src/usr.bin/ssh/rijndael.c - diff

Return to rijndael.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/rijndael.c between version 1.17 and 1.18

version 1.17, 2004/12/22 02:13:19

version 1.18, 2014/04/29 15:42:07

Line 25

* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,

* EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

#include <stdlib.h>

#include <string.h>

#include <sys/types.h>

#include "rijndael.h"

#define FULL_UNROLL

#undef FULL_UNROLL

Te0[x] = S [x].[02, 01, 01, 03];

Line 245

0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,

};

static const u32 Te3[256] = {

0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,

0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,

0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,

Line 530

Line 529

0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,

0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,

0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,

0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,

0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,

0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,

Line 722

Line 720

* @return the number of rounds for the given cipher key size.

static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) {

int

int i = 0;

rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits)

{

int i = 0;

u32 temp;

rk[0] = GETU32(cipherKey );

Line 784

rk[ 9] = rk[ 1] ^ rk[ 8];

rk[10] = rk[ 2] ^ rk[ 9];

rk[11] = rk[ 3] ^ rk[10];

if (++i == 7) {

return 14;

}

temp = rk[11];

rk[12] = rk[ 4] ^

(Te4[(temp >> 24) ] & 0xff000000) ^

Line 795

(Te4[(temp ) & 0xff] & 0x000000ff);

rk[13] = rk[ 5] ^ rk[12];

rk[14] = rk[ 6] ^ rk[13];

rk[15] = rk[ 7] ^ rk[14];

rk += 8;

}

return 0;

}

#if 0

/**

* Expand the cipher key into the decryption key schedule.

* @return the number of rounds for the given cipher key size.

static int

int

rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits,

rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits)

int have_encrypt) {

{

int Nr, i, j;

u32 temp;

if (have_encrypt) {

/* expand the cipher key: */

Nr = have_encrypt;

Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits);

} else {

/* expand the cipher key: */

Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits);

}

/* invert the order of the round keys: */

for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) {

temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;

Line 852

Line 850

}

return Nr;

}

#endif

static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], u8 ct[16]) {

void

rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16],

u8 ct[16])

{

u32 s0, s1, s2, s3, t0, t1, t2, t3;

#ifndef FULL_UNROLL

int r;

Line 869

Line 871

s3 = GETU32(pt + 12) ^ rk[3];

#ifdef FULL_UNROLL

/* round 1: */

t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];

t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];

t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];

t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];

/* round 2: */

s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];

s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];

s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];

s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];

/* round 3: */

t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];

t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];

t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];

t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];

/* round 4: */

s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];

s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];

s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];

s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];

/* round 5: */

t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];

t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];

t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];

t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];

/* round 6: */

s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];

s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];

s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];

s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];

/* round 7: */

t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];

t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];

t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];

t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];

/* round 8: */

s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];

s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];

s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];

s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];

/* round 9: */

t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];

t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];

t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];

t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];

if (Nr > 10) {

/* round 10: */

s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];

Line 1034

Line 1036

PUTU32(ct + 12, s3);

}

static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 pt[16]) {

#if 0

static void

rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16],

u8 pt[16])

{

u32 s0, s1, s2, s3, t0, t1, t2, t3;

#ifndef FULL_UNROLL

int r;

Line 1185

Line 1191

* apply last round and

* map cipher state to byte array block:

s0 =

(Td4[(t0 >> 24) ] & 0xff000000) ^

(Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^

(Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^

(Td4[(t1 ) & 0xff] & 0x000000ff) ^

rk[0];

PUTU32(pt , s0);

s1 =

(Td4[(t1 >> 24) ] & 0xff000000) ^

(Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^

(Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^

(Td4[(t2 ) & 0xff] & 0x000000ff) ^

rk[1];

PUTU32(pt + 4, s1);

s2 =

(Td4[(t2 >> 24) ] & 0xff000000) ^

(Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^

(Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^

(Td4[(t3 ) & 0xff] & 0x000000ff) ^

rk[2];

PUTU32(pt + 8, s2);

s3 =

(Td4[(t3 >> 24) ] & 0xff000000) ^

(Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^

(Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^

(Td4[(t0 ) & 0xff] & 0x000000ff) ^

rk[3];

PUTU32(pt + 12, s3);

}

#endif

void

rijndael_set_key(rijndael_ctx *ctx, u_char *key, int bits, int do_encrypt)

{

ctx->Nr = rijndaelKeySetupEnc(ctx->ek, key, bits);

if (do_encrypt) {

ctx->decrypt = 0;

memset(ctx->dk, 0, sizeof(ctx->dk));

} else {

ctx->decrypt = 1;

memcpy(ctx->dk, ctx->ek, sizeof(ctx->dk));

rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr);

}

void

rijndael_decrypt(rijndael_ctx *ctx, u_char *src, u_char *dst)

{

rijndaelDecrypt(ctx->dk, ctx->Nr, src, dst);

}

void

rijndael_encrypt(rijndael_ctx *ctx, u_char *src, u_char *dst)

{

rijndaelEncrypt(ctx->ek, ctx->Nr, src, dst);

}