/home/aherms/Code/git/awds-routing/src/crypto/gladman/aesopt.h

00001 /*
00002  ---------------------------------------------------------------------------
00003  Copyright (c) 2003, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
00004  All rights reserved.
00005 
00006  LICENSE TERMS
00007 
00008  The free distribution and use of this software in both source and binary
00009  form is allowed (with or without changes) provided that:
00010 
00011    1. distributions of this source code include the above copyright
00012       notice, this list of conditions and the following disclaimer;
00013 
00014    2. distributions in binary form include the above copyright
00015       notice, this list of conditions and the following disclaimer
00016       in the documentation and/or other associated materials;
00017 
00018    3. the copyright holder's name is not used to endorse products
00019       built using this software without specific written permission.
00020 
00021  ALTERNATIVELY, provided that this notice is retained in full, this product
00022  may be distributed under the terms of the GNU General Public License (GPL),
00023  in which case the provisions of the GPL apply INSTEAD OF those given above.
00024 
00025  DISCLAIMER
00026 
00027  This software is provided 'as is' with no explicit or implied warranties
00028  in respect of its properties, including, but not limited to, correctness
00029  and/or fitness for purpose.
00030  ---------------------------------------------------------------------------
00031  Issue Date: 1/05/2003
00032 
00033  This file contains the compilation options for AES (Rijndael) and code
00034  that is common across encryption, key scheduling and table generation.
00035 
00036     OPERATION
00037 
00038     These source code files implement the AES algorithm Rijndael designed by
00039     Joan Daemen and Vincent Rijmen. This version is designed for the standard
00040     block size of 16 bytes and for key sizes of 128, 192 and 256 bits (16, 24
00041     and 32 bytes).
00042 
00043     This version is designed for flexibility and speed using operations on
00044     32-bit words rather than operations on bytes.  It can be compiled with
00045     either big or little endian internal byte order but is faster when the
00046     native byte order for the processor is used.
00047 
00048     THE CIPHER INTERFACE
00049 
00050     The cipher interface is implemented as an array of bytes in which lower
00051     AES bit sequence indexes map to higher numeric significance within bytes.
00052 
00053     aes_08t                 (an unsigned  8-bit type)
00054     aes_32t                 (an unsigned 32-bit type)
00055     struct aes_encrypt_ctx  (structure for the cipher encryption context)
00056     struct aes_decrypt_ctx  (structure for the cipher decryption context)
00057     aes_rval                the function return type
00058 
00059     C subroutine calls:
00060 
00061       aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1]);
00062       aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1]);
00063       aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1]);
00064       aes_rval aes_encrypt(const void *in_blk,
00065                                  void *out_blk, const aes_encrypt_ctx cx[1]);
00066 
00067       aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1]);
00068       aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1]);
00069       aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1]);
00070       aes_rval aes_decrypt(const void *in_blk,
00071                                  void *out_blk, const aes_decrypt_ctx cx[1]);
00072 
00073     IMPORTANT NOTE: If you are using this C interface with dynamic tables make sure that
00074     you call genTabs() before AES is used so that the tables are initialised.
00075 
00076     C++ aes class subroutines:
00077 
00078         Class AESencrypt  for encryption
00079 
00080         Construtors:
00081             AESencrypt(void)
00082             AESencrypt(const void *in_key) - 128 bit key
00083         Members:
00084             void key128(const void *in_key)
00085             void key192(const void *in_key)
00086             void key256(const void *in_key)
00087             void encrypt(const void *in_blk, void *out_blk) const
00088 
00089         Class AESdecrypt  for encryption
00090         Construtors:
00091             AESdecrypt(void)
00092             AESdecrypt(const void *in_key) - 128 bit key
00093         Members:
00094             void key128(const void *in_key)
00095             void key192(const void *in_key)
00096             void key256(const void *in_key)
00097             void decrypt(const void *in_blk, void *out_blk) const
00098 
00099     COMPILATION
00100 
00101     The files used to provide AES (Rijndael) are
00102 
00103     a. aes.h for the definitions needed for use in C.
00104     b. aescpp.h for the definitions needed for use in C++.
00105     c. aesopt.h for setting compilation options (also includes common code).
00106     d. aescrypt.c for encryption and decrytpion, or
00107     e. aeskey.c for key scheduling.
00108     f. aestab.c for table loading or generation.
00109     g. aescrypt.asm for encryption and decryption using assembler code.
00110     h. aescrypt.mmx.asm for encryption and decryption using MMX assembler.
00111 
00112     To compile AES (Rijndael) for use in C code use aes.h and set the
00113     defines here for the facilities you need (key lengths, encryption
00114     and/or decryption). Do not define AES_DLL or AES_CPP.  Set the options
00115     for optimisations and table sizes here.
00116 
00117     To compile AES (Rijndael) for use in in C++ code use aescpp.h but do
00118     not define AES_DLL
00119 
00120     To compile AES (Rijndael) in C as a Dynamic Link Library DLL) use
00121     aes.h and include the AES_DLL define.
00122 
00123     CONFIGURATION OPTIONS (here and in aes.h)
00124 
00125     a. set AES_DLL in aes.h if AES (Rijndael) is to be compiled as a DLL
00126     b. You may need to set PLATFORM_BYTE_ORDER to define the byte order.
00127     c. If you want the code to run in a specific internal byte order, then
00128        INTERNAL_BYTE_ORDER must be set accordingly.
00129     d. set other configuration options decribed below.
00130 */
00131 
00132 #ifndef _AESOPT_H
00133 #define _AESOPT_H
00134 
00135 #if defined(__cplusplus)
00136 extern "C"
00137 {
00138 #endif
00139 
00140 /*  START OF CONFIGURATION OPTIONS
00141 
00142     USE OF DEFINES
00143 
00144     Later in this section there are a number of defines that control the
00145     operation of the code.  In each section, the purpose of each define is
00146     explained so that the relevant form can be included or excluded by
00147     setting either 1's or 0's respectively on the branches of the related
00148     #if clauses.
00149 */
00150 
00151 /*  DO NOT CHANGE THE FOLLOWING EIGHT DEFINES   */
00152 
00153 #define NO_TABLES              0
00154 #define ONE_TABLE              1
00155 #define FOUR_TABLES            4
00156 #define NONE                   0
00157 #define PARTIAL                1
00158 #define FULL                   2
00159 #define AES_LITTLE_ENDIAN   1234 /* byte 0 is least significant (i386) */
00160 #define AES_BIG_ENDIAN      4321 /* byte 0 is most significant (mc68k) */
00161 
00162 /*  1. PLATFORM SPECIFIC INCLUDES */
00163 
00164 #if defined( __CRYPTLIB__ ) && !defined( INC_ALL ) && !defined( INC_CHILD )
00165 #include "crypt/aes.h"
00166 #else
00167   #include "aes.h"
00168 #endif
00169 
00170 #if defined(__GNUC__) || defined(__GNU_LIBRARY__)
00171 #  if defined( __FreeBSD__ ) || defined( __OpenBSD__ )
00172 #    include <sys/endian.h>
00173 #  else
00174 #    include <endian.h>
00175 #    include <byteswap.h>
00176 #endif /* *BSDs don't use standard Gnu setup */
00177 #elif defined(__CRYPTLIB__)
00178 #  if defined( INC_ALL )
00179 #    include "crypt.h"
00180 #  elif defined( INC_CHILD )
00181 #    include "../crypt.h"
00182 #  else
00183 #    include "crypt.h"
00184 #  endif
00185 #  if defined(DATA_LITTLEENDIAN)
00186 #    define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
00187 #  else
00188 #    define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
00189 #  endif
00190 #elif defined(_MSC_VER)
00191 #  include <stdlib.h>
00192 #elif !defined(WIN32)
00193 #  include <stdlib.h>
00194 #  if !defined (_ENDIAN_H)
00195 #    include <sys/param.h>
00196 #  else
00197 #    include _ENDIAN_H
00198 #  endif
00199 #endif
00200 
00201 /*  2. BYTE ORDER IN 32-BIT WORDS
00202 
00203     To obtain the highest speed on processors with 32-bit words, this code
00204     needs to determine the order in which bytes are packed into such words.
00205     The following block of code is an attempt to capture the most obvious
00206     ways in which various environemnts define byte order. It may well fail,
00207     in which case the definitions will need to be set by editing at the
00208     points marked **** EDIT HERE IF NECESSARY **** below.
00209 */
00210 #if !defined(PLATFORM_BYTE_ORDER)
00211 #if defined(LITTLE_ENDIAN) || defined(BIG_ENDIAN)
00212 #  if defined(LITTLE_ENDIAN) && defined(BIG_ENDIAN)
00213 #    if defined(BYTE_ORDER)
00214 #      if   (BYTE_ORDER == LITTLE_ENDIAN)
00215 #        define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
00216 #      elif (BYTE_ORDER == BIG_ENDIAN)
00217 #        define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
00218 #      endif
00219 #    endif
00220 #  elif defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN)
00221 #    define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
00222 #  elif !defined(LITTLE_ENDIAN) && defined(BIG_ENDIAN)
00223 #    define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
00224 #  endif
00225 #elif defined(_LITTLE_ENDIAN) || defined(_BIG_ENDIAN)
00226 #  if defined(_LITTLE_ENDIAN) && defined(_BIG_ENDIAN)
00227 #    if defined(_BYTE_ORDER)
00228 #      if   (_BYTE_ORDER == _LITTLE_ENDIAN)
00229 #        define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
00230 #      elif (_BYTE_ORDER == _BIG_ENDIAN)
00231 #        define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
00232 #      endif
00233 #    endif
00234 #  elif defined(_LITTLE_ENDIAN) && !defined(_BIG_ENDIAN)
00235 #    define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
00236 #  elif !defined(_LITTLE_ENDIAN) && defined(_BIG_ENDIAN)
00237 #    define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
00238 #  endif
00239 #elif 0     /* **** EDIT HERE IF NECESSARY **** */
00240 #define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
00241 #elif 0     /* **** EDIT HERE IF NECESSARY **** */
00242 #define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
00243 #elif (('1234' >> 24) == '1')
00244 #  define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
00245 #elif (('4321' >> 24) == '1')
00246 #  define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
00247 #endif
00248 #endif
00249 
00250 #if !defined(PLATFORM_BYTE_ORDER)
00251 #  error Please set undetermined byte order (lines 241 or 243 of aesopt.h).
00252 #endif
00253 
00254 /*  3. FUNCTIONS REQUIRED
00255 
00256     This implementation provides subroutines for encryption, decryption
00257     and for setting the three key lengths (separately) for encryption
00258     and decryption. When the assembler code is not being used the following
00259     definition blocks allow the selection of the routines that are to be
00260     included in the compilation.
00261 */
00262 #ifdef AES_ENCRYPT
00263 #define ENCRYPTION
00264 #define ENCRYPTION_KEY_SCHEDULE
00265 #endif
00266 
00267 #ifdef AES_DECRYPT
00268 #define DECRYPTION
00269 #define DECRYPTION_KEY_SCHEDULE
00270 #endif
00271 
00272 /*  4. ASSEMBLER SUPPORT
00273 
00274     This define (which can be on the command line) enables the use of the
00275     assembler code routines for encryption and decryption with the C code
00276     only providing key scheduling
00277 */
00278 #if 0
00279 #define AES_ASM
00280 #endif
00281 
00282 /*  5. BYTE ORDER WITHIN 32 BIT WORDS
00283 
00284     The fundamental data processing units in Rijndael are 8-bit bytes. The
00285     input, output and key input are all enumerated arrays of bytes in which
00286     bytes are numbered starting at zero and increasing to one less than the
00287     number of bytes in the array in question. This enumeration is only used
00288     for naming bytes and does not imply any adjacency or order relationship
00289     from one byte to another. When these inputs and outputs are considered
00290     as bit sequences, bits 8*n to 8*n+7 of the bit sequence are mapped to
00291     byte[n] with bit 8n+i in the sequence mapped to bit 7-i within the byte.
00292     In this implementation bits are numbered from 0 to 7 starting at the
00293     numerically least significant end of each byte (bit n represents 2^n).
00294 
00295     However, Rijndael can be implemented more efficiently using 32-bit
00296     words by packing bytes into words so that bytes 4*n to 4*n+3 are placed
00297     into word[n]. While in principle these bytes can be assembled into words
00298     in any positions, this implementation only supports the two formats in
00299     which bytes in adjacent positions within words also have adjacent byte
00300     numbers. This order is called big-endian if the lowest numbered bytes
00301     in words have the highest numeric significance and little-endian if the
00302     opposite applies.
