OpenCores
URL https://opencores.org/ocsvn/or1k/or1k/trunk

Subversion Repositories or1k

[/] [or1k/] [trunk/] [linux/] [linux-2.4/] [crypto/] [aes.c] - Blame information for rev 1765

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 1275 phoenix
/*
2
 * Cryptographic API.
3
 *
4
 * AES Cipher Algorithm.
5
 *
6
 * Based on Brian Gladman's code.
7
 *
8
 * Linux developers:
9
 *  Alexander Kjeldaas <astor@fast.no>
10
 *  Herbert Valerio Riedel <hvr@hvrlab.org>
11
 *  Kyle McMartin <kyle@debian.org>
12
 *  Adam J. Richter <adam@yggdrasil.com> (conversion to 2.5 API).
13
 *
14
 * This program is free software; you can redistribute it and/or modify
15
 * it under the terms of the GNU General Public License as published by
16
 * the Free Software Foundation; either version 2 of the License, or
17
 * (at your option) any later version.
18
 *
19
 * ---------------------------------------------------------------------------
20
 * Copyright (c) 2002, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
21
 * All rights reserved.
22
 *
23
 * LICENSE TERMS
24
 *
25
 * The free distribution and use of this software in both source and binary
26
 * form is allowed (with or without changes) provided that:
27
 *
28
 *   1. distributions of this source code include the above copyright
29
 *      notice, this list of conditions and the following disclaimer;
30
 *
31
 *   2. distributions in binary form include the above copyright
32
 *      notice, this list of conditions and the following disclaimer
33
 *      in the documentation and/or other associated materials;
34
 *
35
 *   3. the copyright holder's name is not used to endorse products
36
 *      built using this software without specific written permission.
37
 *
38
 * ALTERNATIVELY, provided that this notice is retained in full, this product
39
 * may be distributed under the terms of the GNU General Public License (GPL),
40
 * in which case the provisions of the GPL apply INSTEAD OF those given above.
41
 *
42
 * DISCLAIMER
43
 *
44
 * This software is provided 'as is' with no explicit or implied warranties
45
 * in respect of its properties, including, but not limited to, correctness
46
 * and/or fitness for purpose.
47
 * ---------------------------------------------------------------------------
48
 */
49
 
50
/* Some changes from the Gladman version:
51
    s/RIJNDAEL(e_key)/E_KEY/g
52
    s/RIJNDAEL(d_key)/D_KEY/g
53
*/
54
 
55
#include <linux/module.h>
56
#include <linux/init.h>
57
#include <linux/types.h>
58
#include <linux/errno.h>
59
#include <linux/crypto.h>
60
#include <asm/byteorder.h>
61
 
62
#define AES_MIN_KEY_SIZE        16
63
#define AES_MAX_KEY_SIZE        32
64
 
65
#define AES_BLOCK_SIZE          16
66
 
67
static inline
68
u32 generic_rotr32 (const u32 x, const unsigned bits)
69
{
70
        const unsigned n = bits % 32;
71
        return (x >> n) | (x << (32 - n));
72
}
73
 
74
static inline
75
u32 generic_rotl32 (const u32 x, const unsigned bits)
76
{
77
        const unsigned n = bits % 32;
78
        return (x << n) | (x >> (32 - n));
79
}
80
 
81
#define rotl generic_rotl32
82
#define rotr generic_rotr32
83
 
84
/*
85
 * #define byte(x, nr) ((unsigned char)((x) >> (nr*8)))
86
 */
87
inline static u8
88
byte(const u32 x, const unsigned n)
89
{
90
        return x >> (n << 3);
91
}
92
 
93
#define u32_in(x) le32_to_cpu(*(const u32 *)(x))
94
#define u32_out(to, from) (*(u32 *)(to) = cpu_to_le32(from))
95
 
96
struct aes_ctx {
97
        int key_length;
98
        u32 E[60];
99
        u32 D[60];
100
};
101
 
