/src/ghostpdl/base/aes.c

Line	Count	Source (jump to first uncovered line)
1		/*
2		* FIPS-197 compliant AES implementation
3		*
4		* Copyright (C) 2006-2007 Christophe Devine
5		*
6		* Redistribution and use in source and binary forms, with or without
7		* modification, are permitted provided that the following conditions
8		* are met:
9		*
10		* * Redistributions of source code _must_ retain the above copyright
11		* notice, this list of conditions and the following disclaimer.
12		* * Redistributions in binary form may or may not reproduce the above
13		* copyright notice, this list of conditions and the following
14		* disclaimer in the documentation and/or other materials provided
15		* with the distribution.
16		* * Neither the name of XySSL nor the names of its contributors may be
17		* used to endorse or promote products derived from this software
18		* without specific prior written permission.
19		*
20		* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21		* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22		* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23		* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24		* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25		* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
26		* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
27		* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
28		* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
29		* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
30		* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31		*/
32		/*
33		* The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
34		*
35		* http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
36		* http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
37		*/
38
39		/* AES block cipher implementation from XYSSL */
40
41		#include "string_.h" /* memcmp() */
42		#include "aes.h"
43
44		#define XYSSL_AES_ROM_TABLES 1 /* avoid regenerating tables each time */
45
46		/*
47		* 32-bit integer manipulation macros (little endian)
48		*/
49		#ifndef GET_ULONG_LE
50	84.8M	#define GET_ULONG_LE(n,b,i) \
51	84.8M	{ \
52	84.8M	(n) = ( (unsigned long) (b)[(i) ] ) \
53	84.8M	\| ( (unsigned long) (b)[(i) + 1] << 8 ) \
54	84.8M	\| ( (unsigned long) (b)[(i) + 2] << 16 ) \
55	84.8M	\| ( (unsigned long) (b)[(i) + 3] << 24 ); \
56	84.8M	}
57		#endif
58
59		#ifndef PUT_ULONG_LE
60	84.4M	#define PUT_ULONG_LE(n,b,i) \
61	84.4M	{ \
62	84.4M	(b)[(i) ] = (unsigned char) ( (n) ); \
63	84.4M	(b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
64	84.4M	(b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
65	84.4M	(b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
66	84.4M	}
67		#endif
68
69		#if defined(XYSSL_AES_ROM_TABLES)
70		/*
71		* Forward S-box
72		*/
73		static const unsigned char FSb[256] =
74		{
75		0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
76		0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
77		0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
78		0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
79		0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
80		0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
81		0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
82		0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
83		0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
84		0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
85		0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
86		0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
87		0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
88		0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
89		0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
90		0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
91		0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
92		0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
93		0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
94		0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
95		0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
96		0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
97		0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
98		0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
99		0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
100		0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
101		0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
102		0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
103		0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
104		0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
