code crashes accessing randomization code
Dependencies: LoRaWAN-SX1272-Application-24-31-9sec X_NUCLEO_IKS01A1 driver_mbed_TH02 LoRaWAN-lib-v1_0_1 SX1272Lib mbed
Fork of LoRaWAN-SX1272-Application-24-31-9sec by
system/crypto/aes.cpp@8:0a3a16fd1bc8, 2017-11-27 (annotated)
- Committer:
- billvs
- Date:
- Mon Nov 27 20:49:31 2017 +0000
- Revision:
- 8:0a3a16fd1bc8
- Parent:
- 0:6cc76d70e2a1
crashes with autoconfig address on L073RZ
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
ubhat | 0:6cc76d70e2a1 | 1 | /* |
ubhat | 0:6cc76d70e2a1 | 2 | --------------------------------------------------------------------------- |
ubhat | 0:6cc76d70e2a1 | 3 | Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved. |
ubhat | 0:6cc76d70e2a1 | 4 | |
ubhat | 0:6cc76d70e2a1 | 5 | LICENSE TERMS |
ubhat | 0:6cc76d70e2a1 | 6 | |
ubhat | 0:6cc76d70e2a1 | 7 | The redistribution and use of this software (with or without changes) |
ubhat | 0:6cc76d70e2a1 | 8 | is allowed without the payment of fees or royalties provided that: |
ubhat | 0:6cc76d70e2a1 | 9 | |
ubhat | 0:6cc76d70e2a1 | 10 | 1. source code distributions include the above copyright notice, this |
ubhat | 0:6cc76d70e2a1 | 11 | list of conditions and the following disclaimer; |
ubhat | 0:6cc76d70e2a1 | 12 | |
ubhat | 0:6cc76d70e2a1 | 13 | 2. binary distributions include the above copyright notice, this list |
ubhat | 0:6cc76d70e2a1 | 14 | of conditions and the following disclaimer in their documentation; |
ubhat | 0:6cc76d70e2a1 | 15 | |
ubhat | 0:6cc76d70e2a1 | 16 | 3. the name of the copyright holder is not used to endorse products |
ubhat | 0:6cc76d70e2a1 | 17 | built using this software without specific written permission. |
ubhat | 0:6cc76d70e2a1 | 18 | |
ubhat | 0:6cc76d70e2a1 | 19 | DISCLAIMER |
ubhat | 0:6cc76d70e2a1 | 20 | |
ubhat | 0:6cc76d70e2a1 | 21 | This software is provided 'as is' with no explicit or implied warranties |
ubhat | 0:6cc76d70e2a1 | 22 | in respect of its properties, including, but not limited to, correctness |
ubhat | 0:6cc76d70e2a1 | 23 | and/or fitness for purpose. |
ubhat | 0:6cc76d70e2a1 | 24 | --------------------------------------------------------------------------- |
ubhat | 0:6cc76d70e2a1 | 25 | Issue 09/09/2006 |
ubhat | 0:6cc76d70e2a1 | 26 | |
ubhat | 0:6cc76d70e2a1 | 27 | This is an AES implementation that uses only 8-bit byte operations on the |
ubhat | 0:6cc76d70e2a1 | 28 | cipher state (there are options to use 32-bit types if available). |
ubhat | 0:6cc76d70e2a1 | 29 | |
ubhat | 0:6cc76d70e2a1 | 30 | The combination of mix columns and byte substitution used here is based on |
ubhat | 0:6cc76d70e2a1 | 31 | that developed by Karl Malbrain. His contribution is acknowledged. |
ubhat | 0:6cc76d70e2a1 | 32 | */ |
ubhat | 0:6cc76d70e2a1 | 33 | |
ubhat | 0:6cc76d70e2a1 | 34 | /* define if you have a fast memcpy function on your system */ |
ubhat | 0:6cc76d70e2a1 | 35 | #if 0 |
ubhat | 0:6cc76d70e2a1 | 36 | # define HAVE_MEMCPY |
ubhat | 0:6cc76d70e2a1 | 37 | # include <string.h> |
ubhat | 0:6cc76d70e2a1 | 38 | # if defined( _MSC_VER ) |
ubhat | 0:6cc76d70e2a1 | 39 | # include <intrin.h> |
ubhat | 0:6cc76d70e2a1 | 40 | # pragma intrinsic( memcpy ) |
ubhat | 0:6cc76d70e2a1 | 41 | # endif |
ubhat | 0:6cc76d70e2a1 | 42 | #endif |
ubhat | 0:6cc76d70e2a1 | 43 | |
ubhat | 0:6cc76d70e2a1 | 44 | |
ubhat | 0:6cc76d70e2a1 | 45 | #include <stdlib.h> |
ubhat | 0:6cc76d70e2a1 | 46 | #include <stdint.h> |
ubhat | 0:6cc76d70e2a1 | 47 | |
ubhat | 0:6cc76d70e2a1 | 48 | /* define if you have fast 32-bit types on your system */ |
ubhat | 0:6cc76d70e2a1 | 49 | #if ( __CORTEX_M != 0 ) // if Cortex is different from M0/M0+ |
ubhat | 0:6cc76d70e2a1 | 50 | # define HAVE_UINT_32T |
ubhat | 0:6cc76d70e2a1 | 51 | #endif |
ubhat | 0:6cc76d70e2a1 | 52 | |
ubhat | 0:6cc76d70e2a1 | 53 | /* define if you don't want any tables */ |
ubhat | 0:6cc76d70e2a1 | 54 | #if 1 |
ubhat | 0:6cc76d70e2a1 | 55 | # define USE_TABLES |
ubhat | 0:6cc76d70e2a1 | 56 | #endif |
ubhat | 0:6cc76d70e2a1 | 57 | |
ubhat | 0:6cc76d70e2a1 | 58 | /* On Intel Core 2 duo VERSION_1 is faster */ |
ubhat | 0:6cc76d70e2a1 | 59 | |
ubhat | 0:6cc76d70e2a1 | 60 | /* alternative versions (test for performance on your system) */ |
ubhat | 0:6cc76d70e2a1 | 61 | #if 1 |
ubhat | 0:6cc76d70e2a1 | 62 | # define VERSION_1 |
ubhat | 0:6cc76d70e2a1 | 63 | #endif |
ubhat | 0:6cc76d70e2a1 | 64 | |
ubhat | 0:6cc76d70e2a1 | 65 | #include "aes.h" |
ubhat | 0:6cc76d70e2a1 | 66 | |
ubhat | 0:6cc76d70e2a1 | 67 | //#if defined( HAVE_UINT_32T ) |
ubhat | 0:6cc76d70e2a1 | 68 | // typedef unsigned long uint32_t; |
ubhat | 0:6cc76d70e2a1 | 69 | //#endif |
ubhat | 0:6cc76d70e2a1 | 70 | |
ubhat | 0:6cc76d70e2a1 | 71 | /* functions for finite field multiplication in the AES Galois field */ |
ubhat | 0:6cc76d70e2a1 | 72 | |
ubhat | 0:6cc76d70e2a1 | 73 | #define WPOLY 0x011b |
ubhat | 0:6cc76d70e2a1 | 74 | #define BPOLY 0x1b |
ubhat | 0:6cc76d70e2a1 | 75 | #define DPOLY 0x008d |
ubhat | 0:6cc76d70e2a1 | 76 | |
ubhat | 0:6cc76d70e2a1 | 77 | #define f1(x) (x) |
ubhat | 0:6cc76d70e2a1 | 78 | #define f2(x) ((x << 1) ^ (((x >> 7) & 1) * WPOLY)) |
ubhat | 0:6cc76d70e2a1 | 79 | #define f4(x) ((x << 2) ^ (((x >> 6) & 1) * WPOLY) ^ (((x >> 6) & 2) * WPOLY)) |
ubhat | 0:6cc76d70e2a1 | 80 | #define f8(x) ((x << 3) ^ (((x >> 5) & 1) * WPOLY) ^ (((x >> 5) & 2) * WPOLY) \ |
ubhat | 0:6cc76d70e2a1 | 81 | ^ (((x >> 5) & 4) * WPOLY)) |
ubhat | 0:6cc76d70e2a1 | 82 | #define d2(x) (((x) >> 1) ^ ((x) & 1 ? DPOLY : 0)) |
ubhat | 0:6cc76d70e2a1 | 83 | |
ubhat | 0:6cc76d70e2a1 | 84 | #define f3(x) (f2(x) ^ x) |
ubhat | 0:6cc76d70e2a1 | 85 | #define f9(x) (f8(x) ^ x) |
ubhat | 0:6cc76d70e2a1 | 86 | #define fb(x) (f8(x) ^ f2(x) ^ x) |
ubhat | 0:6cc76d70e2a1 | 87 | #define fd(x) (f8(x) ^ f4(x) ^ x) |
ubhat | 0:6cc76d70e2a1 | 88 | #define fe(x) (f8(x) ^ f4(x) ^ f2(x)) |
ubhat | 0:6cc76d70e2a1 | 89 | |
ubhat | 0:6cc76d70e2a1 | 90 | #if defined( USE_TABLES ) |
ubhat | 0:6cc76d70e2a1 | 91 | |
ubhat | 0:6cc76d70e2a1 | 92 | #define sb_data(w) { /* S Box data values */ \ |
ubhat | 0:6cc76d70e2a1 | 93 | w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\ |
ubhat | 0:6cc76d70e2a1 | 94 | w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\ |
ubhat | 0:6cc76d70e2a1 | 95 | w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\ |
ubhat | 0:6cc76d70e2a1 | 96 | w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\ |
ubhat | 0:6cc76d70e2a1 | 97 | w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\ |
ubhat | 0:6cc76d70e2a1 | 98 | w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\ |
ubhat | 0:6cc76d70e2a1 | 99 | w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\ |
ubhat | 0:6cc76d70e2a1 | 100 | w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\ |
ubhat | 0:6cc76d70e2a1 | 101 | w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\ |
ubhat | 0:6cc76d70e2a1 | 102 | w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\ |
ubhat | 0:6cc76d70e2a1 | 103 | w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\ |
ubhat | 0:6cc76d70e2a1 | 104 | w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\ |
ubhat | 0:6cc76d70e2a1 | 105 | w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\ |
ubhat | 0:6cc76d70e2a1 | 106 | w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\ |
ubhat | 0:6cc76d70e2a1 | 107 | w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\ |