102
#define E_KEY ctx->E
103
#define D_KEY ctx->D
104
 
105
static u8 pow_tab[256];
106
static u8 log_tab[256];
107
static u8 sbx_tab[256];
108
static u8 isb_tab[256];
109
static u32 rco_tab[10];
110
static u32 ft_tab[4][256];
111
static u32 it_tab[4][256];
112
 
113
static u32 fl_tab[4][256];
114
static u32 il_tab[4][256];
115
 
116
static inline u8
117
f_mult (u8 a, u8 b)
118
{
119
        u8 aa = log_tab[a], cc = aa + log_tab[b];
120
 
121
        return pow_tab[cc + (cc < aa ? 1 : 0)];
122
}
123
 
124
#define ff_mult(a,b)    (a && b ? f_mult(a, b) : 0)
125
 
126
#define f_rn(bo, bi, n, k)                                      \
127
    bo[n] =  ft_tab[0][byte(bi[n],0)] ^                           \
128
             ft_tab[1][byte(bi[(n + 1) & 3],1)] ^               \
129
             ft_tab[2][byte(bi[(n + 2) & 3],2)] ^               \
130
             ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
131
 
132
#define i_rn(bo, bi, n, k)                                      \
133
    bo[n] =  it_tab[0][byte(bi[n],0)] ^                           \
134
             it_tab[1][byte(bi[(n + 3) & 3],1)] ^               \
135
             it_tab[2][byte(bi[(n + 2) & 3],2)] ^               \
136
             it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
137
 
138
#define ls_box(x)                               \
139
    ( fl_tab[0][byte(x, 0)] ^                     \
140
      fl_tab[1][byte(x, 1)] ^                   \
141
      fl_tab[2][byte(x, 2)] ^                   \
142
      fl_tab[3][byte(x, 3)] )
143
 
144
#define f_rl(bo, bi, n, k)                                      \
145
    bo[n] =  fl_tab[0][byte(bi[n],0)] ^                           \
146
             fl_tab[1][byte(bi[(n + 1) & 3],1)] ^               \
147
             fl_tab[2][byte(bi[(n + 2) & 3],2)] ^               \
148
             fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
149
 
150
#define i_rl(bo, bi, n, k)                                      \
151
    bo[n] =  il_tab[0][byte(bi[n],0)] ^                           \
152
             il_tab[1][byte(bi[(n + 3) & 3],1)] ^               \
153
             il_tab[2][byte(bi[(n + 2) & 3],2)] ^               \
154
             il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
155
 
156
static void
157
gen_tabs (void)
158
{
159
        u32 i, t;
160
        u8 p, q;
161
 
162
        /* log and power tables for GF(2**8) finite field with
163
           0x011b as modular polynomial - the simplest prmitive
164
           root is 0x03, used here to generate the tables */
165
 
166
        for (i = 0, p = 1; i < 256; ++i) {
167
                pow_tab[i] = (u8) p;
168
                log_tab[p] = (u8) i;
169
 
170
                p ^= (p << 1) ^ (p & 0x80 ? 0x01b : 0);
171
        }
172
 
173
        log_tab[1] = 0;
174
 
175
        for (i = 0, p = 1; i < 10; ++i) {
176
                rco_tab[i] = p;
177
 
178
                p = (p << 1) ^ (p & 0x80 ? 0x01b : 0);
179
        }
180
 
181
        for (i = 0; i < 256; ++i) {
182
                p = (i ? pow_tab[255 - log_tab[i]] : 0);
183
                q = ((p >> 7) | (p << 1)) ^ ((p >> 6) | (p << 2));
184
                p ^= 0x63 ^ q ^ ((q >> 6) | (q << 2));
185
                sbx_tab[i] = p;
186
                isb_tab[p] = (u8) i;
187
        }
188
 
189
        for (i = 0; i < 256; ++i) {
190
                p = sbx_tab[i];
191
 
192
                t = p;
193
                fl_tab[0][i] = t;
194
                fl_tab[1][i] = rotl (t, 8);
195
                fl_tab[2][i] = rotl (t, 16);
196
                fl_tab[3][i] = rotl (t, 24);
197
 
198
                t = ((u32) ff_mult (2, p)) |
199
                    ((u32) p << 8) |
200
                    ((u32) p << 16) | ((u32) ff_mult (3, p) << 24);
201
 
202
                ft_tab[0][i] = t;
203
                ft_tab[1][i] = rotl (t, 8);
204
                ft_tab[2][i] = rotl (t, 16);
205
                ft_tab[3][i] = rotl (t, 24);
206
 
207
                p = isb_tab[i];
208
 
209
                t = p;
210
                il_tab[0][i] = t;
211
                il_tab[1][i] = rotl (t, 8);
212
                il_tab[2][i] = rotl (t, 16);
213
                il_tab[3][i] = rotl (t, 24);
214
 
215
                t = ((u32) ff_mult (14, p)) |
216
                    ((u32) ff_mult (9, p) << 8) |
217
                    ((u32) ff_mult (13, p) << 16) |
218
                    ((u32) ff_mult (11, p) << 24);
219
 
220
                it_tab[0][i] = t;
221
                it_tab[1][i] = rotl (t, 8);
222
                it_tab[2][i] = rotl (t, 16);
223
                it_tab[3][i] = rotl (t, 24);
224
        }
225
}
226
 
227
#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b)
228
 
229
#define imix_col(y,x)       \
230
    u   = star_x(x);        \
231
    v   = star_x(u);        \
232
    w   = star_x(v);        \
233
    t   = w ^ (x);          \
234
   (y)  = u ^ v ^ w;        \
235
   (y) ^= rotr(u ^ t,  8) ^ \
236
          rotr(v ^ t, 16) ^ \
237
          rotr(t,24)
238
 
239
/* initialise the key schedule from the user supplied key */
240
 
241
#define loop4(i)                                    \
242
{   t = rotr(t,  8); t = ls_box(t) ^ rco_tab[i];    \
243
    t ^= E_KEY[4 * i];     E_KEY[4 * i + 4] = t;    \
244
    t ^= E_KEY[4 * i + 1]; E_KEY[4 * i + 5] = t;    \
245
    t ^= E_KEY[4 * i + 2]; E_KEY[4 * i + 6] = t;    \
246
    t ^= E_KEY[4 * i + 3]; E_KEY[4 * i + 7] = t;    \
247
}
248
 
249
#define loop6(i)                                    \
250
{   t = rotr(t,  8); t = ls_box(t) ^ rco_tab[i];    \
251
    t ^= E_KEY[6 * i];     E_KEY[6 * i + 6] = t;    \
252
    t ^= E_KEY[6 * i + 1]; E_KEY[6 * i + 7] = t;    \
253
    t ^= E_KEY[6 * i + 2]; E_KEY[6 * i + 8] = t;    \
254
    t ^= E_KEY[6 * i + 3]; E_KEY[6 * i + 9] = t;    \
255
    t ^= E_KEY[6 * i + 4]; E_KEY[6 * i + 10] = t;   \
256
    t ^= E_KEY[6 * i + 5]; E_KEY[6 * i + 11] = t;   \
257
}
258
 
259
#define loop8(i)                                    \
260
{   t = rotr(t,  8); ; t = ls_box(t) ^ rco_tab[i];  \
261
    t ^= E_KEY[8 * i];     E_KEY[8 * i + 8] = t;    \
262
    t ^= E_KEY[8 * i + 1]; E_KEY[8 * i + 9] = t;    \
263
    t ^= E_KEY[8 * i + 2]; E_KEY[8 * i + 10] = t;   \
264
    t ^= E_KEY[8 * i + 3]; E_KEY[8 * i + 11] = t;   \
265
    t  = E_KEY[8 * i + 4] ^ ls_box(t);    \
266
    E_KEY[8 * i + 12] = t;                \
267
    t ^= E_KEY[8 * i + 5]; E_KEY[8 * i + 13] = t;   \
268
    t ^= E_KEY[8 * i + 6]; E_KEY[8 * i + 14] = t;   \
269
    t ^= E_KEY[8 * i + 7]; E_KEY[8 * i + 15] = t;   \
270
}
271
 
272
static int
273
aes_set_key(void *ctx_arg, const u8 *in_key, unsigned int key_len, u32 *flags)
274
{
275
        struct aes_ctx *ctx = ctx_arg;
276
        u32 i, t, u, v, w;
277
 
278
        if (key_len != 16 && key_len != 24 && key_len != 32) {
279
                *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
280
                return -EINVAL;
281
        }
282
 
283
        ctx->key_length = key_len;
284
 
285
        E_KEY[0] = u32_in (in_key);
286
        E_KEY[1] = u32_in (in_key + 4);
287
        E_KEY[2] = u32_in (in_key + 8);
288
        E_KEY[3] = u32_in (in_key + 12);
289
 
290
        switch (key_len) {
291
        case 16:
292
                t = E_KEY[3];
293
                for (i = 0; i < 10; ++i)
294
                        loop4 (i);
295
                break;
296
 
297
        case 24:
298
                E_KEY[4] = u32_in (in_key + 16);
299
                t = E_KEY[5] = u32_in (in_key + 20);
300
                for (i = 0; i < 8; ++i)
301
                        loop6 (i);
302
                break;
303
 
304
        case 32:
305
                E_KEY[4] = u32_in (in_key + 16);
306
                E_KEY[5] = u32_in (in_key + 20);
307
                E_KEY[6] = u32_in (in_key + 24);
308
                t = E_KEY[7] = u32_in (in_key + 28);
309
                for (i = 0; i < 7; ++i)
310
                        loop8 (i);
311
                break;
312
        }
313
 
314
        D_KEY[0] = E_KEY[0];
315
        D_KEY[1] = E_KEY[1];
316
        D_KEY[2] = E_KEY[2];
317
        D_KEY[3] = E_KEY[3];
318
 
319
        for (i = 4; i < key_len + 24; ++i) {
320
                imix_col (D_KEY[i], E_KEY[i]);
321
        }
322
 
323
        return 0;
324
}
325
 
326
/* encrypt a block of text */
327
 
328
#define f_nround(bo, bi, k) \
329
    f_rn(bo, bi, 0, k);     \
330
    f_rn(bo, bi, 1, k);     \
331
    f_rn(bo, bi, 2, k);     \
332
    f_rn(bo, bi, 3, k);     \
333
    k += 4
334
 
335
#define f_lround(bo, bi, k) \
336
    f_rl(bo, bi, 0, k);     \
337
    f_rl(bo, bi, 1, k);     \
338
    f_rl(bo, bi, 2, k);     \
339
    f_rl(bo, bi, 3, k)
340
 
341
static void aes_encrypt(void *ctx_arg, u8 *out, const u8 *in)
342
{
343
        const struct aes_ctx *ctx = ctx_arg;
344
        u32 b0[4], b1[4];
345
        const u32 *kp = E_KEY + 4;
346
 
347
        b0[0] = u32_in (in) ^ E_KEY[0];
348
        b0[1] = u32_in (in + 4) ^ E_KEY[1];
349
        b0[2] = u32_in (in + 8) ^ E_KEY[2];
350
        b0[3] = u32_in (in + 12) ^ E_KEY[3];
351
 
352
        if (ctx->key_length > 24) {
353
                f_nround (b1, b0, kp);
354
                f_nround (b0, b1, kp);
355
        }
356
 
357
        if (ctx->key_length > 16) {
358
                f_nround (b1, b0, kp);
359
                f_nround (b0, b1, kp);
360
        }
361
 
362
        f_nround (b1, b0, kp);
363
        f_nround (b0, b1, kp);
364
        f_nround (b1, b0, kp);
365
        f_nround (b0, b1, kp);
366
        f_nround (b1, b0, kp);
367
        f_nround (b0, b1, kp);
368
        f_nround (b1, b0, kp);
369
        f_nround (b0, b1, kp);
370
        f_nround (b1, b0, kp);
371
        f_lround (b0, b1, kp);
372
 
373
        u32_out (out, b0[0]);
374
        u32_out (out + 4, b0[1]);
375
        u32_out (out + 8, b0[2]);
376
        u32_out (out + 12, b0[3]);
377
}
378
 
379
/* decrypt a block of text */
380
 
381
#define i_nround(bo, bi, k) \
382
    i_rn(bo, bi, 0, k);     \
383
    i_rn(bo, bi, 1, k);     \
384
    i_rn(bo, bi, 2, k);     \
385
    i_rn(bo, bi, 3, k);     \
386
    k -= 4
387
 
388
#define i_lround(bo, bi, k) \
389
    i_rl(bo, bi, 0, k);     \
390
    i_rl(bo, bi, 1, k);     \
391
    i_rl(bo, bi, 2, k);     \
392
    i_rl(bo, bi, 3, k)
393
 
394
static void aes_decrypt(void *ctx_arg, u8 *out, const u8 *in)
395
{
396
        const struct aes_ctx *ctx = ctx_arg;
397
        u32 b0[4], b1[4];
398
        const int key_len = ctx->key_length;
399
        const u32 *kp = D_KEY + key_len + 20;
400
 
401
        b0[0] = u32_in (in) ^ E_KEY[key_len + 24];
402
        b0[1] = u32_in (in + 4) ^ E_KEY[key_len + 25];
403
        b0[2] = u32_in (in + 8) ^ E_KEY[key_len + 26];
404
        b0[3] = u32_in (in + 12) ^ E_KEY[key_len + 27];
405
 
406
        if (key_len > 24) {
407
                i_nround (b1, b0, kp);
408
                i_nround (b0, b1, kp);
409
        }
410
 
411
        if (key_len > 16) {
412
                i_nround (b1, b0, kp);
413
                i_nround (b0, b1, kp);
414
        }
415
 
416
        i_nround (b1, b0, kp);
417
        i_nround (b0, b1, kp);
418
        i_nround (b1, b0, kp);
419
        i_nround (b0, b1, kp);
420
        i_nround (b1, b0, kp);
421
        i_nround (b0, b1, kp);
422
        i_nround (b1, b0, kp);
423
        i_nround (b0, b1, kp);
424
        i_nround (b1, b0, kp);
425
        i_lround (b0, b1, kp);
426
 
427
        u32_out (out, b0[0]);
428
        u32_out (out + 4, b0[1]);
429
        u32_out (out + 8, b0[2]);
430
        u32_out (out + 12, b0[3]);
431
}
432
 
433
 
434
static struct crypto_alg aes_alg = {
435
        .cra_name               =       "aes",
436
        .cra_flags              =       CRYPTO_ALG_TYPE_CIPHER,
437
        .cra_blocksize          =       AES_BLOCK_SIZE,
438
        .cra_ctxsize            =       sizeof(struct aes_ctx),
439
        .cra_module             =       THIS_MODULE,
440
        .cra_list               =       LIST_HEAD_INIT(aes_alg.cra_list),
441
        .cra_u                  =       {
442
                .cipher = {
443
                        .cia_min_keysize        =       AES_MIN_KEY_SIZE,
444
                        .cia_max_keysize        =       AES_MAX_KEY_SIZE,
445
                        .cia_setkey             =       aes_set_key,
446
                        .cia_encrypt            =       aes_encrypt,
447
                        .cia_decrypt            =       aes_decrypt
448
                }
449
        }
450
};
451
 
452
static int __init aes_init(void)
453
{
454
        gen_tabs();
455
        return crypto_register_alg(&aes_alg);
456
}
457
 
458
static void __exit aes_fini(void)
459
{
460
        crypto_unregister_alg(&aes_alg);
461
}
462
 
463
module_init(aes_init);
464
module_exit(aes_fini);
465
 
466
MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm");
467
MODULE_LICENSE("Dual BSD/GPL");
468
 

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.