Redefine struct aes_ctx as a union of key-size specific contexts.

a7dada79 · Niels Möller · b87ec212 · a7dada79 · a7dada79 · a7dada79
Commit a7dada79 authored Mar 29, 2019 by Niels Möller
6 changed files
--- a/ChangeLog
+++ b/ChangeLog
+2019-03-29  Niels Möller  <nisse@lysator.liu.se>
+
+	* aes.h (struct aes_ctx): Redefine using a union of key-size
+	specific contexts.
+	* aes-decrypt.c (aes_decrypt): Use switch on key_size.
+	* aes-encrypt.c (aes_encrypt): Likewise.
+	* aes-set-decrypt-key.c (aes_invert_key): Likewise.
+	* aes-set-encrypt-key.c (aes_set_encrypt_key): Likewise.
+
 2019-03-27  Niels Möller  <nisse@lysator.liu.se>

 	* xts.c (xts_shift): Arrange with a single write to u64[1].

--- a/aes-decrypt.c
+++ b/aes-decrypt.c
@@ -36,6 +36,7 @@
 #endif

 #include <assert.h>
+#include <stdlib.h>

 #include "aes-internal.h"

@@ -349,9 +350,19 @@ aes_decrypt(const struct aes_ctx *ctx,
 	    size_t length, uint8_t *dst,
 	    const uint8_t *src)
 {
-  assert(!(length % AES_BLOCK_SIZE) );
-  _aes_decrypt(ctx->rounds, ctx->keys, &_aes_decrypt_table,
-	       length, dst, src);
+  switch (ctx->key_size)
+    {
+    default: abort();
+    case AES128_KEY_SIZE:
+      aes128_decrypt(&ctx->u.ctx128, length, dst, src);
+      break;
+    case AES192_KEY_SIZE:
+      aes192_decrypt(&ctx->u.ctx192, length, dst, src);
+      break;
+    case AES256_KEY_SIZE:
+      aes256_decrypt(&ctx->u.ctx256, length, dst, src);
+      break;
+    }
 }

 void

--- a/aes-encrypt.c
+++ b/aes-encrypt.c
@@ -36,6 +36,7 @@
 #endif

 #include <assert.h>
+#include <stdlib.h>

 #include "aes-internal.h"

@@ -47,9 +48,19 @@ aes_encrypt(const struct aes_ctx *ctx,
 	    size_t length, uint8_t *dst,
 	    const uint8_t *src)
 {
-  assert(!(length % AES_BLOCK_SIZE) );
-  _aes_encrypt(ctx->rounds, ctx->keys, &_aes_encrypt_table,
-	       length, dst, src);
+  switch (ctx->key_size)
+    {
+    default: abort();
+    case AES128_KEY_SIZE:
+      aes128_encrypt(&ctx->u.ctx128, length, dst, src);
+      break;
+    case AES192_KEY_SIZE:
+      aes192_encrypt(&ctx->u.ctx192, length, dst, src);
+      break;
+    case AES256_KEY_SIZE:
+      aes256_encrypt(&ctx->u.ctx256, length, dst, src);
+      break;
+    }
 }

 void

--- a/aes-set-decrypt-key.c
+++ b/aes-set-decrypt-key.c
@@ -36,17 +36,32 @@
 # include "config.h"
 #endif

+#include <stdlib.h>
+
 /* This file implements and uses deprecated functions */
 #define _NETTLE_ATTRIBUTE_DEPRECATED

-#include "aes-internal.h"
+#include "aes.h"

 void
 aes_invert_key(struct aes_ctx *dst,
 	       const struct aes_ctx *src)
 {
-  _aes_invert (src->rounds, dst->keys, src->keys);
-  dst->rounds = src->rounds;
+  switch (src->key_size)
+    {
+    default: abort();
+    case AES128_KEY_SIZE:
+      aes128_invert_key(&dst->u.ctx128, &src->u.ctx128);
+      break;
+    case AES192_KEY_SIZE:
+      aes192_invert_key(&dst->u.ctx192, &src->u.ctx192);
+      break;
+    case AES256_KEY_SIZE:
+      aes256_invert_key(&dst->u.ctx256, &src->u.ctx256);
+      break;
+    }
+
+  dst->key_size = src->key_size;
 }

 void

--- a/aes-set-encrypt-key.c
+++ b/aes-set-encrypt-key.c
@@ -36,32 +36,27 @@
 # include "config.h"
 #endif

-#include <assert.h>
 #include <stdlib.h>

-#include "aes-internal.h"
+#include "aes.h"

 void
 aes_set_encrypt_key(struct aes_ctx *ctx,
-		    size_t keysize, const uint8_t *key)
+		    size_t key_size, const uint8_t *key)
 {
-  unsigned nk, nr;
-
-  assert(keysize >= AES_MIN_KEY_SIZE);
-  assert(keysize <= AES_MAX_KEY_SIZE);
-  
-  /* Truncate keysizes to the valid key sizes provided by Rijndael */
-  if (keysize == AES256_KEY_SIZE) {
-    nk = 8;
-    nr = _AES256_ROUNDS;
-  } else if (keysize >= AES192_KEY_SIZE) {
-    nk = 6;
-    nr = _AES192_ROUNDS;
-  } else { /* must be 16 or more */
-    nk = 4;
-    nr = _AES128_ROUNDS;
+  switch (key_size)
+    {
+    default: abort();
+    case AES128_KEY_SIZE:
+      aes128_set_encrypt_key(&ctx->u.ctx128, key);
+      break;
+    case AES192_KEY_SIZE:
+      aes192_set_encrypt_key(&ctx->u.ctx192, key);
+      break;
+    case AES256_KEY_SIZE:
+      aes256_set_encrypt_key(&ctx->u.ctx256, key);
+      break;
    }
  
-  ctx->rounds = nr;
-  _aes_set_key (nr, nk, ctx->keys, key);
+  ctx->key_size = key_size;
 }
--- a/aes.h
+++ b/aes.h
@@ -71,46 +71,6 @@ extern "C" {
 #define _AES192_ROUNDS 12
 #define _AES256_ROUNDS 14

-/* Variable key size between 128 and 256 bits. But the only valid
- * values are 16 (128 bits), 24 (192 bits) and 32 (256 bits). */
-#define AES_MIN_KEY_SIZE AES128_KEY_SIZE
-#define AES_MAX_KEY_SIZE AES256_KEY_SIZE
-
-/* The older nettle-2.7 AES interface is deprecated, please migrate to
-   the newer interface where each algorithm has a fixed key size. */
-
-#define AES_KEY_SIZE 32
-
-struct aes_ctx
-{
-  unsigned rounds;  /* number of rounds to use for our key size */
-  uint32_t keys[4*(_AES256_ROUNDS + 1)];  /* maximum size of key schedule */
-};
-
-void
-aes_set_encrypt_key(struct aes_ctx *ctx,
-		    size_t length, const uint8_t *key)
-  _NETTLE_ATTRIBUTE_DEPRECATED;
-
-void
-aes_set_decrypt_key(struct aes_ctx *ctx,
-		   size_t length, const uint8_t *key)
-  _NETTLE_ATTRIBUTE_DEPRECATED;
-
-void
-aes_invert_key(struct aes_ctx *dst,
-	       const struct aes_ctx *src)
-  _NETTLE_ATTRIBUTE_DEPRECATED;
-
-void
-aes_encrypt(const struct aes_ctx *ctx,
-	    size_t length, uint8_t *dst,
-	    const uint8_t *src) _NETTLE_ATTRIBUTE_DEPRECATED;
-void
-aes_decrypt(const struct aes_ctx *ctx,
-	    size_t length, uint8_t *dst,
-	    const uint8_t *src) _NETTLE_ATTRIBUTE_DEPRECATED;
-
 struct aes128_ctx
 {
  uint32_t keys[4 * (_AES128_ROUNDS + 1)];
@@ -174,6 +134,50 @@ aes256_decrypt(const struct aes256_ctx *ctx,
 	       size_t length, uint8_t *dst,
 	       const uint8_t *src);

+/* The older nettle-2.7 AES interface is deprecated, please migrate to
+   the newer interface where each algorithm has a fixed key size. */
+
+/* Variable key size between 128 and 256 bits. But the only valid
+ * values are 16 (128 bits), 24 (192 bits) and 32 (256 bits). */
+#define AES_MIN_KEY_SIZE AES128_KEY_SIZE
+#define AES_MAX_KEY_SIZE AES256_KEY_SIZE
+
+#define AES_KEY_SIZE 32
+
+struct aes_ctx
+{
+  unsigned key_size;  /* In octets */
+  union {
+    struct aes128_ctx ctx128;
+    struct aes192_ctx ctx192;
+    struct aes256_ctx ctx256;
+  } u;
+};
+
+void
+aes_set_encrypt_key(struct aes_ctx *ctx,
+		    size_t length, const uint8_t *key)
+  _NETTLE_ATTRIBUTE_DEPRECATED;
+
+void
+aes_set_decrypt_key(struct aes_ctx *ctx,
+		   size_t length, const uint8_t *key)
+  _NETTLE_ATTRIBUTE_DEPRECATED;
+
+void
+aes_invert_key(struct aes_ctx *dst,
+	       const struct aes_ctx *src)
+  _NETTLE_ATTRIBUTE_DEPRECATED;
+
+void
+aes_encrypt(const struct aes_ctx *ctx,
+	    size_t length, uint8_t *dst,
+	    const uint8_t *src) _NETTLE_ATTRIBUTE_DEPRECATED;
+void
+aes_decrypt(const struct aes_ctx *ctx,
+	    size_t length, uint8_t *dst,
+	    const uint8_t *src) _NETTLE_ATTRIBUTE_DEPRECATED;
+
 #ifdef __cplusplus
 }
 #endif