Harald Welte | 781bd5d | 2011-12-06 22:23:52 +0100 | [diff] [blame] | 1 | /* |
| 2 | * AES (Rijndael) cipher - encrypt |
| 3 | * |
| 4 | * Modifications to public domain implementation: |
| 5 | * - support only 128-bit keys |
| 6 | * - cleanup |
| 7 | * - use C pre-processor to make it easier to change S table access |
| 8 | * - added option (AES_SMALL_TABLES) for reducing code size by about 8 kB at |
| 9 | * cost of reduced throughput (quite small difference on Pentium 4, |
| 10 | * 10-25% when using -O1 or -O2 optimization) |
| 11 | * |
| 12 | * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi> |
| 13 | * |
| 14 | * This program is free software; you can redistribute it and/or modify |
| 15 | * it under the terms of the GNU General Public License version 2 as |
| 16 | * published by the Free Software Foundation. |
| 17 | * |
| 18 | * Alternatively, this software may be distributed under the terms of BSD |
| 19 | * license. |
| 20 | * |
| 21 | * See README and COPYING for more details. |
| 22 | */ |
| 23 | |
| 24 | #include "includes.h" |
| 25 | |
| 26 | #include "common.h" |
| 27 | #include "crypto.h" |
| 28 | #include "aes_i.h" |
| 29 | |
| 30 | static void rijndaelEncrypt(const u32 rk[/*44*/], const u8 pt[16], u8 ct[16]) |
| 31 | { |
| 32 | u32 s0, s1, s2, s3, t0, t1, t2, t3; |
| 33 | const int Nr = 10; |
| 34 | #ifndef FULL_UNROLL |
| 35 | int r; |
| 36 | #endif /* ?FULL_UNROLL */ |
| 37 | |
| 38 | /* |
| 39 | * map byte array block to cipher state |
| 40 | * and add initial round key: |
| 41 | */ |
| 42 | s0 = GETU32(pt ) ^ rk[0]; |
| 43 | s1 = GETU32(pt + 4) ^ rk[1]; |
| 44 | s2 = GETU32(pt + 8) ^ rk[2]; |
| 45 | s3 = GETU32(pt + 12) ^ rk[3]; |
| 46 | |
| 47 | #define ROUND(i,d,s) \ |
| 48 | d##0 = TE0(s##0) ^ TE1(s##1) ^ TE2(s##2) ^ TE3(s##3) ^ rk[4 * i]; \ |
| 49 | d##1 = TE0(s##1) ^ TE1(s##2) ^ TE2(s##3) ^ TE3(s##0) ^ rk[4 * i + 1]; \ |
| 50 | d##2 = TE0(s##2) ^ TE1(s##3) ^ TE2(s##0) ^ TE3(s##1) ^ rk[4 * i + 2]; \ |
| 51 | d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3] |
| 52 | |
| 53 | #ifdef FULL_UNROLL |
| 54 | |
| 55 | ROUND(1,t,s); |
| 56 | ROUND(2,s,t); |
| 57 | ROUND(3,t,s); |
| 58 | ROUND(4,s,t); |
| 59 | ROUND(5,t,s); |
| 60 | ROUND(6,s,t); |
| 61 | ROUND(7,t,s); |
| 62 | ROUND(8,s,t); |
| 63 | ROUND(9,t,s); |
| 64 | |
| 65 | rk += Nr << 2; |
| 66 | |
| 67 | #else /* !FULL_UNROLL */ |
| 68 | |
| 69 | /* Nr - 1 full rounds: */ |
| 70 | r = Nr >> 1; |
| 71 | for (;;) { |
| 72 | ROUND(1,t,s); |
| 73 | rk += 8; |
| 74 | if (--r == 0) |
| 75 | break; |
| 76 | ROUND(0,s,t); |
| 77 | } |
| 78 | |
| 79 | #endif /* ?FULL_UNROLL */ |
| 80 | |
| 81 | #undef ROUND |
| 82 | |
| 83 | /* |
| 84 | * apply last round and |
| 85 | * map cipher state to byte array block: |
| 86 | */ |
| 87 | s0 = TE41(t0) ^ TE42(t1) ^ TE43(t2) ^ TE44(t3) ^ rk[0]; |
| 88 | PUTU32(ct , s0); |
| 89 | s1 = TE41(t1) ^ TE42(t2) ^ TE43(t3) ^ TE44(t0) ^ rk[1]; |
| 90 | PUTU32(ct + 4, s1); |
| 91 | s2 = TE41(t2) ^ TE42(t3) ^ TE43(t0) ^ TE44(t1) ^ rk[2]; |
| 92 | PUTU32(ct + 8, s2); |
| 93 | s3 = TE41(t3) ^ TE42(t0) ^ TE43(t1) ^ TE44(t2) ^ rk[3]; |
| 94 | PUTU32(ct + 12, s3); |
| 95 | } |
| 96 | |
| 97 | |
| 98 | void * aes_encrypt_init(const u8 *key, size_t len) |
| 99 | { |
| 100 | u32 *rk; |
| 101 | if (len != 16) |
| 102 | return NULL; |
| 103 | rk = os_malloc(AES_PRIV_SIZE); |
| 104 | if (rk == NULL) |
| 105 | return NULL; |
| 106 | rijndaelKeySetupEnc(rk, key); |
| 107 | return rk; |
| 108 | } |
| 109 | |
| 110 | |
| 111 | void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt) |
| 112 | { |
| 113 | rijndaelEncrypt(ctx, plain, crypt); |
| 114 | } |
| 115 | |
| 116 | |
| 117 | void aes_encrypt_deinit(void *ctx) |
| 118 | { |
| 119 | os_memset(ctx, 0, AES_PRIV_SIZE); |
| 120 | os_free(ctx); |
| 121 | } |