ubhat | 0:6cc76d70e2a1 | 108 | w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\ |
ubhat | 0:6cc76d70e2a1 | 109 | w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\ |
ubhat | 0:6cc76d70e2a1 | 110 | w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\ |
ubhat | 0:6cc76d70e2a1 | 111 | w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\ |
ubhat | 0:6cc76d70e2a1 | 112 | w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\ |
ubhat | 0:6cc76d70e2a1 | 113 | w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\ |
ubhat | 0:6cc76d70e2a1 | 114 | w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\ |
ubhat | 0:6cc76d70e2a1 | 115 | w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\ |
ubhat | 0:6cc76d70e2a1 | 116 | w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\ |
ubhat | 0:6cc76d70e2a1 | 117 | w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\ |
ubhat | 0:6cc76d70e2a1 | 118 | w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\ |
ubhat | 0:6cc76d70e2a1 | 119 | w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\ |
ubhat | 0:6cc76d70e2a1 | 120 | w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\ |
ubhat | 0:6cc76d70e2a1 | 121 | w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\ |
ubhat | 0:6cc76d70e2a1 | 122 | w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\ |
ubhat | 0:6cc76d70e2a1 | 123 | w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\ |
ubhat | 0:6cc76d70e2a1 | 124 | w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16) } |
ubhat | 0:6cc76d70e2a1 | 125 | |
ubhat | 0:6cc76d70e2a1 | 126 | #define isb_data(w) { /* inverse S Box data values */ \ |
ubhat | 0:6cc76d70e2a1 | 127 | w(0x52), w(0x09), w(0x6a), w(0xd5), w(0x30), w(0x36), w(0xa5), w(0x38),\ |
ubhat | 0:6cc76d70e2a1 | 128 | w(0xbf), w(0x40), w(0xa3), w(0x9e), w(0x81), w(0xf3), w(0xd7), w(0xfb),\ |
ubhat | 0:6cc76d70e2a1 | 129 | w(0x7c), w(0xe3), w(0x39), w(0x82), w(0x9b), w(0x2f), w(0xff), w(0x87),\ |
ubhat | 0:6cc76d70e2a1 | 130 | w(0x34), w(0x8e), w(0x43), w(0x44), w(0xc4), w(0xde), w(0xe9), w(0xcb),\ |
ubhat | 0:6cc76d70e2a1 | 131 | w(0x54), w(0x7b), w(0x94), w(0x32), w(0xa6), w(0xc2), w(0x23), w(0x3d),\ |
ubhat | 0:6cc76d70e2a1 | 132 | w(0xee), w(0x4c), w(0x95), w(0x0b), w(0x42), w(0xfa), w(0xc3), w(0x4e),\ |
ubhat | 0:6cc76d70e2a1 | 133 | w(0x08), w(0x2e), w(0xa1), w(0x66), w(0x28), w(0xd9), w(0x24), w(0xb2),\ |
ubhat | 0:6cc76d70e2a1 | 134 | w(0x76), w(0x5b), w(0xa2), w(0x49), w(0x6d), w(0x8b), w(0xd1), w(0x25),\ |
ubhat | 0:6cc76d70e2a1 | 135 | w(0x72), w(0xf8), w(0xf6), w(0x64), w(0x86), w(0x68), w(0x98), w(0x16),\ |
ubhat | 0:6cc76d70e2a1 | 136 | w(0xd4), w(0xa4), w(0x5c), w(0xcc), w(0x5d), w(0x65), w(0xb6), w(0x92),\ |
ubhat | 0:6cc76d70e2a1 | 137 | w(0x6c), w(0x70), w(0x48), w(0x50), w(0xfd), w(0xed), w(0xb9), w(0xda),\ |
ubhat | 0:6cc76d70e2a1 | 138 | w(0x5e), w(0x15), w(0x46), w(0x57), w(0xa7), w(0x8d), w(0x9d), w(0x84),\ |
ubhat | 0:6cc76d70e2a1 | 139 | w(0x90), w(0xd8), w(0xab), w(0x00), w(0x8c), w(0xbc), w(0xd3), w(0x0a),\ |
ubhat | 0:6cc76d70e2a1 | 140 | w(0xf7), w(0xe4), w(0x58), w(0x05), w(0xb8), w(0xb3), w(0x45), w(0x06),\ |
ubhat | 0:6cc76d70e2a1 | 141 | w(0xd0), w(0x2c), w(0x1e), w(0x8f), w(0xca), w(0x3f), w(0x0f), w(0x02),\ |
ubhat | 0:6cc76d70e2a1 | 142 | w(0xc1), w(0xaf), w(0xbd), w(0x03), w(0x01), w(0x13), w(0x8a), w(0x6b),\ |
ubhat | 0:6cc76d70e2a1 | 143 | w(0x3a), w(0x91), w(0x11), w(0x41), w(0x4f), w(0x67), w(0xdc), w(0xea),\ |
ubhat | 0:6cc76d70e2a1 | 144 | w(0x97), w(0xf2), w(0xcf), w(0xce), w(0xf0), w(0xb4), w(0xe6), w(0x73),\ |
ubhat | 0:6cc76d70e2a1 | 145 | w(0x96), w(0xac), w(0x74), w(0x22), w(0xe7), w(0xad), w(0x35), w(0x85),\ |
ubhat | 0:6cc76d70e2a1 | 146 | w(0xe2), w(0xf9), w(0x37), w(0xe8), w(0x1c), w(0x75), w(0xdf), w(0x6e),\ |
ubhat | 0:6cc76d70e2a1 | 147 | w(0x47), w(0xf1), w(0x1a), w(0x71), w(0x1d), w(0x29), w(0xc5), w(0x89),\ |
ubhat | 0:6cc76d70e2a1 | 148 | w(0x6f), w(0xb7), w(0x62), w(0x0e), w(0xaa), w(0x18), w(0xbe), w(0x1b),\ |
ubhat | 0:6cc76d70e2a1 | 149 | w(0xfc), w(0x56), w(0x3e), w(0x4b), w(0xc6), w(0xd2), w(0x79), w(0x20),\ |
ubhat | 0:6cc76d70e2a1 | 150 | w(0x9a), w(0xdb), w(0xc0), w(0xfe), w(0x78), w(0xcd), w(0x5a), w(0xf4),\ |
ubhat | 0:6cc76d70e2a1 | 151 | w(0x1f), w(0xdd), w(0xa8), w(0x33), w(0x88), w(0x07), w(0xc7), w(0x31),\ |
ubhat | 0:6cc76d70e2a1 | 152 | w(0xb1), w(0x12), w(0x10), w(0x59), w(0x27), w(0x80), w(0xec), w(0x5f),\ |
ubhat | 0:6cc76d70e2a1 | 153 | w(0x60), w(0x51), w(0x7f), w(0xa9), w(0x19), w(0xb5), w(0x4a), w(0x0d),\ |
ubhat | 0:6cc76d70e2a1 | 154 | w(0x2d), w(0xe5), w(0x7a), w(0x9f), w(0x93), w(0xc9), w(0x9c), w(0xef),\ |
ubhat | 0:6cc76d70e2a1 | 155 | w(0xa0), w(0xe0), w(0x3b), w(0x4d), w(0xae), w(0x2a), w(0xf5), w(0xb0),\ |
ubhat | 0:6cc76d70e2a1 | 156 | w(0xc8), w(0xeb), w(0xbb), w(0x3c), w(0x83), w(0x53), w(0x99), w(0x61),\ |
ubhat | 0:6cc76d70e2a1 | 157 | w(0x17), w(0x2b), w(0x04), w(0x7e), w(0xba), w(0x77), w(0xd6), w(0x26),\ |
ubhat | 0:6cc76d70e2a1 | 158 | w(0xe1), w(0x69), w(0x14), w(0x63), w(0x55), w(0x21), w(0x0c), w(0x7d) } |
ubhat | 0:6cc76d70e2a1 | 159 | |
ubhat | 0:6cc76d70e2a1 | 160 | #define mm_data(w) { /* basic data for forming finite field tables */ \ |
ubhat | 0:6cc76d70e2a1 | 161 | w(0x00), w(0x01), w(0x02), w(0x03), w(0x04), w(0x05), w(0x06), w(0x07),\ |
ubhat | 0:6cc76d70e2a1 | 162 | w(0x08), w(0x09), w(0x0a), w(0x0b), w(0x0c), w(0x0d), w(0x0e), w(0x0f),\ |
ubhat | 0:6cc76d70e2a1 | 163 | w(0x10), w(0x11), w(0x12), w(0x13), w(0x14), w(0x15), w(0x16), w(0x17),\ |
ubhat | 0:6cc76d70e2a1 | 164 | w(0x18), w(0x19), w(0x1a), w(0x1b), w(0x1c), w(0x1d), w(0x1e), w(0x1f),\ |
ubhat | 0:6cc76d70e2a1 | 165 | w(0x20), w(0x21), w(0x22), w(0x23), w(0x24), w(0x25), w(0x26), w(0x27),\ |
ubhat | 0:6cc76d70e2a1 | 166 | w(0x28), w(0x29), w(0x2a), w(0x2b), w(0x2c), w(0x2d), w(0x2e), w(0x2f),\ |
ubhat | 0:6cc76d70e2a1 | 167 | w(0x30), w(0x31), w(0x32), w(0x33), w(0x34), w(0x35), w(0x36), w(0x37),\ |
ubhat | 0:6cc76d70e2a1 | 168 | w(0x38), w(0x39), w(0x3a), w(0x3b), w(0x3c), w(0x3d), w(0x3e), w(0x3f),\ |
ubhat | 0:6cc76d70e2a1 | 169 | w(0x40), w(0x41), w(0x42), w(0x43), w(0x44), w(0x45), w(0x46), w(0x47),\ |
ubhat | 0:6cc76d70e2a1 | 170 | w(0x48), w(0x49), w(0x4a), w(0x4b), w(0x4c), w(0x4d), w(0x4e), w(0x4f),\ |
ubhat | 0:6cc76d70e2a1 | 171 | w(0x50), w(0x51), w(0x52), w(0x53), w(0x54), w(0x55), w(0x56), w(0x57),\ |
ubhat | 0:6cc76d70e2a1 | 172 | w(0x58), w(0x59), w(0x5a), w(0x5b), w(0x5c), w(0x5d), w(0x5e), w(0x5f),\ |
ubhat | 0:6cc76d70e2a1 | 173 | w(0x60), w(0x61), w(0x62), w(0x63), w(0x64), w(0x65), w(0x66), w(0x67),\ |
ubhat | 0:6cc76d70e2a1 | 174 | w(0x68), w(0x69), w(0x6a), w(0x6b), w(0x6c), w(0x6d), w(0x6e), w(0x6f),\ |
ubhat | 0:6cc76d70e2a1 | 175 | w(0x70), w(0x71), w(0x72), w(0x73), w(0x74), w(0x75), w(0x76), w(0x77),\ |
ubhat | 0:6cc76d70e2a1 | 176 | w(0x78), w(0x79), w(0x7a), w(0x7b), w(0x7c), w(0x7d), w(0x7e), w(0x7f),\ |
ubhat | 0:6cc76d70e2a1 | 177 | w(0x80), w(0x81), w(0x82), w(0x83), w(0x84), w(0x85), w(0x86), w(0x87),\ |
ubhat | 0:6cc76d70e2a1 | 178 | w(0x88), w(0x89), w(0x8a), w(0x8b), w(0x8c), w(0x8d), w(0x8e), w(0x8f),\ |
ubhat | 0:6cc76d70e2a1 | 179 | w(0x90), w(0x91), w(0x92), w(0x93), w(0x94), w(0x95), w(0x96), w(0x97),\ |
ubhat | 0:6cc76d70e2a1 | 180 | w(0x98), w(0x99), w(0x9a), w(0x9b), w(0x9c), w(0x9d), w(0x9e), w(0x9f),\ |
ubhat | 0:6cc76d70e2a1 | 181 | w(0xa0), w(0xa1), w(0xa2), w(0xa3), w(0xa4), w(0xa5), w(0xa6), w(0xa7),\ |
