|
|
@@ -0,0 +1,121 @@
|
|
|
+/*
|
|
|
+ * AES (Rijndael) cipher - encrypt
|
|
|
+ *
|
|
|
+ * Modifications to public domain implementation:
|
|
|
+ * - support only 128-bit keys
|
|
|
+ * - cleanup
|
|
|
+ * - use C pre-processor to make it easier to change S table access
|
|
|
+ * - added option (AES_SMALL_TABLES) for reducing code size by about 8 kB at
|
|
|
+ * cost of reduced throughput (quite small difference on Pentium 4,
|
|
|
+ * 10-25% when using -O1 or -O2 optimization)
|
|
|
+ *
|
|
|
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
|
|
|
+ *
|
|
|
+ * This program is free software; you can redistribute it and/or modify
|
|
|
+ * it under the terms of the GNU General Public License version 2 as
|
|
|
+ * published by the Free Software Foundation.
|
|
|
+ *
|
|
|
+ * Alternatively, this software may be distributed under the terms of BSD
|
|
|
+ * license.
|
|
|
+ *
|
|
|
+ * See README and COPYING for more details.
|
|
|
+ */
|
|
|
+
|
|
|
+#include "includes.h"
|
|
|
+
|
|
|
+#include "common.h"
|
|
|
+#include "crypto.h"
|
|
|
+#include "aes_i.h"
|
|
|
+
|
|
|
+void rijndaelEncrypt(const u32 rk[/*44*/], const u8 pt[16], u8 ct[16])
|
|
|
+{
|
|
|
+ u32 s0, s1, s2, s3, t0, t1, t2, t3;
|
|
|
+ const int Nr = 10;
|
|
|
+#ifndef FULL_UNROLL
|
|
|
+ int r;
|
|
|
+#endif /* ?FULL_UNROLL */
|
|
|
+
|
|
|
+ /*
|
|
|
+ * map byte array block to cipher state
|
|
|
+ * and add initial round key:
|
|
|
+ */
|
|
|
+ s0 = GETU32(pt ) ^ rk[0];
|
|
|
+ s1 = GETU32(pt + 4) ^ rk[1];
|
|
|
+ s2 = GETU32(pt + 8) ^ rk[2];
|
|
|
+ s3 = GETU32(pt + 12) ^ rk[3];
|
|
|
+
|
|
|
+#define ROUND(i,d,s) \
|
|
|
+d##0 = TE0(s##0) ^ TE1(s##1) ^ TE2(s##2) ^ TE3(s##3) ^ rk[4 * i]; \
|
|
|
+d##1 = TE0(s##1) ^ TE1(s##2) ^ TE2(s##3) ^ TE3(s##0) ^ rk[4 * i + 1]; \
|
|
|
+d##2 = TE0(s##2) ^ TE1(s##3) ^ TE2(s##0) ^ TE3(s##1) ^ rk[4 * i + 2]; \
|
|
|
+d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3]
|
|
|
+
|
|
|
+#ifdef FULL_UNROLL
|
|
|
+
|
|
|
+ ROUND(1,t,s);
|
|
|
+ ROUND(2,s,t);
|
|
|
+ ROUND(3,t,s);
|
|
|
+ ROUND(4,s,t);
|
|
|
+ ROUND(5,t,s);
|
|
|
+ ROUND(6,s,t);
|
|
|
+ ROUND(7,t,s);
|
|
|
+ ROUND(8,s,t);
|
|
|
+ ROUND(9,t,s);
|
|
|
+
|
|
|
+ rk += Nr << 2;
|
|
|
+
|
|
|
+#else /* !FULL_UNROLL */
|
|
|
+
|
|
|
+ /* Nr - 1 full rounds: */
|
|
|
+ r = Nr >> 1;
|
|
|
+ for (;;) {
|
|
|
+ ROUND(1,t,s);
|
|
|
+ rk += 8;
|
|
|
+ if (--r == 0)
|
|
|
+ break;
|
|
|
+ ROUND(0,s,t);
|
|
|
+ }
|
|
|
+
|
|
|
+#endif /* ?FULL_UNROLL */
|
|
|
+
|
|
|
+#undef ROUND
|
|
|
+
|
|
|
+ /*
|
|
|
+ * apply last round and
|
|
|
+ * map cipher state to byte array block:
|
|
|
+ */
|
|
|
+ s0 = TE41(t0) ^ TE42(t1) ^ TE43(t2) ^ TE44(t3) ^ rk[0];
|
|
|
+ PUTU32(ct , s0);
|
|
|
+ s1 = TE41(t1) ^ TE42(t2) ^ TE43(t3) ^ TE44(t0) ^ rk[1];
|
|
|
+ PUTU32(ct + 4, s1);
|
|
|
+ s2 = TE41(t2) ^ TE42(t3) ^ TE43(t0) ^ TE44(t1) ^ rk[2];
|
|
|
+ PUTU32(ct + 8, s2);
|
|
|
+ s3 = TE41(t3) ^ TE42(t0) ^ TE43(t1) ^ TE44(t2) ^ rk[3];
|
|
|
+ PUTU32(ct + 12, s3);
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
+void * aes_encrypt_init(const u8 *key, size_t len)
|
|
|
+{
|
|
|
+ u32 *rk;
|
|
|
+ if (len != 16)
|
|
|
+ return NULL;
|
|
|
+ rk = os_malloc(AES_PRIV_SIZE);
|
|
|
+ if (rk == NULL)
|
|
|
+ return NULL;
|
|
|
+ rijndaelKeySetupEnc(rk, key);
|
|
|
+ return rk;
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
+void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
|
|
|
+{
|
|
|
+ rijndaelEncrypt(ctx, plain, crypt);
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
+void aes_encrypt_deinit(void *ctx)
|
|
|
+{
|
|
|
+ os_memset(ctx, 0, AES_PRIV_SIZE);
|
|
|
+ os_free(ctx);
|
|
|
+}
|
Johannes Berg