monotone

monotone Mtn Source Tree

Root/botan/aes.cpp

1/*************************************************
2* AES Source File *
3* (C) 1999-2005 The Botan Project *
4*************************************************/
5
6#include <botan/aes.h>
7#include <botan/bit_ops.h>
8#include <botan/parsing.h>
9
10namespace Botan {
11
12/*************************************************
13* AES Encryption *
14*************************************************/
15void AES::enc(const byte in[], byte out[]) const
16 {
17 u32bit T0, T1, T2, T3, B0, B1, B2, B3;
18 B0 = TE0[in[ 0] ^ ME[ 0]] ^ TE1[in[ 5] ^ ME[ 5]] ^
19 TE2[in[10] ^ ME[10]] ^ TE3[in[15] ^ ME[15]] ^ EK[0];
20 B1 = TE0[in[ 4] ^ ME[ 4]] ^ TE1[in[ 9] ^ ME[ 9]] ^
21 TE2[in[14] ^ ME[14]] ^ TE3[in[ 3] ^ ME[ 3]] ^ EK[1];
22 B2 = TE0[in[ 8] ^ ME[ 8]] ^ TE1[in[13] ^ ME[13]] ^
23 TE2[in[ 2] ^ ME[ 2]] ^ TE3[in[ 7] ^ ME[ 7]] ^ EK[2];
24 B3 = TE0[in[12] ^ ME[12]] ^ TE1[in[ 1] ^ ME[ 1]] ^
25 TE2[in[ 6] ^ ME[ 6]] ^ TE3[in[11] ^ ME[11]] ^ EK[3];
26 for(u32bit j = 1; j != ROUNDS - 1; j += 2)
27 {
28 T0 = TE0[get_byte(0, B0)] ^ TE1[get_byte(1, B1)] ^
29 TE2[get_byte(2, B2)] ^ TE3[get_byte(3, B3)] ^ EK[4*j+0];
30 T1 = TE0[get_byte(0, B1)] ^ TE1[get_byte(1, B2)] ^
31 TE2[get_byte(2, B3)] ^ TE3[get_byte(3, B0)] ^ EK[4*j+1];
32 T2 = TE0[get_byte(0, B2)] ^ TE1[get_byte(1, B3)] ^
33 TE2[get_byte(2, B0)] ^ TE3[get_byte(3, B1)] ^ EK[4*j+2];
34 T3 = TE0[get_byte(0, B3)] ^ TE1[get_byte(1, B0)] ^
35 TE2[get_byte(2, B1)] ^ TE3[get_byte(3, B2)] ^ EK[4*j+3];
36 B0 = TE0[get_byte(0, T0)] ^ TE1[get_byte(1, T1)] ^
37 TE2[get_byte(2, T2)] ^ TE3[get_byte(3, T3)] ^ EK[4*j+4];
38 B1 = TE0[get_byte(0, T1)] ^ TE1[get_byte(1, T2)] ^
39 TE2[get_byte(2, T3)] ^ TE3[get_byte(3, T0)] ^ EK[4*j+5];
40 B2 = TE0[get_byte(0, T2)] ^ TE1[get_byte(1, T3)] ^
41 TE2[get_byte(2, T0)] ^ TE3[get_byte(3, T1)] ^ EK[4*j+6];
42 B3 = TE0[get_byte(0, T3)] ^ TE1[get_byte(1, T0)] ^
43 TE2[get_byte(2, T1)] ^ TE3[get_byte(3, T2)] ^ EK[4*j+7];
44 }
45 out[ 0] = SE[get_byte(0, B0)] ^ ME[16];
46 out[ 1] = SE[get_byte(1, B1)] ^ ME[17];
47 out[ 2] = SE[get_byte(2, B2)] ^ ME[18];
48 out[ 3] = SE[get_byte(3, B3)] ^ ME[19];
49 out[ 4] = SE[get_byte(0, B1)] ^ ME[20];
50 out[ 5] = SE[get_byte(1, B2)] ^ ME[21];
51 out[ 6] = SE[get_byte(2, B3)] ^ ME[22];
52 out[ 7] = SE[get_byte(3, B0)] ^ ME[23];
53 out[ 8] = SE[get_byte(0, B2)] ^ ME[24];
54 out[ 9] = SE[get_byte(1, B3)] ^ ME[25];
55 out[10] = SE[get_byte(2, B0)] ^ ME[26];
56 out[11] = SE[get_byte(3, B1)] ^ ME[27];
57 out[12] = SE[get_byte(0, B3)] ^ ME[28];
58 out[13] = SE[get_byte(1, B0)] ^ ME[29];
