OpenCores
URL https://opencores.org/ocsvn/openrisc/openrisc/trunk

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [gnu-dev/] [or1k-gcc/] [libgo/] [go/] [crypto/] [aes/] [block.go] - Blame information for rev 801

Go to most recent revision | Details | Compare with Previous | View Log

Line No. Rev Author Line
1 747 jeremybenn
// Copyright 2009 The Go Authors. All rights reserved.
2
// Use of this source code is governed by a BSD-style
3
// license that can be found in the LICENSE file.
4
 
5
// This Go implementation is derived in part from the reference
6
// ANSI C implementation, which carries the following notice:
7
//
8
//      rijndael-alg-fst.c
9
//
10
//      @version 3.0 (December 2000)
11
//
12
//      Optimised ANSI C code for the Rijndael cipher (now AES)
13
//
14
//      @author Vincent Rijmen 
15
//      @author Antoon Bosselaers 
16
//      @author Paulo Barreto 
17
//
18
//      This code is hereby placed in the public domain.
19
//
20
//      THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
21
//      OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
22
//      WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23
//      ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
24
//      LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25
//      CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26
//      SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
27
//      BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
28
//      WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
29
//      OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
30
//      EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31
//
32
// See FIPS 197 for specification, and see Daemen and Rijmen's Rijndael submission
33
// for implementation details.
34
//      http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdf
35
//      http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf
36
 
37
package aes
38
 
39
// Encrypt one block from src into dst, using the expanded key xk.
40
func encryptBlock(xk []uint32, dst, src []byte) {
41
        var s0, s1, s2, s3, t0, t1, t2, t3 uint32
42
 
43
        s0 = uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
44
        s1 = uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
45
        s2 = uint32(src[8])<<24 | uint32(src[9])<<16 | uint32(src[10])<<8 | uint32(src[11])
46
        s3 = uint32(src[12])<<24 | uint32(src[13])<<16 | uint32(src[14])<<8 | uint32(src[15])
47
 
48
        // First round just XORs input with key.
49
        s0 ^= xk[0]
50
        s1 ^= xk[1]
51
        s2 ^= xk[2]
52
        s3 ^= xk[3]
53
 
54
        // Middle rounds shuffle using tables.
55
        // Number of rounds is set by length of expanded key.
56
        nr := len(xk)/4 - 2 // - 2: one above, one more below
57
        k := 4
58
        for r := 0; r < nr; r++ {
59
                t0 = xk[k+0] ^ te0[uint8(s0>>24)] ^ te1[uint8(s1>>16)] ^ te2[uint8(s2>>8)] ^ te3[uint8(s3)]
60
                t1 = xk[k+1] ^ te0[uint8(s1>>24)] ^ te1[uint8(s2>>16)] ^ te2[uint8(s3>>8)] ^ te3[uint8(s0)]
61
                t2 = xk[k+2] ^ te0[uint8(s2>>24)] ^ te1[uint8(s3>>16)] ^ te2[uint8(s0>>8)] ^ te3[uint8(s1)]
62
                t3 = xk[k+3] ^ te0[uint8(s3>>24)] ^ te1[uint8(s0>>16)] ^ te2[uint8(s1>>8)] ^ te3[uint8(s2)]
63
                k += 4
64
                s0, s1, s2, s3 = t0, t1, t2, t3
65
        }
66
 
67
        // Last round uses s-box directly and XORs to produce output.
68
        s0 = uint32(sbox0[t0>>24])<<24 | uint32(sbox0[t1>>16&0xff])<<16 | uint32(sbox0[t2>>8&0xff])<<8 | uint32(sbox0[t3&0xff])
69
        s1 = uint32(sbox0[t1>>24])<<24 | uint32(sbox0[t2>>16&0xff])<<16 | uint32(sbox0[t3>>8&0xff])<<8 | uint32(sbox0[t0&0xff])
70
        s2 = uint32(sbox0[t2>>24])<<24 | uint32(sbox0[t3>>16&0xff])<<16 | uint32(sbox0[t0>>8&0xff])<<8 | uint32(sbox0[t1&0xff])
71
        s3 = uint32(sbox0[t3>>24])<<24 | uint32(sbox0[t0>>16&0xff])<<16 | uint32(sbox0[t1>>8&0xff])<<8 | uint32(sbox0[t2&0xff])
72
 
73
        s0 ^= xk[k+0]
74
        s1 ^= xk[k+1]
75
        s2 ^= xk[k+2]
76
        s3 ^= xk[k+3]
77
 
78
        dst[0], dst[1], dst[2], dst[3] = byte(s0>>24), byte(s0>>16), byte(s0>>8), byte(s0)
79
        dst[4], dst[5], dst[6], dst[7] = byte(s1>>24), byte(s1>>16), byte(s1>>8), byte(s1)
80
        dst[8], dst[9], dst[10], dst[11] = byte(s2>>24), byte(s2>>16), byte(s2>>8), byte(s2)
81
        dst[12], dst[13], dst[14], dst[15] = byte(s3>>24), byte(s3>>16), byte(s3>>8), byte(s3)
82
}
83
 
84
// Decrypt one block from src into dst, using the expanded key xk.
85
func decryptBlock(xk []uint32, dst, src []byte) {
86
        var s0, s1, s2, s3, t0, t1, t2, t3 uint32
87
 
88
        s0 = uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
89
        s1 = uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
90
        s2 = uint32(src[8])<<24 | uint32(src[9])<<16 | uint32(src[10])<<8 | uint32(src[11])
91
        s3 = uint32(src[12])<<24 | uint32(src[13])<<16 | uint32(src[14])<<8 | uint32(src[15])
92
 
93
        // First round just XORs input with key.
94
        s0 ^= xk[0]
95
        s1 ^= xk[1]
96
        s2 ^= xk[2]
97
        s3 ^= xk[3]
98
 
99
        // Middle rounds shuffle using tables.
100
        // Number of rounds is set by length of expanded key.
101
        nr := len(xk)/4 - 2 // - 2: one above, one more below
102
        k := 4
103
        for r := 0; r < nr; r++ {
104
                t0 = xk[k+0] ^ td0[uint8(s0>>24)] ^ td1[uint8(s3>>16)] ^ td2[uint8(s2>>8)] ^ td3[uint8(s1)]
105
                t1 = xk[k+1] ^ td0[uint8(s1>>24)] ^ td1[uint8(s0>>16)] ^ td2[uint8(s3>>8)] ^ td3[uint8(s2)]
106
                t2 = xk[k+2] ^ td0[uint8(s2>>24)] ^ td1[uint8(s1>>16)] ^ td2[uint8(s0>>8)] ^ td3[uint8(s3)]
107
                t3 = xk[k+3] ^ td0[uint8(s3>>24)] ^ td1[uint8(s2>>16)] ^ td2[uint8(s1>>8)] ^ td3[uint8(s0)]
108
                k += 4
109
                s0, s1, s2, s3 = t0, t1, t2, t3
110
        }
111
 
112
        // Last round uses s-box directly and XORs to produce output.
113
        s0 = uint32(sbox1[t0>>24])<<24 | uint32(sbox1[t3>>16&0xff])<<16 | uint32(sbox1[t2>>8&0xff])<<8 | uint32(sbox1[t1&0xff])
114
        s1 = uint32(sbox1[t1>>24])<<24 | uint32(sbox1[t0>>16&0xff])<<16 | uint32(sbox1[t3>>8&0xff])<<8 | uint32(sbox1[t2&0xff])
115
        s2 = uint32(sbox1[t2>>24])<<24 | uint32(sbox1[t1>>16&0xff])<<16 | uint32(sbox1[t0>>8&0xff])<<8 | uint32(sbox1[t3&0xff])
116
        s3 = uint32(sbox1[t3>>24])<<24 | uint32(sbox1[t2>>16&0xff])<<16 | uint32(sbox1[t1>>8&0xff])<<8 | uint32(sbox1[t0&0xff])
117
 
118
        s0 ^= xk[k+0]
119
        s1 ^= xk[k+1]
120
        s2 ^= xk[k+2]
121
        s3 ^= xk[k+3]
122
 
123
        dst[0], dst[1], dst[2], dst[3] = byte(s0>>24), byte(s0>>16), byte(s0>>8), byte(s0)
124
        dst[4], dst[5], dst[6], dst[7] = byte(s1>>24), byte(s1>>16), byte(s1>>8), byte(s1)
125
        dst[8], dst[9], dst[10], dst[11] = byte(s2>>24), byte(s2>>16), byte(s2>>8), byte(s2)
126
        dst[12], dst[13], dst[14], dst[15] = byte(s3>>24), byte(s3>>16), byte(s3>>8), byte(s3)
127
}
128
 
129
// Apply sbox0 to each byte in w.
130
func subw(w uint32) uint32 {
131
        return uint32(sbox0[w>>24])<<24 |
132
                uint32(sbox0[w>>16&0xff])<<16 |
133
                uint32(sbox0[w>>8&0xff])<<8 |
134
                uint32(sbox0[w&0xff])
135
}
136
 
137
// Rotate
138
func rotw(w uint32) uint32 { return w<<8 | w>>24 }
139
 
140
// Key expansion algorithm.  See FIPS-197, Figure 11.
141
// Their rcon[i] is our powx[i-1] << 24.
142
func expandKey(key []byte, enc, dec []uint32) {
143
        // Encryption key setup.
144
        var i int
145
        nk := len(key) / 4
146
        for i = 0; i < nk; i++ {
147
                enc[i] = uint32(key[4*i])<<24 | uint32(key[4*i+1])<<16 | uint32(key[4*i+2])<<8 | uint32(key[4*i+3])
148
        }
149
        for ; i < len(enc); i++ {
150
                t := enc[i-1]
151
                if i%nk == 0 {
152
                        t = subw(rotw(t)) ^ (uint32(powx[i/nk-1]) << 24)
153
                } else if nk > 6 && i%nk == 4 {
154
                        t = subw(t)
155
                }
156
                enc[i] = enc[i-nk] ^ t
157
        }
158
 
159
        // Derive decryption key from encryption key.
160
        // Reverse the 4-word round key sets from enc to produce dec.
161
        // All sets but the first and last get the MixColumn transform applied.
162
        if dec == nil {
163
                return
164
        }
165
        n := len(enc)
166
        for i := 0; i < n; i += 4 {
167
                ei := n - i - 4
168
                for j := 0; j < 4; j++ {
169
                        x := enc[ei+j]
170
                        if i > 0 && i+4 < n {
171
                                x = td0[sbox0[x>>24]] ^ td1[sbox0[x>>16&0xff]] ^ td2[sbox0[x>>8&0xff]] ^ td3[sbox0[x&0xff]]
172
                        }
173
                        dec[i+j] = x
174
                }
175
        }
176
}

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.