diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bef1c1187..0921c72dd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -68,6 +68,33 @@ jobs: - name: Display java version run: java -version + # ------------------------------------------------------------------ + # Android SDK + NDK (Set NDK to at least 28 to support 16kb page size) + # ------------------------------------------------------------------ + - name: Setup Android SDK & NDK + uses: android-actions/setup-android@v3 + with: + packages: | + platforms;android-35 + build-tools;35.0.0 + ndk;28.2.13676358 + + - name: Export NDK environment + shell: bash + run: | + echo "ANDROID_NDK_ROOT=$ANDROID_SDK_ROOT/ndk/28.2.13676358" >> $GITHUB_ENV + echo "ANDROID_NDK_HOME=$ANDROID_SDK_ROOT/ndk/28.2.13676358" >> $GITHUB_ENV + + - name: Verify NDK + shell: bash + run: | + echo "NDK root: $ANDROID_NDK_ROOT" + ls "$ANDROID_NDK_ROOT" + "$ANDROID_NDK_ROOT/ndk-build.cmd" --version + + # ------------------------------------------------------------------ + # Native / Java build + # ------------------------------------------------------------------ - name: Build native dependencies shell: cmd run: | @@ -89,27 +116,13 @@ jobs: dotnet workload restore cd ../.. - - name: List apks - run: find . -type f -name "*.apk" - shell: bash - - - name: Select the manifest run: | make manifestlink Flavor=${{ matrix.flavor }} - - - name: List apks - run: find . -type f -name "*.apk" - shell: bash - - name: Install NuGet dependencies run: make nuget Flavor=${{ matrix.flavor }} - - name: List apks - run: find . -type f -name "*.apk" - shell: bash - - name: Build APK (net) env: KeyStore: "${{ github.workspace }}/kp2a.keystore" @@ -119,14 +132,9 @@ jobs: DropboxAppSecret: ${{ secrets.DROPBOX_APP_SECRET }} DropboxAppFolderAppKey: ${{ secrets.DROPBOX_APP_FOLDER_APP_KEY }} DropboxAppFolderAppSecret: ${{ secrets.DROPBOX_APP_FOLDER_APP_SECRET }} - run: | make ${{ matrix.target }} Configuration=Release Flavor=${{ matrix.flavor }} - - - name: List apks - run: find . -type f -name "*.apk" - shell: bash - + - name: Archive production artifacts uses: actions/upload-artifact@v4 with: @@ -135,10 +143,6 @@ jobs: path: | src/keepass2android-app/bin/Release/net9.0-android/publish/*.apk src/keepass2android-app/bin/Release/net9.0-android/*/publish/*.apk - - - name: List apks - run: find . -type f -name "*.apk" - shell: bash - name: Rename apks # after updating to .net9, the naming scheme of the output apks has changed. rename them to the old scheme @@ -151,10 +155,6 @@ jobs: mv "$apk" "$(dirname "$apk")/${base}-${arch#android-}.apk" done shell: bash - - - name: List apks - run: find . -type f -name "*.apk" - shell: bash - name: Upload APK to GitHub Release uses: softprops/action-gh-release@v2 diff --git a/src/java/KP2AKdbLibrary/app/build.gradle b/src/java/KP2AKdbLibrary/app/build.gradle index 374a3e9dd..f66f9c14b 100644 --- a/src/java/KP2AKdbLibrary/app/build.gradle +++ b/src/java/KP2AKdbLibrary/app/build.gradle @@ -4,14 +4,18 @@ android { namespace 'keepass2android.kp2akeytransform' + // Explicit NDK version used for ndk-build + ndkVersion "28.2.13676358" + compileSdk 34 defaultConfig { - ndk.abiFilters 'armeabi-v7a','arm64-v8a','x86','x86_64' minSdkVersion 21 targetSdkVersion 34 - compileSdk 34 + ndk { + abiFilters 'armeabi-v7a', 'arm64-v8a', 'x86', 'x86_64' + } } buildTypes { diff --git a/src/java/KP2ASoftkeyboard_AS/app/build.gradle b/src/java/KP2ASoftkeyboard_AS/app/build.gradle index 36afd0085..2de928143 100644 --- a/src/java/KP2ASoftkeyboard_AS/app/build.gradle +++ b/src/java/KP2ASoftkeyboard_AS/app/build.gradle @@ -3,7 +3,7 @@ android { namespace 'keepass2android.softkeyboard' - + ndkVersion "28.2.13676358" defaultConfig { minSdkVersion 21 diff --git a/src/java/kp2akeytransform/.classpath b/src/java/kp2akeytransform/.classpath deleted file mode 100644 index 51769745b..000000000 --- a/src/java/kp2akeytransform/.classpath +++ /dev/null @@ -1,9 +0,0 @@ - - - - - - - - - diff --git a/src/java/kp2akeytransform/.gitignore b/src/java/kp2akeytransform/.gitignore deleted file mode 100644 index eb8ccedb8..000000000 --- a/src/java/kp2akeytransform/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -build.properties -local.properties -bin -gen -obj diff --git a/src/java/kp2akeytransform/.project b/src/java/kp2akeytransform/.project deleted file mode 100644 index c2c119bef..000000000 --- a/src/java/kp2akeytransform/.project +++ /dev/null @@ -1,44 +0,0 @@ - - - kp2akeytransform - - - - - - com.android.ide.eclipse.adt.ResourceManagerBuilder - - - - - com.android.ide.eclipse.adt.PreCompilerBuilder - - - - - org.eclipse.jdt.core.javabuilder - - - - - com.android.ide.eclipse.adt.ApkBuilder - - - - - - com.android.ide.eclipse.adt.AndroidNature - org.eclipse.jdt.core.javanature - - - - 1734434133102 - - 30 - - org.eclipse.core.resources.regexFilterMatcher - node_modules|\.git|__CREATED_BY_JAVA_LANGUAGE_SERVER__ - - - - diff --git a/src/java/kp2akeytransform/AndroidManifest.xml b/src/java/kp2akeytransform/AndroidManifest.xml deleted file mode 100644 index 237afdc32..000000000 --- a/src/java/kp2akeytransform/AndroidManifest.xml +++ /dev/null @@ -1,30 +0,0 @@ - - - - - - - - - - \ No newline at end of file diff --git a/src/java/kp2akeytransform/COPYING.gpl-2.0 b/src/java/kp2akeytransform/COPYING.gpl-2.0 deleted file mode 100644 index d511905c1..000000000 --- a/src/java/kp2akeytransform/COPYING.gpl-2.0 +++ /dev/null @@ -1,339 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Lesser General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) year name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - , 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. diff --git a/src/java/kp2akeytransform/jni/.gitignore b/src/java/kp2akeytransform/jni/.gitignore deleted file mode 100644 index 9011a2f18..000000000 --- a/src/java/kp2akeytransform/jni/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -openssl-0.9.8l -aes-src-29-04-09.zip -sha2-07-01-07.zip diff --git a/src/java/kp2akeytransform/jni/Android.mk b/src/java/kp2akeytransform/jni/Android.mk deleted file mode 100644 index eabf33540..000000000 --- a/src/java/kp2akeytransform/jni/Android.mk +++ /dev/null @@ -1,3 +0,0 @@ -# Recursively sources all Android.mk files in subdirs: -include $(call all-subdir-makefiles) - diff --git a/src/java/kp2akeytransform/jni/Application.mk b/src/java/kp2akeytransform/jni/Application.mk deleted file mode 100644 index a2087cbdc..000000000 --- a/src/java/kp2akeytransform/jni/Application.mk +++ /dev/null @@ -1,3 +0,0 @@ -APP_MODULES := aes sha final-key -APP_OPTIM := release -APP_ABI := all diff --git a/src/java/kp2akeytransform/jni/aes/Android.mk b/src/java/kp2akeytransform/jni/aes/Android.mk deleted file mode 100644 index e8d12daea..000000000 --- a/src/java/kp2akeytransform/jni/aes/Android.mk +++ /dev/null @@ -1,13 +0,0 @@ -LOCAL_PATH := $(call my-dir) - -include $(CLEAR_VARS) - -LOCAL_MODULE := aes - -LOCAL_SRC_FILES := \ - aescrypt.c \ - aeskey.c \ - aes_modes.c \ - aestab.c - -include $(BUILD_STATIC_LIBRARY) diff --git a/src/java/kp2akeytransform/jni/aes/aes.h b/src/java/kp2akeytransform/jni/aes/aes.h deleted file mode 100644 index 46d1f6bdd..000000000 --- a/src/java/kp2akeytransform/jni/aes/aes.h +++ /dev/null @@ -1,205 +0,0 @@ -/* - --------------------------------------------------------------------------- - Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved. - - LICENSE TERMS - - The redistribution and use of this software (with or without changes) - is allowed without the payment of fees or royalties provided that: - - 1. source code distributions include the above copyright notice, this - list of conditions and the following disclaimer; - - 2. binary distributions include the above copyright notice, this list - of conditions and the following disclaimer in their documentation; - - 3. the name of the copyright holder is not used to endorse products - built using this software without specific written permission. - - DISCLAIMER - - This software is provided 'as is' with no explicit or implied warranties - in respect of its properties, including, but not limited to, correctness - and/or fitness for purpose. - --------------------------------------------------------------------------- - Issue Date: 20/12/2007 - - This file contains the definitions required to use AES in C. See aesopt.h - for optimisation details. -*/ - -#ifndef _AES_H -#define _AES_H - -#include - -/* This include is used to find 8 & 32 bit unsigned integer types */ -#include "brg_types.h" - -#if defined(__cplusplus) -extern "C" -{ -#endif - -#define AES_128 /* if a fast 128 bit key scheduler is needed */ -#define AES_192 /* if a fast 192 bit key scheduler is needed */ -#define AES_256 /* if a fast 256 bit key scheduler is needed */ -#define AES_VAR /* if variable key size scheduler is needed */ -#define AES_MODES /* if support is needed for modes */ - -/* The following must also be set in assembler files if being used */ - -#define AES_ENCRYPT /* if support for encryption is needed */ -#define AES_DECRYPT /* if support for decryption is needed */ -#define AES_REV_DKS /* define to reverse decryption key schedule */ - -#define AES_BLOCK_SIZE 16 /* the AES block size in bytes */ -#define N_COLS 4 /* the number of columns in the state */ - -/* The key schedule length is 11, 13 or 15 16-byte blocks for 128, */ -/* 192 or 256-bit keys respectively. That is 176, 208 or 240 bytes */ -/* or 44, 52 or 60 32-bit words. */ - -#if defined( AES_VAR ) || defined( AES_256 ) -#define KS_LENGTH 60 -#elif defined( AES_192 ) -#define KS_LENGTH 52 -#else -#define KS_LENGTH 44 -#endif - -#define AES_RETURN INT_RETURN - -/* the character array 'inf' in the following structures is used */ -/* to hold AES context information. This AES code uses cx->inf.b[0] */ -/* to hold the number of rounds multiplied by 16. The other three */ -/* elements can be used by code that implements additional modes */ - -typedef union -{ uint_32t l; - uint_8t b[4]; -} aes_inf; - -typedef struct -{ uint_32t ks[KS_LENGTH]; - aes_inf inf; -} aes_encrypt_ctx; - -typedef struct -{ uint_32t ks[KS_LENGTH]; - aes_inf inf; -} aes_decrypt_ctx; - -/* This routine must be called before first use if non-static */ -/* tables are being used */ - -AES_RETURN aes_init(void); - -/* Key lengths in the range 16 <= key_len <= 32 are given in bytes, */ -/* those in the range 128 <= key_len <= 256 are given in bits */ - -#if defined( AES_ENCRYPT ) - -#if defined( AES_128 ) || defined( AES_VAR) -AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1]); -#endif - -#if defined( AES_192 ) || defined( AES_VAR) -AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1]); -#endif - -#if defined( AES_256 ) || defined( AES_VAR) -AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]); -#endif - -#if defined( AES_VAR ) -AES_RETURN aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1]); -#endif - -AES_RETURN aes_encrypt(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1]); - -#endif - -#if defined( AES_DECRYPT ) - -#if defined( AES_128 ) || defined( AES_VAR) -AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1]); -#endif - -#if defined( AES_192 ) || defined( AES_VAR) -AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1]); -#endif - -#if defined( AES_256 ) || defined( AES_VAR) -AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]); -#endif - -#if defined( AES_VAR ) -AES_RETURN aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1]); -#endif - -AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out, const aes_decrypt_ctx cx[1]); - -#endif - -#if defined( AES_MODES ) - -/* Multiple calls to the following subroutines for multiple block */ -/* ECB, CBC, CFB, OFB and CTR mode encryption can be used to handle */ -/* long messages incremantally provided that the context AND the iv */ -/* are preserved between all such calls. For the ECB and CBC modes */ -/* each individual call within a series of incremental calls must */ -/* process only full blocks (i.e. len must be a multiple of 16) but */ -/* the CFB, OFB and CTR mode calls can handle multiple incremental */ -/* calls of any length. Each mode is reset when a new AES key is */ -/* set but ECB and CBC operations can be reset without setting a */ -/* new key by setting a new IV value. To reset CFB, OFB and CTR */ -/* without setting the key, aes_mode_reset() must be called and the */ -/* IV must be set. NOTE: All these calls update the IV on exit so */ -/* this has to be reset if a new operation with the same IV as the */ -/* previous one is required (or decryption follows encryption with */ -/* the same IV array). */ - -AES_RETURN aes_test_alignment_detection(unsigned int n); - -AES_RETURN aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, const aes_encrypt_ctx cx[1]); - -AES_RETURN aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, const aes_decrypt_ctx cx[1]); - -AES_RETURN aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, const aes_encrypt_ctx cx[1]); - -AES_RETURN aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, const aes_decrypt_ctx cx[1]); - -AES_RETURN aes_mode_reset(aes_encrypt_ctx cx[1]); - -AES_RETURN aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, aes_encrypt_ctx cx[1]); - -AES_RETURN aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, aes_encrypt_ctx cx[1]); - -#define aes_ofb_encrypt aes_ofb_crypt -#define aes_ofb_decrypt aes_ofb_crypt - -AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, aes_encrypt_ctx cx[1]); - -typedef void cbuf_inc(unsigned char *cbuf); - -#define aes_ctr_encrypt aes_ctr_crypt -#define aes_ctr_decrypt aes_ctr_crypt - -AES_RETURN aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx cx[1]); - -#endif - -#if defined(__cplusplus) -} -#endif - -#endif diff --git a/src/java/kp2akeytransform/jni/aes/aes.txt b/src/java/kp2akeytransform/jni/aes/aes.txt deleted file mode 100644 index ca165632b..000000000 --- a/src/java/kp2akeytransform/jni/aes/aes.txt +++ /dev/null @@ -1,556 +0,0 @@ - -An AES (Rijndael) Implementation in C/C++ (as specified in FIPS-197) -==================================================================== - -Changes in this Version (16/04/2007) -==================================== - -These changes remove errors in the VC++ build files and add some -improvements in file naming consitency and portability. There are -no changes to overcome reported bugs in the code. - -1. gen_tabs() has been renamed to aes_init() to better decribe its - function to those not familiar with AES internals. - -2. via_ace.h has been renamed to aes_via_ace.h. - -3. Minor changes have been made to aestab.h and aestab.c to enable - all the code to be compiled in either C or C++. - -4. The code for detecting memory alignment in aesmdoes.c has been - simplified and a new routine has been added: - - aes_test_alignment_detection() - - to check that the aligment test is likely to be correct. - -5. The addition of support for Structured Exception Handling (SEH) - to YASM (well done Peter and Michael!) has allowed the AMD64 - x64 assembler code to be changed to comply with SEH requriements. - -6. Corrections to build files (for win32 debug build). - -Overview -======== - -This code implements AES for both 32 and 64 bit systems with optional -assembler support for x86 and AMD64/EM64T (but optimised for AMD64). - -The basic AES source code files are as follows: - -aes.h the header file needed to use AES in C -aescpp.h the header file required with to use AES in C++ -aesopt.h the header file for setting options (and some common code) -aestab.h the header file for the AES table declaration -aescrypt.c the main C source code file for encryption and decryption -aeskey.c the main C source code file for the key schedule -aestab.c the main file for the AES tables -brg_types.h a header defining some standard types and DLL defines -brg_endian.h a header containing code to detect or define endianness -aes_x86_v1.asm x86 assembler (YASM) alternative to aescrypt.c using - large tables -aes_x86_v2.asm x86 assembler (YASM) alternative to aescrypt.c using - compressed tables -aes_amd64.asm AMD64 assembler (YASM) alternative to aescrypt.c using - compressed tables - -In addition AES modes are implemented in the files: - -aes_modes.c AES modes with optional support for VIA ACE detection and use -aes_via_ace.h the header file for VIA ACE support - -Other associated files for testing and support are: - -aesaux.h header for auxilliary routines for testsing -aesaux.c auxilliary routines for testsingt -aestst.h header file for setting the testing environment -rdtsc.h a header file that provides access to the Time Stamp Counter -aestst.c a simple test program for quick tests of the AES code -aesgav.c a program to generate and verify the test vector files -aesrav.c a program to verify output against the test vector files -aestmr.c a program to time the code on x86 systems -modetest.c a program to test the AES modes support -vbxam.doc a demonstration of AES DLL use from Visual Basic in Microsoft Word -vb.txt Visual Basic code from the above example (win32 only) -aesxam.c an example of AES use -tablegen.c a program to generate a simplified 'aestab.c' file for - use with compilers that find aestab.c too complex -yasm.rules the YASM build rules file for Microsoft Visual Studio 2005 -via_ace.txt describes support for the VIA ACE cryptography engine -aes.txt this file - -Building The AES Libraries --------------------------- - -A. Versions ------------ - -The code can be used to build static and dynamic libraries, each in five -versions: - - C uses C source code only - ASM_X86_V1C large table x86 assembler code for encrypt/decrypt - ASM_X86_V2 compressed table x86 assembler for encrypt/decrypt and keying - ASM_X86_V2C compressed table x86 assembler code for encrypt/decrypt - ASM_AMD64 compressed table x86 assembler code for encrypt/decrypt - -The C version can be compiled for Win32 or x64, the x86 assembler versions -are for Win32 only and the AMD64 version for x64 only. - -B. Types --------- - -The code makes use of types defined as uint_t where is the length -of the type, for example, the unsigned 32-bit type is 'uint_32t'. These are -NOT the same as the fixed width integer types in C99, inttypes.h and stdint.h -since several attempts to use these types have shown that support for them is -still highly variable. But a regular expression search and replace in VC++ -with search on 'uint_{:z}t' and a replace with 'uint\1_t' will convert these -types to C99 types (there should be similar search/replace facilities on other -systems). - -C. YASM -------- - -If you wish to use the x86 assembler files you will also need the YASM open -source x86 assembler (r1331 or later) for Windows which can be obtained from: - - http://www.tortall.net/projects/yasm/ - -This assembler should be placed in the bin directory used by VC++, which, for -Visual Stduio 2005, is typically: - - C:\Program Files (x86)\Microsoft Visual Studio 8\VC\bin - -You will also need to move the yasm.rules file from this distribution into -the directory where Visual Studio 2005 expects to find it, which is typically: - - C:\Program Files (x86)\Microsoft Visual Studio 8\VC\VCProjectDefaults - -Alternatively you can configure the path for rules files within Visual Studio. - -D. Configuration ----------------- - -The following configurations are available as projects for Visual Studio 2005 -but the following descriptions should allow them to be built in other x86 -environments: - - lib_generic_c Win32 and x64 - headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs,h - C source: aescrypt.c, aeskey.c, aestab.c, aes_modes.c - defines - dll_generic_c Win32 and x64 - headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs,h - C source: aescrypt.c, aeskey.c, aestab.c, aes_modes.c - defines DLL_EXPORT - - lib_asm_x86_v1c Win32 - headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs,h - C source: aeskey.c, aestab.c, aes_modes.c - x86 assembler: aes_x86_v1.asm - defines ASM_X86_V1C (set for C and assembler files) - dll_asm_x86_v1c Win32 - headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs,h - C source: aeskey.c, aestab.c, aes_modes.c - x86 assembler: aes_x86_v1.asm - defines DLL_EXPORT, ASM_X86_V1C (set for C and assembler files) - - lib_asm_x86_v2c Win32 - headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs,h - C source: aeskey.c, aestab.c, aes_modes.c - x86 assembler: aes_x86_v2.asm - defines ASM_X86_V2C (set for C and assembler files) - dll_asm_x86_v2c Win32 - headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs,h - C source: aeskey.c, aestab.c, aes_modes.c - x86 assembler: aes_x86_v1.asm - defines DLL_EXPORT, ASM_X86_V2C (set for C and assembler files) - - lib_asm_x86_v2 Win32 - headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs,h - C source: aes_modes.c - x86 assembler: aes_x86_v1.asm - defines ASM_X86_V2 (set for C and assembler files) - dll_asm_x86_v2 Win32 - headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs,h - C source: aes_modes.c - x86 assembler: aes_x86_v1.asm - defines DLL_EXPORT, ASM_AMD64_C (set for C and assembler files) - - lib_asm_amd64_c x64 - headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs,h - C source: aes_modes.c - x86 assembler: aes_amd64.asm - defines ASM_X86_V2 (set for C and assembler files) - dll_asm_amd64_c x64 - headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs,h - C source: aes_modes.c - x86 assembler: aes_amd64.asm - defines DLL_EXPORT, ASM_AMD64_C (set for C and assembler files) - -Notes: - -ASM_X86_V1C is defined if using the version 1 assembler code (aescrypt1.asm). - The defines in the assember file must match those in aes.h and - aesopt.h). Also remember to include/exclude the right assembler - and C files in the build to avoid undefined or multiply defined - symbols - include aescrypt1.asm and exclude aescrypt.c and - aescrypt2.asm. - -ASM_X86_V2 is defined if using the version 2 assembler code (aescrypt2.asm). - This version provides a full, self contained assembler version - and does not use any C source code files except for the mutiple - block encryption modes that are provided by aes_modes.c. The define - ASM_X86_V2 must be set on the YASM command line (or in aescrypt2.asm) - to use this version and all C files except aec_modes.c and. for the - DLL build, aestab.c must be excluded from the build. - -ASM_X86_V2C is defined when using the version 2 assembler code (aescrypt2.asm) - with faster key scheduling provided by the in C code (the options in - the assember file must match those in aes.h and aesopt.h). In this - case aeskey.c and aestab.c are needed with aescrypt2.asm and the - define ASM_X86_V2C must be set for both the C files and for - asecrypt2.asm command lines (or in aesopt.h and aescrypt2.asm). - Include aescrypt2.asm aeskey.c and aestab.c, exclude aescrypt.c for - this option. - -ASM_AMD64_C is defined when using the AMD64 assembly code because the C key - scheduling is sued in this case. - -DLL_EXPORT must be defined to generate the DLL version of the code and - to run tests on it - -DLL_IMPORT must be defined to use the DLL version of the code in an - application program - -Directories the paths for the various directories for test vector input and - output have to be set in aestst.h - -VIA ACE see the via_ace.txt for this item - -Static The static libraries are named: -Libraries - aes_lib_generic_c.lib - aes_lib_asm_x86_v1c.lib - aes_lib_asm_x86_v2.lib - aes_lib_asm_x86_v2c.lib - aes_lib_asm_amd64_c.lib - - and placed in one of the the directories: - - lib\win32\release\ - lib\win32\debug\ - lib\x64\release\ - lib\x64\debug\ - - in the aes root directory depending on the platform(win32 or - x64) and the build (release or debug). After any of these is - built it is then copied into aes.lib, which is the library - that is subsequently used for testing. Hence testing is for - the last static library built. - -Dynamic The static libraries are named: -Libraries - aes_lib_generic_c.dll - aes_lib_asm_x86_v1c.dll - aes_lib_asm_x86_v2.dll - aes_lib_asm_x86_v2c.dll - aes_lib_asm_amd64_c.dll - - and placed in one of the the directories: - - dll\win32\release\ - dll\win32\debug\ - dll\x64\release\ - dll\x64\debug\ - - in the aes root directory depending on the platform(win32 or - x64) and the build (release or debug). Each DLL library: - - aes_.dll - - has three associated files: - - aes_dll_.lib the library file for implicit linking - aes_dll_.exp the exports file - aes_dll_.pdb the symbol file - - After any DLL is built it and its three related files are then - copied into aes.lib, aes.lib, aes,exp and aes.pdb, which are - the libraries used for testing. Hence testing is for the last - static library or DLL built. - -E. Testing ----------- - -These tests require that the test vector files are placed in the 'testvals' -subdirectory. If the AES Algorithm Validation Suite tests will be use3d then -the *.fax files need to be put in the 'testvals\fax' subdirectory. This is -covered in more detail below. - -The projects test_dll and time_dll are used to test and time the last DLL -built. These use the files: - - test_dll: Win32 (x64 for the C and AMD64 versions) - headers: aes.h, aescpp.h, brg_types.h, aesaux.h and aestst.h - C source: aesaux.c, aesrav.c - defines: DLL_IMPORT - - time_dll: Win32 (x64 for the C and AMD64 versions) - headers: aes.h, aescpp.h, brg_types.h, aesaux.h aestst.h and rdtsc.h - C source: aesaux.c, aestmr.c - defines: DLL_IMPORT - -and link to the DLL using explicit linking. However, if the lib file associated -with the DLL is linked into this project and the symbol DYNAMIC_LINK in aestst.h -is left undefined, then implicit linking will be used - -The projects test_lib and time_lib are used to test and time the last static LIB -built. They use the files: - - test_lib: Win32 (x64 for the C and AMD64 versions) - headers: aes.h, aescpp.h, brg_types.h, aesaux.h and aestst.h - C source: aesaux.c, aesrav.c - defines: - - time_lib: Win32 (x64 for the C and AMD64 versions) - headers: aes.h, aescpp.h, brg_types.h, aesaux.h, aestst.h and rdtsc.h - C source: aesaux.c, aestmr.c - defines: - -and link to the last static library built. - -The above test take command line arguments that determine which test are run -as follows: - - test_lib /t:[knec] /k:[468] - test_dll /t:[knec] /k:[468] - -where the symbols in square brackets can be used in any combination (without -the brackets) and have the following meanings: - - /t:[knec] selects which tests are used - /k:[468] selects the key lengths used - /c compares output with reference (see later) - - k: generate ECB Known Answer Test files - n: generate ECB Known Answer Test files (new) - e: generate ECB Monte Carlo Test files - c: generate CBC Monte Carlo Test files - -and the characters giving the lengths are digits representing the lengths in -32-bit units.\n\n"); - -The project test_modes tests the AES modes. It uses the files: - - test_modes: Win32 or x64 - headers: aes.h, aescpp.h, brg_types.h, aesaux,h and aestst.h - C source: aesaux.c, modetest.c - defines: none for static library test, DLL_IMPORT for DLL test - -which again links to the last library built. - -F. Other Applications ---------------------- - -These are: - - gen_tests builds the test_vector files. The commad line is - gen_tests /t:knec /k:468 /c - as described earlier - - test_aes_avs run the AES Algorithm Validation Suite tests for - ECB, CBC, CFB and OFB modes - - gen_tables builds a simple version of aes_tab.c (in aestab2.c) - for compilers that cannot handle the normal version - aes_example provides an example of AES use - -These applications are linked to the last static library built or, if -DLL_IMPORT is defined during compilation, to the last DLL built. - -G. Use of the VIA ACE Cryptography Engine ------------------------------------------ - -The use of the code with the VIA ACE cryptography engine in described in the -file via_ace.txt. In outline aes_modes.c is used and USE_VIA_ACE_IF_PRESENT -is defined either in section 2 of aesopt.h or as a compilation option in Visual -Studio. If in addition ASSUME_VIA_ACE_PRESENT is also defined then all normal -AES code will be removed if not needed to support VIA ACE use. If VIA ACE -support is needed and AES assembler is being used only the ASM_X86_V1C and -ASM_X86_V2C versions should be used since ASM_X86_V2 and ASM_AMD64 do not -support the VIA ACE engine. - -H. The AES Test Vector Files ----------------------------- - -These files fall in the following groups (where is a two digit -number): - -1. ecbvk.txt ECB vectors with variable key -2. ecbvt.txt ECB vectors with variable text -3. ecbnk.txt new ECB vectors with variable key -4. ecbnt.txt new ECB vectors with variable text -5. ecbme.txt ECB monte carlo encryption test vectors -6. ecbmd.txt ECB monte carlo decryption test vectors -7. cbcme.txt CBC monte carlo encryption test vectors -8. cbcmd.txt CBC monte carlo decryption test vectors - -The first digit of the numeric suffix on the filename gives the block size -in 32 bit units and the second numeric digit gives the key size. For example, -the file ecbvk44.txt provides the test vectors for ECB encryption with a 128 -bit block size and a 128 bit key size. The test routines expect to find these -files in the 'testvals' subdirectory within the aes root directory. The -'outvals' subdirectory is used for outputs that are compared with the files -in 'testvals'. Note that the monte carlo test vectors are the result of -applying AES iteratively 10000 times, not just once. - -The AES Algorithm Validation Suite tests can be run for ECB, CBC, CFB and -OFB modes (CFB1 and CFB8 are not implemented). The test routine uses the -*.fax test files, which should be placed in the 'testvals\fax' subdirectory. - -I. The Basic AES Calling Interface ----------------------------------- - -The basic AES code keeps its state in a context, there being different -contexts for encryption and decryption: - - aes_encrypt_ctx - aes_decrypt_ctx - -The AES code is initialised with the call - - aes_init(void) - -although this is only essential if the option to generate the AES tables at -run-time has been set in the options (i.e.fixed tables are not being used). - -The AES encryption key is set by one of the calls: - - aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1]) - aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1]) - aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]) - -or by: - - aes_encrypt_key(const unsigned char *key, int key_len, - aes_encrypt_ctx cx[1]) - -where the key length is set by 'key_len', which can be the length in bits -or bytes. - -Similarly, the AES decryption key is set by one of: - - aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1]) - aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1]) - aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]) - -or by: - - aes_decrypt_key(const unsigned char *key, int key_len, - aes_decrypt_ctx cx[1]) - -Encryption and decryption for a single 16 byte block is then achieved using: - - aes_encrypt(const unsigned char *in, unsigned char *out, - const aes_encrypt_ctx cx[1]) - aes_decrypt(const unsigned char *in, unsigned char *out, - const aes_decrypt_ctx cx[1]) - -The above subroutines return a value of EXIT_SUCCESS or EXIT_FAILURE -depending on whether the operation succeeded or failed. - -J. The Calling Interface for the AES Modes ------------------------------------------- - -The subroutines for the AES modes, ECB, CBC, CFB, OFB and CTR, each process -blocks of variable length and can also be called several times to complete -single mode operations incrementally on long messages (or those messages, -not all of which are available at the same time). The calls: - - aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, const aes_encrypt_ctx cx[1]) - - aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, const aes_decrypt_ctx cx[1]) - -for ECB operations and those for CBC: - - aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, const aes_encrypt_ctx cx[1]) - - aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, const aes_decrypt_ctx cx[1]) - -can only process blocks whose lengths are multiples of 16 bytes but the calls -for CFB, OFB and CTR mode operations: - - aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, aes_encrypt_ctx cx[1]) - - aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, aes_encrypt_ctx cx[1]) - - aes_ofb_encrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, aes_encrypt_ctx cx[1]) - - aes_ofb_decrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, aes_encrypt_ctx cx[1]) - - aes_ctr_encrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx cx[1]) - - aes_ctr_decrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx cx[1]) - -can process blocks of any length. Note also that CFB, OFB and CTR mode calls only -use AES encryption contexts even during decryption operations. - -The calls CTR mode operations use a buffer (cbuf) which holds the counter value -together with a function parameter: - - void cbuf_inc(unsigned char *cbuf); - -that is ued to update the counter value after each 16 byte AES operation. The -counter buffer is updated appropriately to allow for incremental operations. - -Please note the following IMPORTANT points about the AES mode subroutines: - - 1. All modes are reset when a new AES key is set. - - 2. Incremental calls to the different modes cannot - be mixed. If a change of mode is needed a new - key must be set or a reset must be issued (see - below). - - 3. For modes with IVs, the IV value is an inpu AND - an ouput since it is updated after each call to - the value needed for any subsequent incremental - call(s). If the mode is reset, the IV hence has - to be set (or reset) as well. - - 4. ECB operations must be multiples of 16 bytes - but do not need to be reset for new operations. - - 5. CBC operations must also be multiples of 16 - bytes and are reset for a new operation by - setting the IV. - - 6. CFB, OFB and CTR mode must be reset by setting - a new IV value AND by calling: - - aes_mode_reset(aes_encrypt_ctx cx[1]) - - For CTR mode the cbuf value also has to be reset. - - 7. CFB, OFB and CTR modes only use AES encryption - operations and contexts and do not need AES - decrytpion operations. - - 8. AES keys remain valid across resets and changes - of mode (but encryption and decryption keys must - both be set if they are needed). - - Brian Gladman 22/07/2008 - \ No newline at end of file diff --git a/src/java/kp2akeytransform/jni/aes/aes_amd64.asm b/src/java/kp2akeytransform/jni/aes/aes_amd64.asm deleted file mode 100644 index 9111f812b..000000000 --- a/src/java/kp2akeytransform/jni/aes/aes_amd64.asm +++ /dev/null @@ -1,905 +0,0 @@ - -; --------------------------------------------------------------------------- -; Copyright (c) 1998-2007, Brian Gladman, Worcester, UK. All rights reserved. -; -; LICENSE TERMS -; -; The free distribution and use of this software is allowed (with or without -; changes) provided that: -; -; 1. source code distributions include the above copyright notice, this -; list of conditions and the following disclaimer; -; -; 2. binary distributions include the above copyright notice, this list -; of conditions and the following disclaimer in their documentation; -; -; 3. the name of the copyright holder is not used to endorse products -; built using this software without specific written permission. -; -; DISCLAIMER -; -; This software is provided 'as is' with no explicit or implied warranties -; in respect of its properties, including, but not limited to, correctness -; and/or fitness for purpose. -; --------------------------------------------------------------------------- -; Issue 20/12/2007 -; -; I am grateful to Dag Arne Osvik for many discussions of the techniques that -; can be used to optimise AES assembler code on AMD64/EM64T architectures. -; Some of the techniques used in this implementation are the result of -; suggestions made by him for which I am most grateful. - -; An AES implementation for AMD64 processors using the YASM assembler. This -; implemetation provides only encryption, decryption and hence requires key -; scheduling support in C. It uses 8k bytes of tables but its encryption and -; decryption performance is very close to that obtained using large tables. -; It can use either Windows or Gnu/Linux calling conventions, which are as -; follows: -; windows gnu/linux -; -; in_blk rcx rdi -; out_blk rdx rsi -; context (cx) r8 rdx -; -; preserved rsi - + rbx, rbp, rsp, r12, r13, r14 & r15 -; registers rdi - on both -; -; destroyed - rsi + rax, rcx, rdx, r8, r9, r10 & r11 -; registers - rdi on both -; -; The default convention is that for windows, the gnu/linux convention being -; used if __GNUC__ is defined. -; -; Define _SEH_ to include support for Win64 structured exception handling -; (this requires YASM version 0.6 or later). -; -; This code provides the standard AES block size (128 bits, 16 bytes) and the -; three standard AES key sizes (128, 192 and 256 bits). It has the same call -; interface as my C implementation. It uses the Microsoft C AMD64 calling -; conventions in which the three parameters are placed in rcx, rdx and r8 -; respectively. The rbx, rsi, rdi, rbp and r12..r15 registers are preserved. -; -; AES_RETURN aes_encrypt(const unsigned char in_blk[], -; unsigned char out_blk[], const aes_encrypt_ctx cx[1]); -; -; AES_RETURN aes_decrypt(const unsigned char in_blk[], -; unsigned char out_blk[], const aes_decrypt_ctx cx[1]); -; -; AES_RETURN aes_encrypt_key(const unsigned char key[], -; const aes_encrypt_ctx cx[1]); -; -; AES_RETURN aes_decrypt_key(const unsigned char key[], -; const aes_decrypt_ctx cx[1]); -; -; AES_RETURN aes_encrypt_key(const unsigned char key[], -; unsigned int len, const aes_decrypt_ctx cx[1]); -; -; AES_RETURN aes_decrypt_key(const unsigned char key[], -; unsigned int len, const aes_decrypt_ctx cx[1]); -; -; where is 128, 102 or 256. In the last two calls the length can be in -; either bits or bytes. -; -; Comment in/out the following lines to obtain the desired subroutines. These -; selections MUST match those in the C header file aes.h - -%define AES_128 ; define if AES with 128 bit keys is needed -%define AES_192 ; define if AES with 192 bit keys is needed -%define AES_256 ; define if AES with 256 bit keys is needed -%define AES_VAR ; define if a variable key size is needed -%define ENCRYPTION ; define if encryption is needed -%define DECRYPTION ; define if decryption is needed -%define AES_REV_DKS ; define if key decryption schedule is reversed - -%define LAST_ROUND_TABLES ; define for the faster version using extra tables - -; The encryption key schedule has the following in memory layout where N is the -; number of rounds (10, 12 or 14): -; -; lo: | input key (round 0) | ; each round is four 32-bit words -; | encryption round 1 | -; | encryption round 2 | -; .... -; | encryption round N-1 | -; hi: | encryption round N | -; -; The decryption key schedule is normally set up so that it has the same -; layout as above by actually reversing the order of the encryption key -; schedule in memory (this happens when AES_REV_DKS is set): -; -; lo: | decryption round 0 | = | encryption round N | -; | decryption round 1 | = INV_MIX_COL[ | encryption round N-1 | ] -; | decryption round 2 | = INV_MIX_COL[ | encryption round N-2 | ] -; .... .... -; | decryption round N-1 | = INV_MIX_COL[ | encryption round 1 | ] -; hi: | decryption round N | = | input key (round 0) | -; -; with rounds except the first and last modified using inv_mix_column() -; But if AES_REV_DKS is NOT set the order of keys is left as it is for -; encryption so that it has to be accessed in reverse when used for -; decryption (although the inverse mix column modifications are done) -; -; lo: | decryption round 0 | = | input key (round 0) | -; | decryption round 1 | = INV_MIX_COL[ | encryption round 1 | ] -; | decryption round 2 | = INV_MIX_COL[ | encryption round 2 | ] -; .... .... -; | decryption round N-1 | = INV_MIX_COL[ | encryption round N-1 | ] -; hi: | decryption round N | = | encryption round N | -; -; This layout is faster when the assembler key scheduling provided here -; is used. -; -; The DLL interface must use the _stdcall convention in which the number -; of bytes of parameter space is added after an @ to the sutine's name. -; We must also remove our parameters from the stack before return (see -; the do_exit macro). Define DLL_EXPORT for the Dynamic Link Library version. - -;%define DLL_EXPORT - -; End of user defines - -%ifdef AES_VAR -%ifndef AES_128 -%define AES_128 -%endif -%ifndef AES_192 -%define AES_192 -%endif -%ifndef AES_256 -%define AES_256 -%endif -%endif - -%ifdef AES_VAR -%define KS_LENGTH 60 -%elifdef AES_256 -%define KS_LENGTH 60 -%elifdef AES_192 -%define KS_LENGTH 52 -%else -%define KS_LENGTH 44 -%endif - -%define r0 rax -%define r1 rdx -%define r2 rcx -%define r3 rbx -%define r4 rsi -%define r5 rdi -%define r6 rbp -%define r7 rsp - -%define raxd eax -%define rdxd edx -%define rcxd ecx -%define rbxd ebx -%define rsid esi -%define rdid edi -%define rbpd ebp -%define rspd esp - -%define raxb al -%define rdxb dl -%define rcxb cl -%define rbxb bl -%define rsib sil -%define rdib dil -%define rbpb bpl -%define rspb spl - -%define r0h ah -%define r1h dh -%define r2h ch -%define r3h bh - -%define r0d eax -%define r1d edx -%define r2d ecx -%define r3d ebx - -; finite field multiplies by {02}, {04} and {08} - -%define f2(x) ((x<<1)^(((x>>7)&1)*0x11b)) -%define f4(x) ((x<<2)^(((x>>6)&1)*0x11b)^(((x>>6)&2)*0x11b)) -%define f8(x) ((x<<3)^(((x>>5)&1)*0x11b)^(((x>>5)&2)*0x11b)^(((x>>5)&4)*0x11b)) - -; finite field multiplies required in table generation - -%define f3(x) (f2(x) ^ x) -%define f9(x) (f8(x) ^ x) -%define fb(x) (f8(x) ^ f2(x) ^ x) -%define fd(x) (f8(x) ^ f4(x) ^ x) -%define fe(x) (f8(x) ^ f4(x) ^ f2(x)) - -; macro for expanding S-box data - -%macro enc_vals 1 - db %1(0x63),%1(0x7c),%1(0x77),%1(0x7b),%1(0xf2),%1(0x6b),%1(0x6f),%1(0xc5) - db %1(0x30),%1(0x01),%1(0x67),%1(0x2b),%1(0xfe),%1(0xd7),%1(0xab),%1(0x76) - db %1(0xca),%1(0x82),%1(0xc9),%1(0x7d),%1(0xfa),%1(0x59),%1(0x47),%1(0xf0) - db %1(0xad),%1(0xd4),%1(0xa2),%1(0xaf),%1(0x9c),%1(0xa4),%1(0x72),%1(0xc0) - db %1(0xb7),%1(0xfd),%1(0x93),%1(0x26),%1(0x36),%1(0x3f),%1(0xf7),%1(0xcc) - db %1(0x34),%1(0xa5),%1(0xe5),%1(0xf1),%1(0x71),%1(0xd8),%1(0x31),%1(0x15) - db %1(0x04),%1(0xc7),%1(0x23),%1(0xc3),%1(0x18),%1(0x96),%1(0x05),%1(0x9a) - db %1(0x07),%1(0x12),%1(0x80),%1(0xe2),%1(0xeb),%1(0x27),%1(0xb2),%1(0x75) - db %1(0x09),%1(0x83),%1(0x2c),%1(0x1a),%1(0x1b),%1(0x6e),%1(0x5a),%1(0xa0) - db %1(0x52),%1(0x3b),%1(0xd6),%1(0xb3),%1(0x29),%1(0xe3),%1(0x2f),%1(0x84) - db %1(0x53),%1(0xd1),%1(0x00),%1(0xed),%1(0x20),%1(0xfc),%1(0xb1),%1(0x5b) - db %1(0x6a),%1(0xcb),%1(0xbe),%1(0x39),%1(0x4a),%1(0x4c),%1(0x58),%1(0xcf) - db %1(0xd0),%1(0xef),%1(0xaa),%1(0xfb),%1(0x43),%1(0x4d),%1(0x33),%1(0x85) - db %1(0x45),%1(0xf9),%1(0x02),%1(0x7f),%1(0x50),%1(0x3c),%1(0x9f),%1(0xa8) - db %1(0x51),%1(0xa3),%1(0x40),%1(0x8f),%1(0x92),%1(0x9d),%1(0x38),%1(0xf5) - db %1(0xbc),%1(0xb6),%1(0xda),%1(0x21),%1(0x10),%1(0xff),%1(0xf3),%1(0xd2) - db %1(0xcd),%1(0x0c),%1(0x13),%1(0xec),%1(0x5f),%1(0x97),%1(0x44),%1(0x17) - db %1(0xc4),%1(0xa7),%1(0x7e),%1(0x3d),%1(0x64),%1(0x5d),%1(0x19),%1(0x73) - db %1(0x60),%1(0x81),%1(0x4f),%1(0xdc),%1(0x22),%1(0x2a),%1(0x90),%1(0x88) - db %1(0x46),%1(0xee),%1(0xb8),%1(0x14),%1(0xde),%1(0x5e),%1(0x0b),%1(0xdb) - db %1(0xe0),%1(0x32),%1(0x3a),%1(0x0a),%1(0x49),%1(0x06),%1(0x24),%1(0x5c) - db %1(0xc2),%1(0xd3),%1(0xac),%1(0x62),%1(0x91),%1(0x95),%1(0xe4),%1(0x79) - db %1(0xe7),%1(0xc8),%1(0x37),%1(0x6d),%1(0x8d),%1(0xd5),%1(0x4e),%1(0xa9) - db %1(0x6c),%1(0x56),%1(0xf4),%1(0xea),%1(0x65),%1(0x7a),%1(0xae),%1(0x08) - db %1(0xba),%1(0x78),%1(0x25),%1(0x2e),%1(0x1c),%1(0xa6),%1(0xb4),%1(0xc6) - db %1(0xe8),%1(0xdd),%1(0x74),%1(0x1f),%1(0x4b),%1(0xbd),%1(0x8b),%1(0x8a) - db %1(0x70),%1(0x3e),%1(0xb5),%1(0x66),%1(0x48),%1(0x03),%1(0xf6),%1(0x0e) - db %1(0x61),%1(0x35),%1(0x57),%1(0xb9),%1(0x86),%1(0xc1),%1(0x1d),%1(0x9e) - db %1(0xe1),%1(0xf8),%1(0x98),%1(0x11),%1(0x69),%1(0xd9),%1(0x8e),%1(0x94) - db %1(0x9b),%1(0x1e),%1(0x87),%1(0xe9),%1(0xce),%1(0x55),%1(0x28),%1(0xdf) - db %1(0x8c),%1(0xa1),%1(0x89),%1(0x0d),%1(0xbf),%1(0xe6),%1(0x42),%1(0x68) - db %1(0x41),%1(0x99),%1(0x2d),%1(0x0f),%1(0xb0),%1(0x54),%1(0xbb),%1(0x16) -%endmacro - -%macro dec_vals 1 - db %1(0x52),%1(0x09),%1(0x6a),%1(0xd5),%1(0x30),%1(0x36),%1(0xa5),%1(0x38) - db %1(0xbf),%1(0x40),%1(0xa3),%1(0x9e),%1(0x81),%1(0xf3),%1(0xd7),%1(0xfb) - db %1(0x7c),%1(0xe3),%1(0x39),%1(0x82),%1(0x9b),%1(0x2f),%1(0xff),%1(0x87) - db %1(0x34),%1(0x8e),%1(0x43),%1(0x44),%1(0xc4),%1(0xde),%1(0xe9),%1(0xcb) - db %1(0x54),%1(0x7b),%1(0x94),%1(0x32),%1(0xa6),%1(0xc2),%1(0x23),%1(0x3d) - db %1(0xee),%1(0x4c),%1(0x95),%1(0x0b),%1(0x42),%1(0xfa),%1(0xc3),%1(0x4e) - db %1(0x08),%1(0x2e),%1(0xa1),%1(0x66),%1(0x28),%1(0xd9),%1(0x24),%1(0xb2) - db %1(0x76),%1(0x5b),%1(0xa2),%1(0x49),%1(0x6d),%1(0x8b),%1(0xd1),%1(0x25) - db %1(0x72),%1(0xf8),%1(0xf6),%1(0x64),%1(0x86),%1(0x68),%1(0x98),%1(0x16) - db %1(0xd4),%1(0xa4),%1(0x5c),%1(0xcc),%1(0x5d),%1(0x65),%1(0xb6),%1(0x92) - db %1(0x6c),%1(0x70),%1(0x48),%1(0x50),%1(0xfd),%1(0xed),%1(0xb9),%1(0xda) - db %1(0x5e),%1(0x15),%1(0x46),%1(0x57),%1(0xa7),%1(0x8d),%1(0x9d),%1(0x84) - db %1(0x90),%1(0xd8),%1(0xab),%1(0x00),%1(0x8c),%1(0xbc),%1(0xd3),%1(0x0a) - db %1(0xf7),%1(0xe4),%1(0x58),%1(0x05),%1(0xb8),%1(0xb3),%1(0x45),%1(0x06) - db %1(0xd0),%1(0x2c),%1(0x1e),%1(0x8f),%1(0xca),%1(0x3f),%1(0x0f),%1(0x02) - db %1(0xc1),%1(0xaf),%1(0xbd),%1(0x03),%1(0x01),%1(0x13),%1(0x8a),%1(0x6b) - db %1(0x3a),%1(0x91),%1(0x11),%1(0x41),%1(0x4f),%1(0x67),%1(0xdc),%1(0xea) - db %1(0x97),%1(0xf2),%1(0xcf),%1(0xce),%1(0xf0),%1(0xb4),%1(0xe6),%1(0x73) - db %1(0x96),%1(0xac),%1(0x74),%1(0x22),%1(0xe7),%1(0xad),%1(0x35),%1(0x85) - db %1(0xe2),%1(0xf9),%1(0x37),%1(0xe8),%1(0x1c),%1(0x75),%1(0xdf),%1(0x6e) - db %1(0x47),%1(0xf1),%1(0x1a),%1(0x71),%1(0x1d),%1(0x29),%1(0xc5),%1(0x89) - db %1(0x6f),%1(0xb7),%1(0x62),%1(0x0e),%1(0xaa),%1(0x18),%1(0xbe),%1(0x1b) - db %1(0xfc),%1(0x56),%1(0x3e),%1(0x4b),%1(0xc6),%1(0xd2),%1(0x79),%1(0x20) - db %1(0x9a),%1(0xdb),%1(0xc0),%1(0xfe),%1(0x78),%1(0xcd),%1(0x5a),%1(0xf4) - db %1(0x1f),%1(0xdd),%1(0xa8),%1(0x33),%1(0x88),%1(0x07),%1(0xc7),%1(0x31) - db %1(0xb1),%1(0x12),%1(0x10),%1(0x59),%1(0x27),%1(0x80),%1(0xec),%1(0x5f) - db %1(0x60),%1(0x51),%1(0x7f),%1(0xa9),%1(0x19),%1(0xb5),%1(0x4a),%1(0x0d) - db %1(0x2d),%1(0xe5),%1(0x7a),%1(0x9f),%1(0x93),%1(0xc9),%1(0x9c),%1(0xef) - db %1(0xa0),%1(0xe0),%1(0x3b),%1(0x4d),%1(0xae),%1(0x2a),%1(0xf5),%1(0xb0) - db %1(0xc8),%1(0xeb),%1(0xbb),%1(0x3c),%1(0x83),%1(0x53),%1(0x99),%1(0x61) - db %1(0x17),%1(0x2b),%1(0x04),%1(0x7e),%1(0xba),%1(0x77),%1(0xd6),%1(0x26) - db %1(0xe1),%1(0x69),%1(0x14),%1(0x63),%1(0x55),%1(0x21),%1(0x0c),%1(0x7d) -%endmacro - -%define u8(x) f2(x), x, x, f3(x), f2(x), x, x, f3(x) -%define v8(x) fe(x), f9(x), fd(x), fb(x), fe(x), f9(x), fd(x), x -%define w8(x) x, 0, 0, 0, x, 0, 0, 0 - -%define tptr rbp ; table pointer -%define kptr r8 ; key schedule pointer -%define fofs 128 ; adjust offset in key schedule to keep |disp| < 128 -%define fk_ref(x,y) [kptr-16*x+fofs+4*y] -%ifdef AES_REV_DKS -%define rofs 128 -%define ik_ref(x,y) [kptr-16*x+rofs+4*y] -%else -%define rofs -128 -%define ik_ref(x,y) [kptr+16*x+rofs+4*y] -%endif - -%define tab_0(x) [tptr+8*x] -%define tab_1(x) [tptr+8*x+3] -%define tab_2(x) [tptr+8*x+2] -%define tab_3(x) [tptr+8*x+1] -%define tab_f(x) byte [tptr+8*x+1] -%define tab_i(x) byte [tptr+8*x+7] -%define t_ref(x,r) tab_ %+ x(r) - -%macro ff_rnd 5 ; normal forward round - mov %1d, fk_ref(%5,0) - mov %2d, fk_ref(%5,1) - mov %3d, fk_ref(%5,2) - mov %4d, fk_ref(%5,3) - - movzx esi, al - movzx edi, ah - shr eax, 16 - xor %1d, t_ref(0,rsi) - xor %4d, t_ref(1,rdi) - movzx esi, al - movzx edi, ah - xor %3d, t_ref(2,rsi) - xor %2d, t_ref(3,rdi) - - movzx esi, bl - movzx edi, bh - shr ebx, 16 - xor %2d, t_ref(0,rsi) - xor %1d, t_ref(1,rdi) - movzx esi, bl - movzx edi, bh - xor %4d, t_ref(2,rsi) - xor %3d, t_ref(3,rdi) - - movzx esi, cl - movzx edi, ch - shr ecx, 16 - xor %3d, t_ref(0,rsi) - xor %2d, t_ref(1,rdi) - movzx esi, cl - movzx edi, ch - xor %1d, t_ref(2,rsi) - xor %4d, t_ref(3,rdi) - - movzx esi, dl - movzx edi, dh - shr edx, 16 - xor %4d, t_ref(0,rsi) - xor %3d, t_ref(1,rdi) - movzx esi, dl - movzx edi, dh - xor %2d, t_ref(2,rsi) - xor %1d, t_ref(3,rdi) - - mov eax,%1d - mov ebx,%2d - mov ecx,%3d - mov edx,%4d -%endmacro - -%ifdef LAST_ROUND_TABLES - -%macro fl_rnd 5 ; last forward round - add tptr, 2048 - mov %1d, fk_ref(%5,0) - mov %2d, fk_ref(%5,1) - mov %3d, fk_ref(%5,2) - mov %4d, fk_ref(%5,3) - - movzx esi, al - movzx edi, ah - shr eax, 16 - xor %1d, t_ref(0,rsi) - xor %4d, t_ref(1,rdi) - movzx esi, al - movzx edi, ah - xor %3d, t_ref(2,rsi) - xor %2d, t_ref(3,rdi) - - movzx esi, bl - movzx edi, bh - shr ebx, 16 - xor %2d, t_ref(0,rsi) - xor %1d, t_ref(1,rdi) - movzx esi, bl - movzx edi, bh - xor %4d, t_ref(2,rsi) - xor %3d, t_ref(3,rdi) - - movzx esi, cl - movzx edi, ch - shr ecx, 16 - xor %3d, t_ref(0,rsi) - xor %2d, t_ref(1,rdi) - movzx esi, cl - movzx edi, ch - xor %1d, t_ref(2,rsi) - xor %4d, t_ref(3,rdi) - - movzx esi, dl - movzx edi, dh - shr edx, 16 - xor %4d, t_ref(0,rsi) - xor %3d, t_ref(1,rdi) - movzx esi, dl - movzx edi, dh - xor %2d, t_ref(2,rsi) - xor %1d, t_ref(3,rdi) -%endmacro - -%else - -%macro fl_rnd 5 ; last forward round - mov %1d, fk_ref(%5,0) - mov %2d, fk_ref(%5,1) - mov %3d, fk_ref(%5,2) - mov %4d, fk_ref(%5,3) - - movzx esi, al - movzx edi, ah - shr eax, 16 - movzx esi, t_ref(f,rsi) - movzx edi, t_ref(f,rdi) - xor %1d, esi - rol edi, 8 - xor %4d, edi - movzx esi, al - movzx edi, ah - movzx esi, t_ref(f,rsi) - movzx edi, t_ref(f,rdi) - rol esi, 16 - rol edi, 24 - xor %3d, esi - xor %2d, edi - - movzx esi, bl - movzx edi, bh - shr ebx, 16 - movzx esi, t_ref(f,rsi) - movzx edi, t_ref(f,rdi) - xor %2d, esi - rol edi, 8 - xor %1d, edi - movzx esi, bl - movzx edi, bh - movzx esi, t_ref(f,rsi) - movzx edi, t_ref(f,rdi) - rol esi, 16 - rol edi, 24 - xor %4d, esi - xor %3d, edi - - movzx esi, cl - movzx edi, ch - movzx esi, t_ref(f,rsi) - movzx edi, t_ref(f,rdi) - shr ecx, 16 - xor %3d, esi - rol edi, 8 - xor %2d, edi - movzx esi, cl - movzx edi, ch - movzx esi, t_ref(f,rsi) - movzx edi, t_ref(f,rdi) - rol esi, 16 - rol edi, 24 - xor %1d, esi - xor %4d, edi - - movzx esi, dl - movzx edi, dh - movzx esi, t_ref(f,rsi) - movzx edi, t_ref(f,rdi) - shr edx, 16 - xor %4d, esi - rol edi, 8 - xor %3d, edi - movzx esi, dl - movzx edi, dh - movzx esi, t_ref(f,rsi) - movzx edi, t_ref(f,rdi) - rol esi, 16 - rol edi, 24 - xor %2d, esi - xor %1d, edi -%endmacro - -%endif - -%macro ii_rnd 5 ; normal inverse round - mov %1d, ik_ref(%5,0) - mov %2d, ik_ref(%5,1) - mov %3d, ik_ref(%5,2) - mov %4d, ik_ref(%5,3) - - movzx esi, al - movzx edi, ah - shr eax, 16 - xor %1d, t_ref(0,rsi) - xor %2d, t_ref(1,rdi) - movzx esi, al - movzx edi, ah - xor %3d, t_ref(2,rsi) - xor %4d, t_ref(3,rdi) - - movzx esi, bl - movzx edi, bh - shr ebx, 16 - xor %2d, t_ref(0,rsi) - xor %3d, t_ref(1,rdi) - movzx esi, bl - movzx edi, bh - xor %4d, t_ref(2,rsi) - xor %1d, t_ref(3,rdi) - - movzx esi, cl - movzx edi, ch - shr ecx, 16 - xor %3d, t_ref(0,rsi) - xor %4d, t_ref(1,rdi) - movzx esi, cl - movzx edi, ch - xor %1d, t_ref(2,rsi) - xor %2d, t_ref(3,rdi) - - movzx esi, dl - movzx edi, dh - shr edx, 16 - xor %4d, t_ref(0,rsi) - xor %1d, t_ref(1,rdi) - movzx esi, dl - movzx edi, dh - xor %2d, t_ref(2,rsi) - xor %3d, t_ref(3,rdi) - - mov eax,%1d - mov ebx,%2d - mov ecx,%3d - mov edx,%4d -%endmacro - -%ifdef LAST_ROUND_TABLES - -%macro il_rnd 5 ; last inverse round - add tptr, 2048 - mov %1d, ik_ref(%5,0) - mov %2d, ik_ref(%5,1) - mov %3d, ik_ref(%5,2) - mov %4d, ik_ref(%5,3) - - movzx esi, al - movzx edi, ah - shr eax, 16 - xor %1d, t_ref(0,rsi) - xor %2d, t_ref(1,rdi) - movzx esi, al - movzx edi, ah - xor %3d, t_ref(2,rsi) - xor %4d, t_ref(3,rdi) - - movzx esi, bl - movzx edi, bh - shr ebx, 16 - xor %2d, t_ref(0,rsi) - xor %3d, t_ref(1,rdi) - movzx esi, bl - movzx edi, bh - xor %4d, t_ref(2,rsi) - xor %1d, t_ref(3,rdi) - - movzx esi, cl - movzx edi, ch - shr ecx, 16 - xor %3d, t_ref(0,rsi) - xor %4d, t_ref(1,rdi) - movzx esi, cl - movzx edi, ch - xor %1d, t_ref(2,rsi) - xor %2d, t_ref(3,rdi) - - movzx esi, dl - movzx edi, dh - shr edx, 16 - xor %4d, t_ref(0,rsi) - xor %1d, t_ref(1,rdi) - movzx esi, dl - movzx edi, dh - xor %2d, t_ref(2,rsi) - xor %3d, t_ref(3,rdi) -%endmacro - -%else - -%macro il_rnd 5 ; last inverse round - mov %1d, ik_ref(%5,0) - mov %2d, ik_ref(%5,1) - mov %3d, ik_ref(%5,2) - mov %4d, ik_ref(%5,3) - - movzx esi, al - movzx edi, ah - movzx esi, t_ref(i,rsi) - movzx edi, t_ref(i,rdi) - shr eax, 16 - xor %1d, esi - rol edi, 8 - xor %2d, edi - movzx esi, al - movzx edi, ah - movzx esi, t_ref(i,rsi) - movzx edi, t_ref(i,rdi) - rol esi, 16 - rol edi, 24 - xor %3d, esi - xor %4d, edi - - movzx esi, bl - movzx edi, bh - movzx esi, t_ref(i,rsi) - movzx edi, t_ref(i,rdi) - shr ebx, 16 - xor %2d, esi - rol edi, 8 - xor %3d, edi - movzx esi, bl - movzx edi, bh - movzx esi, t_ref(i,rsi) - movzx edi, t_ref(i,rdi) - rol esi, 16 - rol edi, 24 - xor %4d, esi - xor %1d, edi - - movzx esi, cl - movzx edi, ch - movzx esi, t_ref(i,rsi) - movzx edi, t_ref(i,rdi) - shr ecx, 16 - xor %3d, esi - rol edi, 8 - xor %4d, edi - movzx esi, cl - movzx edi, ch - movzx esi, t_ref(i,rsi) - movzx edi, t_ref(i,rdi) - rol esi, 16 - rol edi, 24 - xor %1d, esi - xor %2d, edi - - movzx esi, dl - movzx edi, dh - movzx esi, t_ref(i,rsi) - movzx edi, t_ref(i,rdi) - shr edx, 16 - xor %4d, esi - rol edi, 8 - xor %1d, edi - movzx esi, dl - movzx edi, dh - movzx esi, t_ref(i,rsi) - movzx edi, t_ref(i,rdi) - rol esi, 16 - rol edi, 24 - xor %2d, esi - xor %3d, edi -%endmacro - -%endif - -%ifdef ENCRYPTION - - global aes_encrypt -%ifdef DLL_EXPORT - export aes_encrypt -%endif - - section .data align=64 - align 64 -enc_tab: - enc_vals u8 -%ifdef LAST_ROUND_TABLES - enc_vals w8 -%endif - - section .text align=16 - align 16 - -%ifdef _SEH_ -proc_frame aes_encrypt - alloc_stack 7*8 ; 7 to align stack to 16 bytes - save_reg rsi,4*8 - save_reg rdi,5*8 - save_reg rbx,1*8 - save_reg rbp,2*8 - save_reg r12,3*8 -end_prologue - mov rdi, rcx ; input pointer - mov [rsp+0*8], rdx ; output pointer -%else - aes_encrypt: - %ifdef __GNUC__ - sub rsp, 4*8 ; gnu/linux binary interface - mov [rsp+0*8], rsi ; output pointer - mov r8, rdx ; context - %else - sub rsp, 6*8 ; windows binary interface - mov [rsp+4*8], rsi - mov [rsp+5*8], rdi - mov rdi, rcx ; input pointer - mov [rsp+0*8], rdx ; output pointer - %endif - mov [rsp+1*8], rbx ; input pointer in rdi - mov [rsp+2*8], rbp ; output pointer in [rsp] - mov [rsp+3*8], r12 ; context in r8 -%endif - - movzx esi, byte [kptr+4*KS_LENGTH] - lea tptr,[enc_tab wrt rip] - sub kptr, fofs - - mov eax, [rdi+0*4] - mov ebx, [rdi+1*4] - mov ecx, [rdi+2*4] - mov edx, [rdi+3*4] - - xor eax, [kptr+fofs] - xor ebx, [kptr+fofs+4] - xor ecx, [kptr+fofs+8] - xor edx, [kptr+fofs+12] - - lea kptr,[kptr+rsi] - cmp esi, 10*16 - je .3 - cmp esi, 12*16 - je .2 - cmp esi, 14*16 - je .1 - mov rax, -1 - jmp .4 - -.1: ff_rnd r9, r10, r11, r12, 13 - ff_rnd r9, r10, r11, r12, 12 -.2: ff_rnd r9, r10, r11, r12, 11 - ff_rnd r9, r10, r11, r12, 10 -.3: ff_rnd r9, r10, r11, r12, 9 - ff_rnd r9, r10, r11, r12, 8 - ff_rnd r9, r10, r11, r12, 7 - ff_rnd r9, r10, r11, r12, 6 - ff_rnd r9, r10, r11, r12, 5 - ff_rnd r9, r10, r11, r12, 4 - ff_rnd r9, r10, r11, r12, 3 - ff_rnd r9, r10, r11, r12, 2 - ff_rnd r9, r10, r11, r12, 1 - fl_rnd r9, r10, r11, r12, 0 - - mov rbx, [rsp] - mov [rbx], r9d - mov [rbx+4], r10d - mov [rbx+8], r11d - mov [rbx+12], r12d - xor rax, rax -.4: - mov rbx, [rsp+1*8] - mov rbp, [rsp+2*8] - mov r12, [rsp+3*8] -%ifdef __GNUC__ - add rsp, 4*8 - ret -%else - mov rsi, [rsp+4*8] - mov rdi, [rsp+5*8] - %ifdef _SEH_ - add rsp, 7*8 - ret - endproc_frame - %else - add rsp, 6*8 - ret - %endif -%endif - -%endif - -%ifdef DECRYPTION - - global aes_decrypt -%ifdef DLL_EXPORT - export aes_decrypt -%endif - - section .data - align 64 -dec_tab: - dec_vals v8 -%ifdef LAST_ROUND_TABLES - dec_vals w8 -%endif - - section .text - align 16 - -%ifdef _SEH_ -proc_frame aes_decrypt - alloc_stack 7*8 ; 7 to align stack to 16 bytes - save_reg rsi,4*8 - save_reg rdi,5*8 - save_reg rbx,1*8 - save_reg rbp,2*8 - save_reg r12,3*8 -end_prologue - mov rdi, rcx ; input pointer - mov [rsp+0*8], rdx ; output pointer -%else - aes_decrypt: - %ifdef __GNUC__ - sub rsp, 4*8 ; gnu/linux binary interface - mov [rsp+0*8], rsi ; output pointer - mov r8, rdx ; context - %else - sub rsp, 6*8 ; windows binary interface - mov [rsp+4*8], rsi - mov [rsp+5*8], rdi - mov rdi, rcx ; input pointer - mov [rsp+0*8], rdx ; output pointer - %endif - mov [rsp+1*8], rbx ; input pointer in rdi - mov [rsp+2*8], rbp ; output pointer in [rsp] - mov [rsp+3*8], r12 ; context in r8 -%endif - - movzx esi,byte[kptr+4*KS_LENGTH] - lea tptr,[dec_tab wrt rip] - sub kptr, rofs - - mov eax, [rdi+0*4] - mov ebx, [rdi+1*4] - mov ecx, [rdi+2*4] - mov edx, [rdi+3*4] - -%ifdef AES_REV_DKS - mov rdi, kptr - lea kptr,[kptr+rsi] -%else - lea rdi,[kptr+rsi] -%endif - - xor eax, [rdi+rofs] - xor ebx, [rdi+rofs+4] - xor ecx, [rdi+rofs+8] - xor edx, [rdi+rofs+12] - - cmp esi, 10*16 - je .3 - cmp esi, 12*16 - je .2 - cmp esi, 14*16 - je .1 - mov rax, -1 - jmp .4 - -.1: ii_rnd r9, r10, r11, r12, 13 - ii_rnd r9, r10, r11, r12, 12 -.2: ii_rnd r9, r10, r11, r12, 11 - ii_rnd r9, r10, r11, r12, 10 -.3: ii_rnd r9, r10, r11, r12, 9 - ii_rnd r9, r10, r11, r12, 8 - ii_rnd r9, r10, r11, r12, 7 - ii_rnd r9, r10, r11, r12, 6 - ii_rnd r9, r10, r11, r12, 5 - ii_rnd r9, r10, r11, r12, 4 - ii_rnd r9, r10, r11, r12, 3 - ii_rnd r9, r10, r11, r12, 2 - ii_rnd r9, r10, r11, r12, 1 - il_rnd r9, r10, r11, r12, 0 - - mov rbx, [rsp] - mov [rbx], r9d - mov [rbx+4], r10d - mov [rbx+8], r11d - mov [rbx+12], r12d - xor rax, rax -.4: mov rbx, [rsp+1*8] - mov rbp, [rsp+2*8] - mov r12, [rsp+3*8] -%ifdef __GNUC__ - add rsp, 4*8 - ret -%else - mov rsi, [rsp+4*8] - mov rdi, [rsp+5*8] - %ifdef _SEH_ - add rsp, 7*8 - ret - endproc_frame - %else - add rsp, 6*8 - ret - %endif -%endif - -%endif - - end diff --git a/src/java/kp2akeytransform/jni/aes/aes_modes.c b/src/java/kp2akeytransform/jni/aes/aes_modes.c deleted file mode 100644 index 29f197636..000000000 --- a/src/java/kp2akeytransform/jni/aes/aes_modes.c +++ /dev/null @@ -1,945 +0,0 @@ -/* - --------------------------------------------------------------------------- - Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved. - - LICENSE TERMS - - The redistribution and use of this software (with or without changes) - is allowed without the payment of fees or royalties provided that: - - 1. source code distributions include the above copyright notice, this - list of conditions and the following disclaimer; - - 2. binary distributions include the above copyright notice, this list - of conditions and the following disclaimer in their documentation; - - 3. the name of the copyright holder is not used to endorse products - built using this software without specific written permission. - - DISCLAIMER - - This software is provided 'as is' with no explicit or implied warranties - in respect of its properties, including, but not limited to, correctness - and/or fitness for purpose. - --------------------------------------------------------------------------- - Issue Date: 20/12/2007 - - These subroutines implement multiple block AES modes for ECB, CBC, CFB, - OFB and CTR encryption, The code provides support for the VIA Advanced - Cryptography Engine (ACE). - - NOTE: In the following subroutines, the AES contexts (ctx) must be - 16 byte aligned if VIA ACE is being used -*/ - -#include -#include - -#include "aesopt.h" - -#if defined( AES_MODES ) -#if defined(__cplusplus) -extern "C" -{ -#endif - -#if defined( _MSC_VER ) && ( _MSC_VER > 800 ) -#pragma intrinsic(memcpy) -#endif - -#define BFR_BLOCKS 8 - -/* These values are used to detect long word alignment in order to */ -/* speed up some buffer operations. This facility may not work on */ -/* some machines so this define can be commented out if necessary */ - -#define FAST_BUFFER_OPERATIONS - -#define lp32(x) ((uint_32t*)(x)) - -#if defined( USE_VIA_ACE_IF_PRESENT ) - -#include "aes_via_ace.h" - -#pragma pack(16) - -aligned_array(unsigned long, enc_gen_table, 12, 16) = NEH_ENC_GEN_DATA; -aligned_array(unsigned long, enc_load_table, 12, 16) = NEH_ENC_LOAD_DATA; -aligned_array(unsigned long, enc_hybrid_table, 12, 16) = NEH_ENC_HYBRID_DATA; -aligned_array(unsigned long, dec_gen_table, 12, 16) = NEH_DEC_GEN_DATA; -aligned_array(unsigned long, dec_load_table, 12, 16) = NEH_DEC_LOAD_DATA; -aligned_array(unsigned long, dec_hybrid_table, 12, 16) = NEH_DEC_HYBRID_DATA; - -/* NOTE: These control word macros must only be used after */ -/* a key has been set up because they depend on key size */ - -#if NEH_KEY_TYPE == NEH_LOAD -#define kd_adr(c) ((uint_8t*)(c)->ks) -#elif NEH_KEY_TYPE == NEH_GENERATE -#define kd_adr(c) ((uint_8t*)(c)->ks + (c)->inf.b[0]) -#else -#define kd_adr(c) ((uint_8t*)(c)->ks + ((c)->inf.b[0] == 160 ? 160 : 0)) -#endif - -#else - -#define aligned_array(type, name, no, stride) type name[no] -#define aligned_auto(type, name, no, stride) type name[no] - -#endif - -#if defined( _MSC_VER ) && _MSC_VER > 1200 - -#define via_cwd(cwd, ty, dir, len) \ - unsigned long* cwd = (dir##_##ty##_table + ((len - 128) >> 4)) - -#else - -#define via_cwd(cwd, ty, dir, len) \ - aligned_auto(unsigned long, cwd, 4, 16); \ - cwd[1] = cwd[2] = cwd[3] = 0; \ - cwd[0] = neh_##dir##_##ty##_key(len) - -#endif - -/* test the code for detecting and setting pointer alignment */ - -AES_RETURN aes_test_alignment_detection(unsigned int n) /* 4 <= n <= 16 */ -{ uint_8t p[16]; - uint_32t i, count_eq = 0, count_neq = 0; - - if(n < 4 || n > 16) - return EXIT_FAILURE; - - for(i = 0; i < n; ++i) - { - uint_8t *qf = ALIGN_FLOOR(p + i, n), - *qh = ALIGN_CEIL(p + i, n); - - if(qh == qf) - ++count_eq; - else if(qh == qf + n) - ++count_neq; - else - return EXIT_FAILURE; - } - return (count_eq != 1 || count_neq != n - 1 ? EXIT_FAILURE : EXIT_SUCCESS); -} - -AES_RETURN aes_mode_reset(aes_encrypt_ctx ctx[1]) -{ - ctx->inf.b[2] = 0; - return EXIT_SUCCESS; -} - -AES_RETURN aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, const aes_encrypt_ctx ctx[1]) -{ int nb = len >> 4; - - if(len & (AES_BLOCK_SIZE - 1)) - return EXIT_FAILURE; - -#if defined( USE_VIA_ACE_IF_PRESENT ) - - if(ctx->inf.b[1] == 0xff) - { uint_8t *ksp = (uint_8t*)(ctx->ks); - via_cwd(cwd, hybrid, enc, 2 * ctx->inf.b[0] - 192); - - if(ALIGN_OFFSET( ctx, 16 )) - return EXIT_FAILURE; - - if(!ALIGN_OFFSET( ibuf, 16 ) && !ALIGN_OFFSET( obuf, 16 )) - { - via_ecb_op5(ksp, cwd, ibuf, obuf, nb); - } - else - { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16); - uint_8t *ip, *op; - - while(nb) - { - int m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb); - - ip = (ALIGN_OFFSET( ibuf, 16 ) ? buf : ibuf); - op = (ALIGN_OFFSET( obuf, 16 ) ? buf : obuf); - - if(ip != ibuf) - memcpy(buf, ibuf, m * AES_BLOCK_SIZE); - - via_ecb_op5(ksp, cwd, ip, op, m); - - if(op != obuf) - memcpy(obuf, buf, m * AES_BLOCK_SIZE); - - ibuf += m * AES_BLOCK_SIZE; - obuf += m * AES_BLOCK_SIZE; - nb -= m; - } - } - - return EXIT_SUCCESS; - } - -#endif - -#if !defined( ASSUME_VIA_ACE_PRESENT ) - while(nb--) - { - if(aes_encrypt(ibuf, obuf, ctx) != EXIT_SUCCESS) - return EXIT_FAILURE; - ibuf += AES_BLOCK_SIZE; - obuf += AES_BLOCK_SIZE; - } -#endif - return EXIT_SUCCESS; -} - -AES_RETURN aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, const aes_decrypt_ctx ctx[1]) -{ int nb = len >> 4; - - if(len & (AES_BLOCK_SIZE - 1)) - return EXIT_FAILURE; - -#if defined( USE_VIA_ACE_IF_PRESENT ) - - if(ctx->inf.b[1] == 0xff) - { uint_8t *ksp = kd_adr(ctx); - via_cwd(cwd, hybrid, dec, 2 * ctx->inf.b[0] - 192); - - if(ALIGN_OFFSET( ctx, 16 )) - return EXIT_FAILURE; - - if(!ALIGN_OFFSET( ibuf, 16 ) && !ALIGN_OFFSET( obuf, 16 )) - { - via_ecb_op5(ksp, cwd, ibuf, obuf, nb); - } - else - { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16); - uint_8t *ip, *op; - - while(nb) - { - int m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb); - - ip = (ALIGN_OFFSET( ibuf, 16 ) ? buf : ibuf); - op = (ALIGN_OFFSET( obuf, 16 ) ? buf : obuf); - - if(ip != ibuf) - memcpy(buf, ibuf, m * AES_BLOCK_SIZE); - - via_ecb_op5(ksp, cwd, ip, op, m); - - if(op != obuf) - memcpy(obuf, buf, m * AES_BLOCK_SIZE); - - ibuf += m * AES_BLOCK_SIZE; - obuf += m * AES_BLOCK_SIZE; - nb -= m; - } - } - - return EXIT_SUCCESS; - } - -#endif - -#if !defined( ASSUME_VIA_ACE_PRESENT ) - while(nb--) - { - if(aes_decrypt(ibuf, obuf, ctx) != EXIT_SUCCESS) - return EXIT_FAILURE; - ibuf += AES_BLOCK_SIZE; - obuf += AES_BLOCK_SIZE; - } -#endif - return EXIT_SUCCESS; -} - -AES_RETURN aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, const aes_encrypt_ctx ctx[1]) -{ int nb = len >> 4; - - if(len & (AES_BLOCK_SIZE - 1)) - return EXIT_FAILURE; - -#if defined( USE_VIA_ACE_IF_PRESENT ) - - if(ctx->inf.b[1] == 0xff) - { uint_8t *ksp = (uint_8t*)(ctx->ks), *ivp = iv; - aligned_auto(uint_8t, liv, AES_BLOCK_SIZE, 16); - via_cwd(cwd, hybrid, enc, 2 * ctx->inf.b[0] - 192); - - if(ALIGN_OFFSET( ctx, 16 )) - return EXIT_FAILURE; - - if(ALIGN_OFFSET( iv, 16 )) /* ensure an aligned iv */ - { - ivp = liv; - memcpy(liv, iv, AES_BLOCK_SIZE); - } - - if(!ALIGN_OFFSET( ibuf, 16 ) && !ALIGN_OFFSET( obuf, 16 ) && !ALIGN_OFFSET( iv, 16 )) - { - via_cbc_op7(ksp, cwd, ibuf, obuf, nb, ivp, ivp); - } - else - { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16); - uint_8t *ip, *op; - - while(nb) - { - int m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb); - - ip = (ALIGN_OFFSET( ibuf, 16 ) ? buf : ibuf); - op = (ALIGN_OFFSET( obuf, 16 ) ? buf : obuf); - - if(ip != ibuf) - memcpy(buf, ibuf, m * AES_BLOCK_SIZE); - - via_cbc_op7(ksp, cwd, ip, op, m, ivp, ivp); - - if(op != obuf) - memcpy(obuf, buf, m * AES_BLOCK_SIZE); - - ibuf += m * AES_BLOCK_SIZE; - obuf += m * AES_BLOCK_SIZE; - nb -= m; - } - } - - if(iv != ivp) - memcpy(iv, ivp, AES_BLOCK_SIZE); - - return EXIT_SUCCESS; - } - -#endif - -#if !defined( ASSUME_VIA_ACE_PRESENT ) -# ifdef FAST_BUFFER_OPERATIONS - if(!ALIGN_OFFSET( ibuf, 4 ) && !ALIGN_OFFSET( iv, 4 )) - while(nb--) - { - lp32(iv)[0] ^= lp32(ibuf)[0]; - lp32(iv)[1] ^= lp32(ibuf)[1]; - lp32(iv)[2] ^= lp32(ibuf)[2]; - lp32(iv)[3] ^= lp32(ibuf)[3]; - if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS) - return EXIT_FAILURE; - memcpy(obuf, iv, AES_BLOCK_SIZE); - ibuf += AES_BLOCK_SIZE; - obuf += AES_BLOCK_SIZE; - } - else -# endif - while(nb--) - { - iv[ 0] ^= ibuf[ 0]; iv[ 1] ^= ibuf[ 1]; - iv[ 2] ^= ibuf[ 2]; iv[ 3] ^= ibuf[ 3]; - iv[ 4] ^= ibuf[ 4]; iv[ 5] ^= ibuf[ 5]; - iv[ 6] ^= ibuf[ 6]; iv[ 7] ^= ibuf[ 7]; - iv[ 8] ^= ibuf[ 8]; iv[ 9] ^= ibuf[ 9]; - iv[10] ^= ibuf[10]; iv[11] ^= ibuf[11]; - iv[12] ^= ibuf[12]; iv[13] ^= ibuf[13]; - iv[14] ^= ibuf[14]; iv[15] ^= ibuf[15]; - if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS) - return EXIT_FAILURE; - memcpy(obuf, iv, AES_BLOCK_SIZE); - ibuf += AES_BLOCK_SIZE; - obuf += AES_BLOCK_SIZE; - } -#endif - return EXIT_SUCCESS; -} - -AES_RETURN aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, const aes_decrypt_ctx ctx[1]) -{ unsigned char tmp[AES_BLOCK_SIZE]; - int nb = len >> 4; - - if(len & (AES_BLOCK_SIZE - 1)) - return EXIT_FAILURE; - -#if defined( USE_VIA_ACE_IF_PRESENT ) - - if(ctx->inf.b[1] == 0xff) - { uint_8t *ksp = kd_adr(ctx), *ivp = iv; - aligned_auto(uint_8t, liv, AES_BLOCK_SIZE, 16); - via_cwd(cwd, hybrid, dec, 2 * ctx->inf.b[0] - 192); - - if(ALIGN_OFFSET( ctx, 16 )) - return EXIT_FAILURE; - - if(ALIGN_OFFSET( iv, 16 )) /* ensure an aligned iv */ - { - ivp = liv; - memcpy(liv, iv, AES_BLOCK_SIZE); - } - - if(!ALIGN_OFFSET( ibuf, 16 ) && !ALIGN_OFFSET( obuf, 16 ) && !ALIGN_OFFSET( iv, 16 )) - { - via_cbc_op6(ksp, cwd, ibuf, obuf, nb, ivp); - } - else - { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16); - uint_8t *ip, *op; - - while(nb) - { - int m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb); - - ip = (ALIGN_OFFSET( ibuf, 16 ) ? buf : ibuf); - op = (ALIGN_OFFSET( obuf, 16 ) ? buf : obuf); - - if(ip != ibuf) - memcpy(buf, ibuf, m * AES_BLOCK_SIZE); - - via_cbc_op6(ksp, cwd, ip, op, m, ivp); - - if(op != obuf) - memcpy(obuf, buf, m * AES_BLOCK_SIZE); - - ibuf += m * AES_BLOCK_SIZE; - obuf += m * AES_BLOCK_SIZE; - nb -= m; - } - } - - if(iv != ivp) - memcpy(iv, ivp, AES_BLOCK_SIZE); - - return EXIT_SUCCESS; - } -#endif - -#if !defined( ASSUME_VIA_ACE_PRESENT ) -# ifdef FAST_BUFFER_OPERATIONS - if(!ALIGN_OFFSET( obuf, 4 ) && !ALIGN_OFFSET( iv, 4 )) - while(nb--) - { - memcpy(tmp, ibuf, AES_BLOCK_SIZE); - if(aes_decrypt(ibuf, obuf, ctx) != EXIT_SUCCESS) - return EXIT_FAILURE; - lp32(obuf)[0] ^= lp32(iv)[0]; - lp32(obuf)[1] ^= lp32(iv)[1]; - lp32(obuf)[2] ^= lp32(iv)[2]; - lp32(obuf)[3] ^= lp32(iv)[3]; - memcpy(iv, tmp, AES_BLOCK_SIZE); - ibuf += AES_BLOCK_SIZE; - obuf += AES_BLOCK_SIZE; - } - else -# endif - while(nb--) - { - memcpy(tmp, ibuf, AES_BLOCK_SIZE); - if(aes_decrypt(ibuf, obuf, ctx) != EXIT_SUCCESS) - return EXIT_FAILURE; - obuf[ 0] ^= iv[ 0]; obuf[ 1] ^= iv[ 1]; - obuf[ 2] ^= iv[ 2]; obuf[ 3] ^= iv[ 3]; - obuf[ 4] ^= iv[ 4]; obuf[ 5] ^= iv[ 5]; - obuf[ 6] ^= iv[ 6]; obuf[ 7] ^= iv[ 7]; - obuf[ 8] ^= iv[ 8]; obuf[ 9] ^= iv[ 9]; - obuf[10] ^= iv[10]; obuf[11] ^= iv[11]; - obuf[12] ^= iv[12]; obuf[13] ^= iv[13]; - obuf[14] ^= iv[14]; obuf[15] ^= iv[15]; - memcpy(iv, tmp, AES_BLOCK_SIZE); - ibuf += AES_BLOCK_SIZE; - obuf += AES_BLOCK_SIZE; - } -#endif - return EXIT_SUCCESS; -} - -AES_RETURN aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, aes_encrypt_ctx ctx[1]) -{ int cnt = 0, b_pos = (int)ctx->inf.b[2], nb; - - if(b_pos) /* complete any partial block */ - { - while(b_pos < AES_BLOCK_SIZE && cnt < len) - { - *obuf++ = (iv[b_pos++] ^= *ibuf++); - cnt++; - } - - b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos); - } - - if((nb = (len - cnt) >> 4) != 0) /* process whole blocks */ - { -#if defined( USE_VIA_ACE_IF_PRESENT ) - - if(ctx->inf.b[1] == 0xff) - { int m; - uint_8t *ksp = (uint_8t*)(ctx->ks), *ivp = iv; - aligned_auto(uint_8t, liv, AES_BLOCK_SIZE, 16); - via_cwd(cwd, hybrid, enc, 2 * ctx->inf.b[0] - 192); - - if(ALIGN_OFFSET( ctx, 16 )) - return EXIT_FAILURE; - - if(ALIGN_OFFSET( iv, 16 )) /* ensure an aligned iv */ - { - ivp = liv; - memcpy(liv, iv, AES_BLOCK_SIZE); - } - - if(!ALIGN_OFFSET( ibuf, 16 ) && !ALIGN_OFFSET( obuf, 16 )) - { - via_cfb_op7(ksp, cwd, ibuf, obuf, nb, ivp, ivp); - ibuf += nb * AES_BLOCK_SIZE; - obuf += nb * AES_BLOCK_SIZE; - cnt += nb * AES_BLOCK_SIZE; - } - else /* input, output or both are unaligned */ - { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16); - uint_8t *ip, *op; - - while(nb) - { - m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb), nb -= m; - - ip = (ALIGN_OFFSET( ibuf, 16 ) ? buf : ibuf); - op = (ALIGN_OFFSET( obuf, 16 ) ? buf : obuf); - - if(ip != ibuf) - memcpy(buf, ibuf, m * AES_BLOCK_SIZE); - - via_cfb_op7(ksp, cwd, ip, op, m, ivp, ivp); - - if(op != obuf) - memcpy(obuf, buf, m * AES_BLOCK_SIZE); - - ibuf += m * AES_BLOCK_SIZE; - obuf += m * AES_BLOCK_SIZE; - cnt += m * AES_BLOCK_SIZE; - } - } - - if(ivp != iv) - memcpy(iv, ivp, AES_BLOCK_SIZE); - } -#else -# ifdef FAST_BUFFER_OPERATIONS - if(!ALIGN_OFFSET( ibuf, 4 ) && !ALIGN_OFFSET( obuf, 4 ) && !ALIGN_OFFSET( iv, 4 )) - while(cnt + AES_BLOCK_SIZE <= len) - { - assert(b_pos == 0); - if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS) - return EXIT_FAILURE; - lp32(obuf)[0] = lp32(iv)[0] ^= lp32(ibuf)[0]; - lp32(obuf)[1] = lp32(iv)[1] ^= lp32(ibuf)[1]; - lp32(obuf)[2] = lp32(iv)[2] ^= lp32(ibuf)[2]; - lp32(obuf)[3] = lp32(iv)[3] ^= lp32(ibuf)[3]; - ibuf += AES_BLOCK_SIZE; - obuf += AES_BLOCK_SIZE; - cnt += AES_BLOCK_SIZE; - } - else -# endif - while(cnt + AES_BLOCK_SIZE <= len) - { - assert(b_pos == 0); - if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS) - return EXIT_FAILURE; - obuf[ 0] = iv[ 0] ^= ibuf[ 0]; obuf[ 1] = iv[ 1] ^= ibuf[ 1]; - obuf[ 2] = iv[ 2] ^= ibuf[ 2]; obuf[ 3] = iv[ 3] ^= ibuf[ 3]; - obuf[ 4] = iv[ 4] ^= ibuf[ 4]; obuf[ 5] = iv[ 5] ^= ibuf[ 5]; - obuf[ 6] = iv[ 6] ^= ibuf[ 6]; obuf[ 7] = iv[ 7] ^= ibuf[ 7]; - obuf[ 8] = iv[ 8] ^= ibuf[ 8]; obuf[ 9] = iv[ 9] ^= ibuf[ 9]; - obuf[10] = iv[10] ^= ibuf[10]; obuf[11] = iv[11] ^= ibuf[11]; - obuf[12] = iv[12] ^= ibuf[12]; obuf[13] = iv[13] ^= ibuf[13]; - obuf[14] = iv[14] ^= ibuf[14]; obuf[15] = iv[15] ^= ibuf[15]; - ibuf += AES_BLOCK_SIZE; - obuf += AES_BLOCK_SIZE; - cnt += AES_BLOCK_SIZE; - } -#endif - } - - while(cnt < len) - { - if(!b_pos && aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS) - return EXIT_FAILURE; - - while(cnt < len && b_pos < AES_BLOCK_SIZE) - { - *obuf++ = (iv[b_pos++] ^= *ibuf++); - cnt++; - } - - b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos); - } - - ctx->inf.b[2] = (uint_8t)b_pos; - return EXIT_SUCCESS; -} - -AES_RETURN aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, aes_encrypt_ctx ctx[1]) -{ int cnt = 0, b_pos = (int)ctx->inf.b[2], nb; - - if(b_pos) /* complete any partial block */ - { uint_8t t; - - while(b_pos < AES_BLOCK_SIZE && cnt < len) - { - t = *ibuf++; - *obuf++ = t ^ iv[b_pos]; - iv[b_pos++] = t; - cnt++; - } - - b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos); - } - - if((nb = (len - cnt) >> 4) != 0) /* process whole blocks */ - { -#if defined( USE_VIA_ACE_IF_PRESENT ) - - if(ctx->inf.b[1] == 0xff) - { int m; - uint_8t *ksp = (uint_8t*)(ctx->ks), *ivp = iv; - aligned_auto(uint_8t, liv, AES_BLOCK_SIZE, 16); - via_cwd(cwd, hybrid, dec, 2 * ctx->inf.b[0] - 192); - - if(ALIGN_OFFSET( ctx, 16 )) - return EXIT_FAILURE; - - if(ALIGN_OFFSET( iv, 16 )) /* ensure an aligned iv */ - { - ivp = liv; - memcpy(liv, iv, AES_BLOCK_SIZE); - } - - if(!ALIGN_OFFSET( ibuf, 16 ) && !ALIGN_OFFSET( obuf, 16 )) - { - via_cfb_op6(ksp, cwd, ibuf, obuf, nb, ivp); - ibuf += nb * AES_BLOCK_SIZE; - obuf += nb * AES_BLOCK_SIZE; - cnt += nb * AES_BLOCK_SIZE; - } - else /* input, output or both are unaligned */ - { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16); - uint_8t *ip, *op; - - while(nb) - { - m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb), nb -= m; - - ip = (ALIGN_OFFSET( ibuf, 16 ) ? buf : ibuf); - op = (ALIGN_OFFSET( obuf, 16 ) ? buf : obuf); - - if(ip != ibuf) /* input buffer is not aligned */ - memcpy(buf, ibuf, m * AES_BLOCK_SIZE); - - via_cfb_op6(ksp, cwd, ip, op, m, ivp); - - if(op != obuf) /* output buffer is not aligned */ - memcpy(obuf, buf, m * AES_BLOCK_SIZE); - - ibuf += m * AES_BLOCK_SIZE; - obuf += m * AES_BLOCK_SIZE; - cnt += m * AES_BLOCK_SIZE; - } - } - - if(ivp != iv) - memcpy(iv, ivp, AES_BLOCK_SIZE); - } -#else -# ifdef FAST_BUFFER_OPERATIONS - if(!ALIGN_OFFSET( ibuf, 4 ) && !ALIGN_OFFSET( obuf, 4 ) &&!ALIGN_OFFSET( iv, 4 )) - while(cnt + AES_BLOCK_SIZE <= len) - { uint_32t t; - - assert(b_pos == 0); - if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS) - return EXIT_FAILURE; - t = lp32(ibuf)[0], lp32(obuf)[0] = t ^ lp32(iv)[0], lp32(iv)[0] = t; - t = lp32(ibuf)[1], lp32(obuf)[1] = t ^ lp32(iv)[1], lp32(iv)[1] = t; - t = lp32(ibuf)[2], lp32(obuf)[2] = t ^ lp32(iv)[2], lp32(iv)[2] = t; - t = lp32(ibuf)[3], lp32(obuf)[3] = t ^ lp32(iv)[3], lp32(iv)[3] = t; - ibuf += AES_BLOCK_SIZE; - obuf += AES_BLOCK_SIZE; - cnt += AES_BLOCK_SIZE; - } - else -# endif - while(cnt + AES_BLOCK_SIZE <= len) - { uint_8t t; - - assert(b_pos == 0); - if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS) - return EXIT_FAILURE; - t = ibuf[ 0], obuf[ 0] = t ^ iv[ 0], iv[ 0] = t; - t = ibuf[ 1], obuf[ 1] = t ^ iv[ 1], iv[ 1] = t; - t = ibuf[ 2], obuf[ 2] = t ^ iv[ 2], iv[ 2] = t; - t = ibuf[ 3], obuf[ 3] = t ^ iv[ 3], iv[ 3] = t; - t = ibuf[ 4], obuf[ 4] = t ^ iv[ 4], iv[ 4] = t; - t = ibuf[ 5], obuf[ 5] = t ^ iv[ 5], iv[ 5] = t; - t = ibuf[ 6], obuf[ 6] = t ^ iv[ 6], iv[ 6] = t; - t = ibuf[ 7], obuf[ 7] = t ^ iv[ 7], iv[ 7] = t; - t = ibuf[ 8], obuf[ 8] = t ^ iv[ 8], iv[ 8] = t; - t = ibuf[ 9], obuf[ 9] = t ^ iv[ 9], iv[ 9] = t; - t = ibuf[10], obuf[10] = t ^ iv[10], iv[10] = t; - t = ibuf[11], obuf[11] = t ^ iv[11], iv[11] = t; - t = ibuf[12], obuf[12] = t ^ iv[12], iv[12] = t; - t = ibuf[13], obuf[13] = t ^ iv[13], iv[13] = t; - t = ibuf[14], obuf[14] = t ^ iv[14], iv[14] = t; - t = ibuf[15], obuf[15] = t ^ iv[15], iv[15] = t; - ibuf += AES_BLOCK_SIZE; - obuf += AES_BLOCK_SIZE; - cnt += AES_BLOCK_SIZE; - } -#endif - } - - while(cnt < len) - { uint_8t t; - - if(!b_pos && aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS) - return EXIT_FAILURE; - - while(cnt < len && b_pos < AES_BLOCK_SIZE) - { - t = *ibuf++; - *obuf++ = t ^ iv[b_pos]; - iv[b_pos++] = t; - cnt++; - } - - b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos); - } - - ctx->inf.b[2] = (uint_8t)b_pos; - return EXIT_SUCCESS; -} - -AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, aes_encrypt_ctx ctx[1]) -{ int cnt = 0, b_pos = (int)ctx->inf.b[2], nb; - - if(b_pos) /* complete any partial block */ - { - while(b_pos < AES_BLOCK_SIZE && cnt < len) - { - *obuf++ = iv[b_pos++] ^ *ibuf++; - cnt++; - } - - b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos); - } - - if((nb = (len - cnt) >> 4) != 0) /* process whole blocks */ - { -#if defined( USE_VIA_ACE_IF_PRESENT ) - - if(ctx->inf.b[1] == 0xff) - { int m; - uint_8t *ksp = (uint_8t*)(ctx->ks), *ivp = iv; - aligned_auto(uint_8t, liv, AES_BLOCK_SIZE, 16); - via_cwd(cwd, hybrid, enc, 2 * ctx->inf.b[0] - 192); - - if(ALIGN_OFFSET( ctx, 16 )) - return EXIT_FAILURE; - - if(ALIGN_OFFSET( iv, 16 )) /* ensure an aligned iv */ - { - ivp = liv; - memcpy(liv, iv, AES_BLOCK_SIZE); - } - - if(!ALIGN_OFFSET( ibuf, 16 ) && !ALIGN_OFFSET( obuf, 16 )) - { - via_ofb_op6(ksp, cwd, ibuf, obuf, nb, ivp); - ibuf += nb * AES_BLOCK_SIZE; - obuf += nb * AES_BLOCK_SIZE; - cnt += nb * AES_BLOCK_SIZE; - } - else /* input, output or both are unaligned */ - { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16); - uint_8t *ip, *op; - - while(nb) - { - m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb), nb -= m; - - ip = (ALIGN_OFFSET( ibuf, 16 ) ? buf : ibuf); - op = (ALIGN_OFFSET( obuf, 16 ) ? buf : obuf); - - if(ip != ibuf) - memcpy(buf, ibuf, m * AES_BLOCK_SIZE); - - via_ofb_op6(ksp, cwd, ip, op, m, ivp); - - if(op != obuf) - memcpy(obuf, buf, m * AES_BLOCK_SIZE); - - ibuf += m * AES_BLOCK_SIZE; - obuf += m * AES_BLOCK_SIZE; - cnt += m * AES_BLOCK_SIZE; - } - } - - if(ivp != iv) - memcpy(iv, ivp, AES_BLOCK_SIZE); - } -#else -# ifdef FAST_BUFFER_OPERATIONS - if(!ALIGN_OFFSET( ibuf, 4 ) && !ALIGN_OFFSET( obuf, 4 ) && !ALIGN_OFFSET( iv, 4 )) - while(cnt + AES_BLOCK_SIZE <= len) - { - assert(b_pos == 0); - if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS) - return EXIT_FAILURE; - lp32(obuf)[0] = lp32(iv)[0] ^ lp32(ibuf)[0]; - lp32(obuf)[1] = lp32(iv)[1] ^ lp32(ibuf)[1]; - lp32(obuf)[2] = lp32(iv)[2] ^ lp32(ibuf)[2]; - lp32(obuf)[3] = lp32(iv)[3] ^ lp32(ibuf)[3]; - ibuf += AES_BLOCK_SIZE; - obuf += AES_BLOCK_SIZE; - cnt += AES_BLOCK_SIZE; - } - else -# endif - while(cnt + AES_BLOCK_SIZE <= len) - { - assert(b_pos == 0); - if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS) - return EXIT_FAILURE; - obuf[ 0] = iv[ 0] ^ ibuf[ 0]; obuf[ 1] = iv[ 1] ^ ibuf[ 1]; - obuf[ 2] = iv[ 2] ^ ibuf[ 2]; obuf[ 3] = iv[ 3] ^ ibuf[ 3]; - obuf[ 4] = iv[ 4] ^ ibuf[ 4]; obuf[ 5] = iv[ 5] ^ ibuf[ 5]; - obuf[ 6] = iv[ 6] ^ ibuf[ 6]; obuf[ 7] = iv[ 7] ^ ibuf[ 7]; - obuf[ 8] = iv[ 8] ^ ibuf[ 8]; obuf[ 9] = iv[ 9] ^ ibuf[ 9]; - obuf[10] = iv[10] ^ ibuf[10]; obuf[11] = iv[11] ^ ibuf[11]; - obuf[12] = iv[12] ^ ibuf[12]; obuf[13] = iv[13] ^ ibuf[13]; - obuf[14] = iv[14] ^ ibuf[14]; obuf[15] = iv[15] ^ ibuf[15]; - ibuf += AES_BLOCK_SIZE; - obuf += AES_BLOCK_SIZE; - cnt += AES_BLOCK_SIZE; - } -#endif - } - - while(cnt < len) - { - if(!b_pos && aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS) - return EXIT_FAILURE; - - while(cnt < len && b_pos < AES_BLOCK_SIZE) - { - *obuf++ = iv[b_pos++] ^ *ibuf++; - cnt++; - } - - b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos); - } - - ctx->inf.b[2] = (uint_8t)b_pos; - return EXIT_SUCCESS; -} - -#define BFR_LENGTH (BFR_BLOCKS * AES_BLOCK_SIZE) - -AES_RETURN aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx ctx[1]) -{ unsigned char *ip; - int i, blen, b_pos = (int)(ctx->inf.b[2]); - -#if defined( USE_VIA_ACE_IF_PRESENT ) - aligned_auto(uint_8t, buf, BFR_LENGTH, 16); - if(ctx->inf.b[1] == 0xff && ALIGN_OFFSET( ctx, 16 )) - return EXIT_FAILURE; -#else - uint_8t buf[BFR_LENGTH]; -#endif - - if(b_pos) - { - memcpy(buf, cbuf, AES_BLOCK_SIZE); - if(aes_ecb_encrypt(buf, buf, AES_BLOCK_SIZE, ctx) != EXIT_SUCCESS) - return EXIT_FAILURE; - - while(b_pos < AES_BLOCK_SIZE && len) - { - *obuf++ = *ibuf++ ^ buf[b_pos++]; - --len; - } - - if(len) - ctr_inc(cbuf), b_pos = 0; - } - - while(len) - { - blen = (len > BFR_LENGTH ? BFR_LENGTH : len), len -= blen; - - for(i = 0, ip = buf; i < (blen >> 4); ++i) - { - memcpy(ip, cbuf, AES_BLOCK_SIZE); - ctr_inc(cbuf); - ip += AES_BLOCK_SIZE; - } - - if(blen & (AES_BLOCK_SIZE - 1)) - memcpy(ip, cbuf, AES_BLOCK_SIZE), i++; - -#if defined( USE_VIA_ACE_IF_PRESENT ) - if(ctx->inf.b[1] == 0xff) - { - via_cwd(cwd, hybrid, enc, 2 * ctx->inf.b[0] - 192); - via_ecb_op5((ctx->ks), cwd, buf, buf, i); - } - else -#endif - if(aes_ecb_encrypt(buf, buf, i * AES_BLOCK_SIZE, ctx) != EXIT_SUCCESS) - return EXIT_FAILURE; - - i = 0; ip = buf; -# ifdef FAST_BUFFER_OPERATIONS - if(!ALIGN_OFFSET( ibuf, 4 ) && !ALIGN_OFFSET( obuf, 4 ) && !ALIGN_OFFSET( ip, 4 )) - while(i + AES_BLOCK_SIZE <= blen) - { - lp32(obuf)[0] = lp32(ibuf)[0] ^ lp32(ip)[0]; - lp32(obuf)[1] = lp32(ibuf)[1] ^ lp32(ip)[1]; - lp32(obuf)[2] = lp32(ibuf)[2] ^ lp32(ip)[2]; - lp32(obuf)[3] = lp32(ibuf)[3] ^ lp32(ip)[3]; - i += AES_BLOCK_SIZE; - ip += AES_BLOCK_SIZE; - ibuf += AES_BLOCK_SIZE; - obuf += AES_BLOCK_SIZE; - } - else -#endif - while(i + AES_BLOCK_SIZE <= blen) - { - obuf[ 0] = ibuf[ 0] ^ ip[ 0]; obuf[ 1] = ibuf[ 1] ^ ip[ 1]; - obuf[ 2] = ibuf[ 2] ^ ip[ 2]; obuf[ 3] = ibuf[ 3] ^ ip[ 3]; - obuf[ 4] = ibuf[ 4] ^ ip[ 4]; obuf[ 5] = ibuf[ 5] ^ ip[ 5]; - obuf[ 6] = ibuf[ 6] ^ ip[ 6]; obuf[ 7] = ibuf[ 7] ^ ip[ 7]; - obuf[ 8] = ibuf[ 8] ^ ip[ 8]; obuf[ 9] = ibuf[ 9] ^ ip[ 9]; - obuf[10] = ibuf[10] ^ ip[10]; obuf[11] = ibuf[11] ^ ip[11]; - obuf[12] = ibuf[12] ^ ip[12]; obuf[13] = ibuf[13] ^ ip[13]; - obuf[14] = ibuf[14] ^ ip[14]; obuf[15] = ibuf[15] ^ ip[15]; - i += AES_BLOCK_SIZE; - ip += AES_BLOCK_SIZE; - ibuf += AES_BLOCK_SIZE; - obuf += AES_BLOCK_SIZE; - } - - while(i++ < blen) - *obuf++ = *ibuf++ ^ ip[b_pos++]; - } - - ctx->inf.b[2] = (uint_8t)b_pos; - return EXIT_SUCCESS; -} - -#if defined(__cplusplus) -} -#endif -#endif diff --git a/src/java/kp2akeytransform/jni/aes/aes_via_ace.h b/src/java/kp2akeytransform/jni/aes/aes_via_ace.h deleted file mode 100644 index e6cc76af9..000000000 --- a/src/java/kp2akeytransform/jni/aes/aes_via_ace.h +++ /dev/null @@ -1,529 +0,0 @@ -/* - --------------------------------------------------------------------------- - Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved. - - LICENSE TERMS - - The redistribution and use of this software (with or without changes) - is allowed without the payment of fees or royalties provided that: - - 1. source code distributions include the above copyright notice, this - list of conditions and the following disclaimer; - - 2. binary distributions include the above copyright notice, this list - of conditions and the following disclaimer in their documentation; - - 3. the name of the copyright holder is not used to endorse products - built using this software without specific written permission. - - DISCLAIMER - - This software is provided 'as is' with no explicit or implied warranties - in respect of its properties, including, but not limited to, correctness - and/or fitness for purpose. - --------------------------------------------------------------------------- - Issue Date: 20/12/20077 -*/ - -#ifndef AES_VIA_ACE_H -#define AES_VIA_ACE_H - -#if defined( _MSC_VER ) -# define INLINE __inline -#elif defined( __GNUC__ ) -# define INLINE static inline -#else -# error VIA ACE requires Microsoft or GNU C -#endif - -#define NEH_GENERATE 1 -#define NEH_LOAD 2 -#define NEH_HYBRID 3 - -#define MAX_READ_ATTEMPTS 1000 - -/* VIA Nehemiah RNG and ACE Feature Mask Values */ - -#define NEH_CPU_IS_VIA 0x00000001 -#define NEH_CPU_READ 0x00000010 -#define NEH_CPU_MASK 0x00000011 - -#define NEH_RNG_PRESENT 0x00000004 -#define NEH_RNG_ENABLED 0x00000008 -#define NEH_ACE_PRESENT 0x00000040 -#define NEH_ACE_ENABLED 0x00000080 -#define NEH_RNG_FLAGS (NEH_RNG_PRESENT | NEH_RNG_ENABLED) -#define NEH_ACE_FLAGS (NEH_ACE_PRESENT | NEH_ACE_ENABLED) -#define NEH_FLAGS_MASK (NEH_RNG_FLAGS | NEH_ACE_FLAGS) - -/* VIA Nehemiah Advanced Cryptography Engine (ACE) Control Word Values */ - -#define NEH_GEN_KEY 0x00000000 /* generate key schedule */ -#define NEH_LOAD_KEY 0x00000080 /* load schedule from memory */ -#define NEH_ENCRYPT 0x00000000 /* encryption */ -#define NEH_DECRYPT 0x00000200 /* decryption */ -#define NEH_KEY128 0x00000000+0x0a /* 128 bit key */ -#define NEH_KEY192 0x00000400+0x0c /* 192 bit key */ -#define NEH_KEY256 0x00000800+0x0e /* 256 bit key */ - -#define NEH_ENC_GEN (NEH_ENCRYPT | NEH_GEN_KEY) -#define NEH_DEC_GEN (NEH_DECRYPT | NEH_GEN_KEY) -#define NEH_ENC_LOAD (NEH_ENCRYPT | NEH_LOAD_KEY) -#define NEH_DEC_LOAD (NEH_DECRYPT | NEH_LOAD_KEY) - -#define NEH_ENC_GEN_DATA {\ - NEH_ENC_GEN | NEH_KEY128, 0, 0, 0,\ - NEH_ENC_GEN | NEH_KEY192, 0, 0, 0,\ - NEH_ENC_GEN | NEH_KEY256, 0, 0, 0 } - -#define NEH_ENC_LOAD_DATA {\ - NEH_ENC_LOAD | NEH_KEY128, 0, 0, 0,\ - NEH_ENC_LOAD | NEH_KEY192, 0, 0, 0,\ - NEH_ENC_LOAD | NEH_KEY256, 0, 0, 0 } - -#define NEH_ENC_HYBRID_DATA {\ - NEH_ENC_GEN | NEH_KEY128, 0, 0, 0,\ - NEH_ENC_LOAD | NEH_KEY192, 0, 0, 0,\ - NEH_ENC_LOAD | NEH_KEY256, 0, 0, 0 } - -#define NEH_DEC_GEN_DATA {\ - NEH_DEC_GEN | NEH_KEY128, 0, 0, 0,\ - NEH_DEC_GEN | NEH_KEY192, 0, 0, 0,\ - NEH_DEC_GEN | NEH_KEY256, 0, 0, 0 } - -#define NEH_DEC_LOAD_DATA {\ - NEH_DEC_LOAD | NEH_KEY128, 0, 0, 0,\ - NEH_DEC_LOAD | NEH_KEY192, 0, 0, 0,\ - NEH_DEC_LOAD | NEH_KEY256, 0, 0, 0 } - -#define NEH_DEC_HYBRID_DATA {\ - NEH_DEC_GEN | NEH_KEY128, 0, 0, 0,\ - NEH_DEC_LOAD | NEH_KEY192, 0, 0, 0,\ - NEH_DEC_LOAD | NEH_KEY256, 0, 0, 0 } - -#define neh_enc_gen_key(x) ((x) == 128 ? (NEH_ENC_GEN | NEH_KEY128) : \ - (x) == 192 ? (NEH_ENC_GEN | NEH_KEY192) : (NEH_ENC_GEN | NEH_KEY256)) - -#define neh_enc_load_key(x) ((x) == 128 ? (NEH_ENC_LOAD | NEH_KEY128) : \ - (x) == 192 ? (NEH_ENC_LOAD | NEH_KEY192) : (NEH_ENC_LOAD | NEH_KEY256)) - -#define neh_enc_hybrid_key(x) ((x) == 128 ? (NEH_ENC_GEN | NEH_KEY128) : \ - (x) == 192 ? (NEH_ENC_LOAD | NEH_KEY192) : (NEH_ENC_LOAD | NEH_KEY256)) - -#define neh_dec_gen_key(x) ((x) == 128 ? (NEH_DEC_GEN | NEH_KEY128) : \ - (x) == 192 ? (NEH_DEC_GEN | NEH_KEY192) : (NEH_DEC_GEN | NEH_KEY256)) - -#define neh_dec_load_key(x) ((x) == 128 ? (NEH_DEC_LOAD | NEH_KEY128) : \ - (x) == 192 ? (NEH_DEC_LOAD | NEH_KEY192) : (NEH_DEC_LOAD | NEH_KEY256)) - -#define neh_dec_hybrid_key(x) ((x) == 128 ? (NEH_DEC_GEN | NEH_KEY128) : \ - (x) == 192 ? (NEH_DEC_LOAD | NEH_KEY192) : (NEH_DEC_LOAD | NEH_KEY256)) - -#if defined( _MSC_VER ) && ( _MSC_VER > 1200 ) -#define aligned_auto(type, name, no, stride) __declspec(align(stride)) type name[no] -#else -#define aligned_auto(type, name, no, stride) \ - unsigned char _##name[no * sizeof(type) + stride]; \ - type *name = (type*)(16 * ((((unsigned long)(_##name)) + stride - 1) / stride)) -#endif - -#if defined( _MSC_VER ) && ( _MSC_VER > 1200 ) -#define aligned_array(type, name, no, stride) __declspec(align(stride)) type name[no] -#elif defined( __GNUC__ ) -#define aligned_array(type, name, no, stride) type name[no] __attribute__ ((aligned(stride))) -#else -#define aligned_array(type, name, no, stride) type name[no] -#endif - -/* VIA ACE codeword */ - -static unsigned char via_flags = 0; - -#if defined ( _MSC_VER ) && ( _MSC_VER > 800 ) - -#define NEH_REKEY __asm pushfd __asm popfd -#define NEH_AES __asm _emit 0xf3 __asm _emit 0x0f __asm _emit 0xa7 -#define NEH_ECB NEH_AES __asm _emit 0xc8 -#define NEH_CBC NEH_AES __asm _emit 0xd0 -#define NEH_CFB NEH_AES __asm _emit 0xe0 -#define NEH_OFB NEH_AES __asm _emit 0xe8 -#define NEH_RNG __asm _emit 0x0f __asm _emit 0xa7 __asm _emit 0xc0 - -INLINE int has_cpuid(void) -{ char ret_value; - __asm - { pushfd /* save EFLAGS register */ - mov eax,[esp] /* copy it to eax */ - mov edx,0x00200000 /* CPUID bit position */ - xor eax,edx /* toggle the CPUID bit */ - push eax /* attempt to set EFLAGS to */ - popfd /* the new value */ - pushfd /* get the new EFLAGS value */ - pop eax /* into eax */ - xor eax,[esp] /* xor with original value */ - and eax,edx /* has CPUID bit changed? */ - setne al /* set to 1 if we have been */ - mov ret_value,al /* able to change it */ - popfd /* restore original EFLAGS */ - } - return (int)ret_value; -} - -INLINE int is_via_cpu(void) -{ char ret_value; - __asm - { xor eax,eax /* use CPUID to get vendor */ - cpuid /* identity string */ - xor eax,eax /* is it "CentaurHauls" ? */ - sub ebx,0x746e6543 /* 'Cent' */ - or eax,ebx - sub edx,0x48727561 /* 'aurH' */ - or eax,edx - sub ecx,0x736c7561 /* 'auls' */ - or eax,ecx - sete al /* set to 1 if it is VIA ID */ - mov dl,NEH_CPU_READ /* mark CPU type as read */ - or dl,al /* & store result in flags */ - mov [via_flags],dl /* set VIA detected flag */ - mov ret_value,al /* able to change it */ - } - return (int)ret_value; -} - -INLINE int read_via_flags(void) -{ char ret_value = 0; - __asm - { - mov eax,0xC0000000 /* Centaur extended CPUID */ - cpuid - mov edx,0xc0000001 /* >= 0xc0000001 if support */ - cmp eax,edx /* for VIA extended feature */ - jnae no_rng /* flags is available */ - mov eax,edx /* read Centaur extended */ - cpuid /* feature flags */ - mov eax,NEH_FLAGS_MASK /* mask out and save */ - and eax,edx /* the RNG and ACE flags */ - or [via_flags],al /* present & enabled flags */ - mov ret_value,al /* able to change it */ -no_rng: - } - return (int)ret_value; -} - -INLINE unsigned int via_rng_in(void *buf) -{ char ret_value = 0x1f; - __asm - { - push edi - mov edi,buf /* input buffer address */ - xor edx,edx /* try to fetch 8 bytes */ - NEH_RNG /* do RNG read operation */ - and ret_value,al /* count of bytes returned */ - pop edi - } - return (int)ret_value; -} - -INLINE void via_ecb_op5( - const void *k, const void *c, const void *s, void *d, int l) -{ __asm - { - NEH_REKEY - mov ebx, (k) - mov edx, (c) - mov esi, (s) - mov edi, (d) - mov ecx, (l) - NEH_ECB - } -} - -INLINE void via_cbc_op6( - const void *k, const void *c, const void *s, void *d, int l, void *v) -{ __asm - { - NEH_REKEY - mov ebx, (k) - mov edx, (c) - mov esi, (s) - mov edi, (d) - mov ecx, (l) - mov eax, (v) - NEH_CBC - } -} - -INLINE void via_cbc_op7( - const void *k, const void *c, const void *s, void *d, int l, void *v, void *w) -{ __asm - { - NEH_REKEY - mov ebx, (k) - mov edx, (c) - mov esi, (s) - mov edi, (d) - mov ecx, (l) - mov eax, (v) - NEH_CBC - mov esi, eax - mov edi, (w) - movsd - movsd - movsd - movsd - } -} - -INLINE void via_cfb_op6( - const void *k, const void *c, const void *s, void *d, int l, void *v) -{ __asm - { - NEH_REKEY - mov ebx, (k) - mov edx, (c) - mov esi, (s) - mov edi, (d) - mov ecx, (l) - mov eax, (v) - NEH_CFB - } -} - -INLINE void via_cfb_op7( - const void *k, const void *c, const void *s, void *d, int l, void *v, void *w) -{ __asm - { - NEH_REKEY - mov ebx, (k) - mov edx, (c) - mov esi, (s) - mov edi, (d) - mov ecx, (l) - mov eax, (v) - NEH_CFB - mov esi, eax - mov edi, (w) - movsd - movsd - movsd - movsd - } -} - -INLINE void via_ofb_op6( - const void *k, const void *c, const void *s, void *d, int l, void *v) -{ __asm - { - NEH_REKEY - mov ebx, (k) - mov edx, (c) - mov esi, (s) - mov edi, (d) - mov ecx, (l) - mov eax, (v) - NEH_OFB - } -} - -#elif defined( __GNUC__ ) - -#define NEH_REKEY asm("pushfl\n popfl\n\t") -#define NEH_ECB asm(".byte 0xf3, 0x0f, 0xa7, 0xc8\n\t") -#define NEH_CBC asm(".byte 0xf3, 0x0f, 0xa7, 0xd0\n\t") -#define NEH_CFB asm(".byte 0xf3, 0x0f, 0xa7, 0xe0\n\t") -#define NEH_OFB asm(".byte 0xf3, 0x0f, 0xa7, 0xe8\n\t") -#define NEH_RNG asm(".byte 0x0f, 0xa7, 0xc0\n\t"); - -INLINE int has_cpuid(void) -{ int val; - asm("pushfl\n\t"); - asm("movl 0(%esp),%eax\n\t"); - asm("xor $0x00200000,%eax\n\t"); - asm("pushl %eax\n\t"); - asm("popfl\n\t"); - asm("pushfl\n\t"); - asm("popl %eax\n\t"); - asm("xorl 0(%esp),%edx\n\t"); - asm("andl $0x00200000,%eax\n\t"); - asm("movl %%eax,%0\n\t" : "=m" (val)); - asm("popfl\n\t"); - return val ? 1 : 0; -} - -INLINE int is_via_cpu(void) -{ int val; - asm("xorl %eax,%eax\n\t"); - asm("cpuid\n\t"); - asm("xorl %eax,%eax\n\t"); - asm("subl $0x746e6543,%ebx\n\t"); - asm("orl %ebx,%eax\n\t"); - asm("subl $0x48727561,%edx\n\t"); - asm("orl %edx,%eax\n\t"); - asm("subl $0x736c7561,%ecx\n\t"); - asm("orl %ecx,%eax\n\t"); - asm("movl %%eax,%0\n\t" : "=m" (val)); - val = (val ? 0 : 1); - via_flags = (val | NEH_CPU_READ); - return val; -} - -INLINE int read_via_flags(void) -{ unsigned char val; - asm("movl $0xc0000000,%eax\n\t"); - asm("cpuid\n\t"); - asm("movl $0xc0000001,%edx\n\t"); - asm("cmpl %edx,%eax\n\t"); - asm("setae %al\n\t"); - asm("movb %%al,%0\n\t" : "=m" (val)); - if(!val) return 0; - asm("movl $0xc0000001,%eax\n\t"); - asm("cpuid\n\t"); - asm("movb %%dl,%0\n\t" : "=m" (val)); - val &= NEH_FLAGS_MASK; - via_flags |= val; - return (int) val; -} - -INLINE int via_rng_in(void *buf) -{ int val; - asm("pushl %edi\n\t"); - asm("movl %0,%%edi\n\t" : : "m" (buf)); - asm("xorl %edx,%edx\n\t"); - NEH_RNG - asm("andl $0x0000001f,%eax\n\t"); - asm("movl %%eax,%0\n\t" : "=m" (val)); - asm("popl %edi\n\t"); - return val; -} - -INLINE volatile void via_ecb_op5( - const void *k, const void *c, const void *s, void *d, int l) -{ - NEH_REKEY; - asm("movl %0, %%ebx\n\t" : : "m" (k)); - asm("movl %0, %%edx\n\t" : : "m" (c)); - asm("movl %0, %%esi\n\t" : : "m" (s)); - asm("movl %0, %%edi\n\t" : : "m" (d)); - asm("movl %0, %%ecx\n\t" : : "m" (l)); - NEH_ECB; -} - -INLINE volatile void via_cbc_op6( - const void *k, const void *c, const void *s, void *d, int l, void *v) -{ - NEH_REKEY; - asm("movl %0, %%ebx\n\t" : : "m" (k)); - asm("movl %0, %%edx\n\t" : : "m" (c)); - asm("movl %0, %%esi\n\t" : : "m" (s)); - asm("movl %0, %%edi\n\t" : : "m" (d)); - asm("movl %0, %%ecx\n\t" : : "m" (l)); - asm("movl %0, %%eax\n\t" : : "m" (v)); - NEH_CBC; -} - -INLINE volatile void via_cbc_op7( - const void *k, const void *c, const void *s, void *d, int l, void *v, void *w) -{ - NEH_REKEY; - asm("movl %0, %%ebx\n\t" : : "m" (k)); - asm("movl %0, %%edx\n\t" : : "m" (c)); - asm("movl %0, %%esi\n\t" : : "m" (s)); - asm("movl %0, %%edi\n\t" : : "m" (d)); - asm("movl %0, %%ecx\n\t" : : "m" (l)); - asm("movl %0, %%eax\n\t" : : "m" (v)); - NEH_CBC; - asm("movl %eax,%esi\n\t"); - asm("movl %0, %%edi\n\t" : : "m" (w)); - asm("movsl; movsl; movsl; movsl\n\t"); -} - -INLINE volatile void via_cfb_op6( - const void *k, const void *c, const void *s, void *d, int l, void *v) -{ - NEH_REKEY; - asm("movl %0, %%ebx\n\t" : : "m" (k)); - asm("movl %0, %%edx\n\t" : : "m" (c)); - asm("movl %0, %%esi\n\t" : : "m" (s)); - asm("movl %0, %%edi\n\t" : : "m" (d)); - asm("movl %0, %%ecx\n\t" : : "m" (l)); - asm("movl %0, %%eax\n\t" : : "m" (v)); - NEH_CFB; -} - -INLINE volatile void via_cfb_op7( - const void *k, const void *c, const void *s, void *d, int l, void *v, void *w) -{ - NEH_REKEY; - asm("movl %0, %%ebx\n\t" : : "m" (k)); - asm("movl %0, %%edx\n\t" : : "m" (c)); - asm("movl %0, %%esi\n\t" : : "m" (s)); - asm("movl %0, %%edi\n\t" : : "m" (d)); - asm("movl %0, %%ecx\n\t" : : "m" (l)); - asm("movl %0, %%eax\n\t" : : "m" (v)); - NEH_CFB; - asm("movl %eax,%esi\n\t"); - asm("movl %0, %%edi\n\t" : : "m" (w)); - asm("movsl; movsl; movsl; movsl\n\t"); -} - -INLINE volatile void via_ofb_op6( - const void *k, const void *c, const void *s, void *d, int l, void *v) -{ - NEH_REKEY; - asm("movl %0, %%ebx\n\t" : : "m" (k)); - asm("movl %0, %%edx\n\t" : : "m" (c)); - asm("movl %0, %%esi\n\t" : : "m" (s)); - asm("movl %0, %%edi\n\t" : : "m" (d)); - asm("movl %0, %%ecx\n\t" : : "m" (l)); - asm("movl %0, %%eax\n\t" : : "m" (v)); - NEH_OFB; -} - -#else -#error VIA ACE is not available with this compiler -#endif - -INLINE int via_ace_test(void) -{ - return has_cpuid() && is_via_cpu() && ((read_via_flags() & NEH_ACE_FLAGS) == NEH_ACE_FLAGS); -} - -#define VIA_ACE_AVAILABLE (((via_flags & NEH_ACE_FLAGS) == NEH_ACE_FLAGS) \ - || (via_flags & NEH_CPU_READ) && (via_flags & NEH_CPU_IS_VIA) || via_ace_test()) - -INLINE int via_rng_test(void) -{ - return has_cpuid() && is_via_cpu() && ((read_via_flags() & NEH_RNG_FLAGS) == NEH_RNG_FLAGS); -} - -#define VIA_RNG_AVAILABLE (((via_flags & NEH_RNG_FLAGS) == NEH_RNG_FLAGS) \ - || (via_flags & NEH_CPU_READ) && (via_flags & NEH_CPU_IS_VIA) || via_rng_test()) - -INLINE int read_via_rng(void *buf, int count) -{ int nbr, max_reads, lcnt = count; - unsigned char *p, *q; - aligned_auto(unsigned char, bp, 64, 16); - - if(!VIA_RNG_AVAILABLE) - return 0; - - do - { - max_reads = MAX_READ_ATTEMPTS; - do - nbr = via_rng_in(bp); - while - (nbr == 0 && --max_reads); - - lcnt -= nbr; - p = (unsigned char*)buf; q = bp; - while(nbr--) - *p++ = *q++; - } - while - (lcnt && max_reads); - - return count - lcnt; -} - -#endif diff --git a/src/java/kp2akeytransform/jni/aes/aes_x86_v1.asm b/src/java/kp2akeytransform/jni/aes/aes_x86_v1.asm deleted file mode 100644 index e13292632..000000000 --- a/src/java/kp2akeytransform/jni/aes/aes_x86_v1.asm +++ /dev/null @@ -1,644 +0,0 @@ - -; --------------------------------------------------------------------------- -; Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved. -; -; LICENSE TERMS -; -; The redistribution and use of this software (with or without changes) -; is allowed without the payment of fees or royalties provided that: -; -; 1. source code distributions include the above copyright notice, this -; list of conditions and the following disclaimer; -; -; 2. binary distributions include the above copyright notice, this list -; of conditions and the following disclaimer in their documentation; -; -; 3. the name of the copyright holder is not used to endorse products -; built using this software without specific written permission. -; -; DISCLAIMER -; -; This software is provided 'as is' with no explicit or implied warranties -; in respect of its properties, including, but not limited to, correctness -; and/or fitness for purpose. -; --------------------------------------------------------------------------- -; Issue 13/08/2008 -; -; This code requires ASM_X86_V1C to be set in aesopt.h. It requires the C files -; aeskey.c and aestab.c for support. - -; An AES implementation for x86 processors using the YASM (or NASM) assembler. -; This is an assembler implementation that covers encryption and decryption -; only and is intended as a replacement of the C file aescrypt.c. It hence -; requires the file aeskey.c for keying and aestab.c for the AES tables. It -; employs full tables rather than compressed tables. - -; This code provides the standard AES block size (128 bits, 16 bytes) and the -; three standard AES key sizes (128, 192 and 256 bits). It has the same call -; interface as my C implementation. The ebx, esi, edi and ebp registers are -; preserved across calls but eax, ecx and edx and the artihmetic status flags -; are not. It is also important that the defines below match those used in the -; C code. This code uses the VC++ register saving conentions; if it is used -; with another compiler, conventions for using and saving registers may need to -; be checked (and calling conventions). The YASM command line for the VC++ -; custom build step is: -; -; yasm -Xvc -f win32 -o "$(TargetDir)\$(InputName).obj" "$(InputPath)" -; -; The calling intefaces are: -; -; AES_RETURN aes_encrypt(const unsigned char in_blk[], -; unsigned char out_blk[], const aes_encrypt_ctx cx[1]); -; -; AES_RETURN aes_decrypt(const unsigned char in_blk[], -; unsigned char out_blk[], const aes_decrypt_ctx cx[1]); -; -; AES_RETURN aes_encrypt_key(const unsigned char key[], -; const aes_encrypt_ctx cx[1]); -; -; AES_RETURN aes_decrypt_key(const unsigned char key[], -; const aes_decrypt_ctx cx[1]); -; -; AES_RETURN aes_encrypt_key(const unsigned char key[], -; unsigned int len, const aes_decrypt_ctx cx[1]); -; -; AES_RETURN aes_decrypt_key(const unsigned char key[], -; unsigned int len, const aes_decrypt_ctx cx[1]); -; -; where is 128, 102 or 256. In the last two calls the length can be in -; either bits or bytes. -; -; Comment in/out the following lines to obtain the desired subroutines. These -; selections MUST match those in the C header file aes.h - -%define AES_128 ; define if AES with 128 bit keys is needed -%define AES_192 ; define if AES with 192 bit keys is needed -%define AES_256 ; define if AES with 256 bit keys is needed -%define AES_VAR ; define if a variable key size is needed -%define ENCRYPTION ; define if encryption is needed -%define DECRYPTION ; define if decryption is needed -%define AES_REV_DKS ; define if key decryption schedule is reversed -%define LAST_ROUND_TABLES ; define if tables are to be used for last round - -; offsets to parameters - -in_blk equ 4 ; input byte array address parameter -out_blk equ 8 ; output byte array address parameter -ctx equ 12 ; AES context structure -stk_spc equ 20 ; stack space -%define parms 12 ; parameter space on stack - -; The encryption key schedule has the following in memory layout where N is the -; number of rounds (10, 12 or 14): -; -; lo: | input key (round 0) | ; each round is four 32-bit words -; | encryption round 1 | -; | encryption round 2 | -; .... -; | encryption round N-1 | -; hi: | encryption round N | -; -; The decryption key schedule is normally set up so that it has the same -; layout as above by actually reversing the order of the encryption key -; schedule in memory (this happens when AES_REV_DKS is set): -; -; lo: | decryption round 0 | = | encryption round N | -; | decryption round 1 | = INV_MIX_COL[ | encryption round N-1 | ] -; | decryption round 2 | = INV_MIX_COL[ | encryption round N-2 | ] -; .... .... -; | decryption round N-1 | = INV_MIX_COL[ | encryption round 1 | ] -; hi: | decryption round N | = | input key (round 0) | -; -; with rounds except the first and last modified using inv_mix_column() -; But if AES_REV_DKS is NOT set the order of keys is left as it is for -; encryption so that it has to be accessed in reverse when used for -; decryption (although the inverse mix column modifications are done) -; -; lo: | decryption round 0 | = | input key (round 0) | -; | decryption round 1 | = INV_MIX_COL[ | encryption round 1 | ] -; | decryption round 2 | = INV_MIX_COL[ | encryption round 2 | ] -; .... .... -; | decryption round N-1 | = INV_MIX_COL[ | encryption round N-1 | ] -; hi: | decryption round N | = | encryption round N | -; -; This layout is faster when the assembler key scheduling provided here -; is used. -; -; The DLL interface must use the _stdcall convention in which the number -; of bytes of parameter space is added after an @ to the sutine's name. -; We must also remove our parameters from the stack before return (see -; the do_exit macro). Define DLL_EXPORT for the Dynamic Link Library version. - -;%define DLL_EXPORT - -; End of user defines - -%ifdef AES_VAR -%ifndef AES_128 -%define AES_128 -%endif -%ifndef AES_192 -%define AES_192 -%endif -%ifndef AES_256 -%define AES_256 -%endif -%endif - -%ifdef AES_VAR -%define KS_LENGTH 60 -%elifdef AES_256 -%define KS_LENGTH 60 -%elifdef AES_192 -%define KS_LENGTH 52 -%else -%define KS_LENGTH 44 -%endif - -; These macros implement stack based local variables - -%macro save 2 - mov [esp+4*%1],%2 -%endmacro - -%macro restore 2 - mov %1,[esp+4*%2] -%endmacro - -; the DLL has to implement the _stdcall calling interface on return -; In this case we have to take our parameters (3 4-byte pointers) -; off the stack - -%macro do_name 1-2 parms -%ifndef DLL_EXPORT - global %1 -%1: -%else - global %1@%2 - export %1@%2 -%1@%2: -%endif -%endmacro - -%macro do_call 1-2 parms -%ifndef DLL_EXPORT - call %1 - add esp,%2 -%else - call %1@%2 -%endif -%endmacro - -%macro do_exit 0-1 parms -%ifdef DLL_EXPORT - ret %1 -%else - ret -%endif -%endmacro - -%ifdef ENCRYPTION - - extern _t_fn - -%define etab_0(x) [_t_fn+4*x] -%define etab_1(x) [_t_fn+1024+4*x] -%define etab_2(x) [_t_fn+2048+4*x] -%define etab_3(x) [_t_fn+3072+4*x] - -%ifdef LAST_ROUND_TABLES - - extern _t_fl - -%define eltab_0(x) [_t_fl+4*x] -%define eltab_1(x) [_t_fl+1024+4*x] -%define eltab_2(x) [_t_fl+2048+4*x] -%define eltab_3(x) [_t_fl+3072+4*x] - -%else - -%define etab_b(x) byte [_t_fn+3072+4*x] - -%endif - -; ROUND FUNCTION. Build column[2] on ESI and column[3] on EDI that have the -; round keys pre-loaded. Build column[0] in EBP and column[1] in EBX. -; -; Input: -; -; EAX column[0] -; EBX column[1] -; ECX column[2] -; EDX column[3] -; ESI column key[round][2] -; EDI column key[round][3] -; EBP scratch -; -; Output: -; -; EBP column[0] unkeyed -; EBX column[1] unkeyed -; ESI column[2] keyed -; EDI column[3] keyed -; EAX scratch -; ECX scratch -; EDX scratch - -%macro rnd_fun 2 - - rol ebx,16 - %1 esi, cl, 0, ebp - %1 esi, dh, 1, ebp - %1 esi, bh, 3, ebp - %1 edi, dl, 0, ebp - %1 edi, ah, 1, ebp - %1 edi, bl, 2, ebp - %2 ebp, al, 0, ebp - shr ebx,16 - and eax,0xffff0000 - or eax,ebx - shr edx,16 - %1 ebp, ah, 1, ebx - %1 ebp, dh, 3, ebx - %2 ebx, dl, 2, ebx - %1 ebx, ch, 1, edx - %1 ebx, al, 0, edx - shr eax,16 - shr ecx,16 - %1 ebp, cl, 2, edx - %1 edi, ch, 3, edx - %1 esi, al, 2, edx - %1 ebx, ah, 3, edx - -%endmacro - -; Basic MOV and XOR Operations for normal rounds - -%macro nr_xor 4 - movzx %4,%2 - xor %1,etab_%3(%4) -%endmacro - -%macro nr_mov 4 - movzx %4,%2 - mov %1,etab_%3(%4) -%endmacro - -; Basic MOV and XOR Operations for last round - -%ifdef LAST_ROUND_TABLES - - %macro lr_xor 4 - movzx %4,%2 - xor %1,eltab_%3(%4) - %endmacro - - %macro lr_mov 4 - movzx %4,%2 - mov %1,eltab_%3(%4) - %endmacro - -%else - - %macro lr_xor 4 - movzx %4,%2 - movzx %4,etab_b(%4) - %if %3 != 0 - shl %4,8*%3 - %endif - xor %1,%4 - %endmacro - - %macro lr_mov 4 - movzx %4,%2 - movzx %1,etab_b(%4) - %if %3 != 0 - shl %1,8*%3 - %endif - %endmacro - -%endif - -%macro enc_round 0 - - add ebp,16 - save 0,ebp - mov esi,[ebp+8] - mov edi,[ebp+12] - - rnd_fun nr_xor, nr_mov - - mov eax,ebp - mov ecx,esi - mov edx,edi - restore ebp,0 - xor eax,[ebp] - xor ebx,[ebp+4] - -%endmacro - -%macro enc_last_round 0 - - add ebp,16 - save 0,ebp - mov esi,[ebp+8] - mov edi,[ebp+12] - - rnd_fun lr_xor, lr_mov - - mov eax,ebp - restore ebp,0 - xor eax,[ebp] - xor ebx,[ebp+4] - -%endmacro - - section .text align=32 - -; AES Encryption Subroutine - - align 32 - do_name _aes_encrypt - - sub esp,stk_spc - mov [esp+16],ebp - mov [esp+12],ebx - mov [esp+ 8],esi - mov [esp+ 4],edi - - mov esi,[esp+in_blk+stk_spc] ; input pointer - mov eax,[esi ] - mov ebx,[esi+ 4] - mov ecx,[esi+ 8] - mov edx,[esi+12] - - mov ebp,[esp+ctx+stk_spc] ; key pointer - movzx edi,byte [ebp+4*KS_LENGTH] - xor eax,[ebp ] - xor ebx,[ebp+ 4] - xor ecx,[ebp+ 8] - xor edx,[ebp+12] - -; determine the number of rounds - - cmp edi,10*16 - je .3 - cmp edi,12*16 - je .2 - cmp edi,14*16 - je .1 - mov eax,-1 - jmp .5 - -.1: enc_round - enc_round -.2: enc_round - enc_round -.3: enc_round - enc_round - enc_round - enc_round - enc_round - enc_round - enc_round - enc_round - enc_round - enc_last_round - - mov edx,[esp+out_blk+stk_spc] - mov [edx],eax - mov [edx+4],ebx - mov [edx+8],esi - mov [edx+12],edi - xor eax,eax - -.5: mov ebp,[esp+16] - mov ebx,[esp+12] - mov esi,[esp+ 8] - mov edi,[esp+ 4] - add esp,stk_spc - do_exit - -%endif - -%ifdef DECRYPTION - - extern _t_in - -%define dtab_0(x) [_t_in+4*x] -%define dtab_1(x) [_t_in+1024+4*x] -%define dtab_2(x) [_t_in+2048+4*x] -%define dtab_3(x) [_t_in+3072+4*x] - -%ifdef LAST_ROUND_TABLES - - extern _t_il - -%define dltab_0(x) [_t_il+4*x] -%define dltab_1(x) [_t_il+1024+4*x] -%define dltab_2(x) [_t_il+2048+4*x] -%define dltab_3(x) [_t_il+3072+4*x] - -%else - - extern _t_ibox - -%define dtab_x(x) byte [_t_ibox+x] - -%endif - -%macro irn_fun 2 - - rol eax,16 - %1 esi, cl, 0, ebp - %1 esi, bh, 1, ebp - %1 esi, al, 2, ebp - %1 edi, dl, 0, ebp - %1 edi, ch, 1, ebp - %1 edi, ah, 3, ebp - %2 ebp, bl, 0, ebp - shr eax,16 - and ebx,0xffff0000 - or ebx,eax - shr ecx,16 - %1 ebp, bh, 1, eax - %1 ebp, ch, 3, eax - %2 eax, cl, 2, ecx - %1 eax, bl, 0, ecx - %1 eax, dh, 1, ecx - shr ebx,16 - shr edx,16 - %1 esi, dh, 3, ecx - %1 ebp, dl, 2, ecx - %1 eax, bh, 3, ecx - %1 edi, bl, 2, ecx - -%endmacro - -; Basic MOV and XOR Operations for normal rounds - -%macro ni_xor 4 - movzx %4,%2 - xor %1,dtab_%3(%4) -%endmacro - -%macro ni_mov 4 - movzx %4,%2 - mov %1,dtab_%3(%4) -%endmacro - -; Basic MOV and XOR Operations for last round - -%ifdef LAST_ROUND_TABLES - -%macro li_xor 4 - movzx %4,%2 - xor %1,dltab_%3(%4) -%endmacro - -%macro li_mov 4 - movzx %4,%2 - mov %1,dltab_%3(%4) -%endmacro - -%else - - %macro li_xor 4 - movzx %4,%2 - movzx %4,dtab_x(%4) - %if %3 != 0 - shl %4,8*%3 - %endif - xor %1,%4 - %endmacro - - %macro li_mov 4 - movzx %4,%2 - movzx %1,dtab_x(%4) - %if %3 != 0 - shl %1,8*%3 - %endif - %endmacro - -%endif - -%macro dec_round 0 - -%ifdef AES_REV_DKS - add ebp,16 -%else - sub ebp,16 -%endif - save 0,ebp - mov esi,[ebp+8] - mov edi,[ebp+12] - - irn_fun ni_xor, ni_mov - - mov ebx,ebp - mov ecx,esi - mov edx,edi - restore ebp,0 - xor eax,[ebp] - xor ebx,[ebp+4] - -%endmacro - -%macro dec_last_round 0 - -%ifdef AES_REV_DKS - add ebp,16 -%else - sub ebp,16 -%endif - save 0,ebp - mov esi,[ebp+8] - mov edi,[ebp+12] - - irn_fun li_xor, li_mov - - mov ebx,ebp - restore ebp,0 - xor eax,[ebp] - xor ebx,[ebp+4] - -%endmacro - - section .text - -; AES Decryption Subroutine - - align 32 - do_name _aes_decrypt - - sub esp,stk_spc - mov [esp+16],ebp - mov [esp+12],ebx - mov [esp+ 8],esi - mov [esp+ 4],edi - -; input four columns and xor in first round key - - mov esi,[esp+in_blk+stk_spc] ; input pointer - mov eax,[esi ] - mov ebx,[esi+ 4] - mov ecx,[esi+ 8] - mov edx,[esi+12] - lea esi,[esi+16] - - mov ebp,[esp+ctx+stk_spc] ; key pointer - movzx edi,byte[ebp+4*KS_LENGTH] -%ifndef AES_REV_DKS ; if decryption key schedule is not reversed - lea ebp,[ebp+edi] ; we have to access it from the top down -%endif - xor eax,[ebp ] ; key schedule - xor ebx,[ebp+ 4] - xor ecx,[ebp+ 8] - xor edx,[ebp+12] - -; determine the number of rounds - - cmp edi,10*16 - je .3 - cmp edi,12*16 - je .2 - cmp edi,14*16 - je .1 - mov eax,-1 - jmp .5 - -.1: dec_round - dec_round -.2: dec_round - dec_round -.3: dec_round - dec_round - dec_round - dec_round - dec_round - dec_round - dec_round - dec_round - dec_round - dec_last_round - -; move final values to the output array. - - mov ebp,[esp+out_blk+stk_spc] - mov [ebp],eax - mov [ebp+4],ebx - mov [ebp+8],esi - mov [ebp+12],edi - xor eax,eax - -.5: mov ebp,[esp+16] - mov ebx,[esp+12] - mov esi,[esp+ 8] - mov edi,[esp+ 4] - add esp,stk_spc - do_exit - -%endif - - end - diff --git a/src/java/kp2akeytransform/jni/aes/aes_x86_v2.asm b/src/java/kp2akeytransform/jni/aes/aes_x86_v2.asm deleted file mode 100644 index ddceb2593..000000000 --- a/src/java/kp2akeytransform/jni/aes/aes_x86_v2.asm +++ /dev/null @@ -1,1419 +0,0 @@ - -; --------------------------------------------------------------------------- -; Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved. -; -; LICENSE TERMS -; -; The redistribution and use of this software (with or without changes) -; is allowed without the payment of fees or royalties provided that: -; -; 1. source code distributions include the above copyright notice, this -; list of conditions and the following disclaimer; -; -; 2. binary distributions include the above copyright notice, this list -; of conditions and the following disclaimer in their documentation; -; -; 3. the name of the copyright holder is not used to endorse products -; built using this software without specific written permission. -; -; DISCLAIMER -; -; This software is provided 'as is' with no explicit or implied warranties -; in respect of its properties, including, but not limited to, correctness -; and/or fitness for purpose. -; --------------------------------------------------------------------------- -; Issue 13/08/2008 -; -; This code requires either ASM_X86_V2 or ASM_X86_V2C to be set in aesopt.h -; and the same define to be set here as well. If AES_V2C is set this file -; requires the C files aeskey.c and aestab.c for support. - -; An AES implementation for x86 processors using the YASM (or NASM) assembler. -; This is a full assembler implementation covering encryption, decryption and -; key scheduling. It uses 2k bytes of tables but its encryption and decryption -; performance is very close to that obtained using large tables. Key schedule -; expansion is slower for both encryption and decryption but this is likely to -; be offset by the much smaller load that this version places on the processor -; cache. I acknowledge the contribution made by Daniel Bernstein to aspects of -; the design of the AES round function used here. -; -; This code provides the standard AES block size (128 bits, 16 bytes) and the -; three standard AES key sizes (128, 192 and 256 bits). It has the same call -; interface as my C implementation. The ebx, esi, edi and ebp registers are -; preserved across calls but eax, ecx and edx and the artihmetic status flags -; are not. Although this is a full assembler implementation, it can be used -; in conjunction with my C code which provides faster key scheduling using -; large tables. In this case aeskey.c should be compiled with ASM_X86_V2C -; defined. It is also important that the defines below match those used in the -; C code. This code uses the VC++ register saving conentions; if it is used -; with another compiler, conventions for using and saving registers may need -; to be checked (and calling conventions). The YASM command line for the VC++ -; custom build step is: -; -; yasm -Xvc -f win32 -D -o "$(TargetDir)\$(InputName).obj" "$(InputPath)" -; -; For the cryptlib build this is (pcg): -; -; yasm -Xvc -f win32 -D ASM_X86_V2C -o aescrypt2.obj aes_x86_v2.asm -; -; where is ASM_X86_V2 or ASM_X86_V2C. The calling intefaces are: -; -; AES_RETURN aes_encrypt(const unsigned char in_blk[], -; unsigned char out_blk[], const aes_encrypt_ctx cx[1]); -; -; AES_RETURN aes_decrypt(const unsigned char in_blk[], -; unsigned char out_blk[], const aes_decrypt_ctx cx[1]); -; -; AES_RETURN aes_encrypt_key(const unsigned char key[], -; const aes_encrypt_ctx cx[1]); -; -; AES_RETURN aes_decrypt_key(const unsigned char key[], -; const aes_decrypt_ctx cx[1]); -; -; AES_RETURN aes_encrypt_key(const unsigned char key[], -; unsigned int len, const aes_decrypt_ctx cx[1]); -; -; AES_RETURN aes_decrypt_key(const unsigned char key[], -; unsigned int len, const aes_decrypt_ctx cx[1]); -; -; where is 128, 102 or 256. In the last two calls the length can be in -; either bits or bytes. - -; The DLL interface must use the _stdcall convention in which the number -; of bytes of parameter space is added after an @ to the sutine's name. -; We must also remove our parameters from the stack before return (see -; the do_exit macro). Define DLL_EXPORT for the Dynamic Link Library version. - -;%define DLL_EXPORT - -; Comment in/out the following lines to obtain the desired subroutines. These -; selections MUST match those in the C header file aes.h - -; The size of the code can be reduced by using functions for the encryption -; and decryption rounds in place of macro expansion - -%define REDUCE_CODE_SIZE - -%define AES_128 ; define if AES with 128 bit keys is needed -%define AES_192 ; define if AES with 192 bit keys is needed -%define AES_256 ; define if AES with 256 bit keys is needed -%define AES_VAR ; define if a variable key size is needed -%define ENCRYPTION ; define if encryption is needed -%define DECRYPTION ; define if decryption is needed -%define AES_REV_DKS ; define if key decryption schedule is reversed - -%ifndef ASM_X86_V2C -%define ENCRYPTION_KEY_SCHEDULE ; define if encryption key expansion is needed -%define DECRYPTION_KEY_SCHEDULE ; define if decryption key expansion is needed -%endif - -; The encryption key schedule has the following in memory layout where N is the -; number of rounds (10, 12 or 14): -; -; lo: | input key (round 0) | ; each round is four 32-bit words -; | encryption round 1 | -; | encryption round 2 | -; .... -; | encryption round N-1 | -; hi: | encryption round N | -; -; The decryption key schedule is normally set up so that it has the same -; layout as above by actually reversing the order of the encryption key -; schedule in memory (this happens when AES_REV_DKS is set): -; -; lo: | decryption round 0 | = | encryption round N | -; | decryption round 1 | = INV_MIX_COL[ | encryption round N-1 | ] -; | decryption round 2 | = INV_MIX_COL[ | encryption round N-2 | ] -; .... .... -; | decryption round N-1 | = INV_MIX_COL[ | encryption round 1 | ] -; hi: | decryption round N | = | input key (round 0) | -; -; with rounds except the first and last modified using inv_mix_column() -; But if AES_REV_DKS is NOT set the order of keys is left as it is for -; encryption so that it has to be accessed in reverse when used for -; decryption (although the inverse mix column modifications are done) -; -; lo: | decryption round 0 | = | input key (round 0) | -; | decryption round 1 | = INV_MIX_COL[ | encryption round 1 | ] -; | decryption round 2 | = INV_MIX_COL[ | encryption round 2 | ] -; .... .... -; | decryption round N-1 | = INV_MIX_COL[ | encryption round N-1 | ] -; hi: | decryption round N | = | encryption round N | -; -; This layout is faster when the assembler key scheduling provided here -; is used. -; -; End of user defines - -%ifdef AES_VAR -%ifndef AES_128 -%define AES_128 -%endif -%ifndef AES_192 -%define AES_192 -%endif -%ifndef AES_256 -%define AES_256 -%endif -%endif - -%ifdef AES_VAR -%define KS_LENGTH 60 -%elifdef AES_256 -%define KS_LENGTH 60 -%elifdef AES_192 -%define KS_LENGTH 52 -%else -%define KS_LENGTH 44 -%endif - -%ifdef REDUCE_CODE_SIZE - %macro mf_call 1 - call %1 - %endmacro -%else - %macro mf_call 1 - %1 - %endmacro -%endif - -; the DLL has to implement the _stdcall calling interface on return -; In this case we have to take our parameters (3 4-byte pointers) -; off the stack - -%define parms 12 - -%macro do_name 1-2 parms -%ifndef DLL_EXPORT - global %1 -%1: -%else - global %1@%2 - export %1@%2 -%1@%2: -%endif -%endmacro - -%macro do_call 1-2 parms -%ifndef DLL_EXPORT - call %1 - add esp,%2 -%else - call %1@%2 -%endif -%endmacro - -%macro do_exit 0-1 parms -%ifdef DLL_EXPORT - ret %1 -%else - ret -%endif -%endmacro - -%ifndef ASM_X86_V2C - do_name _aes_init,0 - do_exit 0 -%endif - -; finite field multiplies by {02}, {04} and {08} - -%define f2(x) ((x<<1)^(((x>>7)&1)*0x11b)) -%define f4(x) ((x<<2)^(((x>>6)&1)*0x11b)^(((x>>6)&2)*0x11b)) -%define f8(x) ((x<<3)^(((x>>5)&1)*0x11b)^(((x>>5)&2)*0x11b)^(((x>>5)&4)*0x11b)) - -; finite field multiplies required in table generation - -%define f3(x) (f2(x) ^ x) -%define f9(x) (f8(x) ^ x) -%define fb(x) (f8(x) ^ f2(x) ^ x) -%define fd(x) (f8(x) ^ f4(x) ^ x) -%define fe(x) (f8(x) ^ f4(x) ^ f2(x)) - -%define etab_0(x) [enc_tab+4+8*x] -%define etab_1(x) [enc_tab+3+8*x] -%define etab_2(x) [enc_tab+2+8*x] -%define etab_3(x) [enc_tab+1+8*x] -%define etab_b(x) byte [enc_tab+1+8*x] ; used with movzx for 0x000000xx -%define etab_w(x) word [enc_tab+8*x] ; used with movzx for 0x0000xx00 - -%define btab_0(x) [enc_tab+6+8*x] -%define btab_1(x) [enc_tab+5+8*x] -%define btab_2(x) [enc_tab+4+8*x] -%define btab_3(x) [enc_tab+3+8*x] - -; ROUND FUNCTION. Build column[2] on ESI and column[3] on EDI that have the -; round keys pre-loaded. Build column[0] in EBP and column[1] in EBX. -; -; Input: -; -; EAX column[0] -; EBX column[1] -; ECX column[2] -; EDX column[3] -; ESI column key[round][2] -; EDI column key[round][3] -; EBP scratch -; -; Output: -; -; EBP column[0] unkeyed -; EBX column[1] unkeyed -; ESI column[2] keyed -; EDI column[3] keyed -; EAX scratch -; ECX scratch -; EDX scratch - -%macro rnd_fun 2 - - rol ebx,16 - %1 esi, cl, 0, ebp - %1 esi, dh, 1, ebp - %1 esi, bh, 3, ebp - %1 edi, dl, 0, ebp - %1 edi, ah, 1, ebp - %1 edi, bl, 2, ebp - %2 ebp, al, 0, ebp - shr ebx,16 - and eax,0xffff0000 - or eax,ebx - shr edx,16 - %1 ebp, ah, 1, ebx - %1 ebp, dh, 3, ebx - %2 ebx, dl, 2, ebx - %1 ebx, ch, 1, edx - %1 ebx, al, 0, edx - shr eax,16 - shr ecx,16 - %1 ebp, cl, 2, edx - %1 edi, ch, 3, edx - %1 esi, al, 2, edx - %1 ebx, ah, 3, edx - -%endmacro - -; Basic MOV and XOR Operations for normal rounds - -%macro nr_xor 4 - movzx %4,%2 - xor %1,etab_%3(%4) -%endmacro - -%macro nr_mov 4 - movzx %4,%2 - mov %1,etab_%3(%4) -%endmacro - -; Basic MOV and XOR Operations for last round - -%if 1 - - %macro lr_xor 4 - movzx %4,%2 - movzx %4,etab_b(%4) - %if %3 != 0 - shl %4,8*%3 - %endif - xor %1,%4 - %endmacro - - %macro lr_mov 4 - movzx %4,%2 - movzx %1,etab_b(%4) - %if %3 != 0 - shl %1,8*%3 - %endif - %endmacro - -%else ; less effective but worth leaving as an option - - %macro lr_xor 4 - movzx %4,%2 - mov %4,btab_%3(%4) - and %4,0x000000ff << 8 * %3 - xor %1,%4 - %endmacro - - %macro lr_mov 4 - movzx %4,%2 - mov %1,btab_%3(%4) - and %1,0x000000ff << 8 * %3 - %endmacro - -%endif - -; Apply S-Box to the 4 bytes in a 32-bit word and rotate byte positions - -%ifdef REDUCE_CODE_SIZE - - global _ls_sub -_ls_sub: ; ls_sub(t,n) = ls_box(t,n) - mov ecx,[esp+8] - mov eax,[esp+4] - shl ecx,3 - rol eax,cl - xor edx,edx -l3s_col: - movzx ecx,al ; in eax - movzx ecx, etab_b(ecx) ; out eax - xor edx,ecx ; scratch ecx,edx - movzx ecx,ah - movzx ecx, etab_b(ecx) - shl ecx,8 - xor edx,ecx - shr eax,16 - movzx ecx,al - movzx ecx, etab_b(ecx) - shl ecx,16 - xor edx,ecx - movzx ecx,ah - movzx ecx, etab_b(ecx) - shl ecx,24 - xor edx,ecx - mov eax,edx - ret - -%else - -%macro l3s_col 0 - - movzx ecx,al ; in eax - movzx ecx, etab_b(ecx) ; out eax - xor edx,ecx ; scratch ecx,edx - movzx ecx,ah - movzx ecx, etab_b(ecx) - shl ecx,8 - xor edx,ecx - shr eax,16 - movzx ecx,al - movzx ecx, etab_b(ecx) - shl ecx,16 - xor edx,ecx - movzx ecx,ah - movzx ecx, etab_b(ecx) - shl ecx,24 - xor edx,ecx - mov eax,edx - -%endmacro - -%endif - -; offsets to parameters - -in_blk equ 4 ; input byte array address parameter -out_blk equ 8 ; output byte array address parameter -ctx equ 12 ; AES context structure -stk_spc equ 16 ; stack space - -%ifdef ENCRYPTION - -%define ENCRYPTION_TABLE - -%ifdef REDUCE_CODE_SIZE - -enc_round: - add ebp,16 - mov esi,[ebp+8] - mov edi,[ebp+12] - push ebp - rnd_fun nr_xor, nr_mov - mov eax,ebp - pop ebp - mov ecx,esi - mov edx,edi - xor eax,[ebp] - xor ebx,[ebp+4] - ret - -%else - -%macro enc_round 0 - - add ebp,16 - mov esi,[ebp+8] - mov edi,[ebp+12] - push ebp - rnd_fun nr_xor, nr_mov - mov eax,ebp - pop ebp - mov ecx,esi - mov edx,edi - xor eax,[ebp] - xor ebx,[ebp+4] - -%endmacro - -%endif - -%macro enc_last_round 0 - - add ebp,16 - mov esi,[ebp+8] - mov edi,[ebp+12] - push ebp - rnd_fun lr_xor, lr_mov - mov eax,ebp - pop ebp - xor eax,[ebp] - xor ebx,[ebp+4] - -%endmacro - - section .text align=32 - -; AES Encryption Subroutine - - align 32 - do_name _aes_encrypt,12 - push ebp - push ebx - push esi - push edi - -; load the input block - - mov esi,[esp+in_blk+stk_spc] ; input pointer - mov eax,[esi ] - mov ebx,[esi+ 4] - mov ecx,[esi+ 8] - mov edx,[esi+12] - -; and xor in first key block - - mov ebp,[esp+ctx+stk_spc] ; key pointer - movzx edi,byte [ebp+4*KS_LENGTH] - xor eax,[ebp ] - xor ebx,[ebp+ 4] - xor ecx,[ebp+ 8] - xor edx,[ebp+12] - -; determine the number of rounds - - cmp edi,10*16 - je .3 - cmp edi,12*16 - je .2 - cmp edi,14*16 - je .1 - mov eax,-1 - jmp .5 - -; do the encryption rounds - -.1: mf_call enc_round - mf_call enc_round -.2: mf_call enc_round - mf_call enc_round -.3: mf_call enc_round - mf_call enc_round - mf_call enc_round - mf_call enc_round - mf_call enc_round - mf_call enc_round - mf_call enc_round - mf_call enc_round - mf_call enc_round - enc_last_round - -; output the block - - mov edx,[esp+out_blk+stk_spc] - mov [edx ],eax - mov [edx+ 4],ebx - mov [edx+ 8],esi - mov [edx+12],edi - xor eax,eax - -.5: pop edi - pop esi - pop ebx - pop ebp - do_exit 12 - -%endif - -%macro f_key 2 - - push ecx - push edx - mov edx,esi - ror eax,8 - mf_call l3s_col - mov esi,eax - pop edx - pop ecx - xor esi,rc_val - - mov [ebp+%1*%2],esi - xor edi,esi - mov [ebp+%1*%2+4],edi - xor ecx,edi - mov [ebp+%1*%2+8],ecx - xor edx,ecx - mov [ebp+%1*%2+12],edx - mov eax,edx - -%if %2 == 24 - -%if %1 < 7 - xor eax,[ebp+%1*%2+16-%2] - mov [ebp+%1*%2+16],eax - xor eax,[ebp+%1*%2+20-%2] - mov [ebp+%1*%2+20],eax -%endif - -%elif %2 == 32 - -%if %1 < 6 - push ecx - push edx - mov edx,[ebp+%1*%2+16-%2] - mf_call l3s_col - pop edx - pop ecx - mov [ebp+%1*%2+16],eax - xor eax,[ebp+%1*%2+20-%2] - mov [ebp+%1*%2+20],eax - xor eax,[ebp+%1*%2+24-%2] - mov [ebp+%1*%2+24],eax - xor eax,[ebp+%1*%2+28-%2] - mov [ebp+%1*%2+28],eax -%endif - -%endif - -%assign rc_val f2(rc_val) - -%endmacro - -%ifdef ENCRYPTION_KEY_SCHEDULE - -%ifdef AES_128 - -%ifndef ENCRYPTION_TABLE -%define ENCRYPTION_TABLE -%endif - -%assign rc_val 1 - - align 32 - do_name _aes_encrypt_key128,8 - push ebp - push ebx - push esi - push edi - - mov ebp,[esp+24] - mov [ebp+4*KS_LENGTH],dword 10*16 - mov ebx,[esp+20] - - mov esi,[ebx] - mov [ebp],esi - mov edi,[ebx+4] - mov [ebp+4],edi - mov ecx,[ebx+8] - mov [ebp+8],ecx - mov edx,[ebx+12] - mov [ebp+12],edx - add ebp,16 - mov eax,edx - - f_key 0,16 ; 11 * 4 = 44 unsigned longs - f_key 1,16 ; 4 + 4 * 10 generated = 44 - f_key 2,16 - f_key 3,16 - f_key 4,16 - f_key 5,16 - f_key 6,16 - f_key 7,16 - f_key 8,16 - f_key 9,16 - - pop edi - pop esi - pop ebx - pop ebp - xor eax,eax - do_exit 8 - -%endif - -%ifdef AES_192 - -%ifndef ENCRYPTION_TABLE -%define ENCRYPTION_TABLE -%endif - -%assign rc_val 1 - - align 32 - do_name _aes_encrypt_key192,8 - push ebp - push ebx - push esi - push edi - - mov ebp,[esp+24] - mov [ebp+4*KS_LENGTH],dword 12 * 16 - mov ebx,[esp+20] - - mov esi,[ebx] - mov [ebp],esi - mov edi,[ebx+4] - mov [ebp+4],edi - mov ecx,[ebx+8] - mov [ebp+8],ecx - mov edx,[ebx+12] - mov [ebp+12],edx - mov eax,[ebx+16] - mov [ebp+16],eax - mov eax,[ebx+20] - mov [ebp+20],eax - add ebp,24 - - f_key 0,24 ; 13 * 4 = 52 unsigned longs - f_key 1,24 ; 6 + 6 * 8 generated = 54 - f_key 2,24 - f_key 3,24 - f_key 4,24 - f_key 5,24 - f_key 6,24 - f_key 7,24 - - pop edi - pop esi - pop ebx - pop ebp - xor eax,eax - do_exit 8 - -%endif - -%ifdef AES_256 - -%ifndef ENCRYPTION_TABLE -%define ENCRYPTION_TABLE -%endif - -%assign rc_val 1 - - align 32 - do_name _aes_encrypt_key256,8 - push ebp - push ebx - push esi - push edi - - mov ebp,[esp+24] - mov [ebp+4*KS_LENGTH],dword 14 * 16 - mov ebx,[esp+20] - - mov esi,[ebx] - mov [ebp],esi - mov edi,[ebx+4] - mov [ebp+4],edi - mov ecx,[ebx+8] - mov [ebp+8],ecx - mov edx,[ebx+12] - mov [ebp+12],edx - mov eax,[ebx+16] - mov [ebp+16],eax - mov eax,[ebx+20] - mov [ebp+20],eax - mov eax,[ebx+24] - mov [ebp+24],eax - mov eax,[ebx+28] - mov [ebp+28],eax - add ebp,32 - - f_key 0,32 ; 15 * 4 = 60 unsigned longs - f_key 1,32 ; 8 + 8 * 7 generated = 64 - f_key 2,32 - f_key 3,32 - f_key 4,32 - f_key 5,32 - f_key 6,32 - - pop edi - pop esi - pop ebx - pop ebp - xor eax,eax - do_exit 8 - -%endif - -%ifdef AES_VAR - -%ifndef ENCRYPTION_TABLE -%define ENCRYPTION_TABLE -%endif - - align 32 - do_name _aes_encrypt_key,12 - - mov ecx,[esp+4] - mov eax,[esp+8] - mov edx,[esp+12] - push edx - push ecx - - cmp eax,16 - je .1 - cmp eax,128 - je .1 - - cmp eax,24 - je .2 - cmp eax,192 - je .2 - - cmp eax,32 - je .3 - cmp eax,256 - je .3 - mov eax,-1 - add esp,8 - do_exit 12 - -.1: do_call _aes_encrypt_key128,8 - do_exit 12 -.2: do_call _aes_encrypt_key192,8 - do_exit 12 -.3: do_call _aes_encrypt_key256,8 - do_exit 12 - -%endif - -%endif - -%ifdef ENCRYPTION_TABLE - -; S-box data - 256 entries - - section .data align=32 - align 32 - -%define u8(x) 0, x, x, f3(x), f2(x), x, x, f3(x) - -enc_tab: - db u8(0x63),u8(0x7c),u8(0x77),u8(0x7b),u8(0xf2),u8(0x6b),u8(0x6f),u8(0xc5) - db u8(0x30),u8(0x01),u8(0x67),u8(0x2b),u8(0xfe),u8(0xd7),u8(0xab),u8(0x76) - db u8(0xca),u8(0x82),u8(0xc9),u8(0x7d),u8(0xfa),u8(0x59),u8(0x47),u8(0xf0) - db u8(0xad),u8(0xd4),u8(0xa2),u8(0xaf),u8(0x9c),u8(0xa4),u8(0x72),u8(0xc0) - db u8(0xb7),u8(0xfd),u8(0x93),u8(0x26),u8(0x36),u8(0x3f),u8(0xf7),u8(0xcc) - db u8(0x34),u8(0xa5),u8(0xe5),u8(0xf1),u8(0x71),u8(0xd8),u8(0x31),u8(0x15) - db u8(0x04),u8(0xc7),u8(0x23),u8(0xc3),u8(0x18),u8(0x96),u8(0x05),u8(0x9a) - db u8(0x07),u8(0x12),u8(0x80),u8(0xe2),u8(0xeb),u8(0x27),u8(0xb2),u8(0x75) - db u8(0x09),u8(0x83),u8(0x2c),u8(0x1a),u8(0x1b),u8(0x6e),u8(0x5a),u8(0xa0) - db u8(0x52),u8(0x3b),u8(0xd6),u8(0xb3),u8(0x29),u8(0xe3),u8(0x2f),u8(0x84) - db u8(0x53),u8(0xd1),u8(0x00),u8(0xed),u8(0x20),u8(0xfc),u8(0xb1),u8(0x5b) - db u8(0x6a),u8(0xcb),u8(0xbe),u8(0x39),u8(0x4a),u8(0x4c),u8(0x58),u8(0xcf) - db u8(0xd0),u8(0xef),u8(0xaa),u8(0xfb),u8(0x43),u8(0x4d),u8(0x33),u8(0x85) - db u8(0x45),u8(0xf9),u8(0x02),u8(0x7f),u8(0x50),u8(0x3c),u8(0x9f),u8(0xa8) - db u8(0x51),u8(0xa3),u8(0x40),u8(0x8f),u8(0x92),u8(0x9d),u8(0x38),u8(0xf5) - db u8(0xbc),u8(0xb6),u8(0xda),u8(0x21),u8(0x10),u8(0xff),u8(0xf3),u8(0xd2) - db u8(0xcd),u8(0x0c),u8(0x13),u8(0xec),u8(0x5f),u8(0x97),u8(0x44),u8(0x17) - db u8(0xc4),u8(0xa7),u8(0x7e),u8(0x3d),u8(0x64),u8(0x5d),u8(0x19),u8(0x73) - db u8(0x60),u8(0x81),u8(0x4f),u8(0xdc),u8(0x22),u8(0x2a),u8(0x90),u8(0x88) - db u8(0x46),u8(0xee),u8(0xb8),u8(0x14),u8(0xde),u8(0x5e),u8(0x0b),u8(0xdb) - db u8(0xe0),u8(0x32),u8(0x3a),u8(0x0a),u8(0x49),u8(0x06),u8(0x24),u8(0x5c) - db u8(0xc2),u8(0xd3),u8(0xac),u8(0x62),u8(0x91),u8(0x95),u8(0xe4),u8(0x79) - db u8(0xe7),u8(0xc8),u8(0x37),u8(0x6d),u8(0x8d),u8(0xd5),u8(0x4e),u8(0xa9) - db u8(0x6c),u8(0x56),u8(0xf4),u8(0xea),u8(0x65),u8(0x7a),u8(0xae),u8(0x08) - db u8(0xba),u8(0x78),u8(0x25),u8(0x2e),u8(0x1c),u8(0xa6),u8(0xb4),u8(0xc6) - db u8(0xe8),u8(0xdd),u8(0x74),u8(0x1f),u8(0x4b),u8(0xbd),u8(0x8b),u8(0x8a) - db u8(0x70),u8(0x3e),u8(0xb5),u8(0x66),u8(0x48),u8(0x03),u8(0xf6),u8(0x0e) - db u8(0x61),u8(0x35),u8(0x57),u8(0xb9),u8(0x86),u8(0xc1),u8(0x1d),u8(0x9e) - db u8(0xe1),u8(0xf8),u8(0x98),u8(0x11),u8(0x69),u8(0xd9),u8(0x8e),u8(0x94) - db u8(0x9b),u8(0x1e),u8(0x87),u8(0xe9),u8(0xce),u8(0x55),u8(0x28),u8(0xdf) - db u8(0x8c),u8(0xa1),u8(0x89),u8(0x0d),u8(0xbf),u8(0xe6),u8(0x42),u8(0x68) - db u8(0x41),u8(0x99),u8(0x2d),u8(0x0f),u8(0xb0),u8(0x54),u8(0xbb),u8(0x16) - -%endif - -%ifdef DECRYPTION - -%define DECRYPTION_TABLE - -%define dtab_0(x) [dec_tab+ 8*x] -%define dtab_1(x) [dec_tab+3+8*x] -%define dtab_2(x) [dec_tab+2+8*x] -%define dtab_3(x) [dec_tab+1+8*x] -%define dtab_x(x) byte [dec_tab+7+8*x] - -%macro irn_fun 2 - - rol eax,16 - %1 esi, cl, 0, ebp - %1 esi, bh, 1, ebp - %1 esi, al, 2, ebp - %1 edi, dl, 0, ebp - %1 edi, ch, 1, ebp - %1 edi, ah, 3, ebp - %2 ebp, bl, 0, ebp - shr eax,16 - and ebx,0xffff0000 - or ebx,eax - shr ecx,16 - %1 ebp, bh, 1, eax - %1 ebp, ch, 3, eax - %2 eax, cl, 2, ecx - %1 eax, bl, 0, ecx - %1 eax, dh, 1, ecx - shr ebx,16 - shr edx,16 - %1 esi, dh, 3, ecx - %1 ebp, dl, 2, ecx - %1 eax, bh, 3, ecx - %1 edi, bl, 2, ecx - -%endmacro - -; Basic MOV and XOR Operations for normal rounds - -%macro ni_xor 4 - movzx %4,%2 - xor %1,dtab_%3(%4) -%endmacro - -%macro ni_mov 4 - movzx %4,%2 - mov %1,dtab_%3(%4) -%endmacro - -; Basic MOV and XOR Operations for last round - -%macro li_xor 4 - movzx %4,%2 - movzx %4,dtab_x(%4) -%if %3 != 0 - shl %4,8*%3 -%endif - xor %1,%4 -%endmacro - -%macro li_mov 4 - movzx %4,%2 - movzx %1,dtab_x(%4) -%if %3 != 0 - shl %1,8*%3 -%endif -%endmacro - -%ifdef REDUCE_CODE_SIZE - -dec_round: -%ifdef AES_REV_DKS - add ebp,16 -%else - sub ebp,16 -%endif - mov esi,[ebp+8] - mov edi,[ebp+12] - push ebp - irn_fun ni_xor, ni_mov - mov ebx,ebp - pop ebp - mov ecx,esi - mov edx,edi - xor eax,[ebp] - xor ebx,[ebp+4] - ret - -%else - -%macro dec_round 0 - -%ifdef AES_REV_DKS - add ebp,16 -%else - sub ebp,16 -%endif - mov esi,[ebp+8] - mov edi,[ebp+12] - push ebp - irn_fun ni_xor, ni_mov - mov ebx,ebp - pop ebp - mov ecx,esi - mov edx,edi - xor eax,[ebp] - xor ebx,[ebp+4] - -%endmacro - -%endif - -%macro dec_last_round 0 - -%ifdef AES_REV_DKS - add ebp,16 -%else - sub ebp,16 -%endif - mov esi,[ebp+8] - mov edi,[ebp+12] - push ebp - irn_fun li_xor, li_mov - mov ebx,ebp - pop ebp - xor eax,[ebp] - xor ebx,[ebp+4] - -%endmacro - - section .text - -; AES Decryption Subroutine - - align 32 - do_name _aes_decrypt,12 - push ebp - push ebx - push esi - push edi - -; load the input block - - mov esi,[esp+in_blk+stk_spc] ; input pointer - mov eax,[esi ] - mov ebx,[esi+ 4] - mov ecx,[esi+ 8] - mov edx,[esi+12] - lea esi,[esi+16] - -; xor in the first round key - - mov ebp,[esp+ctx+stk_spc] ; key pointer - movzx edi,byte[ebp+4*KS_LENGTH] -%ifndef AES_REV_DKS ; if decryption key schedule is not reversed - lea ebp,[ebp+edi] ; we have to access it from the top down -%endif - xor eax,[ebp ] ; key schedule - xor ebx,[ebp+ 4] - xor ecx,[ebp+ 8] - xor edx,[ebp+12] - -; determine the number of rounds - - cmp edi,10*16 - je .3 - cmp edi,12*16 - je .2 - cmp edi,14*16 - je .1 - mov eax,-1 - jmp .5 - -; perform the decryption rounds - -.1: mf_call dec_round - mf_call dec_round -.2: mf_call dec_round - mf_call dec_round -.3: mf_call dec_round - mf_call dec_round - mf_call dec_round - mf_call dec_round - mf_call dec_round - mf_call dec_round - mf_call dec_round - mf_call dec_round - mf_call dec_round - dec_last_round - -; output the block - - mov ebp,[esp+out_blk+stk_spc] - mov [ebp ],eax - mov [ebp+ 4],ebx - mov [ebp+ 8],esi - mov [ebp+12],edi - xor eax,eax - -.5: pop edi - pop esi - pop ebx - pop ebp - do_exit 12 - -%endif - -%ifdef REDUCE_CODE_SIZE - - global _im_sub -_im_sub: - mov edx,[esp+4] -inv_mix_col: - movzx ecx,dl ; input eax, edx - movzx ecx,etab_b(ecx) ; output eax - mov eax,dtab_0(ecx) ; used ecx - movzx ecx,dh - shr edx,16 - movzx ecx,etab_b(ecx) - xor eax,dtab_1(ecx) - movzx ecx,dl - movzx ecx,etab_b(ecx) - xor eax,dtab_2(ecx) - movzx ecx,dh - movzx ecx,etab_b(ecx) - xor eax,dtab_3(ecx) - ret - -%else - -%macro inv_mix_col 0 - - movzx ecx,dl ; input eax, edx - movzx ecx,etab_b(ecx) ; output eax - mov eax,dtab_0(ecx) ; used ecx - movzx ecx,dh - shr edx,16 - movzx ecx,etab_b(ecx) - xor eax,dtab_1(ecx) - movzx ecx,dl - movzx ecx,etab_b(ecx) - xor eax,dtab_2(ecx) - movzx ecx,dh - movzx ecx,etab_b(ecx) - xor eax,dtab_3(ecx) - -%endmacro - -%endif - -%ifdef DECRYPTION_KEY_SCHEDULE - -%ifdef AES_128 - -%ifndef DECRYPTION_TABLE -%define DECRYPTION_TABLE -%endif - - align 32 - do_name _aes_decrypt_key128,8 - push ebp - push ebx - push esi - push edi - - mov eax,[esp+24] ; context - mov edx,[esp+20] ; key - push eax - push edx - do_call _aes_encrypt_key128,8 ; generate expanded encryption key - mov eax,10*16 - mov esi,[esp+24] ; pointer to first round key - lea edi,[esi+eax] ; pointer to last round key - add esi,32 - ; the inverse mix column transformation - mov edx,[esi-16] ; needs to be applied to all round keys - mf_call inv_mix_col ; except first and last. Hence start by - mov [esi-16],eax ; transforming the four sub-keys in the - mov edx,[esi-12] ; second round key - mf_call inv_mix_col - mov [esi-12],eax ; transformations for subsequent rounds - mov edx,[esi-8] ; can then be made more efficient by - mf_call inv_mix_col ; noting that for three of the four sub-keys - mov [esi-8],eax ; in the encryption round key ek[r]: - mov edx,[esi-4] ; - mf_call inv_mix_col ; ek[r][n] = ek[r][n-1] ^ ek[r-1][n] - mov [esi-4],eax ; - ; where n is 1..3. Hence the corresponding -.0: mov edx,[esi] ; subkeys in the decryption round key dk[r] - mf_call inv_mix_col ; also obey since inv_mix_col is linear in - mov [esi],eax ; GF(256): - xor eax,[esi-12] ; - mov [esi+4],eax ; dk[r][n] = dk[r][n-1] ^ dk[r-1][n] - xor eax,[esi-8] ; - mov [esi+8],eax ; So we only need one inverse mix column - xor eax,[esi-4] ; operation (n = 0) for each four word cycle - mov [esi+12],eax ; in the expanded key. - add esi,16 - cmp edi,esi - jg .0 - jmp dec_end - -%endif - -%ifdef AES_192 - -%ifndef DECRYPTION_TABLE -%define DECRYPTION_TABLE -%endif - - align 32 - do_name _aes_decrypt_key192,8 - push ebp - push ebx - push esi - push edi - - mov eax,[esp+24] ; context - mov edx,[esp+20] ; key - push eax - push edx - do_call _aes_encrypt_key192,8 ; generate expanded encryption key - mov eax,12*16 - mov esi,[esp+24] ; first round key - lea edi,[esi+eax] ; last round key - add esi,48 ; the first 6 words are the key, of - ; which the top 2 words are part of - mov edx,[esi-32] ; the second round key and hence - mf_call inv_mix_col ; need to be modified. After this we - mov [esi-32],eax ; need to do a further six values prior - mov edx,[esi-28] ; to using a more efficient technique - mf_call inv_mix_col ; based on: - mov [esi-28],eax ; - ; dk[r][n] = dk[r][n-1] ^ dk[r-1][n] - mov edx,[esi-24] ; - mf_call inv_mix_col ; for n = 1 .. 5 where the key expansion - mov [esi-24],eax ; cycle is now 6 words long - mov edx,[esi-20] - mf_call inv_mix_col - mov [esi-20],eax - mov edx,[esi-16] - mf_call inv_mix_col - mov [esi-16],eax - mov edx,[esi-12] - mf_call inv_mix_col - mov [esi-12],eax - mov edx,[esi-8] - mf_call inv_mix_col - mov [esi-8],eax - mov edx,[esi-4] - mf_call inv_mix_col - mov [esi-4],eax - -.0: mov edx,[esi] ; the expanded key is 13 * 4 = 44 32-bit words - mf_call inv_mix_col ; of which 11 * 4 = 44 have to be modified - mov [esi],eax ; using inv_mix_col. We have already done 8 - xor eax,[esi-20] ; of these so 36 are left - hence we need - mov [esi+4],eax ; exactly 6 loops of six here - xor eax,[esi-16] - mov [esi+8],eax - xor eax,[esi-12] - mov [esi+12],eax - xor eax,[esi-8] - mov [esi+16],eax - xor eax,[esi-4] - mov [esi+20],eax - add esi,24 - cmp edi,esi - jg .0 - jmp dec_end - -%endif - -%ifdef AES_256 - -%ifndef DECRYPTION_TABLE -%define DECRYPTION_TABLE -%endif - - align 32 - do_name _aes_decrypt_key256,8 - push ebp - push ebx - push esi - push edi - - mov eax,[esp+24] - mov edx,[esp+20] - push eax - push edx - do_call _aes_encrypt_key256,8 ; generate expanded encryption key - mov eax,14*16 - mov esi,[esp+24] - lea edi,[esi+eax] - add esi,64 - - mov edx,[esi-48] ; the primary key is 8 words, of which - mf_call inv_mix_col ; the top four require modification - mov [esi-48],eax - mov edx,[esi-44] - mf_call inv_mix_col - mov [esi-44],eax - mov edx,[esi-40] - mf_call inv_mix_col - mov [esi-40],eax - mov edx,[esi-36] - mf_call inv_mix_col - mov [esi-36],eax - - mov edx,[esi-32] ; the encryption key expansion cycle is - mf_call inv_mix_col ; now eight words long so we need to - mov [esi-32],eax ; start by doing one complete block - mov edx,[esi-28] - mf_call inv_mix_col - mov [esi-28],eax - mov edx,[esi-24] - mf_call inv_mix_col - mov [esi-24],eax - mov edx,[esi-20] - mf_call inv_mix_col - mov [esi-20],eax - mov edx,[esi-16] - mf_call inv_mix_col - mov [esi-16],eax - mov edx,[esi-12] - mf_call inv_mix_col - mov [esi-12],eax - mov edx,[esi-8] - mf_call inv_mix_col - mov [esi-8],eax - mov edx,[esi-4] - mf_call inv_mix_col - mov [esi-4],eax - -.0: mov edx,[esi] ; we can now speed up the remaining - mf_call inv_mix_col ; rounds by using the technique - mov [esi],eax ; outlined earlier. But note that - xor eax,[esi-28] ; there is one extra inverse mix - mov [esi+4],eax ; column operation as the 256 bit - xor eax,[esi-24] ; key has an extra non-linear step - mov [esi+8],eax ; for the midway element. - xor eax,[esi-20] - mov [esi+12],eax ; the expanded key is 15 * 4 = 60 - mov edx,[esi+16] ; 32-bit words of which 52 need to - mf_call inv_mix_col ; be modified. We have already done - mov [esi+16],eax ; 12 so 40 are left - which means - xor eax,[esi-12] ; that we need exactly 5 loops of 8 - mov [esi+20],eax - xor eax,[esi-8] - mov [esi+24],eax - xor eax,[esi-4] - mov [esi+28],eax - add esi,32 - cmp edi,esi - jg .0 - -%endif - -dec_end: - -%ifdef AES_REV_DKS - - mov esi,[esp+24] ; this reverses the order of the -.1: mov eax,[esi] ; round keys if required - mov ebx,[esi+4] - mov ebp,[edi] - mov edx,[edi+4] - mov [esi],ebp - mov [esi+4],edx - mov [edi],eax - mov [edi+4],ebx - - mov eax,[esi+8] - mov ebx,[esi+12] - mov ebp,[edi+8] - mov edx,[edi+12] - mov [esi+8],ebp - mov [esi+12],edx - mov [edi+8],eax - mov [edi+12],ebx - - add esi,16 - sub edi,16 - cmp edi,esi - jg .1 - -%endif - - pop edi - pop esi - pop ebx - pop ebp - xor eax,eax - do_exit 8 - -%ifdef AES_VAR - - align 32 - do_name _aes_decrypt_key,12 - - mov ecx,[esp+4] - mov eax,[esp+8] - mov edx,[esp+12] - push edx - push ecx - - cmp eax,16 - je .1 - cmp eax,128 - je .1 - - cmp eax,24 - je .2 - cmp eax,192 - je .2 - - cmp eax,32 - je .3 - cmp eax,256 - je .3 - mov eax,-1 - add esp,8 - do_exit 12 - -.1: do_call _aes_decrypt_key128,8 - do_exit 12 -.2: do_call _aes_decrypt_key192,8 - do_exit 12 -.3: do_call _aes_decrypt_key256,8 - do_exit 12 - -%endif - -%endif - -%ifdef DECRYPTION_TABLE - -; Inverse S-box data - 256 entries - - section .data - align 32 - -%define v8(x) fe(x), f9(x), fd(x), fb(x), fe(x), f9(x), fd(x), x - -dec_tab: - db v8(0x52),v8(0x09),v8(0x6a),v8(0xd5),v8(0x30),v8(0x36),v8(0xa5),v8(0x38) - db v8(0xbf),v8(0x40),v8(0xa3),v8(0x9e),v8(0x81),v8(0xf3),v8(0xd7),v8(0xfb) - db v8(0x7c),v8(0xe3),v8(0x39),v8(0x82),v8(0x9b),v8(0x2f),v8(0xff),v8(0x87) - db v8(0x34),v8(0x8e),v8(0x43),v8(0x44),v8(0xc4),v8(0xde),v8(0xe9),v8(0xcb) - db v8(0x54),v8(0x7b),v8(0x94),v8(0x32),v8(0xa6),v8(0xc2),v8(0x23),v8(0x3d) - db v8(0xee),v8(0x4c),v8(0x95),v8(0x0b),v8(0x42),v8(0xfa),v8(0xc3),v8(0x4e) - db v8(0x08),v8(0x2e),v8(0xa1),v8(0x66),v8(0x28),v8(0xd9),v8(0x24),v8(0xb2) - db v8(0x76),v8(0x5b),v8(0xa2),v8(0x49),v8(0x6d),v8(0x8b),v8(0xd1),v8(0x25) - db v8(0x72),v8(0xf8),v8(0xf6),v8(0x64),v8(0x86),v8(0x68),v8(0x98),v8(0x16) - db v8(0xd4),v8(0xa4),v8(0x5c),v8(0xcc),v8(0x5d),v8(0x65),v8(0xb6),v8(0x92) - db v8(0x6c),v8(0x70),v8(0x48),v8(0x50),v8(0xfd),v8(0xed),v8(0xb9),v8(0xda) - db v8(0x5e),v8(0x15),v8(0x46),v8(0x57),v8(0xa7),v8(0x8d),v8(0x9d),v8(0x84) - db v8(0x90),v8(0xd8),v8(0xab),v8(0x00),v8(0x8c),v8(0xbc),v8(0xd3),v8(0x0a) - db v8(0xf7),v8(0xe4),v8(0x58),v8(0x05),v8(0xb8),v8(0xb3),v8(0x45),v8(0x06) - db v8(0xd0),v8(0x2c),v8(0x1e),v8(0x8f),v8(0xca),v8(0x3f),v8(0x0f),v8(0x02) - db v8(0xc1),v8(0xaf),v8(0xbd),v8(0x03),v8(0x01),v8(0x13),v8(0x8a),v8(0x6b) - db v8(0x3a),v8(0x91),v8(0x11),v8(0x41),v8(0x4f),v8(0x67),v8(0xdc),v8(0xea) - db v8(0x97),v8(0xf2),v8(0xcf),v8(0xce),v8(0xf0),v8(0xb4),v8(0xe6),v8(0x73) - db v8(0x96),v8(0xac),v8(0x74),v8(0x22),v8(0xe7),v8(0xad),v8(0x35),v8(0x85) - db v8(0xe2),v8(0xf9),v8(0x37),v8(0xe8),v8(0x1c),v8(0x75),v8(0xdf),v8(0x6e) - db v8(0x47),v8(0xf1),v8(0x1a),v8(0x71),v8(0x1d),v8(0x29),v8(0xc5),v8(0x89) - db v8(0x6f),v8(0xb7),v8(0x62),v8(0x0e),v8(0xaa),v8(0x18),v8(0xbe),v8(0x1b) - db v8(0xfc),v8(0x56),v8(0x3e),v8(0x4b),v8(0xc6),v8(0xd2),v8(0x79),v8(0x20) - db v8(0x9a),v8(0xdb),v8(0xc0),v8(0xfe),v8(0x78),v8(0xcd),v8(0x5a),v8(0xf4) - db v8(0x1f),v8(0xdd),v8(0xa8),v8(0x33),v8(0x88),v8(0x07),v8(0xc7),v8(0x31) - db v8(0xb1),v8(0x12),v8(0x10),v8(0x59),v8(0x27),v8(0x80),v8(0xec),v8(0x5f) - db v8(0x60),v8(0x51),v8(0x7f),v8(0xa9),v8(0x19),v8(0xb5),v8(0x4a),v8(0x0d) - db v8(0x2d),v8(0xe5),v8(0x7a),v8(0x9f),v8(0x93),v8(0xc9),v8(0x9c),v8(0xef) - db v8(0xa0),v8(0xe0),v8(0x3b),v8(0x4d),v8(0xae),v8(0x2a),v8(0xf5),v8(0xb0) - db v8(0xc8),v8(0xeb),v8(0xbb),v8(0x3c),v8(0x83),v8(0x53),v8(0x99),v8(0x61) - db v8(0x17),v8(0x2b),v8(0x04),v8(0x7e),v8(0xba),v8(0x77),v8(0xd6),v8(0x26) - db v8(0xe1),v8(0x69),v8(0x14),v8(0x63),v8(0x55),v8(0x21),v8(0x0c),v8(0x7d) - -%endif - - end - diff --git a/src/java/kp2akeytransform/jni/aes/aescpp.h b/src/java/kp2akeytransform/jni/aes/aescpp.h deleted file mode 100644 index 291b4e09b..000000000 --- a/src/java/kp2akeytransform/jni/aes/aescpp.h +++ /dev/null @@ -1,148 +0,0 @@ -/* - --------------------------------------------------------------------------- - Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved. - - LICENSE TERMS - - The redistribution and use of this software (with or without changes) - is allowed without the payment of fees or royalties provided that: - - 1. source code distributions include the above copyright notice, this - list of conditions and the following disclaimer; - - 2. binary distributions include the above copyright notice, this list - of conditions and the following disclaimer in their documentation; - - 3. the name of the copyright holder is not used to endorse products - built using this software without specific written permission. - - DISCLAIMER - - This software is provided 'as is' with no explicit or implied warranties - in respect of its properties, including, but not limited to, correctness - and/or fitness for purpose. - --------------------------------------------------------------------------- - Issue Date: 20/12/2007 - - This file contains the definitions required to use AES (Rijndael) in C++. -*/ - -#ifndef _AESCPP_H -#define _AESCPP_H - -#include "aes.h" - -#if defined( AES_ENCRYPT ) - -class AESencrypt -{ -public: - aes_encrypt_ctx cx[1]; - AESencrypt(void) { aes_init(); }; -#if defined(AES_128) - AESencrypt(const unsigned char key[]) - { aes_encrypt_key128(key, cx); } - AES_RETURN key128(const unsigned char key[]) - { return aes_encrypt_key128(key, cx); } -#endif -#if defined(AES_192) - AES_RETURN key192(const unsigned char key[]) - { return aes_encrypt_key192(key, cx); } -#endif -#if defined(AES_256) - AES_RETURN key256(const unsigned char key[]) - { return aes_encrypt_key256(key, cx); } -#endif -#if defined(AES_VAR) - AES_RETURN key(const unsigned char key[], int key_len) - { return aes_encrypt_key(key, key_len, cx); } -#endif - AES_RETURN encrypt(const unsigned char in[], unsigned char out[]) const - { return aes_encrypt(in, out, cx); } -#ifndef AES_MODES - AES_RETURN ecb_encrypt(const unsigned char in[], unsigned char out[], int nb) const - { while(nb--) - { aes_encrypt(in, out, cx), in += AES_BLOCK_SIZE, out += AES_BLOCK_SIZE; } - } -#endif -#ifdef AES_MODES - AES_RETURN mode_reset(void) { return aes_mode_reset(cx); } - - AES_RETURN ecb_encrypt(const unsigned char in[], unsigned char out[], int nb) const - { return aes_ecb_encrypt(in, out, nb, cx); } - - AES_RETURN cbc_encrypt(const unsigned char in[], unsigned char out[], int nb, - unsigned char iv[]) const - { return aes_cbc_encrypt(in, out, nb, iv, cx); } - - AES_RETURN cfb_encrypt(const unsigned char in[], unsigned char out[], int nb, - unsigned char iv[]) - { return aes_cfb_encrypt(in, out, nb, iv, cx); } - - AES_RETURN cfb_decrypt(const unsigned char in[], unsigned char out[], int nb, - unsigned char iv[]) - { return aes_cfb_decrypt(in, out, nb, iv, cx); } - - AES_RETURN ofb_crypt(const unsigned char in[], unsigned char out[], int nb, - unsigned char iv[]) - { return aes_ofb_crypt(in, out, nb, iv, cx); } - - typedef void ctr_fn(unsigned char ctr[]); - - AES_RETURN ctr_crypt(const unsigned char in[], unsigned char out[], int nb, - unsigned char iv[], ctr_fn cf) - { return aes_ctr_crypt(in, out, nb, iv, cf, cx); } - -#endif - -}; - -#endif - -#if defined( AES_DECRYPT ) - -class AESdecrypt -{ -public: - aes_decrypt_ctx cx[1]; - AESdecrypt(void) { aes_init(); }; -#if defined(AES_128) - AESdecrypt(const unsigned char key[]) - { aes_decrypt_key128(key, cx); } - AES_RETURN key128(const unsigned char key[]) - { return aes_decrypt_key128(key, cx); } -#endif -#if defined(AES_192) - AES_RETURN key192(const unsigned char key[]) - { return aes_decrypt_key192(key, cx); } -#endif -#if defined(AES_256) - AES_RETURN key256(const unsigned char key[]) - { return aes_decrypt_key256(key, cx); } -#endif -#if defined(AES_VAR) - AES_RETURN key(const unsigned char key[], int key_len) - { return aes_decrypt_key(key, key_len, cx); } -#endif - AES_RETURN decrypt(const unsigned char in[], unsigned char out[]) const - { return aes_decrypt(in, out, cx); } -#ifndef AES_MODES - AES_RETURN ecb_decrypt(const unsigned char in[], unsigned char out[], int nb) const - { while(nb--) - { aes_decrypt(in, out, cx), in += AES_BLOCK_SIZE, out += AES_BLOCK_SIZE; } - } -#endif -#ifdef AES_MODES - - AES_RETURN ecb_decrypt(const unsigned char in[], unsigned char out[], int nb) const - { return aes_ecb_decrypt(in, out, nb, cx); } - - AES_RETURN cbc_decrypt(const unsigned char in[], unsigned char out[], int nb, - unsigned char iv[]) const - { return aes_cbc_decrypt(in, out, nb, iv, cx); } -#endif -}; - -#endif - -#endif diff --git a/src/java/kp2akeytransform/jni/aes/aescrypt.c b/src/java/kp2akeytransform/jni/aes/aescrypt.c deleted file mode 100644 index f11e56c34..000000000 --- a/src/java/kp2akeytransform/jni/aes/aescrypt.c +++ /dev/null @@ -1,301 +0,0 @@ -/* - --------------------------------------------------------------------------- - Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved. - - LICENSE TERMS - - The redistribution and use of this software (with or without changes) - is allowed without the payment of fees or royalties provided that: - - 1. source code distributions include the above copyright notice, this - list of conditions and the following disclaimer; - - 2. binary distributions include the above copyright notice, this list - of conditions and the following disclaimer in their documentation; - - 3. the name of the copyright holder is not used to endorse products - built using this software without specific written permission. - - DISCLAIMER - - This software is provided 'as is' with no explicit or implied warranties - in respect of its properties, including, but not limited to, correctness - and/or fitness for purpose. - --------------------------------------------------------------------------- - Issue Date: 20/12/2007 -*/ - -#include "aesopt.h" -#include "aestab.h" - -#if defined(__cplusplus) -extern "C" -{ -#endif - -#define si(y,x,k,c) (s(y,c) = word_in(x, c) ^ (k)[c]) -#define so(y,x,c) word_out(y, c, s(x,c)) - -#if defined(ARRAYS) -#define locals(y,x) x[4],y[4] -#else -#define locals(y,x) x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3 -#endif - -#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \ - s(y,2) = s(x,2); s(y,3) = s(x,3); -#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3) -#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3) -#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3) - -#if ( FUNCS_IN_C & ENCRYPTION_IN_C ) - -/* Visual C++ .Net v7.1 provides the fastest encryption code when using - Pentium optimiation with small code but this is poor for decryption - so we need to control this with the following VC++ pragmas -*/ - -#if defined( _MSC_VER ) && !defined( _WIN64 ) -#pragma optimize( "s", on ) -#endif - -/* Given the column (c) of the output state variable, the following - macros give the input state variables which are needed in its - computation for each row (r) of the state. All the alternative - macros give the same end values but expand into different ways - of calculating these values. In particular the complex macro - used for dynamically variable block sizes is designed to expand - to a compile time constant whenever possible but will expand to - conditional clauses on some branches (I am grateful to Frank - Yellin for this construction) -*/ - -#define fwd_var(x,r,c)\ - ( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\ - : r == 1 ? ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0))\ - : r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\ - : ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2))) - -#if defined(FT4_SET) -#undef dec_fmvars -#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,n),fwd_var,rf1,c)) -#elif defined(FT1_SET) -#undef dec_fmvars -#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(f,n),fwd_var,rf1,c)) -#else -#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ fwd_mcol(no_table(x,t_use(s,box),fwd_var,rf1,c))) -#endif - -#if defined(FL4_SET) -#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,l),fwd_var,rf1,c)) -#elif defined(FL1_SET) -#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(f,l),fwd_var,rf1,c)) -#else -#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(s,box),fwd_var,rf1,c)) -#endif - -AES_RETURN aes_encrypt(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1]) -{ uint_32t locals(b0, b1); - const uint_32t *kp; -#if defined( dec_fmvars ) - dec_fmvars; /* declare variables for fwd_mcol() if needed */ -#endif - - if( cx->inf.b[0] != 10 * 16 && cx->inf.b[0] != 12 * 16 && cx->inf.b[0] != 14 * 16 ) - return EXIT_FAILURE; - - kp = cx->ks; - state_in(b0, in, kp); - -#if (ENC_UNROLL == FULL) - - switch(cx->inf.b[0]) - { - case 14 * 16: - round(fwd_rnd, b1, b0, kp + 1 * N_COLS); - round(fwd_rnd, b0, b1, kp + 2 * N_COLS); - kp += 2 * N_COLS; - case 12 * 16: - round(fwd_rnd, b1, b0, kp + 1 * N_COLS); - round(fwd_rnd, b0, b1, kp + 2 * N_COLS); - kp += 2 * N_COLS; - case 10 * 16: - round(fwd_rnd, b1, b0, kp + 1 * N_COLS); - round(fwd_rnd, b0, b1, kp + 2 * N_COLS); - round(fwd_rnd, b1, b0, kp + 3 * N_COLS); - round(fwd_rnd, b0, b1, kp + 4 * N_COLS); - round(fwd_rnd, b1, b0, kp + 5 * N_COLS); - round(fwd_rnd, b0, b1, kp + 6 * N_COLS); - round(fwd_rnd, b1, b0, kp + 7 * N_COLS); - round(fwd_rnd, b0, b1, kp + 8 * N_COLS); - round(fwd_rnd, b1, b0, kp + 9 * N_COLS); - round(fwd_lrnd, b0, b1, kp +10 * N_COLS); - } - -#else - -#if (ENC_UNROLL == PARTIAL) - { uint_32t rnd; - for(rnd = 0; rnd < (cx->inf.b[0] >> 5) - 1; ++rnd) - { - kp += N_COLS; - round(fwd_rnd, b1, b0, kp); - kp += N_COLS; - round(fwd_rnd, b0, b1, kp); - } - kp += N_COLS; - round(fwd_rnd, b1, b0, kp); -#else - { uint_32t rnd; - for(rnd = 0; rnd < (cx->inf.b[0] >> 4) - 1; ++rnd) - { - kp += N_COLS; - round(fwd_rnd, b1, b0, kp); - l_copy(b0, b1); - } -#endif - kp += N_COLS; - round(fwd_lrnd, b0, b1, kp); - } -#endif - - state_out(out, b0); - return EXIT_SUCCESS; -} - -#endif - -#if ( FUNCS_IN_C & DECRYPTION_IN_C) - -/* Visual C++ .Net v7.1 provides the fastest encryption code when using - Pentium optimiation with small code but this is poor for decryption - so we need to control this with the following VC++ pragmas -*/ - -#if defined( _MSC_VER ) && !defined( _WIN64 ) -#pragma optimize( "t", on ) -#endif - -/* Given the column (c) of the output state variable, the following - macros give the input state variables which are needed in its - computation for each row (r) of the state. All the alternative - macros give the same end values but expand into different ways - of calculating these values. In particular the complex macro - used for dynamically variable block sizes is designed to expand - to a compile time constant whenever possible but will expand to - conditional clauses on some branches (I am grateful to Frank - Yellin for this construction) -*/ - -#define inv_var(x,r,c)\ - ( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\ - : r == 1 ? ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2))\ - : r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\ - : ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0))) - -#if defined(IT4_SET) -#undef dec_imvars -#define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,n),inv_var,rf1,c)) -#elif defined(IT1_SET) -#undef dec_imvars -#define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(i,n),inv_var,rf1,c)) -#else -#define inv_rnd(y,x,k,c) (s(y,c) = inv_mcol((k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c))) -#endif - -#if defined(IL4_SET) -#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,l),inv_var,rf1,c)) -#elif defined(IL1_SET) -#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(i,l),inv_var,rf1,c)) -#else -#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c)) -#endif - -/* This code can work with the decryption key schedule in the */ -/* order that is used for encrytpion (where the 1st decryption */ -/* round key is at the high end ot the schedule) or with a key */ -/* schedule that has been reversed to put the 1st decryption */ -/* round key at the low end of the schedule in memory (when */ -/* AES_REV_DKS is defined) */ - -#ifdef AES_REV_DKS -#define key_ofs 0 -#define rnd_key(n) (kp + n * N_COLS) -#else -#define key_ofs 1 -#define rnd_key(n) (kp - n * N_COLS) -#endif - -AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out, const aes_decrypt_ctx cx[1]) -{ uint_32t locals(b0, b1); -#if defined( dec_imvars ) - dec_imvars; /* declare variables for inv_mcol() if needed */ -#endif - const uint_32t *kp; - - if( cx->inf.b[0] != 10 * 16 && cx->inf.b[0] != 12 * 16 && cx->inf.b[0] != 14 * 16 ) - return EXIT_FAILURE; - - kp = cx->ks + (key_ofs ? (cx->inf.b[0] >> 2) : 0); - state_in(b0, in, kp); - -#if (DEC_UNROLL == FULL) - - kp = cx->ks + (key_ofs ? 0 : (cx->inf.b[0] >> 2)); - switch(cx->inf.b[0]) - { - case 14 * 16: - round(inv_rnd, b1, b0, rnd_key(-13)); - round(inv_rnd, b0, b1, rnd_key(-12)); - case 12 * 16: - round(inv_rnd, b1, b0, rnd_key(-11)); - round(inv_rnd, b0, b1, rnd_key(-10)); - case 10 * 16: - round(inv_rnd, b1, b0, rnd_key(-9)); - round(inv_rnd, b0, b1, rnd_key(-8)); - round(inv_rnd, b1, b0, rnd_key(-7)); - round(inv_rnd, b0, b1, rnd_key(-6)); - round(inv_rnd, b1, b0, rnd_key(-5)); - round(inv_rnd, b0, b1, rnd_key(-4)); - round(inv_rnd, b1, b0, rnd_key(-3)); - round(inv_rnd, b0, b1, rnd_key(-2)); - round(inv_rnd, b1, b0, rnd_key(-1)); - round(inv_lrnd, b0, b1, rnd_key( 0)); - } - -#else - -#if (DEC_UNROLL == PARTIAL) - { uint_32t rnd; - for(rnd = 0; rnd < (cx->inf.b[0] >> 5) - 1; ++rnd) - { - kp = rnd_key(1); - round(inv_rnd, b1, b0, kp); - kp = rnd_key(1); - round(inv_rnd, b0, b1, kp); - } - kp = rnd_key(1); - round(inv_rnd, b1, b0, kp); -#else - { uint_32t rnd; - for(rnd = 0; rnd < (cx->inf.b[0] >> 4) - 1; ++rnd) - { - kp = rnd_key(1); - round(inv_rnd, b1, b0, kp); - l_copy(b0, b1); - } -#endif - kp = rnd_key(1); - round(inv_lrnd, b0, b1, kp); - } -#endif - - state_out(out, b0); - return EXIT_SUCCESS; -} - -#endif - -#if defined(__cplusplus) -} -#endif diff --git a/src/java/kp2akeytransform/jni/aes/aeskey.c b/src/java/kp2akeytransform/jni/aes/aeskey.c deleted file mode 100644 index fb122b244..000000000 --- a/src/java/kp2akeytransform/jni/aes/aeskey.c +++ /dev/null @@ -1,555 +0,0 @@ -/* - --------------------------------------------------------------------------- - Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved. - - LICENSE TERMS - - The redistribution and use of this software (with or without changes) - is allowed without the payment of fees or royalties provided that: - - 1. source code distributions include the above copyright notice, this - list of conditions and the following disclaimer; - - 2. binary distributions include the above copyright notice, this list - of conditions and the following disclaimer in their documentation; - - 3. the name of the copyright holder is not used to endorse products - built using this software without specific written permission. - - DISCLAIMER - - This software is provided 'as is' with no explicit or implied warranties - in respect of its properties, including, but not limited to, correctness - and/or fitness for purpose. - --------------------------------------------------------------------------- - Issue Date: 20/12/2007 -*/ - -#include "aesopt.h" -#include "aestab.h" - -#ifdef USE_VIA_ACE_IF_PRESENT -# include "aes_via_ace.h" -#endif - -#if defined(__cplusplus) -extern "C" -{ -#endif - -/* Initialise the key schedule from the user supplied key. The key - length can be specified in bytes, with legal values of 16, 24 - and 32, or in bits, with legal values of 128, 192 and 256. These - values correspond with Nk values of 4, 6 and 8 respectively. - - The following macros implement a single cycle in the key - schedule generation process. The number of cycles needed - for each cx->n_col and nk value is: - - nk = 4 5 6 7 8 - ------------------------------ - cx->n_col = 4 10 9 8 7 7 - cx->n_col = 5 14 11 10 9 9 - cx->n_col = 6 19 15 12 11 11 - cx->n_col = 7 21 19 16 13 14 - cx->n_col = 8 29 23 19 17 14 -*/ - -#if defined( REDUCE_CODE_SIZE ) -# define ls_box ls_sub - uint_32t ls_sub(const uint_32t t, const uint_32t n); -# define inv_mcol im_sub - uint_32t im_sub(const uint_32t x); -# ifdef ENC_KS_UNROLL -# undef ENC_KS_UNROLL -# endif -# ifdef DEC_KS_UNROLL -# undef DEC_KS_UNROLL -# endif -#endif - -#if (FUNCS_IN_C & ENC_KEYING_IN_C) - -#if defined(AES_128) || defined( AES_VAR ) - -#define ke4(k,i) \ -{ k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; \ - k[4*(i)+5] = ss[1] ^= ss[0]; \ - k[4*(i)+6] = ss[2] ^= ss[1]; \ - k[4*(i)+7] = ss[3] ^= ss[2]; \ -} - -AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1]) -{ uint_32t ss[4]; - - cx->ks[0] = ss[0] = word_in(key, 0); - cx->ks[1] = ss[1] = word_in(key, 1); - cx->ks[2] = ss[2] = word_in(key, 2); - cx->ks[3] = ss[3] = word_in(key, 3); - -#ifdef ENC_KS_UNROLL - ke4(cx->ks, 0); ke4(cx->ks, 1); - ke4(cx->ks, 2); ke4(cx->ks, 3); - ke4(cx->ks, 4); ke4(cx->ks, 5); - ke4(cx->ks, 6); ke4(cx->ks, 7); - ke4(cx->ks, 8); -#else - { uint_32t i; - for(i = 0; i < 9; ++i) - ke4(cx->ks, i); - } -#endif - ke4(cx->ks, 9); - cx->inf.l = 0; - cx->inf.b[0] = 10 * 16; - -#ifdef USE_VIA_ACE_IF_PRESENT - if(VIA_ACE_AVAILABLE) - cx->inf.b[1] = 0xff; -#endif - return EXIT_SUCCESS; -} - -#endif - -#if defined(AES_192) || defined( AES_VAR ) - -#define kef6(k,i) \ -{ k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; \ - k[6*(i)+ 7] = ss[1] ^= ss[0]; \ - k[6*(i)+ 8] = ss[2] ^= ss[1]; \ - k[6*(i)+ 9] = ss[3] ^= ss[2]; \ -} - -#define ke6(k,i) \ -{ kef6(k,i); \ - k[6*(i)+10] = ss[4] ^= ss[3]; \ - k[6*(i)+11] = ss[5] ^= ss[4]; \ -} - -AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1]) -{ uint_32t ss[6]; - - cx->ks[0] = ss[0] = word_in(key, 0); - cx->ks[1] = ss[1] = word_in(key, 1); - cx->ks[2] = ss[2] = word_in(key, 2); - cx->ks[3] = ss[3] = word_in(key, 3); - cx->ks[4] = ss[4] = word_in(key, 4); - cx->ks[5] = ss[5] = word_in(key, 5); - -#ifdef ENC_KS_UNROLL - ke6(cx->ks, 0); ke6(cx->ks, 1); - ke6(cx->ks, 2); ke6(cx->ks, 3); - ke6(cx->ks, 4); ke6(cx->ks, 5); - ke6(cx->ks, 6); -#else - { uint_32t i; - for(i = 0; i < 7; ++i) - ke6(cx->ks, i); - } -#endif - kef6(cx->ks, 7); - cx->inf.l = 0; - cx->inf.b[0] = 12 * 16; - -#ifdef USE_VIA_ACE_IF_PRESENT - if(VIA_ACE_AVAILABLE) - cx->inf.b[1] = 0xff; -#endif - return EXIT_SUCCESS; -} - -#endif - -#if defined(AES_256) || defined( AES_VAR ) - -#define kef8(k,i) \ -{ k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; \ - k[8*(i)+ 9] = ss[1] ^= ss[0]; \ - k[8*(i)+10] = ss[2] ^= ss[1]; \ - k[8*(i)+11] = ss[3] ^= ss[2]; \ -} - -#define ke8(k,i) \ -{ kef8(k,i); \ - k[8*(i)+12] = ss[4] ^= ls_box(ss[3],0); \ - k[8*(i)+13] = ss[5] ^= ss[4]; \ - k[8*(i)+14] = ss[6] ^= ss[5]; \ - k[8*(i)+15] = ss[7] ^= ss[6]; \ -} - -AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]) -{ uint_32t ss[8]; - - cx->ks[0] = ss[0] = word_in(key, 0); - cx->ks[1] = ss[1] = word_in(key, 1); - cx->ks[2] = ss[2] = word_in(key, 2); - cx->ks[3] = ss[3] = word_in(key, 3); - cx->ks[4] = ss[4] = word_in(key, 4); - cx->ks[5] = ss[5] = word_in(key, 5); - cx->ks[6] = ss[6] = word_in(key, 6); - cx->ks[7] = ss[7] = word_in(key, 7); - -#ifdef ENC_KS_UNROLL - ke8(cx->ks, 0); ke8(cx->ks, 1); - ke8(cx->ks, 2); ke8(cx->ks, 3); - ke8(cx->ks, 4); ke8(cx->ks, 5); -#else - { uint_32t i; - for(i = 0; i < 6; ++i) - ke8(cx->ks, i); - } -#endif - kef8(cx->ks, 6); - cx->inf.l = 0; - cx->inf.b[0] = 14 * 16; - -#ifdef USE_VIA_ACE_IF_PRESENT - if(VIA_ACE_AVAILABLE) - cx->inf.b[1] = 0xff; -#endif - return EXIT_SUCCESS; -} - -#endif - -#if defined( AES_VAR ) - -AES_RETURN aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1]) -{ - switch(key_len) - { - case 16: case 128: return aes_encrypt_key128(key, cx); - case 24: case 192: return aes_encrypt_key192(key, cx); - case 32: case 256: return aes_encrypt_key256(key, cx); - default: return EXIT_FAILURE; - } -} - -#endif - -#endif - -#if (FUNCS_IN_C & DEC_KEYING_IN_C) - -/* this is used to store the decryption round keys */ -/* in forward or reverse order */ - -#ifdef AES_REV_DKS -#define v(n,i) ((n) - (i) + 2 * ((i) & 3)) -#else -#define v(n,i) (i) -#endif - -#if DEC_ROUND == NO_TABLES -#define ff(x) (x) -#else -#define ff(x) inv_mcol(x) -#if defined( dec_imvars ) -#define d_vars dec_imvars -#endif -#endif - -#if defined(AES_128) || defined( AES_VAR ) - -#define k4e(k,i) \ -{ k[v(40,(4*(i))+4)] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; \ - k[v(40,(4*(i))+5)] = ss[1] ^= ss[0]; \ - k[v(40,(4*(i))+6)] = ss[2] ^= ss[1]; \ - k[v(40,(4*(i))+7)] = ss[3] ^= ss[2]; \ -} - -#if 1 - -#define kdf4(k,i) \ -{ ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; \ - ss[1] = ss[1] ^ ss[3]; \ - ss[2] = ss[2] ^ ss[3]; \ - ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; \ - ss[i % 4] ^= ss[4]; \ - ss[4] ^= k[v(40,(4*(i)))]; k[v(40,(4*(i))+4)] = ff(ss[4]); \ - ss[4] ^= k[v(40,(4*(i))+1)]; k[v(40,(4*(i))+5)] = ff(ss[4]); \ - ss[4] ^= k[v(40,(4*(i))+2)]; k[v(40,(4*(i))+6)] = ff(ss[4]); \ - ss[4] ^= k[v(40,(4*(i))+3)]; k[v(40,(4*(i))+7)] = ff(ss[4]); \ -} - -#define kd4(k,i) \ -{ ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; \ - ss[i % 4] ^= ss[4]; ss[4] = ff(ss[4]); \ - k[v(40,(4*(i))+4)] = ss[4] ^= k[v(40,(4*(i)))]; \ - k[v(40,(4*(i))+5)] = ss[4] ^= k[v(40,(4*(i))+1)]; \ - k[v(40,(4*(i))+6)] = ss[4] ^= k[v(40,(4*(i))+2)]; \ - k[v(40,(4*(i))+7)] = ss[4] ^= k[v(40,(4*(i))+3)]; \ -} - -#define kdl4(k,i) \ -{ ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \ - k[v(40,(4*(i))+4)] = (ss[0] ^= ss[1]) ^ ss[2] ^ ss[3]; \ - k[v(40,(4*(i))+5)] = ss[1] ^ ss[3]; \ - k[v(40,(4*(i))+6)] = ss[0]; \ - k[v(40,(4*(i))+7)] = ss[1]; \ -} - -#else - -#define kdf4(k,i) \ -{ ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[v(40,(4*(i))+ 4)] = ff(ss[0]); \ - ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ff(ss[1]); \ - ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ff(ss[2]); \ - ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ff(ss[3]); \ -} - -#define kd4(k,i) \ -{ ss[4] = ls_box(ss[3],3) ^ t_use(r,c)[i]; \ - ss[0] ^= ss[4]; ss[4] = ff(ss[4]); k[v(40,(4*(i))+ 4)] = ss[4] ^= k[v(40,(4*(i)))]; \ - ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ss[4] ^= k[v(40,(4*(i))+ 1)]; \ - ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ss[4] ^= k[v(40,(4*(i))+ 2)]; \ - ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ss[4] ^= k[v(40,(4*(i))+ 3)]; \ -} - -#define kdl4(k,i) \ -{ ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[v(40,(4*(i))+ 4)] = ss[0]; \ - ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ss[1]; \ - ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ss[2]; \ - ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ss[3]; \ -} - -#endif - -AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1]) -{ uint_32t ss[5]; -#if defined( d_vars ) - d_vars; -#endif - cx->ks[v(40,(0))] = ss[0] = word_in(key, 0); - cx->ks[v(40,(1))] = ss[1] = word_in(key, 1); - cx->ks[v(40,(2))] = ss[2] = word_in(key, 2); - cx->ks[v(40,(3))] = ss[3] = word_in(key, 3); - -#ifdef DEC_KS_UNROLL - kdf4(cx->ks, 0); kd4(cx->ks, 1); - kd4(cx->ks, 2); kd4(cx->ks, 3); - kd4(cx->ks, 4); kd4(cx->ks, 5); - kd4(cx->ks, 6); kd4(cx->ks, 7); - kd4(cx->ks, 8); kdl4(cx->ks, 9); -#else - { uint_32t i; - for(i = 0; i < 10; ++i) - k4e(cx->ks, i); -#if !(DEC_ROUND == NO_TABLES) - for(i = N_COLS; i < 10 * N_COLS; ++i) - cx->ks[i] = inv_mcol(cx->ks[i]); -#endif - } -#endif - cx->inf.l = 0; - cx->inf.b[0] = 10 * 16; - -#ifdef USE_VIA_ACE_IF_PRESENT - if(VIA_ACE_AVAILABLE) - cx->inf.b[1] = 0xff; -#endif - return EXIT_SUCCESS; -} - -#endif - -#if defined(AES_192) || defined( AES_VAR ) - -#define k6ef(k,i) \ -{ k[v(48,(6*(i))+ 6)] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; \ - k[v(48,(6*(i))+ 7)] = ss[1] ^= ss[0]; \ - k[v(48,(6*(i))+ 8)] = ss[2] ^= ss[1]; \ - k[v(48,(6*(i))+ 9)] = ss[3] ^= ss[2]; \ -} - -#define k6e(k,i) \ -{ k6ef(k,i); \ - k[v(48,(6*(i))+10)] = ss[4] ^= ss[3]; \ - k[v(48,(6*(i))+11)] = ss[5] ^= ss[4]; \ -} - -#define kdf6(k,i) \ -{ ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[v(48,(6*(i))+ 6)] = ff(ss[0]); \ - ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ff(ss[1]); \ - ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ff(ss[2]); \ - ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ff(ss[3]); \ - ss[4] ^= ss[3]; k[v(48,(6*(i))+10)] = ff(ss[4]); \ - ss[5] ^= ss[4]; k[v(48,(6*(i))+11)] = ff(ss[5]); \ -} - -#define kd6(k,i) \ -{ ss[6] = ls_box(ss[5],3) ^ t_use(r,c)[i]; \ - ss[0] ^= ss[6]; ss[6] = ff(ss[6]); k[v(48,(6*(i))+ 6)] = ss[6] ^= k[v(48,(6*(i)))]; \ - ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ss[6] ^= k[v(48,(6*(i))+ 1)]; \ - ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ss[6] ^= k[v(48,(6*(i))+ 2)]; \ - ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[6] ^= k[v(48,(6*(i))+ 3)]; \ - ss[4] ^= ss[3]; k[v(48,(6*(i))+10)] = ss[6] ^= k[v(48,(6*(i))+ 4)]; \ - ss[5] ^= ss[4]; k[v(48,(6*(i))+11)] = ss[6] ^= k[v(48,(6*(i))+ 5)]; \ -} - -#define kdl6(k,i) \ -{ ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[v(48,(6*(i))+ 6)] = ss[0]; \ - ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ss[1]; \ - ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ss[2]; \ - ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[3]; \ -} - -AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1]) -{ uint_32t ss[7]; -#if defined( d_vars ) - d_vars; -#endif - cx->ks[v(48,(0))] = ss[0] = word_in(key, 0); - cx->ks[v(48,(1))] = ss[1] = word_in(key, 1); - cx->ks[v(48,(2))] = ss[2] = word_in(key, 2); - cx->ks[v(48,(3))] = ss[3] = word_in(key, 3); - -#ifdef DEC_KS_UNROLL - cx->ks[v(48,(4))] = ff(ss[4] = word_in(key, 4)); - cx->ks[v(48,(5))] = ff(ss[5] = word_in(key, 5)); - kdf6(cx->ks, 0); kd6(cx->ks, 1); - kd6(cx->ks, 2); kd6(cx->ks, 3); - kd6(cx->ks, 4); kd6(cx->ks, 5); - kd6(cx->ks, 6); kdl6(cx->ks, 7); -#else - cx->ks[v(48,(4))] = ss[4] = word_in(key, 4); - cx->ks[v(48,(5))] = ss[5] = word_in(key, 5); - { uint_32t i; - - for(i = 0; i < 7; ++i) - k6e(cx->ks, i); - k6ef(cx->ks, 7); -#if !(DEC_ROUND == NO_TABLES) - for(i = N_COLS; i < 12 * N_COLS; ++i) - cx->ks[i] = inv_mcol(cx->ks[i]); -#endif - } -#endif - cx->inf.l = 0; - cx->inf.b[0] = 12 * 16; - -#ifdef USE_VIA_ACE_IF_PRESENT - if(VIA_ACE_AVAILABLE) - cx->inf.b[1] = 0xff; -#endif - return EXIT_SUCCESS; -} - -#endif - -#if defined(AES_256) || defined( AES_VAR ) - -#define k8ef(k,i) \ -{ k[v(56,(8*(i))+ 8)] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; \ - k[v(56,(8*(i))+ 9)] = ss[1] ^= ss[0]; \ - k[v(56,(8*(i))+10)] = ss[2] ^= ss[1]; \ - k[v(56,(8*(i))+11)] = ss[3] ^= ss[2]; \ -} - -#define k8e(k,i) \ -{ k8ef(k,i); \ - k[v(56,(8*(i))+12)] = ss[4] ^= ls_box(ss[3],0); \ - k[v(56,(8*(i))+13)] = ss[5] ^= ss[4]; \ - k[v(56,(8*(i))+14)] = ss[6] ^= ss[5]; \ - k[v(56,(8*(i))+15)] = ss[7] ^= ss[6]; \ -} - -#define kdf8(k,i) \ -{ ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[v(56,(8*(i))+ 8)] = ff(ss[0]); \ - ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ff(ss[1]); \ - ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ff(ss[2]); \ - ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ff(ss[3]); \ - ss[4] ^= ls_box(ss[3],0); k[v(56,(8*(i))+12)] = ff(ss[4]); \ - ss[5] ^= ss[4]; k[v(56,(8*(i))+13)] = ff(ss[5]); \ - ss[6] ^= ss[5]; k[v(56,(8*(i))+14)] = ff(ss[6]); \ - ss[7] ^= ss[6]; k[v(56,(8*(i))+15)] = ff(ss[7]); \ -} - -#define kd8(k,i) \ -{ ss[8] = ls_box(ss[7],3) ^ t_use(r,c)[i]; \ - ss[0] ^= ss[8]; ss[8] = ff(ss[8]); k[v(56,(8*(i))+ 8)] = ss[8] ^= k[v(56,(8*(i)))]; \ - ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ss[8] ^= k[v(56,(8*(i))+ 1)]; \ - ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ss[8] ^= k[v(56,(8*(i))+ 2)]; \ - ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[8] ^= k[v(56,(8*(i))+ 3)]; \ - ss[8] = ls_box(ss[3],0); \ - ss[4] ^= ss[8]; ss[8] = ff(ss[8]); k[v(56,(8*(i))+12)] = ss[8] ^= k[v(56,(8*(i))+ 4)]; \ - ss[5] ^= ss[4]; k[v(56,(8*(i))+13)] = ss[8] ^= k[v(56,(8*(i))+ 5)]; \ - ss[6] ^= ss[5]; k[v(56,(8*(i))+14)] = ss[8] ^= k[v(56,(8*(i))+ 6)]; \ - ss[7] ^= ss[6]; k[v(56,(8*(i))+15)] = ss[8] ^= k[v(56,(8*(i))+ 7)]; \ -} - -#define kdl8(k,i) \ -{ ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[v(56,(8*(i))+ 8)] = ss[0]; \ - ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ss[1]; \ - ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ss[2]; \ - ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[3]; \ -} - -AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]) -{ uint_32t ss[9]; -#if defined( d_vars ) - d_vars; -#endif - cx->ks[v(56,(0))] = ss[0] = word_in(key, 0); - cx->ks[v(56,(1))] = ss[1] = word_in(key, 1); - cx->ks[v(56,(2))] = ss[2] = word_in(key, 2); - cx->ks[v(56,(3))] = ss[3] = word_in(key, 3); - -#ifdef DEC_KS_UNROLL - cx->ks[v(56,(4))] = ff(ss[4] = word_in(key, 4)); - cx->ks[v(56,(5))] = ff(ss[5] = word_in(key, 5)); - cx->ks[v(56,(6))] = ff(ss[6] = word_in(key, 6)); - cx->ks[v(56,(7))] = ff(ss[7] = word_in(key, 7)); - kdf8(cx->ks, 0); kd8(cx->ks, 1); - kd8(cx->ks, 2); kd8(cx->ks, 3); - kd8(cx->ks, 4); kd8(cx->ks, 5); - kdl8(cx->ks, 6); -#else - cx->ks[v(56,(4))] = ss[4] = word_in(key, 4); - cx->ks[v(56,(5))] = ss[5] = word_in(key, 5); - cx->ks[v(56,(6))] = ss[6] = word_in(key, 6); - cx->ks[v(56,(7))] = ss[7] = word_in(key, 7); - { uint_32t i; - - for(i = 0; i < 6; ++i) - k8e(cx->ks, i); - k8ef(cx->ks, 6); -#if !(DEC_ROUND == NO_TABLES) - for(i = N_COLS; i < 14 * N_COLS; ++i) - cx->ks[i] = inv_mcol(cx->ks[i]); -#endif - } -#endif - cx->inf.l = 0; - cx->inf.b[0] = 14 * 16; - -#ifdef USE_VIA_ACE_IF_PRESENT - if(VIA_ACE_AVAILABLE) - cx->inf.b[1] = 0xff; -#endif - return EXIT_SUCCESS; -} - -#endif - -#if defined( AES_VAR ) - -AES_RETURN aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1]) -{ - switch(key_len) - { - case 16: case 128: return aes_decrypt_key128(key, cx); - case 24: case 192: return aes_decrypt_key192(key, cx); - case 32: case 256: return aes_decrypt_key256(key, cx); - default: return EXIT_FAILURE; - } -} - -#endif - -#endif - -#if defined(__cplusplus) -} -#endif diff --git a/src/java/kp2akeytransform/jni/aes/aesopt.h b/src/java/kp2akeytransform/jni/aes/aesopt.h deleted file mode 100644 index 3c77b87f6..000000000 --- a/src/java/kp2akeytransform/jni/aes/aesopt.h +++ /dev/null @@ -1,747 +0,0 @@ -/* - --------------------------------------------------------------------------- - Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved. - - LICENSE TERMS - - The redistribution and use of this software (with or without changes) - is allowed without the payment of fees or royalties provided that: - - 1. source code distributions include the above copyright notice, this - list of conditions and the following disclaimer; - - 2. binary distributions include the above copyright notice, this list - of conditions and the following disclaimer in their documentation; - - 3. the name of the copyright holder is not used to endorse products - built using this software without specific written permission. - - DISCLAIMER - - This software is provided 'as is' with no explicit or implied warranties - in respect of its properties, including, but not limited to, correctness - and/or fitness for purpose. - --------------------------------------------------------------------------- - Issue Date: 20/12/2007 - - This file contains the compilation options for AES (Rijndael) and code - that is common across encryption, key scheduling and table generation. - - OPERATION - - These source code files implement the AES algorithm Rijndael designed by - Joan Daemen and Vincent Rijmen. This version is designed for the standard - block size of 16 bytes and for key sizes of 128, 192 and 256 bits (16, 24 - and 32 bytes). - - This version is designed for flexibility and speed using operations on - 32-bit words rather than operations on bytes. It can be compiled with - either big or little endian internal byte order but is faster when the - native byte order for the processor is used. - - THE CIPHER INTERFACE - - The cipher interface is implemented as an array of bytes in which lower - AES bit sequence indexes map to higher numeric significance within bytes. - - uint_8t (an unsigned 8-bit type) - uint_32t (an unsigned 32-bit type) - struct aes_encrypt_ctx (structure for the cipher encryption context) - struct aes_decrypt_ctx (structure for the cipher decryption context) - AES_RETURN the function return type - - C subroutine calls: - - AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1]); - AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1]); - AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]); - AES_RETURN aes_encrypt(const unsigned char *in, unsigned char *out, - const aes_encrypt_ctx cx[1]); - - AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1]); - AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1]); - AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]); - AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out, - const aes_decrypt_ctx cx[1]); - - IMPORTANT NOTE: If you are using this C interface with dynamic tables make sure that - you call aes_init() before AES is used so that the tables are initialised. - - C++ aes class subroutines: - - Class AESencrypt for encryption - - Construtors: - AESencrypt(void) - AESencrypt(const unsigned char *key) - 128 bit key - Members: - AES_RETURN key128(const unsigned char *key) - AES_RETURN key192(const unsigned char *key) - AES_RETURN key256(const unsigned char *key) - AES_RETURN encrypt(const unsigned char *in, unsigned char *out) const - - Class AESdecrypt for encryption - Construtors: - AESdecrypt(void) - AESdecrypt(const unsigned char *key) - 128 bit key - Members: - AES_RETURN key128(const unsigned char *key) - AES_RETURN key192(const unsigned char *key) - AES_RETURN key256(const unsigned char *key) - AES_RETURN decrypt(const unsigned char *in, unsigned char *out) const -*/ - -#if !defined( _AESOPT_H ) -#define _AESOPT_H - -#if defined( __cplusplus ) -#include "aescpp.h" -#else -#include "aes.h" -#endif - -/* PLATFORM SPECIFIC INCLUDES */ - -#include "brg_endian.h" - -/* CONFIGURATION - THE USE OF DEFINES - - Later in this section there are a number of defines that control the - operation of the code. In each section, the purpose of each define is - explained so that the relevant form can be included or excluded by - setting either 1's or 0's respectively on the branches of the related - #if clauses. The following local defines should not be changed. -*/ - -#define ENCRYPTION_IN_C 1 -#define DECRYPTION_IN_C 2 -#define ENC_KEYING_IN_C 4 -#define DEC_KEYING_IN_C 8 - -#define NO_TABLES 0 -#define ONE_TABLE 1 -#define FOUR_TABLES 4 -#define NONE 0 -#define PARTIAL 1 -#define FULL 2 - -/* --- START OF USER CONFIGURED OPTIONS --- */ - -/* 1. BYTE ORDER WITHIN 32 BIT WORDS - - The fundamental data processing units in Rijndael are 8-bit bytes. The - input, output and key input are all enumerated arrays of bytes in which - bytes are numbered starting at zero and increasing to one less than the - number of bytes in the array in question. This enumeration is only used - for naming bytes and does not imply any adjacency or order relationship - from one byte to another. When these inputs and outputs are considered - as bit sequences, bits 8*n to 8*n+7 of the bit sequence are mapped to - byte[n] with bit 8n+i in the sequence mapped to bit 7-i within the byte. - In this implementation bits are numbered from 0 to 7 starting at the - numerically least significant end of each byte (bit n represents 2^n). - - However, Rijndael can be implemented more efficiently using 32-bit - words by packing bytes into words so that bytes 4*n to 4*n+3 are placed - into word[n]. While in principle these bytes can be assembled into words - in any positions, this implementation only supports the two formats in - which bytes in adjacent positions within words also have adjacent byte - numbers. This order is called big-endian if the lowest numbered bytes - in words have the highest numeric significance and little-endian if the - opposite applies. - - This code can work in either order irrespective of the order used by the - machine on which it runs. Normally the internal byte order will be set - to the order of the processor on which the code is to be run but this - define can be used to reverse this in special situations - - WARNING: Assembler code versions rely on PLATFORM_BYTE_ORDER being set. - This define will hence be redefined later (in section 4) if necessary -*/ - -#if 1 -# define ALGORITHM_BYTE_ORDER PLATFORM_BYTE_ORDER -#elif 0 -# define ALGORITHM_BYTE_ORDER IS_LITTLE_ENDIAN -#elif 0 -# define ALGORITHM_BYTE_ORDER IS_BIG_ENDIAN -#else -# error The algorithm byte order is not defined -#endif - -/* 2. VIA ACE SUPPORT */ - -#if defined( __GNUC__ ) && defined( __i386__ ) \ - || defined( _WIN32 ) && defined( _M_IX86 ) \ - && !(defined( _WIN64 ) || defined( _WIN32_WCE ) || defined( _MSC_VER ) && ( _MSC_VER <= 800 )) -# define VIA_ACE_POSSIBLE -#endif - -/* Define this option if support for the VIA ACE is required. This uses - inline assembler instructions and is only implemented for the Microsoft, - Intel and GCC compilers. If VIA ACE is known to be present, then defining - ASSUME_VIA_ACE_PRESENT will remove the ordinary encryption/decryption - code. If USE_VIA_ACE_IF_PRESENT is defined then VIA ACE will be used if - it is detected (both present and enabled) but the normal AES code will - also be present. - - When VIA ACE is to be used, all AES encryption contexts MUST be 16 byte - aligned; other input/output buffers do not need to be 16 byte aligned - but there are very large performance gains if this can be arranged. - VIA ACE also requires the decryption key schedule to be in reverse - order (which later checks below ensure). -*/ - -/* Disable VIA ACE cpu detection which crashes on x86 android devices */ -#if 0 && defined( VIA_ACE_POSSIBLE ) && !defined( USE_VIA_ACE_IF_PRESENT ) -# define USE_VIA_ACE_IF_PRESENT -#endif - -#if 0 && defined( VIA_ACE_POSSIBLE ) && !defined( ASSUME_VIA_ACE_PRESENT ) -# define ASSUME_VIA_ACE_PRESENT -# endif - -/* 3. ASSEMBLER SUPPORT - - This define (which can be on the command line) enables the use of the - assembler code routines for encryption, decryption and key scheduling - as follows: - - ASM_X86_V1C uses the assembler (aes_x86_v1.asm) with large tables for - encryption and decryption and but with key scheduling in C - ASM_X86_V2 uses assembler (aes_x86_v2.asm) with compressed tables for - encryption, decryption and key scheduling - ASM_X86_V2C uses assembler (aes_x86_v2.asm) with compressed tables for - encryption and decryption and but with key scheduling in C - ASM_AMD64_C uses assembler (aes_amd64.asm) with compressed tables for - encryption and decryption and but with key scheduling in C - - Change one 'if 0' below to 'if 1' to select the version or define - as a compilation option. -*/ - -#if 0 && !defined( ASM_X86_V1C ) -# define ASM_X86_V1C -#elif 0 && !defined( ASM_X86_V2 ) -# define ASM_X86_V2 -#elif 0 && !defined( ASM_X86_V2C ) -# define ASM_X86_V2C -#elif 0 && !defined( ASM_AMD64_C ) -# define ASM_AMD64_C -#endif - -#if (defined ( ASM_X86_V1C ) || defined( ASM_X86_V2 ) || defined( ASM_X86_V2C )) \ - && !defined( _M_IX86 ) || defined( ASM_AMD64_C ) && !defined( _M_X64 ) -# error Assembler code is only available for x86 and AMD64 systems -#endif - -/* 4. FAST INPUT/OUTPUT OPERATIONS. - - On some machines it is possible to improve speed by transferring the - bytes in the input and output arrays to and from the internal 32-bit - variables by addressing these arrays as if they are arrays of 32-bit - words. On some machines this will always be possible but there may - be a large performance penalty if the byte arrays are not aligned on - the normal word boundaries. On other machines this technique will - lead to memory access errors when such 32-bit word accesses are not - properly aligned. The option SAFE_IO avoids such problems but will - often be slower on those machines that support misaligned access - (especially so if care is taken to align the input and output byte - arrays on 32-bit word boundaries). If SAFE_IO is not defined it is - assumed that access to byte arrays as if they are arrays of 32-bit - words will not cause problems when such accesses are misaligned. -*/ -#if 1 && !defined( _MSC_VER ) -# define SAFE_IO -#endif - -/* 5. LOOP UNROLLING - - The code for encryption and decrytpion cycles through a number of rounds - that can be implemented either in a loop or by expanding the code into a - long sequence of instructions, the latter producing a larger program but - one that will often be much faster. The latter is called loop unrolling. - There are also potential speed advantages in expanding two iterations in - a loop with half the number of iterations, which is called partial loop - unrolling. The following options allow partial or full loop unrolling - to be set independently for encryption and decryption -*/ -#if 1 -# define ENC_UNROLL FULL -#elif 0 -# define ENC_UNROLL PARTIAL -#else -# define ENC_UNROLL NONE -#endif - -#if 1 -# define DEC_UNROLL FULL -#elif 0 -# define DEC_UNROLL PARTIAL -#else -# define DEC_UNROLL NONE -#endif - -#if 1 -# define ENC_KS_UNROLL -#endif - -#if 1 -# define DEC_KS_UNROLL -#endif - -/* 6. FAST FINITE FIELD OPERATIONS - - If this section is included, tables are used to provide faster finite - field arithmetic (this has no effect if FIXED_TABLES is defined). -*/ -#if 1 -# define FF_TABLES -#endif - -/* 7. INTERNAL STATE VARIABLE FORMAT - - The internal state of Rijndael is stored in a number of local 32-bit - word varaibles which can be defined either as an array or as individual - names variables. Include this section if you want to store these local - varaibles in arrays. Otherwise individual local variables will be used. -*/ -#if 1 -# define ARRAYS -#endif - -/* 8. FIXED OR DYNAMIC TABLES - - When this section is included the tables used by the code are compiled - statically into the binary file. Otherwise the subroutine aes_init() - must be called to compute them before the code is first used. -*/ -#if 1 && !(defined( _MSC_VER ) && ( _MSC_VER <= 800 )) -# define FIXED_TABLES -#endif - -/* 9. MASKING OR CASTING FROM LONGER VALUES TO BYTES - - In some systems it is better to mask longer values to extract bytes - rather than using a cast. This option allows this choice. -*/ -#if 0 -# define to_byte(x) ((uint_8t)(x)) -#else -# define to_byte(x) ((x) & 0xff) -#endif - -/* 10. TABLE ALIGNMENT - - On some sytsems speed will be improved by aligning the AES large lookup - tables on particular boundaries. This define should be set to a power of - two giving the desired alignment. It can be left undefined if alignment - is not needed. This option is specific to the Microsft VC++ compiler - - it seems to sometimes cause trouble for the VC++ version 6 compiler. -*/ - -#if 1 && defined( _MSC_VER ) && ( _MSC_VER >= 1300 ) -# define TABLE_ALIGN 32 -#endif - -/* 11. REDUCE CODE AND TABLE SIZE - - This replaces some expanded macros with function calls if AES_ASM_V2 or - AES_ASM_V2C are defined -*/ - -#if 1 && (defined( ASM_X86_V2 ) || defined( ASM_X86_V2C )) -# define REDUCE_CODE_SIZE -#endif - -/* 12. TABLE OPTIONS - - This cipher proceeds by repeating in a number of cycles known as 'rounds' - which are implemented by a round function which can optionally be speeded - up using tables. The basic tables are each 256 32-bit words, with either - one or four tables being required for each round function depending on - how much speed is required. The encryption and decryption round functions - are different and the last encryption and decrytpion round functions are - different again making four different round functions in all. - - This means that: - 1. Normal encryption and decryption rounds can each use either 0, 1 - or 4 tables and table spaces of 0, 1024 or 4096 bytes each. - 2. The last encryption and decryption rounds can also use either 0, 1 - or 4 tables and table spaces of 0, 1024 or 4096 bytes each. - - Include or exclude the appropriate definitions below to set the number - of tables used by this implementation. -*/ - -#if 1 /* set tables for the normal encryption round */ -# define ENC_ROUND FOUR_TABLES -#elif 0 -# define ENC_ROUND ONE_TABLE -#else -# define ENC_ROUND NO_TABLES -#endif - -#if 1 /* set tables for the last encryption round */ -# define LAST_ENC_ROUND FOUR_TABLES -#elif 0 -# define LAST_ENC_ROUND ONE_TABLE -#else -# define LAST_ENC_ROUND NO_TABLES -#endif - -#if 1 /* set tables for the normal decryption round */ -# define DEC_ROUND FOUR_TABLES -#elif 0 -# define DEC_ROUND ONE_TABLE -#else -# define DEC_ROUND NO_TABLES -#endif - -#if 1 /* set tables for the last decryption round */ -# define LAST_DEC_ROUND FOUR_TABLES -#elif 0 -# define LAST_DEC_ROUND ONE_TABLE -#else -# define LAST_DEC_ROUND NO_TABLES -#endif - -/* The decryption key schedule can be speeded up with tables in the same - way that the round functions can. Include or exclude the following - defines to set this requirement. -*/ -#if 1 -# define KEY_SCHED FOUR_TABLES -#elif 0 -# define KEY_SCHED ONE_TABLE -#else -# define KEY_SCHED NO_TABLES -#endif - -/* ---- END OF USER CONFIGURED OPTIONS ---- */ - -/* VIA ACE support is only available for VC++ and GCC */ - -#if !defined( _MSC_VER ) && !defined( __GNUC__ ) -# if defined( ASSUME_VIA_ACE_PRESENT ) -# undef ASSUME_VIA_ACE_PRESENT -# endif -# if defined( USE_VIA_ACE_IF_PRESENT ) -# undef USE_VIA_ACE_IF_PRESENT -# endif -#endif - -#if defined( ASSUME_VIA_ACE_PRESENT ) && !defined( USE_VIA_ACE_IF_PRESENT ) -# define USE_VIA_ACE_IF_PRESENT -#endif - -#if defined( USE_VIA_ACE_IF_PRESENT ) && !defined ( AES_REV_DKS ) -# define AES_REV_DKS -#endif - -/* Assembler support requires the use of platform byte order */ - -#if ( defined( ASM_X86_V1C ) || defined( ASM_X86_V2C ) || defined( ASM_AMD64_C ) ) \ - && (ALGORITHM_BYTE_ORDER != PLATFORM_BYTE_ORDER) -# undef ALGORITHM_BYTE_ORDER -# define ALGORITHM_BYTE_ORDER PLATFORM_BYTE_ORDER -#endif - -/* In this implementation the columns of the state array are each held in - 32-bit words. The state array can be held in various ways: in an array - of words, in a number of individual word variables or in a number of - processor registers. The following define maps a variable name x and - a column number c to the way the state array variable is to be held. - The first define below maps the state into an array x[c] whereas the - second form maps the state into a number of individual variables x0, - x1, etc. Another form could map individual state colums to machine - register names. -*/ - -#if defined( ARRAYS ) -# define s(x,c) x[c] -#else -# define s(x,c) x##c -#endif - -/* This implementation provides subroutines for encryption, decryption - and for setting the three key lengths (separately) for encryption - and decryption. Since not all functions are needed, masks are set - up here to determine which will be implemented in C -*/ - -#if !defined( AES_ENCRYPT ) -# define EFUNCS_IN_C 0 -#elif defined( ASSUME_VIA_ACE_PRESENT ) || defined( ASM_X86_V1C ) \ - || defined( ASM_X86_V2C ) || defined( ASM_AMD64_C ) -# define EFUNCS_IN_C ENC_KEYING_IN_C -#elif !defined( ASM_X86_V2 ) -# define EFUNCS_IN_C ( ENCRYPTION_IN_C | ENC_KEYING_IN_C ) -#else -# define EFUNCS_IN_C 0 -#endif - -#if !defined( AES_DECRYPT ) -# define DFUNCS_IN_C 0 -#elif defined( ASSUME_VIA_ACE_PRESENT ) || defined( ASM_X86_V1C ) \ - || defined( ASM_X86_V2C ) || defined( ASM_AMD64_C ) -# define DFUNCS_IN_C DEC_KEYING_IN_C -#elif !defined( ASM_X86_V2 ) -# define DFUNCS_IN_C ( DECRYPTION_IN_C | DEC_KEYING_IN_C ) -#else -# define DFUNCS_IN_C 0 -#endif - -#define FUNCS_IN_C ( EFUNCS_IN_C | DFUNCS_IN_C ) - -/* END OF CONFIGURATION OPTIONS */ - -#define RC_LENGTH (5 * (AES_BLOCK_SIZE / 4 - 2)) - -/* Disable or report errors on some combinations of options */ - -#if ENC_ROUND == NO_TABLES && LAST_ENC_ROUND != NO_TABLES -# undef LAST_ENC_ROUND -# define LAST_ENC_ROUND NO_TABLES -#elif ENC_ROUND == ONE_TABLE && LAST_ENC_ROUND == FOUR_TABLES -# undef LAST_ENC_ROUND -# define LAST_ENC_ROUND ONE_TABLE -#endif - -#if ENC_ROUND == NO_TABLES && ENC_UNROLL != NONE -# undef ENC_UNROLL -# define ENC_UNROLL NONE -#endif - -#if DEC_ROUND == NO_TABLES && LAST_DEC_ROUND != NO_TABLES -# undef LAST_DEC_ROUND -# define LAST_DEC_ROUND NO_TABLES -#elif DEC_ROUND == ONE_TABLE && LAST_DEC_ROUND == FOUR_TABLES -# undef LAST_DEC_ROUND -# define LAST_DEC_ROUND ONE_TABLE -#endif - -#if DEC_ROUND == NO_TABLES && DEC_UNROLL != NONE -# undef DEC_UNROLL -# define DEC_UNROLL NONE -#endif - -#if defined( bswap32 ) -# define aes_sw32 bswap32 -#elif defined( bswap_32 ) -# define aes_sw32 bswap_32 -#else -# define brot(x,n) (((uint_32t)(x) << n) | ((uint_32t)(x) >> (32 - n))) -# define aes_sw32(x) ((brot((x),8) & 0x00ff00ff) | (brot((x),24) & 0xff00ff00)) -#endif - -/* upr(x,n): rotates bytes within words by n positions, moving bytes to - higher index positions with wrap around into low positions - ups(x,n): moves bytes by n positions to higher index positions in - words but without wrap around - bval(x,n): extracts a byte from a word - - WARNING: The definitions given here are intended only for use with - unsigned variables and with shift counts that are compile - time constants -*/ - -#if ( ALGORITHM_BYTE_ORDER == IS_LITTLE_ENDIAN ) -# define upr(x,n) (((uint_32t)(x) << (8 * (n))) | ((uint_32t)(x) >> (32 - 8 * (n)))) -# define ups(x,n) ((uint_32t) (x) << (8 * (n))) -# define bval(x,n) to_byte((x) >> (8 * (n))) -# define bytes2word(b0, b1, b2, b3) \ - (((uint_32t)(b3) << 24) | ((uint_32t)(b2) << 16) | ((uint_32t)(b1) << 8) | (b0)) -#endif - -#if ( ALGORITHM_BYTE_ORDER == IS_BIG_ENDIAN ) -# define upr(x,n) (((uint_32t)(x) >> (8 * (n))) | ((uint_32t)(x) << (32 - 8 * (n)))) -# define ups(x,n) ((uint_32t) (x) >> (8 * (n))) -# define bval(x,n) to_byte((x) >> (24 - 8 * (n))) -# define bytes2word(b0, b1, b2, b3) \ - (((uint_32t)(b0) << 24) | ((uint_32t)(b1) << 16) | ((uint_32t)(b2) << 8) | (b3)) -#endif - -#if defined( SAFE_IO ) -# define word_in(x,c) bytes2word(((const uint_8t*)(x)+4*c)[0], ((const uint_8t*)(x)+4*c)[1], \ - ((const uint_8t*)(x)+4*c)[2], ((const uint_8t*)(x)+4*c)[3]) -# define word_out(x,c,v) { ((uint_8t*)(x)+4*c)[0] = bval(v,0); ((uint_8t*)(x)+4*c)[1] = bval(v,1); \ - ((uint_8t*)(x)+4*c)[2] = bval(v,2); ((uint_8t*)(x)+4*c)[3] = bval(v,3); } -#elif ( ALGORITHM_BYTE_ORDER == PLATFORM_BYTE_ORDER ) -# define word_in(x,c) (*((uint_32t*)(x)+(c))) -# define word_out(x,c,v) (*((uint_32t*)(x)+(c)) = (v)) -#else -# define word_in(x,c) aes_sw32(*((uint_32t*)(x)+(c))) -# define word_out(x,c,v) (*((uint_32t*)(x)+(c)) = aes_sw32(v)) -#endif - -/* the finite field modular polynomial and elements */ - -#define WPOLY 0x011b -#define BPOLY 0x1b - -/* multiply four bytes in GF(2^8) by 'x' {02} in parallel */ - -#define m1 0x80808080 -#define m2 0x7f7f7f7f -#define gf_mulx(x) ((((x) & m2) << 1) ^ ((((x) & m1) >> 7) * BPOLY)) - -/* The following defines provide alternative definitions of gf_mulx that might - give improved performance if a fast 32-bit multiply is not available. Note - that a temporary variable u needs to be defined where gf_mulx is used. - -#define gf_mulx(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6)) -#define m4 (0x01010101 * BPOLY) -#define gf_mulx(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4) -*/ - -/* Work out which tables are needed for the different options */ - -#if defined( ASM_X86_V1C ) -# if defined( ENC_ROUND ) -# undef ENC_ROUND -# endif -# define ENC_ROUND FOUR_TABLES -# if defined( LAST_ENC_ROUND ) -# undef LAST_ENC_ROUND -# endif -# define LAST_ENC_ROUND FOUR_TABLES -# if defined( DEC_ROUND ) -# undef DEC_ROUND -# endif -# define DEC_ROUND FOUR_TABLES -# if defined( LAST_DEC_ROUND ) -# undef LAST_DEC_ROUND -# endif -# define LAST_DEC_ROUND FOUR_TABLES -# if defined( KEY_SCHED ) -# undef KEY_SCHED -# define KEY_SCHED FOUR_TABLES -# endif -#endif - -#if ( FUNCS_IN_C & ENCRYPTION_IN_C ) || defined( ASM_X86_V1C ) -# if ENC_ROUND == ONE_TABLE -# define FT1_SET -# elif ENC_ROUND == FOUR_TABLES -# define FT4_SET -# else -# define SBX_SET -# endif -# if LAST_ENC_ROUND == ONE_TABLE -# define FL1_SET -# elif LAST_ENC_ROUND == FOUR_TABLES -# define FL4_SET -# elif !defined( SBX_SET ) -# define SBX_SET -# endif -#endif - -#if ( FUNCS_IN_C & DECRYPTION_IN_C ) || defined( ASM_X86_V1C ) -# if DEC_ROUND == ONE_TABLE -# define IT1_SET -# elif DEC_ROUND == FOUR_TABLES -# define IT4_SET -# else -# define ISB_SET -# endif -# if LAST_DEC_ROUND == ONE_TABLE -# define IL1_SET -# elif LAST_DEC_ROUND == FOUR_TABLES -# define IL4_SET -# elif !defined(ISB_SET) -# define ISB_SET -# endif -#endif - -#if !(defined( REDUCE_CODE_SIZE ) && (defined( ASM_X86_V2 ) || defined( ASM_X86_V2C ))) -# if ((FUNCS_IN_C & ENC_KEYING_IN_C) || (FUNCS_IN_C & DEC_KEYING_IN_C)) -# if KEY_SCHED == ONE_TABLE -# if !defined( FL1_SET ) && !defined( FL4_SET ) -# define LS1_SET -# endif -# elif KEY_SCHED == FOUR_TABLES -# if !defined( FL4_SET ) -# define LS4_SET -# endif -# elif !defined( SBX_SET ) -# define SBX_SET -# endif -# endif -# if (FUNCS_IN_C & DEC_KEYING_IN_C) -# if KEY_SCHED == ONE_TABLE -# define IM1_SET -# elif KEY_SCHED == FOUR_TABLES -# define IM4_SET -# elif !defined( SBX_SET ) -# define SBX_SET -# endif -# endif -#endif - -/* generic definitions of Rijndael macros that use tables */ - -#define no_table(x,box,vf,rf,c) bytes2word( \ - box[bval(vf(x,0,c),rf(0,c))], \ - box[bval(vf(x,1,c),rf(1,c))], \ - box[bval(vf(x,2,c),rf(2,c))], \ - box[bval(vf(x,3,c),rf(3,c))]) - -#define one_table(x,op,tab,vf,rf,c) \ - ( tab[bval(vf(x,0,c),rf(0,c))] \ - ^ op(tab[bval(vf(x,1,c),rf(1,c))],1) \ - ^ op(tab[bval(vf(x,2,c),rf(2,c))],2) \ - ^ op(tab[bval(vf(x,3,c),rf(3,c))],3)) - -#define four_tables(x,tab,vf,rf,c) \ - ( tab[0][bval(vf(x,0,c),rf(0,c))] \ - ^ tab[1][bval(vf(x,1,c),rf(1,c))] \ - ^ tab[2][bval(vf(x,2,c),rf(2,c))] \ - ^ tab[3][bval(vf(x,3,c),rf(3,c))]) - -#define vf1(x,r,c) (x) -#define rf1(r,c) (r) -#define rf2(r,c) ((8+r-c)&3) - -/* perform forward and inverse column mix operation on four bytes in long word x in */ -/* parallel. NOTE: x must be a simple variable, NOT an expression in these macros. */ - -#if !(defined( REDUCE_CODE_SIZE ) && (defined( ASM_X86_V2 ) || defined( ASM_X86_V2C ))) - -#if defined( FM4_SET ) /* not currently used */ -# define fwd_mcol(x) four_tables(x,t_use(f,m),vf1,rf1,0) -#elif defined( FM1_SET ) /* not currently used */ -# define fwd_mcol(x) one_table(x,upr,t_use(f,m),vf1,rf1,0) -#else -# define dec_fmvars uint_32t g2 -# define fwd_mcol(x) (g2 = gf_mulx(x), g2 ^ upr((x) ^ g2, 3) ^ upr((x), 2) ^ upr((x), 1)) -#endif - -#if defined( IM4_SET ) -# define inv_mcol(x) four_tables(x,t_use(i,m),vf1,rf1,0) -#elif defined( IM1_SET ) -# define inv_mcol(x) one_table(x,upr,t_use(i,m),vf1,rf1,0) -#else -# define dec_imvars uint_32t g2, g4, g9 -# define inv_mcol(x) (g2 = gf_mulx(x), g4 = gf_mulx(g2), g9 = (x) ^ gf_mulx(g4), g4 ^= g9, \ - (x) ^ g2 ^ g4 ^ upr(g2 ^ g9, 3) ^ upr(g4, 2) ^ upr(g9, 1)) -#endif - -#if defined( FL4_SET ) -# define ls_box(x,c) four_tables(x,t_use(f,l),vf1,rf2,c) -#elif defined( LS4_SET ) -# define ls_box(x,c) four_tables(x,t_use(l,s),vf1,rf2,c) -#elif defined( FL1_SET ) -# define ls_box(x,c) one_table(x,upr,t_use(f,l),vf1,rf2,c) -#elif defined( LS1_SET ) -# define ls_box(x,c) one_table(x,upr,t_use(l,s),vf1,rf2,c) -#else -# define ls_box(x,c) no_table(x,t_use(s,box),vf1,rf2,c) -#endif - -#endif - -#if defined( ASM_X86_V1C ) && defined( AES_DECRYPT ) && !defined( ISB_SET ) -# define ISB_SET -#endif - -#endif diff --git a/src/java/kp2akeytransform/jni/aes/aestab.c b/src/java/kp2akeytransform/jni/aes/aestab.c deleted file mode 100644 index 1ac3739c8..000000000 --- a/src/java/kp2akeytransform/jni/aes/aestab.c +++ /dev/null @@ -1,398 +0,0 @@ -/* - --------------------------------------------------------------------------- - Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved. - - LICENSE TERMS - - The redistribution and use of this software (with or without changes) - is allowed without the payment of fees or royalties provided that: - - 1. source code distributions include the above copyright notice, this - list of conditions and the following disclaimer; - - 2. binary distributions include the above copyright notice, this list - of conditions and the following disclaimer in their documentation; - - 3. the name of the copyright holder is not used to endorse products - built using this software without specific written permission. - - DISCLAIMER - - This software is provided 'as is' with no explicit or implied warranties - in respect of its properties, including, but not limited to, correctness - and/or fitness for purpose. - --------------------------------------------------------------------------- - Issue Date: 20/12/2007 -*/ - -#define DO_TABLES - -#include "aes.h" -#include "aesopt.h" - -#if defined(FIXED_TABLES) - -#define sb_data(w) {\ - w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\ - w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\ - w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\ - w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\ - w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\ - w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\ - w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\ - w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\ - w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\ - w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\ - w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\ - w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\ - w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\ - w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\ - w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\ - w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\ - w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\ - w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\ - w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\ - w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\ - w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\ - w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\ - w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\ - w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\ - w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\ - w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\ - w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\ - w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\ - w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\ - w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\ - w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\ - w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16) } - -#define isb_data(w) {\ - w(0x52), w(0x09), w(0x6a), w(0xd5), w(0x30), w(0x36), w(0xa5), w(0x38),\ - w(0xbf), w(0x40), w(0xa3), w(0x9e), w(0x81), w(0xf3), w(0xd7), w(0xfb),\ - w(0x7c), w(0xe3), w(0x39), w(0x82), w(0x9b), w(0x2f), w(0xff), w(0x87),\ - w(0x34), w(0x8e), w(0x43), w(0x44), w(0xc4), w(0xde), w(0xe9), w(0xcb),\ - w(0x54), w(0x7b), w(0x94), w(0x32), w(0xa6), w(0xc2), w(0x23), w(0x3d),\ - w(0xee), w(0x4c), w(0x95), w(0x0b), w(0x42), w(0xfa), w(0xc3), w(0x4e),\ - w(0x08), w(0x2e), w(0xa1), w(0x66), w(0x28), w(0xd9), w(0x24), w(0xb2),\ - w(0x76), w(0x5b), w(0xa2), w(0x49), w(0x6d), w(0x8b), w(0xd1), w(0x25),\ - w(0x72), w(0xf8), w(0xf6), w(0x64), w(0x86), w(0x68), w(0x98), w(0x16),\ - w(0xd4), w(0xa4), w(0x5c), w(0xcc), w(0x5d), w(0x65), w(0xb6), w(0x92),\ - w(0x6c), w(0x70), w(0x48), w(0x50), w(0xfd), w(0xed), w(0xb9), w(0xda),\ - w(0x5e), w(0x15), w(0x46), w(0x57), w(0xa7), w(0x8d), w(0x9d), w(0x84),\ - w(0x90), w(0xd8), w(0xab), w(0x00), w(0x8c), w(0xbc), w(0xd3), w(0x0a),\ - w(0xf7), w(0xe4), w(0x58), w(0x05), w(0xb8), w(0xb3), w(0x45), w(0x06),\ - w(0xd0), w(0x2c), w(0x1e), w(0x8f), w(0xca), w(0x3f), w(0x0f), w(0x02),\ - w(0xc1), w(0xaf), w(0xbd), w(0x03), w(0x01), w(0x13), w(0x8a), w(0x6b),\ - w(0x3a), w(0x91), w(0x11), w(0x41), w(0x4f), w(0x67), w(0xdc), w(0xea),\ - w(0x97), w(0xf2), w(0xcf), w(0xce), w(0xf0), w(0xb4), w(0xe6), w(0x73),\ - w(0x96), w(0xac), w(0x74), w(0x22), w(0xe7), w(0xad), w(0x35), w(0x85),\ - w(0xe2), w(0xf9), w(0x37), w(0xe8), w(0x1c), w(0x75), w(0xdf), w(0x6e),\ - w(0x47), w(0xf1), w(0x1a), w(0x71), w(0x1d), w(0x29), w(0xc5), w(0x89),\ - w(0x6f), w(0xb7), w(0x62), w(0x0e), w(0xaa), w(0x18), w(0xbe), w(0x1b),\ - w(0xfc), w(0x56), w(0x3e), w(0x4b), w(0xc6), w(0xd2), w(0x79), w(0x20),\ - w(0x9a), w(0xdb), w(0xc0), w(0xfe), w(0x78), w(0xcd), w(0x5a), w(0xf4),\ - w(0x1f), w(0xdd), w(0xa8), w(0x33), w(0x88), w(0x07), w(0xc7), w(0x31),\ - w(0xb1), w(0x12), w(0x10), w(0x59), w(0x27), w(0x80), w(0xec), w(0x5f),\ - w(0x60), w(0x51), w(0x7f), w(0xa9), w(0x19), w(0xb5), w(0x4a), w(0x0d),\ - w(0x2d), w(0xe5), w(0x7a), w(0x9f), w(0x93), w(0xc9), w(0x9c), w(0xef),\ - w(0xa0), w(0xe0), w(0x3b), w(0x4d), w(0xae), w(0x2a), w(0xf5), w(0xb0),\ - w(0xc8), w(0xeb), w(0xbb), w(0x3c), w(0x83), w(0x53), w(0x99), w(0x61),\ - w(0x17), w(0x2b), w(0x04), w(0x7e), w(0xba), w(0x77), w(0xd6), w(0x26),\ - w(0xe1), w(0x69), w(0x14), w(0x63), w(0x55), w(0x21), w(0x0c), w(0x7d) } - -#define mm_data(w) {\ - w(0x00), w(0x01), w(0x02), w(0x03), w(0x04), w(0x05), w(0x06), w(0x07),\ - w(0x08), w(0x09), w(0x0a), w(0x0b), w(0x0c), w(0x0d), w(0x0e), w(0x0f),\ - w(0x10), w(0x11), w(0x12), w(0x13), w(0x14), w(0x15), w(0x16), w(0x17),\ - w(0x18), w(0x19), w(0x1a), w(0x1b), w(0x1c), w(0x1d), w(0x1e), w(0x1f),\ - w(0x20), w(0x21), w(0x22), w(0x23), w(0x24), w(0x25), w(0x26), w(0x27),\ - w(0x28), w(0x29), w(0x2a), w(0x2b), w(0x2c), w(0x2d), w(0x2e), w(0x2f),\ - w(0x30), w(0x31), w(0x32), w(0x33), w(0x34), w(0x35), w(0x36), w(0x37),\ - w(0x38), w(0x39), w(0x3a), w(0x3b), w(0x3c), w(0x3d), w(0x3e), w(0x3f),\ - w(0x40), w(0x41), w(0x42), w(0x43), w(0x44), w(0x45), w(0x46), w(0x47),\ - w(0x48), w(0x49), w(0x4a), w(0x4b), w(0x4c), w(0x4d), w(0x4e), w(0x4f),\ - w(0x50), w(0x51), w(0x52), w(0x53), w(0x54), w(0x55), w(0x56), w(0x57),\ - w(0x58), w(0x59), w(0x5a), w(0x5b), w(0x5c), w(0x5d), w(0x5e), w(0x5f),\ - w(0x60), w(0x61), w(0x62), w(0x63), w(0x64), w(0x65), w(0x66), w(0x67),\ - w(0x68), w(0x69), w(0x6a), w(0x6b), w(0x6c), w(0x6d), w(0x6e), w(0x6f),\ - w(0x70), w(0x71), w(0x72), w(0x73), w(0x74), w(0x75), w(0x76), w(0x77),\ - w(0x78), w(0x79), w(0x7a), w(0x7b), w(0x7c), w(0x7d), w(0x7e), w(0x7f),\ - w(0x80), w(0x81), w(0x82), w(0x83), w(0x84), w(0x85), w(0x86), w(0x87),\ - w(0x88), w(0x89), w(0x8a), w(0x8b), w(0x8c), w(0x8d), w(0x8e), w(0x8f),\ - w(0x90), w(0x91), w(0x92), w(0x93), w(0x94), w(0x95), w(0x96), w(0x97),\ - w(0x98), w(0x99), w(0x9a), w(0x9b), w(0x9c), w(0x9d), w(0x9e), w(0x9f),\ - w(0xa0), w(0xa1), w(0xa2), w(0xa3), w(0xa4), w(0xa5), w(0xa6), w(0xa7),\ - w(0xa8), w(0xa9), w(0xaa), w(0xab), w(0xac), w(0xad), w(0xae), w(0xaf),\ - w(0xb0), w(0xb1), w(0xb2), w(0xb3), w(0xb4), w(0xb5), w(0xb6), w(0xb7),\ - w(0xb8), w(0xb9), w(0xba), w(0xbb), w(0xbc), w(0xbd), w(0xbe), w(0xbf),\ - w(0xc0), w(0xc1), w(0xc2), w(0xc3), w(0xc4), w(0xc5), w(0xc6), w(0xc7),\ - w(0xc8), w(0xc9), w(0xca), w(0xcb), w(0xcc), w(0xcd), w(0xce), w(0xcf),\ - w(0xd0), w(0xd1), w(0xd2), w(0xd3), w(0xd4), w(0xd5), w(0xd6), w(0xd7),\ - w(0xd8), w(0xd9), w(0xda), w(0xdb), w(0xdc), w(0xdd), w(0xde), w(0xdf),\ - w(0xe0), w(0xe1), w(0xe2), w(0xe3), w(0xe4), w(0xe5), w(0xe6), w(0xe7),\ - w(0xe8), w(0xe9), w(0xea), w(0xeb), w(0xec), w(0xed), w(0xee), w(0xef),\ - w(0xf0), w(0xf1), w(0xf2), w(0xf3), w(0xf4), w(0xf5), w(0xf6), w(0xf7),\ - w(0xf8), w(0xf9), w(0xfa), w(0xfb), w(0xfc), w(0xfd), w(0xfe), w(0xff) } - -#define rc_data(w) {\ - w(0x01), w(0x02), w(0x04), w(0x08), w(0x10),w(0x20), w(0x40), w(0x80),\ - w(0x1b), w(0x36) } - -#define h0(x) (x) - -#define w0(p) bytes2word(p, 0, 0, 0) -#define w1(p) bytes2word(0, p, 0, 0) -#define w2(p) bytes2word(0, 0, p, 0) -#define w3(p) bytes2word(0, 0, 0, p) - -#define u0(p) bytes2word(f2(p), p, p, f3(p)) -#define u1(p) bytes2word(f3(p), f2(p), p, p) -#define u2(p) bytes2word(p, f3(p), f2(p), p) -#define u3(p) bytes2word(p, p, f3(p), f2(p)) - -#define v0(p) bytes2word(fe(p), f9(p), fd(p), fb(p)) -#define v1(p) bytes2word(fb(p), fe(p), f9(p), fd(p)) -#define v2(p) bytes2word(fd(p), fb(p), fe(p), f9(p)) -#define v3(p) bytes2word(f9(p), fd(p), fb(p), fe(p)) - -#endif - -#if defined(FIXED_TABLES) || !defined(FF_TABLES) - -#define f2(x) ((x<<1) ^ (((x>>7) & 1) * WPOLY)) -#define f4(x) ((x<<2) ^ (((x>>6) & 1) * WPOLY) ^ (((x>>6) & 2) * WPOLY)) -#define f8(x) ((x<<3) ^ (((x>>5) & 1) * WPOLY) ^ (((x>>5) & 2) * WPOLY) \ - ^ (((x>>5) & 4) * WPOLY)) -#define f3(x) (f2(x) ^ x) -#define f9(x) (f8(x) ^ x) -#define fb(x) (f8(x) ^ f2(x) ^ x) -#define fd(x) (f8(x) ^ f4(x) ^ x) -#define fe(x) (f8(x) ^ f4(x) ^ f2(x)) - -#else - -#define f2(x) ((x) ? pow[log[x] + 0x19] : 0) -#define f3(x) ((x) ? pow[log[x] + 0x01] : 0) -#define f9(x) ((x) ? pow[log[x] + 0xc7] : 0) -#define fb(x) ((x) ? pow[log[x] + 0x68] : 0) -#define fd(x) ((x) ? pow[log[x] + 0xee] : 0) -#define fe(x) ((x) ? pow[log[x] + 0xdf] : 0) - -#endif - -#include "aestab.h" - -#if defined(__cplusplus) -extern "C" -{ -#endif - -#if defined(FIXED_TABLES) - -/* implemented in case of wrong call for fixed tables */ - -AES_RETURN aes_init(void) -{ - return EXIT_SUCCESS; -} - -#else /* Generate the tables for the dynamic table option */ - -#if defined(FF_TABLES) - -#define gf_inv(x) ((x) ? pow[ 255 - log[x]] : 0) - -#else - -/* It will generally be sensible to use tables to compute finite - field multiplies and inverses but where memory is scarse this - code might sometimes be better. But it only has effect during - initialisation so its pretty unimportant in overall terms. -*/ - -/* return 2 ^ (n - 1) where n is the bit number of the highest bit - set in x with x in the range 1 < x < 0x00000200. This form is - used so that locals within fi can be bytes rather than words -*/ - -static uint_8t hibit(const uint_32t x) -{ uint_8t r = (uint_8t)((x >> 1) | (x >> 2)); - - r |= (r >> 2); - r |= (r >> 4); - return (r + 1) >> 1; -} - -/* return the inverse of the finite field element x */ - -static uint_8t gf_inv(const uint_8t x) -{ uint_8t p1 = x, p2 = BPOLY, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0; - - if(x < 2) - return x; - - for( ; ; ) - { - if(n1) - while(n2 >= n1) /* divide polynomial p2 by p1 */ - { - n2 /= n1; /* shift smaller polynomial left */ - p2 ^= (p1 * n2) & 0xff; /* and remove from larger one */ - v2 ^= v1 * n2; /* shift accumulated value and */ - n2 = hibit(p2); /* add into result */ - } - else - return v1; - - if(n2) /* repeat with values swapped */ - while(n1 >= n2) - { - n1 /= n2; - p1 ^= p2 * n1; - v1 ^= v2 * n1; - n1 = hibit(p1); - } - else - return v2; - } -} - -#endif - -/* The forward and inverse affine transformations used in the S-box */ -uint_8t fwd_affine(const uint_8t x) -{ uint_32t w = x; - w ^= (w << 1) ^ (w << 2) ^ (w << 3) ^ (w << 4); - return 0x63 ^ ((w ^ (w >> 8)) & 0xff); -} - -uint_8t inv_affine(const uint_8t x) -{ uint_32t w = x; - w = (w << 1) ^ (w << 3) ^ (w << 6); - return 0x05 ^ ((w ^ (w >> 8)) & 0xff); -} - -static int init = 0; - -AES_RETURN aes_init(void) -{ uint_32t i, w; - -#if defined(FF_TABLES) - - uint_8t pow[512], log[256]; - - if(init) - return EXIT_SUCCESS; - /* log and power tables for GF(2^8) finite field with - WPOLY as modular polynomial - the simplest primitive - root is 0x03, used here to generate the tables - */ - - i = 0; w = 1; - do - { - pow[i] = (uint_8t)w; - pow[i + 255] = (uint_8t)w; - log[w] = (uint_8t)i++; - w ^= (w << 1) ^ (w & 0x80 ? WPOLY : 0); - } - while (w != 1); - -#else - if(init) - return EXIT_SUCCESS; -#endif - - for(i = 0, w = 1; i < RC_LENGTH; ++i) - { - t_set(r,c)[i] = bytes2word(w, 0, 0, 0); - w = f2(w); - } - - for(i = 0; i < 256; ++i) - { uint_8t b; - - b = fwd_affine(gf_inv((uint_8t)i)); - w = bytes2word(f2(b), b, b, f3(b)); - -#if defined( SBX_SET ) - t_set(s,box)[i] = b; -#endif - -#if defined( FT1_SET ) /* tables for a normal encryption round */ - t_set(f,n)[i] = w; -#endif -#if defined( FT4_SET ) - t_set(f,n)[0][i] = w; - t_set(f,n)[1][i] = upr(w,1); - t_set(f,n)[2][i] = upr(w,2); - t_set(f,n)[3][i] = upr(w,3); -#endif - w = bytes2word(b, 0, 0, 0); - -#if defined( FL1_SET ) /* tables for last encryption round (may also */ - t_set(f,l)[i] = w; /* be used in the key schedule) */ -#endif -#if defined( FL4_SET ) - t_set(f,l)[0][i] = w; - t_set(f,l)[1][i] = upr(w,1); - t_set(f,l)[2][i] = upr(w,2); - t_set(f,l)[3][i] = upr(w,3); -#endif - -#if defined( LS1_SET ) /* table for key schedule if t_set(f,l) above is*/ - t_set(l,s)[i] = w; /* not of the required form */ -#endif -#if defined( LS4_SET ) - t_set(l,s)[0][i] = w; - t_set(l,s)[1][i] = upr(w,1); - t_set(l,s)[2][i] = upr(w,2); - t_set(l,s)[3][i] = upr(w,3); -#endif - - b = gf_inv(inv_affine((uint_8t)i)); - w = bytes2word(fe(b), f9(b), fd(b), fb(b)); - -#if defined( IM1_SET ) /* tables for the inverse mix column operation */ - t_set(i,m)[b] = w; -#endif -#if defined( IM4_SET ) - t_set(i,m)[0][b] = w; - t_set(i,m)[1][b] = upr(w,1); - t_set(i,m)[2][b] = upr(w,2); - t_set(i,m)[3][b] = upr(w,3); -#endif - -#if defined( ISB_SET ) - t_set(i,box)[i] = b; -#endif -#if defined( IT1_SET ) /* tables for a normal decryption round */ - t_set(i,n)[i] = w; -#endif -#if defined( IT4_SET ) - t_set(i,n)[0][i] = w; - t_set(i,n)[1][i] = upr(w,1); - t_set(i,n)[2][i] = upr(w,2); - t_set(i,n)[3][i] = upr(w,3); -#endif - w = bytes2word(b, 0, 0, 0); -#if defined( IL1_SET ) /* tables for last decryption round */ - t_set(i,l)[i] = w; -#endif -#if defined( IL4_SET ) - t_set(i,l)[0][i] = w; - t_set(i,l)[1][i] = upr(w,1); - t_set(i,l)[2][i] = upr(w,2); - t_set(i,l)[3][i] = upr(w,3); -#endif - } - init = 1; - return EXIT_SUCCESS; -} - -#endif - -#if defined(__cplusplus) -} -#endif - diff --git a/src/java/kp2akeytransform/jni/aes/aestab.h b/src/java/kp2akeytransform/jni/aes/aestab.h deleted file mode 100644 index 6b573cfcd..000000000 --- a/src/java/kp2akeytransform/jni/aes/aestab.h +++ /dev/null @@ -1,180 +0,0 @@ -/* - --------------------------------------------------------------------------- - Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved. - - LICENSE TERMS - - The redistribution and use of this software (with or without changes) - is allowed without the payment of fees or royalties provided that: - - 1. source code distributions include the above copyright notice, this - list of conditions and the following disclaimer; - - 2. binary distributions include the above copyright notice, this list - of conditions and the following disclaimer in their documentation; - - 3. the name of the copyright holder is not used to endorse products - built using this software without specific written permission. - - DISCLAIMER - - This software is provided 'as is' with no explicit or implied warranties - in respect of its properties, including, but not limited to, correctness - and/or fitness for purpose. - --------------------------------------------------------------------------- - Issue Date: 20/12/2007 - - This file contains the code for declaring the tables needed to implement - AES. The file aesopt.h is assumed to be included before this header file. - If there are no global variables, the definitions here can be used to put - the AES tables in a structure so that a pointer can then be added to the - AES context to pass them to the AES routines that need them. If this - facility is used, the calling program has to ensure that this pointer is - managed appropriately. In particular, the value of the t_dec(in,it) item - in the table structure must be set to zero in order to ensure that the - tables are initialised. In practice the three code sequences in aeskey.c - that control the calls to aes_init() and the aes_init() routine itself will - have to be changed for a specific implementation. If global variables are - available it will generally be preferable to use them with the precomputed - FIXED_TABLES option that uses static global tables. - - The following defines can be used to control the way the tables - are defined, initialised and used in embedded environments that - require special features for these purposes - - the 't_dec' construction is used to declare fixed table arrays - the 't_set' construction is used to set fixed table values - the 't_use' construction is used to access fixed table values - - 256 byte tables: - - t_xxx(s,box) => forward S box - t_xxx(i,box) => inverse S box - - 256 32-bit word OR 4 x 256 32-bit word tables: - - t_xxx(f,n) => forward normal round - t_xxx(f,l) => forward last round - t_xxx(i,n) => inverse normal round - t_xxx(i,l) => inverse last round - t_xxx(l,s) => key schedule table - t_xxx(i,m) => key schedule table - - Other variables and tables: - - t_xxx(r,c) => the rcon table -*/ - -#if !defined( _AESTAB_H ) -#define _AESTAB_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#define t_dec(m,n) t_##m##n -#define t_set(m,n) t_##m##n -#define t_use(m,n) t_##m##n - -#if defined(FIXED_TABLES) -# if !defined( __GNUC__ ) && (defined( __MSDOS__ ) || defined( __WIN16__ )) -/* make tables far data to avoid using too much DGROUP space (PG) */ -# define CONST const far -# else -# define CONST const -# endif -#else -# define CONST -#endif - -#if defined(DO_TABLES) -# define EXTERN -#else -# define EXTERN extern -#endif - -#if defined(_MSC_VER) && defined(TABLE_ALIGN) -#define ALIGN __declspec(align(TABLE_ALIGN)) -#else -#define ALIGN -#endif - -#if defined( __WATCOMC__ ) && ( __WATCOMC__ >= 1100 ) -# define XP_DIR __cdecl -#else -# define XP_DIR -#endif - -#if defined(DO_TABLES) && defined(FIXED_TABLES) -#define d_1(t,n,b,e) EXTERN ALIGN CONST XP_DIR t n[256] = b(e) -#define d_4(t,n,b,e,f,g,h) EXTERN ALIGN CONST XP_DIR t n[4][256] = { b(e), b(f), b(g), b(h) } -EXTERN ALIGN CONST uint_32t t_dec(r,c)[RC_LENGTH] = rc_data(w0); -#else -#define d_1(t,n,b,e) EXTERN ALIGN CONST XP_DIR t n[256] -#define d_4(t,n,b,e,f,g,h) EXTERN ALIGN CONST XP_DIR t n[4][256] -EXTERN ALIGN CONST uint_32t t_dec(r,c)[RC_LENGTH]; -#endif - -#if defined( SBX_SET ) - d_1(uint_8t, t_dec(s,box), sb_data, h0); -#endif -#if defined( ISB_SET ) - d_1(uint_8t, t_dec(i,box), isb_data, h0); -#endif - -#if defined( FT1_SET ) - d_1(uint_32t, t_dec(f,n), sb_data, u0); -#endif -#if defined( FT4_SET ) - d_4(uint_32t, t_dec(f,n), sb_data, u0, u1, u2, u3); -#endif - -#if defined( FL1_SET ) - d_1(uint_32t, t_dec(f,l), sb_data, w0); -#endif -#if defined( FL4_SET ) - d_4(uint_32t, t_dec(f,l), sb_data, w0, w1, w2, w3); -#endif - -#if defined( IT1_SET ) - d_1(uint_32t, t_dec(i,n), isb_data, v0); -#endif -#if defined( IT4_SET ) - d_4(uint_32t, t_dec(i,n), isb_data, v0, v1, v2, v3); -#endif - -#if defined( IL1_SET ) - d_1(uint_32t, t_dec(i,l), isb_data, w0); -#endif -#if defined( IL4_SET ) - d_4(uint_32t, t_dec(i,l), isb_data, w0, w1, w2, w3); -#endif - -#if defined( LS1_SET ) -#if defined( FL1_SET ) -#undef LS1_SET -#else - d_1(uint_32t, t_dec(l,s), sb_data, w0); -#endif -#endif - -#if defined( LS4_SET ) -#if defined( FL4_SET ) -#undef LS4_SET -#else - d_4(uint_32t, t_dec(l,s), sb_data, w0, w1, w2, w3); -#endif -#endif - -#if defined( IM1_SET ) - d_1(uint_32t, t_dec(i,m), mm_data, v0); -#endif -#if defined( IM4_SET ) - d_4(uint_32t, t_dec(i,m), mm_data, v0, v1, v2, v3); -#endif - -#if defined(__cplusplus) -} -#endif - -#endif diff --git a/src/java/kp2akeytransform/jni/aes/aesxam.c b/src/java/kp2akeytransform/jni/aes/aesxam.c deleted file mode 100644 index e454aefc1..000000000 --- a/src/java/kp2akeytransform/jni/aes/aesxam.c +++ /dev/null @@ -1,426 +0,0 @@ -/* - --------------------------------------------------------------------------- - Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved. - - LICENSE TERMS - - The redistribution and use of this software (with or without changes) - is allowed without the payment of fees or royalties provided that: - - 1. source code distributions include the above copyright notice, this - list of conditions and the following disclaimer; - - 2. binary distributions include the above copyright notice, this list - of conditions and the following disclaimer in their documentation; - - 3. the name of the copyright holder is not used to endorse products - built using this software without specific written permission. - - DISCLAIMER - - This software is provided 'as is' with no explicit or implied warranties - in respect of its properties, including, but not limited to, correctness - and/or fitness for purpose. - --------------------------------------------------------------------------- - Issue Date: 20/12/2007 -*/ - -// An example of the use of AES (Rijndael) for file encryption. This code -// implements AES in CBC mode with ciphertext stealing when the file length -// is greater than one block (16 bytes). This code is an example of how to -// use AES and is not intended for real use since it does not provide any -// file integrity checking. -// -// The Command line is: -// -// aesxam input_file_name output_file_name [D|E] hexadecimalkey -// -// where E gives encryption and D decryption of the input file into the -// output file using the given hexadecimal key string. The later is a -// hexadecimal sequence of 32, 48 or 64 digits. Examples to encrypt or -// decrypt aes.c into aes.enc are: -// -// aesxam file.c file.enc E 0123456789abcdeffedcba9876543210 -// -// aesxam file.enc file2.c D 0123456789abcdeffedcba9876543210 -// -// which should return a file 'file2.c' identical to 'file.c' -// -// CIPHERTEXT STEALING -// -// Ciphertext stealing modifies the encryption of the last two CBC -// blocks. It can be applied invariably to the last two plaintext -// blocks or only applied when the last block is a partial one. In -// this code it is only applied if there is a partial block. For -// a plaintext consisting of N blocks, with the last block possibly -// a partial one, ciphertext stealing works as shown below (note the -// reversal of the last two ciphertext blocks). During decryption -// the part of the C:N-1 block that is not transmitted (X) can be -// obtained from the decryption of the penultimate ciphertext block -// since the bytes in X are xored with the zero padding appended to -// the last plaintext block. -// -// This is a picture of the processing of the last -// plaintext blocks during encryption: -// -// +---------+ +---------+ +---------+ +-------+-+ -// | P:N-4 | | P:N-3 | | P:N-2 | | P:N-1 |0| -// +---------+ +---------+ +---------+ +-------+-+ -// | | | | -// v v v v -// +----->x +----->x +----->x +----->x x = xor -// | | | | | | | | -// | v | v | v | v -// | +---+ | +---+ | +---+ | +---+ -// | | E | | | E | | | E | | | E | -// | +---+ | +---+ | +---+ | +---+ -// | | | | | | | | -// | | | | | v | +---+ -// | | | | | +-------+-+ | | -// | | | | | | C:N-1 |X| | | -// | | | | | +-------+-+ ^ | -// | | | | | || | | -// | | | | | |+------+ | -// | | | | | +----------|--+ -// | | | | | | | -// | | | | | +---------+ | -// | | | | | | | -// | v | v | v v -// | +---------+ | +---------+ | +---------+ +-------+ -// -+ | C:N-4 |-+ | C:N-3 |-+ | C:N-2 | | C:N-1 | -// +---------+ +---------+ +---------+ +-------+ -// -// And this is a picture of the processing of the last -// ciphertext blocks during decryption: -// -// +---------+ +---------+ +---------+ +-------+ -// -+ | C:N-4 |-+ | C:N-3 |-+ | C:N-2 | | C:N-1 | -// | +---------+ | +---------+ | +---------+ +-------+ -// | | | | | | | -// | v | v | v +--------|----+ -// | +---+ | +---+ | +---+ | +--<--+ | -// | | D | | | D | | | D | | | | | -// | +---+ | +---+ | +---+ | | v v -// | | | | | | ^ | +-------+-+ -// | v | v | v | | | C:N-1 |X| -// +----->x +----->x | +-------+-+ | +-------+-+ -// | | | | |X| | | -// | | | +-------+-+ | v -// | | | | | +---+ -// | | | | v | D | -// | | | +------>x +---+ -// | | | | | -// | | +----->x<-----|------+ x = xor -// | | | +-----+ -// | | | | -// v v v v -// +---------+ +---------+ +---------+ +-------+ -// | P:N-4 | | P:N-3 | | P:N-2 | | P:N-1 | -// +---------+ +---------+ +---------+ +-------+ - -#include -#include - -#include "aes.h" -#include "rdtsc.h" - -#define BLOCK_LEN 16 - -#define OK 0 -#define READ_ERROR -7 -#define WRITE_ERROR -8 - -// A Pseudo Random Number Generator (PRNG) used for the -// Initialisation Vector. The PRNG is George Marsaglia's -// Multiply-With-Carry (MWC) PRNG that concatenates two -// 16-bit MWC generators: -// x(n)=36969 * x(n-1) + carry mod 2^16 -// y(n)=18000 * y(n-1) + carry mod 2^16 -// to produce a combined PRNG with a period of about 2^60. -// The Pentium cycle counter is used to initialise it. This -// is crude but the IV does not really need to be secret. - -#define RAND(a,b) (((a = 36969 * (a & 65535) + (a >> 16)) << 16) + \ - (b = 18000 * (b & 65535) + (b >> 16)) ) - -void fillrand(unsigned char *buf, const int len) -{ static unsigned long a[2], mt = 1, count = 4; - static unsigned char r[4]; - int i; - - if(mt) { mt = 0; *(unsigned long long*)a = read_tsc(); } - - for(i = 0; i < len; ++i) - { - if(count == 4) - { - *(unsigned long*)r = RAND(a[0], a[1]); - count = 0; - } - - buf[i] = r[count++]; - } -} - -int encfile(FILE *fin, FILE *fout, aes_encrypt_ctx ctx[1]) -{ unsigned char dbuf[3 * BLOCK_LEN]; - unsigned long i, len, wlen = BLOCK_LEN; - - // When ciphertext stealing is used, we three ciphertext blocks so - // we use a buffer that is three times the block length. The buffer - // pointers b1, b2 and b3 point to the buffer positions of three - // ciphertext blocks, b3 being the most recent and b1 being the - // oldest. We start with the IV in b1 and the block to be decrypted - // in b2. - - // set a random IV - - fillrand(dbuf, BLOCK_LEN); - - // read the first file block - len = (unsigned long) fread((char*)dbuf + BLOCK_LEN, 1, BLOCK_LEN, fin); - - if(len < BLOCK_LEN) - { // if the file length is less than one block - - // xor the file bytes with the IV bytes - for(i = 0; i < len; ++i) - dbuf[i + BLOCK_LEN] ^= dbuf[i]; - - // encrypt the top 16 bytes of the buffer - aes_encrypt(dbuf + len, dbuf + len, ctx); - - len += BLOCK_LEN; - // write the IV and the encrypted file bytes - if(fwrite((char*)dbuf, 1, len, fout) != len) - return WRITE_ERROR; - - return OK; - } - else // if the file length is more 16 bytes - { unsigned char *b1 = dbuf, *b2 = b1 + BLOCK_LEN, *b3 = b2 + BLOCK_LEN, *bt; - - // write the IV - if(fwrite((char*)dbuf, 1, BLOCK_LEN, fout) != BLOCK_LEN) - return WRITE_ERROR; - - for( ; ; ) - { - // read the next block to see if ciphertext stealing is needed - len = (unsigned long)fread((char*)b3, 1, BLOCK_LEN, fin); - - // do CBC chaining prior to encryption for current block (in b2) - for(i = 0; i < BLOCK_LEN; ++i) - b1[i] ^= b2[i]; - - // encrypt the block (now in b1) - aes_encrypt(b1, b1, ctx); - - if(len != 0 && len != BLOCK_LEN) // use ciphertext stealing - { - // set the length of the last block - wlen = len; - - // xor ciphertext into last block - for(i = 0; i < len; ++i) - b3[i] ^= b1[i]; - - // move 'stolen' ciphertext into last block - for(i = len; i < BLOCK_LEN; ++i) - b3[i] = b1[i]; - - // encrypt this block - aes_encrypt(b3, b3, ctx); - - // and write it as the second to last encrypted block - if(fwrite((char*)b3, 1, BLOCK_LEN, fout) != BLOCK_LEN) - return WRITE_ERROR; - } - - // write the encrypted block - if(fwrite((char*)b1, 1, wlen, fout) != wlen) - return WRITE_ERROR; - - if(len != BLOCK_LEN) - return OK; - - // advance the buffer pointers - bt = b3, b3 = b2, b2 = b1, b1 = bt; - } - } -} - -int decfile(FILE *fin, FILE *fout, aes_decrypt_ctx ctx[1]) -{ unsigned char dbuf[3 * BLOCK_LEN], buf[BLOCK_LEN]; - unsigned long i, len, wlen = BLOCK_LEN; - - // When ciphertext stealing is used, we three ciphertext blocks so - // we use a buffer that is three times the block length. The buffer - // pointers b1, b2 and b3 point to the buffer positions of three - // ciphertext blocks, b3 being the most recent and b1 being the - // oldest. We start with the IV in b1 and the block to be decrypted - // in b2. - - len = (unsigned long)fread((char*)dbuf, 1, 2 * BLOCK_LEN, fin); - - if(len < 2 * BLOCK_LEN) // the original file is less than one block in length - { - len -= BLOCK_LEN; - // decrypt from position len to position len + BLOCK_LEN - aes_decrypt(dbuf + len, dbuf + len, ctx); - - // undo the CBC chaining - for(i = 0; i < len; ++i) - dbuf[i] ^= dbuf[i + BLOCK_LEN]; - - // output the decrypted bytes - if(fwrite((char*)dbuf, 1, len, fout) != len) - return WRITE_ERROR; - - return OK; - } - else - { unsigned char *b1 = dbuf, *b2 = b1 + BLOCK_LEN, *b3 = b2 + BLOCK_LEN, *bt; - - for( ; ; ) // while some ciphertext remains, prepare to decrypt block b2 - { - // read in the next block to see if ciphertext stealing is needed - len = fread((char*)b3, 1, BLOCK_LEN, fin); - - // decrypt the b2 block - aes_decrypt(b2, buf, ctx); - - if(len == 0 || len == BLOCK_LEN) // no ciphertext stealing - { - // unchain CBC using the previous ciphertext block in b1 - for(i = 0; i < BLOCK_LEN; ++i) - buf[i] ^= b1[i]; - } - else // partial last block - use ciphertext stealing - { - wlen = len; - - // produce last 'len' bytes of plaintext by xoring with - // the lowest 'len' bytes of next block b3 - C[N-1] - for(i = 0; i < len; ++i) - buf[i] ^= b3[i]; - - // reconstruct the C[N-1] block in b3 by adding in the - // last (BLOCK_LEN - len) bytes of C[N-2] in b2 - for(i = len; i < BLOCK_LEN; ++i) - b3[i] = buf[i]; - - // decrypt the C[N-1] block in b3 - aes_decrypt(b3, b3, ctx); - - // produce the last but one plaintext block by xoring with - // the last but two ciphertext block - for(i = 0; i < BLOCK_LEN; ++i) - b3[i] ^= b1[i]; - - // write decrypted plaintext blocks - if(fwrite((char*)b3, 1, BLOCK_LEN, fout) != BLOCK_LEN) - return WRITE_ERROR; - } - - // write the decrypted plaintext block - if(fwrite((char*)buf, 1, wlen, fout) != wlen) - return WRITE_ERROR; - - if(len != BLOCK_LEN) - return OK; - - // advance the buffer pointers - bt = b1, b1 = b2, b2 = b3, b3 = bt; - } - } -} - -int main(int argc, char *argv[]) -{ FILE *fin = 0, *fout = 0; - char *cp, ch, key[32]; - int i, by = 0, key_len, err = 0; - - if(argc != 5 || toupper(*argv[3]) != 'D' && toupper(*argv[3]) != 'E') - { - printf("usage: aesxam in_filename out_filename [d/e] key_in_hex\n"); - err = -1; goto exit; - } - - aes_init(); // in case dynamic AES tables are being used - - cp = argv[4]; // this is a pointer to the hexadecimal key digits - i = 0; // this is a count for the input digits processed - - while(i < 64 && *cp) // the maximum key length is 32 bytes and - { // hence at most 64 hexadecimal digits - ch = toupper(*cp++); // process a hexadecimal digit - if(ch >= '0' && ch <= '9') - by = (by << 4) + ch - '0'; - else if(ch >= 'A' && ch <= 'F') - by = (by << 4) + ch - 'A' + 10; - else // error if not hexadecimal - { - printf("key must be in hexadecimal notation\n"); - err = -2; goto exit; - } - - // store a key byte for each pair of hexadecimal digits - if(i++ & 1) - key[i / 2 - 1] = by & 0xff; - } - - if(*cp) - { - printf("The key value is too long\n"); - err = -3; goto exit; - } - else if(i < 32 || (i & 15)) - { - printf("The key length must be 32, 48 or 64 hexadecimal digits\n"); - err = -4; goto exit; - } - - key_len = i / 2; - - if(!(fin = fopen(argv[1], "rb"))) // try to open the input file - { - printf("The input file: %s could not be opened\n", argv[1]); - err = -5; goto exit; - } - - if(!(fout = fopen(argv[2], "wb"))) // try to open the output file - { - printf("The output file: %s could not be opened\n", argv[2]); - err = -6; goto exit; - } - - if(toupper(*argv[3]) == 'E') // encryption in Cipher Block Chaining mode - { aes_encrypt_ctx ctx[1]; - - aes_encrypt_key((unsigned char*)key, key_len, ctx); - - err = encfile(fin, fout, ctx); - } - else // decryption in Cipher Block Chaining mode - { aes_decrypt_ctx ctx[1]; - - aes_decrypt_key((unsigned char*)key, key_len, ctx); - - err = decfile(fin, fout, ctx); - } -exit: - if(err == READ_ERROR) - printf("Error reading from input file: %s\n", argv[1]); - - if(err == WRITE_ERROR) - printf("Error writing to output file: %s\n", argv[2]); - - if(fout) - fclose(fout); - - if(fin) - fclose(fin); - - return err; -} diff --git a/src/java/kp2akeytransform/jni/aes/brg_endian.h b/src/java/kp2akeytransform/jni/aes/brg_endian.h deleted file mode 100644 index e3cf0d11d..000000000 --- a/src/java/kp2akeytransform/jni/aes/brg_endian.h +++ /dev/null @@ -1,133 +0,0 @@ -/* - --------------------------------------------------------------------------- - Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved. - - LICENSE TERMS - - The redistribution and use of this software (with or without changes) - is allowed without the payment of fees or royalties provided that: - - 1. source code distributions include the above copyright notice, this - list of conditions and the following disclaimer; - - 2. binary distributions include the above copyright notice, this list - of conditions and the following disclaimer in their documentation; - - 3. the name of the copyright holder is not used to endorse products - built using this software without specific written permission. - - DISCLAIMER - - This software is provided 'as is' with no explicit or implied warranties - in respect of its properties, including, but not limited to, correctness - and/or fitness for purpose. - --------------------------------------------------------------------------- - Issue Date: 20/12/2007 -*/ - -#ifndef _BRG_ENDIAN_H -#define _BRG_ENDIAN_H - -#define IS_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */ -#define IS_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */ - -/* Include files where endian defines and byteswap functions may reside */ -#if defined( __sun ) -# include -#elif defined( __FreeBSD__ ) || defined( __OpenBSD__ ) || defined( __NetBSD__ ) -# include -#elif defined( BSD ) && ( BSD >= 199103 ) || defined( __APPLE__ ) || \ - defined( __CYGWIN32__ ) || defined( __DJGPP__ ) || defined( __osf__ ) -# include -#elif defined( __linux__ ) || defined( __GNUC__ ) || defined( __GNU_LIBRARY__ ) -# if !defined( __MINGW32__ ) && !defined( _AIX ) -# include -# if !defined( __BEOS__ ) -# include -# endif -# endif -#endif - -/* Now attempt to set the define for platform byte order using any */ -/* of the four forms SYMBOL, _SYMBOL, __SYMBOL & __SYMBOL__, which */ -/* seem to encompass most endian symbol definitions */ - -#if defined( BIG_ENDIAN ) && defined( LITTLE_ENDIAN ) -# if defined( BYTE_ORDER ) && BYTE_ORDER == BIG_ENDIAN -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -# elif defined( BYTE_ORDER ) && BYTE_ORDER == LITTLE_ENDIAN -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -# endif -#elif defined( BIG_ENDIAN ) -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -#elif defined( LITTLE_ENDIAN ) -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -#endif - -#if defined( _BIG_ENDIAN ) && defined( _LITTLE_ENDIAN ) -# if defined( _BYTE_ORDER ) && _BYTE_ORDER == _BIG_ENDIAN -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -# elif defined( _BYTE_ORDER ) && _BYTE_ORDER == _LITTLE_ENDIAN -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -# endif -#elif defined( _BIG_ENDIAN ) -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -#elif defined( _LITTLE_ENDIAN ) -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -#endif - -#if defined( __BIG_ENDIAN ) && defined( __LITTLE_ENDIAN ) -# if defined( __BYTE_ORDER ) && __BYTE_ORDER == __BIG_ENDIAN -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -# elif defined( __BYTE_ORDER ) && __BYTE_ORDER == __LITTLE_ENDIAN -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -# endif -#elif defined( __BIG_ENDIAN ) -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -#elif defined( __LITTLE_ENDIAN ) -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -#endif - -#if defined( __BIG_ENDIAN__ ) && defined( __LITTLE_ENDIAN__ ) -# if defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __BIG_ENDIAN__ -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -# elif defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __LITTLE_ENDIAN__ -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -# endif -#elif defined( __BIG_ENDIAN__ ) -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -#elif defined( __LITTLE_ENDIAN__ ) -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -#endif - -/* if the platform byte order could not be determined, then try to */ -/* set this define using common machine defines */ -#if !defined(PLATFORM_BYTE_ORDER) - -#if defined( __alpha__ ) || defined( __alpha ) || defined( i386 ) || \ - defined( __i386__ ) || defined( _M_I86 ) || defined( _M_IX86 ) || \ - defined( __OS2__ ) || defined( sun386 ) || defined( __TURBOC__ ) || \ - defined( vax ) || defined( vms ) || defined( VMS ) || \ - defined( __VMS ) || defined( _M_X64 ) -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN - -#elif defined( AMIGA ) || defined( applec ) || defined( __AS400__ ) || \ - defined( _CRAY ) || defined( __hppa ) || defined( __hp9000 ) || \ - defined( ibm370 ) || defined( mc68000 ) || defined( m68k ) || \ - defined( __MRC__ ) || defined( __MVS__ ) || defined( __MWERKS__ ) || \ - defined( sparc ) || defined( __sparc) || defined( SYMANTEC_C ) || \ - defined( __VOS__ ) || defined( __TIGCC__ ) || defined( __TANDEM ) || \ - defined( THINK_C ) || defined( __VMCMS__ ) || defined( _AIX ) -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN - -#elif 0 /* **** EDIT HERE IF NECESSARY **** */ -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -#elif 0 /* **** EDIT HERE IF NECESSARY **** */ -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -#else -# error Please edit lines 126 or 128 in brg_endian.h to set the platform byte order -#endif - -#endif - -#endif diff --git a/src/java/kp2akeytransform/jni/aes/brg_types.h b/src/java/kp2akeytransform/jni/aes/brg_types.h deleted file mode 100644 index 5b199fcb0..000000000 --- a/src/java/kp2akeytransform/jni/aes/brg_types.h +++ /dev/null @@ -1,226 +0,0 @@ -/* - --------------------------------------------------------------------------- - Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved. - - LICENSE TERMS - - The redistribution and use of this software (with or without changes) - is allowed without the payment of fees or royalties provided that: - - 1. source code distributions include the above copyright notice, this - list of conditions and the following disclaimer; - - 2. binary distributions include the above copyright notice, this list - of conditions and the following disclaimer in their documentation; - - 3. the name of the copyright holder is not used to endorse products - built using this software without specific written permission. - - DISCLAIMER - - This software is provided 'as is' with no explicit or implied warranties - in respect of its properties, including, but not limited to, correctness - and/or fitness for purpose. - --------------------------------------------------------------------------- - Issue Date: 20/12/2007 - - The unsigned integer types defined here are of the form uint_t where - is the length of the type; for example, the unsigned 32-bit type is - 'uint_32t'. These are NOT the same as the 'C99 integer types' that are - defined in the inttypes.h and stdint.h headers since attempts to use these - types have shown that support for them is still highly variable. However, - since the latter are of the form uint_t, a regular expression search - and replace (in VC++ search on 'uint_{:z}t' and replace with 'uint\1_t') - can be used to convert the types used here to the C99 standard types. -*/ - -#ifndef _BRG_TYPES_H -#define _BRG_TYPES_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include - -#if defined( _MSC_VER ) && ( _MSC_VER >= 1300 ) -# include -# define ptrint_t intptr_t -#elif defined( __ECOS__ ) -# define intptr_t unsigned int -# define ptrint_t intptr_t -#elif defined( __GNUC__ ) && ( __GNUC__ >= 3 ) -# include -# define ptrint_t intptr_t -#else -# define ptrint_t int -#endif - -#ifndef BRG_UI8 -# define BRG_UI8 -# if UCHAR_MAX == 255u - typedef unsigned char uint_8t; -# else -# error Please define uint_8t as an 8-bit unsigned integer type in brg_types.h -# endif -#endif - -#ifndef BRG_UI16 -# define BRG_UI16 -# if USHRT_MAX == 65535u - typedef unsigned short uint_16t; -# else -# error Please define uint_16t as a 16-bit unsigned short type in brg_types.h -# endif -#endif - -#ifndef BRG_UI32 -# define BRG_UI32 -# if UINT_MAX == 4294967295u -# define li_32(h) 0x##h##u - typedef unsigned int uint_32t; -# elif ULONG_MAX == 4294967295u -# define li_32(h) 0x##h##ul - typedef unsigned long uint_32t; -# elif defined( _CRAY ) -# error This code needs 32-bit data types, which Cray machines do not provide -# else -# error Please define uint_32t as a 32-bit unsigned integer type in brg_types.h -# endif -#endif - -#ifndef BRG_UI64 -# if defined( __BORLANDC__ ) && !defined( __MSDOS__ ) -# define BRG_UI64 -# define li_64(h) 0x##h##ui64 - typedef unsigned __int64 uint_64t; -# elif defined( _MSC_VER ) && ( _MSC_VER < 1300 ) /* 1300 == VC++ 7.0 */ -# define BRG_UI64 -# define li_64(h) 0x##h##ui64 - typedef unsigned __int64 uint_64t; -# elif defined( __sun ) && defined( ULONG_MAX ) && ULONG_MAX == 0xfffffffful -# define BRG_UI64 -# define li_64(h) 0x##h##ull - typedef unsigned long long uint_64t; -# elif defined( __MVS__ ) -# define BRG_UI64 -# define li_64(h) 0x##h##ull - typedef unsigned int long long uint_64t; -# elif defined( UINT_MAX ) && UINT_MAX > 4294967295u -# if UINT_MAX == 18446744073709551615u -# define BRG_UI64 -# define li_64(h) 0x##h##u - typedef unsigned int uint_64t; -# endif -# elif defined( ULONG_MAX ) && ULONG_MAX > 4294967295u -# if ULONG_MAX == 18446744073709551615ul -# define BRG_UI64 -# define li_64(h) 0x##h##ul - typedef unsigned long uint_64t; -# endif -# elif defined( ULLONG_MAX ) && ULLONG_MAX > 4294967295u -# if ULLONG_MAX == 18446744073709551615ull -# define BRG_UI64 -# define li_64(h) 0x##h##ull - typedef unsigned long long uint_64t; -# endif -# elif defined( ULONG_LONG_MAX ) && ULONG_LONG_MAX > 4294967295u -# if ULONG_LONG_MAX == 18446744073709551615ull -# define BRG_UI64 -# define li_64(h) 0x##h##ull - typedef unsigned long long uint_64t; -# endif -# endif -#endif - -#if !defined( BRG_UI64 ) -# if defined( NEED_UINT_64T ) -# error Please define uint_64t as an unsigned 64 bit type in brg_types.h -# endif -#endif - -#ifndef RETURN_VALUES -# define RETURN_VALUES -# if defined( DLL_EXPORT ) -# if defined( _MSC_VER ) || defined ( __INTEL_COMPILER ) -# define VOID_RETURN __declspec( dllexport ) void __stdcall -# define INT_RETURN __declspec( dllexport ) int __stdcall -# elif defined( __GNUC__ ) -# define VOID_RETURN __declspec( __dllexport__ ) void -# define INT_RETURN __declspec( __dllexport__ ) int -# else -# error Use of the DLL is only available on the Microsoft, Intel and GCC compilers -# endif -# elif defined( DLL_IMPORT ) -# if defined( _MSC_VER ) || defined ( __INTEL_COMPILER ) -# define VOID_RETURN __declspec( dllimport ) void __stdcall -# define INT_RETURN __declspec( dllimport ) int __stdcall -# elif defined( __GNUC__ ) -# define VOID_RETURN __declspec( __dllimport__ ) void -# define INT_RETURN __declspec( __dllimport__ ) int -# else -# error Use of the DLL is only available on the Microsoft, Intel and GCC compilers -# endif -# elif defined( __WATCOMC__ ) -# define VOID_RETURN void __cdecl -# define INT_RETURN int __cdecl -# else -# define VOID_RETURN void -# define INT_RETURN int -# endif -#endif - -/* These defines are used to detect and set the memory alignment of pointers. - Note that offsets are in bytes. - - ALIGN_OFFSET(x,n) return the positive or zero offset of - the memory addressed by the pointer 'x' - from an address that is aligned on an - 'n' byte boundary ('n' is a power of 2) - - ALIGN_FLOOR(x,n) return a pointer that points to memory - that is aligned on an 'n' byte boundary - and is not higher than the memory address - pointed to by 'x' ('n' is a power of 2) - - ALIGN_CEIL(x,n) return a pointer that points to memory - that is aligned on an 'n' byte boundary - and is not lower than the memory address - pointed to by 'x' ('n' is a power of 2) -*/ - -#define ALIGN_OFFSET(x,n) (((ptrint_t)(x)) & ((n) - 1)) -#define ALIGN_FLOOR(x,n) ((uint_8t*)(x) - ( ((ptrint_t)(x)) & ((n) - 1))) -#define ALIGN_CEIL(x,n) ((uint_8t*)(x) + (-((ptrint_t)(x)) & ((n) - 1))) - -/* These defines are used to declare buffers in a way that allows - faster operations on longer variables to be used. In all these - defines 'size' must be a power of 2 and >= 8. NOTE that the - buffer size is in bytes but the type length is in bits - - UNIT_TYPEDEF(x,size) declares a variable 'x' of length - 'size' bits - - BUFR_TYPEDEF(x,size,bsize) declares a buffer 'x' of length 'bsize' - bytes defined as an array of variables - each of 'size' bits (bsize must be a - multiple of size / 8) - - UNIT_CAST(x,size) casts a variable to a type of - length 'size' bits - - UPTR_CAST(x,size) casts a pointer to a pointer to a - varaiable of length 'size' bits -*/ - -#define UI_TYPE(size) uint_##size##t -#define UNIT_TYPEDEF(x,size) typedef UI_TYPE(size) x -#define BUFR_TYPEDEF(x,size,bsize) typedef UI_TYPE(size) x[bsize / (size >> 3)] -#define UNIT_CAST(x,size) ((UI_TYPE(size) )(x)) -#define UPTR_CAST(x,size) ((UI_TYPE(size)*)(x)) - -#if defined(__cplusplus) -} -#endif - -#endif diff --git a/src/java/kp2akeytransform/jni/aes/rfc3686.c b/src/java/kp2akeytransform/jni/aes/rfc3686.c deleted file mode 100644 index b1ca20b08..000000000 --- a/src/java/kp2akeytransform/jni/aes/rfc3686.c +++ /dev/null @@ -1,331 +0,0 @@ - -#include -#include -#include "aes.h" - -typedef struct -{ unsigned int k_len; - unsigned int m_len; - unsigned char key[32]; - unsigned char iv[8]; - unsigned char nonce[8]; - unsigned char p_txt[36]; - unsigned char c_str[48]; - unsigned char k_str[48]; - unsigned char c_txt[36]; -} test_str; - -test_str tests[] = -{ - { 16, 16, /* Vector 1 */ - { 0xae, 0x68, 0x52, 0xf8, 0x12, 0x10, 0x67, 0xcc, - 0x4b, 0xf7, 0xa5, 0x76, 0x55, 0x77, 0xf3, 0x9e - }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }, - { 0x00, 0x00, 0x00, 0x30 - }, - /* "Single block msg" */ - { 0x53, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x20, 0x62, - 0x6c, 0x6f, 0x63, 0x6b, 0x20, 0x6d, 0x73, 0x67 - }, - { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 - }, - { 0xb7, 0x60, 0x33, 0x28, 0xdb, 0xc2, 0x93, 0x1b, - 0x41, 0x0e, 0x16, 0xc8, 0x06, 0x7e, 0x62, 0xdf - }, - { 0xe4, 0x09, 0x5d, 0x4f, 0xb7, 0xa7, 0xb3, 0x79, - 0x2d, 0x61, 0x75, 0xa3, 0x26, 0x13, 0x11, 0xb8 - } - }, - { 16, 32, /* Vector 2 */ - { 0x7e, 0x24, 0x06, 0x78, 0x17, 0xfa, 0xe0, 0xd7, - 0x43, 0xd6, 0xce, 0x1f, 0x32, 0x53, 0x91, 0x63 - }, - { 0xc0, 0x54, 0x3b, 0x59, 0xda, 0x48, 0xd9, 0x0b - }, - { 0x00, 0x6c, 0xb6, 0xdb - }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f - }, - { 0x00, 0x6c, 0xb6, 0xdb, 0xc0, 0x54, 0x3b, 0x59, - 0xda, 0x48, 0xd9, 0x0b, 0x00, 0x00, 0x00, 0x01, - 0x00, 0x6c, 0xb6, 0xdb, 0xc0, 0x54, 0x3b, 0x59, - 0xda, 0x48, 0xd9, 0x0b, 0x00, 0x00, 0x00, 0x02 - }, - { 0x51, 0x05, 0xa3, 0x05, 0x12, 0x8f, 0x74, 0xde, - 0x71, 0x04, 0x4b, 0xe5, 0x82, 0xd7, 0xdd, 0x87, - 0xfb, 0x3f, 0x0c, 0xef, 0x52, 0xcf, 0x41, 0xdf, - 0xe4, 0xff, 0x2a, 0xc4, 0x8d, 0x5c, 0xa0, 0x37 - }, - { 0x51, 0x04, 0xa1, 0x06, 0x16, 0x8a, 0x72, 0xd9, - 0x79, 0x0d, 0x41, 0xee, 0x8e, 0xda, 0xd3, 0x88, - 0xeb, 0x2e, 0x1e, 0xfc, 0x46, 0xda, 0x57, 0xc8, - 0xfc, 0xe6, 0x30, 0xdf, 0x91, 0x41, 0xbe, 0x28 - } - }, - { 16, 36, /* Vector 3 */ - { 0x76, 0x91, 0xbe, 0x03, 0x5e, 0x50, 0x20, 0xa8, - 0xac, 0x6e, 0x61, 0x85, 0x29, 0xf9, 0xa0, 0xdc - }, - { 0x27, 0x77, 0x7f, 0x3f, 0x4a, 0x17, 0x86, 0xf0 - }, - { 0x00, 0xe0, 0x01, 0x7b - }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23 - }, - { 0x00, 0xe0, 0x01, 0x7b, 0x27, 0x77, 0x7f, 0x3f, - 0x4a, 0x17, 0x86, 0xf0, 0x00, 0x00, 0x00, 0x01, - 0x00, 0xe0, 0x01, 0x7b, 0x27, 0x77, 0x7f, 0x3f, - 0x4a, 0x17, 0x86, 0xf0, 0x00, 0x00, 0x00, 0x02, - 0x00, 0xe0, 0x01, 0x7b, 0x27, 0x77, 0x7f, 0x3f, - 0x4a, 0x17, 0x86, 0xf0, 0x00, 0x00, 0x00, 0x03 - }, - { 0xc1, 0xce, 0x4a, 0xab, 0x9b, 0x2a, 0xfb, 0xde, - 0xc7, 0x4f, 0x58, 0xe2, 0xe3, 0xd6, 0x7c, 0xd8, - 0x55, 0x51, 0xb6, 0x38, 0xca, 0x78, 0x6e, 0x21, - 0xcd, 0x83, 0x46, 0xf1, 0xb2, 0xee, 0x0e, 0x4c, - 0x05, 0x93, 0x25, 0x0c, 0x17, 0x55, 0x36, 0x00, - 0xa6, 0x3d, 0xfe, 0xcf, 0x56, 0x23, 0x87, 0xe9 - }, - { 0xc1, 0xcf, 0x48, 0xa8, 0x9f, 0x2f, 0xfd, 0xd9, - 0xcf, 0x46, 0x52, 0xe9, 0xef, 0xdb, 0x72, 0xd7, - 0x45, 0x40, 0xa4, 0x2b, 0xde, 0x6d, 0x78, 0x36, - 0xd5, 0x9a, 0x5c, 0xea, 0xae, 0xf3, 0x10, 0x53, - 0x25, 0xb2, 0x07, 0x2f - } - }, - { 24, 16, /* Vector 4 */ - { 0x16, 0xaf, 0x5b, 0x14, 0x5f, 0xc9, 0xf5, 0x79, - 0xc1, 0x75, 0xf9, 0x3e, 0x3b, 0xfb, 0x0e, 0xed, - 0x86, 0x3d, 0x06, 0xcc, 0xfd, 0xb7, 0x85, 0x15 - }, - { 0x36, 0x73, 0x3c, 0x14, 0x7d, 0x6d, 0x93, 0xcb - }, - { 0x00, 0x00, 0x00, 0x48 - }, - /* "Single block msg" */ - { 0x53, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x20, 0x62, - 0x6c, 0x6f, 0x63, 0x6b, 0x20, 0x6d, 0x73, 0x67 - }, - { 0x00, 0x00, 0x00, 0x48, 0x36, 0x73, 0x3c, 0x14, - 0x7d, 0x6d, 0x93, 0xcb, 0x00, 0x00, 0x00, 0x01 - }, - { 0x18, 0x3c, 0x56, 0x28, 0x8e, 0x3c, 0xe9, 0xaa, - 0x22, 0x16, 0x56, 0xcb, 0x23, 0xa6, 0x9a, 0x4f - }, - { 0x4b, 0x55, 0x38, 0x4f, 0xe2, 0x59, 0xc9, 0xc8, - 0x4e, 0x79, 0x35, 0xa0, 0x03, 0xcb, 0xe9, 0x28 - } - }, - { 24, 32, /* Vector 5 */ - { 0x7c, 0x5c, 0xb2, 0x40, 0x1b, 0x3d, 0xc3, 0x3c, - 0x19, 0xe7, 0x34, 0x08, 0x19, 0xe0, 0xf6, 0x9c, - 0x67, 0x8c, 0x3d, 0xb8, 0xe6, 0xf6, 0xa9, 0x1a - }, - { 0x02, 0x0c, 0x6e, 0xad, 0xc2, 0xcb, 0x50, 0x0d - }, - { 0x00, 0x96, 0xb0, 0x3b - }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f - }, - { 0x00, 0x96, 0xb0, 0x3b, 0x02, 0x0c, 0x6e, 0xad, - 0xc2, 0xcb, 0x50, 0x0d, 0x00, 0x00, 0x00, 0x01, - 0x00, 0x96, 0xb0, 0x3b, 0x02, 0x0c, 0x6e, 0xad, - 0xc2, 0xcb, 0x50, 0x0d, 0x00, 0x00, 0x00, 0x02 - }, - { 0x45, 0x33, 0x41, 0xff, 0x64, 0x9e, 0x25, 0x35, - 0x76, 0xd6, 0xa0, 0xf1, 0x7d, 0x3c, 0xc3, 0x90, - 0x94, 0x81, 0x62, 0x0f, 0x4e, 0xc1, 0xb1, 0x8b, - 0xe4, 0x06, 0xfa, 0xe4, 0x5e, 0xe9, 0xe5, 0x1f - }, - { 0x45, 0x32, 0x43, 0xfc, 0x60, 0x9b, 0x23, 0x32, - 0x7e, 0xdf, 0xaa, 0xfa, 0x71, 0x31, 0xcd, 0x9f, - 0x84, 0x90, 0x70, 0x1c, 0x5a, 0xd4, 0xa7, 0x9c, - 0xfc, 0x1f, 0xe0, 0xff, 0x42, 0xf4, 0xfb, 0x00 - } - }, - { 24, 36, /* Vector 6 */ - { 0x02, 0xbf, 0x39, 0x1e, 0xe8, 0xec, 0xb1, 0x59, - 0xb9, 0x59, 0x61, 0x7b, 0x09, 0x65, 0x27, 0x9b, - 0xf5, 0x9b, 0x60, 0xa7, 0x86, 0xd3, 0xe0, 0xfe - }, - { 0x5c, 0xbd, 0x60, 0x27, 0x8d, 0xcc, 0x09, 0x12 - }, - { 0x00, 0x07, 0xbd, 0xfd - }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23 - }, - { 0x00, 0x07, 0xbd, 0xfd, 0x5c, 0xbd, 0x60, 0x27, - 0x8d, 0xcc, 0x09, 0x12, 0x00, 0x00, 0x00, 0x01, - 0x00, 0x07, 0xbd, 0xfd, 0x5c, 0xbd, 0x60, 0x27, - 0x8d, 0xcc, 0x09, 0x12, 0x00, 0x00, 0x00, 0x03, - 0x00, 0x07, 0xbd, 0xfd, 0x5c, 0xbd, 0x60, 0x27, - 0x8d, 0xcc, 0x09, 0x12, 0x00, 0x00, 0x00, 0x02 - }, - { 0x96, 0x88, 0x3d, 0xc6, 0x5a, 0x59, 0x74, 0x28, - 0x5c, 0x02, 0x77, 0xda, 0xd1, 0xfa, 0xe9, 0x57, - 0xc2, 0x99, 0xae, 0x86, 0xd2, 0x84, 0x73, 0x9f, - 0x5d, 0x2f, 0xd2, 0x0a, 0x7a, 0x32, 0x3f, 0x97, - 0x8b, 0xcf, 0x2b, 0x16, 0x39, 0x99, 0xb2, 0x26, - 0x15, 0xb4, 0x9c, 0xd4, 0xfe, 0x57, 0x39, 0x98 - }, - { 0x96, 0x89, 0x3f, 0xc5, 0x5e, 0x5c, 0x72, 0x2f, - 0x54, 0x0b, 0x7d, 0xd1, 0xdd, 0xf7, 0xe7, 0x58, - 0xd2, 0x88, 0xbc, 0x95, 0xc6, 0x91, 0x65, 0x88, - 0x45, 0x36, 0xc8, 0x11, 0x66, 0x2f, 0x21, 0x88, - 0xab, 0xee, 0x09, 0x35 - } - }, - { 32, 16, /* Vector 7 */ - { 0x77, 0x6b, 0xef, 0xf2, 0x85, 0x1d, 0xb0, 0x6f, - 0x4c, 0x8a, 0x05, 0x42, 0xc8, 0x69, 0x6f, 0x6c, - 0x6a, 0x81, 0xaf, 0x1e, 0xec, 0x96, 0xb4, 0xd3, - 0x7f, 0xc1, 0xd6, 0x89, 0xe6, 0xc1, 0xc1, 0x04 - }, - { 0xdb, 0x56, 0x72, 0xc9, 0x7a, 0xa8, 0xf0, 0xb2 - }, - { 0x00, 0x00, 0x00, 0x60 - }, - /* "Single block msg" */ - { 0x53, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x20, 0x62, - 0x6c, 0x6f, 0x63, 0x6b, 0x20, 0x6d, 0x73, 0x67 - }, - { 0x00, 0x00, 0x00, 0x60, 0xdb, 0x56, 0x72, 0xc9, - 0x7a, 0xa8, 0xf0, 0xb2, 0x00, 0x00, 0x00, 0x01 - }, - { 0x47, 0x33, 0xbe, 0x7a, 0xd3, 0xe7, 0x6e, 0xa5, - 0x3a, 0x67, 0x00, 0xb7, 0x51, 0x8e, 0x93, 0xa7 - }, - { 0x14, 0x5a, 0xd0, 0x1d, 0xbf, 0x82, 0x4e, 0xc7, - 0x56, 0x08, 0x63, 0xdc, 0x71, 0xe3, 0xe0, 0xc0 - } - }, - { 32, 32, /* Vector 8 */ - { 0xf6, 0xd6, 0x6d, 0x6b, 0xd5, 0x2d, 0x59, 0xbb, - 0x07, 0x96, 0x36, 0x58, 0x79, 0xef, 0xf8, 0x86, - 0xc6, 0x6d, 0xd5, 0x1a, 0x5b, 0x6a, 0x99, 0x74, - 0x4b, 0x50, 0x59, 0x0c, 0x87, 0xa2, 0x38, 0x84 - }, - { 0xc1, 0x58, 0x5e, 0xf1, 0x5a, 0x43, 0xd8, 0x75 - }, - { 0x00, 0xfa, 0xac, 0x24 - }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f - }, - { 0x00, 0xfa, 0xac, 0x24, 0xc1, 0x58, 0x5e, 0xf1, - 0x5a, 0x43, 0xd8, 0x75, 0x00, 0x00, 0x00, 0x01, - 0x00, 0xfa, 0xac, 0x24, 0xc1, 0x58, 0x5e, 0xf1, - 0x5a, 0x43, 0xd8, 0x75, 0x00, 0x00, 0x00, 0x02 - }, - { 0xf0, 0x5f, 0x21, 0x18, 0x3c, 0x91, 0x67, 0x2b, - 0x41, 0xe7, 0x0a, 0x00, 0x8c, 0x43, 0xbc, 0xa6, - 0xa8, 0x21, 0x79, 0x43, 0x9b, 0x96, 0x8b, 0x7d, - 0x4d, 0x29, 0x99, 0x06, 0x8f, 0x59, 0xb1, 0x03 - }, - { 0xf0, 0x5e, 0x23, 0x1b, 0x38, 0x94, 0x61, 0x2c, - 0x49, 0xee, 0x00, 0x0b, 0x80, 0x4e, 0xb2, 0xa9, - 0xb8, 0x30, 0x6b, 0x50, 0x8f, 0x83, 0x9d, 0x6a, - 0x55, 0x30, 0x83, 0x1d, 0x93, 0x44, 0xaf, 0x1c - } - }, - { 32, 36, /* Vector 9 */ - { 0xff, 0x7a, 0x61, 0x7c, 0xe6, 0x91, 0x48, 0xe4, - 0xf1, 0x72, 0x6e, 0x2f, 0x43, 0x58, 0x1d, 0xe2, - 0xaa, 0x62, 0xd9, 0xf8, 0x05, 0x53, 0x2e, 0xdf, - 0xf1, 0xee, 0xd6, 0x87, 0xfb, 0x54, 0x15, 0x3d - }, - { 0x51, 0xa5, 0x1d, 0x70, 0xa1, 0xc1, 0x11, 0x48 - }, - { 0x00, 0x1c, 0xc5, 0xb7 - }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23 - }, - { 0x00, 0x1c, 0xc5, 0xb7, 0x51, 0xa5, 0x1d, 0x70, - 0xa1, 0xc1, 0x11, 0x48, 0x00, 0x00, 0x00, 0x01, - 0x00, 0x1c, 0xc5, 0xb7, 0x51, 0xa5, 0x1d, 0x70, - 0xa1, 0xc1, 0x11, 0x48, 0x00, 0x00, 0x00, 0x02, - 0x00, 0x1c, 0xc5, 0xb7, 0x51, 0xa5, 0x1d, 0x70, - 0xa1, 0xc1, 0x11, 0x48, 0x00, 0x00, 0x00, 0x03 - }, - { 0xeb, 0x6d, 0x50, 0x81, 0x19, 0x0e, 0xbd, 0xf0, - 0xc6, 0x7c, 0x9e, 0x4d, 0x26, 0xc7, 0x41, 0xa5, - 0xa4, 0x16, 0xcd, 0x95, 0x71, 0x7c, 0xeb, 0x10, - 0xec, 0x95, 0xda, 0xae, 0x9f, 0xcb, 0x19, 0x00, - 0x3e, 0xe1, 0xc4, 0x9b, 0xc6, 0xb9, 0xca, 0x21, - 0x3f, 0x6e, 0xe2, 0x71, 0xd0, 0xa9, 0x33, 0x39 - }, - { 0xeb, 0x6c, 0x52, 0x82, 0x1d, 0x0b, 0xbb, 0xf7, - 0xce, 0x75, 0x94, 0x46, 0x2a, 0xca, 0x4f, 0xaa, - 0xb4, 0x07, 0xdf, 0x86, 0x65, 0x69, 0xfd, 0x07, - 0xf4, 0x8c, 0xc0, 0xb5, 0x83, 0xd6, 0x07, 0x1f, - 0x1e, 0xc0, 0xe6, 0xb8 - } - } -}; - -void rfc3686_inc(unsigned char ctr_buf[AES_BLOCK_SIZE]) -{ - if(!(++(ctr_buf[15]))) - if(!(++(ctr_buf[14]))) - if(!(++(ctr_buf[13]))) - ++(ctr_buf[12]); -} - -void rfc3686_init( unsigned char nonce[4], unsigned char iv[8], unsigned char ctr_buf[AES_BLOCK_SIZE]) -{ - memcpy(ctr_buf, nonce, 4); - memcpy(ctr_buf + 4, iv, 8); - memset(ctr_buf + 12, 0, 4); - rfc3686_inc(ctr_buf); -} - -AES_RETURN rfc3686_crypt(const unsigned char *ibuf, unsigned char *obuf, int len, - unsigned char *cbuf, aes_encrypt_ctx cx[1]) -{ - return aes_ctr_crypt(ibuf, obuf, len, cbuf, rfc3686_inc, cx); -} - -void rfc3686_test(void) -{ aes_encrypt_ctx aes_ctx[1]; - unsigned char ctr_buf[AES_BLOCK_SIZE]; - unsigned char obuf[36]; - unsigned int i; - - for( i = 0 ; i < sizeof(tests) / sizeof(test_str) ; ++i ) - { - aes_encrypt_key(tests[i].key, tests[i].k_len, aes_ctx); - rfc3686_init(tests[i].nonce, tests[i].iv, ctr_buf); - rfc3686_crypt(tests[i].p_txt, obuf, tests[i].m_len, ctr_buf, aes_ctx); - if(memcmp(obuf, tests[i].c_txt, tests[i].m_len) != 0) - printf("\nerror"); - } -} - -int main(void) -{ - rfc3686_test(); - return 0; -} \ No newline at end of file diff --git a/src/java/kp2akeytransform/jni/aes/tablegen.c b/src/java/kp2akeytransform/jni/aes/tablegen.c deleted file mode 100644 index 78719abba..000000000 --- a/src/java/kp2akeytransform/jni/aes/tablegen.c +++ /dev/null @@ -1,319 +0,0 @@ -/* - --------------------------------------------------------------------------- - Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved. - - LICENSE TERMS - - The redistribution and use of this software (with or without changes) - is allowed without the payment of fees or royalties provided that: - - 1. source code distributions include the above copyright notice, this - list of conditions and the following disclaimer; - - 2. binary distributions include the above copyright notice, this list - of conditions and the following disclaimer in their documentation; - - 3. the name of the copyright holder is not used to endorse products - built using this software without specific written permission. - - DISCLAIMER - - This software is provided 'as is' with no explicit or implied warranties - in respect of its properties, including, but not limited to, correctness - and/or fitness for purpose. - --------------------------------------------------------------------------- - Issue Date: 20/12/2007 -*/ - -#define DO_TABLES - -#include -#include "aesopt.h" - -#define sb_data(w) {\ - w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\ - w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\ - w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\ - w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\ - w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\ - w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\ - w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\ - w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\ - w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\ - w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\ - w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\ - w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\ - w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\ - w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\ - w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\ - w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\ - w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\ - w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\ - w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\ - w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\ - w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\ - w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\ - w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\ - w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\ - w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\ - w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\ - w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\ - w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\ - w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\ - w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\ - w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\ - w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16) } - -#define isb_data(w) {\ - w(0x52), w(0x09), w(0x6a), w(0xd5), w(0x30), w(0x36), w(0xa5), w(0x38),\ - w(0xbf), w(0x40), w(0xa3), w(0x9e), w(0x81), w(0xf3), w(0xd7), w(0xfb),\ - w(0x7c), w(0xe3), w(0x39), w(0x82), w(0x9b), w(0x2f), w(0xff), w(0x87),\ - w(0x34), w(0x8e), w(0x43), w(0x44), w(0xc4), w(0xde), w(0xe9), w(0xcb),\ - w(0x54), w(0x7b), w(0x94), w(0x32), w(0xa6), w(0xc2), w(0x23), w(0x3d),\ - w(0xee), w(0x4c), w(0x95), w(0x0b), w(0x42), w(0xfa), w(0xc3), w(0x4e),\ - w(0x08), w(0x2e), w(0xa1), w(0x66), w(0x28), w(0xd9), w(0x24), w(0xb2),\ - w(0x76), w(0x5b), w(0xa2), w(0x49), w(0x6d), w(0x8b), w(0xd1), w(0x25),\ - w(0x72), w(0xf8), w(0xf6), w(0x64), w(0x86), w(0x68), w(0x98), w(0x16),\ - w(0xd4), w(0xa4), w(0x5c), w(0xcc), w(0x5d), w(0x65), w(0xb6), w(0x92),\ - w(0x6c), w(0x70), w(0x48), w(0x50), w(0xfd), w(0xed), w(0xb9), w(0xda),\ - w(0x5e), w(0x15), w(0x46), w(0x57), w(0xa7), w(0x8d), w(0x9d), w(0x84),\ - w(0x90), w(0xd8), w(0xab), w(0x00), w(0x8c), w(0xbc), w(0xd3), w(0x0a),\ - w(0xf7), w(0xe4), w(0x58), w(0x05), w(0xb8), w(0xb3), w(0x45), w(0x06),\ - w(0xd0), w(0x2c), w(0x1e), w(0x8f), w(0xca), w(0x3f), w(0x0f), w(0x02),\ - w(0xc1), w(0xaf), w(0xbd), w(0x03), w(0x01), w(0x13), w(0x8a), w(0x6b),\ - w(0x3a), w(0x91), w(0x11), w(0x41), w(0x4f), w(0x67), w(0xdc), w(0xea),\ - w(0x97), w(0xf2), w(0xcf), w(0xce), w(0xf0), w(0xb4), w(0xe6), w(0x73),\ - w(0x96), w(0xac), w(0x74), w(0x22), w(0xe7), w(0xad), w(0x35), w(0x85),\ - w(0xe2), w(0xf9), w(0x37), w(0xe8), w(0x1c), w(0x75), w(0xdf), w(0x6e),\ - w(0x47), w(0xf1), w(0x1a), w(0x71), w(0x1d), w(0x29), w(0xc5), w(0x89),\ - w(0x6f), w(0xb7), w(0x62), w(0x0e), w(0xaa), w(0x18), w(0xbe), w(0x1b),\ - w(0xfc), w(0x56), w(0x3e), w(0x4b), w(0xc6), w(0xd2), w(0x79), w(0x20),\ - w(0x9a), w(0xdb), w(0xc0), w(0xfe), w(0x78), w(0xcd), w(0x5a), w(0xf4),\ - w(0x1f), w(0xdd), w(0xa8), w(0x33), w(0x88), w(0x07), w(0xc7), w(0x31),\ - w(0xb1), w(0x12), w(0x10), w(0x59), w(0x27), w(0x80), w(0xec), w(0x5f),\ - w(0x60), w(0x51), w(0x7f), w(0xa9), w(0x19), w(0xb5), w(0x4a), w(0x0d),\ - w(0x2d), w(0xe5), w(0x7a), w(0x9f), w(0x93), w(0xc9), w(0x9c), w(0xef),\ - w(0xa0), w(0xe0), w(0x3b), w(0x4d), w(0xae), w(0x2a), w(0xf5), w(0xb0),\ - w(0xc8), w(0xeb), w(0xbb), w(0x3c), w(0x83), w(0x53), w(0x99), w(0x61),\ - w(0x17), w(0x2b), w(0x04), w(0x7e), w(0xba), w(0x77), w(0xd6), w(0x26),\ - w(0xe1), w(0x69), w(0x14), w(0x63), w(0x55), w(0x21), w(0x0c), w(0x7d) } - -#define mm_data(w) {\ - w(0x00), w(0x01), w(0x02), w(0x03), w(0x04), w(0x05), w(0x06), w(0x07),\ - w(0x08), w(0x09), w(0x0a), w(0x0b), w(0x0c), w(0x0d), w(0x0e), w(0x0f),\ - w(0x10), w(0x11), w(0x12), w(0x13), w(0x14), w(0x15), w(0x16), w(0x17),\ - w(0x18), w(0x19), w(0x1a), w(0x1b), w(0x1c), w(0x1d), w(0x1e), w(0x1f),\ - w(0x20), w(0x21), w(0x22), w(0x23), w(0x24), w(0x25), w(0x26), w(0x27),\ - w(0x28), w(0x29), w(0x2a), w(0x2b), w(0x2c), w(0x2d), w(0x2e), w(0x2f),\ - w(0x30), w(0x31), w(0x32), w(0x33), w(0x34), w(0x35), w(0x36), w(0x37),\ - w(0x38), w(0x39), w(0x3a), w(0x3b), w(0x3c), w(0x3d), w(0x3e), w(0x3f),\ - w(0x40), w(0x41), w(0x42), w(0x43), w(0x44), w(0x45), w(0x46), w(0x47),\ - w(0x48), w(0x49), w(0x4a), w(0x4b), w(0x4c), w(0x4d), w(0x4e), w(0x4f),\ - w(0x50), w(0x51), w(0x52), w(0x53), w(0x54), w(0x55), w(0x56), w(0x57),\ - w(0x58), w(0x59), w(0x5a), w(0x5b), w(0x5c), w(0x5d), w(0x5e), w(0x5f),\ - w(0x60), w(0x61), w(0x62), w(0x63), w(0x64), w(0x65), w(0x66), w(0x67),\ - w(0x68), w(0x69), w(0x6a), w(0x6b), w(0x6c), w(0x6d), w(0x6e), w(0x6f),\ - w(0x70), w(0x71), w(0x72), w(0x73), w(0x74), w(0x75), w(0x76), w(0x77),\ - w(0x78), w(0x79), w(0x7a), w(0x7b), w(0x7c), w(0x7d), w(0x7e), w(0x7f),\ - w(0x80), w(0x81), w(0x82), w(0x83), w(0x84), w(0x85), w(0x86), w(0x87),\ - w(0x88), w(0x89), w(0x8a), w(0x8b), w(0x8c), w(0x8d), w(0x8e), w(0x8f),\ - w(0x90), w(0x91), w(0x92), w(0x93), w(0x94), w(0x95), w(0x96), w(0x97),\ - w(0x98), w(0x99), w(0x9a), w(0x9b), w(0x9c), w(0x9d), w(0x9e), w(0x9f),\ - w(0xa0), w(0xa1), w(0xa2), w(0xa3), w(0xa4), w(0xa5), w(0xa6), w(0xa7),\ - w(0xa8), w(0xa9), w(0xaa), w(0xab), w(0xac), w(0xad), w(0xae), w(0xaf),\ - w(0xb0), w(0xb1), w(0xb2), w(0xb3), w(0xb4), w(0xb5), w(0xb6), w(0xb7),\ - w(0xb8), w(0xb9), w(0xba), w(0xbb), w(0xbc), w(0xbd), w(0xbe), w(0xbf),\ - w(0xc0), w(0xc1), w(0xc2), w(0xc3), w(0xc4), w(0xc5), w(0xc6), w(0xc7),\ - w(0xc8), w(0xc9), w(0xca), w(0xcb), w(0xcc), w(0xcd), w(0xce), w(0xcf),\ - w(0xd0), w(0xd1), w(0xd2), w(0xd3), w(0xd4), w(0xd5), w(0xd6), w(0xd7),\ - w(0xd8), w(0xd9), w(0xda), w(0xdb), w(0xdc), w(0xdd), w(0xde), w(0xdf),\ - w(0xe0), w(0xe1), w(0xe2), w(0xe3), w(0xe4), w(0xe5), w(0xe6), w(0xe7),\ - w(0xe8), w(0xe9), w(0xea), w(0xeb), w(0xec), w(0xed), w(0xee), w(0xef),\ - w(0xf0), w(0xf1), w(0xf2), w(0xf3), w(0xf4), w(0xf5), w(0xf6), w(0xf7),\ - w(0xf8), w(0xf9), w(0xfa), w(0xfb), w(0xfc), w(0xfd), w(0xfe), w(0xff) } - -#define rc_data(w) {\ - w(0x01), w(0x02), w(0x04), w(0x08), w(0x10),w(0x20), w(0x40), w(0x80),\ - w(0x1b), w(0x36) } - -#define h0(x) (x) - -#define w0(p) bytes2word(p, 0, 0, 0) -#define w1(p) bytes2word(0, p, 0, 0) -#define w2(p) bytes2word(0, 0, p, 0) -#define w3(p) bytes2word(0, 0, 0, p) - -#define u0(p) bytes2word(f2(p), p, p, f3(p)) -#define u1(p) bytes2word(f3(p), f2(p), p, p) -#define u2(p) bytes2word(p, f3(p), f2(p), p) -#define u3(p) bytes2word(p, p, f3(p), f2(p)) - -#define v0(p) bytes2word(fe(p), f9(p), fd(p), fb(p)) -#define v1(p) bytes2word(fb(p), fe(p), f9(p), fd(p)) -#define v2(p) bytes2word(fd(p), fb(p), fe(p), f9(p)) -#define v3(p) bytes2word(f9(p), fd(p), fb(p), fe(p)) - -#define f2(x) ((x<<1) ^ (((x>>7) & 1) * WPOLY)) -#define f4(x) ((x<<2) ^ (((x>>6) & 1) * WPOLY) ^ (((x>>6) & 2) * WPOLY)) -#define f8(x) ((x<<3) ^ (((x>>5) & 1) * WPOLY) ^ (((x>>5) & 2) * WPOLY) \ - ^ (((x>>5) & 4) * WPOLY)) -#define f3(x) (f2(x) ^ x) -#define f9(x) (f8(x) ^ x) -#define fb(x) (f8(x) ^ f2(x) ^ x) -#define fd(x) (f8(x) ^ f4(x) ^ x) -#define fe(x) (f8(x) ^ f4(x) ^ f2(x)) - -#include "aestab.h" - -#define t_parm(m,n) "t_"#m#n, t_##m##n - -void rtab(FILE *f, unsigned char *h, const unsigned int t[RC_LENGTH]) -{ int i; - - fprintf(f, "\nuint_32t %s[RC_LENGTH] = \n{", h); - - for(i = 0; i < RC_LENGTH; ++i) - { - if(i % 4 == 0) - fprintf(f, "\n "); - if(i != RC_LENGTH - 1) - fprintf(f, "0x%08x, ", t[i]); - else - fprintf(f, "0x%08x ", t[i]); - } - - fprintf(f, "\n};\n"); -} - -void btab_1(FILE *f, unsigned char *h, const unsigned char t[256]) -{ int i; - - fprintf(f, "\nuint_8t %s[256] = \n{", h); - - for(i = 0; i < 256; ++i) - { - if(i % 8 == 0) - fprintf(f, "\n "); - if(i != 255) - fprintf(f, "0x%02x, ", t[i]); - else - fprintf(f, "0x%02x ", t[i]); - } - - fprintf(f, "\n};\n"); -} - -void wtab_1(FILE *f, unsigned char *h, const unsigned int t[256]) -{ int i; - - fprintf(f, "\nuint_32t %s[256] = \n{", h); - - for(i = 0; i < 256; ++i) - { - if(i % 4 == 0) - fprintf(f, "\n "); - if(i != 255) - fprintf(f, "0x%08x, ", t[i]); - else - fprintf(f, "0x%08x ", t[i]); - } - - fprintf(f, "\n};\n"); -} - -void wtab_4(FILE *f, unsigned char *h, const unsigned int t[4][256]) -{ int i, j; - - fprintf(f, "\nuint_32t %s[4][256] = \n{", h); - - for(i = 0; i < 4; ++i) - { - fprintf(f, "\n {"); - - for(j = 0; j < 256; ++j) - { - if(j % 4 == 0) - fprintf(f, "\n "); - if(j != 255) - fprintf(f, "0x%08x, ", t[i][j]); - else - fprintf(f, "0x%08x ", t[i][j]); - } - - if(i != 3) - fprintf(f, "\n },"); - else - fprintf(f, "\n }"); - } - - fprintf(f, "\n};\n"); -} - -int main(void) -{ FILE *f; - - f = fopen("aestab2.c", "w"); - - fprintf(f, "\n#include \"aes.h\"\n"); - fprintf(f, "\n#define RC_LENGTH (5 * (AES_BLOCK_SIZE / 4 - 2))\n"); - fprintf(f, "\nvoid aes_init() \n{ \n}\n"); - - rtab(f, t_parm(r,c)); - -#if defined( SBX_SET ) - btab_1(f, t_parm(s,box)); -#endif - -#if defined( ISB_SET ) - btab_1(f, t_parm(i,box)); -#endif - -#if defined( FT1_SET ) - wtab_1(f, t_parm(f,n)); -#endif -#if defined( FT4_SET ) - wtab_4(f, t_parm(f,n)); -#endif - -#if defined( FL1_SET ) - wtab_1(f, t_parm(f,l)); -#endif -#if defined( FL4_SET ) - wtab_4(f, t_parm(f,l)); -#endif - -#if defined( IT1_SET ) - wtab_1(f, t_parm(i,n)); -#endif -#if defined( IT4_SET ) - wtab_4(f, t_parm(i,n)); -#endif - -#if defined( IL1_SET ) - wtab_1(f, t_parm(i,l)); -#endif -#if defined( IL4_SET ) - wtab_4(f, t_parm(i,l)); -#endif - -#if defined( LS1_SET ) -#if !defined( FL1_SET ) - wtab_1(f, t_parm(l,s)); -#endif -#endif -#if defined( LS4_SET ) -#if !defined( FL4_SET ) - wtab_4(f, t_parm(l,s)); -#endif -#endif - -#if defined( IM1_SET ) - wtab_1(f, t_parm(i,m)); -#endif -#if defined( IM4_SET ) - wtab_4(f, t_parm(i,m)); -#endif - - fclose(f); - return 0; -} diff --git a/src/java/kp2akeytransform/jni/aes/vb.txt b/src/java/kp2akeytransform/jni/aes/vb.txt deleted file mode 100644 index c5a365b40..000000000 --- a/src/java/kp2akeytransform/jni/aes/vb.txt +++ /dev/null @@ -1,263 +0,0 @@ - -Private Const BlockLength = 16 ' maximum block length in bytes -Private Const BlockLengthMax = 32 ' maximum block length in bytes -Private Const KeyLengthMax = 32 ' maximum block length in bytes -Private Const KeyScheduleLengthMax = 64 ' maximum key schedule length in bytes - -Private Type EncCtx ' type to hold the AES encryption context data - Ekey(0 To KeyScheduleLengthMax - 1) As Long -End Type - -Private Type DecCtx ' type to hold the AES decryption context data - Ekey(0 To KeyScheduleLengthMax - 1) As Long -End Type - -Private Type Key ' type to hold user key data - K(0 To KeyLengthMax - 1) As Byte -End Type - -Private Type InOut ' type to hold cipher input and output blocks - IO(0 To BlockLength - 1) As Byte -End Type - -Private Type BigInOut ' type to hold cipher input and output blocks - IO(0 To 128 * BlockLength - 1) As Byte -End Type - -Rem Change "c:\temp\" in the following lines to the directory path where the AES DLL is located -Private Declare Function AesEncryptKey128 Lib "c:\temp\aes.dll" _ - Alias "_aes_encrypt_key128@8" (K As Key, C As EncCtx) As Integer -Private Declare Function AesEncryptKey192 Lib "c:\temp\aes.dll" _ - Alias "_aes_encrypt_key192@8" (K As Key, C As EncCtx) As Integer -Private Declare Function AesEncryptKey256 Lib "c:\temp\aes.dll" _ - Alias "_aes_encrypt_key256@8" (K As Key, C As EncCtx) As Integer -Private Declare Function AesEncryptKey Lib "c:\temp\aes.dll" _ - Alias "_aes_encrypt_key@12" (K As Key, ByVal N As Integer, C As EncCtx) As Integer -Private Declare Function AesEncrypt Lib "c:\temp\aes.dll" _ - Alias "_aes_encrypt@12" (Ib As InOut, Ob As InOut, C As EncCtx) As Integer -Private Declare Function AesDecryptKey128 Lib "c:\temp\aes.dll" _ - Alias "_aes_decrypt_key128@8" (K As Key, C As DecCtx) As Integer -Private Declare Function AesDecryptKey192 Lib "c:\temp\aes.dll" _ - Alias "_aes_decrypt_key192@8" (K As Key, C As DecCtx) As Integer -Private Declare Function AesDecryptKey256 Lib "c:\temp\aes.dll" _ - Alias "_aes_decrypt_key256@8" (K As Key, C As DecCtx) As Integer -Private Declare Function AesDecryptKey Lib "c:\temp\aes.dll" _ - Alias "_aes_decrypt_key@12" (K As Key, ByVal N As Long, C As DecCtx) As Integer -Private Declare Function AesDecrypt Lib "c:\temp\aes.dll" _ - Alias "_aes_decrypt@12" (Ib As InOut, Ob As InOut, C As DecCtx) As Integer - -Private Declare Function AesModeReset Lib "c:\temp\aes.dll" Alias "_aes_mode_reset@4" _ - (C As EncCtx) As Integer -Private Declare Function AesEcbEncrypt Lib "c:\temp\aes.dll" Alias "_aes_ecb_encrypt@16" _ - (Ib As BigInOut, Ob As BigInOut, ByVal N As Long, C As EncCtx) As Integer -Private Declare Function AesEcbDecrypt Lib "c:\temp\aes.dll" Alias "_aes_ecb_decrypt@16" _ - (Ib As BigInOut, Ob As BigInOut, ByVal N As Long, C As DecCtx) As Integer -Private Declare Function AesCbcEncrypt Lib "c:\temp\aes.dll" Alias "_aes_cbc_encrypt@20" _ - (Ib As BigInOut, Ob As BigInOut, ByVal N As Long, Iv As InOut, C As EncCtx) As Integer -Private Declare Function AesCbcDecrypt Lib "c:\temp\aes.dll" Alias "_aes_cbc_decrypt@20" _ - (Ib As BigInOut, Ob As BigInOut, ByVal N As Long, Iv As InOut, C As DecCtx) As Integer -Private Declare Function AesCfbEncrypt Lib "c:\temp\aes.dll" Alias "_aes_cfb_encrypt@20" _ - (Ib As BigInOut, Ob As BigInOut, ByVal N As Long, Iv As InOut, C As EncCtx) As Integer -Private Declare Function AesCfbDecrypt Lib "c:\temp\aes.dll" Alias "_aes_cfb_decrypt@20" _ - (Ib As BigInOut, Ob As BigInOut, ByVal N As Long, Iv As InOut, C As EncCtx) As Integer -Private Declare Function AesOfbCrypt Lib "c:\temp\aes.dll" Alias "_aes_ofb_crypt@20" _ - (Ib As BigInOut, Ob As BigInOut, ByVal N As Long, Iv As InOut, C As EncCtx) As Integer -Private Declare Function AesCtrCrypt Lib "c:\temp\aes.dll" Alias "_aes_ctr_crypt@24" _ - (Ib As BigInOut, Ob As BigInOut, ByVal N As Long, Iv As InOut, ByVal CtrFn As Long, C As EncCtx) As Integer - -Private Sub Hex(X As Byte) ' output a byte in hexadecimal format -Dim H As Byte -H = Int(X / 16) -If H < 10 Then Debug.Print Chr(48 + H); Else Debug.Print Chr(87 + H); -H = Int(X Mod 16) -If H < 10 Then Debug.Print Chr(48 + H); Else Debug.Print Chr(87 + H); -End Sub - -Private Sub OutKey(S As String, B As Key, ByVal KeyL As Integer) ' display a key value -Debug.Print: Debug.Print S; -For i = 0 To KeyL - 1 - Hex B.K(i) -Next i -End Sub - -Private Sub OutBlock(S As String, B As InOut) ' display an input/output block -Debug.Print: Debug.Print S; -For i = 0 To BlockLength - 1 - Hex B.IO(i) -Next i -End Sub - -Private Sub OutBigBlock(S As String, B As BigInOut) ' display an input/output block -Debug.Print: Debug.Print S; -For i = 0 To BlockLength - 1 - Hex B.IO(i) -Next i -Debug.Print " ... "; -For i = 127 * BlockLength To 128 * BlockLength - 1 - Hex B.IO(i) -Next i -End Sub - -Private Sub CtrInc(Ctr As InOut) - Ctr.IO(0) = Ctr.IO(0) + 1 - If (Ctr.IO(0) = 0) Then - Ctr.IO(1) = Ctr.IO(1) + 1 - If (Ctr.IO(1) = 0) Then - Ctr.IO(2) = Ctr.IO(2) + 1 - If (Ctr.IO(3) = 0) Then - Ctr.IO(3) = Ctr.IO(3) + 1 - End If - End If - End If -End Sub - -Rem The following Main routine should output the following in the immediate window: -Rem Variable Key Length ( 16 ) -Rem Key = 00000000000000000000000000000000 -Rem Input = 00000000000000000000000000000000 -Rem Encrypted Text = 66e94bd4ef8a2c3b884cfa59ca342b2e -Rem Decrypted Text = 00000000000000000000000000000000 -Rem Variable Key Length ( 24 ) -Rem Key = 000000000000000000000000000000000000000000000000 -Rem Input = 00000000000000000000000000000000 -Rem Encrypted Text = aae06992acbf52a3e8f4a96ec9300bd7 -Rem Decrypted Text = 00000000000000000000000000000000 -Rem Variable Key Length ( 32 ) -Rem Key = 0000000000000000000000000000000000000000000000000000000000000000 -Rem Input = 00000000000000000000000000000000 -Rem Encrypted Text = dc95c078a2408989ad48a21492842087 -Rem Decrypted Text = 00000000000000000000000000000000 -Rem Fixed Key Length ( 128 ) -Rem Key = 00000000000000000000000000000000 -Rem Input = 00000000000000000000000000000000 -Rem Encrypted Text = 66e94bd4ef8a2c3b884cfa59ca342b2e -Rem Decrypted Text = 00000000000000000000000000000000 -Rem Fixed Key Length ( 192 ) -Rem Key = 000000000000000000000000000000000000000000000000 -Rem Input = 00000000000000000000000000000000 -Rem Encrypted Text = aae06992acbf52a3e8f4a96ec9300bd7 -Rem Decrypted Text = 00000000000000000000000000000000 -Rem Fixed Key Length ( 256 ) -Rem Key = 0000000000000000000000000000000000000000000000000000000000000000 -Rem Input = 00000000000000000000000000000000 -Rem Encrypted Text = dc95c078a2408989ad48a21492842087 -Rem Decrypted Text = 00000000000000000000000000000000 - -Sub Main() -Dim Key As Key ' all these variables are initialised -Dim Ib As InOut, Ob As InOut, Rb As InOut ' to zero by VBA -Dim Iv1 As InOut, Iv2 As InOut -Dim Ecx As EncCtx -Dim Dcx As DecCtx -Dim RetVal As Integer - -For KeyL = 16 To 32 Step 8 -Debug.Print "Variable Key Length ("; KeyL; ")"; -OutKey "Key = ", Key, KeyL -OutBlock "Input = ", Ib -RetVal = AesEncryptKey(Key, KeyL, Ecx) ' set an all zero encryption key -RetVal = AesEncrypt(Ib, Ob, Ecx) ' encrypt Ib to Ob -OutBlock "Encrypted Text = ", Ob -RetVal = AesDecryptKey(Key, KeyL, Dcx) ' set an all zero decryption key -RetVal = AesDecrypt(Ob, Rb, Dcx) ' decrypt Ob to Rb -OutBlock "Decrypted Text = ", Rb -Debug.Print -Next KeyL - -Debug.Print -KeyL = 128: Debug.Print "Fixed Key Length ("; KeyL; ")"; -OutKey "Key = ", Key, 16 -OutBlock "Input = ", Ib -RetVal = AesEncryptKey128(Key, Ecx) ' set an all zero encryption key -RetVal = AesEncrypt(Ib, Ob, Ecx) ' encrypt Ib to Ob -OutBlock "Encrypted Text = ", Ob -RetVal = AesDecryptKey128(Key, Dcx) ' set an all zero decryption key -RetVal = AesDecrypt(Ob, Rb, Dcx) ' decrypt Ob to Rb -OutBlock "Decrypted Text = ", Rb -Debug.Print - -Debug.Print -KeyL = 192: Debug.Print "Fixed Key Length ("; KeyL; ")"; -OutKey "Key = ", Key, 24 -OutBlock "Input = ", Ib -RetVal = AesEncryptKey192(Key, Ecx) ' set an all zero encryption key -RetVal = AesEncrypt(Ib, Ob, Ecx) ' encrypt Ib to Ob -OutBlock "Encrypted Text = ", Ob -RetVal = AesDecryptKey192(Key, Dcx) ' set an all zero decryption key -RetVal = AesDecrypt(Ob, Rb, Dcx) ' decrypt Ob to Rb -OutBlock "Decrypted Text = ", Rb -Debug.Print - -Debug.Print -KeyL = 256: Debug.Print "Fixed Key Length ("; KeyL; ")"; -OutKey "Key = ", Key, 32 -OutBlock "Input = ", Ib -RetVal = AesEncryptKey256(Key, Ecx) ' set an all zero encryption key -RetVal = AesEncrypt(Ib, Ob, Ecx) ' encrypt Ib to Ob -OutBlock "Encrypted Text = ", Ob -RetVal = AesDecryptKey256(Key, Dcx) ' set an all zero decryption key -RetVal = AesDecrypt(Ob, Rb, Dcx) ' decrypt Ob to Rb -OutBlock "Decrypted Text = ", Rb -Debug.Print - -Debug.Print -KeyL = 128: Debug.Print "Fixed Key Length ("; KeyL; ")"; -OutKey "Key = ", Key, 16 -OutBlock "Input = ", Ib -RetVal = AesEncryptKey128(Key, Ecx) ' set an all zero encryption key -OutBlock "Encrypted Text = ", Ob -RetVal = AesDecryptKey128(Key, Dcx) ' set an all zero decryption key -OutBlock "Decrypted Text = ", Rb -Debug.Print - -Debug.Print -KeyL = 128: Debug.Print "Fixed Key Length ("; KeyL; ")"; -OutKey "Key = ", Key, 16 -RetVal = AesEncryptKey128(Key, Ecx) ' set an all zero encryption key -RetVal = AesDecryptKey128(Key, Dcx) ' set an all zero decryption key -Dim Pt1 As BigInOut, Pt2 As BigInOut, Ct As BigInOut - -For i = 0 To 128 * BlockLength - 1 - Pt1.IO(i) = i Mod 256 -Next i - -OutBigBlock "ECB Input = ", Pt1 -RetVal = AesEcbEncrypt(Pt1, Ct, 128 * BlockLength, Ecx) -OutBigBlock "Encrypted Text = ", Ct -RetVal = AesEcbDecrypt(Ct, Pt2, 128 * BlockLength, Dcx) -OutBigBlock "Decrypted Text = ", Pt2 -Debug.Print - -OutBigBlock "CBC Mode Input = ", Pt1 -RetVal = AesCbcEncrypt(Pt1, Ct, 128 * BlockLength, Iv1, Ecx) -OutBigBlock "Encrypted Text = ", Ct -RetVal = AesCbcDecrypt(Ct, Pt2, 128 * BlockLength, Iv2, Dcx) -OutBigBlock "Decrypted Text = ", Pt2 -Debug.Print - -OutBigBlock "CFB Mode Input = ", Pt1 -RetVal = AesCfbEncrypt(Pt1, Ct, 128 * BlockLength, Iv1, Ecx) -OutBigBlock "Encrypted Text = ", Ct -RetVal = AesCfbDecrypt(Ct, Pt2, 128 * BlockLength, Iv2, Ecx) -OutBigBlock "Decrypted Text = ", Pt2 -Debug.Print - -OutBigBlock "OFB Mode Input = ", Pt1 -RetVal = AesOfbCrypt(Pt1, Ct, 128 * BlockLength, Iv1, Ecx) -OutBigBlock "Encrypted Text = ", Ct -RetVal = AesOfbCrypt(Ct, Pt2, 128 * BlockLength, Iv2, Ecx) -OutBigBlock "Decrypted Text = ", Pt2 -Debug.Print - -#If False Then -Rem CTR Mode is not working because of a problem with the 'AddressOf' operator -OutBigBlock "CTR Mode Input = ", Pt1 -RetVal = AesCtrCrypt(Pt1, Ct, 128 * BlockLength, Iv1, AddressOf CtrInc, Ecx) -OutBigBlock "Encrypted Text = ", Ct -RetVal = AesCtrCrypt(Ct, Pt2, 128 * BlockLength, Iv2, AddressOf CtrInc, Ecx) -OutBigBlock "Decrypted Text = ", Pt2 -Debug.Print -#End If - -Debug.Print -End Sub diff --git a/src/java/kp2akeytransform/jni/aes/vbaxam.doc b/src/java/kp2akeytransform/jni/aes/vbaxam.doc deleted file mode 100644 index c3461ff80..000000000 Binary files a/src/java/kp2akeytransform/jni/aes/vbaxam.doc and /dev/null differ diff --git a/src/java/kp2akeytransform/jni/aes/via_ace.txt b/src/java/kp2akeytransform/jni/aes/via_ace.txt deleted file mode 100644 index 55c802ecc..000000000 --- a/src/java/kp2akeytransform/jni/aes/via_ace.txt +++ /dev/null @@ -1,158 +0,0 @@ - -Support for the VIA Nehemiah Advanced Cryptography Engine (ACE) ---------------------------------------------------------------- - -A. Introduction - -The AES code now supports the VIA ACE engine. The engine is invoked by the -multiple block AES modes calls in aes_modes.c and not by the basic AES code. - -The define USE_VIA_ACE_IF_PRESENT is defined if VIA ACE detection and use is -required with fallback to the normal AES code if it is not present. - -The define ASSUME_VIA_ACE_PRESENT is used when it is known that the VIA ACE -engine will always be present. Note, however, that this code will not work -correctly if the VIA ACE engine is either not present or turned off. - -To enable ACE support the appropriate defines in section 2 of the options in -aesopt.h must be set. If ACE support is required then key scheduling must -use the C code so only the generic C code in Win32 mode, ASM_X86_V1C and -ASM_X86_V2C assembler code can be used (i.e ASM_X86_V2 and ASM_AMD64_C do -NOT support VIA ACE). - -B. Using ACE - -ACE is used in the code that implements the subroutines used for the multiple -block AES modes defined in aes_modes.h: - - // used to reset modes to their start point without entering a new key - AES_RETURN aes_mode_reset(aes_encrypt_ctx cx[1]); - - AES_RETURN aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, const aes_encrypt_ctx cx[1]); - - AES_RETURN aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, const aes_decrypt_ctx cx[1]); - - AES_RETURN aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, const aes_encrypt_ctx cx[1]); - - AES_RETURN aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, const aes_decrypt_ctx cx[1]); - - AES_RETURN aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, aes_encrypt_ctx cx[1]); - - AES_RETURN aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, aes_encrypt_ctx cx[1]); - - #define aes_ofb_encrypt aes_ofb_crypt - #define aes_ofb_decrypt aes_ofb_crypt - - AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *iv, aes_encrypt_ctx cx[1]); - - typedef void cbuf_inc(unsigned char *cbuf); - - #define aes_ctr_encrypt aes_ctr_crypt - #define aes_ctr_decrypt aes_ctr_crypt - - AES_RETURN aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf, - int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx cx[1]); - -Note that the single block AES calls defined in aes.h: - - AES_RETURN aes_encrypt(const unsigned char *in, unsigned char *out, - const aes_encrypt_ctx cx[1]); - - AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out, - const aes_decrypt_ctx cx[1]); - -do NOT provide ACE support and should not be used if the ACE engine is -available and ACE support is required. - -C. Constraints and Optimisation - -There are several constraints that have to be observed when ACE is used if -the best performance is to be achieved: - -1. As usual the appropriate key set up subroutine must be called before any - of the above subroutines are used. - -2. The AES contexts - aes_encryption_ctx and aes_decryption_ctx - used with - these subroutines MUST be 16 byte aligned. Failure to align AES contexts - will often cause memory alignment exceptions. - -3. The buffers used for inputs, outputs and IVs do not need to be 16 byte - aligned but the speed that is achieved will be much higher if this can be - arranged. In a flat address space (as now typical in 32-bit systems) this - means that: (a) that the lower nibble of all buffer addresses must be - zero, and (b) the compiler used must arrange to load the data and stack - segments on 16 byte address boundaries. The Microsoft VC++ compiler can - align all variables in this way (see the example macros for doing this in - aes_via_ace.txt). However it seems that the GCC compiler will only do this - for static global variables but not for variables placed on the stack, that - is local variables. - -4. The data length in bytes (len) in calls to the ECB and CBC subroutines - must be a multiple of the 16 byte block length. An error return will - occur if this is not so. - -5. The data length in all calls to the CFB, OFB and CTR subroutines must also - be a multiple of 16 bytes if the VIA ACE engine is to be used. Otherwise - these lengths can be of any value but the subroutines will only proceed at - full speed for lengths that are multiples of 16 bytes. The CFB, OFB and - CTR subroutines are incremental, with subsequent calls continuing from - where previous calls finished. The subroutine aes_mode_reset() can be used - to restart a mode without a key change but is not needed after a new key is - entered. Such a reset is not needed when the data lengths in all individual - calls to the AES mode subroutines are multiples of 16 bytes. - -6. Note that the AES context contains mode details so only one type of mode - can be run from a context at any one time. A reset is necessary if a new - mode is used without a new context or a new key. - -D. Expected Speeds - -The speeds that have been obtained using a 1.2 GHz VIA C3 processor with -this code are given below (note that since CTR mode is not available in -the VIA hardware it is not present in the aligned timing figures): - -AES Timing (Cycles/Byte) with the VIA ACE Engine (aligned in C) -Mode Blocks: 1 10 100 1000 Peak Throughput -ecb encrypt 8.25 1.36 0.69 0.63 1.9 Gbytes/second -ecb decrypt 8.75 1.41 0.70 0.64 1.9 Gbytes/second -cbc encrypt 11.56 2.41 1.47 1.38 870 Mbytes/second -cbc decrypt 12.37 2.38 1.47 1.38 870 Mbytes/second -cfb encrypt 11.93 2.46 1.48 1.38 870 Mbytes/second -cfb decrypt 12.18 2.36 1.47 1.38 870 Mbytes/second -ofb encrypt 13.31 3.88 2.92 2.82 425 Mbytes/second -ofb decrypt 13.31 3.88 2.92 2.82 425 Mbytes/second - -AES Timing (Cycles/Byte) with the VIA ACE Engine (unaligned in C) -Mode Blocks: 1 10 100 1000 Peak Throughput -ecb encrypt 17.68 4.31 3.15 3.05 390 Mbytes/second -ecb decrypt 18.12 4.36 3.17 3.06 390 Mbytes/second -cbc encrypt 20.68 5.70 4.39 4.27 280 Mbytes/second -cbc decrypt 21.87 5.75 4.34 4.21 285 Mbytes/second -cfb encrypt 21.06 5.81 4.43 4.31 280 Mbytes/second -cfb decrypt 21.37 5.72 4.36 4.24 285 Mbytes/second -ofb encrypt 22.43 7.23 5.85 5.72 210 Mbytes/second -ofb decrypt 22.43 7.34 5.86 5.73 210 Mbytes/second -ctr encrypt 16.43 6.90 6.00 5.89 205 Mbytes/second -ctr decrypt 16.43 6.90 6.00 5.89 205 Mbytes/second - -AES Timing (Cycles/Byte) with the VIA ACE Engine (unaligned assembler) -Mode Blocks: 1 10 100 1000 Peak Throughput -ecb encrypt 11.87 2.89 1.91 1.83 660 Mbytes/second -ecb decrypt 12.18 2.83 1.97 1.87 640 Mbytes/second -cbc encrypt 14.87 4.13 3.11 3.01 400 Mbytes/second -cbc decrypt 14.43 3.87 2.89 2.80 430 Mbytes/second -cfb encrypt 14.75 4.12 3.10 3.01 400 Mbytes/second -cfb decrypt 14.12 4.10 2.88 2.79 430 Mbytes/second -ofb encrypt 15.25 5.36 4.37 4.27 280 Mbytes/second -ofb decrypt 15.25 5.36 4.36 4.27 280 Mbytes/second -ctr encrypt 13.31 4.79 4.01 3.94 305 Mbytes/second -ctr decrypt 13.31 4.79 4.01 3.94 305 Mbytes/second - - Brian Gladman, Worcester, UK diff --git a/src/java/kp2akeytransform/jni/final_key/Android.mk b/src/java/kp2akeytransform/jni/final_key/Android.mk deleted file mode 100644 index 5c460e782..000000000 --- a/src/java/kp2akeytransform/jni/final_key/Android.mk +++ /dev/null @@ -1,16 +0,0 @@ -LOCAL_PATH := $(call my-dir) - -include $(CLEAR_VARS) - -LOCAL_MODULE := final-key - -LOCAL_SRC_FILES := \ - kpd_jni.c - -LOCAL_C_INCLUDES := $(LOCAL_PATH)/../sha $(LOCAL_PATH)/../aes - -LOCAL_STATIC_LIBRARIES := aes sha - -LOCAL_LDLIBS := -llog - -include $(BUILD_SHARED_LIBRARY) diff --git a/src/java/kp2akeytransform/jni/final_key/kpd_jni.c b/src/java/kp2akeytransform/jni/final_key/kpd_jni.c deleted file mode 100644 index 03338c8f2..000000000 --- a/src/java/kp2akeytransform/jni/final_key/kpd_jni.c +++ /dev/null @@ -1,512 +0,0 @@ -/* - This is a JNI wrapper for AES & SHA source code on Android. - Copyright (C) 2010 Michael Mohr - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include -#include -#include -#include -#include -#include - -/* Tune as desired */ -#undef KPD_PROFILE -#undef KPD_DEBUG - -#if defined(KPD_PROFILE) -#include -#endif - -#if defined(KPD_DEBUG) -#include -#endif - -#include "aes.h" -#include "sha2.h" - -static JavaVM *cached_vm; -static jclass bad_arg, no_mem, bad_padding, short_buf, block_size; - -typedef enum { - ENCRYPTION, - DECRYPTION, - FINALIZED -} edir_t; - -#define AES_BLOCK_SIZE 16 -#define CACHE_SIZE 32 - -typedef struct _aes_state { - edir_t direction; - uint32_t cache_len; - uint8_t iv[16], cache[CACHE_SIZE]; - uint8_t ctx[sizeof(aes_encrypt_ctx)]; // 244 -} aes_state; - -#define ENC_CTX(state) (((aes_encrypt_ctx *)((state)->ctx))) -#define DEC_CTX(state) (((aes_decrypt_ctx *)((state)->ctx))) -#define ALIGN_EXTRA 15 -#define ALIGN16(x) (void *)(((uintptr_t)(x)+ALIGN_EXTRA) & ~ 0x0F) - -JNIEXPORT jint JNICALL JNI_OnLoad( JavaVM *vm, void *reserved ) { - JNIEnv *env; - jclass cls; - - cached_vm = vm; - if((*vm)->GetEnv(vm, (void **)&env, JNI_VERSION_1_6)) - return JNI_ERR; - - cls = (*env)->FindClass(env, "java/lang/IllegalArgumentException"); - if( cls == NULL ) - return JNI_ERR; - bad_arg = (*env)->NewGlobalRef(env, cls); - if( bad_arg == NULL ) - return JNI_ERR; - - cls = (*env)->FindClass(env, "java/lang/OutOfMemoryError"); - if( cls == NULL ) - return JNI_ERR; - no_mem = (*env)->NewGlobalRef(env, cls); - if( no_mem == NULL ) - return JNI_ERR; - - cls = (*env)->FindClass(env, "javax/crypto/BadPaddingException"); - if( cls == NULL ) - return JNI_ERR; - bad_padding = (*env)->NewGlobalRef(env, cls); - - cls = (*env)->FindClass(env, "javax/crypto/ShortBufferException"); - if( cls == NULL ) - return JNI_ERR; - short_buf = (*env)->NewGlobalRef(env, cls); - - cls = (*env)->FindClass(env, "javax/crypto/IllegalBlockSizeException"); - if( cls == NULL ) - return JNI_ERR; - block_size = (*env)->NewGlobalRef(env, cls); - - aes_init(); - - return JNI_VERSION_1_6; -} - -// called on garbage collection -JNIEXPORT void JNICALL JNI_OnUnload( JavaVM *vm, void *reserved ) { - JNIEnv *env; - if((*vm)->GetEnv(vm, (void **)&env, JNI_VERSION_1_6)) { - return; - } - (*env)->DeleteGlobalRef(env, bad_arg); - (*env)->DeleteGlobalRef(env, no_mem); - (*env)->DeleteGlobalRef(env, bad_padding); - (*env)->DeleteGlobalRef(env, short_buf); - (*env)->DeleteGlobalRef(env, block_size); - return; -} - -JNIEXPORT jlong JNICALL Java_com_keepassdroid_crypto_NativeAESCipherSpi_nInit(JNIEnv *env, jobject this, jboolean encrypting, jbyteArray key, jbyteArray iv) { - uint8_t ckey[32]; - aes_state *state; - jint key_len = (*env)->GetArrayLength(env, key); - jint iv_len = (*env)->GetArrayLength(env, iv); - - if( ! ( key_len == 16 || key_len == 24 || key_len == 32 ) || iv_len != 16 ) { - (*env)->ThrowNew(env, bad_arg, "Invalid length of key or iv"); - return -1; - } - - state = (aes_state *)malloc(sizeof(aes_state)); - if( state == NULL ) { - (*env)->ThrowNew(env, no_mem, "Cannot allocate memory for the encryption state"); - return -1; - } - memset(state, 0, sizeof(aes_state)); - - (*env)->GetByteArrayRegion(env, key, (jint)0, key_len, (jbyte *)ckey); - (*env)->GetByteArrayRegion(env, iv, (jint)0, iv_len, (jbyte *)state->iv); - - if( encrypting ) { - state->direction = ENCRYPTION; - aes_encrypt_key(ckey, key_len, ENC_CTX(state)); - } else { - state->direction = DECRYPTION; - aes_decrypt_key(ckey, key_len, DEC_CTX(state)); - } - - return (jlong)state; -} - -JNIEXPORT void JNICALL Java_com_keepassdroid_crypto_NativeAESCipherSpi_nCleanup(JNIEnv *env, jclass this, jlong state) { - if( state <= 0 ) return; - free((void *)state); -} - -/* - TODO: - It seems like the android implementation of the AES cipher stays a - block behind with update calls. So, if you do an update for 16 bytes, - it will return nothing in the output buffer. Then, it is the finalize - call that will return the last block stripping off padding if it is - not a full block. -*/ - -JNIEXPORT jint JNICALL Java_com_keepassdroid_crypto_NativeAESCipherSpi_nUpdate(JNIEnv *env, jobject this, - jlong state, jbyteArray input, jint inputOffset, jint inputLen, jbyteArray output, jint outputOffset, jint outputSize) { - int aes_ret; - uint32_t outLen, bytes2cache, cryptLen; - void *in, *out; - uint8_t *c_input, *c_output; - aes_state *c_state; - - #if defined(KPD_DEBUG) - __android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nUpdate", "entry: inputLen=%d, outputSize=%d", inputLen, outputSize); - #endif - - // step 1: first, some housecleaning - if( !inputLen || !outputSize || outputOffset < 0 || state <= 0 || !input || !output ) { - (*env)->ThrowNew(env, bad_arg, "nUpdate: called with 1 or more invalid arguments"); - return -1; - } - c_state = (aes_state *)state; - if( c_state->direction == FINALIZED ) { - (*env)->ThrowNew(env, bad_arg, "Trying to update a finalized state"); - return -1; - } - - // step 1.5: calculate cryptLen and outLen - cryptLen = inputLen + c_state->cache_len; - if( cryptLen < CACHE_SIZE ) { - (*env)->GetByteArrayRegion(env, input, inputOffset, inputLen, (jbyte *)(c_state->cache + c_state->cache_len)); - c_state->cache_len = cryptLen; - return 0; - } - // now we're guaranteed that cryptLen >= CACHE_SIZE (32) - bytes2cache = (cryptLen & 15) + AES_BLOCK_SIZE; // mask bottom 4 bits plus 1 block - outLen = (cryptLen - bytes2cache); // output length is now aligned to a 16-byte boundary - if( outLen > (uint32_t)outputSize ) { - (*env)->ThrowNew(env, bad_arg, "Output buffer does not have enough space"); - return -1; - } - - // step 2: allocate memory to hold input and output data - in = malloc(cryptLen+ALIGN_EXTRA); - if( in == NULL ) { - (*env)->ThrowNew(env, no_mem, "Unable to allocate heap space for encryption input"); - return -1; - } - c_input = ALIGN16(in); - - out = malloc(outLen+ALIGN_EXTRA); - if( out == NULL ) { - free(in); - (*env)->ThrowNew(env, no_mem, "Unable to allocate heap space for encryption output"); - return -1; - } - c_output = ALIGN16(out); - - // step 3: copy data from Java and en/decrypt it - if( c_state->cache_len ) { - memcpy(c_input, c_state->cache, c_state->cache_len); - (*env)->GetByteArrayRegion(env, input, inputOffset, inputLen, (jbyte *)(c_input + c_state->cache_len)); - } else { - (*env)->GetByteArrayRegion(env, input, inputOffset, inputLen, (jbyte *)c_input); - } - if( c_state->direction == ENCRYPTION ) - aes_ret = aes_cbc_encrypt(c_input, c_output, outLen, c_state->iv, ENC_CTX(c_state)); - else - aes_ret = aes_cbc_decrypt(c_input, c_output, outLen, c_state->iv, DEC_CTX(c_state)); - if( aes_ret != EXIT_SUCCESS ) { - free(in); - free(out); - (*env)->ThrowNew(env, bad_arg, "Failed to encrypt input data"); // FIXME: get a better exception class for this... - return -1; - } - (*env)->SetByteArrayRegion(env, output, outputOffset, outLen, (jbyte *)c_output); - - // step 4: cleanup and return - if( bytes2cache ) { - c_state->cache_len = bytes2cache; // set new cache length - memcpy(c_state->cache, (c_input + outLen), bytes2cache); // cache overflow bytes for next call - } else { - c_state->cache_len = 0; - } - - free(in); - free(out); - - #if defined(KPD_DEBUG) - __android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nUpdate", "exit: outLen=%d", outLen); - #endif - - return outLen; -} - -/* - outputSize must be at least 32 for encryption since the buffer may contain >= 1 full block - outputSize must be at least 16 for decryption -*/ -JNIEXPORT jint JNICALL Java_com_keepassdroid_crypto_NativeAESCipherSpi_nFinal(JNIEnv *env, jobject this, - jlong state, jboolean doPadding, jbyteArray output, jint outputOffset, jint outputSize) { - int i; - uint32_t padValue, paddedCacheLen, j; - uint8_t final_output[CACHE_SIZE] __attribute__ ((aligned (16))); - aes_state *c_state; - - #if defined(KPD_DEBUG) - __android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nFinal", "entry: outputOffset=%d, outputSize=%d", outputOffset, outputSize); - #endif - - if( !output || outputOffset < 0 || state <= 0 ) { - (*env)->ThrowNew(env, bad_arg, "Invalid argument(s) passed to nFinal"); - return -1; - } - c_state = (aes_state *)state; - if( c_state->direction == FINALIZED ) { - (*env)->ThrowNew(env, bad_arg, "This state has already been finalized"); - return -1; - } - - // allow fetching of remaining bytes from cache - if( !doPadding ) { - (*env)->SetByteArrayRegion(env, output, outputOffset, c_state->cache_len, (jbyte *)c_state->cache); - c_state->direction = FINALIZED; - return c_state->cache_len; - } - - #if defined(KPD_DEBUG) - __android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nFinal", "crypto operation starts"); - #endif - - if( c_state->direction == ENCRYPTION ) { - if( c_state->cache_len >= 16 ) { - paddedCacheLen = 32; - } else { - paddedCacheLen = 16; - } - if( outputSize < (jint)paddedCacheLen ) { - (*env)->ThrowNew(env, short_buf, "Insufficient space in output buffer"); - return -1; - } - padValue = paddedCacheLen - c_state->cache_len; - if(!padValue) padValue = 16; - memset(c_state->cache + c_state->cache_len, padValue, padValue); - if( aes_cbc_encrypt(c_state->cache, final_output, paddedCacheLen, c_state->iv, ENC_CTX(c_state)) != EXIT_SUCCESS ) { - (*env)->ThrowNew(env, bad_arg, "Failed to encrypt the final data block(s)"); // FIXME: get a better exception class for this... - return -1; - } - (*env)->SetByteArrayRegion(env, output, outputOffset, paddedCacheLen, (jbyte *)final_output); - c_state->direction = FINALIZED; - #if defined(KPD_DEBUG) - __android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nFinal", "encryption operation completed, returning %d bytes", paddedCacheLen); - #endif - return paddedCacheLen; - } else { // DECRYPTION - paddedCacheLen = c_state->cache_len; - if( outputSize < (jint)paddedCacheLen ) { - (*env)->ThrowNew(env, short_buf, "Insufficient space in output buffer"); - return -1; - } - if( paddedCacheLen != 16 ) { - (*env)->ThrowNew(env, bad_padding, "Incomplete final block in cache for decryption state"); - return -1; - } - if( aes_cbc_decrypt(c_state->cache, final_output, paddedCacheLen, c_state->iv, DEC_CTX(c_state)) != EXIT_SUCCESS ) { - (*env)->ThrowNew(env, bad_arg, "Failed to decrypt the final data block(s)"); // FIXME: get a better exception class for this... - return -1; - } - padValue = final_output[paddedCacheLen-1]; - for(i = (paddedCacheLen-1), j = 0; final_output[i] == padValue && i >= 0; i--, j++); - if( padValue != j ) { - (*env)->ThrowNew(env, bad_padding, "Failed to verify padding during decryption"); - return -1; - } - j = 16 - j; - (*env)->SetByteArrayRegion(env, output, outputOffset, j, (jbyte *)final_output); - c_state->direction = FINALIZED; - #if defined(KPD_DEBUG) - __android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nFinal", "decryption operation completed, returning %d bytes", j); - #endif - return j; - } -} - -JNIEXPORT jint JNICALL Java_com_keepassdroid_crypto_NativeAESCipherSpi_nGetCacheSize(JNIEnv* env, jobject this, jlong state) { - aes_state *c_state; - - if( state <= 0 ) { - (*env)->ThrowNew(env, bad_arg, "Invalid state"); - return -1; - } - c_state = (aes_state *)state; - if( c_state->direction == FINALIZED ) { - (*env)->ThrowNew(env, bad_arg, "Invalid state"); - return -1; - } - return c_state->cache_len; -} - -#define MASTER_KEY_SIZE 32 - -typedef struct _master_key { - uint32_t rounds, done[2]; - pthread_mutex_t lock1, lock2; // these lock the two halves of the key material - uint8_t c_seed[MASTER_KEY_SIZE] __attribute__ ((aligned (16))); - uint8_t key1[MASTER_KEY_SIZE] __attribute__ ((aligned (16))); - uint8_t key2[MASTER_KEY_SIZE] __attribute__ ((aligned (16))); -} master_key; - - -void *generate_key_material(void *arg) { - #if defined(KPD_PROFILE) - struct timespec start, end; - #endif - uint32_t i, flip = 0; - uint8_t *key1, *key2; - master_key *mk = (master_key *)arg; - aes_encrypt_ctx e_ctx[1] __attribute__ ((aligned (16))); - - if( mk->done[0] == 0 && pthread_mutex_trylock(&mk->lock1) == 0 ) { - key1 = mk->key1; - key2 = mk->key2; - } else if( mk->done[1] == 0 && pthread_mutex_trylock(&mk->lock2) == 0 ) { - key1 = mk->key1 + (MASTER_KEY_SIZE/2); - key2 = mk->key2 + (MASTER_KEY_SIZE/2); - } else { - // this can only be scaled to two threads - pthread_exit( (void *)(-1) ); - } - - #if defined(KPD_PROFILE) - clock_gettime(CLOCK_THREAD_CPUTIME_ID, &start); - #endif - - aes_encrypt_key256(mk->c_seed, e_ctx); - for (i = 0; i < mk->rounds; i++) { - if ( flip ) { - aes_encrypt(key2, key1, e_ctx); - flip = 0; - } else { - aes_encrypt(key1, key2, e_ctx); - flip = 1; - } - } - - #if defined(KPD_PROFILE) - clock_gettime(CLOCK_THREAD_CPUTIME_ID, &end); - if( key1 == mk->key1 ) - __android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nTransformMasterKey", "Thread 1 master key transformation took ~%d seconds", (end.tv_sec-start.tv_sec)); - else - __android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nTransformMasterKey", "Thread 2 master key transformation took ~%d seconds", (end.tv_sec-start.tv_sec)); - #endif - - if( key1 == mk->key1 ) { - mk->done[0] = 1; - pthread_mutex_unlock(&mk->lock1); - } else { - mk->done[1] = 1; - pthread_mutex_unlock(&mk->lock2); - } - - return (void *)flip; -} - -JNIEXPORT jbyteArray JNICALL Java_com_keepassdroid_crypto_finalkey_NativeFinalKey_nTransformMasterKey(JNIEnv *env, jobject this, jbyteArray seed, jbyteArray key, jint rounds) { - master_key mk; - uint32_t flip; - pthread_t t1, t2; - int iret; - void *vret1, *vret2; - jbyteArray result; - sha256_ctx h_ctx[1] __attribute__ ((aligned (16))); - - // step 1: housekeeping - sanity checks and fetch data from the JVM - if( (*env)->GetArrayLength(env, seed) != MASTER_KEY_SIZE ) { - (*env)->ThrowNew(env, bad_arg, "TransformMasterKey: the seed is not the correct size"); - return NULL; - } - if( (*env)->GetArrayLength(env, key) != MASTER_KEY_SIZE ) { - (*env)->ThrowNew(env, bad_arg, "TransformMasterKey: the key is not the correct size"); - return NULL; - } - if( rounds < 0 ) { - (*env)->ThrowNew(env, bad_arg, "TransformMasterKey: illegal number of encryption rounds"); - return NULL; - } - mk.rounds = (uint32_t)rounds; - mk.done[0] = mk.done[1] = 0; - if( pthread_mutex_init(&mk.lock1, NULL) != 0 ) { - (*env)->ThrowNew(env, bad_arg, "TransformMasterKey: failed to initialize the mutex for thread 1"); // FIXME: get a better exception class for this... - return NULL; - } - if( pthread_mutex_init(&mk.lock2, NULL) != 0 ) { - (*env)->ThrowNew(env, bad_arg, "TransformMasterKey: failed to initialize the mutex for thread 2"); // FIXME: get a better exception class for this... - return NULL; - } - (*env)->GetByteArrayRegion(env, seed, 0, MASTER_KEY_SIZE, (jbyte *)mk.c_seed); - (*env)->GetByteArrayRegion(env, key, 0, MASTER_KEY_SIZE, (jbyte *)mk.key1); - - // step 2: encrypt the hash "rounds" (default: 6000) times - iret = pthread_create( &t1, NULL, generate_key_material, (void*)&mk ); - if( iret != 0 ) { - (*env)->ThrowNew(env, bad_arg, "TransformMasterKey: failed to launch thread 1"); // FIXME: get a better exception class for this... - return NULL; - } - iret = pthread_create( &t2, NULL, generate_key_material, (void*)&mk ); - if( iret != 0 ) { - (*env)->ThrowNew(env, bad_arg, "TransformMasterKey: failed to launch thread 2"); // FIXME: get a better exception class for this... - return NULL; - } - iret = pthread_join( t1, &vret1 ); - if( iret != 0 ) { - (*env)->ThrowNew(env, bad_arg, "TransformMasterKey: failed to join thread 1"); // FIXME: get a better exception class for this... - return NULL; - } - iret = pthread_join( t2, &vret2 ); - if( iret != 0 ) { - (*env)->ThrowNew(env, bad_arg, "TransformMasterKey: failed to join thread 2"); // FIXME: get a better exception class for this... - return NULL; - } - if( vret1 == (void *)(-1) || vret2 == (void *)(-1) || vret1 != vret2 ) { - (*env)->ThrowNew(env, bad_arg, "TransformMasterKey: invalid flip value(s) from completed thread(s)"); // FIXME: get a better exception class for this... - return NULL; - } else { - flip = (uint32_t)vret1; - } - - // step 3: final SHA256 hash - sha256_begin(h_ctx); - if( flip ) { - sha256_hash(mk.key2, MASTER_KEY_SIZE, h_ctx); - sha256_end(mk.key1, h_ctx); - flip = 0; - } else { - sha256_hash(mk.key1, MASTER_KEY_SIZE, h_ctx); - sha256_end(mk.key2, h_ctx); - flip = 1; - } - - // step 4: send the hash into the JVM - result = (*env)->NewByteArray(env, MASTER_KEY_SIZE); - if( flip ) - (*env)->SetByteArrayRegion(env, result, 0, MASTER_KEY_SIZE, (jbyte *)mk.key2); - else - (*env)->SetByteArrayRegion(env, result, 0, MASTER_KEY_SIZE, (jbyte *)mk.key1); - - return result; -} -#undef MASTER_KEY_SIZE - diff --git a/src/java/kp2akeytransform/jni/prep_build.sh b/src/java/kp2akeytransform/jni/prep_build.sh deleted file mode 100644 index 057a15e49..000000000 --- a/src/java/kp2akeytransform/jni/prep_build.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -SHA_FILE="sha2-07-01-07.zip" - -curl http://gladman.plushost.co.uk/oldsite/cryptography_technology/sha/$SHA_FILE > $SHA_FILE -unzip $SHA_FILE -d sha diff --git a/src/java/kp2akeytransform/jni/sha/.gitignore b/src/java/kp2akeytransform/jni/sha/.gitignore deleted file mode 100644 index 18596cbc8..000000000 --- a/src/java/kp2akeytransform/jni/sha/.gitignore +++ /dev/null @@ -1,13 +0,0 @@ -brg_endian.h -brg_types.h -hmac.c -hmac.h -pwd2key.c -pwd2key.h -sha1b.c -sha1.c -sha1.h -sha2b.c -sha2.c -sha2.h -shasum.c diff --git a/src/java/kp2akeytransform/jni/sha/Android.mk b/src/java/kp2akeytransform/jni/sha/Android.mk deleted file mode 100644 index bfdad4e5c..000000000 --- a/src/java/kp2akeytransform/jni/sha/Android.mk +++ /dev/null @@ -1,14 +0,0 @@ -LOCAL_PATH := $(call my-dir) - -include $(CLEAR_VARS) - -LOCAL_MODULE := sha - -LOCAL_SRC_FILES := \ - sha1.c \ - sha2.c \ - hmac.c - -LOCAL_CFLAGS := -DUSE_SHA256 - -include $(BUILD_STATIC_LIBRARY) diff --git a/src/java/kp2akeytransform/libs/.gitignore b/src/java/kp2akeytransform/libs/.gitignore deleted file mode 100644 index f1a2c82c7..000000000 --- a/src/java/kp2akeytransform/libs/.gitignore +++ /dev/null @@ -1,8 +0,0 @@ -[^.] -armeabi -armeabi-v7a -x86 -mips -mips-r2 -mips-r2-sf -ant-contrib-0.3.jar diff --git a/src/java/kp2akeytransform/project.properties b/src/java/kp2akeytransform/project.properties deleted file mode 100644 index b83fc3aa7..000000000 --- a/src/java/kp2akeytransform/project.properties +++ /dev/null @@ -1,15 +0,0 @@ -# This file is automatically generated by Android Tools. -# Do not modify this file -- YOUR CHANGES WILL BE ERASED! -# -# This file must be checked in Version Control Systems. -# -# To customize properties used by the Ant build system use, -# "ant.properties", and override values to adapt the script to your -# project structure. - -# Indicates whether an apk should be generated for each density. -split.density=false -# Project target. -target=android-17 -apk-configurations= -android.library=true diff --git a/src/java/kp2akeytransform/src/com/keepassdroid/crypto/NativeLib.java b/src/java/kp2akeytransform/src/com/keepassdroid/crypto/NativeLib.java deleted file mode 100644 index be228a6ed..000000000 --- a/src/java/kp2akeytransform/src/com/keepassdroid/crypto/NativeLib.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright 2009 Brian Pellin. - * - * This file is part of KeePassDroid. - * - * KeePassDroid is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 2 of the License, or - * (at your option) any later version. - * - * KeePassDroid is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with KeePassDroid. If not, see . - * - */ -package com.keepassdroid.crypto; - -public class NativeLib { - private static boolean isLoaded = false; - private static boolean loadSuccess = false; - - public static boolean loaded() { - return init(); - } - - public static boolean init() { - if ( ! isLoaded ) { - try { - System.loadLibrary("final-key"); - } catch ( UnsatisfiedLinkError e) { - return false; - } - isLoaded = true; - loadSuccess = true; - } - - return loadSuccess; - - } - -} diff --git a/src/java/kp2akeytransform/src/com/keepassdroid/crypto/finalkey/AndroidFinalKey.java b/src/java/kp2akeytransform/src/com/keepassdroid/crypto/finalkey/AndroidFinalKey.java deleted file mode 100644 index 50395dc8c..000000000 --- a/src/java/kp2akeytransform/src/com/keepassdroid/crypto/finalkey/AndroidFinalKey.java +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright 2009 Brian Pellin. - * - * This file is part of KeePassDroid. - * - * KeePassDroid is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 2 of the License, or - * (at your option) any later version. - * - * KeePassDroid is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with KeePassDroid. If not, see . - * - */ -package com.keepassdroid.crypto.finalkey; - -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; - -import javax.crypto.Cipher; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.ShortBufferException; -import javax.crypto.spec.SecretKeySpec; - -public class AndroidFinalKey extends FinalKey { - - @Override - public byte[] transformMasterKey(byte[] pKeySeed, byte[] pKey, int rounds) throws IOException { - Cipher cipher; - try { - cipher = Cipher.getInstance("AES/ECB/NoPadding"); - } catch (NoSuchAlgorithmException e) { - throw new IOException("NoSuchAlgorithm: " + e.getMessage()); - } catch (NoSuchPaddingException e) { - throw new IOException("NoSuchPadding: " + e.getMessage()); - } - - try { - cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(pKeySeed, "AES")); - } catch (InvalidKeyException e) { - throw new IOException("InvalidPasswordException: " + e.getMessage()); - } - - // Encrypt key rounds times - byte[] newKey = new byte[pKey.length]; - System.arraycopy(pKey, 0, newKey, 0, pKey.length); - byte[] destKey = new byte[pKey.length]; - for (int i = 0; i < rounds; i++) { - try { - cipher.update(newKey, 0, newKey.length, destKey, 0); - System.arraycopy(destKey, 0, newKey, 0, newKey.length); - - } catch (ShortBufferException e) { - throw new IOException("Short buffer: " + e.getMessage()); - } - } - - // Hash the key - MessageDigest md = null; - try { - md = MessageDigest.getInstance("SHA-256"); - } catch (NoSuchAlgorithmException e) { - assert true; - throw new IOException("SHA-256 not implemented here: " + e.getMessage()); - } - - md.update(newKey); - return md.digest(); - } - -} diff --git a/src/java/kp2akeytransform/src/com/keepassdroid/crypto/finalkey/FinalKey.java b/src/java/kp2akeytransform/src/com/keepassdroid/crypto/finalkey/FinalKey.java deleted file mode 100644 index df299a143..000000000 --- a/src/java/kp2akeytransform/src/com/keepassdroid/crypto/finalkey/FinalKey.java +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright 2009 Brian Pellin. - * - * This file is part of KeePassDroid. - * - * KeePassDroid is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 2 of the License, or - * (at your option) any later version. - * - * KeePassDroid is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with KeePassDroid. If not, see . - * - */ -package com.keepassdroid.crypto.finalkey; - -import java.io.IOException; - -public abstract class FinalKey { - public abstract byte[] transformMasterKey(byte[] seed, byte[] key, int rounds) throws IOException; -} diff --git a/src/java/kp2akeytransform/src/com/keepassdroid/crypto/finalkey/FinalKeyFactory.java b/src/java/kp2akeytransform/src/com/keepassdroid/crypto/finalkey/FinalKeyFactory.java deleted file mode 100644 index 2cca6b528..000000000 --- a/src/java/kp2akeytransform/src/com/keepassdroid/crypto/finalkey/FinalKeyFactory.java +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright 2009 Brian Pellin. - * - * This file is part of KeePassDroid. - * - * KeePassDroid is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 2 of the License, or - * (at your option) any later version. - * - * KeePassDroid is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with KeePassDroid. If not, see . - * - */ -package com.keepassdroid.crypto.finalkey; - -public class FinalKeyFactory { - public static FinalKey createFinalKey() { - return createFinalKey(false); - } - - public static FinalKey createFinalKey(boolean androidOverride) { - // Prefer the native final key implementation - if ( ! androidOverride && NativeFinalKey.availble() ) { - return new NativeFinalKey(); - } else { - // Fall back on the android crypto implementation - return new AndroidFinalKey(); - } - } -} diff --git a/src/java/kp2akeytransform/src/com/keepassdroid/crypto/finalkey/NativeFinalKey.java b/src/java/kp2akeytransform/src/com/keepassdroid/crypto/finalkey/NativeFinalKey.java deleted file mode 100644 index ce5982950..000000000 --- a/src/java/kp2akeytransform/src/com/keepassdroid/crypto/finalkey/NativeFinalKey.java +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright 2009 Brian Pellin. - * - * This file is part of KeePassDroid. - * - * KeePassDroid is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 2 of the License, or - * (at your option) any later version. - * - * KeePassDroid is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with KeePassDroid. If not, see . - * - */ -package com.keepassdroid.crypto.finalkey; - -import java.io.IOException; - -import com.keepassdroid.crypto.NativeLib; - - -public class NativeFinalKey extends FinalKey { - - public static boolean availble() { - return NativeLib.init(); - } - - @Override - public byte[] transformMasterKey(byte[] seed, byte[] key, int rounds) throws IOException { - NativeLib.init(); - - return nTransformMasterKey(seed, key, rounds); - - } - - private static native byte[] nTransformMasterKey(byte[] seed, byte[] key, int rounds); - - // For testing - /* - public static byte[] reflect(byte[] key) { - NativeLib.init(); - - return nativeReflect(key); - } - - private static native byte[] nativeReflect(byte[] key); - */ - - -}