Separate rounds and key arguments to _aes_encrypt and _aes_decrypt.

ff29d0a9 · Niels Möller · 982961a5 · ff29d0a9 · ff29d0a9 · ff29d0a9
Commit ff29d0a9 authored May 17, 2013 by Niels Möller
--- a/ChangeLog
+++ b/ChangeLog
 2013-05-17  Niels Möller  <nisse@lysator.liu.se>

+	* aes-encrypt-internal.c (_nettle_aes_encrypt): Take rounds and
+	subkeys as separate arguments, not a struct aes_ctx *. Updated
+	callers.
+	* aes-decrypt-internal.c (_nettle_aes_decrypt): Likewise.
+	* aes-internal.h: Updated prototypes.
+
 	* macros.h (ROTL32, ROTL64): Avoid undefined behaviour for zero
 	rotation count. Unfortunately makes CAST128 a bit slower with
 	gcc-4.6.3.

--- a/aes-decrypt-internal.c
+++ b/aes-decrypt-internal.c
@@ -5,7 +5,7 @@

 /* nettle, low-level cryptographics library
 *
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002, 2013 Niels Möller
 *  
 * The nettle library is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
@@ -33,7 +33,7 @@
 #include "macros.h"

 void
-_nettle_aes_decrypt(const struct aes_ctx *ctx,
+_nettle_aes_decrypt(unsigned rounds, const uint32_t *keys,
 		    const struct aes_table *T,
 		    size_t length, uint8_t *dst,
 		    const uint8_t *src)
@@ -42,22 +42,22 @@ _nettle_aes_decrypt(const struct aes_ctx *ctx,
    {
      uint32_t w0, w1, w2, w3;		/* working ciphertext */
      uint32_t t0, t1, t2, t3;
-      unsigned round;
+      unsigned i;
      
      /* Get clear text, using little-endian byte order.
       * Also XOR with the first subkey. */

-      w0 = LE_READ_UINT32(src)      ^ ctx->keys[0];
-      w1 = LE_READ_UINT32(src + 4)  ^ ctx->keys[1];
-      w2 = LE_READ_UINT32(src + 8)  ^ ctx->keys[2];
-      w3 = LE_READ_UINT32(src + 12) ^ ctx->keys[3];
+      w0 = LE_READ_UINT32(src)      ^ keys[0];
+      w1 = LE_READ_UINT32(src + 4)  ^ keys[1];
+      w2 = LE_READ_UINT32(src + 8)  ^ keys[2];
+      w3 = LE_READ_UINT32(src + 12) ^ keys[3];

-      for (round = 1; round < ctx->nrounds; round++)
+      for (i = 1; i < rounds; i++)
 	{
-	  t0 = AES_ROUND(T, w0, w3, w2, w1, ctx->keys[4*round]);
-	  t1 = AES_ROUND(T, w1, w0, w3, w2, ctx->keys[4*round + 1]);
-	  t2 = AES_ROUND(T, w2, w1, w0, w3, ctx->keys[4*round + 2]);
-	  t3 = AES_ROUND(T, w3, w2, w1, w0, ctx->keys[4*round + 3]);
+	  t0 = AES_ROUND(T, w0, w3, w2, w1, keys[4*i]);
+	  t1 = AES_ROUND(T, w1, w0, w3, w2, keys[4*i + 1]);
+	  t2 = AES_ROUND(T, w2, w1, w0, w3, keys[4*i + 2]);
+	  t3 = AES_ROUND(T, w3, w2, w1, w0, keys[4*i + 3]);

 	  /* We could unroll the loop twice, to avoid these
 	     assignments. If all eight variables fit in registers,
@@ -70,14 +70,14 @@ _nettle_aes_decrypt(const struct aes_ctx *ctx,

      /* Final round */

-      t0 = AES_FINAL_ROUND(T, w0, w3, w2, w1, ctx->keys[4*round]);
-      t1 = AES_FINAL_ROUND(T, w1, w0, w3, w2, ctx->keys[4*round + 1]);
-      t2 = AES_FINAL_ROUND(T, w2, w1, w0, w3, ctx->keys[4*round + 2]);
-      t3 = AES_FINAL_ROUND(T, w3, w2, w1, w0, ctx->keys[4*round + 3]);
+      t0 = AES_FINAL_ROUND(T, w0, w3, w2, w1, keys[4*i]);
+      t1 = AES_FINAL_ROUND(T, w1, w0, w3, w2, keys[4*i + 1]);
+      t2 = AES_FINAL_ROUND(T, w2, w1, w0, w3, keys[4*i + 2]);
+      t3 = AES_FINAL_ROUND(T, w3, w2, w1, w0, keys[4*i + 3]);

      LE_WRITE_UINT32(dst, t0);
-      LE_WRITE_UINT32(dst + 8, t2);
      LE_WRITE_UINT32(dst + 4, t1);
+      LE_WRITE_UINT32(dst + 8, t2);
      LE_WRITE_UINT32(dst + 12, t3);
    }
 }
--- a/aes-decrypt.c
+++ b/aes-decrypt.c
@@ -5,7 +5,7 @@

 /* nettle, low-level cryptographics library
 *
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002, 2013 Niels Möller
 *  
 * The nettle library is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
@@ -342,6 +342,6 @@ aes_decrypt(const struct aes_ctx *ctx,
 	    const uint8_t *src)
 {
  assert(!(length % AES_BLOCK_SIZE) );
-  _aes_decrypt(ctx, &_aes_decrypt_table,
+  _aes_decrypt(ctx->nrounds, ctx->keys, &_aes_decrypt_table,
 	       length, dst, src);
 }
--- a/aes-encrypt-internal.c
+++ b/aes-encrypt-internal.c
@@ -5,7 +5,7 @@

 /* nettle, low-level cryptographics library
 *
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002, 2013 Niels Möller
 *  
 * The nettle library is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
@@ -33,7 +33,7 @@
 #include "macros.h"

 void
-_nettle_aes_encrypt(const struct aes_ctx *ctx,
+_nettle_aes_encrypt(unsigned rounds, const uint32_t *keys,
 		    const struct aes_table *T,
 		    size_t length, uint8_t *dst,
 		    const uint8_t *src)
@@ -42,22 +42,22 @@ _nettle_aes_encrypt(const struct aes_ctx *ctx,
    {
      uint32_t w0, w1, w2, w3;		/* working ciphertext */
      uint32_t t0, t1, t2, t3;
-      unsigned round;
+      unsigned i;
      
      /* Get clear text, using little-endian byte order.
       * Also XOR with the first subkey. */

-      w0 = LE_READ_UINT32(src)      ^ ctx->keys[0];
-      w1 = LE_READ_UINT32(src + 4)  ^ ctx->keys[1];
-      w2 = LE_READ_UINT32(src + 8)  ^ ctx->keys[2];
-      w3 = LE_READ_UINT32(src + 12) ^ ctx->keys[3];
+      w0 = LE_READ_UINT32(src)      ^ keys[0];
+      w1 = LE_READ_UINT32(src + 4)  ^ keys[1];
+      w2 = LE_READ_UINT32(src + 8)  ^ keys[2];
+      w3 = LE_READ_UINT32(src + 12) ^ keys[3];

-      for (round = 1; round < ctx->nrounds; round++)
+      for (i = 1; i < rounds; i++)
 	{
-	  t0 = AES_ROUND(T, w0, w1, w2, w3, ctx->keys[4*round]);
-	  t1 = AES_ROUND(T, w1, w2, w3, w0, ctx->keys[4*round + 1]);
-	  t2 = AES_ROUND(T, w2, w3, w0, w1, ctx->keys[4*round + 2]);
-	  t3 = AES_ROUND(T, w3, w0, w1, w2, ctx->keys[4*round + 3]);
+	  t0 = AES_ROUND(T, w0, w1, w2, w3, keys[4*i]);
+	  t1 = AES_ROUND(T, w1, w2, w3, w0, keys[4*i + 1]);
+	  t2 = AES_ROUND(T, w2, w3, w0, w1, keys[4*i + 2]);
+	  t3 = AES_ROUND(T, w3, w0, w1, w2, keys[4*i + 3]);

 	  /* We could unroll the loop twice, to avoid these
 	     assignments. If all eight variables fit in registers,
@@ -70,14 +70,14 @@ _nettle_aes_encrypt(const struct aes_ctx *ctx,

      /* Final round */

-      t0 = AES_FINAL_ROUND(T, w0, w1, w2, w3, ctx->keys[4*round]);
-      t1 = AES_FINAL_ROUND(T, w1, w2, w3, w0, ctx->keys[4*round + 1]);
-      t2 = AES_FINAL_ROUND(T, w2, w3, w0, w1, ctx->keys[4*round + 2]);
-      t3 = AES_FINAL_ROUND(T, w3, w0, w1, w2, ctx->keys[4*round + 3]);
+      t0 = AES_FINAL_ROUND(T, w0, w1, w2, w3, keys[4*i]);
+      t1 = AES_FINAL_ROUND(T, w1, w2, w3, w0, keys[4*i + 1]);
+      t2 = AES_FINAL_ROUND(T, w2, w3, w0, w1, keys[4*i + 2]);
+      t3 = AES_FINAL_ROUND(T, w3, w0, w1, w2, keys[4*i + 3]);

      LE_WRITE_UINT32(dst, t0);
-      LE_WRITE_UINT32(dst + 8, t2);
      LE_WRITE_UINT32(dst + 4, t1);
+      LE_WRITE_UINT32(dst + 8, t2);
      LE_WRITE_UINT32(dst + 12, t3);
    }
 }

--- a/aes-encrypt.c
+++ b/aes-encrypt.c
@@ -5,7 +5,7 @@

 /* nettle, low-level cryptographics library
 *
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002, 2013 Niels Möller
 *  
 * The nettle library is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
@@ -40,6 +40,6 @@ aes_encrypt(const struct aes_ctx *ctx,
 	    const uint8_t *src)
 {
  assert(!(length % AES_BLOCK_SIZE) );
-  _aes_encrypt(ctx, &_aes_encrypt_table,
+  _aes_encrypt(ctx->nrounds, ctx->keys, &_aes_encrypt_table,
 	       length, dst, src);
 }
--- a/aes-internal.h
+++ b/aes-internal.h
@@ -51,13 +51,13 @@ struct aes_table
 };

 void
-_aes_encrypt(const struct aes_ctx *ctx,
+_aes_encrypt(unsigned rounds, const uint32_t *keys,
 	     const struct aes_table *T,
 	     size_t length, uint8_t *dst,
 	     const uint8_t *src);

 void
-_aes_decrypt(const struct aes_ctx *ctx,
+_aes_decrypt(unsigned rounds, const uint32_t *keys,
 	     const struct aes_table *T,
 	     size_t length, uint8_t *dst,
 	     const uint8_t *src);