Cross Reference: /freebsd-9.3-release/crypto/openssh/rijndael.c

Deleted Added

sdiff udiff text old ( 69587 ) new ( 76259 )

full compact

rijndael.c (69587)	rijndael.c (76259)
1/* $OpenBSD: rijndael.c,v 1.2 2000/10/15 14:14:01 markus Exp $ */	1/* $OpenBSD: rijndael.c,v 1.7 2001/02/04 15:32:24 stevesk Exp $ */
2 3/* This is an independent implementation of the encryption algorithm: / 4/ / 5/ RIJNDAEL by Joan Daemen and Vincent Rijmen / 6/ / 7/ which is a candidate algorithm in the Advanced Encryption Standard / 8/ programme of the US National Institute of Standards and Technology. / 9/ / --- 37 unchanged lines hidden* (view full) --- 47 48/* Circular rotate of 32 bit values / 49 50#define rotr(x,n) (((x) >> ((int)(n))) \| ((x) << (32 - (int)(n)))) 51#define rotl(x,n) (((x) << ((int)(n))) \| ((x) >> (32 - (int)(n)))) 52 53/ Invert byte order in a 32 bit variable */ 54	2 3/* This is an independent implementation of the encryption algorithm: / 4/ / 5/ RIJNDAEL by Joan Daemen and Vincent Rijmen / 6/ / 7/ which is a candidate algorithm in the Advanced Encryption Standard / 8/ programme of the US National Institute of Standards and Technology. / 9/ / --- 37 unchanged lines hidden* (view full) --- 47 48/* Circular rotate of 32 bit values / 49 50#define rotr(x,n) (((x) >> ((int)(n))) \| ((x) << (32 - (int)(n)))) 51#define rotl(x,n) (((x) << ((int)(n))) \| ((x) >> (32 - (int)(n)))) 52 53/ Invert byte order in a 32 bit variable */ 54
55#define bswap(x) (rotl(x, 8) & 0x00ff00ff \| rotr(x, 8) & 0xff00ff00)	55#define bswap(x) ((rotl(x, 8) & 0x00ff00ff) \| (rotr(x, 8) & 0xff00ff00))
56	56
57/* Extract byte from a 32 bit quantity (little endian notation) */	57/* Extract byte from a 32 bit quantity (little endian notation) */
58 59#define byte(x,n) ((u1byte)((x) >> (8 * n))) 60 61#if BYTE_ORDER != LITTLE_ENDIAN	58 59#define byte(x,n) ((u1byte)((x) >> (8 * n))) 60 61#if BYTE_ORDER != LITTLE_ENDIAN
62#define BLOCK_SWAP 63#endif 64 65/* For inverting byte order in input/output 32 bit words if needed */ 66 67#ifdef BLOCK_SWAP
68#define BYTE_SWAP	62#define BYTE_SWAP
69#define WORD_SWAP
70#endif 71 72#ifdef BYTE_SWAP 73#define io_swap(x) bswap(x) 74#else 75#define io_swap(x) (x) 76#endif 77	63#endif 64 65#ifdef BYTE_SWAP 66#define io_swap(x) bswap(x) 67#else 68#define io_swap(x) (x) 69#endif 70
