1
by Marek Habersack
Import upstream version 1.10 |
1 |
/* aes-set-decrypt-key.c
|
2 |
*
|
|
3 |
* Inverse key setup for the aes/rijndael block cipher.
|
|
4 |
*/
|
|
5 |
||
6 |
/* nettle, low-level cryptographics library
|
|
7 |
*
|
|
1.5.1
by Magnus Holmgren
Import upstream version 2.5 |
8 |
* Copyright (C) 2000, 2001, 2002 Rafael R. Sevilla, Niels Möller
|
1
by Marek Habersack
Import upstream version 1.10 |
9 |
*
|
10 |
* The nettle library is free software; you can redistribute it and/or modify
|
|
11 |
* it under the terms of the GNU Lesser General Public License as published by
|
|
12 |
* the Free Software Foundation; either version 2.1 of the License, or (at your
|
|
13 |
* option) any later version.
|
|
14 |
*
|
|
15 |
* The nettle library is distributed in the hope that it will be useful, but
|
|
16 |
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
17 |
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
|
|
18 |
* License for more details.
|
|
19 |
*
|
|
20 |
* You should have received a copy of the GNU Lesser General Public License
|
|
21 |
* along with the nettle library; see the file COPYING.LIB. If not, write to
|
|
1.5.2
by Magnus Holmgren
Import upstream version 2.6 |
22 |
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
23 |
* MA 02111-1301, USA.
|
|
1
by Marek Habersack
Import upstream version 1.10 |
24 |
*/
|
25 |
||
26 |
/* Originally written by Rafael R. Sevilla <dido@pacific.net.ph> */
|
|
27 |
||
28 |
#if HAVE_CONFIG_H
|
|
29 |
# include "config.h"
|
|
30 |
#endif
|
|
31 |
||
32 |
#include "aes-internal.h" |
|
33 |
||
1.5.1
by Magnus Holmgren
Import upstream version 2.5 |
34 |
#include "macros.h" |
35 |
||
36 |
/* NOTE: We don't include rotated versions of the table. */
|
|
37 |
static const uint32_t mtable[0x100] = |
|
38 |
{
|
|
39 |
0x00000000,0x0b0d090e,0x161a121c,0x1d171b12, |
|
40 |
0x2c342438,0x27392d36,0x3a2e3624,0x31233f2a, |
|
41 |
0x58684870,0x5365417e,0x4e725a6c,0x457f5362, |
|
42 |
0x745c6c48,0x7f516546,0x62467e54,0x694b775a, |
|
43 |
0xb0d090e0,0xbbdd99ee,0xa6ca82fc,0xadc78bf2, |
|
44 |
0x9ce4b4d8,0x97e9bdd6,0x8afea6c4,0x81f3afca, |
|
45 |
0xe8b8d890,0xe3b5d19e,0xfea2ca8c,0xf5afc382, |
|
46 |
0xc48cfca8,0xcf81f5a6,0xd296eeb4,0xd99be7ba, |
|
47 |
0x7bbb3bdb,0x70b632d5,0x6da129c7,0x66ac20c9, |
|
48 |
0x578f1fe3,0x5c8216ed,0x41950dff,0x4a9804f1, |
|
49 |
0x23d373ab,0x28de7aa5,0x35c961b7,0x3ec468b9, |
|
50 |
0x0fe75793,0x04ea5e9d,0x19fd458f,0x12f04c81, |
|
51 |
0xcb6bab3b,0xc066a235,0xdd71b927,0xd67cb029, |
|
52 |
0xe75f8f03,0xec52860d,0xf1459d1f,0xfa489411, |
|
53 |
0x9303e34b,0x980eea45,0x8519f157,0x8e14f859, |
|
54 |
0xbf37c773,0xb43ace7d,0xa92dd56f,0xa220dc61, |
|
55 |
0xf66d76ad,0xfd607fa3,0xe07764b1,0xeb7a6dbf, |
|
56 |
0xda595295,0xd1545b9b,0xcc434089,0xc74e4987, |
|
57 |
0xae053edd,0xa50837d3,0xb81f2cc1,0xb31225cf, |
|
58 |
0x82311ae5,0x893c13eb,0x942b08f9,0x9f2601f7, |
|
59 |
0x46bde64d,0x4db0ef43,0x50a7f451,0x5baafd5f, |
|
60 |
0x6a89c275,0x6184cb7b,0x7c93d069,0x779ed967, |
|
61 |
0x1ed5ae3d,0x15d8a733,0x08cfbc21,0x03c2b52f, |
|
62 |
0x32e18a05,0x39ec830b,0x24fb9819,0x2ff69117, |
|
63 |
0x8dd64d76,0x86db4478,0x9bcc5f6a,0x90c15664, |
|
64 |
0xa1e2694e,0xaaef6040,0xb7f87b52,0xbcf5725c, |
|
65 |
0xd5be0506,0xdeb30c08,0xc3a4171a,0xc8a91e14, |
|
66 |
0xf98a213e,0xf2872830,0xef903322,0xe49d3a2c, |
|
67 |
0x3d06dd96,0x360bd498,0x2b1ccf8a,0x2011c684, |
|
68 |
0x1132f9ae,0x1a3ff0a0,0x0728ebb2,0x0c25e2bc, |
|
69 |
0x656e95e6,0x6e639ce8,0x737487fa,0x78798ef4, |
|
70 |
0x495ab1de,0x4257b8d0,0x5f40a3c2,0x544daacc, |
|
71 |
0xf7daec41,0xfcd7e54f,0xe1c0fe5d,0xeacdf753, |
|
72 |
0xdbeec879,0xd0e3c177,0xcdf4da65,0xc6f9d36b, |
|
73 |
0xafb2a431,0xa4bfad3f,0xb9a8b62d,0xb2a5bf23, |
|
74 |
0x83868009,0x888b8907,0x959c9215,0x9e919b1b, |
|
75 |
0x470a7ca1,0x4c0775af,0x51106ebd,0x5a1d67b3, |
|
76 |
0x6b3e5899,0x60335197,0x7d244a85,0x7629438b, |
|
77 |
0x1f6234d1,0x146f3ddf,0x097826cd,0x02752fc3, |
|
78 |
0x335610e9,0x385b19e7,0x254c02f5,0x2e410bfb, |
|
79 |
0x8c61d79a,0x876cde94,0x9a7bc586,0x9176cc88, |
|
80 |
0xa055f3a2,0xab58faac,0xb64fe1be,0xbd42e8b0, |
|
81 |
0xd4099fea,0xdf0496e4,0xc2138df6,0xc91e84f8, |
|
82 |
0xf83dbbd2,0xf330b2dc,0xee27a9ce,0xe52aa0c0, |
|
83 |
0x3cb1477a,0x37bc4e74,0x2aab5566,0x21a65c68, |
|
84 |
0x10856342,0x1b886a4c,0x069f715e,0x0d927850, |
|
85 |
0x64d90f0a,0x6fd40604,0x72c31d16,0x79ce1418, |
|
86 |
0x48ed2b32,0x43e0223c,0x5ef7392e,0x55fa3020, |
|
87 |
0x01b79aec,0x0aba93e2,0x17ad88f0,0x1ca081fe, |
|
88 |
0x2d83bed4,0x268eb7da,0x3b99acc8,0x3094a5c6, |
|
89 |
0x59dfd29c,0x52d2db92,0x4fc5c080,0x44c8c98e, |
|
90 |
0x75ebf6a4,0x7ee6ffaa,0x63f1e4b8,0x68fcedb6, |
|
91 |
0xb1670a0c,0xba6a0302,0xa77d1810,0xac70111e, |
|
92 |
0x9d532e34,0x965e273a,0x8b493c28,0x80443526, |
|
93 |
0xe90f427c,0xe2024b72,0xff155060,0xf418596e, |
|
94 |
0xc53b6644,0xce366f4a,0xd3217458,0xd82c7d56, |
|
95 |
0x7a0ca137,0x7101a839,0x6c16b32b,0x671bba25, |
|
96 |
0x5638850f,0x5d358c01,0x40229713,0x4b2f9e1d, |
|
97 |
0x2264e947,0x2969e049,0x347efb5b,0x3f73f255, |
|
98 |
0x0e50cd7f,0x055dc471,0x184adf63,0x1347d66d, |
|
99 |
0xcadc31d7,0xc1d138d9,0xdcc623cb,0xd7cb2ac5, |
|
100 |
