early-access version 1503
This commit is contained in:
pineappleEA
408
externals/mbedtls/library/aes.c
vendored
408
externals/mbedtls/library/aes.c
vendored
@@ -1,8 +1,31 @@
|
||||
/*
|
||||
* FIPS-197 compliant AES implementation
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: GPL-2.0
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*
|
||||
* This file is provided under the Apache License 2.0, or the
|
||||
* GNU General Public License v2.0 or later.
|
||||
*
|
||||
* **********
|
||||
* Apache License 2.0:
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* **********
|
||||
*
|
||||
* **********
|
||||
* GNU General Public License v2.0 or later:
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@@ -18,7 +41,7 @@
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* **********
|
||||
*/
|
||||
/*
|
||||
* The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
|
||||
@@ -38,6 +61,7 @@
|
||||
#include <string.h>
|
||||
|
||||
#include "mbedtls/aes.h"
|
||||
#include "mbedtls/platform.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
#if defined(MBEDTLS_PADLOCK_C)
|
||||
#include "mbedtls/padlock.h"
|
||||
@@ -57,6 +81,12 @@
|
||||
|
||||
#if !defined(MBEDTLS_AES_ALT)
|
||||
|
||||
/* Parameter validation macros based on platform_util.h */
|
||||
#define AES_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA )
|
||||
#define AES_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (little endian)
|
||||
*/
|
||||
@@ -390,9 +420,9 @@ static uint32_t RCON[10];
|
||||
/*
|
||||
* Tables generation code
|
||||
*/
|
||||
#define ROTL8(x) ( ( x << 8 ) & 0xFFFFFFFF ) | ( x >> 24 )
|
||||
#define XTIME(x) ( ( x << 1 ) ^ ( ( x & 0x80 ) ? 0x1B : 0x00 ) )
|
||||
#define MUL(x,y) ( ( x && y ) ? pow[(log[x]+log[y]) % 255] : 0 )
|
||||
#define ROTL8(x) ( ( (x) << 8 ) & 0xFFFFFFFF ) | ( (x) >> 24 )
|
||||
#define XTIME(x) ( ( (x) << 1 ) ^ ( ( (x) & 0x80 ) ? 0x1B : 0x00 ) )
|
||||
#define MUL(x,y) ( ( (x) && (y) ) ? pow[(log[(x)]+log[(y)]) % 255] : 0 )
|
||||
|
||||
static int aes_init_done = 0;
|
||||
|
||||
@@ -512,6 +542,8 @@ static void aes_gen_tables( void )
|
||||
|
||||
void mbedtls_aes_init( mbedtls_aes_context *ctx )
|
||||
{
|
||||
AES_VALIDATE( ctx != NULL );
|
||||
|
||||
memset( ctx, 0, sizeof( mbedtls_aes_context ) );
|
||||
}
|
||||
|
||||
@@ -526,12 +558,17 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx )
|
||||
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
||||
void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx )
|
||||
{
|
||||
AES_VALIDATE( ctx != NULL );
|
||||
|
||||
mbedtls_aes_init( &ctx->crypt );
|
||||
mbedtls_aes_init( &ctx->tweak );
|
||||
}
|
||||
|
||||
void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_aes_free( &ctx->crypt );
|
||||
mbedtls_aes_free( &ctx->tweak );
|
||||
}
|
||||
@@ -547,14 +584,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
unsigned int i;
|
||||
uint32_t *RK;
|
||||
|
||||
#if !defined(MBEDTLS_AES_ROM_TABLES)
|
||||
if( aes_init_done == 0 )
|
||||
{
|
||||
aes_gen_tables();
|
||||
aes_init_done = 1;
|
||||
|
||||
}
|
||||
#endif
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( key != NULL );
|
||||
|
||||
switch( keybits )
|
||||
{
|
||||
@@ -564,6 +595,14 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_AES_ROM_TABLES)
|
||||
if( aes_init_done == 0 )
|
||||
{
|
||||
aes_gen_tables();
|
||||
aes_init_done = 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
|
||||
if( aes_padlock_ace == -1 )
|
||||
aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
|
||||
@@ -663,6 +702,9 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
uint32_t *RK;
|
||||
uint32_t *SK;
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( key != NULL );
|
||||
|
||||
mbedtls_aes_init( &cty );
|
||||
|
||||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
|
||||
@@ -718,6 +760,7 @@ exit:
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
||||
static int mbedtls_aes_xts_decode_keys( const unsigned char *key,
|
||||
@@ -753,6 +796,9 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
|
||||
const unsigned char *key1, *key2;
|
||||
unsigned int key1bits, key2bits;
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( key != NULL );
|
||||
|
||||
ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
|
||||
&key2, &key2bits );
|
||||
if( ret != 0 )
|
||||
@@ -775,6 +821,9 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
|
||||
const unsigned char *key1, *key2;
|
||||
unsigned int key1bits, key2bits;
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( key != NULL );
|
||||
|
||||
ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
|
||||
&key2, &key2bits );
|
||||
if( ret != 0 )
|
||||
@@ -790,53 +839,53 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_XTS */
|
||||
|
||||
#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */
|
||||
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
|
||||
do \
|
||||
{ \
|
||||
(X0) = *RK++ ^ AES_FT0( ( (Y0) ) & 0xFF ) ^ \
|
||||
AES_FT1( ( (Y1) >> 8 ) & 0xFF ) ^ \
|
||||
AES_FT2( ( (Y2) >> 16 ) & 0xFF ) ^ \
|
||||
AES_FT3( ( (Y3) >> 24 ) & 0xFF ); \
|
||||
\
|
||||
(X1) = *RK++ ^ AES_FT0( ( (Y1) ) & 0xFF ) ^ \
|
||||
AES_FT1( ( (Y2) >> 8 ) & 0xFF ) ^ \
|
||||
AES_FT2( ( (Y3) >> 16 ) & 0xFF ) ^ \
|
||||
AES_FT3( ( (Y0) >> 24 ) & 0xFF ); \
|
||||
\
|
||||
(X2) = *RK++ ^ AES_FT0( ( (Y2) ) & 0xFF ) ^ \
|
||||
AES_FT1( ( (Y3) >> 8 ) & 0xFF ) ^ \
|
||||
AES_FT2( ( (Y0) >> 16 ) & 0xFF ) ^ \
|
||||
AES_FT3( ( (Y1) >> 24 ) & 0xFF ); \
|
||||
\
|
||||
(X3) = *RK++ ^ AES_FT0( ( (Y3) ) & 0xFF ) ^ \
|
||||
AES_FT1( ( (Y0) >> 8 ) & 0xFF ) ^ \
|
||||
AES_FT2( ( (Y1) >> 16 ) & 0xFF ) ^ \
|
||||
AES_FT3( ( (Y2) >> 24 ) & 0xFF ); \
|
||||
} while( 0 )
|
||||
|
||||
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
|
||||
{ \
|
||||
X0 = *RK++ ^ AES_FT0( ( Y0 ) & 0xFF ) ^ \
|
||||
AES_FT1( ( Y1 >> 8 ) & 0xFF ) ^ \
|
||||
AES_FT2( ( Y2 >> 16 ) & 0xFF ) ^ \
|
||||
AES_FT3( ( Y3 >> 24 ) & 0xFF ); \
|
||||
\
|
||||
X1 = *RK++ ^ AES_FT0( ( Y1 ) & 0xFF ) ^ \
|
||||
AES_FT1( ( Y2 >> 8 ) & 0xFF ) ^ \
|
||||
AES_FT2( ( Y3 >> 16 ) & 0xFF ) ^ \
|
||||
AES_FT3( ( Y0 >> 24 ) & 0xFF ); \
|
||||
\
|
||||
X2 = *RK++ ^ AES_FT0( ( Y2 ) & 0xFF ) ^ \
|
||||
AES_FT1( ( Y3 >> 8 ) & 0xFF ) ^ \
|
||||
AES_FT2( ( Y0 >> 16 ) & 0xFF ) ^ \
|
||||
AES_FT3( ( Y1 >> 24 ) & 0xFF ); \
|
||||
\
|
||||
X3 = *RK++ ^ AES_FT0( ( Y3 ) & 0xFF ) ^ \
|
||||
AES_FT1( ( Y0 >> 8 ) & 0xFF ) ^ \
|
||||
AES_FT2( ( Y1 >> 16 ) & 0xFF ) ^ \
|
||||
AES_FT3( ( Y2 >> 24 ) & 0xFF ); \
|
||||
}
|
||||
|
||||
#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
|
||||
{ \
|
||||
X0 = *RK++ ^ AES_RT0( ( Y0 ) & 0xFF ) ^ \
|
||||
AES_RT1( ( Y3 >> 8 ) & 0xFF ) ^ \
|
||||
AES_RT2( ( Y2 >> 16 ) & 0xFF ) ^ \
|
||||
AES_RT3( ( Y1 >> 24 ) & 0xFF ); \
|
||||
\
|
||||
X1 = *RK++ ^ AES_RT0( ( Y1 ) & 0xFF ) ^ \
|
||||
AES_RT1( ( Y0 >> 8 ) & 0xFF ) ^ \
|
||||
AES_RT2( ( Y3 >> 16 ) & 0xFF ) ^ \
|
||||
AES_RT3( ( Y2 >> 24 ) & 0xFF ); \
|
||||
\
|
||||
X2 = *RK++ ^ AES_RT0( ( Y2 ) & 0xFF ) ^ \
|
||||
AES_RT1( ( Y1 >> 8 ) & 0xFF ) ^ \
|
||||
AES_RT2( ( Y0 >> 16 ) & 0xFF ) ^ \
|
||||
AES_RT3( ( Y3 >> 24 ) & 0xFF ); \
|
||||
\
|
||||
X3 = *RK++ ^ AES_RT0( ( Y3 ) & 0xFF ) ^ \
|
||||
AES_RT1( ( Y2 >> 8 ) & 0xFF ) ^ \
|
||||
AES_RT2( ( Y1 >> 16 ) & 0xFF ) ^ \
|
||||
AES_RT3( ( Y0 >> 24 ) & 0xFF ); \
|
||||
}
|
||||
#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
|
||||
do \
|
||||
{ \
|
||||
(X0) = *RK++ ^ AES_RT0( ( (Y0) ) & 0xFF ) ^ \
|
||||
AES_RT1( ( (Y3) >> 8 ) & 0xFF ) ^ \
|
||||
AES_RT2( ( (Y2) >> 16 ) & 0xFF ) ^ \
|
||||
AES_RT3( ( (Y1) >> 24 ) & 0xFF ); \
|
||||
\
|
||||
(X1) = *RK++ ^ AES_RT0( ( (Y1) ) & 0xFF ) ^ \
|
||||
AES_RT1( ( (Y0) >> 8 ) & 0xFF ) ^ \
|
||||
AES_RT2( ( (Y3) >> 16 ) & 0xFF ) ^ \
|
||||
AES_RT3( ( (Y2) >> 24 ) & 0xFF ); \
|
||||
\
|
||||
(X2) = *RK++ ^ AES_RT0( ( (Y2) ) & 0xFF ) ^ \
|
||||
AES_RT1( ( (Y1) >> 8 ) & 0xFF ) ^ \
|
||||
AES_RT2( ( (Y0) >> 16 ) & 0xFF ) ^ \
|
||||
AES_RT3( ( (Y3) >> 24 ) & 0xFF ); \
|
||||
\
|
||||
(X3) = *RK++ ^ AES_RT0( ( (Y3) ) & 0xFF ) ^ \
|
||||
AES_RT1( ( (Y2) >> 8 ) & 0xFF ) ^ \
|
||||
AES_RT2( ( (Y1) >> 16 ) & 0xFF ) ^ \
|
||||
AES_RT3( ( (Y0) >> 24 ) & 0xFF ); \
|
||||
} while( 0 )
|
||||
|
||||
/*
|
||||
* AES-ECB block encryption
|
||||
@@ -847,51 +896,56 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
int i;
|
||||
uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
|
||||
uint32_t *RK = ctx->rk;
|
||||
struct
|
||||
{
|
||||
uint32_t X[4];
|
||||
uint32_t Y[4];
|
||||
} t;
|
||||
|
||||
RK = ctx->rk;
|
||||
|
||||
GET_UINT32_LE( X0, input, 0 ); X0 ^= *RK++;
|
||||
GET_UINT32_LE( X1, input, 4 ); X1 ^= *RK++;
|
||||
GET_UINT32_LE( X2, input, 8 ); X2 ^= *RK++;
|
||||
GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++;
|
||||
GET_UINT32_LE( t.X[0], input, 0 ); t.X[0] ^= *RK++;
|
||||
GET_UINT32_LE( t.X[1], input, 4 ); t.X[1] ^= *RK++;
|
||||
GET_UINT32_LE( t.X[2], input, 8 ); t.X[2] ^= *RK++;
|
||||
GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++;
|
||||
|
||||
for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
|
||||
{
|
||||
AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
|
||||
AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
|
||||
AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
|
||||
AES_FROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] );
|
||||
}
|
||||
|
||||
AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
|
||||
AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
|
||||
|
||||
X0 = *RK++ ^ \
|
||||
( (uint32_t) FSb[ ( Y0 ) & 0xFF ] ) ^
|
||||
( (uint32_t) FSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
|
||||
t.X[0] = *RK++ ^ \
|
||||
( (uint32_t) FSb[ ( t.Y[0] ) & 0xFF ] ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[1] >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[3] >> 24 ) & 0xFF ] << 24 );
|
||||
|
||||
X1 = *RK++ ^ \
|
||||
( (uint32_t) FSb[ ( Y1 ) & 0xFF ] ) ^
|
||||
( (uint32_t) FSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
|
||||
t.X[1] = *RK++ ^ \
|
||||
( (uint32_t) FSb[ ( t.Y[1] ) & 0xFF ] ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[2] >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 );
|
||||
|
||||
X2 = *RK++ ^ \
|
||||
( (uint32_t) FSb[ ( Y2 ) & 0xFF ] ) ^
|
||||
( (uint32_t) FSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
|
||||
t.X[2] = *RK++ ^ \
|
||||
( (uint32_t) FSb[ ( t.Y[2] ) & 0xFF ] ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[3] >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[1] >> 24 ) & 0xFF ] << 24 );
|
||||
|
||||
X3 = *RK++ ^ \
|
||||
( (uint32_t) FSb[ ( Y3 ) & 0xFF ] ) ^
|
||||
( (uint32_t) FSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
|
||||
t.X[3] = *RK++ ^ \
|
||||
( (uint32_t) FSb[ ( t.Y[3] ) & 0xFF ] ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[0] >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) FSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 );
|
||||
|
||||
PUT_UINT32_LE( X0, output, 0 );
|
||||
PUT_UINT32_LE( X1, output, 4 );
|
||||
PUT_UINT32_LE( X2, output, 8 );
|
||||
PUT_UINT32_LE( X3, output, 12 );
|
||||
PUT_UINT32_LE( t.X[0], output, 0 );
|
||||
PUT_UINT32_LE( t.X[1], output, 4 );
|
||||
PUT_UINT32_LE( t.X[2], output, 8 );
|
||||
PUT_UINT32_LE( t.X[3], output, 12 );
|
||||
|
||||
mbedtls_platform_zeroize( &t, sizeof( t ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
@@ -915,51 +969,56 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
int i;
|
||||
uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
|
||||
uint32_t *RK = ctx->rk;
|
||||
struct
|
||||
{
|
||||
uint32_t X[4];
|
||||
uint32_t Y[4];
|
||||
} t;
|
||||
|
||||
RK = ctx->rk;
|
||||
|
||||
GET_UINT32_LE( X0, input, 0 ); X0 ^= *RK++;
|
||||
GET_UINT32_LE( X1, input, 4 ); X1 ^= *RK++;
|
||||
GET_UINT32_LE( X2, input, 8 ); X2 ^= *RK++;
|
||||
GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++;
|
||||
GET_UINT32_LE( t.X[0], input, 0 ); t.X[0] ^= *RK++;
|
||||
GET_UINT32_LE( t.X[1], input, 4 ); t.X[1] ^= *RK++;
|
||||
GET_UINT32_LE( t.X[2], input, 8 ); t.X[2] ^= *RK++;
|
||||
GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++;
|
||||
|
||||
for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
|
||||
{
|
||||
AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
|
||||
AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
|
||||
AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
|
||||
AES_RROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] );
|
||||
}
|
||||
|
||||
AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
|
||||
AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
|
||||
|
||||
X0 = *RK++ ^ \
|
||||
( (uint32_t) RSb[ ( Y0 ) & 0xFF ] ) ^
|
||||
( (uint32_t) RSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
|
||||
t.X[0] = *RK++ ^ \
|
||||
( (uint32_t) RSb[ ( t.Y[0] ) & 0xFF ] ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[3] >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[1] >> 24 ) & 0xFF ] << 24 );
|
||||
|
||||
X1 = *RK++ ^ \
|
||||
( (uint32_t) RSb[ ( Y1 ) & 0xFF ] ) ^
|
||||
( (uint32_t) RSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
|
||||
t.X[1] = *RK++ ^ \
|
||||
( (uint32_t) RSb[ ( t.Y[1] ) & 0xFF ] ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[0] >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 );
|
||||
|
||||
X2 = *RK++ ^ \
|
||||
( (uint32_t) RSb[ ( Y2 ) & 0xFF ] ) ^
|
||||
( (uint32_t) RSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
|
||||
t.X[2] = *RK++ ^ \
|
||||
( (uint32_t) RSb[ ( t.Y[2] ) & 0xFF ] ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[1] >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[3] >> 24 ) & 0xFF ] << 24 );
|
||||
|
||||
X3 = *RK++ ^ \
|
||||
( (uint32_t) RSb[ ( Y3 ) & 0xFF ] ) ^
|
||||
( (uint32_t) RSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
|
||||
t.X[3] = *RK++ ^ \
|
||||
( (uint32_t) RSb[ ( t.Y[3] ) & 0xFF ] ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[2] >> 8 ) & 0xFF ] << 8 ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^
|
||||
( (uint32_t) RSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 );
|
||||
|
||||
PUT_UINT32_LE( X0, output, 0 );
|
||||
PUT_UINT32_LE( X1, output, 4 );
|
||||
PUT_UINT32_LE( X2, output, 8 );
|
||||
PUT_UINT32_LE( X3, output, 12 );
|
||||
PUT_UINT32_LE( t.X[0], output, 0 );
|
||||
PUT_UINT32_LE( t.X[1], output, 4 );
|
||||
PUT_UINT32_LE( t.X[2], output, 8 );
|
||||
PUT_UINT32_LE( t.X[3], output, 12 );
|
||||
|
||||
mbedtls_platform_zeroize( &t, sizeof( t ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
@@ -978,10 +1037,16 @@ void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
|
||||
* AES-ECB block encryption/decryption
|
||||
*/
|
||||
int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] )
|
||||
int mode,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] )
|
||||
{
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( input != NULL );
|
||||
AES_VALIDATE_RET( output != NULL );
|
||||
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
|
||||
mode == MBEDTLS_AES_DECRYPT );
|
||||
|
||||
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
|
||||
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
|
||||
return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) );
|
||||
@@ -1019,6 +1084,13 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
||||
int i;
|
||||
unsigned char temp[16];
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
|
||||
mode == MBEDTLS_AES_DECRYPT );
|
||||
AES_VALIDATE_RET( iv != NULL );
|
||||
AES_VALIDATE_RET( input != NULL );
|
||||
AES_VALIDATE_RET( output != NULL );
|
||||
|
||||
if( length % 16 )
|
||||
return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
|
||||
|
||||
@@ -1144,11 +1216,18 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
|
||||
unsigned char prev_tweak[16];
|
||||
unsigned char tmp[16];
|
||||
|
||||
/* Sectors must be at least 16 bytes. */
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
|
||||
mode == MBEDTLS_AES_DECRYPT );
|
||||
AES_VALIDATE_RET( data_unit != NULL );
|
||||
AES_VALIDATE_RET( input != NULL );
|
||||
AES_VALIDATE_RET( output != NULL );
|
||||
|
||||
/* Data units must be at least 16 bytes long. */
|
||||
if( length < 16 )
|
||||
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
|
||||
|
||||
/* NIST SP 80-38E disallows data units larger than 2**20 blocks. */
|
||||
/* NIST SP 800-38E disallows data units larger than 2**20 blocks. */
|
||||
if( length > ( 1 << 20 ) * 16 )
|
||||
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
|
||||
|
||||
@@ -1243,7 +1322,20 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
||||
unsigned char *output )
|
||||
{
|
||||
int c;
|
||||
size_t n = *iv_off;
|
||||
size_t n;
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
|
||||
mode == MBEDTLS_AES_DECRYPT );
|
||||
AES_VALIDATE_RET( iv_off != NULL );
|
||||
AES_VALIDATE_RET( iv != NULL );
|
||||
AES_VALIDATE_RET( input != NULL );
|
||||
AES_VALIDATE_RET( output != NULL );
|
||||
|
||||
n = *iv_off;
|
||||
|
||||
if( n > 15 )
