← Back to branch summary

~ubuntu-branches/ubuntu/utopic/nettle/utopic

« back to all changes in this revision

Viewing changes to aes-set-decrypt-key.c

  • Committer: Package Import Robot
  • Author(s): Magnus Holmgren
  • Date: 2013-05-07 22:57:14 UTC
  • mfrom: (8.1.8 sid)
  • Revision ID: package-import@ubuntu.com-20130507225714-s331yr8ov53dtt17
Tags: 2.7-2
Tag some (ECC related) symbols that only exist on some architectures.

Show diffs side-by-side

added added

removed removed

Lines of Context:
aes-set-decrypt-key.c
5
5
 
6
6
/* nettle, low-level cryptographics library
7
7
 *
8
 
 * Copyright (C) 2000, 2001, 2002 Rafael R. Sevilla, Niels M�ller
 
8
 * Copyright (C) 2000, 2001, 2002 Rafael R. Sevilla, Niels Möller
9
9
 *  
10
10
 * The nettle library is free software; you can redistribute it and/or modify
11
11
 * it under the terms of the GNU Lesser General Public License as published by
19
19
 * 
20
20
 * You should have received a copy of the GNU Lesser General Public License
21
21
 * along with the nettle library; see the file COPYING.LIB.  If not, write to
22
 
 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
23
 
 * MA 02111-1307, USA.
 
22
 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 
23
 * MA 02111-1301, USA.
24
24
 */
25
25
 
