Mobile API Reference  MicroStrategy 2019
aesopt.h
Go to the documentation of this file.
1 /*
2  -------------------------------------------------------------------------
3  Copyright (c) 2001, Dr Brian Gladman < >, Worcester, UK.
4  All rights reserved.
5 
6  LICENSE TERMS
7 
8  The free distribution and use of this software in both source and binary
9  form is allowed (with or without changes) provided that:
10 
11  1. distributions of this source code include the above copyright
12  notice, this list of conditions and the following disclaimer;
13 
14  2. distributions in binary form include the above copyright
15  notice, this list of conditions and the following disclaimer
16  in the documentation and/or other associated materials;
17 
18  3. the copyright holder's name is not used to endorse products
19  built using this software without specific written permission.
20 
21  DISCLAIMER
22 
23  This software is provided 'as is' with no explicit or implied warranties
24  in respect of its properties, including, but not limited to, correctness
25  and fitness for purpose.
26  -------------------------------------------------------------------------
27  Issue Date: 29/07/2002
28 
29  This file contains the compilation options for AES (Rijndael) and code
30  that is common across encryption, key scheduling and table generation.
31 
32  OPERATION
33 
34  These source code files implement the AES algorithm Rijndael designed by
35  Joan Daemen and Vincent Rijmen. The version in aes.c is designed for
36  block and key sizes of 128, 192 and 256 bits (16, 24 and 32 bytes) while
37  that in aespp.c provides for block and keys sizes of 128, 160, 192, 224
38  and 256 bits (16, 20, 24, 28 and 32 bytes). This file is a common header
39  file for these two implementations and for aesref.c, which is a reference
40  implementation.
41 
42  This version is designed for flexibility and speed using operations on
43  32-bit words rather than operations on bytes. It provides aes_both fixed
44  and dynamic block and key lengths and can also run with either big or
45  little endian internal byte order (see aes.h). It inputs block and key
46  lengths in bytes with the legal values being 16, 24 and 32 for aes.c and
47  16, 20, 24, 28 and 32 for aespp.c
48 
49  THE CIPHER INTERFACE
50 
51  aes_08t (an unsigned 8-bit type)
52  aes_32t (an unsigned 32-bit type)
53  aes_fret (a signed 16 bit type for function return values)
54  aes_good (value != 0, a good return)
55  aes_bad (value == 0, an error return)
56  struct aes_ctx (structure for the cipher encryption context)
57  struct aes_ctx (structure for the cipher decryption context)
58  aes_rval the function return type (aes_fret if not DLL)
59 
60  C subroutine calls:
61 
62  aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1]);
63  aes_rval aes_enc_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx[1]);
64  aes_rval aes_enc_blk(const unsigned char in_blk[], unsigned char out_blk[], const aes_ctx cx[1]);
65 
66  aes_rval aes_dec_len(unsigned int blen, aes_ctx cx[1]);
67  aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx[1]);
68  aes_rval aes_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], const aes_ctx cx[1]);
69 
70  IMPORTANT NOTE: If you are using this C interface and your compiler does
71  not set the memory used for objects to zero before use, you will need to
72  ensure that cx.s_flg is set to zero before using these subroutine calls.
73 
74  C++ aes class subroutines:
75 
76  class AESclass for encryption
77  class AESclass for decryption
78 
79  aes_rval len(unsigned int blen = 16);
80  aes_rval key(const unsigned char in_key[], unsigned int klen);
81  aes_rval blk(const unsigned char in_blk[], unsigned char out_blk[]);
82 
83  aes_rval len(unsigned int blen = 16);
84  aes_rval key(const unsigned char in_key[], unsigned int klen);
85  aes_rval blk(const unsigned char in_blk[], unsigned char out_blk[]);
86 
87  The block length inputs to set_block and set_key are in numbers of
88  BYTES, not bits. The calls to subroutines must be made in the above
89  order but multiple calls can be made without repeating earlier calls
90  if their parameters have not changed. If the cipher block length is
91  variable but set_blk has not been called before cipher operations a
92  value of 16 is assumed (that is, the AES block size). In contrast to
93  earlier versions the block and key length parameters are now checked
94  for correctness and the encryption and decryption routines check to
95  ensure that an appropriate key has been set before they are called.
96 
97  COMPILATION
98 
99  The files used to provide AES (Rijndael) are
100 
101  a. aes.h for the definitions needed for use in C.
102  b. aescpp.h for the definitions needed for use in C++.
103  c. aesopt.h for setting compilation options (also includes common
104  code).
105  d. aescrypt.c for encryption and decrytpion, or
106  e. aescrypt.asm for encryption and decryption using assembler code.
107  f. aeskey.c for key scheduling.
108  g. aestab.c for table loading or generation.
109 
110  The assembler code uses the NASM assembler. The above files provice
111  block and key lengths of 16, 24 and 32 bytes (128, 192 and 256 bits).
112  If aescrypp.c and aeskeypp.c are used instead of aescrypt.c and
113  aeskey.c respectively, the block and key lengths can then be 16, 20,
114  24, 28 or 32 bytes. However this code has not been optimised to the
115  same extent and is hence slower (esepcially for the AES block size
116  of 16 bytes).
117 
118  To compile AES (Rijndael) for use in C code use aes.h and exclude
119  the AES_DLL define in aes.h
120 
121  To compile AES (Rijndael) for use in in C++ code use aescpp.h and
122  exclude the AES_DLL define in aes.h
123 
124  To compile AES (Rijndael) in C as a Dynamic Link Library DLL) use
125  aes.h, include the AES_DLL define and compile the DLL. If using
126  the test files to test the DLL, exclude aes.c from the test build
127  project and compile it with the same defines as used for the DLL
128  (ensure that the DLL path is correct)
129 
130  CONFIGURATION OPTIONS (here and in aes.h)
131 
132  a. define AES_BLOCK_SIZE in aes.h to set the cipher block size (16, 24
133  or 32 for the standard code, or 16, 20, 24, 28 or 32 for the
134  extended code) or leave this undefined for dynamically variable
135  block size (this will result in much slower code).
136  b. set AES_DLL in aes.h if AES (Rijndael) is to be compiled as a DLL
137  c. You may need to set PLATFORM_BYTE_ORDER to define the byte order.
138  d. If you want the code to run in a specific internal byte order, then
139  INTERNAL_BYTE_ORDER must be set accordingly.
140  e. set other configuration options decribed below.
141 */
142 
143 #ifndef _AESOPT_H
144 #define _AESOPT_H
145 
146 /* START OF CONFIGURATION OPTIONS
147 
148  USE OF DEFINES
149 
150  Later in this section there are a number of defines that control the
151  operation of the code. In each section, the purpose of each define is
152  explained so that the relevant form can be included or excluded by
153  setting either 1's or 0's respectively on the branches of the related
154  #if clauses.
155 */
156 
157 /* 1. PLATFORM SPECIFIC INCLUDES */
158 
159 #if defined( __CRYPTLIB__ ) && !defined( INC_ALL ) && !defined( INC_CHILD )
160 #include "crypt/aes.h"
161 #else
162  #include "aes.h"
163 #endif
164 
165 #if defined(__GNUC__) || defined(__GNU_LIBRARY__)
166 # include <endian.h>
167 # include <byteswap.h>
168 #elif defined(__CRYPTLIB__)
169 # if defined( INC_ALL )
170 # include "crypt.h"
171 # elif defined( INC_CHILD )
172 # include "../crypt.h"
173 # else
174 # include "crypt.h"
175 # endif
176 # if defined(DATA_LITTLEENDIAN)
177 # define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
178 # else
179 # define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
180 # endif
181 #elif defined(_MSC_VER)
182 # include <stdlib.h>
183 #elif !defined(WIN32)
184 # include <stdlib.h>
185 # if !defined (_ENDIAN_H)
186 # include <sys/param.h>
187 # else
188 # include _ENDIAN_H
189 # endif
190 #endif
191 
192 /* 2. BYTE ORDER IN 32-BIT WORDS
193 
194  To obtain the highest speed on processors with 32-bit words, this code
195  needs to determine the order in which bytes are packed into such words.
196  The following block of code is an attempt to capture the most obvious
197  ways in which various environemnts define byte order. It may well fail,
198  in which case the definitions will need to be set by editing at the
199  points marked **** EDIT HERE IF NECESSARY **** below.
200 */
201 #define AES_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */
202 #define AES_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */
203 
204 #if !defined(PLATFORM_BYTE_ORDER)
205 #if defined(LITTLE_ENDIAN) || defined(BIG_ENDIAN)
206 # if defined(LITTLE_ENDIAN) && defined(BIG_ENDIAN)
207 # if defined(BYTE_ORDER)
208 # if (BYTE_ORDER == LITTLE_ENDIAN)
209 # define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
210 # elif (BYTE_ORDER == BIG_ENDIAN)
211 # define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
212 # endif
213 # endif
214 # elif defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN)
215 # define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
216 # elif !defined(LITTLE_ENDIAN) && defined(BIG_ENDIAN)
217 # define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
218 # endif
219 #elif defined(_LITTLE_ENDIAN) || defined(_BIG_ENDIAN)
220 # if defined(_LITTLE_ENDIAN) && defined(_BIG_ENDIAN)
221 # if defined(_BYTE_ORDER)
222 # if (_BYTE_ORDER == _LITTLE_ENDIAN)
223 # define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
224 # elif (_BYTE_ORDER == _BIG_ENDIAN)
225 # define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
226 # endif
227 # endif
228 # elif defined(_LITTLE_ENDIAN) && !defined(_BIG_ENDIAN)
229 # define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
230 # elif !defined(_LITTLE_ENDIAN) && defined(_BIG_ENDIAN)
231 # define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
232 # endif
233 #elif 0 /* **** EDIT HERE IF NECESSARY **** */
234 #define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
235 #elif 0 /* **** EDIT HERE IF NECESSARY **** */
236 #define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
237 #elif (('1234' >> 24) == '1')
238 # define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
239 #elif (('4321' >> 24) == '1')
240 # define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
241 #endif
242 #endif
243 
244 #if !defined(PLATFORM_BYTE_ORDER)
245 # error Please set undetermined byte order (lines 233 or 235 of aesopt.h).
246 #endif
247 
248 /* 3. ASSEMBLER SUPPORT
249 
250  If the assembler code is used for encryption and decryption this file only
251  provides key scheduling so the following defines are used
252 */
253 #ifdef AES_ASM
254 #define ENCRYPTION_KEY_SCHEDULE
255 #define DECRYPTION_KEY_SCHEDULE
256 #else
257 
258 /* 4. FUNCTIONS REQUIRED
259 
260  This implementation provides five main subroutines which provide for
261  setting block length, setting encryption and decryption keys and for
262  encryption and decryption. When the assembler code is not being used
263  the following definition blocks allow the selection of the routines
264  that are to be included in the compilation.
265 */
266 #if 1
267 #define ENCRYPTION_KEY_SCHEDULE
268 #endif
269 
270 #if 1
271 #define DECRYPTION_KEY_SCHEDULE
272 #endif
273 
274 #if 1
275 #define ENCRYPTION
276 #endif
277 
278 #if 1
279 #define DECRYPTION
280 #endif
281 
282 #endif
283 
284 /* 5. BYTE ORDER WITHIN 32 BIT WORDS
285 
286  The fundamental data processing units in Rijndael are 8-bit bytes. The
287  input, output and key input are all enumerated arrays of bytes in which
288  bytes are numbered starting at zero and increasing to one less than the
289  number of bytes in the array in question. This enumeration is only used
290  for naming bytes and does not imply any adjacency or order relationship
291  from one byte to another. When these inputs and outputs are considered
292  as bit sequences, bits 8*n to 8*n+7 of the bit sequence are mapped to
293  byte[n] with bit 8n+i in the sequence mapped to bit 7-i within the byte.
294  In this implementation bits are numbered from 0 to 7 starting at the
295  numerically least significant end of each byte (bit n represents 2^n).
296 
297  However, Rijndael can be implemented more efficiently using 32-bit
298  words by packing bytes into words so that bytes 4*n to 4*n+3 are placed
299  into word[n]. While in principle these bytes can be assembled into words
300  in any positions, this implementation only supports the two formats in
301  which bytes in adjacent positions within words also have adjacent byte
302  numbers. This order is called big-endian if the lowest numbered bytes
303  in words have the highest numeric significance and little-endian if the
304  opposite applies.
305 
306  This code can work in either order irrespective of the order used by the
307  machine on which it runs. Normally the internal byte order will be set
308  to the order of the processor on which the code is to be run but this
309  define can be used to reverse this in special situations
310 */
311 #if 1
312 #define INTERNAL_BYTE_ORDER PLATFORM_BYTE_ORDER
313 #elif defined(AES_LITTLE_ENDIAN)
314 #define INTERNAL_BYTE_ORDER AES_LITTLE_ENDIAN
315 #elif defined(AES_BIG_ENDIAN)
316 #define INTERNAL_BYTE_ORDER AES_BIG_ENDIAN
317 #endif
318 
319 /* 6. FAST INPUT/OUTPUT OPERATIONS.
320 
321  On some machines it is possible to improve speed by transferring the
322  bytes in the input and output arrays to and from the internal 32-bit
323  variables by addressing these arrays as if they are arrays of 32-bit
324  words. On some machines this will always be possible but there may
325  be a large performance penalty if the byte arrays are not aligned on
326  the normal word boundaries. On other machines this technique will
327  lead to memory access errors when such 32-bit word accesses are not
328  properly aligned. The option SAFE_IO avoids such problems but will
329  often be slower on those machines that support misaligned access
330  (especially so if care is taken to align the input and output byte
331  arrays on 32-bit word boundaries). If SAFE_IO is not defined it is
332  assumed that access to byte arrays as if they are arrays of 32-bit
333  words will not cause problems when such accesses are misaligned.
334 */
335 #if 1
336 #define SAFE_IO
337 #endif
338 
339 /* 7. LOOP UNROLLING
340 
341  The code for encryption and decrytpion cycles through a number of rounds
342  that can be implemented either in a loop or by expanding the code into a
343  long sequence of instructions, the latter producing a larger program but
344  one that will often be much faster. The latter is called loop unrolling.
345  There are also potential speed advantages in expanding two iterations in
346  a loop with half the number of iterations, which is called partial loop
347  unrolling. The following options allow partial or full loop unrolling
348  to be set independently for encryption and decryption
349 */
350 #if 1
351 #define ENC_UNROLL FULL
352 #elif 0
353 #define ENC_UNROLL PARTIAL
354 #else
355 #define ENC_UNROLL NONE
356 #endif
357 
358 #if 1
359 #define DEC_UNROLL FULL
360 #elif 0
361 #define DEC_UNROLL PARTIAL
362 #else
363 #define DEC_UNROLL NONE
364 #endif
365 
366 /* 8. FIXED OR DYNAMIC TABLES
367 
368  When this section is included the tables used by the code are comipled
369  statically into the binary file. Otherwise they are computed once when
370  the code is first used.
371 */
372 #if 1
373 #define FIXED_TABLES
374 #endif
375 
376 /* 9. FAST FINITE FIELD OPERATIONS
377 
378  If this section is included, tables are used to provide faster finite
379  field arithmetic (this has no effect if FIXED_TABLES is defined).
380 */
381 #if 1
382 #define FF_TABLES
383 #endif
384 
385 /* 10. INTERNAL STATE VARIABLE FORMAT
386 
387  The internal state of Rijndael is stored in a number of local 32-bit
388  word varaibles which can be defined either as an array or as individual
389  names variables. Include this section if you want to store these local
390  varaibles in arrays. Otherwise individual local variables will be used.
391 */
392 #if 1
393 #define ARRAYS
394 #endif
395 
396 /* In this implementation the columns of the state array are each held in
397  32-bit words. The state array can be held in various ways: in an array
398  of words, in a number of individual word variables or in a number of
399  processor registers. The following define maps a variable name x and
400  a column number c to the way the state array variable is to be held.
401  The first define below maps the state into an array x[c] whereas the
402  second form maps the state into a number of individual variables x0,
403  x1, etc. Another form could map individual state colums to machine
404  register names.
405 */
406 
407 #if defined(ARRAYS)
408 #define s(x,c) x[c]
409 #else
410 #define s(x,c) x##c
411 #endif
412 
413 /* 11. VARIABLE BLOCK SIZE SPEED
414 
415  This section is only relevant if you wish to use the variable block
416  length feature of the code. Include this section if you place more
417  emphasis on speed rather than code size.
418 */
419 #if 1
420 #define FAST_VARIABLE
421 #endif
422 
423 /* 12. INTERNAL TABLE CONFIGURATION
424 
425  This cipher proceeds by repeating in a number of cycles known as 'rounds'
426  which are implemented by a round function which can optionally be speeded
427  up using tables. The basic tables are each 256 32-bit words, with either
428  one or four tables being required for each round function depending on
429  how much speed is required. The encryption and decryption round functions
430  are different and the last encryption and decrytpion round functions are
431  different again making four different round functions in all.
432 
433  This means that:
434  1. Normal encryption and decryption rounds can each use either 0, 1
435  or 4 tables and table spaces of 0, 1024 or 4096 bytes each.
436  2. The last encryption and decryption rounds can also use either 0, 1
437  or 4 tables and table spaces of 0, 1024 or 4096 bytes each.
438 
439  Include or exclude the appropriate definitions below to set the number
440  of tables used by this implementation.
441 */
442 
443 #if 1 /* set tables for the normal encryption round */
444 #define ENC_ROUND FOUR_TABLES
445 #elif 0
446 #define ENC_ROUND ONE_TABLE
447 #else
448 #define ENC_ROUND NO_TABLES
449 #endif
450 
451 #if 1 /* set tables for the last encryption round */
452 #define LAST_ENC_ROUND FOUR_TABLES
453 #elif 0
454 #define LAST_ENC_ROUND ONE_TABLE
455 #else
456 #define LAST_ENC_ROUND NO_TABLES
457 #endif
458 
459 #if 1 /* set tables for the normal decryption round */
460 #define DEC_ROUND FOUR_TABLES
461 #elif 0
462 #define DEC_ROUND ONE_TABLE
463 #else
464 #define DEC_ROUND NO_TABLES
465 #endif
466 
467 #if 1 /* set tables for the last decryption round */
468 #define LAST_DEC_ROUND FOUR_TABLES
469 #elif 0
470 #define LAST_DEC_ROUND ONE_TABLE
471 #else
472 #define LAST_DEC_ROUND NO_TABLES
473 #endif
474 
475 /* The decryption key schedule can be speeded up with tables in the same
476  way that the round functions can. Include or exclude the following
477  defines to set this requirement.
478 */
479 #if 1
480 #define KEY_SCHED FOUR_TABLES
481 #elif 0
482 #define KEY_SCHED ONE_TABLE
483 #else
484 #define KEY_SCHED NO_TABLES
485 #endif
486 
487 /* END OF CONFIGURATION OPTIONS */
488 
489 #define NO_TABLES 0 /* DO NOT CHANGE */
490 #define ONE_TABLE 1 /* DO NOT CHANGE */
491 #define FOUR_TABLES 4 /* DO NOT CHANGE */
492 #define NONE 0 /* DO NOT CHANGE */
493 #define PARTIAL 1 /* DO NOT CHANGE */
494 #define FULL 2 /* DO NOT CHANGE */
495 
496 #if defined(AES_BLOCK_SIZE) && ((AES_BLOCK_SIZE & 3) || AES_BLOCK_SIZE < 16 || AES_BLOCK_SIZE > 32)
497 #error An illegal block size has been specified.
498 #endif
499 
500 #if !defined(AES_BLOCK_SIZE)
501 #define RC_LENGTH 29
502 #else
503 #define RC_LENGTH 5 * AES_BLOCK_SIZE / 4 - (AES_BLOCK_SIZE == 16 ? 10 : 11)
504 #endif
505 
506 /* Disable at least some poor combinations of options */
507 
508 #if ENC_ROUND == NO_TABLES && LAST_ENC_ROUND != NO_TABLES
509 #undef LAST_ENC_ROUND
510 #define LAST_ENC_ROUND NO_TABLES
511 #elif ENC_ROUND == ONE_TABLE && LAST_ENC_ROUND == FOUR_TABLES
512 #undef LAST_ENC_ROUND
513 #define LAST_ENC_ROUND ONE_TABLE
514 #endif
515 
516 #if ENC_ROUND == NO_TABLES && ENC_UNROLL != NONE
517 #undef ENC_UNROLL
518 #define ENC_UNROLL NONE
519 #endif
520 
521 #if DEC_ROUND == NO_TABLES && LAST_DEC_ROUND != NO_TABLES
522 #undef LAST_DEC_ROUND
523 #define LAST_DEC_ROUND NO_TABLES
524 #elif DEC_ROUND == ONE_TABLE && LAST_DEC_ROUND == FOUR_TABLES
525 #undef LAST_DEC_ROUND
526 #define LAST_DEC_ROUND ONE_TABLE
527 #endif
528 
529 #if DEC_ROUND == NO_TABLES && DEC_UNROLL != NONE
530 #undef DEC_UNROLL
531 #define DEC_UNROLL NONE
532 #endif
533 
534 /* upr(x,n): rotates bytes within words by n positions, moving bytes to
535  higher index positions with wrap around into low positions
536  ups(x,n): moves bytes by n positions to higher index positions in
537  words but without wrap around
538  bval(x,n): extracts a byte from a word
539 
540  NOTE: The definitions given here are intended only for use with
541  unsigned variables and with shift counts that are compile
542  time constants
543 */
544 
545 #if (INTERNAL_BYTE_ORDER == AES_LITTLE_ENDIAN)
546 #if defined(_MSC_VER)
547 #define upr(x,n) _lrotl((aes_32t)(x), 8 * (n))
548 #else
549 #define upr(x,n) ((aes_32t)(x) << 8 * (n) | (aes_32t)(x) >> 32 - 8 * (n))
550 #endif
551 #define ups(x,n) ((aes_32t)(x) << 8 * (n))
552 #define bval(x,n) ((aes_08t)((x) >> 8 * (n)))
553 #define bytes2word(b0, b1, b2, b3) \
554  (((aes_32t)(b3) << 24) | ((aes_32t)(b2) << 16) | ((aes_32t)(b1) << 8) | (b0))
555 #endif
556 
557 #if (INTERNAL_BYTE_ORDER == AES_BIG_ENDIAN)
558 #define upr(x,n) ((aes_32t)(x) >> 8 * (n) | (aes_32t)(x) << 32 - 8 * (n))
559 #define ups(x,n) ((aes_32t)(x) >> 8 * (n)))
560 #define bval(x,n) ((aes_08t)((x) >> 24 - 8 * (n)))
561 #define bytes2word(b0, b1, b2, b3) \
562  (((aes_32t)(b0) << 24) | ((aes_32t)(b1) << 16) | ((aes_32t)(b2) << 8) | (b3))
563 #endif
564 
565 #if defined(SAFE_IO)
566 
567 #define word_in(x) bytes2word((x)[0], (x)[1], (x)[2], (x)[3])
568 #define word_out(x,v) { (x)[0] = bval(v,0); (x)[1] = bval(v,1); \
569  (x)[2] = bval(v,2); (x)[3] = bval(v,3); }
570 
571 #elif (INTERNAL_BYTE_ORDER == PLATFORM_BYTE_ORDER)
572 
573 #define word_in(x) *(aes_32t*)(x)
574 #define word_out(x,v) *(aes_32t*)(x) = (v)
575 
576 #else
577 
578 #if !defined(bswap_32)
579 #if !defined(_MSC_VER)
580 #define _lrotl(x,n) ((aes_32t)(x) << n | (aes_32t)(x) >> 32 - n)
581 #endif
582 #define bswap_32(x) ((_lrotl((x),8) & 0x00ff00ff) | (_lrotl((x),24) & 0xff00ff00))
583 #endif
584 
585 #define word_in(x) bswap_32(*(aes_32t*)(x))
586 #define word_out(x,v) *(aes_32t*)(x) = bswap_32(v)
587 
588 #endif
589 
590 /* the finite field modular polynomial and elements */
591 
592 #define WPOLY 0x011b
593 #define BPOLY 0x1b
594 
595 /* multiply four bytes in GF(2^8) by 'x' {02} in parallel */
596 
597 #define m1 0x80808080
598 #define m2 0x7f7f7f7f
599 #define FFmulX(x) ((((x) & m2) << 1) ^ ((((x) & m1) >> 7) * BPOLY))
600 
601 /* The following defines provide alternative definitions of FFmulX that might
602  give improved performance if a fast 32-bit multiply is not available. Note
603  that a temporary variable u needs to be defined where FFmulX is used.
604 
605 #define FFmulX(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6))
606 #define m4 (0x01010101 * BPOLY)
607 #define FFmulX(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4)
608 */
609 
610 /* Work out which tables are needed for the different options */
611 
612 #ifdef AES_ASM
613 #ifdef ENC_ROUND
614 #undef ENC_ROUND
615 #endif
616 #define ENC_ROUND FOUR_TABLES
617 #ifdef LAST_ENC_ROUND
618 #undef LAST_ENC_ROUND
619 #endif
620 #define LAST_ENC_ROUND FOUR_TABLES
621 #ifdef DEC_ROUND
622 #undef DEC_ROUND
623 #endif
624 #define DEC_ROUND FOUR_TABLES
625 #ifdef LAST_DEC_ROUND
626 #undef LAST_DEC_ROUND
627 #endif
628 #define LAST_DEC_ROUND FOUR_TABLES
629 #ifdef KEY_SCHED
630 #undef KEY_SCHED
631 #define KEY_SCHED FOUR_TABLES
632 #endif
633 #endif
634 
635 #if defined(ENCRYPTION) || defined(AES_ASM)
636 #if ENC_ROUND == ONE_TABLE
637 #define FT1_SET
638 #elif ENC_ROUND == FOUR_TABLES
639 #define FT4_SET
640 #else
641 #define SBX_SET
642 #endif
643 #if LAST_ENC_ROUND == ONE_TABLE
644 #define FL1_SET
645 #elif LAST_ENC_ROUND == FOUR_TABLES
646 #define FL4_SET
647 #elif !defined(SBX_SET)
648 #define SBX_SET
649 #endif
650 #endif
651 
652 #if defined(DECRYPTION) || defined(AES_ASM)
653 #if DEC_ROUND == ONE_TABLE
654 #define IT1_SET
655 #elif DEC_ROUND == FOUR_TABLES
656 #define IT4_SET
657 #else
658 #define ISB_SET
659 #endif
660 #if LAST_DEC_ROUND == ONE_TABLE
661 #define IL1_SET
662 #elif LAST_DEC_ROUND == FOUR_TABLES
663 #define IL4_SET
664 #elif !defined(ISB_SET)
665 #define ISB_SET
666 #endif
667 #endif
668 
669 #if defined(ENCRYPTION_KEY_SCHEDULE) || defined(DECRYPTION_KEY_SCHEDULE)
670 #if KEY_SCHED == ONE_TABLE
671 #define LS1_SET
672 #define IM1_SET
673 #elif KEY_SCHED == FOUR_TABLES
674 #define LS4_SET
675 #define IM4_SET
676 #elif !defined(SBX_SET)
677 #define SBX_SET
678 #endif
679 #endif
680 
681 #ifdef FIXED_TABLES
682 #define prefx extern const
683 #else
684 #define prefx extern
685 extern aes_08t tab_init;
686 void gen_tabs(void);
687 #endif
688 
689 prefx aes_32t rcon_tab[29];
690 
691 #ifdef SBX_SET
692 prefx aes_08t s_box[256];
693 #endif
694 
695 #ifdef ISB_SET
696 prefx aes_08t inv_s_box[256];
697 #endif
698 
699 #ifdef FT1_SET
700 prefx aes_32t ft_tab[256];
701 #endif
702 
703 #ifdef FT4_SET
704 prefx aes_32t ft_tab[4][256];
705 #endif
706 
707 #ifdef FL1_SET
708 prefx aes_32t fl_tab[256];
709 #endif
710 
711 #ifdef FL4_SET
712 prefx aes_32t fl_tab[4][256];
713 #endif
714 
715 #ifdef IT1_SET
716 prefx aes_32t it_tab[256];
717 #endif
718 
719 #ifdef IT4_SET
720 prefx aes_32t it_tab[4][256];
721 #endif
722 
723 #ifdef IL1_SET
724 prefx aes_32t il_tab[256];
725 #endif
726 
727 #ifdef IL4_SET
728 prefx aes_32t il_tab[4][256];
729 #endif
730 
731 #ifdef LS1_SET
732 #ifdef FL1_SET
733 #undef LS1_SET
734 #else
735 prefx aes_32t ls_tab[256];
736 #endif
737 #endif
738 
739 #ifdef LS4_SET
740 #ifdef FL4_SET
741 #undef LS4_SET
742 #else
743 prefx aes_32t ls_tab[4][256];
744 #endif
745 #endif
746 
747 #ifdef IM1_SET
748 prefx aes_32t im_tab[256];
749 #endif
750 
751 #ifdef IM4_SET
752 prefx aes_32t im_tab[4][256];
753 #endif
754 
755 /* Set the number of columns in nc. Note that it is important
756  that nc is a constant which is known at compile time if the
757  highest speed version of the code is needed.
758 */
759 
760 #if defined(AES_BLOCK_SIZE)
761 #define nc (AES_BLOCK_SIZE >> 2)
762 #else
763 #define nc (cx->n_blk >> 2)
764 #endif
765 
766 /* generic definitions of Rijndael macros that use tables */
767 
768 #define no_table(x,box,vf,rf,c) bytes2word( \
769  box[bval(vf(x,0,c),rf(0,c))], \
770  box[bval(vf(x,1,c),rf(1,c))], \
771  box[bval(vf(x,2,c),rf(2,c))], \
772  box[bval(vf(x,3,c),rf(3,c))])
773 
774 #define one_table(x,op,tab,vf,rf,c) \
775  ( tab[bval(vf(x,0,c),rf(0,c))] \
776  ^ op(tab[bval(vf(x,1,c),rf(1,c))],1) \
777  ^ op(tab[bval(vf(x,2,c),rf(2,c))],2) \
778  ^ op(tab[bval(vf(x,3,c),rf(3,c))],3))
779 
780 #define four_tables(x,tab,vf,rf,c) \
781  ( tab[0][bval(vf(x,0,c),rf(0,c))] \
782  ^ tab[1][bval(vf(x,1,c),rf(1,c))] \
783  ^ tab[2][bval(vf(x,2,c),rf(2,c))] \
784  ^ tab[3][bval(vf(x,3,c),rf(3,c))])
785 
786 #define vf1(x,r,c) (x)
787 #define rf1(r,c) (r)
788 #define rf2(r,c) ((r-c)&3)
789 
790 /* perform forward and inverse column mix operation on four bytes in long word x in */
791 /* parallel. NOTE: x must be a simple variable, NOT an expression in these macros. */
792 
793 #define dec_fmvars
794 #if defined(FM4_SET) /* not currently used */
795 #define fwd_mcol(x) four_tables(x,fm_tab,vf1,rf1,0)
796 #elif defined(FM1_SET) /* not currently used */
797 #define fwd_mcol(x) one_table(x,upr,fm_tab,vf1,rf1,0)
798 #else
799 #undef dec_fmvars
800 #define dec_fmvars aes_32t f1, f2;
801 #define fwd_mcol(x) (f1 = (x), f2 = FFmulX(f1), f2 ^ upr(f1 ^ f2, 3) ^ upr(f1, 2) ^ upr(f1, 1))
802 #endif
803 
804 #define dec_imvars
805 #if defined(IM4_SET)
806 #define inv_mcol(x) four_tables(x,im_tab,vf1,rf1,0)
807 #elif defined(IM1_SET)
808 #define inv_mcol(x) one_table(x,upr,im_tab,vf1,rf1,0)
809 #else
810 #undef dec_imvars
811 #define dec_imvars aes_32t f2, f4, f8, f9;
812 #define inv_mcol(x) \
813  (f9 = (x), f2 = FFmulX(f9), f4 = FFmulX(f2), f8 = FFmulX(f4), f9 ^= f8, \
814  f2 ^= f4 ^ f8 ^ upr(f2 ^ f9,3) ^ upr(f4 ^ f9,2) ^ upr(f9,1))
815 #endif
816 
817 #if defined(FL4_SET)
818 #define ls_box(x,c) four_tables(x,fl_tab,vf1,rf2,c)
819 #elif defined(LS4_SET)
820 #define ls_box(x,c) four_tables(x,ls_tab,vf1,rf2,c)
821 #elif defined(FL1_SET)
822 #define ls_box(x,c) one_table(x,upr,fl_tab,vf1,rf2,c)
823 #elif defined(LS1_SET)
824 #define ls_box(x,c) one_table(x,upr,ls_tab,vf1,rf2,c)
825 #else
826 #define ls_box(x,c) no_table(x,s_box,vf1,rf2,c)
827 #endif
828 
829 #endif
prefx aes_32t il_tab[4][256]
Definition: aesopt.h:728
prefx aes_32t ft_tab[4][256]
Definition: aesopt.h:704
prefx aes_32t it_tab[4][256]
Definition: aesopt.h:720
prefx aes_32t im_tab[4][256]
Definition: aesopt.h:752
#define prefx
Definition: aesopt.h:682
prefx aes_32t fl_tab[4][256]
Definition: aesopt.h:712
prefx aes_32t rcon_tab[29]
Definition: aesopt.h:689