Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Wim Lewis
nettle
Commits
ff29d0a9
Commit
ff29d0a9
authored
May 17, 2013
by
Niels Möller
Browse files
Separate rounds and key arguments to _aes_encrypt and _aes_decrypt.
parent
982961a5
Changes
6
Hide whitespace changes
Inline
Side-by-side
ChangeLog
View file @
ff29d0a9
2013-05-17 Niels Möller <nisse@lysator.liu.se>
* aes-encrypt-internal.c (_nettle_aes_encrypt): Take rounds and
subkeys as separate arguments, not a struct aes_ctx *. Updated
callers.
* aes-decrypt-internal.c (_nettle_aes_decrypt): Likewise.
* aes-internal.h: Updated prototypes.
* macros.h (ROTL32, ROTL64): Avoid undefined behaviour for zero
rotation count. Unfortunately makes CAST128 a bit slower with
gcc-4.6.3.
...
...
aes-decrypt-internal.c
View file @
ff29d0a9
...
...
@@ -5,7 +5,7 @@
/* nettle, low-level cryptographics library
*
* Copyright (C) 2002 Niels Möller
* Copyright (C) 2002
, 2013
Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
...
...
@@ -33,7 +33,7 @@
#include
"macros.h"
void
_nettle_aes_decrypt
(
const
struct
aes_ctx
*
ctx
,
_nettle_aes_decrypt
(
unsigned
rounds
,
const
uint32_t
*
keys
,
const
struct
aes_table
*
T
,
size_t
length
,
uint8_t
*
dst
,
const
uint8_t
*
src
)
...
...
@@ -42,22 +42,22 @@ _nettle_aes_decrypt(const struct aes_ctx *ctx,
{
uint32_t
w0
,
w1
,
w2
,
w3
;
/* working ciphertext */
uint32_t
t0
,
t1
,
t2
,
t3
;
unsigned
round
;
unsigned
i
;
/* Get clear text, using little-endian byte order.
* Also XOR with the first subkey. */
w0
=
LE_READ_UINT32
(
src
)
^
ctx
->
keys
[
0
];
w1
=
LE_READ_UINT32
(
src
+
4
)
^
ctx
->
keys
[
1
];
w2
=
LE_READ_UINT32
(
src
+
8
)
^
ctx
->
keys
[
2
];
w3
=
LE_READ_UINT32
(
src
+
12
)
^
ctx
->
keys
[
3
];
w0
=
LE_READ_UINT32
(
src
)
^
keys
[
0
];
w1
=
LE_READ_UINT32
(
src
+
4
)
^
keys
[
1
];
w2
=
LE_READ_UINT32
(
src
+
8
)
^
keys
[
2
];
w3
=
LE_READ_UINT32
(
src
+
12
)
^
keys
[
3
];
for
(
round
=
1
;
round
<
ctx
->
n
rounds
;
round
++
)
for
(
i
=
1
;
i
<
rounds
;
i
++
)
{
t0
=
AES_ROUND
(
T
,
w0
,
w3
,
w2
,
w1
,
ctx
->
keys
[
4
*
round
]);
t1
=
AES_ROUND
(
T
,
w1
,
w0
,
w3
,
w2
,
ctx
->
keys
[
4
*
round
+
1
]);
t2
=
AES_ROUND
(
T
,
w2
,
w1
,
w0
,
w3
,
ctx
->
keys
[
4
*
round
+
2
]);
t3
=
AES_ROUND
(
T
,
w3
,
w2
,
w1
,
w0
,
ctx
->
keys
[
4
*
round
+
3
]);
t0
=
AES_ROUND
(
T
,
w0
,
w3
,
w2
,
w1
,
keys
[
4
*
i
]);
t1
=
AES_ROUND
(
T
,
w1
,
w0
,
w3
,
w2
,
keys
[
4
*
i
+
1
]);
t2
=
AES_ROUND
(
T
,
w2
,
w1
,
w0
,
w3
,
keys
[
4
*
i
+
2
]);
t3
=
AES_ROUND
(
T
,
w3
,
w2
,
w1
,
w0
,
keys
[
4
*
i
+
3
]);
/* We could unroll the loop twice, to avoid these
assignments. If all eight variables fit in registers,
...
...
