summaryrefslogtreecommitdiff
path: root/rijndael.c
diff options
context:
space:
mode:
authormikeb@openbsd.org <mikeb@openbsd.org>2014-11-18 22:38:48 +0000
committerDamien Miller <djm@mindrot.org>2014-11-24 10:15:04 +1100
commita1f8110cd5ed818d59b3a2964fab7de76e92c18e (patch)
treee94c812dba4af664f48555be964d7e0f93b64cc0 /rijndael.c
parent335c83d5f35d8620e16b8aa26592d4f836e09ad2 (diff)
upstream commit
Sync AES code to the one shipped in OpenSSL/LibreSSL. This includes a commit made by Andy Polyakov <appro at openssl ! org> to the OpenSSL source tree on Wed, 28 Jun 2006 with the following message: "Mitigate cache-collision timing attack on last round." OK naddy, miod, djm
Diffstat (limited to 'rijndael.c')
-rw-r--r--rijndael.c299
1 files changed, 101 insertions, 198 deletions
diff --git a/rijndael.c b/rijndael.c
index cde90789e..91ef513c9 100644
--- a/rijndael.c
+++ b/rijndael.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rijndael.c,v 1.18 2014/04/29 15:42:07 markus Exp $ */ 1/* $OpenBSD: rijndael.c,v 1.19 2014/11/18 22:38:48 mikeb Exp $ */
2 2
3/** 3/**
4 * rijndael-alg-fst.c 4 * rijndael-alg-fst.c
@@ -40,13 +40,12 @@ Te0[x] = S [x].[02, 01, 01, 03];
40Te1[x] = S [x].[03, 02, 01, 01]; 40Te1[x] = S [x].[03, 02, 01, 01];
41Te2[x] = S [x].[01, 03, 02, 01]; 41Te2[x] = S [x].[01, 03, 02, 01];
42Te3[x] = S [x].[01, 01, 03, 02]; 42Te3[x] = S [x].[01, 01, 03, 02];
43Te4[x] = S [x].[01, 01, 01, 01];
44 43
45Td0[x] = Si[x].[0e, 09, 0d, 0b]; 44Td0[x] = Si[x].[0e, 09, 0d, 0b];
46Td1[x] = Si[x].[0b, 0e, 09, 0d]; 45Td1[x] = Si[x].[0b, 0e, 09, 0d];
47Td2[x] = Si[x].[0d, 0b, 0e, 09]; 46Td2[x] = Si[x].[0d, 0b, 0e, 09];
48Td3[x] = Si[x].[09, 0d, 0b, 0e]; 47Td3[x] = Si[x].[09, 0d, 0b, 0e];
49Td4[x] = Si[x].[01, 01, 01, 01]; 48Td4[x] = Si[x].[01];
50*/ 49*/
51 50
52static const u32 Te0[256] = { 51static const u32 Te0[256] = {
@@ -313,72 +312,6 @@ static const u32 Te3[256] = {
313 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, 312 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
314 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, 313 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
315}; 314};
316static const u32 Te4[256] = {
317 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
318 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
319 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
320 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
321 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
322 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
323 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
324 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
325 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
326 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
327 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
328 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
329 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
330 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
331 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
332 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
333 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
334 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
335 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
336 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
337 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
338 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
339 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
340 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
341 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
342 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
343 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
344 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
345 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
346 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
347 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
348 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
349 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
350 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
351 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
352 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
353 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
354 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
355 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
356 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
357 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
358 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
359 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
360 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
361 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
362 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
363 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
364 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
365 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
366 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
367 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
368 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
369 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
370 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
371 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
372 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
373 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
374 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
375 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
376 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
377 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
378 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
379 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
380 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
381};
382static const u32 Td0[256] = { 315static const u32 Td0[256] = {
383 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, 316 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
384 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, 317 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
@@ -643,72 +576,42 @@ static const u32 Td3[256] = {
643 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, 576 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
644 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, 577 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
645}; 578};
646static const u32 Td4[256] = { 579#if 0
647 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U, 580static const u8 Td4[256] = {
648 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U, 581 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
649 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU, 582 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
650 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU, 583 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
651 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U, 584 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
652 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U, 585 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
653 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U, 586 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
654 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU, 587 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
655 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U, 588 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
656 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU, 589 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
657 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU, 590 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
658 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU, 591 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
659 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U, 592 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
660 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U, 593 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
661 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U, 594 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
662 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U, 595 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
663 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U, 596 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
664 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U, 597 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
665 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU, 598 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
666 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U, 599 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
667 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U, 600 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
668 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU, 601 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
669 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U, 602 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
670 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U, 603 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
671 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U, 604 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
672 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU, 605 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
673 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U, 606 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
674 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U, 607 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
675 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU, 608 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
676 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U, 609 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
677 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U, 610 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
678 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU, 611 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
679 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U, 612 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
680 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
681 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
682 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
683 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
684 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
685 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
686 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
687 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
688 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
689 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
690 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
691 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
692 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
693 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
694 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
695 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
696 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
697 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
698 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
699 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
700 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
701 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
702 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
703 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
704 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
705 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
706 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
707 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
708 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
709 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
710 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
711}; 613};
614#endif
712static const u32 rcon[] = { 615static const u32 rcon[] = {
713 0x01000000, 0x02000000, 0x04000000, 0x08000000, 616 0x01000000, 0x02000000, 0x04000000, 0x08000000,
714 0x10000000, 0x20000000, 0x40000000, 0x80000000, 617 0x10000000, 0x20000000, 0x40000000, 0x80000000,
@@ -737,10 +640,10 @@ rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits)
737 for (;;) { 640 for (;;) {
738 temp = rk[3]; 641 temp = rk[3];
739 rk[4] = rk[0] ^ 642 rk[4] = rk[0] ^
740 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ 643 (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
741 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ 644 (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
742 (Te4[(temp ) & 0xff] & 0x0000ff00) ^ 645 (Te0[(temp ) & 0xff] & 0x0000ff00) ^
743 (Te4[(temp >> 24) ] & 0x000000ff) ^ 646 (Te1[(temp >> 24) ] & 0x000000ff) ^
744 rcon[i]; 647 rcon[i];
745 rk[5] = rk[1] ^ rk[4]; 648 rk[5] = rk[1] ^ rk[4];
746 rk[6] = rk[2] ^ rk[5]; 649 rk[6] = rk[2] ^ rk[5];
@@ -757,10 +660,10 @@ rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits)
757 for (;;) { 660 for (;;) {
758 temp = rk[ 5]; 661 temp = rk[ 5];
759 rk[ 6] = rk[ 0] ^ 662 rk[ 6] = rk[ 0] ^
760 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ 663 (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
761 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ 664 (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
762 (Te4[(temp ) & 0xff] & 0x0000ff00) ^ 665 (Te0[(temp ) & 0xff] & 0x0000ff00) ^
763 (Te4[(temp >> 24) ] & 0x000000ff) ^ 666 (Te1[(temp >> 24) ] & 0x000000ff) ^
764 rcon[i]; 667 rcon[i];
765 rk[ 7] = rk[ 1] ^ rk[ 6]; 668 rk[ 7] = rk[ 1] ^ rk[ 6];
766 rk[ 8] = rk[ 2] ^ rk[ 7]; 669 rk[ 8] = rk[ 2] ^ rk[ 7];
@@ -779,10 +682,10 @@ rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits)
779 for (;;) { 682 for (;;) {
780 temp = rk[ 7]; 683 temp = rk[ 7];
781 rk[ 8] = rk[ 0] ^ 684 rk[ 8] = rk[ 0] ^
782 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ 685 (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
783 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ 686 (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
784 (Te4[(temp ) & 0xff] & 0x0000ff00) ^ 687 (Te0[(temp ) & 0xff] & 0x0000ff00) ^
785 (Te4[(temp >> 24) ] & 0x000000ff) ^ 688 (Te1[(temp >> 24) ] & 0x000000ff) ^
786 rcon[i]; 689 rcon[i];
787 rk[ 9] = rk[ 1] ^ rk[ 8]; 690 rk[ 9] = rk[ 1] ^ rk[ 8];
788 rk[10] = rk[ 2] ^ rk[ 9]; 691 rk[10] = rk[ 2] ^ rk[ 9];
@@ -792,10 +695,10 @@ rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits)
792 } 695 }
793 temp = rk[11]; 696 temp = rk[11];
794 rk[12] = rk[ 4] ^ 697 rk[12] = rk[ 4] ^
795 (Te4[(temp >> 24) ] & 0xff000000) ^ 698 (Te2[(temp >> 24) ] & 0xff000000) ^
796 (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ 699 (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
797 (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ 700 (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^
798 (Te4[(temp ) & 0xff] & 0x000000ff); 701 (Te1[(temp ) & 0xff] & 0x000000ff);
799 rk[13] = rk[ 5] ^ rk[12]; 702 rk[13] = rk[ 5] ^ rk[12];
800 rk[14] = rk[ 6] ^ rk[13]; 703 rk[14] = rk[ 6] ^ rk[13];
801 rk[15] = rk[ 7] ^ rk[14]; 704 rk[15] = rk[ 7] ^ rk[14];
@@ -836,25 +739,25 @@ rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits,
836 for (i = 1; i < Nr; i++) { 739 for (i = 1; i < Nr; i++) {
837 rk += 4; 740 rk += 4;
838 rk[0] = 741 rk[0] =
839 Td0[Te4[(rk[0] >> 24) ] & 0xff] ^ 742 Td0[Te1[(rk[0] >> 24) ] & 0xff] ^
840 Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^ 743 Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
841 Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^ 744 Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^
842 Td3[Te4[(rk[0] ) & 0xff] & 0xff]; 745 Td3[Te1[(rk[0] ) & 0xff] & 0xff];
843 rk[1] = 746 rk[1] =
