~ilya-yanok/ubuntu/precise/grub2/fix-for-948716
» Revision
1.17.14
: grub-core/lib/libgcrypt-grub/cipher/rijndael.c
« back to all changes in this revision
Viewing changes to grub-core/lib/libgcrypt-grub/cipher/rijndael.c
- browse files at revision 1.17.14
- compare with another revision
- download diff
- download tarball
- view history from revision 1.17.14
- Committer: Bazaar Package Importer
- Author(s): Colin Watson
- Date: 2011-01-17 13:43:06 UTC
- mto: (17.6.26 experimental)
- mto: This revision was merged to the branch mainline in revision 102.
- Revision ID: james.westby@ubuntu.com-20110117134306-fy7qewn4s3qdx2pl
Tags: upstream-1.99~rc1
ImportĀ upstreamĀ versionĀ 1.99~rc1
- files added:
- Makefile.in
- autom4te.cache
- grub-core/lib/libgcrypt-grub
- grub-core/lib/libgcrypt-grub/cipher
- files removed:
- po/LINGUAS
- files modified:
- .bzrignore
added
removed
grub-core/lib/libgcrypt-grub/cipher/rijndael.c
1
/* This file was automatically imported with
2
import_gcry.py. Please don't modify it */
3
/* Rijndael (AES) for GnuPG
4
* Copyright (C) 2000, 2001, 2002, 2003, 2007,
5
* 2008 Free Software Foundation, Inc.
6
*
7
* This file is part of Libgcrypt.
8
*
9
* Libgcrypt is free software; you can redistribute it and/or modify
10
* it under the terms of the GNU Lesser General Public License as
11
* published by the Free Software Foundation; either version 2.1 of
12
* the License, or (at your option) any later version.
13
*
14
* Libgcrypt is distributed in the hope that it will be useful,
15
* but WITHOUT ANY WARRANTY; without even the implied warranty of
16
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17
* GNU Lesser General Public License for more details.
18
*
19
* You should have received a copy of the GNU Lesser General Public
20
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
21
*******************************************************************
22
* The code here is based on the optimized implementation taken from
23
* http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ on Oct 2, 2000,
24
* which carries this notice:
25
*------------------------------------------
26
* rijndael-alg-fst.c v2.3 April '2000
27
*
28
* Optimised ANSI C code
29
*
30
* authors: v1.0: Antoon Bosselaers
31
* v2.0: Vincent Rijmen
32
* v2.3: Paulo Barreto
33
*
34
* This code is placed in the public domain.
35
*------------------------------------------
36
*
37
* The SP800-38a document is available at:
38
* http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
39
*
40
*/
41
42
43
#include "types.h" /* for byte and u32 typedefs */
44
#include "g10lib.h"
45
#include "cipher.h"
46
47
#define MAXKC (256/32)
48
#define MAXROUNDS 14
49
#define BLOCKSIZE (128/8)
50
51
52
/* USE_PADLOCK indicates whether to compile the padlock specific
53
code. */
54
#undef USE_PADLOCK
55
#ifdef ENABLE_PADLOCK_SUPPORT
56
# if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__)
57
# define USE_PADLOCK
58
# endif
59
#endif /*ENABLE_PADLOCK_SUPPORT*/
60
61
62
typedef struct
63
{
64
int ROUNDS; /* Key-length-dependent number of rounds. */
65
int decryption_prepared; /* The decryption key schedule is available. */
66
#ifdef USE_PADLOCK
67
int use_padlock; /* Padlock shall be used. */
68
/* The key as passed to the padlock engine. */
69
unsigned char padlock_key[16] __attribute__ ((aligned (16)));
70
#endif
71
union
72
{
73
PROPERLY_ALIGNED_TYPE dummy;
74
byte keyschedule[MAXROUNDS+1][4][4];
75
} u1;
76
union
77
{
78
PROPERLY_ALIGNED_TYPE dummy;
79
byte keyschedule[MAXROUNDS+1][4][4];
80
} u2;
81
} RIJNDAEL_context;
82
83
#define keySched u1.keyschedule
84
#define keySched2 u2.keyschedule
85
86
/* All the numbers. */
87
#include "rijndael-tables.h"
88
89
90
/* Perform the key setup. */
91
static gcry_err_code_t
92
do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen)
93
{
94
static int initialized = 0;
95
static const char *selftest_failed=0;
96
int ROUNDS;
97
int i,j, r, t, rconpointer = 0;
98
int KC;
99
union
100
{
101
PROPERLY_ALIGNED_TYPE dummy;
102
byte k[MAXKC][4];
103
} k;
104
#define k k.k
105
union
106
{
107
PROPERLY_ALIGNED_TYPE dummy;
108
byte tk[MAXKC][4];
109
} tk;
110
#define tk tk.tk
111
112
/* The on-the-fly self tests are only run in non-fips mode. In fips
113
mode explicit self-tests are required. Actually the on-the-fly
114
self-tests are not fully thread-safe and it might happen that a
115
failed self-test won't get noticed in another thread.
