search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Initial import of truecrypt cracking project.
[delutions.git] / tc / crypto / AesSmall.c
blob696f3576345d3174749faad3c7237bbc31b888e4
1 /*
2 ---------------------------------------------------------------------------
3 Copyright (c) 1998-2006, Brian Gladman, Worcester, UK. All rights reserved.
4
5 LICENSE TERMS
6
7 The free distribution and use of this software is allowed (with or without
8 changes) provided that:
9
10 1. source code distributions include the above copyright notice, this
11 list of conditions and the following disclaimer;
12
13 2. binary distributions include the above copyright notice, this list
14 of conditions and the following disclaimer in their documentation;
15
16 3. the name of the copyright holder is not used to endorse products
17 built using this software without specific written permission.
18
19 DISCLAIMER
20
21 This software is provided 'as is' with no explicit or implied warranties
22 in respect of its properties, including, but not limited to, correctness
23 and/or fitness for purpose.
24 ---------------------------------------------------------------------------
25 Issue 09/09/2006
26
27 This is an AES implementation that uses only 8-bit byte operations on the
28 cipher state (there are options to use 32-bit types if available).
29
30 The combination of mix columns and byte substitution used here is based on
31 that developed by Karl Malbrain. His contribution is acknowledged.
32 */
33
34 /* Adapted by TrueCrypt Foundation:
35 - Macro-generated tables were replaced with static data to enable compiling
36 with MSVC++ 1.5 which runs out of resources when expanding large macros.
37 */
38
39 #pragma optimize ("t", on)
40
41 /* define if you have a fast memcpy function on your system */
42 #if 1
43 # define HAVE_MEMCPY
44 # include <string.h>
45 # if defined( _MSC_VER )
46 # ifndef DEBUG
47 # pragma intrinsic( memcpy )
48 # endif
49 # endif
50 #endif
51
52 /* define if you have fast 32-bit types on your system */
53 #if 1
54 # define HAVE_UINT_32T
55 #endif
56
57 /* alternative versions (test for performance on your system) */
58 #if 0
59 # define VERSION_1
60 #endif
61
62 #include "AesSmall.h"
63
64 #define WPOLY 0x011b
65 #define DPOLY 0x008d
66 #define f1(x) (x)
67 #define f2(x) ((x<<1) ^ (((x>>7) & 1) * WPOLY))
68 #define f4(x) ((x<<2) ^ (((x>>6) & 1) * WPOLY) ^ (((x>>6) & 2) * WPOLY))
69 #define f8(x) ((x<<3) ^ (((x>>5) & 1) * WPOLY) ^ (((x>>5) & 2) * WPOLY) \
70 ^ (((x>>5) & 4) * WPOLY))
71 #define d2(x) (((x) >> 1) ^ ((x) & 1 ? DPOLY : 0))
72
73 #define f3(x) (f2(x) ^ x)
74 #define f9(x) (f8(x) ^ x)
75 #define fb(x) (f8(x) ^ f2(x) ^ x)
76 #define fd(x) (f8(x) ^ f4(x) ^ x)
77 #define fe(x) (f8(x) ^ f4(x) ^ f2(x))
78
79 static const uint_8t s_box[256] = {
80 0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5,
81 0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76,
82 0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0,
83 0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0,
84 0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc,
85 0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15,
86 0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a,
87 0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75,
88 0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0,
89 0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84,
90 0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b,
91 0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf,
92 0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85,
93 0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8,
94 0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5,
95 0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2,
96 0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17,
97 0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73,
98 0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88,
99 0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb,
100 0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c,
101 0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79,
102 0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9,
103 0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08,
104 0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6,
105 0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a,
106 0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e,
107 0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e,
108 0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94,
109 0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf,
110 0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68,
111 0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
112 };
113
114 static const uint_8t inv_s_box[256] = {
115 0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
116 0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
117 0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
118 0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
119 0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
120 0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
121 0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
122 0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
123 0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
124 0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
125 0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
126 0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
127 0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
128 0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
129 0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
130 0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
131 0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
132 0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
133 0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
134 0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
135 0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
136 0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
137 0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
138 0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
139 0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
140 0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
141 0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
142 0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
143 0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
144 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
145 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
146 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
147 };
148
149 static const uint_8t gfm2_s_box[256] = {
150 0xc6,0xf8,0xee,0xf6,0xff,0xd6,0xde,0x91,
151 0x60,0x02,0xce,0x56,0xe7,0xb5,0x4d,0xec,
152 0x8f,0x1f,0x89,0xfa,0xef,0xb2,0x8e,0xfb,
153 0x41,0xb3,0x5f,0x45,0x23,0x53,0xe4,0x9b,
154 0x75,0xe1,0x3d,0x4c,0x6c,0x7e,0xf5,0x83,
155 0x68,0x51,0xd1,0xf9,0xe2,0xab,0x62,0x2a,
156 0x08,0x95,0x46,0x9d,0x30,0x37,0x0a,0x2f,
157 0x0e,0x24,0x1b,0xdf,0xcd,0x4e,0x7f,0xea,
158 0x12,0x1d,0x58,0x34,0x36,0xdc,0xb4,0x5b,
159 0xa4,0x76,0xb7,0x7d,0x52,0xdd,0x5e,0x13,
160 0xa6,0xb9,0x00,0xc1,0x40,0xe3,0x79,0xb6,
161 0xd4,0x8d,0x67,0x72,0x94,0x98,0xb0,0x85,
162 0xbb,0xc5,0x4f,0xed,0x86,0x9a,0x66,0x11,
163 0x8a,0xe9,0x04,0xfe,0xa0,0x78,0x25,0x4b,
164 0xa2,0x5d,0x80,0x05,0x3f,0x21,0x70,0xf1,
165 0x63,0x77,0xaf,0x42,0x20,0xe5,0xfd,0xbf,
166 0x81,0x18,0x26,0xc3,0xbe,0x35,0x88,0x2e,
167 0x93,0x55,0xfc,0x7a,0xc8,0xba,0x32,0xe6,
168 0xc0,0x19,0x9e,0xa3,0x44,0x54,0x3b,0x0b,
169 0x8c,0xc7,0x6b,0x28,0xa7,0xbc,0x16,0xad,
170 0xdb,0x64,0x74,0x14,0x92,0x0c,0x48,0xb8,
171 0x9f,0xbd,0x43,0xc4,0x39,0x31,0xd3,0xf2,
172 0xd5,0x8b,0x6e,0xda,0x01,0xb1,0x9c,0x49,
173 0xd8,0xac,0xf3,0xcf,0xca,0xf4,0x47,0x10,
174 0x6f,0xf0,0x4a,0x5c,0x38,0x57,0x73,0x97,
175 0xcb,0xa1,0xe8,0x3e,0x96,0x61,0x0d,0x0f,
176 0xe0,0x7c,0x71,0xcc,0x90,0x06,0xf7,0x1c,
177 0xc2,0x6a,0xae,0x69,0x17,0x99,0x3a,0x27,
178 0xd9,0xeb,0x2b,0x22,0xd2,0xa9,0x07,0x33,
179 0x2d,0x3c,0x15,0xc9,0x87,0xaa,0x50,0xa5,
180 0x03,0x59,0x09,0x1a,0x65,0xd7,0x84,0xd0,
181 0x82,0x29,0x5a,0x1e,0x7b,0xa8,0x6d,0x2c
182 };
183
184 static const uint_8t gfm3_s_box[256] = {
185 0xa5,0x84,0x99,0x8d,0x0d,0xbd,0xb1,0x54,
186 0x50,0x03,0xa9,0x7d,0x19,0x62,0xe6,0x9a,
187 0x45,0x9d,0x40,0x87,0x15,0xeb,0xc9,0x0b,
188 0xec,0x67,0xfd,0xea,0xbf,0xf7,0x96,0x5b,
189 0xc2,0x1c,0xae,0x6a,0x5a,0x41,0x02,0x4f,
190 0x5c,0xf4,0x34,0x08,0x93,0x73,0x53,0x3f,
191 0x0c,0x52,0x65,0x5e,0x28,0xa1,0x0f,0xb5,
192 0x09,0x36,0x9b,0x3d,0x26,0x69,0xcd,0x9f,
193 0x1b,0x9e,0x74,0x2e,0x2d,0xb2,0xee,0xfb,
194 0xf6,0x4d,0x61,0xce,0x7b,0x3e,0x71,0x97,
195 0xf5,0x68,0x00,0x2c,0x60,0x1f,0xc8,0xed,
196 0xbe,0x46,0xd9,0x4b,0xde,0xd4,0xe8,0x4a,
197 0x6b,0x2a,0xe5,0x16,0xc5,0xd7,0x55,0x94,
198 0xcf,0x10,0x06,0x81,0xf0,0x44,0xba,0xe3,
199 0xf3,0xfe,0xc0,0x8a,0xad,0xbc,0x48,0x04,
200 0xdf,0xc1,0x75,0x63,0x30,0x1a,0x0e,0x6d,
201 0x4c,0x14,0x35,0x2f,0xe1,0xa2,0xcc,0x39,
202 0x57,0xf2,0x82,0x47,0xac,0xe7,0x2b,0x95,
203 0xa0,0x98,0xd1,0x7f,0x66,0x7e,0xab,0x83,
204 0xca,0x29,0xd3,0x3c,0x79,0xe2,0x1d,0x76,
205 0x3b,0x56,0x4e,0x1e,0xdb,0x0a,0x6c,0xe4,
206 0x5d,0x6e,0xef,0xa6,0xa8,0xa4,0x37,0x8b,
207 0x32,0x43,0x59,0xb7,0x8c,0x64,0xd2,0xe0,
208 0xb4,0xfa,0x07,0x25,0xaf,0x8e,0xe9,0x18,
209 0xd5,0x88,0x6f,0x72,0x24,0xf1,0xc7,0x51,
210 0x23,0x7c,0x9c,0x21,0xdd,0xdc,0x86,0x85,
211 0x90,0x42,0xc4,0xaa,0xd8,0x05,0x01,0x12,
212 0xa3,0x5f,0xf9,0xd0,0x91,0x58,0x27,0xb9,
213 0x38,0x13,0xb3,0x33,0xbb,0x70,0x89,0xa7,
214 0xb6,0x22,0x92,0x20,0x49,0xff,0x78,0x7a,
215 0x8f,0xf8,0x80,0x17,0xda,0x31,0xc6,0xb8,
216 0xc3,0xb0,0x77,0x11,0xcb,0xfc,0xd6,0x3a
217 };
218
219 static const uint_8t gfmul_9[256] = {
220 0x00,0x09,0x12,0x1b,0x24,0x2d,0x36,0x3f,
221 0x48,0x41,0x5a,0x53,0x6c,0x65,0x7e,0x77,
222 0x90,0x99,0x82,0x8b,0xb4,0xbd,0xa6,0xaf,
223 0xd8,0xd1,0xca,0xc3,0xfc,0xf5,0xee,0xe7,
224 0x3b,0x32,0x29,0x20,0x1f,0x16,0x0d,0x04,
225 0x73,0x7a,0x61,0x68,0x57,0x5e,0x45,0x4c,
226 0xab,0xa2,0xb9,0xb0,0x8f,0x86,0x9d,0x94,
227 0xe3,0xea,0xf1,0xf8,0xc7,0xce,0xd5,0xdc,
228 0x76,0x7f,0x64,0x6d,0x52,0x5b,0x40,0x49,
229 0x3e,0x37,0x2c,0x25,0x1a,0x13,0x08,0x01,
230 0xe6,0xef,0xf4,0xfd,0xc2,0xcb,0xd0,0xd9,
231 0xae,0xa7,0xbc,0xb5,0x8a,0x83,0x98,0x91,
232 0x4d,0x44,0x5f,0x56,0x69,0x60,0x7b,0x72,
233 0x05,0x0c,0x17,0x1e,0x21,0x28,0x33,0x3a,
234 0xdd,0xd4,0xcf,0xc6,0xf9,0xf0,0xeb,0xe2,
235 0x95,0x9c,0x87,0x8e,0xb1,0xb8,0xa3,0xaa,
236 0xec,0xe5,0xfe,0xf7,0xc8,0xc1,0xda,0xd3,
237 0xa4,0xad,0xb6,0xbf,0x80,0x89,0x92,0x9b,
238 0x7c,0x75,0x6e,0x67,0x58,0x51,0x4a,0x43,
239 0x34,0x3d,0x26,0x2f,0x10,0x19,0x02,0x0b,
240 0xd7,0xde,0xc5,0xcc,0xf3,0xfa,0xe1,0xe8,
241 0x9f,0x96,0x8d,0x84,0xbb,0xb2,0xa9,0xa0,
242 0x47,0x4e,0x55,0x5c,0x63,0x6a,0x71,0x78,
243 0x0f,0x06,0x1d,0x14,0x2b,0x22,0x39,0x30,
244 0x9a,0x93,0x88,0x81,0xbe,0xb7,0xac,0xa5,
245 0xd2,0xdb,0xc0,0xc9,0xf6,0xff,0xe4,0xed,
246 0x0a,0x03,0x18,0x11,0x2e,0x27,0x3c,0x35,
247 0x42,0x4b,0x50,0x59,0x66,0x6f,0x74,0x7d,
248 0xa1,0xa8,0xb3,0xba,0x85,0x8c,0x97,0x9e,
249 0xe9,0xe0,0xfb,0xf2,0xcd,0xc4,0xdf,0xd6,
250 0x31,0x38,0x23,0x2a,0x15,0x1c,0x07,0x0e,
251 0x79,0x70,0x6b,0x62,0x5d,0x54,0x4f,0x46
252 };
253
254 static const uint_8t gfmul_b[256] = {
255 0x00,0x0b,0x16,0x1d,0x2c,0x27,0x3a,0x31,
256 0x58,0x53,0x4e,0x45,0x74,0x7f,0x62,0x69,
257 0xb0,0xbb,0xa6,0xad,0x9c,0x97,0x8a,0x81,
258 0xe8,0xe3,0xfe,0xf5,0xc4,0xcf,0xd2,0xd9,
259 0x7b,0x70,0x6d,0x66,0x57,0x5c,0x41,0x4a,
260 0x23,0x28,0x35,0x3e,0x0f,0x04,0x19,0x12,
261 0xcb,0xc0,0xdd,0xd6,0xe7,0xec,0xf1,0xfa,
262 0x93,0x98,0x85,0x8e,0xbf,0xb4,0xa9,0xa2,
263 0xf6,0xfd,0xe0,0xeb,0xda,0xd1,0xcc,0xc7,
264 0xae,0xa5,0xb8,0xb3,0x82,0x89,0x94,0x9f,
265 0x46,0x4d,0x50,0x5b,0x6a,0x61,0x7c,0x77,
266 0x1e,0x15,0x08,0x03,0x32,0x39,0x24,0x2f,
267 0x8d,0x86,0x9b,0x90,0xa1,0xaa,0xb7,0xbc,
268 0xd5,0xde,0xc3,0xc8,0xf9,0xf2,0xef,0xe4,
269 0x3d,0x36,0x2b,0x20,0x11,0x1a,0x07,0x0c,
270 0x65,0x6e,0x73,0x78,0x49,0x42,0x5f,0x54,
271 0xf7,0xfc,0xe1,0xea,0xdb,0xd0,0xcd,0xc6,
272 0xaf,0xa4,0xb9,0xb2,0x83,0x88,0x95,0x9e,
273 0x47,0x4c,0x51,0x5a,0x6b,0x60,0x7d,0x76,
274 0x1f,0x14,0x09,0x02,0x33,0x38,0x25,0x2e,
275 0x8c,0x87,0x9a,0x91,0xa0,0xab,0xb6,0xbd,
276 0xd4,0xdf,0xc2,0xc9,0xf8,0xf3,0xee,0xe5,
277 0x3c,0x37,0x2a,0x21,0x10,0x1b,0x06,0x0d,
278 0x64,0x6f,0x72,0x79,0x48,0x43,0x5e,0x55,
279 0x01,0x0a,0x17,0x1c,0x2d,0x26,0x3b,0x30,
280 0x59,0x52,0x4f,0x44,0x75,0x7e,0x63,0x68,
281 0xb1,0xba,0xa7,0xac,0x9d,0x96,0x8b,0x80,
282 0xe9,0xe2,0xff,0xf4,0xc5,0xce,0xd3,0xd8,
283 0x7a,0x71,0x6c,0x67,0x56,0x5d,0x40,0x4b,
284 0x22,0x29,0x34,0x3f,0x0e,0x05,0x18,0x13,
285 0xca,0xc1,0xdc,0xd7,0xe6,0xed,0xf0,0xfb,
286 0x92,0x99,0x84,0x8f,0xbe,0xb5,0xa8,0xa3
287 };
288
289 static const uint_8t gfmul_d[256] = {
290 0x00,0x0d,0x1a,0x17,0x34,0x39,0x2e,0x23,
291 0x68,0x65,0x72,0x7f,0x5c,0x51,0x46,0x4b,
292 0xd0,0xdd,0xca,0xc7,0xe4,0xe9,0xfe,0xf3,
293 0xb8,0xb5,0xa2,0xaf,0x8c,0x81,0x96,0x9b,
294 0xbb,0xb6,0xa1,0xac,0x8f,0x82,0x95,0x98,
295 0xd3,0xde,0xc9,0xc4,0xe7,0xea,0xfd,0xf0,
296 0x6b,0x66,0x71,0x7c,0x5f,0x52,0x45,0x48,
297 0x03,0x0e,0x19,0x14,0x37,0x3a,0x2d,0x20,
298 0x6d,0x60,0x77,0x7a,0x59,0x54,0x43,0x4e,
299 0x05,0x08,0x1f,0x12,0x31,0x3c,0x2b,0x26,
300 0xbd,0xb0,0xa7,0xaa,0x89,0x84,0x93,0x9e,
301 0xd5,0xd8,0xcf,0xc2,0xe1,0xec,0xfb,0xf6,
302 0xd6,0xdb,0xcc,0xc1,0xe2,0xef,0xf8,0xf5,
303 0xbe,0xb3,0xa4,0xa9,0x8a,0x87,0x90,0x9d,
304 0x06,0x0b,0x1c,0x11,0x32,0x3f,0x28,0x25,
305 0x6e,0x63,0x74,0x79,0x5a,0x57,0x40,0x4d,
306 0xda,0xd7,0xc0,0xcd,0xee,0xe3,0xf4,0xf9,
307 0xb2,0xbf,0xa8,0xa5,0x86,0x8b,0x9c,0x91,
308 0x0a,0x07,0x10,0x1d,0x3e,0x33,0x24,0x29,
309 0x62,0x6f,0x78,0x75,0x56,0x5b,0x4c,0x41,
310 0x61,0x6c,0x7b,0x76,0x55,0x58,0x4f,0x42,
311 0x09,0x04,0x13,0x1e,0x3d,0x30,0x27,0x2a,
312 0xb1,0xbc,0xab,0xa6,0x85,0x88,0x9f,0x92,
313 0xd9,0xd4,0xc3,0xce,0xed,0xe0,0xf7,0xfa,
314 0xb7,0xba,0xad,0xa0,0x83,0x8e,0x99,0x94,
315 0xdf,0xd2,0xc5,0xc8,0xeb,0xe6,0xf1,0xfc,
316 0x67,0x6a,0x7d,0x70,0x53,0x5e,0x49,0x44,
317 0x0f,0x02,0x15,0x18,0x3b,0x36,0x21,0x2c,
318 0x0c,0x01,0x16,0x1b,0x38,0x35,0x22,0x2f,
319 0x64,0x69,0x7e,0x73,0x50,0x5d,0x4a,0x47,
320 0xdc,0xd1,0xc6,0xcb,0xe8,0xe5,0xf2,0xff,
321 0xb4,0xb9,0xae,0xa3,0x80,0x8d,0x9a,0x97
322 };
323
324 static const uint_8t gfmul_e[256] = {
325 0x00,0x0e,0x1c,0x12,0x38,0x36,0x24,0x2a,
326 0x70,0x7e,0x6c,0x62,0x48,0x46,0x54,0x5a,
327 0xe0,0xee,0xfc,0xf2,0xd8,0xd6,0xc4,0xca,
328 0x90,0x9e,0x8c,0x82,0xa8,0xa6,0xb4,0xba,
329 0xdb,0xd5,0xc7,0xc9,0xe3,0xed,0xff,0xf1,
330 0xab,0xa5,0xb7,0xb9,0x93,0x9d,0x8f,0x81,
331 0x3b,0x35,0x27,0x29,0x03,0x0d,0x1f,0x11,
332 0x4b,0x45,0x57,0x59,0x73,0x7d,0x6f,0x61,
333 0xad,0xa3,0xb1,0xbf,0x95,0x9b,0x89,0x87,
334 0xdd,0xd3,0xc1,0xcf,0xe5,0xeb,0xf9,0xf7,
335 0x4d,0x43,0x51,0x5f,0x75,0x7b,0x69,0x67,
336 0x3d,0x33,0x21,0x2f,0x05,0x0b,0x19,0x17,
337 0x76,0x78,0x6a,0x64,0x4e,0x40,0x52,0x5c,
338 0x06,0x08,0x1a,0x14,0x3e,0x30,0x22,0x2c,
339 0x96,0x98,0x8a,0x84,0xae,0xa0,0xb2,0xbc,
340 0xe6,0xe8,0xfa,0xf4,0xde,0xd0,0xc2,0xcc,
341 0x41,0x4f,0x5d,0x53,0x79,0x77,0x65,0x6b,
342 0x31,0x3f,0x2d,0x23,0x09,0x07,0x15,0x1b,
343 0xa1,0xaf,0xbd,0xb3,0x99,0x97,0x85,0x8b,
344 0xd1,0xdf,0xcd,0xc3,0xe9,0xe7,0xf5,0xfb,
345 0x9a,0x94,0x86,0x88,0xa2,0xac,0xbe,0xb0,
346 0xea,0xe4,0xf6,0xf8,0xd2,0xdc,0xce,0xc0,
347 0x7a,0x74,0x66,0x68,0x42,0x4c,0x5e,0x50,
348 0x0a,0x04,0x16,0x18,0x32,0x3c,0x2e,0x20,
349 0xec,0xe2,0xf0,0xfe,0xd4,0xda,0xc8,0xc6,
350 0x9c,0x92,0x80,0x8e,0xa4,0xaa,0xb8,0xb6,
351 0x0c,0x02,0x10,0x1e,0x34,0x3a,0x28,0x26,
352 0x7c,0x72,0x60,0x6e,0x44,0x4a,0x58,0x56,
353 0x37,0x39,0x2b,0x25,0x0f,0x01,0x13,0x1d,
354 0x47,0x49,0x5b,0x55,0x7f,0x71,0x63,0x6d,
355 0xd7,0xd9,0xcb,0xc5,0xef,0xe1,0xf3,0xfd,
356 0xa7,0xa9,0xbb,0xb5,0x9f,0x91,0x83,0x8d
357 };
358
359 #if defined( HAVE_UINT_32T )
360 typedef unsigned long uint_32t;
361 #endif
362
363 #if defined( HAVE_MEMCPY )
364 # define block_copy(d, s, l) memcpy(d, s, l)
365 # define block16_copy(d, s) memcpy(d, s, N_BLOCK)
366 #else
367 # define block_copy(d, s, l) copy_block(d, s, l)
368 # define block16_copy(d, s) copy_block16(d, s)
369 #endif
370
371 /* block size 'nn' must be a multiple of four */
372
373 static void copy_block16( void *d, const void *s )
374 {
375 #if defined( HAVE_UINT_32T )
376 ((uint_32t*)d)[ 0] = ((uint_32t*)s)[ 0];
377 ((uint_32t*)d)[ 1] = ((uint_32t*)s)[ 1];
378 ((uint_32t*)d)[ 2] = ((uint_32t*)s)[ 2];
379 ((uint_32t*)d)[ 3] = ((uint_32t*)s)[ 3];
380 #else
381 ((uint_8t*)d)[ 0] = ((uint_8t*)s)[ 0];
382 ((uint_8t*)d)[ 1] = ((uint_8t*)s)[ 1];
383 ((uint_8t*)d)[ 2] = ((uint_8t*)s)[ 2];
384 ((uint_8t*)d)[ 3] = ((uint_8t*)s)[ 3];
385 ((uint_8t*)d)[ 4] = ((uint_8t*)s)[ 4];
386 ((uint_8t*)d)[ 5] = ((uint_8t*)s)[ 5];
387 ((uint_8t*)d)[ 6] = ((uint_8t*)s)[ 6];
388 ((uint_8t*)d)[ 7] = ((uint_8t*)s)[ 7];
389 ((uint_8t*)d)[ 8] = ((uint_8t*)s)[ 8];
390 ((uint_8t*)d)[ 9] = ((uint_8t*)s)[ 9];
391 ((uint_8t*)d)[10] = ((uint_8t*)s)[10];
392 ((uint_8t*)d)[11] = ((uint_8t*)s)[11];
393 ((uint_8t*)d)[12] = ((uint_8t*)s)[12];
394 ((uint_8t*)d)[13] = ((uint_8t*)s)[13];
395 ((uint_8t*)d)[14] = ((uint_8t*)s)[14];
396 ((uint_8t*)d)[15] = ((uint_8t*)s)[15];
397 #endif
398 }
399
400 static void copy_block( void * d, void *s, uint_8t nn )
401 {
402 while( nn-- )
403 *((uint_8t*)d)++ = *((uint_8t*)s)++;
404 }
405
406 static void xor_block( void *d, const void *s )
407 {
408 #if defined( HAVE_UINT_32T )
409 ((uint_32t*)d)[ 0] ^= ((uint_32t*)s)[ 0];
410 ((uint_32t*)d)[ 1] ^= ((uint_32t*)s)[ 1];
411 ((uint_32t*)d)[ 2] ^= ((uint_32t*)s)[ 2];
412 ((uint_32t*)d)[ 3] ^= ((uint_32t*)s)[ 3];
413 #else
414 ((uint_8t*)d)[ 0] ^= ((uint_8t*)s)[ 0];
415 ((uint_8t*)d)[ 1] ^= ((uint_8t*)s)[ 1];
416 ((uint_8t*)d)[ 2] ^= ((uint_8t*)s)[ 2];
417 ((uint_8t*)d)[ 3] ^= ((uint_8t*)s)[ 3];
418 ((uint_8t*)d)[ 4] ^= ((uint_8t*)s)[ 4];
419 ((uint_8t*)d)[ 5] ^= ((uint_8t*)s)[ 5];
420 ((uint_8t*)d)[ 6] ^= ((uint_8t*)s)[ 6];
421 ((uint_8t*)d)[ 7] ^= ((uint_8t*)s)[ 7];
422 ((uint_8t*)d)[ 8] ^= ((uint_8t*)s)[ 8];
423 ((uint_8t*)d)[ 9] ^= ((uint_8t*)s)[ 9];
424 ((uint_8t*)d)[10] ^= ((uint_8t*)s)[10];
425 ((uint_8t*)d)[11] ^= ((uint_8t*)s)[11];
426 ((uint_8t*)d)[12] ^= ((uint_8t*)s)[12];
427 ((uint_8t*)d)[13] ^= ((uint_8t*)s)[13];
428 ((uint_8t*)d)[14] ^= ((uint_8t*)s)[14];
429 ((uint_8t*)d)[15] ^= ((uint_8t*)s)[15];
430 #endif
431 }
432
433 static void copy_and_key( void *d, const void *s, const void *k )
434 {
435 #if defined( HAVE_UINT_32T )
436 ((uint_32t*)d)[ 0] = ((uint_32t*)s)[ 0] ^ ((uint_32t*)k)[ 0];
437 ((uint_32t*)d)[ 1] = ((uint_32t*)s)[ 1] ^ ((uint_32t*)k)[ 1];
438 ((uint_32t*)d)[ 2] = ((uint_32t*)s)[ 2] ^ ((uint_32t*)k)[ 2];
439 ((uint_32t*)d)[ 3] = ((uint_32t*)s)[ 3] ^ ((uint_32t*)k)[ 3];
440 #elif 1
441 ((uint_8t*)d)[ 0] = ((uint_8t*)s)[ 0] ^ ((uint_8t*)k)[ 0];
442 ((uint_8t*)d)[ 1] = ((uint_8t*)s)[ 1] ^ ((uint_8t*)k)[ 1];
443 ((uint_8t*)d)[ 2] = ((uint_8t*)s)[ 2] ^ ((uint_8t*)k)[ 2];
444 ((uint_8t*)d)[ 3] = ((uint_8t*)s)[ 3] ^ ((uint_8t*)k)[ 3];
445 ((uint_8t*)d)[ 4] = ((uint_8t*)s)[ 4] ^ ((uint_8t*)k)[ 4];
446 ((uint_8t*)d)[ 5] = ((uint_8t*)s)[ 5] ^ ((uint_8t*)k)[ 5];
447 ((uint_8t*)d)[ 6] = ((uint_8t*)s)[ 6] ^ ((uint_8t*)k)[ 6];
448 ((uint_8t*)d)[ 7] = ((uint_8t*)s)[ 7] ^ ((uint_8t*)k)[ 7];
449 ((uint_8t*)d)[ 8] = ((uint_8t*)s)[ 8] ^ ((uint_8t*)k)[ 8];
450 ((uint_8t*)d)[ 9] = ((uint_8t*)s)[ 9] ^ ((uint_8t*)k)[ 9];
451 ((uint_8t*)d)[10] = ((uint_8t*)s)[10] ^ ((uint_8t*)k)[10];
452 ((uint_8t*)d)[11] = ((uint_8t*)s)[11] ^ ((uint_8t*)k)[11];
453 ((uint_8t*)d)[12] = ((uint_8t*)s)[12] ^ ((uint_8t*)k)[12];
454 ((uint_8t*)d)[13] = ((uint_8t*)s)[13] ^ ((uint_8t*)k)[13];
455 ((uint_8t*)d)[14] = ((uint_8t*)s)[14] ^ ((uint_8t*)k)[14];
456 ((uint_8t*)d)[15] = ((uint_8t*)s)[15] ^ ((uint_8t*)k)[15];
457 #else
458 block16_copy(d, s);
459 xor_block(d, k);
460 #endif
461 }
462
463 static void add_round_key( uint_8t d[N_BLOCK], const uint_8t k[N_BLOCK] )
464 {
465 xor_block(d, k);
466 }
467
468 static void shift_sub_rows( uint_8t st[N_BLOCK] )
469 { uint_8t tt;
470
471 st[ 0] = s_box[st[ 0]]; st[ 4] = s_box[st[ 4]];
472 st[ 8] = s_box[st[ 8]]; st[12] = s_box[st[12]];
473
474 tt = st[1]; st[ 1] = s_box[st[ 5]]; st[ 5] = s_box[st[ 9]];
475 st[ 9] = s_box[st[13]]; st[13] = s_box[ tt ];
476
477 tt = st[2]; st[ 2] = s_box[st[10]]; st[10] = s_box[ tt ];
478 tt = st[6]; st[ 6] = s_box[st[14]]; st[14] = s_box[ tt ];
479
480 tt = st[15]; st[15] = s_box[st[11]]; st[11] = s_box[st[ 7]];
481 st[ 7] = s_box[st[ 3]]; st[ 3] = s_box[ tt ];
482 }
483
484 static void inv_shift_sub_rows( uint_8t st[N_BLOCK] )
485 { uint_8t tt;
486
487 st[ 0] = inv_s_box[st[ 0]]; st[ 4] = inv_s_box[st[ 4]];
488 st[ 8] = inv_s_box[st[ 8]]; st[12] = inv_s_box[st[12]];
489
490 tt = st[13]; st[13] = inv_s_box[st[9]]; st[ 9] = inv_s_box[st[5]];
491 st[ 5] = inv_s_box[st[1]]; st[ 1] = inv_s_box[ tt ];
492
493 tt = st[2]; st[ 2] = inv_s_box[st[10]]; st[10] = inv_s_box[ tt ];
494 tt = st[6]; st[ 6] = inv_s_box[st[14]]; st[14] = inv_s_box[ tt ];
495
496 tt = st[3]; st[ 3] = inv_s_box[st[ 7]]; st[ 7] = inv_s_box[st[11]];
497 st[11] = inv_s_box[st[15]]; st[15] = inv_s_box[ tt ];
498 }
499
500 #if defined( VERSION_1 )
501 static void mix_sub_columns( uint_8t dt[N_BLOCK] )
502 { uint_8t st[N_BLOCK];
503 block16_copy(st, dt);
504 #else
505 static void mix_sub_columns( uint_8t dt[N_BLOCK], uint_8t st[N_BLOCK] )
506 {
507 #endif
508 dt[ 0] = gfm2_s_box[st[0]] ^ gfm3_s_box[st[5]] ^ s_box[st[10]] ^ s_box[st[15]];
509 dt[ 1] = s_box[st[0]] ^ gfm2_s_box[st[5]] ^ gfm3_s_box[st[10]] ^ s_box[st[15]];
510 dt[ 2] = s_box[st[0]] ^ s_box[st[5]] ^ gfm2_s_box[st[10]] ^ gfm3_s_box[st[15]];
511 dt[ 3] = gfm3_s_box[st[0]] ^ s_box[st[5]] ^ s_box[st[10]] ^ gfm2_s_box[st[15]];
512
513 dt[ 4] = gfm2_s_box[st[4]] ^ gfm3_s_box[st[9]] ^ s_box[st[14]] ^ s_box[st[3]];
514 dt[ 5] = s_box[st[4]] ^ gfm2_s_box[st[9]] ^ gfm3_s_box[st[14]] ^ s_box[st[3]];
515 dt[ 6] = s_box[st[4]] ^ s_box[st[9]] ^ gfm2_s_box[st[14]] ^ gfm3_s_box[st[3]];
516 dt[ 7] = gfm3_s_box[st[4]] ^ s_box[st[9]] ^ s_box[st[14]] ^ gfm2_s_box[st[3]];
517
518 dt[ 8] = gfm2_s_box[st[8]] ^ gfm3_s_box[st[13]] ^ s_box[st[2]] ^ s_box[st[7]];
519 dt[ 9] = s_box[st[8]] ^ gfm2_s_box[st[13]] ^ gfm3_s_box[st[2]] ^ s_box[st[7]];
520 dt[10] = s_box[st[8]] ^ s_box[st[13]] ^ gfm2_s_box[st[2]] ^ gfm3_s_box[st[7]];
521 dt[11] = gfm3_s_box[st[8]] ^ s_box[st[13]] ^ s_box[st[2]] ^ gfm2_s_box[st[7]];
522
523 dt[12] = gfm2_s_box[st[12]] ^ gfm3_s_box[st[1]] ^ s_box[st[6]] ^ s_box[st[11]];
524 dt[13] = s_box[st[12]] ^ gfm2_s_box[st[1]] ^ gfm3_s_box[st[6]] ^ s_box[st[11]];
525 dt[14] = s_box[st[12]] ^ s_box[st[1]] ^ gfm2_s_box[st[6]] ^ gfm3_s_box[st[11]];
526 dt[15] = gfm3_s_box[st[12]] ^ s_box[st[1]] ^ s_box[st[6]] ^ gfm2_s_box[st[11]];
527 }
528
529 #if defined( VERSION_1 )
530 static void inv_mix_sub_columns( uint_8t dt[N_BLOCK] )
531 { uint_8t st[N_BLOCK];
532 block16_copy(st, dt);
533 #else
534 static void inv_mix_sub_columns( uint_8t dt[N_BLOCK], uint_8t st[N_BLOCK] )
535 {
536 #endif
537 dt[ 0] = inv_s_box[gfmul_e[st[ 0]] ^ gfmul_b[st[ 1]] ^ gfmul_d[st[ 2]] ^ gfmul_9[st[ 3]]];
538 dt[ 5] = inv_s_box[gfmul_9[st[ 0]] ^ gfmul_e[st[ 1]] ^ gfmul_b[st[ 2]] ^ gfmul_d[st[ 3]]];
539 dt[10] = inv_s_box[gfmul_d[st[ 0]] ^ gfmul_9[st[ 1]] ^ gfmul_e[st[ 2]] ^ gfmul_b[st[ 3]]];
540 dt[15] = inv_s_box[gfmul_b[st[ 0]] ^ gfmul_d[st[ 1]] ^ gfmul_9[st[ 2]] ^ gfmul_e[st[ 3]]];
541
542 dt[ 4] = inv_s_box[gfmul_e[st[ 4]] ^ gfmul_b[st[ 5]] ^ gfmul_d[st[ 6]] ^ gfmul_9[st[ 7]]];
543 dt[ 9] = inv_s_box[gfmul_9[st[ 4]] ^ gfmul_e[st[ 5]] ^ gfmul_b[st[ 6]] ^ gfmul_d[st[ 7]]];
544 dt[14] = inv_s_box[gfmul_d[st[ 4]] ^ gfmul_9[st[ 5]] ^ gfmul_e[st[ 6]] ^ gfmul_b[st[ 7]]];
545 dt[ 3] = inv_s_box[gfmul_b[st[ 4]] ^ gfmul_d[st[ 5]] ^ gfmul_9[st[ 6]] ^ gfmul_e[st[ 7]]];
546
547 dt[ 8] = inv_s_box[gfmul_e[st[ 8]] ^ gfmul_b[st[ 9]] ^ gfmul_d[st[10]] ^ gfmul_9[st[11]]];
548 dt[13] = inv_s_box[gfmul_9[st[ 8]] ^ gfmul_e[st[ 9]] ^ gfmul_b[st[10]] ^ gfmul_d[st[11]]];
549 dt[ 2] = inv_s_box[gfmul_d[st[ 8]] ^ gfmul_9[st[ 9]] ^ gfmul_e[st[10]] ^ gfmul_b[st[11]]];
550 dt[ 7] = inv_s_box[gfmul_b[st[ 8]] ^ gfmul_d[st[ 9]] ^ gfmul_9[st[10]] ^ gfmul_e[st[11]]];
551
552 dt[12] = inv_s_box[gfmul_e[st[12]] ^ gfmul_b[st[13]] ^ gfmul_d[st[14]] ^ gfmul_9[st[15]]];
553 dt[ 1] = inv_s_box[gfmul_9[st[12]] ^ gfmul_e[st[13]] ^ gfmul_b[st[14]] ^ gfmul_d[st[15]]];
554 dt[ 6] = inv_s_box[gfmul_d[st[12]] ^ gfmul_9[st[13]] ^ gfmul_e[st[14]] ^ gfmul_b[st[15]]];
555 dt[11] = inv_s_box[gfmul_b[st[12]] ^ gfmul_d[st[13]] ^ gfmul_9[st[14]] ^ gfmul_e[st[15]]];
556 }
557
558 #if defined( AES_ENC_PREKEYED ) || defined( AES_DEC_PREKEYED )
559
560 /* Set the cipher key for the pre-keyed version */
561
562 return_type aes_set_key( const unsigned char key[], length_type keylen, aes_context ctx[1] )
563 {
564 uint_8t cc, rc, hi;
565
566 switch( keylen )
567 {
568 case 16:
569 case 128:
570 keylen = 16;
571 break;
572 case 24:
573 case 192:
574 keylen = 24;
575 break;
576 case 32:
577 case 256:
578 keylen = 32;
579 break;
580 default:
581 ctx->rnd = 0;
582 return -1;
583 }
584 block_copy(ctx->ksch, key, keylen);
585 hi = (keylen + 28) << 2;
586 ctx->rnd = (hi >> 4) - 1;
587 for( cc = keylen, rc = 1; cc < hi; cc += 4 )
588 { uint_8t tt, t0, t1, t2, t3;
589
590 t0 = ctx->ksch[cc - 4];
591 t1 = ctx->ksch[cc - 3];
592 t2 = ctx->ksch[cc - 2];
593 t3 = ctx->ksch[cc - 1];
594 if( cc % keylen == 0 )
595 {
596 tt = t0;
597 t0 = s_box[t1] ^ rc;