105		0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
106		0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
107		};
108
109		/*
110		* Forward tables
111		*/
112		#define FT \
113		\
114		V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \
115		V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \
116		V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \
117		V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \
118		V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \
119		V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \
120		V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \
121		V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \
122		V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \
123		V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \
124		V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \
125		V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \
126		V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \
127		V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \
128		V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \
129		V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \
130		V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \
131		V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \
132		V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \
133		V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \
134		V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \
135		V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \
136		V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \
137		V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \
138		V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \
139		V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \
140		V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \
141		V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \
142		V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \
143		V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \
144		V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \
145		V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \
146		V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \
147		V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \
148		V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \
149		V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \
150		V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \
151		V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \
152		V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \
153		V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \
154		V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \
155		V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \
156		V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \
157		V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \
158		V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \
159		V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \
160		V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \
161		V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \
162		V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \
163		V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \
164		V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \
165		V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \
166		V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \
167		V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \
168		V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \
169		V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \
170		V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \
171		V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \
172		V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \
173		V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \
174		V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \
175		V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \
176		V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \
177		V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C)
178
179		#define V(a,b,c,d) 0x##a##b##c##d
180		static const unsigned long FT0[256] = { FT };
181		#undef V
182
183		#define V(a,b,c,d) 0x##b##c##d##a
184		static const unsigned long FT1[256] = { FT };
185		#undef V
186
187		#define V(a,b,c,d) 0x##c##d##a##b
188		static const unsigned long FT2[256] = { FT };
189		#undef V
190
191		#define V(a,b,c,d) 0x##d##a##b##c
192		static const unsigned long FT3[256] = { FT };
193		#undef V
194
195		#undef FT
196
197		/*
198		* Reverse S-box
199		*/
200		static const unsigned char RSb[256] =
201		{
202		0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
203		0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
204		0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
205		0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
206		0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D,
207		0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
208		0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2,
209		0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
210		0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
211		0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
212		0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA,
213		0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
214		0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A,
215		0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
216		0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
217		0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
218		0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA,
219		0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
220		0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85,
221		0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
222		0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
223		0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
224		0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20,
225		0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
226		0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31,
227		0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
228		0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
229		0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
230		0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0,
231		0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
232		0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
233		0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
234		};
235
236		/*
237		* Reverse tables
238		*/
239		#define RT \
240		\
241		V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \
242		V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \
243		V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \
244		V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \
245		V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \
246		V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \
247		V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \
248		V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \
249		V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \
250		V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \
251		V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \
252		V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \
253		V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \
254		V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \
255		V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \
256		V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \
257		V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \
258		V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \
259		V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \
260		V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \
261		V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \
262		V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \
263		V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \
264		V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \
265		V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \
266		V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \
267		V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \
268		V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \
269		V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \
270		V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \
271		V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \
272		V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \
273		V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \
274		V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \
275		V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \
276		V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \
277		V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \
278		V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \
279		V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \
280		V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \
281		V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \
282		V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \
283		V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \
284		V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \
285		V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \
286		V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \
287		V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \
288		V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \
289		V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \
290		V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \
291		V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \
292		V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \
293		V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \
294		V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \
295		V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \
296		V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \
297		V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \
298		V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \
299		V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \
300		V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \
301		V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \
302		V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \
303		V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \
304		V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
305
306		#define V(a,b,c,d) 0x##a##b##c##d
307		static const unsigned long RT0[256] = { RT };
308		#undef V
309
310		#define V(a,b,c,d) 0x##b##c##d##a
311		static const unsigned long RT1[256] = { RT };
312		#undef V
313
314		#define V(a,b,c,d) 0x##c##d##a##b
315		static const unsigned long RT2[256] = { RT };
316		#undef V
317
318		#define V(a,b,c,d) 0x##d##a##b##c
319		static const unsigned long RT3[256] = { RT };
320		#undef V
321
322		#undef RT
323
324		/*
325		* Round constants
326		*/
327		static const unsigned long RCON[10] =
328		{
329		0x00000001, 0x00000002, 0x00000004, 0x00000008,
330		0x00000010, 0x00000020, 0x00000040, 0x00000080,
331		0x0000001B, 0x00000036
332		};
333
334		#else
335
336		/*
337		* Forward S-box & tables
338		*/
339		static unsigned char FSb[256];
340		static unsigned long FT0[256];
341		static unsigned long FT1[256];
342		static unsigned long FT2[256];
343		static unsigned long FT3[256];
344
345		/*
346		* Reverse S-box & tables
347		*/
348		static unsigned char RSb[256];
349		static unsigned long RT0[256];
350		static unsigned long RT1[256];
351		static unsigned long RT2[256];
352		static unsigned long RT3[256];
353
354		/*
355		* Round constants
356		*/
357		static unsigned long RCON[10];
358
359		/*
360		* Tables generation code
361		*/
362		#define ROTL8(x) ( ( x << 8 ) & 0xFFFFFFFF ) \| ( x >> 24 )
363		#define XTIME(x) ( ( x << 1 ) ^ ( ( x & 0x80 ) ? 0x1B : 0x00 ) )
364		#define MUL(x,y) ( ( x && y ) ? pow[(log[x]+log[y]) % 255] : 0 )
365
366		static int aes_init_done = 0;
367
368		static void aes_gen_tables( void )
369		{
370		int i, x, y, z;
371		int pow[256];
372		int log[256];
373
374		/*
375		* compute pow and log tables over GF(2^8)
376		*/
377		for( i = 0, x = 1; i < 256; i++ )
378		{
379		pow[i] = x;
380		log[x] = i;
381		x = ( x ^ XTIME( x ) ) & 0xFF;
382		}
383
384		/*
385		* calculate the round constants
386		*/
387		for( i = 0, x = 1; i < 10; i++ )
388		{
389		RCON[i] = (unsigned long) x;
390		x = XTIME( x ) & 0xFF;
391		}
392
393		/*
394		* generate the forward and reverse S-boxes
395		*/
396		FSb[0x00] = 0x63;
397		RSb[0x63] = 0x00;
398
399		for( i = 1; i < 256; i++ )
400		{
401		x = pow[255 - log[i]];
402
403		y = x; y = ( (y << 1) \| (y >> 7) ) & 0xFF;
404		x ^= y; y = ( (y << 1) \| (y >> 7) ) & 0xFF;
405		x ^= y; y = ( (y << 1) \| (y >> 7) ) & 0xFF;
406		x ^= y; y = ( (y << 1) \| (y >> 7) ) & 0xFF;
407		x ^= y ^ 0x63;
408
409		FSb[i] = (unsigned char) x;
410		RSb[x] = (unsigned char) i;
411		}
412
413		/*
414		* generate the forward and reverse tables
415		*/
416		for( i = 0; i < 256; i++ )
417		{
418		x = FSb[i];
419		y = XTIME( x ) & 0xFF;
420		z = ( y ^ x ) & 0xFF;
421
422		FT0[i] = ( (unsigned long) y ) ^
423		( (unsigned long) x << 8 ) ^
424		( (unsigned long) x << 16 ) ^
425		( (unsigned long) z << 24 );
426
427		FT1[i] = ROTL8( FT0[i] );
428		FT2[i] = ROTL8( FT1[i] );
429		FT3[i] = ROTL8( FT2[i] );
430
431		x = RSb[i];
432
433		RT0[i] = ( (unsigned long) MUL( 0x0E, x ) ) ^
434		( (unsigned long) MUL( 0x09, x ) << 8 ) ^
435		( (unsigned long) MUL( 0x0D, x ) << 16 ) ^
436		( (unsigned long) MUL( 0x0B, x ) << 24 );
437
438		RT1[i] = ROTL8( RT0[i] );
439		RT2[i] = ROTL8( RT1[i] );
440		RT3[i] = ROTL8( RT2[i] );
441		}
442		}
443
444		#endif
445
446		/*
447		* AES key schedule (encryption)
448		*/
449		void aes_setkey_enc( aes_context ctx, const unsigned char key, int keysize )
