Context Navigation

rijndael-alg-fst.c @ b376ae1

55-freebsd-126-freebsd-12

Last change on this file since b376ae1 was b376ae1, checked in by Christian Mauderer <christian.mauderer@…>, on 05/03/18 at 12:15:11

ipsec-tools: Port libipsec, setkey and racoon.

Note that this replaces the libipsec from FreeBSD with the one provided
by ipsec-tools.

Property mode set to 100644

File size: 14.9 KB

Line
1	#include <machine/rtems-bsd-user-space.h>
2
3	/* $NetBSD: rijndael-alg-fst.c,v 1.4 2006/09/09 16:22:36 manu Exp $ */
4
5	/* $KAME: rijndael-alg-fst.c,v 1.1.1.1 2001/08/08 09:56:23 sakane Exp $ */
6
7	/*
8	* rijndael-alg-fst.c v2.3 April '2000
9	*
10	* Optimised ANSI C code
11	*
12	* authors: v1.0: Antoon Bosselaers
13	* v2.0: Vincent Rijmen
14	* v2.3: Paulo Barreto
15	*
16	* This code is placed in the public domain.
17	*/
18
19	#include "config.h"
20
21	#include <sys/cdefs.h>
22	#include <sys/types.h>
23	#ifdef _KERNEL
24	#include <sys/systm.h>
25	#else
26	#include <string.h>
27	#endif
28	#include <crypto/rijndael/rijndael-alg-fst.h>
29	#include <crypto/rijndael/rijndael_local.h>
30
31	#include <crypto/rijndael/boxes-fst.dat>
32
33	#include <err.h>
34	#define bcopy(a, b, c) memcpy((b), (a), (c))
35	#define bzero(a, b) memset((a), 0, (b))
36	#define panic(a) err(1, (a))
37
38	int rijndaelKeySched(word8 k[MAXKC][4], word8 W[MAXROUNDS+1][4][4], int ROUNDS) {
39	/* Calculate the necessary round keys
40	* The number of calculations depends on keyBits and blockBits
41	*/
42	int j, r, t, rconpointer = 0;
43	union {
44	word8 x8[MAXKC][4];
45	word32 x32[MAXKC];
46	} xtk;
47	#define tk xtk.x8
48	int KC = ROUNDS - 6;
49
50	for (j = KC-1; j >= 0; j--) {
51	((word32)tk[j]) = ((word32)k[j]);
52	}
53	r = 0;
54	t = 0;
55	/* copy values into round key array */
56	for (j = 0; (j < KC) && (r < ROUNDS + 1); ) {
57	for (; (j < KC) && (t < 4); j++, t++) {
58	((word32)W[r][t]) = ((word32)tk[j]);
59	}
60	if (t == 4) {
61	r++;
62	t = 0;
63	}
64	}
65
66	while (r < ROUNDS + 1) { /* while not enough round key material calculated */
67	/* calculate new values */
68	tk[0][0] ^= S[tk[KC-1][1]];
69	tk[0][1] ^= S[tk[KC-1][2]];
70	tk[0][2] ^= S[tk[KC-1][3]];
71	tk[0][3] ^= S[tk[KC-1][0]];
72	tk[0][0] ^= rcon[rconpointer++];
73
74	if (KC != 8) {
75	for (j = 1; j < KC; j++) {
76	((word32)tk[j]) ^= ((word32)tk[j-1]);
77	}
78	} else {
79	for (j = 1; j < KC/2; j++) {
80	((word32)tk[j]) ^= ((word32)tk[j-1]);
81	}
