rixxc/KeePassDX
1
0
Fork 0
mirror of https://github.com/Kunzisoft/KeePassDX.git synced 2025-12-04 15:49:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rename crypto module

Browse Source
This commit is contained in:
J-Jamet
2021-03-26 16:53:09 +01:00
parent c5d30b9b23
commit df31c43e59
52 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
/build
/.cxx

55
crypto/build.gradle Normal file
View File

@@ -0,0 +1,55 @@
plugins {
id 'com.android.library'
id 'kotlin-android'
id 'kotlin-kapt'
}
android {
compileSdkVersion 30
buildToolsVersion "30.0.3"
defaultConfig {
minSdkVersion 15
targetSdkVersion 30
versionCode 1
versionName "1.0"
multiDexEnabled true
testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
}
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
externalNativeBuild {
cmake {
path "src/main/jni/CMakeLists.txt"
}
}
compileOptions {
sourceCompatibility JavaVersion.VERSION_1_8
targetCompatibility JavaVersion.VERSION_1_8
}
kotlinOptions {
jvmTarget = '1.8'
}
}
dependencies {
implementation "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version"
implementation 'androidx.core:core-ktx:1.3.2'
implementation 'androidx.appcompat:appcompat:1.2.0'
implementation 'com.google.android.material:material:1.3.0'
// Crypto
implementation 'org.bouncycastle:bcprov-jdk15on:1.65.01'
implementation 'com.lambdapioneer.argon2kt:argon2kt:1.2.0'
androidTestImplementation 'androidx.test:runner:1.3.0'
androidTestImplementation 'androidx.test:rules:1.3.0'
}

112
crypto/src/androidTest/java/com/kunzisoft/encrypt/AESTest.kt Normal file
View File

@@ -0,0 +1,112 @@
/*
* Copyright 2021 Jeremy Jamet / Kunzisoft.
*
* This file is part of KeePassDX.
*
* KeePassDX is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* KeePassDX is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with KeePassDX. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.kunzisoft.encrypt
import com.kunzisoft.encrypt.aes.AESTransformer
import org.junit.Assert.assertArrayEquals
import org.junit.Test
import java.io.ByteArrayInputStream
import java.io.ByteArrayOutputStream
import java.util.*
import javax.crypto.Cipher
import javax.crypto.CipherInputStream
import javax.crypto.CipherOutputStream
class AESTest {
private val mRand = Random()
@Test
fun testAESByteArray() {
// Generate random input
val input = ByteArray(mRand.nextInt(494) + 18)
mRand.nextBytes(input)
// Generate key
val keyArray = ByteArray(32)
mRand.nextBytes(keyArray)
// Generate IV
val ivArray = ByteArray(16)
mRand.nextBytes(ivArray)
val androidEncrypt = CipherFactory.getAES(Cipher.ENCRYPT_MODE, keyArray, ivArray).doFinal(input)
val nativeEncrypt = CipherFactory.getAES(Cipher.ENCRYPT_MODE, keyArray, ivArray, true).doFinal(input)
assertArrayEquals("Check AES encryption", androidEncrypt, nativeEncrypt)
val androidDecrypt = CipherFactory.getAES(Cipher.DECRYPT_MODE, keyArray, ivArray).doFinal(androidEncrypt)
val nativeDecrypt = CipherFactory.getAES(Cipher.DECRYPT_MODE, keyArray, ivArray, true).doFinal(nativeEncrypt)
assertArrayEquals("Check AES encryption/decryption", androidDecrypt, nativeDecrypt)
val androidMixDecrypt = CipherFactory.getAES(Cipher.DECRYPT_MODE, keyArray, ivArray).doFinal(nativeEncrypt)
val nativeMixDecrypt = CipherFactory.getAES(Cipher.DECRYPT_MODE, keyArray, ivArray, true).doFinal(androidEncrypt)
assertArrayEquals("Check AES mix encryption/decryption", androidMixDecrypt, nativeMixDecrypt)
}
@Test
fun testAESStream() {
// Generate random input
val input = ByteArray(mRand.nextInt(494) + 18)
mRand.nextBytes(input)
// Generate key
val keyArray = ByteArray(32)
mRand.nextBytes(keyArray)
// Generate IV
val ivArray = ByteArray(16)
mRand.nextBytes(ivArray)
val androidEncrypt = CipherFactory.getAES(Cipher.ENCRYPT_MODE, keyArray, ivArray)
val androidDecrypt = CipherFactory.getAES(Cipher.DECRYPT_MODE, keyArray, ivArray)
val androidOutputStream = ByteArrayOutputStream()
CipherInputStream(ByteArrayInputStream(input), androidEncrypt).use { cipherInputStream ->
CipherOutputStream(androidOutputStream, androidDecrypt).use { outputStream ->
outputStream.write(cipherInputStream.readBytes())
}
}
val androidOut = androidOutputStream.toByteArray()
val nativeEncrypt = CipherFactory.getAES(Cipher.ENCRYPT_MODE, keyArray, ivArray)
val nativeDecrypt = CipherFactory.getAES(Cipher.DECRYPT_MODE, keyArray, ivArray)
val nativeOutputStream = ByteArrayOutputStream()
CipherInputStream(ByteArrayInputStream(input), nativeEncrypt).use { cipherInputStream ->
CipherOutputStream(nativeOutputStream, nativeDecrypt).use { outputStream ->
outputStream.write(cipherInputStream.readBytes())
}
}
val nativeOut = nativeOutputStream.toByteArray()
assertArrayEquals("Check AES encryption/decryption", androidOut, nativeOut)
}
@Test
fun testAESKDF() {
val seed = ByteArray(32)
mRand.nextBytes(seed)
val key = ByteArray(32)
mRand.nextBytes(key)
val rounds = 60000L
val androidKey = AESTransformer.transformKeyInJVM(seed, key, rounds)
val nativeKey = AESTransformer.transformKey(seed, key, rounds)
assertArrayEquals("Does not match", androidKey, nativeKey)
}
}

26
crypto/src/androidTest/java/com/kunzisoft/encrypt/CipherTest.kt Normal file
View File

@@ -0,0 +1,26 @@
/*
* Copyright 2021 Jeremy Jamet / Kunzisoft.
*
* This file is part of KeePassDX.
*
* KeePassDX is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* KeePassDX is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with KeePassDX. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.kunzisoft.encrypt
class CipherTest {
// TODO Cipher Tests
}

5
crypto/src/main/AndroidManifest.xml Normal file
View File

@@ -0,0 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.kunzisoft.encrypt">
</manifest>

53
crypto/src/main/java/com/kunzisoft/encrypt/CipherFactory.kt Normal file
View File

@@ -0,0 +1,53 @@
package com.kunzisoft.encrypt
import android.util.Log
import com.kunzisoft.encrypt.aes.AESProvider
import org.bouncycastle.jce.provider.BouncyCastleProvider
import java.security.InvalidAlgorithmParameterException
import java.security.InvalidKeyException
import java.security.NoSuchAlgorithmException
import java.security.Security
import javax.crypto.Cipher
import javax.crypto.NoSuchPaddingException
import javax.crypto.spec.IvParameterSpec
import javax.crypto.spec.SecretKeySpec
object CipherFactory {
init {
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME)
Security.addProvider(BouncyCastleProvider())
}
@Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
fun getAES(opmode: Int, key: ByteArray, IV: ByteArray, forceNative: Boolean = false): Cipher {
val transformation = "AES/CBC/PKCS5Padding"
val cipher = if (forceNative || NativeLib.loaded()) {
// Try native implementation
try {
Cipher.getInstance(transformation, AESProvider())
} catch (exception: Exception) {
Log.e(CipherFactory::class.java.simpleName, "Unable to retrieve native AES cipher", exception)
Cipher.getInstance(transformation)
}
} else {
Cipher.getInstance(transformation)
}
cipher.init(opmode, SecretKeySpec(key, "AES"), IvParameterSpec(IV))
return cipher
}
@Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
fun getTwofish(opmode: Int, key: ByteArray, IV: ByteArray): Cipher {
val cipher: Cipher = Cipher.getInstance("Twofish/CBC/PKCS7PADDING")
cipher.init(opmode, SecretKeySpec(key, "AES"), IvParameterSpec(IV))
return cipher
}
@Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
fun getChacha20(opmode: Int, key: ByteArray, IV: ByteArray): Cipher {
val cipher = Cipher.getInstance("Chacha7539", BouncyCastleProvider())
cipher.init(opmode, SecretKeySpec(key, "ChaCha7539"), IvParameterSpec(IV))
return cipher
}
}

108
crypto/src/main/java/com/kunzisoft/encrypt/HashManager.kt Normal file
View File

@@ -0,0 +1,108 @@
/*
* Copyright 2019 Jeremy Jamet / Kunzisoft.
*
* This file is part of KeePassDX.
*
* KeePassDX is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* KeePassDX is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with KeePassDX. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.kunzisoft.encrypt
import org.bouncycastle.crypto.engines.ChaCha7539Engine
import org.bouncycastle.crypto.engines.Salsa20Engine
import org.bouncycastle.crypto.params.KeyParameter
import org.bouncycastle.crypto.params.ParametersWithIV
import java.io.IOException
import java.security.MessageDigest
import java.security.NoSuchAlgorithmException
object HashManager {
fun getHash256(): MessageDigest {
val messageDigest: MessageDigest
try {
messageDigest = MessageDigest.getInstance("SHA-256")
} catch (e: NoSuchAlgorithmException) {
throw IOException("SHA-256 not implemented here.", e)
}
return messageDigest
}
fun hashSha256(vararg data: ByteArray): ByteArray {
val hash: MessageDigest = getHash256()
for (byteArray in data) {
hash.update(byteArray)
}
return hash.digest()
}
fun getHash512(): MessageDigest {
val messageDigest: MessageDigest
try {
messageDigest = MessageDigest.getInstance("SHA-512")
} catch (e: NoSuchAlgorithmException) {
throw IOException("SHA-256 not implemented here.", e)
}
return messageDigest
}
private fun hashSha512(vararg data: ByteArray): ByteArray {
val hash: MessageDigest = getHash512()
for (byteArray in data) {
hash.update(byteArray)
}
return hash.digest()
}
private val SALSA_IV = byteArrayOf(
0xE8.toByte(),
0x30,
0x09,
0x4B,
0x97.toByte(),
0x20,
0x5D,
0x2A)
fun getSalsa20(key: ByteArray): StreamCipher {
// Build stream cipher key
val key32 = hashSha256(key)
val keyParam = KeyParameter(key32)
val ivParam = ParametersWithIV(keyParam, SALSA_IV)
val cipher = Salsa20Engine()
cipher.init(true, ivParam)
return StreamCipher(cipher)
}
fun getChaCha20(key: ByteArray): StreamCipher {
// Build stream cipher key
val hash = hashSha512(key)
val key32 = ByteArray(32)
val iv = ByteArray(12)
System.arraycopy(hash, 0, key32, 0, 32)
System.arraycopy(hash, 32, iv, 0, 12)
val keyParam = KeyParameter(key32)
val ivParam = ParametersWithIV(keyParam, iv)
val cipher = ChaCha7539Engine()
cipher.init(true, ivParam)
return StreamCipher(cipher)
}
}

43
crypto/src/main/java/com/kunzisoft/encrypt/NativeLib.kt Normal file
View File

@@ -0,0 +1,43 @@
/*
* Copyright 2019 Jeremy Jamet / Kunzisoft.
*
* This file is part of KeePassDX.
*
* KeePassDX is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* KeePassDX is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with KeePassDX. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.kunzisoft.encrypt
object NativeLib {
private var isLoaded = false
private var loadSuccess = false
fun loaded(): Boolean {
return init()
}
fun init(): Boolean {
if (!isLoaded) {
try {
System.loadLibrary("final-key")
} catch (e: UnsatisfiedLinkError) {
return false
}
isLoaded = true
loadSuccess = true
}
return loadSuccess
}
}

38
crypto/src/main/java/com/kunzisoft/encrypt/StreamCipher.kt Normal file
View File

@@ -0,0 +1,38 @@
package com.kunzisoft.encrypt
import org.bouncycastle.crypto.CipherParameters
import org.bouncycastle.crypto.DataLengthException
/**
* Stream cipher to process data
*/
class StreamCipher(private val streamCipher: org.bouncycastle.crypto.StreamCipher) {
/**
* Initialise the cipher.
*
* @param forEncryption if true the cipher is initialised for
* encryption, if false for decryption.
* @param params the key and other data required by the cipher.
* @exception IllegalArgumentException if the params argument is
* inappropriate.
*/
@Throws(IllegalArgumentException::class)
fun init(forEncryption: Boolean, params: CipherParameters?) {
streamCipher.init(forEncryption, params)
}
/**
* process a block of bytes from in putting the result into out.
*
* @param data the input byte array.
* @return the output buffer.
* @exception DataLengthException if the output buffer is too small.
*/
@Throws(DataLengthException::class)
fun processBytes(data: ByteArray): ByteArray {
val size = data.size
val out = ByteArray(size)
streamCipher.processBytes(data, 0, size, out, 0)
return out
}
}

34
crypto/src/main/java/com/kunzisoft/encrypt/aes/AESProvider.kt Normal file
View File

@@ -0,0 +1,34 @@
/*
* Copyright 2019 Jeremy Jamet / Kunzisoft.
*
* This file is part of KeePassDX.
*
* KeePassDX is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* KeePassDX is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with KeePassDX. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.kunzisoft.encrypt.aes
import java.security.Provider
class AESProvider : Provider("AESProvider", 1.0, "") {
init {
put("Cipher.AES", NativeAESCipherSpi::class.java.name)
}
companion object {
private const val serialVersionUID = -3846349284296062658L
}
}

83
crypto/src/main/java/com/kunzisoft/encrypt/aes/AESTransformer.kt Normal file
View File

@@ -0,0 +1,83 @@
/*
* Copyright 2017 Brian Pellin, Jeremy Jamet / Kunzisoft.
*
* This file is part of KeePassDX.
*
* KeePassDX is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* KeePassDX is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with KeePassDX. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.kunzisoft.encrypt.aes
import android.annotation.SuppressLint
import android.util.Log
import com.kunzisoft.encrypt.HashManager
import com.kunzisoft.encrypt.NativeLib
import java.io.IOException
import java.security.InvalidKeyException
import javax.crypto.Cipher
import javax.crypto.ShortBufferException
import javax.crypto.spec.SecretKeySpec
object AESTransformer {
fun transformKey(seed: ByteArray?, key: ByteArray?, rounds: Long?): ByteArray? {
// Prefer the native final key implementation
return try {
NativeLib.init()
NativeAESKeyTransformer.nTransformKey(seed, key, rounds!!)
} catch (exception: Exception) {
Log.e(AESTransformer::class.java.simpleName, "Unable to perform native AES key transformation", exception)
// Fall back on the android crypto implementation
transformKeyInJVM(seed, key, rounds)
}
}
@SuppressLint("GetInstance")
@Throws(IOException::class)
fun transformKeyInJVM(seed: ByteArray?, key: ByteArray?, rounds: Long?): ByteArray {
val cipher: Cipher = try {
Cipher.getInstance("AES/ECB/NoPadding")
} catch (e: Exception) {
throw IOException("Unable to get the cipher", e)
}
try {
cipher.init(Cipher.ENCRYPT_MODE, SecretKeySpec(seed, "AES"))
} catch (e: InvalidKeyException) {
throw IOException("Unable to init the cipher", e)
}
if (key == null) {
throw IOException("Invalid key")
}
if (rounds == null) {
throw IOException("Invalid rounds")
}
// Encrypt key rounds times
val keyLength = key.size
val newKey = ByteArray(keyLength)
System.arraycopy(key, 0, newKey, 0, keyLength)
val destKey = ByteArray(keyLength)
for (i in 0 until rounds) {
try {
cipher.update(newKey, 0, newKey.size, destKey, 0)
System.arraycopy(destKey, 0, newKey, 0, newKey.size)
} catch (e: ShortBufferException) {
throw IOException("Short buffer", e)
}
}
// Hash the key
return HashManager.hashSha256(newKey)
}
}

304
crypto/src/main/java/com/kunzisoft/encrypt/aes/NativeAESCipherSpi.java Normal file
View File

@@ -0,0 +1,304 @@
/*
* Copyright 2019 Jeremy Jamet / Kunzisoft.
*
* This file is part of KeePassDX.
*
* KeePassDX is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* KeePassDX is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with KeePassDX. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.kunzisoft.encrypt.aes;
import android.util.Log;
import com.kunzisoft.encrypt.NativeLib;
import java.lang.ref.PhantomReference;
import java.lang.ref.Reference;
import java.lang.ref.ReferenceQueue;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.util.HashMap;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherSpi;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
public class NativeAESCipherSpi extends CipherSpi {
private static final String TAG = NativeAESCipherSpi.class.getName();
private static boolean mIsStaticInit = false;
private static HashMap<PhantomReference<NativeAESCipherSpi>, Long> mCleanup = new HashMap<>();
private static ReferenceQueue<NativeAESCipherSpi> mQueue = new ReferenceQueue<>();
private final int AES_BLOCK_SIZE = 16;
private byte[] mIV;
private boolean mIsInit = false;
private long mCtxPtr;
private boolean mPadding = false;
private static void staticInit() {
mIsStaticInit = true;
// Start the cipher context cleanup thread to run forever
(new Thread(new Cleanup())).start();
}
private static void addToCleanupQueue(NativeAESCipherSpi ref, long ptr) {
Log.d(TAG, "queued cipher context: " + ptr);
mCleanup.put(new PhantomReference<>(ref, mQueue), ptr);
}
/** Work with the garbage collector to clean up openssl memory when the cipher
* context is garbage collected.
* @author bpellin
*/
private static class Cleanup implements Runnable {
public void run() {
while (true) {
try {
Reference<? extends NativeAESCipherSpi> ref = mQueue.remove();
long ctx = mCleanup.remove(ref);
nCleanup(ctx);
Log.d(TAG, "Cleaned up cipher context: " + ctx);
} catch (InterruptedException e) {
// Do nothing, but resume looping if mQueue.remove is interrupted
}
}
}
}
private static native void nCleanup(long ctxPtr);
public NativeAESCipherSpi() {
if ( !mIsStaticInit ) {
staticInit();
}
}
@Override
protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
throws IllegalBlockSizeException, BadPaddingException {
int maxSize = engineGetOutputSize(inputLen);
byte[] output = new byte[maxSize];
int finalSize;
try {
finalSize = doFinal(input, inputOffset, inputLen, output, 0);
} catch (ShortBufferException e) {
// This shouldn't be possible rethrow as RuntimeException
throw new RuntimeException("Short buffer exception shouldn't be possible from here.");
}
if ( maxSize == finalSize ) {
return output;
} else {
// TODO: Special doFinal to avoid this copy
byte[] exact = new byte[finalSize];
System.arraycopy(output, 0, exact, 0, finalSize);
return exact;
}
}
@Override
protected int engineDoFinal(byte[] input, int inputOffset, int inputLen,
byte[] output, int outputOffset) throws ShortBufferException,
IllegalBlockSizeException, BadPaddingException {
int result = doFinal(input, inputOffset, inputLen, output, outputOffset);
if ( result == -1 ) {
throw new ShortBufferException();
}
return result;
}
private int doFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
int outputSize = engineGetOutputSize(inputLen);
int updateAmt;
if (input != null && inputLen > 0) {
updateAmt = nUpdate(mCtxPtr, input, inputOffset, inputLen, output, outputOffset, outputSize);
} else {
updateAmt = 0;
}
int finalAmt = nFinal(mCtxPtr, mPadding, output, outputOffset + updateAmt, outputSize - updateAmt);
return updateAmt + finalAmt;
}
private native int nFinal(long ctxPtr, boolean usePadding, byte[] output, int outputOffest, int outputSize)
throws ShortBufferException, IllegalBlockSizeException, BadPaddingException;
@Override
protected int engineGetBlockSize() {
return AES_BLOCK_SIZE;
}
@Override
protected byte[] engineGetIV() {
byte[] copyIV = new byte[0];
if (mIV != null) {
int lengthIV = mIV.length;
copyIV = new byte[lengthIV];
System.arraycopy(mIV, 0, copyIV, 0, lengthIV);
}
return copyIV;
}
@Override
protected int engineGetOutputSize(int inputLen) {
return inputLen + nGetCacheSize(mCtxPtr) + AES_BLOCK_SIZE;
}
private native int nGetCacheSize(long ctxPtr);
@Override
protected AlgorithmParameters engineGetParameters() {
// TODO Auto-generated method stub
return null;
}
@Override
protected void engineInit(int opmode, Key key, SecureRandom random)
throws InvalidKeyException {
byte[] ivArray = new byte[16];
random.nextBytes(ivArray);
init(opmode, key, new IvParameterSpec(ivArray));
}
@Override
protected void engineInit(int opmode, Key key,
AlgorithmParameterSpec params, SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
IvParameterSpec ivparam;
if ( params instanceof IvParameterSpec ) {
ivparam = (IvParameterSpec) params;
} else {
throw new InvalidAlgorithmParameterException("params must be an IvParameterSpec.");
}
init(opmode, key, ivparam);
}
@Override
protected void engineInit(int opmode, Key key, AlgorithmParameters params,
SecureRandom random) throws InvalidKeyException,
InvalidAlgorithmParameterException {
try {
engineInit(opmode, key, params.getParameterSpec(AlgorithmParameterSpec.class), random);
} catch (InvalidParameterSpecException e) {
throw new InvalidAlgorithmParameterException(e);
}
}
private void init(int opmode, Key key, IvParameterSpec params) {
if (mIsInit) {
// Do not allow multiple inits
throw new RuntimeException("Don't allow multiple inits");
} else {
NativeLib.INSTANCE.init();
mIsInit = true;
}
mIV = params.getIV();
mCtxPtr = nInit(opmode == Cipher.ENCRYPT_MODE, key.getEncoded(), mIV);
addToCleanupQueue(this, mCtxPtr);
}
private native long nInit(boolean encrypting, byte[] key, byte[] iv);
@Override
protected void engineSetMode(String mode) throws NoSuchAlgorithmException {
if ( ! mode.equals("CBC") ) {
throw new NoSuchAlgorithmException("This only supports CBC mode");
}
}
@Override
protected void engineSetPadding(String padding)
throws NoSuchPaddingException {
if ( !mIsInit) {
NativeLib.INSTANCE.init();
}
if ( padding.length() == 0 ) {
return;
}
if ( !padding.equals("PKCS5Padding") ) {
throw new NoSuchPaddingException("Only supports PKCS5Padding.");
}
mPadding = true;
}
@Override
protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen) {
int maxSize = engineGetOutputSize(inputLen);
byte[] output = new byte[maxSize];
int updateSize = update(input, inputOffset, inputLen, output, 0);
if ( updateSize == maxSize ) {
return output;
} else {
// TODO: We could optimize update for this case to avoid this extra copy
byte[] exact = new byte[updateSize];
System.arraycopy(output, 0, exact, 0, updateSize);
return exact;
}
}
@Override
protected int engineUpdate(byte[] input, int inputOffset, int inputLen,
byte[] output, int outputOffset) throws ShortBufferException {
int result = update(input, inputOffset, inputLen, output, outputOffset);
if ( result == -1 ) {
throw new ShortBufferException("Insufficient buffer.");
}
return result;
}
private int update(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) {
int outputSize = engineGetOutputSize(inputLen);
return nUpdate(mCtxPtr, input, inputOffset, inputLen, output, outputOffset, outputSize);
}
private native int nUpdate(long ctxPtr, byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset, int outputSize);
}

25
crypto/src/main/java/com/kunzisoft/encrypt/aes/NativeAESKeyTransformer.java Normal file
View File

@@ -0,0 +1,25 @@
/*
* Copyright 2017 Brian Pellin, Jeremy Jamet / Kunzisoft.
*
* This file is part of KeePassDX.
*
* KeePassDX is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* KeePassDX is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with KeePassDX. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.kunzisoft.encrypt.aes;
public class NativeAESKeyTransformer {
public static native byte[] nTransformKey(byte[] seed, byte[] key, long rounds);
}

39
crypto/src/main/java/com/kunzisoft/encrypt/argon2/Argon2Transformer.kt Normal file
View File

@@ -0,0 +1,39 @@
package com.kunzisoft.encrypt.argon2
import com.lambdapioneer.argon2kt.Argon2Kt
import com.lambdapioneer.argon2kt.Argon2Mode
import com.lambdapioneer.argon2kt.Argon2Version
object Argon2Transformer {
fun transformKey(type: Argon2Type,
password: ByteArray,
salt: ByteArray,
parallelism: Long,
memory: Long,
iterations: Long,
version: Int): ByteArray {
val argon2Type = when(type) {
Argon2Type.ARGON2_I -> Argon2Mode.ARGON2_I
Argon2Type.ARGON2_D -> Argon2Mode.ARGON2_D
Argon2Type.ARGON2_ID -> Argon2Mode.ARGON2_ID
}
val argon2Version = when(version) {
0x10 -> Argon2Version.V10
0x13 -> Argon2Version.V13
else -> Argon2Version.V13
}
return Argon2Kt().hash(
argon2Type,
password,
salt,
iterations.toInt(),
memory.toInt(),
parallelism.toInt(),
32,
argon2Version).rawHashAsByteArray()
}
}

5
crypto/src/main/java/com/kunzisoft/encrypt/argon2/Argon2Type.kt Normal file
View File

@@ -0,0 +1,5 @@
package com.kunzisoft.encrypt.argon2
enum class Argon2Type {
ARGON2_D, ARGON2_I, ARGON2_ID
}

0
crypto/src/main/jni/.gitignore vendored Normal file
View File

3
crypto/src/main/jni/CMakeLists.txt Normal file
View File

@@ -0,0 +1,3 @@
cmake_minimum_required(VERSION 3.4.1)
add_subdirectory(final_key)

22
crypto/src/main/jni/final_key/CMakeLists.txt Normal file
View File

@@ -0,0 +1,22 @@
cmake_minimum_required(VERSION 3.4.1)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DUSE_SHA256")
include_directories(aes/)
include_directories(sha/)
add_library(
final-key SHARED
kpd_jni.c
aes/aescrypt.c
aes/aeskey.c
aes/aes_modes.c
aes/aestab.c
sha/hmac.c
sha/sha1.c
sha/sha2.c
)
find_library(log-lib log)
target_link_libraries(final-key ${log-lib})

278
crypto/src/main/jni/final_key/aes/aes.h Normal file
View File

@@ -0,0 +1,278 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 02/09/2018
This file contains the definitions required to use AES in C. See aesopt.h
for optimisation details.
*/
#ifndef _AES_H
#define _AES_H
#include <stdlib.h>
/* This include is used to find 8 & 32 bit unsigned integer types */
#include "brg_types.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#define AES_128 /* if a fast 128 bit key scheduler is needed */
#define AES_192 /* if a fast 192 bit key scheduler is needed */
#define AES_256 /* if a fast 256 bit key scheduler is needed */
#define AES_VAR /* if variable key size scheduler is needed */
#if 1
# define AES_MODES /* if support is needed for modes in the C code */
#endif /* (these will use AES_NI if it is present) */
#if 0 /* add this to make direct calls to the AES_NI */
# /* implemented CBC and CTR modes available */
# define ADD_AESNI_MODE_CALLS
#endif
/* The following must also be set in assembler files if being used */
#define AES_ENCRYPT /* if support for encryption is needed */
#define AES_DECRYPT /* if support for decryption is needed */
#define AES_BLOCK_SIZE_P2 4 /* AES block size as a power of 2 */
#define AES_BLOCK_SIZE (1 << AES_BLOCK_SIZE_P2) /* AES block size */
#define N_COLS 4 /* the number of columns in the state */
/* The key schedule length is 11, 13 or 15 16-byte blocks for 128, */
/* 192 or 256-bit keys respectively. That is 176, 208 or 240 bytes */
/* or 44, 52 or 60 32-bit words. */
#if defined( AES_VAR ) || defined( AES_256 )
#define KS_LENGTH 60
#elif defined( AES_192 )
#define KS_LENGTH 52
#else
#define KS_LENGTH 44
#endif
#define AES_RETURN INT_RETURN
/* the character array 'inf' in the following structures is used */
/* to hold AES context information. This AES code uses cx->inf.b[0] */
/* to hold the number of rounds multiplied by 16. The other three */
/* elements can be used by code that implements additional modes */
typedef union
{ uint32_t l;
uint8_t b[4];
} aes_inf;
/* Macros for detecting whether a given context was initialized for */
/* use with encryption or decryption code. These should only be used */
/* by e.g. language bindings which lose type information when the */
/* context pointer is passed to the calling language's runtime. */
#define IS_ENCRYPTION_CTX(cx) (((cx)->inf.b[2] & (uint8_t)0x01) == 1)
#define IS_DECRYPTION_CTX(cx) (((cx)->inf.b[2] & (uint8_t)0x01) == 0)
#ifdef _MSC_VER
# pragma warning( disable : 4324 )
#endif
#if defined(_MSC_VER) && defined(_WIN64)
#define ALIGNED_(x) __declspec(align(x))
#elif defined(__GNUC__) && defined(__x86_64__)
#define ALIGNED_(x) __attribute__ ((aligned(x)))
#else
#define ALIGNED_(x)
#endif
typedef struct ALIGNED_(16)
{ uint32_t ks[KS_LENGTH];
aes_inf inf;
} aes_crypt_ctx;
typedef aes_crypt_ctx aes_encrypt_ctx;
typedef aes_crypt_ctx aes_decrypt_ctx;
#ifdef _MSC_VER
# pragma warning( default : 4324 )
#endif
/* This routine must be called before first use if non-static */
/* tables are being used */
AES_RETURN aes_init(void);
/* Key lengths in the range 16 <= key_len <= 32 are given in bytes, */
/* those in the range 128 <= key_len <= 256 are given in bits */
#if defined( AES_ENCRYPT )
#if defined( AES_128 ) || defined( AES_VAR)
AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1]);
#endif
#if defined( AES_192 ) || defined( AES_VAR)
AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1]);
#endif
#if defined( AES_256 ) || defined( AES_VAR)
AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]);
#endif
#if defined( AES_VAR )
AES_RETURN aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1]);
#endif
AES_RETURN aes_encrypt(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1]);
#endif
#if defined( AES_DECRYPT )
#if defined( AES_128 ) || defined( AES_VAR)
AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1]);
#endif
#if defined( AES_192 ) || defined( AES_VAR)
AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1]);
#endif
#if defined( AES_256 ) || defined( AES_VAR)
AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]);
#endif
#if defined( AES_VAR )
AES_RETURN aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1]);
#endif
AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out, const aes_decrypt_ctx cx[1]);
#endif
#if defined( AES_MODES )
/* Multiple calls to the following subroutines for multiple block */
/* ECB, CBC, CFB, OFB and CTR mode encryption can be used to handle */
/* long messages incrementally provided that the context AND the iv */
/* are preserved between all such calls. For the ECB and CBC modes */
/* each individual call within a series of incremental calls must */
/* process only full blocks (i.e. len must be a multiple of 16) but */
/* the CFB, OFB and CTR mode calls can handle multiple incremental */
/* calls of any length. Each mode is reset when a new AES key is */
/* set but ECB needs no reset and CBC can be reset without setting */
/* a new key by setting a new IV value. To reset CFB, OFB and CTR */
/* without setting the key, aes_mode_reset() must be called and the */
/* IV must be set. NOTE: All these calls update the IV on exit so */
/* this has to be reset if a new operation with the same IV as the */
/* previous one is required (or decryption follows encryption with */
/* the same IV array). */
AES_RETURN aes_test_alignment_detection(unsigned int n);
AES_RETURN aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, const aes_encrypt_ctx cx[1]);
AES_RETURN aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, const aes_decrypt_ctx cx[1]);
AES_RETURN aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, const aes_encrypt_ctx cx[1]);
AES_RETURN aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, const aes_decrypt_ctx cx[1]);
AES_RETURN aes_mode_reset(aes_encrypt_ctx cx[1]);
AES_RETURN aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
AES_RETURN aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
#define aes_ofb_encrypt aes_ofb_crypt
#define aes_ofb_decrypt aes_ofb_crypt
AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
typedef void cbuf_inc(unsigned char *cbuf);
#define aes_ctr_encrypt aes_ctr_crypt
#define aes_ctr_decrypt aes_ctr_crypt
AES_RETURN aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx cx[1]);
#endif
#if 0 && defined( ADD_AESNI_MODE_CALLS )
# define USE_AES_CONTEXT
#endif
#ifdef ADD_AESNI_MODE_CALLS
# ifdef USE_AES_CONTEXT
AES_RETURN aes_CBC_encrypt(const unsigned char *in,
unsigned char *out,
unsigned char ivec[16],
unsigned long length,
const aes_encrypt_ctx cx[1]);
AES_RETURN aes_CBC_decrypt(const unsigned char *in,
unsigned char *out,
unsigned char ivec[16],
unsigned long length,
const aes_decrypt_ctx cx[1]);
AES_RETURN AES_CTR_encrypt(const unsigned char *in,
unsigned char *out,
const unsigned char ivec[8],
const unsigned char nonce[4],
unsigned long length,
const aes_encrypt_ctx cx[1]);
# else
void aes_CBC_encrypt(const unsigned char *in,
unsigned char *out,
unsigned char ivec[16],
unsigned long length,
unsigned char *key,
int number_of_rounds);
void aes_CBC_decrypt(const unsigned char *in,
unsigned char *out,
unsigned char ivec[16],
unsigned long length,
unsigned char *key,
int number_of_rounds);
void aes_CTR_encrypt(const unsigned char *in,
unsigned char *out,
const unsigned char ivec[8],
const unsigned char nonce[4],
unsigned long length,
const unsigned char *key,
int number_of_rounds);
# endif
#endif
#if defined(__cplusplus)
}
#endif
#endif

622
crypto/src/main/jni/final_key/aes/aes.txt Normal file
View File

@@ -0,0 +1,622 @@
An AES (Rijndael) Implementation in C/C++ (as specified in FIPS-197)
====================================================================
Change (26/09/2018)
===================
1. Changes to test programs to allow them to be built on Linux/GCC
(with thanks to Michael Mohr).
2. Rationalisation of the defines DLL_IMPORT, DYNAMIC_DLL and USE_DLL
in the test code - now DLL_IMPORT and DLL_DYNAMIC_LOAD
3. Update the test_avs test to allow the testing of static, DLL and
dynamically loaded DLL libraries.
Change (21/05/2018)
===================
1. Properly dectect presence of AESNI when using GCC (my thanks to
Peter Gutmann for this fix)
Changes (6/12/2016)
====================
1. Changed function definition of has_aes_ni() to has_aes_ni(void),
suggested by Peter Gutmann
2. Changed the default location for the vsyasm assembler to:
C:\Program Files\yasm
Changes (27/09/2015)
====================
1. Added automatic dynamic table initialisation (my thanks to
Henrik S. Ga<47>mann who proposed this addition).
Changes (09/09/2014)
====================
1. Added the ability to use Intel's hardware support for AES
with GCC on Windows and Linux
Changes (01/09/2014)
====================
1. Clarify some user choices in the file aes_amd64.asm
2. Change the detection of the x86 and x86_64 processors
in aesopt.h to allow assembler code use with GCC
Changes (14/11/2013)
====================
1. Added the ability to use Intel's hardware support for AES
on Windows using Microsoft Visual Studio.
2. Added the include 'stdint.h' and used the uint<xx>_t instead
of the old uint_<xx>t (e.g. uint_32t is now uint32_t).
3. Added a missing .text directive in aes_x86_v2.asm that caused
runtime errors in one build configuration.
Changes (16/04/2007)
====================
These changes remove errors in the VC++ build files and add some
improvements in file naming consitency and portability. There are
no changes to overcome reported bugs in the code.
1. gen_tabs() has been renamed to aes_init() to better decribe its
function to those not familiar with AES internals.
2. via_ace.h has been renamed to aes_via_ace.h.
3. Minor changes have been made to aestab.h and aestab.c to enable
all the code to be compiled in either C or C++.
4. The code for detecting memory alignment in aesmdoes.c has been
simplified and a new routine has been added:
aes_test_alignment_detection()
to check that the aligment test is likely to be correct.
5. The addition of support for Structured Exception Handling (SEH)
to YASM (well done Peter and Michael!) has allowed the AMD64
x64 assembler code to be changed to comply with SEH requriements.
6. Corrections to build files (for win32 debug build).
Overview
========
This code implements AES for both 32 and 64 bit systems with optional
assembler support for x86 and AMD64/EM64T (but optimised for AMD64).
The basic AES source code files are as follows:
aes.h the header file needed to use AES in C
aescpp.h the header file required with to use AES in C++
aesopt.h the header file for setting options (and some common code)
aestab.h the header file for the AES table declaration
aescrypt.c the main C source code file for encryption and decryption
aeskey.c the main C source code file for the key schedule
aestab.c the main file for the AES tables
brg_types.h a header defining some standard types and DLL defines
brg_endian.h a header containing code to detect or define endianness
aes_x86_v1.asm x86 assembler (YASM) alternative to aescrypt.c using
large tables
aes_x86_v2.asm x86 assembler (YASM) alternative to aescrypt.c using
compressed tables
aes_amd64.asm AMD64 assembler (YASM) alternative to aescrypt.c using
compressed tables
In addition AES modes are implemented in the files:
aes_modes.c AES modes with optional support for VIA ACE detection and use
aes_via_ace.h the header file for VIA ACE support
and Intel hardware support for AES (AES_NI) is implemented in the files
aes_ni.h defines for AES_NI implementation
aes_ni.c the AES_NI implementation
Other associated files for testing and support are:
aesaux.h header for auxilliary routines for testsing
aesaux.c auxilliary routines for testsingt
aestst.h header file for setting the testing environment
rdtsc.h a header file that provides access to the Time Stamp Counter
aestst.c a simple test program for quick tests of the AES code
aesgav.c a program to generate and verify the test vector files
aesrav.c a program to verify output against the test vector files
aestmr.c a program to time the code on x86 systems
modetest.c a program to test the AES modes support
vbxam.doc a demonstration of AES DLL use from Visual Basic in Microsoft Word
vb.txt Visual Basic code from the above example (win32 only)
aesxam.c an example of AES use
tablegen.c a program to generate a simplified 'aestab.c' file for
use with compilers that find aestab.c too complex
yasm.rules the YASM build rules file for Microsoft Visual Studio 2005
via_ace.txt describes support for the VIA ACE cryptography engine
aes.txt this file
Building The AES Libraries
--------------------------
A. Versions
-----------
The code can be used to build static and dynamic libraries, each in five
versions:
Key scheduling code in C, encrypt/decrypt in:
C C source code (win32 and x64)
ASM_X86_V1C large table x86 assembler code (win32)
ASM_X86_V2C compressed table x86 assembler code (win32)
ASM_AMD64 compressed table x64 assembler code (x64)
Key scheduling and encrypt/decrypt code in assembler:
ASM_X86_V2 compressed table x86 assembler (win32)
The C version can be compiled for Win32 or x64 whereas the x86 and x64
assembler versions are for Win32 and x64 respectively.
If Intel's hardware support for AES (AES_NI) is available, it can be used
with either the C or the ASM_AMD64 version. If ASM_AMD64 is to be used, it
is important that the define USE_INTEL_AES_IF_PRESENT in asm_amd64.asm is
set to the same value as it has in aesopt.h
B. YASM
-------
If you wish to use the x86 assembler files you will also need the YASM open
source x86 assembler (r1331 or later) for Windows which can be obtained from:
http://www.tortall.net/projects/yasm/
This assembler (vsyasm.exe) should be placed in the directory:
C:\Program Files\yasm
C. Configuration
----------------
The following configurations are available as projects for Visual Studio
but the following descriptions should allow them to be built in other x86
environments
lib_generic_c Win32 and x64
headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
(+ aes_ni.h for AES_NI)
C source: aescrypt.c, aeskey.c, aestab.c, aes_modes.c
(+ aes_ni.c for AES_NI)
defines
dll_generic_c Win32 and x64
headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
(+ aes_ni.h for AES_NI)
C source: aescrypt.c, aeskey.c, aestab.c, aes_modes.c
(+ aes_ni.c for AES_NI)
defines DLL_EXPORT
lib_asm_x86_v1c Win32
headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
C source: aeskey.c, aestab.c, aes_modes.c
x86 assembler: aes_x86_v1.asm
defines ASM_X86_V1C (set for C and assembler files)
dll_asm_x86_v1c Win32
headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
C source: aeskey.c, aestab.c, aes_modes.c
x86 assembler: aes_x86_v1.asm
defines DLL_EXPORT, ASM_X86_V1C (set for C and assembler files)
lib_asm_x86_v2c Win32
headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
C source: aeskey.c, aestab.c, aes_modes.c
x86 assembler: aes_x86_v2.asm
defines ASM_X86_V2C (set for C and assembler files)
dll_asm_x86_v2c Win32
headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
C source: aeskey.c, aestab.c, aes_modes.c
x86 assembler: aes_x86_v1.asm
defines DLL_EXPORT, ASM_X86_V2C (set for C and assembler files)
lib_asm_x86_v2 Win32
headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
C source: aes_modes.c
x86 assembler: aes_x86_v1.asm
defines ASM_X86_V2 (set for C and assembler files)
dll_asm_x86_v2 Win32
headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
C source: aes_modes.c
x86 assembler: aes_x86_v1.asm
defines DLL_EXPORT, ASM_AMD64_C (set for C and assembler files)
lib_asm_amd64_c x64
headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
(+ aes_ni.h for AES_NI)
C source: aes_modes.c (+ aes_ni.c for AES_NI)
x86 assembler: aes_amd64.asm
defines ASM_AMD64_C (set for C and assembler files)
dll_asm_amd64_c x64
headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
(+ aes_ni.h for AES_NI)
C source: aes_modes.c (+ aes_ni.c for AES_NI)
x86 assembler: aes_amd64.asm
defines DLL_EXPORT, ASM_AMD64_C (set for C and assembler files)
Notes:
ASM_X86_V1C is defined if using the version 1 assembler code (aescrypt1.asm).
The defines in the assember file must match those in aes.h and
aesopt.h). Also remember to include/exclude the right assembler
and C files in the build to avoid undefined or multiply defined
symbols - include aes_x86_v1.asm and exclude aescrypt.c
ASM_X86_V2 is defined if using the version 2 assembler code (aes_x86_v2.asm).
This version provides a full, self contained assembler version
and does not use any C source code files except for the mutiple
block encryption modes that are provided by aes_modes.c. The define
ASM_X86_V2 must be set on the YASM command line (or in aes_x86_v2.asm)
to use this version and all C files except aec_modes.c and, for the
DLL build, aestab.c must be excluded from the build.
ASM_X86_V2C is defined when using the version 2 assembler code (aes_x86_v2.asm)
with faster key scheduling provided by the in C code (the options in
the assember file must match those in aes.h and aesopt.h). In this
case aeskey.c and aestab.c are needed with aes_x86_v2.asm and the
define ASM_X86_V2C must be set for both the C files and for
aes_x86_v2.asm in the build commands(or in aesopt.h and aes_x86_v2.asm).
Include aes_x86_v2.asm, aeskey.c and aestab.c, exclude aescrypt.c for
this option.
ASM_AMD64_C is defined when using the AMD64 assembly code because the C key
scheduling is used in this case.
DLL_EXPORT must be defined to generate the DLL version of the code and
to run tests on it
DLL_IMPORT must be defined to use the DLL version of the code in an
application program
Directories the paths for the various directories for test vector input and
output have to be set in aestst.h
VIA ACE see the via_ace.txt for this item
Static The static libraries are named:
Libraries
aes_lib_generic_c.lib
aes_lib_asm_x86_v1c.lib
aes_lib_asm_x86_v2.lib
aes_lib_asm_x86_v2c.lib
aes_lib_asm_amd64_c.lib
and placed in one of the the directories:
lib\win32\release\
lib\win32\debug\
lib\x64\release\
lib\x64\debug\
in the aes root directory depending on the platform(win32 or
x64) and the build (release or debug). After any of these is
built it is then copied into the aes\lib directory, which is
the library location that is subsequently used for testing.
Hence testing is always for the last static library built.
Dynamic These libraries are named:
Libraries
aes_lib_generic_c.dll
aes_lib_asm_x86_v1c.dll
aes_lib_asm_x86_v2.dll
aes_lib_asm_x86_v2c.dll
aes_lib_asm_amd64_c.dll
and placed in one of the the directories:
dll\win32\release\
dll\win32\debug\
dll\x64\release\
dll\x64\debug\
in the aes root directory depending on the platform(win32 or
x64) and the build (release or debug). Each DLL library:
aes_<ext>.dll
has three associated files:
aes_dll_<ext>.lib the library file for implicit linking
aes_dll_<ext>.exp the exports file
aes_dll_<ext>.pdb the symbol file
After any DLL is built it and its three related files are then
copied to the aes\dll directory, which is the library location
used in subsequent testing. Hence testing is always for the
last DLL built.
D. Testing
----------
These tests require that the test vector files are placed in the 'testvals'
subdirectory. If the AES Algorithm Validation Suite tests are used then
the *.fax files need to be put in the 'testvals\fax' subdirectory. This is
covered in more detail below.
The projects test_lib and time_lib are used to test and time the last static
library built. They use the files:
test_lib: Win32 (x64 for the C and AMD64 versions)
headers: aes.h, aescpp.h, brg_types.h, aesaux.h and aestst.h
C source: aesaux.c, aesrav.c
defines:
time_lib: Win32 (x64 for the C and AMD64 versions)
headers: aes.h, aescpp.h, brg_types.h, aesaux.h, aestst.h and rdtsc.h
C source: aesaux.c, aestmr.c
defines:
The projects test_dll and time_dll are used to test and time the last DLL
built. These use the files:
test_dll: Win32 (x64 for the C and AMD64 versions)
headers: aes.h, aescpp.h, brg_types.h, aesaux.h and aestst.h
C source: aesaux.c, aesrav.c
defines: DLL_IMPORT
time_dll: Win32 (x64 for the C and AMD64 versions)
headers: aes.h, aescpp.h, brg_types.h, aesaux.h aestst.h and rdtsc.h
C source: aesaux.c, aestmr.c
defines: DLL_IMPORT
and default to linkingto with the AES DLL using dynamic (run-time) linking. Implicit
linking can be used by adding the lib file associated with the AES DLL (in the aes\dll
sub-directory) to the build (under project Properties|Linker in Visual Studio) and
removing the DLL_DYNAMIC_LOAD define (under project Properties|C/C++|Preprocessor).
0 Link is linked into this project and the symbol
DLL_DYNAMIC_LOAD is left undefined, then implicit linking will be used
The above tests take command line arguments that determine which test are run
as follows:
test_lib /t:[knec] /k:[468]
test_dll /t:[knec] /k:[468]
where the symbols in square brackets can be used in any combination (without
the brackets) and have the following meanings:
/t:[knec] selects which tests are used
/k:[468] selects the key lengths used
/c compares output with reference (see later)
k: generate ECB Known Answer Test files
n: generate ECB Known Answer Test files (new)
e: generate ECB Monte Carlo Test files
c: generate CBC Monte Carlo Test files
and the characters giving the lengths are digits representing the key lengths
in 32-bit units (4, 6, 8 for lengths of 128, 192 or 256 bits respectively).
The project test_modes tests the AES modes. It uses the files:
test_modes: Win32 or x64
headers: aes.h, aescpp.h, brg_types.h, aesaux,h and aestst.h
C source: aesaux.c, modetest.c
defines: none for static library test, DLL_IMPORT for DLL test
which again links to the last library built.
E. Other Applications
---------------------
These are:
gen_tests builds the test_vector files. The commad line is
gen_tests /t:knec /k:468 /c
as described earlier
test_aes_avs run the AES Algorithm Validation Suite tests for
ECB, CBC, CFB and OFB modes
gen_tables builds a simple version of aes_tab.c (in aestab2.c)
for compilers that cannot handle the normal version
aes_example provides an example of AES use
These applications are linked to the last static library built or, if
DLL_IMPORT is defined during compilation, to the last DLL built.
F. Use of the VIA ACE Cryptography Engine (x86 only)
----------------------------------------------------
The use of the code with the VIA ACE cryptography engine in described in the
file via_ace.txt. In outline aes_modes.c is used and USE_VIA_ACE_IF_PRESENT
is defined either in section 2 of aesopt.h or as a compilation option in Visual
Studio. If in addition ASSUME_VIA_ACE_PRESENT is also defined then all normal
AES code will be removed if not needed to support VIA ACE use. If VIA ACE
support is needed and AES assembler is being used only the ASM_X86_V1C and
ASM_X86_V2C versions should be used since ASM_X86_V2 and ASM_AMD64 do not
support the VIA ACE engine.
G. The AES Test Vector Files
----------------------------
These files fall in the following groups (where <nn> is a two digit
number):
1. ecbvk<nn>.txt ECB vectors with variable key
2. ecbvt<nn>.txt ECB vectors with variable text
3. ecbnk<nn>.txt new ECB vectors with variable key
4. ecbnt<nn>.txt new ECB vectors with variable text
5. ecbme<nn>.txt ECB monte carlo encryption test vectors
6. ecbmd<nn>.txt ECB monte carlo decryption test vectors
7. cbcme<nn>.txt CBC monte carlo encryption test vectors
8. cbcmd<nn>.txt CBC monte carlo decryption test vectors
The first digit of the numeric suffix on the filename gives the block size
in 32 bit units and the second numeric digit gives the key size. For example,
the file ecbvk44.txt provides the test vectors for ECB encryption with a 128
bit block size and a 128 bit key size. The test routines expect to find these
files in the 'testvals' subdirectory within the aes root directory. The
'outvals' subdirectory is used for outputs that are compared with the files
in 'testvals'. Note that the monte carlo test vectors are the result of
applying AES iteratively 10000 times, not just once.
The AES Algorithm Validation Suite tests can be run for ECB, CBC, CFB and
OFB modes (CFB1 and CFB8 are not implemented). The test routine uses the
*.fax test files, which should be placed in the 'testvals\fax' subdirectory.
H. The Basic AES Calling Interface
----------------------------------
The basic AES code keeps its state in a context, there being different
contexts for encryption and decryption:
aes_encrypt_ctx
aes_decrypt_ctx
The AES code is initialised with the call
aes_init(void)
although this is only essential if the option to generate the AES tables at
run-time has been set in the options (i.e.fixed tables are not being used).
The AES encryption key is set by one of the calls:
aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1])
aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1])
aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1])
or by:
aes_encrypt_key(const unsigned char *key, int key_len,
aes_encrypt_ctx cx[1])
where the key length is set by 'key_len', which can be the length in bits
or bytes.
Similarly, the AES decryption key is set by one of:
aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1])
aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1])
aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1])
or by:
aes_decrypt_key(const unsigned char *key, int key_len,
aes_decrypt_ctx cx[1])
Encryption and decryption for a single 16 byte block is then achieved using:
aes_encrypt(const unsigned char *in, unsigned char *out,
const aes_encrypt_ctx cx[1])
aes_decrypt(const unsigned char *in, unsigned char *out,
const aes_decrypt_ctx cx[1])
The above subroutines return a value of EXIT_SUCCESS or EXIT_FAILURE
depending on whether the operation succeeded or failed.
I. The Calling Interface for the AES Modes
------------------------------------------
The subroutines for the AES modes, ECB, CBC, CFB, OFB and CTR, each process
blocks of variable length and can also be called several times to complete
single mode operations incrementally on long messages (or those messages,
not all of which are available at the same time). The calls:
aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, const aes_encrypt_ctx cx[1])
aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, const aes_decrypt_ctx cx[1])
for ECB operations and those for CBC:
aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, const aes_encrypt_ctx cx[1])
aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, const aes_decrypt_ctx cx[1])
can only process blocks whose lengths are multiples of 16 bytes but the calls
for CFB, OFB and CTR mode operations:
aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx cx[1])
aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx cx[1])
aes_ofb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx cx[1])
aes_ofb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx cx[1])
aes_ctr_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx cx[1])
aes_ctr_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx cx[1])
can process blocks of any length. Note also that CFB, OFB and CTR mode calls only
use AES encryption contexts even during decryption operations.
The calls CTR mode operations use a buffer (cbuf) which holds the counter value
together with a function parameter:
void cbuf_inc(unsigned char *cbuf);
that is ued to update the counter value after each 16 byte AES operation. The
counter buffer is updated appropriately to allow for incremental operations.
Please note the following IMPORTANT points about the AES mode subroutines:
1. All modes are reset when a new AES key is set.
2. Incremental calls to the different modes cannot
be mixed. If a change of mode is needed a new
key must be set or a reset must be issued (see
below).
3. For modes with IVs, the IV value is an input AND
an output since it is updated after each call to
the value needed for any subsequent incremental
call(s). If the mode is reset, the IV hence has
to be set (or reset) as well.
4. ECB operations must be multiples of 16 bytes
but do not need to be reset for new operations.
5. CBC operations must also be multiples of 16
bytes and are reset for a new operation by
setting the IV.
6. CFB, OFB and CTR mode must be reset by setting
a new IV value AND by calling:
aes_mode_reset(aes_encrypt_ctx cx[1])
For CTR mode the cbuf value also has to be reset.
7. CFB, OFB and CTR modes only use AES encryption
operations and contexts and do not need AES
decryption operations.
8. AES keys remain valid across resets and changes
of mode (but encryption and decryption keys must
both be set if they are needed).
Brian Gladman 26/09/2018

