Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(104)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: srtp/crypto/cipher/aes.c

Issue 889083003: Update libsrtp to upstream 1.5.0 (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/libsrtp@master
Patch Set: Updated to libsrtp 1.5.1 Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « srtp/crypto/ae_xfm/xfm.c ('k') | srtp/crypto/cipher/aes_cbc.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * aes.c 2 * aes.c
3 * 3 *
4 * An implemnetation of the AES block cipher. 4 * An implemnetation of the AES block cipher.
5 * 5 *
6 * David A. McGrew 6 * David A. McGrew
7 * Cisco Systems, Inc. 7 * Cisco Systems, Inc.
8 */ 8 */
9 9
10 /* 10 /*
(...skipping 25 matching lines...) Expand all
36 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 36 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
37 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 37 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
38 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 38 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
39 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 39 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
40 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 40 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
41 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 41 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
42 * OF THE POSSIBILITY OF SUCH DAMAGE. 42 * OF THE POSSIBILITY OF SUCH DAMAGE.
43 * 43 *
44 */ 44 */
45 45
46 #ifdef HAVE_CONFIG_H
47 #include <config.h>
48 #endif
46 49
47 #include "aes.h" 50 #include "aes.h"
48 #include "err.h" 51 #include "err.h"
49 52
50 /* 53 /*
51 * we use the tables T0, T1, T2, T3, and T4 to compute AES, and 54 * we use the tables T0, T1, T2, T3, and T4 to compute AES, and
52 * the tables U0, U1, U2, and U4 to compute its inverse 55 * the tables U0, U1, U2, and U4 to compute its inverse
53 * 56 *
54 * different tables are used on little-endian (Intel, VMS) and 57 * different tables are used on little-endian (Intel, VMS) and
55 * big-endian processors (everything else) 58 * big-endian processors (everything else)
(...skipping 1462 matching lines...) Expand 10 before | Expand all | Expand 10 after
1518 * for the first and the last) 1521 * for the first and the last)
1519 * 1522 *
1520 * mixColumn is implemented by using the tables U0, U1, U2, U3, 1523 * mixColumn is implemented by using the tables U0, U1, U2, U3,
1521 * followed by the T4 table (which cancels out the use of the sbox 1524 * followed by the T4 table (which cancels out the use of the sbox
1522 * in the U-tables) 1525 * in the U-tables)
1523 */ 1526 */
1524 for (i=1; i < num_rounds; i++) { 1527 for (i=1; i < num_rounds; i++) {
1525 #ifdef CPU_RISC 1528 #ifdef CPU_RISC
1526 uint32_t tmp; 1529 uint32_t tmp;
1527 1530
1531 #ifdef WORDS_BIGENDIAN
1528 tmp = expanded_key->round[i].v32[0]; 1532 tmp = expanded_key->round[i].v32[0];
1529 expanded_key->round[i].v32[0] = 1533 expanded_key->round[i].v32[0] =
1530 U0[T4[(tmp >> 24) ] & 0xff] ^ 1534 U0[T4[(tmp >> 24) ] & 0xff] ^
1531 U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1535 U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
1532 U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1536 U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
1533 U3[T4[(tmp) & 0xff] & 0xff]; 1537 U3[T4[(tmp) & 0xff] & 0xff];
1534 1538
1535 tmp = expanded_key->round[i].v32[1]; 1539 tmp = expanded_key->round[i].v32[1];
1536 expanded_key->round[i].v32[1] = 1540 expanded_key->round[i].v32[1] =
1537 U0[T4[(tmp >> 24) ] & 0xff] ^ 1541 U0[T4[(tmp >> 24) ] & 0xff] ^
1538 U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1542 U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
1539 U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1543 U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
1540 U3[T4[(tmp) & 0xff] & 0xff]; 1544 U3[T4[(tmp) & 0xff] & 0xff];
1541 1545
1542 tmp = expanded_key->round[i].v32[2]; 1546 tmp = expanded_key->round[i].v32[2];
1543 expanded_key->round[i].v32[2] = 1547 expanded_key->round[i].v32[2] =
1544 U0[T4[(tmp >> 24) ] & 0xff] ^ 1548 U0[T4[(tmp >> 24) ] & 0xff] ^
1545 U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1549 U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
1546 U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1550 U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
1547 U3[T4[(tmp) & 0xff] & 0xff]; 1551 U3[T4[(tmp) & 0xff] & 0xff];
1548 1552
1549 tmp = expanded_key->round[i].v32[3]; 1553 tmp = expanded_key->round[i].v32[3];
1550 expanded_key->round[i].v32[3] = 1554 expanded_key->round[i].v32[3] =
1551 U0[T4[(tmp >> 24) ] & 0xff] ^ 1555 U0[T4[(tmp >> 24) ] & 0xff] ^
1552 U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1556 U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
1553 U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1557 U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
1554 U3[T4[(tmp) & 0xff] & 0xff]; 1558 U3[T4[(tmp) & 0xff] & 0xff];
1559 #else
1560 tmp = expanded_key->round[i].v32[0];
1561 expanded_key->round[i].v32[0] =
1562 U3[T4[(tmp >> 24) ] & 0xff] ^
1563 U2[T4[(tmp >> 16) & 0xff] & 0xff] ^
1564 U1[T4[(tmp >> 8) & 0xff] & 0xff] ^
1565 U0[T4[(tmp) & 0xff] & 0xff];
1566
1567 tmp = expanded_key->round[i].v32[1];
1568 expanded_key->round[i].v32[1] =
1569 U3[T4[(tmp >> 24) ] & 0xff] ^
1570 U2[T4[(tmp >> 16) & 0xff] & 0xff] ^
1571 U1[T4[(tmp >> 8) & 0xff] & 0xff] ^
1572 U0[T4[(tmp) & 0xff] & 0xff];
1573
1574 tmp = expanded_key->round[i].v32[2];
1575 expanded_key->round[i].v32[2] =
1576 U3[T4[(tmp >> 24) ] & 0xff] ^
1577 U2[T4[(tmp >> 16) & 0xff] & 0xff] ^
1578 U1[T4[(tmp >> 8) & 0xff] & 0xff] ^
1579 U0[T4[(tmp) & 0xff] & 0xff];
1580
1581 tmp = expanded_key->round[i].v32[3];
1582 expanded_key->round[i].v32[3] =
1583 U3[T4[(tmp >> 24) ] & 0xff] ^
1584 U2[T4[(tmp >> 16) & 0xff] & 0xff] ^
1585 U1[T4[(tmp >> 8) & 0xff] & 0xff] ^
1586 U0[T4[(tmp) & 0xff] & 0xff];
1587 #endif /* WORDS_BIGENDIAN */
1588
1555 #else /* assume CPU_CISC */ 1589 #else /* assume CPU_CISC */
1556 1590
1557 uint32_t c0, c1, c2, c3; 1591 uint32_t c0, c1, c2, c3;
1558 1592
1559 c0 = U0[aes_sbox[expanded_key->round[i].v8[0]]] 1593 c0 = U0[aes_sbox[expanded_key->round[i].v8[0]]]
1560 ^ U1[aes_sbox[expanded_key->round[i].v8[1]]] 1594 ^ U1[aes_sbox[expanded_key->round[i].v8[1]]]
1561 ^ U2[aes_sbox[expanded_key->round[i].v8[2]]] 1595 ^ U2[aes_sbox[expanded_key->round[i].v8[2]]]
1562 ^ U3[aes_sbox[expanded_key->round[i].v8[3]]]; 1596 ^ U3[aes_sbox[expanded_key->round[i].v8[3]]];
1563 1597
1564 c1 = U0[aes_sbox[expanded_key->round[i].v8[4]]] 1598 c1 = U0[aes_sbox[expanded_key->round[i].v8[4]]]
(...skipping 18 matching lines...) Expand all
1583 1617
1584 #endif 1618 #endif
1585 } 1619 }
1586 1620
1587 return err_status_ok; 1621 return err_status_ok;
1588 } 1622 }
1589 1623
1590 #ifdef CPU_CISC 1624 #ifdef CPU_CISC
1591 1625
1592 1626
1593 static INLINE void 1627 static inline void
1594 aes_round(v128_t *state, const v128_t *round_key) { 1628 aes_round(v128_t *state, const v128_t *round_key) {
1595 uint32_t column0, column1, column2, column3; 1629 uint32_t column0, column1, column2, column3;
1596 1630
1597 /* compute the columns of the output square in terms of the octets 1631 /* compute the columns of the output square in terms of the octets
1598 of state, using the tables T0, T1, T2, T3 */ 1632 of state, using the tables T0, T1, T2, T3 */
1599 1633
1600 column0 = T0[state->v8[0]] ^ T1[state->v8[5]] 1634 column0 = T0[state->v8[0]] ^ T1[state->v8[5]]
1601 ^ T2[state->v8[10]] ^ T3[state->v8[15]]; 1635 ^ T2[state->v8[10]] ^ T3[state->v8[15]];
1602 1636
1603 column1 = T0[state->v8[4]] ^ T1[state->v8[9]] 1637 column1 = T0[state->v8[4]] ^ T1[state->v8[9]]
1604 ^ T2[state->v8[14]] ^ T3[state->v8[3]]; 1638 ^ T2[state->v8[14]] ^ T3[state->v8[3]];
1605 1639
1606 column2 = T0[state->v8[8]] ^ T1[state->v8[13]] 1640 column2 = T0[state->v8[8]] ^ T1[state->v8[13]]
1607 ^ T2[state->v8[2]] ^ T3[state->v8[7]]; 1641 ^ T2[state->v8[2]] ^ T3[state->v8[7]];
1608 1642
1609 column3 = T0[state->v8[12]] ^ T1[state->v8[1]] 1643 column3 = T0[state->v8[12]] ^ T1[state->v8[1]]
1610 ^ T2[state->v8[6]] ^ T3[state->v8[11]]; 1644 ^ T2[state->v8[6]] ^ T3[state->v8[11]];
1611 1645
1612 state->v32[0] = column0 ^ round_key->v32[0]; 1646 state->v32[0] = column0 ^ round_key->v32[0];
1613 state->v32[1] = column1 ^ round_key->v32[1]; 1647 state->v32[1] = column1 ^ round_key->v32[1];
1614 state->v32[2] = column2 ^ round_key->v32[2]; 1648 state->v32[2] = column2 ^ round_key->v32[2];
1615 state->v32[3] = column3 ^ round_key->v32[3]; 1649 state->v32[3] = column3 ^ round_key->v32[3];
1616 1650
1617 } 1651 }
1618 1652
1619 1653
1620 static INLINE void 1654 static inline void
1621 aes_inv_round(v128_t *state, const v128_t *round_key) { 1655 aes_inv_round(v128_t *state, const v128_t *round_key) {
1622 uint32_t column0, column1, column2, column3; 1656 uint32_t column0, column1, column2, column3;
1623 1657
1624 /* compute the columns of the output square in terms of the octets 1658 /* compute the columns of the output square in terms of the octets
1625 of state, using the tables U0, U1, U2, U3 */ 1659 of state, using the tables U0, U1, U2, U3 */
1626 1660
1627 column0 = U0[state->v8[0]] ^ U1[state->v8[13]] 1661 column0 = U0[state->v8[0]] ^ U1[state->v8[13]]
1628 ^ U2[state->v8[10]] ^ U3[state->v8[7]]; 1662 ^ U2[state->v8[10]] ^ U3[state->v8[7]];
1629 1663
1630 column1 = U0[state->v8[4]] ^ U1[state->v8[1]] 1664 column1 = U0[state->v8[4]] ^ U1[state->v8[1]]
1631 ^ U2[state->v8[14]] ^ U3[state->v8[11]]; 1665 ^ U2[state->v8[14]] ^ U3[state->v8[11]];
1632 1666
1633 column2 = U0[state->v8[8]] ^ U1[state->v8[5]] 1667 column2 = U0[state->v8[8]] ^ U1[state->v8[5]]
1634 ^ U2[state->v8[2]] ^ U3[state->v8[15]]; 1668 ^ U2[state->v8[2]] ^ U3[state->v8[15]];
1635 1669
1636 column3 = U0[state->v8[12]] ^ U1[state->v8[9]] 1670 column3 = U0[state->v8[12]] ^ U1[state->v8[9]]
1637 ^ U2[state->v8[6]] ^ U3[state->v8[3]]; 1671 ^ U2[state->v8[6]] ^ U3[state->v8[3]];
1638 1672
1639 state->v32[0] = column0 ^ round_key->v32[0]; 1673 state->v32[0] = column0 ^ round_key->v32[0];
1640 state->v32[1] = column1 ^ round_key->v32[1]; 1674 state->v32[1] = column1 ^ round_key->v32[1];
1641 state->v32[2] = column2 ^ round_key->v32[2]; 1675 state->v32[2] = column2 ^ round_key->v32[2];
1642 state->v32[3] = column3 ^ round_key->v32[3]; 1676 state->v32[3] = column3 ^ round_key->v32[3];
1643 1677
1644 } 1678 }
1645 1679
1646 static INLINE void 1680 static inline void
1647 aes_final_round(v128_t *state, const v128_t *round_key) { 1681 aes_final_round(v128_t *state, const v128_t *round_key) {
1648 uint8_t tmp; 1682 uint8_t tmp;
1649 1683
1650 /* byte substitutions and row shifts */ 1684 /* byte substitutions and row shifts */
1651 /* first row - no shift */ 1685 /* first row - no shift */
1652 state->v8[0] = aes_sbox[state->v8[0]]; 1686 state->v8[0] = aes_sbox[state->v8[0]];
1653 state->v8[4] = aes_sbox[state->v8[4]]; 1687 state->v8[4] = aes_sbox[state->v8[4]];
1654 state->v8[8] = aes_sbox[state->v8[8]]; 1688 state->v8[8] = aes_sbox[state->v8[8]];
1655 state->v8[12] = aes_sbox[state->v8[12]]; 1689 state->v8[12] = aes_sbox[state->v8[12]];
1656 1690
(...skipping 15 matching lines...) Expand all
1672 /* fourth row - shift three left */ 1706 /* fourth row - shift three left */
1673 tmp = aes_sbox[state->v8[15]]; 1707 tmp = aes_sbox[state->v8[15]];
1674 state->v8[15] = aes_sbox[state->v8[11]]; 1708 state->v8[15] = aes_sbox[state->v8[11]];
1675 state->v8[11] = aes_sbox[state->v8[7]]; 1709 state->v8[11] = aes_sbox[state->v8[7]];
1676 state->v8[7] = aes_sbox[state->v8[3]]; 1710 state->v8[7] = aes_sbox[state->v8[3]];
1677 state->v8[3] = tmp; 1711 state->v8[3] = tmp;
1678 1712
1679 v128_xor_eq(state, round_key); 1713 v128_xor_eq(state, round_key);
1680 } 1714 }
1681 1715
1682 static INLINE void 1716 static inline void
1683 aes_inv_final_round(v128_t *state, const v128_t *round_key) { 1717 aes_inv_final_round(v128_t *state, const v128_t *round_key) {
1684 uint8_t tmp; 1718 uint8_t tmp;
1685 1719
1686 /* byte substitutions and row shifts */ 1720 /* byte substitutions and row shifts */
1687 /* first row - no shift */ 1721 /* first row - no shift */
1688 state->v8[0] = aes_inv_sbox[state->v8[0]]; 1722 state->v8[0] = aes_inv_sbox[state->v8[0]];
1689 state->v8[4] = aes_inv_sbox[state->v8[4]]; 1723 state->v8[4] = aes_inv_sbox[state->v8[4]];
1690 state->v8[8] = aes_inv_sbox[state->v8[8]]; 1724 state->v8[8] = aes_inv_sbox[state->v8[8]];
1691 state->v8[12] = aes_inv_sbox[state->v8[12]]; 1725 state->v8[12] = aes_inv_sbox[state->v8[12]];
1692 1726
(...skipping 18 matching lines...) Expand all
1711 state->v8[7] = aes_inv_sbox[state->v8[11]]; 1745 state->v8[7] = aes_inv_sbox[state->v8[11]];
1712 state->v8[11] = aes_inv_sbox[state->v8[15]]; 1746 state->v8[11] = aes_inv_sbox[state->v8[15]];
1713 state->v8[15] = tmp; 1747 state->v8[15] = tmp;
1714 1748
1715 v128_xor_eq(state, round_key); 1749 v128_xor_eq(state, round_key);
1716 } 1750 }
1717 1751
1718 1752
1719 #elif CPU_RISC 1753 #elif CPU_RISC
1720 1754
1721 static INLINE void 1755 static inline void
1722 aes_round(v128_t *state, const v128_t *round_key) { 1756 aes_round(v128_t *state, const v128_t *round_key) {
1723 uint32_t column0, column1, column2, column3; 1757 uint32_t column0, column1, column2, column3;
1724 1758
1725 /* compute the columns of the output square in terms of the octets 1759 /* compute the columns of the output square in terms of the octets
1726 of state, using the tables T0, T1, T2, T3 */ 1760 of state, using the tables T0, T1, T2, T3 */
1727 #ifdef WORDS_BIGENDIAN 1761 #ifdef WORDS_BIGENDIAN
1728 column0 = T0[state->v32[0] >> 24] ^ T1[(state->v32[1] >> 16) & 0xff] 1762 column0 = T0[state->v32[0] >> 24] ^ T1[(state->v32[1] >> 16) & 0xff]
1729 ^ T2[(state->v32[2] >> 8) & 0xff] ^ T3[state->v32[3] & 0xff]; 1763 ^ T2[(state->v32[2] >> 8) & 0xff] ^ T3[state->v32[3] & 0xff];
1730 1764
1731 column1 = T0[state->v32[1] >> 24] ^ T1[(state->v32[2] >> 16) & 0xff] 1765 column1 = T0[state->v32[1] >> 24] ^ T1[(state->v32[2] >> 16) & 0xff]
(...skipping 18 matching lines...) Expand all
1750 ^ T2[(state->v32[1] >> 16) & 0xff] ^ T3[state->v32[2] >> 24]; 1784 ^ T2[(state->v32[1] >> 16) & 0xff] ^ T3[state->v32[2] >> 24];
1751 #endif /* WORDS_BIGENDIAN */ 1785 #endif /* WORDS_BIGENDIAN */
1752 1786
1753 state->v32[0] = column0 ^ round_key->v32[0]; 1787 state->v32[0] = column0 ^ round_key->v32[0];
1754 state->v32[1] = column1 ^ round_key->v32[1]; 1788 state->v32[1] = column1 ^ round_key->v32[1];
1755 state->v32[2] = column2 ^ round_key->v32[2]; 1789 state->v32[2] = column2 ^ round_key->v32[2];
1756 state->v32[3] = column3 ^ round_key->v32[3]; 1790 state->v32[3] = column3 ^ round_key->v32[3];
1757 1791
1758 } 1792 }
1759 1793
1760 static INLINE void 1794 static inline void
1761 aes_inv_round(v128_t *state, const v128_t *round_key) { 1795 aes_inv_round(v128_t *state, const v128_t *round_key) {
1762 uint32_t column0, column1, column2, column3; 1796 uint32_t column0, column1, column2, column3;
1763 1797
1764 /* compute the columns of the output square in terms of the octets 1798 /* compute the columns of the output square in terms of the octets
1765 of state, using the tables U0, U1, U2, U3 */ 1799 of state, using the tables U0, U1, U2, U3 */
1766 1800
1767 #ifdef WORDS_BIGENDIAN 1801 #ifdef WORDS_BIGENDIAN
1768 /* FIX! WRong indexes */
1769 column0 = U0[state->v32[0] >> 24] ^ U1[(state->v32[3] >> 16) & 0xff] 1802 column0 = U0[state->v32[0] >> 24] ^ U1[(state->v32[3] >> 16) & 0xff]
1770 ^ U2[(state->v32[2] >> 8) & 0xff] ^ U3[state->v32[1] & 0xff]; 1803 ^ U2[(state->v32[2] >> 8) & 0xff] ^ U3[state->v32[1] & 0xff];
1771 1804
1772 column1 = U0[state->v32[1] >> 24] ^ U1[(state->v32[0] >> 16) & 0xff] 1805 column1 = U0[state->v32[1] >> 24] ^ U1[(state->v32[0] >> 16) & 0xff]
1773 ^ U2[(state->v32[3] >> 8) & 0xff] ^ U3[state->v32[2] & 0xff]; 1806 ^ U2[(state->v32[3] >> 8) & 0xff] ^ U3[state->v32[2] & 0xff];
1774 1807
1775 column2 = U0[state->v32[2] >> 24] ^ U1[(state->v32[1] >> 16) & 0xff] 1808 column2 = U0[state->v32[2] >> 24] ^ U1[(state->v32[1] >> 16) & 0xff]
1776 ^ U2[(state->v32[0] >> 8) & 0xff] ^ U3[state->v32[3] & 0xff]; 1809 ^ U2[(state->v32[0] >> 8) & 0xff] ^ U3[state->v32[3] & 0xff];
1777 1810
1778 column3 = U0[state->v32[3] >> 24] ^ U1[(state->v32[2] >> 16) & 0xff] 1811 column3 = U0[state->v32[3] >> 24] ^ U1[(state->v32[2] >> 16) & 0xff]