78/* For inverting the byte order of input/output blocks if needed / 79 80#ifdef WORD_SWAP 81 82#define get_block(x) \ 83 ((u4byte)(x))[0] = io_swap(in_blk[3]); \ 84 ((u4byte)(x))[1] = io_swap(in_blk[2]); \ 85 ((u4byte)(x))[2] = io_swap(in_blk[1]); \ 86 ((u4byte)(x))[3] = io_swap(in_blk[0]) 87 88#define put_block(x) \ 89 out_blk[3] = io_swap(((u4byte)(x))[0]); \ 90 out_blk[2] = io_swap(((u4byte)(x))[1]); \ 91 out_blk[1] = io_swap(((u4byte)(x))[2]); \ 92 out_blk[0] = io_swap(((u4byte)(x))[3]) 93 94#define get_key(x,len) \ 95 ((u4byte)(x))[4] = ((u4byte)(x))[5] = \ 96 ((u4byte)(x))[6] = ((u4byte)(x))[7] = 0; \ 97 switch((((len) + 63) / 64)) { \ 98 case 2: \ 99 ((u4byte)(x))[0] = io_swap(in_key[3]); \ 100 ((u4byte)(x))[1] = io_swap(in_key[2]); \ 101* ((u4byte)(x))[2] = io_swap(in_key[1]); \ 102* ((u4byte)(x))[3] = io_swap(in_key[0]); \ 103* break; \ 104 case 3: \ 105 ((u4byte)(x))[0] = io_swap(in_key[5]); \ 106* ((u4byte)(x))[1] = io_swap(in_key[4]); \ 107* ((u4byte)(x))[2] = io_swap(in_key[3]); \ 108* ((u4byte)(x))[3] = io_swap(in_key[2]); \ 109* ((u4byte)(x))[4] = io_swap(in_key[1]); \ 110* ((u4byte)(x))[5] = io_swap(in_key[0]); \ 111* break; \ 112 case 4: \ 113 ((u4byte)(x))[0] = io_swap(in_key[7]); \ 114* ((u4byte)(x))[1] = io_swap(in_key[6]); \ 115* ((u4byte)(x))[2] = io_swap(in_key[5]); \ 116* ((u4byte)(x))[3] = io_swap(in_key[4]); \ 117* ((u4byte)(x))[4] = io_swap(in_key[3]); \ 118* ((u4byte)(x))[5] = io_swap(in_key[2]); \ 119* ((u4byte)(x))[6] = io_swap(in_key[1]); \ 120* ((u4byte)(x))[7] = io_swap(in_key[0]); \ 121* } 122 123#else 124 125#define get_block(x) \ 126 ((u4byte)(x))[0] = io_swap(in_blk[0]); \ 127* ((u4byte)(x))[1] = io_swap(in_blk[1]); \ 128* ((u4byte)(x))[2] = io_swap(in_blk[2]); \ 129* ((u4byte)(x))[3] = io_swap(in_blk[3]) 130* 131#define put_block(x) \ 132 out_blk[0] = io_swap(((u4byte)(x))[0]); \ 133* out_blk[1] = io_swap(((u4byte)(x))[1]); \ 134* out_blk[2] = io_swap(((u4byte)(x))[2]); \ 135* out_blk[3] = io_swap(((u4byte)(x))[3]) 136* 137#define get_key(x,len) \ 138 ((u4byte)(x))[4] = ((u4byte)(x))[5] = \ 139 ((u4byte)(x))[6] = ((u4byte)(x))[7] = 0; \ 140 switch((((len) + 63) / 64)) { \ 141 case 4: \ 142 ((u4byte)(x))[6] = io_swap(in_key[6]); \ 143* ((u4byte)(x))[7] = io_swap(in_key[7]); \ 144* case 3: \ 145 ((u4byte)(x))[4] = io_swap(in_key[4]); \ 146* ((u4byte)(x))[5] = io_swap(in_key[5]); \ 147* case 2: \ 148 ((u4byte)(x))[0] = io_swap(in_key[0]); \ 149* ((u4byte)(x))[1] = io_swap(in_key[1]); \ 150* ((u4byte)(x))[2] = io_swap(in_key[2]); \ 151* ((u4byte)(x))[3] = io_swap(in_key[3]); \ 152* } 153 154#endif 155
156#define LARGE_TABLES 157 158u1byte pow_tab[256]; 159u1byte log_tab[256]; 160u1byte sbx_tab[256]; 161u1byte isb_tab[256]; 162u4byte rco_tab[ 10]; 163u4byte ft_tab[4][256]; --- 5 unchanged lines hidden (view full) --- 169#endif 170 171u4byte tab_gen = 0; 172 173#define ff_mult(a,b) (a && b ? pow_tab[(log_tab[a] + log_tab[b]) % 255] : 0) 174 175#define f_rn(bo, bi, n, k) \ 176 bo[n] = ft_tab[0][byte(bi[n],0)] ^ \	71#define LARGE_TABLES 72 73u1byte pow_tab[256]; 74u1byte log_tab[256]; 75u1byte sbx_tab[256]; 76u1byte isb_tab[256]; 77u4byte rco_tab[ 10]; 78u4byte ft_tab[4][256]; --- 5 unchanged lines hidden (view full) --- 84#endif 85 86u4byte tab_gen = 0; 87 88#define ff_mult(a,b) (a && b ? pow_tab[(log_tab[a] + log_tab[b]) % 255] : 0) 89 90#define f_rn(bo, bi, n, k) \ 91 bo[n] = ft_tab[0][byte(bi[n],0)] ^ \
