aesni: Implement 192-bit key schedule

diff --git a/src/libstrongswan/plugins/aesni/aesni_key.c b/src/libstrongswan/plugins/aesni/aesni_key.c
index 55a912f8cf3c77acbabda2921bddd16f5f39624b..df02c5098f9e2fed8dea89b433d97cc041d08082 100644 (file)
--- a/src/libstrongswan/plugins/aesni/aesni_key.c
+++ b/src/libstrongswan/plugins/aesni/aesni_key.c
@@ -19,6 +19,7 @@
  * Rounds used for each AES key size
  */
 #define AES128_ROUNDS 10
+#define AES192_ROUNDS 12
 
 typedef struct private_aesni_key_t private_aesni_key_t;
 
@@ -94,6 +95,80 @@ static void expand128(__m128i *key, __m128i *schedule)
        schedule[10]    = assist128(t, _mm_aeskeygenassist_si128(t, 0x36));
 }
 
+/**
+ * Assist in creating a 192-bit round key
+ */
+static __m128i assist192(__m128i b, __m128i c, __m128i *a)
+{
+       __m128i t;
+
+        b = _mm_shuffle_epi32(b, 0x55);
+        t = _mm_slli_si128(*a, 0x04);
+       *a = _mm_xor_si128(*a, t);
+        t = _mm_slli_si128(t, 0x04);
+       *a = _mm_xor_si128(*a, t);
+        t = _mm_slli_si128(t, 0x04);
+       *a = _mm_xor_si128(*a, t);
+       *a = _mm_xor_si128(*a, b);
+        b = _mm_shuffle_epi32(*a, 0xff);
+        t = _mm_slli_si128(c, 0x04);
+        t = _mm_xor_si128(c, t);
+        t = _mm_xor_si128(t, b);
+
+       return t;
+}
+
+/**
+ * return a[63:0] | b[63:0] << 64
+ */
+static __m128i _mm_shuffle_i00(__m128i a, __m128i b)
+{
+       return (__m128i)_mm_shuffle_pd((__m128d)a, (__m128d)b, 0);
+}
+
+/**
+ * return a[127:64] >> 64 | b[63:0] << 64
+ */
+static __m128i _mm_shuffle_i01(__m128i a, __m128i b)
+{
+       return (__m128i)_mm_shuffle_pd((__m128d)a, (__m128d)b, 1);
+}
+
+/**
+ * Expand a 192-bit encryption key to round keys
+ */
+static void expand192(__m128i *key, __m128i *schedule)
+{
+       __m128i t1, t2, t3;
+
+       schedule[0] = t1 = _mm_loadu_si128(key);
+       t2 = t3 = _mm_loadu_si128(key + 1);
+
+       t2 = assist192(_mm_aeskeygenassist_si128(t2, 0x1), t2, &t1);
+       schedule[1] = _mm_shuffle_i00(t3, t1);
+       schedule[2] = _mm_shuffle_i01(t1, t2);
+       t2 = t3 = assist192(_mm_aeskeygenassist_si128(t2, 0x2), t2, &t1);
+       schedule[3] = t1;
+
+       t2 = assist192(_mm_aeskeygenassist_si128(t2, 0x4), t2, &t1);
+       schedule[4] = _mm_shuffle_i00(t3, t1);
+       schedule[5] = _mm_shuffle_i01(t1, t2);
+       t2 = t3 = assist192(_mm_aeskeygenassist_si128(t2, 0x8), t2, &t1);
+       schedule[6] = t1;
+
+       t2 = assist192(_mm_aeskeygenassist_si128 (t2,0x10), t2, &t1);
+       schedule[7] = _mm_shuffle_i00(t3, t1);
+       schedule[8] = _mm_shuffle_i01(t1, t2);
+       t2 = t3 = assist192(_mm_aeskeygenassist_si128 (t2,0x20), t2, &t1);
+       schedule[9] = t1;
+
+       t2 = assist192(_mm_aeskeygenassist_si128(t2, 0x40), t2, &t1);
+       schedule[10] = _mm_shuffle_i00(t3, t1);
+       schedule[11] = _mm_shuffle_i01(t1, t2);
+       assist192(_mm_aeskeygenassist_si128(t2, 0x80), t2, &t1);
+       schedule[12] = t1;
+}
+
 METHOD(aesni_key_t, destroy, void,
        private_aesni_key_t *this)
 {
@@ -114,6 +189,9 @@ aesni_key_t *aesni_key_create(bool encrypt, chunk_t key)
                case 16:
                        rounds = AES128_ROUNDS;
                        break;
+               case 24:
+                       rounds = AES192_ROUNDS;
+                       break;
                default:
                        return NULL;
        }
@@ -130,6 +208,9 @@ aesni_key_t *aesni_key_create(bool encrypt, chunk_t key)
                case 16:
                        expand128((__m128i*)key.ptr, this->public.schedule);
                        break;
+               case 24:
+                       expand192((__m128i*)key.ptr, this->public.schedule);
+                       break;
                default:
                        break;
        }