rijndael-alg-fst.c

AES最新加密解密算法

    for (;;) {
        t0 =
            Td0[(s0 >> 24)       ] ^
            Td1[(s3 >> 16) & 0xff] ^
            Td2[(s2 >>  8) & 0xff] ^
            Td3[(s1      ) & 0xff] ^
            rk[4];
        t1 =
            Td0[(s1 >> 24)       ] ^
            Td1[(s0 >> 16) & 0xff] ^
            Td2[(s3 >>  8) & 0xff] ^
            Td3[(s2      ) & 0xff] ^
            rk[5];
        t2 =
            Td0[(s2 >> 24)       ] ^
            Td1[(s1 >> 16) & 0xff] ^
            Td2[(s0 >>  8) & 0xff] ^
            Td3[(s3      ) & 0xff] ^
            rk[6];
        t3 =
            Td0[(s3 >> 24)       ] ^
            Td1[(s2 >> 16) & 0xff] ^
            Td2[(s1 >>  8) & 0xff] ^
            Td3[(s0      ) & 0xff] ^
            rk[7];

        rk += 8;
        if (--r == 0) {
            break;
        }

        s0 =
            Td0[(t0 >> 24)       ] ^
            Td1[(t3 >> 16) & 0xff] ^
            Td2[(t2 >>  8) & 0xff] ^
            Td3[(t1      ) & 0xff] ^
            rk[0];
        s1 =
            Td0[(t1 >> 24)       ] ^
            Td1[(t0 >> 16) & 0xff] ^
            Td2[(t3 >>  8) & 0xff] ^
            Td3[(t2      ) & 0xff] ^
            rk[1];
        s2 =
            Td0[(t2 >> 24)       ] ^
            Td1[(t1 >> 16) & 0xff] ^
            Td2[(t0 >>  8) & 0xff] ^
            Td3[(t3      ) & 0xff] ^
            rk[2];
        s3 =
            Td0[(t3 >> 24)       ] ^
            Td1[(t2 >> 16) & 0xff] ^
            Td2[(t1 >>  8) & 0xff] ^
            Td3[(t0      ) & 0xff] ^
            rk[3];
    }
#endif /* ?FULL_UNROLL */
    /*
	 * apply last round and
	 * map cipher state to byte array block:
	 */
   	s0 =
   		(Td4[(t0 >> 24)       ] & 0xff000000) ^
   		(Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
   		(Td4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
   		(Td4[(t1      ) & 0xff] & 0x000000ff) ^
   		rk[0];
	PUTU32(pt     , s0);
   	s1 =
   		(Td4[(t1 >> 24)       ] & 0xff000000) ^
   		(Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
   		(Td4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
   		(Td4[(t2      ) & 0xff] & 0x000000ff) ^
   		rk[1];
	PUTU32(pt +  4, s1);
   	s2 =
   		(Td4[(t2 >> 24)       ] & 0xff000000) ^
   		(Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
   		(Td4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
   		(Td4[(t3      ) & 0xff] & 0x000000ff) ^
   		rk[2];
	PUTU32(pt +  8, s2);
   	s3 =
   		(Td4[(t3 >> 24)       ] & 0xff000000) ^
   		(Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
   		(Td4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
   		(Td4[(t0      ) & 0xff] & 0x000000ff) ^
   		rk[3];
	PUTU32(pt + 12, s3);
}

#ifdef INTERMEDIATE_VALUE_KAT

void rijndaelEncryptRound(const u32 rk[/*4*(Nr + 1)*/], int Nr, u8 block[16], int rounds) {
	int r;
	u32 s0, s1, s2, s3, t0, t1, t2, t3;

    /*
	 * map byte array block to cipher state
	 * and add initial round key:
	 */
	s0 = GETU32(block     ) ^ rk[0];
	s1 = GETU32(block +  4) ^ rk[1];
	s2 = GETU32(block +  8) ^ rk[2];
	s3 = GETU32(block + 12) ^ rk[3];
    rk += 4;

    /*
	 * Nr - 1 full rounds:
	 */
	for (r = (rounds < Nr ? rounds : Nr - 1); r > 0; r--) {
		t0 =
			Te0[(s0 >> 24)       ] ^
			Te1[(s1 >> 16) & 0xff] ^
			Te2[(s2 >>  8) & 0xff] ^
			Te3[(s3      ) & 0xff] ^
			rk[0];
		t1 =
			Te0[(s1 >> 24)       ] ^
			Te1[(s2 >> 16) & 0xff] ^
			Te2[(s3 >>  8) & 0xff] ^
			Te3[(s0      ) & 0xff] ^
			rk[1];
		t2 =
			Te0[(s2 >> 24)       ] ^
			Te1[(s3 >> 16) & 0xff] ^
			Te2[(s0 >>  8) & 0xff] ^
			Te3[(s1      ) & 0xff] ^
			rk[2];
		t3 =
			Te0[(s3 >> 24)       ] ^
			Te1[(s0 >> 16) & 0xff] ^
			Te2[(s1 >>  8) & 0xff] ^
			Te3[(s2      ) & 0xff] ^
			rk[3];

		s0 = t0;
		s1 = t1;
		s2 = t2;
		s3 = t3;
		rk += 4;

    }

    /*
	 * apply last round and
	 * map cipher state to byte array block:
	 */
	if (rounds == Nr) {
    	t0 =
    		(Te4[(s0 >> 24)       ] & 0xff000000) ^
    		(Te4[(s1 >> 16) & 0xff] & 0x00ff0000) ^
    		(Te4[(s2 >>  8) & 0xff] & 0x0000ff00) ^
    		(Te4[(s3      ) & 0xff] & 0x000000ff) ^
    		rk[0];
    	t1 =
    		(Te4[(s1 >> 24)       ] & 0xff000000) ^
    		(Te4[(s2 >> 16) & 0xff] & 0x00ff0000) ^
    		(Te4[(s3 >>  8) & 0xff] & 0x0000ff00) ^
    		(Te4[(s0      ) & 0xff] & 0x000000ff) ^
    		rk[1];
    	t2 =
    		(Te4[(s2 >> 24)       ] & 0xff000000) ^
    		(Te4[(s3 >> 16) & 0xff] & 0x00ff0000) ^
    		(Te4[(s0 >>  8) & 0xff] & 0x0000ff00) ^
    		(Te4[(s1      ) & 0xff] & 0x000000ff) ^
    		rk[2];
    	t3 =
    		(Te4[(s3 >> 24)       ] & 0xff000000) ^
    		(Te4[(s0 >> 16) & 0xff] & 0x00ff0000) ^
    		(Te4[(s1 >>  8) & 0xff] & 0x0000ff00) ^
    		(Te4[(s2      ) & 0xff] & 0x000000ff) ^
    		rk[3];
		
		s0 = t0;
		s1 = t1;
		s2 = t2;
		s3 = t3;
	}

	PUTU32(block     , s0);
	PUTU32(block +  4, s1);
	PUTU32(block +  8, s2);
	PUTU32(block + 12, s3);
}

void rijndaelDecryptRound(const u32 rk[/*4*(Nr + 1)*/], int Nr, u8 block[16], int rounds) {
	int r;
	u32 s0, s1, s2, s3, t0, t1, t2, t3;

    /*
	 * map byte array block to cipher state
	 * and add initial round key:
	 */
	s0 = GETU32(block     ) ^ rk[0];
	s1 = GETU32(block +  4) ^ rk[1];
	s2 = GETU32(block +  8) ^ rk[2];
	s3 = GETU32(block + 12) ^ rk[3];
    rk += 4;

    /*
	 * Nr - 1 full rounds:
	 */
	for (r = (rounds < Nr ? rounds : Nr) - 1; r > 0; r--) {
		t0 =
			Td0[(s0 >> 24)       ] ^
			Td1[(s3 >> 16) & 0xff] ^
			Td2[(s2 >>  8) & 0xff] ^
			Td3[(s1      ) & 0xff] ^
			rk[0];
		t1 =
			Td0[(s1 >> 24)       ] ^
			Td1[(s0 >> 16) & 0xff] ^
			Td2[(s3 >>  8) & 0xff] ^
			Td3[(s2      ) & 0xff] ^
			rk[1];
		t2 =
			Td0[(s2 >> 24)       ] ^
			Td1[(s1 >> 16) & 0xff] ^
			Td2[(s0 >>  8) & 0xff] ^
			Td3[(s3      ) & 0xff] ^
			rk[2];
		t3 =
			Td0[(s3 >> 24)       ] ^
			Td1[(s2 >> 16) & 0xff] ^
			Td2[(s1 >>  8) & 0xff] ^
			Td3[(s0      ) & 0xff] ^
			rk[3];

		s0 = t0;
		s1 = t1;
		s2 = t2;
		s3 = t3;
		rk += 4;

    }

    /*
	 * complete the last round and
	 * map cipher state to byte array block:
	 */
	t0 =
		(Td4[(s0 >> 24)       ] & 0xff000000) ^
		(Td4[(s3 >> 16) & 0xff] & 0x00ff0000) ^
		(Td4[(s2 >>  8) & 0xff] & 0x0000ff00) ^
		(Td4[(s1      ) & 0xff] & 0x000000ff);
	t1 =
		(Td4[(s1 >> 24)       ] & 0xff000000) ^
		(Td4[(s0 >> 16) & 0xff] & 0x00ff0000) ^
		(Td4[(s3 >>  8) & 0xff] & 0x0000ff00) ^
		(Td4[(s2      ) & 0xff] & 0x000000ff);
	t2 =
		(Td4[(s2 >> 24)       ] & 0xff000000) ^
		(Td4[(s1 >> 16) & 0xff] & 0x00ff0000) ^
		(Td4[(s0 >>  8) & 0xff] & 0x0000ff00) ^
		(Td4[(s3      ) & 0xff] & 0x000000ff);
	t3 =
		(Td4[(s3 >> 24)       ] & 0xff000000) ^
		(Td4[(s2 >> 16) & 0xff] & 0x00ff0000) ^
		(Td4[(s1 >>  8) & 0xff] & 0x0000ff00) ^
		(Td4[(s0      ) & 0xff] & 0x000000ff);

	if (rounds == Nr) {
	    t0 ^= rk[0];
	    t1 ^= rk[1];
	    t2 ^= rk[2];
	    t3 ^= rk[3];
	}

	PUTU32(block     , t0);
	PUTU32(block +  4, t1);
	PUTU32(block +  8, t2);
	PUTU32(block + 12, t3);
}

#endif /* INTERMEDIATE_VALUE_KAT */