Rizin
unix-like reverse engineering framework and cli tools
Classes | Macros | Functions | Variables
aes-internal.h File Reference
#include "aes.h"

Go to the source code of this file.

Classes

struct  aes_table
 

Macros

#define AES_SMALL   0
 
#define AES_TABLE_SIZE   4
 
#define B0(x)   ((x) & 0xff)
 
#define B1(x)   (((x) >> 8) & 0xff)
 
#define B2(x)   (((x) >> 16) & 0xff)
 
#define B3(x)   (((x) >> 24) & 0xff)
 
#define SUBBYTE(x, box)
 
#define AES_ROUND(T, w0, w1, w2, w3, k)
 
#define AES_FINAL_ROUND(T, w0, w1, w2, w3, k)
 
#define aes_sbox   (_nettle_aes_encrypt_table.sbox)
 

Functions

void _nettle_aes_set_key (unsigned nr, unsigned nk, uint32_t *subkeys, const uint8_t *key)
 
void _nettle_aes_invert (unsigned rounds, uint32_t *dst, const uint32_t *src)
 
void _nettle_aes_encrypt (unsigned rounds, const uint32_t *keys, const struct aes_table *T, size_t length, uint8_t *dst, const uint8_t *src)
 
void _nettle_aes_decrypt (unsigned rounds, const uint32_t *keys, const struct aes_table *T, size_t length, uint8_t *dst, const uint8_t *src)
 

Variables

const struct aes_table _nettle_aes_encrypt_table
 
const struct aes_table _nettle_aes_decrypt_table
 

Macro Definition Documentation

◆ AES_FINAL_ROUND

#define AES_FINAL_ROUND (   T,
  w0,
  w1,
  w2,
  w3,
  k 
)
Value:
(( (uint32_t) T->sbox[ B0(w0) ] \
| ((uint32_t) T->sbox[ B1(w1) ] << 8) \
| ((uint32_t) T->sbox[ B2(w2) ] << 16) \
| ((uint32_t) T->sbox[ B3(w3) ] << 24)) ^ (k))
T
#define T(op)
B2
#define B2(x)
Definition: aes-internal.h:82
B0
#define B0(x)
Definition: aes-internal.h:80
B1
#define B1(x)
Definition: aes-internal.h:81
B3
#define B3(x)
Definition: aes-internal.h:83
k
const char * k
Definition: dsignal.c:11
uint32_t
unsigned int uint32_t
Definition: sftypes.h:29

Definition at line 96 of file aes-internal.h.

◆ AES_ROUND

#define AES_ROUND (   T,
  w0,
  w1,
  w2,
  w3,
  k 
)
Value:
(( T->table[0][ B0(w0) ] \
^ T->table[1][ B1(w1) ] \
^ T->table[2][ B2(w2) ] \
^ T->table[3][ B3(w3) ]) ^ (k))

Definition at line 90 of file aes-internal.h.

◆ aes_sbox

#define aes_sbox   (_nettle_aes_encrypt_table.sbox)

Definition at line 103 of file aes-internal.h.

◆ AES_SMALL

#define AES_SMALL   0

Definition at line 44 of file aes-internal.h.

◆ AES_TABLE_SIZE

#define AES_TABLE_SIZE   4

Definition at line 50 of file aes-internal.h.

◆ B0

#define B0 (   x)    ((x) & 0xff)

Definition at line 80 of file aes-internal.h.

◆ B1

#define B1 (   x)    (((x) >> 8) & 0xff)

Definition at line 81 of file aes-internal.h.

◆ B2

#define B2 (   x)    (((x) >> 16) & 0xff)

Definition at line 82 of file aes-internal.h.

◆ B3

#define B3 (   x)    (((x) >> 24) & 0xff)

Definition at line 83 of file aes-internal.h.

◆ SUBBYTE

#define SUBBYTE (   x,
  box 
)
Value:
((uint32_t)(box)[B0(x)] \
| ((uint32_t)(box)[B1(x)] << 8) \
| ((uint32_t)(box)[B2(x)] << 16) \
| ((uint32_t)(box)[B3(x)] << 24))
x
int x
Definition: mipsasm.c:20

Definition at line 85 of file aes-internal.h.

Function Documentation

◆ _nettle_aes_decrypt()

void _nettle_aes_decrypt ( unsigned  rounds,
const uint32_t keys,
const struct aes_table T,
size_t  length,
uint8_t dst,
const uint8_t src 
)

Definition at line 57 of file aes-decrypt-internal.c.

61 {
62  FOR_BLOCKS(length, dst, src, AES_BLOCK_SIZE)
63  {
64  uint32_t w0, w1, w2, w3; /* working ciphertext */
65  uint32_t t0, t1, t2, t3;
66  unsigned i;
67 
68  /* Get clear text, using little-endian byte order.
69  * Also XOR with the first subkey. */
70 
71  w0 = LE_READ_UINT32(src) ^ keys[0];
72  w1 = LE_READ_UINT32(src + 4) ^ keys[1];
73  w2 = LE_READ_UINT32(src + 8) ^ keys[2];
74  w3 = LE_READ_UINT32(src + 12) ^ keys[3];
75 
76  for (i = 1; i < rounds; i++)
77  {
78  t0 = AES_ROUND(T, w0, w3, w2, w1, keys[4*i]);
79  t1 = AES_ROUND(T, w1, w0, w3, w2, keys[4*i + 1]);
80  t2 = AES_ROUND(T, w2, w1, w0, w3, keys[4*i + 2]);
81  t3 = AES_ROUND(T, w3, w2, w1, w0, keys[4*i + 3]);
82 
83  /* We could unroll the loop twice, to avoid these
84  assignments. If all eight variables fit in registers,
85  that should give a slight speedup. */
86  w0 = t0;
87  w1 = t1;
88  w2 = t2;
89  w3 = t3;
90  }
91 
92  /* Final round */
93 
94  t0 = AES_FINAL_ROUND(T, w0, w3, w2, w1, keys[4*i]);
95  t1 = AES_FINAL_ROUND(T, w1, w0, w3, w2, keys[4*i + 1]);
96  t2 = AES_FINAL_ROUND(T, w2, w1, w0, w3, keys[4*i + 2]);
97  t3 = AES_FINAL_ROUND(T, w3, w2, w1, w0, keys[4*i + 3]);
98 
99  LE_WRITE_UINT32(dst, t0);
100  LE_WRITE_UINT32(dst + 4, t1);
101  LE_WRITE_UINT32(dst + 8, t2);
102  LE_WRITE_UINT32(dst + 12, t3);
103  }
104 }
AES_ROUND
#define AES_ROUND(T, w0, w1, w2, w3, k)
Definition: aes-internal.h:90
AES_FINAL_ROUND
#define AES_FINAL_ROUND(T, w0, w1, w2, w3, k)
Definition: aes-internal.h:96
i
lzma_index ** i
Definition: index.h:629
src
lzma_index * src
Definition: index.h:567
length
static static sync static getppid static getegid const char static filename char static len const char char static bufsiz static mask static vfork const void static prot static getpgrp const char static swapflags static arg static fd static protocol static who struct sockaddr static addrlen static backlog struct timeval struct timezone static tz const struct iovec static count static mode const void const struct sockaddr static tolen const char static pathname void static offset struct stat static buf void long static basep static whence static length const void static len static semflg const void static shmflg const struct timespec struct timespec static rem const char static group const void length
Definition: sflib.h:133
dst
char * dst
Definition: lz4.h:724
FOR_BLOCKS
#define FOR_BLOCKS(length, dst, src, blocksize)
Definition: macros.h:148
LE_WRITE_UINT32
#define LE_WRITE_UINT32(p, i)
Definition: macros.h:128
LE_READ_UINT32
#define LE_READ_UINT32(p)
Definition: macros.h:122
keys
static struct @218 keys[]
AES_BLOCK_SIZE
#define AES_BLOCK_SIZE
Definition: zipint.h:77

References AES_BLOCK_SIZE, AES_FINAL_ROUND, AES_ROUND, dst, FOR_BLOCKS, i, keys, LE_READ_UINT32, LE_WRITE_UINT32, length, src, T, benchmark::t1, w0, w1, w2, and w3.

Referenced by nettle_aes128_decrypt(), nettle_aes192_decrypt(), and nettle_aes256_decrypt().

◆ _nettle_aes_encrypt()

void _nettle_aes_encrypt ( unsigned  rounds,
const uint32_t keys,
const struct aes_table T,
size_t  length,
uint8_t dst,
const uint8_t src 
)

Definition at line 57 of file aes-encrypt-internal.c.

61 {
62  FOR_BLOCKS(length, dst, src, AES_BLOCK_SIZE)
63  {
64  uint32_t w0, w1, w2, w3; /* working ciphertext */
65  uint32_t t0, t1, t2, t3;
66  unsigned i;
67 
68  /* Get clear text, using little-endian byte order.
69  * Also XOR with the first subkey. */
70 
71  w0 = LE_READ_UINT32(src) ^ keys[0];
72  w1 = LE_READ_UINT32(src + 4) ^ keys[1];
73  w2 = LE_READ_UINT32(src + 8) ^ keys[2];
74  w3 = LE_READ_UINT32(src + 12) ^ keys[3];
75 
76  for (i = 1; i < rounds; i++)
77  {
78  t0 = AES_ROUND(T, w0, w1, w2, w3, keys[4*i]);
79  t1 = AES_ROUND(T, w1, w2, w3, w0, keys[4*i + 1]);
80  t2 = AES_ROUND(T, w2, w3, w0, w1, keys[4*i + 2]);
81  t3 = AES_ROUND(T, w3, w0, w1, w2, keys[4*i + 3]);
82 
83  /* We could unroll the loop twice, to avoid these
84  assignments. If all eight variables fit in registers,
85  that should give a slight speedup. */
86  w0 = t0;
87  w1 = t1;
88  w2 = t2;
89  w3 = t3;
90  }
91 
92  /* Final round */
93 
94  t0 = AES_FINAL_ROUND(T, w0, w1, w2, w3, keys[4*i]);
95  t1 = AES_FINAL_ROUND(T, w1, w2, w3, w0, keys[4*i + 1]);
96  t2 = AES_FINAL_ROUND(T, w2, w3, w0, w1, keys[4*i + 2]);
97  t3 = AES_FINAL_ROUND(T, w3, w0, w1, w2, keys[4*i + 3]);
98 
99  LE_WRITE_UINT32(dst, t0);
100  LE_WRITE_UINT32(dst + 4, t1);
101  LE_WRITE_UINT32(dst + 8, t2);
102  LE_WRITE_UINT32(dst + 12, t3);
103  }
104 }

References AES_BLOCK_SIZE, AES_FINAL_ROUND, AES_ROUND, dst, FOR_BLOCKS, i, keys, LE_READ_UINT32, LE_WRITE_UINT32, length, src, T, benchmark::t1, w0, w1, w2, and w3.

Referenced by nettle_aes128_encrypt(), nettle_aes192_encrypt(), and nettle_aes256_encrypt().

◆ _nettle_aes_invert()

void _nettle_aes_invert ( unsigned  rounds,
uint32_t dst,
const uint32_t src 
)

Definition at line 139 of file aes-invert-internal.c.

140 {
141  unsigned i;
142 
143  /* Reverse the order of subkeys, in groups of 4. */
144  /* FIXME: Instead of reordering the subkeys, change the access order
145  of aes_decrypt, since it's a separate function anyway? */
146  if (src == dst)
147  {
148  unsigned j, k;
149 
150  for (i = 0, j = rounds * 4;
151  i < j;
152  i += 4, j -= 4)
153  for (k = 0; k<4; k++)
154  SWAP(dst[i+k], dst[j+k]);
155  }
156  else
157  {
158  unsigned k;
159 
160  for (i = 0; i <= rounds * 4; i += 4)
161  for (k = 0; k < 4; k++)
162  dst[i+k] = src[rounds * 4 - i + k];
163  }
164 
165  /* Transform all subkeys but the first and last. */
166  for (i = 4; i < 4 * rounds; i++)
167  MIX_COLUMN (mtable, dst[i]);
168 }
MIX_COLUMN
#define MIX_COLUMN(T, key)
Definition: aes-invert-internal.c:118
mtable
static const uint32_t mtable[0x100]
Definition: aes-invert-internal.c:50
SWAP
#define SWAP(a, b)
Definition: aes-invert-internal.c:135

References dst, i, k, MIX_COLUMN, mtable, src, and SWAP.

Referenced by nettle_aes128_invert_key(), nettle_aes192_invert_key(), and nettle_aes256_invert_key().

◆ _nettle_aes_set_key()

void _nettle_aes_set_key ( unsigned  nr,
unsigned  nk,
uint32_t subkeys,
const uint8_t key 
)

Definition at line 50 of file aes-set-key-internal.c.

52 {
53  static const uint8_t rcon[10] = {
54  0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80,0x1b,0x36,
55  };
56  const uint8_t *rp;
57  unsigned lastkey, i;
58  uint32_t t;
59 
60  assert(nk != 0);
61  lastkey = (AES_BLOCK_SIZE/4) * (nr + 1);
62 
63  for (i=0, rp = rcon; i<nk; i++)
64  subkeys[i] = LE_READ_UINT32(key + i*4);
65 
66  for (i=nk; i<lastkey; i++)
67  {
68  t = subkeys[i-1];
69  if (i % nk == 0)
70  t = SUBBYTE(ROTL32(24, t), aes_sbox) ^ *rp++;
71 
72  else if (nk > 6 && (i%nk) == 4)
73  t = SUBBYTE(t, aes_sbox);
74 
75  subkeys[i] = subkeys[i-nk] ^ t;
76  }
77 }
SUBBYTE
#define SUBBYTE(x, box)
Definition: aes-internal.h:85
aes_sbox
#define aes_sbox
Definition: aes-internal.h:103
key
static static sync static getppid static getegid const char static filename char static len const char char static bufsiz static mask static vfork const void static prot static getpgrp const char static swapflags static arg static fd static protocol static who struct sockaddr static addrlen static backlog struct timeval struct timezone static tz const struct iovec static count static mode const void const struct sockaddr static tolen const char static pathname void static offset struct stat static buf void long static basep static whence static length const void static len key
Definition: sflib.h:118
rp
static char * rp[]
Definition: i8080dis.c:36
assert
assert(limit<=UINT32_MAX/2)
ROTL32
#define ROTL32(n, x)
Definition: macros.h:157
uint8_t
unsigned char uint8_t
Definition: sftypes.h:31

References AES_BLOCK_SIZE, aes_sbox, assert(), i, key, LE_READ_UINT32, ROTL32, rp, and SUBBYTE.

Referenced by nettle_aes128_set_encrypt_key(), nettle_aes192_set_encrypt_key(), and nettle_aes256_set_encrypt_key().

Variable Documentation

◆ _nettle_aes_decrypt_table

const struct aes_table _nettle_aes_decrypt_table
extern

Definition at line 1 of file aes-decrypt-table.c.

Referenced by nettle_aes128_decrypt(), nettle_aes192_decrypt(), and nettle_aes256_decrypt().

◆ _nettle_aes_encrypt_table

const struct aes_table _nettle_aes_encrypt_table
extern

Definition at line 1 of file aes-encrypt-table.c.

Referenced by nettle_aes128_encrypt(), nettle_aes192_encrypt(), and nettle_aes256_encrypt().