922
crypto/src/main/jni/final_key/aes/aes_amd64.asm Normal file
View File

@@ -0,0 +1,922 @@
; ---------------------------------------------------------------------------
; Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
;
; The redistribution and use of this software (with or without changes)
; is allowed without the payment of fees or royalties provided that:
;
; source code distributions include the above copyright notice, this
; list of conditions and the following disclaimer;
;
; binary distributions include the above copyright notice, this list
; of conditions and the following disclaimer in their documentation.
;
; This software is provided 'as is' with no explicit or implied warranties
; in respect of its operation, including, but not limited to, correctness
; and fitness for purpose.
; ---------------------------------------------------------------------------
; Issue Date: 27/10/2018
;
; I am grateful to Dag Arne Osvik for many discussions of the techniques that
; can be used to optimise AES assembler code on AMD64/EM64T architectures.
; Some of the techniques used in this implementation are the result of
; suggestions made by him for which I am most grateful.
; An AES implementation for AMD64 processors using the YASM assembler. This
; implemetation provides only encryption, decryption and hence requires key
; scheduling support in C. It uses 8k bytes of tables but its encryption and
; decryption performance is very close to that obtained using large tables.
; It can use either Windows or Gnu/Linux calling conventions, which are as
; follows:
; windows gnu/linux
;
; in_blk rcx rdi
; out_blk rdx rsi
; context (cx) r8 rdx
;
; preserved rsi - + rbx, rbp, rsp, r12, r13, r14 & r15
; registers rdi - on both
;
; destroyed - rsi + rax, rcx, rdx, r8, r9, r10 & r11
; registers - rdi on both
;
; The default convention is that for windows, the gnu/linux convention being
; used if __GNUC__ is defined.
;
; Define _SEH_ to include support for Win64 structured exception handling
; (this requires YASM version 0.6 or later).
;
; In order to use this code in Windows kernel mode, set the NO_PAGING define
; to disable structured exception handling and paging.
;
; This code provides the standard AES block size (128 bits, 16 bytes) and the
; three standard AES key sizes (128, 192 and 256 bits). It has the same call
; interface as my C implementation. It uses the Microsoft C AMD64 calling
; conventions in which the three parameters are placed in rcx, rdx and r8
; respectively. The rbx, rsi, rdi, rbp and r12..r15 registers are preserved.
;
; AES_RETURN aes_encrypt(const unsigned char in_blk[],
; unsigned char out_blk[], const aes_encrypt_ctx cx[1]);
;
; AES_RETURN aes_decrypt(const unsigned char in_blk[],
; unsigned char out_blk[], const aes_decrypt_ctx cx[1]);
;
; AES_RETURN aes_encrypt_key<NNN>(const unsigned char key[],
; const aes_encrypt_ctx cx[1]);
;
; AES_RETURN aes_decrypt_key<NNN>(const unsigned char key[],
; const aes_decrypt_ctx cx[1]);
;
; AES_RETURN aes_encrypt_key(const unsigned char key[],
; unsigned int len, const aes_decrypt_ctx cx[1]);
;
; AES_RETURN aes_decrypt_key(const unsigned char key[],
; unsigned int len, const aes_decrypt_ctx cx[1]);
;
; where <NNN> is 128, 192 or 256. In the last two calls the length can be in
; either bits or bytes.
;----------------------------------------------------------------------------
; Use of this assembler code in Windows kernel mode requires structured
; exception handling and memory paging to be disabled
%ifdef NO_PAGING
%undef _SEH_
%define set_page nopage
%else
%define set_page
%endif
; Comment in/out the following lines to obtain the desired subroutines. These
; selections MUST match those in the C header files aes.h and aesopt.h
%ifdef INTEL_AES_POSSIBLE
%define USE_INTEL_AES_IF_PRESENT
%endif
%define AES_128 ; define if AES with 128 bit keys is needed
%define AES_192 ; define if AES with 192 bit keys is needed
%define AES_256 ; define if AES with 256 bit keys is needed
%define AES_VAR ; define if a variable key size is needed
%define ENCRYPTION ; define if encryption is needed
%define DECRYPTION ; define if decryption is needed
;----------------------------------------------------------------------------
%ifdef USE_INTEL_AES_IF_PRESENT
%define aes_ni(x) aes_ %+ x %+ _i
%undef AES_REV_DKS
%else
%define aes_ni(x) aes_ %+ x
%define AES_REV_DKS
%endif
%define LAST_ROUND_TABLES ; define for the faster version using extra tables
; The encryption key schedule has the following in memory layout where N is the
; number of rounds (10, 12 or 14):
;
; lo: | input key (round 0) | ; each round is four 32-bit words
; | encryption round 1 |
; | encryption round 2 |
; ....
; | encryption round N-1 |
; hi: | encryption round N |
;
; The decryption key schedule is normally set up so that it has the same
; layout as above by actually reversing the order of the encryption key
; schedule in memory (this happens when AES_REV_DKS is set):
;
; lo: | decryption round 0 | = | encryption round N |
; | decryption round 1 | = INV_MIX_COL[ | encryption round N-1 | ]
; | decryption round 2 | = INV_MIX_COL[ | encryption round N-2 | ]
; .... ....
; | decryption round N-1 | = INV_MIX_COL[ | encryption round 1 | ]
; hi: | decryption round N | = | input key (round 0) |
;
; with rounds except the first and last modified using inv_mix_column()
; But if AES_REV_DKS is NOT set the order of keys is left as it is for
; encryption so that it has to be accessed in reverse when used for
; decryption (although the inverse mix column modifications are done)
;
; lo: | decryption round 0 | = | input key (round 0) |
; | decryption round 1 | = INV_MIX_COL[ | encryption round 1 | ]
; | decryption round 2 | = INV_MIX_COL[ | encryption round 2 | ]
; .... ....
; | decryption round N-1 | = INV_MIX_COL[ | encryption round N-1 | ]
; hi: | decryption round N | = | encryption round N |
;
; This layout is faster when the assembler key scheduling is used (not
; used here).
;
; The DLL interface must use the _stdcall convention in which the number
; of bytes of parameter space is added after an @ to the rouutine's name.
; We must also remove our parameters from the stack before return (see
; the do_exit macro). Define DLL_EXPORT for the Dynamic Link Library version.
; %define DLL_EXPORT
; End of user defines
%ifdef AES_VAR
%ifndef AES_128
%define AES_128
%endif
%ifndef AES_192
%define AES_192
%endif
%ifndef AES_256
%define AES_256
%endif
%endif
%ifdef AES_VAR
%define KS_LENGTH 60
%elifdef AES_256
%define KS_LENGTH 60
%elifdef AES_192
%define KS_LENGTH 52
%else
%define KS_LENGTH 44
%endif
%define r0 rax
%define r1 rdx
%define r2 rcx
%define r3 rbx
%define r4 rsi
%define r5 rdi
%define r6 rbp
%define r7 rsp
%define raxd eax
%define rdxd edx
%define rcxd ecx
%define rbxd ebx
%define rsid esi
%define rdid edi
%define rbpd ebp
%define rspd esp
%define raxb al
%define rdxb dl
%define rcxb cl
%define rbxb bl
%define rsib sil
%define rdib dil
%define rbpb bpl
%define rspb spl
%define r0h ah
%define r1h dh
%define r2h ch
%define r3h bh
%define r0d eax
%define r1d edx
%define r2d ecx
%define r3d ebx
; finite field multiplies by {02}, {04} and {08}
%define f2(x) ((x<<1)^(((x>>7)&1)*0x11b))
%define f4(x) ((x<<2)^(((x>>6)&1)*0x11b)^(((x>>6)&2)*0x11b))
%define f8(x) ((x<<3)^(((x>>5)&1)*0x11b)^(((x>>5)&2)*0x11b)^(((x>>5)&4)*0x11b))
; finite field multiplies required in table generation
%define f3(x) (f2(x) ^ x)
%define f9(x) (f8(x) ^ x)
%define fb(x) (f8(x) ^ f2(x) ^ x)
%define fd(x) (f8(x) ^ f4(x) ^ x)
%define fe(x) (f8(x) ^ f4(x) ^ f2(x))
; macro for expanding S-box data
%macro enc_vals 1
db %1(0x63),%1(0x7c),%1(0x77),%1(0x7b),%1(0xf2),%1(0x6b),%1(0x6f),%1(0xc5)
db %1(0x30),%1(0x01),%1(0x67),%1(0x2b),%1(0xfe),%1(0xd7),%1(0xab),%1(0x76)
db %1(0xca),%1(0x82),%1(0xc9),%1(0x7d),%1(0xfa),%1(0x59),%1(0x47),%1(0xf0)
db %1(0xad),%1(0xd4),%1(0xa2),%1(0xaf),%1(0x9c),%1(0xa4),%1(0x72),%1(0xc0)
db %1(0xb7),%1(0xfd),%1(0x93),%1(0x26),%1(0x36),%1(0x3f),%1(0xf7),%1(0xcc)
db %1(0x34),%1(0xa5),%1(0xe5),%1(0xf1),%1(0x71),%1(0xd8),%1(0x31),%1(0x15)
db %1(0x04),%1(0xc7),%1(0x23),%1(0xc3),%1(0x18),%1(0x96),%1(0x05),%1(0x9a)
db %1(0x07),%1(0x12),%1(0x80),%1(0xe2),%1(0xeb),%1(0x27),%1(0xb2),%1(0x75)
db %1(0x09),%1(0x83),%1(0x2c),%1(0x1a),%1(0x1b),%1(0x6e),%1(0x5a),%1(0xa0)
db %1(0x52),%1(0x3b),%1(0xd6),%1(0xb3),%1(0x29),%1(0xe3),%1(0x2f),%1(0x84)
db %1(0x53),%1(0xd1),%1(0x00),%1(0xed),%1(0x20),%1(0xfc),%1(0xb1),%1(0x5b)
db %1(0x6a),%1(0xcb),%1(0xbe),%1(0x39),%1(0x4a),%1(0x4c),%1(0x58),%1(0xcf)
db %1(0xd0),%1(0xef),%1(0xaa),%1(0xfb),%1(0x43),%1(0x4d),%1(0x33),%1(0x85)
db %1(0x45),%1(0xf9),%1(0x02),%1(0x7f),%1(0x50),%1(0x3c),%1(0x9f),%1(0xa8)
db %1(0x51),%1(0xa3),%1(0x40),%1(0x8f),%1(0x92),%1(0x9d),%1(0x38),%1(0xf5)
db %1(0xbc),%1(0xb6),%1(0xda),%1(0x21),%1(0x10),%1(0xff),%1(0xf3),%1(0xd2)
db %1(0xcd),%1(0x0c),%1(0x13),%1(0xec),%1(0x5f),%1(0x97),%1(0x44),%1(0x17)
db %1(0xc4),%1(0xa7),%1(0x7e),%1(0x3d),%1(0x64),%1(0x5d),%1(0x19),%1(0x73)
db %1(0x60),%1(0x81),%1(0x4f),%1(0xdc),%1(0x22),%1(0x2a),%1(0x90),%1(0x88)
db %1(0x46),%1(0xee),%1(0xb8),%1(0x14),%1(0xde),%1(0x5e),%1(0x0b),%1(0xdb)
db %1(0xe0),%1(0x32),%1(0x3a),%1(0x0a),%1(0x49),%1(0x06),%1(0x24),%1(0x5c)
db %1(0xc2),%1(0xd3),%1(0xac),%1(0x62),%1(0x91),%1(0x95),%1(0xe4),%1(0x79)
db %1(0xe7),%1(0xc8),%1(0x37),%1(0x6d),%1(0x8d),%1(0xd5),%1(0x4e),%1(0xa9)
db %1(0x6c),%1(0x56),%1(0xf4),%1(0xea),%1(0x65),%1(0x7a),%1(0xae),%1(0x08)
db %1(0xba),%1(0x78),%1(0x25),%1(0x2e),%1(0x1c),%1(0xa6),%1(0xb4),%1(0xc6)
db %1(0xe8),%1(0xdd),%1(0x74),%1(0x1f),%1(0x4b),%1(0xbd),%1(0x8b),%1(0x8a)
db %1(0x70),%1(0x3e),%1(0xb5),%1(0x66),%1(0x48),%1(0x03),%1(0xf6),%1(0x0e)
db %1(0x61),%1(0x35),%1(0x57),%1(0xb9),%1(0x86),%1(0xc1),%1(0x1d),%1(0x9e)
db %1(0xe1),%1(0xf8),%1(0x98),%1(0x11),%1(0x69),%1(0xd9),%1(0x8e),%1(0x94)
db %1(0x9b),%1(0x1e),%1(0x87),%1(0xe9),%1(0xce),%1(0x55),%1(0x28),%1(0xdf)
db %1(0x8c),%1(0xa1),%1(0x89),%1(0x0d),%1(0xbf),%1(0xe6),%1(0x42),%1(0x68)
db %1(0x41),%1(0x99),%1(0x2d),%1(0x0f),%1(0xb0),%1(0x54),%1(0xbb),%1(0x16)
%endmacro
%macro dec_vals 1
db %1(0x52),%1(0x09),%1(0x6a),%1(0xd5),%1(0x30),%1(0x36),%1(0xa5),%1(0x38)
db %1(0xbf),%1(0x40),%1(0xa3),%1(0x9e),%1(0x81),%1(0xf3),%1(0xd7),%1(0xfb)
db %1(0x7c),%1(0xe3),%1(0x39),%1(0x82),%1(0x9b),%1(0x2f),%1(0xff),%1(0x87)
db %1(0x34),%1(0x8e),%1(0x43),%1(0x44),%1(0xc4),%1(0xde),%1(0xe9),%1(0xcb)
db %1(0x54),%1(0x7b),%1(0x94),%1(0x32),%1(0xa6),%1(0xc2),%1(0x23),%1(0x3d)
db %1(0xee),%1(0x4c),%1(0x95),%1(0x0b),%1(0x42),%1(0xfa),%1(0xc3),%1(0x4e)
db %1(0x08),%1(0x2e),%1(0xa1),%1(0x66),%1(0x28),%1(0xd9),%1(0x24),%1(0xb2)
db %1(0x76),%1(0x5b),%1(0xa2),%1(0x49),%1(0x6d),%1(0x8b),%1(0xd1),%1(0x25)
db %1(0x72),%1(0xf8),%1(0xf6),%1(0x64),%1(0x86),%1(0x68),%1(0x98),%1(0x16)
db %1(0xd4),%1(0xa4),%1(0x5c),%1(0xcc),%1(0x5d),%1(0x65),%1(0xb6),%1(0x92)
db %1(0x6c),%1(0x70),%1(0x48),%1(0x50),%1(0xfd),%1(0xed),%1(0xb9),%1(0xda)
db %1(0x5e),%1(0x15),%1(0x46),%1(0x57),%1(0xa7),%1(0x8d),%1(0x9d),%1(0x84)
db %1(0x90),%1(0xd8),%1(0xab),%1(0x00),%1(0x8c),%1(0xbc),%1(0xd3),%1(0x0a)
db %1(0xf7),%1(0xe4),%1(0x58),%1(0x05),%1(0xb8),%1(0xb3),%1(0x45),%1(0x06)
db %1(0xd0),%1(0x2c),%1(0x1e),%1(0x8f),%1(0xca),%1(0x3f),%1(0x0f),%1(0x02)
db %1(0xc1),%1(0xaf),%1(0xbd),%1(0x03),%1(0x01),%1(0x13),%1(0x8a),%1(0x6b)
db %1(0x3a),%1(0x91),%1(0x11),%1(0x41),%1(0x4f),%1(0x67),%1(0xdc),%1(0xea)
db %1(0x97),%1(0xf2),%1(0xcf),%1(0xce),%1(0xf0),%1(0xb4),%1(0xe6),%1(0x73)
db %1(0x96),%1(0xac),%1(0x74),%1(0x22),%1(0xe7),%1(0xad),%1(0x35),%1(0x85)
db %1(0xe2),%1(0xf9),%1(0x37),%1(0xe8),%1(0x1c),%1(0x75),%1(0xdf),%1(0x6e)
db %1(0x47),%1(0xf1),%1(0x1a),%1(0x71),%1(0x1d),%1(0x29),%1(0xc5),%1(0x89)
db %1(0x6f),%1(0xb7),%1(0x62),%1(0x0e),%1(0xaa),%1(0x18),%1(0xbe),%1(0x1b)
db %1(0xfc),%1(0x56),%1(0x3e),%1(0x4b),%1(0xc6),%1(0xd2),%1(0x79),%1(0x20)
db %1(0x9a),%1(0xdb),%1(0xc0),%1(0xfe),%1(0x78),%1(0xcd),%1(0x5a),%1(0xf4)
db %1(0x1f),%1(0xdd),%1(0xa8),%1(0x33),%1(0x88),%1(0x07),%1(0xc7),%1(0x31)
db %1(0xb1),%1(0x12),%1(0x10),%1(0x59),%1(0x27),%1(0x80),%1(0xec),%1(0x5f)
db %1(0x60),%1(0x51),%1(0x7f),%1(0xa9),%1(0x19),%1(0xb5),%1(0x4a),%1(0x0d)
db %1(0x2d),%1(0xe5),%1(0x7a),%1(0x9f),%1(0x93),%1(0xc9),%1(0x9c),%1(0xef)
db %1(0xa0),%1(0xe0),%1(0x3b),%1(0x4d),%1(0xae),%1(0x2a),%1(0xf5),%1(0xb0)
db %1(0xc8),%1(0xeb),%1(0xbb),%1(0x3c),%1(0x83),%1(0x53),%1(0x99),%1(0x61)
db %1(0x17),%1(0x2b),%1(0x04),%1(0x7e),%1(0xba),%1(0x77),%1(0xd6),%1(0x26)
db %1(0xe1),%1(0x69),%1(0x14),%1(0x63),%1(0x55),%1(0x21),%1(0x0c),%1(0x7d)
%endmacro
%define u8(x) f2(x), x, x, f3(x), f2(x), x, x, f3(x)
%define v8(x) fe(x), f9(x), fd(x), fb(x), fe(x), f9(x), fd(x), x
%define w8(x) x, 0, 0, 0, x, 0, 0, 0
%define tptr rbp ; table pointer
%define kptr r8 ; key schedule pointer
%define fofs 128 ; adjust offset in key schedule to keep |disp| < 128
%define fk_ref(x,y) [kptr-16*x+fofs+4*y]
%ifdef AES_REV_DKS
%define rofs 128
%define ik_ref(x,y) [kptr-16*x+rofs+4*y]
%else
%define rofs -128
%define ik_ref(x,y) [kptr+16*x+rofs+4*y]
%endif
%define tab_0(x) [tptr+8*x]
%define tab_1(x) [tptr+8*x+3]
%define tab_2(x) [tptr+8*x+2]
%define tab_3(x) [tptr+8*x+1]
%define tab_f(x) byte [tptr+8*x+1]
%define tab_i(x) byte [tptr+8*x+7]
%define t_ref(x,r) tab_ %+ x(r)
%macro ff_rnd 5 ; normal forward round
mov %1d, fk_ref(%5,0)
mov %2d, fk_ref(%5,1)
mov %3d, fk_ref(%5,2)
mov %4d, fk_ref(%5,3)
movzx esi, al
movzx edi, ah
shr eax, 16
xor %1d, t_ref(0,rsi)
xor %4d, t_ref(1,rdi)
movzx esi, al
movzx edi, ah
xor %3d, t_ref(2,rsi)
xor %2d, t_ref(3,rdi)
movzx esi, bl
movzx edi, bh
shr ebx, 16
xor %2d, t_ref(0,rsi)
xor %1d, t_ref(1,rdi)
movzx esi, bl
movzx edi, bh
xor %4d, t_ref(2,rsi)
xor %3d, t_ref(3,rdi)
movzx esi, cl
movzx edi, ch
shr ecx, 16
xor %3d, t_ref(0,rsi)
xor %2d, t_ref(1,rdi)
movzx esi, cl
movzx edi, ch
xor %1d, t_ref(2,rsi)
xor %4d, t_ref(3,rdi)
movzx esi, dl
movzx edi, dh
shr edx, 16
xor %4d, t_ref(0,rsi)
xor %3d, t_ref(1,rdi)
movzx esi, dl
movzx edi, dh
xor %2d, t_ref(2,rsi)
xor %1d, t_ref(3,rdi)
mov eax,%1d
mov ebx,%2d
mov ecx,%3d
mov edx,%4d
%endmacro
%ifdef LAST_ROUND_TABLES
%macro fl_rnd 5 ; last forward round
add tptr, 2048
mov %1d, fk_ref(%5,0)
mov %2d, fk_ref(%5,1)
mov %3d, fk_ref(%5,2)
mov %4d, fk_ref(%5,3)
movzx esi, al
movzx edi, ah
shr eax, 16
xor %1d, t_ref(0,rsi)
xor %4d, t_ref(1,rdi)
movzx esi, al
movzx edi, ah
xor %3d, t_ref(2,rsi)
xor %2d, t_ref(3,rdi)
movzx esi, bl
movzx edi, bh
shr ebx, 16
xor %2d, t_ref(0,rsi)
xor %1d, t_ref(1,rdi)
movzx esi, bl
movzx edi, bh
xor %4d, t_ref(2,rsi)
xor %3d, t_ref(3,rdi)
movzx esi, cl
movzx edi, ch
shr ecx, 16
xor %3d, t_ref(0,rsi)
xor %2d, t_ref(1,rdi)
movzx esi, cl
movzx edi, ch
xor %1d, t_ref(2,rsi)
xor %4d, t_ref(3,rdi)
movzx esi, dl
movzx edi, dh
shr edx, 16
xor %4d, t_ref(0,rsi)
xor %3d, t_ref(1,rdi)
movzx esi, dl
movzx edi, dh
xor %2d, t_ref(2,rsi)
xor %1d, t_ref(3,rdi)
%endmacro
%else
%macro fl_rnd 5 ; last forward round
mov %1d, fk_ref(%5,0)
mov %2d, fk_ref(%5,1)
mov %3d, fk_ref(%5,2)
mov %4d, fk_ref(%5,3)
movzx esi, al
movzx edi, ah
shr eax, 16
movzx esi, t_ref(f,rsi)
movzx edi, t_ref(f,rdi)
xor %1d, esi
rol edi, 8
xor %4d, edi
movzx esi, al
movzx edi, ah
movzx esi, t_ref(f,rsi)
movzx edi, t_ref(f,rdi)
rol esi, 16
rol edi, 24
xor %3d, esi
xor %2d, edi
movzx esi, bl
movzx edi, bh
shr ebx, 16
movzx esi, t_ref(f,rsi)
movzx edi, t_ref(f,rdi)
xor %2d, esi
rol edi, 8
xor %1d, edi
movzx esi, bl
movzx edi, bh
movzx esi, t_ref(f,rsi)
movzx edi, t_ref(f,rdi)
rol esi, 16
rol edi, 24
xor %4d, esi
xor %3d, edi
movzx esi, cl
movzx edi, ch
movzx esi, t_ref(f,rsi)
movzx edi, t_ref(f,rdi)
shr ecx, 16
xor %3d, esi
rol edi, 8
xor %2d, edi
movzx esi, cl
movzx edi, ch
movzx esi, t_ref(f,rsi)
movzx edi, t_ref(f,rdi)
rol esi, 16
rol edi, 24
xor %1d, esi
xor %4d, edi
movzx esi, dl
movzx edi, dh
movzx esi, t_ref(f,rsi)
movzx edi, t_ref(f,rdi)
shr edx, 16
xor %4d, esi
rol edi, 8
xor %3d, edi
movzx esi, dl
movzx edi, dh
movzx esi, t_ref(f,rsi)
movzx edi, t_ref(f,rdi)
rol esi, 16
rol edi, 24
xor %2d, esi
xor %1d, edi
%endmacro
%endif
%macro ii_rnd 5 ; normal inverse round
mov %1d, ik_ref(%5,0)
mov %2d, ik_ref(%5,1)
mov %3d, ik_ref(%5,2)
mov %4d, ik_ref(%5,3)
movzx esi, al
movzx edi, ah
shr eax, 16
xor %1d, t_ref(0,rsi)
xor %2d, t_ref(1,rdi)
movzx esi, al
movzx edi, ah
xor %3d, t_ref(2,rsi)
xor %4d, t_ref(3,rdi)
movzx esi, bl
movzx edi, bh
shr ebx, 16
xor %2d, t_ref(0,rsi)
xor %3d, t_ref(1,rdi)
movzx esi, bl
movzx edi, bh
xor %4d, t_ref(2,rsi)
xor %1d, t_ref(3,rdi)
movzx esi, cl
movzx edi, ch
shr ecx, 16
xor %3d, t_ref(0,rsi)
xor %4d, t_ref(1,rdi)
movzx esi, cl
movzx edi, ch
xor %1d, t_ref(2,rsi)
xor %2d, t_ref(3,rdi)
movzx esi, dl
movzx edi, dh
shr edx, 16
xor %4d, t_ref(0,rsi)
xor %1d, t_ref(1,rdi)
movzx esi, dl
movzx edi, dh
xor %2d, t_ref(2,rsi)
xor %3d, t_ref(3,rdi)
mov eax,%1d
mov ebx,%2d
mov ecx,%3d
mov edx,%4d
%endmacro
%ifdef LAST_ROUND_TABLES
%macro il_rnd 5 ; last inverse round
add tptr, 2048
mov %1d, ik_ref(%5,0)
mov %2d, ik_ref(%5,1)
mov %3d, ik_ref(%5,2)
mov %4d, ik_ref(%5,3)
movzx esi, al
movzx edi, ah
shr eax, 16
xor %1d, t_ref(0,rsi)
xor %2d, t_ref(1,rdi)
movzx esi, al
movzx edi, ah
xor %3d, t_ref(2,rsi)
xor %4d, t_ref(3,rdi)
movzx esi, bl
movzx edi, bh
shr ebx, 16
xor %2d, t_ref(0,rsi)
xor %3d, t_ref(1,rdi)
movzx esi, bl
movzx edi, bh
xor %4d, t_ref(2,rsi)
xor %1d, t_ref(3,rdi)
movzx esi, cl
movzx edi, ch
shr ecx, 16
xor %3d, t_ref(0,rsi)
xor %4d, t_ref(1,rdi)
movzx esi, cl
movzx edi, ch
xor %1d, t_ref(2,rsi)
xor %2d, t_ref(3,rdi)
movzx esi, dl
movzx edi, dh
shr edx, 16
xor %4d, t_ref(0,rsi)
xor %1d, t_ref(1,rdi)
movzx esi, dl
movzx edi, dh
xor %2d, t_ref(2,rsi)
xor %3d, t_ref(3,rdi)
%endmacro
%else
%macro il_rnd 5 ; last inverse round
mov %1d, ik_ref(%5,0)
mov %2d, ik_ref(%5,1)
mov %3d, ik_ref(%5,2)
mov %4d, ik_ref(%5,3)
movzx esi, al
movzx edi, ah
movzx esi, t_ref(i,rsi)
movzx edi, t_ref(i,rdi)
shr eax, 16
xor %1d, esi
rol edi, 8
xor %2d, edi
movzx esi, al
movzx edi, ah
movzx esi, t_ref(i,rsi)
movzx edi, t_ref(i,rdi)
rol esi, 16
rol edi, 24
xor %3d, esi
xor %4d, edi
movzx esi, bl
movzx edi, bh
movzx esi, t_ref(i,rsi)
movzx edi, t_ref(i,rdi)
shr ebx, 16
xor %2d, esi
rol edi, 8
xor %3d, edi
movzx esi, bl
movzx edi, bh
movzx esi, t_ref(i,rsi)
movzx edi, t_ref(i,rdi)
rol esi, 16
rol edi, 24
xor %4d, esi
xor %1d, edi
movzx esi, cl
movzx edi, ch
movzx esi, t_ref(i,rsi)
movzx edi, t_ref(i,rdi)
shr ecx, 16
xor %3d, esi
rol edi, 8
xor %4d, edi
movzx esi, cl
movzx edi, ch
movzx esi, t_ref(i,rsi)
movzx edi, t_ref(i,rdi)
rol esi, 16
rol edi, 24
xor %1d, esi
xor %2d, edi
movzx esi, dl
movzx edi, dh
movzx esi, t_ref(i,rsi)
movzx edi, t_ref(i,rdi)
shr edx, 16
xor %4d, esi
rol edi, 8
xor %1d, edi
movzx esi, dl
movzx edi, dh
movzx esi, t_ref(i,rsi)
movzx edi, t_ref(i,rdi)
rol esi, 16
rol edi, 24
xor %2d, esi
xor %3d, edi
%endmacro
%endif
%ifdef ENCRYPTION
global aes_ni(encrypt)
%ifdef DLL_EXPORT
export aes_ni(encrypt)
%endif
section .data align=64 set_page
align 64
enc_tab:
enc_vals u8
%ifdef LAST_ROUND_TABLES
enc_vals w8
%endif
section .text align=16 set_page
align 16
%ifdef _SEH_
proc_frame aes_ni(encrypt)
alloc_stack 7*8 ; 7 to align stack to 16 bytes
save_reg rsi,4*8
save_reg rdi,5*8
save_reg rbx,1*8
save_reg rbp,2*8
save_reg r12,3*8
end_prologue
mov rdi, rcx ; input pointer
mov [rsp+0*8], rdx ; output pointer
%else
aes_ni(encrypt):
%ifdef __GNUC__
sub rsp, 4*8 ; gnu/linux binary interface
mov [rsp+0*8], rsi ; output pointer
mov r8, rdx ; context
%else
sub rsp, 6*8 ; windows binary interface
mov [rsp+4*8], rsi
mov [rsp+5*8], rdi
mov rdi, rcx ; input pointer
mov [rsp+0*8], rdx ; output pointer
%endif
mov [rsp+1*8], rbx ; input pointer in rdi
mov [rsp+2*8], rbp ; output pointer in [rsp]
mov [rsp+3*8], r12 ; context in r8
%endif
movzx esi, byte [kptr+4*KS_LENGTH]
lea tptr, [rel enc_tab]
sub kptr, fofs
mov eax, [rdi+0*4]
mov ebx, [rdi+1*4]
mov ecx, [rdi+2*4]
mov edx, [rdi+3*4]
xor eax, [kptr+fofs]
xor ebx, [kptr+fofs+4]
xor ecx, [kptr+fofs+8]
xor edx, [kptr+fofs+12]
lea kptr,[kptr+rsi]
cmp esi, 10*16
je .3
cmp esi, 12*16
je .2
cmp esi, 14*16
je .1
mov rax, -1
jmp .4
.1: ff_rnd r9, r10, r11, r12, 13
ff_rnd r9, r10, r11, r12, 12
.2: ff_rnd r9, r10, r11, r12, 11
ff_rnd r9, r10, r11, r12, 10
.3: ff_rnd r9, r10, r11, r12, 9
ff_rnd r9, r10, r11, r12, 8
ff_rnd r9, r10, r11, r12, 7
ff_rnd r9, r10, r11, r12, 6
ff_rnd r9, r10, r11, r12, 5
ff_rnd r9, r10, r11, r12, 4
ff_rnd r9, r10, r11, r12, 3
ff_rnd r9, r10, r11, r12, 2
ff_rnd r9, r10, r11, r12, 1
fl_rnd r9, r10, r11, r12, 0
mov rbx, [rsp]
mov [rbx], r9d
mov [rbx+4], r10d
mov [rbx+8], r11d
mov [rbx+12], r12d
xor rax, rax
.4:
mov rbx, [rsp+1*8]
mov rbp, [rsp+2*8]
mov r12, [rsp+3*8]
%ifdef __GNUC__
add rsp, 4*8
ret
%else
mov rsi, [rsp+4*8]
mov rdi, [rsp+5*8]
%ifdef _SEH_
add rsp, 7*8
ret
endproc_frame
%else
add rsp, 6*8
ret
%endif
%endif
%endif
%ifdef DECRYPTION
global aes_ni(decrypt)
%ifdef DLL_EXPORT
export aes_ni(decrypt)
%endif
section .data
align 64
dec_tab:
dec_vals v8
%ifdef LAST_ROUND_TABLES
dec_vals w8
%endif
section .text
align 16
%ifdef _SEH_
proc_frame aes_ni(decrypt)
alloc_stack 7*8 ; 7 to align stack to 16 bytes
save_reg rsi,4*8
save_reg rdi,5*8
save_reg rbx,1*8
save_reg rbp,2*8
save_reg r12,3*8
end_prologue
mov rdi, rcx ; input pointer
mov [rsp+0*8], rdx ; output pointer
%else
aes_ni(decrypt):
%ifdef __GNUC__
sub rsp, 4*8 ; gnu/linux binary interface
mov [rsp+0*8], rsi ; output pointer
mov r8, rdx ; context
%else
sub rsp, 6*8 ; windows binary interface
mov [rsp+4*8], rsi
mov [rsp+5*8], rdi
mov rdi, rcx ; input pointer
mov [rsp+0*8], rdx ; output pointer
%endif
mov [rsp+1*8], rbx ; input pointer in rdi
mov [rsp+2*8], rbp ; output pointer in [rsp]
mov [rsp+3*8], r12 ; context in r8
%endif
movzx esi, byte[kptr+4*KS_LENGTH]
lea tptr, [rel dec_tab]
sub kptr, rofs
mov eax, [rdi+0*4]
mov ebx, [rdi+1*4]
mov ecx, [rdi+2*4]
mov edx, [rdi+3*4]
%ifdef AES_REV_DKS
mov rdi, kptr
lea kptr,[kptr+rsi]
%else
lea rdi,[kptr+rsi]
%endif
xor eax, [rdi+rofs]
xor ebx, [rdi+rofs+4]
xor ecx, [rdi+rofs+8]
xor edx, [rdi+rofs+12]
cmp esi, 10*16
je .3
cmp esi, 12*16
je .2
cmp esi, 14*16
je .1
mov rax, -1
jmp .4
.1: ii_rnd r9, r10, r11, r12, 13
ii_rnd r9, r10, r11, r12, 12
.2: ii_rnd r9, r10, r11, r12, 11
ii_rnd r9, r10, r11, r12, 10
.3: ii_rnd r9, r10, r11, r12, 9
ii_rnd r9, r10, r11, r12, 8
ii_rnd r9, r10, r11, r12, 7
ii_rnd r9, r10, r11, r12, 6
ii_rnd r9, r10, r11, r12, 5
ii_rnd r9, r10, r11, r12, 4
ii_rnd r9, r10, r11, r12, 3
ii_rnd r9, r10, r11, r12, 2
ii_rnd r9, r10, r11, r12, 1
il_rnd r9, r10, r11, r12, 0
mov rbx, [rsp]
mov [rbx], r9d
mov [rbx+4], r10d
mov [rbx+8], r11d
mov [rbx+12], r12d
xor rax, rax
.4: mov rbx, [rsp+1*8]
mov rbp, [rsp+2*8]
mov r12, [rsp+3*8]
%ifdef __GNUC__
add rsp, 4*8
ret
%else
mov rsi, [rsp+4*8]
mov rdi, [rsp+5*8]
%ifdef _SEH_
add rsp, 7*8
ret
endproc_frame
%else
add rsp, 6*8
ret
%endif
%endif
%endif
end

947
crypto/src/main/jni/final_key/aes/aes_modes.c Normal file
View File

@@ -0,0 +1,947 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
These subroutines implement multiple block AES modes for ECB, CBC, CFB,
OFB and CTR encryption, The code provides support for the VIA Advanced
Cryptography Engine (ACE).
NOTE: In the following subroutines, the AES contexts (ctx) must be
16 byte aligned if VIA ACE is being used
*/
#include <string.h>
#include <assert.h>
#include <stdint.h>
#include "aesopt.h"
#if defined( AES_MODES )
#if defined(__cplusplus)
extern "C"
{
#endif
#if defined( _MSC_VER ) && ( _MSC_VER > 800 )
#pragma intrinsic(memcpy)
#endif
#define BFR_BLOCKS 8
/* These values are used to detect long word alignment in order to */
/* speed up some buffer operations. This facility may not work on */
/* some machines so this define can be commented out if necessary */
#define FAST_BUFFER_OPERATIONS
#define lp32(x) ((uint32_t*)(x))
#if defined( USE_VIA_ACE_IF_PRESENT )
#include "aes_via_ace.h"
#pragma pack(16)
aligned_array(unsigned long, enc_gen_table, 12, 16) = NEH_ENC_GEN_DATA;
aligned_array(unsigned long, enc_load_table, 12, 16) = NEH_ENC_LOAD_DATA;
aligned_array(unsigned long, enc_hybrid_table, 12, 16) = NEH_ENC_HYBRID_DATA;
aligned_array(unsigned long, dec_gen_table, 12, 16) = NEH_DEC_GEN_DATA;
aligned_array(unsigned long, dec_load_table, 12, 16) = NEH_DEC_LOAD_DATA;
aligned_array(unsigned long, dec_hybrid_table, 12, 16) = NEH_DEC_HYBRID_DATA;
/* NOTE: These control word macros must only be used after */
/* a key has been set up because they depend on key size */
/* See the VIA ACE documentation for key type information */
/* and aes_via_ace.h for non-default NEH_KEY_TYPE values */
#ifndef NEH_KEY_TYPE
# define NEH_KEY_TYPE NEH_HYBRID
#endif
#if NEH_KEY_TYPE == NEH_LOAD
#define kd_adr(c) ((uint8_t*)(c)->ks)
#elif NEH_KEY_TYPE == NEH_GENERATE
#define kd_adr(c) ((uint8_t*)(c)->ks + (c)->inf.b[0])
#elif NEH_KEY_TYPE == NEH_HYBRID
#define kd_adr(c) ((uint8_t*)(c)->ks + ((c)->inf.b[0] == 160 ? 160 : 0))
#else
#error no key type defined for VIA ACE
#endif
#else
#define aligned_array(type, name, no, stride) type name[no]
#define aligned_auto(type, name, no, stride) type name[no]
#endif
#if defined( _MSC_VER ) && _MSC_VER > 1200
#define via_cwd(cwd, ty, dir, len) \
unsigned long* cwd = (dir##_##ty##_table + ((len - 128) >> 4))
#else
#define via_cwd(cwd, ty, dir, len) \
aligned_auto(unsigned long, cwd, 4, 16); \
cwd[1] = cwd[2] = cwd[3] = 0; \
cwd[0] = neh_##dir##_##ty##_key(len)
#endif
/* test the code for detecting and setting pointer alignment */
AES_RETURN aes_test_alignment_detection(unsigned int n) /* 4 <= n <= 16 */
{ uint8_t p[16];
uint32_t i, count_eq = 0, count_neq = 0;
if(n < 4 || n > 16)
return EXIT_FAILURE;
for(i = 0; i < n; ++i)
{
uint8_t *qf = ALIGN_FLOOR(p + i, n),
*qh = ALIGN_CEIL(p + i, n);
if(qh == qf)
++count_eq;
else if(qh == qf + n)
++count_neq;
else
return EXIT_FAILURE;
}
return (count_eq != 1 || count_neq != n - 1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
AES_RETURN aes_mode_reset(aes_encrypt_ctx ctx[1])
{
ctx->inf.b[2] = 0;
return EXIT_SUCCESS;
}
AES_RETURN aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, const aes_encrypt_ctx ctx[1])
{ int nb = len >> AES_BLOCK_SIZE_P2;
if(len & (AES_BLOCK_SIZE - 1))
return EXIT_FAILURE;
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
{ uint8_t *ksp = (uint8_t*)(ctx->ks);
via_cwd(cwd, hybrid, enc, 2 * ctx->inf.b[0] - 192);
if(ALIGN_OFFSET( ctx, 16 ))
return EXIT_FAILURE;
if(!ALIGN_OFFSET( ibuf, 16 ) && !ALIGN_OFFSET( obuf, 16 ))
{
via_ecb_op5(ksp, cwd, ibuf, obuf, nb);
}
else
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint8_t *ip, *op;
while(nb)
{
int m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb);
ip = (ALIGN_OFFSET( ibuf, 16 ) ? buf : ibuf);
op = (ALIGN_OFFSET( obuf, 16 ) ? buf : obuf);
if(ip != ibuf)
memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
via_ecb_op5(ksp, cwd, ip, op, m);
if(op != obuf)
memcpy(obuf, buf, m * AES_BLOCK_SIZE);
ibuf += m * AES_BLOCK_SIZE;
obuf += m * AES_BLOCK_SIZE;
nb -= m;
}
}
return EXIT_SUCCESS;
}
#endif
#if !defined( ASSUME_VIA_ACE_PRESENT )
while(nb--)
{
if(aes_encrypt(ibuf, obuf, ctx) != EXIT_SUCCESS)
return EXIT_FAILURE;
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
}
#endif
return EXIT_SUCCESS;
}
AES_RETURN aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, const aes_decrypt_ctx ctx[1])
{ int nb = len >> AES_BLOCK_SIZE_P2;
if(len & (AES_BLOCK_SIZE - 1))
return EXIT_FAILURE;
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
{ uint8_t *ksp = kd_adr(ctx);
via_cwd(cwd, hybrid, dec, 2 * ctx->inf.b[0] - 192);
if(ALIGN_OFFSET( ctx, 16 ))
return EXIT_FAILURE;
if(!ALIGN_OFFSET( ibuf, 16 ) && !ALIGN_OFFSET( obuf, 16 ))
{
via_ecb_op5(ksp, cwd, ibuf, obuf, nb);
}
else
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint8_t *ip, *op;
while(nb)
{
int m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb);
ip = (ALIGN_OFFSET( ibuf, 16 ) ? buf : ibuf);
op = (ALIGN_OFFSET( obuf, 16 ) ? buf : obuf);
if(ip != ibuf)
memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
via_ecb_op5(ksp, cwd, ip, op, m);
if(op != obuf)
memcpy(obuf, buf, m * AES_BLOCK_SIZE);
ibuf += m * AES_BLOCK_SIZE;
obuf += m * AES_BLOCK_SIZE;
nb -= m;
}
}
return EXIT_SUCCESS;
}
#endif
#if !defined( ASSUME_VIA_ACE_PRESENT )
while(nb--)
{
if(aes_decrypt(ibuf, obuf, ctx) != EXIT_SUCCESS)
return EXIT_FAILURE;
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
}
#endif
return EXIT_SUCCESS;
}
AES_RETURN aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, const aes_encrypt_ctx ctx[1])
{ int nb = len >> AES_BLOCK_SIZE_P2;
if(len & (AES_BLOCK_SIZE - 1))
return EXIT_FAILURE;
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
{ uint8_t *ksp = (uint8_t*)(ctx->ks), *ivp = iv;
aligned_auto(uint8_t, liv, AES_BLOCK_SIZE, 16);
via_cwd(cwd, hybrid, enc, 2 * ctx->inf.b[0] - 192);
if(ALIGN_OFFSET( ctx, 16 ))
return EXIT_FAILURE;
if(ALIGN_OFFSET( iv, 16 )) /* ensure an aligned iv */
{
ivp = liv;
memcpy(liv, iv, AES_BLOCK_SIZE);
}
if(!ALIGN_OFFSET( ibuf, 16 ) && !ALIGN_OFFSET( obuf, 16 ) && !ALIGN_OFFSET( iv, 16 ))
{
via_cbc_op7(ksp, cwd, ibuf, obuf, nb, ivp, ivp);
}
else
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint8_t *ip, *op;
while(nb)
{
int m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb);
ip = (ALIGN_OFFSET( ibuf, 16 ) ? buf : ibuf);
op = (ALIGN_OFFSET( obuf, 16 ) ? buf : obuf);
if(ip != ibuf)
memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
via_cbc_op7(ksp, cwd, ip, op, m, ivp, ivp);
if(op != obuf)
memcpy(obuf, buf, m * AES_BLOCK_SIZE);
ibuf += m * AES_BLOCK_SIZE;
obuf += m * AES_BLOCK_SIZE;
nb -= m;
}
}
if(iv != ivp)
memcpy(iv, ivp, AES_BLOCK_SIZE);
return EXIT_SUCCESS;
}
#endif
#if !defined( ASSUME_VIA_ACE_PRESENT )
# ifdef FAST_BUFFER_OPERATIONS
if(!ALIGN_OFFSET( ibuf, 4 ) && !ALIGN_OFFSET( iv, 4 ))
while(nb--)
{
lp32(iv)[0] ^= lp32(ibuf)[0];
lp32(iv)[1] ^= lp32(ibuf)[1];
lp32(iv)[2] ^= lp32(ibuf)[2];
lp32(iv)[3] ^= lp32(ibuf)[3];
if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
return EXIT_FAILURE;
memcpy(obuf, iv, AES_BLOCK_SIZE);
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
}
else
# endif
while(nb--)
{
iv[ 0] ^= ibuf[ 0]; iv[ 1] ^= ibuf[ 1];
iv[ 2] ^= ibuf[ 2]; iv[ 3] ^= ibuf[ 3];
iv[ 4] ^= ibuf[ 4]; iv[ 5] ^= ibuf[ 5];
iv[ 6] ^= ibuf[ 6]; iv[ 7] ^= ibuf[ 7];
iv[ 8] ^= ibuf[ 8]; iv[ 9] ^= ibuf[ 9];
iv[10] ^= ibuf[10]; iv[11] ^= ibuf[11];
iv[12] ^= ibuf[12]; iv[13] ^= ibuf[13];
iv[14] ^= ibuf[14]; iv[15] ^= ibuf[15];
if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
return EXIT_FAILURE;
memcpy(obuf, iv, AES_BLOCK_SIZE);
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
}
#endif
return EXIT_SUCCESS;
}
AES_RETURN aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, const aes_decrypt_ctx ctx[1])
{ unsigned char tmp[AES_BLOCK_SIZE];
int nb = len >> AES_BLOCK_SIZE_P2;
if(len & (AES_BLOCK_SIZE - 1))
return EXIT_FAILURE;
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
{ uint8_t *ksp = kd_adr(ctx), *ivp = iv;
aligned_auto(uint8_t, liv, AES_BLOCK_SIZE, 16);
via_cwd(cwd, hybrid, dec, 2 * ctx->inf.b[0] - 192);
if(ALIGN_OFFSET( ctx, 16 ))
return EXIT_FAILURE;
if(ALIGN_OFFSET( iv, 16 )) /* ensure an aligned iv */
{
ivp = liv;
memcpy(liv, iv, AES_BLOCK_SIZE);
}
if(!ALIGN_OFFSET( ibuf, 16 ) && !ALIGN_OFFSET( obuf, 16 ) && !ALIGN_OFFSET( iv, 16 ))
{
via_cbc_op6(ksp, cwd, ibuf, obuf, nb, ivp);
}
else
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint8_t *ip, *op;
while(nb)
{
int m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb);
ip = (ALIGN_OFFSET( ibuf, 16 ) ? buf : ibuf);
op = (ALIGN_OFFSET( obuf, 16 ) ? buf : obuf);
if(ip != ibuf)
memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
via_cbc_op6(ksp, cwd, ip, op, m, ivp);
if(op != obuf)
memcpy(obuf, buf, m * AES_BLOCK_SIZE);
ibuf += m * AES_BLOCK_SIZE;
obuf += m * AES_BLOCK_SIZE;
nb -= m;
}
}
if(iv != ivp)
memcpy(iv, ivp, AES_BLOCK_SIZE);
return EXIT_SUCCESS;
}
#endif
#if !defined( ASSUME_VIA_ACE_PRESENT )
# ifdef FAST_BUFFER_OPERATIONS
if(!ALIGN_OFFSET( obuf, 4 ) && !ALIGN_OFFSET( iv, 4 ))
while(nb--)
{
memcpy(tmp, ibuf, AES_BLOCK_SIZE);
if(aes_decrypt(ibuf, obuf, ctx) != EXIT_SUCCESS)
return EXIT_FAILURE;
lp32(obuf)[0] ^= lp32(iv)[0];
lp32(obuf)[1] ^= lp32(iv)[1];
lp32(obuf)[2] ^= lp32(iv)[2];
lp32(obuf)[3] ^= lp32(iv)[3];
memcpy(iv, tmp, AES_BLOCK_SIZE);
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
}
else
# endif
while(nb--)
{
memcpy(tmp, ibuf, AES_BLOCK_SIZE);
if(aes_decrypt(ibuf, obuf, ctx) != EXIT_SUCCESS)
return EXIT_FAILURE;
obuf[ 0] ^= iv[ 0]; obuf[ 1] ^= iv[ 1];
obuf[ 2] ^= iv[ 2]; obuf[ 3] ^= iv[ 3];
obuf[ 4] ^= iv[ 4]; obuf[ 5] ^= iv[ 5];
obuf[ 6] ^= iv[ 6]; obuf[ 7] ^= iv[ 7];
obuf[ 8] ^= iv[ 8]; obuf[ 9] ^= iv[ 9];
obuf[10] ^= iv[10]; obuf[11] ^= iv[11];
obuf[12] ^= iv[12]; obuf[13] ^= iv[13];
obuf[14] ^= iv[14]; obuf[15] ^= iv[15];
memcpy(iv, tmp, AES_BLOCK_SIZE);
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
}
#endif
return EXIT_SUCCESS;
}
AES_RETURN aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx ctx[1])
{ int cnt = 0, b_pos = (int)ctx->inf.b[2], nb;
if(b_pos) /* complete any partial block */
{
while(b_pos < AES_BLOCK_SIZE && cnt < len)
{
*obuf++ = (iv[b_pos++] ^= *ibuf++);
cnt++;
}
b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
}
if((nb = (len - cnt) >> AES_BLOCK_SIZE_P2) != 0) /* process whole blocks */
{
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
{ int m;
uint8_t *ksp = (uint8_t*)(ctx->ks), *ivp = iv;
aligned_auto(uint8_t, liv, AES_BLOCK_SIZE, 16);
via_cwd(cwd, hybrid, enc, 2 * ctx->inf.b[0] - 192);
if(ALIGN_OFFSET( ctx, 16 ))
return EXIT_FAILURE;
if(ALIGN_OFFSET( iv, 16 )) /* ensure an aligned iv */
{
ivp = liv;
memcpy(liv, iv, AES_BLOCK_SIZE);
}
if(!ALIGN_OFFSET( ibuf, 16 ) && !ALIGN_OFFSET( obuf, 16 ))
{
via_cfb_op7(ksp, cwd, ibuf, obuf, nb, ivp, ivp);
ibuf += nb * AES_BLOCK_SIZE;
obuf += nb * AES_BLOCK_SIZE;
cnt += nb * AES_BLOCK_SIZE;
}
else /* input, output or both are unaligned */
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint8_t *ip, *op;
while(nb)
{
m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb), nb -= m;
ip = (ALIGN_OFFSET( ibuf, 16 ) ? buf : ibuf);
op = (ALIGN_OFFSET( obuf, 16 ) ? buf : obuf);
if(ip != ibuf)
memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
via_cfb_op7(ksp, cwd, ip, op, m, ivp, ivp);
if(op != obuf)
memcpy(obuf, buf, m * AES_BLOCK_SIZE);
ibuf += m * AES_BLOCK_SIZE;
obuf += m * AES_BLOCK_SIZE;
cnt += m * AES_BLOCK_SIZE;
}
}
if(ivp != iv)
memcpy(iv, ivp, AES_BLOCK_SIZE);
}
#else
# ifdef FAST_BUFFER_OPERATIONS
if(!ALIGN_OFFSET( ibuf, 4 ) && !ALIGN_OFFSET( obuf, 4 ) && !ALIGN_OFFSET( iv, 4 ))
while(cnt + AES_BLOCK_SIZE <= len)
{
assert(b_pos == 0);
if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
return EXIT_FAILURE;
lp32(obuf)[0] = lp32(iv)[0] ^= lp32(ibuf)[0];
lp32(obuf)[1] = lp32(iv)[1] ^= lp32(ibuf)[1];
lp32(obuf)[2] = lp32(iv)[2] ^= lp32(ibuf)[2];
lp32(obuf)[3] = lp32(iv)[3] ^= lp32(ibuf)[3];
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
cnt += AES_BLOCK_SIZE;
}
else
# endif
while(cnt + AES_BLOCK_SIZE <= len)
{
assert(b_pos == 0);
if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
return EXIT_FAILURE;
obuf[ 0] = iv[ 0] ^= ibuf[ 0]; obuf[ 1] = iv[ 1] ^= ibuf[ 1];
obuf[ 2] = iv[ 2] ^= ibuf[ 2]; obuf[ 3] = iv[ 3] ^= ibuf[ 3];
obuf[ 4] = iv[ 4] ^= ibuf[ 4]; obuf[ 5] = iv[ 5] ^= ibuf[ 5];
obuf[ 6] = iv[ 6] ^= ibuf[ 6]; obuf[ 7] = iv[ 7] ^= ibuf[ 7];
obuf[ 8] = iv[ 8] ^= ibuf[ 8]; obuf[ 9] = iv[ 9] ^= ibuf[ 9];
obuf[10] = iv[10] ^= ibuf[10]; obuf[11] = iv[11] ^= ibuf[11];
obuf[12] = iv[12] ^= ibuf[12]; obuf[13] = iv[13] ^= ibuf[13];
obuf[14] = iv[14] ^= ibuf[14]; obuf[15] = iv[15] ^= ibuf[15];
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
cnt += AES_BLOCK_SIZE;
}
#endif
}
while(cnt < len)
{
if(!b_pos && aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
return EXIT_FAILURE;
while(cnt < len && b_pos < AES_BLOCK_SIZE)
{
*obuf++ = (iv[b_pos++] ^= *ibuf++);
cnt++;
}
b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
}
ctx->inf.b[2] = (uint8_t)b_pos;
return EXIT_SUCCESS;
}
AES_RETURN aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx ctx[1])
{ int cnt = 0, b_pos = (int)ctx->inf.b[2], nb;
if(b_pos) /* complete any partial block */
{ uint8_t t;
while(b_pos < AES_BLOCK_SIZE && cnt < len)
{
t = *ibuf++;
*obuf++ = t ^ iv[b_pos];
iv[b_pos++] = t;
cnt++;
}
b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
}
if((nb = (len - cnt) >> AES_BLOCK_SIZE_P2) != 0) /* process whole blocks */
{
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
{ int m;
uint8_t *ksp = (uint8_t*)(ctx->ks), *ivp = iv;
aligned_auto(uint8_t, liv, AES_BLOCK_SIZE, 16);
via_cwd(cwd, hybrid, dec, 2 * ctx->inf.b[0] - 192);
if(ALIGN_OFFSET( ctx, 16 ))
return EXIT_FAILURE;
if(ALIGN_OFFSET( iv, 16 )) /* ensure an aligned iv */
{
ivp = liv;
memcpy(liv, iv, AES_BLOCK_SIZE);
}
if(!ALIGN_OFFSET( ibuf, 16 ) && !ALIGN_OFFSET( obuf, 16 ))
{
via_cfb_op6(ksp, cwd, ibuf, obuf, nb, ivp);
ibuf += nb * AES_BLOCK_SIZE;
obuf += nb * AES_BLOCK_SIZE;
cnt += nb * AES_BLOCK_SIZE;
}
else /* input, output or both are unaligned */
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint8_t *ip, *op;
while(nb)
{
m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb), nb -= m;
ip = (ALIGN_OFFSET( ibuf, 16 ) ? buf : ibuf);
op = (ALIGN_OFFSET( obuf, 16 ) ? buf : obuf);
if(ip != ibuf) /* input buffer is not aligned */
memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
via_cfb_op6(ksp, cwd, ip, op, m, ivp);
if(op != obuf) /* output buffer is not aligned */
memcpy(obuf, buf, m * AES_BLOCK_SIZE);
ibuf += m * AES_BLOCK_SIZE;
obuf += m * AES_BLOCK_SIZE;
cnt += m * AES_BLOCK_SIZE;
}
}
if(ivp != iv)
memcpy(iv, ivp, AES_BLOCK_SIZE);
}
#else
# ifdef FAST_BUFFER_OPERATIONS
if(!ALIGN_OFFSET( ibuf, 4 ) && !ALIGN_OFFSET( obuf, 4 ) &&!ALIGN_OFFSET( iv, 4 ))
while(cnt + AES_BLOCK_SIZE <= len)
{ uint32_t t;
assert(b_pos == 0);
if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
return EXIT_FAILURE;
t = lp32(ibuf)[0], lp32(obuf)[0] = t ^ lp32(iv)[0], lp32(iv)[0] = t;
t = lp32(ibuf)[1], lp32(obuf)[1] = t ^ lp32(iv)[1], lp32(iv)[1] = t;
t = lp32(ibuf)[2], lp32(obuf)[2] = t ^ lp32(iv)[2], lp32(iv)[2] = t;
t = lp32(ibuf)[3], lp32(obuf)[3] = t ^ lp32(iv)[3], lp32(iv)[3] = t;
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
cnt += AES_BLOCK_SIZE;
}
else
# endif
while(cnt + AES_BLOCK_SIZE <= len)
{ uint8_t t;
assert(b_pos == 0);
if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
return EXIT_FAILURE;
t = ibuf[ 0], obuf[ 0] = t ^ iv[ 0], iv[ 0] = t;
t = ibuf[ 1], obuf[ 1] = t ^ iv[ 1], iv[ 1] = t;
t = ibuf[ 2], obuf[ 2] = t ^ iv[ 2], iv[ 2] = t;
t = ibuf[ 3], obuf[ 3] = t ^ iv[ 3], iv[ 3] = t;
t = ibuf[ 4], obuf[ 4] = t ^ iv[ 4], iv[ 4] = t;
t = ibuf[ 5], obuf[ 5] = t ^ iv[ 5], iv[ 5] = t;
t = ibuf[ 6], obuf[ 6] = t ^ iv[ 6], iv[ 6] = t;
t = ibuf[ 7], obuf[ 7] = t ^ iv[ 7], iv[ 7] = t;
t = ibuf[ 8], obuf[ 8] = t ^ iv[ 8], iv[ 8] = t;
t = ibuf[ 9], obuf[ 9] = t ^ iv[ 9], iv[ 9] = t;
t = ibuf[10], obuf[10] = t ^ iv[10], iv[10] = t;
t = ibuf[11], obuf[11] = t ^ iv[11], iv[11] = t;
t = ibuf[12], obuf[12] = t ^ iv[12], iv[12] = t;
t = ibuf[13], obuf[13] = t ^ iv[13], iv[13] = t;
t = ibuf[14], obuf[14] = t ^ iv[14], iv[14] = t;
t = ibuf[15], obuf[15] = t ^ iv[15], iv[15] = t;
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
cnt += AES_BLOCK_SIZE;
}
#endif
}
while(cnt < len)
{ uint8_t t;
if(!b_pos && aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
return EXIT_FAILURE;
while(cnt < len && b_pos < AES_BLOCK_SIZE)
{
t = *ibuf++;
*obuf++ = t ^ iv[b_pos];
iv[b_pos++] = t;
cnt++;
}
b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
}
ctx->inf.b[2] = (uint8_t)b_pos;
return EXIT_SUCCESS;
}
AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx ctx[1])
{ int cnt = 0, b_pos = (int)ctx->inf.b[2], nb;
if(b_pos) /* complete any partial block */
{
while(b_pos < AES_BLOCK_SIZE && cnt < len)
{
*obuf++ = iv[b_pos++] ^ *ibuf++;
cnt++;
}
b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
}
if((nb = (len - cnt) >> AES_BLOCK_SIZE_P2) != 0) /* process whole blocks */
{
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
{ int m;
uint8_t *ksp = (uint8_t*)(ctx->ks), *ivp = iv;
aligned_auto(uint8_t, liv, AES_BLOCK_SIZE, 16);
via_cwd(cwd, hybrid, enc, 2 * ctx->inf.b[0] - 192);
if(ALIGN_OFFSET( ctx, 16 ))
return EXIT_FAILURE;
if(ALIGN_OFFSET( iv, 16 )) /* ensure an aligned iv */
{
ivp = liv;
memcpy(liv, iv, AES_BLOCK_SIZE);
}
if(!ALIGN_OFFSET( ibuf, 16 ) && !ALIGN_OFFSET( obuf, 16 ))
{
via_ofb_op6(ksp, cwd, ibuf, obuf, nb, ivp);
ibuf += nb * AES_BLOCK_SIZE;
obuf += nb * AES_BLOCK_SIZE;
cnt += nb * AES_BLOCK_SIZE;
}
else /* input, output or both are unaligned */
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
uint8_t *ip, *op;
while(nb)
{
m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb), nb -= m;
ip = (ALIGN_OFFSET( ibuf, 16 ) ? buf : ibuf);
op = (ALIGN_OFFSET( obuf, 16 ) ? buf : obuf);
if(ip != ibuf)
memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
via_ofb_op6(ksp, cwd, ip, op, m, ivp);
if(op != obuf)
memcpy(obuf, buf, m * AES_BLOCK_SIZE);
ibuf += m * AES_BLOCK_SIZE;
obuf += m * AES_BLOCK_SIZE;
cnt += m * AES_BLOCK_SIZE;
}
}
if(ivp != iv)
memcpy(iv, ivp, AES_BLOCK_SIZE);
}
#else
# ifdef FAST_BUFFER_OPERATIONS
if(!ALIGN_OFFSET( ibuf, 4 ) && !ALIGN_OFFSET( obuf, 4 ) && !ALIGN_OFFSET( iv, 4 ))
while(cnt + AES_BLOCK_SIZE <= len)
{
assert(b_pos == 0);
if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
return EXIT_FAILURE;
lp32(obuf)[0] = lp32(iv)[0] ^ lp32(ibuf)[0];
lp32(obuf)[1] = lp32(iv)[1] ^ lp32(ibuf)[1];
lp32(obuf)[2] = lp32(iv)[2] ^ lp32(ibuf)[2];
lp32(obuf)[3] = lp32(iv)[3] ^ lp32(ibuf)[3];
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
cnt += AES_BLOCK_SIZE;
}
else
# endif
while(cnt + AES_BLOCK_SIZE <= len)
{
assert(b_pos == 0);
if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
return EXIT_FAILURE;
obuf[ 0] = iv[ 0] ^ ibuf[ 0]; obuf[ 1] = iv[ 1] ^ ibuf[ 1];
obuf[ 2] = iv[ 2] ^ ibuf[ 2]; obuf[ 3] = iv[ 3] ^ ibuf[ 3];
obuf[ 4] = iv[ 4] ^ ibuf[ 4]; obuf[ 5] = iv[ 5] ^ ibuf[ 5];
obuf[ 6] = iv[ 6] ^ ibuf[ 6]; obuf[ 7] = iv[ 7] ^ ibuf[ 7];
obuf[ 8] = iv[ 8] ^ ibuf[ 8]; obuf[ 9] = iv[ 9] ^ ibuf[ 9];
obuf[10] = iv[10] ^ ibuf[10]; obuf[11] = iv[11] ^ ibuf[11];
obuf[12] = iv[12] ^ ibuf[12]; obuf[13] = iv[13] ^ ibuf[13];
obuf[14] = iv[14] ^ ibuf[14]; obuf[15] = iv[15] ^ ibuf[15];
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
cnt += AES_BLOCK_SIZE;
}
#endif
}
while(cnt < len)
{
if(!b_pos && aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
return EXIT_FAILURE;
while(cnt < len && b_pos < AES_BLOCK_SIZE)
{
*obuf++ = iv[b_pos++] ^ *ibuf++;
cnt++;
}
b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
}
ctx->inf.b[2] = (uint8_t)b_pos;
return EXIT_SUCCESS;
}
#define BFR_LENGTH (BFR_BLOCKS * AES_BLOCK_SIZE)
AES_RETURN aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx ctx[1])
{ unsigned char *ip;
int i, blen, b_pos = (int)(ctx->inf.b[2]);
#if defined( USE_VIA_ACE_IF_PRESENT )
aligned_auto(uint8_t, buf, BFR_LENGTH, 16);
if(ctx->inf.b[1] == 0xff && ALIGN_OFFSET( ctx, 16 ))
return EXIT_FAILURE;
#else
uint8_t buf[BFR_LENGTH];
#endif
if(b_pos)
{
memcpy(buf, cbuf, AES_BLOCK_SIZE);
if(aes_ecb_encrypt(buf, buf, AES_BLOCK_SIZE, ctx) != EXIT_SUCCESS)
return EXIT_FAILURE;
while(b_pos < AES_BLOCK_SIZE && len)
{
*obuf++ = *ibuf++ ^ buf[b_pos++];
--len;
}
if(len)
ctr_inc(cbuf), b_pos = 0;
}
while(len)
{
blen = (len > BFR_LENGTH ? BFR_LENGTH : len), len -= blen;
for(i = 0, ip = buf; i < (blen >> AES_BLOCK_SIZE_P2); ++i)
{
memcpy(ip, cbuf, AES_BLOCK_SIZE);
ctr_inc(cbuf);
ip += AES_BLOCK_SIZE;
}
if(blen & (AES_BLOCK_SIZE - 1))
memcpy(ip, cbuf, AES_BLOCK_SIZE), i++;
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
{
via_cwd(cwd, hybrid, enc, 2 * ctx->inf.b[0] - 192);
via_ecb_op5((ctx->ks), cwd, buf, buf, i);
}
else
#endif
if(aes_ecb_encrypt(buf, buf, i * AES_BLOCK_SIZE, ctx) != EXIT_SUCCESS)
return EXIT_FAILURE;
i = 0; ip = buf;
# ifdef FAST_BUFFER_OPERATIONS
if(!ALIGN_OFFSET( ibuf, 4 ) && !ALIGN_OFFSET( obuf, 4 ) && !ALIGN_OFFSET( ip, 4 ))
while(i + AES_BLOCK_SIZE <= blen)
{
lp32(obuf)[0] = lp32(ibuf)[0] ^ lp32(ip)[0];
lp32(obuf)[1] = lp32(ibuf)[1] ^ lp32(ip)[1];
lp32(obuf)[2] = lp32(ibuf)[2] ^ lp32(ip)[2];
lp32(obuf)[3] = lp32(ibuf)[3] ^ lp32(ip)[3];
i += AES_BLOCK_SIZE;
ip += AES_BLOCK_SIZE;
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
}
else
#endif
while(i + AES_BLOCK_SIZE <= blen)
{
obuf[ 0] = ibuf[ 0] ^ ip[ 0]; obuf[ 1] = ibuf[ 1] ^ ip[ 1];
obuf[ 2] = ibuf[ 2] ^ ip[ 2]; obuf[ 3] = ibuf[ 3] ^ ip[ 3];
obuf[ 4] = ibuf[ 4] ^ ip[ 4]; obuf[ 5] = ibuf[ 5] ^ ip[ 5];
obuf[ 6] = ibuf[ 6] ^ ip[ 6]; obuf[ 7] = ibuf[ 7] ^ ip[ 7];
obuf[ 8] = ibuf[ 8] ^ ip[ 8]; obuf[ 9] = ibuf[ 9] ^ ip[ 9];
obuf[10] = ibuf[10] ^ ip[10]; obuf[11] = ibuf[11] ^ ip[11];
obuf[12] = ibuf[12] ^ ip[12]; obuf[13] = ibuf[13] ^ ip[13];
obuf[14] = ibuf[14] ^ ip[14]; obuf[15] = ibuf[15] ^ ip[15];
i += AES_BLOCK_SIZE;
ip += AES_BLOCK_SIZE;
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
}
while(i++ < blen)
*obuf++ = *ibuf++ ^ ip[b_pos++];
}
ctx->inf.b[2] = (uint8_t)b_pos;
return EXIT_SUCCESS;
}
#if defined(__cplusplus)
}
#endif
#endif

547
crypto/src/main/jni/final_key/aes/aes_via_ace.h Normal file
View File

@@ -0,0 +1,547 @@
/*
Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
*/
#ifndef AES_VIA_ACE_H
#define AES_VIA_ACE_H
#if defined( _MSC_VER )
# define INLINE __inline
#elif defined( __GNUC__ )
# define INLINE static inline
#else
# error VIA ACE requires Microsoft or GNU C
#endif
#define NEH_GENERATE 1
#define NEH_LOAD 2
#define NEH_HYBRID 3
#define MAX_READ_ATTEMPTS 1000
/* VIA Nehemiah RNG and ACE Feature Mask Values */
#define NEH_CPU_IS_VIA 0x00000001
#define NEH_CPU_READ 0x00000010
#define NEH_CPU_MASK 0x00000011
#define NEH_RNG_PRESENT 0x00000004
#define NEH_RNG_ENABLED 0x00000008
#define NEH_ACE_PRESENT 0x00000040
#define NEH_ACE_ENABLED 0x00000080
#define NEH_RNG_FLAGS (NEH_RNG_PRESENT | NEH_RNG_ENABLED)
#define NEH_ACE_FLAGS (NEH_ACE_PRESENT | NEH_ACE_ENABLED)
#define NEH_FLAGS_MASK (NEH_RNG_FLAGS | NEH_ACE_FLAGS)
/* VIA Nehemiah Advanced Cryptography Engine (ACE) Control Word Values */
#define NEH_GEN_KEY 0x00000000 /* generate key schedule */
#define NEH_LOAD_KEY 0x00000080 /* load schedule from memory */
#define NEH_ENCRYPT 0x00000000 /* encryption */
#define NEH_DECRYPT 0x00000200 /* decryption */
#define NEH_KEY128 0x00000000+0x0a /* 128 bit key */
#define NEH_KEY192 0x00000400+0x0c /* 192 bit key */
#define NEH_KEY256 0x00000800+0x0e /* 256 bit key */
#define NEH_ENC_GEN (NEH_ENCRYPT | NEH_GEN_KEY)
#define NEH_DEC_GEN (NEH_DECRYPT | NEH_GEN_KEY)
#define NEH_ENC_LOAD (NEH_ENCRYPT | NEH_LOAD_KEY)
#define NEH_DEC_LOAD (NEH_DECRYPT | NEH_LOAD_KEY)
#define NEH_ENC_GEN_DATA {\
NEH_ENC_GEN | NEH_KEY128, 0, 0, 0,\
NEH_ENC_GEN | NEH_KEY192, 0, 0, 0,\
NEH_ENC_GEN | NEH_KEY256, 0, 0, 0 }
#define NEH_ENC_LOAD_DATA {\
NEH_ENC_LOAD | NEH_KEY128, 0, 0, 0,\
NEH_ENC_LOAD | NEH_KEY192, 0, 0, 0,\
NEH_ENC_LOAD | NEH_KEY256, 0, 0, 0 }
#define NEH_ENC_HYBRID_DATA {\
NEH_ENC_GEN | NEH_KEY128, 0, 0, 0,\
NEH_ENC_LOAD | NEH_KEY192, 0, 0, 0,\
NEH_ENC_LOAD | NEH_KEY256, 0, 0, 0 }
#define NEH_DEC_GEN_DATA {\
NEH_DEC_GEN | NEH_KEY128, 0, 0, 0,\
NEH_DEC_GEN | NEH_KEY192, 0, 0, 0,\
NEH_DEC_GEN | NEH_KEY256, 0, 0, 0 }
#define NEH_DEC_LOAD_DATA {\
NEH_DEC_LOAD | NEH_KEY128, 0, 0, 0,\
NEH_DEC_LOAD | NEH_KEY192, 0, 0, 0,\
NEH_DEC_LOAD | NEH_KEY256, 0, 0, 0 }
#define NEH_DEC_HYBRID_DATA {\
NEH_DEC_GEN | NEH_KEY128, 0, 0, 0,\
NEH_DEC_LOAD | NEH_KEY192, 0, 0, 0,\
NEH_DEC_LOAD | NEH_KEY256, 0, 0, 0 }
#define neh_enc_gen_key(x) ((x) == 128 ? (NEH_ENC_GEN | NEH_KEY128) : \
(x) == 192 ? (NEH_ENC_GEN | NEH_KEY192) : (NEH_ENC_GEN | NEH_KEY256))
#define neh_enc_load_key(x) ((x) == 128 ? (NEH_ENC_LOAD | NEH_KEY128) : \
(x) == 192 ? (NEH_ENC_LOAD | NEH_KEY192) : (NEH_ENC_LOAD | NEH_KEY256))
#define neh_enc_hybrid_key(x) ((x) == 128 ? (NEH_ENC_GEN | NEH_KEY128) : \
(x) == 192 ? (NEH_ENC_LOAD | NEH_KEY192) : (NEH_ENC_LOAD | NEH_KEY256))
#define neh_dec_gen_key(x) ((x) == 128 ? (NEH_DEC_GEN | NEH_KEY128) : \
(x) == 192 ? (NEH_DEC_GEN | NEH_KEY192) : (NEH_DEC_GEN | NEH_KEY256))
#define neh_dec_load_key(x) ((x) == 128 ? (NEH_DEC_LOAD | NEH_KEY128) : \
(x) == 192 ? (NEH_DEC_LOAD | NEH_KEY192) : (NEH_DEC_LOAD | NEH_KEY256))
#define neh_dec_hybrid_key(x) ((x) == 128 ? (NEH_DEC_GEN | NEH_KEY128) : \
(x) == 192 ? (NEH_DEC_LOAD | NEH_KEY192) : (NEH_DEC_LOAD | NEH_KEY256))
#if defined( _MSC_VER ) && ( _MSC_VER > 1200 )
#define aligned_auto(type, name, no, stride) __declspec(align(stride)) type name[no]
#else
#define aligned_auto(type, name, no, stride) \
unsigned char _##name[no * sizeof(type) + stride]; \
type *name = (type*)(16 * ((((unsigned long)(_##name)) + stride - 1) / stride))
#endif
#if defined( _MSC_VER ) && ( _MSC_VER > 1200 )
#define aligned_array(type, name, no, stride) __declspec(align(stride)) type name[no]
#elif defined( __GNUC__ )
#define aligned_array(type, name, no, stride) type name[no] __attribute__ ((aligned(stride)))
#else
#define aligned_array(type, name, no, stride) type name[no]
#endif
/* VIA ACE codeword */
static unsigned char via_flags = 0;
#if defined ( _MSC_VER ) && ( _MSC_VER > 800 )
#define NEH_REKEY __asm pushfd __asm popfd
#define NEH_AES __asm _emit 0xf3 __asm _emit 0x0f __asm _emit 0xa7
#define NEH_ECB NEH_AES __asm _emit 0xc8
#define NEH_CBC NEH_AES __asm _emit 0xd0
#define NEH_CFB NEH_AES __asm _emit 0xe0
#define NEH_OFB NEH_AES __asm _emit 0xe8
#define NEH_RNG __asm _emit 0x0f __asm _emit 0xa7 __asm _emit 0xc0
INLINE int has_cpuid(void)
{ char ret_value;
__asm
{ pushfd /* save EFLAGS register */
mov eax,[esp] /* copy it to eax */
mov edx,0x00200000 /* CPUID bit position */
xor eax,edx /* toggle the CPUID bit */
push eax /* attempt to set EFLAGS to */
popfd /* the new value */
pushfd /* get the new EFLAGS value */
pop eax /* into eax */
xor eax,[esp] /* xor with original value */
and eax,edx /* has CPUID bit changed? */
setne al /* set to 1 if we have been */
mov ret_value,al /* able to change it */
popfd /* restore original EFLAGS */
}
return (int)ret_value;
}
INLINE int is_via_cpu(void)
{ char ret_value;
__asm
{ push ebx
xor eax,eax /* use CPUID to get vendor */
cpuid /* identity string */
xor eax,eax /* is it "CentaurHauls" ? */
sub ebx,0x746e6543 /* 'Cent' */
or eax,ebx
sub edx,0x48727561 /* 'aurH' */
or eax,edx
sub ecx,0x736c7561 /* 'auls' */
or eax,ecx
sete al /* set to 1 if it is VIA ID */
mov dl,NEH_CPU_READ /* mark CPU type as read */
or dl,al /* & store result in flags */
mov [via_flags],dl /* set VIA detected flag */
mov ret_value,al /* able to change it */
pop ebx
}
return (int)ret_value;
}
INLINE int read_via_flags(void)
{ char ret_value = 0;
__asm
{ mov eax,0xC0000000 /* Centaur extended CPUID */
cpuid
mov edx,0xc0000001 /* >= 0xc0000001 if support */
cmp eax,edx /* for VIA extended feature */
jnae no_rng /* flags is available */
mov eax,edx /* read Centaur extended */
cpuid /* feature flags */
mov eax,NEH_FLAGS_MASK /* mask out and save */
and eax,edx /* the RNG and ACE flags */
or [via_flags],al /* present & enabled flags */
mov ret_value,al /* able to change it */
no_rng:
}
return (int)ret_value;
}
INLINE unsigned int via_rng_in(void *buf)
{ char ret_value = 0x1f;
__asm
{ push edi
mov edi,buf /* input buffer address */
xor edx,edx /* try to fetch 8 bytes */
NEH_RNG /* do RNG read operation */
and ret_value,al /* count of bytes returned */
pop edi
}
return (int)ret_value;
}
INLINE void via_ecb_op5(
const void *k, const void *c, const void *s, void *d, int l)
{ __asm
{ push ebx
NEH_REKEY
mov ebx, (k)
mov edx, (c)
mov esi, (s)
mov edi, (d)
mov ecx, (l)
NEH_ECB
pop ebx
}
}
INLINE void via_cbc_op6(
const void *k, const void *c, const void *s, void *d, int l, void *v)
{ __asm
{ push ebx
NEH_REKEY
mov ebx, (k)
mov edx, (c)
mov esi, (s)
mov edi, (d)
mov ecx, (l)
mov eax, (v)
NEH_CBC
pop ebx
}
}
INLINE void via_cbc_op7(
const void *k, const void *c, const void *s, void *d, int l, void *v, void *w)
{ __asm
{ push ebx
NEH_REKEY
mov ebx, (k)
mov edx, (c)
mov esi, (s)
mov edi, (d)
mov ecx, (l)
mov eax, (v)
NEH_CBC
mov esi, eax
mov edi, (w)
movsd
movsd
movsd
movsd
pop ebx
}
}
INLINE void via_cfb_op6(
const void *k, const void *c, const void *s, void *d, int l, void *v)
{ __asm
{ push ebx
NEH_REKEY
mov ebx, (k)
mov edx, (c)
mov esi, (s)
mov edi, (d)
mov ecx, (l)
mov eax, (v)
NEH_CFB
pop ebx
}
}
INLINE void via_cfb_op7(
const void *k, const void *c, const void *s, void *d, int l, void *v, void *w)
{ __asm
{ push ebx
NEH_REKEY
mov ebx, (k)
mov edx, (c)
mov esi, (s)
mov edi, (d)
mov ecx, (l)
mov eax, (v)
NEH_CFB
mov esi, eax
mov edi, (w)
movsd
movsd
movsd
movsd
pop ebx
}
}
INLINE void via_ofb_op6(
const void *k, const void *c, const void *s, void *d, int l, void *v)
{ __asm
{ push ebx
NEH_REKEY
mov ebx, (k)
mov edx, (c)
mov esi, (s)
mov edi, (d)
mov ecx, (l)
mov eax, (v)
NEH_OFB
pop ebx
}
}
#elif defined( __GNUC__ )
#define NEH_REKEY asm("pushfl\n popfl\n\t")
#define NEH_ECB asm(".byte 0xf3, 0x0f, 0xa7, 0xc8\n\t")
#define NEH_CBC asm(".byte 0xf3, 0x0f, 0xa7, 0xd0\n\t")
#define NEH_CFB asm(".byte 0xf3, 0x0f, 0xa7, 0xe0\n\t")
#define NEH_OFB asm(".byte 0xf3, 0x0f, 0xa7, 0xe8\n\t")
#define NEH_RNG asm(".byte 0x0f, 0xa7, 0xc0\n\t");
INLINE int has_cpuid(void)
{ int val;
asm("pushfl\n\t");
asm("movl 0(%esp),%eax\n\t");
asm("xor $0x00200000,%eax\n\t");
asm("pushl %eax\n\t");
asm("popfl\n\t");
asm("pushfl\n\t");
asm("popl %eax\n\t");
asm("xorl 0(%esp),%edx\n\t");
asm("andl $0x00200000,%eax\n\t");
asm("movl %%eax,%0\n\t" : "=m" (val));
asm("popfl\n\t");
return val ? 1 : 0;
}
INLINE int is_via_cpu(void)
{ int val;
asm("pushl %eax\n\t");
asm("pushl %ebx\n\t");
asm("pushl %ecx\n\t");
asm("pushl %edx\n\t");
asm("xorl %eax,%eax\n\t");
asm("cpuid\n\t");
asm("xorl %eax,%eax\n\t");
asm("subl $0x746e6543,%ebx\n\t");
asm("orl %ebx,%eax\n\t");
asm("subl $0x48727561,%edx\n\t");
asm("orl %edx,%eax\n\t");
asm("subl $0x736c7561,%ecx\n\t");
asm("orl %ecx,%eax\n\t");
asm("movl %%eax,%0\n\t" : "=m" (val));
asm("popl %edx\n\t");
asm("popl %ecx\n\t");
asm("popl %ebx\n\t");
asm("popl %eax\n\t");
val = (val ? 0 : 1);
via_flags = (val | NEH_CPU_READ);
return val;
}
INLINE int read_via_flags(void)
{ unsigned char val;
asm("movl $0xc0000000,%eax\n\t");
asm("cpuid\n\t");
asm("movl $0xc0000001,%edx\n\t");
asm("cmpl %edx,%eax\n\t");
asm("setae %al\n\t");
asm("movb %%al,%0\n\t" : "=m" (val));
if(!val) return 0;
asm("movl $0xc0000001,%eax\n\t");
asm("cpuid\n\t");
asm("movb %%dl,%0\n\t" : "=m" (val));
val &= NEH_FLAGS_MASK;
via_flags |= val;
return (int) val;
}
INLINE int via_rng_in(void *buf)
{ int val;
asm("pushl %edi\n\t");
asm("movl %0,%%edi\n\t" : : "m" (buf));
asm("xorl %edx,%edx\n\t");
NEH_RNG
asm("andl $0x0000001f,%eax\n\t");
asm("movl %%eax,%0\n\t" : "=m" (val));
asm("popl %edi\n\t");
return val;
}
INLINE volatile void via_ecb_op5(
const void *k, const void *c, const void *s, void *d, int l)
{
asm("pushl %ebx\n\t");
NEH_REKEY;
asm("movl %0, %%ebx\n\t" : : "m" (k));
asm("movl %0, %%edx\n\t" : : "m" (c));
asm("movl %0, %%esi\n\t" : : "m" (s));
asm("movl %0, %%edi\n\t" : : "m" (d));
asm("movl %0, %%ecx\n\t" : : "m" (l));
NEH_ECB;
asm("popl %ebx\n\t");
}
INLINE volatile void via_cbc_op6(
const void *k, const void *c, const void *s, void *d, int l, void *v)
{
asm("pushl %ebx\n\t");
NEH_REKEY;
asm("movl %0, %%ebx\n\t" : : "m" (k));
asm("movl %0, %%edx\n\t" : : "m" (c));
asm("movl %0, %%esi\n\t" : : "m" (s));
asm("movl %0, %%edi\n\t" : : "m" (d));
asm("movl %0, %%ecx\n\t" : : "m" (l));
asm("movl %0, %%eax\n\t" : : "m" (v));
NEH_CBC;
asm("popl %ebx\n\t");
}
INLINE volatile void via_cbc_op7(
const void *k, const void *c, const void *s, void *d, int l, void *v, void *w)
{
asm("pushl %ebx\n\t");
NEH_REKEY;
asm("movl %0, %%ebx\n\t" : : "m" (k));
asm("movl %0, %%edx\n\t" : : "m" (c));
asm("movl %0, %%esi\n\t" : : "m" (s));
asm("movl %0, %%edi\n\t" : : "m" (d));
asm("movl %0, %%ecx\n\t" : : "m" (l));
asm("movl %0, %%eax\n\t" : : "m" (v));
NEH_CBC;
asm("movl %eax,%esi\n\t");
asm("movl %0, %%edi\n\t" : : "m" (w));
asm("movsl; movsl; movsl; movsl\n\t");
asm("popl %ebx\n\t");
}
INLINE volatile void via_cfb_op6(
const void *k, const void *c, const void *s, void *d, int l, void *v)
{
asm("pushl %ebx\n\t");
NEH_REKEY;
asm("movl %0, %%ebx\n\t" : : "m" (k));
asm("movl %0, %%edx\n\t" : : "m" (c));
asm("movl %0, %%esi\n\t" : : "m" (s));
asm("movl %0, %%edi\n\t" : : "m" (d));
asm("movl %0, %%ecx\n\t" : : "m" (l));
asm("movl %0, %%eax\n\t" : : "m" (v));
NEH_CFB;
asm("popl %ebx\n\t");
}
INLINE volatile void via_cfb_op7(
const void *k, const void *c, const void *s, void *d, int l, void *v, void *w)
{
asm("pushl %ebx\n\t");
NEH_REKEY;
asm("movl %0, %%ebx\n\t" : : "m" (k));
asm("movl %0, %%edx\n\t" : : "m" (c));
asm("movl %0, %%esi\n\t" : : "m" (s));
asm("movl %0, %%edi\n\t" : : "m" (d));
asm("movl %0, %%ecx\n\t" : : "m" (l));
asm("movl %0, %%eax\n\t" : : "m" (v));
NEH_CFB;
asm("movl %eax,%esi\n\t");
asm("movl %0, %%edi\n\t" : : "m" (w));
asm("movsl; movsl; movsl; movsl\n\t");
asm("popl %ebx\n\t");
}
INLINE volatile void via_ofb_op6(
const void *k, const void *c, const void *s, void *d, int l, void *v)
{
asm("pushl %ebx\n\t");
NEH_REKEY;
asm("movl %0, %%ebx\n\t" : : "m" (k));
asm("movl %0, %%edx\n\t" : : "m" (c));
asm("movl %0, %%esi\n\t" : : "m" (s));
asm("movl %0, %%edi\n\t" : : "m" (d));
asm("movl %0, %%ecx\n\t" : : "m" (l));
asm("movl %0, %%eax\n\t" : : "m" (v));
NEH_OFB;
asm("popl %ebx\n\t");
}
#else
#error VIA ACE is not available with this compiler
#endif
INLINE int via_ace_test(void)
{
return has_cpuid() && is_via_cpu() && ((read_via_flags() & NEH_ACE_FLAGS) == NEH_ACE_FLAGS);
}
#define VIA_ACE_AVAILABLE (((via_flags & NEH_ACE_FLAGS) == NEH_ACE_FLAGS) \
|| (via_flags & NEH_CPU_READ) && (via_flags & NEH_CPU_IS_VIA) || via_ace_test())
INLINE int via_rng_test(void)
{
return has_cpuid() && is_via_cpu() && ((read_via_flags() & NEH_RNG_FLAGS) == NEH_RNG_FLAGS);
}
#define VIA_RNG_AVAILABLE (((via_flags & NEH_RNG_FLAGS) == NEH_RNG_FLAGS) \
|| (via_flags & NEH_CPU_READ) && (via_flags & NEH_CPU_IS_VIA) || via_rng_test())
INLINE int read_via_rng(void *buf, int count)
{ int nbr, max_reads, lcnt = count;
unsigned char *p, *q;
aligned_auto(unsigned char, bp, 64, 16);
if(!VIA_RNG_AVAILABLE)
return 0;
do
{
max_reads = MAX_READ_ATTEMPTS;
do
nbr = via_rng_in(bp);
while
(nbr == 0 && --max_reads);
lcnt -= nbr;
p = (unsigned char*)buf; q = bp;
while(nbr--)
*p++ = *q++;
}
while
(lcnt && max_reads);
return count - lcnt;
}
#endif

643
crypto/src/main/jni/final_key/aes/aes_x86_v1.asm Normal file
View File

@@ -0,0 +1,643 @@
; ---------------------------------------------------------------------------
; Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
;
; The redistribution and use of this software (with or without changes)
; is allowed without the payment of fees or royalties provided that:
;
; source code distributions include the above copyright notice, this
; list of conditions and the following disclaimer;
;
; binary distributions include the above copyright notice, this list
; of conditions and the following disclaimer in their documentation.
;
; This software is provided 'as is' with no explicit or implied warranties
; in respect of its operation, including, but not limited to, correctness
; and fitness for purpose.
; ---------------------------------------------------------------------------
; Issue 13/08/2008
;
; This code requires ASM_X86_V1C to be set in aesopt.h. It requires the C files
; aeskey.c and aestab.c for support.
; An AES implementation for x86 processors using the YASM (or NASM) assembler.
; This is an assembler implementation that covers encryption and decryption
; only and is intended as a replacement of the C file aescrypt.c. It hence
; requires the file aeskey.c for keying and aestab.c for the AES tables. It
; employs full tables rather than compressed tables.
; This code provides the standard AES block size (128 bits, 16 bytes) and the
; three standard AES key sizes (128, 192 and 256 bits). It has the same call
; interface as my C implementation. The ebx, esi, edi and ebp registers are
; preserved across calls but eax, ecx and edx and the artihmetic status flags
; are not. It is also important that the defines below match those used in the
; C code. This code uses the VC++ register saving conentions; if it is used
; with another compiler, conventions for using and saving registers may need to
; be checked (and calling conventions). The YASM command line for the VC++
; custom build step is:
;
; yasm -Xvc -f win32 -o "$(TargetDir)\$(InputName).obj" "$(InputPath)"
;
; The calling intefaces are:
;
; AES_RETURN aes_encrypt(const unsigned char in_blk[],
; unsigned char out_blk[], const aes_encrypt_ctx cx[1]);
;
; AES_RETURN aes_decrypt(const unsigned char in_blk[],
; unsigned char out_blk[], const aes_decrypt_ctx cx[1]);
;
; AES_RETURN aes_encrypt_key<NNN>(const unsigned char key[],
; const aes_encrypt_ctx cx[1]);
;
; AES_RETURN aes_decrypt_key<NNN>(const unsigned char key[],
; const aes_decrypt_ctx cx[1]);
;
; AES_RETURN aes_encrypt_key(const unsigned char key[],
; unsigned int len, const aes_decrypt_ctx cx[1]);
;
; AES_RETURN aes_decrypt_key(const unsigned char key[],
; unsigned int len, const aes_decrypt_ctx cx[1]);
;
; where <NNN> is 128, 102 or 256. In the last two calls the length can be in
; either bits or bytes.
; Use of this assembler code in Windows kernel mode requires memory paging
; to be disabled
%ifdef NO_PAGING
%define set_page nopage
%else
%define set_page
%endif
; Comment in/out the following lines to obtain the desired subroutines. These
; selections MUST match those in the C header file aes.h
%define AES_128 ; define if AES with 128 bit keys is needed
%define AES_192 ; define if AES with 192 bit keys is needed
%define AES_256 ; define if AES with 256 bit keys is needed
%define AES_VAR ; define if a variable key size is needed
%define ENCRYPTION ; define if encryption is needed
%define DECRYPTION ; define if decryption is needed
%define AES_REV_DKS ; define if key decryption schedule is reversed
%define LAST_ROUND_TABLES ; define if tables are to be used for last round
; offsets to parameters
in_blk equ 4 ; input byte array address parameter
out_blk equ 8 ; output byte array address parameter
ctx equ 12 ; AES context structure
stk_spc equ 20 ; stack space
%define parms 12 ; parameter space on stack
; The encryption key schedule has the following in memory layout where N is the
; number of rounds (10, 12 or 14):
;
; lo: | input key (round 0) | ; each round is four 32-bit words
; | encryption round 1 |
; | encryption round 2 |
; ....
; | encryption round N-1 |
; hi: | encryption round N |
;
; The decryption key schedule is normally set up so that it has the same
; layout as above by actually reversing the order of the encryption key
; schedule in memory (this happens when AES_REV_DKS is set):
;
; lo: | decryption round 0 | = | encryption round N |
; | decryption round 1 | = INV_MIX_COL[ | encryption round N-1 | ]
; | decryption round 2 | = INV_MIX_COL[ | encryption round N-2 | ]
; .... ....
; | decryption round N-1 | = INV_MIX_COL[ | encryption round 1 | ]
; hi: | decryption round N | = | input key (round 0) |
;
; with rounds except the first and last modified using inv_mix_column()
; But if AES_REV_DKS is NOT set the order of keys is left as it is for
; encryption so that it has to be accessed in reverse when used for
; decryption (although the inverse mix column modifications are done)
;
; lo: | decryption round 0 | = | input key (round 0) |
; | decryption round 1 | = INV_MIX_COL[ | encryption round 1 | ]
; | decryption round 2 | = INV_MIX_COL[ | encryption round 2 | ]
; .... ....
; | decryption round N-1 | = INV_MIX_COL[ | encryption round N-1 | ]
; hi: | decryption round N | = | encryption round N |
;
; This layout is faster when the assembler key scheduling provided here
; is used.
;
; The DLL interface must use the _stdcall convention in which the number
; of bytes of parameter space is added after an @ to the sutine's name.
; We must also remove our parameters from the stack before return (see
; the do_exit macro). Define DLL_EXPORT for the Dynamic Link Library version.
;%define DLL_EXPORT
; End of user defines
section .text align=32 set_page
%ifdef AES_VAR
%ifndef AES_128
%define AES_128
%endif
%ifndef AES_192
%define AES_192
%endif
%ifndef AES_256
%define AES_256
%endif
%endif
%ifdef AES_VAR
%define KS_LENGTH 60
%elifdef AES_256
%define KS_LENGTH 60
%elifdef AES_192
%define KS_LENGTH 52
%else
%define KS_LENGTH 44
%endif
; These macros implement stack based local variables
%macro save 2
mov [esp+4*%1],%2
%endmacro
%macro restore 2
mov %1,[esp+4*%2]
%endmacro
; the DLL has to implement the _stdcall calling interface on return
; In this case we have to take our parameters (3 4-byte pointers)
; off the stack
%macro do_name 1-2 parms
%ifndef DLL_EXPORT
global %1
%1:
%else
global %1@%2
export %1@%2
%1@%2:
%endif
%endmacro
%macro do_call 1-2 parms
%ifndef DLL_EXPORT
call %1
add esp,%2
%else
call %1@%2
%endif
%endmacro
%macro do_exit 0-1 parms
%ifdef DLL_EXPORT
ret %1
%else
ret
%endif
%endmacro
%ifdef ENCRYPTION
extern _t_fn
%define etab_0(x) [_t_fn+4*x]
%define etab_1(x) [_t_fn+1024+4*x]
%define etab_2(x) [_t_fn+2048+4*x]
%define etab_3(x) [_t_fn+3072+4*x]
%ifdef LAST_ROUND_TABLES
extern _t_fl
%define eltab_0(x) [_t_fl+4*x]
%define eltab_1(x) [_t_fl+1024+4*x]
%define eltab_2(x) [_t_fl+2048+4*x]
%define eltab_3(x) [_t_fl+3072+4*x]
%else
%define etab_b(x) byte [_t_fn+3072+4*x]
%endif
; ROUND FUNCTION. Build column[2] on ESI and column[3] on EDI that have the
; round keys pre-loaded. Build column[0] in EBP and column[1] in EBX.
;
; Input:
;
; EAX column[0]
; EBX column[1]
; ECX column[2]
; EDX column[3]
; ESI column key[round][2]
; EDI column key[round][3]
; EBP scratch
;
; Output:
;
; EBP column[0] unkeyed
; EBX column[1] unkeyed
; ESI column[2] keyed
; EDI column[3] keyed
; EAX scratch
; ECX scratch
; EDX scratch
%macro rnd_fun 2
rol ebx,16
%1 esi, cl, 0, ebp
%1 esi, dh, 1, ebp
%1 esi, bh, 3, ebp
%1 edi, dl, 0, ebp
%1 edi, ah, 1, ebp
%1 edi, bl, 2, ebp
%2 ebp, al, 0, ebp
shr ebx,16
and eax,0xffff0000
or eax,ebx
shr edx,16
%1 ebp, ah, 1, ebx
%1 ebp, dh, 3, ebx
%2 ebx, dl, 2, ebx
%1 ebx, ch, 1, edx
%1 ebx, al, 0, edx
shr eax,16
shr ecx,16
%1 ebp, cl, 2, edx
%1 edi, ch, 3, edx
%1 esi, al, 2, edx
%1 ebx, ah, 3, edx
%endmacro
; Basic MOV and XOR Operations for normal rounds
%macro nr_xor 4
movzx %4,%2
xor %1,etab_%3(%4)
%endmacro
%macro nr_mov 4
movzx %4,%2
mov %1,etab_%3(%4)
%endmacro
; Basic MOV and XOR Operations for last round
%ifdef LAST_ROUND_TABLES
%macro lr_xor 4
movzx %4,%2
xor %1,eltab_%3(%4)
%endmacro
%macro lr_mov 4
movzx %4,%2
mov %1,eltab_%3(%4)
%endmacro
%else
%macro lr_xor 4
movzx %4,%2
movzx %4,etab_b(%4)
%if %3 != 0
shl %4,8*%3
%endif
xor %1,%4
%endmacro
%macro lr_mov 4
movzx %4,%2
movzx %1,etab_b(%4)
%if %3 != 0
shl %1,8*%3
%endif
%endmacro
%endif
%macro enc_round 0
add ebp,16
save 0,ebp
mov esi,[ebp+8]
mov edi,[ebp+12]
rnd_fun nr_xor, nr_mov
mov eax,ebp
mov ecx,esi
mov edx,edi
restore ebp,0
xor eax,[ebp]
xor ebx,[ebp+4]
%endmacro
%macro enc_last_round 0
add ebp,16
save 0,ebp
mov esi,[ebp+8]
mov edi,[ebp+12]
rnd_fun lr_xor, lr_mov
mov eax,ebp
restore ebp,0
xor eax,[ebp]
xor ebx,[ebp+4]
%endmacro
; AES Encryption Subroutine
align 32
do_name _aes_encrypt
sub esp,stk_spc
mov [esp+16],ebp
mov [esp+12],ebx
mov [esp+ 8],esi
mov [esp+ 4],edi
mov esi,[esp+in_blk+stk_spc] ; input pointer
mov eax,[esi ]
mov ebx,[esi+ 4]
mov ecx,[esi+ 8]
mov edx,[esi+12]
mov ebp,[esp+ctx+stk_spc] ; key pointer
movzx edi,byte [ebp+4*KS_LENGTH]
xor eax,[ebp ]
xor ebx,[ebp+ 4]
xor ecx,[ebp+ 8]
xor edx,[ebp+12]
; determine the number of rounds
cmp edi,10*16
je .3
cmp edi,12*16
je .2
cmp edi,14*16
je .1
mov eax,-1
jmp .5
.1: enc_round
enc_round
.2: enc_round
enc_round
.3: enc_round
enc_round
enc_round
enc_round
enc_round
enc_round
enc_round
enc_round
enc_round
enc_last_round
mov edx,[esp+out_blk+stk_spc]
mov [edx],eax
mov [edx+4],ebx
mov [edx+8],esi
mov [edx+12],edi
xor eax,eax
.5: mov ebp,[esp+16]
mov ebx,[esp+12]
mov esi,[esp+ 8]
mov edi,[esp+ 4]
add esp,stk_spc
do_exit
%endif
%ifdef DECRYPTION
extern _t_in
%define dtab_0(x) [_t_in+4*x]
%define dtab_1(x) [_t_in+1024+4*x]
%define dtab_2(x) [_t_in+2048+4*x]
%define dtab_3(x) [_t_in+3072+4*x]
%ifdef LAST_ROUND_TABLES
extern _t_il
%define dltab_0(x) [_t_il+4*x]
%define dltab_1(x) [_t_il+1024+4*x]
%define dltab_2(x) [_t_il+2048+4*x]
%define dltab_3(x) [_t_il+3072+4*x]
%else
extern _t_ibox
%define dtab_x(x) byte [_t_ibox+x]
%endif
%macro irn_fun 2
rol eax,16
%1 esi, cl, 0, ebp
%1 esi, bh, 1, ebp
%1 esi, al, 2, ebp
%1 edi, dl, 0, ebp
%1 edi, ch, 1, ebp
%1 edi, ah, 3, ebp
%2 ebp, bl, 0, ebp
shr eax,16
and ebx,0xffff0000
or ebx,eax
shr ecx,16
%1 ebp, bh, 1, eax
%1 ebp, ch, 3, eax
%2 eax, cl, 2, ecx
%1 eax, bl, 0, ecx
%1 eax, dh, 1, ecx
shr ebx,16
shr edx,16
%1 esi, dh, 3, ecx
%1 ebp, dl, 2, ecx
%1 eax, bh, 3, ecx
%1 edi, bl, 2, ecx
%endmacro
; Basic MOV and XOR Operations for normal rounds
%macro ni_xor 4
movzx %4,%2
xor %1,dtab_%3(%4)
%endmacro
%macro ni_mov 4
movzx %4,%2
mov %1,dtab_%3(%4)
%endmacro
; Basic MOV and XOR Operations for last round
%ifdef LAST_ROUND_TABLES
%macro li_xor 4
movzx %4,%2
xor %1,dltab_%3(%4)
%endmacro
%macro li_mov 4
movzx %4,%2
mov %1,dltab_%3(%4)
%endmacro
%else
%macro li_xor 4
movzx %4,%2
movzx %4,dtab_x(%4)
%if %3 != 0
shl %4,8*%3
%endif
xor %1,%4
%endmacro
%macro li_mov 4
movzx %4,%2
movzx %1,dtab_x(%4)
%if %3 != 0
shl %1,8*%3
%endif
%endmacro
%endif
%macro dec_round 0
%ifdef AES_REV_DKS
add ebp,16
%else
sub ebp,16
%endif
save 0,ebp
mov esi,[ebp+8]
mov edi,[ebp+12]
irn_fun ni_xor, ni_mov
mov ebx,ebp
mov ecx,esi
mov edx,edi
restore ebp,0
xor eax,[ebp]
xor ebx,[ebp+4]
%endmacro
%macro dec_last_round 0
%ifdef AES_REV_DKS
add ebp,16
%else
sub ebp,16
%endif
save 0,ebp
mov esi,[ebp+8]
mov edi,[ebp+12]
irn_fun li_xor, li_mov
mov ebx,ebp
restore ebp,0
xor eax,[ebp]
xor ebx,[ebp+4]
%endmacro
; AES Decryption Subroutine
align 32
do_name _aes_decrypt
sub esp,stk_spc
mov [esp+16],ebp
mov [esp+12],ebx
mov [esp+ 8],esi
mov [esp+ 4],edi
; input four columns and xor in first round key
mov esi,[esp+in_blk+stk_spc] ; input pointer
mov eax,[esi ]
mov ebx,[esi+ 4]
mov ecx,[esi+ 8]
mov edx,[esi+12]
lea esi,[esi+16]
mov ebp,[esp+ctx+stk_spc] ; key pointer
movzx edi,byte[ebp+4*KS_LENGTH]
%ifndef AES_REV_DKS ; if decryption key schedule is not reversed
lea ebp,[ebp+edi] ; we have to access it from the top down
%endif
xor eax,[ebp ] ; key schedule
xor ebx,[ebp+ 4]
xor ecx,[ebp+ 8]
xor edx,[ebp+12]
; determine the number of rounds
cmp edi,10*16
je .3
cmp edi,12*16
je .2
cmp edi,14*16
je .1
mov eax,-1
jmp .5
.1: dec_round
dec_round
.2: dec_round
dec_round
.3: dec_round
dec_round
dec_round
dec_round
dec_round
dec_round
dec_round
dec_round
dec_round
dec_last_round
; move final values to the output array.
mov ebp,[esp+out_blk+stk_spc]
mov [ebp],eax
mov [ebp+4],ebx
mov [ebp+8],esi
mov [ebp+12],edi
xor eax,eax
.5: mov ebp,[esp+16]
mov ebx,[esp+12]
mov esi,[esp+ 8]
mov edi,[esp+ 4]
add esp,stk_spc
do_exit
%endif
end

1396
crypto/src/main/jni/final_key/aes/aes_x86_v2.asm Normal file
View File

File diff suppressed because it is too large Load Diff

141
crypto/src/main/jni/final_key/aes/aescpp.h Normal file
View File

@@ -0,0 +1,141 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
This file contains the definitions required to use AES (Rijndael) in C++.
*/
#ifndef _AESCPP_H
#define _AESCPP_H
#include "aes.h"
#if defined( AES_ENCRYPT )
class AESencrypt
{
public:
aes_encrypt_ctx cx[1];
AESencrypt(void) { aes_init(); };
#if defined(AES_128)
AESencrypt(const unsigned char key[])
{ aes_encrypt_key128(key, cx); }
AES_RETURN key128(const unsigned char key[])
{ return aes_encrypt_key128(key, cx); }
#endif
#if defined(AES_192)
AES_RETURN key192(const unsigned char key[])
{ return aes_encrypt_key192(key, cx); }
#endif
#if defined(AES_256)
AES_RETURN key256(const unsigned char key[])
{ return aes_encrypt_key256(key, cx); }
#endif
#if defined(AES_VAR)
AES_RETURN key(const unsigned char key[], int key_len)
{ return aes_encrypt_key(key, key_len, cx); }
#endif
AES_RETURN encrypt(const unsigned char in[], unsigned char out[]) const
{ return aes_encrypt(in, out, cx); }
#ifndef AES_MODES
AES_RETURN ecb_encrypt(const unsigned char in[], unsigned char out[], int nb) const
{ while(nb--)
{ aes_encrypt(in, out, cx), in += AES_BLOCK_SIZE, out += AES_BLOCK_SIZE; }
}
#endif
#ifdef AES_MODES
AES_RETURN mode_reset(void) { return aes_mode_reset(cx); }
AES_RETURN ecb_encrypt(const unsigned char in[], unsigned char out[], int nb) const
{ return aes_ecb_encrypt(in, out, nb, cx); }
AES_RETURN cbc_encrypt(const unsigned char in[], unsigned char out[], int nb,
unsigned char iv[]) const
{ return aes_cbc_encrypt(in, out, nb, iv, cx); }
AES_RETURN cfb_encrypt(const unsigned char in[], unsigned char out[], int nb,
unsigned char iv[])
{ return aes_cfb_encrypt(in, out, nb, iv, cx); }
AES_RETURN cfb_decrypt(const unsigned char in[], unsigned char out[], int nb,
unsigned char iv[])
{ return aes_cfb_decrypt(in, out, nb, iv, cx); }
AES_RETURN ofb_crypt(const unsigned char in[], unsigned char out[], int nb,
unsigned char iv[])
{ return aes_ofb_crypt(in, out, nb, iv, cx); }
typedef void ctr_fn(unsigned char ctr[]);
AES_RETURN ctr_crypt(const unsigned char in[], unsigned char out[], int nb,
unsigned char iv[], ctr_fn cf)
{ return aes_ctr_crypt(in, out, nb, iv, cf, cx); }
#endif
};
#endif
#if defined( AES_DECRYPT )
class AESdecrypt
{
public:
aes_decrypt_ctx cx[1];
AESdecrypt(void) { aes_init(); };
#if defined(AES_128)
AESdecrypt(const unsigned char key[])
{ aes_decrypt_key128(key, cx); }
AES_RETURN key128(const unsigned char key[])
{ return aes_decrypt_key128(key, cx); }
#endif
#if defined(AES_192)
AES_RETURN key192(const unsigned char key[])
{ return aes_decrypt_key192(key, cx); }
#endif
#if defined(AES_256)
AES_RETURN key256(const unsigned char key[])
{ return aes_decrypt_key256(key, cx); }
#endif
#if defined(AES_VAR)
AES_RETURN key(const unsigned char key[], int key_len)
{ return aes_decrypt_key(key, key_len, cx); }
#endif
AES_RETURN decrypt(const unsigned char in[], unsigned char out[]) const
{ return aes_decrypt(in, out, cx); }
#ifndef AES_MODES
AES_RETURN ecb_decrypt(const unsigned char in[], unsigned char out[], int nb) const
{ while(nb--)
{ aes_decrypt(in, out, cx), in += AES_BLOCK_SIZE, out += AES_BLOCK_SIZE; }
}
#endif
#ifdef AES_MODES
AES_RETURN ecb_decrypt(const unsigned char in[], unsigned char out[], int nb) const
{ return aes_ecb_decrypt(in, out, nb, cx); }
AES_RETURN cbc_decrypt(const unsigned char in[], unsigned char out[], int nb,
unsigned char iv[]) const
{ return aes_cbc_decrypt(in, out, nb, iv, cx); }
#endif
};
#endif
#endif

301
crypto/src/main/jni/final_key/aes/aescrypt.c Normal file
View File

@@ -0,0 +1,301 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
*/
#include "aesopt.h"
#include "aestab.h"
#if defined( USE_INTEL_AES_IF_PRESENT )
# include "aes_ni.h"
#else
/* map names here to provide the external API ('name' -> 'aes_name') */
# define aes_xi(x) aes_ ## x
#endif
#if defined(__cplusplus)
extern "C"
{
#endif
#define si(y,x,k,c) (s(y,c) = word_in(x, c) ^ (k)[c])
#define so(y,x,c) word_out(y, c, s(x,c))
#if defined(ARRAYS)
#define locals(y,x) x[4],y[4]
#else
#define locals(y,x) x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3
#endif
#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \
s(y,2) = s(x,2); s(y,3) = s(x,3);
#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3)
#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3)
#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3)
#if ( FUNCS_IN_C & ENCRYPTION_IN_C )
/* Visual C++ .Net v7.1 provides the fastest encryption code when using
Pentium optimisation with small code but this is poor for decryption
so we need to control this with the following VC++ pragmas
*/
#if defined( _MSC_VER ) && !defined( _WIN64 ) && !defined( __clang__ )
#pragma optimize( "s", on )
#endif
/* Given the column (c) of the output state variable, the following
macros give the input state variables which are needed in its
computation for each row (r) of the state. All the alternative
macros give the same end values but expand into different ways
of calculating these values. In particular the complex macro
used for dynamically variable block sizes is designed to expand
to a compile time constant whenever possible but will expand to
conditional clauses on some branches (I am grateful to Frank
Yellin for this construction)
*/
#define fwd_var(x,r,c)\
( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\
: r == 1 ? ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0))\
: r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\
: ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2)))
#if defined(FT4_SET)
#undef dec_fmvars
#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,n),fwd_var,rf1,c))
#elif defined(FT1_SET)
#undef dec_fmvars
#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(f,n),fwd_var,rf1,c))
#else
#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ fwd_mcol(no_table(x,t_use(s,box),fwd_var,rf1,c)))
#endif
#if defined(FL4_SET)
#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,l),fwd_var,rf1,c))
#elif defined(FL1_SET)
#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(f,l),fwd_var,rf1,c))
#else
#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(s,box),fwd_var,rf1,c))
#endif
AES_RETURN aes_xi(encrypt)(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1])
{ uint32_t locals(b0, b1);
const uint32_t *kp;
#if defined( dec_fmvars )
dec_fmvars; /* declare variables for fwd_mcol() if needed */
#endif
if(cx->inf.b[0] != 10 * AES_BLOCK_SIZE && cx->inf.b[0] != 12 * AES_BLOCK_SIZE && cx->inf.b[0] != 14 * AES_BLOCK_SIZE)
return EXIT_FAILURE;
kp = cx->ks;
state_in(b0, in, kp);
#if (ENC_UNROLL == FULL)
switch(cx->inf.b[0])
{
case 14 * AES_BLOCK_SIZE:
round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
kp += 2 * N_COLS;
case 12 * AES_BLOCK_SIZE:
round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
kp += 2 * N_COLS;
case 10 * AES_BLOCK_SIZE:
round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
round(fwd_rnd, b1, b0, kp + 3 * N_COLS);
round(fwd_rnd, b0, b1, kp + 4 * N_COLS);
round(fwd_rnd, b1, b0, kp + 5 * N_COLS);
round(fwd_rnd, b0, b1, kp + 6 * N_COLS);
round(fwd_rnd, b1, b0, kp + 7 * N_COLS);
round(fwd_rnd, b0, b1, kp + 8 * N_COLS);
round(fwd_rnd, b1, b0, kp + 9 * N_COLS);
round(fwd_lrnd, b0, b1, kp +10 * N_COLS);
}
#else
#if (ENC_UNROLL == PARTIAL)
{ uint32_t rnd;
for(rnd = 0; rnd < (cx->inf.b[0] >> 5) - 1ul; ++rnd)
{
kp += N_COLS;
round(fwd_rnd, b1, b0, kp);
kp += N_COLS;
round(fwd_rnd, b0, b1, kp);
}
kp += N_COLS;
round(fwd_rnd, b1, b0, kp);
#else
{ uint32_t rnd;
for(rnd = 0; rnd < (cx->inf.b[0] >> 4) - 1ul; ++rnd)
{
kp += N_COLS;
round(fwd_rnd, b1, b0, kp);
l_copy(b0, b1);
}
#endif
kp += N_COLS;
round(fwd_lrnd, b0, b1, kp);
}
#endif
state_out(out, b0);
return EXIT_SUCCESS;
}
#endif
#if ( FUNCS_IN_C & DECRYPTION_IN_C)
/* Visual C++ .Net v7.1 provides the fastest encryption code when using
Pentium optimisation with small code but this is poor for decryption
so we need to control this with the following VC++ pragmas
*/
#if defined( _MSC_VER ) && !defined( _WIN64 ) && !defined( __clang__ )
#pragma optimize( "t", on )
#endif
/* Given the column (c) of the output state variable, the following
macros give the input state variables which are needed in its
computation for each row (r) of the state. All the alternative
macros give the same end values but expand into different ways
of calculating these values. In particular the complex macro
used for dynamically variable block sizes is designed to expand
to a compile time constant whenever possible but will expand to
conditional clauses on some branches (I am grateful to Frank
Yellin for this construction)
*/
#define inv_var(x,r,c)\
( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\
: r == 1 ? ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2))\
: r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\
: ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0)))
#if defined(IT4_SET)
#undef dec_imvars
#define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,n),inv_var,rf1,c))
#elif defined(IT1_SET)
#undef dec_imvars
#define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(i,n),inv_var,rf1,c))
#else
#define inv_rnd(y,x,k,c) (s(y,c) = inv_mcol((k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c)))
#endif
#if defined(IL4_SET)
#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,l),inv_var,rf1,c))
#elif defined(IL1_SET)
#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(i,l),inv_var,rf1,c))
#else
#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c))
#endif
/* This code can work with the decryption key schedule in the */
/* order that is used for encryption (where the 1st decryption */
/* round key is at the high end ot the schedule) or with a key */
/* schedule that has been reversed to put the 1st decryption */
/* round key at the low end of the schedule in memory (when */
/* AES_REV_DKS is defined) */
#ifdef AES_REV_DKS
#define key_ofs 0
#define rnd_key(n) (kp + n * N_COLS)
#else
#define key_ofs 1
#define rnd_key(n) (kp - n * N_COLS)
#endif
AES_RETURN aes_xi(decrypt)(const unsigned char *in, unsigned char *out, const aes_decrypt_ctx cx[1])
{ uint32_t locals(b0, b1);
#if defined( dec_imvars )
dec_imvars; /* declare variables for inv_mcol() if needed */
#endif
const uint32_t *kp;
if(cx->inf.b[0] != 10 * AES_BLOCK_SIZE && cx->inf.b[0] != 12 * AES_BLOCK_SIZE && cx->inf.b[0] != 14 * AES_BLOCK_SIZE)
return EXIT_FAILURE;
kp = cx->ks + (key_ofs ? (cx->inf.b[0] >> 2) : 0);
state_in(b0, in, kp);
#if (DEC_UNROLL == FULL)
kp = cx->ks + (key_ofs ? 0 : (cx->inf.b[0] >> 2));
switch(cx->inf.b[0])
{
case 14 * AES_BLOCK_SIZE:
round(inv_rnd, b1, b0, rnd_key(-13));
round(inv_rnd, b0, b1, rnd_key(-12));
case 12 * AES_BLOCK_SIZE:
round(inv_rnd, b1, b0, rnd_key(-11));
round(inv_rnd, b0, b1, rnd_key(-10));
case 10 * AES_BLOCK_SIZE:
round(inv_rnd, b1, b0, rnd_key(-9));
round(inv_rnd, b0, b1, rnd_key(-8));
round(inv_rnd, b1, b0, rnd_key(-7));
round(inv_rnd, b0, b1, rnd_key(-6));
round(inv_rnd, b1, b0, rnd_key(-5));
round(inv_rnd, b0, b1, rnd_key(-4));
round(inv_rnd, b1, b0, rnd_key(-3));
round(inv_rnd, b0, b1, rnd_key(-2));
round(inv_rnd, b1, b0, rnd_key(-1));
round(inv_lrnd, b0, b1, rnd_key( 0));
}
#else
#if (DEC_UNROLL == PARTIAL)
{ uint32_t rnd;
for(rnd = 0; rnd < (cx->inf.b[0] >> 5) - 1ul; ++rnd)
{
kp = rnd_key(1);
round(inv_rnd, b1, b0, kp);
kp = rnd_key(1);
round(inv_rnd, b0, b1, kp);
}
kp = rnd_key(1);
round(inv_rnd, b1, b0, kp);
#else
{ uint32_t rnd;
for(rnd = 0; rnd < (cx->inf.b[0] >> 4) - 1ul; ++rnd)
{
kp = rnd_key(1);
round(inv_rnd, b1, b0, kp);
l_copy(b0, b1);
}
#endif
kp = rnd_key(1);
round(inv_lrnd, b0, b1, kp);
}
#endif
state_out(out, b0);
return EXIT_SUCCESS;
}
#endif
#if defined(__cplusplus)
}
#endif

573
crypto/src/main/jni/final_key/aes/aeskey.c Normal file
View File

@@ -0,0 +1,573 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
*/
#include "aesopt.h"
#include "aestab.h"
#if defined( USE_INTEL_AES_IF_PRESENT )
# include "aes_ni.h"
#else
/* map names here to provide the external API ('name' -> 'aes_name') */
# define aes_xi(x) aes_ ## x
#endif
#ifdef USE_VIA_ACE_IF_PRESENT
# include "aes_via_ace.h"
#endif
#if defined(__cplusplus)
extern "C"
{
#endif
/* Use the low bit in the context's inf.b[2] as a flag to
indicate whether a context was initialized for encryption
or decryption.
*/
#define MARK_AS_ENCRYPTION_CTX(cx) (cx)->inf.b[2] |= (uint8_t)0x01
#define MARK_AS_DECRYPTION_CTX(cx) (cx)->inf.b[2] &= (uint8_t)0xfe
/* Initialise the key schedule from the user supplied key. The key
length can be specified in bytes, with legal values of 16, 24
and 32, or in bits, with legal values of 128, 192 and 256. These
values correspond with Nk values of 4, 6 and 8 respectively.
The following macros implement a single cycle in the key
schedule generation process. The number of cycles needed
for each cx->n_col and nk value is:
nk = 4 5 6 7 8
------------------------------
cx->n_col = 4 10 9 8 7 7
cx->n_col = 5 14 11 10 9 9
cx->n_col = 6 19 15 12 11 11
cx->n_col = 7 21 19 16 13 14
cx->n_col = 8 29 23 19 17 14
*/
#if defined( REDUCE_CODE_SIZE )
# define ls_box ls_sub
uint32_t ls_sub(const uint32_t t, const uint32_t n);
# define inv_mcol im_sub
uint32_t im_sub(const uint32_t x);
# ifdef ENC_KS_UNROLL
# undef ENC_KS_UNROLL
# endif
# ifdef DEC_KS_UNROLL
# undef DEC_KS_UNROLL
# endif
#endif
#if (FUNCS_IN_C & ENC_KEYING_IN_C)
#if defined(AES_128) || defined( AES_VAR )
#define ke4(k,i) \
{ k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; \
k[4*(i)+5] = ss[1] ^= ss[0]; \
k[4*(i)+6] = ss[2] ^= ss[1]; \
k[4*(i)+7] = ss[3] ^= ss[2]; \
}
AES_RETURN aes_xi(encrypt_key128)(const unsigned char *key, aes_encrypt_ctx cx[1])
{ uint32_t ss[4];
cx->ks[0] = ss[0] = word_in(key, 0);
cx->ks[1] = ss[1] = word_in(key, 1);
cx->ks[2] = ss[2] = word_in(key, 2);
cx->ks[3] = ss[3] = word_in(key, 3);
#ifdef ENC_KS_UNROLL
ke4(cx->ks, 0); ke4(cx->ks, 1);
ke4(cx->ks, 2); ke4(cx->ks, 3);
ke4(cx->ks, 4); ke4(cx->ks, 5);
ke4(cx->ks, 6); ke4(cx->ks, 7);
ke4(cx->ks, 8);
#else
{ uint32_t i;
for(i = 0; i < 9; ++i)
ke4(cx->ks, i);
}
#endif
ke4(cx->ks, 9);
cx->inf.l = 0;
cx->inf.b[0] = 10 * AES_BLOCK_SIZE;
#ifdef USE_VIA_ACE_IF_PRESENT
if(VIA_ACE_AVAILABLE)
cx->inf.b[1] = 0xff;
#endif
MARK_AS_ENCRYPTION_CTX(cx);
return EXIT_SUCCESS;
}
#endif
#if defined(AES_192) || defined( AES_VAR )
#define kef6(k,i) \
{ k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; \
k[6*(i)+ 7] = ss[1] ^= ss[0]; \
k[6*(i)+ 8] = ss[2] ^= ss[1]; \
k[6*(i)+ 9] = ss[3] ^= ss[2]; \
}
#define ke6(k,i) \
{ kef6(k,i); \
k[6*(i)+10] = ss[4] ^= ss[3]; \
k[6*(i)+11] = ss[5] ^= ss[4]; \
}
AES_RETURN aes_xi(encrypt_key192)(const unsigned char *key, aes_encrypt_ctx cx[1])
{ uint32_t ss[6];
cx->ks[0] = ss[0] = word_in(key, 0);
cx->ks[1] = ss[1] = word_in(key, 1);
cx->ks[2] = ss[2] = word_in(key, 2);
cx->ks[3] = ss[3] = word_in(key, 3);
cx->ks[4] = ss[4] = word_in(key, 4);
cx->ks[5] = ss[5] = word_in(key, 5);
#ifdef ENC_KS_UNROLL
ke6(cx->ks, 0); ke6(cx->ks, 1);
ke6(cx->ks, 2); ke6(cx->ks, 3);
ke6(cx->ks, 4); ke6(cx->ks, 5);
ke6(cx->ks, 6);
#else
{ uint32_t i;
for(i = 0; i < 7; ++i)
ke6(cx->ks, i);
}
#endif
kef6(cx->ks, 7);
cx->inf.l = 0;
cx->inf.b[0] = 12 * AES_BLOCK_SIZE;
#ifdef USE_VIA_ACE_IF_PRESENT
if(VIA_ACE_AVAILABLE)
cx->inf.b[1] = 0xff;
#endif
MARK_AS_ENCRYPTION_CTX(cx);
return EXIT_SUCCESS;
}
#endif
#if defined(AES_256) || defined( AES_VAR )
#define kef8(k,i) \
{ k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; \
k[8*(i)+ 9] = ss[1] ^= ss[0]; \
k[8*(i)+10] = ss[2] ^= ss[1]; \
k[8*(i)+11] = ss[3] ^= ss[2]; \
}
#define ke8(k,i) \
{ kef8(k,i); \
k[8*(i)+12] = ss[4] ^= ls_box(ss[3],0); \
k[8*(i)+13] = ss[5] ^= ss[4]; \
k[8*(i)+14] = ss[6] ^= ss[5]; \
k[8*(i)+15] = ss[7] ^= ss[6]; \
}
AES_RETURN aes_xi(encrypt_key256)(const unsigned char *key, aes_encrypt_ctx cx[1])
{ uint32_t ss[8];
cx->ks[0] = ss[0] = word_in(key, 0);
cx->ks[1] = ss[1] = word_in(key, 1);
cx->ks[2] = ss[2] = word_in(key, 2);
cx->ks[3] = ss[3] = word_in(key, 3);
cx->ks[4] = ss[4] = word_in(key, 4);
cx->ks[5] = ss[5] = word_in(key, 5);
cx->ks[6] = ss[6] = word_in(key, 6);
cx->ks[7] = ss[7] = word_in(key, 7);
#ifdef ENC_KS_UNROLL
ke8(cx->ks, 0); ke8(cx->ks, 1);
ke8(cx->ks, 2); ke8(cx->ks, 3);
ke8(cx->ks, 4); ke8(cx->ks, 5);
#else
{ uint32_t i;
for(i = 0; i < 6; ++i)
ke8(cx->ks, i);
}
#endif
kef8(cx->ks, 6);
cx->inf.l = 0;
cx->inf.b[0] = 14 * AES_BLOCK_SIZE;
#ifdef USE_VIA_ACE_IF_PRESENT
if(VIA_ACE_AVAILABLE)
cx->inf.b[1] = 0xff;
#endif
MARK_AS_ENCRYPTION_CTX(cx);
return EXIT_SUCCESS;
}
#endif
#endif
#if (FUNCS_IN_C & DEC_KEYING_IN_C)
/* this is used to store the decryption round keys */
/* in forward or reverse order */
#ifdef AES_REV_DKS
#define v(n,i) ((n) - (i) + 2 * ((i) & 3))
#else
#define v(n,i) (i)
#endif
#if DEC_ROUND == NO_TABLES
#define ff(x) (x)
#else
#define ff(x) inv_mcol(x)
#if defined( dec_imvars )
#define d_vars dec_imvars
#endif
#endif
#if defined(AES_128) || defined( AES_VAR )
#define k4e(k,i) \
{ k[v(40,(4*(i))+4)] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; \
k[v(40,(4*(i))+5)] = ss[1] ^= ss[0]; \
k[v(40,(4*(i))+6)] = ss[2] ^= ss[1]; \
k[v(40,(4*(i))+7)] = ss[3] ^= ss[2]; \
}
#if 1
#define kdf4(k,i) \
{ ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; \
ss[1] = ss[1] ^ ss[3]; \
ss[2] = ss[2] ^ ss[3]; \
ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; \
ss[i % 4] ^= ss[4]; \
ss[4] ^= k[v(40,(4*(i)))]; k[v(40,(4*(i))+4)] = ff(ss[4]); \
ss[4] ^= k[v(40,(4*(i))+1)]; k[v(40,(4*(i))+5)] = ff(ss[4]); \
ss[4] ^= k[v(40,(4*(i))+2)]; k[v(40,(4*(i))+6)] = ff(ss[4]); \
ss[4] ^= k[v(40,(4*(i))+3)]; k[v(40,(4*(i))+7)] = ff(ss[4]); \
}
#define kd4(k,i) \
{ ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; \
ss[i % 4] ^= ss[4]; ss[4] = ff(ss[4]); \
k[v(40,(4*(i))+4)] = ss[4] ^= k[v(40,(4*(i)))]; \
k[v(40,(4*(i))+5)] = ss[4] ^= k[v(40,(4*(i))+1)]; \
k[v(40,(4*(i))+6)] = ss[4] ^= k[v(40,(4*(i))+2)]; \
k[v(40,(4*(i))+7)] = ss[4] ^= k[v(40,(4*(i))+3)]; \
}
#define kdl4(k,i) \
{ ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
k[v(40,(4*(i))+4)] = (ss[0] ^= ss[1]) ^ ss[2] ^ ss[3]; \
k[v(40,(4*(i))+5)] = ss[1] ^ ss[3]; \
k[v(40,(4*(i))+6)] = ss[0]; \
k[v(40,(4*(i))+7)] = ss[1]; \
}
#else
#define kdf4(k,i) \
{ ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[v(40,(4*(i))+ 4)] = ff(ss[0]); \
ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ff(ss[1]); \
ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ff(ss[2]); \
ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ff(ss[3]); \
}
#define kd4(k,i) \
{ ss[4] = ls_box(ss[3],3) ^ t_use(r,c)[i]; \
ss[0] ^= ss[4]; ss[4] = ff(ss[4]); k[v(40,(4*(i))+ 4)] = ss[4] ^= k[v(40,(4*(i)))]; \
ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ss[4] ^= k[v(40,(4*(i))+ 1)]; \
ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ss[4] ^= k[v(40,(4*(i))+ 2)]; \
ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ss[4] ^= k[v(40,(4*(i))+ 3)]; \
}
#define kdl4(k,i) \
{ ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[v(40,(4*(i))+ 4)] = ss[0]; \
ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ss[1]; \
ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ss[2]; \
ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ss[3]; \
}
#endif
AES_RETURN aes_xi(decrypt_key128)(const unsigned char *key, aes_decrypt_ctx cx[1])
{ uint32_t ss[5];
#if defined( d_vars )
d_vars;
#endif
cx->ks[v(40,(0))] = ss[0] = word_in(key, 0);
cx->ks[v(40,(1))] = ss[1] = word_in(key, 1);
cx->ks[v(40,(2))] = ss[2] = word_in(key, 2);
cx->ks[v(40,(3))] = ss[3] = word_in(key, 3);
#ifdef DEC_KS_UNROLL
kdf4(cx->ks, 0); kd4(cx->ks, 1);
kd4(cx->ks, 2); kd4(cx->ks, 3);
kd4(cx->ks, 4); kd4(cx->ks, 5);
kd4(cx->ks, 6); kd4(cx->ks, 7);
kd4(cx->ks, 8); kdl4(cx->ks, 9);
#else
{ uint32_t i;
for(i = 0; i < 10; ++i)
k4e(cx->ks, i);
#if !(DEC_ROUND == NO_TABLES)
for(i = N_COLS; i < 10 * N_COLS; ++i)
cx->ks[i] = inv_mcol(cx->ks[i]);
#endif
}
#endif
cx->inf.l = 0;
cx->inf.b[0] = 10 * AES_BLOCK_SIZE;
#ifdef USE_VIA_ACE_IF_PRESENT
if(VIA_ACE_AVAILABLE)
cx->inf.b[1] = 0xff;
#endif
MARK_AS_DECRYPTION_CTX(cx);
return EXIT_SUCCESS;
}
#endif
#if defined(AES_192) || defined( AES_VAR )
#define k6ef(k,i) \
{ k[v(48,(6*(i))+ 6)] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; \
k[v(48,(6*(i))+ 7)] = ss[1] ^= ss[0]; \
k[v(48,(6*(i))+ 8)] = ss[2] ^= ss[1]; \
k[v(48,(6*(i))+ 9)] = ss[3] ^= ss[2]; \
}
#define k6e(k,i) \
{ k6ef(k,i); \
k[v(48,(6*(i))+10)] = ss[4] ^= ss[3]; \
k[v(48,(6*(i))+11)] = ss[5] ^= ss[4]; \
}
#define kdf6(k,i) \
{ ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[v(48,(6*(i))+ 6)] = ff(ss[0]); \
ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ff(ss[1]); \
ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ff(ss[2]); \
ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ff(ss[3]); \
ss[4] ^= ss[3]; k[v(48,(6*(i))+10)] = ff(ss[4]); \
ss[5] ^= ss[4]; k[v(48,(6*(i))+11)] = ff(ss[5]); \
}
#define kd6(k,i) \
{ ss[6] = ls_box(ss[5],3) ^ t_use(r,c)[i]; \
ss[0] ^= ss[6]; ss[6] = ff(ss[6]); k[v(48,(6*(i))+ 6)] = ss[6] ^= k[v(48,(6*(i)))]; \
ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ss[6] ^= k[v(48,(6*(i))+ 1)]; \
ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ss[6] ^= k[v(48,(6*(i))+ 2)]; \
ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[6] ^= k[v(48,(6*(i))+ 3)]; \
ss[4] ^= ss[3]; k[v(48,(6*(i))+10)] = ss[6] ^= k[v(48,(6*(i))+ 4)]; \
ss[5] ^= ss[4]; k[v(48,(6*(i))+11)] = ss[6] ^= k[v(48,(6*(i))+ 5)]; \
}
#define kdl6(k,i) \
{ ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[v(48,(6*(i))+ 6)] = ss[0]; \
ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ss[1]; \
ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ss[2]; \
ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[3]; \
}
AES_RETURN aes_xi(decrypt_key192)(const unsigned char *key, aes_decrypt_ctx cx[1])
{ uint32_t ss[7];
#if defined( d_vars )
d_vars;
#endif
cx->ks[v(48,(0))] = ss[0] = word_in(key, 0);
cx->ks[v(48,(1))] = ss[1] = word_in(key, 1);
cx->ks[v(48,(2))] = ss[2] = word_in(key, 2);
cx->ks[v(48,(3))] = ss[3] = word_in(key, 3);
#ifdef DEC_KS_UNROLL
ss[4] = word_in(key, 4);
ss[5] = word_in(key, 5);
cx->ks[v(48, (4))] = ff(ss[4]);
cx->ks[v(48, (5))] = ff(ss[5]);
kdf6(cx->ks, 0); kd6(cx->ks, 1);
kd6(cx->ks, 2); kd6(cx->ks, 3);
kd6(cx->ks, 4); kd6(cx->ks, 5);
kd6(cx->ks, 6); kdl6(cx->ks, 7);
#else
cx->ks[v(48,(4))] = ss[4] = word_in(key, 4);
cx->ks[v(48,(5))] = ss[5] = word_in(key, 5);
{ uint32_t i;
for(i = 0; i < 7; ++i)
k6e(cx->ks, i);
k6ef(cx->ks, 7);
#if !(DEC_ROUND == NO_TABLES)
for(i = N_COLS; i < 12 * N_COLS; ++i)
cx->ks[i] = inv_mcol(cx->ks[i]);
#endif
}
#endif
cx->inf.l = 0;
cx->inf.b[0] = 12 * AES_BLOCK_SIZE;
#ifdef USE_VIA_ACE_IF_PRESENT
if(VIA_ACE_AVAILABLE)
cx->inf.b[1] = 0xff;
#endif
MARK_AS_DECRYPTION_CTX(cx);
return EXIT_SUCCESS;
}
#endif
#if defined(AES_256) || defined( AES_VAR )
#define k8ef(k,i) \
{ k[v(56,(8*(i))+ 8)] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; \
k[v(56,(8*(i))+ 9)] = ss[1] ^= ss[0]; \
k[v(56,(8*(i))+10)] = ss[2] ^= ss[1]; \
k[v(56,(8*(i))+11)] = ss[3] ^= ss[2]; \
}
#define k8e(k,i) \
{ k8ef(k,i); \
k[v(56,(8*(i))+12)] = ss[4] ^= ls_box(ss[3],0); \
k[v(56,(8*(i))+13)] = ss[5] ^= ss[4]; \
k[v(56,(8*(i))+14)] = ss[6] ^= ss[5]; \
k[v(56,(8*(i))+15)] = ss[7] ^= ss[6]; \
}
#define kdf8(k,i) \
{ ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[v(56,(8*(i))+ 8)] = ff(ss[0]); \
ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ff(ss[1]); \
ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ff(ss[2]); \
ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ff(ss[3]); \
ss[4] ^= ls_box(ss[3],0); k[v(56,(8*(i))+12)] = ff(ss[4]); \
ss[5] ^= ss[4]; k[v(56,(8*(i))+13)] = ff(ss[5]); \
ss[6] ^= ss[5]; k[v(56,(8*(i))+14)] = ff(ss[6]); \
ss[7] ^= ss[6]; k[v(56,(8*(i))+15)] = ff(ss[7]); \
}
#define kd8(k,i) \
{ ss[8] = ls_box(ss[7],3) ^ t_use(r,c)[i]; \
ss[0] ^= ss[8]; ss[8] = ff(ss[8]); k[v(56,(8*(i))+ 8)] = ss[8] ^= k[v(56,(8*(i)))]; \
ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ss[8] ^= k[v(56,(8*(i))+ 1)]; \
ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ss[8] ^= k[v(56,(8*(i))+ 2)]; \
ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[8] ^= k[v(56,(8*(i))+ 3)]; \
ss[8] = ls_box(ss[3],0); \
ss[4] ^= ss[8]; ss[8] = ff(ss[8]); k[v(56,(8*(i))+12)] = ss[8] ^= k[v(56,(8*(i))+ 4)]; \
ss[5] ^= ss[4]; k[v(56,(8*(i))+13)] = ss[8] ^= k[v(56,(8*(i))+ 5)]; \
ss[6] ^= ss[5]; k[v(56,(8*(i))+14)] = ss[8] ^= k[v(56,(8*(i))+ 6)]; \
ss[7] ^= ss[6]; k[v(56,(8*(i))+15)] = ss[8] ^= k[v(56,(8*(i))+ 7)]; \
}
#define kdl8(k,i) \
{ ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[v(56,(8*(i))+ 8)] = ss[0]; \
ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ss[1]; \
ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ss[2]; \
ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[3]; \
}
AES_RETURN aes_xi(decrypt_key256)(const unsigned char *key, aes_decrypt_ctx cx[1])
{ uint32_t ss[9];
#if defined( d_vars )
d_vars;
#endif
cx->ks[v(56,(0))] = ss[0] = word_in(key, 0);
cx->ks[v(56,(1))] = ss[1] = word_in(key, 1);
cx->ks[v(56,(2))] = ss[2] = word_in(key, 2);
cx->ks[v(56,(3))] = ss[3] = word_in(key, 3);
#ifdef DEC_KS_UNROLL
ss[4] = word_in(key, 4);
ss[5] = word_in(key, 5);
ss[6] = word_in(key, 6);
ss[7] = word_in(key, 7);
cx->ks[v(56,(4))] = ff(ss[4]);
cx->ks[v(56,(5))] = ff(ss[5]);
cx->ks[v(56,(6))] = ff(ss[6]);
cx->ks[v(56,(7))] = ff(ss[7]);
kdf8(cx->ks, 0); kd8(cx->ks, 1);
kd8(cx->ks, 2); kd8(cx->ks, 3);
kd8(cx->ks, 4); kd8(cx->ks, 5);
kdl8(cx->ks, 6);
#else
cx->ks[v(56,(4))] = ss[4] = word_in(key, 4);
cx->ks[v(56,(5))] = ss[5] = word_in(key, 5);
cx->ks[v(56,(6))] = ss[6] = word_in(key, 6);
cx->ks[v(56,(7))] = ss[7] = word_in(key, 7);
{ uint32_t i;
for(i = 0; i < 6; ++i)
k8e(cx->ks, i);
k8ef(cx->ks, 6);
#if !(DEC_ROUND == NO_TABLES)
for(i = N_COLS; i < 14 * N_COLS; ++i)
cx->ks[i] = inv_mcol(cx->ks[i]);
#endif
}
#endif
cx->inf.l = 0;
cx->inf.b[0] = 14 * AES_BLOCK_SIZE;
#ifdef USE_VIA_ACE_IF_PRESENT
if(VIA_ACE_AVAILABLE)
cx->inf.b[1] = 0xff;
#endif
MARK_AS_DECRYPTION_CTX(cx);
return EXIT_SUCCESS;
}
#endif
#endif
#if defined( AES_VAR )
AES_RETURN aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1])
{
switch(key_len)
{
case 16: case 128: return aes_encrypt_key128(key, cx);
case 24: case 192: return aes_encrypt_key192(key, cx);
case 32: case 256: return aes_encrypt_key256(key, cx);
default: return EXIT_FAILURE;
}
}
AES_RETURN aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1])
{
switch(key_len)
{
case 16: case 128: return aes_decrypt_key128(key, cx);
case 24: case 192: return aes_decrypt_key192(key, cx);
case 32: case 256: return aes_decrypt_key256(key, cx);
default: return EXIT_FAILURE;
}
}
#endif
#if defined(__cplusplus)
}
#endif

786
crypto/src/main/jni/final_key/aes/aesopt.h Normal file
View File

@@ -0,0 +1,786 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
This file contains the compilation options for AES (Rijndael) and code
that is common across encryption, key scheduling and table generation.
OPERATION
These source code files implement the AES algorithm Rijndael designed by
Joan Daemen and Vincent Rijmen. This version is designed for the standard
block size of 16 bytes and for key sizes of 128, 192 and 256 bits (16, 24
and 32 bytes).
This version is designed for flexibility and speed using operations on
32-bit words rather than operations on bytes. It can be compiled with
either big or little endian internal byte order but is faster when the
native byte order for the processor is used.
THE CIPHER INTERFACE
The cipher interface is implemented as an array of bytes in which lower
AES bit sequence indexes map to higher numeric significance within bytes.
uint8_t (an unsigned 8-bit type)
uint32_t (an unsigned 32-bit type)
struct aes_encrypt_ctx (structure for the cipher encryption context)
struct aes_decrypt_ctx (structure for the cipher decryption context)
AES_RETURN the function return type
C subroutine calls:
AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1]);
AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1]);
AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]);
AES_RETURN aes_encrypt(const unsigned char *in, unsigned char *out,
const aes_encrypt_ctx cx[1]);
AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1]);
AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1]);
AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]);
AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out,
const aes_decrypt_ctx cx[1]);
IMPORTANT NOTE: If you are using this C interface with dynamic tables make sure that
you call aes_init() before AES is used so that the tables are initialised.
C++ aes class subroutines:
Class AESencrypt for encryption
Constructors:
AESencrypt(void)
AESencrypt(const unsigned char *key) - 128 bit key
Members:
AES_RETURN key128(const unsigned char *key)
AES_RETURN key192(const unsigned char *key)
AES_RETURN key256(const unsigned char *key)
AES_RETURN encrypt(const unsigned char *in, unsigned char *out) const
Class AESdecrypt for encryption
Constructors:
AESdecrypt(void)
AESdecrypt(const unsigned char *key) - 128 bit key
Members:
AES_RETURN key128(const unsigned char *key)
AES_RETURN key192(const unsigned char *key)
AES_RETURN key256(const unsigned char *key)
AES_RETURN decrypt(const unsigned char *in, unsigned char *out) const
*/
#if !defined( _AESOPT_H )
#define _AESOPT_H
#if defined( __cplusplus )
#include "aescpp.h"
#else
#include "aes.h"
#endif
/* PLATFORM SPECIFIC INCLUDES */
#include "brg_endian.h"
/* CONFIGURATION - THE USE OF DEFINES
Later in this section there are a number of defines that control the
operation of the code. In each section, the purpose of each define is
explained so that the relevant form can be included or excluded by
setting either 1's or 0's respectively on the branches of the related
#if clauses. The following local defines should not be changed.
*/
#define ENCRYPTION_IN_C 1
#define DECRYPTION_IN_C 2
#define ENC_KEYING_IN_C 4
#define DEC_KEYING_IN_C 8
#define NO_TABLES 0
#define ONE_TABLE 1
#define FOUR_TABLES 4
#define NONE 0
#define PARTIAL 1
#define FULL 2
/* --- START OF USER CONFIGURED OPTIONS --- */
/* 1. BYTE ORDER WITHIN 32 BIT WORDS
The fundamental data processing units in Rijndael are 8-bit bytes. The
input, output and key input are all enumerated arrays of bytes in which
bytes are numbered starting at zero and increasing to one less than the
number of bytes in the array in question. This enumeration is only used
for naming bytes and does not imply any adjacency or order relationship
from one byte to another. When these inputs and outputs are considered
as bit sequences, bits 8*n to 8*n+7 of the bit sequence are mapped to
byte[n] with bit 8n+i in the sequence mapped to bit 7-i within the byte.
In this implementation bits are numbered from 0 to 7 starting at the
numerically least significant end of each byte (bit n represents 2^n).
However, Rijndael can be implemented more efficiently using 32-bit
words by packing bytes into words so that bytes 4*n to 4*n+3 are placed
into word[n]. While in principle these bytes can be assembled into words
in any positions, this implementation only supports the two formats in
which bytes in adjacent positions within words also have adjacent byte
numbers. This order is called big-endian if the lowest numbered bytes
in words have the highest numeric significance and little-endian if the
opposite applies.
This code can work in either order irrespective of the order used by the
machine on which it runs. Normally the internal byte order will be set
to the order of the processor on which the code is to be run but this
define can be used to reverse this in special situations
WARNING: Assembler code versions rely on PLATFORM_BYTE_ORDER being set.
This define will hence be redefined later (in section 4) if necessary
*/
#if 1
# define ALGORITHM_BYTE_ORDER PLATFORM_BYTE_ORDER
#elif 0
# define ALGORITHM_BYTE_ORDER IS_LITTLE_ENDIAN
#elif 0
# define ALGORITHM_BYTE_ORDER IS_BIG_ENDIAN
#else
# error The algorithm byte order is not defined
#endif
/* 2. Intel AES AND VIA ACE SUPPORT */
#if defined( __GNUC__ ) && defined( __i386__ ) && !defined(__BEOS__) \
|| defined( _WIN32 ) && defined( _M_IX86 ) && !(defined( _WIN64 ) \
|| defined( _WIN32_WCE ) || defined( _MSC_VER ) && ( _MSC_VER <= 800 ))
# define VIA_ACE_POSSIBLE
#endif
/* AESNI is supported by all Windows x64 compilers, but for Linux/GCC
we have to test for SSE 2, SSE 3, and AES to before enabling it; */
#if !defined( INTEL_AES_POSSIBLE )
# if defined( _WIN64 ) && defined( _MSC_VER ) \
|| defined( __GNUC__ ) && defined( __x86_64__ ) && \
defined( __SSE2__ ) && defined( __SSE3__ ) && \
defined( __AES__ )
# define INTEL_AES_POSSIBLE
# endif
#endif
/* Define this option if support for the Intel AESNI is required
If USE_INTEL_AES_IF_PRESENT is defined then AESNI will be used
if it is detected (both present and enabled).
AESNI uses a decryption key schedule with the first decryption
round key at the high end of the key schedule with the following
round keys at lower positions in memory. So AES_REV_DKS must NOT
be defined when AESNI will be used. Although it is unlikely that
assembler code will be used with an AESNI build, if it is then
AES_REV_DKS must NOT be defined when the assembler files are
built (the definition of USE_INTEL_AES_IF_PRESENT in the assembler
code files must match that here if they are used).
*/
#if defined( INTEL_AES_POSSIBLE )
# if 1 && !defined( USE_INTEL_AES_IF_PRESENT )
# define USE_INTEL_AES_IF_PRESENT
# endif
#elif defined( USE_INTEL_AES_IF_PRESENT )
# error: AES_NI is not available on this platform
#endif
/* Define this option if support for the VIA ACE is required. This uses
inline assembler instructions and is only implemented for the Microsoft,
Intel and GCC compilers. If VIA ACE is known to be present, then defining
ASSUME_VIA_ACE_PRESENT will remove the ordinary encryption/decryption
code. If USE_VIA_ACE_IF_PRESENT is defined then VIA ACE will be used if
it is detected (both present and enabled) but the normal AES code will
also be present.
When VIA ACE is to be used, all AES encryption contexts MUST be 16 byte
aligned; other input/output buffers do not need to be 16 byte aligned
but there are very large performance gains if this can be arranged.
VIA ACE also requires the decryption key schedule to be in reverse
order (which later checks below ensure).
AES_REV_DKS must be set for assembler code used with a VIA ACE build
*/
#if 1 && defined( VIA_ACE_POSSIBLE ) && !defined( USE_VIA_ACE_IF_PRESENT )
# define USE_VIA_ACE_IF_PRESENT
#endif
#if 0 && defined( VIA_ACE_POSSIBLE ) && !defined( ASSUME_VIA_ACE_PRESENT )
# define ASSUME_VIA_ACE_PRESENT
# endif
/* 3. ASSEMBLER SUPPORT
This define (which can be on the command line) enables the use of the
assembler code routines for encryption, decryption and key scheduling
as follows:
ASM_X86_V1C uses the assembler (aes_x86_v1.asm) with large tables for
encryption and decryption and but with key scheduling in C
ASM_X86_V2 uses assembler (aes_x86_v2.asm) with compressed tables for
encryption, decryption and key scheduling
ASM_X86_V2C uses assembler (aes_x86_v2.asm) with compressed tables for
encryption and decryption and but with key scheduling in C
ASM_AMD64_C uses assembler (aes_amd64.asm) with compressed tables for
encryption and decryption and but with key scheduling in C
Change one 'if 0' below to 'if 1' to select the version or define
as a compilation option.
*/
#if 0 && !defined( ASM_X86_V1C )
# define ASM_X86_V1C
#elif 0 && !defined( ASM_X86_V2 )
# define ASM_X86_V2
#elif 0 && !defined( ASM_X86_V2C )
# define ASM_X86_V2C
#elif 0 && !defined( ASM_AMD64_C )
# define ASM_AMD64_C
#endif
#if defined( __i386 ) || defined( _M_IX86 )
# define A32_
#elif defined( __x86_64__ ) || defined( _M_X64 )
# define A64_
#endif
#if (defined ( ASM_X86_V1C ) || defined( ASM_X86_V2 ) || defined( ASM_X86_V2C )) \
&& !defined( A32_ ) || defined( ASM_AMD64_C ) && !defined( A64_ )
# error Assembler code is only available for x86 and AMD64 systems
#endif
/* 4. FAST INPUT/OUTPUT OPERATIONS.
On some machines it is possible to improve speed by transferring the
bytes in the input and output arrays to and from the internal 32-bit
variables by addressing these arrays as if they are arrays of 32-bit
words. On some machines this will always be possible but there may
be a large performance penalty if the byte arrays are not aligned on
the normal word boundaries. On other machines this technique will
lead to memory access errors when such 32-bit word accesses are not
properly aligned. The option SAFE_IO avoids such problems but will
often be slower on those machines that support misaligned access
(especially so if care is taken to align the input and output byte
arrays on 32-bit word boundaries). If SAFE_IO is not defined it is
assumed that access to byte arrays as if they are arrays of 32-bit
words will not cause problems when such accesses are misaligned.
*/
#if 1 && !defined( _MSC_VER )
# define SAFE_IO
#endif
/* 5. LOOP UNROLLING
The code for encryption and decryption cycles through a number of rounds
that can be implemented either in a loop or by expanding the code into a
long sequence of instructions, the latter producing a larger program but
one that will often be much faster. The latter is called loop unrolling.
There are also potential speed advantages in expanding two iterations in
a loop with half the number of iterations, which is called partial loop
unrolling. The following options allow partial or full loop unrolling
to be set independently for encryption and decryption
*/
#if 1
# define ENC_UNROLL FULL
#elif 0
# define ENC_UNROLL PARTIAL
#else
# define ENC_UNROLL NONE
#endif
#if 1
# define DEC_UNROLL FULL
#elif 0
# define DEC_UNROLL PARTIAL
#else
# define DEC_UNROLL NONE
#endif
#if 1
# define ENC_KS_UNROLL
#endif
#if 1
# define DEC_KS_UNROLL
#endif
/* 6. FAST FINITE FIELD OPERATIONS
If this section is included, tables are used to provide faster finite
field arithmetic (this has no effect if STATIC_TABLES is defined).
*/
#if 1
# define FF_TABLES
#endif
/* 7. INTERNAL STATE VARIABLE FORMAT
The internal state of Rijndael is stored in a number of local 32-bit
word variables which can be defined either as an array or as individual
names variables. Include this section if you want to store these local
variables in arrays. Otherwise individual local variables will be used.
*/
#if 1
# define ARRAYS
#endif
/* 8. FIXED OR DYNAMIC TABLES
When this section is included the tables used by the code are compiled
statically into the binary file. Otherwise the subroutine aes_init()
must be called to compute them before the code is first used.
*/
#if 1 && !(defined( _MSC_VER ) && ( _MSC_VER <= 800 ))
# define STATIC_TABLES
#endif
/* 9. MASKING OR CASTING FROM LONGER VALUES TO BYTES
In some systems it is better to mask longer values to extract bytes
rather than using a cast. This option allows this choice.
*/
#if 0
# define to_byte(x) ((uint8_t)(x))
#else
# define to_byte(x) ((x) & 0xff)
#endif
/* 10. TABLE ALIGNMENT
On some systems speed will be improved by aligning the AES large lookup
tables on particular boundaries. This define should be set to a power of
two giving the desired alignment. It can be left undefined if alignment
is not needed. This option is specific to the Microsoft VC++ compiler -
it seems to sometimes cause trouble for the VC++ version 6 compiler.
*/
#if 1 && defined( _MSC_VER ) && ( _MSC_VER >= 1300 )
# define TABLE_ALIGN 32
#endif
/* 11. REDUCE CODE AND TABLE SIZE
This replaces some expanded macros with function calls if AES_ASM_V2 or
AES_ASM_V2C are defined
*/
#if 1 && (defined( ASM_X86_V2 ) || defined( ASM_X86_V2C ))
# define REDUCE_CODE_SIZE
#endif
/* 12. TABLE OPTIONS
This cipher proceeds by repeating in a number of cycles known as 'rounds'
which are implemented by a round function which can optionally be speeded
up using tables. The basic tables are each 256 32-bit words, with either
one or four tables being required for each round function depending on
how much speed is required. The encryption and decryption round functions
are different and the last encryption and decryption round functions are
different again making four different round functions in all.
This means that:
1. Normal encryption and decryption rounds can each use either 0, 1
or 4 tables and table spaces of 0, 1024 or 4096 bytes each.
2. The last encryption and decryption rounds can also use either 0, 1
or 4 tables and table spaces of 0, 1024 or 4096 bytes each.
Include or exclude the appropriate definitions below to set the number
of tables used by this implementation.
*/
#if 1 /* set tables for the normal encryption round */
# define ENC_ROUND FOUR_TABLES
#elif 0
# define ENC_ROUND ONE_TABLE
#else
# define ENC_ROUND NO_TABLES
#endif
#if 1 /* set tables for the last encryption round */
# define LAST_ENC_ROUND FOUR_TABLES
#elif 0
# define LAST_ENC_ROUND ONE_TABLE
#else
# define LAST_ENC_ROUND NO_TABLES
#endif
#if 1 /* set tables for the normal decryption round */
# define DEC_ROUND FOUR_TABLES
#elif 0
# define DEC_ROUND ONE_TABLE
#else
# define DEC_ROUND NO_TABLES
#endif
#if 1 /* set tables for the last decryption round */
# define LAST_DEC_ROUND FOUR_TABLES
#elif 0
# define LAST_DEC_ROUND ONE_TABLE
#else
# define LAST_DEC_ROUND NO_TABLES
#endif
/* The decryption key schedule can be speeded up with tables in the same
way that the round functions can. Include or exclude the following
defines to set this requirement.
*/
#if 1
# define KEY_SCHED FOUR_TABLES
#elif 0
# define KEY_SCHED ONE_TABLE
#else
# define KEY_SCHED NO_TABLES
#endif
/* ---- END OF USER CONFIGURED OPTIONS ---- */
/* VIA ACE support is only available for VC++ and GCC */
#if !defined( _MSC_VER ) && !defined( __GNUC__ )
# if defined( ASSUME_VIA_ACE_PRESENT )
# undef ASSUME_VIA_ACE_PRESENT
# endif
# if defined( USE_VIA_ACE_IF_PRESENT )
# undef USE_VIA_ACE_IF_PRESENT
# endif
#endif
#if defined( ASSUME_VIA_ACE_PRESENT ) && !defined( USE_VIA_ACE_IF_PRESENT )
# define USE_VIA_ACE_IF_PRESENT
#endif
/* define to reverse decryption key schedule */
#if 1 || defined( USE_VIA_ACE_IF_PRESENT ) && !defined ( AES_REV_DKS )
# define AES_REV_DKS
#endif
/* Intel AESNI uses a decryption key schedule in the encryption order */
#if defined( USE_INTEL_AES_IF_PRESENT ) && defined ( AES_REV_DKS )
# undef AES_REV_DKS
#endif
/* Assembler support requires the use of platform byte order */
#if ( defined( ASM_X86_V1C ) || defined( ASM_X86_V2C ) || defined( ASM_AMD64_C ) ) \
&& (ALGORITHM_BYTE_ORDER != PLATFORM_BYTE_ORDER)
# undef ALGORITHM_BYTE_ORDER
# define ALGORITHM_BYTE_ORDER PLATFORM_BYTE_ORDER
#endif
/* In this implementation the columns of the state array are each held in
32-bit words. The state array can be held in various ways: in an array
of words, in a number of individual word variables or in a number of
processor registers. The following define maps a variable name x and
a column number c to the way the state array variable is to be held.
The first define below maps the state into an array x[c] whereas the
second form maps the state into a number of individual variables x0,
x1, etc. Another form could map individual state columns to machine
register names.
*/
#if defined( ARRAYS )
# define s(x,c) x[c]
#else
# define s(x,c) x##c
#endif
/* This implementation provides subroutines for encryption, decryption
and for setting the three key lengths (separately) for encryption
and decryption. Since not all functions are needed, masks are set
up here to determine which will be implemented in C
*/
#if !defined( AES_ENCRYPT )
# define EFUNCS_IN_C 0
#elif defined( ASSUME_VIA_ACE_PRESENT ) || defined( ASM_X86_V1C ) \
|| defined( ASM_X86_V2C ) || defined( ASM_AMD64_C )
# define EFUNCS_IN_C ENC_KEYING_IN_C
#elif !defined( ASM_X86_V2 )
# define EFUNCS_IN_C ( ENCRYPTION_IN_C | ENC_KEYING_IN_C )
#else
# define EFUNCS_IN_C 0
#endif
#if !defined( AES_DECRYPT )
# define DFUNCS_IN_C 0
#elif defined( ASSUME_VIA_ACE_PRESENT ) || defined( ASM_X86_V1C ) \
|| defined( ASM_X86_V2C ) || defined( ASM_AMD64_C )
# define DFUNCS_IN_C DEC_KEYING_IN_C
#elif !defined( ASM_X86_V2 )
# define DFUNCS_IN_C ( DECRYPTION_IN_C | DEC_KEYING_IN_C )
#else
# define DFUNCS_IN_C 0
#endif
#define FUNCS_IN_C ( EFUNCS_IN_C | DFUNCS_IN_C )
/* END OF CONFIGURATION OPTIONS */
#define RC_LENGTH (5 * (AES_BLOCK_SIZE / 4 - 2))
/* Disable or report errors on some combinations of options */
#if ENC_ROUND == NO_TABLES && LAST_ENC_ROUND != NO_TABLES
# undef LAST_ENC_ROUND
# define LAST_ENC_ROUND NO_TABLES
#elif ENC_ROUND == ONE_TABLE && LAST_ENC_ROUND == FOUR_TABLES
# undef LAST_ENC_ROUND
# define LAST_ENC_ROUND ONE_TABLE
#endif
#if ENC_ROUND == NO_TABLES && ENC_UNROLL != NONE
# undef ENC_UNROLL
# define ENC_UNROLL NONE
#endif
#if DEC_ROUND == NO_TABLES && LAST_DEC_ROUND != NO_TABLES
# undef LAST_DEC_ROUND
# define LAST_DEC_ROUND NO_TABLES
#elif DEC_ROUND == ONE_TABLE && LAST_DEC_ROUND == FOUR_TABLES
# undef LAST_DEC_ROUND
# define LAST_DEC_ROUND ONE_TABLE
#endif
#if DEC_ROUND == NO_TABLES && DEC_UNROLL != NONE
# undef DEC_UNROLL
# define DEC_UNROLL NONE
#endif
#if defined( bswap32 )
# define aes_sw32 bswap32
#elif defined( bswap_32 )
# define aes_sw32 bswap_32
#else
# define brot(x,n) (((uint32_t)(x) << n) | ((uint32_t)(x) >> (32 - n)))
# define aes_sw32(x) ((brot((x),8) & 0x00ff00ff) | (brot((x),24) & 0xff00ff00))
#endif
/* upr(x,n): rotates bytes within words by n positions, moving bytes to
higher index positions with wrap around into low positions
ups(x,n): moves bytes by n positions to higher index positions in
words but without wrap around
bval(x,n): extracts a byte from a word
WARNING: The definitions given here are intended only for use with
unsigned variables and with shift counts that are compile
time constants
*/
#if ( ALGORITHM_BYTE_ORDER == IS_LITTLE_ENDIAN )
# define upr(x,n) (((uint32_t)(x) << (8 * (n))) | ((uint32_t)(x) >> (32 - 8 * (n))))
# define ups(x,n) ((uint32_t) (x) << (8 * (n)))
# define bval(x,n) to_byte((x) >> (8 * (n)))
# define bytes2word(b0, b1, b2, b3) \
(((uint32_t)(b3) << 24) | ((uint32_t)(b2) << 16) | ((uint32_t)(b1) << 8) | (b0))
#endif
#if ( ALGORITHM_BYTE_ORDER == IS_BIG_ENDIAN )
# define upr(x,n) (((uint32_t)(x) >> (8 * (n))) | ((uint32_t)(x) << (32 - 8 * (n))))
# define ups(x,n) ((uint32_t) (x) >> (8 * (n)))
# define bval(x,n) to_byte((x) >> (24 - 8 * (n)))
# define bytes2word(b0, b1, b2, b3) \
(((uint32_t)(b0) << 24) | ((uint32_t)(b1) << 16) | ((uint32_t)(b2) << 8) | (b3))
#endif
#if defined( SAFE_IO )
# define word_in(x,c) bytes2word(((const uint8_t*)(x)+4*c)[0], ((const uint8_t*)(x)+4*c)[1], \
((const uint8_t*)(x)+4*c)[2], ((const uint8_t*)(x)+4*c)[3])
# define word_out(x,c,v) { ((uint8_t*)(x)+4*c)[0] = bval(v,0); ((uint8_t*)(x)+4*c)[1] = bval(v,1); \
((uint8_t*)(x)+4*c)[2] = bval(v,2); ((uint8_t*)(x)+4*c)[3] = bval(v,3); }
#elif ( ALGORITHM_BYTE_ORDER == PLATFORM_BYTE_ORDER )
# define word_in(x,c) (*((uint32_t*)(x)+(c)))
# define word_out(x,c,v) (*((uint32_t*)(x)+(c)) = (v))
#else
# define word_in(x,c) aes_sw32(*((uint32_t*)(x)+(c)))
# define word_out(x,c,v) (*((uint32_t*)(x)+(c)) = aes_sw32(v))
#endif
/* the finite field modular polynomial and elements */
#define WPOLY 0x011b
#define BPOLY 0x1b
/* multiply four bytes in GF(2^8) by 'x' {02} in parallel */
#define gf_c1 0x80808080
#define gf_c2 0x7f7f7f7f
#define gf_mulx(x) ((((x) & gf_c2) << 1) ^ ((((x) & gf_c1) >> 7) * BPOLY))
/* The following defines provide alternative definitions of gf_mulx that might
give improved performance if a fast 32-bit multiply is not available. Note
that a temporary variable u needs to be defined where gf_mulx is used.
#define gf_mulx(x) (u = (x) & gf_c1, u |= (u >> 1), ((x) & gf_c2) << 1) ^ ((u >> 3) | (u >> 6))
#define gf_c4 (0x01010101 * BPOLY)
#define gf_mulx(x) (u = (x) & gf_c1, ((x) & gf_c2) << 1) ^ ((u - (u >> 7)) & gf_c4)
*/
/* Work out which tables are needed for the different options */
#if defined( ASM_X86_V1C )
# if defined( ENC_ROUND )
# undef ENC_ROUND
# endif
# define ENC_ROUND FOUR_TABLES
# if defined( LAST_ENC_ROUND )
# undef LAST_ENC_ROUND
# endif
# define LAST_ENC_ROUND FOUR_TABLES
# if defined( DEC_ROUND )
# undef DEC_ROUND
# endif
# define DEC_ROUND FOUR_TABLES
# if defined( LAST_DEC_ROUND )
# undef LAST_DEC_ROUND
# endif
# define LAST_DEC_ROUND FOUR_TABLES
# if defined( KEY_SCHED )
# undef KEY_SCHED
# define KEY_SCHED FOUR_TABLES
# endif
#endif
#if ( FUNCS_IN_C & ENCRYPTION_IN_C ) || defined( ASM_X86_V1C )
# if ENC_ROUND == ONE_TABLE
# define FT1_SET
# elif ENC_ROUND == FOUR_TABLES
# define FT4_SET
# else
# define SBX_SET
# endif
# if LAST_ENC_ROUND == ONE_TABLE
# define FL1_SET
# elif LAST_ENC_ROUND == FOUR_TABLES
# define FL4_SET
# elif !defined( SBX_SET )
# define SBX_SET
# endif
#endif
#if ( FUNCS_IN_C & DECRYPTION_IN_C ) || defined( ASM_X86_V1C )
# if DEC_ROUND == ONE_TABLE
# define IT1_SET
# elif DEC_ROUND == FOUR_TABLES
# define IT4_SET
# else
# define ISB_SET
# endif
# if LAST_DEC_ROUND == ONE_TABLE
# define IL1_SET
# elif LAST_DEC_ROUND == FOUR_TABLES
# define IL4_SET
# elif !defined(ISB_SET)
# define ISB_SET
# endif
#endif
#if !(defined( REDUCE_CODE_SIZE ) && (defined( ASM_X86_V2 ) || defined( ASM_X86_V2C )))
# if ((FUNCS_IN_C & ENC_KEYING_IN_C) || (FUNCS_IN_C & DEC_KEYING_IN_C))
# if KEY_SCHED == ONE_TABLE
# if !defined( FL1_SET ) && !defined( FL4_SET )
# define LS1_SET
# endif
# elif KEY_SCHED == FOUR_TABLES
# if !defined( FL4_SET )
# define LS4_SET
# endif
# elif !defined( SBX_SET )
# define SBX_SET
# endif
# endif
# if (FUNCS_IN_C & DEC_KEYING_IN_C)
# if KEY_SCHED == ONE_TABLE
# define IM1_SET
# elif KEY_SCHED == FOUR_TABLES
# define IM4_SET
# elif !defined( SBX_SET )
# define SBX_SET
# endif
# endif
#endif
/* generic definitions of Rijndael macros that use tables */
#define no_table(x,box,vf,rf,c) bytes2word( \
box[bval(vf(x,0,c),rf(0,c))], \
box[bval(vf(x,1,c),rf(1,c))], \
box[bval(vf(x,2,c),rf(2,c))], \
box[bval(vf(x,3,c),rf(3,c))])
#define one_table(x,op,tab,vf,rf,c) \
( tab[bval(vf(x,0,c),rf(0,c))] \
^ op(tab[bval(vf(x,1,c),rf(1,c))],1) \
^ op(tab[bval(vf(x,2,c),rf(2,c))],2) \
^ op(tab[bval(vf(x,3,c),rf(3,c))],3))
#define four_tables(x,tab,vf,rf,c) \
( tab[0][bval(vf(x,0,c),rf(0,c))] \
^ tab[1][bval(vf(x,1,c),rf(1,c))] \
^ tab[2][bval(vf(x,2,c),rf(2,c))] \
^ tab[3][bval(vf(x,3,c),rf(3,c))])
#define vf1(x,r,c) (x)
#define rf1(r,c) (r)
#define rf2(r,c) ((8+r-c)&3)
/* perform forward and inverse column mix operation on four bytes in long word x in */
/* parallel. NOTE: x must be a simple variable, NOT an expression in these macros. */
#if !(defined( REDUCE_CODE_SIZE ) && (defined( ASM_X86_V2 ) || defined( ASM_X86_V2C )))
#if defined( FM4_SET ) /* not currently used */
# define fwd_mcol(x) four_tables(x,t_use(f,m),vf1,rf1,0)
#elif defined( FM1_SET ) /* not currently used */
# define fwd_mcol(x) one_table(x,upr,t_use(f,m),vf1,rf1,0)
#else
# define dec_fmvars uint32_t g2
# define fwd_mcol(x) (g2 = gf_mulx(x), g2 ^ upr((x) ^ g2, 3) ^ upr((x), 2) ^ upr((x), 1))
#endif
#if defined( IM4_SET )
# define inv_mcol(x) four_tables(x,t_use(i,m),vf1,rf1,0)
#elif defined( IM1_SET )
# define inv_mcol(x) one_table(x,upr,t_use(i,m),vf1,rf1,0)
#else
# define dec_imvars uint32_t g2, g4, g9
# define inv_mcol(x) (g2 = gf_mulx(x), g4 = gf_mulx(g2), g9 = (x) ^ gf_mulx(g4), g4 ^= g9, \
(x) ^ g2 ^ g4 ^ upr(g2 ^ g9, 3) ^ upr(g4, 2) ^ upr(g9, 1))
#endif
#if defined( FL4_SET )
# define ls_box(x,c) four_tables(x,t_use(f,l),vf1,rf2,c)
#elif defined( LS4_SET )
# define ls_box(x,c) four_tables(x,t_use(l,s),vf1,rf2,c)
#elif defined( FL1_SET )
# define ls_box(x,c) one_table(x,upr,t_use(f,l),vf1,rf2,c)
#elif defined( LS1_SET )
# define ls_box(x,c) one_table(x,upr,t_use(l,s),vf1,rf2,c)
#else
# define ls_box(x,c) no_table(x,t_use(s,box),vf1,rf2,c)
#endif
#endif
#if defined( ASM_X86_V1C ) && defined( AES_DECRYPT ) && !defined( ISB_SET )
# define ISB_SET
#endif
#endif

418
crypto/src/main/jni/final_key/aes/aestab.c Normal file
View File

@@ -0,0 +1,418 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
*/
#define DO_TABLES
#include "aes.h"
#include "aesopt.h"
#if defined(STATIC_TABLES)
#define sb_data(w) {\
w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\
w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\
w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\
w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\
w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\
w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\
w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\
w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\
w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\
w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\
w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\
w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\
w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\
w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\
w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\
w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\
w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\
w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\
w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\
w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\
w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\
w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\
w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\
w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\
w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\
w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\
w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\
w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\
w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\
w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\
w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\
w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16) }
#define isb_data(w) {\
w(0x52), w(0x09), w(0x6a), w(0xd5), w(0x30), w(0x36), w(0xa5), w(0x38),\
w(0xbf), w(0x40), w(0xa3), w(0x9e), w(0x81), w(0xf3), w(0xd7), w(0xfb),\
w(0x7c), w(0xe3), w(0x39), w(0x82), w(0x9b), w(0x2f), w(0xff), w(0x87),\
w(0x34), w(0x8e), w(0x43), w(0x44), w(0xc4), w(0xde), w(0xe9), w(0xcb),\
w(0x54), w(0x7b), w(0x94), w(0x32), w(0xa6), w(0xc2), w(0x23), w(0x3d),\
w(0xee), w(0x4c), w(0x95), w(0x0b), w(0x42), w(0xfa), w(0xc3), w(0x4e),\
w(0x08), w(0x2e), w(0xa1), w(0x66), w(0x28), w(0xd9), w(0x24), w(0xb2),\
w(0x76), w(0x5b), w(0xa2), w(0x49), w(0x6d), w(0x8b), w(0xd1), w(0x25),\
w(0x72), w(0xf8), w(0xf6), w(0x64), w(0x86), w(0x68), w(0x98), w(0x16),\
w(0xd4), w(0xa4), w(0x5c), w(0xcc), w(0x5d), w(0x65), w(0xb6), w(0x92),\
w(0x6c), w(0x70), w(0x48), w(0x50), w(0xfd), w(0xed), w(0xb9), w(0xda),\
w(0x5e), w(0x15), w(0x46), w(0x57), w(0xa7), w(0x8d), w(0x9d), w(0x84),\
w(0x90), w(0xd8), w(0xab), w(0x00), w(0x8c), w(0xbc), w(0xd3), w(0x0a),\
w(0xf7), w(0xe4), w(0x58), w(0x05), w(0xb8), w(0xb3), w(0x45), w(0x06),\
w(0xd0), w(0x2c), w(0x1e), w(0x8f), w(0xca), w(0x3f), w(0x0f), w(0x02),\
w(0xc1), w(0xaf), w(0xbd), w(0x03), w(0x01), w(0x13), w(0x8a), w(0x6b),\
w(0x3a), w(0x91), w(0x11), w(0x41), w(0x4f), w(0x67), w(0xdc), w(0xea),\
w(0x97), w(0xf2), w(0xcf), w(0xce), w(0xf0), w(0xb4), w(0xe6), w(0x73),\
w(0x96), w(0xac), w(0x74), w(0x22), w(0xe7), w(0xad), w(0x35), w(0x85),\
w(0xe2), w(0xf9), w(0x37), w(0xe8), w(0x1c), w(0x75), w(0xdf), w(0x6e),\
w(0x47), w(0xf1), w(0x1a), w(0x71), w(0x1d), w(0x29), w(0xc5), w(0x89),\
w(0x6f), w(0xb7), w(0x62), w(0x0e), w(0xaa), w(0x18), w(0xbe), w(0x1b),\
w(0xfc), w(0x56), w(0x3e), w(0x4b), w(0xc6), w(0xd2), w(0x79), w(0x20),\
w(0x9a), w(0xdb), w(0xc0), w(0xfe), w(0x78), w(0xcd), w(0x5a), w(0xf4),\
w(0x1f), w(0xdd), w(0xa8), w(0x33), w(0x88), w(0x07), w(0xc7), w(0x31),\
w(0xb1), w(0x12), w(0x10), w(0x59), w(0x27), w(0x80), w(0xec), w(0x5f),\
w(0x60), w(0x51), w(0x7f), w(0xa9), w(0x19), w(0xb5), w(0x4a), w(0x0d),\
w(0x2d), w(0xe5), w(0x7a), w(0x9f), w(0x93), w(0xc9), w(0x9c), w(0xef),\
w(0xa0), w(0xe0), w(0x3b), w(0x4d), w(0xae), w(0x2a), w(0xf5), w(0xb0),\
w(0xc8), w(0xeb), w(0xbb), w(0x3c), w(0x83), w(0x53), w(0x99), w(0x61),\
w(0x17), w(0x2b), w(0x04), w(0x7e), w(0xba), w(0x77), w(0xd6), w(0x26),\
w(0xe1), w(0x69), w(0x14), w(0x63), w(0x55), w(0x21), w(0x0c), w(0x7d) }
#define mm_data(w) {\
w(0x00), w(0x01), w(0x02), w(0x03), w(0x04), w(0x05), w(0x06), w(0x07),\
w(0x08), w(0x09), w(0x0a), w(0x0b), w(0x0c), w(0x0d), w(0x0e), w(0x0f),\
w(0x10), w(0x11), w(0x12), w(0x13), w(0x14), w(0x15), w(0x16), w(0x17),\
w(0x18), w(0x19), w(0x1a), w(0x1b), w(0x1c), w(0x1d), w(0x1e), w(0x1f),\
w(0x20), w(0x21), w(0x22), w(0x23), w(0x24), w(0x25), w(0x26), w(0x27),\
w(0x28), w(0x29), w(0x2a), w(0x2b), w(0x2c), w(0x2d), w(0x2e), w(0x2f),\
w(0x30), w(0x31), w(0x32), w(0x33), w(0x34), w(0x35), w(0x36), w(0x37),\
w(0x38), w(0x39), w(0x3a), w(0x3b), w(0x3c), w(0x3d), w(0x3e), w(0x3f),\
w(0x40), w(0x41), w(0x42), w(0x43), w(0x44), w(0x45), w(0x46), w(0x47),\
w(0x48), w(0x49), w(0x4a), w(0x4b), w(0x4c), w(0x4d), w(0x4e), w(0x4f),\
w(0x50), w(0x51), w(0x52), w(0x53), w(0x54), w(0x55), w(0x56), w(0x57),\
w(0x58), w(0x59), w(0x5a), w(0x5b), w(0x5c), w(0x5d), w(0x5e), w(0x5f),\
w(0x60), w(0x61), w(0x62), w(0x63), w(0x64), w(0x65), w(0x66), w(0x67),\
w(0x68), w(0x69), w(0x6a), w(0x6b), w(0x6c), w(0x6d), w(0x6e), w(0x6f),\
w(0x70), w(0x71), w(0x72), w(0x73), w(0x74), w(0x75), w(0x76), w(0x77),\
w(0x78), w(0x79), w(0x7a), w(0x7b), w(0x7c), w(0x7d), w(0x7e), w(0x7f),\
w(0x80), w(0x81), w(0x82), w(0x83), w(0x84), w(0x85), w(0x86), w(0x87),\
w(0x88), w(0x89), w(0x8a), w(0x8b), w(0x8c), w(0x8d), w(0x8e), w(0x8f),\
w(0x90), w(0x91), w(0x92), w(0x93), w(0x94), w(0x95), w(0x96), w(0x97),\
w(0x98), w(0x99), w(0x9a), w(0x9b), w(0x9c), w(0x9d), w(0x9e), w(0x9f),\
w(0xa0), w(0xa1), w(0xa2), w(0xa3), w(0xa4), w(0xa5), w(0xa6), w(0xa7),\
w(0xa8), w(0xa9), w(0xaa), w(0xab), w(0xac), w(0xad), w(0xae), w(0xaf),\
w(0xb0), w(0xb1), w(0xb2), w(0xb3), w(0xb4), w(0xb5), w(0xb6), w(0xb7),\
w(0xb8), w(0xb9), w(0xba), w(0xbb), w(0xbc), w(0xbd), w(0xbe), w(0xbf),\
w(0xc0), w(0xc1), w(0xc2), w(0xc3), w(0xc4), w(0xc5), w(0xc6), w(0xc7),\
w(0xc8), w(0xc9), w(0xca), w(0xcb), w(0xcc), w(0xcd), w(0xce), w(0xcf),\
w(0xd0), w(0xd1), w(0xd2), w(0xd3), w(0xd4), w(0xd5), w(0xd6), w(0xd7),\
w(0xd8), w(0xd9), w(0xda), w(0xdb), w(0xdc), w(0xdd), w(0xde), w(0xdf),\
w(0xe0), w(0xe1), w(0xe2), w(0xe3), w(0xe4), w(0xe5), w(0xe6), w(0xe7),\
w(0xe8), w(0xe9), w(0xea), w(0xeb), w(0xec), w(0xed), w(0xee), w(0xef),\
w(0xf0), w(0xf1), w(0xf2), w(0xf3), w(0xf4), w(0xf5), w(0xf6), w(0xf7),\
w(0xf8), w(0xf9), w(0xfa), w(0xfb), w(0xfc), w(0xfd), w(0xfe), w(0xff) }
#define rc_data(w) {\
w(0x01), w(0x02), w(0x04), w(0x08), w(0x10),w(0x20), w(0x40), w(0x80),\
w(0x1b), w(0x36) }
#define h0(x) (x)
#define w0(p) bytes2word(p, 0, 0, 0)
#define w1(p) bytes2word(0, p, 0, 0)
#define w2(p) bytes2word(0, 0, p, 0)
#define w3(p) bytes2word(0, 0, 0, p)
#define u0(p) bytes2word(f2(p), p, p, f3(p))
#define u1(p) bytes2word(f3(p), f2(p), p, p)
#define u2(p) bytes2word(p, f3(p), f2(p), p)
#define u3(p) bytes2word(p, p, f3(p), f2(p))
#define v0(p) bytes2word(fe(p), f9(p), fd(p), fb(p))
#define v1(p) bytes2word(fb(p), fe(p), f9(p), fd(p))
#define v2(p) bytes2word(fd(p), fb(p), fe(p), f9(p))
#define v3(p) bytes2word(f9(p), fd(p), fb(p), fe(p))
#endif
#if defined(STATIC_TABLES) || !defined(FF_TABLES)
#define f2(x) ((x<<1) ^ (((x>>7) & 1) * WPOLY))
#define f4(x) ((x<<2) ^ (((x>>6) & 1) * WPOLY) ^ (((x>>6) & 2) * WPOLY))
#define f8(x) ((x<<3) ^ (((x>>5) & 1) * WPOLY) ^ (((x>>5) & 2) * WPOLY) \
^ (((x>>5) & 4) * WPOLY))
#define f3(x) (f2(x) ^ x)
#define f9(x) (f8(x) ^ x)
#define fb(x) (f8(x) ^ f2(x) ^ x)
#define fd(x) (f8(x) ^ f4(x) ^ x)
#define fe(x) (f8(x) ^ f4(x) ^ f2(x))
#else
#define f2(x) ((x) ? pow[log[x] + 0x19] : 0)
#define f3(x) ((x) ? pow[log[x] + 0x01] : 0)
#define f9(x) ((x) ? pow[log[x] + 0xc7] : 0)
#define fb(x) ((x) ? pow[log[x] + 0x68] : 0)
#define fd(x) ((x) ? pow[log[x] + 0xee] : 0)
#define fe(x) ((x) ? pow[log[x] + 0xdf] : 0)
#endif
#include "aestab.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#if defined(STATIC_TABLES)
/* implemented in case of wrong call for fixed tables */
AES_RETURN aes_init(void)
{
return EXIT_SUCCESS;
}
#else /* Generate the tables for the dynamic table option */
#if defined(FF_TABLES)
#define gf_inv(x) ((x) ? pow[ 255 - log[x]] : 0)
#else
/* It will generally be sensible to use tables to compute finite
field multiplies and inverses but where memory is scarse this
code might sometimes be better. But it only has effect during
initialisation so its pretty unimportant in overall terms.
*/
/* return 2 ^ (n - 1) where n is the bit number of the highest bit
set in x with x in the range 1 < x < 0x00000200. This form is
used so that locals within fi can be bytes rather than words
*/
static uint8_t hibit(const uint32_t x)
{ uint8_t r = (uint8_t)((x >> 1) | (x >> 2));
r |= (r >> 2);
r |= (r >> 4);
return (r + 1) >> 1;
}
/* return the inverse of the finite field element x */
static uint8_t gf_inv(const uint8_t x)
{ uint8_t p1 = x, p2 = BPOLY, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0;
if(x < 2)
return x;
for( ; ; )
{
if(n1)
while(n2 >= n1) /* divide polynomial p2 by p1 */
{
n2 /= n1; /* shift smaller polynomial left */
p2 ^= (p1 * n2) & 0xff; /* and remove from larger one */
v2 ^= v1 * n2; /* shift accumulated value and */
n2 = hibit(p2); /* add into result */
}
else
return v1;
if(n2) /* repeat with values swapped */
while(n1 >= n2)
{
n1 /= n2;
p1 ^= p2 * n1;
v1 ^= v2 * n1;
n1 = hibit(p1);
}
else
return v2;
}
}
#endif
/* The forward and inverse affine transformations used in the S-box */
uint8_t fwd_affine(const uint8_t x)
{ uint32_t w = x;
w ^= (w << 1) ^ (w << 2) ^ (w << 3) ^ (w << 4);
return 0x63 ^ ((w ^ (w >> 8)) & 0xff);
}
uint8_t inv_affine(const uint8_t x)
{ uint32_t w = x;
w = (w << 1) ^ (w << 3) ^ (w << 6);
return 0x05 ^ ((w ^ (w >> 8)) & 0xff);
}
static int init = 0;
AES_RETURN aes_init(void)
{ uint32_t i, w;
#if defined(FF_TABLES)
uint8_t pow[512], log[256];
if(init)
return EXIT_SUCCESS;
/* log and power tables for GF(2^8) finite field with
WPOLY as modular polynomial - the simplest primitive
root is 0x03, used here to generate the tables
*/
i = 0; w = 1;
do
{
pow[i] = (uint8_t)w;
pow[i + 255] = (uint8_t)w;
log[w] = (uint8_t)i++;
w ^= (w << 1) ^ (w & 0x80 ? WPOLY : 0);
}
while (w != 1);
#else
if(init)
return EXIT_SUCCESS;
#endif
for(i = 0, w = 1; i < RC_LENGTH; ++i)
{
t_set(r,c)[i] = bytes2word(w, 0, 0, 0);
w = f2(w);
}
for(i = 0; i < 256; ++i)
{ uint8_t b;
b = fwd_affine(gf_inv((uint8_t)i));
w = bytes2word(f2(b), b, b, f3(b));
#if defined( SBX_SET )
t_set(s,box)[i] = b;
#endif
#if defined( FT1_SET ) /* tables for a normal encryption round */
t_set(f,n)[i] = w;
#endif
#if defined( FT4_SET )
t_set(f,n)[0][i] = w;
t_set(f,n)[1][i] = upr(w,1);
t_set(f,n)[2][i] = upr(w,2);
t_set(f,n)[3][i] = upr(w,3);
#endif
w = bytes2word(b, 0, 0, 0);
#if defined( FL1_SET ) /* tables for last encryption round (may also */
t_set(f,l)[i] = w; /* be used in the key schedule) */
#endif
#if defined( FL4_SET )
t_set(f,l)[0][i] = w;
t_set(f,l)[1][i] = upr(w,1);
t_set(f,l)[2][i] = upr(w,2);
t_set(f,l)[3][i] = upr(w,3);
#endif
#if defined( LS1_SET ) /* table for key schedule if t_set(f,l) above is*/
t_set(l,s)[i] = w; /* not of the required form */
#endif
#if defined( LS4_SET )
t_set(l,s)[0][i] = w;
t_set(l,s)[1][i] = upr(w,1);
t_set(l,s)[2][i] = upr(w,2);
t_set(l,s)[3][i] = upr(w,3);
#endif
b = gf_inv(inv_affine((uint8_t)i));
w = bytes2word(fe(b), f9(b), fd(b), fb(b));
#if defined( IM1_SET ) /* tables for the inverse mix column operation */
t_set(i,m)[b] = w;
#endif
#if defined( IM4_SET )
t_set(i,m)[0][b] = w;
t_set(i,m)[1][b] = upr(w,1);
t_set(i,m)[2][b] = upr(w,2);
t_set(i,m)[3][b] = upr(w,3);
#endif
#if defined( ISB_SET )
t_set(i,box)[i] = b;
#endif
#if defined( IT1_SET ) /* tables for a normal decryption round */
t_set(i,n)[i] = w;
#endif
#if defined( IT4_SET )
t_set(i,n)[0][i] = w;
t_set(i,n)[1][i] = upr(w,1);
t_set(i,n)[2][i] = upr(w,2);
t_set(i,n)[3][i] = upr(w,3);
#endif
w = bytes2word(b, 0, 0, 0);
#if defined( IL1_SET ) /* tables for last decryption round */
t_set(i,l)[i] = w;
#endif
#if defined( IL4_SET )
t_set(i,l)[0][i] = w;
t_set(i,l)[1][i] = upr(w,1);
t_set(i,l)[2][i] = upr(w,2);
t_set(i,l)[3][i] = upr(w,3);
#endif
}
init = 1;
return EXIT_SUCCESS;
}
/*
Automatic code initialisation (suggested by by Henrik S. Gaßmann)
based on code provided by Joe Lowe and placed in the public domain at:
http://stackoverflow.com/questions/1113409/attribute-constructor-equivalent-in-vc
*/
#ifdef _MSC_VER
#pragma section(".CRT$XCU", read)
__declspec(allocate(".CRT$XCU")) void (__cdecl *aes_startup)(void) = aes_init;
#elif defined(__GNUC__)
static void aes_startup(void) __attribute__((constructor));
static void aes_startup(void)
{
aes_init();
}
#else
#pragma message( "dynamic tables must be initialised manually on your system" )
#endif
#endif
#if defined(__cplusplus)
}
#endif

173
crypto/src/main/jni/final_key/aes/aestab.h Normal file
View File

@@ -0,0 +1,173 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
This file contains the code for declaring the tables needed to implement
AES. The file aesopt.h is assumed to be included before this header file.
If there are no global variables, the definitions here can be used to put
the AES tables in a structure so that a pointer can then be added to the
AES context to pass them to the AES routines that need them. If this
facility is used, the calling program has to ensure that this pointer is
managed appropriately. In particular, the value of the t_dec(in,it) item
in the table structure must be set to zero in order to ensure that the
tables are initialised. In practice the three code sequences in aeskey.c
that control the calls to aes_init() and the aes_init() routine itself will
have to be changed for a specific implementation. If global variables are
available it will generally be preferable to use them with the precomputed
STATIC_TABLES option that uses static global tables.
The following defines can be used to control the way the tables
are defined, initialised and used in embedded environments that
require special features for these purposes
the 't_dec' construction is used to declare fixed table arrays
the 't_set' construction is used to set fixed table values
the 't_use' construction is used to access fixed table values
256 byte tables:
t_xxx(s,box) => forward S box
t_xxx(i,box) => inverse S box
256 32-bit word OR 4 x 256 32-bit word tables:
t_xxx(f,n) => forward normal round
t_xxx(f,l) => forward last round
t_xxx(i,n) => inverse normal round
t_xxx(i,l) => inverse last round
t_xxx(l,s) => key schedule table
t_xxx(i,m) => key schedule table
Other variables and tables:
t_xxx(r,c) => the rcon table
*/
#if !defined( _AESTAB_H )
#define _AESTAB_H
#if defined(__cplusplus)
extern "C" {
#endif
#define t_dec(m,n) t_##m##n
#define t_set(m,n) t_##m##n
#define t_use(m,n) t_##m##n
#if defined(STATIC_TABLES)
# if !defined( __GNUC__ ) && (defined( __MSDOS__ ) || defined( __WIN16__ ))
/* make tables far data to avoid using too much DGROUP space (PG) */
# define CONST const far
# else
# define CONST const
# endif
#else
# define CONST
#endif
#if defined(DO_TABLES)
# define EXTERN
#else
# define EXTERN extern
#endif
#if defined(_MSC_VER) && defined(TABLE_ALIGN)
#define ALIGN __declspec(align(TABLE_ALIGN))
#else
#define ALIGN
#endif
#if defined( __WATCOMC__ ) && ( __WATCOMC__ >= 1100 )
# define XP_DIR __cdecl
#else
# define XP_DIR
#endif
#if defined(DO_TABLES) && defined(STATIC_TABLES)
#define d_1(t,n,b,e) EXTERN ALIGN CONST XP_DIR t n[256] = b(e)
#define d_4(t,n,b,e,f,g,h) EXTERN ALIGN CONST XP_DIR t n[4][256] = { b(e), b(f), b(g), b(h) }
EXTERN ALIGN CONST uint32_t t_dec(r,c)[RC_LENGTH] = rc_data(w0);
#else
#define d_1(t,n,b,e) EXTERN ALIGN CONST XP_DIR t n[256]
#define d_4(t,n,b,e,f,g,h) EXTERN ALIGN CONST XP_DIR t n[4][256]
EXTERN ALIGN CONST uint32_t t_dec(r,c)[RC_LENGTH];
#endif
#if defined( SBX_SET )
d_1(uint8_t, t_dec(s,box), sb_data, h0);
#endif
#if defined( ISB_SET )
d_1(uint8_t, t_dec(i,box), isb_data, h0);
#endif
#if defined( FT1_SET )
d_1(uint32_t, t_dec(f,n), sb_data, u0);
#endif
#if defined( FT4_SET )
d_4(uint32_t, t_dec(f,n), sb_data, u0, u1, u2, u3);
#endif
#if defined( FL1_SET )
d_1(uint32_t, t_dec(f,l), sb_data, w0);
#endif
#if defined( FL4_SET )
d_4(uint32_t, t_dec(f,l), sb_data, w0, w1, w2, w3);
#endif
#if defined( IT1_SET )
d_1(uint32_t, t_dec(i,n), isb_data, v0);
#endif
#if defined( IT4_SET )
d_4(uint32_t, t_dec(i,n), isb_data, v0, v1, v2, v3);
#endif
#if defined( IL1_SET )
d_1(uint32_t, t_dec(i,l), isb_data, w0);
#endif
#if defined( IL4_SET )
d_4(uint32_t, t_dec(i,l), isb_data, w0, w1, w2, w3);
#endif
#if defined( LS1_SET )
#if defined( FL1_SET )
#undef LS1_SET
#else
d_1(uint32_t, t_dec(l,s), sb_data, w0);
#endif
#endif
#if defined( LS4_SET )
#if defined( FL4_SET )
#undef LS4_SET
#else
d_4(uint32_t, t_dec(l,s), sb_data, w0, w1, w2, w3);
#endif
#endif
#if defined( IM1_SET )
d_1(uint32_t, t_dec(i,m), mm_data, v0);
#endif
#if defined( IM4_SET )
d_4(uint32_t, t_dec(i,m), mm_data, v0, v1, v2, v3);
#endif
#if defined(__cplusplus)
}
#endif
#endif

437
crypto/src/main/jni/final_key/aes/aesxam.c Normal file
View File

@@ -0,0 +1,437 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 25/09/2018
*/
// An example of the use of AES (Rijndael) for file encryption. This code
// implements AES in CBC mode with ciphertext stealing when the file length
// is greater than one block (16 bytes). This code is an example of how to
// use AES and is not intended for real use since it does not provide any
// file integrity checking.
//
// The Command line is:
//
// aesxam input_file_name output_file_name [D|E] hexadecimalkey
//
// where E gives encryption and D decryption of the input file into the
// output file using the given hexadecimal key string. The later is a
// hexadecimal sequence of 32, 48 or 64 digits. Examples to encrypt or
// decrypt aes.c into aes.enc are:
//
// aesxam file.c file.enc E 0123456789abcdeffedcba9876543210
//
// aesxam file.enc file2.c D 0123456789abcdeffedcba9876543210
//
// which should return a file 'file2.c' identical to 'file.c'
//
// CIPHERTEXT STEALING
//
// Ciphertext stealing modifies the encryption of the last two CBC
// blocks. It can be applied invariably to the last two plaintext
// blocks or only applied when the last block is a partial one. In
// this code it is only applied if there is a partial block. For
// a plaintext consisting of N blocks, with the last block possibly
// a partial one, ciphertext stealing works as shown below (note the
// reversal of the last two ciphertext blocks). During decryption
// the part of the C:N-1 block that is not transmitted (X) can be
// obtained from the decryption of the penultimate ciphertext block
// since the bytes in X are xored with the zero padding appended to
// the last plaintext block.
//
// This is a picture of the processing of the last
// plaintext blocks during encryption:
//
// +---------+ +---------+ +---------+ +-------+-+
// | P:N-4 | | P:N-3 | | P:N-2 | | P:N-1 |0|
// +---------+ +---------+ +---------+ +-------+-+
// | | | |
// v v v v
// +----->x +----->x +----->x +----->x x = xor
// | | | | | | | |
// | v | v | v | v
// | +---+ | +---+ | +---+ | +---+
// | | E | | | E | | | E | | | E |
// | +---+ | +---+ | +---+ | +---+
// | | | | | | | |
// | | | | | v | +---+
// | | | | | +-------+-+ | |
// | | | | | | C:N-1 |X| | |
// | | | | | +-------+-+ ^ |
// | | | | | || | |
// | | | | | |+------+ |
// | | | | | +----------|--+
// | | | | | | |
// | | | | | +---------+ |
// | | | | | | |
// | v | v | v v
// | +---------+ | +---------+ | +---------+ +-------+
// -+ | C:N-4 |-+ | C:N-3 |-+ | C:N-2 | | C:N-1 |
// +---------+ +---------+ +---------+ +-------+
//
// And this is a picture of the processing of the last
// ciphertext blocks during decryption:
//
// +---------+ +---------+ +---------+ +-------+
// -+ | C:N-4 |-+ | C:N-3 |-+ | C:N-2 | | C:N-1 |
// | +---------+ | +---------+ | +---------+ +-------+
// | | | | | | |
// | v | v | v +--------|----+
// | +---+ | +---+ | +---+ | +--<--+ |
// | | D | | | D | | | D | | | | |
// | +---+ | +---+ | +---+ | | v v
// | | | | | | ^ | +-------+-+
// | v | v | v | | | C:N-1 |X|
// +----->x +----->x | +-------+-+ | +-------+-+
// | | | | |X| | |
// | | | +-------+-+ | v
// | | | | | +---+
// | | | | v | D |
// | | | +------>x +---+
// | | | | |
// | | +----->x<-----|------+ x = xor
// | | | +-----+
// | | | |
// v v v v
// +---------+ +---------+ +---------+ +-------+
// | P:N-4 | | P:N-3 | | P:N-2 | | P:N-1 |
// +---------+ +---------+ +---------+ +-------+
#include <stdio.h>
#include <ctype.h>
#include "aes.h"
#include "rdtsc.h"
#if !defined( _MSC_VER )
// substitute for MSVC fopen_s() on Unix/Linux
int fopen_s(FILE** pFile, const char *filename, const char *mode)
{
char ul_name[64], *d = ul_name;
const char *s = filename;
FILE * fp;
do{
*d++ = (char)(*s == '\\' ? '/' : *s);
}
while(*s++);
*pFile = fp = fopen(ul_name, mode);
return fp == NULL;
}
#endif
#define BLOCK_LEN 16
#define OK 0
#define READ_ERROR -7
#define WRITE_ERROR -8
// A Pseudo Random Number Generator (PRNG) used for the
// Initialisation Vector. The PRNG is George Marsaglia's
// Multiply-With-Carry (MWC) PRNG that concatenates two
// 16-bit MWC generators:
// x(n)=36969 * x(n-1) + carry mod 2^16
// y(n)=18000 * y(n-1) + carry mod 2^16
// to produce a combined PRNG with a period of about 2^60.
// The Pentium cycle counter is used to initialise it. This
// is crude but the IV does not really need to be secret.
#define RAND(a,b) (((a = 36969 * (a & 65535) + (a >> 16)) << 16) + \
(b = 18000 * (b & 65535) + (b >> 16)) )
void fillrand(unsigned char *buf, const int len)
{ static unsigned long a[2], mt = 1, count = 4;
static unsigned char r[4];
int i;
if(mt) { mt = 0; *(unsigned long long*)a = read_tsc(); }
for(i = 0; i < len; ++i)
{
if(count == 4)
{
*(unsigned long*)r = RAND(a[0], a[1]);
count = 0;
}
buf[i] = r[count++];
}
}
int encfile(FILE *fin, FILE *fout, aes_encrypt_ctx ctx[1])
{ unsigned char dbuf[3 * BLOCK_LEN];
unsigned long i, len, wlen = BLOCK_LEN;
// When ciphertext stealing is used, we need three ciphertext blocks
// so we use a buffer that is three times the block length. The buffer
// pointers b1, b2 and b3 point to the buffer positions of three
// ciphertext blocks, b3 being the most recent and b1 being the
// oldest. We start with the IV in b1 and the block to be decrypted
// in b2.
// set a random IV
fillrand(dbuf, BLOCK_LEN);
// read the first file block
len = (unsigned long) fread((char*)dbuf + BLOCK_LEN, 1, BLOCK_LEN, fin);
if(len < BLOCK_LEN)
{ // if the file length is less than one block
// xor the file bytes with the IV bytes
for(i = 0; i < len; ++i)
dbuf[i + BLOCK_LEN] ^= dbuf[i];
// encrypt the top 16 bytes of the buffer
aes_encrypt(dbuf + len, dbuf + len, ctx);
len += BLOCK_LEN;
// write the IV and the encrypted file bytes
if(fwrite((char*)dbuf, 1, len, fout) != len)
return WRITE_ERROR;
return OK;
}
else // if the file length is more 16 bytes
{ unsigned char *b1 = dbuf, *b2 = b1 + BLOCK_LEN, *b3 = b2 + BLOCK_LEN, *bt;
// write the IV
if(fwrite((char*)dbuf, 1, BLOCK_LEN, fout) != BLOCK_LEN)
return WRITE_ERROR;
for( ; ; )
{
// read the next block to see if ciphertext stealing is needed
len = (unsigned long)fread((char*)b3, 1, BLOCK_LEN, fin);
// do CBC chaining prior to encryption for current block (in b2)
for(i = 0; i < BLOCK_LEN; ++i)
b1[i] ^= b2[i];
// encrypt the block (now in b1)
aes_encrypt(b1, b1, ctx);
if(len != 0 && len != BLOCK_LEN) // use ciphertext stealing
{
// set the length of the last block
wlen = len;
// xor ciphertext into last block
for(i = 0; i < len; ++i)
b3[i] ^= b1[i];
// move 'stolen' ciphertext into last block
for(i = len; i < BLOCK_LEN; ++i)
b3[i] = b1[i];
// encrypt this block
aes_encrypt(b3, b3, ctx);
// and write it as the second to last encrypted block
if(fwrite((char*)b3, 1, BLOCK_LEN, fout) != BLOCK_LEN)
return WRITE_ERROR;
}
// write the encrypted block
if(fwrite((char*)b1, 1, wlen, fout) != wlen)
return WRITE_ERROR;
if(len != BLOCK_LEN)
return OK;
// advance the buffer pointers
bt = b3, b3 = b2, b2 = b1, b1 = bt;
}
}
}
int decfile(FILE *fin, FILE *fout, aes_decrypt_ctx ctx[1])
{ unsigned char dbuf[3 * BLOCK_LEN], buf[BLOCK_LEN];
unsigned long i, len, wlen = BLOCK_LEN;
// When ciphertext stealing is used, we need three ciphertext blocks
// so we use a buffer that is three times the block length. The buffer
// pointers b1, b2 and b3 point to the buffer positions of three
// ciphertext blocks, b3 being the most recent and b1 being the
// oldest. We start with the IV in b1 and the block to be decrypted
// in b2.
len = (unsigned long)fread((char*)dbuf, 1, 2 * BLOCK_LEN, fin);
if(len < 2 * BLOCK_LEN) // the original file is less than one block in length
{
len -= BLOCK_LEN;
// decrypt from position len to position len + BLOCK_LEN
aes_decrypt(dbuf + len, dbuf + len, ctx);
// undo the CBC chaining
for(i = 0; i < len; ++i)
dbuf[i] ^= dbuf[i + BLOCK_LEN];
// output the decrypted bytes
if(fwrite((char*)dbuf, 1, len, fout) != len)
return WRITE_ERROR;
return OK;
}
else
{ unsigned char *b1 = dbuf, *b2 = b1 + BLOCK_LEN, *b3 = b2 + BLOCK_LEN, *bt;
for( ; ; ) // while some ciphertext remains, prepare to decrypt block b2
{
// read in the next block to see if ciphertext stealing is needed
len = fread((char*)b3, 1, BLOCK_LEN, fin);
// decrypt the b2 block
aes_decrypt(b2, buf, ctx);
if(len == 0 || len == BLOCK_LEN) // no ciphertext stealing
{
// unchain CBC using the previous ciphertext block in b1
for(i = 0; i < BLOCK_LEN; ++i)
buf[i] ^= b1[i];
}
else // partial last block - use ciphertext stealing
{
wlen = len;
// produce last 'len' bytes of plaintext by xoring with
// the lowest 'len' bytes of next block b3 - C[N-1]
for(i = 0; i < len; ++i)
buf[i] ^= b3[i];
// reconstruct the C[N-1] block in b3 by adding in the
// last (BLOCK_LEN - len) bytes of C[N-2] in b2
for(i = len; i < BLOCK_LEN; ++i)
b3[i] = buf[i];
// decrypt the C[N-1] block in b3
aes_decrypt(b3, b3, ctx);
// produce the last but one plaintext block by xoring with
// the last but two ciphertext block
for(i = 0; i < BLOCK_LEN; ++i)
b3[i] ^= b1[i];
// write decrypted plaintext blocks
if(fwrite((char*)b3, 1, BLOCK_LEN, fout) != BLOCK_LEN)
return WRITE_ERROR;
}
// write the decrypted plaintext block
if(fwrite((char*)buf, 1, wlen, fout) != wlen)
return WRITE_ERROR;
if(len != BLOCK_LEN)
return OK;
// advance the buffer pointers
bt = b1, b1 = b2, b2 = b3, b3 = bt;
}
}
}
int main(int argc, char *argv[])
{ FILE *fin = 0, *fout = 0;
char *cp, ch, key[32];
int i, by = 0, key_len, err = 0;
if(argc != 5 || toupper(*argv[3]) != 'D' && toupper(*argv[3]) != 'E')
{
printf("usage: aesxam in_filename out_filename [d/e] key_in_hex\n");
err = -1; goto exit;
}
aes_init(); // in case dynamic AES tables are being used
cp = argv[4]; // this is a pointer to the hexadecimal key digits
i = 0; // this is a count for the input digits processed
while(i < 64 && *cp) // the maximum key length is 32 bytes and
{ // hence at most 64 hexadecimal digits
ch = toupper(*cp++); // process a hexadecimal digit
if(ch >= '0' && ch <= '9')
by = (by << 4) + ch - '0';
else if(ch >= 'A' && ch <= 'F')
by = (by << 4) + ch - 'A' + 10;
else // error if not hexadecimal
{
printf("key must be in hexadecimal notation\n");
err = -2; goto exit;
}
// store a key byte for each pair of hexadecimal digits
if(i++ & 1)
key[i / 2 - 1] = by & 0xff;
}
if(*cp)
{
printf("The key value is too long\n");
err = -3; goto exit;
}
else if(i < 32 || (i & 15))
{
printf("The key length must be 32, 48 or 64 hexadecimal digits\n");
err = -4; goto exit;
}
key_len = i / 2;
if(fopen_s(&fin, argv[1], "rb")) // try to open the input file
{
printf("The input file: %s could not be opened\n", argv[1]);
err = -5; goto exit;
}
if(fopen_s(&fout, argv[2], "wb")) // try to open the output file
{
printf("The output file: %s could not be opened\n", argv[2]);
err = -6; goto exit;
}
if(toupper(*argv[3]) == 'E') // encryption in Cipher Block Chaining mode
{ aes_encrypt_ctx ctx[1];
aes_encrypt_key((unsigned char*)key, key_len, ctx);
err = encfile(fin, fout, ctx);
}
else // decryption in Cipher Block Chaining mode
{ aes_decrypt_ctx ctx[1];
aes_decrypt_key((unsigned char*)key, key_len, ctx);
err = decfile(fin, fout, ctx);
}
exit:
if(err == READ_ERROR)
printf("Error reading from input file: %s\n", argv[1]);
if(err == WRITE_ERROR)
printf("Error writing to output file: %s\n", argv[2]);
if(fout)
fclose(fout);
if(fin)
fclose(fin);
return err;
}

144
crypto/src/main/jni/final_key/aes/brg_endian.h Normal file
View File

@@ -0,0 +1,144 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 10/09/2018
*/
#ifndef _BRG_ENDIAN_H
#define _BRG_ENDIAN_H
#define IS_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */
#define IS_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */
/* This is needed when using clang with MSVC to avoid including */
/* endian.h and byteswap.h which are not present on Windows */
#if defined( _MSC_VER ) && defined( __clang__ )
# undef __GNUC__
#endif
/* Include files where endian defines and byteswap functions may reside */
#if defined( __sun )
# include <sys/isa_defs.h>
#elif defined( __FreeBSD__ ) || defined( __OpenBSD__ ) || defined( __NetBSD__ )
# include <sys/endian.h>
#elif defined( BSD ) && ( BSD >= 199103 ) || defined( __APPLE__ ) || \
defined( __CYGWIN32__ ) || defined( __DJGPP__ ) || defined( __osf__ )
# include <machine/endian.h>
#elif defined( __linux__ ) || defined( __GNUC__ ) || defined( __GNU_LIBRARY__ )
# if !defined( __MINGW32__ ) && !defined( _AIX )
# include <endian.h>
# if !defined( __BEOS__ )
# include <byteswap.h>
# endif
# endif
#endif
/* Now attempt to set the define for platform byte order using any */
/* of the four forms SYMBOL, _SYMBOL, __SYMBOL & __SYMBOL__, ... */
/* which seem to encompass most endian symbol definitions */
#if defined( __ORDER_BIG_ENDIAN__ ) && defined( __ORDER_LITTLE_ENDIAN__ )
# if defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
# elif defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
# endif
#elif defined( __ORDER_BIG_ENDIAN__ )
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#elif defined( __ORDER_LITTLE_ENDIAN__ )
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#endif
#if defined( BIG_ENDIAN ) && defined( LITTLE_ENDIAN )
# if defined( BYTE_ORDER ) && BYTE_ORDER == BIG_ENDIAN
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
# elif defined( BYTE_ORDER ) && BYTE_ORDER == LITTLE_ENDIAN
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
# endif
#elif defined( BIG_ENDIAN )
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#elif defined( LITTLE_ENDIAN )
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#endif
#if defined( _BIG_ENDIAN ) && defined( _LITTLE_ENDIAN )
# if defined( _BYTE_ORDER ) && _BYTE_ORDER == _BIG_ENDIAN
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
# elif defined( _BYTE_ORDER ) && _BYTE_ORDER == _LITTLE_ENDIAN
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
# endif
#elif defined( _BIG_ENDIAN )
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#elif defined( _LITTLE_ENDIAN )
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#endif
#if defined( __BIG_ENDIAN ) && defined( __LITTLE_ENDIAN )
# if defined( __BYTE_ORDER ) && __BYTE_ORDER == __BIG_ENDIAN
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
# elif defined( __BYTE_ORDER ) && __BYTE_ORDER == __LITTLE_ENDIAN
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
# endif
#elif defined( __BIG_ENDIAN )
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#elif defined( __LITTLE_ENDIAN )
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#endif
#if defined( __BIG_ENDIAN__ ) && defined( __LITTLE_ENDIAN__ )
# if defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __BIG_ENDIAN__
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
# elif defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __LITTLE_ENDIAN__
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
# endif
#elif defined( __BIG_ENDIAN__ )
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#elif defined( __LITTLE_ENDIAN__ )
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#endif
/* if the platform byte order could not be determined, then try to */
/* set this define using common machine defines */
#if !defined(PLATFORM_BYTE_ORDER)
#if defined( __alpha__ ) || defined( __alpha ) || defined( i386 ) || \
defined( __i386__ ) || defined( _M_I86 ) || defined( _M_IX86 ) || \
defined( __OS2__ ) || defined( sun386 ) || defined( __TURBOC__ ) || \
defined( vax ) || defined( vms ) || defined( VMS ) || \
defined( __VMS ) || defined( _M_X64 )
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#elif defined( AMIGA ) || defined( applec ) || defined( __AS400__ ) || \
defined( _CRAY ) || defined( __hppa ) || defined( __hp9000 ) || \
defined( ibm370 ) || defined( mc68000 ) || defined( m68k ) || \
defined( __MRC__ ) || defined( __MVS__ ) || defined( __MWERKS__ ) || \
defined( sparc ) || defined( __sparc) || defined( SYMANTEC_C ) || \
defined( __VOS__ ) || defined( __TIGCC__ ) || defined( __TANDEM ) || \
defined( THINK_C ) || defined( __VMCMS__ ) || defined( _AIX )
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#elif 0 /* **** EDIT HERE IF NECESSARY **** */
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#elif 0 /* **** EDIT HERE IF NECESSARY **** */
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#else
# error Please edit lines 126 or 128 in brg_endian.h to set the platform byte order
#endif
#endif
#endif

217
crypto/src/main/jni/final_key/aes/brg_types.h Normal file
View File

@@ -0,0 +1,217 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 30/09/2017
*/
#ifndef _BRG_TYPES_H
#define _BRG_TYPES_H
#if defined(__cplusplus)
extern "C" {
#endif
#include <limits.h>
#include <stdint.h>
#if defined( _MSC_VER ) && ( _MSC_VER >= 1300 )
# include <stddef.h>
# define ptrint_t intptr_t
#elif defined( __ECOS__ )
# define intptr_t unsigned int
# define ptrint_t intptr_t
#elif defined( __GNUC__ ) && ( __GNUC__ >= 3 ) && !(defined( __HAIKU__ ) || defined( __VxWorks__ ))
# define ptrint_t intptr_t
#else
# define ptrint_t int
#endif
/* define unsigned 8-bit type if not available in stdint.h */
#if !defined(UINT8_MAX)
typedef unsigned char uint8_t;
#endif
/* define unsigned 16-bit type if not available in stdint.h */
#if !defined(UINT16_MAX)
typedef unsigned short uint16_t;
#endif
/* define unsigned 32-bit type if not available in stdint.h and define the
macro li_32(h) which converts a sequence of eight hexadecimal characters
into a 32 bit constant
*/
#if defined(UINT_MAX) && UINT_MAX == 4294967295u
# define li_32(h) 0x##h##u
# if !defined(UINT32_MAX)
typedef unsigned int uint32_t;
# endif
#elif defined(ULONG_MAX) && ULONG_MAX == 4294967295u
# define li_32(h) 0x##h##ul
# if !defined(UINT32_MAX)
typedef unsigned long uint32_t;
# endif
#elif defined( _CRAY )
# error This code needs 32-bit data types, which Cray machines do not provide
#else
# error Please define uint32_t as a 32-bit unsigned integer type in brg_types.h
#endif
/* define unsigned 64-bit type if not available in stdint.h and define the
macro li_64(h) which converts a sequence of eight hexadecimal characters
into a 64 bit constant
*/
#if defined( __BORLANDC__ ) && !defined( __MSDOS__ )
# define li_64(h) 0x##h##ui64
# if !defined(UINT64_MAX)
typedef unsigned __int64 uint64_t;
# endif
#elif defined( _MSC_VER ) && ( _MSC_VER < 1300 ) /* 1300 == VC++ 7.0 */
# define li_64(h) 0x##h##ui64
# if !defined(UINT64_MAX)
typedef unsigned __int64 uint64_t;
# endif
#elif defined( __sun ) && defined( ULONG_MAX ) && ULONG_MAX == 0xfffffffful
# define li_64(h) 0x##h##ull
# if !defined(UINT64_MAX)
typedef unsigned long long uint64_t;
# endif
#elif defined( __MVS__ )
# define li_64(h) 0x##h##ull
# if !defined(UINT64_MAX)
typedef unsigned long long uint64_t;
# endif
#elif defined( UINT_MAX ) && UINT_MAX > 4294967295u
# if UINT_MAX == 18446744073709551615u
# define li_64(h) 0x##h##u
# if !defined(UINT64_MAX)
typedef unsigned int uint64_t;
# endif
# endif
#elif defined( ULONG_MAX ) && ULONG_MAX > 4294967295u
# if ULONG_MAX == 18446744073709551615ul
# define li_64(h) 0x##h##ul
# if !defined(UINT64_MAX) && !defined(_UINT64_T)
typedef unsigned long uint64_t;
# endif
# endif
#elif defined( ULLONG_MAX ) && ULLONG_MAX > 4294967295u
# if ULLONG_MAX == 18446744073709551615ull
# define li_64(h) 0x##h##ull
# if !defined(UINT64_MAX) && !defined( __HAIKU__ )
typedef unsigned long long uint64_t;
# endif
# endif
#elif defined( ULONG_LONG_MAX ) && ULONG_LONG_MAX > 4294967295u
# if ULONG_LONG_MAX == 18446744073709551615ull
# define li_64(h) 0x##h##ull
# if !defined(UINT64_MAX)
typedef unsigned long long uint64_t;
# endif
# endif
#endif
#if !defined( li_64 )
# if defined( NEED_UINT_64T )
# error Please define uint64_t as an unsigned 64 bit type in brg_types.h
# endif
#endif
#ifndef RETURN_VALUES
# define RETURN_VALUES
# if defined( DLL_EXPORT )
# if defined( _MSC_VER ) || defined ( __INTEL_COMPILER )
# define VOID_RETURN __declspec( dllexport ) void __stdcall
# define INT_RETURN __declspec( dllexport ) int __stdcall
# elif defined( __GNUC__ )
# define VOID_RETURN __declspec( __dllexport__ ) void
# define INT_RETURN __declspec( __dllexport__ ) int
# else
# error Use of the DLL is only available on the Microsoft, Intel and GCC compilers
# endif
# elif defined( DLL_IMPORT )
# if defined( _MSC_VER ) || defined ( __INTEL_COMPILER )
# define VOID_RETURN __declspec( dllimport ) void __stdcall
# define INT_RETURN __declspec( dllimport ) int __stdcall
# elif defined( __GNUC__ )
# define VOID_RETURN __declspec( __dllimport__ ) void
# define INT_RETURN __declspec( __dllimport__ ) int
# else
# error Use of the DLL is only available on the Microsoft, Intel and GCC compilers
# endif
# elif defined( __WATCOMC__ )
# define VOID_RETURN void __cdecl
# define INT_RETURN int __cdecl
# else
# define VOID_RETURN void
# define INT_RETURN int
# endif
#endif
/* These defines are used to detect and set the memory alignment of pointers.
Note that offsets are in bytes.
ALIGN_OFFSET(x,n) return the positive or zero offset of
the memory addressed by the pointer 'x'
from an address that is aligned on an
'n' byte boundary ('n' is a power of 2)
ALIGN_FLOOR(x,n) return a pointer that points to memory
that is aligned on an 'n' byte boundary
and is not higher than the memory address
pointed to by 'x' ('n' is a power of 2)
ALIGN_CEIL(x,n) return a pointer that points to memory
that is aligned on an 'n' byte boundary
and is not lower than the memory address
pointed to by 'x' ('n' is a power of 2)
*/
#define ALIGN_OFFSET(x,n) (((ptrint_t)(x)) & ((n) - 1))
#define ALIGN_FLOOR(x,n) ((uint8_t*)(x) - ( ((ptrint_t)(x)) & ((n) - 1)))
#define ALIGN_CEIL(x,n) ((uint8_t*)(x) + (-((ptrint_t)(x)) & ((n) - 1)))
/* These defines are used to declare buffers in a way that allows
faster operations on longer variables to be used. In all these
defines 'size' must be a power of 2 and >= 8. NOTE that the
buffer size is in bytes but the type length is in bits
UNIT_TYPEDEF(x,size) declares a variable 'x' of length
'size' bits
BUFR_TYPEDEF(x,size,bsize) declares a buffer 'x' of length 'bsize'
bytes defined as an array of variables
each of 'size' bits (bsize must be a
multiple of size / 8)
UNIT_CAST(x,size) casts a variable to a type of
length 'size' bits
UPTR_CAST(x,size) casts a pointer to a pointer to a
variable of length 'size' bits
*/
#define UI_TYPE(size) uint##size##_t
#define UNIT_TYPEDEF(x,size) typedef UI_TYPE(size) x
#define BUFR_TYPEDEF(x,size,bsize) typedef UI_TYPE(size) x[bsize / (size >> 3)]
#define UNIT_CAST(x,size) ((UI_TYPE(size) )(x))
#define UPTR_CAST(x,size) ((UI_TYPE(size)*)(x))
#if defined(__cplusplus)
}
#endif
#endif

355
crypto/src/main/jni/final_key/aes/rfc3686.c Normal file
View File

@@ -0,0 +1,355 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/11/2013
*/
#include <stdio.h>
#include <string.h>
#include "aes.h"
typedef struct
{ unsigned int k_len;
unsigned int m_len;
unsigned char key[32];
unsigned char iv[8];
unsigned char nonce[8];
unsigned char p_txt[36];
unsigned char c_str[48];
unsigned char k_str[48];
unsigned char c_txt[36];
} test_str;
test_str tests[] =
{
{ 16, 16, /* Vector 1 */
{ 0xae, 0x68, 0x52, 0xf8, 0x12, 0x10, 0x67, 0xcc,
0x4b, 0xf7, 0xa5, 0x76, 0x55, 0x77, 0xf3, 0x9e
},
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
},
{ 0x00, 0x00, 0x00, 0x30
},
/* "Single block msg" */
{ 0x53, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x20, 0x62,
0x6c, 0x6f, 0x63, 0x6b, 0x20, 0x6d, 0x73, 0x67
},
{ 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
},
{ 0xb7, 0x60, 0x33, 0x28, 0xdb, 0xc2, 0x93, 0x1b,
0x41, 0x0e, 0x16, 0xc8, 0x06, 0x7e, 0x62, 0xdf
},
{ 0xe4, 0x09, 0x5d, 0x4f, 0xb7, 0xa7, 0xb3, 0x79,
0x2d, 0x61, 0x75, 0xa3, 0x26, 0x13, 0x11, 0xb8
}
},
{ 16, 32, /* Vector 2 */
{ 0x7e, 0x24, 0x06, 0x78, 0x17, 0xfa, 0xe0, 0xd7,
0x43, 0xd6, 0xce, 0x1f, 0x32, 0x53, 0x91, 0x63
},
{ 0xc0, 0x54, 0x3b, 0x59, 0xda, 0x48, 0xd9, 0x0b
},
{ 0x00, 0x6c, 0xb6, 0xdb
},
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
},
{ 0x00, 0x6c, 0xb6, 0xdb, 0xc0, 0x54, 0x3b, 0x59,
0xda, 0x48, 0xd9, 0x0b, 0x00, 0x00, 0x00, 0x01,
0x00, 0x6c, 0xb6, 0xdb, 0xc0, 0x54, 0x3b, 0x59,
0xda, 0x48, 0xd9, 0x0b, 0x00, 0x00, 0x00, 0x02
},
{ 0x51, 0x05, 0xa3, 0x05, 0x12, 0x8f, 0x74, 0xde,
0x71, 0x04, 0x4b, 0xe5, 0x82, 0xd7, 0xdd, 0x87,
0xfb, 0x3f, 0x0c, 0xef, 0x52, 0xcf, 0x41, 0xdf,
0xe4, 0xff, 0x2a, 0xc4, 0x8d, 0x5c, 0xa0, 0x37
},
{ 0x51, 0x04, 0xa1, 0x06, 0x16, 0x8a, 0x72, 0xd9,
0x79, 0x0d, 0x41, 0xee, 0x8e, 0xda, 0xd3, 0x88,
0xeb, 0x2e, 0x1e, 0xfc, 0x46, 0xda, 0x57, 0xc8,
0xfc, 0xe6, 0x30, 0xdf, 0x91, 0x41, 0xbe, 0x28
}
},
{ 16, 36, /* Vector 3 */
{ 0x76, 0x91, 0xbe, 0x03, 0x5e, 0x50, 0x20, 0xa8,
0xac, 0x6e, 0x61, 0x85, 0x29, 0xf9, 0xa0, 0xdc
},
{ 0x27, 0x77, 0x7f, 0x3f, 0x4a, 0x17, 0x86, 0xf0
},
{ 0x00, 0xe0, 0x01, 0x7b
},
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
0x20, 0x21, 0x22, 0x23
},
{ 0x00, 0xe0, 0x01, 0x7b, 0x27, 0x77, 0x7f, 0x3f,
0x4a, 0x17, 0x86, 0xf0, 0x00, 0x00, 0x00, 0x01,
0x00, 0xe0, 0x01, 0x7b, 0x27, 0x77, 0x7f, 0x3f,
0x4a, 0x17, 0x86, 0xf0, 0x00, 0x00, 0x00, 0x02,
0x00, 0xe0, 0x01, 0x7b, 0x27, 0x77, 0x7f, 0x3f,
0x4a, 0x17, 0x86, 0xf0, 0x00, 0x00, 0x00, 0x03
},
{ 0xc1, 0xce, 0x4a, 0xab, 0x9b, 0x2a, 0xfb, 0xde,
0xc7, 0x4f, 0x58, 0xe2, 0xe3, 0xd6, 0x7c, 0xd8,
0x55, 0x51, 0xb6, 0x38, 0xca, 0x78, 0x6e, 0x21,
0xcd, 0x83, 0x46, 0xf1, 0xb2, 0xee, 0x0e, 0x4c,
0x05, 0x93, 0x25, 0x0c, 0x17, 0x55, 0x36, 0x00,
0xa6, 0x3d, 0xfe, 0xcf, 0x56, 0x23, 0x87, 0xe9
},
{ 0xc1, 0xcf, 0x48, 0xa8, 0x9f, 0x2f, 0xfd, 0xd9,
0xcf, 0x46, 0x52, 0xe9, 0xef, 0xdb, 0x72, 0xd7,
0x45, 0x40, 0xa4, 0x2b, 0xde, 0x6d, 0x78, 0x36,
0xd5, 0x9a, 0x5c, 0xea, 0xae, 0xf3, 0x10, 0x53,
0x25, 0xb2, 0x07, 0x2f
}
},
{ 24, 16, /* Vector 4 */
{ 0x16, 0xaf, 0x5b, 0x14, 0x5f, 0xc9, 0xf5, 0x79,
0xc1, 0x75, 0xf9, 0x3e, 0x3b, 0xfb, 0x0e, 0xed,
0x86, 0x3d, 0x06, 0xcc, 0xfd, 0xb7, 0x85, 0x15
},
{ 0x36, 0x73, 0x3c, 0x14, 0x7d, 0x6d, 0x93, 0xcb
},
{ 0x00, 0x00, 0x00, 0x48
},
/* "Single block msg" */
{ 0x53, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x20, 0x62,
0x6c, 0x6f, 0x63, 0x6b, 0x20, 0x6d, 0x73, 0x67
},
{ 0x00, 0x00, 0x00, 0x48, 0x36, 0x73, 0x3c, 0x14,
0x7d, 0x6d, 0x93, 0xcb, 0x00, 0x00, 0x00, 0x01
},
{ 0x18, 0x3c, 0x56, 0x28, 0x8e, 0x3c, 0xe9, 0xaa,
0x22, 0x16, 0x56, 0xcb, 0x23, 0xa6, 0x9a, 0x4f
},
{ 0x4b, 0x55, 0x38, 0x4f, 0xe2, 0x59, 0xc9, 0xc8,
0x4e, 0x79, 0x35, 0xa0, 0x03, 0xcb, 0xe9, 0x28
}
},
{ 24, 32, /* Vector 5 */
{ 0x7c, 0x5c, 0xb2, 0x40, 0x1b, 0x3d, 0xc3, 0x3c,
0x19, 0xe7, 0x34, 0x08, 0x19, 0xe0, 0xf6, 0x9c,
0x67, 0x8c, 0x3d, 0xb8, 0xe6, 0xf6, 0xa9, 0x1a
},
{ 0x02, 0x0c, 0x6e, 0xad, 0xc2, 0xcb, 0x50, 0x0d
},
{ 0x00, 0x96, 0xb0, 0x3b
},
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
},
{ 0x00, 0x96, 0xb0, 0x3b, 0x02, 0x0c, 0x6e, 0xad,
0xc2, 0xcb, 0x50, 0x0d, 0x00, 0x00, 0x00, 0x01,
0x00, 0x96, 0xb0, 0x3b, 0x02, 0x0c, 0x6e, 0xad,
0xc2, 0xcb, 0x50, 0x0d, 0x00, 0x00, 0x00, 0x02
},
{ 0x45, 0x33, 0x41, 0xff, 0x64, 0x9e, 0x25, 0x35,
0x76, 0xd6, 0xa0, 0xf1, 0x7d, 0x3c, 0xc3, 0x90,
0x94, 0x81, 0x62, 0x0f, 0x4e, 0xc1, 0xb1, 0x8b,
0xe4, 0x06, 0xfa, 0xe4, 0x5e, 0xe9, 0xe5, 0x1f
},
{ 0x45, 0x32, 0x43, 0xfc, 0x60, 0x9b, 0x23, 0x32,
0x7e, 0xdf, 0xaa, 0xfa, 0x71, 0x31, 0xcd, 0x9f,
0x84, 0x90, 0x70, 0x1c, 0x5a, 0xd4, 0xa7, 0x9c,
0xfc, 0x1f, 0xe0, 0xff, 0x42, 0xf4, 0xfb, 0x00
}
},
{ 24, 36, /* Vector 6 */
{ 0x02, 0xbf, 0x39, 0x1e, 0xe8, 0xec, 0xb1, 0x59,
0xb9, 0x59, 0x61, 0x7b, 0x09, 0x65, 0x27, 0x9b,
0xf5, 0x9b, 0x60, 0xa7, 0x86, 0xd3, 0xe0, 0xfe
},
{ 0x5c, 0xbd, 0x60, 0x27, 0x8d, 0xcc, 0x09, 0x12
},
{ 0x00, 0x07, 0xbd, 0xfd
},
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
0x20, 0x21, 0x22, 0x23
},
{ 0x00, 0x07, 0xbd, 0xfd, 0x5c, 0xbd, 0x60, 0x27,
0x8d, 0xcc, 0x09, 0x12, 0x00, 0x00, 0x00, 0x01,
0x00, 0x07, 0xbd, 0xfd, 0x5c, 0xbd, 0x60, 0x27,
0x8d, 0xcc, 0x09, 0x12, 0x00, 0x00, 0x00, 0x03,
0x00, 0x07, 0xbd, 0xfd, 0x5c, 0xbd, 0x60, 0x27,
0x8d, 0xcc, 0x09, 0x12, 0x00, 0x00, 0x00, 0x02
},
{ 0x96, 0x88, 0x3d, 0xc6, 0x5a, 0x59, 0x74, 0x28,
0x5c, 0x02, 0x77, 0xda, 0xd1, 0xfa, 0xe9, 0x57,
0xc2, 0x99, 0xae, 0x86, 0xd2, 0x84, 0x73, 0x9f,
0x5d, 0x2f, 0xd2, 0x0a, 0x7a, 0x32, 0x3f, 0x97,
0x8b, 0xcf, 0x2b, 0x16, 0x39, 0x99, 0xb2, 0x26,
0x15, 0xb4, 0x9c, 0xd4, 0xfe, 0x57, 0x39, 0x98
},
{ 0x96, 0x89, 0x3f, 0xc5, 0x5e, 0x5c, 0x72, 0x2f,
0x54, 0x0b, 0x7d, 0xd1, 0xdd, 0xf7, 0xe7, 0x58,
0xd2, 0x88, 0xbc, 0x95, 0xc6, 0x91, 0x65, 0x88,
0x45, 0x36, 0xc8, 0x11, 0x66, 0x2f, 0x21, 0x88,
0xab, 0xee, 0x09, 0x35
}
},
{ 32, 16, /* Vector 7 */
{ 0x77, 0x6b, 0xef, 0xf2, 0x85, 0x1d, 0xb0, 0x6f,
0x4c, 0x8a, 0x05, 0x42, 0xc8, 0x69, 0x6f, 0x6c,
0x6a, 0x81, 0xaf, 0x1e, 0xec, 0x96, 0xb4, 0xd3,
0x7f, 0xc1, 0xd6, 0x89, 0xe6, 0xc1, 0xc1, 0x04
},
{ 0xdb, 0x56, 0x72, 0xc9, 0x7a, 0xa8, 0xf0, 0xb2
},
{ 0x00, 0x00, 0x00, 0x60
},
/* "Single block msg" */
{ 0x53, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x20, 0x62,
0x6c, 0x6f, 0x63, 0x6b, 0x20, 0x6d, 0x73, 0x67
},
{ 0x00, 0x00, 0x00, 0x60, 0xdb, 0x56, 0x72, 0xc9,
0x7a, 0xa8, 0xf0, 0xb2, 0x00, 0x00, 0x00, 0x01
},
{ 0x47, 0x33, 0xbe, 0x7a, 0xd3, 0xe7, 0x6e, 0xa5,
0x3a, 0x67, 0x00, 0xb7, 0x51, 0x8e, 0x93, 0xa7
},
{ 0x14, 0x5a, 0xd0, 0x1d, 0xbf, 0x82, 0x4e, 0xc7,
0x56, 0x08, 0x63, 0xdc, 0x71, 0xe3, 0xe0, 0xc0
}
},
{ 32, 32, /* Vector 8 */
{ 0xf6, 0xd6, 0x6d, 0x6b, 0xd5, 0x2d, 0x59, 0xbb,
0x07, 0x96, 0x36, 0x58, 0x79, 0xef, 0xf8, 0x86,
0xc6, 0x6d, 0xd5, 0x1a, 0x5b, 0x6a, 0x99, 0x74,
0x4b, 0x50, 0x59, 0x0c, 0x87, 0xa2, 0x38, 0x84
},
{ 0xc1, 0x58, 0x5e, 0xf1, 0x5a, 0x43, 0xd8, 0x75
},
{ 0x00, 0xfa, 0xac, 0x24
},
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
},
{ 0x00, 0xfa, 0xac, 0x24, 0xc1, 0x58, 0x5e, 0xf1,
0x5a, 0x43, 0xd8, 0x75, 0x00, 0x00, 0x00, 0x01,
0x00, 0xfa, 0xac, 0x24, 0xc1, 0x58, 0x5e, 0xf1,
0x5a, 0x43, 0xd8, 0x75, 0x00, 0x00, 0x00, 0x02
},
{ 0xf0, 0x5f, 0x21, 0x18, 0x3c, 0x91, 0x67, 0x2b,
0x41, 0xe7, 0x0a, 0x00, 0x8c, 0x43, 0xbc, 0xa6,
0xa8, 0x21, 0x79, 0x43, 0x9b, 0x96, 0x8b, 0x7d,
0x4d, 0x29, 0x99, 0x06, 0x8f, 0x59, 0xb1, 0x03
},
{ 0xf0, 0x5e, 0x23, 0x1b, 0x38, 0x94, 0x61, 0x2c,
0x49, 0xee, 0x00, 0x0b, 0x80, 0x4e, 0xb2, 0xa9,
0xb8, 0x30, 0x6b, 0x50, 0x8f, 0x83, 0x9d, 0x6a,
0x55, 0x30, 0x83, 0x1d, 0x93, 0x44, 0xaf, 0x1c
}
},
{ 32, 36, /* Vector 9 */
{ 0xff, 0x7a, 0x61, 0x7c, 0xe6, 0x91, 0x48, 0xe4,
0xf1, 0x72, 0x6e, 0x2f, 0x43, 0x58, 0x1d, 0xe2,
0xaa, 0x62, 0xd9, 0xf8, 0x05, 0x53, 0x2e, 0xdf,
0xf1, 0xee, 0xd6, 0x87, 0xfb, 0x54, 0x15, 0x3d
},
{ 0x51, 0xa5, 0x1d, 0x70, 0xa1, 0xc1, 0x11, 0x48
},
{ 0x00, 0x1c, 0xc5, 0xb7
},
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
0x20, 0x21, 0x22, 0x23
},
{ 0x00, 0x1c, 0xc5, 0xb7, 0x51, 0xa5, 0x1d, 0x70,
0xa1, 0xc1, 0x11, 0x48, 0x00, 0x00, 0x00, 0x01,
0x00, 0x1c, 0xc5, 0xb7, 0x51, 0xa5, 0x1d, 0x70,
0xa1, 0xc1, 0x11, 0x48, 0x00, 0x00, 0x00, 0x02,
0x00, 0x1c, 0xc5, 0xb7, 0x51, 0xa5, 0x1d, 0x70,
0xa1, 0xc1, 0x11, 0x48, 0x00, 0x00, 0x00, 0x03
},
{ 0xeb, 0x6d, 0x50, 0x81, 0x19, 0x0e, 0xbd, 0xf0,
0xc6, 0x7c, 0x9e, 0x4d, 0x26, 0xc7, 0x41, 0xa5,
0xa4, 0x16, 0xcd, 0x95, 0x71, 0x7c, 0xeb, 0x10,
0xec, 0x95, 0xda, 0xae, 0x9f, 0xcb, 0x19, 0x00,
0x3e, 0xe1, 0xc4, 0x9b, 0xc6, 0xb9, 0xca, 0x21,
0x3f, 0x6e, 0xe2, 0x71, 0xd0, 0xa9, 0x33, 0x39
},
{ 0xeb, 0x6c, 0x52, 0x82, 0x1d, 0x0b, 0xbb, 0xf7,
0xce, 0x75, 0x94, 0x46, 0x2a, 0xca, 0x4f, 0xaa,
0xb4, 0x07, 0xdf, 0x86, 0x65, 0x69, 0xfd, 0x07,
0xf4, 0x8c, 0xc0, 0xb5, 0x83, 0xd6, 0x07, 0x1f,
0x1e, 0xc0, 0xe6, 0xb8
}
}
};
void rfc3686_inc(unsigned char ctr_buf[AES_BLOCK_SIZE])
{
if(!(++(ctr_buf[15])))
if(!(++(ctr_buf[14])))
if(!(++(ctr_buf[13])))
++(ctr_buf[12]);
}
void rfc3686_init( unsigned char nonce[4], unsigned char iv[8], unsigned char ctr_buf[AES_BLOCK_SIZE])
{
memcpy(ctr_buf, nonce, 4);
memcpy(ctr_buf + 4, iv, 8);
memset(ctr_buf + 12, 0, 4);
rfc3686_inc(ctr_buf);
}
AES_RETURN rfc3686_crypt(const unsigned char *ibuf, unsigned char *obuf, int len,
unsigned char *cbuf, aes_encrypt_ctx cx[1])
{
return aes_ctr_crypt(ibuf, obuf, len, cbuf, rfc3686_inc, cx);
}
void rfc3686_test(void)
{ aes_encrypt_ctx aes_ctx[1];
unsigned char ctr_buf[AES_BLOCK_SIZE];
unsigned char obuf[36];
unsigned int i, err = 0;
for( i = 0 ; i < sizeof(tests) / sizeof(test_str) ; ++i )
{
aes_encrypt_key(tests[i].key, tests[i].k_len, aes_ctx);
rfc3686_init(tests[i].nonce, tests[i].iv, ctr_buf);
rfc3686_crypt(tests[i].p_txt, obuf, tests[i].m_len, ctr_buf, aes_ctx);
if(memcmp(obuf, tests[i].c_txt, tests[i].m_len) != 0)
{
err++;
printf("error\n");
}
}
if(!err)
printf("RFC3686 Tests Passed\n");
}
int main(void)
{
rfc3686_test();
return 0;
}

318
crypto/src/main/jni/final_key/aes/tablegen.c Normal file
View File

@@ -0,0 +1,318 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
*/
#define DO_TABLES
#include <stdio.h>
#include "aesaux.h"
#include "aesopt.h"
#define sb_data(w) {\
w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\
w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\
w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\
w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\
w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\
w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\
w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\
w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\
w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\
w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\
w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\
w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\
w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\
w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\
w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\
w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\
w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\
w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\
w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\
w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\
w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\
w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\
w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\
w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\
w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\
w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\
w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\
w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\
w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\
w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\
w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\
w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16) }
#define isb_data(w) {\
w(0x52), w(0x09), w(0x6a), w(0xd5), w(0x30), w(0x36), w(0xa5), w(0x38),\
w(0xbf), w(0x40), w(0xa3), w(0x9e), w(0x81), w(0xf3), w(0xd7), w(0xfb),\
w(0x7c), w(0xe3), w(0x39), w(0x82), w(0x9b), w(0x2f), w(0xff), w(0x87),\
w(0x34), w(0x8e), w(0x43), w(0x44), w(0xc4), w(0xde), w(0xe9), w(0xcb),\
w(0x54), w(0x7b), w(0x94), w(0x32), w(0xa6), w(0xc2), w(0x23), w(0x3d),\
w(0xee), w(0x4c), w(0x95), w(0x0b), w(0x42), w(0xfa), w(0xc3), w(0x4e),\
w(0x08), w(0x2e), w(0xa1), w(0x66), w(0x28), w(0xd9), w(0x24), w(0xb2),\
w(0x76), w(0x5b), w(0xa2), w(0x49), w(0x6d), w(0x8b), w(0xd1), w(0x25),\
w(0x72), w(0xf8), w(0xf6), w(0x64), w(0x86), w(0x68), w(0x98), w(0x16),\
w(0xd4), w(0xa4), w(0x5c), w(0xcc), w(0x5d), w(0x65), w(0xb6), w(0x92),\
w(0x6c), w(0x70), w(0x48), w(0x50), w(0xfd), w(0xed), w(0xb9), w(0xda),\
w(0x5e), w(0x15), w(0x46), w(0x57), w(0xa7), w(0x8d), w(0x9d), w(0x84),\
w(0x90), w(0xd8), w(0xab), w(0x00), w(0x8c), w(0xbc), w(0xd3), w(0x0a),\
w(0xf7), w(0xe4), w(0x58), w(0x05), w(0xb8), w(0xb3), w(0x45), w(0x06),\
w(0xd0), w(0x2c), w(0x1e), w(0x8f), w(0xca), w(0x3f), w(0x0f), w(0x02),\
w(0xc1), w(0xaf), w(0xbd), w(0x03), w(0x01), w(0x13), w(0x8a), w(0x6b),\
w(0x3a), w(0x91), w(0x11), w(0x41), w(0x4f), w(0x67), w(0xdc), w(0xea),\
w(0x97), w(0xf2), w(0xcf), w(0xce), w(0xf0), w(0xb4), w(0xe6), w(0x73),\
w(0x96), w(0xac), w(0x74), w(0x22), w(0xe7), w(0xad), w(0x35), w(0x85),\
w(0xe2), w(0xf9), w(0x37), w(0xe8), w(0x1c), w(0x75), w(0xdf), w(0x6e),\
w(0x47), w(0xf1), w(0x1a), w(0x71), w(0x1d), w(0x29), w(0xc5), w(0x89),\
w(0x6f), w(0xb7), w(0x62), w(0x0e), w(0xaa), w(0x18), w(0xbe), w(0x1b),\
w(0xfc), w(0x56), w(0x3e), w(0x4b), w(0xc6), w(0xd2), w(0x79), w(0x20),\
w(0x9a), w(0xdb), w(0xc0), w(0xfe), w(0x78), w(0xcd), w(0x5a), w(0xf4),\
w(0x1f), w(0xdd), w(0xa8), w(0x33), w(0x88), w(0x07), w(0xc7), w(0x31),\
w(0xb1), w(0x12), w(0x10), w(0x59), w(0x27), w(0x80), w(0xec), w(0x5f),\
w(0x60), w(0x51), w(0x7f), w(0xa9), w(0x19), w(0xb5), w(0x4a), w(0x0d),\
w(0x2d), w(0xe5), w(0x7a), w(0x9f), w(0x93), w(0xc9), w(0x9c), w(0xef),\
w(0xa0), w(0xe0), w(0x3b), w(0x4d), w(0xae), w(0x2a), w(0xf5), w(0xb0),\
w(0xc8), w(0xeb), w(0xbb), w(0x3c), w(0x83), w(0x53), w(0x99), w(0x61),\
w(0x17), w(0x2b), w(0x04), w(0x7e), w(0xba), w(0x77), w(0xd6), w(0x26),\
w(0xe1), w(0x69), w(0x14), w(0x63), w(0x55), w(0x21), w(0x0c), w(0x7d) }
#define mm_data(w) {\
w(0x00), w(0x01), w(0x02), w(0x03), w(0x04), w(0x05), w(0x06), w(0x07),\
w(0x08), w(0x09), w(0x0a), w(0x0b), w(0x0c), w(0x0d), w(0x0e), w(0x0f),\
w(0x10), w(0x11), w(0x12), w(0x13), w(0x14), w(0x15), w(0x16), w(0x17),\
w(0x18), w(0x19), w(0x1a), w(0x1b), w(0x1c), w(0x1d), w(0x1e), w(0x1f),\
w(0x20), w(0x21), w(0x22), w(0x23), w(0x24), w(0x25), w(0x26), w(0x27),\
w(0x28), w(0x29), w(0x2a), w(0x2b), w(0x2c), w(0x2d), w(0x2e), w(0x2f),\
w(0x30), w(0x31), w(0x32), w(0x33), w(0x34), w(0x35), w(0x36), w(0x37),\
w(0x38), w(0x39), w(0x3a), w(0x3b), w(0x3c), w(0x3d), w(0x3e), w(0x3f),\
w(0x40), w(0x41), w(0x42), w(0x43), w(0x44), w(0x45), w(0x46), w(0x47),\
w(0x48), w(0x49), w(0x4a), w(0x4b), w(0x4c), w(0x4d), w(0x4e), w(0x4f),\
w(0x50), w(0x51), w(0x52), w(0x53), w(0x54), w(0x55), w(0x56), w(0x57),\
w(0x58), w(0x59), w(0x5a), w(0x5b), w(0x5c), w(0x5d), w(0x5e), w(0x5f),\
w(0x60), w(0x61), w(0x62), w(0x63), w(0x64), w(0x65), w(0x66), w(0x67),\
w(0x68), w(0x69), w(0x6a), w(0x6b), w(0x6c), w(0x6d), w(0x6e), w(0x6f),\
w(0x70), w(0x71), w(0x72), w(0x73), w(0x74), w(0x75), w(0x76), w(0x77),\
w(0x78), w(0x79), w(0x7a), w(0x7b), w(0x7c), w(0x7d), w(0x7e), w(0x7f),\
w(0x80), w(0x81), w(0x82), w(0x83), w(0x84), w(0x85), w(0x86), w(0x87),\
w(0x88), w(0x89), w(0x8a), w(0x8b), w(0x8c), w(0x8d), w(0x8e), w(0x8f),\
w(0x90), w(0x91), w(0x92), w(0x93), w(0x94), w(0x95), w(0x96), w(0x97),\
w(0x98), w(0x99), w(0x9a), w(0x9b), w(0x9c), w(0x9d), w(0x9e), w(0x9f),\
w(0xa0), w(0xa1), w(0xa2), w(0xa3), w(0xa4), w(0xa5), w(0xa6), w(0xa7),\
w(0xa8), w(0xa9), w(0xaa), w(0xab), w(0xac), w(0xad), w(0xae), w(0xaf),\
w(0xb0), w(0xb1), w(0xb2), w(0xb3), w(0xb4), w(0xb5), w(0xb6), w(0xb7),\
w(0xb8), w(0xb9), w(0xba), w(0xbb), w(0xbc), w(0xbd), w(0xbe), w(0xbf),\
w(0xc0), w(0xc1), w(0xc2), w(0xc3), w(0xc4), w(0xc5), w(0xc6), w(0xc7),\
w(0xc8), w(0xc9), w(0xca), w(0xcb), w(0xcc), w(0xcd), w(0xce), w(0xcf),\
w(0xd0), w(0xd1), w(0xd2), w(0xd3), w(0xd4), w(0xd5), w(0xd6), w(0xd7),\
w(0xd8), w(0xd9), w(0xda), w(0xdb), w(0xdc), w(0xdd), w(0xde), w(0xdf),\
w(0xe0), w(0xe1), w(0xe2), w(0xe3), w(0xe4), w(0xe5), w(0xe6), w(0xe7),\
w(0xe8), w(0xe9), w(0xea), w(0xeb), w(0xec), w(0xed), w(0xee), w(0xef),\
w(0xf0), w(0xf1), w(0xf2), w(0xf3), w(0xf4), w(0xf5), w(0xf6), w(0xf7),\
w(0xf8), w(0xf9), w(0xfa), w(0xfb), w(0xfc), w(0xfd), w(0xfe), w(0xff) }
#define rc_data(w) {\
w(0x01), w(0x02), w(0x04), w(0x08), w(0x10),w(0x20), w(0x40), w(0x80),\
w(0x1b), w(0x36) }
#define h0(x) (x)
#define w0(p) bytes2word(p, 0, 0, 0)
#define w1(p) bytes2word(0, p, 0, 0)
#define w2(p) bytes2word(0, 0, p, 0)
#define w3(p) bytes2word(0, 0, 0, p)
#define u0(p) bytes2word(f2(p), p, p, f3(p))
#define u1(p) bytes2word(f3(p), f2(p), p, p)
#define u2(p) bytes2word(p, f3(p), f2(p), p)
#define u3(p) bytes2word(p, p, f3(p), f2(p))
#define v0(p) bytes2word(fe(p), f9(p), fd(p), fb(p))
#define v1(p) bytes2word(fb(p), fe(p), f9(p), fd(p))
#define v2(p) bytes2word(fd(p), fb(p), fe(p), f9(p))
#define v3(p) bytes2word(f9(p), fd(p), fb(p), fe(p))
#define f2(x) ((x<<1) ^ (((x>>7) & 1) * WPOLY))
#define f4(x) ((x<<2) ^ (((x>>6) & 1) * WPOLY) ^ (((x>>6) & 2) * WPOLY))
#define f8(x) ((x<<3) ^ (((x>>5) & 1) * WPOLY) ^ (((x>>5) & 2) * WPOLY) \
^ (((x>>5) & 4) * WPOLY))
#define f3(x) (f2(x) ^ x)
#define f9(x) (f8(x) ^ x)
#define fb(x) (f8(x) ^ f2(x) ^ x)
#define fd(x) (f8(x) ^ f4(x) ^ x)
#define fe(x) (f8(x) ^ f4(x) ^ f2(x))
#include "aestab.h"
#define t_parm(m,n) "t_"#m#n, t_##m##n
void rtab(FILE *f, unsigned char *h, const unsigned int t[RC_LENGTH])
{ int i;
fprintf(f, "\nuint32_t %s[RC_LENGTH] = \n{", h);
for(i = 0; i < RC_LENGTH; ++i)
{
if(i % 4 == 0)
fprintf(f, "\n ");
if(i != RC_LENGTH - 1)
fprintf(f, "0x%08x, ", t[i]);
else
fprintf(f, "0x%08x ", t[i]);
}
fprintf(f, "\n};\n");
}
void btab_1(FILE *f, unsigned char *h, const unsigned char t[256])
{ int i;
fprintf(f, "\nuint8_t %s[256] = \n{", h);
for(i = 0; i < 256; ++i)
{
if(i % 8 == 0)
fprintf(f, "\n ");
if(i != 255)
fprintf(f, "0x%02x, ", t[i]);
else
fprintf(f, "0x%02x ", t[i]);
}
fprintf(f, "\n};\n");
}
void wtab_1(FILE *f, unsigned char *h, const unsigned int t[256])
{ int i;
fprintf(f, "\nuint32_t %s[256] = \n{", h);
for(i = 0; i < 256; ++i)
{
if(i % 4 == 0)
fprintf(f, "\n ");
if(i != 255)
fprintf(f, "0x%08x, ", t[i]);
else
fprintf(f, "0x%08x ", t[i]);
}
fprintf(f, "\n};\n");
}
void wtab_4(FILE *f, unsigned char *h, const unsigned int t[4][256])
{ int i, j;
fprintf(f, "\nuint32_t %s[4][256] = \n{", h);
for(i = 0; i < 4; ++i)
{
fprintf(f, "\n {");
for(j = 0; j < 256; ++j)
{
if(j % 4 == 0)
fprintf(f, "\n ");
if(j != 255)
fprintf(f, "0x%08x, ", t[i][j]);
else
fprintf(f, "0x%08x ", t[i][j]);
}
if(i != 3)
fprintf(f, "\n },");
else
fprintf(f, "\n }");
}
fprintf(f, "\n};\n");
}
int main(void)
{ FILE *f;
char *fn = "aestab2.c";
if(fopen_s(&f, fn, "w"))
{
printf("\nCannot open %s for output\n", fn);
return -1;
}
fprintf(f, "\n#include \"aes.h\"\n");
fprintf(f, "\n#define RC_LENGTH (5 * (AES_BLOCK_SIZE / 4 - 2))\n");
fprintf(f, "\nvoid aes_init() \n{ \n}\n");
rtab(f, t_parm(r,c));
#if defined( SBX_SET )
btab_1(f, t_parm(s,box));
#endif
#if defined( ISB_SET )
btab_1(f, t_parm(i,box));
#endif
#if defined( FT1_SET )
wtab_1(f, t_parm(f,n));
#endif
#if defined( FT4_SET )
wtab_4(f, t_parm(f,n));
#endif
#if defined( FL1_SET )
wtab_1(f, t_parm(f,l));
#endif
#if defined( FL4_SET )
wtab_4(f, t_parm(f,l));
#endif
#if defined( IT1_SET )
wtab_1(f, t_parm(i,n));
#endif
#if defined( IT4_SET )
wtab_4(f, t_parm(i,n));
#endif
#if defined( IL1_SET )
wtab_1(f, t_parm(i,l));
#endif
#if defined( IL4_SET )
wtab_4(f, t_parm(i,l));
#endif
#if defined( LS1_SET )
#if !defined( FL1_SET )
wtab_1(f, t_parm(l,s));
#endif
#endif
#if defined( LS4_SET )
#if !defined( FL4_SET )
wtab_4(f, t_parm(l,s));
#endif
#endif
#if defined( IM1_SET )
wtab_1(f, t_parm(i,m));
#endif
#if defined( IM4_SET )
wtab_4(f, t_parm(i,m));
#endif
fclose(f);
return 0;
}

525
crypto/src/main/jni/final_key/kpd_jni.c Normal file
View File

@@ -0,0 +1,525 @@
/*
This is a JNI wrapper for AES & SHA source code on Android.
Copyright (C) 2010 Michael Mohr
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdio.h>
#include <stdlib.h>
#include <inttypes.h>
#include <string.h>
#include <pthread.h>
#include <jni.h>
/* Tune as desired */
#undef KPD_PROFILE
//#define KPD_DEBUG
#if defined(KPD_PROFILE)
#include <time.h>
#endif
#if defined(KPD_DEBUG)
#include <android/log.h>
#endif
#include "aes.h"
#include "sha2.h"
static JavaVM *cached_vm;
static jclass bad_arg, no_mem, bad_padding, short_buf, block_size;
typedef enum {
ENCRYPTION,
DECRYPTION,
FINALIZED
} edir_t;
#define AES_BLOCK_SIZE 16
#define CACHE_SIZE 32
typedef struct _aes_state {
edir_t direction;
uint32_t cache_len;
uint8_t iv[16], cache[CACHE_SIZE];
uint8_t ctx[sizeof(aes_encrypt_ctx)]; // 244
} aes_state;
#define ENC_CTX(state) (((aes_encrypt_ctx *)((state)->ctx)))
#define DEC_CTX(state) (((aes_decrypt_ctx *)((state)->ctx)))
#define ALIGN_EXTRA 15
#define ALIGN16(x) (void *)(((uintptr_t)(x)+ALIGN_EXTRA) & ~ 0x0F)
JNIEXPORT jint JNICALL JNI_OnLoad( JavaVM *vm, void *reserved ) {
JNIEnv *env;
jclass cls;
cached_vm = vm;
if((*vm)->GetEnv(vm, (void **)&env, JNI_VERSION_1_6))
return JNI_ERR;
cls = (*env)->FindClass(env, "java/lang/IllegalArgumentException");
if( cls == NULL )
return JNI_ERR;
bad_arg = (*env)->NewGlobalRef(env, cls);
if( bad_arg == NULL )
return JNI_ERR;
cls = (*env)->FindClass(env, "java/lang/OutOfMemoryError");
if( cls == NULL )
return JNI_ERR;
no_mem = (*env)->NewGlobalRef(env, cls);
if( no_mem == NULL )
return JNI_ERR;
cls = (*env)->FindClass(env, "javax/crypto/BadPaddingException");
if( cls == NULL )
return JNI_ERR;
bad_padding = (*env)->NewGlobalRef(env, cls);
cls = (*env)->FindClass(env, "javax/crypto/ShortBufferException");
if( cls == NULL )
return JNI_ERR;
short_buf = (*env)->NewGlobalRef(env, cls);
cls = (*env)->FindClass(env, "javax/crypto/IllegalBlockSizeException");
if( cls == NULL )
return JNI_ERR;
block_size = (*env)->NewGlobalRef(env, cls);
aes_init();
return JNI_VERSION_1_6;
}
// called on garbage collection
JNIEXPORT void JNICALL JNI_OnUnload( JavaVM *vm, void *reserved ) {
JNIEnv *env;
if((*vm)->GetEnv(vm, (void **)&env, JNI_VERSION_1_6)) {
return;
}
(*env)->DeleteGlobalRef(env, bad_arg);
(*env)->DeleteGlobalRef(env, no_mem);
(*env)->DeleteGlobalRef(env, bad_padding);
(*env)->DeleteGlobalRef(env, short_buf);
(*env)->DeleteGlobalRef(env, block_size);
return;
}
JNIEXPORT jlong JNICALL Java_com_kunzisoft_encrypt_aes_NativeAESCipherSpi_nInit(JNIEnv *env, jobject this, jboolean encrypting, jbyteArray key, jbyteArray iv) {
uint8_t ckey[32];
aes_state *state;
jint key_len = (*env)->GetArrayLength(env, key);
jint iv_len = (*env)->GetArrayLength(env, iv);
if( ! ( key_len == 16 || key_len == 24 || key_len == 32 ) || iv_len != 16 ) {
(*env)->ThrowNew(env, bad_arg, "Invalid length of key or iv");
return -1;
}
state = (aes_state *)malloc(sizeof(aes_state));
if( state == NULL ) {
(*env)->ThrowNew(env, no_mem, "Cannot allocate memory for the encryption state");
return -1;
}
memset(state, 0, sizeof(aes_state));
(*env)->GetByteArrayRegion(env, key, (jint)0, key_len, (jbyte *)ckey);
(*env)->GetByteArrayRegion(env, iv, (jint)0, iv_len, (jbyte *)state->iv);
if( encrypting ) {
state->direction = ENCRYPTION;
aes_encrypt_key(ckey, key_len, ENC_CTX(state));
} else {
state->direction = DECRYPTION;
aes_decrypt_key(ckey, key_len, DEC_CTX(state));
}
return (jlong)state;
}
JNIEXPORT void JNICALL Java_com_kunzisoft_encrypt_aes_NativeAESCipherSpi_nCleanup(JNIEnv *env, jclass this, jlong state) {
free((void *)state);
}
/*
TODO:
It seems like the android implementation of the AES cipher stays a
block behind with update calls. So, if you do an update for 16 bytes,
it will return nothing in the output buffer. Then, it is the finalize
call that will return the last block stripping off padding if it is
not a full block.
*/
JNIEXPORT jint JNICALL Java_com_kunzisoft_encrypt_aes_NativeAESCipherSpi_nUpdate(JNIEnv *env, jobject this,
jlong state, jbyteArray input, jint inputOffset, jint inputLen, jbyteArray output, jint outputOffset, jint outputSize) {
int aes_ret;
uint32_t outLen, bytes2cache, cryptLen;
void *in, *out;
uint8_t *c_input, *c_output;
aes_state *c_state;
#if defined(KPD_DEBUG)
__android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nUpdate", "entry: inputLen=%d, outputSize=%d", inputLen, outputSize);
#endif
// step 1: first, some housecleaning
if( !inputLen || !outputSize || outputOffset < 0 || !input || !output ) {
(*env)->ThrowNew(env, bad_arg, "nUpdate: called with 1 or more invalid arguments");
return -1;
}
c_state = (aes_state *)state;
if( c_state->direction == FINALIZED ) {
(*env)->ThrowNew(env, bad_arg, "Trying to update a finalized state");
return -1;
}
// step 1.5: calculate cryptLen and outLen
cryptLen = inputLen + c_state->cache_len;
if( cryptLen < CACHE_SIZE ) {
(*env)->GetByteArrayRegion(env, input, inputOffset, inputLen, (jbyte *)(c_state->cache + c_state->cache_len));
c_state->cache_len = cryptLen;
return 0;
}
// now we're guaranteed that cryptLen >= CACHE_SIZE (32)
bytes2cache = (cryptLen & 15) + AES_BLOCK_SIZE; // mask bottom 4 bits plus 1 block
outLen = (cryptLen - bytes2cache); // output length is now aligned to a 16-byte boundary
if( outLen > (uint32_t)outputSize ) {
(*env)->ThrowNew(env, bad_arg, "Output buffer does not have enough space");
return -1;
}
// step 2: allocate memory to hold input and output data
in = malloc(cryptLen+ALIGN_EXTRA);
if( in == NULL ) {
(*env)->ThrowNew(env, no_mem, "Unable to allocate heap space for encryption input");
return -1;
}
c_input = ALIGN16(in);
out = malloc(outLen+ALIGN_EXTRA);
if( out == NULL ) {
free(in);
(*env)->ThrowNew(env, no_mem, "Unable to allocate heap space for encryption output");
return -1;
}
c_output = ALIGN16(out);
// step 3: copy data from Java and en/decrypt it
if( c_state->cache_len ) {
memcpy(c_input, c_state->cache, c_state->cache_len);
(*env)->GetByteArrayRegion(env, input, inputOffset, inputLen, (jbyte *)(c_input + c_state->cache_len));
} else {
(*env)->GetByteArrayRegion(env, input, inputOffset, inputLen, (jbyte *)c_input);
}
if( c_state->direction == ENCRYPTION )
aes_ret = aes_cbc_encrypt(c_input, c_output, outLen, c_state->iv, ENC_CTX(c_state));
else
aes_ret = aes_cbc_decrypt(c_input, c_output, outLen, c_state->iv, DEC_CTX(c_state));
if( aes_ret != EXIT_SUCCESS ) {
free(in);
free(out);
(*env)->ThrowNew(env, bad_arg, "Failed to encrypt input data"); // FIXME: get a better exception class for this...
return -1;
}
(*env)->SetByteArrayRegion(env, output, outputOffset, outLen, (jbyte *)c_output);
// step 4: cleanup and return
if( bytes2cache ) {
c_state->cache_len = bytes2cache; // set new cache length
memcpy(c_state->cache, (c_input + outLen), bytes2cache); // cache overflow bytes for next call
} else {
c_state->cache_len = 0;
}
free(in);
free(out);
#if defined(KPD_DEBUG)
__android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nUpdate", "exit: outLen=%d", outLen);
#endif
return outLen;
}
/*
outputSize must be at least 32 for encryption since the buffer may contain >= 1 full block
outputSize must be at least 16 for decryption
*/
JNIEXPORT jint JNICALL Java_com_kunzisoft_encrypt_aes_NativeAESCipherSpi_nFinal(JNIEnv *env, jobject this,
jlong state, jboolean doPadding, jbyteArray output, jint outputOffset, jint outputSize) {
int i;
uint32_t padValue, paddedCacheLen;
uint8_t final_output[CACHE_SIZE] __attribute__ ((aligned (16)));
aes_state *c_state;
#if defined(KPD_DEBUG)
__android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nFinal", "entry: outputOffset=%d, outputSize=%d", outputOffset, outputSize);
#endif
if( !output || outputOffset < 0 ) {
(*env)->ThrowNew(env, bad_arg, "Invalid argument(s) passed to nFinal");
return -1;
}
c_state = (aes_state *)state;
if( c_state->direction == FINALIZED ) {
(*env)->ThrowNew(env, bad_arg, "This state has already been finalized");
return -1;
}
// allow fetching of remaining bytes from cache
if( !doPadding ) {
(*env)->SetByteArrayRegion(env, output, outputOffset, c_state->cache_len, (jbyte *)c_state->cache);
c_state->direction = FINALIZED;
return c_state->cache_len;
}
#if defined(KPD_DEBUG)
__android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nFinal", "crypto operation starts");
#endif
if( c_state->direction == ENCRYPTION ) {
if( c_state->cache_len >= 16 ) {
paddedCacheLen = 32;
} else {
paddedCacheLen = 16;
}
if( outputSize < (jint)paddedCacheLen ) {
(*env)->ThrowNew(env, short_buf, "Insufficient space in output buffer");
return -1;
}
padValue = paddedCacheLen - c_state->cache_len;
if(!padValue) padValue = 16;
memset(c_state->cache + c_state->cache_len, padValue, padValue);
if( aes_cbc_encrypt(c_state->cache, final_output, paddedCacheLen, c_state->iv, ENC_CTX(c_state)) != EXIT_SUCCESS ) {
(*env)->ThrowNew(env, bad_arg, "Failed to encrypt the final data block(s)"); // FIXME: get a better exception class for this...
return -1;
}
(*env)->SetByteArrayRegion(env, output, outputOffset, paddedCacheLen, (jbyte *)final_output);
c_state->direction = FINALIZED;
#if defined(KPD_DEBUG)
__android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nFinal", "encryption operation completed, returning %d bytes", paddedCacheLen);
#endif
return paddedCacheLen;
} else { // DECRYPTION
paddedCacheLen = c_state->cache_len;
if( outputSize < (jint)paddedCacheLen ) {
(*env)->ThrowNew(env, short_buf, "Insufficient space in output buffer");
return -1;
}
if( paddedCacheLen != AES_BLOCK_SIZE ) {
(*env)->ThrowNew(env, bad_padding, "Incomplete final block in cache for decryption state");
return -1;
}
if( aes_cbc_decrypt(c_state->cache, final_output, paddedCacheLen, c_state->iv, DEC_CTX(c_state)) != EXIT_SUCCESS ) {
(*env)->ThrowNew(env, bad_arg, "Failed to decrypt the final data block(s)"); // FIXME: get a better exception class for this...
return -1;
}
padValue = final_output[paddedCacheLen-1];
int badPadding;
badPadding = padValue > AES_BLOCK_SIZE;
if (!badPadding) {
for(i = paddedCacheLen-1; final_output[i] == padValue && i >= 0; i--) {
if (final_output[i] != padValue) {
badPadding = 1;
break;
}
}
}
#if defined(KPD_DEBUG)
__android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nFinal", "padValue=%d", padValue);
#endif
if( badPadding ) {
(*env)->ThrowNew(env, bad_padding, "Failed to verify padding during decryption");
return -1;
}
int outputSize = AES_BLOCK_SIZE - padValue;
(*env)->SetByteArrayRegion(env, output, outputOffset, outputSize, (jbyte *)final_output);
c_state->direction = FINALIZED;
#if defined(KPD_DEBUG)
__android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nFinal", "decryption operation completed, returning %d bytes", outputSize);
#endif
return outputSize;
}
}
JNIEXPORT jint JNICALL Java_com_kunzisoft_encrypt_aes_NativeAESCipherSpi_nGetCacheSize(JNIEnv* env, jobject this, jlong state) {
aes_state *c_state;
c_state = (aes_state *)state;
if( c_state->direction == FINALIZED ) {
(*env)->ThrowNew(env, bad_arg, "Invalid state");
return -1;
}
return c_state->cache_len;
}
#define MASTER_KEY_SIZE 32
typedef struct _master_key {
uint64_t rounds;
uint32_t done[2];
pthread_mutex_t lock1, lock2; // these lock the two halves of the key material
uint8_t c_seed[MASTER_KEY_SIZE] __attribute__ ((aligned (16)));
uint8_t key1[MASTER_KEY_SIZE] __attribute__ ((aligned (16)));
uint8_t key2[MASTER_KEY_SIZE] __attribute__ ((aligned (16)));
} master_key;
uint32_t generate_key_material(void *arg) {
#if defined(KPD_PROFILE)
struct timespec start, end;
#endif
uint32_t i, flip = 0;
uint8_t *key1, *key2;
master_key *mk = (master_key *)arg;
aes_encrypt_ctx e_ctx[1] __attribute__ ((aligned (16)));
if( mk->done[0] == 0 && pthread_mutex_trylock(&mk->lock1) == 0 ) {
key1 = mk->key1;
key2 = mk->key2;
} else if( mk->done[1] == 0 && pthread_mutex_trylock(&mk->lock2) == 0 ) {
key1 = mk->key1 + (MASTER_KEY_SIZE/2);
key2 = mk->key2 + (MASTER_KEY_SIZE/2);
} else {
// this can only be scaled to two threads
pthread_exit( (void *)(-1) );
}
#if defined(KPD_PROFILE)
clock_gettime(CLOCK_THREAD_CPUTIME_ID, &start);
#endif
aes_encrypt_key256(mk->c_seed, e_ctx);
for (i = 0; i < mk->rounds; i++) {
if ( flip ) {
aes_encrypt(key2, key1, e_ctx);
flip = 0;
} else {
aes_encrypt(key1, key2, e_ctx);
flip = 1;
}
}
#if defined(KPD_PROFILE)
clock_gettime(CLOCK_THREAD_CPUTIME_ID, &end);
if( key1 == mk->key1 )
__android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nTransformKey", "Thread 1 master key transformation took ~%d seconds", (end.tv_sec-start.tv_sec));
else
__android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nTransformKey", "Thread 2 master key transformation took ~%d seconds", (end.tv_sec-start.tv_sec));
#endif
if( key1 == mk->key1 ) {
mk->done[0] = 1;
pthread_mutex_unlock(&mk->lock1);
} else {
mk->done[1] = 1;
pthread_mutex_unlock(&mk->lock2);
}
return flip;
}
JNIEXPORT jbyteArray JNICALL Java_com_kunzisoft_encrypt_aes_NativeAESKeyTransformer_nTransformKey(JNIEnv *env, jobject this, jbyteArray seed, jbyteArray key, jlong rounds) {
master_key mk;
uint32_t flip;
pthread_t t1, t2;
int iret;
void *vret1, *vret2;
jbyteArray result;
sha256_ctx h_ctx[1] __attribute__ ((aligned (16)));
// step 1: housekeeping - sanity checks and fetch data from the JVM
if( (*env)->GetArrayLength(env, seed) != MASTER_KEY_SIZE ) {
(*env)->ThrowNew(env, bad_arg, "TransformMasterKey: the seed is not the correct size");
return NULL;
}
if( (*env)->GetArrayLength(env, key) != MASTER_KEY_SIZE ) {
(*env)->ThrowNew(env, bad_arg, "TransformMasterKey: the key is not the correct size");
return NULL;
}
if( rounds < 0 ) {
(*env)->ThrowNew(env, bad_arg, "TransformMasterKey: illegal number of encryption rounds");
return NULL;
}
mk.rounds = (uint64_t)rounds;
mk.done[0] = mk.done[1] = 0;
if( pthread_mutex_init(&mk.lock1, NULL) != 0 ) {
(*env)->ThrowNew(env, bad_arg, "TransformMasterKey: failed to initialize the mutex for thread 1"); // FIXME: get a better exception class for this...
return NULL;
}
if( pthread_mutex_init(&mk.lock2, NULL) != 0 ) {
(*env)->ThrowNew(env, bad_arg, "TransformMasterKey: failed to initialize the mutex for thread 2"); // FIXME: get a better exception class for this...
return NULL;
}
(*env)->GetByteArrayRegion(env, seed, 0, MASTER_KEY_SIZE, (jbyte *)mk.c_seed);
(*env)->GetByteArrayRegion(env, key, 0, MASTER_KEY_SIZE, (jbyte *)mk.key1);
// step 2: encrypt the hash "rounds"
iret = pthread_create( &t1, NULL, (void*)generate_key_material, (void*)&mk );
if( iret != 0 ) {
(*env)->ThrowNew(env, bad_arg, "TransformMasterKey: failed to launch thread 1"); // FIXME: get a better exception class for this...
return NULL;
}
iret = pthread_create( &t2, NULL, (void*)generate_key_material, (void*)&mk );
if( iret != 0 ) {
(*env)->ThrowNew(env, bad_arg, "TransformMasterKey: failed to launch thread 2"); // FIXME: get a better exception class for this...
return NULL;
}
iret = pthread_join( t1, &vret1 );
if( iret != 0 ) {
(*env)->ThrowNew(env, bad_arg, "TransformMasterKey: failed to join thread 1"); // FIXME: get a better exception class for this...
return NULL;
}
iret = pthread_join( t2, &vret2 );
if( iret != 0 ) {
(*env)->ThrowNew(env, bad_arg, "TransformMasterKey: failed to join thread 2"); // FIXME: get a better exception class for this...
return NULL;
}
if( vret1 == (void *)(-1) || vret2 == (void *)(-1) || vret1 != vret2 ) {
(*env)->ThrowNew(env, bad_arg, "TransformMasterKey: invalid flip value(s) from completed thread(s)"); // FIXME: get a better exception class for this...
return NULL;
} else {
flip = (uint32_t)vret1;
}
// step 3: final SHA256 hash
sha256_begin(h_ctx);
if( flip ) {
sha256_hash(mk.key2, MASTER_KEY_SIZE, h_ctx);
sha256_end(mk.key1, h_ctx);
flip = 0;
} else {
sha256_hash(mk.key1, MASTER_KEY_SIZE, h_ctx);
sha256_end(mk.key2, h_ctx);
flip = 1;
}
// step 4: send the hash into the JVM
result = (*env)->NewByteArray(env, MASTER_KEY_SIZE);
if( flip )
(*env)->SetByteArrayRegion(env, result, 0, MASTER_KEY_SIZE, (jbyte *)mk.key2);
else
(*env)->SetByteArrayRegion(env, result, 0, MASTER_KEY_SIZE, (jbyte *)mk.key1);
return result;
}
#undef MASTER_KEY_SIZE

9
crypto/src/main/jni/final_key/sha/Android.mk Normal file
View File

@@ -0,0 +1,9 @@
LOCAL_PATH := $(call my-dir)
include $(CLEAR_VARS)
LOCAL_MODULE := sha
LOCAL_SRC_FILES := \
sha1.c \
sha2.c \
hmac.c
LOCAL_EXPORT_C_INCLUDES := $(LOCAL_PATH)
include $(BUILD_STATIC_LIBRARY)

132
crypto/src/main/jni/final_key/sha/brg_endian.h Normal file
View File

@@ -0,0 +1,132 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
*/
#ifndef _BRG_ENDIAN_H
#define _BRG_ENDIAN_H
#define IS_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */
#define IS_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */
/* This is needed when using clang with MSVC to avoid including */
/* endian.h and byteswap.h which are not present on Windows */
#if defined( _MSC_VER ) && defined( __clang__ )
# undef __GNUC__
#endif
/* Include files where endian defines and byteswap functions may reside */
#if defined( __sun )
# include <sys/isa_defs.h>
#elif defined( __FreeBSD__ ) || defined( __OpenBSD__ ) || defined( __NetBSD__ )
# include <sys/endian.h>
#elif defined( BSD ) && ( BSD >= 199103 ) || defined( __APPLE__ ) || \
defined( __CYGWIN32__ ) || defined( __DJGPP__ ) || defined( __osf__ )
# include <machine/endian.h>
#elif defined( __linux__ ) || defined( __GNUC__ ) || defined( __GNU_LIBRARY__ )
# if !defined( __MINGW32__ ) && !defined( _AIX )
# include <endian.h>
# if !defined( __BEOS__ )
# include <byteswap.h>
# endif
# endif
#endif
/* Now attempt to set the define for platform byte order using any */
/* of the four forms SYMBOL, _SYMBOL, __SYMBOL & __SYMBOL__, which */
/* seem to encompass most endian symbol definitions */
#if defined( BIG_ENDIAN ) && defined( LITTLE_ENDIAN )
# if defined( BYTE_ORDER ) && BYTE_ORDER == BIG_ENDIAN
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
# elif defined( BYTE_ORDER ) && BYTE_ORDER == LITTLE_ENDIAN
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
# endif
#elif defined( BIG_ENDIAN )
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#elif defined( LITTLE_ENDIAN )
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#endif
#if defined( _BIG_ENDIAN ) && defined( _LITTLE_ENDIAN )
# if defined( _BYTE_ORDER ) && _BYTE_ORDER == _BIG_ENDIAN
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
# elif defined( _BYTE_ORDER ) && _BYTE_ORDER == _LITTLE_ENDIAN
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
# endif
#elif defined( _BIG_ENDIAN )
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#elif defined( _LITTLE_ENDIAN )
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#endif
#if defined( __BIG_ENDIAN ) && defined( __LITTLE_ENDIAN )
# if defined( __BYTE_ORDER ) && __BYTE_ORDER == __BIG_ENDIAN
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
# elif defined( __BYTE_ORDER ) && __BYTE_ORDER == __LITTLE_ENDIAN
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
# endif
#elif defined( __BIG_ENDIAN )
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#elif defined( __LITTLE_ENDIAN )
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#endif
#if defined( __BIG_ENDIAN__ ) && defined( __LITTLE_ENDIAN__ )
# if defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __BIG_ENDIAN__
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
# elif defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __LITTLE_ENDIAN__
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
# endif
#elif defined( __BIG_ENDIAN__ )
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#elif defined( __LITTLE_ENDIAN__ )
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#endif
/* if the platform byte order could not be determined, then try to */
/* set this define using common machine defines */
#if !defined(PLATFORM_BYTE_ORDER)
#if defined( __alpha__ ) || defined( __alpha ) || defined( i386 ) || \
defined( __i386__ ) || defined( _M_I86 ) || defined( _M_IX86 ) || \
defined( __OS2__ ) || defined( sun386 ) || defined( __TURBOC__ ) || \
defined( vax ) || defined( vms ) || defined( VMS ) || \
defined( __VMS ) || defined( _M_X64 )
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#elif defined( AMIGA ) || defined( applec ) || defined( __AS400__ ) || \
defined( _CRAY ) || defined( __hppa ) || defined( __hp9000 ) || \
defined( ibm370 ) || defined( mc68000 ) || defined( m68k ) || \
defined( __MRC__ ) || defined( __MVS__ ) || defined( __MWERKS__ ) || \
defined( sparc ) || defined( __sparc) || defined( SYMANTEC_C ) || \
defined( __VOS__ ) || defined( __TIGCC__ ) || defined( __TANDEM ) || \
defined( THINK_C ) || defined( __VMCMS__ ) || defined( _AIX )
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#elif 0 /* **** EDIT HERE IF NECESSARY **** */
# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#elif 0 /* **** EDIT HERE IF NECESSARY **** */
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#else
# error Please edit lines 126 or 128 in brg_endian.h to set the platform byte order
#endif
#endif
#endif

217
crypto/src/main/jni/final_key/sha/brg_types.h Normal file
View File

@@ -0,0 +1,217 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 30/09/2017
*/
#ifndef _BRG_TYPES_H
#define _BRG_TYPES_H
#if defined(__cplusplus)
extern "C" {
#endif
#include <limits.h>
#include <stdint.h>
#if defined( _MSC_VER ) && ( _MSC_VER >= 1300 )
# include <stddef.h>
# define ptrint_t intptr_t
#elif defined( __ECOS__ )
# define intptr_t unsigned int
# define ptrint_t intptr_t
#elif defined( __GNUC__ ) && ( __GNUC__ >= 3 ) && !(defined( __HAIKU__ ) || defined( __VxWorks__ ))
# define ptrint_t intptr_t
#else
# define ptrint_t int
#endif
/* define unsigned 8-bit type if not available in stdint.h */
#if !defined(UINT8_MAX)
typedef unsigned char uint8_t;
#endif
/* define unsigned 16-bit type if not available in stdint.h */
#if !defined(UINT16_MAX)
typedef unsigned short uint16_t;
#endif
/* define unsigned 32-bit type if not available in stdint.h and define the
macro li_32(h) which converts a sequence of eight hexadecimal characters
into a 32 bit constant
*/
#if defined(UINT_MAX) && UINT_MAX == 4294967295u
# define li_32(h) 0x##h##u
# if !defined(UINT32_MAX)
typedef unsigned int uint32_t;
# endif
#elif defined(ULONG_MAX) && ULONG_MAX == 4294967295u
# define li_32(h) 0x##h##ul
# if !defined(UINT32_MAX)
typedef unsigned long uint32_t;
# endif
#elif defined( _CRAY )
# error This code needs 32-bit data types, which Cray machines do not provide
#else
# error Please define uint32_t as a 32-bit unsigned integer type in brg_types.h
#endif
/* define unsigned 64-bit type if not available in stdint.h and define the
macro li_64(h) which converts a sequence of eight hexadecimal characters
into a 64 bit constant
*/
#if defined( __BORLANDC__ ) && !defined( __MSDOS__ )
# define li_64(h) 0x##h##ui64
# if !defined(UINT64_MAX)
typedef unsigned __int64 uint64_t;
# endif
#elif defined( _MSC_VER ) && ( _MSC_VER < 1300 ) /* 1300 == VC++ 7.0 */
# define li_64(h) 0x##h##ui64
# if !defined(UINT64_MAX)
typedef unsigned __int64 uint64_t;
# endif
#elif defined( __sun ) && defined( ULONG_MAX ) && ULONG_MAX == 0xfffffffful
# define li_64(h) 0x##h##ull
# if !defined(UINT64_MAX)
typedef unsigned long long uint64_t;
# endif
#elif defined( __MVS__ )
# define li_64(h) 0x##h##ull
# if !defined(UINT64_MAX)
typedef unsigned long long uint64_t;
# endif
#elif defined( UINT_MAX ) && UINT_MAX > 4294967295u
# if UINT_MAX == 18446744073709551615u
# define li_64(h) 0x##h##u
# if !defined(UINT64_MAX)
typedef unsigned int uint64_t;
# endif
# endif
#elif defined( ULONG_MAX ) && ULONG_MAX > 4294967295u
# if ULONG_MAX == 18446744073709551615ul
# define li_64(h) 0x##h##ul
# if !defined(UINT64_MAX) && !defined(_UINT64_T)
typedef unsigned long uint64_t;
# endif
# endif
#elif defined( ULLONG_MAX ) && ULLONG_MAX > 4294967295u
# if ULLONG_MAX == 18446744073709551615ull
# define li_64(h) 0x##h##ull
# if !defined(UINT64_MAX) && !defined( __HAIKU__ )
typedef unsigned long long uint64_t;
# endif
# endif
#elif defined( ULONG_LONG_MAX ) && ULONG_LONG_MAX > 4294967295u
# if ULONG_LONG_MAX == 18446744073709551615ull
# define li_64(h) 0x##h##ull
# if !defined(UINT64_MAX)
typedef unsigned long long uint64_t;
# endif
# endif
#endif
#if !defined( li_64 )
# if defined( NEED_UINT_64T )
# error Please define uint64_t as an unsigned 64 bit type in brg_types.h
# endif
#endif
#ifndef RETURN_VALUES
# define RETURN_VALUES
# if defined( DLL_EXPORT )
# if defined( _MSC_VER ) || defined ( __INTEL_COMPILER )
# define VOID_RETURN __declspec( dllexport ) void __stdcall
# define INT_RETURN __declspec( dllexport ) int __stdcall
# elif defined( __GNUC__ )
# define VOID_RETURN __declspec( __dllexport__ ) void
# define INT_RETURN __declspec( __dllexport__ ) int
# else
# error Use of the DLL is only available on the Microsoft, Intel and GCC compilers
# endif
# elif defined( DLL_IMPORT )
# if defined( _MSC_VER ) || defined ( __INTEL_COMPILER )
# define VOID_RETURN __declspec( dllimport ) void __stdcall
# define INT_RETURN __declspec( dllimport ) int __stdcall
# elif defined( __GNUC__ )
# define VOID_RETURN __declspec( __dllimport__ ) void
# define INT_RETURN __declspec( __dllimport__ ) int
# else
# error Use of the DLL is only available on the Microsoft, Intel and GCC compilers
# endif
# elif defined( __WATCOMC__ )
# define VOID_RETURN void __cdecl
# define INT_RETURN int __cdecl
# else
# define VOID_RETURN void
# define INT_RETURN int
# endif
#endif
/* These defines are used to detect and set the memory alignment of pointers.
Note that offsets are in bytes.
ALIGN_OFFSET(x,n) return the positive or zero offset of
the memory addressed by the pointer 'x'
from an address that is aligned on an
'n' byte boundary ('n' is a power of 2)
ALIGN_FLOOR(x,n) return a pointer that points to memory
that is aligned on an 'n' byte boundary
and is not higher than the memory address
pointed to by 'x' ('n' is a power of 2)
ALIGN_CEIL(x,n) return a pointer that points to memory
that is aligned on an 'n' byte boundary
and is not lower than the memory address
pointed to by 'x' ('n' is a power of 2)
*/
#define ALIGN_OFFSET(x,n) (((ptrint_t)(x)) & ((n) - 1))
#define ALIGN_FLOOR(x,n) ((uint8_t*)(x) - ( ((ptrint_t)(x)) & ((n) - 1)))
#define ALIGN_CEIL(x,n) ((uint8_t*)(x) + (-((ptrint_t)(x)) & ((n) - 1)))
/* These defines are used to declare buffers in a way that allows
faster operations on longer variables to be used. In all these
defines 'size' must be a power of 2 and >= 8. NOTE that the
buffer size is in bytes but the type length is in bits
UNIT_TYPEDEF(x,size) declares a variable 'x' of length
'size' bits
BUFR_TYPEDEF(x,size,bsize) declares a buffer 'x' of length 'bsize'
bytes defined as an array of variables
each of 'size' bits (bsize must be a
multiple of size / 8)
UNIT_CAST(x,size) casts a variable to a type of
length 'size' bits
UPTR_CAST(x,size) casts a pointer to a pointer to a
variable of length 'size' bits
*/
#define UI_TYPE(size) uint##size##_t
#define UNIT_TYPEDEF(x,size) typedef UI_TYPE(size) x
#define BUFR_TYPEDEF(x,size,bsize) typedef UI_TYPE(size) x[bsize / (size >> 3)]
#define UNIT_CAST(x,size) ((UI_TYPE(size) )(x))
#define UPTR_CAST(x,size) ((UI_TYPE(size)*)(x))
#if defined(__cplusplus)
}
#endif
#endif

209
crypto/src/main/jni/final_key/sha/hmac.c Normal file
View File

@@ -0,0 +1,209 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
This is an implementation of HMAC, the FIPS standard keyed hash function
*/
#include "hmac.h"
#if defined(__cplusplus)
extern "C"
{
#endif
/* initialise the HMAC context to zero */
int hmac_sha_begin(enum hmac_hash hash, hmac_ctx cx[1])
{
memset(cx, 0, sizeof(hmac_ctx));
switch(hash)
{
#ifdef SHA_1
case HMAC_SHA1:
cx->f_begin = sha1_begin;
cx->f_hash = sha1_hash;
cx->f_end = sha1_end;
cx->input_len = SHA1_BLOCK_SIZE;
cx->output_len = SHA1_DIGEST_SIZE;
break;
#endif
#ifdef SHA_224
case HMAC_SHA224:
cx->f_begin = sha224_begin;
cx->f_hash = sha224_hash;
cx->f_end = sha224_end;
cx->input_len = SHA224_BLOCK_SIZE;
cx->output_len = SHA224_DIGEST_SIZE;
break;
#endif
#ifdef SHA_256
case HMAC_SHA256:
cx->f_begin = sha256_begin;
cx->f_hash = sha256_hash;
cx->f_end = sha256_end;
cx->input_len = SHA256_BLOCK_SIZE;
cx->output_len = SHA256_DIGEST_SIZE;
break;
#endif
#ifdef SHA_384
case HMAC_SHA384:
cx->f_begin = sha384_begin;
cx->f_hash = sha384_hash;
cx->f_end = sha384_end;
cx->input_len = SHA384_BLOCK_SIZE;
cx->output_len = SHA384_DIGEST_SIZE;
break;
#endif
#ifdef SHA_512
case HMAC_SHA512:
cx->f_begin = sha512_begin;
cx->f_hash = sha512_hash;
cx->f_end = sha512_end;
cx->input_len = SHA512_BLOCK_SIZE;
cx->output_len = SHA512_DIGEST_SIZE;
break;
case HMAC_SHA512_256:
cx->f_begin = sha512_256_begin;
cx->f_hash = sha512_256_hash;
cx->f_end = sha512_256_end;
cx->input_len = SHA512_256_BLOCK_SIZE;
cx->output_len = SHA512_256_DIGEST_SIZE;
break;
case HMAC_SHA512_224:
cx->f_begin = sha512_224_begin;
cx->f_hash = sha512_224_hash;
cx->f_end = sha512_224_end;
cx->input_len = SHA512_224_BLOCK_SIZE;
cx->output_len = SHA512_224_DIGEST_SIZE;
break;
case HMAC_SHA512_192:
cx->f_begin = sha512_192_begin;
cx->f_hash = sha512_192_hash;
cx->f_end = sha512_192_end;
cx->input_len = SHA512_192_BLOCK_SIZE;
cx->output_len = SHA512_192_DIGEST_SIZE;
break;
case HMAC_SHA512_128:
cx->f_begin = sha512_128_begin;
cx->f_hash = sha512_128_hash;
cx->f_end = sha512_128_end;
cx->input_len = SHA512_128_BLOCK_SIZE;
cx->output_len = SHA512_128_DIGEST_SIZE;
break;
#endif
}
return cx->output_len;
}
/* input the HMAC key (can be called multiple times) */
int hmac_sha_key(const unsigned char key[], unsigned long key_len, hmac_ctx cx[1])
{
if(cx->klen == HMAC_IN_DATA) /* error if further key input */
return EXIT_FAILURE; /* is attempted in data mode */
if(cx->klen + key_len > cx->input_len) /* if the key has to be hashed */
{
if(cx->klen <= cx->input_len) /* if the hash has not yet been */
{ /* started, initialise it and */
cx->f_begin(cx->sha_ctx); /* hash stored key characters */
cx->f_hash(cx->key, cx->klen, cx->sha_ctx);
}
cx->f_hash(key, key_len, cx->sha_ctx); /* hash long key data into hash */
}
else /* otherwise store key data */
memcpy(cx->key + cx->klen, key, key_len);
cx->klen += key_len; /* update the key length count */
return EXIT_SUCCESS;
}
/* input the HMAC data (can be called multiple times) - */
/* note that this call terminates the key input phase */
void hmac_sha_data(const unsigned char data[], unsigned long data_len, hmac_ctx cx[1])
{ unsigned int i;
if(cx->klen != HMAC_IN_DATA) /* if not yet in data phase */
{
if(cx->klen > cx->input_len) /* if key is being hashed */
{ /* complete the hash and */
cx->f_end(cx->key, cx->sha_ctx); /* store the result as the */
cx->klen = cx->output_len; /* key and set new length */
}
/* pad the key if necessary */
memset(cx->key + cx->klen, 0, cx->input_len - cx->klen);
/* xor ipad into key value */
for(i = 0; i < (cx->input_len >> 2); ++i)
((uint32_t*)cx->key)[i] ^= 0x36363636;
/* and start hash operation */
cx->f_begin(cx->sha_ctx);
cx->f_hash(cx->key, cx->input_len, cx->sha_ctx);
/* mark as now in data mode */
cx->klen = HMAC_IN_DATA;
}
/* hash the data (if any) */
if(data_len)
cx->f_hash(data, data_len, cx->sha_ctx);
}
/* compute and output the MAC value */
void hmac_sha_end(unsigned char mac[], unsigned long mac_len, hmac_ctx cx[1])
{ unsigned char dig[HMAC_MAX_OUTPUT_SIZE];
unsigned int i;
/* if no data has been entered perform a null data phase */
if(cx->klen != HMAC_IN_DATA)
hmac_sha_data((const unsigned char*)0, 0, cx);
cx->f_end(dig, cx->sha_ctx); /* complete the inner hash */
/* set outer key value using opad and removing ipad */
for(i = 0; i < (cx->input_len >> 2); ++i)
((uint32_t*)cx->key)[i] ^= 0x36363636 ^ 0x5c5c5c5c;
/* perform the outer hash operation */
cx->f_begin(cx->sha_ctx);
cx->f_hash(cx->key, cx->input_len, cx->sha_ctx);
cx->f_hash(dig, cx->output_len, cx->sha_ctx);
cx->f_end(dig, cx->sha_ctx);
/* output the hash value */
for(i = 0; i < mac_len; ++i)
mac[i] = dig[i];
}
/* 'do it all in one go' subroutine */
void hmac_sha(enum hmac_hash hash, const unsigned char key[], unsigned long key_len,
const unsigned char data[], unsigned long data_len,
unsigned char mac[], unsigned long mac_len)
{ hmac_ctx cx[1];
hmac_sha_begin(hash, cx);
hmac_sha_key(key, key_len, cx);
hmac_sha_data(data, data_len, cx);
hmac_sha_end(mac, mac_len, cx);
}
#if defined(__cplusplus)
}
#endif

129
crypto/src/main/jni/final_key/sha/hmac.h Normal file
View File

@@ -0,0 +1,129 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
This is an implementation of HMAC, the FIPS standard keyed hash function
*/
#ifndef _HMAC2_H
#define _HMAC2_H
#include <stdlib.h>
#include <memory.h>
#if defined(__cplusplus)
extern "C"
{
#endif
#if !defined(_SHA1_H)
# include "sha1.h"
#endif
#if !defined(_SHA2_H)
# include "sha2.h"
#endif
#if !defined(_SHA2_H)
#define HMAC_BLOCK_SIZE SHA1_BLOCK_SIZE
#define HMAC_MAX_OUTPUT_SIZE SHA1_DIGEST_SIZE
#else
#define HMAC_BLOCK_SIZE SHA2_MAX_BLOCK_SIZE
#define HMAC_MAX_OUTPUT_SIZE SHA2_MAX_DIGEST_SIZE
#endif
#define HMAC_IN_DATA 0xffffffff
enum hmac_hash
{
#ifdef _SHA1_H
HMAC_SHA1,
#endif
#ifdef _SHA2_H
# ifdef SHA_224
HMAC_SHA224,
# endif
# ifdef SHA_256
HMAC_SHA256,
# endif
# ifdef SHA_384
HMAC_SHA384,
# endif
# ifdef SHA_512
HMAC_SHA512,
HMAC_SHA512_256,
HMAC_SHA512_224,
HMAC_SHA512_192,
HMAC_SHA512_128
# endif
#endif
};
typedef VOID_RETURN hf_begin(void*);
typedef VOID_RETURN hf_hash(const void*, unsigned long len, void*);
typedef VOID_RETURN hf_end(void*, void*);
typedef struct
{ hf_begin *f_begin;
hf_hash *f_hash;
hf_end *f_end;
unsigned char key[HMAC_BLOCK_SIZE];
union
{
#ifdef _SHA1_H
sha1_ctx u_sha1;
#endif
#ifdef _SHA2_H
# ifdef SHA_224
sha224_ctx u_sha224;
# endif
# ifdef SHA_256
sha256_ctx u_sha256;
# endif
# ifdef SHA_384
sha384_ctx u_sha384;
# endif
# ifdef SHA_512
sha512_ctx u_sha512;
# endif
#endif
} sha_ctx[1];
unsigned long input_len;
unsigned long output_len;
unsigned long klen;
} hmac_ctx;
/* returns the length of hash digest for the hash used */
/* mac_len must not be greater than this */
int hmac_sha_begin(enum hmac_hash hash, hmac_ctx cx[1]);
int hmac_sha_key(const unsigned char key[], unsigned long key_len, hmac_ctx cx[1]);
void hmac_sha_data(const unsigned char data[], unsigned long data_len, hmac_ctx cx[1]);
void hmac_sha_end(unsigned char mac[], unsigned long mac_len, hmac_ctx cx[1]);
void hmac_sha(enum hmac_hash hash, const unsigned char key[], unsigned long key_len,
const unsigned char data[], unsigned long data_len,
unsigned char mac[], unsigned long mac_len);
#if defined(__cplusplus)
}
#endif
#endif

181
crypto/src/main/jni/final_key/sha/pwd2key.c Normal file
View File

@@ -0,0 +1,181 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
This is an implementation of RFC2898, which specifies key derivation from
a password and a salt value.
*/
#include <memory.h>
#include "hmac.h"
#if defined(__cplusplus)
extern "C"
{
#endif
void derive_key(const unsigned char pwd[], /* the PASSWORD */
unsigned int pwd_len, /* and its length */
const unsigned char salt[], /* the SALT and its */
unsigned int salt_len, /* length */
unsigned int iter, /* the number of iterations */
unsigned char key[], /* space for the output key */
unsigned int key_len)/* and its required length */
{
unsigned int i, j, k, n_blk, h_size;
unsigned char uu[HMAC_MAX_OUTPUT_SIZE], ux[HMAC_MAX_OUTPUT_SIZE];
hmac_ctx c1[1], c2[1], c3[1];
/* set HMAC context (c1) for password */
h_size = hmac_sha_begin(HMAC_SHA1, c1);
hmac_sha_key(pwd, pwd_len, c1);
/* set HMAC context (c2) for password and salt */
memcpy(c2, c1, sizeof(hmac_ctx));
hmac_sha_data(salt, salt_len, c2);
/* find the number of SHA blocks in the key */
n_blk = 1 + (key_len - 1) / h_size;
for(i = 0; i < n_blk; ++i) /* for each block in key */
{
/* ux[] holds the running xor value */
memset(ux, 0, h_size);
/* set HMAC context (c3) for password and salt */
memcpy(c3, c2, sizeof(hmac_ctx));
/* enter additional data for 1st block into uu */
uu[0] = (unsigned char)((i + 1) >> 24);
uu[1] = (unsigned char)((i + 1) >> 16);
uu[2] = (unsigned char)((i + 1) >> 8);
uu[3] = (unsigned char)(i + 1);
/* this is the key mixing iteration */
for(j = 0, k = 4; j < iter; ++j)
{
/* add previous round data to HMAC */
hmac_sha_data(uu, k, c3);
/* obtain HMAC for uu[] */
hmac_sha_end(uu, h_size, c3);
/* xor into the running xor block */
for(k = 0; k < h_size; ++k)
ux[k] ^= uu[k];
/* set HMAC context (c3) for password */
memcpy(c3, c1, sizeof(hmac_ctx));
}
/* compile key blocks into the key output */
j = 0; k = i * h_size;
while(j < h_size && k < key_len)
key[k++] = ux[j++];
}
}
#ifdef TEST
#include <stdio.h>
struct
{ unsigned int pwd_len;
unsigned int salt_len;
unsigned int it_count;
unsigned char *pwd;
unsigned char salt[32];
unsigned char key[32];
} tests[] =
{
{ 8, 4, 5, (unsigned char*)"password",
{
0x12, 0x34, 0x56, 0x78
},
{
0x5c, 0x75, 0xce, 0xf0, 0x1a, 0x96, 0x0d, 0xf7,
0x4c, 0xb6, 0xb4, 0x9b, 0x9e, 0x38, 0xe6, 0xb5
}
},
{ 8, 8, 5, (unsigned char*)"password",
{
0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12
},
{
0xd1, 0xda, 0xa7, 0x86, 0x15, 0xf2, 0x87, 0xe6,
0xa1, 0xc8, 0xb1, 0x20, 0xd7, 0x06, 0x2a, 0x49
}
},
{ 8, 21, 1, (unsigned char*)"password",
{
"ATHENA.MIT.EDUraeburn"
},
{
0xcd, 0xed, 0xb5, 0x28, 0x1b, 0xb2, 0xf8, 0x01,
0x56, 0x5a, 0x11, 0x22, 0xb2, 0x56, 0x35, 0x15
}
},
{ 8, 21, 2, (unsigned char*)"password",
{
"ATHENA.MIT.EDUraeburn"
},
{
0x01, 0xdb, 0xee, 0x7f, 0x4a, 0x9e, 0x24, 0x3e,
0x98, 0x8b, 0x62, 0xc7, 0x3c, 0xda, 0x93, 0x5d
}
},
{ 8, 21, 1200, (unsigned char*)"password",
{
"ATHENA.MIT.EDUraeburn"
},
{
0x5c, 0x08, 0xeb, 0x61, 0xfd, 0xf7, 0x1e, 0x4e,
0x4e, 0xc3, 0xcf, 0x6b, 0xa1, 0xf5, 0x51, 0x2b
}
}
};
int main()
{ unsigned int i, j, key_len = 256;
unsigned char key[256];
printf("\nTest of RFC2898 Password Based Key Derivation");
for(i = 0; i < 5; ++i)
{
derive_key(tests[i].pwd, tests[i].pwd_len, tests[i].salt,
tests[i].salt_len, tests[i].it_count, key, key_len);
printf("\ntest %i: ", i + 1);
printf("key %s", memcmp(tests[i].key, key, 16) ? "is bad" : "is good");
for(j = 0; j < key_len && j < 64; j += 4)
{
if(j % 16 == 0)
printf("\n");
printf("0x%02x%02x%02x%02x ", key[j], key[j + 1], key[j + 2], key[j + 3]);
}
printf(j < key_len ? " ... \n" : "\n");
}
printf("\n");
return 0;
}
#if defined(__cplusplus)
}
#endif
#endif

45
crypto/src/main/jni/final_key/sha/pwd2key.h Normal file
View File

@@ -0,0 +1,45 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
This is an implementation of RFC2898, which specifies key derivation from
a password and a salt value.
*/
#ifndef PWD2KEY_H
#define PWD2KEY_H
#if defined(__cplusplus)
extern "C"
{
#endif
void derive_key(
const unsigned char pwd[], /* the PASSWORD, and */
unsigned int pwd_len, /* its length */
const unsigned char salt[], /* the SALT and its */
unsigned int salt_len, /* length */
unsigned int iter, /* the number of iterations */
unsigned char key[], /* space for the output key */
unsigned int key_len); /* and its required length */
#if defined(__cplusplus)
}
#endif
#endif

279
crypto/src/main/jni/final_key/sha/sha1.c Normal file
View File

@@ -0,0 +1,279 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
*/
#include <string.h> /* for memcpy() etc. */
#include "sha1.h"
#include "brg_endian.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#if defined( _MSC_VER ) && ( _MSC_VER > 800 )
#pragma intrinsic(memcpy)
#pragma intrinsic(memset)
#endif
#if 0 && defined(_MSC_VER)
#define rotl32 _lrotl
#define rotr32 _lrotr
#else
#define rotl32(x,n) (((x) << n) | ((x) >> (32 - n)))
#define rotr32(x,n) (((x) >> n) | ((x) << (32 - n)))
#endif
#if !defined(bswap_32)
#define bswap_32(x) ((rotr32((x), 24) & 0x00ff00ff) | (rotr32((x), 8) & 0xff00ff00))
#endif
#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
#define SWAP_BYTES
#else
#undef SWAP_BYTES
#endif
#if defined(SWAP_BYTES)
#define bsw_32(p,n) \
{ int _i = (n); while(_i--) ((uint32_t*)p)[_i] = bswap_32(((uint32_t*)p)[_i]); }
#else
#define bsw_32(p,n)
#endif
#define SHA1_MASK (SHA1_BLOCK_SIZE - 1)
#if 0
#define ch(x,y,z) (((x) & (y)) ^ (~(x) & (z)))
#define parity(x,y,z) ((x) ^ (y) ^ (z))
#define maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
#else /* Discovered by Rich Schroeppel and Colin Plumb */
#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
#define parity(x,y,z) ((x) ^ (y) ^ (z))
#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y))))
#endif
/* Compile 64 bytes of hash data into SHA1 context. Note */
/* that this routine assumes that the byte order in the */
/* ctx->wbuf[] at this point is in such an order that low */
/* address bytes in the ORIGINAL byte stream will go in */
/* this buffer to the high end of 32-bit words on BOTH big */
/* and little endian systems */
#ifdef ARRAY
#define q(v,n) v[n]
#else
#define q(v,n) v##n
#endif
#define one_cycle(v,a,b,c,d,e,f,k,h) \
q(v,e) += rotr32(q(v,a),27) + \
f(q(v,b),q(v,c),q(v,d)) + k + h; \
q(v,b) = rotr32(q(v,b), 2)
#define five_cycle(v,f,k,i) \
one_cycle(v, 0,1,2,3,4, f,k,hf(i )); \
one_cycle(v, 4,0,1,2,3, f,k,hf(i+1)); \
one_cycle(v, 3,4,0,1,2, f,k,hf(i+2)); \
one_cycle(v, 2,3,4,0,1, f,k,hf(i+3)); \
one_cycle(v, 1,2,3,4,0, f,k,hf(i+4))
VOID_RETURN sha1_compile(sha1_ctx ctx[1])
{ uint32_t *w = ctx->wbuf;
#ifdef ARRAY
uint32_t v[5];
memcpy(v, ctx->hash, sizeof(ctx->hash));
#else
uint32_t v0, v1, v2, v3, v4;
v0 = ctx->hash[0]; v1 = ctx->hash[1];
v2 = ctx->hash[2]; v3 = ctx->hash[3];
v4 = ctx->hash[4];
#endif
#define hf(i) w[i]
five_cycle(v, ch, 0x5a827999, 0);
five_cycle(v, ch, 0x5a827999, 5);
five_cycle(v, ch, 0x5a827999, 10);
one_cycle(v,0,1,2,3,4, ch, 0x5a827999, hf(15)); \
#undef hf
#define hf(i) (w[(i) & 15] = rotl32( \
w[((i) + 13) & 15] ^ w[((i) + 8) & 15] \
^ w[((i) + 2) & 15] ^ w[(i) & 15], 1))
one_cycle(v,4,0,1,2,3, ch, 0x5a827999, hf(16));
one_cycle(v,3,4,0,1,2, ch, 0x5a827999, hf(17));
one_cycle(v,2,3,4,0,1, ch, 0x5a827999, hf(18));
one_cycle(v,1,2,3,4,0, ch, 0x5a827999, hf(19));
five_cycle(v, parity, 0x6ed9eba1, 20);
five_cycle(v, parity, 0x6ed9eba1, 25);
five_cycle(v, parity, 0x6ed9eba1, 30);
five_cycle(v, parity, 0x6ed9eba1, 35);
five_cycle(v, maj, 0x8f1bbcdc, 40);
five_cycle(v, maj, 0x8f1bbcdc, 45);
five_cycle(v, maj, 0x8f1bbcdc, 50);
five_cycle(v, maj, 0x8f1bbcdc, 55);
five_cycle(v, parity, 0xca62c1d6, 60);
five_cycle(v, parity, 0xca62c1d6, 65);
five_cycle(v, parity, 0xca62c1d6, 70);
five_cycle(v, parity, 0xca62c1d6, 75);
#ifdef ARRAY
ctx->hash[0] += v[0]; ctx->hash[1] += v[1];
ctx->hash[2] += v[2]; ctx->hash[3] += v[3];
ctx->hash[4] += v[4];
#else
ctx->hash[0] += v0; ctx->hash[1] += v1;
ctx->hash[2] += v2; ctx->hash[3] += v3;
ctx->hash[4] += v4;
#endif
}
VOID_RETURN sha1_begin(sha1_ctx ctx[1])
{
memset(ctx, 0, sizeof(sha1_ctx));
ctx->hash[0] = 0x67452301;
ctx->hash[1] = 0xefcdab89;
ctx->hash[2] = 0x98badcfe;
ctx->hash[3] = 0x10325476;
ctx->hash[4] = 0xc3d2e1f0;
}
/* SHA1 hash data in an array of bytes into hash buffer and */
/* call the hash_compile function as required. For both the */
/* bit and byte orientated versions, the block length 'len' */
/* must not be greater than 2^32 - 1 bits (2^29 - 1 bytes) */
VOID_RETURN sha1_hash(const unsigned char data[], unsigned long len, sha1_ctx ctx[1])
{ uint32_t pos = (uint32_t)((ctx->count[0] >> 3) & SHA1_MASK);
const unsigned char *sp = data;
unsigned char *w = (unsigned char*)ctx->wbuf;
#if SHA1_BITS == 1
uint32_t ofs = (ctx->count[0] & 7);
#else
len <<= 3;
#endif
if((ctx->count[0] += len) < len)
++(ctx->count[1]);
#if SHA1_BITS == 1
if(ofs) /* if not on a byte boundary */
{
if(ofs + len < 8) /* if no added bytes are needed */
{
w[pos] |= (*sp >> ofs);
}
else /* otherwise and add bytes */
{ unsigned char part = w[pos];
while((int)(ofs + (len -= 8)) >= 0)
{
w[pos++] = part | (*sp >> ofs);
part = *sp++ << (8 - ofs);
if(pos == SHA1_BLOCK_SIZE)
{
bsw_32(w, SHA1_BLOCK_SIZE >> 2);
sha1_compile(ctx); pos = 0;
}
}
w[pos] = part;
}
}
else /* data is byte aligned */
#endif
{ uint32_t space = SHA1_BLOCK_SIZE - pos;
while(len >= (space << 3))
{
memcpy(w + pos, sp, space);
bsw_32(w, SHA1_BLOCK_SIZE >> 2);
sha1_compile(ctx);
sp += space; len -= (space << 3);
space = SHA1_BLOCK_SIZE; pos = 0;
}
memcpy(w + pos, sp, (len + 7 * SHA1_BITS) >> 3);
}
}
/* SHA1 final padding and digest calculation */
VOID_RETURN sha1_end(unsigned char hval[], sha1_ctx ctx[1])
{ uint32_t i = (uint32_t)((ctx->count[0] >> 3) & SHA1_MASK), m1;
/* put bytes in the buffer in an order in which references to */
/* 32-bit words will put bytes with lower addresses into the */
/* top of 32 bit words on BOTH big and little endian machines */
bsw_32(ctx->wbuf, (i + 3 + SHA1_BITS) >> 2);
/* we now need to mask valid bytes and add the padding which is */
/* a single 1 bit and as many zero bits as necessary. Note that */
/* we can always add the first padding byte here because the */
/* buffer always has at least one empty slot */
m1 = (unsigned char)0x80 >> (ctx->count[0] & 7);
ctx->wbuf[i >> 2] &= ((0xffffff00 | (~m1 + 1)) << 8 * (~i & 3));
ctx->wbuf[i >> 2] |= (m1 << 8 * (~i & 3));
/* we need 9 or more empty positions, one for the padding byte */
/* (above) and eight for the length count. If there is not */
/* enough space, pad and empty the buffer */
if(i > SHA1_BLOCK_SIZE - 9)
{
if(i < 60) ctx->wbuf[15] = 0;
sha1_compile(ctx);
i = 0;
}
else /* compute a word index for the empty buffer positions */
i = (i >> 2) + 1;
while(i < 14) /* and zero pad all but last two positions */
ctx->wbuf[i++] = 0;
/* the following 32-bit length fields are assembled in the */
/* wrong byte order on little endian machines but this is */
/* corrected later since they are only ever used as 32-bit */
/* word values. */
ctx->wbuf[14] = ctx->count[1];
ctx->wbuf[15] = ctx->count[0];
sha1_compile(ctx);
/* extract the hash value as bytes in case the hash buffer is */
/* misaligned for 32-bit words */
for(i = 0; i < SHA1_DIGEST_SIZE; ++i)
hval[i] = ((ctx->hash[i >> 2] >> (8 * (~i & 3))) & 0xff);
}
VOID_RETURN sha1(unsigned char hval[], const unsigned char data[], unsigned long len)
{ sha1_ctx cx[1];
sha1_begin(cx); sha1_hash(data, len, cx); sha1_end(hval, cx);
}
#if defined(__cplusplus)
}
#endif

72
crypto/src/main/jni/final_key/sha/sha1.h Normal file
View File

@@ -0,0 +1,72 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
*/
#ifndef _SHA1_H
#define _SHA1_H
/* define for bit or byte oriented SHA */
#if 1
# define SHA1_BITS 0 /* byte oriented */
#else
# define SHA1_BITS 1 /* bit oriented */
#endif
#define SHA_1
#include <stdlib.h>
#include "brg_types.h"
#define SHA1_BLOCK_SIZE 64
#define SHA1_DIGEST_SIZE 20
#if defined(__cplusplus)
extern "C"
{
#endif
/* type to hold the SHA256 context */
typedef struct
{ uint32_t count[2];
uint32_t hash[SHA1_DIGEST_SIZE >> 2];
uint32_t wbuf[SHA1_BLOCK_SIZE >> 2];
} sha1_ctx;
/* Note that these prototypes are the same for both bit and */
/* byte oriented implementations. However the length fields */
/* are in bytes or bits as appropriate for the version used */
/* and bit sequences are input as arrays of bytes in which */
/* bit sequences run from the most to the least significant */
/* end of each byte. The value 'len' in sha1_hash for the */
/* byte oriented version of SHA1 is limited to 2^29 bytes, */
/* but multiple calls will handle longer data blocks. */
VOID_RETURN sha1_compile(sha1_ctx ctx[1]);
VOID_RETURN sha1_begin(sha1_ctx ctx[1]);
VOID_RETURN sha1_hash(const unsigned char data[], unsigned long len, sha1_ctx ctx[1]);
VOID_RETURN sha1_end(unsigned char hval[], sha1_ctx ctx[1]);
VOID_RETURN sha1(unsigned char hval[], const unsigned char data[], unsigned long len);
#if defined(__cplusplus)
}
#endif
#endif

949
crypto/src/main/jni/final_key/sha/sha2.c Normal file
View File

@@ -0,0 +1,949 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
This code implements sha256, sha384 and sha512 but the latter two
functions rely on efficient 64-bit integer operations that may not be
very efficient on 32-bit machines
The sha256 functions use a type 'sha256_ctx' to hold details of the
current hash state and uses the following three calls:
void sha256_begin( sha256_ctx ctx[1] )
void sha256_hash( const unsigned char data[],
unsigned long len, sha256_ctx ctx[1] )
void sha_end1( unsigned char hval[], sha256_ctx ctx[1] )
The first subroutine initialises a hash computation by setting up the
context in the sha256_ctx context. The second subroutine hashes 8-bit
bytes from array data[] into the hash state withinh sha256_ctx context,
the number of bytes to be hashed being given by the the unsigned long
integer len. The third subroutine completes the hash calculation and
places the resulting digest value in the array of 8-bit bytes hval[].
The sha384 and sha512 functions are similar and use the interfaces:
void sha384_begin( sha384_ctx ctx[1] );
void sha384_hash( const unsigned char data[],
unsigned long len, sha384_ctx ctx[1] );
void sha384_end( unsigned char hval[], sha384_ctx ctx[1] );
void sha512_begin( sha512_ctx ctx[1] );
void sha512_hash( const unsigned char data[],
unsigned long len, sha512_ctx ctx[1] );
void sha512_end( unsigned char hval[], sha512_ctx ctx[1] );
In addition there is a function sha2 that can be used to call all these
functions using a call with a hash length parameter as follows:
int sha2_begin( unsigned long len, sha2_ctx ctx[1] );
void sha2_hash( const unsigned char data[],
unsigned long len, sha2_ctx ctx[1] );
void sha2_end( unsigned char hval[], sha2_ctx ctx[1] );
The data block length in any one call to any of these hash functions must
be no more than 2^32 - 1 bits or 2^29 - 1 bytes.
My thanks to Erik Andersen <andersen@codepoet.org> for testing this code
on big-endian systems and for his assistance with corrections
*/
#if 1
#define UNROLL_SHA2 /* for SHA2 loop unroll */
#endif
#include <string.h> /* for memcpy() etc. */
#include "sha2.h"
#include "brg_endian.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#if defined( _MSC_VER ) && ( _MSC_VER > 800 )
#pragma intrinsic(memcpy)
#pragma intrinsic(memset)
#endif
#if 0 && defined(_MSC_VER)
#define rotl32 _lrotl
#define rotr32 _lrotr
#else
#define rotl32(x,n) (((x) << n) | ((x) >> (32 - n)))
#define rotr32(x,n) (((x) >> n) | ((x) << (32 - n)))
#endif
#if !defined(bswap_32)
#define bswap_32(x) ((rotr32((x), 24) & 0x00ff00ff) | (rotr32((x), 8) & 0xff00ff00))
#endif
#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
#define SWAP_BYTES
#else
#undef SWAP_BYTES
#endif
#if 0
#define ch(x,y,z) (((x) & (y)) ^ (~(x) & (z)))
#define maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
#else /* Thanks to Rich Schroeppel and Colin Plumb for the following */
#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y))))
#endif
/* round transforms for SHA256 and SHA512 compression functions */
#define vf(n,i) v[(n - i) & 7]
#define hf(i) (p[i & 15] += \
g_1(p[(i + 14) & 15]) + p[(i + 9) & 15] + g_0(p[(i + 1) & 15]))
#define v_cycle(i,j) \
vf(7,i) += (j ? hf(i) : p[i]) + k_0[i+j] \
+ s_1(vf(4,i)) + ch(vf(4,i),vf(5,i),vf(6,i)); \
vf(3,i) += vf(7,i); \
vf(7,i) += s_0(vf(0,i))+ maj(vf(0,i),vf(1,i),vf(2,i))
#if defined(SHA_224) || defined(SHA_256)
#define SHA256_MASK (SHA256_BLOCK_SIZE - 1)
#if defined(SWAP_BYTES)
#define bsw_32(p,n) \
{ int _i = (n); while(_i--) ((uint32_t*)p)[_i] = bswap_32(((uint32_t*)p)[_i]); }
#else
#define bsw_32(p,n)
#endif
#define s_0(x) (rotr32((x), 2) ^ rotr32((x), 13) ^ rotr32((x), 22))
#define s_1(x) (rotr32((x), 6) ^ rotr32((x), 11) ^ rotr32((x), 25))
#define g_0(x) (rotr32((x), 7) ^ rotr32((x), 18) ^ ((x) >> 3))
#define g_1(x) (rotr32((x), 17) ^ rotr32((x), 19) ^ ((x) >> 10))
#define k_0 k256
/* rotated SHA256 round definition. Rather than swapping variables as in */
/* FIPS-180, different variables are 'rotated' on each round, returning */
/* to their starting positions every eight rounds */
#define q(n) v##n
#define one_cycle(a,b,c,d,e,f,g,h,k,w) \
q(h) += s_1(q(e)) + ch(q(e), q(f), q(g)) + k + w; \
q(d) += q(h); q(h) += s_0(q(a)) + maj(q(a), q(b), q(c))
/* SHA256 mixing data */
const uint32_t k256[64] =
{ 0x428a2f98ul, 0x71374491ul, 0xb5c0fbcful, 0xe9b5dba5ul,
0x3956c25bul, 0x59f111f1ul, 0x923f82a4ul, 0xab1c5ed5ul,
0xd807aa98ul, 0x12835b01ul, 0x243185beul, 0x550c7dc3ul,
0x72be5d74ul, 0x80deb1feul, 0x9bdc06a7ul, 0xc19bf174ul,
0xe49b69c1ul, 0xefbe4786ul, 0x0fc19dc6ul, 0x240ca1ccul,
0x2de92c6ful, 0x4a7484aaul, 0x5cb0a9dcul, 0x76f988daul,
0x983e5152ul, 0xa831c66dul, 0xb00327c8ul, 0xbf597fc7ul,
0xc6e00bf3ul, 0xd5a79147ul, 0x06ca6351ul, 0x14292967ul,
0x27b70a85ul, 0x2e1b2138ul, 0x4d2c6dfcul, 0x53380d13ul,
0x650a7354ul, 0x766a0abbul, 0x81c2c92eul, 0x92722c85ul,
0xa2bfe8a1ul, 0xa81a664bul, 0xc24b8b70ul, 0xc76c51a3ul,
0xd192e819ul, 0xd6990624ul, 0xf40e3585ul, 0x106aa070ul,
0x19a4c116ul, 0x1e376c08ul, 0x2748774cul, 0x34b0bcb5ul,
0x391c0cb3ul, 0x4ed8aa4aul, 0x5b9cca4ful, 0x682e6ff3ul,
0x748f82eeul, 0x78a5636ful, 0x84c87814ul, 0x8cc70208ul,
0x90befffaul, 0xa4506cebul, 0xbef9a3f7ul, 0xc67178f2ul,
};
/* Compile 64 bytes of hash data into SHA256 digest value */
/* NOTE: this routine assumes that the byte order in the */
/* ctx->wbuf[] at this point is such that low address bytes */
/* in the ORIGINAL byte stream will go into the high end of */
/* words on BOTH big and little endian systems */
VOID_RETURN sha256_compile(sha256_ctx ctx[1])
{
#if !defined(UNROLL_SHA2)
uint32_t j, *p = ctx->wbuf, v[8];
memcpy(v, ctx->hash, sizeof(ctx->hash));
for(j = 0; j < 64; j += 16)
{
v_cycle( 0, j); v_cycle( 1, j);
v_cycle( 2, j); v_cycle( 3, j);
v_cycle( 4, j); v_cycle( 5, j);
v_cycle( 6, j); v_cycle( 7, j);
v_cycle( 8, j); v_cycle( 9, j);
v_cycle(10, j); v_cycle(11, j);
v_cycle(12, j); v_cycle(13, j);
v_cycle(14, j); v_cycle(15, j);
}
ctx->hash[0] += v[0]; ctx->hash[1] += v[1];
ctx->hash[2] += v[2]; ctx->hash[3] += v[3];
ctx->hash[4] += v[4]; ctx->hash[5] += v[5];
ctx->hash[6] += v[6]; ctx->hash[7] += v[7];
#else
uint32_t *p = ctx->wbuf,v0,v1,v2,v3,v4,v5,v6,v7;
v0 = ctx->hash[0]; v1 = ctx->hash[1];
v2 = ctx->hash[2]; v3 = ctx->hash[3];
v4 = ctx->hash[4]; v5 = ctx->hash[5];
v6 = ctx->hash[6]; v7 = ctx->hash[7];
one_cycle(0,1,2,3,4,5,6,7,k256[ 0],p[ 0]);
one_cycle(7,0,1,2,3,4,5,6,k256[ 1],p[ 1]);
one_cycle(6,7,0,1,2,3,4,5,k256[ 2],p[ 2]);
one_cycle(5,6,7,0,1,2,3,4,k256[ 3],p[ 3]);
one_cycle(4,5,6,7,0,1,2,3,k256[ 4],p[ 4]);
one_cycle(3,4,5,6,7,0,1,2,k256[ 5],p[ 5]);
one_cycle(2,3,4,5,6,7,0,1,k256[ 6],p[ 6]);
one_cycle(1,2,3,4,5,6,7,0,k256[ 7],p[ 7]);
one_cycle(0,1,2,3,4,5,6,7,k256[ 8],p[ 8]);
one_cycle(7,0,1,2,3,4,5,6,k256[ 9],p[ 9]);
one_cycle(6,7,0,1,2,3,4,5,k256[10],p[10]);
one_cycle(5,6,7,0,1,2,3,4,k256[11],p[11]);
one_cycle(4,5,6,7,0,1,2,3,k256[12],p[12]);
one_cycle(3,4,5,6,7,0,1,2,k256[13],p[13]);
one_cycle(2,3,4,5,6,7,0,1,k256[14],p[14]);
one_cycle(1,2,3,4,5,6,7,0,k256[15],p[15]);
one_cycle(0,1,2,3,4,5,6,7,k256[16],hf( 0));
one_cycle(7,0,1,2,3,4,5,6,k256[17],hf( 1));
one_cycle(6,7,0,1,2,3,4,5,k256[18],hf( 2));
one_cycle(5,6,7,0,1,2,3,4,k256[19],hf( 3));
one_cycle(4,5,6,7,0,1,2,3,k256[20],hf( 4));
one_cycle(3,4,5,6,7,0,1,2,k256[21],hf( 5));
one_cycle(2,3,4,5,6,7,0,1,k256[22],hf( 6));
one_cycle(1,2,3,4,5,6,7,0,k256[23],hf( 7));
one_cycle(0,1,2,3,4,5,6,7,k256[24],hf( 8));
one_cycle(7,0,1,2,3,4,5,6,k256[25],hf( 9));
one_cycle(6,7,0,1,2,3,4,5,k256[26],hf(10));
one_cycle(5,6,7,0,1,2,3,4,k256[27],hf(11));
one_cycle(4,5,6,7,0,1,2,3,k256[28],hf(12));
one_cycle(3,4,5,6,7,0,1,2,k256[29],hf(13));
one_cycle(2,3,4,5,6,7,0,1,k256[30],hf(14));
one_cycle(1,2,3,4,5,6,7,0,k256[31],hf(15));
one_cycle(0,1,2,3,4,5,6,7,k256[32],hf( 0));
one_cycle(7,0,1,2,3,4,5,6,k256[33],hf( 1));
one_cycle(6,7,0,1,2,3,4,5,k256[34],hf( 2));
one_cycle(5,6,7,0,1,2,3,4,k256[35],hf( 3));
one_cycle(4,5,6,7,0,1,2,3,k256[36],hf( 4));
one_cycle(3,4,5,6,7,0,1,2,k256[37],hf( 5));
one_cycle(2,3,4,5,6,7,0,1,k256[38],hf( 6));
one_cycle(1,2,3,4,5,6,7,0,k256[39],hf( 7));
one_cycle(0,1,2,3,4,5,6,7,k256[40],hf( 8));
one_cycle(7,0,1,2,3,4,5,6,k256[41],hf( 9));
one_cycle(6,7,0,1,2,3,4,5,k256[42],hf(10));
one_cycle(5,6,7,0,1,2,3,4,k256[43],hf(11));
one_cycle(4,5,6,7,0,1,2,3,k256[44],hf(12));
one_cycle(3,4,5,6,7,0,1,2,k256[45],hf(13));
one_cycle(2,3,4,5,6,7,0,1,k256[46],hf(14));
one_cycle(1,2,3,4,5,6,7,0,k256[47],hf(15));
one_cycle(0,1,2,3,4,5,6,7,k256[48],hf( 0));
one_cycle(7,0,1,2,3,4,5,6,k256[49],hf( 1));
one_cycle(6,7,0,1,2,3,4,5,k256[50],hf( 2));
one_cycle(5,6,7,0,1,2,3,4,k256[51],hf( 3));
one_cycle(4,5,6,7,0,1,2,3,k256[52],hf( 4));
one_cycle(3,4,5,6,7,0,1,2,k256[53],hf( 5));
one_cycle(2,3,4,5,6,7,0,1,k256[54],hf( 6));
one_cycle(1,2,3,4,5,6,7,0,k256[55],hf( 7));
one_cycle(0,1,2,3,4,5,6,7,k256[56],hf( 8));
one_cycle(7,0,1,2,3,4,5,6,k256[57],hf( 9));
one_cycle(6,7,0,1,2,3,4,5,k256[58],hf(10));
one_cycle(5,6,7,0,1,2,3,4,k256[59],hf(11));
one_cycle(4,5,6,7,0,1,2,3,k256[60],hf(12));
one_cycle(3,4,5,6,7,0,1,2,k256[61],hf(13));
one_cycle(2,3,4,5,6,7,0,1,k256[62],hf(14));
one_cycle(1,2,3,4,5,6,7,0,k256[63],hf(15));
ctx->hash[0] += v0; ctx->hash[1] += v1;
ctx->hash[2] += v2; ctx->hash[3] += v3;
ctx->hash[4] += v4; ctx->hash[5] += v5;
ctx->hash[6] += v6; ctx->hash[7] += v7;
#endif
}
/* SHA256 hash data in an array of bytes into hash buffer */
/* and call the hash_compile function as required. */
VOID_RETURN sha256_hash(const unsigned char data[], unsigned long len, sha256_ctx ctx[1])
{ uint32_t pos = (uint32_t)((ctx->count[0] >> 3) & SHA256_MASK);
const unsigned char *sp = data;
unsigned char *w = (unsigned char*)ctx->wbuf;
#if SHA2_BITS == 1
uint32_t ofs = (ctx->count[0] & 7);
#else
len <<= 3;
#endif
if((ctx->count[0] += len) < len)
++(ctx->count[1]);
#if SHA2_BITS == 1
if(ofs) /* if not on a byte boundary */
{
if(ofs + len < 8) /* if no added bytes are needed */
{
w[pos] |= (*sp >> ofs);
}
else /* otherwise and add bytes */
{ unsigned char part = w[pos];
while((int)(ofs + (len -= 8)) >= 0)
{
w[pos++] = part | (*sp >> ofs);
part = *sp++ << (8 - ofs);
if(pos == SHA256_BLOCK_SIZE)
{
bsw_32(w, SHA256_BLOCK_SIZE >> 2);
sha256_compile(ctx); pos = 0;
}
}
w[pos] = part;
}
}
else /* data is byte aligned */
#endif
{ uint32_t space = SHA256_BLOCK_SIZE - pos;
while(len >= (space << 3))
{
memcpy(w + pos, sp, space);
bsw_32(w, SHA256_BLOCK_SIZE >> 2);
sha256_compile(ctx);
sp += space; len -= (space << 3);
space = SHA256_BLOCK_SIZE; pos = 0;
}
memcpy(w + pos, sp, (len + 7 * SHA2_BITS) >> 3);
}
}
/* SHA256 Final padding and digest calculation */
static void sha_end1(unsigned char hval[], sha256_ctx ctx[1], const unsigned int hlen)
{ uint32_t i = (uint32_t)((ctx->count[0] >> 3) & SHA256_MASK), m1;
/* put bytes in the buffer in an order in which references to */
/* 32-bit words will put bytes with lower addresses into the */
/* top of 32 bit words on BOTH big and little endian machines */
bsw_32(ctx->wbuf, (i + 3 + SHA2_BITS) >> 2)
/* we now need to mask valid bytes and add the padding which is */
/* a single 1 bit and as many zero bits as necessary. Note that */
/* we can always add the first padding byte here because the */
/* buffer always has at least one empty slot */
m1 = (unsigned char)0x80 >> (ctx->count[0] & 7);
ctx->wbuf[i >> 2] &= ((0xffffff00 | (~m1 + 1)) << 8 * (~i & 3));
ctx->wbuf[i >> 2] |= (m1 << 8 * (~i & 3));
/* we need 9 or more empty positions, one for the padding byte */
/* (above) and eight for the length count. If there is not */
/* enough space pad and empty the buffer */
if(i > SHA256_BLOCK_SIZE - 9)
{
if(i < 60) ctx->wbuf[15] = 0;
sha256_compile(ctx);
i = 0;
}
else /* compute a word index for the empty buffer positions */
i = (i >> 2) + 1;
while(i < 14) /* and zero pad all but last two positions */
ctx->wbuf[i++] = 0;
/* the following 32-bit length fields are assembled in the */
/* wrong byte order on little endian machines but this is */
/* corrected later since they are only ever used as 32-bit */
/* word values. */
ctx->wbuf[14] = ctx->count[1];
ctx->wbuf[15] = ctx->count[0];
sha256_compile(ctx);
/* extract the hash value as bytes in case the hash buffer is */
/* misaligned for 32-bit words */
for(i = 0; i < hlen; ++i)
hval[i] = ((ctx->hash[i >> 2] >> (8 * (~i & 3))) & 0xff);
}
#endif
#if defined(SHA_224)
const uint32_t i224[8] =
{
0xc1059ed8ul, 0x367cd507ul, 0x3070dd17ul, 0xf70e5939ul,
0xffc00b31ul, 0x68581511ul, 0x64f98fa7ul, 0xbefa4fa4ul
};
VOID_RETURN sha224_begin(sha224_ctx ctx[1])
{
memset(ctx, 0, sizeof(sha224_ctx));
memcpy(ctx->hash, i224, sizeof(ctx->hash));
}
VOID_RETURN sha224_end(unsigned char hval[], sha224_ctx ctx[1])
{
sha_end1(hval, ctx, SHA224_DIGEST_SIZE);
}
VOID_RETURN sha224(unsigned char hval[], const unsigned char data[], unsigned long len)
{ sha224_ctx cx[1];
sha224_begin(cx);
sha224_hash(data, len, cx);
sha_end1(hval, cx, SHA224_DIGEST_SIZE);
}
#endif
#if defined(SHA_256)
const uint32_t i256[8] =
{
0x6a09e667ul, 0xbb67ae85ul, 0x3c6ef372ul, 0xa54ff53aul,
0x510e527ful, 0x9b05688cul, 0x1f83d9abul, 0x5be0cd19ul
};
VOID_RETURN sha256_begin(sha256_ctx ctx[1])
{
memset(ctx, 0, sizeof(sha256_ctx));
memcpy(ctx->hash, i256, sizeof(ctx->hash));
}
VOID_RETURN sha256_end(unsigned char hval[], sha256_ctx ctx[1])
{
sha_end1(hval, ctx, SHA256_DIGEST_SIZE);
}
VOID_RETURN sha256(unsigned char hval[], const unsigned char data[], unsigned long len)
{ sha256_ctx cx[1];
sha256_begin(cx);
sha256_hash(data, len, cx);
sha_end1(hval, cx, SHA256_DIGEST_SIZE);
}
#endif
#if defined(SHA_384) || defined(SHA_512)
#define SHA512_MASK (SHA512_BLOCK_SIZE - 1)
#define rotr64(x,n) (((x) >> n) | ((x) << (64 - n)))
#if !defined(bswap_64)
#define bswap_64(x) (((uint64_t)(bswap_32((uint32_t)(x)))) << 32 | bswap_32((uint32_t)((x) >> 32)))
#endif
#if defined(SWAP_BYTES)
#define bsw_64(p,n) \
{ int _i = (n); while(_i--) ((uint64_t*)p)[_i] = bswap_64(((uint64_t*)p)[_i]); }
#else
#define bsw_64(p,n)
#endif
/* SHA512 mixing function definitions */
#ifdef s_0
# undef s_0
# undef s_1
# undef g_0
# undef g_1
# undef k_0
#endif
#define s_0(x) (rotr64((x), 28) ^ rotr64((x), 34) ^ rotr64((x), 39))
#define s_1(x) (rotr64((x), 14) ^ rotr64((x), 18) ^ rotr64((x), 41))
#define g_0(x) (rotr64((x), 1) ^ rotr64((x), 8) ^ ((x) >> 7))
#define g_1(x) (rotr64((x), 19) ^ rotr64((x), 61) ^ ((x) >> 6))
#define k_0 k512
/* SHA384/SHA512 mixing data */
const uint64_t k512[80] =
{
li_64(428a2f98d728ae22), li_64(7137449123ef65cd),
li_64(b5c0fbcfec4d3b2f), li_64(e9b5dba58189dbbc),
li_64(3956c25bf348b538), li_64(59f111f1b605d019),
li_64(923f82a4af194f9b), li_64(ab1c5ed5da6d8118),
li_64(d807aa98a3030242), li_64(12835b0145706fbe),
li_64(243185be4ee4b28c), li_64(550c7dc3d5ffb4e2),
li_64(72be5d74f27b896f), li_64(80deb1fe3b1696b1),
li_64(9bdc06a725c71235), li_64(c19bf174cf692694),
li_64(e49b69c19ef14ad2), li_64(efbe4786384f25e3),
li_64(0fc19dc68b8cd5b5), li_64(240ca1cc77ac9c65),
li_64(2de92c6f592b0275), li_64(4a7484aa6ea6e483),
li_64(5cb0a9dcbd41fbd4), li_64(76f988da831153b5),
li_64(983e5152ee66dfab), li_64(a831c66d2db43210),
li_64(b00327c898fb213f), li_64(bf597fc7beef0ee4),
li_64(c6e00bf33da88fc2), li_64(d5a79147930aa725),
li_64(06ca6351e003826f), li_64(142929670a0e6e70),
li_64(27b70a8546d22ffc), li_64(2e1b21385c26c926),
li_64(4d2c6dfc5ac42aed), li_64(53380d139d95b3df),
li_64(650a73548baf63de), li_64(766a0abb3c77b2a8),
li_64(81c2c92e47edaee6), li_64(92722c851482353b),
li_64(a2bfe8a14cf10364), li_64(a81a664bbc423001),
li_64(c24b8b70d0f89791), li_64(c76c51a30654be30),
li_64(d192e819d6ef5218), li_64(d69906245565a910),
li_64(f40e35855771202a), li_64(106aa07032bbd1b8),
li_64(19a4c116b8d2d0c8), li_64(1e376c085141ab53),
li_64(2748774cdf8eeb99), li_64(34b0bcb5e19b48a8),
li_64(391c0cb3c5c95a63), li_64(4ed8aa4ae3418acb),
li_64(5b9cca4f7763e373), li_64(682e6ff3d6b2b8a3),
li_64(748f82ee5defb2fc), li_64(78a5636f43172f60),
li_64(84c87814a1f0ab72), li_64(8cc702081a6439ec),
li_64(90befffa23631e28), li_64(a4506cebde82bde9),
li_64(bef9a3f7b2c67915), li_64(c67178f2e372532b),
li_64(ca273eceea26619c), li_64(d186b8c721c0c207),
li_64(eada7dd6cde0eb1e), li_64(f57d4f7fee6ed178),
li_64(06f067aa72176fba), li_64(0a637dc5a2c898a6),
li_64(113f9804bef90dae), li_64(1b710b35131c471b),
li_64(28db77f523047d84), li_64(32caab7b40c72493),
li_64(3c9ebe0a15c9bebc), li_64(431d67c49c100d4c),
li_64(4cc5d4becb3e42b6), li_64(597f299cfc657e2a),
li_64(5fcb6fab3ad6faec), li_64(6c44198c4a475817)
};
/* Compile 128 bytes of hash data into SHA384/512 digest */
/* NOTE: this routine assumes that the byte order in the */
/* ctx->wbuf[] at this point is such that low address bytes */
/* in the ORIGINAL byte stream will go into the high end of */
/* words on BOTH big and little endian systems */
VOID_RETURN sha512_compile(sha512_ctx ctx[1])
{ uint64_t v[8], *p = ctx->wbuf;
uint32_t j;
memcpy(v, ctx->hash, sizeof(ctx->hash));
for(j = 0; j < 80; j += 16)
{
v_cycle( 0, j); v_cycle( 1, j);
v_cycle( 2, j); v_cycle( 3, j);
v_cycle( 4, j); v_cycle( 5, j);
v_cycle( 6, j); v_cycle( 7, j);
v_cycle( 8, j); v_cycle( 9, j);
v_cycle(10, j); v_cycle(11, j);
v_cycle(12, j); v_cycle(13, j);
v_cycle(14, j); v_cycle(15, j);
}
ctx->hash[0] += v[0]; ctx->hash[1] += v[1];
ctx->hash[2] += v[2]; ctx->hash[3] += v[3];
ctx->hash[4] += v[4]; ctx->hash[5] += v[5];
ctx->hash[6] += v[6]; ctx->hash[7] += v[7];
}
/* Compile 128 bytes of hash data into SHA256 digest value */
/* NOTE: this routine assumes that the byte order in the */
/* ctx->wbuf[] at this point is in such an order that low */
/* address bytes in the ORIGINAL byte stream placed in this */
/* buffer will now go to the high end of words on BOTH big */
/* and little endian systems */
VOID_RETURN sha512_hash(const unsigned char data[], unsigned long len, sha512_ctx ctx[1])
{ uint32_t pos = (uint32_t)(ctx->count[0] >> 3) & SHA512_MASK;
const unsigned char *sp = data;
unsigned char *w = (unsigned char*)ctx->wbuf;
#if SHA2_BITS == 1
uint32_t ofs = (ctx->count[0] & 7);
#else
len <<= 3;
#endif
if((ctx->count[0] += len) < len)
++(ctx->count[1]);
#if SHA2_BITS == 1
if(ofs) /* if not on a byte boundary */
{
if(ofs + len < 8) /* if no added bytes are needed */
{
w[pos] |= (*sp >> ofs);
}
else /* otherwise and add bytes */
{ unsigned char part = w[pos];
while((int)(ofs + (len -= 8)) >= 0)
{
w[pos++] = part | (*sp >> ofs);
part = *sp++ << (8 - ofs);
if(pos == SHA512_BLOCK_SIZE)
{
bsw_64(w, SHA512_BLOCK_SIZE >> 3);
sha512_compile(ctx); pos = 0;
}
}
w[pos] = part;
}
}
else /* data is byte aligned */
#endif
{ uint32_t space = SHA512_BLOCK_SIZE - pos;
while(len >= (space << 3))
{
memcpy(w + pos, sp, space);
bsw_64(w, SHA512_BLOCK_SIZE >> 3);
sha512_compile(ctx);
sp += space; len -= (space << 3);
space = SHA512_BLOCK_SIZE; pos = 0;
}
memcpy(w + pos, sp, (len + 7 * SHA2_BITS) >> 3);
}
}
/* SHA384/512 Final padding and digest calculation */
static void sha_end2(unsigned char hval[], sha512_ctx ctx[1], const unsigned int hlen)
{ uint32_t i = (uint32_t)((ctx->count[0] >> 3) & SHA512_MASK);
uint64_t m1;
/* put bytes in the buffer in an order in which references to */
/* 32-bit words will put bytes with lower addresses into the */
/* top of 32 bit words on BOTH big and little endian machines */
bsw_64(ctx->wbuf, (i + 7 + SHA2_BITS) >> 3);
/* we now need to mask valid bytes and add the padding which is */
/* a single 1 bit and as many zero bits as necessary. Note that */
/* we can always add the first padding byte here because the */
/* buffer always has at least one empty slot */
m1 = (unsigned char)0x80 >> (ctx->count[0] & 7);
ctx->wbuf[i >> 3] &= ((li_64(ffffffffffffff00) | (~m1 + 1)) << 8 * (~i & 7));
ctx->wbuf[i >> 3] |= (m1 << 8 * (~i & 7));
/* we need 17 or more empty byte positions, one for the padding */
/* byte (above) and sixteen for the length count. If there is */
/* not enough space pad and empty the buffer */
if(i > SHA512_BLOCK_SIZE - 17)
{
if(i < 120) ctx->wbuf[15] = 0;
sha512_compile(ctx);
i = 0;
}
else
i = (i >> 3) + 1;
while(i < 14)
ctx->wbuf[i++] = 0;
/* the following 64-bit length fields are assembled in the */
/* wrong byte order on little endian machines but this is */
/* corrected later since they are only ever used as 64-bit */
/* word values. */
ctx->wbuf[14] = ctx->count[1];
ctx->wbuf[15] = ctx->count[0];
sha512_compile(ctx);
/* extract the hash value as bytes in case the hash buffer is */
/* misaligned for 32-bit words */
for(i = 0; i < hlen; ++i)
hval[i] = ((ctx->hash[i >> 3] >> (8 * (~i & 7))) & 0xff);
}
#endif
#if defined(SHA_384)
/* SHA384 initialisation data */
const uint64_t i384[80] =
{
li_64(cbbb9d5dc1059ed8), li_64(629a292a367cd507),
li_64(9159015a3070dd17), li_64(152fecd8f70e5939),
li_64(67332667ffc00b31), li_64(8eb44a8768581511),
li_64(db0c2e0d64f98fa7), li_64(47b5481dbefa4fa4)
};
VOID_RETURN sha384_begin(sha384_ctx ctx[1])
{
memset(ctx, 0, sizeof(sha384_ctx));
memcpy(ctx->hash, i384, sizeof(ctx->hash));
}
VOID_RETURN sha384_end(unsigned char hval[], sha384_ctx ctx[1])
{
sha_end2(hval, ctx, SHA384_DIGEST_SIZE);
}
VOID_RETURN sha384(unsigned char hval[], const unsigned char data[], unsigned long len)
{ sha384_ctx cx[1];
sha384_begin(cx);
sha384_hash(data, len, cx);
sha_end2(hval, cx, SHA384_DIGEST_SIZE);
}
#endif
#if defined(SHA_512)
/* SHA512 initialisation data */
static const uint64_t i512[SHA512_DIGEST_SIZE >> 3] =
{
li_64(6a09e667f3bcc908), li_64(bb67ae8584caa73b),
li_64(3c6ef372fe94f82b), li_64(a54ff53a5f1d36f1),
li_64(510e527fade682d1), li_64(9b05688c2b3e6c1f),
li_64(1f83d9abfb41bd6b), li_64(5be0cd19137e2179)
};
/* FIPS PUB 180-4: SHA-512/256 */
static const uint64_t i512_256[SHA512_DIGEST_SIZE >> 3] =
{
li_64(22312194fc2bf72c), li_64(9f555fa3c84c64c2),
li_64(2393b86b6f53b151), li_64(963877195940eabd),
li_64(96283ee2a88effe3), li_64(be5e1e2553863992),
li_64(2b0199fc2c85b8aa), li_64(0eb72ddc81c52ca2),
};
/* FIPS PUB 180-4: SHA-512/224 */
static const uint64_t i512_224[SHA512_DIGEST_SIZE >> 3] =
{
li_64(8c3d37c819544da2), li_64(73e1996689dcd4d6),
li_64(1dfab7ae32ff9c82), li_64(679dd514582f9fcf),
li_64(0f6d2b697bd44da8), li_64(77e36f7304c48942),
li_64(3f9d85a86a1d36c8), li_64(1112e6ad91d692a1),
};
/* FIPS PUB 180-4: SHA-512/192 (unsanctioned; facilitates using AES-192) */
static const uint64_t i512_192[SHA512_DIGEST_SIZE >> 3] =
{
li_64(010176140648b233), li_64(db92aeb1eebadd6f),
li_64(83a9e27aa1d5ea62), li_64(ec95f77eb609b4e1),
li_64(71a99185c75caefa), li_64(006e8f08baf32e3c),
li_64(6a2b21abd2db2aec), li_64(24926cdbd918a27f),
};
/* FIPS PUB 180-4: SHA-512/128 (unsanctioned; facilitates using AES-128) */
static const uint64_t i512_128[SHA512_DIGEST_SIZE >> 3] =
{
li_64(c953a21464c3e8cc), li_64(06cc9cfd166a34b5),
li_64(647e88dabf8b24ab), li_64(8513e4dc05a078ac),
li_64(7266fcfb7cba0534), li_64(854a78e2ecd19b93),
li_64(8618061711cec2dd), li_64(b20d8506efb929b1),
};
VOID_RETURN sha512_begin(sha512_ctx ctx[1])
{
memset(ctx, 0, sizeof(sha512_ctx));
memcpy(ctx->hash, i512, sizeof(ctx->hash));
}
VOID_RETURN sha512_256_begin(sha512_ctx ctx[1])
{
memset(ctx, 0, sizeof(sha512_ctx));
memcpy(ctx->hash, i512_256, sizeof(ctx->hash));
}
VOID_RETURN sha512_224_begin(sha512_ctx ctx[1])
{
memset(ctx, 0, sizeof(sha512_ctx));
memcpy(ctx->hash, i512_224, sizeof(ctx->hash));
}
VOID_RETURN sha512_192_begin(sha512_ctx ctx[1])
{
memset(ctx, 0, sizeof(sha512_ctx));
memcpy(ctx->hash, i512_192, sizeof(ctx->hash));
}
VOID_RETURN sha512_128_begin(sha512_ctx ctx[1])
{
memset(ctx, 0, sizeof(sha512_ctx));
memcpy(ctx->hash, i512_128, sizeof(ctx->hash));
}
VOID_RETURN sha512_end(unsigned char hval[], sha512_ctx ctx[1])
{
sha_end2(hval, ctx, SHA512_DIGEST_SIZE);
}
VOID_RETURN sha512_256_end(unsigned char hval[], sha512_ctx ctx[1])
{
sha_end2(hval, ctx, SHA512_256_DIGEST_SIZE);
}
VOID_RETURN sha512_224_end(unsigned char hval[], sha512_ctx ctx[1])
{
sha_end2(hval, ctx, SHA512_224_DIGEST_SIZE);
}
VOID_RETURN sha512_192_end(unsigned char hval[], sha512_ctx ctx[1])
{
sha_end2(hval, ctx, SHA512_192_DIGEST_SIZE);
}
VOID_RETURN sha512_128_end(unsigned char hval[], sha512_ctx ctx[1])
{
sha_end2(hval, ctx, SHA512_128_DIGEST_SIZE);
}
VOID_RETURN sha512(unsigned char hval[], const unsigned char data[], unsigned long len)
{ sha512_ctx cx[1];
sha512_begin(cx);
sha512_hash(data, len, cx);
sha512_end(hval, cx);
}
VOID_RETURN sha512_256(unsigned char hval[], const unsigned char data[], unsigned long len)
{ sha512_ctx cx[1];
sha512_256_begin(cx);
sha512_256_hash(data, len, cx);
sha512_256_end(hval, cx);
}
VOID_RETURN sha512_224(unsigned char hval[], const unsigned char data[], unsigned long len)
{ sha512_ctx cx[1];
sha512_224_begin(cx);
sha512_224_hash(data, len, cx);
sha512_224_end(hval, cx);
}
VOID_RETURN sha512_192(unsigned char hval[], const unsigned char data[], unsigned long len)
{ sha512_ctx cx[1];
sha512_192_begin(cx);
sha512_192_hash(data, len, cx);
sha512_192_end(hval, cx);
}
VOID_RETURN sha512_128(unsigned char hval[], const unsigned char data[], unsigned long len)
{ sha512_ctx cx[1];
sha512_128_begin(cx);
sha512_128_hash(data, len, cx);
sha512_128_end(hval, cx);
}
#endif
#if defined(SHA_2)
#define CTX_224(x) ((x)->uu->ctx256)
#define CTX_256(x) ((x)->uu->ctx256)
#define CTX_384(x) ((x)->uu->ctx512)
#define CTX_512(x) ((x)->uu->ctx512)
/* SHA2 initialisation */
INT_RETURN sha2_begin(unsigned long len, sha2_ctx ctx[1])
{
switch(len)
{
#if defined(SHA_224)
case 224:
case 28: CTX_256(ctx)->count[0] = CTX_256(ctx)->count[1] = 0;
memcpy(CTX_256(ctx)->hash, i224, 32);
ctx->sha2_len = 28; return EXIT_SUCCESS;
#endif
#if defined(SHA_256)
case 256:
case 32: CTX_256(ctx)->count[0] = CTX_256(ctx)->count[1] = 0;
memcpy(CTX_256(ctx)->hash, i256, 32);
ctx->sha2_len = 32; return EXIT_SUCCESS;
#endif
#if defined(SHA_384)
case 384:
case 48: CTX_384(ctx)->count[0] = CTX_384(ctx)->count[1] = 0;
memcpy(CTX_384(ctx)->hash, i384, 64);
ctx->sha2_len = 48; return EXIT_SUCCESS;
#endif
#if defined(SHA_512)
case 512:
case 64: CTX_512(ctx)->count[0] = CTX_512(ctx)->count[1] = 0;
memcpy(CTX_512(ctx)->hash, i512, 64);
ctx->sha2_len = 64; return EXIT_SUCCESS;
#endif
default: return EXIT_FAILURE;
}
}
VOID_RETURN sha2_hash(const unsigned char data[], unsigned long len, sha2_ctx ctx[1])
{
switch(ctx->sha2_len)
{
#if defined(SHA_224)
case 28: sha224_hash(data, len, CTX_224(ctx)); return;
#endif
#if defined(SHA_256)
case 32: sha256_hash(data, len, CTX_256(ctx)); return;
#endif
#if defined(SHA_384)
case 48: sha384_hash(data, len, CTX_384(ctx)); return;
#endif
#if defined(SHA_512)
case 64: sha512_hash(data, len, CTX_512(ctx)); return;
#endif
}
}
VOID_RETURN sha2_end(unsigned char hval[], sha2_ctx ctx[1])
{
switch(ctx->sha2_len)
{
#if defined(SHA_224)
case 28: sha_end1(hval, CTX_224(ctx), SHA224_DIGEST_SIZE); return;
#endif
#if defined(SHA_256)
case 32: sha_end1(hval, CTX_256(ctx), SHA256_DIGEST_SIZE); return;
#endif
#if defined(SHA_384)
case 48: sha_end2(hval, CTX_384(ctx), SHA384_DIGEST_SIZE); return;
#endif
#if defined(SHA_512)
case 64: sha_end2(hval, CTX_512(ctx), SHA512_DIGEST_SIZE); return;
#endif
}
}
INT_RETURN sha2(unsigned char hval[], unsigned long size,
const unsigned char data[], unsigned long len)
{ sha2_ctx cx[1];
if(sha2_begin(size, cx) == EXIT_SUCCESS)
{
sha2_hash(data, len, cx); sha2_end(hval, cx); return EXIT_SUCCESS;
}
else
return EXIT_FAILURE;
}
#endif
#if defined(__cplusplus)
}
#endif

183
crypto/src/main/jni/final_key/sha/sha2.h Normal file
View File

@@ -0,0 +1,183 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
*/
#ifndef _SHA2_H
#define _SHA2_H
#include <stdlib.h>
/* define for bit or byte oriented SHA */
#if 1
# define SHA2_BITS 0 /* byte oriented */
#else
# define SHA2_BITS 1 /* bit oriented */
#endif
/* define the hash functions that you need */
/* define for 64-bit SHA384 and SHA512 */
#define SHA_64BIT
#define SHA_2 /* for dynamic hash length */
#define SHA_224
#define SHA_256
#ifdef SHA_64BIT
# define SHA_384
# define SHA_512
# define NEED_uint64_t
#endif
#define SHA2_MAX_DIGEST_SIZE 64
#define SHA2_MAX_BLOCK_SIZE 128
#include "brg_types.h"
#if defined(__cplusplus)
extern "C"
{
#endif
/* Note that the following function prototypes are the same */
/* for both the bit and byte oriented implementations. But */
/* the length fields are in bytes or bits as is appropriate */
/* for the version used. Bit sequences are arrays of bytes */
/* in which bit sequence indexes increase from the most to */
/* the least significant end of each byte. The value 'len' */
/* in sha<nnn>_hash for the byte oriented versions of SHA2 */
/* is limited to 2^29 bytes, but multiple calls will handle */
/* longer data blocks. */
#define SHA224_DIGEST_SIZE 28
#define SHA224_BLOCK_SIZE 64
#define SHA256_DIGEST_SIZE 32
#define SHA256_BLOCK_SIZE 64
/* type to hold the SHA256 (and SHA224) context */
typedef struct
{ uint32_t count[2];
uint32_t hash[SHA256_DIGEST_SIZE >> 2];
uint32_t wbuf[SHA256_BLOCK_SIZE >> 2];
} sha256_ctx;
typedef sha256_ctx sha224_ctx;
VOID_RETURN sha256_compile(sha256_ctx ctx[1]);
VOID_RETURN sha224_begin(sha224_ctx ctx[1]);
#define sha224_hash sha256_hash
VOID_RETURN sha224_end(unsigned char hval[], sha224_ctx ctx[1]);
VOID_RETURN sha224(unsigned char hval[], const unsigned char data[], unsigned long len);
VOID_RETURN sha256_begin(sha256_ctx ctx[1]);
VOID_RETURN sha256_hash(const unsigned char data[], unsigned long len, sha256_ctx ctx[1]);
VOID_RETURN sha256_end(unsigned char hval[], sha256_ctx ctx[1]);
VOID_RETURN sha256(unsigned char hval[], const unsigned char data[], unsigned long len);
#ifndef SHA_64BIT
typedef struct
{ union
{ sha256_ctx ctx256[1];
} uu[1];
uint32_t sha2_len;
} sha2_ctx;
#else
#define SHA384_DIGEST_SIZE 48
#define SHA384_BLOCK_SIZE 128
#define SHA512_DIGEST_SIZE 64
#define SHA512_BLOCK_SIZE 128
#define SHA512_128_DIGEST_SIZE 16
#define SHA512_128_BLOCK_SIZE SHA512_BLOCK_SIZE
#define SHA512_192_DIGEST_SIZE 24
#define SHA512_192_BLOCK_SIZE SHA512_BLOCK_SIZE
#define SHA512_224_DIGEST_SIZE 28
#define SHA512_224_BLOCK_SIZE SHA512_BLOCK_SIZE
#define SHA512_256_DIGEST_SIZE 32
#define SHA512_256_BLOCK_SIZE SHA512_BLOCK_SIZE
/* type to hold the SHA384 (and SHA512) context */
typedef struct
{ uint64_t count[2];
uint64_t hash[SHA512_DIGEST_SIZE >> 3];
uint64_t wbuf[SHA512_BLOCK_SIZE >> 3];
} sha512_ctx;
typedef sha512_ctx sha384_ctx;
typedef struct
{ union
{ sha256_ctx ctx256[1];
sha512_ctx ctx512[1];
} uu[1];
uint32_t sha2_len;
} sha2_ctx;
VOID_RETURN sha512_compile(sha512_ctx ctx[1]);
VOID_RETURN sha384_begin(sha384_ctx ctx[1]);
#define sha384_hash sha512_hash
VOID_RETURN sha384_end(unsigned char hval[], sha384_ctx ctx[1]);
VOID_RETURN sha384(unsigned char hval[], const unsigned char data[], unsigned long len);
VOID_RETURN sha512_begin(sha512_ctx ctx[1]);
VOID_RETURN sha512_hash(const unsigned char data[], unsigned long len, sha512_ctx ctx[1]);
VOID_RETURN sha512_end(unsigned char hval[], sha512_ctx ctx[1]);
VOID_RETURN sha512(unsigned char hval[], const unsigned char data[], unsigned long len);
VOID_RETURN sha512_256_begin(sha512_ctx ctx[1]);
#define sha512_256_hash sha512_hash
VOID_RETURN sha512_256_end(unsigned char hval[], sha512_ctx ctx[1]);
VOID_RETURN sha512_256(unsigned char hval[], const unsigned char data[], unsigned long len);
VOID_RETURN sha512_224_begin(sha512_ctx ctx[1]);
#define sha512_224_hash sha512_hash
VOID_RETURN sha512_224_end(unsigned char hval[], sha512_ctx ctx[1]);
VOID_RETURN sha512_224(unsigned char hval[], const unsigned char data[], unsigned long len);
VOID_RETURN sha512_192_begin(sha512_ctx ctx[1]);
#define sha512_192_hash sha512_hash
VOID_RETURN sha512_192_end(unsigned char hval[], sha512_ctx ctx[1]);
VOID_RETURN sha512_192(unsigned char hval[], const unsigned char data[], unsigned long len);
VOID_RETURN sha512_128_begin(sha512_ctx ctx[1]);
#define sha512_128_hash sha512_hash
VOID_RETURN sha512_128_end(unsigned char hval[], sha512_ctx ctx[1]);
VOID_RETURN sha512_128(unsigned char hval[], const unsigned char data[], unsigned long len);
INT_RETURN sha2_begin(unsigned long size, sha2_ctx ctx[1]);
VOID_RETURN sha2_hash(const unsigned char data[], unsigned long len, sha2_ctx ctx[1]);
VOID_RETURN sha2_end(unsigned char hval[], sha2_ctx ctx[1]);
INT_RETURN sha2(unsigned char hval[], unsigned long size, const unsigned char data[], unsigned long len);
#endif
#if defined(__cplusplus)
}
#endif
#endif

81
crypto/src/main/jni/final_key/sha/shasum.c Normal file
View File

@@ -0,0 +1,81 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation.
This software is provided 'as is' with no explicit or implied warranties
in respect of its operation, including, but not limited to, correctness
and fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "sha2.h"
#define BUF_SIZE 16384
int main(int argc, char *argv[])
{ FILE *inf;
sha256_ctx ctx[1];
unsigned char buf[BUF_SIZE], hval[SHA256_DIGEST_SIZE];
int i, len, is_console;
if(argc != 2)
{
printf("\nusage: shasum filename\n");
exit(0);
}
if(is_console = (!strcmp(argv[1], "con") || !strcmp(argv[1], "CON")))
{
if(!(inf = fopen(argv[1], "r")))
{
printf("\n%s not found\n", argv[1]);
exit(0);
}
}
else if(!(inf = fopen(argv[1], "rb")))
{
printf("\n%s not found\n", argv[1]);
exit(0);
}
sha256_begin(ctx);
do
{
len = (int)fread(buf, 1, BUF_SIZE, inf);
i = len;
if(is_console)
{
i = 0;
while(i < len && buf[i] != '\x1a')
++i;
}
if(i)
sha256_hash(buf, i, ctx);
}
while
(len && i == len);
fclose(inf);
sha256_end(hval, ctx);
printf("\n");
for(i = 0; i < SHA256_DIGEST_SIZE; ++i)
printf("%02x", hval[i]);
printf("\n");
return 0;
}

21
crypto/src/main/res/values/strings.xml Normal file
View File

@@ -0,0 +1,21 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
Copyright 2021 Jeremy Jamet / Kunzisoft.
This file is part of KeePassDX.
KeePassDX is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
KeePassDX is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with KeePassDX. If not, see <http://www.gnu.org/licenses/>.
-->
<resources xmlns:tools="http://schemas.android.com/tools" tools:ignore="MissingTranslation">
</resources>