Mercurial > dropbear

comparison libtomcrypt/src/ciphers/aes/aes.c @ 1471:6dba84798cd5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to libtomcrypt 1.18.1, merged with Dropbear changes
author Matt Johnston <matt@ucc.asn.au>
date Fri, 09 Feb 2018 21:44:05 +0800
parents f849a5ca2efc
children bf9c06b8dad9
comparison
equal deleted inserted replaced
1470:8bba51a55704 1471:6dba84798cd5
3 * LibTomCrypt is a library that provides various cryptographic 3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner. 4 * algorithms in a highly modular and flexible manner.
5 * 5 *
6 * The library is free for all purposes without any express 6 * The library is free for all purposes without any express
7 * guarantee it works. 7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtom.org
10 */ 8 */
11 9
12 /* AES implementation by Tom St Denis 10 /* AES implementation by Tom St Denis
13 * 11 *
14 * Derived from the Public Domain source code by 12 * Derived from the Public Domain source code by
48 { 46 {
49 "rijndael", 47 "rijndael",
50 6, 48 6,
51 16, 32, 16, 10, 49 16, 32, 16, 10,
52 SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS, 50 SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS,
53 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL 51 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
54 }; 52 };
55 #endif 53 #endif
56 54
57 const struct ltc_cipher_descriptor aes_desc = 55 const struct ltc_cipher_descriptor aes_desc =
58 { 56 {
59 "aes", 57 "aes",
60 6, 58 6,
61 16, 32, 16, 10, 59 16, 32, 16, 10,
62 SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS, 60 SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS,
63 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL 61 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
64 }; 62 };
65 63
66 #else 64 #else
67 65
68 #define SETUP rijndael_enc_setup 66 #define SETUP rijndael_enc_setup
74 { 72 {
75 "rijndael", 73 "rijndael",
76 6, 74 6,
77 16, 32, 16, 10, 75 16, 32, 16, 10,
78 SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS, 76 SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS,
79 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL 77 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
80 }; 78 };
81 79
82 const struct ltc_cipher_descriptor aes_enc_desc = 80 const struct ltc_cipher_descriptor aes_enc_desc =
83 { 81 {
84 "aes", 82 "aes",
85 6, 83 6,
86 16, 32, 16, 10, 84 16, 32, 16, 10,
87 SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS, 85 SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS,
88 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL 86 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
89 }; 87 };
90 88
91 #endif 89 #endif
92 90
91 #define __LTC_AES_TAB_C__
93 #include "aes_tab.c" 92 #include "aes_tab.c"
94 93
95 static ulong32 setup_mix(ulong32 temp) 94 static ulong32 setup_mix(ulong32 temp)
96 { 95 {
97 return (Te4_3[byte(temp, 2)]) ^ 96 return (Te4_3[byte(temp, 2)]) ^
147 LOAD32H(rk[0], key ); 146 LOAD32H(rk[0], key );
148 LOAD32H(rk[1], key + 4); 147 LOAD32H(rk[1], key + 4);
149 LOAD32H(rk[2], key + 8); 148 LOAD32H(rk[2], key + 8);
150 LOAD32H(rk[3], key + 12); 149 LOAD32H(rk[3], key + 12);
151 if (keylen == 16) { 150 if (keylen == 16) {
152 #ifndef ENCRYPT_ONLY
153 j = 44;
154 #endif
155 for (;;) { 151 for (;;) {
156 temp = rk[3]; 152 temp = rk[3];
157 rk[4] = rk[0] ^ setup_mix(temp) ^ rcon[i]; 153 rk[4] = rk[0] ^ setup_mix(temp) ^ rcon[i];
158 rk[5] = rk[1] ^ rk[4]; 154 rk[5] = rk[1] ^ rk[4];
159 rk[6] = rk[2] ^ rk[5]; 155 rk[6] = rk[2] ^ rk[5];
162 break; 158 break;
163 } 159 }
164 rk += 4; 160 rk += 4;
165 } 161 }
166 } else if (keylen == 24) { 162 } else if (keylen == 24) {
167 #ifndef ENCRYPT_ONLY
168 j = 52;
169 #endif
170 LOAD32H(rk[4], key + 16); 163 LOAD32H(rk[4], key + 16);
171 LOAD32H(rk[5], key + 20); 164 LOAD32H(rk[5], key + 20);
172 for (;;) { 165 for (;;) {
173 #ifdef _MSC_VER 166 #ifdef _MSC_VER
174 temp = skey->rijndael.eK[rk - skey->rijndael.eK + 5]; 167 temp = skey->rijndael.eK[rk - skey->rijndael.eK + 5];
185 rk[10] = rk[ 4] ^ rk[ 9]; 178 rk[10] = rk[ 4] ^ rk[ 9];
186 rk[11] = rk[ 5] ^ rk[10]; 179 rk[11] = rk[ 5] ^ rk[10];
187 rk += 6; 180 rk += 6;
188 } 181 }
189 } else if (keylen == 32) { 182 } else if (keylen == 32) {
190 #ifndef ENCRYPT_ONLY
191 j = 60;
192 #endif
193 LOAD32H(rk[4], key + 16); 183 LOAD32H(rk[4], key + 16);
194 LOAD32H(rk[5], key + 20); 184 LOAD32H(rk[5], key + 20);
195 LOAD32H(rk[6], key + 24); 185 LOAD32H(rk[6], key + 24);
196 LOAD32H(rk[7], key + 28); 186 LOAD32H(rk[7], key + 28);
197 for (;;) { 187 for (;;) {
214 rk[15] = rk[ 7] ^ rk[14]; 204 rk[15] = rk[ 7] ^ rk[14];
215 rk += 8; 205 rk += 8;
216 } 206 }
217 } else { 207 } else {
218 /* this can't happen */ 208 /* this can't happen */
209 /* coverity[dead_error_line] */
219 return CRYPT_ERROR; 210 return CRYPT_ERROR;
220 } 211 }
221 212
222 #ifndef ENCRYPT_ONLY 213 #ifndef ENCRYPT_ONLY
223 /* setup the inverse key now */ 214 /* setup the inverse key now */
224 rk = skey->rijndael.dK; 215 rk = skey->rijndael.dK;
225 rrk = skey->rijndael.eK + j - 4; 216 rrk = skey->rijndael.eK + (28 + keylen) - 4;
226 217
227 /* apply the inverse MixColumn transform to all round keys but the first and the last: */ 218 /* apply the inverse MixColumn transform to all round keys but the first and the last: */
228 /* copy first */ 219 /* copy first */
229 *rk++ = *rrk++; 220 *rk++ = *rrk++;
230 *rk++ = *rrk++; 221 *rk++ = *rrk++;
695 return err; 686 return err;
696 } 687 }
697 688
698 rijndael_ecb_encrypt(tests[i].pt, tmp[0], &key); 689 rijndael_ecb_encrypt(tests[i].pt, tmp[0], &key);
699 rijndael_ecb_decrypt(tmp[0], tmp[1], &key); 690 rijndael_ecb_decrypt(tmp[0], tmp[1], &key);
700 if (XMEMCMP(tmp[0], tests[i].ct, 16) || XMEMCMP(tmp[1], tests[i].pt, 16)) { 691 if (compare_testvector(tmp[0], 16, tests[i].ct, 16, "AES Encrypt", i) ||
701 #if 0 692 compare_testvector(tmp[1], 16, tests[i].pt, 16, "AES Decrypt", i)) {
702 printf("\n\nTest %d failed\n", i);
703 if (XMEMCMP(tmp[0], tests[i].ct, 16)) {
704 printf("CT: ");
705 for (i = 0; i < 16; i++) {
706 printf("%02x ", tmp[0][i]);
707 }
708 printf("\n");
709 } else {
710 printf("PT: ");
711 for (i = 0; i < 16; i++) {
712 printf("%02x ", tmp[1][i]);
713 }
714 printf("\n");
715 }
716 #endif
717 return CRYPT_FAIL_TESTVECTOR; 693 return CRYPT_FAIL_TESTVECTOR;
718 } 694 }
719 695
720 /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */ 696 /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */
721 for (y = 0; y < 16; y++) tmp[0][y] = 0; 697 for (y = 0; y < 16; y++) tmp[0][y] = 0;
733 /** Terminate the context 709 /** Terminate the context
734 @param skey The scheduled key 710 @param skey The scheduled key
735 */ 711 */
736 void ECB_DONE(symmetric_key *skey) 712 void ECB_DONE(symmetric_key *skey)
737 { 713 {
738 (void)skey; 714 LTC_UNUSED_PARAM(skey);
739 } 715 }
740 716
741 717
742 /** 718 /**
743 Gets suitable key size 719 Gets suitable key size
763 } 739 }
764 740
765 #endif 741 #endif
766 742
767 743
768 /* $Source$ */ 744 /* ref: $Format:%D$ */
769 /* $Revision$ */ 745 /* git commit: $Format:%H$ */
770 /* $Date$ */ 746 /* commit time: $Format:%ai$ */