postgresql/contrib/pgcrypto/rijndael.c

678 lines
14 KiB
C
Raw Normal View History

/* $OpenBSD: rijndael.c,v 1.6 2000/12/09 18:51:34 markus Exp $ */
2010-09-21 04:08:53 +08:00
/* contrib/pgcrypto/rijndael.c */
/* This is an independent implementation of the encryption algorithm: */
/* */
/* RIJNDAEL by Joan Daemen and Vincent Rijmen */
/* */
/* which is a candidate algorithm in the Advanced Encryption Standard */
/* programme of the US National Institute of Standards and Technology. */
/* */
/* Copyright in this implementation is held by Dr B R Gladman but I */
2001-08-21 09:32:01 +08:00
/* hereby give permission for its free direct or derivative use subject */
/* to acknowledgment of its origin and compliance with any conditions */
/* that the originators of the algorithm place on its exploitation. */
/* */
/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999 */
2001-08-21 09:32:01 +08:00
/* Timing data for Rijndael (rijndael.c)
Algorithm: rijndael (rijndael.c)
128 bit key:
Key Setup: 305/1389 cycles (encrypt/decrypt)
Encrypt: 374 cycles = 68.4 mbits/sec
Decrypt: 352 cycles = 72.7 mbits/sec
Mean: 363 cycles = 70.5 mbits/sec
2001-08-21 09:32:01 +08:00
192 bit key:
Key Setup: 277/1595 cycles (encrypt/decrypt)
Encrypt: 439 cycles = 58.3 mbits/sec
Decrypt: 425 cycles = 60.2 mbits/sec
Mean: 432 cycles = 59.3 mbits/sec
2001-08-21 09:32:01 +08:00
256 bit key:
Key Setup: 374/1960 cycles (encrypt/decrypt)
Encrypt: 502 cycles = 51.0 mbits/sec
Decrypt: 498 cycles = 51.4 mbits/sec
Mean: 500 cycles = 51.2 mbits/sec
2001-08-21 09:32:01 +08:00
*/
#include "postgres.h"
2001-08-21 09:32:01 +08:00
#include <sys/param.h>
#include "px.h"
2001-08-21 09:32:01 +08:00
#include "rijndael.h"
#define PRE_CALC_TABLES
#define LARGE_TABLES
static void gen_tabs(void);
2001-08-21 09:32:01 +08:00
/* 3. Basic macros for speeding up generic operations */
2001-08-21 09:32:01 +08:00
/* Circular rotate of 32 bit values */
2001-08-21 09:32:01 +08:00
#define rotr(x,n) (((x) >> ((int)(n))) | ((x) << (32 - (int)(n))))
#define rotl(x,n) (((x) << ((int)(n))) | ((x) >> (32 - (int)(n))))
2001-08-21 09:32:01 +08:00
/* Invert byte order in a 32 bit variable */
2001-08-21 09:32:01 +08:00
#define bswap(x) ((rotl((x), 8) & 0x00ff00ff) | (rotr((x), 8) & 0xff00ff00))
2001-08-21 09:32:01 +08:00
/* Extract byte from a 32 bit quantity (little endian notation) */
2001-08-21 09:32:01 +08:00
#define byte(x,n) ((u1byte)((x) >> (8 * (n))))
2001-08-21 09:32:01 +08:00
#ifdef WORDS_BIGENDIAN
#define io_swap(x) bswap(x)
2001-08-21 09:32:01 +08:00
#else
#define io_swap(x) (x)
2001-08-21 09:32:01 +08:00
#endif
#ifdef PRINT_TABS
#undef PRE_CALC_TABLES
#endif
#ifdef PRE_CALC_TABLES
#include "rijndael.tbl"
#define tab_gen 1
#else /* !PRE_CALC_TABLES */
2001-08-21 09:32:01 +08:00
static u1byte pow_tab[256];
static u1byte log_tab[256];
static u1byte sbx_tab[256];
static u1byte isb_tab[256];
static u4byte rco_tab[10];
static u4byte ft_tab[4][256];
static u4byte it_tab[4][256];
2001-08-21 09:32:01 +08:00
#ifdef LARGE_TABLES
static u4byte fl_tab[4][256];
static u4byte il_tab[4][256];
2001-08-21 09:32:01 +08:00
#endif
static u4byte tab_gen = 0;
Phase 2 of pgindent updates. Change pg_bsd_indent to follow upstream rules for placement of comments to the right of code, and remove pgindent hack that caused comments following #endif to not obey the general rule. Commit e3860ffa4dd0dad0dd9eea4be9cc1412373a8c89 wasn't actually using the published version of pg_bsd_indent, but a hacked-up version that tried to minimize the amount of movement of comments to the right of code. The situation of interest is where such a comment has to be moved to the right of its default placement at column 33 because there's code there. BSD indent has always moved right in units of tab stops in such cases --- but in the previous incarnation, indent was working in 8-space tab stops, while now it knows we use 4-space tabs. So the net result is that in about half the cases, such comments are placed one tab stop left of before. This is better all around: it leaves more room on the line for comment text, and it means that in such cases the comment uniformly starts at the next 4-space tab stop after the code, rather than sometimes one and sometimes two tabs after. Also, ensure that comments following #endif are indented the same as comments following other preprocessor commands such as #else. That inconsistency turns out to have been self-inflicted damage from a poorly-thought-through post-indent "fixup" in pgindent. This patch is much less interesting than the first round of indent changes, but also bulkier, so I thought it best to separate the effects. Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-22 03:18:54 +08:00
#endif /* !PRE_CALC_TABLES */
2001-08-21 09:32:01 +08:00
#define ff_mult(a,b) ((a) && (b) ? pow_tab[(log_tab[a] + log_tab[b]) % 255] : 0)
2001-08-21 09:32:01 +08:00
#define f_rn(bo, bi, n, k) \
(bo)[n] = ft_tab[0][byte((bi)[n],0)] ^ \
ft_tab[1][byte((bi)[((n) + 1) & 3],1)] ^ \
ft_tab[2][byte((bi)[((n) + 2) & 3],2)] ^ \
ft_tab[3][byte((bi)[((n) + 3) & 3],3)] ^ *((k) + (n))
2001-08-21 09:32:01 +08:00
#define i_rn(bo, bi, n, k) \
(bo)[n] = it_tab[0][byte((bi)[n],0)] ^ \
it_tab[1][byte((bi)[((n) + 3) & 3],1)] ^ \
it_tab[2][byte((bi)[((n) + 2) & 3],2)] ^ \
it_tab[3][byte((bi)[((n) + 1) & 3],3)] ^ *((k) + (n))
2001-08-21 09:32:01 +08:00
#ifdef LARGE_TABLES
#define ls_box(x) \
( fl_tab[0][byte(x, 0)] ^ \
fl_tab[1][byte(x, 1)] ^ \
fl_tab[2][byte(x, 2)] ^ \
fl_tab[3][byte(x, 3)] )
2001-08-21 09:32:01 +08:00
#define f_rl(bo, bi, n, k) \
(bo)[n] = fl_tab[0][byte((bi)[n],0)] ^ \
fl_tab[1][byte((bi)[((n) + 1) & 3],1)] ^ \
fl_tab[2][byte((bi)[((n) + 2) & 3],2)] ^ \
fl_tab[3][byte((bi)[((n) + 3) & 3],3)] ^ *((k) + (n))
2001-08-21 09:32:01 +08:00
#define i_rl(bo, bi, n, k) \
(bo)[n] = il_tab[0][byte((bi)[n],0)] ^ \
il_tab[1][byte((bi)[((n) + 3) & 3],1)] ^ \
il_tab[2][byte((bi)[((n) + 2) & 3],2)] ^ \
il_tab[3][byte((bi)[((n) + 1) & 3],3)] ^ *((k) + (n))
2001-08-21 09:32:01 +08:00
#else
#define ls_box(x) \
((u4byte)sbx_tab[byte(x, 0)] << 0) ^ \
((u4byte)sbx_tab[byte(x, 1)] << 8) ^ \
((u4byte)sbx_tab[byte(x, 2)] << 16) ^ \
((u4byte)sbx_tab[byte(x, 3)] << 24)
#define f_rl(bo, bi, n, k) \
(bo)[n] = (u4byte)sbx_tab[byte((bi)[n],0)] ^ \
rotl(((u4byte)sbx_tab[byte((bi)[((n) + 1) & 3],1)]), 8) ^ \
rotl(((u4byte)sbx_tab[byte((bi)[((n) + 2) & 3],2)]), 16) ^ \
rotl(((u4byte)sbx_tab[byte((bi)[((n) + 3) & 3],3)]), 24) ^ *((k) + (n))
#define i_rl(bo, bi, n, k) \
(bo)[n] = (u4byte)isb_tab[byte((bi)[n],0)] ^ \
rotl(((u4byte)isb_tab[byte((bi)[((n) + 3) & 3],1)]), 8) ^ \
rotl(((u4byte)isb_tab[byte((bi)[((n) + 2) & 3],2)]), 16) ^ \
rotl(((u4byte)isb_tab[byte((bi)[((n) + 1) & 3],3)]), 24) ^ *((k) + (n))
2001-08-21 09:32:01 +08:00
#endif
static void
gen_tabs(void)
{
#ifndef PRE_CALC_TABLES
u4byte i,
t;
u1byte p,
q;
2001-08-21 09:32:01 +08:00
/* log and power tables for GF(2**8) finite field with */
/* 0x11b as modular polynomial - the simplest primitive */
/* root is 0x11, used here to generate the tables */
2001-08-21 09:32:01 +08:00
for (i = 0, p = 1; i < 256; ++i)
{
pow_tab[i] = (u1byte) p;
log_tab[p] = (u1byte) i;
2001-08-21 09:32:01 +08:00
p = p ^ (p << 1) ^ (p & 0x80 ? 0x01b : 0);
}
log_tab[1] = 0;
p = 1;
2001-08-21 09:32:01 +08:00
for (i = 0; i < 10; ++i)
{
rco_tab[i] = p;
2001-08-21 09:32:01 +08:00
p = (p << 1) ^ (p & 0x80 ? 0x1b : 0);
}
/* note that the affine byte transformation matrix in */
/* rijndael specification is in big endian format with */
/* bit 0 as the most significant bit. In the remainder */
/* of the specification the bits are numbered from the */
/* least significant end of a byte. */
for (i = 0; i < 256; ++i)
{
p = (i ? pow_tab[255 - log_tab[i]] : 0);
q = p;
q = (q >> 7) | (q << 1);
p ^= q;
q = (q >> 7) | (q << 1);
p ^= q;
q = (q >> 7) | (q << 1);
p ^= q;
q = (q >> 7) | (q << 1);
p ^= q ^ 0x63;
sbx_tab[i] = (u1byte) p;
isb_tab[p] = (u1byte) i;
2001-08-21 09:32:01 +08:00
}
for (i = 0; i < 256; ++i)
{
p = sbx_tab[i];
2001-08-21 09:32:01 +08:00
#ifdef LARGE_TABLES
t = p;
fl_tab[0][i] = t;
fl_tab[1][i] = rotl(t, 8);
2001-08-21 09:32:01 +08:00
fl_tab[2][i] = rotl(t, 16);
fl_tab[3][i] = rotl(t, 24);
#endif
t = ((u4byte) ff_mult(2, p)) |
((u4byte) p << 8) |
((u4byte) p << 16) |
((u4byte) ff_mult(3, p) << 24);
2001-08-21 09:32:01 +08:00
ft_tab[0][i] = t;
ft_tab[1][i] = rotl(t, 8);
2001-08-21 09:32:01 +08:00
ft_tab[2][i] = rotl(t, 16);
ft_tab[3][i] = rotl(t, 24);
p = isb_tab[i];
2001-08-21 09:32:01 +08:00
#ifdef LARGE_TABLES
t = p;
il_tab[0][i] = t;
il_tab[1][i] = rotl(t, 8);
il_tab[2][i] = rotl(t, 16);
2001-08-21 09:32:01 +08:00
il_tab[3][i] = rotl(t, 24);
#endif
t = ((u4byte) ff_mult(14, p)) |
((u4byte) ff_mult(9, p) << 8) |
((u4byte) ff_mult(13, p) << 16) |
((u4byte) ff_mult(11, p) << 24);
it_tab[0][i] = t;
it_tab[1][i] = rotl(t, 8);
it_tab[2][i] = rotl(t, 16);
it_tab[3][i] = rotl(t, 24);
2001-08-21 09:32:01 +08:00
}
tab_gen = 1;
Phase 2 of pgindent updates. Change pg_bsd_indent to follow upstream rules for placement of comments to the right of code, and remove pgindent hack that caused comments following #endif to not obey the general rule. Commit e3860ffa4dd0dad0dd9eea4be9cc1412373a8c89 wasn't actually using the published version of pg_bsd_indent, but a hacked-up version that tried to minimize the amount of movement of comments to the right of code. The situation of interest is where such a comment has to be moved to the right of its default placement at column 33 because there's code there. BSD indent has always moved right in units of tab stops in such cases --- but in the previous incarnation, indent was working in 8-space tab stops, while now it knows we use 4-space tabs. So the net result is that in about half the cases, such comments are placed one tab stop left of before. This is better all around: it leaves more room on the line for comment text, and it means that in such cases the comment uniformly starts at the next 4-space tab stop after the code, rather than sometimes one and sometimes two tabs after. Also, ensure that comments following #endif are indented the same as comments following other preprocessor commands such as #else. That inconsistency turns out to have been self-inflicted damage from a poorly-thought-through post-indent "fixup" in pgindent. This patch is much less interesting than the first round of indent changes, but also bulkier, so I thought it best to separate the effects. Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-22 03:18:54 +08:00
#endif /* !PRE_CALC_TABLES */
2001-08-21 09:32:01 +08:00
}
#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b)
#define imix_col(y,x) \
do { \
u = star_x(x); \
v = star_x(u); \
w = star_x(v); \
t = w ^ (x); \
(y) = u ^ v ^ w; \
2001-08-21 09:32:01 +08:00
(y) ^= rotr(u ^ t, 8) ^ \
rotr(v ^ t, 16) ^ \
rotr(t,24); \
} while (0)
2001-08-21 09:32:01 +08:00
/* initialise the key schedule from the user supplied key */
2001-08-21 09:32:01 +08:00
#define loop4(i) \
do { t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \
t ^= e_key[4 * i]; e_key[4 * i + 4] = t; \
t ^= e_key[4 * i + 1]; e_key[4 * i + 5] = t; \
t ^= e_key[4 * i + 2]; e_key[4 * i + 6] = t; \
t ^= e_key[4 * i + 3]; e_key[4 * i + 7] = t; \
} while (0)
2001-08-21 09:32:01 +08:00
#define loop6(i) \
do { t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \
t ^= e_key[6 * (i)]; e_key[6 * (i) + 6] = t; \
t ^= e_key[6 * (i) + 1]; e_key[6 * (i) + 7] = t; \
t ^= e_key[6 * (i) + 2]; e_key[6 * (i) + 8] = t; \
t ^= e_key[6 * (i) + 3]; e_key[6 * (i) + 9] = t; \
t ^= e_key[6 * (i) + 4]; e_key[6 * (i) + 10] = t; \
t ^= e_key[6 * (i) + 5]; e_key[6 * (i) + 11] = t; \
} while (0)
2001-08-21 09:32:01 +08:00
#define loop8(i) \
do { t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \
t ^= e_key[8 * (i)]; e_key[8 * (i) + 8] = t; \
t ^= e_key[8 * (i) + 1]; e_key[8 * (i) + 9] = t; \
t ^= e_key[8 * (i) + 2]; e_key[8 * (i) + 10] = t; \
t ^= e_key[8 * (i) + 3]; e_key[8 * (i) + 11] = t; \
t = e_key[8 * (i) + 4] ^ ls_box(t); \
e_key[8 * (i) + 12] = t; \
t ^= e_key[8 * (i) + 5]; e_key[8 * (i) + 13] = t; \
t ^= e_key[8 * (i) + 6]; e_key[8 * (i) + 14] = t; \
t ^= e_key[8 * (i) + 7]; e_key[8 * (i) + 15] = t; \
} while (0)
2001-08-21 09:32:01 +08:00
rijndael_ctx *
rijndael_set_key(rijndael_ctx *ctx, const u4byte *in_key, const u4byte key_len,
int encrypt)
{
u4byte i,
t,
u,
v,
w;
u4byte *e_key = ctx->e_key;
u4byte *d_key = ctx->d_key;
2001-08-21 09:32:01 +08:00
ctx->decrypt = !encrypt;
if (!tab_gen)
2001-08-21 09:32:01 +08:00
gen_tabs();
ctx->k_len = (key_len + 31) / 32;
e_key[0] = io_swap(in_key[0]);
e_key[1] = io_swap(in_key[1]);
e_key[2] = io_swap(in_key[2]);
e_key[3] = io_swap(in_key[3]);
switch (ctx->k_len)
{
case 4:
t = e_key[3];
for (i = 0; i < 10; ++i)
loop4(i);
break;
case 6:
e_key[4] = io_swap(in_key[4]);
t = e_key[5] = io_swap(in_key[5]);
for (i = 0; i < 8; ++i)
loop6(i);
break;
case 8:
e_key[4] = io_swap(in_key[4]);
e_key[5] = io_swap(in_key[5]);
e_key[6] = io_swap(in_key[6]);
t = e_key[7] = io_swap(in_key[7]);
for (i = 0; i < 7; ++i)
loop8(i);
break;
2001-08-21 09:32:01 +08:00
}
if (!encrypt)
{
d_key[0] = e_key[0];
d_key[1] = e_key[1];
d_key[2] = e_key[2];
d_key[3] = e_key[3];
2001-08-21 09:32:01 +08:00
for (i = 4; i < 4 * ctx->k_len + 24; ++i)
2001-08-21 09:32:01 +08:00
imix_col(d_key[i], e_key[i]);
}
return ctx;
}
/* encrypt a block of text */
2001-08-21 09:32:01 +08:00
#define f_nround(bo, bi, k) \
do { \
f_rn(bo, bi, 0, k); \
f_rn(bo, bi, 1, k); \
f_rn(bo, bi, 2, k); \
f_rn(bo, bi, 3, k); \
k += 4; \
} while (0)
2001-08-21 09:32:01 +08:00
#define f_lround(bo, bi, k) \
do { \
f_rl(bo, bi, 0, k); \
f_rl(bo, bi, 1, k); \
f_rl(bo, bi, 2, k); \
f_rl(bo, bi, 3, k); \
} while (0)
2001-08-21 09:32:01 +08:00
void
rijndael_encrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk)
{
u4byte k_len = ctx->k_len;
u4byte *e_key = ctx->e_key;
u4byte b0[4],
b1[4],
*kp;
2001-08-21 09:32:01 +08:00
b0[0] = io_swap(in_blk[0]) ^ e_key[0];
b0[1] = io_swap(in_blk[1]) ^ e_key[1];
b0[2] = io_swap(in_blk[2]) ^ e_key[2];
b0[3] = io_swap(in_blk[3]) ^ e_key[3];
kp = e_key + 4;
if (k_len > 6)
{
f_nround(b1, b0, kp);
f_nround(b0, b1, kp);
2001-08-21 09:32:01 +08:00
}
if (k_len > 4)
{
f_nround(b1, b0, kp);
f_nround(b0, b1, kp);
2001-08-21 09:32:01 +08:00
}
f_nround(b1, b0, kp);
f_nround(b0, b1, kp);
f_nround(b1, b0, kp);
f_nround(b0, b1, kp);
f_nround(b1, b0, kp);
f_nround(b0, b1, kp);
f_nround(b1, b0, kp);
f_nround(b0, b1, kp);
f_nround(b1, b0, kp);
f_lround(b0, b1, kp);
out_blk[0] = io_swap(b0[0]);
out_blk[1] = io_swap(b0[1]);
out_blk[2] = io_swap(b0[2]);
out_blk[3] = io_swap(b0[3]);
2001-08-21 09:32:01 +08:00
}
/* decrypt a block of text */
2001-08-21 09:32:01 +08:00
#define i_nround(bo, bi, k) \
do { \
i_rn(bo, bi, 0, k); \
i_rn(bo, bi, 1, k); \
i_rn(bo, bi, 2, k); \
i_rn(bo, bi, 3, k); \
k -= 4; \
} while (0)
2001-08-21 09:32:01 +08:00
#define i_lround(bo, bi, k) \
do { \
i_rl(bo, bi, 0, k); \
i_rl(bo, bi, 1, k); \
i_rl(bo, bi, 2, k); \
i_rl(bo, bi, 3, k); \
} while (0)
2001-08-21 09:32:01 +08:00
void
rijndael_decrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk)
{
u4byte b0[4],
b1[4],
*kp;
u4byte k_len = ctx->k_len;
u4byte *e_key = ctx->e_key;
u4byte *d_key = ctx->d_key;
2001-08-21 09:32:01 +08:00
b0[0] = io_swap(in_blk[0]) ^ e_key[4 * k_len + 24];
b0[1] = io_swap(in_blk[1]) ^ e_key[4 * k_len + 25];
b0[2] = io_swap(in_blk[2]) ^ e_key[4 * k_len + 26];
b0[3] = io_swap(in_blk[3]) ^ e_key[4 * k_len + 27];
kp = d_key + 4 * (k_len + 5);
if (k_len > 6)
{
i_nround(b1, b0, kp);
i_nround(b0, b1, kp);
2001-08-21 09:32:01 +08:00
}
if (k_len > 4)
{
i_nround(b1, b0, kp);
i_nround(b0, b1, kp);
2001-08-21 09:32:01 +08:00
}
i_nround(b1, b0, kp);
i_nround(b0, b1, kp);
i_nround(b1, b0, kp);
i_nround(b0, b1, kp);
i_nround(b1, b0, kp);
i_nround(b0, b1, kp);
i_nround(b1, b0, kp);
i_nround(b0, b1, kp);
i_nround(b1, b0, kp);
i_lround(b0, b1, kp);
out_blk[0] = io_swap(b0[0]);
out_blk[1] = io_swap(b0[1]);
out_blk[2] = io_swap(b0[2]);
out_blk[3] = io_swap(b0[3]);
2001-08-21 09:32:01 +08:00
}
/*
* conventional interface
*
* ATM it hopes all data is 4-byte aligned - which
* should be true for PX. -marko
*/
void
aes_set_key(rijndael_ctx *ctx, const uint8 *key, unsigned keybits, int enc)
2001-08-21 09:32:01 +08:00
{
uint32 *k;
k = (uint32 *) key;
2001-08-21 09:32:01 +08:00
rijndael_set_key(ctx, k, keybits, enc);
}
void
aes_ecb_encrypt(rijndael_ctx *ctx, uint8 *data, unsigned len)
2001-08-21 09:32:01 +08:00
{
unsigned bs = 16;
uint32 *d;
while (len >= bs)
{
d = (uint32 *) data;
2001-08-21 09:32:01 +08:00
rijndael_encrypt(ctx, d, d);
len -= bs;
data += bs;
}
}
void
aes_ecb_decrypt(rijndael_ctx *ctx, uint8 *data, unsigned len)
2001-08-21 09:32:01 +08:00
{
unsigned bs = 16;
uint32 *d;
while (len >= bs)
{
d = (uint32 *) data;
2001-08-21 09:32:01 +08:00
rijndael_decrypt(ctx, d, d);
len -= bs;
data += bs;
}
}
void
aes_cbc_encrypt(rijndael_ctx *ctx, uint8 *iva, uint8 *data, unsigned len)
2001-08-21 09:32:01 +08:00
{
uint32 *iv = (uint32 *) iva;
uint32 *d = (uint32 *) data;
unsigned bs = 16;
while (len >= bs)
{
d[0] ^= iv[0];
d[1] ^= iv[1];
d[2] ^= iv[2];
d[3] ^= iv[3];
2001-08-21 09:32:01 +08:00
rijndael_encrypt(ctx, d, d);
iv = d;
d += bs / 4;
2001-08-21 09:32:01 +08:00
len -= bs;
}
}
void
aes_cbc_decrypt(rijndael_ctx *ctx, uint8 *iva, uint8 *data, unsigned len)
2001-08-21 09:32:01 +08:00
{
uint32 *d = (uint32 *) data;
unsigned bs = 16;
uint32 buf[4],
iv[4];
2001-08-21 09:32:01 +08:00
memcpy(iv, iva, bs);
while (len >= bs)
{
buf[0] = d[0];
buf[1] = d[1];
buf[2] = d[2];
buf[3] = d[3];
2001-08-21 09:32:01 +08:00
rijndael_decrypt(ctx, buf, d);
d[0] ^= iv[0];
d[1] ^= iv[1];
d[2] ^= iv[2];
d[3] ^= iv[3];
iv[0] = buf[0];
iv[1] = buf[1];
iv[2] = buf[2];
iv[3] = buf[3];
2001-08-21 09:32:01 +08:00
d += 4;
len -= bs;
}
}
/*
* pre-calculate tables.
*
* On i386 lifts 17k from .bss to .rodata
* and avoids 1k code and setup time.
* -marko
2001-08-21 09:32:01 +08:00
*/
#ifdef PRINT_TABS
static void
show256u8(char *name, uint8 *data)
2001-08-21 09:32:01 +08:00
{
int i;
2001-08-21 09:32:01 +08:00
printf("static const u1byte %s[256] = {\n ", name);
for (i = 0; i < 256;)
{
2001-08-21 09:32:01 +08:00
printf("%u", pow_tab[i++]);
if (i < 256)
printf(i % 16 ? ", " : ",\n ");
}
printf("\n};\n\n");
}
static void
show4x256u32(char *name, uint32 data[4][256])
2001-08-21 09:32:01 +08:00
{
int i,
j;
2001-08-21 09:32:01 +08:00
printf("static const u4byte %s[4][256] = {\n{\n ", name);
for (i = 0; i < 4; i++)
{
for (j = 0; j < 256;)
{
2001-08-21 09:32:01 +08:00
printf("0x%08x", data[i][j]);
j++;
if (j < 256)
printf(j % 4 ? ", " : ",\n ");
}
printf(i < 3 ? "\n}, {\n " : "\n}\n");
}
printf("};\n\n");
}
int
main()
2001-08-21 09:32:01 +08:00
{
int i;
char *hdr = "/* Generated by rijndael.c */\n\n";
2001-08-21 09:32:01 +08:00
gen_tabs();
printf(hdr);
show256u8("pow_tab", pow_tab);
show256u8("log_tab", log_tab);
show256u8("sbx_tab", sbx_tab);
show256u8("isb_tab", isb_tab);
2001-08-21 09:32:01 +08:00
show4x256u32("ft_tab", ft_tab);
show4x256u32("it_tab", it_tab);
#ifdef LARGE_TABLES
show4x256u32("fl_tab", fl_tab);
show4x256u32("il_tab", il_tab);
#endif
printf("static const u4byte rco_tab[10] = {\n ");
for (i = 0; i < 10; i++)
{
2001-08-21 09:32:01 +08:00
printf("0x%08x", rco_tab[i]);
if (i < 9)
printf(", ");
if (i == 4)
printf("\n ");
2001-08-21 09:32:01 +08:00
}
printf("\n};\n\n");
return 0;
}
2001-08-21 09:32:01 +08:00
#endif