diff options
Diffstat (limited to 'libraries/irrlicht-1.8/source/Irrlicht/aesGladman/aescrypt.cpp')
-rw-r--r-- | libraries/irrlicht-1.8/source/Irrlicht/aesGladman/aescrypt.cpp | 606 |
1 files changed, 303 insertions, 303 deletions
diff --git a/libraries/irrlicht-1.8/source/Irrlicht/aesGladman/aescrypt.cpp b/libraries/irrlicht-1.8/source/Irrlicht/aesGladman/aescrypt.cpp index 8d1feee..54ddc21 100644 --- a/libraries/irrlicht-1.8/source/Irrlicht/aesGladman/aescrypt.cpp +++ b/libraries/irrlicht-1.8/source/Irrlicht/aesGladman/aescrypt.cpp | |||
@@ -1,303 +1,303 @@ | |||
1 | /* | 1 | /* |
2 | --------------------------------------------------------------------------- | 2 | --------------------------------------------------------------------------- |
3 | Copyright (c) 2003, Dr Brian Gladman < >, Worcester, UK. | 3 | Copyright (c) 2003, Dr Brian Gladman < >, Worcester, UK. |
4 | All rights reserved. | 4 | All rights reserved. |
5 | 5 | ||
6 | LICENSE TERMS | 6 | LICENSE TERMS |
7 | 7 | ||
8 | The free distribution and use of this software in both source and binary | 8 | The free distribution and use of this software in both source and binary |
9 | form is allowed (with or without changes) provided that: | 9 | form is allowed (with or without changes) provided that: |
10 | 10 | ||
11 | 1. distributions of this source code include the above copyright | 11 | 1. distributions of this source code include the above copyright |
12 | notice, this list of conditions and the following disclaimer; | 12 | notice, this list of conditions and the following disclaimer; |
13 | 13 | ||
14 | 2. distributions in binary form include the above copyright | 14 | 2. distributions in binary form include the above copyright |
15 | notice, this list of conditions and the following disclaimer | 15 | notice, this list of conditions and the following disclaimer |
16 | in the documentation and/or other associated materials; | 16 | in the documentation and/or other associated materials; |
17 | 17 | ||
18 | 3. the copyright holder's name is not used to endorse products | 18 | 3. the copyright holder's name is not used to endorse products |
19 | built using this software without specific written permission. | 19 | built using this software without specific written permission. |
20 | 20 | ||
21 | ALTERNATIVELY, provided that this notice is retained in full, this product | 21 | ALTERNATIVELY, provided that this notice is retained in full, this product |
22 | may be distributed under the terms of the GNU General Public License (GPL), | 22 | may be distributed under the terms of the GNU General Public License (GPL), |
23 | in which case the provisions of the GPL apply INSTEAD OF those given above. | 23 | in which case the provisions of the GPL apply INSTEAD OF those given above. |
24 | 24 | ||
25 | DISCLAIMER | 25 | DISCLAIMER |
26 | 26 | ||
27 | This software is provided 'as is' with no explicit or implied warranties | 27 | This software is provided 'as is' with no explicit or implied warranties |
28 | in respect of its properties, including, but not limited to, correctness | 28 | in respect of its properties, including, but not limited to, correctness |
29 | and/or fitness for purpose. | 29 | and/or fitness for purpose. |
