aes-encrypt.c

-/* aes-encrypt.c
- *
- * Encryption function for the aes/rijndael block cipher.
- */
-
-/* nettle, low-level cryptographics library
- *
- * Copyright (C) 2002 Niels Möller
- *  
- * The nettle library is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation; either version 2.1 of the License, or (at your
- * option) any later version.
- * 
- * The nettle library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
- * License for more details.
- * 
- * You should have received a copy of the GNU Lesser General Public License
- * along with the nettle library; see the file COPYING.LIB.  If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
- */
-
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include <assert.h>
-
-#include "aes-internal.h"
-
-/* The main point on this function is to help the assembler
-   implementations of _nettle_aes_encrypt to get the table pointer.
-   For PIC code, the details can be complex and system dependent. */
-void
-aes_encrypt(const struct aes_ctx *ctx,
-	    unsigned length, uint8_t *dst,
-	    const uint8_t *src)
-{
-  assert(!(length % AES_BLOCK_SIZE) );
-  _aes_encrypt(ctx, &_aes_encrypt_table,
-	       length, dst, src);
-}

aes-internal.h

 /* aes-internal.h
- *
- * The aes/rijndael block cipher.
- */
-
-/* nettle, low-level cryptographics library
- *
- * Copyright (C) 2001 Niels Mller
- *  
- * The nettle library is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation; either version 2.1 of the License, or (at your
- * option) any later version.
- * 
- * The nettle library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
- * License for more details.
- * 
- * You should have received a copy of the GNU Lesser General Public License
- * along with the nettle library; see the file COPYING.LIB.  If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
- */
+
+   The aes/rijndael block cipher.
+
+   Copyright (C) 2001, 2013 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+*/
 
 #ifndef NETTLE_AES_INTERNAL_H_INCLUDED
 #define NETTLE_AES_INTERNAL_H_INCLUDED
 
 #include "aes.h"
 
-/* Name mangling */
-#define _aes_encrypt _nettle_aes_encrypt
-#define _aes_decrypt _nettle_aes_decrypt
-#define _aes_encrypt_table _nettle_aes_encrypt_table
-
 /* Define to use only small tables. */
 #ifndef AES_SMALL
 # define AES_SMALL 0
@@ -51,31 +54,38 @@ struct aes_table
 };
 
 void
-_aes_encrypt(const struct aes_ctx *ctx,
-	     const struct aes_table *T,
-	     unsigned length, uint8_t *dst,
-	     const uint8_t *src);
+_nettle_aes_set_key(unsigned nr, unsigned nk,
+		    uint32_t *subkeys, const uint8_t *key);
 
 void
-_aes_decrypt(const struct aes_ctx *ctx,
-	     const struct aes_table *T,
-	     unsigned length, uint8_t *dst,
-	     const uint8_t *src);
+_nettle_aes_invert(unsigned rounds, uint32_t *dst, const uint32_t *src);
 
-/* Macros */
-#define ROTBYTE(x) (((x) >> 8) | (((x) & 0xff) << 24))
-#define ROTRBYTE(x) (((x) << 8) | (((x) >> 24) & 0xff))
-#define SUBBYTE(x, box) (((box)[((x) & 0xff)]) | \
-                        ((box)[(((x) >> 8) & 0xff)] << 8) | \
-                        ((box)[(((x) >> 16) & 0xff)] << 16) | \
-                        ((box)[(((x) >> 24) & 0xff)] << 24))
+void
+_nettle_aes_encrypt(unsigned rounds, const uint32_t *keys,
+		    const struct aes_table *T,
+		    size_t length, uint8_t *dst,
+		    const uint8_t *src);
 
+/* The keys pointer points at the subkeys for the first decrypt round,
+   located at the end of the array. */
+void
+_nettle_aes_decrypt(unsigned rounds, const uint32_t *keys,
+		    const struct aes_table *T,
+		    size_t length, uint8_t *dst,
+		    const uint8_t *src);
+
+/* Macros */
 /* Get the byte with index 0, 1, 2 and 3 */
 #define B0(x) ((x) & 0xff)
 #define B1(x) (((x) >> 8) & 0xff)
 #define B2(x) (((x) >> 16) & 0xff)
 #define B3(x) (((x) >> 24) & 0xff)
 
+#define SUBBYTE(x, box) ((uint32_t)(box)[B0(x)]		\
+		      | ((uint32_t)(box)[B1(x)] << 8)	\
+		      | ((uint32_t)(box)[B2(x)] << 16)	\
+		      | ((uint32_t)(box)[B3(x)] << 24))
+
 #define AES_ROUND(T, w0, w1, w2, w3, k)		\
 ((  T->table[0][ B0(w0) ]			\
   ^ T->table[1][ B1(w1) ]			\
@@ -88,9 +98,8 @@ _aes_decrypt(const struct aes_ctx *ctx,
   | ((uint32_t) T->sbox[ B2(w2) ] << 16)		\
   | ((uint32_t) T->sbox[ B3(w3) ] << 24)) ^ (k))
      
-/* Globally visible so that the same sbox table can be used by aes_set_encrypt_key */
-
-extern const struct aes_table _aes_encrypt_table;
-#define aes_sbox (_aes_encrypt_table.sbox)
+extern const struct aes_table _nettle_aes_encrypt_table;
+#define aes_sbox (_nettle_aes_encrypt_table.sbox)
+extern const struct aes_table _nettle_aes_decrypt_table;
 
 #endif /* NETTLE_AES_INTERNAL_H_INCLUDED */

aes-meta.c

-/* aes-meta.c */
-
-/* nettle, low-level cryptographics library
- *
- * Copyright (C) 2002 Niels Möller
- *  
- * The nettle library is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation; either version 2.1 of the License, or (at your
- * option) any later version.
- * 
- * The nettle library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
- * License for more details.
- * 
- * You should have received a copy of the GNU Lesser General Public License
- * along with the nettle library; see the file COPYING.LIB.  If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
- */
-
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include "nettle-meta.h"
-
-#include "aes.h"
-
-const struct nettle_cipher nettle_aes128
-= _NETTLE_CIPHER_SEP(aes, AES, 128);
-
-const struct nettle_cipher nettle_aes192
-= _NETTLE_CIPHER_SEP(aes, AES, 192);
-
-const struct nettle_cipher nettle_aes256
-= _NETTLE_CIPHER_SEP(aes, AES, 256);

aes-set-encrypt-key.c

-/* aes-set-encrypt-key.c
- *
- * Key setup for the aes/rijndael block cipher.
- */
-
-/* nettle, low-level cryptographics library
- *
- * Copyright (C) 2000, 2001, 2002 Rafael R. Sevilla, Niels Mller
- *  
- * The nettle library is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation; either version 2.1 of the License, or (at your
- * option) any later version.
- * 
- * The nettle library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
- * License for more details.
- * 
- * You should have received a copy of the GNU Lesser General Public License
- * along with the nettle library; see the file COPYING.LIB.  If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
- */
-
-/* Originally written by Rafael R. Sevilla <dido@pacific.net.ph> */
-
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include <assert.h>
-
-#include "aes-internal.h"
-
-static unsigned
-xtime(unsigned x)
-{
-  assert (x < 0x100);
-
-  x <<= 1;
-  if (x & 0x100)
-    x ^= 0x11b;
-
-  assert (x < 0x100);
-
-  return x;
-}
-
-void
-aes_set_encrypt_key(struct aes_ctx *ctx,
-		    unsigned keysize, const uint8_t *key)
-{
-  unsigned nk, nr, i, lastkey;
-  uint32_t temp, rcon;
-
-  assert(keysize >= AES_MIN_KEY_SIZE);
-  assert(keysize <= AES_MAX_KEY_SIZE);
-  
-  /* Truncate keysizes to the valid key sizes provided by Rijndael */
-  if (keysize == 32) {
-    nk = 8;
-    nr = 14;
-  } else if (keysize >= 24) {
-    nk = 6;
-    nr = 12;
-  } else { /* must be 16 or more */
-    nk = 4;
-    nr = 10;
-  }
-
-  lastkey = (AES_BLOCK_SIZE/4) * (nr + 1);
-  ctx->nrounds = nr;
-  rcon = 1;
-  for (i=0; i<nk; i++)
-    {
-      ctx->keys[i] = key[i*4] + (key[i*4+1]<<8) + (key[i*4+2]<<16) +
-	(key[i*4+3]<<24);
-    }
-
-  for (i=nk; i<lastkey; i++)
-    {
-      temp = ctx->keys[i-1];
-      if (i % nk == 0)
-	{
-	  temp = SUBBYTE(ROTBYTE(temp), aes_sbox) ^ rcon;
-	  rcon = (uint32_t)xtime((uint8_t)rcon&0xff);
-	}
-      else if (nk > 6 && (i%nk) == 4)
-	{
-	  temp = SUBBYTE(temp, aes_sbox);
-	}
-      ctx->keys[i] = ctx->keys[i-nk] ^ temp;
-    }
-}
-