wolf SSL / wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents:   CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

wolfcrypt/src/aes.c@4:1b0d80432c79, 2016-04-28 (annotated)

Committer:
wolfSSL
Date:
Thu Apr 28 00:57:21 2016 +0000
Revision:
4:1b0d80432c79
wolfSSL 3.9.0

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 4:1b0d80432c79 1 /* aes.c
wolfSSL 4:1b0d80432c79 2 *
wolfSSL 4:1b0d80432c79 3 * Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL 4:1b0d80432c79 4 *
wolfSSL 4:1b0d80432c79 5 * This file is part of wolfSSL.
wolfSSL 4:1b0d80432c79 6 *
wolfSSL 4:1b0d80432c79 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 4:1b0d80432c79 8 * it under the terms of the GNU General Public License as published by
wolfSSL 4:1b0d80432c79 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 4:1b0d80432c79 10 * (at your option) any later version.
wolfSSL 4:1b0d80432c79 11 *
wolfSSL 4:1b0d80432c79 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 4:1b0d80432c79 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 4:1b0d80432c79 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 4:1b0d80432c79 15 * GNU General Public License for more details.
wolfSSL 4:1b0d80432c79 16 *
wolfSSL 4:1b0d80432c79 17 * You should have received a copy of the GNU General Public License
wolfSSL 4:1b0d80432c79 18 * along with this program; if not, write to the Free Software
wolfSSL 4:1b0d80432c79 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 4:1b0d80432c79 20 */
wolfSSL 4:1b0d80432c79 21
wolfSSL 4:1b0d80432c79 22
wolfSSL 4:1b0d80432c79 23 #ifdef HAVE_CONFIG_H
wolfSSL 4:1b0d80432c79 24 #include <config.h>
wolfSSL 4:1b0d80432c79 25 #endif
wolfSSL 4:1b0d80432c79 26
wolfSSL 4:1b0d80432c79 27 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 4:1b0d80432c79 28
wolfSSL 4:1b0d80432c79 29 #ifndef NO_AES
wolfSSL 4:1b0d80432c79 30
wolfSSL 4:1b0d80432c79 31 #include <wolfssl/wolfcrypt/aes.h>
wolfSSL 4:1b0d80432c79 32
wolfSSL 4:1b0d80432c79 33 #ifdef HAVE_FIPS
wolfSSL 4:1b0d80432c79 34 int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
wolfSSL 4:1b0d80432c79 35 int dir)
wolfSSL 4:1b0d80432c79 36 {
wolfSSL 4:1b0d80432c79 37 return AesSetKey_fips(aes, key, len, iv, dir);
wolfSSL 4:1b0d80432c79 38 }
wolfSSL 4:1b0d80432c79 39
wolfSSL 4:1b0d80432c79 40
wolfSSL 4:1b0d80432c79 41 int wc_AesSetIV(Aes* aes, const byte* iv)
wolfSSL 4:1b0d80432c79 42 {
wolfSSL 4:1b0d80432c79 43 return AesSetIV_fips(aes, iv);
wolfSSL 4:1b0d80432c79 44 }
wolfSSL 4:1b0d80432c79 45
wolfSSL 4:1b0d80432c79 46
wolfSSL 4:1b0d80432c79 47 #ifdef HAVE_AES_CBC
wolfSSL 4:1b0d80432c79 48 int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
wolfSSL 4:1b0d80432c79 49 {
wolfSSL 4:1b0d80432c79 50 return AesCbcEncrypt_fips(aes, out, in, sz);
wolfSSL 4:1b0d80432c79 51 }
wolfSSL 4:1b0d80432c79 52
wolfSSL 4:1b0d80432c79 53 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 54 int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
wolfSSL 4:1b0d80432c79 55 {
wolfSSL 4:1b0d80432c79 56 return AesCbcDecrypt_fips(aes, out, in, sz);
wolfSSL 4:1b0d80432c79 57 }
wolfSSL 4:1b0d80432c79 58 #endif /* HAVE_AES_DECRYPT */
wolfSSL 4:1b0d80432c79 59 #endif /* HAVE_AES_CBC */
wolfSSL 4:1b0d80432c79 60
wolfSSL 4:1b0d80432c79 61 /* AES-CTR */
wolfSSL 4:1b0d80432c79 62 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 4:1b0d80432c79 63 void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
wolfSSL 4:1b0d80432c79 64 {
wolfSSL 4:1b0d80432c79 65 AesCtrEncrypt(aes, out, in, sz);
wolfSSL 4:1b0d80432c79 66 }
wolfSSL 4:1b0d80432c79 67 #endif
wolfSSL 4:1b0d80432c79 68
wolfSSL 4:1b0d80432c79 69 /* AES-DIRECT */
wolfSSL 4:1b0d80432c79 70 #if defined(WOLFSSL_AES_DIRECT)
wolfSSL 4:1b0d80432c79 71 void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
wolfSSL 4:1b0d80432c79 72 {
wolfSSL 4:1b0d80432c79 73 AesEncryptDirect(aes, out, in);
wolfSSL 4:1b0d80432c79 74 }
wolfSSL 4:1b0d80432c79 75
wolfSSL 4:1b0d80432c79 76 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 77 void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
wolfSSL 4:1b0d80432c79 78 {
wolfSSL 4:1b0d80432c79 79 AesDecryptDirect(aes, out, in);
wolfSSL 4:1b0d80432c79 80 }
wolfSSL 4:1b0d80432c79 81 #endif /* HAVE_AES_DECRYPT */
wolfSSL 4:1b0d80432c79 82
wolfSSL 4:1b0d80432c79 83 int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
wolfSSL 4:1b0d80432c79 84 const byte* iv, int dir)
wolfSSL 4:1b0d80432c79 85 {
wolfSSL 4:1b0d80432c79 86 return AesSetKeyDirect(aes, key, len, iv, dir);
wolfSSL 4:1b0d80432c79 87 }
wolfSSL 4:1b0d80432c79 88 #endif
wolfSSL 4:1b0d80432c79 89
wolfSSL 4:1b0d80432c79 90
wolfSSL 4:1b0d80432c79 91 #ifdef HAVE_AESGCM
wolfSSL 4:1b0d80432c79 92 int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
wolfSSL 4:1b0d80432c79 93 {
wolfSSL 4:1b0d80432c79 94 return AesGcmSetKey_fips(aes, key, len);
wolfSSL 4:1b0d80432c79 95 }
wolfSSL 4:1b0d80432c79 96
wolfSSL 4:1b0d80432c79 97
wolfSSL 4:1b0d80432c79 98 int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
wolfSSL 4:1b0d80432c79 99 const byte* iv, word32 ivSz,
wolfSSL 4:1b0d80432c79 100 byte* authTag, word32 authTagSz,
wolfSSL 4:1b0d80432c79 101 const byte* authIn, word32 authInSz)
wolfSSL 4:1b0d80432c79 102 {
wolfSSL 4:1b0d80432c79 103 return AesGcmEncrypt_fips(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
wolfSSL 4:1b0d80432c79 104 authIn, authInSz);
wolfSSL 4:1b0d80432c79 105 }
wolfSSL 4:1b0d80432c79 106
wolfSSL 4:1b0d80432c79 107 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 108 int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
wolfSSL 4:1b0d80432c79 109 const byte* iv, word32 ivSz,
wolfSSL 4:1b0d80432c79 110 const byte* authTag, word32 authTagSz,
wolfSSL 4:1b0d80432c79 111 const byte* authIn, word32 authInSz)
wolfSSL 4:1b0d80432c79 112 {
wolfSSL 4:1b0d80432c79 113 return AesGcmDecrypt_fips(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
wolfSSL 4:1b0d80432c79 114 authIn, authInSz);
wolfSSL 4:1b0d80432c79 115 }
wolfSSL 4:1b0d80432c79 116 #endif /* HAVE_AES_DECRYPT */
wolfSSL 4:1b0d80432c79 117
wolfSSL 4:1b0d80432c79 118 int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len)
wolfSSL 4:1b0d80432c79 119 {
wolfSSL 4:1b0d80432c79 120 return GmacSetKey(gmac, key, len);
wolfSSL 4:1b0d80432c79 121 }
wolfSSL 4:1b0d80432c79 122
wolfSSL 4:1b0d80432c79 123
wolfSSL 4:1b0d80432c79 124 int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
wolfSSL 4:1b0d80432c79 125 const byte* authIn, word32 authInSz,
wolfSSL 4:1b0d80432c79 126 byte* authTag, word32 authTagSz)
wolfSSL 4:1b0d80432c79 127 {
wolfSSL 4:1b0d80432c79 128 return GmacUpdate(gmac, iv, ivSz, authIn, authInSz,
wolfSSL 4:1b0d80432c79 129 authTag, authTagSz);
wolfSSL 4:1b0d80432c79 130 }
wolfSSL 4:1b0d80432c79 131
wolfSSL 4:1b0d80432c79 132 #endif /* HAVE_AESGCM */
wolfSSL 4:1b0d80432c79 133 #ifdef HAVE_AESCCM
wolfSSL 4:1b0d80432c79 134 void wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
wolfSSL 4:1b0d80432c79 135 {
wolfSSL 4:1b0d80432c79 136 AesCcmSetKey(aes, key, keySz);
wolfSSL 4:1b0d80432c79 137 }
wolfSSL 4:1b0d80432c79 138
wolfSSL 4:1b0d80432c79 139
wolfSSL 4:1b0d80432c79 140 int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
wolfSSL 4:1b0d80432c79 141 const byte* nonce, word32 nonceSz,
wolfSSL 4:1b0d80432c79 142 byte* authTag, word32 authTagSz,
wolfSSL 4:1b0d80432c79 143 const byte* authIn, word32 authInSz)
wolfSSL 4:1b0d80432c79 144 {
wolfSSL 4:1b0d80432c79 145 /* sanity check on arguments */
wolfSSL 4:1b0d80432c79 146 if (aes == NULL || out == NULL || in == NULL || nonce == NULL
wolfSSL 4:1b0d80432c79 147 || authTag == NULL || nonceSz < 7 || nonceSz > 13)
wolfSSL 4:1b0d80432c79 148 return BAD_FUNC_ARG;
wolfSSL 4:1b0d80432c79 149
wolfSSL 4:1b0d80432c79 150 AesCcmEncrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz,
wolfSSL 4:1b0d80432c79 151 authIn, authInSz);
wolfSSL 4:1b0d80432c79 152 return 0;
wolfSSL 4:1b0d80432c79 153 }
wolfSSL 4:1b0d80432c79 154
wolfSSL 4:1b0d80432c79 155 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 156 int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
wolfSSL 4:1b0d80432c79 157 const byte* nonce, word32 nonceSz,
wolfSSL 4:1b0d80432c79 158 const byte* authTag, word32 authTagSz,
wolfSSL 4:1b0d80432c79 159 const byte* authIn, word32 authInSz)
wolfSSL 4:1b0d80432c79 160 {
wolfSSL 4:1b0d80432c79 161 return AesCcmDecrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz,
wolfSSL 4:1b0d80432c79 162 authIn, authInSz);
wolfSSL 4:1b0d80432c79 163 }
wolfSSL 4:1b0d80432c79 164 #endif /* HAVE_AES_DECRYPT */
wolfSSL 4:1b0d80432c79 165 #endif /* HAVE_AESCCM */
wolfSSL 4:1b0d80432c79 166
wolfSSL 4:1b0d80432c79 167 #ifdef HAVE_CAVIUM
wolfSSL 4:1b0d80432c79 168 int wc_AesInitCavium(Aes* aes, int i)
wolfSSL 4:1b0d80432c79 169 {
wolfSSL 4:1b0d80432c79 170 return AesInitCavium(aes, i);
wolfSSL 4:1b0d80432c79 171 }
wolfSSL 4:1b0d80432c79 172
wolfSSL 4:1b0d80432c79 173
wolfSSL 4:1b0d80432c79 174 void wc_AesFreeCavium(Aes* aes)
wolfSSL 4:1b0d80432c79 175 {
wolfSSL 4:1b0d80432c79 176 AesFreeCavium(aes);
wolfSSL 4:1b0d80432c79 177 }
wolfSSL 4:1b0d80432c79 178 #endif
wolfSSL 4:1b0d80432c79 179 #else /* HAVE_FIPS */
wolfSSL 4:1b0d80432c79 180
wolfSSL 4:1b0d80432c79 181 #ifdef WOLFSSL_TI_CRYPT
wolfSSL 4:1b0d80432c79 182 #include <wolfcrypt/src/port/ti/ti-aes.c>
wolfSSL 4:1b0d80432c79 183 #else
wolfSSL 4:1b0d80432c79 184
wolfSSL 4:1b0d80432c79 185 #include <wolfssl/wolfcrypt/error-crypt.h>
wolfSSL 4:1b0d80432c79 186 #include <wolfssl/wolfcrypt/logging.h>
wolfSSL 4:1b0d80432c79 187 #ifdef NO_INLINE
wolfSSL 4:1b0d80432c79 188 #include <wolfssl/wolfcrypt/misc.h>
wolfSSL 4:1b0d80432c79 189 #else
wolfSSL 4:1b0d80432c79 190 #include <wolfcrypt/src/misc.c>
wolfSSL 4:1b0d80432c79 191 #endif
wolfSSL 4:1b0d80432c79 192 #ifdef DEBUG_AESNI
wolfSSL 4:1b0d80432c79 193 #include <stdio.h>
wolfSSL 4:1b0d80432c79 194 #endif
wolfSSL 4:1b0d80432c79 195
wolfSSL 4:1b0d80432c79 196
wolfSSL 4:1b0d80432c79 197 #ifdef _MSC_VER
wolfSSL 4:1b0d80432c79 198 /* 4127 warning constant while(1) */
wolfSSL 4:1b0d80432c79 199 #pragma warning(disable: 4127)
wolfSSL 4:1b0d80432c79 200 #endif
wolfSSL 4:1b0d80432c79 201
wolfSSL 4:1b0d80432c79 202 /* Define AES implementation includes and functions */
wolfSSL 4:1b0d80432c79 203 #if defined(STM32F2_CRYPTO)
wolfSSL 4:1b0d80432c79 204 /* STM32F2 hardware AES support for CBC, CTR modes through the STM32F2
wolfSSL 4:1b0d80432c79 205 * Standard Peripheral Library. Documentation located in STM32F2xx
wolfSSL 4:1b0d80432c79 206 * Standard Peripheral Library document (See note in README).
wolfSSL 4:1b0d80432c79 207 * NOTE: no support for AES-GCM/CCM/Direct */
wolfSSL 4:1b0d80432c79 208 #include "stm32f2xx.h"
wolfSSL 4:1b0d80432c79 209 #include "stm32f2xx_cryp.h"
wolfSSL 4:1b0d80432c79 210 #elif defined(HAVE_COLDFIRE_SEC)
wolfSSL 4:1b0d80432c79 211 /* Freescale Coldfire SEC support for CBC mode.
wolfSSL 4:1b0d80432c79 212 * NOTE: no support for AES-CTR/GCM/CCM/Direct */
wolfSSL 4:1b0d80432c79 213 #include <wolfssl/wolfcrypt/types.h>
wolfSSL 4:1b0d80432c79 214 #include "sec.h"
wolfSSL 4:1b0d80432c79 215 #include "mcf5475_sec.h"
wolfSSL 4:1b0d80432c79 216 #include "mcf5475_siu.h"
wolfSSL 4:1b0d80432c79 217 #elif defined(FREESCALE_MMCAU)
wolfSSL 4:1b0d80432c79 218 /* Freescale mmCAU hardware AES support for Direct, CBC, CCM, GCM modes
wolfSSL 4:1b0d80432c79 219 * through the CAU/mmCAU library. Documentation located in
wolfSSL 4:1b0d80432c79 220 * ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library User
wolfSSL 4:1b0d80432c79 221 * Guide (See note in README).
wolfSSL 4:1b0d80432c79 222 * NOTE: no support for AES-CTR */
wolfSSL 4:1b0d80432c79 223 #include "cau_api.h"
wolfSSL 4:1b0d80432c79 224
wolfSSL 4:1b0d80432c79 225 static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
wolfSSL 4:1b0d80432c79 226 {
wolfSSL 4:1b0d80432c79 227 int ret = wolfSSL_CryptHwMutexLock();
wolfSSL 4:1b0d80432c79 228 if(ret == 0) {
wolfSSL 4:1b0d80432c79 229 cau_aes_encrypt(inBlock, (byte*)aes->key, aes->rounds, outBlock);
wolfSSL 4:1b0d80432c79 230 wolfSSL_CryptHwMutexUnLock();
wolfSSL 4:1b0d80432c79 231 }
wolfSSL 4:1b0d80432c79 232 return ret;
wolfSSL 4:1b0d80432c79 233 }
wolfSSL 4:1b0d80432c79 234 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 235 static int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
wolfSSL 4:1b0d80432c79 236 {
wolfSSL 4:1b0d80432c79 237 int ret = wolfSSL_CryptHwMutexLock();
wolfSSL 4:1b0d80432c79 238 if(ret == 0) {
wolfSSL 4:1b0d80432c79 239 cau_aes_decrypt(inBlock, (byte*)aes->key, aes->rounds, outBlock);
wolfSSL 4:1b0d80432c79 240 wolfSSL_CryptHwMutexUnLock();
wolfSSL 4:1b0d80432c79 241 }
wolfSSL 4:1b0d80432c79 242 return ret;
wolfSSL 4:1b0d80432c79 243 }
wolfSSL 4:1b0d80432c79 244 #endif /* HAVE_AES_DECRYPT */
wolfSSL 4:1b0d80432c79 245 #elif defined(WOLFSSL_PIC32MZ_CRYPT)
wolfSSL 4:1b0d80432c79 246 /* NOTE: no support for AES-CCM/Direct */
wolfSSL 4:1b0d80432c79 247 #define DEBUG_WOLFSSL
wolfSSL 4:1b0d80432c79 248 #include "wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h"
wolfSSL 4:1b0d80432c79 249 #elif defined(HAVE_CAVIUM)
wolfSSL 4:1b0d80432c79 250 #include <wolfssl/wolfcrypt/logging.h>
wolfSSL 4:1b0d80432c79 251 #include "cavium_common.h"
wolfSSL 4:1b0d80432c79 252
wolfSSL 4:1b0d80432c79 253 /* still leave SW crypto available */
wolfSSL 4:1b0d80432c79 254 #define NEED_AES_TABLES
wolfSSL 4:1b0d80432c79 255
wolfSSL 4:1b0d80432c79 256 static int wc_AesCaviumSetKey(Aes* aes, const byte* key, word32 length,
wolfSSL 4:1b0d80432c79 257 const byte* iv);
wolfSSL 4:1b0d80432c79 258 #ifdef HAVE_AES_CBC
wolfSSL 4:1b0d80432c79 259 static int wc_AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in,
wolfSSL 4:1b0d80432c79 260 word32 length);
wolfSSL 4:1b0d80432c79 261 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 262 static int wc_AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in,
wolfSSL 4:1b0d80432c79 263 word32 length);
wolfSSL 4:1b0d80432c79 264 #endif /* HAVE_AES_DECRYPT */
wolfSSL 4:1b0d80432c79 265 #endif /* HAVE_AES_CBC */
wolfSSL 4:1b0d80432c79 266 #elif defined(WOLFSSL_NRF51_AES)
wolfSSL 4:1b0d80432c79 267 /* Use built-in AES hardware - AES 128 ECB Encrypt Only */
wolfSSL 4:1b0d80432c79 268 #include "wolfssl/wolfcrypt/port/nrf51.h"
wolfSSL 4:1b0d80432c79 269
wolfSSL 4:1b0d80432c79 270 static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
wolfSSL 4:1b0d80432c79 271 {
wolfSSL 4:1b0d80432c79 272 return nrf51_aes_encrypt(inBlock, (byte*)aes->key, aes->rounds, outBlock);
wolfSSL 4:1b0d80432c79 273 }
wolfSSL 4:1b0d80432c79 274 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 275 #error nRF51 AES Hardware does not support decrypt
wolfSSL 4:1b0d80432c79 276 #endif /* HAVE_AES_DECRYPT */
wolfSSL 4:1b0d80432c79 277
wolfSSL 4:1b0d80432c79 278 #else
wolfSSL 4:1b0d80432c79 279
wolfSSL 4:1b0d80432c79 280 /* using wolfCrypt software AES implementation */
wolfSSL 4:1b0d80432c79 281 #define NEED_AES_TABLES
wolfSSL 4:1b0d80432c79 282 #endif
wolfSSL 4:1b0d80432c79 283
wolfSSL 4:1b0d80432c79 284
wolfSSL 4:1b0d80432c79 285 #ifdef NEED_AES_TABLES
wolfSSL 4:1b0d80432c79 286
wolfSSL 4:1b0d80432c79 287 static const word32 rcon[] = {
wolfSSL 4:1b0d80432c79 288 0x01000000, 0x02000000, 0x04000000, 0x08000000,
wolfSSL 4:1b0d80432c79 289 0x10000000, 0x20000000, 0x40000000, 0x80000000,
wolfSSL 4:1b0d80432c79 290 0x1B000000, 0x36000000,
wolfSSL 4:1b0d80432c79 291 /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
wolfSSL 4:1b0d80432c79 292 };
wolfSSL 4:1b0d80432c79 293
wolfSSL 4:1b0d80432c79 294 static const word32 Te[5][256] = {
wolfSSL 4:1b0d80432c79 295 {
wolfSSL 4:1b0d80432c79 296 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
wolfSSL 4:1b0d80432c79 297 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
wolfSSL 4:1b0d80432c79 298 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
wolfSSL 4:1b0d80432c79 299 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
wolfSSL 4:1b0d80432c79 300 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
wolfSSL 4:1b0d80432c79 301 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
wolfSSL 4:1b0d80432c79 302 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
wolfSSL 4:1b0d80432c79 303 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
wolfSSL 4:1b0d80432c79 304 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
wolfSSL 4:1b0d80432c79 305 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
wolfSSL 4:1b0d80432c79 306 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
wolfSSL 4:1b0d80432c79 307 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
wolfSSL 4:1b0d80432c79 308 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
wolfSSL 4:1b0d80432c79 309 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
wolfSSL 4:1b0d80432c79 310 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
wolfSSL 4:1b0d80432c79 311 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
wolfSSL 4:1b0d80432c79 312 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
wolfSSL 4:1b0d80432c79 313 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
wolfSSL 4:1b0d80432c79 314 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
wolfSSL 4:1b0d80432c79 315 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
wolfSSL 4:1b0d80432c79 316 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
wolfSSL 4:1b0d80432c79 317 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
wolfSSL 4:1b0d80432c79 318 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
wolfSSL 4:1b0d80432c79 319 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
wolfSSL 4:1b0d80432c79 320 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
wolfSSL 4:1b0d80432c79 321 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
wolfSSL 4:1b0d80432c79 322 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
wolfSSL 4:1b0d80432c79 323 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
wolfSSL 4:1b0d80432c79 324 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
wolfSSL 4:1b0d80432c79 325 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
wolfSSL 4:1b0d80432c79 326 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
wolfSSL 4:1b0d80432c79 327 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
wolfSSL 4:1b0d80432c79 328 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
wolfSSL 4:1b0d80432c79 329 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
wolfSSL 4:1b0d80432c79 330 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
wolfSSL 4:1b0d80432c79 331 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
wolfSSL 4:1b0d80432c79 332 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
wolfSSL 4:1b0d80432c79 333 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
wolfSSL 4:1b0d80432c79 334 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
wolfSSL 4:1b0d80432c79 335 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
wolfSSL 4:1b0d80432c79 336 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
wolfSSL 4:1b0d80432c79 337 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
wolfSSL 4:1b0d80432c79 338 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
wolfSSL 4:1b0d80432c79 339 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
wolfSSL 4:1b0d80432c79 340 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
wolfSSL 4:1b0d80432c79 341 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
wolfSSL 4:1b0d80432c79 342 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
wolfSSL 4:1b0d80432c79 343 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
wolfSSL 4:1b0d80432c79 344 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
wolfSSL 4:1b0d80432c79 345 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
wolfSSL 4:1b0d80432c79 346 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
wolfSSL 4:1b0d80432c79 347 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
wolfSSL 4:1b0d80432c79 348 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
wolfSSL 4:1b0d80432c79 349 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
wolfSSL 4:1b0d80432c79 350 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
wolfSSL 4:1b0d80432c79 351 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
wolfSSL 4:1b0d80432c79 352 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
wolfSSL 4:1b0d80432c79 353 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
wolfSSL 4:1b0d80432c79 354 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
wolfSSL 4:1b0d80432c79 355 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
wolfSSL 4:1b0d80432c79 356 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
wolfSSL 4:1b0d80432c79 357 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
wolfSSL 4:1b0d80432c79 358 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
wolfSSL 4:1b0d80432c79 359 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
wolfSSL 4:1b0d80432c79 360 },
wolfSSL 4:1b0d80432c79 361 {
wolfSSL 4:1b0d80432c79 362 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
wolfSSL 4:1b0d80432c79 363 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
wolfSSL 4:1b0d80432c79 364 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
wolfSSL 4:1b0d80432c79 365 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
wolfSSL 4:1b0d80432c79 366 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
wolfSSL 4:1b0d80432c79 367 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
wolfSSL 4:1b0d80432c79 368 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
wolfSSL 4:1b0d80432c79 369 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
wolfSSL 4:1b0d80432c79 370 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
wolfSSL 4:1b0d80432c79 371 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
wolfSSL 4:1b0d80432c79 372 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
wolfSSL 4:1b0d80432c79 373 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
wolfSSL 4:1b0d80432c79 374 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
wolfSSL 4:1b0d80432c79 375 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
wolfSSL 4:1b0d80432c79 376 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
wolfSSL 4:1b0d80432c79 377 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
wolfSSL 4:1b0d80432c79 378 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
wolfSSL 4:1b0d80432c79 379 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
wolfSSL 4:1b0d80432c79 380 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
wolfSSL 4:1b0d80432c79 381 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
wolfSSL 4:1b0d80432c79 382 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
wolfSSL 4:1b0d80432c79 383 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
wolfSSL 4:1b0d80432c79 384 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
wolfSSL 4:1b0d80432c79 385 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
wolfSSL 4:1b0d80432c79 386 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
wolfSSL 4:1b0d80432c79 387 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
wolfSSL 4:1b0d80432c79 388 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
wolfSSL 4:1b0d80432c79 389 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
wolfSSL 4:1b0d80432c79 390 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
wolfSSL 4:1b0d80432c79 391 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
wolfSSL 4:1b0d80432c79 392 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
wolfSSL 4:1b0d80432c79 393 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
wolfSSL 4:1b0d80432c79 394 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
wolfSSL 4:1b0d80432c79 395 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
wolfSSL 4:1b0d80432c79 396 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
wolfSSL 4:1b0d80432c79 397 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
wolfSSL 4:1b0d80432c79 398 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
wolfSSL 4:1b0d80432c79 399 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
wolfSSL 4:1b0d80432c79 400 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
wolfSSL 4:1b0d80432c79 401 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
wolfSSL 4:1b0d80432c79 402 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
wolfSSL 4:1b0d80432c79 403 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
wolfSSL 4:1b0d80432c79 404 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
wolfSSL 4:1b0d80432c79 405 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
wolfSSL 4:1b0d80432c79 406 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
wolfSSL 4:1b0d80432c79 407 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
wolfSSL 4:1b0d80432c79 408 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
wolfSSL 4:1b0d80432c79 409 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
wolfSSL 4:1b0d80432c79 410 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
wolfSSL 4:1b0d80432c79 411 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
wolfSSL 4:1b0d80432c79 412 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
wolfSSL 4:1b0d80432c79 413 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
wolfSSL 4:1b0d80432c79 414 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
wolfSSL 4:1b0d80432c79 415 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
wolfSSL 4:1b0d80432c79 416 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
wolfSSL 4:1b0d80432c79 417 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
wolfSSL 4:1b0d80432c79 418 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
wolfSSL 4:1b0d80432c79 419 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
wolfSSL 4:1b0d80432c79 420 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
wolfSSL 4:1b0d80432c79 421 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
wolfSSL 4:1b0d80432c79 422 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
wolfSSL 4:1b0d80432c79 423 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
wolfSSL 4:1b0d80432c79 424 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
wolfSSL 4:1b0d80432c79 425 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
wolfSSL 4:1b0d80432c79 426 },
wolfSSL 4:1b0d80432c79 427 {
wolfSSL 4:1b0d80432c79 428 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
wolfSSL 4:1b0d80432c79 429 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
wolfSSL 4:1b0d80432c79 430 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
wolfSSL 4:1b0d80432c79 431 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
wolfSSL 4:1b0d80432c79 432 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
wolfSSL 4:1b0d80432c79 433 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
wolfSSL 4:1b0d80432c79 434 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
wolfSSL 4:1b0d80432c79 435 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
wolfSSL 4:1b0d80432c79 436 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
wolfSSL 4:1b0d80432c79 437 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
wolfSSL 4:1b0d80432c79 438 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
wolfSSL 4:1b0d80432c79 439 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
wolfSSL 4:1b0d80432c79 440 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
wolfSSL 4:1b0d80432c79 441 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
wolfSSL 4:1b0d80432c79 442 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
wolfSSL 4:1b0d80432c79 443 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
wolfSSL 4:1b0d80432c79 444 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
wolfSSL 4:1b0d80432c79 445 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
wolfSSL 4:1b0d80432c79 446 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
wolfSSL 4:1b0d80432c79 447 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
wolfSSL 4:1b0d80432c79 448 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
wolfSSL 4:1b0d80432c79 449 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
wolfSSL 4:1b0d80432c79 450 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
wolfSSL 4:1b0d80432c79 451 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
wolfSSL 4:1b0d80432c79 452 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
wolfSSL 4:1b0d80432c79 453 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
wolfSSL 4:1b0d80432c79 454 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
wolfSSL 4:1b0d80432c79 455 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
wolfSSL 4:1b0d80432c79 456 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
wolfSSL 4:1b0d80432c79 457 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
wolfSSL 4:1b0d80432c79 458 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
wolfSSL 4:1b0d80432c79 459 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
wolfSSL 4:1b0d80432c79 460 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
wolfSSL 4:1b0d80432c79 461 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
wolfSSL 4:1b0d80432c79 462 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
wolfSSL 4:1b0d80432c79 463 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
wolfSSL 4:1b0d80432c79 464 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
wolfSSL 4:1b0d80432c79 465 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
wolfSSL 4:1b0d80432c79 466 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
wolfSSL 4:1b0d80432c79 467 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
wolfSSL 4:1b0d80432c79 468 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
wolfSSL 4:1b0d80432c79 469 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
wolfSSL 4:1b0d80432c79 470 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
wolfSSL 4:1b0d80432c79 471 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
wolfSSL 4:1b0d80432c79 472 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
wolfSSL 4:1b0d80432c79 473 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
wolfSSL 4:1b0d80432c79 474 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
wolfSSL 4:1b0d80432c79 475 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
wolfSSL 4:1b0d80432c79 476 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
wolfSSL 4:1b0d80432c79 477 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
wolfSSL 4:1b0d80432c79 478 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
wolfSSL 4:1b0d80432c79 479 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
wolfSSL 4:1b0d80432c79 480 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
wolfSSL 4:1b0d80432c79 481 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
wolfSSL 4:1b0d80432c79 482 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
wolfSSL 4:1b0d80432c79 483 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
wolfSSL 4:1b0d80432c79 484 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
wolfSSL 4:1b0d80432c79 485 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
wolfSSL 4:1b0d80432c79 486 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
wolfSSL 4:1b0d80432c79 487 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
wolfSSL 4:1b0d80432c79 488 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
wolfSSL 4:1b0d80432c79 489 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
wolfSSL 4:1b0d80432c79 490 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
wolfSSL 4:1b0d80432c79 491 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
wolfSSL 4:1b0d80432c79 492 },
wolfSSL 4:1b0d80432c79 493 {
wolfSSL 4:1b0d80432c79 494 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
wolfSSL 4:1b0d80432c79 495 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
wolfSSL 4:1b0d80432c79 496 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
wolfSSL 4:1b0d80432c79 497 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
wolfSSL 4:1b0d80432c79 498 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
wolfSSL 4:1b0d80432c79 499 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
wolfSSL 4:1b0d80432c79 500 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
wolfSSL 4:1b0d80432c79 501 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
wolfSSL 4:1b0d80432c79 502 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
wolfSSL 4:1b0d80432c79 503 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
wolfSSL 4:1b0d80432c79 504 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
wolfSSL 4:1b0d80432c79 505 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
wolfSSL 4:1b0d80432c79 506 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
wolfSSL 4:1b0d80432c79 507 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
wolfSSL 4:1b0d80432c79 508 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
wolfSSL 4:1b0d80432c79 509 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
wolfSSL 4:1b0d80432c79 510 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
wolfSSL 4:1b0d80432c79 511 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
wolfSSL 4:1b0d80432c79 512 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
wolfSSL 4:1b0d80432c79 513 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
wolfSSL 4:1b0d80432c79 514 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
wolfSSL 4:1b0d80432c79 515 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
wolfSSL 4:1b0d80432c79 516 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
wolfSSL 4:1b0d80432c79 517 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
wolfSSL 4:1b0d80432c79 518 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
wolfSSL 4:1b0d80432c79 519 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
wolfSSL 4:1b0d80432c79 520 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
wolfSSL 4:1b0d80432c79 521 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
wolfSSL 4:1b0d80432c79 522 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
wolfSSL 4:1b0d80432c79 523 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
wolfSSL 4:1b0d80432c79 524 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
wolfSSL 4:1b0d80432c79 525 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
wolfSSL 4:1b0d80432c79 526 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
wolfSSL 4:1b0d80432c79 527 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
wolfSSL 4:1b0d80432c79 528 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
wolfSSL 4:1b0d80432c79 529 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
wolfSSL 4:1b0d80432c79 530 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
wolfSSL 4:1b0d80432c79 531 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
wolfSSL 4:1b0d80432c79 532 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
wolfSSL 4:1b0d80432c79 533 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
wolfSSL 4:1b0d80432c79 534 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
wolfSSL 4:1b0d80432c79 535 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
wolfSSL 4:1b0d80432c79 536 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
wolfSSL 4:1b0d80432c79 537 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
wolfSSL 4:1b0d80432c79 538 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
wolfSSL 4:1b0d80432c79 539 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
wolfSSL 4:1b0d80432c79 540 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
wolfSSL 4:1b0d80432c79 541 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
wolfSSL 4:1b0d80432c79 542 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
wolfSSL 4:1b0d80432c79 543 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
wolfSSL 4:1b0d80432c79 544 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
wolfSSL 4:1b0d80432c79 545 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
wolfSSL 4:1b0d80432c79 546 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
wolfSSL 4:1b0d80432c79 547 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
wolfSSL 4:1b0d80432c79 548 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
wolfSSL 4:1b0d80432c79 549 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
wolfSSL 4:1b0d80432c79 550 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
wolfSSL 4:1b0d80432c79 551 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
wolfSSL 4:1b0d80432c79 552 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
wolfSSL 4:1b0d80432c79 553 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
wolfSSL 4:1b0d80432c79 554 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
wolfSSL 4:1b0d80432c79 555 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
wolfSSL 4:1b0d80432c79 556 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
wolfSSL 4:1b0d80432c79 557 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
wolfSSL 4:1b0d80432c79 558 },
wolfSSL 4:1b0d80432c79 559 {
wolfSSL 4:1b0d80432c79 560 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
wolfSSL 4:1b0d80432c79 561 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
wolfSSL 4:1b0d80432c79 562 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
wolfSSL 4:1b0d80432c79 563 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
wolfSSL 4:1b0d80432c79 564 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
wolfSSL 4:1b0d80432c79 565 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
wolfSSL 4:1b0d80432c79 566 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
wolfSSL 4:1b0d80432c79 567 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
wolfSSL 4:1b0d80432c79 568 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
wolfSSL 4:1b0d80432c79 569 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
wolfSSL 4:1b0d80432c79 570 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
wolfSSL 4:1b0d80432c79 571 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
wolfSSL 4:1b0d80432c79 572 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
wolfSSL 4:1b0d80432c79 573 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
wolfSSL 4:1b0d80432c79 574 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
wolfSSL 4:1b0d80432c79 575 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
wolfSSL 4:1b0d80432c79 576 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
wolfSSL 4:1b0d80432c79 577 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
wolfSSL 4:1b0d80432c79 578 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
wolfSSL 4:1b0d80432c79 579 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
wolfSSL 4:1b0d80432c79 580 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
wolfSSL 4:1b0d80432c79 581 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
wolfSSL 4:1b0d80432c79 582 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
wolfSSL 4:1b0d80432c79 583 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
wolfSSL 4:1b0d80432c79 584 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
wolfSSL 4:1b0d80432c79 585 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
wolfSSL 4:1b0d80432c79 586 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
wolfSSL 4:1b0d80432c79 587 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
wolfSSL 4:1b0d80432c79 588 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
wolfSSL 4:1b0d80432c79 589 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
wolfSSL 4:1b0d80432c79 590 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
wolfSSL 4:1b0d80432c79 591 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
wolfSSL 4:1b0d80432c79 592 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
wolfSSL 4:1b0d80432c79 593 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
wolfSSL 4:1b0d80432c79 594 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
wolfSSL 4:1b0d80432c79 595 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
wolfSSL 4:1b0d80432c79 596 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
wolfSSL 4:1b0d80432c79 597 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
wolfSSL 4:1b0d80432c79 598 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
wolfSSL 4:1b0d80432c79 599 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
wolfSSL 4:1b0d80432c79 600 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
wolfSSL 4:1b0d80432c79 601 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
wolfSSL 4:1b0d80432c79 602 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
wolfSSL 4:1b0d80432c79 603 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
wolfSSL 4:1b0d80432c79 604 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
wolfSSL 4:1b0d80432c79 605 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
wolfSSL 4:1b0d80432c79 606 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
wolfSSL 4:1b0d80432c79 607 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
wolfSSL 4:1b0d80432c79 608 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
wolfSSL 4:1b0d80432c79 609 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
wolfSSL 4:1b0d80432c79 610 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
wolfSSL 4:1b0d80432c79 611 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
wolfSSL 4:1b0d80432c79 612 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
wolfSSL 4:1b0d80432c79 613 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
wolfSSL 4:1b0d80432c79 614 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
wolfSSL 4:1b0d80432c79 615 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
wolfSSL 4:1b0d80432c79 616 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
wolfSSL 4:1b0d80432c79 617 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
wolfSSL 4:1b0d80432c79 618 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
wolfSSL 4:1b0d80432c79 619 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
wolfSSL 4:1b0d80432c79 620 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
wolfSSL 4:1b0d80432c79 621 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
wolfSSL 4:1b0d80432c79 622 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
wolfSSL 4:1b0d80432c79 623 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
wolfSSL 4:1b0d80432c79 624 }
wolfSSL 4:1b0d80432c79 625 };
wolfSSL 4:1b0d80432c79 626
wolfSSL 4:1b0d80432c79 627 static const word32 Td[5][256] = {
wolfSSL 4:1b0d80432c79 628 {
wolfSSL 4:1b0d80432c79 629 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
wolfSSL 4:1b0d80432c79 630 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
wolfSSL 4:1b0d80432c79 631 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
wolfSSL 4:1b0d80432c79 632 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
wolfSSL 4:1b0d80432c79 633 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
wolfSSL 4:1b0d80432c79 634 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
wolfSSL 4:1b0d80432c79 635 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
wolfSSL 4:1b0d80432c79 636 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
wolfSSL 4:1b0d80432c79 637 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
wolfSSL 4:1b0d80432c79 638 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
wolfSSL 4:1b0d80432c79 639 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
wolfSSL 4:1b0d80432c79 640 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
wolfSSL 4:1b0d80432c79 641 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
wolfSSL 4:1b0d80432c79 642 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
wolfSSL 4:1b0d80432c79 643 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
wolfSSL 4:1b0d80432c79 644 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
wolfSSL 4:1b0d80432c79 645 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
wolfSSL 4:1b0d80432c79 646 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
wolfSSL 4:1b0d80432c79 647 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
wolfSSL 4:1b0d80432c79 648 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
wolfSSL 4:1b0d80432c79 649 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
wolfSSL 4:1b0d80432c79 650 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
wolfSSL 4:1b0d80432c79 651 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
wolfSSL 4:1b0d80432c79 652 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
wolfSSL 4:1b0d80432c79 653 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
wolfSSL 4:1b0d80432c79 654 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
wolfSSL 4:1b0d80432c79 655 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
wolfSSL 4:1b0d80432c79 656 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
wolfSSL 4:1b0d80432c79 657 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
wolfSSL 4:1b0d80432c79 658 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
wolfSSL 4:1b0d80432c79 659 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
wolfSSL 4:1b0d80432c79 660 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
wolfSSL 4:1b0d80432c79 661 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
wolfSSL 4:1b0d80432c79 662 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
wolfSSL 4:1b0d80432c79 663 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
wolfSSL 4:1b0d80432c79 664 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
wolfSSL 4:1b0d80432c79 665 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
wolfSSL 4:1b0d80432c79 666 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
wolfSSL 4:1b0d80432c79 667 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
wolfSSL 4:1b0d80432c79 668 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
wolfSSL 4:1b0d80432c79 669 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
wolfSSL 4:1b0d80432c79 670 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
wolfSSL 4:1b0d80432c79 671 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
wolfSSL 4:1b0d80432c79 672 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
wolfSSL 4:1b0d80432c79 673 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
wolfSSL 4:1b0d80432c79 674 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
wolfSSL 4:1b0d80432c79 675 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
wolfSSL 4:1b0d80432c79 676 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
wolfSSL 4:1b0d80432c79 677 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
wolfSSL 4:1b0d80432c79 678 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
wolfSSL 4:1b0d80432c79 679 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
wolfSSL 4:1b0d80432c79 680 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
wolfSSL 4:1b0d80432c79 681 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
wolfSSL 4:1b0d80432c79 682 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
wolfSSL 4:1b0d80432c79 683 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
wolfSSL 4:1b0d80432c79 684 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
wolfSSL 4:1b0d80432c79 685 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
wolfSSL 4:1b0d80432c79 686 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
wolfSSL 4:1b0d80432c79 687 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
wolfSSL 4:1b0d80432c79 688 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
wolfSSL 4:1b0d80432c79 689 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
wolfSSL 4:1b0d80432c79 690 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
wolfSSL 4:1b0d80432c79 691 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
wolfSSL 4:1b0d80432c79 692 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
wolfSSL 4:1b0d80432c79 693 },
wolfSSL 4:1b0d80432c79 694 {
wolfSSL 4:1b0d80432c79 695 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
wolfSSL 4:1b0d80432c79 696 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
wolfSSL 4:1b0d80432c79 697 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
wolfSSL 4:1b0d80432c79 698 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
wolfSSL 4:1b0d80432c79 699 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
wolfSSL 4:1b0d80432c79 700 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
wolfSSL 4:1b0d80432c79 701 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
wolfSSL 4:1b0d80432c79 702 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
wolfSSL 4:1b0d80432c79 703 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
wolfSSL 4:1b0d80432c79 704 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
wolfSSL 4:1b0d80432c79 705 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
wolfSSL 4:1b0d80432c79 706 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
wolfSSL 4:1b0d80432c79 707 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
wolfSSL 4:1b0d80432c79 708 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
wolfSSL 4:1b0d80432c79 709 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
wolfSSL 4:1b0d80432c79 710 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
wolfSSL 4:1b0d80432c79 711 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
wolfSSL 4:1b0d80432c79 712 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
wolfSSL 4:1b0d80432c79 713 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
wolfSSL 4:1b0d80432c79 714 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
wolfSSL 4:1b0d80432c79 715 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
wolfSSL 4:1b0d80432c79 716 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
wolfSSL 4:1b0d80432c79 717 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
wolfSSL 4:1b0d80432c79 718 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
wolfSSL 4:1b0d80432c79 719 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
wolfSSL 4:1b0d80432c79 720 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
wolfSSL 4:1b0d80432c79 721 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
wolfSSL 4:1b0d80432c79 722 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
wolfSSL 4:1b0d80432c79 723 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
wolfSSL 4:1b0d80432c79 724 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
wolfSSL 4:1b0d80432c79 725 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
wolfSSL 4:1b0d80432c79 726 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
wolfSSL 4:1b0d80432c79 727 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
wolfSSL 4:1b0d80432c79 728 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
wolfSSL 4:1b0d80432c79 729 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
wolfSSL 4:1b0d80432c79 730 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
wolfSSL 4:1b0d80432c79 731 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
wolfSSL 4:1b0d80432c79 732 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
wolfSSL 4:1b0d80432c79 733 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
wolfSSL 4:1b0d80432c79 734 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
wolfSSL 4:1b0d80432c79 735 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
wolfSSL 4:1b0d80432c79 736 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
wolfSSL 4:1b0d80432c79 737 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
wolfSSL 4:1b0d80432c79 738 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
wolfSSL 4:1b0d80432c79 739 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
wolfSSL 4:1b0d80432c79 740 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
wolfSSL 4:1b0d80432c79 741 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
wolfSSL 4:1b0d80432c79 742 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
wolfSSL 4:1b0d80432c79 743 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
wolfSSL 4:1b0d80432c79 744 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
wolfSSL 4:1b0d80432c79 745 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
wolfSSL 4:1b0d80432c79 746 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
wolfSSL 4:1b0d80432c79 747 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
wolfSSL 4:1b0d80432c79 748 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
wolfSSL 4:1b0d80432c79 749 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
wolfSSL 4:1b0d80432c79 750 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
wolfSSL 4:1b0d80432c79 751 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
wolfSSL 4:1b0d80432c79 752 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
wolfSSL 4:1b0d80432c79 753 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
wolfSSL 4:1b0d80432c79 754 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
wolfSSL 4:1b0d80432c79 755 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
wolfSSL 4:1b0d80432c79 756 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
wolfSSL 4:1b0d80432c79 757 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
wolfSSL 4:1b0d80432c79 758 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
wolfSSL 4:1b0d80432c79 759 },
wolfSSL 4:1b0d80432c79 760 {
wolfSSL 4:1b0d80432c79 761 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
wolfSSL 4:1b0d80432c79 762 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
wolfSSL 4:1b0d80432c79 763 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
wolfSSL 4:1b0d80432c79 764 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
wolfSSL 4:1b0d80432c79 765 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
wolfSSL 4:1b0d80432c79 766 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
wolfSSL 4:1b0d80432c79 767 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
wolfSSL 4:1b0d80432c79 768 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
wolfSSL 4:1b0d80432c79 769 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
wolfSSL 4:1b0d80432c79 770 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
wolfSSL 4:1b0d80432c79 771 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
wolfSSL 4:1b0d80432c79 772 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
wolfSSL 4:1b0d80432c79 773 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
wolfSSL 4:1b0d80432c79 774 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
wolfSSL 4:1b0d80432c79 775 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
wolfSSL 4:1b0d80432c79 776 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
wolfSSL 4:1b0d80432c79 777 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
wolfSSL 4:1b0d80432c79 778 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
wolfSSL 4:1b0d80432c79 779 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
wolfSSL 4:1b0d80432c79 780 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
wolfSSL 4:1b0d80432c79 781
wolfSSL 4:1b0d80432c79 782 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
wolfSSL 4:1b0d80432c79 783 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
wolfSSL 4:1b0d80432c79 784 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
wolfSSL 4:1b0d80432c79 785 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
wolfSSL 4:1b0d80432c79 786 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
wolfSSL 4:1b0d80432c79 787 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
wolfSSL 4:1b0d80432c79 788 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
wolfSSL 4:1b0d80432c79 789 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
wolfSSL 4:1b0d80432c79 790 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
wolfSSL 4:1b0d80432c79 791 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
wolfSSL 4:1b0d80432c79 792 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
wolfSSL 4:1b0d80432c79 793 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
wolfSSL 4:1b0d80432c79 794 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
wolfSSL 4:1b0d80432c79 795 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
wolfSSL 4:1b0d80432c79 796 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
wolfSSL 4:1b0d80432c79 797 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
wolfSSL 4:1b0d80432c79 798 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
wolfSSL 4:1b0d80432c79 799 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
wolfSSL 4:1b0d80432c79 800 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
wolfSSL 4:1b0d80432c79 801 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
wolfSSL 4:1b0d80432c79 802 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
wolfSSL 4:1b0d80432c79 803 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
wolfSSL 4:1b0d80432c79 804 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
wolfSSL 4:1b0d80432c79 805 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
wolfSSL 4:1b0d80432c79 806 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
wolfSSL 4:1b0d80432c79 807 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
wolfSSL 4:1b0d80432c79 808 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
wolfSSL 4:1b0d80432c79 809 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
wolfSSL 4:1b0d80432c79 810 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
wolfSSL 4:1b0d80432c79 811 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
wolfSSL 4:1b0d80432c79 812 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
wolfSSL 4:1b0d80432c79 813 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
wolfSSL 4:1b0d80432c79 814 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
wolfSSL 4:1b0d80432c79 815 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
wolfSSL 4:1b0d80432c79 816 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
wolfSSL 4:1b0d80432c79 817 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
wolfSSL 4:1b0d80432c79 818 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
wolfSSL 4:1b0d80432c79 819 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
wolfSSL 4:1b0d80432c79 820 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
wolfSSL 4:1b0d80432c79 821 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
wolfSSL 4:1b0d80432c79 822 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
wolfSSL 4:1b0d80432c79 823 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
wolfSSL 4:1b0d80432c79 824 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
wolfSSL 4:1b0d80432c79 825 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
wolfSSL 4:1b0d80432c79 826 },
wolfSSL 4:1b0d80432c79 827 {
wolfSSL 4:1b0d80432c79 828 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
wolfSSL 4:1b0d80432c79 829 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
wolfSSL 4:1b0d80432c79 830 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
wolfSSL 4:1b0d80432c79 831 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
wolfSSL 4:1b0d80432c79 832 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
wolfSSL 4:1b0d80432c79 833 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
wolfSSL 4:1b0d80432c79 834 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
wolfSSL 4:1b0d80432c79 835 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
wolfSSL 4:1b0d80432c79 836 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
wolfSSL 4:1b0d80432c79 837 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
wolfSSL 4:1b0d80432c79 838 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
wolfSSL 4:1b0d80432c79 839 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
wolfSSL 4:1b0d80432c79 840 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
wolfSSL 4:1b0d80432c79 841 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
wolfSSL 4:1b0d80432c79 842 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
wolfSSL 4:1b0d80432c79 843 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
wolfSSL 4:1b0d80432c79 844 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
wolfSSL 4:1b0d80432c79 845 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
wolfSSL 4:1b0d80432c79 846 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
wolfSSL 4:1b0d80432c79 847 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
wolfSSL 4:1b0d80432c79 848 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
wolfSSL 4:1b0d80432c79 849 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
wolfSSL 4:1b0d80432c79 850 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
wolfSSL 4:1b0d80432c79 851 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
wolfSSL 4:1b0d80432c79 852 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
wolfSSL 4:1b0d80432c79 853 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
wolfSSL 4:1b0d80432c79 854 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
wolfSSL 4:1b0d80432c79 855 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
wolfSSL 4:1b0d80432c79 856 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
wolfSSL 4:1b0d80432c79 857 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
wolfSSL 4:1b0d80432c79 858 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
wolfSSL 4:1b0d80432c79 859 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
wolfSSL 4:1b0d80432c79 860 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
wolfSSL 4:1b0d80432c79 861 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
wolfSSL 4:1b0d80432c79 862 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
wolfSSL 4:1b0d80432c79 863 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
wolfSSL 4:1b0d80432c79 864 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
wolfSSL 4:1b0d80432c79 865 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
wolfSSL 4:1b0d80432c79 866 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
wolfSSL 4:1b0d80432c79 867 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
wolfSSL 4:1b0d80432c79 868 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
wolfSSL 4:1b0d80432c79 869 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
wolfSSL 4:1b0d80432c79 870 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
wolfSSL 4:1b0d80432c79 871 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
wolfSSL 4:1b0d80432c79 872 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
wolfSSL 4:1b0d80432c79 873 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
wolfSSL 4:1b0d80432c79 874 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
wolfSSL 4:1b0d80432c79 875 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
wolfSSL 4:1b0d80432c79 876 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
wolfSSL 4:1b0d80432c79 877 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
wolfSSL 4:1b0d80432c79 878 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
wolfSSL 4:1b0d80432c79 879 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
wolfSSL 4:1b0d80432c79 880 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
wolfSSL 4:1b0d80432c79 881 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
wolfSSL 4:1b0d80432c79 882 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
wolfSSL 4:1b0d80432c79 883 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
wolfSSL 4:1b0d80432c79 884 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
wolfSSL 4:1b0d80432c79 885 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
wolfSSL 4:1b0d80432c79 886 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
wolfSSL 4:1b0d80432c79 887 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
wolfSSL 4:1b0d80432c79 888 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
wolfSSL 4:1b0d80432c79 889 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
wolfSSL 4:1b0d80432c79 890 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
wolfSSL 4:1b0d80432c79 891 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
wolfSSL 4:1b0d80432c79 892 },
wolfSSL 4:1b0d80432c79 893 {
wolfSSL 4:1b0d80432c79 894 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
wolfSSL 4:1b0d80432c79 895 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
wolfSSL 4:1b0d80432c79 896 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
wolfSSL 4:1b0d80432c79 897 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
wolfSSL 4:1b0d80432c79 898 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
wolfSSL 4:1b0d80432c79 899 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
wolfSSL 4:1b0d80432c79 900 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
wolfSSL 4:1b0d80432c79 901 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
wolfSSL 4:1b0d80432c79 902 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
wolfSSL 4:1b0d80432c79 903 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
wolfSSL 4:1b0d80432c79 904 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
wolfSSL 4:1b0d80432c79 905 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
wolfSSL 4:1b0d80432c79 906 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
wolfSSL 4:1b0d80432c79 907 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
wolfSSL 4:1b0d80432c79 908 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
wolfSSL 4:1b0d80432c79 909 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
wolfSSL 4:1b0d80432c79 910 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
wolfSSL 4:1b0d80432c79 911 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
wolfSSL 4:1b0d80432c79 912 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
wolfSSL 4:1b0d80432c79 913 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
wolfSSL 4:1b0d80432c79 914 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
wolfSSL 4:1b0d80432c79 915 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
wolfSSL 4:1b0d80432c79 916 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
wolfSSL 4:1b0d80432c79 917 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
wolfSSL 4:1b0d80432c79 918 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
wolfSSL 4:1b0d80432c79 919 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
wolfSSL 4:1b0d80432c79 920 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
wolfSSL 4:1b0d80432c79 921 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
wolfSSL 4:1b0d80432c79 922 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
wolfSSL 4:1b0d80432c79 923 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
wolfSSL 4:1b0d80432c79 924 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
wolfSSL 4:1b0d80432c79 925 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
wolfSSL 4:1b0d80432c79 926 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
wolfSSL 4:1b0d80432c79 927 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
wolfSSL 4:1b0d80432c79 928 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
wolfSSL 4:1b0d80432c79 929 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
wolfSSL 4:1b0d80432c79 930 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
wolfSSL 4:1b0d80432c79 931 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
wolfSSL 4:1b0d80432c79 932 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
wolfSSL 4:1b0d80432c79 933 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
wolfSSL 4:1b0d80432c79 934 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
wolfSSL 4:1b0d80432c79 935 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
wolfSSL 4:1b0d80432c79 936 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
wolfSSL 4:1b0d80432c79 937 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
wolfSSL 4:1b0d80432c79 938 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
wolfSSL 4:1b0d80432c79 939 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
wolfSSL 4:1b0d80432c79 940 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
wolfSSL 4:1b0d80432c79 941 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
wolfSSL 4:1b0d80432c79 942 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
wolfSSL 4:1b0d80432c79 943 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
wolfSSL 4:1b0d80432c79 944 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
wolfSSL 4:1b0d80432c79 945 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
wolfSSL 4:1b0d80432c79 946 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
wolfSSL 4:1b0d80432c79 947 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
wolfSSL 4:1b0d80432c79 948 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
wolfSSL 4:1b0d80432c79 949 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
wolfSSL 4:1b0d80432c79 950 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
wolfSSL 4:1b0d80432c79 951 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
wolfSSL 4:1b0d80432c79 952 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
wolfSSL 4:1b0d80432c79 953 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
wolfSSL 4:1b0d80432c79 954 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
wolfSSL 4:1b0d80432c79 955 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
wolfSSL 4:1b0d80432c79 956 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
wolfSSL 4:1b0d80432c79 957 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
wolfSSL 4:1b0d80432c79 958 }
wolfSSL 4:1b0d80432c79 959 };
wolfSSL 4:1b0d80432c79 960
wolfSSL 4:1b0d80432c79 961 #define GETBYTE(x, y) (word32)((byte)((x) >> (8 * (y))))
wolfSSL 4:1b0d80432c79 962
wolfSSL 4:1b0d80432c79 963
wolfSSL 4:1b0d80432c79 964 #ifdef WOLFSSL_AESNI
wolfSSL 4:1b0d80432c79 965
wolfSSL 4:1b0d80432c79 966 /* Each platform needs to query info type 1 from cpuid to see if aesni is
wolfSSL 4:1b0d80432c79 967 * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
wolfSSL 4:1b0d80432c79 968 */
wolfSSL 4:1b0d80432c79 969
wolfSSL 4:1b0d80432c79 970 #ifndef _MSC_VER
wolfSSL 4:1b0d80432c79 971
wolfSSL 4:1b0d80432c79 972 #define cpuid(reg, func)\
wolfSSL 4:1b0d80432c79 973 __asm__ __volatile__ ("cpuid":\
wolfSSL 4:1b0d80432c79 974 "=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\
wolfSSL 4:1b0d80432c79 975 "a" (func));
wolfSSL 4:1b0d80432c79 976
wolfSSL 4:1b0d80432c79 977 #define XASM_LINK(f) asm(f)
wolfSSL 4:1b0d80432c79 978 #else
wolfSSL 4:1b0d80432c79 979
wolfSSL 4:1b0d80432c79 980 #include <intrin.h>
wolfSSL 4:1b0d80432c79 981 #define cpuid(a,b) __cpuid((int*)a,b)
wolfSSL 4:1b0d80432c79 982
wolfSSL 4:1b0d80432c79 983 #define XASM_LINK(f)
wolfSSL 4:1b0d80432c79 984
wolfSSL 4:1b0d80432c79 985 #endif /* _MSC_VER */
wolfSSL 4:1b0d80432c79 986
wolfSSL 4:1b0d80432c79 987
wolfSSL 4:1b0d80432c79 988 static int Check_CPU_support_AES(void)
wolfSSL 4:1b0d80432c79 989 {
wolfSSL 4:1b0d80432c79 990 unsigned int reg[4]; /* put a,b,c,d into 0,1,2,3 */
wolfSSL 4:1b0d80432c79 991 cpuid(reg, 1); /* query info 1 */
wolfSSL 4:1b0d80432c79 992
wolfSSL 4:1b0d80432c79 993 if (reg[2] & 0x2000000)
wolfSSL 4:1b0d80432c79 994 return 1;
wolfSSL 4:1b0d80432c79 995
wolfSSL 4:1b0d80432c79 996 return 0;
wolfSSL 4:1b0d80432c79 997 }
wolfSSL 4:1b0d80432c79 998
wolfSSL 4:1b0d80432c79 999 static int checkAESNI = 0;
wolfSSL 4:1b0d80432c79 1000 static int haveAESNI = 0;
wolfSSL 4:1b0d80432c79 1001
wolfSSL 4:1b0d80432c79 1002
wolfSSL 4:1b0d80432c79 1003 /* tell C compiler these are asm functions in case any mix up of ABI underscore
wolfSSL 4:1b0d80432c79 1004 prefix between clang/gcc/llvm etc */
wolfSSL 4:1b0d80432c79 1005 #ifdef HAVE_AES_CBC
wolfSSL 4:1b0d80432c79 1006 void AES_CBC_encrypt(const unsigned char* in, unsigned char* out,
wolfSSL 4:1b0d80432c79 1007 unsigned char* ivec, unsigned long length,
wolfSSL 4:1b0d80432c79 1008 const unsigned char* KS, int nr)
wolfSSL 4:1b0d80432c79 1009 XASM_LINK("AES_CBC_encrypt");
wolfSSL 4:1b0d80432c79 1010
wolfSSL 4:1b0d80432c79 1011 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 1012 void AES_CBC_decrypt(const unsigned char* in, unsigned char* out,
wolfSSL 4:1b0d80432c79 1013 unsigned char* ivec, unsigned long length,
wolfSSL 4:1b0d80432c79 1014 const unsigned char* KS, int nr)
wolfSSL 4:1b0d80432c79 1015 XASM_LINK("AES_CBC_decrypt");
wolfSSL 4:1b0d80432c79 1016 #endif /* HAVE_AES_DECRYPT */
wolfSSL 4:1b0d80432c79 1017 #endif /* HAVE_AES_CBC */
wolfSSL 4:1b0d80432c79 1018
wolfSSL 4:1b0d80432c79 1019 void AES_ECB_encrypt(const unsigned char* in, unsigned char* out,
wolfSSL 4:1b0d80432c79 1020 unsigned long length, const unsigned char* KS, int nr)
wolfSSL 4:1b0d80432c79 1021 XASM_LINK("AES_ECB_encrypt");
wolfSSL 4:1b0d80432c79 1022
wolfSSL 4:1b0d80432c79 1023 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 1024 void AES_ECB_decrypt(const unsigned char* in, unsigned char* out,
wolfSSL 4:1b0d80432c79 1025 unsigned long length, const unsigned char* KS, int nr)
wolfSSL 4:1b0d80432c79 1026 XASM_LINK("AES_ECB_decrypt");
wolfSSL 4:1b0d80432c79 1027 #endif
wolfSSL 4:1b0d80432c79 1028
wolfSSL 4:1b0d80432c79 1029 void AES_128_Key_Expansion(const unsigned char* userkey,
wolfSSL 4:1b0d80432c79 1030 unsigned char* key_schedule)
wolfSSL 4:1b0d80432c79 1031 XASM_LINK("AES_128_Key_Expansion");
wolfSSL 4:1b0d80432c79 1032
wolfSSL 4:1b0d80432c79 1033 void AES_192_Key_Expansion(const unsigned char* userkey,
wolfSSL 4:1b0d80432c79 1034 unsigned char* key_schedule)
wolfSSL 4:1b0d80432c79 1035 XASM_LINK("AES_192_Key_Expansion");
wolfSSL 4:1b0d80432c79 1036
wolfSSL 4:1b0d80432c79 1037 void AES_256_Key_Expansion(const unsigned char* userkey,
wolfSSL 4:1b0d80432c79 1038 unsigned char* key_schedule)
wolfSSL 4:1b0d80432c79 1039 XASM_LINK("AES_256_Key_Expansion");
wolfSSL 4:1b0d80432c79 1040
wolfSSL 4:1b0d80432c79 1041
wolfSSL 4:1b0d80432c79 1042 static int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
wolfSSL 4:1b0d80432c79 1043 Aes* aes)
wolfSSL 4:1b0d80432c79 1044 {
wolfSSL 4:1b0d80432c79 1045 if (!userKey || !aes)
wolfSSL 4:1b0d80432c79 1046 return BAD_FUNC_ARG;
wolfSSL 4:1b0d80432c79 1047
wolfSSL 4:1b0d80432c79 1048 if (bits == 128) {
wolfSSL 4:1b0d80432c79 1049 AES_128_Key_Expansion (userKey,(byte*)aes->key); aes->rounds = 10;
wolfSSL 4:1b0d80432c79 1050 return 0;
wolfSSL 4:1b0d80432c79 1051 }
wolfSSL 4:1b0d80432c79 1052 else if (bits == 192) {
wolfSSL 4:1b0d80432c79 1053 AES_192_Key_Expansion (userKey,(byte*)aes->key); aes->rounds = 12;
wolfSSL 4:1b0d80432c79 1054 return 0;
wolfSSL 4:1b0d80432c79 1055 }
wolfSSL 4:1b0d80432c79 1056 else if (bits == 256) {
wolfSSL 4:1b0d80432c79 1057 AES_256_Key_Expansion (userKey,(byte*)aes->key); aes->rounds = 14;
wolfSSL 4:1b0d80432c79 1058 return 0;
wolfSSL 4:1b0d80432c79 1059 }
wolfSSL 4:1b0d80432c79 1060 return BAD_FUNC_ARG;
wolfSSL 4:1b0d80432c79 1061 }
wolfSSL 4:1b0d80432c79 1062
wolfSSL 4:1b0d80432c79 1063 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 1064 static int AES_set_decrypt_key(const unsigned char* userKey, const int bits,
wolfSSL 4:1b0d80432c79 1065 Aes* aes)
wolfSSL 4:1b0d80432c79 1066 {
wolfSSL 4:1b0d80432c79 1067 int nr;
wolfSSL 4:1b0d80432c79 1068 Aes temp_key;
wolfSSL 4:1b0d80432c79 1069 __m128i *Key_Schedule = (__m128i*)aes->key;
wolfSSL 4:1b0d80432c79 1070 __m128i *Temp_Key_Schedule = (__m128i*)temp_key.key;
wolfSSL 4:1b0d80432c79 1071
wolfSSL 4:1b0d80432c79 1072 if (!userKey || !aes)
wolfSSL 4:1b0d80432c79 1073 return BAD_FUNC_ARG;
wolfSSL 4:1b0d80432c79 1074
wolfSSL 4:1b0d80432c79 1075 if (AES_set_encrypt_key(userKey,bits,&temp_key) == BAD_FUNC_ARG)
wolfSSL 4:1b0d80432c79 1076 return BAD_FUNC_ARG;
wolfSSL 4:1b0d80432c79 1077
wolfSSL 4:1b0d80432c79 1078 nr = temp_key.rounds;
wolfSSL 4:1b0d80432c79 1079 aes->rounds = nr;
wolfSSL 4:1b0d80432c79 1080
wolfSSL 4:1b0d80432c79 1081 Key_Schedule[nr] = Temp_Key_Schedule[0];
wolfSSL 4:1b0d80432c79 1082 Key_Schedule[nr-1] = _mm_aesimc_si128(Temp_Key_Schedule[1]);
wolfSSL 4:1b0d80432c79 1083 Key_Schedule[nr-2] = _mm_aesimc_si128(Temp_Key_Schedule[2]);
wolfSSL 4:1b0d80432c79 1084 Key_Schedule[nr-3] = _mm_aesimc_si128(Temp_Key_Schedule[3]);
wolfSSL 4:1b0d80432c79 1085 Key_Schedule[nr-4] = _mm_aesimc_si128(Temp_Key_Schedule[4]);
wolfSSL 4:1b0d80432c79 1086 Key_Schedule[nr-5] = _mm_aesimc_si128(Temp_Key_Schedule[5]);
wolfSSL 4:1b0d80432c79 1087 Key_Schedule[nr-6] = _mm_aesimc_si128(Temp_Key_Schedule[6]);
wolfSSL 4:1b0d80432c79 1088 Key_Schedule[nr-7] = _mm_aesimc_si128(Temp_Key_Schedule[7]);
wolfSSL 4:1b0d80432c79 1089 Key_Schedule[nr-8] = _mm_aesimc_si128(Temp_Key_Schedule[8]);
wolfSSL 4:1b0d80432c79 1090 Key_Schedule[nr-9] = _mm_aesimc_si128(Temp_Key_Schedule[9]);
wolfSSL 4:1b0d80432c79 1091
wolfSSL 4:1b0d80432c79 1092 if(nr>10) {
wolfSSL 4:1b0d80432c79 1093 Key_Schedule[nr-10] = _mm_aesimc_si128(Temp_Key_Schedule[10]);
wolfSSL 4:1b0d80432c79 1094 Key_Schedule[nr-11] = _mm_aesimc_si128(Temp_Key_Schedule[11]);
wolfSSL 4:1b0d80432c79 1095 }
wolfSSL 4:1b0d80432c79 1096
wolfSSL 4:1b0d80432c79 1097 if(nr>12) {
wolfSSL 4:1b0d80432c79 1098 Key_Schedule[nr-12] = _mm_aesimc_si128(Temp_Key_Schedule[12]);
wolfSSL 4:1b0d80432c79 1099 Key_Schedule[nr-13] = _mm_aesimc_si128(Temp_Key_Schedule[13]);
wolfSSL 4:1b0d80432c79 1100 }
wolfSSL 4:1b0d80432c79 1101
wolfSSL 4:1b0d80432c79 1102 Key_Schedule[0] = Temp_Key_Schedule[nr];
wolfSSL 4:1b0d80432c79 1103
wolfSSL 4:1b0d80432c79 1104 return 0;
wolfSSL 4:1b0d80432c79 1105 }
wolfSSL 4:1b0d80432c79 1106 #endif /* HAVE_AES_DECRYPT */
wolfSSL 4:1b0d80432c79 1107 #endif /* WOLFSSL_AESNI */
wolfSSL 4:1b0d80432c79 1108
wolfSSL 4:1b0d80432c79 1109 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) ||\
wolfSSL 4:1b0d80432c79 1110 defined(HAVE_AESGCM)
wolfSSL 4:1b0d80432c79 1111
wolfSSL 4:1b0d80432c79 1112 static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
wolfSSL 4:1b0d80432c79 1113 {
wolfSSL 4:1b0d80432c79 1114 word32 s0, s1, s2, s3;
wolfSSL 4:1b0d80432c79 1115 word32 t0, t1, t2, t3;
wolfSSL 4:1b0d80432c79 1116 word32 r = aes->rounds >> 1;
wolfSSL 4:1b0d80432c79 1117
wolfSSL 4:1b0d80432c79 1118 const word32* rk = aes->key;
wolfSSL 4:1b0d80432c79 1119 if (r > 7 || r == 0) {
wolfSSL 4:1b0d80432c79 1120 WOLFSSL_MSG("AesEncrypt encountered improper key, set it up");
wolfSSL 4:1b0d80432c79 1121 return; /* stop instead of segfaulting, set up your keys! */
wolfSSL 4:1b0d80432c79 1122 }
wolfSSL 4:1b0d80432c79 1123 #ifdef WOLFSSL_AESNI
wolfSSL 4:1b0d80432c79 1124 if (haveAESNI && aes->use_aesni) {
wolfSSL 4:1b0d80432c79 1125 #ifdef DEBUG_AESNI
wolfSSL 4:1b0d80432c79 1126 printf("about to aes encrypt\n");
wolfSSL 4:1b0d80432c79 1127 printf("in = %p\n", inBlock);
wolfSSL 4:1b0d80432c79 1128 printf("out = %p\n", outBlock);
wolfSSL 4:1b0d80432c79 1129 printf("aes->key = %p\n", aes->key);
wolfSSL 4:1b0d80432c79 1130 printf("aes->rounds = %d\n", aes->rounds);
wolfSSL 4:1b0d80432c79 1131 printf("sz = %d\n", AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 1132 #endif
wolfSSL 4:1b0d80432c79 1133
wolfSSL 4:1b0d80432c79 1134 /* check alignment, decrypt doesn't need alignment */
wolfSSL 4:1b0d80432c79 1135 if ((wolfssl_word)inBlock % 16) {
wolfSSL 4:1b0d80432c79 1136 #ifndef NO_WOLFSSL_ALLOC_ALIGN
wolfSSL 4:1b0d80432c79 1137 byte* tmp = (byte*)XMALLOC(AES_BLOCK_SIZE, NULL,
wolfSSL 4:1b0d80432c79 1138 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 4:1b0d80432c79 1139 if (tmp == NULL) return;
wolfSSL 4:1b0d80432c79 1140
wolfSSL 4:1b0d80432c79 1141 XMEMCPY(tmp, inBlock, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 1142 AES_ECB_encrypt(tmp, tmp, AES_BLOCK_SIZE, (byte*)aes->key,
wolfSSL 4:1b0d80432c79 1143 aes->rounds);
wolfSSL 4:1b0d80432c79 1144 XMEMCPY(outBlock, tmp, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 1145 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 4:1b0d80432c79 1146 return;
wolfSSL 4:1b0d80432c79 1147 #else
wolfSSL 4:1b0d80432c79 1148 WOLFSSL_MSG("AES-ECB encrypt with bad alignment");
wolfSSL 4:1b0d80432c79 1149 return;
wolfSSL 4:1b0d80432c79 1150 #endif
wolfSSL 4:1b0d80432c79 1151 }
wolfSSL 4:1b0d80432c79 1152
wolfSSL 4:1b0d80432c79 1153 AES_ECB_encrypt(inBlock, outBlock, AES_BLOCK_SIZE, (byte*)aes->key,
wolfSSL 4:1b0d80432c79 1154 aes->rounds);
wolfSSL 4:1b0d80432c79 1155
wolfSSL 4:1b0d80432c79 1156 return;
wolfSSL 4:1b0d80432c79 1157 }
wolfSSL 4:1b0d80432c79 1158 else {
wolfSSL 4:1b0d80432c79 1159 #ifdef DEBUG_AESNI
wolfSSL 4:1b0d80432c79 1160 printf("Skipping AES-NI\n");
wolfSSL 4:1b0d80432c79 1161 #endif
wolfSSL 4:1b0d80432c79 1162 }
wolfSSL 4:1b0d80432c79 1163 #endif
wolfSSL 4:1b0d80432c79 1164
wolfSSL 4:1b0d80432c79 1165 /*
wolfSSL 4:1b0d80432c79 1166 * map byte array block to cipher state
wolfSSL 4:1b0d80432c79 1167 * and add initial round key:
wolfSSL 4:1b0d80432c79 1168 */
wolfSSL 4:1b0d80432c79 1169 XMEMCPY(&s0, inBlock, sizeof(s0));
wolfSSL 4:1b0d80432c79 1170 XMEMCPY(&s1, inBlock + sizeof(s0), sizeof(s1));
wolfSSL 4:1b0d80432c79 1171 XMEMCPY(&s2, inBlock + 2 * sizeof(s0), sizeof(s2));
wolfSSL 4:1b0d80432c79 1172 XMEMCPY(&s3, inBlock + 3 * sizeof(s0), sizeof(s3));
wolfSSL 4:1b0d80432c79 1173
wolfSSL 4:1b0d80432c79 1174 #ifdef LITTLE_ENDIAN_ORDER
wolfSSL 4:1b0d80432c79 1175 s0 = ByteReverseWord32(s0);
wolfSSL 4:1b0d80432c79 1176 s1 = ByteReverseWord32(s1);
wolfSSL 4:1b0d80432c79 1177 s2 = ByteReverseWord32(s2);
wolfSSL 4:1b0d80432c79 1178 s3 = ByteReverseWord32(s3);
wolfSSL 4:1b0d80432c79 1179 #endif
wolfSSL 4:1b0d80432c79 1180
wolfSSL 4:1b0d80432c79 1181 s0 ^= rk[0];
wolfSSL 4:1b0d80432c79 1182 s1 ^= rk[1];
wolfSSL 4:1b0d80432c79 1183 s2 ^= rk[2];
wolfSSL 4:1b0d80432c79 1184 s3 ^= rk[3];
wolfSSL 4:1b0d80432c79 1185
wolfSSL 4:1b0d80432c79 1186 /*
wolfSSL 4:1b0d80432c79 1187 * Nr - 1 full rounds:
wolfSSL 4:1b0d80432c79 1188 */
wolfSSL 4:1b0d80432c79 1189
wolfSSL 4:1b0d80432c79 1190 for (;;) {
wolfSSL 4:1b0d80432c79 1191 t0 =
wolfSSL 4:1b0d80432c79 1192 Te[0][GETBYTE(s0, 3)] ^
wolfSSL 4:1b0d80432c79 1193 Te[1][GETBYTE(s1, 2)] ^
wolfSSL 4:1b0d80432c79 1194 Te[2][GETBYTE(s2, 1)] ^
wolfSSL 4:1b0d80432c79 1195 Te[3][GETBYTE(s3, 0)] ^
wolfSSL 4:1b0d80432c79 1196 rk[4];
wolfSSL 4:1b0d80432c79 1197 t1 =
wolfSSL 4:1b0d80432c79 1198 Te[0][GETBYTE(s1, 3)] ^
wolfSSL 4:1b0d80432c79 1199 Te[1][GETBYTE(s2, 2)] ^
wolfSSL 4:1b0d80432c79 1200 Te[2][GETBYTE(s3, 1)] ^
wolfSSL 4:1b0d80432c79 1201 Te[3][GETBYTE(s0, 0)] ^
wolfSSL 4:1b0d80432c79 1202 rk[5];
wolfSSL 4:1b0d80432c79 1203 t2 =
wolfSSL 4:1b0d80432c79 1204 Te[0][GETBYTE(s2, 3)] ^
wolfSSL 4:1b0d80432c79 1205 Te[1][GETBYTE(s3, 2)] ^
wolfSSL 4:1b0d80432c79 1206 Te[2][GETBYTE(s0, 1)] ^
wolfSSL 4:1b0d80432c79 1207 Te[3][GETBYTE(s1, 0)] ^
wolfSSL 4:1b0d80432c79 1208 rk[6];
wolfSSL 4:1b0d80432c79 1209 t3 =
wolfSSL 4:1b0d80432c79 1210 Te[0][GETBYTE(s3, 3)] ^
wolfSSL 4:1b0d80432c79 1211 Te[1][GETBYTE(s0, 2)] ^
wolfSSL 4:1b0d80432c79 1212 Te[2][GETBYTE(s1, 1)] ^
wolfSSL 4:1b0d80432c79 1213 Te[3][GETBYTE(s2, 0)] ^
wolfSSL 4:1b0d80432c79 1214 rk[7];
wolfSSL 4:1b0d80432c79 1215
wolfSSL 4:1b0d80432c79 1216 rk += 8;
wolfSSL 4:1b0d80432c79 1217 if (--r == 0) {
wolfSSL 4:1b0d80432c79 1218 break;
wolfSSL 4:1b0d80432c79 1219 }
wolfSSL 4:1b0d80432c79 1220
wolfSSL 4:1b0d80432c79 1221 s0 =
wolfSSL 4:1b0d80432c79 1222 Te[0][GETBYTE(t0, 3)] ^
wolfSSL 4:1b0d80432c79 1223 Te[1][GETBYTE(t1, 2)] ^
wolfSSL 4:1b0d80432c79 1224 Te[2][GETBYTE(t2, 1)] ^
wolfSSL 4:1b0d80432c79 1225 Te[3][GETBYTE(t3, 0)] ^
wolfSSL 4:1b0d80432c79 1226 rk[0];
wolfSSL 4:1b0d80432c79 1227 s1 =
wolfSSL 4:1b0d80432c79 1228 Te[0][GETBYTE(t1, 3)] ^
wolfSSL 4:1b0d80432c79 1229 Te[1][GETBYTE(t2, 2)] ^
wolfSSL 4:1b0d80432c79 1230 Te[2][GETBYTE(t3, 1)] ^
wolfSSL 4:1b0d80432c79 1231 Te[3][GETBYTE(t0, 0)] ^
wolfSSL 4:1b0d80432c79 1232 rk[1];
wolfSSL 4:1b0d80432c79 1233 s2 =
wolfSSL 4:1b0d80432c79 1234 Te[0][GETBYTE(t2, 3)] ^
wolfSSL 4:1b0d80432c79 1235 Te[1][GETBYTE(t3, 2)] ^
wolfSSL 4:1b0d80432c79 1236 Te[2][GETBYTE(t0, 1)] ^
wolfSSL 4:1b0d80432c79 1237 Te[3][GETBYTE(t1, 0)] ^
wolfSSL 4:1b0d80432c79 1238 rk[2];
wolfSSL 4:1b0d80432c79 1239 s3 =
wolfSSL 4:1b0d80432c79 1240 Te[0][GETBYTE(t3, 3)] ^
wolfSSL 4:1b0d80432c79 1241 Te[1][GETBYTE(t0, 2)] ^
wolfSSL 4:1b0d80432c79 1242 Te[2][GETBYTE(t1, 1)] ^
wolfSSL 4:1b0d80432c79 1243 Te[3][GETBYTE(t2, 0)] ^
wolfSSL 4:1b0d80432c79 1244 rk[3];
wolfSSL 4:1b0d80432c79 1245 }
wolfSSL 4:1b0d80432c79 1246
wolfSSL 4:1b0d80432c79 1247 /*
wolfSSL 4:1b0d80432c79 1248 * apply last round and
wolfSSL 4:1b0d80432c79 1249 * map cipher state to byte array block:
wolfSSL 4:1b0d80432c79 1250 */
wolfSSL 4:1b0d80432c79 1251
wolfSSL 4:1b0d80432c79 1252 s0 =
wolfSSL 4:1b0d80432c79 1253 (Te[4][GETBYTE(t0, 3)] & 0xff000000) ^
wolfSSL 4:1b0d80432c79 1254 (Te[4][GETBYTE(t1, 2)] & 0x00ff0000) ^
wolfSSL 4:1b0d80432c79 1255 (Te[4][GETBYTE(t2, 1)] & 0x0000ff00) ^
wolfSSL 4:1b0d80432c79 1256 (Te[4][GETBYTE(t3, 0)] & 0x000000ff) ^
wolfSSL 4:1b0d80432c79 1257 rk[0];
wolfSSL 4:1b0d80432c79 1258 s1 =
wolfSSL 4:1b0d80432c79 1259 (Te[4][GETBYTE(t1, 3)] & 0xff000000) ^
wolfSSL 4:1b0d80432c79 1260 (Te[4][GETBYTE(t2, 2)] & 0x00ff0000) ^
wolfSSL 4:1b0d80432c79 1261 (Te[4][GETBYTE(t3, 1)] & 0x0000ff00) ^
wolfSSL 4:1b0d80432c79 1262 (Te[4][GETBYTE(t0, 0)] & 0x000000ff) ^
wolfSSL 4:1b0d80432c79 1263 rk[1];
wolfSSL 4:1b0d80432c79 1264 s2 =
wolfSSL 4:1b0d80432c79 1265 (Te[4][GETBYTE(t2, 3)] & 0xff000000) ^
wolfSSL 4:1b0d80432c79 1266 (Te[4][GETBYTE(t3, 2)] & 0x00ff0000) ^
wolfSSL 4:1b0d80432c79 1267 (Te[4][GETBYTE(t0, 1)] & 0x0000ff00) ^
wolfSSL 4:1b0d80432c79 1268 (Te[4][GETBYTE(t1, 0)] & 0x000000ff) ^
wolfSSL 4:1b0d80432c79 1269 rk[2];
wolfSSL 4:1b0d80432c79 1270 s3 =
wolfSSL 4:1b0d80432c79 1271 (Te[4][GETBYTE(t3, 3)] & 0xff000000) ^
wolfSSL 4:1b0d80432c79 1272 (Te[4][GETBYTE(t0, 2)] & 0x00ff0000) ^
wolfSSL 4:1b0d80432c79 1273 (Te[4][GETBYTE(t1, 1)] & 0x0000ff00) ^
wolfSSL 4:1b0d80432c79 1274 (Te[4][GETBYTE(t2, 0)] & 0x000000ff) ^
wolfSSL 4:1b0d80432c79 1275 rk[3];
wolfSSL 4:1b0d80432c79 1276
wolfSSL 4:1b0d80432c79 1277 /* write out */
wolfSSL 4:1b0d80432c79 1278 #ifdef LITTLE_ENDIAN_ORDER
wolfSSL 4:1b0d80432c79 1279 s0 = ByteReverseWord32(s0);
wolfSSL 4:1b0d80432c79 1280 s1 = ByteReverseWord32(s1);
wolfSSL 4:1b0d80432c79 1281 s2 = ByteReverseWord32(s2);
wolfSSL 4:1b0d80432c79 1282 s3 = ByteReverseWord32(s3);
wolfSSL 4:1b0d80432c79 1283 #endif
wolfSSL 4:1b0d80432c79 1284
wolfSSL 4:1b0d80432c79 1285 XMEMCPY(outBlock, &s0, sizeof(s0));
wolfSSL 4:1b0d80432c79 1286 XMEMCPY(outBlock + sizeof(s0), &s1, sizeof(s1));
wolfSSL 4:1b0d80432c79 1287 XMEMCPY(outBlock + 2 * sizeof(s0), &s2, sizeof(s2));
wolfSSL 4:1b0d80432c79 1288 XMEMCPY(outBlock + 3 * sizeof(s0), &s3, sizeof(s3));
wolfSSL 4:1b0d80432c79 1289 }
wolfSSL 4:1b0d80432c79 1290 #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT || HAVE_AESGCM */
wolfSSL 4:1b0d80432c79 1291
wolfSSL 4:1b0d80432c79 1292 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 1293 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
wolfSSL 4:1b0d80432c79 1294 static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
wolfSSL 4:1b0d80432c79 1295 {
wolfSSL 4:1b0d80432c79 1296 word32 s0, s1, s2, s3;
wolfSSL 4:1b0d80432c79 1297 word32 t0, t1, t2, t3;
wolfSSL 4:1b0d80432c79 1298 word32 r = aes->rounds >> 1;
wolfSSL 4:1b0d80432c79 1299
wolfSSL 4:1b0d80432c79 1300 const word32* rk = aes->key;
wolfSSL 4:1b0d80432c79 1301 if (r > 7 || r == 0) {
wolfSSL 4:1b0d80432c79 1302 WOLFSSL_MSG("AesDecrypt encountered improper key, set it up");
wolfSSL 4:1b0d80432c79 1303 return; /* stop instead of segfaulting, set up your keys! */
wolfSSL 4:1b0d80432c79 1304 }
wolfSSL 4:1b0d80432c79 1305 #ifdef WOLFSSL_AESNI
wolfSSL 4:1b0d80432c79 1306 if (haveAESNI && aes->use_aesni) {
wolfSSL 4:1b0d80432c79 1307 #ifdef DEBUG_AESNI
wolfSSL 4:1b0d80432c79 1308 printf("about to aes decrypt\n");
wolfSSL 4:1b0d80432c79 1309 printf("in = %p\n", inBlock);
wolfSSL 4:1b0d80432c79 1310 printf("out = %p\n", outBlock);
wolfSSL 4:1b0d80432c79 1311 printf("aes->key = %p\n", aes->key);
wolfSSL 4:1b0d80432c79 1312 printf("aes->rounds = %d\n", aes->rounds);
wolfSSL 4:1b0d80432c79 1313 printf("sz = %d\n", AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 1314 #endif
wolfSSL 4:1b0d80432c79 1315
wolfSSL 4:1b0d80432c79 1316 /* if input and output same will overwrite input iv */
wolfSSL 4:1b0d80432c79 1317 XMEMCPY(aes->tmp, inBlock, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 1318 AES_ECB_decrypt(inBlock, outBlock, AES_BLOCK_SIZE, (byte*)aes->key,
wolfSSL 4:1b0d80432c79 1319 aes->rounds);
wolfSSL 4:1b0d80432c79 1320 return;
wolfSSL 4:1b0d80432c79 1321 }
wolfSSL 4:1b0d80432c79 1322 else {
wolfSSL 4:1b0d80432c79 1323 #ifdef DEBUG_AESNI
wolfSSL 4:1b0d80432c79 1324 printf("Skipping AES-NI\n");
wolfSSL 4:1b0d80432c79 1325 #endif
wolfSSL 4:1b0d80432c79 1326 }
wolfSSL 4:1b0d80432c79 1327 #endif
wolfSSL 4:1b0d80432c79 1328
wolfSSL 4:1b0d80432c79 1329 /*
wolfSSL 4:1b0d80432c79 1330 * map byte array block to cipher state
wolfSSL 4:1b0d80432c79 1331 * and add initial round key:
wolfSSL 4:1b0d80432c79 1332 */
wolfSSL 4:1b0d80432c79 1333 XMEMCPY(&s0, inBlock, sizeof(s0));
wolfSSL 4:1b0d80432c79 1334 XMEMCPY(&s1, inBlock + sizeof(s0), sizeof(s1));
wolfSSL 4:1b0d80432c79 1335 XMEMCPY(&s2, inBlock + 2 * sizeof(s0), sizeof(s2));
wolfSSL 4:1b0d80432c79 1336 XMEMCPY(&s3, inBlock + 3 * sizeof(s0), sizeof(s3));
wolfSSL 4:1b0d80432c79 1337
wolfSSL 4:1b0d80432c79 1338 #ifdef LITTLE_ENDIAN_ORDER
wolfSSL 4:1b0d80432c79 1339 s0 = ByteReverseWord32(s0);
wolfSSL 4:1b0d80432c79 1340 s1 = ByteReverseWord32(s1);
wolfSSL 4:1b0d80432c79 1341 s2 = ByteReverseWord32(s2);
wolfSSL 4:1b0d80432c79 1342 s3 = ByteReverseWord32(s3);
wolfSSL 4:1b0d80432c79 1343 #endif
wolfSSL 4:1b0d80432c79 1344
wolfSSL 4:1b0d80432c79 1345 s0 ^= rk[0];
wolfSSL 4:1b0d80432c79 1346 s1 ^= rk[1];
wolfSSL 4:1b0d80432c79 1347 s2 ^= rk[2];
wolfSSL 4:1b0d80432c79 1348 s3 ^= rk[3];
wolfSSL 4:1b0d80432c79 1349
wolfSSL 4:1b0d80432c79 1350 /*
wolfSSL 4:1b0d80432c79 1351 * Nr - 1 full rounds:
wolfSSL 4:1b0d80432c79 1352 */
wolfSSL 4:1b0d80432c79 1353
wolfSSL 4:1b0d80432c79 1354 for (;;) {
wolfSSL 4:1b0d80432c79 1355 t0 =
wolfSSL 4:1b0d80432c79 1356 Td[0][GETBYTE(s0, 3)] ^
wolfSSL 4:1b0d80432c79 1357 Td[1][GETBYTE(s3, 2)] ^
wolfSSL 4:1b0d80432c79 1358 Td[2][GETBYTE(s2, 1)] ^
wolfSSL 4:1b0d80432c79 1359 Td[3][GETBYTE(s1, 0)] ^
wolfSSL 4:1b0d80432c79 1360 rk[4];
wolfSSL 4:1b0d80432c79 1361 t1 =
wolfSSL 4:1b0d80432c79 1362 Td[0][GETBYTE(s1, 3)] ^
wolfSSL 4:1b0d80432c79 1363 Td[1][GETBYTE(s0, 2)] ^
wolfSSL 4:1b0d80432c79 1364 Td[2][GETBYTE(s3, 1)] ^
wolfSSL 4:1b0d80432c79 1365 Td[3][GETBYTE(s2, 0)] ^
wolfSSL 4:1b0d80432c79 1366 rk[5];
wolfSSL 4:1b0d80432c79 1367 t2 =
wolfSSL 4:1b0d80432c79 1368 Td[0][GETBYTE(s2, 3)] ^
wolfSSL 4:1b0d80432c79 1369 Td[1][GETBYTE(s1, 2)] ^
wolfSSL 4:1b0d80432c79 1370 Td[2][GETBYTE(s0, 1)] ^
wolfSSL 4:1b0d80432c79 1371 Td[3][GETBYTE(s3, 0)] ^
wolfSSL 4:1b0d80432c79 1372 rk[6];
wolfSSL 4:1b0d80432c79 1373 t3 =
wolfSSL 4:1b0d80432c79 1374 Td[0][GETBYTE(s3, 3)] ^
wolfSSL 4:1b0d80432c79 1375 Td[1][GETBYTE(s2, 2)] ^
wolfSSL 4:1b0d80432c79 1376 Td[2][GETBYTE(s1, 1)] ^
wolfSSL 4:1b0d80432c79 1377 Td[3][GETBYTE(s0, 0)] ^
wolfSSL 4:1b0d80432c79 1378 rk[7];
wolfSSL 4:1b0d80432c79 1379
wolfSSL 4:1b0d80432c79 1380 rk += 8;
wolfSSL 4:1b0d80432c79 1381 if (--r == 0) {
wolfSSL 4:1b0d80432c79 1382 break;
wolfSSL 4:1b0d80432c79 1383 }
wolfSSL 4:1b0d80432c79 1384
wolfSSL 4:1b0d80432c79 1385 s0 =
wolfSSL 4:1b0d80432c79 1386 Td[0][GETBYTE(t0, 3)] ^
wolfSSL 4:1b0d80432c79 1387 Td[1][GETBYTE(t3, 2)] ^
wolfSSL 4:1b0d80432c79 1388 Td[2][GETBYTE(t2, 1)] ^
wolfSSL 4:1b0d80432c79 1389 Td[3][GETBYTE(t1, 0)] ^
wolfSSL 4:1b0d80432c79 1390 rk[0];
wolfSSL 4:1b0d80432c79 1391 s1 =
wolfSSL 4:1b0d80432c79 1392 Td[0][GETBYTE(t1, 3)] ^
wolfSSL 4:1b0d80432c79 1393 Td[1][GETBYTE(t0, 2)] ^
wolfSSL 4:1b0d80432c79 1394 Td[2][GETBYTE(t3, 1)] ^
wolfSSL 4:1b0d80432c79 1395 Td[3][GETBYTE(t2, 0)] ^
wolfSSL 4:1b0d80432c79 1396 rk[1];
wolfSSL 4:1b0d80432c79 1397 s2 =
wolfSSL 4:1b0d80432c79 1398 Td[0][GETBYTE(t2, 3)] ^
wolfSSL 4:1b0d80432c79 1399 Td[1][GETBYTE(t1, 2)] ^
wolfSSL 4:1b0d80432c79 1400 Td[2][GETBYTE(t0, 1)] ^
wolfSSL 4:1b0d80432c79 1401 Td[3][GETBYTE(t3, 0)] ^
wolfSSL 4:1b0d80432c79 1402 rk[2];
wolfSSL 4:1b0d80432c79 1403 s3 =
wolfSSL 4:1b0d80432c79 1404 Td[0][GETBYTE(t3, 3)] ^
wolfSSL 4:1b0d80432c79 1405 Td[1][GETBYTE(t2, 2)] ^
wolfSSL 4:1b0d80432c79 1406 Td[2][GETBYTE(t1, 1)] ^
wolfSSL 4:1b0d80432c79 1407 Td[3][GETBYTE(t0, 0)] ^
wolfSSL 4:1b0d80432c79 1408 rk[3];
wolfSSL 4:1b0d80432c79 1409 }
wolfSSL 4:1b0d80432c79 1410 /*
wolfSSL 4:1b0d80432c79 1411 * apply last round and
wolfSSL 4:1b0d80432c79 1412 * map cipher state to byte array block:
wolfSSL 4:1b0d80432c79 1413 */
wolfSSL 4:1b0d80432c79 1414 s0 =
wolfSSL 4:1b0d80432c79 1415 (Td[4][GETBYTE(t0, 3)] & 0xff000000) ^
wolfSSL 4:1b0d80432c79 1416 (Td[4][GETBYTE(t3, 2)] & 0x00ff0000) ^
wolfSSL 4:1b0d80432c79 1417 (Td[4][GETBYTE(t2, 1)] & 0x0000ff00) ^
wolfSSL 4:1b0d80432c79 1418 (Td[4][GETBYTE(t1, 0)] & 0x000000ff) ^
wolfSSL 4:1b0d80432c79 1419 rk[0];
wolfSSL 4:1b0d80432c79 1420 s1 =
wolfSSL 4:1b0d80432c79 1421 (Td[4][GETBYTE(t1, 3)] & 0xff000000) ^
wolfSSL 4:1b0d80432c79 1422 (Td[4][GETBYTE(t0, 2)] & 0x00ff0000) ^
wolfSSL 4:1b0d80432c79 1423 (Td[4][GETBYTE(t3, 1)] & 0x0000ff00) ^
wolfSSL 4:1b0d80432c79 1424 (Td[4][GETBYTE(t2, 0)] & 0x000000ff) ^
wolfSSL 4:1b0d80432c79 1425 rk[1];
wolfSSL 4:1b0d80432c79 1426 s2 =
wolfSSL 4:1b0d80432c79 1427 (Td[4][GETBYTE(t2, 3)] & 0xff000000) ^
wolfSSL 4:1b0d80432c79 1428 (Td[4][GETBYTE(t1, 2)] & 0x00ff0000) ^
wolfSSL 4:1b0d80432c79 1429 (Td[4][GETBYTE(t0, 1)] & 0x0000ff00) ^
wolfSSL 4:1b0d80432c79 1430 (Td[4][GETBYTE(t3, 0)] & 0x000000ff) ^
wolfSSL 4:1b0d80432c79 1431 rk[2];
wolfSSL 4:1b0d80432c79 1432 s3 =
wolfSSL 4:1b0d80432c79 1433 (Td[4][GETBYTE(t3, 3)] & 0xff000000) ^
wolfSSL 4:1b0d80432c79 1434 (Td[4][GETBYTE(t2, 2)] & 0x00ff0000) ^
wolfSSL 4:1b0d80432c79 1435 (Td[4][GETBYTE(t1, 1)] & 0x0000ff00) ^
wolfSSL 4:1b0d80432c79 1436 (Td[4][GETBYTE(t0, 0)] & 0x000000ff) ^
wolfSSL 4:1b0d80432c79 1437 rk[3];
wolfSSL 4:1b0d80432c79 1438
wolfSSL 4:1b0d80432c79 1439 /* write out */
wolfSSL 4:1b0d80432c79 1440 #ifdef LITTLE_ENDIAN_ORDER
wolfSSL 4:1b0d80432c79 1441 s0 = ByteReverseWord32(s0);
wolfSSL 4:1b0d80432c79 1442 s1 = ByteReverseWord32(s1);
wolfSSL 4:1b0d80432c79 1443 s2 = ByteReverseWord32(s2);
wolfSSL 4:1b0d80432c79 1444 s3 = ByteReverseWord32(s3);
wolfSSL 4:1b0d80432c79 1445 #endif
wolfSSL 4:1b0d80432c79 1446
wolfSSL 4:1b0d80432c79 1447 XMEMCPY(outBlock, &s0, sizeof(s0));
wolfSSL 4:1b0d80432c79 1448 XMEMCPY(outBlock + sizeof(s0), &s1, sizeof(s1));
wolfSSL 4:1b0d80432c79 1449 XMEMCPY(outBlock + 2 * sizeof(s0), &s2, sizeof(s2));
wolfSSL 4:1b0d80432c79 1450 XMEMCPY(outBlock + 3 * sizeof(s0), &s3, sizeof(s3));
wolfSSL 4:1b0d80432c79 1451 }
wolfSSL 4:1b0d80432c79 1452 #endif /* HAVE_AES_DECRYPT */
wolfSSL 4:1b0d80432c79 1453 #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
wolfSSL 4:1b0d80432c79 1454
wolfSSL 4:1b0d80432c79 1455 #endif /* NEED_AES_TABLES */
wolfSSL 4:1b0d80432c79 1456
wolfSSL 4:1b0d80432c79 1457
wolfSSL 4:1b0d80432c79 1458 /* wc_AesSetKey */
wolfSSL 4:1b0d80432c79 1459 #ifdef STM32F2_CRYPTO
wolfSSL 4:1b0d80432c79 1460 int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
wolfSSL 4:1b0d80432c79 1461 int dir)
wolfSSL 4:1b0d80432c79 1462 {
wolfSSL 4:1b0d80432c79 1463 word32 *rk = aes->key;
wolfSSL 4:1b0d80432c79 1464
wolfSSL 4:1b0d80432c79 1465 if (!((keylen == 16) || (keylen == 24) || (keylen == 32)))
wolfSSL 4:1b0d80432c79 1466 return BAD_FUNC_ARG;
wolfSSL 4:1b0d80432c79 1467
wolfSSL 4:1b0d80432c79 1468 aes->rounds = keylen/4 + 6;
wolfSSL 4:1b0d80432c79 1469 XMEMCPY(rk, userKey, keylen);
wolfSSL 4:1b0d80432c79 1470 ByteReverseWords(rk, rk, keylen);
wolfSSL 4:1b0d80432c79 1471
wolfSSL 4:1b0d80432c79 1472 return wc_AesSetIV(aes, iv);
wolfSSL 4:1b0d80432c79 1473 }
wolfSSL 4:1b0d80432c79 1474
wolfSSL 4:1b0d80432c79 1475 int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
wolfSSL 4:1b0d80432c79 1476 const byte* iv, int dir)
wolfSSL 4:1b0d80432c79 1477 {
wolfSSL 4:1b0d80432c79 1478 return wc_AesSetKey(aes, userKey, keylen, iv, dir);
wolfSSL 4:1b0d80432c79 1479 }
wolfSSL 4:1b0d80432c79 1480
wolfSSL 4:1b0d80432c79 1481 #elif defined(HAVE_COLDFIRE_SEC)
wolfSSL 4:1b0d80432c79 1482 #if defined (HAVE_THREADX)
wolfSSL 4:1b0d80432c79 1483 #include "memory_pools.h"
wolfSSL 4:1b0d80432c79 1484 extern TX_BYTE_POOL mp_ncached; /* Non Cached memory pool */
wolfSSL 4:1b0d80432c79 1485 #endif
wolfSSL 4:1b0d80432c79 1486
wolfSSL 4:1b0d80432c79 1487 #define AES_BUFFER_SIZE (AES_BLOCK_SIZE * 64)
wolfSSL 4:1b0d80432c79 1488 static unsigned char *AESBuffIn = NULL;
wolfSSL 4:1b0d80432c79 1489 static unsigned char *AESBuffOut = NULL;
wolfSSL 4:1b0d80432c79 1490 static byte *secReg;
wolfSSL 4:1b0d80432c79 1491 static byte *secKey;
wolfSSL 4:1b0d80432c79 1492 static volatile SECdescriptorType *secDesc;
wolfSSL 4:1b0d80432c79 1493
wolfSSL 4:1b0d80432c79 1494 static wolfSSL_Mutex Mutex_AesSEC;
wolfSSL 4:1b0d80432c79 1495
wolfSSL 4:1b0d80432c79 1496 #define SEC_DESC_AES_CBC_ENCRYPT 0x60300010
wolfSSL 4:1b0d80432c79 1497 #define SEC_DESC_AES_CBC_DECRYPT 0x60200010
wolfSSL 4:1b0d80432c79 1498
wolfSSL 4:1b0d80432c79 1499 extern volatile unsigned char __MBAR[];
wolfSSL 4:1b0d80432c79 1500
wolfSSL 4:1b0d80432c79 1501 int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
wolfSSL 4:1b0d80432c79 1502 int dir)
wolfSSL 4:1b0d80432c79 1503 {
wolfSSL 4:1b0d80432c79 1504 if (AESBuffIn == NULL) {
wolfSSL 4:1b0d80432c79 1505 #if defined (HAVE_THREADX)
wolfSSL 4:1b0d80432c79 1506 int s1, s2, s3, s4, s5 ;
wolfSSL 4:1b0d80432c79 1507 s5 = tx_byte_allocate(&mp_ncached,(void *)&secDesc,
wolfSSL 4:1b0d80432c79 1508 sizeof(SECdescriptorType), TX_NO_WAIT);
wolfSSL 4:1b0d80432c79 1509 s1 = tx_byte_allocate(&mp_ncached, (void *)&AESBuffIn,
wolfSSL 4:1b0d80432c79 1510 AES_BUFFER_SIZE, TX_NO_WAIT);
wolfSSL 4:1b0d80432c79 1511 s2 = tx_byte_allocate(&mp_ncached, (void *)&AESBuffOut,
wolfSSL 4:1b0d80432c79 1512 AES_BUFFER_SIZE, TX_NO_WAIT);
wolfSSL 4:1b0d80432c79 1513 s3 = tx_byte_allocate(&mp_ncached, (void *)&secKey,
wolfSSL 4:1b0d80432c79 1514 AES_BLOCK_SIZE*2, TX_NO_WAIT);
wolfSSL 4:1b0d80432c79 1515 s4 = tx_byte_allocate(&mp_ncached, (void *)&secReg,
wolfSSL 4:1b0d80432c79 1516 AES_BLOCK_SIZE, TX_NO_WAIT);
wolfSSL 4:1b0d80432c79 1517
wolfSSL 4:1b0d80432c79 1518 if(s1 || s2 || s3 || s4 || s5)
wolfSSL 4:1b0d80432c79 1519 return BAD_FUNC_ARG;
wolfSSL 4:1b0d80432c79 1520 #else
wolfSSL 4:1b0d80432c79 1521 #warning "Allocate non-Cache buffers"
wolfSSL 4:1b0d80432c79 1522 #endif
wolfSSL 4:1b0d80432c79 1523
wolfSSL 4:1b0d80432c79 1524 InitMutex(&Mutex_AesSEC);
wolfSSL 4:1b0d80432c79 1525 }
wolfSSL 4:1b0d80432c79 1526
wolfSSL 4:1b0d80432c79 1527 if (!((keylen == 16) || (keylen == 24) || (keylen == 32)))
wolfSSL 4:1b0d80432c79 1528 return BAD_FUNC_ARG;
wolfSSL 4:1b0d80432c79 1529
wolfSSL 4:1b0d80432c79 1530 if (aes == NULL)
wolfSSL 4:1b0d80432c79 1531 return BAD_FUNC_ARG;
wolfSSL 4:1b0d80432c79 1532
wolfSSL 4:1b0d80432c79 1533 aes->rounds = keylen/4 + 6;
wolfSSL 4:1b0d80432c79 1534 XMEMCPY(aes->key, userKey, keylen);
wolfSSL 4:1b0d80432c79 1535
wolfSSL 4:1b0d80432c79 1536 if (iv)
wolfSSL 4:1b0d80432c79 1537 XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 1538
wolfSSL 4:1b0d80432c79 1539 return 0;
wolfSSL 4:1b0d80432c79 1540 }
wolfSSL 4:1b0d80432c79 1541 #elif defined(FREESCALE_MMCAU)
wolfSSL 4:1b0d80432c79 1542 int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
wolfSSL 4:1b0d80432c79 1543 int dir)
wolfSSL 4:1b0d80432c79 1544 {
wolfSSL 4:1b0d80432c79 1545 int ret;
wolfSSL 4:1b0d80432c79 1546 byte *rk = (byte*)aes->key;
wolfSSL 4:1b0d80432c79 1547
wolfSSL 4:1b0d80432c79 1548 (void)dir;
wolfSSL 4:1b0d80432c79 1549
wolfSSL 4:1b0d80432c79 1550 if (!((keylen == 16) || (keylen == 24) || (keylen == 32)))
wolfSSL 4:1b0d80432c79 1551 return BAD_FUNC_ARG;
wolfSSL 4:1b0d80432c79 1552
wolfSSL 4:1b0d80432c79 1553 if (rk == NULL)
wolfSSL 4:1b0d80432c79 1554 return BAD_FUNC_ARG;
wolfSSL 4:1b0d80432c79 1555
wolfSSL 4:1b0d80432c79 1556 aes->rounds = keylen/4 + 6;
wolfSSL 4:1b0d80432c79 1557
wolfSSL 4:1b0d80432c79 1558 ret = wolfSSL_CryptHwMutexLock();
wolfSSL 4:1b0d80432c79 1559 if(ret == 0) {
wolfSSL 4:1b0d80432c79 1560 cau_aes_set_key(userKey, keylen*8, rk);
wolfSSL 4:1b0d80432c79 1561 wolfSSL_CryptHwMutexUnLock();
wolfSSL 4:1b0d80432c79 1562
wolfSSL 4:1b0d80432c79 1563 ret = wc_AesSetIV(aes, iv);
wolfSSL 4:1b0d80432c79 1564 }
wolfSSL 4:1b0d80432c79 1565
wolfSSL 4:1b0d80432c79 1566 return ret;
wolfSSL 4:1b0d80432c79 1567 }
wolfSSL 4:1b0d80432c79 1568
wolfSSL 4:1b0d80432c79 1569 int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
wolfSSL 4:1b0d80432c79 1570 const byte* iv, int dir)
wolfSSL 4:1b0d80432c79 1571 {
wolfSSL 4:1b0d80432c79 1572 return wc_AesSetKey(aes, userKey, keylen, iv, dir);
wolfSSL 4:1b0d80432c79 1573 }
wolfSSL 4:1b0d80432c79 1574 #elif defined(WOLFSSL_NRF51_AES)
wolfSSL 4:1b0d80432c79 1575 int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
wolfSSL 4:1b0d80432c79 1576 int dir)
wolfSSL 4:1b0d80432c79 1577 {
wolfSSL 4:1b0d80432c79 1578 int ret;
wolfSSL 4:1b0d80432c79 1579
wolfSSL 4:1b0d80432c79 1580 (void)dir;
wolfSSL 4:1b0d80432c79 1581 (void)iv;
wolfSSL 4:1b0d80432c79 1582
wolfSSL 4:1b0d80432c79 1583 if (keylen != 16)
wolfSSL 4:1b0d80432c79 1584 return BAD_FUNC_ARG;
wolfSSL 4:1b0d80432c79 1585
wolfSSL 4:1b0d80432c79 1586 aes->rounds = keylen/4 + 6;
wolfSSL 4:1b0d80432c79 1587 ret = nrf51_aes_set_key(userKey);
wolfSSL 4:1b0d80432c79 1588
wolfSSL 4:1b0d80432c79 1589 return ret;
wolfSSL 4:1b0d80432c79 1590 }
wolfSSL 4:1b0d80432c79 1591
wolfSSL 4:1b0d80432c79 1592 int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
wolfSSL 4:1b0d80432c79 1593 const byte* iv, int dir)
wolfSSL 4:1b0d80432c79 1594 {
wolfSSL 4:1b0d80432c79 1595 return wc_AesSetKey(aes, userKey, keylen, iv, dir);
wolfSSL 4:1b0d80432c79 1596 }
wolfSSL 4:1b0d80432c79 1597 #else
wolfSSL 4:1b0d80432c79 1598 static int wc_AesSetKeyLocal(Aes* aes, const byte* userKey, word32 keylen,
wolfSSL 4:1b0d80432c79 1599 const byte* iv, int dir)
wolfSSL 4:1b0d80432c79 1600 {
wolfSSL 4:1b0d80432c79 1601 word32 temp, *rk = aes->key;
wolfSSL 4:1b0d80432c79 1602 unsigned int i = 0;
wolfSSL 4:1b0d80432c79 1603
wolfSSL 4:1b0d80432c79 1604 #ifdef WOLFSSL_AESNI
wolfSSL 4:1b0d80432c79 1605 aes->use_aesni = 0;
wolfSSL 4:1b0d80432c79 1606 #endif /* WOLFSSL_AESNI */
wolfSSL 4:1b0d80432c79 1607 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 4:1b0d80432c79 1608 aes->left = 0;
wolfSSL 4:1b0d80432c79 1609 #endif /* WOLFSSL_AES_COUNTER */
wolfSSL 4:1b0d80432c79 1610
wolfSSL 4:1b0d80432c79 1611 aes->rounds = keylen/4 + 6;
wolfSSL 4:1b0d80432c79 1612
wolfSSL 4:1b0d80432c79 1613 XMEMCPY(rk, userKey, keylen);
wolfSSL 4:1b0d80432c79 1614 #ifdef LITTLE_ENDIAN_ORDER
wolfSSL 4:1b0d80432c79 1615 ByteReverseWords(rk, rk, keylen);
wolfSSL 4:1b0d80432c79 1616 #endif
wolfSSL 4:1b0d80432c79 1617
wolfSSL 4:1b0d80432c79 1618 #ifdef WOLFSSL_PIC32MZ_CRYPT
wolfSSL 4:1b0d80432c79 1619 {
wolfSSL 4:1b0d80432c79 1620 word32 *akey1 = aes->key_ce;
wolfSSL 4:1b0d80432c79 1621 word32 *areg = aes->iv_ce ;
wolfSSL 4:1b0d80432c79 1622 aes->keylen = keylen ;
wolfSSL 4:1b0d80432c79 1623 XMEMCPY(akey1, userKey, keylen);
wolfSSL 4:1b0d80432c79 1624 if (iv)
wolfSSL 4:1b0d80432c79 1625 XMEMCPY(areg, iv, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 1626 else
wolfSSL 4:1b0d80432c79 1627 XMEMSET(areg, 0, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 1628 }
wolfSSL 4:1b0d80432c79 1629 #endif
wolfSSL 4:1b0d80432c79 1630
wolfSSL 4:1b0d80432c79 1631 switch(keylen)
wolfSSL 4:1b0d80432c79 1632 {
wolfSSL 4:1b0d80432c79 1633 #if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 128
wolfSSL 4:1b0d80432c79 1634 case 16:
wolfSSL 4:1b0d80432c79 1635 while (1)
wolfSSL 4:1b0d80432c79 1636 {
wolfSSL 4:1b0d80432c79 1637 temp = rk[3];
wolfSSL 4:1b0d80432c79 1638 rk[4] = rk[0] ^
wolfSSL 4:1b0d80432c79 1639 (Te[4][GETBYTE(temp, 2)] & 0xff000000) ^
wolfSSL 4:1b0d80432c79 1640 (Te[4][GETBYTE(temp, 1)] & 0x00ff0000) ^
wolfSSL 4:1b0d80432c79 1641 (Te[4][GETBYTE(temp, 0)] & 0x0000ff00) ^
wolfSSL 4:1b0d80432c79 1642 (Te[4][GETBYTE(temp, 3)] & 0x000000ff) ^
wolfSSL 4:1b0d80432c79 1643 rcon[i];
wolfSSL 4:1b0d80432c79 1644 rk[5] = rk[1] ^ rk[4];
wolfSSL 4:1b0d80432c79 1645 rk[6] = rk[2] ^ rk[5];
wolfSSL 4:1b0d80432c79 1646 rk[7] = rk[3] ^ rk[6];
wolfSSL 4:1b0d80432c79 1647 if (++i == 10)
wolfSSL 4:1b0d80432c79 1648 break;
wolfSSL 4:1b0d80432c79 1649 rk += 4;
wolfSSL 4:1b0d80432c79 1650 }
wolfSSL 4:1b0d80432c79 1651 break;
wolfSSL 4:1b0d80432c79 1652 #endif /* 128 */
wolfSSL 4:1b0d80432c79 1653
wolfSSL 4:1b0d80432c79 1654 #if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 192
wolfSSL 4:1b0d80432c79 1655 case 24:
wolfSSL 4:1b0d80432c79 1656 /* for (;;) here triggers a bug in VC60 SP4 w/ Pro Pack */
wolfSSL 4:1b0d80432c79 1657 while (1)
wolfSSL 4:1b0d80432c79 1658 {
wolfSSL 4:1b0d80432c79 1659 temp = rk[ 5];
wolfSSL 4:1b0d80432c79 1660 rk[ 6] = rk[ 0] ^
wolfSSL 4:1b0d80432c79 1661 (Te[4][GETBYTE(temp, 2)] & 0xff000000) ^
wolfSSL 4:1b0d80432c79 1662 (Te[4][GETBYTE(temp, 1)] & 0x00ff0000) ^
wolfSSL 4:1b0d80432c79 1663 (Te[4][GETBYTE(temp, 0)] & 0x0000ff00) ^
wolfSSL 4:1b0d80432c79 1664 (Te[4][GETBYTE(temp, 3)] & 0x000000ff) ^
wolfSSL 4:1b0d80432c79 1665 rcon[i];
wolfSSL 4:1b0d80432c79 1666 rk[ 7] = rk[ 1] ^ rk[ 6];
wolfSSL 4:1b0d80432c79 1667 rk[ 8] = rk[ 2] ^ rk[ 7];
wolfSSL 4:1b0d80432c79 1668 rk[ 9] = rk[ 3] ^ rk[ 8];
wolfSSL 4:1b0d80432c79 1669 if (++i == 8)
wolfSSL 4:1b0d80432c79 1670 break;
wolfSSL 4:1b0d80432c79 1671 rk[10] = rk[ 4] ^ rk[ 9];
wolfSSL 4:1b0d80432c79 1672 rk[11] = rk[ 5] ^ rk[10];
wolfSSL 4:1b0d80432c79 1673 rk += 6;
wolfSSL 4:1b0d80432c79 1674 }
wolfSSL 4:1b0d80432c79 1675 break;
wolfSSL 4:1b0d80432c79 1676 #endif /* 192 */
wolfSSL 4:1b0d80432c79 1677
wolfSSL 4:1b0d80432c79 1678 #if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 256
wolfSSL 4:1b0d80432c79 1679 case 32:
wolfSSL 4:1b0d80432c79 1680 while (1)
wolfSSL 4:1b0d80432c79 1681 {
wolfSSL 4:1b0d80432c79 1682 temp = rk[ 7];
wolfSSL 4:1b0d80432c79 1683 rk[ 8] = rk[ 0] ^
wolfSSL 4:1b0d80432c79 1684 (Te[4][GETBYTE(temp, 2)] & 0xff000000) ^
wolfSSL 4:1b0d80432c79 1685 (Te[4][GETBYTE(temp, 1)] & 0x00ff0000) ^
wolfSSL 4:1b0d80432c79 1686 (Te[4][GETBYTE(temp, 0)] & 0x0000ff00) ^
wolfSSL 4:1b0d80432c79 1687 (Te[4][GETBYTE(temp, 3)] & 0x000000ff) ^
wolfSSL 4:1b0d80432c79 1688 rcon[i];
wolfSSL 4:1b0d80432c79 1689 rk[ 9] = rk[ 1] ^ rk[ 8];
wolfSSL 4:1b0d80432c79 1690 rk[10] = rk[ 2] ^ rk[ 9];
wolfSSL 4:1b0d80432c79 1691 rk[11] = rk[ 3] ^ rk[10];
wolfSSL 4:1b0d80432c79 1692 if (++i == 7)
wolfSSL 4:1b0d80432c79 1693 break;
wolfSSL 4:1b0d80432c79 1694 temp = rk[11];
wolfSSL 4:1b0d80432c79 1695 rk[12] = rk[ 4] ^
wolfSSL 4:1b0d80432c79 1696 (Te[4][GETBYTE(temp, 3)] & 0xff000000) ^
wolfSSL 4:1b0d80432c79 1697 (Te[4][GETBYTE(temp, 2)] & 0x00ff0000) ^
wolfSSL 4:1b0d80432c79 1698 (Te[4][GETBYTE(temp, 1)] & 0x0000ff00) ^
wolfSSL 4:1b0d80432c79 1699 (Te[4][GETBYTE(temp, 0)] & 0x000000ff);
wolfSSL 4:1b0d80432c79 1700 rk[13] = rk[ 5] ^ rk[12];
wolfSSL 4:1b0d80432c79 1701 rk[14] = rk[ 6] ^ rk[13];
wolfSSL 4:1b0d80432c79 1702 rk[15] = rk[ 7] ^ rk[14];
wolfSSL 4:1b0d80432c79 1703
wolfSSL 4:1b0d80432c79 1704 rk += 8;
wolfSSL 4:1b0d80432c79 1705 }
wolfSSL 4:1b0d80432c79 1706 break;
wolfSSL 4:1b0d80432c79 1707 #endif /* 256 */
wolfSSL 4:1b0d80432c79 1708
wolfSSL 4:1b0d80432c79 1709 default:
wolfSSL 4:1b0d80432c79 1710 return BAD_FUNC_ARG;
wolfSSL 4:1b0d80432c79 1711 }
wolfSSL 4:1b0d80432c79 1712
wolfSSL 4:1b0d80432c79 1713 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 1714 if (dir == AES_DECRYPTION)
wolfSSL 4:1b0d80432c79 1715 {
wolfSSL 4:1b0d80432c79 1716 unsigned int j;
wolfSSL 4:1b0d80432c79 1717 rk = aes->key;
wolfSSL 4:1b0d80432c79 1718
wolfSSL 4:1b0d80432c79 1719 /* invert the order of the round keys: */
wolfSSL 4:1b0d80432c79 1720 for (i = 0, j = 4* aes->rounds; i < j; i += 4, j -= 4) {
wolfSSL 4:1b0d80432c79 1721 temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;
wolfSSL 4:1b0d80432c79 1722 temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
wolfSSL 4:1b0d80432c79 1723 temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
wolfSSL 4:1b0d80432c79 1724 temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
wolfSSL 4:1b0d80432c79 1725 }
wolfSSL 4:1b0d80432c79 1726 /* apply the inverse MixColumn transform to all round keys but the
wolfSSL 4:1b0d80432c79 1727 first and the last: */
wolfSSL 4:1b0d80432c79 1728 for (i = 1; i < aes->rounds; i++) {
wolfSSL 4:1b0d80432c79 1729 rk += 4;
wolfSSL 4:1b0d80432c79 1730 rk[0] =
wolfSSL 4:1b0d80432c79 1731 Td[0][Te[4][GETBYTE(rk[0], 3)] & 0xff] ^
wolfSSL 4:1b0d80432c79 1732 Td[1][Te[4][GETBYTE(rk[0], 2)] & 0xff] ^
wolfSSL 4:1b0d80432c79 1733 Td[2][Te[4][GETBYTE(rk[0], 1)] & 0xff] ^
wolfSSL 4:1b0d80432c79 1734 Td[3][Te[4][GETBYTE(rk[0], 0)] & 0xff];
wolfSSL 4:1b0d80432c79 1735 rk[1] =
wolfSSL 4:1b0d80432c79 1736 Td[0][Te[4][GETBYTE(rk[1], 3)] & 0xff] ^
wolfSSL 4:1b0d80432c79 1737 Td[1][Te[4][GETBYTE(rk[1], 2)] & 0xff] ^
wolfSSL 4:1b0d80432c79 1738 Td[2][Te[4][GETBYTE(rk[1], 1)] & 0xff] ^
wolfSSL 4:1b0d80432c79 1739 Td[3][Te[4][GETBYTE(rk[1], 0)] & 0xff];
wolfSSL 4:1b0d80432c79 1740 rk[2] =
wolfSSL 4:1b0d80432c79 1741 Td[0][Te[4][GETBYTE(rk[2], 3)] & 0xff] ^
wolfSSL 4:1b0d80432c79 1742 Td[1][Te[4][GETBYTE(rk[2], 2)] & 0xff] ^
wolfSSL 4:1b0d80432c79 1743 Td[2][Te[4][GETBYTE(rk[2], 1)] & 0xff] ^
wolfSSL 4:1b0d80432c79 1744 Td[3][Te[4][GETBYTE(rk[2], 0)] & 0xff];
wolfSSL 4:1b0d80432c79 1745 rk[3] =
wolfSSL 4:1b0d80432c79 1746 Td[0][Te[4][GETBYTE(rk[3], 3)] & 0xff] ^
wolfSSL 4:1b0d80432c79 1747 Td[1][Te[4][GETBYTE(rk[3], 2)] & 0xff] ^
wolfSSL 4:1b0d80432c79 1748 Td[2][Te[4][GETBYTE(rk[3], 1)] & 0xff] ^
wolfSSL 4:1b0d80432c79 1749 Td[3][Te[4][GETBYTE(rk[3], 0)] & 0xff];
wolfSSL 4:1b0d80432c79 1750 }
wolfSSL 4:1b0d80432c79 1751 }
wolfSSL 4:1b0d80432c79 1752 #endif /* HAVE_AES_DECRYPT */
wolfSSL 4:1b0d80432c79 1753
wolfSSL 4:1b0d80432c79 1754 return wc_AesSetIV(aes, iv);
wolfSSL 4:1b0d80432c79 1755 }
wolfSSL 4:1b0d80432c79 1756
wolfSSL 4:1b0d80432c79 1757 int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
wolfSSL 4:1b0d80432c79 1758 int dir)
wolfSSL 4:1b0d80432c79 1759 {
wolfSSL 4:1b0d80432c79 1760 #if defined(AES_MAX_KEY_SIZE)
wolfSSL 4:1b0d80432c79 1761 const word32 max_key_len = (AES_MAX_KEY_SIZE / 8);
wolfSSL 4:1b0d80432c79 1762 #endif
wolfSSL 4:1b0d80432c79 1763
wolfSSL 4:1b0d80432c79 1764 if (!((keylen == 16) || (keylen == 24) || (keylen == 32)))
wolfSSL 4:1b0d80432c79 1765 return BAD_FUNC_ARG;
wolfSSL 4:1b0d80432c79 1766
wolfSSL 4:1b0d80432c79 1767 #if defined(AES_MAX_KEY_SIZE)
wolfSSL 4:1b0d80432c79 1768 /* Check key length */
wolfSSL 4:1b0d80432c79 1769 if (keylen > max_key_len) {
wolfSSL 4:1b0d80432c79 1770 return BAD_FUNC_ARG;
wolfSSL 4:1b0d80432c79 1771 }
wolfSSL 4:1b0d80432c79 1772 #endif
wolfSSL 4:1b0d80432c79 1773
wolfSSL 4:1b0d80432c79 1774 #ifdef HAVE_CAVIUM
wolfSSL 4:1b0d80432c79 1775 if (aes->magic == WOLFSSL_AES_CAVIUM_MAGIC)
wolfSSL 4:1b0d80432c79 1776 return wc_AesCaviumSetKey(aes, userKey, keylen, iv);
wolfSSL 4:1b0d80432c79 1777 #endif
wolfSSL 4:1b0d80432c79 1778
wolfSSL 4:1b0d80432c79 1779 #ifdef WOLFSSL_AESNI
wolfSSL 4:1b0d80432c79 1780 if (checkAESNI == 0) {
wolfSSL 4:1b0d80432c79 1781 haveAESNI = Check_CPU_support_AES();
wolfSSL 4:1b0d80432c79 1782 checkAESNI = 1;
wolfSSL 4:1b0d80432c79 1783 }
wolfSSL 4:1b0d80432c79 1784 if (haveAESNI) {
wolfSSL 4:1b0d80432c79 1785 aes->use_aesni = 1;
wolfSSL 4:1b0d80432c79 1786 if (iv)
wolfSSL 4:1b0d80432c79 1787 XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 1788 if (dir == AES_ENCRYPTION)
wolfSSL 4:1b0d80432c79 1789 return AES_set_encrypt_key(userKey, keylen * 8, aes);
wolfSSL 4:1b0d80432c79 1790 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 1791 else
wolfSSL 4:1b0d80432c79 1792 return AES_set_decrypt_key(userKey, keylen * 8, aes);
wolfSSL 4:1b0d80432c79 1793 #endif
wolfSSL 4:1b0d80432c79 1794 }
wolfSSL 4:1b0d80432c79 1795 #endif /* WOLFSSL_AESNI */
wolfSSL 4:1b0d80432c79 1796
wolfSSL 4:1b0d80432c79 1797 return wc_AesSetKeyLocal(aes, userKey, keylen, iv, dir);
wolfSSL 4:1b0d80432c79 1798 }
wolfSSL 4:1b0d80432c79 1799
wolfSSL 4:1b0d80432c79 1800 #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
wolfSSL 4:1b0d80432c79 1801
wolfSSL 4:1b0d80432c79 1802 /* AES-CTR and AES-DIRECT need to use this for key setup, no aesni yet */
wolfSSL 4:1b0d80432c79 1803 int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
wolfSSL 4:1b0d80432c79 1804 const byte* iv, int dir)
wolfSSL 4:1b0d80432c79 1805 {
wolfSSL 4:1b0d80432c79 1806 return wc_AesSetKeyLocal(aes, userKey, keylen, iv, dir);
wolfSSL 4:1b0d80432c79 1807 }
wolfSSL 4:1b0d80432c79 1808
wolfSSL 4:1b0d80432c79 1809 #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
wolfSSL 4:1b0d80432c79 1810 #endif /* STM32F2_CRYPTO, wc_AesSetKey block */
wolfSSL 4:1b0d80432c79 1811
wolfSSL 4:1b0d80432c79 1812
wolfSSL 4:1b0d80432c79 1813 /* wc_AesSetIV is shared between software and hardware */
wolfSSL 4:1b0d80432c79 1814 int wc_AesSetIV(Aes* aes, const byte* iv)
wolfSSL 4:1b0d80432c79 1815 {
wolfSSL 4:1b0d80432c79 1816 if (aes == NULL)
wolfSSL 4:1b0d80432c79 1817 return BAD_FUNC_ARG;
wolfSSL 4:1b0d80432c79 1818
wolfSSL 4:1b0d80432c79 1819 if (iv)
wolfSSL 4:1b0d80432c79 1820 XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 1821 else
wolfSSL 4:1b0d80432c79 1822 XMEMSET(aes->reg, 0, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 1823
wolfSSL 4:1b0d80432c79 1824 return 0;
wolfSSL 4:1b0d80432c79 1825 }
wolfSSL 4:1b0d80432c79 1826
wolfSSL 4:1b0d80432c79 1827
wolfSSL 4:1b0d80432c79 1828
wolfSSL 4:1b0d80432c79 1829
wolfSSL 4:1b0d80432c79 1830 /* AES-DIRECT */
wolfSSL 4:1b0d80432c79 1831 #if defined(WOLFSSL_AES_DIRECT)
wolfSSL 4:1b0d80432c79 1832 #if defined(STM32F2_CRYPTO)
wolfSSL 4:1b0d80432c79 1833 #error "STM32F2 crypto doesn't yet support AES direct"
wolfSSL 4:1b0d80432c79 1834
wolfSSL 4:1b0d80432c79 1835 #elif defined(HAVE_COLDFIRE_SEC)
wolfSSL 4:1b0d80432c79 1836 #error "Coldfire SEC doesn't yet support AES direct"
wolfSSL 4:1b0d80432c79 1837
wolfSSL 4:1b0d80432c79 1838 #elif defined(WOLFSSL_PIC32MZ_CRYPT)
wolfSSL 4:1b0d80432c79 1839 #error "PIC32MZ doesn't yet support AES direct"
wolfSSL 4:1b0d80432c79 1840
wolfSSL 4:1b0d80432c79 1841 #else
wolfSSL 4:1b0d80432c79 1842 /* Allow direct access to one block encrypt */
wolfSSL 4:1b0d80432c79 1843 void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
wolfSSL 4:1b0d80432c79 1844 {
wolfSSL 4:1b0d80432c79 1845 wc_AesEncrypt(aes, in, out);
wolfSSL 4:1b0d80432c79 1846 }
wolfSSL 4:1b0d80432c79 1847 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 1848 /* Allow direct access to one block decrypt */
wolfSSL 4:1b0d80432c79 1849 void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
wolfSSL 4:1b0d80432c79 1850 {
wolfSSL 4:1b0d80432c79 1851 wc_AesDecrypt(aes, in, out);
wolfSSL 4:1b0d80432c79 1852 }
wolfSSL 4:1b0d80432c79 1853 #endif /* HAVE_AES_DECRYPT */
wolfSSL 4:1b0d80432c79 1854 #endif /* AES direct block */
wolfSSL 4:1b0d80432c79 1855 #endif /* WOLFSSL_AES_DIRECT */
wolfSSL 4:1b0d80432c79 1856
wolfSSL 4:1b0d80432c79 1857
wolfSSL 4:1b0d80432c79 1858 /* AES-CBC */
wolfSSL 4:1b0d80432c79 1859 #ifdef HAVE_AES_CBC
wolfSSL 4:1b0d80432c79 1860 #ifdef STM32F2_CRYPTO
wolfSSL 4:1b0d80432c79 1861 int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
wolfSSL 4:1b0d80432c79 1862 {
wolfSSL 4:1b0d80432c79 1863 word32 *enc_key, *iv;
wolfSSL 4:1b0d80432c79 1864 CRYP_InitTypeDef AES_CRYP_InitStructure;
wolfSSL 4:1b0d80432c79 1865 CRYP_KeyInitTypeDef AES_CRYP_KeyInitStructure;
wolfSSL 4:1b0d80432c79 1866 CRYP_IVInitTypeDef AES_CRYP_IVInitStructure;
wolfSSL 4:1b0d80432c79 1867
wolfSSL 4:1b0d80432c79 1868 enc_key = aes->key;
wolfSSL 4:1b0d80432c79 1869 iv = aes->reg;
wolfSSL 4:1b0d80432c79 1870
wolfSSL 4:1b0d80432c79 1871 /* crypto structure initialization */
wolfSSL 4:1b0d80432c79 1872 CRYP_KeyStructInit(&AES_CRYP_KeyInitStructure);
wolfSSL 4:1b0d80432c79 1873 CRYP_StructInit(&AES_CRYP_InitStructure);
wolfSSL 4:1b0d80432c79 1874 CRYP_IVStructInit(&AES_CRYP_IVInitStructure);
wolfSSL 4:1b0d80432c79 1875
wolfSSL 4:1b0d80432c79 1876 /* reset registers to their default values */
wolfSSL 4:1b0d80432c79 1877 CRYP_DeInit();
wolfSSL 4:1b0d80432c79 1878
wolfSSL 4:1b0d80432c79 1879 /* load key into correct registers */
wolfSSL 4:1b0d80432c79 1880 switch(aes->rounds)
wolfSSL 4:1b0d80432c79 1881 {
wolfSSL 4:1b0d80432c79 1882 case 10: /* 128-bit key */
wolfSSL 4:1b0d80432c79 1883 AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_128b;
wolfSSL 4:1b0d80432c79 1884 AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[0];
wolfSSL 4:1b0d80432c79 1885 AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[1];
wolfSSL 4:1b0d80432c79 1886 AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[2];
wolfSSL 4:1b0d80432c79 1887 AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[3];
wolfSSL 4:1b0d80432c79 1888 break;
wolfSSL 4:1b0d80432c79 1889
wolfSSL 4:1b0d80432c79 1890 case 12: /* 192-bit key */
wolfSSL 4:1b0d80432c79 1891 AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_192b;
wolfSSL 4:1b0d80432c79 1892 AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[0];
wolfSSL 4:1b0d80432c79 1893 AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[1];
wolfSSL 4:1b0d80432c79 1894 AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[2];
wolfSSL 4:1b0d80432c79 1895 AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[3];
wolfSSL 4:1b0d80432c79 1896 AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[4];
wolfSSL 4:1b0d80432c79 1897 AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[5];
wolfSSL 4:1b0d80432c79 1898 break;
wolfSSL 4:1b0d80432c79 1899
wolfSSL 4:1b0d80432c79 1900 case 14: /* 256-bit key */
wolfSSL 4:1b0d80432c79 1901 AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_256b;
wolfSSL 4:1b0d80432c79 1902 AES_CRYP_KeyInitStructure.CRYP_Key0Left = enc_key[0];
wolfSSL 4:1b0d80432c79 1903 AES_CRYP_KeyInitStructure.CRYP_Key0Right = enc_key[1];
wolfSSL 4:1b0d80432c79 1904 AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[2];
wolfSSL 4:1b0d80432c79 1905 AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[3];
wolfSSL 4:1b0d80432c79 1906 AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[4];
wolfSSL 4:1b0d80432c79 1907 AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[5];
wolfSSL 4:1b0d80432c79 1908 AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[6];
wolfSSL 4:1b0d80432c79 1909 AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[7];
wolfSSL 4:1b0d80432c79 1910 break;
wolfSSL 4:1b0d80432c79 1911
wolfSSL 4:1b0d80432c79 1912 default:
wolfSSL 4:1b0d80432c79 1913 break;
wolfSSL 4:1b0d80432c79 1914 }
wolfSSL 4:1b0d80432c79 1915 CRYP_KeyInit(&AES_CRYP_KeyInitStructure);
wolfSSL 4:1b0d80432c79 1916
wolfSSL 4:1b0d80432c79 1917 /* set iv */
wolfSSL 4:1b0d80432c79 1918 ByteReverseWords(iv, iv, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 1919 AES_CRYP_IVInitStructure.CRYP_IV0Left = iv[0];
wolfSSL 4:1b0d80432c79 1920 AES_CRYP_IVInitStructure.CRYP_IV0Right = iv[1];
wolfSSL 4:1b0d80432c79 1921 AES_CRYP_IVInitStructure.CRYP_IV1Left = iv[2];
wolfSSL 4:1b0d80432c79 1922 AES_CRYP_IVInitStructure.CRYP_IV1Right = iv[3];
wolfSSL 4:1b0d80432c79 1923 CRYP_IVInit(&AES_CRYP_IVInitStructure);
wolfSSL 4:1b0d80432c79 1924
wolfSSL 4:1b0d80432c79 1925 /* set direction, mode, and datatype */
wolfSSL 4:1b0d80432c79 1926 AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Encrypt;
wolfSSL 4:1b0d80432c79 1927 AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_CBC;
wolfSSL 4:1b0d80432c79 1928 AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b;
wolfSSL 4:1b0d80432c79 1929 CRYP_Init(&AES_CRYP_InitStructure);
wolfSSL 4:1b0d80432c79 1930
wolfSSL 4:1b0d80432c79 1931 /* enable crypto processor */
wolfSSL 4:1b0d80432c79 1932 CRYP_Cmd(ENABLE);
wolfSSL 4:1b0d80432c79 1933
wolfSSL 4:1b0d80432c79 1934 while (sz > 0)
wolfSSL 4:1b0d80432c79 1935 {
wolfSSL 4:1b0d80432c79 1936 /* flush IN/OUT FIFOs */
wolfSSL 4:1b0d80432c79 1937 CRYP_FIFOFlush();
wolfSSL 4:1b0d80432c79 1938
wolfSSL 4:1b0d80432c79 1939 CRYP_DataIn(*(uint32_t*)&in[0]);
wolfSSL 4:1b0d80432c79 1940 CRYP_DataIn(*(uint32_t*)&in[4]);
wolfSSL 4:1b0d80432c79 1941 CRYP_DataIn(*(uint32_t*)&in[8]);
wolfSSL 4:1b0d80432c79 1942 CRYP_DataIn(*(uint32_t*)&in[12]);
wolfSSL 4:1b0d80432c79 1943
wolfSSL 4:1b0d80432c79 1944 /* wait until the complete message has been processed */
wolfSSL 4:1b0d80432c79 1945 while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {}
wolfSSL 4:1b0d80432c79 1946
wolfSSL 4:1b0d80432c79 1947 *(uint32_t*)&out[0] = CRYP_DataOut();
wolfSSL 4:1b0d80432c79 1948 *(uint32_t*)&out[4] = CRYP_DataOut();
wolfSSL 4:1b0d80432c79 1949 *(uint32_t*)&out[8] = CRYP_DataOut();
wolfSSL 4:1b0d80432c79 1950 *(uint32_t*)&out[12] = CRYP_DataOut();
wolfSSL 4:1b0d80432c79 1951
wolfSSL 4:1b0d80432c79 1952 /* store iv for next call */
wolfSSL 4:1b0d80432c79 1953 XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 1954
wolfSSL 4:1b0d80432c79 1955 sz -= 16;
wolfSSL 4:1b0d80432c79 1956 in += 16;
wolfSSL 4:1b0d80432c79 1957 out += 16;
wolfSSL 4:1b0d80432c79 1958 }
wolfSSL 4:1b0d80432c79 1959
wolfSSL 4:1b0d80432c79 1960 /* disable crypto processor */
wolfSSL 4:1b0d80432c79 1961 CRYP_Cmd(DISABLE);
wolfSSL 4:1b0d80432c79 1962
wolfSSL 4:1b0d80432c79 1963 return 0;
wolfSSL 4:1b0d80432c79 1964 }
wolfSSL 4:1b0d80432c79 1965
wolfSSL 4:1b0d80432c79 1966 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 1967 int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
wolfSSL 4:1b0d80432c79 1968 {
wolfSSL 4:1b0d80432c79 1969 word32 *dec_key, *iv;
wolfSSL 4:1b0d80432c79 1970 CRYP_InitTypeDef AES_CRYP_InitStructure;
wolfSSL 4:1b0d80432c79 1971 CRYP_KeyInitTypeDef AES_CRYP_KeyInitStructure;
wolfSSL 4:1b0d80432c79 1972 CRYP_IVInitTypeDef AES_CRYP_IVInitStructure;
wolfSSL 4:1b0d80432c79 1973
wolfSSL 4:1b0d80432c79 1974 dec_key = aes->key;
wolfSSL 4:1b0d80432c79 1975 iv = aes->reg;
wolfSSL 4:1b0d80432c79 1976
wolfSSL 4:1b0d80432c79 1977 /* crypto structure initialization */
wolfSSL 4:1b0d80432c79 1978 CRYP_KeyStructInit(&AES_CRYP_KeyInitStructure);
wolfSSL 4:1b0d80432c79 1979 CRYP_StructInit(&AES_CRYP_InitStructure);
wolfSSL 4:1b0d80432c79 1980 CRYP_IVStructInit(&AES_CRYP_IVInitStructure);
wolfSSL 4:1b0d80432c79 1981
wolfSSL 4:1b0d80432c79 1982 /* if input and output same will overwrite input iv */
wolfSSL 4:1b0d80432c79 1983 XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 1984
wolfSSL 4:1b0d80432c79 1985 /* reset registers to their default values */
wolfSSL 4:1b0d80432c79 1986 CRYP_DeInit();
wolfSSL 4:1b0d80432c79 1987
wolfSSL 4:1b0d80432c79 1988 /* load key into correct registers */
wolfSSL 4:1b0d80432c79 1989 switch(aes->rounds)
wolfSSL 4:1b0d80432c79 1990 {
wolfSSL 4:1b0d80432c79 1991 case 10: /* 128-bit key */
wolfSSL 4:1b0d80432c79 1992 AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_128b;
wolfSSL 4:1b0d80432c79 1993 AES_CRYP_KeyInitStructure.CRYP_Key2Left = dec_key[0];
wolfSSL 4:1b0d80432c79 1994 AES_CRYP_KeyInitStructure.CRYP_Key2Right = dec_key[1];
wolfSSL 4:1b0d80432c79 1995 AES_CRYP_KeyInitStructure.CRYP_Key3Left = dec_key[2];
wolfSSL 4:1b0d80432c79 1996 AES_CRYP_KeyInitStructure.CRYP_Key3Right = dec_key[3];
wolfSSL 4:1b0d80432c79 1997 break;
wolfSSL 4:1b0d80432c79 1998
wolfSSL 4:1b0d80432c79 1999 case 12: /* 192-bit key */
wolfSSL 4:1b0d80432c79 2000 AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_192b;
wolfSSL 4:1b0d80432c79 2001 AES_CRYP_KeyInitStructure.CRYP_Key1Left = dec_key[0];
wolfSSL 4:1b0d80432c79 2002 AES_CRYP_KeyInitStructure.CRYP_Key1Right = dec_key[1];
wolfSSL 4:1b0d80432c79 2003 AES_CRYP_KeyInitStructure.CRYP_Key2Left = dec_key[2];
wolfSSL 4:1b0d80432c79 2004 AES_CRYP_KeyInitStructure.CRYP_Key2Right = dec_key[3];
wolfSSL 4:1b0d80432c79 2005 AES_CRYP_KeyInitStructure.CRYP_Key3Left = dec_key[4];
wolfSSL 4:1b0d80432c79 2006 AES_CRYP_KeyInitStructure.CRYP_Key3Right = dec_key[5];
wolfSSL 4:1b0d80432c79 2007 break;
wolfSSL 4:1b0d80432c79 2008
wolfSSL 4:1b0d80432c79 2009 case 14: /* 256-bit key */
wolfSSL 4:1b0d80432c79 2010 AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_256b;
wolfSSL 4:1b0d80432c79 2011 AES_CRYP_KeyInitStructure.CRYP_Key0Left = dec_key[0];
wolfSSL 4:1b0d80432c79 2012 AES_CRYP_KeyInitStructure.CRYP_Key0Right = dec_key[1];
wolfSSL 4:1b0d80432c79 2013 AES_CRYP_KeyInitStructure.CRYP_Key1Left = dec_key[2];
wolfSSL 4:1b0d80432c79 2014 AES_CRYP_KeyInitStructure.CRYP_Key1Right = dec_key[3];
wolfSSL 4:1b0d80432c79 2015 AES_CRYP_KeyInitStructure.CRYP_Key2Left = dec_key[4];
wolfSSL 4:1b0d80432c79 2016 AES_CRYP_KeyInitStructure.CRYP_Key2Right = dec_key[5];
wolfSSL 4:1b0d80432c79 2017 AES_CRYP_KeyInitStructure.CRYP_Key3Left = dec_key[6];
wolfSSL 4:1b0d80432c79 2018 AES_CRYP_KeyInitStructure.CRYP_Key3Right = dec_key[7];
wolfSSL 4:1b0d80432c79 2019 break;
wolfSSL 4:1b0d80432c79 2020
wolfSSL 4:1b0d80432c79 2021 default:
wolfSSL 4:1b0d80432c79 2022 break;
wolfSSL 4:1b0d80432c79 2023 }
wolfSSL 4:1b0d80432c79 2024
wolfSSL 4:1b0d80432c79 2025 /* set direction, mode, and datatype for key preparation */
wolfSSL 4:1b0d80432c79 2026 AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Decrypt;
wolfSSL 4:1b0d80432c79 2027 AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_Key;
wolfSSL 4:1b0d80432c79 2028 AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_32b;
wolfSSL 4:1b0d80432c79 2029 CRYP_Init(&AES_CRYP_InitStructure);
wolfSSL 4:1b0d80432c79 2030 CRYP_KeyInit(&AES_CRYP_KeyInitStructure);
wolfSSL 4:1b0d80432c79 2031
wolfSSL 4:1b0d80432c79 2032 /* enable crypto processor */
wolfSSL 4:1b0d80432c79 2033 CRYP_Cmd(ENABLE);
wolfSSL 4:1b0d80432c79 2034
wolfSSL 4:1b0d80432c79 2035 /* wait until key has been prepared */
wolfSSL 4:1b0d80432c79 2036 while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {}
wolfSSL 4:1b0d80432c79 2037
wolfSSL 4:1b0d80432c79 2038 /* set direction, mode, and datatype for decryption */
wolfSSL 4:1b0d80432c79 2039 AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Decrypt;
wolfSSL 4:1b0d80432c79 2040 AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_CBC;
wolfSSL 4:1b0d80432c79 2041 AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b;
wolfSSL 4:1b0d80432c79 2042 CRYP_Init(&AES_CRYP_InitStructure);
wolfSSL 4:1b0d80432c79 2043
wolfSSL 4:1b0d80432c79 2044 /* set iv */
wolfSSL 4:1b0d80432c79 2045 ByteReverseWords(iv, iv, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2046
wolfSSL 4:1b0d80432c79 2047 AES_CRYP_IVInitStructure.CRYP_IV0Left = iv[0];
wolfSSL 4:1b0d80432c79 2048 AES_CRYP_IVInitStructure.CRYP_IV0Right = iv[1];
wolfSSL 4:1b0d80432c79 2049 AES_CRYP_IVInitStructure.CRYP_IV1Left = iv[2];
wolfSSL 4:1b0d80432c79 2050 AES_CRYP_IVInitStructure.CRYP_IV1Right = iv[3];
wolfSSL 4:1b0d80432c79 2051 CRYP_IVInit(&AES_CRYP_IVInitStructure);
wolfSSL 4:1b0d80432c79 2052
wolfSSL 4:1b0d80432c79 2053 /* enable crypto processor */
wolfSSL 4:1b0d80432c79 2054 CRYP_Cmd(ENABLE);
wolfSSL 4:1b0d80432c79 2055
wolfSSL 4:1b0d80432c79 2056 while (sz > 0)
wolfSSL 4:1b0d80432c79 2057 {
wolfSSL 4:1b0d80432c79 2058 /* flush IN/OUT FIFOs */
wolfSSL 4:1b0d80432c79 2059 CRYP_FIFOFlush();
wolfSSL 4:1b0d80432c79 2060
wolfSSL 4:1b0d80432c79 2061 CRYP_DataIn(*(uint32_t*)&in[0]);
wolfSSL 4:1b0d80432c79 2062 CRYP_DataIn(*(uint32_t*)&in[4]);
wolfSSL 4:1b0d80432c79 2063 CRYP_DataIn(*(uint32_t*)&in[8]);
wolfSSL 4:1b0d80432c79 2064 CRYP_DataIn(*(uint32_t*)&in[12]);
wolfSSL 4:1b0d80432c79 2065
wolfSSL 4:1b0d80432c79 2066 /* wait until the complete message has been processed */
wolfSSL 4:1b0d80432c79 2067 while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {}
wolfSSL 4:1b0d80432c79 2068
wolfSSL 4:1b0d80432c79 2069 *(uint32_t*)&out[0] = CRYP_DataOut();
wolfSSL 4:1b0d80432c79 2070 *(uint32_t*)&out[4] = CRYP_DataOut();
wolfSSL 4:1b0d80432c79 2071 *(uint32_t*)&out[8] = CRYP_DataOut();
wolfSSL 4:1b0d80432c79 2072 *(uint32_t*)&out[12] = CRYP_DataOut();
wolfSSL 4:1b0d80432c79 2073
wolfSSL 4:1b0d80432c79 2074 /* store iv for next call */
wolfSSL 4:1b0d80432c79 2075 XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2076
wolfSSL 4:1b0d80432c79 2077 sz -= 16;
wolfSSL 4:1b0d80432c79 2078 in += 16;
wolfSSL 4:1b0d80432c79 2079 out += 16;
wolfSSL 4:1b0d80432c79 2080 }
wolfSSL 4:1b0d80432c79 2081
wolfSSL 4:1b0d80432c79 2082 /* disable crypto processor */
wolfSSL 4:1b0d80432c79 2083 CRYP_Cmd(DISABLE);
wolfSSL 4:1b0d80432c79 2084
wolfSSL 4:1b0d80432c79 2085 return 0;
wolfSSL 4:1b0d80432c79 2086 }
wolfSSL 4:1b0d80432c79 2087 #endif /* HAVE_AES_DECRYPT */
wolfSSL 4:1b0d80432c79 2088 #elif defined(HAVE_COLDFIRE_SEC)
wolfSSL 4:1b0d80432c79 2089 static int wc_AesCbcCrypt(Aes* aes, byte* po, const byte* pi, word32 sz,
wolfSSL 4:1b0d80432c79 2090 word32 descHeader)
wolfSSL 4:1b0d80432c79 2091 {
wolfSSL 4:1b0d80432c79 2092 #ifdef DEBUG_WOLFSSL
wolfSSL 4:1b0d80432c79 2093 int i; int stat1, stat2; int ret;
wolfSSL 4:1b0d80432c79 2094 #endif
wolfSSL 4:1b0d80432c79 2095
wolfSSL 4:1b0d80432c79 2096 int size;
wolfSSL 4:1b0d80432c79 2097 volatile int v;
wolfSSL 4:1b0d80432c79 2098
wolfSSL 4:1b0d80432c79 2099 if ((pi == NULL) || (po == NULL))
wolfSSL 4:1b0d80432c79 2100 return BAD_FUNC_ARG; /*wrong pointer*/
wolfSSL 4:1b0d80432c79 2101
wolfSSL 4:1b0d80432c79 2102 LockMutex(&Mutex_AesSEC);
wolfSSL 4:1b0d80432c79 2103
wolfSSL 4:1b0d80432c79 2104 /* Set descriptor for SEC */
wolfSSL 4:1b0d80432c79 2105 secDesc->length1 = 0x0;
wolfSSL 4:1b0d80432c79 2106 secDesc->pointer1 = NULL;
wolfSSL 4:1b0d80432c79 2107
wolfSSL 4:1b0d80432c79 2108 secDesc->length2 = AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 2109 secDesc->pointer2 = (byte *)secReg; /* Initial Vector */
wolfSSL 4:1b0d80432c79 2110
wolfSSL 4:1b0d80432c79 2111 switch(aes->rounds) {
wolfSSL 4:1b0d80432c79 2112 case 10: secDesc->length3 = 16 ; break ;
wolfSSL 4:1b0d80432c79 2113 case 12: secDesc->length3 = 24 ; break ;
wolfSSL 4:1b0d80432c79 2114 case 14: secDesc->length3 = 32 ; break ;
wolfSSL 4:1b0d80432c79 2115 }
wolfSSL 4:1b0d80432c79 2116 XMEMCPY(secKey, aes->key, secDesc->length3);
wolfSSL 4:1b0d80432c79 2117
wolfSSL 4:1b0d80432c79 2118 secDesc->pointer3 = (byte *)secKey;
wolfSSL 4:1b0d80432c79 2119 secDesc->pointer4 = AESBuffIn;
wolfSSL 4:1b0d80432c79 2120 secDesc->pointer5 = AESBuffOut;
wolfSSL 4:1b0d80432c79 2121 secDesc->length6 = 0x0;
wolfSSL 4:1b0d80432c79 2122 secDesc->pointer6 = NULL;
wolfSSL 4:1b0d80432c79 2123 secDesc->length7 = 0x0;
wolfSSL 4:1b0d80432c79 2124 secDesc->pointer7 = NULL;
wolfSSL 4:1b0d80432c79 2125 secDesc->nextDescriptorPtr = NULL;
wolfSSL 4:1b0d80432c79 2126
wolfSSL 4:1b0d80432c79 2127 while (sz) {
wolfSSL 4:1b0d80432c79 2128 secDesc->header = descHeader;
wolfSSL 4:1b0d80432c79 2129 XMEMCPY(secReg, aes->reg, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2130 if ((sz % AES_BUFFER_SIZE) == sz) {
wolfSSL 4:1b0d80432c79 2131 size = sz;
wolfSSL 4:1b0d80432c79 2132 sz = 0;
wolfSSL 4:1b0d80432c79 2133 } else {
wolfSSL 4:1b0d80432c79 2134 size = AES_BUFFER_SIZE;
wolfSSL 4:1b0d80432c79 2135 sz -= AES_BUFFER_SIZE;
wolfSSL 4:1b0d80432c79 2136 }
wolfSSL 4:1b0d80432c79 2137 secDesc->length4 = size;
wolfSSL 4:1b0d80432c79 2138 secDesc->length5 = size;
wolfSSL 4:1b0d80432c79 2139
wolfSSL 4:1b0d80432c79 2140 XMEMCPY(AESBuffIn, pi, size);
wolfSSL 4:1b0d80432c79 2141 if(descHeader == SEC_DESC_AES_CBC_DECRYPT) {
wolfSSL 4:1b0d80432c79 2142 XMEMCPY((void*)aes->tmp, (void*)&(pi[size-AES_BLOCK_SIZE]),
wolfSSL 4:1b0d80432c79 2143 AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2144 }
wolfSSL 4:1b0d80432c79 2145
wolfSSL 4:1b0d80432c79 2146 /* Point SEC to the location of the descriptor */
wolfSSL 4:1b0d80432c79 2147 MCF_SEC_FR0 = (uint32)secDesc;
wolfSSL 4:1b0d80432c79 2148 /* Initialize SEC and wait for encryption to complete */
wolfSSL 4:1b0d80432c79 2149 MCF_SEC_CCCR0 = 0x0000001a;
wolfSSL 4:1b0d80432c79 2150 /* poll SISR to determine when channel is complete */
wolfSSL 4:1b0d80432c79 2151 v=0;
wolfSSL 4:1b0d80432c79 2152
wolfSSL 4:1b0d80432c79 2153 while ((secDesc->header>> 24) != 0xff) v++;
wolfSSL 4:1b0d80432c79 2154
wolfSSL 4:1b0d80432c79 2155 #ifdef DEBUG_WOLFSSL
wolfSSL 4:1b0d80432c79 2156 ret = MCF_SEC_SISRH;
wolfSSL 4:1b0d80432c79 2157 stat1 = MCF_SEC_AESSR;
wolfSSL 4:1b0d80432c79 2158 stat2 = MCF_SEC_AESISR;
wolfSSL 4:1b0d80432c79 2159 if (ret & 0xe0000000) {
wolfSSL 4:1b0d80432c79 2160 db_printf("Aes_Cbc(i=%d):ISRH=%08x, AESSR=%08x, "
wolfSSL 4:1b0d80432c79 2161 "AESISR=%08x\n", i, ret, stat1, stat2);
wolfSSL 4:1b0d80432c79 2162 }
wolfSSL 4:1b0d80432c79 2163 #endif
wolfSSL 4:1b0d80432c79 2164
wolfSSL 4:1b0d80432c79 2165 XMEMCPY(po, AESBuffOut, size);
wolfSSL 4:1b0d80432c79 2166
wolfSSL 4:1b0d80432c79 2167 if (descHeader == SEC_DESC_AES_CBC_ENCRYPT) {
wolfSSL 4:1b0d80432c79 2168 XMEMCPY((void*)aes->reg, (void*)&(po[size-AES_BLOCK_SIZE]),
wolfSSL 4:1b0d80432c79 2169 AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2170 } else {
wolfSSL 4:1b0d80432c79 2171 XMEMCPY((void*)aes->reg, (void*)aes->tmp, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2172 }
wolfSSL 4:1b0d80432c79 2173
wolfSSL 4:1b0d80432c79 2174 pi += size;
wolfSSL 4:1b0d80432c79 2175 po += size;
wolfSSL 4:1b0d80432c79 2176 }
wolfSSL 4:1b0d80432c79 2177
wolfSSL 4:1b0d80432c79 2178 UnLockMutex(&Mutex_AesSEC);
wolfSSL 4:1b0d80432c79 2179 return 0;
wolfSSL 4:1b0d80432c79 2180 }
wolfSSL 4:1b0d80432c79 2181
wolfSSL 4:1b0d80432c79 2182 int wc_AesCbcEncrypt(Aes* aes, byte* po, const byte* pi, word32 sz)
wolfSSL 4:1b0d80432c79 2183 {
wolfSSL 4:1b0d80432c79 2184 return (wc_AesCbcCrypt(aes, po, pi, sz, SEC_DESC_AES_CBC_ENCRYPT));
wolfSSL 4:1b0d80432c79 2185 }
wolfSSL 4:1b0d80432c79 2186
wolfSSL 4:1b0d80432c79 2187 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 2188 int wc_AesCbcDecrypt(Aes* aes, byte* po, const byte* pi, word32 sz)
wolfSSL 4:1b0d80432c79 2189 {
wolfSSL 4:1b0d80432c79 2190 return (wc_AesCbcCrypt(aes, po, pi, sz, SEC_DESC_AES_CBC_DECRYPT));
wolfSSL 4:1b0d80432c79 2191 }
wolfSSL 4:1b0d80432c79 2192 #endif /* HAVE_AES_DECRYPT */
wolfSSL 4:1b0d80432c79 2193 #elif defined(FREESCALE_MMCAU)
wolfSSL 4:1b0d80432c79 2194 int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
wolfSSL 4:1b0d80432c79 2195 {
wolfSSL 4:1b0d80432c79 2196 int i;
wolfSSL 4:1b0d80432c79 2197 int offset = 0;
wolfSSL 4:1b0d80432c79 2198 int len = sz;
wolfSSL 4:1b0d80432c79 2199
wolfSSL 4:1b0d80432c79 2200 byte *iv;
wolfSSL 4:1b0d80432c79 2201 byte temp_block[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 2202
wolfSSL 4:1b0d80432c79 2203 iv = (byte*)aes->reg;
wolfSSL 4:1b0d80432c79 2204
wolfSSL 4:1b0d80432c79 2205 if ((wolfssl_word)out % WOLFSSL_MMCAU_ALIGNMENT) {
wolfSSL 4:1b0d80432c79 2206 WOLFSSL_MSG("Bad cau_aes_encrypt alignment");
wolfSSL 4:1b0d80432c79 2207 return BAD_ALIGN_E;
wolfSSL 4:1b0d80432c79 2208 }
wolfSSL 4:1b0d80432c79 2209
wolfSSL 4:1b0d80432c79 2210 while (len > 0)
wolfSSL 4:1b0d80432c79 2211 {
wolfSSL 4:1b0d80432c79 2212 XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2213
wolfSSL 4:1b0d80432c79 2214 /* XOR block with IV for CBC */
wolfSSL 4:1b0d80432c79 2215 for (i = 0; i < AES_BLOCK_SIZE; i++)
wolfSSL 4:1b0d80432c79 2216 temp_block[i] ^= iv[i];
wolfSSL 4:1b0d80432c79 2217
wolfSSL 4:1b0d80432c79 2218 wc_AesEncrypt(aes, temp_block, out + offset);
wolfSSL 4:1b0d80432c79 2219
wolfSSL 4:1b0d80432c79 2220 len -= AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 2221 offset += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 2222
wolfSSL 4:1b0d80432c79 2223 /* store IV for next block */
wolfSSL 4:1b0d80432c79 2224 XMEMCPY(iv, out + offset - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2225 }
wolfSSL 4:1b0d80432c79 2226
wolfSSL 4:1b0d80432c79 2227 return 0;
wolfSSL 4:1b0d80432c79 2228 }
wolfSSL 4:1b0d80432c79 2229 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 2230 int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
wolfSSL 4:1b0d80432c79 2231 {
wolfSSL 4:1b0d80432c79 2232 int i;
wolfSSL 4:1b0d80432c79 2233 int offset = 0;
wolfSSL 4:1b0d80432c79 2234 int len = sz;
wolfSSL 4:1b0d80432c79 2235
wolfSSL 4:1b0d80432c79 2236 byte* iv;
wolfSSL 4:1b0d80432c79 2237 byte temp_block[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 2238
wolfSSL 4:1b0d80432c79 2239 iv = (byte*)aes->reg;
wolfSSL 4:1b0d80432c79 2240
wolfSSL 4:1b0d80432c79 2241 if ((wolfssl_word)out % WOLFSSL_MMCAU_ALIGNMENT) {
wolfSSL 4:1b0d80432c79 2242 WOLFSSL_MSG("Bad cau_aes_decrypt alignment");
wolfSSL 4:1b0d80432c79 2243 return BAD_ALIGN_E;
wolfSSL 4:1b0d80432c79 2244 }
wolfSSL 4:1b0d80432c79 2245
wolfSSL 4:1b0d80432c79 2246 while (len > 0)
wolfSSL 4:1b0d80432c79 2247 {
wolfSSL 4:1b0d80432c79 2248 XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2249
wolfSSL 4:1b0d80432c79 2250 wc_AesDecrypt(aes, in + offset, out + offset);
wolfSSL 4:1b0d80432c79 2251
wolfSSL 4:1b0d80432c79 2252 /* XOR block with IV for CBC */
wolfSSL 4:1b0d80432c79 2253 for (i = 0; i < AES_BLOCK_SIZE; i++)
wolfSSL 4:1b0d80432c79 2254 (out + offset)[i] ^= iv[i];
wolfSSL 4:1b0d80432c79 2255
wolfSSL 4:1b0d80432c79 2256 /* store IV for next block */
wolfSSL 4:1b0d80432c79 2257 XMEMCPY(iv, temp_block, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2258
wolfSSL 4:1b0d80432c79 2259 len -= AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 2260 offset += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 2261 }
wolfSSL 4:1b0d80432c79 2262
wolfSSL 4:1b0d80432c79 2263 return 0;
wolfSSL 4:1b0d80432c79 2264 }
wolfSSL 4:1b0d80432c79 2265 #endif /* HAVE_AES_DECRYPT */
wolfSSL 4:1b0d80432c79 2266 #elif defined(WOLFSSL_PIC32MZ_CRYPT)
wolfSSL 4:1b0d80432c79 2267 /* core hardware crypt engine driver */
wolfSSL 4:1b0d80432c79 2268 static void wc_AesCrypt(Aes *aes, byte* out, const byte* in, word32 sz,
wolfSSL 4:1b0d80432c79 2269 int dir, int algo, int cryptoalgo)
wolfSSL 4:1b0d80432c79 2270 {
wolfSSL 4:1b0d80432c79 2271 securityAssociation *sa_p ;
wolfSSL 4:1b0d80432c79 2272 bufferDescriptor *bd_p ;
wolfSSL 4:1b0d80432c79 2273
wolfSSL 4:1b0d80432c79 2274 volatile securityAssociation sa __attribute__((aligned (8)));
wolfSSL 4:1b0d80432c79 2275 volatile bufferDescriptor bd __attribute__((aligned (8)));
wolfSSL 4:1b0d80432c79 2276 volatile int k ;
wolfSSL 4:1b0d80432c79 2277
wolfSSL 4:1b0d80432c79 2278 /* get uncached address */
wolfSSL 4:1b0d80432c79 2279 sa_p = KVA0_TO_KVA1(&sa) ;
wolfSSL 4:1b0d80432c79 2280 bd_p = KVA0_TO_KVA1(&bd) ;
wolfSSL 4:1b0d80432c79 2281
wolfSSL 4:1b0d80432c79 2282 /* Sync cache and physical memory */
wolfSSL 4:1b0d80432c79 2283 if(PIC32MZ_IF_RAM(in)) {
wolfSSL 4:1b0d80432c79 2284 XMEMCPY((void *)KVA0_TO_KVA1(in), (void *)in, sz);
wolfSSL 4:1b0d80432c79 2285 }
wolfSSL 4:1b0d80432c79 2286 XMEMSET((void *)KVA0_TO_KVA1(out), 0, sz);
wolfSSL 4:1b0d80432c79 2287 /* Set up the Security Association */
wolfSSL 4:1b0d80432c79 2288 XMEMSET((byte *)KVA0_TO_KVA1(&sa), 0, sizeof(sa));
wolfSSL 4:1b0d80432c79 2289 sa_p->SA_CTRL.ALGO = algo ; /* AES */
wolfSSL 4:1b0d80432c79 2290 sa_p->SA_CTRL.LNC = 1;
wolfSSL 4:1b0d80432c79 2291 sa_p->SA_CTRL.LOADIV = 1;
wolfSSL 4:1b0d80432c79 2292 sa_p->SA_CTRL.FB = 1;
wolfSSL 4:1b0d80432c79 2293 sa_p->SA_CTRL.ENCTYPE = dir ; /* Encryption/Decryption */
wolfSSL 4:1b0d80432c79 2294 sa_p->SA_CTRL.CRYPTOALGO = cryptoalgo;
wolfSSL 4:1b0d80432c79 2295
wolfSSL 4:1b0d80432c79 2296 if(cryptoalgo == PIC32_CRYPTOALGO_AES_GCM){
wolfSSL 4:1b0d80432c79 2297 switch(aes->keylen) {
wolfSSL 4:1b0d80432c79 2298 case 32:
wolfSSL 4:1b0d80432c79 2299 sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_256 ;
wolfSSL 4:1b0d80432c79 2300 break ;
wolfSSL 4:1b0d80432c79 2301 case 24:
wolfSSL 4:1b0d80432c79 2302 sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_192 ;
wolfSSL 4:1b0d80432c79 2303 break ;
wolfSSL 4:1b0d80432c79 2304 case 16:
wolfSSL 4:1b0d80432c79 2305 sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_128 ;
wolfSSL 4:1b0d80432c79 2306 break ;
wolfSSL 4:1b0d80432c79 2307 }
wolfSSL 4:1b0d80432c79 2308 } else
wolfSSL 4:1b0d80432c79 2309 sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_128 ;
wolfSSL 4:1b0d80432c79 2310
wolfSSL 4:1b0d80432c79 2311 ByteReverseWords(
wolfSSL 4:1b0d80432c79 2312 (word32 *)KVA0_TO_KVA1(sa.SA_ENCKEY + 8 - aes->keylen/sizeof(word32)),
wolfSSL 4:1b0d80432c79 2313 (word32 *)aes->key_ce, aes->keylen);
wolfSSL 4:1b0d80432c79 2314 ByteReverseWords(
wolfSSL 4:1b0d80432c79 2315 (word32*)KVA0_TO_KVA1(sa.SA_ENCIV), (word32 *)aes->iv_ce, 16);
wolfSSL 4:1b0d80432c79 2316
wolfSSL 4:1b0d80432c79 2317 XMEMSET((byte *)KVA0_TO_KVA1(&bd), 0, sizeof(bd));
wolfSSL 4:1b0d80432c79 2318 /* Set up the Buffer Descriptor */
wolfSSL 4:1b0d80432c79 2319 bd_p->BD_CTRL.BUFLEN = sz;
wolfSSL 4:1b0d80432c79 2320 if(cryptoalgo == PIC32_CRYPTOALGO_AES_GCM) {
wolfSSL 4:1b0d80432c79 2321 if(sz % 0x10)
wolfSSL 4:1b0d80432c79 2322 bd_p->BD_CTRL.BUFLEN = (sz/0x10 + 1) * 0x10 ;
wolfSSL 4:1b0d80432c79 2323 }
wolfSSL 4:1b0d80432c79 2324 bd_p->BD_CTRL.LIFM = 1;
wolfSSL 4:1b0d80432c79 2325 bd_p->BD_CTRL.SA_FETCH_EN = 1;
wolfSSL 4:1b0d80432c79 2326 bd_p->BD_CTRL.LAST_BD = 1;
wolfSSL 4:1b0d80432c79 2327 bd_p->BD_CTRL.DESC_EN = 1;
wolfSSL 4:1b0d80432c79 2328
wolfSSL 4:1b0d80432c79 2329 bd_p->SA_ADDR = (unsigned int)KVA_TO_PA(&sa) ;
wolfSSL 4:1b0d80432c79 2330 bd_p->SRCADDR = (unsigned int)KVA_TO_PA(in) ;
wolfSSL 4:1b0d80432c79 2331 bd_p->DSTADDR = (unsigned int)KVA_TO_PA(out);
wolfSSL 4:1b0d80432c79 2332 bd_p->MSGLEN = sz ;
wolfSSL 4:1b0d80432c79 2333
wolfSSL 4:1b0d80432c79 2334 CECON = 1 << 6;
wolfSSL 4:1b0d80432c79 2335 while (CECON);
wolfSSL 4:1b0d80432c79 2336
wolfSSL 4:1b0d80432c79 2337 /* Run the engine */
wolfSSL 4:1b0d80432c79 2338 CEBDPADDR = (unsigned int)KVA_TO_PA(&bd) ;
wolfSSL 4:1b0d80432c79 2339 CEINTEN = 0x07;
wolfSSL 4:1b0d80432c79 2340 CECON = 0x27;
wolfSSL 4:1b0d80432c79 2341
wolfSSL 4:1b0d80432c79 2342 WAIT_ENGINE ;
wolfSSL 4:1b0d80432c79 2343
wolfSSL 4:1b0d80432c79 2344 if((cryptoalgo == PIC32_CRYPTOALGO_CBC) ||
wolfSSL 4:1b0d80432c79 2345 (cryptoalgo == PIC32_CRYPTOALGO_TCBC)||
wolfSSL 4:1b0d80432c79 2346 (cryptoalgo == PIC32_CRYPTOALGO_RCBC)) {
wolfSSL 4:1b0d80432c79 2347 /* set iv for the next call */
wolfSSL 4:1b0d80432c79 2348 if(dir == PIC32_ENCRYPTION) {
wolfSSL 4:1b0d80432c79 2349 XMEMCPY((void *)aes->iv_ce,
wolfSSL 4:1b0d80432c79 2350 (void*)KVA0_TO_KVA1(out + sz - AES_BLOCK_SIZE),
wolfSSL 4:1b0d80432c79 2351 AES_BLOCK_SIZE) ;
wolfSSL 4:1b0d80432c79 2352 } else {
wolfSSL 4:1b0d80432c79 2353 ByteReverseWords((word32*)aes->iv_ce,
wolfSSL 4:1b0d80432c79 2354 (word32 *)KVA0_TO_KVA1(in + sz - AES_BLOCK_SIZE),
wolfSSL 4:1b0d80432c79 2355 AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2356 }
wolfSSL 4:1b0d80432c79 2357 }
wolfSSL 4:1b0d80432c79 2358 XMEMCPY((byte *)out, (byte *)KVA0_TO_KVA1(out), sz) ;
wolfSSL 4:1b0d80432c79 2359 ByteReverseWords((word32*)out, (word32 *)out, sz);
wolfSSL 4:1b0d80432c79 2360 }
wolfSSL 4:1b0d80432c79 2361
wolfSSL 4:1b0d80432c79 2362 int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
wolfSSL 4:1b0d80432c79 2363 {
wolfSSL 4:1b0d80432c79 2364 wc_AesCrypt(aes, out, in, sz, PIC32_ENCRYPTION, PIC32_ALGO_AES,
wolfSSL 4:1b0d80432c79 2365 PIC32_CRYPTOALGO_RCBC );
wolfSSL 4:1b0d80432c79 2366 return 0 ;
wolfSSL 4:1b0d80432c79 2367 }
wolfSSL 4:1b0d80432c79 2368 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 2369 int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
wolfSSL 4:1b0d80432c79 2370 {
wolfSSL 4:1b0d80432c79 2371 wc_AesCrypt(aes, out, in, sz, PIC32_DECRYPTION, PIC32_ALGO_AES,
wolfSSL 4:1b0d80432c79 2372 PIC32_CRYPTOALGO_RCBC);
wolfSSL 4:1b0d80432c79 2373 return 0 ;
wolfSSL 4:1b0d80432c79 2374 }
wolfSSL 4:1b0d80432c79 2375 #endif /* HAVE_AES_DECRYPT */
wolfSSL 4:1b0d80432c79 2376
wolfSSL 4:1b0d80432c79 2377 #else
wolfSSL 4:1b0d80432c79 2378 int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
wolfSSL 4:1b0d80432c79 2379 {
wolfSSL 4:1b0d80432c79 2380 word32 blocks = sz / AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 2381
wolfSSL 4:1b0d80432c79 2382 #ifdef HAVE_CAVIUM
wolfSSL 4:1b0d80432c79 2383 if (aes->magic == WOLFSSL_AES_CAVIUM_MAGIC)
wolfSSL 4:1b0d80432c79 2384 return wc_AesCaviumCbcEncrypt(aes, out, in, sz);
wolfSSL 4:1b0d80432c79 2385 #endif
wolfSSL 4:1b0d80432c79 2386
wolfSSL 4:1b0d80432c79 2387 #ifdef WOLFSSL_AESNI
wolfSSL 4:1b0d80432c79 2388 if (haveAESNI) {
wolfSSL 4:1b0d80432c79 2389 #ifdef DEBUG_AESNI
wolfSSL 4:1b0d80432c79 2390 printf("about to aes cbc encrypt\n");
wolfSSL 4:1b0d80432c79 2391 printf("in = %p\n", in);
wolfSSL 4:1b0d80432c79 2392 printf("out = %p\n", out);
wolfSSL 4:1b0d80432c79 2393 printf("aes->key = %p\n", aes->key);
wolfSSL 4:1b0d80432c79 2394 printf("aes->reg = %p\n", aes->reg);
wolfSSL 4:1b0d80432c79 2395 printf("aes->rounds = %d\n", aes->rounds);
wolfSSL 4:1b0d80432c79 2396 printf("sz = %d\n", sz);
wolfSSL 4:1b0d80432c79 2397 #endif
wolfSSL 4:1b0d80432c79 2398
wolfSSL 4:1b0d80432c79 2399 /* check alignment, decrypt doesn't need alignment */
wolfSSL 4:1b0d80432c79 2400 if ((wolfssl_word)in % 16) {
wolfSSL 4:1b0d80432c79 2401 #ifndef NO_WOLFSSL_ALLOC_ALIGN
wolfSSL 4:1b0d80432c79 2402 byte* tmp = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 4:1b0d80432c79 2403 WOLFSSL_MSG("AES-CBC encrypt with bad alignment");
wolfSSL 4:1b0d80432c79 2404 if (tmp == NULL) return MEMORY_E;
wolfSSL 4:1b0d80432c79 2405
wolfSSL 4:1b0d80432c79 2406 XMEMCPY(tmp, in, sz);
wolfSSL 4:1b0d80432c79 2407 AES_CBC_encrypt(tmp, tmp, (byte*)aes->reg, sz, (byte*)aes->key,
wolfSSL 4:1b0d80432c79 2408 aes->rounds);
wolfSSL 4:1b0d80432c79 2409 /* store iv for next call */
wolfSSL 4:1b0d80432c79 2410 XMEMCPY(aes->reg, tmp + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2411
wolfSSL 4:1b0d80432c79 2412 XMEMCPY(out, tmp, sz);
wolfSSL 4:1b0d80432c79 2413 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 4:1b0d80432c79 2414 return 0;
wolfSSL 4:1b0d80432c79 2415 #else
wolfSSL 4:1b0d80432c79 2416 return BAD_ALIGN_E;
wolfSSL 4:1b0d80432c79 2417 #endif
wolfSSL 4:1b0d80432c79 2418 }
wolfSSL 4:1b0d80432c79 2419
wolfSSL 4:1b0d80432c79 2420 AES_CBC_encrypt(in, out, (byte*)aes->reg, sz, (byte*)aes->key,
wolfSSL 4:1b0d80432c79 2421 aes->rounds);
wolfSSL 4:1b0d80432c79 2422 /* store iv for next call */
wolfSSL 4:1b0d80432c79 2423 XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2424
wolfSSL 4:1b0d80432c79 2425 return 0;
wolfSSL 4:1b0d80432c79 2426 }
wolfSSL 4:1b0d80432c79 2427 #endif
wolfSSL 4:1b0d80432c79 2428
wolfSSL 4:1b0d80432c79 2429 while (blocks--) {
wolfSSL 4:1b0d80432c79 2430 xorbuf((byte*)aes->reg, in, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2431 wc_AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->reg);
wolfSSL 4:1b0d80432c79 2432 XMEMCPY(out, aes->reg, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2433
wolfSSL 4:1b0d80432c79 2434 out += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 2435 in += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 2436 }
wolfSSL 4:1b0d80432c79 2437
wolfSSL 4:1b0d80432c79 2438 return 0;
wolfSSL 4:1b0d80432c79 2439 }
wolfSSL 4:1b0d80432c79 2440
wolfSSL 4:1b0d80432c79 2441 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 2442 int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
wolfSSL 4:1b0d80432c79 2443 {
wolfSSL 4:1b0d80432c79 2444 word32 blocks = sz / AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 2445
wolfSSL 4:1b0d80432c79 2446 #ifdef HAVE_CAVIUM
wolfSSL 4:1b0d80432c79 2447 if (aes->magic == WOLFSSL_AES_CAVIUM_MAGIC)
wolfSSL 4:1b0d80432c79 2448 return wc_AesCaviumCbcDecrypt(aes, out, in, sz);
wolfSSL 4:1b0d80432c79 2449 #endif
wolfSSL 4:1b0d80432c79 2450
wolfSSL 4:1b0d80432c79 2451 #ifdef WOLFSSL_AESNI
wolfSSL 4:1b0d80432c79 2452 if (haveAESNI) {
wolfSSL 4:1b0d80432c79 2453 #ifdef DEBUG_AESNI
wolfSSL 4:1b0d80432c79 2454 printf("about to aes cbc decrypt\n");
wolfSSL 4:1b0d80432c79 2455 printf("in = %p\n", in);
wolfSSL 4:1b0d80432c79 2456 printf("out = %p\n", out);
wolfSSL 4:1b0d80432c79 2457 printf("aes->key = %p\n", aes->key);
wolfSSL 4:1b0d80432c79 2458 printf("aes->reg = %p\n", aes->reg);
wolfSSL 4:1b0d80432c79 2459 printf("aes->rounds = %d\n", aes->rounds);
wolfSSL 4:1b0d80432c79 2460 printf("sz = %d\n", sz);
wolfSSL 4:1b0d80432c79 2461 #endif
wolfSSL 4:1b0d80432c79 2462
wolfSSL 4:1b0d80432c79 2463 /* if input and output same will overwrite input iv */
wolfSSL 4:1b0d80432c79 2464 XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2465 AES_CBC_decrypt(in, out, (byte*)aes->reg, sz, (byte*)aes->key,
wolfSSL 4:1b0d80432c79 2466 aes->rounds);
wolfSSL 4:1b0d80432c79 2467 /* store iv for next call */
wolfSSL 4:1b0d80432c79 2468 XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2469 return 0;
wolfSSL 4:1b0d80432c79 2470 }
wolfSSL 4:1b0d80432c79 2471 #endif
wolfSSL 4:1b0d80432c79 2472
wolfSSL 4:1b0d80432c79 2473 while (blocks--) {
wolfSSL 4:1b0d80432c79 2474 XMEMCPY(aes->tmp, in, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2475 wc_AesDecrypt(aes, (byte*)aes->tmp, out);
wolfSSL 4:1b0d80432c79 2476 xorbuf(out, (byte*)aes->reg, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2477 XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2478
wolfSSL 4:1b0d80432c79 2479 out += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 2480 in += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 2481 }
wolfSSL 4:1b0d80432c79 2482
wolfSSL 4:1b0d80432c79 2483 return 0;
wolfSSL 4:1b0d80432c79 2484 }
wolfSSL 4:1b0d80432c79 2485 #endif
wolfSSL 4:1b0d80432c79 2486
wolfSSL 4:1b0d80432c79 2487 #endif /* STM32F2_CRYPTO, AES-CBC block */
wolfSSL 4:1b0d80432c79 2488 #endif /* HAVE_AES_CBC */
wolfSSL 4:1b0d80432c79 2489
wolfSSL 4:1b0d80432c79 2490 /* AES-CTR */
wolfSSL 4:1b0d80432c79 2491 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 4:1b0d80432c79 2492
wolfSSL 4:1b0d80432c79 2493 #ifdef STM32F2_CRYPTO
wolfSSL 4:1b0d80432c79 2494 void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
wolfSSL 4:1b0d80432c79 2495 {
wolfSSL 4:1b0d80432c79 2496 word32 *enc_key, *iv;
wolfSSL 4:1b0d80432c79 2497 CRYP_InitTypeDef AES_CRYP_InitStructure;
wolfSSL 4:1b0d80432c79 2498 CRYP_KeyInitTypeDef AES_CRYP_KeyInitStructure;
wolfSSL 4:1b0d80432c79 2499 CRYP_IVInitTypeDef AES_CRYP_IVInitStructure;
wolfSSL 4:1b0d80432c79 2500
wolfSSL 4:1b0d80432c79 2501 enc_key = aes->key;
wolfSSL 4:1b0d80432c79 2502 iv = aes->reg;
wolfSSL 4:1b0d80432c79 2503
wolfSSL 4:1b0d80432c79 2504 /* crypto structure initialization */
wolfSSL 4:1b0d80432c79 2505 CRYP_KeyStructInit(&AES_CRYP_KeyInitStructure);
wolfSSL 4:1b0d80432c79 2506 CRYP_StructInit(&AES_CRYP_InitStructure);
wolfSSL 4:1b0d80432c79 2507 CRYP_IVStructInit(&AES_CRYP_IVInitStructure);
wolfSSL 4:1b0d80432c79 2508
wolfSSL 4:1b0d80432c79 2509 /* reset registers to their default values */
wolfSSL 4:1b0d80432c79 2510 CRYP_DeInit();
wolfSSL 4:1b0d80432c79 2511
wolfSSL 4:1b0d80432c79 2512 /* load key into correct registers */
wolfSSL 4:1b0d80432c79 2513 switch(aes->rounds)
wolfSSL 4:1b0d80432c79 2514 {
wolfSSL 4:1b0d80432c79 2515 case 10: /* 128-bit key */
wolfSSL 4:1b0d80432c79 2516 AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_128b;
wolfSSL 4:1b0d80432c79 2517 AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[0];
wolfSSL 4:1b0d80432c79 2518 AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[1];
wolfSSL 4:1b0d80432c79 2519 AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[2];
wolfSSL 4:1b0d80432c79 2520 AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[3];
wolfSSL 4:1b0d80432c79 2521 break;
wolfSSL 4:1b0d80432c79 2522
wolfSSL 4:1b0d80432c79 2523 case 12: /* 192-bit key */
wolfSSL 4:1b0d80432c79 2524 AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_192b;
wolfSSL 4:1b0d80432c79 2525 AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[0];
wolfSSL 4:1b0d80432c79 2526 AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[1];
wolfSSL 4:1b0d80432c79 2527 AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[2];
wolfSSL 4:1b0d80432c79 2528 AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[3];
wolfSSL 4:1b0d80432c79 2529 AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[4];
wolfSSL 4:1b0d80432c79 2530 AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[5];
wolfSSL 4:1b0d80432c79 2531 break;
wolfSSL 4:1b0d80432c79 2532
wolfSSL 4:1b0d80432c79 2533 case 14: /* 256-bit key */
wolfSSL 4:1b0d80432c79 2534 AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_256b;
wolfSSL 4:1b0d80432c79 2535 AES_CRYP_KeyInitStructure.CRYP_Key0Left = enc_key[0];
wolfSSL 4:1b0d80432c79 2536 AES_CRYP_KeyInitStructure.CRYP_Key0Right = enc_key[1];
wolfSSL 4:1b0d80432c79 2537 AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[2];
wolfSSL 4:1b0d80432c79 2538 AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[3];
wolfSSL 4:1b0d80432c79 2539 AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[4];
wolfSSL 4:1b0d80432c79 2540 AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[5];
wolfSSL 4:1b0d80432c79 2541 AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[6];
wolfSSL 4:1b0d80432c79 2542 AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[7];
wolfSSL 4:1b0d80432c79 2543 break;
wolfSSL 4:1b0d80432c79 2544
wolfSSL 4:1b0d80432c79 2545 default:
wolfSSL 4:1b0d80432c79 2546 break;
wolfSSL 4:1b0d80432c79 2547 }
wolfSSL 4:1b0d80432c79 2548 CRYP_KeyInit(&AES_CRYP_KeyInitStructure);
wolfSSL 4:1b0d80432c79 2549
wolfSSL 4:1b0d80432c79 2550 /* set iv */
wolfSSL 4:1b0d80432c79 2551 ByteReverseWords(iv, iv, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2552 AES_CRYP_IVInitStructure.CRYP_IV0Left = iv[0];
wolfSSL 4:1b0d80432c79 2553 AES_CRYP_IVInitStructure.CRYP_IV0Right = iv[1];
wolfSSL 4:1b0d80432c79 2554 AES_CRYP_IVInitStructure.CRYP_IV1Left = iv[2];
wolfSSL 4:1b0d80432c79 2555 AES_CRYP_IVInitStructure.CRYP_IV1Right = iv[3];
wolfSSL 4:1b0d80432c79 2556 CRYP_IVInit(&AES_CRYP_IVInitStructure);
wolfSSL 4:1b0d80432c79 2557
wolfSSL 4:1b0d80432c79 2558 /* set direction, mode, and datatype */
wolfSSL 4:1b0d80432c79 2559 AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Encrypt;
wolfSSL 4:1b0d80432c79 2560 AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_CTR;
wolfSSL 4:1b0d80432c79 2561 AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b;
wolfSSL 4:1b0d80432c79 2562 CRYP_Init(&AES_CRYP_InitStructure);
wolfSSL 4:1b0d80432c79 2563
wolfSSL 4:1b0d80432c79 2564 /* enable crypto processor */
wolfSSL 4:1b0d80432c79 2565 CRYP_Cmd(ENABLE);
wolfSSL 4:1b0d80432c79 2566
wolfSSL 4:1b0d80432c79 2567 while (sz > 0)
wolfSSL 4:1b0d80432c79 2568 {
wolfSSL 4:1b0d80432c79 2569 /* flush IN/OUT FIFOs */
wolfSSL 4:1b0d80432c79 2570 CRYP_FIFOFlush();
wolfSSL 4:1b0d80432c79 2571
wolfSSL 4:1b0d80432c79 2572 CRYP_DataIn(*(uint32_t*)&in[0]);
wolfSSL 4:1b0d80432c79 2573 CRYP_DataIn(*(uint32_t*)&in[4]);
wolfSSL 4:1b0d80432c79 2574 CRYP_DataIn(*(uint32_t*)&in[8]);
wolfSSL 4:1b0d80432c79 2575 CRYP_DataIn(*(uint32_t*)&in[12]);
wolfSSL 4:1b0d80432c79 2576
wolfSSL 4:1b0d80432c79 2577 /* wait until the complete message has been processed */
wolfSSL 4:1b0d80432c79 2578 while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {}
wolfSSL 4:1b0d80432c79 2579
wolfSSL 4:1b0d80432c79 2580 *(uint32_t*)&out[0] = CRYP_DataOut();
wolfSSL 4:1b0d80432c79 2581 *(uint32_t*)&out[4] = CRYP_DataOut();
wolfSSL 4:1b0d80432c79 2582 *(uint32_t*)&out[8] = CRYP_DataOut();
wolfSSL 4:1b0d80432c79 2583 *(uint32_t*)&out[12] = CRYP_DataOut();
wolfSSL 4:1b0d80432c79 2584
wolfSSL 4:1b0d80432c79 2585 /* store iv for next call */
wolfSSL 4:1b0d80432c79 2586 XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2587
wolfSSL 4:1b0d80432c79 2588 sz -= 16;
wolfSSL 4:1b0d80432c79 2589 in += 16;
wolfSSL 4:1b0d80432c79 2590 out += 16;
wolfSSL 4:1b0d80432c79 2591 }
wolfSSL 4:1b0d80432c79 2592
wolfSSL 4:1b0d80432c79 2593 /* disable crypto processor */
wolfSSL 4:1b0d80432c79 2594 CRYP_Cmd(DISABLE);
wolfSSL 4:1b0d80432c79 2595 }
wolfSSL 4:1b0d80432c79 2596
wolfSSL 4:1b0d80432c79 2597 #elif defined(WOLFSSL_PIC32MZ_CRYPT)
wolfSSL 4:1b0d80432c79 2598 void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
wolfSSL 4:1b0d80432c79 2599 {
wolfSSL 4:1b0d80432c79 2600 int i ;
wolfSSL 4:1b0d80432c79 2601 char out_block[AES_BLOCK_SIZE] ;
wolfSSL 4:1b0d80432c79 2602 int odd ;
wolfSSL 4:1b0d80432c79 2603 int even ;
wolfSSL 4:1b0d80432c79 2604 char *tmp ; /* (char *)aes->tmp, for short */
wolfSSL 4:1b0d80432c79 2605
wolfSSL 4:1b0d80432c79 2606 tmp = (char *)aes->tmp ;
wolfSSL 4:1b0d80432c79 2607 if(aes->left) {
wolfSSL 4:1b0d80432c79 2608 if((aes->left + sz) >= AES_BLOCK_SIZE){
wolfSSL 4:1b0d80432c79 2609 odd = AES_BLOCK_SIZE - aes->left ;
wolfSSL 4:1b0d80432c79 2610 } else {
wolfSSL 4:1b0d80432c79 2611 odd = sz ;
wolfSSL 4:1b0d80432c79 2612 }
wolfSSL 4:1b0d80432c79 2613 XMEMCPY(tmp+aes->left, in, odd) ;
wolfSSL 4:1b0d80432c79 2614 if((odd+aes->left) == AES_BLOCK_SIZE){
wolfSSL 4:1b0d80432c79 2615 wc_AesCrypt(aes, out_block, tmp, AES_BLOCK_SIZE,
wolfSSL 4:1b0d80432c79 2616 PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCTR);
wolfSSL 4:1b0d80432c79 2617 XMEMCPY(out, out_block+aes->left, odd) ;
wolfSSL 4:1b0d80432c79 2618 aes->left = 0 ;
wolfSSL 4:1b0d80432c79 2619 XMEMSET(tmp, 0x0, AES_BLOCK_SIZE) ;
wolfSSL 4:1b0d80432c79 2620 /* Increment IV */
wolfSSL 4:1b0d80432c79 2621 for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
wolfSSL 4:1b0d80432c79 2622 if (++((byte *)aes->iv_ce)[i])
wolfSSL 4:1b0d80432c79 2623 break ;
wolfSSL 4:1b0d80432c79 2624 }
wolfSSL 4:1b0d80432c79 2625 }
wolfSSL 4:1b0d80432c79 2626 in += odd ;
wolfSSL 4:1b0d80432c79 2627 out+= odd ;
wolfSSL 4:1b0d80432c79 2628 sz -= odd ;
wolfSSL 4:1b0d80432c79 2629 }
wolfSSL 4:1b0d80432c79 2630 odd = sz % AES_BLOCK_SIZE ; /* if there is tail fragment */
wolfSSL 4:1b0d80432c79 2631 if(sz / AES_BLOCK_SIZE) {
wolfSSL 4:1b0d80432c79 2632 even = (sz/AES_BLOCK_SIZE)*AES_BLOCK_SIZE ;
wolfSSL 4:1b0d80432c79 2633 wc_AesCrypt(aes, out, in, even, PIC32_ENCRYPTION, PIC32_ALGO_AES,
wolfSSL 4:1b0d80432c79 2634 PIC32_CRYPTOALGO_RCTR);
wolfSSL 4:1b0d80432c79 2635 out += even ;
wolfSSL 4:1b0d80432c79 2636 in += even ;
wolfSSL 4:1b0d80432c79 2637 do { /* Increment IV */
wolfSSL 4:1b0d80432c79 2638 for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
wolfSSL 4:1b0d80432c79 2639 if (++((byte *)aes->iv_ce)[i])
wolfSSL 4:1b0d80432c79 2640 break ;
wolfSSL 4:1b0d80432c79 2641 }
wolfSSL 4:1b0d80432c79 2642 even -= AES_BLOCK_SIZE ;
wolfSSL 4:1b0d80432c79 2643 } while((int)even > 0) ;
wolfSSL 4:1b0d80432c79 2644 }
wolfSSL 4:1b0d80432c79 2645 if(odd) {
wolfSSL 4:1b0d80432c79 2646 XMEMSET(tmp+aes->left, 0x0, AES_BLOCK_SIZE - aes->left) ;
wolfSSL 4:1b0d80432c79 2647 XMEMCPY(tmp+aes->left, in, odd) ;
wolfSSL 4:1b0d80432c79 2648 wc_AesCrypt(aes, out_block, tmp, AES_BLOCK_SIZE,
wolfSSL 4:1b0d80432c79 2649 PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCTR);
wolfSSL 4:1b0d80432c79 2650 XMEMCPY(out, out_block+aes->left,odd) ;
wolfSSL 4:1b0d80432c79 2651 aes->left += odd ;
wolfSSL 4:1b0d80432c79 2652 }
wolfSSL 4:1b0d80432c79 2653 }
wolfSSL 4:1b0d80432c79 2654
wolfSSL 4:1b0d80432c79 2655 #elif defined(HAVE_COLDFIRE_SEC)
wolfSSL 4:1b0d80432c79 2656 #error "Coldfire SEC doesn't currently support AES-CTR mode"
wolfSSL 4:1b0d80432c79 2657
wolfSSL 4:1b0d80432c79 2658 #elif defined(FREESCALE_MMCAU)
wolfSSL 4:1b0d80432c79 2659 #error "Freescale mmCAU doesn't currently support AES-CTR mode"
wolfSSL 4:1b0d80432c79 2660
wolfSSL 4:1b0d80432c79 2661 #else
wolfSSL 4:1b0d80432c79 2662 /* Increment AES counter */
wolfSSL 4:1b0d80432c79 2663 static INLINE void IncrementAesCounter(byte* inOutCtr)
wolfSSL 4:1b0d80432c79 2664 {
wolfSSL 4:1b0d80432c79 2665 int i;
wolfSSL 4:1b0d80432c79 2666
wolfSSL 4:1b0d80432c79 2667 /* in network byte order so start at end and work back */
wolfSSL 4:1b0d80432c79 2668 for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
wolfSSL 4:1b0d80432c79 2669 if (++inOutCtr[i]) /* we're done unless we overflow */
wolfSSL 4:1b0d80432c79 2670 return;
wolfSSL 4:1b0d80432c79 2671 }
wolfSSL 4:1b0d80432c79 2672 }
wolfSSL 4:1b0d80432c79 2673
wolfSSL 4:1b0d80432c79 2674 void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
wolfSSL 4:1b0d80432c79 2675 {
wolfSSL 4:1b0d80432c79 2676 byte* tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
wolfSSL 4:1b0d80432c79 2677
wolfSSL 4:1b0d80432c79 2678 /* consume any unused bytes left in aes->tmp */
wolfSSL 4:1b0d80432c79 2679 while (aes->left && sz) {
wolfSSL 4:1b0d80432c79 2680 *(out++) = *(in++) ^ *(tmp++);
wolfSSL 4:1b0d80432c79 2681 aes->left--;
wolfSSL 4:1b0d80432c79 2682 sz--;
wolfSSL 4:1b0d80432c79 2683 }
wolfSSL 4:1b0d80432c79 2684
wolfSSL 4:1b0d80432c79 2685 /* do as many block size ops as possible */
wolfSSL 4:1b0d80432c79 2686 while (sz >= AES_BLOCK_SIZE) {
wolfSSL 4:1b0d80432c79 2687 wc_AesEncrypt(aes, (byte*)aes->reg, out);
wolfSSL 4:1b0d80432c79 2688 IncrementAesCounter((byte*)aes->reg);
wolfSSL 4:1b0d80432c79 2689 xorbuf(out, in, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2690
wolfSSL 4:1b0d80432c79 2691 out += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 2692 in += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 2693 sz -= AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 2694 aes->left = 0;
wolfSSL 4:1b0d80432c79 2695 }
wolfSSL 4:1b0d80432c79 2696
wolfSSL 4:1b0d80432c79 2697 /* handle non block size remaining and store unused byte count in left */
wolfSSL 4:1b0d80432c79 2698 if (sz) {
wolfSSL 4:1b0d80432c79 2699 wc_AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->tmp);
wolfSSL 4:1b0d80432c79 2700 IncrementAesCounter((byte*)aes->reg);
wolfSSL 4:1b0d80432c79 2701
wolfSSL 4:1b0d80432c79 2702 aes->left = AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 2703 tmp = (byte*)aes->tmp;
wolfSSL 4:1b0d80432c79 2704
wolfSSL 4:1b0d80432c79 2705 while (sz--) {
wolfSSL 4:1b0d80432c79 2706 *(out++) = *(in++) ^ *(tmp++);
wolfSSL 4:1b0d80432c79 2707 aes->left--;
wolfSSL 4:1b0d80432c79 2708 }
wolfSSL 4:1b0d80432c79 2709 }
wolfSSL 4:1b0d80432c79 2710 }
wolfSSL 4:1b0d80432c79 2711
wolfSSL 4:1b0d80432c79 2712 #endif /* STM32F2_CRYPTO, AES-CTR block */
wolfSSL 4:1b0d80432c79 2713
wolfSSL 4:1b0d80432c79 2714 #endif /* WOLFSSL_AES_COUNTER */
wolfSSL 4:1b0d80432c79 2715
wolfSSL 4:1b0d80432c79 2716 #ifdef HAVE_AESGCM
wolfSSL 4:1b0d80432c79 2717
wolfSSL 4:1b0d80432c79 2718 /*
wolfSSL 4:1b0d80432c79 2719 * The IV for AES GCM, stored in struct Aes's member reg, is comprised of
wolfSSL 4:1b0d80432c79 2720 * three parts in order:
wolfSSL 4:1b0d80432c79 2721 * 1. The implicit IV. This is generated from the PRF using the shared
wolfSSL 4:1b0d80432c79 2722 * secrets between endpoints. It is 4 bytes long.
wolfSSL 4:1b0d80432c79 2723 * 2. The explicit IV. This is set by the user of the AES. It needs to be
wolfSSL 4:1b0d80432c79 2724 * unique for each call to encrypt. The explicit IV is shared with the
wolfSSL 4:1b0d80432c79 2725 * other end of the transaction in the clear.
wolfSSL 4:1b0d80432c79 2726 * 3. The counter. Each block of data is encrypted with its own sequence
wolfSSL 4:1b0d80432c79 2727 * number counter.
wolfSSL 4:1b0d80432c79 2728 */
wolfSSL 4:1b0d80432c79 2729
wolfSSL 4:1b0d80432c79 2730 #ifdef STM32F2_CRYPTO
wolfSSL 4:1b0d80432c79 2731 #error "STM32F2 crypto doesn't currently support AES-GCM mode"
wolfSSL 4:1b0d80432c79 2732
wolfSSL 4:1b0d80432c79 2733 #elif defined(HAVE_COLDFIRE_SEC)
wolfSSL 4:1b0d80432c79 2734 #error "Coldfire SEC doesn't currently support AES-GCM mode"
wolfSSL 4:1b0d80432c79 2735
wolfSSL 4:1b0d80432c79 2736 #elif defined(WOLFSSL_NRF51_AES)
wolfSSL 4:1b0d80432c79 2737 #error "nRF51 doesn't currently support AES-GCM mode"
wolfSSL 4:1b0d80432c79 2738
wolfSSL 4:1b0d80432c79 2739 #endif
wolfSSL 4:1b0d80432c79 2740
wolfSSL 4:1b0d80432c79 2741 enum {
wolfSSL 4:1b0d80432c79 2742 NONCE_SZ = 12,
wolfSSL 4:1b0d80432c79 2743 CTR_SZ = 4
wolfSSL 4:1b0d80432c79 2744 };
wolfSSL 4:1b0d80432c79 2745
wolfSSL 4:1b0d80432c79 2746
wolfSSL 4:1b0d80432c79 2747 static INLINE void IncrementGcmCounter(byte* inOutCtr)
wolfSSL 4:1b0d80432c79 2748 {
wolfSSL 4:1b0d80432c79 2749 int i;
wolfSSL 4:1b0d80432c79 2750
wolfSSL 4:1b0d80432c79 2751 /* in network byte order so start at end and work back */
wolfSSL 4:1b0d80432c79 2752 for (i = AES_BLOCK_SIZE - 1; i >= AES_BLOCK_SIZE - CTR_SZ; i--) {
wolfSSL 4:1b0d80432c79 2753 if (++inOutCtr[i]) /* we're done unless we overflow */
wolfSSL 4:1b0d80432c79 2754 return;
wolfSSL 4:1b0d80432c79 2755 }
wolfSSL 4:1b0d80432c79 2756 }
wolfSSL 4:1b0d80432c79 2757
wolfSSL 4:1b0d80432c79 2758
wolfSSL 4:1b0d80432c79 2759 #if defined(GCM_SMALL) || defined(GCM_TABLE)
wolfSSL 4:1b0d80432c79 2760
wolfSSL 4:1b0d80432c79 2761 static INLINE void FlattenSzInBits(byte* buf, word32 sz)
wolfSSL 4:1b0d80432c79 2762 {
wolfSSL 4:1b0d80432c79 2763 /* Multiply the sz by 8 */
wolfSSL 4:1b0d80432c79 2764 word32 szHi = (sz >> (8*sizeof(sz) - 3));
wolfSSL 4:1b0d80432c79 2765 sz <<= 3;
wolfSSL 4:1b0d80432c79 2766
wolfSSL 4:1b0d80432c79 2767 /* copy over the words of the sz into the destination buffer */
wolfSSL 4:1b0d80432c79 2768 buf[0] = (szHi >> 24) & 0xff;
wolfSSL 4:1b0d80432c79 2769 buf[1] = (szHi >> 16) & 0xff;
wolfSSL 4:1b0d80432c79 2770 buf[2] = (szHi >> 8) & 0xff;
wolfSSL 4:1b0d80432c79 2771 buf[3] = szHi & 0xff;
wolfSSL 4:1b0d80432c79 2772 buf[4] = (sz >> 24) & 0xff;
wolfSSL 4:1b0d80432c79 2773 buf[5] = (sz >> 16) & 0xff;
wolfSSL 4:1b0d80432c79 2774 buf[6] = (sz >> 8) & 0xff;
wolfSSL 4:1b0d80432c79 2775 buf[7] = sz & 0xff;
wolfSSL 4:1b0d80432c79 2776 }
wolfSSL 4:1b0d80432c79 2777
wolfSSL 4:1b0d80432c79 2778
wolfSSL 4:1b0d80432c79 2779 static INLINE void RIGHTSHIFTX(byte* x)
wolfSSL 4:1b0d80432c79 2780 {
wolfSSL 4:1b0d80432c79 2781 int i;
wolfSSL 4:1b0d80432c79 2782 int carryOut = 0;
wolfSSL 4:1b0d80432c79 2783 int carryIn = 0;
wolfSSL 4:1b0d80432c79 2784 int borrow = x[15] & 0x01;
wolfSSL 4:1b0d80432c79 2785
wolfSSL 4:1b0d80432c79 2786 for (i = 0; i < AES_BLOCK_SIZE; i++) {
wolfSSL 4:1b0d80432c79 2787 carryOut = x[i] & 0x01;
wolfSSL 4:1b0d80432c79 2788 x[i] = (x[i] >> 1) | (carryIn ? 0x80 : 0);
wolfSSL 4:1b0d80432c79 2789 carryIn = carryOut;
wolfSSL 4:1b0d80432c79 2790 }
wolfSSL 4:1b0d80432c79 2791 if (borrow) x[0] ^= 0xE1;
wolfSSL 4:1b0d80432c79 2792 }
wolfSSL 4:1b0d80432c79 2793
wolfSSL 4:1b0d80432c79 2794 #endif /* defined(GCM_SMALL) || defined(GCM_TABLE) */
wolfSSL 4:1b0d80432c79 2795
wolfSSL 4:1b0d80432c79 2796
wolfSSL 4:1b0d80432c79 2797 #ifdef GCM_TABLE
wolfSSL 4:1b0d80432c79 2798
wolfSSL 4:1b0d80432c79 2799 static void GenerateM0(Aes* aes)
wolfSSL 4:1b0d80432c79 2800 {
wolfSSL 4:1b0d80432c79 2801 int i, j;
wolfSSL 4:1b0d80432c79 2802 byte (*m)[AES_BLOCK_SIZE] = aes->M0;
wolfSSL 4:1b0d80432c79 2803
wolfSSL 4:1b0d80432c79 2804 XMEMCPY(m[128], aes->H, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2805
wolfSSL 4:1b0d80432c79 2806 for (i = 64; i > 0; i /= 2) {
wolfSSL 4:1b0d80432c79 2807 XMEMCPY(m[i], m[i*2], AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2808 RIGHTSHIFTX(m[i]);
wolfSSL 4:1b0d80432c79 2809 }
wolfSSL 4:1b0d80432c79 2810
wolfSSL 4:1b0d80432c79 2811 for (i = 2; i < 256; i *= 2) {
wolfSSL 4:1b0d80432c79 2812 for (j = 1; j < i; j++) {
wolfSSL 4:1b0d80432c79 2813 XMEMCPY(m[i+j], m[i], AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2814 xorbuf(m[i+j], m[j], AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2815 }
wolfSSL 4:1b0d80432c79 2816 }
wolfSSL 4:1b0d80432c79 2817
wolfSSL 4:1b0d80432c79 2818 XMEMSET(m[0], 0, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2819 }
wolfSSL 4:1b0d80432c79 2820
wolfSSL 4:1b0d80432c79 2821 #endif /* GCM_TABLE */
wolfSSL 4:1b0d80432c79 2822
wolfSSL 4:1b0d80432c79 2823
wolfSSL 4:1b0d80432c79 2824 int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
wolfSSL 4:1b0d80432c79 2825 {
wolfSSL 4:1b0d80432c79 2826 int ret;
wolfSSL 4:1b0d80432c79 2827 byte iv[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 2828
wolfSSL 4:1b0d80432c79 2829 if (!((len == 16) || (len == 24) || (len == 32)))
wolfSSL 4:1b0d80432c79 2830 return BAD_FUNC_ARG;
wolfSSL 4:1b0d80432c79 2831
wolfSSL 4:1b0d80432c79 2832 XMEMSET(iv, 0, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 2833 ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
wolfSSL 4:1b0d80432c79 2834
wolfSSL 4:1b0d80432c79 2835 #ifdef WOLFSSL_AESNI
wolfSSL 4:1b0d80432c79 2836 /* AES-NI code generates its own H value. */
wolfSSL 4:1b0d80432c79 2837 if (haveAESNI)
wolfSSL 4:1b0d80432c79 2838 return ret;
wolfSSL 4:1b0d80432c79 2839 #endif /* WOLFSSL_AESNI */
wolfSSL 4:1b0d80432c79 2840
wolfSSL 4:1b0d80432c79 2841 if (ret == 0) {
wolfSSL 4:1b0d80432c79 2842 wc_AesEncrypt(aes, iv, aes->H);
wolfSSL 4:1b0d80432c79 2843 #ifdef GCM_TABLE
wolfSSL 4:1b0d80432c79 2844 GenerateM0(aes);
wolfSSL 4:1b0d80432c79 2845 #endif /* GCM_TABLE */
wolfSSL 4:1b0d80432c79 2846 }
wolfSSL 4:1b0d80432c79 2847
wolfSSL 4:1b0d80432c79 2848 return ret;
wolfSSL 4:1b0d80432c79 2849 }
wolfSSL 4:1b0d80432c79 2850
wolfSSL 4:1b0d80432c79 2851
wolfSSL 4:1b0d80432c79 2852 #ifdef WOLFSSL_AESNI
wolfSSL 4:1b0d80432c79 2853
wolfSSL 4:1b0d80432c79 2854 void gfmul(__m128i a, __m128i b, __m128i* out) XASM_LINK("gfmul");
wolfSSL 4:1b0d80432c79 2855
wolfSSL 4:1b0d80432c79 2856
wolfSSL 4:1b0d80432c79 2857 /* See Intel® Carry-Less Multiplication Instruction
wolfSSL 4:1b0d80432c79 2858 * and its Usage for Computing the GCM Mode White Paper
wolfSSL 4:1b0d80432c79 2859 * by Shay Gueron, Intel Mobility Group, Israel Development Center;
wolfSSL 4:1b0d80432c79 2860 * and Michael E. Kounavis, Intel Labs, Circuits and Systems Research */
wolfSSL 4:1b0d80432c79 2861
wolfSSL 4:1b0d80432c79 2862
wolfSSL 4:1b0d80432c79 2863 /* Figure 9. AES-GCM – Encrypt With Single Block Ghash at a Time */
wolfSSL 4:1b0d80432c79 2864
wolfSSL 4:1b0d80432c79 2865 static void AES_GCM_encrypt(const unsigned char *in,
wolfSSL 4:1b0d80432c79 2866 unsigned char *out,
wolfSSL 4:1b0d80432c79 2867 const unsigned char* addt,
wolfSSL 4:1b0d80432c79 2868 const unsigned char* ivec,
wolfSSL 4:1b0d80432c79 2869 unsigned char *tag,
wolfSSL 4:1b0d80432c79 2870 int nbytes, int abytes, int ibytes,
wolfSSL 4:1b0d80432c79 2871 const unsigned char* key, int nr)
wolfSSL 4:1b0d80432c79 2872 {
wolfSSL 4:1b0d80432c79 2873 int i, j ,k;
wolfSSL 4:1b0d80432c79 2874 __m128i tmp1, tmp2, tmp3, tmp4;
wolfSSL 4:1b0d80432c79 2875 __m128i H, Y, T;
wolfSSL 4:1b0d80432c79 2876 __m128i *KEY = (__m128i*)key;
wolfSSL 4:1b0d80432c79 2877 __m128i ctr1, ctr2, ctr3, ctr4;
wolfSSL 4:1b0d80432c79 2878 __m128i last_block = _mm_setzero_si128();
wolfSSL 4:1b0d80432c79 2879 __m128i ONE = _mm_set_epi32(0, 1, 0, 0);
wolfSSL 4:1b0d80432c79 2880 __m128i FOUR = _mm_set_epi32(0, 4, 0, 0);
wolfSSL 4:1b0d80432c79 2881 __m128i BSWAP_EPI64 = _mm_set_epi8(8,9,10,11,12,13,14,15,0,1,2,3,4,5,6,7);
wolfSSL 4:1b0d80432c79 2882 __m128i BSWAP_MASK = _mm_set_epi8(0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15);
wolfSSL 4:1b0d80432c79 2883 __m128i X = _mm_setzero_si128();
wolfSSL 4:1b0d80432c79 2884
wolfSSL 4:1b0d80432c79 2885 if(ibytes == 96/8) {
wolfSSL 4:1b0d80432c79 2886 Y = _mm_loadu_si128((__m128i*)ivec);
wolfSSL 4:1b0d80432c79 2887 Y = _mm_insert_epi32(Y, 0x1000000, 3);
wolfSSL 4:1b0d80432c79 2888 /* (Compute E[ZERO, KS] and E[Y0, KS] together */
wolfSSL 4:1b0d80432c79 2889 tmp1 = _mm_xor_si128(X, KEY[0]);
wolfSSL 4:1b0d80432c79 2890 tmp2 = _mm_xor_si128(Y, KEY[0]);
wolfSSL 4:1b0d80432c79 2891 for(j=1; j < nr-1; j+=2) {
wolfSSL 4:1b0d80432c79 2892 tmp1 = _mm_aesenc_si128(tmp1, KEY[j]);
wolfSSL 4:1b0d80432c79 2893 tmp2 = _mm_aesenc_si128(tmp2, KEY[j]);
wolfSSL 4:1b0d80432c79 2894 tmp1 = _mm_aesenc_si128(tmp1, KEY[j+1]);
wolfSSL 4:1b0d80432c79 2895 tmp2 = _mm_aesenc_si128(tmp2, KEY[j+1]);
wolfSSL 4:1b0d80432c79 2896 }
wolfSSL 4:1b0d80432c79 2897 tmp1 = _mm_aesenc_si128(tmp1, KEY[nr-1]);
wolfSSL 4:1b0d80432c79 2898 tmp2 = _mm_aesenc_si128(tmp2, KEY[nr-1]);
wolfSSL 4:1b0d80432c79 2899 H = _mm_aesenclast_si128(tmp1, KEY[nr]);
wolfSSL 4:1b0d80432c79 2900 T = _mm_aesenclast_si128(tmp2, KEY[nr]);
wolfSSL 4:1b0d80432c79 2901 H = _mm_shuffle_epi8(H, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 2902 }
wolfSSL 4:1b0d80432c79 2903 else {
wolfSSL 4:1b0d80432c79 2904 tmp1 = _mm_xor_si128(X, KEY[0]);
wolfSSL 4:1b0d80432c79 2905 for(j=1; j <nr; j++)
wolfSSL 4:1b0d80432c79 2906 tmp1 = _mm_aesenc_si128(tmp1, KEY[j]);
wolfSSL 4:1b0d80432c79 2907 H = _mm_aesenclast_si128(tmp1, KEY[nr]);
wolfSSL 4:1b0d80432c79 2908 H = _mm_shuffle_epi8(H, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 2909 Y = _mm_setzero_si128();
wolfSSL 4:1b0d80432c79 2910 for(i=0; i < ibytes/16; i++) {
wolfSSL 4:1b0d80432c79 2911 tmp1 = _mm_loadu_si128(&((__m128i*)ivec)[i]);
wolfSSL 4:1b0d80432c79 2912 tmp1 = _mm_shuffle_epi8(tmp1, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 2913 Y = _mm_xor_si128(Y, tmp1);
wolfSSL 4:1b0d80432c79 2914 gfmul(Y, H, &Y);
wolfSSL 4:1b0d80432c79 2915 }
wolfSSL 4:1b0d80432c79 2916 if(ibytes%16) {
wolfSSL 4:1b0d80432c79 2917 for(j=0; j < ibytes%16; j++)
wolfSSL 4:1b0d80432c79 2918 ((unsigned char*)&last_block)[j] = ivec[i*16+j];
wolfSSL 4:1b0d80432c79 2919 tmp1 = last_block;
wolfSSL 4:1b0d80432c79 2920 tmp1 = _mm_shuffle_epi8(tmp1, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 2921 Y = _mm_xor_si128(Y, tmp1);
wolfSSL 4:1b0d80432c79 2922 gfmul(Y, H, &Y);
wolfSSL 4:1b0d80432c79 2923 }
wolfSSL 4:1b0d80432c79 2924 tmp1 = _mm_insert_epi64(tmp1, ibytes*8, 0);
wolfSSL 4:1b0d80432c79 2925 tmp1 = _mm_insert_epi64(tmp1, 0, 1);
wolfSSL 4:1b0d80432c79 2926 Y = _mm_xor_si128(Y, tmp1);
wolfSSL 4:1b0d80432c79 2927 gfmul(Y, H, &Y);
wolfSSL 4:1b0d80432c79 2928 Y = _mm_shuffle_epi8(Y, BSWAP_MASK); /* Compute E(K, Y0) */
wolfSSL 4:1b0d80432c79 2929 tmp1 = _mm_xor_si128(Y, KEY[0]);
wolfSSL 4:1b0d80432c79 2930 for(j=1; j < nr; j++)
wolfSSL 4:1b0d80432c79 2931 tmp1 = _mm_aesenc_si128(tmp1, KEY[j]);
wolfSSL 4:1b0d80432c79 2932 T = _mm_aesenclast_si128(tmp1, KEY[nr]);
wolfSSL 4:1b0d80432c79 2933 }
wolfSSL 4:1b0d80432c79 2934
wolfSSL 4:1b0d80432c79 2935 for(i=0; i<abytes/16; i++){
wolfSSL 4:1b0d80432c79 2936 tmp1 = _mm_loadu_si128(&((__m128i*)addt)[i]);
wolfSSL 4:1b0d80432c79 2937 tmp1 = _mm_shuffle_epi8(tmp1, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 2938 X = _mm_xor_si128(X, tmp1);
wolfSSL 4:1b0d80432c79 2939 gfmul(X, H, &X);
wolfSSL 4:1b0d80432c79 2940 }
wolfSSL 4:1b0d80432c79 2941 if(abytes%16){
wolfSSL 4:1b0d80432c79 2942 last_block = _mm_setzero_si128();
wolfSSL 4:1b0d80432c79 2943 for(j=0; j<abytes%16; j++)
wolfSSL 4:1b0d80432c79 2944 ((unsigned char*)&last_block)[j] = addt[i*16+j];
wolfSSL 4:1b0d80432c79 2945 tmp1 = last_block;
wolfSSL 4:1b0d80432c79 2946 tmp1 = _mm_shuffle_epi8(tmp1, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 2947 X = _mm_xor_si128(X, tmp1);
wolfSSL 4:1b0d80432c79 2948 gfmul(X, H, &X);
wolfSSL 4:1b0d80432c79 2949 }
wolfSSL 4:1b0d80432c79 2950
wolfSSL 4:1b0d80432c79 2951 ctr1 = _mm_shuffle_epi8(Y, BSWAP_EPI64);
wolfSSL 4:1b0d80432c79 2952 ctr1 = _mm_add_epi32(ctr1, ONE);
wolfSSL 4:1b0d80432c79 2953 ctr2 = _mm_add_epi32(ctr1, ONE);
wolfSSL 4:1b0d80432c79 2954 ctr3 = _mm_add_epi32(ctr2, ONE);
wolfSSL 4:1b0d80432c79 2955 ctr4 = _mm_add_epi32(ctr3, ONE);
wolfSSL 4:1b0d80432c79 2956
wolfSSL 4:1b0d80432c79 2957 for(i=0; i < nbytes/16/4; i++){
wolfSSL 4:1b0d80432c79 2958 tmp1 = _mm_shuffle_epi8(ctr1, BSWAP_EPI64);
wolfSSL 4:1b0d80432c79 2959 tmp2 = _mm_shuffle_epi8(ctr2, BSWAP_EPI64);
wolfSSL 4:1b0d80432c79 2960 tmp3 = _mm_shuffle_epi8(ctr3, BSWAP_EPI64);
wolfSSL 4:1b0d80432c79 2961 tmp4 = _mm_shuffle_epi8(ctr4, BSWAP_EPI64);
wolfSSL 4:1b0d80432c79 2962 ctr1 = _mm_add_epi32(ctr1, FOUR);
wolfSSL 4:1b0d80432c79 2963 ctr2 = _mm_add_epi32(ctr2, FOUR);
wolfSSL 4:1b0d80432c79 2964 ctr3 = _mm_add_epi32(ctr3, FOUR);
wolfSSL 4:1b0d80432c79 2965 ctr4 = _mm_add_epi32(ctr4, FOUR);
wolfSSL 4:1b0d80432c79 2966 tmp1 =_mm_xor_si128(tmp1, KEY[0]);
wolfSSL 4:1b0d80432c79 2967 tmp2 =_mm_xor_si128(tmp2, KEY[0]);
wolfSSL 4:1b0d80432c79 2968 tmp3 =_mm_xor_si128(tmp3, KEY[0]);
wolfSSL 4:1b0d80432c79 2969 tmp4 =_mm_xor_si128(tmp4, KEY[0]);
wolfSSL 4:1b0d80432c79 2970 for(j=1; j < nr-1; j+=2){
wolfSSL 4:1b0d80432c79 2971 tmp1 = _mm_aesenc_si128(tmp1, KEY[j]);
wolfSSL 4:1b0d80432c79 2972 tmp2 = _mm_aesenc_si128(tmp2, KEY[j]);
wolfSSL 4:1b0d80432c79 2973 tmp3 = _mm_aesenc_si128(tmp3, KEY[j]);
wolfSSL 4:1b0d80432c79 2974 tmp4 = _mm_aesenc_si128(tmp4, KEY[j]);
wolfSSL 4:1b0d80432c79 2975 tmp1 = _mm_aesenc_si128(tmp1, KEY[j+1]);
wolfSSL 4:1b0d80432c79 2976 tmp2 = _mm_aesenc_si128(tmp2, KEY[j+1]);
wolfSSL 4:1b0d80432c79 2977 tmp3 = _mm_aesenc_si128(tmp3, KEY[j+1]);
wolfSSL 4:1b0d80432c79 2978 tmp4 = _mm_aesenc_si128(tmp4, KEY[j+1]);
wolfSSL 4:1b0d80432c79 2979 }
wolfSSL 4:1b0d80432c79 2980 tmp1 = _mm_aesenc_si128(tmp1, KEY[nr-1]);
wolfSSL 4:1b0d80432c79 2981 tmp2 = _mm_aesenc_si128(tmp2, KEY[nr-1]);
wolfSSL 4:1b0d80432c79 2982 tmp3 = _mm_aesenc_si128(tmp3, KEY[nr-1]);
wolfSSL 4:1b0d80432c79 2983 tmp4 = _mm_aesenc_si128(tmp4, KEY[nr-1]);
wolfSSL 4:1b0d80432c79 2984 tmp1 =_mm_aesenclast_si128(tmp1, KEY[nr]);
wolfSSL 4:1b0d80432c79 2985 tmp2 =_mm_aesenclast_si128(tmp2, KEY[nr]);
wolfSSL 4:1b0d80432c79 2986 tmp3 =_mm_aesenclast_si128(tmp3, KEY[nr]);
wolfSSL 4:1b0d80432c79 2987 tmp4 =_mm_aesenclast_si128(tmp4, KEY[nr]);
wolfSSL 4:1b0d80432c79 2988 tmp1 = _mm_xor_si128(tmp1, _mm_loadu_si128(&((__m128i*)in)[i*4+0]));
wolfSSL 4:1b0d80432c79 2989 tmp2 = _mm_xor_si128(tmp2, _mm_loadu_si128(&((__m128i*)in)[i*4+1]));
wolfSSL 4:1b0d80432c79 2990 tmp3 = _mm_xor_si128(tmp3, _mm_loadu_si128(&((__m128i*)in)[i*4+2]));
wolfSSL 4:1b0d80432c79 2991 tmp4 = _mm_xor_si128(tmp4, _mm_loadu_si128(&((__m128i*)in)[i*4+3]));
wolfSSL 4:1b0d80432c79 2992 _mm_storeu_si128(&((__m128i*)out)[i*4+0], tmp1);
wolfSSL 4:1b0d80432c79 2993 _mm_storeu_si128(&((__m128i*)out)[i*4+1], tmp2);
wolfSSL 4:1b0d80432c79 2994 _mm_storeu_si128(&((__m128i*)out)[i*4+2], tmp3);
wolfSSL 4:1b0d80432c79 2995 _mm_storeu_si128(&((__m128i*)out)[i*4+3], tmp4);
wolfSSL 4:1b0d80432c79 2996 tmp1 = _mm_shuffle_epi8(tmp1, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 2997 tmp2 = _mm_shuffle_epi8(tmp2, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 2998 tmp3 = _mm_shuffle_epi8(tmp3, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 2999 tmp4 = _mm_shuffle_epi8(tmp4, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 3000 X = _mm_xor_si128(X, tmp1);
wolfSSL 4:1b0d80432c79 3001 gfmul(X, H, &X);
wolfSSL 4:1b0d80432c79 3002 X = _mm_xor_si128(X, tmp2);
wolfSSL 4:1b0d80432c79 3003 gfmul(X, H, &X);
wolfSSL 4:1b0d80432c79 3004 X = _mm_xor_si128(X, tmp3);
wolfSSL 4:1b0d80432c79 3005 gfmul(X, H, &X);
wolfSSL 4:1b0d80432c79 3006 X = _mm_xor_si128(X, tmp4);
wolfSSL 4:1b0d80432c79 3007 gfmul(X, H, &X);
wolfSSL 4:1b0d80432c79 3008 }
wolfSSL 4:1b0d80432c79 3009 for(k = i*4; k < nbytes/16; k++){
wolfSSL 4:1b0d80432c79 3010 tmp1 = _mm_shuffle_epi8(ctr1, BSWAP_EPI64);
wolfSSL 4:1b0d80432c79 3011 ctr1 = _mm_add_epi32(ctr1, ONE);
wolfSSL 4:1b0d80432c79 3012 tmp1 = _mm_xor_si128(tmp1, KEY[0]);
wolfSSL 4:1b0d80432c79 3013 for(j=1; j<nr-1; j+=2){
wolfSSL 4:1b0d80432c79 3014 tmp1 = _mm_aesenc_si128(tmp1, KEY[j]);
wolfSSL 4:1b0d80432c79 3015 tmp1 = _mm_aesenc_si128(tmp1, KEY[j+1]);
wolfSSL 4:1b0d80432c79 3016 }
wolfSSL 4:1b0d80432c79 3017 tmp1 = _mm_aesenc_si128(tmp1, KEY[nr-1]);
wolfSSL 4:1b0d80432c79 3018 tmp1 = _mm_aesenclast_si128(tmp1, KEY[nr]);
wolfSSL 4:1b0d80432c79 3019 tmp1 = _mm_xor_si128(tmp1, _mm_loadu_si128(&((__m128i*)in)[k]));
wolfSSL 4:1b0d80432c79 3020 _mm_storeu_si128(&((__m128i*)out)[k], tmp1);
wolfSSL 4:1b0d80432c79 3021 tmp1 = _mm_shuffle_epi8(tmp1, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 3022 X =_mm_xor_si128(X, tmp1);
wolfSSL 4:1b0d80432c79 3023 gfmul(X, H, &X);
wolfSSL 4:1b0d80432c79 3024 }
wolfSSL 4:1b0d80432c79 3025 /* If one partial block remains */
wolfSSL 4:1b0d80432c79 3026 if(nbytes%16){
wolfSSL 4:1b0d80432c79 3027 tmp1 = _mm_shuffle_epi8(ctr1, BSWAP_EPI64);
wolfSSL 4:1b0d80432c79 3028 tmp1 = _mm_xor_si128(tmp1, KEY[0]);
wolfSSL 4:1b0d80432c79 3029 for(j=1; j<nr-1; j+=2){
wolfSSL 4:1b0d80432c79 3030 tmp1 = _mm_aesenc_si128(tmp1, KEY[j]);
wolfSSL 4:1b0d80432c79 3031 tmp1 = _mm_aesenc_si128(tmp1, KEY[j+1]);
wolfSSL 4:1b0d80432c79 3032 }
wolfSSL 4:1b0d80432c79 3033 tmp1 = _mm_aesenc_si128(tmp1, KEY[nr-1]);
wolfSSL 4:1b0d80432c79 3034 tmp1 = _mm_aesenclast_si128(tmp1, KEY[nr]);
wolfSSL 4:1b0d80432c79 3035 tmp1 = _mm_xor_si128(tmp1, _mm_loadu_si128(&((__m128i*)in)[k]));
wolfSSL 4:1b0d80432c79 3036 last_block = tmp1;
wolfSSL 4:1b0d80432c79 3037 for(j=0; j < nbytes%16; j++)
wolfSSL 4:1b0d80432c79 3038 out[k*16+j]=((unsigned char*)&last_block)[j];
wolfSSL 4:1b0d80432c79 3039 for(; j<16; j++)
wolfSSL 4:1b0d80432c79 3040 ((unsigned char*)&last_block)[j]=0;
wolfSSL 4:1b0d80432c79 3041 tmp1 = last_block;
wolfSSL 4:1b0d80432c79 3042 tmp1 = _mm_shuffle_epi8(tmp1, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 3043 X =_mm_xor_si128(X, tmp1);
wolfSSL 4:1b0d80432c79 3044 gfmul(X, H, &X);
wolfSSL 4:1b0d80432c79 3045 }
wolfSSL 4:1b0d80432c79 3046 tmp1 = _mm_insert_epi64(tmp1, nbytes*8, 0);
wolfSSL 4:1b0d80432c79 3047 tmp1 = _mm_insert_epi64(tmp1, abytes*8, 1);
wolfSSL 4:1b0d80432c79 3048 X = _mm_xor_si128(X, tmp1);
wolfSSL 4:1b0d80432c79 3049 gfmul(X, H, &X);
wolfSSL 4:1b0d80432c79 3050 X = _mm_shuffle_epi8(X, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 3051 T = _mm_xor_si128(X, T);
wolfSSL 4:1b0d80432c79 3052 _mm_storeu_si128((__m128i*)tag, T);
wolfSSL 4:1b0d80432c79 3053 }
wolfSSL 4:1b0d80432c79 3054
wolfSSL 4:1b0d80432c79 3055
wolfSSL 4:1b0d80432c79 3056 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 3057 /* Figure 10. AES-GCM – Decrypt With Single Block Ghash at a Time */
wolfSSL 4:1b0d80432c79 3058
wolfSSL 4:1b0d80432c79 3059 static int AES_GCM_decrypt(const unsigned char *in,
wolfSSL 4:1b0d80432c79 3060 unsigned char *out,
wolfSSL 4:1b0d80432c79 3061 const unsigned char* addt,
wolfSSL 4:1b0d80432c79 3062 const unsigned char* ivec,
wolfSSL 4:1b0d80432c79 3063 const unsigned char *tag, int nbytes, int abytes,
wolfSSL 4:1b0d80432c79 3064 int ibytes, const unsigned char* key, int nr)
wolfSSL 4:1b0d80432c79 3065 {
wolfSSL 4:1b0d80432c79 3066 int i, j ,k;
wolfSSL 4:1b0d80432c79 3067 __m128i tmp1, tmp2, tmp3, tmp4;
wolfSSL 4:1b0d80432c79 3068 __m128i H, Y, T;
wolfSSL 4:1b0d80432c79 3069 __m128i *KEY = (__m128i*)key;
wolfSSL 4:1b0d80432c79 3070 __m128i ctr1, ctr2, ctr3, ctr4;
wolfSSL 4:1b0d80432c79 3071 __m128i last_block = _mm_setzero_si128();
wolfSSL 4:1b0d80432c79 3072 __m128i ONE = _mm_set_epi32(0, 1, 0, 0);
wolfSSL 4:1b0d80432c79 3073 __m128i FOUR = _mm_set_epi32(0, 4, 0, 0);
wolfSSL 4:1b0d80432c79 3074 __m128i BSWAP_EPI64 = _mm_set_epi8(8,9,10,11,12,13,14,15,0,1,2,3,4,5,6,7);
wolfSSL 4:1b0d80432c79 3075 __m128i BSWAP_MASK = _mm_set_epi8(0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15);
wolfSSL 4:1b0d80432c79 3076 __m128i X = _mm_setzero_si128();
wolfSSL 4:1b0d80432c79 3077
wolfSSL 4:1b0d80432c79 3078 if (ibytes == 96/8) {
wolfSSL 4:1b0d80432c79 3079 Y = _mm_loadu_si128((__m128i*)ivec);
wolfSSL 4:1b0d80432c79 3080 Y = _mm_insert_epi32(Y, 0x1000000, 3);
wolfSSL 4:1b0d80432c79 3081 /* (Compute E[ZERO, KS] and E[Y0, KS] together */
wolfSSL 4:1b0d80432c79 3082 tmp1 = _mm_xor_si128(X, KEY[0]);
wolfSSL 4:1b0d80432c79 3083 tmp2 = _mm_xor_si128(Y, KEY[0]);
wolfSSL 4:1b0d80432c79 3084 for (j = 1; j < nr - 1; j += 2) {
wolfSSL 4:1b0d80432c79 3085 tmp1 = _mm_aesenc_si128(tmp1, KEY[j]);
wolfSSL 4:1b0d80432c79 3086 tmp2 = _mm_aesenc_si128(tmp2, KEY[j]);
wolfSSL 4:1b0d80432c79 3087 tmp1 = _mm_aesenc_si128(tmp1, KEY[j+1]);
wolfSSL 4:1b0d80432c79 3088 tmp2 = _mm_aesenc_si128(tmp2, KEY[j+1]);
wolfSSL 4:1b0d80432c79 3089 }
wolfSSL 4:1b0d80432c79 3090 tmp1 = _mm_aesenc_si128(tmp1, KEY[nr-1]);
wolfSSL 4:1b0d80432c79 3091 tmp2 = _mm_aesenc_si128(tmp2, KEY[nr-1]);
wolfSSL 4:1b0d80432c79 3092 H = _mm_aesenclast_si128(tmp1, KEY[nr]);
wolfSSL 4:1b0d80432c79 3093 T = _mm_aesenclast_si128(tmp2, KEY[nr]);
wolfSSL 4:1b0d80432c79 3094 H = _mm_shuffle_epi8(H, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 3095 }
wolfSSL 4:1b0d80432c79 3096 else {
wolfSSL 4:1b0d80432c79 3097 tmp1 = _mm_xor_si128(X, KEY[0]);
wolfSSL 4:1b0d80432c79 3098 for (j = 1; j < nr; j++)
wolfSSL 4:1b0d80432c79 3099 tmp1 = _mm_aesenc_si128(tmp1, KEY[j]);
wolfSSL 4:1b0d80432c79 3100 H = _mm_aesenclast_si128(tmp1, KEY[nr]);
wolfSSL 4:1b0d80432c79 3101 H = _mm_shuffle_epi8(H, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 3102 Y = _mm_setzero_si128();
wolfSSL 4:1b0d80432c79 3103
wolfSSL 4:1b0d80432c79 3104 for (i = 0; i < ibytes / 16; i++) {
wolfSSL 4:1b0d80432c79 3105 tmp1 = _mm_loadu_si128(&((__m128i*)ivec)[i]);
wolfSSL 4:1b0d80432c79 3106 tmp1 = _mm_shuffle_epi8(tmp1, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 3107 Y = _mm_xor_si128(Y, tmp1);
wolfSSL 4:1b0d80432c79 3108 gfmul(Y, H, &Y);
wolfSSL 4:1b0d80432c79 3109 }
wolfSSL 4:1b0d80432c79 3110
wolfSSL 4:1b0d80432c79 3111 if (ibytes % 16) {
wolfSSL 4:1b0d80432c79 3112 for(j = 0; j < ibytes % 16; j++)
wolfSSL 4:1b0d80432c79 3113 ((unsigned char*)&last_block)[j] = ivec[i*16+j];
wolfSSL 4:1b0d80432c79 3114 tmp1 = last_block;
wolfSSL 4:1b0d80432c79 3115 tmp1 = _mm_shuffle_epi8(tmp1, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 3116 Y = _mm_xor_si128(Y, tmp1);
wolfSSL 4:1b0d80432c79 3117 gfmul(Y, H, &Y);
wolfSSL 4:1b0d80432c79 3118 }
wolfSSL 4:1b0d80432c79 3119
wolfSSL 4:1b0d80432c79 3120 tmp1 = _mm_insert_epi64(tmp1, ibytes*8, 0);
wolfSSL 4:1b0d80432c79 3121 tmp1 = _mm_insert_epi64(tmp1, 0, 1);
wolfSSL 4:1b0d80432c79 3122 Y = _mm_xor_si128(Y, tmp1);
wolfSSL 4:1b0d80432c79 3123 gfmul(Y, H, &Y);
wolfSSL 4:1b0d80432c79 3124 Y = _mm_shuffle_epi8(Y, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 3125 /* Compute E(K, Y0) */
wolfSSL 4:1b0d80432c79 3126 tmp1 = _mm_xor_si128(Y, KEY[0]);
wolfSSL 4:1b0d80432c79 3127 for(j=1; j < nr; j++)
wolfSSL 4:1b0d80432c79 3128 tmp1 = _mm_aesenc_si128(tmp1, KEY[j]);
wolfSSL 4:1b0d80432c79 3129 T = _mm_aesenclast_si128(tmp1, KEY[nr]);
wolfSSL 4:1b0d80432c79 3130 }
wolfSSL 4:1b0d80432c79 3131
wolfSSL 4:1b0d80432c79 3132 for (i = 0; i < abytes / 16; i++) {
wolfSSL 4:1b0d80432c79 3133 tmp1 = _mm_loadu_si128(&((__m128i*)addt)[i]);
wolfSSL 4:1b0d80432c79 3134 tmp1 = _mm_shuffle_epi8(tmp1, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 3135 X = _mm_xor_si128(X, tmp1);
wolfSSL 4:1b0d80432c79 3136 gfmul(X, H, &X);
wolfSSL 4:1b0d80432c79 3137 }
wolfSSL 4:1b0d80432c79 3138
wolfSSL 4:1b0d80432c79 3139 if (abytes % 16) {
wolfSSL 4:1b0d80432c79 3140 last_block = _mm_setzero_si128();
wolfSSL 4:1b0d80432c79 3141 for (j = 0;j < abytes % 16; j++)
wolfSSL 4:1b0d80432c79 3142 ((unsigned char*)&last_block)[j] = addt[i*16+j];
wolfSSL 4:1b0d80432c79 3143 tmp1 = last_block;
wolfSSL 4:1b0d80432c79 3144 tmp1 = _mm_shuffle_epi8(tmp1, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 3145 X =_mm_xor_si128(X, tmp1);
wolfSSL 4:1b0d80432c79 3146 gfmul(X, H, &X);
wolfSSL 4:1b0d80432c79 3147 }
wolfSSL 4:1b0d80432c79 3148
wolfSSL 4:1b0d80432c79 3149 for (i = 0; i < nbytes / 16; i++) {
wolfSSL 4:1b0d80432c79 3150 tmp1 = _mm_loadu_si128(&((__m128i*)in)[i]);
wolfSSL 4:1b0d80432c79 3151 tmp1 = _mm_shuffle_epi8(tmp1, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 3152 X = _mm_xor_si128(X, tmp1);
wolfSSL 4:1b0d80432c79 3153 gfmul(X, H, &X);
wolfSSL 4:1b0d80432c79 3154 }
wolfSSL 4:1b0d80432c79 3155
wolfSSL 4:1b0d80432c79 3156 if (nbytes % 16) {
wolfSSL 4:1b0d80432c79 3157 last_block = _mm_setzero_si128();
wolfSSL 4:1b0d80432c79 3158 for(j = 0; j < nbytes % 16; j++)
wolfSSL 4:1b0d80432c79 3159 ((unsigned char*)&last_block)[j] = in[i*16+j];
wolfSSL 4:1b0d80432c79 3160 tmp1 = last_block;
wolfSSL 4:1b0d80432c79 3161 tmp1 = _mm_shuffle_epi8(tmp1, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 3162 X = _mm_xor_si128(X, tmp1);
wolfSSL 4:1b0d80432c79 3163 gfmul(X, H, &X);
wolfSSL 4:1b0d80432c79 3164 }
wolfSSL 4:1b0d80432c79 3165
wolfSSL 4:1b0d80432c79 3166 tmp1 = _mm_insert_epi64(tmp1, nbytes * 8, 0);
wolfSSL 4:1b0d80432c79 3167 tmp1 = _mm_insert_epi64(tmp1, abytes * 8, 1);
wolfSSL 4:1b0d80432c79 3168 X = _mm_xor_si128(X, tmp1);
wolfSSL 4:1b0d80432c79 3169 gfmul(X, H, &X);
wolfSSL 4:1b0d80432c79 3170 X = _mm_shuffle_epi8(X, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 3171 T = _mm_xor_si128(X, T);
wolfSSL 4:1b0d80432c79 3172
wolfSSL 4:1b0d80432c79 3173 if (0xffff !=
wolfSSL 4:1b0d80432c79 3174 _mm_movemask_epi8(_mm_cmpeq_epi8(T, _mm_loadu_si128((__m128i*)tag))))
wolfSSL 4:1b0d80432c79 3175 return 0; /* in case the authentication failed */
wolfSSL 4:1b0d80432c79 3176
wolfSSL 4:1b0d80432c79 3177 ctr1 = _mm_shuffle_epi8(Y, BSWAP_EPI64);
wolfSSL 4:1b0d80432c79 3178 ctr1 = _mm_add_epi32(ctr1, ONE);
wolfSSL 4:1b0d80432c79 3179 ctr2 = _mm_add_epi32(ctr1, ONE);
wolfSSL 4:1b0d80432c79 3180 ctr3 = _mm_add_epi32(ctr2, ONE);
wolfSSL 4:1b0d80432c79 3181 ctr4 = _mm_add_epi32(ctr3, ONE);
wolfSSL 4:1b0d80432c79 3182
wolfSSL 4:1b0d80432c79 3183 for (i=0; i < nbytes/16/4; i++) {
wolfSSL 4:1b0d80432c79 3184 tmp1 = _mm_shuffle_epi8(ctr1, BSWAP_EPI64);
wolfSSL 4:1b0d80432c79 3185 tmp2 = _mm_shuffle_epi8(ctr2, BSWAP_EPI64);
wolfSSL 4:1b0d80432c79 3186 tmp3 = _mm_shuffle_epi8(ctr3, BSWAP_EPI64);
wolfSSL 4:1b0d80432c79 3187 tmp4 = _mm_shuffle_epi8(ctr4, BSWAP_EPI64);
wolfSSL 4:1b0d80432c79 3188
wolfSSL 4:1b0d80432c79 3189 ctr1 = _mm_add_epi32(ctr1, FOUR);
wolfSSL 4:1b0d80432c79 3190 ctr2 = _mm_add_epi32(ctr2, FOUR);
wolfSSL 4:1b0d80432c79 3191 ctr3 = _mm_add_epi32(ctr3, FOUR);
wolfSSL 4:1b0d80432c79 3192 ctr4 = _mm_add_epi32(ctr4, FOUR);
wolfSSL 4:1b0d80432c79 3193
wolfSSL 4:1b0d80432c79 3194 tmp1 =_mm_xor_si128(tmp1, KEY[0]);
wolfSSL 4:1b0d80432c79 3195 tmp2 =_mm_xor_si128(tmp2, KEY[0]);
wolfSSL 4:1b0d80432c79 3196 tmp3 =_mm_xor_si128(tmp3, KEY[0]);
wolfSSL 4:1b0d80432c79 3197 tmp4 =_mm_xor_si128(tmp4, KEY[0]);
wolfSSL 4:1b0d80432c79 3198
wolfSSL 4:1b0d80432c79 3199 for (j = 1; j < nr - 1; j += 2) {
wolfSSL 4:1b0d80432c79 3200 tmp1 = _mm_aesenc_si128(tmp1, KEY[j]);
wolfSSL 4:1b0d80432c79 3201 tmp2 = _mm_aesenc_si128(tmp2, KEY[j]);
wolfSSL 4:1b0d80432c79 3202 tmp3 = _mm_aesenc_si128(tmp3, KEY[j]);
wolfSSL 4:1b0d80432c79 3203 tmp4 = _mm_aesenc_si128(tmp4, KEY[j]);
wolfSSL 4:1b0d80432c79 3204
wolfSSL 4:1b0d80432c79 3205 tmp1 = _mm_aesenc_si128(tmp1, KEY[j+1]);
wolfSSL 4:1b0d80432c79 3206 tmp2 = _mm_aesenc_si128(tmp2, KEY[j+1]);
wolfSSL 4:1b0d80432c79 3207 tmp3 = _mm_aesenc_si128(tmp3, KEY[j+1]);
wolfSSL 4:1b0d80432c79 3208 tmp4 = _mm_aesenc_si128(tmp4, KEY[j+1]);
wolfSSL 4:1b0d80432c79 3209 }
wolfSSL 4:1b0d80432c79 3210
wolfSSL 4:1b0d80432c79 3211 tmp1 = _mm_aesenc_si128(tmp1, KEY[nr-1]);
wolfSSL 4:1b0d80432c79 3212 tmp2 = _mm_aesenc_si128(tmp2, KEY[nr-1]);
wolfSSL 4:1b0d80432c79 3213 tmp3 = _mm_aesenc_si128(tmp3, KEY[nr-1]);
wolfSSL 4:1b0d80432c79 3214 tmp4 = _mm_aesenc_si128(tmp4, KEY[nr-1]);
wolfSSL 4:1b0d80432c79 3215
wolfSSL 4:1b0d80432c79 3216 tmp1 =_mm_aesenclast_si128(tmp1, KEY[nr]);
wolfSSL 4:1b0d80432c79 3217 tmp2 =_mm_aesenclast_si128(tmp2, KEY[nr]);
wolfSSL 4:1b0d80432c79 3218 tmp3 =_mm_aesenclast_si128(tmp3, KEY[nr]);
wolfSSL 4:1b0d80432c79 3219 tmp4 =_mm_aesenclast_si128(tmp4, KEY[nr]);
wolfSSL 4:1b0d80432c79 3220
wolfSSL 4:1b0d80432c79 3221 tmp1 = _mm_xor_si128(tmp1, _mm_loadu_si128(&((__m128i*)in)[i*4+0]));
wolfSSL 4:1b0d80432c79 3222 tmp2 = _mm_xor_si128(tmp2, _mm_loadu_si128(&((__m128i*)in)[i*4+1]));
wolfSSL 4:1b0d80432c79 3223 tmp3 = _mm_xor_si128(tmp3, _mm_loadu_si128(&((__m128i*)in)[i*4+2]));
wolfSSL 4:1b0d80432c79 3224 tmp4 = _mm_xor_si128(tmp4, _mm_loadu_si128(&((__m128i*)in)[i*4+3]));
wolfSSL 4:1b0d80432c79 3225
wolfSSL 4:1b0d80432c79 3226 _mm_storeu_si128(&((__m128i*)out)[i*4+0], tmp1);
wolfSSL 4:1b0d80432c79 3227 _mm_storeu_si128(&((__m128i*)out)[i*4+1], tmp2);
wolfSSL 4:1b0d80432c79 3228 _mm_storeu_si128(&((__m128i*)out)[i*4+2], tmp3);
wolfSSL 4:1b0d80432c79 3229 _mm_storeu_si128(&((__m128i*)out)[i*4+3], tmp4);
wolfSSL 4:1b0d80432c79 3230
wolfSSL 4:1b0d80432c79 3231 tmp1 = _mm_shuffle_epi8(tmp1, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 3232 tmp2 = _mm_shuffle_epi8(tmp2, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 3233 tmp3 = _mm_shuffle_epi8(tmp3, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 3234 tmp4 = _mm_shuffle_epi8(tmp4, BSWAP_MASK);
wolfSSL 4:1b0d80432c79 3235 }
wolfSSL 4:1b0d80432c79 3236
wolfSSL 4:1b0d80432c79 3237 /* Acknowledge the dead store and continue */
wolfSSL 4:1b0d80432c79 3238 (void) tmp1;
wolfSSL 4:1b0d80432c79 3239 (void) tmp2;
wolfSSL 4:1b0d80432c79 3240 (void) tmp3;
wolfSSL 4:1b0d80432c79 3241 (void) tmp4;
wolfSSL 4:1b0d80432c79 3242
wolfSSL 4:1b0d80432c79 3243 for (k = i*4; k < nbytes/16; k++) {
wolfSSL 4:1b0d80432c79 3244 tmp1 = _mm_shuffle_epi8(ctr1, BSWAP_EPI64);
wolfSSL 4:1b0d80432c79 3245 ctr1 = _mm_add_epi32(ctr1, ONE);
wolfSSL 4:1b0d80432c79 3246 tmp1 = _mm_xor_si128(tmp1, KEY[0]);
wolfSSL 4:1b0d80432c79 3247 for (j = 1; j < nr-1; j += 2) {
wolfSSL 4:1b0d80432c79 3248 tmp1 = _mm_aesenc_si128(tmp1, KEY[j]);
wolfSSL 4:1b0d80432c79 3249 tmp1 = _mm_aesenc_si128(tmp1, KEY[j+1]);
wolfSSL 4:1b0d80432c79 3250 }
wolfSSL 4:1b0d80432c79 3251 tmp1 = _mm_aesenc_si128(tmp1, KEY[nr-1]);
wolfSSL 4:1b0d80432c79 3252 tmp1 = _mm_aesenclast_si128(tmp1, KEY[nr]);
wolfSSL 4:1b0d80432c79 3253 tmp1 = _mm_xor_si128(tmp1, _mm_loadu_si128(&((__m128i*)in)[k]));
wolfSSL 4:1b0d80432c79 3254 _mm_storeu_si128(&((__m128i*)out)[k], tmp1);
wolfSSL 4:1b0d80432c79 3255 }
wolfSSL 4:1b0d80432c79 3256
wolfSSL 4:1b0d80432c79 3257 /* If one partial block remains */
wolfSSL 4:1b0d80432c79 3258 if (nbytes % 16) {
wolfSSL 4:1b0d80432c79 3259 tmp1 = _mm_shuffle_epi8(ctr1, BSWAP_EPI64);
wolfSSL 4:1b0d80432c79 3260 tmp1 = _mm_xor_si128(tmp1, KEY[0]);
wolfSSL 4:1b0d80432c79 3261 for (j = 1; j < nr-1; j += 2) {
wolfSSL 4:1b0d80432c79 3262 tmp1 =_mm_aesenc_si128(tmp1, KEY[j]);
wolfSSL 4:1b0d80432c79 3263 tmp1 =_mm_aesenc_si128(tmp1, KEY[j+1]);
wolfSSL 4:1b0d80432c79 3264 }
wolfSSL 4:1b0d80432c79 3265 tmp1 = _mm_aesenc_si128(tmp1, KEY[nr-1]);
wolfSSL 4:1b0d80432c79 3266 tmp1 = _mm_aesenclast_si128(tmp1, KEY[nr]);
wolfSSL 4:1b0d80432c79 3267 tmp1 = _mm_xor_si128(tmp1, _mm_loadu_si128(&((__m128i*)in)[k]));
wolfSSL 4:1b0d80432c79 3268 last_block = tmp1;
wolfSSL 4:1b0d80432c79 3269 for (j = 0; j < nbytes % 16; j++)
wolfSSL 4:1b0d80432c79 3270 out[k*16+j]=((unsigned char*)&last_block)[j];
wolfSSL 4:1b0d80432c79 3271 }
wolfSSL 4:1b0d80432c79 3272
wolfSSL 4:1b0d80432c79 3273 return 1; /* when successful returns 1 */
wolfSSL 4:1b0d80432c79 3274 }
wolfSSL 4:1b0d80432c79 3275 #endif /* HAVE_AES_DECRYPT */
wolfSSL 4:1b0d80432c79 3276 #endif /* WOLFSSL_AESNI */
wolfSSL 4:1b0d80432c79 3277
wolfSSL 4:1b0d80432c79 3278
wolfSSL 4:1b0d80432c79 3279 #if defined(GCM_SMALL)
wolfSSL 4:1b0d80432c79 3280
wolfSSL 4:1b0d80432c79 3281 static void GMULT(byte* X, byte* Y)
wolfSSL 4:1b0d80432c79 3282 {
wolfSSL 4:1b0d80432c79 3283 byte Z[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 3284 byte V[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 3285 int i, j;
wolfSSL 4:1b0d80432c79 3286
wolfSSL 4:1b0d80432c79 3287 XMEMSET(Z, 0, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3288 XMEMCPY(V, X, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3289 for (i = 0; i < AES_BLOCK_SIZE; i++)
wolfSSL 4:1b0d80432c79 3290 {
wolfSSL 4:1b0d80432c79 3291 byte y = Y[i];
wolfSSL 4:1b0d80432c79 3292 for (j = 0; j < 8; j++)
wolfSSL 4:1b0d80432c79 3293 {
wolfSSL 4:1b0d80432c79 3294 if (y & 0x80) {
wolfSSL 4:1b0d80432c79 3295 xorbuf(Z, V, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3296 }
wolfSSL 4:1b0d80432c79 3297
wolfSSL 4:1b0d80432c79 3298 RIGHTSHIFTX(V);
wolfSSL 4:1b0d80432c79 3299 y = y << 1;
wolfSSL 4:1b0d80432c79 3300 }
wolfSSL 4:1b0d80432c79 3301 }
wolfSSL 4:1b0d80432c79 3302 XMEMCPY(X, Z, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3303 }
wolfSSL 4:1b0d80432c79 3304
wolfSSL 4:1b0d80432c79 3305
wolfSSL 4:1b0d80432c79 3306 static void GHASH(Aes* aes, const byte* a, word32 aSz,
wolfSSL 4:1b0d80432c79 3307 const byte* c, word32 cSz, byte* s, word32 sSz)
wolfSSL 4:1b0d80432c79 3308 {
wolfSSL 4:1b0d80432c79 3309 byte x[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 3310 byte scratch[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 3311 word32 blocks, partial;
wolfSSL 4:1b0d80432c79 3312 byte* h = aes->H;
wolfSSL 4:1b0d80432c79 3313
wolfSSL 4:1b0d80432c79 3314 XMEMSET(x, 0, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3315
wolfSSL 4:1b0d80432c79 3316 /* Hash in A, the Additional Authentication Data */
wolfSSL 4:1b0d80432c79 3317 if (aSz != 0 && a != NULL) {
wolfSSL 4:1b0d80432c79 3318 blocks = aSz / AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3319 partial = aSz % AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3320 while (blocks--) {
wolfSSL 4:1b0d80432c79 3321 xorbuf(x, a, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3322 GMULT(x, h);
wolfSSL 4:1b0d80432c79 3323 a += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3324 }
wolfSSL 4:1b0d80432c79 3325 if (partial != 0) {
wolfSSL 4:1b0d80432c79 3326 XMEMSET(scratch, 0, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3327 XMEMCPY(scratch, a, partial);
wolfSSL 4:1b0d80432c79 3328 xorbuf(x, scratch, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3329 GMULT(x, h);
wolfSSL 4:1b0d80432c79 3330 }
wolfSSL 4:1b0d80432c79 3331 }
wolfSSL 4:1b0d80432c79 3332
wolfSSL 4:1b0d80432c79 3333 /* Hash in C, the Ciphertext */
wolfSSL 4:1b0d80432c79 3334 if (cSz != 0 && c != NULL) {
wolfSSL 4:1b0d80432c79 3335 blocks = cSz / AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3336 partial = cSz % AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3337 while (blocks--) {
wolfSSL 4:1b0d80432c79 3338 xorbuf(x, c, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3339 GMULT(x, h);
wolfSSL 4:1b0d80432c79 3340 c += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3341 }
wolfSSL 4:1b0d80432c79 3342 if (partial != 0) {
wolfSSL 4:1b0d80432c79 3343 XMEMSET(scratch, 0, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3344 XMEMCPY(scratch, c, partial);
wolfSSL 4:1b0d80432c79 3345 xorbuf(x, scratch, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3346 GMULT(x, h);
wolfSSL 4:1b0d80432c79 3347 }
wolfSSL 4:1b0d80432c79 3348 }
wolfSSL 4:1b0d80432c79 3349
wolfSSL 4:1b0d80432c79 3350 /* Hash in the lengths of A and C in bits */
wolfSSL 4:1b0d80432c79 3351 FlattenSzInBits(&scratch[0], aSz);
wolfSSL 4:1b0d80432c79 3352 FlattenSzInBits(&scratch[8], cSz);
wolfSSL 4:1b0d80432c79 3353 xorbuf(x, scratch, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3354 GMULT(x, h);
wolfSSL 4:1b0d80432c79 3355
wolfSSL 4:1b0d80432c79 3356 /* Copy the result into s. */
wolfSSL 4:1b0d80432c79 3357 XMEMCPY(s, x, sSz);
wolfSSL 4:1b0d80432c79 3358 }
wolfSSL 4:1b0d80432c79 3359
wolfSSL 4:1b0d80432c79 3360 /* end GCM_SMALL */
wolfSSL 4:1b0d80432c79 3361 #elif defined(GCM_TABLE)
wolfSSL 4:1b0d80432c79 3362
wolfSSL 4:1b0d80432c79 3363 static const byte R[256][2] = {
wolfSSL 4:1b0d80432c79 3364 {0x00, 0x00}, {0x01, 0xc2}, {0x03, 0x84}, {0x02, 0x46},
wolfSSL 4:1b0d80432c79 3365 {0x07, 0x08}, {0x06, 0xca}, {0x04, 0x8c}, {0x05, 0x4e},
wolfSSL 4:1b0d80432c79 3366 {0x0e, 0x10}, {0x0f, 0xd2}, {0x0d, 0x94}, {0x0c, 0x56},
wolfSSL 4:1b0d80432c79 3367 {0x09, 0x18}, {0x08, 0xda}, {0x0a, 0x9c}, {0x0b, 0x5e},
wolfSSL 4:1b0d80432c79 3368 {0x1c, 0x20}, {0x1d, 0xe2}, {0x1f, 0xa4}, {0x1e, 0x66},
wolfSSL 4:1b0d80432c79 3369 {0x1b, 0x28}, {0x1a, 0xea}, {0x18, 0xac}, {0x19, 0x6e},
wolfSSL 4:1b0d80432c79 3370 {0x12, 0x30}, {0x13, 0xf2}, {0x11, 0xb4}, {0x10, 0x76},
wolfSSL 4:1b0d80432c79 3371 {0x15, 0x38}, {0x14, 0xfa}, {0x16, 0xbc}, {0x17, 0x7e},
wolfSSL 4:1b0d80432c79 3372 {0x38, 0x40}, {0x39, 0x82}, {0x3b, 0xc4}, {0x3a, 0x06},
wolfSSL 4:1b0d80432c79 3373 {0x3f, 0x48}, {0x3e, 0x8a}, {0x3c, 0xcc}, {0x3d, 0x0e},
wolfSSL 4:1b0d80432c79 3374 {0x36, 0x50}, {0x37, 0x92}, {0x35, 0xd4}, {0x34, 0x16},
wolfSSL 4:1b0d80432c79 3375 {0x31, 0x58}, {0x30, 0x9a}, {0x32, 0xdc}, {0x33, 0x1e},
wolfSSL 4:1b0d80432c79 3376 {0x24, 0x60}, {0x25, 0xa2}, {0x27, 0xe4}, {0x26, 0x26},
wolfSSL 4:1b0d80432c79 3377 {0x23, 0x68}, {0x22, 0xaa}, {0x20, 0xec}, {0x21, 0x2e},
wolfSSL 4:1b0d80432c79 3378 {0x2a, 0x70}, {0x2b, 0xb2}, {0x29, 0xf4}, {0x28, 0x36},
wolfSSL 4:1b0d80432c79 3379 {0x2d, 0x78}, {0x2c, 0xba}, {0x2e, 0xfc}, {0x2f, 0x3e},
wolfSSL 4:1b0d80432c79 3380 {0x70, 0x80}, {0x71, 0x42}, {0x73, 0x04}, {0x72, 0xc6},
wolfSSL 4:1b0d80432c79 3381 {0x77, 0x88}, {0x76, 0x4a}, {0x74, 0x0c}, {0x75, 0xce},
wolfSSL 4:1b0d80432c79 3382 {0x7e, 0x90}, {0x7f, 0x52}, {0x7d, 0x14}, {0x7c, 0xd6},
wolfSSL 4:1b0d80432c79 3383 {0x79, 0x98}, {0x78, 0x5a}, {0x7a, 0x1c}, {0x7b, 0xde},
wolfSSL 4:1b0d80432c79 3384 {0x6c, 0xa0}, {0x6d, 0x62}, {0x6f, 0x24}, {0x6e, 0xe6},
wolfSSL 4:1b0d80432c79 3385 {0x6b, 0xa8}, {0x6a, 0x6a}, {0x68, 0x2c}, {0x69, 0xee},
wolfSSL 4:1b0d80432c79 3386 {0x62, 0xb0}, {0x63, 0x72}, {0x61, 0x34}, {0x60, 0xf6},
wolfSSL 4:1b0d80432c79 3387 {0x65, 0xb8}, {0x64, 0x7a}, {0x66, 0x3c}, {0x67, 0xfe},
wolfSSL 4:1b0d80432c79 3388 {0x48, 0xc0}, {0x49, 0x02}, {0x4b, 0x44}, {0x4a, 0x86},
wolfSSL 4:1b0d80432c79 3389 {0x4f, 0xc8}, {0x4e, 0x0a}, {0x4c, 0x4c}, {0x4d, 0x8e},
wolfSSL 4:1b0d80432c79 3390 {0x46, 0xd0}, {0x47, 0x12}, {0x45, 0x54}, {0x44, 0x96},
wolfSSL 4:1b0d80432c79 3391 {0x41, 0xd8}, {0x40, 0x1a}, {0x42, 0x5c}, {0x43, 0x9e},
wolfSSL 4:1b0d80432c79 3392 {0x54, 0xe0}, {0x55, 0x22}, {0x57, 0x64}, {0x56, 0xa6},
wolfSSL 4:1b0d80432c79 3393 {0x53, 0xe8}, {0x52, 0x2a}, {0x50, 0x6c}, {0x51, 0xae},
wolfSSL 4:1b0d80432c79 3394 {0x5a, 0xf0}, {0x5b, 0x32}, {0x59, 0x74}, {0x58, 0xb6},
wolfSSL 4:1b0d80432c79 3395 {0x5d, 0xf8}, {0x5c, 0x3a}, {0x5e, 0x7c}, {0x5f, 0xbe},
wolfSSL 4:1b0d80432c79 3396 {0xe1, 0x00}, {0xe0, 0xc2}, {0xe2, 0x84}, {0xe3, 0x46},
wolfSSL 4:1b0d80432c79 3397 {0xe6, 0x08}, {0xe7, 0xca}, {0xe5, 0x8c}, {0xe4, 0x4e},
wolfSSL 4:1b0d80432c79 3398 {0xef, 0x10}, {0xee, 0xd2}, {0xec, 0x94}, {0xed, 0x56},
wolfSSL 4:1b0d80432c79 3399 {0xe8, 0x18}, {0xe9, 0xda}, {0xeb, 0x9c}, {0xea, 0x5e},
wolfSSL 4:1b0d80432c79 3400 {0xfd, 0x20}, {0xfc, 0xe2}, {0xfe, 0xa4}, {0xff, 0x66},
wolfSSL 4:1b0d80432c79 3401 {0xfa, 0x28}, {0xfb, 0xea}, {0xf9, 0xac}, {0xf8, 0x6e},
wolfSSL 4:1b0d80432c79 3402 {0xf3, 0x30}, {0xf2, 0xf2}, {0xf0, 0xb4}, {0xf1, 0x76},
wolfSSL 4:1b0d80432c79 3403 {0xf4, 0x38}, {0xf5, 0xfa}, {0xf7, 0xbc}, {0xf6, 0x7e},
wolfSSL 4:1b0d80432c79 3404 {0xd9, 0x40}, {0xd8, 0x82}, {0xda, 0xc4}, {0xdb, 0x06},
wolfSSL 4:1b0d80432c79 3405 {0xde, 0x48}, {0xdf, 0x8a}, {0xdd, 0xcc}, {0xdc, 0x0e},
wolfSSL 4:1b0d80432c79 3406 {0xd7, 0x50}, {0xd6, 0x92}, {0xd4, 0xd4}, {0xd5, 0x16},
wolfSSL 4:1b0d80432c79 3407 {0xd0, 0x58}, {0xd1, 0x9a}, {0xd3, 0xdc}, {0xd2, 0x1e},
wolfSSL 4:1b0d80432c79 3408 {0xc5, 0x60}, {0xc4, 0xa2}, {0xc6, 0xe4}, {0xc7, 0x26},
wolfSSL 4:1b0d80432c79 3409 {0xc2, 0x68}, {0xc3, 0xaa}, {0xc1, 0xec}, {0xc0, 0x2e},
wolfSSL 4:1b0d80432c79 3410 {0xcb, 0x70}, {0xca, 0xb2}, {0xc8, 0xf4}, {0xc9, 0x36},
wolfSSL 4:1b0d80432c79 3411 {0xcc, 0x78}, {0xcd, 0xba}, {0xcf, 0xfc}, {0xce, 0x3e},
wolfSSL 4:1b0d80432c79 3412 {0x91, 0x80}, {0x90, 0x42}, {0x92, 0x04}, {0x93, 0xc6},
wolfSSL 4:1b0d80432c79 3413 {0x96, 0x88}, {0x97, 0x4a}, {0x95, 0x0c}, {0x94, 0xce},
wolfSSL 4:1b0d80432c79 3414 {0x9f, 0x90}, {0x9e, 0x52}, {0x9c, 0x14}, {0x9d, 0xd6},
wolfSSL 4:1b0d80432c79 3415 {0x98, 0x98}, {0x99, 0x5a}, {0x9b, 0x1c}, {0x9a, 0xde},
wolfSSL 4:1b0d80432c79 3416 {0x8d, 0xa0}, {0x8c, 0x62}, {0x8e, 0x24}, {0x8f, 0xe6},
wolfSSL 4:1b0d80432c79 3417 {0x8a, 0xa8}, {0x8b, 0x6a}, {0x89, 0x2c}, {0x88, 0xee},
wolfSSL 4:1b0d80432c79 3418 {0x83, 0xb0}, {0x82, 0x72}, {0x80, 0x34}, {0x81, 0xf6},
wolfSSL 4:1b0d80432c79 3419 {0x84, 0xb8}, {0x85, 0x7a}, {0x87, 0x3c}, {0x86, 0xfe},
wolfSSL 4:1b0d80432c79 3420 {0xa9, 0xc0}, {0xa8, 0x02}, {0xaa, 0x44}, {0xab, 0x86},
wolfSSL 4:1b0d80432c79 3421 {0xae, 0xc8}, {0xaf, 0x0a}, {0xad, 0x4c}, {0xac, 0x8e},
wolfSSL 4:1b0d80432c79 3422 {0xa7, 0xd0}, {0xa6, 0x12}, {0xa4, 0x54}, {0xa5, 0x96},
wolfSSL 4:1b0d80432c79 3423 {0xa0, 0xd8}, {0xa1, 0x1a}, {0xa3, 0x5c}, {0xa2, 0x9e},
wolfSSL 4:1b0d80432c79 3424 {0xb5, 0xe0}, {0xb4, 0x22}, {0xb6, 0x64}, {0xb7, 0xa6},
wolfSSL 4:1b0d80432c79 3425 {0xb2, 0xe8}, {0xb3, 0x2a}, {0xb1, 0x6c}, {0xb0, 0xae},
wolfSSL 4:1b0d80432c79 3426 {0xbb, 0xf0}, {0xba, 0x32}, {0xb8, 0x74}, {0xb9, 0xb6},
wolfSSL 4:1b0d80432c79 3427 {0xbc, 0xf8}, {0xbd, 0x3a}, {0xbf, 0x7c}, {0xbe, 0xbe} };
wolfSSL 4:1b0d80432c79 3428
wolfSSL 4:1b0d80432c79 3429
wolfSSL 4:1b0d80432c79 3430 static void GMULT(byte *x, byte m[256][AES_BLOCK_SIZE])
wolfSSL 4:1b0d80432c79 3431 {
wolfSSL 4:1b0d80432c79 3432 int i, j;
wolfSSL 4:1b0d80432c79 3433 byte Z[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 3434 byte a;
wolfSSL 4:1b0d80432c79 3435
wolfSSL 4:1b0d80432c79 3436 XMEMSET(Z, 0, sizeof(Z));
wolfSSL 4:1b0d80432c79 3437
wolfSSL 4:1b0d80432c79 3438 for (i = 15; i > 0; i--) {
wolfSSL 4:1b0d80432c79 3439 xorbuf(Z, m[x[i]], AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3440 a = Z[15];
wolfSSL 4:1b0d80432c79 3441
wolfSSL 4:1b0d80432c79 3442 for (j = 15; j > 0; j--) {
wolfSSL 4:1b0d80432c79 3443 Z[j] = Z[j-1];
wolfSSL 4:1b0d80432c79 3444 }
wolfSSL 4:1b0d80432c79 3445
wolfSSL 4:1b0d80432c79 3446 Z[0] = R[a][0];
wolfSSL 4:1b0d80432c79 3447 Z[1] ^= R[a][1];
wolfSSL 4:1b0d80432c79 3448 }
wolfSSL 4:1b0d80432c79 3449 xorbuf(Z, m[x[0]], AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3450
wolfSSL 4:1b0d80432c79 3451 XMEMCPY(x, Z, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3452 }
wolfSSL 4:1b0d80432c79 3453
wolfSSL 4:1b0d80432c79 3454
wolfSSL 4:1b0d80432c79 3455 static void GHASH(Aes* aes, const byte* a, word32 aSz,
wolfSSL 4:1b0d80432c79 3456 const byte* c, word32 cSz, byte* s, word32 sSz)
wolfSSL 4:1b0d80432c79 3457 {
wolfSSL 4:1b0d80432c79 3458 byte x[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 3459 byte scratch[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 3460 word32 blocks, partial;
wolfSSL 4:1b0d80432c79 3461
wolfSSL 4:1b0d80432c79 3462 XMEMSET(x, 0, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3463
wolfSSL 4:1b0d80432c79 3464 /* Hash in A, the Additional Authentication Data */
wolfSSL 4:1b0d80432c79 3465 if (aSz != 0 && a != NULL) {
wolfSSL 4:1b0d80432c79 3466 blocks = aSz / AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3467 partial = aSz % AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3468 while (blocks--) {
wolfSSL 4:1b0d80432c79 3469 xorbuf(x, a, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3470 GMULT(x, aes->M0);
wolfSSL 4:1b0d80432c79 3471 a += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3472 }
wolfSSL 4:1b0d80432c79 3473 if (partial != 0) {
wolfSSL 4:1b0d80432c79 3474 XMEMSET(scratch, 0, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3475 XMEMCPY(scratch, a, partial);
wolfSSL 4:1b0d80432c79 3476 xorbuf(x, scratch, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3477 GMULT(x, aes->M0);
wolfSSL 4:1b0d80432c79 3478 }
wolfSSL 4:1b0d80432c79 3479 }
wolfSSL 4:1b0d80432c79 3480
wolfSSL 4:1b0d80432c79 3481 /* Hash in C, the Ciphertext */
wolfSSL 4:1b0d80432c79 3482 if (cSz != 0 && c != NULL) {
wolfSSL 4:1b0d80432c79 3483 blocks = cSz / AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3484 partial = cSz % AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3485 while (blocks--) {
wolfSSL 4:1b0d80432c79 3486 xorbuf(x, c, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3487 GMULT(x, aes->M0);
wolfSSL 4:1b0d80432c79 3488 c += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3489 }
wolfSSL 4:1b0d80432c79 3490 if (partial != 0) {
wolfSSL 4:1b0d80432c79 3491 XMEMSET(scratch, 0, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3492 XMEMCPY(scratch, c, partial);
wolfSSL 4:1b0d80432c79 3493 xorbuf(x, scratch, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3494 GMULT(x, aes->M0);
wolfSSL 4:1b0d80432c79 3495 }
wolfSSL 4:1b0d80432c79 3496 }
wolfSSL 4:1b0d80432c79 3497
wolfSSL 4:1b0d80432c79 3498 /* Hash in the lengths of A and C in bits */
wolfSSL 4:1b0d80432c79 3499 FlattenSzInBits(&scratch[0], aSz);
wolfSSL 4:1b0d80432c79 3500 FlattenSzInBits(&scratch[8], cSz);
wolfSSL 4:1b0d80432c79 3501 xorbuf(x, scratch, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3502 GMULT(x, aes->M0);
wolfSSL 4:1b0d80432c79 3503
wolfSSL 4:1b0d80432c79 3504 /* Copy the result into s. */
wolfSSL 4:1b0d80432c79 3505 XMEMCPY(s, x, sSz);
wolfSSL 4:1b0d80432c79 3506 }
wolfSSL 4:1b0d80432c79 3507
wolfSSL 4:1b0d80432c79 3508 /* end GCM_TABLE */
wolfSSL 4:1b0d80432c79 3509 #elif defined(WORD64_AVAILABLE) && !defined(GCM_WORD32)
wolfSSL 4:1b0d80432c79 3510
wolfSSL 4:1b0d80432c79 3511 static void GMULT(word64* X, word64* Y)
wolfSSL 4:1b0d80432c79 3512 {
wolfSSL 4:1b0d80432c79 3513 word64 Z[2] = {0,0};
wolfSSL 4:1b0d80432c79 3514 word64 V[2] ;
wolfSSL 4:1b0d80432c79 3515 int i, j;
wolfSSL 4:1b0d80432c79 3516 V[0] = X[0] ; V[1] = X[1] ;
wolfSSL 4:1b0d80432c79 3517
wolfSSL 4:1b0d80432c79 3518 for (i = 0; i < 2; i++)
wolfSSL 4:1b0d80432c79 3519 {
wolfSSL 4:1b0d80432c79 3520 word64 y = Y[i];
wolfSSL 4:1b0d80432c79 3521 for (j = 0; j < 64; j++)
wolfSSL 4:1b0d80432c79 3522 {
wolfSSL 4:1b0d80432c79 3523 if (y & 0x8000000000000000ULL) {
wolfSSL 4:1b0d80432c79 3524 Z[0] ^= V[0];
wolfSSL 4:1b0d80432c79 3525 Z[1] ^= V[1];
wolfSSL 4:1b0d80432c79 3526 }
wolfSSL 4:1b0d80432c79 3527
wolfSSL 4:1b0d80432c79 3528 if (V[1] & 0x0000000000000001) {
wolfSSL 4:1b0d80432c79 3529 V[1] >>= 1;
wolfSSL 4:1b0d80432c79 3530 V[1] |= ((V[0] & 0x0000000000000001) ? 0x8000000000000000ULL : 0);
wolfSSL 4:1b0d80432c79 3531 V[0] >>= 1;
wolfSSL 4:1b0d80432c79 3532 V[0] ^= 0xE100000000000000ULL;
wolfSSL 4:1b0d80432c79 3533 }
wolfSSL 4:1b0d80432c79 3534 else {
wolfSSL 4:1b0d80432c79 3535 V[1] >>= 1;
wolfSSL 4:1b0d80432c79 3536 V[1] |= ((V[0] & 0x0000000000000001) ? 0x8000000000000000ULL : 0);
wolfSSL 4:1b0d80432c79 3537 V[0] >>= 1;
wolfSSL 4:1b0d80432c79 3538 }
wolfSSL 4:1b0d80432c79 3539 y <<= 1;
wolfSSL 4:1b0d80432c79 3540 }
wolfSSL 4:1b0d80432c79 3541 }
wolfSSL 4:1b0d80432c79 3542 X[0] = Z[0];
wolfSSL 4:1b0d80432c79 3543 X[1] = Z[1];
wolfSSL 4:1b0d80432c79 3544 }
wolfSSL 4:1b0d80432c79 3545
wolfSSL 4:1b0d80432c79 3546
wolfSSL 4:1b0d80432c79 3547 static void GHASH(Aes* aes, const byte* a, word32 aSz,
wolfSSL 4:1b0d80432c79 3548 const byte* c, word32 cSz, byte* s, word32 sSz)
wolfSSL 4:1b0d80432c79 3549 {
wolfSSL 4:1b0d80432c79 3550 word64 x[2] = {0,0};
wolfSSL 4:1b0d80432c79 3551 word32 blocks, partial;
wolfSSL 4:1b0d80432c79 3552 word64 bigH[2];
wolfSSL 4:1b0d80432c79 3553
wolfSSL 4:1b0d80432c79 3554 XMEMCPY(bigH, aes->H, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3555 #ifdef LITTLE_ENDIAN_ORDER
wolfSSL 4:1b0d80432c79 3556 ByteReverseWords64(bigH, bigH, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3557 #endif
wolfSSL 4:1b0d80432c79 3558
wolfSSL 4:1b0d80432c79 3559 /* Hash in A, the Additional Authentication Data */
wolfSSL 4:1b0d80432c79 3560 if (aSz != 0 && a != NULL) {
wolfSSL 4:1b0d80432c79 3561 word64 bigA[2];
wolfSSL 4:1b0d80432c79 3562 blocks = aSz / AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3563 partial = aSz % AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3564 while (blocks--) {
wolfSSL 4:1b0d80432c79 3565 XMEMCPY(bigA, a, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3566 #ifdef LITTLE_ENDIAN_ORDER
wolfSSL 4:1b0d80432c79 3567 ByteReverseWords64(bigA, bigA, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3568 #endif
wolfSSL 4:1b0d80432c79 3569 x[0] ^= bigA[0];
wolfSSL 4:1b0d80432c79 3570 x[1] ^= bigA[1];
wolfSSL 4:1b0d80432c79 3571 GMULT(x, bigH);
wolfSSL 4:1b0d80432c79 3572 a += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3573 }
wolfSSL 4:1b0d80432c79 3574 if (partial != 0) {
wolfSSL 4:1b0d80432c79 3575 XMEMSET(bigA, 0, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3576 XMEMCPY(bigA, a, partial);
wolfSSL 4:1b0d80432c79 3577 #ifdef LITTLE_ENDIAN_ORDER
wolfSSL 4:1b0d80432c79 3578 ByteReverseWords64(bigA, bigA, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3579 #endif
wolfSSL 4:1b0d80432c79 3580 x[0] ^= bigA[0];
wolfSSL 4:1b0d80432c79 3581 x[1] ^= bigA[1];
wolfSSL 4:1b0d80432c79 3582 GMULT(x, bigH);
wolfSSL 4:1b0d80432c79 3583 }
wolfSSL 4:1b0d80432c79 3584 }
wolfSSL 4:1b0d80432c79 3585
wolfSSL 4:1b0d80432c79 3586 /* Hash in C, the Ciphertext */
wolfSSL 4:1b0d80432c79 3587 if (cSz != 0 && c != NULL) {
wolfSSL 4:1b0d80432c79 3588 word64 bigC[2];
wolfSSL 4:1b0d80432c79 3589 blocks = cSz / AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3590 partial = cSz % AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3591 while (blocks--) {
wolfSSL 4:1b0d80432c79 3592 XMEMCPY(bigC, c, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3593 #ifdef LITTLE_ENDIAN_ORDER
wolfSSL 4:1b0d80432c79 3594 ByteReverseWords64(bigC, bigC, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3595 #endif
wolfSSL 4:1b0d80432c79 3596 x[0] ^= bigC[0];
wolfSSL 4:1b0d80432c79 3597 x[1] ^= bigC[1];
wolfSSL 4:1b0d80432c79 3598 GMULT(x, bigH);
wolfSSL 4:1b0d80432c79 3599 c += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3600 }
wolfSSL 4:1b0d80432c79 3601 if (partial != 0) {
wolfSSL 4:1b0d80432c79 3602 XMEMSET(bigC, 0, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3603 XMEMCPY(bigC, c, partial);
wolfSSL 4:1b0d80432c79 3604 #ifdef LITTLE_ENDIAN_ORDER
wolfSSL 4:1b0d80432c79 3605 ByteReverseWords64(bigC, bigC, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3606 #endif
wolfSSL 4:1b0d80432c79 3607 x[0] ^= bigC[0];
wolfSSL 4:1b0d80432c79 3608 x[1] ^= bigC[1];
wolfSSL 4:1b0d80432c79 3609 GMULT(x, bigH);
wolfSSL 4:1b0d80432c79 3610 }
wolfSSL 4:1b0d80432c79 3611 }
wolfSSL 4:1b0d80432c79 3612
wolfSSL 4:1b0d80432c79 3613 /* Hash in the lengths in bits of A and C */
wolfSSL 4:1b0d80432c79 3614 {
wolfSSL 4:1b0d80432c79 3615 word64 len[2] ;
wolfSSL 4:1b0d80432c79 3616 len[0] = aSz ; len[1] = cSz;
wolfSSL 4:1b0d80432c79 3617
wolfSSL 4:1b0d80432c79 3618 /* Lengths are in bytes. Convert to bits. */
wolfSSL 4:1b0d80432c79 3619 len[0] *= 8;
wolfSSL 4:1b0d80432c79 3620 len[1] *= 8;
wolfSSL 4:1b0d80432c79 3621
wolfSSL 4:1b0d80432c79 3622 x[0] ^= len[0];
wolfSSL 4:1b0d80432c79 3623 x[1] ^= len[1];
wolfSSL 4:1b0d80432c79 3624 GMULT(x, bigH);
wolfSSL 4:1b0d80432c79 3625 }
wolfSSL 4:1b0d80432c79 3626 #ifdef LITTLE_ENDIAN_ORDER
wolfSSL 4:1b0d80432c79 3627 ByteReverseWords64(x, x, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3628 #endif
wolfSSL 4:1b0d80432c79 3629 XMEMCPY(s, x, sSz);
wolfSSL 4:1b0d80432c79 3630 }
wolfSSL 4:1b0d80432c79 3631
wolfSSL 4:1b0d80432c79 3632 /* end defined(WORD64_AVAILABLE) && !defined(GCM_WORD32) */
wolfSSL 4:1b0d80432c79 3633 #else /* GCM_WORD32 */
wolfSSL 4:1b0d80432c79 3634
wolfSSL 4:1b0d80432c79 3635 static void GMULT(word32* X, word32* Y)
wolfSSL 4:1b0d80432c79 3636 {
wolfSSL 4:1b0d80432c79 3637 word32 Z[4] = {0,0,0,0};
wolfSSL 4:1b0d80432c79 3638 word32 V[4] ;
wolfSSL 4:1b0d80432c79 3639 int i, j;
wolfSSL 4:1b0d80432c79 3640
wolfSSL 4:1b0d80432c79 3641 V[0] = X[0]; V[1] = X[1]; V[2] = X[2]; V[3] = X[3];
wolfSSL 4:1b0d80432c79 3642
wolfSSL 4:1b0d80432c79 3643 for (i = 0; i < 4; i++)
wolfSSL 4:1b0d80432c79 3644 {
wolfSSL 4:1b0d80432c79 3645 word32 y = Y[i];
wolfSSL 4:1b0d80432c79 3646 for (j = 0; j < 32; j++)
wolfSSL 4:1b0d80432c79 3647 {
wolfSSL 4:1b0d80432c79 3648 if (y & 0x80000000) {
wolfSSL 4:1b0d80432c79 3649 Z[0] ^= V[0];
wolfSSL 4:1b0d80432c79 3650 Z[1] ^= V[1];
wolfSSL 4:1b0d80432c79 3651 Z[2] ^= V[2];
wolfSSL 4:1b0d80432c79 3652 Z[3] ^= V[3];
wolfSSL 4:1b0d80432c79 3653 }
wolfSSL 4:1b0d80432c79 3654
wolfSSL 4:1b0d80432c79 3655 if (V[3] & 0x00000001) {
wolfSSL 4:1b0d80432c79 3656 V[3] >>= 1;
wolfSSL 4:1b0d80432c79 3657 V[3] |= ((V[2] & 0x00000001) ? 0x80000000 : 0);
wolfSSL 4:1b0d80432c79 3658 V[2] >>= 1;
wolfSSL 4:1b0d80432c79 3659 V[2] |= ((V[1] & 0x00000001) ? 0x80000000 : 0);
wolfSSL 4:1b0d80432c79 3660 V[1] >>= 1;
wolfSSL 4:1b0d80432c79 3661 V[1] |= ((V[0] & 0x00000001) ? 0x80000000 : 0);
wolfSSL 4:1b0d80432c79 3662 V[0] >>= 1;
wolfSSL 4:1b0d80432c79 3663 V[0] ^= 0xE1000000;
wolfSSL 4:1b0d80432c79 3664 } else {
wolfSSL 4:1b0d80432c79 3665 V[3] >>= 1;
wolfSSL 4:1b0d80432c79 3666 V[3] |= ((V[2] & 0x00000001) ? 0x80000000 : 0);
wolfSSL 4:1b0d80432c79 3667 V[2] >>= 1;
wolfSSL 4:1b0d80432c79 3668 V[2] |= ((V[1] & 0x00000001) ? 0x80000000 : 0);
wolfSSL 4:1b0d80432c79 3669 V[1] >>= 1;
wolfSSL 4:1b0d80432c79 3670 V[1] |= ((V[0] & 0x00000001) ? 0x80000000 : 0);
wolfSSL 4:1b0d80432c79 3671 V[0] >>= 1;
wolfSSL 4:1b0d80432c79 3672 }
wolfSSL 4:1b0d80432c79 3673 y <<= 1;
wolfSSL 4:1b0d80432c79 3674 }
wolfSSL 4:1b0d80432c79 3675 }
wolfSSL 4:1b0d80432c79 3676 X[0] = Z[0];
wolfSSL 4:1b0d80432c79 3677 X[1] = Z[1];
wolfSSL 4:1b0d80432c79 3678 X[2] = Z[2];
wolfSSL 4:1b0d80432c79 3679 X[3] = Z[3];
wolfSSL 4:1b0d80432c79 3680 }
wolfSSL 4:1b0d80432c79 3681
wolfSSL 4:1b0d80432c79 3682
wolfSSL 4:1b0d80432c79 3683 static void GHASH(Aes* aes, const byte* a, word32 aSz,
wolfSSL 4:1b0d80432c79 3684 const byte* c, word32 cSz, byte* s, word32 sSz)
wolfSSL 4:1b0d80432c79 3685 {
wolfSSL 4:1b0d80432c79 3686 word32 x[4] = {0,0,0,0};
wolfSSL 4:1b0d80432c79 3687 word32 blocks, partial;
wolfSSL 4:1b0d80432c79 3688 word32 bigH[4];
wolfSSL 4:1b0d80432c79 3689
wolfSSL 4:1b0d80432c79 3690 XMEMCPY(bigH, aes->H, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3691 #ifdef LITTLE_ENDIAN_ORDER
wolfSSL 4:1b0d80432c79 3692 ByteReverseWords(bigH, bigH, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3693 #endif
wolfSSL 4:1b0d80432c79 3694
wolfSSL 4:1b0d80432c79 3695 /* Hash in A, the Additional Authentication Data */
wolfSSL 4:1b0d80432c79 3696 if (aSz != 0 && a != NULL) {
wolfSSL 4:1b0d80432c79 3697 word32 bigA[4];
wolfSSL 4:1b0d80432c79 3698 blocks = aSz / AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3699 partial = aSz % AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3700 while (blocks--) {
wolfSSL 4:1b0d80432c79 3701 XMEMCPY(bigA, a, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3702 #ifdef LITTLE_ENDIAN_ORDER
wolfSSL 4:1b0d80432c79 3703 ByteReverseWords(bigA, bigA, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3704 #endif
wolfSSL 4:1b0d80432c79 3705 x[0] ^= bigA[0];
wolfSSL 4:1b0d80432c79 3706 x[1] ^= bigA[1];
wolfSSL 4:1b0d80432c79 3707 x[2] ^= bigA[2];
wolfSSL 4:1b0d80432c79 3708 x[3] ^= bigA[3];
wolfSSL 4:1b0d80432c79 3709 GMULT(x, bigH);
wolfSSL 4:1b0d80432c79 3710 a += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3711 }
wolfSSL 4:1b0d80432c79 3712 if (partial != 0) {
wolfSSL 4:1b0d80432c79 3713 XMEMSET(bigA, 0, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3714 XMEMCPY(bigA, a, partial);
wolfSSL 4:1b0d80432c79 3715 #ifdef LITTLE_ENDIAN_ORDER
wolfSSL 4:1b0d80432c79 3716 ByteReverseWords(bigA, bigA, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3717 #endif
wolfSSL 4:1b0d80432c79 3718 x[0] ^= bigA[0];
wolfSSL 4:1b0d80432c79 3719 x[1] ^= bigA[1];
wolfSSL 4:1b0d80432c79 3720 x[2] ^= bigA[2];
wolfSSL 4:1b0d80432c79 3721 x[3] ^= bigA[3];
wolfSSL 4:1b0d80432c79 3722 GMULT(x, bigH);
wolfSSL 4:1b0d80432c79 3723 }
wolfSSL 4:1b0d80432c79 3724 }
wolfSSL 4:1b0d80432c79 3725
wolfSSL 4:1b0d80432c79 3726 /* Hash in C, the Ciphertext */
wolfSSL 4:1b0d80432c79 3727 if (cSz != 0 && c != NULL) {
wolfSSL 4:1b0d80432c79 3728 word32 bigC[4];
wolfSSL 4:1b0d80432c79 3729 blocks = cSz / AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3730 partial = cSz % AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3731 while (blocks--) {
wolfSSL 4:1b0d80432c79 3732 XMEMCPY(bigC, c, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3733 #ifdef LITTLE_ENDIAN_ORDER
wolfSSL 4:1b0d80432c79 3734 ByteReverseWords(bigC, bigC, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3735 #endif
wolfSSL 4:1b0d80432c79 3736 x[0] ^= bigC[0];
wolfSSL 4:1b0d80432c79 3737 x[1] ^= bigC[1];
wolfSSL 4:1b0d80432c79 3738 x[2] ^= bigC[2];
wolfSSL 4:1b0d80432c79 3739 x[3] ^= bigC[3];
wolfSSL 4:1b0d80432c79 3740 GMULT(x, bigH);
wolfSSL 4:1b0d80432c79 3741 c += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3742 }
wolfSSL 4:1b0d80432c79 3743 if (partial != 0) {
wolfSSL 4:1b0d80432c79 3744 XMEMSET(bigC, 0, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3745 XMEMCPY(bigC, c, partial);
wolfSSL 4:1b0d80432c79 3746 #ifdef LITTLE_ENDIAN_ORDER
wolfSSL 4:1b0d80432c79 3747 ByteReverseWords(bigC, bigC, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3748 #endif
wolfSSL 4:1b0d80432c79 3749 x[0] ^= bigC[0];
wolfSSL 4:1b0d80432c79 3750 x[1] ^= bigC[1];
wolfSSL 4:1b0d80432c79 3751 x[2] ^= bigC[2];
wolfSSL 4:1b0d80432c79 3752 x[3] ^= bigC[3];
wolfSSL 4:1b0d80432c79 3753 GMULT(x, bigH);
wolfSSL 4:1b0d80432c79 3754 }
wolfSSL 4:1b0d80432c79 3755 }
wolfSSL 4:1b0d80432c79 3756
wolfSSL 4:1b0d80432c79 3757 /* Hash in the lengths in bits of A and C */
wolfSSL 4:1b0d80432c79 3758 {
wolfSSL 4:1b0d80432c79 3759 word32 len[4];
wolfSSL 4:1b0d80432c79 3760
wolfSSL 4:1b0d80432c79 3761 /* Lengths are in bytes. Convert to bits. */
wolfSSL 4:1b0d80432c79 3762 len[0] = (aSz >> (8*sizeof(aSz) - 3));
wolfSSL 4:1b0d80432c79 3763 len[1] = aSz << 3;
wolfSSL 4:1b0d80432c79 3764 len[2] = (cSz >> (8*sizeof(cSz) - 3));
wolfSSL 4:1b0d80432c79 3765 len[3] = cSz << 3;
wolfSSL 4:1b0d80432c79 3766
wolfSSL 4:1b0d80432c79 3767 x[0] ^= len[0];
wolfSSL 4:1b0d80432c79 3768 x[1] ^= len[1];
wolfSSL 4:1b0d80432c79 3769 x[2] ^= len[2];
wolfSSL 4:1b0d80432c79 3770 x[3] ^= len[3];
wolfSSL 4:1b0d80432c79 3771 GMULT(x, bigH);
wolfSSL 4:1b0d80432c79 3772 }
wolfSSL 4:1b0d80432c79 3773 #ifdef LITTLE_ENDIAN_ORDER
wolfSSL 4:1b0d80432c79 3774 ByteReverseWords(x, x, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3775 #endif
wolfSSL 4:1b0d80432c79 3776 XMEMCPY(s, x, sSz);
wolfSSL 4:1b0d80432c79 3777 }
wolfSSL 4:1b0d80432c79 3778
wolfSSL 4:1b0d80432c79 3779 #endif /* end GCM_WORD32 */
wolfSSL 4:1b0d80432c79 3780
wolfSSL 4:1b0d80432c79 3781
wolfSSL 4:1b0d80432c79 3782 int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
wolfSSL 4:1b0d80432c79 3783 const byte* iv, word32 ivSz,
wolfSSL 4:1b0d80432c79 3784 byte* authTag, word32 authTagSz,
wolfSSL 4:1b0d80432c79 3785 const byte* authIn, word32 authInSz)
wolfSSL 4:1b0d80432c79 3786 {
wolfSSL 4:1b0d80432c79 3787 word32 blocks = sz / AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3788 word32 partial = sz % AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3789 const byte* p = in;
wolfSSL 4:1b0d80432c79 3790 byte* c = out;
wolfSSL 4:1b0d80432c79 3791 byte counter[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 3792 byte initialCounter[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 3793 byte *ctr ;
wolfSSL 4:1b0d80432c79 3794 byte scratch[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 3795
wolfSSL 4:1b0d80432c79 3796 WOLFSSL_ENTER("AesGcmEncrypt");
wolfSSL 4:1b0d80432c79 3797
wolfSSL 4:1b0d80432c79 3798 #ifdef WOLFSSL_AESNI
wolfSSL 4:1b0d80432c79 3799 if (haveAESNI) {
wolfSSL 4:1b0d80432c79 3800 AES_GCM_encrypt((void*)in, out, (void*)authIn, (void*)iv, authTag,
wolfSSL 4:1b0d80432c79 3801 sz, authInSz, ivSz, (byte*)aes->key, aes->rounds);
wolfSSL 4:1b0d80432c79 3802 return 0;
wolfSSL 4:1b0d80432c79 3803 }
wolfSSL 4:1b0d80432c79 3804 #endif
wolfSSL 4:1b0d80432c79 3805
wolfSSL 4:1b0d80432c79 3806 #ifdef WOLFSSL_PIC32MZ_CRYPT
wolfSSL 4:1b0d80432c79 3807 ctr = (char *)aes->iv_ce ;
wolfSSL 4:1b0d80432c79 3808 #else
wolfSSL 4:1b0d80432c79 3809 ctr = counter ;
wolfSSL 4:1b0d80432c79 3810 #endif
wolfSSL 4:1b0d80432c79 3811
wolfSSL 4:1b0d80432c79 3812 XMEMSET(initialCounter, 0, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3813 if (ivSz == NONCE_SZ) {
wolfSSL 4:1b0d80432c79 3814 XMEMCPY(initialCounter, iv, ivSz);
wolfSSL 4:1b0d80432c79 3815 initialCounter[AES_BLOCK_SIZE - 1] = 1;
wolfSSL 4:1b0d80432c79 3816 }
wolfSSL 4:1b0d80432c79 3817 else {
wolfSSL 4:1b0d80432c79 3818 GHASH(aes, NULL, 0, iv, ivSz, initialCounter, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3819 }
wolfSSL 4:1b0d80432c79 3820 XMEMCPY(ctr, initialCounter, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3821
wolfSSL 4:1b0d80432c79 3822 #ifdef WOLFSSL_PIC32MZ_CRYPT
wolfSSL 4:1b0d80432c79 3823 if(blocks)
wolfSSL 4:1b0d80432c79 3824 wc_AesCrypt(aes, out, in, blocks*AES_BLOCK_SIZE,
wolfSSL 4:1b0d80432c79 3825 PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_AES_GCM );
wolfSSL 4:1b0d80432c79 3826 #endif
wolfSSL 4:1b0d80432c79 3827 while (blocks--) {
wolfSSL 4:1b0d80432c79 3828 IncrementGcmCounter(ctr);
wolfSSL 4:1b0d80432c79 3829 #ifndef WOLFSSL_PIC32MZ_CRYPT
wolfSSL 4:1b0d80432c79 3830 wc_AesEncrypt(aes, ctr, scratch);
wolfSSL 4:1b0d80432c79 3831 xorbuf(scratch, p, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3832 XMEMCPY(c, scratch, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3833 #endif
wolfSSL 4:1b0d80432c79 3834 p += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3835 c += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3836 }
wolfSSL 4:1b0d80432c79 3837
wolfSSL 4:1b0d80432c79 3838 if (partial != 0) {
wolfSSL 4:1b0d80432c79 3839 IncrementGcmCounter(ctr);
wolfSSL 4:1b0d80432c79 3840 wc_AesEncrypt(aes, ctr, scratch);
wolfSSL 4:1b0d80432c79 3841 xorbuf(scratch, p, partial);
wolfSSL 4:1b0d80432c79 3842 XMEMCPY(c, scratch, partial);
wolfSSL 4:1b0d80432c79 3843
wolfSSL 4:1b0d80432c79 3844 }
wolfSSL 4:1b0d80432c79 3845
wolfSSL 4:1b0d80432c79 3846 GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz);
wolfSSL 4:1b0d80432c79 3847 wc_AesEncrypt(aes, initialCounter, scratch);
wolfSSL 4:1b0d80432c79 3848 xorbuf(authTag, scratch, authTagSz);
wolfSSL 4:1b0d80432c79 3849
wolfSSL 4:1b0d80432c79 3850 return 0;
wolfSSL 4:1b0d80432c79 3851 }
wolfSSL 4:1b0d80432c79 3852
wolfSSL 4:1b0d80432c79 3853
wolfSSL 4:1b0d80432c79 3854 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 3855 int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
wolfSSL 4:1b0d80432c79 3856 const byte* iv, word32 ivSz,
wolfSSL 4:1b0d80432c79 3857 const byte* authTag, word32 authTagSz,
wolfSSL 4:1b0d80432c79 3858 const byte* authIn, word32 authInSz)
wolfSSL 4:1b0d80432c79 3859 {
wolfSSL 4:1b0d80432c79 3860 word32 blocks = sz / AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3861 word32 partial = sz % AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3862 const byte* c = in;
wolfSSL 4:1b0d80432c79 3863 byte* p = out;
wolfSSL 4:1b0d80432c79 3864 byte counter[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 3865 byte initialCounter[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 3866 byte *ctr ;
wolfSSL 4:1b0d80432c79 3867 byte scratch[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 3868
wolfSSL 4:1b0d80432c79 3869 WOLFSSL_ENTER("AesGcmDecrypt");
wolfSSL 4:1b0d80432c79 3870
wolfSSL 4:1b0d80432c79 3871 #ifdef WOLFSSL_AESNI
wolfSSL 4:1b0d80432c79 3872 if (haveAESNI) {
wolfSSL 4:1b0d80432c79 3873 if (AES_GCM_decrypt(in, out, authIn, iv, authTag,
wolfSSL 4:1b0d80432c79 3874 sz, authInSz, ivSz, (byte*)aes->key, aes->rounds) == 0)
wolfSSL 4:1b0d80432c79 3875 return AES_GCM_AUTH_E;
wolfSSL 4:1b0d80432c79 3876 return 0;
wolfSSL 4:1b0d80432c79 3877 }
wolfSSL 4:1b0d80432c79 3878 #endif
wolfSSL 4:1b0d80432c79 3879
wolfSSL 4:1b0d80432c79 3880 #ifdef WOLFSSL_PIC32MZ_CRYPT
wolfSSL 4:1b0d80432c79 3881 ctr = (char *)aes->iv_ce ;
wolfSSL 4:1b0d80432c79 3882 #else
wolfSSL 4:1b0d80432c79 3883 ctr = counter ;
wolfSSL 4:1b0d80432c79 3884 #endif
wolfSSL 4:1b0d80432c79 3885
wolfSSL 4:1b0d80432c79 3886 XMEMSET(initialCounter, 0, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3887 if (ivSz == NONCE_SZ) {
wolfSSL 4:1b0d80432c79 3888 XMEMCPY(initialCounter, iv, ivSz);
wolfSSL 4:1b0d80432c79 3889 initialCounter[AES_BLOCK_SIZE - 1] = 1;
wolfSSL 4:1b0d80432c79 3890 }
wolfSSL 4:1b0d80432c79 3891 else {
wolfSSL 4:1b0d80432c79 3892 GHASH(aes, NULL, 0, iv, ivSz, initialCounter, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3893 }
wolfSSL 4:1b0d80432c79 3894 XMEMCPY(ctr, initialCounter, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3895
wolfSSL 4:1b0d80432c79 3896 /* Calculate the authTag again using the received auth data and the
wolfSSL 4:1b0d80432c79 3897 * cipher text. */
wolfSSL 4:1b0d80432c79 3898 {
wolfSSL 4:1b0d80432c79 3899 byte Tprime[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 3900 byte EKY0[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 3901
wolfSSL 4:1b0d80432c79 3902 GHASH(aes, authIn, authInSz, in, sz, Tprime, sizeof(Tprime));
wolfSSL 4:1b0d80432c79 3903 wc_AesEncrypt(aes, ctr, EKY0);
wolfSSL 4:1b0d80432c79 3904 xorbuf(Tprime, EKY0, sizeof(Tprime));
wolfSSL 4:1b0d80432c79 3905
wolfSSL 4:1b0d80432c79 3906 if (ConstantCompare(authTag, Tprime, authTagSz) != 0) {
wolfSSL 4:1b0d80432c79 3907 return AES_GCM_AUTH_E;
wolfSSL 4:1b0d80432c79 3908 }
wolfSSL 4:1b0d80432c79 3909 }
wolfSSL 4:1b0d80432c79 3910
wolfSSL 4:1b0d80432c79 3911 #ifdef WOLFSSL_PIC32MZ_CRYPT
wolfSSL 4:1b0d80432c79 3912 if(blocks)
wolfSSL 4:1b0d80432c79 3913 wc_AesCrypt(aes, out, in, blocks*AES_BLOCK_SIZE,
wolfSSL 4:1b0d80432c79 3914 PIC32_DECRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_AES_GCM );
wolfSSL 4:1b0d80432c79 3915 #endif
wolfSSL 4:1b0d80432c79 3916
wolfSSL 4:1b0d80432c79 3917 while (blocks--) {
wolfSSL 4:1b0d80432c79 3918 IncrementGcmCounter(ctr);
wolfSSL 4:1b0d80432c79 3919 #ifndef WOLFSSL_PIC32MZ_CRYPT
wolfSSL 4:1b0d80432c79 3920 wc_AesEncrypt(aes, ctr, scratch);
wolfSSL 4:1b0d80432c79 3921 xorbuf(scratch, c, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3922 XMEMCPY(p, scratch, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3923 #endif
wolfSSL 4:1b0d80432c79 3924 p += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3925 c += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3926 }
wolfSSL 4:1b0d80432c79 3927 if (partial != 0) {
wolfSSL 4:1b0d80432c79 3928 IncrementGcmCounter(ctr);
wolfSSL 4:1b0d80432c79 3929 wc_AesEncrypt(aes, ctr, scratch);
wolfSSL 4:1b0d80432c79 3930 xorbuf(scratch, c, partial);
wolfSSL 4:1b0d80432c79 3931 XMEMCPY(p, scratch, partial);
wolfSSL 4:1b0d80432c79 3932 }
wolfSSL 4:1b0d80432c79 3933 return 0;
wolfSSL 4:1b0d80432c79 3934 }
wolfSSL 4:1b0d80432c79 3935
wolfSSL 4:1b0d80432c79 3936 #endif /* HAVE_AES_DECRYPT */
wolfSSL 4:1b0d80432c79 3937
wolfSSL 4:1b0d80432c79 3938 WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len)
wolfSSL 4:1b0d80432c79 3939 {
wolfSSL 4:1b0d80432c79 3940 return wc_AesGcmSetKey(&gmac->aes, key, len);
wolfSSL 4:1b0d80432c79 3941 }
wolfSSL 4:1b0d80432c79 3942
wolfSSL 4:1b0d80432c79 3943
wolfSSL 4:1b0d80432c79 3944 WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
wolfSSL 4:1b0d80432c79 3945 const byte* authIn, word32 authInSz,
wolfSSL 4:1b0d80432c79 3946 byte* authTag, word32 authTagSz)
wolfSSL 4:1b0d80432c79 3947 {
wolfSSL 4:1b0d80432c79 3948 return wc_AesGcmEncrypt(&gmac->aes, NULL, NULL, 0, iv, ivSz,
wolfSSL 4:1b0d80432c79 3949 authTag, authTagSz, authIn, authInSz);
wolfSSL 4:1b0d80432c79 3950 }
wolfSSL 4:1b0d80432c79 3951
wolfSSL 4:1b0d80432c79 3952 #endif /* HAVE_AESGCM */
wolfSSL 4:1b0d80432c79 3953
wolfSSL 4:1b0d80432c79 3954
wolfSSL 4:1b0d80432c79 3955 #ifdef HAVE_AESCCM
wolfSSL 4:1b0d80432c79 3956
wolfSSL 4:1b0d80432c79 3957 #ifdef STM32F2_CRYPTO
wolfSSL 4:1b0d80432c79 3958 #error "STM32F2 crypto doesn't currently support AES-CCM mode"
wolfSSL 4:1b0d80432c79 3959
wolfSSL 4:1b0d80432c79 3960 #elif defined(HAVE_COLDFIRE_SEC)
wolfSSL 4:1b0d80432c79 3961 #error "Coldfire SEC doesn't currently support AES-CCM mode"
wolfSSL 4:1b0d80432c79 3962
wolfSSL 4:1b0d80432c79 3963 #elif defined(WOLFSSL_PIC32MZ_CRYPT)
wolfSSL 4:1b0d80432c79 3964 #error "PIC32MZ doesn't currently support AES-CCM mode"
wolfSSL 4:1b0d80432c79 3965
wolfSSL 4:1b0d80432c79 3966 #endif
wolfSSL 4:1b0d80432c79 3967
wolfSSL 4:1b0d80432c79 3968 void wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
wolfSSL 4:1b0d80432c79 3969 {
wolfSSL 4:1b0d80432c79 3970 byte nonce[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 3971
wolfSSL 4:1b0d80432c79 3972 if (!((keySz == 16) || (keySz == 24) || (keySz == 32)))
wolfSSL 4:1b0d80432c79 3973 return;
wolfSSL 4:1b0d80432c79 3974
wolfSSL 4:1b0d80432c79 3975 XMEMSET(nonce, 0, sizeof(nonce));
wolfSSL 4:1b0d80432c79 3976 wc_AesSetKey(aes, key, keySz, nonce, AES_ENCRYPTION);
wolfSSL 4:1b0d80432c79 3977 }
wolfSSL 4:1b0d80432c79 3978
wolfSSL 4:1b0d80432c79 3979
wolfSSL 4:1b0d80432c79 3980 static void roll_x(Aes* aes, const byte* in, word32 inSz, byte* out)
wolfSSL 4:1b0d80432c79 3981 {
wolfSSL 4:1b0d80432c79 3982 /* process the bulk of the data */
wolfSSL 4:1b0d80432c79 3983 while (inSz >= AES_BLOCK_SIZE) {
wolfSSL 4:1b0d80432c79 3984 xorbuf(out, in, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 3985 in += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3986 inSz -= AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 3987
wolfSSL 4:1b0d80432c79 3988 wc_AesEncrypt(aes, out, out);
wolfSSL 4:1b0d80432c79 3989 }
wolfSSL 4:1b0d80432c79 3990
wolfSSL 4:1b0d80432c79 3991 /* process remainder of the data */
wolfSSL 4:1b0d80432c79 3992 if (inSz > 0) {
wolfSSL 4:1b0d80432c79 3993 xorbuf(out, in, inSz);
wolfSSL 4:1b0d80432c79 3994 wc_AesEncrypt(aes, out, out);
wolfSSL 4:1b0d80432c79 3995 }
wolfSSL 4:1b0d80432c79 3996 }
wolfSSL 4:1b0d80432c79 3997
wolfSSL 4:1b0d80432c79 3998
wolfSSL 4:1b0d80432c79 3999 static void roll_auth(Aes* aes, const byte* in, word32 inSz, byte* out)
wolfSSL 4:1b0d80432c79 4000 {
wolfSSL 4:1b0d80432c79 4001 word32 authLenSz;
wolfSSL 4:1b0d80432c79 4002 word32 remainder;
wolfSSL 4:1b0d80432c79 4003
wolfSSL 4:1b0d80432c79 4004 /* encode the length in */
wolfSSL 4:1b0d80432c79 4005 if (inSz <= 0xFEFF) {
wolfSSL 4:1b0d80432c79 4006 authLenSz = 2;
wolfSSL 4:1b0d80432c79 4007 out[0] ^= ((inSz & 0xFF00) >> 8);
wolfSSL 4:1b0d80432c79 4008 out[1] ^= (inSz & 0x00FF);
wolfSSL 4:1b0d80432c79 4009 }
wolfSSL 4:1b0d80432c79 4010 else if (inSz <= 0xFFFFFFFF) {
wolfSSL 4:1b0d80432c79 4011 authLenSz = 6;
wolfSSL 4:1b0d80432c79 4012 out[0] ^= 0xFF; out[1] ^= 0xFE;
wolfSSL 4:1b0d80432c79 4013 out[2] ^= ((inSz & 0xFF000000) >> 24);
wolfSSL 4:1b0d80432c79 4014 out[3] ^= ((inSz & 0x00FF0000) >> 16);
wolfSSL 4:1b0d80432c79 4015 out[4] ^= ((inSz & 0x0000FF00) >> 8);
wolfSSL 4:1b0d80432c79 4016 out[5] ^= (inSz & 0x000000FF);
wolfSSL 4:1b0d80432c79 4017 }
wolfSSL 4:1b0d80432c79 4018 /* Note, the protocol handles auth data up to 2^64, but we are
wolfSSL 4:1b0d80432c79 4019 * using 32-bit sizes right now, so the bigger data isn't handled
wolfSSL 4:1b0d80432c79 4020 * else if (inSz <= 0xFFFFFFFFFFFFFFFF) {} */
wolfSSL 4:1b0d80432c79 4021 else
wolfSSL 4:1b0d80432c79 4022 return;
wolfSSL 4:1b0d80432c79 4023
wolfSSL 4:1b0d80432c79 4024 /* start fill out the rest of the first block */
wolfSSL 4:1b0d80432c79 4025 remainder = AES_BLOCK_SIZE - authLenSz;
wolfSSL 4:1b0d80432c79 4026 if (inSz >= remainder) {
wolfSSL 4:1b0d80432c79 4027 /* plenty of bulk data to fill the remainder of this block */
wolfSSL 4:1b0d80432c79 4028 xorbuf(out + authLenSz, in, remainder);
wolfSSL 4:1b0d80432c79 4029 inSz -= remainder;
wolfSSL 4:1b0d80432c79 4030 in += remainder;
wolfSSL 4:1b0d80432c79 4031 }
wolfSSL 4:1b0d80432c79 4032 else {
wolfSSL 4:1b0d80432c79 4033 /* not enough bulk data, copy what is available, and pad zero */
wolfSSL 4:1b0d80432c79 4034 xorbuf(out + authLenSz, in, inSz);
wolfSSL 4:1b0d80432c79 4035 inSz = 0;
wolfSSL 4:1b0d80432c79 4036 }
wolfSSL 4:1b0d80432c79 4037 wc_AesEncrypt(aes, out, out);
wolfSSL 4:1b0d80432c79 4038
wolfSSL 4:1b0d80432c79 4039 if (inSz > 0)
wolfSSL 4:1b0d80432c79 4040 roll_x(aes, in, inSz, out);
wolfSSL 4:1b0d80432c79 4041 }
wolfSSL 4:1b0d80432c79 4042
wolfSSL 4:1b0d80432c79 4043
wolfSSL 4:1b0d80432c79 4044 static INLINE void AesCcmCtrInc(byte* B, word32 lenSz)
wolfSSL 4:1b0d80432c79 4045 {
wolfSSL 4:1b0d80432c79 4046 word32 i;
wolfSSL 4:1b0d80432c79 4047
wolfSSL 4:1b0d80432c79 4048 for (i = 0; i < lenSz; i++) {
wolfSSL 4:1b0d80432c79 4049 if (++B[AES_BLOCK_SIZE - 1 - i] != 0) return;
wolfSSL 4:1b0d80432c79 4050 }
wolfSSL 4:1b0d80432c79 4051 }
wolfSSL 4:1b0d80432c79 4052
wolfSSL 4:1b0d80432c79 4053
wolfSSL 4:1b0d80432c79 4054 /* return 0 on success */
wolfSSL 4:1b0d80432c79 4055 int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
wolfSSL 4:1b0d80432c79 4056 const byte* nonce, word32 nonceSz,
wolfSSL 4:1b0d80432c79 4057 byte* authTag, word32 authTagSz,
wolfSSL 4:1b0d80432c79 4058 const byte* authIn, word32 authInSz)
wolfSSL 4:1b0d80432c79 4059 {
wolfSSL 4:1b0d80432c79 4060 byte A[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 4061 byte B[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 4062 byte lenSz;
wolfSSL 4:1b0d80432c79 4063 word32 i;
wolfSSL 4:1b0d80432c79 4064 byte mask = 0xFF;
wolfSSL 4:1b0d80432c79 4065 word32 wordSz = (word32)sizeof(word32);
wolfSSL 4:1b0d80432c79 4066
wolfSSL 4:1b0d80432c79 4067 /* sanity check on arguments */
wolfSSL 4:1b0d80432c79 4068 if (aes == NULL || out == NULL || in == NULL || nonce == NULL
wolfSSL 4:1b0d80432c79 4069 || authTag == NULL || nonceSz < 7 || nonceSz > 13)
wolfSSL 4:1b0d80432c79 4070 return BAD_FUNC_ARG;
wolfSSL 4:1b0d80432c79 4071
wolfSSL 4:1b0d80432c79 4072 XMEMCPY(B+1, nonce, nonceSz);
wolfSSL 4:1b0d80432c79 4073 lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
wolfSSL 4:1b0d80432c79 4074 B[0] = (authInSz > 0 ? 64 : 0)
wolfSSL 4:1b0d80432c79 4075 + (8 * (((byte)authTagSz - 2) / 2))
wolfSSL 4:1b0d80432c79 4076 + (lenSz - 1);
wolfSSL 4:1b0d80432c79 4077 for (i = 0; i < lenSz; i++) {
wolfSSL 4:1b0d80432c79 4078 if (mask && i >= wordSz)
wolfSSL 4:1b0d80432c79 4079 mask = 0x00;
wolfSSL 4:1b0d80432c79 4080 B[AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
wolfSSL 4:1b0d80432c79 4081 }
wolfSSL 4:1b0d80432c79 4082
wolfSSL 4:1b0d80432c79 4083 wc_AesEncrypt(aes, B, A);
wolfSSL 4:1b0d80432c79 4084
wolfSSL 4:1b0d80432c79 4085 if (authInSz > 0)
wolfSSL 4:1b0d80432c79 4086 roll_auth(aes, authIn, authInSz, A);
wolfSSL 4:1b0d80432c79 4087 if (inSz > 0)
wolfSSL 4:1b0d80432c79 4088 roll_x(aes, in, inSz, A);
wolfSSL 4:1b0d80432c79 4089 XMEMCPY(authTag, A, authTagSz);
wolfSSL 4:1b0d80432c79 4090
wolfSSL 4:1b0d80432c79 4091 B[0] = lenSz - 1;
wolfSSL 4:1b0d80432c79 4092 for (i = 0; i < lenSz; i++)
wolfSSL 4:1b0d80432c79 4093 B[AES_BLOCK_SIZE - 1 - i] = 0;
wolfSSL 4:1b0d80432c79 4094 wc_AesEncrypt(aes, B, A);
wolfSSL 4:1b0d80432c79 4095 xorbuf(authTag, A, authTagSz);
wolfSSL 4:1b0d80432c79 4096
wolfSSL 4:1b0d80432c79 4097 B[15] = 1;
wolfSSL 4:1b0d80432c79 4098 while (inSz >= AES_BLOCK_SIZE) {
wolfSSL 4:1b0d80432c79 4099 wc_AesEncrypt(aes, B, A);
wolfSSL 4:1b0d80432c79 4100 xorbuf(A, in, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 4101 XMEMCPY(out, A, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 4102
wolfSSL 4:1b0d80432c79 4103 AesCcmCtrInc(B, lenSz);
wolfSSL 4:1b0d80432c79 4104 inSz -= AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 4105 in += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 4106 out += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 4107 }
wolfSSL 4:1b0d80432c79 4108 if (inSz > 0) {
wolfSSL 4:1b0d80432c79 4109 wc_AesEncrypt(aes, B, A);
wolfSSL 4:1b0d80432c79 4110 xorbuf(A, in, inSz);
wolfSSL 4:1b0d80432c79 4111 XMEMCPY(out, A, inSz);
wolfSSL 4:1b0d80432c79 4112 }
wolfSSL 4:1b0d80432c79 4113
wolfSSL 4:1b0d80432c79 4114 ForceZero(A, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 4115 ForceZero(B, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 4116
wolfSSL 4:1b0d80432c79 4117 return 0;
wolfSSL 4:1b0d80432c79 4118 }
wolfSSL 4:1b0d80432c79 4119
wolfSSL 4:1b0d80432c79 4120 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 4121 int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
wolfSSL 4:1b0d80432c79 4122 const byte* nonce, word32 nonceSz,
wolfSSL 4:1b0d80432c79 4123 const byte* authTag, word32 authTagSz,
wolfSSL 4:1b0d80432c79 4124 const byte* authIn, word32 authInSz)
wolfSSL 4:1b0d80432c79 4125 {
wolfSSL 4:1b0d80432c79 4126 byte A[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 4127 byte B[AES_BLOCK_SIZE];
wolfSSL 4:1b0d80432c79 4128 byte* o;
wolfSSL 4:1b0d80432c79 4129 byte lenSz;
wolfSSL 4:1b0d80432c79 4130 word32 i, oSz;
wolfSSL 4:1b0d80432c79 4131 int result = 0;
wolfSSL 4:1b0d80432c79 4132 byte mask = 0xFF;
wolfSSL 4:1b0d80432c79 4133 word32 wordSz = (word32)sizeof(word32);
wolfSSL 4:1b0d80432c79 4134
wolfSSL 4:1b0d80432c79 4135 /* sanity check on arguments */
wolfSSL 4:1b0d80432c79 4136 if (aes == NULL || out == NULL || in == NULL || nonce == NULL
wolfSSL 4:1b0d80432c79 4137 || authTag == NULL || nonceSz < 7 || nonceSz > 13)
wolfSSL 4:1b0d80432c79 4138 return BAD_FUNC_ARG;
wolfSSL 4:1b0d80432c79 4139
wolfSSL 4:1b0d80432c79 4140 o = out;
wolfSSL 4:1b0d80432c79 4141 oSz = inSz;
wolfSSL 4:1b0d80432c79 4142 XMEMCPY(B+1, nonce, nonceSz);
wolfSSL 4:1b0d80432c79 4143 lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
wolfSSL 4:1b0d80432c79 4144
wolfSSL 4:1b0d80432c79 4145 B[0] = lenSz - 1;
wolfSSL 4:1b0d80432c79 4146 for (i = 0; i < lenSz; i++)
wolfSSL 4:1b0d80432c79 4147 B[AES_BLOCK_SIZE - 1 - i] = 0;
wolfSSL 4:1b0d80432c79 4148 B[15] = 1;
wolfSSL 4:1b0d80432c79 4149
wolfSSL 4:1b0d80432c79 4150 while (oSz >= AES_BLOCK_SIZE) {
wolfSSL 4:1b0d80432c79 4151 wc_AesEncrypt(aes, B, A);
wolfSSL 4:1b0d80432c79 4152 xorbuf(A, in, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 4153 XMEMCPY(o, A, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 4154
wolfSSL 4:1b0d80432c79 4155 AesCcmCtrInc(B, lenSz);
wolfSSL 4:1b0d80432c79 4156 oSz -= AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 4157 in += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 4158 o += AES_BLOCK_SIZE;
wolfSSL 4:1b0d80432c79 4159 }
wolfSSL 4:1b0d80432c79 4160 if (inSz > 0) {
wolfSSL 4:1b0d80432c79 4161 wc_AesEncrypt(aes, B, A);
wolfSSL 4:1b0d80432c79 4162 xorbuf(A, in, oSz);
wolfSSL 4:1b0d80432c79 4163 XMEMCPY(o, A, oSz);
wolfSSL 4:1b0d80432c79 4164 }
wolfSSL 4:1b0d80432c79 4165
wolfSSL 4:1b0d80432c79 4166 for (i = 0; i < lenSz; i++)
wolfSSL 4:1b0d80432c79 4167 B[AES_BLOCK_SIZE - 1 - i] = 0;
wolfSSL 4:1b0d80432c79 4168 wc_AesEncrypt(aes, B, A);
wolfSSL 4:1b0d80432c79 4169
wolfSSL 4:1b0d80432c79 4170 o = out;
wolfSSL 4:1b0d80432c79 4171 oSz = inSz;
wolfSSL 4:1b0d80432c79 4172
wolfSSL 4:1b0d80432c79 4173 B[0] = (authInSz > 0 ? 64 : 0)
wolfSSL 4:1b0d80432c79 4174 + (8 * (((byte)authTagSz - 2) / 2))
wolfSSL 4:1b0d80432c79 4175 + (lenSz - 1);
wolfSSL 4:1b0d80432c79 4176 for (i = 0; i < lenSz; i++) {
wolfSSL 4:1b0d80432c79 4177 if (mask && i >= wordSz)
wolfSSL 4:1b0d80432c79 4178 mask = 0x00;
wolfSSL 4:1b0d80432c79 4179 B[AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
wolfSSL 4:1b0d80432c79 4180 }
wolfSSL 4:1b0d80432c79 4181
wolfSSL 4:1b0d80432c79 4182 wc_AesEncrypt(aes, B, A);
wolfSSL 4:1b0d80432c79 4183
wolfSSL 4:1b0d80432c79 4184 if (authInSz > 0)
wolfSSL 4:1b0d80432c79 4185 roll_auth(aes, authIn, authInSz, A);
wolfSSL 4:1b0d80432c79 4186 if (inSz > 0)
wolfSSL 4:1b0d80432c79 4187 roll_x(aes, o, oSz, A);
wolfSSL 4:1b0d80432c79 4188
wolfSSL 4:1b0d80432c79 4189 B[0] = lenSz - 1;
wolfSSL 4:1b0d80432c79 4190 for (i = 0; i < lenSz; i++)
wolfSSL 4:1b0d80432c79 4191 B[AES_BLOCK_SIZE - 1 - i] = 0;
wolfSSL 4:1b0d80432c79 4192 wc_AesEncrypt(aes, B, B);
wolfSSL 4:1b0d80432c79 4193 xorbuf(A, B, authTagSz);
wolfSSL 4:1b0d80432c79 4194
wolfSSL 4:1b0d80432c79 4195 if (ConstantCompare(A, authTag, authTagSz) != 0) {
wolfSSL 4:1b0d80432c79 4196 /* If the authTag check fails, don't keep the decrypted data.
wolfSSL 4:1b0d80432c79 4197 * Unfortunately, you need the decrypted data to calculate the
wolfSSL 4:1b0d80432c79 4198 * check value. */
wolfSSL 4:1b0d80432c79 4199 XMEMSET(out, 0, inSz);
wolfSSL 4:1b0d80432c79 4200 result = AES_CCM_AUTH_E;
wolfSSL 4:1b0d80432c79 4201 }
wolfSSL 4:1b0d80432c79 4202
wolfSSL 4:1b0d80432c79 4203 ForceZero(A, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 4204 ForceZero(B, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 4205 o = NULL;
wolfSSL 4:1b0d80432c79 4206
wolfSSL 4:1b0d80432c79 4207 return result;
wolfSSL 4:1b0d80432c79 4208 }
wolfSSL 4:1b0d80432c79 4209 #endif /* HAVE_AES_DECRYPT */
wolfSSL 4:1b0d80432c79 4210 #endif /* HAVE_AESCCM */
wolfSSL 4:1b0d80432c79 4211
wolfSSL 4:1b0d80432c79 4212
wolfSSL 4:1b0d80432c79 4213 #ifdef HAVE_CAVIUM
wolfSSL 4:1b0d80432c79 4214
wolfSSL 4:1b0d80432c79 4215 #include <wolfssl/wolfcrypt/logging.h>
wolfSSL 4:1b0d80432c79 4216 #include "cavium_common.h"
wolfSSL 4:1b0d80432c79 4217
wolfSSL 4:1b0d80432c79 4218 /* Initialize Aes for use with Nitrox device */
wolfSSL 4:1b0d80432c79 4219 int wc_AesInitCavium(Aes* aes, int devId)
wolfSSL 4:1b0d80432c79 4220 {
wolfSSL 4:1b0d80432c79 4221 if (aes == NULL)
wolfSSL 4:1b0d80432c79 4222 return -1;
wolfSSL 4:1b0d80432c79 4223
wolfSSL 4:1b0d80432c79 4224 if (CspAllocContext(CONTEXT_SSL, &aes->contextHandle, devId) != 0)
wolfSSL 4:1b0d80432c79 4225 return -1;
wolfSSL 4:1b0d80432c79 4226
wolfSSL 4:1b0d80432c79 4227 aes->devId = devId;
wolfSSL 4:1b0d80432c79 4228 aes->magic = WOLFSSL_AES_CAVIUM_MAGIC;
wolfSSL 4:1b0d80432c79 4229
wolfSSL 4:1b0d80432c79 4230 return 0;
wolfSSL 4:1b0d80432c79 4231 }
wolfSSL 4:1b0d80432c79 4232
wolfSSL 4:1b0d80432c79 4233
wolfSSL 4:1b0d80432c79 4234 /* Free Aes from use with Nitrox device */
wolfSSL 4:1b0d80432c79 4235 void wc_AesFreeCavium(Aes* aes)
wolfSSL 4:1b0d80432c79 4236 {
wolfSSL 4:1b0d80432c79 4237 if (aes == NULL)
wolfSSL 4:1b0d80432c79 4238 return;
wolfSSL 4:1b0d80432c79 4239
wolfSSL 4:1b0d80432c79 4240 if (aes->magic != WOLFSSL_AES_CAVIUM_MAGIC)
wolfSSL 4:1b0d80432c79 4241 return;
wolfSSL 4:1b0d80432c79 4242
wolfSSL 4:1b0d80432c79 4243 CspFreeContext(CONTEXT_SSL, aes->contextHandle, aes->devId);
wolfSSL 4:1b0d80432c79 4244 aes->magic = 0;
wolfSSL 4:1b0d80432c79 4245 }
wolfSSL 4:1b0d80432c79 4246
wolfSSL 4:1b0d80432c79 4247
wolfSSL 4:1b0d80432c79 4248 static int wc_AesCaviumSetKey(Aes* aes, const byte* key, word32 length,
wolfSSL 4:1b0d80432c79 4249 const byte* iv)
wolfSSL 4:1b0d80432c79 4250 {
wolfSSL 4:1b0d80432c79 4251 if (aes == NULL)
wolfSSL 4:1b0d80432c79 4252 return -1;
wolfSSL 4:1b0d80432c79 4253
wolfSSL 4:1b0d80432c79 4254 XMEMCPY(aes->key, key, length); /* key still holds key, iv still in reg */
wolfSSL 4:1b0d80432c79 4255 if (length == 16)
wolfSSL 4:1b0d80432c79 4256 aes->type = AES_128;
wolfSSL 4:1b0d80432c79 4257 else if (length == 24)
wolfSSL 4:1b0d80432c79 4258 aes->type = AES_192;
wolfSSL 4:1b0d80432c79 4259 else if (length == 32)
wolfSSL 4:1b0d80432c79 4260 aes->type = AES_256;
wolfSSL 4:1b0d80432c79 4261
wolfSSL 4:1b0d80432c79 4262 return wc_AesSetIV(aes, iv);
wolfSSL 4:1b0d80432c79 4263 }
wolfSSL 4:1b0d80432c79 4264
wolfSSL 4:1b0d80432c79 4265 #ifdef HAVE_AES_CBC
wolfSSL 4:1b0d80432c79 4266 static int wc_AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in,
wolfSSL 4:1b0d80432c79 4267 word32 length)
wolfSSL 4:1b0d80432c79 4268 {
wolfSSL 4:1b0d80432c79 4269 wolfssl_word offset = 0;
wolfSSL 4:1b0d80432c79 4270 word32 requestId;
wolfSSL 4:1b0d80432c79 4271
wolfSSL 4:1b0d80432c79 4272 while (length > WOLFSSL_MAX_16BIT) {
wolfSSL 4:1b0d80432c79 4273 word16 slen = (word16)WOLFSSL_MAX_16BIT;
wolfSSL 4:1b0d80432c79 4274 if (CspEncryptAes(CAVIUM_BLOCKING, aes->contextHandle, CAVIUM_NO_UPDATE,
wolfSSL 4:1b0d80432c79 4275 aes->type, slen, (byte*)in + offset, out + offset,
wolfSSL 4:1b0d80432c79 4276 (byte*)aes->reg, (byte*)aes->key, &requestId,
wolfSSL 4:1b0d80432c79 4277 aes->devId) != 0) {
wolfSSL 4:1b0d80432c79 4278 WOLFSSL_MSG("Bad Cavium Aes Encrypt");
wolfSSL 4:1b0d80432c79 4279 return -1;
wolfSSL 4:1b0d80432c79 4280 }
wolfSSL 4:1b0d80432c79 4281 length -= WOLFSSL_MAX_16BIT;
wolfSSL 4:1b0d80432c79 4282 offset += WOLFSSL_MAX_16BIT;
wolfSSL 4:1b0d80432c79 4283 XMEMCPY(aes->reg, out + offset - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 4284 }
wolfSSL 4:1b0d80432c79 4285 if (length) {
wolfSSL 4:1b0d80432c79 4286 word16 slen = (word16)length;
wolfSSL 4:1b0d80432c79 4287 if (CspEncryptAes(CAVIUM_BLOCKING, aes->contextHandle, CAVIUM_NO_UPDATE,
wolfSSL 4:1b0d80432c79 4288 aes->type, slen, (byte*)in + offset, out + offset,
wolfSSL 4:1b0d80432c79 4289 (byte*)aes->reg, (byte*)aes->key, &requestId,
wolfSSL 4:1b0d80432c79 4290 aes->devId) != 0) {
wolfSSL 4:1b0d80432c79 4291 WOLFSSL_MSG("Bad Cavium Aes Encrypt");
wolfSSL 4:1b0d80432c79 4292 return -1;
wolfSSL 4:1b0d80432c79 4293 }
wolfSSL 4:1b0d80432c79 4294 XMEMCPY(aes->reg, out + offset+length - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 4295 }
wolfSSL 4:1b0d80432c79 4296 return 0;
wolfSSL 4:1b0d80432c79 4297 }
wolfSSL 4:1b0d80432c79 4298
wolfSSL 4:1b0d80432c79 4299 #ifdef HAVE_AES_DECRYPT
wolfSSL 4:1b0d80432c79 4300 static int wc_AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in,
wolfSSL 4:1b0d80432c79 4301 word32 length)
wolfSSL 4:1b0d80432c79 4302 {
wolfSSL 4:1b0d80432c79 4303 word32 requestId;
wolfSSL 4:1b0d80432c79 4304 wolfssl_word offset = 0;
wolfSSL 4:1b0d80432c79 4305
wolfSSL 4:1b0d80432c79 4306 while (length > WOLFSSL_MAX_16BIT) {
wolfSSL 4:1b0d80432c79 4307 word16 slen = (word16)WOLFSSL_MAX_16BIT;
wolfSSL 4:1b0d80432c79 4308 XMEMCPY(aes->tmp, in + offset + slen - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 4309 if (CspDecryptAes(CAVIUM_BLOCKING, aes->contextHandle, CAVIUM_NO_UPDATE,
wolfSSL 4:1b0d80432c79 4310 aes->type, slen, (byte*)in + offset, out + offset,
wolfSSL 4:1b0d80432c79 4311 (byte*)aes->reg, (byte*)aes->key, &requestId,
wolfSSL 4:1b0d80432c79 4312 aes->devId) != 0) {
wolfSSL 4:1b0d80432c79 4313 WOLFSSL_MSG("Bad Cavium Aes Decrypt");
wolfSSL 4:1b0d80432c79 4314 return -1;
wolfSSL 4:1b0d80432c79 4315 }
wolfSSL 4:1b0d80432c79 4316 length -= WOLFSSL_MAX_16BIT;
wolfSSL 4:1b0d80432c79 4317 offset += WOLFSSL_MAX_16BIT;
wolfSSL 4:1b0d80432c79 4318 XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 4319 }
wolfSSL 4:1b0d80432c79 4320 if (length) {
wolfSSL 4:1b0d80432c79 4321 word16 slen = (word16)length;
wolfSSL 4:1b0d80432c79 4322 XMEMCPY(aes->tmp, in + offset + slen - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 4323 if (CspDecryptAes(CAVIUM_BLOCKING, aes->contextHandle, CAVIUM_NO_UPDATE,
wolfSSL 4:1b0d80432c79 4324 aes->type, slen, (byte*)in + offset, out + offset,
wolfSSL 4:1b0d80432c79 4325 (byte*)aes->reg, (byte*)aes->key, &requestId,
wolfSSL 4:1b0d80432c79 4326 aes->devId) != 0) {
wolfSSL 4:1b0d80432c79 4327 WOLFSSL_MSG("Bad Cavium Aes Decrypt");
wolfSSL 4:1b0d80432c79 4328 return -1;
wolfSSL 4:1b0d80432c79 4329 }
wolfSSL 4:1b0d80432c79 4330 XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
wolfSSL 4:1b0d80432c79 4331 }
wolfSSL 4:1b0d80432c79 4332 return 0;
wolfSSL 4:1b0d80432c79 4333 }
wolfSSL 4:1b0d80432c79 4334 #endif /* HAVE_AES_DECRYPT */
wolfSSL 4:1b0d80432c79 4335 #endif /* HAVE_AES_CBC */
wolfSSL 4:1b0d80432c79 4336
wolfSSL 4:1b0d80432c79 4337 #endif /* HAVE_CAVIUM */
wolfSSL 4:1b0d80432c79 4338
wolfSSL 4:1b0d80432c79 4339 #endif /* WOLFSSL_TI_CRYPT */
wolfSSL 4:1b0d80432c79 4340
wolfSSL 4:1b0d80432c79 4341 #endif /* HAVE_FIPS */
wolfSSL 4:1b0d80432c79 4342
wolfSSL 4:1b0d80432c79 4343 #endif /* NO_AES */
wolfSSL 4:1b0d80432c79 4344