diff options
Diffstat (limited to 'libraries/irrlicht-1.8/source/Irrlicht/aesGladman/aeskey.cpp')
-rw-r--r-- | libraries/irrlicht-1.8/source/Irrlicht/aesGladman/aeskey.cpp | 910 |
1 files changed, 455 insertions, 455 deletions
diff --git a/libraries/irrlicht-1.8/source/Irrlicht/aesGladman/aeskey.cpp b/libraries/irrlicht-1.8/source/Irrlicht/aesGladman/aeskey.cpp index 12d4cbb..272c951 100644 --- a/libraries/irrlicht-1.8/source/Irrlicht/aesGladman/aeskey.cpp +++ b/libraries/irrlicht-1.8/source/Irrlicht/aesGladman/aeskey.cpp | |||
@@ -1,455 +1,455 @@ | |||
1 | /* | 1 | /* |
2 | --------------------------------------------------------------------------- | 2 | --------------------------------------------------------------------------- |
3 | Copyright (c) 2003, Dr Brian Gladman < >, Worcester, UK. | 3 | Copyright (c) 2003, Dr Brian Gladman < >, Worcester, UK. |
4 | All rights reserved. | 4 | All rights reserved. |
5 | 5 | ||
6 | LICENSE TERMS | 6 | LICENSE TERMS |
7 | 7 | ||
8 | The free distribution and use of this software in both source and binary | 8 | The free distribution and use of this software in both source and binary |
9 | form is allowed (with or without changes) provided that: | 9 | form is allowed (with or without changes) provided that: |
10 | 10 | ||
11 | 1. distributions of this source code include the above copyright | 11 | 1. distributions of this source code include the above copyright |
12 | notice, this list of conditions and the following disclaimer; | 12 | notice, this list of conditions and the following disclaimer; |
13 | 13 | ||
14 | 2. distributions in binary form include the above copyright | 14 | 2. distributions in binary form include the above copyright |
15 | notice, this list of conditions and the following disclaimer | 15 | notice, this list of conditions and the following disclaimer |
16 | in the documentation and/or other associated materials; | 16 | in the documentation and/or other associated materials; |
17 | 17 | ||
18 | 3. the copyright holder's name is not used to endorse products | 18 | 3. the copyright holder's name is not used to endorse products |
19 | built using this software without specific written permission. | 19 | built using this software without specific written permission. |
20 | 20 | ||
21 | ALTERNATIVELY, provided that this notice is retained in full, this product | 21 | ALTERNATIVELY, provided that this notice is retained in full, this product |
22 | may be distributed under the terms of the GNU General Public License (GPL), | 22 | may be distributed under the terms of the GNU General Public License (GPL), |
23 | in which case the provisions of the GPL apply INSTEAD OF those given above. | 23 | in which case the provisions of the GPL apply INSTEAD OF those given above. |
24 | 24 | ||
25 | DISCLAIMER | 25 | DISCLAIMER |
26 | 26 | ||
27 | This software is provided 'as is' with no explicit or implied warranties | 27 | This software is provided 'as is' with no explicit or implied warranties |
28 | in respect of its properties, including, but not limited to, correctness | 28 | in respect of its properties, including, but not limited to, correctness |
29 | and/or fitness for purpose. | 29 | and/or fitness for purpose. |
30 | --------------------------------------------------------------------------- | 30 | --------------------------------------------------------------------------- |
31 | Issue Date: 26/08/2003 | 31 | Issue Date: 26/08/2003 |
32 | 32 | ||
33 | This file contains the code for implementing the key schedule for AES | 33 | This file contains the code for implementing the key schedule for AES |
34 | (Rijndael) for block and key sizes of 16, 24, and 32 bytes. See aesopt.h | 34 | (Rijndael) for block and key sizes of 16, 24, and 32 bytes. See aesopt.h |
35 | for further details including optimisation. | 35 | for further details including optimisation. |
36 | */ | 36 | */ |
37 | 37 | ||
38 | #include "aesopt.h" | 38 | #include "aesopt.h" |
39 | 39 | ||
40 | /* Initialise the key schedule from the user supplied key. The key | 40 | /* Initialise the key schedule from the user supplied key. The key |
41 | length can be specified in bytes, with legal values of 16, 24 | 41 | length can be specified in bytes, with legal values of 16, 24 |
42 | and 32, or in bits, with legal values of 128, 192 and 256. These | 42 | and 32, or in bits, with legal values of 128, 192 and 256. These |
43 | values correspond with Nk values of 4, 6 and 8 respectively. | 43 | values correspond with Nk values of 4, 6 and 8 respectively. |
44 | 44 | ||
45 | The following macros implement a single cycle in the key | 45 | The following macros implement a single cycle in the key |
46 | schedule generation process. The number of cycles needed | 46 | schedule generation process. The number of cycles needed |
47 | for each cx->n_col and nk value is: | 47 | for each cx->n_col and nk value is: |
48 | 48 | ||
49 | nk = 4 5 6 7 8 | 49 | nk = 4 5 6 7 8 |
50 | ------------------------------ | 50 | ------------------------------ |
51 | cx->n_col = 4 10 9 8 7 7 | 51 | cx->n_col = 4 10 9 8 7 7 |
52 | cx->n_col = 5 14 11 10 9 9 | 52 | cx->n_col = 5 14 11 10 9 9 |
53 | cx->n_col = 6 19 15 12 11 11 | 53 | cx->n_col = 6 19 15 12 11 11 |
54 | cx->n_col = 7 21 19 16 13 14 | 54 | cx->n_col = 7 21 19 16 13 14 |
55 | cx->n_col = 8 29 23 19 17 14 | 55 | cx->n_col = 8 29 23 19 17 14 |
56 | */ | 56 | */ |
57 | 57 | ||
58 | #define ke4(k,i) \ | 58 | #define ke4(k,i) \ |
59 | { k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+5] = ss[1] ^= ss[0]; \ | 59 | { k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+5] = ss[1] ^= ss[0]; \ |
60 | k[4*(i)+6] = ss[2] ^= ss[1]; k[4*(i)+7] = ss[3] ^= ss[2]; \ | 60 | k[4*(i)+6] = ss[2] ^= ss[1]; k[4*(i)+7] = ss[3] ^= ss[2]; \ |
61 | } | 61 | } |
62 | #define kel4(k,i) \ | 62 | #define kel4(k,i) \ |
63 | { k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+5] = ss[1] ^= ss[0]; \ | 63 | { k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+5] = ss[1] ^= ss[0]; \ |
64 | k[4*(i)+6] = ss[2] ^= ss[1]; k[4*(i)+7] = ss[3] ^= ss[2]; \ | 64 | k[4*(i)+6] = ss[2] ^= ss[1]; k[4*(i)+7] = ss[3] ^= ss[2]; \ |
65 | } | 65 | } |
66 | 66 | ||
67 | #define ke6(k,i) \ | 67 | #define ke6(k,i) \ |
68 | { k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 7] = ss[1] ^= ss[0]; \ | 68 | { k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 7] = ss[1] ^= ss[0]; \ |
69 | k[6*(i)+ 8] = ss[2] ^= ss[1]; k[6*(i)+ 9] = ss[3] ^= ss[2]; \ | 69 | k[6*(i)+ 8] = ss[2] ^= ss[1]; k[6*(i)+ 9] = ss[3] ^= ss[2]; \ |
70 | k[6*(i)+10] = ss[4] ^= ss[3]; k[6*(i)+11] = ss[5] ^= ss[4]; \ | 70 | k[6*(i)+10] = ss[4] ^= ss[3]; k[6*(i)+11] = ss[5] ^= ss[4]; \ |
71 | } | 71 | } |
72 | #define kel6(k,i) \ | 72 | #define kel6(k,i) \ |
73 | { k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 7] = ss[1] ^= ss[0]; \ | 73 | { k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 7] = ss[1] ^= ss[0]; \ |
74 | k[6*(i)+ 8] = ss[2] ^= ss[1]; k[6*(i)+ 9] = ss[3] ^= ss[2]; \ | 74 | k[6*(i)+ 8] = ss[2] ^= ss[1]; k[6*(i)+ 9] = ss[3] ^= ss[2]; \ |
75 | } | 75 | } |
76 | 76 | ||
77 | #define ke8(k,i) \ | 77 | #define ke8(k,i) \ |
78 | { k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 9] = ss[1] ^= ss[0]; \ | 78 | { k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 9] = ss[1] ^= ss[0]; \ |
79 | k[8*(i)+10] = ss[2] ^= ss[1]; k[8*(i)+11] = ss[3] ^= ss[2]; \ | 79 | k[8*(i)+10] = ss[2] ^= ss[1]; k[8*(i)+11] = ss[3] ^= ss[2]; \ |
80 | k[8*(i)+12] = ss[4] ^= ls_box(ss[3],0); k[8*(i)+13] = ss[5] ^= ss[4]; \ | 80 | k[8*(i)+12] = ss[4] ^= ls_box(ss[3],0); k[8*(i)+13] = ss[5] ^= ss[4]; \ |
81 | k[8*(i)+14] = ss[6] ^= ss[5]; k[8*(i)+15] = ss[7] ^= ss[6]; \ | 81 | k[8*(i)+14] = ss[6] ^= ss[5]; k[8*(i)+15] = ss[7] ^= ss[6]; \ |
82 | } | 82 | } |
83 | #define kel8(k,i) \ | 83 | #define kel8(k,i) \ |
84 | { k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 9] = ss[1] ^= ss[0]; \ | 84 | { k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 9] = ss[1] ^= ss[0]; \ |
85 | k[8*(i)+10] = ss[2] ^= ss[1]; k[8*(i)+11] = ss[3] ^= ss[2]; \ | 85 | k[8*(i)+10] = ss[2] ^= ss[1]; k[8*(i)+11] = ss[3] ^= ss[2]; \ |
86 | } | 86 | } |
87 | 87 | ||
88 | #if defined(ENCRYPTION_KEY_SCHEDULE) | 88 | #if defined(ENCRYPTION_KEY_SCHEDULE) |
89 | 89 | ||
90 | #if defined(AES_128) || defined(AES_VAR) | 90 | #if defined(AES_128) || defined(AES_VAR) |
91 | 91 | ||
92 | aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1]) | 92 | aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1]) |
93 | { aes_32t ss[4]; | 93 | { aes_32t ss[4]; |
94 | 94 | ||
95 | cx->ks[0] = ss[0] = word_in(in_key, 0); | 95 | cx->ks[0] = ss[0] = word_in(in_key, 0); |
96 | cx->ks[1] = ss[1] = word_in(in_key, 1); | 96 | cx->ks[1] = ss[1] = word_in(in_key, 1); |
97 | cx->ks[2] = ss[2] = word_in(in_key, 2); | 97 | cx->ks[2] = ss[2] = word_in(in_key, 2); |
98 | cx->ks[3] = ss[3] = word_in(in_key, 3); | 98 | cx->ks[3] = ss[3] = word_in(in_key, 3); |
99 | 99 | ||
100 | #if ENC_UNROLL == NONE | 100 | #if ENC_UNROLL == NONE |
101 | { aes_32t i; | 101 | { aes_32t i; |
102 | 102 | ||
103 | for(i = 0; i < ((11 * N_COLS - 1) / 4); ++i) | 103 | for(i = 0; i < ((11 * N_COLS - 1) / 4); ++i) |
104 | ke4(cx->ks, i); | 104 | ke4(cx->ks, i); |
105 | } | 105 | } |
106 | #else | 106 | #else |
107 | ke4(cx->ks, 0); ke4(cx->ks, 1); | 107 | ke4(cx->ks, 0); ke4(cx->ks, 1); |
108 | ke4(cx->ks, 2); ke4(cx->ks, 3); | 108 | ke4(cx->ks, 2); ke4(cx->ks, 3); |
109 | ke4(cx->ks, 4); ke4(cx->ks, 5); | 109 | ke4(cx->ks, 4); ke4(cx->ks, 5); |
110 | ke4(cx->ks, 6); ke4(cx->ks, 7); | 110 | ke4(cx->ks, 6); ke4(cx->ks, 7); |
111 | ke4(cx->ks, 8); kel4(cx->ks, 9); | 111 | ke4(cx->ks, 8); kel4(cx->ks, 9); |
112 | #endif | 112 | #endif |
113 | 113 | ||
114 | /* cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] is zero for a 256 bit */ | 114 | /* cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] is zero for a 256 bit */ |
115 | /* key and must be non-zero for 128 and 192 bits keys */ | 115 | /* key and must be non-zero for 128 and 192 bits keys */ |
116 | cx->ks[53] = cx->ks[45] = 0; | 116 | cx->ks[53] = cx->ks[45] = 0; |
117 | cx->ks[52] = 10; | 117 | cx->ks[52] = 10; |
118 | #ifdef AES_ERR_CHK | 118 | #ifdef AES_ERR_CHK |
119 | return aes_good; | 119 | return aes_good; |
120 | #endif | 120 | #endif |
121 | } | 121 | } |
122 | 122 | ||
123 | #endif | 123 | #endif |
124 | 124 | ||
125 | #if defined(AES_192) || defined(AES_VAR) | 125 | #if defined(AES_192) || defined(AES_VAR) |
126 | 126 | ||
127 | aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1]) | 127 | aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1]) |
128 | { aes_32t ss[6]; | 128 | { aes_32t ss[6]; |
129 | 129 | ||
130 | cx->ks[0] = ss[0] = word_in(in_key, 0); | 130 | cx->ks[0] = ss[0] = word_in(in_key, 0); |
131 | cx->ks[1] = ss[1] = word_in(in_key, 1); | 131 | cx->ks[1] = ss[1] = word_in(in_key, 1); |
132 | cx->ks[2] = ss[2] = word_in(in_key, 2); | 132 | cx->ks[2] = ss[2] = word_in(in_key, 2); |
133 | cx->ks[3] = ss[3] = word_in(in_key, 3); | 133 | cx->ks[3] = ss[3] = word_in(in_key, 3); |
134 | cx->ks[4] = ss[4] = word_in(in_key, 4); | 134 | cx->ks[4] = ss[4] = word_in(in_key, 4); |
135 | cx->ks[5] = ss[5] = word_in(in_key, 5); | 135 | cx->ks[5] = ss[5] = word_in(in_key, 5); |
136 | 136 | ||
137 | #if ENC_UNROLL == NONE | 137 | #if ENC_UNROLL == NONE |
138 | { aes_32t i; | 138 | { aes_32t i; |
139 | 139 | ||
140 | for(i = 0; i < (13 * N_COLS - 1) / 6; ++i) | 140 | for(i = 0; i < (13 * N_COLS - 1) / 6; ++i) |
141 | ke6(cx->ks, i); | 141 | ke6(cx->ks, i); |
142 | } | 142 | } |
143 | #else | 143 | #else |
144 | ke6(cx->ks, 0); ke6(cx->ks, 1); | 144 | ke6(cx->ks, 0); ke6(cx->ks, 1); |
145 | ke6(cx->ks, 2); ke6(cx->ks, 3); | 145 | ke6(cx->ks, 2); ke6(cx->ks, 3); |
146 | ke6(cx->ks, 4); ke6(cx->ks, 5); | 146 | ke6(cx->ks, 4); ke6(cx->ks, 5); |
147 | ke6(cx->ks, 6); kel6(cx->ks, 7); | 147 | ke6(cx->ks, 6); kel6(cx->ks, 7); |
148 | #endif | 148 | #endif |
149 | 149 | ||
150 | /* cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] is zero for a 256 bit */ | 150 | /* cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] is zero for a 256 bit */ |
151 | /* key and must be non-zero for 128 and 192 bits keys */ | 151 | /* key and must be non-zero for 128 and 192 bits keys */ |
152 | cx->ks[53] = cx->ks[45]; | 152 | cx->ks[53] = cx->ks[45]; |
153 | cx->ks[52] = 12; | 153 | cx->ks[52] = 12; |
154 | #ifdef AES_ERR_CHK | 154 | #ifdef AES_ERR_CHK |
155 | return aes_good; | 155 | return aes_good; |
156 | #endif | 156 | #endif |
157 | } | 157 | } |
158 | 158 | ||
159 | #endif | 159 | #endif |
160 | 160 | ||
161 | #if defined(AES_256) || defined(AES_VAR) | 161 | #if defined(AES_256) || defined(AES_VAR) |
162 | 162 | ||
163 | aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1]) | 163 | aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1]) |
164 | { aes_32t ss[8]; | 164 | { aes_32t ss[8]; |
165 | 165 | ||
166 | cx->ks[0] = ss[0] = word_in(in_key, 0); | 166 | cx->ks[0] = ss[0] = word_in(in_key, 0); |
167 | cx->ks[1] = ss[1] = word_in(in_key, 1); | 167 | cx->ks[1] = ss[1] = word_in(in_key, 1); |
168 | cx->ks[2] = ss[2] = word_in(in_key, 2); | 168 | cx->ks[2] = ss[2] = word_in(in_key, 2); |
169 | cx->ks[3] = ss[3] = word_in(in_key, 3); | 169 | cx->ks[3] = ss[3] = word_in(in_key, 3); |
170 | cx->ks[4] = ss[4] = word_in(in_key, 4); | 170 | cx->ks[4] = ss[4] = word_in(in_key, 4); |
171 | cx->ks[5] = ss[5] = word_in(in_key, 5); | 171 | cx->ks[5] = ss[5] = word_in(in_key, 5); |
172 | cx->ks[6] = ss[6] = word_in(in_key, 6); | 172 | cx->ks[6] = ss[6] = word_in(in_key, 6); |
173 | cx->ks[7] = ss[7] = word_in(in_key, 7); | 173 | cx->ks[7] = ss[7] = word_in(in_key, 7); |
174 | 174 | ||
175 | #if ENC_UNROLL == NONE | 175 | #if ENC_UNROLL == NONE |
176 | { aes_32t i; | 176 | { aes_32t i; |
177 | 177 | ||
178 | for(i = 0; i < (15 * N_COLS - 1) / 8; ++i) | 178 | for(i = 0; i < (15 * N_COLS - 1) / 8; ++i) |
179 | ke8(cx->ks, i); | 179 | ke8(cx->ks, i); |
180 | } | 180 | } |
181 | #else | 181 | #else |
182 | ke8(cx->ks, 0); ke8(cx->ks, 1); | 182 | ke8(cx->ks, 0); ke8(cx->ks, 1); |
183 | ke8(cx->ks, 2); ke8(cx->ks, 3); | 183 | ke8(cx->ks, 2); ke8(cx->ks, 3); |
184 | ke8(cx->ks, 4); ke8(cx->ks, 5); | 184 | ke8(cx->ks, 4); ke8(cx->ks, 5); |
185 | kel8(cx->ks, 6); | 185 | kel8(cx->ks, 6); |
186 | #endif | 186 | #endif |
187 | #ifdef AES_ERR_CHK | 187 | #ifdef AES_ERR_CHK |
188 | return aes_good; | 188 | return aes_good; |
189 | #endif | 189 | #endif |
190 | } | 190 | } |
191 | 191 | ||
192 | #endif | 192 | #endif |
193 | 193 | ||
194 | #if defined(AES_VAR) | 194 | #if defined(AES_VAR) |
195 | 195 | ||
196 | aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1]) | 196 | aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1]) |
197 | { | 197 | { |
198 | switch(key_len) | 198 | switch(key_len) |
199 | { | 199 | { |
200 | #ifdef AES_ERR_CHK | 200 | #ifdef AES_ERR_CHK |
201 | case 16: case 128: return aes_encrypt_key128(in_key, cx); | 201 | case 16: case 128: return aes_encrypt_key128(in_key, cx); |
202 | case 24: case 192: return aes_encrypt_key192(in_key, cx); | 202 | case 24: case 192: return aes_encrypt_key192(in_key, cx); |
203 | case 32: case 256: return aes_encrypt_key256(in_key, cx); | 203 | case 32: case 256: return aes_encrypt_key256(in_key, cx); |
204 | default: return aes_error; | 204 | default: return aes_error; |
205 | #else | 205 | #else |
206 | case 16: case 128: aes_encrypt_key128(in_key, cx); return; | 206 | case 16: case 128: aes_encrypt_key128(in_key, cx); return; |
207 | case 24: case 192: aes_encrypt_key192(in_key, cx); return; | 207 | case 24: case 192: aes_encrypt_key192(in_key, cx); return; |
208 | case 32: case 256: aes_encrypt_key256(in_key, cx); return; | 208 | case 32: case 256: aes_encrypt_key256(in_key, cx); return; |
209 | #endif | 209 | #endif |
210 | } | 210 | } |
211 | } | 211 | } |
212 | 212 | ||
213 | #endif | 213 | #endif |
214 | 214 | ||
215 | #endif | 215 | #endif |
216 | 216 | ||
217 | #if defined(DECRYPTION_KEY_SCHEDULE) | 217 | #if defined(DECRYPTION_KEY_SCHEDULE) |
218 | 218 | ||
219 | #if DEC_ROUND == NO_TABLES | 219 | #if DEC_ROUND == NO_TABLES |
220 | #define ff(x) (x) | 220 | #define ff(x) (x) |
221 | #else | 221 | #else |
222 | #define ff(x) inv_mcol(x) | 222 | #define ff(x) inv_mcol(x) |
223 | #ifdef dec_imvars | 223 | #ifdef dec_imvars |
224 | #define d_vars dec_imvars | 224 | #define d_vars dec_imvars |
225 | #endif | 225 | #endif |
226 | #endif | 226 | #endif |
227 | 227 | ||
228 | #if 1 | 228 | #if 1 |
229 | #define kdf4(k,i) \ | 229 | #define kdf4(k,i) \ |
230 | { ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; ss[1] = ss[1] ^ ss[3]; ss[2] = ss[2] ^ ss[3]; ss[3] = ss[3]; \ | 230 | { ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; ss[1] = ss[1] ^ ss[3]; ss[2] = ss[2] ^ ss[3]; ss[3] = ss[3]; \ |
231 | ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \ | 231 | ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \ |
232 | ss[4] ^= k[4*(i)]; k[4*(i)+4] = ff(ss[4]); ss[4] ^= k[4*(i)+1]; k[4*(i)+5] = ff(ss[4]); \ | 232 | ss[4] ^= k[4*(i)]; k[4*(i)+4] = ff(ss[4]); ss[4] ^= k[4*(i)+1]; k[4*(i)+5] = ff(ss[4]); \ |
233 | ss[4] ^= k[4*(i)+2]; k[4*(i)+6] = ff(ss[4]); ss[4] ^= k[4*(i)+3]; k[4*(i)+7] = ff(ss[4]); \ | 233 | ss[4] ^= k[4*(i)+2]; k[4*(i)+6] = ff(ss[4]); ss[4] ^= k[4*(i)+3]; k[4*(i)+7] = ff(ss[4]); \ |
234 | } | 234 | } |
235 | #define kd4(k,i) \ | 235 | #define kd4(k,i) \ |
236 | { ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; ss[4] = ff(ss[4]); \ | 236 | { ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; ss[4] = ff(ss[4]); \ |
237 | k[4*(i)+4] = ss[4] ^= k[4*(i)]; k[4*(i)+5] = ss[4] ^= k[4*(i)+1]; \ | 237 | k[4*(i)+4] = ss[4] ^= k[4*(i)]; k[4*(i)+5] = ss[4] ^= k[4*(i)+1]; \ |
238 | k[4*(i)+6] = ss[4] ^= k[4*(i)+2]; k[4*(i)+7] = ss[4] ^= k[4*(i)+3]; \ | 238 | k[4*(i)+6] = ss[4] ^= k[4*(i)+2]; k[4*(i)+7] = ss[4] ^= k[4*(i)+3]; \ |
239 | } | 239 | } |
240 | #define kdl4(k,i) \ | 240 | #define kdl4(k,i) \ |
241 | { ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \ | 241 | { ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \ |
242 | k[4*(i)+4] = (ss[0] ^= ss[1]) ^ ss[2] ^ ss[3]; k[4*(i)+5] = ss[1] ^ ss[3]; \ | 242 | k[4*(i)+4] = (ss[0] ^= ss[1]) ^ ss[2] ^ ss[3]; k[4*(i)+5] = ss[1] ^ ss[3]; \ |
243 | k[4*(i)+6] = ss[0]; k[4*(i)+7] = ss[1]; \ | 243 | k[4*(i)+6] = ss[0]; k[4*(i)+7] = ss[1]; \ |
244 | } | 244 | } |
245 | #else | 245 | #else |
246 | #define kdf4(k,i) \ | 246 | #define kdf4(k,i) \ |
247 | { ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+ 4] = ff(ss[0]); ss[1] ^= ss[0]; k[4*(i)+ 5] = ff(ss[1]); \ | 247 | { ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+ 4] = ff(ss[0]); ss[1] ^= ss[0]; k[4*(i)+ 5] = ff(ss[1]); \ |
248 | ss[2] ^= ss[1]; k[4*(i)+ 6] = ff(ss[2]); ss[3] ^= ss[2]; k[4*(i)+ 7] = ff(ss[3]); \ | 248 | ss[2] ^= ss[1]; k[4*(i)+ 6] = ff(ss[2]); ss[3] ^= ss[2]; k[4*(i)+ 7] = ff(ss[3]); \ |
249 | } | 249 | } |
250 | #define kd4(k,i) \ | 250 | #define kd4(k,i) \ |
251 | { ss[4] = ls_box(ss[3],3) ^ t_use(r,c)[i]; \ | 251 | { ss[4] = ls_box(ss[3],3) ^ t_use(r,c)[i]; \ |
252 | ss[0] ^= ss[4]; ss[4] = ff(ss[4]); k[4*(i)+ 4] = ss[4] ^= k[4*(i)]; \ | 252 | ss[0] ^= ss[4]; ss[4] = ff(ss[4]); k[4*(i)+ 4] = ss[4] ^= k[4*(i)]; \ |
253 | ss[1] ^= ss[0]; k[4*(i)+ 5] = ss[4] ^= k[4*(i)+ 1]; \ | 253 | ss[1] ^= ss[0]; k[4*(i)+ 5] = ss[4] ^= k[4*(i)+ 1]; \ |
254 | ss[2] ^= ss[1]; k[4*(i)+ 6] = ss[4] ^= k[4*(i)+ 2]; \ | 254 | ss[2] ^= ss[1]; k[4*(i)+ 6] = ss[4] ^= k[4*(i)+ 2]; \ |
255 | ss[3] ^= ss[2]; k[4*(i)+ 7] = ss[4] ^= k[4*(i)+ 3]; \ | 255 | ss[3] ^= ss[2]; k[4*(i)+ 7] = ss[4] ^= k[4*(i)+ 3]; \ |
256 | } | 256 | } |
257 | #define kdl4(k,i) \ | 257 | #define kdl4(k,i) \ |
258 | { ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+ 4] = ss[0]; ss[1] ^= ss[0]; k[4*(i)+ 5] = ss[1]; \ | 258 | { ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+ 4] = ss[0]; ss[1] ^= ss[0]; k[4*(i)+ 5] = ss[1]; \ |
259 | ss[2] ^= ss[1]; k[4*(i)+ 6] = ss[2]; ss[3] ^= ss[2]; k[4*(i)+ 7] = ss[3]; \ | 259 | ss[2] ^= ss[1]; k[4*(i)+ 6] = ss[2]; ss[3] ^= ss[2]; k[4*(i)+ 7] = ss[3]; \ |
260 | } | 260 | } |
261 | #endif | 261 | #endif |
262 | 262 | ||
263 | #define kdf6(k,i) \ | 263 | #define kdf6(k,i) \ |
264 | { ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 6] = ff(ss[0]); ss[1] ^= ss[0]; k[6*(i)+ 7] = ff(ss[1]); \ | 264 | { ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 6] = ff(ss[0]); ss[1] ^= ss[0]; k[6*(i)+ 7] = ff(ss[1]); \ |
265 | ss[2] ^= ss[1]; k[6*(i)+ 8] = ff(ss[2]); ss[3] ^= ss[2]; k[6*(i)+ 9] = ff(ss[3]); \ | 265 | ss[2] ^= ss[1]; k[6*(i)+ 8] = ff(ss[2]); ss[3] ^= ss[2]; k[6*(i)+ 9] = ff(ss[3]); \ |
266 | ss[4] ^= ss[3]; k[6*(i)+10] = ff(ss[4]); ss[5] ^= ss[4]; k[6*(i)+11] = ff(ss[5]); \ | 266 | ss[4] ^= ss[3]; k[6*(i)+10] = ff(ss[4]); ss[5] ^= ss[4]; k[6*(i)+11] = ff(ss[5]); \ |
267 | } | 267 | } |
268 | #define kd6(k,i) \ | 268 | #define kd6(k,i) \ |
269 | { ss[6] = ls_box(ss[5],3) ^ t_use(r,c)[i]; \ | 269 | { ss[6] = ls_box(ss[5],3) ^ t_use(r,c)[i]; \ |
270 | ss[0] ^= ss[6]; ss[6] = ff(ss[6]); k[6*(i)+ 6] = ss[6] ^= k[6*(i)]; \ | 270 | ss[0] ^= ss[6]; ss[6] = ff(ss[6]); k[6*(i)+ 6] = ss[6] ^= k[6*(i)]; \ |
271 | ss[1] ^= ss[0]; k[6*(i)+ 7] = ss[6] ^= k[6*(i)+ 1]; \ | 271 | ss[1] ^= ss[0]; k[6*(i)+ 7] = ss[6] ^= k[6*(i)+ 1]; \ |
272 | ss[2] ^= ss[1]; k[6*(i)+ 8] = ss[6] ^= k[6*(i)+ 2]; \ | 272 | ss[2] ^= ss[1]; k[6*(i)+ 8] = ss[6] ^= k[6*(i)+ 2]; \ |
273 | ss[3] ^= ss[2]; k[6*(i)+ 9] = ss[6] ^= k[6*(i)+ 3]; \ | 273 | ss[3] ^= ss[2]; k[6*(i)+ 9] = ss[6] ^= k[6*(i)+ 3]; \ |
274 | ss[4] ^= ss[3]; k[6*(i)+10] = ss[6] ^= k[6*(i)+ 4]; \ | 274 | ss[4] ^= ss[3]; k[6*(i)+10] = ss[6] ^= k[6*(i)+ 4]; \ |
275 | ss[5] ^= ss[4]; k[6*(i)+11] = ss[6] ^= k[6*(i)+ 5]; \ | 275 | ss[5] ^= ss[4]; k[6*(i)+11] = ss[6] ^= k[6*(i)+ 5]; \ |
276 | } | 276 | } |
277 | #define kdl6(k,i) \ | 277 | #define kdl6(k,i) \ |
278 | { ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 6] = ss[0]; ss[1] ^= ss[0]; k[6*(i)+ 7] = ss[1]; \ | 278 | { ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 6] = ss[0]; ss[1] ^= ss[0]; k[6*(i)+ 7] = ss[1]; \ |
279 | ss[2] ^= ss[1]; k[6*(i)+ 8] = ss[2]; ss[3] ^= ss[2]; k[6*(i)+ 9] = ss[3]; \ | 279 | ss[2] ^= ss[1]; k[6*(i)+ 8] = ss[2]; ss[3] ^= ss[2]; k[6*(i)+ 9] = ss[3]; \ |
280 | } | 280 | } |
281 | 281 | ||
282 | #define kdf8(k,i) \ | 282 | #define kdf8(k,i) \ |
283 | { ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 8] = ff(ss[0]); ss[1] ^= ss[0]; k[8*(i)+ 9] = ff(ss[1]); \ | 283 | { ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 8] = ff(ss[0]); ss[1] ^= ss[0]; k[8*(i)+ 9] = ff(ss[1]); \ |
284 | ss[2] ^= ss[1]; k[8*(i)+10] = ff(ss[2]); ss[3] ^= ss[2]; k[8*(i)+11] = ff(ss[3]); \ | 284 | ss[2] ^= ss[1]; k[8*(i)+10] = ff(ss[2]); ss[3] ^= ss[2]; k[8*(i)+11] = ff(ss[3]); \ |
285 | ss[4] ^= ls_box(ss[3],0); k[8*(i)+12] = ff(ss[4]); ss[5] ^= ss[4]; k[8*(i)+13] = ff(ss[5]); \ | 285 | ss[4] ^= ls_box(ss[3],0); k[8*(i)+12] = ff(ss[4]); ss[5] ^= ss[4]; k[8*(i)+13] = ff(ss[5]); \ |
286 | ss[6] ^= ss[5]; k[8*(i)+14] = ff(ss[6]); ss[7] ^= ss[6]; k[8*(i)+15] = ff(ss[7]); \ | 286 | ss[6] ^= ss[5]; k[8*(i)+14] = ff(ss[6]); ss[7] ^= ss[6]; k[8*(i)+15] = ff(ss[7]); \ |
287 | } | 287 | } |
288 | #define kd8(k,i) \ | 288 | #define kd8(k,i) \ |
289 | { aes_32t g = ls_box(ss[7],3) ^ t_use(r,c)[i]; \ | 289 | { aes_32t g = ls_box(ss[7],3) ^ t_use(r,c)[i]; \ |
290 | ss[0] ^= g; g = ff(g); k[8*(i)+ 8] = g ^= k[8*(i)]; \ | 290 | ss[0] ^= g; g = ff(g); k[8*(i)+ 8] = g ^= k[8*(i)]; \ |
291 | ss[1] ^= ss[0]; k[8*(i)+ 9] = g ^= k[8*(i)+ 1]; \ | 291 | ss[1] ^= ss[0]; k[8*(i)+ 9] = g ^= k[8*(i)+ 1]; \ |
292 | ss[2] ^= ss[1]; k[8*(i)+10] = g ^= k[8*(i)+ 2]; \ | 292 | ss[2] ^= ss[1]; k[8*(i)+10] = g ^= k[8*(i)+ 2]; \ |
293 | ss[3] ^= ss[2]; k[8*(i)+11] = g ^= k[8*(i)+ 3]; \ | 293 | ss[3] ^= ss[2]; k[8*(i)+11] = g ^= k[8*(i)+ 3]; \ |
294 | g = ls_box(ss[3],0); \ | 294 | g = ls_box(ss[3],0); \ |
295 | ss[4] ^= g; g = ff(g); k[8*(i)+12] = g ^= k[8*(i)+ 4]; \ | 295 | ss[4] ^= g; g = ff(g); k[8*(i)+12] = g ^= k[8*(i)+ 4]; \ |
296 | ss[5] ^= ss[4]; k[8*(i)+13] = g ^= k[8*(i)+ 5]; \ | 296 | ss[5] ^= ss[4]; k[8*(i)+13] = g ^= k[8*(i)+ 5]; \ |
297 | ss[6] ^= ss[5]; k[8*(i)+14] = g ^= k[8*(i)+ 6]; \ | 297 | ss[6] ^= ss[5]; k[8*(i)+14] = g ^= k[8*(i)+ 6]; \ |
298 | ss[7] ^= ss[6]; k[8*(i)+15] = g ^= k[8*(i)+ 7]; \ | 298 | ss[7] ^= ss[6]; k[8*(i)+15] = g ^= k[8*(i)+ 7]; \ |
299 | } | 299 | } |
300 | #define kdl8(k,i) \ | 300 | #define kdl8(k,i) \ |
301 | { ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 8] = ss[0]; ss[1] ^= ss[0]; k[8*(i)+ 9] = ss[1]; \ | 301 | { ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 8] = ss[0]; ss[1] ^= ss[0]; k[8*(i)+ 9] = ss[1]; \ |
302 | ss[2] ^= ss[1]; k[8*(i)+10] = ss[2]; ss[3] ^= ss[2]; k[8*(i)+11] = ss[3]; \ | 302 | ss[2] ^= ss[1]; k[8*(i)+10] = ss[2]; ss[3] ^= ss[2]; k[8*(i)+11] = ss[3]; \ |
303 | } | 303 | } |
304 | 304 | ||
305 | #if defined(AES_128) || defined(AES_VAR) | 305 | #if defined(AES_128) || defined(AES_VAR) |
306 | 306 | ||
307 | aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1]) | 307 | aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1]) |
308 | { aes_32t ss[5]; | 308 | { aes_32t ss[5]; |
309 | #ifdef d_vars | 309 | #ifdef d_vars |
310 | d_vars; | 310 | d_vars; |
311 | #endif | 311 | #endif |
312 | cx->ks[0] = ss[0] = word_in(in_key, 0); | 312 | cx->ks[0] = ss[0] = word_in(in_key, 0); |
313 | cx->ks[1] = ss[1] = word_in(in_key, 1); | 313 | cx->ks[1] = ss[1] = word_in(in_key, 1); |
314 | cx->ks[2] = ss[2] = word_in(in_key, 2); | 314 | cx->ks[2] = ss[2] = word_in(in_key, 2); |
315 | cx->ks[3] = ss[3] = word_in(in_key, 3); | 315 | cx->ks[3] = ss[3] = word_in(in_key, 3); |
316 | 316 | ||
317 | #if DEC_UNROLL == NONE | 317 | #if DEC_UNROLL == NONE |
318 | { aes_32t i; | 318 | { aes_32t i; |
319 | 319 | ||
320 | for(i = 0; i < (11 * N_COLS - 1) / 4; ++i) | 320 | for(i = 0; i < (11 * N_COLS - 1) / 4; ++i) |
321 | ke4(cx->ks, i); | 321 | ke4(cx->ks, i); |
322 | #if !(DEC_ROUND == NO_TABLES) | 322 | #if !(DEC_ROUND == NO_TABLES) |
323 | for(i = N_COLS; i < 10 * N_COLS; ++i) | 323 | for(i = N_COLS; i < 10 * N_COLS; ++i) |
324 | cx->ks[i] = inv_mcol(cx->ks[i]); | 324 | cx->ks[i] = inv_mcol(cx->ks[i]); |
325 | #endif | 325 | #endif |
326 | } | 326 | } |
327 | #else | 327 | #else |
328 | kdf4(cx->ks, 0); kd4(cx->ks, 1); | 328 | kdf4(cx->ks, 0); kd4(cx->ks, 1); |
329 | kd4(cx->ks, 2); kd4(cx->ks, 3); | 329 | kd4(cx->ks, 2); kd4(cx->ks, 3); |
330 | kd4(cx->ks, 4); kd4(cx->ks, 5); | 330 | kd4(cx->ks, 4); kd4(cx->ks, 5); |
331 | kd4(cx->ks, 6); kd4(cx->ks, 7); | 331 | kd4(cx->ks, 6); kd4(cx->ks, 7); |
332 | kd4(cx->ks, 8); kdl4(cx->ks, 9); | 332 | kd4(cx->ks, 8); kdl4(cx->ks, 9); |
333 | #endif | 333 | #endif |
334 | 334 | ||
335 | /* cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] is zero for a 256 bit */ | 335 | /* cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] is zero for a 256 bit */ |
336 | /* key and must be non-zero for 128 and 192 bits keys */ | 336 | /* key and must be non-zero for 128 and 192 bits keys */ |
337 | cx->ks[53] = cx->ks[45] = 0; | 337 | cx->ks[53] = cx->ks[45] = 0; |
338 | cx->ks[52] = 10; | 338 | cx->ks[52] = 10; |
339 | #ifdef AES_ERR_CHK | 339 | #ifdef AES_ERR_CHK |
340 | return aes_good; | 340 | return aes_good; |
341 | #endif | 341 | #endif |
342 | } | 342 | } |
343 | 343 | ||
344 | #endif | 344 | #endif |
345 | 345 | ||
346 | #if defined(AES_192) || defined(AES_VAR) | 346 | #if defined(AES_192) || defined(AES_VAR) |
347 | 347 | ||
348 | aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1]) | 348 | aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1]) |
349 | { aes_32t ss[7]; | 349 | { aes_32t ss[7]; |
350 | #ifdef d_vars | 350 | #ifdef d_vars |
351 | d_vars; | 351 | d_vars; |
352 | #endif | 352 | #endif |
353 | cx->ks[0] = ss[0] = word_in(in_key, 0); | 353 | cx->ks[0] = ss[0] = word_in(in_key, 0); |
354 | cx->ks[1] = ss[1] = word_in(in_key, 1); | 354 | cx->ks[1] = ss[1] = word_in(in_key, 1); |
355 | cx->ks[2] = ss[2] = word_in(in_key, 2); | 355 | cx->ks[2] = ss[2] = word_in(in_key, 2); |
356 | cx->ks[3] = ss[3] = word_in(in_key, 3); | 356 | cx->ks[3] = ss[3] = word_in(in_key, 3); |
357 | 357 | ||
358 | #if DEC_UNROLL == NONE | 358 | #if DEC_UNROLL == NONE |
359 | cx->ks[4] = ss[4] = word_in(in_key, 4); | 359 | cx->ks[4] = ss[4] = word_in(in_key, 4); |
360 | cx->ks[5] = ss[5] = word_in(in_key, 5); | 360 | cx->ks[5] = ss[5] = word_in(in_key, 5); |
361 | { aes_32t i; | 361 | { aes_32t i; |
362 | 362 | ||
363 | for(i = 0; i < (13 * N_COLS - 1) / 6; ++i) | 363 | for(i = 0; i < (13 * N_COLS - 1) / 6; ++i) |
364 | ke6(cx->ks, i); | 364 | ke6(cx->ks, i); |
365 | #if !(DEC_ROUND == NO_TABLES) | 365 | #if !(DEC_ROUND == NO_TABLES) |
366 | for(i = N_COLS; i < 12 * N_COLS; ++i) | 366 | for(i = N_COLS; i < 12 * N_COLS; ++i) |
367 | cx->ks[i] = inv_mcol(cx->ks[i]); | 367 | cx->ks[i] = inv_mcol(cx->ks[i]); |
368 | #endif | 368 | #endif |
369 | } | 369 | } |
370 | #else | 370 | #else |
371 | cx->ks[4] = ff(ss[4] = word_in(in_key, 4)); | 371 | cx->ks[4] = ff(ss[4] = word_in(in_key, 4)); |
372 | cx->ks[5] = ff(ss[5] = word_in(in_key, 5)); | 372 | cx->ks[5] = ff(ss[5] = word_in(in_key, 5)); |
373 | kdf6(cx->ks, 0); kd6(cx->ks, 1); | 373 | kdf6(cx->ks, 0); kd6(cx->ks, 1); |
374 | kd6(cx->ks, 2); kd6(cx->ks, 3); | 374 | kd6(cx->ks, 2); kd6(cx->ks, 3); |
375 | kd6(cx->ks, 4); kd6(cx->ks, 5); | 375 | kd6(cx->ks, 4); kd6(cx->ks, 5); |
376 | kd6(cx->ks, 6); kdl6(cx->ks, 7); | 376 | kd6(cx->ks, 6); kdl6(cx->ks, 7); |
377 | #endif | 377 | #endif |
378 | 378 | ||
379 | /* cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] is zero for a 256 bit */ | 379 | /* cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] is zero for a 256 bit */ |
380 | /* key and must be non-zero for 128 and 192 bits keys */ | 380 | /* key and must be non-zero for 128 and 192 bits keys */ |
381 | cx->ks[53] = cx->ks[45]; | 381 | cx->ks[53] = cx->ks[45]; |
382 | cx->ks[52] = 12; | 382 | cx->ks[52] = 12; |
383 | #ifdef AES_ERR_CHK | 383 | #ifdef AES_ERR_CHK |
384 | return aes_good; | 384 | return aes_good; |
385 | #endif | 385 | #endif |
386 | } | 386 | } |
387 | 387 | ||
388 | #endif | 388 | #endif |
389 | 389 | ||
390 | #if defined(AES_256) || defined(AES_VAR) | 390 | #if defined(AES_256) || defined(AES_VAR) |
391 | 391 | ||
392 | aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1]) | 392 | aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1]) |
393 | { aes_32t ss[8]; | 393 | { aes_32t ss[8]; |
394 | #ifdef d_vars | 394 | #ifdef d_vars |
395 | d_vars; | 395 | d_vars; |
396 | #endif | 396 | #endif |
397 | cx->ks[0] = ss[0] = word_in(in_key, 0); | 397 | cx->ks[0] = ss[0] = word_in(in_key, 0); |
398 | cx->ks[1] = ss[1] = word_in(in_key, 1); | 398 | cx->ks[1] = ss[1] = word_in(in_key, 1); |
399 | cx->ks[2] = ss[2] = word_in(in_key, 2); | 399 | cx->ks[2] = ss[2] = word_in(in_key, 2); |
400 | cx->ks[3] = ss[3] = word_in(in_key, 3); | 400 | cx->ks[3] = ss[3] = word_in(in_key, 3); |
401 | 401 | ||
402 | #if DEC_UNROLL == NONE | 402 | #if DEC_UNROLL == NONE |
403 | cx->ks[4] = ss[4] = word_in(in_key, 4); | 403 | cx->ks[4] = ss[4] = word_in(in_key, 4); |
404 | cx->ks[5] = ss[5] = word_in(in_key, 5); | 404 | cx->ks[5] = ss[5] = word_in(in_key, 5); |
405 | cx->ks[6] = ss[6] = word_in(in_key, 6); | 405 | cx->ks[6] = ss[6] = word_in(in_key, 6); |
406 | cx->ks[7] = ss[7] = word_in(in_key, 7); | 406 | cx->ks[7] = ss[7] = word_in(in_key, 7); |
407 | { aes_32t i; | 407 | { aes_32t i; |
408 | 408 | ||
409 | for(i = 0; i < (15 * N_COLS - 1) / 8; ++i) | 409 | for(i = 0; i < (15 * N_COLS - 1) / 8; ++i) |
410 | ke8(cx->ks, i); | 410 | ke8(cx->ks, i); |
411 | #if !(DEC_ROUND == NO_TABLES) | 411 | #if !(DEC_ROUND == NO_TABLES) |
412 | for(i = N_COLS; i < 14 * N_COLS; ++i) | 412 | for(i = N_COLS; i < 14 * N_COLS; ++i) |
413 | cx->ks[i] = inv_mcol(cx->ks[i]); | 413 | cx->ks[i] = inv_mcol(cx->ks[i]); |
414 | #endif | 414 | #endif |
415 | } | 415 | } |
416 | #else | 416 | #else |
417 | cx->ks[4] = ff(ss[4] = word_in(in_key, 4)); | 417 | cx->ks[4] = ff(ss[4] = word_in(in_key, 4)); |
418 | cx->ks[5] = ff(ss[5] = word_in(in_key, 5)); | 418 | cx->ks[5] = ff(ss[5] = word_in(in_key, 5)); |
419 | cx->ks[6] = ff(ss[6] = word_in(in_key, 6)); | 419 | cx->ks[6] = ff(ss[6] = word_in(in_key, 6)); |
420 | cx->ks[7] = ff(ss[7] = word_in(in_key, 7)); | 420 | cx->ks[7] = ff(ss[7] = word_in(in_key, 7)); |
421 | kdf8(cx->ks, 0); kd8(cx->ks, 1); | 421 | kdf8(cx->ks, 0); kd8(cx->ks, 1); |
422 | kd8(cx->ks, 2); kd8(cx->ks, 3); | 422 | kd8(cx->ks, 2); kd8(cx->ks, 3); |
423 | kd8(cx->ks, 4); kd8(cx->ks, 5); | 423 | kd8(cx->ks, 4); kd8(cx->ks, 5); |
424 | kdl8(cx->ks, 6); | 424 | kdl8(cx->ks, 6); |
425 | #endif | 425 | #endif |
426 | #ifdef AES_ERR_CHK | 426 | #ifdef AES_ERR_CHK |
427 | return aes_good; | 427 | return aes_good; |
428 | #endif | 428 | #endif |
429 | } | 429 | } |
430 | 430 | ||
431 | #endif | 431 | #endif |
432 | 432 | ||
433 | #if defined(AES_VAR) | 433 | #if defined(AES_VAR) |
434 | 434 | ||
435 | aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1]) | 435 | aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1]) |
436 | { | 436 | { |
437 | switch(key_len) | 437 | switch(key_len) |
438 | { | 438 | { |
439 | #ifdef AES_ERR_CHK | 439 | #ifdef AES_ERR_CHK |
440 | case 16: case 128: return aes_decrypt_key128(in_key, cx); | 440 | case 16: case 128: return aes_decrypt_key128(in_key, cx); |
441 | case 24: case 192: return aes_decrypt_key192(in_key, cx); | 441 | case 24: case 192: return aes_decrypt_key192(in_key, cx); |
442 | case 32: case 256: return aes_decrypt_key256(in_key, cx); | 442 | case 32: case 256: return aes_decrypt_key256(in_key, cx); |
443 | default: return aes_error; | 443 | default: return aes_error; |
444 | #else | 444 | #else |
445 | case 16: case 128: aes_decrypt_key128(in_key, cx); return; | 445 | case 16: case 128: aes_decrypt_key128(in_key, cx); return; |
446 | case 24: case 192: aes_decrypt_key192(in_key, cx); return; | 446 | case 24: case 192: aes_decrypt_key192(in_key, cx); return; |
447 | case 32: case 256: aes_decrypt_key256(in_key, cx); return; | 447 | case 32: case 256: aes_decrypt_key256(in_key, cx); return; |
448 | #endif | 448 | #endif |
449 | } | 449 | } |
450 | } | 450 | } |
451 | 451 | ||
452 | #endif | 452 | #endif |
453 | 453 | ||
454 | #endif | 454 | #endif |
455 | 455 | ||