Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
Wim Lewis
nettle
Commits
fd976f57
Commit
fd976f57
authored
Sep 28, 2013
by
Niels Möller
Browse files
Options
Browse Files
Download
Plain Diff
Merged aes-reorg branch.
parents
4ae04a64
7f0c28dc
Changes
44
Hide whitespace changes
Inline
Side-by-side
Showing
44 changed files
with
1391 additions
and
580 deletions
+1391
-580
ChangeLog
ChangeLog
+95
-0
Makefile.in
Makefile.in
+8
-1
aes-decrypt-internal.c
aes-decrypt-internal.c
+17
-17
aes-decrypt.c
aes-decrypt.c
+32
-2
aes-encrypt-internal.c
aes-encrypt-internal.c
+17
-17
aes-encrypt.c
aes-encrypt.c
+32
-2
aes-internal.h
aes-internal.h
+12
-3
aes-invert-internal.c
aes-invert-internal.c
+156
-0
aes-set-decrypt-key.c
aes-set-decrypt-key.c
+3
-122
aes-set-encrypt-key.c
aes-set-encrypt-key.c
+9
-30
aes-set-key-internal.c
aes-set-key-internal.c
+63
-0
aes.h
aes.h
+92
-8
aes128-meta.c
aes128-meta.c
+57
-0
aes128-set-decrypt-key.c
aes128-set-decrypt-key.c
+46
-0
aes128-set-encrypt-key.c
aes128-set-encrypt-key.c
+12
-12
aes192-meta.c
aes192-meta.c
+57
-0
aes192-set-decrypt-key.c
aes192-set-decrypt-key.c
+46
-0
aes192-set-encrypt-key.c
aes192-set-encrypt-key.c
+38
-0
aes256-meta.c
aes256-meta.c
+57
-0
aes256-set-decrypt-key.c
aes256-set-decrypt-key.c
+46
-0
aes256-set-encrypt-key.c
aes256-set-encrypt-key.c
+38
-0
arm/aes-decrypt-internal.asm
arm/aes-decrypt-internal.asm
+48
-37
arm/aes-encrypt-internal.asm
arm/aes-encrypt-internal.asm
+49
-38
arm/v6/aes-decrypt-internal.asm
arm/v6/aes-decrypt-internal.asm
+34
-20
arm/v6/aes-encrypt-internal.asm
arm/v6/aes-encrypt-internal.asm
+35
-19
nettle-internal.c
nettle-internal.c
+10
-0
nettle-internal.h
nettle-internal.h
+4
-0
sparc32/aes-decrypt-internal.asm
sparc32/aes-decrypt-internal.asm
+17
-15
sparc32/aes-encrypt-internal.asm
sparc32/aes-encrypt-internal.asm
+17
-15
sparc64/aes-decrypt-internal.asm
sparc64/aes-decrypt-internal.asm
+18
-16
sparc64/aes-encrypt-internal.asm
sparc64/aes-encrypt-internal.asm
+19
-17
testsuite/aes-test.c
testsuite/aes-test.c
+82
-70
umac-set-key.c
umac-set-key.c
+6
-6
umac.h
umac.h
+3
-3
umac128.c
umac128.c
+2
-2
umac32.c
umac32.c
+2
-2
umac64.c
umac64.c
+2
-2
umac96.c
umac96.c
+2
-2
x86/aes-decrypt-internal.asm
x86/aes-decrypt-internal.asm
+20
-21
x86/aes-encrypt-internal.asm
x86/aes-encrypt-internal.asm
+19
-20
x86_64/aes-decrypt-internal.asm
x86_64/aes-decrypt-internal.asm
+32
-28
x86_64/aes-encrypt-internal.asm
x86_64/aes-encrypt-internal.asm
+31
-27
yarrow.h
yarrow.h
+1
-1
yarrow256.c
yarrow256.c
+5
-5
No files found.
ChangeLog
View file @
fd976f57
2013-09-28 Niels Möller <nisse@lysator.liu.se>
* Merge aes-reorg branch. Changes below,
dated 2013-05-17 - 2013-08-13.
2013-08-13 Niels Möller <nisse@lysator.liu.se>
* yarrow.h (struct yarrow256_ctx): Use aes256_ctx, not aes_ctx.
* yarrow256.c: Adapted to use new aes256 interface.
2013-08-07 Niels Möller <nisse@lysator.liu.se>
* umac.h (_UMAC_STATE): Use struct aes128_ctx, not aes_ctx.
* umac-set-key.c (umac_kdf, _umac_set_key): Use aes128 interface.
* umac32.c (umac32_digest): Likewise.
* umac64.c (umac64_digest): Likewise.
* umac96.c (umac96_digest): Likewise.
* umac128.c (umac128_digest): Likewise.
2013-06-25 Niels Möller <nisse@lysator.liu.se>
* aes-meta.c: Deleted file.
Analogous changes for new aes192 and aes256 interface.
* aes.h (struct aes128_ctx): New aes128 declarations.
* aes-decrypt.c (aes128_decrypt): New function.
* aes-encrypt.c (aes128_encrypt): New function.
* aes128-meta.c: New file.
* aes128-set-encrypt-key.c (aes128_set_encrypt_key): New file and
function.
* aes128-set-decrypt-key.c (aes128_set_decrypt_key)
(aes128_invert_key): New file and functions.
* Makefile.in (nettle_SOURCES): Added aes128-set-encrypt-key.c,
aes128-set-decrypt-key.c and aes128-meta.c.
* nettle-internal.c (nettle_unified_aes128): For testing the old
AES interface.
* testsuite/aes-test.c (test_cipher2): New function.
(test_main): Test both nettle_aes128 and nettle_unified_aes128.
2013-05-22 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added aes-invert-internal.c and
aes-set-key-internal.c.
* aes.h (AES128_KEY_SIZE, _AES128_ROUNDS): New constants.
Similarly also for aes192 and aes256.
* aes-internal.h: Declare new functions.
* aes-set-key-internal.c (_aes_set_key): New file and funxtion
extracted from aes_set_encrypt_key.
* aes-set-encrypt-key.c (aes_set_encrypt_key): Use _aes_set_key.
* aes-invert-internal.c (_aes_invert): New file and function,
extracted from aes_invert_key.
* aes-set-decrypt-key.c (aes_invert_key): Use _aes_invert.
* arm/v6/aes-encrypt-internal.asm: Adapted to new interface.
Unfortunately, 4% slowdown on Cortex-A9, for unknown reason.
* arm/v6/aes-decrypt-internal.asm: Likewise.
* arm/aes-encrypt-internal.asm: Adapted to new interface.
* arm/aes-decrypt-internal.asm: Likewise.
2013-05-21 Niels Möller <nisse@lysator.liu.se>
* sparc32/aes-encrypt-internal.asm: Adapted to new interface.
* sparc32/aes-decrypt-internal.asm: Likewise.
* sparc64/aes-encrypt-internal.asm: Likewise.
* sparc64/aes-decrypt-internal.asm: Likewise.
* x86/aes-encrypt-internal.asm: Adapted to new interface.
* x86/aes-decrypt-internal.asm: Likewise.
2013-05-20 Niels Möller <nisse@lysator.liu.se>
* x86_64/aes-encrypt-internal.asm: Adapted to new interface.
* x86_64/aes-decrypt-internal.asm: Likewise.
2013-05-17 Niels Möller <nisse@lysator.liu.se>
* aes.h (struct aes_ctx): Renamed nrounds to rounds, and moved
first in the structure.
* aes-set-encrypt-key.c (aes_set_encrypt_key): Updated for renaming.
* aes-set-decrypt-key.c (aes_invert_key): Likewise.
* aes-encrypt-internal.c (_nettle_aes_encrypt): Take rounds and
subkeys as separate arguments, not a struct aes_ctx *. Updated
callers.
* aes-decrypt-internal.c (_nettle_aes_decrypt): Likewise.
* aes-internal.h: Updated prototypes.
* Start of aes-reorg changes.
2013-09-28 Niels Möller <nisse@lysator.liu.se>
* md4.h (struct md4_ctx): Use single uint64_t variable for block
...
...
Makefile.in
View file @
fd976f57
...
...
@@ -64,7 +64,14 @@ all-here: $(TARGETS) $(DOCTARGETS)
nettle_SOURCES
=
aes-decrypt-internal.c aes-decrypt.c
\
aes-encrypt-internal.c aes-encrypt.c aes-encrypt-table.c
\
aes-set-encrypt-key.c aes-set-decrypt-key.c aes-meta.c
\
aes-invert-internal.c aes-set-key-internal.c
\
aes-set-encrypt-key.c aes-set-decrypt-key.c
\
aes128-set-encrypt-key.c aes128-set-decrypt-key.c
\
aes128-meta.c
\
aes192-set-encrypt-key.c aes192-set-decrypt-key.c
\
aes192-meta.c
\
aes256-set-encrypt-key.c aes256-set-decrypt-key.c
\
aes256-meta.c
\
arcfour.c arcfour-crypt.c arcfour-meta.c
\
arctwo.c arctwo-meta.c gosthash94-meta.c
\
base16-encode.c base16-decode.c base16-meta.c
\
...
...
aes-decrypt-internal.c
View file @
fd976f57
...
...
@@ -5,7 +5,7 @@
/* nettle, low-level cryptographics library
*
* Copyright (C) 2002 Niels Möller
* Copyright (C) 2002
, 2013
Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
...
...