116
117
FIXME: We might want to have a central registry of succeeded
118
self-tests. */
119
if (!fips_mode () && !initialized)
120
{
121
initialized = 1;
122
selftest_failed = selftest ();
123
if (selftest_failed)
124
log_error ("%s\n", selftest_failed );
125
}
126
if (selftest_failed)
127
return GPG_ERR_SELFTEST_FAILED;
128
129
ctx->decryption_prepared = 0;
130
#ifdef USE_PADLOCK
131
ctx->use_padlock = 0;
132
#endif
133
134
if( keylen == 128/8 )
135
{
136
ROUNDS = 10;
137
KC = 4;
138
#ifdef USE_PADLOCK
139
if ((_gcry_get_hw_features () & HWF_PADLOCK_AES))
140
{
141
ctx->use_padlock = 1;
142
memcpy (ctx->padlock_key, key, keylen);
143
}
144
#endif
145
}
146
else if ( keylen == 192/8 )
147
{
148
ROUNDS = 12;
149
KC = 6;
150
}
151
else if ( keylen == 256/8 )
152
{
153
ROUNDS = 14;
154
KC = 8;
155
}
156
else
157
return GPG_ERR_INV_KEYLEN;
158
159
ctx->ROUNDS = ROUNDS;
160
161
#ifdef USE_PADLOCK
162
if (ctx->use_padlock)
163
{
164
/* Nothing to do as we support only hardware key generation for
165
now. */
166
}
167
else
168
#endif /*USE_PADLOCK*/
169
{
170
#define W (ctx->keySched)
171
for (i = 0; i < keylen; i++)
172
{
173
k[i >> 2][i & 3] = key[i];
174
}
175
176
for (j = KC-1; j >= 0; j--)
177
{
178
*((u32*)tk[j]) = *((u32*)k[j]);
179
}
180
r = 0;
181
t = 0;
182
/* Copy values into round key array. */
183
for (j = 0; (j < KC) && (r < ROUNDS + 1); )
184
{
185
for (; (j < KC) && (t < 4); j++, t++)
186
{
187
*((u32*)W[r][t]) = *((u32*)tk[j]);
188
}
189
if (t == 4)
190
{
191
r++;
192
t = 0;
193
}
194
}
195
196
while (r < ROUNDS + 1)
197
{
198
/* While not enough round key material calculated calculate
199
new values. */
200
tk[0][0] ^= S[tk[KC-1][1]];
201
tk[0][1] ^= S[tk[KC-1][2]];
202
tk[0][2] ^= S[tk[KC-1][3]];
203
tk[0][3] ^= S[tk[KC-1][0]];
204
tk[0][0] ^= rcon[rconpointer++];
205
206
if (KC != 8)
207
{
208
for (j = 1; j < KC; j++)
209
{
210
*((u32*)tk[j]) ^= *((u32*)tk[j-1]);
211
}
212
}
213
else
214
{
215
for (j = 1; j < KC/2; j++)
216
{
217
*((u32*)tk[j]) ^= *((u32*)tk[j-1]);
218
}
219
tk[KC/2][0] ^= S[tk[KC/2 - 1][0]];
220
tk[KC/2][1] ^= S[tk[KC/2 - 1][1]];
221
tk[KC/2][2] ^= S[tk[KC/2 - 1][2]];
222
tk[KC/2][3] ^= S[tk[KC/2 - 1][3]];
223
for (j = KC/2 + 1; j < KC; j++)
224
{
225
*((u32*)tk[j]) ^= *((u32*)tk[j-1]);
226
}
227
}
228
229
/* Copy values into round key array. */
230
for (j = 0; (j < KC) && (r < ROUNDS + 1); )
231
{
232
for (; (j < KC) && (t < 4); j++, t++)
233
{
234
*((u32*)W[r][t]) = *((u32*)tk[j]);
235
}
236
if (t == 4)
237
{
238
r++;
239
t = 0;
240
}
241
}
242
}
243
#undef W
244
}
245
246
return 0;
247
#undef tk
248
#undef k
249
}
250
251
252
static gcry_err_code_t
253
rijndael_setkey (void *context, const byte *key, const unsigned keylen)
254
{
255
RIJNDAEL_context *ctx = context;
256
257
int rc = do_setkey (ctx, key, keylen);
258
_gcry_burn_stack ( 100 + 16*sizeof(int));
259
return rc;
260
}
261
262
263
/* Make a decryption key from an encryption key. */
264
static void
265