ubhat | 0:6cc76d70e2a1 | 182 | w(0xa8), w(0xa9), w(0xaa), w(0xab), w(0xac), w(0xad), w(0xae), w(0xaf),\ |
ubhat | 0:6cc76d70e2a1 | 183 | w(0xb0), w(0xb1), w(0xb2), w(0xb3), w(0xb4), w(0xb5), w(0xb6), w(0xb7),\ |
ubhat | 0:6cc76d70e2a1 | 184 | w(0xb8), w(0xb9), w(0xba), w(0xbb), w(0xbc), w(0xbd), w(0xbe), w(0xbf),\ |
ubhat | 0:6cc76d70e2a1 | 185 | w(0xc0), w(0xc1), w(0xc2), w(0xc3), w(0xc4), w(0xc5), w(0xc6), w(0xc7),\ |
ubhat | 0:6cc76d70e2a1 | 186 | w(0xc8), w(0xc9), w(0xca), w(0xcb), w(0xcc), w(0xcd), w(0xce), w(0xcf),\ |
ubhat | 0:6cc76d70e2a1 | 187 | w(0xd0), w(0xd1), w(0xd2), w(0xd3), w(0xd4), w(0xd5), w(0xd6), w(0xd7),\ |
ubhat | 0:6cc76d70e2a1 | 188 | w(0xd8), w(0xd9), w(0xda), w(0xdb), w(0xdc), w(0xdd), w(0xde), w(0xdf),\ |
ubhat | 0:6cc76d70e2a1 | 189 | w(0xe0), w(0xe1), w(0xe2), w(0xe3), w(0xe4), w(0xe5), w(0xe6), w(0xe7),\ |
ubhat | 0:6cc76d70e2a1 | 190 | w(0xe8), w(0xe9), w(0xea), w(0xeb), w(0xec), w(0xed), w(0xee), w(0xef),\ |
ubhat | 0:6cc76d70e2a1 | 191 | w(0xf0), w(0xf1), w(0xf2), w(0xf3), w(0xf4), w(0xf5), w(0xf6), w(0xf7),\ |
ubhat | 0:6cc76d70e2a1 | 192 | w(0xf8), w(0xf9), w(0xfa), w(0xfb), w(0xfc), w(0xfd), w(0xfe), w(0xff) } |
ubhat | 0:6cc76d70e2a1 | 193 | |
ubhat | 0:6cc76d70e2a1 | 194 | static const uint8_t sbox[256] = sb_data(f1); |
ubhat | 0:6cc76d70e2a1 | 195 | |
ubhat | 0:6cc76d70e2a1 | 196 | #if defined( AES_DEC_PREKEYED ) |
ubhat | 0:6cc76d70e2a1 | 197 | static const uint8_t isbox[256] = isb_data(f1); |
ubhat | 0:6cc76d70e2a1 | 198 | #endif |
ubhat | 0:6cc76d70e2a1 | 199 | |
ubhat | 0:6cc76d70e2a1 | 200 | static const uint8_t gfm2_sbox[256] = sb_data(f2); |
ubhat | 0:6cc76d70e2a1 | 201 | static const uint8_t gfm3_sbox[256] = sb_data(f3); |
ubhat | 0:6cc76d70e2a1 | 202 | |
ubhat | 0:6cc76d70e2a1 | 203 | #if defined( AES_DEC_PREKEYED ) |
ubhat | 0:6cc76d70e2a1 | 204 | static const uint8_t gfmul_9[256] = mm_data(f9); |
ubhat | 0:6cc76d70e2a1 | 205 | static const uint8_t gfmul_b[256] = mm_data(fb); |
ubhat | 0:6cc76d70e2a1 | 206 | static const uint8_t gfmul_d[256] = mm_data(fd); |
ubhat | 0:6cc76d70e2a1 | 207 | static const uint8_t gfmul_e[256] = mm_data(fe); |
ubhat | 0:6cc76d70e2a1 | 208 | #endif |
ubhat | 0:6cc76d70e2a1 | 209 | |
ubhat | 0:6cc76d70e2a1 | 210 | #define s_box(x) sbox[(x)] |
ubhat | 0:6cc76d70e2a1 | 211 | #if defined( AES_DEC_PREKEYED ) |
ubhat | 0:6cc76d70e2a1 | 212 | #define is_box(x) isbox[(x)] |
ubhat | 0:6cc76d70e2a1 | 213 | #endif |
ubhat | 0:6cc76d70e2a1 | 214 | #define gfm2_sb(x) gfm2_sbox[(x)] |
ubhat | 0:6cc76d70e2a1 | 215 | #define gfm3_sb(x) gfm3_sbox[(x)] |
ubhat | 0:6cc76d70e2a1 | 216 | #if defined( AES_DEC_PREKEYED ) |
ubhat | 0:6cc76d70e2a1 | 217 | #define gfm_9(x) gfmul_9[(x)] |
ubhat | 0:6cc76d70e2a1 | 218 | #define gfm_b(x) gfmul_b[(x)] |
ubhat | 0:6cc76d70e2a1 | 219 | #define gfm_d(x) gfmul_d[(x)] |
ubhat | 0:6cc76d70e2a1 | 220 | #define gfm_e(x) gfmul_e[(x)] |
ubhat | 0:6cc76d70e2a1 | 221 | #endif |
ubhat | 0:6cc76d70e2a1 | 222 | #else |
ubhat | 0:6cc76d70e2a1 | 223 | |
ubhat | 0:6cc76d70e2a1 | 224 | /* this is the high bit of x right shifted by 1 */ |
ubhat | 0:6cc76d70e2a1 | 225 | /* position. Since the starting polynomial has */ |
ubhat | 0:6cc76d70e2a1 | 226 | /* 9 bits (0x11b), this right shift keeps the */ |
ubhat | 0:6cc76d70e2a1 | 227 | /* values of all top bits within a byte */ |
ubhat | 0:6cc76d70e2a1 | 228 | |
ubhat | 0:6cc76d70e2a1 | 229 | static uint8_t hibit(const uint8_t x) |
ubhat | 0:6cc76d70e2a1 | 230 | { uint8_t r = (uint8_t)((x >> 1) | (x >> 2)); |
ubhat | 0:6cc76d70e2a1 | 231 | |
ubhat | 0:6cc76d70e2a1 | 232 | r |= (r >> 2); |
ubhat | 0:6cc76d70e2a1 | 233 | r |= (r >> 4); |
ubhat | 0:6cc76d70e2a1 | 234 | return (r + 1) >> 1; |
ubhat | 0:6cc76d70e2a1 | 235 | } |
ubhat | 0:6cc76d70e2a1 | 236 | |
ubhat | 0:6cc76d70e2a1 | 237 | /* return the inverse of the finite field element x */ |
ubhat | 0:6cc76d70e2a1 | 238 | |
ubhat | 0:6cc76d70e2a1 | 239 | static uint8_t gf_inv(const uint8_t x) |
ubhat | 0:6cc76d70e2a1 | 240 | { uint8_t p1 = x, p2 = BPOLY, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0; |
ubhat | 0:6cc76d70e2a1 | 241 | |
ubhat | 0:6cc76d70e2a1 | 242 | if(x < 2) |
ubhat | 0:6cc76d70e2a1 | 243 | return x; |
ubhat | 0:6cc76d70e2a1 | 244 | |
ubhat | 0:6cc76d70e2a1 | 245 | for( ; ; ) |
ubhat | 0:6cc76d70e2a1 | 246 | { |
ubhat | 0:6cc76d70e2a1 | 247 | if(n1) |
ubhat | 0:6cc76d70e2a1 | 248 | while(n2 >= n1) /* divide polynomial p2 by p1 */ |
ubhat | 0:6cc76d70e2a1 | 249 | { |
ubhat | 0:6cc76d70e2a1 | 250 | n2 /= n1; /* shift smaller polynomial left */ |
ubhat | 0:6cc76d70e2a1 | 251 | p2 ^= (p1 * n2) & 0xff; /* and remove from larger one */ |
ubhat | 0:6cc76d70e2a1 | 252 | v2 ^= (v1 * n2); /* shift accumulated value and */ |
ubhat | 0:6cc76d70e2a1 | 253 | n2 = hibit(p2); /* add into result */ |
ubhat | 0:6cc76d70e2a1 | 254 | } |
ubhat | 0:6cc76d70e2a1 | 255 | else |
ubhat | 0:6cc76d70e2a1 | 256 | return v1; |
ubhat | 0:6cc76d70e2a1 | 257 | |
ubhat | 0:6cc76d70e2a1 | 258 | if(n2) /* repeat with values swapped */ |
ubhat | 0:6cc76d70e2a1 | 259 | while(n1 >= n2) |
ubhat | 0:6cc76d70e2a1 | 260 | { |
ubhat | 0:6cc76d70e2a1 | 261 | n1 /= n2; |
ubhat | 0:6cc76d70e2a1 | 262 | p1 ^= p2 * n1; |
ubhat | 0:6cc76d70e2a1 | 263 | v1 ^= v2 * n1; |
ubhat | 0:6cc76d70e2a1 | 264 | n1 = hibit(p1); |
ubhat | 0:6cc76d70e2a1 | 265 | } |
ubhat | 0:6cc76d70e2a1 | 266 | else |
ubhat | 0:6cc76d70e2a1 | 267 | return v2; |
ubhat | 0:6cc76d70e2a1 | 268 | } |
ubhat | 0:6cc76d70e2a1 | 269 | } |
ubhat | 0:6cc76d70e2a1 | 270 | |
ubhat | 0:6cc76d70e2a1 | 271 | /* The forward and inverse affine transformations used in the S-box */ |
ubhat | 0:6cc76d70e2a1 | 272 | uint8_t fwd_affine(const uint8_t x) |
ubhat | 0:6cc76d70e2a1 | 273 | { |
ubhat | 0:6cc76d70e2a1 | 274 | #if defined( HAVE_UINT_32T ) |
ubhat | 0:6cc76d70e2a1 | 275 | uint32_t w = x; |
ubhat | 0:6cc76d70e2a1 | 276 | w ^= (w << 1) ^ (w << 2) ^ (w << 3) ^ (w << 4); |
ubhat | 0:6cc76d70e2a1 | 277 | return 0x63 ^ ((w ^ (w >> 8)) & 0xff); |
ubhat | 0:6cc76d70e2a1 | 278 | #else |
ubhat | 0:6cc76d70e2a1 | 279 | return 0x63 ^ x ^ (x << 1) ^ (x << 2) ^ (x << 3) ^ (x << 4) |
ubhat | 0:6cc76d70e2a1 | 280 | ^ (x >> 7) ^ (x >> 6) ^ (x >> 5) ^ (x >> 4); |
ubhat | 0:6cc76d70e2a1 | 281 | #endif |
ubhat | 0:6cc76d70e2a1 | 282 | } |
ubhat | 0:6cc76d70e2a1 | 283 | |
ubhat | 0:6cc76d70e2a1 | 284 | uint8_t inv_affine(const uint8_t x) |
ubhat | 0:6cc76d70e2a1 | 285 | { |
ubhat | 0:6cc76d70e2a1 | 286 | #if defined( HAVE_UINT_32T ) |
ubhat | 0:6cc76d70e2a1 | 287 | uint32_t w = x; |
ubhat | 0:6cc76d70e2a1 | 288 | w = (w << 1) ^ (w << 3) ^ (w << 6); |
ubhat | 0:6cc76d70e2a1 | 289 | return 0x05 ^ ((w ^ (w >> 8)) & 0xff); |
ubhat | 0:6cc76d70e2a1 | 290 | #else |
ubhat | 0:6cc76d70e2a1 | 291 | return 0x05 ^ (x << 1) ^ (x << 3) ^ (x << 6) |
ubhat | 0:6cc76d70e2a1 | 292 | ^ (x >> 7) ^ (x >> 5) ^ (x >> 2); |
ubhat | 0:6cc76d70e2a1 | 293 | #endif |
ubhat | 0:6cc76d70e2a1 | 294 | } |
ubhat | 0:6cc76d70e2a1 | 295 | |
ubhat | 0:6cc76d70e2a1 | 296 | #define s_box(x) fwd_affine(gf_inv(x)) |
ubhat | 0:6cc76d70e2a1 | 297 | #define is_box(x) gf_inv(inv_affine(x)) |
ubhat | 0:6cc76d70e2a1 | 298 | #define gfm2_sb(x) f2(s_box(x)) |
ubhat | 0:6cc76d70e2a1 | 299 | #define gfm3_sb(x) f3(s_box(x)) |
ubhat | 0:6cc76d70e2a1 | 300 | #define gfm_9(x) f9(x) |
ubhat | 0:6cc76d70e2a1 | 301 | #define gfm_b(x) fb(x) |
ubhat | 0:6cc76d70e2a1 | 302 | #define gfm_d(x) fd(x) |
ubhat | 0:6cc76d70e2a1 | 303 | #define gfm_e(x) fe(x) |
ubhat | 0:6cc76d70e2a1 | 304 | |
ubhat | 0:6cc76d70e2a1 | 305 | #endif |
ubhat | 0:6cc76d70e2a1 | 306 | |
ubhat | 0:6cc76d70e2a1 | 307 | #if defined( HAVE_MEMCPY ) |
ubhat | 0:6cc76d70e2a1 | 308 | # define block_copy_nn(d, s, l) memcpy(d, s, l) |
ubhat | 0:6cc76d70e2a1 | 309 | # define block_copy(d, s) memcpy(d, s, N_BLOCK) |
ubhat | 0:6cc76d70e2a1 | 310 | #else |
ubhat | 0:6cc76d70e2a1 | 311 | # define block_copy_nn(d, s, l) copy_block_nn(d, s, l) |
ubhat | 0:6cc76d70e2a1 | 312 | # define block_copy(d, s) copy_block(d, s) |
ubhat | 0:6cc76d70e2a1 | 313 | #endif |
ubhat | 0:6cc76d70e2a1 | 314 | |
ubhat | 0:6cc76d70e2a1 | 315 | static void copy_block( void *d, const void *s ) |
ubhat | 0:6cc76d70e2a1 | 316 | { |
ubhat | 0:6cc76d70e2a1 | 317 | #if defined( HAVE_UINT_32T ) |
ubhat | 0:6cc76d70e2a1 | 318 | ((uint32_t*)d)[ 0] = ((uint32_t*)s)[ 0]; |
ubhat | 0:6cc76d70e2a1 | 319 | ((uint32_t*)d)[ 1] = ((uint32_t*)s)[ 1]; |
ubhat | 0:6cc76d70e2a1 | 320 | ((uint32_t*)d)[ 2] = ((uint32_t*)s)[ 2]; |
ubhat | 0:6cc76d70e2a1 | 321 | ((uint32_t*)d)[ 3] = ((uint32_t*)s)[ 3]; |
ubhat | 0:6cc76d70e2a1 | 322 | #else |
ubhat | 0:6cc76d70e2a1 | 323 | ((uint8_t*)d)[ 0] = ((uint8_t*)s)[ 0]; |
ubhat | 0:6cc76d70e2a1 | 324 | ((uint8_t*)d)[ 1] = ((uint8_t*)s)[ 1]; |
ubhat | 0:6cc76d70e2a1 | 325 | ((uint8_t*)d)[ 2] = ((uint8_t*)s)[ 2]; |
ubhat | 0:6cc76d70e2a1 | 326 | ((uint8_t*)d)[ 3] = ((uint8_t*)s)[ 3]; |
ubhat | 0:6cc76d70e2a1 | 327 | ((uint8_t*)d)[ 4] = ((uint8_t*)s)[ 4]; |
ubhat | 0:6cc76d70e2a1 | 328 | ((uint8_t*)d)[ 5] = ((uint8_t*)s)[ 5]; |
ubhat | 0:6cc76d70e2a1 | 329 | ((uint8_t*)d)[ 6] = ((uint8_t*)s)[ 6]; |
ubhat | 0:6cc76d70e2a1 | 330 | ((uint8_t*)d)[ 7] = ((uint8_t*)s)[ 7]; |
ubhat | 0:6cc76d70e2a1 | 331 | ((uint8_t*)d)[ 8] = ((uint8_t*)s)[ 8]; |
ubhat | 0:6cc76d70e2a1 | 332 | ((uint8_t*)d)[ 9] = ((uint8_t*)s)[ 9]; |
ubhat | 0:6cc76d70e2a1 | 333 | ((uint8_t*)d)[10] = ((uint8_t*)s)[10]; |
ubhat | 0:6cc76d70e2a1 | 334 | ((uint8_t*)d)[11] = ((uint8_t*)s)[11]; |
ubhat | 0:6cc76d70e2a1 | 335 | ((uint8_t*)d)[12] = ((uint8_t*)s)[12]; |
ubhat | 0:6cc76d70e2a1 | 336 | ((uint8_t*)d)[13] = ((uint8_t*)s)[13]; |
ubhat | 0:6cc76d70e2a1 | 337 | ((uint8_t*)d)[14] = ((uint8_t*)s)[14]; |
ubhat | 0:6cc76d70e2a1 | 338 | ((uint8_t*)d)[15] = ((uint8_t*)s)[15]; |
ubhat | 0:6cc76d70e2a1 | 339 | #endif |
ubhat | 0:6cc76d70e2a1 | 340 | } |
ubhat | 0:6cc76d70e2a1 | 341 | |
ubhat | 0:6cc76d70e2a1 | 342 | static void copy_block_nn( uint8_t * d, const uint8_t *s, uint8_t nn ) |
ubhat | 0:6cc76d70e2a1 | 343 | { |
ubhat | 0:6cc76d70e2a1 | 344 | while( nn-- ) |
ubhat | 0:6cc76d70e2a1 | 345 | //*((uint8_t*)d)++ = *((uint8_t*)s)++; |
ubhat | 0:6cc76d70e2a1 | 346 | *d++ = *s++; |
ubhat | 0:6cc76d70e2a1 | 347 | } |
ubhat | 0:6cc76d70e2a1 | 348 | |
ubhat | 0:6cc76d70e2a1 | 349 | static void xor_block( void *d, const void *s ) |
ubhat | 0:6cc76d70e2a1 | 350 | { |
ubhat | 0:6cc76d70e2a1 | 351 | #if defined( HAVE_UINT_32T ) |
ubhat | 0:6cc76d70e2a1 | 352 | ((uint32_t*)d)[ 0] ^= ((uint32_t*)s)[ 0]; |
ubhat | 0:6cc76d70e2a1 | 353 | ((uint32_t*)d)[ 1] ^= ((uint32_t*)s)[ 1]; |
ubhat | 0:6cc76d70e2a1 | 354 | ((uint32_t*)d)[ 2] ^= ((uint32_t*)s)[ 2]; |
ubhat | 0:6cc76d70e2a1 | 355 | ((uint32_t*)d)[ 3] ^= ((uint32_t*)s)[ 3]; |
ubhat | 0:6cc76d70e2a1 | 356 | #else |
ubhat | 0:6cc76d70e2a1 | 357 | ((uint8_t*)d)[ 0] ^= ((uint8_t*)s)[ 0]; |
ubhat | 0:6cc76d70e2a1 | 358 | ((uint8_t*)d)[ 1] ^= ((uint8_t*)s)[ 1]; |
ubhat | 0:6cc76d70e2a1 | 359 | ((uint8_t*)d)[ 2] ^= ((uint8_t*)s)[ 2]; |
ubhat | 0:6cc76d70e2a1 | 360 | ((uint8_t*)d)[ 3] ^= ((uint8_t*)s)[ 3]; |
ubhat | 0:6cc76d70e2a1 | 361 | ((uint8_t*)d)[ 4] ^= ((uint8_t*)s)[ 4]; |
ubhat | 0:6cc76d70e2a1 | 362 | ((uint8_t*)d)[ 5] ^= ((uint8_t*)s)[ 5]; |
ubhat | 0:6cc76d70e2a1 | 363 | ((uint8_t*)d)[ 6] ^= ((uint8_t*)s)[ 6]; |
ubhat | 0:6cc76d70e2a1 | 364 | ((uint8_t*)d)[ 7] ^= ((uint8_t*)s)[ 7]; |
ubhat | 0:6cc76d70e2a1 | 365 | ((uint8_t*)d)[ 8] ^= ((uint8_t*)s)[ 8]; |
ubhat | 0:6cc76d70e2a1 | 366 | ((uint8_t*)d)[ 9] ^= ((uint8_t*)s)[ 9]; |
ubhat | 0:6cc76d70e2a1 | 367 | ((uint8_t*)d)[10] ^= ((uint8_t*)s)[10]; |
ubhat | 0:6cc76d70e2a1 | 368 | ((uint8_t*)d)[11] ^= ((uint8_t*)s)[11]; |
ubhat | 0:6cc76d70e2a1 | 369 | ((uint8_t*)d)[12] ^= ((uint8_t*)s)[12]; |
ubhat | 0:6cc76d70e2a1 | 370 | ((uint8_t*)d)[13] ^= ((uint8_t*)s)[13]; |
ubhat | 0:6cc76d70e2a1 | 371 | ((uint8_t*)d)[14] ^= ((uint8_t*)s)[14]; |
ubhat | 0:6cc76d70e2a1 | 372 | ((uint8_t*)d)[15] ^= ((uint8_t*)s)[15]; |
ubhat | 0:6cc76d70e2a1 | 373 | #endif |
ubhat | 0:6cc76d70e2a1 | 374 | } |
ubhat | 0:6cc76d70e2a1 | 375 | |
ubhat | 0:6cc76d70e2a1 | 376 | static void copy_and_key( void *d, const void *s, const void *k ) |
ubhat | 0:6cc76d70e2a1 | 377 | { |
ubhat | 0:6cc76d70e2a1 | 378 | #if defined( HAVE_UINT_32T ) |
ubhat | 0:6cc76d70e2a1 | 379 | ((uint32_t*)d)[ 0] = ((uint32_t*)s)[ 0] ^ ((uint32_t*)k)[ 0]; |
ubhat | 0:6cc76d70e2a1 | 380 | ((uint32_t*)d)[ 1] = ((uint32_t*)s)[ 1] ^ ((uint32_t*)k)[ 1]; |
ubhat | 0:6cc76d70e2a1 | 381 | ((uint32_t*)d)[ 2] = ((uint32_t*)s)[ 2] ^ ((uint32_t*)k)[ 2]; |
ubhat | 0:6cc76d70e2a1 | 382 | ((uint32_t*)d)[ 3] = ((uint32_t*)s)[ 3] ^ ((uint32_t*)k)[ 3]; |
ubhat | 0:6cc76d70e2a1 | 383 | #elif 1 |
ubhat | 0:6cc76d70e2a1 | 384 | ((uint8_t*)d)[ 0] = ((uint8_t*)s)[ 0] ^ ((uint8_t*)k)[ 0]; |
ubhat | 0:6cc76d70e2a1 | 385 | ((uint8_t*)d)[ 1] = ((uint8_t*)s)[ 1] ^ ((uint8_t*)k)[ 1]; |
ubhat | 0:6cc76d70e2a1 | 386 | ((uint8_t*)d)[ 2] = ((uint8_t*)s)[ 2] ^ ((uint8_t*)k)[ 2]; |
ubhat | 0:6cc76d70e2a1 | 387 | ((uint8_t*)d)[ 3] = ((uint8_t*)s)[ 3] ^ ((uint8_t*)k)[ 3]; |
ubhat | 0:6cc76d70e2a1 | 388 | ((uint8_t*)d)[ 4] = ((uint8_t*)s)[ 4] ^ ((uint8_t*)k)[ 4]; |
ubhat | 0:6cc76d70e2a1 | 389 | ((uint8_t*)d)[ 5] = ((uint8_t*)s)[ 5] ^ ((uint8_t*)k)[ 5]; |
ubhat | 0:6cc76d70e2a1 | 390 | ((uint8_t*)d)[ 6] = ((uint8_t*)s)[ 6] ^ ((uint8_t*)k)[ 6]; |
ubhat | 0:6cc76d70e2a1 | 391 | ((uint8_t*)d)[ 7] = ((uint8_t*)s)[ 7] ^ ((uint8_t*)k)[ 7]; |
ubhat | 0:6cc76d70e2a1 | 392 | ((uint8_t*)d)[ 8] = ((uint8_t*)s)[ 8] ^ ((uint8_t*)k)[ 8]; |
ubhat | 0:6cc76d70e2a1 | 393 | ((uint8_t*)d)[ 9] = ((uint8_t*)s)[ 9] ^ ((uint8_t*)k)[ 9]; |
ubhat | 0:6cc76d70e2a1 | 394 | ((uint8_t*)d)[10] = ((uint8_t*)s)[10] ^ ((uint8_t*)k)[10]; |
ubhat | 0:6cc76d70e2a1 | 395 | ((uint8_t*)d)[11] = ((uint8_t*)s)[11] ^ ((uint8_t*)k)[11]; |
ubhat | 0:6cc76d70e2a1 | 396 | ((uint8_t*)d)[12] = ((uint8_t*)s)[12] ^ ((uint8_t*)k)[12]; |
ubhat | 0:6cc76d70e2a1 | 397 | ((uint8_t*)d)[13] = ((uint8_t*)s)[13] ^ ((uint8_t*)k)[13]; |
ubhat | 0:6cc76d70e2a1 | 398 | ((uint8_t*)d)[14] = ((uint8_t*)s)[14] ^ ((uint8_t*)k)[14]; |
ubhat | 0:6cc76d70e2a1 | 399 | ((uint8_t*)d)[15] = ((uint8_t*)s)[15] ^ ((uint8_t*)k)[15]; |
ubhat | 0:6cc76d70e2a1 | 400 | #else |
ubhat | 0:6cc76d70e2a1 | 401 | block_copy(d, s); |
ubhat | 0:6cc76d70e2a1 | 402 | xor_block(d, k); |
ubhat | 0:6cc76d70e2a1 | 403 | #endif |
ubhat | 0:6cc76d70e2a1 | 404 | } |
ubhat | 0:6cc76d70e2a1 | 405 | |
ubhat | 0:6cc76d70e2a1 | 406 | static void add_round_key( uint8_t d[N_BLOCK], const uint8_t k[N_BLOCK] ) |
ubhat | 0:6cc76d70e2a1 | 407 | { |
ubhat | 0:6cc76d70e2a1 | 408 | xor_block(d, k); |
ubhat | 0:6cc76d70e2a1 | 409 | } |
ubhat | 0:6cc76d70e2a1 | 410 | |
ubhat | 0:6cc76d70e2a1 | 411 | static void shift_sub_rows( uint8_t st[N_BLOCK] ) |
ubhat | 0:6cc76d70e2a1 | 412 | { uint8_t tt; |
ubhat | 0:6cc76d70e2a1 | 413 | |
