aes.c

AES加解密算法的C语言实现

//Input :

// s0'= {02}.s0,
// s1'= {02}.s1,...  s15'={02}.s15 

// Formula gives for the 1st column of State:
// s0'' = ({02}.s0) xor ({03}.s1) xor s2 xor s3 
// s1'' = s0 xor ({02}.s1) xor ({03}.s2) xor s3
// s2'' = s0 xor s1 xor ({02}.s2) xor ({03}.s3)
// s3'' = ({03}.s0) xor s1 xor s2 xor ({02}.s3)

//Output
// Formula gives for the 1st column of State:
// s0'' = ({0E}.s0) xor ({0B}.s1) xor ({0D}.s2) xor ({09}.s3) 
// s1'' = ({09}.s0) xor ({0E}.s1) xor ({0B}.s2) xor ({0D}.s3)
// s2'' = ({0D}.s0) xor ({09}.s1) xor ({0E}.s2) xor ({0B}.s3)
// s3'' = ({0B}.s0) xor ({0D}.s1 xor ({09}.s2) xor ({0E}.s3)

// -------------------------------------------------------------------------------
void InvMixcolumn_end (void)
{
// column 0
State2[0]^=State2[2];
xtime(0);	// s0'= {2}.(s0' xor s2') = ({04}.s0) xor ({04}.s2)
State2[1]^=State2[3];
xtime(1);	// s1' = {2}.(s1' xor s3')= ({04}.s1) xor ({04}.s3)

State[1]^=State2[1];			// s1'' = s1' xor s1'' =  s0 xor ({06}.s1) xor ({03}.s2) xor ({05}.s3)
State[0]^=State2[0];			// s0'' = s0' xor s0'' = ({06}.s0) xor ({03}.s1) xor ({05}.s2) xor s3
State[2]^=State2[0];			// s2'' = s0' xor s2'' = {05}.s0) xor s1 xor ({06}.s2) xor ({03}.s3)
State[3]^=State2[1];			// s3'' = s1' xor s3'' = ({03}.s0) xor ({05}.s1) xor s2 xor {06}.s3)

State2[0]^=State2[1];
xtime(0);	// s0'= {2}.(s0' xor s1') = ({08}.s0) xor ({08}.s1) xor ({08}.s2)xor ({08}.s3)

State[0]^=State2[0];			// s0'' = s0' xor s0'' = ({0E}.s0) xor ({0B}.s1) xor ({0D}.s2) xor ({09}.s3)
State[1]^=State2[0];			// s1'' = s0' xor s1'' = ({09}.s0) xor ({0E}.s1) xor ({0B}.s2)xor ({0D}.s3)
State[2]^=State2[0];			// s2'' = s0' xor s2'' = {0D}.s0) xor ({09}.s1) xor ({0E}.s2) xor ({0B}.s3)
State[3]^=State2[0];			// s3'' = s0' xor s3''= ({0B}.s0) xor ({0D}.s1 xor ({09}.s2) xor ({0E}.s3)

// compute column 1
State2[4]^=State2[6];	
xtime(4);	// s4'= {2}.(s4' xor s6')
State2[5]^=State2[7];	
xtime(5);	// s5' = {2}.(s5' xor s7')
State[5]^=State2[5];			// s5'' = s5' xor s5''
State[4]^=State2[4];			// s4'' = s4' xor s4''
State[6]^=State2[4];			// s6'' = s4' xor s6''
State[7]^=State2[5];			// s7'' = s5' xor s7''

State2[4]^=State2[5];
xtime(4);	// s4'= {2}.(s4' xor s5')
State[4]^=State2[4];			// s4'' = s4' xor s4''
State[5]^=State2[4];			// s5'' = s4' xor s5''
State[6]^=State2[4];			// s2'' = s4' xor s6''
State[7]^=State2[4];			// s3'' = s4' xor s7''

// compute column 2
State2[8]^=State2[10];
xtime(8);	// s8'= {2}.(s8' xor s10')
State2[9]^=State2[11];
xtime(9);	// s9' = {2}.(s9' xor s11')
State[9]^=State2[9];			// s9'' = s9' xor s9''
State[8]^=State2[8];			// s8'' = s8' xor s8''
State[10]^=State2[8];			// s10'' = s8' xor s10''
State[11]^=State2[9];			// s11'' = s9' xor s11''

//State2[8]=xtime(State2[8]^State2[9]);	// s8' = {2}.(s8' xor s9')
State2[8]^=State2[9];
xtime(8);	// s8' = {2}.(s8' xor s9')
State[8]^=State2[8];			// s8'' = s8' xor s8''
State[9]^=State2[8];			// s9'' = s8' xor s9''
State[10]^=State2[8];			// s10'' = s8' xor s10''
State[11]^=State2[8];			// s11'' = s8' xor s11''

// compute column 3
State2[12]^=State2[14];
xtime(12);// s12' = {2}.(s12' xor s14')
State2[13]^=State2[15];
xtime(13);// s13' = {2}.(s13' xor s15')
State[13]^=State2[13];			// s13'' = s13' xor s13''
State[12]^=State2[12];			// s12'' = s12' xor s12''
State[14]^=State2[12];			// s14'' = s12' xor s12''
State[15]^=State2[13];			// s15'' = s13' xor s15''

State2[12]^=State2[13];
xtime(12);// s12' = {2}.(s12' xor s13')
State[12]^=State2[12];			// s12'' = s12' xor s12''
State[13]^=State2[12];			// s13'' = s12' xor s13''
State[14]^=State2[12];			// s14'' = s12' xor s14''
State[15]^=State2[12];			// s15'' = s12' xor s15''
}

//-------------------------------------------------------------------------------
// void MixColumns(void)
// Compute State= Mixcolumn(State2)
//-------------------------------------------------------------------------------
void MixColumns(void)
{
	unsigned char t0;

	t0=State2[2]^State2[3];		// t0 = s2 xor s3
	State[0]=t0 ^ State2[1];	// s0' = s1 xor s2 xor s3 = s1 xor t0
	State[1]=t0 ^ State2[0];	// s1' = s0 xor s2 xor s3 = s0 xor t0
	 
	t0=State2[0]^State2[1];		// t0 = s0 xor s1
	State[2]=t0 ^ State2[3];	// s2' = s0 xor s1 xor s3 = t0 xor s3
	State[3]=t0 ^ State2[2];	// s3' = s0 xor s1 xor s2 = t0 xor s2

	t0=State2[6]^State2[7];		// t0 = s6 xor s7
	State[4]=t0 ^ State2[5];	// s4' = s5 xor s6 xor s7 = s5 xor t0
	State[5]=t0 ^ State2[4];	// s5' = s4 xor s6 xor s7 = s4 xor t0

	t0=State2[4]^State2[5];		// t0 = s4 xor s5
	State[6]=t0 ^ State2[7];	// s6' = s4 xor s5 xor s7 = t0 xor s7
	State[7]=t0 ^ State2[6];	// s7' = s4 xor s5 xor s6 = t0 xor s6

	t0=State2[10]^State2[11];	// t0 = s10 xor s11
	State[8]=t0 ^ State2[9];	// s8' = s9 xor s10 xor s11 = t0 xor s9	
	State[9]=t0 ^ State2[8];	// s9' = s8 xor s10 xor s11 = t0 xor s8 

	t0=State2[8]^State2[9];		// t0 = s8 xor s9
	State[10]=t0 ^ State2[11];	// s10' = s8 xor s9 xor s11 = t0 xor s11
	State[11]=t0 ^ State2[10];	// s11' = s8 xor s9 xor s10 = t0 xor s10

	t0=State2[14]^State2[15];	// t0 = s14 xor s15
	State[12]=t0 ^ State2[13];	// s12' = s13 xor s14 xor s15 = t0 xor s13	
	State[13]=t0 ^ State2[12];	// s13' = s12 xor s14 xor s15 = t0 xor s12 

	t0=State2[12]^State2[13];	// t0 = s12 xor s13
	State[14]=t0 ^ State2[15];	// s14' = s12 xor s13 xor s15 = t0 xor s15
	State[15]=t0 ^ State2[14];	// s15' = s12 xor s13 xor s14 = t0 xor s14

// compute {02}.s0, {02}.s1,... {02}.s15 in State2
//	for (i=15; i>0;i--) State2[i]=xtime(State2[i]);
	xtime(0);
	xtime(1);
	xtime(2);
	xtime(3);
	xtime(4);
	xtime(5);
	xtime(6);
	xtime(7);
	xtime(8);
	xtime(9);
	xtime(10);
	xtime(11);
	xtime(12);
	xtime(13);
	xtime(14);
	xtime(15);
	
	State[0]^=State2[0]^State2[1];  //s0' = s0' ^ ({02}.s1) xor ({02}.s0)
	State[1]^=State2[1]^State2[2];  //s1' = s1' ^ ({02}.s1) xor ({02}.s2)
	State[2]^=State2[2]^State2[3];  //s2' = s2' ^ ({02}.s2) xor ({02}.s3)
	State[3]^=State2[3]^State2[0];  //s3' = s3' ^ ({02}.s3) xor ({02}.s0)

//	 compute final s4, s5, s6, s7
	State[4]^=State2[4]^State2[5];  //s4' = s4' ^ ({02}.s4) xor ({02}.s5)
	State[5]^=State2[5]^State2[6];  //s5' = s5' ^ ({02}.s5) xor ({02}.s6)
	State[6]^=State2[6]^State2[7];  //s6' = s6' ^ ({02}.s6) xor ({02}.s7)
	State[7]^=State2[7]^State2[4];  //s7' = s7' ^ ({02}.s7) xor ({02}.s4)

//	 compute final s8, s9, s10, s11
	State[8]^=State2[8]^State2[9];  //s8' = s8' ^ ({02}.s8) xor ({02}.s9)
	State[9]^=State2[9]^State2[10];  //s9' = s9' ^ ({02}.s9) xor ({02}.s10)
	State[10]^=State2[10]^State2[11];  //s10' = s10' ^ ({02}.s10) xor ({02}.s11)
	State[11]^=State2[11]^State2[8];  //s11' = s11' ^ ({02}.s11) xor ({02}.s8)

//	 compute final s12, s13, s14, s15
	State[12]^=State2[12]^State2[13];  //s8' = s8' ^ ({02}.s8) xor ({02}.s9)
	State[13]^=State2[13]^State2[14];  //s9' = s9' ^ ({02}.s9) xor ({02}.s10)
	State[14]^=State2[14]^State2[15];  //s10' = s10' ^ ({02}.s10) xor ({02}.s11)
	State[15]^=State2[15]^State2[12];  //s11' = s11' ^ ({02}.s11) xor ({02}.s8)
}


//-------------------------------------------------------------------------------
// void Shiftrows_Subbyte(void)
// Compute State2= Shiftrow (Subbyte(State))
//-------------------------------------------------------------------------------
void Shiftrows_Subbyte(void)
{
	// row 0
	State2[0]=SBOX[State[0]];
	State2[4]=SBOX[State[4]];
	State2[8]=SBOX[State[8]];
	State2[12]=SBOX[State[12]];

	// row 2
	State2[1]=SBOX[State[5]];
	State2[5]=SBOX[State[9]];
	State2[9]=SBOX[State[13]];
	State2[13]=SBOX[State[1]];

	// row 1
	State2[10]=SBOX[State[2]];
	State2[14]=SBOX[State[6]];
	State2[2]=SBOX[State[10]];
	State2[6]=SBOX[State[14]];

	// row 3
	State2[3]=SBOX[State[15]];
	State2[7]=SBOX[State[3]];
	State2[11]=SBOX[State[7]];
	State2[15]=SBOX[State[11]];
}

//-------------------------------------------------------------------------------
// void Invshiftrows_Invsubbyte(void)
// Compute State2= Invshiftrows (Invsubbyte(State))
//-------------------------------------------------------------------------------
void Invshiftrows_Invsubbyte(void)
{
	// row 0
	State2[0]=INVSBOX[State[0]];
	State2[4]=INVSBOX[State[4]];
	State2[8]=INVSBOX[State[8]];
	State2[12]=INVSBOX[State[12]];

	// row 2
	State2[10]=INVSBOX[State[2]];
	State2[14]=INVSBOX[State[6]];
	State2[2]=INVSBOX[State[10]];
	State2[6]=INVSBOX[State[14]];

	// row 1
	State2[1]=INVSBOX[State[13]];
	State2[5]=INVSBOX[State[1]];
	State2[9]=INVSBOX[State[5]];
	State2[13]=INVSBOX[State[9]];

	// row 3
	State2[3]=INVSBOX[State[7]];
	State2[7]=INVSBOX[State[11]];
	State2[11]=INVSBOX[State[15]];
	State2[15]=INVSBOX[State[3]];
}