Lines Matching +full:1 +full:br +full:- +full:10
3 * aes.c - integrated in QEMU by Fabrice Bellard from the OpenSSL project.
6 * rijndael-alg-fst.c
14 * @author Paulo Barreto <paulo.barreto@terra.com.br>
34 #include "crypto/aes-round.h"
39 /* This controls loop-unrolling in aes_core.c */
41 # define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt…
42 # define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((s…
949 … 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
963 /* Note that AES_mc_rot is encoded for little-endian. */ in aesenc_MC_swap()
964 t = ( AES_mc_rot[st->b[swap_b ^ 0x0]] ^ in aesenc_MC_swap()
965 rol32(AES_mc_rot[st->b[swap_b ^ 0x1]], 8) ^ in aesenc_MC_swap()
966 rol32(AES_mc_rot[st->b[swap_b ^ 0x2]], 16) ^ in aesenc_MC_swap()
967 rol32(AES_mc_rot[st->b[swap_b ^ 0x3]], 24)); in aesenc_MC_swap()
971 r->w[swap_w ^ 0] = t; in aesenc_MC_swap()
973 t = ( AES_mc_rot[st->b[swap_b ^ 0x4]] ^ in aesenc_MC_swap()
974 rol32(AES_mc_rot[st->b[swap_b ^ 0x5]], 8) ^ in aesenc_MC_swap()
975 rol32(AES_mc_rot[st->b[swap_b ^ 0x6]], 16) ^ in aesenc_MC_swap()
976 rol32(AES_mc_rot[st->b[swap_b ^ 0x7]], 24)); in aesenc_MC_swap()
980 r->w[swap_w ^ 1] = t; in aesenc_MC_swap()
982 t = ( AES_mc_rot[st->b[swap_b ^ 0x8]] ^ in aesenc_MC_swap()
983 rol32(AES_mc_rot[st->b[swap_b ^ 0x9]], 8) ^ in aesenc_MC_swap()
984 rol32(AES_mc_rot[st->b[swap_b ^ 0xA]], 16) ^ in aesenc_MC_swap()
985 rol32(AES_mc_rot[st->b[swap_b ^ 0xB]], 24)); in aesenc_MC_swap()
989 r->w[swap_w ^ 2] = t; in aesenc_MC_swap()
991 t = ( AES_mc_rot[st->b[swap_b ^ 0xC]] ^ in aesenc_MC_swap()
992 rol32(AES_mc_rot[st->b[swap_b ^ 0xD]], 8) ^ in aesenc_MC_swap()
993 rol32(AES_mc_rot[st->b[swap_b ^ 0xE]], 16) ^ in aesenc_MC_swap()
994 rol32(AES_mc_rot[st->b[swap_b ^ 0xF]], 24)); in aesenc_MC_swap()
998 r->w[swap_w ^ 3] = t; in aesenc_MC_swap()
1021 t.b[swap_b ^ 0x0] = AES_sbox[st->b[swap_b ^ AES_SH(0x0)]]; in aesenc_SB_SR_AK_swap()
1022 t.b[swap_b ^ 0x1] = AES_sbox[st->b[swap_b ^ AES_SH(0x1)]]; in aesenc_SB_SR_AK_swap()
1023 t.b[swap_b ^ 0x2] = AES_sbox[st->b[swap_b ^ AES_SH(0x2)]]; in aesenc_SB_SR_AK_swap()
1024 t.b[swap_b ^ 0x3] = AES_sbox[st->b[swap_b ^ AES_SH(0x3)]]; in aesenc_SB_SR_AK_swap()
1025 t.b[swap_b ^ 0x4] = AES_sbox[st->b[swap_b ^ AES_SH(0x4)]]; in aesenc_SB_SR_AK_swap()
1026 t.b[swap_b ^ 0x5] = AES_sbox[st->b[swap_b ^ AES_SH(0x5)]]; in aesenc_SB_SR_AK_swap()
1027 t.b[swap_b ^ 0x6] = AES_sbox[st->b[swap_b ^ AES_SH(0x6)]]; in aesenc_SB_SR_AK_swap()
1028 t.b[swap_b ^ 0x7] = AES_sbox[st->b[swap_b ^ AES_SH(0x7)]]; in aesenc_SB_SR_AK_swap()
1029 t.b[swap_b ^ 0x8] = AES_sbox[st->b[swap_b ^ AES_SH(0x8)]]; in aesenc_SB_SR_AK_swap()
1030 t.b[swap_b ^ 0x9] = AES_sbox[st->b[swap_b ^ AES_SH(0x9)]]; in aesenc_SB_SR_AK_swap()
1031 t.b[swap_b ^ 0xa] = AES_sbox[st->b[swap_b ^ AES_SH(0xA)]]; in aesenc_SB_SR_AK_swap()
1032 t.b[swap_b ^ 0xb] = AES_sbox[st->b[swap_b ^ AES_SH(0xB)]]; in aesenc_SB_SR_AK_swap()
1033 t.b[swap_b ^ 0xc] = AES_sbox[st->b[swap_b ^ AES_SH(0xC)]]; in aesenc_SB_SR_AK_swap()
1034 t.b[swap_b ^ 0xd] = AES_sbox[st->b[swap_b ^ AES_SH(0xD)]]; in aesenc_SB_SR_AK_swap()
1035 t.b[swap_b ^ 0xe] = AES_sbox[st->b[swap_b ^ AES_SH(0xE)]]; in aesenc_SB_SR_AK_swap()
1036 t.b[swap_b ^ 0xf] = AES_sbox[st->b[swap_b ^ AES_SH(0xF)]]; in aesenc_SB_SR_AK_swap()
1043 ret->v = t.v ^ rk->v; in aesenc_SB_SR_AK_swap()
1068 w0 = (AES_Te0[st->b[swap_b ^ AES_SH(0x0)]] ^ in aesenc_SB_SR_MC_AK_swap()
1069 AES_Te1[st->b[swap_b ^ AES_SH(0x1)]] ^ in aesenc_SB_SR_MC_AK_swap()
1070 AES_Te2[st->b[swap_b ^ AES_SH(0x2)]] ^ in aesenc_SB_SR_MC_AK_swap()
1071 AES_Te3[st->b[swap_b ^ AES_SH(0x3)]]); in aesenc_SB_SR_MC_AK_swap()
1073 w1 = (AES_Te0[st->b[swap_b ^ AES_SH(0x4)]] ^ in aesenc_SB_SR_MC_AK_swap()
1074 AES_Te1[st->b[swap_b ^ AES_SH(0x5)]] ^ in aesenc_SB_SR_MC_AK_swap()
1075 AES_Te2[st->b[swap_b ^ AES_SH(0x6)]] ^ in aesenc_SB_SR_MC_AK_swap()
1076 AES_Te3[st->b[swap_b ^ AES_SH(0x7)]]); in aesenc_SB_SR_MC_AK_swap()
1078 w2 = (AES_Te0[st->b[swap_b ^ AES_SH(0x8)]] ^ in aesenc_SB_SR_MC_AK_swap()
1079 AES_Te1[st->b[swap_b ^ AES_SH(0x9)]] ^ in aesenc_SB_SR_MC_AK_swap()
1080 AES_Te2[st->b[swap_b ^ AES_SH(0xA)]] ^ in aesenc_SB_SR_MC_AK_swap()
1081 AES_Te3[st->b[swap_b ^ AES_SH(0xB)]]); in aesenc_SB_SR_MC_AK_swap()
1083 w3 = (AES_Te0[st->b[swap_b ^ AES_SH(0xC)]] ^ in aesenc_SB_SR_MC_AK_swap()
1084 AES_Te1[st->b[swap_b ^ AES_SH(0xD)]] ^ in aesenc_SB_SR_MC_AK_swap()
1085 AES_Te2[st->b[swap_b ^ AES_SH(0xE)]] ^ in aesenc_SB_SR_MC_AK_swap()
1086 AES_Te3[st->b[swap_b ^ AES_SH(0xF)]]); in aesenc_SB_SR_MC_AK_swap()
1088 /* Note that AES_TeX is encoded for big-endian. */ in aesenc_SB_SR_MC_AK_swap()
1096 r->w[swap_w ^ 0] = rk->w[swap_w ^ 0] ^ w0; in aesenc_SB_SR_MC_AK_swap()
1097 r->w[swap_w ^ 1] = rk->w[swap_w ^ 1] ^ w1; in aesenc_SB_SR_MC_AK_swap()
1098 r->w[swap_w ^ 2] = rk->w[swap_w ^ 2] ^ w2; in aesenc_SB_SR_MC_AK_swap()
1099 r->w[swap_w ^ 3] = rk->w[swap_w ^ 3] ^ w3; in aesenc_SB_SR_MC_AK_swap()
1125 /* Note that AES_imc_rot is encoded for little-endian. */ in aesdec_IMC_swap()
1126 t = ( AES_imc_rot[st->b[swap_b ^ 0x0]] ^ in aesdec_IMC_swap()
1127 rol32(AES_imc_rot[st->b[swap_b ^ 0x1]], 8) ^ in aesdec_IMC_swap()
1128 rol32(AES_imc_rot[st->b[swap_b ^ 0x2]], 16) ^ in aesdec_IMC_swap()
1129 rol32(AES_imc_rot[st->b[swap_b ^ 0x3]], 24)); in aesdec_IMC_swap()
1133 r->w[swap_w ^ 0] = t; in aesdec_IMC_swap()
1135 t = ( AES_imc_rot[st->b[swap_b ^ 0x4]] ^ in aesdec_IMC_swap()
1136 rol32(AES_imc_rot[st->b[swap_b ^ 0x5]], 8) ^ in aesdec_IMC_swap()
1137 rol32(AES_imc_rot[st->b[swap_b ^ 0x6]], 16) ^ in aesdec_IMC_swap()
1138 rol32(AES_imc_rot[st->b[swap_b ^ 0x7]], 24)); in aesdec_IMC_swap()
1142 r->w[swap_w ^ 1] = t; in aesdec_IMC_swap()
1144 t = ( AES_imc_rot[st->b[swap_b ^ 0x8]] ^ in aesdec_IMC_swap()
1145 rol32(AES_imc_rot[st->b[swap_b ^ 0x9]], 8) ^ in aesdec_IMC_swap()
1146 rol32(AES_imc_rot[st->b[swap_b ^ 0xA]], 16) ^ in aesdec_IMC_swap()
1147 rol32(AES_imc_rot[st->b[swap_b ^ 0xB]], 24)); in aesdec_IMC_swap()
1151 r->w[swap_w ^ 2] = t; in aesdec_IMC_swap()
1153 t = ( AES_imc_rot[st->b[swap_b ^ 0xC]] ^ in aesdec_IMC_swap()
1154 rol32(AES_imc_rot[st->b[swap_b ^ 0xD]], 8) ^ in aesdec_IMC_swap()
1155 rol32(AES_imc_rot[st->b[swap_b ^ 0xE]], 16) ^ in aesdec_IMC_swap()
1156 rol32(AES_imc_rot[st->b[swap_b ^ 0xF]], 24)); in aesdec_IMC_swap()
1160 r->w[swap_w ^ 3] = t; in aesdec_IMC_swap()
1183 t.b[swap_b ^ 0x0] = AES_isbox[st->b[swap_b ^ AES_ISH(0x0)]]; in aesdec_ISB_ISR_AK_swap()
1184 t.b[swap_b ^ 0x1] = AES_isbox[st->b[swap_b ^ AES_ISH(0x1)]]; in aesdec_ISB_ISR_AK_swap()
1185 t.b[swap_b ^ 0x2] = AES_isbox[st->b[swap_b ^ AES_ISH(0x2)]]; in aesdec_ISB_ISR_AK_swap()
1186 t.b[swap_b ^ 0x3] = AES_isbox[st->b[swap_b ^ AES_ISH(0x3)]]; in aesdec_ISB_ISR_AK_swap()
1187 t.b[swap_b ^ 0x4] = AES_isbox[st->b[swap_b ^ AES_ISH(0x4)]]; in aesdec_ISB_ISR_AK_swap()
1188 t.b[swap_b ^ 0x5] = AES_isbox[st->b[swap_b ^ AES_ISH(0x5)]]; in aesdec_ISB_ISR_AK_swap()
1189 t.b[swap_b ^ 0x6] = AES_isbox[st->b[swap_b ^ AES_ISH(0x6)]]; in aesdec_ISB_ISR_AK_swap()
1190 t.b[swap_b ^ 0x7] = AES_isbox[st->b[swap_b ^ AES_ISH(0x7)]]; in aesdec_ISB_ISR_AK_swap()
1191 t.b[swap_b ^ 0x8] = AES_isbox[st->b[swap_b ^ AES_ISH(0x8)]]; in aesdec_ISB_ISR_AK_swap()
1192 t.b[swap_b ^ 0x9] = AES_isbox[st->b[swap_b ^ AES_ISH(0x9)]]; in aesdec_ISB_ISR_AK_swap()
1193 t.b[swap_b ^ 0xa] = AES_isbox[st->b[swap_b ^ AES_ISH(0xA)]]; in aesdec_ISB_ISR_AK_swap()
1194 t.b[swap_b ^ 0xb] = AES_isbox[st->b[swap_b ^ AES_ISH(0xB)]]; in aesdec_ISB_ISR_AK_swap()
1195 t.b[swap_b ^ 0xc] = AES_isbox[st->b[swap_b ^ AES_ISH(0xC)]]; in aesdec_ISB_ISR_AK_swap()
1196 t.b[swap_b ^ 0xd] = AES_isbox[st->b[swap_b ^ AES_ISH(0xD)]]; in aesdec_ISB_ISR_AK_swap()
1197 t.b[swap_b ^ 0xe] = AES_isbox[st->b[swap_b ^ AES_ISH(0xE)]]; in aesdec_ISB_ISR_AK_swap()
1198 t.b[swap_b ^ 0xf] = AES_isbox[st->b[swap_b ^ AES_ISH(0xF)]]; in aesdec_ISB_ISR_AK_swap()
1205 ret->v = t.v ^ rk->v; in aesdec_ISB_ISR_AK_swap()
1230 w0 = (AES_Td0[st->b[swap_b ^ AES_ISH(0x0)]] ^ in aesdec_ISB_ISR_IMC_AK_swap()
1231 AES_Td1[st->b[swap_b ^ AES_ISH(0x1)]] ^ in aesdec_ISB_ISR_IMC_AK_swap()
1232 AES_Td2[st->b[swap_b ^ AES_ISH(0x2)]] ^ in aesdec_ISB_ISR_IMC_AK_swap()
1233 AES_Td3[st->b[swap_b ^ AES_ISH(0x3)]]); in aesdec_ISB_ISR_IMC_AK_swap()
1235 w1 = (AES_Td0[st->b[swap_b ^ AES_ISH(0x4)]] ^ in aesdec_ISB_ISR_IMC_AK_swap()
1236 AES_Td1[st->b[swap_b ^ AES_ISH(0x5)]] ^ in aesdec_ISB_ISR_IMC_AK_swap()
1237 AES_Td2[st->b[swap_b ^ AES_ISH(0x6)]] ^ in aesdec_ISB_ISR_IMC_AK_swap()
1238 AES_Td3[st->b[swap_b ^ AES_ISH(0x7)]]); in aesdec_ISB_ISR_IMC_AK_swap()
1240 w2 = (AES_Td0[st->b[swap_b ^ AES_ISH(0x8)]] ^ in aesdec_ISB_ISR_IMC_AK_swap()
1241 AES_Td1[st->b[swap_b ^ AES_ISH(0x9)]] ^ in aesdec_ISB_ISR_IMC_AK_swap()
1242 AES_Td2[st->b[swap_b ^ AES_ISH(0xA)]] ^ in aesdec_ISB_ISR_IMC_AK_swap()
1243 AES_Td3[st->b[swap_b ^ AES_ISH(0xB)]]); in aesdec_ISB_ISR_IMC_AK_swap()
1245 w3 = (AES_Td0[st->b[swap_b ^ AES_ISH(0xC)]] ^ in aesdec_ISB_ISR_IMC_AK_swap()
1246 AES_Td1[st->b[swap_b ^ AES_ISH(0xD)]] ^ in aesdec_ISB_ISR_IMC_AK_swap()
1247 AES_Td2[st->b[swap_b ^ AES_ISH(0xE)]] ^ in aesdec_ISB_ISR_IMC_AK_swap()
1248 AES_Td3[st->b[swap_b ^ AES_ISH(0xF)]]); in aesdec_ISB_ISR_IMC_AK_swap()
1250 /* Note that AES_TdX is encoded for big-endian. */ in aesdec_ISB_ISR_IMC_AK_swap()
1258 r->w[swap_w ^ 0] = rk->w[swap_w ^ 0] ^ w0; in aesdec_ISB_ISR_IMC_AK_swap()
1259 r->w[swap_w ^ 1] = rk->w[swap_w ^ 1] ^ w1; in aesdec_ISB_ISR_IMC_AK_swap()
1260 r->w[swap_w ^ 2] = rk->w[swap_w ^ 2] ^ w2; in aesdec_ISB_ISR_IMC_AK_swap()
1261 r->w[swap_w ^ 3] = rk->w[swap_w ^ 3] ^ w3; in aesdec_ISB_ISR_IMC_AK_swap()
1301 return -1; in AES_set_encrypt_key()
1303 return -2; in AES_set_encrypt_key()
1305 rk = key->rd_key; in AES_set_encrypt_key()
1308 key->rounds = 10; in AES_set_encrypt_key()
1310 key->rounds = 12; in AES_set_encrypt_key()
1312 key->rounds = 14; in AES_set_encrypt_key()
1315 rk[1] = GETU32(userKey + 4); in AES_set_encrypt_key()
1319 while (1) { in AES_set_encrypt_key()
1327 rk[5] = rk[1] ^ rk[4]; in AES_set_encrypt_key()
1330 if (++i == 10) { in AES_set_encrypt_key()
1339 while (1) { in AES_set_encrypt_key()
1347 rk[ 7] = rk[ 1] ^ rk[ 6]; in AES_set_encrypt_key()
1353 rk[10] = rk[ 4] ^ rk[ 9]; in AES_set_encrypt_key()
1354 rk[11] = rk[ 5] ^ rk[10]; in AES_set_encrypt_key()
1361 while (1) { in AES_set_encrypt_key()
1369 rk[ 9] = rk[ 1] ^ rk[ 8]; in AES_set_encrypt_key()
1370 rk[10] = rk[ 2] ^ rk[ 9]; in AES_set_encrypt_key()
1371 rk[11] = rk[ 3] ^ rk[10]; in AES_set_encrypt_key()
1406 rk = key->rd_key; in AES_set_decrypt_key()
1409 for (i = 0, j = 4 * (key->rounds); i < j; i += 4, j -= 4) { in AES_set_decrypt_key()
1411 temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; in AES_set_decrypt_key()
1416 for (i = 1; i < (key->rounds); i++) { in AES_set_decrypt_key()
1423 rk[1] = in AES_set_decrypt_key()
1424 AES_Td0[AES_Te4[(rk[1] >> 24) ] & 0xff] ^ in AES_set_decrypt_key()
1425 AES_Td1[AES_Te4[(rk[1] >> 16) & 0xff] & 0xff] ^ in AES_set_decrypt_key()
1426 AES_Td2[AES_Te4[(rk[1] >> 8) & 0xff] & 0xff] ^ in AES_set_decrypt_key()
1427 AES_Td3[AES_Te4[(rk[1] ) & 0xff] & 0xff]; in AES_set_decrypt_key()
1457 rk = key->rd_key; in AES_encrypt()
1464 s1 = GETU32(in + 4) ^ rk[1]; in AES_encrypt()
1468 /* round 1: */ in AES_encrypt()
1476 …[t2 >> 24] ^ AES_Te1[(t3 >> 16) & 0xff] ^ AES_Te2[(t0 >> 8) & 0xff] ^ AES_Te3[t1 & 0xff] ^ rk[10]; in AES_encrypt()
1513 if (key->rounds > 10) { in AES_encrypt()
1514 /* round 10: */ in AES_encrypt()
1524 if (key->rounds > 12) { in AES_encrypt()
1537 rk += key->rounds << 2; in AES_encrypt()
1540 * Nr - 1 full rounds: in AES_encrypt()
1542 r = key->rounds >> 1; in AES_encrypt()
1570 if (--r == 0) { in AES_encrypt()
1585 rk[1]; in AES_encrypt()
1616 rk[1]; in AES_encrypt()
1648 rk = key->rd_key; in AES_decrypt()
1655 s1 = GETU32(in + 4) ^ rk[1]; in AES_decrypt()
1659 /* round 1: */ in AES_decrypt()
1667 …[t2 >> 24] ^ AES_Td1[(t1 >> 16) & 0xff] ^ AES_Td2[(t0 >> 8) & 0xff] ^ AES_Td3[t3 & 0xff] ^ rk[10]; in AES_decrypt()
1704 if (key->rounds > 10) { in AES_decrypt()
1705 /* round 10: */ in AES_decrypt()
1715 if (key->rounds > 12) { in AES_decrypt()
1728 rk += key->rounds << 2; in AES_decrypt()
1731 * Nr - 1 full rounds: in AES_decrypt()
1733 r = key->rounds >> 1; in AES_decrypt()
1761 if (--r == 0) { in AES_decrypt()
1776 rk[1]; in AES_decrypt()
1807 rk[1]; in AES_decrypt()