Asterisk: aesopt.h Source File

00001 /* 00002 --------------------------------------------------------------------------- 00003 Copyright (c) 2003, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK. 00004 All rights reserved. 00005 00006 LICENSE TERMS 00007 00008 The free distribution and use of this software in both source and binary 00009 form is allowed (with or without changes) provided that: 00010 00011 1. distributions of this source code include the above copyright 00012 notice, this list of conditions and the following disclaimer; 00013 00014 2. distributions in binary form include the above copyright 00015 notice, this list of conditions and the following disclaimer 00016 in the documentation and/or other associated materials; 00017 00018 3. the copyright holder's name is not used to endorse products 00019 built using this software without specific written permission. 00020 00021 ALTERNATIVELY, provided that this notice is retained in full, this product 00022 may be distributed under the terms of the GNU General Public License (GPL), 00023 in which case the provisions of the GPL apply INSTEAD OF those given above. 00024 00025 DISCLAIMER 00026 00027 This software is provided 'as is' with no explicit or implied warranties 00028 in respect of its properties, including, but not limited to, correctness 00029 and/or fitness for purpose. 00030 --------------------------------------------------------------------------- 00031 Issue Date: 26/08/2003 00032 00033 My thanks go to Dag Arne Osvik for devising the schemes used here for key 00034 length derivation from the form of the key schedule 00035 00036 This file contains the compilation options for AES (Rijndael) and code 00037 that is common across encryption, key scheduling and table generation. 00038 00039 OPERATION 00040 00041 These source code files implement the AES algorithm Rijndael designed by 00042 Joan Daemen and Vincent Rijmen. This version is designed for the standard 00043 block size of 16 bytes and for key sizes of 128, 192 and 256 bits (16, 24 00044 and 32 bytes). 00045 00046 This version is designed for flexibility and speed using operations on 00047 32-bit words rather than operations on bytes. It can be compiled with 00048 either big or little endian internal byte order but is faster when the 00049 native byte order for the processor is used. 00050 00051 THE CIPHER INTERFACE 00052 00053 The cipher interface is implemented as an array of bytes in which lower 00054 AES bit sequence indexes map to higher numeric significance within bytes. 00055 00056 aes_08t (an unsigned 8-bit type) 00057 aes_32t (an unsigned 32-bit type) 00058 struct aes_encrypt_ctx (structure for the cipher encryption context) 00059 struct aes_decrypt_ctx (structure for the cipher decryption context) 00060 aes_rval the function return type 00061 00062 C subroutine calls: 00063 00064 aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1]); 00065 aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1]); 00066 aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1]); 00067 aes_rval aes_encrypt(const void *in_blk, 00068 void *out_blk, const aes_encrypt_ctx cx[1]); 00069 00070 aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1]); 00071 aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1]); 00072 aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1]); 00073 aes_rval aes_decrypt(const void *in_blk, 00074 void *out_blk, const aes_decrypt_ctx cx[1]); 00075 00076 IMPORTANT NOTE: If you are using this C interface with dynamic tables make sure that 00077 you call genTabs() before AES is used so that the tables are initialised. 00078 00079 C++ aes class subroutines: 00080 00081 Class AESencrypt for encryption 00082 00083 Construtors: 00084 AESencrypt(void) 00085 AESencrypt(const void *in_key) - 128 bit key 00086 Members: 00087 void key128(const void *in_key) 00088 void key192(const void *in_key) 00089 void key256(const void *in_key) 00090 void encrypt(const void *in_blk, void *out_blk) const 00091 00092 Class AESdecrypt for encryption 00093 Construtors: 00094 AESdecrypt(void) 00095 AESdecrypt(const void *in_key) - 128 bit key 00096 Members: 00097 void key128(const void *in_key) 00098 void key192(const void *in_key) 00099 void key256(const void *in_key) 00100 void decrypt(const void *in_blk, void *out_blk) const 00101 00102 COMPILATION 00103 00104 The files used to provide AES (Rijndael) are 00105 00106 a. aes.h for the definitions needed for use in C. 00107 b. aescpp.h for the definitions needed for use in C++. 00108 c. aesopt.h for setting compilation options (also includes common code). 00109 d. aescrypt.c for encryption and decrytpion, or 00110 e. aeskey.c for key scheduling. 00111 f. aestab.c for table loading or generation. 00112 g. aescrypt.asm for encryption and decryption using assembler code. 00113 h. aescrypt.mmx.asm for encryption and decryption using MMX assembler. 00114 00115 To compile AES (Rijndael) for use in C code use aes.h and set the 00116 defines here for the facilities you need (key lengths, encryption 00117 and/or decryption). Do not define AES_DLL or AES_CPP. Set the options 00118 for optimisations and table sizes here. 00119 00120 To compile AES (Rijndael) for use in in C++ code use aescpp.h but do 00121 not define AES_DLL 00122 00123 To compile AES (Rijndael) in C as a Dynamic Link Library DLL) use 00124 aes.h and include the AES_DLL define. 00125 00126 CONFIGURATION OPTIONS (here and in aes.h) 00127 00128 a. set AES_DLL in aes.h if AES (Rijndael) is to be compiled as a DLL 00129 b. You may need to set PLATFORM_BYTE_ORDER to define the byte order. 00130 c. If you want the code to run in a specific internal byte order, then 00131 ALGORITHM_BYTE_ORDER must be set accordingly. 00132 d. set other configuration options decribed below. 00133 */ 00134 00135 #ifndef _AESOPT_H 00136 #define _AESOPT_H 00137 00138 #include <asterisk/aes.h> 00139 00140 /* CONFIGURATION - USE OF DEFINES 00141 00142 Later in this section there are a number of defines that control the 00143 operation of the code. In each section, the purpose of each define is 00144 explained so that the relevant form can be included or excluded by 00145 setting either 1's or 0's respectively on the branches of the related 00146 #if clauses. 00147 */ 00148 00149 /* PLATFORM SPECIFIC INCLUDES */ 00150 00151 #if defined( __OpenBSD__ ) 00152 # include <machine/types.h> 00153 # include <sys/endian.h> 00154 #elif defined( __FreeBSD__ ) 00155 # include <sys/types.h> 00156 # include <sys/endian.h> 00157 #elif defined( BSD ) && ( BSD >= 199103 ) || defined(__APPLE__) 00158 # include <machine/endian.h> 00159 #elif defined( __GNUC__ ) || defined( __GNU_LIBRARY__ ) 00160 # include <endian.h> 00161 #if !defined(__APPLE__) 00162 # include <byteswap.h> 00163 #endif 00164 #elif defined( linux ) 00165 # include <endian.h> 00166 #endif 00167 00168 /* BYTE ORDER IN 32-BIT WORDS 00169 00170 To obtain the highest speed on processors with 32-bit words, this code 00171 needs to determine the byte order of the target machine. The following 00172 block of code is an attempt to capture the most obvious ways in which 00173 various environemnts define byte order. It may well fail, in which case 00174 the definitions will need to be set by editing at the points marked 00175 **** EDIT HERE IF NECESSARY **** below. My thanks to Peter Gutmann for 00176 some of these defines (from cryptlib). 00177 */ 00178 00179 #define BRG_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */ 00180 #define BRG_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */ 00181 00182 #if defined( __alpha__ ) || defined( __alpha ) || defined( i386 ) || \ 00183 defined( __i386__ ) || defined( _M_I86 ) || defined( _M_IX86 ) || \ 00184 defined( __OS2__ ) || defined( sun386 ) || defined( __TURBOC__ ) || \ 00185 defined( vax ) || defined( vms ) || defined( VMS ) || \ 00186 defined( __VMS ) 00187 00188 #define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN 00189 00190 #endif 00191 00192 #if defined( AMIGA ) || defined( applec ) || defined( __AS400__ ) || \ 00193 defined( _CRAY ) || defined( __hppa ) || defined( __hp9000 ) || \ 00194 defined( ibm370 ) || defined( mc68000 ) || defined( m68k ) || \ 00195 defined( __MRC__ ) || defined( __MVS__ ) || defined( __MWERKS__ ) || \ 00196 defined( sparc ) || defined( __sparc) || defined( SYMANTEC_C ) || \ 00197 defined( __TANDEM ) || defined( THINK_C ) || defined( __VMCMS__ ) 00198 00199 #define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN 00200 00201 #endif 00202 00203 /* if the platform is still not known, try to find its byte order */ 00204 /* from commonly used definitions in the headers included earlier */ 00205 00206 #if !defined(PLATFORM_BYTE_ORDER) 00207 00208 #if defined(LITTLE_ENDIAN) || defined(BIG_ENDIAN) 00209 # if defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) 00210 # define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN 00211 # elif !defined(LITTLE_ENDIAN) && defined(BIG_ENDIAN) 00212 # define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN 00213 # elif defined(BYTE_ORDER) && (BYTE_ORDER == LITTLE_ENDIAN) 00214 # define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN 00215 # elif defined(BYTE_ORDER) && (BYTE_ORDER == BIG_ENDIAN) 00216 # define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN 00217 # endif 00218 00219 #elif defined(_LITTLE_ENDIAN) || defined(_BIG_ENDIAN) 00220 # if defined(_LITTLE_ENDIAN) && !defined(_BIG_ENDIAN) 00221 # define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN 00222 # elif !defined(_LITTLE_ENDIAN) && defined(_BIG_ENDIAN) 00223 # define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN 00224 # elif defined(_BYTE_ORDER) && (_BYTE_ORDER == _LITTLE_ENDIAN) 00225 # define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN 00226 # elif defined(_BYTE_ORDER) && (_BYTE_ORDER == _BIG_ENDIAN) 00227 # define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN 00228 # endif 00229 00230 #elif defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__) 00231 # if defined(__LITTLE_ENDIAN__) && !defined(__BIG_ENDIAN__) 00232 # define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN 00233 # elif !defined(__LITTLE_ENDIAN__) && defined(__BIG_ENDIAN__) 00234 # define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN 00235 # elif defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __LITTLE_ENDIAN__) 00236 # define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN 00237 # elif defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __BIG_ENDIAN__) 00238 # define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN 00239 # endif 00240 00241 #elif 0 /* **** EDIT HERE IF NECESSARY **** */ 00242 #define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN 00243 00244 #elif 0 /* **** EDIT HERE IF NECESSARY **** */ 00245 #define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN 00246 00247 #else 00248 #error Please edit aesopt.h (line 235 or 238) to set the platform byte order 00249 #endif 00250 00251 #endif 00252 00253 /* SOME LOCAL DEFINITIONS */ 00254 00255 #define NO_TABLES 0 00256 #define ONE_TABLE 1 00257 #define FOUR_TABLES 4 00258 #define NONE 0 00259 #define PARTIAL 1 00260 #define FULL 2 00261 00262 #if defined(bswap32) 00263 #define aes_sw32 bswap32 00264 #elif defined(bswap_32) 00265 #define aes_sw32 bswap_32 00266 #else 00267 #define brot(x,n) (((aes_32t)(x) << n) | ((aes_32t)(x) >> (32 - n))) 00268 #define aes_sw32(x) ((brot((x),8) & 0x00ff00ff) | (brot((x),24) & 0xff00ff00)) 00269 #endif 00270 00271 /* 1. FUNCTIONS REQUIRED 00272 00273 This implementation provides subroutines for encryption, decryption 00274 and for setting the three key lengths (separately) for encryption 00275 and decryption. When the assembler code is not being used the following 00276 definition blocks allow the selection of the routines that are to be 00277 included in the compilation. 00278 */ 00279 #ifdef AES_ENCRYPT 00280 #define ENCRYPTION 00281 #define ENCRYPTION_KEY_SCHEDULE 00282 #endif 00283 00284 #ifdef AES_DECRYPT 00285 #define DECRYPTION 00286 #define DECRYPTION_KEY_SCHEDULE 00287 #endif 00288 00289 /* 2. ASSEMBLER SUPPORT 00290 00291 This define (which can be on the command line) enables the use of the 00292 assembler code routines for encryption and decryption with the C code 00293 only providing key scheduling 00294 */ 00295 #if 0 00296 #define AES_ASM 00297 #endif 00298 00299 /* 3. BYTE ORDER WITHIN 32 BIT WORDS 00300 00301 The fundamental data processing units in Rijndael are 8-bit bytes. The 00302 input, output and key input are all enumerated arrays of bytes in which 00303 bytes are numbered starting at zero and increasing to one less than the 00304 number of bytes in the array in question. This enumeration is only used 00305 for naming bytes and does not imply any adjacency or order relationship 00306 from one byte to another. When these inputs and outputs are considered 00307 as bit sequences, bits 8*n to 8*n+7 of the bit sequence are mapped to 00308 byte[n] with bit 8n+i in the sequence mapped to bit 7-i within the byte. 00309 In this implementation bits are numbered from 0 to 7 starting at the 00310 numerically least significant end of each byte (bit n represents 2^n). 00311 00312 However, Rijndael can be implemented more efficiently using 32-bit 00313 words by packing bytes into words so that bytes 4*n to 4*n+3 are placed 00314 into word[n]. While in principle these bytes can be assembled into words 00315 in any positions, this implementation only supports the two formats in 00316 which bytes in adjacent positions within words also have adjacent byte 00317 numbers. This order is called big-endian if the lowest numbered bytes 00318 in words have the highest numeric significance and little-endian if the 00319 opposite applies. 00320 00321 This code can work in either order irrespective of the order used by the 00322 machine on which it runs. Normally the internal byte order will be set 00323 to the order of the processor on which the code is to be run but this 00324 define can be used to reverse this in special situations 00325 00326 NOTE: Assembler code versions rely on PLATFORM_BYTE_ORDER being set 00327 */ 00328 #if 1 || defined(AES_ASM) 00329 #define ALGORITHM_BYTE_ORDER PLATFORM_BYTE_ORDER 00330 #elif 0 00331 #define ALGORITHM_BYTE_ORDER BRG_LITTLE_ENDIAN 00332 #elif 0 00333 #define ALGORITHM_BYTE_ORDER BRG_BIG_ENDIAN 00334 #else 00335 #error The algorithm byte order is not defined 00336 #endif 00337 00338 /* 4. FAST INPUT/OUTPUT OPERATIONS. 00339 00340 On some machines it is possible to improve speed by transferring the 00341 bytes in the input and output arrays to and from the internal 32-bit 00342 variables by addressing these arrays as if they are arrays of 32-bit 00343 words. On some machines this will always be possible but there may 00344 be a large performance penalty if the byte arrays are not aligned on 00345 the normal word boundaries. On other machines this technique will 00346 lead to memory access errors when such 32-bit word accesses are not 00347 properly aligned. The option SAFE_IO avoids such problems but will 00348 often be slower on those machines that support misaligned access 00349 (especially so if care is taken to align the input and output byte 00350 arrays on 32-bit word boundaries). If SAFE_IO is not defined it is 00351 assumed that access to byte arrays as if they are arrays of 32-bit 00352 words will not cause problems when such accesses are misaligned. 00353 */ 00354 #if 1 && !defined(_MSC_VER) 00355 #define SAFE_IO 00356 #endif 00357 00358 /* 5. LOOP UNROLLING 00359 00360 The code for encryption and decrytpion cycles through a number of rounds 00361 that can be implemented either in a loop or by expanding the code into a 00362 long sequence of instructions, the latter producing a larger program but 00363 one that will often be much faster. The latter is called loop unrolling. 