aes.c File Reference

#include <string.h>
#include "crypto.h"

Go to the source code of this file.

Defines
#define	rot1(x)   (((x) << 24) | ((x) >> 8))
	AES implementation - this is a small code version.
#define	rot2(x)   (((x) << 16) | ((x) >> 16))
#define	rot3(x)   (((x) << 8) | ((x) >> 24))
#define	mt   0x80808080
#define	ml   0x7f7f7f7f
#define	mh   0xfefefefe
#define	mm   0x1b1b1b1b
#define	mul2(x, t)
#define	inv_mix_col(x, f2, f4, f8, f9)
#define	n2l(c, l)   l=ntohl(*c); c++
#define	l2n(l, c)   *c++=htonl(l)
Functions
static unsigned char	AES_xtime (uint32_t x)
void	AES_set_key (AES_CTX *ctx, const uint8_t *key, const uint8_t *iv, AES_MODE mode)
	Set up AES with the key/iv and cipher size.
void	AES_convert_key (AES_CTX *ctx)
	Change a key for decryption.
void	AES_encrypt (const AES_CTX *ctx, uint32_t *data)
	Encrypt a single block (16 bytes) of data.
void	AES_decrypt (const AES_CTX *ctx, uint32_t *data)
	Decrypt a single block (16 bytes) of data.
Variables
static const uint8_t	aes_sbox [256]
static const uint8_t	aes_isbox [256]
static const unsigned char	Rcon [30]

---

Define Documentation

#define rot1

(

x

)

(((x) << 24) | ((x) >> 8))

AES implementation - this is a small code version.

There are much faster versions around but they are much larger in size (i.e. they use large submix tables).

Definition at line 31 of file aes.c.

#define rot2

(

x

)

(((x) << 16) | ((x) >> 16))

Definition at line 32 of file aes.c.

#define rot3

(

x

)

(((x) << 8) | ((x) >> 24))

Definition at line 33 of file aes.c.

#define mt   0x80808080

Definition at line 46 of file aes.c.

#define ml   0x7f7f7f7f

Definition at line 47 of file aes.c.

#define mh   0xfefefefe

Definition at line 48 of file aes.c.

#define mm   0x1b1b1b1b

Definition at line 49 of file aes.c.

#define mul2	(	x,
		t		)

Value:

((t)=((x)&mt), \
                        ((((x)+(x))&mh)^(((t)-((t)>>7))&mm)))

Definition at line 50 of file aes.c.

#define inv_mix_col	(	x,
		f2,
		f4,
		f8,
		f9		)

Value:

(\
                        (f2)=mul2(x,f2), \
                        (f4)=mul2(f2,f4), \
                        (f8)=mul2(f4,f8), \
                        (f9)=(x)^(f8), \
                        (f8)=((f2)^(f4)^(f8)), \
                        (f2)^=(f9), \
                        (f4)^=(f9), \
                        (f8)^=rot3(f2), \
                        (f8)^=rot2(f4), \
                        (f8)^rot1(f9))

Definition at line 53 of file aes.c.

Referenced by AES_convert_key().

#define n2l	(	c,
		l		)	l=ntohl(*c); c++

Definition at line 66 of file aes.c.

#define l2n	(	l,
		c		)	*c++=htonl(l)

Definition at line 67 of file aes.c.

---

Function Documentation

static unsigned char AES_xtime

(

uint32_t

x

)

[static]

Definition at line 157 of file aes.c.

Referenced by AES_decrypt(), and AES_encrypt().

{
        return x = (x&0x80) ? (x<<1)^0x1b : x<<1;
}

void AES_set_key	(	AES_CTX *	ctx,
		const uint8_t *	key,
		const uint8_t *	iv,
		AES_MODE	mode
	)

Set up AES with the key/iv and cipher size.

Definition at line 165 of file aes.c.

References AES_MODE_128, AES_MODE_256, aes_sbox, aes_key_st::iv, aes_key_st::key_size, aes_key_st::ks, memcpy, Rcon, and aes_key_st::rounds.

Referenced by aes_setkey().

{
    int i, ii;
    uint32_t *W, tmp, tmp2;
    const unsigned char *ip;
    int words;

    switch (mode)
    {
        case AES_MODE_128:
            i = 10;
            words = 4;
            break;

        case AES_MODE_256:
            i = 14;
            words = 8;
            break;

        default:        /* fail silently */
            return;
    }

    ctx->rounds = i;
    ctx->key_size = words;
    W = ctx->ks;
    for (i = 0; i < words; i+=2)
    {
        W[i+0]= ((uint32_t)key[ 0]<<24)|
            ((uint32_t)key[ 1]<<16)|
            ((uint32_t)key[ 2]<< 8)|
            ((uint32_t)key[ 3]    );
        W[i+1]= ((uint32_t)key[ 4]<<24)|
            ((uint32_t)key[ 5]<<16)|
            ((uint32_t)key[ 6]<< 8)|
            ((uint32_t)key[ 7]    );
        key += 8;
    }

    ip = Rcon;
    ii = 4 * (ctx->rounds+1);
    for (i = words; i<ii; i++)
    {
        tmp = W[i-1];

        if ((i % words) == 0)
        {
            tmp2 =(uint32_t)aes_sbox[(tmp    )&0xff]<< 8;
            tmp2|=(uint32_t)aes_sbox[(tmp>> 8)&0xff]<<16;
            tmp2|=(uint32_t)aes_sbox[(tmp>>16)&0xff]<<24;
            tmp2|=(uint32_t)aes_sbox[(tmp>>24)     ];
            tmp=tmp2^(((unsigned int)*ip)<<24);
            ip++;
        }

        if ((words == 8) && ((i % words) == 4))
        {
            tmp2 =(uint32_t)aes_sbox[(tmp    )&0xff]    ;
            tmp2|=(uint32_t)aes_sbox[(tmp>> 8)&0xff]<< 8;
            tmp2|=(uint32_t)aes_sbox[(tmp>>16)&0xff]<<16;
            tmp2|=(uint32_t)aes_sbox[(tmp>>24)     ]<<24;
            tmp=tmp2;
        }

        W[i]=W[i-words]^tmp;
    }

    /* copy the iv across */
    memcpy(ctx->iv, iv, 16);
}

void AES_convert_key

(

AES_CTX *

ctx

)

Change a key for decryption.

Definition at line 240 of file aes.c.

References inv_mix_col, k, aes_key_st::ks, and aes_key_st::rounds.

Referenced by aes_decrypt().

{
    int i;
    uint32_t *k,w,t1,t2,t3,t4;

    k = ctx->ks;
    k += 4;

    for (i=ctx->rounds*4; i>4; i--)
    {
        w= *k;
        w = inv_mix_col(w,t1,t2,t3,t4);
        *k++ =w;
    }
}

void AES_encrypt	(	const AES_CTX *	ctx,
		uint32_t *	data
	)

Encrypt a single block (16 bytes) of data.

Definition at line 363 of file aes.c.

References aes_sbox, AES_xtime(), k, aes_key_st::ks, and aes_key_st::rounds.

Referenced by aes_encrypt().

{
    /* To make this code smaller, generate the sbox entries on the fly.
     * This will have a really heavy effect upon performance.
     */
    uint32_t tmp[4];
    uint32_t tmp1, old_a0, a0, a1, a2, a3, row;
    int curr_rnd;
    int rounds = ctx->rounds; 
    const uint32_t *k = ctx->ks;

    /* Pre-round key addition */
    for (row = 0; row < 4; row++)
    {
        data[row] ^= *(k++);
    }

    /* Encrypt one block. */
    for (curr_rnd = 0; curr_rnd < rounds; curr_rnd++)
    {
        /* Perform ByteSub and ShiftRow operations together */
        for (row = 0; row < 4; row++)
        {
            a0 = (uint32_t)aes_sbox[(data[row%4]>>24)&0xFF];
            a1 = (uint32_t)aes_sbox[(data[(row+1)%4]>>16)&0xFF];
            a2 = (uint32_t)aes_sbox[(data[(row+2)%4]>>8)&0xFF]; 
            a3 = (uint32_t)aes_sbox[(data[(row+3)%4])&0xFF];

            /* Perform MixColumn iff not last round */
            if (curr_rnd < (rounds - 1))
            {
                tmp1 = a0 ^ a1 ^ a2 ^ a3;
                old_a0 = a0;

                a0 ^= tmp1 ^ AES_xtime(a0 ^ a1);
                a1 ^= tmp1 ^ AES_xtime(a1 ^ a2);
                a2 ^= tmp1 ^ AES_xtime(a2 ^ a3);
                a3 ^= tmp1 ^ AES_xtime(a3 ^ old_a0);

            }

            tmp[row] = ((a0 << 24) | (a1 << 16) | (a2 << 8) | a3);
        }

        /* KeyAddition - note that it is vital that this loop is separate from
           the MixColumn operation, which must be atomic...*/ 
        for (row = 0; row < 4; row++)
        {
            data[row] = tmp[row] ^ *(k++);
        }
    }
}

void AES_decrypt	(	const AES_CTX *	ctx,
		uint32_t *	data
	)

Decrypt a single block (16 bytes) of data.

Definition at line 419 of file aes.c.

References aes_isbox, AES_xtime(), k, aes_key_st::ks, and aes_key_st::rounds.

Referenced by aes_decrypt().

{ 
    uint32_t tmp[4];
    uint32_t xt0,xt1,xt2,xt3,xt4,xt5,xt6;
    uint32_t a0, a1, a2, a3, row;
    int curr_rnd;
    int rounds = ctx->rounds;
    uint32_t *k = (uint32_t*)ctx->ks + ((rounds+1)*4);

    /* pre-round key addition */
    for (row=4; row > 0;row--)
    {
        data[row-1] ^= *(--k);
    }

    /* Decrypt one block */
    for (curr_rnd=0; curr_rnd < rounds; curr_rnd++)
    {
        /* Perform ByteSub and ShiftRow operations together */
        for (row = 4; row > 0; row--)
        {
            a0 = aes_isbox[(data[(row+3)%4]>>24)&0xFF];
            a1 = aes_isbox[(data[(row+2)%4]>>16)&0xFF];
            a2 = aes_isbox[(data[(row+1)%4]>>8)&0xFF];
            a3 = aes_isbox[(data[row%4])&0xFF];

            /* Perform MixColumn iff not last round */
            if (curr_rnd<(rounds-1))
            {
                /* The MDS cofefficients (0x09, 0x0B, 0x0D, 0x0E)
                   are quite large compared to encryption; this 
                   operation slows decryption down noticeably. */
                xt0 = AES_xtime(a0^a1);
                xt1 = AES_xtime(a1^a2);
                xt2 = AES_xtime(a2^a3);
                xt3 = AES_xtime(a3^a0);
                xt4 = AES_xtime(xt0^xt1);
                xt5 = AES_xtime(xt1^xt2);
                xt6 = AES_xtime(xt4^xt5);

                xt0 ^= a1^a2^a3^xt4^xt6;
                xt1 ^= a0^a2^a3^xt5^xt6;
                xt2 ^= a0^a1^a3^xt4^xt6;
                xt3 ^= a0^a1^a2^xt5^xt6;
                tmp[row-1] = ((xt0<<24)|(xt1<<16)|(xt2<<8)|xt3);
            }
            else
                tmp[row-1] = ((a0<<24)|(a1<<16)|(a2<<8)|a3);
        }

        for (row = 4; row > 0; row--)
        {
            data[row-1] = tmp[row-1] ^ *(--k);
        }
    }
}

---

Variable Documentation

const uint8_t aes_sbox[256] [static]

Definition at line 72 of file aes.c.

Referenced by AES_encrypt(), and AES_set_key().

const uint8_t aes_isbox[256] [static]

Definition at line 111 of file aes.c.

Referenced by AES_decrypt().

const unsigned char Rcon[30] [static]

Initial value:

{
        0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80,
        0x1b,0x36,0x6c,0xd8,0xab,0x4d,0x9a,0x2f,
        0x5e,0xbc,0x63,0xc6,0x97,0x35,0x6a,0xd4,
        0xb3,0x7d,0xfa,0xef,0xc5,0x91,
}

Definition at line 147 of file aes.c.

Referenced by AES_set_key().