00303 
00304     This code can work in either order irrespective of the order used by the
00305     machine on which it runs. Normally the internal byte order will be set
00306     to the order of the processor on which the code is to be run but this
00307     define can be used to reverse this in special situations
00308 
00309     NOTE: Assembler code versions rely on PLATFORM_BYTE_ORDER being set
00310 */
00311 #if 1 || defined(AES_ASM)
00312 #define INTERNAL_BYTE_ORDER PLATFORM_BYTE_ORDER
00313 #elif 0
00314 #define INTERNAL_BYTE_ORDER AES_LITTLE_ENDIAN
00315 #elif 0
00316 #define INTERNAL_BYTE_ORDER AES_BIG_ENDIAN
00317 #else
00318 #error The internal byte order is not defined
00319 #endif
00320 
00321 /*  6. FAST INPUT/OUTPUT OPERATIONS.
00322 
00323     On some machines it is possible to improve speed by transferring the
00324     bytes in the input and output arrays to and from the internal 32-bit
00325     variables by addressing these arrays as if they are arrays of 32-bit
00326     words.  On some machines this will always be possible but there may
00327     be a large performance penalty if the byte arrays are not aligned on
00328     the normal word boundaries. On other machines this technique will
00329     lead to memory access errors when such 32-bit word accesses are not
00330     properly aligned. The option SAFE_IO avoids such problems but will
00331     often be slower on those machines that support misaligned access
00332     (especially so if care is taken to align the input  and output byte
00333     arrays on 32-bit word boundaries). If SAFE_IO is not defined it is
00334     assumed that access to byte arrays as if they are arrays of 32-bit
00335     words will not cause problems when such accesses are misaligned.
00336 */
00337 #if 1 && !defined(_MSC_VER)
00338 #define SAFE_IO
00339 #endif
00340 
00341 /*  7. LOOP UNROLLING
00342 
00343     The code for encryption and decrytpion cycles through a number of rounds
00344     that can be implemented either in a loop or by expanding the code into a
00345     long sequence of instructions, the latter producing a larger program but
00346     one that will often be much faster. The latter is called loop unrolling.
00347     There are also potential speed advantages in expanding two iterations in
00348     a loop with half the number of iterations, which is called partial loop
00349     unrolling.  The following options allow partial or full loop unrolling
00350     to be set independently for encryption and decryption
00351 */
00352 #if 1
00353 #define ENC_UNROLL  FULL
00354 #elif 0
00355 #define ENC_UNROLL  PARTIAL
00356 #else
00357 #define ENC_UNROLL  NONE
00358 #endif
00359 
00360 #if 1
00361 #define DEC_UNROLL  FULL
00362 #elif 0
00363 #define DEC_UNROLL  PARTIAL
00364 #else
00365 #define DEC_UNROLL  NONE
00366 #endif
00367 
00368 /*  8. FAST FINITE FIELD OPERATIONS
00369 
00370     If this section is included, tables are used to provide faster finite
00371     field arithmetic (this has no effect if FIXED_TABLES is defined).
00372 */
00373 #if 1
00374 #define FF_TABLES
00375 #endif
00376 
00377 /*  9. INTERNAL STATE VARIABLE FORMAT
00378 
00379     The internal state of Rijndael is stored in a number of local 32-bit
00380     word varaibles which can be defined either as an array or as individual
00381     names variables. Include this section if you want to store these local
00382     varaibles in arrays. Otherwise individual local variables will be used.
00383 */
00384 #if 1
00385 #define ARRAYS
00386 #endif
00387 
00388 /* In this implementation the columns of the state array are each held in
00389    32-bit words. The state array can be held in various ways: in an array
00390    of words, in a number of individual word variables or in a number of
00391    processor registers. The following define maps a variable name x and
00392    a column number c to the way the state array variable is to be held.
00393    The first define below maps the state into an array x[c] whereas the
00394    second form maps the state into a number of individual variables x0,
00395    x1, etc.  Another form could map individual state colums to machine
00396    register names.
00397 */
00398 
00399 #if defined(ARRAYS)
00400 #define s(x,c) x[c]
00401 #else
00402 #define s(x,c) x##c
00403 #endif
00404 
00405 /*  10. FIXED OR DYNAMIC TABLES
00406 
00407     When this section is included the tables used by the code are compiled
00408     statically into the binary file.  Otherwise the subroutine gen_tabs()
00409     must be called to compute them before the code is first used.
00410 */
00411 #if 1
00412 #define FIXED_TABLES
00413 #endif
00414 
00415 /*  11. INTERNAL TABLE CONFIGURATION
00416 
00417     This cipher proceeds by repeating in a number of cycles known as 'rounds'
00418     which are implemented by a round function which can optionally be speeded
00419     up using tables.  The basic tables are each 256 32-bit words, with either
00420     one or four tables being required for each round function depending on
00421     how much speed is required. The encryption and decryption round functions
00422     are different and the last encryption and decrytpion round functions are
00423     different again making four different round functions in all.
00424 
00425     This means that:
00426       1. Normal encryption and decryption rounds can each use either 0, 1
00427          or 4 tables and table spaces of 0, 1024 or 4096 bytes each.
00428       2. The last encryption and decryption rounds can also use either 0, 1
00429          or 4 tables and table spaces of 0, 1024 or 4096 bytes each.
00430 
00431     Include or exclude the appropriate definitions below to set the number
00432     of tables used by this implementation.
00433 */
00434 
00435 #if 1   /* set tables for the normal encryption round */
00436 #define ENC_ROUND   FOUR_TABLES
00437 #elif 0
00438 #define ENC_ROUND   ONE_TABLE
00439 #else
00440 #define ENC_ROUND   NO_TABLES
00441 #endif
00442 
00443 #if 1   /* set tables for the last encryption round */
00444 #define LAST_ENC_ROUND  FOUR_TABLES
00445 #elif 0
00446 #define LAST_ENC_ROUND  ONE_TABLE
00447 #else
00448 #define LAST_ENC_ROUND  NO_TABLES
00449 #endif
00450 
00451 #if 1   /* set tables for the normal decryption round */
00452 #define DEC_ROUND   FOUR_TABLES
00453 #elif 0
00454 #define DEC_ROUND   ONE_TABLE
00455 #else
00456 #define DEC_ROUND   NO_TABLES
00457 #endif
00458 
00459 #if 1   /* set tables for the last decryption round */
00460 #define LAST_DEC_ROUND  FOUR_TABLES
00461 #elif 0
00462 #define LAST_DEC_ROUND  ONE_TABLE
00463 #else
00464 #define LAST_DEC_ROUND  NO_TABLES
00465 #endif
00466 
00467 /*  The decryption key schedule can be speeded up with tables in the same
00468     way that the round functions can.  Include or exclude the following
00469     defines to set this requirement.
00470 */
00471 #if 1
00472 #define KEY_SCHED   FOUR_TABLES
00473 #elif 0
00474 #define KEY_SCHED   ONE_TABLE
00475 #else
00476 #define KEY_SCHED   NO_TABLES
00477 #endif
00478 
00479 /* END OF CONFIGURATION OPTIONS */
00480 
00481 #define RC_LENGTH   (5 * (AES_BLOCK_SIZE / 4 - 2))
00482 
00483 /* Disable at least some poor combinations of options */
00484 
00485 #if ENC_ROUND == NO_TABLES && LAST_ENC_ROUND != NO_TABLES
00486 #undef  LAST_ENC_ROUND
00487 #define LAST_ENC_ROUND  NO_TABLES
00488 #elif ENC_ROUND == ONE_TABLE && LAST_ENC_ROUND == FOUR_TABLES
00489 #undef  LAST_ENC_ROUND
00490 #define LAST_ENC_ROUND  ONE_TABLE
00491 #endif
00492 
00493 #if ENC_ROUND == NO_TABLES && ENC_UNROLL != NONE
00494 #undef  ENC_UNROLL
00495 #define ENC_UNROLL  NONE
00496 #endif
00497 
00498 #if DEC_ROUND == NO_TABLES && LAST_DEC_ROUND != NO_TABLES
00499 #undef  LAST_DEC_ROUND
00500 #define LAST_DEC_ROUND  NO_TABLES
00501 #elif DEC_ROUND == ONE_TABLE && LAST_DEC_ROUND == FOUR_TABLES
00502 #undef  LAST_DEC_ROUND
00503 #define LAST_DEC_ROUND  ONE_TABLE
00504 #endif
00505 
00506 #if DEC_ROUND == NO_TABLES && DEC_UNROLL != NONE
00507 #undef  DEC_UNROLL
00508 #define DEC_UNROLL  NONE
00509 #endif
00510 
00511 /*  upr(x,n):  rotates bytes within words by n positions, moving bytes to
00512                higher index positions with wrap around into low positions
00513     ups(x,n):  moves bytes by n positions to higher index positions in
00514                words but without wrap around
00515     bval(x,n): extracts a byte from a word
00516 
00517     NOTE:      The definitions given here are intended only for use with
00518                unsigned variables and with shift counts that are compile
00519                time constants
00520 */
00521 
00522 #if (INTERNAL_BYTE_ORDER == AES_LITTLE_ENDIAN)
00523 #define upr(x,n)        (((aes_32t)(x) << (8 * (n))) | ((aes_32t)(x) >> (32 - 8 * (n))))
00524 #define ups(x,n)        ((aes_32t) (x) << (8 * (n)))
00525 #define bval(x,n)       ((aes_08t)((x) >> (8 * (n))))
00526 #define bytes2word(b0, b1, b2, b3)  \
00527         (((aes_32t)(b3) << 24) | ((aes_32t)(b2) << 16) | ((aes_32t)(b1) << 8) | (b0))
00528 #endif
00529 
00530 #if (INTERNAL_BYTE_ORDER == AES_BIG_ENDIAN)
00531 #define upr(x,n)        (((aes_32t)(x) >> (8 * (n))) | ((aes_32t)(x) << (32 - 8 * (n))))
00532 #define ups(x,n)        ((aes_32t) (x) >> (8 * (n))))
00533 #define bval(x,n)       ((aes_08t)((x) >> (24 - 8 * (n))))
00534 #define bytes2word(b0, b1, b2, b3)  \
00535         (((aes_32t)(b0) << 24) | ((aes_32t)(b1) << 16) | ((aes_32t)(b2) << 8) | (b3))
00536 #endif
00537 
00538 #if defined(SAFE_IO)
00539 
00540 #define word_in(x,c)    bytes2word(((aes_08t*)(x)+4*c)[0], ((aes_08t*)(x)+4*c)[1], \
00541                                    ((aes_08t*)(x)+4*c)[2], ((aes_08t*)(x)+4*c)[3])
00542 #define word_out(x,c,v) { ((aes_08t*)(x)+4*c)[0] = bval(v,0); ((aes_08t*)(x)+4*c)[1] = bval(v,1); \
00543                           ((aes_08t*)(x)+4*c)[2] = bval(v,2); ((aes_08t*)(x)+4*c)[3] = bval(v,3); }
00544 
00545 #elif (INTERNAL_BYTE_ORDER == PLATFORM_BYTE_ORDER)
00546 
00547 #define word_in(x,c)    (*((aes_32t*)(x)+(c)))
00548 #define word_out(x,c,v) (*((aes_32t*)(x)+(c)) = (v))
00549 
00550 #else
00551 
00552 #if defined(bswap32)
00553 #define bsw_32   bswap32
00554 #elif defined(bswap_32)
00555 #define bsw_32   bswap_32
00556 #else
00557 #define brot(x,n)   (((aes_32t)(x) <<  n) | ((aes_32t)(x) >> (32 - n)))
00558 #define bsw_32(x)   ((brot((x),8) & 0x00ff00ff) | (brot((x),24) & 0xff00ff00))
00559 #endif
00560 
00561 #define word_in(x,c)    bsw_32(*((aes_32t*)(x)+(c)))
00562 #define word_out(x,c,v) (*((aes_32t*)(x)+(c)) = bsw_32(v))
00563 
00564 #endif
00565 
00566 /* the finite field modular polynomial and elements */
00567 
00568 #define WPOLY   0x011b
00569 #define BPOLY     0x1b
00570 
00571 /* multiply four bytes in GF(2^8) by 'x' {02} in parallel */
00572 
00573 #define m1  0x80808080
00574 #define m2  0x7f7f7f7f
00575 #define gf_mulx(x)  ((((x) & m2) << 1) ^ ((((x) & m1) >> 7) * BPOLY))
00576 
00577 /* The following defines provide alternative definitions of gf_mulx that might
00578    give improved performance if a fast 32-bit multiply is not available. Note
00579    that a temporary variable u needs to be defined where gf_mulx is used.
00580 
00581 #define gf_mulx(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6))
00582 #define m4  (0x01010101 * BPOLY)
00583 #define gf_mulx(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4)
00584 */
00585 
00586 /* Work out which tables are needed for the different options   */
00587 
00588 #ifdef  AES_ASM
00589 #ifdef  ENC_ROUND
00590 #undef  ENC_ROUND
00591 #endif
00592 #define ENC_ROUND   FOUR_TABLES
00593 #ifdef  LAST_ENC_ROUND
00594 #undef  LAST_ENC_ROUND
00595 #endif
00596 #define LAST_ENC_ROUND  FOUR_TABLES
00597 #ifdef  DEC_ROUND
00598 #undef  DEC_ROUND
00599 #endif
00600 #define DEC_ROUND   FOUR_TABLES
00601 #ifdef  LAST_DEC_ROUND
00602 #undef  LAST_DEC_ROUND
00603 #endif
00604 #define LAST_DEC_ROUND  FOUR_TABLES
00605 #ifdef  KEY_SCHED
00606 #undef  KEY_SCHED
00607 #define KEY_SCHED   FOUR_TABLES
00608 #endif
00609 #endif
00610 
00611 #if defined(ENCRYPTION) || defined(AES_ASM)
00612 #if ENC_ROUND == ONE_TABLE
00613 #define FT1_SET
00614 #elif ENC_ROUND == FOUR_TABLES
00615 #define FT4_SET
00616 #else
00617 #define SBX_SET
00618 #endif
00619 #if LAST_ENC_ROUND == ONE_TABLE
00620 #define FL1_SET
00621 #elif LAST_ENC_ROUND == FOUR_TABLES
00622 #define FL4_SET
00623 #elif !defined(SBX_SET)
00624 #define SBX_SET
00625 #endif
00626 #endif
00627 
00628 #if defined(DECRYPTION) || defined(AES_ASM)
00629 #if DEC_ROUND == ONE_TABLE
00630 #define IT1_SET
00631 #elif DEC_ROUND == FOUR_TABLES
00632 #define IT4_SET
00633 #else
00634 #define ISB_SET
00635 #endif
00636 #if LAST_DEC_ROUND == ONE_TABLE
00637 #define IL1_SET
00638 #elif LAST_DEC_ROUND == FOUR_TABLES
00639 #define IL4_SET
00640 #elif !defined(ISB_SET)
00641 #define ISB_SET
00642 #endif
00643 #endif
00644 
00645 #if defined(ENCRYPTION_KEY_SCHEDULE) || defined(DECRYPTION_KEY_SCHEDULE)
00646 #if KEY_SCHED == ONE_TABLE
00647 #define LS1_SET
00648 #define IM1_SET
00649 #elif KEY_SCHED == FOUR_TABLES
00650 #define LS4_SET
00651 #define IM4_SET
00652 #elif !defined(SBX_SET)
00653 #define SBX_SET
00654 #endif
00655 #endif
00656 
00657 /*  If there are no global variables, the AES tables are placed in
00658     a structure and a pointer is added to the AES context. If this
00659     facility is used, the calling program has to ensure that this
00660     pointer is managed appropriately. In particular, the value of
00661     the t_dec(in,it) item in the table structure must be set to zero
00662     in order to ensure that the tables are initialised. In practice
00663     the three code sequences in aeskey.c that control the calls to
00664     gen_tabs() and the gen_tabs() routine itself will require some
00665     changes for a specific implementation. If global variables are
00666     available it will generally be preferable to use them with the
00667     precomputed FIXED_TABLES option that uses static global tables.
00668 
00669     The following defines can be used to control the way the tables
00670     are defined, initialised and used in embedded environments that
00671     require special features for these purposes
00672 
00673     the 't_dec' construction is used to declare fixed table arrays
00674     the 't_set' construction is used to set fixed table values
00675     the 't_use' construction is used to access fixed table values
00676 
00677     256 byte tables:
00678 
00679         t_xxx(s,box)    => forward S box
00680         t_xxx(i,box)    => inverse S box
00681 
00682     256 32-bit word OR 4 x 256 32-bit word tables:
00683 
00684         t_xxx(f,n)      => forward normal round
00685         t_xxx(f,l)      => forward last round
00686         t_xxx(i,n)      => inverse normal round
00687         t_xxx(i,l)      => inverse last round
00688         t_xxx(l,s)      => key schedule table
00689         t_xxx(i,m)      => key schedule table
00690 
00691     Other variables and tables:
00692 
00693         t_xxx(r,c)      => the rcon table
00694 */
00695 
00696 #define t_dec(m,n) t_##m##n
00697 #define t_set(m,n) t_##m##n
00698 #define t_use(m,n) t_##m##n
00699 
00700 #if defined(DO_TABLES)  /* declare and instantiate tables   */
00701 
00702 /*  finite field arithmetic operations for table generation */
00703 
00704 #if defined(FIXED_TABLES) || !defined(FF_TABLES)
00705 
00706 #define f2(x)   ((x<<1) ^ (((x>>7) & 1) * WPOLY))
00707 #define f4(x)   ((x<<2) ^ (((x>>6) & 1) * WPOLY) ^ (((x>>6) & 2) * WPOLY))
00708 #define f8(x)   ((x<<3) ^ (((x>>5) & 1) * WPOLY) ^ (((x>>5) & 2) * WPOLY) \
00709                         ^ (((x>>5) & 4) * WPOLY))
00710 #define f3(x)   (f2(x) ^ x)
00711 #define f9(x)   (f8(x) ^ x)
00712 #define fb(x)   (f8(x) ^ f2(x) ^ x)
00713 #define fd(x)   (f8(x) ^ f4(x) ^ x)
00714 #define fe(x)   (f8(x) ^ f4(x) ^ f2(x))
00715 
00716 #else
00717 
00718 #define f2(x) ((x) ? pow[log[x] + 0x19] : 0)
00719 #define f3(x) ((x) ? pow[log[x] + 0x01] : 0)
00720 #define f9(x) ((x) ? pow[log[x] + 0xc7] : 0)
00721 #define fb(x) ((x) ? pow[log[x] + 0x68] : 0)
00722 #define fd(x) ((x) ? pow[log[x] + 0xee] : 0)
00723 #define fe(x) ((x) ? pow[log[x] + 0xdf] : 0)
00724 #define fi(x) ((x) ? pow[ 255 - log[x]] : 0)
00725 
00726 #endif
00727 
00728 #if defined(FIXED_TABLES)   /* declare and set values for static tables */
00729 
00730 #define sb_data(w) \
00731     w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\
00732     w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\
00733     w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\
00734     w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\
00735     w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\
00736     w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\
00737     w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\
00738     w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\
00739     w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\
00740     w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\
00741     w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\
00742     w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\
00743     w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\
00744     w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\
00745     w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\
00746     w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\
00747     w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\
00748     w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\
00749     w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\
00750     w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\
00751     w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\
00752     w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\
00753     w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\
00754     w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\
00755     w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\
00756     w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\
00757     w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\
00758     w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\
00759     w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\
00760     w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\
00761     w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\
00762     w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16)
00763 
00764 #define isb_data(w) \
00765     w(0x52), w(0x09), w(0x6a), w(0xd5), w(0x30), w(0x36), w(0xa5), w(0x38),\
00766     w(0xbf), w(0x40), w(0xa3), w(0x9e), w(0x81), w(0xf3), w(0xd7), w(0xfb),\
00767     w(0x7c), w(0xe3), w(0x39), w(0x82), w(0x9b), w(0x2f), w(0xff), w(0x87),\
00768     w(0x34), w(0x8e), w(0x43), w(0x44), w(0xc4), w(0xde), w(0xe9), w(0xcb),\
00769     w(0x54), w(0x7b), w(0x94), w(0x32), w(0xa6), w(0xc2), w(0x23), w(0x3d),\
00770     w(0xee), w(0x4c), w(0x95), w(0x0b), w(0x42), w(0xfa), w(0xc3), w(0x4e),\
00771     w(0x08), w(0x2e), w(0xa1), w(0x66), w(0x28), w(0xd9), w(0x24), w(0xb2),\
00772     w(0x76), w(0x5b), w(0xa2), w(0x49), w(0x6d), w(0x8b), w(0xd1), w(0x25),\
00773     w(0x72), w(0xf8), w(0xf6), w(0x64), w(0x86), w(0x68), w(0x98), w(0x16),\
00774     w(0xd4), w(0xa4), w(0x5c), w(0xcc), w(0x5d), w(0x65), w(0xb6), w(0x92),\
00775     w(0x6c), w(0x70), w(0x48), w(0x50), w(0xfd), w(0xed), w(0xb9), w(0xda),\
00776     w(0x5e), w(0x15), w(0x46), w(0x57), w(0xa7), w(0x8d), w(0x9d), w(0x84),\
00777     w(0x90), w(0xd8), w(0xab), w(0x00), w(0x8c), w(0xbc), w(0xd3), w(0x0a),\
00778     w(0xf7), w(0xe4), w(0x58), w(0x05), w(0xb8), w(0xb3), w(0x45), w(0x06),\
00779     w(0xd0), w(0x2c), w(0x1e), w(0x8f), w(0xca), w(0x3f), w(0x0f), w(0x02),\
00780     w(0xc1), w(0xaf), w(0xbd), w(0x03), w(0x01), w(0x13), w(0x8a), w(0x6b),\
00781     w(0x3a), w(0x91), w(0x11), w(0x41), w(0x4f), w(0x67), w(0xdc), w(0xea),\
00782     w(0x97), w(0xf2), w(0xcf), w(0xce), w(0xf0), w(0xb4), w(0xe6), w(0x73),\
00783     w(0x96), w(0xac), w(0x74), w(0x22), w(0xe7), w(0xad), w(0x35), w(0x85),\
00784     w(0xe2), w(0xf9), w(0x37), w(0xe8), w(0x1c), w(0x75), w(0xdf), w(0x6e),\
00785     w(0x47), w(0xf1), w(0x1a), w(0x71), w(0x1d), w(0x29), w(0xc5), w(0x89),\
00786     w(0x6f), w(0xb7), w(0x62), w(0x0e), w(0xaa), w(0x18), w(0xbe), w(0x1b),\
00787     w(0xfc), w(0x56), w(0x3e), w(0x4b), w(0xc6), w(0xd2), w(0x79), w(0x20),\
00788     w(0x9a), w(0xdb), w(0xc0), w(0xfe), w(0x78), w(0xcd), w(0x5a), w(0xf4),\
00789     w(0x1f), w(0xdd), w(0xa8), w(0x33), w(0x88), w(0x07), w(0xc7), w(0x31),\
00790     w(0xb1), w(0x12), w(0x10), w(0x59), w(0x27), w(0x80), w(0xec), w(0x5f),\
00791     w(0x60), w(0x51), w(0x7f), w(0xa9), w(0x19), w(0xb5), w(0x4a), w(0x0d),\
00792     w(0x2d), w(0xe5), w(0x7a), w(0x9f), w(0x93), w(0xc9), w(0x9c), w(0xef),\
00793     w(0xa0), w(0xe0), w(0x3b), w(0x4d), w(0xae), w(0x2a), w(0xf5), w(0xb0),\
00794     w(0xc8), w(0xeb), w(0xbb), w(0x3c), w(0x83), w(0x53), w(0x99), w(0x61),\
00795     w(0x17), w(0x2b), w(0x04), w(0x7e), w(0xba), w(0x77), w(0xd6), w(0x26),\
00796     w(0xe1), w(0x69), w(0x14), w(0x63), w(0x55), w(0x21), w(0x0c), w(0x7d),
00797 
00798 #define mm_data(w) \
00799     w(0x00), w(0x01), w(0x02), w(0x03), w(0x04), w(0x05), w(0x06), w(0x07),\
00800     w(0x08), w(0x09), w(0x0a), w(0x0b), w(0x0c), w(0x0d), w(0x0e), w(0x0f),\
00801     w(0x10), w(0x11), w(0x12), w(0x13), w(0x14), w(0x15), w(0x16), w(0x17),\
00802     w(0x18), w(0x19), w(0x1a), w(0x1b), w(0x1c), w(0x1d), w(0x1e), w(0x1f),\
00803     w(0x20), w(0x21), w(0x22), w(0x23), w(0x24), w(0x25), w(0x26), w(0x27),\
00804     w(0x28), w(0x29), w(0x2a), w(0x2b), w(0x2c), w(0x2d), w(0x2e), w(0x2f),\
00805     w(0x30), w(0x31), w(0x32), w(0x33), w(0x34), w(0x35), w(0x36), w(0x37),\
00806     w(0x38), w(0x39), w(0x3a), w(0x3b), w(0x3c), w(0x3d), w(0x3e), w(0x3f),\
00807     w(0x40), w(0x41), w(0x42), w(0x43), w(0x44), w(0x45), w(0x46), w(0x47),\
00808     w(0x48), w(0x49), w(0x4a), w(0x4b), w(0x4c), w(0x4d), w(0x4e), w(0x4f),\
00809     w(0x50), w(0x51), w(0x52), w(0x53), w(0x54), w(0x55), w(0x56), w(0x57),\
00810     w(0x58), w(0x59), w(0x5a), w(0x5b), w(0x5c), w(0x5d), w(0x5e), w(0x5f),\
00811     w(0x60), w(0x61), w(0x62), w(0x63), w(0x64), w(0x65), w(0x66), w(0x67),\
00812     w(0x68), w(0x69), w(0x6a), w(0x6b), w(0x6c), w(0x6d), w(0x6e), w(0x6f),\
00813     w(0x70), w(0x71), w(0x72), w(0x73), w(0x74), w(0x75), w(0x76), w(0x77),\
00814     w(0x78), w(0x79), w(0x7a), w(0x7b), w(0x7c), w(0x7d), w(0x7e), w(0x7f),\
00815     w(0x80), w(0x81), w(0x82), w(0x83), w(0x84), w(0x85), w(0x86), w(0x87),\
00816     w(0x88), w(0x89), w(0x8a), w(0x8b), w(0x8c), w(0x8d), w(0x8e), w(0x8f),\
00817     w(0x90), w(0x91), w(0x92), w(0x93), w(0x94), w(0x95), w(0x96), w(0x97),\
00818     w(0x98), w(0x99), w(0x9a), w(0x9b), w(0x9c), w(0x9d), w(0x9e), w(0x9f),\
00819     w(0xa0), w(0xa1), w(0xa2), w(0xa3), w(0xa4), w(0xa5), w(0xa6), w(0xa7),\
00820     w(0xa8), w(0xa9), w(0xaa), w(0xab), w(0xac), w(0xad), w(0xae), w(0xaf),\
00821     w(0xb0), w(0xb1), w(0xb2), w(0xb3), w(0xb4), w(0xb5), w(0xb6), w(0xb7),\
00822     w(0xb8), w(0xb9), w(0xba), w(0xbb), w(0xbc), w(0xbd), w(0xbe), w(0xbf),\
00823     w(0xc0), w(0xc1), w(0xc2), w(0xc3), w(0xc4), w(0xc5), w(0xc6), w(0xc7),\
00824     w(0xc8), w(0xc9), w(0xca), w(0xcb), w(0xcc), w(0xcd), w(0xce), w(0xcf),\
00825     w(0xd0), w(0xd1), w(0xd2), w(0xd3), w(0xd4), w(0xd5), w(0xd6), w(0xd7),\
00826     w(0xd8), w(0xd9), w(0xda), w(0xdb), w(0xdc), w(0xdd), w(0xde), w(0xdf),\
00827     w(0xe0), w(0xe1), w(0xe2), w(0xe3), w(0xe4), w(0xe5), w(0xe6), w(0xe7),\
00828     w(0xe8), w(0xe9), w(0xea), w(0xeb), w(0xec), w(0xed), w(0xee), w(0xef),\
00829     w(0xf0), w(0xf1), w(0xf2), w(0xf3), w(0xf4), w(0xf5), w(0xf6), w(0xf7),\
00830     w(0xf8), w(0xf9), w(0xfa), w(0xfb), w(0xfc), w(0xfd), w(0xfe), w(0xff)
00831 
00832 #define h0(x)   (x)
00833 
00834 /*  These defines are used to ensure tables are generated in the
00835     right format depending on the internal byte order required
00836 */
00837 
00838 #define w0(p)   bytes2word(p, 0, 0, 0)
00839 #define w1(p)   bytes2word(0, p, 0, 0)
00840 #define w2(p)   bytes2word(0, 0, p, 0)
00841 #define w3(p)   bytes2word(0, 0, 0, p)
00842 
00843 #define u0(p)   bytes2word(f2(p), p, p, f3(p))
00844 #define u1(p)   bytes2word(f3(p), f2(p), p, p)
00845 #define u2(p)   bytes2word(p, f3(p), f2(p), p)
00846 #define u3(p)   bytes2word(p, p, f3(p), f2(p))
00847 
00848 #define v0(p)   bytes2word(fe(p), f9(p), fd(p), fb(p))
00849 #define v1(p)   bytes2word(fb(p), fe(p), f9(p), fd(p))
00850 #define v2(p)   bytes2word(fd(p), fb(p), fe(p), f9(p))
00851 #define v3(p)   bytes2word(f9(p), fd(p), fb(p), fe(p))
00852 
00853 const aes_32t t_dec(r,c)[RC_LENGTH] =
00854 {
00855     w0(0x01), w0(0x02), w0(0x04), w0(0x08), w0(0x10),
00856     w0(0x20), w0(0x40), w0(0x80), w0(0x1b), w0(0x36)
00857 };
00858 
00859 #define d_1(t,n,b,v) const t n[256]    =   { b(v##0) }
00860 #define d_4(t,n,b,v) const t n[4][256] = { { b(v##0) }, { b(v##1) }, { b(v##2) }, { b(v##3) } }
00861 
00862 #else   /* declare and instantiate tables for dynamic value generation in in tab.c  */
00863 
00864 aes_32t t_dec(r,c)[RC_LENGTH];
00865 
00866 #define d_1(t,n,b,v) t  n[256]
00867 #define d_4(t,n,b,v) t  n[4][256]
00868 
00869 #endif
00870 
00871 #else   /* declare tables without instantiation */
00872 
00873 #if defined(FIXED_TABLES)
00874 
00875 extern const aes_32t t_dec(r,c)[RC_LENGTH];
00876 
00877 #define d_1(t,n,b,v) extern const t  n[256]
00878 #define d_4(t,n,b,v) extern const t  n[4][256]
00879 
00880 #else
00881 
00882 extern aes_32t t_dec(r,c)[RC_LENGTH];
00883 
00884 #define d_1(t,n,b,v) extern t  n[256]
00885 #define d_4(t,n,b,v) extern t  n[4][256]
00886 
00887 #endif
00888 
00889 #endif
00890 
00891 #ifdef  SBX_SET
00892     d_1(aes_08t, t_dec(s,box), sb_data, h);
00893 #endif
00894 #ifdef  ISB_SET
00895     d_1(aes_08t, t_dec(i,box), isb_data, h);
00896 #endif
00897 
00898 #ifdef  FT1_SET
00899     d_1(aes_32t, t_dec(f,n), sb_data, u);
00900 #endif
00901 #ifdef  FT4_SET
00902     d_4(aes_32t, t_dec(f,n), sb_data, u);
00903 #endif
00904 
00905 #ifdef  FL1_SET
00906     d_1(aes_32t, t_dec(f,l), sb_data, w);
00907 #endif
00908 #ifdef  FL4_SET
00909     d_4(aes_32t, t_dec(f,l), sb_data, w);
00910 #endif
00911 
00912 #ifdef  IT1_SET
00913     d_1(aes_32t, t_dec(i,n), isb_data, v);
00914 #endif
00915 #ifdef  IT4_SET
00916     d_4(aes_32t, t_dec(i,n), isb_data, v);
00917 #endif
00918 
00919 #ifdef  IL1_SET
00920     d_1(aes_32t, t_dec(i,l), isb_data, w);
00921 #endif
00922 #ifdef  IL4_SET
00923     d_4(aes_32t, t_dec(i,l), isb_data, w);
00924 #endif
00925 
00926 #ifdef  LS1_SET
00927 #ifdef  FL1_SET
00928 #undef  LS1_SET
00929 #else
00930     d_1(aes_32t, t_dec(l,s), sb_data, w);
00931 #endif
00932 #endif
00933 
00934 #ifdef  LS4_SET
00935 #ifdef  FL4_SET
00936 #undef  LS4_SET
00937 #else
00938     d_4(aes_32t, t_dec(l,s), sb_data, w);
00939 #endif
00940 #endif
00941 
00942 #ifdef  IM1_SET
00943     d_1(aes_32t, t_dec(i,m), mm_data, v);
00944 #endif
00945 #ifdef  IM4_SET
00946     d_4(aes_32t, t_dec(i,m), mm_data, v);
00947 #endif
00948 
00949 /* generic definitions of Rijndael macros that use tables    */
00950 
00951 #define no_table(x,box,vf,rf,c) bytes2word( \
00952     box[bval(vf(x,0,c),rf(0,c))], \
00953     box[bval(vf(x,1,c),rf(1,c))], \
00954     box[bval(vf(x,2,c),rf(2,c))], \
00955     box[bval(vf(x,3,c),rf(3,c))])
00956 
00957 #define one_table(x,op,tab,vf,rf,c) \
00958  (     tab[bval(vf(x,0,c),rf(0,c))] \
00959   ^ op(tab[bval(vf(x,1,c),rf(1,c))],1) \
00960   ^ op(tab[bval(vf(x,2,c),rf(2,c))],2) \
00961   ^ op(tab[bval(vf(x,3,c),rf(3,c))],3))
00962 
00963 #define four_tables(x,tab,vf,rf,c) \
00964  (  tab[0][bval(vf(x,0,c),rf(0,c))] \
00965   ^ tab[1][bval(vf(x,1,c),rf(1,c))] \
00966   ^ tab[2][bval(vf(x,2,c),rf(2,c))] \
00967   ^ tab[3][bval(vf(x,3,c),rf(3,c))])
00968 
00969 #define vf1(x,r,c)  (x)
00970 #define rf1(r,c)    (r)
00971 #define rf2(r,c)    ((8+r-c)&3)
00972 
00973 /* perform forward and inverse column mix operation on four bytes in long word x in */
00974 /* parallel. NOTE: x must be a simple variable, NOT an expression in these macros.  */
00975 
00976 #if defined(FM4_SET)    /* not currently used */
00977 #define fwd_mcol(x)     four_tables(x,t_use(f,m),vf1,rf1,0)
00978 #elif defined(FM1_SET)  /* not currently used */
00979 #define fwd_mcol(x)     one_table(x,upr,t_use(f,m),vf1,rf1,0)
00980 #else
00981 #define dec_fmvars      aes_32t g2
00982 #define fwd_mcol(x)     (g2 = gf_mulx(x), g2 ^ upr((x) ^ g2, 3) ^ upr((x), 2) ^ upr((x), 1))
00983 #endif
00984 
00985 #if defined(IM4_SET)
00986 #define inv_mcol(x)     four_tables(x,t_use(i,m),vf1,rf1,0)
00987 #elif defined(IM1_SET)
00988 #define inv_mcol(x)     one_table(x,upr,t_use(i,m),vf1,rf1,0)
00989 #else
00990 #define dec_imvars      aes_32t g2, g4, g9
00991 #define inv_mcol(x)     (g2 = gf_mulx(x), g4 = gf_mulx(g2), g9 = (x) ^ gf_mulx(g4), g4 ^= g9, \
00992                         (x) ^ g2 ^ g4 ^ upr(g2 ^ g9, 3) ^ upr(g4, 2) ^ upr(g9, 1))
00993 #endif
00994 
00995 #if defined(FL4_SET)
00996 #define ls_box(x,c)     four_tables(x,t_use(f,l),vf1,rf2,c)
00997 #elif   defined(LS4_SET)
00998 #define ls_box(x,c)     four_tables(x,t_use(l,s),vf1,rf2,c)
00999 #elif defined(FL1_SET)
01000 #define ls_box(x,c)     one_table(x,upr,t_use(f,l),vf1,rf2,c)
01001 #elif defined(LS1_SET)
01002 #define ls_box(x,c)     one_table(x,upr,t_use(l,s),vf1,rf2,c)
01003 #else
01004 #define ls_box(x,c)     no_table(x,t_use(s,box),vf1,rf2,c)
01005 #endif
01006 
01007 #if defined(__cplusplus)
01008 }
01009 #endif
01010 
01011 #endif

Generated on Tue Dec 11 17:58:48 2007 for AWDS by  doxygen 1.5.3-20071008