ubhat | 0:6cc76d70e2a1 | 414 | st[ 0] = s_box(st[ 0]); st[ 4] = s_box(st[ 4]); |
ubhat | 0:6cc76d70e2a1 | 415 | st[ 8] = s_box(st[ 8]); st[12] = s_box(st[12]); |
ubhat | 0:6cc76d70e2a1 | 416 | |
ubhat | 0:6cc76d70e2a1 | 417 | tt = st[1]; st[ 1] = s_box(st[ 5]); st[ 5] = s_box(st[ 9]); |
ubhat | 0:6cc76d70e2a1 | 418 | st[ 9] = s_box(st[13]); st[13] = s_box( tt ); |
ubhat | 0:6cc76d70e2a1 | 419 | |
ubhat | 0:6cc76d70e2a1 | 420 | tt = st[2]; st[ 2] = s_box(st[10]); st[10] = s_box( tt ); |
ubhat | 0:6cc76d70e2a1 | 421 | tt = st[6]; st[ 6] = s_box(st[14]); st[14] = s_box( tt ); |
ubhat | 0:6cc76d70e2a1 | 422 | |
ubhat | 0:6cc76d70e2a1 | 423 | tt = st[15]; st[15] = s_box(st[11]); st[11] = s_box(st[ 7]); |
ubhat | 0:6cc76d70e2a1 | 424 | st[ 7] = s_box(st[ 3]); st[ 3] = s_box( tt ); |
ubhat | 0:6cc76d70e2a1 | 425 | } |
ubhat | 0:6cc76d70e2a1 | 426 | |
ubhat | 0:6cc76d70e2a1 | 427 | #if defined( AES_DEC_PREKEYED ) |
ubhat | 0:6cc76d70e2a1 | 428 | |
ubhat | 0:6cc76d70e2a1 | 429 | static void inv_shift_sub_rows( uint8_t st[N_BLOCK] ) |
ubhat | 0:6cc76d70e2a1 | 430 | { uint8_t tt; |
ubhat | 0:6cc76d70e2a1 | 431 | |
ubhat | 0:6cc76d70e2a1 | 432 | st[ 0] = is_box(st[ 0]); st[ 4] = is_box(st[ 4]); |
ubhat | 0:6cc76d70e2a1 | 433 | st[ 8] = is_box(st[ 8]); st[12] = is_box(st[12]); |
ubhat | 0:6cc76d70e2a1 | 434 | |
ubhat | 0:6cc76d70e2a1 | 435 | tt = st[13]; st[13] = is_box(st[9]); st[ 9] = is_box(st[5]); |
ubhat | 0:6cc76d70e2a1 | 436 | st[ 5] = is_box(st[1]); st[ 1] = is_box( tt ); |
ubhat | 0:6cc76d70e2a1 | 437 | |
ubhat | 0:6cc76d70e2a1 | 438 | tt = st[2]; st[ 2] = is_box(st[10]); st[10] = is_box( tt ); |
ubhat | 0:6cc76d70e2a1 | 439 | tt = st[6]; st[ 6] = is_box(st[14]); st[14] = is_box( tt ); |
ubhat | 0:6cc76d70e2a1 | 440 | |
ubhat | 0:6cc76d70e2a1 | 441 | tt = st[3]; st[ 3] = is_box(st[ 7]); st[ 7] = is_box(st[11]); |
ubhat | 0:6cc76d70e2a1 | 442 | st[11] = is_box(st[15]); st[15] = is_box( tt ); |
ubhat | 0:6cc76d70e2a1 | 443 | } |
ubhat | 0:6cc76d70e2a1 | 444 | |
ubhat | 0:6cc76d70e2a1 | 445 | #endif |
ubhat | 0:6cc76d70e2a1 | 446 | |
ubhat | 0:6cc76d70e2a1 | 447 | #if defined( VERSION_1 ) |
ubhat | 0:6cc76d70e2a1 | 448 | static void mix_sub_columns( uint8_t dt[N_BLOCK] ) |
ubhat | 0:6cc76d70e2a1 | 449 | { uint8_t st[N_BLOCK]; |
ubhat | 0:6cc76d70e2a1 | 450 | block_copy(st, dt); |
ubhat | 0:6cc76d70e2a1 | 451 | #else |
ubhat | 0:6cc76d70e2a1 | 452 | static void mix_sub_columns( uint8_t dt[N_BLOCK], uint8_t st[N_BLOCK] ) |
ubhat | 0:6cc76d70e2a1 | 453 | { |
ubhat | 0:6cc76d70e2a1 | 454 | #endif |
ubhat | 0:6cc76d70e2a1 | 455 | dt[ 0] = gfm2_sb(st[0]) ^ gfm3_sb(st[5]) ^ s_box(st[10]) ^ s_box(st[15]); |
ubhat | 0:6cc76d70e2a1 | 456 | dt[ 1] = s_box(st[0]) ^ gfm2_sb(st[5]) ^ gfm3_sb(st[10]) ^ s_box(st[15]); |
ubhat | 0:6cc76d70e2a1 | 457 | dt[ 2] = s_box(st[0]) ^ s_box(st[5]) ^ gfm2_sb(st[10]) ^ gfm3_sb(st[15]); |
ubhat | 0:6cc76d70e2a1 | 458 | dt[ 3] = gfm3_sb(st[0]) ^ s_box(st[5]) ^ s_box(st[10]) ^ gfm2_sb(st[15]); |
ubhat | 0:6cc76d70e2a1 | 459 | |
ubhat | 0:6cc76d70e2a1 | 460 | dt[ 4] = gfm2_sb(st[4]) ^ gfm3_sb(st[9]) ^ s_box(st[14]) ^ s_box(st[3]); |
ubhat | 0:6cc76d70e2a1 | 461 | dt[ 5] = s_box(st[4]) ^ gfm2_sb(st[9]) ^ gfm3_sb(st[14]) ^ s_box(st[3]); |
ubhat | 0:6cc76d70e2a1 | 462 | dt[ 6] = s_box(st[4]) ^ s_box(st[9]) ^ gfm2_sb(st[14]) ^ gfm3_sb(st[3]); |
ubhat | 0:6cc76d70e2a1 | 463 | dt[ 7] = gfm3_sb(st[4]) ^ s_box(st[9]) ^ s_box(st[14]) ^ gfm2_sb(st[3]); |
ubhat | 0:6cc76d70e2a1 | 464 | |
ubhat | 0:6cc76d70e2a1 | 465 | dt[ 8] = gfm2_sb(st[8]) ^ gfm3_sb(st[13]) ^ s_box(st[2]) ^ s_box(st[7]); |
ubhat | 0:6cc76d70e2a1 | 466 | dt[ 9] = s_box(st[8]) ^ gfm2_sb(st[13]) ^ gfm3_sb(st[2]) ^ s_box(st[7]); |
ubhat | 0:6cc76d70e2a1 | 467 | dt[10] = s_box(st[8]) ^ s_box(st[13]) ^ gfm2_sb(st[2]) ^ gfm3_sb(st[7]); |
ubhat | 0:6cc76d70e2a1 | 468 | dt[11] = gfm3_sb(st[8]) ^ s_box(st[13]) ^ s_box(st[2]) ^ gfm2_sb(st[7]); |
ubhat | 0:6cc76d70e2a1 | 469 | |
ubhat | 0:6cc76d70e2a1 | 470 | dt[12] = gfm2_sb(st[12]) ^ gfm3_sb(st[1]) ^ s_box(st[6]) ^ s_box(st[11]); |
ubhat | 0:6cc76d70e2a1 | 471 | dt[13] = s_box(st[12]) ^ gfm2_sb(st[1]) ^ gfm3_sb(st[6]) ^ s_box(st[11]); |
ubhat | 0:6cc76d70e2a1 | 472 | dt[14] = s_box(st[12]) ^ s_box(st[1]) ^ gfm2_sb(st[6]) ^ gfm3_sb(st[11]); |
ubhat | 0:6cc76d70e2a1 | 473 | dt[15] = gfm3_sb(st[12]) ^ s_box(st[1]) ^ s_box(st[6]) ^ gfm2_sb(st[11]); |
ubhat | 0:6cc76d70e2a1 | 474 | } |
ubhat | 0:6cc76d70e2a1 | 475 | |
ubhat | 0:6cc76d70e2a1 | 476 | #if defined( AES_DEC_PREKEYED ) |
ubhat | 0:6cc76d70e2a1 | 477 | |
ubhat | 0:6cc76d70e2a1 | 478 | #if defined( VERSION_1 ) |
ubhat | 0:6cc76d70e2a1 | 479 | static void inv_mix_sub_columns( uint8_t dt[N_BLOCK] ) |
ubhat | 0:6cc76d70e2a1 | 480 | { uint8_t st[N_BLOCK]; |
ubhat | 0:6cc76d70e2a1 | 481 | block_copy(st, dt); |
ubhat | 0:6cc76d70e2a1 | 482 | #else |
ubhat | 0:6cc76d70e2a1 | 483 | static void inv_mix_sub_columns( uint8_t dt[N_BLOCK], uint8_t st[N_BLOCK] ) |
ubhat | 0:6cc76d70e2a1 | 484 | { |
ubhat | 0:6cc76d70e2a1 | 485 | #endif |
ubhat | 0:6cc76d70e2a1 | 486 | dt[ 0] = is_box(gfm_e(st[ 0]) ^ gfm_b(st[ 1]) ^ gfm_d(st[ 2]) ^ gfm_9(st[ 3])); |
ubhat | 0:6cc76d70e2a1 | 487 | dt[ 5] = is_box(gfm_9(st[ 0]) ^ gfm_e(st[ 1]) ^ gfm_b(st[ 2]) ^ gfm_d(st[ 3])); |
ubhat | 0:6cc76d70e2a1 | 488 | dt[10] = is_box(gfm_d(st[ 0]) ^ gfm_9(st[ 1]) ^ gfm_e(st[ 2]) ^ gfm_b(st[ 3])); |
ubhat | 0:6cc76d70e2a1 | 489 | dt[15] = is_box(gfm_b(st[ 0]) ^ gfm_d(st[ 1]) ^ gfm_9(st[ 2]) ^ gfm_e(st[ 3])); |
ubhat | 0:6cc76d70e2a1 | 490 | |
ubhat | 0:6cc76d70e2a1 | 491 | dt[ 4] = is_box(gfm_e(st[ 4]) ^ gfm_b(st[ 5]) ^ gfm_d(st[ 6]) ^ gfm_9(st[ 7])); |
ubhat | 0:6cc76d70e2a1 | 492 | dt[ 9] = is_box(gfm_9(st[ 4]) ^ gfm_e(st[ 5]) ^ gfm_b(st[ 6]) ^ gfm_d(st[ 7])); |
ubhat | 0:6cc76d70e2a1 | 493 | dt[14] = is_box(gfm_d(st[ 4]) ^ gfm_9(st[ 5]) ^ gfm_e(st[ 6]) ^ gfm_b(st[ 7])); |
ubhat | 0:6cc76d70e2a1 | 494 | dt[ 3] = is_box(gfm_b(st[ 4]) ^ gfm_d(st[ 5]) ^ gfm_9(st[ 6]) ^ gfm_e(st[ 7])); |
ubhat | 0:6cc76d70e2a1 | 495 | |
ubhat | 0:6cc76d70e2a1 | 496 | dt[ 8] = is_box(gfm_e(st[ 8]) ^ gfm_b(st[ 9]) ^ gfm_d(st[10]) ^ gfm_9(st[11])); |
ubhat | 0:6cc76d70e2a1 | 497 | dt[13] = is_box(gfm_9(st[ 8]) ^ gfm_e(st[ 9]) ^ gfm_b(st[10]) ^ gfm_d(st[11])); |
ubhat | 0:6cc76d70e2a1 | 498 | dt[ 2] = is_box(gfm_d(st[ 8]) ^ gfm_9(st[ 9]) ^ gfm_e(st[10]) ^ gfm_b(st[11])); |
ubhat | 0:6cc76d70e2a1 | 499 | dt[ 7] = is_box(gfm_b(st[ 8]) ^ gfm_d(st[ 9]) ^ gfm_9(st[10]) ^ gfm_e(st[11])); |
ubhat | 0:6cc76d70e2a1 | 500 | |
ubhat | 0:6cc76d70e2a1 | 501 | dt[12] = is_box(gfm_e(st[12]) ^ gfm_b(st[13]) ^ gfm_d(st[14]) ^ gfm_9(st[15])); |
ubhat | 0:6cc76d70e2a1 | 502 | dt[ 1] = is_box(gfm_9(st[12]) ^ gfm_e(st[13]) ^ gfm_b(st[14]) ^ gfm_d(st[15])); |
ubhat | 0:6cc76d70e2a1 | 503 | dt[ 6] = is_box(gfm_d(st[12]) ^ gfm_9(st[13]) ^ gfm_e(st[14]) ^ gfm_b(st[15])); |
ubhat | 0:6cc76d70e2a1 | 504 | dt[11] = is_box(gfm_b(st[12]) ^ gfm_d(st[13]) ^ gfm_9(st[14]) ^ gfm_e(st[15])); |
ubhat | 0:6cc76d70e2a1 | 505 | } |
ubhat | 0:6cc76d70e2a1 | 506 | |
ubhat | 0:6cc76d70e2a1 | 507 | #endif |
ubhat | 0:6cc76d70e2a1 | 508 | |
ubhat | 0:6cc76d70e2a1 | 509 | #if defined( AES_ENC_PREKEYED ) || defined( AES_DEC_PREKEYED ) |
ubhat | 0:6cc76d70e2a1 | 510 | |
ubhat | 0:6cc76d70e2a1 | 511 | /* Set the cipher key for the pre-keyed version */ |
ubhat | 0:6cc76d70e2a1 | 512 | |
ubhat | 0:6cc76d70e2a1 | 513 | return_type aes_set_key( const uint8_t key[], length_type keylen, aes_context ctx[1] ) |
ubhat | 0:6cc76d70e2a1 | 514 | { |
