Mercurial > dropbear
diff aes.c @ 15:6362d3854bb4 libtomcrypt-orig
0.96 release of LibTomCrypt
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 15 Jun 2004 14:07:21 +0000 |
| parents | 7faae8f46238 |
| children | 5d99163f7e32 |
line wrap: on
line diff
--- a/aes.c Mon May 31 18:25:41 2004 +0000 +++ b/aes.c Tue Jun 15 14:07:21 2004 +0000 @@ -30,16 +30,20 @@ #ifdef RIJNDAEL +#ifndef ENCRYPT_ONLY + +#define SETUP rijndael_setup +#define ECB_ENC rijndael_ecb_encrypt +#define ECB_DEC rijndael_ecb_decrypt +#define ECB_TEST rijndael_test +#define ECB_KS rijndael_keysize + const struct _cipher_descriptor rijndael_desc = { "rijndael", 6, 16, 32, 16, 10, - &rijndael_setup, - &rijndael_ecb_encrypt, - &rijndael_ecb_decrypt, - &rijndael_test, - &rijndael_keysize + SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_KS }; const struct _cipher_descriptor aes_desc = @@ -47,21 +51,63 @@ "aes", 6, 16, 32, 16, 10, - &rijndael_setup, - &rijndael_ecb_encrypt, - &rijndael_ecb_decrypt, - &rijndael_test, - &rijndael_keysize + SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_KS }; +#else + +#define SETUP rijndael_enc_setup +#define ECB_ENC rijndael_enc_ecb_encrypt +#define ECB_KS rijndael_enc_keysize + +const struct _cipher_descriptor rijndael_enc_desc = +{ + "rijndael", + 6, + 16, 32, 16, 10, + SETUP, ECB_ENC, NULL, NULL, ECB_KS +}; + +const struct _cipher_descriptor aes_enc_desc = +{ + "aes", + 6, + 16, 32, 16, 10, + SETUP, ECB_ENC, NULL, NULL, ECB_KS +}; + +#endif + #include "aes_tab.c" -int rijndael_setup(const unsigned char *key, int keylen, int rounds, symmetric_key *skey) +static ulong32 setup_mix(ulong32 temp) +{ + return (Te4_3[byte(temp, 2)]) ^ + (Te4_2[byte(temp, 1)]) ^ + (Te4_1[byte(temp, 0)]) ^ + (Te4_0[byte(temp, 3)]); +} + +#ifndef ENCRYPT_ONLY + +static ulong32 setup_mix2(ulong32 temp) +{ + return Td0(255 & Te4[byte(temp, 3)]) ^ + Td1(255 & Te4[byte(temp, 2)]) ^ + Td2(255 & Te4[byte(temp, 1)]) ^ + Td3(255 & Te4[byte(temp, 0)]); +} + +#endif + +int SETUP(const unsigned char *key, int keylen, int rounds, symmetric_key *skey) { int i, j; - ulong32 temp, *rk, *rrk; - - _ARGCHK(key != NULL); + ulong32 temp, *rk; +#ifndef ENCRYPT_ONLY + ulong32 *rrk; +#endif + _ARGCHK(key != NULL); _ARGCHK(skey != NULL); if (keylen != 16 && keylen != 24 && keylen != 32) { @@ -85,12 +131,7 @@ j = 44; for (;;) { temp = rk[3]; - rk[4] = rk[0] ^ - (Te4_3[byte(temp, 2)]) ^ - (Te4_2[byte(temp, 1)]) ^ - (Te4_1[byte(temp, 0)]) ^ - (Te4_0[byte(temp, 3)]) ^ - rcon[i]; + rk[4] = rk[0] ^ setup_mix(temp) ^ rcon[i]; rk[5] = rk[1] ^ rk[4]; rk[6] = rk[2] ^ rk[5]; rk[7] = rk[3] ^ rk[6]; @@ -109,12 +150,7 @@ #else temp = rk[5]; #endif - rk[ 6] = rk[ 0] ^ - (Te4_3[byte(temp, 2)]) ^ - (Te4_2[byte(temp, 1)]) ^ - (Te4_1[byte(temp, 0)]) ^ - (Te4_0[byte(temp, 3)]) ^ - rcon[i]; + rk[ 6] = rk[ 0] ^ setup_mix(temp) ^ rcon[i]; rk[ 7] = rk[ 1] ^ rk[ 6]; rk[ 8] = rk[ 2] ^ rk[ 7]; rk[ 9] = rk[ 3] ^ rk[ 8]; @@ -137,12 +173,7 @@ #else temp = rk[7]; #endif - rk[ 8] = rk[ 0] ^ - (Te4_3[byte(temp, 2)]) ^ - (Te4_2[byte(temp, 1)]) ^ - (Te4_1[byte(temp, 0)]) ^ - (Te4_0[byte(temp, 3)]) ^ - rcon[i]; + rk[ 8] = rk[ 0] ^ setup_mix(temp) ^ rcon[i]; rk[ 9] = rk[ 1] ^ rk[ 8]; rk[10] = rk[ 2] ^ rk[ 9]; rk[11] = rk[ 3] ^ rk[10]; @@ -150,11 +181,7 @@ break; } temp = rk[11]; - rk[12] = rk[ 4] ^ - (Te4_3[byte(temp, 3)]) ^ - (Te4_2[byte(temp, 2)]) ^ - (Te4_1[byte(temp, 1)]) ^ - (Te4_0[byte(temp, 0)]); + rk[12] = rk[ 4] ^ setup_mix(ROR(temp, 8)); rk[13] = rk[ 5] ^ rk[12]; rk[14] = rk[ 6] ^ rk[13]; rk[15] = rk[ 7] ^ rk[14]; @@ -164,7 +191,8 @@ /* this can't happen */ j = 4; } - + +#ifndef ENCRYPT_ONLY /* setup the inverse key now */ rk = skey->rijndael.dK; rrk = skey->rijndael.eK + j - 4; @@ -182,29 +210,13 @@ rk += 4; #ifdef SMALL_CODE temp = rrk[0]; - rk[0] = - Td0(255 & Te4[byte(temp, 3)]) ^ - Td1(255 & Te4[byte(temp, 2)]) ^ - Td2(255 & Te4[byte(temp, 1)]) ^ - Td3(255 & Te4[byte(temp, 0)]); + rk[0] = setup_mix2(temp); temp = rrk[1]; - rk[1] = - Td0(255 & Te4[byte(temp, 3)]) ^ - Td1(255 & Te4[byte(temp, 2)]) ^ - Td2(255 & Te4[byte(temp, 1)]) ^ - Td3(255 & Te4[byte(temp, 0)]); + rk[1] = setup_mix2(temp); temp = rrk[2]; - rk[2] = - Td0(255 & Te4[byte(temp, 3)]) ^ - Td1(255 & Te4[byte(temp, 2)]) ^ - Td2(255 & Te4[byte(temp, 1)]) ^ - Td3(255 & Te4[byte(temp, 0)]); + rk[2] = setup_mix2(temp); temp = rrk[3]; - rk[3] = - Td0(255 & Te4[byte(temp, 3)]) ^ - Td1(255 & Te4[byte(temp, 2)]) ^ - Td2(255 & Te4[byte(temp, 1)]) ^ - Td3(255 & Te4[byte(temp, 0)]); + rk[3] = setup_mix2(temp); #else temp = rrk[0]; rk[0] = @@ -241,6 +253,7 @@ *rk++ = *rrk++; *rk++ = *rrk++; *rk = *rrk; +#endif /* ENCRYPT_ONLY */ return CRYPT_OK; } @@ -248,7 +261,7 @@ #ifdef CLEAN_STACK static void _rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) #else -void rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) +void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) #endif { ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk; @@ -270,6 +283,44 @@ LOAD32H(s2, pt + 8); s2 ^= rk[2]; LOAD32H(s3, pt + 12); s3 ^= rk[3]; + +#ifdef SMALL_CODE + + for (r = 0; ; r++) { + rk += 4; + t0 = + Te0(byte(s0, 3)) ^ + Te1(byte(s1, 2)) ^ + Te2(byte(s2, 1)) ^ + Te3(byte(s3, 0)) ^ + rk[0]; + t1 = + Te0(byte(s1, 3)) ^ + Te1(byte(s2, 2)) ^ + Te2(byte(s3, 1)) ^ + Te3(byte(s0, 0)) ^ + rk[1]; + t2 = + Te0(byte(s2, 3)) ^ + Te1(byte(s3, 2)) ^ + Te2(byte(s0, 1)) ^ + Te3(byte(s1, 0)) ^ + rk[2]; + t3 = + Te0(byte(s3, 3)) ^ + Te1(byte(s0, 2)) ^ + Te2(byte(s1, 1)) ^ + Te3(byte(s2, 0)) ^ + rk[3]; + if (r == Nr-2) { + break; + } + s0 = t0; s1 = t1; s2 = t2; s3 = t3; + } + rk += 4; + +#else + /* * Nr - 1 full rounds: */ @@ -330,52 +381,57 @@ Te3(byte(t2, 0)) ^ rk[3]; } + +#endif + /* * apply last round and * map cipher state to byte array block: */ s0 = - (Te4_3[(t0 >> 24) ]) ^ - (Te4_2[(t1 >> 16) & 0xff]) ^ - (Te4_1[(t2 >> 8) & 0xff]) ^ - (Te4_0[(t3 ) & 0xff]) ^ + (Te4_3[byte(t0, 3)]) ^ + (Te4_2[byte(t1, 2)]) ^ + (Te4_1[byte(t2, 1)]) ^ + (Te4_0[byte(t3, 0)]) ^ rk[0]; STORE32H(s0, ct); s1 = - (Te4_3[(t1 >> 24) ]) ^ - (Te4_2[(t2 >> 16) & 0xff]) ^ - (Te4_1[(t3 >> 8) & 0xff]) ^ - (Te4_0[(t0 ) & 0xff]) ^ + (Te4_3[byte(t1, 3)]) ^ + (Te4_2[byte(t2, 2)]) ^ + (Te4_1[byte(t3, 1)]) ^ + (Te4_0[byte(t0, 0)]) ^ rk[1]; STORE32H(s1, ct+4); s2 = - (Te4_3[(t2 >> 24) ]) ^ - (Te4_2[(t3 >> 16) & 0xff]) ^ - (Te4_1[(t0 >> 8) & 0xff]) ^ - (Te4_0[(t1 ) & 0xff]) ^ + (Te4_3[byte(t2, 3)]) ^ + (Te4_2[byte(t3, 2)]) ^ + (Te4_1[byte(t0, 1)]) ^ + (Te4_0[byte(t1, 0)]) ^ rk[2]; STORE32H(s2, ct+8); s3 = - (Te4_3[(t3 >> 24) ]) ^ - (Te4_2[(t0 >> 16) & 0xff]) ^ - (Te4_1[(t1 >> 8) & 0xff]) ^ - (Te4_0[(t2 ) & 0xff]) ^ + (Te4_3[byte(t3, 3)]) ^ + (Te4_2[byte(t0, 2)]) ^ + (Te4_1[byte(t1, 1)]) ^ + (Te4_0[byte(t2, 0)]) ^ rk[3]; STORE32H(s3, ct+12); } #ifdef CLEAN_STACK -void rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) +void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) { _rijndael_ecb_encrypt(pt, ct, skey); burn_stack(sizeof(unsigned long)*8 + sizeof(unsigned long*) + sizeof(int)*2); } #endif +#ifndef ENCRYPT_ONLY + #ifdef CLEAN_STACK static void _rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) #else -void rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) +void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) #endif { ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk; @@ -397,6 +453,42 @@ LOAD32H(s2, ct + 8); s2 ^= rk[2]; LOAD32H(s3, ct + 12); s3 ^= rk[3]; +#ifdef SMALL_CODE + for (r = 0; ; r++) { + rk += 4; + t0 = + Td0(byte(s0, 3)) ^ + Td1(byte(s3, 2)) ^ + Td2(byte(s2, 1)) ^ + Td3(byte(s1, 0)) ^ + rk[0]; + t1 = + Td0(byte(s1, 3)) ^ + Td1(byte(s0, 2)) ^ + Td2(byte(s3, 1)) ^ + Td3(byte(s2, 0)) ^ + rk[1]; + t2 = + Td0(byte(s2, 3)) ^ + Td1(byte(s1, 2)) ^ + Td2(byte(s0, 1)) ^ + Td3(byte(s3, 0)) ^ + rk[2]; + t3 = + Td0(byte(s3, 3)) ^ + Td1(byte(s2, 2)) ^ + Td2(byte(s1, 1)) ^ + Td3(byte(s0, 0)) ^ + rk[3]; + if (r == Nr-2) { + break; + } + s0 = t0; s1 = t1; s2 = t2; s3 = t3; + } + rk += 4; + +#else + /* * Nr - 1 full rounds: */ @@ -459,51 +551,52 @@ Td3(byte(t0, 0)) ^ rk[3]; } +#endif /* * apply last round and * map cipher state to byte array block: */ s0 = - (Td4[(t0 >> 24) ] & 0xff000000) ^ - (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t1 ) & 0xff] & 0x000000ff) ^ + (Td4[byte(t0, 3)] & 0xff000000) ^ + (Td4[byte(t3, 2)] & 0x00ff0000) ^ + (Td4[byte(t2, 1)] & 0x0000ff00) ^ + (Td4[byte(t1, 0)] & 0x000000ff) ^ rk[0]; STORE32H(s0, pt); s1 = - (Td4[(t1 >> 24) ] & 0xff000000) ^ - (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t2 ) & 0xff] & 0x000000ff) ^ + (Td4[byte(t1, 3)] & 0xff000000) ^ + (Td4[byte(t0, 2)] & 0x00ff0000) ^ + (Td4[byte(t3, 1)] & 0x0000ff00) ^ + (Td4[byte(t2, 0)] & 0x000000ff) ^ rk[1]; STORE32H(s1, pt+4); s2 = - (Td4[(t2 >> 24) ] & 0xff000000) ^ - (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t3 ) & 0xff] & 0x000000ff) ^ + (Td4[byte(t2, 3)] & 0xff000000) ^ + (Td4[byte(t1, 2)] & 0x00ff0000) ^ + (Td4[byte(t0, 1)] & 0x0000ff00) ^ + (Td4[byte(t3, 0)] & 0x000000ff) ^ rk[2]; STORE32H(s2, pt+8); s3 = - (Td4[(t3 >> 24) ] & 0xff000000) ^ - (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t0 ) & 0xff] & 0x000000ff) ^ + (Td4[byte(t3, 3)] & 0xff000000) ^ + (Td4[byte(t2, 2)] & 0x00ff0000) ^ + (Td4[byte(t1, 1)] & 0x0000ff00) ^ + (Td4[byte(t0, 0)] & 0x000000ff) ^ rk[3]; STORE32H(s3, pt+12); } #ifdef CLEAN_STACK -void rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) +void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) { _rijndael_ecb_decrypt(ct, pt, skey); burn_stack(sizeof(unsigned long)*8 + sizeof(unsigned long*) + sizeof(int)*2); } #endif -int rijndael_test(void) +int ECB_TEST(void) { #ifndef LTC_TEST return CRYPT_NOP; @@ -584,7 +677,9 @@ #endif } -int rijndael_keysize(int *desired_keysize) +#endif /* ENCRYPT_ONLY */ + +int ECB_KS(int *desired_keysize) { _ARGCHK(desired_keysize != NULL);