|
||||
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
|
||||
|
||||
if( mode == MBEDTLS_AES_DECRYPT )
|
||||
{
|
||||
@@ -1281,15 +1373,21 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
||||
* AES-CFB8 buffer encryption/decryption
|
||||
*/
|
||||
int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output )
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output )
|
||||
{
|
||||
unsigned char c;
|
||||
unsigned char ov[17];
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
|
||||
mode == MBEDTLS_AES_DECRYPT );
|
||||
AES_VALIDATE_RET( iv != NULL );
|
||||
AES_VALIDATE_RET( input != NULL );
|
||||
AES_VALIDATE_RET( output != NULL );
|
||||
while( length-- )
|
||||
{
|
||||
memcpy( ov, iv, 16 );
|
||||
@@ -1322,7 +1420,18 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
|
||||
unsigned char *output )
|
||||
{
|
||||
int ret = 0;
|
||||
size_t n = *iv_off;
|
||||
size_t n;
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( iv_off != NULL );
|
||||
AES_VALIDATE_RET( iv != NULL );
|
||||
AES_VALIDATE_RET( input != NULL );
|
||||
AES_VALIDATE_RET( output != NULL );
|
||||
|
||||
n = *iv_off;
|
||||
|
||||
if( n > 15 )
|
||||
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
|
||||
|
||||
while( length-- )
|
||||
{
|
||||
@@ -1357,7 +1466,16 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
|
||||
unsigned char *output )
|
||||
{
|
||||
int c, i;
|
||||
size_t n = *nc_off;
|
||||
size_t n;
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
AES_VALIDATE_RET( nc_off != NULL );
|
||||
AES_VALIDATE_RET( nonce_counter != NULL );
|
||||
AES_VALIDATE_RET( stream_block != NULL );
|
||||
AES_VALIDATE_RET( input != NULL );
|
||||
AES_VALIDATE_RET( output != NULL );
|
||||
|
||||
n = *nc_off;
|
||||
|
||||
if ( n > 0x0F )
|
||||
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
|
||||
@@ -1759,7 +1877,7 @@ int mbedtls_aes_self_test( int verbose )
|
||||
* there is an alternative underlying implementation i.e. when
|
||||
* MBEDTLS_AES_ALT is defined.
|
||||
*/
|
||||
if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
|
||||
if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
|
||||
{
|
||||
mbedtls_printf( "skipped\n" );
|
||||
continue;
|
||||
@@ -1823,7 +1941,7 @@ int mbedtls_aes_self_test( int verbose )
|
||||
* there is an alternative underlying implementation i.e. when
|
||||
* MBEDTLS_AES_ALT is defined.
|
||||
*/
|
||||
if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
|
||||
if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
|
||||
{
|
||||
mbedtls_printf( "skipped\n" );
|
||||
continue;
|
||||
@@ -1888,7 +2006,7 @@ int mbedtls_aes_self_test( int verbose )
|
||||
* there is an alternative underlying implementation i.e. when
|
||||
* MBEDTLS_AES_ALT is defined.
|
||||
*/
|
||||
if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
|
||||
if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
|
||||
{
|
||||
mbedtls_printf( "skipped\n" );
|
||||
continue;
|
||||
@@ -1951,7 +2069,7 @@ int mbedtls_aes_self_test( int verbose )
|
||||
* there is an alternative underlying implementation i.e. when
|
||||
* MBEDTLS_AES_ALT is defined.
|
||||
*/
|
||||
if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
|
||||
if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
|
||||
{
|
||||
mbedtls_printf( "skipped\n" );
|
||||
continue;
|
||||
|
||||
Reference in New Issue
Block a user