450	104k	{
451	104k	int i;
452	104k	unsigned long *RK;
453
454		#if !defined(XYSSL_AES_ROM_TABLES)
455		if( aes_init_done == 0 )
456		{
457		aes_gen_tables();
458		aes_init_done = 1;
459		}
460		#endif
461
462	104k	switch( keysize )
463	104k	{
464	100k	case 128: ctx->nr = 10; break;
465	0	case 192: ctx->nr = 12; break;
466	3.64k	case 256: ctx->nr = 14; break;
467	0	default : return;
468	104k	}
469
470		#if defined(PADLOCK_ALIGN16)
471		ctx->rk = RK = PADLOCK_ALIGN16( ctx->buf );
472		#else
473	104k	ctx->rk = RK = ctx->buf;
474	104k	#endif
475
476	537k	for( i = 0; i < (keysize >> 5); i++ )
477	433k	{
478	433k	GET_ULONG_LE( RK[i], key, i << 2 );
479	433k	}
480
481	104k	switch( ctx->nr )
482	104k	{
483	100k	case 10:
484
485	1.11M	for( i = 0; i < 10; i++, RK += 4 )
486	1.00M	{
487	1.00M	RK[4] = RK[0] ^ RCON[i] ^
488	1.00M	( FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^
489	1.00M	( FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^
490	1.00M	( FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^
491	1.00M	( ((unsigned int)FSb[ ( RK[3] ) & 0xFF ]) << 24 );
492
493	1.00M	RK[5] = RK[1] ^ RK[4];
494	1.00M	RK[6] = RK[2] ^ RK[5];
495	1.00M	RK[7] = RK[3] ^ RK[6];
496	1.00M	}
497	100k	break;
498
499	0	case 12:
500
501	0	for( i = 0; i < 8; i++, RK += 6 )
502	0	{
503	0	RK[6] = RK[0] ^ RCON[i] ^
504	0	( FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^
505	0	( FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^
506	0	( FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^
507	0	( ((unsigned int)FSb[ ( RK[5] ) & 0xFF ]) << 24 );
508
509	0	RK[7] = RK[1] ^ RK[6];
510	0	RK[8] = RK[2] ^ RK[7];
511	0	RK[9] = RK[3] ^ RK[8];
512	0	RK[10] = RK[4] ^ RK[9];
513	0	RK[11] = RK[5] ^ RK[10];
514	0	}
515	0	break;
516
517	3.64k	case 14:
518
519	29.1k	for( i = 0; i < 7; i++, RK += 8 )
520	25.5k	{
521	25.5k	RK[8] = RK[0] ^ RCON[i] ^
522	25.5k	( FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^
523	25.5k	( FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^
524	25.5k	( FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^
525	25.5k	( ((unsigned int)FSb[ ( RK[7] ) & 0xFF ]) << 24 );
526
527	25.5k	RK[9] = RK[1] ^ RK[8];
528	25.5k	RK[10] = RK[2] ^ RK[9];
529	25.5k	RK[11] = RK[3] ^ RK[10];
530
531	25.5k	RK[12] = RK[4] ^
532	25.5k	( FSb[ ( RK[11] ) & 0xFF ] ) ^
533	25.5k	( FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^
534	25.5k	( FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^
535	25.5k	( ((unsigned int)FSb[ ( RK[11] >> 24 ) & 0xFF ]) << 24 );
536
537	25.5k	RK[13] = RK[5] ^ RK[12];
538	25.5k	RK[14] = RK[6] ^ RK[13];
539	25.5k	RK[15] = RK[7] ^ RK[14];
540	25.5k	}
541	3.64k	break;
542
543	0	default:
544
545	0	break;
546	104k	}
547	104k	}
548
549		/*
550		* AES key schedule (decryption)
551		*/
552		void aes_setkey_dec( aes_context ctx, const unsigned char key, int keysize )
553	38.4k	{
554	38.4k	int i, j;
555	38.4k	aes_context cty;
556	38.4k	unsigned long *RK;
557	38.4k	unsigned long *SK;
558
559	38.4k	switch( keysize )
560	38.4k	{
561	34.7k	case 128: ctx->nr = 10; break;
562	0	case 192: ctx->nr = 12; break;
563	3.64k	case 256: ctx->nr = 14; break;
564	0	default : return;
565	38.4k	}
566
567		#if defined(PADLOCK_ALIGN16)
568		ctx->rk = RK = PADLOCK_ALIGN16( ctx->buf );
569		#else
570	38.4k	ctx->rk = RK = ctx->buf;
571	38.4k	#endif
572
573	38.4k	aes_setkey_enc( &cty, key, keysize );
574	38.4k	SK = cty.rk + cty.nr * 4;
575
576	38.4k	RK++ = SK++;
577	38.4k	RK++ = SK++;
578	38.4k	RK++ = SK++;
579	38.4k	RK++ = SK++;
580
581	398k	for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 )
582	360k	{
583	1.80M	for( j = 0; j < 4; j++, SK++ )
584	1.44M	{
585	1.44M	RK++ = RT0[ FSb[ ( SK ) & 0xFF ] ] ^
586	1.44M	RT1[ FSb[ ( *SK >> 8 ) & 0xFF ] ] ^
587	1.44M	RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^
588	1.44M	RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ];
589	1.44M	}
590	360k	}
591
592	38.4k	RK++ = SK++;
593	38.4k	RK++ = SK++;
594	38.4k	RK++ = SK++;
595	38.4k	RK++ = SK++;
596
597	38.4k	memset( &cty, 0, sizeof( aes_context ) );
598	38.4k	}
599
600	151M	#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
601	151M	{ \
602	151M	X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \
603	151M	FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
604	151M	FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
605	151M	FT3[ ( Y3 >> 24 ) & 0xFF ]; \
606	151M	\
607	151M	X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \
608	151M	FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
609	151M	FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
610	151M	FT3[ ( Y0 >> 24 ) & 0xFF ]; \
611	151M	\
612	151M	X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \
613	151M	FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
614	151M	FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
615	151M	FT3[ ( Y1 >> 24 ) & 0xFF ]; \
616	151M	\
617	151M	X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \
618	151M	FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
619	151M	FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
620	151M	FT3[ ( Y2 >> 24 ) & 0xFF ]; \
621	151M	}
622
623	38.9M	#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
624	38.9M	{ \
625	38.9M	X0 = *RK++ ^ RT0[ ( Y0 ) & 0xFF ] ^ \
626	38.9M	RT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
627	38.9M	RT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
628	38.9M	RT3[ ( Y1 >> 24 ) & 0xFF ]; \
629	38.9M	\
630	38.9M	X1 = *RK++ ^ RT0[ ( Y1 ) & 0xFF ] ^ \
631	38.9M	RT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
632	38.9M	RT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
633	38.9M	RT3[ ( Y2 >> 24 ) & 0xFF ]; \
634	38.9M	\
635	38.9M	X2 = *RK++ ^ RT0[ ( Y2 ) & 0xFF ] ^ \
636	38.9M	RT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
637	38.9M	RT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
638	38.9M	RT3[ ( Y3 >> 24 ) & 0xFF ]; \
639	38.9M	\
640	38.9M	X3 = *RK++ ^ RT0[ ( Y3 ) & 0xFF ] ^ \
641	38.9M	RT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
642	38.9M	RT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
643	38.9M	RT3[ ( Y0 >> 24 ) & 0xFF ]; \
644	38.9M	}
645
646		/*
647		* AES-ECB block encryption/decryption
648		*/
649		void aes_crypt_ecb( aes_context *ctx,
650		int mode,
651		const unsigned char input[16],
652		unsigned char output[16] )
653	21.1M	{
654	21.1M	int i;
655	21.1M	unsigned long *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
656
657		#if defined(XYSSL_PADLOCK_C) && defined(XYSSL_HAVE_X86)
658		if( padlock_supports( PADLOCK_ACE ) )
659		{
660		if( padlock_xcryptecb( ctx, mode, input, output ) == 0 )
661		return;
662		}
663		#endif
664
665	21.1M	if (ctx == NULL \|\| ctx->rk == NULL)
666	0	return;
667
668	21.1M	RK = ctx->rk;
669
670	21.1M	GET_ULONG_LE( X0, input, 0 ); X0 ^= *RK++;
671	21.1M	GET_ULONG_LE( X1, input, 4 ); X1 ^= *RK++;
672	21.1M	GET_ULONG_LE( X2, input, 8 ); X2 ^= *RK++;
673	21.1M	GET_ULONG_LE( X3, input, 12 ); X3 ^= *RK++;
674
675	21.1M	if( mode == AES_DECRYPT )
676	4.31M	{
677	21.6M	for( i = (ctx->nr >> 1) - 1; i > 0; i-- )
678	17.3M	{
679	17.3M	AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
680	17.3M	AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
681	17.3M	}
682
683	4.31M	AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
684
685	4.31M	X0 = *RK++ ^ ( RSb[ ( Y0 ) & 0xFF ] ) ^
686	4.31M	( RSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
687	4.31M	( RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
688	4.31M	( ((unsigned int)RSb[ ( Y1 >> 24 ) & 0xFF ]) << 24 );
689
690	4.31M	X1 = *RK++ ^ ( RSb[ ( Y1 ) & 0xFF ] ) ^
691	4.31M	( RSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
692	4.31M	( RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
693	4.31M	( ((unsigned int)RSb[ ( Y2 >> 24 ) & 0xFF ]) << 24 );
694
695	4.31M	X2 = *RK++ ^ ( RSb[ ( Y2 ) & 0xFF ] ) ^
696	4.31M	( RSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
697	4.31M	( RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
698	4.31M	( ((unsigned int)RSb[ ( Y3 >> 24 ) & 0xFF ]) << 24 );
699
700	4.31M	X3 = *RK++ ^ ( RSb[ ( Y3 ) & 0xFF ] ) ^
701	4.31M	( RSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
702	4.31M	( RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
703	4.31M	( ((unsigned int)RSb[ ( Y0 >> 24 ) & 0xFF ]) << 24 );
704	4.31M	}
705	16.7M	else /* AES_ENCRYPT */
706	16.7M	{
707	83.9M	for( i = (ctx->nr >> 1) - 1; i > 0; i-- )
708	67.1M	{
709	67.1M	AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
710	67.1M	AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
711	67.1M	}
712
713	16.7M	AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
714
715	16.7M	X0 = *RK++ ^ ( FSb[ ( Y0 ) & 0xFF ] ) ^
716	16.7M	( FSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
717	16.7M	( FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
718	16.7M	( ((unsigned int)FSb[ ( Y3 >> 24 ) & 0xFF ]) << 24 );
719
720	16.7M	X1 = *RK++ ^ ( FSb[ ( Y1 ) & 0xFF ] ) ^
721	16.7M	( FSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
722	16.7M	( FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
723	16.7M	( ((unsigned int)FSb[ ( Y0 >> 24 ) & 0xFF ]) << 24 );
724
725	16.7M	X2 = *RK++ ^ ( FSb[ ( Y2 ) & 0xFF ] ) ^
726	16.7M	( FSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
727	16.7M	( FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
728	16.7M	( ((unsigned int)FSb[ ( Y1 >> 24 ) & 0xFF ]) << 24 );
729
730	16.7M	X3 = *RK++ ^ ( FSb[ ( Y3 ) & 0xFF ] ) ^
731	16.7M	( FSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
732	16.7M	( FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
733	16.7M	( ((unsigned int)FSb[ ( Y2 >> 24 ) & 0xFF ]) << 24 );
734	16.7M	}
735
736	21.1M	PUT_ULONG_LE( X0, output, 0 );
737	21.1M	PUT_ULONG_LE( X1, output, 4 );
738	21.1M	PUT_ULONG_LE( X2, output, 8 );
739	21.1M	PUT_ULONG_LE( X3, output, 12 );
740	21.1M	}
741
742		/*
743		* AES-CBC buffer encryption/decryption
744		*/
745		void aes_crypt_cbc( aes_context *ctx,
746		int mode,
747		int length,
748		unsigned char iv[16],
749		const unsigned char *input,
750		unsigned char *output )
751	4.37M	{
752	4.37M	int i;
753	4.37M	unsigned char temp[16];
754
755		#if defined(XYSSL_PADLOCK_C) && defined(XYSSL_HAVE_X86)
756		if( padlock_supports( PADLOCK_ACE ) )
757		{
758		if( padlock_xcryptcbc( ctx, mode, length, iv, input, output ) == 0 )
759		return;
760		}
761		#endif
762
763	4.37M	if( mode == AES_DECRYPT )
764	4.31M	{
765	8.62M	while( length > 0 )
766	4.31M	{
767	4.31M	memcpy( temp, input, 16 );
768	4.31M	aes_crypt_ecb( ctx, mode, input, output );
769
770	73.3M	for( i = 0; i < 16; i++ )
771	69.0M	output[i] = (unsigned char)( output[i] ^ iv[i] );
772
773	4.31M	memcpy( iv, temp, 16 );
774
775	4.31M	input += 16;
776	4.31M	output += 16;
777	4.31M	length -= 16;
778	4.31M	}
779	4.31M	}
780	66.1k	else
781	66.1k	{
782	16.8M	while( length > 0 )
783	16.7M	{
784	285M	for( i = 0; i < 16; i++ )
785	268M	output[i] = (unsigned char)( input[i] ^ iv[i] );
786
787	16.7M	aes_crypt_ecb( ctx, mode, output, output );
788	16.7M	memcpy( iv, output, 16 );
789
790	16.7M	input += 16;
791	16.7M	output += 16;
792	16.7M	length -= 16;
793	16.7M	}
794	66.1k	}
795	4.37M	}
796
797		/*
798		* AES-CFB buffer encryption/decryption
799		*/
800		void aes_crypt_cfb( aes_context *ctx,
801		int mode,
802		int length,
803		int *iv_off,
804		unsigned char iv[16],
805		const unsigned char *input,
806		unsigned char *output )
807	0	{
808	0	int c, n = *iv_off;
809
810	0	if( mode == AES_DECRYPT )
811	0	{
812	0	while( length-- )
813	0	{
814	0	if( n == 0 )
815	0	aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
816
817	0	c = *input++;
818	0	*output++ = (unsigned char)( c ^ iv[n] );
819	0	iv[n] = (unsigned char) c;
820
821	0	n = (n + 1) & 0x0F;
822	0	}
823	0	}
824	0	else
825	0	{
826	0	while( length-- )
827	0	{
828	0	if( n == 0 )
829	0	aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
830
831	0	iv[n] = output++ = (unsigned char)( iv[n] ^ input++ );
832
833	0	n = (n + 1) & 0x0F;
834	0	}
835	0	}
836
837	0	*iv_off = n;
838	0	}
839
840		#if defined(XYSSL_SELF_TEST)
841
842		#include <stdio.h>
843
844		/*
845		* AES test vectors from:
846		*
847		* http://csrc.nist.gov/archive/aes/rijndael/rijndael-vals.zip
848		*/
849		static const unsigned char aes_test_ecb_dec[3][16] =
850		{
851		{ 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58,
852		0x33, 0x03, 0x91, 0x7E, 0x6B, 0xE9, 0xEB, 0xE0 },
853		{ 0x48, 0xE3, 0x1E, 0x9E, 0x25, 0x67, 0x18, 0xF2,
854		0x92, 0x29, 0x31, 0x9C, 0x19, 0xF1, 0x5B, 0xA4 },
855		{ 0x05, 0x8C, 0xCF, 0xFD, 0xBB, 0xCB, 0x38, 0x2D,
856		0x1F, 0x6F, 0x56, 0x58, 0x5D, 0x8A, 0x4A, 0xDE }
857		};
858
859		static const unsigned char aes_test_ecb_enc[3][16] =
860		{
861		{ 0xC3, 0x4C, 0x05, 0x2C, 0xC0, 0xDA, 0x8D, 0x73,
862		0x45, 0x1A, 0xFE, 0x5F, 0x03, 0xBE, 0x29, 0x7F },
863		{ 0xF3, 0xF6, 0x75, 0x2A, 0xE8, 0xD7, 0x83, 0x11,
864		0x38, 0xF0, 0x41, 0x56, 0x06, 0x31, 0xB1, 0x14 },
865		{ 0x8B, 0x79, 0xEE, 0xCC, 0x93, 0xA0, 0xEE, 0x5D,
866		0xFF, 0x30, 0xB4, 0xEA, 0x21, 0x63, 0x6D, 0xA4 }
867		};
868
869		static const unsigned char aes_test_cbc_dec[3][16] =
870		{
871		{ 0xFA, 0xCA, 0x37, 0xE0, 0xB0, 0xC8, 0x53, 0x73,
872		0xDF, 0x70, 0x6E, 0x73, 0xF7, 0xC9, 0xAF, 0x86 },
873		{ 0x5D, 0xF6, 0x78, 0xDD, 0x17, 0xBA, 0x4E, 0x75,
874		0xB6, 0x17, 0x68, 0xC6, 0xAD, 0xEF, 0x7C, 0x7B },
875		{ 0x48, 0x04, 0xE1, 0x81, 0x8F, 0xE6, 0x29, 0x75,
876		0x19, 0xA3, 0xE8, 0x8C, 0x57, 0x31, 0x04, 0x13 }
877		};
878
879		static const unsigned char aes_test_cbc_enc[3][16] =
880		{
881		{ 0x8A, 0x05, 0xFC, 0x5E, 0x09, 0x5A, 0xF4, 0x84,
882		0x8A, 0x08, 0xD3, 0x28, 0xD3, 0x68, 0x8E, 0x3D },
883		{ 0x7B, 0xD9, 0x66, 0xD5, 0x3A, 0xD8, 0xC1, 0xBB,
884		0x85, 0xD2, 0xAD, 0xFA, 0xE8, 0x7B, 0xB1, 0x04 },
885		{ 0xFE, 0x3C, 0x53, 0x65, 0x3E, 0x2F, 0x45, 0xB5,
886		0x6F, 0xCD, 0x88, 0xB2, 0xCC, 0x89, 0x8F, 0xF0 }
887		};
888
889		/*
890		* AES-CFB test vectors (generated on 2008-02-12)
891		*/
892		static const unsigned char aes_test_cfb_dec[3][16] =
893		{
894		{ 0xBA, 0x75, 0x0C, 0xC9, 0x77, 0xF8, 0xD4, 0xE1,
895		0x3E, 0x0F, 0xB5, 0x46, 0x2E, 0xA6, 0x33, 0xF6 },
896		{ 0xDB, 0x40, 0x4A, 0x98, 0x7B, 0xAA, 0xA3, 0xF3,
897		0x92, 0x35, 0xAD, 0x58, 0x09, 0x9B, 0xFF, 0x6E },
898		{ 0xA8, 0x17, 0x41, 0x0E, 0x76, 0x71, 0x60, 0xE5,
899		0xFD, 0x37, 0xC5, 0x43, 0xCC, 0xC8, 0xD6, 0xDA }
900		};
901
902		static const unsigned char aes_test_cfb_enc[3][16] =
903		{
904		{ 0x45, 0x62, 0xC5, 0xA1, 0xF9, 0x10, 0x8F, 0xE0,
905		0x87, 0x24, 0x25, 0x68, 0xB5, 0x12, 0xF3, 0x8B },
906		{ 0xB8, 0xD4, 0xD5, 0x09, 0xF5, 0xEE, 0x08, 0x38,
907		0x48, 0x9B, 0x9D, 0xAD, 0x11, 0xB4, 0x2E, 0xD2 },
908		{ 0xE9, 0x10, 0x80, 0xDA, 0xEE, 0x2D, 0x81, 0xD9,
909		0x41, 0x78, 0x91, 0xD5, 0x98, 0x78, 0xE1, 0xFA }
910		};
911
912		/*
913		* Checkup routine
914		*/
915		int aes_self_test( int verbose )
916		{
917		int i, j, u, v, offset;
918		unsigned char key[32];
919		unsigned char buf[16];
920		unsigned char prv[16];
921		unsigned char iv[16];
922		aes_context ctx;
923
924		memset( key, 0, 32 );
925
926		/*
927		* ECB mode
928		*/
929		for( i = 0; i < 6; i++ )
930		{
931		u = i >> 1;
932		v = i & 1;
933
934		if( verbose != 0 )
935		printf( " AES-ECB-%3d (%s): ", 128 + u * 64,
936		( v == AES_DECRYPT ) ? "dec" : "enc" );
937
938		memset( buf, 0, 16 );
939
940		if( v == AES_DECRYPT )
941		{
942		aes_setkey_dec( &ctx, key, 128 + u * 64 );
943
944		for( j = 0; j < 10000; j++ )
945		aes_crypt_ecb( &ctx, v, buf, buf );
946
947		if( memcmp( buf, aes_test_ecb_dec[u], 16 ) != 0 )
948		{
949		if( verbose != 0 )
950		printf( "failed\n" );
951
952		return( 1 );
953		}
954		}
955		else
956		{
957		aes_setkey_enc( &ctx, key, 128 + u * 64 );
958
959		for( j = 0; j < 10000; j++ )
960		aes_crypt_ecb( &ctx, v, buf, buf );
961
962		if( memcmp( buf, aes_test_ecb_enc[u], 16 ) != 0 )
963		{
964		if( verbose != 0 )
965		printf( "failed\n" );
966
967		return( 1 );
968		}
969		}
970
971		if( verbose != 0 )
972		printf( "passed\n" );
973		}
974
975		if( verbose != 0 )
976		printf( "\n" );
977
978		/*
979		* CBC mode
980		*/
981		for( i = 0; i < 6; i++ )
982		{
983		u = i >> 1;
984		v = i & 1;
985
986		if( verbose != 0 )
987		printf( " AES-CBC-%3d (%s): ", 128 + u * 64,
988		( v == AES_DECRYPT ) ? "dec" : "enc" );
989
990		memset( iv , 0, 16 );
991		memset( prv, 0, 16 );
992		memset( buf, 0, 16 );
993
994		if( v == AES_DECRYPT )
995		{
996		aes_setkey_dec( &ctx, key, 128 + u * 64 );
997
998		for( j = 0; j < 10000; j++ )
999		aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
1000
1001		if( memcmp( buf, aes_test_cbc_dec[u], 16 ) != 0 )
1002		{
1003		if( verbose != 0 )
1004		printf( "failed\n" );
1005
1006		return( 1 );
1007		}
1008		}
1009		else
1010		{
1011		aes_setkey_enc( &ctx, key, 128 + u * 64 );
1012
1013		for( j = 0; j < 10000; j++ )
1014		{
1015		unsigned char tmp[16];
1016
1017		aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
1018
1019		memcpy( tmp, prv, 16 );
1020		memcpy( prv, buf, 16 );
1021		memcpy( buf, tmp, 16 );
1022		}
1023
1024		if( memcmp( prv, aes_test_cbc_enc[u], 16 ) != 0 )
1025		{
1026		if( verbose != 0 )
1027		printf( "failed\n" );
1028
1029		return( 1 );
1030		}
1031		}
1032
1033		if( verbose != 0 )
1034		printf( "passed\n" );
1035		}
1036
1037		if( verbose != 0 )
1038		printf( "\n" );
1039
1040		/*
1041		* CFB mode
1042		*/
1043		for( i = 0; i < 6; i++ )
1044		{
1045		u = i >> 1;
1046		v = i & 1;
1047
1048		if( verbose != 0 )
1049		printf( " AES-CFB-%3d (%s): ", 128 + u * 64,
1050		( v == AES_DECRYPT ) ? "dec" : "enc" );
1051
1052		memset( iv , 0, 16 );
1053		memset( buf, 0, 16 );
1054		offset = 0;
1055
1056		if( v == AES_DECRYPT )
1057		{
1058		aes_setkey_dec( &ctx, key, 128 + u * 64 );
1059
1060		for( j = 0; j < 10000; j++ )
1061		aes_crypt_cfb( &ctx, v, 16, &offset, iv, buf, buf );
1062
1063		if( memcmp( buf, aes_test_cfb_dec[u], 16 ) != 0 )
1064		{
1065		if( verbose != 0 )
1066		printf( "failed\n" );
1067
1068		return( 1 );
1069		}
1070		}
1071		else
1072		{
1073		aes_setkey_enc( &ctx, key, 128 + u * 64 );
1074
1075		for( j = 0; j < 10000; j++ )
1076		aes_crypt_cfb( &ctx, v, 16, &offset, iv, buf, buf );
1077
1078		if( memcmp( buf, aes_test_cfb_enc[u], 16 ) != 0 )
1079		{
1080		if( verbose != 0 )
1081		printf( "failed\n" );
1082
1083		return( 1 );
1084		}
1085		}
1086
1087		if( verbose != 0 )
1088		printf( "passed\n" );
1089		}
1090
1091		if( verbose != 0 )
1092		printf( "\n" );
1093
1094		return( 0 );
1095		}
1096
1097		int main(int argc, char *argv[])
1098		{
1099		return aes_self_test(1);
1100		}
1101
1102		#endif /* defined(XYSSL_SELF_TEST) */

Coverage Report

Created: 2025-06-10 07:27