26
26
/* Originally written by Rafael R. Sevilla <dido@pacific.net.ph> */
31
31
 
32
32
#include "aes-internal.h"
33
33
 
34
 
/* Tables for computations in the AES GF2 field. */
35
 
static const uint8_t gf2_log[0x100] =
36
 
{
37
 
  0x00,0x00,0x19,0x01,0x32,0x02,0x1a,0xc6,
38
 
  0x4b,0xc7,0x1b,0x68,0x33,0xee,0xdf,0x03,
39
 
  0x64,0x04,0xe0,0x0e,0x34,0x8d,0x81,0xef,
40
 
  0x4c,0x71,0x08,0xc8,0xf8,0x69,0x1c,0xc1,
41
 
  0x7d,0xc2,0x1d,0xb5,0xf9,0xb9,0x27,0x6a,
42
 
  0x4d,0xe4,0xa6,0x72,0x9a,0xc9,0x09,0x78,
43
 
  0x65,0x2f,0x8a,0x05,0x21,0x0f,0xe1,0x24,
44
 
  0x12,0xf0,0x82,0x45,0x35,0x93,0xda,0x8e,
45
 
  0x96,0x8f,0xdb,0xbd,0x36,0xd0,0xce,0x94,
46
 
  0x13,0x5c,0xd2,0xf1,0x40,0x46,0x83,0x38,
47
 
  0x66,0xdd,0xfd,0x30,0xbf,0x06,0x8b,0x62,
48
 
  0xb3,0x25,0xe2,0x98,0x22,0x88,0x91,0x10,
49
 
  0x7e,0x6e,0x48,0xc3,0xa3,0xb6,0x1e,0x42,
50
 
  0x3a,0x6b,0x28,0x54,0xfa,0x85,0x3d,0xba,
51
 
  0x2b,0x79,0x0a,0x15,0x9b,0x9f,0x5e,0xca,
52
 
  0x4e,0xd4,0xac,0xe5,0xf3,0x73,0xa7,0x57,
53
 
  0xaf,0x58,0xa8,0x50,0xf4,0xea,0xd6,0x74,
54
 
  0x4f,0xae,0xe9,0xd5,0xe7,0xe6,0xad,0xe8,
55
 
  0x2c,0xd7,0x75,0x7a,0xeb,0x16,0x0b,0xf5,
56
 
  0x59,0xcb,0x5f,0xb0,0x9c,0xa9,0x51,0xa0,
57
 
  0x7f,0x0c,0xf6,0x6f,0x17,0xc4,0x49,0xec,
58
 
  0xd8,0x43,0x1f,0x2d,0xa4,0x76,0x7b,0xb7,
59
 
  0xcc,0xbb,0x3e,0x5a,0xfb,0x60,0xb1,0x86,
60
 
  0x3b,0x52,0xa1,0x6c,0xaa,0x55,0x29,0x9d,
61
 
  0x97,0xb2,0x87,0x90,0x61,0xbe,0xdc,0xfc,
62
 
  0xbc,0x95,0xcf,0xcd,0x37,0x3f,0x5b,0xd1,
63
 
  0x53,0x39,0x84,0x3c,0x41,0xa2,0x6d,0x47,
64
 
  0x14,0x2a,0x9e,0x5d,0x56,0xf2,0xd3,0xab,
65
 
  0x44,0x11,0x92,0xd9,0x23,0x20,0x2e,0x89,
66
 
  0xb4,0x7c,0xb8,0x26,0x77,0x99,0xe3,0xa5,
67
 
  0x67,0x4a,0xed,0xde,0xc5,0x31,0xfe,0x18,
68
 
  0x0d,0x63,0x8c,0x80,0xc0,0xf7,0x70,0x07,
69
 
};
70
 
 
71
 
static const uint8_t gf2_exp[0x100] =
72
 
{
73
 
  0x01,0x03,0x05,0x0f,0x11,0x33,0x55,0xff,
74
 
  0x1a,0x2e,0x72,0x96,0xa1,0xf8,0x13,0x35,
75
 
  0x5f,0xe1,0x38,0x48,0xd8,0x73,0x95,0xa4,
76
 
  0xf7,0x02,0x06,0x0a,0x1e,0x22,0x66,0xaa,
77
 
  0xe5,0x34,0x5c,0xe4,0x37,0x59,0xeb,0x26,
78
 
  0x6a,0xbe,0xd9,0x70,0x90,0xab,0xe6,0x31,
79
 
  0x53,0xf5,0x04,0x0c,0x14,0x3c,0x44,0xcc,
80
 
  0x4f,0xd1,0x68,0xb8,0xd3,0x6e,0xb2,0xcd,
81
 
  0x4c,0xd4,0x67,0xa9,0xe0,0x3b,0x4d,0xd7,
82
 
  0x62,0xa6,0xf1,0x08,0x18,0x28,0x78,0x88,
83
 
  0x83,0x9e,0xb9,0xd0,0x6b,0xbd,0xdc,0x7f,
84
 
  0x81,0x98,0xb3,0xce,0x49,0xdb,0x76,0x9a,
85
 
  0xb5,0xc4,0x57,0xf9,0x10,0x30,0x50,0xf0,
86
 
  0x0b,0x1d,0x27,0x69,0xbb,0xd6,0x61,0xa3,
87
 
  0xfe,0x19,0x2b,0x7d,0x87,0x92,0xad,0xec,
88
 
  0x2f,0x71,0x93,0xae,0xe9,0x20,0x60,0xa0,
89
 
  0xfb,0x16,0x3a,0x4e,0xd2,0x6d,0xb7,0xc2,
90
 
  0x5d,0xe7,0x32,0x56,0xfa,0x15,0x3f,0x41,
91
 
  0xc3,0x5e,0xe2,0x3d,0x47,0xc9,0x40,0xc0,
92
 
  0x5b,0xed,0x2c,0x74,0x9c,0xbf,0xda,0x75,
93
 
  0x9f,0xba,0xd5,0x64,0xac,0xef,0x2a,0x7e,
94
 
  0x82,0x9d,0xbc,0xdf,0x7a,0x8e,0x89,0x80,
95
 
  0x9b,0xb6,0xc1,0x58,0xe8,0x23,0x65,0xaf,
96
 
  0xea,0x25,0x6f,0xb1,0xc8,0x43,0xc5,0x54,
97
 
  0xfc,0x1f,0x21,0x63,0xa5,0xf4,0x07,0x09,
98
 
  0x1b,0x2d,0x77,0x99,0xb0,0xcb,0x46,0xca,
99
 
  0x45,0xcf,0x4a,0xde,0x79,0x8b,0x86,0x91,
100
 
  0xa8,0xe3,0x3e,0x42,0xc6,0x51,0xf3,0x0e,
101
 
  0x12,0x36,0x5a,0xee,0x29,0x7b,0x8d,0x8c,
102
 
  0x8f,0x8a,0x85,0x94,0xa7,0xf2,0x0d,0x17,
103
 
  0x39,0x4b,0xdd,0x7c,0x84,0x97,0xa2,0xfd,
104
 
  0x1c,0x24,0x6c,0xb4,0xc7,0x52,0xf6,0x01,
105
 
};
106
 
 
107
 
static unsigned
108
 
mult(unsigned a, unsigned b)
109
 
{
110
 
  return (a && b) ? gf2_exp[ (gf2_log[a] + gf2_log[b]) % 255] : 0;
111
 
}
112
 
 
113
 
static void
114
 
inv_mix_column(uint32_t *a)
115
 
{
116
 
  uint8_t c[4][4];
117
 
  unsigned i, j;
118
 
        
119
 
  for (j = 0; j < 4; j++)
120
 
    {
121
 
      for(i = 0; i < 4; i++)
122
 
        {
123
 
          c[j][i] = mult(0xe, (a[j] >> i*8) & 0xff)
124
 
            ^ mult(0xb, (a[j] >> ((i+1)%4)*8) & 0xff)
125
 
            ^ mult(0xd, (a[j] >> ((i+2)%4)*8) & 0xff)
126
 
            ^ mult(0x9, (a[j] >> ((i+3)%4)*8) & 0xff);
127
 
        }
128
 
    }
129
 
  for (i = 0; i < 4; i++)
130
 
    {
131
 
      a[i] = 0;
132
 
      for(j = 0; j < 4; j++)
133
 
        a[i] |= c[i][j] << (j*8);
134
 
    }
135
 
}
 
34
#include "macros.h"
 
35
 
 
36
/* NOTE: We don't include rotated versions of the table. */
 
37
static const uint32_t mtable[0x100] =
 
38
{
 
39
  0x00000000,0x0b0d090e,0x161a121c,0x1d171b12,
 
40
  0x2c342438,0x27392d36,0x3a2e3624,0x31233f2a,
 
41
  0x58684870,0x5365417e,0x4e725a6c,0x457f5362,
 
42
  0x745c6c48,0x7f516546,0x62467e54,0x694b775a,
 
43
  0xb0d090e0,0xbbdd99ee,0xa6ca82fc,0xadc78bf2,
 
44
  0x9ce4b4d8,0x97e9bdd6,0x8afea6c4,0x81f3afca,
 
45
  0xe8b8d890,0xe3b5d19e,0xfea2ca8c,0xf5afc382,
 
46
  0xc48cfca8,0xcf81f5a6,0xd296eeb4,0xd99be7ba,
 
47
  0x7bbb3bdb,0x70b632d5,0x6da129c7,0x66ac20c9,
 
48
  0x578f1fe3,0x5c8216ed,0x41950dff,0x4a9804f1,
 
49
  0x23d373ab,0x28de7aa5,0x35c961b7,0x3ec468b9,
 
50
  0x0fe75793,0x04ea5e9d,0x19fd458f,0x12f04c81,
 
51
  0xcb6bab3b,0xc066a235,0xdd71b927,0xd67cb029,
 
52
  0xe75f8f03,0xec52860d,0xf1459d1f,0xfa489411,
 
53
  0x9303e34b,0x980eea45,0x8519f157,0x8e14f859,
 
54
  0xbf37c773,0xb43ace7d,0xa92dd56f,0xa220dc61,
 
55
  0xf66d76ad,0xfd607fa3,0xe07764b1,0xeb7a6dbf,
 
56
  0xda595295,0xd1545b9b,0xcc434089,0xc74e4987,
 
57
  0xae053edd,0xa50837d3,0xb81f2cc1,0xb31225cf,
 
58
  0x82311ae5,0x893c13eb,0x942b08f9,0x9f2601f7,
 
59
  0x46bde64d,0x4db0ef43,0x50a7f451,0x5baafd5f,
 
60
  0x6a89c275,0x6184cb7b,0x7c93d069,0x779ed967,
 
61
  0x1ed5ae3d,0x15d8a733,0x08cfbc21,0x03c2b52f,
 
62
  0x32e18a05,0x39ec830b,0x24fb9819,0x2ff69117,
 
63
  0x8dd64d76,0x86db4478,0x9bcc5f6a,0x90c15664,
 
64
  0xa1e2694e,0xaaef6040,0xb7f87b52,0xbcf5725c,
 
65
  0xd5be0506,0xdeb30c08,0xc3a4171a,0xc8a91e14,
 
66
  0xf98a213e,0xf2872830,0xef903322,0xe49d3a2c,
 
67
  0x3d06dd96,0x360bd498,0x2b1ccf8a,0x2011c684,
 
68
  0x1132f9ae,0x1a3ff0a0,0x0728ebb2,0x0c25e2bc,
 
69
  0x656e95e6,0x6e639ce8,0x737487fa,0x78798ef4,
 
70
  0x495ab1de,0x4257b8d0,0x5f40a3c2,0x544daacc,
 
71
  0xf7daec41,0xfcd7e54f,0xe1c0fe5d,0xeacdf753,
 
72
  0xdbeec879,0xd0e3c177,0xcdf4da65,0xc6f9d36b,
 
73
  0xafb2a431,0xa4bfad3f,0xb9a8b62d,0xb2a5bf23,
 
74
  0x83868009,0x888b8907,0x959c9215,0x9e919b1b,
 
75
  0x470a7ca1,0x4c0775af,0x51106ebd,0x5a1d67b3,
 
76
  0x6b3e5899,0x60335197,0x7d244a85,0x7629438b,
 
77
  0x1f6234d1,0x146f3ddf,0x097826cd,0x02752fc3,
 
78
  0x335610e9,0x385b19e7,0x254c02f5,0x2e410bfb,
 
79
  0x8c61d79a,0x876cde94,0x9a7bc586,0x9176cc88,
 
80
  0xa055f3a2,0xab58faac,0xb64fe1be,0xbd42e8b0,
 
81
  0xd4099fea,0xdf0496e4,0xc2138df6,0xc91e84f8,
 
82
  0xf83dbbd2,0xf330b2dc,0xee27a9ce,0xe52aa0c0,
 
83
  0x3cb1477a,0x37bc4e74,0x2aab5566,0x21a65c68,
 
84
  0x10856342,0x1b886a4c,0x069f715e,0x0d927850,
 
85
  0x64d90f0a,0x6fd40604,0x72c31d16,0x79ce1418,
 
86
  0x48ed2b32,0x43e0223c,0x5ef7392e,0x55fa3020,
 
87
  0x01b79aec,0x0aba93e2,0x17ad88f0,0x1ca081fe,
 
88
  0x2d83bed4,0x268eb7da,0x3b99acc8,0x3094a5c6,
 
89
  0x59dfd29c,0x52d2db92,0x4fc5c080,0x44c8c98e,
 
90
  0x75ebf6a4,0x7ee6ffaa,0x63f1e4b8,0x68fcedb6,
 
91
  0xb1670a0c,0xba6a0302,0xa77d1810,0xac70111e,
 
92
  0x9d532e34,0x965e273a,0x8b493c28,0x80443526,
 
93
  0xe90f427c,0xe2024b72,0xff155060,0xf418596e,
 
94
  0xc53b6644,0xce366f4a,0xd3217458,0xd82c7d56,
 
95
  0x7a0ca137,0x7101a839,0x6c16b32b,0x671bba25,
 
96
  0x5638850f,0x5d358c01,0x40229713,0x4b2f9e1d,
 
97
  0x2264e947,0x2969e049,0x347efb5b,0x3f73f255,
 
98
  0x0e50cd7f,0x055dc471,0x184adf63,0x1347d66d,
 
99
  0xcadc31d7,0xc1d138d9,0xdcc623cb,0xd7cb2ac5,
 
100
  0xe6e815ef,0xede51ce1,0xf0f207f3,0xfbff0efd,
 
101
  0x92b479a7,0x99b970a9,0x84ae6bbb,0x8fa362b5,
 
102
  0xbe805d9f,0xb58d5491,0xa89a4f83,0xa397468d,
 
103
};
 
104
 
 
105
#define MIX_COLUMN(T, key) do { \
 
106
    uint32_t _k, _nk, _t;       \
 
107
    _k = (key);                 \
 
108
    _nk = T[_k & 0xff];         \
 
109
    _k >>= 8;                   \
 
110
    _t = T[_k & 0xff];          \
 
111
    _nk ^= ROTL32(8, _t);       \
 
112
    _k >>= 8;                   \
 
113
    _t = T[_k & 0xff];          \
 
114
    _nk ^= ROTL32(16, _t);      \
 
115
    _k >>= 8;                   \
 
116
    _t = T[_k & 0xff];          \
 
117
    _nk ^= ROTL32(24, _t);      \
 
118
    (key) = _nk;                \
 
119
  } while(0)
 
120
  
136
121
 
137
122
#define SWAP(a, b) \
138
123
do { uint32_t t_swap = (a); (a) = (b); (b) = t_swap; } while(0)
170
155
    }
171
156
 
172
157
  /* Transform all subkeys but the first and last. */
173
 
  for (i = 4; i < 4 * nrounds; i += 4)
174
 
    inv_mix_column(dst->keys + i);
 
158
  for (i = 4; i < 4 * nrounds; i++)
 
159
    MIX_COLUMN (mtable, dst->keys[i]);
175
160
}
176
161
 
177
162
void