@@ -33,7 +33,7 @@
#include "macros.h"
void
_nettle_aes_decrypt
(
const
struct
aes_ctx
*
ctx
,
_nettle_aes_decrypt
(
unsigned
rounds
,
const
uint32_t
*
keys
,
const
struct
aes_table
*
T
,
size_t
length
,
uint8_t
*
dst
,
const
uint8_t
*
src
)
...
...
@@ -42,22 +42,22 @@ _nettle_aes_decrypt(const struct aes_ctx *ctx,
{
uint32_t
w0
,
w1
,
w2
,
w3
;
/* working ciphertext */
uint32_t
t0
,
t1
,
t2
,
t3
;
unsigned
round
;
unsigned
i
;
/* Get clear text, using little-endian byte order.
* Also XOR with the first subkey. */
w0
=
LE_READ_UINT32
(
src
)
^
ctx
->
keys
[
0
];
w1
=
LE_READ_UINT32
(
src
+
4
)
^
ctx
->
keys
[
1
];
w2
=
LE_READ_UINT32
(
src
+
8
)
^
ctx
->
keys
[
2
];
w3
=
LE_READ_UINT32
(
src
+
12
)
^
ctx
->
keys
[
3
];
w0
=
LE_READ_UINT32
(
src
)
^
keys
[
0
];
w1
=
LE_READ_UINT32
(
src
+
4
)
^
keys
[
1
];
w2
=
LE_READ_UINT32
(
src
+
8
)
^
keys
[
2
];
w3
=
LE_READ_UINT32
(
src
+
12
)
^
keys
[
3
];
for
(
round
=
1
;
round
<
ctx
->
n
rounds
;
round
++
)
for
(
i
=
1
;
i
<
rounds
;
i
++
)
{
t0
=
AES_ROUND
(
T
,
w0
,
w3
,
w2
,
w1
,
ctx
->
keys
[
4
*
round
]);
t1
=
AES_ROUND
(
T
,
w1
,
w0
,
w3
,
w2
,
ctx
->
keys
[
4
*
round
+
1
]);
t2
=
AES_ROUND
(
T
,
w2
,
w1
,
w0
,
w3
,
ctx
->
keys
[
4
*
round
+
2
]);
t3
=
AES_ROUND
(
T
,
w3
,
w2
,
w1
,
w0
,
ctx
->
keys
[
4
*
round
+
3
]);
t0
=
AES_ROUND
(
T
,
w0
,
w3
,
w2
,
w1
,
keys
[
4
*
i
]);
t1
=
AES_ROUND
(
T
,
w1
,
w0
,
w3
,
w2
,
keys
[
4
*
i
+
1
]);
t2
=
AES_ROUND
(
T
,
w2
,
w1
,
w0
,
w3
,
keys
[
4
*
i
+
2
]);
t3
=
AES_ROUND
(
T
,
w3
,
w2
,
w1
,
w0
,
keys
[
4
*
i
+
3
]);
/* We could unroll the loop twice, to avoid these
assignments. If all eight variables fit in registers,
...
...
@@ -70,14 +70,14 @@ _nettle_aes_decrypt(const struct aes_ctx *ctx,
/* Final round */
t0
=
AES_FINAL_ROUND
(
T
,
w0
,
w3
,
w2
,
w1
,
ctx
->
keys
[
4
*
round
]);
t1
=
AES_FINAL_ROUND
(
T
,
w1
,
w0
,
w3
,
w2
,
ctx
->
keys
[
4
*
round
+
1
]);
t2
=
AES_FINAL_ROUND
(
T
,
w2
,
w1
,
w0
,
w3
,
ctx
->
keys
[
4
*
round
+
2
]);
t3
=
AES_FINAL_ROUND
(
T
,
w3
,
w2
,
w1
,
w0
,
ctx
->
keys
[
4
*
round
+
3
]);
t0
=
AES_FINAL_ROUND
(
T
,
w0
,
w3
,
w2
,
w1
,
keys
[
4
*
i
]);
t1
=
AES_FINAL_ROUND
(
T
,
w1
,
w0
,
w3
,
w2
,
keys
[
4
*
i
+
1
]);
t2
=
AES_FINAL_ROUND
(
T
,
w2
,
w1
,
w0
,
w3
,
keys
[
4
*
i
+
2
]);
t3
=
AES_FINAL_ROUND
(
T
,
w3
,
w2
,
w1
,
w0
,
keys
[
4
*
i
+
3
]);
LE_WRITE_UINT32
(
dst
,
t0
);
LE_WRITE_UINT32
(
dst
+
8
,
t2
);
LE_WRITE_UINT32
(
dst
+
4
,
t1
);
LE_WRITE_UINT32
(
dst
+
8
,
t2
);
LE_WRITE_UINT32
(
dst
+
12
,
t3
);
}
}
aes-decrypt.c
View file @
fd976f57
...
...
@@ -5,7 +5,7 @@
/* nettle, low-level cryptographics library
*
* Copyright (C) 2002 Niels Möller
* Copyright (C) 2002
, 2013
Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
...
...
@@ -342,6 +342,36 @@ aes_decrypt(const struct aes_ctx *ctx,
const
uint8_t
*
src
)
{
assert
(
!
(
length
%
AES_BLOCK_SIZE
)
);
_aes_decrypt
(
ctx
,
&
_aes_decrypt_table
,
_aes_decrypt
(
ctx
->
rounds
,
ctx
->
keys
,
&
_aes_decrypt_table
,
length
,
dst
,
src
);
}
void
aes128_decrypt
(
const
struct
aes128_ctx
*
ctx
,
size_t
length
,
uint8_t
*
dst
,
const
uint8_t
*
src
)
{
assert
(
!
(
length
%
AES_BLOCK_SIZE
)
);
_aes_decrypt
(
_AES128_ROUNDS
,
ctx
->
keys
,
&
_aes_decrypt_table
,
length
,
dst
,
src
);
}
void
aes192_decrypt
(
const
struct
aes192_ctx
*
ctx
,
size_t
length
,
uint8_t
*
dst
,
const
uint8_t
*
src
)
{
assert
(
!
(
length
%
AES_BLOCK_SIZE
)
);
_aes_decrypt
(
_AES192_ROUNDS
,
ctx
->
keys
,
&
_aes_decrypt_table
,
length
,
dst
,
src
);
}
void
aes256_decrypt
(
const
struct
aes256_ctx
*
ctx
,
size_t
length
,
uint8_t
*
dst
,
const
uint8_t
*
src
)
{
assert
(
!
(
length
%
AES_BLOCK_SIZE
)
);
_aes_decrypt
(
_AES256_ROUNDS
,
ctx
->
keys
,
&
_aes_decrypt_table
,
length
,
dst
,
src
);
}
aes-encrypt-internal.c
View file @
fd976f57
...
...
@@ -5,7 +5,7 @@
/* nettle, low-level cryptographics library
*
* Copyright (C) 2002 Niels Möller
* Copyright (C) 2002
, 2013
Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
...
...
@@ -33,7 +33,7 @@
#include "macros.h"
void
_nettle_aes_encrypt
(
const
struct
aes_ctx
*
ctx
,
_nettle_aes_encrypt
(
unsigned
rounds
,
const
uint32_t
*
keys
,
const
struct
aes_table
*
T
,
size_t
length
,
uint8_t
*
dst
,
const
uint8_t
*
src
)
...
...
@@ -42,22 +42,22 @@ _nettle_aes_encrypt(const struct aes_ctx *ctx,
{
uint32_t
w0
,
w1
,
w2
,
w3
;
/* working ciphertext */
uint32_t
t0
,
t1
,
t2
,
t3
;
unsigned
round
;
unsigned
i
;
/* Get clear text, using little-endian byte order.
* Also XOR with the first subkey. */
w0
=
LE_READ_UINT32
(
src
)
^
ctx
->
keys
[
0
];
w1
=
LE_READ_UINT32
(
src
+
4
)
^
ctx
->
keys
[
1
];
w2
=
LE_READ_UINT32
(
src
+
8
)
^
ctx
->
keys
[
2
];
w3
=
LE_READ_UINT32
(
src
+
12
)
^
ctx
->
keys
[
3
];
w0
=
LE_READ_UINT32
(
src
)
^
keys
[
0
];
w1
=
LE_READ_UINT32
(
src
+
4
)
^
keys
[
1
];
w2
=
LE_READ_UINT32
(
src
+
8
)
^
keys
[
2
];
w3
=
LE_READ_UINT32
(
src
+
12
)
^
keys
[
3
];
for
(
round
=
1
;
round
<
ctx
->
n
rounds
;
round
++
)
for
(
i
=
1
;
i
<
rounds
;
i
++
)
{
t0
=
AES_ROUND
(
T
,
w0
,
w1
,
w2
,
w3
,
ctx
->
keys
[
4
*
round
]);
t1
=
AES_ROUND
(
T
,
w1
,
w2
,
w3
,
w0
,
ctx
->
keys
[
4
*
round
+
1
]);
t2
=
AES_ROUND
(
T
,
w2
,
w3
,
w0
,
w1
,
ctx
->
keys
[
4
*
round
+
2
]);
t3
=
AES_ROUND
(
T
,
w3
,
w0
,
w1
,
w2
,
ctx
->
keys
[
4
*
round
+
3
]);
t0
=
AES_ROUND
(
T
,
w0
,
w1
,
w2
,
w3
,
keys
[
4
*
i
]);
t1
=
AES_ROUND
(
T
,
w1
,
w2
,
w3
,
w0
,
keys
[
4
*
i
+
1
]);
t2
=
AES_ROUND
(
T
,
w2
,
w3
,
w0
,
w1
,
keys
[
4
*
i
+
2
]);
t3
=
AES_ROUND
(
T
,
w3
,
w0
,
w1
,
w2
,
keys
[
4
*
i
+
3
]);
/* We could unroll the loop twice, to avoid these
assignments. If all eight variables fit in registers,
...
...
@@ -70,14 +70,14 @@ _nettle_aes_encrypt(const struct aes_ctx *ctx,
/* Final round */
t0
=
AES_FINAL_ROUND
(
T
,
w0
,
w1
,
w2
,
w3
,
ctx
->
keys
[
4
*
round
]);
t1
=
AES_FINAL_ROUND
(
T
,
w1
,
w2
,
w3
,
w0
,
ctx
->
keys
[
4
*
round
+
1
]);
t2
=
AES_FINAL_ROUND
(
T
,
w2
,
w3
,
w0
,
w1
,
ctx
->
keys
[
4
*
round
+
2
]);
t3
=
AES_FINAL_ROUND
(
T
,
w3
,
w0
,
w1
,
w2
,
ctx
->
keys
[
4
*
round
+
3
]);
t0
=
AES_FINAL_ROUND
(
T
,
w0
,
w1
,
w2
,
w3
,
keys
[
4
*
i
]);
t1
=
AES_FINAL_ROUND
(
T
,
w1
,
w2
,
w3
,
w0
,
keys
[
4
*
i
+
1
]);
t2
=
AES_FINAL_ROUND
(
T
,
w2
,
w3
,
w0
,
w1
,
keys
[
4
*
i
+
2
]);
t3
=
AES_FINAL_ROUND
(
T
,
w3
,
w0
,
w1
,
w2
,
keys
[
4
*
i
+
3
]);
LE_WRITE_UINT32
(
dst
,
t0
);
LE_WRITE_UINT32
(
dst
+
8
,
t2
);
LE_WRITE_UINT32
(
dst
+
4
,
t1
);
LE_WRITE_UINT32
(
dst
+
8
,
t2
);
LE_WRITE_UINT32
(
dst
+
12
,
t3
);
}
}
...
...
aes-encrypt.c
View file @
fd976f57
...
...
@@ -5,7 +5,7 @@
/* nettle, low-level cryptographics library
*
* Copyright (C) 2002 Niels Möller
* Copyright (C) 2002
, 2013
Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
...
...
@@ -40,6 +40,36 @@ aes_encrypt(const struct aes_ctx *ctx,
const
uint8_t
*
src
)
{
assert
(
!
(
length
%
AES_BLOCK_SIZE
)
);
_aes_encrypt
(
ctx
,
&
_aes_encrypt_table
,
_aes_encrypt
(
ctx
->
rounds
,
ctx
->
keys
,
&
_aes_encrypt_table
,
length
,
dst
,
src
);
}
void
aes128_encrypt
(
const
struct
aes128_ctx
*
ctx
,
size_t
length
,
uint8_t
*
dst
,
const
uint8_t
*
src
)
{
assert
(
!
(
length
%
AES_BLOCK_SIZE
)
);
_aes_encrypt
(
_AES128_ROUNDS
,
ctx
->
keys
,
&
_aes_encrypt_table
,
length
,
dst
,
src
);
}
void
aes192_encrypt
(
const
struct
aes192_ctx
*
ctx
,
size_t
length
,
uint8_t
*
dst
,
const
uint8_t
*
src
)
{
assert
(
!
(
length
%
AES_BLOCK_SIZE
)
);
_aes_encrypt
(
_AES192_ROUNDS
,
ctx
->
keys
,
&
_aes_encrypt_table
,
length
,
dst
,
src
);
}
void
aes256_encrypt
(
const
struct
aes256_ctx
*
ctx
,
size_t
length
,
uint8_t
*
dst
,
const
uint8_t
*
src
)
{
assert
(
!
(
length
%
AES_BLOCK_SIZE
)
);
_aes_encrypt
(
_AES256_ROUNDS
,
ctx
->
keys
,
&
_aes_encrypt_table
,
length
,
dst
,
src
);
}
aes-internal.h
View file @
fd976f57
...
...
@@ -5,7 +5,7 @@
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels Möller
* Copyright (C) 2001
, 2013
Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
...
...
@@ -29,6 +29,8 @@
#include "aes.h"
/* Name mangling */
#define _aes_set_key _nettle_aes_set_key
#define _aes_invert _nettle_aes_invert
#define _aes_encrypt _nettle_aes_encrypt
#define _aes_decrypt _nettle_aes_decrypt
#define _aes_encrypt_table _nettle_aes_encrypt_table
...
...
@@ -51,13 +53,20 @@ struct aes_table
};
void
_aes_encrypt
(
const
struct
aes_ctx
*
ctx
,
_aes_set_key
(
unsigned
nr
,
unsigned
nk
,
uint32_t
*
subkeys
,
const
uint8_t
*
key
);
void
_aes_invert
(
unsigned
rounds
,
uint32_t
*
dst
,
const
uint32_t
*
src
);
void
_aes_encrypt
(
unsigned
rounds
,
const
uint32_t
*
keys
,
const
struct
aes_table
*
T
,
size_t
length
,
uint8_t
*
dst
,
const
uint8_t
*
src
);
void
_aes_decrypt
(
const
struct
aes_ctx
*
ctx
,
_aes_decrypt
(
unsigned
rounds
,
const
uint32_t
*
keys
,
const
struct
aes_table
*
T
,
size_t
length
,
uint8_t
*
dst
,
const
uint8_t
*
src
);
...
...
aes-invert-internal.c
0 → 100644
View file @
fd976f57
/* aes-invert-internal.c
*
* Inverse key setup for the aes/rijndael block cipher.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2000, 2001, 2002, Rafael R. Sevilla, Niels Möller
* Copyright (C) 2013 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
/* Originally written by Rafael R. Sevilla <dido@pacific.net.ph> */
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include "aes-internal.h"
#include "macros.h"
/* NOTE: We don't include rotated versions of the table. */
static
const
uint32_t
mtable
[
0x100
]
=
{
0x00000000
,
0x0b0d090e
,
0x161a121c
,
0x1d171b12
,
0x2c342438
,
0x27392d36
,
0x3a2e3624
,
0x31233f2a
,
0x58684870
,
0x5365417e
,
0x4e725a6c
,
0x457f5362
,
0x745c6c48
,
0x7f516546
,
0x62467e54
,
0x694b775a
,
0xb0d090e0
,
0xbbdd99ee
,
0xa6ca82fc
,
0xadc78bf2
,
0x9ce4b4d8
,
0x97e9bdd6
,
0x8afea6c4
,
0x81f3afca
,
0xe8b8d890
,
0xe3b5d19e
,
0xfea2ca8c
,
0xf5afc382
,
0xc48cfca8
,
0xcf81f5a6
,
0xd296eeb4
,
0xd99be7ba
,
0x7bbb3bdb
,
0x70b632d5
,
0x6da129c7
,
0x66ac20c9
,
0x578f1fe3
,
0x5c8216ed
,
0x41950dff
,
0x4a9804f1
,
0x23d373ab
,
0x28de7aa5
,
0x35c961b7
,
0x3ec468b9
,
0x0fe75793
,
0x04ea5e9d
,
0x19fd458f
,
0x12f04c81
,
0xcb6bab3b
,
0xc066a235
,
0xdd71b927
,
0xd67cb029
,
0xe75f8f03
,
0xec52860d
,
0xf1459d1f
,
0xfa489411
,
0x9303e34b
,
0x980eea45
,
0x8519f157
,
0x8e14f859
,
0xbf37c773
,
0xb43ace7d
,
0xa92dd56f
,
0xa220dc61
,
0xf66d76ad
,
0xfd607fa3
,
0xe07764b1
,
0xeb7a6dbf
,
0xda595295
,
0xd1545b9b
,
0xcc434089
,
0xc74e4987
,
0xae053edd
,
0xa50837d3
,
0xb81f2cc1
,
0xb31225cf
,
0x82311ae5
,
0x893c13eb
,
0x942b08f9
,
0x9f2601f7
,
0x46bde64d
,
0x4db0ef43
,
0x50a7f451
,
0x5baafd5f
,
0x6a89c275
,
0x6184cb7b
,
0x7c93d069
,
0x779ed967
,
0x1ed5ae3d
,
0x15d8a733
,
0x08cfbc21
,
0x03c2b52f
,
0x32e18a05
,
0x39ec830b
,
0x24fb9819
,
0x2ff69117
,
0x8dd64d76
,
0x86db4478
,
0x9bcc5f6a
,
0x90c15664
,
0xa1e2694e
,
0xaaef6040
,
0xb7f87b52
,
0xbcf5725c
,
0xd5be0506
,
0xdeb30c08
,
0xc3a4171a
,
0xc8a91e14
,
0xf98a213e
,
0xf2872830
,
0xef903322
,
0xe49d3a2c
,
0x3d06dd96
,
0x360bd498
,
0x2b1ccf8a
,
0x2011c684
,
0x1132f9ae
,
0x1a3ff0a0
,
0x0728ebb2
,
0x0c25e2bc
,
0x656e95e6
,
0x6e639ce8
,
0x737487fa
,
0x78798ef4
,
0x495ab1de
,
0x4257b8d0
,
0x5f40a3c2
,
0x544daacc
,
0xf7daec41
,
0xfcd7e54f
,
0xe1c0fe5d
,
0xeacdf753
,
0xdbeec879
,
0xd0e3c177
,
0xcdf4da65
,
0xc6f9d36b
,
0xafb2a431
,
0xa4bfad3f
,
0xb9a8b62d
,
0xb2a5bf23
,
0x83868009
,
0x888b8907
,
0x959c9215
,
0x9e919b1b
,
0x470a7ca1
,
0x4c0775af
,
0x51106ebd
,
0x5a1d67b3
,
0x6b3e5899
,
0x60335197
,
0x7d244a85
,
0x7629438b
,
0x1f6234d1
,
0x146f3ddf
,
0x097826cd
,
0x02752fc3
,
0x335610e9
,
0x385b19e7
,
0x254c02f5
,
0x2e410bfb
,
0x8c61d79a
,
0x876cde94
,
0x9a7bc586
,
0x9176cc88
,
0xa055f3a2
,
0xab58faac
,
0xb64fe1be
,
0xbd42e8b0
,
0xd4099fea
,
0xdf0496e4
,
0xc2138df6
,
0xc91e84f8
,
0xf83dbbd2
,
0xf330b2dc
,
0xee27a9ce
,
0xe52aa0c0
,
0x3cb1477a
,
0x37bc4e74
,
0x2aab5566
,
0x21a65c68
,
0x10856342
,
0x1b886a4c
,
0x069f715e
,
0x0d927850
,
0x64d90f0a
,
0x6fd40604
,
0x72c31d16
,
0x79ce1418
,
0x48ed2b32
,
0x43e0223c
,
0x5ef7392e
,
0x55fa3020
,
0x01b79aec
,
0x0aba93e2
,
0x17ad88f0
,
0x1ca081fe
,
0x2d83bed4
,
0x268eb7da
,
0x3b99acc8
,
0x3094a5c6
,
0x59dfd29c
,
0x52d2db92
,
0x4fc5c080
,
0x44c8c98e
,
0x75ebf6a4
,
0x7ee6ffaa
,
0x63f1e4b8
,
0x68fcedb6
,
0xb1670a0c
,
0xba6a0302
,
0xa77d1810
,
0xac70111e
,
0x9d532e34
,
0x965e273a
,
0x8b493c28
,
0x80443526
,
0xe90f427c
,
0xe2024b72
,
0xff155060
,
0xf418596e
,
0xc53b6644
,
0xce366f4a
,
0xd3217458
,
0xd82c7d56
,
0x7a0ca137
,
0x7101a839
,
0x6c16b32b
,
0x671bba25
,
0x5638850f
,
0x5d358c01
,
0x40229713
,
0x4b2f9e1d
,
0x2264e947
,
0x2969e049
,
0x347efb5b
,
0x3f73f255
,
0x0e50cd7f
,
0x055dc471
,
0x184adf63
,
0x1347d66d
,
0xcadc31d7
,
0xc1d138d9
,
0xdcc623cb
,
0xd7cb2ac5
,
0xe6e815ef
,
0xede51ce1
,
0xf0f207f3
,
0xfbff0efd
,
0x92b479a7
,
0x99b970a9
,
0x84ae6bbb
,
0x8fa362b5
,
0xbe805d9f
,
0xb58d5491
,
0xa89a4f83
,
0xa397468d
,
};
#define MIX_COLUMN(T, key) do { \
uint32_t _k, _nk, _t; \
_k = (key); \
_nk = T[_k & 0xff]; \
_k >>= 8; \
_t = T[_k & 0xff]; \
_nk ^= ROTL32(8, _t); \
_k >>= 8; \
_t = T[_k & 0xff]; \
_nk ^= ROTL32(16, _t); \
_k >>= 8; \
_t = T[_k & 0xff]; \
_nk ^= ROTL32(24, _t); \
(key) = _nk; \
} while(0)
#define SWAP(a, b) \
do { uint32_t t_swap = (a); (a) = (b); (b) = t_swap; } while(0)
void
_aes_invert
(
unsigned
rounds
,
uint32_t
*
dst
,
const
uint32_t
*
src
)
{
unsigned
i
;
/* Reverse the order of subkeys, in groups of 4. */
/* FIXME: Instead of reordering the subkeys, change the access order
of aes_decrypt, since it's a separate function anyway? */
if
(
src
==
dst
)
{
unsigned
j
,
k
;
for
(
i
=
0
,
j
=
rounds
*
4
;
i
<
j
;
i
+=
4
,
j
-=
4
)
for
(
k
=
0
;
k
<
4
;
k
++
)
SWAP
(
dst
[
i
+
k
],
dst
[
j
+
k
]);
}
else
{
unsigned
k
;
for
(
i
=
0
;
i
<=
rounds
*
4
;
i
+=
4
)
for
(
k
=
0
;
k
<
4
;
k
++
)
dst
[
i
+
k
]
=
src
[
rounds
*
4
-
i
+
k
];
}
/* Transform all subkeys but the first and last. */
for
(
i
=
4
;
i
<
4
*
rounds
;
i
++
)
MIX_COLUMN
(
mtable
,
dst
[
i
]);
}
aes-set-decrypt-key.c
View file @
fd976f57
...
...
@@ -6,6 +6,7 @@
/* nettle, low-level cryptographics library
*
* Copyright (C) 2000, 2001, 2002 Rafael R. Sevilla, Niels Möller
* Copyright (C) 2013 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
...
...
@@ -31,132 +32,12 @@
#include "aes-internal.h"
#include "macros.h"
/* NOTE: We don't include rotated versions of the table. */
static
const
uint32_t
mtable
[
0x100
]
=
{
0x00000000
,
0x0b0d090e
,
0x161a121c
,
0x1d171b12
,
0x2c342438
,
0x27392d36
,
0x3a2e3624
,
0x31233f2a
,
0x58684870
,
0x5365417e
,
0x4e725a6c
,
0x457f5362
,
0x745c6c48
,
0x7f516546
,
0x62467e54
,
0x694b775a
,
0xb0d090e0
,
0xbbdd99ee
,
0xa6ca82fc
,
0xadc78bf2
,
0x9ce4b4d8
,
0x97e9bdd6
,
0x8afea6c4
,
0x81f3afca
,
0xe8b8d890
,
0xe3b5d19e
,
0xfea2ca8c
,
0xf5afc382
,
0xc48cfca8
,
0xcf81f5a6
,
0xd296eeb4
,
0xd99be7ba
,
0x7bbb3bdb
,
0x70b632d5
,
0x6da129c7
,
0x66ac20c9
,
0x578f1fe3
,
0x5c8216ed
,
0x41950dff
,
0x4a9804f1
,
0x23d373ab
,
0x28de7aa5
,
0x35c961b7
,
0x3ec468b9
,
0x0fe75793
,
0x04ea5e9d
,
0x19fd458f
,
0x12f04c81
,
0xcb6bab3b
,
0xc066a235
,
0xdd71b927
,
0xd67cb029
,
0xe75f8f03
,
0xec52860d
,
0xf1459d1f
,
0xfa489411
,
0x9303e34b
,
0x980eea45
,
0x8519f157
,
0x8e14f859
,
0xbf37c773
,
0xb43ace7d
,
0xa92dd56f
,
0xa220dc61
,
0xf66d76ad
,
0xfd607fa3
,
0xe07764b1
,
0xeb7a6dbf
,
0xda595295
,
0xd1545b9b
,
0xcc434089
,
0xc74e4987
,
0xae053edd
,
0xa50837d3
,
0xb81f2cc1
,
0xb31225cf
,
0x82311ae5
,
0x893c13eb
,
0x942b08f9
,
0x9f2601f7
,
0x46bde64d
,
0x4db0ef43
,
0x50a7f451
,
0x5baafd5f
,
0x6a89c275
,
0x6184cb7b
,
0x7c93d069
,
0x779ed967
,
0x1ed5ae3d
,
0x15d8a733
,
0x08cfbc21
,
0x03c2b52f
,
0x32e18a05
,
0x39ec830b
,
0x24fb9819
,
0x2ff69117
,
0x8dd64d76
,
0x86db4478
,
0x9bcc5f6a
,
0x90c15664
,
0xa1e2694e
,
0xaaef6040
,
0xb7f87b52
,
0xbcf5725c
,
0xd5be0506
,
0xdeb30c08
,
0xc3a4171a
,
0xc8a91e14
,
0xf98a213e
,
0xf2872830
,
0xef903322
,
0xe49d3a2c
,
0x3d06dd96
,
0x360bd498
,
0x2b1ccf8a
,
0x2011c684
,
0x1132f9ae
,
0x1a3ff0a0
,
0x0728ebb2
,
0x0c25e2bc
,
0x656e95e6
,
0x6e639ce8
,
0x737487fa
,
0x78798ef4
,
0x495ab1de
,
0x4257b8d0
,
0x5f40a3c2
,
0x544daacc
,
0xf7daec41
,
0xfcd7e54f
,
0xe1c0fe5d
,
0xeacdf753
,
0xdbeec879
,
0xd0e3c177
,
0xcdf4da65
,
0xc6f9d36b
,
0xafb2a431
,
0xa4bfad3f
,
0xb9a8b62d
,
0xb2a5bf23
,
0x83868009
,
0x888b8907
,
0x959c9215
,
0x9e919b1b
,
0x470a7ca1
,
0x4c0775af
,
0x51106ebd
,
0x5a1d67b3
,
0x6b3e5899
,
0x60335197
,
0x7d244a85
,
0x7629438b
,
0x1f6234d1
,
0x146f3ddf
,
0x097826cd
,
0x02752fc3
,
0x335610e9
,
0x385b19e7
,
0x254c02f5
,
0x2e410bfb
,
0x8c61d79a
,
0x876cde94
,
0x9a7bc586
,
0x9176cc88
,
0xa055f3a2
,
0xab58faac
,
0xb64fe1be
,
0xbd42e8b0
,