Rizin
unix-like reverse engineering framework and cli tools
aes-decrypt-internal.c
Go to the documentation of this file.
1 // SPDX-FileCopyrightText: 2002, 2013 Niels Möller
2 // SPDX-License-Identifier: LGPL-3.0-only
3 
4 /* aes-decrypt-internal.c
5 
6  Decryption function for the aes/rijndael block cipher.
7 
8  Copyright 2002, 2013 Niels Möller
9 
10  This file is part of GNU Nettle.
11 
12  GNU Nettle is free software: you can redistribute it and/or
13  modify it under the terms of either:
14 
15  * the GNU Lesser General Public License as published by the Free
16  Software Foundation; either version 3 of the License, or (at your
17  option) any later version.
18 
19  or
20 
21  * the GNU General Public License as published by the Free
22  Software Foundation; either version 2 of the License, or (at your
23  option) any later version.
24 
25  or both in parallel, as here.
26 
27  GNU Nettle is distributed in the hope that it will be useful,
28  but WITHOUT ANY WARRANTY; without even the implied warranty of
29  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
30  General Public License for more details.
31 
32  You should have received copies of the GNU General Public License and
33  the GNU Lesser General Public License along with this program. If
34  not, see http://www.gnu.org/licenses/.
35 */
36 
37 #if HAVE_CONFIG_H
38 # include "config.h"
39 #endif
40 
41 #include <assert.h>
42 
43 #include "aes-internal.h"
44 #include "macros.h"
45 
46 /* For fat builds */
47 #if HAVE_NATIVE_aes_decrypt
48 void
49 _nettle_aes_decrypt_c(unsigned rounds, const uint32_t *keys,
50  const struct aes_table *T,
51  size_t length, uint8_t *dst,
52  const uint8_t *src);
53 #define _nettle_aes_decrypt _nettle_aes_decrypt_c
54 #endif
55 
56 void
57 _nettle_aes_decrypt(unsigned rounds, const uint32_t *keys,
58  const struct aes_table *T,
59  size_t length, uint8_t *dst,
60  const uint8_t *src)
61 {
63  {
64  uint32_t w0, w1, w2, w3; /* working ciphertext */
65  uint32_t t0, t1, t2, t3;
66  unsigned i;
67 
68  /* Get clear text, using little-endian byte order.
69  * Also XOR with the first subkey. */
70 
71  w0 = LE_READ_UINT32(src) ^ keys[0];
72  w1 = LE_READ_UINT32(src + 4) ^ keys[1];
73  w2 = LE_READ_UINT32(src + 8) ^ keys[2];
74  w3 = LE_READ_UINT32(src + 12) ^ keys[3];
75 
76  for (i = 1; i < rounds; i++)
77  {
78  t0 = AES_ROUND(T, w0, w3, w2, w1, keys[4*i]);
79  t1 = AES_ROUND(T, w1, w0, w3, w2, keys[4*i + 1]);
80  t2 = AES_ROUND(T, w2, w1, w0, w3, keys[4*i + 2]);
81  t3 = AES_ROUND(T, w3, w2, w1, w0, keys[4*i + 3]);
82 
83  /* We could unroll the loop twice, to avoid these
84  assignments. If all eight variables fit in registers,
85  that should give a slight speedup. */
86  w0 = t0;
87  w1 = t1;
88  w2 = t2;
89  w3 = t3;
90  }
91 
92  /* Final round */
93 
94  t0 = AES_FINAL_ROUND(T, w0, w3, w2, w1, keys[4*i]);
95  t1 = AES_FINAL_ROUND(T, w1, w0, w3, w2, keys[4*i + 1]);
96  t2 = AES_FINAL_ROUND(T, w2, w1, w0, w3, keys[4*i + 2]);
97  t3 = AES_FINAL_ROUND(T, w3, w2, w1, w0, keys[4*i + 3]);
98 
99  LE_WRITE_UINT32(dst, t0);
100  LE_WRITE_UINT32(dst + 4, t1);
101  LE_WRITE_UINT32(dst + 8, t2);
102  LE_WRITE_UINT32(dst + 12, t3);
103  }
104 }
#define T(op)
void _nettle_aes_decrypt(unsigned rounds, const uint32_t *keys, const struct aes_table *T, size_t length, uint8_t *dst, const uint8_t *src)
#define AES_ROUND(T, w0, w1, w2, w3, k)
Definition: aes-internal.h:90
#define AES_FINAL_ROUND(T, w0, w1, w2, w3, k)
Definition: aes-internal.h:96
lzma_index ** i
Definition: index.h:629
lzma_index * src
Definition: index.h:567
static static sync static getppid static getegid const char static filename char static len const char char static bufsiz static mask static vfork const void static prot static getpgrp const char static swapflags static arg static fd static protocol static who struct sockaddr static addrlen static backlog struct timeval struct timezone static tz const struct iovec static count static mode const void const struct sockaddr static tolen const char static pathname void static offset struct stat static buf void long static basep static whence static length const void static len static semflg const void static shmflg const struct timespec struct timespec static rem const char static group const void length
Definition: sflib.h:133
char * dst
Definition: lz4.h:724
#define FOR_BLOCKS(length, dst, src, blocksize)
Definition: macros.h:148
#define LE_WRITE_UINT32(p, i)
Definition: macros.h:128
#define LE_READ_UINT32(p)
Definition: macros.h:122
static struct @218 keys[]
unsigned int uint32_t
Definition: sftypes.h:29
unsigned char uint8_t
Definition: sftypes.h:31
#define AES_BLOCK_SIZE
Definition: zipint.h:77