/src/nettle-with-mini-gmp/aes-invert-internal.c

Source
/* aes-invert-internal.c

   Inverse key setup for the aes/rijndael block cipher.

   Copyright (C) 2000, 2001, 2002 Rafael R. Sevilla, Niels Möller
   Copyright (C) 2013 Niels Möller

   This file is part of GNU Nettle.

   GNU Nettle is free software: you can redistribute it and/or
   modify it under the terms of either:

     * the GNU Lesser General Public License as published by the Free
       Software Foundation; either version 3 of the License, or (at your
       option) any later version.

   or

     * the GNU General Public License as published by the Free
       Software Foundation; either version 2 of the License, or (at your
       option) any later version.

   or both in parallel, as here.

   GNU Nettle is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   General Public License for more details.

   You should have received copies of the GNU General Public License and
   the GNU Lesser General Public License along with this program.  If
   not, see http://www.gnu.org/licenses/.
*/

/* Originally written by Rafael R. Sevilla <dido@pacific.net.ph> */

#if HAVE_CONFIG_H
# include "config.h"
#endif

#include "aes-internal.h"

#include "macros.h"

/* For fat builds */
#if HAVE_NATIVE_aes_invert
void
_nettle_aes_invert_c(unsigned rounds, uint32_t *dst, const uint32_t *src);
#define _nettle_aes_invert _nettle_aes_invert_c
#endif

/* NOTE: We don't include rotated versions of the table. */
static const uint32_t mtable[0x100] =
{
  0x00000000,0x0b0d090e,0x161a121c,0x1d171b12,
  0x2c342438,0x27392d36,0x3a2e3624,0x31233f2a,
  0x58684870,0x5365417e,0x4e725a6c,0x457f5362,
  0x745c6c48,0x7f516546,0x62467e54,0x694b775a,
  0xb0d090e0,0xbbdd99ee,0xa6ca82fc,0xadc78bf2,
  0x9ce4b4d8,0x97e9bdd6,0x8afea6c4,0x81f3afca,
  0xe8b8d890,0xe3b5d19e,0xfea2ca8c,0xf5afc382,
  0xc48cfca8,0xcf81f5a6,0xd296eeb4,0xd99be7ba,
  0x7bbb3bdb,0x70b632d5,0x6da129c7,0x66ac20c9,
  0x578f1fe3,0x5c8216ed,0x41950dff,0x4a9804f1,
  0x23d373ab,0x28de7aa5,0x35c961b7,0x3ec468b9,
  0x0fe75793,0x04ea5e9d,0x19fd458f,0x12f04c81,
  0xcb6bab3b,0xc066a235,0xdd71b927,0xd67cb029,
  0xe75f8f03,0xec52860d,0xf1459d1f,0xfa489411,
  0x9303e34b,0x980eea45,0x8519f157,0x8e14f859,
  0xbf37c773,0xb43ace7d,0xa92dd56f,0xa220dc61,
  0xf66d76ad,0xfd607fa3,0xe07764b1,0xeb7a6dbf,
  0xda595295,0xd1545b9b,0xcc434089,0xc74e4987,
  0xae053edd,0xa50837d3,0xb81f2cc1,0xb31225cf,
  0x82311ae5,0x893c13eb,0x942b08f9,0x9f2601f7,
  0x46bde64d,0x4db0ef43,0x50a7f451,0x5baafd5f,
  0x6a89c275,0x6184cb7b,0x7c93d069,0x779ed967,
  0x1ed5ae3d,0x15d8a733,0x08cfbc21,0x03c2b52f,
  0x32e18a05,0x39ec830b,0x24fb9819,0x2ff69117,
  0x8dd64d76,0x86db4478,0x9bcc5f6a,0x90c15664,
  0xa1e2694e,0xaaef6040,0xb7f87b52,0xbcf5725c,
  0xd5be0506,0xdeb30c08,0xc3a4171a,0xc8a91e14,
  0xf98a213e,0xf2872830,0xef903322,0xe49d3a2c,
  0x3d06dd96,0x360bd498,0x2b1ccf8a,0x2011c684,
  0x1132f9ae,0x1a3ff0a0,0x0728ebb2,0x0c25e2bc,
  0x656e95e6,0x6e639ce8,0x737487fa,0x78798ef4,
  0x495ab1de,0x4257b8d0,0x5f40a3c2,0x544daacc,
  0xf7daec41,0xfcd7e54f,0xe1c0fe5d,0xeacdf753,
  0xdbeec879,0xd0e3c177,0xcdf4da65,0xc6f9d36b,
  0xafb2a431,0xa4bfad3f,0xb9a8b62d,0xb2a5bf23,
  0x83868009,0x888b8907,0x959c9215,0x9e919b1b,
  0x470a7ca1,0x4c0775af,0x51106ebd,0x5a1d67b3,
  0x6b3e5899,0x60335197,0x7d244a85,0x7629438b,
  0x1f6234d1,0x146f3ddf,0x097826cd,0x02752fc3,
  0x335610e9,0x385b19e7,0x254c02f5,0x2e410bfb,
  0x8c61d79a,0x876cde94,0x9a7bc586,0x9176cc88,
  0xa055f3a2,0xab58faac,0xb64fe1be,0xbd42e8b0,
  0xd4099fea,0xdf0496e4,0xc2138df6,0xc91e84f8,
  0xf83dbbd2,0xf330b2dc,0xee27a9ce,0xe52aa0c0,
  0x3cb1477a,0x37bc4e74,0x2aab5566,0x21a65c68,
  0x10856342,0x1b886a4c,0x069f715e,0x0d927850,
  0x64d90f0a,0x6fd40604,0x72c31d16,0x79ce1418,
  0x48ed2b32,0x43e0223c,0x5ef7392e,0x55fa3020,
  0x01b79aec,0x0aba93e2,0x17ad88f0,0x1ca081fe,
  0x2d83bed4,0x268eb7da,0x3b99acc8,0x3094a5c6,
  0x59dfd29c,0x52d2db92,0x4fc5c080,0x44c8c98e,
  0x75ebf6a4,0x7ee6ffaa,0x63f1e4b8,0x68fcedb6,
  0xb1670a0c,0xba6a0302,0xa77d1810,0xac70111e,
  0x9d532e34,0x965e273a,0x8b493c28,0x80443526,
  0xe90f427c,0xe2024b72,0xff155060,0xf418596e,
  0xc53b6644,0xce366f4a,0xd3217458,0xd82c7d56,
  0x7a0ca137,0x7101a839,0x6c16b32b,0x671bba25,
  0x5638850f,0x5d358c01,0x40229713,0x4b2f9e1d,
  0x2264e947,0x2969e049,0x347efb5b,0x3f73f255,
  0x0e50cd7f,0x055dc471,0x184adf63,0x1347d66d,
  0xcadc31d7,0xc1d138d9,0xdcc623cb,0xd7cb2ac5,
  0xe6e815ef,0xede51ce1,0xf0f207f3,0xfbff0efd,
  0x92b479a7,0x99b970a9,0x84ae6bbb,0x8fa362b5,
  0xbe805d9f,0xb58d5491,0xa89a4f83,0xa397468d,
};

