thooge/keepassx1
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

First commit for 0.2.3, some old functions still need to be ported to the new back-end api, i.e. import and export.

Browse Source 
git-svn-id: https://svn.code.sf.net/p/keepassx/code/trunk@104 b624d157-de02-0410-bad0-e51aec6abb33
This commit is contained in:
tarek_saidi
2006-10-14 22:33:41 +00:00
parent 0286b87a41
commit 21f0fea56a
67 changed files with 8909 additions and 6954 deletions
Download Patch File Download Diff File Expand all files Collapse all files

197
src/crypto/aes.h Normal file
View File

@@ -0,0 +1,197 @@
/*
---------------------------------------------------------------------------
Copyright (c) 2003, Dr Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue 31/01/2006
This file contains the definitions required to use AES in C. See aesopt.h
for optimisation details.
*/
#ifndef _AES_H
#define _AES_H
#include <stdlib.h>
/* This include is used to find 8 & 32 bit unsigned integer types */
#include "aes_tdefs.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#define AES_128 /* define if AES with 128 bit keys is needed */
#define AES_192 /* define if AES with 192 bit keys is needed */
#define AES_256 /* define if AES with 256 bit keys is needed */
#define AES_VAR /* define if a variable key size is needed */
#define AES_MODES /* define if support is needed for modes */
/* The following must also be set in assembler files if being used */
#define AES_ENCRYPT /* if support for encryption is needed */
#define AES_DECRYPT /* if support for decryption is needed */
#define AES_ERR_CHK /* for parameter checks & error return codes */
#define AES_REV_DKS /* define to reverse decryption key schedule */
#define AES_BLOCK_SIZE 16 /* the AES block size in bytes */
#define N_COLS 4 /* the number of columns in the state */
/* The key schedule length is 11, 13 or 15 16-byte blocks for 128, */
/* 192 or 256-bit keys respectively. That is 176, 208 or 240 bytes */
/* or 44, 52 or 60 32-bit words. */
#if defined( AES_VAR ) || defined( AES_256 )
#define KS_LENGTH 60
#elif defined( AES_192 )
#define KS_LENGTH 52
#else
#define KS_LENGTH 44
#endif
#if defined( AES_ERR_CHK )
#define aes_rval int_ret
#else
#define aes_rval void_ret
#endif
/* the character array 'inf' in the following structures is used */
/* to hold AES context information. This AES code uses cx->inf.b[0] */
/* to hold the number of rounds multiplied by 16. The other three */
/* elements can be used by code that implements additional modes */
typedef union
{ uint_32t l;
uint_8t b[4];
} aes_inf;
typedef struct
{ uint_32t ks[KS_LENGTH];
aes_inf inf;
} aes_encrypt_ctx;
typedef struct
{ uint_32t ks[KS_LENGTH];
aes_inf inf;
} aes_decrypt_ctx;
/* This routine must be called before first use if non-static */
/* tables are being used */
aes_rval gen_tabs(void);
/* Key lengths in the range 16 <= key_len <= 32 are given in bytes, */
/* those in the range 128 <= key_len <= 256 are given in bits */
#if defined( AES_ENCRYPT )
#if defined(AES_128) || defined(AES_VAR)
aes_rval aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1]);
#endif
#if defined(AES_192) || defined(AES_VAR)
aes_rval aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1]);
#endif
#if defined(AES_256) || defined(AES_VAR)
aes_rval aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]);
#endif
#if defined(AES_VAR)
aes_rval aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1]);
#endif
aes_rval aes_encrypt(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1]);
#endif
#if defined( AES_DECRYPT )
#if defined(AES_128) || defined(AES_VAR)
aes_rval aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1]);
#endif
#if defined(AES_192) || defined(AES_VAR)
aes_rval aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1]);
#endif
#if defined(AES_256) || defined(AES_VAR)
aes_rval aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]);
#endif
#if defined(AES_VAR)
aes_rval aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1]);
#endif
aes_rval aes_decrypt(const unsigned char *in, unsigned char *out, const aes_decrypt_ctx cx[1]);
#endif
#if defined(AES_MODES)
aes_rval aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, const aes_encrypt_ctx cx[1]);
aes_rval aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, const aes_decrypt_ctx cx[1]);
aes_rval aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, const aes_encrypt_ctx cx[1]);
aes_rval aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, const aes_decrypt_ctx cx[1]);
aes_rval aes_mode_reset(aes_encrypt_ctx cx[1]);
aes_rval aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
aes_rval aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
#define aes_ofb_encrypt aes_ofb_crypt
#define aes_ofb_decrypt aes_ofb_crypt
aes_rval aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
typedef void cbuf_inc(unsigned char *cbuf);
#define aes_ctr_encrypt aes_ctr_crypt
#define aes_ctr_decrypt aes_ctr_crypt
aes_rval aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx cx[1]);
#endif
#if defined(__cplusplus)
}
#endif
#endif

130
src/crypto/aes_edefs.h Normal file
View File

@@ -0,0 +1,130 @@
/*
---------------------------------------------------------------------------
Copyright (c) 2003, Dr Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue 31/01/2006
*/
#ifndef EDEFS_H
#define EDEFS_H
#if defined(__cplusplus)
extern "C"
{
#endif
#define IS_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */
#define IS_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */
#if defined(__GNUC__) || defined(__GNU_LIBRARY__)
# if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__)
# include <sys/endian.h>
# elif defined( BSD ) && ( BSD >= 199103 ) || defined( __DJGPP__ ) || defined( __CYGWIN32__ )
# include <machine/endian.h>
# elif defined(__APPLE__)
# if defined(__BIG_ENDIAN__) && !defined( BIG_ENDIAN )
# define BIG_ENDIAN
# elif defined(__LITTLE_ENDIAN__) && !defined( LITTLE_ENDIAN )
# define LITTLE_ENDIAN
# endif
# elif !defined( __MINGW32__ )
# include <endian.h>
# if !defined(__BEOS__)
# include <byteswap.h>
# endif
# endif
#endif
#if !defined(PLATFORM_BYTE_ORDER)
# if defined(LITTLE_ENDIAN) || defined(BIG_ENDIAN)
# if defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN)
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
# elif !defined(LITTLE_ENDIAN) && defined(BIG_ENDIAN)
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
# elif defined(BYTE_ORDER) && (BYTE_ORDER == LITTLE_ENDIAN)
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
# elif defined(BYTE_ORDER) && (BYTE_ORDER == BIG_ENDIAN)
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
# endif
# elif defined(_LITTLE_ENDIAN) || defined(_BIG_ENDIAN)
# if defined(_LITTLE_ENDIAN) && !defined(_BIG_ENDIAN)
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
# elif !defined(_LITTLE_ENDIAN) && defined(_BIG_ENDIAN)
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
# elif defined(_BYTE_ORDER) && (_BYTE_ORDER == _LITTLE_ENDIAN)
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
# elif defined(_BYTE_ORDER) && (_BYTE_ORDER == _BIG_ENDIAN)
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
# endif
# elif defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__)
# if defined(__LITTLE_ENDIAN__) && !defined(__BIG_ENDIAN__)
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
# elif !defined(__LITTLE_ENDIAN__) && defined(__BIG_ENDIAN__)
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
# elif defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __LITTLE_ENDIAN__)
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
# elif defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __BIG_ENDIAN__)
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
# endif
# endif
#endif
/* if the platform is still unknown, try to find its byte order */
/* from commonly used machine defines */
#if !defined(PLATFORM_BYTE_ORDER)
#if defined( __alpha__ ) || defined( __alpha ) || defined( i386 ) || \
defined( __i386__ ) || defined( _M_I86 ) || defined( _M_IX86 ) || \
defined( __OS2__ ) || defined( sun386 ) || defined( __TURBOC__ ) || \
defined( vax ) || defined( vms ) || defined( VMS ) || \
defined( __VMS ) || defined( _M_X64 )
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#elif defined( AMIGA ) || defined( applec ) || defined( __AS400__ ) || \
defined( _CRAY ) || defined( __hppa ) || defined( __hp9000 ) || \
defined( ibm370 ) || defined( mc68000 ) || defined( m68k ) || \
defined( __MRC__ ) || defined( __MVS__ ) || defined( __MWERKS__ ) || \
defined( sparc ) || defined( __sparc) || defined( SYMANTEC_C ) || \
defined( __TANDEM ) || defined( THINK_C ) || defined( __VMCMS__ ) || \
defined( __VOS__ )
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#elif 0 /* **** EDIT HERE IF NECESSARY **** */
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#elif 0 /* **** EDIT HERE IF NECESSARY **** */
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#else
# error Please edit edefs.h (lines 117 or 119) to set the platform byte order
#endif
#endif
#if defined(__cplusplus)
}
#endif
#endif

891
src/crypto/aes_modes.c Normal file
View File

@@ -0,0 +1,891 @@
/*
---------------------------------------------------------------------------
Copyright (c) 2003, Dr Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue 31/01/2006
These subroutines implement multiple block AES modes for ECB, CBC, CFB,
OFB and CTR encryption, The code provides support for the VIA Advanced
Cryptography Engine (ACE).
NOTE: In the following subroutines, the AES contexts (ctx) must be
16 byte aligned if VIA ACE is being used
*/
#include <memory.h>
#include <assert.h>
#include "aesopt.h"
#if defined( AES_MODES )
#if defined(__cplusplus)
extern "C"
{
#endif
#if defined( _MSC_VER ) && ( _MSC_VER > 800 )
#pragma intrinsic(memcpy)
#define in_line __inline
#else
#define in_line
#endif
#define BFR_BLOCKS 8
/* These values are used to detect long word alignment in order to */
/* speed up some buffer operations. This facility may not work on */
/* some machines so this define can be commented out if necessary */
#define FAST_BUFFER_OPERATIONS
#pragma warning( disable : 4311 4312 )
#define lp08(x) ((uint_8t*)(x))
#define lp32(x) ((uint_32t*)(x))
#define addr_mod_04(x) ((unsigned long)(x) & 3)
#define addr_mod_16(x) ((unsigned long)(x) & 15)
#if defined( USE_VIA_ACE_IF_PRESENT )
#include "via_ace.h"
#pragma pack(16)
aligned_array(unsigned long, enc_gen_table, 12, 16) = NEH_ENC_GEN_DATA;
aligned_array(unsigned long, enc_load_table, 12, 16) = NEH_ENC_LOAD_DATA;
aligned_array(unsigned long, enc_hybrid_table, 12, 16) = NEH_ENC_HYBRID_DATA;
aligned_array(unsigned long, dec_gen_table, 12, 16) = NEH_DEC_GEN_DATA;
aligned_array(unsigned long, dec_load_table, 12, 16) = NEH_DEC_LOAD_DATA;
aligned_array(unsigned long, dec_hybrid_table, 12, 16) = NEH_DEC_HYBRID_DATA;
/* NOTE: These control word macros must only be used after */
/* a key has been set up because they depend on key size */
#if NEH_KEY_TYPE == NEH_LOAD
#define kd_adr(c) ((uint_8t*)(c)->ks)
#elif NEH_KEY_TYPE == NEH_GENERATE
#define kd_adr(c) ((uint_8t*)(c)->ks + (c)->inf.b[0])
#else
#define kd_adr(c) ((uint_8t*)(c)->ks + ((c)->inf.b[0] == 160 ? 160 : 0))
#endif
#else
#define aligned_array(type, name, no, stride) type name[no]
#define aligned_auto(type, name, no, stride) type name[no]
#endif
#if defined( _MSC_VER ) && _MSC_VER > 1200
#define via_cwd(cwd, ty, dir, len) unsigned long* cwd = (dir##_##ty##_table + ((len - 128) >> 4))
#else
#define via_cwd(cwd, ty, dir, len) \
aligned_auto(unsigned long, cwd, 4, 16); \
cwd[1] = cwd[2] = cwd[3] = 0; \
cwd[0] = neh_##dir##_##ty##_key(len)
#endif
aes_rval aes_mode_reset(aes_encrypt_ctx ctx[1])
{
ctx->inf.b[2] = 0;
return EXIT_SUCCESS;
}
aes_rval aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, const aes_encrypt_ctx ctx[1])
{ int nb = len >> 4;
if(len & (AES_BLOCK_SIZE - 1))
return EXIT_FAILURE;
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
{ uint_8t *ksp = (uint_8t*)(ctx->ks);
via_cwd(cwd, hybrid, enc, 2* ctx->inf.b[0] - 192);
if(addr_mod_16(ctx))
return EXIT_FAILURE;
if(!addr_mod_16(ibuf) && !addr_mod_16(obuf))
{
via_ecb_op5(ksp,cwd,ibuf,obuf,nb);
}
else
{ aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint_8t *ip, *op;
while(nb)
{
int m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb);
ip = (addr_mod_16(ibuf) ? buf : (uint_8t*)ibuf);
op = (addr_mod_16(obuf) ? buf : obuf);
if(ip != ibuf)
memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
via_ecb_op5(ksp,cwd,ip,op,m);
if(op != obuf)
memcpy(obuf, buf, m * AES_BLOCK_SIZE);
ibuf += m * AES_BLOCK_SIZE;
obuf += m * AES_BLOCK_SIZE;
nb -= m;
}
}
return EXIT_SUCCESS;
}
#endif
#if !defined( ASSUME_VIA_ACE_PRESENT )
while(nb--)
{
aes_encrypt(ibuf, obuf, ctx);
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
}
#endif
return EXIT_SUCCESS;
}
aes_rval aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, const aes_decrypt_ctx ctx[1])
{ int nb = len >> 4;
if(len & (AES_BLOCK_SIZE - 1))
return EXIT_FAILURE;
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
{ uint_8t *ksp = kd_adr(ctx);
via_cwd(cwd, hybrid, dec, 2* ctx->inf.b[0] - 192);
if(addr_mod_16(ctx))
return EXIT_FAILURE;
if(!addr_mod_16(ibuf) && !addr_mod_16(obuf))
{
via_ecb_op5(ksp,cwd,ibuf,obuf,nb);
}
else
{ aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint_8t *ip, *op;
while(nb)
{
int m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb);
ip = (addr_mod_16(ibuf) ? buf : (uint_8t*)ibuf);
op = (addr_mod_16(obuf) ? buf : obuf);
if(ip != ibuf)
memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
via_ecb_op5(ksp,cwd,ip,op,m);
if(op != obuf)
memcpy(obuf, buf, m * AES_BLOCK_SIZE);
ibuf += m * AES_BLOCK_SIZE;
obuf += m * AES_BLOCK_SIZE;
nb -= m;
}
}
return EXIT_SUCCESS;
}
#endif
#if !defined( ASSUME_VIA_ACE_PRESENT )
while(nb--)
{
aes_decrypt(ibuf, obuf, ctx);
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
}
#endif
return EXIT_SUCCESS;
}
aes_rval aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, const aes_encrypt_ctx ctx[1])
{ int nb = len >> 4;
if(len & (AES_BLOCK_SIZE - 1))
return EXIT_FAILURE;
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
{ uint_8t *ksp = (uint_8t*)(ctx->ks), *ivp = iv;
aligned_auto(uint_8t, liv, AES_BLOCK_SIZE, 16);
via_cwd(cwd, hybrid, enc, 2* ctx->inf.b[0] - 192);
if(addr_mod_16(ctx))
return EXIT_FAILURE;
if(addr_mod_16(iv)) /* ensure an aligned iv */
{
ivp = liv;
memcpy(liv, iv, AES_BLOCK_SIZE);
}
if(!addr_mod_16(ibuf) && !addr_mod_16(obuf) && !addr_mod_16(iv))
{
via_cbc_op7(ksp,cwd,ibuf,obuf,nb,ivp,ivp);
}
else
{ aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint_8t *ip, *op;
while(nb)
{
int m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb);
ip = (addr_mod_16(ibuf) ? buf : (uint_8t*)ibuf);
op = (addr_mod_16(obuf) ? buf : obuf);
if(ip != ibuf)
memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
via_cbc_op7(ksp,cwd,ip,op,m,ivp,ivp);
if(op != obuf)
memcpy(obuf, buf, m * AES_BLOCK_SIZE);
ibuf += m * AES_BLOCK_SIZE;
obuf += m * AES_BLOCK_SIZE;
nb -= m;
}
}
if(iv != ivp)
memcpy(iv, ivp, AES_BLOCK_SIZE);
return EXIT_SUCCESS;
}
#endif
#if !defined( ASSUME_VIA_ACE_PRESENT )
# ifdef FAST_BUFFER_OPERATIONS
if(!addr_mod_04(ibuf) && !addr_mod_04(iv))
while(nb--)
{
lp32(iv)[0] ^= lp32(ibuf)[0];
lp32(iv)[1] ^= lp32(ibuf)[1];
lp32(iv)[2] ^= lp32(ibuf)[2];
lp32(iv)[3] ^= lp32(ibuf)[3];
aes_encrypt(iv, iv, ctx);
memcpy(obuf, iv, AES_BLOCK_SIZE);
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
}
else
# endif
while(nb--)
{
iv[ 0] ^= ibuf[ 0]; iv[ 1] ^= ibuf[ 1];
iv[ 2] ^= ibuf[ 2]; iv[ 3] ^= ibuf[ 3];
iv[ 4] ^= ibuf[ 4]; iv[ 5] ^= ibuf[ 5];
iv[ 6] ^= ibuf[ 6]; iv[ 7] ^= ibuf[ 7];
iv[ 8] ^= ibuf[ 8]; iv[ 9] ^= ibuf[ 9];
iv[10] ^= ibuf[10]; iv[11] ^= ibuf[11];
iv[12] ^= ibuf[12]; iv[13] ^= ibuf[13];
iv[14] ^= ibuf[14]; iv[15] ^= ibuf[15];
aes_encrypt(iv, iv, ctx);
memcpy(obuf, iv, AES_BLOCK_SIZE);
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
}
#endif
return EXIT_SUCCESS;
}
aes_rval aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, const aes_decrypt_ctx ctx[1])
{ unsigned char tmp[AES_BLOCK_SIZE];
int nb = len >> 4;
if(len & (AES_BLOCK_SIZE - 1))
return EXIT_FAILURE;
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
{ uint_8t *ksp = kd_adr(ctx), *ivp = iv;
aligned_auto(uint_8t, liv, AES_BLOCK_SIZE, 16);
via_cwd(cwd, hybrid, dec, 2* ctx->inf.b[0] - 192);
if(addr_mod_16(ctx))
return EXIT_FAILURE;
if(addr_mod_16(iv)) /* ensure an aligned iv */
{
ivp = liv;
memcpy(liv, iv, AES_BLOCK_SIZE);
}
if(!addr_mod_16(ibuf) && !addr_mod_16(obuf) && !addr_mod_16(iv))
{
via_cbc_op6(ksp,cwd,ibuf,obuf,nb,ivp);
}
else
{ aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint_8t *ip, *op;
while(nb)
{
int m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb);
ip = (addr_mod_16(ibuf) ? buf : (uint_8t*)ibuf);
op = (addr_mod_16(obuf) ? buf : obuf);
if(ip != ibuf)
memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
via_cbc_op6(ksp,cwd,ip,op,m,ivp);
if(op != obuf)
memcpy(obuf, buf, m * AES_BLOCK_SIZE);
ibuf += m * AES_BLOCK_SIZE;
obuf += m * AES_BLOCK_SIZE;
nb -= m;
}
}
if(iv != ivp)
memcpy(iv, ivp, AES_BLOCK_SIZE);
return EXIT_SUCCESS;
}
#endif
#if !defined( ASSUME_VIA_ACE_PRESENT )
# ifdef FAST_BUFFER_OPERATIONS
if(!addr_mod_04(obuf) && !addr_mod_04(iv))
while(nb--)
{
memcpy(tmp, ibuf, AES_BLOCK_SIZE);
aes_decrypt(ibuf, obuf, ctx);
lp32(obuf)[0] ^= lp32(iv)[0];
lp32(obuf)[1] ^= lp32(iv)[1];
lp32(obuf)[2] ^= lp32(iv)[2];
lp32(obuf)[3] ^= lp32(iv)[3];
memcpy(iv, tmp, AES_BLOCK_SIZE);
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
}
else
# endif
while(nb--)
{
memcpy(tmp, ibuf, AES_BLOCK_SIZE);
aes_decrypt(ibuf, obuf, ctx);
obuf[ 0] ^= iv[ 0]; obuf[ 1] ^= iv[ 1];
obuf[ 2] ^= iv[ 2]; obuf[ 3] ^= iv[ 3];
obuf[ 4] ^= iv[ 4]; obuf[ 5] ^= iv[ 5];
obuf[ 6] ^= iv[ 6]; obuf[ 7] ^= iv[ 7];
obuf[ 8] ^= iv[ 8]; obuf[ 9] ^= iv[ 9];
obuf[10] ^= iv[10]; obuf[11] ^= iv[11];
obuf[12] ^= iv[12]; obuf[13] ^= iv[13];
obuf[14] ^= iv[14]; obuf[15] ^= iv[15];
memcpy(iv, tmp, AES_BLOCK_SIZE);
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
}
#endif
return EXIT_SUCCESS;
}
aes_rval aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx ctx[1])
{ int cnt = 0, b_pos = (int)ctx->inf.b[2], nb;
if(b_pos) /* complete any partial block */
{
while(b_pos < AES_BLOCK_SIZE && cnt < len)
*obuf++ = iv[b_pos++] ^= *ibuf++, cnt++;
b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
}
if((nb = (len - cnt) >> 4) != 0) /* process whole blocks */
{
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
{ int m;
uint_8t *ksp = (uint_8t*)(ctx->ks), *ivp = iv;
aligned_auto(uint_8t, liv, AES_BLOCK_SIZE, 16);
via_cwd(cwd, hybrid, enc, 2* ctx->inf.b[0] - 192);
if(addr_mod_16(ctx))
return EXIT_FAILURE;
if(addr_mod_16(iv)) /* ensure an aligned iv */
{
ivp = liv;
memcpy(liv, iv, AES_BLOCK_SIZE);
}
if(!addr_mod_16(ibuf) && !addr_mod_16(obuf))
{
via_cfb_op7(ksp, cwd, ibuf, obuf, nb, ivp, ivp);
ibuf += nb * AES_BLOCK_SIZE;
obuf += nb * AES_BLOCK_SIZE;
cnt += nb * AES_BLOCK_SIZE;
}
else /* input, output or both are unaligned */
{ aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint_8t *ip, *op;
while(nb)
{
m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb), nb -= m;
ip = (addr_mod_16(ibuf) ? buf : (uint_8t*)ibuf);
op = (addr_mod_16(obuf) ? buf : obuf);
if(ip != ibuf)
memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
via_cfb_op7(ksp, cwd, ip, op, m, ivp, ivp);
if(op != obuf)
memcpy(obuf, buf, m * AES_BLOCK_SIZE);
ibuf += m * AES_BLOCK_SIZE;
obuf += m * AES_BLOCK_SIZE;
cnt += m * AES_BLOCK_SIZE;
}
}
if(ivp != iv)
memcpy(iv, ivp, AES_BLOCK_SIZE);
}
#else
# ifdef FAST_BUFFER_OPERATIONS
if(!addr_mod_04(ibuf) && !addr_mod_04(obuf) && !addr_mod_04(iv))
while(cnt + AES_BLOCK_SIZE <= len)
{
assert(b_pos == 0);
aes_encrypt(iv, iv, ctx);
lp32(obuf)[0] = lp32(iv)[0] ^= lp32(ibuf)[0];
lp32(obuf)[1] = lp32(iv)[1] ^= lp32(ibuf)[1];
lp32(obuf)[2] = lp32(iv)[2] ^= lp32(ibuf)[2];
lp32(obuf)[3] = lp32(iv)[3] ^= lp32(ibuf)[3];
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
cnt += AES_BLOCK_SIZE;
}
else
# endif
while(cnt + AES_BLOCK_SIZE <= len)
{
assert(b_pos == 0);
aes_encrypt(iv, iv, ctx);
obuf[ 0] = iv[ 0] ^= ibuf[ 0]; obuf[ 1] = iv[ 1] ^= ibuf[ 1];
obuf[ 2] = iv[ 2] ^= ibuf[ 2]; obuf[ 3] = iv[ 3] ^= ibuf[ 3];
obuf[ 4] = iv[ 4] ^= ibuf[ 4]; obuf[ 5] = iv[ 5] ^= ibuf[ 5];
obuf[ 6] = iv[ 6] ^= ibuf[ 6]; obuf[ 7] = iv[ 7] ^= ibuf[ 7];
obuf[ 8] = iv[ 8] ^= ibuf[ 8]; obuf[ 9] = iv[ 9] ^= ibuf[ 9];
obuf[10] = iv[10] ^= ibuf[10]; obuf[11] = iv[11] ^= ibuf[11];
obuf[12] = iv[12] ^= ibuf[12]; obuf[13] = iv[13] ^= ibuf[13];
obuf[14] = iv[14] ^= ibuf[14]; obuf[15] = iv[15] ^= ibuf[15];
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
cnt += AES_BLOCK_SIZE;
}
#endif
}
while(cnt < len)
{
if(!b_pos)
aes_ecb_encrypt(iv, iv, AES_BLOCK_SIZE, ctx);
while(cnt < len && b_pos < AES_BLOCK_SIZE)
*obuf++ = iv[b_pos++] ^= *ibuf++, cnt++;
b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
}
ctx->inf.b[2] = b_pos;
return EXIT_SUCCESS;
}
aes_rval aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx ctx[1])
{ int cnt = 0, b_pos = (int)ctx->inf.b[2], nb;
if(b_pos) /* complete any partial block */
{ uint_8t t;
while(b_pos < AES_BLOCK_SIZE && cnt < len)
t = *ibuf++, *obuf++ = t ^ iv[b_pos], iv[b_pos++] = t, cnt++;
b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
}
if((nb = (len - cnt) >> 4) != 0) /* process whole blocks */
{
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
{ int m;
uint_8t *ksp = (uint_8t*)(ctx->ks), *ivp = iv;
aligned_auto(uint_8t, liv, AES_BLOCK_SIZE, 16);
via_cwd(cwd, hybrid, dec, 2* ctx->inf.b[0] - 192);
if(addr_mod_16(ctx))
return EXIT_FAILURE;
if(addr_mod_16(iv)) /* ensure an aligned iv */
{
ivp = liv;
memcpy(liv, iv, AES_BLOCK_SIZE);
}
if(!addr_mod_16(ibuf) && !addr_mod_16(obuf))
{
via_cfb_op6(ksp, cwd, ibuf, obuf, nb, ivp);
ibuf += nb * AES_BLOCK_SIZE;
obuf += nb * AES_BLOCK_SIZE;
cnt += nb * AES_BLOCK_SIZE;
}
else /* input, output or both are unaligned */
{ aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint_8t *ip, *op;
while(nb)
{
m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb), nb -= m;
ip = (addr_mod_16(ibuf) ? buf : (uint_8t*)ibuf);
op = (addr_mod_16(obuf) ? buf : op);
if(ip != ibuf)
memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
via_cfb_op6(ksp, cwd, ip, op, m, ivp);
if(op != obuf)
memcpy(obuf, buf, m * AES_BLOCK_SIZE);
ibuf += m * AES_BLOCK_SIZE;
obuf += m * AES_BLOCK_SIZE;
cnt += m * AES_BLOCK_SIZE;
}
}
if(ivp != iv)
memcpy(iv, ivp, AES_BLOCK_SIZE);
}
#else
# ifdef FAST_BUFFER_OPERATIONS
if(!addr_mod_04(ibuf) && !addr_mod_04(obuf) &&!addr_mod_04(iv))
while(cnt + AES_BLOCK_SIZE <= len)
{ uint_32t t;
assert(b_pos == 0);
aes_encrypt(iv, iv, ctx);
t = lp32(ibuf)[0], lp32(obuf)[0] = t ^ lp32(iv)[0], lp32(iv)[0] = t;
t = lp32(ibuf)[1], lp32(obuf)[1] = t ^ lp32(iv)[1], lp32(iv)[1] = t;
t = lp32(ibuf)[2], lp32(obuf)[2] = t ^ lp32(iv)[2], lp32(iv)[2] = t;
t = lp32(ibuf)[3], lp32(obuf)[3] = t ^ lp32(iv)[3], lp32(iv)[3] = t;
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
cnt += AES_BLOCK_SIZE;
}
else
# endif
while(cnt + AES_BLOCK_SIZE <= len)
{ uint_8t t;
assert(b_pos == 0);
aes_encrypt(iv, iv, ctx);
t = ibuf[ 0], obuf[ 0] = t ^ iv[ 0], iv[ 0] = t;
t = ibuf[ 1], obuf[ 1] = t ^ iv[ 1], iv[ 1] = t;
t = ibuf[ 2], obuf[ 2] = t ^ iv[ 2], iv[ 2] = t;
t = ibuf[ 3], obuf[ 3] = t ^ iv[ 3], iv[ 3] = t;
t = ibuf[ 4], obuf[ 4] = t ^ iv[ 4], iv[ 4] = t;
t = ibuf[ 5], obuf[ 5] = t ^ iv[ 5], iv[ 5] = t;
t = ibuf[ 6], obuf[ 6] = t ^ iv[ 6], iv[ 6] = t;
t = ibuf[ 7], obuf[ 7] = t ^ iv[ 7], iv[ 7] = t;
t = ibuf[ 8], obuf[ 8] = t ^ iv[ 8], iv[ 8] = t;
t = ibuf[ 9], obuf[ 9] = t ^ iv[ 9], iv[ 9] = t;
t = ibuf[10], obuf[10] = t ^ iv[10], iv[10] = t;
t = ibuf[11], obuf[11] = t ^ iv[11], iv[11] = t;
t = ibuf[12], obuf[12] = t ^ iv[12], iv[12] = t;
t = ibuf[13], obuf[13] = t ^ iv[13], iv[13] = t;
t = ibuf[14], obuf[14] = t ^ iv[14], iv[14] = t;
t = ibuf[15], obuf[15] = t ^ iv[15], iv[15] = t;
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
cnt += AES_BLOCK_SIZE;
}
#endif
}
while(cnt < len)
{ uint_8t t;
if(!b_pos)
aes_ecb_encrypt(iv, iv, AES_BLOCK_SIZE, ctx);
while(cnt < len && b_pos < AES_BLOCK_SIZE)
t = *ibuf++, *obuf++ = t ^ iv[b_pos], iv[b_pos++] = t, cnt++;
b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
}
ctx->inf.b[2] = b_pos;
return EXIT_SUCCESS;
}
aes_rval aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx ctx[1])
{ int cnt = 0, b_pos = (int)ctx->inf.b[2], nb;
if(b_pos) /* complete any partial block */
{
while(b_pos < AES_BLOCK_SIZE && cnt < len)
*obuf++ = iv[b_pos++] ^ *ibuf++, cnt++;
b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
}
if((nb = (len - cnt) >> 4) != 0) /* process whole blocks */
{
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
{ int m;
uint_8t *ksp = (uint_8t*)(ctx->ks), *ivp = iv;
aligned_auto(uint_8t, liv, AES_BLOCK_SIZE, 16);
via_cwd(cwd, hybrid, enc, 2* ctx->inf.b[0] - 192);
if(addr_mod_16(ctx))
return EXIT_FAILURE;
if(addr_mod_16(iv)) /* ensure an aligned iv */
{
ivp = liv;
memcpy(liv, iv, AES_BLOCK_SIZE);
}
if(!addr_mod_16(ibuf) && !addr_mod_16(obuf))
{
via_ofb_op6(ksp, cwd, ibuf, obuf, nb, ivp);
ibuf += nb * AES_BLOCK_SIZE;
obuf += nb * AES_BLOCK_SIZE;
cnt += nb * AES_BLOCK_SIZE;
}
else /* input, output or both are unaligned */
{ aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint_8t *ip, *op;
while(nb)
{
m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb), nb -= m;
ip = (addr_mod_16(ibuf) ? buf : (uint_8t*)ibuf);
op = (addr_mod_16(obuf) ? buf : obuf);
if(ip != ibuf)
memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
via_ofb_op6(ksp, cwd, ip, op, m, ivp);
if(op != obuf)
memcpy(obuf, buf, m * AES_BLOCK_SIZE);
ibuf += m * AES_BLOCK_SIZE;
obuf += m * AES_BLOCK_SIZE;
cnt += m * AES_BLOCK_SIZE;
}
}
if(ivp != iv)
memcpy(iv, ivp, AES_BLOCK_SIZE);
}
#else
# ifdef FAST_BUFFER_OPERATIONS
if(!addr_mod_04(ibuf) && !addr_mod_04(obuf) && !addr_mod_04(iv))
while(cnt + AES_BLOCK_SIZE <= len)
{
assert(b_pos == 0);
aes_encrypt(iv, iv, ctx);
lp32(obuf)[0] = lp32(iv)[0] ^ lp32(ibuf)[0];
lp32(obuf)[1] = lp32(iv)[1] ^ lp32(ibuf)[1];
lp32(obuf)[2] = lp32(iv)[2] ^ lp32(ibuf)[2];
lp32(obuf)[3] = lp32(iv)[3] ^ lp32(ibuf)[3];
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
cnt += AES_BLOCK_SIZE;
}
else
# endif
while(cnt + AES_BLOCK_SIZE <= len)
{
assert(b_pos == 0);
aes_encrypt(iv, iv, ctx);
obuf[ 0] = iv[ 0] ^ ibuf[ 0]; obuf[ 1] = iv[ 1] ^ ibuf[ 1];
obuf[ 2] = iv[ 2] ^ ibuf[ 2]; obuf[ 3] = iv[ 3] ^ ibuf[ 3];
obuf[ 4] = iv[ 4] ^ ibuf[ 4]; obuf[ 5] = iv[ 5] ^ ibuf[ 5];
obuf[ 6] = iv[ 6] ^ ibuf[ 6]; obuf[ 7] = iv[ 7] ^ ibuf[ 7];
obuf[ 8] = iv[ 8] ^ ibuf[ 8]; obuf[ 9] = iv[ 9] ^ ibuf[ 9];
obuf[10] = iv[10] ^ ibuf[10]; obuf[11] = iv[11] ^ ibuf[11];
obuf[12] = iv[12] ^ ibuf[12]; obuf[13] = iv[13] ^ ibuf[13];
obuf[14] = iv[14] ^ ibuf[14]; obuf[15] = iv[15] ^ ibuf[15];
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
cnt += AES_BLOCK_SIZE;
}
#endif
}
while(cnt < len)
{
if(!b_pos)
aes_ecb_encrypt(iv, iv, AES_BLOCK_SIZE, ctx);
while(cnt < len && b_pos < AES_BLOCK_SIZE)
*obuf++ = iv[b_pos++] ^ *ibuf++, cnt++;
b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
}
ctx->inf.b[2] = b_pos;
return EXIT_SUCCESS;
}
#define BFR_LENGTH (BFR_BLOCKS * AES_BLOCK_SIZE)
aes_rval aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx ctx[1])
{ uint_8t *ip;
int i, blen, b_pos = (int)(ctx->inf.b[2]);
#if defined( USE_VIA_ACE_IF_PRESENT )
aligned_auto(uint_8t, buf, BFR_LENGTH, 16);
if(ctx->inf.b[1] == 0xff && addr_mod_16(ctx))
return EXIT_FAILURE;
#else
uint_8t buf[BFR_LENGTH];
#endif
if(b_pos)
{
memcpy(buf, cbuf, AES_BLOCK_SIZE);
aes_ecb_encrypt(buf, buf, AES_BLOCK_SIZE, ctx);
while(b_pos < AES_BLOCK_SIZE && len--)
*obuf++ = *ibuf++ ^ buf[b_pos++];
if(len)
ctr_inc(cbuf), b_pos = 0;
}
while(len)
{
blen = (len > BFR_LENGTH ? BFR_LENGTH : len), len -= blen;
for(i = 0, ip = buf; i < (blen >> 4); ++i)
{
memcpy(ip, cbuf, AES_BLOCK_SIZE);
ctr_inc(cbuf);
ip += AES_BLOCK_SIZE;
}
if(blen & (AES_BLOCK_SIZE - 1))
memcpy(ip, cbuf, AES_BLOCK_SIZE), i++;
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
{
via_cwd(cwd, hybrid, enc, 2* ctx->inf.b[0] - 192);
via_ecb_op5((ctx->ks),cwd,buf,buf,i);
}
else
#endif
aes_ecb_encrypt(buf, buf, i * AES_BLOCK_SIZE, ctx);
i = 0; ip = buf;
# ifdef FAST_BUFFER_OPERATIONS
if(!addr_mod_04(ibuf) && !addr_mod_04(obuf) && !addr_mod_04(ip))
while(i + AES_BLOCK_SIZE <= blen)
{
lp32(obuf)[0] = lp32(ibuf)[0] ^ lp32(ip)[0];
lp32(obuf)[1] = lp32(ibuf)[1] ^ lp32(ip)[1];
lp32(obuf)[2] = lp32(ibuf)[2] ^ lp32(ip)[2];
lp32(obuf)[3] = lp32(ibuf)[3] ^ lp32(ip)[3];
i += AES_BLOCK_SIZE;
ip += AES_BLOCK_SIZE;
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
}
else
#endif
while(i + AES_BLOCK_SIZE <= blen)
{
obuf[ 0] = ibuf[ 0] ^ ip[ 0]; obuf[ 1] = ibuf[ 1] ^ ip[ 1];
obuf[ 2] = ibuf[ 2] ^ ip[ 2]; obuf[ 3] = ibuf[ 3] ^ ip[ 3];
obuf[ 4] = ibuf[ 4] ^ ip[ 4]; obuf[ 5] = ibuf[ 5] ^ ip[ 5];
obuf[ 6] = ibuf[ 6] ^ ip[ 6]; obuf[ 7] = ibuf[ 7] ^ ip[ 7];
obuf[ 8] = ibuf[ 8] ^ ip[ 8]; obuf[ 9] = ibuf[ 9] ^ ip[ 9];
obuf[10] = ibuf[10] ^ ip[10]; obuf[11] = ibuf[11] ^ ip[11];
obuf[12] = ibuf[12] ^ ip[12]; obuf[13] = ibuf[13] ^ ip[13];
obuf[14] = ibuf[14] ^ ip[14]; obuf[15] = ibuf[15] ^ ip[15];
i += AES_BLOCK_SIZE;
ip += AES_BLOCK_SIZE;
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
}
while(i++ < blen)
*obuf++ = *ibuf++ ^ ip[b_pos++];
}
ctx->inf.b[2] = b_pos;
return EXIT_SUCCESS;
}
#if defined(__cplusplus)
}
#endif
#endif

131
src/crypto/aes_tdefs.h Normal file
View File

@@ -0,0 +1,131 @@
/*
---------------------------------------------------------------------------
Copyright (c) 2003, Dr Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue 31/01/2006
The unsigned integer types defined here are of the form uint_<nn>t where
<nn> is the length of the type; for example, the unsigned 32-bit type is
'uint_32t'. These are NOT the same as the 'C99 integer types' that are
defined in the inttypes.h and stdint.h headers since attempts to use these
types have shown that support for them is still highly variable. However,
since the latter are of the form uint<nn>_t, a regular expression search
and replace (in VC++ search on 'uint_{:z}t' and replace with 'uint\1_t')
can be used to convert the types used here to the C99 standard types.
*/
#ifndef TDEFS_H
#define TDEFS_H
#if defined(__cplusplus)
extern "C"
{
#endif
#include <limits.h>
#if UCHAR_MAX == 0xff
typedef unsigned char uint_8t;
#else
# error Please define uint_8t as an 8-bit unsigned integer type in tdefs.h
#endif
#if USHRT_MAX == 0xffff
typedef unsigned short uint_16t;
#else
# error Please define uint_16t as a 16-bit unsigned short type in tdefs.h
#endif
#if UINT_MAX == 0xffffffff
typedef unsigned int uint_32t;
#elif ULONG_MAX == 0xfffffffful
typedef unsigned long uint_32t;
#elif defined( _CRAY )
# error This code needs 32-bit data types, which Cray machines don't provide
#else
# error Please define uint_32t as a 32-bit unsigned integer type in tdefs.h
#endif
#if defined( NEED_UINT_64T )
# define li_64(h) 0x##h##ull
# if defined( _MSC_VER )
# if _MSC_VER < 1310
typedef unsigned __int64 uint_64t;
# undef li_64
# define li_64(h) 0x##h##ui64
# else
typedef unsigned long long uint_64t;
# endif
# elif defined( __BORLANDC__ ) && !defined( __MSDOS__ )
typedef __int64 uint_64t;
# elif defined( __sun ) && defined(ULONG_MAX) && ULONG_MAX == 0xfffffffful
typedef unsigned long long uint_64t;
# elif defined( ULONG_LONG_MAX ) && ULONG_LONG_MAX == 0xffffffffffffffffull
typedef unsigned long long uint_64t;
# elif defined( ULLONG_MAX ) && ULLONG_MAX == 0xffffffffffffffffull
typedef unsigned long long uint_64t;
# elif defined( ULONG_MAX ) && ULONG_MAX == 0xfffffffffffffffful
typedef unsigned long uint_64t;
# elif defined( UINT_MAX ) && UINT_MAX == 0xffffffffffffffff
typedef unsigned int uint_64t;
# else
# error Please define uint_64t as an unsigned 64 bit type in tdefs.h
# endif
#endif
#if defined( DLL_EXPORT )
# if defined( _MSC_VER ) || defined ( __INTEL_COMPILER )
# define void_ret __declspec( dllexport ) void __stdcall
# define int_ret __declspec( dllexport ) int __stdcall
# elif defined( __GNUC__ )
# define void_ret __declspec( __dllexport__ ) void
# define int_ret __declspec( __dllexport__ ) int
# else
# error Use of the DLL is only available on the Microsoft, Intel and GCC compilers
# endif
#elif defined( DLL_IMPORT )
# if defined( _MSC_VER ) || defined ( __INTEL_COMPILER )
# define void_ret __declspec( dllimport ) void __stdcall
# define int_ret __declspec( dllimport ) int __stdcall
# elif defined( __GNUC__ )
# define void_ret __declspec( __dllimport__ ) void
# define int_ret __declspec( __dllimport__ ) int
# else
# error Use of the DLL is only available on the Microsoft, Intel and GCC compilers
# endif
#elif defined( __WATCOMC__ )
# define void_ret void __cdecl
# define int_ret int __cdecl
#else
# define void_ret void
# define int_ret int
#endif
#if defined(__cplusplus)
}
#endif
#endif

153
src/crypto/aescpp.h Normal file
View File

@@ -0,0 +1,153 @@
/*
---------------------------------------------------------------------------
Copyright (c) 2003, Dr Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue 31/01/2006
This file contains the definitions required to use AES (Rijndael) in C++.
*/
#ifndef _AESCPP_H
#define _AESCPP_H
#include "aes.h"
#if defined( AES_ENCRYPT )
class AESencrypt
{
public:
aes_encrypt_ctx cx[1];
AESencrypt(void) { gen_tabs(); };
#ifdef AES_128
AESencrypt(const unsigned char key[])
{ aes_encrypt_key128(key, cx); }
aes_rval key128(const unsigned char key[])
{ return aes_encrypt_key128(key, cx); }
#endif
#ifdef AES_192
aes_rval key192(const unsigned char key[])
{ return aes_encrypt_key192(key, cx); }
#endif
#ifdef AES_256
aes_rval key256(const unsigned char key[])
{ return aes_encrypt_key256(key, cx); }
#endif
#ifdef AES_VAR
aes_rval key(const unsigned char key[], int key_len)
{ return aes_encrypt_key(key, key_len, cx); }
#endif
aes_rval encrypt(const unsigned char in[], unsigned char out[]) const
{ return aes_encrypt(in, out, cx); }
#ifndef AES_MODES
aes_rval ecb_encrypt(const unsigned char in[], unsigned char out[], int nb) const
{ while(nb--)
{ aes_encrypt(in, out, cx), in += AES_BLOCK_SIZE, out += AES_BLOCK_SIZE; }
}
#endif
#ifdef AES_MODES
aes_rval mode_reset(void) { return aes_mode_reset(cx); }
aes_rval ecb_encrypt(const unsigned char in[], unsigned char out[], int nb) const
{ return aes_ecb_encrypt(in, out, nb, cx); }
aes_rval cbc_encrypt(const unsigned char in[], unsigned char out[], int nb,
unsigned char iv[]) const
{ return aes_cbc_encrypt(in, out, nb, iv, cx); }
aes_rval cfb_encrypt(const unsigned char in[], unsigned char out[], int nb,
unsigned char iv[])
{ return aes_cfb_encrypt(in, out, nb, iv, cx); }
aes_rval cfb_decrypt(const unsigned char in[], unsigned char out[], int nb,
unsigned char iv[])
{ return aes_cfb_decrypt(in, out, nb, iv, cx); }
aes_rval ofb_crypt(const unsigned char in[], unsigned char out[], int nb,
unsigned char iv[])
{ return aes_ofb_crypt(in, out, nb, iv, cx); }
typedef void ctr_fn(unsigned char ctr[]);
aes_rval ctr_crypt(const unsigned char in[], unsigned char out[], int nb,
unsigned char iv[], ctr_fn cf)
{ return aes_ctr_crypt(in, out, nb, iv, cf, cx); }
#endif
};
#endif
#if defined( AES_DECRYPT )
class AESdecrypt
{
public:
aes_decrypt_ctx cx[1];
AESdecrypt(void) { gen_tabs(); };
#ifdef AES_128
AESdecrypt(const unsigned char key[])
{ aes_decrypt_key128(key, cx); }
aes_rval key128(const unsigned char key[])
{ return aes_decrypt_key128(key, cx); }
#endif
#ifdef AES_192
aes_rval key192(const unsigned char key[])
{ return aes_decrypt_key192(key, cx); }
#endif
#ifdef AES_256
aes_rval key256(const unsigned char key[])
{ return aes_decrypt_key256(key, cx); }
#endif
#ifdef AES_VAR
aes_rval key(const unsigned char key[], int key_len)
{ return aes_decrypt_key(key, key_len, cx); }
#endif
aes_rval decrypt(const unsigned char in[], unsigned char out[]) const
{ return aes_decrypt(in, out, cx); }
#ifndef AES_MODES
aes_rval ecb_decrypt(const unsigned char in[], unsigned char out[], int nb) const
{ while(nb--)
{ aes_decrypt(in, out, cx), in += AES_BLOCK_SIZE, out += AES_BLOCK_SIZE; }
}
#endif
#ifdef AES_MODES
aes_rval ecb_decrypt(const unsigned char in[], unsigned char out[], int nb) const
{ return aes_ecb_decrypt(in, out, nb, cx); }
aes_rval cbc_decrypt(const unsigned char in[], unsigned char out[], int nb,
unsigned char iv[]) const
{ return aes_cbc_decrypt(in, out, nb, iv, cx); }
#endif
};
#endif
#endif

316
src/crypto/aescrypt.c Normal file
View File

@@ -0,0 +1,316 @@
/*
---------------------------------------------------------------------------
Copyright (c) 2003, Dr Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue 31/01/2006
*/
#include "aesopt.h"
#include "aestab.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#define si(y,x,k,c) (s(y,c) = word_in(x, c) ^ (k)[c])
#define so(y,x,c) word_out(y, c, s(x,c))
#if defined(ARRAYS)
#define locals(y,x) x[4],y[4]
#else
#define locals(y,x) x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3
#endif
#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \
s(y,2) = s(x,2); s(y,3) = s(x,3);
#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3)
#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3)
#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3)
#if ( FUNCS_IN_C & ENCRYPTION_IN_C)
/* Visual C++ .Net v7.1 provides the fastest encryption code when using
Pentium optimiation with small code but this is poor for decryption
so we need to control this with the following VC++ pragmas
*/
#if defined( _MSC_VER ) && !defined( _WIN64 )
#pragma optimize( "s", on )
#endif
/* Given the column (c) of the output state variable, the following
macros give the input state variables which are needed in its
computation for each row (r) of the state. All the alternative
macros give the same end values but expand into different ways
of calculating these values. In particular the complex macro
used for dynamically variable block sizes is designed to expand
to a compile time constant whenever possible but will expand to
conditional clauses on some branches (I am grateful to Frank
Yellin for this construction)
*/
#define fwd_var(x,r,c)\
( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\
: r == 1 ? ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0))\
: r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\
: ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2)))
#if defined(FT4_SET)
#undef dec_fmvars
#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,n),fwd_var,rf1,c))
#elif defined(FT1_SET)
#undef dec_fmvars
#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(f,n),fwd_var,rf1,c))
#else
#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ fwd_mcol(no_table(x,t_use(s,box),fwd_var,rf1,c)))
#endif
#if defined(FL4_SET)
#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,l),fwd_var,rf1,c))
#elif defined(FL1_SET)
#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(f,l),fwd_var,rf1,c))
#else
#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(s,box),fwd_var,rf1,c))
#endif
aes_rval aes_encrypt(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1])
{ uint_32t locals(b0, b1);
const uint_32t *kp;
#if defined( dec_fmvars )
dec_fmvars; /* declare variables for fwd_mcol() if needed */
#endif
#if defined( AES_ERR_CHK )
if( cx->inf.b[0] != 10 * 16 && cx->inf.b[0] != 12 * 16 && cx->inf.b[0] != 14 * 16 )
return EXIT_FAILURE;
#endif
kp = cx->ks;
state_in(b0, in, kp);
#if (ENC_UNROLL == FULL)
switch(cx->inf.b[0])
{
case 14 * 16:
round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
kp += 2 * N_COLS;
case 12 * 16:
round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
kp += 2 * N_COLS;
case 10 * 16:
round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
round(fwd_rnd, b1, b0, kp + 3 * N_COLS);
round(fwd_rnd, b0, b1, kp + 4 * N_COLS);
round(fwd_rnd, b1, b0, kp + 5 * N_COLS);
round(fwd_rnd, b0, b1, kp + 6 * N_COLS);
round(fwd_rnd, b1, b0, kp + 7 * N_COLS);
round(fwd_rnd, b0, b1, kp + 8 * N_COLS);
round(fwd_rnd, b1, b0, kp + 9 * N_COLS);
round(fwd_lrnd, b0, b1, kp +10 * N_COLS);
}
#else
#if (ENC_UNROLL == PARTIAL)
{ uint_32t rnd;
for(rnd = 0; rnd < (cx->inf.b[0] >> 5) - 1; ++rnd)
{
kp += N_COLS;
round(fwd_rnd, b1, b0, kp);
kp += N_COLS;
round(fwd_rnd, b0, b1, kp);
}
kp += N_COLS;
round(fwd_rnd, b1, b0, kp);
#else
{ uint_32t rnd;
for(rnd = 0; rnd < (cx->inf.b[0] >> 4) - 1; ++rnd)
{
kp += N_COLS;
round(fwd_rnd, b1, b0, kp);
l_copy(b0, b1);
}
#endif
kp += N_COLS;
round(fwd_lrnd, b0, b1, kp);
}
#endif
state_out(out, b0);
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
}
#endif
#if ( FUNCS_IN_C & DECRYPTION_IN_C)
/* Visual C++ .Net v7.1 provides the fastest encryption code when using
Pentium optimiation with small code but this is poor for decryption
so we need to control this with the following VC++ pragmas
*/
#if defined( _MSC_VER ) && !defined( _WIN64 )
#pragma optimize( "t", on )
#endif
/* Given the column (c) of the output state variable, the following
macros give the input state variables which are needed in its
computation for each row (r) of the state. All the alternative
macros give the same end values but expand into different ways
of calculating these values. In particular the complex macro
used for dynamically variable block sizes is designed to expand
to a compile time constant whenever possible but will expand to
conditional clauses on some branches (I am grateful to Frank
Yellin for this construction)
*/
#define inv_var(x,r,c)\
( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\
: r == 1 ? ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2))\
: r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\
: ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0)))
#if defined(IT4_SET)
#undef dec_imvars
#define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,n),inv_var,rf1,c))
#elif defined(IT1_SET)
#undef dec_imvars
#define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(i,n),inv_var,rf1,c))
#else
#define inv_rnd(y,x,k,c) (s(y,c) = inv_mcol((k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c)))
#endif
#if defined(IL4_SET)
#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,l),inv_var,rf1,c))
#elif defined(IL1_SET)
#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(i,l),inv_var,rf1,c))
#else
#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c))
#endif
/* This code can work with the decryption key schedule in the */
/* order that is used for encrytpion (where the 1st decryption */
/* round key is at the high end ot the schedule) or with a key */
/* schedule that has been reversed to put the 1st decryption */
/* round key at the low end of the schedule in memory (when */
/* AES_REV_DKS is defined) */
#ifdef AES_REV_DKS
#define key_ofs 0
#define rnd_key(n) (kp + n * N_COLS)
#else
#define key_ofs 1
#define rnd_key(n) (kp - n * N_COLS)
#endif
aes_rval aes_decrypt(const unsigned char *in, unsigned char *out, const aes_decrypt_ctx cx[1])
{ uint_32t locals(b0, b1);
#if defined( dec_imvars )
dec_imvars; /* declare variables for inv_mcol() if needed */
#endif
const uint_32t *kp;
#if defined( AES_ERR_CHK )
if( cx->inf.b[0] != 10 * 16 && cx->inf.b[0] != 12 * 16 && cx->inf.b[0] != 14 * 16 )
return EXIT_FAILURE;
#endif
kp = cx->ks + (key_ofs ? (cx->inf.b[0] >> 2) : 0);
state_in(b0, in, kp);
#if (DEC_UNROLL == FULL)
kp = cx->ks + (key_ofs ? 0 : (cx->inf.b[0] >> 2));
switch(cx->inf.b[0])
{
case 14 * 16:
round(inv_rnd, b1, b0, rnd_key(-13));
round(inv_rnd, b0, b1, rnd_key(-12));
case 12 * 16:
round(inv_rnd, b1, b0, rnd_key(-11));
round(inv_rnd, b0, b1, rnd_key(-10));
case 10 * 16:
round(inv_rnd, b1, b0, rnd_key(-9));
round(inv_rnd, b0, b1, rnd_key(-8));
round(inv_rnd, b1, b0, rnd_key(-7));
round(inv_rnd, b0, b1, rnd_key(-6));
round(inv_rnd, b1, b0, rnd_key(-5));
round(inv_rnd, b0, b1, rnd_key(-4));
round(inv_rnd, b1, b0, rnd_key(-3));
round(inv_rnd, b0, b1, rnd_key(-2));
round(inv_rnd, b1, b0, rnd_key(-1));
round(inv_lrnd, b0, b1, rnd_key( 0));
}
#else
#if (DEC_UNROLL == PARTIAL)
{ uint_32t rnd;
for(rnd = 0; rnd < (cx->inf.b[0] >> 5) - 1; ++rnd)
{
kp = rnd_key(1);
round(inv_rnd, b1, b0, kp);
kp = rnd_key(1);
round(inv_rnd, b0, b1, kp);
}
kp = rnd_key(1);
round(inv_rnd, b1, b0, kp);
#else
{ uint_32t rnd;
for(rnd = 0; rnd < (cx->inf.b[0] >> 4) - 1; ++rnd)
{
kp = rnd_key(1);
round(inv_rnd, b1, b0, kp);
l_copy(b0, b1);
}
#endif
kp = rnd_key(1);
round(inv_lrnd, b0, b1, kp);
}
#endif
state_out(out, b0);
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
}
#endif
#if defined(__cplusplus)
}
#endif

578
src/crypto/aeskey.c Normal file
View File

@@ -0,0 +1,578 @@
/*
---------------------------------------------------------------------------
Copyright (c) 2003, Dr Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue 31/01/2006
*/
#include "aesopt.h"
#include "aestab.h"
#ifdef USE_VIA_ACE_IF_PRESENT
#include "via_ace.h"
#endif
#if defined(__cplusplus)
extern "C"
{
#endif
/* Initialise the key schedule from the user supplied key. The key
length can be specified in bytes, with legal values of 16, 24
and 32, or in bits, with legal values of 128, 192 and 256. These
values correspond with Nk values of 4, 6 and 8 respectively.
The following macros implement a single cycle in the key
schedule generation process. The number of cycles needed
for each cx->n_col and nk value is:
nk = 4 5 6 7 8
------------------------------
cx->n_col = 4 10 9 8 7 7
cx->n_col = 5 14 11 10 9 9
cx->n_col = 6 19 15 12 11 11
cx->n_col = 7 21 19 16 13 14
cx->n_col = 8 29 23 19 17 14
*/
#if (FUNCS_IN_C & ENC_KEYING_IN_C)
#if defined(AES_128) || defined(AES_VAR)
#define ke4(k,i) \
{ k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; \
k[4*(i)+5] = ss[1] ^= ss[0]; \
k[4*(i)+6] = ss[2] ^= ss[1]; \
k[4*(i)+7] = ss[3] ^= ss[2]; \
}
aes_rval aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1])
{ uint_32t ss[4];
cx->ks[0] = ss[0] = word_in(key, 0);
cx->ks[1] = ss[1] = word_in(key, 1);
cx->ks[2] = ss[2] = word_in(key, 2);
cx->ks[3] = ss[3] = word_in(key, 3);
#if ENC_UNROLL == NONE
{ uint_32t i;
for(i = 0; i < 9; ++i)
ke4(cx->ks, i);
}
#else
ke4(cx->ks, 0); ke4(cx->ks, 1);
ke4(cx->ks, 2); ke4(cx->ks, 3);
ke4(cx->ks, 4); ke4(cx->ks, 5);
ke4(cx->ks, 6); ke4(cx->ks, 7);
ke4(cx->ks, 8);
#endif
ke4(cx->ks, 9);
cx->inf.l = 0;
cx->inf.b[0] = 10 * 16;
#ifdef USE_VIA_ACE_IF_PRESENT
if(VIA_ACE_AVAILABLE)
cx->inf.b[1] = 0xff;
#endif
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
}
#endif
#if defined(AES_192) || defined(AES_VAR)
#define kef6(k,i) \
{ k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; \
k[6*(i)+ 7] = ss[1] ^= ss[0]; \
k[6*(i)+ 8] = ss[2] ^= ss[1]; \
k[6*(i)+ 9] = ss[3] ^= ss[2]; \
}
#define ke6(k,i) \
{ kef6(k,i); \
k[6*(i)+10] = ss[4] ^= ss[3]; \
k[6*(i)+11] = ss[5] ^= ss[4]; \
}
aes_rval aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1])
{ uint_32t ss[6];
cx->ks[0] = ss[0] = word_in(key, 0);
cx->ks[1] = ss[1] = word_in(key, 1);
cx->ks[2] = ss[2] = word_in(key, 2);
cx->ks[3] = ss[3] = word_in(key, 3);
cx->ks[4] = ss[4] = word_in(key, 4);
cx->ks[5] = ss[5] = word_in(key, 5);
#if ENC_UNROLL == NONE
{ uint_32t i;
for(i = 0; i < 7; ++i)
ke6(cx->ks, i);
}
#else
ke6(cx->ks, 0); ke6(cx->ks, 1);
ke6(cx->ks, 2); ke6(cx->ks, 3);
ke6(cx->ks, 4); ke6(cx->ks, 5);
ke6(cx->ks, 6);
#endif
kef6(cx->ks, 7);
cx->inf.l = 0;
cx->inf.b[0] = 12 * 16;
#ifdef USE_VIA_ACE_IF_PRESENT
if(VIA_ACE_AVAILABLE)
cx->inf.b[1] = 0xff;
#endif
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
}
#endif
#if defined(AES_256) || defined(AES_VAR)
#define kef8(k,i) \
{ k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; \
k[8*(i)+ 9] = ss[1] ^= ss[0]; \
k[8*(i)+10] = ss[2] ^= ss[1]; \
k[8*(i)+11] = ss[3] ^= ss[2]; \
}
#define ke8(k,i) \
{ kef8(k,i); \
k[8*(i)+12] = ss[4] ^= ls_box(ss[3],0); \
k[8*(i)+13] = ss[5] ^= ss[4]; \
k[8*(i)+14] = ss[6] ^= ss[5]; \
k[8*(i)+15] = ss[7] ^= ss[6]; \
}
aes_rval aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1])
{ uint_32t ss[8];
cx->ks[0] = ss[0] = word_in(key, 0);
cx->ks[1] = ss[1] = word_in(key, 1);
cx->ks[2] = ss[2] = word_in(key, 2);
cx->ks[3] = ss[3] = word_in(key, 3);
cx->ks[4] = ss[4] = word_in(key, 4);
cx->ks[5] = ss[5] = word_in(key, 5);
cx->ks[6] = ss[6] = word_in(key, 6);
cx->ks[7] = ss[7] = word_in(key, 7);
#if ENC_UNROLL == NONE
{ uint_32t i;
for(i = 0; i < 6; ++i)
ke8(cx->ks, i);
}
#else
ke8(cx->ks, 0); ke8(cx->ks, 1);
ke8(cx->ks, 2); ke8(cx->ks, 3);
ke8(cx->ks, 4); ke8(cx->ks, 5);
#endif
kef8(cx->ks, 6);
cx->inf.l = 0;
cx->inf.b[0] = 14 * 16;
#ifdef USE_VIA_ACE_IF_PRESENT
if(VIA_ACE_AVAILABLE)
cx->inf.b[1] = 0xff;
#endif
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
}
#endif
#if defined(AES_VAR)
aes_rval aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1])
{
switch(key_len)
{
#if defined( AES_ERR_CHK )
case 16: case 128: return aes_encrypt_key128(key, cx);
case 24: case 192: return aes_encrypt_key192(key, cx);
case 32: case 256: return aes_encrypt_key256(key, cx);
default: return EXIT_FAILURE;
#else
case 16: case 128: aes_encrypt_key128(key, cx); return;
case 24: case 192: aes_encrypt_key192(key, cx); return;
case 32: case 256: aes_encrypt_key256(key, cx); return;
#endif
}
}
#endif
#endif
#if (FUNCS_IN_C & DEC_KEYING_IN_C)
/* this is used to store the decryption round keys */
/* in forward or reverse order */
#ifdef AES_REV_DKS
#define v(n,i) ((n) - (i) + 2 * ((i) & 3))
#else
#define v(n,i) (i)
#endif
#if DEC_ROUND == NO_TABLES
#define ff(x) (x)
#else
#define ff(x) inv_mcol(x)
#if defined( dec_imvars )
#define d_vars dec_imvars
#endif
#endif
#if defined(AES_128) || defined(AES_VAR)
#define k4e(k,i) \
{ k[v(40,(4*(i))+4)] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; \
k[v(40,(4*(i))+5)] = ss[1] ^= ss[0]; \
k[v(40,(4*(i))+6)] = ss[2] ^= ss[1]; \
k[v(40,(4*(i))+7)] = ss[3] ^= ss[2]; \
}
#if 1
#define kdf4(k,i) \
{ ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; \
ss[1] = ss[1] ^ ss[3]; \
ss[2] = ss[2] ^ ss[3]; \
ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; \
ss[i % 4] ^= ss[4]; \
ss[4] ^= k[v(40,(4*(i)))]; k[v(40,(4*(i))+4)] = ff(ss[4]); \
ss[4] ^= k[v(40,(4*(i))+1)]; k[v(40,(4*(i))+5)] = ff(ss[4]); \
ss[4] ^= k[v(40,(4*(i))+2)]; k[v(40,(4*(i))+6)] = ff(ss[4]); \
ss[4] ^= k[v(40,(4*(i))+3)]; k[v(40,(4*(i))+7)] = ff(ss[4]); \
}
#define kd4(k,i) \
{ ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; \
ss[i % 4] ^= ss[4]; ss[4] = ff(ss[4]); \
k[v(40,(4*(i))+4)] = ss[4] ^= k[v(40,(4*(i)))]; \
k[v(40,(4*(i))+5)] = ss[4] ^= k[v(40,(4*(i))+1)]; \
k[v(40,(4*(i))+6)] = ss[4] ^= k[v(40,(4*(i))+2)]; \
k[v(40,(4*(i))+7)] = ss[4] ^= k[v(40,(4*(i))+3)]; \
}
#define kdl4(k,i) \
{ ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
k[v(40,(4*(i))+4)] = (ss[0] ^= ss[1]) ^ ss[2] ^ ss[3]; \
k[v(40,(4*(i))+5)] = ss[1] ^ ss[3]; \
k[v(40,(4*(i))+6)] = ss[0]; \
k[v(40,(4*(i))+7)] = ss[1]; \
}
#else
#define kdf4(k,i) \
{ ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[v(40,(4*(i))+ 4)] = ff(ss[0]); \
ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ff(ss[1]); \
ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ff(ss[2]); \
ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ff(ss[3]); \
}
#define kd4(k,i) \
{ ss[4] = ls_box(ss[3],3) ^ t_use(r,c)[i]; \
ss[0] ^= ss[4]; ss[4] = ff(ss[4]); k[v(40,(4*(i))+ 4)] = ss[4] ^= k[v(40,(4*(i)))]; \
ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ss[4] ^= k[v(40,(4*(i))+ 1)]; \
ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ss[4] ^= k[v(40,(4*(i))+ 2)]; \
ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ss[4] ^= k[v(40,(4*(i))+ 3)]; \
}
#define kdl4(k,i) \
{ ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[v(40,(4*(i))+ 4)] = ss[0]; \
ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ss[1]; \
ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ss[2]; \
ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ss[3]; \
}
#endif
aes_rval aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1])
{ uint_32t ss[5];
#if defined( d_vars )
d_vars;
#endif
cx->ks[v(40,(0))] = ss[0] = word_in(key, 0);
cx->ks[v(40,(1))] = ss[1] = word_in(key, 1);
cx->ks[v(40,(2))] = ss[2] = word_in(key, 2);
cx->ks[v(40,(3))] = ss[3] = word_in(key, 3);
#if DEC_UNROLL == NONE
{ uint_32t i;
for(i = 0; i < 10; ++i)
k4e(cx->ks, i);
#if !(DEC_ROUND == NO_TABLES)
for(i = N_COLS; i < 10 * N_COLS; ++i)
cx->ks[i] = inv_mcol(cx->ks[i]);
#endif
}
#else
kdf4(cx->ks, 0); kd4(cx->ks, 1);
kd4(cx->ks, 2); kd4(cx->ks, 3);
kd4(cx->ks, 4); kd4(cx->ks, 5);
kd4(cx->ks, 6); kd4(cx->ks, 7);
kd4(cx->ks, 8); kdl4(cx->ks, 9);
#endif
cx->inf.l = 0;
cx->inf.b[0] = 10 * 16;
#ifdef USE_VIA_ACE_IF_PRESENT
if(VIA_ACE_AVAILABLE)
cx->inf.b[1] = 0xff;
#endif
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
}
#endif
#if defined(AES_192) || defined(AES_VAR)
#define k6ef(k,i) \
{ k[v(48,(6*(i))+ 6)] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; \
k[v(48,(6*(i))+ 7)] = ss[1] ^= ss[0]; \
k[v(48,(6*(i))+ 8)] = ss[2] ^= ss[1]; \
k[v(48,(6*(i))+ 9)] = ss[3] ^= ss[2]; \
}
#define k6e(k,i) \
{ k6ef(k,i); \
k[v(48,(6*(i))+10)] = ss[4] ^= ss[3]; \
k[v(48,(6*(i))+11)] = ss[5] ^= ss[4]; \
}
#define kdf6(k,i) \
{ ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[v(48,(6*(i))+ 6)] = ff(ss[0]); \
ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ff(ss[1]); \
ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ff(ss[2]); \
ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ff(ss[3]); \
ss[4] ^= ss[3]; k[v(48,(6*(i))+10)] = ff(ss[4]); \
ss[5] ^= ss[4]; k[v(48,(6*(i))+11)] = ff(ss[5]); \
}
#define kd6(k,i) \
{ ss[6] = ls_box(ss[5],3) ^ t_use(r,c)[i]; \
ss[0] ^= ss[6]; ss[6] = ff(ss[6]); k[v(48,(6*(i))+ 6)] = ss[6] ^= k[v(48,(6*(i)))]; \
ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ss[6] ^= k[v(48,(6*(i))+ 1)]; \
ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ss[6] ^= k[v(48,(6*(i))+ 2)]; \
ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[6] ^= k[v(48,(6*(i))+ 3)]; \
ss[4] ^= ss[3]; k[v(48,(6*(i))+10)] = ss[6] ^= k[v(48,(6*(i))+ 4)]; \
ss[5] ^= ss[4]; k[v(48,(6*(i))+11)] = ss[6] ^= k[v(48,(6*(i))+ 5)]; \
}
#define kdl6(k,i) \
{ ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[v(48,(6*(i))+ 6)] = ss[0]; \
ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ss[1]; \
ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ss[2]; \
ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[3]; \
}
aes_rval aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1])
{ uint_32t ss[7];
#if defined( d_vars )
d_vars;
#endif
cx->ks[v(48,(0))] = ss[0] = word_in(key, 0);
cx->ks[v(48,(1))] = ss[1] = word_in(key, 1);
cx->ks[v(48,(2))] = ss[2] = word_in(key, 2);
cx->ks[v(48,(3))] = ss[3] = word_in(key, 3);
#if DEC_UNROLL == NONE
cx->ks[v(48,(4))] = ss[4] = word_in(key, 4);
cx->ks[v(48,(5))] = ss[5] = word_in(key, 5);
{ uint_32t i;
for(i = 0; i < 7; ++i)
k6e(cx->ks, i);
k6ef(cx->ks, 7);
#if !(DEC_ROUND == NO_TABLES)
for(i = N_COLS; i < 12 * N_COLS; ++i)
cx->ks[i] = inv_mcol(cx->ks[i]);
#endif
}
#else
cx->ks[v(48,(4))] = ff(ss[4] = word_in(key, 4));
cx->ks[v(48,(5))] = ff(ss[5] = word_in(key, 5));
kdf6(cx->ks, 0); kd6(cx->ks, 1);
kd6(cx->ks, 2); kd6(cx->ks, 3);
kd6(cx->ks, 4); kd6(cx->ks, 5);
kd6(cx->ks, 6); kdl6(cx->ks, 7);
#endif
cx->inf.l = 0;
cx->inf.b[0] = 12 * 16;
#ifdef USE_VIA_ACE_IF_PRESENT
if(VIA_ACE_AVAILABLE)
cx->inf.b[1] = 0xff;
#endif
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
}
#endif
#if defined(AES_256) || defined(AES_VAR)
#define k8ef(k,i) \
{ k[v(56,(8*(i))+ 8)] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; \
k[v(56,(8*(i))+ 9)] = ss[1] ^= ss[0]; \
k[v(56,(8*(i))+10)] = ss[2] ^= ss[1]; \
k[v(56,(8*(i))+11)] = ss[3] ^= ss[2]; \
}
#define k8e(k,i) \
{ k8ef(k,i); \
k[v(56,(8*(i))+12)] = ss[4] ^= ls_box(ss[3],0); \
k[v(56,(8*(i))+13)] = ss[5] ^= ss[4]; \
k[v(56,(8*(i))+14)] = ss[6] ^= ss[5]; \
k[v(56,(8*(i))+15)] = ss[7] ^= ss[6]; \
}
#define kdf8(k,i) \
{ ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[v(56,(8*(i))+ 8)] = ff(ss[0]); \
ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ff(ss[1]); \
ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ff(ss[2]); \
ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ff(ss[3]); \
ss[4] ^= ls_box(ss[3],0); k[v(56,(8*(i))+12)] = ff(ss[4]); \
ss[5] ^= ss[4]; k[v(56,(8*(i))+13)] = ff(ss[5]); \
ss[6] ^= ss[5]; k[v(56,(8*(i))+14)] = ff(ss[6]); \
ss[7] ^= ss[6]; k[v(56,(8*(i))+15)] = ff(ss[7]); \
}
#define kd8(k,i) \
{ ss[8] = ls_box(ss[7],3) ^ t_use(r,c)[i]; \
ss[0] ^= ss[8]; ss[8] = ff(ss[8]); k[v(56,(8*(i))+ 8)] = ss[8] ^= k[v(56,(8*(i)))]; \
ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ss[8] ^= k[v(56,(8*(i))+ 1)]; \
ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ss[8] ^= k[v(56,(8*(i))+ 2)]; \
ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[8] ^= k[v(56,(8*(i))+ 3)]; \
ss[8] = ls_box(ss[3],0); \
ss[4] ^= ss[8]; ss[8] = ff(ss[8]); k[v(56,(8*(i))+12)] = ss[8] ^= k[v(56,(8*(i))+ 4)]; \
ss[5] ^= ss[4]; k[v(56,(8*(i))+13)] = ss[8] ^= k[v(56,(8*(i))+ 5)]; \
ss[6] ^= ss[5]; k[v(56,(8*(i))+14)] = ss[8] ^= k[v(56,(8*(i))+ 6)]; \
ss[7] ^= ss[6]; k[v(56,(8*(i))+15)] = ss[8] ^= k[v(56,(8*(i))+ 7)]; \
}
#define kdl8(k,i) \
{ ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[v(56,(8*(i))+ 8)] = ss[0]; \
ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ss[1]; \
ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ss[2]; \
ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[3]; \
}
aes_rval aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1])
{ uint_32t ss[9];
#if defined( d_vars )
d_vars;
#endif
cx->ks[v(56,(0))] = ss[0] = word_in(key, 0);
cx->ks[v(56,(1))] = ss[1] = word_in(key, 1);
cx->ks[v(56,(2))] = ss[2] = word_in(key, 2);
cx->ks[v(56,(3))] = ss[3] = word_in(key, 3);
#if DEC_UNROLL == NONE
cx->ks[v(56,(4))] = ss[4] = word_in(key, 4);
cx->ks[v(56,(5))] = ss[5] = word_in(key, 5);
cx->ks[v(56,(6))] = ss[6] = word_in(key, 6);
cx->ks[v(56,(7))] = ss[7] = word_in(key, 7);
{ uint_32t i;
for(i = 0; i < 6; ++i)
k8e(cx->ks, i);
k8ef(cx->ks, 6);
#if !(DEC_ROUND == NO_TABLES)
for(i = N_COLS; i < 14 * N_COLS; ++i)
cx->ks[i] = inv_mcol(cx->ks[i]);
#endif
}
#else
cx->ks[v(56,(4))] = ff(ss[4] = word_in(key, 4));
cx->ks[v(56,(5))] = ff(ss[5] = word_in(key, 5));
cx->ks[v(56,(6))] = ff(ss[6] = word_in(key, 6));
cx->ks[v(56,(7))] = ff(ss[7] = word_in(key, 7));
kdf8(cx->ks, 0); kd8(cx->ks, 1);
kd8(cx->ks, 2); kd8(cx->ks, 3);
kd8(cx->ks, 4); kd8(cx->ks, 5);
kdl8(cx->ks, 6);
#endif
cx->inf.l = 0;
cx->inf.b[0] = 14 * 16;
#ifdef USE_VIA_ACE_IF_PRESENT
if(VIA_ACE_AVAILABLE)
cx->inf.b[1] = 0xff;
#endif
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
}
#endif
#if defined(AES_VAR)
aes_rval aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1])
{
switch(key_len)
{
#if defined( AES_ERR_CHK )
case 16: case 128: return aes_decrypt_key128(key, cx);
case 24: case 192: return aes_decrypt_key192(key, cx);
case 32: case 256: return aes_decrypt_key256(key, cx);
default: return EXIT_FAILURE;
#else
case 16: case 128: aes_decrypt_key128(key, cx); return;
case 24: case 192: aes_decrypt_key192(key, cx); return;
case 32: case 256: aes_decrypt_key256(key, cx); return;
#endif
}
}
#endif
#endif
#if defined(__cplusplus)
}
#endif

719
src/crypto/aesopt.h Normal file
View File

@@ -0,0 +1,719 @@
/*
---------------------------------------------------------------------------
Copyright (c) 2003, Dr Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue 31/01/2006
This file contains the compilation options for AES (Rijndael) and code
that is common across encryption, key scheduling and table generation.
OPERATION
These source code files implement the AES algorithm Rijndael designed by
Joan Daemen and Vincent Rijmen. This version is designed for the standard
block size of 16 bytes and for key sizes of 128, 192 and 256 bits (16, 24
and 32 bytes).
This version is designed for flexibility and speed using operations on
32-bit words rather than operations on bytes. It can be compiled with
either big or little endian internal byte order but is faster when the
native byte order for the processor is used.
THE CIPHER INTERFACE
The cipher interface is implemented as an array of bytes in which lower
AES bit sequence indexes map to higher numeric significance within bytes.
uint_8t (an unsigned 8-bit type)
uint_32t (an unsigned 32-bit type)
struct aes_encrypt_ctx (structure for the cipher encryption context)
struct aes_decrypt_ctx (structure for the cipher decryption context)
aes_rval the function return type
C subroutine calls:
aes_rval aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1]);
aes_rval aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1]);
aes_rval aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]);
aes_rval aes_encrypt(const unsigned char *in, unsigned char *out,
const aes_encrypt_ctx cx[1]);
aes_rval aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1]);
aes_rval aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1]);
aes_rval aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]);
aes_rval aes_decrypt(const unsigned char *in, unsigned char *out,
const aes_decrypt_ctx cx[1]);
IMPORTANT NOTE: If you are using this C interface with dynamic tables make sure that
you call gen_tabs() before AES is used so that the tables are initialised.
C++ aes class subroutines:
Class AESencrypt for encryption
Construtors:
AESencrypt(void)
AESencrypt(const unsigned char *key) - 128 bit key
Members:
aes_rval key128(const unsigned char *key)
aes_rval key192(const unsigned char *key)
aes_rval key256(const unsigned char *key)
aes_rval encrypt(const unsigned char *in, unsigned char *out) const
Class AESdecrypt for encryption
Construtors:
AESdecrypt(void)
AESdecrypt(const unsigned char *key) - 128 bit key
Members:
aes_rval key128(const unsigned char *key)
aes_rval key192(const unsigned char *key)
aes_rval key256(const unsigned char *key)
aes_rval decrypt(const unsigned char *in, unsigned char *out) const
*/
#if !defined( _AESOPT_H )
#define _AESOPT_H
#if defined( __cplusplus )
#include "aescpp.h"
#else
#include "aes.h"
#endif
/* PLATFORM SPECIFIC INCLUDES */
#include "aes_edefs.h"
/* CONFIGURATION - THE USE OF DEFINES
Later in this section there are a number of defines that control the
operation of the code. In each section, the purpose of each define is
explained so that the relevant form can be included or excluded by
setting either 1's or 0's respectively on the branches of the related
#if clauses. The following local defines should not be changed.
*/
#define ENCRYPTION_IN_C 1
#define DECRYPTION_IN_C 2
#define ENC_KEYING_IN_C 4
#define DEC_KEYING_IN_C 8
#define NO_TABLES 0
#define ONE_TABLE 1
#define FOUR_TABLES 4
#define NONE 0
#define PARTIAL 1
#define FULL 2
/* --- START OF USER CONFIGURED OPTIONS --- */
/* 1. BYTE ORDER WITHIN 32 BIT WORDS
The fundamental data processing units in Rijndael are 8-bit bytes. The
input, output and key input are all enumerated arrays of bytes in which
bytes are numbered starting at zero and increasing to one less than the
number of bytes in the array in question. This enumeration is only used
for naming bytes and does not imply any adjacency or order relationship
from one byte to another. When these inputs and outputs are considered
as bit sequences, bits 8*n to 8*n+7 of the bit sequence are mapped to
byte[n] with bit 8n+i in the sequence mapped to bit 7-i within the byte.
In this implementation bits are numbered from 0 to 7 starting at the
numerically least significant end of each byte (bit n represents 2^n).
However, Rijndael can be implemented more efficiently using 32-bit
words by packing bytes into words so that bytes 4*n to 4*n+3 are placed
into word[n]. While in principle these bytes can be assembled into words
in any positions, this implementation only supports the two formats in
which bytes in adjacent positions within words also have adjacent byte
numbers. This order is called big-endian if the lowest numbered bytes
in words have the highest numeric significance and little-endian if the
opposite applies.
This code can work in either order irrespective of the order used by the
machine on which it runs. Normally the internal byte order will be set
to the order of the processor on which the code is to be run but this
define can be used to reverse this in special situations
WARNING: Assembler code versions rely on PLATFORM_BYTE_ORDER being set.
This define will hence be redefined later (in section 4) if necessary
*/
#if 1
#define ALGORITHM_BYTE_ORDER PLATFORM_BYTE_ORDER
#elif 0
#define ALGORITHM_BYTE_ORDER IS_LITTLE_ENDIAN
#elif 0
#define ALGORITHM_BYTE_ORDER IS_BIG_ENDIAN
#else
#error The algorithm byte order is not defined
#endif
/* 2. VIA ACE SUPPORT
Define this option if support for the VIA ACE is required. This uses
inline assembler instructions and is only implemented for the Microsoft,
Intel and GCC compilers. If VIA ACE is known to be present, then defining
ASSUME_VIA_ACE_PRESENT will remove the ordinary encryption/decryption
code. If USE_VIA_ACE_IF_PRESENT is defined then VIA ACE will be used if
it is detected (both present and enabled) but the normal AES code will
also be present.
When VIA ACE is to be used, all AES encryption contexts MUST be 16 byte
aligned; other input/output buffers do not need to be 16 byte aligned
but there are very large performance gains if this can be arranged.
VIA ACE also requires the decryption key schedule to be in reverse
order (which the following defines ensure).
*/
#if 0 && !defined( _WIN64 ) && !defined( USE_VIA_ACE_IF_PRESENT )
#define USE_VIA_ACE_IF_PRESENT
#endif
#if 0 && !defined( _WIN64 ) && !defined( ASSUME_VIA_ACE_PRESENT )
#define ASSUME_VIA_ACE_PRESENT
#endif
/* 3. ASSEMBLER SUPPORT
This define (which can be on the command line) enables the use of the
assembler code routines for encryption, decryption and key scheduling
as follows:
ASM_X86_V1C uses the assembler (aes_x86_v1.asm) with large tables for
encryption and decryption and but with key scheduling in C
ASM_X86_V2 uses assembler (aes_x86_v2.asm) with compressed tables for
encryption, decryption and key scheduling
ASM_X86_V2C uses assembler (aes_x86_v2.asm) with compressed tables for
encryption and decryption and but with key scheduling in C
ASM_AMD64_C uses assembler (aes_amd64.asm) with compressed tables for
encryption and decryption and but with key scheduling in C
Change one 'if 0' below to 'if 1' to select the version or define
as a compilation option.
*/
#if defined ( ASM_X86_V1C ) || defined( ASM_X86_V2 ) || defined( ASM_X86_V2C )
# if defined( _M_IX86 )
# if 0 && !defined( ASM_X86_V1C )
# define ASM_X86_V1C
# elif 0 && !defined( ASM_X86_V2 )
# define ASM_X86_V2
# elif 0 && !defined( ASM_X86_V2C )
# define ASM_X86_V2C
# endif
# else
# error Assembler code is only available for x86 and AMD64 systems
# endif
#elif defined( ASM_AMD64_C )
# if defined( _M_X64 )
# if 0 && !defined( ASM_AMD64_C )
# define ASM_AMD64_C
# endif
# else
# error Assembler code is only available for x86 and AMD64 systems
# endif
#endif
/* 4. FAST INPUT/OUTPUT OPERATIONS.
On some machines it is possible to improve speed by transferring the
bytes in the input and output arrays to and from the internal 32-bit
variables by addressing these arrays as if they are arrays of 32-bit
words. On some machines this will always be possible but there may
be a large performance penalty if the byte arrays are not aligned on
the normal word boundaries. On other machines this technique will
lead to memory access errors when such 32-bit word accesses are not
properly aligned. The option SAFE_IO avoids such problems but will
often be slower on those machines that support misaligned access
(especially so if care is taken to align the input and output byte
arrays on 32-bit word boundaries). If SAFE_IO is not defined it is
assumed that access to byte arrays as if they are arrays of 32-bit
words will not cause problems when such accesses are misaligned.
*/
#if 1 && !defined( _MSC_VER )
#define SAFE_IO
#endif
/* 5. LOOP UNROLLING
The code for encryption and decrytpion cycles through a number of rounds
that can be implemented either in a loop or by expanding the code into a
long sequence of instructions, the latter producing a larger program but
one that will often be much faster. The latter is called loop unrolling.
There are also potential speed advantages in expanding two iterations in
a loop with half the number of iterations, which is called partial loop
unrolling. The following options allow partial or full loop unrolling
to be set independently for encryption and decryption
*/
#if 1
#define ENC_UNROLL FULL
#elif 0
#define ENC_UNROLL PARTIAL
#else
#define ENC_UNROLL NONE
#endif
#if 1
#define DEC_UNROLL FULL
#elif 0
#define DEC_UNROLL PARTIAL
#else
#define DEC_UNROLL NONE
#endif
/* 6. FAST FINITE FIELD OPERATIONS
If this section is included, tables are used to provide faster finite
field arithmetic (this has no effect if FIXED_TABLES is defined).
*/
#if 1
#define FF_TABLES
#endif
/* 7. INTERNAL STATE VARIABLE FORMAT
The internal state of Rijndael is stored in a number of local 32-bit
word varaibles which can be defined either as an array or as individual
names variables. Include this section if you want to store these local
varaibles in arrays. Otherwise individual local variables will be used.
*/
#if 1
#define ARRAYS
#endif
/* 8. FIXED OR DYNAMIC TABLES
When this section is included the tables used by the code are compiled
statically into the binary file. Otherwise the subroutine gen_tabs()
must be called to compute them before the code is first used.
*/
#if 1 && !(defined( _MSC_VER ) && ( _MSC_VER <= 800 ))
#define FIXED_TABLES
#endif
/* 9. TABLE ALIGNMENT
On some sytsems speed will be improved by aligning the AES large lookup
tables on particular boundaries. This define should be set to a power of
two giving the desired alignment. It can be left undefined if alignment
is not needed. This option is specific to the Microsft VC++ compiler -
it seems to sometimes cause trouble for the VC++ version 6 compiler.
*/
#if 1 && defined( _MSC_VER ) && ( _MSC_VER >= 1300 )
#define TABLE_ALIGN 32
#endif
/* 10. TABLE OPTIONS
This cipher proceeds by repeating in a number of cycles known as 'rounds'
which are implemented by a round function which can optionally be speeded
up using tables. The basic tables are each 256 32-bit words, with either
one or four tables being required for each round function depending on
how much speed is required. The encryption and decryption round functions
are different and the last encryption and decrytpion round functions are
different again making four different round functions in all.
This means that:
1. Normal encryption and decryption rounds can each use either 0, 1
or 4 tables and table spaces of 0, 1024 or 4096 bytes each.
2. The last encryption and decryption rounds can also use either 0, 1
or 4 tables and table spaces of 0, 1024 or 4096 bytes each.
Include or exclude the appropriate definitions below to set the number
of tables used by this implementation.
*/
#if 1 /* set tables for the normal encryption round */
#define ENC_ROUND FOUR_TABLES
#elif 0
#define ENC_ROUND ONE_TABLE
#else
#define ENC_ROUND NO_TABLES
#endif
#if 1 /* set tables for the last encryption round */
#define LAST_ENC_ROUND FOUR_TABLES
#elif 0
#define LAST_ENC_ROUND ONE_TABLE
#else
#define LAST_ENC_ROUND NO_TABLES
#endif
#if 1 /* set tables for the normal decryption round */
#define DEC_ROUND FOUR_TABLES
#elif 0
#define DEC_ROUND ONE_TABLE
#else
#define DEC_ROUND NO_TABLES
#endif
#if 1 /* set tables for the last decryption round */
#define LAST_DEC_ROUND FOUR_TABLES
#elif 0
#define LAST_DEC_ROUND ONE_TABLE
#else
#define LAST_DEC_ROUND NO_TABLES
#endif
/* The decryption key schedule can be speeded up with tables in the same
way that the round functions can. Include or exclude the following
defines to set this requirement.
*/
#if 1
#define KEY_SCHED FOUR_TABLES
#elif 0
#define KEY_SCHED ONE_TABLE
#else
#define KEY_SCHED NO_TABLES
#endif
/* ---- END OF USER CONFIGURED OPTIONS ---- */
/* VIA ACE support is only available for VC++ and GCC */
#if !defined( _MSC_VER ) && !defined( __GNUC__ )
# if defined( ASSUME_VIA_ACE_PRESENT )
# undef ASSUME_VIA_ACE_PRESENT
# endif
# if defined( USE_VIA_ACE_IF_PRESENT )
# undef USE_VIA_ACE_IF_PRESENT
# endif
#endif
#if defined( ASSUME_VIA_ACE_PRESENT ) && !defined( USE_VIA_ACE_IF_PRESENT )
#define USE_VIA_ACE_IF_PRESENT
#endif
#if defined( USE_VIA_ACE_IF_PRESENT ) && !defined ( AES_REV_DKS )
#define AES_REV_DKS
#endif
/* Assembler support requires the use of platform byte order */
#if ( defined( ASM_X86_V1C ) || defined( ASM_X86_V2C ) || defined( ASM_AMD64_C ) ) && (ALGORITHM_BYTE_ORDER != PLATFORM_BYTE_ORDER)
#undef ALGORITHM_BYTE_ORDER
#define ALGORITHM_BYTE_ORDER PLATFORM_BYTE_ORDER
#endif
/* In this implementation the columns of the state array are each held in
32-bit words. The state array can be held in various ways: in an array
of words, in a number of individual word variables or in a number of
processor registers. The following define maps a variable name x and
a column number c to the way the state array variable is to be held.
The first define below maps the state into an array x[c] whereas the
second form maps the state into a number of individual variables x0,
x1, etc. Another form could map individual state colums to machine
register names.
*/
#if defined( ARRAYS )
#define s(x,c) x[c]
#else
#define s(x,c) x##c
#endif
/* This implementation provides subroutines for encryption, decryption
and for setting the three key lengths (separately) for encryption
and decryption. Since not all functions are needed, masks are set
up here to determine which will be implemented in C
*/
#if !defined( AES_ENCRYPT )
# define EFUNCS_IN_C 0
#elif defined( ASSUME_VIA_ACE_PRESENT ) || defined( ASM_X86_V1C )
|| defined( ASM_X86_V2C ) || defined( ASM_AMD64_C )
# define EFUNCS_IN_C ENC_KEYING_IN_C
#elif !defined( ASM_X86_V2 )
# define EFUNCS_IN_C ( ENCRYPTION_IN_C | ENC_KEYING_IN_C )
#else
# define EFUNCS_IN_C 0
#endif
#if !defined( AES_DECRYPT )
# define DFUNCS_IN_C 0
#elif defined( ASSUME_VIA_ACE_PRESENT ) || defined( ASM_X86_V1C )
|| defined( ASM_X86_V2C ) || defined( ASM_AMD64_C )
# define DFUNCS_IN_C DEC_KEYING_IN_C
#elif !defined( ASM_X86_V2 )
# define DFUNCS_IN_C ( DECRYPTION_IN_C | DEC_KEYING_IN_C )
#else
# define DFUNCS_IN_C 0
#endif
#define FUNCS_IN_C ( EFUNCS_IN_C | DFUNCS_IN_C )
/* END OF CONFIGURATION OPTIONS */
#define RC_LENGTH (5 * (AES_BLOCK_SIZE / 4 - 2))
/* Disable or report errors on some combinations of options */
#if ENC_ROUND == NO_TABLES && LAST_ENC_ROUND != NO_TABLES
#undef LAST_ENC_ROUND
#define LAST_ENC_ROUND NO_TABLES
#elif ENC_ROUND == ONE_TABLE && LAST_ENC_ROUND == FOUR_TABLES
#undef LAST_ENC_ROUND
#define LAST_ENC_ROUND ONE_TABLE
#endif
#if ENC_ROUND == NO_TABLES && ENC_UNROLL != NONE
#undef ENC_UNROLL
#define ENC_UNROLL NONE
#endif
#if DEC_ROUND == NO_TABLES && LAST_DEC_ROUND != NO_TABLES
#undef LAST_DEC_ROUND
#define LAST_DEC_ROUND NO_TABLES
#elif DEC_ROUND == ONE_TABLE && LAST_DEC_ROUND == FOUR_TABLES
#undef LAST_DEC_ROUND
#define LAST_DEC_ROUND ONE_TABLE
#endif
#if DEC_ROUND == NO_TABLES && DEC_UNROLL != NONE
#undef DEC_UNROLL
#define DEC_UNROLL NONE
#endif
#if defined( bswap32 )
#define aes_sw32 bswap32
#elif defined( bswap_32 )
#define aes_sw32 bswap_32
#else
#define brot(x,n) (((uint_32t)(x) << n) | ((uint_32t)(x) >> (32 - n)))
#define aes_sw32(x) ((brot((x),8) & 0x00ff00ff) | (brot((x),24) & 0xff00ff00))
#endif
/* upr(x,n): rotates bytes within words by n positions, moving bytes to
higher index positions with wrap around into low positions
ups(x,n): moves bytes by n positions to higher index positions in
words but without wrap around
bval(x,n): extracts a byte from a word
WARNING: The definitions given here are intended only for use with
unsigned variables and with shift counts that are compile
time constants
*/
#if ( ALGORITHM_BYTE_ORDER == IS_LITTLE_ENDIAN )
#define upr(x,n) (((uint_32t)(x) << (8 * (n))) | ((uint_32t)(x) >> (32 - 8 * (n))))
#define ups(x,n) ((uint_32t) (x) << (8 * (n)))
#define bval(x,n) ((uint_8t)((x) >> (8 * (n))))
#define bytes2word(b0, b1, b2, b3) \
(((uint_32t)(b3) << 24) | ((uint_32t)(b2) << 16) | ((uint_32t)(b1) << 8) | (b0))
#endif
#if ( ALGORITHM_BYTE_ORDER == IS_BIG_ENDIAN )
#define upr(x,n) (((uint_32t)(x) >> (8 * (n))) | ((uint_32t)(x) << (32 - 8 * (n))))
#define ups(x,n) ((uint_32t) (x) >> (8 * (n)))
#define bval(x,n) ((uint_8t)((x) >> (24 - 8 * (n))))
#define bytes2word(b0, b1, b2, b3) \
(((uint_32t)(b0) << 24) | ((uint_32t)(b1) << 16) | ((uint_32t)(b2) << 8) | (b3))
#endif
#if defined( SAFE_IO )
#define word_in(x,c) bytes2word(((const uint_8t*)(x)+4*c)[0], ((const uint_8t*)(x)+4*c)[1], \
((const uint_8t*)(x)+4*c)[2], ((const uint_8t*)(x)+4*c)[3])
#define word_out(x,c,v) { ((uint_8t*)(x)+4*c)[0] = bval(v,0); ((uint_8t*)(x)+4*c)[1] = bval(v,1); \
((uint_8t*)(x)+4*c)[2] = bval(v,2); ((uint_8t*)(x)+4*c)[3] = bval(v,3); }
#elif ( ALGORITHM_BYTE_ORDER == PLATFORM_BYTE_ORDER )
#define word_in(x,c) (*((uint_32t*)(x)+(c)))
#define word_out(x,c,v) (*((uint_32t*)(x)+(c)) = (v))
#else
#define word_in(x,c) aes_sw32(*((uint_32t*)(x)+(c)))
#define word_out(x,c,v) (*((uint_32t*)(x)+(c)) = aes_sw32(v))
#endif
/* the finite field modular polynomial and elements */
#define WPOLY 0x011b
#define BPOLY 0x1b
/* multiply four bytes in GF(2^8) by 'x' {02} in parallel */
#define m1 0x80808080
#define m2 0x7f7f7f7f
#define gf_mulx(x) ((((x) & m2) << 1) ^ ((((x) & m1) >> 7) * BPOLY))
/* The following defines provide alternative definitions of gf_mulx that might
give improved performance if a fast 32-bit multiply is not available. Note
that a temporary variable u needs to be defined where gf_mulx is used.
#define gf_mulx(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6))
#define m4 (0x01010101 * BPOLY)
#define gf_mulx(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4)
*/
/* Work out which tables are needed for the different options */
#if defined( ASM_X86_V1C )
#if defined( ENC_ROUND )
#undef ENC_ROUND
#endif
#define ENC_ROUND FOUR_TABLES
#if defined( LAST_ENC_ROUND )
#undef LAST_ENC_ROUND
#endif
#define LAST_ENC_ROUND FOUR_TABLES
#if defined( DEC_ROUND )
#undef DEC_ROUND
#endif
#define DEC_ROUND FOUR_TABLES
#if defined( LAST_DEC_ROUND )
#undef LAST_DEC_ROUND
#endif
#define LAST_DEC_ROUND FOUR_TABLES
#if defined( KEY_SCHED )
#undef KEY_SCHED
#define KEY_SCHED FOUR_TABLES
#endif
#endif
#if ( FUNCS_IN_C & ENCRYPTION_IN_C ) || defined( ASM_X86_V1C )
#if ENC_ROUND == ONE_TABLE
#define FT1_SET
#elif ENC_ROUND == FOUR_TABLES
#define FT4_SET
#else
#define SBX_SET
#endif
#if LAST_ENC_ROUND == ONE_TABLE
#define FL1_SET
#elif LAST_ENC_ROUND == FOUR_TABLES
#define FL4_SET
#elif !defined( SBX_SET )
#define SBX_SET
#endif
#endif
#if ( FUNCS_IN_C & DECRYPTION_IN_C ) || defined( ASM_X86_V1C )
#if DEC_ROUND == ONE_TABLE
#define IT1_SET
#elif DEC_ROUND == FOUR_TABLES
#define IT4_SET
#else
#define ISB_SET
#endif
#if LAST_DEC_ROUND == ONE_TABLE
#define IL1_SET
#elif LAST_DEC_ROUND == FOUR_TABLES
#define IL4_SET
#elif !defined(ISB_SET)
#define ISB_SET
#endif
#endif
#if (FUNCS_IN_C & ENC_KEYING_IN_C) || (FUNCS_IN_C & DEC_KEYING_IN_C)
#if KEY_SCHED == ONE_TABLE
#define LS1_SET
#elif KEY_SCHED == FOUR_TABLES
#define LS4_SET
#elif !defined( SBX_SET )
#define SBX_SET
#endif
#endif
#if (FUNCS_IN_C & DEC_KEYING_IN_C)
#if KEY_SCHED == ONE_TABLE
#define IM1_SET
#elif KEY_SCHED == FOUR_TABLES
#define IM4_SET
#elif !defined( SBX_SET )
#define SBX_SET
#endif
#endif
/* generic definitions of Rijndael macros that use tables */
#define no_table(x,box,vf,rf,c) bytes2word( \
box[bval(vf(x,0,c),rf(0,c))], \
box[bval(vf(x,1,c),rf(1,c))], \
box[bval(vf(x,2,c),rf(2,c))], \
box[bval(vf(x,3,c),rf(3,c))])
#define one_table(x,op,tab,vf,rf,c) \
( tab[bval(vf(x,0,c),rf(0,c))] \
^ op(tab[bval(vf(x,1,c),rf(1,c))],1) \
^ op(tab[bval(vf(x,2,c),rf(2,c))],2) \
^ op(tab[bval(vf(x,3,c),rf(3,c))],3))
#define four_tables(x,tab,vf,rf,c) \
( tab[0][bval(vf(x,0,c),rf(0,c))] \
^ tab[1][bval(vf(x,1,c),rf(1,c))] \
^ tab[2][bval(vf(x,2,c),rf(2,c))] \
^ tab[3][bval(vf(x,3,c),rf(3,c))])
#define vf1(x,r,c) (x)
#define rf1(r,c) (r)
#define rf2(r,c) ((8+r-c)&3)
/* perform forward and inverse column mix operation on four bytes in long word x in */
/* parallel. NOTE: x must be a simple variable, NOT an expression in these macros. */
#if defined( FM4_SET ) /* not currently used */
#define fwd_mcol(x) four_tables(x,t_use(f,m),vf1,rf1,0)
#elif defined( FM1_SET ) /* not currently used */
#define fwd_mcol(x) one_table(x,upr,t_use(f,m),vf1,rf1,0)
#else
#define dec_fmvars uint_32t g2
#define fwd_mcol(x) (g2 = gf_mulx(x), g2 ^ upr((x) ^ g2, 3) ^ upr((x), 2) ^ upr((x), 1))
#endif
#if defined( IM4_SET )
#define inv_mcol(x) four_tables(x,t_use(i,m),vf1,rf1,0)
#elif defined( IM1_SET )
#define inv_mcol(x) one_table(x,upr,t_use(i,m),vf1,rf1,0)
#else
#define dec_imvars uint_32t g2, g4, g9
#define inv_mcol(x) (g2 = gf_mulx(x), g4 = gf_mulx(g2), g9 = (x) ^ gf_mulx(g4), g4 ^= g9, \
(x) ^ g2 ^ g4 ^ upr(g2 ^ g9, 3) ^ upr(g4, 2) ^ upr(g9, 1))
#endif
#if defined( FL4_SET )
#define ls_box(x,c) four_tables(x,t_use(f,l),vf1,rf2,c)
#elif defined( LS4_SET )
#define ls_box(x,c) four_tables(x,t_use(l,s),vf1,rf2,c)
#elif defined( FL1_SET )
#define ls_box(x,c) one_table(x,upr,t_use(f,l),vf1,rf2,c)
#elif defined( LS1_SET )
#define ls_box(x,c) one_table(x,upr,t_use(l,s),vf1,rf2,c)
#else
#define ls_box(x,c) no_table(x,t_use(s,box),vf1,rf2,c)
#endif
#if defined( ASM_X86_V1C ) && defined( AES_DECRYPT ) && !defined( ISB_SET )
#define ISB_SET
#endif
#endif

388
src/crypto/aestab.c Normal file
View File

@@ -0,0 +1,388 @@
/*
---------------------------------------------------------------------------
Copyright (c) 2003, Dr Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue 31/01/2006
*/
#define DO_TABLES
#include "aes.h"
#include "aesopt.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#if defined(FIXED_TABLES)
#define sb_data(w) {\
w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\
w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\
w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\
w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\
w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\
w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\
w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\
w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\
w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\
w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\
w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\
w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\
w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\
w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\
w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\
w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\
w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\
w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\
w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\
w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\
w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\
w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\
w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\
w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\
w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\
w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\
w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\
w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\
w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\
w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\
w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\
w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16) }
#define isb_data(w) {\
w(0x52), w(0x09), w(0x6a), w(0xd5), w(0x30), w(0x36), w(0xa5), w(0x38),\
w(0xbf), w(0x40), w(0xa3), w(0x9e), w(0x81), w(0xf3), w(0xd7), w(0xfb),\
w(0x7c), w(0xe3), w(0x39), w(0x82), w(0x9b), w(0x2f), w(0xff), w(0x87),\
w(0x34), w(0x8e), w(0x43), w(0x44), w(0xc4), w(0xde), w(0xe9), w(0xcb),\
w(0x54), w(0x7b), w(0x94), w(0x32), w(0xa6), w(0xc2), w(0x23), w(0x3d),\
w(0xee), w(0x4c), w(0x95), w(0x0b), w(0x42), w(0xfa), w(0xc3), w(0x4e),\
w(0x08), w(0x2e), w(0xa1), w(0x66), w(0x28), w(0xd9), w(0x24), w(0xb2),\
w(0x76), w(0x5b), w(0xa2), w(0x49), w(0x6d), w(0x8b), w(0xd1), w(0x25),\
w(0x72), w(0xf8), w(0xf6), w(0x64), w(0x86), w(0x68), w(0x98), w(0x16),\
w(0xd4), w(0xa4), w(0x5c), w(0xcc), w(0x5d), w(0x65), w(0xb6), w(0x92),\
w(0x6c), w(0x70), w(0x48), w(0x50), w(0xfd), w(0xed), w(0xb9), w(0xda),\
w(0x5e), w(0x15), w(0x46), w(0x57), w(0xa7), w(0x8d), w(0x9d), w(0x84),\
w(0x90), w(0xd8), w(0xab), w(0x00), w(0x8c), w(0xbc), w(0xd3), w(0x0a),\
w(0xf7), w(0xe4), w(0x58), w(0x05), w(0xb8), w(0xb3), w(0x45), w(0x06),\
w(0xd0), w(0x2c), w(0x1e), w(0x8f), w(0xca), w(0x3f), w(0x0f), w(0x02),\
w(0xc1), w(0xaf), w(0xbd), w(0x03), w(0x01), w(0x13), w(0x8a), w(0x6b),\
w(0x3a), w(0x91), w(0x11), w(0x41), w(0x4f), w(0x67), w(0xdc), w(0xea),\
w(0x97), w(0xf2), w(0xcf), w(0xce), w(0xf0), w(0xb4), w(0xe6), w(0x73),\
w(0x96), w(0xac), w(0x74), w(0x22), w(0xe7), w(0xad), w(0x35), w(0x85),\
w(0xe2), w(0xf9), w(0x37), w(0xe8), w(0x1c), w(0x75), w(0xdf), w(0x6e),\
w(0x47), w(0xf1), w(0x1a), w(0x71), w(0x1d), w(0x29), w(0xc5), w(0x89),\
w(0x6f), w(0xb7), w(0x62), w(0x0e), w(0xaa), w(0x18), w(0xbe), w(0x1b),\
w(0xfc), w(0x56), w(0x3e), w(0x4b), w(0xc6), w(0xd2), w(0x79), w(0x20),\
w(0x9a), w(0xdb), w(0xc0), w(0xfe), w(0x78), w(0xcd), w(0x5a), w(0xf4),\
w(0x1f), w(0xdd), w(0xa8), w(0x33), w(0x88), w(0x07), w(0xc7), w(0x31),\
w(0xb1), w(0x12), w(0x10), w(0x59), w(0x27), w(0x80), w(0xec), w(0x5f),\
w(0x60), w(0x51), w(0x7f), w(0xa9), w(0x19), w(0xb5), w(0x4a), w(0x0d),\
w(0x2d), w(0xe5), w(0x7a), w(0x9f), w(0x93), w(0xc9), w(0x9c), w(0xef),\
w(0xa0), w(0xe0), w(0x3b), w(0x4d), w(0xae), w(0x2a), w(0xf5), w(0xb0),\
w(0xc8), w(0xeb), w(0xbb), w(0x3c), w(0x83), w(0x53), w(0x99), w(0x61),\
w(0x17), w(0x2b), w(0x04), w(0x7e), w(0xba), w(0x77), w(0xd6), w(0x26),\
w(0xe1), w(0x69), w(0x14), w(0x63), w(0x55), w(0x21), w(0x0c), w(0x7d) }
#define mm_data(w) {\
w(0x00), w(0x01), w(0x02), w(0x03), w(0x04), w(0x05), w(0x06), w(0x07),\
w(0x08), w(0x09), w(0x0a), w(0x0b), w(0x0c), w(0x0d), w(0x0e), w(0x0f),\
w(0x10), w(0x11), w(0x12), w(0x13), w(0x14), w(0x15), w(0x16), w(0x17),\
w(0x18), w(0x19), w(0x1a), w(0x1b), w(0x1c), w(0x1d), w(0x1e), w(0x1f),\
w(0x20), w(0x21), w(0x22), w(0x23), w(0x24), w(0x25), w(0x26), w(0x27),\
w(0x28), w(0x29), w(0x2a), w(0x2b), w(0x2c), w(0x2d), w(0x2e), w(0x2f),\
w(0x30), w(0x31), w(0x32), w(0x33), w(0x34), w(0x35), w(0x36), w(0x37),\
w(0x38), w(0x39), w(0x3a), w(0x3b), w(0x3c), w(0x3d), w(0x3e), w(0x3f),\
w(0x40), w(0x41), w(0x42), w(0x43), w(0x44), w(0x45), w(0x46), w(0x47),\
w(0x48), w(0x49), w(0x4a), w(0x4b), w(0x4c), w(0x4d), w(0x4e), w(0x4f),\
w(0x50), w(0x51), w(0x52), w(0x53), w(0x54), w(0x55), w(0x56), w(0x57),\
w(0x58), w(0x59), w(0x5a), w(0x5b), w(0x5c), w(0x5d), w(0x5e), w(0x5f),\
w(0x60), w(0x61), w(0x62), w(0x63), w(0x64), w(0x65), w(0x66), w(0x67),\
w(0x68), w(0x69), w(0x6a), w(0x6b), w(0x6c), w(0x6d), w(0x6e), w(0x6f),\
w(0x70), w(0x71), w(0x72), w(0x73), w(0x74), w(0x75), w(0x76), w(0x77),\
w(0x78), w(0x79), w(0x7a), w(0x7b), w(0x7c), w(0x7d), w(0x7e), w(0x7f),\
w(0x80), w(0x81), w(0x82), w(0x83), w(0x84), w(0x85), w(0x86), w(0x87),\
w(0x88), w(0x89), w(0x8a), w(0x8b), w(0x8c), w(0x8d), w(0x8e), w(0x8f),\
w(0x90), w(0x91), w(0x92), w(0x93), w(0x94), w(0x95), w(0x96), w(0x97),\
w(0x98), w(0x99), w(0x9a), w(0x9b), w(0x9c), w(0x9d), w(0x9e), w(0x9f),\
w(0xa0), w(0xa1), w(0xa2), w(0xa3), w(0xa4), w(0xa5), w(0xa6), w(0xa7),\
w(0xa8), w(0xa9), w(0xaa), w(0xab), w(0xac), w(0xad), w(0xae), w(0xaf),\
w(0xb0), w(0xb1), w(0xb2), w(0xb3), w(0xb4), w(0xb5), w(0xb6), w(0xb7),\
w(0xb8), w(0xb9), w(0xba), w(0xbb), w(0xbc), w(0xbd), w(0xbe), w(0xbf),\
w(0xc0), w(0xc1), w(0xc2), w(0xc3), w(0xc4), w(0xc5), w(0xc6), w(0xc7),\
w(0xc8), w(0xc9), w(0xca), w(0xcb), w(0xcc), w(0xcd), w(0xce), w(0xcf),\
w(0xd0), w(0xd1), w(0xd2), w(0xd3), w(0xd4), w(0xd5), w(0xd6), w(0xd7),\
w(0xd8), w(0xd9), w(0xda), w(0xdb), w(0xdc), w(0xdd), w(0xde), w(0xdf),\
w(0xe0), w(0xe1), w(0xe2), w(0xe3), w(0xe4), w(0xe5), w(0xe6), w(0xe7),\
w(0xe8), w(0xe9), w(0xea), w(0xeb), w(0xec), w(0xed), w(0xee), w(0xef),\
w(0xf0), w(0xf1), w(0xf2), w(0xf3), w(0xf4), w(0xf5), w(0xf6), w(0xf7),\
w(0xf8), w(0xf9), w(0xfa), w(0xfb), w(0xfc), w(0xfd), w(0xfe), w(0xff) }
#define rc_data(w) {\
w(0x01), w(0x02), w(0x04), w(0x08), w(0x10),w(0x20), w(0x40), w(0x80),\
w(0x1b), w(0x36) }
#define h0(x) (x)
#define w0(p) bytes2word(p, 0, 0, 0)
#define w1(p) bytes2word(0, p, 0, 0)
#define w2(p) bytes2word(0, 0, p, 0)
#define w3(p) bytes2word(0, 0, 0, p)
#define u0(p) bytes2word(f2(p), p, p, f3(p))
#define u1(p) bytes2word(f3(p), f2(p), p, p)
#define u2(p) bytes2word(p, f3(p), f2(p), p)
#define u3(p) bytes2word(p, p, f3(p), f2(p))
#define v0(p) bytes2word(fe(p), f9(p), fd(p), fb(p))
#define v1(p) bytes2word(fb(p), fe(p), f9(p), fd(p))
#define v2(p) bytes2word(fd(p), fb(p), fe(p), f9(p))
#define v3(p) bytes2word(f9(p), fd(p), fb(p), fe(p))
#endif
#if defined(FIXED_TABLES) || !defined(FF_TABLES)
#define f2(x) ((x<<1) ^ (((x>>7) & 1) * WPOLY))
#define f4(x) ((x<<2) ^ (((x>>6) & 1) * WPOLY) ^ (((x>>6) & 2) * WPOLY))
#define f8(x) ((x<<3) ^ (((x>>5) & 1) * WPOLY) ^ (((x>>5) & 2) * WPOLY) \
^ (((x>>5) & 4) * WPOLY))
#define f3(x) (f2(x) ^ x)
#define f9(x) (f8(x) ^ x)
#define fb(x) (f8(x) ^ f2(x) ^ x)
#define fd(x) (f8(x) ^ f4(x) ^ x)
#define fe(x) (f8(x) ^ f4(x) ^ f2(x))
#else
#define f2(x) ((x) ? pow[log[x] + 0x19] : 0)
#define f3(x) ((x) ? pow[log[x] + 0x01] : 0)
#define f9(x) ((x) ? pow[log[x] + 0xc7] : 0)
#define fb(x) ((x) ? pow[log[x] + 0x68] : 0)
#define fd(x) ((x) ? pow[log[x] + 0xee] : 0)
#define fe(x) ((x) ? pow[log[x] + 0xdf] : 0)
#define fi(x) ((x) ? pow[ 255 - log[x]] : 0)
#endif
#include "aestab.h"
#if defined(FIXED_TABLES)
/* implemented in case of wrong call for fixed tables */
aes_rval gen_tabs(void)
{
return EXIT_SUCCESS;
}
#else /* dynamic table generation */
#if !defined(FF_TABLES)
/* Generate the tables for the dynamic table option
It will generally be sensible to use tables to compute finite
field multiplies and inverses but where memory is scarse this
code might sometimes be better. But it only has effect during
initialisation so its pretty unimportant in overall terms.
*/
/* return 2 ^ (n - 1) where n is the bit number of the highest bit
set in x with x in the range 1 < x < 0x00000200. This form is
used so that locals within fi can be bytes rather than words
*/
static uint_8t hibit(const uint_32t x)
{ uint_8t r = (uint_8t)((x >> 1) | (x >> 2));
r |= (r >> 2);
r |= (r >> 4);
return (r + 1) >> 1;
}
/* return the inverse of the finite field element x */
static uint_8t fi(const uint_8t x)
{ uint_8t p1 = x, p2 = BPOLY, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0;
if(x < 2) return x;
for(;;)
{
if(!n1) return v1;
while(n2 >= n1)
{
n2 /= n1; p2 ^= p1 * n2; v2 ^= v1 * n2; n2 = hibit(p2);
}
if(!n2) return v2;
while(n1 >= n2)
{
n1 /= n2; p1 ^= p2 * n1; v1 ^= v2 * n1; n1 = hibit(p1);
}
}
}
#endif
/* The forward and inverse affine transformations used in the S-box */
#define fwd_affine(x) \
(w = (uint_32t)x, w ^= (w<<1)^(w<<2)^(w<<3)^(w<<4), 0x63^(uint_8t)(w^(w>>8)))
#define inv_affine(x) \
(w = (uint_32t)x, w = (w<<1)^(w<<3)^(w<<6), 0x05^(uint_8t)(w^(w>>8)))
static int init = 0;
aes_rval gen_tabs(void)
{ uint_32t i, w;
#if defined(FF_TABLES)
uint_8t pow[512], log[256];
if(init)
return EXIT_SUCCESS;
/* log and power tables for GF(2^8) finite field with
WPOLY as modular polynomial - the simplest primitive
root is 0x03, used here to generate the tables
*/
i = 0; w = 1;
do
{
pow[i] = (uint_8t)w;
pow[i + 255] = (uint_8t)w;
log[w] = (uint_8t)i++;
w ^= (w << 1) ^ (w & 0x80 ? WPOLY : 0);
}
while (w != 1);
#else
if(init)
return EXIT_SUCCESS;
#endif
for(i = 0, w = 1; i < RC_LENGTH; ++i)
{
t_set(r,c)[i] = bytes2word(w, 0, 0, 0);
w = f2(w);
}
for(i = 0; i < 256; ++i)
{ uint_8t b;
b = fwd_affine(fi((uint_8t)i));
w = bytes2word(f2(b), b, b, f3(b));
#if defined( SBX_SET )
t_set(s,box)[i] = b;
#endif
#if defined( FT1_SET ) /* tables for a normal encryption round */
t_set(f,n)[i] = w;
#endif
#if defined( FT4_SET )
t_set(f,n)[0][i] = w;
t_set(f,n)[1][i] = upr(w,1);
t_set(f,n)[2][i] = upr(w,2);
t_set(f,n)[3][i] = upr(w,3);
#endif
w = bytes2word(b, 0, 0, 0);
#if defined( FL1_SET ) /* tables for last encryption round (may also */
t_set(f,l)[i] = w; /* be used in the key schedule) */
#endif
#if defined( FL4_SET )
t_set(f,l)[0][i] = w;
t_set(f,l)[1][i] = upr(w,1);
t_set(f,l)[2][i] = upr(w,2);
t_set(f,l)[3][i] = upr(w,3);
#endif
#if defined( LS1_SET ) /* table for key schedule if t_set(f,l) above is */
t_set(l,s)[i] = w; /* not of the required form */
#endif
#if defined( LS4_SET )
t_set(l,s)[0][i] = w;
t_set(l,s)[1][i] = upr(w,1);
t_set(l,s)[2][i] = upr(w,2);
t_set(l,s)[3][i] = upr(w,3);
#endif
b = fi(inv_affine((uint_8t)i));
w = bytes2word(fe(b), f9(b), fd(b), fb(b));
#if defined( IM1_SET ) /* tables for the inverse mix column operation */
t_set(i,m)[b] = w;
#endif
#if defined( IM4_SET )
t_set(i,m)[0][b] = w;
t_set(i,m)[1][b] = upr(w,1);
t_set(i,m)[2][b] = upr(w,2);
t_set(i,m)[3][b] = upr(w,3);
#endif
#if defined( ISB_SET )
t_set(i,box)[i] = b;
#endif
#if defined( IT1_SET ) /* tables for a normal decryption round */
t_set(i,n)[i] = w;
#endif
#if defined( IT4_SET )
t_set(i,n)[0][i] = w;
t_set(i,n)[1][i] = upr(w,1);
t_set(i,n)[2][i] = upr(w,2);
t_set(i,n)[3][i] = upr(w,3);
#endif
w = bytes2word(b, 0, 0, 0);
#if defined( IL1_SET ) /* tables for last decryption round */
t_set(i,l)[i] = w;
#endif
#if defined( IL4_SET )
t_set(i,l)[0][i] = w;
t_set(i,l)[1][i] = upr(w,1);
t_set(i,l)[2][i] = upr(w,2);
t_set(i,l)[3][i] = upr(w,3);
#endif
}
init = 1;
return EXIT_SUCCESS;
}
#endif
#if defined(__cplusplus)
}
#endif

186
src/crypto/aestab.h Normal file
View File

@@ -0,0 +1,186 @@
/*
---------------------------------------------------------------------------
Copyright (c) 2003, Dr Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue 31/01/2006
This file contains the code for declaring the tables needed to implement
AES. The file aesopt.h is assumed to be included before this header file.
If there are no global variables, the definitions here can be used to put
the AES tables in a structure so that a pointer can then be added to the
AES context to pass them to the AES routines that need them. If this
facility is used, the calling program has to ensure that this pointer is
managed appropriately. In particular, the value of the t_dec(in,it) item
in the table structure must be set to zero in order to ensure that the
tables are initialised. In practice the three code sequences in aeskey.c
that control the calls to gen_tabs() and the gen_tabs() routine itself will
have to be changed for a specific implementation. If global variables are
available it will generally be preferable to use them with the precomputed
FIXED_TABLES option that uses static global tables.
The following defines can be used to control the way the tables
are defined, initialised and used in embedded environments that
require special features for these purposes
the 't_dec' construction is used to declare fixed table arrays
the 't_set' construction is used to set fixed table values
the 't_use' construction is used to access fixed table values
256 byte tables:
t_xxx(s,box) => forward S box
t_xxx(i,box) => inverse S box
256 32-bit word OR 4 x 256 32-bit word tables:
t_xxx(f,n) => forward normal round
t_xxx(f,l) => forward last round
t_xxx(i,n) => inverse normal round
t_xxx(i,l) => inverse last round
t_xxx(l,s) => key schedule table
t_xxx(i,m) => key schedule table
Other variables and tables:
t_xxx(r,c) => the rcon table
*/
#if !defined( _AESTAB_H )
#define _AESTAB_H
#define t_dec(m,n) t_##m##n
#define t_set(m,n) t_##m##n
#define t_use(m,n) t_##m##n
#if defined(FIXED_TABLES)
# if defined( __MSDOS__ ) || defined( __WIN16__ )
/* make tables far data to avoid using too much DGROUP space (PG) */
# define CONST const far
# else
# define CONST const
# endif
#else
# define CONST
#endif
#if defined(DO_TABLES)
#define EXTERN
#else
#define EXTERN extern
#endif
#if defined(_MSC_VER) && defined(TABLE_ALIGN)
#define ALIGN __declspec(align(TABLE_ALIGN))
#else
#define ALIGN
#endif
#if defined(__cplusplus)
extern "C"
{
#endif
#if defined( __WATCOMC__)
# define XP_DIR __cdecl
#else
# define XP_DIR
#endif
#if defined(DO_TABLES) && defined(FIXED_TABLES)
#define d_1(t,n,b,e) ALIGN CONST XP_DIR t n[256] = b(e)
#define d_4(t,n,b,e,f,g,h) ALIGN CONST XP_DIR t n[4][256] = { b(e), b(f), b(g), b(h) }
EXTERN ALIGN CONST uint_32t t_dec(r,c)[RC_LENGTH] = rc_data(w0);
#else
#define d_1(t,n,b,e) EXTERN ALIGN CONST XP_DIR t n[256]
#define d_4(t,n,b,e,f,g,h) EXTERN ALIGN CONST XP_DIR t n[4][256]
EXTERN ALIGN CONST uint_32t t_dec(r,c)[RC_LENGTH];
#endif
#if defined( SBX_SET )
d_1(uint_8t, t_dec(s,box), sb_data, h0);
#endif
#if defined( ISB_SET )
d_1(uint_8t, t_dec(i,box), isb_data, h0);
#endif
#if defined( FT1_SET )
d_1(uint_32t, t_dec(f,n), sb_data, u0);
#endif
#if defined( FT4_SET )
d_4(uint_32t, t_dec(f,n), sb_data, u0, u1, u2, u3);
#endif
#if defined( FL1_SET )
d_1(uint_32t, t_dec(f,l), sb_data, w0);
#endif
#if defined( FL4_SET )
d_4(uint_32t, t_dec(f,l), sb_data, w0, w1, w2, w3);
#endif
#if defined( IT1_SET )
d_1(uint_32t, t_dec(i,n), isb_data, v0);
#endif
#if defined( IT4_SET )
d_4(uint_32t, t_dec(i,n), isb_data, v0, v1, v2, v3);
#endif
#if defined( IL1_SET )
d_1(uint_32t, t_dec(i,l), isb_data, w0);
#endif
#if defined( IL4_SET )
d_4(uint_32t, t_dec(i,l), isb_data, w0, w1, w2, w3);
#endif
#if defined( LS1_SET )
#if defined( FL1_SET )
#undef LS1_SET
#else
d_1(uint_32t, t_dec(l,s), sb_data, w0);
#endif
#endif
#if defined( LS4_SET )
#if defined( FL4_SET )
#undef LS4_SET
#else
d_4(uint_32t, t_dec(l,s), sb_data, w0, w1, w2, w3);
#endif
#endif
#if defined( IM1_SET )
d_1(uint_32t, t_dec(i,m), mm_data, v0);
#endif
#if defined( IM4_SET )
d_4(uint_32t, t_dec(i,m), mm_data, v0, v1, v2, v3);
#endif
#if defined(__cplusplus)
}
#endif
#endif

541
src/crypto/blowfish.cpp
View File

@@ -1,541 +0,0 @@
/* 2003.05.02: Derived from libgcrypt-1.1.12 by Michael Buesch */
/* blowfish.c - Blowfish encryption
* Copyright (C) 1998, 2001, 2002 Free Software Foundation, Inc.
*
* This file is part of Libgcrypt.
*
* Libgcrypt is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser general Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* Libgcrypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
* For a description of the algorithm, see:
* Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
* ISBN 0-471-11709-9. Pages 336 ff.
*/
/* Test values:
* key "abcdefghijklmnopqrstuvwxyz";
* plain "BLOWFISH"
* cipher 32 4E D0 FE F4 13 A2 03
*
*/
#include <string.h>
#include <stdlib.h>
#include "blowfish.h"
/* precomputed S boxes */
static const uint32_t ks0[256] = {
0xD1310BA6, 0x98DFB5AC, 0x2FFD72DB, 0xD01ADFB7, 0xB8E1AFED, 0x6A267E96,
0xBA7C9045, 0xF12C7F99, 0x24A19947, 0xB3916CF7, 0x0801F2E2, 0x858EFC16,
0x636920D8, 0x71574E69, 0xA458FEA3, 0xF4933D7E, 0x0D95748F, 0x728EB658,
0x718BCD58, 0x82154AEE, 0x7B54A41D, 0xC25A59B5, 0x9C30D539, 0x2AF26013,
0xC5D1B023, 0x286085F0, 0xCA417918, 0xB8DB38EF, 0x8E79DCB0, 0x603A180E,
0x6C9E0E8B, 0xB01E8A3E, 0xD71577C1, 0xBD314B27, 0x78AF2FDA, 0x55605C60,
0xE65525F3, 0xAA55AB94, 0x57489862, 0x63E81440, 0x55CA396A, 0x2AAB10B6,
0xB4CC5C34, 0x1141E8CE, 0xA15486AF, 0x7C72E993, 0xB3EE1411, 0x636FBC2A,
0x2BA9C55D, 0x741831F6, 0xCE5C3E16, 0x9B87931E, 0xAFD6BA33, 0x6C24CF5C,
0x7A325381, 0x28958677, 0x3B8F4898, 0x6B4BB9AF, 0xC4BFE81B, 0x66282193,
0x61D809CC, 0xFB21A991, 0x487CAC60, 0x5DEC8032, 0xEF845D5D, 0xE98575B1,
0xDC262302, 0xEB651B88, 0x23893E81, 0xD396ACC5, 0x0F6D6FF3, 0x83F44239,
0x2E0B4482, 0xA4842004, 0x69C8F04A, 0x9E1F9B5E, 0x21C66842, 0xF6E96C9A,
0x670C9C61, 0xABD388F0, 0x6A51A0D2, 0xD8542F68, 0x960FA728, 0xAB5133A3,
0x6EEF0B6C, 0x137A3BE4, 0xBA3BF050, 0x7EFB2A98, 0xA1F1651D, 0x39AF0176,
0x66CA593E, 0x82430E88, 0x8CEE8619, 0x456F9FB4, 0x7D84A5C3, 0x3B8B5EBE,
0xE06F75D8, 0x85C12073, 0x401A449F, 0x56C16AA6, 0x4ED3AA62, 0x363F7706,
0x1BFEDF72, 0x429B023D, 0x37D0D724, 0xD00A1248, 0xDB0FEAD3, 0x49F1C09B,
0x075372C9, 0x80991B7B, 0x25D479D8, 0xF6E8DEF7, 0xE3FE501A, 0xB6794C3B,
0x976CE0BD, 0x04C006BA, 0xC1A94FB6, 0x409F60C4, 0x5E5C9EC2, 0x196A2463,
0x68FB6FAF, 0x3E6C53B5, 0x1339B2EB, 0x3B52EC6F, 0x6DFC511F, 0x9B30952C,
0xCC814544, 0xAF5EBD09, 0xBEE3D004, 0xDE334AFD, 0x660F2807, 0x192E4BB3,
0xC0CBA857, 0x45C8740F, 0xD20B5F39, 0xB9D3FBDB, 0x5579C0BD, 0x1A60320A,
0xD6A100C6, 0x402C7279, 0x679F25FE, 0xFB1FA3CC, 0x8EA5E9F8, 0xDB3222F8,
0x3C7516DF, 0xFD616B15, 0x2F501EC8, 0xAD0552AB, 0x323DB5FA, 0xFD238760,
0x53317B48, 0x3E00DF82, 0x9E5C57BB, 0xCA6F8CA0, 0x1A87562E, 0xDF1769DB,
0xD542A8F6, 0x287EFFC3, 0xAC6732C6, 0x8C4F5573, 0x695B27B0, 0xBBCA58C8,
0xE1FFA35D, 0xB8F011A0, 0x10FA3D98, 0xFD2183B8, 0x4AFCB56C, 0x2DD1D35B,
0x9A53E479, 0xB6F84565, 0xD28E49BC, 0x4BFB9790, 0xE1DDF2DA, 0xA4CB7E33,
0x62FB1341, 0xCEE4C6E8, 0xEF20CADA, 0x36774C01, 0xD07E9EFE, 0x2BF11FB4,
0x95DBDA4D, 0xAE909198, 0xEAAD8E71, 0x6B93D5A0, 0xD08ED1D0, 0xAFC725E0,
0x8E3C5B2F, 0x8E7594B7, 0x8FF6E2FB, 0xF2122B64, 0x8888B812, 0x900DF01C,
0x4FAD5EA0, 0x688FC31C, 0xD1CFF191, 0xB3A8C1AD, 0x2F2F2218, 0xBE0E1777,
0xEA752DFE, 0x8B021FA1, 0xE5A0CC0F, 0xB56F74E8, 0x18ACF3D6, 0xCE89E299,
0xB4A84FE0, 0xFD13E0B7, 0x7CC43B81, 0xD2ADA8D9, 0x165FA266, 0x80957705,
0x93CC7314, 0x211A1477, 0xE6AD2065, 0x77B5FA86, 0xC75442F5, 0xFB9D35CF,
0xEBCDAF0C, 0x7B3E89A0, 0xD6411BD3, 0xAE1E7E49, 0x00250E2D, 0x2071B35E,
0x226800BB, 0x57B8E0AF, 0x2464369B, 0xF009B91E, 0x5563911D, 0x59DFA6AA,
0x78C14389, 0xD95A537F, 0x207D5BA2, 0x02E5B9C5, 0x83260376, 0x6295CFA9,
0x11C81968, 0x4E734A41, 0xB3472DCA, 0x7B14A94A, 0x1B510052, 0x9A532915,
0xD60F573F, 0xBC9BC6E4, 0x2B60A476, 0x81E67400, 0x08BA6FB5, 0x571BE91F,
0xF296EC6B, 0x2A0DD915, 0xB6636521, 0xE7B9F9B6, 0xFF34052E, 0xC5855664,
0x53B02D5D, 0xA99F8FA1, 0x08BA4799, 0x6E85076A
};
static const uint32_t ks1[256] = {
0x4B7A70E9, 0xB5B32944, 0xDB75092E, 0xC4192623, 0xAD6EA6B0, 0x49A7DF7D,
0x9CEE60B8, 0x8FEDB266, 0xECAA8C71, 0x699A17FF, 0x5664526C, 0xC2B19EE1,
0x193602A5, 0x75094C29, 0xA0591340, 0xE4183A3E, 0x3F54989A, 0x5B429D65,
0x6B8FE4D6, 0x99F73FD6, 0xA1D29C07, 0xEFE830F5, 0x4D2D38E6, 0xF0255DC1,
0x4CDD2086, 0x8470EB26, 0x6382E9C6, 0x021ECC5E, 0x09686B3F, 0x3EBAEFC9,
0x3C971814, 0x6B6A70A1, 0x687F3584, 0x52A0E286, 0xB79C5305, 0xAA500737,
0x3E07841C, 0x7FDEAE5C, 0x8E7D44EC, 0x5716F2B8, 0xB03ADA37, 0xF0500C0D,
0xF01C1F04, 0x0200B3FF, 0xAE0CF51A, 0x3CB574B2, 0x25837A58, 0xDC0921BD,
0xD19113F9, 0x7CA92FF6, 0x94324773, 0x22F54701, 0x3AE5E581, 0x37C2DADC,
0xC8B57634, 0x9AF3DDA7, 0xA9446146, 0x0FD0030E, 0xECC8C73E, 0xA4751E41,
0xE238CD99, 0x3BEA0E2F, 0x3280BBA1, 0x183EB331, 0x4E548B38, 0x4F6DB908,
0x6F420D03, 0xF60A04BF, 0x2CB81290, 0x24977C79, 0x5679B072, 0xBCAF89AF,
0xDE9A771F, 0xD9930810, 0xB38BAE12, 0xDCCF3F2E, 0x5512721F, 0x2E6B7124,
0x501ADDE6, 0x9F84CD87, 0x7A584718, 0x7408DA17, 0xBC9F9ABC, 0xE94B7D8C,
0xEC7AEC3A, 0xDB851DFA, 0x63094366, 0xC464C3D2, 0xEF1C1847, 0x3215D908,
0xDD433B37, 0x24C2BA16, 0x12A14D43, 0x2A65C451, 0x50940002, 0x133AE4DD,
0x71DFF89E, 0x10314E55, 0x81AC77D6, 0x5F11199B, 0x043556F1, 0xD7A3C76B,
0x3C11183B, 0x5924A509, 0xF28FE6ED, 0x97F1FBFA, 0x9EBABF2C, 0x1E153C6E,
0x86E34570, 0xEAE96FB1, 0x860E5E0A, 0x5A3E2AB3, 0x771FE71C, 0x4E3D06FA,
0x2965DCB9, 0x99E71D0F, 0x803E89D6, 0x5266C825, 0x2E4CC978, 0x9C10B36A,
0xC6150EBA, 0x94E2EA78, 0xA5FC3C53, 0x1E0A2DF4, 0xF2F74EA7, 0x361D2B3D,
0x1939260F, 0x19C27960, 0x5223A708, 0xF71312B6, 0xEBADFE6E, 0xEAC31F66,
0xE3BC4595, 0xA67BC883, 0xB17F37D1, 0x018CFF28, 0xC332DDEF, 0xBE6C5AA5,
0x65582185, 0x68AB9802, 0xEECEA50F, 0xDB2F953B, 0x2AEF7DAD, 0x5B6E2F84,
0x1521B628, 0x29076170, 0xECDD4775, 0x619F1510, 0x13CCA830, 0xEB61BD96,
0x0334FE1E, 0xAA0363CF, 0xB5735C90, 0x4C70A239, 0xD59E9E0B, 0xCBAADE14,
0xEECC86BC, 0x60622CA7, 0x9CAB5CAB, 0xB2F3846E, 0x648B1EAF, 0x19BDF0CA,
0xA02369B9, 0x655ABB50, 0x40685A32, 0x3C2AB4B3, 0x319EE9D5, 0xC021B8F7,
0x9B540B19, 0x875FA099, 0x95F7997E, 0x623D7DA8, 0xF837889A, 0x97E32D77,
0x11ED935F, 0x16681281, 0x0E358829, 0xC7E61FD6, 0x96DEDFA1, 0x7858BA99,
0x57F584A5, 0x1B227263, 0x9B83C3FF, 0x1AC24696, 0xCDB30AEB, 0x532E3054,
0x8FD948E4, 0x6DBC3128, 0x58EBF2EF, 0x34C6FFEA, 0xFE28ED61, 0xEE7C3C73,
0x5D4A14D9, 0xE864B7E3, 0x42105D14, 0x203E13E0, 0x45EEE2B6, 0xA3AAABEA,
0xDB6C4F15, 0xFACB4FD0, 0xC742F442, 0xEF6ABBB5, 0x654F3B1D, 0x41CD2105,
0xD81E799E, 0x86854DC7, 0xE44B476A, 0x3D816250, 0xCF62A1F2, 0x5B8D2646,
0xFC8883A0, 0xC1C7B6A3, 0x7F1524C3, 0x69CB7492, 0x47848A0B, 0x5692B285,
0x095BBF00, 0xAD19489D, 0x1462B174, 0x23820E00, 0x58428D2A, 0x0C55F5EA,
0x1DADF43E, 0x233F7061, 0x3372F092, 0x8D937E41, 0xD65FECF1, 0x6C223BDB,
0x7CDE3759, 0xCBEE7460, 0x4085F2A7, 0xCE77326E, 0xA6078084, 0x19F8509E,
0xE8EFD855, 0x61D99735, 0xA969A7AA, 0xC50C06C2, 0x5A04ABFC, 0x800BCADC,
0x9E447A2E, 0xC3453484, 0xFDD56705, 0x0E1E9EC9, 0xDB73DBD3, 0x105588CD,
0x675FDA79, 0xE3674340, 0xC5C43465, 0x713E38D8, 0x3D28F89E, 0xF16DFF20,
0x153E21E7, 0x8FB03D4A, 0xE6E39F2B, 0xDB83ADF7
};
static const uint32_t ks2[256] = {
0xE93D5A68, 0x948140F7, 0xF64C261C, 0x94692934, 0x411520F7, 0x7602D4F7,
0xBCF46B2E, 0xD4A20068, 0xD4082471, 0x3320F46A, 0x43B7D4B7, 0x500061AF,
0x1E39F62E, 0x97244546, 0x14214F74, 0xBF8B8840, 0x4D95FC1D, 0x96B591AF,
0x70F4DDD3, 0x66A02F45, 0xBFBC09EC, 0x03BD9785, 0x7FAC6DD0, 0x31CB8504,
0x96EB27B3, 0x55FD3941, 0xDA2547E6, 0xABCA0A9A, 0x28507825, 0x530429F4,
0x0A2C86DA, 0xE9B66DFB, 0x68DC1462, 0xD7486900, 0x680EC0A4, 0x27A18DEE,
0x4F3FFEA2, 0xE887AD8C, 0xB58CE006, 0x7AF4D6B6, 0xAACE1E7C, 0xD3375FEC,
0xCE78A399, 0x406B2A42, 0x20FE9E35, 0xD9F385B9, 0xEE39D7AB, 0x3B124E8B,
0x1DC9FAF7, 0x4B6D1856, 0x26A36631, 0xEAE397B2, 0x3A6EFA74, 0xDD5B4332,
0x6841E7F7, 0xCA7820FB, 0xFB0AF54E, 0xD8FEB397, 0x454056AC, 0xBA489527,
0x55533A3A, 0x20838D87, 0xFE6BA9B7, 0xD096954B, 0x55A867BC, 0xA1159A58,
0xCCA92963, 0x99E1DB33, 0xA62A4A56, 0x3F3125F9, 0x5EF47E1C, 0x9029317C,
0xFDF8E802, 0x04272F70, 0x80BB155C, 0x05282CE3, 0x95C11548, 0xE4C66D22,
0x48C1133F, 0xC70F86DC, 0x07F9C9EE, 0x41041F0F, 0x404779A4, 0x5D886E17,
0x325F51EB, 0xD59BC0D1, 0xF2BCC18F, 0x41113564, 0x257B7834, 0x602A9C60,
0xDFF8E8A3, 0x1F636C1B, 0x0E12B4C2, 0x02E1329E, 0xAF664FD1, 0xCAD18115,
0x6B2395E0, 0x333E92E1, 0x3B240B62, 0xEEBEB922, 0x85B2A20E, 0xE6BA0D99,
0xDE720C8C, 0x2DA2F728, 0xD0127845, 0x95B794FD, 0x647D0862, 0xE7CCF5F0,
0x5449A36F, 0x877D48FA, 0xC39DFD27, 0xF33E8D1E, 0x0A476341, 0x992EFF74,
0x3A6F6EAB, 0xF4F8FD37, 0xA812DC60, 0xA1EBDDF8, 0x991BE14C, 0xDB6E6B0D,
0xC67B5510, 0x6D672C37, 0x2765D43B, 0xDCD0E804, 0xF1290DC7, 0xCC00FFA3,
0xB5390F92, 0x690FED0B, 0x667B9FFB, 0xCEDB7D9C, 0xA091CF0B, 0xD9155EA3,
0xBB132F88, 0x515BAD24, 0x7B9479BF, 0x763BD6EB, 0x37392EB3, 0xCC115979,
0x8026E297, 0xF42E312D, 0x6842ADA7, 0xC66A2B3B, 0x12754CCC, 0x782EF11C,
0x6A124237, 0xB79251E7, 0x06A1BBE6, 0x4BFB6350, 0x1A6B1018, 0x11CAEDFA,
0x3D25BDD8, 0xE2E1C3C9, 0x44421659, 0x0A121386, 0xD90CEC6E, 0xD5ABEA2A,
0x64AF674E, 0xDA86A85F, 0xBEBFE988, 0x64E4C3FE, 0x9DBC8057, 0xF0F7C086,
0x60787BF8, 0x6003604D, 0xD1FD8346, 0xF6381FB0, 0x7745AE04, 0xD736FCCC,
0x83426B33, 0xF01EAB71, 0xB0804187, 0x3C005E5F, 0x77A057BE, 0xBDE8AE24,
0x55464299, 0xBF582E61, 0x4E58F48F, 0xF2DDFDA2, 0xF474EF38, 0x8789BDC2,
0x5366F9C3, 0xC8B38E74, 0xB475F255, 0x46FCD9B9, 0x7AEB2661, 0x8B1DDF84,
0x846A0E79, 0x915F95E2, 0x466E598E, 0x20B45770, 0x8CD55591, 0xC902DE4C,
0xB90BACE1, 0xBB8205D0, 0x11A86248, 0x7574A99E, 0xB77F19B6, 0xE0A9DC09,
0x662D09A1, 0xC4324633, 0xE85A1F02, 0x09F0BE8C, 0x4A99A025, 0x1D6EFE10,
0x1AB93D1D, 0x0BA5A4DF, 0xA186F20F, 0x2868F169, 0xDCB7DA83, 0x573906FE,
0xA1E2CE9B, 0x4FCD7F52, 0x50115E01, 0xA70683FA, 0xA002B5C4, 0x0DE6D027,
0x9AF88C27, 0x773F8641, 0xC3604C06, 0x61A806B5, 0xF0177A28, 0xC0F586E0,
0x006058AA, 0x30DC7D62, 0x11E69ED7, 0x2338EA63, 0x53C2DD94, 0xC2C21634,
0xBBCBEE56, 0x90BCB6DE, 0xEBFC7DA1, 0xCE591D76, 0x6F05E409, 0x4B7C0188,
0x39720A3D, 0x7C927C24, 0x86E3725F, 0x724D9DB9, 0x1AC15BB4, 0xD39EB8FC,
0xED545578, 0x08FCA5B5, 0xD83D7CD3, 0x4DAD0FC4, 0x1E50EF5E, 0xB161E6F8,
0xA28514D9, 0x6C51133C, 0x6FD5C7E7, 0x56E14EC4, 0x362ABFCE, 0xDDC6C837,
0xD79A3234, 0x92638212, 0x670EFA8E, 0x406000E0
};
static const uint32_t ks3[256] = {
0x3A39CE37, 0xD3FAF5CF, 0xABC27737, 0x5AC52D1B, 0x5CB0679E, 0x4FA33742,
0xD3822740, 0x99BC9BBE, 0xD5118E9D, 0xBF0F7315, 0xD62D1C7E, 0xC700C47B,
0xB78C1B6B, 0x21A19045, 0xB26EB1BE, 0x6A366EB4, 0x5748AB2F, 0xBC946E79,
0xC6A376D2, 0x6549C2C8, 0x530FF8EE, 0x468DDE7D, 0xD5730A1D, 0x4CD04DC6,
0x2939BBDB, 0xA9BA4650, 0xAC9526E8, 0xBE5EE304, 0xA1FAD5F0, 0x6A2D519A,
0x63EF8CE2, 0x9A86EE22, 0xC089C2B8, 0x43242EF6, 0xA51E03AA, 0x9CF2D0A4,
0x83C061BA, 0x9BE96A4D, 0x8FE51550, 0xBA645BD6, 0x2826A2F9, 0xA73A3AE1,
0x4BA99586, 0xEF5562E9, 0xC72FEFD3, 0xF752F7DA, 0x3F046F69, 0x77FA0A59,
0x80E4A915, 0x87B08601, 0x9B09E6AD, 0x3B3EE593, 0xE990FD5A, 0x9E34D797,
0x2CF0B7D9, 0x022B8B51, 0x96D5AC3A, 0x017DA67D, 0xD1CF3ED6, 0x7C7D2D28,
0x1F9F25CF, 0xADF2B89B, 0x5AD6B472, 0x5A88F54C, 0xE029AC71, 0xE019A5E6,
0x47B0ACFD, 0xED93FA9B, 0xE8D3C48D, 0x283B57CC, 0xF8D56629, 0x79132E28,
0x785F0191, 0xED756055, 0xF7960E44, 0xE3D35E8C, 0x15056DD4, 0x88F46DBA,
0x03A16125, 0x0564F0BD, 0xC3EB9E15, 0x3C9057A2, 0x97271AEC, 0xA93A072A,
0x1B3F6D9B, 0x1E6321F5, 0xF59C66FB, 0x26DCF319, 0x7533D928, 0xB155FDF5,
0x03563482, 0x8ABA3CBB, 0x28517711, 0xC20AD9F8, 0xABCC5167, 0xCCAD925F,
0x4DE81751, 0x3830DC8E, 0x379D5862, 0x9320F991, 0xEA7A90C2, 0xFB3E7BCE,
0x5121CE64, 0x774FBE32, 0xA8B6E37E, 0xC3293D46, 0x48DE5369, 0x6413E680,
0xA2AE0810, 0xDD6DB224, 0x69852DFD, 0x09072166, 0xB39A460A, 0x6445C0DD,
0x586CDECF, 0x1C20C8AE, 0x5BBEF7DD, 0x1B588D40, 0xCCD2017F, 0x6BB4E3BB,
0xDDA26A7E, 0x3A59FF45, 0x3E350A44, 0xBCB4CDD5, 0x72EACEA8, 0xFA6484BB,
0x8D6612AE, 0xBF3C6F47, 0xD29BE463, 0x542F5D9E, 0xAEC2771B, 0xF64E6370,
0x740E0D8D, 0xE75B1357, 0xF8721671, 0xAF537D5D, 0x4040CB08, 0x4EB4E2CC,
0x34D2466A, 0x0115AF84, 0xE1B00428, 0x95983A1D, 0x06B89FB4, 0xCE6EA048,
0x6F3F3B82, 0x3520AB82, 0x011A1D4B, 0x277227F8, 0x611560B1, 0xE7933FDC,
0xBB3A792B, 0x344525BD, 0xA08839E1, 0x51CE794B, 0x2F32C9B7, 0xA01FBAC9,
0xE01CC87E, 0xBCC7D1F6, 0xCF0111C3, 0xA1E8AAC7, 0x1A908749, 0xD44FBD9A,
0xD0DADECB, 0xD50ADA38, 0x0339C32A, 0xC6913667, 0x8DF9317C, 0xE0B12B4F,
0xF79E59B7, 0x43F5BB3A, 0xF2D519FF, 0x27D9459C, 0xBF97222C, 0x15E6FC2A,
0x0F91FC71, 0x9B941525, 0xFAE59361, 0xCEB69CEB, 0xC2A86459, 0x12BAA8D1,
0xB6C1075E, 0xE3056A0C, 0x10D25065, 0xCB03A442, 0xE0EC6E0E, 0x1698DB3B,
0x4C98A0BE, 0x3278E964, 0x9F1F9532, 0xE0D392DF, 0xD3A0342B, 0x8971F21E,
0x1B0A7441, 0x4BA3348C, 0xC5BE7120, 0xC37632D8, 0xDF359F8D, 0x9B992F2E,
0xE60B6F47, 0x0FE3F11D, 0xE54CDA54, 0x1EDAD891, 0xCE6279CF, 0xCD3E7E6F,
0x1618B166, 0xFD2C1D05, 0x848FD2C5, 0xF6FB2299, 0xF523F357, 0xA6327623,
0x93A83531, 0x56CCCD02, 0xACF08162, 0x5A75EBB5, 0x6E163697, 0x88D273CC,
0xDE966292, 0x81B949D0, 0x4C50901B, 0x71C65614, 0xE6C6C7BD, 0x327A140A,
0x45E1D006, 0xC3F27B9A, 0xC9AA53FD, 0x62A80F00, 0xBB25BFE2, 0x35BDD2F6,
0x71126905, 0xB2040222, 0xB6CBCF7C, 0xCD769C2B, 0x53113EC0, 0x1640E3D3,
0x38ABBD60, 0x2547ADF0, 0xBA38209C, 0xF746CE76, 0x77AFA1C5, 0x20756060,
0x85CBFE4E, 0x8AE88DD8, 0x7AAAF9B0, 0x4CF9AA7E, 0x1948C25C, 0x02FB8A8C,
0x01C36AE4, 0xD6EBE1F9, 0x90D4F869, 0xA65CDEA0, 0x3F09252D, 0xC208E69F,
0xB74E6132, 0xCE77E25B, 0x578FDFE3, 0x3AC372E6
};
static const uint32_t ps[BLOWFISH_ROUNDS + 2] = {
0x243F6A88, 0x85A308D3, 0x13198A2E, 0x03707344, 0xA4093822, 0x299F31D0,
0x082EFA98, 0xEC4E6C89, 0x452821E6, 0x38D01377, 0xBE5466CF, 0x34E90C6C,
0xC0AC29B7, 0xC97C50DD, 0x3F84D5B5, 0xB5470917, 0x9216D5D9, 0x8979FB1B
};
Blowfish::Blowfish()
{ static bool mustSelfTest = false;
}
void Blowfish::burn_stack(int bytes)
{
char buf[64];
memset(buf, 0, sizeof buf);
bytes -= sizeof buf;
if (bytes > 0)
burn_stack(bytes);
}
void Blowfish::do_encrypt(uint32_t * ret_xl, uint32_t * ret_xr)
{
#if BLOWFISH_ROUNDS == 16
uint32_t xl, xr, *s0, *s1, *s2, *s3, *p;
xl = *ret_xl;
xr = *ret_xr;
p = bc.p;
s0 = bc.s0;
s1 = bc.s1;
s2 = bc.s2;
s3 = bc.s3;
R(xl, xr, 0, p, s0, s1, s2, s3);
R(xr, xl, 1, p, s0, s1, s2, s3);
R(xl, xr, 2, p, s0, s1, s2, s3);
R(xr, xl, 3, p, s0, s1, s2, s3);
R(xl, xr, 4, p, s0, s1, s2, s3);
R(xr, xl, 5, p, s0, s1, s2, s3);
R(xl, xr, 6, p, s0, s1, s2, s3);
R(xr, xl, 7, p, s0, s1, s2, s3);
R(xl, xr, 8, p, s0, s1, s2, s3);
R(xr, xl, 9, p, s0, s1, s2, s3);
R(xl, xr, 10, p, s0, s1, s2, s3);
R(xr, xl, 11, p, s0, s1, s2, s3);
R(xl, xr, 12, p, s0, s1, s2, s3);
R(xr, xl, 13, p, s0, s1, s2, s3);
R(xl, xr, 14, p, s0, s1, s2, s3);
R(xr, xl, 15, p, s0, s1, s2, s3);
xl ^= p[BLOWFISH_ROUNDS];
xr ^= p[BLOWFISH_ROUNDS + 1];
*ret_xl = xr;
*ret_xr = xl;
#else
uint32_t xl, xr, temp, *p;
int i;
xl = *ret_xl;
xr = *ret_xr;
p = bc.p;
for (i = 0; i < BLOWFISH_ROUNDS; i++) {
xl ^= p[i];
xr ^= function_F(xl);
temp = xl;
xl = xr;
xr = temp;
}
temp = xl;
xl = xr;
xr = temp;
xr ^= p[BLOWFISH_ROUNDS];
xl ^= p[BLOWFISH_ROUNDS + 1];
*ret_xl = xl;
*ret_xr = xr;
#endif
}
void Blowfish::do_decrypt(uint32_t * ret_xl, uint32_t * ret_xr)
{
#if BLOWFISH_ROUNDS == 16
uint32_t xl, xr, *s0, *s1, *s2, *s3, *p;
xl = *ret_xl;
xr = *ret_xr;
p = bc.p;
s0 = bc.s0;
s1 = bc.s1;
s2 = bc.s2;
s3 = bc.s3;
R(xl, xr, 17, p, s0, s1, s2, s3);
R(xr, xl, 16, p, s0, s1, s2, s3);
R(xl, xr, 15, p, s0, s1, s2, s3);
R(xr, xl, 14, p, s0, s1, s2, s3);
R(xl, xr, 13, p, s0, s1, s2, s3);
R(xr, xl, 12, p, s0, s1, s2, s3);
R(xl, xr, 11, p, s0, s1, s2, s3);
R(xr, xl, 10, p, s0, s1, s2, s3);
R(xl, xr, 9, p, s0, s1, s2, s3);
R(xr, xl, 8, p, s0, s1, s2, s3);
R(xl, xr, 7, p, s0, s1, s2, s3);
R(xr, xl, 6, p, s0, s1, s2, s3);
R(xl, xr, 5, p, s0, s1, s2, s3);
R(xr, xl, 4, p, s0, s1, s2, s3);
R(xl, xr, 3, p, s0, s1, s2, s3);
R(xr, xl, 2, p, s0, s1, s2, s3);
xl ^= p[1];
xr ^= p[0];
*ret_xl = xr;
*ret_xr = xl;
#else
uint32_t xl, xr, temp, *p;
int i;
xl = *ret_xl;
xr = *ret_xr;
p = bc.p;
for (i = BLOWFISH_ROUNDS + 1; i > 1; i--) {
xl ^= p[i];
xr ^= function_F(xl);
temp = xl;
xl = xr;
xr = temp;
}
temp = xl;
xl = xr;
xr = temp;
xr ^= p[1];
xl ^= p[0];
*ret_xl = xl;
*ret_xr = xr;
#endif
}
void Blowfish::do_encrypt_block(byte * outbuf, byte * inbuf)
{
uint32_t d1, d2;
d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
do_encrypt(&d1, &d2);
outbuf[0] = (d1 >> 24) & 0xff;
outbuf[1] = (d1 >> 16) & 0xff;
outbuf[2] = (d1 >> 8) & 0xff;
outbuf[3] = d1 & 0xff;
outbuf[4] = (d2 >> 24) & 0xff;
outbuf[5] = (d2 >> 16) & 0xff;
outbuf[6] = (d2 >> 8) & 0xff;
outbuf[7] = d2 & 0xff;
}
void Blowfish::encrypt_block(byte * outbuf, byte * inbuf)
{
do_encrypt_block(outbuf, inbuf);
burn_stack(64);
}
void Blowfish::do_decrypt_block(byte * outbuf, byte * inbuf)
{
uint32_t d1, d2;
d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
do_decrypt(&d1, &d2);
outbuf[0] = (d1 >> 24) & 0xff;
outbuf[1] = (d1 >> 16) & 0xff;
outbuf[2] = (d1 >> 8) & 0xff;
outbuf[3] = d1 & 0xff;
outbuf[4] = (d2 >> 24) & 0xff;
outbuf[5] = (d2 >> 16) & 0xff;
outbuf[6] = (d2 >> 8) & 0xff;
outbuf[7] = d2 & 0xff;
}
void Blowfish::decrypt_block(byte * outbuf, byte * inbuf)
{
do_decrypt_block(outbuf, inbuf);
burn_stack(64);
}
int Blowfish::do_bf_setkey(byte * key, unsigned int keylen)
{
int i, j;
uint32_t data, datal, datar;
for (i = 0; i < BLOWFISH_ROUNDS + 2; ++i)
bc.p[i] = ps[i];
for (i = 0; i < 256; ++i) {
bc.s0[i] = ks0[i];
bc.s1[i] = ks1[i];
bc.s2[i] = ks2[i];
bc.s3[i] = ks3[i];
}
for (i = j = 0; i < BLOWFISH_ROUNDS + 2; ++i) {
#ifdef KEEPASS_BIG_ENDIAN
((byte *) & data)[0] = key[j];
((byte *) & data)[1] = key[(j + 1) % keylen];
((byte *) & data)[2] = key[(j + 2) % keylen];
((byte *) & data)[3] = key[(j + 3) % keylen];
#else
((byte *) & data)[3] = key[j];
((byte *) & data)[2] = key[(j + 1) % keylen];
((byte *) & data)[1] = key[(j + 2) % keylen];
((byte *) & data)[0] = key[(j + 3) % keylen];
#endif
bc.p[i] ^= data;
j = (j + 4) % keylen;
}
datal = datar = 0;
for (i = 0; i < BLOWFISH_ROUNDS + 2; i += 2) {
do_encrypt(&datal, &datar);
bc.p[i] = datal;
bc.p[i + 1] = datar;
}
for (i = 0; i < 256; i += 2) {
do_encrypt(&datal, &datar);
bc.s0[i] = datal;
bc.s0[i + 1] = datar;
}
for (i = 0; i < 256; i += 2) {
do_encrypt(&datal, &datar);
bc.s1[i] = datal;
bc.s1[i + 1] = datar;
}
for (i = 0; i < 256; i += 2) {
do_encrypt(&datal, &datar);
bc.s2[i] = datal;
bc.s2[i + 1] = datar;
}
for (i = 0; i < 256; i += 2) {
do_encrypt(&datal, &datar);
bc.s3[i] = datal;
bc.s3[i + 1] = datar;
}
/* Check for weak key. A weak key is a key in which a value in */
/* the P-array (here c) occurs more than once per table. */
for (i = 0; i < 255; ++i) {
for (j = i + 1; j < 256; ++j) {
if ((bc.s0[i] == bc.s0[j]) || (bc.s1[i] == bc.s1[j]) ||
(bc.s2[i] == bc.s2[j]) || (bc.s3[i] == bc.s3[j]))
return 1;
}
}
return 0;
}
int Blowfish::bf_setkey(byte * key, unsigned int keylen)
{
int rc = do_bf_setkey(key, keylen);
burn_stack(64);
return rc;
}
int Blowfish::bf_encrypt(byte * outbuf, byte * inbuf, unsigned int inbuf_len)
{
if (inbuf_len % 8)
return 1;
unsigned int i = 0;
while (i < inbuf_len) {
encrypt_block(outbuf + i, inbuf + i);
i += 8;
}
return 0;
}
int Blowfish::bf_decrypt(byte * outbuf, byte * inbuf, unsigned int inbuf_len)
{
if (inbuf_len % 8)
return 1;
unsigned int i = 0;
while (i < inbuf_len) {
decrypt_block(outbuf + i, inbuf + i);
i += 8;
}
return 0;
}
void Blowfish::padNull(string *buf)
{
buf->append(1, (char)0x01);
string::size_type append_null = 8 - (buf->length() % 8);
buf->append(append_null, (char)0x00);
}
bool Blowfish::unpadNull(string *buf)
{
if (buf->size() % 8)
return false;
string::size_type pos = buf->length() - 1;
while ((*buf)[pos] != (char)0x01) {
if (pos == 0)
return false;
--pos;
}
buf->erase(pos, buf->length() - pos);
return true;
}

115
src/crypto/blowfish.h
View File

@@ -1,115 +0,0 @@
/***************************************************************************
* *
* copyright (C) 2003, 2004 by Michael Buesch *
* email: mbuesch@freenet.de *
* *
* blowfish.c - Blowfish encryption *
* Copyright (C) 1998, 2001, 2002 Free Software Foundation, Inc. *
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License version 2 *
* as published by the Free Software Foundation. *
* *
***************************************************************************/
#ifndef BLOWFISH_H
#define BLOWFISH_H
#include "global.h"
#include <qglobal.h>
//#include <stdint.h>
#include <string>
using std::string;
#define BLOWFISH_BLOCKSIZE 8
#define BLOWFISH_ROUNDS 16
#define CIPHER_ALGO_BLOWFISH 4 /* blowfish 128 bit key */
#define uint8_t quint8
#define uint16_t quint16
#define uint32_t quint32
#define byte quint8
/** blowfish encryption algorithm.
* Derived from libgcrypt-1.1.12
*/
class Blowfish
{
struct BLOWFISH_context
{
uint32_t s0[256];
uint32_t s1[256];
uint32_t s2[256];
uint32_t s3[256];
uint32_t p[BLOWFISH_ROUNDS+2];
};
public:
Blowfish();
/** set key to encrypt. if return == 1, it is a weak key. */
int bf_setkey( byte *key, unsigned int keylen );
/** encrypt inbuf and return it in outbuf.
* inbuf and outbuf have to be: buf % 8 == 0
* You may check this with getPaddedLen() and pad with NULL.
*/
int bf_encrypt( byte *outbuf, byte *inbuf, unsigned int inbuf_len );
/** decrypt inbuf and return it in outbuf.
* inbuf and outbuf have to be: buf % 8 == 0
* You may check this with getPaddedLen() and pad with NULL.
*/
int bf_decrypt( byte *outbuf, byte *inbuf, unsigned int inbuf_len );
/** returns the length, the sting has to be padded to */
static unsigned int getPaddedLen(unsigned int inLen)
{ return ((8 - (inLen % 8)) + inLen); }
/** pad up to 8 bytes. */
static void padNull(string *buf);
/** remove padded data */
static bool unpadNull(string *buf);
protected:
#if BLOWFISH_ROUNDS != 16
uint32_t function_F( uint32_t x)
{
uint16_t a, b, c, d;
#ifdef KEEPASS_BIG_ENDIAN
a = ((byte *) & x)[0];
b = ((byte *) & x)[1];
c = ((byte *) & x)[2];
d = ((byte *) & x)[3];
#else
a = ((byte *) & x)[3];
b = ((byte *) & x)[2];
c = ((byte *) & x)[1];
d = ((byte *) & x)[0];
#endif
return ((bc.s0[a] + bc.s1[b]) ^ bc.s2[c]) + bc.s3[d];
}
#endif
void R(uint32_t &l, uint32_t &r, uint32_t i, uint32_t *p,
uint32_t *s0, uint32_t *s1, uint32_t *s2, uint32_t *s3)
{
l ^= p[i];
#ifdef KEEPASS_BIG_ENDIAN
r ^= (( s0[((byte*)&l)[0]] + s1[((byte*)&l)[1]])
^ s2[((byte*)&l)[2]]) + s3[((byte*)&l)[3]];
#else
r ^= (( s0[((byte*)&l)[3]] + s1[((byte*)&l)[2]])
^ s2[((byte*)&l)[1]]) + s3[((byte*)&l)[0]];
#endif
}
void encrypt_block(byte *outbuf, byte *inbuf);
void decrypt_block(byte *outbuf, byte *inbuf);
void burn_stack(int bytes);
void do_encrypt(uint32_t *ret_xl, uint32_t *ret_xr);
void do_decrypt(uint32_t *ret_xl, uint32_t *ret_xr);
void do_encrypt_block(byte *outbuf, byte *inbuf);
void do_decrypt_block(byte *outbuf, byte *inbuf);
int do_bf_setkey(byte *key, unsigned int keylen);
protected:
struct BLOWFISH_context bc;
};
#endif

1605
src/crypto/rijndael.cpp
View File

File diff suppressed because it is too large Load Diff

158
src/crypto/rijndael.h
View File

@@ -1,158 +0,0 @@
#ifndef _RIJNDAEL_H_
#define _RIJNDAEL_H_
// This file is based on Szymon Stefanek's Rijndael implementation.
// All I have done is changed the variable type definitions, not more.
// The original header is below.
//
// File : rijndael.h
// Creation date : Sun Nov 5 2000 03:21:05 CEST
// Author : Szymon Stefanek (stefanek@tin.it)
//
// Another implementation of the Rijndael cipher.
// This is intended to be an easily usable library file.
// This code is public domain.
// Based on the Vincent Rijmen and K.U.Leuven implementation 2.4.
//
//
// Original Copyright notice:
//
// rijndael-alg-fst.c v2.4 April '2000
// rijndael-alg-fst.h
// rijndael-api-fst.c
// rijndael-api-fst.h
//
// Optimised ANSI C code
//
// authors: v1.0: Antoon Bosselaers
// v2.0: Vincent Rijmen, K.U.Leuven
// v2.3: Paulo Barreto
// v2.4: Vincent Rijmen, K.U.Leuven
//
// This code is placed in the public domain.
//
//
// This implementation works on 128 , 192 , 256 bit keys
// and on 128 bit blocks
//
//
// Example of usage:
//
// // Input data
// unsigned char key[32]; // The key
// initializeYour256BitKey(); // Obviously initialized with sth
// const unsigned char * plainText = getYourPlainText(); // Your plain text
// int plainTextLen = strlen(plainText); // Plain text length
//
// // Encrypting
// Rijndael rin;
// unsigned char output[plainTextLen + 16];
//
// rin.init(Rijndael::CBC,Rijndael::Encrypt,key,Rijndael::Key32Bytes);
// // It is a good idea to check the error code
// int len = rin.padEncrypt(plainText,len,output);
// if(len >= 0)useYourEncryptedText();
// else encryptError(len);
//
// // Decrypting: we can reuse the same object
// unsigned char output2[len];
// rin.init(Rijndael::CBC,Rijndael::Decrypt,key,Rijndael::Key32Bytes));
// len = rin.padDecrypt(output,len,output2);
// if(len >= 0)useYourDecryptedText();
// else decryptError(len);
//
#define _MAX_KEY_COLUMNS (256/32)
#define _MAX_ROUNDS 14
#define MAX_IV_SIZE 16
#include <qglobal.h>
// Error codes
#define RIJNDAEL_SUCCESS 0
#define RIJNDAEL_UNSUPPORTED_MODE -1
#define RIJNDAEL_UNSUPPORTED_DIRECTION -2
#define RIJNDAEL_UNSUPPORTED_KEY_LENGTH -3
#define RIJNDAEL_BAD_KEY -4
#define RIJNDAEL_NOT_INITIALIZED -5
#define RIJNDAEL_BAD_DIRECTION -6
#define RIJNDAEL_CORRUPTED_DATA -7
class Rijndael
{
public:
enum Direction { Encrypt , Decrypt };
enum Mode { ECB , CBC , CFB1 };
enum KeyLength { Key16Bytes , Key24Bytes , Key32Bytes };
//
// Creates a Rijndael cipher object
// You have to call init() before you can encrypt or decrypt stuff
//
Rijndael();
~Rijndael();
protected:
// Internal stuff
enum State { Valid , Invalid };
State m_state;
Mode m_mode;
Direction m_direction;
quint8 m_initVector[MAX_IV_SIZE];
quint32 m_uRounds;
quint8 m_expandedKey[_MAX_ROUNDS+1][4][4];
public:
//////////////////////////////////////////////////////////////////////////////////////////
// API
//////////////////////////////////////////////////////////////////////////////////////////
// init(): Initializes the crypt session
// Returns RIJNDAEL_SUCCESS or an error code
// mode : Rijndael::ECB, Rijndael::CBC or Rijndael::CFB1
// You have to use the same mode for encrypting and decrypting
// dir : Rijndael::Encrypt or Rijndael::Decrypt
// A cipher instance works only in one direction
// (Well , it could be easily modified to work in both
// directions with a single init() call, but it looks
// useless to me...anyway , it is a matter of generating
// two expanded keys)
// key : array of unsigned octets , it can be 16 , 24 or 32 bytes long
// this CAN be binary data (it is not expected to be null terminated)
// keyLen : Rijndael::Key16Bytes , Rijndael::Key24Bytes or Rijndael::Key32Bytes
// initVector: initialization vector, you will usually use 0 here
int init(Mode mode,Direction dir,const quint8 *key,KeyLength keyLen,quint8 * initVector = 0);
// Encrypts the input array (can be binary data)
// The input array length must be a multiple of 16 bytes, the remaining part
// is DISCARDED.
// so it actually encrypts inputLen / 128 blocks of input and puts it in outBuffer
// Input len is in BITS!
// outBuffer must be at least inputLen / 8 bytes long.
// Returns the encrypted buffer length in BITS or an error code < 0 in case of error
int blockEncrypt(const quint8 *input, int inputLen, quint8 *outBuffer);
// Encrypts the input array (can be binary data)
// The input array can be any length , it is automatically padded on a 16 byte boundary.
// Input len is in BYTES!
// outBuffer must be at least (inputLen + 16) bytes long
// Returns the encrypted buffer length in BYTES or an error code < 0 in case of error
int padEncrypt(const quint8 *input, int inputOctets, quint8 *outBuffer);
// Decrypts the input vector
// Input len is in BITS!
// outBuffer must be at least inputLen / 8 bytes long
// Returns the decrypted buffer length in BITS and an error code < 0 in case of error
int blockDecrypt(const quint8 *input, int inputLen, quint8 *outBuffer);
// Decrypts the input vector
// Input len is in BYTES!
// outBuffer must be at least inputLen bytes long
// Returns the decrypted buffer length in BYTES and an error code < 0 in case of error
int padDecrypt(const quint8 *input, int inputOctets, quint8 *outBuffer);
protected:
void keySched(quint8 key[_MAX_KEY_COLUMNS][4]);
void keyEncToDec();
void encrypt(const quint8 a[16], quint8 b[16]);
void decrypt(const quint8 a[16], quint8 b[16]);
};
#endif // _RIJNDAEL_H_

257
src/crypto/sha1.cpp
View File

@@ -1,257 +0,0 @@
/*
100% free public domain implementation of the SHA-1 algorithm
by Dominik Reichl <dominik.reichl@t-online.de>
Version 1.5 - 2005-01-01
- 64-bit compiler compatibility added
- Made variable wiping optional (define SHA1_WIPE_VARIABLES)
- Removed unnecessary variable initializations
- ROL32 improvement for the Microsoft compiler (using _rotl)
======== Test Vectors (from FIPS PUB 180-1) ========
SHA1("abc") =
A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
SHA1("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq") =
84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
SHA1(A million repetitions of "a") =
34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
*/
#include "global.h"
#include "sha1.h"
#define SHA1_MAX_FILE_BUFFER 8000
// Rotate x bits to the left
#ifndef ROL32
#define ROL32(_val32, _nBits) (((_val32)<<(_nBits))|((_val32)>>(32-(_nBits))))
#endif
#ifdef KEEPASS_LITTLE_ENDIAN
#define SHABLK0(i) (m_block->l[i] = \
(ROL32(m_block->l[i],24) & 0xFF00FF00) | (ROL32(m_block->l[i],8) & 0x00FF00FF))
#else
#define SHABLK0(i) (m_block->l[i])
#endif
#define SHABLK(i) (m_block->l[i&15] = ROL32(m_block->l[(i+13)&15] ^ m_block->l[(i+8)&15] \
^ m_block->l[(i+2)&15] ^ m_block->l[i&15],1))
// SHA-1 rounds
#define _R0(v,w,x,y,z,i) { z+=((w&(x^y))^y)+SHABLK0(i)+0x5A827999+ROL32(v,5); w=ROL32(w,30); }
#define _R1(v,w,x,y,z,i) { z+=((w&(x^y))^y)+SHABLK(i)+0x5A827999+ROL32(v,5); w=ROL32(w,30); }
#define _R2(v,w,x,y,z,i) { z+=(w^x^y)+SHABLK(i)+0x6ED9EBA1+ROL32(v,5); w=ROL32(w,30); }
#define _R3(v,w,x,y,z,i) { z+=(((w|x)&y)|(w&x))+SHABLK(i)+0x8F1BBCDC+ROL32(v,5); w=ROL32(w,30); }
#define _R4(v,w,x,y,z,i) { z+=(w^x^y)+SHABLK(i)+0xCA62C1D6+ROL32(v,5); w=ROL32(w,30); }
CSHA1::CSHA1()
{
m_block = (SHA1_WORKSPACE_BLOCK *)m_workspace;
Reset();
}
CSHA1::~CSHA1()
{
Reset();
}
void CSHA1::Reset()
{
// SHA1 initialization constants
m_state[0] = 0x67452301;
m_state[1] = 0xEFCDAB89;
m_state[2] = 0x98BADCFE;
m_state[3] = 0x10325476;
m_state[4] = 0xC3D2E1F0;
m_count[0] = 0;
m_count[1] = 0;
}
void CSHA1::Update(unsigned char* data, int len){
quint_32 i, j;
j = (m_count[0] >> 3) & 63;
if((m_count[0] += len << 3) < (len << 3)) m_count[1]++;
m_count[1] += (len >> 29);
if((j + len) > 63)
{
i = 64 - j;
memcpy(&m_buffer[j], data, i);
Transform(m_state, m_buffer);
for( ; i + 63 < len; i += 64) Transform(m_state, &data[i]);
j = 0;
}
else i = 0;
memcpy(&m_buffer[j], &data[i], len - i);
}
void CSHA1::Transform(quint_32 *state, quint_8 *buffer)
{
// Copy state[] to working vars
quint_32 a = state[0], b = state[1], c = state[2], d = state[3], e = state[4];
memcpy(m_block, buffer, 64);
// 4 rounds of 20 operations each. Loop unrolled.
_R0(a,b,c,d,e, 0); _R0(e,a,b,c,d, 1); _R0(d,e,a,b,c, 2); _R0(c,d,e,a,b, 3);
_R0(b,c,d,e,a, 4); _R0(a,b,c,d,e, 5); _R0(e,a,b,c,d, 6); _R0(d,e,a,b,c, 7);
_R0(c,d,e,a,b, 8); _R0(b,c,d,e,a, 9); _R0(a,b,c,d,e,10); _R0(e,a,b,c,d,11);
_R0(d,e,a,b,c,12); _R0(c,d,e,a,b,13); _R0(b,c,d,e,a,14); _R0(a,b,c,d,e,15);
_R1(e,a,b,c,d,16); _R1(d,e,a,b,c,17); _R1(c,d,e,a,b,18); _R1(b,c,d,e,a,19);
_R2(a,b,c,d,e,20); _R2(e,a,b,c,d,21); _R2(d,e,a,b,c,22); _R2(c,d,e,a,b,23);
_R2(b,c,d,e,a,24); _R2(a,b,c,d,e,25); _R2(e,a,b,c,d,26); _R2(d,e,a,b,c,27);
_R2(c,d,e,a,b,28); _R2(b,c,d,e,a,29); _R2(a,b,c,d,e,30); _R2(e,a,b,c,d,31);
_R2(d,e,a,b,c,32); _R2(c,d,e,a,b,33); _R2(b,c,d,e,a,34); _R2(a,b,c,d,e,35);
_R2(e,a,b,c,d,36); _R2(d,e,a,b,c,37); _R2(c,d,e,a,b,38); _R2(b,c,d,e,a,39);
_R3(a,b,c,d,e,40); _R3(e,a,b,c,d,41); _R3(d,e,a,b,c,42); _R3(c,d,e,a,b,43);
_R3(b,c,d,e,a,44); _R3(a,b,c,d,e,45); _R3(e,a,b,c,d,46); _R3(d,e,a,b,c,47);
_R3(c,d,e,a,b,48); _R3(b,c,d,e,a,49); _R3(a,b,c,d,e,50); _R3(e,a,b,c,d,51);
_R3(d,e,a,b,c,52); _R3(c,d,e,a,b,53); _R3(b,c,d,e,a,54); _R3(a,b,c,d,e,55);
_R3(e,a,b,c,d,56); _R3(d,e,a,b,c,57); _R3(c,d,e,a,b,58); _R3(b,c,d,e,a,59);
_R4(a,b,c,d,e,60); _R4(e,a,b,c,d,61); _R4(d,e,a,b,c,62); _R4(c,d,e,a,b,63);
_R4(b,c,d,e,a,64); _R4(a,b,c,d,e,65); _R4(e,a,b,c,d,66); _R4(d,e,a,b,c,67);
_R4(c,d,e,a,b,68); _R4(b,c,d,e,a,69); _R4(a,b,c,d,e,70); _R4(e,a,b,c,d,71);
_R4(d,e,a,b,c,72); _R4(c,d,e,a,b,73); _R4(b,c,d,e,a,74); _R4(a,b,c,d,e,75);
_R4(e,a,b,c,d,76); _R4(d,e,a,b,c,77); _R4(c,d,e,a,b,78); _R4(b,c,d,e,a,79);
// Add the working vars back into state
state[0] += a;
state[1] += b;
state[2] += c;
state[3] += d;
state[4] += e;
// Wipe variables
#ifdef SHA1_WIPE_VARIABLES
a = b = c = d = e = 0;
#endif
}
// Hash in file contents
bool CSHA1::HashFile(char *szFileName)
{
unsigned long ulFileSize, ulRest, ulBlocks;
unsigned long i;
quint_8 uData[SHA1_MAX_FILE_BUFFER];
FILE *fIn;
if(szFileName == NULL) return false;
fIn = fopen(szFileName, "rb");
if(fIn == NULL) return false;
fseek(fIn, 0, SEEK_END);
ulFileSize = (unsigned long)ftell(fIn);
fseek(fIn, 0, SEEK_SET);
if(ulFileSize != 0)
{
ulBlocks = ulFileSize / SHA1_MAX_FILE_BUFFER;
ulRest = ulFileSize % SHA1_MAX_FILE_BUFFER;
}
else
{
ulBlocks = 0;
ulRest = 0;
}
for(i = 0; i < ulBlocks; i++)
{
fread(uData, 1, SHA1_MAX_FILE_BUFFER, fIn);
Update((quint_8 *)uData, SHA1_MAX_FILE_BUFFER);
}
if(ulRest != 0)
{
fread(uData, 1, ulRest, fIn);
Update((quint_8 *)uData, ulRest);
}
fclose(fIn); fIn = NULL;
return true;
}
void CSHA1::Final()
{
quint_32 i;
quint_8 finalcount[8];
for(i = 0; i < 8; i++)
finalcount[i] = (quint_8)((m_count[((i >= 4) ? 0 : 1)]
>> ((3 - (i & 3)) * 8) ) & 255); // Endian independent
Update((quint_8 *)"\200", 1);
while ((m_count[0] & 504) != 448)
Update((quint_8 *)"\0", 1);
Update(finalcount, 8); // Cause a SHA1Transform()
for(i = 0; i < 20; i++)
{
m_digest[i] = (quint_8)((m_state[i >> 2] >> ((3 - (i & 3)) * 8) ) & 255);
}
// Wipe variables for security reasons
#ifdef SHA1_WIPE_VARIABLES
i = 0;
memset(m_buffer, 0, 64);
memset(m_state, 0, 20);
memset(m_count, 0, 8);
memset(finalcount, 0, 8);
Transform(m_state, m_buffer);
#endif
}
// Get the final hash as a pre-formatted string
void CSHA1::ReportHash(char *szReport, unsigned char uReportType)
{
unsigned char i;
char szTemp[16];
if(szReport == NULL) return;
if(uReportType == REPORT_HEX)
{
sprintf(szTemp, "%02X", m_digest[0]);
strcat(szReport, szTemp);
for(i = 1; i < 20; i++)
{
sprintf(szTemp, " %02X", m_digest[i]);
strcat(szReport, szTemp);
}
}
else if(uReportType == REPORT_DIGIT)
{
sprintf(szTemp, "%u", m_digest[0]);
strcat(szReport, szTemp);
for(i = 1; i < 20; i++)
{
sprintf(szTemp, " %u", m_digest[i]);
strcat(szReport, szTemp);
}
}
else strcpy(szReport, "Error: Unknown report type!");
}
// Get the raw message digest
void CSHA1::GetHash(quint_8 *puDest)
{
memcpy(puDest, m_digest, 20);
}

99
src/crypto/sha1.h
View File

@@ -1,99 +0,0 @@
/*
100% free public domain implementation of the SHA-1 algorithm
by Dominik Reichl <dominik.reichl@t-online.de>
Version 1.5 - 2005-01-01
- 64-bit compiler compatibility added
- Made variable wiping optional (define SHA1_WIPE_VARIABLES)
- Removed unnecessary variable initializations
- ROL32 improvement for the Microsoft compiler (using _rotl)
======== Test Vectors (from FIPS PUB 180-1) ========
SHA1("abc") =
A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
SHA1("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq") =
84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
SHA1(A million repetitions of "a") =
34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
*/
#ifndef ___SHA1_HDR___
#define ___SHA1_HDR___
#include <stdio.h> // Needed for file access
#include <memory.h> // Needed for memset and memcpy
#include <string.h> // Needed for strcat and strcpy
// If you're compiling big endian, just comment out the following line
// #define or #undef this, if you want the CSHA1 class to wipe all
// temporary variables after processing
#define SHA1_WIPE_VARIABLES
/////////////////////////////////////////////////////////////////////////////
// Define 8- and 32-bit variables
#ifndef quint_32
#define quint_8 unsigned char
#if (ULONG_MAX == 0xFFFFFFFF)
#define quint_32 unsigned long
#else
#define quint_32 unsigned int
#endif
#endif
/////////////////////////////////////////////////////////////////////////////
// Declare SHA1 workspace
typedef union
{
quint_8 c[64];
quint_32 l[16];
} SHA1_WORKSPACE_BLOCK;
class CSHA1
{
public:
// Two different formats for ReportHash(...)
enum
{
REPORT_HEX = 0,
REPORT_DIGIT = 1
};
// Constructor and Destructor
CSHA1();
~CSHA1();
quint_32 m_state[5];
quint_32 m_count[2];
quint_8 m_buffer[64];
quint_8 m_digest[20];
void Reset();
// Update the hash value
void Update(unsigned char* data, int len);
bool HashFile(char *szFileName);
// Finalize hash and report
void Final();
void ReportHash(char *szReport, unsigned char uReportType = REPORT_HEX);
void GetHash(quint_8 *puDest);
private:
// Private SHA-1 transformation
void Transform(quint_32 *state, quint_8 *buffer);
// Member variables
quint_8 m_workspace[64];
SHA1_WORKSPACE_BLOCK *m_block; // SHA1 pointer to the byte array above
};
#endif

249
src/crypto/sha256.c → src/crypto/sha256.cpp Executable file → Normal file
View File

@@ -1,41 +1,48 @@
/*
* FIPS-180-2 compliant SHA-256 implementation
*
* Copyright (C) 2001-2003 Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/***************************************************************************
* Copyright (C) 2005-2006 by Tarek Saidi *
* based on the FIPS-180-2 compliant SHA-256 implementation of *
* Christophe Devine. *
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 2 of the License, or *
* (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the *
* Free Software Foundation, Inc., *
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
***************************************************************************/
#include <string.h>
#include "sha256.h"
#define GET_quint32(n,b,i) \
#define GET_qquint32(n,b,i) \
{ \
(n) = ( (uint32) (b)[(i) ] << 24 ) \
| ( (uint32) (b)[(i) + 1] << 16 ) \
| ( (uint32) (b)[(i) + 2] << 8 ) \
| ( (uint32) (b)[(i) + 3] ); \
(n) = ( (quint32) (b)[(i) ] << 24 ) \
| ( (quint32) (b)[(i) + 1] << 16 ) \
| ( (quint32) (b)[(i) + 2] << 8 ) \
| ( (quint32) (b)[(i) + 3] ); \
}
#define PUT_quint32(n,b,i) \
#define PUT_qquint32(n,b,i) \
{ \
(b)[(i) ] = (uint8) ( (n) >> 24 ); \
(b)[(i) + 1] = (uint8) ( (n) >> 16 ); \
(b)[(i) + 2] = (uint8) ( (n) >> 8 ); \
(b)[(i) + 3] = (uint8) ( (n) ); \
(b)[(i) ] = (quint8) ( (n) >> 24 ); \
(b)[(i) + 1] = (quint8) ( (n) >> 16 ); \
(b)[(i) + 2] = (quint8) ( (n) >> 8 ); \
(b)[(i) + 3] = (quint8) ( (n) ); \
}
void SHA256::hashBuffer(void* input, void* digest, quint32 length){
sha256_context ctx;
sha256_starts(&ctx);
sha256_update(&ctx,(quint8*)input,length);
sha256_finish(&ctx,(quint8*)digest);
}
void sha256_starts( sha256_context *ctx )
@@ -53,27 +60,27 @@ void sha256_starts( sha256_context *ctx )
ctx->state[7] = 0x5BE0CD19;
}
void sha256_process( sha256_context *ctx, uint8 data[64] )
void sha256_process( sha256_context *ctx, const quint8 data[64] )
{
uint32 temp1, temp2, W[64];
uint32 A, B, C, D, E, F, G, H;
quint32 temp1, temp2, W[64];
quint32 A, B, C, D, E, F, G, H;
GET_quint32( W[0], data, 0 );
GET_quint32( W[1], data, 4 );
GET_quint32( W[2], data, 8 );
GET_quint32( W[3], data, 12 );
GET_quint32( W[4], data, 16 );
GET_quint32( W[5], data, 20 );
GET_quint32( W[6], data, 24 );
GET_quint32( W[7], data, 28 );
GET_quint32( W[8], data, 32 );
GET_quint32( W[9], data, 36 );
GET_quint32( W[10], data, 40 );
GET_quint32( W[11], data, 44 );
GET_quint32( W[12], data, 48 );
GET_quint32( W[13], data, 52 );
GET_quint32( W[14], data, 56 );
GET_quint32( W[15], data, 60 );
GET_qquint32( W[0], data, 0 );
GET_qquint32( W[1], data, 4 );
GET_qquint32( W[2], data, 8 );
GET_qquint32( W[3], data, 12 );
GET_qquint32( W[4], data, 16 );
GET_qquint32( W[5], data, 20 );
GET_qquint32( W[6], data, 24 );
GET_qquint32( W[7], data, 28 );
GET_qquint32( W[8], data, 32 );
GET_qquint32( W[9], data, 36 );
GET_qquint32( W[10], data, 40 );
GET_qquint32( W[11], data, 44 );
GET_qquint32( W[12], data, 48 );
GET_qquint32( W[13], data, 52 );
GET_qquint32( W[14], data, 56 );
GET_qquint32( W[15], data, 60 );
#define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
@@ -184,9 +191,9 @@ void sha256_process( sha256_context *ctx, uint8 data[64] )
ctx->state[7] += H;
}
void sha256_update( sha256_context *ctx, uint8 *input, uint32 length )
void sha256_update( sha256_context *ctx, const quint8 *input, quint32 length )
{
uint32 left, fill;
quint32 left, fill;
if( ! length ) return;
@@ -223,7 +230,7 @@ void sha256_update( sha256_context *ctx, uint8 *input, uint32 length )
}
}
static uint8 sha256_padding[64] =
static quint8 sha256_padding[64] =
{
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -231,18 +238,18 @@ static uint8 sha256_padding[64] =
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
void sha256_finish( sha256_context *ctx, uint8 digest[32] )
void sha256_finish( sha256_context *ctx, quint8 digest[32] )
{
uint32 last, padn;
uint32 high, low;
uint8 msglen[8];
quint32 last, padn;
quint32 high, low;
quint8 msglen[8];
high = ( ctx->total[0] >> 29 )
| ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 );
PUT_quint32( high, msglen, 0 );
PUT_quint32( low, msglen, 4 );
PUT_qquint32( high, msglen, 0 );
PUT_qquint32( low, msglen, 4 );
last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
@@ -250,120 +257,12 @@ void sha256_finish( sha256_context *ctx, uint8 digest[32] )
sha256_update( ctx, sha256_padding, padn );
sha256_update( ctx, msglen, 8 );
PUT_quint32( ctx->state[0], digest, 0 );
PUT_quint32( ctx->state[1], digest, 4 );
PUT_quint32( ctx->state[2], digest, 8 );
PUT_quint32( ctx->state[3], digest, 12 );
PUT_quint32( ctx->state[4], digest, 16 );
PUT_quint32( ctx->state[5], digest, 20 );
PUT_quint32( ctx->state[6], digest, 24 );
PUT_quint32( ctx->state[7], digest, 28 );
}
#ifdef TEST
#include <stdlib.h>
#include <stdio.h>
/*
* those are the standard FIPS-180-2 test vectors
*/
static char *msg[] =
{
"abc",
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
NULL
};
static char *val[] =
{
"ba7816bf8f01cfea414140de5dae2223" \
"b00361a396177a9cb410ff61f20015ad",
"248d6a61d20638b8e5c026930c3e6039" \
"a33ce45964ff2167f6ecedd419db06c1",
"cdc76e5c9914fb9281a1c7e284d73e67" \
"f1809a48a497200e046d39ccc7112cd0"
};
int main( int argc, char *argv[] )
{
FILE *f;
int i, j;
char output[65];
sha256_context ctx;
unsigned char buf[1000];
unsigned char sha256sum[32];
if( argc < 2 )
{
printf( "\n SHA-256 Validation Tests:\n\n" );
for( i = 0; i < 3; i++ )
{
printf( " Test %d ", i + 1 );
sha256_starts( &ctx );
if( i < 2 )
{
sha256_update( &ctx, (uint8 *) msg[i],
strlen( msg[i] ) );
}
else
{
memset( buf, 'a', 1000 );
for( j = 0; j < 1000; j++ )
{
sha256_update( &ctx, (uint8 *) buf, 1000 );
}
}
sha256_finish( &ctx, sha256sum );
for( j = 0; j < 32; j++ )
{
sprintf( output + j * 2, "%02x", sha256sum[j] );
}
if( memcmp( output, val[i], 64 ) )
{
printf( "failed!\n" );
return( 1 );
}
printf( "passed.\n" );
}
printf( "\n" );
}
else
{
if( ! ( f = fopen( argv[1], "rb" ) ) )
{
perror( "fopen" );
return( 1 );
}
sha256_starts( &ctx );
while( ( i = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
{
sha256_update( &ctx, buf, i );
}
sha256_finish( &ctx, sha256sum );
for( j = 0; j < 32; j++ )
{
printf( "%02x", sha256sum[j] );
}
printf( " %s\n", argv[1] );
}
return( 0 );
}
#endif
PUT_qquint32( ctx->state[0], digest, 0 );
PUT_qquint32( ctx->state[1], digest, 4 );
PUT_qquint32( ctx->state[2], digest, 8 );
PUT_qquint32( ctx->state[3], digest, 12 );
PUT_qquint32( ctx->state[4], digest, 16 );
PUT_qquint32( ctx->state[5], digest, 20 );
PUT_qquint32( ctx->state[6], digest, 24 );
PUT_qquint32( ctx->state[7], digest, 28 );
}

59
src/crypto/sha256.h
View File

@@ -1,32 +1,49 @@
/***************************************************************************
* Copyright (C) 2005-2006 by Tarek Saidi *
* based on the FIPS-180-2 compliant SHA-256 implementation of *
* Christophe Devine. *
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 2 of the License, or *
* (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the *
* Free Software Foundation, Inc., *
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
***************************************************************************/
#ifndef _SHA256_H
#define _SHA256_H
#ifndef uint8
#define uint8 unsigned char
#endif
#ifndef uint32
#define uint32 unsigned long int
#endif
#include <qglobal.h>
typedef struct
{
uint32 total[2];
uint32 state[8];
uint8 buffer[64];
}
sha256_context;
#ifdef __cplusplus
extern "C" { //Für C++ Kompalibilität
#endif
quint32 total[2];
quint32 state[8];
quint8 buffer[64];
}sha256_context;
extern void sha256_starts( sha256_context *ctx );
extern void sha256_update( sha256_context *ctx, uint8 *input, uint32 length );
extern void sha256_finish( sha256_context *ctx, uint8 digest[32] );
extern void sha256_update( sha256_context *ctx, const quint8 *input, quint32 length );
extern void sha256_finish( sha256_context *ctx, quint8 digest[32] );
class SHA256{
public:
SHA256(){sha256_starts(&ctx);}
void update(void* input,quint32 length){sha256_update(&ctx,(quint8*)input,length);}
void finish(void* digest){sha256_finish(&ctx,(quint8*)digest);}
static void hashBuffer(void* input, void* digest,quint32 length);
private:
sha256_context ctx;
};
#ifdef __cplusplus
}
#endif
#endif /* sha256.h */

1
src/crypto/twoclass.h
View File

@@ -31,7 +31,6 @@
#define ___TWOFISH_CLASS_H___
#include "twofish.h"
#include "crypto/rijndael.h"
class CTwofish
{

420
src/crypto/yarrow.cpp Normal file
View File

@@ -0,0 +1,420 @@
/* yarrow256.c
*
* The yarrow pseudo-randomness generator.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels M<>ler
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "yarrow.h"
#ifndef YARROW_DEBUG
#define YARROW_DEBUG 0
#endif
#if YARROW_DEBUG
#include <stdio.h>
#endif
#define SHA256_DIGEST_SIZE 32
#define AES_MAX_KEY_SIZE 32
/* Parameters */
/* An upper limit on the entropy (in bits) in one octet of sample
* data. */
#define YARROW_MULTIPLIER 4
/* Entropy threshold for reseeding from the fast pool */
#define YARROW_FAST_THRESHOLD 100
/* Entropy threshold for reseeding from the fast pool */
#define YARROW_SLOW_THRESHOLD 160
/* Number of sources that must exceed the threshold for slow reseed */
#define YARROW_SLOW_K 2
/* The number of iterations when reseeding, P_t in the yarrow paper.
* Should be chosen so that reseeding takes on the order of 0.1-1
* seconds. */
#define YARROW_RESEED_ITERATIONS 1500
/* Entropy estimates sticks to this value, it is treated as infinity
* in calculations. It should fit comfortably in an uint32_t, to avoid
* overflows. */
#define YARROW_MAX_ENTROPY 0x100000
/* Forward declarations */
static void
yarrow_fast_reseed(struct yarrow256_ctx *ctx);
static void
yarrow_gate(struct yarrow256_ctx *ctx);
void
yarrow256_init(struct yarrow256_ctx *ctx,
unsigned n,
struct yarrow_source *s)
{
unsigned i;
sha256_starts(&ctx->pools[0]);
sha256_starts(&ctx->pools[1]);
ctx->seeded = 0;
/* Not strictly, necessary, but it makes it easier to see if the
* values are sane. */
memset(ctx->seed_file, 0, YARROW256_SEED_FILE_SIZE);
memset(ctx->counter, 0, sizeof(ctx->counter));
ctx->nsources = n;
ctx->sources = s;
for (i = 0; i<n; i++)
{
ctx->sources[i].estimate[YARROW_FAST] = 0;
ctx->sources[i].estimate[YARROW_SLOW] = 0;
ctx->sources[i].next = YARROW_FAST;
}
}
void
yarrow256_seed(struct yarrow256_ctx *ctx,
unsigned length,
const quint8 *seed_file)
{
/* FIXME: Perhaps it's better to use assert ? */
if (!length)
return;
sha256_update(&ctx->pools[YARROW_FAST], seed_file, length);
yarrow_fast_reseed(ctx);
ctx->seeded = 1;
}
/* FIXME: Generalize so that it generates a few more blocks at a
* time. */
static void
yarrow_generate_block(struct yarrow256_ctx *ctx,
quint8 *block)
{
unsigned i;
//aes_encrypt(&ctx->key, sizeof(ctx->counter), block, ctx->counter);
aes_ecb_encrypt(ctx->counter,block,sizeof(ctx->counter),&ctx->key);
/* Increment counter, treating it as a big-endian number. This is
* machine independent, and follows appendix B of the NIST
* specification of cipher modes of operation.
*
* We could keep a representation of thy counter as 4 32-bit values,
* and write entire words (in big-endian byteorder) into the counter
* block, whenever they change. */
for (i = sizeof(ctx->counter); i--; )
{
if (++ctx->counter[i])
break;
}
}
static void
yarrow_iterate(quint8 *digest)
{
quint8 v0[SHA256_DIGEST_SIZE];
unsigned i;
memcpy(v0, digest, SHA256_DIGEST_SIZE);
/* When hashed inside the loop, i should run from 1 to
* YARROW_RESEED_ITERATIONS */
for (i = 0; ++i < YARROW_RESEED_ITERATIONS; )
{
quint8 count[4];
sha256_context hash;
sha256_starts(&hash);
/* Hash v_i | v_0 | i */
WRITE_UINT32(count, i);
sha256_update(&hash, digest, SHA256_DIGEST_SIZE);
sha256_update(&hash, v0, sizeof(v0));
sha256_update(&hash, count, sizeof(count));
sha256_finish(&hash,digest);
}
}
/* NOTE: The SHA-256 digest size equals the AES key size, so we need
* no "size adaptor". */
static void
yarrow_fast_reseed(struct yarrow256_ctx *ctx)
{
quint8 digest[SHA256_DIGEST_SIZE];
unsigned i;
#if YARROW_DEBUG
fprintf(stderr, "yarrow_fast_reseed\n");
#endif
/* We feed two block of output using the current key into the pool
* before emptying it. */
if (ctx->seeded)
{
quint8 blocks[AES_BLOCK_SIZE * 2];
yarrow_generate_block(ctx, blocks);
yarrow_generate_block(ctx, blocks + AES_BLOCK_SIZE);
sha256_update(&ctx->pools[YARROW_FAST],blocks,sizeof(blocks));
}
sha256_finish(&ctx->pools[YARROW_FAST],digest);
/* Iterate */
yarrow_iterate(digest);
aes_encrypt_key(digest,sizeof(digest),&ctx->key);
/* Derive new counter value */
memset(ctx->counter, 0, sizeof(ctx->counter));
//aes_encrypt(&ctx->key, sizeof(ctx->counter), ctx->counter, ctx->counter);
aes_ecb_encrypt(ctx->counter,ctx->counter,sizeof(ctx->counter),&ctx->key);
/* Reset estimates. */
for (i = 0; i<ctx->nsources; i++)
ctx->sources[i].estimate[YARROW_FAST] = 0;
/* New seed file. */
/* FIXME: Extract this into a function of its own. */
for (i = 0; i < sizeof(ctx->seed_file); i+= AES_BLOCK_SIZE)
yarrow_generate_block(ctx, ctx->seed_file + i);
yarrow_gate(ctx);
}
static void
yarrow_slow_reseed(struct yarrow256_ctx *ctx)
{
quint8 digest[SHA256_DIGEST_SIZE];
unsigned i;
#if YARROW_DEBUG
fprintf(stderr, "yarrow_slow_reseed\n");
#endif
/* Get digest of the slow pool*/
sha256_finish(&ctx->pools[YARROW_SLOW], digest);
/* Feed it into the fast pool */
sha256_update(&ctx->pools[YARROW_FAST],digest, sizeof(digest));
yarrow_fast_reseed(ctx);
/* Reset estimates. */
for (i = 0; i<ctx->nsources; i++)
ctx->sources[i].estimate[YARROW_SLOW] = 0;
}
int
yarrow256_update(struct yarrow256_ctx *ctx,
unsigned source_index, unsigned entropy,
unsigned length, const quint8 *data)
{
enum yarrow_pool_id current;
struct yarrow_source *source;
assert(source_index < ctx->nsources);
if (!length)
/* Nothing happens */
return 0;
source = &ctx->sources[source_index];
if (!ctx->seeded)
/* While seeding, use the slow pool */
current = YARROW_SLOW;
else
{
current = source->next;
source->next = (yarrow_pool_id)!source->next;
}
sha256_update(&ctx->pools[current],data,length);
/* NOTE: We should be careful to avoid overflows in the estimates. */
if (source->estimate[current] < YARROW_MAX_ENTROPY)
{
if (entropy > YARROW_MAX_ENTROPY)
entropy = YARROW_MAX_ENTROPY;
if ( (length < (YARROW_MAX_ENTROPY / YARROW_MULTIPLIER))
&& (entropy > YARROW_MULTIPLIER * length) )
entropy = YARROW_MULTIPLIER * length;
/* FIXME: Calling a more sophisticated estimater should be done
* here. */
entropy += source->estimate[current];
if (entropy > YARROW_MAX_ENTROPY)
entropy = YARROW_MAX_ENTROPY;
source->estimate[current] = entropy;
}
/* Check for seed/reseed */
switch(current)
{
case YARROW_FAST:
#if YARROW_DEBUG
fprintf(stderr,
"yarrow256_update: source_index = %d,\n"
" fast pool estimate = %d\n",
source_index, source->estimate[YARROW_FAST]);
#endif
if (source->estimate[YARROW_FAST] >= YARROW_FAST_THRESHOLD)
{
yarrow_fast_reseed(ctx);
return 1;
}
else
return 0;
case YARROW_SLOW:
{
/* FIXME: This is somewhat inefficient. It would be better to
* either maintain the count, or do this loop only if the
* current source just crossed the threshold. */
if (!yarrow256_needed_sources(ctx))
{
yarrow_slow_reseed(ctx);
ctx->seeded = 1;
return 1;
}
else
return 0;
}
default:
abort();
}
}
static void
yarrow_gate(struct yarrow256_ctx *ctx)
{
quint8 key[AES_MAX_KEY_SIZE];
unsigned i;
for (i = 0; i < sizeof(key); i+= AES_BLOCK_SIZE)
yarrow_generate_block(ctx, key + i);
aes_encrypt_key(key,sizeof(key),&ctx->key);
}
void
yarrow256_random(struct yarrow256_ctx *ctx, unsigned length, quint8 *dst)
{
assert(ctx->seeded);
while (length >= AES_BLOCK_SIZE)
{
yarrow_generate_block(ctx, dst);
dst += AES_BLOCK_SIZE;
length -= AES_BLOCK_SIZE;
}
if (length)
{
quint8 buffer[AES_BLOCK_SIZE];
assert(length < AES_BLOCK_SIZE);
yarrow_generate_block(ctx, buffer);
memcpy(dst, buffer, length);
}
yarrow_gate(ctx);
}
int
yarrow256_is_seeded(struct yarrow256_ctx *ctx)
{
return ctx->seeded;
}
unsigned
yarrow256_needed_sources(struct yarrow256_ctx *ctx)
{
/* FIXME: This is somewhat inefficient. It would be better to
* either maintain the count, or do this loop only if the
* current source just crossed the threshold. */
unsigned k, i;
for (i = k = 0; i < ctx->nsources; i++)
if (ctx->sources[i].estimate[YARROW_SLOW] >= YARROW_SLOW_THRESHOLD)
k++;
#if YARROW_DEBUG
fprintf(stderr,
"yarrow256_needed_sources: source_index = %d,\n"
" slow pool estimate = %d,\n"
" number of sources above threshold = %d\n",
source_index, source->estimate[YARROW_SLOW], k);
#endif
return (k < YARROW_SLOW_K) ? (YARROW_SLOW_K - k) : 0;
}
void
yarrow256_force_reseed(struct yarrow256_ctx *ctx)
{
yarrow_slow_reseed(ctx);
}
struct yarrow256_ctx WeakCtx;
struct yarrow256_ctx StrongCtx;
struct yarrow_source WeakSrc[2];
void initYarrow(){
yarrow256_init(&WeakCtx,2,WeakSrc);
quint8 buffer[100];
srand(time(0));
for(int i=0;i<100;i++)
buffer[i]=rand()%256+1;
yarrow256_update(&WeakCtx,0,800,100,buffer);
for(int i=0;i<100;i++)
buffer[i]=rand()%256+1;
yarrow256_update(&WeakCtx,1,800,100,buffer);
Q_ASSERT(yarrow256_is_seeded(&WeakCtx));
}
void randomize(void* buffer, unsigned int length){
yarrow256_random(&WeakCtx,length,(quint8*)buffer);
}

190
src/crypto/yarrow.h Normal file
View File

@@ -0,0 +1,190 @@
/* yarrow.h
*
* The yarrow pseudo-randomness generator.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels M<>ler
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#ifndef NETTLE_YARROW_COMPAT_H_INCLUDED
#define NETTLE_YARROW_COMPAT_H_INCLUDED
#include "aes.h"
#include "sha256.h"
/* Name mangling */
#define yarrow256_init nettle_yarrow256_init
#define yarrow256_seed nettle_yarrow256_seed
#define yarrow256_update nettle_yarrow256_update
#define yarrow256_random nettle_yarrow256_random
#define yarrow256_is_seeded nettle_yarrow256_is_seeded
#define yarrow256_needed_sources nettle_yarrow256_needed_sources
#define yarrow256_force_reseed nettle_yarrow256_force_reseed
#define yarrow_key_event_init nettle_yarrow_key_event_init
#define yarrow_key_event_estimate nettle_yarrow_key_event_estimate
enum yarrow_pool_id { YARROW_FAST = 0, YARROW_SLOW = 1 };
struct yarrow_source
{
/* Indexed by yarrow_pool_id */
quint32 estimate[2];
/* The pool next sample should go to. */
enum yarrow_pool_id next;
};
#define YARROW256_SEED_FILE_SIZE (2 * AES_BLOCK_SIZE)
/* Yarrow-256, based on SHA-256 and AES-256 */
struct yarrow256_ctx
{
/* Indexed by yarrow_pool_id */
sha256_context pools[2];
quint8 seed_file[YARROW256_SEED_FILE_SIZE];
int seeded;
/* The current key and counter block */
aes_encrypt_ctx key;
quint8 counter[AES_BLOCK_SIZE];
/* The entropy sources */
unsigned nsources;
struct yarrow_source *sources;
};
void
yarrow256_init(struct yarrow256_ctx *ctx,
unsigned nsources,
struct yarrow_source *sources);
void
yarrow256_seed(struct yarrow256_ctx *ctx,
unsigned length,
const quint8 *seed_file);
/* Returns 1 on reseed */
int
yarrow256_update(struct yarrow256_ctx *ctx,
unsigned source, unsigned entropy,
unsigned length, const quint8 *data);
void
yarrow256_random(struct yarrow256_ctx *ctx, unsigned length, quint8 *dst);
int
yarrow256_is_seeded(struct yarrow256_ctx *ctx);
unsigned
yarrow256_needed_sources(struct yarrow256_ctx *ctx);
void
yarrow256_force_reseed(struct yarrow256_ctx *ctx);
/* Key event estimator */
#define YARROW_KEY_EVENT_BUFFER 16
struct yarrow_key_event_ctx
{
/* Counter for initial priming of the state */
unsigned index;
unsigned chars[YARROW_KEY_EVENT_BUFFER];
unsigned previous;
};
void
yarrow_key_event_init(struct yarrow_key_event_ctx *ctx);
unsigned
yarrow_key_event_estimate(struct yarrow_key_event_ctx *ctx,
unsigned key, unsigned time);
/* merged code from macros.h: */
/* Reads a 32-bit integer, in network, big-endian, byte order */
#define READ_UINT32(p) \
( (((quint32) (p)[0]) << 24) \
| (((quint32) (p)[1]) << 16) \
| (((quint32) (p)[2]) << 8) \
| ((quint32) (p)[3]))
#define WRITE_UINT32(p, i) \
do { \
(p)[0] = ((i) >> 24) & 0xff; \
(p)[1] = ((i) >> 16) & 0xff; \
(p)[2] = ((i) >> 8) & 0xff; \
(p)[3] = (i) & 0xff; \
} while(0)
/* Analogous macros, for 24 and 16 bit numbers */
#define READ_UINT24(p) \
( (((quint32) (p)[0]) << 16) \
| (((quint32) (p)[1]) << 8) \
| ((quint32) (p)[2]))
#define WRITE_UINT24(p, i) \
do { \
(p)[0] = ((i) >> 16) & 0xff; \
(p)[1] = ((i) >> 8) & 0xff; \
(p)[2] = (i) & 0xff; \
} while(0)
#define READ_UINT16(p) \
( (((quint32) (p)[0]) << 8) \
| ((quint32) (p)[1]))
#define WRITE_UINT16(p, i) \
do { \
(p)[0] = ((i) >> 8) & 0xff; \
(p)[1] = (i) & 0xff; \
} while(0)
/* And the other, little-endian, byteorder */
#define LE_READ_UINT32(p) \
( (((quint32) (p)[3]) << 24) \
| (((quint32) (p)[2]) << 16) \
| (((quint32) (p)[1]) << 8) \
| ((quint32) (p)[0]))
#define LE_WRITE_UINT32(p, i) \
do { \
(p)[3] = ((i) >> 24) & 0xff; \
(p)[2] = ((i) >> 16) & 0xff; \
(p)[1] = ((i) >> 8) & 0xff; \
(p)[0] = (i) & 0xff; \
} while(0)
/* Macro to make it easier to loop over several blocks. */
#define FOR_BLOCKS(length, dst, src, blocksize) \
assert( !((length) % (blocksize))); \
for (; (length); ((length) -= (blocksize), \
(dst) += (blocksize), \
(src) += (blocksize)) )
void initYarrow();
void randomize(void* buffer, unsigned int length);
#endif /* NETTLE_YARROW_COMPAT_H_INCLUDED */

88
src/crypto/yarrow_macros.h Normal file
View File

@@ -0,0 +1,88 @@
/* macros.h
*
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001 Niels M<>ller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#ifndef NETTLE_MACROS_H_INCLUDED
#define NETTLE_MACROS_H_INCLUDED
/* Reads a 32-bit integer, in network, big-endian, byte order */
#define READ_UINT32(p) \
( (((uint32_t) (p)[0]) << 24) \
| (((uint32_t) (p)[1]) << 16) \
| (((uint32_t) (p)[2]) << 8) \
| ((uint32_t) (p)[3]))
#define WRITE_UINT32(p, i) \
do { \
(p)[0] = ((i) >> 24) & 0xff; \
(p)[1] = ((i) >> 16) & 0xff; \
(p)[2] = ((i) >> 8) & 0xff; \
(p)[3] = (i) & 0xff; \
} while(0)
/* Analogous macros, for 24 and 16 bit numbers */
#define READ_UINT24(p) \
( (((uint32_t) (p)[0]) << 16) \
| (((uint32_t) (p)[1]) << 8) \
| ((uint32_t) (p)[2]))
#define WRITE_UINT24(p, i) \
do { \
(p)[0] = ((i) >> 16) & 0xff; \
(p)[1] = ((i) >> 8) & 0xff; \
(p)[2] = (i) & 0xff; \
} while(0)
#define READ_UINT16(p) \
( (((uint32_t) (p)[0]) << 8) \
| ((uint32_t) (p)[1]))
#define WRITE_UINT16(p, i) \
do { \
(p)[0] = ((i) >> 8) & 0xff; \
(p)[1] = (i) & 0xff; \
} while(0)
/* And the other, little-endian, byteorder */
#define LE_READ_UINT32(p) \
( (((uint32_t) (p)[3]) << 24) \
| (((uint32_t) (p)[2]) << 16) \
| (((uint32_t) (p)[1]) << 8) \
| ((uint32_t) (p)[0]))
#define LE_WRITE_UINT32(p, i) \
do { \
(p)[3] = ((i) >> 24) & 0xff; \
(p)[2] = ((i) >> 16) & 0xff; \
(p)[1] = ((i) >> 8) & 0xff; \
(p)[0] = (i) & 0xff; \
} while(0)
/* Macro to make it easier to loop over several blocks. */
#define FOR_BLOCKS(length, dst, src, blocksize) \
assert( !((length) % (blocksize))); \
for (; (length); ((length) -= (blocksize), \
(dst) += (blocksize), \
(src) += (blocksize)) )
#endif /* NETTLE_MACROS_H_INCLUDED */