0xe6e815ef,0xede51ce1,0xf0f207f3,0xfbff0efd, |
|
101 |
0x92b479a7,0x99b970a9,0x84ae6bbb,0x8fa362b5, |
|
102 |
0xbe805d9f,0xb58d5491,0xa89a4f83,0xa397468d, |
|
103 |
};
|
|
104 |
||
105 |
#define MIX_COLUMN(T, key) do { \
|
|
106 |
uint32_t _k, _nk, _t; \
|
|
107 |
_k = (key); \
|
|
108 |
_nk = T[_k & 0xff]; \
|
|
109 |
_k >>= 8; \
|
|
110 |
_t = T[_k & 0xff]; \
|
|
111 |
_nk ^= ROTL32(8, _t); \
|
|
112 |
_k >>= 8; \
|
|
113 |
_t = T[_k & 0xff]; \
|
|
114 |
_nk ^= ROTL32(16, _t); \
|
|
115 |
_k >>= 8; \
|
|
116 |
_t = T[_k & 0xff]; \
|
|
117 |
_nk ^= ROTL32(24, _t); \
|
|
118 |
(key) = _nk; \
|
|
119 |
} while(0)
|
|
120 |
||
1
by Marek Habersack
Import upstream version 1.10 |
121 |
|
122 |
#define SWAP(a, b) \
|
|
123 |
do { uint32_t t_swap = (a); (a) = (b); (b) = t_swap; } while(0)
|
|
124 |
||
125 |
void
|
|
1.4.2
by Magnus Holmgren
Import upstream version 2.1 |
126 |
aes_invert_key(struct aes_ctx *dst, |
127 |
const struct aes_ctx *src) |
|
128 |
{
|
|
129 |
unsigned nrounds; |
|
130 |
unsigned i; |
|
131 |
||
132 |
nrounds = src->nrounds; |
|
133 |
||
134 |
/* Reverse the order of subkeys, in groups of 4. */
|
|
135 |
/* FIXME: Instead of reordering the subkeys, change the access order
|
|
136 |
of aes_decrypt, since it's a separate function anyway? */
|
|
137 |
if (src == dst) |
|
138 |
{
|
|
139 |
unsigned j, k; |
|
140 |
||
141 |
for (i = 0, j = nrounds * 4; |
|
142 |
i < j; |
|
143 |
i += 4, j -= 4) |
|
144 |
for (k = 0; k<4; k++) |
|
145 |
SWAP(dst->keys[i+k], dst->keys[j+k]); |
|
146 |
}
|
|
147 |
else
|
|
148 |
{
|
|
149 |
unsigned k; |
|
150 |
||
151 |
dst->nrounds = nrounds; |
|
152 |
for (i = 0; i <= nrounds * 4; i += 4) |
|
153 |
for (k = 0; k < 4; k++) |
|
154 |
dst->keys[i+k] = src->keys[nrounds * 4 - i + k]; |
|
155 |
}
|
|
156 |
||
157 |
/* Transform all subkeys but the first and last. */
|
|
1.5.1
by Magnus Holmgren
Import upstream version 2.5 |
158 |
for (i = 4; i < 4 * nrounds; i++) |
159 |
MIX_COLUMN (mtable, dst->keys[i]); |
|
1.4.2
by Magnus Holmgren
Import upstream version 2.1 |
160 |
}
|
161 |
||
162 |
void
|
|
1
by Marek Habersack
Import upstream version 1.10 |
163 |
aes_set_decrypt_key(struct aes_ctx *ctx, |
164 |
unsigned keysize, const uint8_t *key) |
|
165 |
{
|
|
166 |
/* We first create subkeys for encryption,
|
|
167 |
* then modify the subkeys for decryption. */
|
|
168 |
aes_set_encrypt_key(ctx, keysize, key); |
|
1.4.2
by Magnus Holmgren
Import upstream version 2.1 |
169 |
aes_invert_key(ctx, ctx); |
1
by Marek Habersack
Import upstream version 1.10 |
170 |
}
|
171 |