Commit 1c91b6a7 authored by Niels Möller's avatar Niels Möller
Browse files

* aes.c (aes_encrypt): Interleave computation and output in the

final round.

Rev: src/nettle/aes.c:1.7
parent 97a2a0f1
...@@ -58,9 +58,7 @@ aes_encrypt(struct aes_ctx *ctx, ...@@ -58,9 +58,7 @@ aes_encrypt(struct aes_ctx *ctx,
unsigned length, uint8_t *dst, unsigned length, uint8_t *dst,
const uint8_t *src) const uint8_t *src)
{ {
assert(!(length % AES_BLOCK_SIZE)); FOR_BLOCKS(length, dst, src, AES_BLOCK_SIZE)
for (; length; length -= AES_BLOCK_SIZE)
{ {
uint32_t wtxt[4]; /* working ciphertext */ uint32_t wtxt[4]; /* working ciphertext */
unsigned i; unsigned i;
...@@ -68,8 +66,8 @@ aes_encrypt(struct aes_ctx *ctx, ...@@ -68,8 +66,8 @@ aes_encrypt(struct aes_ctx *ctx,
/* Get clear text, using little-endian byte order. /* Get clear text, using little-endian byte order.
* Also XOR with the first subkey. */ * Also XOR with the first subkey. */
for (i = 0; i<4; i++, src += 4) for (i = 0; i<4; i++)
wtxt[i] = LE_READ_UINT32(src) ^ ctx->keys[i]; wtxt[i] = LE_READ_UINT32(src + 4*i) ^ ctx->keys[i];
for (round = 1; round < ctx->nrounds; round++) for (round = 1; round < ctx->nrounds; round++)
{ {
...@@ -109,10 +107,10 @@ aes_encrypt(struct aes_ctx *ctx, ...@@ -109,10 +107,10 @@ aes_encrypt(struct aes_ctx *ctx,
#if AES_SMALL #if AES_SMALL
for (j=0; j<4; j++) for (j=0; j<4; j++)
t[j] = dtbl[0][wtxt[j] & 0xff] ^ t[j] = dtbl[0][ B0(wtxt[j]) ] ^
ROTRBYTE(dtbl[0][(wtxt[idx[1][j]] >> 8) & 0xff]^ ROTRBYTE( dtbl[0][ B1(wtxt[idx[1][j]]) ]^
ROTRBYTE(dtbl[0][(wtxt[idx[2][j]] >> 16) & 0xff] ^ ROTRBYTE( dtbl[0][ B2(wtxt[idx[2][j]]) ] ^
ROTRBYTE(dtbl[0][(wtxt[idx[3][j]] >> 24) & 0xff]))); ROTRBYTE(dtbl[0][ B3(wtxt[idx[3][j]]) ])));
#else /* !AES_SMALL */ #else /* !AES_SMALL */
/* FIXME: Figure out how the indexing should really be done. /* FIXME: Figure out how the indexing should really be done.
...@@ -147,46 +145,43 @@ aes_encrypt(struct aes_ctx *ctx, ...@@ -147,46 +145,43 @@ aes_encrypt(struct aes_ctx *ctx,
} }
/* Final round */ /* Final round */
{ {
uint32_t t[4]; uint32_t cipher;
unsigned j;
#if DEBUG
fprintf(stderr, "round: %d\n wtxt: ", round);
for (j = 0; j<4; j++)
fprintf(stderr, "%08x, ", wtxt[j]);
fprintf(stderr, "\n key: ");
for (j = 0; j<4; j++)
fprintf(stderr, "%08x, ", ctx->keys[4*round + j]);
fprintf(stderr, "\n\n");
#endif
/* FIXME: Figure out how the indexing should really be done. /* FIXME: Figure out how the indexing should really be done.
* It looks like this code shifts the rows in the wrong * It looks like this code shifts the rows in the wrong
* direction, but it passes the testsuite. */ * direction, but it passes the testsuite. */
t[0] = ( (uint32_t) sbox[ B0(wtxt[0]) ]
| ((uint32_t) sbox[ B1(wtxt[1]) ] << 8) cipher = ( (uint32_t) sbox[ B0(wtxt[0]) ]
| ((uint32_t) sbox[ B2(wtxt[2]) ] << 16) | ((uint32_t) sbox[ B1(wtxt[1]) ] << 8)
| ((uint32_t) sbox[ B3(wtxt[3]) ] << 24)); | ((uint32_t) sbox[ B2(wtxt[2]) ] << 16)
t[3] = ( (uint32_t) sbox[ B0(wtxt[3]) ] | ((uint32_t) sbox[ B3(wtxt[3]) ] << 24))
| ((uint32_t) sbox[ B1(wtxt[0]) ] << 8) ^ ctx->keys[4*round];
| ((uint32_t) sbox[ B2(wtxt[1]) ] << 16)
| ((uint32_t) sbox[ B3(wtxt[2]) ] << 24)); LE_WRITE_UINT32(dst, cipher);
t[2] = ( (uint32_t) sbox[ B0(wtxt[2]) ]
| ((uint32_t) sbox[ B1(wtxt[3]) ] << 8) cipher = ( (uint32_t) sbox[ B0(wtxt[1]) ]
| ((uint32_t) sbox[ B2(wtxt[0]) ] << 16) | ((uint32_t) sbox[ B1(wtxt[2]) ] << 8)
| ((uint32_t) sbox[ B3(wtxt[1]) ] << 24)); | ((uint32_t) sbox[ B2(wtxt[3]) ] << 16)
t[1] = ( (uint32_t) sbox[ B0(wtxt[1]) ] | ((uint32_t) sbox[ B3(wtxt[0]) ] << 24))
| ((uint32_t) sbox[ B1(wtxt[2]) ] << 8) ^ ctx->keys[4*round + 1];
| ((uint32_t) sbox[ B2(wtxt[3]) ] << 16)
| ((uint32_t) sbox[ B3(wtxt[0]) ] << 24)); LE_WRITE_UINT32(dst + 4, cipher);
for (j = 0; j<4; j++) cipher = ( (uint32_t) sbox[ B0(wtxt[2]) ]
{ | ((uint32_t) sbox[ B1(wtxt[3]) ] << 8)
uint32_t cipher = t[j] ^ ctx->keys[4*round + j]; | ((uint32_t) sbox[ B2(wtxt[0]) ] << 16)
#if DEBUG | ((uint32_t) sbox[ B3(wtxt[1]) ] << 24))
fprintf(stderr, "cipher[%d]: %08x\n", j, cipher); ^ ctx->keys[4*round + 2];
#endif
LE_WRITE_UINT32(dst, cipher); dst += 4; LE_WRITE_UINT32(dst + 8, cipher);
}
cipher = ( (uint32_t) sbox[ B0(wtxt[3]) ]
| ((uint32_t) sbox[ B1(wtxt[0]) ] << 8)
| ((uint32_t) sbox[ B2(wtxt[1]) ] << 16)
| ((uint32_t) sbox[ B3(wtxt[2]) ] << 24))
^ ctx->keys[4*round + 3];
LE_WRITE_UINT32(dst + 12, cipher);
} }
} }
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment