« back to all changes in this revision
Viewing changes to toolkit/aes.c
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Package Import Robot
- Author(s): Dmitrijs Ledkovs
- Date: 2012-11-05 01:06:26 UTC
- Revision ID: package-import@ubuntu.com-20121105010626-4m3hldpaz3jfr3wb
Tags: upstream-3.2.1
ImportĀ upstreamĀ versionĀ 3.2.1
- files added:
- packaging
- packaging/CVS
- packaging/fedora
- packaging/fedora/CVS
- src
- toolkit
added
removed
toolkit/aes.c
1
/* Retrieved from http://www.cr0.net:8040/code/crypto/aes/aes.c */
2
3
/*
4
* FIPS-197 compliant AES implementation
5
*
6
* Copyright (C) 2001-2004 Christophe Devine
7
*
8
* This program is free software; you can redistribute it and/or modify
9
* it under the terms of the GNU General Public License as published by
10
* the Free Software Foundation; either version 2 of the License, or
11
* (at your option) any later version.
12
*
13
* This program is distributed in the hope that it will be useful,
14
* but WITHOUT ANY WARRANTY; without even the implied warranty of
15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
* GNU General Public License for more details.
17
*
18
* You should have received a copy of the GNU General Public License
19
* along with this program; if not, write to the Free Software
20
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21
*/
22
23
#include "aes.h"
24
25
/* uncomment the following line to run the test suite */
26
27
/* #define TEST */
28
29
/* uncomment the following line to use pre-computed tables */
30
/* otherwise the tables will be generated at the first run */
31
32
/* #define FIXED_TABLES */
33
34
#ifndef FIXED_TABLES
35
36
/* forward S-box & tables */
37
38
uint32 FSb[256];
39
uint32 FT0[256];
40
uint32 FT1[256];
41
uint32 FT2[256];
42
uint32 FT3[256];
43
44
/* reverse S-box & tables */
45
46
uint32 RSb[256];
47
uint32 RT0[256];
48
uint32 RT1[256];
49
uint32 RT2[256];
50
uint32 RT3[256];
51
52
/* round constants */
53
54
uint32 RCON[10];
55
56
/* tables generation flag */
57
58
int do_init = 1;
59
60
/* tables generation routine */
61
62
#define ROTR8(x) ( ( ( x << 24 ) & 0xFFFFFFFF ) | \
63
( ( x & 0xFFFFFFFF ) >> 8 ) )
64
65
#define XTIME(x) ( ( x << 1 ) ^ ( ( x & 0x80 ) ? 0x1B : 0x00 ) )
66
#define MUL(x,y) ( ( x && y ) ? pow[(log[x] + log[y]) % 255] : 0 )
67
68
void aes_gen_tables( void )
69
{
70
int i;
71
uint8 x, y;
72
uint8 pow[256];
73
uint8 log[256];
74
75
/* compute pow and log tables over GF(2^8) */
76
77
for( i = 0, x = 1; i < 256; i++, x ^= XTIME( x ) )
78
{
79
pow[i] = x;
80
log[x] = i;
81
}
82
83
/* calculate the round constants */
84
85
for( i = 0, x = 1; i < 10; i++, x = XTIME( x ) )
86
{
87
RCON[i] = (uint32) x << 24;
88
}
89
90
/* generate the forward and reverse S-boxes */
91
92
FSb[0x00] = 0x63;
93
RSb[0x63] = 0x00;
94
95
for( i = 1; i < 256; i++ )
96
{
97
x = pow[255 - log[i]];
98
99
y = x; y = ( y << 1 ) | ( y >> 7 );
100
x ^= y; y = ( y << 1 ) | ( y >> 7 );
101
x ^= y; y = ( y << 1 ) | ( y >> 7 );
102
x ^= y; y = ( y << 1 ) | ( y >> 7 );
103
x ^= y ^ 0x63;
104
105
FSb[i] = x;
106
RSb[x] = i;
107
}
108
109
/* generate the forward and reverse tables */
110
111
for( i = 0; i < 256; i++ )
112
{
113
x = (unsigned char) FSb[i]; y = XTIME( x );
114
115
FT0[i] = (uint32) ( x ^ y ) ^
116
( (uint32) x << 8 ) ^
117
( (uint32) x << 16 ) ^
118
( (uint32) y << 24 );
119
120
FT0[i] &= 0xFFFFFFFF;
121
122
FT1[i] = ROTR8( FT0[i] );
123
FT2[i] = ROTR8( FT1[i] );
124
FT3[i] = ROTR8( FT2[i] );
125
126
y = (unsigned char) RSb[i];
127
128
RT0[i] = ( (uint32) MUL( 0x0B, y ) ) ^
129
( (uint32) MUL( 0x0D, y ) << 8 ) ^
130
( (uint32) MUL( 0x09, y ) << 16 ) ^
131
( (uint32) MUL( 0x0E, y ) << 24 );
132
133
RT0[i] &= 0xFFFFFFFF;
134
135
RT1[i] = ROTR8( RT0[i] );
136
RT2[i] = ROTR8( RT1[i] );
137
RT3[i] = ROTR8( RT2[i] );
138
}
139
}
140
141
#else
142
143
/* forward S-box */
144
145
static const uint32 FSb[256] =
146
{
147
0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
148
0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
149
0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
150
0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
151
0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
152
0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
153
0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
154
0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
155
0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
156
0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
157
0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
158
0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
159
0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
160
0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
161
0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
162
0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
163
0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
164
0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
165
0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
166
0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
167
0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
168
0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
169
0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
170
0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
171
0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
172
0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
173
0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
174
0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
175
0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
176
0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
177
0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
178
0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
179
};
180
181
/* forward tables */
182
183
#define FT \
184
\
185
V(C6,63,63,A5), V(F8,7C,7C,84), V(EE,77,77,99), V(F6,7B,7B,8D), \
186
V(FF,F2,F2,0D), V(D6,6B,6B,BD), V(DE,6F,6F,B1), V(91,C5,C5,54), \
187
V(60,30,30,50), V(02,01,01,03), V(CE,67,67,A9), V(56,2B,2B,7D), \
188
V(E7,FE,FE,19), V(B5,D7,D7,62), V(4D,AB,AB,E6), V(EC,76,76,9A), \
189
V(8F,CA,CA,45), V(1F,82,82,9D), V(89,C9,C9,40), V(FA,7D,7D,87), \
190
V(EF,FA,FA,15), V(B2,59,59,EB), V(8E,47,47,C9), V(FB,F0,F0,0B), \
191
V(41,AD,AD,EC), V(B3,D4,D4,67), V(5F,A2,A2,FD), V(45,AF,AF,EA), \
192
V(23,9C,9C,BF), V(53,A4,A4,F7), V(E4,72,72,96), V(9B,C0,C0,5B), \
193
V(75,B7,B7,C2), V(E1,FD,FD,1C), V(3D,93,93,AE), V(4C,26,26,6A), \
194
V(6C,36,36,5A), V(7E,3F,3F,41), V(F5,F7,F7,02), V(83,CC,CC,4F), \
195
V(68,34,34,5C), V(51,A5,A5,F4), V(D1,E5,E5,34), V(F9,F1,F1,08), \
196
V(E2,71,71,93), V(AB,D8,D8,73), V(62,31,31,53), V(2A,15,15,3F), \
197
V(08,04,04,0C), V(95,C7,C7,52), V(46,23,23,65), V(9D,C3,C3,5E), \
198
V(30,18,18,28), V(37,96,96,A1), V(0A,05,05,0F), V(2F,9A,9A,B5), \
199
V(0E,07,07,09), V(24,12,12,36), V(1B,80,80,9B), V(DF,E2,E2,3D), \
200
V(CD,EB,EB,26), V(4E,27,27,69), V(7F,B2,B2,CD), V(EA,75,75,9F), \
201
V(12,09,09,1B), V(1D,83,83,9E), V(58,2C,2C,74), V(34,1A,1A,2E), \
202
V(36,1B,1B,2D), V(DC,6E,6E,B2), V(B4,5A,5A,EE), V(5B,A0,A0,FB), \
203
V(A4,52,52,F6), V(76,3B,3B,4D), V(B7,D6,D6,61), V(7D,B3,B3,CE), \
204
V(52,29,29,7B), V(DD,E3,E3,3E), V(5E,2F,2F,71), V(13,84,84,97), \
205
V(A6,53,53,F5), V(B9,D1,D1,68), V(00,00,00,00), V(C1,ED,ED,2C), \
206
V(40,20,20,60), V(E3,FC,FC,1F), V(79,B1,B1,C8), V(B6,5B,5B,ED), \
207
V(D4,6A,6A,BE), V(8D,CB,CB,46), V(67,BE,BE,D9), V(72,39,39,4B), \
208
V(94,4A,4A,DE), V(98,4C,4C,D4), V(B0,58,58,E8), V(85,CF,CF,4A), \
209
