/src/nettle/aes-invert-internal.c
| Line | Count | Source (jump to first uncovered line) | 
| 1 |  | /* aes-invert-internal.c | 
| 2 |  |  | 
| 3 |  |    Inverse key setup for the aes/rijndael block cipher. | 
| 4 |  |  | 
| 5 |  |    Copyright (C) 2000, 2001, 2002 Rafael R. Sevilla, Niels Möller | 
| 6 |  |    Copyright (C) 2013 Niels Möller | 
| 7 |  |  | 
| 8 |  |    This file is part of GNU Nettle. | 
| 9 |  |  | 
| 10 |  |    GNU Nettle is free software: you can redistribute it and/or | 
| 11 |  |    modify it under the terms of either: | 
| 12 |  |  | 
| 13 |  |      * the GNU Lesser General Public License as published by the Free | 
| 14 |  |        Software Foundation; either version 3 of the License, or (at your | 
| 15 |  |        option) any later version. | 
| 16 |  |  | 
| 17 |  |    or | 
| 18 |  |  | 
| 19 |  |      * the GNU General Public License as published by the Free | 
| 20 |  |        Software Foundation; either version 2 of the License, or (at your | 
| 21 |  |        option) any later version. | 
| 22 |  |  | 
| 23 |  |    or both in parallel, as here. | 
| 24 |  |  | 
| 25 |  |    GNU Nettle is distributed in the hope that it will be useful, | 
| 26 |  |    but WITHOUT ANY WARRANTY; without even the implied warranty of | 
| 27 |  |    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU | 
| 28 |  |    General Public License for more details. | 
| 29 |  |  | 
| 30 |  |    You should have received copies of the GNU General Public License and | 
| 31 |  |    the GNU Lesser General Public License along with this program.  If | 
| 32 |  |    not, see http://www.gnu.org/licenses/. | 
| 33 |  | */ | 
| 34 |  |  | 
| 35 |  | /* Originally written by Rafael R. Sevilla <dido@pacific.net.ph> */ | 
| 36 |  |  | 
| 37 |  | #if HAVE_CONFIG_H | 
| 38 |  | # include "config.h" | 
| 39 |  | #endif | 
| 40 |  |  | 
| 41 |  | #include "aes-internal.h" | 
| 42 |  |  | 
| 43 |  | #include "macros.h" | 
| 44 |  |  | 
| 45 |  | /* NOTE: We don't include rotated versions of the table. */ | 
| 46 |  | static const uint32_t mtable[0x100] = | 
| 47 |  | { | 
| 48 |  |   0x00000000,0x0b0d090e,0x161a121c,0x1d171b12, | 
| 49 |  |   0x2c342438,0x27392d36,0x3a2e3624,0x31233f2a, | 
| 50 |  |   0x58684870,0x5365417e,0x4e725a6c,0x457f5362, | 
| 51 |  |   0x745c6c48,0x7f516546,0x62467e54,0x694b775a, | 
| 52 |  |   0xb0d090e0,0xbbdd99ee,0xa6ca82fc,0xadc78bf2, | 
| 53 |  |   0x9ce4b4d8,0x97e9bdd6,0x8afea6c4,0x81f3afca, | 
| 54 |  |   0xe8b8d890,0xe3b5d19e,0xfea2ca8c,0xf5afc382, | 
| 55 |  |   0xc48cfca8,0xcf81f5a6,0xd296eeb4,0xd99be7ba, | 
| 56 |  |   0x7bbb3bdb,0x70b632d5,0x6da129c7,0x66ac20c9, | 
