Google Git
Sign in
gfiber / kernel / prism / eb337a3e45e3427d54459adefc4d5d665ad7de87 / . / drivers / staging / rt3090 / common / crypt_aes.c
blob: f400f1eab516a68ce57bd7038f06e04cd84659ea [file] [log] [blame]
/*
*************************************************************************
* Ralink Tech Inc.
* 5F., No.36, Taiyuan St., Jhubei City,
* Hsinchu County 302,
* Taiwan, R.O.C.
*
* (c) Copyright 2002-2007, Ralink Technology, Inc.
*
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 2 of the License, or *
* (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the *
* Free Software Foundation, Inc., *
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
* *
*************************************************************************
Module Name:
crypt_aes.c
Abstract:
Revision History:
Who When What
-------- ---------- ----------------------------------------------
Eddy 2009/01/19 Create AES-128, AES-192, AES-256, AES-CBC
*/
#include "crypt_aes.h"
/* The value given by [x^(i-1),{00},{00},{00}], with x^(i-1) being powers of x in the field GF(2^8). */
static const UINT32 aes_rcon[] = {
0x00000000, 0x01000000, 0x02000000, 0x04000000,
0x08000000, 0x10000000, 0x20000000, 0x40000000,
0x80000000, 0x1B000000, 0x36000000};
static const UINT8 aes_sbox_enc[] = {
/* 0 1 2 3 4 5 6 7 8 9 a b c d e f */
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7 ,0xab, 0x76, /* 0 */
0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4 ,0x72, 0xc0, /* 1 */
0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8 ,0x31, 0x15, /* 2 */
0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27 ,0xb2, 0x75, /* 3 */
0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3 ,0x2f, 0x84, /* 4 */
0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c ,0x58, 0xcf, /* 5 */
0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c ,0x9f, 0xa8, /* 6 */
0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff ,0xf3, 0xd2, /* 7 */
0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d ,0x19, 0x73, /* 8 */
0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e ,0x0b, 0xdb, /* 9 */
0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95 ,0xe4, 0x79, /* a */
0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a ,0xae, 0x08, /* b */
0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd ,0x8b, 0x8a, /* c */
0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1 ,0x1d, 0x9e, /* d */
0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55 ,0x28, 0xdf, /* e */
0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54 ,0xbb, 0x16, /* f */
};
static const UINT8 aes_sbox_dec[] = {
/* 0 1 2 3 4 5 6 7 8 9 a b c d e f */
0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, /* 0 */
0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, /* 1 */
0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, /* 2 */
0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, /* 3 */
0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, /* 4 */
0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, /* 5 */
0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, /* 6 */
0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, /* 7 */
0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, /* 8 */
0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, /* 9 */
0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, /* a */
0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, /* b */
0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, /* c */
0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, /* d */
0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, /* e */
0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d, /* f */
};
/* ArrayIndex*{02} */
static const UINT8 aes_mul_2[] = {
/* 0 1 2 3 4 5 6 7 8 9 a b c d e f */
0x00, 0x02, 0x04, 0x06, 0x08, 0x0a, 0x0c, 0x0e, 0x10, 0x12, 0x14, 0x16, 0x18, 0x1a, 0x1c, 0x1e, /* 0 */
0x20, 0x22, 0x24, 0x26, 0x28, 0x2a, 0x2c, 0x2e, 0x30, 0x32, 0x34, 0x36, 0x38, 0x3a, 0x3c, 0x3e, /* 1 */
0x40, 0x42, 0x44, 0x46, 0x48, 0x4a, 0x4c, 0x4e, 0x50, 0x52, 0x54, 0x56, 0x58, 0x5a, 0x5c, 0x5e, /* 2 */
0x60, 0x62, 0x64, 0x66, 0x68, 0x6a, 0x6c, 0x6e, 0x70, 0x72, 0x74, 0x76, 0x78, 0x7a, 0x7c, 0x7e, /* 3 */
0x80, 0x82, 0x84, 0x86, 0x88, 0x8a, 0x8c, 0x8e, 0x90, 0x92, 0x94, 0x96, 0x98, 0x9a, 0x9c, 0x9e, /* 4 */
0xa0, 0xa2, 0xa4, 0xa6, 0xa8, 0xaa, 0xac, 0xae, 0xb0, 0xb2, 0xb4, 0xb6, 0xb8, 0xba, 0xbc, 0xbe, /* 5 */
0xc0, 0xc2, 0xc4, 0xc6, 0xc8, 0xca, 0xcc, 0xce, 0xd0, 0xd2, 0xd4, 0xd6, 0xd8, 0xda, 0xdc, 0xde, /* 6 */
0xe0, 0xe2, 0xe4, 0xe6, 0xe8, 0xea, 0xec, 0xee, 0xf0, 0xf2, 0xf4, 0xf6, 0xf8, 0xfa, 0xfc, 0xfe, /* 7 */
0x1b, 0x19, 0x1f, 0x1d, 0x13, 0x11, 0x17, 0x15, 0x0b, 0x09, 0x0f, 0x0d, 0x03, 0x01, 0x07, 0x05, /* 8 */
0x3b, 0x39, 0x3f, 0x3d, 0x33, 0x31, 0x37, 0x35, 0x2b, 0x29, 0x2f, 0x2d, 0x23, 0x21, 0x27, 0x25, /* 9 */
0x5b, 0x59, 0x5f, 0x5d, 0x53, 0x51, 0x57, 0x55, 0x4b, 0x49, 0x4f, 0x4d, 0x43, 0x41, 0x47, 0x45, /* a */
0x7b, 0x79, 0x7f, 0x7d, 0x73, 0x71, 0x77, 0x75, 0x6b, 0x69, 0x6f, 0x6d, 0x63, 0x61, 0x67, 0x65, /* b */
0x9b, 0x99, 0x9f, 0x9d, 0x93, 0x91, 0x97, 0x95, 0x8b, 0x89, 0x8f, 0x8d, 0x83, 0x81, 0x87, 0x85, /* c */
0xbb, 0xb9, 0xbf, 0xbd, 0xb3, 0xb1, 0xb7, 0xb5, 0xab, 0xa9, 0xaf, 0xad, 0xa3, 0xa1, 0xa7, 0xa5, /* d */
0xdb, 0xd9, 0xdf, 0xdd, 0xd3, 0xd1, 0xd7, 0xd5, 0xcb, 0xc9, 0xcf, 0xcd, 0xc3, 0xc1, 0xc7, 0xc5, /* e */
0xfb, 0xf9, 0xff, 0xfd, 0xf3, 0xf1, 0xf7, 0xf5, 0xeb, 0xe9, 0xef, 0xed, 0xe3, 0xe1, 0xe7, 0xe5, /* f */
};
/* ArrayIndex*{03} */
static const UINT8 aes_mul_3[] = {
/* 0 1 2 3 4 5 6 7 8 9 a b c d e f */
0x00, 0x03, 0x06, 0x05, 0x0c, 0x0f, 0x0a, 0x09, 0x18, 0x1b, 0x1e, 0x1d, 0x14, 0x17, 0x12, 0x11, /* 0 */
0x30, 0x33, 0x36, 0x35, 0x3c, 0x3f, 0x3a, 0x39, 0x28, 0x2b, 0x2e, 0x2d, 0x24, 0x27, 0x22, 0x21, /* 1 */
0x60, 0x63, 0x66, 0x65, 0x6c, 0x6f, 0x6a, 0x69, 0x78, 0x7b, 0x7e, 0x7d, 0x74, 0x77, 0x72, 0x71, /* 2 */
0x50, 0x53, 0x56, 0x55, 0x5c, 0x5f, 0x5a, 0x59, 0x48, 0x4b, 0x4e, 0x4d, 0x44, 0x47, 0x42, 0x41, /* 3 */
0xc0, 0xc3, 0xc6, 0xc5, 0xcc, 0xcf, 0xca, 0xc9, 0xd8, 0xdb, 0xde, 0xdd, 0xd4, 0xd7, 0xd2, 0xd1, /* 4 */
0xf0, 0xf3, 0xf6, 0xf5, 0xfc, 0xff, 0xfa, 0xf9, 0xe8, 0xeb, 0xee, 0xed, 0xe4, 0xe7, 0xe2, 0xe1, /* 5 */
0xa0, 0xa3, 0xa6, 0xa5, 0xac, 0xaf, 0xaa, 0xa9, 0xb8, 0xbb, 0xbe, 0xbd, 0xb4, 0xb7, 0xb2, 0xb1, /* 6 */
0x90, 0x93, 0x96, 0x95, 0x9c, 0x9f, 0x9a, 0x99, 0x88, 0x8b, 0x8e, 0x8d, 0x84, 0x87, 0x82, 0x81, /* 7 */
0x9b, 0x98, 0x9d, 0x9e, 0x97, 0x94, 0x91, 0x92, 0x83, 0x80, 0x85, 0x86, 0x8f, 0x8c, 0x89, 0x8a, /* 8 */
0xab, 0xa8, 0xad, 0xae, 0xa7, 0xa4, 0xa1, 0xa2, 0xb3, 0xb0, 0xb5, 0xb6, 0xbf, 0xbc, 0xb9, 0xba, /* 9 */
0xfb, 0xf8, 0xfd, 0xfe, 0xf7, 0xf4, 0xf1, 0xf2, 0xe3, 0xe0, 0xe5, 0xe6, 0xef, 0xec, 0xe9, 0xea, /* a */
0xcb, 0xc8, 0xcd, 0xce, 0xc7, 0xc4, 0xc1, 0xc2, 0xd3, 0xd0, 0xd5, 0xd6, 0xdf, 0xdc, 0xd9, 0xda, /* b */
0x5b, 0x58, 0x5d, 0x5e, 0x57, 0x54, 0x51, 0x52, 0x43, 0x40, 0x45, 0x46, 0x4f, 0x4c, 0x49, 0x4a, /* c */
0x6b, 0x68, 0x6d, 0x6e, 0x67, 0x64, 0x61, 0x62, 0x73, 0x70, 0x75, 0x76, 0x7f, 0x7c, 0x79, 0x7a, /* d */
0x3b, 0x38, 0x3d, 0x3e, 0x37, 0x34, 0x31, 0x32, 0x23, 0x20, 0x25, 0x26, 0x2f, 0x2c, 0x29, 0x2a, /* e */
0x0b, 0x08, 0x0d, 0x0e, 0x07, 0x04, 0x01, 0x02, 0x13, 0x10, 0x15, 0x16, 0x1f, 0x1c, 0x19, 0x1a, /* f */
};
/* ArrayIndex*{09} */
static const UINT8 aes_mul_9[] = {
/* 0 1 2 3 4 5 6 7 8 9 a b c d e f */
0x00, 0x09, 0x12, 0x1b, 0x24, 0x2d, 0x36, 0x3f, 0x48, 0x41, 0x5a, 0x53, 0x6c, 0x65, 0x7e, 0x77, /* 0 */
0x90, 0x99, 0x82, 0x8b, 0xb4, 0xbd, 0xa6, 0xaf, 0xd8, 0xd1, 0xca, 0xc3, 0xfc, 0xf5, 0xee, 0xe7, /* 1 */
0x3b, 0x32, 0x29, 0x20, 0x1f, 0x16, 0x0d, 0x04, 0x73, 0x7a, 0x61, 0x68, 0x57, 0x5e, 0x45, 0x4c, /* 2 */
0xab, 0xa2, 0xb9, 0xb0, 0x8f, 0x86, 0x9d, 0x94, 0xe3, 0xea, 0xf1, 0xf8, 0xc7, 0xce, 0xd5, 0xdc, /* 3 */
0x76, 0x7f, 0x64, 0x6d, 0x52, 0x5b, 0x40, 0x49, 0x3e, 0x37, 0x2c, 0x25, 0x1a, 0x13, 0x08, 0x01, /* 4 */
0xe6, 0xef, 0xf4, 0xfd, 0xc2, 0xcb, 0xd0, 0xd9, 0xae, 0xa7, 0xbc, 0xb5, 0x8a, 0x83, 0x98, 0x91, /* 5 */
0x4d, 0x44, 0x5f, 0x56, 0x69, 0x60, 0x7b, 0x72, 0x05, 0x0c, 0x17, 0x1e, 0x21, 0x28, 0x33, 0x3a, /* 6 */
0xdd, 0xd4, 0xcf, 0xc6, 0xf9, 0xf0, 0xeb, 0xe2, 0x95, 0x9c, 0x87, 0x8e, 0xb1, 0xb8, 0xa3, 0xaa, /* 7 */
0xec, 0xe5, 0xfe, 0xf7, 0xc8, 0xc1, 0xda, 0xd3, 0xa4, 0xad, 0xb6, 0xbf, 0x80, 0x89, 0x92, 0x9b, /* 8 */
0x7c, 0x75, 0x6e, 0x67, 0x58, 0x51, 0x4a, 0x43, 0x34, 0x3d, 0x26, 0x2f, 0x10, 0x19, 0x02, 0x0b, /* 9 */
0xd7, 0xde, 0xc5, 0xcc, 0xf3, 0xfa, 0xe1, 0xe8, 0x9f, 0x96, 0x8d, 0x84, 0xbb, 0xb2, 0xa9, 0xa0, /* a */
0x47, 0x4e, 0x55, 0x5c, 0x63, 0x6a, 0x71, 0x78, 0x0f, 0x06, 0x1d, 0x14, 0x2b, 0x22, 0x39, 0x30, /* b */
0x9a, 0x93, 0x88, 0x81, 0xbe, 0xb7, 0xac, 0xa5, 0xd2, 0xdb, 0xc0, 0xc9, 0xf6, 0xff, 0xe4, 0xed, /* c */
0x0a, 0x03, 0x18, 0x11, 0x2e, 0x27, 0x3c, 0x35, 0x42, 0x4b, 0x50, 0x59, 0x66, 0x6f, 0x74, 0x7d, /* d */
0xa1, 0xa8, 0xb3, 0xba, 0x85, 0x8c, 0x97, 0x9e, 0xe9, 0xe0, 0xfb, 0xf2, 0xcd, 0xc4, 0xdf, 0xd6, /* e */
0x31, 0x38, 0x23, 0x2a, 0x15, 0x1c, 0x07, 0x0e, 0x79, 0x70, 0x6b, 0x62, 0x5d, 0x54, 0x4f, 0x46, /* f */
};
/* ArrayIndex*{0b} */
static const UINT8 aes_mul_b[] = {
/* 0 1 2 3 4 5 6 7 8 9 a b c d e f */
0x00, 0x0b, 0x16, 0x1d, 0x2c, 0x27, 0x3a, 0x31, 0x58, 0x53, 0x4e, 0x45, 0x74, 0x7f, 0x62, 0x69, /* 0 */
0xb0, 0xbb, 0xa6, 0xad, 0x9c, 0x97, 0x8a, 0x81, 0xe8, 0xe3, 0xfe, 0xf5, 0xc4, 0xcf, 0xd2, 0xd9, /* 1 */
0x7b, 0x70, 0x6d, 0x66, 0x57, 0x5c, 0x41, 0x4a, 0x23, 0x28, 0x35, 0x3e, 0x0f, 0x04, 0x19, 0x12, /* 2 */
0xcb, 0xc0, 0xdd, 0xd6, 0xe7, 0xec, 0xf1, 0xfa, 0x93, 0x98, 0x85, 0x8e, 0xbf, 0xb4, 0xa9, 0xa2, /* 3 */
0xf6, 0xfd, 0xe0, 0xeb, 0xda, 0xd1, 0xcc, 0xc7, 0xae, 0xa5, 0xb8, 0xb3, 0x82, 0x89, 0x94, 0x9f, /* 4 */
0x46, 0x4d, 0x50, 0x5b, 0x6a, 0x61, 0x7c, 0x77, 0x1e, 0x15, 0x08, 0x03, 0x32, 0x39, 0x24, 0x2f, /* 5 */
0x8d, 0x86, 0x9b, 0x90, 0xa1, 0xaa, 0xb7, 0xbc, 0xd5, 0xde, 0xc3, 0xc8, 0xf9, 0xf2, 0xef, 0xe4, /* 6 */
0x3d, 0x36, 0x2b, 0x20, 0x11, 0x1a, 0x07, 0x0c, 0x65, 0x6e, 0x73, 0x78, 0x49, 0x42, 0x5f, 0x54, /* 7 */
0xf7, 0xfc, 0xe1, 0xea, 0xdb, 0xd0, 0xcd, 0xc6, 0xaf, 0xa4, 0xb9, 0xb2, 0x83, 0x88, 0x95, 0x9e, /* 8 */
0x47, 0x4c, 0x51, 0x5a, 0x6b, 0x60, 0x7d, 0x76, 0x1f, 0x14, 0x09, 0x02, 0x33, 0x38, 0x25, 0x2e, /* 9 */
0x8c, 0x87, 0x9a, 0x91, 0xa0, 0xab, 0xb6, 0xbd, 0xd4, 0xdf, 0xc2, 0xc9, 0xf8, 0xf3, 0xee, 0xe5, /* a */
0x3c, 0x37, 0x2a, 0x21, 0x10, 0x1b, 0x06, 0x0d, 0x64, 0x6f, 0x72, 0x79, 0x48, 0x43, 0x5e, 0x55, /* b */
0x01, 0x0a, 0x17, 0x1c, 0x2d, 0x26, 0x3b, 0x30, 0x59, 0x52, 0x4f, 0x44, 0x75, 0x7e, 0x63, 0x68, /* c */
0xb1, 0xba, 0xa7, 0xac, 0x9d, 0x96, 0x8b, 0x80, 0xe9, 0xe2, 0xff, 0xf4, 0xc5, 0xce, 0xd3, 0xd8, /* d */
0x7a, 0x71, 0x6c, 0x67, 0x56, 0x5d, 0x40, 0x4b, 0x22, 0x29, 0x34, 0x3f, 0x0e, 0x05, 0x18, 0x13, /* e */
0xca, 0xc1, 0xdc, 0xd7, 0xe6, 0xed, 0xf0, 0xfb, 0x92, 0x99, 0x84, 0x8f, 0xbe, 0xb5, 0xa8, 0xa3, /* f */
};
/* ArrayIndex*{0d} */
static const UINT8 aes_mul_d[] = {
/* 0 1 2 3 4 5 6 7 8 9 a b c d e f */
0x00, 0x0d, 0x1a, 0x17, 0x34, 0x39, 0x2e, 0x23, 0x68, 0x65, 0x72, 0x7f, 0x5c, 0x51, 0x46, 0x4b, /* 0 */
0xd0, 0xdd, 0xca, 0xc7, 0xe4, 0xe9, 0xfe, 0xf3, 0xb8, 0xb5, 0xa2, 0xaf, 0x8c, 0x81, 0x96, 0x9b, /* 1 */
0xbb, 0xb6, 0xa1, 0xac, 0x8f, 0x82, 0x95, 0x98, 0xd3, 0xde, 0xc9, 0xc4, 0xe7, 0xea, 0xfd, 0xf0, /* 2 */
0x6b, 0x66, 0x71, 0x7c, 0x5f, 0x52, 0x45, 0x48, 0x03, 0x0e, 0x19, 0x14, 0x37, 0x3a, 0x2d, 0x20, /* 3 */
0x6d, 0x60, 0x77, 0x7a, 0x59, 0x54, 0x43, 0x4e, 0x05, 0x08, 0x1f, 0x12, 0x31, 0x3c, 0x2b, 0x26, /* 4 */
0xbd, 0xb0, 0xa7, 0xaa, 0x89, 0x84, 0x93, 0x9e, 0xd5, 0xd8, 0xcf, 0xc2, 0xe1, 0xec, 0xfb, 0xf6, /* 5 */
0xd6, 0xdb, 0xcc, 0xc1, 0xe2, 0xef, 0xf8, 0xf5, 0xbe, 0xb3, 0xa4, 0xa9, 0x8a, 0x87, 0x90, 0x9d, /* 6 */
0x06, 0x0b, 0x1c, 0x11, 0x32, 0x3f, 0x28, 0x25, 0x6e, 0x63, 0x74, 0x79, 0x5a, 0x57, 0x40, 0x4d, /* 7 */
0xda, 0xd7, 0xc0, 0xcd, 0xee, 0xe3, 0xf4, 0xf9, 0xb2, 0xbf, 0xa8, 0xa5, 0x86, 0x8b, 0x9c, 0x91, /* 8 */
0x0a, 0x07, 0x10, 0x1d, 0x3e, 0x33, 0x24, 0x29, 0x62, 0x6f, 0x78, 0x75, 0x56, 0x5b, 0x4c, 0x41, /* 9 */
0x61, 0x6c, 0x7b, 0x76, 0x55, 0x58, 0x4f, 0x42, 0x09, 0x04, 0x13, 0x1e, 0x3d, 0x30, 0x27, 0x2a, /* a */
0xb1, 0xbc, 0xab, 0xa6, 0x85, 0x88, 0x9f, 0x92, 0xd9, 0xd4, 0xc3, 0xce, 0xed, 0xe0, 0xf7, 0xfa, /* b */
0xb7, 0xba, 0xad, 0xa0, 0x83, 0x8e, 0x99, 0x94, 0xdf, 0xd2, 0xc5, 0xc8, 0xeb, 0xe6, 0xf1, 0xfc, /* c */
0x67, 0x6a, 0x7d, 0x70, 0x53, 0x5e, 0x49, 0x44, 0x0f, 0x02, 0x15, 0x18, 0x3b, 0x36, 0x21, 0x2c, /* d */
0x0c, 0x01, 0x16, 0x1b, 0x38, 0x35, 0x22, 0x2f, 0x64, 0x69, 0x7e, 0x73, 0x50, 0x5d, 0x4a, 0x47, /* e */
0xdc, 0xd1, 0xc6, 0xcb, 0xe8, 0xe5, 0xf2, 0xff, 0xb4, 0xb9, 0xae, 0xa3, 0x80, 0x8d, 0x9a, 0x97, /* f */
};
/* ArrayIndex*{0e} */
static const UINT8 aes_mul_e[] = {
/* 0 1 2 3 4 5 6 7 8 9 a b c d e f */
0x00, 0x0e, 0x1c, 0x12, 0x38, 0x36, 0x24, 0x2a, 0x70, 0x7e, 0x6c, 0x62, 0x48, 0x46, 0x54, 0x5a, /* 0 */
0xe0, 0xee, 0xfc, 0xf2, 0xd8, 0xd6, 0xc4, 0xca, 0x90, 0x9e, 0x8c, 0x82, 0xa8, 0xa6, 0xb4, 0xba, /* 1 */
0xdb, 0xd5, 0xc7, 0xc9, 0xe3, 0xed, 0xff, 0xf1, 0xab, 0xa5, 0xb7, 0xb9, 0x93, 0x9d, 0x8f, 0x81, /* 2 */
0x3b, 0x35, 0x27, 0x29, 0x03, 0x0d, 0x1f, 0x11, 0x4b, 0x45, 0x57, 0x59, 0x73, 0x7d, 0x6f, 0x61, /* 3 */
0xad, 0xa3, 0xb1, 0xbf, 0x95, 0x9b, 0x89, 0x87, 0xdd, 0xd3, 0xc1, 0xcf, 0xe5, 0xeb, 0xf9, 0xf7, /* 4 */
0x4d, 0x43, 0x51, 0x5f, 0x75, 0x7b, 0x69, 0x67, 0x3d, 0x33, 0x21, 0x2f, 0x05, 0x0b, 0x19, 0x17, /* 5 */
0x76, 0x78, 0x6a, 0x64, 0x4e, 0x40, 0x52, 0x5c, 0x06, 0x08, 0x1a, 0x14, 0x3e, 0x30, 0x22, 0x2c, /* 6 */
0x96, 0x98, 0x8a, 0x84, 0xae, 0xa0, 0xb2, 0xbc, 0xe6, 0xe8, 0xfa, 0xf4, 0xde, 0xd0, 0xc2, 0xcc, /* 7 */
0x41, 0x4f, 0x5d, 0x53, 0x79, 0x77, 0x65, 0x6b, 0x31, 0x3f, 0x2d, 0x23, 0x09, 0x07, 0x15, 0x1b, /* 8 */
0xa1, 0xaf, 0xbd, 0xb3, 0x99, 0x97, 0x85, 0x8b, 0xd1, 0xdf, 0xcd, 0xc3, 0xe9, 0xe7, 0xf5, 0xfb, /* 9 */
0x9a, 0x94, 0x86, 0x88, 0xa2, 0xac, 0xbe, 0xb0, 0xea, 0xe4, 0xf6, 0xf8, 0xd2, 0xdc, 0xce, 0xc0, /* a */
0x7a, 0x74, 0x66, 0x68, 0x42, 0x4c, 0x5e, 0x50, 0x0a, 0x04, 0x16, 0x18, 0x32, 0x3c, 0x2e, 0x20, /* b */
0xec, 0xe2, 0xf0, 0xfe, 0xd4, 0xda, 0xc8, 0xc6, 0x9c, 0x92, 0x80, 0x8e, 0xa4, 0xaa, 0xb8, 0xb6, /* c */
0x0c, 0x02, 0x10, 0x1e, 0x34, 0x3a, 0x28, 0x26, 0x7c, 0x72, 0x60, 0x6e, 0x44, 0x4a, 0x58, 0x56, /* d */
0x37, 0x39, 0x2b, 0x25, 0x0f, 0x01, 0x13, 0x1d, 0x47, 0x49, 0x5b, 0x55, 0x7f, 0x71, 0x63, 0x6d, /* e */
0xd7, 0xd9, 0xcb, 0xc5, 0xef, 0xe1, 0xf3, 0xfd, 0xa7, 0xa9, 0xbb, 0xb5, 0x9f, 0x91, 0x83, 0x8d, /* f */
};
/* For AES_CMAC */
#define AES_MAC_LENGTH 16 /* 128-bit string */
static UINT8 Const_Zero[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
static UINT8 Const_Rb[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87};
/*
========================================================================
Routine Description:
AES key expansion (key schedule)
Arguments:
Key Cipher key, it may be 16, 24, or 32 bytes (128, 192, or 256 bits)
KeyLength The length of cipher key in bytes
paes_ctx Pointer to AES_CTX_STRUC
Return Value:
paes_ctx Retrun the KeyWordExpansion of AES_CTX_STRUC
Note:
Pseudo code for key expansion
------------------------------------------
Nk = (key length/4);
while (i < Nk)
KeyWordExpansion[i] = word(key[4*i], key[4*i + 1], key[4*i + 2], key[4*i + 3]);
i++;
end while
while (i < ((key length/4 + 6 + 1)*4) )
temp = KeyWordExpansion[i - 1];
if (i % Nk ==0)
temp = SubWord(RotWord(temp)) ^ Rcon[i/Nk];
else if ((Nk > 6) && (i % 4 == 4))
temp = SubWord(temp);
end if
KeyWordExpansion[i] = KeyWordExpansion[i - Nk]^ temp;
i++;
end while
========================================================================
*/
VOID AES_KeyExpansion (
IN UINT8 Key[],
IN UINT KeyLength,
INOUT AES_CTX_STRUC *paes_ctx)
{
UINT KeyIndex = 0;
UINT NumberOfWordOfKey, NumberOfWordOfKeyExpansion;
UINT8 TempWord[AES_KEY_ROWS], Temp;
UINT32 Temprcon;
NumberOfWordOfKey = KeyLength >> 2;
while (KeyIndex < NumberOfWordOfKey)
{
paes_ctx->KeyWordExpansion[0][KeyIndex] = Key[4*KeyIndex];
paes_ctx->KeyWordExpansion[1][KeyIndex] = Key[4*KeyIndex + 1];
paes_ctx->KeyWordExpansion[2][KeyIndex] = Key[4*KeyIndex + 2];
paes_ctx->KeyWordExpansion[3][KeyIndex] = Key[4*KeyIndex + 3];
KeyIndex++;
} /* End of while */
NumberOfWordOfKeyExpansion = ((UINT) AES_KEY_ROWS) * ((KeyLength >> 2) + 6 + 1);
while (KeyIndex < NumberOfWordOfKeyExpansion)
{
TempWord[0] = paes_ctx->KeyWordExpansion[0][KeyIndex - 1];
TempWord[1] = paes_ctx->KeyWordExpansion[1][KeyIndex - 1];
TempWord[2] = paes_ctx->KeyWordExpansion[2][KeyIndex - 1];
TempWord[3] = paes_ctx->KeyWordExpansion[3][KeyIndex - 1];
if ((KeyIndex % NumberOfWordOfKey) == 0) {
Temprcon = aes_rcon[KeyIndex/NumberOfWordOfKey];
Temp = aes_sbox_enc[TempWord[1]]^((Temprcon >> 24) & 0xff);
TempWord[1] = aes_sbox_enc[TempWord[2]]^((Temprcon >> 16) & 0xff);
TempWord[2] = aes_sbox_enc[TempWord[3]]^((Temprcon >> 8) & 0xff);
TempWord[3] = aes_sbox_enc[TempWord[0]]^((Temprcon ) & 0xff);
TempWord[0] = Temp;
} else if ((NumberOfWordOfKey > 6) && ((KeyIndex % NumberOfWordOfKey) == 4)) {
Temp = aes_sbox_enc[TempWord[0]];
TempWord[1] = aes_sbox_enc[TempWord[1]];
TempWord[2] = aes_sbox_enc[TempWord[2]];
TempWord[3] = aes_sbox_enc[TempWord[3]];
TempWord[0] = Temp;
}
paes_ctx->KeyWordExpansion[0][KeyIndex] = paes_ctx->KeyWordExpansion[0][KeyIndex - NumberOfWordOfKey]^TempWord[0];
paes_ctx->KeyWordExpansion[1][KeyIndex] = paes_ctx->KeyWordExpansion[1][KeyIndex - NumberOfWordOfKey]^TempWord[1];
paes_ctx->KeyWordExpansion[2][KeyIndex] = paes_ctx->KeyWordExpansion[2][KeyIndex - NumberOfWordOfKey]^TempWord[2];
paes_ctx->KeyWordExpansion[3][KeyIndex] = paes_ctx->KeyWordExpansion[3][KeyIndex - NumberOfWordOfKey]^TempWord[3];
KeyIndex++;
} /* End of while */
} /* End of AES_KeyExpansion */
/*
========================================================================
Routine Description:
AES encryption
Arguments:
PlainBlock The block of plain text, 16 bytes(128 bits) each block
PlainBlockSize The length of block of plain text in bytes
Key Cipher key, it may be 16, 24, or 32 bytes (128, 192, or 256 bits)
KeyLength The length of cipher key in bytes
CipherBlockSize The length of allocated cipher block in bytes
Return Value:
CipherBlock Return cipher text
CipherBlockSize Return the length of real used cipher block in bytes
Note:
Reference to FIPS-PUB 197
1. Check if block size is 16 bytes(128 bits) and if key length is 16, 24, or 32 bytes(128, 192, or 256 bits)
2. Transfer the plain block to state block
3. Main encryption rounds
4. Transfer the state block to cipher block
------------------------------------------
NumberOfRound = (key length / 4) + 6;
state block = plain block;
AddRoundKey(state block, key);
for round = 1 to NumberOfRound
SubBytes(state block)
ShiftRows(state block)
MixColumns(state block)
AddRoundKey(state block, key);
end for
SubBytes(state block)
ShiftRows(state block)
AddRoundKey(state block, key);
cipher block = state block;
========================================================================
*/
VOID AES_Encrypt (
IN UINT8 PlainBlock[],
IN UINT PlainBlockSize,
IN UINT8 Key[],
IN UINT KeyLength,
OUT UINT8 CipherBlock[],
INOUT UINT *CipherBlockSize)
{
AES_CTX_STRUC aes_ctx;
UINT RowIndex, ColumnIndex;
UINT RoundIndex, NumberOfRound = 0;
UINT8 Temp, Row0, Row1, Row2, Row3;
/*
* 1. Check if block size is 16 bytes(128 bits) and if key length is 16, 24, or 32 bytes(128, 192, or 256 bits)
*/
if (PlainBlockSize != AES_BLOCK_SIZES) {
DBGPRINT(RT_DEBUG_ERROR, ("AES_Encrypt: plain block size is %d bytes, it must be %d bytes(128 bits).\n",
PlainBlockSize, AES_BLOCK_SIZES));
return;
} /* End of if */
if ((KeyLength != AES_KEY128_LENGTH) && (KeyLength != AES_KEY192_LENGTH) && (KeyLength != AES_KEY256_LENGTH)) {
DBGPRINT(RT_DEBUG_ERROR, ("AES_Encrypt: key length is %d bytes, it must be %d, %d, or %d bytes(128, 192, or 256 bits).\n",
KeyLength, AES_KEY128_LENGTH, AES_KEY192_LENGTH, AES_KEY256_LENGTH));
return;
} /* End of if */
if (*CipherBlockSize < AES_BLOCK_SIZES) {
DBGPRINT(RT_DEBUG_ERROR, ("AES_Encrypt: cipher block size is %d bytes, it must be %d bytes(128 bits).\n",
*CipherBlockSize, AES_BLOCK_SIZES));
return;
} /* End of if */
/*
* 2. Transfer the plain block to state block
*/
for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
aes_ctx.State[RowIndex][ColumnIndex] = PlainBlock[RowIndex + 4*ColumnIndex];
/*
* 3. Main encryption rounds
*/
AES_KeyExpansion(Key, KeyLength, &aes_ctx);
NumberOfRound = (KeyLength >> 2) + 6;
/* AES_AddRoundKey */
RoundIndex = 0;
for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
aes_ctx.State[RowIndex][ColumnIndex] ^= aes_ctx.KeyWordExpansion[RowIndex][(RoundIndex*((UINT) AES_STATE_COLUMNS)) + ColumnIndex];
for (RoundIndex = 1; RoundIndex < NumberOfRound;RoundIndex++)
{
/* AES_SubBytes */
for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
aes_ctx.State[RowIndex][ColumnIndex] = aes_sbox_enc[aes_ctx.State[RowIndex][ColumnIndex]];
/* AES_ShiftRows */
Temp = aes_ctx.State[1][0];
aes_ctx.State[1][0] = aes_ctx.State[1][1];
aes_ctx.State[1][1] = aes_ctx.State[1][2];
aes_ctx.State[1][2] = aes_ctx.State[1][3];
aes_ctx.State[1][3] = Temp;
Temp = aes_ctx.State[2][0];
aes_ctx.State[2][0] = aes_ctx.State[2][2];
aes_ctx.State[2][2] = Temp;
Temp = aes_ctx.State[2][1];
aes_ctx.State[2][1] = aes_ctx.State[2][3];
aes_ctx.State[2][3] = Temp;
Temp = aes_ctx.State[3][3];
aes_ctx.State[3][3] = aes_ctx.State[3][2];
aes_ctx.State[3][2] = aes_ctx.State[3][1];
aes_ctx.State[3][1] = aes_ctx.State[3][0];
aes_ctx.State[3][0] = Temp;
/* AES_MixColumns */
for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
{
Row0 = aes_ctx.State[0][ColumnIndex];
Row1 = aes_ctx.State[1][ColumnIndex];
Row2 = aes_ctx.State[2][ColumnIndex];
Row3 = aes_ctx.State[3][ColumnIndex];
aes_ctx.State[0][ColumnIndex] = aes_mul_2[Row0]^aes_mul_3[Row1]^Row2^Row3;
aes_ctx.State[1][ColumnIndex] = Row0^aes_mul_2[Row1]^aes_mul_3[Row2]^Row3;
aes_ctx.State[2][ColumnIndex] = Row0^Row1^aes_mul_2[Row2]^aes_mul_3[Row3];
aes_ctx.State[3][ColumnIndex] = aes_mul_3[Row0]^Row1^Row2^aes_mul_2[Row3];
}
/* AES_AddRoundKey */
for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
aes_ctx.State[RowIndex][ColumnIndex] ^= aes_ctx.KeyWordExpansion[RowIndex][(RoundIndex*((UINT) AES_STATE_COLUMNS)) + ColumnIndex];
} /* End of for */
/* AES_SubBytes */
for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
aes_ctx.State[RowIndex][ColumnIndex] = aes_sbox_enc[aes_ctx.State[RowIndex][ColumnIndex]];
/* AES_ShiftRows */
Temp = aes_ctx.State[1][0];
aes_ctx.State[1][0] = aes_ctx.State[1][1];
aes_ctx.State[1][1] = aes_ctx.State[1][2];
aes_ctx.State[1][2] = aes_ctx.State[1][3];
aes_ctx.State[1][3] = Temp;
Temp = aes_ctx.State[2][0];
aes_ctx.State[2][0] = aes_ctx.State[2][2];
aes_ctx.State[2][2] = Temp;
Temp = aes_ctx.State[2][1];
aes_ctx.State[2][1] = aes_ctx.State[2][3];
aes_ctx.State[2][3] = Temp;
Temp = aes_ctx.State[3][3];
aes_ctx.State[3][3] = aes_ctx.State[3][2];
aes_ctx.State[3][2] = aes_ctx.State[3][1];
aes_ctx.State[3][1] = aes_ctx.State[3][0];
aes_ctx.State[3][0] = Temp;
/* AES_AddRoundKey */
for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
aes_ctx.State[RowIndex][ColumnIndex] ^= aes_ctx.KeyWordExpansion[RowIndex][(RoundIndex*((UINT) AES_STATE_COLUMNS)) + ColumnIndex];
/*
* 4. Transfer the state block to cipher block
*/
for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
CipherBlock[RowIndex + 4*ColumnIndex] = aes_ctx.State[RowIndex][ColumnIndex];
*CipherBlockSize = ((UINT) AES_STATE_ROWS)*((UINT) AES_STATE_COLUMNS);
} /* End of AES_Encrypt */
/*
========================================================================
Routine Description:
AES decryption
Arguments:
CipherBlock The block of cipher text, 16 bytes(128 bits) each block
CipherBlockSize The length of block of cipher text in bytes
Key Cipher key, it may be 16, 24, or 32 bytes (128, 192, or 256 bits)
KeyLength The length of cipher key in bytes
PlainBlockSize The length of allocated plain block in bytes
Return Value:
PlainBlock Return plain text
PlainBlockSize Return the length of real used plain block in bytes
Note:
Reference to FIPS-PUB 197
1. Check if block size is 16 bytes(128 bits) and if key length is 16, 24, or 32 bytes(128, 192, or 256 bits)
2. Transfer the cipher block to state block
3. Main decryption rounds
4. Transfer the state block to plain block
------------------------------------------
NumberOfRound = (key length / 4) + 6;
state block = cipher block;
AddRoundKey(state block, key);
for round = NumberOfRound to 1
InvSubBytes(state block)
InvShiftRows(state block)
InvMixColumns(state block)
AddRoundKey(state block, key);
end for
InvSubBytes(state block)
InvShiftRows(state block)
AddRoundKey(state block, key);
plain block = state block;
========================================================================
*/
VOID AES_Decrypt (
IN UINT8 CipherBlock[],
IN UINT CipherBlockSize,
IN UINT8 Key[],
IN UINT KeyLength,
OUT UINT8 PlainBlock[],
INOUT UINT *PlainBlockSize)
{
AES_CTX_STRUC aes_ctx;
UINT RowIndex, ColumnIndex;
UINT RoundIndex, NumberOfRound = 0;
UINT8 Temp, Row0, Row1, Row2, Row3;
/*
* 1. Check if block size is 16 bytes(128 bits) and if key length is 16, 24, or 32 bytes(128, 192, or 256 bits)
*/
if (*PlainBlockSize < AES_BLOCK_SIZES) {
DBGPRINT(RT_DEBUG_ERROR, ("AES_Decrypt: plain block size is %d bytes, it must be %d bytes(128 bits).\n",
*PlainBlockSize, AES_BLOCK_SIZES));
return;
} /* End of if */
if ((KeyLength != AES_KEY128_LENGTH) && (KeyLength != AES_KEY192_LENGTH) && (KeyLength != AES_KEY256_LENGTH)) {
DBGPRINT(RT_DEBUG_ERROR, ("AES_Decrypt: key length is %d bytes, it must be %d, %d, or %d bytes(128, 192, or 256 bits).\n",
KeyLength, AES_KEY128_LENGTH, AES_KEY192_LENGTH, AES_KEY256_LENGTH));
return;
} /* End of if */
if (CipherBlockSize != AES_BLOCK_SIZES) {
DBGPRINT(RT_DEBUG_ERROR, ("AES_Decrypt: cipher block size is %d bytes, it must be %d bytes(128 bits).\n",
CipherBlockSize, AES_BLOCK_SIZES));
return;
} /* End of if */
/*
* 2. Transfer the cipher block to state block
*/
for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
aes_ctx.State[RowIndex][ColumnIndex] = CipherBlock[RowIndex + 4*ColumnIndex];
/*
* 3. Main decryption rounds
*/
AES_KeyExpansion(Key, KeyLength, &aes_ctx);
NumberOfRound = (KeyLength >> 2) + 6;
/* AES_AddRoundKey */
RoundIndex = NumberOfRound;
for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
aes_ctx.State[RowIndex][ColumnIndex] ^= aes_ctx.KeyWordExpansion[RowIndex][(RoundIndex*((UINT) AES_STATE_COLUMNS)) + ColumnIndex];
for (RoundIndex = (NumberOfRound - 1); RoundIndex > 0 ;RoundIndex--)
{
/* AES_InvShiftRows */
Temp = aes_ctx.State[1][3];
aes_ctx.State[1][3] = aes_ctx.State[1][2];
aes_ctx.State[1][2] = aes_ctx.State[1][1];
aes_ctx.State[1][1] = aes_ctx.State[1][0];
aes_ctx.State[1][0] = Temp;
Temp = aes_ctx.State[2][0];
aes_ctx.State[2][0] = aes_ctx.State[2][2];
aes_ctx.State[2][2] = Temp;
Temp = aes_ctx.State[2][1];
aes_ctx.State[2][1] = aes_ctx.State[2][3];
aes_ctx.State[2][3] = Temp;
Temp = aes_ctx.State[3][0];
aes_ctx.State[3][0] = aes_ctx.State[3][1];
aes_ctx.State[3][1] = aes_ctx.State[3][2];
aes_ctx.State[3][2] = aes_ctx.State[3][3];
aes_ctx.State[3][3] = Temp;
/* AES_InvSubBytes */
for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
aes_ctx.State[RowIndex][ColumnIndex] = aes_sbox_dec[aes_ctx.State[RowIndex][ColumnIndex]];
/* AES_AddRoundKey */
for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
aes_ctx.State[RowIndex][ColumnIndex] ^= aes_ctx.KeyWordExpansion[RowIndex][(RoundIndex*((UINT) AES_STATE_COLUMNS)) + ColumnIndex];
/* AES_InvMixColumns */
for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
{
Row0 = aes_ctx.State[0][ColumnIndex];
Row1 = aes_ctx.State[1][ColumnIndex];
Row2 = aes_ctx.State[2][ColumnIndex];
Row3 = aes_ctx.State[3][ColumnIndex];
aes_ctx.State[0][ColumnIndex] = aes_mul_e[Row0]^aes_mul_b[Row1]^aes_mul_d[Row2]^aes_mul_9[Row3];
aes_ctx.State[1][ColumnIndex] = aes_mul_9[Row0]^aes_mul_e[Row1]^aes_mul_b[Row2]^aes_mul_d[Row3];
aes_ctx.State[2][ColumnIndex] = aes_mul_d[Row0]^aes_mul_9[Row1]^aes_mul_e[Row2]^aes_mul_b[Row3];
aes_ctx.State[3][ColumnIndex] = aes_mul_b[Row0]^aes_mul_d[Row1]^aes_mul_9[Row2]^aes_mul_e[Row3];
}
} /* End of for */
/* AES_InvShiftRows */
Temp = aes_ctx.State[1][3];
aes_ctx.State[1][3] = aes_ctx.State[1][2];
aes_ctx.State[1][2] = aes_ctx.State[1][1];
aes_ctx.State[1][1] = aes_ctx.State[1][0];
aes_ctx.State[1][0] = Temp;
Temp = aes_ctx.State[2][0];
aes_ctx.State[2][0] = aes_ctx.State[2][2];
aes_ctx.State[2][2] = Temp;
Temp = aes_ctx.State[2][1];
aes_ctx.State[2][1] = aes_ctx.State[2][3];
aes_ctx.State[2][3] = Temp;
Temp = aes_ctx.State[3][0];
aes_ctx.State[3][0] = aes_ctx.State[3][1];
aes_ctx.State[3][1] = aes_ctx.State[3][2];
aes_ctx.State[3][2] = aes_ctx.State[3][3];
aes_ctx.State[3][3] = Temp;
/* AES_InvSubBytes */
for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
aes_ctx.State[RowIndex][ColumnIndex] = aes_sbox_dec[aes_ctx.State[RowIndex][ColumnIndex]];
/* AES_AddRoundKey */
for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
aes_ctx.State[RowIndex][ColumnIndex] ^= aes_ctx.KeyWordExpansion[RowIndex][(RoundIndex*((UINT) AES_STATE_COLUMNS)) + ColumnIndex];
/*
* 4. Transfer the state block to plain block
*/
for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
PlainBlock[RowIndex + 4*ColumnIndex] = aes_ctx.State[RowIndex][ColumnIndex];
*PlainBlockSize = ((UINT) AES_STATE_ROWS)*((UINT) AES_STATE_COLUMNS);
} /* End of AES_Decrypt */
/*
========================================================================
Routine Description:
AES-CBC encryption
Arguments:
PlainText Plain text
PlainTextLength The length of plain text in bytes
Key Cipher key, it may be 16, 24, or 32 bytes (128, 192, or 256 bits)
KeyLength The length of cipher key in bytes
IV Initialization vector, it may be 16 bytes (128 bits)
IVLength The length of initialization vector in bytes
CipherTextLength The length of allocated cipher text in bytes
Return Value:
CipherText Return cipher text
CipherTextLength Return the length of real used cipher text in bytes
Note:
Reference to RFC 3602 and NIST 800-38A
========================================================================
*/
VOID AES_CBC_Encrypt (
IN UINT8 PlainText[],
IN UINT PlainTextLength,
IN UINT8 Key[],
IN UINT KeyLength,
IN UINT8 IV[],
IN UINT IVLength,
OUT UINT8 CipherText[],
INOUT UINT *CipherTextLength)
{
UINT PaddingSize, PlainBlockStart, CipherBlockStart, CipherBlockSize;
UINT Index;
UINT8 Block[AES_BLOCK_SIZES];
/*
* 1. Check the input parameters
* - CipherTextLength > (PlainTextLength + Padding size), Padding size = block size - (PlainTextLength % block size)
* - Key length must be 16, 24, or 32 bytes(128, 192, or 256 bits)
* - IV length must be 16 bytes(128 bits)
*/
PaddingSize = ((UINT) AES_BLOCK_SIZES) - (PlainTextLength % ((UINT)AES_BLOCK_SIZES));
if (*CipherTextLength < (PlainTextLength + PaddingSize)) {
DBGPRINT(RT_DEBUG_ERROR, ("AES_CBC_Encrypt: cipher text length is %d bytes < (plain text length %d bytes + padding size %d bytes).\n",
*CipherTextLength, PlainTextLength, PaddingSize));
return;
} /* End of if */
if ((KeyLength != AES_KEY128_LENGTH) && (KeyLength != AES_KEY192_LENGTH) && (KeyLength != AES_KEY256_LENGTH)) {
DBGPRINT(RT_DEBUG_ERROR, ("AES_CBC_Encrypt: key length is %d bytes, it must be %d, %d, or %d bytes(128, 192, or 256 bits).\n",
KeyLength, AES_KEY128_LENGTH, AES_KEY192_LENGTH, AES_KEY256_LENGTH));
return;
} /* End of if */
if (IVLength != AES_CBC_IV_LENGTH) {
DBGPRINT(RT_DEBUG_ERROR, ("AES_CBC_Encrypt: IV length is %d bytes, it must be %d bytes(128bits).\n",
IVLength, AES_CBC_IV_LENGTH));
return;
} /* End of if */
/*
* 2. Main algorithm
* - Plain text divide into serveral blocks (16 bytes/block)
* - If plain text is divided with no remainder by block, add a new block and padding size = block(16 bytes)
* - If plain text is not divided with no remainder by block, padding size = (block - remainder plain text)
* - Execute AES_Encrypt procedure.
*
* - Padding method: The remainder bytes will be filled with padding size (1 byte)
*/
PlainBlockStart = 0;
CipherBlockStart = 0;
while ((PlainTextLength - PlainBlockStart) >= AES_BLOCK_SIZES)
{
if (CipherBlockStart == 0) {
for (Index = 0; Index < AES_BLOCK_SIZES; Index++)
Block[Index] = PlainText[PlainBlockStart + Index]^IV[Index];
} else {
for (Index = 0; Index < AES_BLOCK_SIZES; Index++)
Block[Index] = PlainText[PlainBlockStart + Index]^CipherText[CipherBlockStart - ((UINT) AES_BLOCK_SIZES) + Index];
} /* End of if */
CipherBlockSize = *CipherTextLength - CipherBlockStart;
AES_Encrypt(Block, AES_BLOCK_SIZES , Key, KeyLength, CipherText + CipherBlockStart, &CipherBlockSize);
PlainBlockStart += ((UINT) AES_BLOCK_SIZES);
CipherBlockStart += CipherBlockSize;
} /* End of while */
NdisMoveMemory(Block, (&PlainText[0] + PlainBlockStart), (PlainTextLength - PlainBlockStart));
NdisFillMemory((Block + (((UINT) AES_BLOCK_SIZES) -PaddingSize)), PaddingSize, (UINT8) PaddingSize);
if (CipherBlockStart == 0) {
for (Index = 0; Index < AES_BLOCK_SIZES; Index++)
Block[Index] ^= IV[Index];
} else {
for (Index = 0; Index < AES_BLOCK_SIZES; Index++)
Block[Index] ^= CipherText[CipherBlockStart - ((UINT) AES_BLOCK_SIZES) + Index];
} /* End of if */
CipherBlockSize = *CipherTextLength - CipherBlockStart;
AES_Encrypt(Block, AES_BLOCK_SIZES , Key, KeyLength, CipherText + CipherBlockStart, &CipherBlockSize);
CipherBlockStart += CipherBlockSize;
*CipherTextLength = CipherBlockStart;
} /* End of AES_CBC_Encrypt */
/*
========================================================================
Routine Description:
AES-CBC decryption
Arguments:
CipherText Cipher text
CipherTextLength The length of cipher text in bytes
Key Cipher key, it may be 16, 24, or 32 bytes (128, 192, or 256 bits)
KeyLength The length of cipher key in bytes
IV Initialization vector, it may be 16 bytes (128 bits)
IVLength The length of initialization vector in bytes
PlainTextLength The length of allocated plain text in bytes
Return Value:
PlainText Return plain text
PlainTextLength Return the length of real used plain text in bytes
Note:
Reference to RFC 3602 and NIST 800-38A
========================================================================
*/
VOID AES_CBC_Decrypt (
IN UINT8 CipherText[],
IN UINT CipherTextLength,
IN UINT8 Key[],
IN UINT KeyLength,
IN UINT8 IV[],
IN UINT IVLength,
OUT UINT8 PlainText[],
INOUT UINT *PlainTextLength)
{
UINT PaddingSize, PlainBlockStart, CipherBlockStart, PlainBlockSize;
UINT Index;
/*
* 1. Check the input parameters
* - CipherTextLength must be divided with no remainder by block
* - Key length must be 16, 24, or 32 bytes(128, 192, or 256 bits)
* - IV length must be 16 bytes(128 bits)
*/
if ((CipherTextLength % AES_BLOCK_SIZES) != 0) {
DBGPRINT(RT_DEBUG_ERROR, ("AES_CBC_Decrypt: cipher text length is %d bytes, it can't be divided with no remainder by block size(%d).\n",
CipherTextLength, AES_BLOCK_SIZES));
return;
} /* End of if */
if ((KeyLength != AES_KEY128_LENGTH) && (KeyLength != AES_KEY192_LENGTH) && (KeyLength != AES_KEY256_LENGTH)) {
DBGPRINT(RT_DEBUG_ERROR, ("AES_CBC_Decrypt: key length is %d bytes, it must be %d, %d, or %d bytes(128, 192, or 256 bits).\n",
KeyLength, AES_KEY128_LENGTH, AES_KEY192_LENGTH, AES_KEY256_LENGTH));
return;
} /* End of if */
if (IVLength != AES_CBC_IV_LENGTH) {
DBGPRINT(RT_DEBUG_ERROR, ("AES_CBC_Decrypt: IV length is %d bytes, it must be %d bytes(128bits).\n",
IVLength, AES_CBC_IV_LENGTH));
return;
} /* End of if */
/*
* 2. Main algorithm
* - Cypher text divide into serveral blocks (16 bytes/block)
* - Execute AES_Decrypt procedure.
* - Remove padding bytes, padding size is the last byte of plain text
*/
CipherBlockStart = 0;
PlainBlockStart = 0;
while ((CipherTextLength - CipherBlockStart) >= AES_BLOCK_SIZES)
{
PlainBlockSize = *PlainTextLength - PlainBlockStart;
AES_Decrypt(CipherText + CipherBlockStart, AES_BLOCK_SIZES , Key, KeyLength, PlainText + PlainBlockStart, &PlainBlockSize);
if (PlainBlockStart == 0) {
for (Index = 0; Index < AES_BLOCK_SIZES; Index++)
PlainText[PlainBlockStart + Index] ^= IV[Index];
} else {
for (Index = 0; Index < AES_BLOCK_SIZES; Index++)
PlainText[PlainBlockStart + Index] ^= CipherText[CipherBlockStart + Index - ((UINT) AES_BLOCK_SIZES)];
} /* End of if */
CipherBlockStart += AES_BLOCK_SIZES;
PlainBlockStart += PlainBlockSize;
} /* End of while */
PaddingSize = (UINT8) PlainText[PlainBlockStart -1];
*PlainTextLength = PlainBlockStart - PaddingSize;
} /* End of AES_CBC_Encrypt */
/*
========================================================================
Routine Description:
AES-CMAC generate subkey
Arguments:
Key Cipher key 128 bits
KeyLength The length of Cipher key in bytes
Return Value:
SubKey1 SubKey 1 128 bits
SubKey2 SubKey 2 128 bits
Note:
Reference to RFC 4493
Step 1. L := AES-128(K, const_Zero);
Step 2. if MSB(L) is equal to 0
then K1 := L << 1;
else K1 := (L << 1) XOR const_Rb;
Step 3. if MSB(K1) is equal to 0
then K2 := K1 << 1;
else K2 := (K1 << 1) XOR const_Rb;
Step 4. return K1, K2;
========================================================================
*/
VOID AES_CMAC_GenerateSubKey (
IN UINT8 Key[],
IN UINT KeyLength,
OUT UINT8 SubKey1[],
OUT UINT8 SubKey2[])
{
UINT8 MSB_L = 0, MSB_K1 = 0, Top_Bit = 0;
UINT SubKey1_Length = 0;
INT Index = 0;
if (KeyLength != AES_KEY128_LENGTH) {
DBGPRINT(RT_DEBUG_ERROR, ("AES_CMAC_GenerateSubKey: key length is %d bytes, it must be %d bytes(128 bits).\n",
KeyLength, AES_KEY128_LENGTH));
return;
} /* End of if */
/* Step 1: L := AES-128(K, const_Zero); */
SubKey1_Length = 16;
AES_Encrypt(Const_Zero, sizeof(Const_Zero), Key, KeyLength, SubKey1, &SubKey1_Length);
/*
* Step 2. if MSB(L) is equal to 0
* then K1 := L << 1;
* else K1 := (L << 1) XOR const_Rb;
*/
MSB_L = SubKey1[0] & 0x80;
for(Index = 0; Index < 15; Index++) {
Top_Bit = (SubKey1[Index + 1] & 0x80)?1:0;
SubKey1[Index] <<= 1;
SubKey1[Index] |= Top_Bit;
}
SubKey1[15] <<= 1;
if (MSB_L > 0) {
for(Index = 0; Index < 16; Index++)
SubKey1[Index] ^= Const_Rb[Index];
} /* End of if */
/*
* Step 3. if MSB(K1) is equal to 0
* then K2 := K1 << 1;
* else K2 := (K1 << 1) XOR const_Rb;
*/
MSB_K1 = SubKey1[0] & 0x80;
for(Index = 0; Index < 15; Index++) {
Top_Bit = (SubKey1[Index + 1] & 0x80)?1:0;
SubKey2[Index] = SubKey1[Index] << 1;
SubKey2[Index] |= Top_Bit;
}
SubKey2[15] = SubKey1[15] << 1;
if (MSB_K1 > 0) {
for(Index = 0; Index < 16; Index++)
SubKey2[Index] ^= Const_Rb[Index];
} /* End of if */
} /* End of AES_CMAC_GenerateSubKey */
/*
========================================================================
Routine Description:
AES-CMAC
Arguments:
PlainText Plain text
PlainTextLength The length of plain text in bytes
Key Cipher key, it may be 16, 24, or 32 bytes (128, 192, or 256 bits)
KeyLength The length of cipher key in bytes
MACTextLength The length of allocated memory spaces in bytes
Return Value:
MACText Message authentication code (128-bit string)
MACTextLength Return the length of Message authentication code in bytes
Note:
Reference to RFC 4493
========================================================================
*/
VOID AES_CMAC (
IN UINT8 PlainText[],
IN UINT PlainTextLength,
IN UINT8 Key[],
IN UINT KeyLength,
OUT UINT8 MACText[],
INOUT UINT *MACTextLength)
{
UINT PlainBlockStart;
UINT8 X[AES_BLOCK_SIZES], Y[AES_BLOCK_SIZES];
UINT8 SubKey1[16];
UINT8 SubKey2[16];
INT X_Length, Index;
if (*MACTextLength < AES_MAC_LENGTH) {
DBGPRINT(RT_DEBUG_ERROR, ("AES_CMAC: MAC text length is less than %d bytes).\n",
AES_MAC_LENGTH));
return;
} /* End of if */
if (KeyLength != AES_KEY128_LENGTH) {
DBGPRINT(RT_DEBUG_ERROR, ("AES_CMAC: key length is %d bytes, it must be %d bytes(128 bits).\n",
KeyLength, AES_KEY128_LENGTH));
return;
} /* End of if */
/* Step 1. (K1,K2) := Generate_Subkey(K); */
NdisZeroMemory(SubKey1, 16);
NdisZeroMemory(SubKey2, 16);
AES_CMAC_GenerateSubKey(Key, KeyLength, SubKey1, SubKey2);
/*
* 2. Main algorithm
* - Plain text divide into serveral blocks (16 bytes/block)
* - If plain text is not divided with no remainder by block, padding size = (block - remainder plain text)
* - Execute AES_Encrypt procedure.
*/
PlainBlockStart = 0;
NdisMoveMemory(X, Const_Zero, AES_BLOCK_SIZES);
while ((PlainTextLength - PlainBlockStart) > AES_BLOCK_SIZES)
{
for (Index = 0; Index < AES_BLOCK_SIZES; Index++)
Y[Index] = PlainText[PlainBlockStart + Index]^X[Index];
X_Length = sizeof(X);
AES_Encrypt(Y, sizeof(Y) , Key, KeyLength, X, &X_Length);
PlainBlockStart += ((UINT) AES_BLOCK_SIZES);
} /* End of while */
if ((PlainTextLength - PlainBlockStart) == AES_BLOCK_SIZES) {
for (Index = 0; Index < AES_BLOCK_SIZES; Index++)
Y[Index] = PlainText[PlainBlockStart + Index]^X[Index]^SubKey1[Index];
} else {
NdisZeroMemory(Y, AES_BLOCK_SIZES);
NdisMoveMemory(Y, &PlainText[PlainBlockStart], (PlainTextLength - PlainBlockStart));
Y[(PlainTextLength - PlainBlockStart)] = 0x80;
for (Index = 0; Index < AES_BLOCK_SIZES; Index++)
Y[Index] = Y[Index]^X[Index]^SubKey2[Index];
} /* End of if */
AES_Encrypt(Y, sizeof(Y) , Key, KeyLength, MACText, MACTextLength);
} /* End of AES_CMAC */