mks_aes.cpp

xtunnel nat/fw traversal source code

      temp1.w[2]=(*wp++)^
                 t0.w[temp0.bm[2][0]]^t1.w[temp0.bm[3][1]]^
                 t2.w[temp0.bm[0][2]]^t3.w[temp0.bm[1][3]];
      temp1.w[3]=(*wp++)^
                 t0.w[temp0.bm[3][0]]^t1.w[temp0.bm[0][1]]^
                 t2.w[temp0.bm[1][2]]^t3.w[temp0.bm[2][3]];

      temp0.w[0]=(*wp++)^
                 t0.w[temp1.bm[0][0]]^t1.w[temp1.bm[1][1]]^
                 t2.w[temp1.bm[2][2]]^t3.w[temp1.bm[3][3]];
      temp0.w[1]=(*wp++)^
                 t0.w[temp1.bm[1][0]]^t1.w[temp1.bm[2][1]]^
                 t2.w[temp1.bm[3][2]]^t3.w[temp1.bm[0][3]];
      temp0.w[2]=(*wp++)^
                 t0.w[temp1.bm[2][0]]^t1.w[temp1.bm[3][1]]^
                 t2.w[temp1.bm[0][2]]^t3.w[temp1.bm[1][3]];
      temp0.w[3]=(*wp++)^
                 t0.w[temp1.bm[3][0]]^t1.w[temp1.bm[0][1]]^
                 t2.w[temp1.bm[1][2]]^t3.w[temp1.bm[2][3]];
    }

    temp1.w[0]=(*wp++)^
               t0.w[temp0.bm[0][0]]^t1.w[temp0.bm[1][1]]^
               t2.w[temp0.bm[2][2]]^t3.w[temp0.bm[3][3]];
    temp1.w[1]=(*wp++)^
               t0.w[temp0.bm[1][0]]^t1.w[temp0.bm[2][1]]^
               t2.w[temp0.bm[3][2]]^t3.w[temp0.bm[0][3]];
    temp1.w[2]=(*wp++)^
               t0.w[temp0.bm[2][0]]^t1.w[temp0.bm[3][1]]^
               t2.w[temp0.bm[0][2]]^t3.w[temp0.bm[1][3]];
    temp1.w[3]=(*wp++)^
               t0.w[temp0.bm[3][0]]^t1.w[temp0.bm[0][1]]^
               t2.w[temp0.bm[1][2]]^t3.w[temp0.bm[2][3]];

    aesout.w[0]=(*wp++)^
                u0.w[temp1.bm[0][0]]^u1.w[temp1.bm[1][1]]^
                u2.w[temp1.bm[2][2]]^u3.w[temp1.bm[3][3]];
    aesout.w[1]=(*wp++)^
                u0.w[temp1.bm[1][0]]^u1.w[temp1.bm[2][1]]^
                u2.w[temp1.bm[3][2]]^u3.w[temp1.bm[0][3]];
    aesout.w[2]=(*wp++)^
                u0.w[temp1.bm[2][0]]^u1.w[temp1.bm[3][1]]^
                u2.w[temp1.bm[0][2]]^u3.w[temp1.bm[1][3]];
    aesout.w[3]=(*wp++)^
                u0.w[temp1.bm[3][0]]^u1.w[temp1.bm[0][1]]^
                u2.w[temp1.bm[1][2]]^u3.w[temp1.bm[2][3]];
  }

  else

  { wp=&ekey.w[ekeywdimminus1];

    temp0.w[3]=(*wp--)^aesin.w[3];
    temp0.w[2]=(*wp--)^aesin.w[2]; 
    temp0.w[1]=(*wp--)^aesin.w[1];
    temp0.w[0]=(*wp--)^aesin.w[0]; 

    for (grdp=1; grdp < roundpairs; grdp++)
    { temp1.w[3]=(*wp--)^
                 v0.w[temp0.bm[3][0]]^v1.w[temp0.bm[2][1]]^
                 v2.w[temp0.bm[1][2]]^v3.w[temp0.bm[0][3]];
      temp1.w[2]=(*wp--)^
                 v0.w[temp0.bm[2][0]]^v1.w[temp0.bm[1][1]]^
                 v2.w[temp0.bm[0][2]]^v3.w[temp0.bm[3][3]];
      temp1.w[1]=(*wp--)^
                 v0.w[temp0.bm[1][0]]^v1.w[temp0.bm[0][1]]^
                 v2.w[temp0.bm[3][2]]^v3.w[temp0.bm[2][3]];     
      temp1.w[0]=(*wp--)^
                 v0.w[temp0.bm[0][0]]^v1.w[temp0.bm[3][1]]^
                 v2.w[temp0.bm[2][2]]^v3.w[temp0.bm[1][3]];

      temp0.w[3]=(*wp--)^
                 v0.w[temp1.bm[3][0]]^v1.w[temp1.bm[2][1]]^
                 v2.w[temp1.bm[1][2]]^v3.w[temp1.bm[0][3]];
      temp0.w[2]=(*wp--)^
                 v0.w[temp1.bm[2][0]]^v1.w[temp1.bm[1][1]]^
                 v2.w[temp1.bm[0][2]]^v3.w[temp1.bm[3][3]];
      temp0.w[1]=(*wp--)^
                 v0.w[temp1.bm[1][0]]^v1.w[temp1.bm[0][1]]^
                 v2.w[temp1.bm[3][2]]^v3.w[temp1.bm[2][3]];
      temp0.w[0]=(*wp--)^
                 v0.w[temp1.bm[0][0]]^v1.w[temp1.bm[3][1]]^
                 v2.w[temp1.bm[2][2]]^v3.w[temp1.bm[1][3]];
    }
        
    temp1.w[3]=(*wp--)^
               v0.w[temp0.bm[3][0]]^v1.w[temp0.bm[2][1]]^
               v2.w[temp0.bm[1][2]]^v3.w[temp0.bm[0][3]];
    temp1.w[2]=(*wp--)^
               v0.w[temp0.bm[2][0]]^v1.w[temp0.bm[1][1]]^
               v2.w[temp0.bm[0][2]]^v3.w[temp0.bm[3][3]];
    temp1.w[1]=(*wp--)^
               v0.w[temp0.bm[1][0]]^v1.w[temp0.bm[0][1]]^
               v2.w[temp0.bm[3][2]]^v3.w[temp0.bm[2][3]];
    temp1.w[0]=(*wp--)^
               v0.w[temp0.bm[0][0]]^v1.w[temp0.bm[3][1]]^
               v2.w[temp0.bm[2][2]]^v3.w[temp0.bm[1][3]];

    aesout.w[3]=(*wp--)^
                w0.w[temp1.bm[3][0]]^w1.w[temp1.bm[2][1]]^
                w2.w[temp1.bm[1][2]]^w3.w[temp1.bm[0][3]];
    aesout.w[2]=(*wp--)^
                w0.w[temp1.bm[2][0]]^w1.w[temp1.bm[1][1]]^
                w2.w[temp1.bm[0][2]]^w3.w[temp1.bm[3][3]];
    aesout.w[1]=(*wp--)^
                w0.w[temp1.bm[1][0]]^w1.w[temp1.bm[0][1]]^
                w2.w[temp1.bm[3][2]]^w3.w[temp1.bm[2][3]];
    aesout.w[0]=(*wp--)^
                w0.w[temp1.bm[0][0]]^w1.w[temp1.bm[3][1]]^
                w2.w[temp1.bm[2][2]]^w3.w[temp1.bm[1][3]];
  }
}

/* ----------------------------------------------------------
// Timing utility and demo. 
// Note that, for obtaining meaningful results, one needs to 
// have a sufficiently large number of iterations of the task 
// being benchmarked.
------------------------------------------------------------- */

int oldtime;

static void mestime1()
{ oldtime=clock();
}

static void mestime2(char * st)
{ int t;
  t=clock(); 
  printf("%s    time: %8.2f sec\n",st,
         (double)(t-oldtime)/CLOCKS_PER_SEC);
}

static void display(byte b[], int size)
{ int i;
  for (i=0; i < size; i++)
  { printf(" %2.2x",b[i]); if ((i%16)==15) printf("\n"); }
  if ((size%16)!=0) printf("\n"); printf("\n");
}

void aesdemo()
{ int i,keylength,itern1,itern2;

/* ----------------------------------------------------------
// Plaintext of example vectors of FIPS-197 (same in all cases).
------------------------------------------------------------- */

  const byte pt[16]={ 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
                      0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff };

/* ----------------------------------------------------------
// User-key of example vectors of FIPS-197 for keylength 256.
// The first part (16/24 bytes) is used for keylength 128/192.
------------------------------------------------------------- */

  const byte kg[32]={ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
                      0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
                      0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
                      0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f };

/* ----------------------------------------------------------
// Setting ukey.b (array is used in all cases of keylength).
------------------------------------------------------------- */

  for (i=0; i<32; i++) ukey.b[i]=kg[i];

labela:
   
  printf("\nFIPS-197 example vector processing:\n");

  printf("enter keylength (128/192/256): (0 for end)\n");
  scanf("%d",&keylength); 
  if (keylength==0) goto labelb;

  aessetup(keylength);
  printf("\nuser-key:\n"); display(ukey.b,Nb*Nk);

  aeskeyschedule(encrypt); 
  
  for (i=0; i<16; i++) aesin.b[i]=pt[i];
  printf("plaintext:\n"); display(aesin.b,16);

  aesprocess();    

  printf("ciphertext:\n"); display(aesout.b,16);
     
  aeskeyschedule(decrypt);

  for (i=0; i<4; i++) aesin.w[i]=aesout.w[i];
  printf("decryption input:\n"); display(aesin.b,16);

  aesprocess();     

  printf("plaintext recovered:\n"); display(aesout.b,16);

  goto labela;

labelb:

  printf("\nbenchmarking:\n");

  printf("enter keylength (128/192/256): (0 for end)\n");
  scanf("%d",&keylength); 
  if (keylength==0) goto termination;

  printf("enter iteration no. of algorithm setup:\n");
  printf("(enter a small number, since much computation)\n");
  scanf("%d",&itern1);
  if (itern1 < 1) goto termination;

  mestime1();
  for (i=0; i < itern1; i++)
  {

/* ----------------------------------------------------------
// Resetting aessetupdone is for benchmarking only, in order to 
// obtain the worst case figure. User should never do the same.
------------------------------------------------------------- */

    aessetupdone=0;

    aessetup(keylength);

  }
  mestime2("algorithm setup       ");

  printf("enter iteration no. of keyscheduling and processing:\n");
  printf("(enter a larger number for better accuracy)\n");
  scanf("%d",&itern2);
  if (itern2 < 1) goto termination;

  mestime1();
  for (i=0; i < itern2; i++) aeskeyschedule(encrypt); 
  mestime2("encryption keyschedule");

  for (i=0; i<16; i++) aesin.b[i]=pt[i];

  mestime1();
  for (i=0; i < itern2; i++) aesprocess(); 
  mestime2("encryption processing ");

  mestime1();
  for (i=0; i < itern2; i++) aeskeyschedule(decrypt);
  mestime2("decryption keyschedule");

  for (i=0; i<4; i++) aesin.w[i]=aesout.w[i];

  mestime1();
  for (i=0; i < itern2; i++) aesprocess();
  mestime2("decryption processing ");

  goto labelb;

termination:

  printf("\naesdemo run ended\n");

}

/* ----------------------------------------------------------
//
// Copyright (C) Mok-Kong Shen 2003.  mok-kong.shen@t-online.de
//
//
// Free license:
//
// This work and all modified versions of it may be freely 
// copied, modified, redistributed and used for all legal 
// civilian purposes without formality albeit at licensee's
// own risk and responsibility, subject to the following 
// conditions:
//
// (1) A copy of this copyright notice with the release history
//     list and the site modification history list must be 
//     included in any copy of this work or any modified version 
//     of it. 
//
// (2) If this work or any modified version of it forms part
//     of a software in object code or binary code, a document
//     for users should accompany the software stating this 
//     fact and include this copyright notice as well as an
//     URL of the licensee where the source code of the package 
//     in the version actually being used in the software can 
//     be found.
//    
// (3) Any modification (except dropping of the Supplement) 
//     should be appropriately documented in the site 
//     modification history list below. The last date of site 
//     modification (at the beginning of the package) is to be 
//     updated.
//
// (4) In case of non-trivial modifications, i.e. those 
//     stemming from efficiency or correctness considerations
//     or from issues of interoperability with other AES 
//     implementations, a copy of the modified package is to be 
//     immediately sent to the copyright owner at the address 
//     above.
//
// (5) Eventual negative or unfavourable consequences and
//     losses or damages of any form to any persons in 
//     connection with the use of this work or its modified 
//     versions do not constitute any liabilities on the part 
//     of the copyright owner.
//
// This free license is unlimited in time [1]. Any attempt of
// non-compliance with the above terms or any occurence of
// their practical unsatisfiability due to whatever reasons, 
// however, automatically terminates the license. Such 
// termination does not affect other licensees who have 
// previously obtained materials from the person with the 
// terminated license but who continue to comply with the 
// above terms.
//
// Other licenses:
//
// Any usages of the contents of the package that don't qualify
// for a free license as stated in the above require explicit
// specific licenses from the copyright owner.
//
//
// [1] Since copyright grants could be revoked after 35 years 
// (see http://www.copyright.gov/title17/92chap2.html#203), it
// could be argued that this license is not timeless for sure. 
// On the other hand, the lifespan of AES itself isn't likely 
// to exceed that period. So the issue is not practically 
// relevant in our context.
//
//
// Release history list:
//
// Release 1.0.
//
//   Posted to sci.crypt on 10th June 2003.
//
// Release 1.1.
//
//   Released on 1st July 2003. 
//
//   A few coding errors of trivial nature removed.
//
//   Syntax changed to conform to both the C and the C++ 
//   standard.
//
//   Function ekeyinvmixcolumnstransform is replaced by a 
//   more efficient version that makes use of the newly 
//   introduced tables z's.
//
//   Function aesprocess is replaced by a more efficient one
//   through partial loop-unrolling and use of two alternating 
//   buffers.
//   
//   Instead of having two separate parts, the package is now
//   a monolithic one, with the functions aespackageinstall
//   and aesdemo performing installation and demonstration
//   respectively.
//
//   Release 1.2
//
//   Released on 10th July 2003.
//
//   Functions userkeyexpansion and aesprocess are replaced by 
//   more efficient versions. The tables u's and w's are
//   introduced for use by the function aesprocess.
//
//   An informative Annex is introduced to help understanding
//   of the program logic.
//
//   Release 1.3
// 
//   Released on 3rd August 2003.
//
//   Functions userkeyexpansion and ekeyinvmixcolumnstransform
//   are merged into the function aeskeyschedule and optimized.
//   A table y is thereby introduced. Functions aesprocess and 
//   aesdemo are unessentially modified.
//
//   A (separate) Supplement is provided containing keyscheduling 
//   and processing functions in the form with input/output 
//   parameters for enabling a fairer benchmark comparison with 
//   other AES implementations that have input/output parameters 
//   in such functions.
//
//   Release 1.4
//
//   Function aespackageinstall is removed, the tables being
//   now generated at application run time when the function 
//   aessetup is called. There is no longer a separate 
//   installation run, nor any permanent disk storage for the 
//   tables.
// 
//   Function aeskeyschedule is optimized. Function aesprocess 
//   is unessentially modified. The Annex is merged into the 
//   Supplement.
//
//
// Site modification history list: 
// 
// alex 03.11.07 Set up header file for CVsAES to include, couple warning-removing tweaks
//
//
------------------------------------------------------------- */

/* ----------------------------------------------------------
// 
// End of principal part of AES package release 1.4
// 
------------------------------------------------------------- */