30 | --------------------------------------------------------------------------- | 30 | --------------------------------------------------------------------------- |
31 | Issue Date: 26/08/2003 | 31 | Issue Date: 26/08/2003 |
32 | 32 | ||
33 | This file contains the code for implementing encryption and decryption | 33 | This file contains the code for implementing encryption and decryption |
34 | for AES (Rijndael) for block and key sizes of 16, 24 and 32 bytes. It | 34 | for AES (Rijndael) for block and key sizes of 16, 24 and 32 bytes. It |
35 | can optionally be replaced by code written in assembler using NASM. For | 35 | can optionally be replaced by code written in assembler using NASM. For |
36 | further details see the file aesopt.h | 36 | further details see the file aesopt.h |
37 | */ | 37 | */ |
38 | 38 | ||
39 | #include "aesopt.h" | 39 | #include "aesopt.h" |
40 | 40 | ||
41 | #define si(y,x,k,c) (s(y,c) = word_in(x, c) ^ (k)[c]) | 41 | #define si(y,x,k,c) (s(y,c) = word_in(x, c) ^ (k)[c]) |
42 | #define so(y,x,c) word_out(y, c, s(x,c)) | 42 | #define so(y,x,c) word_out(y, c, s(x,c)) |
43 | 43 | ||
44 | #if defined(ARRAYS) | 44 | #if defined(ARRAYS) |
45 | #define locals(y,x) x[4],y[4] | 45 | #define locals(y,x) x[4],y[4] |
46 | #else | 46 | #else |
47 | #define locals(y,x) x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3 | 47 | #define locals(y,x) x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3 |
48 | #endif | 48 | #endif |
49 | 49 | ||
50 | #define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \ | 50 | #define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \ |
51 | s(y,2) = s(x,2); s(y,3) = s(x,3); | 51 | s(y,2) = s(x,2); s(y,3) = s(x,3); |
52 | #define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3) | 52 | #define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3) |
53 | #define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3) | 53 | #define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3) |
54 | #define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3) | 54 | #define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3) |
55 | 55 | ||
56 | #if defined(ENCRYPTION) && !defined(AES_ASM) | 56 | #if defined(ENCRYPTION) && !defined(AES_ASM) |
57 | 57 | ||
58 | /* Visual C++ .Net v7.1 provides the fastest encryption code when using | 58 | /* Visual C++ .Net v7.1 provides the fastest encryption code when using |
59 | Pentium optimization with small code but this is poor for decryption | 59 | Pentium optimization with small code but this is poor for decryption |
60 | so we need to control this with the following VC++ pragmas | 60 | so we need to control this with the following VC++ pragmas |
61 | */ | 61 | */ |
62 | 62 | ||
63 | #if defined(_MSC_VER) | 63 | #if defined(_MSC_VER) |
64 | #pragma optimize( "s", on ) | 64 | #pragma optimize( "s", on ) |
65 | #endif | 65 | #endif |
66 | 66 | ||
67 | /* Given the column (c) of the output state variable, the following | 67 | /* Given the column (c) of the output state variable, the following |
68 | macros give the input state variables which are needed in its | 68 | macros give the input state variables which are needed in its |
69 | computation for each row (r) of the state. All the alternative | 69 | computation for each row (r) of the state. All the alternative |
