wayne roberts / Mbed 2 deprecated LoRaWAN-demo-76_iks01a1

Sending IKS01A1 temperature sensor to LoRaWAN port-5 uplink

Dependencies:   X_NUCLEO_IKS01A1 mbed LoRaWAN-lib SX1276Lib

Fork of LoRaWAN-demo-76 by Semtech

Use IKS01A1 sensor shield with SX1272 shield or SX1276 shield.

Sends temperature sensor to LoRaWAN uplink port 5.

Remove SB22 and SB23 from IKS01A1 before using

SB28 conflicts with DIO0 on radio. (TxDone RxDone)

SB22 conflicts with RxTx on radio. (antenna switch)

system/crypto/aes.cpp@8:7b1d5fb9cf72, 2016-08-16 (annotated)

Committer:
dudmuck
Date:
Tue Aug 16 00:16:25 2016 +0000
Revision:
8:7b1d5fb9cf72
Parent:
5:1e9f6a365854 
added IKS01A1 temperature sensing

Who changed what in which revision?

UserRevisionLine numberNew contents of line
mluis 1:352f608c3337 1 /*
mluis 1:352f608c3337 2 ---------------------------------------------------------------------------
mluis 1:352f608c3337 3 Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
mluis 1:352f608c3337 4
mluis 1:352f608c3337 5 LICENSE TERMS
mluis 1:352f608c3337 6
mluis 1:352f608c3337 7 The redistribution and use of this software (with or without changes)
mluis 1:352f608c3337 8 is allowed without the payment of fees or royalties provided that:
mluis 1:352f608c3337 9
mluis 1:352f608c3337 10 1. source code distributions include the above copyright notice, this
mluis 1:352f608c3337 11 list of conditions and the following disclaimer;
mluis 1:352f608c3337 12
mluis 1:352f608c3337 13 2. binary distributions include the above copyright notice, this list
mluis 1:352f608c3337 14 of conditions and the following disclaimer in their documentation;
mluis 1:352f608c3337 15
mluis 1:352f608c3337 16 3. the name of the copyright holder is not used to endorse products
mluis 1:352f608c3337 17 built using this software without specific written permission.
mluis 1:352f608c3337 18
mluis 1:352f608c3337 19 DISCLAIMER
mluis 1:352f608c3337 20
mluis 1:352f608c3337 21 This software is provided 'as is' with no explicit or implied warranties
mluis 1:352f608c3337 22 in respect of its properties, including, but not limited to, correctness
mluis 1:352f608c3337 23 and/or fitness for purpose.
mluis 1:352f608c3337 24 ---------------------------------------------------------------------------
mluis 1:352f608c3337 25 Issue 09/09/2006
mluis 1:352f608c3337 26
mluis 1:352f608c3337 27 This is an AES implementation that uses only 8-bit byte operations on the
mluis 1:352f608c3337 28 cipher state (there are options to use 32-bit types if available).
mluis 1:352f608c3337 29
mluis 1:352f608c3337 30 The combination of mix columns and byte substitution used here is based on
mluis 1:352f608c3337 31 that developed by Karl Malbrain. His contribution is acknowledged.
mluis 1:352f608c3337 32 */
mluis 1:352f608c3337 33
mluis 1:352f608c3337 34 /* define if you have a fast memcpy function on your system */
mluis 1:352f608c3337 35 #if 0
mluis 1:352f608c3337 36 # define HAVE_MEMCPY
mluis 1:352f608c3337 37 # include <string.h>
mluis 1:352f608c3337 38 # if defined( _MSC_VER )
mluis 1:352f608c3337 39 # include <intrin.h>
mluis 1:352f608c3337 40 # pragma intrinsic( memcpy )
mluis 1:352f608c3337 41 # endif
mluis 1:352f608c3337 42 #endif
mluis 1:352f608c3337 43
mluis 1:352f608c3337 44
mluis 1:352f608c3337 45 #include <stdlib.h>
mluis 1:352f608c3337 46 #include <stdint.h>
mluis 1:352f608c3337 47
mluis 1:352f608c3337 48 /* define if you have fast 32-bit types on your system */
mluis 5:1e9f6a365854 49 #if ( __CORTEX_M != 0 ) // if Cortex is different from M0/M0+
mluis 1:352f608c3337 50 # define HAVE_UINT_32T
mluis 1:352f608c3337 51 #endif
mluis 1:352f608c3337 52
mluis 1:352f608c3337 53 /* define if you don't want any tables */
mluis 1:352f608c3337 54 #if 1
mluis 1:352f608c3337 55 # define USE_TABLES
mluis 1:352f608c3337 56 #endif
mluis 1:352f608c3337 57
mluis 1:352f608c3337 58 /* On Intel Core 2 duo VERSION_1 is faster */
mluis 1:352f608c3337 59
mluis 1:352f608c3337 60 /* alternative versions (test for performance on your system) */
mluis 1:352f608c3337 61 #if 1
mluis 1:352f608c3337 62 # define VERSION_1
mluis 1:352f608c3337 63 #endif
mluis 1:352f608c3337 64
mluis 1:352f608c3337 65 #include "aes.h"
mluis 1:352f608c3337 66
mluis 1:352f608c3337 67 //#if defined( HAVE_UINT_32T )
mluis 1:352f608c3337 68 // typedef unsigned long uint32_t;
mluis 1:352f608c3337 69 //#endif
mluis 1:352f608c3337 70
mluis 1:352f608c3337 71 /* functions for finite field multiplication in the AES Galois field */
mluis 1:352f608c3337 72
mluis 1:352f608c3337 73 #define WPOLY 0x011b
mluis 1:352f608c3337 74 #define BPOLY 0x1b
mluis 1:352f608c3337 75 #define DPOLY 0x008d
mluis 1:352f608c3337 76
mluis 1:352f608c3337 77 #define f1(x) (x)
mluis 1:352f608c3337 78 #define f2(x) ((x << 1) ^ (((x >> 7) & 1) * WPOLY))
mluis 1:352f608c3337 79 #define f4(x) ((x << 2) ^ (((x >> 6) & 1) * WPOLY) ^ (((x >> 6) & 2) * WPOLY))
mluis 1:352f608c3337 80 #define f8(x) ((x << 3) ^ (((x >> 5) & 1) * WPOLY) ^ (((x >> 5) & 2) * WPOLY) \
mluis 1:352f608c3337 81 ^ (((x >> 5) & 4) * WPOLY))
mluis 1:352f608c3337 82 #define d2(x) (((x) >> 1) ^ ((x) & 1 ? DPOLY : 0))
mluis 1:352f608c3337 83
mluis 1:352f608c3337 84 #define f3(x) (f2(x) ^ x)
mluis 1:352f608c3337 85 #define f9(x) (f8(x) ^ x)
mluis 1:352f608c3337 86 #define fb(x) (f8(x) ^ f2(x) ^ x)
mluis 1:352f608c3337 87 #define fd(x) (f8(x) ^ f4(x) ^ x)
mluis 1:352f608c3337 88 #define fe(x) (f8(x) ^ f4(x) ^ f2(x))
mluis 1:352f608c3337 89
mluis 1:352f608c3337 90 #if defined( USE_TABLES )
mluis 1:352f608c3337 91
mluis 1:352f608c3337 92 #define sb_data(w) { /* S Box data values */ \
mluis 1:352f608c3337 93 w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\
mluis 1:352f608c3337 94 w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\
mluis 1:352f608c3337 95 w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\
mluis 1:352f608c3337 96 w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\
mluis 1:352f608c3337 97 w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\
mluis 1:352f608c3337 98 w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\
mluis 1:352f608c3337 99 w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\
mluis 1:352f608c3337 100 w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\
mluis 1:352f608c3337 101 w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\
mluis 1:352f608c3337 102 w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\
mluis 1:352f608c3337 103 w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\