00364 There are also potential speed advantages in expanding two iterations in 00365 a loop with half the number of iterations, which is called partial loop 00366 unrolling. The following options allow partial or full loop unrolling 00367 to be set independently for encryption and decryption 00368 */ 00369 #if 1 00370 #define ENC_UNROLL FULL 00371 #elif 0 00372 #define ENC_UNROLL PARTIAL 00373 #else 00374 #define ENC_UNROLL NONE 00375 #endif 00376 00377 #if 1 00378 #define DEC_UNROLL FULL 00379 #elif 0 00380 #define DEC_UNROLL PARTIAL 00381 #else 00382 #define DEC_UNROLL NONE 00383 #endif 00384 00385 /* 6. FAST FINITE FIELD OPERATIONS 00386 00387 If this section is included, tables are used to provide faster finite 00388 field arithmetic (this has no effect if FIXED_TABLES is defined). 00389 */ 00390 #if 1 00391 #define FF_TABLES 00392 #endif 00393 00394 /* 7. INTERNAL STATE VARIABLE FORMAT 00395 00396 The internal state of Rijndael is stored in a number of local 32-bit 00397 word varaibles which can be defined either as an array or as individual 00398 names variables. Include this section if you want to store these local 00399 varaibles in arrays. Otherwise individual local variables will be used. 00400 */ 00401 #if 1 00402 #define ARRAYS 00403 #endif 00404 00405 /* In this implementation the columns of the state array are each held in 00406 32-bit words. The state array can be held in various ways: in an array 00407 of words, in a number of individual word variables or in a number of 00408 processor registers. The following define maps a variable name x and 00409 a column number c to the way the state array variable is to be held. 00410 The first define below maps the state into an array x[c] whereas the 00411 second form maps the state into a number of individual variables x0, 00412 x1, etc. Another form could map individual state colums to machine 00413 register names. 00414 */ 00415 00416 #if defined(ARRAYS) 00417 #define s(x,c) x[c] 00418 #else 00419 #define s(x,c) x##c 00420 #endif 00421 00422 /* 8. FIXED OR DYNAMIC TABLES 00423 00424 When this section is included the tables used by the code are compiled 00425 statically into the binary file. Otherwise the subroutine gen_tabs() 00426 must be called to compute them before the code is first used. 00427 */ 00428 #if 1 00429 #define FIXED_TABLES 00430 #endif 00431 00432 /* 9. TABLE ALIGNMENT 00433 00434 On some sytsems speed will be improved by aligning the AES large lookup 00435 tables on particular boundaries. This define should be set to a power of 00436 two giving the desired alignment. It can be left undefined if alignment 00437 is not needed. This option is specific to the Microsft VC++ compiler - 00438 it seems to sometimes cause trouble for the VC++ version 6 compiler. 00439 */ 00440 00441 #if 0 && defined(_MSC_VER) && (_MSC_VER >= 1300) 00442 #define TABLE_ALIGN 64 00443 #endif 00444 00445 /* 10. INTERNAL TABLE CONFIGURATION 00446 00447 This cipher proceeds by repeating in a number of cycles known as 'rounds' 00448 which are implemented by a round function which can optionally be speeded 00449 up using tables. The basic tables are each 256 32-bit words, with either 00450 one or four tables being required for each round function depending on 00451 how much speed is required. The encryption and decryption round functions 00452 are different and the last encryption and decrytpion round functions are 00453 different again making four different round functions in all. 00454 00455 This means that: 00456 1. Normal encryption and decryption rounds can each use either 0, 1 00457 or 4 tables and table spaces of 0, 1024 or 4096 bytes each. 00458 2. The last encryption and decryption rounds can also use either 0, 1 00459 or 4 tables and table spaces of 0, 1024 or 4096 bytes each. 00460 00461 Include or exclude the appropriate definitions below to set the number 00462 of tables used by this implementation. 00463 */ 00464 00465 #if 1 /* set tables for the normal encryption round */ 00466 #define ENC_ROUND FOUR_TABLES 00467 #elif 0 00468 #define ENC_ROUND ONE_TABLE 00469 #else 00470 #define ENC_ROUND NO_TABLES 00471 #endif 00472 00473 #if 1 /* set tables for the last encryption round */ 00474 #define LAST_ENC_ROUND FOUR_TABLES 00475 #elif 0 00476 #define LAST_ENC_ROUND ONE_TABLE 00477 #else 00478 #define LAST_ENC_ROUND NO_TABLES 00479 #endif 00480 00481 #if 1 /* set tables for the normal decryption round */ 00482 #define DEC_ROUND FOUR_TABLES 00483 #elif 0 00484 #define DEC_ROUND ONE_TABLE 00485 #else 00486 #define DEC_ROUND NO_TABLES 00487 #endif 00488 00489 #if 1 /* set tables for the last decryption round */ 00490 #define LAST_DEC_ROUND FOUR_TABLES 00491 #elif 0 00492 #define LAST_DEC_ROUND ONE_TABLE 00493 #else 00494 #define LAST_DEC_ROUND NO_TABLES 00495 #endif 00496 00497 /* The decryption key schedule can be speeded up with tables in the same 00498 way that the round functions can. Include or exclude the following 00499 defines to set this requirement. 00500 */ 00501 #if 1 00502 #define KEY_SCHED FOUR_TABLES 00503 #elif 0 00504 #define KEY_SCHED ONE_TABLE 00505 #else 00506 #define KEY_SCHED NO_TABLES 00507 #endif 00508 00509 /* END OF CONFIGURATION OPTIONS */ 00510 00511 #define RC_LENGTH (5 * (AES_BLOCK_SIZE / 4 - 2)) 00512 00513 /* Disable or report errors on some combinations of options */ 00514 00515 #if ENC_ROUND == NO_TABLES && LAST_ENC_ROUND != NO_TABLES 00516 #undef LAST_ENC_ROUND 00517 #define LAST_ENC_ROUND NO_TABLES 00518 #elif ENC_ROUND == ONE_TABLE && LAST_ENC_ROUND == FOUR_TABLES 00519 #undef LAST_ENC_ROUND 00520 #define LAST_ENC_ROUND ONE_TABLE 00521 #endif 00522 00523 #if ENC_ROUND == NO_TABLES && ENC_UNROLL != NONE 00524 #undef ENC_UNROLL 00525 #define ENC_UNROLL NONE 00526 #endif 00527 00528 #if DEC_ROUND == NO_TABLES && LAST_DEC_ROUND != NO_TABLES 00529 #undef LAST_DEC_ROUND 00530 #define LAST_DEC_ROUND NO_TABLES 00531 #elif DEC_ROUND == ONE_TABLE && LAST_DEC_ROUND == FOUR_TABLES 00532 #undef LAST_DEC_ROUND 00533 #define LAST_DEC_ROUND ONE_TABLE 00534 #endif 00535 00536 #if DEC_ROUND == NO_TABLES && DEC_UNROLL != NONE 00537 #undef DEC_UNROLL 00538 #define DEC_UNROLL NONE 00539 #endif 00540 00541 /* upr(x,n): rotates bytes within words by n positions, moving bytes to 00542 higher index positions with wrap around into low positions 00543 ups(x,n): moves bytes by n positions to higher index positions in 00544 words but without wrap around 00545 bval(x,n): extracts a byte from a word 00546 00547 NOTE: The definitions given here are intended only for use with 00548 unsigned variables and with shift counts that are compile 00549 time constants 00550 */ 00551 00552 #if (ALGORITHM_BYTE_ORDER == BRG_LITTLE_ENDIAN) 00553 #define upr(x,n) (((aes_32t)(x) << (8 * (n))) | ((aes_32t)(x) >> (32 - 8 * (n)))) 00554 #define ups(x,n) ((aes_32t) (x) << (8 * (n))) 00555 #define bval(x,n) ((aes_08t)((x) >> (8 * (n)))) 00556 #define bytes2word(b0, b1, b2, b3) \ 00557 (((aes_32t)(b3) << 24) | ((aes_32t)(b2) << 16) | ((aes_32t)(b1) << 8) | (b0)) 00558 #endif 00559 00560 #if (ALGORITHM_BYTE_ORDER == BRG_BIG_ENDIAN) 00561 #define upr(x,n) (((aes_32t)(x) >> (8 * (n))) | ((aes_32t)(x) << (32 - 8 * (n)))) 00562 #define ups(x,n) ((aes_32t) (x) >> (8 * (n)))) 00563 #define bval(x,n) ((aes_08t)((x) >> (24 - 8 * (n)))) 00564 #define bytes2word(b0, b1, b2, b3) \ 00565 (((aes_32t)(b0) << 24) | ((aes_32t)(b1) << 16) | ((aes_32t)(b2) << 8) | (b3)) 00566 #endif 00567 00568 #if defined(SAFE_IO) 00569 00570 #define word_in(x,c) bytes2word(((aes_08t*)(x)+4*c)[0], ((aes_08t*)(x)+4*c)[1], \ 00571 ((aes_08t*)(x)+4*c)[2], ((aes_08t*)(x)+4*c)[3]) 00572 #define word_out(x,c,v) { ((aes_08t*)(x)+4*c)[0] = bval(v,0); ((aes_08t*)(x)+4*c)[1] = bval(v,1); \ 00573 ((aes_08t*)(x)+4*c)[2] = bval(v,2); ((aes_08t*)(x)+4*c)[3] = bval(v,3); } 00574 00575 #elif (ALGORITHM_BYTE_ORDER == PLATFORM_BYTE_ORDER) 00576 00577 #define word_in(x,c) (*((aes_32t*)(x)+(c))) 00578 #define word_out(x,c,v) (*((aes_32t*)(x)+(c)) = (v)) 00579 00580 #else 00581 00582 #define word_in(x,c) aes_sw32(*((aes_32t*)(x)+(c))) 00583 #define word_out(x,c,v) (*((aes_32t*)(x)+(c)) = aes_sw32(v)) 00584 00585 #endif 00586 00587 /* the finite field modular polynomial and elements */ 00588 00589 #define WPOLY 0x011b 00590 #define BPOLY 0x1b 00591 00592 /* multiply four bytes in GF(2^8) by 'x' {02} in parallel */ 00593 00594 #define m1 0x80808080 00595 #define m2 0x7f7f7f7f 00596 #define gf_mulx(x) ((((x) & m2) << 1) ^ ((((x) & m1) >> 7) * BPOLY)) 00597 00598 /* The following defines provide alternative definitions of gf_mulx that might 00599 give improved performance if a fast 32-bit multiply is not available. Note 00600 that a temporary variable u needs to be defined where gf_mulx is used. 00601 00602 #define gf_mulx(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6)) 00603 #define m4 (0x01010101 * BPOLY) 00604 #define gf_mulx(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4) 00605 */ 00606 00607 /* Work out which tables are needed for the different options */ 00608 00609 #ifdef AES_ASM 00610 #ifdef ENC_ROUND 00611 #undef ENC_ROUND 00612 #endif 00613 #define ENC_ROUND FOUR_TABLES 00614 #ifdef LAST_ENC_ROUND 00615 #undef LAST_ENC_ROUND 00616 #endif 00617 #define LAST_ENC_ROUND FOUR_TABLES 00618 #ifdef DEC_ROUND 00619 #undef DEC_ROUND 00620 #endif 00621 #define DEC_ROUND FOUR_TABLES 00622 #ifdef LAST_DEC_ROUND 00623 #undef LAST_DEC_ROUND 00624 #endif 00625 #define LAST_DEC_ROUND FOUR_TABLES 00626 #ifdef KEY_SCHED 00627 #undef KEY_SCHED 00628 #define KEY_SCHED FOUR_TABLES 00629 #endif 00630 #endif 00631 00632 #if defined(ENCRYPTION) || defined(AES_ASM) 00633 #if ENC_ROUND == ONE_TABLE 00634 #define FT1_SET 00635 #elif ENC_ROUND == FOUR_TABLES 00636 #define FT4_SET 00637 #else 00638 #define SBX_SET 00639 #endif 00640 #if LAST_ENC_ROUND == ONE_TABLE 00641 #define FL1_SET 00642 #elif LAST_ENC_ROUND == FOUR_TABLES 00643 #define FL4_SET 00644 #elif !defined(SBX_SET) 00645 #define SBX_SET 00646 #endif 00647 #endif 00648 00649 #if defined(DECRYPTION) || defined(AES_ASM) 00650 #if DEC_ROUND == ONE_TABLE 00651 #define IT1_SET 00652 #elif DEC_ROUND == FOUR_TABLES 00653 #define IT4_SET 00654 #else 00655 #define ISB_SET 00656 #endif 00657 #if LAST_DEC_ROUND == ONE_TABLE 00658 #define IL1_SET 00659 #elif LAST_DEC_ROUND == FOUR_TABLES 00660 #define IL4_SET 00661 #elif !defined(ISB_SET) 00662 #define ISB_SET 00663 #endif 00664 #endif 00665 00666 #if defined(ENCRYPTION_KEY_SCHEDULE) || defined(DECRYPTION_KEY_SCHEDULE) 00667 #if KEY_SCHED == ONE_TABLE 00668 #define LS1_SET 00669 #define IM1_SET 00670 #elif KEY_SCHED == FOUR_TABLES 00671 #define LS4_SET 00672 #define IM4_SET 00673 #elif !defined(SBX_SET) 00674 #define SBX_SET 00675 #endif 00676 #endif 00677 00678 /* generic definitions of Rijndael macros that use tables */ 00679 00680 #define no_table(x,box,vf,rf,c) bytes2word( \ 