2
* FIPS-197 compliant AES implementation
4
* Copyright (C) 2006-2007 Christophe Devine
6
* Redistribution and use in source and binary forms, with or without
7
* modification, are permitted provided that the following conditions
10
* * Redistributions of source code _must_ retain the above copyright
11
* notice, this list of conditions and the following disclaimer.
12
* * Redistributions in binary form may or may not reproduce the above
13
* copyright notice, this list of conditions and the following
14
* disclaimer in the documentation and/or other materials provided
15
* with the distribution.
16
* * Neither the name of XySSL nor the names of its contributors may be
17
* used to endorse or promote products derived from this software
18
* without specific prior written permission.
20
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
26
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
27
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
28
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
29
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
30
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33
* The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
35
* http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
36
* http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
39
/* $Id: aes.c 9043 2008-08-28 22:48:19Z giles $ */
40
/* AES block cipher implementation from XYSSL */
42
#include "string_.h" /* memcmp() */
46
* 32-bit integer manipulation macros (little endian)
49
#define GET_ULONG_LE(n,b,i) \
51
(n) = ( (unsigned long) (b)[(i) ] ) \
52
| ( (unsigned long) (b)[(i) + 1] << 8 ) \
53
| ( (unsigned long) (b)[(i) + 2] << 16 ) \
54
| ( (unsigned long) (b)[(i) + 3] << 24 ); \
59
#define PUT_ULONG_LE(n,b,i) \
61
(b)[(i) ] = (unsigned char) ( (n) ); \
62
(b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
63
(b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
64
(b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
68
#if defined(XYSSL_AES_ROM_TABLES)
72
static const unsigned char FSb[256] =
74
0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
75
0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
76
0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
77
0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
78
0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
79
0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
80
0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
81
0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
82
0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
83
0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
84
0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
85
0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
86
0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
87
0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
88
0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
89
0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
90
0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
91
0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
92
0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
93
0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
94
0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
95
0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
96
0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
97
0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
98
0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
99
0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
100
0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
101
0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
102
0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
103
0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
104
0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
105
0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
113
V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \
114
V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \
115
V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \
116
V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \
117
V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \
118
V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \
119
V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \
120
V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \
121
V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \
122
V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \
123
V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \
124
V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \
125
V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \
126
V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \
127
V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \
128
V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \
129
V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \
130
V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \
131
V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \
132
V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \
133
V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \
134
V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \
135
V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \
136
V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \
137
V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \
138
V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \
139
V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \
140
V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \
141
V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \
142
V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \
143
V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \
144
V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \
145
V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \
146
V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \
147
V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \
148
V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \
149
V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \
150
V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \
151
V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \
152
V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \
153
V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \
154
V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \
155
V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \
156
V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \
157
V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \
158
V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \
159
V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \
160
V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \
161
V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \
162
V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \
163
V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \
164
V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \
165
V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \
166
V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \
167
V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \
168
V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \
169
V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \
170
V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \
171
V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \
172
V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \
173
V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \
174
V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \
175
V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \
176
V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C)
178
#define V(a,b,c,d) 0x##a##b##c##d
179
static const unsigned long FT0[256] = { FT };
182
#define V(a,b,c,d) 0x##b##c##d##a
183
static const unsigned long FT1[256] = { FT };
186
#define V(a,b,c,d) 0x##c##d##a##b
187
static const unsigned long FT2[256] = { FT };
190
#define V(a,b,c,d) 0x##d##a##b##c
191
static const unsigned long FT3[256] = { FT };
199
static const unsigned char RSb[256] =
201
0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
202
0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
203
0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
204
0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
205
0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D,
206
0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
207
0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2,
208
0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
209
0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
210
0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
211
0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA,
212
0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
213
0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A,
214
0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
215
0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
216
0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
217
0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA,
218
0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
219
0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85,
220
0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
221
0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
222
0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
223
0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20,
224
0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
225
0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31,
226
0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
227
0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
228
0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
229
0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0,
230
0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
231
0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
232
0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
240
V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \
241
V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \
242
V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \
243
V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \
244
V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \
245
V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \
246
V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \
247
V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \
248
V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \
249
V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \
250
V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \
251
V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \
252
V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \
253
V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \
254
V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \
255
V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \
256
V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \
257
V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \
258
V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \
259
V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \
260
V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \
261
V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \
262
V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \
263
V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \
264
V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \
265
V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \
266
V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \
267
V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \
268
V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \
269
V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \
270
V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \
271
V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \
272
V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \
273
V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \
274
V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \
275
V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \
276
V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \
277
V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \
278
V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \
279
V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \
280
V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \
281
V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \
282
V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \
283
V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \
284
V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \
285
V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \
286
V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \
287
V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \
288
V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \
289
V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \
290
V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \
291
V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \
292
V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \
293
V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \
294
V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \
295
V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \
296
V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \
297
V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \
298
V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \
299
V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \
300
V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \
301
V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \
302
V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \
303
V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
305
#define V(a,b,c,d) 0x##a##b##c##d
306
static const unsigned long RT0[256] = { RT };
309
#define V(a,b,c,d) 0x##b##c##d##a
310
static const unsigned long RT1[256] = { RT };
313
#define V(a,b,c,d) 0x##c##d##a##b
314
static const unsigned long RT2[256] = { RT };
317
#define V(a,b,c,d) 0x##d##a##b##c
318
static const unsigned long RT3[256] = { RT };
326
static const unsigned long RCON[10] =
328
0x00000001, 0x00000002, 0x00000004, 0x00000008,
329
0x00000010, 0x00000020, 0x00000040, 0x00000080,
330
0x0000001B, 0x00000036
336
* Forward S-box & tables
338
static unsigned char FSb[256];
339
static unsigned long FT0[256];
340
static unsigned long FT1[256];
341
static unsigned long FT2[256];
342
static unsigned long FT3[256];
345
* Reverse S-box & tables
347
static unsigned char RSb[256];
348
static unsigned long RT0[256];
349
static unsigned long RT1[256];
350
static unsigned long RT2[256];
351
static unsigned long RT3[256];
356
static unsigned long RCON[10];
359
* Tables generation code
361
#define ROTL8(x) ( ( x << 8 ) & 0xFFFFFFFF ) | ( x >> 24 )
362
#define XTIME(x) ( ( x << 1 ) ^ ( ( x & 0x80 ) ? 0x1B : 0x00 ) )