mluis 1:352f608c3337 104 w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\
mluis 1:352f608c3337 105 w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\
mluis 1:352f608c3337 106 w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\
mluis 1:352f608c3337 107 w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\
mluis 1:352f608c3337 108 w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\
mluis 1:352f608c3337 109 w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\
mluis 1:352f608c3337 110 w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\
mluis 1:352f608c3337 111 w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\
mluis 1:352f608c3337 112 w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\
mluis 1:352f608c3337 113 w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\
mluis 1:352f608c3337 114 w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\
mluis 1:352f608c3337 115 w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\
mluis 1:352f608c3337 116 w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\
mluis 1:352f608c3337 117 w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\
mluis 1:352f608c3337 118 w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\
mluis 1:352f608c3337 119 w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\
mluis 1:352f608c3337 120 w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\
mluis 1:352f608c3337 121 w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\
mluis 1:352f608c3337 122 w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\
mluis 1:352f608c3337 123 w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\
mluis 1:352f608c3337 124 w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16) }
mluis 1:352f608c3337 125
mluis 1:352f608c3337 126 #define isb_data(w) { /* inverse S Box data values */ \
mluis 1:352f608c3337 127 w(0x52), w(0x09), w(0x6a), w(0xd5), w(0x30), w(0x36), w(0xa5), w(0x38),\
mluis 1:352f608c3337 128 w(0xbf), w(0x40), w(0xa3), w(0x9e), w(0x81), w(0xf3), w(0xd7), w(0xfb),\
mluis 1:352f608c3337 129 w(0x7c), w(0xe3), w(0x39), w(0x82), w(0x9b), w(0x2f), w(0xff), w(0x87),\
mluis 1:352f608c3337 130 w(0x34), w(0x8e), w(0x43), w(0x44), w(0xc4), w(0xde), w(0xe9), w(0xcb),\
mluis 1:352f608c3337 131 w(0x54), w(0x7b), w(0x94), w(0x32), w(0xa6), w(0xc2), w(0x23), w(0x3d),\
mluis 1:352f608c3337 132 w(0xee), w(0x4c), w(0x95), w(0x0b), w(0x42), w(0xfa), w(0xc3), w(0x4e),\
mluis 1:352f608c3337 133 w(0x08), w(0x2e), w(0xa1), w(0x66), w(0x28), w(0xd9), w(0x24), w(0xb2),\
mluis 1:352f608c3337 134 w(0x76), w(0x5b), w(0xa2), w(0x49), w(0x6d), w(0x8b), w(0xd1), w(0x25),\
mluis 1:352f608c3337 135 w(0x72), w(0xf8), w(0xf6), w(0x64), w(0x86), w(0x68), w(0x98), w(0x16),\
mluis 1:352f608c3337 136 w(0xd4), w(0xa4), w(0x5c), w(0xcc), w(0x5d), w(0x65), w(0xb6), w(0x92),\
mluis 1:352f608c3337 137 w(0x6c), w(0x70), w(0x48), w(0x50), w(0xfd), w(0xed), w(0xb9), w(0xda),\
mluis 1:352f608c3337 138 w(0x5e), w(0x15), w(0x46), w(0x57), w(0xa7), w(0x8d), w(0x9d), w(0x84),\
mluis 1:352f608c3337 139 w(0x90), w(0xd8), w(0xab), w(0x00), w(0x8c), w(0xbc), w(0xd3), w(0x0a),\
mluis 1:352f608c3337 140 w(0xf7), w(0xe4), w(0x58), w(0x05), w(0xb8), w(0xb3), w(0x45), w(0x06),\
mluis 1:352f608c3337 141 w(0xd0), w(0x2c), w(0x1e), w(0x8f), w(0xca), w(0x3f), w(0x0f), w(0x02),\
mluis 1:352f608c3337 142 w(0xc1), w(0xaf), w(0xbd), w(0x03), w(0x01), w(0x13), w(0x8a), w(0x6b),\
mluis 1:352f608c3337 143 w(0x3a), w(0x91), w(0x11), w(0x41), w(0x4f), w(0x67), w(0xdc), w(0xea),\
mluis 1:352f608c3337 144 w(0x97), w(0xf2), w(0xcf), w(0xce), w(0xf0), w(0xb4), w(0xe6), w(0x73),\
mluis 1:352f608c3337 145 w(0x96), w(0xac), w(0x74), w(0x22), w(0xe7), w(0xad), w(0x35), w(0x85),\
mluis 1:352f608c3337 146 w(0xe2), w(0xf9), w(0x37), w(0xe8), w(0x1c), w(0x75), w(0xdf), w(0x6e),\
mluis 1:352f608c3337 147 w(0x47), w(0xf1), w(0x1a), w(0x71), w(0x1d), w(0x29), w(0xc5), w(0x89),\
mluis 1:352f608c3337 148 w(0x6f), w(0xb7), w(0x62), w(0x0e), w(0xaa), w(0x18), w(0xbe), w(0x1b),\
mluis 1:352f608c3337 149 w(0xfc), w(0x56), w(0x3e), w(0x4b), w(0xc6), w(0xd2), w(0x79), w(0x20),\
mluis 1:352f608c3337 150 w(0x9a), w(0xdb), w(0xc0), w(0xfe), w(0x78), w(0xcd), w(0x5a), w(0xf4),\
mluis 1:352f608c3337 151 w(0x1f), w(0xdd), w(0xa8), w(0x33), w(0x88), w(0x07), w(0xc7), w(0x31),\
mluis 1:352f608c3337 152 w(0xb1), w(0x12), w(0x10), w(0x59), w(0x27), w(0x80), w(0xec), w(0x5f),\
mluis 1:352f608c3337 153 w(0x60), w(0x51), w(0x7f), w(0xa9), w(0x19), w(0xb5), w(0x4a), w(0x0d),\
mluis 1:352f608c3337 154 w(0x2d), w(0xe5), w(0x7a), w(0x9f), w(0x93), w(0xc9), w(0x9c), w(0xef),\
mluis 1:352f608c3337 155 w(0xa0), w(0xe0), w(0x3b), w(0x4d), w(0xae), w(0x2a), w(0xf5), w(0xb0),\
mluis 1:352f608c3337 156 w(0xc8), w(0xeb), w(0xbb), w(0x3c), w(0x83), w(0x53), w(0x99), w(0x61),\
mluis 1:352f608c3337 157 w(0x17), w(0x2b), w(0x04), w(0x7e), w(0xba), w(0x77), w(0xd6), w(0x26),\
mluis 1:352f608c3337 158 w(0xe1), w(0x69), w(0x14), w(0x63), w(0x55), w(0x21), w(0x0c), w(0x7d) }
mluis 1:352f608c3337 159
mluis 1:352f608c3337 160 #define mm_data(w) { /* basic data for forming finite field tables */ \
mluis 1:352f608c3337 161 w(0x00), w(0x01), w(0x02), w(0x03), w(0x04), w(0x05), w(0x06), w(0x07),\
mluis 1:352f608c3337 162 w(0x08), w(0x09), w(0x0a), w(0x0b), w(0x0c), w(0x0d), w(0x0e), w(0x0f),\
mluis 1:352f608c3337 163 w(0x10), w(0x11), w(0x12), w(0x13), w(0x14), w(0x15), w(0x16), w(0x17),\
mluis 1:352f608c3337 164 w(0x18), w(0x19), w(0x1a), w(0x1b), w(0x1c), w(0x1d), w(0x1e), w(0x1f),\
mluis 1:352f608c3337 165 w(0x20), w(0x21), w(0x22), w(0x23), w(0x24), w(0x25), w(0x26), w(0x27),\
mluis 1:352f608c3337 166 w(0x28), w(0x29), w(0x2a), w(0x2b), w(0x2c), w(0x2d), w(0x2e), w(0x2f),\
mluis 1:352f608c3337 167 w(0x30), w(0x31), w(0x32), w(0x33), w(0x34), w(0x35), w(0x36), w(0x37),\
mluis 1:352f608c3337 168 w(0x38), w(0x39), w(0x3a), w(0x3b), w(0x3c), w(0x3d), w(0x3e), w(0x3f),\
mluis 1:352f608c3337 169 w(0x40), w(0x41), w(0x42), w(0x43), w(0x44), w(0x45), w(0x46), w(0x47),\
mluis 1:352f608c3337 170 w(0x48), w(0x49), w(0x4a), w(0x4b), w(0x4c), w(0x4d), w(0x4e), w(0x4f),\
mluis 1:352f608c3337 171 w(0x50), w(0x51), w(0x52), w(0x53), w(0x54), w(0x55), w(0x56), w(0x57),\
mluis 1:352f608c3337 172 w(0x58), w(0x59), w(0x5a), w(0x5b), w(0x5c), w(0x5d), w(0x5e), w(0x5f),\
mluis 1:352f608c3337 173 w(0x60), w(0x61), w(0x62), w(0x63), w(0x64), w(0x65), w(0x66), w(0x67),\
mluis 1:352f608c3337 174 w(0x68), w(0x69), w(0x6a), w(0x6b), w(0x6c), w(0x6d), w(0x6e), w(0x6f),\
mluis 1:352f608c3337 175 w(0x70), w(0x71), w(0x72), w(0x73), w(0x74), w(0x75), w(0x76), w(0x77),\
mluis 1:352f608c3337 176 w(0x78), w(0x79), w(0x7a), w(0x7b), w(0x7c), w(0x7d), w(0x7e), w(0x7f),\
mluis 1:352f608c3337 177 w(0x80), w(0x81), w(0x82), w(0x83), w(0x84), w(0x85), w(0x86), w(0x87),\
mluis 1:352f608c3337 178 w(0x88), w(0x89), w(0x8a), w(0x8b), w(0x8c), w(0x8d), w(0x8e), w(0x8f),\
mluis 1:352f608c3337 179 w(0x90), w(0x91), w(0x92), w(0x93), w(0x94), w(0x95), w(0x96), w(0x97),\
mluis 1:352f608c3337 180 w(0x98), w(0x99), w(0x9a), w(0x9b), w(0x9c), w(0x9d), w(0x9e), w(0x9f),\
mluis 1:352f608c3337 181 w(0xa0), w(0xa1), w(0xa2), w(0xa3), w(0xa4), w(0xa5), w(0xa6), w(0xa7),\
mluis 1:352f608c3337 182 w(0xa8), w(0xa9), w(0xaa), w(0xab), w(0xac), w(0xad), w(0xae), w(0xaf),\
mluis 1:352f608c3337 183 w(0xb0), w(0xb1), w(0xb2), w(0xb3), w(0xb4), w(0xb5), w(0xb6), w(0xb7),\
mluis 1:352f608c3337 184 w(0xb8), w(0xb9), w(0xba), w(0xbb), w(0xbc), w(0xbd), w(0xbe), w(0xbf),\
mluis 1:352f608c3337 185 w(0xc0), w(0xc1), w(0xc2), w(0xc3), w(0xc4), w(0xc5), w(0xc6), w(0xc7),\
mluis 1:352f608c3337 186 w(0xc8), w(0xc9), w(0xca), w(0xcb), w(0xcc), w(0xcd), w(0xce), w(0xcf),\
mluis 1:352f608c3337 187 w(0xd0), w(0xd1), w(0xd2), w(0xd3), w(0xd4), w(0xd5), w(0xd6), w(0xd7),\
mluis 1:352f608c3337 188 w(0xd8), w(0xd9), w(0xda), w(0xdb), w(0xdc), w(0xdd), w(0xde), w(0xdf),\
mluis 1:352f608c3337 189 w(0xe0), w(0xe1), w(0xe2), w(0xe3), w(0xe4), w(0xe5), w(0xe6), w(0xe7),\
mluis 1:352f608c3337 190 w(0xe8), w(0xe9), w(0xea), w(0xeb), w(0xec), w(0xed), w(0xee), w(0xef),\
mluis 1:352f608c3337 191 w(0xf0), w(0xf1), w(0xf2), w(0xf3), w(0xf4), w(0xf5), w(0xf6), w(0xf7),\
mluis 1:352f608c3337 192 w(0xf8), w(0xf9), w(0xfa), w(0xfb), w(0xfc), w(0xfd), w(0xfe), w(0xff) }
mluis 1:352f608c3337 193
mluis 1:352f608c3337 194 static const uint8_t sbox[256] = sb_data(f1);
mluis 1:352f608c3337 195
mluis 1:352f608c3337 196 #if defined( AES_DEC_PREKEYED )
mluis 1:352f608c3337 197 static const uint8_t isbox[256] = isb_data(f1);
mluis 1:352f608c3337 198 #endif
mluis 1:352f608c3337 199
mluis 1:352f608c3337 200 static const uint8_t gfm2_sbox[256] = sb_data(f2);
mluis 1:352f608c3337 201 static const uint8_t gfm3_sbox[256] = sb_data(f3);
mluis 1:352f608c3337 202
mluis 1:352f608c3337 203 #if defined( AES_DEC_PREKEYED )
mluis 1:352f608c3337 204 static const uint8_t gfmul_9[256] = mm_data(f9);
mluis 1:352f608c3337 205 static const uint8_t gfmul_b[256] = mm_data(fb);
mluis 1:352f608c3337 206 static const uint8_t gfmul_d[256] = mm_data(fd);
mluis 1:352f608c3337 207 static const uint8_t gfmul_e[256] = mm_data(fe);
mluis 1:352f608c3337 208 #endif
mluis 1:352f608c3337 209
mluis 1:352f608c3337 210 #define s_box(x) sbox[(x)]
mluis 1:352f608c3337 211 #if defined( AES_DEC_PREKEYED )
mluis 1:352f608c3337 212 #define is_box(x) isbox[(x)]
mluis 1:352f608c3337 213 #endif
mluis 1:352f608c3337 214 #define gfm2_sb(x) gfm2_sbox[(x)]
mluis 1:352f608c3337 215 #define gfm3_sb(x) gfm3_sbox[(x)]
mluis 1:352f608c3337 216 #if defined( AES_DEC_PREKEYED )
mluis 1:352f608c3337 217 #define gfm_9(x) gfmul_9[(x)]
mluis 1:352f608c3337 218 #define gfm_b(x) gfmul_b[(x)]
mluis 1:352f608c3337 219 #define gfm_d(x) gfmul_d[(x)]
mluis 1:352f608c3337 220 #define gfm_e(x) gfmul_e[(x)]
mluis 1:352f608c3337 221 #endif
mluis 1:352f608c3337 222 #else
mluis 1:352f608c3337 223
mluis 1:352f608c3337 224 /* this is the high bit of x right shifted by 1 */
mluis 1:352f608c3337 225 /* position. Since the starting polynomial has */
mluis 1:352f608c3337 226 /* 9 bits (0x11b), this right shift keeps the */
mluis 1:352f608c3337 227 /* values of all top bits within a byte */
mluis 1:352f608c3337 228
mluis 1:352f608c3337 229 static uint8_t hibit(const uint8_t x)
mluis 1:352f608c3337 230 { uint8_t r = (uint8_t)((x >> 1) | (x >> 2));
mluis 1:352f608c3337 231
mluis 1:352f608c3337 232 r |= (r >> 2);
mluis 1:352f608c3337 233 r |= (r >> 4);
mluis 1:352f608c3337 234 return (r + 1) >> 1;
mluis 1:352f608c3337 235 }
mluis 1:352f608c3337 236
mluis 1:352f608c3337 237 /* return the inverse of the finite field element x */
mluis 1:352f608c3337 238
mluis 1:352f608c3337 239 static uint8_t gf_inv(const uint8_t x)
mluis 1:352f608c3337 240 { uint8_t p1 = x, p2 = BPOLY, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0;
mluis 1:352f608c3337 241
mluis 5:1e9f6a365854 242 if(x < 2)
mluis 1:352f608c3337 243 return x;
mluis 1:352f608c3337 244
mluis 1:352f608c3337 245 for( ; ; )
mluis 1:352f608c3337 246 {
mluis 1:352f608c3337 247 if(n1)
mluis 1:352f608c3337 248 while(n2 >= n1) /* divide polynomial p2 by p1 */
mluis 1:352f608c3337 249 {
mluis 5:1e9f6a365854 250 n2 /= n1; /* shift smaller polynomial left */
mluis 1:352f608c3337 251 p2 ^= (p1 * n2) & 0xff; /* and remove from larger one */
mluis 5:1e9f6a365854 252 v2 ^= (v1 * n2); /* shift accumulated value and */
mluis 1:352f608c3337 253 n2 = hibit(p2); /* add into result */
mluis 1:352f608c3337 254 }
mluis 1:352f608c3337 255 else
mluis 1:352f608c3337 256 return v1;
mluis 1:352f608c3337 257
mluis 5:1e9f6a365854 258 if(n2) /* repeat with values swapped */
mluis 1:352f608c3337 259 while(n1 >= n2)
mluis 1:352f608c3337 260 {
mluis 5:1e9f6a365854 261 n1 /= n2;
mluis 5:1e9f6a365854 262 p1 ^= p2 * n1;
mluis 5:1e9f6a365854 263 v1 ^= v2 * n1;
mluis 1:352f608c3337 264 n1 = hibit(p1);
mluis 1:352f608c3337 265 }
mluis 1:352f608c3337 266 else
mluis 1:352f608c3337 267 return v2;
mluis 1:352f608c3337 268 }
mluis 1:352f608c3337 269 }
mluis 1:352f608c3337 270
mluis 1:352f608c3337 271 /* The forward and inverse affine transformations used in the S-box */
mluis 1:352f608c3337 272 uint8_t fwd_affine(const uint8_t x)
mluis 5:1e9f6a365854 273 {
mluis 1:352f608c3337 274 #if defined( HAVE_UINT_32T )
mluis 1:352f608c3337 275 uint32_t w = x;
mluis 1:352f608c3337 276 w ^= (w << 1) ^ (w << 2) ^ (w << 3) ^ (w << 4);
mluis 1:352f608c3337 277 return 0x63 ^ ((w ^ (w >> 8)) & 0xff);
mluis 1:352f608c3337 278 #else
mluis 5:1e9f6a365854 279 return 0x63 ^ x ^ (x << 1) ^ (x << 2) ^ (x << 3) ^ (x << 4)
mluis 1:352f608c3337 280 ^ (x >> 7) ^ (x >> 6) ^ (x >> 5) ^ (x >> 4);
mluis 1:352f608c3337 281 #endif
mluis 1:352f608c3337 282 }
mluis 1:352f608c3337 283
mluis 1:352f608c3337 284 uint8_t inv_affine(const uint8_t x)
mluis 1:352f608c3337 285 {
mluis 1:352f608c3337 286 #if defined( HAVE_UINT_32T )
mluis 1:352f608c3337 287 uint32_t w = x;
mluis 1:352f608c3337 288 w = (w << 1) ^ (w << 3) ^ (w << 6);
mluis 1:352f608c3337 289 return 0x05 ^ ((w ^ (w >> 8)) & 0xff);
mluis 1:352f608c3337 290 #else
mluis 5:1e9f6a365854 291 return 0x05 ^ (x << 1) ^ (x << 3) ^ (x << 6)
mluis 1:352f608c3337 292 ^ (x >> 7) ^ (x >> 5) ^ (x >> 2);
mluis 1:352f608c3337 293 #endif
mluis 1:352f608c3337 294 }
mluis 1:352f608c3337 295
mluis 1:352f608c3337 296 #define s_box(x) fwd_affine(gf_inv(x))
mluis 1:352f608c3337 297 #define is_box(x) gf_inv(inv_affine(x))
mluis 1:352f608c3337 298 #define gfm2_sb(x) f2(s_box(x))
mluis 1:352f608c3337 299 #define gfm3_sb(x) f3(s_box(x))
mluis 1:352f608c3337 300 #define gfm_9(x) f9(x)
mluis 1:352f608c3337 301 #define gfm_b(x) fb(x)
mluis 1:352f608c3337 302 #define gfm_d(x) fd(x)
mluis 1:352f608c3337 303 #define gfm_e(x) fe(x)
mluis 1:352f608c3337 304
mluis 1:352f608c3337 305 #endif
mluis 1:352f608c3337 306
mluis 1:352f608c3337 307 #if defined( HAVE_MEMCPY )
mluis 1:352f608c3337 308 # define block_copy_nn(d, s, l) memcpy(d, s, l)
mluis 1:352f608c3337 309 # define block_copy(d, s) memcpy(d, s, N_BLOCK)
mluis 1:352f608c3337 310 #else
mluis 1:352f608c3337 311 # define block_copy_nn(d, s, l) copy_block_nn(d, s, l)
mluis 1:352f608c3337 312 # define block_copy(d, s) copy_block(d, s)
mluis 1:352f608c3337 313 #endif
mluis 1:352f608c3337 314
mluis 1:352f608c3337 315 static void copy_block( void *d, const void *s )
mluis 1:352f608c3337 316 {
mluis 1:352f608c3337 317 #if defined( HAVE_UINT_32T )
mluis 1:352f608c3337 318 ((uint32_t*)d)[ 0] = ((uint32_t*)s)[ 0];
mluis 1:352f608c3337 319 ((uint32_t*)d)[ 1] = ((uint32_t*)s)[ 1];
mluis 1:352f608c3337 320 ((uint32_t*)d)[ 2] = ((uint32_t*)s)[ 2];
mluis 1:352f608c3337 321 ((uint32_t*)d)[ 3] = ((uint32_t*)s)[ 3];
mluis 1:352f608c3337 322 #else
mluis 1:352f608c3337 323 ((uint8_t*)d)[ 0] = ((uint8_t*)s)[ 0];
mluis 1:352f608c3337 324 ((uint8_t*)d)[ 1] = ((uint8_t*)s)[ 1];
mluis 1:352f608c3337 325 ((uint8_t*)d)[ 2] = ((uint8_t*)s)[ 2];
mluis 1:352f608c3337 326 ((uint8_t*)d)[ 3] = ((uint8_t*)s)[ 3];
mluis 1:352f608c3337 327 ((uint8_t*)d)[ 4] = ((uint8_t*)s)[ 4];
mluis 1:352f608c3337 328 ((uint8_t*)d)[ 5] = ((uint8_t*)s)[ 5];
mluis 1:352f608c3337 329 ((uint8_t*)d)[ 6] = ((uint8_t*)s)[ 6];
mluis 1:352f608c3337 330 ((uint8_t*)d)[ 7] = ((uint8_t*)s)[ 7];
mluis 1:352f608c3337 331 ((uint8_t*)d)[ 8] = ((uint8_t*)s)[ 8];
mluis 1:352f608c3337 332 ((uint8_t*)d)[ 9] = ((uint8_t*)s)[ 9];
mluis 1:352f608c3337 333 ((uint8_t*)d)[10] = ((uint8_t*)s)[10];
mluis 1:352f608c3337 334 ((uint8_t*)d)[11] = ((uint8_t*)s)[11];
mluis 1:352f608c3337 335 ((uint8_t*)d)[12] = ((uint8_t*)s)[12];
mluis 1:352f608c3337 336 ((uint8_t*)d)[13] = ((uint8_t*)s)[13];
mluis 1:352f608c3337 337 ((uint8_t*)d)[14] = ((uint8_t*)s)[14];
mluis 1:352f608c3337 338 ((uint8_t*)d)[15] = ((uint8_t*)s)[15];
mluis 1:352f608c3337 339 #endif
mluis 1:352f608c3337 340 }
mluis 1:352f608c3337 341
mluis 1:352f608c3337 342 static void copy_block_nn( uint8_t * d, const uint8_t *s, uint8_t nn )
mluis 1:352f608c3337 343 {
mluis 1:352f608c3337 344 while( nn-- )
mluis 1:352f608c3337 345 //*((uint8_t*)d)++ = *((uint8_t*)s)++;
mluis 1:352f608c3337 346 *d++ = *s++;
mluis 1:352f608c3337 347 }
mluis 1:352f608c3337 348
mluis 1:352f608c3337 349 static void xor_block( void *d, const void *s )
mluis 1:352f608c3337 350 {
mluis 1:352f608c3337 351 #if defined( HAVE_UINT_32T )
mluis 1:352f608c3337 352 ((uint32_t*)d)[ 0] ^= ((uint32_t*)s)[ 0];
mluis 1:352f608c3337 353 ((uint32_t*)d)[ 1] ^= ((uint32_t*)s)[ 1];
mluis 1:352f608c3337 354 ((uint32_t*)d)[ 2] ^= ((uint32_t*)s)[ 2];
mluis 1:352f608c3337 355 ((uint32_t*)d)[ 3] ^= ((uint32_t*)s)[ 3];
mluis 1:352f608c3337 356 #else
mluis 1:352f608c3337 357 ((uint8_t*)d)[ 0] ^= ((uint8_t*)s)[ 0];
mluis 1:352f608c3337 358 ((uint8_t*)d)[ 1] ^= ((uint8_t*)s)[ 1];
mluis 1:352f608c3337 359 ((uint8_t*)d)[ 2] ^= ((uint8_t*)s)[ 2];
mluis 1:352f608c3337 360 ((uint8_t*)d)[ 3] ^= ((uint8_t*)s)[ 3];
mluis 1:352f608c3337 361 ((uint8_t*)d)[ 4] ^= ((uint8_t*)s)[ 4];
mluis 1:352f608c3337 362 ((uint8_t*)d)[ 5] ^= ((uint8_t*)s)[ 5];
mluis 1:352f608c3337 363 ((uint8_t*)d)[ 6] ^= ((uint8_t*)s)[ 6];
mluis 1:352f608c3337 364 ((uint8_t*)d)[ 7] ^= ((uint8_t*)s)[ 7];
mluis 1:352f608c3337 365 ((uint8_t*)d)[ 8] ^= ((uint8_t*)s)[ 8];
mluis 1:352f608c3337 366 ((uint8_t*)d)[ 9] ^= ((uint8_t*)s)[ 9];
mluis 1:352f608c3337 367 ((uint8_t*)d)[10] ^= ((uint8_t*)s)[10];
mluis 1:352f608c3337 368 ((uint8_t*)d)[11] ^= ((uint8_t*)s)[11];
mluis 1:352f608c3337 369 ((uint8_t*)d)[12] ^= ((uint8_t*)s)[12];
mluis 1:352f608c3337 370 ((uint8_t*)d)[13] ^= ((uint8_t*)s)[13];
mluis 1:352f608c3337 371 ((uint8_t*)d)[14] ^= ((uint8_t*)s)[14];
mluis 1:352f608c3337 372 ((uint8_t*)d)[15] ^= ((uint8_t*)s)[15];
mluis 1:352f608c3337 373 #endif
mluis 1:352f608c3337 374 }
mluis 1:352f608c3337 375
mluis 1:352f608c3337 376 static void copy_and_key( void *d, const void *s, const void *k )
mluis 1:352f608c3337 377 {
mluis 1:352f608c3337 378 #if defined( HAVE_UINT_32T )
mluis 1:352f608c3337 379 ((uint32_t*)d)[ 0] = ((uint32_t*)s)[ 0] ^ ((uint32_t*)k)[ 0];
mluis 1:352f608c3337 380 ((uint32_t*)d)[ 1] = ((uint32_t*)s)[ 1] ^ ((uint32_t*)k)[ 1];
mluis 1:352f608c3337 381 ((uint32_t*)d)[ 2] = ((uint32_t*)s)[ 2] ^ ((uint32_t*)k)[ 2];
mluis 1:352f608c3337 382 ((uint32_t*)d)[ 3] = ((uint32_t*)s)[ 3] ^ ((uint32_t*)k)[ 3];
mluis 1:352f608c3337 383 #elif 1
mluis 1:352f608c3337 384 ((uint8_t*)d)[ 0] = ((uint8_t*)s)[ 0] ^ ((uint8_t*)k)[ 0];
mluis 1:352f608c3337 385 ((uint8_t*)d)[ 1] = ((uint8_t*)s)[ 1] ^ ((uint8_t*)k)[ 1];
mluis 1:352f608c3337 386 ((uint8_t*)d)[ 2] = ((uint8_t*)s)[ 2] ^ ((uint8_t*)k)[ 2];
mluis 1:352f608c3337 387 ((uint8_t*)d)[ 3] = ((uint8_t*)s)[ 3] ^ ((uint8_t*)k)[ 3];
mluis 1:352f608c3337 388 ((uint8_t*)d)[ 4] = ((uint8_t*)s)[ 4] ^ ((uint8_t*)k)[ 4];
mluis 1:352f608c3337 389 ((uint8_t*)d)[ 5] = ((uint8_t*)s)[ 5] ^ ((uint8_t*)k)[ 5];
mluis 1:352f608c3337 390 ((uint8_t*)d)[ 6] = ((uint8_t*)s)[ 6] ^ ((uint8_t*)k)[ 6];
mluis 1:352f608c3337 391 ((uint8_t*)d)[ 7] = ((uint8_t*)s)[ 7] ^ ((uint8_t*)k)[ 7];
mluis 1:352f608c3337 392 ((uint8_t*)d)[ 8] = ((uint8_t*)s)[ 8] ^ ((uint8_t*)k)[ 8];
mluis 1:352f608c3337 393 ((uint8_t*)d)[ 9] = ((uint8_t*)s)[ 9] ^ ((uint8_t*)k)[ 9];
mluis 1:352f608c3337 394 ((uint8_t*)d)[10] = ((uint8_t*)s)[10] ^ ((uint8_t*)k)[10];
mluis 1:352f608c3337 395 ((uint8_t*)d)[11] = ((uint8_t*)s)[11] ^ ((uint8_t*)k)[11];
mluis 1:352f608c3337 396 ((uint8_t*)d)[12] = ((uint8_t*)s)[12] ^ ((uint8_t*)k)[12];
mluis 1:352f608c3337 397 ((uint8_t*)d)[13] = ((uint8_t*)s)[13] ^ ((uint8_t*)k)[13];
mluis 1:352f608c3337 398 ((uint8_t*)d)[14] = ((uint8_t*)s)[14] ^ ((uint8_t*)k)[14];
mluis 1:352f608c3337 399 ((uint8_t*)d)[15] = ((uint8_t*)s)[15] ^ ((uint8_t*)k)[15];
mluis 1:352f608c3337 400 #else
mluis 1:352f608c3337 401 block_copy(d, s);
mluis 1:352f608c3337 402 xor_block(d, k);
mluis 1:352f608c3337 403 #endif
mluis 1:352f608c3337 404 }
mluis 1:352f608c3337 405
mluis 1:352f608c3337 406 static void add_round_key( uint8_t d[N_BLOCK], const uint8_t k[N_BLOCK] )
mluis 1:352f608c3337 407 {
mluis 1:352f608c3337 408 xor_block(d, k);
mluis 1:352f608c3337 409 }
mluis 1:352f608c3337 410
mluis 1:352f608c3337 411 static void shift_sub_rows( uint8_t st[N_BLOCK] )
mluis 1:352f608c3337 412 { uint8_t tt;
mluis 1:352f608c3337 413
mluis 1:352f608c3337 414 st[ 0] = s_box(st[ 0]); st[ 4] = s_box(st[ 4]);
mluis 1:352f608c3337 415 st[ 8] = s_box(st[ 8]); st[12] = s_box(st[12]);
mluis 1:352f608c3337 416
mluis 1:352f608c3337 417 tt = st[1]; st[ 1] = s_box(st[ 5]); st[ 5] = s_box(st[ 9]);
mluis 1:352f608c3337 418 st[ 9] = s_box(st[13]); st[13] = s_box( tt );
mluis 1:352f608c3337 419
mluis 1:352f608c3337 420 tt = st[2]; st[ 2] = s_box(st[10]); st[10] = s_box( tt );
mluis 1:352f608c3337 421 tt = st[6]; st[ 6] = s_box(st[14]); st[14] = s_box( tt );
mluis 1:352f608c3337 422
mluis 1:352f608c3337 423 tt = st[15]; st[15] = s_box(st[11]); st[11] = s_box(st[ 7]);
mluis 1:352f608c3337 424 st[ 7] = s_box(st[ 3]); st[ 3] = s_box( tt );
mluis 1:352f608c3337 425 }
mluis 1:352f608c3337 426
mluis 1:352f608c3337 427 #if defined( AES_DEC_PREKEYED )
mluis 1:352f608c3337 428
mluis 1:352f608c3337 429 static void inv_shift_sub_rows( uint8_t st[N_BLOCK] )
mluis 1:352f608c3337 430 { uint8_t tt;
mluis 1:352f608c3337 431
mluis 1:352f608c3337 432 st[ 0] = is_box(st[ 0]); st[ 4] = is_box(st[ 4]);
mluis 1:352f608c3337 433 st[ 8] = is_box(st[ 8]); st[12] = is_box(st[12]);
mluis 1:352f608c3337 434
mluis 1:352f608c3337 435 tt = st[13]; st[13] = is_box(st[9]); st[ 9] = is_box(st[5]);
mluis 1:352f608c3337 436 st[ 5] = is_box(st[1]); st[ 1] = is_box( tt );
mluis 1:352f608c3337 437
mluis 1:352f608c3337 438 tt = st[2]; st[ 2] = is_box(st[10]); st[10] = is_box( tt );
mluis 1:352f608c3337 439 tt = st[6]; st[ 6] = is_box(st[14]); st[14] = is_box( tt );
mluis 1:352f608c3337 440
mluis 1:352f608c3337 441 tt = st[3]; st[ 3] = is_box(st[ 7]); st[ 7] = is_box(st[11]);
mluis 1:352f608c3337 442 st[11] = is_box(st[15]); st[15] = is_box( tt );
mluis 1:352f608c3337 443 }
mluis 1:352f608c3337 444
mluis 1:352f608c3337 445 #endif
mluis 1:352f608c3337 446
mluis 1:352f608c3337 447 #if defined( VERSION_1 )
mluis 1:352f608c3337 448 static void mix_sub_columns( uint8_t dt[N_BLOCK] )
mluis 1:352f608c3337 449 { uint8_t st[N_BLOCK];
mluis 1:352f608c3337 450 block_copy(st, dt);
mluis 1:352f608c3337 451 #else
mluis 1:352f608c3337 452 static void mix_sub_columns( uint8_t dt[N_BLOCK], uint8_t st[N_BLOCK] )
mluis 1:352f608c3337 453 {
mluis 1:352f608c3337 454 #endif
mluis 1:352f608c3337 455 dt[ 0] = gfm2_sb(st[0]) ^ gfm3_sb(st[5]) ^ s_box(st[10]) ^ s_box(st[15]);
mluis 1:352f608c3337 456 dt[ 1] = s_box(st[0]) ^ gfm2_sb(st[5]) ^ gfm3_sb(st[10]) ^ s_box(st[15]);
mluis 1:352f608c3337 457 dt[ 2] = s_box(st[0]) ^ s_box(st[5]) ^ gfm2_sb(st[10]) ^ gfm3_sb(st[15]);
mluis 1:352f608c3337 458 dt[ 3] = gfm3_sb(st[0]) ^ s_box(st[5]) ^ s_box(st[10]) ^ gfm2_sb(st[15]);
mluis 1:352f608c3337 459
mluis 1:352f608c3337 460 dt[ 4] = gfm2_sb(st[4]) ^ gfm3_sb(st[9]) ^ s_box(st[14]) ^ s_box(st[3]);
mluis 1:352f608c3337 461 dt[ 5] = s_box(st[4]) ^ gfm2_sb(st[9]) ^ gfm3_sb(st[14]) ^ s_box(st[3]);
mluis 1:352f608c3337 462 dt[ 6] = s_box(st[4]) ^ s_box(st[9]) ^ gfm2_sb(st[14]) ^ gfm3_sb(st[3]);
mluis 1:352f608c3337 463 dt[ 7] = gfm3_sb(st[4]) ^ s_box(st[9]) ^ s_box(st[14]) ^ gfm2_sb(st[3]);
mluis 1:352f608c3337 464
mluis 1:352f608c3337 465 dt[ 8] = gfm2_sb(st[8]) ^ gfm3_sb(st[13]) ^ s_box(st[2]) ^ s_box(st[7]);
mluis 1:352f608c3337 466 dt[ 9] = s_box(st[8]) ^ gfm2_sb(st[13]) ^ gfm3_sb(st[2]) ^ s_box(st[7]);
mluis 1:352f608c3337 467 dt[10] = s_box(st[8]) ^ s_box(st[13]) ^ gfm2_sb(st[2]) ^ gfm3_sb(st[7]);
mluis 1:352f608c3337 468 dt[11] = gfm3_sb(st[8]) ^ s_box(st[13]) ^ s_box(st[2]) ^ gfm2_sb(st[7]);
mluis 1:352f608c3337 469
mluis 1:352f608c3337 470 dt[12] = gfm2_sb(st[12]) ^ gfm3_sb(st[1]) ^ s_box(st[6]) ^ s_box(st[11]);
mluis 1:352f608c3337 471 dt[13] = s_box(st[12]) ^ gfm2_sb(st[1]) ^ gfm3_sb(st[6]) ^ s_box(st[11]);
mluis 1:352f608c3337 472 dt[14] = s_box(st[12]) ^ s_box(st[1]) ^ gfm2_sb(st[6]) ^ gfm3_sb(st[11]);
mluis 1:352f608c3337 473 dt[15] = gfm3_sb(st[12]) ^ s_box(st[1]) ^ s_box(st[6]) ^ gfm2_sb(st[11]);
mluis 1:352f608c3337 474 }
mluis 1:352f608c3337 475
mluis 1:352f608c3337 476 #if defined( AES_DEC_PREKEYED )
mluis 1:352f608c3337 477
mluis 1:352f608c3337 478 #if defined( VERSION_1 )
mluis 1:352f608c3337 479 static void inv_mix_sub_columns( uint8_t dt[N_BLOCK] )
mluis 1:352f608c3337 480 { uint8_t st[N_BLOCK];
mluis 1:352f608c3337 481 block_copy(st, dt);
mluis 1:352f608c3337 482 #else
mluis 1:352f608c3337 483 static void inv_mix_sub_columns( uint8_t dt[N_BLOCK], uint8_t st[N_BLOCK] )
mluis 1:352f608c3337 484 {
mluis 1:352f608c3337 485 #endif
mluis 1:352f608c3337 486 dt[ 0] = is_box(gfm_e(st[ 0]) ^ gfm_b(st[ 1]) ^ gfm_d(st[ 2]) ^ gfm_9(st[ 3]));
mluis 1:352f608c3337 487 dt[ 5] = is_box(gfm_9(st[ 0]) ^ gfm_e(st[ 1]) ^ gfm_b(st[ 2]) ^ gfm_d(st[ 3]));
mluis 1:352f608c3337 488 dt[10] = is_box(gfm_d(st[ 0]) ^ gfm_9(st[ 1]) ^ gfm_e(st[ 2]) ^ gfm_b(st[ 3]));
mluis 1:352f608c3337 489 dt[15] = is_box(gfm_b(st[ 0]) ^ gfm_d(st[ 1]) ^ gfm_9(st[ 2]) ^ gfm_e(st[ 3]));
mluis 1:352f608c3337 490
mluis 1:352f608c3337 491 dt[ 4] = is_box(gfm_e(st[ 4]) ^ gfm_b(st[ 5]) ^ gfm_d(st[ 6]) ^ gfm_9(st[ 7]));
mluis 1:352f608c3337 492 dt[ 9] = is_box(gfm_9(st[ 4]) ^ gfm_e(st[ 5]) ^ gfm_b(st[ 6]) ^ gfm_d(st[ 7]));
mluis 1:352f608c3337 493 dt[14] = is_box(gfm_d(st[ 4]) ^ gfm_9(st[ 5]) ^ gfm_e(st[ 6]) ^ gfm_b(st[ 7]));
mluis 1:352f608c3337 494 dt[ 3] = is_box(gfm_b(st[ 4]) ^ gfm_d(st[ 5]) ^ gfm_9(st[ 6]) ^ gfm_e(st[ 7]));
mluis 1:352f608c3337 495
mluis 1:352f608c3337 496 dt[ 8] = is_box(gfm_e(st[ 8]) ^ gfm_b(st[ 9]) ^ gfm_d(st[10]) ^ gfm_9(st[11]));
mluis 1:352f608c3337 497 dt[13] = is_box(gfm_9(st[ 8]) ^ gfm_e(st[ 9]) ^ gfm_b(st[10]) ^ gfm_d(st[11]));
mluis 1:352f608c3337 498 dt[ 2] = is_box(gfm_d(st[ 8]) ^ gfm_9(st[ 9]) ^ gfm_e(st[10]) ^ gfm_b(st[11]));
mluis 1:352f608c3337 499 dt[ 7] = is_box(gfm_b(st[ 8]) ^ gfm_d(st[ 9]) ^ gfm_9(st[10]) ^ gfm_e(st[11]));
mluis 1:352f608c3337 500
mluis 1:352f608c3337 501 dt[12] = is_box(gfm_e(st[12]) ^ gfm_b(st[13]) ^ gfm_d(st[14]) ^ gfm_9(st[15]));
mluis 1:352f608c3337 502 dt[ 1] = is_box(gfm_9(st[12]) ^ gfm_e(st[13]) ^ gfm_b(st[14]) ^ gfm_d(st[15]));
mluis 1:352f608c3337 503 dt[ 6] = is_box(gfm_d(st[12]) ^ gfm_9(st[13]) ^ gfm_e(st[14]) ^ gfm_b(st[15]));
mluis 1:352f608c3337 504 dt[11] = is_box(gfm_b(st[12]) ^ gfm_d(st[13]) ^ gfm_9(st[14]) ^ gfm_e(st[15]));
mluis 1:352f608c3337 505 }
mluis 1:352f608c3337 506
mluis 1:352f608c3337 507 #endif
mluis 1:352f608c3337 508
mluis 1:352f608c3337 509 #if defined( AES_ENC_PREKEYED ) || defined( AES_DEC_PREKEYED )
mluis 1:352f608c3337 510
mluis 1:352f608c3337 511 /* Set the cipher key for the pre-keyed version */
mluis 1:352f608c3337 512
mluis 1:352f608c3337 513 return_type aes_set_key( const uint8_t key[], length_type keylen, aes_context ctx[1] )
mluis 1:352f608c3337 514 {
mluis 1:352f608c3337 515 uint8_t cc, rc, hi;
mluis 1:352f608c3337 516
mluis 1:352f608c3337 517 switch( keylen )
mluis 1:352f608c3337 518 {
mluis 1:352f608c3337 519 case 16:
mluis 1:352f608c3337 520 case 24:
mluis 1:352f608c3337 521 case 32:
mluis 1:352f608c3337 522 break;
mluis 5:1e9f6a365854 523 default:
mluis 5:1e9f6a365854 524 ctx->rnd = 0;
mluis 1:352f608c3337 525 return ( uint8_t )-1;
mluis 1:352f608c3337 526 }
mluis 1:352f608c3337 527 block_copy_nn(ctx->ksch, key, keylen);
mluis 1:352f608c3337 528 hi = (keylen + 28) << 2;
mluis 1:352f608c3337 529 ctx->rnd = (hi >> 4) - 1;
mluis 1:352f608c3337 530 for( cc = keylen, rc = 1; cc < hi; cc += 4 )
mluis 1:352f608c3337 531 { uint8_t tt, t0, t1, t2, t3;
mluis 1:352f608c3337 532
mluis 1:352f608c3337 533 t0 = ctx->ksch[cc - 4];
mluis 1:352f608c3337 534 t1 = ctx->ksch[cc - 3];
mluis 1:352f608c3337 535 t2 = ctx->ksch[cc - 2];
mluis 1:352f608c3337 536 t3 = ctx->ksch[cc - 1];
mluis 1:352f608c3337 537 if( cc % keylen == 0 )
mluis 1:352f608c3337 538 {
mluis 1:352f608c3337 539 tt = t0;
mluis 1:352f608c3337 540 t0 = s_box(t1) ^ rc;
mluis 1:352f608c3337 541 t1 = s_box(t2);
mluis 1:352f608c3337 542 t2 = s_box(t3);
mluis 1:352f608c3337 543 t3 = s_box(tt);
mluis 1:352f608c3337 544 rc = f2(rc);
mluis 1:352f608c3337 545 }
mluis 1:352f608c3337 546 else if( keylen > 24 && cc % keylen == 16 )
mluis 1:352f608c3337 547 {
mluis 1:352f608c3337 548 t0 = s_box(t0);
mluis 1:352f608c3337 549 t1 = s_box(t1);
mluis 1:352f608c3337 550 t2 = s_box(t2);
mluis 1:352f608c3337 551 t3 = s_box(t3);
mluis 1:352f608c3337 552 }
mluis 1:352f608c3337 553 tt = cc - keylen;
mluis 1:352f608c3337 554 ctx->ksch[cc + 0] = ctx->ksch[tt + 0] ^ t0;
mluis 1:352f608c3337 555 ctx->ksch[cc + 1] = ctx->ksch[tt + 1] ^ t1;
mluis 1:352f608c3337 556 ctx->ksch[cc + 2] = ctx->ksch[tt + 2] ^ t2;
mluis 1:352f608c3337 557 ctx->ksch[cc + 3] = ctx->ksch[tt + 3] ^ t3;
mluis 1:352f608c3337 558 }
mluis 1:352f608c3337 559 return 0;
mluis 1:352f608c3337 560 }
mluis 1:352f608c3337 561
mluis 1:352f608c3337 562 #endif
mluis 1:352f608c3337 563
mluis 1:352f608c3337 564 #if defined( AES_ENC_PREKEYED )
mluis 1:352f608c3337 565
mluis 1:352f608c3337 566 /* Encrypt a single block of 16 bytes */
mluis 1:352f608c3337 567
mluis 1:352f608c3337 568 return_type aes_encrypt( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK], const aes_context ctx[1] )
mluis 1:352f608c3337 569 {
mluis 1:352f608c3337 570 if( ctx->rnd )
mluis 1:352f608c3337 571 {
mluis 1:352f608c3337 572 uint8_t s1[N_BLOCK], r;
mluis 1:352f608c3337 573 copy_and_key( s1, in, ctx->ksch );
mluis 1:352f608c3337 574
mluis 1:352f608c3337 575 for( r = 1 ; r < ctx->rnd ; ++r )
mluis 1:352f608c3337 576 #if defined( VERSION_1 )
mluis 1:352f608c3337 577 {
mluis 1:352f608c3337 578 mix_sub_columns( s1 );
mluis 1:352f608c3337 579 add_round_key( s1, ctx->ksch + r * N_BLOCK);
mluis 1:352f608c3337 580 }
mluis 1:352f608c3337 581 #else
mluis 1:352f608c3337 582 { uint8_t s2[N_BLOCK];
mluis 1:352f608c3337 583 mix_sub_columns( s2, s1 );
mluis 1:352f608c3337 584 copy_and_key( s1, s2, ctx->ksch + r * N_BLOCK);
mluis 1:352f608c3337 585 }
mluis 1:352f608c3337 586 #endif
mluis 1:352f608c3337 587 shift_sub_rows( s1 );
mluis 1:352f608c3337 588 copy_and_key( out, s1, ctx->ksch + r * N_BLOCK );
mluis 1:352f608c3337 589 }
mluis 1:352f608c3337 590 else
mluis 1:352f608c3337 591 return ( uint8_t )-1;
mluis 1:352f608c3337 592 return 0;
mluis 1:352f608c3337 593 }
mluis 1:352f608c3337 594
mluis 1:352f608c3337 595 /* CBC encrypt a number of blocks (input and return an IV) */
mluis 1:352f608c3337 596
mluis 1:352f608c3337 597 return_type aes_cbc_encrypt( const uint8_t *in, uint8_t *out,
mluis 1:352f608c3337 598 int32_t n_block, uint8_t iv[N_BLOCK], const aes_context ctx[1] )
mluis 1:352f608c3337 599 {
mluis 1:352f608c3337 600
mluis 1:352f608c3337 601 while(n_block--)
mluis 1:352f608c3337 602 {
mluis 1:352f608c3337 603 xor_block(iv, in);
mluis 1:352f608c3337 604 if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
mluis 1:352f608c3337 605 return EXIT_FAILURE;
mluis 1:352f608c3337 606 //memcpy(out, iv, N_BLOCK);
mluis 1:352f608c3337 607 block_copy(out, iv);
mluis 1:352f608c3337 608 in += N_BLOCK;
mluis 1:352f608c3337 609 out += N_BLOCK;
mluis 1:352f608c3337 610 }
mluis 1:352f608c3337 611 return EXIT_SUCCESS;
mluis 1:352f608c3337 612 }
mluis 1:352f608c3337 613
mluis 1:352f608c3337 614 #endif
mluis 1:352f608c3337 615
mluis 1:352f608c3337 616 #if defined( AES_DEC_PREKEYED )
mluis 1:352f608c3337 617
mluis 1:352f608c3337 618 /* Decrypt a single block of 16 bytes */
mluis 1:352f608c3337 619
mluis 1:352f608c3337 620 return_type aes_decrypt( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK], const aes_context ctx[1] )
mluis 1:352f608c3337 621 {
mluis 1:352f608c3337 622 if( ctx->rnd )
mluis 1:352f608c3337 623 {
mluis 1:352f608c3337 624 uint8_t s1[N_BLOCK], r;
mluis 1:352f608c3337 625 copy_and_key( s1, in, ctx->ksch + ctx->rnd * N_BLOCK );
mluis 1:352f608c3337 626 inv_shift_sub_rows( s1 );
mluis 1:352f608c3337 627
mluis 1:352f608c3337 628 for( r = ctx->rnd ; --r ; )
mluis 1:352f608c3337 629 #if defined( VERSION_1 )
mluis 1:352f608c3337 630 {
mluis 1:352f608c3337 631 add_round_key( s1, ctx->ksch + r * N_BLOCK );
mluis 1:352f608c3337 632 inv_mix_sub_columns( s1 );
mluis 1:352f608c3337 633 }
mluis 1:352f608c3337 634 #else
mluis 1:352f608c3337 635 { uint8_t s2[N_BLOCK];
mluis 1:352f608c3337 636 copy_and_key( s2, s1, ctx->ksch + r * N_BLOCK );
mluis 1:352f608c3337 637 inv_mix_sub_columns( s1, s2 );
mluis 1:352f608c3337 638 }
mluis 1:352f608c3337 639 #endif
mluis 1:352f608c3337 640 copy_and_key( out, s1, ctx->ksch );
mluis 1:352f608c3337 641 }
mluis 1:352f608c3337 642 else
mluis 1:352f608c3337 643 return -1;
mluis 1:352f608c3337 644 return 0;
mluis 1:352f608c3337 645 }
mluis 1:352f608c3337 646
mluis 1:352f608c3337 647 /* CBC decrypt a number of blocks (input and return an IV) */
mluis 1:352f608c3337 648
mluis 1:352f608c3337 649 return_type aes_cbc_decrypt( const uint8_t *in, uint8_t *out,
mluis 1:352f608c3337 650 int32_t n_block, uint8_t iv[N_BLOCK], const aes_context ctx[1] )
mluis 5:1e9f6a365854 651 {
mluis 1:352f608c3337 652 while(n_block--)
mluis 1:352f608c3337 653 { uint8_t tmp[N_BLOCK];
mluis 5:1e9f6a365854 654
mluis 1:352f608c3337 655 //memcpy(tmp, in, N_BLOCK);
mluis 1:352f608c3337 656 block_copy(tmp, in);
mluis 1:352f608c3337 657 if(aes_decrypt(in, out, ctx) != EXIT_SUCCESS)
mluis 1:352f608c3337 658 return EXIT_FAILURE;
mluis 1:352f608c3337 659 xor_block(out, iv);
mluis 1:352f608c3337 660 //memcpy(iv, tmp, N_BLOCK);
mluis 1:352f608c3337 661 block_copy(iv, tmp);
mluis 1:352f608c3337 662 in += N_BLOCK;
mluis 1:352f608c3337 663 out += N_BLOCK;
mluis 1:352f608c3337 664 }
mluis 1:352f608c3337 665 return EXIT_SUCCESS;
mluis 1:352f608c3337 666 }
mluis 1:352f608c3337 667
mluis 1:352f608c3337 668 #endif
mluis 1:352f608c3337 669
mluis 1:352f608c3337 670 #if defined( AES_ENC_128_OTFK )
mluis 1:352f608c3337 671
mluis 1:352f608c3337 672 /* The 'on the fly' encryption key update for for 128 bit keys */
mluis 1:352f608c3337 673
mluis 1:352f608c3337 674 static void update_encrypt_key_128( uint8_t k[N_BLOCK], uint8_t *rc )
mluis 1:352f608c3337 675 { uint8_t cc;
mluis 1:352f608c3337 676
mluis 1:352f608c3337 677 k[0] ^= s_box(k[13]) ^ *rc;
mluis 1:352f608c3337 678 k[1] ^= s_box(k[14]);
mluis 1:352f608c3337 679 k[2] ^= s_box(k[15]);
mluis 1:352f608c3337 680 k[3] ^= s_box(k[12]);
mluis 1:352f608c3337 681 *rc = f2( *rc );
mluis 1:352f608c3337 682
mluis 1:352f608c3337 683 for(cc = 4; cc < 16; cc += 4 )
mluis 1:352f608c3337 684 {
mluis 1:352f608c3337 685 k[cc + 0] ^= k[cc - 4];
mluis 1:352f608c3337 686 k[cc + 1] ^= k[cc - 3];
mluis 1:352f608c3337 687 k[cc + 2] ^= k[cc - 2];
mluis 1:352f608c3337 688 k[cc + 3] ^= k[cc - 1];
mluis 1:352f608c3337 689 }
mluis 1:352f608c3337 690 }
mluis 1:352f608c3337 691
mluis 1:352f608c3337 692 /* Encrypt a single block of 16 bytes with 'on the fly' 128 bit keying */
mluis 1:352f608c3337 693
mluis 1:352f608c3337 694 void aes_encrypt_128( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK],
mluis 1:352f608c3337 695 const uint8_t key[N_BLOCK], uint8_t o_key[N_BLOCK] )
mluis 1:352f608c3337 696 { uint8_t s1[N_BLOCK], r, rc = 1;
mluis 1:352f608c3337 697
mluis 1:352f608c3337 698 if(o_key != key)
mluis 1:352f608c3337 699 block_copy( o_key, key );
mluis 1:352f608c3337 700 copy_and_key( s1, in, o_key );
mluis 1:352f608c3337 701
mluis 1:352f608c3337 702 for( r = 1 ; r < 10 ; ++r )
mluis 1:352f608c3337 703 #if defined( VERSION_1 )
mluis 1:352f608c3337 704 {
mluis 1:352f608c3337 705 mix_sub_columns( s1 );
mluis 1:352f608c3337 706 update_encrypt_key_128( o_key, &rc );
mluis 1:352f608c3337 707 add_round_key( s1, o_key );
mluis 1:352f608c3337 708 }
mluis 1:352f608c3337 709 #else
mluis 1:352f608c3337 710 { uint8_t s2[N_BLOCK];
mluis 1:352f608c3337 711 mix_sub_columns( s2, s1 );
mluis 1:352f608c3337 712 update_encrypt_key_128( o_key, &rc );
mluis 1:352f608c3337 713 copy_and_key( s1, s2, o_key );
mluis 1:352f608c3337 714 }
mluis 1:352f608c3337 715 #endif
mluis 1:352f608c3337 716
mluis 1:352f608c3337 717 shift_sub_rows( s1 );
mluis 1:352f608c3337 718 update_encrypt_key_128( o_key, &rc );
mluis 1:352f608c3337 719 copy_and_key( out, s1, o_key );
mluis 1:352f608c3337 720 }
mluis 1:352f608c3337 721
mluis 1:352f608c3337 722 #endif
mluis 1:352f608c3337 723
mluis 1:352f608c3337 724 #if defined( AES_DEC_128_OTFK )
mluis 1:352f608c3337 725
mluis 1:352f608c3337 726 /* The 'on the fly' decryption key update for for 128 bit keys */
mluis 1:352f608c3337 727
mluis 1:352f608c3337 728 static void update_decrypt_key_128( uint8_t k[N_BLOCK], uint8_t *rc )
mluis 1:352f608c3337 729 { uint8_t cc;
mluis 1:352f608c3337 730
mluis 1:352f608c3337 731 for( cc = 12; cc > 0; cc -= 4 )
mluis 1:352f608c3337 732 {
mluis 1:352f608c3337 733 k[cc + 0] ^= k[cc - 4];
mluis 1:352f608c3337 734 k[cc + 1] ^= k[cc - 3];
mluis 1:352f608c3337 735 k[cc + 2] ^= k[cc - 2];
mluis 1:352f608c3337 736 k[cc + 3] ^= k[cc - 1];
mluis 1:352f608c3337 737 }
mluis 1:352f608c3337 738 *rc = d2(*rc);
mluis 1:352f608c3337 739 k[0] ^= s_box(k[13]) ^ *rc;
mluis 1:352f608c3337 740 k[1] ^= s_box(k[14]);
mluis 1:352f608c3337 741 k[2] ^= s_box(k[15]);
mluis 1:352f608c3337 742 k[3] ^= s_box(k[12]);
mluis 1:352f608c3337 743 }
mluis 1:352f608c3337 744
mluis 1:352f608c3337 745 /* Decrypt a single block of 16 bytes with 'on the fly' 128 bit keying */
mluis 1:352f608c3337 746
mluis 1:352f608c3337 747 void aes_decrypt_128( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK],
mluis 1:352f608c3337 748 const uint8_t key[N_BLOCK], uint8_t o_key[N_BLOCK] )
mluis 1:352f608c3337 749 {
mluis 1:352f608c3337 750 uint8_t s1[N_BLOCK], r, rc = 0x6c;
mluis 1:352f608c3337 751 if(o_key != key)
mluis 1:352f608c3337 752 block_copy( o_key, key );
mluis 1:352f608c3337 753
mluis 1:352f608c3337 754 copy_and_key( s1, in, o_key );
mluis 1:352f608c3337 755 inv_shift_sub_rows( s1 );
mluis 1:352f608c3337 756
mluis 1:352f608c3337 757 for( r = 10 ; --r ; )
mluis 1:352f608c3337 758 #if defined( VERSION_1 )
mluis 1:352f608c3337 759 {
mluis 1:352f608c3337 760 update_decrypt_key_128( o_key, &rc );
mluis 1:352f608c3337 761 add_round_key( s1, o_key );
mluis 1:352f608c3337 762 inv_mix_sub_columns( s1 );
mluis 1:352f608c3337 763 }
mluis 1:352f608c3337 764 #else
mluis 1:352f608c3337 765 { uint8_t s2[N_BLOCK];
mluis 1:352f608c3337 766 update_decrypt_key_128( o_key, &rc );
mluis 1:352f608c3337 767 copy_and_key( s2, s1, o_key );
mluis 1:352f608c3337 768 inv_mix_sub_columns( s1, s2 );
mluis 1:352f608c3337 769 }
mluis 1:352f608c3337 770 #endif
mluis 1:352f608c3337 771 update_decrypt_key_128( o_key, &rc );
mluis 1:352f608c3337 772 copy_and_key( out, s1, o_key );
mluis 1:352f608c3337 773 }
mluis 1:352f608c3337 774
mluis 1:352f608c3337 775 #endif
mluis 1:352f608c3337 776
mluis 1:352f608c3337 777 #if defined( AES_ENC_256_OTFK )
mluis 1:352f608c3337 778
mluis 1:352f608c3337 779 /* The 'on the fly' encryption key update for for 256 bit keys */
mluis 1:352f608c3337 780
mluis 1:352f608c3337 781 static void update_encrypt_key_256( uint8_t k[2 * N_BLOCK], uint8_t *rc )
mluis 1:352f608c3337 782 { uint8_t cc;
mluis 1:352f608c3337 783
mluis 1:352f608c3337 784 k[0] ^= s_box(k[29]) ^ *rc;
mluis 1:352f608c3337 785 k[1] ^= s_box(k[30]);
mluis 1:352f608c3337 786 k[2] ^= s_box(k[31]);
mluis 1:352f608c3337 787 k[3] ^= s_box(k[28]);
mluis 1:352f608c3337 788 *rc = f2( *rc );
mluis 1:352f608c3337 789
mluis 1:352f608c3337 790 for(cc = 4; cc < 16; cc += 4)
mluis 1:352f608c3337 791 {
mluis 1:352f608c3337 792 k[cc + 0] ^= k[cc - 4];
mluis 1:352f608c3337 793 k[cc + 1] ^= k[cc - 3];
mluis 1:352f608c3337 794 k[cc + 2] ^= k[cc - 2];
mluis 1:352f608c3337 795 k[cc + 3] ^= k[cc - 1];
mluis 1:352f608c3337 796 }
mluis 1:352f608c3337 797
mluis 1:352f608c3337 798 k[16] ^= s_box(k[12]);
mluis 1:352f608c3337 799 k[17] ^= s_box(k[13]);
mluis 1:352f608c3337 800 k[18] ^= s_box(k[14]);
mluis 1:352f608c3337 801 k[19] ^= s_box(k[15]);
mluis 1:352f608c3337 802
mluis 1:352f608c3337 803 for( cc = 20; cc < 32; cc += 4 )
mluis 1:352f608c3337 804 {
mluis 1:352f608c3337 805 k[cc + 0] ^= k[cc - 4];
mluis 1:352f608c3337 806 k[cc + 1] ^= k[cc - 3];
mluis 1:352f608c3337 807 k[cc + 2] ^= k[cc - 2];
mluis 1:352f608c3337 808 k[cc + 3] ^= k[cc - 1];
mluis 1:352f608c3337 809 }
mluis 1:352f608c3337 810 }
mluis 1:352f608c3337 811
mluis 1:352f608c3337 812 /* Encrypt a single block of 16 bytes with 'on the fly' 256 bit keying */
mluis 1:352f608c3337 813
mluis 1:352f608c3337 814 void aes_encrypt_256( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK],
mluis 1:352f608c3337 815 const uint8_t key[2 * N_BLOCK], uint8_t o_key[2 * N_BLOCK] )
mluis 1:352f608c3337 816 {
mluis 1:352f608c3337 817 uint8_t s1[N_BLOCK], r, rc = 1;
mluis 1:352f608c3337 818 if(o_key != key)
mluis 1:352f608c3337 819 {
mluis 1:352f608c3337 820 block_copy( o_key, key );
mluis 1:352f608c3337 821 block_copy( o_key + 16, key + 16 );
mluis 1:352f608c3337 822 }
mluis 1:352f608c3337 823 copy_and_key( s1, in, o_key );
mluis 1:352f608c3337 824
mluis 1:352f608c3337 825 for( r = 1 ; r < 14 ; ++r )
mluis 1:352f608c3337 826 #if defined( VERSION_1 )
mluis 1:352f608c3337 827 {
mluis 1:352f608c3337 828 mix_sub_columns(s1);
mluis 1:352f608c3337 829 if( r & 1 )
mluis 1:352f608c3337 830 add_round_key( s1, o_key + 16 );
mluis 1:352f608c3337 831 else
mluis 1:352f608c3337 832 {
mluis 1:352f608c3337 833 update_encrypt_key_256( o_key, &rc );
mluis 1:352f608c3337 834 add_round_key( s1, o_key );
mluis 1:352f608c3337 835 }
mluis 1:352f608c3337 836 }
mluis 1:352f608c3337 837 #else
mluis 1:352f608c3337 838 { uint8_t s2[N_BLOCK];
mluis 1:352f608c3337 839 mix_sub_columns( s2, s1 );
mluis 1:352f608c3337 840 if( r & 1 )
mluis 1:352f608c3337 841 copy_and_key( s1, s2, o_key + 16 );
mluis 1:352f608c3337 842 else
mluis 1:352f608c3337 843 {
mluis 1:352f608c3337 844 update_encrypt_key_256( o_key, &rc );
mluis 1:352f608c3337 845 copy_and_key( s1, s2, o_key );
mluis 1:352f608c3337 846 }
mluis 1:352f608c3337 847 }
mluis 1:352f608c3337 848 #endif
mluis 1:352f608c3337 849
mluis 1:352f608c3337 850 shift_sub_rows( s1 );
mluis 1:352f608c3337 851 update_encrypt_key_256( o_key, &rc );
mluis 1:352f608c3337 852 copy_and_key( out, s1, o_key );
mluis 1:352f608c3337 853 }
mluis 1:352f608c3337 854
mluis 1:352f608c3337 855 #endif
mluis 1:352f608c3337 856
mluis 1:352f608c3337 857 #if defined( AES_DEC_256_OTFK )
mluis 1:352f608c3337 858
mluis 1:352f608c3337 859 /* The 'on the fly' encryption key update for for 256 bit keys */
mluis 1:352f608c3337 860
mluis 1:352f608c3337 861 static void update_decrypt_key_256( uint8_t k[2 * N_BLOCK], uint8_t *rc )
mluis 1:352f608c3337 862 { uint8_t cc;
mluis 1:352f608c3337 863
mluis 1:352f608c3337 864 for(cc = 28; cc > 16; cc -= 4)
mluis 1:352f608c3337 865 {
mluis 1:352f608c3337 866 k[cc + 0] ^= k[cc - 4];
mluis 1:352f608c3337 867 k[cc + 1] ^= k[cc - 3];
mluis 1:352f608c3337 868 k[cc + 2] ^= k[cc - 2];
mluis 1:352f608c3337 869 k[cc + 3] ^= k[cc - 1];
mluis 1:352f608c3337 870 }
mluis 1:352f608c3337 871
mluis 1:352f608c3337 872 k[16] ^= s_box(k[12]);
mluis 1:352f608c3337 873 k[17] ^= s_box(k[13]);
mluis 1:352f608c3337 874 k[18] ^= s_box(k[14]);
mluis 1:352f608c3337 875 k[19] ^= s_box(k[15]);
mluis 1:352f608c3337 876
mluis 1:352f608c3337 877 for(cc = 12; cc > 0; cc -= 4)
mluis 1:352f608c3337 878 {
mluis 1:352f608c3337 879 k[cc + 0] ^= k[cc - 4];
mluis 1:352f608c3337 880 k[cc + 1] ^= k[cc - 3];
mluis 1:352f608c3337 881 k[cc + 2] ^= k[cc - 2];
mluis 1:352f608c3337 882 k[cc + 3] ^= k[cc - 1];
mluis 1:352f608c3337 883 }
mluis 1:352f608c3337 884
mluis 1:352f608c3337 885 *rc = d2(*rc);
mluis 1:352f608c3337 886 k[0] ^= s_box(k[29]) ^ *rc;
mluis 1:352f608c3337 887 k[1] ^= s_box(k[30]);
mluis 1:352f608c3337 888 k[2] ^= s_box(k[31]);
mluis 1:352f608c3337 889 k[3] ^= s_box(k[28]);
mluis 1:352f608c3337 890 }
mluis 1:352f608c3337 891
mluis 1:352f608c3337 892 /* Decrypt a single block of 16 bytes with 'on the fly'
mluis 1:352f608c3337 893 256 bit keying
mluis 1:352f608c3337 894 */
mluis 1:352f608c3337 895 void aes_decrypt_256( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK],
mluis 1:352f608c3337 896 const uint8_t key[2 * N_BLOCK], uint8_t o_key[2 * N_BLOCK] )
mluis 1:352f608c3337 897 {
mluis 1:352f608c3337 898 uint8_t s1[N_BLOCK], r, rc = 0x80;
mluis 1:352f608c3337 899
mluis 1:352f608c3337 900 if(o_key != key)
mluis 1:352f608c3337 901 {
mluis 1:352f608c3337 902 block_copy( o_key, key );
mluis 1:352f608c3337 903 block_copy( o_key + 16, key + 16 );
mluis 1:352f608c3337 904 }
mluis 1:352f608c3337 905
mluis 1:352f608c3337 906 copy_and_key( s1, in, o_key );
mluis 1:352f608c3337 907 inv_shift_sub_rows( s1 );
mluis 1:352f608c3337 908
mluis 1:352f608c3337 909 for( r = 14 ; --r ; )
mluis 1:352f608c3337 910 #if defined( VERSION_1 )
mluis 1:352f608c3337 911 {
mluis 1:352f608c3337 912 if( ( r & 1 ) )
mluis 1:352f608c3337 913 {
mluis 1:352f608c3337 914 update_decrypt_key_256( o_key, &rc );
mluis 1:352f608c3337 915 add_round_key( s1, o_key + 16 );
mluis 1:352f608c3337 916 }
mluis 1:352f608c3337 917 else
mluis 1:352f608c3337 918 add_round_key( s1, o_key );
mluis 1:352f608c3337 919 inv_mix_sub_columns( s1 );
mluis 1:352f608c3337 920 }
mluis 1:352f608c3337 921 #else
mluis 1:352f608c3337 922 { uint8_t s2[N_BLOCK];
mluis 1:352f608c3337 923 if( ( r & 1 ) )
mluis 1:352f608c3337 924 {
mluis 1:352f608c3337 925 update_decrypt_key_256( o_key, &rc );
mluis 1:352f608c3337 926 copy_and_key( s2, s1, o_key + 16 );
mluis 1:352f608c3337 927 }
mluis 1:352f608c3337 928 else
mluis 1:352f608c3337 929 copy_and_key( s2, s1, o_key );
mluis 1:352f608c3337 930 inv_mix_sub_columns( s1, s2 );
mluis 1:352f608c3337 931 }
mluis 1:352f608c3337 932 #endif
mluis 1:352f608c3337 933 copy_and_key( out, s1, o_key );
mluis 1:352f608c3337 934 }
mluis 1:352f608c3337 935
mluis 1:352f608c3337 936 #endif