ubhat | 0:6cc76d70e2a1 | 515 | uint8_t cc, rc, hi; |
ubhat | 0:6cc76d70e2a1 | 516 | |
ubhat | 0:6cc76d70e2a1 | 517 | switch( keylen ) |
ubhat | 0:6cc76d70e2a1 | 518 | { |
ubhat | 0:6cc76d70e2a1 | 519 | case 16: |
ubhat | 0:6cc76d70e2a1 | 520 | case 24: |
ubhat | 0:6cc76d70e2a1 | 521 | case 32: |
ubhat | 0:6cc76d70e2a1 | 522 | break; |
ubhat | 0:6cc76d70e2a1 | 523 | default: |
ubhat | 0:6cc76d70e2a1 | 524 | ctx->rnd = 0; |
ubhat | 0:6cc76d70e2a1 | 525 | return ( uint8_t )-1; |
ubhat | 0:6cc76d70e2a1 | 526 | } |
ubhat | 0:6cc76d70e2a1 | 527 | block_copy_nn(ctx->ksch, key, keylen); |
ubhat | 0:6cc76d70e2a1 | 528 | hi = (keylen + 28) << 2; |
ubhat | 0:6cc76d70e2a1 | 529 | ctx->rnd = (hi >> 4) - 1; |
ubhat | 0:6cc76d70e2a1 | 530 | for( cc = keylen, rc = 1; cc < hi; cc += 4 ) |
ubhat | 0:6cc76d70e2a1 | 531 | { uint8_t tt, t0, t1, t2, t3; |
ubhat | 0:6cc76d70e2a1 | 532 | |
ubhat | 0:6cc76d70e2a1 | 533 | t0 = ctx->ksch[cc - 4]; |
ubhat | 0:6cc76d70e2a1 | 534 | t1 = ctx->ksch[cc - 3]; |
ubhat | 0:6cc76d70e2a1 | 535 | t2 = ctx->ksch[cc - 2]; |
ubhat | 0:6cc76d70e2a1 | 536 | t3 = ctx->ksch[cc - 1]; |
ubhat | 0:6cc76d70e2a1 | 537 | if( cc % keylen == 0 ) |
ubhat | 0:6cc76d70e2a1 | 538 | { |
ubhat | 0:6cc76d70e2a1 | 539 | tt = t0; |
ubhat | 0:6cc76d70e2a1 | 540 | t0 = s_box(t1) ^ rc; |
ubhat | 0:6cc76d70e2a1 | 541 | t1 = s_box(t2); |
ubhat | 0:6cc76d70e2a1 | 542 | t2 = s_box(t3); |
ubhat | 0:6cc76d70e2a1 | 543 | t3 = s_box(tt); |
ubhat | 0:6cc76d70e2a1 | 544 | rc = f2(rc); |
ubhat | 0:6cc76d70e2a1 | 545 | } |
ubhat | 0:6cc76d70e2a1 | 546 | else if( keylen > 24 && cc % keylen == 16 ) |
ubhat | 0:6cc76d70e2a1 | 547 | { |
ubhat | 0:6cc76d70e2a1 | 548 | t0 = s_box(t0); |
ubhat | 0:6cc76d70e2a1 | 549 | t1 = s_box(t1); |
ubhat | 0:6cc76d70e2a1 | 550 | t2 = s_box(t2); |
ubhat | 0:6cc76d70e2a1 | 551 | t3 = s_box(t3); |
ubhat | 0:6cc76d70e2a1 | 552 | } |
ubhat | 0:6cc76d70e2a1 | 553 | tt = cc - keylen; |
ubhat | 0:6cc76d70e2a1 | 554 | ctx->ksch[cc + 0] = ctx->ksch[tt + 0] ^ t0; |
ubhat | 0:6cc76d70e2a1 | 555 | ctx->ksch[cc + 1] = ctx->ksch[tt + 1] ^ t1; |
ubhat | 0:6cc76d70e2a1 | 556 | ctx->ksch[cc + 2] = ctx->ksch[tt + 2] ^ t2; |
ubhat | 0:6cc76d70e2a1 | 557 | ctx->ksch[cc + 3] = ctx->ksch[tt + 3] ^ t3; |
ubhat | 0:6cc76d70e2a1 | 558 | } |
ubhat | 0:6cc76d70e2a1 | 559 | return 0; |
ubhat | 0:6cc76d70e2a1 | 560 | } |
ubhat | 0:6cc76d70e2a1 | 561 | |
ubhat | 0:6cc76d70e2a1 | 562 | #endif |
ubhat | 0:6cc76d70e2a1 | 563 | |
ubhat | 0:6cc76d70e2a1 | 564 | #if defined( AES_ENC_PREKEYED ) |
ubhat | 0:6cc76d70e2a1 | 565 | |
ubhat | 0:6cc76d70e2a1 | 566 | /* Encrypt a single block of 16 bytes */ |
ubhat | 0:6cc76d70e2a1 | 567 | |
ubhat | 0:6cc76d70e2a1 | 568 | return_type aes_encrypt( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK], const aes_context ctx[1] ) |
ubhat | 0:6cc76d70e2a1 | 569 | { |
ubhat | 0:6cc76d70e2a1 | 570 | if( ctx->rnd ) |
ubhat | 0:6cc76d70e2a1 | 571 | { |
ubhat | 0:6cc76d70e2a1 | 572 | uint8_t s1[N_BLOCK], r; |
ubhat | 0:6cc76d70e2a1 | 573 | copy_and_key( s1, in, ctx->ksch ); |
ubhat | 0:6cc76d70e2a1 | 574 | |
ubhat | 0:6cc76d70e2a1 | 575 | for( r = 1 ; r < ctx->rnd ; ++r ) |
ubhat | 0:6cc76d70e2a1 | 576 | #if defined( VERSION_1 ) |
ubhat | 0:6cc76d70e2a1 | 577 | { |
ubhat | 0:6cc76d70e2a1 | 578 | mix_sub_columns( s1 ); |
ubhat | 0:6cc76d70e2a1 | 579 | add_round_key( s1, ctx->ksch + r * N_BLOCK); |
ubhat | 0:6cc76d70e2a1 | 580 | } |
ubhat | 0:6cc76d70e2a1 | 581 | #else |
ubhat | 0:6cc76d70e2a1 | 582 | { uint8_t s2[N_BLOCK]; |
ubhat | 0:6cc76d70e2a1 | 583 | mix_sub_columns( s2, s1 ); |
ubhat | 0:6cc76d70e2a1 | 584 | copy_and_key( s1, s2, ctx->ksch + r * N_BLOCK); |
ubhat | 0:6cc76d70e2a1 | 585 | } |
ubhat | 0:6cc76d70e2a1 | 586 | #endif |
ubhat | 0:6cc76d70e2a1 | 587 | shift_sub_rows( s1 ); |
ubhat | 0:6cc76d70e2a1 | 588 | copy_and_key( out, s1, ctx->ksch + r * N_BLOCK ); |
ubhat | 0:6cc76d70e2a1 | 589 | } |
ubhat | 0:6cc76d70e2a1 | 590 | else |
ubhat | 0:6cc76d70e2a1 | 591 | return ( uint8_t )-1; |
ubhat | 0:6cc76d70e2a1 | 592 | return 0; |
ubhat | 0:6cc76d70e2a1 | 593 | } |
ubhat | 0:6cc76d70e2a1 | 594 | |
ubhat | 0:6cc76d70e2a1 | 595 | /* CBC encrypt a number of blocks (input and return an IV) */ |
ubhat | 0:6cc76d70e2a1 | 596 | |
ubhat | 0:6cc76d70e2a1 | 597 | return_type aes_cbc_encrypt( const uint8_t *in, uint8_t *out, |
ubhat | 0:6cc76d70e2a1 | 598 | int32_t n_block, uint8_t iv[N_BLOCK], const aes_context ctx[1] ) |
ubhat | 0:6cc76d70e2a1 | 599 | { |
ubhat | 0:6cc76d70e2a1 | 600 | |
ubhat | 0:6cc76d70e2a1 | 601 | while(n_block--) |
ubhat | 0:6cc76d70e2a1 | 602 | { |
ubhat | 0:6cc76d70e2a1 | 603 | xor_block(iv, in); |
ubhat | 0:6cc76d70e2a1 | 604 | if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS) |
ubhat | 0:6cc76d70e2a1 | 605 | return EXIT_FAILURE; |
ubhat | 0:6cc76d70e2a1 | 606 | //memcpy(out, iv, N_BLOCK); |
ubhat | 0:6cc76d70e2a1 | 607 | block_copy(out, iv); |
ubhat | 0:6cc76d70e2a1 | 608 | in += N_BLOCK; |
ubhat | 0:6cc76d70e2a1 | 609 | out += N_BLOCK; |
ubhat | 0:6cc76d70e2a1 | 610 | } |
ubhat | 0:6cc76d70e2a1 | 611 | return EXIT_SUCCESS; |
ubhat | 0:6cc76d70e2a1 | 612 | } |
ubhat | 0:6cc76d70e2a1 | 613 | |
ubhat | 0:6cc76d70e2a1 | 614 | #endif |
ubhat | 0:6cc76d70e2a1 | 615 | |
ubhat | 0:6cc76d70e2a1 | 616 | #if defined( AES_DEC_PREKEYED ) |
ubhat | 0:6cc76d70e2a1 | 617 | |
ubhat | 0:6cc76d70e2a1 | 618 | /* Decrypt a single block of 16 bytes */ |
ubhat | 0:6cc76d70e2a1 | 619 | |
ubhat | 0:6cc76d70e2a1 | 620 | return_type aes_decrypt( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK], const aes_context ctx[1] ) |
ubhat | 0:6cc76d70e2a1 | 621 | { |
ubhat | 0:6cc76d70e2a1 | 622 | if( ctx->rnd ) |
ubhat | 0:6cc76d70e2a1 | 623 | { |
ubhat | 0:6cc76d70e2a1 | 624 | uint8_t s1[N_BLOCK], r; |
ubhat | 0:6cc76d70e2a1 | 625 | copy_and_key( s1, in, ctx->ksch + ctx->rnd * N_BLOCK ); |
ubhat | 0:6cc76d70e2a1 | 626 | inv_shift_sub_rows( s1 ); |
ubhat | 0:6cc76d70e2a1 | 627 | |
ubhat | 0:6cc76d70e2a1 | 628 | for( r = ctx->rnd ; --r ; ) |
ubhat | 0:6cc76d70e2a1 | 629 | #if defined( VERSION_1 ) |
ubhat | 0:6cc76d70e2a1 | 630 | { |
ubhat | 0:6cc76d70e2a1 | 631 | add_round_key( s1, ctx->ksch + r * N_BLOCK ); |
ubhat | 0:6cc76d70e2a1 | 632 | inv_mix_sub_columns( s1 ); |
ubhat | 0:6cc76d70e2a1 | 633 | } |
ubhat | 0:6cc76d70e2a1 | 634 | #else |
ubhat | 0:6cc76d70e2a1 | 635 | { uint8_t s2[N_BLOCK]; |
ubhat | 0:6cc76d70e2a1 | 636 | copy_and_key( s2, s1, ctx->ksch + r * N_BLOCK ); |
ubhat | 0:6cc76d70e2a1 | 637 | inv_mix_sub_columns( s1, s2 ); |
ubhat | 0:6cc76d70e2a1 | 638 | } |
ubhat | 0:6cc76d70e2a1 | 639 | #endif |
ubhat | 0:6cc76d70e2a1 | 640 | copy_and_key( out, s1, ctx->ksch ); |
ubhat | 0:6cc76d70e2a1 | 641 | } |
ubhat | 0:6cc76d70e2a1 | 642 | else |
ubhat | 0:6cc76d70e2a1 | 643 | return -1; |
ubhat | 0:6cc76d70e2a1 | 644 | return 0; |
ubhat | 0:6cc76d70e2a1 | 645 | } |
ubhat | 0:6cc76d70e2a1 | 646 | |
ubhat | 0:6cc76d70e2a1 | 647 | /* CBC decrypt a number of blocks (input and return an IV) */ |
ubhat | 0:6cc76d70e2a1 | 648 | |
ubhat | 0:6cc76d70e2a1 | 649 | return_type aes_cbc_decrypt( const uint8_t *in, uint8_t *out, |
ubhat | 0:6cc76d70e2a1 | 650 | int32_t n_block, uint8_t iv[N_BLOCK], const aes_context ctx[1] ) |
ubhat | 0:6cc76d70e2a1 | 651 | { |
ubhat | 0:6cc76d70e2a1 | 652 | while(n_block--) |
ubhat | 0:6cc76d70e2a1 | 653 | { uint8_t tmp[N_BLOCK]; |
ubhat | 0:6cc76d70e2a1 | 654 | |