82	tk[KC/2][0] ^= S[tk[KC/2 - 1][0]];
83	tk[KC/2][1] ^= S[tk[KC/2 - 1][1]];
84	tk[KC/2][2] ^= S[tk[KC/2 - 1][2]];
85	tk[KC/2][3] ^= S[tk[KC/2 - 1][3]];
86	for (j = KC/2 + 1; j < KC; j++) {
87	((word32)tk[j]) ^= ((word32)tk[j-1]);
88	}
89	}
90	/* copy values into round key array */
91	for (j = 0; (j < KC) && (r < ROUNDS + 1); ) {
92	for (; (j < KC) && (t < 4); j++, t++) {
93	((word32)W[r][t]) = ((word32)tk[j]);
94	}
95	if (t == 4) {
96	r++;
97	t = 0;
98	}
99	}
100	}
101	return 0;
102	#undef tk
103	}
104
105	int rijndaelKeyEncToDec(word8 W[MAXROUNDS+1][4][4], int ROUNDS) {
106	int r;
107	word8 *w;
108
109	for (r = 1; r < ROUNDS; r++) {
110	w = W[r][0];
111	((word32)w) =
112	((const word32)U1[w[0]])
113	^ ((const word32)U2[w[1]])
114	^ ((const word32)U3[w[2]])
115	^ ((const word32)U4[w[3]]);
116
117	w = W[r][1];
118	((word32)w) =
119	((const word32)U1[w[0]])
120	^ ((const word32)U2[w[1]])
121	^ ((const word32)U3[w[2]])
122	^ ((const word32)U4[w[3]]);
123
124	w = W[r][2];
125	((word32)w) =
126	((const word32)U1[w[0]])
127	^ ((const word32)U2[w[1]])
128	^ ((const word32)U3[w[2]])
129	^ ((const word32)U4[w[3]]);
130
131	w = W[r][3];
132	((word32)w) =
133	((const word32)U1[w[0]])
134	^ ((const word32)U2[w[1]])
135	^ ((const word32)U3[w[2]])
136	^ ((const word32)U4[w[3]]);
137	}
138	return 0;
139	}
140
141	/**
142	* Encrypt a single block.
143	*/
144	int rijndaelEncrypt(word8 in[16], word8 out[16], word8 rk[MAXROUNDS+1][4][4], int ROUNDS) {
145	int r;
146	union {
147	word8 x8[16];
148	word32 x32[4];
149	} xa, xb;
150	#define a xa.x8
151	#define b xb.x8
152	union {
153	word8 x8[4][4];
154	word32 x32[4];
155	} xtemp;
156	#define temp xtemp.x8
157
158	memcpy(a, in, sizeof a);
159
160	((word32)temp[0]) = ((word32)(a )) ^ ((word32)rk[0][0]);
161	((word32)temp[1]) = ((word32)(a+ 4)) ^ ((word32)rk[0][1]);
162	((word32)temp[2]) = ((word32)(a+ 8)) ^ ((word32)rk[0][2]);
163	((word32)temp[3]) = ((word32)(a+12)) ^ ((word32)rk[0][3]);
164	((word32)(b )) = ((const word32)T1[temp[0][0]])
165	^ ((const word32)T2[temp[1][1]])
166	^ ((const word32)T3[temp[2][2]])
167	^ ((const word32)T4[temp[3][3]]);
168	((word32)(b + 4)) = ((const word32)T1[temp[1][0]])
169	^ ((const word32)T2[temp[2][1]])
170	^ ((const word32)T3[temp[3][2]])
171	^ ((const word32)T4[temp[0][3]]);
172	((word32)(b + 8)) = ((const word32)T1[temp[2][0]])
173	^ ((const word32)T2[temp[3][1]])
174	^ ((const word32)T3[temp[0][2]])
175	^ ((const word32)T4[temp[1][3]]);
176	((word32)(b +12)) = ((const word32)T1[temp[3][0]])
177	^ ((const word32)T2[temp[0][1]])
178	^ ((const word32)T3[temp[1][2]])
179	^ ((const word32)T4[temp[2][3]]);
180	for (r = 1; r < ROUNDS-1; r++) {
181	((word32)temp[0]) = ((word32)(b )) ^ ((word32)rk[r][0]);
182	((word32)temp[1]) = ((word32)(b+ 4)) ^ ((word32)rk[r][1]);
183	((word32)temp[2]) = ((word32)(b+ 8)) ^ ((word32)rk[r][2]);
184	((word32)temp[3]) = ((word32)(b+12)) ^ ((word32)rk[r][3]);
185
186	((word32)(b )) = ((const word32)T1[temp[0][0]])
187	^ ((const word32)T2[temp[1][1]])
188	^ ((const word32)T3[temp[2][2]])
189	^ ((const word32)T4[temp[3][3]]);
190	((word32)(b + 4)) = ((const word32)T1[temp[1][0]])
191	^ ((const word32)T2[temp[2][1]])
192	^ ((const word32)T3[temp[3][2]])
193	^ ((const word32)T4[temp[0][3]]);
194	((word32)(b + 8)) = ((const word32)T1[temp[2][0]])
195	^ ((const word32)T2[temp[3][1]])
196	^ ((const word32)T3[temp[0][2]])
197	^ ((const word32)T4[temp[1][3]]);
198	((word32)(b +12)) = ((const word32)T1[temp[3][0]])
199	^ ((const word32)T2[temp[0][1]])
200	^ ((const word32)T3[temp[1][2]])
201	^ ((const word32)T4[temp[2][3]]);
202	}
203	/* last round is special */
204	((word32)temp[0]) = ((word32)(b )) ^ ((word32)rk[ROUNDS-1][0]);
205	((word32)temp[1]) = ((word32)(b+ 4)) ^ ((word32)rk[ROUNDS-1][1]);
206	((word32)temp[2]) = ((word32)(b+ 8)) ^ ((word32)rk[ROUNDS-1][2]);
207	((word32)temp[3]) = ((word32)(b+12)) ^ ((word32)rk[ROUNDS-1][3]);
208	b[ 0] = T1[temp[0][0]][1];
209	b[ 1] = T1[temp[1][1]][1];
210	b[ 2] = T1[temp[2][2]][1];
211	b[ 3] = T1[temp[3][3]][1];
212	b[ 4] = T1[temp[1][0]][1];
213	b[ 5] = T1[temp[2][1]][1];
214	b[ 6] = T1[temp[3][2]][1];
215	b[ 7] = T1[temp[0][3]][1];
216	b[ 8] = T1[temp[2][0]][1];
217	b[ 9] = T1[temp[3][1]][1];
218	b[10] = T1[temp[0][2]][1];
219	b[11] = T1[temp[1][3]][1];
220	b[12] = T1[temp[3][0]][1];
221	b[13] = T1[temp[0][1]][1];
222	b[14] = T1[temp[1][2]][1];
223	b[15] = T1[temp[2][3]][1];
224	((word32)(b )) ^= ((word32)rk[ROUNDS][0]);
225	((word32)(b+ 4)) ^= ((word32)rk[ROUNDS][1]);
226	((word32)(b+ 8)) ^= ((word32)rk[ROUNDS][2]);
227	((word32)(b+12)) ^= ((word32)rk[ROUNDS][3]);
228
229	memcpy(out, b, sizeof b /* XXX out */);
230
231	return 0;
232	#undef a
233	#undef b
234	#undef temp
235	}
236
237	#ifdef INTERMEDIATE_VALUE_KAT
238	/**
239	* Encrypt only a certain number of rounds.
240	* Only used in the Intermediate Value Known Answer Test.
241	*/
242	int rijndaelEncryptRound(word8 a[4][4], word8 rk[MAXROUNDS+1][4][4], int ROUNDS, int rounds) {
243	int r;
244	word8 temp[4][4];
245
246	/* make number of rounds sane */
247	if (rounds > ROUNDS) {
248	rounds = ROUNDS;
249	}
250
251	((word32)a[0]) = ((word32)a[0]) ^ ((word32)rk[0][0]);
252	((word32)a[1]) = ((word32)a[1]) ^ ((word32)rk[0][1]);
253	((word32)a[2]) = ((word32)a[2]) ^ ((word32)rk[0][2]);
254	((word32)a[3]) = ((word32)a[3]) ^ ((word32)rk[0][3]);
255
256	for (r = 1; (r <= rounds) && (r < ROUNDS); r++) {
257	((word32)temp[0]) = ((const word32)T1[a[0][0]])
258	^ ((const word32)T2[a[1][1]])
259	^ ((const word32)T3[a[2][2]])
260	^ ((const word32)T4[a[3][3]]);
261	((word32)temp[1]) = ((const word32)T1[a[1][0]])
262	^ ((const word32)T2[a[2][1]])
263	^ ((const word32)T3[a[3][2]])
264	^ ((const word32)T4[a[0][3]]);
265	((word32)temp[2]) = ((const word32)T1[a[2][0]])
266	^ ((const word32)T2[a[3][1]])
267	^ ((const word32)T3[a[0][2]])
268	^ ((const word32)T4[a[1][3]]);
269	((word32)temp[3]) = ((const word32)T1[a[3][0]])
270	^ ((const word32)T2[a[0][1]])
271	^ ((const word32)T3[a[1][2]])
272	^ ((const word32)T4[a[2][3]]);
273	((word32)a[0]) = ((word32)temp[0]) ^ ((word32)rk[r][0]);
274	((word32)a[1]) = ((word32)temp[1]) ^ ((word32)rk[r][1]);
275	((word32)a[2]) = ((word32)temp[2]) ^ ((word32)rk[r][2]);
276	((word32)a[3]) = ((word32)temp[3]) ^ ((word32)rk[r][3]);
277	}
278	if (rounds == ROUNDS) {
279	/* last round is special */
280	temp[0][0] = T1[a[0][0]][1];
281	temp[0][1] = T1[a[1][1]][1];
282	temp[0][2] = T1[a[2][2]][1];
283	temp[0][3] = T1[a[3][3]][1];
284	temp[1][0] = T1[a[1][0]][1];
285	temp[1][1] = T1[a[2][1]][1];
286	temp[1][2] = T1[a[3][2]][1];
287	temp[1][3] = T1[a[0][3]][1];
288	temp[2][0] = T1[a[2][0]][1];
289	temp[2][1] = T1[a[3][1]][1];
290	temp[2][2] = T1[a[0][2]][1];
291	temp[2][3] = T1[a[1][3]][1];
292	temp[3][0] = T1[a[3][0]][1];
293	temp[3][1] = T1[a[0][1]][1];
294	temp[3][2] = T1[a[1][2]][1];
295	temp[3][3] = T1[a[2][3]][1];
296	((word32)a[0]) = ((word32)temp[0]) ^ ((word32)rk[ROUNDS][0]);
297	((word32)a[1]) = ((word32)temp[1]) ^ ((word32)rk[ROUNDS][1]);
298	((word32)a[2]) = ((word32)temp[2]) ^ ((word32)rk[ROUNDS][2]);
299	((word32)a[3]) = ((word32)temp[3]) ^ ((word32)rk[ROUNDS][3]);
300	}
301
302	return 0;
303	}
304	#endif /* INTERMEDIATE_VALUE_KAT */
305
306	/**
307	* Decrypt a single block.
308	*/
309	int rijndaelDecrypt(word8 in[16], word8 out[16], word8 rk[MAXROUNDS+1][4][4], int ROUNDS) {
310	int r;
311	union {
312	word8 x8[16];
313	word32 x32[4];
314	} xa, xb;
315	#define a xa.x8
316	#define b xb.x8
317	union {
318	word8 x8[4][4];
319	word32 x32[4];
320	} xtemp;
321	#define temp xtemp.x8
322
323	memcpy(a, in, sizeof a);
324
325	((word32)temp[0]) = ((word32)(a )) ^ ((word32)rk[ROUNDS][0]);
326	((word32)temp[1]) = ((word32)(a+ 4)) ^ ((word32)rk[ROUNDS][1]);
327	((word32)temp[2]) = ((word32)(a+ 8)) ^ ((word32)rk[ROUNDS][2]);
328	((word32)temp[3]) = ((word32)(a+12)) ^ ((word32)rk[ROUNDS][3]);
