34 * http://csrc.nist.gov/CryptoToolkit/aes
35 */
36
37 #include <stdlib.h>
38 #include <sys/sysmacros.h>
39
40 #include "aes.h"
41
42 /* Yay for Big-Endian Algorithms! */
43 #ifdef _LITTLE_ENDIAN
44 #define BSWAP_L(l) (((l & 0xff) << 24) | ((l & 0xff00) <<8) \
45 | ((l & 0xff0000) >> 8) | ((l & 0xff000000) >>24))
46 #else
47 #define BSWAP_L(l) (l)
48 #endif
49
50 #define GETU32(p) BSWAP_L(*(uint32_t *)(p))
51 #define PUTU32(ct, st) *((uint32_t *)(ct)) = BSWAP_L(st)
52
53
54 /* EXPORT DELETE START */
55 /*
56 * Te0[x] = S [x].[02, 01, 01, 03];
57 * Te1[x] = S [x].[03, 02, 01, 01];
58 * Te2[x] = S [x].[01, 03, 02, 01];
59 * Te3[x] = S [x].[01, 01, 03, 02];
60 * Te4[x] = S [x].[01, 01, 01, 01];
61 *
62 * Td0[x] = Si[x].[0e, 09, 0d, 0b];
63 * Td1[x] = Si[x].[0b, 0e, 09, 0d];
64 * Td2[x] = Si[x].[0d, 0b, 0e, 09];
65 * Td3[x] = Si[x].[09, 0d, 0b, 0e];
66 * Td4[x] = Si[x].[01, 01, 01, 01];
67 */
68
69
70 /* S-boxes */
71 static const uint32_t Te0[256] = {
72 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
73 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
74 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
722 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
723 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
724 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
725 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
726 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
727 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
728 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
729 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
730 };
731 static const uint32_t rcon[] = {
732 0x01000000, 0x02000000, 0x04000000, 0x08000000,
733 0x10000000, 0x20000000, 0x40000000, 0x80000000,
734 0x1B000000, 0x36000000,
735 /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
736 };
737 typedef struct keysched_s {
738 uint32_t Nr;
739 uint32_t rk_e[60]; /* max round key size */
740 uint32_t rk_d[60]; /* max round key size */
741 } keysched_t;
742 /* EXPORT DELETE END */
743
744 /* EXPORT DELETE START */
745
746 int
747 aes_init(void **cookie)
748 {
749 if ((*cookie = malloc(sizeof (keysched_t))) == NULL) {
750 return (-1);
751 }
752 return (0);
753 }
754
755 void
756 aes_fini(void *cookie)
757 {
758 free(cookie);
759 }
760
761 void
762 aes_encrypt(void *cookie, uint8_t *block)
763 {
764 keysched_t *ksch = (keysched_t *)cookie;
765 uint32_t s0, s1, s2, s3, t0, t1, t2, t3;
1387 Td1[Te4[(rk_d[0] >> 16) & 0xff] & 0xff] ^
1388 Td2[Te4[(rk_d[0] >> 8) & 0xff] & 0xff] ^
1389 Td3[Te4[(rk_d[0]) & 0xff] & 0xff];
1390 rk_d[1] =
1391 Td0[Te4[(rk_d[1] >> 24)] & 0xff] ^
1392 Td1[Te4[(rk_d[1] >> 16) & 0xff] & 0xff] ^
1393 Td2[Te4[(rk_d[1] >> 8) & 0xff] & 0xff] ^
1394 Td3[Te4[(rk_d[1]) & 0xff] & 0xff];
1395 rk_d[2] =
1396 Td0[Te4[(rk_d[2] >> 24)] & 0xff] ^
1397 Td1[Te4[(rk_d[2] >> 16) & 0xff] & 0xff] ^
1398 Td2[Te4[(rk_d[2] >> 8) & 0xff] & 0xff] ^
1399 Td3[Te4[(rk_d[2]) & 0xff] & 0xff];
1400 rk_d[3] =
1401 Td0[Te4[(rk_d[3] >> 24)] & 0xff] ^
1402 Td1[Te4[(rk_d[3] >> 16) & 0xff] & 0xff] ^
1403 Td2[Te4[(rk_d[3] >> 8) & 0xff] & 0xff] ^
1404 Td3[Te4[(rk_d[3]) & 0xff] & 0xff];
1405 }
1406 }
1407
1408 /* EXPORT DELETE END */
|
34 * http://csrc.nist.gov/CryptoToolkit/aes
35 */
36
37 #include <stdlib.h>
38 #include <sys/sysmacros.h>
39
40 #include "aes.h"
41
42 /* Yay for Big-Endian Algorithms! */
43 #ifdef _LITTLE_ENDIAN
44 #define BSWAP_L(l) (((l & 0xff) << 24) | ((l & 0xff00) <<8) \
45 | ((l & 0xff0000) >> 8) | ((l & 0xff000000) >>24))
46 #else
47 #define BSWAP_L(l) (l)
48 #endif
49
50 #define GETU32(p) BSWAP_L(*(uint32_t *)(p))
51 #define PUTU32(ct, st) *((uint32_t *)(ct)) = BSWAP_L(st)
52
53
54 /*
55 * Te0[x] = S [x].[02, 01, 01, 03];
56 * Te1[x] = S [x].[03, 02, 01, 01];
57 * Te2[x] = S [x].[01, 03, 02, 01];
58 * Te3[x] = S [x].[01, 01, 03, 02];
59 * Te4[x] = S [x].[01, 01, 01, 01];
60 *
61 * Td0[x] = Si[x].[0e, 09, 0d, 0b];
62 * Td1[x] = Si[x].[0b, 0e, 09, 0d];
63 * Td2[x] = Si[x].[0d, 0b, 0e, 09];
64 * Td3[x] = Si[x].[09, 0d, 0b, 0e];
65 * Td4[x] = Si[x].[01, 01, 01, 01];
66 */
67
68
69 /* S-boxes */
70 static const uint32_t Te0[256] = {
71 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
72 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
73 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
721 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
722 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
723 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
724 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
725 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
726 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
727 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
728 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
729 };
730 static const uint32_t rcon[] = {
731 0x01000000, 0x02000000, 0x04000000, 0x08000000,
732 0x10000000, 0x20000000, 0x40000000, 0x80000000,
733 0x1B000000, 0x36000000,
734 /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
735 };
736 typedef struct keysched_s {
737 uint32_t Nr;
738 uint32_t rk_e[60]; /* max round key size */
739 uint32_t rk_d[60]; /* max round key size */
740 } keysched_t;
741
742 int
743 aes_init(void **cookie)
744 {
745 if ((*cookie = malloc(sizeof (keysched_t))) == NULL) {
746 return (-1);
747 }
748 return (0);
749 }
750
751 void
752 aes_fini(void *cookie)
753 {
754 free(cookie);
755 }
756
757 void
758 aes_encrypt(void *cookie, uint8_t *block)
759 {
760 keysched_t *ksch = (keysched_t *)cookie;
761 uint32_t s0, s1, s2, s3, t0, t1, t2, t3;
1383 Td1[Te4[(rk_d[0] >> 16) & 0xff] & 0xff] ^
1384 Td2[Te4[(rk_d[0] >> 8) & 0xff] & 0xff] ^
1385 Td3[Te4[(rk_d[0]) & 0xff] & 0xff];
1386 rk_d[1] =
1387 Td0[Te4[(rk_d[1] >> 24)] & 0xff] ^
1388 Td1[Te4[(rk_d[1] >> 16) & 0xff] & 0xff] ^
1389 Td2[Te4[(rk_d[1] >> 8) & 0xff] & 0xff] ^
1390 Td3[Te4[(rk_d[1]) & 0xff] & 0xff];
1391 rk_d[2] =
1392 Td0[Te4[(rk_d[2] >> 24)] & 0xff] ^
1393 Td1[Te4[(rk_d[2] >> 16) & 0xff] & 0xff] ^
1394 Td2[Te4[(rk_d[2] >> 8) & 0xff] & 0xff] ^
1395 Td3[Te4[(rk_d[2]) & 0xff] & 0xff];
1396 rk_d[3] =
1397 Td0[Te4[(rk_d[3] >> 24)] & 0xff] ^
1398 Td1[Te4[(rk_d[3] >> 16) & 0xff] & 0xff] ^
1399 Td2[Te4[(rk_d[3] >> 8) & 0xff] & 0xff] ^
1400 Td3[Te4[(rk_d[3]) & 0xff] & 0xff];
1401 }
1402 }
|