summaryrefslogtreecommitdiff
path: root/rijndael.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2014-05-15 13:45:26 +1000
committerDamien Miller <djm@mindrot.org>2014-05-15 13:45:26 +1000
commitec0b67eb3b4e12f296ced1fafa01860c374f7eea (patch)
tree5514466b059c42ca2fe51e9a0801614465c447aa /rijndael.c
parentf028460d0b2e5a584355321015cde69bf6fd933e (diff)
- (djm) [rijndael.c rijndael.h] Sync with newly-ressurected versions ine
OpenBSD
Diffstat (limited to 'rijndael.c')
-rw-r--r--rijndael.c170
1 files changed, 90 insertions, 80 deletions
diff --git a/rijndael.c b/rijndael.c
index 7432ea2e4..cde90789e 100644
--- a/rijndael.c
+++ b/rijndael.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rijndael.c,v 1.16 2004/06/23 00:39:38 mouring Exp $ */ 1/* $OpenBSD: rijndael.c,v 1.18 2014/04/29 15:42:07 markus Exp $ */
2 2
3/** 3/**
4 * rijndael-alg-fst.c 4 * rijndael-alg-fst.c
@@ -25,6 +25,7 @@
25 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, 25 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
26 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */ 27 */
28
28#include "includes.h" 29#include "includes.h"
29 30
30#include <stdlib.h> 31#include <stdlib.h>
@@ -32,7 +33,7 @@
32 33
33#include "rijndael.h" 34#include "rijndael.h"
34 35
35#define FULL_UNROLL 36#undef FULL_UNROLL
36 37
37/* 38/*
38Te0[x] = S [x].[02, 01, 01, 03]; 39Te0[x] = S [x].[02, 01, 01, 03];
@@ -247,7 +248,6 @@ static const u32 Te2[256] = {
247 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, 248 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
248}; 249};
249static const u32 Te3[256] = { 250static const u32 Te3[256] = {
250
251 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, 251 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
252 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, 252 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
253 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, 253 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
@@ -532,7 +532,6 @@ static const u32 Td2[256] = {
532 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, 532 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
533 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, 533 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
534 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, 534 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
535
536 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, 535 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
537 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, 536 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
538 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, 537 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
@@ -724,8 +723,10 @@ static const u32 rcon[] = {
724 * 723 *
725 * @return the number of rounds for the given cipher key size. 724 * @return the number of rounds for the given cipher key size.
726 */ 725 */
727static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) { 726int
728 int i = 0; 727rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits)
728{
729 int i = 0;
729 u32 temp; 730 u32 temp;
730 731
731 rk[0] = GETU32(cipherKey ); 732 rk[0] = GETU32(cipherKey );
@@ -786,9 +787,9 @@ static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int
786 rk[ 9] = rk[ 1] ^ rk[ 8]; 787 rk[ 9] = rk[ 1] ^ rk[ 8];
787 rk[10] = rk[ 2] ^ rk[ 9]; 788 rk[10] = rk[ 2] ^ rk[ 9];
788 rk[11] = rk[ 3] ^ rk[10]; 789 rk[11] = rk[ 3] ^ rk[10];
789 if (++i == 7) { 790 if (++i == 7) {
790 return 14; 791 return 14;
791 } 792 }
792 temp = rk[11]; 793 temp = rk[11];
793 rk[12] = rk[ 4] ^ 794 rk[12] = rk[ 4] ^
794 (Te4[(temp >> 24) ] & 0xff000000) ^ 795 (Te4[(temp >> 24) ] & 0xff000000) ^
@@ -797,7 +798,7 @@ static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int
797 (Te4[(temp ) & 0xff] & 0x000000ff); 798 (Te4[(temp ) & 0xff] & 0x000000ff);
798 rk[13] = rk[ 5] ^ rk[12]; 799 rk[13] = rk[ 5] ^ rk[12];
799 rk[14] = rk[ 6] ^ rk[13]; 800 rk[14] = rk[ 6] ^ rk[13];
800 rk[15] = rk[ 7] ^ rk[14]; 801 rk[15] = rk[ 7] ^ rk[14];
801 rk += 8; 802 rk += 8;
802 } 803 }
803 } 804 }
@@ -809,18 +810,21 @@ static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int
809 * 810 *
810 * @return the number of rounds for the given cipher key size. 811 * @return the number of rounds for the given cipher key size.
811 */ 812 */
812static int 813int
813rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits, 814rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits,
814 int have_encrypt) { 815 int have_encrypt)
816{
815 int Nr, i, j; 817 int Nr, i, j;
816 u32 temp; 818 u32 temp;
817 819
818 if (have_encrypt) { 820 /* expand the cipher key: */
821 if (have_encrypt > 0) {
822 /* Already done */
819 Nr = have_encrypt; 823 Nr = have_encrypt;
820 } else { 824 } else {
821 /* expand the cipher key: */
822 Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits); 825 Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits);
823 } 826 }
827
824 /* invert the order of the round keys: */ 828 /* invert the order of the round keys: */
825 for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) { 829 for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) {
826 temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; 830 temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;
@@ -855,7 +859,10 @@ rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits,
855 return Nr; 859 return Nr;
856} 860}
857 861
858static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], u8 ct[16]) { 862void
863rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16],
864 u8 ct[16])
865{
859 u32 s0, s1, s2, s3, t0, t1, t2, t3; 866 u32 s0, s1, s2, s3, t0, t1, t2, t3;
860#ifndef FULL_UNROLL 867#ifndef FULL_UNROLL
861 int r; 868 int r;
@@ -871,50 +878,50 @@ static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16
871 s3 = GETU32(pt + 12) ^ rk[3]; 878 s3 = GETU32(pt + 12) ^ rk[3];
872#ifdef FULL_UNROLL 879#ifdef FULL_UNROLL
873 /* round 1: */ 880 /* round 1: */
874 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; 881 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
875 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; 882 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
876 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; 883 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
877 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; 884 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
878 /* round 2: */ 885 /* round 2: */
879 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; 886 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
880 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; 887 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
881 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; 888 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
882 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; 889 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
883 /* round 3: */ 890 /* round 3: */
884 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; 891 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
885 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; 892 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
886 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; 893 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
887 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; 894 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
888 /* round 4: */ 895 /* round 4: */
889 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; 896 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
890 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; 897 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
891 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; 898 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
892 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; 899 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
893 /* round 5: */ 900 /* round 5: */
894 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; 901 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
895 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; 902 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
896 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; 903 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
897 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; 904 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
898 /* round 6: */ 905 /* round 6: */
899 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; 906 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
900 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; 907 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
901 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; 908 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
902 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; 909 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
903 /* round 7: */ 910 /* round 7: */
904 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; 911 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
905 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; 912 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
906 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; 913 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
907 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; 914 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
908 /* round 8: */ 915 /* round 8: */
909 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; 916 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
910 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; 917 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
911 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; 918 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
912 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; 919 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
913 /* round 9: */ 920 /* round 9: */
914 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; 921 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
915 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; 922 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
916 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; 923 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
917 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; 924 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
918 if (Nr > 10) { 925 if (Nr > 10) {
919 /* round 10: */ 926 /* round 10: */
920 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; 927 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
@@ -1036,7 +1043,10 @@ static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16
1036 PUTU32(ct + 12, s3); 1043 PUTU32(ct + 12, s3);
1037} 1044}
1038 1045
1039static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 pt[16]) { 1046static void
1047rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16],
1048 u8 pt[16])
1049{
1040 u32 s0, s1, s2, s3, t0, t1, t2, t3; 1050 u32 s0, s1, s2, s3, t0, t1, t2, t3;
1041#ifndef FULL_UNROLL 1051#ifndef FULL_UNROLL
1042 int r; 1052 int r;
@@ -1187,33 +1197,33 @@ static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16
1187 * apply last round and 1197 * apply last round and
1188 * map cipher state to byte array block: 1198 * map cipher state to byte array block:
1189 */ 1199 */
1190 s0 = 1200 s0 =
1191 (Td4[(t0 >> 24) ] & 0xff000000) ^ 1201 (Td4[(t0 >> 24) ] & 0xff000000) ^
1192 (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ 1202 (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1193 (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ 1203 (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
1194 (Td4[(t1 ) & 0xff] & 0x000000ff) ^ 1204 (Td4[(t1 ) & 0xff] & 0x000000ff) ^
1195 rk[0]; 1205 rk[0];
1196 PUTU32(pt , s0); 1206 PUTU32(pt , s0);
1197 s1 = 1207 s1 =
1198 (Td4[(t1 >> 24) ] & 0xff000000) ^ 1208 (Td4[(t1 >> 24) ] & 0xff000000) ^
1199 (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ 1209 (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1200 (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ 1210 (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
1201 (Td4[(t2 ) & 0xff] & 0x000000ff) ^ 1211 (Td4[(t2 ) & 0xff] & 0x000000ff) ^
1202 rk[1]; 1212 rk[1];
1203 PUTU32(pt + 4, s1); 1213 PUTU32(pt + 4, s1);
1204 s2 = 1214 s2 =
1205 (Td4[(t2 >> 24) ] & 0xff000000) ^ 1215 (Td4[(t2 >> 24) ] & 0xff000000) ^
1206 (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ 1216 (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1207 (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ 1217 (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
1208 (Td4[(t3 ) & 0xff] & 0x000000ff) ^ 1218 (Td4[(t3 ) & 0xff] & 0x000000ff) ^
1209 rk[2]; 1219 rk[2];
1210 PUTU32(pt + 8, s2); 1220 PUTU32(pt + 8, s2);
1211 s3 = 1221 s3 =
1212 (Td4[(t3 >> 24) ] & 0xff000000) ^ 1222 (Td4[(t3 >> 24) ] & 0xff000000) ^
1213 (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ 1223 (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1214 (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ 1224 (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
1215 (Td4[(t0 ) & 0xff] & 0x000000ff) ^ 1225 (Td4[(t0 ) & 0xff] & 0x000000ff) ^
1216 rk[3]; 1226 rk[3];
1217 PUTU32(pt + 12, s3); 1227 PUTU32(pt + 12, s3);
1218} 1228}
1219 1229
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-01 05:16:34 +0000