844 Td0[Te4[(rk[1] >> 24) ] & 0xff] ^ 747 Td0[Te1[(rk[1] >> 24) ] & 0xff] ^
845 Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^ 748 Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
846 Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^ 749 Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^
847 Td3[Te4[(rk[1] ) & 0xff] & 0xff]; 750 Td3[Te1[(rk[1] ) & 0xff] & 0xff];
848 rk[2] = 751 rk[2] =
849 Td0[Te4[(rk[2] >> 24) ] & 0xff] ^ 752 Td0[Te1[(rk[2] >> 24) ] & 0xff] ^
850 Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^ 753 Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
851 Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^ 754 Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^
852 Td3[Te4[(rk[2] ) & 0xff] & 0xff]; 755 Td3[Te1[(rk[2] ) & 0xff] & 0xff];
853 rk[3] = 756 rk[3] =
854 Td0[Te4[(rk[3] >> 24) ] & 0xff] ^ 757 Td0[Te1[(rk[3] >> 24) ] & 0xff] ^
855 Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^ 758 Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
856 Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^ 759 Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^
857 Td3[Te4[(rk[3] ) & 0xff] & 0xff]; 760 Td3[Te1[(rk[3] ) & 0xff] & 0xff];
858 } 761 }
859 return Nr; 762 return Nr;
860} 763}
@@ -1014,31 +917,31 @@ rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16],
1014 * map cipher state to byte array block: 917 * map cipher state to byte array block:
1015 */ 918 */
1016 s0 = 919 s0 =
1017 (Te4[(t0 >> 24) ] & 0xff000000) ^ 920 (Te2[(t0 >> 24) ] & 0xff000000) ^
1018 (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ 921 (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1019 (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ 922 (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^
1020 (Te4[(t3 ) & 0xff] & 0x000000ff) ^ 923 (Te1[(t3 ) & 0xff] & 0x000000ff) ^
1021 rk[0]; 924 rk[0];
1022 PUTU32(ct , s0); 925 PUTU32(ct , s0);
1023 s1 = 926 s1 =
1024 (Te4[(t1 >> 24) ] & 0xff000000) ^ 927 (Te2[(t1 >> 24) ] & 0xff000000) ^
1025 (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ 928 (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1026 (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ 929 (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^
1027 (Te4[(t0 ) & 0xff] & 0x000000ff) ^ 930 (Te1[(t0 ) & 0xff] & 0x000000ff) ^
1028 rk[1]; 931 rk[1];
1029 PUTU32(ct + 4, s1); 932 PUTU32(ct + 4, s1);
1030 s2 = 933 s2 =
1031 (Te4[(t2 >> 24) ] & 0xff000000) ^ 934 (Te2[(t2 >> 24) ] & 0xff000000) ^
1032 (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ 935 (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1033 (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ 936 (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^
1034 (Te4[(t1 ) & 0xff] & 0x000000ff) ^ 937 (Te1[(t1 ) & 0xff] & 0x000000ff) ^
1035 rk[2]; 938 rk[2];
1036 PUTU32(ct + 8, s2); 939 PUTU32(ct + 8, s2);
1037 s3 = 940 s3 =
1038 (Te4[(t3 >> 24) ] & 0xff000000) ^ 941 (Te2[(t3 >> 24) ] & 0xff000000) ^
1039 (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ 942 (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1040 (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ 943 (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^
1041 (Te4[(t2 ) & 0xff] & 0x000000ff) ^ 944 (Te1[(t2 ) & 0xff] & 0x000000ff) ^
1042 rk[3]; 945 rk[3];
1043 PUTU32(ct + 12, s3); 946 PUTU32(ct + 12, s3);
1044} 947}
@@ -1198,31 +1101,31 @@ rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16],
1198 * map cipher state to byte array block: 1101 * map cipher state to byte array block:
1199 */ 1102 */
1200 s0 = 1103 s0 =
1201 (Td4[(t0 >> 24) ] & 0xff000000) ^ 1104 (Td4[(t0 >> 24) ] << 24) ^
1202 (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ 1105 (Td4[(t3 >> 16) & 0xff] << 16) ^
1203 (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ 1106 (Td4[(t2 >> 8) & 0xff] << 8) ^
1204 (Td4[(t1 ) & 0xff] & 0x000000ff) ^ 1107 (Td4[(t1 ) & 0xff]) ^
1205 rk[0]; 1108 rk[0];
1206 PUTU32(pt , s0); 1109 PUTU32(pt , s0);
1207 s1 = 1110 s1 =
1208 (Td4[(t1 >> 24) ] & 0xff000000) ^ 1111 (Td4[(t1 >> 24) ] << 24) ^
1209 (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ 1112 (Td4[(t0 >> 16) & 0xff] << 16) ^
1210 (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ 1113 (Td4[(t3 >> 8) & 0xff] << 8) ^
1211 (Td4[(t2 ) & 0xff] & 0x000000ff) ^ 1114 (Td4[(t2 ) & 0xff]) ^
1212 rk[1]; 1115 rk[1];
1213 PUTU32(pt + 4, s1); 1116 PUTU32(pt + 4, s1);
1214 s2 = 1117 s2 =
1215 (Td4[(t2 >> 24) ] & 0xff000000) ^ 1118 (Td4[(t2 >> 24) ] << 24) ^
1216 (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ 1119 (Td4[(t1 >> 16) & 0xff] << 16) ^
1217 (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ 1120 (Td4[(t0 >> 8) & 0xff] << 8) ^
1218 (Td4[(t3 ) & 0xff] & 0x000000ff) ^ 1121 (Td4[(t3 ) & 0xff]) ^
1219 rk[2]; 1122 rk[2];
1220 PUTU32(pt + 8, s2); 1123 PUTU32(pt + 8, s2);
1221 s3 = 1124 s3 =
1222 (Td4[(t3 >> 24) ] & 0xff000000) ^ 1125 (Td4[(t3 >> 24) ] << 24) ^
1223 (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ 1126 (Td4[(t2 >> 16) & 0xff] << 16) ^
1224 (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ 1127 (Td4[(t1 >> 8) & 0xff] << 8) ^
1225 (Td4[(t0 ) & 0xff] & 0x000000ff) ^ 1128 (Td4[(t0 ) & 0xff]) ^
1226 rk[3]; 1129 rk[3];
1227 PUTU32(pt + 12, s3); 1130 PUTU32(pt + 12, s3);
1228} 1131}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 09:50:36 +0000