📄 aes.c
字号:
#define cpy(d,s) \
switch(nc) \
{ case 8: cp(d,s); cp(d,s); \
case 6: cp(d,s); cp(d,s); \
case 4: cp(d,s); cp(d,s); \
cp(d,s); cp(d,s); \
}
#define mix(d,s) \
switch(nc) \
{ case 8: mx(d,s); mx(d,s); \
case 6: mx(d,s); mx(d,s); \
case 4: mx(d,s); mx(d,s); \
mx(d,s); mx(d,s); \
}
#endif
cf_dec c_name(set_key)(const byte in_key[], const word n_bytes, const enum aes_key f, c_name(aes) *cx)
{ word *kf, *kt, rci;
#if !defined(FIXED_TABLES)
if(!(cx->mode & 0x08)) { gen_tabs(); cx->mode = 0x08; }
#endif
#if !defined(BLOCK_SIZE)
if(!(cx->mode & 0x04)) c_name(set_blk)(16, cx);
#endif
if((n_bytes & 7) || n_bytes < 16 || n_bytes > 32 || !(f & 1) && !(f & 2))
{
return (n_bytes ? cx->mode &= ~0x03, aes_bad : (aes_ret)(cx->Nkey << 2));
}
cx->mode = cx->mode & ~0x03 | (byte)f & 0x03;
cx->Nkey = n_bytes >> 2;
cx->Nrnd = Nr(cx->Nkey, nc);
cx->e_key[0] = word_in(in_key );
cx->e_key[1] = word_in(in_key + 4);
cx->e_key[2] = word_in(in_key + 8);
cx->e_key[3] = word_in(in_key + 12);
kf = cx->e_key;
kt = kf + nc * (cx->Nrnd + 1) - cx->Nkey;
rci = 0;
switch(cx->Nkey)
{
case 4: do
{ kf[4] = kf[0] ^ ls_box(kf[3],3) ^ rcon_tab[rci++];
kf[5] = kf[1] ^ kf[4];
kf[6] = kf[2] ^ kf[5];
kf[7] = kf[3] ^ kf[6];
kf += 4;
}
while(kf < kt);
break;
case 6: cx->e_key[4] = word_in(in_key + 16);
cx->e_key[5] = word_in(in_key + 20);
do
{ kf[ 6] = kf[0] ^ ls_box(kf[5],3) ^ rcon_tab[rci++];
kf[ 7] = kf[1] ^ kf[ 6];
kf[ 8] = kf[2] ^ kf[ 7];
kf[ 9] = kf[3] ^ kf[ 8];
kf[10] = kf[4] ^ kf[ 9];
kf[11] = kf[5] ^ kf[10];
kf += 6;
}
while(kf < kt);
break;
case 8: cx->e_key[4] = word_in(in_key + 16);
cx->e_key[5] = word_in(in_key + 20);
cx->e_key[6] = word_in(in_key + 24);
cx->e_key[7] = word_in(in_key + 28);
do
{ kf[ 8] = kf[0] ^ ls_box(kf[7],3) ^ rcon_tab[rci++];
kf[ 9] = kf[1] ^ kf[ 8];
kf[10] = kf[2] ^ kf[ 9];
kf[11] = kf[3] ^ kf[10];
kf[12] = kf[4] ^ ls_box(kf[11],0);
kf[13] = kf[5] ^ kf[12];
kf[14] = kf[6] ^ kf[13];
kf[15] = kf[7] ^ kf[14];
kf += 8;
}
while (kf < kt);
break;
}
if((cx->mode & 3) != enc)
{ word i;
kt = cx->d_key + nc * cx->Nrnd;
kf = cx->e_key;
cpy(kt, kf); kt -= 2 * nc;
for(i = 1; i < cx->Nrnd; ++i)
{
#if defined(ONE_TABLE) || defined(FOUR_TABLES)
#if !defined(ONE_IM_TABLE) && !defined(FOUR_IM_TABLES)
word f2, f4, f8, f9;
#endif
mix(kt, kf);
#else
cpy(kt, kf);
#endif
kt -= 2 * nc;
}
cpy(kt, kf);
}
return aes_good;
}
/*
y = output word, x = input word, r = row, c = column for r = 0,
1, 2 and 3 = column accessed for row r
*/
#if defined(ARRAYS)
#define s(x,c) x[c]
#else
#define s(x,c) x##c
#endif
/*
I am grateful to Frank Yellin for the following constructions
which, given the column (c) of the output state variable, give
the input state variables which are needed for each row (r) of
the state.
For the fixed block size options, compilers should reduce these
two expressions to fixed variable references. But for variable
block size code conditional clauses will sometimes be returned.
*/
#define unused 77 /* Sunset Strip */
#define fwd_var(x,r,c) \
( r==0 ? \
( c==0 ? s(x,0) \
: c==1 ? s(x,1) \
: c==2 ? s(x,2) \
: c==3 ? s(x,3) \
: c==4 ? s(x,4) \
: c==5 ? s(x,5) \
: c==6 ? s(x,6) \
: s(x,7)) \
: r==1 ? \
( c==0 ? s(x,1) \
: c==1 ? s(x,2) \
: c==2 ? s(x,3) \
: c==3 ? nc==4 ? s(x,0) : s(x,4) \
: c==4 ? s(x,5) \
: c==5 ? nc==8 ? s(x,6) : s(x,0) \
: c==6 ? s(x,7) \
: s(x,0)) \
: r==2 ? \
( c==0 ? nc==8 ? s(x,3) : s(x,2) \
: c==1 ? nc==8 ? s(x,4) : s(x,3) \
: c==2 ? nc==4 ? s(x,0) : nc==8 ? s(x,5) : s(x,4) \
: c==3 ? nc==4 ? s(x,1) : nc==8 ? s(x,6) : s(x,5) \
: c==4 ? nc==8 ? s(x,7) : s(x,0) \
: c==5 ? nc==8 ? s(x,0) : s(x,1) \
: c==6 ? s(x,1) \
: s(x,2)) \
: \
( c==0 ? nc==8 ? s(x,4) : s(x,3) \
: c==1 ? nc==4 ? s(x,0) : nc==8 ? s(x,5) : s(x,4) \
: c==2 ? nc==4 ? s(x,1) : nc==8 ? s(x,6) : s(x,5) \
: c==3 ? nc==4 ? s(x,2) : nc==8 ? s(x,7) : s(x,0) \
: c==4 ? nc==8 ? s(x,0) : s(x,1) \
: c==5 ? nc==8 ? s(x,1) : s(x,2) \
: c==6 ? s(x,2) \
: s(x,3)))
#define inv_var(x,r,c) \
( r==0 ? \
( c==0 ? s(x,0) \
: c==1 ? s(x,1) \
: c==2 ? s(x,2) \
: c==3 ? s(x,3) \
: c==4 ? s(x,4) \
: c==5 ? s(x,5) \
: c==6 ? s(x,6) \
: s(x,7)) \
: r==1 ? \
( c==0 ? nc==4 ? s(x,3) : nc==8 ? s(x,7) : s(x,5) \
: c==1 ? s(x,0) \
: c==2 ? s(x,1) \
: c==3 ? s(x,2) \
: c==4 ? s(x,3) \
: c==5 ? s(x,4) \
: c==6 ? s(x,5) \
: s(x,6)) \
: r==2 ? \
( c==0 ? nc==4 ? s(x,2) : nc==8 ? s(x,5) : s(x,4) \
: c==1 ? nc==4 ? s(x,3) : nc==8 ? s(x,6) : s(x,5) \
: c==2 ? nc==8 ? s(x,7) : s(x,0) \
: c==3 ? nc==8 ? s(x,0) : s(x,1) \
: c==4 ? nc==8 ? s(x,1) : s(x,2) \
: c==5 ? nc==8 ? s(x,2) : s(x,3) \
: c==6 ? s(x,3) \
: s(x,4)) \
: \
( c==0 ? nc==4 ? s(x,1) : nc==8 ? s(x,4) : s(x,3) \
: c==1 ? nc==4 ? s(x,2) : nc==8 ? s(x,5) : s(x,4) \
: c==2 ? nc==4 ? s(x,3) : nc==8 ? s(x,6) : s(x,5) \
: c==3 ? nc==8 ? s(x,7) : s(x,0) \
: c==4 ? nc==8 ? s(x,0) : s(x,1) \
: c==5 ? nc==8 ? s(x,1) : s(x,2) \
: c==6 ? s(x,2) \
: s(x,3)))
#define si(y,x,k,c) s(y,c) = word_in(x + 4 * c) ^ k[c]
#define so(y,x,c) word_out(y + 4 * c, s(x,c))
#if defined(FOUR_TABLES)
#define fwd_rnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,ft_tab,fwd_var,rf1,c)
#define inv_rnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,it_tab,inv_var,rf1,c)
#elif defined(ONE_TABLE)
#define fwd_rnd(y,x,k,c) s(y,c)= (k)[c] ^ one_table(x,upr,ft_tab,fwd_var,rf1,c)
#define inv_rnd(y,x,k,c) s(y,c)= (k)[c] ^ one_table(x,upr,it_tab,inv_var,rf1,c)
#else
#define fwd_rnd(y,x,k,c) s(y,c) = fwd_mcol(no_table(x,s_box,fwd_var,rf1,c)) ^ (k)[c]
#define inv_rnd(y,x,k,c) s(y,c) = inv_mcol(no_table(x,inv_s_box,inv_var,rf1,c) ^ (k)[c])
#endif
#if defined(FOUR_LR_TABLES)
#define fwd_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,fl_tab,fwd_var,rf1,c)
#define inv_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,il_tab,inv_var,rf1,c)
#elif defined(ONE_LR_TABLE)
#define fwd_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ one_table(x,ups,fl_tab,fwd_var,rf1,c)
#define inv_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ one_table(x,ups,il_tab,inv_var,rf1,c)
#else
#define fwd_lrnd(y,x,k,c) s(y,c) = no_table(x,s_box,fwd_var,rf1,c) ^ (k)[c]
#define inv_lrnd(y,x,k,c) s(y,c) = no_table(x,inv_s_box,inv_var,rf1,c) ^ (k)[c]
#endif
#if BLOCK_SIZE == 16
#if defined(ARRAYS)
#define locals(y,x) x[4],y[4]
#else
#define locals(y,x) x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3
/*
the following defines prevent the compiler requiring the declaration
of generated but unused variables in the fwd_var and inv_var macros
*/
#define b04 unused
#define b05 unused
#define b06 unused
#define b07 unused
#define b14 unused
#define b15 unused
#define b16 unused
#define b17 unused
#endif
#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \
s(y,2) = s(x,2); s(y,3) = s(x,3);
#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3)
#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3)
#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3)
#elif BLOCK_SIZE == 24
#if defined(ARRAYS)
#define locals(y,x) x[6],y[6]
#else
#define locals(y,x) x##0,x##1,x##2,x##3,x##4,x##5, \
y##0,y##1,y##2,y##3,y##4,y##5
#define b06 unused
#define b07 unused
#define b16 unused
#define b17 unused
#endif
#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \
s(y,2) = s(x,2); s(y,3) = s(x,3); \
s(y,4) = s(x,4); s(y,5) = s(x,5);
#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); \
si(y,x,k,3); si(y,x,k,4); si(y,x,k,5)
#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); \
so(y,x,3); so(y,x,4); so(y,x,5)
#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); \
rm(y,x,k,3); rm(y,x,k,4); rm(y,x,k,5)
#else
#if defined(ARRAYS)
#define locals(y,x) x[8],y[8]
#else
#define locals(y,x) x##0,x##1,x##2,x##3,x##4,x##5,x##6,x##7, \
y##0,y##1,y##2,y##3,y##4,y##5,y##6,y##7
#endif
#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \
s(y,2) = s(x,2); s(y,3) = s(x,3); \
s(y,4) = s(x,4); s(y,5) = s(x,5); \
s(y,6) = s(x,6); s(y,7) = s(x,7);
#if BLOCK_SIZE == 32
#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3); \
si(y,x,k,4); si(y,x,k,5); si(y,x,k,6); si(y,x,k,7)
#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3); \
so(y,x,4); so(y,x,5); so(y,x,6); so(y,x,7)
#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3); \
rm(y,x,k,4); rm(y,x,k,5); rm(y,x,k,6); rm(y,x,k,7)
#else
#define state_in(y,x,k) \
switch(nc) \
{ case 8: si(y,x,k,7); si(y,x,k,6); \
case 6: si(y,x,k,5); si(y,x,k,4); \
case 4: si(y,x,k,3); si(y,x,k,2); \
si(y,x,k,1); si(y,x,k,0); \
}
#define state_out(y,x) \
switch(nc) \
{ case 8: so(y,x,7); so(y,x,6); \
case 6: so(y,x,5); so(y,x,4); \
case 4: so(y,x,3); so(y,x,2); \
so(y,x,1); so(y,x,0); \
}
#if defined(FAST_VARIABLE)
#define round(rm,y,x,k) \
switch(nc) \
{ case 8: rm(y,x,k,7); rm(y,x,k,6); \
rm(y,x,k,5); rm(y,x,k,4); \
rm(y,x,k,3); rm(y,x,k,2); \
rm(y,x,k,1); rm(y,x,k,0); \
break; \
case 6: rm(y,x,k,5); rm(y,x,k,4); \
rm(y,x,k,3); rm(y,x,k,2); \
rm(y,x,k,1); rm(y,x,k,0); \
break; \
case 4: rm(y,x,k,3); rm(y,x,k,2); \
rm(y,x,k,1); rm(y,x,k,0); \
break; \
}
#else
#define round(rm,y,x,k) \
switch(nc) \
{ case 8: rm(y,x,k,7); rm(y,x,k,6); \
case 6: rm(y,x,k,5); rm(y,x,k,4); \
case 4: rm(y,x,k,3); rm(y,x,k,2); \
rm(y,x,k,1); rm(y,x,k,0); \
}
#endif
#endif
#endif
cf_dec c_name(encrypt)(const byte in_blk[], byte out_blk[], const c_name(aes) *cx)
{ word locals(b0, b1);
const word *kp = cx->e_key;
#if !defined(ONE_TABLE) && !defined(FOUR_TABLES)
word f2;
#endif
if(!(cx->mode & 0x01)) return aes_bad;
state_in(b0, in_blk, kp); kp += nc;
#if defined(UNROLL)
switch(cx->Nrnd)
{
case 14: round(fwd_rnd, b1, b0, kp );
round(fwd_rnd, b0, b1, kp + nc ); kp += 2 * nc;
case 12: round(fwd_rnd, b1, b0, kp );
round(fwd_rnd, b0, b1, kp + nc ); kp += 2 * nc;
case 10: round(fwd_rnd, b1, b0, kp );
round(fwd_rnd, b0, b1, kp + nc);
round(fwd_rnd, b1, b0, kp + 2 * nc);
round(fwd_rnd, b0, b1, kp + 3 * nc);
round(fwd_rnd, b1, b0, kp + 4 * nc);
round(fwd_rnd, b0, b1, kp + 5 * nc);
round(fwd_rnd, b1, b0, kp + 6 * nc);
round(fwd_rnd, b0, b1, kp + 7 * nc);
round(fwd_rnd, b1, b0, kp + 8 * nc);
round(fwd_lrnd, b0, b1, kp + 9 * nc);
}
#elif defined(PARTIAL_UNROLL)
{ word rnd;
for(rnd = 0; rnd < (cx->Nrnd >> 1) - 1; ++rnd)
{
round(fwd_rnd, b1, b0, kp);
round(fwd_rnd, b0, b1, kp + nc); kp += 2 * nc;
}
round(fwd_rnd, b1, b0, kp);
round(fwd_lrnd, b0, b1, kp + nc);
}
#else
{ word rnd;
for(rnd = 0; rnd < cx->Nrnd - 1; ++rnd)
{
round(fwd_rnd, b1, b0, kp);
l_copy(b0, b1); kp += nc;
}
round(fwd_lrnd, b0, b1, kp);
}
#endif
state_out(out_blk, b0);
return aes_good;
}
cf_dec c_name(decrypt)(const byte in_blk[], byte out_blk[], const c_name(aes) *cx)
{ word locals(b0, b1);
const word *kp = cx->d_key;
#if !defined(ONE_TABLE) && !defined(FOUR_TABLES)
word f2, f4, f8, f9;
#endif
if(!(cx->mode & 0x02)) return aes_bad;
state_in(b0, in_blk, kp); kp += nc;
#if defined(UNROLL)
switch(cx->Nrnd)
{
case 14: round(inv_rnd, b1, b0, kp );
round(inv_rnd, b0, b1, kp + nc ); kp += 2 * nc;
case 12: round(inv_rnd, b1, b0, kp );
round(inv_rnd, b0, b1, kp + nc ); kp += 2 * nc;
case 10: round(inv_rnd, b1, b0, kp );
round(inv_rnd, b0, b1, kp + nc);
round(inv_rnd, b1, b0, kp + 2 * nc);
round(inv_rnd, b0, b1, kp + 3 * nc);
round(inv_rnd, b1, b0, kp + 4 * nc);
round(inv_rnd, b0, b1, kp + 5 * nc);
round(inv_rnd, b1, b0, kp + 6 * nc);
round(inv_rnd, b0, b1, kp + 7 * nc);
round(inv_rnd, b1, b0, kp + 8 * nc);
round(inv_lrnd, b0, b1, kp + 9 * nc);
}
#elif defined(PARTIAL_UNROLL)
{ word rnd;
for(rnd = 0; rnd < (cx->Nrnd >> 1) - 1; ++rnd)
{
round(inv_rnd, b1, b0, kp);
round(inv_rnd, b0, b1, kp + nc); kp += 2 * nc;
}
round(inv_rnd, b1, b0, kp);
round(inv_lrnd, b0, b1, kp + nc);
}
#else
{ word rnd;
for(rnd = 0; rnd < cx->Nrnd - 1; ++rnd)
{
round(inv_rnd, b1, b0, kp);
l_copy(b0, b1); kp += nc;
}
round(inv_lrnd, b0, b1, kp);
}
#endif
state_out(out_blk, b0);
return aes_good;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -