wpa_supplicant: aes-internal-enc.c Source File

00001 /*
00002  * AES (Rijndael) cipher - encrypt
00003  *
00004  * Modifications to public domain implementation:
00005  * - support only 128-bit keys
00006  * - cleanup
00007  * - use C pre-processor to make it easier to change S table access
00008  * - added option (AES_SMALL_TABLES) for reducing code size by about 8 kB at
00009  *   cost of reduced throughput (quite small difference on Pentium 4,
00010  *   10-25% when using -O1 or -O2 optimization)
00011  *
00012  * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
00013  *
00014  * This program is free software; you can redistribute it and/or modify
00015  * it under the terms of the GNU General Public License version 2 as
00016  * published by the Free Software Foundation.
00017  *
00018  * Alternatively, this software may be distributed under the terms of BSD
00019  * license.
00020  *
00021  * See README and COPYING for more details.
00022  */
00023 
00024 #include "includes.h"
00025 
00026 #include "common.h"
00027 #include "crypto.h"
00028 #include "aes_i.h"
00029 
00030 void rijndaelEncrypt(const u32 rk[/*44*/], const u8 pt[16], u8 ct[16])
00031 {
00032         u32 s0, s1, s2, s3, t0, t1, t2, t3;
00033         const int Nr = 10;
00034 #ifndef FULL_UNROLL
00035         int r;
00036 #endif /* ?FULL_UNROLL */
00037 
00038         /*
00039          * map byte array block to cipher state
00040          * and add initial round key:
00041          */
00042         s0 = GETU32(pt     ) ^ rk[0];
00043         s1 = GETU32(pt +  4) ^ rk[1];
00044         s2 = GETU32(pt +  8) ^ rk[2];
00045         s3 = GETU32(pt + 12) ^ rk[3];
00046 
00047 #define ROUND(i,d,s) \
00048 d##0 = TE0(s##0) ^ TE1(s##1) ^ TE2(s##2) ^ TE3(s##3) ^ rk[4 * i]; \
00049 d##1 = TE0(s##1) ^ TE1(s##2) ^ TE2(s##3) ^ TE3(s##0) ^ rk[4 * i + 1]; \
00050 d##2 = TE0(s##2) ^ TE1(s##3) ^ TE2(s##0) ^ TE3(s##1) ^ rk[4 * i + 2]; \
00051 d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3]
00052 
00053 #ifdef FULL_UNROLL
00054 
00055         ROUND(1,t,s);
00056         ROUND(2,s,t);
00057         ROUND(3,t,s);
00058         ROUND(4,s,t);
00059         ROUND(5,t,s);
00060         ROUND(6,s,t);
00061         ROUND(7,t,s);
00062         ROUND(8,s,t);
00063         ROUND(9,t,s);
00064 
00065         rk += Nr << 2;
00066 
00067 #else  /* !FULL_UNROLL */
00068 
00069         /* Nr - 1 full rounds: */
00070         r = Nr >> 1;
00071         for (;;) {
00072                 ROUND(1,t,s);
00073                 rk += 8;
00074                 if (--r == 0)
00075                         break;
00076                 ROUND(0,s,t);
00077         }
00078 
00079 #endif /* ?FULL_UNROLL */
00080 
00081 #undef ROUND
00082 
00083         /*
00084          * apply last round and
00085          * map cipher state to byte array block:
00086          */
00087         s0 = TE41(t0) ^ TE42(t1) ^ TE43(t2) ^ TE44(t3) ^ rk[0];
00088         PUTU32(ct     , s0);
00089         s1 = TE41(t1) ^ TE42(t2) ^ TE43(t3) ^ TE44(t0) ^ rk[1];
00090         PUTU32(ct +  4, s1);
00091         s2 = TE41(t2) ^ TE42(t3) ^ TE43(t0) ^ TE44(t1) ^ rk[2];
00092         PUTU32(ct +  8, s2);
00093         s3 = TE41(t3) ^ TE42(t0) ^ TE43(t1) ^ TE44(t2) ^ rk[3];
00094         PUTU32(ct + 12, s3);
00095 }
00096 
00097 
00098 void * aes_encrypt_init(const u8 *key, size_t len)
00099 {
00100         u32 *rk;
00101         if (len != 16)
00102                 return NULL;
00103         rk = os_malloc(AES_PRIV_SIZE);
00104         if (rk == NULL)
00105                 return NULL;
00106         rijndaelKeySetupEnc(rk, key);
00107         return rk;
00108 }
00109 
00110 
00111 void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
00112 {
00113         rijndaelEncrypt(ctx, plain, crypt);
00114 }
00115 
00116 
00117 void aes_encrypt_deinit(void *ctx)
00118 {
00119         os_memset(ctx, 0, AES_PRIV_SIZE);
00120         os_free(ctx);
00121 }