1779 ^ U2[(state->v32[1] >> 8) & 0xff] ^ U3[state->v32[0] & 0xff]; 1812 ^ U2[(state->v32[1] >> 8) & 0xff] ^ U3[state->v32[0] & 0xff];
1780 #else 1813 #else
1781 column0 = U0[state->v32[0] & 0xff] ^ U1[(state->v32[1] >> 8) & 0xff] 1814 column0 = U0[state->v32[0] & 0xff] ^ U1[(state->v32[3] >> 8) & 0xff]
1782 » ^ U2[(state->v32[2] >> 16) & 0xff] ^ U3[state->v32[3] >> 24]; 1815 ^ U2[(state->v32[2] >> 16) & 0xff] ^ U3[(state->v32[1] >> 24) & 0xff];
1783 1816
1784 column1 = U0[state->v32[1] & 0xff] ^ U1[(state->v32[2] >> 8) & 0xff] 1817 column1 = U0[state->v32[1] & 0xff] ^ U1[(state->v32[0] >> 8) & 0xff]
1785 » ^ U2[(state->v32[3] >> 16) & 0xff] ^ U3[state->v32[0] >> 24]; 1818 ^ U2[(state->v32[3] >> 16) & 0xff] ^ U3[(state->v32[2] >> 24) & 0xff];
1786 1819
1787 column2 = U0[state->v32[2] & 0xff] ^ U1[(state->v32[3] >> 8) & 0xff] 1820 column2 = U0[state->v32[2] & 0xff] ^ U1[(state->v32[1] >> 8) & 0xff]
1788 » ^ U2[(state->v32[0] >> 16) & 0xff] ^ U3[state->v32[1] >> 24]; 1821 ^ U2[(state->v32[0] >> 16) & 0xff] ^ U3[(state->v32[3] >> 24) & 0xff];
1789 1822
1790 column3 = U0[state->v32[3] & 0xff] ^ U1[(state->v32[0] >> 8) & 0xff] 1823 column3 = U0[state->v32[3] & 0xff] ^ U1[(state->v32[2] >> 8) & 0xff]
1791 » ^ U2[(state->v32[1] >> 16) & 0xff] ^ U3[state->v32[2] >> 24]; 1824 ^ U2[(state->v32[1] >> 16) & 0xff] ^ U3[(state->v32[0] >> 24) & 0xff];
1792 #endif /* WORDS_BIGENDIAN */ 1825 #endif /* WORDS_BIGENDIAN */
1793 1826
1794 state->v32[0] = column0 ^ round_key->v32[0]; 1827 state->v32[0] = column0 ^ round_key->v32[0];
1795 state->v32[1] = column1 ^ round_key->v32[1]; 1828 state->v32[1] = column1 ^ round_key->v32[1];
1796 state->v32[2] = column2 ^ round_key->v32[2]; 1829 state->v32[2] = column2 ^ round_key->v32[2];
1797 state->v32[3] = column3 ^ round_key->v32[3]; 1830 state->v32[3] = column3 ^ round_key->v32[3];
1798 1831
1799 } 1832 }
1800 1833
1801 static INLINE void 1834 static inline void
1802 aes_final_round(v128_t *state, const v128_t *round_key) { 1835 aes_final_round(v128_t *state, const v128_t *round_key) {
1803 uint32_t tmp0, tmp1, tmp2, tmp3; 1836 uint32_t tmp0, tmp1, tmp2, tmp3;
1804 1837
1838 #ifdef WORDS_BIGENDIAN
1805 tmp0 = (T4[(state->v32[0] >> 24)] & 0xff000000) 1839 tmp0 = (T4[(state->v32[0] >> 24)] & 0xff000000)
1806 ^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) 1840 ^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000)
1807 ^ (T4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00) 1841 ^ (T4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00)
1808 ^ (T4[(state->v32[3] ) & 0xff] & 0x000000ff) 1842 ^ (T4[(state->v32[3] ) & 0xff] & 0x000000ff)
1809 ^ round_key->v32[0]; 1843 ^ round_key->v32[0];
1810 1844
1811 tmp1 = (T4[(state->v32[1] >> 24)] & 0xff000000) 1845 tmp1 = (T4[(state->v32[1] >> 24)] & 0xff000000)
1812 ^ (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) 1846 ^ (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000)
1813 ^ (T4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00) 1847 ^ (T4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00)
1814 ^ (T4[(state->v32[0] ) & 0xff] & 0x000000ff) 1848 ^ (T4[(state->v32[0] ) & 0xff] & 0x000000ff)
1815 ^ round_key->v32[1]; 1849 ^ round_key->v32[1];
1816 1850
1817 tmp2 = (T4[(state->v32[2] >> 24)] & 0xff000000) 1851 tmp2 = (T4[(state->v32[2] >> 24)] & 0xff000000)
1818 ^ (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) 1852 ^ (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000)
1819 ^ (T4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00) 1853 ^ (T4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00)
1820 ^ (T4[(state->v32[1] ) & 0xff] & 0x000000ff) 1854 ^ (T4[(state->v32[1] ) & 0xff] & 0x000000ff)
1821 ^ round_key->v32[2]; 1855 ^ round_key->v32[2];
1822 1856
1823 tmp3 = (T4[(state->v32[3] >> 24)] & 0xff000000) 1857 tmp3 = (T4[(state->v32[3] >> 24)] & 0xff000000)
1824 ^ (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) 1858 ^ (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000)
1825 ^ (T4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00) 1859 ^ (T4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00)
1826 ^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff) 1860 ^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff)
1827 ^ round_key->v32[3]; 1861 ^ round_key->v32[3];
1862 #else
1863 tmp0 = (T4[(state->v32[3] >> 24)] & 0xff000000)
1864 ^ (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000)
1865 ^ (T4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00)
1866 ^ (T4[(state->v32[0] ) & 0xff] & 0x000000ff)
1867 ^ round_key->v32[0];
1868
1869 tmp1 = (T4[(state->v32[0] >> 24)] & 0xff000000)
1870 ^ (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000)
1871 ^ (T4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00)
1872 ^ (T4[(state->v32[1] ) & 0xff] & 0x000000ff)
1873 ^ round_key->v32[1];
1874
1875 tmp2 = (T4[(state->v32[1] >> 24)] & 0xff000000)
1876 ^ (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000)
1877 ^ (T4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00)
1878 ^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff)
1879 ^ round_key->v32[2];
1880
1881 tmp3 = (T4[(state->v32[2] >> 24)] & 0xff000000)
1882 ^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000)
1883 ^ (T4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00)
1884 ^ (T4[(state->v32[3] ) & 0xff] & 0x000000ff)
1885 ^ round_key->v32[3];
1886 #endif /* WORDS_BIGENDIAN */
1828 1887
1829 state->v32[0] = tmp0; 1888 state->v32[0] = tmp0;
1830 state->v32[1] = tmp1; 1889 state->v32[1] = tmp1;
1831 state->v32[2] = tmp2; 1890 state->v32[2] = tmp2;
1832 state->v32[3] = tmp3; 1891 state->v32[3] = tmp3;
1833 1892
1834 } 1893 }
1835 1894
1836 static INLINE void 1895 static inline void
1837 aes_inv_final_round(v128_t *state, const v128_t *round_key) { 1896 aes_inv_final_round(v128_t *state, const v128_t *round_key) {
1838 uint32_t tmp0, tmp1, tmp2, tmp3; 1897 uint32_t tmp0, tmp1, tmp2, tmp3;
1839 1898
1899 #ifdef WORDS_BIGENDIAN
1840 tmp0 = (U4[(state->v32[0] >> 24)] & 0xff000000) 1900 tmp0 = (U4[(state->v32[0] >> 24)] & 0xff000000)
1841 ^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) 1901 ^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000)
1842 ^ (U4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00) 1902 ^ (U4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00)
1843 ^ (U4[(state->v32[1] ) & 0xff] & 0x000000ff) 1903 ^ (U4[(state->v32[1] ) & 0xff] & 0x000000ff)
1844 ^ round_key->v32[0]; 1904 ^ round_key->v32[0];
1845 1905
1846 tmp1 = (U4[(state->v32[1] >> 24)] & 0xff000000) 1906 tmp1 = (U4[(state->v32[1] >> 24)] & 0xff000000)
1847 ^ (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) 1907 ^ (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000)
1848 ^ (U4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00) 1908 ^ (U4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00)
1849 ^ (U4[(state->v32[2] ) & 0xff] & 0x000000ff) 1909 ^ (U4[(state->v32[2] ) & 0xff] & 0x000000ff)
1850 ^ round_key->v32[1]; 1910 ^ round_key->v32[1];
1851 1911
1852 tmp2 = (U4[(state->v32[2] >> 24)] & 0xff000000) 1912 tmp2 = (U4[(state->v32[2] >> 24)] & 0xff000000)
1853 ^ (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) 1913 ^ (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000)
1854 ^ (U4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00) 1914 ^ (U4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00)
1855 ^ (U4[(state->v32[3] ) & 0xff] & 0x000000ff) 1915 ^ (U4[(state->v32[3] ) & 0xff] & 0x000000ff)
1856 ^ round_key->v32[2]; 1916 ^ round_key->v32[2];
1857 1917
1858 tmp3 = (U4[(state->v32[3] >> 24)] & 0xff000000) 1918 tmp3 = (U4[(state->v32[3] >> 24)] & 0xff000000)
1859 ^ (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) 1919 ^ (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000)
1860 ^ (U4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00) 1920 ^ (U4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00)
1861 ^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff) 1921 ^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff)
1862 ^ round_key->v32[3]; 1922 ^ round_key->v32[3];
1923 #else
1924 tmp0 = (U4[(state->v32[1] >> 24)] & 0xff000000)
1925 ^ (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000)
1926 ^ (U4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00)
1927 ^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff)
1928 ^ round_key->v32[0];
1929
1930 tmp1 = (U4[(state->v32[2] >> 24)] & 0xff000000)
1931 ^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000)
1932 ^ (U4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00)
1933 ^ (U4[(state->v32[1] ) & 0xff] & 0x000000ff)
1934 ^ round_key->v32[1];
1935
1936 tmp2 = (U4[(state->v32[3] >> 24)] & 0xff000000)
1937 ^ (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000)
1938 ^ (U4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00)
1939 ^ (U4[(state->v32[2] ) & 0xff] & 0x000000ff)
1940 ^ round_key->v32[2];
1941
1942 tmp3 = (U4[(state->v32[0] >> 24)] & 0xff000000)
1943 ^ (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000)
1944 ^ (U4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00)
1945 ^ (U4[(state->v32[3] ) & 0xff] & 0x000000ff)
1946 ^ round_key->v32[3];
1947 #endif /* WORDS_BIGENDIAN */
1863 1948
1864 state->v32[0] = tmp0; 1949 state->v32[0] = tmp0;
1865 state->v32[1] = tmp1; 1950 state->v32[1] = tmp1;
1866 state->v32[2] = tmp2; 1951 state->v32[2] = tmp2;
1867 state->v32[3] = tmp3; 1952 state->v32[3] = tmp3;
1868 1953
1869 } 1954 }
1870 1955
1871 #elif CPU_16 /* assume 16-bit word size on processor */ 1956 #elif CPU_16 /* assume 16-bit word size on processor */
1872 1957
1873 static INLINE void 1958 static inline void
1874 aes_round(v128_t *state, const v128_t *round_key) { 1959 aes_round(v128_t *state, const v128_t *round_key) {
1875 uint32_t column0, column1, column2, column3; 1960 uint32_t column0, column1, column2, column3;
1876 uint16_t c 1961 uint16_t c
1877 /* compute the columns of the output square in terms of the octets 1962 /* compute the columns of the output square in terms of the octets
1878 of state, using the tables T0, T1, T2, T3 */ 1963 of state, using the tables T0, T1, T2, T3 */
1879 1964
1880 column0 = T0[state->v8[0]] ^ T1[state->v8[5]] 1965 column0 = T0[state->v8[0]] ^ T1[state->v8[5]]
1881 ^ T2[state->v8[10]] ^ T3[state->v8[15]]; 1966 ^ T2[state->v8[10]] ^ T3[state->v8[15]];
1882 1967
1883 column1 = T0[state->v8[4]] ^ T1[state->v8[9]] 1968 column1 = T0[state->v8[4]] ^ T1[state->v8[9]]
1884 ^ T2[state->v8[14]] ^ T3[state->v8[3]]; 1969 ^ T2[state->v8[14]] ^ T3[state->v8[3]];
1885 1970
1886 column2 = T0[state->v8[8]] ^ T1[state->v8[13]] 1971 column2 = T0[state->v8[8]] ^ T1[state->v8[13]]
1887 ^ T2[state->v8[2]] ^ T3[state->v8[7]]; 1972 ^ T2[state->v8[2]] ^ T3[state->v8[7]];
1888 1973
1889 column3 = T0[state->v8[12]] ^ T1[state->v8[1]] 1974 column3 = T0[state->v8[12]] ^ T1[state->v8[1]]
1890 ^ T2[state->v8[6]] ^ T3[state->v8[11]]; 1975 ^ T2[state->v8[6]] ^ T3[state->v8[11]];
1891 1976
1892 state->v32[0] = column0 ^ round_key->v32[0]; 1977 state->v32[0] = column0 ^ round_key->v32[0];
1893 state->v32[1] = column1 ^ round_key->v32[1]; 1978 state->v32[1] = column1 ^ round_key->v32[1];
1894 state->v32[2] = column2 ^ round_key->v32[2]; 1979 state->v32[2] = column2 ^ round_key->v32[2];
1895 state->v32[3] = column3 ^ round_key->v32[3]; 1980 state->v32[3] = column3 ^ round_key->v32[3];
1896 1981
1897 } 1982 }
1898 1983
1899 1984
1900 static INLINE void 1985 static inline void
1901 aes_inv_round(v128_t *state, const v128_t *round_key) { 1986 aes_inv_round(v128_t *state, const v128_t *round_key) {
1902 uint32_t column0, column1, column2, column3; 1987 uint32_t column0, column1, column2, column3;
1903 1988
1904 /* compute the columns of the output square in terms of the octets 1989 /* compute the columns of the output square in terms of the octets
1905 of state, using the tables U0, U1, U2, U3 */ 1990 of state, using the tables U0, U1, U2, U3 */
1906 1991
1907 column0 = U0[state->v8[0]] ^ U1[state->v8[5]] 1992 column0 = U0[state->v8[0]] ^ U1[state->v8[5]]
1908 ^ U2[state->v8[10]] ^ U3[state->v8[15]]; 1993 ^ U2[state->v8[10]] ^ U3[state->v8[15]];
1909 1994
1910 column1 = U0[state->v8[4]] ^ U1[state->v8[9]] 1995 column1 = U0[state->v8[4]] ^ U1[state->v8[9]]
1911 ^ U2[state->v8[14]] ^ U3[state->v8[3]]; 1996 ^ U2[state->v8[14]] ^ U3[state->v8[3]];
1912 1997
1913 column2 = U0[state->v8[8]] ^ U1[state->v8[13]] 1998 column2 = U0[state->v8[8]] ^ U1[state->v8[13]]
1914 ^ U2[state->v8[2]] ^ U3[state->v8[7]]; 1999 ^ U2[state->v8[2]] ^ U3[state->v8[7]];
1915 2000
1916 column3 = U0[state->v8[12]] ^ U1[state->v8[1]] 2001 column3 = U0[state->v8[12]] ^ U1[state->v8[1]]
1917 ^ U2[state->v8[6]] ^ U3[state->v8[11]]; 2002 ^ U2[state->v8[6]] ^ U3[state->v8[11]];
1918 2003
1919 state->v32[0] = column0 ^ round_key->v32[0]; 2004 state->v32[0] = column0 ^ round_key->v32[0];
1920 state->v32[1] = column1 ^ round_key->v32[1]; 2005 state->v32[1] = column1 ^ round_key->v32[1];
1921 state->v32[2] = column2 ^ round_key->v32[2]; 2006 state->v32[2] = column2 ^ round_key->v32[2];
1922 state->v32[3] = column3 ^ round_key->v32[3]; 2007 state->v32[3] = column3 ^ round_key->v32[3];
1923 2008
1924 } 2009 }
1925 2010
1926 static INLINE void 2011 static inline void
1927 aes_final_round(v128_t *state, const v128_t *round_key) { 2012 aes_final_round(v128_t *state, const v128_t *round_key) {
1928 uint8_t tmp; 2013 uint8_t tmp;
1929 2014
1930 /* byte substitutions and row shifts */ 2015 /* byte substitutions and row shifts */
1931 /* first row - no shift */ 2016 /* first row - no shift */
1932 state->v8[0] = aes_sbox[state->v8[0]]; 2017 state->v8[0] = aes_sbox[state->v8[0]];
1933 state->v8[4] = aes_sbox[state->v8[4]]; 2018 state->v8[4] = aes_sbox[state->v8[4]];
1934 state->v8[8] = aes_sbox[state->v8[8]]; 2019 state->v8[8] = aes_sbox[state->v8[8]];
1935 state->v8[12] = aes_sbox[state->v8[12]]; 2020 state->v8[12] = aes_sbox[state->v8[12]];
1936 2021
(...skipping 15 matching lines...) Expand all
1952 /* fourth row - shift three left */ 2037 /* fourth row - shift three left */
1953 tmp = aes_sbox[state->v8[15]]; 2038 tmp = aes_sbox[state->v8[15]];
1954 state->v8[15] = aes_sbox[state->v8[11]]; 2039 state->v8[15] = aes_sbox[state->v8[11]];
1955 state->v8[11] = aes_sbox[state->v8[7]]; 2040 state->v8[11] = aes_sbox[state->v8[7]];
1956 state->v8[7] = aes_sbox[state->v8[3]]; 2041 state->v8[7] = aes_sbox[state->v8[3]];
1957 state->v8[3] = tmp; 2042 state->v8[3] = tmp;
1958 2043
1959 v128_xor_eq(state, round_key); 2044 v128_xor_eq(state, round_key);
1960 } 2045 }
1961 2046
1962 static INLINE void 2047 static inline void
1963 aes_inv_final_round(v128_t *state, const v128_t *round_key) { 2048 aes_inv_final_round(v128_t *state, const v128_t *round_key) {
1964 uint8_t tmp; 2049 uint8_t tmp;
1965 2050
1966 /* byte substitutions and row shifts */ 2051 /* byte substitutions and row shifts */
1967 /* first row - no shift */ 2052 /* first row - no shift */
1968 state->v8[0] = aes_inv_sbox[state->v8[0]]; 2053 state->v8[0] = aes_inv_sbox[state->v8[0]];
1969 state->v8[4] = aes_inv_sbox[state->v8[4]]; 2054 state->v8[4] = aes_inv_sbox[state->v8[4]];
1970 state->v8[8] = aes_inv_sbox[state->v8[8]]; 2055 state->v8[8] = aes_inv_sbox[state->v8[8]];
1971 state->v8[12] = aes_inv_sbox[state->v8[12]]; 2056 state->v8[12] = aes_inv_sbox[state->v8[12]];
1972 2057
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after
2056 aes_inv_final_round(plaintext, &exp_key->round[12]); 2141 aes_inv_final_round(plaintext, &exp_key->round[12]);
2057 } 2142 }
2058 else if (exp_key->num_rounds == 14) { 2143 else if (exp_key->num_rounds == 14) {
2059 aes_inv_round(plaintext, &exp_key->round[10]); 2144 aes_inv_round(plaintext, &exp_key->round[10]);
2060 aes_inv_round(plaintext, &exp_key->round[11]); 2145 aes_inv_round(plaintext, &exp_key->round[11]);
2061 aes_inv_round(plaintext, &exp_key->round[12]); 2146 aes_inv_round(plaintext, &exp_key->round[12]);
2062 aes_inv_round(plaintext, &exp_key->round[13]); 2147 aes_inv_round(plaintext, &exp_key->round[13]);
2063 aes_inv_final_round(plaintext, &exp_key->round[14]); 2148 aes_inv_final_round(plaintext, &exp_key->round[14]);
2064 } 2149 }
2065 } 2150 }
OLDNEW
« no previous file with comments | « srtp/crypto/ae_xfm/xfm.c ('k') | srtp/crypto/cipher/aes_cbc.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698