Neels Hofmeyr | 17518fe | 2017-06-20 04:35:06 +0200 | [diff] [blame] | 1 | /*! \file aes-internal-enc.c |
| 2 | * AES (Rijndael) cipher - encrypt. |
Harald Welte | 781bd5d | 2011-12-06 22:23:52 +0100 | [diff] [blame] | 3 | * |
| 4 | * Modifications to public domain implementation: |
| 5 | * - support only 128-bit keys |
| 6 | * - cleanup |
| 7 | * - use C pre-processor to make it easier to change S table access |
| 8 | * - added option (AES_SMALL_TABLES) for reducing code size by about 8 kB at |
| 9 | * cost of reduced throughput (quite small difference on Pentium 4, |
| 10 | * 10-25% when using -O1 or -O2 optimization) |
Neels Hofmeyr | 17518fe | 2017-06-20 04:35:06 +0200 | [diff] [blame] | 11 | */ |
| 12 | /* |
Harald Welte | 781bd5d | 2011-12-06 22:23:52 +0100 | [diff] [blame] | 13 | * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi> |
| 14 | * |
| 15 | * This program is free software; you can redistribute it and/or modify |
| 16 | * it under the terms of the GNU General Public License version 2 as |
| 17 | * published by the Free Software Foundation. |
| 18 | * |
| 19 | * Alternatively, this software may be distributed under the terms of BSD |
| 20 | * license. |
| 21 | * |
| 22 | * See README and COPYING for more details. |
| 23 | */ |
| 24 | |
| 25 | #include "includes.h" |
| 26 | |
| 27 | #include "common.h" |
| 28 | #include "crypto.h" |
| 29 | #include "aes_i.h" |
| 30 | |
| 31 | static void rijndaelEncrypt(const u32 rk[/*44*/], const u8 pt[16], u8 ct[16]) |
| 32 | { |
| 33 | u32 s0, s1, s2, s3, t0, t1, t2, t3; |
| 34 | const int Nr = 10; |
| 35 | #ifndef FULL_UNROLL |
| 36 | int r; |
| 37 | #endif /* ?FULL_UNROLL */ |
| 38 | |
| 39 | /* |
| 40 | * map byte array block to cipher state |
| 41 | * and add initial round key: |
| 42 | */ |
| 43 | s0 = GETU32(pt ) ^ rk[0]; |
| 44 | s1 = GETU32(pt + 4) ^ rk[1]; |
| 45 | s2 = GETU32(pt + 8) ^ rk[2]; |
| 46 | s3 = GETU32(pt + 12) ^ rk[3]; |
| 47 | |
| 48 | #define ROUND(i,d,s) \ |
| 49 | d##0 = TE0(s##0) ^ TE1(s##1) ^ TE2(s##2) ^ TE3(s##3) ^ rk[4 * i]; \ |
| 50 | d##1 = TE0(s##1) ^ TE1(s##2) ^ TE2(s##3) ^ TE3(s##0) ^ rk[4 * i + 1]; \ |
| 51 | d##2 = TE0(s##2) ^ TE1(s##3) ^ TE2(s##0) ^ TE3(s##1) ^ rk[4 * i + 2]; \ |
| 52 | d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3] |
| 53 | |
| 54 | #ifdef FULL_UNROLL |
| 55 | |
| 56 | ROUND(1,t,s); |
| 57 | ROUND(2,s,t); |
| 58 | ROUND(3,t,s); |
| 59 | ROUND(4,s,t); |
| 60 | ROUND(5,t,s); |
| 61 | ROUND(6,s,t); |
| 62 | ROUND(7,t,s); |
| 63 | ROUND(8,s,t); |
| 64 | ROUND(9,t,s); |
| 65 | |
| 66 | rk += Nr << 2; |
| 67 | |
| 68 | #else /* !FULL_UNROLL */ |
| 69 | |
| 70 | /* Nr - 1 full rounds: */ |
| 71 | r = Nr >> 1; |
| 72 | for (;;) { |
| 73 | ROUND(1,t,s); |
| 74 | rk += 8; |
| 75 | if (--r == 0) |
| 76 | break; |
| 77 | ROUND(0,s,t); |
| 78 | } |
| 79 | |
| 80 | #endif /* ?FULL_UNROLL */ |
| 81 | |
| 82 | #undef ROUND |
| 83 | |
| 84 | /* |
| 85 | * apply last round and |
| 86 | * map cipher state to byte array block: |
| 87 | */ |
| 88 | s0 = TE41(t0) ^ TE42(t1) ^ TE43(t2) ^ TE44(t3) ^ rk[0]; |
| 89 | PUTU32(ct , s0); |
| 90 | s1 = TE41(t1) ^ TE42(t2) ^ TE43(t3) ^ TE44(t0) ^ rk[1]; |
| 91 | PUTU32(ct + 4, s1); |
| 92 | s2 = TE41(t2) ^ TE42(t3) ^ TE43(t0) ^ TE44(t1) ^ rk[2]; |
| 93 | PUTU32(ct + 8, s2); |
| 94 | s3 = TE41(t3) ^ TE42(t0) ^ TE43(t1) ^ TE44(t2) ^ rk[3]; |
| 95 | PUTU32(ct + 12, s3); |
| 96 | } |
| 97 | |
| 98 | |
| 99 | void * aes_encrypt_init(const u8 *key, size_t len) |
| 100 | { |
| 101 | u32 *rk; |
| 102 | if (len != 16) |
| 103 | return NULL; |
| 104 | rk = os_malloc(AES_PRIV_SIZE); |
| 105 | if (rk == NULL) |
| 106 | return NULL; |
| 107 | rijndaelKeySetupEnc(rk, key); |
| 108 | return rk; |
| 109 | } |
| 110 | |
| 111 | |
| 112 | void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt) |
| 113 | { |
| 114 | rijndaelEncrypt(ctx, plain, crypt); |
| 115 | } |
| 116 | |
| 117 | |
| 118 | void aes_encrypt_deinit(void *ctx) |
| 119 | { |
| 120 | os_memset(ctx, 0, AES_PRIV_SIZE); |
| 121 | os_free(ctx); |
| 122 | } |