code crashes accessing randomization code

Dependencies:   LoRaWAN-SX1272-Application-24-31-9sec X_NUCLEO_IKS01A1 driver_mbed_TH02 LoRaWAN-lib-v1_0_1 SX1272Lib mbed

Fork of LoRaWAN-SX1272-Application-24-31-9sec by Oleh Zvonarov

Committer:
billvs
Date:
Mon Nov 27 20:49:31 2017 +0000
Revision:
8:0a3a16fd1bc8
Parent:
0:6cc76d70e2a1
crashes with autoconfig address on L073RZ

Who changed what in which revision?

UserRevisionLine numberNew contents of line
ubhat 0:6cc76d70e2a1 1 /*
ubhat 0:6cc76d70e2a1 2 ---------------------------------------------------------------------------
ubhat 0:6cc76d70e2a1 3 Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
ubhat 0:6cc76d70e2a1 4
ubhat 0:6cc76d70e2a1 5 LICENSE TERMS
ubhat 0:6cc76d70e2a1 6
ubhat 0:6cc76d70e2a1 7 The redistribution and use of this software (with or without changes)
ubhat 0:6cc76d70e2a1 8 is allowed without the payment of fees or royalties provided that:
ubhat 0:6cc76d70e2a1 9
ubhat 0:6cc76d70e2a1 10 1. source code distributions include the above copyright notice, this
ubhat 0:6cc76d70e2a1 11 list of conditions and the following disclaimer;
ubhat 0:6cc76d70e2a1 12
ubhat 0:6cc76d70e2a1 13 2. binary distributions include the above copyright notice, this list
ubhat 0:6cc76d70e2a1 14 of conditions and the following disclaimer in their documentation;
ubhat 0:6cc76d70e2a1 15
ubhat 0:6cc76d70e2a1 16 3. the name of the copyright holder is not used to endorse products
ubhat 0:6cc76d70e2a1 17 built using this software without specific written permission.
ubhat 0:6cc76d70e2a1 18
ubhat 0:6cc76d70e2a1 19 DISCLAIMER
ubhat 0:6cc76d70e2a1 20
ubhat 0:6cc76d70e2a1 21 This software is provided 'as is' with no explicit or implied warranties
ubhat 0:6cc76d70e2a1 22 in respect of its properties, including, but not limited to, correctness
ubhat 0:6cc76d70e2a1 23 and/or fitness for purpose.
ubhat 0:6cc76d70e2a1 24 ---------------------------------------------------------------------------
ubhat 0:6cc76d70e2a1 25 Issue 09/09/2006
ubhat 0:6cc76d70e2a1 26
ubhat 0:6cc76d70e2a1 27 This is an AES implementation that uses only 8-bit byte operations on the
ubhat 0:6cc76d70e2a1 28 cipher state (there are options to use 32-bit types if available).
ubhat 0:6cc76d70e2a1 29
ubhat 0:6cc76d70e2a1 30 The combination of mix columns and byte substitution used here is based on
ubhat 0:6cc76d70e2a1 31 that developed by Karl Malbrain. His contribution is acknowledged.
ubhat 0:6cc76d70e2a1 32 */
ubhat 0:6cc76d70e2a1 33
ubhat 0:6cc76d70e2a1 34 /* define if you have a fast memcpy function on your system */
ubhat 0:6cc76d70e2a1 35 #if 0
ubhat 0:6cc76d70e2a1 36 # define HAVE_MEMCPY
ubhat 0:6cc76d70e2a1 37 # include <string.h>
ubhat 0:6cc76d70e2a1 38 # if defined( _MSC_VER )
ubhat 0:6cc76d70e2a1 39 # include <intrin.h>
ubhat 0:6cc76d70e2a1 40 # pragma intrinsic( memcpy )
ubhat 0:6cc76d70e2a1 41 # endif
ubhat 0:6cc76d70e2a1 42 #endif
ubhat 0:6cc76d70e2a1 43
ubhat 0:6cc76d70e2a1 44
ubhat 0:6cc76d70e2a1 45 #include <stdlib.h>
ubhat 0:6cc76d70e2a1 46 #include <stdint.h>
ubhat 0:6cc76d70e2a1 47
ubhat 0:6cc76d70e2a1 48 /* define if you have fast 32-bit types on your system */
ubhat 0:6cc76d70e2a1 49 #if ( __CORTEX_M != 0 ) // if Cortex is different from M0/M0+
ubhat 0:6cc76d70e2a1 50 # define HAVE_UINT_32T
ubhat 0:6cc76d70e2a1 51 #endif
ubhat 0:6cc76d70e2a1 52
ubhat 0:6cc76d70e2a1 53 /* define if you don't want any tables */
ubhat 0:6cc76d70e2a1 54 #if 1
ubhat 0:6cc76d70e2a1 55 # define USE_TABLES
ubhat 0:6cc76d70e2a1 56 #endif
ubhat 0:6cc76d70e2a1 57
ubhat 0:6cc76d70e2a1 58 /* On Intel Core 2 duo VERSION_1 is faster */
ubhat 0:6cc76d70e2a1 59
ubhat 0:6cc76d70e2a1 60 /* alternative versions (test for performance on your system) */
ubhat 0:6cc76d70e2a1 61 #if 1
ubhat 0:6cc76d70e2a1 62 # define VERSION_1
ubhat 0:6cc76d70e2a1 63 #endif
ubhat 0:6cc76d70e2a1 64
ubhat 0:6cc76d70e2a1 65 #include "aes.h"
ubhat 0:6cc76d70e2a1 66
ubhat 0:6cc76d70e2a1 67 //#if defined( HAVE_UINT_32T )
ubhat 0:6cc76d70e2a1 68 // typedef unsigned long uint32_t;
ubhat 0:6cc76d70e2a1 69 //#endif
ubhat 0:6cc76d70e2a1 70
ubhat 0:6cc76d70e2a1 71 /* functions for finite field multiplication in the AES Galois field */
ubhat 0:6cc76d70e2a1 72
ubhat 0:6cc76d70e2a1 73 #define WPOLY 0x011b
ubhat 0:6cc76d70e2a1 74 #define BPOLY 0x1b
ubhat 0:6cc76d70e2a1 75 #define DPOLY 0x008d
ubhat 0:6cc76d70e2a1 76
ubhat 0:6cc76d70e2a1 77 #define f1(x) (x)
ubhat 0:6cc76d70e2a1 78 #define f2(x) ((x << 1) ^ (((x >> 7) & 1) * WPOLY))
ubhat 0:6cc76d70e2a1 79 #define f4(x) ((x << 2) ^ (((x >> 6) & 1) * WPOLY) ^ (((x >> 6) & 2) * WPOLY))
ubhat 0:6cc76d70e2a1 80 #define f8(x) ((x << 3) ^ (((x >> 5) & 1) * WPOLY) ^ (((x >> 5) & 2) * WPOLY) \
ubhat 0:6cc76d70e2a1 81 ^ (((x >> 5) & 4) * WPOLY))
ubhat 0:6cc76d70e2a1 82 #define d2(x) (((x) >> 1) ^ ((x) & 1 ? DPOLY : 0))
ubhat 0:6cc76d70e2a1 83
ubhat 0:6cc76d70e2a1 84 #define f3(x) (f2(x) ^ x)
ubhat 0:6cc76d70e2a1 85 #define f9(x) (f8(x) ^ x)
ubhat 0:6cc76d70e2a1 86 #define fb(x) (f8(x) ^ f2(x) ^ x)
ubhat 0:6cc76d70e2a1 87 #define fd(x) (f8(x) ^ f4(x) ^ x)
ubhat 0:6cc76d70e2a1 88 #define fe(x) (f8(x) ^ f4(x) ^ f2(x))
ubhat 0:6cc76d70e2a1 89
ubhat 0:6cc76d70e2a1 90 #if defined( USE_TABLES )
ubhat 0:6cc76d70e2a1 91
ubhat 0:6cc76d70e2a1 92 #define sb_data(w) { /* S Box data values */ \
ubhat 0:6cc76d70e2a1 93 w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\
ubhat 0:6cc76d70e2a1 94 w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\
ubhat 0:6cc76d70e2a1 95 w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\
ubhat 0:6cc76d70e2a1 96 w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\
ubhat 0:6cc76d70e2a1 97 w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\
ubhat 0:6cc76d70e2a1 98 w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\
ubhat 0:6cc76d70e2a1 99 w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\
ubhat 0:6cc76d70e2a1 100 w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\
ubhat 0:6cc76d70e2a1 101 w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\
ubhat 0:6cc76d70e2a1 102 w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\
ubhat 0:6cc76d70e2a1 103 w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\
ubhat 0:6cc76d70e2a1 104 w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\
ubhat 0:6cc76d70e2a1 105 w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\
ubhat 0:6cc76d70e2a1 106 w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\
ubhat 0:6cc76d70e2a1 107 w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\
