PolarSSL v1.1.4
|
00001 /* 00002 * FIPS-197 compliant AES implementation 00003 * 00004 * Copyright (C) 2006-2010, Brainspark B.V. 00005 * 00006 * This file is part of PolarSSL (http://www.polarssl.org) 00007 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> 00008 * 00009 * All rights reserved. 00010 * 00011 * This program is free software; you can redistribute it and/or modify 00012 * it under the terms of the GNU General Public License as published by 00013 * the Free Software Foundation; either version 2 of the License, or 00014 * (at your option) any later version. 00015 * 00016 * This program is distributed in the hope that it will be useful, 00017 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00018 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00019 * GNU General Public License for more details. 00020 * 00021 * You should have received a copy of the GNU General Public License along 00022 * with this program; if not, write to the Free Software Foundation, Inc., 00023 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 00024 */ 00025 /* 00026 * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. 00027 * 00028 * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf 00029 * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf 00030 */ 00031 00032 #include "polarssl/config.h" 00033 00034 #if defined(POLARSSL_AES_C) 00035 00036 #include "polarssl/aes.h" 00037 #include "polarssl/padlock.h" 00038 00039 /* 00040 * 32-bit integer manipulation macros (little endian) 00041 */ 00042 #ifndef GET_ULONG_LE 00043 #define GET_ULONG_LE(n,b,i) \ 00044 { \ 00045 (n) = ( (unsigned long) (b)[(i) ] ) \ 00046 | ( (unsigned long) (b)[(i) + 1] << 8 ) \ 00047 | ( (unsigned long) (b)[(i) + 2] << 16 ) \ 00048 | ( (unsigned long) (b)[(i) + 3] << 24 ); \ 00049 } 00050 #endif 00051 00052 #ifndef PUT_ULONG_LE 00053 #define PUT_ULONG_LE(n,b,i) \ 00054 { \ 00055 (b)[(i) ] = (unsigned char) ( (n) ); \ 00056 (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \ 00057 (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \ 00058 (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \ 00059 } 00060 #endif 00061 00062 #if defined(POLARSSL_AES_ROM_TABLES) 00063 /* 00064 * Forward S-box 00065 */ 00066 static const unsigned char FSb[256] = 00067 { 00068 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 00069 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, 00070 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 00071 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, 00072 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 00073 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15, 00074 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 00075 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75, 00076 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 00077 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, 00078 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 00079 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF, 00080 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 00081 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8, 00082 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 00083 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, 00084 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 00085 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73, 00086 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 00087 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB, 00088 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 00089 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, 00090 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 00091 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08, 00092 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 00093 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A, 00094 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 00095 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, 00096 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 00097 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF, 00098 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 00099 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16 00100 }; 00101 00102 /* 00103 * Forward tables 00104 */ 00105 #define FT \ 00106 \ 00107 V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \ 00108 V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \ 00109 V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \ 00110 V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \ 00111 V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \ 00112 V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \ 00113 V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \ 00114 V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \ 00115 V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \ 00116 V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \ 00117 V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \ 00118 V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \ 00119 V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \ 00120 V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \ 00121 V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \ 00122 V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \ 00123 V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \ 00124 V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \ 00125 V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \ 00126 V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \ 00127 V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \ 00128 V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \ 00129 V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \ 00130 V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \ 00131 V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \ 00132 V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \ 00133 V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \ 00134 V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \ 00135 V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \ 00136 V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \ 00137 V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \ 00138 V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \ 00139 V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \ 00140 V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \ 00141 V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \ 00142 V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \ 00143 V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \ 00144 V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \ 00145 V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \ 00146 V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \ 00147 V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \ 00148 V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \ 00149 V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \ 00150 V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \ 00151 V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \ 00152 V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \ 00153 V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \ 00154 V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \ 00155 V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \ 00156 V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \ 00157 V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \ 00158 V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \ 00159 V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \ 00160 V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \ 00161 V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \ 00162 V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \ 00163 V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \ 00164 V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \ 00165 V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \ 00166 V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \ 00167 V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \ 00168 V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \ 00169 V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \ 00170 V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C) 00171 00172 #define V(a,b,c,d) 0x##a##b##c##d 00173 static const unsigned long FT0[256] = { FT }; 00174 #undef V 00175 00176 #define V(a,b,c,d) 0x##b##c##d##a 00177 static const unsigned long FT1[256] = { FT }; 00178 #undef V 00179 00180 #define V(a,b,c,d) 0x##c##d##a##b 00181 static const unsigned long FT2[256] = { FT }; 00182 #undef V 00183 00184 #define V(a,b,c,d) 0x##d##a##b##c 00185 static const unsigned long FT3[256] = { FT }; 00186 #undef V 00187 00188 #undef FT 00189 00190 /* 00191 * Reverse S-box 00192 */ 00193 static const unsigned char RSb[256] = 00194 { 00195 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 00196 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB, 00197 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 00198 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB, 00199 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 00200 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E, 00201 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 00202 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25, 00203 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 00204 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92, 00205 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 00206 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84, 00207 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 00208 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06, 00209 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 00210 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B, 00211 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 00212 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73, 00213 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 00214 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E, 00215 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 00216 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B, 00217 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 00218 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4, 00219 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 00220 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F, 00221 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 00222 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF, 00223 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 00224 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61, 00225 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 00226 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D 00227 }; 00228 00229 /* 00230 * Reverse tables 00231 */ 00232 #define RT \ 00233 \ 00234 V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \ 00235 V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \ 00236 V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \ 00237 V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \ 00238 V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \ 00239 V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \ 00240 V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \ 00241 V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \ 00242 V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \ 00243 V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \ 00244 V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \ 00245 V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \ 00246 V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \ 00247 V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \ 00248 V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \ 00249 V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \ 00250 V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \ 00251 V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \ 00252 V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \ 00253 V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \ 00254 V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \ 00255 V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \ 00256 V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \ 00257 V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \ 00258 V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \ 00259 V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \ 00260 V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \ 00261 V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \ 00262 V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \ 00263 V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \ 00264 V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \ 00265 V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \ 00266 V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \ 00267 V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \ 00268 V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \ 00269 V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \ 00270 V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \ 00271 V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \ 00272 V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \ 00273 V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \ 00274 V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \ 00275 V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \ 00276 V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \ 00277 V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \ 00278 V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \ 00279 V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \ 00280 V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \ 00281 V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \ 00282 V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \ 00283 V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \ 00284 V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \ 00285 V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \ 00286 V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \ 00287 V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \ 00288 V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \ 00289 V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \ 00290 V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \ 00291 V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \ 00292 V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \ 00293 V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \ 00294 V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \ 00295 V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \ 00296 V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \ 00297 V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0) 00298 00299 #define V(a,b,c,d) 0x##a##b##c##d 00300 static const unsigned long RT0[256] = { RT }; 00301 #undef V 00302 00303 #define V(a,b,c,d) 0x##b##c##d##a 00304 static const unsigned long RT1[256] = { RT }; 00305 #undef V 00306 00307 #define V(a,b,c,d) 0x##c##d##a##b 00308 static const unsigned long RT2[256] = { RT }; 00309 #undef V 00310 00311 #define V(a,b,c,d) 0x##d##a##b##c 00312 static const unsigned long RT3[256] = { RT }; 00313 #undef V 00314 00315 #undef RT 00316 00317 /* 00318 * Round constants 00319 */ 00320 static const unsigned long RCON[10] = 00321 { 00322 0x00000001, 0x00000002, 0x00000004, 0x00000008, 00323 0x00000010, 0x00000020, 0x00000040, 0x00000080, 00324 0x0000001B, 0x00000036 00325 }; 00326 00327 #else 00328 00329 /* 00330 * Forward S-box & tables 00331 */ 00332 static unsigned char FSb[256]; 00333 static unsigned long FT0[256]; 00334 static unsigned long FT1[256]; 00335 static unsigned long FT2[256]; 00336 static unsigned long FT3[256]; 00337 00338 /* 00339 * Reverse S-box & tables 00340 */ 00341 static unsigned char RSb[256]; 00342 static unsigned long RT0[256]; 00343 static unsigned long RT1[256]; 00344 static unsigned long RT2[256]; 00345 static unsigned long RT3[256]; 00346 00347 /* 00348 * Round constants 00349 */ 00350 static unsigned long RCON[10]; 00351 00352 /* 00353 * Tables generation code 00354 */ 00355 #define ROTL8(x) ( ( x << 8 ) & 0xFFFFFFFF ) | ( x >> 24 ) 00356 #define XTIME(x) ( ( x << 1 ) ^ ( ( x & 0x80 ) ? 0x1B : 0x00 ) ) 00357 #define MUL(x,y) ( ( x && y ) ? pow[(log[x]+log[y]) % 255] : 0 ) 00358 00359 static int aes_init_done = 0; 00360 00361 static void aes_gen_tables( void ) 00362 { 00363 int i, x, y, z; 00364 int pow[256]; 00365 int log[256]; 00366 00367 /* 00368 * compute pow and log tables over GF(2^8) 00369 */ 00370 for( i = 0, x = 1; i < 256; i++ ) 00371 { 00372 pow[i] = x; 00373 log[x] = i; 00374 x = ( x ^ XTIME( x ) ) & 0xFF; 00375 } 00376 00377 /* 00378 * calculate the round constants 00379 */ 00380 for( i = 0, x = 1; i < 10; i++ ) 00381 { 00382 RCON[i] = (unsigned long) x; 00383 x = XTIME( x ) & 0xFF; 00384 } 00385 00386 /* 00387 * generate the forward and reverse S-boxes 00388 */ 00389 FSb[0x00] = 0x63; 00390 RSb[0x63] = 0x00; 00391 00392 for( i = 1; i < 256; i++ ) 00393 { 00394 x = pow[255 - log[i]]; 00395 00396 y = x; y = ( (y << 1) | (y >> 7) ) & 0xFF; 00397 x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF; 00398 x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF; 00399 x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF; 00400 x ^= y ^ 0x63; 00401 00402 FSb[i] = (unsigned char) x; 00403 RSb[x] = (unsigned char) i; 00404 } 00405 00406 /* 00407 * generate the forward and reverse tables 00408 */ 00409 for( i = 0; i < 256; i++ ) 00410 { 00411 x = FSb[i]; 00412 y = XTIME( x ) & 0xFF; 00413 z = ( y ^ x ) & 0xFF; 00414 00415 FT0[i] = ( (unsigned long) y ) ^ 00416 ( (unsigned long) x << 8 ) ^ 00417 ( (unsigned long) x << 16 ) ^ 00418 ( (unsigned long) z << 24 ); 00419 00420 FT1[i] = ROTL8( FT0[i] ); 00421 FT2[i] = ROTL8( FT1[i] ); 00422 FT3[i] = ROTL8( FT2[i] ); 00423 00424 x = RSb[i]; 00425 00426 RT0[i] = ( (unsigned long) MUL( 0x0E, x ) ) ^ 00427 ( (unsigned long) MUL( 0x09, x ) << 8 ) ^ 00428 ( (unsigned long) MUL( 0x0D, x ) << 16 ) ^ 00429 ( (unsigned long) MUL( 0x0B, x ) << 24 ); 00430 00431 RT1[i] = ROTL8( RT0[i] ); 00432 RT2[i] = ROTL8( RT1[i] ); 00433 RT3[i] = ROTL8( RT2[i] ); 00434 } 00435 } 00436 00437 #endif 00438 00439 /* 00440 * AES key schedule (encryption) 00441 */ 00442 int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned int keysize ) 00443 { 00444 unsigned int i; 00445 unsigned long *RK; 00446 00447 #if !defined(POLARSSL_AES_ROM_TABLES) 00448 if( aes_init_done == 0 ) 00449 { 00450 aes_gen_tables(); 00451 aes_init_done = 1; 00452 } 00453 #endif 00454 00455 switch( keysize ) 00456 { 00457 case 128: ctx->nr = 10; break; 00458 case 192: ctx->nr = 12; break; 00459 case 256: ctx->nr = 14; break; 00460 default : return( POLARSSL_ERR_AES_INVALID_KEY_LENGTH ); 00461 } 00462 00463 #if defined(PADLOCK_ALIGN16) 00464 ctx->rk = RK = PADLOCK_ALIGN16( ctx->buf ); 00465 #else 00466 ctx->rk = RK = ctx->buf; 00467 #endif 00468 00469 for( i = 0; i < (keysize >> 5); i++ ) 00470 { 00471 GET_ULONG_LE( RK[i], key, i << 2 ); 00472 } 00473 00474 switch( ctx->nr ) 00475 { 00476 case 10: 00477 00478 for( i = 0; i < 10; i++, RK += 4 ) 00479 { 00480 RK[4] = RK[0] ^ RCON[i] ^ 00481 ( (unsigned long) FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^ 00482 ( (unsigned long) FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^ 00483 ( (unsigned long) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^ 00484 ( (unsigned long) FSb[ ( RK[3] ) & 0xFF ] << 24 ); 00485 00486 RK[5] = RK[1] ^ RK[4]; 00487 RK[6] = RK[2] ^ RK[5]; 00488 RK[7] = RK[3] ^ RK[6]; 00489 } 00490 break; 00491 00492 case 12: 00493 00494 for( i = 0; i < 8; i++, RK += 6 ) 00495 { 00496 RK[6] = RK[0] ^ RCON[i] ^ 00497 ( (unsigned long) FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^ 00498 ( (unsigned long) FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^ 00499 ( (unsigned long) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^ 00500 ( (unsigned long) FSb[ ( RK[5] ) & 0xFF ] << 24 ); 00501 00502 RK[7] = RK[1] ^ RK[6]; 00503 RK[8] = RK[2] ^ RK[7]; 00504 RK[9] = RK[3] ^ RK[8]; 00505 RK[10] = RK[4] ^ RK[9]; 00506 RK[11] = RK[5] ^ RK[10]; 00507 } 00508 break; 00509 00510 case 14: 00511 00512 for( i = 0; i < 7; i++, RK += 8 ) 00513 { 00514 RK[8] = RK[0] ^ RCON[i] ^ 00515 ( (unsigned long) FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^ 00516 ( (unsigned long) FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^ 00517 ( (unsigned long) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^ 00518 ( (unsigned long) FSb[ ( RK[7] ) & 0xFF ] << 24 ); 00519 00520 RK[9] = RK[1] ^ RK[8]; 00521 RK[10] = RK[2] ^ RK[9]; 00522 RK[11] = RK[3] ^ RK[10]; 00523 00524 RK[12] = RK[4] ^ 00525 ( (unsigned long) FSb[ ( RK[11] ) & 0xFF ] ) ^ 00526 ( (unsigned long) FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^ 00527 ( (unsigned long) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^ 00528 ( (unsigned long) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 ); 00529 00530 RK[13] = RK[5] ^ RK[12]; 00531 RK[14] = RK[6] ^ RK[13]; 00532 RK[15] = RK[7] ^ RK[14]; 00533 } 00534 break; 00535 00536 default: 00537 00538 break; 00539 } 00540 00541 return( 0 ); 00542 } 00543 00544 /* 00545 * AES key schedule (decryption) 00546 */ 00547 int aes_setkey_dec( aes_context *ctx, const unsigned char *key, unsigned int keysize ) 00548 { 00549 int i, j; 00550 aes_context cty; 00551 unsigned long *RK; 00552 unsigned long *SK; 00553 int ret; 00554 00555 switch( keysize ) 00556 { 00557 case 128: ctx->nr = 10; break; 00558 case 192: ctx->nr = 12; break; 00559 case 256: ctx->nr = 14; break; 00560 default : return( POLARSSL_ERR_AES_INVALID_KEY_LENGTH ); 00561 } 00562 00563 #if defined(PADLOCK_ALIGN16) 00564 ctx->rk = RK = PADLOCK_ALIGN16( ctx->buf ); 00565 #else 00566 ctx->rk = RK = ctx->buf; 00567 #endif 00568 00569 ret = aes_setkey_enc( &cty, key, keysize ); 00570 if( ret != 0 ) 00571 return( ret ); 00572 00573 SK = cty.rk + cty.nr * 4; 00574 00575 *RK++ = *SK++; 00576 *RK++ = *SK++; 00577 *RK++ = *SK++; 00578 *RK++ = *SK++; 00579 00580 for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 ) 00581 { 00582 for( j = 0; j < 4; j++, SK++ ) 00583 { 00584 *RK++ = RT0[ FSb[ ( *SK ) & 0xFF ] ] ^ 00585 RT1[ FSb[ ( *SK >> 8 ) & 0xFF ] ] ^ 00586 RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^ 00587 RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ]; 00588 } 00589 } 00590 00591 *RK++ = *SK++; 00592 *RK++ = *SK++; 00593 *RK++ = *SK++; 00594 *RK++ = *SK++; 00595 00596 memset( &cty, 0, sizeof( aes_context ) ); 00597 00598 return( 0 ); 00599 } 00600 00601 #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ 00602 { \ 00603 X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \ 00604 FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \ 00605 FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \ 00606 FT3[ ( Y3 >> 24 ) & 0xFF ]; \ 00607 \ 00608 X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \ 00609 FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \ 00610 FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \ 00611 FT3[ ( Y0 >> 24 ) & 0xFF ]; \ 00612 \ 00613 X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \ 00614 FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \ 00615 FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \ 00616 FT3[ ( Y1 >> 24 ) & 0xFF ]; \ 00617 \ 00618 X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \ 00619 FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \ 00620 FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \ 00621 FT3[ ( Y2 >> 24 ) & 0xFF ]; \ 00622 } 00623 00624 #define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ 00625 { \ 00626 X0 = *RK++ ^ RT0[ ( Y0 ) & 0xFF ] ^ \ 00627 RT1[ ( Y3 >> 8 ) & 0xFF ] ^ \ 00628 RT2[ ( Y2 >> 16 ) & 0xFF ] ^ \ 00629 RT3[ ( Y1 >> 24 ) & 0xFF ]; \ 00630 \ 00631 X1 = *RK++ ^ RT0[ ( Y1 ) & 0xFF ] ^ \ 00632 RT1[ ( Y0 >> 8 ) & 0xFF ] ^ \ 00633 RT2[ ( Y3 >> 16 ) & 0xFF ] ^ \ 00634 RT3[ ( Y2 >> 24 ) & 0xFF ]; \ 00635 \ 00636 X2 = *RK++ ^ RT0[ ( Y2 ) & 0xFF ] ^ \ 00637 RT1[ ( Y1 >> 8 ) & 0xFF ] ^ \ 00638 RT2[ ( Y0 >> 16 ) & 0xFF ] ^ \ 00639 RT3[ ( Y3 >> 24 ) & 0xFF ]; \ 00640 \ 00641 X3 = *RK++ ^ RT0[ ( Y3 ) & 0xFF ] ^ \ 00642 RT1[ ( Y2 >> 8 ) & 0xFF ] ^ \ 00643 RT2[ ( Y1 >> 16 ) & 0xFF ] ^ \ 00644 RT3[ ( Y0 >> 24 ) & 0xFF ]; \ 00645 } 00646 00647 /* 00648 * AES-ECB block encryption/decryption 00649 */ 00650 int aes_crypt_ecb( aes_context *ctx, 00651 int mode, 00652 const unsigned char input[16], 00653 unsigned char output[16] ) 00654 { 00655 int i; 00656 unsigned long *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3; 00657 00658 #if defined(POLARSSL_PADLOCK_C) && defined(POLARSSL_HAVE_X86) 00659 if( padlock_supports( PADLOCK_ACE ) ) 00660 { 00661 if( padlock_xcryptecb( ctx, mode, input, output ) == 0 ) 00662 return( 0 ); 00663 00664 // If padlock data misaligned, we just fall back to 00665 // unaccelerated mode 00666 // 00667 } 00668 #endif 00669 00670 RK = ctx->rk; 00671 00672 GET_ULONG_LE( X0, input, 0 ); X0 ^= *RK++; 00673 GET_ULONG_LE( X1, input, 4 ); X1 ^= *RK++; 00674 GET_ULONG_LE( X2, input, 8 ); X2 ^= *RK++; 00675 GET_ULONG_LE( X3, input, 12 ); X3 ^= *RK++; 00676 00677 if( mode == AES_DECRYPT ) 00678 { 00679 for( i = (ctx->nr >> 1) - 1; i > 0; i-- ) 00680 { 00681 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); 00682 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); 00683 } 00684 00685 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); 00686 00687 X0 = *RK++ ^ \ 00688 ( (unsigned long) RSb[ ( Y0 ) & 0xFF ] ) ^ 00689 ( (unsigned long) RSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^ 00690 ( (unsigned long) RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^ 00691 ( (unsigned long) RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 ); 00692 00693 X1 = *RK++ ^ \ 00694 ( (unsigned long) RSb[ ( Y1 ) & 0xFF ] ) ^ 00695 ( (unsigned long) RSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^ 00696 ( (unsigned long) RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^ 00697 ( (unsigned long) RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 ); 00698 00699 X2 = *RK++ ^ \ 00700 ( (unsigned long) RSb[ ( Y2 ) & 0xFF ] ) ^ 00701 ( (unsigned long) RSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^ 00702 ( (unsigned long) RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^ 00703 ( (unsigned long) RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 ); 00704 00705 X3 = *RK++ ^ \ 00706 ( (unsigned long) RSb[ ( Y3 ) & 0xFF ] ) ^ 00707 ( (unsigned long) RSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^ 00708 ( (unsigned long) RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^ 00709 ( (unsigned long) RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 ); 00710 } 00711 else /* AES_ENCRYPT */ 00712 { 00713 for( i = (ctx->nr >> 1) - 1; i > 0; i-- ) 00714 { 00715 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); 00716 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); 00717 } 00718 00719 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); 00720 00721 X0 = *RK++ ^ \ 00722 ( (unsigned long) FSb[ ( Y0 ) & 0xFF ] ) ^ 00723 ( (unsigned long) FSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^ 00724 ( (unsigned long) FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^ 00725 ( (unsigned long) FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 ); 00726 00727 X1 = *RK++ ^ \ 00728 ( (unsigned long) FSb[ ( Y1 ) & 0xFF ] ) ^ 00729 ( (unsigned long) FSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^ 00730 ( (unsigned long) FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^ 00731 ( (unsigned long) FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 ); 00732 00733 X2 = *RK++ ^ \ 00734 ( (unsigned long) FSb[ ( Y2 ) & 0xFF ] ) ^ 00735 ( (unsigned long) FSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^ 00736 ( (unsigned long) FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^ 00737 ( (unsigned long) FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 ); 00738 00739 X3 = *RK++ ^ \ 00740 ( (unsigned long) FSb[ ( Y3 ) & 0xFF ] ) ^ 00741 ( (unsigned long) FSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^ 00742 ( (unsigned long) FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^ 00743 ( (unsigned long) FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 ); 00744 } 00745 00746 PUT_ULONG_LE( X0, output, 0 ); 00747 PUT_ULONG_LE( X1, output, 4 ); 00748 PUT_ULONG_LE( X2, output, 8 ); 00749 PUT_ULONG_LE( X3, output, 12 ); 00750 00751 return( 0 ); 00752 } 00753 00754 /* 00755 * AES-CBC buffer encryption/decryption 00756 */ 00757 int aes_crypt_cbc( aes_context *ctx, 00758 int mode, 00759 size_t length, 00760 unsigned char iv[16], 00761 const unsigned char *input, 00762 unsigned char *output ) 00763 { 00764 int i; 00765 unsigned char temp[16]; 00766 00767 if( length % 16 ) 00768 return( POLARSSL_ERR_AES_INVALID_INPUT_LENGTH ); 00769 00770 #if defined(POLARSSL_PADLOCK_C) && defined(POLARSSL_HAVE_X86) 00771 if( padlock_supports( PADLOCK_ACE ) ) 00772 { 00773 if( padlock_xcryptcbc( ctx, mode, length, iv, input, output ) == 0 ) 00774 return( 0 ); 00775 00776 // If padlock data misaligned, we just fall back to 00777 // unaccelerated mode 00778 // 00779 } 00780 #endif 00781 00782 if( mode == AES_DECRYPT ) 00783 { 00784 while( length > 0 ) 00785 { 00786 memcpy( temp, input, 16 ); 00787 aes_crypt_ecb( ctx, mode, input, output ); 00788 00789 for( i = 0; i < 16; i++ ) 00790 output[i] = (unsigned char)( output[i] ^ iv[i] ); 00791 00792 memcpy( iv, temp, 16 ); 00793 00794 input += 16; 00795 output += 16; 00796 length -= 16; 00797 } 00798 } 00799 else 00800 { 00801 while( length > 0 ) 00802 { 00803 for( i = 0; i < 16; i++ ) 00804 output[i] = (unsigned char)( input[i] ^ iv[i] ); 00805 00806 aes_crypt_ecb( ctx, mode, output, output ); 00807 memcpy( iv, output, 16 ); 00808 00809 input += 16; 00810 output += 16; 00811 length -= 16; 00812 } 00813 } 00814 00815 return( 0 ); 00816 } 00817 00818 #if defined(POLARSSL_CIPHER_MODE_CFB) 00819 /* 00820 * AES-CFB128 buffer encryption/decryption 00821 */ 00822 int aes_crypt_cfb128( aes_context *ctx, 00823 int mode, 00824 size_t length, 00825 size_t *iv_off, 00826 unsigned char iv[16], 00827 const unsigned char *input, 00828 unsigned char *output ) 00829 { 00830 int c; 00831 size_t n = *iv_off; 00832 00833 if( mode == AES_DECRYPT ) 00834 { 00835 while( length-- ) 00836 { 00837 if( n == 0 ) 00838 aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); 00839 00840 c = *input++; 00841 *output++ = (unsigned char)( c ^ iv[n] ); 00842 iv[n] = (unsigned char) c; 00843 00844 n = (n + 1) & 0x0F; 00845 } 00846 } 00847 else 00848 { 00849 while( length-- ) 00850 { 00851 if( n == 0 ) 00852 aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); 00853 00854 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); 00855 00856 n = (n + 1) & 0x0F; 00857 } 00858 } 00859 00860 *iv_off = n; 00861 00862 return( 0 ); 00863 } 00864 #endif /*POLARSSL_CIPHER_MODE_CFB */ 00865 00866 #if defined(POLARSSL_CIPHER_MODE_CTR) 00867 /* 00868 * AES-CTR buffer encryption/decryption 00869 */ 00870 int aes_crypt_ctr( aes_context *ctx, 00871 size_t length, 00872 size_t *nc_off, 00873 unsigned char nonce_counter[16], 00874 unsigned char stream_block[16], 00875 const unsigned char *input, 00876 unsigned char *output ) 00877 { 00878 int c, i, cb; 00879 size_t n = *nc_off; 00880 00881 while( length-- ) 00882 { 00883 if( n == 0 ) { 00884 aes_crypt_ecb( ctx, AES_ENCRYPT, nonce_counter, stream_block ); 00885 00886 i = 15; 00887 do { 00888 nonce_counter[i]++; 00889 cb = nonce_counter[i] == 0; 00890 } while( i-- && cb ); 00891 00892 } 00893 c = *input++; 00894 *output++ = (unsigned char)( c ^ stream_block[n] ); 00895 00896 n = (n + 1) & 0x0F; 00897 } 00898 00899 *nc_off = n; 00900 00901 return( 0 ); 00902 } 00903 #endif /* POLARSSL_CIPHER_MODE_CTR */ 00904 00905 #if defined(POLARSSL_SELF_TEST) 00906 00907 #include <stdio.h> 00908 00909 /* 00910 * AES test vectors from: 00911 * 00912 * http://csrc.nist.gov/archive/aes/rijndael/rijndael-vals.zip 00913 */ 00914 static const unsigned char aes_test_ecb_dec[3][16] = 00915 { 00916 { 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58, 00917 0x33, 0x03, 0x91, 0x7E, 0x6B, 0xE9, 0xEB, 0xE0 }, 00918 { 0x48, 0xE3, 0x1E, 0x9E, 0x25, 0x67, 0x18, 0xF2, 00919 0x92, 0x29, 0x31, 0x9C, 0x19, 0xF1, 0x5B, 0xA4 }, 00920 { 0x05, 0x8C, 0xCF, 0xFD, 0xBB, 0xCB, 0x38, 0x2D, 00921 0x1F, 0x6F, 0x56, 0x58, 0x5D, 0x8A, 0x4A, 0xDE } 00922 }; 00923 00924 static const unsigned char aes_test_ecb_enc[3][16] = 00925 { 00926 { 0xC3, 0x4C, 0x05, 0x2C, 0xC0, 0xDA, 0x8D, 0x73, 00927 0x45, 0x1A, 0xFE, 0x5F, 0x03, 0xBE, 0x29, 0x7F }, 00928 { 0xF3, 0xF6, 0x75, 0x2A, 0xE8, 0xD7, 0x83, 0x11, 00929 0x38, 0xF0, 0x41, 0x56, 0x06, 0x31, 0xB1, 0x14 }, 00930 { 0x8B, 0x79, 0xEE, 0xCC, 0x93, 0xA0, 0xEE, 0x5D, 00931 0xFF, 0x30, 0xB4, 0xEA, 0x21, 0x63, 0x6D, 0xA4 } 00932 }; 00933 00934 static const unsigned char aes_test_cbc_dec[3][16] = 00935 { 00936 { 0xFA, 0xCA, 0x37, 0xE0, 0xB0, 0xC8, 0x53, 0x73, 00937 0xDF, 0x70, 0x6E, 0x73, 0xF7, 0xC9, 0xAF, 0x86 }, 00938 { 0x5D, 0xF6, 0x78, 0xDD, 0x17, 0xBA, 0x4E, 0x75, 00939 0xB6, 0x17, 0x68, 0xC6, 0xAD, 0xEF, 0x7C, 0x7B }, 00940 { 0x48, 0x04, 0xE1, 0x81, 0x8F, 0xE6, 0x29, 0x75, 00941 0x19, 0xA3, 0xE8, 0x8C, 0x57, 0x31, 0x04, 0x13 } 00942 }; 00943 00944 static const unsigned char aes_test_cbc_enc[3][16] = 00945 { 00946 { 0x8A, 0x05, 0xFC, 0x5E, 0x09, 0x5A, 0xF4, 0x84, 00947 0x8A, 0x08, 0xD3, 0x28, 0xD3, 0x68, 0x8E, 0x3D }, 00948 { 0x7B, 0xD9, 0x66, 0xD5, 0x3A, 0xD8, 0xC1, 0xBB, 00949 0x85, 0xD2, 0xAD, 0xFA, 0xE8, 0x7B, 0xB1, 0x04 }, 00950 { 0xFE, 0x3C, 