ubhat | 0:6cc76d70e2a1 | 655 | //memcpy(tmp, in, N_BLOCK); |
ubhat | 0:6cc76d70e2a1 | 656 | block_copy(tmp, in); |
ubhat | 0:6cc76d70e2a1 | 657 | if(aes_decrypt(in, out, ctx) != EXIT_SUCCESS) |
ubhat | 0:6cc76d70e2a1 | 658 | return EXIT_FAILURE; |
ubhat | 0:6cc76d70e2a1 | 659 | xor_block(out, iv); |
ubhat | 0:6cc76d70e2a1 | 660 | //memcpy(iv, tmp, N_BLOCK); |
ubhat | 0:6cc76d70e2a1 | 661 | block_copy(iv, tmp); |
ubhat | 0:6cc76d70e2a1 | 662 | in += N_BLOCK; |
ubhat | 0:6cc76d70e2a1 | 663 | out += N_BLOCK; |
ubhat | 0:6cc76d70e2a1 | 664 | } |
ubhat | 0:6cc76d70e2a1 | 665 | return EXIT_SUCCESS; |
ubhat | 0:6cc76d70e2a1 | 666 | } |
ubhat | 0:6cc76d70e2a1 | 667 | |
ubhat | 0:6cc76d70e2a1 | 668 | #endif |
ubhat | 0:6cc76d70e2a1 | 669 | |
ubhat | 0:6cc76d70e2a1 | 670 | #if defined( AES_ENC_128_OTFK ) |
ubhat | 0:6cc76d70e2a1 | 671 | |
ubhat | 0:6cc76d70e2a1 | 672 | /* The 'on the fly' encryption key update for for 128 bit keys */ |
ubhat | 0:6cc76d70e2a1 | 673 | |
ubhat | 0:6cc76d70e2a1 | 674 | static void update_encrypt_key_128( uint8_t k[N_BLOCK], uint8_t *rc ) |
ubhat | 0:6cc76d70e2a1 | 675 | { uint8_t cc; |
ubhat | 0:6cc76d70e2a1 | 676 | |
ubhat | 0:6cc76d70e2a1 | 677 | k[0] ^= s_box(k[13]) ^ *rc; |
ubhat | 0:6cc76d70e2a1 | 678 | k[1] ^= s_box(k[14]); |
ubhat | 0:6cc76d70e2a1 | 679 | k[2] ^= s_box(k[15]); |
ubhat | 0:6cc76d70e2a1 | 680 | k[3] ^= s_box(k[12]); |
ubhat | 0:6cc76d70e2a1 | 681 | *rc = f2( *rc ); |
ubhat | 0:6cc76d70e2a1 | 682 | |
ubhat | 0:6cc76d70e2a1 | 683 | for(cc = 4; cc < 16; cc += 4 ) |
ubhat | 0:6cc76d70e2a1 | 684 | { |
ubhat | 0:6cc76d70e2a1 | 685 | k[cc + 0] ^= k[cc - 4]; |
ubhat | 0:6cc76d70e2a1 | 686 | k[cc + 1] ^= k[cc - 3]; |
ubhat | 0:6cc76d70e2a1 | 687 | k[cc + 2] ^= k[cc - 2]; |
ubhat | 0:6cc76d70e2a1 | 688 | k[cc + 3] ^= k[cc - 1]; |
ubhat | 0:6cc76d70e2a1 | 689 | } |
ubhat | 0:6cc76d70e2a1 | 690 | } |
ubhat | 0:6cc76d70e2a1 | 691 | |
ubhat | 0:6cc76d70e2a1 | 692 | /* Encrypt a single block of 16 bytes with 'on the fly' 128 bit keying */ |
ubhat | 0:6cc76d70e2a1 | 693 | |
ubhat | 0:6cc76d70e2a1 | 694 | void aes_encrypt_128( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK], |
ubhat | 0:6cc76d70e2a1 | 695 | const uint8_t key[N_BLOCK], uint8_t o_key[N_BLOCK] ) |
ubhat | 0:6cc76d70e2a1 | 696 | { uint8_t s1[N_BLOCK], r, rc = 1; |
ubhat | 0:6cc76d70e2a1 | 697 | |
ubhat | 0:6cc76d70e2a1 | 698 | if(o_key != key) |
ubhat | 0:6cc76d70e2a1 | 699 | block_copy( o_key, key ); |
ubhat | 0:6cc76d70e2a1 | 700 | copy_and_key( s1, in, o_key ); |
ubhat | 0:6cc76d70e2a1 | 701 | |
ubhat | 0:6cc76d70e2a1 | 702 | for( r = 1 ; r < 10 ; ++r ) |
ubhat | 0:6cc76d70e2a1 | 703 | #if defined( VERSION_1 ) |
ubhat | 0:6cc76d70e2a1 | 704 | { |
ubhat | 0:6cc76d70e2a1 | 705 | mix_sub_columns( s1 ); |
ubhat | 0:6cc76d70e2a1 | 706 | update_encrypt_key_128( o_key, &rc ); |
ubhat | 0:6cc76d70e2a1 | 707 | add_round_key( s1, o_key ); |
ubhat | 0:6cc76d70e2a1 | 708 | } |
ubhat | 0:6cc76d70e2a1 | 709 | #else |
ubhat | 0:6cc76d70e2a1 | 710 | { uint8_t s2[N_BLOCK]; |
ubhat | 0:6cc76d70e2a1 | 711 | mix_sub_columns( s2, s1 ); |
ubhat | 0:6cc76d70e2a1 | 712 | update_encrypt_key_128( o_key, &rc ); |
ubhat | 0:6cc76d70e2a1 | 713 | copy_and_key( s1, s2, o_key ); |
ubhat | 0:6cc76d70e2a1 | 714 | } |
ubhat | 0:6cc76d70e2a1 | 715 | #endif |
ubhat | 0:6cc76d70e2a1 | 716 | |
ubhat | 0:6cc76d70e2a1 | 717 | shift_sub_rows( s1 ); |
ubhat | 0:6cc76d70e2a1 | 718 | update_encrypt_key_128( o_key, &rc ); |
ubhat | 0:6cc76d70e2a1 | 719 | copy_and_key( out, s1, o_key ); |
ubhat | 0:6cc76d70e2a1 | 720 | } |
ubhat | 0:6cc76d70e2a1 | 721 | |
ubhat | 0:6cc76d70e2a1 | 722 | #endif |
ubhat | 0:6cc76d70e2a1 | 723 | |
ubhat | 0:6cc76d70e2a1 | 724 | #if defined( AES_DEC_128_OTFK ) |
ubhat | 0:6cc76d70e2a1 | 725 | |
ubhat | 0:6cc76d70e2a1 | 726 | /* The 'on the fly' decryption key update for for 128 bit keys */ |
ubhat | 0:6cc76d70e2a1 | 727 | |
ubhat | 0:6cc76d70e2a1 | 728 | static void update_decrypt_key_128( uint8_t k[N_BLOCK], uint8_t *rc ) |
ubhat | 0:6cc76d70e2a1 | 729 | { uint8_t cc; |
ubhat | 0:6cc76d70e2a1 | 730 | |
ubhat | 0:6cc76d70e2a1 | 731 | for( cc = 12; cc > 0; cc -= 4 ) |
ubhat | 0:6cc76d70e2a1 | 732 | { |
ubhat | 0:6cc76d70e2a1 | 733 | k[cc + 0] ^= k[cc - 4]; |
ubhat | 0:6cc76d70e2a1 | 734 | k[cc + 1] ^= k[cc - 3]; |
ubhat | 0:6cc76d70e2a1 | 735 | k[cc + 2] ^= k[cc - 2]; |
ubhat | 0:6cc76d70e2a1 | 736 | k[cc + 3] ^= k[cc - 1]; |
ubhat | 0:6cc76d70e2a1 | 737 | } |
ubhat | 0:6cc76d70e2a1 | 738 | *rc = d2(*rc); |
ubhat | 0:6cc76d70e2a1 | 739 | k[0] ^= s_box(k[13]) ^ *rc; |
ubhat | 0:6cc76d70e2a1 | 740 | k[1] ^= s_box(k[14]); |
ubhat | 0:6cc76d70e2a1 | 741 | k[2] ^= s_box(k[15]); |
ubhat | 0:6cc76d70e2a1 | 742 | k[3] ^= s_box(k[12]); |
ubhat | 0:6cc76d70e2a1 | 743 | } |
ubhat | 0:6cc76d70e2a1 | 744 | |
ubhat | 0:6cc76d70e2a1 | 745 | /* Decrypt a single block of 16 bytes with 'on the fly' 128 bit keying */ |
ubhat | 0:6cc76d70e2a1 | 746 | |
ubhat | 0:6cc76d70e2a1 | 747 | void aes_decrypt_128( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK], |
ubhat | 0:6cc76d70e2a1 | 748 | const uint8_t key[N_BLOCK], uint8_t o_key[N_BLOCK] ) |
ubhat | 0:6cc76d70e2a1 | 749 | { |
ubhat | 0:6cc76d70e2a1 | 750 | uint8_t s1[N_BLOCK], r, rc = 0x6c; |
ubhat | 0:6cc76d70e2a1 | 751 | if(o_key != key) |
ubhat | 0:6cc76d70e2a1 | 752 | block_copy( o_key, key ); |
ubhat | 0:6cc76d70e2a1 | 753 | |
ubhat | 0:6cc76d70e2a1 | 754 | copy_and_key( s1, in, o_key ); |
ubhat | 0:6cc76d70e2a1 | 755 | inv_shift_sub_rows( s1 ); |
ubhat | 0:6cc76d70e2a1 | 756 | |
ubhat | 0:6cc76d70e2a1 | 757 | for( r = 10 ; --r ; ) |
ubhat | 0:6cc76d70e2a1 | 758 | #if defined( VERSION_1 ) |
ubhat | 0:6cc76d70e2a1 | 759 | { |
ubhat | 0:6cc76d70e2a1 | 760 | update_decrypt_key_128( o_key, &rc ); |
ubhat | 0:6cc76d70e2a1 | 761 | add_round_key( s1, o_key ); |
ubhat | 0:6cc76d70e2a1 | 762 | inv_mix_sub_columns( s1 ); |
ubhat | 0:6cc76d70e2a1 | 763 | } |
ubhat | 0:6cc76d70e2a1 | 764 | #else |
ubhat | 0:6cc76d70e2a1 | 765 | { uint8_t s2[N_BLOCK]; |
ubhat | 0:6cc76d70e2a1 | 766 | update_decrypt_key_128( o_key, &rc ); |
ubhat | 0:6cc76d70e2a1 | 767 | copy_and_key( s2, s1, o_key ); |
ubhat | 0:6cc76d70e2a1 | 768 | inv_mix_sub_columns( s1, s2 ); |
ubhat | 0:6cc76d70e2a1 | 769 | } |
ubhat | 0:6cc76d70e2a1 | 770 | #endif |
ubhat | 0:6cc76d70e2a1 | 771 | update_decrypt_key_128( o_key, &rc ); |
ubhat | 0:6cc76d70e2a1 | 772 | copy_and_key( out, s1, o_key ); |
ubhat | 0:6cc76d70e2a1 | 773 | } |
ubhat | 0:6cc76d70e2a1 | 774 | |
ubhat | 0:6cc76d70e2a1 | 775 | #endif |
ubhat | 0:6cc76d70e2a1 | 776 | |
ubhat | 0:6cc76d70e2a1 | 777 | #if defined( AES_ENC_256_OTFK ) |
ubhat | 0:6cc76d70e2a1 | 778 | |
ubhat | 0:6cc76d70e2a1 | 779 | /* The 'on the fly' encryption key update for for 256 bit keys */ |
ubhat | 0:6cc76d70e2a1 | 780 | |
ubhat | 0:6cc76d70e2a1 | 781 | static void update_encrypt_key_256( uint8_t k[2 * N_BLOCK], uint8_t *rc ) |
ubhat | 0:6cc76d70e2a1 | 782 | { uint8_t cc; |
ubhat | 0:6cc76d70e2a1 | 783 | |
ubhat | 0:6cc76d70e2a1 | 784 | k[0] ^= s_box(k[29]) ^ *rc; |
ubhat | 0:6cc76d70e2a1 | 785 | k[1] ^= s_box(k[30]); |
ubhat | 0:6cc76d70e2a1 | 786 | k[2] ^= s_box(k[31]); |
ubhat | 0:6cc76d70e2a1 | 787 | k[3] ^= s_box(k[28]); |
ubhat | 0:6cc76d70e2a1 | 788 | *rc = f2( *rc ); |
ubhat | 0:6cc76d70e2a1 | 789 | |
ubhat | 0:6cc76d70e2a1 | 790 | for(cc = 4; cc < 16; cc += 4) |
ubhat | 0:6cc76d70e2a1 | 791 | { |
ubhat | 0:6cc76d70e2a1 | 792 | k[cc + 0] ^= k[cc - 4]; |
ubhat | 0:6cc76d70e2a1 | 793 | k[cc + 1] ^= k[cc - 3]; |
ubhat | 0:6cc76d70e2a1 | 794 | k[cc + 2] ^= k[cc - 2]; |
ubhat | 0:6cc76d70e2a1 | 795 | k[cc + 3] ^= k[cc - 1]; |
ubhat | 0:6cc76d70e2a1 | 796 | } |
ubhat | 0:6cc76d70e2a1 | 797 | |
ubhat | 0:6cc76d70e2a1 | 798 | k[16] ^= s_box(k[12]); |
ubhat | 0:6cc76d70e2a1 | 799 | k[17] ^= s_box(k[13]); |
ubhat | 0:6cc76d70e2a1 | 800 | k[18] ^= s_box(k[14]); |
ubhat | 0:6cc76d70e2a1 | 801 | k[19] ^= s_box(k[15]); |
ubhat | 0:6cc76d70e2a1 | 802 | |
ubhat | 0:6cc76d70e2a1 | 803 | for( cc = 20; cc < 32; cc += 4 ) |
ubhat | 0:6cc76d70e2a1 | 804 | { |
ubhat | 0:6cc76d70e2a1 | 805 | k[cc + 0] ^= k[cc - 4]; |
ubhat | 0:6cc76d70e2a1 | 806 | k[cc + 1] ^= k[cc - 3]; |
ubhat | 0:6cc76d70e2a1 | 807 | k[cc + 2] ^= k[cc - 2]; |
ubhat | 0:6cc76d70e2a1 | 808 | k[cc + 3] ^= k[cc - 1]; |
ubhat | 0:6cc76d70e2a1 | 809 | } |
ubhat | 0:6cc76d70e2a1 | 810 | } |
ubhat | 0:6cc76d70e2a1 | 811 | |
ubhat | 0:6cc76d70e2a1 | 812 | /* Encrypt a single block of 16 bytes with 'on the fly' 256 bit keying */ |
ubhat | 0:6cc76d70e2a1 | 813 | |
ubhat | 0:6cc76d70e2a1 | 814 | void aes_encrypt_256( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK], |
ubhat | 0:6cc76d70e2a1 | 815 | const uint8_t key[2 * N_BLOCK], uint8_t o_key[2 * N_BLOCK] ) |
ubhat | 0:6cc76d70e2a1 | 816 | { |
ubhat | 0:6cc76d70e2a1 | 817 | uint8_t s1[N_BLOCK], r, rc = 1; |
ubhat | 0:6cc76d70e2a1 | 818 | if(o_key != key) |
ubhat | 0:6cc76d70e2a1 | 819 | { |
ubhat | 0:6cc76d70e2a1 | 820 | block_copy( o_key, key ); |
ubhat | 0:6cc76d70e2a1 | 821 | block_copy( o_key + 16, key + 16 ); |
ubhat | 0:6cc76d70e2a1 | 822 | } |
ubhat | 0:6cc76d70e2a1 | 823 | copy_and_key( s1, in, o_key ); |
ubhat | 0:6cc76d70e2a1 | 824 | |
ubhat | 0:6cc76d70e2a1 | 825 | for( r = 1 ; r < 14 ; ++r ) |
ubhat | 0:6cc76d70e2a1 | 826 | #if defined( VERSION_1 ) |
ubhat | 0:6cc76d70e2a1 | 827 | { |
ubhat | 0:6cc76d70e2a1 | 828 | mix_sub_columns(s1); |
ubhat | 0:6cc76d70e2a1 | 829 | if( r & 1 ) |
ubhat | 0:6cc76d70e2a1 | 830 | add_round_key( s1, o_key + 16 ); |
ubhat | 0:6cc76d70e2a1 | 831 | else |
ubhat | 0:6cc76d70e2a1 | 832 | { |
ubhat | 0:6cc76d70e2a1 | 833 | update_encrypt_key_256( o_key, &rc ); |
ubhat | 0:6cc76d70e2a1 | 834 | add_round_key( s1, o_key ); |
ubhat | 0:6cc76d70e2a1 | 835 | } |
ubhat | 0:6cc76d70e2a1 | 836 | } |
ubhat | 0:6cc76d70e2a1 | 837 | #else |
ubhat | 0:6cc76d70e2a1 | 838 | { uint8_t s2[N_BLOCK]; |
ubhat | 0:6cc76d70e2a1 | 839 | mix_sub_columns( s2, s1 ); |
ubhat | 0:6cc76d70e2a1 | 840 | if( r & 1 ) |
ubhat | 0:6cc76d70e2a1 | 841 | copy_and_key( s1, s2, o_key + 16 ); |
ubhat | 0:6cc76d70e2a1 | 842 | else |
ubhat | 0:6cc76d70e2a1 | 843 | { |
ubhat | 0:6cc76d70e2a1 | 844 | update_encrypt_key_256( o_key, &rc ); |
ubhat | 0:6cc76d70e2a1 | 845 | copy_and_key( s1, s2, o_key ); |
ubhat | 0:6cc76d70e2a1 | 846 | } |
ubhat | 0:6cc76d70e2a1 | 847 | } |
ubhat | 0:6cc76d70e2a1 | 848 | #endif |
ubhat | 0:6cc76d70e2a1 | 849 | |
ubhat | 0:6cc76d70e2a1 | 850 | shift_sub_rows( s1 ); |
ubhat | 0:6cc76d70e2a1 | 851 | update_encrypt_key_256( o_key, &rc ); |
ubhat | 0:6cc76d70e2a1 | 852 | copy_and_key( out, s1, o_key ); |
ubhat | 0:6cc76d70e2a1 | 853 | } |
ubhat | 0:6cc76d70e2a1 | 854 | |
ubhat | 0:6cc76d70e2a1 | 855 | #endif |
ubhat | 0:6cc76d70e2a1 | 856 | |
ubhat | 0:6cc76d70e2a1 | 857 | #if defined( AES_DEC_256_OTFK ) |
ubhat | 0:6cc76d70e2a1 | 858 | |
ubhat | 0:6cc76d70e2a1 | 859 | /* The 'on the fly' encryption key update for for 256 bit keys */ |
ubhat | 0:6cc76d70e2a1 | 860 | |
ubhat | 0:6cc76d70e2a1 | 861 | static void update_decrypt_key_256( uint8_t k[2 * N_BLOCK], uint8_t *rc ) |
ubhat | 0:6cc76d70e2a1 | 862 | { uint8_t cc; |
ubhat | 0:6cc76d70e2a1 | 863 | |
ubhat | 0:6cc76d70e2a1 | 864 | for(cc = 28; cc > 16; cc -= 4) |
ubhat | 0:6cc76d70e2a1 | 865 | { |
ubhat | 0:6cc76d70e2a1 | 866 | k[cc + 0] ^= k[cc - 4]; |
ubhat | 0:6cc76d70e2a1 | 867 | k[cc + 1] ^= k[cc - 3]; |
ubhat | 0:6cc76d70e2a1 | 868 | k[cc + 2] ^= k[cc - 2]; |
ubhat | 0:6cc76d70e2a1 | 869 | k[cc + 3] ^= k[cc - 1]; |
ubhat | 0:6cc76d70e2a1 | 870 | } |
ubhat | 0:6cc76d70e2a1 | 871 | |
ubhat | 0:6cc76d70e2a1 | 872 | k[16] ^= s_box(k[12]); |
ubhat | 0:6cc76d70e2a1 | 873 | k[17] ^= s_box(k[13]); |
ubhat | 0:6cc76d70e2a1 | 874 | k[18] ^= s_box(k[14]); |
ubhat | 0:6cc76d70e2a1 | 875 | k[19] ^= s_box(k[15]); |
ubhat | 0:6cc76d70e2a1 | 876 | |
ubhat | 0:6cc76d70e2a1 | 877 | for(cc = 12; cc > 0; cc -= 4) |
ubhat | 0:6cc76d70e2a1 | 878 | { |
ubhat | 0:6cc76d70e2a1 | 879 | k[cc + 0] ^= k[cc - 4]; |
ubhat | 0:6cc76d70e2a1 | 880 | k[cc + 1] ^= k[cc - 3]; |
ubhat | 0:6cc76d70e2a1 | 881 | k[cc + 2] ^= k[cc - 2]; |
ubhat | 0:6cc76d70e2a1 | 882 | k[cc + 3] ^= k[cc - 1]; |
ubhat | 0:6cc76d70e2a1 | 883 | } |
ubhat | 0:6cc76d70e2a1 | 884 | |
ubhat | 0:6cc76d70e2a1 | 885 | *rc = d2(*rc); |
ubhat | 0:6cc76d70e2a1 | 886 | k[0] ^= s_box(k[29]) ^ *rc; |
ubhat | 0:6cc76d70e2a1 | 887 | k[1] ^= s_box(k[30]); |
ubhat | 0:6cc76d70e2a1 | 888 | k[2] ^= s_box(k[31]); |
ubhat | 0:6cc76d70e2a1 | 889 | k[3] ^= s_box(k[28]); |
ubhat | 0:6cc76d70e2a1 | 890 | } |
ubhat | 0:6cc76d70e2a1 | 891 | |
ubhat | 0:6cc76d70e2a1 | 892 | /* Decrypt a single block of 16 bytes with 'on the fly' |
ubhat | 0:6cc76d70e2a1 | 893 | 256 bit keying |
ubhat | 0:6cc76d70e2a1 | 894 | */ |
ubhat | 0:6cc76d70e2a1 | 895 | void aes_decrypt_256( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK], |
ubhat | 0:6cc76d70e2a1 | 896 | const uint8_t key[2 * N_BLOCK], uint8_t o_key[2 * N_BLOCK] ) |
ubhat | 0:6cc76d70e2a1 | 897 | { |
ubhat | 0:6cc76d70e2a1 | 898 | uint8_t s1[N_BLOCK], r, rc = 0x80; |
ubhat | 0:6cc76d70e2a1 | 899 | |
ubhat | 0:6cc76d70e2a1 | 900 | if(o_key != key) |
ubhat | 0:6cc76d70e2a1 | 901 | { |
ubhat | 0:6cc76d70e2a1 | 902 | block_copy( o_key, key ); |
ubhat | 0:6cc76d70e2a1 | 903 | block_copy( o_key + 16, key + 16 ); |
ubhat | 0:6cc76d70e2a1 | 904 | } |
ubhat | 0:6cc76d70e2a1 | 905 | |
ubhat | 0:6cc76d70e2a1 | 906 | copy_and_key( s1, in, o_key ); |
ubhat | 0:6cc76d70e2a1 | 907 | inv_shift_sub_rows( s1 ); |
ubhat | 0:6cc76d70e2a1 | 908 | |
ubhat | 0:6cc76d70e2a1 | 909 | for( r = 14 ; --r ; ) |
ubhat | 0:6cc76d70e2a1 | 910 | #if defined( VERSION_1 ) |
ubhat | 0:6cc76d70e2a1 | 911 | { |
ubhat | 0:6cc76d70e2a1 | 912 | if( ( r & 1 ) ) |
ubhat | 0:6cc76d70e2a1 | 913 | { |
ubhat | 0:6cc76d70e2a1 | 914 | update_decrypt_key_256( o_key, &rc ); |
ubhat | 0:6cc76d70e2a1 | 915 | add_round_key( s1, o_key + 16 ); |
ubhat | 0:6cc76d70e2a1 | 916 | } |
ubhat | 0:6cc76d70e2a1 | 917 | else |
ubhat | 0:6cc76d70e2a1 | 918 | add_round_key( s1, o_key ); |
ubhat | 0:6cc76d70e2a1 | 919 | inv_mix_sub_columns( s1 ); |
ubhat | 0:6cc76d70e2a1 | 920 | } |
ubhat | 0:6cc76d70e2a1 | 921 | #else |
ubhat | 0:6cc76d70e2a1 | 922 | { uint8_t s2[N_BLOCK]; |
ubhat | 0:6cc76d70e2a1 | 923 | if( ( r & 1 ) ) |
ubhat | 0:6cc76d70e2a1 | 924 | { |
ubhat | 0:6cc76d70e2a1 | 925 | update_decrypt_key_256( o_key, &rc ); |
ubhat | 0:6cc76d70e2a1 | 926 | copy_and_key( s2, s1, o_key + 16 ); |
ubhat | 0:6cc76d70e2a1 | 927 | } |
ubhat | 0:6cc76d70e2a1 | 928 | else |
ubhat | 0:6cc76d70e2a1 | 929 | copy_and_key( s2, s1, o_key ); |
ubhat | 0:6cc76d70e2a1 | 930 | inv_mix_sub_columns( s1, s2 ); |
ubhat | 0:6cc76d70e2a1 | 931 | } |
ubhat | 0:6cc76d70e2a1 | 932 | #endif |
ubhat | 0:6cc76d70e2a1 | 933 | copy_and_key( out, s1, o_key ); |
ubhat | 0:6cc76d70e2a1 | 934 | } |
ubhat | 0:6cc76d70e2a1 | 935 | |
ubhat | 0:6cc76d70e2a1 | 936 | #endif |