#define MIX_COLUMN(T, out, in) do {   \
    uint32_t _k, _nk, _t; \
    _k = (in);      \
    _nk = T[_k & 0xff];   \
    _k >>= 8;     \
    _t = T[_k & 0xff];    \
    _nk ^= ROTL32(8, _t);  \
    _k >>= 8;     \
    _t = T[_k & 0xff];    \
    _nk ^= ROTL32(16, _t); \
    _k >>= 8;     \
    _t = T[_k & 0xff];    \
    _nk ^= ROTL32(24, _t); \
    (out) = _nk;    \
  } while(0)
  

#define SWAP(a, b) \
do { uint32_t t_swap = (a); (a) = (b); (b) = t_swap; } while(0)

void
_nettle_aes_invert(unsigned rounds, uint32_t *dst, const uint32_t *src)
{
  unsigned i;

  /* Transform all subkeys but the first and last. */
  for (i = 4; i < 4 * rounds; i++)
    MIX_COLUMN (mtable, dst[i], src[i]);

  if (src != dst)
    {
      dst[0] = src[0]; dst[1] = src[1]; dst[2] = src[2]; dst[3] = src[3];
      dst[i] = src[i]; dst[i+1] = src[i+1]; dst[i+2] = src[i+2]; dst[i+3] = src[i+3];
    }
}

Coverage Report

Created: 2024-06-28 06:39

Line	Count	Source
1		/* aes-invert-internal.c
2
3		Inverse key setup for the aes/rijndael block cipher.
4
5		Copyright (C) 2000, 2001, 2002 Rafael R. Sevilla, Niels Möller
6		Copyright (C) 2013 Niels Möller
7
8		This file is part of GNU Nettle.
9
10		GNU Nettle is free software: you can redistribute it and/or
11		modify it under the terms of either:
12
13		* the GNU Lesser General Public License as published by the Free
14		Software Foundation; either version 3 of the License, or (at your
15		option) any later version.
16
17		or
18
19		* the GNU General Public License as published by the Free
20		Software Foundation; either version 2 of the License, or (at your
21		option) any later version.
22
23		or both in parallel, as here.
24
25		GNU Nettle is distributed in the hope that it will be useful,
26		but WITHOUT ANY WARRANTY; without even the implied warranty of
27		MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
28		General Public License for more details.
29
30		You should have received copies of the GNU General Public License and
31		the GNU Lesser General Public License along with this program. If
32		not, see http://www.gnu.org/licenses/.
33		*/
34
35		/* Originally written by Rafael R. Sevilla <dido@pacific.net.ph> */
36
37		#if HAVE_CONFIG_H
38		# include "config.h"
39		#endif
40
41		#include "aes-internal.h"
42
43		#include "macros.h"
44
45		/* For fat builds */
46		#if HAVE_NATIVE_aes_invert
47		void
48		_nettle_aes_invert_c(unsigned rounds, uint32_t dst, const uint32_t src);
49		#define _nettle_aes_invert _nettle_aes_invert_c
50		#endif
51
52		/* NOTE: We don't include rotated versions of the table. */
53		static const uint32_t mtable[0x100] =
54		{
55		0x00000000,0x0b0d090e,0x161a121c,0x1d171b12,
56		0x2c342438,0x27392d36,0x3a2e3624,0x31233f2a,
57		0x58684870,0x5365417e,0x4e725a6c,0x457f5362,
58		0x745c6c48,0x7f516546,0x62467e54,0x694b775a,
59		0xb0d090e0,0xbbdd99ee,0xa6ca82fc,0xadc78bf2,
60		0x9ce4b4d8,0x97e9bdd6,0x8afea6c4,0x81f3afca,
61		0xe8b8d890,0xe3b5d19e,0xfea2ca8c,0xf5afc382,
62		0xc48cfca8,0xcf81f5a6,0xd296eeb4,0xd99be7ba,
63		0x7bbb3bdb,0x70b632d5,0x6da129c7,0x66ac20c9,
64		0x578f1fe3,0x5c8216ed,0x41950dff,0x4a9804f1,
65		0x23d373ab,0x28de7aa5,0x35c961b7,0x3ec468b9,
66		0x0fe75793,0x04ea5e9d,0x19fd458f,0x12f04c81,
67		0xcb6bab3b,0xc066a235,0xdd71b927,0xd67cb029,
68		0xe75f8f03,0xec52860d,0xf1459d1f,0xfa489411,
69		0x9303e34b,0x980eea45,0x8519f157,0x8e14f859,
70		0xbf37c773,0xb43ace7d,0xa92dd56f,0xa220dc61,
71		0xf66d76ad,0xfd607fa3,0xe07764b1,0xeb7a6dbf,
72		0xda595295,0xd1545b9b,0xcc434089,0xc74e4987,
73		0xae053edd,0xa50837d3,0xb81f2cc1,0xb31225cf,
74		0x82311ae5,0x893c13eb,0x942b08f9,0x9f2601f7,
75		0x46bde64d,0x4db0ef43,0x50a7f451,0x5baafd5f,
76		0x6a89c275,0x6184cb7b,0x7c93d069,0x779ed967,
77		0x1ed5ae3d,0x15d8a733,0x08cfbc21,0x03c2b52f,
78		0x32e18a05,0x39ec830b,0x24fb9819,0x2ff69117,
79		0x8dd64d76,0x86db4478,0x9bcc5f6a,0x90c15664,
80		0xa1e2694e,0xaaef6040,0xb7f87b52,0xbcf5725c,
81		0xd5be0506,0xdeb30c08,0xc3a4171a,0xc8a91e14,
82		0xf98a213e,0xf2872830,0xef903322,0xe49d3a2c,
83		0x3d06dd96,0x360bd498,0x2b1ccf8a,0x2011c684,
84		0x1132f9ae,0x1a3ff0a0,0x0728ebb2,0x0c25e2bc,
85		0x656e95e6,0x6e639ce8,0x737487fa,0x78798ef4,
86		0x495ab1de,0x4257b8d0,0x5f40a3c2,0x544daacc,
87		0xf7daec41,0xfcd7e54f,0xe1c0fe5d,0xeacdf753,
88		0xdbeec879,0xd0e3c177,0xcdf4da65,0xc6f9d36b,
89		0xafb2a431,0xa4bfad3f,0xb9a8b62d,0xb2a5bf23,
90		0x83868009,0x888b8907,0x959c9215,0x9e919b1b,
91		0x470a7ca1,0x4c0775af,0x51106ebd,0x5a1d67b3,
92		0x6b3e5899,0x60335197,0x7d244a85,0x7629438b,
93		0x1f6234d1,0x146f3ddf,0x097826cd,0x02752fc3,
94		0x335610e9,0x385b19e7,0x254c02f5,0x2e410bfb,
95		0x8c61d79a,0x876cde94,0x9a7bc586,0x9176cc88,
96		0xa055f3a2,0xab58faac,0xb64fe1be,0xbd42e8b0,
97		0xd4099fea,0xdf0496e4,0xc2138df6,0xc91e84f8,
98		0xf83dbbd2,0xf330b2dc,0xee27a9ce,0xe52aa0c0,
99		0x3cb1477a,0x37bc4e74,0x2aab5566,0x21a65c68,
100		0x10856342,0x1b886a4c,0x069f715e,0x0d927850,
101		0x64d90f0a,0x6fd40604,0x72c31d16,0x79ce1418,
102		0x48ed2b32,0x43e0223c,0x5ef7392e,0x55fa3020,
103		0x01b79aec,0x0aba93e2,0x17ad88f0,0x1ca081fe,
104		0x2d83bed4,0x268eb7da,0x3b99acc8,0x3094a5c6,
105		0x59dfd29c,0x52d2db92,0x4fc5c080,0x44c8c98e,
106		0x75ebf6a4,0x7ee6ffaa,0x63f1e4b8,0x68fcedb6,
107		0xb1670a0c,0xba6a0302,0xa77d1810,0xac70111e,
108		0x9d532e34,0x965e273a,0x8b493c28,0x80443526,
109		0xe90f427c,0xe2024b72,0xff155060,0xf418596e,
110		0xc53b6644,0xce366f4a,0xd3217458,0xd82c7d56,
111		0x7a0ca137,0x7101a839,0x6c16b32b,0x671bba25,
112		0x5638850f,0x5d358c01,0x40229713,0x4b2f9e1d,
113		0x2264e947,0x2969e049,0x347efb5b,0x3f73f255,
114		0x0e50cd7f,0x055dc471,0x184adf63,0x1347d66d,
115		0xcadc31d7,0xc1d138d9,0xdcc623cb,0xd7cb2ac5,
116		0xe6e815ef,0xede51ce1,0xf0f207f3,0xfbff0efd,
117		0x92b479a7,0x99b970a9,0x84ae6bbb,0x8fa362b5,
118		0xbe805d9f,0xb58d5491,0xa89a4f83,0xa397468d,
119		};
120
121	41.0k	#define MIX_COLUMN(T, out, in) do { \
122	41.0k	uint32_t _k, _nk, _t; \
123	41.0k	_k = (in); \
124	41.0k	_nk = T[_k & 0xff]; \
125	41.0k	_k >>= 8; \
126	41.0k	_t = T[_k & 0xff]; \
127	41.0k	_nk ^= ROTL32(8, _t); \
128	41.0k	_k >>= 8; \
129	41.0k	_t = T[_k & 0xff]; \
130	41.0k	_nk ^= ROTL32(16, _t); \
131	41.0k	_k >>= 8; \
132	41.0k	_t = T[_k & 0xff]; \
133	41.0k	_nk ^= ROTL32(24, _t); \
134	41.0k	(out) = _nk; \
135	41.0k	} while(0)
136
137
138		#define SWAP(a, b) \
139		do { uint32_t t_swap = (a); (a) = (b); (b) = t_swap; } while(0)
140
141		void
142		_nettle_aes_invert(unsigned rounds, uint32_t dst, const uint32_t src)
143	1.06k	{
144	1.06k	unsigned i;
145
146		/* Transform all subkeys but the first and last. */
147	42.1k	for (i = 4; i < 4 * rounds; i++)
148	41.0k	MIX_COLUMN (mtable, dst[i], src[i]);
149
150	1.06k	if (src != dst)
151	707	{
152	707	dst[0] = src[0]; dst[1] = src[1]; dst[2] = src[2]; dst[3] = src[3];
153	707	dst[i] = src[i]; dst[i+1] = src[i+1]; dst[i+2] = src[i+2]; dst[i+3] = src[i+3];
154	707	}
155	1.06k	}