Inicio Explorar Ayuda
Iniciar sesión
tzafrir
/
asterisk
Seguir 2
Destacar 0
Fork 1
Archivos Incidencias 0 Pull Requests 0 Wiki
Rama: svn_v1-0
Ramas Etiquetas
asterisk
/
aeskey.c

aeskey.c 14 KB
Permalink Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464 
  1. /*
    2. 

  2.  ---------------------------------------------------------------------------
    3. 

  3.  Copyright (c) 2003, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
    4. 

  4.  All rights reserved.
    5. 

  5. 

  6.  LICENSE TERMS
    7. 

  7. 

  8.  The free distribution and use of this software in both source and binary
    9. 

  9.  form is allowed (with or without changes) provided that:
    10. 

  10. 

  11.    1. distributions of this source code include the above copyright
    12. 

  12.       notice, this list of conditions and the following disclaimer;
    13. 

  13. 

  14.    2. distributions in binary form include the above copyright
    15. 

  15.       notice, this list of conditions and the following disclaimer
    16. 

  16.       in the documentation and/or other associated materials;
    17. 

  17. 

  18.    3. the copyright holder's name is not used to endorse products
    19. 

  19.       built using this software without specific written permission.
    20. 

  20. 

  21.  ALTERNATIVELY, provided that this notice is retained in full, this product
    22. 

  22.  may be distributed under the terms of the GNU General Public License (GPL),
    23. 

  23.  in which case the provisions of the GPL apply INSTEAD OF those given above.
    24. 

  24. 

  25.  DISCLAIMER
    26. 

  26. 

  27.  This software is provided 'as is' with no explicit or implied warranties
    28. 

  28.  in respect of its properties, including, but not limited to, correctness
    29. 

  29.  and/or fitness for purpose.
    30. 

  30.  ---------------------------------------------------------------------------
    31. 

  31.  Issue Date: 26/08/2003
    32. 

  32. 

  33.  This file contains the code for implementing the key schedule for AES
    34. 

  34.  (Rijndael) for block and key sizes of 16, 24, and 32 bytes. See aesopt.h
    35. 

  35.  for further details including optimisation.
    36. 

  36. */
    37. 

  37. 

  38. #include "aesopt.h"
    39. 

  39. 

  40. #if defined(__cplusplus)
    41. 

  41. extern "C"
    42. 

  42. {
    43. 

  43. #endif
    44. 

  44. 

  45. /* Initialise the key schedule from the user supplied key. The key
    46. 

  46.    length can be specified in bytes, with legal values of 16, 24
    47. 

  47.    and 32, or in bits, with legal values of 128, 192 and 256. These
    48. 

  48.    values correspond with Nk values of 4, 6 and 8 respectively.
    49. 

  49. 

  50.    The following macros implement a single cycle in the key
    51. 

  51.    schedule generation process. The number of cycles needed
    52. 

  52.    for each cx->n_col and nk value is:
    53. 

  53. 

  54.     nk =             4  5  6  7  8
    55. 

  55.     ------------------------------
    56. 

  56.     cx->n_col = 4   10  9  8  7  7
    57. 

  57.     cx->n_col = 5   14 11 10  9  9
    58. 

  58.     cx->n_col = 6   19 15 12 11 11
    59. 

  59.     cx->n_col = 7   21 19 16 13 14
    60. 

  60.     cx->n_col = 8   29 23 19 17 14
    61. 

  61. */
    62. 

  62. 

  63. #define ke4(k,i) \
    64. 

  64. {   k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+5] = ss[1] ^= ss[0]; \
    65. 

  65.     k[4*(i)+6] = ss[2] ^= ss[1]; k[4*(i)+7] = ss[3] ^= ss[2]; \
    66. 

  66. }
    67. 

  67. #define kel4(k,i) \
    68. 

  68. {   k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+5] = ss[1] ^= ss[0]; \
    69. 

  69.     k[4*(i)+6] = ss[2] ^= ss[1]; k[4*(i)+7] = ss[3] ^= ss[2]; \
    70. 

  70. }
    71. 

  71. 

  72. #define ke6(k,i) \
    73. 

  73. {   k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 7] = ss[1] ^= ss[0]; \
    74. 

  74.     k[6*(i)+ 8] = ss[2] ^= ss[1]; k[6*(i)+ 9] = ss[3] ^= ss[2]; \
    75. 

  75.     k[6*(i)+10] = ss[4] ^= ss[3]; k[6*(i)+11] = ss[5] ^= ss[4]; \
    76. 

  76. }
    77. 

  77. #define kel6(k,i) \
    78. 

  78. {   k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 7] = ss[1] ^= ss[0]; \
    79. 

  79.     k[6*(i)+ 8] = ss[2] ^= ss[1]; k[6*(i)+ 9] = ss[3] ^= ss[2]; \
    80. 

  80. }
    81. 

  81. 

  82. #define ke8(k,i) \
    83. 

  83. {   k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 9] = ss[1] ^= ss[0]; \
    84. 

  84.     k[8*(i)+10] = ss[2] ^= ss[1]; k[8*(i)+11] = ss[3] ^= ss[2]; \
    85. 

  85.     k[8*(i)+12] = ss[4] ^= ls_box(ss[3],0); k[8*(i)+13] = ss[5] ^= ss[4]; \
    86. 

  86.     k[8*(i)+14] = ss[6] ^= ss[5]; k[8*(i)+15] = ss[7] ^= ss[6]; \
    87. 

  87. }
    88. 

  88. #define kel8(k,i) \
    89. 

  89. {   k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 9] = ss[1] ^= ss[0]; \
    90. 

  90.     k[8*(i)+10] = ss[2] ^= ss[1]; k[8*(i)+11] = ss[3] ^= ss[2]; \
    91. 

  91. }
    92. 

  92. 

  93. #if defined(ENCRYPTION_KEY_SCHEDULE)
    94. 

  94. 

  95. #if defined(AES_128) || defined(AES_VAR)
    96. 

  96. 

  97. aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1])
    98. 

  98. {   aes_32t    ss[4];
    99. 

  99. 

  100.     cx->ks[0] = ss[0] = word_in(in_key, 0);
    101. 

  101.     cx->ks[1] = ss[1] = word_in(in_key, 1);
    102. 

  102.     cx->ks[2] = ss[2] = word_in(in_key, 2);
    103. 

  103.     cx->ks[3] = ss[3] = word_in(in_key, 3);
    104. 

  104. 

  105. #if ENC_UNROLL == NONE
    106. 

  106.     {   aes_32t i;
    107. 

  107. 

  108.         for(i = 0; i < ((11 * N_COLS - 1) / 4); ++i)
    109. 

  109.             ke4(cx->ks, i);
    110. 

  110.     }
    111. 

  111. #else
    112. 

  112.     ke4(cx->ks, 0);  ke4(cx->ks, 1);
    113. 

  113.     ke4(cx->ks, 2);  ke4(cx->ks, 3);
    114. 

  114.     ke4(cx->ks, 4);  ke4(cx->ks, 5);
    115. 

  115.     ke4(cx->ks, 6);  ke4(cx->ks, 7);
    116. 

  116.     ke4(cx->ks, 8); kel4(cx->ks, 9);
    117. 

  117. #endif
    118. 

  118. 

  119.     /* cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] is zero for a 256 bit       */
    120. 

  120.     /* key and must be non-zero for 128 and 192 bits keys   */
    121. 

  121.     cx->ks[53] = cx->ks[45] = 0;
    122. 

  122.     cx->ks[52] = 10;
    123. 

  123. #ifdef AES_ERR_CHK
    124. 

  124.     return aes_good;
    125. 

  125. #endif
    126. 

  126. }
    127. 

  127. 

  128. #endif
    129. 

  129. 

  130. #if defined(AES_192) || defined(AES_VAR)
    131. 

  131. 

  132. aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1])
    133. 

  133. {   aes_32t    ss[6];
    134. 

  134. 

  135.     cx->ks[0] = ss[0] = word_in(in_key, 0);
    136. 

  136.     cx->ks[1] = ss[1] = word_in(in_key, 1);
    137. 

  137.     cx->ks[2] = ss[2] = word_in(in_key, 2);
    138. 

  138.     cx->ks[3] = ss[3] = word_in(in_key, 3);
    139. 

  139.     cx->ks[4] = ss[4] = word_in(in_key, 4);
    140. 

  140.     cx->ks[5] = ss[5] = word_in(in_key, 5);
    141. 

  141. 

  142. #if ENC_UNROLL == NONE
    143. 

  143.     {   aes_32t i;
    144. 

  144. 

  145.         for(i = 0; i < (13 * N_COLS - 1) / 6; ++i)
    146. 

  146.             ke6(cx->ks, i);
    147. 

  147.     }
    148. 

  148. #else
    149. 

  149.     ke6(cx->ks, 0);  ke6(cx->ks, 1);
    150. 

  150.     ke6(cx->ks, 2);  ke6(cx->ks, 3);
    151. 

  151.     ke6(cx->ks, 4);  ke6(cx->ks, 5);
    152. 

  152.     ke6(cx->ks, 6); kel6(cx->ks, 7);
    153. 

  153. #endif
    154. 

  154. 

  155.     /* cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] is zero for a 256 bit       */
    156. 

  156.     /* key and must be non-zero for 128 and 192 bits keys   */
    157. 

  157.     cx->ks[53] = cx->ks[45];
    158. 

  158.     cx->ks[52] = 12;
    159. 

  159. #ifdef AES_ERR_CHK
    160. 

  160.     return aes_good;
    161. 

  161. #endif
    162. 

  162. }
    163. 

  163. 

  164. #endif
    165. 

  165. 

  166. #if defined(AES_256) || defined(AES_VAR)
    167. 

  167. 

  168. aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1])
    169. 

  169. {   aes_32t    ss[8];
    170. 

  170. 

  171.     cx->ks[0] = ss[0] = word_in(in_key, 0);
    172. 

  172.     cx->ks[1] = ss[1] = word_in(in_key, 1);
    173. 

  173.     cx->ks[2] = ss[2] = word_in(in_key, 2);
    174. 

  174.     cx->ks[3] = ss[3] = word_in(in_key, 3);
    175. 

  175.     cx->ks[4] = ss[4] = word_in(in_key, 4);
    176. 

  176.     cx->ks[5] = ss[5] = word_in(in_key, 5);
    177. 

  177.     cx->ks[6] = ss[6] = word_in(in_key, 6);
    178. 

  178.     cx->ks[7] = ss[7] = word_in(in_key, 7);
    179. 

  179. 

  180. #if ENC_UNROLL == NONE
    181. 

  181.     {   aes_32t i;
    182. 

  182. 

  183.         for(i = 0; i < (15 * N_COLS - 1) / 8; ++i)
    184. 

  184.             ke8(cx->ks,  i);
    185. 

  185.     }
    186. 

  186. #else
    187. 

  187.     ke8(cx->ks, 0); ke8(cx->ks, 1);
    188. 

  188.     ke8(cx->ks, 2); ke8(cx->ks, 3);
    189. 

  189.     ke8(cx->ks, 4); ke8(cx->ks, 5);
    190. 

  190.     kel8(cx->ks, 6);
    191. 

  191. #endif
    192. 

  192. #ifdef AES_ERR_CHK
    193. 

  193.     return aes_good;
    194. 

  194. #endif
    195. 

  195. }
    196. 

  196. 

  197. #endif
    198. 

  198. 

  199. #if defined(AES_VAR)
    200. 

  200. 

  201. aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1])
    202. 

  202. {
    203. 

  203.     switch(key_len)
    204. 

  204.     {
    205. 

  205. #ifdef AES_ERR_CHK
    206. 

  206.     case 16: case 128: return aes_encrypt_key128(in_key, cx);
    207. 

  207.     case 24: case 192: return aes_encrypt_key192(in_key, cx);
    208. 

  208.     case 32: case 256: return aes_encrypt_key256(in_key, cx);
    209. 

  209.     default: return aes_error;
    210. 

  210. #else
    211. 

  211.     case 16: case 128: aes_encrypt_key128(in_key, cx); return;
    212. 

  212.     case 24: case 192: aes_encrypt_key192(in_key, cx); return;
    213. 

  213.     case 32: case 256: aes_encrypt_key256(in_key, cx); return;
    214. 

  214. #endif
    215. 

  215.     }
    216. 

  216. }
    217. 

  217. 

  218. #endif
    219. 

  219. 

  220. #endif
    221. 

  221. 

  222. #if defined(DECRYPTION_KEY_SCHEDULE)
    223. 

  223. 

  224. #if DEC_ROUND == NO_TABLES
    225. 

  225. #define ff(x)   (x)
    226. 

  226. #else
    227. 

  227. #define ff(x)   inv_mcol(x)
    228. 

  228. #ifdef  dec_imvars
    229. 

  229. #define d_vars  dec_imvars
    230. 

  230. #endif
    231. 

  231. #endif
    232. 

  232. 

  233. #if 1
    234. 

  234. #define kdf4(k,i) \
    235. 

  235. {   ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; ss[1] = ss[1] ^ ss[3]; ss[2] = ss[2] ^ ss[3]; ss[3] = ss[3]; \
    236. 

  236.     ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
    237. 

  237.     ss[4] ^= k[4*(i)];   k[4*(i)+4] = ff(ss[4]); ss[4] ^= k[4*(i)+1]; k[4*(i)+5] = ff(ss[4]); \
    238. 

  238.     ss[4] ^= k[4*(i)+2]; k[4*(i)+6] = ff(ss[4]); ss[4] ^= k[4*(i)+3]; k[4*(i)+7] = ff(ss[4]); \
    239. 

  239. }
    240. 

  240. #define kd4(k,i) \
    241. 

  241. {   ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; ss[4] = ff(ss[4]); \
    242. 

  242.     k[4*(i)+4] = ss[4] ^= k[4*(i)]; k[4*(i)+5] = ss[4] ^= k[4*(i)+1]; \
    243. 

  243.     k[4*(i)+6] = ss[4] ^= k[4*(i)+2]; k[4*(i)+7] = ss[4] ^= k[4*(i)+3]; \
    244. 

  244. }
    245. 

  245. #define kdl4(k,i) \
    246. 

  246. {   ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
    247. 

  247.     k[4*(i)+4] = (ss[0] ^= ss[1]) ^ ss[2] ^ ss[3]; k[4*(i)+5] = ss[1] ^ ss[3]; \
    248. 

  248.     k[4*(i)+6] = ss[0]; k[4*(i)+7] = ss[1]; \
    249. 

  249. }
    250. 

  250. #else
    251. 

  251. #define kdf4(k,i) \
    252. 

  252. {   ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+ 4] = ff(ss[0]); ss[1] ^= ss[0]; k[4*(i)+ 5] = ff(ss[1]); \
    253. 

  253.     ss[2] ^= ss[1]; k[4*(i)+ 6] = ff(ss[2]); ss[3] ^= ss[2]; k[4*(i)+ 7] = ff(ss[3]); \
    254. 

  254. }
    255. 

  255. #define kd4(k,i) \
    256. 

  256. {   ss[4] = ls_box(ss[3],3) ^ t_use(r,c)[i]; \
    257. 

  257.     ss[0] ^= ss[4]; ss[4] = ff(ss[4]); k[4*(i)+ 4] = ss[4] ^= k[4*(i)]; \
    258. 

  258.     ss[1] ^= ss[0]; k[4*(i)+ 5] = ss[4] ^= k[4*(i)+ 1]; \
    259. 

  259.     ss[2] ^= ss[1]; k[4*(i)+ 6] = ss[4] ^= k[4*(i)+ 2]; \
    260. 

  260.     ss[3] ^= ss[2]; k[4*(i)+ 7] = ss[4] ^= k[4*(i)+ 3]; \
    261. 

  261. }
    262. 

  262. #define kdl4(k,i) \
    263. 

  263. {   ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+ 4] = ss[0]; ss[1] ^= ss[0]; k[4*(i)+ 5] = ss[1]; \
    264. 

  264.     ss[2] ^= ss[1]; k[4*(i)+ 6] = ss[2]; ss[3] ^= ss[2]; k[4*(i)+ 7] = ss[3]; \
    265. 

  265. }
    266. 

  266. #endif
    267. 

  267. 

  268. #define kdf6(k,i) \
    269. 

  269. {   ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 6] = ff(ss[0]); ss[1] ^= ss[0]; k[6*(i)+ 7] = ff(ss[1]); \
    270. 

  270.     ss[2] ^= ss[1]; k[6*(i)+ 8] = ff(ss[2]); ss[3] ^= ss[2]; k[6*(i)+ 9] = ff(ss[3]); \
    271. 

  271.     ss[4] ^= ss[3]; k[6*(i)+10] = ff(ss[4]); ss[5] ^= ss[4]; k[6*(i)+11] = ff(ss[5]); \
    272. 

  272. }
    273. 

  273. #define kd6(k,i) \
    274. 

  274. {   ss[6] = ls_box(ss[5],3) ^ t_use(r,c)[i]; \
    275. 

  275.     ss[0] ^= ss[6]; ss[6] = ff(ss[6]); k[6*(i)+ 6] = ss[6] ^= k[6*(i)]; \
    276. 

  276.     ss[1] ^= ss[0]; k[6*(i)+ 7] = ss[6] ^= k[6*(i)+ 1]; \
    277. 

  277.     ss[2] ^= ss[1]; k[6*(i)+ 8] = ss[6] ^= k[6*(i)+ 2]; \
    278. 

  278.     ss[3] ^= ss[2]; k[6*(i)+ 9] = ss[6] ^= k[6*(i)+ 3]; \
    279. 

  279.     ss[4] ^= ss[3]; k[6*(i)+10] = ss[6] ^= k[6*(i)+ 4]; \
    280. 

  280.     ss[5] ^= ss[4]; k[6*(i)+11] = ss[6] ^= k[6*(i)+ 5]; \
    281. 

  281. }
    282. 

  282. #define kdl6(k,i) \
    283. 

  283. {   ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 6] = ss[0]; ss[1] ^= ss[0]; k[6*(i)+ 7] = ss[1]; \
    284. 

  284.     ss[2] ^= ss[1]; k[6*(i)+ 8] = ss[2]; ss[3] ^= ss[2]; k[6*(i)+ 9] = ss[3]; \
    285. 

  285. }
    286. 

  286. 

  287. #define kdf8(k,i) \
    288. 

  288. {   ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 8] = ff(ss[0]); ss[1] ^= ss[0]; k[8*(i)+ 9] = ff(ss[1]); \
    289. 

  289.     ss[2] ^= ss[1]; k[8*(i)+10] = ff(ss[2]); ss[3] ^= ss[2]; k[8*(i)+11] = ff(ss[3]); \
    290. 

  290.     ss[4] ^= ls_box(ss[3],0); k[8*(i)+12] = ff(ss[4]); ss[5] ^= ss[4]; k[8*(i)+13] = ff(ss[5]); \
    291. 

  291.     ss[6] ^= ss[5]; k[8*(i)+14] = ff(ss[6]); ss[7] ^= ss[6]; k[8*(i)+15] = ff(ss[7]); \
    292. 

  292. }
    293. 

  293. #define kd8(k,i) \
    294. 

  294. {   aes_32t g = ls_box(ss[7],3) ^ t_use(r,c)[i]; \
    295. 

  295.     ss[0] ^= g; g = ff(g); k[8*(i)+ 8] = g ^= k[8*(i)]; \
    296. 

  296.     ss[1] ^= ss[0]; k[8*(i)+ 9] = g ^= k[8*(i)+ 1]; \
    297. 

  297.     ss[2] ^= ss[1]; k[8*(i)+10] = g ^= k[8*(i)+ 2]; \
    298. 

  298.     ss[3] ^= ss[2]; k[8*(i)+11] = g ^= k[8*(i)+ 3]; \
    299. 

  299.     g = ls_box(ss[3],0); \
    300. 

  300.     ss[4] ^= g; g = ff(g); k[8*(i)+12] = g ^= k[8*(i)+ 4]; \
    301. 

  301.     ss[5] ^= ss[4]; k[8*(i)+13] = g ^= k[8*(i)+ 5]; \
    302. 

  302.     ss[6] ^= ss[5]; k[8*(i)+14] = g ^= k[8*(i)+ 6]; \
    303. 

  303.     ss[7] ^= ss[6]; k[8*(i)+15] = g ^= k[8*(i)+ 7]; \
    304. 

  304. }
    305. 

  305. #define kdl8(k,i) \
    306. 

  306. {   ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 8] = ss[0]; ss[1] ^= ss[0]; k[8*(i)+ 9] = ss[1]; \
    307. 

  307.     ss[2] ^= ss[1]; k[8*(i)+10] = ss[2]; ss[3] ^= ss[2]; k[8*(i)+11] = ss[3]; \
    308. 

  308. }
    309. 

  309. 

  310. #if defined(AES_128) || defined(AES_VAR)
    311. 

  311. 

  312. aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1])
    313. 

  313. {   aes_32t    ss[5];
    314. 

  314. #ifdef  d_vars
    315. 

  315.         d_vars;
    316. 

  316. #endif
    317. 

  317.     cx->ks[0] = ss[0] = word_in(in_key, 0);
    318. 

  318.     cx->ks[1] = ss[1] = word_in(in_key, 1);
    319. 

  319.     cx->ks[2] = ss[2] = word_in(in_key, 2);
    320. 

  320.     cx->ks[3] = ss[3] = word_in(in_key, 3);
    321. 

  321. 

  322. #if DEC_UNROLL == NONE
    323. 

  323.     {   aes_32t i;
    324. 

  324. 

  325.         for(i = 0; i < (11 * N_COLS - 1) / 4; ++i)
    326. 

  326.             ke4(cx->ks, i);
    327. 

  327. #if !(DEC_ROUND == NO_TABLES)
    328. 

  328.         for(i = N_COLS; i < 10 * N_COLS; ++i)
    329. 

  329.             cx->ks[i] = inv_mcol(cx->ks[i]);
    330. 

  330. #endif
    331. 

  331.     }
    332. 

  332. #else
    333. 

  333.     kdf4(cx->ks, 0);  kd4(cx->ks, 1);
    334. 

  334.      kd4(cx->ks, 2);  kd4(cx->ks, 3);
    335. 

  335.      kd4(cx->ks, 4);  kd4(cx->ks, 5);
    336. 

  336.      kd4(cx->ks, 6);  kd4(cx->ks, 7);
    337. 

  337.      kd4(cx->ks, 8); kdl4(cx->ks, 9);
    338. 

  338. #endif
    339. 

  339. 

  340.     /* cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] is zero for a 256 bit       */
    341. 

  341.     /* key and must be non-zero for 128 and 192 bits keys   */
    342. 

  342.     cx->ks[53] = cx->ks[45] = 0;
    343. 

  343.     cx->ks[52] = 10;
    344. 

  344. #ifdef AES_ERR_CHK
    345. 

  345.     return aes_good;
    346. 

  346. #endif
    347. 

  347. }
    348. 

  348. 

  349. #endif
    350. 

  350. 

  351. #if defined(AES_192) || defined(AES_VAR)
    352. 

  352. 

  353. aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1])
    354. 

  354. {   aes_32t    ss[7];
    355. 

  355. #ifdef  d_vars
    356. 

  356.         d_vars;
    357. 

  357. #endif
    358. 

  358.     cx->ks[0] = ss[0] = word_in(in_key, 0);
    359. 

  359.     cx->ks[1] = ss[1] = word_in(in_key, 1);
    360. 

  360.     cx->ks[2] = ss[2] = word_in(in_key, 2);
    361. 

  361.     cx->ks[3] = ss[3] = word_in(in_key, 3);
    362. 

  362. 

  363. #if DEC_UNROLL == NONE
    364. 

  364.     cx->ks[4] = ss[4] = word_in(in_key, 4);
    365. 

  365.     cx->ks[5] = ss[5] = word_in(in_key, 5);
    366. 

  366.     {   aes_32t i;
    367. 

  367. 

  368.         for(i = 0; i < (13 * N_COLS - 1) / 6; ++i)
    369. 

  369.             ke6(cx->ks, i);
    370. 

  370. #if !(DEC_ROUND == NO_TABLES)
    371. 

  371.         for(i = N_COLS; i < 12 * N_COLS; ++i)
    372. 

  372.             cx->ks[i] = inv_mcol(cx->ks[i]);
    373. 

  373. #endif
    374. 

  374.     }
    375. 

  375. #else
    376. 

  376.     cx->ks[4] = ff(ss[4] = word_in(in_key, 4));
    377. 

  377.     cx->ks[5] = ff(ss[5] = word_in(in_key, 5));
    378. 

  378.     kdf6(cx->ks, 0); kd6(cx->ks, 1);
    379. 

  379.     kd6(cx->ks, 2);  kd6(cx->ks, 3);
    380. 

  380.     kd6(cx->ks, 4);  kd6(cx->ks, 5);
    381. 

  381.     kd6(cx->ks, 6); kdl6(cx->ks, 7);
    382. 

  382. #endif
    383. 

  383. 

  384.     /* cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] is zero for a 256 bit       */
    385. 

  385.     /* key and must be non-zero for 128 and 192 bits keys   */
    386. 

  386.     cx->ks[53] = cx->ks[45];
    387. 

  387.     cx->ks[52] = 12;
    388. 

  388. #ifdef AES_ERR_CHK
    389. 

  389.     return aes_good;
    390. 

  390. #endif
    391. 

  391. }
    392. 

  392. 

  393. #endif
    394. 

  394. 

  395. #if defined(AES_256) || defined(AES_VAR)
    396. 

  396. 

  397. aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1])
    398. 

  398. {   aes_32t    ss[8];
    399. 

  399. #ifdef  d_vars
    400. 

  400.         d_vars;
    401. 

  401. #endif
    402. 

  402.     cx->ks[0] = ss[0] = word_in(in_key, 0);
    403. 

  403.     cx->ks[1] = ss[1] = word_in(in_key, 1);
    404. 

  404.     cx->ks[2] = ss[2] = word_in(in_key, 2);
    405. 

  405.     cx->ks[3] = ss[3] = word_in(in_key, 3);
    406. 

  406. 

  407. #if DEC_UNROLL == NONE
    408. 

  408.     cx->ks[4] = ss[4] = word_in(in_key, 4);
    409. 

  409.     cx->ks[5] = ss[5] = word_in(in_key, 5);
    410. 

  410.     cx->ks[6] = ss[6] = word_in(in_key, 6);
    411. 

  411.     cx->ks[7] = ss[7] = word_in(in_key, 7);
    412. 

  412.     {   aes_32t i;
    413. 

  413. 

  414.         for(i = 0; i < (15 * N_COLS - 1) / 8; ++i)
    415. 

  415.             ke8(cx->ks,  i);
    416. 

  416. #if !(DEC_ROUND == NO_TABLES)
    417. 

  417.         for(i = N_COLS; i < 14 * N_COLS; ++i)
    418. 

  418.             cx->ks[i] = inv_mcol(cx->ks[i]);
    419. 

  419. #endif
    420. 

  420.     }
    421. 

  421. #else
    422. 

  422.     cx->ks[4] = ff(ss[4] = word_in(in_key, 4));
    423. 

  423.     cx->ks[5] = ff(ss[5] = word_in(in_key, 5));
    424. 

  424.     cx->ks[6] = ff(ss[6] = word_in(in_key, 6));
    425. 

  425.     cx->ks[7] = ff(ss[7] = word_in(in_key, 7));
    426. 

  426.     kdf8(cx->ks, 0); kd8(cx->ks, 1);
    427. 

  427.     kd8(cx->ks, 2);  kd8(cx->ks, 3);
    428. 

  428.     kd8(cx->ks, 4);  kd8(cx->ks, 5);
    429. 

  429.     kdl8(cx->ks, 6);
    430. 

  430. #endif
    431. 

  431. #ifdef AES_ERR_CHK
    432. 

  432.     return aes_good;
    433. 

  433. #endif
    434. 

  434. }
    435. 

  435. 

  436. #endif
    437. 

  437. 

  438. #if defined(AES_VAR)
    439. 

  439. 

  440. aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1])
    441. 

  441. {
    442. 

  442.     switch(key_len)
    443. 

  443.     {
    444. 

  444. #ifdef AES_ERR_CHK
    445. 

  445.     case 16: case 128: return aes_decrypt_key128(in_key, cx);
    446. 

  446.     case 24: case 192: return aes_decrypt_key192(in_key, cx);
    447. 

  447.     case 32: case 256: return aes_decrypt_key256(in_key, cx);
    448. 

  448.     default: return aes_error;
    449. 

  449. #else
    450. 

  450.     case 16: case 128: aes_decrypt_key128(in_key, cx); return;
    451. 

  451.     case 24: case 192: aes_decrypt_key192(in_key, cx); return;
    452. 

  452.     case 32: case 256: aes_decrypt_key256(in_key, cx); return;
    453. 

  453. #endif
    454. 

  454.     }
    455. 

  455. }
    456. 

  456. 

  457. #endif
    458. 

  458. 

  459. #endif
    460. 

  460. 

  461. #if defined(__cplusplus)
    462. 

  462. }
    463. 

  463. #endif
    464. 

  464.