00681 box[bval(vf(x,0,c),rf(0,c))], \ 00682 box[bval(vf(x,1,c),rf(1,c))], \ 00683 box[bval(vf(x,2,c),rf(2,c))], \ 00684 box[bval(vf(x,3,c),rf(3,c))]) 00685 00686 #define one_table(x,op,tab,vf,rf,c) \ 00687 ( tab[bval(vf(x,0,c),rf(0,c))] \ 00688 ^ op(tab[bval(vf(x,1,c),rf(1,c))],1) \ 00689 ^ op(tab[bval(vf(x,2,c),rf(2,c))],2) \ 00690 ^ op(tab[bval(vf(x,3,c),rf(3,c))],3)) 00691 00692 #define four_tables(x,tab,vf,rf,c) \ 00693 ( tab[0][bval(vf(x,0,c),rf(0,c))] \ 00694 ^ tab[1][bval(vf(x,1,c),rf(1,c))] \ 00695 ^ tab[2][bval(vf(x,2,c),rf(2,c))] \ 00696 ^ tab[3][bval(vf(x,3,c),rf(3,c))]) 00697 00698 #define vf1(x,r,c) (x) 00699 #define rf1(r,c) (r) 00700 #define rf2(r,c) ((8+r-c)&3) 00701 00702 /* perform forward and inverse column mix operation on four bytes in long word x in */ 00703 /* parallel. NOTE: x must be a simple variable, NOT an expression in these macros. */ 00704 00705 #if defined(FM4_SET) /* not currently used */ 00706 #define fwd_mcol(x) four_tables(x,t_use(f,m),vf1,rf1,0) 00707 #elif defined(FM1_SET) /* not currently used */ 00708 #define fwd_mcol(x) one_table(x,upr,t_use(f,m),vf1,rf1,0) 00709 #else 00710 #define dec_fmvars aes_32t g2 00711 #define fwd_mcol(x) (g2 = gf_mulx(x), g2 ^ upr((x) ^ g2, 3) ^ upr((x), 2) ^ upr((x), 1)) 00712 #endif 00713 00714 #if defined(IM4_SET) 00715 #define inv_mcol(x) four_tables(x,t_use(i,m),vf1,rf1,0) 00716 #elif defined(IM1_SET) 00717 #define inv_mcol(x) one_table(x,upr,t_use(i,m),vf1,rf1,0) 00718 #else 00719 #define dec_imvars aes_32t g2, g4, g9 00720 #define inv_mcol(x) (g2 = gf_mulx(x), g4 = gf_mulx(g2), g9 = (x) ^ gf_mulx(g4), g4 ^= g9, \ 00721 (x) ^ g2 ^ g4 ^ upr(g2 ^ g9, 3) ^ upr(g4, 2) ^ upr(g9, 1)) 00722 #endif 00723 00724 #if defined(FL4_SET) 00725 #define ls_box(x,c) four_tables(x,t_use(f,l),vf1,rf2,c) 00726 #elif defined(LS4_SET) 00727 #define ls_box(x,c) four_tables(x,t_use(l,s),vf1,rf2,c) 00728 #elif defined(FL1_SET) 00729 #define ls_box(x,c) one_table(x,upr,t_use(f,l),vf1,rf2,c) 00730 #elif defined(LS1_SET) 00731 #define ls_box(x,c) one_table(x,upr,t_use(l,s),vf1,rf2,c) 00732 #else 00733 #define ls_box(x,c) no_table(x,t_use(s,box),vf1,rf2,c) 00734 #endif 00735 00736 #if defined(__cplusplus) 00737 extern "C" 00738 { 00739 #endif 00740 00741 /* If there are no global variables, the definitions here can be 00742 used to put the AES tables in a structure so that a pointer 00743 can then be added to the AES context to pass them to the AES 00744 routines that need them. If this facility is used, the calling 00745 program has to ensure that this pointer is managed appropriately. 00746 In particular, the value of the t_dec(in,it) item in the table 00747 structure must be set to zero in order to ensure that the tables 00748 are initialised. In practice the three code sequences in aeskey.c 00749 that control the calls to gen_tabs() and the gen_tabs() routine 00750 itself will have to be changed for a specific implementation. If 00751 global variables are available it will generally be preferable to 00752 use them with the precomputed FIXED_TABLES option that uses static 00753 global tables. 00754 00755 The following defines can be used to control the way the tables 00756 are defined, initialised and used in embedded environments that 00757 require special features for these purposes 00758 00759 the 't_dec' construction is used to declare fixed table arrays 00760 the 't_set' construction is used to set fixed table values 00761 the 't_use' construction is used to access fixed table values 00762 00763 256 byte tables: 00764 00765 t_xxx(s,box) => forward S box 00766 t_xxx(i,box) => inverse S box 00767 00768 256 32-bit word OR 4 x 256 32-bit word tables: 00769 00770 t_xxx(f,n) => forward normal round 00771 t_xxx(f,l) => forward last round 00772 t_xxx(i,n) => inverse normal round 00773 t_xxx(i,l) => inverse last round 00774 t_xxx(l,s) => key schedule table 00775 t_xxx(i,m) => key schedule table 00776 00777 Other variables and tables: 00778 00779 t_xxx(r,c) => the rcon table 00780 */ 00781 00782 #define t_dec(m,n) t_##m##n 00783 #define t_set(m,n) t_##m##n 00784 #define t_use(m,n) t_##m##n 00785 00786 #if defined(DO_TABLES) /* declare and instantiate tables */ 00787 00788 /* finite field arithmetic operations for table generation */ 00789 00790 #if defined(FIXED_TABLES) || !defined(FF_TABLES) 00791 00792 #define f2(x) ((x<<1) ^ (((x>>7) & 1) * WPOLY)) 00793 #define f4(x) ((x<<2) ^ (((x>>6) & 1) * WPOLY) ^ (((x>>6) & 2) * WPOLY)) 00794 #define f8(x) ((x<<3) ^ (((x>>5) & 1) * WPOLY) ^ (((x>>5) & 2) * WPOLY) \ 00795 ^ (((x>>5) & 4) * WPOLY)) 00796 #define f3(x) (f2(x) ^ x) 00797 #define f9(x) (f8(x) ^ x) 00798 #define fb(x) (f8(x) ^ f2(x) ^ x) 00799 #define fd(x) (f8(x) ^ f4(x) ^ x) 00800 #define fe(x) (f8(x) ^ f4(x) ^ f2(x)) 00801 00802 #else 00803 00804 #define f2(x) ((x) ? pow[log[x] + 0x19] : 0) 00805 #define f3(x) ((x) ? pow[log[x] + 0x01] : 0) 00806 #define f9(x) ((x) ? pow[log[x] + 0xc7] : 0) 00807 #define fb(x) ((x) ? pow[log[x] + 0x68] : 0) 00808 #define fd(x) ((x) ? pow[log[x] + 0xee] : 0) 00809 #define fe(x) ((x) ? pow[log[x] + 0xdf] : 0) 00810 #define fi(x) ((x) ? pow[ 255 - log[x]] : 0) 00811 00812 #endif 00813 00814 #if defined(FIXED_TABLES) /* declare and set values for static tables */ 00815 00816 #define sb_data(w) \ 00817 w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\ 00818 w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\ 00819 w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\ 00820 w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\ 00821 w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\ 00822 w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\ 00823 w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\ 00824 w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\ 00825 w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\ 00826 w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\ 00827 w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\ 00828 w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\ 00829 w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\ 00830 w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\ 00831 w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\ 00832 w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\ 00833 w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\ 00834 w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\ 00835 w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\ 00836 w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\ 00837 w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\ 00838 w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\ 00839 w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\ 00840 w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\ 00841 w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\ 00842 w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\ 00843 w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\ 00844 w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\ 00845 w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\ 00846 w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\ 00847 w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\ 00848 w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16) 00849 00850 #define isb_data(w) \ 00851 w(0x52), w(0x09), w(0x6a), w(0xd5), w(0x30), w(0x36), w(0xa5), w(0x38),\ 00852 w(0xbf), w(0x40), w(0xa3), w(0x9e), w(0x81), w(0xf3), w(0xd7), w(0xfb),\ 00853 w(0x7c), w(0xe3), w(0x39), w(0x82), w(0x9b), w(0x2f), w(0xff), w(0x87),\ 00854 w(0x34), w(0x8e), w(0x43), w(0x44), w(0xc4), w(0xde), w(0xe9), w(0xcb),\ 00855 w(0x54), w(0x7b), w(0x94), w(0x32), w(0xa6), w(0xc2), w(0x23), w(0x3d),\ 00856 w(0xee), w(0x4c), w(0x95), w(0x0b), w(0x42), w(0xfa), w(0xc3), w(0x4e),\ 00857 w(0x08), w(0x2e), w(0xa1), w(0x66), w(0x28), w(0xd9), w(0x24), w(0xb2),\ 00858 w(0x76), w(0x5b), w(0xa2), w(0x49), w(0x6d), w(0x8b), w(0xd1), w(0x25),\ 00859 w(0x72), w(0xf8), w(0xf6), w(0x64), w(0x86), w(0x68), w(0x98), w(0x16),\ 00860 w(0xd4), w(0xa4), w(0x5c), w(0xcc), w(0x5d), w(0x65), w(0xb6), w(0x92),\ 00861 w(0x6c), w(0x70), w(0x48), w(0x50), w(0xfd), w(0xed), w(0xb9), w(0xda),\ 00862 w(0x5e), w(0x15), w(0x46), w(0x57), w(0xa7), w(0x8d), w(0x9d), w(0x84),\ 00863 w(0x90), w(0xd8), w(0xab), w(0x00), w(0x8c), w(0xbc), w(0xd3), w(0x0a),\ 00864 w(0xf7), w(0xe4), w(0x58), w(0x05), w(0xb8), w(0xb3), w(0x45), w(0x06),\ 00865 w(0xd0), w(0x2c), w(0x1e), w(0x8f), w(0xca), w(0x3f), w(0x0f), w(0x02),\ 00866 w(0xc1), w(0xaf), w(0xbd), w(0x03), w(0x01), w(0x13), w(0x8a), w(0x6b),\ 00867 w(0x3a), w(0x91), w(0x11), w(0x41), w(0x4f), w(0x67), w(0xdc), w(0xea),\ 00868 w(0x97), w(0xf2), w(0xcf), w(0xce), w(0xf0), w(0xb4), w(0xe6), w(0x73),\ 00869 w(0x96), w(0xac), w(0x74), w(0x22), w(0xe7), w(0xad), w(0x35), w(0x85),\ 00870 w(0xe2), w(0xf9), w(0x37), w(0xe8), w(0x1c), w(0x75), w(0xdf), w(0x6e),\ 00871 w(0x47), w(0xf1), w(0x1a), w(0x71), w(0x1d), w(0x29), w(0xc5), w(0x89),\ 00872 w(0x6f), w(0xb7), w(0x62), w(0x0e), w(0xaa), w(0x18), w(0xbe), w(0x1b),\ 00873 w(0xfc), w(0x56), w(0x3e), w(0x4b), w(0xc6), w(0xd2), w(0x79), w(0x20),\ 00874 w(0x9a), w(0xdb), w(0xc0), w(0xfe), w(0x78), w(0xcd), w(0x5a), w(0xf4),\ 00875 w(0x1f), w(0xdd), w(0xa8), w(0x33), w(0x88), w(0x07), w(0xc7), w(0x31),\ 00876 w(0xb1), w(0x12), w(0x10), w(0x59), w(0x27), w(0x80), w(0xec), w(0x5f),\ 00877 w(0x60), w(0x51), w(0x7f), w(0xa9), w(0x19), w(0xb5), w(0x4a), w(0x0d),\ 00878 w(0x2d), w(0xe5), w(0x7a), w(0x9f), w(0x93), w(0xc9), w(0x9c), w(0xef),\ 00879 w(0xa0), w(0xe0), w(0x3b), w(0x4d), w(0xae), w(0x2a), w(0xf5), w(0xb0),\ 00880 w(0xc8), w(0xeb), w(0xbb), w(0x3c), w(0x83), w(0x53), w(0x99), w(0x61),\ 00881 w(0x17), w(0x2b), w(0x04), w(0x7e), w(0xba), w(0x77), w(0xd6), w(0x26),\ 00882 w(0xe1), w(0x69), w(0x14), w(0x63), w(0x55), w(0x21), w(0x0c), w(0x7d), 00883 00884 #define mm_data(w) \ 00885 w(0x00), w(0x01), w(0x02), w(0x03), w(0x04), w(0x05), w(0x06), w(0x07),\ 00886 w(0x08), w(0x09), w(0x0a), w(0x0b), w(0x0c), w(0x0d), w(0x0e), w(0x0f),\ 00887 w(0x10), w(0x11), w(0x12), w(0x13), w(0x14), w(0x15), w(0x16), w(0x17),\ 00888 w(0x18), w(0x19), w(0x1a), w(0x1b), w(0x1c), w(0x1d), w(0x1e), w(0x1f),\ 00889 w(0x20), w(0x21), w(0x22), w(0x23), w(0x24), w(0x25), w(0x26), w(0x27),\ 00890 w(0x28), w(0x29), w(0x2a), w(0x2b), w(0x2c), w(0x2d), w(0x2e), w(0x2f),\ 00891 w(0x30), w(0x31), w(0x32), w(0x33), w(0x34), w(0x35), w(0x36), w(0x37),\ 00892 w(0x38), w(0x39), w(0x3a), w(0x3b), w(0x3c), w(0x3d), w(0x3e), w(0x3f),\ 00893 w(0x40), w(0x41), w(0x42), w(0x43), w(0x44), w(0x45), w(0x46), w(0x47),\ 00894 w(0x48), w(0x49), w(0x4a), w(0x4b), w(0x4c), w(0x4d), w(0x4e), w(0x4f),\ 00895 w(0x50), w(0x51), w(0x52), w(0x53), w(0x54), w(0x55), w(0x56), w(0x57),\ 00896 w(0x58), w(0x59), w(0x5a), w(0x5b), w(0x5c), w(0x5d), w(0x5e), w(0x5f),\ 00897 w(0x60), w(0x61), w(0x62), w(0x63), w(0x64), w(0x65), w(0x66), w(0x67),\ 00898 w(0x68), w(0x69), w(0x6a), w(0x6b), w(0x6c), w(0x6d), w(0x6e), w(0x6f),\ 00899 w(0x70), w(0x71), w(0x72), w(0x73), w(0x74), w(0x75), w(0x76), w(0x77),\ 00900 w(0x78), w(0x79), w(0x7a), w(0x7b), w(0x7c), w(0x7d), w(0x7e), w(0x7f),\ 00901 w(0x80), w(0x81), w(0x82), w(0x83), w(0x84), w(0x85), w(0x86), w(0x87),\ 00902 w(0x88), w(0x89), w(0x8a), w(0x8b), w(0x8c), w(0x8d), w(0x8e), w(0x8f),\ 00903 w(0x90), w(0x91), w(0x92), w(0x93), w(0x94), w(0x95), w(0x96), w(0x97),\ 00904 w(0x98), w(0x99), w(0x9a), w(0x9b), w(0x9c), w(0x9d), w(0x9e), w(0x9f),\ 00905 w(0xa0), w(0xa1), w(0xa2), w(0xa3), w(0xa4), w(0xa5), w(0xa6), w(0xa7),\ 00906 w(0xa8), w(0xa9), w(0xaa), w(0xab), w(0xac), w(0xad), w(0xae), w(0xaf),\ 00907 w(0xb0), w(0xb1), w(0xb2), w(0xb3), w(0xb4), w(0xb5), w(0xb6), w(0xb7),\ 00908 w(0xb8), w(0xb9), w(0xba), w(0xbb), w(0xbc), w(0xbd), w(0xbe), w(0xbf),\ 00909 w(0xc0), w(0xc1), w(0xc2), w(0xc3), w(0xc4), w(0xc5), w(0xc6), w(0xc7),\ 00910 w(0xc8), w(0xc9), w(0xca), w(0xcb), w(0xcc), w(0xcd), w(0xce), w(0xcf),\ 00911 w(0xd0), w(0xd1), w(0xd2), w(0xd3), w(0xd4), w(0xd5), w(0xd6), w(0xd7),\ 00912 w(0xd8), w(0xd9), w(0xda), w(0xdb), w(0xdc), w(0xdd), w(0xde), w(0xdf),\ 00913 w(0xe0), w(0xe1), w(0xe2), w(0xe3), w(0xe4), w(0xe5), w(0xe6), w(0xe7),\ 00914 w(0xe8), w(0xe9), w(0xea), w(0xeb), w(0xec), w(0xed), w(0xee), w(0xef),\ 00915 w(0xf0), w(0xf1), w(0xf2), w(0xf3), w(0xf4), w(0xf5), w(0xf6), w(0xf7),\ 00916 w(0xf8), w(0xf9), w(0xfa), w(0xfb), w(0xfc), w(0xfd), w(0xfe), w(0xff) 00917 00918 #define h0(x) (x) 00919 00920 /* These defines are used to ensure tables are generated in the 00921 right format depending on the internal byte order required 00922 */ 00923 00924 #define w0(p) bytes2word(p, 0, 0, 0) 00925 #define w1(p) bytes2word(0, p, 0, 0) 00926 #define w2(p) bytes2word(0, 0, p, 0) 00927 #define w3(p) bytes2word(0, 0, 0, p) 00928 00929 #define u0(p) bytes2word(f2(p), p, p, f3(p)) 00930 #define u1(p) bytes2word(f3(p), f2(p), p, p) 00931 #define u2(p) bytes2word(p, f3(p), f2(p), p) 00932 #define u3(p) bytes2word(p, p, f3(p), f2(p)) 00933 00934 #define v0(p) bytes2word(fe(p), f9(p), fd(p), fb(p)) 00935 #define v1(p) bytes2word(fb(p), fe(p), f9(p), fd(p)) 00936 #define v2(p) bytes2word(fd(p), fb(p), fe(p), f9(p)) 00937 #define v3(p) bytes2word(f9(p), fd(p), fb(p), fe(p)) 00938 00939 const aes_32t t_dec(r,c)[RC_LENGTH] = 00940 { 00941 w0(0x01), w0(0x02), w0(0x04), w0(0x08), w0(0x10), 00942 w0(0x20), w0(0x40), w0(0x80), w0(0x1b), w0(0x36) 00943 }; 00944 00945 #define d_1(t,n,b,v) const t n[256] = { b(v##0) } 00946 #define d_4(t,n,b,v) const t n[4][256] = { { b(v##0) }, { b(v##1) }, { b(v##2) }, { b(v##3) } } 00947 00948 #else /* declare and instantiate tables for dynamic value generation in in tab.c */ 00949 00950 aes_32t t_dec(r,c)[RC_LENGTH]; 00951 00952 #define d_1(t,n,b,v) t n[256] 00953 #define d_4(t,n,b,v) t n[4][256] 00954 00955 #endif 00956 00957 #else /* declare tables without instantiation */ 00958 00959 #if defined(FIXED_TABLES) 00960 00961 extern const aes_32t t_dec(r,c)[RC_LENGTH]; 00962 00963 #if defined(_MSC_VER) && defined(TABLE_ALIGN) 00964 #define d_1(t,n,b,v) extern __declspec(align(TABLE_ALIGN)) const t n[256] 00965 #define d_4(t,n,b,v) extern __declspec(align(TABLE_ALIGN)) const t n[4][256] 00966 #else 00967 #define d_1(t,n,b,v) extern const t n[256] 00968 #define d_4(t,n,b,v) extern const t n[4][256] 00969 #endif 00970 #else 00971 00972 extern aes_32t t_dec(r,c)[RC_LENGTH]; 00973 00974 #if defined(_MSC_VER) && defined(TABLE_ALIGN) 00975 #define d_1(t,n,b,v) extern __declspec(align(TABLE_ALIGN)) t n[256] 00976 #define d_4(t,n,b,v) extern __declspec(align(TABLE_ALIGN)) t n[4][256] 00977 #else 00978 #define d_1(t,n,b,v) extern t n[256] 00979 #define d_4(t,n,b,v) extern t n[4][256] 00980 #endif 00981 #endif 00982 00983 #endif 00984 00985 #ifdef SBX_SET 00986 d_1(aes_08t, t_dec(s,box), sb_data, h); 00987 #endif 00988 #ifdef ISB_SET 00989 d_1(aes_08t, t_dec(i,box), isb_data, h); 00990 #endif 00991 00992 #ifdef FT1_SET 00993 d_1(aes_32t, t_dec(f,n), sb_data, u); 00994 #endif 00995 #ifdef FT4_SET 00996 d_4(aes_32t, t_dec(f,n), sb_data, u); 00997 #endif 00998 00999 #ifdef FL1_SET 01000 d_1(aes_32t, t_dec(f,l), sb_data, w); 01001 #endif 01002 #ifdef FL4_SET 01003 d_4(aes_32t, t_dec(f,l), sb_data, w); 01004 #endif 01005 01006 #ifdef IT1_SET 01007 d_1(aes_32t, t_dec(i,n), isb_data, v); 01008 #endif 01009 #ifdef IT4_SET 01010 d_4(aes_32t, t_dec(i,n), isb_data, v); 01011 #endif 01012 01013 #ifdef IL1_SET 01014 d_1(aes_32t, t_dec(i,l), isb_data, w); 01015 #endif 01016 #ifdef IL4_SET 01017 d_4(aes_32t, t_dec(i,l), isb_data, w); 01018 #endif 01019 01020 #ifdef LS1_SET 01021 #ifdef FL1_SET 01022 #undef LS1_SET 01023 #else 01024 d_1(aes_32t, t_dec(l,s), sb_data, w); 01025 #endif 01026 #endif 01027 01028 #ifdef LS4_SET 01029 #ifdef FL4_SET 01030 #undef LS4_SET 01031 #else 01032 d_4(aes_32t, t_dec(l,s), sb_data, w); 01033 #endif 01034 #endif 01035 01036 #ifdef IM1_SET 01037 d_1(aes_32t, t_dec(i,m), mm_data, v); 01038 #endif 01039 #ifdef IM4_SET 01040 d_4(aes_32t, t_dec(i,m), mm_data, v); 01041 #endif 01042 01043 #if defined(__cplusplus) 01044 } 01045 #endif 01046 01047 #endif