OpenCores
URL https://opencores.org/ocsvn/openrisc/openrisc/trunk

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [gnu-dev/] [or1k-gcc/] [libgo/] [go/] [crypto/] [aes/] [block.go] - Blame information for rev 747

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 747 jeremybenn 
// Copyright 2009 The Go Authors. All rights reserved.
2 
// Use of this source code is governed by a BSD-style
3 
// license that can be found in the LICENSE file.
4 
 
5 
// This Go implementation is derived in part from the reference
6 
// ANSI C implementation, which carries the following notice:
7 
//
8 
//      rijndael-alg-fst.c
9 
//
10 
//      @version 3.0 (December 2000)
11 
//
12 
//      Optimised ANSI C code for the Rijndael cipher (now AES)
13 
//
14 
//      @author Vincent Rijmen
15 
//      @author Antoon Bosselaers
16 
//      @author Paulo Barreto
17 
//
18 
//      This code is hereby placed in the public domain.
19 
//
20 
//      THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
21 
//      OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
22 
//      WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 
//      ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
24 
//      LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 
//      CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 
//      SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
27 
//      BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
28 
//      WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
29 
//      OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
30 
//      EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 
//
32 
// See FIPS 197 for specification, and see Daemen and Rijmen's Rijndael submission
33 
// for implementation details.
34 
//      http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdf
35 
//      http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf
36 
 
37 
package aes
38 
 
39 
// Encrypt one block from src into dst, using the expanded key xk.
40 
func encryptBlock(xk []uint32, dst, src []byte) {
41 
        var s0, s1, s2, s3, t0, t1, t2, t3 uint32
42 
 
43 
        s0 = uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
44 
        s1 = uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
45 
        s2 = uint32(src[8])<<24 | uint32(src[9])<<16 | uint32(src[10])<<8 | uint32(src[11])
46 
        s3 = uint32(src[12])<<24 | uint32(src[13])<<16 | uint32(src[14])<<8 | uint32(src[15])
47 
 
48 
        // First round just XORs input with key.
49 
        s0 ^= xk[0]
50 
        s1 ^= xk[1]
51 
        s2 ^= xk[2]
52 
        s3 ^= xk[3]
53 
 
54 
        // Middle rounds shuffle using tables.
55 
        // Number of rounds is set by length of expanded key.
56 
        nr := len(xk)/4 - 2 // - 2: one above, one more below
57 
        k := 4
58 
        for r := 0; r < nr; r++ {
59 
                t0 = xk[k+0] ^ te0[uint8(s0>>24)] ^ te1[uint8(s1>>16)] ^ te2[uint8(s2>>8)] ^ te3[uint8(s3)]
60 
                t1 = xk[k+1] ^ te0[uint8(s1>>24)] ^ te1[uint8(s2>>16)] ^ te2[uint8(s3>>8)] ^ te3[uint8(s0)]
61 
                t2 = xk[k+2] ^ te0[uint8(s2>>24)] ^ te1[uint8(s3>>16)] ^ te2[uint8(s0>>8)] ^ te3[uint8(s1)]
62 
                t3 = xk[k+3] ^ te0[uint8(s3>>24)] ^ te1[uint8(s0>>16)] ^ te2[uint8(s1>>8)] ^ te3[uint8(s2)]
63 
                k += 4
64 
                s0, s1, s2, s3 = t0, t1, t2, t3
65 
        }
66 
 
67 
        // Last round uses s-box directly and XORs to produce output.
68 
        s0 = uint32(sbox0[t0>>24])<<24 | uint32(sbox0[t1>>16&0xff])<<16 | uint32(sbox0[t2>>8&0xff])<<8 | uint32(sbox0[t3&0xff])
69 
        s1 = uint32(sbox0[t1>>24])<<24 | uint32(sbox0[t2>>16&0xff])<<16 | uint32(sbox0[t3>>8&0xff])<<8 | uint32(sbox0[t0&0xff])
70 
        s2 = uint32(sbox0[t2>>24])<<24 | uint32(sbox0[t3>>16&0xff])<<16 | uint32(sbox0[t0>>8&0xff])<<8 | uint32(sbox0[t1&0xff])
71 
        s3 = uint32(sbox0[t3>>24])<<24 | uint32(sbox0[t0>>16&0xff])<<16 | uint32(sbox0[t1>>8&0xff])<<8 | uint32(sbox0[t2&0xff])
72 
 
73 
        s0 ^= xk[k+0]
74 
        s1 ^= xk[k+1]
75 
        s2 ^= xk[k+2]
76 
        s3 ^= xk[k+3]
77 
 
78 
        dst[0], dst[1], dst[2], dst[3] = byte(s0>>24), byte(s0>>16), byte(s0>>8), byte(s0)
79 
        dst[4], dst[5], dst[6], dst[7] = byte(s1>>24), byte(s1>>16), byte(s1>>8), byte(s1)
80 
        dst[8], dst[9], dst[10], dst[11] = byte(s2>>24), byte(s2>>16), byte(s2>>8), byte(s2)
81 
        dst[12], dst[13], dst[14], dst[15] = byte(s3>>24), byte(s3>>16), byte(s3>>8), byte(s3)
82 
}
83 
 
84 
// Decrypt one block from src into dst, using the expanded key xk.
85 
func decryptBlock(xk []uint32, dst, src []byte) {
86 
        var s0, s1, s2, s3, t0, t1, t2, t3 uint32
87 
 
88 
        s0 = uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
89 
        s1 = uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
90 
        s2 = uint32(src[8])<<24 | uint32(src[9])<<16 | uint32(src[10])<<8 | uint32(src[11])
91 
        s3 = uint32(src[12])<<24 | uint32(src[13])<<16 | uint32(src[14])<<8 | uint32(src[15])
92 
 
93 
        // First round just XORs input with key.
94 
        s0 ^= xk[0]
95 
        s1 ^= xk[1]
96 
        s2 ^= xk[2]
97 
        s3 ^= xk[3]
98 
 
99 
        // Middle rounds shuffle using tables.
100 
        // Number of rounds is set by length of expanded key.
101 
        nr := len(xk)/4 - 2 // - 2: one above, one more below
102 
        k := 4
103 
        for r := 0; r < nr; r++ {
104 
                t0 = xk[k+0] ^ td0[uint8(s0>>24)] ^ td1[uint8(s3>>16)] ^ td2[uint8(s2>>8)] ^ td3[uint8(s1)]
105 
                t1 = xk[k+1] ^ td0[uint8(s1>>24)] ^ td1[uint8(s0>>16)] ^ td2[uint8(s3>>8)] ^ td3[uint8(s2)]
106 
                t2 = xk[k+2] ^ td0[uint8(s2>>24)] ^ td1[uint8(s1>>16)] ^ td2[uint8(s0>>8)] ^ td3[uint8(s3)]
107 
                t3 = xk[k+3] ^ td0[uint8(s3>>24)] ^ td1[uint8(s2>>16)] ^ td2[uint8(s1>>8)] ^ td3[uint8(s0)]
108 
                k += 4
109 
                s0, s1, s2, s3 = t0, t1, t2, t3
110 
        }
111 
 
112 
        // Last round uses s-box directly and XORs to produce output.
113 
        s0 = uint32(sbox1[t0>>24])<<24 | uint32(sbox1[t3>>16&0xff])<<16 | uint32(sbox1[t2>>8&0xff])<<8 | uint32(sbox1[t1&0xff])
114 
        s1 = uint32(sbox1[t1>>24])<<24 | uint32(sbox1[t0>>16&0xff])<<16 | uint32(sbox1[t3>>8&0xff])<<8 | uint32(sbox1[t2&0xff])
115 
        s2 = uint32(sbox1[t2>>24])<<24 | uint32(sbox1[t1>>16&0xff])<<16 | uint32(sbox1[t0>>8&0xff])<<8 | uint32(sbox1[t3&0xff])
116 
        s3 = uint32(sbox1[t3>>24])<<24 | uint32(sbox1[t2>>16&0xff])<<16 | uint32(sbox1[t1>>8&0xff])<<8 | uint32(sbox1[t0&0xff])
117 
 
118 
        s0 ^= xk[k+0]
119 
        s1 ^= xk[k+1]
120 
        s2 ^= xk[k+2]
121 
        s3 ^= xk[k+3]
122 
 
123 
        dst[0], dst[1], dst[2], dst[3] = byte(s0>>24), byte(s0>>16), byte(s0>>8), byte(s0)
124 
        dst[4], dst[5], dst[6], dst[7] = byte(s1>>24), byte(s1>>16), byte(s1>>8), byte(s1)
125 
        dst[8], dst[9], dst[10], dst[11] = byte(s2>>24), byte(s2>>16), byte(s2>>8), byte(s2)
126 
        dst[12], dst[13], dst[14], dst[15] = byte(s3>>24), byte(s3>>16), byte(s3>>8), byte(s3)
127 
}
128 
 
129 
// Apply sbox0 to each byte in w.
130 
func subw(w uint32) uint32 {
131 
        return uint32(sbox0[w>>24])<<24 |
132 
                uint32(sbox0[w>>16&0xff])<<16 |
133 
                uint32(sbox0[w>>8&0xff])<<8 |
134 
                uint32(sbox0[w&0xff])
135 
}
136 
 
137 
// Rotate
138 
func rotw(w uint32) uint32 { return w<<8 | w>>24 }
139 
 
140 
// Key expansion algorithm.  See FIPS-197, Figure 11.
141 
// Their rcon[i] is our powx[i-1] << 24.
142 
func expandKey(key []byte, enc, dec []uint32) {
143 
        // Encryption key setup.
144 
        var i int
145 
        nk := len(key) / 4
146 
        for i = 0; i < nk; i++ {
147 
                enc[i] = uint32(key[4*i])<<24 | uint32(key[4*i+1])<<16 | uint32(key[4*i+2])<<8 | uint32(key[4*i+3])
148 
        }
149 
        for ; i < len(enc); i++ {
150 
                t := enc[i-1]
151 
                if i%nk == 0 {
152 
                        t = subw(rotw(t)) ^ (uint32(powx[i/nk-1]) << 24)
153 
                } else if nk > 6 && i%nk == 4 {
154 
                        t = subw(t)
155 
                }
156 
                enc[i] = enc[i-nk] ^ t
157 
        }
158 
 
159 
        // Derive decryption key from encryption key.
160 
        // Reverse the 4-word round key sets from enc to produce dec.
161 
        // All sets but the first and last get the MixColumn transform applied.
162 
        if dec == nil {
163 
                return
164 
        }
165 
        n := len(enc)
166 
        for i := 0; i < n; i += 4 {
167 
                ei := n - i - 4
168 
                for j := 0; j < 4; j++ {
169 
                        x := enc[ei+j]
170 
                        if i > 0 && i+4 < n {
171 
                                x = td0[sbox0[x>>24]] ^ td1[sbox0[x>>16&0xff]] ^ td2[sbox0[x>>8&0xff]] ^ td3[sbox0[x&0xff]]
172 
                        }
173 
                        dec[i+j] = x
174 
                }
175 
        }
176 
}

powered by: WebSVN 2.1.0

© copyright 1999-2025 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.