prepare_decryption( RIJNDAEL_context *ctx )
266
{
267
int r;
268
union
269
{
270
PROPERLY_ALIGNED_TYPE dummy;
271
byte *w;
272
} w;
273
#define w w.w
274
275
for (r=0; r < MAXROUNDS+1; r++ )
276
{
277
*((u32*)ctx->keySched2[r][0]) = *((u32*)ctx->keySched[r][0]);
278
*((u32*)ctx->keySched2[r][1]) = *((u32*)ctx->keySched[r][1]);
279
*((u32*)ctx->keySched2[r][2]) = *((u32*)ctx->keySched[r][2]);
280
*((u32*)ctx->keySched2[r][3]) = *((u32*)ctx->keySched[r][3]);
281
}
282
#define W (ctx->keySched2)
283
for (r = 1; r < ctx->ROUNDS; r++)
284
{
285
w = W[r][0];
286
*((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
287
^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
288
289
w = W[r][1];
290
*((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
291
^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
292
293
w = W[r][2];
294
*((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
295
^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
296
297
w = W[r][3];
298
*((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
299
^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
300
}
301
#undef W
302
#undef w
303
}
304
305
306
307
/* Encrypt one block. A and B need to be aligned on a 4 byte
308
boundary. A and B may be the same. */
309
static void
310
do_encrypt_aligned (const RIJNDAEL_context *ctx,
311
unsigned char *b, const unsigned char *a)
312
{
313
#define rk (ctx->keySched)
314
int ROUNDS = ctx->ROUNDS;
315
int r;
316
union
317
{
318
u32 tempu32[4]; /* Force correct alignment. */
319
byte temp[4][4];
320
} u;
321
322
*((u32*)u.temp[0]) = *((u32*)(a )) ^ *((u32*)rk[0][0]);
323
*((u32*)u.temp[1]) = *((u32*)(a+ 4)) ^ *((u32*)rk[0][1]);
324
*((u32*)u.temp[2]) = *((u32*)(a+ 8)) ^ *((u32*)rk[0][2]);
325
*((u32*)u.temp[3]) = *((u32*)(a+12)) ^ *((u32*)rk[0][3]);
326
*((u32*)(b )) = (*((u32*)T1[u.temp[0][0]])
327
^ *((u32*)T2[u.temp[1][1]])
328
^ *((u32*)T3[u.temp[2][2]])
329
^ *((u32*)T4[u.temp[3][3]]));
330
*((u32*)(b + 4)) = (*((u32*)T1[u.temp[1][0]])
331
^ *((u32*)T2[u.temp[2][1]])
332
^ *((u32*)T3[u.temp[3][2]])
333
^ *((u32*)T4[u.temp[0][3]]));
334
*((u32*)(b + 8)) = (*((u32*)T1[u.temp[2][0]])
335
^ *((u32*)T2[u.temp[3][1]])
336
^ *((u32*)T3[u.temp[0][2]])
337
^ *((u32*)T4[u.temp[1][3]]));
338
*((u32*)(b +12)) = (*((u32*)T1[u.temp[3][0]])
339
^ *((u32*)T2[u.temp[0][1]])
340
^ *((u32*)T3[u.temp[1][2]])
341
^ *((u32*)T4[u.temp[2][3]]));
342
343
for (r = 1; r < ROUNDS-1; r++)
344
{
345
*((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[r][0]);
346
*((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[r][1]);
347
*((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[r][2]);
348
*((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[r][3]);
349
350
*((u32*)(b )) = (*((u32*)T1[u.temp[0][0]])
351
^ *((u32*)T2[u.temp[1][1]])
352
^ *((u32*)T3[u.temp[2][2]])
353
^ *((u32*)T4[u.temp[3][3]]));
354
*((u32*)(b + 4)) = (*((u32*)T1[u.temp[1][0]])
355
^ *((u32*)T2[u.temp[2][1]])
356
^ *((u32*)T3[u.temp[3][2]])
357
^ *((u32*)T4[u.temp[0][3]]));
358
*((u32*)(b + 8)) = (*((u32*)T1[u.temp[2][0]])
359
^ *((u32*)T2[u.temp[3][1]])
360
^ *((u32*)T3[u.temp[0][2]])
361
^ *((u32*)T4[u.temp[1][3]]));
362
*((u32*)(b +12)) = (*((u32*)T1[u.temp[3][0]])
363
^ *((u32*)T2[u.temp[0][1]])
364
^ *((u32*)T3[u.temp[1][2]])
365
^ *((u32*)T4[u.temp[2][3]]));
366
}
367
368
/* Last round is special. */
369
*((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[ROUNDS-1][0]);
370
*((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[ROUNDS-1][1]);
371
*((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[ROUNDS-1][2]);
372
*((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[ROUNDS-1][3]);
373
b[ 0] = T1[u.temp[0][0]][1];
374
b[ 1] = T1[u.temp[1][1]][1];
375
b[ 2] = T1[u.temp[2][2]][1];
376
b[ 3] = T1[u.temp[3][3]][1];
377
b[ 4] = T1[u.temp[1][0]][1];
378
b[ 5] = T1[u.temp[2][1]][1];
379
b[ 6] = T1[u.temp[3][2]][1];
380
b[ 7] = T1[u.temp[0][3]][1];
381
b[ 8] = T1[u.temp[2][0]][1];
382
b[ 9] = T1[u.temp[3][1]][1];
383
b[10] = T1[u.temp[0][2]][1];
384
b[11] = T1[u.temp[1][3]][1];
385
b[12] = T1[u.temp[3][0]][1];
386
b[13] = T1[u.temp[0][1]][1];
387
b[14] = T1[u.temp[1][2]][1];
388
b[15] = T1[u.temp[2][3]][1];
389
*((u32*)(b )) ^= *((u32*)rk[ROUNDS][0]);
390
*((u32*)(b+ 4)) ^= *((u32*)rk[ROUNDS][1]);
391
*((u32*)(b+ 8)) ^= *((u32*)rk[ROUNDS][2]);
392
*((u32*)(b+12)) ^= *((u32*)rk[ROUNDS][3]);
393
#undef rk
394
}
395
396
397
static void
398
do_encrypt (const RIJNDAEL_context *ctx,
399
unsigned char *bx, const unsigned char *ax)
400
{
401
/* BX and AX are not necessary correctly aligned. Thus we need to
402
copy them here. */
403
union
404
{
405
u32 dummy[4];
406
byte a[16];
407
} a;
408
union
409
{
410
u32 dummy[4];
411
byte b[16];
412
} b;
413
414
memcpy (a.a, ax, 16);
415
do_encrypt_aligned (ctx, b.b, a.a);
416
memcpy (bx, b.b, 16);
417
}
418
419
420
/* Encrypt or decrypt one block using the padlock engine. A and B may
421
be the same. */
422
#ifdef USE_PADLOCK
423
static void
424
do_padlock (const RIJNDAEL_context *ctx, int decrypt_flag,
425
unsigned char *bx, const unsigned char *ax)
426
{
427
/* BX and AX are not necessary correctly aligned. Thus we need to
428
copy them here. */
429
unsigned char a[16] __attribute__ ((aligned (16)));
430
unsigned char b[16] __attribute__ ((aligned (16)));
431
unsigned int cword[4] __attribute__ ((aligned (16)));
432
433
/* The control word fields are:
434
127:12 11:10 9 8 7 6 5 4 3:0
435
RESERVED KSIZE CRYPT INTER KEYGN CIPHR ALIGN DGEST ROUND */
436
cword[0] = (ctx->ROUNDS & 15); /* (The mask is just a safeguard.) */
437
cword[1] = 0;
438
cword[2] = 0;
439
cword[3] = 0;
440
if (decrypt_flag)
441
cword[0] |= 0x00000200;
442
443
memcpy (a, ax, 16);
444
445
asm volatile
446
("pushfl\n\t" /* Force key reload. */
447
"popfl\n\t"
448
"xchg %3, %%ebx\n\t" /* Load key. */
449
"movl $1, %%ecx\n\t" /* Init counter for just one block. */
450
".byte 0xf3, 0x0f, 0xa7, 0xc8\n\t" /* REP XSTORE ECB. */
451
"xchg %3, %%ebx\n" /* Restore GOT register. */
452
: /* No output */
453
: "S" (a), "D" (b), "d" (cword), "r" (ctx->padlock_key)
454
: "%ecx", "cc", "memory"
455
);
456
457
memcpy (bx, b, 16);
458
459
}
460
#endif /*USE_PADLOCK*/
461
462
463
static void
464
rijndael_encrypt (void *context, byte *b, const byte *a)
465
{
466
RIJNDAEL_context *ctx = context;
467
468
#ifdef USE_PADLOCK
469
if (ctx->use_padlock)
470
{
471
do_padlock (ctx, 0, b, a);
472
_gcry_burn_stack (48 + 15 /* possible padding for alignment */);
473
}
474
else
475
#endif /*USE_PADLOCK*/
476
{
477
do_encrypt (ctx, b, a);
478
_gcry_burn_stack (48 + 2*sizeof(int));
479
}
480
}
481
482
483
/* Bulk encryption of complete blocks in CFB mode. Caller needs to
484
make sure that IV is aligned on an unsigned long boundary. This
485
function is only intended for the bulk encryption feature of
486
cipher.c. */
487
488
489
/* Bulk encryption of complete blocks in CBC mode. Caller needs to
490
make sure that IV is aligned on an unsigned long boundary. This
491
function is only intended for the bulk encryption feature of
492
cipher.c. */
493
494
495
496
/* Decrypt one block. A and B need to be aligned on a 4 byte boundary
497
and the decryption must have been prepared. A and B may be the
498
same. */
499
static void
500
do_decrypt_aligned (RIJNDAEL_context *ctx,
501
unsigned char *b, const unsigned char *a)
502
{
503
#define rk (ctx->keySched2)
504
int ROUNDS = ctx->ROUNDS;
505
int r;
506
union
507
{
508
u32 tempu32[4]; /* Force correct alignment. */
509
byte temp[4][4];
510
} u;
511
512
513
*((u32*)u.temp[0]) = *((u32*)(a )) ^ *((u32*)rk[ROUNDS][0]);
514
*((u32*)u.temp[1]) = *((u32*)(a+ 4)) ^ *((u32*)rk[ROUNDS][1]);
515
*((u32*)u.temp[2]) = *((u32*)(a+ 8)) ^ *((u32*)rk[ROUNDS][2]);
516
*((u32*)u.temp[3]) = *((u32*)(a+12)) ^ *((u32*)rk[ROUNDS][3]);
517
518
*((u32*)(b )) = (*((u32*)T5[u.temp[0][0]])
519
^ *((u32*)T6[u.temp[3][1]])
520
^ *((u32*)T7[u.temp[2][2]])
521
^ *((u32*)T8[u.temp[1][3]]));
522
*((u32*)(b+ 4)) = (*((u32*)T5[u.temp[1][0]])
523
^ *((u32*)T6[u.temp[0][1]])
524
^ *((u32*)T7[u.temp[3][2]])
525
^ *((u32*)T8[u.temp[2][3]]));
526
*((u32*)(b+ 8)) = (*((u32*)T5[u.temp[2][0]])
527
^ *((u32*)T6[u.temp[1][1]])
528
^ *((u32*)T7[u.temp[0][2]])
529
^ *((u32*)T8[u.temp[3][3]]));
530
*((u32*)(b+12)) = (*((u32*)T5[u.temp[3][0]])
531
^ *((u32*)T6[u.temp[2][1]])
532
^ *((u32*)T7[u.temp[1][2]])
533
^ *((u32*)T8[u.temp[0][3]]));
534
535
for (r = ROUNDS-1; r > 1; r--)
536
{
537
*((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[r][0]);
538
*((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[r][1]);
539
*((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[r][2]);
540
*((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[r][3]);
541
*((u32*)(b )) = (*((u32*)T5[u.temp[0][0]])
542
^ *((u32*)T6[u.temp[3][1]])
543
^ *((u32*)T7[u.temp[2][2]])
544
^ *((u32*)T8[u.temp[1][3]]));
545
*((u32*)(b+ 4)) = (*((u32*)T5[u.temp[1][0]])
546
^ *((u32*)T6[u.temp[0][1]])
547
^ *((u32*)T7[u.temp[3][2]])
548
^ *((u32*)T8[u.temp[2][3]]));
549
*((u32*)(b+ 8)) = (*((u32*)T5[u.temp[2][0]])
550
^ *((u32*)T6[u.temp[1][1]])
551
^ *((u32*)T7[u.temp[0][2]])
552
^ *((u32*)T8[u.temp[3][3]]));
553
*((u32*)(b+12)) = (*((u32*)T5[u.temp[3][0]])
554
^ *((u32*)T6[u.temp[2][1]])
555
^ *((u32*)T7[u.temp[1][2]])
556
^ *((u32*)T8[u.temp[0][3]]));
557
}
558
559
/* Last round is special. */
560
*((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[1][0]);
561
*((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[1][1]);
562
*((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[1][2]);
563
*((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[1][3]);
564
b[ 0] = S5[u.temp[0][0]];
565
b[ 1] = S5[u.temp[3][1]];
566
b[ 2] = S5[u.temp[2][2]];
567
b[ 3] = S5[u.temp[1][3]];
568
b[ 4] = S5[u.temp[1][0]];
569
b[ 5] = S5[u.temp[0][1]];
570
b[ 6] = S5[u.temp[3][2]];
571
b[ 7] = S5[u.temp[2][3]];
572
b[ 8] = S5[u.temp[2][0]];
573
b[ 9] = S5[u.temp[1][1]];
574
b[10] = S5[u.temp[0][2]];
575
b[11] = S5[u.temp[3][3]];
576
b[12] = S5[u.temp[3][0]];
577
b[13] = S5[u.temp[2][1]];
578
b[14] = S5[u.temp[1][2]];
579
b[15] = S5[u.temp[0][3]];
580
*((u32*)(b )) ^= *((u32*)rk[0][0]);
581
*((u32*)(b+ 4)) ^= *((u32*)rk[0][1]);
582
*((u32*)(b+ 8)) ^= *((u32*)rk[0][2]);
583
*((u32*)(b+12)) ^= *((u32*)rk[0][3]);
584
#undef rk
585
}
586
587
588
/* Decrypt one block. AX and BX may be the same. */
589
static void
590
do_decrypt (RIJNDAEL_context *ctx, byte *bx, const byte *ax)
591
{
592
/* BX and AX are not necessary correctly aligned. Thus we need to
593
copy them here. */
594
union
595
{
596
u32 dummy[4];
597
byte a[16];
598
} a;
599
union
600
{
601
u32 dummy[4];
602
byte b[16];
603
} b;
604
605
if ( !ctx->decryption_prepared )
606
{
607
prepare_decryption ( ctx );
608
_gcry_burn_stack (64);
609
ctx->decryption_prepared = 1;
610
}
611
612
memcpy (a.a, ax, 16);
613
do_decrypt_aligned (ctx, b.b, a.a);
614
memcpy (bx, b.b, 16);
615
#undef rk
616
}
617
618
619
620
621
static void
622
rijndael_decrypt (void *context, byte *b, const byte *a)
623
{
624
RIJNDAEL_context *ctx = context;
625
626
#ifdef USE_PADLOCK
627
if (ctx->use_padlock)
628
{
629
do_padlock (ctx, 1, b, a);
630
_gcry_burn_stack (48 + 2*sizeof(int) /* FIXME */);
631
}
632
else
633
#endif /*USE_PADLOCK*/
634
{
635
do_decrypt (ctx, b, a);
636
_gcry_burn_stack (48+2*sizeof(int));
637
}
638
}
639
640
641
/* Bulk decryption of complete blocks in CFB mode. Caller needs to
642
make sure that IV is aligned on an unisgned lonhg boundary. This
643
function is only intended for the bulk encryption feature of
644
cipher.c. */
645
646
647
/* Bulk decryption of complete blocks in CBC mode. Caller needs to
648
make sure that IV is aligned on an unsigned long boundary. This
649
function is only intended for the bulk encryption feature of
650
cipher.c. */
651
652
653
654
655
/* Run the self-tests for AES 128. Returns NULL on success. */
656
657
/* Run the self-tests for AES 192. Returns NULL on success. */
658
659
660
/* Run the self-tests for AES 256. Returns NULL on success. */
661
662
/* Run all the self-tests and return NULL on success. This function
663
is used for the on-the-fly self-tests. */
664
665
666
/* SP800-38a.pdf for AES-128. */
667
668
669
/* Complete selftest for AES-128 with all modes and driver code. */
670
671
/* Complete selftest for AES-192. */
672
673
674
/* Complete selftest for AES-256. */
675
676
677
678
/* Run a full self-test for ALGO and return 0 on success. */
679
680
681
682
683
static const char *rijndael_names[] =
684
{
685
"RIJNDAEL",
686
"AES128",
687
"AES-128",
688
NULL
689
};
690
691
static gcry_cipher_oid_spec_t rijndael_oids[] =
692
{
693
{ "2.16.840.1.101.3.4.1.1", GCRY_CIPHER_MODE_ECB },
694
{ "2.16.840.1.101.3.4.1.2", GCRY_CIPHER_MODE_CBC },
695
{ "2.16.840.1.101.3.4.1.3", GCRY_CIPHER_MODE_OFB },
696
{ "2.16.840.1.101.3.4.1.4", GCRY_CIPHER_MODE_CFB },
697
{ NULL }
698
};
699
700
gcry_cipher_spec_t _gcry_cipher_spec_aes =
701
{
702
"AES", rijndael_names, rijndael_oids, 16, 128, sizeof (RIJNDAEL_context),
703
rijndael_setkey, rijndael_encrypt, rijndael_decrypt
704
};
705
706
static const char *rijndael192_names[] =
707
{
708
"RIJNDAEL192",
709
"AES-192",
710
NULL
711
};
712
713
static gcry_cipher_oid_spec_t rijndael192_oids[] =
714
{
715
{ "2.16.840.1.101.3.4.1.21", GCRY_CIPHER_MODE_ECB },
716
{ "2.16.840.1.101.3.4.1.22", GCRY_CIPHER_MODE_CBC },
717
{ "2.16.840.1.101.3.4.1.23", GCRY_CIPHER_MODE_OFB },
718
{ "2.16.840.1.101.3.4.1.24", GCRY_CIPHER_MODE_CFB },
719
{ NULL }
720
};
721
722
gcry_cipher_spec_t _gcry_cipher_spec_aes192 =
723
{
724
"AES192", rijndael192_names, rijndael192_oids, 16, 192, sizeof (RIJNDAEL_context),
725
rijndael_setkey, rijndael_encrypt, rijndael_decrypt
726
};
727
728
static const char *rijndael256_names[] =
729
{
730
"RIJNDAEL256",
731
"AES-256",
732
NULL
733
};
734
735
static gcry_cipher_oid_spec_t rijndael256_oids[] =
736
{
737
{ "2.16.840.1.101.3.4.1.41", GCRY_CIPHER_MODE_ECB },
738
{ "2.16.840.1.101.3.4.1.42", GCRY_CIPHER_MODE_CBC },
739
{ "2.16.840.1.101.3.4.1.43", GCRY_CIPHER_MODE_OFB },
740
{ "2.16.840.1.101.3.4.1.44", GCRY_CIPHER_MODE_CFB },
741
{ NULL }
742
};
743
744
gcry_cipher_spec_t _gcry_cipher_spec_aes256 =
745
{
746
"AES256", rijndael256_names, rijndael256_oids, 16, 256,
747
sizeof (RIJNDAEL_context),
748
rijndael_setkey, rijndael_encrypt, rijndael_decrypt
749
};
750
751
752
753
GRUB_MOD_INIT(gcry_rijndael)
754
{
755
grub_cipher_register (&_gcry_cipher_spec_aes);
756
grub_cipher_register (&_gcry_cipher_spec_aes192);
757
grub_cipher_register (&_gcry_cipher_spec_aes256);
758
}
759
760
GRUB_MOD_FINI(gcry_rijndael)
761
{
762
grub_cipher_unregister (&_gcry_cipher_spec_aes);
763
grub_cipher_unregister (&_gcry_cipher_spec_aes192);
764
grub_cipher_unregister (&_gcry_cipher_spec_aes256);
765
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.1