wayne roberts / Mbed OS LoRaWAN_singlechannel_endnode

end node on synchronous star LoRa network.

Dependencies:   SX127x sx12xx_hal TSL2561

radio chip selection

Radio chip driver is not included, allowing choice of radio device.
If you're using SX1272 or SX1276, then import sx127x driver into your program.
if you're using SX1261 or SX1262, then import sx126x driver into your program.
if you're using SX1280, then import sx1280 driver into your program.
If you're using NAmote72 or Murata discovery, then you must import only sx127x driver.

This project for use with LoRaWAN_singlechannel_gateway project.

Alternately gateway running on raspberry pi can be used as gateway.

LoRaWAN on single radio channel

Network description is at gateway project page. Synchronous star network.

Hardware Support

This project supports SX1276 and SX1272, sx126x kit, sx126x shield, and sx128x 2.4GHz. The ST board B-L072Z-LRWAN1 is also supported (TypeABZ module). When B-L072Z-LRWAN1 target is selected, TARGET_DISCO_L072CZ_LRWAN1 is defined by tools, allowing correct radio driver configuration for this platform. Alternately, any mbed board that can use LoRa radio shield board should work, but NUCLEO boards are tested.

End-node Unique ID

DevEUI is created from CPU serial number. AppEUI and AppKey are declared as software constants.

End-node Configuration

Data rate definition LORAMAC_DEFAULT_DATARATE configured in LoRaMac-definitions.h. See gateway project page for configuration of gateway.
LoRaWAN addressing is configured in Comissioning.h; only OTA mode is functional.
Header file board/lora_config.h, selects application layer options (i.e. sensors) to be compiled in.

Serial Interface

Serial port operates at 115200bps.
Application layer single_us915_main.cpp User button triggers uplink (i.e. blue button on nucleo board), or jumper enables continuously sends repeated uplink packets. The MAC layer holds each uplink request until the allocated timeslot.

commandargumentsdescription
?-print available commands
. (period)-print status (DevEUI, DevAddr, etc)
ullength integerset payload length of test uplink packets

sensor demo

Selected grove sensors may be plugged into SX1272 shield.
To enable, edit lora_config.h to define SENSORS.

Sensor connections on SX1272MB2xAS:

D8 D9: buttonRX TX: (unused)A3 A4: Rotary Angle Sensor
D6 D7: RGB LEDSCL SDA: digital light sensorA1 A2: Rotary Angle Sensor

Digital input pin, state reported via uplink: PC8
Digital output pin, controlled via downlink: PC6
PWM out: PB_10

Jumper enables auto-repeated transmit: PC10 and PC12 on NUCLEO board, located on end of morpho headers nearby JP4.

system/crypto/gladman_aes.cpp@35:be452a242876, 2020-07-13 (annotated)

Committer:
Wayne Roberts
Date:
Mon Jul 13 09:15:59 2020 -0700
Revision:
35:be452a242876
Parent:
0:8f0d0ae0a077 
remove old crypto

Who changed what in which revision?