177 ft_tab[1][byte(bi[(n + 1) & 3],1)] ^ \ 178 ft_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ 179 ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)	92 ft_tab[1][byte(bi[(n + 1) & 3],1)] ^ \ 93 ft_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ 94 ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
180 181#define i_rn(bo, bi, n, k) \ 182 bo[n] = it_tab[0][byte(bi[n],0)] ^ \	95 96#define i_rn(bo, bi, n, k) \ 97 bo[n] = it_tab[0][byte(bi[n],0)] ^ \
183 it_tab[1][byte(bi[(n + 3) & 3],1)] ^ \ 184 it_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ 185 it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)	98 it_tab[1][byte(bi[(n + 3) & 3],1)] ^ \ 99 it_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ 100 it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
186 187#ifdef LARGE_TABLES 188 189#define ls_box(x) \ 190 ( fl_tab[0][byte(x, 0)] ^ \ 191 fl_tab[1][byte(x, 1)] ^ \ 192 fl_tab[2][byte(x, 2)] ^ \ 193 fl_tab[3][byte(x, 3)] ) 194 195#define f_rl(bo, bi, n, k) \ 196 bo[n] = fl_tab[0][byte(bi[n],0)] ^ \	101 102#ifdef LARGE_TABLES 103 104#define ls_box(x) \ 105 ( fl_tab[0][byte(x, 0)] ^ \ 106 fl_tab[1][byte(x, 1)] ^ \ 107 fl_tab[2][byte(x, 2)] ^ \ 108 fl_tab[3][byte(x, 3)] ) 109 110#define f_rl(bo, bi, n, k) \ 111 bo[n] = fl_tab[0][byte(bi[n],0)] ^ \
197 fl_tab[1][byte(bi[(n + 1) & 3],1)] ^ \ 198 fl_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ 199 fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)	112 fl_tab[1][byte(bi[(n + 1) & 3],1)] ^ \ 113 fl_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ 114 fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
200 201#define i_rl(bo, bi, n, k) \ 202 bo[n] = il_tab[0][byte(bi[n],0)] ^ \	115 116#define i_rl(bo, bi, n, k) \ 117 bo[n] = il_tab[0][byte(bi[n],0)] ^ \
203 il_tab[1][byte(bi[(n + 3) & 3],1)] ^ \ 204 il_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ 205 il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)	118 il_tab[1][byte(bi[(n + 3) & 3],1)] ^ \ 119 il_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ 120 il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
206 207#else 208 209#define ls_box(x) \ 210 ((u4byte)sbx_tab[byte(x, 0)] << 0) ^ \ 211 ((u4byte)sbx_tab[byte(x, 1)] << 8) ^ \ 212 ((u4byte)sbx_tab[byte(x, 2)] << 16) ^ \ 213 ((u4byte)sbx_tab[byte(x, 3)] << 24) 214 215#define f_rl(bo, bi, n, k) \ 216 bo[n] = (u4byte)sbx_tab[byte(bi[n],0)] ^ \	121 122#else 123 124#define ls_box(x) \ 125 ((u4byte)sbx_tab[byte(x, 0)] << 0) ^ \ 126 ((u4byte)sbx_tab[byte(x, 1)] << 8) ^ \ 127 ((u4byte)sbx_tab[byte(x, 2)] << 16) ^ \ 128 ((u4byte)sbx_tab[byte(x, 3)] << 24) 129 130#define f_rl(bo, bi, n, k) \ 131 bo[n] = (u4byte)sbx_tab[byte(bi[n],0)] ^ \
217 rotl(((u4byte)sbx_tab[byte(bi[(n + 1) & 3],1)]), 8) ^ \ 218 rotl(((u4byte)sbx_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \ 219 rotl(((u4byte)sbx_tab[byte(bi[(n + 3) & 3],3)]), 24) ^ *(k + n)	132 rotl(((u4byte)sbx_tab[byte(bi[(n + 1) & 3],1)]), 8) ^ \ 133 rotl(((u4byte)sbx_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \ 134 rotl(((u4byte)sbx_tab[byte(bi[(n + 3) & 3],3)]), 24) ^ *(k + n)
220 221#define i_rl(bo, bi, n, k) \ 222 bo[n] = (u4byte)isb_tab[byte(bi[n],0)] ^ \	135 136#define i_rl(bo, bi, n, k) \ 137 bo[n] = (u4byte)isb_tab[byte(bi[n],0)] ^ \
223 rotl(((u4byte)isb_tab[byte(bi[(n + 3) & 3],1)]), 8) ^ \ 224 rotl(((u4byte)isb_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \ 225 rotl(((u4byte)isb_tab[byte(bi[(n + 1) & 3],3)]), 24) ^ *(k + n)	138 rotl(((u4byte)isb_tab[byte(bi[(n + 3) & 3],1)]), 8) ^ \ 139 rotl(((u4byte)isb_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \ 140 rotl(((u4byte)isb_tab[byte(bi[(n + 1) & 3],3)]), 24) ^ *(k + n)
226 227#endif 228 229void 230gen_tabs(void) 231{ 232 u4byte i, t; 233 u1byte p, q; --- 6 unchanged lines hidden (view full) --- 240 pow_tab[i] = (u1byte)p; log_tab[p] = (u1byte)i; 241 242 p = p ^ (p << 1) ^ (p & 0x80 ? 0x01b : 0); 243 } 244 245 log_tab[1] = 0; p = 1; 246 247 for(i = 0; i < 10; ++i) {	141 142#endif 143 144void 145gen_tabs(void) 146{ 147 u4byte i, t; 148 u1byte p, q; --- 6 unchanged lines hidden (view full) --- 155 pow_tab[i] = (u1byte)p; log_tab[p] = (u1byte)i; 156 157 p = p ^ (p << 1) ^ (p & 0x80 ? 0x01b : 0); 158 } 159 160 log_tab[1] = 0; p = 1; 161 162 for(i = 0; i < 10; ++i) {
248 rco_tab[i] = p;	163 rco_tab[i] = p;
249 250 p = (p << 1) ^ (p & 0x80 ? 0x1b : 0); 251 } 252 253 /* note that the affine byte transformation matrix in / 254* /* rijndael specification is in big endian format with / 255* /* bit 0 as the most significant bit. In the remainder / 256* /* of the specification the bits are numbered from the / 257* /* least significant end of a byte. / 258* 259 for(i = 0; i < 256; ++i) {	164 165 p = (p << 1) ^ (p & 0x80 ? 0x1b : 0); 166 } 167 168 /* note that the affine byte transformation matrix in / 169* /* rijndael specification is in big endian format with / 170* /* bit 0 as the most significant bit. In the remainder / 171* /* of the specification the bits are numbered from the / 172* /* least significant end of a byte. / 173* 174 for(i = 0; i < 256; ++i) {