| 57 |  |   0x578f1fe3,0x5c8216ed,0x41950dff,0x4a9804f1, | 
| 58 |  |   0x23d373ab,0x28de7aa5,0x35c961b7,0x3ec468b9, | 
| 59 |  |   0x0fe75793,0x04ea5e9d,0x19fd458f,0x12f04c81, | 
| 60 |  |   0xcb6bab3b,0xc066a235,0xdd71b927,0xd67cb029, | 
| 61 |  |   0xe75f8f03,0xec52860d,0xf1459d1f,0xfa489411, | 
| 62 |  |   0x9303e34b,0x980eea45,0x8519f157,0x8e14f859, | 
| 63 |  |   0xbf37c773,0xb43ace7d,0xa92dd56f,0xa220dc61, | 
| 64 |  |   0xf66d76ad,0xfd607fa3,0xe07764b1,0xeb7a6dbf, | 
| 65 |  |   0xda595295,0xd1545b9b,0xcc434089,0xc74e4987, | 
| 66 |  |   0xae053edd,0xa50837d3,0xb81f2cc1,0xb31225cf, | 
| 67 |  |   0x82311ae5,0x893c13eb,0x942b08f9,0x9f2601f7, | 
| 68 |  |   0x46bde64d,0x4db0ef43,0x50a7f451,0x5baafd5f, | 
| 69 |  |   0x6a89c275,0x6184cb7b,0x7c93d069,0x779ed967, | 
| 70 |  |   0x1ed5ae3d,0x15d8a733,0x08cfbc21,0x03c2b52f, | 
| 71 |  |   0x32e18a05,0x39ec830b,0x24fb9819,0x2ff69117, | 
| 72 |  |   0x8dd64d76,0x86db4478,0x9bcc5f6a,0x90c15664, | 
| 73 |  |   0xa1e2694e,0xaaef6040,0xb7f87b52,0xbcf5725c, | 
| 74 |  |   0xd5be0506,0xdeb30c08,0xc3a4171a,0xc8a91e14, | 
| 75 |  |   0xf98a213e,0xf2872830,0xef903322,0xe49d3a2c, | 
| 76 |  |   0x3d06dd96,0x360bd498,0x2b1ccf8a,0x2011c684, | 
| 77 |  |   0x1132f9ae,0x1a3ff0a0,0x0728ebb2,0x0c25e2bc, | 
| 78 |  |   0x656e95e6,0x6e639ce8,0x737487fa,0x78798ef4, | 
| 79 |  |   0x495ab1de,0x4257b8d0,0x5f40a3c2,0x544daacc, | 
| 80 |  |   0xf7daec41,0xfcd7e54f,0xe1c0fe5d,0xeacdf753, | 
| 81 |  |   0xdbeec879,0xd0e3c177,0xcdf4da65,0xc6f9d36b, | 
| 82 |  |   0xafb2a431,0xa4bfad3f,0xb9a8b62d,0xb2a5bf23, | 
| 83 |  |   0x83868009,0x888b8907,0x959c9215,0x9e919b1b, | 
| 84 |  |   0x470a7ca1,0x4c0775af,0x51106ebd,0x5a1d67b3, | 
| 85 |  |   0x6b3e5899,0x60335197,0x7d244a85,0x7629438b, | 
| 86 |  |   0x1f6234d1,0x146f3ddf,0x097826cd,0x02752fc3, | 
| 87 |  |   0x335610e9,0x385b19e7,0x254c02f5,0x2e410bfb, | 
| 88 |  |   0x8c61d79a,0x876cde94,0x9a7bc586,0x9176cc88, | 
| 89 |  |   0xa055f3a2,0xab58faac,0xb64fe1be,0xbd42e8b0, | 
| 90 |  |   0xd4099fea,0xdf0496e4,0xc2138df6,0xc91e84f8, | 
| 91 |  |   0xf83dbbd2,0xf330b2dc,0xee27a9ce,0xe52aa0c0, | 
| 92 |  |   0x3cb1477a,0x37bc4e74,0x2aab5566,0x21a65c68, | 
| 93 |  |   0x10856342,0x1b886a4c,0x069f715e,0x0d927850, | 
| 94 |  |   0x64d90f0a,0x6fd40604,0x72c31d16,0x79ce1418, | 
| 95 |  |   0x48ed2b32,0x43e0223c,0x5ef7392e,0x55fa3020, | 
| 96 |  |   0x01b79aec,0x0aba93e2,0x17ad88f0,0x1ca081fe, | 
| 97 |  |   0x2d83bed4,0x268eb7da,0x3b99acc8,0x3094a5c6, | 
| 98 |  |   0x59dfd29c,0x52d2db92,0x4fc5c080,0x44c8c98e, | 
| 99 |  |   0x75ebf6a4,0x7ee6ffaa,0x63f1e4b8,0x68fcedb6, | 
| 100 |  |   0xb1670a0c,0xba6a0302,0xa77d1810,0xac70111e, | 