UserRevisionLine numberNew contents of line
dudmuck 0:8f0d0ae0a077 1 /*
dudmuck 0:8f0d0ae0a077 2 ---------------------------------------------------------------------------
dudmuck 0:8f0d0ae0a077 3 Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
dudmuck 0:8f0d0ae0a077 4
dudmuck 0:8f0d0ae0a077 5 LICENSE TERMS
dudmuck 0:8f0d0ae0a077 6
dudmuck 0:8f0d0ae0a077 7 The redistribution and use of this software (with or without changes)
dudmuck 0:8f0d0ae0a077 8 is allowed without the payment of fees or royalties provided that:
dudmuck 0:8f0d0ae0a077 9
dudmuck 0:8f0d0ae0a077 10 1. source code distributions include the above copyright notice, this
dudmuck 0:8f0d0ae0a077 11 list of conditions and the following disclaimer;
dudmuck 0:8f0d0ae0a077 12
dudmuck 0:8f0d0ae0a077 13 2. binary distributions include the above copyright notice, this list
dudmuck 0:8f0d0ae0a077 14 of conditions and the following disclaimer in their documentation;
dudmuck 0:8f0d0ae0a077 15
dudmuck 0:8f0d0ae0a077 16 3. the name of the copyright holder is not used to endorse products
dudmuck 0:8f0d0ae0a077 17 built using this software without specific written permission.
dudmuck 0:8f0d0ae0a077 18
dudmuck 0:8f0d0ae0a077 19 DISCLAIMER
dudmuck 0:8f0d0ae0a077 20
dudmuck 0:8f0d0ae0a077 21 This software is provided 'as is' with no explicit or implied warranties
dudmuck 0:8f0d0ae0a077 22 in respect of its properties, including, but not limited to, correctness
dudmuck 0:8f0d0ae0a077 23 and/or fitness for purpose.
dudmuck 0:8f0d0ae0a077 24 ---------------------------------------------------------------------------
dudmuck 0:8f0d0ae0a077 25 Issue 09/09/2006
dudmuck 0:8f0d0ae0a077 26
dudmuck 0:8f0d0ae0a077 27 This is an AES implementation that uses only 8-bit byte operations on the
dudmuck 0:8f0d0ae0a077 28 cipher state (there are options to use 32-bit types if available).
dudmuck 0:8f0d0ae0a077 29
dudmuck 0:8f0d0ae0a077 30 The combination of mix columns and byte substitution used here is based on
dudmuck 0:8f0d0ae0a077 31 that developed by Karl Malbrain. His contribution is acknowledged.
dudmuck 0:8f0d0ae0a077 32 */
dudmuck 0:8f0d0ae0a077 33
dudmuck 0:8f0d0ae0a077 34 /* define if you have a fast memcpy function on your system */
dudmuck 0:8f0d0ae0a077 35 #if 0
dudmuck 0:8f0d0ae0a077 36 # define HAVE_MEMCPY
dudmuck 0:8f0d0ae0a077 37 # include <string.h>
dudmuck 0:8f0d0ae0a077 38 # if defined( _MSC_VER )
dudmuck 0:8f0d0ae0a077 39 # include <intrin.h>
dudmuck 0:8f0d0ae0a077 40 # pragma intrinsic( memcpy )
dudmuck 0:8f0d0ae0a077 41 # endif
dudmuck 0:8f0d0ae0a077 42 #endif
dudmuck 0:8f0d0ae0a077 43
dudmuck 0:8f0d0ae0a077 44
dudmuck 0:8f0d0ae0a077 45 #include <stdlib.h>
dudmuck 0:8f0d0ae0a077 46 #include <stdint.h>
dudmuck 0:8f0d0ae0a077 47
dudmuck 0:8f0d0ae0a077 48 /* define if you have fast 32-bit types on your system */
dudmuck 0:8f0d0ae0a077 49 #if ( __CORTEX_M != 0 ) // if Cortex is different from M0/M0+
dudmuck 0:8f0d0ae0a077 50 # define HAVE_UINT_32T
dudmuck 0:8f0d0ae0a077 51 #endif
dudmuck 0:8f0d0ae0a077 52
dudmuck 0:8f0d0ae0a077 53 /* define if you don't want any tables */
dudmuck 0:8f0d0ae0a077 54 #if 1
dudmuck 0:8f0d0ae0a077 55 # define USE_TABLES
dudmuck 0:8f0d0ae0a077 56 #endif
dudmuck 0:8f0d0ae0a077 57
dudmuck 0:8f0d0ae0a077 58 /* On Intel Core 2 duo VERSION_1 is faster */
dudmuck 0:8f0d0ae0a077 59
dudmuck 0:8f0d0ae0a077 60 /* alternative versions (test for performance on your system) */
dudmuck 0:8f0d0ae0a077 61 #if 1
dudmuck 0:8f0d0ae0a077 62 # define VERSION_1
dudmuck 0:8f0d0ae0a077 63 #endif
dudmuck 0:8f0d0ae0a077 64
dudmuck 0:8f0d0ae0a077 65 #include "gladman_aes.h"
dudmuck 0:8f0d0ae0a077 66
dudmuck 0:8f0d0ae0a077 67 //#if defined( HAVE_UINT_32T )
dudmuck 0:8f0d0ae0a077 68 // typedef unsigned long uint32_t;
dudmuck 0:8f0d0ae0a077 69 //#endif
dudmuck 0:8f0d0ae0a077 70
dudmuck 0:8f0d0ae0a077 71 /* functions for finite field multiplication in the AES Galois field */
dudmuck 0:8f0d0ae0a077 72
dudmuck 0:8f0d0ae0a077 73 #define WPOLY 0x011b
dudmuck 0:8f0d0ae0a077 74 #define BPOLY 0x1b
dudmuck 0:8f0d0ae0a077 75 #define DPOLY 0x008d
dudmuck 0:8f0d0ae0a077 76
dudmuck 0:8f0d0ae0a077 77 #define f1(x) (x)
dudmuck 0:8f0d0ae0a077 78 #define f2(x) ((x << 1) ^ (((x >> 7) & 1) * WPOLY))
dudmuck 0:8f0d0ae0a077 79 #define f4(x) ((x << 2) ^ (((x >> 6) & 1) * WPOLY) ^ (((x >> 6) & 2) * WPOLY))
dudmuck 0:8f0d0ae0a077 80 #define f8(x) ((x << 3) ^ (((x >> 5) & 1) * WPOLY) ^ (((x >> 5) & 2) * WPOLY) \
dudmuck 0:8f0d0ae0a077 81 ^ (((x >> 5) & 4) * WPOLY))
dudmuck 0:8f0d0ae0a077 82 #define d2(x) (((x) >> 1) ^ ((x) & 1 ? DPOLY : 0))
dudmuck 0:8f0d0ae0a077 83
dudmuck 0:8f0d0ae0a077 84 #define f3(x) (f2(x) ^ x)
dudmuck 0:8f0d0ae0a077 85 #define f9(x) (f8(x) ^ x)
dudmuck 0:8f0d0ae0a077 86 #define fb(x) (f8(x) ^ f2(x) ^ x)
dudmuck 0:8f0d0ae0a077 87 #define fd(x) (f8(x) ^ f4(x) ^ x)
dudmuck 0:8f0d0ae0a077 88 #define fe(x) (f8(x) ^ f4(x) ^ f2(x))
dudmuck 0:8f0d0ae0a077 89
dudmuck 0:8f0d0ae0a077 90 #if defined( USE_TABLES )
dudmuck 0:8f0d0ae0a077 91
dudmuck 0:8f0d0ae0a077 92 #define sb_data(w) { /* S Box data values */ \
dudmuck 0:8f0d0ae0a077 93 w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\
dudmuck 0:8f0d0ae0a077 94 w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\
dudmuck 0:8f0d0ae0a077 95 w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\
dudmuck 0:8f0d0ae0a077 96 w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\
dudmuck 0:8f0d0ae0a077 97 w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\
dudmuck 0:8f0d0ae0a077 98 w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\
dudmuck 0:8f0d0ae0a077 99 w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\
dudmuck 0:8f0d0ae0a077 100 w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\
dudmuck 0:8f0d0ae0a077 101 w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\
dudmuck 0:8f0d0ae0a077 102 w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\
dudmuck 0:8f0d0ae0a077 103 w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\
dudmuck 0:8f0d0ae0a077 104 w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\
dudmuck 0:8f0d0ae0a077 105 w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\
dudmuck 0:8f0d0ae0a077 106 w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\
dudmuck 0:8f0d0ae0a077 107 w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\
dudmuck 0:8f0d0ae0a077 108 w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\
dudmuck 0:8f0d0ae0a077 109 w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\
dudmuck 0:8f0d0ae0a077 110 w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\
dudmuck 0:8f0d0ae0a077 111 w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\
dudmuck 0:8f0d0ae0a077 112 w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\
dudmuck 0:8f0d0ae0a077 113 w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\
dudmuck 0:8f0d0ae0a077 114 w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\
dudmuck 0:8f0d0ae0a077 115 w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\
dudmuck 0:8f0d0ae0a077 116 w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\
dudmuck 0:8f0d0ae0a077 117 w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\
dudmuck 0:8f0d0ae0a077 118 w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\
dudmuck 0:8f0d0ae0a077 119 w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\
dudmuck 0:8f0d0ae0a077 120 w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\
dudmuck 0:8f0d0ae0a077 121 w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\
dudmuck 0:8f0d0ae0a077 122 w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\
dudmuck 0:8f0d0ae0a077 123 w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\
dudmuck 0:8f0d0ae0a077 124 w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16) }
dudmuck 0:8f0d0ae0a077 125
dudmuck 0:8f0d0ae0a077 126 #define isb_data(w) { /* inverse S Box data values */ \
dudmuck 0:8f0d0ae0a077 127 w(0x52), w(0x09), w(0x6a), w(0xd5), w(0x30), w(0x36), w(0xa5), w(0x38),\
dudmuck 0:8f0d0ae0a077 128 w(0xbf), w(0x40), w(0xa3), w(0x9e), w(0x81), w(0xf3), w(0xd7), w(0xfb),\
dudmuck 0:8f0d0ae0a077 129 w(0x7c), w(0xe3), w(0x39), w(0x82), w(0x9b), w(0x2f), w(0xff), w(0x87),\
dudmuck 0:8f0d0ae0a077 130 w(0x34), w(0x8e), w(0x43), w(0x44), w(0xc4), w(0xde), w(0xe9), w(0xcb),\
dudmuck 0:8f0d0ae0a077 131 w(0x54), w(0x7b), w(0x94), w(0x32), w(0xa6), w(0xc2), w(0x23), w(0x3d),\
dudmuck 0:8f0d0ae0a077 132 w(0xee), w(0x4c), w(0x95), w(0x0b), w(0x42), w(0xfa), w(0xc3), w(0x4e),\
dudmuck 0:8f0d0ae0a077 133 w(0x08), w(0x2e), w(0xa1), w(0x66), w(0x28), w(0xd9), w(0x24), w(0xb2),\
dudmuck 0:8f0d0ae0a077 134 w(0x76), w(0x5b), w(0xa2), w(0x49), w(0x6d), w(0x8b), w(0xd1), w(0x25),\
dudmuck 0:8f0d0ae0a077 135 w(0x72), w(0xf8), w(0xf6), w(0x64), w(0x86), w(0x68), w(0x98), w(0x16),\
dudmuck 0:8f0d0ae0a077 136 w(0xd4), w(0xa4), w(0x5c), w(0xcc), w(0x5d), w(0x65), w(0xb6), w(0x92),\
dudmuck 0:8f0d0ae0a077 137 w(0x6c), w(0x70), w(0x48), w(0x50), w(0xfd), w(0xed), w(0xb9), w(0xda),\
dudmuck 0:8f0d0ae0a077 138 w(0x5e), w(0x15), w(0x46), w(0x57), w(0xa7), w(0x8d), w(0x9d), w(0x84),\
dudmuck 0:8f0d0ae0a077 139 w(0x90), w(0xd8), w(0xab), w(0x00), w(0x8c), w(0xbc), w(0xd3), w(0x0a),\
dudmuck 0:8f0d0ae0a077 140 w(0xf7), w(0xe4), w(0x58), w(0x05), w(0xb8), w(0xb3), w(0x45), w(0x06),\
dudmuck 0:8f0d0ae0a077 141 w(0xd0), w(0x2c), w(0x1e), w(0x8f), w(0xca), w(0x3f), w(0x0f), w(0x02),\
dudmuck 0:8f0d0ae0a077 142 w(0xc1), w(0xaf), w(0xbd), w(0x03), w(0x01), w(0x13), w(0x8a), w(0x6b),\
dudmuck 0:8f0d0ae0a077 143 w(0x3a), w(0x91), w(0x11), w(0x41), w(0x4f), w(0x67), w(0xdc), w(0xea),\
dudmuck 0:8f0d0ae0a077 144 w(0x97), w(0xf2), w(0xcf), w(0xce), w(0xf0), w(0xb4), w(0xe6), w(0x73),\
dudmuck 0:8f0d0ae0a077 145 w(0x96), w(0xac), w(0x74), w(0x22), w(0xe7), w(0xad), w(0x35), w(0x85),\
dudmuck 0:8f0d0ae0a077 146 w(0xe2), w(0xf9), w(0x37), w(0xe8), w(0x1c), w(0x75), w(0xdf), w(0x6e),\
dudmuck 0:8f0d0ae0a077 147 w(0x47), w(0xf1), w(0x1a), w(0x71), w(0x1d), w(0x29), w(0xc5), w(0x89),\
dudmuck 0:8f0d0ae0a077 148 w(0x6f), w(0xb7), w(0x62), w(0x0e), w(0xaa), w(0x18), w(0xbe), w(0x1b),\
dudmuck 0:8f0d0ae0a077 149 w(0xfc), w(0x56), w(0x3e), w(0x4b), w(0xc6), w(0xd2), w(0x79), w(0x20),\
dudmuck 0:8f0d0ae0a077 150 w(0x9a), w(0xdb), w(0xc0), w(0xfe), w(0x78), w(0xcd), w(0x5a), w(0xf4),\
dudmuck 0:8f0d0ae0a077 151 w(0x1f), w(0xdd), w(0xa8), w(0x33), w(0x88), w(0x07), w(0xc7), w(0x31),\
dudmuck 0:8f0d0ae0a077 152 w(0xb1), w(0x12), w(0x10), w(0x59), w(0x27), w(0x80), w(0xec), w(0x5f),\
dudmuck 0:8f0d0ae0a077 153 w(0x60), w(0x51), w(0x7f), w(0xa9), w(0x19), w(0xb5), w(0x4a), w(0x0d),\
dudmuck 0:8f0d0ae0a077 154 w(0x2d), w(0xe5), w(0x7a), w(0x9f), w(0x93), w(0xc9), w(0x9c), w(0xef),\
dudmuck 0:8f0d0ae0a077 155 w(0xa0), w(0xe0), w(0x3b), w(0x4d), w(0xae), w(0x2a), w(0xf5), w(0xb0),\
dudmuck 0:8f0d0ae0a077 156 w(0xc8), w(0xeb), w(0xbb), w(0x3c), w(0x83), w(0x53), w(0x99), w(0x61),\
dudmuck 0:8f0d0ae0a077 157 w(0x17), w(0x2b), w(0x04), w(0x7e), w(0xba), w(0x77), w(0xd6), w(0x26),\
dudmuck 0:8f0d0ae0a077 158 w(0xe1), w(0x69), w(0x14), w(0x63), w(0x55), w(0x21), w(0x0c), w(0x7d) }
dudmuck 0:8f0d0ae0a077 159
dudmuck 0:8f0d0ae0a077 160 #define mm_data(w) { /* basic data for forming finite field tables */ \
dudmuck 0:8f0d0ae0a077 161 w(0x00), w(0x01), w(0x02), w(0x03), w(0x04), w(0x05), w(0x06), w(0x07),\
dudmuck 0:8f0d0ae0a077 162 w(0x08), w(0x09), w(0x0a), w(0x0b), w(0x0c), w(0x0d), w(0x0e), w(0x0f),\
dudmuck 0:8f0d0ae0a077 163 w(0x10), w(0x11), w(0x12), w(0x13), w(0x14), w(0x15), w(0x16), w(0x17),\
dudmuck 0:8f0d0ae0a077 164 w(0x18), w(0x19), w(0x1a), w(0x1b), w(0x1c), w(0x1d), w(0x1e), w(0x1f),\
dudmuck 0:8f0d0ae0a077 165 w(0x20), w(0x21), w(0x22), w(0x23), w(0x24), w(0x25), w(0x26), w(0x27),\
dudmuck 0:8f0d0ae0a077 166 w(0x28), w(0x29), w(0x2a), w(0x2b), w(0x2c), w(0x2d), w(0x2e), w(0x2f),\
dudmuck 0:8f0d0ae0a077 167 w(0x30), w(0x31), w(0x32), w(0x33), w(0x34), w(0x35), w(0x36), w(0x37),\
dudmuck 0:8f0d0ae0a077 168 w(0x38), w(0x39), w(0x3a), w(0x3b), w(0x3c), w(0x3d), w(0x3e), w(0x3f),\
dudmuck 0:8f0d0ae0a077 169 w(0x40), w(0x41), w(0x42), w(0x43), w(0x44), w(0x45), w(0x46), w(0x47),\
dudmuck 0:8f0d0ae0a077 170 w(0x48), w(0x49), w(0x4a), w(0x4b), w(0x4c), w(0x4d), w(0x4e), w(0x4f),\
dudmuck 0:8f0d0ae0a077 171 w(0x50), w(0x51), w(0x52), w(0x53), w(0x54), w(0x55), w(0x56), w(0x57),\
dudmuck 0:8f0d0ae0a077 172 w(0x58), w(0x59), w(0x5a), w(0x5b), w(0x5c), w(0x5d), w(0x5e), w(0x5f),\
dudmuck 0:8f0d0ae0a077 173 w(0x60), w(0x61), w(0x62), w(0x63), w(0x64), w(0x65), w(0x66), w(0x67),\
dudmuck 0:8f0d0ae0a077 174 w(0x68), w(0x69), w(0x6a), w(0x6b), w(0x6c), w(0x6d), w(0x6e), w(0x6f),\
dudmuck 0:8f0d0ae0a077 175 w(0x70), w(0x71), w(0x72), w(0x73), w(0x74), w(0x75), w(0x76), w(0x77),\
dudmuck 0:8f0d0ae0a077 176 w(0x78), w(0x79), w(0x7a), w(0x7b), w(0x7c), w(0x7d), w(0x7e), w(0x7f),\
dudmuck 0:8f0d0ae0a077 177 w(0x80), w(0x81), w(0x82), w(0x83), w(0x84), w(0x85), w(0x86), w(0x87),\
dudmuck 0:8f0d0ae0a077 178 w(0x88), w(0x89), w(0x8a), w(0x8b), w(0x8c), w(0x8d), w(0x8e), w(0x8f),\
dudmuck 0:8f0d0ae0a077 179 w(0x90), w(0x91), w(0x92), w(0x93), w(0x94), w(0x95), w(0x96), w(0x97),\
dudmuck 0:8f0d0ae0a077 180 w(0x98), w(0x99), w(0x9a), w(0x9b), w(0x9c), w(0x9d), w(0x9e), w(0x9f),\
dudmuck 0:8f0d0ae0a077 181 w(0xa0), w(0xa1), w(0xa2), w(0xa3), w(0xa4), w(0xa5), w(0xa6), w(0xa7),\
dudmuck 0:8f0d0ae0a077 182 w(0xa8), w(0xa9), w(0xaa), w(0xab), w(0xac), w(0xad), w(0xae), w(0xaf),\
dudmuck 0:8f0d0ae0a077 183 w(0xb0), w(0xb1), w(0xb2), w(0xb3), w(0xb4), w(0xb5), w(0xb6), w(0xb7),\
dudmuck 0:8f0d0ae0a077 184 w(0xb8), w(0xb9), w(0xba), w(0xbb), w(0xbc), w(0xbd), w(0xbe), w(0xbf),\
dudmuck 0:8f0d0ae0a077 185 w(0xc0), w(0xc1), w(0xc2), w(0xc3), w(0xc4), w(0xc5), w(0xc6), w(0xc7),\
dudmuck 0:8f0d0ae0a077 186 w(0xc8), w(0xc9), w(0xca), w(0xcb), w(0xcc), w(0xcd), w(0xce), w(0xcf),\
dudmuck 0:8f0d0ae0a077 187 w(0xd0), w(0xd1), w(0xd2), w(0xd3), w(0xd4), w(0xd5), w(0xd6), w(0xd7),\
dudmuck 0:8f0d0ae0a077 188 w(0xd8), w(0xd9), w(0xda), w(0xdb), w(0xdc), w(0xdd), w(0xde), w(0xdf),\
dudmuck 0:8f0d0ae0a077 189 w(0xe0), w(0xe1), w(0xe2), w(0xe3), w(0xe4), w(0xe5), w(0xe6), w(0xe7),\
dudmuck 0:8f0d0ae0a077 190 w(0xe8), w(0xe9), w(0xea), w(0xeb), w(0xec), w(0xed), w(0xee), w(0xef),\
dudmuck 0:8f0d0ae0a077 191 w(0xf0), w(0xf1), w(0xf2), w(0xf3), w(0xf4), w(0xf5), w(0xf6), w(0xf7),\
dudmuck 0:8f0d0ae0a077 192 w(0xf8), w(0xf9), w(0xfa), w(0xfb), w(0xfc), w(0xfd), w(0xfe), w(0xff) }
dudmuck 0:8f0d0ae0a077 193
dudmuck 0:8f0d0ae0a077 194 static const uint8_t sbox[256] = sb_data(f1);
dudmuck 0:8f0d0ae0a077 195
dudmuck 0:8f0d0ae0a077 196 #if defined( AES_DEC_PREKEYED )
dudmuck 0:8f0d0ae0a077 197 static const uint8_t isbox[256] = isb_data(f1);
dudmuck 0:8f0d0ae0a077 198 #endif
dudmuck 0:8f0d0ae0a077 199
dudmuck 0:8f0d0ae0a077 200 static const uint8_t gfm2_sbox[256] = sb_data(f2);
dudmuck 0:8f0d0ae0a077 201 static const uint8_t gfm3_sbox[256] = sb_data(f3);
dudmuck 0:8f0d0ae0a077 202
dudmuck 0:8f0d0ae0a077 203 #if defined( AES_DEC_PREKEYED )
dudmuck 0:8f0d0ae0a077 204 static const uint8_t gfmul_9[256] = mm_data(f9);
dudmuck 0:8f0d0ae0a077 205 static const uint8_t gfmul_b[256] = mm_data(fb);
dudmuck 0:8f0d0ae0a077 206 static const uint8_t gfmul_d[256] = mm_data(fd);
dudmuck 0:8f0d0ae0a077 207 static const uint8_t gfmul_e[256] = mm_data(fe);
dudmuck 0:8f0d0ae0a077 208 #endif
dudmuck 0:8f0d0ae0a077 209
dudmuck 0:8f0d0ae0a077 210 #define s_box(x) sbox[(x)]
dudmuck 0:8f0d0ae0a077 211 #if defined( AES_DEC_PREKEYED )
dudmuck 0:8f0d0ae0a077 212 #define is_box(x) isbox[(x)]
dudmuck 0:8f0d0ae0a077 213 #endif
dudmuck 0:8f0d0ae0a077 214 #define gfm2_sb(x) gfm2_sbox[(x)]
dudmuck 0:8f0d0ae0a077 215 #define gfm3_sb(x) gfm3_sbox[(x)]
dudmuck 0:8f0d0ae0a077 216 #if defined( AES_DEC_PREKEYED )
dudmuck 0:8f0d0ae0a077 217 #define gfm_9(x) gfmul_9[(x)]
dudmuck 0:8f0d0ae0a077 218 #define gfm_b(x) gfmul_b[(x)]
dudmuck 0:8f0d0ae0a077 219 #define gfm_d(x) gfmul_d[(x)]
dudmuck 0:8f0d0ae0a077 220 #define gfm_e(x) gfmul_e[(x)]
dudmuck 0:8f0d0ae0a077 221 #endif
dudmuck 0:8f0d0ae0a077 222 #else
dudmuck 0:8f0d0ae0a077 223
dudmuck 0:8f0d0ae0a077 224 /* this is the high bit of x right shifted by 1 */
dudmuck 0:8f0d0ae0a077 225 /* position. Since the starting polynomial has */
dudmuck 0:8f0d0ae0a077 226 /* 9 bits (0x11b), this right shift keeps the */
dudmuck 0:8f0d0ae0a077 227 /* values of all top bits within a byte */
dudmuck 0:8f0d0ae0a077 228
dudmuck 0:8f0d0ae0a077 229 static uint8_t hibit(const uint8_t x)
dudmuck 0:8f0d0ae0a077 230 { uint8_t r = (uint8_t)((x >> 1) | (x >> 2));
dudmuck 0:8f0d0ae0a077 231
dudmuck 0:8f0d0ae0a077 232 r |= (r >> 2);
dudmuck 0:8f0d0ae0a077 233 r |= (r >> 4);
dudmuck 0:8f0d0ae0a077 234 return (r + 1) >> 1;
dudmuck 0:8f0d0ae0a077 235 }
dudmuck 0:8f0d0ae0a077 236
dudmuck 0:8f0d0ae0a077 237 /* return the inverse of the finite field element x */
dudmuck 0:8f0d0ae0a077 238
dudmuck 0:8f0d0ae0a077 239 static uint8_t gf_inv(const uint8_t x)
dudmuck 0:8f0d0ae0a077 240 { uint8_t p1 = x, p2 = BPOLY, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0;
dudmuck 0:8f0d0ae0a077 241
dudmuck 0:8f0d0ae0a077 242 if(x < 2)
dudmuck 0:8f0d0ae0a077 243 return x;
dudmuck 0:8f0d0ae0a077 244
dudmuck 0:8f0d0ae0a077 245 for( ; ; )
dudmuck 0:8f0d0ae0a077 246 {
dudmuck 0:8f0d0ae0a077 247 if(n1)
dudmuck 0:8f0d0ae0a077 248 while(n2 >= n1) /* divide polynomial p2 by p1 */
dudmuck 0:8f0d0ae0a077 249 {
dudmuck 0:8f0d0ae0a077 250 n2 /= n1; /* shift smaller polynomial left */
dudmuck 0:8f0d0ae0a077 251 p2 ^= (p1 * n2) & 0xff; /* and remove from larger one */
dudmuck 0:8f0d0ae0a077 252 v2 ^= (v1 * n2); /* shift accumulated value and */
dudmuck 0:8f0d0ae0a077 253 n2 = hibit(p2); /* add into result */
dudmuck 0:8f0d0ae0a077 254 }
dudmuck 0:8f0d0ae0a077 255 else
dudmuck 0:8f0d0ae0a077 256 return v1;
dudmuck 0:8f0d0ae0a077 257
dudmuck 0:8f0d0ae0a077 258 if(n2) /* repeat with values swapped */
dudmuck 0:8f0d0ae0a077 259 while(n1 >= n2)
dudmuck 0:8f0d0ae0a077 260 {
dudmuck 0:8f0d0ae0a077 261 n1 /= n2;
dudmuck 0:8f0d0ae0a077 262 p1 ^= p2 * n1;
dudmuck 0:8f0d0ae0a077 263 v1 ^= v2 * n1;
dudmuck 0:8f0d0ae0a077 264 n1 = hibit(p1);
dudmuck 0:8f0d0ae0a077 265 }
dudmuck 0:8f0d0ae0a077 266 else
dudmuck 0:8f0d0ae0a077 267 return v2;
dudmuck 0:8f0d0ae0a077 268 }
dudmuck 0:8f0d0ae0a077 269 }
dudmuck 0:8f0d0ae0a077 270
dudmuck 0:8f0d0ae0a077 271 /* The forward and inverse affine transformations used in the S-box */
dudmuck 0:8f0d0ae0a077 272 uint8_t fwd_affine(const uint8_t x)
dudmuck 0:8f0d0ae0a077 273 {
dudmuck 0:8f0d0ae0a077 274 #if defined( HAVE_UINT_32T )
dudmuck 0:8f0d0ae0a077 275 uint32_t w = x;
dudmuck 0:8f0d0ae0a077 276 w ^= (w << 1) ^ (w << 2) ^ (w << 3) ^ (w << 4);
dudmuck 0:8f0d0ae0a077 277 return 0x63 ^ ((w ^ (w >> 8)) & 0xff);
dudmuck 0:8f0d0ae0a077 278 #else
dudmuck 0:8f0d0ae0a077 279 return 0x63 ^ x ^ (x << 1) ^ (x << 2) ^ (x << 3) ^ (x << 4)
dudmuck 0:8f0d0ae0a077 280 ^ (x >> 7) ^ (x >> 6) ^ (x >> 5) ^ (x >> 4);
dudmuck 0:8f0d0ae0a077 281 #endif
dudmuck 0:8f0d0ae0a077 282 }
dudmuck 0:8f0d0ae0a077 283
dudmuck 0:8f0d0ae0a077 284 uint8_t inv_affine(const uint8_t x)
dudmuck 0:8f0d0ae0a077 285 {
dudmuck 0:8f0d0ae0a077 286 #if defined( HAVE_UINT_32T )
dudmuck 0:8f0d0ae0a077 287 uint32_t w = x;
dudmuck 0:8f0d0ae0a077 288 w = (w << 1) ^ (w << 3) ^ (w << 6);
dudmuck 0:8f0d0ae0a077 289 return 0x05 ^ ((w ^ (w >> 8)) & 0xff);
dudmuck 0:8f0d0ae0a077 290 #else
dudmuck 0:8f0d0ae0a077 291 return 0x05 ^ (x << 1) ^ (x << 3) ^ (x << 6)
dudmuck 0:8f0d0ae0a077 292 ^ (x >> 7) ^ (x >> 5) ^ (x >> 2);
dudmuck 0:8f0d0ae0a077 293 #endif
dudmuck 0:8f0d0ae0a077 294 }
dudmuck 0:8f0d0ae0a077 295
dudmuck 0:8f0d0ae0a077 296 #define s_box(x) fwd_affine(gf_inv(x))
dudmuck 0:8f0d0ae0a077 297 #define is_box(x) gf_inv(inv_affine(x))
dudmuck 0:8f0d0ae0a077 298 #define gfm2_sb(x) f2(s_box(x))
dudmuck 0:8f0d0ae0a077 299 #define gfm3_sb(x) f3(s_box(x))
dudmuck 0:8f0d0ae0a077 300 #define gfm_9(x) f9(x)
dudmuck 0:8f0d0ae0a077 301 #define gfm_b(x) fb(x)
dudmuck 0:8f0d0ae0a077 302 #define gfm_d(x) fd(x)
dudmuck 0:8f0d0ae0a077 303 #define gfm_e(x) fe(x)
dudmuck 0:8f0d0ae0a077 304
dudmuck 0:8f0d0ae0a077 305 #endif
dudmuck 0:8f0d0ae0a077 306
dudmuck 0:8f0d0ae0a077 307 #if defined( HAVE_MEMCPY )
dudmuck 0:8f0d0ae0a077 308 # define block_copy_nn(d, s, l) memcpy(d, s, l)
dudmuck 0:8f0d0ae0a077 309 # define block_copy(d, s) memcpy(d, s, N_BLOCK)
dudmuck 0:8f0d0ae0a077 310 #else
dudmuck 0:8f0d0ae0a077 311 # define block_copy_nn(d, s, l) copy_block_nn(d, s, l)
dudmuck 0:8f0d0ae0a077 312 # define block_copy(d, s) copy_block(d, s)
dudmuck 0:8f0d0ae0a077 313 #endif
dudmuck 0:8f0d0ae0a077 314
dudmuck 0:8f0d0ae0a077 315 static void copy_block( void *d, const void *s )
dudmuck 0:8f0d0ae0a077 316 {
dudmuck 0:8f0d0ae0a077 317 #if defined( HAVE_UINT_32T )
dudmuck 0:8f0d0ae0a077 318 ((uint32_t*)d)[ 0] = ((uint32_t*)s)[ 0];
dudmuck 0:8f0d0ae0a077 319 ((uint32_t*)d)[ 1] = ((uint32_t*)s)[ 1];
dudmuck 0:8f0d0ae0a077 320 ((uint32_t*)d)[ 2] = ((uint32_t*)s)[ 2];
dudmuck 0:8f0d0ae0a077 321 ((uint32_t*)d)[ 3] = ((uint32_t*)s)[ 3];
dudmuck 0:8f0d0ae0a077 322 #else
dudmuck 0:8f0d0ae0a077 323 ((uint8_t*)d)[ 0] = ((uint8_t*)s)[ 0];
dudmuck 0:8f0d0ae0a077 324 ((uint8_t*)d)[ 1] = ((uint8_t*)s)[ 1];
dudmuck 0:8f0d0ae0a077 325 ((uint8_t*)d)[ 2] = ((uint8_t*)s)[ 2];
dudmuck 0:8f0d0ae0a077 326 ((uint8_t*)d)[ 3] = ((uint8_t*)s)[ 3];
dudmuck 0:8f0d0ae0a077 327 ((uint8_t*)d)[ 4] = ((uint8_t*)s)[ 4];
dudmuck 0:8f0d0ae0a077 328 ((uint8_t*)d)[ 5] = ((uint8_t*)s)[ 5];
dudmuck 0:8f0d0ae0a077 329 ((uint8_t*)d)[ 6] = ((uint8_t*)s)[ 6];
dudmuck 0:8f0d0ae0a077 330 ((uint8_t*)d)[ 7] = ((uint8_t*)s)[ 7];
dudmuck 0:8f0d0ae0a077 331 ((uint8_t*)d)[ 8] = ((uint8_t*)s)[ 8];
dudmuck 0:8f0d0ae0a077 332 ((uint8_t*)d)[ 9] = ((uint8_t*)s)[ 9];
dudmuck 0:8f0d0ae0a077 333 ((uint8_t*)d)[10] = ((uint8_t*)s)[10];
dudmuck 0:8f0d0ae0a077 334 ((uint8_t*)d)[11] = ((uint8_t*)s)[11];
dudmuck 0:8f0d0ae0a077 335 ((uint8_t*)d)[12] = ((uint8_t*)s)[12];
dudmuck 0:8f0d0ae0a077 336 ((uint8_t*)d)[13] = ((uint8_t*)s)[13];
dudmuck 0:8f0d0ae0a077 337 ((uint8_t*)d)[14] = ((uint8_t*)s)[14];
dudmuck 0:8f0d0ae0a077 338 ((uint8_t*)d)[15] = ((uint8_t*)s)[15];
dudmuck 0:8f0d0ae0a077 339 #endif
dudmuck 0:8f0d0ae0a077 340 }
dudmuck 0:8f0d0ae0a077 341
dudmuck 0:8f0d0ae0a077 342 static void copy_block_nn( uint8_t * d, const uint8_t *s, uint8_t nn )
dudmuck 0:8f0d0ae0a077 343 {
dudmuck 0:8f0d0ae0a077 344 while( nn-- )
dudmuck 0:8f0d0ae0a077 345 //*((uint8_t*)d)++ = *((uint8_t*)s)++;
dudmuck 0:8f0d0ae0a077 346 *d++ = *s++;
dudmuck 0:8f0d0ae0a077 347 }
dudmuck 0:8f0d0ae0a077 348
dudmuck 0:8f0d0ae0a077 349 static void xor_block( void *d, const void *s )
dudmuck 0:8f0d0ae0a077 350 {
dudmuck 0:8f0d0ae0a077 351 #if defined( HAVE_UINT_32T )
dudmuck 0:8f0d0ae0a077 352 ((uint32_t*)d)[ 0] ^= ((uint32_t*)s)[ 0];
dudmuck 0:8f0d0ae0a077 353 ((uint32_t*)d)[ 1] ^= ((uint32_t*)s)[ 1];
dudmuck 0:8f0d0ae0a077 354 ((uint32_t*)d)[ 2] ^= ((uint32_t*)s)[ 2];
dudmuck 0:8f0d0ae0a077 355 ((uint32_t*)d)[ 3] ^= ((uint32_t*)s)[ 3];
dudmuck 0:8f0d0ae0a077 356 #else
dudmuck 0:8f0d0ae0a077 357 ((uint8_t*)d)[ 0] ^= ((uint8_t*)s)[ 0];
dudmuck 0:8f0d0ae0a077 358 ((uint8_t*)d)[ 1] ^= ((uint8_t*)s)[ 1];
dudmuck 0:8f0d0ae0a077 359 ((uint8_t*)d)[ 2] ^= ((uint8_t*)s)[ 2];
dudmuck 0:8f0d0ae0a077 360 ((uint8_t*)d)[ 3] ^= ((uint8_t*)s)[ 3];
dudmuck 0:8f0d0ae0a077 361 ((uint8_t*)d)[ 4] ^= ((uint8_t*)s)[ 4];
dudmuck 0:8f0d0ae0a077 362 ((uint8_t*)d)[ 5] ^= ((uint8_t*)s)[ 5];
dudmuck 0:8f0d0ae0a077 363 ((uint8_t*)d)[ 6] ^= ((uint8_t*)s)[ 6];
dudmuck 0:8f0d0ae0a077 364 ((uint8_t*)d)[ 7] ^= ((uint8_t*)s)[ 7];
dudmuck 0:8f0d0ae0a077 365 ((uint8_t*)d)[ 8] ^= ((uint8_t*)s)[ 8];
dudmuck 0:8f0d0ae0a077 366 ((uint8_t*)d)[ 9] ^= ((uint8_t*)s)[ 9];
dudmuck 0:8f0d0ae0a077 367 ((uint8_t*)d)[10] ^= ((uint8_t*)s)[10];
dudmuck 0:8f0d0ae0a077 368 ((uint8_t*)d)[11] ^= ((uint8_t*)s)[11];
dudmuck 0:8f0d0ae0a077 369 ((uint8_t*)d)[12] ^= ((uint8_t*)s)[12];
dudmuck 0:8f0d0ae0a077 370 ((uint8_t*)d)[13] ^= ((uint8_t*)s)[13];
dudmuck 0:8f0d0ae0a077 371 ((uint8_t*)d)[14] ^= ((uint8_t*)s)[14];
dudmuck 0:8f0d0ae0a077 372 ((uint8_t*)d)[15] ^= ((uint8_t*)s)[15];
dudmuck 0:8f0d0ae0a077 373 #endif
dudmuck 0:8f0d0ae0a077 374 }
dudmuck 0:8f0d0ae0a077 375
dudmuck 0:8f0d0ae0a077 376 static void copy_and_key( void *d, const void *s, const void *k )
dudmuck 0:8f0d0ae0a077 377 {
dudmuck 0:8f0d0ae0a077 378 #if defined( HAVE_UINT_32T )
dudmuck 0:8f0d0ae0a077 379 ((uint32_t*)d)[ 0] = ((uint32_t*)s)[ 0] ^ ((uint32_t*)k)[ 0];
dudmuck 0:8f0d0ae0a077 380 ((uint32_t*)d)[ 1] = ((uint32_t*)s)[ 1] ^ ((uint32_t*)k)[ 1];
dudmuck 0:8f0d0ae0a077 381 ((uint32_t*)d)[ 2] = ((uint32_t*)s)[ 2] ^ ((uint32_t*)k)[ 2];
dudmuck 0:8f0d0ae0a077 382 ((uint32_t*)d)[ 3] = ((uint32_t*)s)[ 3] ^ ((uint32_t*)k)[ 3];
dudmuck 0:8f0d0ae0a077 383 #elif 1
dudmuck 0:8f0d0ae0a077 384 ((uint8_t*)d)[ 0] = ((uint8_t*)s)[ 0] ^ ((uint8_t*)k)[ 0];
dudmuck 0:8f0d0ae0a077 385 ((uint8_t*)d)[ 1] = ((uint8_t*)s)[ 1] ^ ((uint8_t*)k)[ 1];
dudmuck 0:8f0d0ae0a077 386 ((uint8_t*)d)[ 2] = ((uint8_t*)s)[ 2] ^ ((uint8_t*)k)[ 2];
dudmuck 0:8f0d0ae0a077 387 ((uint8_t*)d)[ 3] = ((uint8_t*)s)[ 3] ^ ((uint8_t*)k)[ 3];
dudmuck 0:8f0d0ae0a077 388 ((uint8_t*)d)[ 4] = ((uint8_t*)s)[ 4] ^ ((uint8_t*)k)[ 4];
dudmuck 0:8f0d0ae0a077 389 ((uint8_t*)d)[ 5] = ((uint8_t*)s)[ 5] ^ ((uint8_t*)k)[ 5];
dudmuck 0:8f0d0ae0a077 390 ((uint8_t*)d)[ 6] = ((uint8_t*)s)[ 6] ^ ((uint8_t*)k)[ 6];
dudmuck 0:8f0d0ae0a077 391 ((uint8_t*)d)[ 7] = ((uint8_t*)s)[ 7] ^ ((uint8_t*)k)[ 7];
dudmuck 0:8f0d0ae0a077 392 ((uint8_t*)d)[ 8] = ((uint8_t*)s)[ 8] ^ ((uint8_t*)k)[ 8];
dudmuck 0:8f0d0ae0a077 393 ((uint8_t*)d)[ 9] = ((uint8_t*)s)[ 9] ^ ((uint8_t*)k)[ 9];
dudmuck 0:8f0d0ae0a077 394 ((uint8_t*)d)[10] = ((uint8_t*)s)[10] ^ ((uint8_t*)k)[10];
dudmuck 0:8f0d0ae0a077 395 ((uint8_t*)d)[11] = ((uint8_t*)s)[11] ^ ((uint8_t*)k)[11];
dudmuck 0:8f0d0ae0a077 396 ((uint8_t*)d)[12] = ((uint8_t*)s)[12] ^ ((uint8_t*)k)[12];
dudmuck 0:8f0d0ae0a077 397 ((uint8_t*)d)[13] = ((uint8_t*)s)[13] ^ ((uint8_t*)k)[13];
dudmuck 0:8f0d0ae0a077 398 ((uint8_t*)d)[14] = ((uint8_t*)s)[14] ^ ((uint8_t*)k)[14];
dudmuck 0:8f0d0ae0a077 399 ((uint8_t*)d)[15] = ((uint8_t*)s)[15] ^ ((uint8_t*)k)[15];
dudmuck 0:8f0d0ae0a077 400 #else
dudmuck 0:8f0d0ae0a077 401 block_copy(d, s);
dudmuck 0:8f0d0ae0a077 402 xor_block(d, k);
dudmuck 0:8f0d0ae0a077 403 #endif
dudmuck 0:8f0d0ae0a077 404 }
dudmuck 0:8f0d0ae0a077 405
dudmuck 0:8f0d0ae0a077 406 static void add_round_key( uint8_t d[N_BLOCK], const uint8_t k[N_BLOCK] )
dudmuck 0:8f0d0ae0a077 407 {
dudmuck 0:8f0d0ae0a077 408 xor_block(d, k);
dudmuck 0:8f0d0ae0a077 409 }
dudmuck 0:8f0d0ae0a077 410
dudmuck 0:8f0d0ae0a077 411 static void shift_sub_rows( uint8_t st[N_BLOCK] )
dudmuck 0:8f0d0ae0a077 412 { uint8_t tt;
dudmuck 0:8f0d0ae0a077 413
dudmuck 0:8f0d0ae0a077 414 st[ 0] = s_box(st[ 0]); st[ 4] = s_box(st[ 4]);
dudmuck 0:8f0d0ae0a077 415 st[ 8] = s_box(st[ 8]); st[12] = s_box(st[12]);
dudmuck 0:8f0d0ae0a077 416
dudmuck 0:8f0d0ae0a077 417 tt = st[1]; st[ 1] = s_box(st[ 5]); st[ 5] = s_box(st[ 9]);
dudmuck 0:8f0d0ae0a077 418 st[ 9] = s_box(st[13]); st[13] = s_box( tt );
dudmuck 0:8f0d0ae0a077 419
dudmuck 0:8f0d0ae0a077 420 tt = st[2]; st[ 2] = s_box(st[10]); st[10] = s_box( tt );
dudmuck 0:8f0d0ae0a077 421 tt = st[6]; st[ 6] = s_box(st[14]); st[14] = s_box( tt );
dudmuck 0:8f0d0ae0a077 422
dudmuck 0:8f0d0ae0a077 423 tt = st[15]; st[15] = s_box(st[11]); st[11] = s_box(st[ 7]);
dudmuck 0:8f0d0ae0a077 424 st[ 7] = s_box(st[ 3]); st[ 3] = s_box( tt );
dudmuck 0:8f0d0ae0a077 425 }
dudmuck 0:8f0d0ae0a077 426
dudmuck 0:8f0d0ae0a077 427 #if defined( AES_DEC_PREKEYED )
dudmuck 0:8f0d0ae0a077 428
dudmuck 0:8f0d0ae0a077 429 static void inv_shift_sub_rows( uint8_t st[N_BLOCK] )
dudmuck 0:8f0d0ae0a077 430 { uint8_t tt;
dudmuck 0:8f0d0ae0a077 431
dudmuck 0:8f0d0ae0a077 432 st[ 0] = is_box(st[ 0]); st[ 4] = is_box(st[ 4]);
dudmuck 0:8f0d0ae0a077 433 st[ 8] = is_box(st[ 8]); st[12] = is_box(st[12]);
dudmuck 0:8f0d0ae0a077 434
dudmuck 0:8f0d0ae0a077 435 tt = st[13]; st[13] = is_box(st[9]); st[ 9] = is_box(st[5]);
dudmuck 0:8f0d0ae0a077 436 st[ 5] = is_box(st[1]); st[ 1] = is_box( tt );
dudmuck 0:8f0d0ae0a077 437
dudmuck 0:8f0d0ae0a077 438 tt = st[2]; st[ 2] = is_box(st[10]); st[10] = is_box( tt );
dudmuck 0:8f0d0ae0a077 439 tt = st[6]; st[ 6] = is_box(st[14]); st[14] = is_box( tt );
dudmuck 0:8f0d0ae0a077 440
dudmuck 0:8f0d0ae0a077 441 tt = st[3]; st[ 3] = is_box(st[ 7]); st[ 7] = is_box(st[11]);
dudmuck 0:8f0d0ae0a077 442 st[11] = is_box(st[15]); st[15] = is_box( tt );
dudmuck 0:8f0d0ae0a077 443 }
dudmuck 0:8f0d0ae0a077 444
dudmuck 0:8f0d0ae0a077 445 #endif
dudmuck 0:8f0d0ae0a077 446
dudmuck 0:8f0d0ae0a077 447 #if defined( VERSION_1 )
dudmuck 0:8f0d0ae0a077 448 static void mix_sub_columns( uint8_t dt[N_BLOCK] )
dudmuck 0:8f0d0ae0a077 449 { uint8_t st[N_BLOCK];
dudmuck 0:8f0d0ae0a077 450 block_copy(st, dt);
dudmuck 0:8f0d0ae0a077 451 #else
dudmuck 0:8f0d0ae0a077 452 static void mix_sub_columns( uint8_t dt[N_BLOCK], uint8_t st[N_BLOCK] )
dudmuck 0:8f0d0ae0a077 453 {
dudmuck 0:8f0d0ae0a077 454 #endif
dudmuck 0:8f0d0ae0a077 455 dt[ 0] = gfm2_sb(st[0]) ^ gfm3_sb(st[5]) ^ s_box(st[10]) ^ s_box(st[15]);
dudmuck 0:8f0d0ae0a077 456 dt[ 1] = s_box(st[0]) ^ gfm2_sb(st[5]) ^ gfm3_sb(st[10]) ^ s_box(st[15]);
dudmuck 0:8f0d0ae0a077 457 dt[ 2] = s_box(st[0]) ^ s_box(st[5]) ^ gfm2_sb(st[10]) ^ gfm3_sb(st[15]);
dudmuck 0:8f0d0ae0a077 458 dt[ 3] = gfm3_sb(st[0]) ^ s_box(st[5]) ^ s_box(st[10]) ^ gfm2_sb(st[15]);
dudmuck 0:8f0d0ae0a077 459
dudmuck 0:8f0d0ae0a077 460 dt[ 4] = gfm2_sb(st[4]) ^ gfm3_sb(st[9]) ^ s_box(st[14]) ^ s_box(st[3]);
dudmuck 0:8f0d0ae0a077 461 dt[ 5] = s_box(st[4]) ^ gfm2_sb(st[9]) ^ gfm3_sb(st[14]) ^ s_box(st[3]);
dudmuck 0:8f0d0ae0a077 462 dt[ 6] = s_box(st[4]) ^ s_box(st[9]) ^ gfm2_sb(st[14]) ^ gfm3_sb(st[3]);
dudmuck 0:8f0d0ae0a077 463 dt[ 7] = gfm3_sb(st[4]) ^ s_box(st[9]) ^ s_box(st[14]) ^ gfm2_sb(st[3]);
dudmuck 0:8f0d0ae0a077 464
dudmuck 0:8f0d0ae0a077 465 dt[ 8] = gfm2_sb(st[8]) ^ gfm3_sb(st[13]) ^ s_box(st[2]) ^ s_box(st[7]);
dudmuck 0:8f0d0ae0a077 466 dt[ 9] = s_box(st[8]) ^ gfm2_sb(st[13]) ^ gfm3_sb(st[2]) ^ s_box(st[7]);
dudmuck 0:8f0d0ae0a077 467 dt[10] = s_box(st[8]) ^ s_box(st[13]) ^ gfm2_sb(st[2]) ^ gfm3_sb(st[7]);
dudmuck 0:8f0d0ae0a077 468 dt[11] = gfm3_sb(st[8]) ^ s_box(st[13]) ^ s_box(st[2]) ^ gfm2_sb(st[7]);
dudmuck 0:8f0d0ae0a077 469
dudmuck 0:8f0d0ae0a077 470 dt[12] = gfm2_sb(st[12]) ^ gfm3_sb(st[1]) ^ s_box(st[6]) ^ s_box(st[11]);
dudmuck 0:8f0d0ae0a077 471 dt[13] = s_box(st[12]) ^ gfm2_sb(st[1]) ^ gfm3_sb(st[6]) ^ s_box(st[11]);
dudmuck 0:8f0d0ae0a077 472 dt[14] = s_box(st[12]) ^ s_box(st[1]) ^ gfm2_sb(st[6]) ^ gfm3_sb(st[11]);
dudmuck 0:8f0d0ae0a077 473 dt[15] = gfm3_sb(st[12]) ^ s_box(st[1]) ^ s_box(st[6]) ^ gfm2_sb(st[11]);
dudmuck 0:8f0d0ae0a077 474 }
dudmuck 0:8f0d0ae0a077 475
dudmuck 0:8f0d0ae0a077 476 #if defined( AES_DEC_PREKEYED )
dudmuck 0:8f0d0ae0a077 477
dudmuck 0:8f0d0ae0a077 478 #if defined( VERSION_1 )
dudmuck 0:8f0d0ae0a077 479 static void inv_mix_sub_columns( uint8_t dt[N_BLOCK] )
dudmuck 0:8f0d0ae0a077 480 { uint8_t st[N_BLOCK];
dudmuck 0:8f0d0ae0a077 481 block_copy(st, dt);
dudmuck 0:8f0d0ae0a077 482 #else
dudmuck 0:8f0d0ae0a077 483 static void inv_mix_sub_columns( uint8_t dt[N_BLOCK], uint8_t st[N_BLOCK] )
dudmuck 0:8f0d0ae0a077 484 {
dudmuck 0:8f0d0ae0a077 485 #endif
dudmuck 0:8f0d0ae0a077 486 dt[ 0] = is_box(gfm_e(st[ 0]) ^ gfm_b(st[ 1]) ^ gfm_d(st[ 2]) ^ gfm_9(st[ 3]));
dudmuck 0:8f0d0ae0a077 487 dt[ 5] = is_box(gfm_9(st[ 0]) ^ gfm_e(st[ 1]) ^ gfm_b(st[ 2]) ^ gfm_d(st[ 3]));
dudmuck 0:8f0d0ae0a077 488 dt[10] = is_box(gfm_d(st[ 0]) ^ gfm_9(st[ 1]) ^ gfm_e(st[ 2]) ^ gfm_b(st[ 3]));
dudmuck 0:8f0d0ae0a077 489 dt[15] = is_box(gfm_b(st[ 0]) ^ gfm_d(st[ 1]) ^ gfm_9(st[ 2]) ^ gfm_e(st[ 3]));
dudmuck 0:8f0d0ae0a077 490
dudmuck 0:8f0d0ae0a077 491 dt[ 4] = is_box(gfm_e(st[ 4]) ^ gfm_b(st[ 5]) ^ gfm_d(st[ 6]) ^ gfm_9(st[ 7]));
dudmuck 0:8f0d0ae0a077 492 dt[ 9] = is_box(gfm_9(st[ 4]) ^ gfm_e(st[ 5]) ^ gfm_b(st[ 6]) ^ gfm_d(st[ 7]));
dudmuck 0:8f0d0ae0a077 493 dt[14] = is_box(gfm_d(st[ 4]) ^ gfm_9(st[ 5]) ^ gfm_e(st[ 6]) ^ gfm_b(st[ 7]));
dudmuck 0:8f0d0ae0a077 494 dt[ 3] = is_box(gfm_b(st[ 4]) ^ gfm_d(st[ 5]) ^ gfm_9(st[ 6]) ^ gfm_e(st[ 7]));
dudmuck 0:8f0d0ae0a077 495
dudmuck 0:8f0d0ae0a077 496 dt[ 8] = is_box(gfm_e(st[ 8]) ^ gfm_b(st[ 9]) ^ gfm_d(st[10]) ^ gfm_9(st[11]));
dudmuck 0:8f0d0ae0a077 497 dt[13] = is_box(gfm_9(st[ 8]) ^ gfm_e(st[ 9]) ^ gfm_b(st[10]) ^ gfm_d(st[11]));
dudmuck 0:8f0d0ae0a077 498 dt[ 2] = is_box(gfm_d(st[ 8]) ^ gfm_9(st[ 9]) ^ gfm_e(st[10]) ^ gfm_b(st[11]));
dudmuck 0:8f0d0ae0a077 499 dt[ 7] = is_box(gfm_b(st[ 8]) ^ gfm_d(st[ 9]) ^ gfm_9(st[10]) ^ gfm_e(st[11]));
dudmuck 0:8f0d0ae0a077 500
dudmuck 0:8f0d0ae0a077 501 dt[12] = is_box(gfm_e(st[12]) ^ gfm_b(st[13]) ^ gfm_d(st[14]) ^ gfm_9(st[15]));
dudmuck 0:8f0d0ae0a077 502 dt[ 1] = is_box(gfm_9(st[12]) ^ gfm_e(st[13]) ^ gfm_b(st[14]) ^ gfm_d(st[15]));
dudmuck 0:8f0d0ae0a077 503 dt[ 6] = is_box(gfm_d(st[12]) ^ gfm_9(st[13]) ^ gfm_e(st[14]) ^ gfm_b(st[15]));
dudmuck 0:8f0d0ae0a077 504 dt[11] = is_box(gfm_b(st[12]) ^ gfm_d(st[13]) ^ gfm_9(st[14]) ^ gfm_e(st[15]));
dudmuck 0:8f0d0ae0a077 505 }
dudmuck 0:8f0d0ae0a077 506
dudmuck 0:8f0d0ae0a077 507 #endif
dudmuck 0:8f0d0ae0a077 508
dudmuck 0:8f0d0ae0a077 509 #if defined( AES_ENC_PREKEYED ) || defined( AES_DEC_PREKEYED )
dudmuck 0:8f0d0ae0a077 510
dudmuck 0:8f0d0ae0a077 511 /* Set the cipher key for the pre-keyed version */
dudmuck 0:8f0d0ae0a077 512
dudmuck 0:8f0d0ae0a077 513 return_type aes_set_key( const uint8_t key[], length_type keylen, aes_context ctx[1] )
dudmuck 0:8f0d0ae0a077 514 {
dudmuck 0:8f0d0ae0a077 515 uint8_t cc, rc, hi;
dudmuck 0:8f0d0ae0a077 516
dudmuck 0:8f0d0ae0a077 517 switch( keylen )
dudmuck 0:8f0d0ae0a077 518 {
dudmuck 0:8f0d0ae0a077 519 case 16:
dudmuck 0:8f0d0ae0a077 520 case 24:
dudmuck 0:8f0d0ae0a077 521 case 32:
dudmuck 0:8f0d0ae0a077 522 break;
dudmuck 0:8f0d0ae0a077 523 default:
dudmuck 0:8f0d0ae0a077 524 ctx->rnd = 0;
dudmuck 0:8f0d0ae0a077 525 return ( uint8_t )-1;
dudmuck 0:8f0d0ae0a077 526 }
dudmuck 0:8f0d0ae0a077 527 block_copy_nn(ctx->ksch, key, keylen);
dudmuck 0:8f0d0ae0a077 528 hi = (keylen + 28) << 2;
dudmuck 0:8f0d0ae0a077 529 ctx->rnd = (hi >> 4) - 1;
dudmuck 0:8f0d0ae0a077 530 for( cc = keylen, rc = 1; cc < hi; cc += 4 )
dudmuck 0:8f0d0ae0a077 531 { uint8_t tt, t0, t1, t2, t3;
dudmuck 0:8f0d0ae0a077 532
dudmuck 0:8f0d0ae0a077 533 t0 = ctx->ksch[cc - 4];
dudmuck 0:8f0d0ae0a077 534 t1 = ctx->ksch[cc - 3];
dudmuck 0:8f0d0ae0a077 535 t2 = ctx->ksch[cc - 2];
dudmuck 0:8f0d0ae0a077 536 t3 = ctx->ksch[cc - 1];
dudmuck 0:8f0d0ae0a077 537 if( cc % keylen == 0 )
dudmuck 0:8f0d0ae0a077 538 {
dudmuck 0:8f0d0ae0a077 539 tt = t0;
dudmuck 0:8f0d0ae0a077 540 t0 = s_box(t1) ^ rc;
dudmuck 0:8f0d0ae0a077 541 t1 = s_box(t2);
dudmuck 0:8f0d0ae0a077 542 t2 = s_box(t3);
dudmuck 0:8f0d0ae0a077 543 t3 = s_box(tt);
dudmuck 0:8f0d0ae0a077 544 rc = f2(rc);
dudmuck 0:8f0d0ae0a077 545 }
dudmuck 0:8f0d0ae0a077 546 else if( keylen > 24 && cc % keylen == 16 )
dudmuck 0:8f0d0ae0a077 547 {
dudmuck 0:8f0d0ae0a077 548 t0 = s_box(t0);
dudmuck 0:8f0d0ae0a077 549 t1 = s_box(t1);
dudmuck 0:8f0d0ae0a077 550 t2 = s_box(t2);
dudmuck 0:8f0d0ae0a077 551 t3 = s_box(t3);
dudmuck 0:8f0d0ae0a077 552 }
dudmuck 0:8f0d0ae0a077 553 tt = cc - keylen;
dudmuck 0:8f0d0ae0a077 554 ctx->ksch[cc + 0] = ctx->ksch[tt + 0] ^ t0;
dudmuck 0:8f0d0ae0a077 555 ctx->ksch[cc + 1] = ctx->ksch[tt + 1] ^ t1;
dudmuck 0:8f0d0ae0a077 556 ctx->ksch[cc + 2] = ctx->ksch[tt + 2] ^ t2;
dudmuck 0:8f0d0ae0a077 557 ctx->ksch[cc + 3] = ctx->ksch[tt + 3] ^ t3;
dudmuck 0:8f0d0ae0a077 558 }
dudmuck 0:8f0d0ae0a077 559 return 0;
dudmuck 0:8f0d0ae0a077 560 }
dudmuck 0:8f0d0ae0a077 561
dudmuck 0:8f0d0ae0a077 562 #endif
dudmuck 0:8f0d0ae0a077 563
dudmuck 0:8f0d0ae0a077 564 #if defined( AES_ENC_PREKEYED )
dudmuck 0:8f0d0ae0a077 565
dudmuck 0:8f0d0ae0a077 566 /* Encrypt a single block of 16 bytes */
dudmuck 0:8f0d0ae0a077 567
dudmuck 0:8f0d0ae0a077 568 return_type aes_encrypt( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK], const aes_context ctx[1] )
dudmuck 0:8f0d0ae0a077 569 {
dudmuck 0:8f0d0ae0a077 570 if( ctx->rnd )
dudmuck 0:8f0d0ae0a077 571 {
dudmuck 0:8f0d0ae0a077 572 uint8_t s1[N_BLOCK], r;
dudmuck 0:8f0d0ae0a077 573 copy_and_key( s1, in, ctx->ksch );
dudmuck 0:8f0d0ae0a077 574
dudmuck 0:8f0d0ae0a077 575 for( r = 1 ; r < ctx->rnd ; ++r )
dudmuck 0:8f0d0ae0a077 576 #if defined( VERSION_1 )
dudmuck 0:8f0d0ae0a077 577 {
dudmuck 0:8f0d0ae0a077 578 mix_sub_columns( s1 );
dudmuck 0:8f0d0ae0a077 579 add_round_key( s1, ctx->ksch + r * N_BLOCK);
dudmuck 0:8f0d0ae0a077 580 }
dudmuck 0:8f0d0ae0a077 581 #else
dudmuck 0:8f0d0ae0a077 582 { uint8_t s2[N_BLOCK];
dudmuck 0:8f0d0ae0a077 583 mix_sub_columns( s2, s1 );
dudmuck 0:8f0d0ae0a077 584 copy_and_key( s1, s2, ctx->ksch + r * N_BLOCK);
dudmuck 0:8f0d0ae0a077 585 }
dudmuck 0:8f0d0ae0a077 586 #endif
dudmuck 0:8f0d0ae0a077 587 shift_sub_rows( s1 );
dudmuck 0:8f0d0ae0a077 588 copy_and_key( out, s1, ctx->ksch + r * N_BLOCK );
dudmuck 0:8f0d0ae0a077 589 }
dudmuck 0:8f0d0ae0a077 590 else
dudmuck 0:8f0d0ae0a077 591 return ( uint8_t )-1;
dudmuck 0:8f0d0ae0a077 592 return 0;
dudmuck 0:8f0d0ae0a077 593 }
dudmuck 0:8f0d0ae0a077 594
dudmuck 0:8f0d0ae0a077 595 /* CBC encrypt a number of blocks (input and return an IV) */
dudmuck 0:8f0d0ae0a077 596
dudmuck 0:8f0d0ae0a077 597 return_type aes_cbc_encrypt( const uint8_t *in, uint8_t *out,
dudmuck 0:8f0d0ae0a077 598 int32_t n_block, uint8_t iv[N_BLOCK], const aes_context ctx[1] )
dudmuck 0:8f0d0ae0a077 599 {
dudmuck 0:8f0d0ae0a077 600
dudmuck 0:8f0d0ae0a077 601 while(n_block--)
dudmuck 0:8f0d0ae0a077 602 {
dudmuck 0:8f0d0ae0a077 603 xor_block(iv, in);
dudmuck 0:8f0d0ae0a077 604 if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
dudmuck 0:8f0d0ae0a077 605 return EXIT_FAILURE;
dudmuck 0:8f0d0ae0a077 606 //memcpy(out, iv, N_BLOCK);
dudmuck 0:8f0d0ae0a077 607 block_copy(out, iv);
dudmuck 0:8f0d0ae0a077 608 in += N_BLOCK;
dudmuck 0:8f0d0ae0a077 609 out += N_BLOCK;
dudmuck 0:8f0d0ae0a077 610 }
dudmuck 0:8f0d0ae0a077 611 return EXIT_SUCCESS;
dudmuck 0:8f0d0ae0a077 612 }
dudmuck 0:8f0d0ae0a077 613
dudmuck 0:8f0d0ae0a077 614 #endif
dudmuck 0:8f0d0ae0a077 615
dudmuck 0:8f0d0ae0a077 616 #if defined( AES_DEC_PREKEYED )
dudmuck 0:8f0d0ae0a077 617
dudmuck 0:8f0d0ae0a077 618 /* Decrypt a single block of 16 bytes */
dudmuck 0:8f0d0ae0a077 619
dudmuck 0:8f0d0ae0a077 620 return_type aes_decrypt( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK], const aes_context ctx[1] )
dudmuck 0:8f0d0ae0a077 621 {
dudmuck 0:8f0d0ae0a077 622 if( ctx->rnd )
dudmuck 0:8f0d0ae0a077 623 {
dudmuck 0:8f0d0ae0a077 624 uint8_t s1[N_BLOCK], r;
dudmuck 0:8f0d0ae0a077 625 copy_and_key( s1, in, ctx->ksch + ctx->rnd * N_BLOCK );
dudmuck 0:8f0d0ae0a077 626 inv_shift_sub_rows( s1 );
dudmuck 0:8f0d0ae0a077 627
dudmuck 0:8f0d0ae0a077 628 for( r = ctx->rnd ; --r ; )
dudmuck 0:8f0d0ae0a077 629 #if defined( VERSION_1 )
dudmuck 0:8f0d0ae0a077 630 {
dudmuck 0:8f0d0ae0a077 631 add_round_key( s1, ctx->ksch + r * N_BLOCK );
dudmuck 0:8f0d0ae0a077 632 inv_mix_sub_columns( s1 );
dudmuck 0:8f0d0ae0a077 633 }
dudmuck 0:8f0d0ae0a077 634 #else
dudmuck 0:8f0d0ae0a077 635 { uint8_t s2[N_BLOCK];
dudmuck 0:8f0d0ae0a077 636 copy_and_key( s2, s1, ctx->ksch + r * N_BLOCK );
dudmuck 0:8f0d0ae0a077 637 inv_mix_sub_columns( s1, s2 );
dudmuck 0:8f0d0ae0a077 638 }
dudmuck 0:8f0d0ae0a077 639 #endif
dudmuck 0:8f0d0ae0a077 640 copy_and_key( out, s1, ctx->ksch );
dudmuck 0:8f0d0ae0a077 641 }
dudmuck 0:8f0d0ae0a077 642 else
dudmuck 0:8f0d0ae0a077 643 return -1;
dudmuck 0:8f0d0ae0a077 644 return 0;
dudmuck 0:8f0d0ae0a077 645 }
dudmuck 0:8f0d0ae0a077 646
dudmuck 0:8f0d0ae0a077 647 /* CBC decrypt a number of blocks (input and return an IV) */
dudmuck 0:8f0d0ae0a077 648
dudmuck 0:8f0d0ae0a077 649 return_type aes_cbc_decrypt( const uint8_t *in, uint8_t *out,
dudmuck 0:8f0d0ae0a077 650 int32_t n_block, uint8_t iv[N_BLOCK], const aes_context ctx[1] )
dudmuck 0:8f0d0ae0a077 651 {
dudmuck 0:8f0d0ae0a077 652 while(n_block--)
dudmuck 0:8f0d0ae0a077 653 { uint8_t tmp[N_BLOCK];
dudmuck 0:8f0d0ae0a077 654
dudmuck 0:8f0d0ae0a077 655 //memcpy(tmp, in, N_BLOCK);
dudmuck 0:8f0d0ae0a077 656 block_copy(tmp, in);
dudmuck 0:8f0d0ae0a077 657 if(aes_decrypt(in, out, ctx) != EXIT_SUCCESS)
dudmuck 0:8f0d0ae0a077 658 return EXIT_FAILURE;
dudmuck 0:8f0d0ae0a077 659 xor_block(out, iv);
dudmuck 0:8f0d0ae0a077 660 //memcpy(iv, tmp, N_BLOCK);
dudmuck 0:8f0d0ae0a077 661 block_copy(iv, tmp);
dudmuck 0:8f0d0ae0a077 662 in += N_BLOCK;
dudmuck 0:8f0d0ae0a077 663 out += N_BLOCK;
dudmuck 0:8f0d0ae0a077 664 }
dudmuck 0:8f0d0ae0a077 665 return EXIT_SUCCESS;
dudmuck 0:8f0d0ae0a077 666 }
dudmuck 0:8f0d0ae0a077 667
dudmuck 0:8f0d0ae0a077 668 #endif
dudmuck 0:8f0d0ae0a077 669
dudmuck 0:8f0d0ae0a077 670 #if defined( AES_ENC_128_OTFK )
dudmuck 0:8f0d0ae0a077 671
dudmuck 0:8f0d0ae0a077 672 /* The 'on the fly' encryption key update for for 128 bit keys */
dudmuck 0:8f0d0ae0a077 673
dudmuck 0:8f0d0ae0a077 674 static void update_encrypt_key_128( uint8_t k[N_BLOCK], uint8_t *rc )
dudmuck 0:8f0d0ae0a077 675 { uint8_t cc;
dudmuck 0:8f0d0ae0a077 676
dudmuck 0:8f0d0ae0a077 677 k[0] ^= s_box(k[13]) ^ *rc;
dudmuck 0:8f0d0ae0a077 678 k[1] ^= s_box(k[14]);
dudmuck 0:8f0d0ae0a077 679 k[2] ^= s_box(k[15]);
dudmuck 0:8f0d0ae0a077 680 k[3] ^= s_box(k[12]);
dudmuck 0:8f0d0ae0a077 681 *rc = f2( *rc );
dudmuck 0:8f0d0ae0a077 682
dudmuck 0:8f0d0ae0a077 683 for(cc = 4; cc < 16; cc += 4 )
dudmuck 0:8f0d0ae0a077 684 {
dudmuck 0:8f0d0ae0a077 685 k[cc + 0] ^= k[cc - 4];
dudmuck 0:8f0d0ae0a077 686 k[cc + 1] ^= k[cc - 3];
dudmuck 0:8f0d0ae0a077 687 k[cc + 2] ^= k[cc - 2];
dudmuck 0:8f0d0ae0a077 688 k[cc + 3] ^= k[cc - 1];
dudmuck 0:8f0d0ae0a077 689 }
dudmuck 0:8f0d0ae0a077 690 }
dudmuck 0:8f0d0ae0a077 691
dudmuck 0:8f0d0ae0a077 692 /* Encrypt a single block of 16 bytes with 'on the fly' 128 bit keying */
dudmuck 0:8f0d0ae0a077 693
dudmuck 0:8f0d0ae0a077 694 void aes_encrypt_128( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK],
dudmuck 0:8f0d0ae0a077 695 const uint8_t key[N_BLOCK], uint8_t o_key[N_BLOCK] )
dudmuck 0:8f0d0ae0a077 696 { uint8_t s1[N_BLOCK], r, rc = 1;
dudmuck 0:8f0d0ae0a077 697
dudmuck 0:8f0d0ae0a077 698 if(o_key != key)
dudmuck 0:8f0d0ae0a077 699 block_copy( o_key, key );
dudmuck 0:8f0d0ae0a077 700 copy_and_key( s1, in, o_key );
dudmuck 0:8f0d0ae0a077 701
dudmuck 0:8f0d0ae0a077 702 for( r = 1 ; r < 10 ; ++r )
dudmuck 0:8f0d0ae0a077 703 #if defined( VERSION_1 )
dudmuck 0:8f0d0ae0a077 704 {
dudmuck 0:8f0d0ae0a077 705 mix_sub_columns( s1 );
dudmuck 0:8f0d0ae0a077 706 update_encrypt_key_128( o_key, &rc );
dudmuck 0:8f0d0ae0a077 707 add_round_key( s1, o_key );
dudmuck 0:8f0d0ae0a077 708 }
dudmuck 0:8f0d0ae0a077 709 #else
dudmuck 0:8f0d0ae0a077 710 { uint8_t s2[N_BLOCK];
dudmuck 0:8f0d0ae0a077 711 mix_sub_columns( s2, s1 );
dudmuck 0:8f0d0ae0a077 712 update_encrypt_key_128( o_key, &rc );
dudmuck 0:8f0d0ae0a077 713 copy_and_key( s1, s2, o_key );
dudmuck 0:8f0d0ae0a077 714 }
dudmuck 0:8f0d0ae0a077 715 #endif
dudmuck 0:8f0d0ae0a077 716
dudmuck 0:8f0d0ae0a077 717 shift_sub_rows( s1 );
dudmuck 0:8f0d0ae0a077 718 update_encrypt_key_128( o_key, &rc );
dudmuck 0:8f0d0ae0a077 719 copy_and_key( out, s1, o_key );
dudmuck 0:8f0d0ae0a077 720 }
dudmuck 0:8f0d0ae0a077 721
dudmuck 0:8f0d0ae0a077 722 #endif
dudmuck 0:8f0d0ae0a077 723
dudmuck 0:8f0d0ae0a077 724 #if defined( AES_DEC_128_OTFK )
dudmuck 0:8f0d0ae0a077 725
dudmuck 0:8f0d0ae0a077 726 /* The 'on the fly' decryption key update for for 128 bit keys */
dudmuck 0:8f0d0ae0a077 727
dudmuck 0:8f0d0ae0a077 728 static void update_decrypt_key_128( uint8_t k[N_BLOCK], uint8_t *rc )
dudmuck 0:8f0d0ae0a077 729 { uint8_t cc;
dudmuck 0:8f0d0ae0a077 730
dudmuck 0:8f0d0ae0a077 731 for( cc = 12; cc > 0; cc -= 4 )
dudmuck 0:8f0d0ae0a077 732 {
dudmuck 0:8f0d0ae0a077 733 k[cc + 0] ^= k[cc - 4];
dudmuck 0:8f0d0ae0a077 734 k[cc + 1] ^= k[cc - 3];
dudmuck 0:8f0d0ae0a077 735 k[cc + 2] ^= k[cc - 2];
dudmuck 0:8f0d0ae0a077 736 k[cc + 3] ^= k[cc - 1];
dudmuck 0:8f0d0ae0a077 737 }
dudmuck 0:8f0d0ae0a077 738 *rc = d2(*rc);
dudmuck 0:8f0d0ae0a077 739 k[0] ^= s_box(k[13]) ^ *rc;
dudmuck 0:8f0d0ae0a077 740 k[1] ^= s_box(k[14]);
dudmuck 0:8f0d0ae0a077 741 k[2] ^= s_box(k[15]);
dudmuck 0:8f0d0ae0a077 742 k[3] ^= s_box(k[12]);
dudmuck 0:8f0d0ae0a077 743 }
dudmuck 0:8f0d0ae0a077 744
dudmuck 0:8f0d0ae0a077 745 /* Decrypt a single block of 16 bytes with 'on the fly' 128 bit keying */
dudmuck 0:8f0d0ae0a077 746
dudmuck 0:8f0d0ae0a077 747 void aes_decrypt_128( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK],
dudmuck 0:8f0d0ae0a077 748 const uint8_t key[N_BLOCK], uint8_t o_key[N_BLOCK] )
dudmuck 0:8f0d0ae0a077 749 {
dudmuck 0:8f0d0ae0a077 750 uint8_t s1[N_BLOCK], r, rc = 0x6c;
dudmuck 0:8f0d0ae0a077 751 if(o_key != key)
dudmuck 0:8f0d0ae0a077 752 block_copy( o_key, key );
dudmuck 0:8f0d0ae0a077 753
dudmuck 0:8f0d0ae0a077 754 copy_and_key( s1, in, o_key );
dudmuck 0:8f0d0ae0a077 755 inv_shift_sub_rows( s1 );
dudmuck 0:8f0d0ae0a077 756
dudmuck 0:8f0d0ae0a077 757 for( r = 10 ; --r ; )
dudmuck 0:8f0d0ae0a077 758 #if defined( VERSION_1 )
dudmuck 0:8f0d0ae0a077 759 {
dudmuck 0:8f0d0ae0a077 760 update_decrypt_key_128( o_key, &rc );
dudmuck 0:8f0d0ae0a077 761 add_round_key( s1, o_key );
dudmuck 0:8f0d0ae0a077 762 inv_mix_sub_columns( s1 );
dudmuck 0:8f0d0ae0a077 763 }
dudmuck 0:8f0d0ae0a077 764 #else
dudmuck 0:8f0d0ae0a077 765 { uint8_t s2[N_BLOCK];
dudmuck 0:8f0d0ae0a077 766 update_decrypt_key_128( o_key, &rc );
dudmuck 0:8f0d0ae0a077 767 copy_and_key( s2, s1, o_key );
dudmuck 0:8f0d0ae0a077 768 inv_mix_sub_columns( s1, s2 );
dudmuck 0:8f0d0ae0a077 769 }
dudmuck 0:8f0d0ae0a077 770 #endif
dudmuck 0:8f0d0ae0a077 771 update_decrypt_key_128( o_key, &rc );
dudmuck 0:8f0d0ae0a077 772 copy_and_key( out, s1, o_key );
dudmuck 0:8f0d0ae0a077 773 }
dudmuck 0:8f0d0ae0a077 774
dudmuck 0:8f0d0ae0a077 775 #endif
dudmuck 0:8f0d0ae0a077 776
dudmuck 0:8f0d0ae0a077 777 #if defined( AES_ENC_256_OTFK )
dudmuck 0:8f0d0ae0a077 778
dudmuck 0:8f0d0ae0a077 779 /* The 'on the fly' encryption key update for for 256 bit keys */
dudmuck 0:8f0d0ae0a077 780
dudmuck 0:8f0d0ae0a077 781 static void update_encrypt_key_256( uint8_t k[2 * N_BLOCK], uint8_t *rc )
dudmuck 0:8f0d0ae0a077 782 { uint8_t cc;
dudmuck 0:8f0d0ae0a077 783
dudmuck 0:8f0d0ae0a077 784 k[0] ^= s_box(k[29]) ^ *rc;
dudmuck 0:8f0d0ae0a077 785 k[1] ^= s_box(k[30]);
dudmuck 0:8f0d0ae0a077 786 k[2] ^= s_box(k[31]);
dudmuck 0:8f0d0ae0a077 787 k[3] ^= s_box(k[28]);
dudmuck 0:8f0d0ae0a077 788 *rc = f2( *rc );
dudmuck 0:8f0d0ae0a077 789
dudmuck 0:8f0d0ae0a077 790 for(cc = 4; cc < 16; cc += 4)
dudmuck 0:8f0d0ae0a077 791 {
dudmuck 0:8f0d0ae0a077 792 k[cc + 0] ^= k[cc - 4];
dudmuck 0:8f0d0ae0a077 793 k[cc + 1] ^= k[cc - 3];
dudmuck 0:8f0d0ae0a077 794 k[cc + 2] ^= k[cc - 2];
dudmuck 0:8f0d0ae0a077 795 k[cc + 3] ^= k[cc - 1];
dudmuck 0:8f0d0ae0a077 796 }
dudmuck 0:8f0d0ae0a077 797
dudmuck 0:8f0d0ae0a077 798 k[16] ^= s_box(k[12]);
dudmuck 0:8f0d0ae0a077 799 k[17] ^= s_box(k[13]);
dudmuck 0:8f0d0ae0a077 800 k[18] ^= s_box(k[14]);
dudmuck 0:8f0d0ae0a077 801 k[19] ^= s_box(k[15]);
dudmuck 0:8f0d0ae0a077 802
dudmuck 0:8f0d0ae0a077 803 for( cc = 20; cc < 32; cc += 4 )
dudmuck 0:8f0d0ae0a077 804 {
dudmuck 0:8f0d0ae0a077 805 k[cc + 0] ^= k[cc - 4];
dudmuck 0:8f0d0ae0a077 806 k[cc + 1] ^= k[cc - 3];
dudmuck 0:8f0d0ae0a077 807 k[cc + 2] ^= k[cc - 2];
dudmuck 0:8f0d0ae0a077 808 k[cc + 3] ^= k[cc - 1];
dudmuck 0:8f0d0ae0a077 809 }
dudmuck 0:8f0d0ae0a077 810 }
dudmuck 0:8f0d0ae0a077 811
dudmuck 0:8f0d0ae0a077 812 /* Encrypt a single block of 16 bytes with 'on the fly' 256 bit keying */
dudmuck 0:8f0d0ae0a077 813
dudmuck 0:8f0d0ae0a077 814 void aes_encrypt_256( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK],
dudmuck 0:8f0d0ae0a077 815 const uint8_t key[2 * N_BLOCK], uint8_t o_key[2 * N_BLOCK] )
dudmuck 0:8f0d0ae0a077 816 {
dudmuck 0:8f0d0ae0a077 817 uint8_t s1[N_BLOCK], r, rc = 1;
dudmuck 0:8f0d0ae0a077 818 if(o_key != key)
dudmuck 0:8f0d0ae0a077 819 {
dudmuck 0:8f0d0ae0a077 820 block_copy( o_key, key );
dudmuck 0:8f0d0ae0a077 821 block_copy( o_key + 16, key + 16 );
dudmuck 0:8f0d0ae0a077 822 }
dudmuck 0:8f0d0ae0a077 823 copy_and_key( s1, in, o_key );
dudmuck 0:8f0d0ae0a077 824
dudmuck 0:8f0d0ae0a077 825 for( r = 1 ; r < 14 ; ++r )
dudmuck 0:8f0d0ae0a077 826 #if defined( VERSION_1 )
dudmuck 0:8f0d0ae0a077 827 {
dudmuck 0:8f0d0ae0a077 828 mix_sub_columns(s1);
dudmuck 0:8f0d0ae0a077 829 if( r & 1 )
dudmuck 0:8f0d0ae0a077 830 add_round_key( s1, o_key + 16 );
dudmuck 0:8f0d0ae0a077 831 else
dudmuck 0:8f0d0ae0a077 832 {
dudmuck 0:8f0d0ae0a077 833 update_encrypt_key_256( o_key, &rc );
dudmuck 0:8f0d0ae0a077 834 add_round_key( s1, o_key );
dudmuck 0:8f0d0ae0a077 835 }
dudmuck 0:8f0d0ae0a077 836 }
dudmuck 0:8f0d0ae0a077 837 #else
dudmuck 0:8f0d0ae0a077 838 { uint8_t s2[N_BLOCK];
dudmuck 0:8f0d0ae0a077 839 mix_sub_columns( s2, s1 );
dudmuck 0:8f0d0ae0a077 840 if( r & 1 )
dudmuck 0:8f0d0ae0a077 841 copy_and_key( s1, s2, o_key + 16 );
dudmuck 0:8f0d0ae0a077 842 else
dudmuck 0:8f0d0ae0a077 843 {
dudmuck 0:8f0d0ae0a077 844 update_encrypt_key_256( o_key, &rc );
dudmuck 0:8f0d0ae0a077 845 copy_and_key( s1, s2, o_key );
dudmuck 0:8f0d0ae0a077 846 }
dudmuck 0:8f0d0ae0a077 847 }
dudmuck 0:8f0d0ae0a077 848 #endif
dudmuck 0:8f0d0ae0a077 849
dudmuck 0:8f0d0ae0a077 850 shift_sub_rows( s1 );
dudmuck 0:8f0d0ae0a077 851 update_encrypt_key_256( o_key, &rc );
dudmuck 0:8f0d0ae0a077 852 copy_and_key( out, s1, o_key );
dudmuck 0:8f0d0ae0a077 853 }
dudmuck 0:8f0d0ae0a077 854
dudmuck 0:8f0d0ae0a077 855 #endif
dudmuck 0:8f0d0ae0a077 856
dudmuck 0:8f0d0ae0a077 857 #if defined( AES_DEC_256_OTFK )
dudmuck 0:8f0d0ae0a077 858
dudmuck 0:8f0d0ae0a077 859 /* The 'on the fly' encryption key update for for 256 bit keys */
dudmuck 0:8f0d0ae0a077 860
dudmuck 0:8f0d0ae0a077 861 static void update_decrypt_key_256( uint8_t k[2 * N_BLOCK], uint8_t *rc )
dudmuck 0:8f0d0ae0a077 862 { uint8_t cc;
dudmuck 0:8f0d0ae0a077 863
dudmuck 0:8f0d0ae0a077 864 for(cc = 28; cc > 16; cc -= 4)
dudmuck 0:8f0d0ae0a077 865 {
dudmuck 0:8f0d0ae0a077 866 k[cc + 0] ^= k[cc - 4];
dudmuck 0:8f0d0ae0a077 867 k[cc + 1] ^= k[cc - 3];
dudmuck 0:8f0d0ae0a077 868 k[cc + 2] ^= k[cc - 2];
dudmuck 0:8f0d0ae0a077 869 k[cc + 3] ^= k[cc - 1];
dudmuck 0:8f0d0ae0a077 870 }
dudmuck 0:8f0d0ae0a077 871
dudmuck 0:8f0d0ae0a077 872 k[16] ^= s_box(k[12]);
dudmuck 0:8f0d0ae0a077 873 k[17] ^= s_box(k[13]);
dudmuck 0:8f0d0ae0a077 874 k[18] ^= s_box(k[14]);
dudmuck 0:8f0d0ae0a077 875 k[19] ^= s_box(k[15]);
dudmuck 0:8f0d0ae0a077 876
dudmuck 0:8f0d0ae0a077 877 for(cc = 12; cc > 0; cc -= 4)
dudmuck 0:8f0d0ae0a077 878 {
dudmuck 0:8f0d0ae0a077 879 k[cc + 0] ^= k[cc - 4];
dudmuck 0:8f0d0ae0a077 880 k[cc + 1] ^= k[cc - 3];
dudmuck 0:8f0d0ae0a077 881 k[cc + 2] ^= k[cc - 2];
dudmuck 0:8f0d0ae0a077 882 k[cc + 3] ^= k[cc - 1];
dudmuck 0:8f0d0ae0a077 883 }
dudmuck 0:8f0d0ae0a077 884
dudmuck 0:8f0d0ae0a077 885 *rc = d2(*rc);
dudmuck 0:8f0d0ae0a077 886 k[0] ^= s_box(k[29]) ^ *rc;
dudmuck 0:8f0d0ae0a077 887 k[1] ^= s_box(k[30]);
dudmuck 0:8f0d0ae0a077 888 k[2] ^= s_box(k[31]);
dudmuck 0:8f0d0ae0a077 889 k[3] ^= s_box(k[28]);
dudmuck 0:8f0d0ae0a077 890 }
dudmuck 0:8f0d0ae0a077 891
dudmuck 0:8f0d0ae0a077 892 /* Decrypt a single block of 16 bytes with 'on the fly'
dudmuck 0:8f0d0ae0a077 893 256 bit keying
dudmuck 0:8f0d0ae0a077 894 */
dudmuck 0:8f0d0ae0a077 895 void aes_decrypt_256( const uint8_t in[N_BLOCK], uint8_t out[N_BLOCK],
dudmuck 0:8f0d0ae0a077 896 const uint8_t key[2 * N_BLOCK], uint8_t o_key[2 * N_BLOCK] )
dudmuck 0:8f0d0ae0a077 897 {
dudmuck 0:8f0d0ae0a077 898 uint8_t s1[N_BLOCK], r, rc = 0x80;
dudmuck 0:8f0d0ae0a077 899
dudmuck 0:8f0d0ae0a077 900 if(o_key != key)
dudmuck 0:8f0d0ae0a077 901 {
dudmuck 0:8f0d0ae0a077 902 block_copy( o_key, key );
dudmuck 0:8f0d0ae0a077 903 block_copy( o_key + 16, key + 16 );
dudmuck 0:8f0d0ae0a077 904 }
dudmuck 0:8f0d0ae0a077 905
dudmuck 0:8f0d0ae0a077 906 copy_and_key( s1, in, o_key );
dudmuck 0:8f0d0ae0a077 907 inv_shift_sub_rows( s1 );
dudmuck 0:8f0d0ae0a077 908
dudmuck 0:8f0d0ae0a077 909 for( r = 14 ; --r ; )
dudmuck 0:8f0d0ae0a077 910 #if defined( VERSION_1 )
dudmuck 0:8f0d0ae0a077 911 {
dudmuck 0:8f0d0ae0a077 912 if( ( r & 1 ) )
dudmuck 0:8f0d0ae0a077 913 {
dudmuck 0:8f0d0ae0a077 914 update_decrypt_key_256( o_key, &rc );
dudmuck 0:8f0d0ae0a077 915 add_round_key( s1, o_key + 16 );
dudmuck 0:8f0d0ae0a077 916 }
dudmuck 0:8f0d0ae0a077 917 else
dudmuck 0:8f0d0ae0a077 918 add_round_key( s1, o_key );
dudmuck 0:8f0d0ae0a077 919 inv_mix_sub_columns( s1 );
dudmuck 0:8f0d0ae0a077 920 }
dudmuck 0:8f0d0ae0a077 921 #else
dudmuck 0:8f0d0ae0a077 922 { uint8_t s2[N_BLOCK];
dudmuck 0:8f0d0ae0a077 923 if( ( r & 1 ) )
dudmuck 0:8f0d0ae0a077 924 {
dudmuck 0:8f0d0ae0a077 925 update_decrypt_key_256( o_key, &rc );
dudmuck 0:8f0d0ae0a077 926 copy_and_key( s2, s1, o_key + 16 );
dudmuck 0:8f0d0ae0a077 927 }
dudmuck 0:8f0d0ae0a077 928 else
dudmuck 0:8f0d0ae0a077 929 copy_and_key( s2, s1, o_key );
dudmuck 0:8f0d0ae0a077 930 inv_mix_sub_columns( s1, s2 );
dudmuck 0:8f0d0ae0a077 931 }
dudmuck 0:8f0d0ae0a077 932 #endif
dudmuck 0:8f0d0ae0a077 933 copy_and_key( out, s1, o_key );
dudmuck 0:8f0d0ae0a077 934 }
dudmuck 0:8f0d0ae0a077 935
dudmuck 0:8f0d0ae0a077 936 #endif