ubhat 0:6cc76d70e2a1 108 w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\
ubhat 0:6cc76d70e2a1 109 w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\
ubhat 0:6cc76d70e2a1 110 w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\
ubhat 0:6cc76d70e2a1 111 w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\
ubhat 0:6cc76d70e2a1 112 w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\
ubhat 0:6cc76d70e2a1 113 w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\
ubhat 0:6cc76d70e2a1 114 w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\
ubhat 0:6cc76d70e2a1 115 w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\
ubhat 0:6cc76d70e2a1 116 w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\
ubhat 0:6cc76d70e2a1 117 w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\
ubhat 0:6cc76d70e2a1 118 w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\
ubhat 0:6cc76d70e2a1 119 w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\
ubhat 0:6cc76d70e2a1 120 w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\
ubhat 0:6cc76d70e2a1 121 w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\
ubhat 0:6cc76d70e2a1 122 w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\
ubhat 0:6cc76d70e2a1 123 w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\
ubhat 0:6cc76d70e2a1 124 w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16) }
ubhat 0:6cc76d70e2a1 125
ubhat 0:6cc76d70e2a1 126 #define isb_data(w) { /* inverse S Box data values */ \
ubhat 0:6cc76d70e2a1 127 w(0x52), w(0x09), w(0x6a), w(0xd5), w(0x30), w(0x36), w(0xa5), w(0x38),\
ubhat 0:6cc76d70e2a1 128 w(0xbf), w(0x40), w(0xa3), w(0x9e), w(0x81), w(0xf3), w(0xd7), w(0xfb),\
ubhat 0:6cc76d70e2a1 129 w(0x7c), w(0xe3), w(0x39), w(0x82), w(0x9b), w(0x2f), w(0xff), w(0x87),\
ubhat 0:6cc76d70e2a1 130 w(0x34), w(0x8e), w(0x43), w(0x44), w(0xc4), w(0xde), w(0xe9), w(0xcb),\
ubhat 0:6cc76d70e2a1 131 w(0x54), w(0x7b), w(0x94), w(0x32), w(0xa6), w(0xc2), w(0x23), w(0x3d),\
ubhat 0:6cc76d70e2a1 132 w(0xee), w(0x4c), w(0x95), w(0x0b), w(0x42), w(0xfa), w(0xc3), w(0x4e),\
ubhat 0:6cc76d70e2a1 133 w(0x08), w(0x2e), w(0xa1), w(0x66), w(0x28), w(0xd9), w(0x24), w(0xb2),\
ubhat 0:6cc76d70e2a1 134 w(0x76), w(0x5b), w(0xa2), w(0x49), w(0x6d), w(0x8b), w(0xd1), w(0x25),\
ubhat 0:6cc76d70e2a1 135 w(0x72), w(0xf8), w(0xf6), w(0x64), w(0x86), w(0x68), w(0x98), w(0x16),\
ubhat 0:6cc76d70e2a1 136 w(0xd4), w(0xa4), w(0x5c), w(0xcc), w(0x5d), w(0x65), w(0xb6), w(0x92),\
ubhat 0:6cc76d70e2a1 137 w(0x6c), w(0x70), w(0x48), w(0x50), w(0xfd), w(0xed), w(0xb9), w(0xda),\
ubhat 0:6cc76d70e2a1 138 w(0x5e), w(0x15), w(0x46), w(0x57), w(0xa7), w(0x8d), w(0x9d), w(0x84),\
ubhat 0:6cc76d70e2a1 139 w(0x90), w(0xd8), w(0xab), w(0x00), w(0x8c), w(0xbc), w(0xd3), w(0x0a),\
ubhat 0:6cc76d70e2a1 140 w(0xf7), w(0xe4), w(0x58), w(0x05), w(0xb8), w(0xb3), w(0x45), w(0x06),\
ubhat 0:6cc76d70e2a1 141 w(0xd0), w(0x2c), w(0x1e), w(0x8f), w(0xca), w(0x3f), w(0x0f), w(0x02),\
ubhat 0:6cc76d70e2a1 142 w(0xc1), w(0xaf), w(0xbd), w(0x03), w(0x01), w(0x13), w(0x8a), w(0x6b),\
ubhat 0:6cc76d70e2a1 143 w(0x3a), w(0x91), w(0x11), w(0x41), w(0x4f), w(0x67), w(0xdc), w(0xea),\
ubhat 0:6cc76d70e2a1 144 w(0x97), w(0xf2), w(0xcf), w(0xce), w(0xf0), w(0xb4), w(0xe6), w(0x73),\
ubhat 0:6cc76d70e2a1 145 w(0x96), w(0xac), w(0x74), w(0x22), w(0xe7), w(0xad), w(0x35), w(0x85),\
ubhat 0:6cc76d70e2a1 146 w(0xe2), w(0xf9), w(0x37), w(0xe8), w(0x1c), w(0x75), w(0xdf), w(0x6e),\
ubhat 0:6cc76d70e2a1 147 w(0x47), w(0xf1), w(0x1a), w(0x71), w(0x1d), w(0x29), w(0xc5), w(0x89),\
ubhat 0:6cc76d70e2a1 148 w(0x6f), w(0xb7), w(0x62), w(0x0e), w(0xaa), w(0x18), w(0xbe), w(0x1b),\
ubhat 0:6cc76d70e2a1 149 w(0xfc), w(0x56), w(0x3e), w(0x4b), w(0xc6), w(0xd2), w(0x79), w(0x20),\
ubhat 0:6cc76d70e2a1 150 w(0x9a), w(0xdb), w(0xc0), w(0xfe), w(0x78), w(0xcd), w(0x5a), w(0xf4),\
ubhat 0:6cc76d70e2a1 151 w(0x1f), w(0xdd), w(0xa8), w(0x33), w(0x88), w(0x07), w(0xc7), w(0x31),\
ubhat 0:6cc76d70e2a1 152 w(0xb1), w(0x12), w(0x10), w(0x59), w(0x27), w(0x80), w(0xec), w(0x5f),\
ubhat 0:6cc76d70e2a1 153 w(0x60), w(0x51), w(0x7f), w(0xa9), w(0x19), w(0xb5), w(0x4a), w(0x0d),\
ubhat 0:6cc76d70e2a1 154 w(0x2d), w(0xe5), w(0x7a), w(0x9f), w(0x93), w(0xc9), w(0x9c), w(0xef),\
ubhat 0:6cc76d70e2a1 155 w(0xa0), w(0xe0), w(0x3b), w(0x4d), w(0xae), w(0x2a), w(0xf5), w(0xb0),\
ubhat 0:6cc76d70e2a1 156 w(0xc8), w(0xeb), w(0xbb), w(0x3c), w(0x83), w(0x53), w(0x99), w(0x61),\
ubhat 0:6cc76d70e2a1 157 w(0x17), w(0x2b), w(0x04), w(0x7e), w(0xba), w(0x77), w(0xd6), w(0x26),\
ubhat 0:6cc76d70e2a1 158 w(0xe1), w(0x69), w(0x14), w(0x63), w(0x55), w(0x21), w(0x0c), w(0x7d) }
ubhat 0:6cc76d70e2a1 159
ubhat 0:6cc76d70e2a1 160 #define mm_data(w) { /* basic data for forming finite field tables */ \
ubhat 0:6cc76d70e2a1 161 w(0x00), w(0x01), w(0x02), w(0x03), w(0x04), w(0x05), w(0x06), w(0x07),\
ubhat 0:6cc76d70e2a1 162 w(0x08), w(0x09), w(0x0a), w(0x0b), w(0x0c), w(0x0d), w(0x0e), w(0x0f),\
ubhat 0:6cc76d70e2a1 163 w(0x10), w(0x11), w(0x12), w(0x13), w(0x14), w(0x15), w(0x16), w(0x17),\
ubhat 0:6cc76d70e2a1 164 w(0x18), w(0x19), w(0x1a), w(0x1b), w(0x1c), w(0x1d), w(0x1e), w(0x1f),\
ubhat 0:6cc76d70e2a1 165 w(0x20), w(0x21), w(0x22), w(0x23), w(0x24), w(0x25), w(0x26), w(0x27),\
ubhat 0:6cc76d70e2a1 166 w(0x28), w(0x29), w(0x2a), w(0x2b), w(0x2c), w(0x2d), w(0x2e), w(0x2f),\
ubhat 0:6cc76d70e2a1 167 w(0x30), w(0x31), w(0x32), w(0x33), w(0x34), w(0x35), w(0x36), w(0x37),\
ubhat 0:6cc76d70e2a1 168 w(0x38), w(0x39), w(0x3a), w(0x3b), w(0x3c), w(0x3d), w(0x3e), w(0x3f),\
ubhat 0:6cc76d70e2a1 169 w(0x40), w(0x41), w(0x42), w(0x43), w(0x44), w(0x45), w(0x46), w(0x47),\
ubhat 0:6cc76d70e2a1 170 w(0x48), w(0x49), w(0x4a), w(0x4b), w(0x4c), w(0x4d), w(0x4e), w(0x4f),\
ubhat 0:6cc76d70e2a1 171 w(0x50), w(0x51), w(0x52), w(0x53), w(0x54), w(0x55), w(0x56), w(0x57),\
ubhat 0:6cc76d70e2a1 172 w(0x58), w(0x59), w(0x5a), w(0x5b), w(0x5c), w(0x5d), w(0x5e), w(0x5f),\
ubhat 0:6cc76d70e2a1 173 w(0x60), w(0x61), w(0x62), w(0x63), w(0x64), w(0x65), w(0x66), w(0x67),\
ubhat 0:6cc76d70e2a1 174 w(0x68), w(0x69), w(0x6a), w(0x6b), w(0x6c), w(0x6d), w(0x6e), w(0x6f),\
ubhat 0:6cc76d70e2a1 175 w(0x70), w(0x71), w(0x72), w(0x73), w(0x74), w(0x75), w(0x76), w(0x77),\
ubhat 0:6cc76d70e2a1 176 w(0x78), w(0x79), w(0x7a), w(0x7b), w(0x7c), w(0x7d), w(0x7e), w(0x7f),\
ubhat 0:6cc76d70e2a1 177 w(0x80), w(0x81), w(0x82), w(0x83), w(0x84), w(0x85), w(0x86), w(0x87),\
ubhat 0:6cc76d70e2a1 178 w(0x88), w(0x89), w(0x8a), w(0x8b), w(0x8c), w(0x8d), w(0x8e), w(0x8f),\
ubhat 0:6cc76d70e2a1 179 w(0x90), w(0x91), w(0x92), w(0x93), w(0x94), w(0x95), w(0x96), w(0x97),\
ubhat 0:6cc76d70e2a1 180 w(0x98), w(0x99), w(0x9a), w(0x9b), w(0x9c), w(0x9d), w(0x9e), w(0x9f),\
ubhat 0:6cc76d70e2a1 181 w(0xa0), w(0xa1), w(0xa2), w(0xa3), w(0xa4), w(0xa5), w(0xa6), w(0xa7),\
ubhat 0:6cc76d70e2a1 182 w(0xa8), w(0xa9), w(0xaa), w(0xab), w(0xac), w(0xad), w(0xae), w(0xaf),\
ubhat 0:6cc76d70e2a1 183 w(0xb0), w(0xb1), w(0xb2), w(0xb3), w(0xb4), w(0xb5), w(0xb6), w(0xb7),\
ubhat 0:6cc76d70e2a1 184 w(0xb8), w(0xb9), w(0xba), w(0xbb), w(0xbc), w(0xbd), w(0xbe), w(0xbf),\
ubhat 0:6cc76d70e2a1 185 w(0xc0), w(0xc1), w(0xc2), w(0xc3), w(0xc4), w(0xc5), w(0xc6), w(0xc7),\
ubhat 0:6cc76d70e2a1 186 w(0xc8), w(0xc9), w(0xca), w(0xcb), w(0xcc), w(0xcd), w(0xce), w(0xcf),\
ubhat 0:6cc76d70e2a1 187 w(0xd0), w(0xd1), w(0xd2), w(0xd3), w(0xd4), w(0xd5), w(0xd6), w(0xd7),\
ubhat 0:6cc76d70e2a1 188 w(0xd8), w(0xd9), w(0xda), w(0xdb), w(0xdc), w(0xdd), w(0xde), w(0xdf),\
ubhat 0:6cc76d70e2a1 189 w(0xe0), w(0xe1), w(0xe2), w(0xe3), w(0xe4), w(0xe5), w(0xe6), w(0xe7),\
ubhat 0:6cc76d70e2a1 190 w(0xe8), w(0xe9), w(0xea), w(0xeb), w(0xec), w(0xed), w(0xee), w(0xef),\
ubhat 0:6cc76d70e2a1 191 w(0xf0), w(0xf1), w(0xf2), w(0xf3), w(0xf4), w(0xf5), w(0xf6), w(0xf7),\
ubhat 0:6cc76d70e2a1 192 w(0xf8), w(0xf9), w(0xfa), w(0xfb), w(0xfc), w(0xfd), w(0xfe), w(0xff) }
ubhat 0:6cc76d70e2a1 193
ubhat 0:6cc76d70e2a1 194 static const uint8_t sbox[256] = sb_data(f1);
ubhat 0:6cc76d70e2a1 195
ubhat 0:6cc76d70e2a1 196 #if defined( AES_DEC_PREKEYED )
ubhat 0:6cc76d70e2a1 197 static const uint8_t isbox[256] = isb_data(f1);
ubhat 0:6cc76d70e2a1 198 #endif
ubhat 0:6cc76d70e2a1 199
ubhat 0:6cc76d70e2a1 200 static const uint8_t gfm2_sbox[256] = sb_data(f2);
ubhat 0:6cc76d70e2a1 201 static const uint8_t gfm3_sbox[256] = sb_data(f3);
ubhat 0:6cc76d70e2a1 202
ubhat 0:6cc76d70e2a1 203 #if defined( AES_DEC_PREKEYED )
ubhat 0:6cc76d70e2a1 204 static const uint8_t gfmul_9[256] = mm_data(f9);
ubhat 0:6cc76d70e2a1 205 static const uint8_t gfmul_b[256] = mm_data(fb);
ubhat 0:6cc76d70e2a1 206 static const uint8_t gfmul_d[256] = mm_data(fd);
ubhat 0:6cc76d70e2a1 207 static const uint8_t gfmul_e[256] = mm_data(fe);
ubhat 0:6cc76d70e2a1 208 #endif
ubhat 0:6cc76d70e2a1 209
ubhat 0:6cc76d70e2a1 210 #define s_box(x) sbox[(x)]
ubhat 0:6cc76d70e2a1 211 #if defined( AES_DEC_PREKEYED )
ubhat 0:6cc76d70e2a1 212 #define is_box(x) isbox[(x)]
ubhat 0:6cc76d70e2a1 213 #endif
ubhat 0:6cc76d70e2a1 214 #define gfm2_sb(x) gfm2_sbox[(x)]
ubhat 0:6cc76d70e2a1 215 #define gfm3_sb(x) gfm3_sbox[(x)]
ubhat 0:6cc76d70e2a1 216 #if defined( AES_DEC_PREKEYED )
ubhat 0:6cc76d70e2a1 217 #define gfm_9(x) gfmul_9[(x)]
ubhat 0:6cc76d70e2a1 218 #define gfm_b(x) gfmul_b[(x)]
ubhat 0:6cc76d70e2a1 219 #define gfm_d(x) gfmul_d[(x)]
ubhat 0:6cc76d70e2a1 220 #define gfm_e(x) gfmul_e[(x)]
ubhat 0:6cc76d70e2a1 221 #endif
ubhat 0:6cc76d70e2a1 222 #else
ubhat 0:6cc76d70e2a1 223
ubhat 0:6cc76d70e2a1 224 /* this is the high bit of x right shifted by 1 */
ubhat 0:6cc76d70e2a1 225 /* position. Since the starting polynomial has */
ubhat 0:6cc76d70e2a1 226 /* 9 bits (0x11b), this right shift keeps the */
ubhat 0:6cc76d70e2a1 227 /* values of all top bits within a byte */
ubhat 0:6cc76d70e2a1 228
ubhat 0:6cc76d70e2a1 229 static uint8_t hibit(const uint8_t x)
ubhat 0:6cc76d70e2a1 230 { uint8_t r = (uint8_t)((x >> 1) | (x >> 2));
ubhat 0:6cc76d70e2a1 231
ubhat 0:6cc76d70e2a1 232 r |= (r >> 2);
ubhat 0:6cc76d70e2a1 233 r |= (r >> 4);
ubhat 0:6cc76d70e2a1 234 return (r + 1) >> 1;
ubhat 0:6cc76d70e2a1 235 }
ubhat 0:6cc76d70e2a1 236
ubhat 0:6cc76d70e2a1 237 /* return the inverse of the finite field element x */
ubhat 0:6cc76d70e2a1 238
ubhat 0:6cc76d70e2a1 239 static uint8_t gf_inv(const uint8_t x)
ubhat 0:6cc76d70e2a1 240 { uint8_t p1 = x, p2 = BPOLY, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0;
ubhat 0:6cc76d70e2a1 241
ubhat 0:6cc76d70e2a1 242 if(x < 2)
ubhat 0:6cc76d70e2a1 243 return x;
ubhat 0:6cc76d70e2a1 244
ubhat 0:6cc76d70e2a1 245 for( ; ; )
ubhat 0:6cc76d70e2a1 246 {
ubhat 0:6cc76d70e2a1 247 if(n1)
ubhat 0:6cc76d70e2a1 248 while(n2 >= n1) /* divide polynomial p2 by p1 */
ubhat 0:6cc76d70e2a1 249 {
ubhat 0:6cc76d70e2a1 250 n2 /= n1; /* shift smaller polynomial left */
ubhat 0:6cc76d70e2a1 251 p2 ^= (p1 * n2) & 0xff; /* and remove from larger one */
ubhat 0:6cc76d70e2a1 252 v2 ^= (v1 * n2); /* shift accumulated value and */
ubhat 0:6cc76d70e2a1 253 n2 = hibit(p2); /* add into result */
ubhat 0:6cc76d70e2a1 254 }
ubhat 0:6cc76d70e2a1 255 else
ubhat 0:6cc76d70e2a1 256 return v1;
ubhat 0:6cc76d70e2a1 257
ubhat 0:6cc76d70e2a1 258 if(n2) /* repeat with values swapped */
ubhat 0:6cc76d70e2a1 259 while(n1 >= n2)
ubhat 0:6cc76d70e2a1 260 {
ubhat 0:6cc76d70e2a1 261 n1 /= n2;
ubhat 0:6cc76d70e2a1 262 p1 ^= p2 * n1;
ubhat 0:6cc76d70e2a1 263 v1 ^= v2 * n1;
ubhat 0:6cc76d70e2a1 264 n1 = hibit(p1);
ubhat 0:6cc76d70e2a1 265 }
ubhat 0:6cc76d70e2a1 266 else
ubhat 0:6cc76d70e2a1 267 return v2;
ubhat 0:6cc76d70e2a1 268 }
ubhat 0:6cc76d70e2a1 269 }
ubhat 0:6cc76d70e2a1 270
ubhat 0:6cc76d70e2a1 271 /* The forward and inverse affine transformations used in the S-box */
ubhat 0:6cc76d70e2a1 272 uint8_t fwd_affine(const uint8_t x)
ubhat 0:6cc76d70e2a1 273 {
ubhat 0:6cc76d70e2a1 274 #if defined( HAVE_UINT_32T )
ubhat 0:6cc76d70e2a1 275 uint32_t w = x;
ubhat 0:6cc76d70e2a1 276 w ^= (w << 1) ^ (w << 2) ^ (w << 3) ^ (w << 4);
ubhat 0:6cc76d70e2a1 277 return 0x63 ^ ((w ^ (w >> 8)) & 0xff);
ubhat 0:6cc76d70e2a1 278 #else
ubhat 0:6cc76d70e2a1 279 return 0x63 ^ x ^ (x << 1) ^ (x << 2) ^ (x << 3) ^ (x << 4)
ubhat 0:6cc76d70e2a1 280 ^ (x >> 7) ^ (x >> 6) ^ (x >> 5) ^ (x >> 4);
ubhat 0:6cc76d70e2a1 281 #endif
ubhat 0:6cc76d70e2a1 282 }
ubhat 0:6cc76d70e2a1 283
ubhat 0:6cc76d70e2a1 284 uint8_t inv_affine(const uint8_t x)
ubhat 0:6cc76d70e2a1 285 {
ubhat 0:6cc76d70e2a1 286 #if defined( HAVE_UINT_32T )
ubhat 0:6cc76d70e2a1 287 uint32_t w = x;
ubhat 0:6cc76d70e2a1 288 w = (w << 1) ^ (w << 3) ^ (w << 6);
ubhat 0:6cc76d70e2a1 289 return 0x05 ^ ((w ^ (w >> 8)) & 0xff);
ubhat 0:6cc76d70e2a1 290 #else
ubhat 0:6cc76d70e2a1 291 return 0x05 ^ (x << 1) ^ (x << 3) ^ (x << 6)
ubhat 0:6cc76d70e2a1 292 ^ (x >> 7) ^ (x >> 5) ^ (x >> 2);
ubhat 0:6cc76d70e2a1 293 #endif
ubhat 0:6cc76d70e2a1 294 }
ubhat 0:6cc76d70e2a1 295
