Changeset 5261 for pjproject/trunk/third_party/srtp/crypto/cipher/aes.c
- Timestamp:
- Mar 15, 2016 3:57:39 AM (8 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
pjproject/trunk/third_party/srtp/crypto/cipher/aes.c
r1730 r5261 44 44 */ 45 45 46 #ifdef HAVE_CONFIG_H 47 #include <config.h> 48 #endif 46 49 47 50 #include "aes.h" … … 1359 1362 extern debug_module_t mod_aes_icm; 1360 1363 1361 void1362 aes_ expand_encryption_key(const v128_t *key,1363 aes_expanded_key_texpanded_key) {1364 static void 1365 aes_128_expand_encryption_key(const uint8_t *key, 1366 aes_expanded_key_t *expanded_key) { 1364 1367 int i; 1365 1368 gf2_8 rc; … … 1368 1371 rc = 1; 1369 1372 1370 expanded_key[0].v32[0] = key->v32[0]; 1371 expanded_key[0].v32[1] = key->v32[1]; 1372 expanded_key[0].v32[2] = key->v32[2]; 1373 expanded_key[0].v32[3] = key->v32[3]; 1373 expanded_key->num_rounds = 10; 1374 1375 v128_copy_octet_string(&expanded_key->round[0], key); 1374 1376 1375 1377 #if 0 1376 1378 debug_print(mod_aes_icm, 1377 "expanded key[0]: %s", v128_hex_string(&expanded_key [0]));1379 "expanded key[0]: %s", v128_hex_string(&expanded_key->round[0])); 1378 1380 #endif 1379 1381 … … 1382 1384 1383 1385 /* munge first word of round key */ 1384 expanded_key [i].v8[0] = aes_sbox[expanded_key[i-1].v8[13]] ^ rc;1385 expanded_key [i].v8[1] = aes_sbox[expanded_key[i-1].v8[14]];1386 expanded_key [i].v8[2] = aes_sbox[expanded_key[i-1].v8[15]];1387 expanded_key [i].v8[3] = aes_sbox[expanded_key[i-1].v8[12]];1388 1389 expanded_key [i].v32[0] ^= expanded_key[i-1].v32[0];1386 expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i-1].v8[13]] ^ rc; 1387 expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i-1].v8[14]]; 1388 expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i-1].v8[15]]; 1389 expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i-1].v8[12]]; 1390 1391 expanded_key->round[i].v32[0] ^= expanded_key->round[i-1].v32[0]; 1390 1392 1391 1393 /* set remaining 32 bit words to the exor of the one previous with 1392 1394 * the one four words previous */ 1393 1395 1394 expanded_key [i].v32[1] =1395 expanded_key [i].v32[0] ^ expanded_key[i-1].v32[1];1396 1397 expanded_key [i].v32[2] =1398 expanded_key [i].v32[1] ^ expanded_key[i-1].v32[2];1399 1400 expanded_key [i].v32[3] =1401 expanded_key [i].v32[2] ^ expanded_key[i-1].v32[3];1396 expanded_key->round[i].v32[1] = 1397 expanded_key->round[i].v32[0] ^ expanded_key->round[i-1].v32[1]; 1398 1399 expanded_key->round[i].v32[2] = 1400 expanded_key->round[i].v32[1] ^ expanded_key->round[i-1].v32[2]; 1401 1402 expanded_key->round[i].v32[3] = 1403 expanded_key->round[i].v32[2] ^ expanded_key->round[i-1].v32[3]; 1402 1404 1403 1405 #if 0 1404 1406 debug_print2(mod_aes_icm, 1405 "expanded key[%d]: %s", i,v128_hex_string(&expanded_key [i]));1407 "expanded key[%d]: %s", i,v128_hex_string(&expanded_key->round[i])); 1406 1408 #endif 1407 1409 … … 1412 1414 } 1413 1415 1414 void1415 aes_ expand_decryption_key(const v128_t*key,1416 aes_expanded_key_texpanded_key) {1416 static void 1417 aes_256_expand_encryption_key(const unsigned char *key, 1418 aes_expanded_key_t *expanded_key) { 1417 1419 int i; 1418 1419 aes_expand_encryption_key(key, expanded_key); 1420 gf2_8 rc; 1421 1422 /* initialize round constant */ 1423 rc = 1; 1424 1425 expanded_key->num_rounds = 14; 1426 1427 v128_copy_octet_string(&expanded_key->round[0], key); 1428 v128_copy_octet_string(&expanded_key->round[1], key+16); 1429 1430 #if 0 1431 debug_print(mod_aes_icm, 1432 "expanded key[0]: %s", v128_hex_string(&expanded_key->round[0])); 1433 debug_print(mod_aes_icm, 1434 "expanded key[1]: %s", v128_hex_string(&expanded_key->round[1])); 1435 #endif 1436 1437 /* loop over rest of round keys */ 1438 for (i=2; i < 15; i++) { 1439 1440 /* munge first word of round key */ 1441 if ((i & 1) == 0) { 1442 expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i-1].v8[13]] ^ rc; 1443 expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i-1].v8[14]]; 1444 expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i-1].v8[15]]; 1445 expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i-1].v8[12]]; 1446 1447 /* modify round constant */ 1448 rc = gf2_8_shift(rc); 1449 } 1450 else { 1451 expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i-1].v8[12]]; 1452 expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i-1].v8[13]]; 1453 expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i-1].v8[14]]; 1454 expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i-1].v8[15]]; 1455 } 1456 1457 expanded_key->round[i].v32[0] ^= expanded_key->round[i-2].v32[0]; 1458 1459 /* set remaining 32 bit words to the exor of the one previous with 1460 * the one eight words previous */ 1461 1462 expanded_key->round[i].v32[1] = 1463 expanded_key->round[i].v32[0] ^ expanded_key->round[i-2].v32[1]; 1464 1465 expanded_key->round[i].v32[2] = 1466 expanded_key->round[i].v32[1] ^ expanded_key->round[i-2].v32[2]; 1467 1468 expanded_key->round[i].v32[3] = 1469 expanded_key->round[i].v32[2] ^ expanded_key->round[i-2].v32[3]; 1470 1471 #if 0 1472 debug_print2(mod_aes_icm, 1473 "expanded key[%d]: %s", i,v128_hex_string(&expanded_key->round[i])); 1474 #endif 1475 1476 } 1477 } 1478 1479 err_status_t 1480 aes_expand_encryption_key(const uint8_t *key, 1481 int key_len, 1482 aes_expanded_key_t *expanded_key) { 1483 if (key_len == 16) { 1484 aes_128_expand_encryption_key(key, expanded_key); 1485 return err_status_ok; 1486 } 1487 else if (key_len == 24) { 1488 /* AES-192 not yet supported */ 1489 return err_status_bad_param; 1490 } 1491 else if (key_len == 32) { 1492 aes_256_expand_encryption_key(key, expanded_key); 1493 return err_status_ok; 1494 } 1495 else 1496 return err_status_bad_param; 1497 } 1498 1499 err_status_t 1500 aes_expand_decryption_key(const uint8_t *key, 1501 int key_len, 1502 aes_expanded_key_t *expanded_key) { 1503 int i; 1504 err_status_t status; 1505 int num_rounds = expanded_key->num_rounds; 1506 1507 status = aes_expand_encryption_key(key, key_len, expanded_key); 1508 if (status) 1509 return status; 1420 1510 1421 1511 /* invert the order of the round keys */ 1422 for (i=0; i < 5; i++) {1512 for (i=0; i < num_rounds/2; i++) { 1423 1513 v128_t tmp; 1424 v128_copy(&tmp, &expanded_key [10-i]);1425 v128_copy(&expanded_key [10-i], &expanded_key[i]);1426 v128_copy(&expanded_key [i], &tmp);1514 v128_copy(&tmp, &expanded_key->round[num_rounds-i]); 1515 v128_copy(&expanded_key->round[num_rounds-i], &expanded_key->round[i]); 1516 v128_copy(&expanded_key->round[i], &tmp); 1427 1517 } 1428 1518 … … 1435 1525 * in the U-tables) 1436 1526 */ 1437 for (i=1; i < 10; i++) {1527 for (i=1; i < num_rounds; i++) { 1438 1528 #ifdef CPU_RISC 1439 1529 uint32_t tmp; 1440 1530 1441 tmp = expanded_key[i].v32[0]; 1442 expanded_key[i].v32[0] = 1531 #ifdef WORDS_BIGENDIAN 1532 tmp = expanded_key->round[i].v32[0]; 1533 expanded_key->round[i].v32[0] = 1443 1534 U0[T4[(tmp >> 24) ] & 0xff] ^ 1444 1535 U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ … … 1446 1537 U3[T4[(tmp) & 0xff] & 0xff]; 1447 1538 1448 tmp = expanded_key [i].v32[1];1449 expanded_key [i].v32[1] =1539 tmp = expanded_key->round[i].v32[1]; 1540 expanded_key->round[i].v32[1] = 1450 1541 U0[T4[(tmp >> 24) ] & 0xff] ^ 1451 1542 U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ … … 1453 1544 U3[T4[(tmp) & 0xff] & 0xff]; 1454 1545 1455 tmp = expanded_key [i].v32[2];1456 expanded_key [i].v32[2] =1546 tmp = expanded_key->round[i].v32[2]; 1547 expanded_key->round[i].v32[2] = 1457 1548 U0[T4[(tmp >> 24) ] & 0xff] ^ 1458 1549 U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ … … 1460 1551 U3[T4[(tmp) & 0xff] & 0xff]; 1461 1552 1462 tmp = expanded_key [i].v32[3];1463 expanded_key [i].v32[3] =1553 tmp = expanded_key->round[i].v32[3]; 1554 expanded_key->round[i].v32[3] = 1464 1555 U0[T4[(tmp >> 24) ] & 0xff] ^ 1465 1556 U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1466 1557 U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1467 1558 U3[T4[(tmp) & 0xff] & 0xff]; 1559 #else 1560 tmp = expanded_key->round[i].v32[0]; 1561 expanded_key->round[i].v32[0] = 1562 U3[T4[(tmp >> 24) ] & 0xff] ^ 1563 U2[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1564 U1[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1565 U0[T4[(tmp) & 0xff] & 0xff]; 1566 1567 tmp = expanded_key->round[i].v32[1]; 1568 expanded_key->round[i].v32[1] = 1569 U3[T4[(tmp >> 24) ] & 0xff] ^ 1570 U2[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1571 U1[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1572 U0[T4[(tmp) & 0xff] & 0xff]; 1573 1574 tmp = expanded_key->round[i].v32[2]; 1575 expanded_key->round[i].v32[2] = 1576 U3[T4[(tmp >> 24) ] & 0xff] ^ 1577 U2[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1578 U1[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1579 U0[T4[(tmp) & 0xff] & 0xff]; 1580 1581 tmp = expanded_key->round[i].v32[3]; 1582 expanded_key->round[i].v32[3] = 1583 U3[T4[(tmp >> 24) ] & 0xff] ^ 1584 U2[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1585 U1[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1586 U0[T4[(tmp) & 0xff] & 0xff]; 1587 #endif /* WORDS_BIGENDIAN */ 1588 1468 1589 #else /* assume CPU_CISC */ 1469 1590 1470 1591 uint32_t c0, c1, c2, c3; 1471 1592 1472 c0 = U0[aes_sbox[expanded_key [i].v8[0]]]1473 ^ U1[aes_sbox[expanded_key [i].v8[1]]]1474 ^ U2[aes_sbox[expanded_key [i].v8[2]]]1475 ^ U3[aes_sbox[expanded_key [i].v8[3]]];1476 1477 c1 = U0[aes_sbox[expanded_key [i].v8[4]]]1478 ^ U1[aes_sbox[expanded_key [i].v8[5]]]1479 ^ U2[aes_sbox[expanded_key [i].v8[6]]]1480 ^ U3[aes_sbox[expanded_key [i].v8[7]]];1481 1482 c2 = U0[aes_sbox[expanded_key [i].v8[8]]]1483 ^ U1[aes_sbox[expanded_key [i].v8[9]]]1484 ^ U2[aes_sbox[expanded_key [i].v8[10]]]1485 ^ U3[aes_sbox[expanded_key [i].v8[11]]];1486 1487 c3 = U0[aes_sbox[expanded_key [i].v8[12]]]1488 ^ U1[aes_sbox[expanded_key [i].v8[13]]]1489 ^ U2[aes_sbox[expanded_key [i].v8[14]]]1490 ^ U3[aes_sbox[expanded_key [i].v8[15]]];1491 1492 expanded_key [i].v32[0] = c0;1493 expanded_key [i].v32[1] = c1;1494 expanded_key [i].v32[2] = c2;1495 expanded_key [i].v32[3] = c3;1593 c0 = U0[aes_sbox[expanded_key->round[i].v8[0]]] 1594 ^ U1[aes_sbox[expanded_key->round[i].v8[1]]] 1595 ^ U2[aes_sbox[expanded_key->round[i].v8[2]]] 1596 ^ U3[aes_sbox[expanded_key->round[i].v8[3]]]; 1597 1598 c1 = U0[aes_sbox[expanded_key->round[i].v8[4]]] 1599 ^ U1[aes_sbox[expanded_key->round[i].v8[5]]] 1600 ^ U2[aes_sbox[expanded_key->round[i].v8[6]]] 1601 ^ U3[aes_sbox[expanded_key->round[i].v8[7]]]; 1602 1603 c2 = U0[aes_sbox[expanded_key->round[i].v8[8]]] 1604 ^ U1[aes_sbox[expanded_key->round[i].v8[9]]] 1605 ^ U2[aes_sbox[expanded_key->round[i].v8[10]]] 1606 ^ U3[aes_sbox[expanded_key->round[i].v8[11]]]; 1607 1608 c3 = U0[aes_sbox[expanded_key->round[i].v8[12]]] 1609 ^ U1[aes_sbox[expanded_key->round[i].v8[13]]] 1610 ^ U2[aes_sbox[expanded_key->round[i].v8[14]]] 1611 ^ U3[aes_sbox[expanded_key->round[i].v8[15]]]; 1612 1613 expanded_key->round[i].v32[0] = c0; 1614 expanded_key->round[i].v32[1] = c1; 1615 expanded_key->round[i].v32[2] = c2; 1616 expanded_key->round[i].v32[3] = c3; 1496 1617 1497 1618 #endif 1498 1619 } 1620 1621 return err_status_ok; 1499 1622 } 1500 1623 … … 1677 1800 1678 1801 #ifdef WORDS_BIGENDIAN 1679 /* FIX! WRong indexes */1680 1802 column0 = U0[state->v32[0] >> 24] ^ U1[(state->v32[3] >> 16) & 0xff] 1681 1803 ^ U2[(state->v32[2] >> 8) & 0xff] ^ U3[state->v32[1] & 0xff]; … … 1690 1812 ^ U2[(state->v32[1] >> 8) & 0xff] ^ U3[state->v32[0] & 0xff]; 1691 1813 #else 1692 column0 = U0[state->v32[0] & 0xff] ^ U1[(state->v32[ 1] >> 8) & 0xff]1693 ^ U2[(state->v32[2] >> 16) & 0xff] ^ U3[state->v32[3] >> 24];1694 1695 column1 = U0[state->v32[1] & 0xff] ^ U1[(state->v32[ 2] >> 8) & 0xff]1696 ^ U2[(state->v32[3] >> 16) & 0xff] ^ U3[state->v32[0] >> 24];1697 1698 column2 = U0[state->v32[2] & 0xff] ^ U1[(state->v32[ 3] >> 8) & 0xff]1699 ^ U2[(state->v32[0] >> 16) & 0xff] ^ U3[state->v32[1] >> 24];1700 1701 column3 = U0[state->v32[3] & 0xff] ^ U1[(state->v32[ 0] >> 8) & 0xff]1702 ^ U2[(state->v32[1] >> 16) & 0xff] ^ U3[state->v32[2] >> 24];1814 column0 = U0[state->v32[0] & 0xff] ^ U1[(state->v32[3] >> 8) & 0xff] 1815 ^ U2[(state->v32[2] >> 16) & 0xff] ^ U3[(state->v32[1] >> 24) & 0xff]; 1816 1817 column1 = U0[state->v32[1] & 0xff] ^ U1[(state->v32[0] >> 8) & 0xff] 1818 ^ U2[(state->v32[3] >> 16) & 0xff] ^ U3[(state->v32[2] >> 24) & 0xff]; 1819 1820 column2 = U0[state->v32[2] & 0xff] ^ U1[(state->v32[1] >> 8) & 0xff] 1821 ^ U2[(state->v32[0] >> 16) & 0xff] ^ U3[(state->v32[3] >> 24) & 0xff]; 1822 1823 column3 = U0[state->v32[3] & 0xff] ^ U1[(state->v32[2] >> 8) & 0xff] 1824 ^ U2[(state->v32[1] >> 16) & 0xff] ^ U3[(state->v32[0] >> 24) & 0xff]; 1703 1825 #endif /* WORDS_BIGENDIAN */ 1704 1826 … … 1714 1836 uint32_t tmp0, tmp1, tmp2, tmp3; 1715 1837 1838 #ifdef WORDS_BIGENDIAN 1716 1839 tmp0 = (T4[(state->v32[0] >> 24)] & 0xff000000) 1717 1840 ^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) … … 1737 1860 ^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff) 1738 1861 ^ round_key->v32[3]; 1862 #else 1863 tmp0 = (T4[(state->v32[3] >> 24)] & 0xff000000) 1864 ^ (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) 1865 ^ (T4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00) 1866 ^ (T4[(state->v32[0] ) & 0xff] & 0x000000ff) 1867 ^ round_key->v32[0]; 1868 1869 tmp1 = (T4[(state->v32[0] >> 24)] & 0xff000000) 1870 ^ (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) 1871 ^ (T4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00) 1872 ^ (T4[(state->v32[1] ) & 0xff] & 0x000000ff) 1873 ^ round_key->v32[1]; 1874 1875 tmp2 = (T4[(state->v32[1] >> 24)] & 0xff000000) 1876 ^ (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) 1877 ^ (T4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00) 1878 ^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff) 1879 ^ round_key->v32[2]; 1880 1881 tmp3 = (T4[(state->v32[2] >> 24)] & 0xff000000) 1882 ^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) 1883 ^ (T4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00) 1884 ^ (T4[(state->v32[3] ) & 0xff] & 0x000000ff) 1885 ^ round_key->v32[3]; 1886 #endif /* WORDS_BIGENDIAN */ 1739 1887 1740 1888 state->v32[0] = tmp0; … … 1749 1897 uint32_t tmp0, tmp1, tmp2, tmp3; 1750 1898 1899 #ifdef WORDS_BIGENDIAN 1751 1900 tmp0 = (U4[(state->v32[0] >> 24)] & 0xff000000) 1752 1901 ^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) … … 1772 1921 ^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff) 1773 1922 ^ round_key->v32[3]; 1923 #else 1924 tmp0 = (U4[(state->v32[1] >> 24)] & 0xff000000) 1925 ^ (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) 1926 ^ (U4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00) 1927 ^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff) 1928 ^ round_key->v32[0]; 1929 1930 tmp1 = (U4[(state->v32[2] >> 24)] & 0xff000000) 1931 ^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) 1932 ^ (U4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00) 1933 ^ (U4[(state->v32[1] ) & 0xff] & 0x000000ff) 1934 ^ round_key->v32[1]; 1935 1936 tmp2 = (U4[(state->v32[3] >> 24)] & 0xff000000) 1937 ^ (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) 1938 ^ (U4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00) 1939 ^ (U4[(state->v32[2] ) & 0xff] & 0x000000ff) 1940 ^ round_key->v32[2]; 1941 1942 tmp3 = (U4[(state->v32[0] >> 24)] & 0xff000000) 1943 ^ (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) 1944 ^ (U4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00) 1945 ^ (U4[(state->v32[3] ) & 0xff] & 0x000000ff) 1946 ^ round_key->v32[3]; 1947 #endif /* WORDS_BIGENDIAN */ 1774 1948 1775 1949 state->v32[0] = tmp0; … … 1911 2085 1912 2086 void 1913 aes_encrypt(v128_t *plaintext, const aes_expanded_key_t exp_key) {2087 aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) { 1914 2088 1915 2089 /* add in the subkey */ 1916 v128_xor_eq(plaintext, exp_key + 0); 1917 1918 /* now do nine rounds */ 1919 aes_round(plaintext, exp_key + 1); 1920 aes_round(plaintext, exp_key + 2); 1921 aes_round(plaintext, exp_key + 3); 1922 aes_round(plaintext, exp_key + 4); 1923 aes_round(plaintext, exp_key + 5); 1924 aes_round(plaintext, exp_key + 6); 1925 aes_round(plaintext, exp_key + 7); 1926 aes_round(plaintext, exp_key + 8); 1927 aes_round(plaintext, exp_key + 9); 1928 /* the last round is different */ 1929 1930 aes_final_round(plaintext, exp_key + 10); 2090 v128_xor_eq(plaintext, &exp_key->round[0]); 2091 2092 /* now do the rounds */ 2093 aes_round(plaintext, &exp_key->round[1]); 2094 aes_round(plaintext, &exp_key->round[2]); 2095 aes_round(plaintext, &exp_key->round[3]); 2096 aes_round(plaintext, &exp_key->round[4]); 2097 aes_round(plaintext, &exp_key->round[5]); 2098 aes_round(plaintext, &exp_key->round[6]); 2099 aes_round(plaintext, &exp_key->round[7]); 2100 aes_round(plaintext, &exp_key->round[8]); 2101 aes_round(plaintext, &exp_key->round[9]); 2102 if (exp_key->num_rounds == 10) { 2103 aes_final_round(plaintext, &exp_key->round[10]); 2104 } 2105 else if (exp_key->num_rounds == 12) { 2106 aes_round(plaintext, &exp_key->round[10]); 2107 aes_round(plaintext, &exp_key->round[11]); 2108 aes_final_round(plaintext, &exp_key->round[12]); 2109 } 2110 else if (exp_key->num_rounds == 14) { 2111 aes_round(plaintext, &exp_key->round[10]); 2112 aes_round(plaintext, &exp_key->round[11]); 2113 aes_round(plaintext, &exp_key->round[12]); 2114 aes_round(plaintext, &exp_key->round[13]); 2115 aes_final_round(plaintext, &exp_key->round[14]); 2116 } 1931 2117 } 1932 2118 1933 2119 void 1934 aes_decrypt(v128_t *plaintext, const aes_expanded_key_t exp_key) {2120 aes_decrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) { 1935 2121 1936 2122 /* add in the subkey */ 1937 v128_xor_eq(plaintext, exp_key + 0); 1938 1939 /* now do nine rounds */ 1940 aes_inv_round(plaintext, exp_key + 1); 1941 aes_inv_round(plaintext, exp_key + 2); 1942 aes_inv_round(plaintext, exp_key + 3); 1943 aes_inv_round(plaintext, exp_key + 4); 1944 aes_inv_round(plaintext, exp_key + 5); 1945 aes_inv_round(plaintext, exp_key + 6); 1946 aes_inv_round(plaintext, exp_key + 7); 1947 aes_inv_round(plaintext, exp_key + 8); 1948 aes_inv_round(plaintext, exp_key + 9); 1949 /* the last round is different */ 1950 aes_inv_final_round(plaintext, exp_key + 10); 2123 v128_xor_eq(plaintext, &exp_key->round[0]); 2124 2125 /* now do the rounds */ 2126 aes_inv_round(plaintext, &exp_key->round[1]); 2127 aes_inv_round(plaintext, &exp_key->round[2]); 2128 aes_inv_round(plaintext, &exp_key->round[3]); 2129 aes_inv_round(plaintext, &exp_key->round[4]); 2130 aes_inv_round(plaintext, &exp_key->round[5]); 2131 aes_inv_round(plaintext, &exp_key->round[6]); 2132 aes_inv_round(plaintext, &exp_key->round[7]); 2133 aes_inv_round(plaintext, &exp_key->round[8]); 2134 aes_inv_round(plaintext, &exp_key->round[9]); 2135 if (exp_key->num_rounds == 10) { 2136 aes_inv_final_round(plaintext, &exp_key->round[10]); 2137 } 2138 else if (exp_key->num_rounds == 12) { 2139 aes_inv_round(plaintext, &exp_key->round[10]); 2140 aes_inv_round(plaintext, &exp_key->round[11]); 2141 aes_inv_final_round(plaintext, &exp_key->round[12]); 2142 } 2143 else if (exp_key->num_rounds == 14) { 2144 aes_inv_round(plaintext, &exp_key->round[10]); 2145 aes_inv_round(plaintext, &exp_key->round[11]); 2146 aes_inv_round(plaintext, &exp_key->round[12]); 2147 aes_inv_round(plaintext, &exp_key->round[13]); 2148 aes_inv_final_round(plaintext, &exp_key->round[14]); 2149 } 1951 2150 }
Note: See TracChangeset
for help on using the changeset viewer.