@@ -70,14 +70,14 @@ _nettle_aes_decrypt(const struct aes_ctx *ctx,
/* Final round */
t0
=
AES_FINAL_ROUND
(
T
,
w0
,
w3
,
w2
,
w1
,
ctx
->
keys
[
4
*
round
]);
t1
=
AES_FINAL_ROUND
(
T
,
w1
,
w0
,
w3
,
w2
,
ctx
->
keys
[
4
*
round
+
1
]);
t2
=
AES_FINAL_ROUND
(
T
,
w2
,
w1
,
w0
,
w3
,
ctx
->
keys
[
4
*
round
+
2
]);
t3
=
AES_FINAL_ROUND
(
T
,
w3
,
w2
,
w1
,
w0
,
ctx
->
keys
[
4
*
round
+
3
]);
t0
=
AES_FINAL_ROUND
(
T
,
w0
,
w3
,
w2
,
w1
,
keys
[
4
*
i
]);
t1
=
AES_FINAL_ROUND
(
T
,
w1
,
w0
,
w3
,
w2
,
keys
[
4
*
i
+
1
]);
t2
=
AES_FINAL_ROUND
(
T
,
w2
,
w1
,
w0
,
w3
,
keys
[
4
*
i
+
2
]);
t3
=
AES_FINAL_ROUND
(
T
,
w3
,
w2
,
w1
,
w0
,
keys
[
4
*
i
+
3
]);
LE_WRITE_UINT32
(
dst
,
t0
);
LE_WRITE_UINT32
(
dst
+
8
,
t2
);
LE_WRITE_UINT32
(
dst
+
4
,
t1
);
LE_WRITE_UINT32
(
dst
+
8
,
t2
);
LE_WRITE_UINT32
(
dst
+
12
,
t3
);
}
}
aes-decrypt.c
View file @
ff29d0a9
...
...
@@ -5,7 +5,7 @@
/* nettle, low-level cryptographics library
*
* Copyright (C) 2002 Niels Möller
* Copyright (C) 2002
, 2013
Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
...
...
@@ -342,6 +342,6 @@ aes_decrypt(const struct aes_ctx *ctx,
const
uint8_t
*
src
)
{
assert
(
!
(
length
%
AES_BLOCK_SIZE
)
);
_aes_decrypt
(
ctx
,
&
_aes_decrypt_table
,
_aes_decrypt
(
ctx
->
nrounds
,
ctx
->
keys
,
&
_aes_decrypt_table
,
length
,
dst
,
src
);
}
aes-encrypt-internal.c
View file @
ff29d0a9
...
...
@@ -5,7 +5,7 @@
/* nettle, low-level cryptographics library
*
* Copyright (C) 2002 Niels Möller
* Copyright (C) 2002
, 2013
Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
...
...
@@ -33,7 +33,7 @@
#include
"macros.h"
void
_nettle_aes_encrypt
(
const
struct
aes_ctx
*
ctx
,
_nettle_aes_encrypt
(
unsigned
rounds
,
const
uint32_t
*
keys
,
const
struct
aes_table
*
T
,
size_t
length
,
uint8_t
*
dst
,
const
uint8_t
*
src
)
...
...
@@ -42,22 +42,22 @@ _nettle_aes_encrypt(const struct aes_ctx *ctx,
{
uint32_t
w0
,
w1
,
w2
,
w3
;
/* working ciphertext */
uint32_t
t0
,
t1
,
t2
,
t3
;
unsigned
round
;
unsigned
i
;
/* Get clear text, using little-endian byte order.
