📄 aesopt.h
字号:
/*
---------------------------------------------------------------------------
Copyright (c) 2003, Dr Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue 01/08/2005
This file contains the compilation options for AES (Rijndael) and code
that is common across encryption, key scheduling and table generation.
OPERATION
These source code files implement the AES algorithm Rijndael designed by
Joan Daemen and Vincent Rijmen. This version is designed for the standard
block size of 16 bytes and for key sizes of 128, 192 and 256 bits (16, 24
and 32 bytes).
This version is designed for flexibility and speed using operations on
32-bit words rather than operations on bytes. It can be compiled with
either big or little endian internal byte order but is faster when the
native byte order for the processor is used.
THE CIPHER INTERFACE
The cipher interface is implemented as an array of bytes in which lower
AES bit sequence indexes map to higher numeric significance within bytes.
uint_8t (an unsigned 8-bit type)
uint_32t (an unsigned 32-bit type)
struct aes_encrypt_ctx (structure for the cipher encryption context)
struct aes_decrypt_ctx (structure for the cipher decryption context)
aes_rval the function return type
C subroutine calls:
aes_rval aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1]);
aes_rval aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1]);
aes_rval aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]);
aes_rval aes_encrypt(const unsigned char *in, unsigned char *out,
const aes_encrypt_ctx cx[1]);
aes_rval aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1]);
aes_rval aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1]);
aes_rval aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]);
aes_rval aes_decrypt(const unsigned char *in, unsigned char *out,
const aes_decrypt_ctx cx[1]);
IMPORTANT NOTE: If you are using this C interface with dynamic tables make sure that
you call genTabs() before AES is used so that the tables are initialised.
C++ aes class subroutines:
Class AESencrypt for encryption
Construtors:
AESencrypt(void)
AESencrypt(const unsigned char *key) - 128 bit key
Members:
aes_rval key128(const unsigned char *key)
aes_rval key192(const unsigned char *key)
aes_rval key256(const unsigned char *key)
aes_rval encrypt(const unsigned char *in, unsigned char *out) const
Class AESdecrypt for encryption
Construtors:
AESdecrypt(void)
AESdecrypt(const unsigned char *key) - 128 bit key
Members:
aes_rval key128(const unsigned char *key)
aes_rval key192(const unsigned char *key)
aes_rval key256(const unsigned char *key)
aes_rval decrypt(const unsigned char *in, unsigned char *out) const
COMPILATION
The files used to provide AES (Rijndael) are
a. aes.h for the definitions needed for use in C.
b. aescpp.h for the definitions needed for use in C++.
c. aesopt.h for setting compilation options (also includes common code).
d. aescrypt.c for encryption and decrytpion, or
e. aeskey.c for key scheduling.
f. aestab.c for table loading or generation.
g. aescrypt.asm for encryption and decryption using assembler code.
h. aescrypt.mmx.asm for encryption and decryption using MMX assembler.
To compile AES (Rijndael) for use in C code use aes.h and set the
defines here for the facilities you need (key lengths, encryption
and/or decryption). Do not define BUILD_DLL or AES_CPP. Set the options
for optimisations and table sizes here.
To compile AES (Rijndael) for use in in C++ code use aescpp.h but do
not define BUILD_DLL
To compile AES (Rijndael) in C as a Dynamic Link Library DLL) use
aes.h and include the BUILD_DLL define.
CONFIGURATION OPTIONS (here and in aes.h)
a. set BUILD_DLL in aes.h if AES (Rijndael) is to be compiled as a DLL
b. You may need to set PLATFORM_BYTE_ORDER to define the byte order.
c. If you want the code to run in a specific internal byte order, then
ALGORITHM_BYTE_ORDER must be set accordingly.
d. set other configuration options decribed below.
*/
#if !defined( _AESOPT_H )
#define _AESOPT_H
#if defined( __cplusplus ) && defined( AES_CPP )
#include "aescpp.h"
#else
#include "aes.h"
#endif
/* PLATFORM SPECIFIC INCLUDES */
#include "edefs.h"
/* CONFIGURATION - THE USE OF DEFINES
Later in this section there are a number of defines that control the
operation of the code. In each section, the purpose of each define is
explained so that the relevant form can be included or excluded by
setting either 1's or 0's respectively on the branches of the related
#if clauses. The following local defines should not be changed.
*/
#define ENCRYPTION_IN_C 1
#define DECRYPTION_IN_C 2
#define ENC_KEYING_IN_C 4
#define DEC_KEYING_IN_C 8
#define ENCRYPTION_IN_ASM 16
#define DECRYPTION_IN_ASM 32
#define ENC_KEYING_IN_ASM 64
#define DEC_KEYING_IN_ASM 128
#define NO_TABLES 0
#define ONE_TABLE 1
#define FOUR_TABLES 4
#define NONE 0
#define PARTIAL 1
#define FULL 2
/* 1. BYTE ORDER WITHIN 32 BIT WORDS
The fundamental data processing units in Rijndael are 8-bit bytes. The
input, output and key input are all enumerated arrays of bytes in which
bytes are numbered starting at zero and increasing to one less than the
number of bytes in the array in question. This enumeration is only used
for naming bytes and does not imply any adjacency or order relationship
from one byte to another. When these inputs and outputs are considered
as bit sequences, bits 8*n to 8*n+7 of the bit sequence are mapped to
byte[n] with bit 8n+i in the sequence mapped to bit 7-i within the byte.
In this implementation bits are numbered from 0 to 7 starting at the
numerically least significant end of each byte (bit n represents 2^n).
However, Rijndael can be implemented more efficiently using 32-bit
words by packing bytes into words so that bytes 4*n to 4*n+3 are placed
into word[n]. While in principle these bytes can be assembled into words
in any positions, this implementation only supports the two formats in
which bytes in adjacent positions within words also have adjacent byte
numbers. This order is called big-endian if the lowest numbered bytes
in words have the highest numeric significance and little-endian if the
opposite applies.
This code can work in either order irrespective of the order used by the
machine on which it runs. Normally the internal byte order will be set
to the order of the processor on which the code is to be run but this
define can be used to reverse this in special situations
WARNING: Assembler code versions rely on PLATFORM_BYTE_ORDER being set.
This define will hence be redefined later (in section 4) if necessary
*/
#if 1
#define ALGORITHM_BYTE_ORDER PLATFORM_BYTE_ORDER
#elif 0
#define ALGORITHM_BYTE_ORDER IS_LITTLE_ENDIAN
#elif 0
#define ALGORITHM_BYTE_ORDER IS_BIG_ENDIAN
#else
#error The algorithm byte order is not defined
#endif
/* 2. VIA ACE SUPPORT
Define this option if support for the VIA ACE is required. This uses
inline assembler instructions and is only implemented for the Microsoft,
Intel and GCC compilers. If VIA ACE is known to be present, then defining
ASSUME_VIA_ACE_PRESENT will remove the ordinary encryption/decryption
code. If USE_VIA_ACE_IF_PRESENT is defined then VIA ACE will be used if
it is detected (both present and enabled) but the normal AES code will
also be present.
When VIA ACE is to be used, all AES encryption contexts MUST be 16 byte
aligned; other input/output buffers do not need to be 16 byte aligned
but there are very large performance gains if this can be arranged.
VIA ACE also requires the decryption key schedule to be in reverse
order (which the following defines ensure).
*/
#if 0 && !defined( USE_VIA_ACE_IF_PRESENT )
#define USE_VIA_ACE_IF_PRESENT
#endif
#if 0 && !defined( ASSUME_VIA_ACE_PRESENT )
#define ASSUME_VIA_ACE_PRESENT
#endif
#if !defined( _MSC_VER ) && !defined( __GNUC__ )
# if defined( ASSUME_VIA_ACE_PRESENT )
# undef ASSUME_VIA_ACE_PRESENT
# endif
# if defined( USE_VIA_ACE_IF_PRESENT )
# undef USE_VIA_ACE_IF_PRESENT
# endif
#endif
#if defined( ASSUME_VIA_ACE_PRESENT ) && !defined( USE_VIA_ACE_IF_PRESENT )
#define USE_VIA_ACE_IF_PRESENT
#endif
#if defined( USE_VIA_ACE_IF_PRESENT ) && !defined ( AES_REV_DKS )
#define AES_REV_DKS
#endif
/* 3. ASSEMBLER SUPPORT
This define (which can be on the command line) enables the use of the
assembler code routines for encryption, decryption and key scheduling
as follows:
ASM_V1 uses the assembler (aescrypt1.asm) for large tables with
tables and key scheduling in C
ASM_V2 uses assembler (aescrypt2.asm) with compressed tables
and key scheduling
ASM_V2C uses assembler (aescrypt2.asm) with compressed tables
but uses key scheduling in C
*/
#if 0 && !defined( ASM_V1 )
#define ASM_V1
#elif 0 && !defined( ASM_V2 )
#define ASM_V2
#elif 0 && !defined( ASM_V2C )
#define ASM_V2C
#endif
#if defined( ASM_V1 ) && (ALGORITHM_BYTE_ORDER != PLATFORM_BYTE_ORDER)
#undef ALGORITHM_BYTE_ORDER
#define ALGORITHM_BYTE_ORDER PLATFORM_BYTE_ORDER
#endif
/* 4. FUNCTIONS REQUIRED
This implementation provides subroutines for encryption, decryption
and for setting the three key lengths (separately) for encryption
and decryption. When the assembler code is not being used the following
definition blocks allow the selection of the routines that are to be
included in the compilation.
*/
#if !defined( AES_ENCRYPT )
# define EFUNCS_IN_C 0
#elif defined( USE_VIA_ACE_IF_PRESENT ) || defined( ASM_V1 )
# define EFUNCS_IN_C ENC_KEYING_IN_C
#elif defined( ASM_V2C )
# define EFUNCS_IN_C ENC_KEYING_IN_C
#elif !defined( ASM_V2 )
# define EFUNCS_IN_C ( ENCRYPTION_IN_C | ENC_KEYING_IN_C )
#else
# define EFUNCS_IN_C 0
#endif
#if !defined( AES_DECRYPT )
# define DFUNCS_IN_C 0
#elif defined( USE_VIA_ACE_IF_PRESENT ) || defined( ASM_V1 )
# define DFUNCS_IN_C DEC_KEYING_IN_C
#elif defined( ASM_V2C )
# define DFUNCS_IN_C DEC_KEYING_IN_C
#elif !defined( ASM_V2 )
# define DFUNCS_IN_C ( DECRYPTION_IN_C | DEC_KEYING_IN_C )
#else
# define DFUNCS_IN_C 0
#endif
#define FUNCS_IN_C ( EFUNCS_IN_C | DFUNCS_IN_C )
/* 5. FAST INPUT/OUTPUT OPERATIONS.
On some machines it is possible to improve speed by transferring the
bytes in the input and output arrays to and from the internal 32-bit
variables by addressing these arrays as if they are arrays of 32-bit
words. On some machines this will always be possible but there may
be a large performance penalty if the byte arrays are not aligned on
the normal word boundaries. On other machines this technique will
lead to memory access errors when such 32-bit word accesses are not
properly aligned. The option SAFE_IO avoids such problems but will
often be slower on those machines that support misaligned access
(especially so if care is taken to align the input and output byte
arrays on 32-bit word boundaries). If SAFE_IO is not defined it is
assumed that access to byte arrays as if they are arrays of 32-bit
words will not cause problems when such accesses are misaligned.
*/
#if 1 && !defined(_MSC_VER)
#define SAFE_IO
#endif
/* 6. LOOP UNROLLING
The code for encryption and decrytpion cycles through a number of rounds
that can be implemented either in a loop or by expanding the code into a
long sequence of instructions, the latter producing a larger program but
one that will often be much faster. The latter is called loop unrolling.
There are also potential speed advantages in expanding two iterations in
a loop with half the number of iterations, which is called partial loop
unrolling. The following options allow partial or full loop unrolling
to be set independently for encryption and decryption
*/
#if 1
#define ENC_UNROLL FULL
#elif 0
#define ENC_UNROLL PARTIAL
#else
#define ENC_UNROLL NONE
#endif
#if 1
#define DEC_UNROLL FULL
#elif 0
#define DEC_UNROLL PARTIAL
#else
#define DEC_UNROLL NONE
#endif
/* 7. FAST FINITE FIELD OPERATIONS
If this section is included, tables are used to provide faster finite
field arithmetic (this has no effect if FIXED_TABLES is defined).
*/
#if 1
#define FF_TABLES
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -