2010-07-24 Niels Möller <nisse@lysator.liu.se>
+ * aes.h (aes_invert_key): Declare it.
+
+ * aes-set-decrypt-key.c (aes_invert_key): New function, key
+ inversion code extracted from aes_set_decrypt_key.
+ (aes_set_decrypt_key): Use aes_invert_key.
+
* camellia-set-encrypt-key.c (camellia_setup128): Generate
unmodified subkeys according to the spec. Moved clever combination
of subkeys to camellia_set_encrypt_key.
#define SWAP(a, b) \
do { uint32_t t_swap = (a); (a) = (b); (b) = t_swap; } while(0)
+void
+aes_invert_key(struct aes_ctx *dst,
+ const struct aes_ctx *src)
+{
+ unsigned nrounds;
+ unsigned i;
+
+ nrounds = src->nrounds;
+
+ /* Reverse the order of subkeys, in groups of 4. */
+ /* FIXME: Instead of reordering the subkeys, change the access order
+ of aes_decrypt, since it's a separate function anyway? */
+ if (src == dst)
+ {
+ unsigned j, k;
+
+ for (i = 0, j = nrounds * 4;
+ i < j;
+ i += 4, j -= 4)
+ for (k = 0; k<4; k++)
+ SWAP(dst->keys[i+k], dst->keys[j+k]);
+ }
+ else
+ {
+ unsigned k;
+
+ dst->nrounds = nrounds;
+ for (i = 0; i <= nrounds * 4; i += 4)
+ for (k = 0; k < 4; k++)
+ dst->keys[i+k] = src->keys[nrounds * 4 - i + k];
+ }
+
+ /* Transform all subkeys but the first and last. */
+ for (i = 4; i < 4 * nrounds; i += 4)
+ inv_mix_column(dst->keys + i);
+}
+
void
aes_set_decrypt_key(struct aes_ctx *ctx,
unsigned keysize, const uint8_t *key)
{
- unsigned nkeys;
- unsigned i, j, k;
-
/* We first create subkeys for encryption,
* then modify the subkeys for decryption. */
aes_set_encrypt_key(ctx, keysize, key);
-
- nkeys = (AES_BLOCK_SIZE/4) * (ctx->nrounds + 1);
-
- /* Reverse the order of subkeys */
- for (i = 0, j = ctx->nrounds * 4;
- i < j;
- i += 4, j -= 4)
- for (k = 0; k<4; k++)
- SWAP(ctx->keys[i+k], ctx->keys[j+k]);
-
- /* Transform all subkeys but the first and last. */
- for (i = 4; i < 4 * ctx->nrounds; i += 4)
- inv_mix_column(ctx->keys + i);
+ aes_invert_key(ctx, ctx);
}
/* Name mangling */
#define aes_set_encrypt_key nettle_aes_set_encrypt_key
#define aes_set_decrypt_key nettle_aes_set_decrypt_key
+#define aes_invert_key nettle_aes_invert_key
#define aes_encrypt nettle_aes_encrypt
#define aes_decrypt nettle_aes_decrypt
#define AES_KEY_SIZE 32
+/* FIXME: Change to put nrounds first, to make it possible to use a
+ truncated ctx struct, with less subkeys, for the shorter key
+ sizes? */
struct aes_ctx
{
uint32_t keys[60]; /* maximum size of key schedule */
void
aes_set_encrypt_key(struct aes_ctx *ctx,
unsigned length, const uint8_t *key);
+
void
aes_set_decrypt_key(struct aes_ctx *ctx,
unsigned length, const uint8_t *key);
+void
+aes_invert_key(struct aes_ctx *dst,
+ const struct aes_ctx *src);
+
void
aes_encrypt(const struct aes_ctx *ctx,
unsigned length, uint8_t *dst,
projects / thirdparty / nettle.git / commitdiff