V(BB,D0,D0,6B), V(C5,EF,EF,2A), V(4F,AA,AA,E5), V(ED,FB,FB,16), \
210
V(86,43,43,C5), V(9A,4D,4D,D7), V(66,33,33,55), V(11,85,85,94), \
211
V(8A,45,45,CF), V(E9,F9,F9,10), V(04,02,02,06), V(FE,7F,7F,81), \
212
V(A0,50,50,F0), V(78,3C,3C,44), V(25,9F,9F,BA), V(4B,A8,A8,E3), \
213
V(A2,51,51,F3), V(5D,A3,A3,FE), V(80,40,40,C0), V(05,8F,8F,8A), \
214
V(3F,92,92,AD), V(21,9D,9D,BC), V(70,38,38,48), V(F1,F5,F5,04), \
215
V(63,BC,BC,DF), V(77,B6,B6,C1), V(AF,DA,DA,75), V(42,21,21,63), \
216
V(20,10,10,30), V(E5,FF,FF,1A), V(FD,F3,F3,0E), V(BF,D2,D2,6D), \
217
V(81,CD,CD,4C), V(18,0C,0C,14), V(26,13,13,35), V(C3,EC,EC,2F), \
218
V(BE,5F,5F,E1), V(35,97,97,A2), V(88,44,44,CC), V(2E,17,17,39), \
219
V(93,C4,C4,57), V(55,A7,A7,F2), V(FC,7E,7E,82), V(7A,3D,3D,47), \
220
V(C8,64,64,AC), V(BA,5D,5D,E7), V(32,19,19,2B), V(E6,73,73,95), \
221
V(C0,60,60,A0), V(19,81,81,98), V(9E,4F,4F,D1), V(A3,DC,DC,7F), \
222
V(44,22,22,66), V(54,2A,2A,7E), V(3B,90,90,AB), V(0B,88,88,83), \
223
V(8C,46,46,CA), V(C7,EE,EE,29), V(6B,B8,B8,D3), V(28,14,14,3C), \
224
V(A7,DE,DE,79), V(BC,5E,5E,E2), V(16,0B,0B,1D), V(AD,DB,DB,76), \
225
V(DB,E0,E0,3B), V(64,32,32,56), V(74,3A,3A,4E), V(14,0A,0A,1E), \
226
V(92,49,49,DB), V(0C,06,06,0A), V(48,24,24,6C), V(B8,5C,5C,E4), \
227
V(9F,C2,C2,5D), V(BD,D3,D3,6E), V(43,AC,AC,EF), V(C4,62,62,A6), \
228
V(39,91,91,A8), V(31,95,95,A4), V(D3,E4,E4,37), V(F2,79,79,8B), \
229
V(D5,E7,E7,32), V(8B,C8,C8,43), V(6E,37,37,59), V(DA,6D,6D,B7), \
230
V(01,8D,8D,8C), V(B1,D5,D5,64), V(9C,4E,4E,D2), V(49,A9,A9,E0), \
231
V(D8,6C,6C,B4), V(AC,56,56,FA), V(F3,F4,F4,07), V(CF,EA,EA,25), \
232
V(CA,65,65,AF), V(F4,7A,7A,8E), V(47,AE,AE,E9), V(10,08,08,18), \
233
V(6F,BA,BA,D5), V(F0,78,78,88), V(4A,25,25,6F), V(5C,2E,2E,72), \
234
V(38,1C,1C,24), V(57,A6,A6,F1), V(73,B4,B4,C7), V(97,C6,C6,51), \
235
V(CB,E8,E8,23), V(A1,DD,DD,7C), V(E8,74,74,9C), V(3E,1F,1F,21), \
236
V(96,4B,4B,DD), V(61,BD,BD,DC), V(0D,8B,8B,86), V(0F,8A,8A,85), \
237
V(E0,70,70,90), V(7C,3E,3E,42), V(71,B5,B5,C4), V(CC,66,66,AA), \
238
V(90,48,48,D8), V(06,03,03,05), V(F7,F6,F6,01), V(1C,0E,0E,12), \
239
V(C2,61,61,A3), V(6A,35,35,5F), V(AE,57,57,F9), V(69,B9,B9,D0), \
240
V(17,86,86,91), V(99,C1,C1,58), V(3A,1D,1D,27), V(27,9E,9E,B9), \
241
V(D9,E1,E1,38), V(EB,F8,F8,13), V(2B,98,98,B3), V(22,11,11,33), \
242
V(D2,69,69,BB), V(A9,D9,D9,70), V(07,8E,8E,89), V(33,94,94,A7), \
243
V(2D,9B,9B,B6), V(3C,1E,1E,22), V(15,87,87,92), V(C9,E9,E9,20), \
244
V(87,CE,CE,49), V(AA,55,55,FF), V(50,28,28,78), V(A5,DF,DF,7A), \
245
V(03,8C,8C,8F), V(59,A1,A1,F8), V(09,89,89,80), V(1A,0D,0D,17), \
246
V(65,BF,BF,DA), V(D7,E6,E6,31), V(84,42,42,C6), V(D0,68,68,B8), \
247
V(82,41,41,C3), V(29,99,99,B0), V(5A,2D,2D,77), V(1E,0F,0F,11), \
248
V(7B,B0,B0,CB), V(A8,54,54,FC), V(6D,BB,BB,D6), V(2C,16,16,3A)
249
250
#define V(a,b,c,d) 0x##a##b##c##d
251
static const uint32 FT0[256] = { FT };
252
#undef V
253
254
#define V(a,b,c,d) 0x##d##a##b##c
255
static const uint32 FT1[256] = { FT };
256
#undef V
257
258
#define V(a,b,c,d) 0x##c##d##a##b
259
static const uint32 FT2[256] = { FT };
260
#undef V
261
262
#define V(a,b,c,d) 0x##b##c##d##a
263
static const uint32 FT3[256] = { FT };
264
#undef V
265
266
#undef FT
267
268
/* reverse S-box */
269
270
static const uint32 RSb[256] =
271
{
272
0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
273
0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
274
0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
275
0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
276
0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D,
277
0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
278
0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2,
279
0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
280
0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
281
0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
282
0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA,
283
0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
284
0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A,
285
0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
286
0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
287
0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
288
0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA,
289
0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
290
0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85,
291
0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
292
0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
293
0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
294
0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20,
295
0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
296
0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31,
297
0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
298
0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
299
0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
300
0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0,
301
0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
302
0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
303
0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
304
};
305
306
/* reverse tables */
307
308
#define RT \
309
\
310
V(51,F4,A7,50), V(7E,41,65,53), V(1A,17,A4,C3), V(3A,27,5E,96), \
311
V(3B,AB,6B,CB), V(1F,9D,45,F1), V(AC,FA,58,AB), V(4B,E3,03,93), \
312
V(20,30,FA,55), V(AD,76,6D,F6), V(88,CC,76,91), V(F5,02,4C,25), \
313
V(4F,E5,D7,FC), V(C5,2A,CB,D7), V(26,35,44,80), V(B5,62,A3,8F), \
314
V(DE,B1,5A,49), V(25,BA,1B,67), V(45,EA,0E,98), V(5D,FE,C0,E1), \
315
V(C3,2F,75,02), V(81,4C,F0,12), V(8D,46,97,A3), V(6B,D3,F9,C6), \
316
V(03,8F,5F,E7), V(15,92,9C,95), V(BF,6D,7A,EB), V(95,52,59,DA), \
317
V(D4,BE,83,2D), V(58,74,21,D3), V(49,E0,69,29), V(8E,C9,C8,44), \
318
V(75,C2,89,6A), V(F4,8E,79,78), V(99,58,3E,6B), V(27,B9,71,DD), \
319
V(BE,E1,4F,B6), V(F0,88,AD,17), V(C9,20,AC,66), V(7D,CE,3A,B4), \
320
V(63,DF,4A,18), V(E5,1A,31,82), V(97,51,33,60), V(62,53,7F,45), \
321
V(B1,64,77,E0), V(BB,6B,AE,84), V(FE,81,A0,1C), V(F9,08,2B,94), \
322
V(70,48,68,58), V(8F,45,FD,19), V(94,DE,6C,87), V(52,7B,F8,B7), \
323
V(AB,73,D3,23), V(72,4B,02,E2), V(E3,1F,8F,57), V(66,55,AB,2A), \
324
V(B2,EB,28,07), V(2F,B5,C2,03), V(86,C5,7B,9A), V(D3,37,08,A5), \
325
V(30,28,87,F2), V(23,BF,A5,B2), V(02,03,6A,BA), V(ED,16,82,5C), \
326
V(8A,CF,1C,2B), V(A7,79,B4,92), V(F3,07,F2,F0), V(4E,69,E2,A1), \
327
V(65,DA,F4,CD), V(06,05,BE,D5), V(D1,34,62,1F), V(C4,A6,FE,8A), \
328
V(34,2E,53,9D), V(A2,F3,55,A0), V(05,8A,E1,32), V(A4,F6,EB,75), \
329
V(0B,83,EC,39), V(40,60,EF,AA), V(5E,71,9F,06), V(BD,6E,10,51), \
330
V(3E,21,8A,F9), V(96,DD,06,3D), V(DD,3E,05,AE), V(4D,E6,BD,46), \
331
V(91,54,8D,B5), V(71,C4,5D,05), V(04,06,D4,6F), V(60,50,15,FF), \
332
V(19,98,FB,24), V(D6,BD,E9,97), V(89,40,43,CC), V(67,D9,9E,77), \
333
V(B0,E8,42,BD), V(07,89,8B,88), V(E7,19,5B,38), V(79,C8,EE,DB), \
334
V(A1,7C,0A,47), V(7C,42,0F,E9), V(F8,84,1E,C9), V(00,00,00,00), \
335
V(09,80,86,83), V(32,2B,ED,48), V(1E,11,70,AC), V(6C,5A,72,4E), \
336
V(FD,0E,FF,FB), V(0F,85,38,56), V(3D,AE,D5,1E), V(36,2D,39,27), \
337
V(0A,0F,D9,64), V(68,5C,A6,21), V(9B,5B,54,D1), V(24,36,2E,3A), \
338
V(0C,0A,67,B1), V(93,57,E7,0F), V(B4,EE,96,D2), V(1B,9B,91,9E), \
339
V(80,C0,C5,4F), V(61,DC,20,A2), V(5A,77,4B,69), V(1C,12,1A,16), \
340
V(E2,93,BA,0A), V(C0,A0,2A,E5), V(3C,22,E0,43), V(12,1B,17,1D), \
341
V(0E,09,0D,0B), V(F2,8B,C7,AD), V(2D,B6,A8,B9), V(14,1E,A9,C8), \
342
V(57,F1,19,85), V(AF,75,07,4C), V(EE,99,DD,BB), V(A3,7F,60,FD), \
343
V(F7,01,26,9F), V(5C,72,F5,BC), V(44,66,3B,C5), V(5B,FB,7E,34), \
344
V(8B,43,29,76), V(CB,23,C6,DC), V(B6,ED,FC,68), V(B8,E4,F1,63), \
345
V(D7,31,DC,CA), V(42,63,85,10), V(13,97,22,40), V(84,C6,11,20), \
346
V(85,4A,24,7D), V(D2,BB,3D,F8), V(AE,F9,32,11), V(C7,29,A1,6D), \
347
V(1D,9E,2F,4B), V(DC,B2,30,F3), V(0D,86,52,EC), V(77,C1,E3,D0), \
348
V(2B,B3,16,6C), V(A9,70,B9,99), V(11,94,48,FA), V(47,E9,64,22), \
349
V(A8,FC,8C,C4), V(A0,F0,3F,1A), V(56,7D,2C,D8), V(22,33,90,EF), \
350
V(87,49,4E,C7), V(D9,38,D1,C1), V(8C,CA,A2,FE), V(98,D4,0B,36), \
351
V(A6,F5,81,CF), V(A5,7A,DE,28), V(DA,B7,8E,26), V(3F,AD,BF,A4), \
352
V(2C,3A,9D,E4), V(50,78,92,0D), V(6A,5F,CC,9B), V(54,7E,46,62), \
353
V(F6,8D,13,C2), V(90,D8,B8,E8), V(2E,39,F7,5E), V(82,C3,AF,F5), \
354
V(9F,5D,80,BE), V(69,D0,93,7C), V(6F,D5,2D,A9), V(CF,25,12,B3), \
355
V(C8,AC,99,3B), V(10,18,7D,A7), V(E8,9C,63,6E), V(DB,3B,BB,7B), \
356
V(CD,26,78,09), V(6E,59,18,F4), V(EC,9A,B7,01), V(83,4F,9A,A8), \
357
V(E6,95,6E,65), V(AA,FF,E6,7E), V(21,BC,CF,08), V(EF,15,E8,E6), \
358
V(BA,E7,9B,D9), V(4A,6F,36,CE), V(EA,9F,09,D4), V(29,B0,7C,D6), \
359
V(31,A4,B2,AF), V(2A,3F,23,31), V(C6,A5,94,30), V(35,A2,66,C0), \
360
V(74,4E,BC,37), V(FC,82,CA,A6), V(E0,90,D0,B0), V(33,A7,D8,15), \
361
V(F1,04,98,4A), V(41,EC,DA,F7), V(7F,CD,50,0E), V(17,91,F6,2F), \
362
V(76,4D,D6,8D), V(43,EF,B0,4D), V(CC,AA,4D,54), V(E4,96,04,DF), \
363
V(9E,D1,B5,E3), V(4C,6A,88,1B), V(C1,2C,1F,B8), V(46,65,51,7F), \
364
V(9D,5E,EA,04), V(01,8C,35,5D), V(FA,87,74,73), V(FB,0B,41,2E), \
365
V(B3,67,1D,5A), V(92,DB,D2,52), V(E9,10,56,33), V(6D,D6,47,13), \
366
V(9A,D7,61,8C), V(37,A1,0C,7A), V(59,F8,14,8E), V(EB,13,3C,89), \
367
V(CE,A9,27,EE), V(B7,61,C9,35), V(E1,1C,E5,ED), V(7A,47,B1,3C), \
368
V(9C,D2,DF,59), V(55,F2,73,3F), V(18,14,CE,79), V(73,C7,37,BF), \
369
V(53,F7,CD,EA), V(5F,FD,AA,5B), V(DF,3D,6F,14), V(78,44,DB,86), \
370
V(CA,AF,F3,81), V(B9,68,C4,3E), V(38,24,34,2C), V(C2,A3,40,5F), \
371
V(16,1D,C3,72), V(BC,E2,25,0C), V(28,3C,49,8B), V(FF,0D,95,41), \
372
V(39,A8,01,71), V(08,0C,B3,DE), V(D8,B4,E4,9C), V(64,56,C1,90), \
373
V(7B,CB,84,61), V(D5,32,B6,70), V(48,6C,5C,74), V(D0,B8,57,42)
374
375
#define V(a,b,c,d) 0x##a##b##c##d
376
static const uint32 RT0[256] = { RT };
377
#undef V
378
379
#define V(a,b,c,d) 0x##d##a##b##c
380
static const uint32 RT1[256] = { RT };
381
#undef V
382
383
#define V(a,b,c,d) 0x##c##d##a##b
384
static const uint32 RT2[256] = { RT };
385
#undef V
386
387
#define V(a,b,c,d) 0x##b##c##d##a
388
static const uint32 RT3[256] = { RT };
389
#undef V
390
391
#undef RT
392
393
/* round constants */
394
395
static const uint32 RCON[10] =
396
{
397
0x01000000, 0x02000000, 0x04000000, 0x08000000,
398
0x10000000, 0x20000000, 0x40000000, 0x80000000,
399
0x1B000000, 0x36000000
400
};
401
402
int do_init = 0;
403
404
void aes_gen_tables( void )
405
{
406
}
407
408
#endif
409
410
/* platform-independant 32-bit integer manipulation macros */
411
412
#define GET_UINT32(n,b,i) \
413
{ \
414
(n) = ( (uint32) (b)[(i) ] << 24 ) \
415
| ( (uint32) (b)[(i) + 1] << 16 ) \
416
| ( (uint32) (b)[(i) + 2] << 8 ) \
417
| ( (uint32) (b)[(i) + 3] ); \
418
}
419
420
#define PUT_UINT32(n,b,i) \
421
{ \
422
(b)[(i) ] = (uint8) ( (n) >> 24 ); \
423
(b)[(i) + 1] = (uint8) ( (n) >> 16 ); \
424
(b)[(i) + 2] = (uint8) ( (n) >> 8 ); \
425
(b)[(i) + 3] = (uint8) ( (n) ); \
426
}
427
428
/* decryption key schedule tables */
429
430
int KT_init = 1;
431
432
uint32 KT0[256];
433
uint32 KT1[256];
434
uint32 KT2[256];
435
uint32 KT3[256];
436
437
/* AES key scheduling routine */
438
439
int aes_set_key( aes_context *ctx, uint8 *key, int nbits )
440
{
441
int i;
442
uint32 *RK, *SK;
443
444
if( do_init )
445
{
446
aes_gen_tables();
447
448
do_init = 0;
449
}
450
451
switch( nbits )
452
{
453
case 128: ctx->nr = 10; break;
454
case 192: ctx->nr = 12; break;
455
case 256: ctx->nr = 14; break;
456
default : return( 1 );
457
}
458
459
RK = ctx->erk;
460
461
for( i = 0; i < (nbits >> 5); i++ )
462
{
463
GET_UINT32( RK[i], key, i * 4 );
464
}
465
466
/* setup encryption round keys */
467
468
switch( nbits )
469
{
470
case 128:
471
472
for( i = 0; i < 10; i++, RK += 4 )
473
{
474
RK[4] = RK[0] ^ RCON[i] ^
475
( FSb[ (uint8) ( RK[3] >> 16 ) ] << 24 ) ^
476
( FSb[ (uint8) ( RK[3] >> 8 ) ] << 16 ) ^
477
( FSb[ (uint8) ( RK[3] ) ] << 8 ) ^
478
( FSb[ (uint8) ( RK[3] >> 24 ) ] );
479
480
RK[5] = RK[1] ^ RK[4];
481
RK[6] = RK[2] ^ RK[5];
482
RK[7] = RK[3] ^ RK[6];
483
}
484
break;
485
486
case 192:
487
488
for( i = 0; i < 8; i++, RK += 6 )
489
{
490
RK[6] = RK[0] ^ RCON[i] ^
491
( FSb[ (uint8) ( RK[5] >> 16 ) ] << 24 ) ^
492
( FSb[ (uint8) ( RK[5] >> 8 ) ] << 16 ) ^
493
( FSb[ (uint8) ( RK[5] ) ] << 8 ) ^
494
( FSb[ (uint8) ( RK[5] >> 24 ) ] );
495
496
RK[7] = RK[1] ^ RK[6];
497
RK[8] = RK[2] ^ RK[7];
498
RK[9] = RK[3] ^ RK[8];
499
RK[10] = RK[4] ^ RK[9];
500
RK[11] = RK[5] ^ RK[10];
501
}
502
break;
503
504
case 256:
505
506
for( i = 0; i < 7; i++, RK += 8 )
507
{
508
RK[8] = RK[0] ^ RCON[i] ^
509
( FSb[ (uint8) ( RK[7] >> 16 ) ] << 24 ) ^
510
( FSb[ (uint8) ( RK[7] >> 8 ) ] << 16 ) ^
511
( FSb[ (uint8) ( RK[7] ) ] << 8 ) ^
512
( FSb[ (uint8) ( RK[7] >> 24 ) ] );
513
514
RK[9] = RK[1] ^ RK[8];
515
RK[10] = RK[2] ^ RK[9];
516
RK[11] = RK[3] ^ RK[10];
517
518
RK[12] = RK[4] ^
519
( FSb[ (uint8) ( RK[11] >> 24 ) ] << 24 ) ^
520
( FSb[ (uint8) ( RK[11] >> 16 ) ] << 16 ) ^
521
( FSb[ (uint8) ( RK[11] >> 8 ) ] << 8 ) ^
522
( FSb[ (uint8) ( RK[11] ) ] );
523
524
RK[13] = RK[5] ^ RK[12];
525
RK[14] = RK[6] ^ RK[13];
526
RK[15] = RK[7] ^ RK[14];
527
}
528
break;
529
}
530
531
/* setup decryption round keys */
532
533
if( KT_init )
534
{
535
for( i = 0; i < 256; i++ )
536
{
537
KT0[i] = RT0[ FSb[i] ];
538
KT1[i] = RT1[ FSb[i] ];
539
KT2[i] = RT2[ FSb[i] ];
540
KT3[i] = RT3[ FSb[i] ];
541
}
542
543
KT_init = 0;
544
}
545
546
SK = ctx->drk;
547
548
*SK++ = *RK++;
549
*SK++ = *RK++;
550
*SK++ = *RK++;
551
*SK++ = *RK++;
552
553
for( i = 1; i < ctx->nr; i++ )
554
{
555
RK -= 8;
556
557
*SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^
558
KT1[ (uint8) ( *RK >> 16 ) ] ^
559
KT2[ (uint8) ( *RK >> 8 ) ] ^
560
KT3[ (uint8) ( *RK ) ]; RK++;
561
562
*SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^
563
KT1[ (uint8) ( *RK >> 16 ) ] ^
564
KT2[ (uint8) ( *RK >> 8 ) ] ^
565
KT3[ (uint8) ( *RK ) ]; RK++;
566
567
*SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^
568
KT1[ (uint8) ( *RK >> 16 ) ] ^
569
KT2[ (uint8) ( *RK >> 8 ) ] ^
570
KT3[ (uint8) ( *RK ) ]; RK++;
571
572
*SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^
573
KT1[ (uint8) ( *RK >> 16 ) ] ^
574
KT2[ (uint8) ( *RK >> 8 ) ] ^
575
KT3[ (uint8) ( *RK ) ]; RK++;
576
}
577
578
RK -= 8;
579
580
*SK++ = *RK++;
581
*SK++ = *RK++;
582
*SK++ = *RK++;
583
*SK++ = *RK++;
584
585
return( 0 );
586
}
587
588
/* AES 128-bit block encryption routine */
589
590
void aes_encrypt( aes_context *ctx, uint8 input[16], uint8 output[16] )
591
{
592
uint32 *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
593
594
RK = ctx->erk;
595
596
GET_UINT32( X0, input, 0 ); X0 ^= RK[0];
597
GET_UINT32( X1, input, 4 ); X1 ^= RK[1];
598
GET_UINT32( X2, input, 8 ); X2 ^= RK[2];
599
GET_UINT32( X3, input, 12 ); X3 ^= RK[3];
600
601
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
602
{ \
603
RK += 4; \
604
\
605
X0 = RK[0] ^ FT0[ (uint8) ( Y0 >> 24 ) ] ^ \
606
FT1[ (uint8) ( Y1 >> 16 ) ] ^ \
607
FT2[ (uint8) ( Y2 >> 8 ) ] ^ \
608
FT3[ (uint8) ( Y3 ) ]; \
609
\
610
X1 = RK[1] ^ FT0[ (uint8) ( Y1 >> 24 ) ] ^ \
611
FT1[ (uint8) ( Y2 >> 16 ) ] ^ \
612
FT2[ (uint8) ( Y3 >> 8 ) ] ^ \
613
FT3[ (uint8) ( Y0 ) ]; \
614
\
615
X2 = RK[2] ^ FT0[ (uint8) ( Y2 >> 24 ) ] ^ \
616
FT1[ (uint8) ( Y3 >> 16 ) ] ^ \
617
FT2[ (uint8) ( Y0 >> 8 ) ] ^ \
618
FT3[ (uint8) ( Y1 ) ]; \
619
\
620
X3 = RK[3] ^ FT0[ (uint8) ( Y3 >> 24 ) ] ^ \
621
FT1[ (uint8) ( Y0 >> 16 ) ] ^ \
622
FT2[ (uint8) ( Y1 >> 8 ) ] ^ \
623
FT3[ (uint8) ( Y2 ) ]; \
624
}
625
626
AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 1 */
627
AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 2 */
628
AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 3 */
629
AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 4 */
630
AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 5 */
631
AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 6 */
632
AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 7 */
633
AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 8 */
634
AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 9 */
635
636
if( ctx->nr > 10 )
637
{
638
AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 10 */
639
AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 11 */
640
}
641
642
if( ctx->nr > 12 )
643
{
644
AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 12 */
645
AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 13 */
646
}
647
648
/* last round */
649
650
RK += 4;
651
652
X0 = RK[0] ^ ( FSb[ (uint8) ( Y0 >> 24 ) ] << 24 ) ^
653
( FSb[ (uint8) ( Y1 >> 16 ) ] << 16 ) ^
654
( FSb[ (uint8) ( Y2 >> 8 ) ] << 8 ) ^
655
( FSb[ (uint8) ( Y3 ) ] );
656
657
X1 = RK[1] ^ ( FSb[ (uint8) ( Y1 >> 24 ) ] << 24 ) ^
658
( FSb[ (uint8) ( Y2 >> 16 ) ] << 16 ) ^
659
( FSb[ (uint8) ( Y3 >> 8 ) ] << 8 ) ^
660
( FSb[ (uint8) ( Y0 ) ] );
661
662
X2 = RK[2] ^ ( FSb[ (uint8) ( Y2 >> 24 ) ] << 24 ) ^
663
( FSb[ (uint8) ( Y3 >> 16 ) ] << 16 ) ^
664
( FSb[ (uint8) ( Y0 >> 8 ) ] << 8 ) ^
665
( FSb[ (uint8) ( Y1 ) ] );
666
667
X3 = RK[3] ^ ( FSb[ (uint8) ( Y3 >> 24 ) ] << 24 ) ^
668
( FSb[ (uint8) ( Y0 >> 16 ) ] << 16 ) ^
669
( FSb[ (uint8) ( Y1 >> 8 ) ] << 8 ) ^
670
( FSb[ (uint8) ( Y2 ) ] );
671
672
PUT_UINT32( X0, output, 0 );
673
PUT_UINT32( X1, output, 4 );
674
PUT_UINT32( X2, output, 8 );
675
PUT_UINT32( X3, output, 12 );
676
}
677
678
/* AES 128-bit block decryption routine */
679
680
void aes_decrypt( aes_context *ctx, uint8 input[16], uint8 output[16] )
681
{
682
uint32 *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
683
684
RK = ctx->drk;
685
686
GET_UINT32( X0, input, 0 ); X0 ^= RK[0];
687
GET_UINT32( X1, input, 4 ); X1 ^= RK[1];
688
GET_UINT32( X2, input, 8 ); X2 ^= RK[2];
689
GET_UINT32( X3, input, 12 ); X3 ^= RK[3];
690
691
#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
692
{ \
693
RK += 4; \
694
\
695
X0 = RK[0] ^ RT0[ (uint8) ( Y0 >> 24 ) ] ^ \
696
RT1[ (uint8) ( Y3 >> 16 ) ] ^ \
697
RT2[ (uint8) ( Y2 >> 8 ) ] ^ \
698
RT3[ (uint8) ( Y1 ) ]; \
699
\
700
X1 = RK[1] ^ RT0[ (uint8) ( Y1 >> 24 ) ] ^ \
701
RT1[ (uint8) ( Y0 >> 16 ) ] ^ \
702
RT2[ (uint8) ( Y3 >> 8 ) ] ^ \
703
RT3[ (uint8) ( Y2 ) ]; \
704
\
705
X2 = RK[2] ^ RT0[ (uint8) ( Y2 >> 24 ) ] ^ \
706
RT1[ (uint8) ( Y1 >> 16 ) ] ^ \
707
RT2[ (uint8) ( Y0 >> 8 ) ] ^ \
708
RT3[ (uint8) ( Y3 ) ]; \
709
\
710
X3 = RK[3] ^ RT0[ (uint8) ( Y3 >> 24 ) ] ^ \
711
RT1[ (uint8) ( Y2 >> 16 ) ] ^ \
712
RT2[ (uint8) ( Y1 >> 8 ) ] ^ \
713
RT3[ (uint8) ( Y0 ) ]; \
714
}
715
716
AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 1 */
717
AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 2 */
718
AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 3 */
719
AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 4 */
720
AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 5 */
721
AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 6 */
722
AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 7 */
723
AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 8 */
724
AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 9 */
725
726
if( ctx->nr > 10 )
727
{
728
AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 10 */
729
AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 11 */
730
}
731
732
if( ctx->nr > 12 )
733
{
734
AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); /* round 12 */
735
AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); /* round 13 */
736
}
737
738
/* last round */
739
740
RK += 4;
741
742
X0 = RK[0] ^ ( RSb[ (uint8) ( Y0 >> 24 ) ] << 24 ) ^
743
( RSb[ (uint8) ( Y3 >> 16 ) ] << 16 ) ^
744
( RSb[ (uint8) ( Y2 >> 8 ) ] << 8 ) ^
745
( RSb[ (uint8) ( Y1 ) ] );
746
747
X1 = RK[1] ^ ( RSb[ (uint8) ( Y1 >> 24 ) ] << 24 ) ^
748
( RSb[ (uint8) ( Y0 >> 16 ) ] << 16 ) ^
749
( RSb[ (uint8) ( Y3 >> 8 ) ] << 8 ) ^
750
( RSb[ (uint8) ( Y2 ) ] );
751
752
X2 = RK[2] ^ ( RSb[ (uint8) ( Y2 >> 24 ) ] << 24 ) ^
753
( RSb[ (uint8) ( Y1 >> 16 ) ] << 16 ) ^
754
( RSb[ (uint8) ( Y0 >> 8 ) ] << 8 ) ^
755
( RSb[ (uint8) ( Y3 ) ] );
756
757
X3 = RK[3] ^ ( RSb[ (uint8) ( Y3 >> 24 ) ] << 24 ) ^
758
( RSb[ (uint8) ( Y2 >> 16 ) ] << 16 ) ^
759
( RSb[ (uint8) ( Y1 >> 8 ) ] << 8 ) ^
760
( RSb[ (uint8) ( Y0 ) ] );
761
762
PUT_UINT32( X0, output, 0 );
763
PUT_UINT32( X1, output, 4 );
764
PUT_UINT32( X2, output, 8 );
765
PUT_UINT32( X3, output, 12 );
766
}
767
768
#ifdef TEST
769
770
#include <string.h>
771
#include <stdio.h>
772
773
/*
774
* Rijndael Monte Carlo Test: ECB mode
775
* source: NIST - rijndael-vals.zip
776
*/
777
778
static unsigned char AES_enc_test[3][16] =
779
{
780
{ 0xA0, 0x43, 0x77, 0xAB, 0xE2, 0x59, 0xB0, 0xD0,
781
0xB5, 0xBA, 0x2D, 0x40, 0xA5, 0x01, 0x97, 0x1B },
782
{ 0x4E, 0x46, 0xF8, 0xC5, 0x09, 0x2B, 0x29, 0xE2,
783
0x9A, 0x97, 0x1A, 0x0C, 0xD1, 0xF6, 0x10, 0xFB },
784
{ 0x1F, 0x67, 0x63, 0xDF, 0x80, 0x7A, 0x7E, 0x70,
785
0x96, 0x0D, 0x4C, 0xD3, 0x11, 0x8E, 0x60, 0x1A }
786
};
787
788
static unsigned char AES_dec_test[3][16] =
789
{
790
{ 0xF5, 0xBF, 0x8B, 0x37, 0x13, 0x6F, 0x2E, 0x1F,
791
0x6B, 0xEC, 0x6F, 0x57, 0x20, 0x21, 0xE3, 0xBA },
792
{ 0xF1, 0xA8, 0x1B, 0x68, 0xF6, 0xE5, 0xA6, 0x27,
793
0x1A, 0x8C, 0xB2, 0x4E, 0x7D, 0x94, 0x91, 0xEF },
794
{ 0x4D, 0xE0, 0xC6, 0xDF, 0x7C, 0xB1, 0x69, 0x72,
795
0x84, 0x60, 0x4D, 0x60, 0x27, 0x1B, 0xC5, 0x9A }
796
};
797
798
int main( void )
799
{
800
int m, n, i, j;
801
aes_context ctx;
802
unsigned char buf[16];
803
unsigned char key[32];
804
805
for( m = 0; m < 2; m++ )
806
{
807
printf( "\n Rijndael Monte Carlo Test (ECB mode) - " );
808
809
if( m == 0 ) printf( "encryption\n\n" );
810
if( m == 1 ) printf( "decryption\n\n" );
811
812
for( n = 0; n < 3; n++ )
813
{
814
printf( " Test %d, key size = %3d bits: ",
815
n + 1, 128 + n * 64 );
816
817
fflush( stdout );
818
819
memset( buf, 0, 16 );
820
memset( key, 0, 16 + n * 8 );
821
822
for( i = 0; i < 400; i++ )
823
{
824
aes_set_key( &ctx, key, 128 + n * 64 );
825
826
for( j = 0; j < 9999; j++ )
827
{
828
if( m == 0 ) aes_encrypt( &ctx, buf, buf );
829
if( m == 1 ) aes_decrypt( &ctx, buf, buf );
830
}
831
832
if( n > 0 )
833
{
834
for( j = 0; j < (n << 3); j++ )
835
{
836
key[j] ^= buf[j + 16 - (n << 3)];
837
}
838
}
839
840
if( m == 0 ) aes_encrypt( &ctx, buf, buf );
841
if( m == 1 ) aes_decrypt( &ctx, buf, buf );
842
843
for( j = 0; j < 16; j++ )
844
{
845
key[j + (n << 3)] ^= buf[j];
846
}
847
}
848
849
if( ( m == 0 && memcmp( buf, AES_enc_test[n], 16 ) != 0 ) ||
850
( m == 1 && memcmp( buf, AES_dec_test[n], 16 ) != 0 ) )
851
{
852
printf( "failed!\n" );
853
return( 1 );
854
}
855
856
printf( "passed.\n" );
857
}
858
}
859
860
printf( "\n" );
861
862
return( 0 );
863
}
864
865
#endif
866
Loggerhead is a web-based interface for Breezy
Version: 2.0.1