598 t1 = s_box[t2];
599 t2 = s_box[t3];
600 t3 = s_box[tt];
601 rc = f2(rc);
602 }
603 else if( keylen > 24 && cc % keylen == 16 )
604 {
605 t0 = s_box[t0];
606 t1 = s_box[t1];
607 t2 = s_box[t2];
608 t3 = s_box[t3];
609 }
610 tt = cc - keylen;
611 ctx->ksch[cc + 0] = ctx->ksch[tt + 0] ^ t0;
612 ctx->ksch[cc + 1] = ctx->ksch[tt + 1] ^ t1;
613 ctx->ksch[cc + 2] = ctx->ksch[tt + 2] ^ t2;
614 ctx->ksch[cc + 3] = ctx->ksch[tt + 3] ^ t3;
615 }
616 return 0;
617 }
618
619 #endif
620
621 #if defined( AES_ENC_PREKEYED )
622
623 /* Encrypt a single block of 16 bytes */
624
625 return_type aes_encrypt( const unsigned char in[N_BLOCK], unsigned char out[N_BLOCK], const aes_context ctx[1] )
626 {
627 if( ctx->rnd )
628 {
629 uint_8t s1[N_BLOCK], r;
630 copy_and_key( s1, in, ctx->ksch );
631
632 for( r = 1 ; r < ctx->rnd ; ++r )
633 #if defined( VERSION_1 )
634 {
635 mix_sub_columns( s1 );
636 add_round_key( s1, ctx->ksch + r * N_BLOCK);
637 }
638 #else
639 { uint_8t s2[N_BLOCK];
640 mix_sub_columns( s2, s1 );
641 copy_and_key( s1, s2, ctx->ksch + r * N_BLOCK);
642 }
643 #endif
644 shift_sub_rows( s1 );
645 copy_and_key( out, s1, ctx->ksch + r * N_BLOCK );
646 }
647 else
648 return -1;
649 return 0;
650 }
651
652 #endif
653
654 #if defined( AES_DEC_PREKEYED )
655
656 /* Decrypt a single block of 16 bytes */
657
658 return_type aes_decrypt( const unsigned char in[N_BLOCK], unsigned char out[N_BLOCK], const aes_context ctx[1] )
659 {
660 if( ctx->rnd )
661 {
662 uint_8t s1[N_BLOCK], r;
663 copy_and_key( s1, in, ctx->ksch + ctx->rnd * N_BLOCK );
664 inv_shift_sub_rows( s1 );
665
666 for( r = ctx->rnd ; --r ; )
667 #if defined( VERSION_1 )
668 {
669 add_round_key( s1, ctx->ksch + r * N_BLOCK );
670 inv_mix_sub_columns( s1 );
671 }
672 #else
673 { uint_8t s2[N_BLOCK];
674 copy_and_key( s2, s1, ctx->ksch + r * N_BLOCK );
675 inv_mix_sub_columns( s1, s2 );
676 }
677 #endif
678 copy_and_key( out, s1, ctx->ksch );
679 }
680 else
681 return -1;
682 return 0;
683 }
684
685 #endif
686
687 #if defined( AES_ENC_128_OTFK )
688
689 /* The 'on the fly' encryption key update for for 128 bit keys */
690
691 static void update_encrypt_key_128( uint_8t k[N_BLOCK], uint_8t *rc )
692 { uint_8t cc;
693
694 k[0] ^= s_box[k[13]] ^ *rc;
695 k[1] ^= s_box[k[14]];
696 k[2] ^= s_box[k[15]];
697 k[3] ^= s_box[k[12]];
698 *rc = f2( *rc );
699
700 for(cc = 4; cc < 16; cc += 4 )
701 {
702 k[cc + 0] ^= k[cc - 4];
703 k[cc + 1] ^= k[cc - 3];
704 k[cc + 2] ^= k[cc - 2];
705 k[cc + 3] ^= k[cc - 1];
706 }
707 }
708
709 /* Encrypt a single block of 16 bytes with 'on the fly' 128 bit keying */
710
711 void aes_encrypt_128( const unsigned char in[N_BLOCK], unsigned char out[N_BLOCK],
712 const unsigned char key[N_BLOCK], unsigned char o_key[N_BLOCK] )
713 { uint_8t s1[N_BLOCK], r, rc = 1;
714
715 if(o_key != key)
716 block16_copy( o_key, key );
717 copy_and_key( s1, in, o_key );
718
719 for( r = 1 ; r < 10 ; ++r )
720 #if defined( VERSION_1 )
721 {
722 mix_sub_columns( s1 );
723 update_encrypt_key_128( o_key, &rc );
724 add_round_key( s1, o_key );
725 }
726 #else
727 { uint_8t s2[N_BLOCK];
728 mix_sub_columns( s2, s1 );
729 update_encrypt_key_128( o_key, &rc );
730 copy_and_key( s1, s2, o_key );
731 }
732 #endif
733
734 shift_sub_rows( s1 );
735 update_encrypt_key_128( o_key, &rc );
736 copy_and_key( out, s1, o_key );
737 }
738
739 #endif
740
741 #if defined( AES_DEC_128_OTFK )
742
743 /* The 'on the fly' decryption key update for for 128 bit keys */
744
745 static void update_decrypt_key_128( uint_8t k[N_BLOCK], uint_8t *rc )
746 { uint_8t cc;
747
748 for( cc = 12; cc > 0; cc -= 4 )
749 {
750 k[cc + 0] ^= k[cc - 4];
751 k[cc + 1] ^= k[cc - 3];
752 k[cc + 2] ^= k[cc - 2];
753 k[cc + 3] ^= k[cc - 1];
754 }
755 *rc = d2(*rc);
756 k[0] ^= s_box[k[13]] ^ *rc;
757 k[1] ^= s_box[k[14]];
758 k[2] ^= s_box[k[15]];
759 k[3] ^= s_box[k[12]];
760 }
761
762 /* Decrypt a single block of 16 bytes with 'on the fly' 128 bit keying */
763
764 void aes_decrypt_128( const unsigned char in[N_BLOCK], unsigned char out[N_BLOCK],
765 const unsigned char key[N_BLOCK], unsigned char o_key[N_BLOCK] )
766 {
767 uint_8t s1[N_BLOCK], r, rc = 0x6c;
768 if(o_key != key)
769 block16_copy( o_key, key );
770
771 copy_and_key( s1, in, o_key );
772 inv_shift_sub_rows( s1 );
773
774 for( r = 10 ; --r ; )
775 #if defined( VERSION_1 )
776 {
777 update_decrypt_key_128( o_key, &rc );
778 add_round_key( s1, o_key );
779 inv_mix_sub_columns( s1 );
780 }
781 #else
782 { uint_8t s2[N_BLOCK];
783 update_decrypt_key_128( o_key, &rc );
784 copy_and_key( s2, s1, o_key );
785 inv_mix_sub_columns( s1, s2 );
786 }
787 #endif
788 update_decrypt_key_128( o_key, &rc );
789 copy_and_key( out, s1, o_key );
790 }
791
792 #endif
793
794 #if defined( AES_ENC_256_OTFK )
795
796 /* The 'on the fly' encryption key update for for 256 bit keys */
797
798 static void update_encrypt_key_256( uint_8t k[2 * N_BLOCK], uint_8t *rc )
799 { uint_8t cc;
800
801 k[0] ^= s_box[k[29]] ^ *rc;
802 k[1] ^= s_box[k[30]];
803 k[2] ^= s_box[k[31]];
804 k[3] ^= s_box[k[28]];
805 *rc = f2( *rc );
806
807 for(cc = 4; cc < 16; cc += 4)
808 {
809 k[cc + 0] ^= k[cc - 4];
810 k[cc + 1] ^= k[cc - 3];
811 k[cc + 2] ^= k[cc - 2];
812 k[cc + 3] ^= k[cc - 1];
813 }
814
815 k[16] ^= s_box[k[12]];
816 k[17] ^= s_box[k[13]];
817 k[18] ^= s_box[k[14]];
818 k[19] ^= s_box[k[15]];
819
820 for( cc = 20; cc < 32; cc += 4 )
821 {
822 k[cc + 0] ^= k[cc - 4];
823 k[cc + 1] ^= k[cc - 3];
824 k[cc + 2] ^= k[cc - 2];
825 k[cc + 3] ^= k[cc - 1];
826 }
827 }
828
829 /* Encrypt a single block of 16 bytes with 'on the fly' 256 bit keying */
830
831 void aes_encrypt_256( const unsigned char in[N_BLOCK], unsigned char out[N_BLOCK],
832 const unsigned char key[2 * N_BLOCK], unsigned char o_key[2 * N_BLOCK] )
833 {
834 uint_8t s1[N_BLOCK], r, rc = 1;
835 if(o_key != key)
836 {
837 block16_copy( o_key, key );
838 block16_copy( o_key + 16, key + 16 );
839 }
840 copy_and_key( s1, in, o_key );
841
842 for( r = 1 ; r < 14 ; ++r )
843 #if defined( VERSION_1 )
844 {
845 mix_sub_columns(s1);
846 if( r & 1 )
847 add_round_key( s1, o_key + 16 );
848 else
849 {
850 update_encrypt_key_256( o_key, &rc );
851 add_round_key( s1, o_key );
852 }
853 }
854 #else
855 { uint_8t s2[N_BLOCK];
856 mix_sub_columns( s2, s1 );
857 if( r & 1 )
858 copy_and_key( s1, s2, o_key + 16 );
859 else
860 {
861 update_encrypt_key_256( o_key, &rc );
862 copy_and_key( s1, s2, o_key );
863 }
864 }
865 #endif
866
867 shift_sub_rows( s1 );
868 update_encrypt_key_256( o_key, &rc );
869 copy_and_key( out, s1, o_key );
870 }
871
872 #endif
873
874 #if defined( AES_DEC_256_OTFK )
875
876 /* The 'on the fly' encryption key update for for 256 bit keys */
877
878 static void update_decrypt_key_256( uint_8t k[2 * N_BLOCK], uint_8t *rc )
879 { uint_8t cc;
880
881 for(cc = 28; cc > 16; cc -= 4)
882 {
883 k[cc + 0] ^= k[cc - 4];
884 k[cc + 1] ^= k[cc - 3];
885 k[cc + 2] ^= k[cc - 2];
886 k[cc + 3] ^= k[cc - 1];
887 }
888
889 k[16] ^= s_box[k[12]];
890 k[17] ^= s_box[k[13]];
891 k[18] ^= s_box[k[14]];
892 k[19] ^= s_box[k[15]];
893
894 for(cc = 12; cc > 0; cc -= 4)
895 {
896 k[cc + 0] ^= k[cc - 4];
897 k[cc + 1] ^= k[cc - 3];
898 k[cc + 2] ^= k[cc - 2];
899 k[cc + 3] ^= k[cc - 1];
900 }
901
902 *rc = d2(*rc);
903 k[0] ^= s_box[k[29]] ^ *rc;
904 k[1] ^= s_box[k[30]];
905 k[2] ^= s_box[k[31]];
906 k[3] ^= s_box[k[28]];
907 }
908
909 /* Decrypt a single block of 16 bytes with 'on the fly'
910 256 bit keying
911 */
912 void aes_decrypt_256( const unsigned char in[N_BLOCK], unsigned char out[N_BLOCK],
913 const unsigned char key[2 * N_BLOCK], unsigned char o_key[2 * N_BLOCK] )
914 {
915 uint_8t s1[N_BLOCK], r, rc = 0x80;
916
917 if(o_key != key)
918 {
919 block16_copy( o_key, key );
920 block16_copy( o_key + 16, key + 16 );
921 }
922
923 copy_and_key( s1, in, o_key );
924 inv_shift_sub_rows( s1 );
925
926 for( r = 14 ; --r ; )
927 #if defined( VERSION_1 )
928 {
929 if( ( r & 1 ) )
930 {
931 update_decrypt_key_256( o_key, &rc );
932 add_round_key( s1, o_key + 16 );
933 }
934 else
935 add_round_key( s1, o_key );
936 inv_mix_sub_columns( s1 );
937 }
938 #else
939 { uint_8t s2[N_BLOCK];
940 if( ( r & 1 ) )
941 {
942 update_decrypt_key_256( o_key, &rc );
943 copy_and_key( s2, s1, o_key + 16 );
944 }
945 else
946 copy_and_key( s2, s1, o_key );
947 inv_mix_sub_columns( s1, s2 );
948 }
949 #endif
950 copy_and_key( out, s1, o_key );
951 }
952
953 #endif
Various Bits of Code