decrypt_key_256( o_key, &rc );
mluis 0:91d1a7783bb9 914 add_round_key( s1, o_key + 16 );
mluis 0:91d1a7783bb9 915 }
mluis 0:91d1a7783bb9 916 else
mluis 0:91d1a7783bb9 917 add_round_key( s1, o_key );
mluis 0:91d1a7783bb9 918 inv_mix_sub_columns( s1 );
mluis 0:91d1a7783bb9 919 }
mluis 0:91d1a7783bb9 920 #else
mluis 0:91d1a7783bb9 921 { uint_8t s2[N_BLOCK];
mluis 0:91d1a7783bb9 922 if( ( r & 1 ) )
mluis 0:91d1a7783bb9 923 {
mluis 0:91d1a7783bb9 924 update_decrypt_key_256( o_key, &rc );
mluis 0:91d1a7783bb9 925 copy_and_key( s2, s1, o_key + 16 );
mluis 0:91d1a7783bb9 926 }
mluis 0:91d1a7783bb9 927 else
mluis 0:91d1a7783bb9 928 copy_and_key( s2, s1, o_key );
mluis 0:91d1a7783bb9 929 inv_mix_sub_columns( s1, s2 );
mluis 0:91d1a7783bb9 930 }
mluis 0:91d1a7783bb9 931 #endif
mluis 0:91d1a7783bb9 932 copy_and_key( out, s1, o_key );
mluis 0:91d1a7783bb9 933 }
mluis 0:91d1a7783bb9 934
mluis 0:91d1a7783bb9 935 #endif