Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/contrib/openzfs/module/icp/asm-x86_64/aes/aeskey.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* 2 * --------------------------------------------------------------------------- 3 * Copyright (c) 1998-2007, Brian Gladman, Worcester, UK. All rights reserved. 4 * 5 * LICENSE TERMS 6 * 7 * The free distribution and use of this software is allowed (with or without 8 * changes) provided that: 9 * 10 * 1. source code distributions include the above copyright notice, this 11 * list of conditions and the following disclaimer; 12 * 13 * 2. binary distributions include the above copyright notice, this list 14 * of conditions and the following disclaimer in their documentation; 15 * 16 * 3. the name of the copyright holder is not used to endorse products 17 * built using this software without specific written permission. 18 * 19 * DISCLAIMER 20 * 21 * This software is provided 'as is' with no explicit or implied warranties 22 * in respect of its properties, including, but not limited to, correctness 23 * and/or fitness for purpose. 24 * --------------------------------------------------------------------------- 25 * Issue Date: 20/12/2007 26 */ 27 28 #include <aes/aes_impl.h> 29 #include "aesopt.h" 30 #include "aestab.h" 31 #include "aestab2.h" 32 33 /* 34 * Initialise the key schedule from the user supplied key. The key 35 * length can be specified in bytes, with legal values of 16, 24 36 * and 32, or in bits, with legal values of 128, 192 and 256. These 37 * values correspond with Nk values of 4, 6 and 8 respectively. 38 * 39 * The following macros implement a single cycle in the key 40 * schedule generation process. The number of cycles needed 41 * for each cx->n_col and nk value is: 42 * 43 * nk = 4 5 6 7 8 44 * ------------------------------ 45 * cx->n_col = 4 10 9 8 7 7 46 * cx->n_col = 5 14 11 10 9 9 47 * cx->n_col = 6 19 15 12 11 11 48 * cx->n_col = 7 21 19 16 13 14 49 * cx->n_col = 8 29 23 19 17 14 50 */ 51 52 /* 53 * OpenSolaris changes 54 * 1. Added header files aes_impl.h and aestab2.h 55 * 2. Changed uint_8t and uint_32t to uint8_t and uint32_t 56 * 3. Remove code under ifdef USE_VIA_ACE_IF_PRESENT (always undefined) 57 * 4. Removed always-defined ifdefs FUNCS_IN_C, ENC_KEYING_IN_C, 58 * AES_128, AES_192, AES_256, AES_VAR defines 59 * 5. Changed aes_encrypt_key* aes_decrypt_key* functions to "static void" 60 * 6. Changed N_COLS to MAX_AES_NB 61 * 7. Replaced functions aes_encrypt_key and aes_decrypt_key with 62 * OpenSolaris-compatible functions rijndael_key_setup_enc_amd64 and 63 * rijndael_key_setup_dec_amd64 64 * 8. cstyled code and removed lint warnings 65 */ 66 67 #if defined(REDUCE_CODE_SIZE) 68 #define ls_box ls_sub 69 uint32_t ls_sub(const uint32_t t, const uint32_t n); 70 #define inv_mcol im_sub 71 uint32_t im_sub(const uint32_t x); 72 #ifdef ENC_KS_UNROLL 73 #undef ENC_KS_UNROLL 74 #endif 75 #ifdef DEC_KS_UNROLL 76 #undef DEC_KS_UNROLL 77 #endif 78 #endif /* REDUCE_CODE_SIZE */ 79 80 81 #define ke4(k, i) \ 82 { k[4 * (i) + 4] = ss[0] ^= ls_box(ss[3], 3) ^ t_use(r, c)[i]; \ 83 k[4 * (i) + 5] = ss[1] ^= ss[0]; \ 84 k[4 * (i) + 6] = ss[2] ^= ss[1]; \ 85 k[4 * (i) + 7] = ss[3] ^= ss[2]; \ 86 } 87 88 static void 89 aes_encrypt_key128(const unsigned char *key, uint32_t rk[]) 90 { 91 uint32_t ss[4]; 92 93 rk[0] = ss[0] = word_in(key, 0); 94 rk[1] = ss[1] = word_in(key, 1); 95 rk[2] = ss[2] = word_in(key, 2); 96 rk[3] = ss[3] = word_in(key, 3); 97 98 #ifdef ENC_KS_UNROLL 99 ke4(rk, 0); ke4(rk, 1); 100 ke4(rk, 2); ke4(rk, 3); 101 ke4(rk, 4); ke4(rk, 5); 102 ke4(rk, 6); ke4(rk, 7); 103 ke4(rk, 8); 104 #else 105 { 106 uint32_t i; 107 for (i = 0; i < 9; ++i) 108 ke4(rk, i); 109 } 110 #endif /* ENC_KS_UNROLL */ 111 ke4(rk, 9); 112 } 113 114 115 #define kef6(k, i) \ 116 { k[6 * (i) + 6] = ss[0] ^= ls_box(ss[5], 3) ^ t_use(r, c)[i]; \ 117 k[6 * (i) + 7] = ss[1] ^= ss[0]; \ 118 k[6 * (i) + 8] = ss[2] ^= ss[1]; \ 119 k[6 * (i) + 9] = ss[3] ^= ss[2]; \ 120 } 121 122 #define ke6(k, i) \ 123 { kef6(k, i); \ 124 k[6 * (i) + 10] = ss[4] ^= ss[3]; \ 125 k[6 * (i) + 11] = ss[5] ^= ss[4]; \ 126 } 127 128 static void 129 aes_encrypt_key192(const unsigned char *key, uint32_t rk[]) 130 { 131 uint32_t ss[6]; 132 133 rk[0] = ss[0] = word_in(key, 0); 134 rk[1] = ss[1] = word_in(key, 1); 135 rk[2] = ss[2] = word_in(key, 2); 136 rk[3] = ss[3] = word_in(key, 3); 137 rk[4] = ss[4] = word_in(key, 4); 138 rk[5] = ss[5] = word_in(key, 5); 139 140 #ifdef ENC_KS_UNROLL 141 ke6(rk, 0); ke6(rk, 1); 142 ke6(rk, 2); ke6(rk, 3); 143 ke6(rk, 4); ke6(rk, 5); 144 ke6(rk, 6); 145 #else 146 { 147 uint32_t i; 148 for (i = 0; i < 7; ++i) 149 ke6(rk, i); 150 } 151 #endif /* ENC_KS_UNROLL */ 152 kef6(rk, 7); 153 } 154 155 156 157 #define kef8(k, i) \ 158 { k[8 * (i) + 8] = ss[0] ^= ls_box(ss[7], 3) ^ t_use(r, c)[i]; \ 159 k[8 * (i) + 9] = ss[1] ^= ss[0]; \ 160 k[8 * (i) + 10] = ss[2] ^= ss[1]; \ 161 k[8 * (i) + 11] = ss[3] ^= ss[2]; \ 162 } 163 164 #define ke8(k, i) \ 165 { kef8(k, i); \ 166 k[8 * (i) + 12] = ss[4] ^= ls_box(ss[3], 0); \ 167 k[8 * (i) + 13] = ss[5] ^= ss[4]; \ 168 k[8 * (i) + 14] = ss[6] ^= ss[5]; \ 169 k[8 * (i) + 15] = ss[7] ^= ss[6]; \ 170 } 171 172 static void 173 aes_encrypt_key256(const unsigned char *key, uint32_t rk[]) 174 { 175 uint32_t ss[8]; 176 177 rk[0] = ss[0] = word_in(key, 0); 178 rk[1] = ss[1] = word_in(key, 1); 179 rk[2] = ss[2] = word_in(key, 2); 180 rk[3] = ss[3] = word_in(key, 3); 181 rk[4] = ss[4] = word_in(key, 4); 182 rk[5] = ss[5] = word_in(key, 5); 183 rk[6] = ss[6] = word_in(key, 6); 184 rk[7] = ss[7] = word_in(key, 7); 185 186 #ifdef ENC_KS_UNROLL 187 ke8(rk, 0); ke8(rk, 1); 188 ke8(rk, 2); ke8(rk, 3); 189 ke8(rk, 4); ke8(rk, 5); 190 #else 191 { 192 uint32_t i; 193 for (i = 0; i < 6; ++i) 194 ke8(rk, i); 195 } 196 #endif /* ENC_KS_UNROLL */ 197 kef8(rk, 6); 198 } 199 200 201 /* 202 * Expand the cipher key into the encryption key schedule. 203 * 204 * Return the number of rounds for the given cipher key size. 205 * The size of the key schedule depends on the number of rounds 206 * (which can be computed from the size of the key), i.e. 4 * (Nr + 1). 207 * 208 * Parameters: 209 * rk AES key schedule 32-bit array to be initialized 210 * cipherKey User key 211 * keyBits AES key size (128, 192, or 256 bits) 212 */ 213 int 214 rijndael_key_setup_enc_amd64(uint32_t rk[], const uint32_t cipherKey[], 215 int keyBits) 216 { 217 switch (keyBits) { 218 case 128: 219 aes_encrypt_key128((unsigned char *)&cipherKey[0], rk); 220 return (10); 221 case 192: 222 aes_encrypt_key192((unsigned char *)&cipherKey[0], rk); 223 return (12); 224 case 256: 225 aes_encrypt_key256((unsigned char *)&cipherKey[0], rk); 226 return (14); 227 default: /* should never get here */ 228 break; 229 } 230 231 return (0); 232 } 233 234 235 /* this is used to store the decryption round keys */ 236 /* in forward or reverse order */ 237 238 #ifdef AES_REV_DKS 239 #define v(n, i) ((n) - (i) + 2 * ((i) & 3)) 240 #else 241 #define v(n, i) (i) 242 #endif 243 244 #if DEC_ROUND == NO_TABLES 245 #define ff(x) (x) 246 #else 247 #define ff(x) inv_mcol(x) 248 #if defined(dec_imvars) 249 #define d_vars dec_imvars 250 #endif 251 #endif /* FUNCS_IN_C & DEC_KEYING_IN_C */ 252 253 254 #define k4e(k, i) \ 255 { k[v(40, (4 * (i)) + 4)] = ss[0] ^= ls_box(ss[3], 3) ^ t_use(r, c)[i]; \ 256 k[v(40, (4 * (i)) + 5)] = ss[1] ^= ss[0]; \ 257 k[v(40, (4 * (i)) + 6)] = ss[2] ^= ss[1]; \ 258 k[v(40, (4 * (i)) + 7)] = ss[3] ^= ss[2]; \ 259 } 260 261 #if 1 262 263 #define kdf4(k, i) \ 264 { ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; \ 265 ss[1] = ss[1] ^ ss[3]; \ 266 ss[2] = ss[2] ^ ss[3]; \ 267 ss[4] = ls_box(ss[(i + 3) % 4], 3) ^ t_use(r, c)[i]; \ 268 ss[i % 4] ^= ss[4]; \ 269 ss[4] ^= k[v(40, (4 * (i)))]; k[v(40, (4 * (i)) + 4)] = ff(ss[4]); \ 270 ss[4] ^= k[v(40, (4 * (i)) + 1)]; k[v(40, (4 * (i)) + 5)] = ff(ss[4]); \ 271 ss[4] ^= k[v(40, (4 * (i)) + 2)]; k[v(40, (4 * (i)) + 6)] = ff(ss[4]); \ 272 ss[4] ^= k[v(40, (4 * (i)) + 3)]; k[v(40, (4 * (i)) + 7)] = ff(ss[4]); \ 273 } 274 275 #define kd4(k, i) \ 276 { ss[4] = ls_box(ss[(i + 3) % 4], 3) ^ t_use(r, c)[i]; \ 277 ss[i % 4] ^= ss[4]; ss[4] = ff(ss[4]); \ 278 k[v(40, (4 * (i)) + 4)] = ss[4] ^= k[v(40, (4 * (i)))]; \ 279 k[v(40, (4 * (i)) + 5)] = ss[4] ^= k[v(40, (4 * (i)) + 1)]; \ 280 k[v(40, (4 * (i)) + 6)] = ss[4] ^= k[v(40, (4 * (i)) + 2)]; \ 281 k[v(40, (4 * (i)) + 7)] = ss[4] ^= k[v(40, (4 * (i)) + 3)]; \ 282 } 283 284 #define kdl4(k, i) \ 285 { ss[4] = ls_box(ss[(i + 3) % 4], 3) ^ t_use(r, c)[i]; \ 286 ss[i % 4] ^= ss[4]; \ 287 k[v(40, (4 * (i)) + 4)] = (ss[0] ^= ss[1]) ^ ss[2] ^ ss[3]; \ 288 k[v(40, (4 * (i)) + 5)] = ss[1] ^ ss[3]; \ 289 k[v(40, (4 * (i)) + 6)] = ss[0]; \ 290 k[v(40, (4 * (i)) + 7)] = ss[1]; \ 291 } 292 293 #else 294 295 #define kdf4(k, i) \ 296 { ss[0] ^= ls_box(ss[3], 3) ^ t_use(r, c)[i]; \ 297 k[v(40, (4 * (i)) + 4)] = ff(ss[0]); \ 298 ss[1] ^= ss[0]; k[v(40, (4 * (i)) + 5)] = ff(ss[1]); \ 299 ss[2] ^= ss[1]; k[v(40, (4 * (i)) + 6)] = ff(ss[2]); \ 300 ss[3] ^= ss[2]; k[v(40, (4 * (i)) + 7)] = ff(ss[3]); \ 301 } 302 303 #define kd4(k, i) \ 304 { ss[4] = ls_box(ss[3], 3) ^ t_use(r, c)[i]; \ 305 ss[0] ^= ss[4]; \ 306 ss[4] = ff(ss[4]); \ 307 k[v(40, (4 * (i)) + 4)] = ss[4] ^= k[v(40, (4 * (i)))]; \ 308 ss[1] ^= ss[0]; \ 309 k[v(40, (4 * (i)) + 5)] = ss[4] ^= k[v(40, (4 * (i)) + 1)]; \ 310 ss[2] ^= ss[1]; \ 311 k[v(40, (4 * (i)) + 6)] = ss[4] ^= k[v(40, (4 * (i)) + 2)]; \ 312 ss[3] ^= ss[2]; \ 313 k[v(40, (4 * (i)) + 7)] = ss[4] ^= k[v(40, (4 * (i)) + 3)]; \ 314 } 315 316 #define kdl4(k, i) \ 317 { ss[0] ^= ls_box(ss[3], 3) ^ t_use(r, c)[i]; \ 318 k[v(40, (4 * (i)) + 4)] = ss[0]; \ 319 ss[1] ^= ss[0]; k[v(40, (4 * (i)) + 5)] = ss[1]; \ 320 ss[2] ^= ss[1]; k[v(40, (4 * (i)) + 6)] = ss[2]; \ 321 ss[3] ^= ss[2]; k[v(40, (4 * (i)) + 7)] = ss[3]; \ 322 } 323 324 #endif 325 326 static void 327 aes_decrypt_key128(const unsigned char *key, uint32_t rk[]) 328 { 329 uint32_t ss[5]; 330 #if defined(d_vars) 331 d_vars; 332 #endif 333 rk[v(40, (0))] = ss[0] = word_in(key, 0); 334 rk[v(40, (1))] = ss[1] = word_in(key, 1); 335 rk[v(40, (2))] = ss[2] = word_in(key, 2); 336 rk[v(40, (3))] = ss[3] = word_in(key, 3); 337 338 #ifdef DEC_KS_UNROLL 339 kdf4(rk, 0); kd4(rk, 1); 340 kd4(rk, 2); kd4(rk, 3); 341 kd4(rk, 4); kd4(rk, 5); 342 kd4(rk, 6); kd4(rk, 7); 343 kd4(rk, 8); kdl4(rk, 9); 344 #else 345 { 346 uint32_t i; 347 for (i = 0; i < 10; ++i) 348 k4e(rk, i); 349 #if !(DEC_ROUND == NO_TABLES) 350 for (i = MAX_AES_NB; i < 10 * MAX_AES_NB; ++i) 351 rk[i] = inv_mcol(rk[i]); 352 #endif 353 } 354 #endif /* DEC_KS_UNROLL */ 355 } 356 357 358 359 #define k6ef(k, i) \ 360 { k[v(48, (6 * (i)) + 6)] = ss[0] ^= ls_box(ss[5], 3) ^ t_use(r, c)[i]; \ 361 k[v(48, (6 * (i)) + 7)] = ss[1] ^= ss[0]; \ 362 k[v(48, (6 * (i)) + 8)] = ss[2] ^= ss[1]; \ 363 k[v(48, (6 * (i)) + 9)] = ss[3] ^= ss[2]; \ 364 } 365 366 #define k6e(k, i) \ 367 { k6ef(k, i); \ 368 k[v(48, (6 * (i)) + 10)] = ss[4] ^= ss[3]; \ 369 k[v(48, (6 * (i)) + 11)] = ss[5] ^= ss[4]; \ 370 } 371 372 #define kdf6(k, i) \ 373 { ss[0] ^= ls_box(ss[5], 3) ^ t_use(r, c)[i]; \ 374 k[v(48, (6 * (i)) + 6)] = ff(ss[0]); \ 375 ss[1] ^= ss[0]; k[v(48, (6 * (i)) + 7)] = ff(ss[1]); \ 376 ss[2] ^= ss[1]; k[v(48, (6 * (i)) + 8)] = ff(ss[2]); \ 377 ss[3] ^= ss[2]; k[v(48, (6 * (i)) + 9)] = ff(ss[3]); \ 378 ss[4] ^= ss[3]; k[v(48, (6 * (i)) + 10)] = ff(ss[4]); \ 379 ss[5] ^= ss[4]; k[v(48, (6 * (i)) + 11)] = ff(ss[5]); \ 380 } 381 382 #define kd6(k, i) \ 383 { ss[6] = ls_box(ss[5], 3) ^ t_use(r, c)[i]; \ 384 ss[0] ^= ss[6]; ss[6] = ff(ss[6]); \ 385 k[v(48, (6 * (i)) + 6)] = ss[6] ^= k[v(48, (6 * (i)))]; \ 386 ss[1] ^= ss[0]; \ 387 k[v(48, (6 * (i)) + 7)] = ss[6] ^= k[v(48, (6 * (i)) + 1)]; \ 388 ss[2] ^= ss[1]; \ 389 k[v(48, (6 * (i)) + 8)] = ss[6] ^= k[v(48, (6 * (i)) + 2)]; \ 390 ss[3] ^= ss[2]; \ 391 k[v(48, (6 * (i)) + 9)] = ss[6] ^= k[v(48, (6 * (i)) + 3)]; \ 392 ss[4] ^= ss[3]; \ 393 k[v(48, (6 * (i)) + 10)] = ss[6] ^= k[v(48, (6 * (i)) + 4)]; \ 394 ss[5] ^= ss[4]; \ 395 k[v(48, (6 * (i)) + 11)] = ss[6] ^= k[v(48, (6 * (i)) + 5)]; \ 396 } 397 398 #define kdl6(k, i) \ 399 { ss[0] ^= ls_box(ss[5], 3) ^ t_use(r, c)[i]; \ 400 k[v(48, (6 * (i)) + 6)] = ss[0]; \ 401 ss[1] ^= ss[0]; k[v(48, (6 * (i)) + 7)] = ss[1]; \ 402 ss[2] ^= ss[1]; k[v(48, (6 * (i)) + 8)] = ss[2]; \ 403 ss[3] ^= ss[2]; k[v(48, (6 * (i)) + 9)] = ss[3]; \ 404 } 405 406 static void 407 aes_decrypt_key192(const unsigned char *key, uint32_t rk[]) 408 { 409 uint32_t ss[7]; 410 #if defined(d_vars) 411 d_vars; 412 #endif 413 rk[v(48, (0))] = ss[0] = word_in(key, 0); 414 rk[v(48, (1))] = ss[1] = word_in(key, 1); 415 rk[v(48, (2))] = ss[2] = word_in(key, 2); 416 rk[v(48, (3))] = ss[3] = word_in(key, 3); 417 418 #ifdef DEC_KS_UNROLL 419 ss[4] = word_in(key, 4); 420 rk[v(48, (4))] = ff(ss[4]); 421 ss[5] = word_in(key, 5); 422 rk[v(48, (5))] = ff(ss[5]); 423 kdf6(rk, 0); kd6(rk, 1); 424 kd6(rk, 2); kd6(rk, 3); 425 kd6(rk, 4); kd6(rk, 5); 426 kd6(rk, 6); kdl6(rk, 7); 427 #else 428 rk[v(48, (4))] = ss[4] = word_in(key, 4); 429 rk[v(48, (5))] = ss[5] = word_in(key, 5); 430 { 431 uint32_t i; 432 433 for (i = 0; i < 7; ++i) 434 k6e(rk, i); 435 k6ef(rk, 7); 436 #if !(DEC_ROUND == NO_TABLES) 437 for (i = MAX_AES_NB; i < 12 * MAX_AES_NB; ++i) 438 rk[i] = inv_mcol(rk[i]); 439 #endif 440 } 441 #endif 442 } 443 444 445 446 #define k8ef(k, i) \ 447 { k[v(56, (8 * (i)) + 8)] = ss[0] ^= ls_box(ss[7], 3) ^ t_use(r, c)[i]; \ 448 k[v(56, (8 * (i)) + 9)] = ss[1] ^= ss[0]; \ 449 k[v(56, (8 * (i)) + 10)] = ss[2] ^= ss[1]; \ 450 k[v(56, (8 * (i)) + 11)] = ss[3] ^= ss[2]; \ 451 } 452 453 #define k8e(k, i) \ 454 { k8ef(k, i); \ 455 k[v(56, (8 * (i)) + 12)] = ss[4] ^= ls_box(ss[3], 0); \ 456 k[v(56, (8 * (i)) + 13)] = ss[5] ^= ss[4]; \ 457 k[v(56, (8 * (i)) + 14)] = ss[6] ^= ss[5]; \ 458 k[v(56, (8 * (i)) + 15)] = ss[7] ^= ss[6]; \ 459 } 460 461 #define kdf8(k, i) \ 462 { ss[0] ^= ls_box(ss[7], 3) ^ t_use(r, c)[i]; \ 463 k[v(56, (8 * (i)) + 8)] = ff(ss[0]); \ 464 ss[1] ^= ss[0]; k[v(56, (8 * (i)) + 9)] = ff(ss[1]); \ 465 ss[2] ^= ss[1]; k[v(56, (8 * (i)) + 10)] = ff(ss[2]); \ 466 ss[3] ^= ss[2]; k[v(56, (8 * (i)) + 11)] = ff(ss[3]); \ 467 ss[4] ^= ls_box(ss[3], 0); k[v(56, (8 * (i)) + 12)] = ff(ss[4]); \ 468 ss[5] ^= ss[4]; k[v(56, (8 * (i)) + 13)] = ff(ss[5]); \ 469 ss[6] ^= ss[5]; k[v(56, (8 * (i)) + 14)] = ff(ss[6]); \ 470 ss[7] ^= ss[6]; k[v(56, (8 * (i)) + 15)] = ff(ss[7]); \ 471 } 472 473 #define kd8(k, i) \ 474 { ss[8] = ls_box(ss[7], 3) ^ t_use(r, c)[i]; \ 475 ss[0] ^= ss[8]; \ 476 ss[8] = ff(ss[8]); \ 477 k[v(56, (8 * (i)) + 8)] = ss[8] ^= k[v(56, (8 * (i)))]; \ 478 ss[1] ^= ss[0]; \ 479 k[v(56, (8 * (i)) + 9)] = ss[8] ^= k[v(56, (8 * (i)) + 1)]; \ 480 ss[2] ^= ss[1]; \ 481 k[v(56, (8 * (i)) + 10)] = ss[8] ^= k[v(56, (8 * (i)) + 2)]; \ 482 ss[3] ^= ss[2]; \ 483 k[v(56, (8 * (i)) + 11)] = ss[8] ^= k[v(56, (8 * (i)) + 3)]; \ 484 ss[8] = ls_box(ss[3], 0); \ 485 ss[4] ^= ss[8]; \ 486 ss[8] = ff(ss[8]); \ 487 k[v(56, (8 * (i)) + 12)] = ss[8] ^= k[v(56, (8 * (i)) + 4)]; \ 488 ss[5] ^= ss[4]; \ 489 k[v(56, (8 * (i)) + 13)] = ss[8] ^= k[v(56, (8 * (i)) + 5)]; \ 490 ss[6] ^= ss[5]; \ 491 k[v(56, (8 * (i)) + 14)] = ss[8] ^= k[v(56, (8 * (i)) + 6)]; \ 492 ss[7] ^= ss[6]; \ 493 k[v(56, (8 * (i)) + 15)] = ss[8] ^= k[v(56, (8 * (i)) + 7)]; \ 494 } 495 496 #define kdl8(k, i) \ 497 { ss[0] ^= ls_box(ss[7], 3) ^ t_use(r, c)[i]; \ 498 k[v(56, (8 * (i)) + 8)] = ss[0]; \ 499 ss[1] ^= ss[0]; k[v(56, (8 * (i)) + 9)] = ss[1]; \ 500 ss[2] ^= ss[1]; k[v(56, (8 * (i)) + 10)] = ss[2]; \ 501 ss[3] ^= ss[2]; k[v(56, (8 * (i)) + 11)] = ss[3]; \ 502 } 503 504 static void 505 aes_decrypt_key256(const unsigned char *key, uint32_t rk[]) 506 { 507 uint32_t ss[9]; 508 #if defined(d_vars) 509 d_vars; 510 #endif 511 rk[v(56, (0))] = ss[0] = word_in(key, 0); 512 rk[v(56, (1))] = ss[1] = word_in(key, 1); 513 rk[v(56, (2))] = ss[2] = word_in(key, 2); 514 rk[v(56, (3))] = ss[3] = word_in(key, 3); 515 516 #ifdef DEC_KS_UNROLL 517 ss[4] = word_in(key, 4); 518 rk[v(56, (4))] = ff(ss[4]); 519 ss[5] = word_in(key, 5); 520 rk[v(56, (5))] = ff(ss[5]); 521 ss[6] = word_in(key, 6); 522 rk[v(56, (6))] = ff(ss[6]); 523 ss[7] = word_in(key, 7); 524 rk[v(56, (7))] = ff(ss[7]); 525 kdf8(rk, 0); kd8(rk, 1); 526 kd8(rk, 2); kd8(rk, 3); 527 kd8(rk, 4); kd8(rk, 5); 528 kdl8(rk, 6); 529 #else 530 rk[v(56, (4))] = ss[4] = word_in(key, 4); 531 rk[v(56, (5))] = ss[5] = word_in(key, 5); 532 rk[v(56, (6))] = ss[6] = word_in(key, 6); 533 rk[v(56, (7))] = ss[7] = word_in(key, 7); 534 { 535 uint32_t i; 536 537 for (i = 0; i < 6; ++i) 538 k8e(rk, i); 539 k8ef(rk, 6); 540 #if !(DEC_ROUND == NO_TABLES) 541 for (i = MAX_AES_NB; i < 14 * MAX_AES_NB; ++i) 542 rk[i] = inv_mcol(rk[i]); 543 #endif 544 } 545 #endif /* DEC_KS_UNROLL */ 546 } 547 548 549 /* 550 * Expand the cipher key into the decryption key schedule. 551 * 552 * Return the number of rounds for the given cipher key size. 553 * The size of the key schedule depends on the number of rounds 554 * (which can be computed from the size of the key), i.e. 4 * (Nr + 1). 555 * 556 * Parameters: 557 * rk AES key schedule 32-bit array to be initialized 558 * cipherKey User key 559 * keyBits AES key size (128, 192, or 256 bits) 560 */ 561 int 562 rijndael_key_setup_dec_amd64(uint32_t rk[], const uint32_t cipherKey[], 563 int keyBits) 564 { 565 switch (keyBits) { 566 case 128: 567 aes_decrypt_key128((unsigned char *)&cipherKey[0], rk); 568 return (10); 569 case 192: 570 aes_decrypt_key192((unsigned char *)&cipherKey[0], rk); 571 return (12); 572 case 256: 573 aes_decrypt_key256((unsigned char *)&cipherKey[0], rk); 574 return (14); 575 default: /* should never get here */ 576 break; 577 } 578 579 return (0); 580 }
Cache object: c5c81186dc2d1cf8733d9ea8a61be0b4
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]