363
#define MUL(x,y) ( ( x && y ) ? pow[(log[x]+log[y]) % 255] : 0 )
365
static int aes_init_done = 0;
367
static void aes_gen_tables( void )
374
* compute pow and log tables over GF(2^8)
376
for( i = 0, x = 1; i < 256; i++ )
380
x = ( x ^ XTIME( x ) ) & 0xFF;
384
* calculate the round constants
386
for( i = 0, x = 1; i < 10; i++ )
388
RCON[i] = (unsigned long) x;
389
x = XTIME( x ) & 0xFF;
393
* generate the forward and reverse S-boxes
398
for( i = 1; i < 256; i++ )
400
x = pow[255 - log[i]];
402
y = x; y = ( (y << 1) | (y >> 7) ) & 0xFF;
403
x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF;
404
x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF;
405
x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF;
408
FSb[i] = (unsigned char) x;
409
RSb[x] = (unsigned char) i;
413
* generate the forward and reverse tables
415
for( i = 0; i < 256; i++ )
418
y = XTIME( x ) & 0xFF;
419
z = ( y ^ x ) & 0xFF;
421
FT0[i] = ( (unsigned long) y ) ^
422
( (unsigned long) x << 8 ) ^
423
( (unsigned long) x << 16 ) ^
424
( (unsigned long) z << 24 );
426
FT1[i] = ROTL8( FT0[i] );
427
FT2[i] = ROTL8( FT1[i] );
428
FT3[i] = ROTL8( FT2[i] );
432
RT0[i] = ( (unsigned long) MUL( 0x0E, x ) ) ^
433
( (unsigned long) MUL( 0x09, x ) << 8 ) ^
434
( (unsigned long) MUL( 0x0D, x ) << 16 ) ^
435
( (unsigned long) MUL( 0x0B, x ) << 24 );
437
RT1[i] = ROTL8( RT0[i] );
438
RT2[i] = ROTL8( RT1[i] );
439
RT3[i] = ROTL8( RT2[i] );
446
* AES key schedule (encryption)
448
void aes_setkey_enc( aes_context *ctx, const unsigned char *key, int keysize )
453
#if !defined(XYSSL_AES_ROM_TABLES)
454
if( aes_init_done == 0 )
463
case 128: ctx->nr = 10; break;
464
case 192: ctx->nr = 12; break;
465
case 256: ctx->nr = 14; break;
469
#if defined(PADLOCK_ALIGN16)
470
ctx->rk = RK = PADLOCK_ALIGN16( ctx->buf );
472
ctx->rk = RK = ctx->buf;
475
for( i = 0; i < (keysize >> 5); i++ )
477
GET_ULONG_LE( RK[i], key, i << 2 );
484
for( i = 0; i < 10; i++, RK += 4 )
486
RK[4] = RK[0] ^ RCON[i] ^
487
( FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^
488
( FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^
489
( FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^
490
( FSb[ ( RK[3] ) & 0xFF ] << 24 );
492
RK[5] = RK[1] ^ RK[4];
493
RK[6] = RK[2] ^ RK[5];
494
RK[7] = RK[3] ^ RK[6];
500
for( i = 0; i < 8; i++, RK += 6 )
502
RK[6] = RK[0] ^ RCON[i] ^
503
( FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^
504
( FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^
505
( FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^
506
( FSb[ ( RK[5] ) & 0xFF ] << 24 );
508
RK[7] = RK[1] ^ RK[6];
509
RK[8] = RK[2] ^ RK[7];
510
RK[9] = RK[3] ^ RK[8];
511
RK[10] = RK[4] ^ RK[9];
512
RK[11] = RK[5] ^ RK[10];
518
for( i = 0; i < 7; i++, RK += 8 )
520
RK[8] = RK[0] ^ RCON[i] ^
521
( FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^
522
( FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^
523
( FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^
524
( FSb[ ( RK[7] ) & 0xFF ] << 24 );
526
RK[9] = RK[1] ^ RK[8];
527
RK[10] = RK[2] ^ RK[9];
528
RK[11] = RK[3] ^ RK[10];
531
( FSb[ ( RK[11] ) & 0xFF ] ) ^
532
( FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^
533
( FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^
534
( FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 );
536
RK[13] = RK[5] ^ RK[12];
537
RK[14] = RK[6] ^ RK[13];
538
RK[15] = RK[7] ^ RK[14];
549
* AES key schedule (decryption)
551
void aes_setkey_dec( aes_context *ctx, const unsigned char *key, int keysize )
560
case 128: ctx->nr = 10; break;
561
case 192: ctx->nr = 12; break;
562
case 256: ctx->nr = 14; break;
566
#if defined(PADLOCK_ALIGN16)
567
ctx->rk = RK = PADLOCK_ALIGN16( ctx->buf );
569
ctx->rk = RK = ctx->buf;
572
aes_setkey_enc( &cty, key, keysize );
573
SK = cty.rk + cty.nr * 4;
580
for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 )
582
for( j = 0; j < 4; j++, SK++ )
584
*RK++ = RT0[ FSb[ ( *SK ) & 0xFF ] ] ^
585
RT1[ FSb[ ( *SK >> 8 ) & 0xFF ] ] ^
586
RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^
587
RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ];
596
memset( &cty, 0, sizeof( aes_context ) );
599
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
601
X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \
602
FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
603
FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
604
FT3[ ( Y3 >> 24 ) & 0xFF ]; \
606
X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \
607
FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
608
FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
609
FT3[ ( Y0 >> 24 ) & 0xFF ]; \
611
X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \
612
FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
613
FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
614
FT3[ ( Y1 >> 24 ) & 0xFF ]; \
616
X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \
617
FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
618
FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
619
FT3[ ( Y2 >> 24 ) & 0xFF ]; \
622
#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
624
X0 = *RK++ ^ RT0[ ( Y0 ) & 0xFF ] ^ \
625
RT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
626
RT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
627
RT3[ ( Y1 >> 24 ) & 0xFF ]; \
629
X1 = *RK++ ^ RT0[ ( Y1 ) & 0xFF ] ^ \
630
RT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
631
RT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
632
RT3[ ( Y2 >> 24 ) & 0xFF ]; \
634
X2 = *RK++ ^ RT0[ ( Y2 ) & 0xFF ] ^ \
635
RT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
636
RT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
637
RT3[ ( Y3 >> 24 ) & 0xFF ]; \
639
X3 = *RK++ ^ RT0[ ( Y3 ) & 0xFF ] ^ \
640
RT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
641
RT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
642
RT3[ ( Y0 >> 24 ) & 0xFF ]; \
646
* AES-ECB block encryption/decryption
648
void aes_crypt_ecb( aes_context *ctx,
650
const unsigned char input[16],
651
unsigned char output[16] )
654
unsigned long *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
656
#if defined(XYSSL_PADLOCK_C) && defined(XYSSL_HAVE_X86)
657
if( padlock_supports( PADLOCK_ACE ) )
659
if( padlock_xcryptecb( ctx, mode, input, output ) == 0 )
666
GET_ULONG_LE( X0, input, 0 ); X0 ^= *RK++;
667
GET_ULONG_LE( X1, input, 4 ); X1 ^= *RK++;
668
GET_ULONG_LE( X2, input, 8 ); X2 ^= *RK++;
669
GET_ULONG_LE( X3, input, 12 ); X3 ^= *RK++;
671
if( mode == AES_DECRYPT )
673
for( i = (ctx->nr >> 1) - 1; i > 0; i-- )
675
AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
676
AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
679
AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
681
X0 = *RK++ ^ ( RSb[ ( Y0 ) & 0xFF ] ) ^
682
( RSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
683
( RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
684
( RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
686
X1 = *RK++ ^ ( RSb[ ( Y1 ) & 0xFF ] ) ^
687
( RSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
688
( RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
689
( RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
691
X2 = *RK++ ^ ( RSb[ ( Y2 ) & 0xFF ] ) ^
692
( RSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
693
( RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
694
( RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
696
X3 = *RK++ ^ ( RSb[ ( Y3 ) & 0xFF ] ) ^
697
( RSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
698
( RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
699
( RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
701
else /* AES_ENCRYPT */
703
for( i = (ctx->nr >> 1) - 1; i > 0; i-- )
705
AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
706
AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
709
AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
711
X0 = *RK++ ^ ( FSb[ ( Y0 ) & 0xFF ] ) ^
712
( FSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
713
( FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
714
( FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
716
X1 = *RK++ ^ ( FSb[ ( Y1 ) & 0xFF ] ) ^
717
( FSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
718
( FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
719
( FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
721
X2 = *RK++ ^ ( FSb[ ( Y2 ) & 0xFF ] ) ^
722
( FSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
723
( FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
724
( FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
726
X3 = *RK++ ^ ( FSb[ ( Y3 ) & 0xFF ] ) ^
727
( FSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
728
( FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
729
( FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
732
PUT_ULONG_LE( X0, output, 0 );
733
PUT_ULONG_LE( X1, output, 4 );
734
PUT_ULONG_LE( X2, output, 8 );
735
PUT_ULONG_LE( X3, output, 12 );
739
* AES-CBC buffer encryption/decryption
741
void aes_crypt_cbc( aes_context *ctx,
744
unsigned char iv[16],
745
const unsigned char *input,
746
unsigned char *output )
749
unsigned char temp[16];
751
#if defined(XYSSL_PADLOCK_C) && defined(XYSSL_HAVE_X86)
752
if( padlock_supports( PADLOCK_ACE ) )
754
if( padlock_xcryptcbc( ctx, mode, length, iv, input, output ) == 0 )
759
if( mode == AES_DECRYPT )
763
memcpy( temp, input, 16 );
764
aes_crypt_ecb( ctx, mode, input, output );
766
for( i = 0; i < 16; i++ )
767
output[i] = (unsigned char)( output[i] ^ iv[i] );
769
memcpy( iv, temp, 16 );
780
for( i = 0; i < 16; i++ )
781
output[i] = (unsigned char)( input[i] ^ iv[i] );
783
aes_crypt_ecb( ctx, mode, output, output );
784
memcpy( iv, output, 16 );
794
* AES-CFB buffer encryption/decryption
796
void aes_crypt_cfb( aes_context *ctx,
800
unsigned char iv[16],
801
const unsigned char *input,
802
unsigned char *output )
806
if( mode == AES_DECRYPT )
811
aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
814
*output++ = (unsigned char)( c ^ iv[n] );
815
iv[n] = (unsigned char) c;
825
aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
827
iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
836
#if defined(XYSSL_SELF_TEST)
841
* AES test vectors from:
843
* http://csrc.nist.gov/archive/aes/rijndael/rijndael-vals.zip
845
static const unsigned char aes_test_ecb_dec[3][16] =
847
{ 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58,
848
0x33, 0x03, 0x91, 0x7E, 0x6B, 0xE9, 0xEB, 0xE0 },
849
{ 0x48, 0xE3, 0x1E, 0x9E, 0x25, 0x67, 0x18, 0xF2,
850
0x92, 0x29, 0x31, 0x9C, 0x19, 0xF1, 0x5B, 0xA4 },
851
{ 0x05, 0x8C, 0xCF, 0xFD, 0xBB, 0xCB, 0x38, 0x2D,
852
0x1F, 0x6F, 0x56, 0x58, 0x5D, 0x8A, 0x4A, 0xDE }
855
static const unsigned char aes_test_ecb_enc[3][16] =
857
{ 0xC3, 0x4C, 0x05, 0x2C, 0xC0, 0xDA, 0x8D, 0x73,
858
0x45, 0x1A, 0xFE, 0x5F, 0x03, 0xBE, 0x29, 0x7F },
859
{ 0xF3, 0xF6, 0x75, 0x2A, 0xE8, 0xD7, 0x83, 0x11,
860
0x38, 0xF0, 0x41, 0x56, 0x06, 0x31, 0xB1, 0x14 },
861
{ 0x8B, 0x79, 0xEE, 0xCC, 0x93, 0xA0, 0xEE, 0x5D,
862
0xFF, 0x30, 0xB4, 0xEA, 0x21, 0x63, 0x6D, 0xA4 }
865
static const unsigned char aes_test_cbc_dec[3][16] =
867
{ 0xFA, 0xCA, 0x37, 0xE0, 0xB0, 0xC8, 0x53, 0x73,
868
0xDF, 0x70, 0x6E, 0x73, 0xF7, 0xC9, 0xAF, 0x86 },
869
{ 0x5D, 0xF6, 0x78, 0xDD, 0x17, 0xBA, 0x4E, 0x75,
870
0xB6, 0x17, 0x68, 0xC6, 0xAD, 0xEF, 0x7C, 0x7B },
871
{ 0x48, 0x04, 0xE1, 0x81, 0x8F, 0xE6, 0x29, 0x75,
872
0x19, 0xA3, 0xE8, 0x8C, 0x57, 0x31, 0x04, 0x13 }
875
static const unsigned char aes_test_cbc_enc[3][16] =
877
{ 0x8A, 0x05, 0xFC, 0x5E, 0x09, 0x5A, 0xF4, 0x84,
878
0x8A, 0x08, 0xD3, 0x28, 0xD3, 0x68, 0x8E, 0x3D },
879
{ 0x7B, 0xD9, 0x66, 0xD5, 0x3A, 0xD8, 0xC1, 0xBB,
880
0x85, 0xD2, 0xAD, 0xFA, 0xE8, 0x7B, 0xB1, 0x04 },
881
{ 0xFE, 0x3C, 0x53, 0x65, 0x3E, 0x2F, 0x45, 0xB5,
882
0x6F, 0xCD, 0x88, 0xB2, 0xCC, 0x89, 0x8F, 0xF0 }
886
* AES-CFB test vectors (generated on 2008-02-12)
888
static const unsigned char aes_test_cfb_dec[3][16] =
890
{ 0xBA, 0x75, 0x0C, 0xC9, 0x77, 0xF8, 0xD4, 0xE1,
891
0x3E, 0x0F, 0xB5, 0x46, 0x2E, 0xA6, 0x33, 0xF6 },
892
{ 0xDB, 0x40, 0x4A, 0x98, 0x7B, 0xAA, 0xA3, 0xF3,
893
0x92, 0x35, 0xAD, 0x58, 0x09, 0x9B, 0xFF, 0x6E },
894
{ 0xA8, 0x17, 0x41, 0x0E, 0x76, 0x71, 0x60, 0xE5,
895
0xFD, 0x37, 0xC5, 0x43, 0xCC, 0xC8, 0xD6, 0xDA }
898
static const unsigned char aes_test_cfb_enc[3][16] =
900
{ 0x45, 0x62, 0xC5, 0xA1, 0xF9, 0x10, 0x8F, 0xE0,
901
0x87, 0x24, 0x25, 0x68, 0xB5, 0x12, 0xF3, 0x8B },
902
{ 0xB8, 0xD4, 0xD5, 0x09, 0xF5, 0xEE, 0x08, 0x38,
903
0x48, 0x9B, 0x9D, 0xAD, 0x11, 0xB4, 0x2E, 0xD2 },
904
{ 0xE9, 0x10, 0x80, 0xDA, 0xEE, 0x2D, 0x81, 0xD9,
905
0x41, 0x78, 0x91, 0xD5, 0x98, 0x78, 0xE1, 0xFA }
911
int aes_self_test( int verbose )
913
int i, j, u, v, offset;
914
unsigned char key[32];
915
unsigned char buf[16];
916
unsigned char prv[16];
917
unsigned char iv[16];
920
memset( key, 0, 32 );
925
for( i = 0; i < 6; i++ )
931
printf( " AES-ECB-%3d (%s): ", 128 + u * 64,
932
( v == AES_DECRYPT ) ? "dec" : "enc" );
934
memset( buf, 0, 16 );
936
if( v == AES_DECRYPT )
938
aes_setkey_dec( &ctx, key, 128 + u * 64 );
940
for( j = 0; j < 10000; j++ )
941
aes_crypt_ecb( &ctx, v, buf, buf );
943
if( memcmp( buf, aes_test_ecb_dec[u], 16 ) != 0 )
946
printf( "failed\n" );
953
aes_setkey_enc( &ctx, key, 128 + u * 64 );
955
for( j = 0; j < 10000; j++ )
956
aes_crypt_ecb( &ctx, v, buf, buf );
958
if( memcmp( buf, aes_test_ecb_enc[u], 16 ) != 0 )
961
printf( "failed\n" );
968
printf( "passed\n" );
977
for( i = 0; i < 6; i++ )
983
printf( " AES-CBC-%3d (%s): ", 128 + u * 64,
984
( v == AES_DECRYPT ) ? "dec" : "enc" );
986
memset( iv , 0, 16 );
987
memset( prv, 0, 16 );
988
memset( buf, 0, 16 );
990
if( v == AES_DECRYPT )
992
aes_setkey_dec( &ctx, key, 128 + u * 64 );
994
for( j = 0; j < 10000; j++ )
995
aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
997
if( memcmp( buf, aes_test_cbc_dec[u], 16 ) != 0 )
1000
printf( "failed\n" );
1007
aes_setkey_enc( &ctx, key, 128 + u * 64 );
1009
for( j = 0; j < 10000; j++ )
1011
unsigned char tmp[16];
1013
aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
1015
memcpy( tmp, prv, 16 );
1016
memcpy( prv, buf, 16 );
1017
memcpy( buf, tmp, 16 );
1020
if( memcmp( prv, aes_test_cbc_enc[u], 16 ) != 0 )
1023
printf( "failed\n" );
1030
printf( "passed\n" );
1039
for( i = 0; i < 6; i++ )
1045
printf( " AES-CFB-%3d (%s): ", 128 + u * 64,
1046
( v == AES_DECRYPT ) ? "dec" : "enc" );
1048
memset( iv , 0, 16 );
1049
memset( buf, 0, 16 );
1052
if( v == AES_DECRYPT )
1054
aes_setkey_dec( &ctx, key, 128 + u * 64 );
1056
for( j = 0; j < 10000; j++ )
1057
aes_crypt_cfb( &ctx, v, 16, &offset, iv, buf, buf );
1059
if( memcmp( buf, aes_test_cfb_dec[u], 16 ) != 0 )
1062
printf( "failed\n" );
1069
aes_setkey_enc( &ctx, key, 128 + u * 64 );
1071
for( j = 0; j < 10000; j++ )
1072
aes_crypt_cfb( &ctx, v, 16, &offset, iv, buf, buf );
1074
if( memcmp( buf, aes_test_cfb_enc[u], 16 ) != 0 )
1077
printf( "failed\n" );
1084
printf( "passed\n" );
1094
int main(int argc, char *argv[])
1096
return aes_self_test(1);
1099
#endif /* defined(XYSSL_SELF_TEST) */