* Also XOR with the first subkey. */
w0
=
LE_READ_UINT32
(
src
)
^
ctx
->
keys
[
0
];
w1
=
LE_READ_UINT32
(
src
+
4
)
^
ctx
->
keys
[
1
];
w2
=
LE_READ_UINT32
(
src
+
8
)
^
ctx
->
keys
[
2
];
w3
=
LE_READ_UINT32
(
src
+
12
)
^
ctx
->
keys
[
3
];
w0
=
LE_READ_UINT32
(
src
)
^
keys
[
0
];
w1
=
LE_READ_UINT32
(
src
+
4
)
^
keys
[
1
];
w2
=
LE_READ_UINT32
(
src
+
8
)
^
keys
[
2
];
w3
=
LE_READ_UINT32
(
src
+
12
)
^
keys
[
3
];
for
(
round
=
1
;
round
<
ctx
->
n
rounds
;
round
++
)
for
(
i
=
1
;
i
<
rounds
;
i
++
)
{
t0
=
AES_ROUND
(
T
,
w0
,
w1
,
w2
,
w3
,
ctx
->
keys
[
4
*
round
]);
t1
=
AES_ROUND
(
T
,
w1
,
w2
,
w3
,
w0
,
ctx
->
keys
[
4
*
round
+
1
]);
t2
=
AES_ROUND
(
T
,
w2
,
w3
,
w0
,
w1
,
ctx
->
keys
[
4
*
round
+
2
]);
t3
=
AES_ROUND
(
T
,
w3
,
w0
,
w1
,
w2
,
ctx
->
keys
[
4
*
round
+
3
]);
t0
=
AES_ROUND
(
T
,
w0
,
w1
,
w2
,
w3
,
keys
[
4
*
i
]);
t1
=
AES_ROUND
(
T
,
w1
,
w2
,
w3
,
w0
,
keys
[
4
*
i
+
1
]);
t2
=
AES_ROUND
(
T
,
w2
,
w3
,
w0
,
w1
,
keys
[
4
*
i
+
2
]);
t3
=
AES_ROUND
(
T
,
w3
,
w0
,
w1
,
w2
,
keys
[
4
*
i
+
3
]);
/* We could unroll the loop twice, to avoid these
assignments. If all eight variables fit in registers,
...
...
@@ -70,14 +70,14 @@ _nettle_aes_encrypt(const struct aes_ctx *ctx,
/* Final round */
t0
=
AES_FINAL_ROUND
(
T
,
w0
,
w1
,
w2
,
w3
,
ctx
->
keys
[
4
*
round
]);
t1
=
AES_FINAL_ROUND
(
T
,
w1
,
w2
,
w3
,
w0
,
ctx
->
keys
[
4
*
round
+
1
]);
t2
=
AES_FINAL_ROUND
(
T
,
w2
,
w3
,
w0
,
w1
,
ctx
->
keys
[
4
*
round
+
2
]);
t3
=
AES_FINAL_ROUND
(
T
,
w3
,
w0
,
w1
,
w2
,
ctx
->
keys
[
4
*
round
+
3
]);
t0
=
AES_FINAL_ROUND
(
T
,
w0
,
w1
,
w2
,
w3
,
keys
[
4
*
i
]);
t1
=
AES_FINAL_ROUND
(
T
,
w1
,
w2
,
w3
,
w0
,
keys
[
4
*
i
+
1
]);
t2
=
AES_FINAL_ROUND
(
T
,
w2
,
w3
,
w0
,
w1
,
keys
[
4
*
i
+
2
]);
t3
=
AES_FINAL_ROUND
(
T
,
w3
,
w0
,
w1
,
w2
,
keys
[
4
*
i
+
3
]);
LE_WRITE_UINT32
(
dst
,
t0
);
LE_WRITE_UINT32
(
dst
+
8
,
t2
);
LE_WRITE_UINT32
(
dst
+
4
,
t1
);
LE_WRITE_UINT32
(
dst
+
8
,
t2
);
LE_WRITE_UINT32
(
dst
+
12
,
t3
);
}
}
...
...
aes-encrypt.c
View file @
ff29d0a9
...
...
@@ -5,7 +5,7 @@
/* nettle, low-level cryptographics library
*
* Copyright (C) 2002 Niels Möller
* Copyright (C) 2002
, 2013
Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
...
...
@@ -40,6 +40,6 @@ aes_encrypt(const struct aes_ctx *ctx,
const
uint8_t
*
src
)
{
assert
(
!
(
length
%
AES_BLOCK_SIZE
)
);
_aes_encrypt
(
ctx
,
&
_aes_encrypt_table
,
_aes_encrypt
(
ctx
->
nrounds
,
ctx
->
keys
,
&
_aes_encrypt_table
,
length
,
dst
,
src
);
}
aes-internal.h
View file @
ff29d0a9
...
...
@@ -51,13 +51,13 @@ struct aes_table
};
void
_aes_encrypt
(
const
struct
aes_ctx
*
ctx
,
_aes_encrypt
(
unsigned
rounds
,
const
uint32_t
*
keys
,
const
struct
aes_table
*
T
,
size_t
length
,
uint8_t
*
dst
,
const
uint8_t
*
src
);
void
_aes_decrypt
(
const
struct
aes_ctx
*
ctx
,
_aes_decrypt
(
unsigned
rounds
,
const
uint32_t
*
keys
,
const
struct
aes_table
*
T
,
size_t
length
,
uint8_t
*
dst
,
const
uint8_t
*
src
);
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment