OpenCores
URL https://opencores.org/ocsvn/tiny_aes/tiny_aes/trunk

Subversion Repositories tiny_aes

[/] [tiny_aes/] [trunk/] [testcase_generator/] [aes.c] - Blame information for rev 13

Go to most recent revision | Details | Compare with Previous | View Log

Line No. Rev Author Line
1 12 homer.hsin
/*
2
 * Copyright 2012, Homer Hsing <homer.hsing@gmail.com>
3
 *
4
 * Licensed under the Apache License, Version 2.0 (the "License");
5
 * you may not use this file except in compliance with the License.
6
 * You may obtain a copy of the License at
7
 *
8
 * http://www.apache.org/licenses/LICENSE-2.0
9
 *
10
 * Unless required by applicable law or agreed to in writing, software
11
 * distributed under the License is distributed on an "AS IS" BASIS,
12
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
 * See the License for the specific language governing permissions and
14
 * limitations under the License.
15
 */
16
 
17
#include "sbox.h"
18
 
19
#ifndef LOCAL
20
#define LOCAL
21
#endif
22
 
23
#define byte unsigned char
24
typedef unsigned int word;
25
 
26
#define sub_byte(w) {       \
27
    byte *b = (byte *)&w;   \
28
    b[0] = table_0[b[0]*4]; \
29
    b[1] = table_0[b[1]*4]; \
30
    b[2] = table_0[b[2]*4]; \
31
    b[3] = table_0[b[3]*4]; \
32
}
33
#define rot_up_8(x)   x = (x << 8) | (x >> 24)
34
#define rot_16(x)     x = (x << 16) | (x >> 16)
35
#define rot_down_8(x) x = (x >> 8) | (x << 24)
36
#define table_lookup { \
37
    p0 = t0[b[0]];     \
38
    p1 = t0[b[1]];     \
39
    p2 = t0[b[2]];     \
40
    p3 = t0[b[3]];     \
41
}
42
#define final_mask if(is_final_round) { \
43
    p0 &= 0xFF;  \
44
    p1 &= 0xFF00; \
45
    rot_16(p2);   \
46
    p2 &= 0xFF0000; \
47
    rot_down_8(p3); \
48
    p3 &= 0xFF000000; \
49
} else { \
50
    rot_up_8(p0);      \
51
    rot_16(p1);        \
52
    rot_down_8(p2);    \
53
}
54
#define rot {       \
55
    rot_up_8(p0);   \
56
    rot_16(p1);     \
57
    rot_down_8(p2); \
58
}
59
 
60
void encrypt_128_key_expand_inline(word state[], word key[]) {
61
    int nr = 10;
62
    int i;
63
    word k0 = key[0], k1 = key[1], k2 = key[2], k3 = key[3];
64
    state[0] ^= k0;
65
    state[1] ^= k1;
66
    state[2] ^= k2;
67
    state[3] ^= k3;
68
    word *t0 = (word *)table_0;
69
    word y, p0, p1, p2, p3;
70
    byte *b = (byte *)&y;
71
    byte rcon = 1;
72
 
73
    for(i=1; i<=nr; i++) {
74
        word temp = k3;
75
        rot_down_8(temp);
76
        sub_byte(temp);
77
        temp ^= rcon;
78
        int j = (char)rcon;
79
        j <<= 1;
80
        j ^= (j >> 8) & 0x1B; // if (rcon&0x80 != 0) then (j ^= 0x1B)
81
        rcon = (byte)j;
82
        k0 ^= temp;
83
        k1 ^= k0;
84
        k2 ^= k1;
85
        k3 ^= k2;
86
 
87
        word z0 = k0, z1 = k1, z2 = k2, z3 = k3;
88
        int is_final_round = i == nr;
89
 
90
        y = state[0];
91
        table_lookup;
92
        final_mask;
93
        z0 ^= p0, z3 ^= p1, z2 ^= p2, z1 ^= p3;
94
 
95
        y = state[1];
96
        table_lookup;
97
        final_mask;
98
        z1 ^= p0, z0 ^= p1, z3 ^= p2, z2 ^= p3;
99
 
100
        y = state[2];
101
        table_lookup;
102
        final_mask;
103
        z2 ^= p0, z1 ^= p1, z0 ^= p2, z3 ^= p3;
104
 
105
        y = state[3];
106
        table_lookup;
107
        final_mask;
108
 
109
        state[0] = z0 ^ p3;
110
        state[1] = z1 ^ p2;
111
        state[2] = z2 ^ p1;
112
        state[3] = z3 ^ p0;
113
    }
114
}
115
 
116
void encrypt_128_key_expand_inline_no_branch(word state[], word key[]) {
117
    int nr = 10;
118
    int i;
119
    word k0 = key[0], k1 = key[1], k2 = key[2], k3 = key[3];
120
    state[0] ^= k0;
121
    state[1] ^= k1;
122
    state[2] ^= k2;
123
    state[3] ^= k3;
124
    word *t0 = (word *)table_0;
125
    word p0, p1, p2, p3;
126
    byte *b;
127
    byte rcon = 1;
128
 
129
    for(i=1; i<nr; i++) {
130
        word temp = k3;
131
        rot_down_8(temp);
132
        sub_byte(temp);
133
        temp ^= rcon;
134
        int j = (char)rcon;
135
        j <<= 1;
136
        j ^= (j >> 8) & 0x1B; // if (rcon&0x80 != 0) then (j ^= 0x1B)
137
        rcon = (byte)j;
138
        k0 ^= temp;
139
        k1 ^= k0;
140
        k2 ^= k1;
141
        k3 ^= k2;
142
        word z0 = k0, z1 = k1, z2 = k2, z3 = k3;
143
        b = (byte *)state; table_lookup; rot;
144
        z0 ^= p0, z3 ^= p1, z2 ^= p2, z1 ^= p3;
145
        b += 4; table_lookup; rot;
146
        z1 ^= p0, z0 ^= p1, z3 ^= p2, z2 ^= p3;
147
        b += 4; table_lookup; rot;
148
        z2 ^= p0, z1 ^= p1, z0 ^= p2, z3 ^= p3;
149
        b += 4; table_lookup; rot;
150
        state[0] = z0 ^ p3;
151
        state[1] = z1 ^ p2;
152
        state[2] = z2 ^ p1;
153
        state[3] = z3 ^ p0;
154
    }
155
    word temp = k3;
156
    rot_down_8(temp);
157
    sub_byte(temp);
158
    temp ^= rcon;
159
    k0 ^= temp;
160
    k1 ^= k0;
161
    k2 ^= k1;
162
    k3 ^= k2;
163
    byte *a = (byte *)state, *t = table_0;
164
    b = (byte *)&k0;
165
    b[0] ^= t[a[0]*4], b[1] ^= t[a[5]*4], b[2] ^= t[a[10]*4], b[3] ^= t[a[15]*4];
166
    b = (byte *)&k1;
167
    b[0] ^= t[a[4]*4], b[1] ^= t[a[9]*4], b[2] ^= t[a[14]*4], b[3] ^= t[a[3]*4];
168
    b = (byte *)&k2;
169
    b[0] ^= t[a[8]*4], b[1] ^= t[a[13]*4], b[2] ^= t[a[2]*4], b[3] ^= t[a[7]*4];
170
    b = (byte *)&k3;
171
    b[0] ^= t[a[12]*4], b[1] ^= t[a[1]*4], b[2] ^= t[a[6]*4], b[3] ^= t[a[11]*4];
172
    state[0] = k0;
173
    state[1] = k1;
174
    state[2] = k2;
175
    state[3] = k3;
176
}
177
 
178
void encrypt_192_key_expand_inline_no_branch(word state[], word key[]) {
179
    int i = 1, j;
180
    word *t0 = (word *)table_0;
181
    word k0 = key[0], k1 = key[1], k2 = key[2], k3 = key[3], k4 = key[4], k5 = key[5];
182
    word p0, p1, p2, p3, z0, z1, z2, z3, temp;
183
    byte *a = (byte *)state, *b, *t = table_0;
184
    byte rcon = 1;
185
 
186
    state[0] ^= k0; state[1] ^= k1; state[2] ^= k2; state[3] ^= k3;
187
 
188
    goto a;
189
 
190
    for(; i<=3; i++) { // round 1 ~ round 9
191
        k4 ^= k3; k5 ^= k4;
192
a:      temp = k5;
193
        rot_down_8(temp);
194
        sub_byte(temp);
195
        temp ^= rcon;
196
        j = (int)((char)rcon) << 1;
197
        rcon = (byte) (((j >> 8) & 0x1B) ^ j); // if (rcon&0x80 != 0) then (j ^= 0x1B)
198
        k0 ^= temp; k1 ^= k0;
199
 
200
        z0 = k4, z1 = k5, z2 = k0, z3 = k1;
201
        b = (byte *)state; table_lookup; rot;
202
        z0 ^= p0, z3 ^= p1, z2 ^= p2, z1 ^= p3;
203
        b += 4; table_lookup; rot;
204
        z1 ^= p0, z0 ^= p1, z3 ^= p2, z2 ^= p3;
205
        b += 4; table_lookup; rot;
206
        z2 ^= p0, z1 ^= p1, z0 ^= p2, z3 ^= p3;
207
        b += 4; table_lookup; rot;
208
        state[0] = z0 ^ p3;
209
        state[1] = z1 ^ p2;
210
        state[2] = z2 ^ p1;
211
        state[3] = z3 ^ p0;
212
 
213
        k2 ^= k1; k3 ^= k2; k4 ^= k3; k5 ^= k4;
214
 
215
        z0 = k2, z1 = k3, z2 = k4, z3 = k5;
216
        b = (byte *)state; table_lookup; rot;
217
        z0 ^= p0, z3 ^= p1, z2 ^= p2, z1 ^= p3;
218
        b += 4; table_lookup; rot;
219
        z1 ^= p0, z0 ^= p1, z3 ^= p2, z2 ^= p3;
220
        b += 4; table_lookup; rot;
221
        z2 ^= p0, z1 ^= p1, z0 ^= p2, z3 ^= p3;
222
        b += 4; table_lookup; rot;
223
        state[0] = z0 ^ p3;
224
        state[1] = z1 ^ p2;
225
        state[2] = z2 ^ p1;
226
        state[3] = z3 ^ p0;
227
 
228
        temp = k5;
229
        rot_down_8(temp);
230
        sub_byte(temp);
231
        temp ^= rcon;
232
        j = (int)((char)rcon) << 1;
233
        rcon = (byte) (((j >> 8) & 0x1B) ^ j); // if (rcon&0x80 != 0) then (j ^= 0x1B)
234
        k0 ^= temp; k1 ^= k0; k2 ^= k1; k3 ^= k2;
235
 
236
        z0 = k0, z1 = k1, z2 = k2, z3 = k3;
237
        b = (byte *)state; table_lookup; rot;
238
        z0 ^= p0, z3 ^= p1, z2 ^= p2, z1 ^= p3;
239
        b += 4; table_lookup; rot;
240
        z1 ^= p0, z0 ^= p1, z3 ^= p2, z2 ^= p3;
241
        b += 4; table_lookup; rot;
242
        z2 ^= p0, z1 ^= p1, z0 ^= p2, z3 ^= p3;
243
        b += 4; table_lookup; rot;
244
        state[0] = z0 ^ p3;
245
        state[1] = z1 ^ p2;
246
        state[2] = z2 ^ p1;
247
        state[3] = z3 ^ p0;
248
    }
249
    // round 10 ~ 12
250
 
251
    k4 ^= k3; k5 ^= k4;
252
    temp = k5;
253
    rot_down_8(temp);
254
    sub_byte(temp);
255
    temp ^= rcon;
256
    j = (int)((char)rcon) << 1;
257
    rcon = (byte) (((j >> 8) & 0x1B) ^ j); // if (rcon&0x80 != 0) then (j ^= 0x1B)
258
    k0 ^= temp; k1 ^= k0;
259
 
260
    z0 = k4, z1 = k5, z2 = k0, z3 = k1;
261
    b = (byte *)state; table_lookup; rot;
262
    z0 ^= p0, z3 ^= p1, z2 ^= p2, z1 ^= p3;
263
    b += 4; table_lookup; rot;
264
    z1 ^= p0, z0 ^= p1, z3 ^= p2, z2 ^= p3;
265
    b += 4; table_lookup; rot;
266
    z2 ^= p0, z1 ^= p1, z0 ^= p2, z3 ^= p3;
267
    b += 4; table_lookup; rot;
268
    state[0] = z0 ^ p3;
269
    state[1] = z1 ^ p2;
270
    state[2] = z2 ^ p1;
271
    state[3] = z3 ^ p0;
272
 
273
    k2 ^= k1; k3 ^= k2; k4 ^= k3; k5 ^= k4;
274
 
275
    z0 = k2, z1 = k3, z2 = k4, z3 = k5;
276
    b = (byte *)state; table_lookup; rot;
277
    z0 ^= p0, z3 ^= p1, z2 ^= p2, z1 ^= p3;
278
    b += 4; table_lookup; rot;
279
    z1 ^= p0, z0 ^= p1, z3 ^= p2, z2 ^= p3;
280
    b += 4; table_lookup; rot;
281
    z2 ^= p0, z1 ^= p1, z0 ^= p2, z3 ^= p3;
282
    b += 4; table_lookup; rot;
283
    state[0] = z0 ^ p3;
284
    state[1] = z1 ^ p2;
285
    state[2] = z2 ^ p1;
286
    state[3] = z3 ^ p0;
287
 
288
    temp = k5;
289
    rot_down_8(temp);
290
    sub_byte(temp);
291
    temp ^= rcon;
292
    k0 ^= temp; k1 ^= k0; k2 ^= k1; k3 ^= k2;
293
    b = (byte *)&k0; b[0] ^= t[a[0]*4], b[1] ^= t[a[5]*4], b[2] ^= t[a[10]*4], b[3] ^= t[a[15]*4];
294
    b = (byte *)&k1; b[0] ^= t[a[4]*4], b[1] ^= t[a[9]*4], b[2] ^= t[a[14]*4], b[3] ^= t[a[3]*4];
295
    b = (byte *)&k2; b[0] ^= t[a[8]*4], b[1] ^= t[a[13]*4], b[2] ^= t[a[2]*4], b[3] ^= t[a[7]*4];
296
    b = (byte *)&k3; b[0] ^= t[a[12]*4], b[1] ^= t[a[1]*4], b[2] ^= t[a[6]*4], b[3] ^= t[a[11]*4];
297
    state[0] = k0;
298
    state[1] = k1;
299
    state[2] = k2;
300
    state[3] = k3;
301
}
302
 
303
void encrypt_256_key_expand_inline_no_branch(word state[], word key[]) {
304
    int i=1, j;
305
    word *t0 = (word *)table_0;
306
    word k0 = key[0], k1 = key[1], k2 = key[2], k3 = key[3],
307
         k4 = key[4], k5 = key[5], k6 = key[6], k7 = key[7];
308
    word p0, p1, p2, p3, z0, z1, z2, z3, temp;
309
    byte *a = (byte *)state, *b, *t = table_0;
310
    byte rcon = 1;
311
 
312
    state[0] ^= k0; state[1] ^= k1; state[2] ^= k2; state[3] ^= k3;
313
 
314
    goto a;
315
 
316
    for(; i<=6; i++) { // round 1 ~ round 12
317
        temp = k3; sub_byte(temp); k4 ^= temp;
318
        k5 ^= k4; k6 ^= k5; k7 ^= k6;
319
 
320
a:      z0 = k4, z1 = k5, z2 = k6, z3 = k7;
321
        b = (byte *)state; table_lookup; rot;
322
        z0 ^= p0, z3 ^= p1, z2 ^= p2, z1 ^= p3;
323
        b += 4; table_lookup; rot;
324
        z1 ^= p0, z0 ^= p1, z3 ^= p2, z2 ^= p3;
325
        b += 4; table_lookup; rot;
326
        z2 ^= p0, z1 ^= p1, z0 ^= p2, z3 ^= p3;
327
        b += 4; table_lookup; rot;
328
        state[0] = z0 ^ p3;
329
        state[1] = z1 ^ p2;
330
        state[2] = z2 ^ p1;
331
        state[3] = z3 ^ p0;
332
 
333
        temp = k7;
334
        rot_down_8(temp);
335
        sub_byte(temp);
336
        temp ^= rcon;
337
        j = (int)((char)rcon) << 1;
338
        rcon = (byte) (((j >> 8) & 0x1B) ^ j); // if (rcon&0x80 != 0) then (j ^= 0x1B)
339
        k0 ^= temp; k1 ^= k0; k2 ^= k1; k3 ^= k2;
340
 
341
        z0 = k0, z1 = k1, z2 = k2, z3 = k3;
342
        b = (byte *)state; table_lookup; rot;
343
        z0 ^= p0, z3 ^= p1, z2 ^= p2, z1 ^= p3;
344
        b += 4; table_lookup; rot;
345
        z1 ^= p0, z0 ^= p1, z3 ^= p2, z2 ^= p3;
346
        b += 4; table_lookup; rot;
347
        z2 ^= p0, z1 ^= p1, z0 ^= p2, z3 ^= p3;
348
        b += 4; table_lookup; rot;
349
        state[0] = z0 ^ p3;
350
        state[1] = z1 ^ p2;
351
        state[2] = z2 ^ p1;
352
        state[3] = z3 ^ p0;
353
    }
354
    // round 13 ~ 14
355
 
356
    temp = k3; sub_byte(temp); k4 ^= temp;
357
    k5 ^= k4; k6 ^= k5; k7 ^= k6;
358
 
359
    z0 = k4, z1 = k5, z2 = k6, z3 = k7;
360
    b = (byte *)state; table_lookup; rot;
361
    z0 ^= p0, z3 ^= p1, z2 ^= p2, z1 ^= p3;
362
    b += 4; table_lookup; rot;
363
    z1 ^= p0, z0 ^= p1, z3 ^= p2, z2 ^= p3;
364
    b += 4; table_lookup; rot;
365
    z2 ^= p0, z1 ^= p1, z0 ^= p2, z3 ^= p3;
366
    b += 4; table_lookup; rot;
367
    state[0] = z0 ^ p3;
368
    state[1] = z1 ^ p2;
369
    state[2] = z2 ^ p1;
370
    state[3] = z3 ^ p0;
371
 
372
    temp = k7;
373
    rot_down_8(temp);
374
    sub_byte(temp);
375
    temp ^= rcon;
376
    k0 ^= temp; k1 ^= k0; k2 ^= k1; k3 ^= k2;
377
 
378
    b = (byte *)&k0; b[0] ^= t[a[0]*4], b[1] ^= t[a[5]*4], b[2] ^= t[a[10]*4], b[3] ^= t[a[15]*4];
379
    b = (byte *)&k1; b[0] ^= t[a[4]*4], b[1] ^= t[a[9]*4], b[2] ^= t[a[14]*4], b[3] ^= t[a[3]*4];
380
    b = (byte *)&k2; b[0] ^= t[a[8]*4], b[1] ^= t[a[13]*4], b[2] ^= t[a[2]*4], b[3] ^= t[a[7]*4];
381
    b = (byte *)&k3; b[0] ^= t[a[12]*4], b[1] ^= t[a[1]*4], b[2] ^= t[a[6]*4], b[3] ^= t[a[11]*4];
382
    state[0] = k0;
383
    state[1] = k1;
384
    state[2] = k2;
385
    state[3] = k3;
386
}

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.