00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035 #ifndef HOST_VERSION
00036 #define USE_PGMMEM
00037 #endif
00038
00039 #ifndef AES_DEBUG
00040 # ifndef NDEBUG
00041 # define NDEBUG
00042 # endif
00043 #endif
00044 #include <assert.h>
00045
00046 #include <aversive.h>
00047 #include "aes_locl.h"
00048 #include "aes.h"
00049 #include "aes_locl.h"
00050 #include <aversive/pgmspace.h>
00051
00052
00053
00054
00055
00056
00057
00058
00059
00060
00061
00062
00063
00064
00065
00066
00067 #define ROR_U32_1(a) ( (((a)&0xff)<<24) ^ ((((a)>>8)&0xff)<<0) ^ ((((a)>>16)&0xff)<<8) ^ (((a)>>24)<<16) )
00068 #define ROR_U32_2(a) ( (((a)&0xff)<<16) ^ ((((a)>>8)&0xff)<<24) ^ ((((a)>>16)&0xff)<<0) ^ (((a)>>24)<<8) )
00069 #define ROR_U32_3(a) ( (((a)&0xff)<<8) ^ ((((a)>>8)&0xff)<<16) ^ ((((a)>>16)&0xff)<<24)^ (((a)>>24)<<0) )
00070
00071
00072 #ifdef USE_PGMMEM
00073 prog_uint32_t Te0_[256] = {
00074 #else
00075 static const uint32_t Te0_[256] = {
00076 #endif
00077 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
00078 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
00079 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
00080 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
00081 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
00082 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
00083 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
00084 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
00085 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
00086 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
00087 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
00088 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
00089 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
00090 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
00091 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
00092 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
00093 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
00094 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
00095 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
00096 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
00097 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
00098 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
00099 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
00100 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
00101 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
00102 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
00103 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
00104 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
00105 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
00106 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
00107 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
00108 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
00109 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
00110 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
00111 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
00112 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
00113 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
00114 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
00115 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
00116 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
00117 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
00118 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
00119 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
00120 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
00121 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
00122 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
00123 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
00124 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
00125 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
00126 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
00127 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
00128 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
00129 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
00130 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
00131 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
00132 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
00133 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
00134 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
00135 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
00136 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
00137 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
00138 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
00139 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
00140 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
00141 };
00142
00143 #ifdef USE_PGMMEM
00144 static inline uint32_t Te0(int i)
00145 {
00146 uint32_t tmp;
00147 memcpy_P(&tmp, Te0_+i, sizeof(uint32_t));
00148 return tmp;
00149 }
00150 #else
00151 #define Te0(x) Te0_[x]
00152 #endif
00153
00154 #ifdef USE_PGMMEM
00155 prog_uint8_t Te4_[256] = {
00156 #else
00157 static const u8 Te4_[256] = {
00158 #endif
00159 0x63U, 0x7cU, 0x77U, 0x7bU,
00160 0xf2U, 0x6bU, 0x6fU, 0xc5U,
00161 0x30U, 0x01U, 0x67U, 0x2bU,
00162 0xfeU, 0xd7U, 0xabU, 0x76U,
00163 0xcaU, 0x82U, 0xc9U, 0x7dU,
00164 0xfaU, 0x59U, 0x47U, 0xf0U,
00165 0xadU, 0xd4U, 0xa2U, 0xafU,
00166 0x9cU, 0xa4U, 0x72U, 0xc0U,
00167 0xb7U, 0xfdU, 0x93U, 0x26U,
00168 0x36U, 0x3fU, 0xf7U, 0xccU,
00169 0x34U, 0xa5U, 0xe5U, 0xf1U,
00170 0x71U, 0xd8U, 0x31U, 0x15U,
00171 0x04U, 0xc7U, 0x23U, 0xc3U,
00172 0x18U, 0x96U, 0x05U, 0x9aU,
00173 0x07U, 0x12U, 0x80U, 0xe2U,
00174 0xebU, 0x27U, 0xb2U, 0x75U,
00175 0x09U, 0x83U, 0x2cU, 0x1aU,
00176 0x1bU, 0x6eU, 0x5aU, 0xa0U,
00177 0x52U, 0x3bU, 0xd6U, 0xb3U,
00178 0x29U, 0xe3U, 0x2fU, 0x84U,
00179 0x53U, 0xd1U, 0x00U, 0xedU,
00180 0x20U, 0xfcU, 0xb1U, 0x5bU,
00181 0x6aU, 0xcbU, 0xbeU, 0x39U,
00182 0x4aU, 0x4cU, 0x58U, 0xcfU,
00183 0xd0U, 0xefU, 0xaaU, 0xfbU,
00184 0x43U, 0x4dU, 0x33U, 0x85U,
00185 0x45U, 0xf9U, 0x02U, 0x7fU,
00186 0x50U, 0x3cU, 0x9fU, 0xa8U,
00187 0x51U, 0xa3U, 0x40U, 0x8fU,
00188 0x92U, 0x9dU, 0x38U, 0xf5U,
00189 0xbcU, 0xb6U, 0xdaU, 0x21U,
00190 0x10U, 0xffU, 0xf3U, 0xd2U,
00191 0xcdU, 0x0cU, 0x13U, 0xecU,
00192 0x5fU, 0x97U, 0x44U, 0x17U,
00193 0xc4U, 0xa7U, 0x7eU, 0x3dU,
00194 0x64U, 0x5dU, 0x19U, 0x73U,
00195 0x60U, 0x81U, 0x4fU, 0xdcU,
00196 0x22U, 0x2aU, 0x90U, 0x88U,
00197 0x46U, 0xeeU, 0xb8U, 0x14U,
00198 0xdeU, 0x5eU, 0x0bU, 0xdbU,
00199 0xe0U, 0x32U, 0x3aU, 0x0aU,
00200 0x49U, 0x06U, 0x24U, 0x5cU,
00201 0xc2U, 0xd3U, 0xacU, 0x62U,
00202 0x91U, 0x95U, 0xe4U, 0x79U,
00203 0xe7U, 0xc8U, 0x37U, 0x6dU,
00204 0x8dU, 0xd5U, 0x4eU, 0xa9U,
00205 0x6cU, 0x56U, 0xf4U, 0xeaU,
00206 0x65U, 0x7aU, 0xaeU, 0x08U,
00207 0xbaU, 0x78U, 0x25U, 0x2eU,
00208 0x1cU, 0xa6U, 0xb4U, 0xc6U,
00209 0xe8U, 0xddU, 0x74U, 0x1fU,
00210 0x4bU, 0xbdU, 0x8bU, 0x8aU,
00211 0x70U, 0x3eU, 0xb5U, 0x66U,
00212 0x48U, 0x03U, 0xf6U, 0x0eU,
00213 0x61U, 0x35U, 0x57U, 0xb9U,
00214 0x86U, 0xc1U, 0x1dU, 0x9eU,
00215 0xe1U, 0xf8U, 0x98U, 0x11U,
00216 0x69U, 0xd9U, 0x8eU, 0x94U,
00217 0x9bU, 0x1eU, 0x87U, 0xe9U,
00218 0xceU, 0x55U, 0x28U, 0xdfU,
00219 0x8cU, 0xa1U, 0x89U, 0x0dU,
00220 0xbfU, 0xe6U, 0x42U, 0x68U,
00221 0x41U, 0x99U, 0x2dU, 0x0fU,
00222 0xb0U, 0x54U, 0xbbU, 0x16U,
00223 };
00224 #ifdef USE_PGMMEM
00225 static inline u8 Te4(int i)
00226 {
00227 u8 tmp;
00228 memcpy_P(&tmp, Te4_+i, sizeof(u8));
00229 return tmp;
00230 }
00231 #else
00232 #define Te4(x) Te4_[x]
00233 #endif
00234
00235
00236 #ifdef USE_PGMMEM
00237 prog_uint32_t Td0_[256] = {
00238 #else
00239 static const uint32_t Td0_[256] = {
00240 #endif
00241 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
00242 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
00243 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
00244 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
00245 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
00246 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
00247 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
00248 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
00249 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
00250 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
00251 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
00252 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
00253 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
00254 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
00255 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
00256 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
00257 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
00258 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
00259 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
00260 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
00261 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
00262 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
00263 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
00264 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
00265 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
00266 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
00267 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
00268 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
00269 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
00270 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
00271 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
00272 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
00273 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
00274 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
00275 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
00276 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
00277 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
00278 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
00279 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
00280 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
00281 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
00282 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
00283 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
00284 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
00285 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
00286 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
00287 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
00288 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
00289 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
00290 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
00291 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
00292 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
00293 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
00294 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
00295 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
00296 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
00297 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
00298 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
00299 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
00300 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
00301 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
00302 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
00303 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
00304 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
00305 };
00306 #ifdef USE_PGMMEM
00307 static inline uint32_t Td0(int i)
00308 {
00309 uint32_t tmp;
00310 memcpy_P(&tmp, Td0_+i, sizeof(uint32_t));
00311 return tmp;
00312 }
00313 #else
00314 #define Td0(x) Td0_[x]
00315 #endif
00316
00317 #ifdef USE_PGMMEM
00318 prog_uint8_t Td4_[256] = {
00319 #else
00320 static const u8 Td4_[256] = {
00321 #endif
00322 0x52U, 0x09U, 0x6aU, 0xd5U,
00323 0x30U, 0x36U, 0xa5U, 0x38U,
00324 0xbfU, 0x40U, 0xa3U, 0x9eU,
00325 0x81U, 0xf3U, 0xd7U, 0xfbU,
00326 0x7cU, 0xe3U, 0x39U, 0x82U,
00327 0x9bU, 0x2fU, 0xffU, 0x87U,
00328 0x34U, 0x8eU, 0x43U, 0x44U,
00329 0xc4U, 0xdeU, 0xe9U, 0xcbU,
00330 0x54U, 0x7bU, 0x94U, 0x32U,
00331 0xa6U, 0xc2U, 0x23U, 0x3dU,
00332 0xeeU, 0x4cU, 0x95U, 0x0bU,
00333 0x42U, 0xfaU, 0xc3U, 0x4eU,
00334 0x08U, 0x2eU, 0xa1U, 0x66U,
00335 0x28U, 0xd9U, 0x24U, 0xb2U,
00336 0x76U, 0x5bU, 0xa2U, 0x49U,
00337 0x6dU, 0x8bU, 0xd1U, 0x25U,
00338 0x72U, 0xf8U, 0xf6U, 0x64U,
00339 0x86U, 0x68U, 0x98U, 0x16U,
00340 0xd4U, 0xa4U, 0x5cU, 0xccU,
00341 0x5dU, 0x65U, 0xb6U, 0x92U,
00342 0x6cU, 0x70U, 0x48U, 0x50U,
00343 0xfdU, 0xedU, 0xb9U, 0xdaU,
00344 0x5eU, 0x15U, 0x46U, 0x57U,
00345 0xa7U, 0x8dU, 0x9dU, 0x84U,
00346 0x90U, 0xd8U, 0xabU, 0x00U,
00347 0x8cU, 0xbcU, 0xd3U, 0x0aU,
00348 0xf7U, 0xe4U, 0x58U, 0x05U,
00349 0xb8U, 0xb3U, 0x45U, 0x06U,
00350 0xd0U, 0x2cU, 0x1eU, 0x8fU,
00351 0xcaU, 0x3fU, 0x0fU, 0x02U,
00352 0xc1U, 0xafU, 0xbdU, 0x03U,
00353 0x01U, 0x13U, 0x8aU, 0x6bU,
00354 0x3aU, 0x91U, 0x11U, 0x41U,
00355 0x4fU, 0x67U, 0xdcU, 0xeaU,
00356 0x97U, 0xf2U, 0xcfU, 0xceU,
00357 0xf0U, 0xb4U, 0xe6U, 0x73U,
00358 0x96U, 0xacU, 0x74U, 0x22U,
00359 0xe7U, 0xadU, 0x35U, 0x85U,
00360 0xe2U, 0xf9U, 0x37U, 0xe8U,
00361 0x1cU, 0x75U, 0xdfU, 0x6eU,
00362 0x47U, 0xf1U, 0x1aU, 0x71U,
00363 0x1dU, 0x29U, 0xc5U, 0x89U,
00364 0x6fU, 0xb7U, 0x62U, 0x0eU,
00365 0xaaU, 0x18U, 0xbeU, 0x1bU,
00366 0xfcU, 0x56U, 0x3eU, 0x4bU,
00367 0xc6U, 0xd2U, 0x79U, 0x20U,
00368 0x9aU, 0xdbU, 0xc0U, 0xfeU,
00369 0x78U, 0xcdU, 0x5aU, 0xf4U,
00370 0x1fU, 0xddU, 0xa8U, 0x33U,
00371 0x88U, 0x07U, 0xc7U, 0x31U,
00372 0xb1U, 0x12U, 0x10U, 0x59U,
00373 0x27U, 0x80U, 0xecU, 0x5fU,
00374 0x60U, 0x51U, 0x7fU, 0xa9U,
00375 0x19U, 0xb5U, 0x4aU, 0x0dU,
00376 0x2dU, 0xe5U, 0x7aU, 0x9fU,
00377 0x93U, 0xc9U, 0x9cU, 0xefU,
00378 0xa0U, 0xe0U, 0x3bU, 0x4dU,
00379 0xaeU, 0x2aU, 0xf5U, 0xb0U,
00380 0xc8U, 0xebU, 0xbbU, 0x3cU,
00381 0x83U, 0x53U, 0x99U, 0x61U,
00382 0x17U, 0x2bU, 0x04U, 0x7eU,
00383 0xbaU, 0x77U, 0xd6U, 0x26U,
00384 0xe1U, 0x69U, 0x14U, 0x63U,
00385 0x55U, 0x21U, 0x0cU, 0x7dU,
00386 };
00387 #ifdef USE_PGMMEM
00388 static inline u8 Td4(int i)
00389 {
00390 u8 tmp;
00391 memcpy_P(&tmp, Td4_+i, sizeof(u8));
00392 return tmp;
00393 }
00394 #else
00395 #define Td4(x) Td4_[x]
00396 #endif
00397
00398 static const uint32_t rcon[] = {
00399 0x01000000, 0x02000000, 0x04000000, 0x08000000,
00400 0x10000000, 0x20000000, 0x40000000, 0x80000000,
00401 0x1B000000, 0x36000000,
00402 };
00403
00407 int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
00408 AES_KEY *key) {
00409
00410 uint32_t *rk;
00411 int i = 0;
00412 uint32_t temp;
00413
00414 if (!userKey || !key)
00415 return -1;
00416 if (bits != 128 && bits != 192 && bits != 256)
00417 return -2;
00418
00419 rk = key->rd_key;
00420
00421 if (bits==128)
00422 key->rounds = 10;
00423 else if (bits==192)
00424 key->rounds = 12;
00425 else
00426 key->rounds = 14;
00427
00428 rk[0] = GETU32(userKey );
00429 rk[1] = GETU32(userKey + 4);
00430 rk[2] = GETU32(userKey + 8);
00431 rk[3] = GETU32(userKey + 12);
00432 if (bits == 128) {
00433 for (;;) {
00434 temp = rk[3];
00435 rk[4] = rk[0] ^
00436 ((uint32_t)Te4((temp >> 16) & 0xff) <<24) ^
00437 ((uint32_t)Te4((temp >> 8) & 0xff) <<16) ^
00438 ((uint32_t)Te4((temp ) & 0xff) <<8) ^
00439 ((uint32_t)Te4((temp >> 24) ) ) ^
00440 rcon[i];
00441 rk[5] = rk[1] ^ rk[4];
00442 rk[6] = rk[2] ^ rk[5];
00443 rk[7] = rk[3] ^ rk[6];
00444 if (++i == 10) {
00445 return 0;
00446 }
00447 rk += 4;
00448 }
00449 }
00450 rk[4] = GETU32(userKey + 16);
00451 rk[5] = GETU32(userKey + 20);
00452 if (bits == 192) {
00453 for (;;) {
00454 temp = rk[ 5];
00455 rk[ 6] = rk[ 0] ^
00456 ((uint32_t)Te4((temp >> 16) & 0xff) <<24) ^
00457 ((uint32_t)Te4((temp >> 8) & 0xff) <<16) ^
00458 ((uint32_t)Te4((temp ) & 0xff) <<8) ^
00459 ((uint32_t)Te4((temp >> 24) ) ) ^
00460 rcon[i];
00461 rk[ 7] = rk[ 1] ^ rk[ 6];
00462 rk[ 8] = rk[ 2] ^ rk[ 7];
00463 rk[ 9] = rk[ 3] ^ rk[ 8];
00464 if (++i == 8) {
00465 return 0;
00466 }
00467 rk[10] = rk[ 4] ^ rk[ 9];
00468 rk[11] = rk[ 5] ^ rk[10];
00469 rk += 6;
00470 }
00471 }
00472 rk[6] = GETU32(userKey + 24);
00473 rk[7] = GETU32(userKey + 28);
00474 if (bits == 256) {
00475 for (;;) {
00476 temp = rk[ 7];
00477 rk[ 8] = rk[ 0] ^
00478 ((uint32_t)Te4((temp >> 16) & 0xff) <<24) ^
00479 ((uint32_t)Te4((temp >> 8) & 0xff) <<16) ^
00480 ((uint32_t)Te4((temp ) & 0xff) <<8) ^
00481 ((uint32_t)Te4((temp >> 24) ) ) ^
00482 rcon[i];
00483 rk[ 9] = rk[ 1] ^ rk[ 8];
00484 rk[10] = rk[ 2] ^ rk[ 9];
00485 rk[11] = rk[ 3] ^ rk[10];
00486 if (++i == 7) {
00487 return 0;
00488 }
00489 temp = rk[11];
00490 rk[12] = rk[ 4] ^
00491 ((uint32_t)Te4((temp >> 24) ) <<24) ^
00492 ((uint32_t)Te4((temp >> 16) & 0xff) <<16) ^
00493 ((uint32_t)Te4((temp >> 8) & 0xff) <<8) ^
00494 ((uint32_t)Te4((temp ) & 0xff) );
00495 rk[13] = rk[ 5] ^ rk[12];
00496 rk[14] = rk[ 6] ^ rk[13];
00497 rk[15] = rk[ 7] ^ rk[14];
00498
00499 rk += 8;
00500 }
00501 }
00502 return 0;
00503 }
00504
00508 int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
00509 AES_KEY *key) {
00510
00511 uint32_t *rk;
00512 int i, j, status;
00513 uint32_t temp;
00514
00515
00516 status = AES_set_encrypt_key(userKey, bits, key);
00517 if (status < 0)
00518 return status;
00519
00520 rk = key->rd_key;
00521
00522
00523 for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
00524 temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;
00525 temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
00526 temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
00527 temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
00528 }
00529
00530 for (i = 1; i < (key->rounds); i++) {
00531 rk += 4;
00532 rk[0] =
00533 Td0(Te4((rk[0] >> 24) ) ) ^
00534 ROR_U32_1(Td0(Te4((rk[0] >> 16) & 0xff) )) ^
00535 ROR_U32_2(Td0(Te4((rk[0] >> 8) & 0xff) )) ^
00536 ROR_U32_3(Td0(Te4((rk[0] ) & 0xff) ));
00537 rk[1] =
00538 Td0(Te4((rk[1] >> 24) ) ) ^
00539 ROR_U32_1(Td0(Te4((rk[1] >> 16) & 0xff) )) ^
00540 ROR_U32_2(Td0(Te4((rk[1] >> 8) & 0xff) )) ^
00541 ROR_U32_3(Td0(Te4((rk[1] ) & 0xff) ));
00542 rk[2] =
00543 Td0(Te4((rk[2] >> 24) ) ) ^
00544 ROR_U32_1(Td0(Te4((rk[2] >> 16) & 0xff) )) ^
00545 ROR_U32_2(Td0(Te4((rk[2] >> 8) & 0xff) )) ^
00546 ROR_U32_3(Td0(Te4((rk[2] ) & 0xff) ));
00547 rk[3] =
00548 Td0(Te4((rk[3] >> 24) ) ) ^
00549 ROR_U32_1(Td0(Te4((rk[3] >> 16) & 0xff) )) ^
00550 ROR_U32_2(Td0(Te4((rk[3] >> 8) & 0xff) )) ^
00551 ROR_U32_3(Td0(Te4((rk[3] ) & 0xff) ));
00552 }
00553 return 0;
00554 }
00555
00556
00557
00558
00559
00560 void AES_encrypt(const unsigned char *in, unsigned char *out,
00561 const AES_KEY *key) {
00562 const uint32_t *rk;
00563 uint32_t s0, s1, s2, s3, t0, t1, t2, t3;
00564 #ifndef FULL_UNROLL
00565 int r;
00566 #endif
00567
00568 assert(in && out && key);
00569 rk = key->rd_key;
00570
00571
00572
00573
00574
00575 s0 = GETU32(in ) ^ rk[0];
00576 s1 = GETU32(in + 4) ^ rk[1];
00577 s2 = GETU32(in + 8) ^ rk[2];
00578 s3 = GETU32(in + 12) ^ rk[3];
00579
00580
00581
00582 r = key->rounds >> 1;
00583 for (;;) {
00584 t0 =
00585 Te0((s0 >> 24) ) ^
00586 ROR_U32_1(Te0((s1 >> 16) & 0xff)) ^
00587 ROR_U32_2(Te0((s2 >> 8) & 0xff)) ^
00588 ROR_U32_3(Te0((s3 ) & 0xff)) ^
00589 rk[4];
00590 t1 =
00591 Te0((s1 >> 24) ) ^
00592 ROR_U32_1(Te0((s2 >> 16) & 0xff)) ^
00593 ROR_U32_2(Te0((s3 >> 8) & 0xff)) ^
00594 ROR_U32_3(Te0((s0 ) & 0xff)) ^
00595 rk[5];
00596 t2 =
00597 Te0((s2 >> 24) ) ^
00598 ROR_U32_1(Te0((s3 >> 16) & 0xff)) ^
00599 ROR_U32_2(Te0((s0 >> 8) & 0xff)) ^
00600 ROR_U32_3(Te0((s1 ) & 0xff)) ^
00601 rk[6];
00602 t3 =
00603 Te0((s3 >> 24) ) ^
00604 ROR_U32_1(Te0((s0 >> 16) & 0xff)) ^
00605 ROR_U32_2(Te0((s1 >> 8) & 0xff)) ^
00606 ROR_U32_3(Te0((s2 ) & 0xff)) ^
00607 rk[7];
00608
00609 rk += 8;
00610 if (--r == 0) {
00611 break;
00612 }
00613
00614 s0 =
00615 Te0((t0 >> 24) ) ^
00616 ROR_U32_1(Te0((t1 >> 16) & 0xff)) ^
00617 ROR_U32_2(Te0((t2 >> 8) & 0xff)) ^
00618 ROR_U32_3(Te0((t3 ) & 0xff)) ^
00619 rk[0];
00620 s1 =
00621 Te0((t1 >> 24) ) ^
00622 ROR_U32_1(Te0((t2 >> 16) & 0xff)) ^
00623 ROR_U32_2(Te0((t3 >> 8) & 0xff)) ^
00624 ROR_U32_3(Te0((t0 ) & 0xff)) ^
00625 rk[1];
00626 s2 =
00627 Te0((t2 >> 24) ) ^
00628 ROR_U32_1(Te0((t3 >> 16) & 0xff)) ^
00629 ROR_U32_2(Te0((t0 >> 8) & 0xff)) ^
00630 ROR_U32_3(Te0((t1 ) & 0xff)) ^
00631 rk[2];
00632 s3 =
00633 Te0((t3 >> 24) ) ^
00634 ROR_U32_1(Te0((t0 >> 16) & 0xff)) ^
00635 ROR_U32_2(Te0((t1 >> 8) & 0xff)) ^
00636 ROR_U32_3(Te0((t2 ) & 0xff)) ^
00637 rk[3];
00638 }
00639
00640
00641
00642
00643 s0 =
00644 ((uint32_t)Te4((t0 >> 24) ) <<24) ^
00645 ((uint32_t)Te4((t1 >> 16) & 0xff) <<16) ^
00646 ((uint32_t)Te4((t2 >> 8) & 0xff) <<8) ^
00647 ((uint32_t)Te4((t3 ) & 0xff) ) ^
00648 rk[0];
00649 PUTU32(out , s0);
00650 s1 =
00651 ((uint32_t)Te4((t1 >> 24) ) <<24) ^
00652 ((uint32_t)Te4((t2 >> 16) & 0xff) <<16) ^
00653 ((uint32_t)Te4((t3 >> 8) & 0xff) <<8) ^
00654 ((uint32_t)Te4((t0 ) & 0xff) ) ^
00655 rk[1];
00656 PUTU32(out + 4, s1);
00657 s2 =
00658 ((uint32_t)Te4((t2 >> 24) ) <<24) ^
00659 ((uint32_t)Te4((t3 >> 16) & 0xff) <<16) ^
00660 ((uint32_t)Te4((t0 >> 8) & 0xff) <<8) ^
00661 ((uint32_t)Te4((t1 ) & 0xff) ) ^
00662 rk[2];
00663 PUTU32(out + 8, s2);
00664 s3 =
00665 ((uint32_t)Te4((t3 >> 24) ) <<24) ^
00666 ((uint32_t)Te4((t0 >> 16) & 0xff) <<16) ^
00667 ((uint32_t)Te4((t1 >> 8) & 0xff) <<8) ^
00668 ((uint32_t)Te4((t2 ) & 0xff) ) ^
00669 rk[3];
00670 PUTU32(out + 12, s3);
00671 }
00672
00673
00674
00675
00676
00677 void AES_decrypt(const unsigned char *in, unsigned char *out,
00678 const AES_KEY *key) {
00679
00680 const uint32_t *rk;
00681 uint32_t s0, s1, s2, s3, t0, t1, t2, t3;
00682 #ifndef FULL_UNROLL
00683 int r;
00684 #endif
00685
00686 assert(in && out && key);
00687 rk = key->rd_key;
00688
00689
00690
00691
00692
00693 s0 = GETU32(in ) ^ rk[0];
00694 s1 = GETU32(in + 4) ^ rk[1];
00695 s2 = GETU32(in + 8) ^ rk[2];
00696 s3 = GETU32(in + 12) ^ rk[3];
00697
00698
00699
00700 r = key->rounds >> 1;
00701 for (;;) {
00702 t0 =
00703 Td0((s0 >> 24) ) ^
00704 ROR_U32_1(Td0((s3 >> 16) & 0xff)) ^
00705 ROR_U32_2(Td0((s2 >> 8) & 0xff)) ^
00706 ROR_U32_3(Td0((s1 ) & 0xff)) ^
00707 rk[4];
00708 t1 =
00709 Td0((s1 >> 24) ) ^
00710 ROR_U32_1(Td0((s0 >> 16) & 0xff)) ^
00711 ROR_U32_2(Td0((s3 >> 8) & 0xff)) ^
00712 ROR_U32_3(Td0((s2 ) & 0xff)) ^
00713 rk[5];
00714 t2 =
00715 Td0((s2 >> 24) ) ^
00716 ROR_U32_1(Td0((s1 >> 16) & 0xff)) ^
00717 ROR_U32_2(Td0((s0 >> 8) & 0xff)) ^
00718 ROR_U32_3(Td0((s3 ) & 0xff)) ^
00719 rk[6];
00720 t3 =
00721 Td0((s3 >> 24) ) ^
00722 ROR_U32_1(Td0((s2 >> 16) & 0xff)) ^
00723 ROR_U32_2(Td0((s1 >> 8) & 0xff)) ^
00724 ROR_U32_3(Td0((s0 ) & 0xff)) ^
00725 rk[7];
00726
00727 rk += 8;
00728 if (--r == 0) {
00729 break;
00730 }
00731
00732 s0 =
00733 Td0((t0 >> 24) ) ^
00734 ROR_U32_1(Td0((t3 >> 16) & 0xff)) ^
00735 ROR_U32_2(Td0((t2 >> 8) & 0xff)) ^
00736 ROR_U32_3(Td0((t1 ) & 0xff)) ^
00737 rk[0];
00738 s1 =
00739 Td0((t1 >> 24) ) ^
00740 ROR_U32_1(Td0((t0 >> 16) & 0xff)) ^
00741 ROR_U32_2(Td0((t3 >> 8) & 0xff)) ^
00742 ROR_U32_3(Td0((t2 ) & 0xff)) ^
00743 rk[1];
00744 s2 =
00745 Td0((t2 >> 24) ) ^
00746 ROR_U32_1(Td0((t1 >> 16) & 0xff)) ^
00747 ROR_U32_2(Td0((t0 >> 8) & 0xff)) ^
00748 ROR_U32_3(Td0((t3 ) & 0xff)) ^
00749 rk[2];
00750 s3 =
00751 Td0((t3 >> 24) ) ^
00752 ROR_U32_1(Td0((t2 >> 16) & 0xff)) ^
00753 ROR_U32_2(Td0((t1 >> 8) & 0xff)) ^
00754 ROR_U32_3(Td0((t0 ) & 0xff)) ^
00755 rk[3];
00756 }
00757
00758
00759
00760
00761 s0 =
00762 ((uint32_t)Td4((t0 >> 24) ) <<24) ^
00763 ((uint32_t)Td4((t3 >> 16) & 0xff) <<16) ^
00764 ((uint32_t)Td4((t2 >> 8) & 0xff) <<8) ^
00765 ((uint32_t)Td4((t1 ) & 0xff) ) ^
00766 rk[0];
00767 PUTU32(out , s0);
00768 s1 =
00769 ((uint32_t)Td4((t1 >> 24) ) <<24) ^
00770 ((uint32_t)Td4((t0 >> 16) & 0xff) <<16) ^
00771 ((uint32_t)Td4((t3 >> 8) & 0xff) <<8) ^
00772 ((uint32_t)Td4((t2 ) & 0xff) ) ^
00773 rk[1];
00774 PUTU32(out + 4, s1);
00775 s2 =
00776 ((uint32_t)Td4((t2 >> 24) ) <<24) ^
00777 ((uint32_t)Td4((t1 >> 16) & 0xff) <<16) ^
00778 ((uint32_t)Td4((t0 >> 8) & 0xff) <<8) ^
00779 ((uint32_t)Td4((t3 ) & 0xff) ) ^
00780 rk[2];
00781 PUTU32(out + 8, s2);
00782 s3 =
00783 ((uint32_t)Td4((t3 >> 24) ) <<24) ^
00784 ((uint32_t)Td4((t2 >> 16) & 0xff) <<16) ^
00785 ((uint32_t)Td4((t1 >> 8) & 0xff) <<8) ^
00786 ((uint32_t)Td4((t0 ) & 0xff) ) ^
00787 rk[3];
00788 PUTU32(out + 12, s3);
00789 }
00790
