aes_ref.c

关于AES加密算法的VC源代码

// Copyright in this code is held by Dr B. R. Gladman but free direct or
// derivative use is permitted subject to acknowledgement of its origin.
// Dr B. R. Gladman <brg@gladman.uk.net> 1st June 2001.
//
// This is an implementation of the AES encryption algorithm (Rijndael)
// designed by Joan Daemen and Vincent Rijmen. This version is designed
// as a reference implementation and is not efficient. It can run with
// either big or little endian internal byte order.

// IMPORTANT NOTE: undefine AES_DLL in aes.h

// Correct Output (for variable block size - BLOCK_SIZE undefined):

// key     = 2b7e151628aed2a6abf7158809cf4f3c
// input   = 3243f6a8885a308d313198a2e0370734
// enc     = 3925841d02dc09fbdc118597196a0b32
// dec     = 3243f6a8885a308d313198a2e0370734

// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160
// input   = 3243f6a8885a308d313198a2e0370734
// enc     = 231d844639b31b412211cfe93712b880
// dec     = 3243f6a8885a308d313198a2e0370734

// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da5
// input   = 3243f6a8885a308d313198a2e0370734
// enc     = f9fb29aefc384a250340d833b87ebc00
// dec     = 3243f6a8885a308d313198a2e0370734

// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da56a784d90
// input   = 3243f6a8885a308d313198a2e0370734
// enc     = 8faa8fe4dee9eb17caa4797502fc9d3f
// dec     = 3243f6a8885a308d313198a2e0370734

// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da56a784d9045190cfe
// input   = 3243f6a8885a308d313198a2e0370734
// enc     = 1a6e6c2c662e7da6501ffb62bc9e93f3
// dec     = 3243f6a8885a308d313198a2e0370734

// key     = 2b7e151628aed2a6abf7158809cf4f3c
// input   = 3243f6a8885a308d313198a2e03707344a409382
// enc     = 16e73aec921314c29df905432bc8968ab64b1f51
// dec     = 3243f6a8885a308d313198a2e03707344a409382

// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160
// input   = 3243f6a8885a308d313198a2e03707344a409382
// enc     = 0553eb691670dd8a5a5b5addf1aa7450f7a0e587
// dec     = 3243f6a8885a308d313198a2e03707344a409382

// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da5
// input   = 3243f6a8885a308d313198a2e03707344a409382
// enc     = 73cd6f3423036790463aa9e19cfcde894ea16623
// dec     = 3243f6a8885a308d313198a2e03707344a409382

// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da56a784d90
// input   = 3243f6a8885a308d313198a2e03707344a409382
// enc     = 601b5dcd1cf4ece954c740445340bf0afdc048df
// dec     = 3243f6a8885a308d313198a2e03707344a409382

// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da56a784d9045190cfe
// input   = 3243f6a8885a308d313198a2e03707344a409382
// enc     = 579e930b36c1529aa3e86628bacfe146942882cf
// dec     = 3243f6a8885a308d313198a2e03707344a409382

// key     = 2b7e151628aed2a6abf7158809cf4f3c
// input   = 3243f6a8885a308d313198a2e03707344a4093822299f31d
// enc     = b24d275489e82bb8f7375e0d5fcdb1f481757c538b65148a
// dec     = 3243f6a8885a308d313198a2e03707344a4093822299f31d

// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160
// input   = 3243f6a8885a308d313198a2e03707344a4093822299f31d
// enc     = 738dae25620d3d3beff4a037a04290d73eb33521a63ea568
// dec     = 3243f6a8885a308d313198a2e03707344a4093822299f31d

// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da5
// input   = 3243f6a8885a308d313198a2e03707344a4093822299f31d
// enc     = 725ae43b5f3161de806a7c93e0bca93c967ec1ae1b71e1cf
// dec     = 3243f6a8885a308d313198a2e03707344a4093822299f31d

// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da56a784d90
// input   = 3243f6a8885a308d313198a2e03707344a4093822299f31d
// enc     = bbfc14180afbf6a36382a061843f0b63e769acdc98769130
// dec     = 3243f6a8885a308d313198a2e03707344a4093822299f31d

// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da56a784d9045190cfe
// input   = 3243f6a8885a308d313198a2e03707344a4093822299f31d
// enc     = 0ebacf199e3315c2e34b24fcc7c46ef4388aa475d66c194c
// dec     = 3243f6a8885a308d313198a2e03707344a4093822299f31d

// key     = 2b7e151628aed2a6abf7158809cf4f3c
// input   = 3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa9
// enc     = b0a8f78f6b3c66213f792ffd2a61631f79331407a5e5c8d3793aceb1
// dec     = 3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa9

// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160
// input   = 3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa9
// enc     = 08b99944edfce33a2acb131183ab0168446b2d15e958480010f545e3
// dec     = 3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa9

// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da5
// input   = 3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa9
// enc     = be4c597d8f7efe22a2f7e5b1938e2564d452a5bfe72399c7af1101e2
// dec     = 3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa9

// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da56a784d90
// input   = 3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa9
// enc     = ef529598ecbce297811b49bbed2c33bbe1241d6e1a833dbe119569e8
// dec     = 3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa9

// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da56a784d9045190cfe
// input   = 3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa9
// enc     = 02fafc200176ed05deb8edb82a3555b0b10d47a388dfd59cab2f6c11
// dec     = 3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa9

// key     = 2b7e151628aed2a6abf7158809cf4f3c
// input   = 3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa98ec4e6c8
// enc     = 7d15479076b69a46ffb3b3beae97ad8313f622f67fedb487de9f06b9ed9c8f19
// dec     = 3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa98ec4e6c8

// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160
// input   = 3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa98ec4e6c8
// enc     = 514f93fb296b5ad16aa7df8b577abcbd484decacccc7fb1f18dc567309ceeffd
// dec     = 3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa98ec4e6c8

// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da5
// input   = 3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa98ec4e6c8
// enc     = 5d7101727bb25781bf6715b0e6955282b9610e23a43c2eb062699f0ebf5887b2
// dec     = 3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa98ec4e6c8

// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da56a784d90
// input   = 3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa98ec4e6c8
// enc     = d56c5a63627432579e1dd308b2c8f157b40a4bfb56fea1377b25d3ed3d6dbf80
// dec     = 3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa98ec4e6c8

// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da56a784d9045190cfe
// input   = 3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa98ec4e6c8
// enc     = a49406115dfb30a40418aafa4869b7c6a886ff31602a7dd19c889dc64f7e4e7a
// dec     = 3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa98ec4e6c8

#include "aes.h"

typedef byte        wa_ptr[4];

const byte m_poly = 0x1b;

int mod = 0;    // true (1) if decryption order is modified

byte inv_tab[] =    // Table of finite field inverses
{
    0x00, 0x01, 0x8d, 0xf6, 0xcb, 0x52, 0x7b, 0xd1,
    0xe8, 0x4f, 0x29, 0xc0, 0xb0, 0xe1, 0xe5, 0xc7,
    0x74, 0xb4, 0xaa, 0x4b, 0x99, 0x2b, 0x60, 0x5f,
    0x58, 0x3f, 0xfd, 0xcc, 0xff, 0x40, 0xee, 0xb2,
    0x3a, 0x6e, 0x5a, 0xf1, 0x55, 0x4d, 0xa8, 0xc9,
    0xc1, 0x0a, 0x98, 0x15, 0x30, 0x44, 0xa2, 0xc2,
    0x2c, 0x45, 0x92, 0x6c, 0xf3, 0x39, 0x66, 0x42,
    0xf2, 0x35, 0x20, 0x6f, 0x77, 0xbb, 0x59, 0x19,
    0x1d, 0xfe, 0x37, 0x67, 0x2d, 0x31, 0xf5, 0x69,
    0xa7, 0x64, 0xab, 0x13, 0x54, 0x25, 0xe9, 0x09,
    0xed, 0x5c, 0x05, 0xca, 0x4c, 0x24, 0x87, 0xbf,
    0x18, 0x3e, 0x22, 0xf0, 0x51, 0xec, 0x61, 0x17,
    0x16, 0x5e, 0xaf, 0xd3, 0x49, 0xa6, 0x36, 0x43,
    0xf4, 0x47, 0x91, 0xdf, 0x33, 0x93, 0x21, 0x3b,
    0x79, 0xb7, 0x97, 0x85, 0x10, 0xb5, 0xba, 0x3c,
    0xb6, 0x70, 0xd0, 0x06, 0xa1, 0xfa, 0x81, 0x82,
    0x83, 0x7e, 0x7f, 0x80, 0x96, 0x73, 0xbe, 0x56,
    0x9b, 0x9e, 0x95, 0xd9, 0xf7, 0x02, 0xb9, 0xa4,
    0xde, 0x6a, 0x32, 0x6d, 0xd8, 0x8a, 0x84, 0x72,
    0x2a, 0x14, 0x9f, 0x88, 0xf9, 0xdc, 0x89, 0x9a,
    0xfb, 0x7c, 0x2e, 0xc3, 0x8f, 0xb8, 0x65, 0x48,
    0x26, 0xc8, 0x12, 0x4a, 0xce, 0xe7, 0xd2, 0x62,
    0x0c, 0xe0, 0x1f, 0xef, 0x11, 0x75, 0x78, 0x71,
    0xa5, 0x8e, 0x76, 0x3d, 0xbd, 0xbc, 0x86, 0x57,
    0x0b, 0x28, 0x2f, 0xa3, 0xda, 0xd4, 0xe4, 0x0f,
    0xa9, 0x27, 0x53, 0x04, 0x1b, 0xfc, 0xac, 0xe6,
    0x7a, 0x07, 0xae, 0x63, 0xc5, 0xdb, 0xe2, 0xea,
    0x94, 0x8b, 0xc4, 0xd5, 0x9d, 0xf8, 0x90, 0x6b,
    0xb1, 0x0d, 0xd6, 0xeb, 0xc6, 0x0e, 0xcf, 0xad,
    0x08, 0x4e, 0xd7, 0xe3, 0x5d, 0x50, 0x1e, 0xb3,
    0x5b, 0x23, 0x38, 0x34, 0x68, 0x46, 0x03, 0x8c,
    0xdd, 0x9c, 0x7d, 0xa0, 0xcd, 0x1a, 0x41, 0x1c
};

// finite field multiply by 0x02 (x)

byte FFmulX(const byte a)
{
    return (a << 1) ^ (a & 0x80 ? m_poly : 0);
}

byte fwd_affine(byte x)
{   word w = x;
    
    w ^= (w << 1) ^ (w << 2) ^ (w << 3) ^ (w << 4);
    
    return 0x63 ^ (byte)(w ^ (w >> 8));
}

byte inv_affine(byte x)
{   word w = x;

    w = (w << 1) ^ (w << 3) ^ (w << 6);
    
    return 0x05 ^ (byte)(w ^ (w >> 8));
}

// the SubWord transformation performed on the bytes in a column

word SubWord(const word x)
{
    return  bytes2word(
                    fwd_affine(inv_tab[bval(x,0)]), 
                    fwd_affine(inv_tab[bval(x,1)]),
                    fwd_affine(inv_tab[bval(x,2)]), 
                    fwd_affine(inv_tab[bval(x,3)])  );
}

// the RotWord transformation performed on the bytes in a column

word RotWord(const word x)
{
    return  upr(x,3);
}

// the SubBytes transformation performed on all bytes in the state

void SubBytes(byte state[][4], word Ncol)
{   word col;
    for(col = 0; col < Ncol; ++col)
    {
        state[col][0] = fwd_affine(inv_tab[state[col][0]]);
        state[col][1] = fwd_affine(inv_tab[state[col][1]]);
        state[col][2] = fwd_affine(inv_tab[state[col][2]]);
        state[col][3] = fwd_affine(inv_tab[state[col][3]]);
    }
}

// the inverse SubBytes transformation performed on all bytes in the state

void InvSubBytes(byte state[][4], word Ncol)
{   word col;
    for(col = 0; col < Ncol; ++col)
    {
        state[col][0] = inv_tab[inv_affine(state[col][0])];
        state[col][1] = inv_tab[inv_affine(state[col][1])];
        state[col][2] = inv_tab[inv_affine(state[col][2])];
        state[col][3] = inv_tab[inv_affine(state[col][3])];
    }
}

// the ShiftRows transformation performed on rows 1, 2 and 3 of the state

void ShiftRows(byte state[][4], const word Ncol, const word Shr[])
{   word    col, t[Mcol];

    for(col = 0; col < Ncol; ++col)
        t[col] = bytes2word(0, state[col][1], state[col][2], state[col][3]);

    for(col = 0; col < Ncol; ++col)
    {
        state[col][1] = bval(t[(col + Shr[1]) % Ncol], 1);
        state[col][2] = bval(t[(col + Shr[2]) % Ncol], 2);
        state[col][3] = bval(t[(col + Shr[3]) % Ncol], 3);
    }
}

// the inverse ShiftRows transformation performed on rows 1, 2 and 3 of state

void InvShiftRows(byte state[][4], const word Ncol, const word Shr[])
{   word    col, t[Mcol];

    for(col = 0; col < Ncol; ++col)
        t[col] = bytes2word(0, state[col][1], state[col][2], state[col][3]);

    for(col = 0; col < Ncol; ++col)
    {
        state[(col + Shr[1]) % Ncol][1] = bval(t[col], 1);