ubhat 0:6cc76d70e2a1 296 #define s_box(x) fwd_affine(gf_inv(x))
ubhat 0:6cc76d70e2a1 297 #define is_box(x) gf_inv(inv_affine(x))
ubhat 0:6cc76d70e2a1 298 #define gfm2_sb(x) f2(s_box(x))
ubhat 0:6cc76d70e2a1 299 #define gfm3_sb(x) f3(s_box(x))
ubhat 0:6cc76d70e2a1 300 #define gfm_9(x) f9(x)
ubhat 0:6cc76d70e2a1 301 #define gfm_b(x) fb(x)
ubhat 0:6cc76d70e2a1 302 #define gfm_d(x) fd(x)
ubhat 0:6cc76d70e2a1 303 #define gfm_e(x) fe(x)
ubhat 0:6cc76d70e2a1 304
ubhat 0:6cc76d70e2a1 305 #endif
ubhat 0:6cc76d70e2a1 306
ubhat 0:6cc76d70e2a1 307 #if defined( HAVE_MEMCPY )
ubhat 0:6cc76d70e2a1 308 # define block_copy_nn(d, s, l) memcpy(d, s, l)
ubhat 0:6cc76d70e2a1 309 # define block_copy(d, s) memcpy(d, s, N_BLOCK)
ubhat 0:6cc76d70e2a1 310 #else
ubhat 0:6cc76d70e2a1 311 # define block_copy_nn(d, s, l) copy_block_nn(d, s, l)
ubhat 0:6cc76d70e2a1 312 # define block_copy(d, s) copy_block(d, s)
ubhat 0:6cc76d70e2a1 313 #endif
ubhat 0:6cc76d70e2a1 314
ubhat 0:6cc76d70e2a1 315 static void copy_block( void *d, const void *s )
ubhat 0:6cc76d70e2a1 316 {
ubhat 0:6cc76d70e2a1 317 #if defined( HAVE_UINT_32T )
ubhat 0:6cc76d70e2a1 318 ((uint32_t*)d)[ 0] = ((uint32_t*)s)[ 0];
ubhat 0:6cc76d70e2a1 319 ((uint32_t*)d)[ 1] = ((uint32_t*)s)[ 1];
ubhat 0:6cc76d70e2a1 320 ((uint32_t*)d)[ 2] = ((uint32_t*)s)[ 2];
ubhat 0:6cc76d70e2a1 321 ((uint32_t*)d)[ 3] = ((uint32_t*)s)[ 3];
ubhat 0:6cc76d70e2a1 322 #else
ubhat 0:6cc76d70e2a1 323 ((uint8_t*)d)[ 0] = ((uint8_t*)s)[ 0];
ubhat 0:6cc76d70e2a1 324 ((uint8_t*)d)[ 1] = ((uint8_t*)s)[ 1];
ubhat 0:6cc76d70e2a1 325 ((uint8_t*)d)[ 2] = ((uint8_t*)s)[ 2];
ubhat 0:6cc76d70e2a1 326 ((uint8_t*)d)[ 3] = ((uint8_t*)s)[ 3];
ubhat 0:6cc76d70e2a1 327 ((uint8_t*)d)[ 4] = ((uint8_t*)s)[ 4];
ubhat 0:6cc76d70e2a1 328 ((uint8_t*)d)[ 5] = ((uint8_t*)s)[ 5];
ubhat 0:6cc76d70e2a1 329 ((uint8_t*)d)[ 6] = ((uint8_t*)s)[ 6];
ubhat 0:6cc76d70e2a1 330 ((uint8_t*)d)[ 7] = ((uint8_t*)s)[ 7];
ubhat 0:6cc76d70e2a1 331 ((uint8_t*)d)[ 8] = ((uint8_t*)s)[ 8];
ubhat 0:6cc76d70e2a1 332 ((uint8_t*)d)[ 9] = ((uint8_t*)s)[ 9];
ubhat 0:6cc76d70e2a1 333 ((uint8_t*)d)[10] = ((uint8_t*)s)[10];
ubhat 0:6cc76d70e2a1 334 ((uint8_t*)d)[11] = ((uint8_t*)s)[11];
ubhat 0:6cc76d70e2a1 335 ((uint8_t*)d)[12] = ((uint8_t*)s)[12];
ubhat 0:6cc76d70e2a1 336 ((uint8_t*)d)[13] = ((uint8_t*)s)[13];
ubhat 0:6cc76d70e2a1 337 ((uint8_t*)d)[14] = ((uint8_t*)s)[14];
ubhat 0:6cc76d70e2a1 338 ((uint8_t*)d)[15] = ((uint8_t*)s)[15];
ubhat 0:6cc76d70e2a1 339 #endif
ubhat 0:6cc76d70e2a1 340 }
ubhat 0:6cc76d70e2a1 341
ubhat 0:6cc76d70e2a1 342 static void copy_block_nn( uint8_t * d, const uint8_t *s, uint8_t nn )
ubhat 0:6cc76d70e2a1 343 {
ubhat 0:6cc76d70e2a1 344 while( nn-- )
ubhat 0:6cc76d70e2a1 345 //*((uint8_t*)d)++ = *((uint8_t*)s)++;
ubhat 0:6cc76d70e2a1 346 *d++ = *s++;
ubhat 0:6cc76d70e2a1 347 }
ubhat 0:6cc76d70e2a1 348
ubhat 0:6cc76d70e2a1 349 static void xor_block( void *d, const void *s )
ubhat 0:6cc76d70e2a1 350 {
ubhat 0:6cc76d70e2a1 351 #if defined( HAVE_UINT_32T )
ubhat 0:6cc76d70e2a1 352 ((uint32_t*)d)[ 0] ^= ((uint32_t*)s)[ 0];
ubhat 0:6cc76d70e2a1 353 ((uint32_t*)d)[ 1] ^= ((uint32_t*)s)[ 1];
ubhat 0:6cc76d70e2a1 354 ((uint32_t*)d)[ 2] ^= ((uint32_t*)s)[ 2];
ubhat 0:6cc76d70e2a1 355 ((uint32_t*)d)[ 3] ^= ((uint32_t*)s)[ 3];
ubhat 0:6cc76d70e2a1 356 #else
ubhat 0:6cc76d70e2a1 357 ((uint8_t*)d)[ 0] ^= ((uint8_t*)s)[ 0];
ubhat 0:6cc76d70e2a1 358 ((uint8_t*)d)[ 1] ^= ((uint8_t*)s)[ 1];
ubhat 0:6cc76d70e2a1 359 ((uint8_t*)d)[ 2] ^= ((uint8_t*)s)[ 2];
ubhat 0:6cc76d70e2a1 360 ((uint8_t*)d)[ 3] ^= ((uint8_t*)s)[ 3];
ubhat 0:6cc76d70e2a1 361 ((uint8_t*)d)[ 4] ^= ((uint8_t*)s)[ 4];
ubhat 0:6cc76d70e2a1 362 ((uint8_t*)d)[ 5] ^= ((uint8_t*)s)[ 5];
ubhat 0:6cc76d70e2a1 363 ((uint8_t*)d)[ 6] ^= ((uint8_t*)s)[ 6];
ubhat 0:6cc76d70e2a1 364 ((uint8_t*)d)[ 7] ^= ((uint8_t*)s)[ 7];
ubhat 0:6cc76d70e2a1 365 ((uint8_t*)d)[ 8] ^= ((uint8_t*)s)[ 8];
ubhat 0:6cc76d70e2a1 366 ((uint8_t*)d)[ 9] ^= ((uint8_t*)s)[ 9];
ubhat 0:6cc76d70e2a1 367 ((uint8_t*)d)[10] ^= ((uint8_t*)s)[10];
ubhat 0:6cc76d70e2a1 368 ((uint8_t*)d)[11] ^= ((uint8_t*)s)[11];
ubhat 0:6cc76d70e2a1 369 ((uint8_t*)d)[12] ^= ((uint8_t*)s)[12];
ubhat 0:6cc76d70e2a1 370 ((uint8_t*)d)[13] ^= ((uint8_t*)s)[13];
ubhat 0:6cc76d70e2a1 371 ((uint8_t*)d)[14] ^= ((uint8_t*)s)[14];
ubhat 0:6cc76d70e2a1 372 ((uint8_t*)d)[15] ^= ((uint8_t*)s)[15];
ubhat 0:6cc76d70e2a1 373 #endif
ubhat 0:6cc76d70e2a1 374 }
ubhat 0:6cc76d70e2a1 375
ubhat 0:6cc76d70e2a1 376 static void copy_and_key( void *d, const void *s, const void *k )
ubhat 0:6cc76d70e2a1 377 {
ubhat 0:6cc76d70e2a1 378 #if defined( HAVE_UINT_32T )
ubhat 0:6cc76d70e2a1 379 ((uint32_t*)d)[ 0] = ((uint32_t*)s)[ 0] ^ ((uint32_t*)k)[ 0];
ubhat 0:6cc76d70e2a1 380 ((uint32_t*)d)[ 1] = ((uint32_t*)s)[ 1] ^ ((uint32_t*)k)[ 1];
ubhat 0:6cc76d70e2a1 381 ((uint32_t*)d)[ 2] = ((uint32_t*)s)[ 2] ^ ((uint32_t*)k)[ 2];
ubhat 0:6cc76d70e2a1 382 ((uint32_t*)d)[ 3] = ((uint32_t*)s)[ 3] ^ ((uint32_t*)k)[ 3];
ubhat 0:6cc76d70e2a1 383 #elif 1
ubhat 0:6cc76d70e2a1 384 ((uint8_t*)d)[ 0] = ((uint8_t*)s)[ 0] ^ ((uint8_t*)k)[ 0];
ubhat 0:6cc76d70e2a1 385 ((uint8_t*)d)[ 1] = ((uint8_t*)s)[ 1] ^ ((uint8_t*)k)[ 1];
ubhat 0:6cc76d70e2a1 386 ((uint8_t*)d)[ 2] = ((uint8_t*)s)[ 2] ^ ((uint8_t*)k)[ 2];
ubhat 0:6cc76d70e2a1 387 ((uint8_t*)d)[ 3] = ((uint8_t*)s)[ 3] ^ ((uint8_t*)k)[ 3];
ubhat 0:6cc76d70e2a1 388 ((uint8_t*)d)[ 4] = ((uint8_t*)s)[ 4] ^ ((uint8_t*)k)[ 4];
ubhat 0:6cc76d70e2a1 389 ((uint8_t*)d)[ 5] = ((uint8_t*)s)[ 5] ^ ((uint8_t*)k)[ 5];
ubhat 0:6cc76d70e2a1 390 ((uint8_t*)d)[ 6] = ((uint8_t*)s)[ 6] ^ ((uint8_t*)k)[ 6];
ubhat 0:6cc76d70e2a1 391 ((uint8_t*)d)[ 7] = ((uint8_t*)s)[ 7] ^ ((uint8_t*)k)[ 7];
ubhat 0:6cc76d70e2a1 392 ((uint8_t*)d)[ 8] = ((uint8_t*)s)[ 8] ^ ((uint8_t*)k)[ 8];
ubhat 0:6cc76d70e2a1 393 ((uint8_t*)d)[ 9] = ((uint8_t*)s)[ 9] ^ ((uint8_t*)k)[ 9];
ubhat 0:6cc76d70e2a1 394 ((uint8_t*)d)[10] = ((uint8_t*)s)[10] ^ ((uint8_t*)k)[10];
ubhat 0:6cc76d70e2a1 395 ((uint8_t*)d)[11] = ((uint8_t*)s)[11] ^ ((uint8_t*)k)[11];
ubhat 0:6cc76d70e2a1 396 ((uint8_t*)d)[12] = ((uint8_t*)s)[12] ^ ((uint8_t*)k)[12];
ubhat 0:6cc76d70e2a1 397 ((uint8_t*)d)[13] = ((uint8_t*)s)[13] ^ ((uint8_t*)k)[13];
ubhat 0:6cc76d70e2a1 398 ((uint8_t*)d)[14] = ((uint8_t*)s)[14] ^ ((uint8_t*)k)[14];
ubhat 0:6cc76d70e2a1 399 ((uint8_t*)d)[15] = ((uint8_t*)s)[15] ^ ((uint8_t*)k)[15];
ubhat 0:6cc76d70e2a1 400 #else
ubhat 0:6cc76d70e2a1 401 block_copy(d, s);
ubhat 0:6cc76d70e2a1 402 xor_block(d, k);
ubhat 0:6cc76d70e2a1 403 #endif
ubhat 0:6cc76d70e2a1 404 }
ubhat 0:6cc76d70e2a1 405
ubhat 0:6cc76d70e2a1 406 static void add_round_key( uint8_t d[N_BLOCK], const uint8_t k[N_BLOCK] )
ubhat 0:6cc76d70e2a1 407 {
ubhat 0:6cc76d70e2a1 408 xor_block(d, k);
ubhat 0:6cc76d70e2a1 409 }
ubhat 0:6cc76d70e2a1 410
ubhat 0:6cc76d70e2a1 411 static void shift_sub_rows( uint8_t st[N_BLOCK] )
ubhat 0:6cc76d70e2a1 412 { uint8_t tt;
ubhat 0:6cc76d70e2a1 413
ubhat 0:6cc76d70e2a1 414 st[ 0] = s_box(st[ 0]); st[ 4] = s_box(st[ 4]);
ubhat 0:6cc76d70e2a1 415 st[ 8] = s_box(st[ 8]); st[12] = s_box(st[12]);
ubhat 0:6cc76d70e2a1 416
ubhat 0:6cc76d70e2a1 417 tt = st[1]; st[ 1] = s_box(st[ 5]); st[ 5] = s_box(st[ 9]);
ubhat 0:6cc76d70e2a1 418 st[ 9] = s_box(st[13]); st[13] = s_box( tt );
ubhat 0:6cc76d70e2a1 419
ubhat 0:6cc76d70e2a1 420 tt = st[2]; st[ 2] = s_box(st[10]); st[10] = s_box( tt );
ubhat 0:6cc76d70e2a1 421 tt = st[6]; st[ 6] = s_box(st[14]); st[14] = s_box( tt );
ubhat 0:6cc76d70e2a1 422
ubhat 0:6cc76d70e2a1 423 tt = st[15]; st[15] = s_box(st[11]); st[11] = s_box(st[ 7]);
ubhat 0:6cc76d70e2a1 424 st[ 7] = s_box(st[ 3]); st[ 3] = s_box( tt );
ubhat 0:6cc76d70e2a1 425 }
ubhat 0:6cc76d70e2a1 426
ubhat 0:6cc76d70e2a1 427 #if defined( AES_DEC_PREKEYED )
ubhat 0:6cc76d70e2a1 428
ubhat 0:6cc76d70e2a1 429 static void inv_shift_sub_rows( uint8_t st[N_BLOCK] )
ubhat 0:6cc76d70e2a1 430 { uint8_t tt;
ubhat 0:6cc76d70e2a1 431
ubhat 0:6cc76d70e2a1 432 st[ 0] = is_box(st[ 0]); st[ 4] = is_box(st[ 4]);
ubhat 0:6cc76d70e2a1 433 st[ 8] = is_box(st[ 8]); st[12] = is_box(st[12]);
ubhat 0:6cc76d70e2a1 434
ubhat 0:6cc76d70e2a1 435 tt = st[13]; st[13] = is_box(st[9]); st[ 9] = is_box(st[5]);
ubhat 0:6cc76d70e2a1 436 st[ 5] = is_box(st[1]); st[ 1] = is_box( tt );
ubhat 0:6cc76d70e2a1 437
ubhat 0:6cc76d70e2a1 438 tt = st[2]; st[ 2] = is_box(st[10]); st[10] = is_box( tt );
ubhat 0:6cc76d70e2a1 439 tt = st[6]; st[ 6] = is_box(st[14]); st[14] = is_box( tt );
ubhat 0:6cc76d70e2a1 440
ubhat 0:6cc76d70e2a1 441 tt = st[3]; st[ 3] = is_box(st[ 7]); st[ 7] = is_box(st[11]);
ubhat 0:6cc76d70e2a1 442 st[11] = is_box(st[15]); st[15] = is_box( tt );
ubhat 0:6cc76d70e2a1 443 }
ubhat 0:6cc76d70e2a1 444
ubhat 0:6cc76d70e2a1 445 #endif
ubhat 0:6cc76d70e2a1 446
ubhat 0:6cc76d70e2a1 447 #if defined( VERSION_1 )
ubhat 0:6cc76d70e2a1 448 static void mix_sub_columns( uint8_t dt[N_BLOCK] )
ubhat 0:6cc76d70e2a1 449 { uint8_t st[N_BLOCK];
ubhat 0:6cc76d70e2a1 450 block_copy(st, dt);
ubhat 0:6cc76d70e2a1 451 #else
ubhat 0:6cc76d70e2a1 452 static void mix_sub_columns( uint8_t dt[N_BLOCK], uint8_t st[N_BLOCK] )
ubhat 0:6cc76d70e2a1 453 {
ubhat 0:6cc76d70e2a1 454 #endif
ubhat 0:6cc76d70e2a1 455 dt[ 0] = gfm2_sb(st[0]) ^ gfm3_sb(st[5]) ^ s_box(st[10]) ^ s_box(st[15]);
ubhat 0:6cc76d70e2a1 456 dt[ 1] = s_box(st[0]) ^ gfm2_sb(st[5]) ^ gfm3_sb(st[10]) ^ s_box(st[15]);
ubhat 0:6cc76d70e2a1 457 dt[ 2] = s_box(st[0]) ^ s_box(st[5]) ^ gfm2_sb(st[10]) ^ gfm3_sb(st[15]);
ubhat 0:6cc76d70e2a1 458 dt[ 3] = gfm3_sb(st[0]) ^ s_box(st[5]) ^ s_box(st[10]) ^ gfm2_sb(st[15]);
ubhat 0:6cc76d70e2a1 459
ubhat 0:6cc76d70e2a1 460 dt[ 4] = gfm2_sb(st[4]) ^ gfm3_sb(st[9]) ^ s_box(st[14]) ^ s_box(st[3]);
ubhat 0:6cc76d70e2a1 461 dt[ 5] = s_box(st[4]) ^ gfm2_sb(st[9]) ^ gfm3_sb(st[14]) ^ s_box(st[3]);
ubhat 0:6cc76d70e2a1 462 dt[ 6] = s_box(st[4]) ^ s_box(st[9]) ^ gfm2_sb(st[14]) ^ gfm3_sb(st[3]);
ubhat 0:6cc76d70e2a1 463 dt[ 7] = gfm3_sb(st[4]) ^ s_box(st[9]) ^ s_box(st[14]) ^ gfm2_sb(st[3]);
ubhat 0:6cc76d70e2a1 464
ubhat 0:6cc76d70e2a1 465 dt[ 8] = gfm2_sb(st[8]) ^ gfm3_sb(st[13]) ^ s_box(st[2]) ^ s_box(st[7]);
ubhat 0:6cc76d70e2a1 466 dt[ 9] = s_box(st[8]) ^ gfm2_sb(st[13]) ^ gfm3_sb(st[2]) ^ s_box(st[7]);
ubhat 0:6cc76d70e2a1 467 dt[10] = s_box(st[8]) ^ s_box(st[13]) ^ gfm2_sb(st[2]) ^ gfm3_sb(st[7]);
ubhat 0:6cc76d70e2a1 468 dt[11] = gfm3_sb(st[8]) ^ s_box(st[13]) ^ s_box(st[2]) ^ gfm2_sb(st[7]);
ubhat 0:6cc76d70e2a1 469
ubhat 0:6cc76d70e2a1 470 dt[12] = gfm2_sb(st[12]) ^ gfm3_sb(st[1]) ^ s_box(st[6]) ^ s_box(st[11]);
ubhat 0:6cc76d70e2a1 471 dt[13] = s_box(st[12]) ^ gfm2_sb(st[1]) ^ gfm3_sb(st[6]) ^ s_box(st[11]);
ubhat 0:6cc76d70e2a1 472 dt[14] = s_box(st[12]) ^ s_box(st[1]) ^ gfm2_sb(st[6]) ^ gfm3_sb(st[11]);
ubhat 0:6cc76d70e2a1 473 dt[15] = gfm3_sb(st[12]) ^ s_box(st[1]) ^ s_box(st[6]) ^ gfm2_sb(st[11]);
ubhat 0:6cc76d70e2a1 474 }
ubhat 0:6cc76d70e2a1 475
ubhat 0:6cc76d70e2a1 476 #if defined( AES_DEC_PREKEYED )
ubhat 0:6cc76d70e2a1 477
ubhat 0:6cc76d70e2a1 478 #if defined( VERSION_1 )
ubhat 0:6cc76d70e2a1 479 static void inv_mix_sub_columns( uint8_t dt[N_BLOCK] )
ubhat 0:6cc76d70e2a1 480 { uint8_t st[N_BLOCK];
ubhat 0:6cc76d70e2a1 481 block_copy(st, dt);
ubhat 0:6cc76d70e2a1 482 #else
ubhat 0:6cc76d70e2a1 483 static void inv_mix_sub_columns( uint8_t dt[N_BLOCK], uint8_t st[N_BLOCK] )
ubhat 0:6cc76d70e2a1 484 {
ubhat 0:6cc76d70e2a1 485 #endif
ubhat 0:6cc76d70e2a1 486 dt[ 0] = is_box(gfm_e(st[ 0]) ^ gfm_b(st[ 1]) ^ gfm_d(st[ 2]) ^ gfm_9(st[ 3]));
ubhat 0:6cc76d70e2a1 487 dt[ 5] = is_box(gfm_9(st[ 0]) ^ gfm_e(st[ 1]) ^ gfm_b(st[ 2]) ^ gfm_d(st[ 3]));
ubhat 0:6cc76d70e2a1 488 dt[10] = is_box(gfm_d(st[ 0]) ^ gfm_9(st[ 1]) ^ gfm_e(st[ 2]) ^ gfm_b(st[ 3]));
ubhat 0:6cc76d70e2a1 489 dt[15] = is_box(gfm_b(st[ 0]) ^ gfm_d(st[ 1]) ^ gfm_9(st[ 2]) ^ gfm_e(st[ 3]));
ubhat 0:6cc76d70e2a1 490
ubhat 0:6cc76d70e2a1 491 dt[ 4] = is_box(gfm_e(st[ 4]) ^ gfm_b(st[ 5]) ^ gfm_d(st[ 6]) ^ gfm_9(st[ 7]));
ubhat 0:6cc76d70e2a1 492 dt[ 9] = is_box(gfm_9(st[ 4]) ^ gfm_e(st[ 5]) ^ gfm_b(st[ 6]) ^ gfm_d(st[ 7]));
ubhat 0:6cc76d70e2a1 493 dt[14] = is_box(gfm_d(st[ 4]) ^ gfm_9(st[ 5]) ^ gfm_e(st[ 6]) ^ gfm_b(st[ 7]));
ubhat 0:6cc76d70e2a1 494 dt[ 3] = is_box(gfm_b(st[ 4]) ^ gfm_d(st[ 5]) ^ gfm_9(st[ 6]) ^ gfm_e(st[ 7]));
ubhat 0:6cc76d70e2a1 495
ubhat 0:6cc76d70e2a1 496 dt[ 8] = is_box(gfm_e(st[ 8]) ^ gfm_b(st[ 9]) ^ gfm_d(st[10]) ^ gfm_9(st[11]));
ubhat 0:6cc76d70e2a1 497 dt[13] = is_box(gfm_9(st[ 8]) ^ gfm_e(st[ 9]) ^ gfm_b(st[10]) ^ gfm_d(st[11]));
ubhat 0:6cc76d70e2a1 498 dt[ 2] = is_box(gfm_d(st[ 8]) ^ gfm_9(st[ 9]) ^ gfm_e(st[10]) ^ gfm_b(st[11]));
ubhat 0:6cc76d70e2a1 499 dt[ 7] = is_box(gfm_b(st[ 8]) ^ gfm_d(st[ 9]) ^ gfm_9(st[10]) ^ gfm_e(st[11]));
ubhat 0:6cc76d70e2a1 500
ubhat 0:6cc76d70e2a1 501 dt[12] = is_box(gfm_e(st[12]) ^ gfm_b(st[13]) ^ gfm_d(st[14]) ^ gfm_9(st[15]));
ubhat 0:6cc76d70e2a1 502 dt[ 1] = is_box(gfm_9(st[12]) ^ gfm_e(st[13]) ^ gfm_b(st[14]) ^ gfm_d(st[15]));
ubhat 0:6cc76d70e2a1 503 dt[ 6] = is_box(gfm_d(st[12]) ^ gfm_9(st[13]) ^ gfm_e(st[14]) ^ gfm_b(st[15]));
ubhat 0:6cc76d70e2a1 504 dt[11] = is_box(gfm_b(st[12]) ^ gfm_d(st[13]) ^ gfm_9(st[14]) ^ gfm_e(st[15]));
ubhat 0:6cc76d70e2a1 505 }
ubhat 0:6cc76d70e2a1 506
ubhat 0:6cc76d70e2a1 507 #endif
ubhat 0:6cc76d70e2a1 508
ubhat 0:6cc76d70e2a1 509 #if defined( AES_ENC_PREKEYED ) || defined( AES_DEC_PREKEYED )
ubhat 0:6cc76d70e2a1 510
ubhat 0:6cc76d70e2a1 511 /* Set the cipher key for the pre-keyed version */
ubhat 0:6cc76d70e2a1 512
ubhat 0:6cc76d70e2a1 513 return_type aes_set_key( const uint8_t key[], length_type keylen, aes_context ctx[1] )
ubhat 0:6cc76d70e2a1 514 {
ubhat 0:6cc76d70e2a1 515 uint8_t cc, rc, hi;
ubhat 0:6cc76d70e2a1 516
ubhat 0:6cc76d70e2a1 517 switch( keylen )
ubhat 0:6cc76d70e2a1 518 {
ubhat 0:6cc76d70e2a1 519 case 16:
ubhat 0:6cc76d70e2a1 520 case 24:
ubhat 0:6cc76d70e2a1 521 case 32:
ubhat 0:6cc76d70e2a1 522 break;
ubhat 0:6cc76d70e2a1 523 default:
ubhat 0:6cc76d70e2a1 524 ctx->rnd = 0;
ubhat 0:6cc76d70e2a1 525 return ( uint8_t )-1;
ubhat 0:6cc76d70e2a1 526 }
ubhat 0:6cc76d70e2a1 527 block_copy_nn(ctx->ksch, key, keylen);
ubhat 0:6cc76d70e2a1 528 hi = (keylen + 28) << 2;
ubhat 0:6cc76d70e2a1 529 ctx->rnd = (hi >> 4) - 1;
ubhat 0:6cc76d70e2a1 530 for( cc = keylen, rc = 1; cc < hi; cc += 4 )
ubhat 0:6cc76d70e2a1 531 { uint8_t tt, t0, t1, t2, t3;
ubhat 0:6cc76d70e2a1 532
ubhat 0:6cc76d70e2a1 533 t0 = ctx->ksch[cc - 4];
ubhat 0:6cc76d70e2a1 534 t1 = ctx->ksch[cc - 3];
ubhat 0:6cc76d70e2a1 535 t2 = ctx->ksch[cc - 2];
ubhat 0:6cc76d70e2a1 536 t3 = ctx->ksch[cc - 1];
ubhat 0:6cc76d70e2a1 537 if( cc % keylen == 0 )
ubhat 0:6cc76d70e2a1 538 {
ubhat 0:6cc76d70e2a1 539 tt = t0;
ubhat 0:6cc76d70e2a1 540 t0 = s_box(t1) ^ rc;
ubhat 0:6cc76d70e2a1 541 t1 = s_box(t2);
ubhat 0:6cc76d70e2a1 542 t2 = s_box(t3);
ubhat 0:6cc76d70e2a1 543 t3 = s_box(tt);
ubhat 0:6cc76d70e2a1 544 rc = f2(rc);
ubhat 0:6cc76d70e2a1 545 }
ubhat 0:6cc76d70e2a1 546 else if( keylen > 24 && cc % keylen == 16 )
ubhat 0:6cc76d70e2a1 547 {
ubhat 0:6cc76d70e2a1 548 t0 = s_box(t0);
ubhat 0:6cc76d70e2a1 549 t1 = s_box(t1);
ubhat 0:6cc76d70e2a1 550 t2 = s_box(t2);
ubhat 0:6cc76d70e2a1 551 t3 = s_box(t3);
ubhat 0:6cc76d70e2a1 552 }
ubhat 0:6cc76d70e2a1 553 tt = cc - keylen;
ubhat 0:6cc76d70e2a1 554 ctx->ksch[cc + 0] = ctx->ksch[tt + 0] ^ t0;
ubhat 0:6cc76d70e2a1 555 ctx->ksch[cc + 1] = ctx->ksch[tt + 1] ^ t1;
ubhat 0:6cc76d70e2a1 556 ctx->ksch[cc + 2] = ctx->ksch[tt + 2] ^ t2;
ubhat 0:6cc76d70e2a1 557 ctx->ksch[cc + 3] = ctx->ksch[tt + 3] ^ t3;
ubhat 0:6cc76d70e2a1 558 }
ubhat 0:6cc76d70e2a1 559 return 0;
ubhat 0:6cc76d70e2a1 560 }
ubhat 0:6cc76d70e2a1 561
ubhat 0:6cc76d70e2a1 562 #endif
ubhat 0:6cc76d70e2a1 563
ubhat 0:6cc76d70e2a1 564 #if defined( AES_ENC_PREKEYED )
ubhat 0:6cc76d70e2a1 565
ubhat 0:6cc76d70e2a1 566 /* Encrypt a single block of 16 bytes */
ubhat 0:6cc76d70e2a1 567
ubhat 0:6cc76d70e2a1 568 return_type aes_encrypt( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK], const aes_context ctx[1] )
ubhat 0:6cc76d70e2a1 569 {
ubhat 0:6cc76d70e2a1 570 if( ctx->rnd )
ubhat 0:6cc76d70e2a1 571 {
ubhat 0:6cc76d70e2a1 572 uint8_t s1[N_BLOCK], r;
ubhat 0:6cc76d70e2a1 573 copy_and_key( s1, in, ctx->ksch );
ubhat 0:6cc76d70e2a1 574
ubhat 0:6cc76d70e2a1 575 for( r = 1 ; r < ctx->rnd ; ++r )
ubhat 0:6cc76d70e2a1 576 #if defined( VERSION_1 )
ubhat 0:6cc76d70e2a1 577 {
ubhat 0:6cc76d70e2a1 578 mix_sub_columns( s1 );
ubhat 0:6cc76d70e2a1 579 add_round_key( s1, ctx->ksch + r * N_BLOCK);
ubhat 0:6cc76d70e2a1 580 }
ubhat 0:6cc76d70e2a1 581 #else
ubhat 0:6cc76d70e2a1 582 { uint8_t s2[N_BLOCK];
ubhat 0:6cc76d70e2a1 583 mix_sub_columns( s2, s1 );
ubhat 0:6cc76d70e2a1 584 copy_and_key( s1, s2, ctx->ksch + r * N_BLOCK);
ubhat 0:6cc76d70e2a1 585 }
ubhat 0:6cc76d70e2a1 586 #endif
ubhat 0:6cc76d70e2a1 587 shift_sub_rows( s1 );
ubhat 0:6cc76d70e2a1 588 copy_and_key( out, s1, ctx->ksch + r * N_BLOCK );
ubhat 0:6cc76d70e2a1 589 }
ubhat 0:6cc76d70e2a1 590 else
ubhat 0:6cc76d70e2a1 591 return ( uint8_t )-1;
ubhat 0:6cc76d70e2a1 592 return 0;
ubhat 0:6cc76d70e2a1 593 }
ubhat 0:6cc76d70e2a1 594
ubhat 0:6cc76d70e2a1 595 /* CBC encrypt a number of blocks (input and return an IV) */
ubhat 0:6cc76d70e2a1 596
ubhat 0:6cc76d70e2a1 597 return_type aes_cbc_encrypt( const uint8_t *in, uint8_t *out,
ubhat 0:6cc76d70e2a1 598 int32_t n_block, uint8_t iv[N_BLOCK], const aes_context ctx[1] )
ubhat 0:6cc76d70e2a1 599 {
ubhat 0:6cc76d70e2a1 600
ubhat 0:6cc76d70e2a1 601 while(n_block--)
ubhat 0:6cc76d70e2a1 602 {
ubhat 0:6cc76d70e2a1 603 xor_block(iv, in);
ubhat 0:6cc76d70e2a1 604 if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
ubhat 0:6cc76d70e2a1 605 return EXIT_FAILURE;
ubhat 0:6cc76d70e2a1 606 //memcpy(out, iv, N_BLOCK);
ubhat 0:6cc76d70e2a1 607 block_copy(out, iv);
ubhat 0:6cc76d70e2a1 608 in += N_BLOCK;
ubhat 0:6cc76d70e2a1 609 out += N_BLOCK;
ubhat 0:6cc76d70e2a1 610 }
ubhat 0:6cc76d70e2a1 611 return EXIT_SUCCESS;
ubhat 0:6cc76d70e2a1 612 }
ubhat 0:6cc76d70e2a1 613
ubhat 0:6cc76d70e2a1 614 #endif
ubhat 0:6cc76d70e2a1 615
ubhat 0:6cc76d70e2a1 616 #if defined( AES_DEC_PREKEYED )
ubhat 0:6cc76d70e2a1 617
ubhat 0:6cc76d70e2a1 618 /* Decrypt a single block of 16 bytes */
ubhat 0:6cc76d70e2a1 619
ubhat 0:6cc76d70e2a1 620 return_type aes_decrypt( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK], const aes_context ctx[1] )
ubhat 0:6cc76d70e2a1 621 {
ubhat 0:6cc76d70e2a1 622 if( ctx->rnd )
ubhat 0:6cc76d70e2a1 623 {
ubhat 0:6cc76d70e2a1 624 uint8_t s1[N_BLOCK], r;
ubhat 0:6cc76d70e2a1 625 copy_and_key( s1, in, ctx->ksch + ctx->rnd * N_BLOCK );
ubhat 0:6cc76d70e2a1 626 inv_shift_sub_rows( s1 );
ubhat 0:6cc76d70e2a1 627
ubhat 0:6cc76d70e2a1 628 for( r = ctx->rnd ; --r ; )
ubhat 0:6cc76d70e2a1 629 #if defined( VERSION_1 )
ubhat 0:6cc76d70e2a1 630 {
ubhat 0:6cc76d70e2a1 631 add_round_key( s1, ctx->ksch + r * N_BLOCK );
ubhat 0:6cc76d70e2a1 632 inv_mix_sub_columns( s1 );
ubhat 0:6cc76d70e2a1 633 }
ubhat 0:6cc76d70e2a1 634 #else
ubhat 0:6cc76d70e2a1 635 { uint8_t s2[N_BLOCK];
ubhat 0:6cc76d70e2a1 636 copy_and_key( s2, s1, ctx->ksch + r * N_BLOCK );
ubhat 0:6cc76d70e2a1 637 inv_mix_sub_columns( s1, s2 );
ubhat 0:6cc76d70e2a1 638 }
ubhat 0:6cc76d70e2a1 639 #endif
ubhat 0:6cc76d70e2a1 640 copy_and_key( out, s1, ctx->ksch );
ubhat 0:6cc76d70e2a1 641 }
ubhat 0:6cc76d70e2a1 642 else
ubhat 0:6cc76d70e2a1 643 return -1;
ubhat 0:6cc76d70e2a1 644 return 0;
ubhat 0:6cc76d70e2a1 645 }
ubhat 0:6cc76d70e2a1 646
ubhat 0:6cc76d70e2a1 647 /* CBC decrypt a number of blocks (input and return an IV) */
ubhat 0:6cc76d70e2a1 648
ubhat 0:6cc76d70e2a1 649 return_type aes_cbc_decrypt( const uint8_t *in, uint8_t *out,
ubhat 0:6cc76d70e2a1 650 int32_t n_block, uint8_t iv[N_BLOCK], const aes_context ctx[1] )
ubhat 0:6cc76d70e2a1 651 {
ubhat 0:6cc76d70e2a1 652 while(n_block--)
ubhat 0:6cc76d70e2a1 653 { uint8_t tmp[N_BLOCK];
ubhat 0:6cc76d70e2a1 654
ubhat 0:6cc76d70e2a1 655 //memcpy(tmp, in, N_BLOCK);
ubhat 0:6cc76d70e2a1 656 block_copy(tmp, in);
ubhat 0:6cc76d70e2a1 657 if(aes_decrypt(in, out, ctx) != EXIT_SUCCESS)
ubhat 0:6cc76d70e2a1 658 return EXIT_FAILURE;
ubhat 0:6cc76d70e2a1 659 xor_block(out, iv);
ubhat 0:6cc76d70e2a1 660 //memcpy(iv, tmp, N_BLOCK);
ubhat 0:6cc76d70e2a1 661 block_copy(iv, tmp);
ubhat 0:6cc76d70e2a1 662 in += N_BLOCK;
ubhat 0:6cc76d70e2a1 663 out += N_BLOCK;
ubhat 0:6cc76d70e2a1 664 }
ubhat 0:6cc76d70e2a1 665 return EXIT_SUCCESS;
ubhat 0:6cc76d70e2a1 666 }
ubhat 0:6cc76d70e2a1 667
ubhat 0:6cc76d70e2a1 668 #endif
ubhat 0:6cc76d70e2a1 669
ubhat 0:6cc76d70e2a1 670 #if defined( AES_ENC_128_OTFK )
ubhat 0:6cc76d70e2a1 671
ubhat 0:6cc76d70e2a1 672 /* The 'on the fly' encryption key update for for 128 bit keys */
ubhat 0:6cc76d70e2a1 673
ubhat 0:6cc76d70e2a1 674 static void update_encrypt_key_128( uint8_t k[N_BLOCK], uint8_t *rc )
ubhat 0:6cc76d70e2a1 675 { uint8_t cc;
ubhat 0:6cc76d70e2a1 676
ubhat 0:6cc76d70e2a1 677 k[0] ^= s_box(k[13]) ^ *rc;
ubhat 0:6cc76d70e2a1 678 k[1] ^= s_box(k[14]);
ubhat 0:6cc76d70e2a1 679 k[2] ^= s_box(k[15]);
ubhat 0:6cc76d70e2a1 680 k[3] ^= s_box(k[12]);
ubhat 0:6cc76d70e2a1 681 *rc = f2( *rc );
ubhat 0:6cc76d70e2a1 682
ubhat 0:6cc76d70e2a1 683 for(cc = 4; cc < 16; cc += 4 )
ubhat 0:6cc76d70e2a1 684 {
ubhat 0:6cc76d70e2a1 685 k[cc + 0] ^= k[cc - 4];
ubhat 0:6cc76d70e2a1 686 k[cc + 1] ^= k[cc - 3];
ubhat 0:6cc76d70e2a1 687 k[cc + 2] ^= k[cc - 2];
ubhat 0:6cc76d70e2a1 688 k[cc + 3] ^= k[cc - 1];
ubhat 0:6cc76d70e2a1 689 }
ubhat 0:6cc76d70e2a1 690 }
ubhat 0:6cc76d70e2a1 691
ubhat 0:6cc76d70e2a1 692 /* Encrypt a single block of 16 bytes with 'on the fly' 128 bit keying */
ubhat 0:6cc76d70e2a1 693
ubhat 0:6cc76d70e2a1 694 void aes_encrypt_128( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK],
ubhat 0:6cc76d70e2a1 695 const uint8_t key[N_BLOCK], uint8_t o_key[N_BLOCK] )
ubhat 0:6cc76d70e2a1 696 { uint8_t s1[N_BLOCK], r, rc = 1;
ubhat 0:6cc76d70e2a1 697
ubhat 0:6cc76d70e2a1 698 if(o_key != key)
ubhat 0:6cc76d70e2a1 699 block_copy( o_key, key );
ubhat 0:6cc76d70e2a1 700 copy_and_key( s1, in, o_key );
ubhat 0:6cc76d70e2a1 701
ubhat 0:6cc76d70e2a1 702 for( r = 1 ; r < 10 ; ++r )
ubhat 0:6cc76d70e2a1 703 #if defined( VERSION_1 )
ubhat 0:6cc76d70e2a1 704 {
ubhat 0:6cc76d70e2a1 705 mix_sub_columns( s1 );
ubhat 0:6cc76d70e2a1 706 update_encrypt_key_128( o_key, &rc );
ubhat 0:6cc76d70e2a1 707 add_round_key( s1, o_key );
ubhat 0:6cc76d70e2a1 708 }
ubhat 0:6cc76d70e2a1 709 #else
ubhat 0:6cc76d70e2a1 710 { uint8_t s2[N_BLOCK];
ubhat 0:6cc76d70e2a1 711 mix_sub_columns( s2, s1 );
ubhat 0:6cc76d70e2a1 712 update_encrypt_key_128( o_key, &rc );
ubhat 0:6cc76d70e2a1 713 copy_and_key( s1, s2, o_key );
ubhat 0:6cc76d70e2a1 714 }
ubhat 0:6cc76d70e2a1 715 #endif
ubhat 0:6cc76d70e2a1 716
ubhat 0:6cc76d70e2a1 717 shift_sub_rows( s1 );
ubhat 0:6cc76d70e2a1 718 update_encrypt_key_128( o_key, &rc );
ubhat 0:6cc76d70e2a1 719 copy_and_key( out, s1, o_key );
ubhat 0:6cc76d70e2a1 720 }
ubhat 0:6cc76d70e2a1 721
ubhat 0:6cc76d70e2a1 722 #endif
ubhat 0:6cc76d70e2a1 723
ubhat 0:6cc76d70e2a1 724 #if defined( AES_DEC_128_OTFK )
ubhat 0:6cc76d70e2a1 725
ubhat 0:6cc76d70e2a1 726 /* The 'on the fly' decryption key update for for 128 bit keys */
ubhat 0:6cc76d70e2a1 727
ubhat 0:6cc76d70e2a1 728 static void update_decrypt_key_128( uint8_t k[N_BLOCK], uint8_t *rc )
ubhat 0:6cc76d70e2a1 729 { uint8_t cc;
ubhat 0:6cc76d70e2a1 730
ubhat 0:6cc76d70e2a1 731 for( cc = 12; cc > 0; cc -= 4 )
ubhat 0:6cc76d70e2a1 732 {
ubhat 0:6cc76d70e2a1 733 k[cc + 0] ^= k[cc - 4];
ubhat 0:6cc76d70e2a1 734 k[cc + 1] ^= k[cc - 3];
ubhat 0:6cc76d70e2a1 735 k[cc + 2] ^= k[cc - 2];
ubhat 0:6cc76d70e2a1 736 k[cc + 3] ^= k[cc - 1];
ubhat 0:6cc76d70e2a1 737 }
ubhat 0:6cc76d70e2a1 738 *rc = d2(*rc);
ubhat 0:6cc76d70e2a1 739 k[0] ^= s_box(k[13]) ^ *rc;
ubhat 0:6cc76d70e2a1 740 k[1] ^= s_box(k[14]);
ubhat 0:6cc76d70e2a1 741 k[2] ^= s_box(k[15]);
ubhat 0:6cc76d70e2a1 742 k[3] ^= s_box(k[12]);
ubhat 0:6cc76d70e2a1 743 }
ubhat 0:6cc76d70e2a1 744
ubhat 0:6cc76d70e2a1 745 /* Decrypt a single block of 16 bytes with 'on the fly' 128 bit keying */
ubhat 0:6cc76d70e2a1 746
ubhat 0:6cc76d70e2a1 747 void aes_decrypt_128( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK],
ubhat 0:6cc76d70e2a1 748 const uint8_t key[N_BLOCK], uint8_t o_key[N_BLOCK] )
ubhat 0:6cc76d70e2a1 749 {
ubhat 0:6cc76d70e2a1 750 uint8_t s1[N_BLOCK], r, rc = 0x6c;
ubhat 0:6cc76d70e2a1 751 if(o_key != key)
ubhat 0:6cc76d70e2a1 752 block_copy( o_key, key );
ubhat 0:6cc76d70e2a1 753
ubhat 0:6cc76d70e2a1 754 copy_and_key( s1, in, o_key );
ubhat 0:6cc76d70e2a1 755 inv_shift_sub_rows( s1 );
ubhat 0:6cc76d70e2a1 756
ubhat 0:6cc76d70e2a1 757 for( r = 10 ; --r ; )
ubhat 0:6cc76d70e2a1 758 #if defined( VERSION_1 )
ubhat 0:6cc76d70e2a1 759 {
ubhat 0:6cc76d70e2a1 760 update_decrypt_key_128( o_key, &rc );
ubhat 0:6cc76d70e2a1 761 add_round_key( s1, o_key );
ubhat 0:6cc76d70e2a1 762 inv_mix_sub_columns( s1 );
ubhat 0:6cc76d70e2a1 763 }
ubhat 0:6cc76d70e2a1 764 #else
ubhat 0:6cc76d70e2a1 765 { uint8_t s2[N_BLOCK];
ubhat 0:6cc76d70e2a1 766 update_decrypt_key_128( o_key, &rc );
ubhat 0:6cc76d70e2a1 767 copy_and_key( s2, s1, o_key );
ubhat 0:6cc76d70e2a1 768 inv_mix_sub_columns( s1, s2 );
ubhat 0:6cc76d70e2a1 769 }
ubhat 0:6cc76d70e2a1 770 #endif
ubhat 0:6cc76d70e2a1 771 update_decrypt_key_128( o_key, &rc );
ubhat 0:6cc76d70e2a1 772 copy_and_key( out, s1, o_key );
ubhat 0:6cc76d70e2a1 773 }
ubhat 0:6cc76d70e2a1 774
ubhat 0:6cc76d70e2a1 775 #endif
ubhat 0:6cc76d70e2a1 776
ubhat 0:6cc76d70e2a1 777 #if defined( AES_ENC_256_OTFK )
ubhat 0:6cc76d70e2a1 778
ubhat 0:6cc76d70e2a1 779 /* The 'on the fly' encryption key update for for 256 bit keys */
ubhat 0:6cc76d70e2a1 780
ubhat 0:6cc76d70e2a1 781 static void update_encrypt_key_256( uint8_t k[2 * N_BLOCK], uint8_t *rc )
ubhat 0:6cc76d70e2a1 782 { uint8_t cc;
ubhat 0:6cc76d70e2a1 783
ubhat 0:6cc76d70e2a1 784 k[0] ^= s_box(k[29]) ^ *rc;
ubhat 0:6cc76d70e2a1 785 k[1] ^= s_box(k[30]);
ubhat 0:6cc76d70e2a1 786 k[2] ^= s_box(k[31]);
ubhat 0:6cc76d70e2a1 787 k[3] ^= s_box(k[28]);
ubhat 0:6cc76d70e2a1 788 *rc = f2( *rc );
ubhat 0:6cc76d70e2a1 789
ubhat 0:6cc76d70e2a1 790 for(cc = 4; cc < 16; cc += 4)
ubhat 0:6cc76d70e2a1 791 {
ubhat 0:6cc76d70e2a1 792 k[cc + 0] ^= k[cc - 4];
ubhat 0:6cc76d70e2a1 793 k[cc + 1] ^= k[cc - 3];
ubhat 0:6cc76d70e2a1 794 k[cc + 2] ^= k[cc - 2];
ubhat 0:6cc76d70e2a1 795 k[cc + 3] ^= k[cc - 1];
ubhat 0:6cc76d70e2a1 796 }
ubhat 0:6cc76d70e2a1 797
ubhat 0:6cc76d70e2a1 798 k[16] ^= s_box(k[12]);
ubhat 0:6cc76d70e2a1 799 k[17] ^= s_box(k[13]);
ubhat 0:6cc76d70e2a1 800 k[18] ^= s_box(k[14]);
ubhat 0:6cc76d70e2a1 801 k[19] ^= s_box(k[15]);
ubhat 0:6cc76d70e2a1 802
ubhat 0:6cc76d70e2a1 803 for( cc = 20; cc < 32; cc += 4 )
ubhat 0:6cc76d70e2a1 804 {
ubhat 0:6cc76d70e2a1 805 k[cc + 0] ^= k[cc - 4];
ubhat 0:6cc76d70e2a1 806 k[cc + 1] ^= k[cc - 3];
ubhat 0:6cc76d70e2a1 807 k[cc + 2] ^= k[cc - 2];
ubhat 0:6cc76d70e2a1 808 k[cc + 3] ^= k[cc - 1];
ubhat 0:6cc76d70e2a1 809 }
ubhat 0:6cc76d70e2a1 810 }
ubhat 0:6cc76d70e2a1 811
ubhat 0:6cc76d70e2a1 812 /* Encrypt a single block of 16 bytes with 'on the fly' 256 bit keying */
ubhat 0:6cc76d70e2a1 813
ubhat 0:6cc76d70e2a1 814 void aes_encrypt_256( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK],
ubhat 0:6cc76d70e2a1 815 const uint8_t key[2 * N_BLOCK], uint8_t o_key[2 * N_BLOCK] )
ubhat 0:6cc76d70e2a1 816 {
ubhat 0:6cc76d70e2a1 817 uint8_t s1[N_BLOCK], r, rc = 1;
ubhat 0:6cc76d70e2a1 818 if(o_key != key)
ubhat 0:6cc76d70e2a1 819 {
ubhat 0:6cc76d70e2a1 820 block_copy( o_key, key );
ubhat 0:6cc76d70e2a1 821 block_copy( o_key + 16, key + 16 );
ubhat 0:6cc76d70e2a1 822 }
ubhat 0:6cc76d70e2a1 823 copy_and_key( s1, in, o_key );
ubhat 0:6cc76d70e2a1 824
ubhat 0:6cc76d70e2a1 825 for( r = 1 ; r < 14 ; ++r )
ubhat 0:6cc76d70e2a1 826 #if defined( VERSION_1 )
ubhat 0:6cc76d70e2a1 827 {
ubhat 0:6cc76d70e2a1 828 mix_sub_columns(s1);
ubhat 0:6cc76d70e2a1 829 if( r & 1 )
ubhat 0:6cc76d70e2a1 830 add_round_key( s1, o_key + 16 );
ubhat 0:6cc76d70e2a1 831 else
ubhat 0:6cc76d70e2a1 832 {
ubhat 0:6cc76d70e2a1 833 update_encrypt_key_256( o_key, &rc );
ubhat 0:6cc76d70e2a1 834 add_round_key( s1, o_key );
ubhat 0:6cc76d70e2a1 835 }
ubhat 0:6cc76d70e2a1 836 }
ubhat 0:6cc76d70e2a1 837 #else
ubhat 0:6cc76d70e2a1 838 { uint8_t s2[N_BLOCK];
ubhat 0:6cc76d70e2a1 839 mix_sub_columns( s2, s1 );
ubhat 0:6cc76d70e2a1 840 if( r & 1 )
ubhat 0:6cc76d70e2a1 841 copy_and_key( s1, s2, o_key + 16 );
ubhat 0:6cc76d70e2a1 842 else
ubhat 0:6cc76d70e2a1 843 {
ubhat 0:6cc76d70e2a1 844 update_encrypt_key_256( o_key, &rc );
ubhat 0:6cc76d70e2a1 845 copy_and_key( s1, s2, o_key );
ubhat 0:6cc76d70e2a1 846 }
ubhat 0:6cc76d70e2a1 847 }
ubhat 0:6cc76d70e2a1 848 #endif
ubhat 0:6cc76d70e2a1 849
ubhat 0:6cc76d70e2a1 850 shift_sub_rows( s1 );
ubhat 0:6cc76d70e2a1 851 update_encrypt_key_256( o_key, &rc );
ubhat 0:6cc76d70e2a1 852 copy_and_key( out, s1, o_key );
ubhat 0:6cc76d70e2a1 853 }
ubhat 0:6cc76d70e2a1 854
ubhat 0:6cc76d70e2a1 855 #endif
ubhat 0:6cc76d70e2a1 856
ubhat 0:6cc76d70e2a1 857 #if defined( AES_DEC_256_OTFK )
ubhat 0:6cc76d70e2a1 858
ubhat 0:6cc76d70e2a1 859 /* The 'on the fly' encryption key update for for 256 bit keys */
ubhat 0:6cc76d70e2a1 860
ubhat 0:6cc76d70e2a1 861 static void update_decrypt_key_256( uint8_t k[2 * N_BLOCK], uint8_t *rc )
ubhat 0:6cc76d70e2a1 862 { uint8_t cc;
ubhat 0:6cc76d70e2a1 863
ubhat 0:6cc76d70e2a1 864 for(cc = 28; cc > 16; cc -= 4)
ubhat 0:6cc76d70e2a1 865 {
ubhat 0:6cc76d70e2a1 866 k[cc + 0] ^= k[cc - 4];
ubhat 0:6cc76d70e2a1 867 k[cc + 1] ^= k[cc - 3];
ubhat 0:6cc76d70e2a1 868 k[cc + 2] ^= k[cc - 2];
ubhat 0:6cc76d70e2a1 869 k[cc + 3] ^= k[cc - 1];
ubhat 0:6cc76d70e2a1 870 }
ubhat 0:6cc76d70e2a1 871
ubhat 0:6cc76d70e2a1 872 k[16] ^= s_box(k[12]);
ubhat 0:6cc76d70e2a1 873 k[17] ^= s_box(k[13]);
ubhat 0:6cc76d70e2a1 874 k[18] ^= s_box(k[14]);
ubhat 0:6cc76d70e2a1 875 k[19] ^= s_box(k[15]);
ubhat 0:6cc76d70e2a1 876
ubhat 0:6cc76d70e2a1 877 for(cc = 12; cc > 0; cc -= 4)
ubhat 0:6cc76d70e2a1 878 {
ubhat 0:6cc76d70e2a1 879 k[cc + 0] ^= k[cc - 4];
ubhat 0:6cc76d70e2a1 880 k[cc + 1] ^= k[cc - 3];
ubhat 0:6cc76d70e2a1 881 k[cc + 2] ^= k[cc - 2];
ubhat 0:6cc76d70e2a1 882 k[cc + 3] ^= k[cc - 1];
ubhat 0:6cc76d70e2a1 883 }
ubhat 0:6cc76d70e2a1 884
ubhat 0:6cc76d70e2a1 885 *rc = d2(*rc);
ubhat 0:6cc76d70e2a1 886 k[0] ^= s_box(k[29]) ^ *rc;
ubhat 0:6cc76d70e2a1 887 k[1] ^= s_box(k[30]);
ubhat 0:6cc76d70e2a1 888 k[2] ^= s_box(k[31]);
ubhat 0:6cc76d70e2a1 889 k[3] ^= s_box(k[28]);
ubhat 0:6cc76d70e2a1 890 }
ubhat 0:6cc76d70e2a1 891
ubhat 0:6cc76d70e2a1 892 /* Decrypt a single block of 16 bytes with 'on the fly'
ubhat 0:6cc76d70e2a1 893 256 bit keying
ubhat 0:6cc76d70e2a1 894 */
ubhat 0:6cc76d70e2a1 895 void aes_decrypt_256( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK],
ubhat 0:6cc76d70e2a1 896 const uint8_t key[2 * N_BLOCK], uint8_t o_key[2 * N_BLOCK] )
ubhat 0:6cc76d70e2a1 897 {
ubhat 0:6cc76d70e2a1 898 uint8_t s1[N_BLOCK], r, rc = 0x80;
ubhat 0:6cc76d70e2a1 899
ubhat 0:6cc76d70e2a1 900 if(o_key != key)
ubhat 0:6cc76d70e2a1 901 {
ubhat 0:6cc76d70e2a1 902 block_copy( o_key, key );
ubhat 0:6cc76d70e2a1 903 block_copy( o_key + 16, key + 16 );
ubhat 0:6cc76d70e2a1 904 }
ubhat 0:6cc76d70e2a1 905
ubhat 0:6cc76d70e2a1 906 copy_and_key( s1, in, o_key );
ubhat 0:6cc76d70e2a1 907 inv_shift_sub_rows( s1 );
ubhat 0:6cc76d70e2a1 908
ubhat 0:6cc76d70e2a1 909 for( r = 14 ; --r ; )
ubhat 0:6cc76d70e2a1 910 #if defined( VERSION_1 )
ubhat 0:6cc76d70e2a1 911 {
ubhat 0:6cc76d70e2a1 912 if( ( r & 1 ) )
ubhat 0:6cc76d70e2a1 913 {
ubhat 0:6cc76d70e2a1 914 update_decrypt_key_256( o_key, &rc );
ubhat 0:6cc76d70e2a1 915 add_round_key( s1, o_key + 16 );
ubhat 0:6cc76d70e2a1 916 }
ubhat 0:6cc76d70e2a1 917 else
ubhat 0:6cc76d70e2a1 918 add_round_key( s1, o_key );
ubhat 0:6cc76d70e2a1 919 inv_mix_sub_columns( s1 );
ubhat 0:6cc76d70e2a1 920 }
ubhat 0:6cc76d70e2a1 921 #else
ubhat 0:6cc76d70e2a1 922 { uint8_t s2[N_BLOCK];
ubhat 0:6cc76d70e2a1 923 if( ( r & 1 ) )
ubhat 0:6cc76d70e2a1 924 {
ubhat 0:6cc76d70e2a1 925 update_decrypt_key_256( o_key, &rc );
ubhat 0:6cc76d70e2a1 926 copy_and_key( s2, s1, o_key + 16 );
ubhat 0:6cc76d70e2a1 927 }
ubhat 0:6cc76d70e2a1 928 else
ubhat 0:6cc76d70e2a1 929 copy_and_key( s2, s1, o_key );
ubhat 0:6cc76d70e2a1 930 inv_mix_sub_columns( s1, s2 );
ubhat 0:6cc76d70e2a1 931 }
ubhat 0:6cc76d70e2a1 932 #endif
ubhat 0:6cc76d70e2a1 933 copy_and_key( out, s1, o_key );
ubhat 0:6cc76d70e2a1 934 }
ubhat 0:6cc76d70e2a1 935
ubhat 0:6cc76d70e2a1 936 #endif