70 | macros give the same end values but expand into different ways | 70 | macros give the same end values but expand into different ways |
71 | of calculating these values. In particular the complex macro | 71 | of calculating these values. In particular the complex macro |
72 | used for dynamically variable block sizes is designed to expand | 72 | used for dynamically variable block sizes is designed to expand |
73 | to a compile time constant whenever possible but will expand to | 73 | to a compile time constant whenever possible but will expand to |
74 | conditional clauses on some branches (I am grateful to Frank | 74 | conditional clauses on some branches (I am grateful to Frank |
75 | Yellin for this construction) | 75 | Yellin for this construction) |
76 | */ | 76 | */ |
77 | 77 | ||
78 | #define fwd_var(x,r,c)\ | 78 | #define fwd_var(x,r,c)\ |
79 | ( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\ | 79 | ( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\ |
80 | : r == 1 ? ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0))\ | 80 | : r == 1 ? ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0))\ |
81 | : r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\ | 81 | : r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\ |
82 | : ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2))) | 82 | : ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2))) |
83 | 83 | ||
84 | #if defined(FT4_SET) | 84 | #if defined(FT4_SET) |
85 | #undef dec_fmvars | 85 | #undef dec_fmvars |
86 | #define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,n),fwd_var,rf1,c)) | 86 | #define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,n),fwd_var,rf1,c)) |
87 | #elif defined(FT1_SET) | 87 | #elif defined(FT1_SET) |
88 | #undef dec_fmvars | 88 | #undef dec_fmvars |
89 | #define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(f,n),fwd_var,rf1,c)) | 89 | #define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(f,n),fwd_var,rf1,c)) |
90 | #else | 90 | #else |
91 | #define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ fwd_mcol(no_table(x,t_use(s,box),fwd_var,rf1,c))) | 91 | #define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ fwd_mcol(no_table(x,t_use(s,box),fwd_var,rf1,c))) |
92 | #endif | 92 | #endif |
93 | 93 | ||
94 | #if defined(FL4_SET) | 94 | #if defined(FL4_SET) |
95 | #define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,l),fwd_var,rf1,c)) | 95 | #define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,l),fwd_var,rf1,c)) |
96 | #elif defined(FL1_SET) | 96 | #elif defined(FL1_SET) |
97 | #define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(f,l),fwd_var,rf1,c)) | 97 | #define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(f,l),fwd_var,rf1,c)) |
98 | #else | 98 | #else |
99 | #define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(s,box),fwd_var,rf1,c)) | 99 | #define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(s,box),fwd_var,rf1,c)) |
100 | #endif | 100 | #endif |
101 | 101 | ||
102 | aes_rval aes_encrypt(const void *in_blk, void *out_blk, const aes_encrypt_ctx cx[1]) | 102 | aes_rval aes_encrypt(const void *in_blk, void *out_blk, const aes_encrypt_ctx cx[1]) |
103 | { aes_32t locals(b0, b1); | 103 | { aes_32t locals(b0, b1); |
104 | const aes_32t *kp = cx->ks; | 104 | const aes_32t *kp = cx->ks; |
105 | #ifdef dec_fmvars | 105 | #ifdef dec_fmvars |
106 | dec_fmvars; /* declare variables for fwd_mcol() if needed */ | 106 | dec_fmvars; /* declare variables for fwd_mcol() if needed */ |
107 | #endif | 107 | #endif |
108 | 108 | ||
109 | aes_32t nr = (kp[45] ^ kp[52] ^ kp[53] ? kp[52] : 14); | 109 | aes_32t nr = (kp[45] ^ kp[52] ^ kp[53] ? kp[52] : 14); |
110 | 110 | ||
111 | #ifdef AES_ERR_CHK | 111 | #ifdef AES_ERR_CHK |
112 | if( (nr != 10 || !(kp[0] | kp[3] | kp[4])) | 112 | if( (nr != 10 || !(kp[0] | kp[3] | kp[4])) |
113 | && (nr != 12 || !(kp[0] | kp[5] | kp[6])) | 113 | && (nr != 12 || !(kp[0] | kp[5] | kp[6])) |
114 | && (nr != 14 || !(kp[0] | kp[7] | kp[8])) ) | 114 | && (nr != 14 || !(kp[0] | kp[7] | kp[8])) ) |
115 | return aes_error; | 115 | return aes_error; |
116 | #endif | 116 | #endif |
117 | 117 | ||
118 | state_in(b0, in_blk, kp); | 118 | state_in(b0, in_blk, kp); |
119 | 119 | ||
120 | #if (ENC_UNROLL == FULL) | 120 | #if (ENC_UNROLL == FULL) |
121 | 121 | ||
122 | switch(nr) | 122 | switch(nr) |
123 | { | 123 | { |
124 | case 14: | 124 | case 14: |
125 | round(fwd_rnd, b1, b0, kp + 1 * N_COLS); | 125 | round(fwd_rnd, b1, b0, kp + 1 * N_COLS); |
126 | round(fwd_rnd, b0, b1, kp + 2 * N_COLS); | 126 | round(fwd_rnd, b0, b1, kp + 2 * N_COLS); |
127 | kp += 2 * N_COLS; | 127 | kp += 2 * N_COLS; |
128 | case 12: | 128 | case 12: |
129 | round(fwd_rnd, b1, b0, kp + 1 * N_COLS); | 129 | round(fwd_rnd, b1, b0, kp + 1 * N_COLS); |
130 | round(fwd_rnd, b0, b1, kp + 2 * N_COLS); | 130 | round(fwd_rnd, b0, b1, kp + 2 * N_COLS); |
131 | kp += 2 * N_COLS; | 131 | kp += 2 * N_COLS; |
132 | case 10: | 132 | case 10: |
133 | round(fwd_rnd, b1, b0, kp + 1 * N_COLS); | 133 | round(fwd_rnd, b1, b0, kp + 1 * N_COLS); |
134 | round(fwd_rnd, b0, b1, kp + 2 * N_COLS); | 134 | round(fwd_rnd, b0, b1, kp + 2 * N_COLS); |
135 | round(fwd_rnd, b1, b0, kp + 3 * N_COLS); | 135 | round(fwd_rnd, b1, b0, kp + 3 * N_COLS); |
136 | round(fwd_rnd, b0, b1, kp + 4 * N_COLS); | 136 | round(fwd_rnd, b0, b1, kp + 4 * N_COLS); |
137 | round(fwd_rnd, b1, b0, kp + 5 * N_COLS); | 137 | round(fwd_rnd, b1, b0, kp + 5 * N_COLS); |
138 | round(fwd_rnd, b0, b1, kp + 6 * N_COLS); | 138 | round(fwd_rnd, b0, b1, kp + 6 * N_COLS); |
139 | round(fwd_rnd, b1, b0, kp + 7 * N_COLS); | 139 | round(fwd_rnd, b1, b0, kp + 7 * N_COLS); |
140 | round(fwd_rnd, b0, b1, kp + 8 * N_COLS); | 140 | round(fwd_rnd, b0, b1, kp + 8 * N_COLS); |
141 | round(fwd_rnd, b1, b0, kp + 9 * N_COLS); | 141 | round(fwd_rnd, b1, b0, kp + 9 * N_COLS); |
142 | round(fwd_lrnd, b0, b1, kp +10 * N_COLS); | 142 | round(fwd_lrnd, b0, b1, kp +10 * N_COLS); |
143 | } | 143 | } |
144 | 144 | ||
145 | #else | 145 | #else |
146 | 146 | ||
147 | #if (ENC_UNROLL == PARTIAL) | 147 | #if (ENC_UNROLL == PARTIAL) |
148 | { aes_32t rnd; | 148 | { aes_32t rnd; |
149 | for(rnd = 0; rnd < (nr >> 1) - 1; ++rnd) | 149 | for(rnd = 0; rnd < (nr >> 1) - 1; ++rnd) |
150 | { | 150 | { |
151 | kp += N_COLS; | 151 | kp += N_COLS; |
152 | round(fwd_rnd, b1, b0, kp); | 152 | round(fwd_rnd, b1, b0, kp); |
153 | kp += N_COLS; | 153 | kp += N_COLS; |
154 | round(fwd_rnd, b0, b1, kp); | 154 | round(fwd_rnd, b0, b1, kp); |
155 | } | 155 | } |
156 | kp += N_COLS; | 156 | kp += N_COLS; |
157 | round(fwd_rnd, b1, b0, kp); | 157 | round(fwd_rnd, b1, b0, kp); |
158 | #else | 158 | #else |
159 | { aes_32t rnd; | 159 | { aes_32t rnd; |
160 | for(rnd = 0; rnd < nr - 1; ++rnd) | 160 | for(rnd = 0; rnd < nr - 1; ++rnd) |
161 | { | 161 | { |
162 | kp += N_COLS; | 162 | kp += N_COLS; |
163 | round(fwd_rnd, b1, b0, kp); | 163 | round(fwd_rnd, b1, b0, kp); |
164 | l_copy(b0, b1); | 164 | l_copy(b0, b1); |
165 | } | 165 | } |
166 | #endif | 166 | #endif |
167 | kp += N_COLS; | 167 | kp += N_COLS; |
168 | round(fwd_lrnd, b0, b1, kp); | 168 | round(fwd_lrnd, b0, b1, kp); |
169 | } | 169 | } |
170 | #endif | 170 | #endif |
171 | 171 | ||
172 | state_out(out_blk, b0); | 172 | state_out(out_blk, b0); |
173 | #ifdef AES_ERR_CHK | 173 | #ifdef AES_ERR_CHK |
174 | return aes_good; | 174 | return aes_good; |
175 | #endif | 175 | #endif |
176 | } | 176 | } |
177 | 177 | ||
178 | #endif | 178 | #endif |
179 | 179 | ||
180 | #if defined(DECRYPTION) && !defined(AES_ASM) | 180 | #if defined(DECRYPTION) && !defined(AES_ASM) |
181 | 181 | ||
182 | /* Visual C++ .Net v7.1 provides the fastest encryption code when using | 182 | /* Visual C++ .Net v7.1 provides the fastest encryption code when using |
183 | Pentium optimization with small code but this is poor for decryption | 183 | Pentium optimization with small code but this is poor for decryption |
184 | so we need to control this with the following VC++ pragmas | 184 | so we need to control this with the following VC++ pragmas |
185 | */ | 185 | */ |
186 | 186 | ||
187 | #if defined(_MSC_VER) | 187 | #if defined(_MSC_VER) |
188 | #pragma optimize( "t", on ) | 188 | #pragma optimize( "t", on ) |
189 | #endif | 189 | #endif |
190 | 190 | ||
191 | /* Given the column (c) of the output state variable, the following | 191 | /* Given the column (c) of the output state variable, the following |
192 | macros give the input state variables which are needed in its | 192 | macros give the input state variables which are needed in its |
193 | computation for each row (r) of the state. All the alternative | 193 | computation for each row (r) of the state. All the alternative |
194 | macros give the same end values but expand into different ways | 194 | macros give the same end values but expand into different ways |
195 | of calculating these values. In particular the complex macro | 195 | of calculating these values. In particular the complex macro |
196 | used for dynamically variable block sizes is designed to expand | 196 | used for dynamically variable block sizes is designed to expand |
197 | to a compile time constant whenever possible but will expand to | 197 | to a compile time constant whenever possible but will expand to |
198 | conditional clauses on some branches (I am grateful to Frank | 198 | conditional clauses on some branches (I am grateful to Frank |
199 | Yellin for this construction) | 199 | Yellin for this construction) |
200 | */ | 200 | */ |
201 | 201 | ||
202 | #define inv_var(x,r,c)\ | 202 | #define inv_var(x,r,c)\ |
203 | ( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\ | 203 | ( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\ |
204 | : r == 1 ? ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2))\ | 204 | : r == 1 ? ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2))\ |