0x53, 0x65, 0x3E, 0x2F, 0x45, 0xB5, 00951 0x6F, 0xCD, 0x88, 0xB2, 0xCC, 0x89, 0x8F, 0xF0 } 00952 }; 00953 00954 #if defined(POLARSSL_CIPHER_MODE_CFB) 00955 /* 00956 * AES-CFB128 test vectors from: 00957 * 00958 * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf 00959 */ 00960 static const unsigned char aes_test_cfb128_key[3][32] = 00961 { 00962 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 00963 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }, 00964 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, 00965 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, 00966 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }, 00967 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, 00968 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, 00969 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, 00970 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 } 00971 }; 00972 00973 static const unsigned char aes_test_cfb128_iv[16] = 00974 { 00975 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 00976 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F 00977 }; 00978 00979 static const unsigned char aes_test_cfb128_pt[64] = 00980 { 00981 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 00982 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, 00983 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, 00984 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51, 00985 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11, 00986 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF, 00987 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17, 00988 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10 00989 }; 00990 00991 static const unsigned char aes_test_cfb128_ct[3][64] = 00992 { 00993 { 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 00994 0x33, 0x34, 0x49, 0xF8, 0xE8, 0x3C, 0xFB, 0x4A, 00995 0xC8, 0xA6, 0x45, 0x37, 0xA0, 0xB3, 0xA9, 0x3F, 00996 0xCD, 0xE3, 0xCD, 0xAD, 0x9F, 0x1C, 0xE5, 0x8B, 00997 0x26, 0x75, 0x1F, 0x67, 0xA3, 0xCB, 0xB1, 0x40, 00998 0xB1, 0x80, 0x8C, 0xF1, 0x87, 0xA4, 0xF4, 0xDF, 00999 0xC0, 0x4B, 0x05, 0x35, 0x7C, 0x5D, 0x1C, 0x0E, 01000 0xEA, 0xC4, 0xC6, 0x6F, 0x9F, 0xF7, 0xF2, 0xE6 }, 01001 { 0xCD, 0xC8, 0x0D, 0x6F, 0xDD, 0xF1, 0x8C, 0xAB, 01002 0x34, 0xC2, 0x59, 0x09, 0xC9, 0x9A, 0x41, 0x74, 01003 0x67, 0xCE, 0x7F, 0x7F, 0x81, 0x17, 0x36, 0x21, 01004 0x96, 0x1A, 0x2B, 0x70, 0x17, 0x1D, 0x3D, 0x7A, 01005 0x2E, 0x1E, 0x8A, 0x1D, 0xD5, 0x9B, 0x88, 0xB1, 01006 0xC8, 0xE6, 0x0F, 0xED, 0x1E, 0xFA, 0xC4, 0xC9, 01007 0xC0, 0x5F, 0x9F, 0x9C, 0xA9, 0x83, 0x4F, 0xA0, 01008 0x42, 0xAE, 0x8F, 0xBA, 0x58, 0x4B, 0x09, 0xFF }, 01009 { 0xDC, 0x7E, 0x84, 0xBF, 0xDA, 0x79, 0x16, 0x4B, 01010 0x7E, 0xCD, 0x84, 0x86, 0x98, 0x5D, 0x38, 0x60, 01011 0x39, 0xFF, 0xED, 0x14, 0x3B, 0x28, 0xB1, 0xC8, 01012 0x32, 0x11, 0x3C, 0x63, 0x31, 0xE5, 0x40, 0x7B, 01013 0xDF, 0x10, 0x13, 0x24, 0x15, 0xE5, 0x4B, 0x92, 01014 0xA1, 0x3E, 0xD0, 0xA8, 0x26, 0x7A, 0xE2, 0xF9, 01015 0x75, 0xA3, 0x85, 0x74, 0x1A, 0xB9, 0xCE, 0xF8, 01016 0x20, 0x31, 0x62, 0x3D, 0x55, 0xB1, 0xE4, 0x71 } 01017 }; 01018 #endif /* POLARSSL_CIPHER_MODE_CFB */ 01019 01020 #if defined(POLARSSL_CIPHER_MODE_CTR) 01021 /* 01022 * AES-CTR test vectors from: 01023 * 01024 * http://www.faqs.org/rfcs/rfc3686.html 01025 */ 01026 01027 static const unsigned char aes_test_ctr_key[3][16] = 01028 { 01029 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC, 01030 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E }, 01031 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7, 01032 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 }, 01033 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8, 01034 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC } 01035 }; 01036 01037 static const unsigned char aes_test_ctr_nonce_counter[3][16] = 01038 { 01039 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 01040 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, 01041 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59, 01042 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 }, 01043 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F, 01044 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 } 01045 }; 01046 01047 static const unsigned char aes_test_ctr_pt[3][48] = 01048 { 01049 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62, 01050 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 }, 01051 01052 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 01053 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 01054 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 01055 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }, 01056 01057 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 01058 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 01059 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 01060 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 01061 0x20, 0x21, 0x22, 0x23 } 01062 }; 01063 01064 static const unsigned char aes_test_ctr_ct[3][48] = 01065 { 01066 { 0xE4, 0x09, 0x5D, 0x4F, 0xB7, 0xA7, 0xB3, 0x79, 01067 0x2D, 0x61, 0x75, 0xA3, 0x26, 0x13, 0x11, 0xB8 }, 01068 { 0x51, 0x04, 0xA1, 0x06, 0x16, 0x8A, 0x72, 0xD9, 01069 0x79, 0x0D, 0x41, 0xEE, 0x8E, 0xDA, 0xD3, 0x88, 01070 0xEB, 0x2E, 0x1E, 0xFC, 0x46, 0xDA, 0x57, 0xC8, 01071 0xFC, 0xE6, 0x30, 0xDF, 0x91, 0x41, 0xBE, 0x28 }, 01072 { 0xC1, 0xCF, 0x48, 0xA8, 0x9F, 0x2F, 0xFD, 0xD9, 01073 0xCF, 0x46, 0x52, 0xE9, 0xEF, 0xDB, 0x72, 0xD7, 01074 0x45, 0x40, 0xA4, 0x2B, 0xDE, 0x6D, 0x78, 0x36, 01075 0xD5, 0x9A, 0x5C, 0xEA, 0xAE, 0xF3, 0x10, 0x53, 01076 0x25, 0xB2, 0x07, 0x2F } 01077 }; 01078 01079 static const int aes_test_ctr_len[3] = 01080 { 16, 32, 36 }; 01081 #endif /* POLARSSL_CIPHER_MODE_CTR */ 01082 01083 /* 01084 * Checkup routine 01085 */ 01086 int aes_self_test( int verbose ) 01087 { 01088 int i, j, u, v; 01089 unsigned char key[32]; 01090 unsigned char buf[64]; 01091 unsigned char prv[16]; 01092 unsigned char iv[16]; 01093 #if defined(POLARSSL_CIPHER_MODE_CTR) || defined(POLARSSL_CIPHER_MODE_CFB) 01094 size_t offset; 01095 #endif 01096 #if defined(POLARSSL_CIPHER_MODE_CTR) 01097 int len; 01098 unsigned char nonce_counter[16]; 01099 unsigned char stream_block[16]; 01100 #endif 01101 aes_context ctx; 01102 01103 memset( key, 0, 32 ); 01104 01105 /* 01106 * ECB mode 01107 */ 01108 for( i = 0; i < 6; i++ ) 01109 { 01110 u = i >> 1; 01111 v = i & 1; 01112 01113 if( verbose != 0 ) 01114 printf( " AES-ECB-%3d (%s): ", 128 + u * 64, 01115 ( v == AES_DECRYPT ) ? "dec" : "enc" ); 01116 01117 memset( buf, 0, 16 ); 01118 01119 if( v == AES_DECRYPT ) 01120 { 01121 aes_setkey_dec( &ctx, key, 128 + u * 64 ); 01122 01123 for( j = 0; j < 10000; j++ ) 01124 aes_crypt_ecb( &ctx, v, buf, buf ); 01125 01126 if( memcmp( buf, aes_test_ecb_dec[u], 16 ) != 0 ) 01127 { 01128 if( verbose != 0 ) 01129 printf( "failed\n" ); 01130 01131 return( 1 ); 01132 } 01133 } 01134 else 01135 { 01136 aes_setkey_enc( &ctx, key, 128 + u * 64 ); 01137 01138 for( j = 0; j < 10000; j++ ) 01139 aes_crypt_ecb( &ctx, v, buf, buf ); 01140 01141 if( memcmp( buf, aes_test_ecb_enc[u], 16 ) != 0 ) 01142 { 01143 if( verbose != 0 ) 01144 printf( "failed\n" ); 01145 01146 return( 1 ); 01147 } 01148 } 01149 01150 if( verbose != 0 ) 01151 printf( "passed\n" ); 01152 } 01153 01154 if( verbose != 0 ) 01155 printf( "\n" ); 01156 01157 /* 01158 * CBC mode 01159 */ 01160 for( i = 0; i < 6; i++ ) 01161 { 01162 u = i >> 1; 01163 v = i & 1; 01164 01165 if( verbose != 0 ) 01166 printf( " AES-CBC-%3d (%s): ", 128 + u * 64, 01167 ( v == AES_DECRYPT ) ? "dec" : "enc" ); 01168 01169 memset( iv , 0, 16 ); 01170 memset( prv, 0, 16 ); 01171 memset( buf, 0, 16 ); 01172 01173 if( v == AES_DECRYPT ) 01174 { 01175 aes_setkey_dec( &ctx, key, 128 + u * 64 ); 01176 01177 for( j = 0; j < 10000; j++ ) 01178 aes_crypt_cbc( &ctx, v, 16, iv, buf, buf ); 01179 01180 if( memcmp( buf, aes_test_cbc_dec[u], 16 ) != 0 ) 01181 { 01182 if( verbose != 0 ) 01183 printf( "failed\n" ); 01184 01185 return( 1 ); 01186 } 01187 } 01188 else 01189 { 01190 aes_setkey_enc( &ctx, key, 128 + u * 64 ); 01191 01192 for( j = 0; j < 10000; j++ ) 01193 { 01194 unsigned char tmp[16]; 01195 01196 aes_crypt_cbc( &ctx, v, 16, iv, buf, buf ); 01197 01198 memcpy( tmp, prv, 16 ); 01199 memcpy( prv, buf, 16 ); 01200 memcpy( buf, tmp, 16 ); 01201 } 01202 01203 if( memcmp( prv, aes_test_cbc_enc[u], 16 ) != 0 ) 01204 { 01205 if( verbose != 0 ) 01206 printf( "failed\n" ); 01207 01208 return( 1 ); 01209 } 01210 } 01211 01212 if( verbose != 0 ) 01213 printf( "passed\n" ); 01214 } 01215 01216 if( verbose != 0 ) 01217 printf( "\n" ); 01218 01219 #if defined(POLARSSL_CIPHER_MODE_CFB) 01220 /* 01221 * CFB128 mode 01222 */ 01223 for( i = 0; i < 6; i++ ) 01224 { 01225 u = i >> 1; 01226 v = i & 1; 01227 01228 if( verbose != 0 ) 01229 printf( " AES-CFB128-%3d (%s): ", 128 + u * 64, 01230 ( v == AES_DECRYPT ) ? "dec" : "enc" ); 01231 01232 memcpy( iv, aes_test_cfb128_iv, 16 ); 01233 memcpy( key, aes_test_cfb128_key[u], 16 + u * 8 ); 01234 01235 offset = 0; 01236 aes_setkey_enc( &ctx, key, 128 + u * 64 ); 01237 01238 if( v == AES_DECRYPT ) 01239 { 01240 memcpy( buf, aes_test_cfb128_ct[u], 64 ); 01241 aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf ); 01242 01243 if( memcmp( buf, aes_test_cfb128_pt, 64 ) != 0 ) 01244 { 01245 if( verbose != 0 ) 01246 printf( "failed\n" ); 01247 01248 return( 1 ); 01249 } 01250 } 01251 else 01252 { 01253 memcpy( buf, aes_test_cfb128_pt, 64 ); 01254 aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf ); 01255 01256 if( memcmp( buf, aes_test_cfb128_ct[u], 64 ) != 0 ) 01257 { 01258 if( verbose != 0 ) 01259 printf( "failed\n" ); 01260 01261 return( 1 ); 01262 } 01263 } 01264 01265 if( verbose != 0 ) 01266 printf( "passed\n" ); 01267 } 01268 01269 if( verbose != 0 ) 01270 printf( "\n" ); 01271 #endif /* POLARSSL_CIPHER_MODE_CFB */ 01272 01273 #if defined(POLARSSL_CIPHER_MODE_CTR) 01274 /* 01275 * CTR mode 01276 */ 01277 for( i = 0; i < 6; i++ ) 01278 { 01279 u = i >> 1; 01280 v = i & 1; 01281 01282 if( verbose != 0 ) 01283 printf( " AES-CTR-128 (%s): ", 01284 ( v == AES_DECRYPT ) ? "dec" : "enc" ); 01285 01286 memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 ); 01287 memcpy( key, aes_test_ctr_key[u], 16 ); 01288 01289 offset = 0; 01290 aes_setkey_enc( &ctx, key, 128 ); 01291 01292 if( v == AES_DECRYPT ) 01293 { 01294 len = aes_test_ctr_len[u]; 01295 memcpy( buf, aes_test_ctr_ct[u], len ); 01296 01297 aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, buf, buf ); 01298 01299 if( memcmp( buf, aes_test_ctr_pt[u], len ) != 0 ) 01300 { 01301 if( verbose != 0 ) 01302 printf( "failed\n" ); 01303 01304 return( 1 ); 01305 } 01306 } 01307 else 01308 { 01309 len = aes_test_ctr_len[u]; 01310 memcpy( buf, aes_test_ctr_pt[u], len ); 01311 01312 aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, buf, buf ); 01313 01314 if( memcmp( buf, aes_test_ctr_ct[u], len ) != 0 ) 01315 { 01316 if( verbose != 0 ) 01317 printf( "failed\n" ); 01318 01319 return( 1 ); 01320 } 01321 } 01322 01323 if( verbose != 0 ) 01324 printf( "passed\n" ); 01325 } 01326 01327 if( verbose != 0 ) 01328 printf( "\n" ); 01329 #endif /* POLARSSL_CIPHER_MODE_CTR */ 01330 01331 return( 0 ); 01332 } 01333 01334 #endif 01335 01336 #endif