aes-internal.h

 /* aes-internal.h
- *
- * The aes/rijndael block cipher.
- */
-
-/* nettle, low-level cryptographics library
- *
- * Copyright (C) 2001 Niels Möller
- *  
- * The nettle library is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation; either version 2.1 of the License, or (at your
- * option) any later version.
- * 
- * The nettle library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
- * License for more details.
- * 
- * You should have received a copy of the GNU Lesser General Public License
- * along with the nettle library; see the file COPYING.LIB.  If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
- */
+
+   The aes/rijndael block cipher.
+
+   Copyright (C) 2001, 2013 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+*/
 
 #ifndef NETTLE_AES_INTERNAL_H_INCLUDED
 #define NETTLE_AES_INTERNAL_H_INCLUDED
 
 #include "aes.h"
 
-/* Name mangling */
-#define _aes_encrypt _nettle_aes_encrypt
-#define _aes_decrypt _nettle_aes_decrypt
-#define _aes_encrypt_table _nettle_aes_encrypt_table
-
 /* Define to use only small tables. */
 #ifndef AES_SMALL
 # define AES_SMALL 0
@@ -51,16 +54,25 @@ struct aes_table
 };
 
 void
-_aes_encrypt(const struct aes_ctx *ctx,
-	     const struct aes_table *T,
-	     unsigned length, uint8_t *dst,
-	     const uint8_t *src);
+_nettle_aes_set_key(unsigned nr, unsigned nk,
+		    uint32_t *subkeys, const uint8_t *key);
+
+void
+_nettle_aes_invert(unsigned rounds, uint32_t *dst, const uint32_t *src);
+
+void
+_nettle_aes_encrypt(unsigned rounds, const uint32_t *keys,
+		    const struct aes_table *T,
+		    size_t length, uint8_t *dst,
+		    const uint8_t *src);
 
+/* The keys pointer points at the subkeys for the first decrypt round,
+   located at the end of the array. */
 void
-_aes_decrypt(const struct aes_ctx *ctx,
-	     const struct aes_table *T,
-	     unsigned length, uint8_t *dst,
-	     const uint8_t *src);
+_nettle_aes_decrypt(unsigned rounds, const uint32_t *keys,
+		    const struct aes_table *T,
+		    size_t length, uint8_t *dst,
+		    const uint8_t *src);
 
 /* Macros */
 /* Get the byte with index 0, 1, 2 and 3 */
@@ -86,9 +98,8 @@ _aes_decrypt(const struct aes_ctx *ctx,
   | ((uint32_t) T->sbox[ B2(w2) ] << 16)		\
   | ((uint32_t) T->sbox[ B3(w3) ] << 24)) ^ (k))
      
-/* Globally visible so that the same sbox table can be used by aes_set_encrypt_key */
-
-extern const struct aes_table _aes_encrypt_table;
-#define aes_sbox (_aes_encrypt_table.sbox)
+extern const struct aes_table _nettle_aes_encrypt_table;
+#define aes_sbox (_nettle_aes_encrypt_table.sbox)
+extern const struct aes_table _nettle_aes_decrypt_table;
 
 #endif /* NETTLE_AES_INTERNAL_H_INCLUDED */

aes-set-decrypt-key.c → aes-invert-internal.c

-/* aes-set-decrypt-key.c
- *
- * Inverse key setup for the aes/rijndael block cipher.
- */
-
-/* nettle, low-level cryptographics library
- *
- * Copyright (C) 2000, 2001, 2002 Rafael R. Sevilla, Niels Möller
- *  
- * The nettle library is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation; either version 2.1 of the License, or (at your
- * option) any later version.
- * 
- * The nettle library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
- * License for more details.
- * 
- * You should have received a copy of the GNU Lesser General Public License
- * along with the nettle library; see the file COPYING.LIB.  If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
- */
+/* aes-invert-internal.c
+
+   Inverse key setup for the aes/rijndael block cipher.
+
+   Copyright (C) 2000, 2001, 2002 Rafael R. Sevilla, Niels Möller
+   Copyright (C) 2013 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+*/
 
 /* Originally written by Rafael R. Sevilla <dido@pacific.net.ph> */
 
@@ -33,6 +42,13 @@
 
 #include "macros.h"
 
+/* For fat builds */
+#if HAVE_NATIVE_aes_invert
+void
+_nettle_aes_invert_c(unsigned rounds, uint32_t *dst, const uint32_t *src);
+#define _nettle_aes_invert _nettle_aes_invert_c
+#endif
+
 /* NOTE: We don't include rotated versions of the table. */
 static const uint32_t mtable[0x100] =
 {
@@ -102,9 +118,9 @@ static const uint32_t mtable[0x100] =
   0xbe805d9f,0xb58d5491,0xa89a4f83,0xa397468d,
 };
 
-#define MIX_COLUMN(T, key) do { \
+#define MIX_COLUMN(T, out, in) do {		\
     uint32_t _k, _nk, _t;	\
-    _k = (key);			\
+    _k = (in);			\
     _nk = T[_k & 0xff];		\
     _k >>= 8;			\
     _t = T[_k & 0xff];		\
@@ -115,7 +131,7 @@ static const uint32_t mtable[0x100] =
     _k >>= 8;			\
     _t = T[_k & 0xff];		\
     _nk ^= ROTL32(24, _t);	\
-    (key) = _nk;		\
+    (out) = _nk;		\
   } while(0)
   
 
@@ -123,49 +139,17 @@ static const uint32_t mtable[0x100] =
 do { uint32_t t_swap = (a); (a) = (b); (b) = t_swap; } while(0)
 
 void
-aes_invert_key(struct aes_ctx *dst,
-	       const struct aes_ctx *src)
+_nettle_aes_invert(unsigned rounds, uint32_t *dst, const uint32_t *src)
 {
-  unsigned nrounds;
   unsigned i;
 
-  nrounds = src->nrounds;
-
-  /* Reverse the order of subkeys, in groups of 4. */
-  /* FIXME: Instead of reordering the subkeys, change the access order
-     of aes_decrypt, since it's a separate function anyway? */
-  if (src == dst)
-    {
-      unsigned j, k;
+  /* Transform all subkeys but the first and last. */
+  for (i = 4; i < 4 * rounds; i++)
+    MIX_COLUMN (mtable, dst[i], src[i]);
 
-      for (i = 0, j = nrounds * 4;
-	   i < j;
-	   i += 4, j -= 4)
-	for (k = 0; k<4; k++)
-	  SWAP(dst->keys[i+k], dst->keys[j+k]);
-    }
-  else
+  if (src != dst)
     {
-      unsigned k;
-
-      dst->nrounds = nrounds;
-      for (i = 0; i <= nrounds * 4; i += 4)
-	for (k = 0; k < 4; k++)
-	  dst->keys[i+k] = src->keys[nrounds * 4 - i + k];
+      dst[0] = src[0]; dst[1] = src[1]; dst[2] = src[2]; dst[3] = src[3];
+      dst[i] = src[i]; dst[i+1] = src[i+1]; dst[i+2] = src[i+2]; dst[i+3] = src[i+3];
     }
-
-  /* Transform all subkeys but the first and last. */
-  for (i = 4; i < 4 * nrounds; i++)
-    MIX_COLUMN (mtable, dst->keys[i]);
-}
-
-void
-aes_set_decrypt_key(struct aes_ctx *ctx,
-		    unsigned keysize, const uint8_t *key)
-{
-  /* We first create subkeys for encryption,
-   * then modify the subkeys for decryption. */
-  aes_set_encrypt_key(ctx, keysize, key);
-  aes_invert_key(ctx, ctx);
 }
-

aes-meta.c

-/* aes-meta.c */
-
-/* nettle, low-level cryptographics library
- *
- * Copyright (C) 2002 Niels Möller
- *  
- * The nettle library is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation; either version 2.1 of the License, or (at your
- * option) any later version.
- * 
- * The nettle library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
- * License for more details.
- * 
- * You should have received a copy of the GNU Lesser General Public License
- * along with the nettle library; see the file COPYING.LIB.  If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
- */
-
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include "nettle-meta.h"
-
-#include "aes.h"
-
-const struct nettle_cipher nettle_aes128
-= _NETTLE_CIPHER_SEP(aes, AES, 128);
-
-const struct nettle_cipher nettle_aes192
-= _NETTLE_CIPHER_SEP(aes, AES, 192);
-
-const struct nettle_cipher nettle_aes256
-= _NETTLE_CIPHER_SEP(aes, AES, 256);

aes-set-encrypt-key.c

-/* aes-set-encrypt-key.c
- *
- * Key setup for the aes/rijndael block cipher.
- */
-
-/* nettle, low-level cryptographics library
- *
- * Copyright (C) 2000, 2001, 2002 Rafael R. Sevilla, Niels Möller
- *  
- * The nettle library is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation; either version 2.1 of the License, or (at your
- * option) any later version.
- * 
- * The nettle library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
- * License for more details.
- * 
- * You should have received a copy of the GNU Lesser General Public License
- * along with the nettle library; see the file COPYING.LIB.  If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
- */
-
-/* Originally written by Rafael R. Sevilla <dido@pacific.net.ph> */
-
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include <assert.h>
-
-#include "aes-internal.h"
-#include "macros.h"
-
-void
-aes_set_encrypt_key(struct aes_ctx *ctx,
-		    unsigned keysize, const uint8_t *key)
-{
-  static const uint8_t rcon[10] = {
-    0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80,0x1b,0x36,
-  };
-  unsigned nk, nr, i, lastkey;
-  uint32_t temp;
-  const uint8_t *rp;
-
-  assert(keysize >= AES_MIN_KEY_SIZE);
-  assert(keysize <= AES_MAX_KEY_SIZE);
-  
-  /* Truncate keysizes to the valid key sizes provided by Rijndael */
-  if (keysize == 32) {
-    nk = 8;
-    nr = 14;
-  } else if (keysize >= 24) {
-    nk = 6;
-    nr = 12;
-  } else { /* must be 16 or more */
-    nk = 4;
-    nr = 10;
-  }
-
-  lastkey = (AES_BLOCK_SIZE/4) * (nr + 1);
-  ctx->nrounds = nr;
-
-  for (i=0, rp = rcon; i<nk; i++)
-    ctx->keys[i] = LE_READ_UINT32(key + i*4);
-
-  for (i=nk; i<lastkey; i++)
-    {
-      temp = ctx->keys[i-1];
-      if (i % nk == 0)
-	temp = SUBBYTE(ROTL32(24, temp), aes_sbox) ^ *rp++;
-
-      else if (nk > 6 && (i%nk) == 4)
-	temp = SUBBYTE(temp, aes_sbox);
-
-      ctx->keys[i] = ctx->keys[i-nk] ^ temp;
-    }
-}
-