59 out[14] = SE[get_byte(2, B1)] ^ ME[30];
60 out[15] = SE[get_byte(3, B2)] ^ ME[31];
61 }
62
63/*************************************************
64* AES Decryption *
65*************************************************/
66void AES::dec(const byte in[], byte out[]) const
67 {
68 u32bit T0, T1, T2, T3, B0, B1, B2, B3;
69 B0 = TD0[in[ 0] ^ MD[ 0]] ^ TD1[in[13] ^ MD[13]] ^
70 TD2[in[10] ^ MD[10]] ^ TD3[in[ 7] ^ MD[ 7]] ^ DK[0];
71 B1 = TD0[in[ 4] ^ MD[ 4]] ^ TD1[in[ 1] ^ MD[ 1]] ^
72 TD2[in[14] ^ MD[14]] ^ TD3[in[11] ^ MD[11]] ^ DK[1];
73 B2 = TD0[in[ 8] ^ MD[ 8]] ^ TD1[in[ 5] ^ MD[ 5]] ^
74 TD2[in[ 2] ^ MD[ 2]] ^ TD3[in[15] ^ MD[15]] ^ DK[2];
75 B3 = TD0[in[12] ^ MD[12]] ^ TD1[in[ 9] ^ MD[ 9]] ^
76 TD2[in[ 6] ^ MD[ 6]] ^ TD3[in[ 3] ^ MD[ 3]] ^ DK[3];
77 for(u32bit j = 1; j != ROUNDS - 1; j += 2)
78 {
79 T0 = TD0[get_byte(0, B0)] ^ TD1[get_byte(1, B3)] ^
80 TD2[get_byte(2, B2)] ^ TD3[get_byte(3, B1)] ^ DK[4*j+0];
81 T1 = TD0[get_byte(0, B1)] ^ TD1[get_byte(1, B0)] ^
82 TD2[get_byte(2, B3)] ^ TD3[get_byte(3, B2)] ^ DK[4*j+1];
83 T2 = TD0[get_byte(0, B2)] ^ TD1[get_byte(1, B1)] ^
84 TD2[get_byte(2, B0)] ^ TD3[get_byte(3, B3)] ^ DK[4*j+2];
85 T3 = TD0[get_byte(0, B3)] ^ TD1[get_byte(1, B2)] ^
86 TD2[get_byte(2, B1)] ^ TD3[get_byte(3, B0)] ^ DK[4*j+3];
87 B0 = TD0[get_byte(0, T0)] ^ TD1[get_byte(1, T3)] ^
88 TD2[get_byte(2, T2)] ^ TD3[get_byte(3, T1)] ^ DK[4*j+4];
89 B1 = TD0[get_byte(0, T1)] ^ TD1[get_byte(1, T0)] ^
90 TD2[get_byte(2, T3)] ^ TD3[get_byte(3, T2)] ^ DK[4*j+5];
91 B2 = TD0[get_byte(0, T2)] ^ TD1[get_byte(1, T1)] ^
92 TD2[get_byte(2, T0)] ^ TD3[get_byte(3, T3)] ^ DK[4*j+6];
93 B3 = TD0[get_byte(0, T3)] ^ TD1[get_byte(1, T2)] ^
94 TD2[get_byte(2, T1)] ^ TD3[get_byte(3, T0)] ^ DK[4*j+7];
95 }
96 out[ 0] = SD[get_byte(0, B0)] ^ MD[16];
97 out[ 1] = SD[get_byte(1, B3)] ^ MD[17];
98 out[ 2] = SD[get_byte(2, B2)] ^ MD[18];
99 out[ 3] = SD[get_byte(3, B1)] ^ MD[19];
100 out[ 4] = SD[get_byte(0, B1)] ^ MD[20];
101 out[ 5] = SD[get_byte(1, B0)] ^ MD[21];
102 out[ 6] = SD[get_byte(2, B3)] ^ MD[22];
103 out[ 7] = SD[get_byte(3, B2)] ^ MD[23];
104 out[ 8] = SD[get_byte(0, B2)] ^ MD[24];
105 out[ 9] = SD[get_byte(1, B1)] ^ MD[25];
106 out[10] = SD[get_byte(2, B0)] ^ MD[26];
107 out[11] = SD[get_byte(3, B3)] ^ MD[27];
108 out[12] = SD[get_byte(0, B3)] ^ MD[28];
109 out[13] = SD[get_byte(1, B2)] ^ MD[29];
110 out[14] = SD[get_byte(2, B1)] ^ MD[30];
111 out[15] = SD[get_byte(3, B0)] ^ MD[31];
112 }
113
114/*************************************************
115* AES Key Schedule *
116*************************************************/
117void AES::key(const byte key[], u32bit length)
118 {
119 static const u32bit RC[10] = {
120 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000,
121 0x40000000, 0x80000000, 0x1B000000, 0x36000000 };
122 ROUNDS = (length / 4) + 6;
123
124 SecureBuffer<u32bit, 64> XEK, XDK;
125
126 const u32bit X = length / 4;
127 for(u32bit j = 0; j != X; j++)
128 XEK[j] = make_u32bit(key[4*j], key[4*j+1], key[4*j+2], key[4*j+3]);
129 for(u32bit j = X; j < 4*(ROUNDS+1); j += X)
130 {
131 XEK[j] = XEK[j-X] ^ S(rotate_left(XEK[j-1], 8)) ^ RC[(j-X)/X];
132 for(u32bit k = 1; k != X; k++)
133 {
134 if(X == 8 && k == 4)
135 XEK[j+k] = XEK[j+k-X] ^ S(XEK[j+k-1]);
136 else
137 XEK[j+k] = XEK[j+k-X] ^ XEK[j+k-1];
138 }
139 }
140
141 for(u32bit j = 0; j != 4*(ROUNDS+1); j += 4)
142 {
143 XDK[j ] = XEK[4*ROUNDS-j ];
144 XDK[j+1] = XEK[4*ROUNDS-j+1];
145 XDK[j+2] = XEK[4*ROUNDS-j+2];
146 XDK[j+3] = XEK[4*ROUNDS-j+3];
147 }
148 for(u32bit j = 4; j != length + 24; j++)
149 XDK[j] = TD0[SE[get_byte(0, XDK[j])]] ^ TD1[SE[get_byte(1, XDK[j])]] ^
150 TD2[SE[get_byte(2, XDK[j])]] ^ TD3[SE[get_byte(3, XDK[j])]];
151
152 for(u32bit j = 0; j != 4; j++)
153 for(u32bit k = 0; k != 4; k++)
154 {
155 ME[4*j+k ] = get_byte(k, XEK[j]);
156 ME[4*j+k+16] = get_byte(k, XEK[j+4*ROUNDS]);
157 MD[4*j+k ] = get_byte(k, XDK[j]);
158 MD[4*j+k+16] = get_byte(k, XEK[j]);
159 }
160
161 EK.copy(XEK + 4, length + 20);
162 DK.copy(XDK + 4, length + 20);
163 }
164
165/*************************************************
166* AES Byte Substitution *
167*************************************************/
168u32bit AES::S(u32bit input)
169 {
170 return make_u32bit(SE[get_byte(0, input)], SE[get_byte(1, input)],
171 SE[get_byte(2, input)], SE[get_byte(3, input)]);
172 }
173
174/*************************************************
175* AES Constructor *
176*************************************************/
177AES::AES(u32bit key_size) : BlockCipher(16, key_size)
178 {
179 if(key_size != 16 && key_size != 24 && key_size != 32)
180 throw Invalid_Argument("AES: Bad key size " + to_string(key_size));
181 ROUNDS = (key_size / 4) + 6;
182 }
183
184/*************************************************
185* Clear memory of sensitive data *
186*************************************************/
187void AES::clear() throw()
188 {
189 EK.clear();
190 DK.clear();
191 ME.clear();
192 MD.clear();
193 }
194
195}

Archive Download this file

Branches

Tags

Quick Links:     www.monotone.ca    -     Downloads    -     Documentation    -     Wiki    -     Code Forge    -     Build Status