205 | : r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\ | 205 | : r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\ |
206 | : ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0))) | 206 | : ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0))) |
207 | 207 | ||
208 | #if defined(IT4_SET) | 208 | #if defined(IT4_SET) |
209 | #undef dec_imvars | 209 | #undef dec_imvars |
210 | #define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,n),inv_var,rf1,c)) | 210 | #define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,n),inv_var,rf1,c)) |
211 | #elif defined(IT1_SET) | 211 | #elif defined(IT1_SET) |
212 | #undef dec_imvars | 212 | #undef dec_imvars |
213 | #define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(i,n),inv_var,rf1,c)) | 213 | #define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(i,n),inv_var,rf1,c)) |
214 | #else | 214 | #else |
215 | #define inv_rnd(y,x,k,c) (s(y,c) = inv_mcol((k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c))) | 215 | #define inv_rnd(y,x,k,c) (s(y,c) = inv_mcol((k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c))) |
216 | #endif | 216 | #endif |
217 | 217 | ||
218 | #if defined(IL4_SET) | 218 | #if defined(IL4_SET) |
219 | #define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,l),inv_var,rf1,c)) | 219 | #define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,l),inv_var,rf1,c)) |
220 | #elif defined(IL1_SET) | 220 | #elif defined(IL1_SET) |
221 | #define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(i,l),inv_var,rf1,c)) | 221 | #define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(i,l),inv_var,rf1,c)) |
222 | #else | 222 | #else |
223 | #define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c)) | 223 | #define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c)) |
224 | #endif | 224 | #endif |
225 | 225 | ||
226 | aes_rval aes_decrypt(const void *in_blk, void *out_blk, const aes_decrypt_ctx cx[1]) | 226 | aes_rval aes_decrypt(const void *in_blk, void *out_blk, const aes_decrypt_ctx cx[1]) |
227 | { aes_32t locals(b0, b1); | 227 | { aes_32t locals(b0, b1); |
228 | #ifdef dec_imvars | 228 | #ifdef dec_imvars |
229 | dec_imvars; /* declare variables for inv_mcol() if needed */ | 229 | dec_imvars; /* declare variables for inv_mcol() if needed */ |
230 | #endif | 230 | #endif |
231 | 231 | ||
232 | aes_32t nr = (cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] ? cx->ks[52] : 14); | 232 | aes_32t nr = (cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] ? cx->ks[52] : 14); |
233 | const aes_32t *kp = cx->ks + nr * N_COLS; | 233 | const aes_32t *kp = cx->ks + nr * N_COLS; |
234 | 234 | ||
235 | #ifdef AES_ERR_CHK | 235 | #ifdef AES_ERR_CHK |
236 | if( (nr != 10 || !(cx->ks[0] | cx->ks[3] | cx->ks[4])) | 236 | if( (nr != 10 || !(cx->ks[0] | cx->ks[3] | cx->ks[4])) |
237 | && (nr != 12 || !(cx->ks[0] | cx->ks[5] | cx->ks[6])) | 237 | && (nr != 12 || !(cx->ks[0] | cx->ks[5] | cx->ks[6])) |
238 | && (nr != 14 || !(cx->ks[0] | cx->ks[7] | cx->ks[8])) ) | 238 | && (nr != 14 || !(cx->ks[0] | cx->ks[7] | cx->ks[8])) ) |
239 | return aes_error; | 239 | return aes_error; |
240 | #endif | 240 | #endif |
241 | 241 | ||
242 | state_in(b0, in_blk, kp); | 242 | state_in(b0, in_blk, kp); |
243 | 243 | ||
244 | #if (DEC_UNROLL == FULL) | 244 | #if (DEC_UNROLL == FULL) |
245 | 245 | ||
246 | switch(nr) | 246 | switch(nr) |
247 | { | 247 | { |
248 | case 14: | 248 | case 14: |
249 | round(inv_rnd, b1, b0, kp - 1 * N_COLS); | 249 | round(inv_rnd, b1, b0, kp - 1 * N_COLS); |
250 | round(inv_rnd, b0, b1, kp - 2 * N_COLS); | 250 | round(inv_rnd, b0, b1, kp - 2 * N_COLS); |
251 | kp -= 2 * N_COLS; | 251 | kp -= 2 * N_COLS; |
252 | case 12: | 252 | case 12: |
253 | round(inv_rnd, b1, b0, kp - 1 * N_COLS); | 253 | round(inv_rnd, b1, b0, kp - 1 * N_COLS); |
254 | round(inv_rnd, b0, b1, kp - 2 * N_COLS); | 254 | round(inv_rnd, b0, b1, kp - 2 * N_COLS); |
255 | kp -= 2 * N_COLS; | 255 | kp -= 2 * N_COLS; |
256 | case 10: | 256 | case 10: |
257 | round(inv_rnd, b1, b0, kp - 1 * N_COLS); | 257 | round(inv_rnd, b1, b0, kp - 1 * N_COLS); |
258 | round(inv_rnd, b0, b1, kp - 2 * N_COLS); | 258 | round(inv_rnd, b0, b1, kp - 2 * N_COLS); |
259 | round(inv_rnd, b1, b0, kp - 3 * N_COLS); | 259 | round(inv_rnd, b1, b0, kp - 3 * N_COLS); |
260 | round(inv_rnd, b0, b1, kp - 4 * N_COLS); | 260 | round(inv_rnd, b0, b1, kp - 4 * N_COLS); |
261 | round(inv_rnd, b1, b0, kp - 5 * N_COLS); | 261 | round(inv_rnd, b1, b0, kp - 5 * N_COLS); |
262 | round(inv_rnd, b0, b1, kp - 6 * N_COLS); | 262 | round(inv_rnd, b0, b1, kp - 6 * N_COLS); |
263 | round(inv_rnd, b1, b0, kp - 7 * N_COLS); | 263 | round(inv_rnd, b1, b0, kp - 7 * N_COLS); |
264 | round(inv_rnd, b0, b1, kp - 8 * N_COLS); | 264 | round(inv_rnd, b0, b1, kp - 8 * N_COLS); |
265 | round(inv_rnd, b1, b0, kp - 9 * N_COLS); | 265 | round(inv_rnd, b1, b0, kp - 9 * N_COLS); |
266 | round(inv_lrnd, b0, b1, kp - 10 * N_COLS); | 266 | round(inv_lrnd, b0, b1, kp - 10 * N_COLS); |
267 | } | 267 | } |
268 | 268 | ||
269 | #else | 269 | #else |
270 | 270 | ||
271 | #if (DEC_UNROLL == PARTIAL) | 271 | #if (DEC_UNROLL == PARTIAL) |
272 | { aes_32t rnd; | 272 | { aes_32t rnd; |
273 | for(rnd = 0; rnd < (nr >> 1) - 1; ++rnd) | 273 | for(rnd = 0; rnd < (nr >> 1) - 1; ++rnd) |
274 | { | 274 | { |
275 | kp -= N_COLS; | 275 | kp -= N_COLS; |
276 | round(inv_rnd, b1, b0, kp); | 276 | round(inv_rnd, b1, b0, kp); |
277 | kp -= N_COLS; | 277 | kp -= N_COLS; |
278 | round(inv_rnd, b0, b1, kp); | 278 | round(inv_rnd, b0, b1, kp); |
279 | } | 279 | } |
280 | kp -= N_COLS; | 280 | kp -= N_COLS; |
281 | round(inv_rnd, b1, b0, kp); | 281 | round(inv_rnd, b1, b0, kp); |
282 | #else | 282 | #else |
283 | { aes_32t rnd; | 283 | { aes_32t rnd; |
284 | for(rnd = 0; rnd < nr - 1; ++rnd) | 284 | for(rnd = 0; rnd < nr - 1; ++rnd) |
285 | { | 285 | { |
286 | kp -= N_COLS; | 286 | kp -= N_COLS; |
287 | round(inv_rnd, b1, b0, kp); | 287 | round(inv_rnd, b1, b0, kp); |
288 | l_copy(b0, b1); | 288 | l_copy(b0, b1); |
289 | } | 289 | } |
290 | #endif | 290 | #endif |
291 | kp -= N_COLS; | 291 | kp -= N_COLS; |
292 | round(inv_lrnd, b0, b1, kp); | 292 | round(inv_lrnd, b0, b1, kp); |
293 | } | 293 | } |
294 | #endif | 294 | #endif |
295 | 295 | ||
296 | state_out(out_blk, b0); | 296 | state_out(out_blk, b0); |
297 | #ifdef AES_ERR_CHK | 297 | #ifdef AES_ERR_CHK |
298 | return aes_good; | 298 | return aes_good; |
299 | #endif | 299 | #endif |
300 | } | 300 | } |
301 | 301 | ||
302 | #endif | 302 | #endif |
303 | 303 | ||