1 /*
2 ---------------------------------------------------------------------------
3 Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
4
5 The redistribution and use of this software (with or without changes)
6 is allowed without the payment of fees or royalties provided that:
7
8 source code distributions include the above copyright notice, this
9 list of conditions and the following disclaimer;
10
11 binary distributions include the above copyright notice, this list
12 of conditions and the following disclaimer in their documentation.
13
14 This software is provided 'as is' with no explicit or implied warranties
15 in respect of its operation, including, but not limited to, correctness
16 and fitness for purpose.
17 ---------------------------------------------------------------------------
18 Issue Date: 20/12/2007
19 */
20
21 #include "aesopt.h"
22 #include "aestab.h"
23
24 #if defined( USE_INTEL_AES_IF_PRESENT )
25 # include "aes_ni.h"
26 #else
27 /* map names here to provide the external API ('name' -> 'aes_name') */
28 # define aes_xi(x) aes_ ## x
29 #endif
30
31 #ifdef USE_VIA_ACE_IF_PRESENT
32 # include "aes_via_ace.h"
33 #endif
34
35 #if defined(__cplusplus)
36 extern "C"
37 {
38 #endif
39
40 /* Initialise the key schedule from the user supplied key. The key
41 length can be specified in bytes, with legal values of 16, 24
42 and 32, or in bits, with legal values of 128, 192 and 256. These
43 values correspond with Nk values of 4, 6 and 8 respectively.
44
45 The following macros implement a single cycle in the key
46 schedule generation process. The number of cycles needed
47 for each cx->n_col and nk value is:
48
49 nk = 4 5 6 7 8
50 ------------------------------
51 cx->n_col = 4 10 9 8 7 7
52 cx->n_col = 5 14 11 10 9 9
53 cx->n_col = 6 19 15 12 11 11
54 cx->n_col = 7 21 19 16 13 14
55 cx->n_col = 8 29 23 19 17 14
56 */
57
58 #if defined( REDUCE_CODE_SIZE )
59 # define ls_box ls_sub
60 uint32_t ls_sub(const uint32_t t, const uint32_t n);
61 # define inv_mcol im_sub
62 uint32_t im_sub(const uint32_t x);
63 # ifdef ENC_KS_UNROLL
64 # undef ENC_KS_UNROLL
65 # endif
66 # ifdef DEC_KS_UNROLL
67 # undef DEC_KS_UNROLL
68 # endif
69 #endif
70
71 #if (FUNCS_IN_C & ENC_KEYING_IN_C)
72
73 #if defined(AES_128) || defined( AES_VAR )
74
75 #define ke4(k,i) \
76 { k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; \
77 k[4*(i)+5] = ss[1] ^= ss[0]; \
78 k[4*(i)+6] = ss[2] ^= ss[1]; \
79 k[4*(i)+7] = ss[3] ^= ss[2]; \
80 }
81
aes_xi(encrypt_key128)82 AES_RETURN aes_xi(encrypt_key128)(const unsigned char *key, aes_encrypt_ctx cx[1])
83 { uint32_t ss[4];
84
85 cx->ks[0] = ss[0] = word_in(key, 0);
86 cx->ks[1] = ss[1] = word_in(key, 1);
87 cx->ks[2] = ss[2] = word_in(key, 2);
88 cx->ks[3] = ss[3] = word_in(key, 3);
89
90 #ifdef ENC_KS_UNROLL
91 ke4(cx->ks, 0); ke4(cx->ks, 1);
92 ke4(cx->ks, 2); ke4(cx->ks, 3);
93 ke4(cx->ks, 4); ke4(cx->ks, 5);
94 ke4(cx->ks, 6); ke4(cx->ks, 7);
95 ke4(cx->ks, 8);
96 #else
97 { uint32_t i;
98 for(i = 0; i < 9; ++i)
99 ke4(cx->ks, i);
100 }
101 #endif
102 ke4(cx->ks, 9);
103 cx->inf.l = 0;
104 cx->inf.b[0] = 10 * 16;
105
106 #ifdef USE_VIA_ACE_IF_PRESENT
107 if(VIA_ACE_AVAILABLE)
108 cx->inf.b[1] = 0xff;
109 #endif
110 return EXIT_SUCCESS;
111 }
112
113 #endif
114
115 #if defined(AES_192) || defined( AES_VAR )
116
117 #define kef6(k,i) \
118 { k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; \
119 k[6*(i)+ 7] = ss[1] ^= ss[0]; \
120 k[6*(i)+ 8] = ss[2] ^= ss[1]; \
121 k[6*(i)+ 9] = ss[3] ^= ss[2]; \
122 }
123
124 #define ke6(k,i) \
125 { kef6(k,i); \
126 k[6*(i)+10] = ss[4] ^= ss[3]; \
127 k[6*(i)+11] = ss[5] ^= ss[4]; \
128 }
129
aes_xi(encrypt_key192)130 AES_RETURN aes_xi(encrypt_key192)(const unsigned char *key, aes_encrypt_ctx cx[1])
131 { uint32_t ss[6];
132
133 cx->ks[0] = ss[0] = word_in(key, 0);
134 cx->ks[1] = ss[1] = word_in(key, 1);
135 cx->ks[2] = ss[2] = word_in(key, 2);
136 cx->ks[3] = ss[3] = word_in(key, 3);
137 cx->ks[4] = ss[4] = word_in(key, 4);
138 cx->ks[5] = ss[5] = word_in(key, 5);
139
140 #ifdef ENC_KS_UNROLL
141 ke6(cx->ks, 0); ke6(cx->ks, 1);
142 ke6(cx->ks, 2); ke6(cx->ks, 3);
143 ke6(cx->ks, 4); ke6(cx->ks, 5);
144 ke6(cx->ks, 6);
145 #else
146 { uint32_t i;
147 for(i = 0; i < 7; ++i)
148 ke6(cx->ks, i);
149 }
150 #endif
151 kef6(cx->ks, 7);
152 cx->inf.l = 0;
153 cx->inf.b[0] = 12 * 16;
154
155 #ifdef USE_VIA_ACE_IF_PRESENT
156 if(VIA_ACE_AVAILABLE)
157 cx->inf.b[1] = 0xff;
158 #endif
159 return EXIT_SUCCESS;
160 }
161
162 #endif
163
164 #if defined(AES_256) || defined( AES_VAR )
165
166 #define kef8(k,i) \
167 { k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; \
168 k[8*(i)+ 9] = ss[1] ^= ss[0]; \
169 k[8*(i)+10] = ss[2] ^= ss[1]; \
170 k[8*(i)+11] = ss[3] ^= ss[2]; \
171 }
172
173 #define ke8(k,i) \
174 { kef8(k,i); \
175 k[8*(i)+12] = ss[4] ^= ls_box(ss[3],0); \
176 k[8*(i)+13] = ss[5] ^= ss[4]; \
177 k[8*(i)+14] = ss[6] ^= ss[5]; \
178 k[8*(i)+15] = ss[7] ^= ss[6]; \
179 }
180
aes_xi(encrypt_key256)181 AES_RETURN aes_xi(encrypt_key256)(const unsigned char *key, aes_encrypt_ctx cx[1])
182 { uint32_t ss[8];
183
184 cx->ks[0] = ss[0] = word_in(key, 0);
185 cx->ks[1] = ss[1] = word_in(key, 1);
186 cx->ks[2] = ss[2] = word_in(key, 2);
187 cx->ks[3] = ss[3] = word_in(key, 3);
188 cx->ks[4] = ss[4] = word_in(key, 4);
189 cx->ks[5] = ss[5] = word_in(key, 5);
190 cx->ks[6] = ss[6] = word_in(key, 6);
191 cx->ks[7] = ss[7] = word_in(key, 7);
192
193 #ifdef ENC_KS_UNROLL
194 ke8(cx->ks, 0); ke8(cx->ks, 1);
195 ke8(cx->ks, 2); ke8(cx->ks, 3);
196 ke8(cx->ks, 4); ke8(cx->ks, 5);
197 #else
198 { uint32_t i;
199 for(i = 0; i < 6; ++i)
200 ke8(cx->ks, i);
201 }
202 #endif
203 kef8(cx->ks, 6);
204 cx->inf.l = 0;
205 cx->inf.b[0] = 14 * 16;
206
207 #ifdef USE_VIA_ACE_IF_PRESENT
208 if(VIA_ACE_AVAILABLE)
209 cx->inf.b[1] = 0xff;
210 #endif
211 return EXIT_SUCCESS;
212 }
213
214 #endif
215
216 #endif
217
218 #if (FUNCS_IN_C & DEC_KEYING_IN_C)
219
220 /* this is used to store the decryption round keys */
221 /* in forward or reverse order */
222
223 #ifdef AES_REV_DKS
224 #define v(n,i) ((n) - (i) + 2 * ((i) & 3))
225 #else
226 #define v(n,i) (i)
227 #endif
228
229 #if DEC_ROUND == NO_TABLES
230 #define ff(x) (x)
231 #else
232 #define ff(x) inv_mcol(x)
233 #if defined( dec_imvars )
234 #define d_vars dec_imvars
235 #endif
236 #endif
237
238 #if defined(AES_128) || defined( AES_VAR )
239
240 #define k4e(k,i) \
241 { k[v(40,(4*(i))+4)] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; \
242 k[v(40,(4*(i))+5)] = ss[1] ^= ss[0]; \
243 k[v(40,(4*(i))+6)] = ss[2] ^= ss[1]; \
244 k[v(40,(4*(i))+7)] = ss[3] ^= ss[2]; \
245 }
246
247 #if 1
248
249 #define kdf4(k,i) \
250 { ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; \
251 ss[1] = ss[1] ^ ss[3]; \
252 ss[2] = ss[2] ^ ss[3]; \
253 ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; \
254 ss[i % 4] ^= ss[4]; \
255 ss[4] ^= k[v(40,(4*(i)))]; k[v(40,(4*(i))+4)] = ff(ss[4]); \
256 ss[4] ^= k[v(40,(4*(i))+1)]; k[v(40,(4*(i))+5)] = ff(ss[4]); \
257 ss[4] ^= k[v(40,(4*(i))+2)]; k[v(40,(4*(i))+6)] = ff(ss[4]); \
258 ss[4] ^= k[v(40,(4*(i))+3)]; k[v(40,(4*(i))+7)] = ff(ss[4]); \
259 }
260
261 #define kd4(k,i) \
262 { ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; \
263 ss[i % 4] ^= ss[4]; ss[4] = ff(ss[4]); \
264 k[v(40,(4*(i))+4)] = ss[4] ^= k[v(40,(4*(i)))]; \
265 k[v(40,(4*(i))+5)] = ss[4] ^= k[v(40,(4*(i))+1)]; \
266 k[v(40,(4*(i))+6)] = ss[4] ^= k[v(40,(4*(i))+2)]; \
267 k[v(40,(4*(i))+7)] = ss[4] ^= k[v(40,(4*(i))+3)]; \
268 }
269
270 #define kdl4(k,i) \
271 { ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
272 k[v(40,(4*(i))+4)] = (ss[0] ^= ss[1]) ^ ss[2] ^ ss[3]; \
273 k[v(40,(4*(i))+5)] = ss[1] ^ ss[3]; \
274 k[v(40,(4*(i))+6)] = ss[0]; \
275 k[v(40,(4*(i))+7)] = ss[1]; \
276 }
277
278 #else
279
280 #define kdf4(k,i) \
281 { ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[v(40,(4*(i))+ 4)] = ff(ss[0]); \
282 ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ff(ss[1]); \
283 ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ff(ss[2]); \
284 ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ff(ss[3]); \
285 }
286
287 #define kd4(k,i) \
288 { ss[4] = ls_box(ss[3],3) ^ t_use(r,c)[i]; \
289 ss[0] ^= ss[4]; ss[4] = ff(ss[4]); k[v(40,(4*(i))+ 4)] = ss[4] ^= k[v(40,(4*(i)))]; \
290 ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ss[4] ^= k[v(40,(4*(i))+ 1)]; \
291 ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ss[4] ^= k[v(40,(4*(i))+ 2)]; \
292 ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ss[4] ^= k[v(40,(4*(i))+ 3)]; \
293 }
294
295 #define kdl4(k,i) \
296 { ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[v(40,(4*(i))+ 4)] = ss[0]; \
297 ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ss[1]; \
298 ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ss[2]; \
299 ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ss[3]; \
300 }
301
302 #endif
303
aes_xi(decrypt_key128)304 AES_RETURN aes_xi(decrypt_key128)(const unsigned char *key, aes_decrypt_ctx cx[1])
305 { uint32_t ss[5];
306 #if defined( d_vars )
307 d_vars;
308 #endif
309
310 cx->ks[v(40,(0))] = ss[0] = word_in(key, 0);
311 cx->ks[v(40,(1))] = ss[1] = word_in(key, 1);
312 cx->ks[v(40,(2))] = ss[2] = word_in(key, 2);
313 cx->ks[v(40,(3))] = ss[3] = word_in(key, 3);
314
315 #ifdef DEC_KS_UNROLL
316 kdf4(cx->ks, 0); kd4(cx->ks, 1);
317 kd4(cx->ks, 2); kd4(cx->ks, 3);
318 kd4(cx->ks, 4); kd4(cx->ks, 5);
319 kd4(cx->ks, 6); kd4(cx->ks, 7);
320 kd4(cx->ks, 8); kdl4(cx->ks, 9);
321 #else
322 { uint32_t i;
323 for(i = 0; i < 10; ++i)
324 k4e(cx->ks, i);
325 #if !(DEC_ROUND == NO_TABLES)
326 for(i = N_COLS; i < 10 * N_COLS; ++i)
327 cx->ks[i] = inv_mcol(cx->ks[i]);
328 #endif
329 }
330 #endif
331 cx->inf.l = 0;
332 cx->inf.b[0] = 10 * 16;
333
334 #ifdef USE_VIA_ACE_IF_PRESENT
335 if(VIA_ACE_AVAILABLE)
336 cx->inf.b[1] = 0xff;
337 #endif
338 return EXIT_SUCCESS;
339 }
340
341 #endif
342
343 #if defined(AES_192) || defined( AES_VAR )
344
345 #define k6ef(k,i) \
346 { k[v(48,(6*(i))+ 6)] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; \
347 k[v(48,(6*(i))+ 7)] = ss[1] ^= ss[0]; \
348 k[v(48,(6*(i))+ 8)] = ss[2] ^= ss[1]; \
349 k[v(48,(6*(i))+ 9)] = ss[3] ^= ss[2]; \
350 }
351
352 #define k6e(k,i) \
353 { k6ef(k,i); \
354 k[v(48,(6*(i))+10)] = ss[4] ^= ss[3]; \
355 k[v(48,(6*(i))+11)] = ss[5] ^= ss[4]; \
356 }
357
358 #define kdf6(k,i) \
359 { ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[v(48,(6*(i))+ 6)] = ff(ss[0]); \
360 ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ff(ss[1]); \
361 ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ff(ss[2]); \
362 ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ff(ss[3]); \
363 ss[4] ^= ss[3]; k[v(48,(6*(i))+10)] = ff(ss[4]); \
364 ss[5] ^= ss[4]; k[v(48,(6*(i))+11)] = ff(ss[5]); \
365 }
366
367 #define kd6(k,i) \
368 { ss[6] = ls_box(ss[5],3) ^ t_use(r,c)[i]; \
369 ss[0] ^= ss[6]; ss[6] = ff(ss[6]); k[v(48,(6*(i))+ 6)] = ss[6] ^= k[v(48,(6*(i)))]; \
370 ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ss[6] ^= k[v(48,(6*(i))+ 1)]; \
371 ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ss[6] ^= k[v(48,(6*(i))+ 2)]; \
372 ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[6] ^= k[v(48,(6*(i))+ 3)]; \
373 ss[4] ^= ss[3]; k[v(48,(6*(i))+10)] = ss[6] ^= k[v(48,(6*(i))+ 4)]; \
374 ss[5] ^= ss[4]; k[v(48,(6*(i))+11)] = ss[6] ^= k[v(48,(6*(i))+ 5)]; \
375 }
376
377 #define kdl6(k,i) \
378 { ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[v(48,(6*(i))+ 6)] = ss[0]; \
379 ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ss[1]; \
380 ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ss[2]; \
381 ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[3]; \
382 }
383
aes_xi(decrypt_key192)384 AES_RETURN aes_xi(decrypt_key192)(const unsigned char *key, aes_decrypt_ctx cx[1])
385 { uint32_t ss[7];
386 #if defined( d_vars )
387 d_vars;
388 #endif
389
390 cx->ks[v(48,(0))] = ss[0] = word_in(key, 0);
391 cx->ks[v(48,(1))] = ss[1] = word_in(key, 1);
392 cx->ks[v(48,(2))] = ss[2] = word_in(key, 2);
393 cx->ks[v(48,(3))] = ss[3] = word_in(key, 3);
394
395 #ifdef DEC_KS_UNROLL
396 cx->ks[v(48,(4))] = ff(ss[4] = word_in(key, 4));
397 cx->ks[v(48,(5))] = ff(ss[5] = word_in(key, 5));
398 kdf6(cx->ks, 0); kd6(cx->ks, 1);
399 kd6(cx->ks, 2); kd6(cx->ks, 3);
400 kd6(cx->ks, 4); kd6(cx->ks, 5);
401 kd6(cx->ks, 6); kdl6(cx->ks, 7);
402 #else
403 cx->ks[v(48,(4))] = ss[4] = word_in(key, 4);
404 cx->ks[v(48,(5))] = ss[5] = word_in(key, 5);
405 { uint32_t i;
406
407 for(i = 0; i < 7; ++i)
408 k6e(cx->ks, i);
409 k6ef(cx->ks, 7);
410 #if !(DEC_ROUND == NO_TABLES)
411 for(i = N_COLS; i < 12 * N_COLS; ++i)
412 cx->ks[i] = inv_mcol(cx->ks[i]);
413 #endif
414 }
415 #endif
416 cx->inf.l = 0;
417 cx->inf.b[0] = 12 * 16;
418
419 #ifdef USE_VIA_ACE_IF_PRESENT
420 if(VIA_ACE_AVAILABLE)
421 cx->inf.b[1] = 0xff;
422 #endif
423 return EXIT_SUCCESS;
424 }
425
426 #endif
427
428 #if defined(AES_256) || defined( AES_VAR )
429
430 #define k8ef(k,i) \
431 { k[v(56,(8*(i))+ 8)] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; \
432 k[v(56,(8*(i))+ 9)] = ss[1] ^= ss[0]; \
433 k[v(56,(8*(i))+10)] = ss[2] ^= ss[1]; \
434 k[v(56,(8*(i))+11)] = ss[3] ^= ss[2]; \
435 }
436
437 #define k8e(k,i) \
438 { k8ef(k,i); \
439 k[v(56,(8*(i))+12)] = ss[4] ^= ls_box(ss[3],0); \
440 k[v(56,(8*(i))+13)] = ss[5] ^= ss[4]; \
441 k[v(56,(8*(i))+14)] = ss[6] ^= ss[5]; \
442 k[v(56,(8*(i))+15)] = ss[7] ^= ss[6]; \
443 }
444
445 #define kdf8(k,i) \
446 { ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[v(56,(8*(i))+ 8)] = ff(ss[0]); \
447 ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ff(ss[1]); \
448 ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ff(ss[2]); \
449 ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ff(ss[3]); \
450 ss[4] ^= ls_box(ss[3],0); k[v(56,(8*(i))+12)] = ff(ss[4]); \
451 ss[5] ^= ss[4]; k[v(56,(8*(i))+13)] = ff(ss[5]); \
452 ss[6] ^= ss[5]; k[v(56,(8*(i))+14)] = ff(ss[6]); \
453 ss[7] ^= ss[6]; k[v(56,(8*(i))+15)] = ff(ss[7]); \
454 }
455
456 #define kd8(k,i) \
457 { ss[8] = ls_box(ss[7],3) ^ t_use(r,c)[i]; \
458 ss[0] ^= ss[8]; ss[8] = ff(ss[8]); k[v(56,(8*(i))+ 8)] = ss[8] ^= k[v(56,(8*(i)))]; \
459 ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ss[8] ^= k[v(56,(8*(i))+ 1)]; \
460 ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ss[8] ^= k[v(56,(8*(i))+ 2)]; \
461 ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[8] ^= k[v(56,(8*(i))+ 3)]; \
462 ss[8] = ls_box(ss[3],0); \
463 ss[4] ^= ss[8]; ss[8] = ff(ss[8]); k[v(56,(8*(i))+12)] = ss[8] ^= k[v(56,(8*(i))+ 4)]; \
464 ss[5] ^= ss[4]; k[v(56,(8*(i))+13)] = ss[8] ^= k[v(56,(8*(i))+ 5)]; \
465 ss[6] ^= ss[5]; k[v(56,(8*(i))+14)] = ss[8] ^= k[v(56,(8*(i))+ 6)]; \
466 ss[7] ^= ss[6]; k[v(56,(8*(i))+15)] = ss[8] ^= k[v(56,(8*(i))+ 7)]; \
467 }
468
469 #define kdl8(k,i) \
470 { ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[v(56,(8*(i))+ 8)] = ss[0]; \
471 ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ss[1]; \
472 ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ss[2]; \
473 ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[3]; \
474 }
475
aes_xi(decrypt_key256)476 AES_RETURN aes_xi(decrypt_key256)(const unsigned char *key, aes_decrypt_ctx cx[1])
477 { uint32_t ss[9];
478 #if defined( d_vars )
479 d_vars;
480 #endif
481
482 cx->ks[v(56,(0))] = ss[0] = word_in(key, 0);
483 cx->ks[v(56,(1))] = ss[1] = word_in(key, 1);
484 cx->ks[v(56,(2))] = ss[2] = word_in(key, 2);
485 cx->ks[v(56,(3))] = ss[3] = word_in(key, 3);
486
487 #ifdef DEC_KS_UNROLL
488 cx->ks[v(56,(4))] = ff(ss[4] = word_in(key, 4));
489 cx->ks[v(56,(5))] = ff(ss[5] = word_in(key, 5));
490 cx->ks[v(56,(6))] = ff(ss[6] = word_in(key, 6));
491 cx->ks[v(56,(7))] = ff(ss[7] = word_in(key, 7));
492 kdf8(cx->ks, 0); kd8(cx->ks, 1);
493 kd8(cx->ks, 2); kd8(cx->ks, 3);
494 kd8(cx->ks, 4); kd8(cx->ks, 5);
495 kdl8(cx->ks, 6);
496 #else
497 cx->ks[v(56,(4))] = ss[4] = word_in(key, 4);
498 cx->ks[v(56,(5))] = ss[5] = word_in(key, 5);
499 cx->ks[v(56,(6))] = ss[6] = word_in(key, 6);
500 cx->ks[v(56,(7))] = ss[7] = word_in(key, 7);
501 { uint32_t i;
502
503 for(i = 0; i < 6; ++i)
504 k8e(cx->ks, i);
505 k8ef(cx->ks, 6);
506 #if !(DEC_ROUND == NO_TABLES)
507 for(i = N_COLS; i < 14 * N_COLS; ++i)
508 cx->ks[i] = inv_mcol(cx->ks[i]);
509 #endif
510 }
511 #endif
512 cx->inf.l = 0;
513 cx->inf.b[0] = 14 * 16;
514
515 #ifdef USE_VIA_ACE_IF_PRESENT
516 if(VIA_ACE_AVAILABLE)
517 cx->inf.b[1] = 0xff;
518 #endif
519 return EXIT_SUCCESS;
520 }
521
522 #endif
523
524 #endif
525
526 #if defined( AES_VAR )
527
aes_encrypt_key(const unsigned char * key,int key_len,aes_encrypt_ctx cx[1])528 AES_RETURN aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1])
529 {
530 switch(key_len)
531 {
532 case 16: case 128: return aes_encrypt_key128(key, cx);
533 case 24: case 192: return aes_encrypt_key192(key, cx);
534 case 32: case 256: return aes_encrypt_key256(key, cx);
535 default: return EXIT_FAILURE;
536 }
537 }
538
aes_decrypt_key(const unsigned char * key,int key_len,aes_decrypt_ctx cx[1])539 AES_RETURN aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1])
540 {
541 switch(key_len)
542 {
543 case 16: case 128: return aes_decrypt_key128(key, cx);
544 case 24: case 192: return aes_decrypt_key192(key, cx);
545 case 32: case 256: return aes_decrypt_key256(key, cx);
546 default: return EXIT_FAILURE;
547 }
548 }
549
550 #endif
551
552 #if defined(__cplusplus)
553 }
554 #endif
555