| 101 |  |   0x9d532e34,0x965e273a,0x8b493c28,0x80443526, | 
| 102 |  |   0xe90f427c,0xe2024b72,0xff155060,0xf418596e, | 
| 103 |  |   0xc53b6644,0xce366f4a,0xd3217458,0xd82c7d56, | 
| 104 |  |   0x7a0ca137,0x7101a839,0x6c16b32b,0x671bba25, | 
| 105 |  |   0x5638850f,0x5d358c01,0x40229713,0x4b2f9e1d, | 
| 106 |  |   0x2264e947,0x2969e049,0x347efb5b,0x3f73f255, | 
| 107 |  |   0x0e50cd7f,0x055dc471,0x184adf63,0x1347d66d, | 
| 108 |  |   0xcadc31d7,0xc1d138d9,0xdcc623cb,0xd7cb2ac5, | 
| 109 |  |   0xe6e815ef,0xede51ce1,0xf0f207f3,0xfbff0efd, | 
| 110 |  |   0x92b479a7,0x99b970a9,0x84ae6bbb,0x8fa362b5, | 
| 111 |  |   0xbe805d9f,0xb58d5491,0xa89a4f83,0xa397468d, | 
| 112 |  | }; | 
| 113 |  |  | 
| 114 | 0 | #define MIX_COLUMN(T, key) do { \ | 
| 115 | 0 |     uint32_t _k, _nk, _t; \ | 
| 116 | 0 |     _k = (key);     \ | 
| 117 | 0 |     _nk = T[_k & 0xff];   \ | 
| 118 | 0 |     _k >>= 8;     \ | 
| 119 | 0 |     _t = T[_k & 0xff];    \ | 
| 120 | 0 |     _nk ^= ROTL32(8, _t);  \ | 
| 121 | 0 |     _k >>= 8;     \ | 
| 122 | 0 |     _t = T[_k & 0xff];    \ | 
| 123 | 0 |     _nk ^= ROTL32(16, _t); \ | 
| 124 | 0 |     _k >>= 8;     \ | 
| 125 | 0 |     _t = T[_k & 0xff];    \ | 
| 126 | 0 |     _nk ^= ROTL32(24, _t); \ | 
| 127 | 0 |     (key) = _nk;    \ | 
| 128 | 0 |   } while(0) | 
| 129 |  |    | 
| 130 |  |  | 
| 131 | 0 | #define SWAP(a, b) \ | 
| 132 | 0 | do { uint32_t t_swap = (a); (a) = (b); (b) = t_swap; } while(0) | 
| 133 |  |  | 
| 134 |  | void | 
| 135 |  | _nettle_aes_invert(unsigned rounds, uint32_t *dst, const uint32_t *src) | 
| 136 | 0 | { | 
| 137 | 0 |   unsigned i; | 
| 138 |  |  | 
| 139 |  |   /* Reverse the order of subkeys, in groups of 4. */ | 
| 140 |  |   /* FIXME: Instead of reordering the subkeys, change the access order | 
| 141 |  |      of aes_decrypt, since it's a separate function anyway? */ | 
| 142 | 0 |   if (src == dst) | 
| 143 | 0 |     { | 
| 144 | 0 |       unsigned j, k; | 
| 145 |  | 
 | 
| 146 | 0 |       for (i = 0, j = rounds * 4; | 
| 147 | 0 |      i < j; | 
| 148 | 0 |      i += 4, j -= 4) | 
| 149 | 0 |   for (k = 0; k<4; k++) | 
| 150 | 0 |     SWAP(dst[i+k], dst[j+k]); | 
| 151 | 0 |     } | 
| 152 | 0 |   else | 
| 153 | 0 |     { | 
| 154 | 0 |       unsigned k; | 
| 155 |  | 
 | 
| 156 | 0 |       for (i = 0; i <= rounds * 4; i += 4) | 
| 157 | 0 |   for (k = 0; k < 4; k++) | 
| 158 | 0 |     dst[i+k] = src[rounds * 4 - i + k]; | 
| 159 | 0 |     } | 
| 160 |  |  | 
| 161 |  |   /* Transform all subkeys but the first and last. */ | 
| 162 | 0 |   for (i = 4; i < 4 * rounds; i++) | 
| 163 | 0 |     MIX_COLUMN (mtable, dst[i]); | 
| 164 | 0 | } |