260 p = (i ? pow_tab[255 - log_tab[i]] : 0); q = p; 261 q = (q >> 7) \| (q << 1); p ^= q; 262 q = (q >> 7) \| (q << 1); p ^= q; 263 q = (q >> 7) \| (q << 1); p ^= q; 264 q = (q >> 7) \| (q << 1); p ^= q ^ 0x63;	175 p = (i ? pow_tab[255 - log_tab[i]] : 0); q = p; 176 q = (q >> 7) \| (q << 1); p ^= q; 177 q = (q >> 7) \| (q << 1); p ^= q; 178 q = (q >> 7) \| (q << 1); p ^= q; 179 q = (q >> 7) \| (q << 1); p ^= q ^ 0x63;
265 sbx_tab[i] = (u1byte)p; isb_tab[p] = (u1byte)i; 266 } 267 268 for(i = 0; i < 256; ++i) {	180 sbx_tab[i] = (u1byte)p; isb_tab[p] = (u1byte)i; 181 } 182 183 for(i = 0; i < 256; ++i) {
269 p = sbx_tab[i];	184 p = sbx_tab[i];
270	185
271#ifdef LARGE_TABLES 272	186#ifdef LARGE_TABLES 187
273 t = p; fl_tab[0][i] = t; 274 fl_tab[1][i] = rotl(t, 8); 275 fl_tab[2][i] = rotl(t, 16); 276 fl_tab[3][i] = rotl(t, 24); 277#endif 278 t = ((u4byte)ff_mult(2, p)) \| 279 ((u4byte)p << 8) \| 280 ((u4byte)p << 16) \| 281 ((u4byte)ff_mult(3, p) << 24);	188 t = p; fl_tab[0][i] = t; 189 fl_tab[1][i] = rotl(t, 8); 190 fl_tab[2][i] = rotl(t, 16); 191 fl_tab[3][i] = rotl(t, 24); 192#endif 193 t = ((u4byte)ff_mult(2, p)) \| 194 ((u4byte)p << 8) \| 195 ((u4byte)p << 16) \| 196 ((u4byte)ff_mult(3, p) << 24);
282	197
283 ft_tab[0][i] = t; 284 ft_tab[1][i] = rotl(t, 8); 285 ft_tab[2][i] = rotl(t, 16); 286 ft_tab[3][i] = rotl(t, 24); 287	198 ft_tab[0][i] = t; 199 ft_tab[1][i] = rotl(t, 8); 200 ft_tab[2][i] = rotl(t, 16); 201 ft_tab[3][i] = rotl(t, 24); 202
288 p = isb_tab[i];	203 p = isb_tab[i];
289	204
290#ifdef LARGE_TABLES 291 292 t = p; il_tab[0][i] = t; 293 il_tab[1][i] = rotl(t, 8); 294 il_tab[2][i] = rotl(t, 16);	205#ifdef LARGE_TABLES 206 207 t = p; il_tab[0][i] = t; 208 il_tab[1][i] = rotl(t, 8); 209 il_tab[2][i] = rotl(t, 16);
295 il_tab[3][i] = rotl(t, 24);	210 il_tab[3][i] = rotl(t, 24);
296#endif	211#endif
297 t = ((u4byte)ff_mult(14, p)) \| 298 ((u4byte)ff_mult( 9, p) << 8) \| 299 ((u4byte)ff_mult(13, p) << 16) \| 300 ((u4byte)ff_mult(11, p) << 24);	212 t = ((u4byte)ff_mult(14, p)) \| 213 ((u4byte)ff_mult( 9, p) << 8) \| 214 ((u4byte)ff_mult(13, p) << 16) \| 215 ((u4byte)ff_mult(11, p) << 24);
301 302 it_tab[0][i] = t; 303 it_tab[1][i] = rotl(t, 8); 304 it_tab[2][i] = rotl(t, 16); 305 it_tab[3][i] = rotl(t, 24);	216 217 it_tab[0][i] = t; 218 it_tab[1][i] = rotl(t, 8); 219 it_tab[2][i] = rotl(t, 16); 220 it_tab[3][i] = rotl(t, 24);
306 } 307 308 tab_gen = 1; 309} 310 311#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b) 312 313#define imix_col(y,x) \ 314 u = star_x(x); \ 315 v = star_x(u); \ 316 w = star_x(v); \ 317 t = w ^ (x); \ 318 (y) = u ^ v ^ w; \ 319 (y) ^= rotr(u ^ t, 8) ^ \	221 } 222 223 tab_gen = 1; 224} 225 226#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b) 227 228#define imix_col(y,x) \ 229 u = star_x(x); \ 230 v = star_x(u); \ 231 w = star_x(v); \ 232 t = w ^ (x); \ 233 (y) = u ^ v ^ w; \ 234 (y) ^= rotr(u ^ t, 8) ^ \
320 rotr(v ^ t, 16) ^ \ 321 rotr(t,24)	235 rotr(v ^ t, 16) ^ \ 236 rotr(t,24)
322 323/* initialise the key schedule from the user supplied key / 324* 325#define loop4(i) \ 326{ t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \ 327 t ^= e_key[4 * i]; e_key[4 * i + 4] = t; \ 328 t ^= e_key[4 * i + 1]; e_key[4 * i + 5] = t; \ 329 t ^= e_key[4 * i + 2]; e_key[4 * i + 6] = t; \ --- 21 unchanged lines hidden (view full) --- 351 t ^= e_key[8 * i + 5]; e_key[8 * i + 13] = t; \ 352 t ^= e_key[8 * i + 6]; e_key[8 * i + 14] = t; \ 353 t ^= e_key[8 * i + 7]; e_key[8 * i + 15] = t; \ 354} 355 356rijndael_ctx * 357rijndael_set_key(rijndael_ctx ctx, const u4byte in_key, const u4byte key_len, 358 int encrypt)	237 238/* initialise the key schedule from the user supplied key / 239* 240#define loop4(i) \ 241{ t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \ 242 t ^= e_key[4 * i]; e_key[4 * i + 4] = t; \ 243 t ^= e_key[4 * i + 1]; e_key[4 * i + 5] = t; \ 244 t ^= e_key[4 * i + 2]; e_key[4 * i + 6] = t; \ --- 21 unchanged lines hidden (view full) --- 266 t ^= e_key[8 * i + 5]; e_key[8 * i + 13] = t; \ 267 t ^= e_key[8 * i + 6]; e_key[8 * i + 14] = t; \ 268 t ^= e_key[8 * i + 7]; e_key[8 * i + 15] = t; \ 269} 270 271rijndael_ctx * 272rijndael_set_key(rijndael_ctx ctx, const u4byte in_key, const u4byte key_len, 273 int encrypt)
359{	274{
360 u4byte i, t, u, v, w; 361 u4byte e_key = ctx->e_key; 362* u4byte d_key = ctx->d_key; 363* 364 ctx->decrypt = !encrypt; 365 366 if(!tab_gen) 367 gen_tabs(); 368 369 ctx->k_len = (key_len + 31) / 32; 370	275 u4byte i, t, u, v, w; 276 u4byte e_key = ctx->e_key; 277* u4byte d_key = ctx->d_key; 278* 279 ctx->decrypt = !encrypt; 280 281 if(!tab_gen) 282 gen_tabs(); 283 284 ctx->k_len = (key_len + 31) / 32; 285
371 e_key[0] = in_key[0]; e_key[1] = in_key[1]; 372 e_key[2] = in_key[2]; e_key[3] = in_key[3]; 373	286 e_key[0] = io_swap(in_key[0]); e_key[1] = io_swap(in_key[1]); 287 e_key[2] = io_swap(in_key[2]); e_key[3] = io_swap(in_key[3]); 288
374 switch(ctx->k_len) {	289 switch(ctx->k_len) {
375 case 4: t = e_key[3]; 376 for(i = 0; i < 10; ++i)	290 case 4: t = e_key[3]; 291 for(i = 0; i < 10; ++i)
377 loop4(i);	292 loop4(i);
378 break;	293 break;
379	294
380 case 6: e_key[4] = in_key[4]; t = e_key[5] = in_key[5]; 381 for(i = 0; i < 8; ++i)	295 case 6: e_key[4] = io_swap(in_key[4]); t = e_key[5] = io_swap(in_key[5]); 296 for(i = 0; i < 8; ++i)
382 loop6(i);	297 loop6(i);
383 break;	298 break;
384	299
385 case 8: e_key[4] = in_key[4]; e_key[5] = in_key[5]; 386 e_key[6] = in_key[6]; t = e_key[7] = in_key[7]; 387 for(i = 0; i < 7; ++i)	300 case 8: e_key[4] = io_swap(in_key[4]); e_key[5] = io_swap(in_key[5]); 301 e_key[6] = io_swap(in_key[6]); t = e_key[7] = io_swap(in_key[7]); 302 for(i = 0; i < 7; ++i)
388 loop8(i);	303 loop8(i);
389 break;	304 break;
390 } 391 392 if (!encrypt) { 393 d_key[0] = e_key[0]; d_key[1] = e_key[1]; 394 d_key[2] = e_key[2]; d_key[3] = e_key[3]; 395 396 for(i = 4; i < 4 * ctx->k_len + 24; ++i) { 397 imix_col(d_key[i], e_key[i]); --- 15 unchanged lines hidden (view full) --- 413#define f_lround(bo, bi, k) \ 414 f_rl(bo, bi, 0, k); \ 415 f_rl(bo, bi, 1, k); \ 416 f_rl(bo, bi, 2, k); \ 417 f_rl(bo, bi, 3, k) 418 419void 420rijndael_encrypt(rijndael_ctx ctx, const u4byte in_blk, u4byte *out_blk)	305 } 306 307 if (!encrypt) { 308 d_key[0] = e_key[0]; d_key[1] = e_key[1]; 309 d_key[2] = e_key[2]; d_key[3] = e_key[3]; 310 311 for(i = 4; i < 4 * ctx->k_len + 24; ++i) { 312 imix_col(d_key[i], e_key[i]); --- 15 unchanged lines hidden (view full) --- 328#define f_lround(bo, bi, k) \ 329 f_rl(bo, bi, 0, k); \ 330 f_rl(bo, bi, 1, k); \ 331 f_rl(bo, bi, 2, k); \ 332 f_rl(bo, bi, 3, k) 333 334void 335rijndael_encrypt(rijndael_ctx ctx, const u4byte in_blk, u4byte *out_blk)
421{	336{
422 u4byte k_len = ctx->k_len; 423 u4byte e_key = ctx->e_key; 424* u4byte b0[4], b1[4], kp; 425*	337 u4byte k_len = ctx->k_len; 338 u4byte e_key = ctx->e_key; 339* u4byte b0[4], b1[4], kp; 340*
426 b0[0] = in_blk[0] ^ e_key[0]; b0[1] = in_blk[1] ^ e_key[1]; 427 b0[2] = in_blk[2] ^ e_key[2]; b0[3] = in_blk[3] ^ e_key[3];	341 b0[0] = io_swap(in_blk[0]) ^ e_key[0]; 342 b0[1] = io_swap(in_blk[1]) ^ e_key[1]; 343 b0[2] = io_swap(in_blk[2]) ^ e_key[2]; 344 b0[3] = io_swap(in_blk[3]) ^ e_key[3];
428 429 kp = e_key + 4; 430 431 if(k_len > 6) { 432 f_nround(b1, b0, kp); f_nround(b0, b1, kp); 433 } 434 435 if(k_len > 4) { 436 f_nround(b1, b0, kp); f_nround(b0, b1, kp); 437 } 438 439 f_nround(b1, b0, kp); f_nround(b0, b1, kp); 440 f_nround(b1, b0, kp); f_nround(b0, b1, kp); 441 f_nround(b1, b0, kp); f_nround(b0, b1, kp); 442 f_nround(b1, b0, kp); f_nround(b0, b1, kp); 443 f_nround(b1, b0, kp); f_lround(b0, b1, kp); 444	345 346 kp = e_key + 4; 347 348 if(k_len > 6) { 349 f_nround(b1, b0, kp); f_nround(b0, b1, kp); 350 } 351 352 if(k_len > 4) { 353 f_nround(b1, b0, kp); f_nround(b0, b1, kp); 354 } 355 356 f_nround(b1, b0, kp); f_nround(b0, b1, kp); 357 f_nround(b1, b0, kp); f_nround(b0, b1, kp); 358 f_nround(b1, b0, kp); f_nround(b0, b1, kp); 359 f_nround(b1, b0, kp); f_nround(b0, b1, kp); 360 f_nround(b1, b0, kp); f_lround(b0, b1, kp); 361
445 out_blk[0] = b0[0]; out_blk[1] = b0[1]; 446 out_blk[2] = b0[2]; out_blk[3] = b0[3];	362 out_blk[0] = io_swap(b0[0]); out_blk[1] = io_swap(b0[1]); 363 out_blk[2] = io_swap(b0[2]); out_blk[3] = io_swap(b0[3]);
447} 448 449/* decrypt a block of text / 450* 451#define i_nround(bo, bi, k) \ 452 i_rn(bo, bi, 0, k); \ 453 i_rn(bo, bi, 1, k); \ 454 i_rn(bo, bi, 2, k); \ 455 i_rn(bo, bi, 3, k); \ 456 k -= 4 457 458#define i_lround(bo, bi, k) \ 459 i_rl(bo, bi, 0, k); \ 460 i_rl(bo, bi, 1, k); \ 461 i_rl(bo, bi, 2, k); \ 462 i_rl(bo, bi, 3, k) 463 464void 465rijndael_decrypt(rijndael_ctx ctx, const u4byte in_blk, u4byte *out_blk)	364} 365 366/* decrypt a block of text / 367* 368#define i_nround(bo, bi, k) \ 369 i_rn(bo, bi, 0, k); \ 370 i_rn(bo, bi, 1, k); \ 371 i_rn(bo, bi, 2, k); \ 372 i_rn(bo, bi, 3, k); \ 373 k -= 4 374 375#define i_lround(bo, bi, k) \ 376 i_rl(bo, bi, 0, k); \ 377 i_rl(bo, bi, 1, k); \ 378 i_rl(bo, bi, 2, k); \ 379 i_rl(bo, bi, 3, k) 380 381void 382rijndael_decrypt(rijndael_ctx ctx, const u4byte in_blk, u4byte *out_blk)
466{	383{
467 u4byte b0[4], b1[4], kp; 468* u4byte k_len = ctx->k_len; 469 u4byte e_key = ctx->e_key; 470* u4byte d_key = ctx->d_key; 471*	384 u4byte b0[4], b1[4], kp; 385* u4byte k_len = ctx->k_len; 386 u4byte e_key = ctx->e_key; 387* u4byte d_key = ctx->d_key; 388*
472 b0[0] = in_blk[0] ^ e_key[4 * k_len + 24]; b0[1] = in_blk[1] ^ e_key[4 * k_len + 25]; 473 b0[2] = in_blk[2] ^ e_key[4 * k_len + 26]; b0[3] = in_blk[3] ^ e_key[4 * k_len + 27];	389 b0[0] = io_swap(in_blk[0]) ^ e_key[4 * k_len + 24]; 390 b0[1] = io_swap(in_blk[1]) ^ e_key[4 * k_len + 25]; 391 b0[2] = io_swap(in_blk[2]) ^ e_key[4 * k_len + 26]; 392 b0[3] = io_swap(in_blk[3]) ^ e_key[4 * k_len + 27];
474 475 kp = d_key + 4 * (k_len + 5); 476 477 if(k_len > 6) { 478 i_nround(b1, b0, kp); i_nround(b0, b1, kp); 479 } 480 481 if(k_len > 4) { 482 i_nround(b1, b0, kp); i_nround(b0, b1, kp); 483 } 484 485 i_nround(b1, b0, kp); i_nround(b0, b1, kp); 486 i_nround(b1, b0, kp); i_nround(b0, b1, kp); 487 i_nround(b1, b0, kp); i_nround(b0, b1, kp); 488 i_nround(b1, b0, kp); i_nround(b0, b1, kp); 489 i_nround(b1, b0, kp); i_lround(b0, b1, kp); 490	393 394 kp = d_key + 4 * (k_len + 5); 395 396 if(k_len > 6) { 397 i_nround(b1, b0, kp); i_nround(b0, b1, kp); 398 } 399 400 if(k_len > 4) { 401 i_nround(b1, b0, kp); i_nround(b0, b1, kp); 402 } 403 404 i_nround(b1, b0, kp); i_nround(b0, b1, kp); 405 i_nround(b1, b0, kp); i_nround(b0, b1, kp); 406 i_nround(b1, b0, kp); i_nround(b0, b1, kp); 407 i_nround(b1, b0, kp); i_nround(b0, b1, kp); 408 i_nround(b1, b0, kp); i_lround(b0, b1, kp); 409
491 out_blk[0] = b0[0]; out_blk[1] = b0[1]; 492 out_blk[2] = b0[2]; out_blk[3] = b0[3];	410 out_blk[0] = io_swap(b0[0]); out_blk[1] = io_swap(b0[1]); 411 out_blk[2] = io_swap(b0[2]); out_blk[3] = io_swap(b0[3]);
493}	412}