329
330	((word32)(b )) = ((const word32)T5[temp[0][0]])
331	^ ((const word32)T6[temp[3][1]])
332	^ ((const word32)T7[temp[2][2]])
333	^ ((const word32)T8[temp[1][3]]);
334	((word32)(b+ 4)) = ((const word32)T5[temp[1][0]])
335	^ ((const word32)T6[temp[0][1]])
336	^ ((const word32)T7[temp[3][2]])
337	^ ((const word32)T8[temp[2][3]]);
338	((word32)(b+ 8)) = ((const word32)T5[temp[2][0]])
339	^ ((const word32)T6[temp[1][1]])
340	^ ((const word32)T7[temp[0][2]])
341	^ ((const word32)T8[temp[3][3]]);
342	((word32)(b+12)) = ((const word32)T5[temp[3][0]])
343	^ ((const word32)T6[temp[2][1]])
344	^ ((const word32)T7[temp[1][2]])
345	^ ((const word32)T8[temp[0][3]]);
346	for (r = ROUNDS-1; r > 1; r--) {
347	((word32)temp[0]) = ((word32)(b )) ^ ((word32)rk[r][0]);
348	((word32)temp[1]) = ((word32)(b+ 4)) ^ ((word32)rk[r][1]);
349	((word32)temp[2]) = ((word32)(b+ 8)) ^ ((word32)rk[r][2]);
350	((word32)temp[3]) = ((word32)(b+12)) ^ ((word32)rk[r][3]);
351	((word32)(b )) = ((const word32)T5[temp[0][0]])
352	^ ((const word32)T6[temp[3][1]])
353	^ ((const word32)T7[temp[2][2]])
354	^ ((const word32)T8[temp[1][3]]);
355	((word32)(b+ 4)) = ((const word32)T5[temp[1][0]])
356	^ ((const word32)T6[temp[0][1]])
357	^ ((const word32)T7[temp[3][2]])
358	^ ((const word32)T8[temp[2][3]]);
359	((word32)(b+ 8)) = ((const word32)T5[temp[2][0]])
360	^ ((const word32)T6[temp[1][1]])
361	^ ((const word32)T7[temp[0][2]])
362	^ ((const word32)T8[temp[3][3]]);
363	((word32)(b+12)) = ((const word32)T5[temp[3][0]])
364	^ ((const word32)T6[temp[2][1]])
365	^ ((const word32)T7[temp[1][2]])
366	^ ((const word32)T8[temp[0][3]]);
367	}
368	/* last round is special */
369	((word32)temp[0]) = ((word32)(b )) ^ ((word32)rk[1][0]);
370	((word32)temp[1]) = ((word32)(b+ 4)) ^ ((word32)rk[1][1]);
371	((word32)temp[2]) = ((word32)(b+ 8)) ^ ((word32)rk[1][2]);
372	((word32)temp[3]) = ((word32)(b+12)) ^ ((word32)rk[1][3]);
373	b[ 0] = S5[temp[0][0]];
374	b[ 1] = S5[temp[3][1]];
375	b[ 2] = S5[temp[2][2]];
376	b[ 3] = S5[temp[1][3]];
377	b[ 4] = S5[temp[1][0]];
378	b[ 5] = S5[temp[0][1]];
379	b[ 6] = S5[temp[3][2]];
380	b[ 7] = S5[temp[2][3]];
381	b[ 8] = S5[temp[2][0]];
382	b[ 9] = S5[temp[1][1]];
383	b[10] = S5[temp[0][2]];
384	b[11] = S5[temp[3][3]];
385	b[12] = S5[temp[3][0]];
386	b[13] = S5[temp[2][1]];
387	b[14] = S5[temp[1][2]];
388	b[15] = S5[temp[0][3]];
389	((word32)(b )) ^= ((word32)rk[0][0]);
390	((word32)(b+ 4)) ^= ((word32)rk[0][1]);
391	((word32)(b+ 8)) ^= ((word32)rk[0][2]);
392	((word32)(b+12)) ^= ((word32)rk[0][3]);
393
394	memcpy(out, b, sizeof b /* XXX out */);
395
396	return 0;
397	#undef a
398	#undef b
399	#undef temp
400	}
401
402
403	#ifdef INTERMEDIATE_VALUE_KAT
404	/**
405	* Decrypt only a certain number of rounds.
406	* Only used in the Intermediate Value Known Answer Test.
407	* Operations rearranged such that the intermediate values
408	* of decryption correspond with the intermediate values
409	* of encryption.
410	*/
411	int rijndaelDecryptRound(word8 a[4][4], word8 rk[MAXROUNDS+1][4][4], int ROUNDS, int rounds) {
412	int r, i;
413	word8 temp[4], shift;
414
415	/* make number of rounds sane */
416	if (rounds > ROUNDS) {
417	rounds = ROUNDS;
418	}
419	/* first round is special: */
420	(word32 )a[0] ^= (word32 )rk[ROUNDS][0];
421	(word32 )a[1] ^= (word32 )rk[ROUNDS][1];
422	(word32 )a[2] ^= (word32 )rk[ROUNDS][2];
423	(word32 )a[3] ^= (word32 )rk[ROUNDS][3];
424	for (i = 0; i < 4; i++) {
425	a[i][0] = Si[a[i][0]];
426	a[i][1] = Si[a[i][1]];
427	a[i][2] = Si[a[i][2]];
428	a[i][3] = Si[a[i][3]];
429	}
430	for (i = 1; i < 4; i++) {
431	shift = (4 - i) & 3;
432	temp[0] = a[(0 + shift) & 3][i];
433	temp[1] = a[(1 + shift) & 3][i];
434	temp[2] = a[(2 + shift) & 3][i];
435	temp[3] = a[(3 + shift) & 3][i];
436	a[0][i] = temp[0];
437	a[1][i] = temp[1];
438	a[2][i] = temp[2];
439	a[3][i] = temp[3];
440	}
441	/* ROUNDS-1 ordinary rounds */
442	for (r = ROUNDS-1; r > rounds; r--) {
443	(word32 )a[0] ^= (word32 )rk[r][0];
444	(word32 )a[1] ^= (word32 )rk[r][1];
445	(word32 )a[2] ^= (word32 )rk[r][2];
446	(word32 )a[3] ^= (word32 )rk[r][3];
447
448	((word32)a[0]) =
449	((const word32)U1[a[0][0]])
450	^ ((const word32)U2[a[0][1]])
451	^ ((const word32)U3[a[0][2]])
452	^ ((const word32)U4[a[0][3]]);
453
454	((word32)a[1]) =
455	((const word32)U1[a[1][0]])
456	^ ((const word32)U2[a[1][1]])
457	^ ((const word32)U3[a[1][2]])
458	^ ((const word32)U4[a[1][3]]);
459
460	((word32)a[2]) =
461	((const word32)U1[a[2][0]])
462	^ ((const word32)U2[a[2][1]])
463	^ ((const word32)U3[a[2][2]])
464	^ ((const word32)U4[a[2][3]]);
465
466	((word32)a[3]) =
467	((const word32)U1[a[3][0]])
468	^ ((const word32)U2[a[3][1]])
469	^ ((const word32)U3[a[3][2]])
470	^ ((const word32)U4[a[3][3]]);
471	for (i = 0; i < 4; i++) {
472	a[i][0] = Si[a[i][0]];
473	a[i][1] = Si[a[i][1]];
474	a[i][2] = Si[a[i][2]];
475	a[i][3] = Si[a[i][3]];
476	}
477	for (i = 1; i < 4; i++) {
478	shift = (4 - i) & 3;
479	temp[0] = a[(0 + shift) & 3][i];
480	temp[1] = a[(1 + shift) & 3][i];
481	temp[2] = a[(2 + shift) & 3][i];
482	temp[3] = a[(3 + shift) & 3][i];
483	a[0][i] = temp[0];
484	a[1][i] = temp[1];
485	a[2][i] = temp[2];
486	a[3][i] = temp[3];
487	}
488	}
489	if (rounds == 0) {
490	/* End with the extra key addition */
491	(word32 )a[0] ^= (word32 )rk[0][0];
492	(word32 )a[1] ^= (word32 )rk[0][1];
493	(word32 )a[2] ^= (word32 )rk[0][2];
494	(word32 )a[3] ^= (word32 )rk[0][3];
495	}
496	return 0;
497	}
498	#endif /* INTERMEDIATE_VALUE_KAT */

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: rtems-libbsd/ipsec-tools/src/racoon/missing/crypto/rijndael/rijndael-alg-fst.c @ b376ae1

Download in other formats: