⚡️ Add AES-GCM

Author: Unam3dd

inc/aes.h

@@ -400,8 +400,20 @@ aes_status_t		aes_ctr_dec(byte_t *out, size_t o_sz, const iv_t nonce, const byte
 //
 ////////////////////////////////////
 
-aes_status_t		aes_gcm_enc(aes_gcm_counter_t *out, const iv_t nonce, const byte_t *restrict aad, const byte_t *restrict in, size_t i_sz, const aes_ctx_t *ctx);
-aes_status_t		aes_gcm_dec(aes_gcm_counter_t *out, const iv_t nonce, const byte_t *restrict aad, const byte_t *restrict in, size_t i_sz, const aes_ctx_t *ctx);
+aes_status_t		aes_gcm_enc(aes_gcm_counter_t *out, const iv_t nonce, const byte_t *restrict aad, size_t aad_len, const byte_t *restrict in, size_t i_sz, const aes_ctx_t *ctx);
+aes_status_t		aes_gcm_dec(aes_gcm_counter_t *out, const iv_t nonce, const byte_t *restrict aad, size_t aad_len, const byte_t *restrict in, size_t i_sz, const aes_ctx_t *ctx);
+
+
+/////////////////////////////////////
+//
+//
+//			UTILS
+//
+//
+////////////////////////////////////
+
+__m128i				aes_block_enc(__m128i data, const aes_key_t *k, const aes_key_size_t nr);
+__m128i				aes_block_dec(__m128i data, const aes_key_t *k, const aes_key_size_t nr);
 
 /////////////////////////////////////
 //

inc/gf.h

@@ -38,4 +38,6 @@ uint16_t		gf8_mul(uint8_t a, uint8_t b);
 
 __m128i			gf128_mul(__m128i a, __m128i b);
 
+void			gfmul(const uint8_t a[0x10], const uint8_t b[0x10], uint8_t r[0x10]);
+
 #endif

meson.build

@@ -34,9 +34,10 @@ SRCS_PKCS = ['src/pkcs/pkcs.c']
 SRCS_EXPANSION = ['src/expansion/aes_128_expansion.c', 'src/expansion/aes_192_expansion.c', 'src/expansion/aes_256_expansion.c']
 SRCS_RANDOM = ['src/random/rdrnd.c', 'src/random/urandom.c']
 SRCS_AES = ['src/ecb/aes_ecb.c', 'src/cbc/aes_cbc.c', 'src/cfb/aes_cfb.c', 'src/ofb/aes_ofb.c', 'src/ctr/aes_ctr.c', 'src/gcm/aes_gcm.c']
-SRCS_GF = ['src/gf/gf8_mul.c', 'src/gf/gf128_mul.c']
+SRCS_GF = ['src/gf/gf8_mul.c', 'src/gf/gf128_mul.c', 'src/gcm/gfmul.c']
+SRCS_UTILS = ['src/utils/aes_block.c']
 
-SRCS = [SRCS_PKCS, SRCS_RC, SRCS_EXPANSION, SRCS_RANDOM, SRCS_AES, SRCS_GF]
+SRCS = [SRCS_PKCS, SRCS_RC, SRCS_EXPANSION, SRCS_RANDOM, SRCS_AES, SRCS_GF, SRCS_UTILS]
 SRCS_FILES = files(SRCS)
 
 #############################

src/cbc/aes_cbc.c

@@ -116,29 +116,7 @@ aes_status_t	aes_cbc_enc(byte_t *out, size_t o_sz, iv_t iv, const byte_t *restri
 
 		feedback = _mm_xor_si128(state, feedback);
 
-		// Xor State with first round Key (This XOR is equal to first AddRounKey Transformation)
-		feedback = AddRoundKey(feedback, ctx->key.sched[0]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[1]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[2]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[3]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[4]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[5]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[6]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[7]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[8]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[9]);
-
-		if (NR >= AES_192_NR) {
-			feedback = _mm_aesenc_si128(feedback, ctx->key.sched[10]);
-			feedback = _mm_aesenc_si128(feedback, ctx->key.sched[11]);
-
-			if (NR == AES_256_NR) {
-				feedback = _mm_aesenc_si128(feedback, ctx->key.sched[12]);
-				feedback = _mm_aesenc_si128(feedback, ctx->key.sched[13]);
-			}
-		}
-		
-        feedback = _mm_aesenclast_si128(feedback, ctx->key.sched[NR]);
+		feedback = aes_block_enc(feedback, &ctx->key, NR);
 
 		_mm_storeu_si128(&((__m128i*)out)[i], feedback);
 	}
@@ -173,8 +151,9 @@ aes_status_t	aes_cbc_dec(byte_t *out, size_t o_sz, iv_t iv, const byte_t *restri
 	for (i = 0; i < blocks; i++) {
 
 		last_in = _mm_loadu_si128( &((__m128i*)in)[i]);
+		state = last_in;
 
-        state = AddRoundKey(last_in, ctx->key.sched[NR]);
+        /*state = AddRoundKey(last_in, ctx->key.sched[NR]);
 
 		state = _mm_aesdec_si128(state, _mm_aesimc_si128(ctx->key.sched[NR - 1]));
 		state = _mm_aesdec_si128(state, _mm_aesimc_si128(ctx->key.sched[NR - 2]));
@@ -196,7 +175,10 @@ aes_status_t	aes_cbc_dec(byte_t *out, size_t o_sz, iv_t iv, const byte_t *restri
 			}
 		}
         
-        state = _mm_aesdeclast_si128(state, ctx->key.sched[0]);
+        state = _mm_aesdeclast_si128(state, ctx->key.sched[0]);*/
+
+		state = aes_block_dec(state, &ctx->key, NR);
+
 		state = _mm_xor_si128(state, feedback);
 
 		_mm_storeu_si128(&((__m128i*)out)[i], state);

src/cfb/aes_cfb.c

@@ -114,29 +114,7 @@ aes_status_t	aes_cfb_enc(byte_t *out, size_t o_sz, iv_t iv, const byte_t *restri
 		// Load State
 		state = _mm_loadu_si128( &((__m128i*)in)[i]);
 
-		// Xor State with first round Key (This XOR is equal to first AddRounKey Transformation)
-		feedback = AddRoundKey(feedback, ctx->key.sched[0]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[1]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[2]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[3]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[4]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[5]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[6]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[7]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[8]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[9]);
-
-		if (NR >= AES_192_NR) {
-			feedback = _mm_aesenc_si128(feedback, ctx->key.sched[10]);
-			feedback = _mm_aesenc_si128(feedback, ctx->key.sched[11]);
-
-			if (NR == AES_256_NR) {
-				feedback = _mm_aesenc_si128(feedback, ctx->key.sched[12]);
-				feedback = _mm_aesenc_si128(feedback, ctx->key.sched[13]);
-			}
-		}
-		
-        feedback = _mm_aesenclast_si128(feedback, ctx->key.sched[NR]);
+		feedback = aes_block_enc(feedback, &ctx->key, NR);
 
         state = _mm_xor_si128(state, feedback);
         feedback = state;
@@ -176,29 +154,7 @@ aes_status_t	aes_cfb_dec(byte_t *out, size_t o_sz, iv_t iv, const byte_t *restri
 		// Load State
 		state = _mm_loadu_si128( &((__m128i*)in)[i]);
 
-		// Xor State with first round Key (This XOR is equal to first AddRounKey Transformation)
-		feedback = AddRoundKey(feedback, ctx->key.sched[0]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[1]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[2]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[3]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[4]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[5]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[6]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[7]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[8]);
-        feedback = _mm_aesenc_si128(feedback, ctx->key.sched[9]);
-
-		if (NR >= AES_192_NR) {
-			feedback = _mm_aesenc_si128(feedback, ctx->key.sched[10]);
-			feedback = _mm_aesenc_si128(feedback, ctx->key.sched[11]);
-
-			if (NR == AES_256_NR) {
-				feedback = _mm_aesenc_si128(feedback, ctx->key.sched[12]);
-				feedback = _mm_aesenc_si128(feedback, ctx->key.sched[13]);
-			}
-		}
-		
-        feedback = _mm_aesenclast_si128(feedback, ctx->key.sched[NR]);
+		feedback = aes_block_enc(feedback, &ctx->key, NR);
 
         cipher = state;
         state = _mm_xor_si128(state, feedback);

src/ctr/aes_ctr.c

@@ -146,30 +146,7 @@ aes_status_t	aes_ctr_enc(byte_t *out, size_t o_sz, const iv_t nonce, const byte_
 
 		feedback = _mm_loadu_si128((__m128i*)nonce);
 
-		// Xor State with first round Key (This XOR is equal to first AddRounKey Transformation)
-		feedback = AddRoundKey(feedback, ctx->key.sched[0x0]);
-        
-		feedback = _mm_aesenc_si128(feedback, ctx->key.sched[0x1]);
-		feedback = _mm_aesenc_si128(feedback, ctx->key.sched[0x2]);
-		feedback = _mm_aesenc_si128(feedback, ctx->key.sched[0x3]);
-		feedback = _mm_aesenc_si128(feedback, ctx->key.sched[0x4]);
-		feedback = _mm_aesenc_si128(feedback, ctx->key.sched[0x5]);
-		feedback = _mm_aesenc_si128(feedback, ctx->key.sched[0x6]);
-		feedback = _mm_aesenc_si128(feedback, ctx->key.sched[0x7]);
-		feedback = _mm_aesenc_si128(feedback, ctx->key.sched[0x8]);
-		feedback = _mm_aesenc_si128(feedback, ctx->key.sched[0x9]);
-
-		if (NR >= AES_192_NR) {
-			feedback = _mm_aesenc_si128(feedback, ctx->key.sched[0xa]);
-			feedback = _mm_aesenc_si128(feedback, ctx->key.sched[0xb]);
-
-			if (NR == AES_256_NR) {
-				feedback = _mm_aesenc_si128(feedback, ctx->key.sched[0xc]);
-				feedback = _mm_aesenc_si128(feedback, ctx->key.sched[0xe]);
-			}
-		}
-
-        feedback = _mm_aesenclast_si128(feedback, ctx->key.sched[NR]);
+		feedback = aes_block_enc(feedback, &ctx->key, NR);
 
         state = _mm_xor_si128(feedback, state);
 

src/ecb/aes_ecb.c

@@ -105,36 +105,9 @@ aes_status_t	aes_ecb_enc(byte_t *out, size_t o_sz, const byte_t *restrict in, si
 
 	for (i = 0; i < blocks; i++) {
 
-		// Load State
 		state = _mm_loadu_si128( &((__m128i*)in)[i]);
 
-		// Xor State with first round Key (This XOR is equal to first AddRounKey Transformation)
-		state = AddRoundKey(state, ctx->key.sched[0]);
-
-		state = _mm_aesenc_si128(state, ctx->key.sched[1]);
-		state = _mm_aesenc_si128(state, ctx->key.sched[2]);
-		state = _mm_aesenc_si128(state, ctx->key.sched[3]);
-		state = _mm_aesenc_si128(state, ctx->key.sched[4]);
-		state = _mm_aesenc_si128(state, ctx->key.sched[5]);
-		state = _mm_aesenc_si128(state, ctx->key.sched[6]);
-		state = _mm_aesenc_si128(state, ctx->key.sched[7]);
-		state = _mm_aesenc_si128(state, ctx->key.sched[8]);
-		state = _mm_aesenc_si128(state, ctx->key.sched[9]);
-
-		if (NR >= AES_192_NR) {
-			state = _mm_aesenc_si128(state, ctx->key.sched[10]);
-			state = _mm_aesenc_si128(state, ctx->key.sched[11]);
-
-			if (NR == AES_256_NR) {
-				state = _mm_aesenc_si128(state, ctx->key.sched[12]);
-				state = _mm_aesenc_si128(state, ctx->key.sched[13]);
-			}
-		}
-
-		//      a[127:0] := ShiftRows(a[127:0])
-		//      a[127:0] := SubBytes(a[127:0])
-		//      dst[127:0] := a[127:0] (AddRoundKey) XOR RoundKey[127:0]
-		state = _mm_aesenclast_si128(state, ctx->key.sched[NR]);
+		state = aes_block_enc(state, &ctx->key, NR);
 
 		_mm_storeu_si128(&((__m128i*)out)[i], state);
 	}
@@ -162,28 +135,8 @@ aes_status_t	aes_ecb_dec(byte_t *out, size_t o_sz, const byte_t *restrict in, si
 	for (i = 0; i < blocks; i++) {
 		state = _mm_loadu_si128( &((__m128i*)in)[i]);
 
-        state = AddRoundKey(state, ctx->key.sched[NR]);
-        state = _mm_aesdec_si128(state, _mm_aesimc_si128(ctx->key.sched[NR - 1]));
-        state = _mm_aesdec_si128(state, _mm_aesimc_si128(ctx->key.sched[NR - 2]));
-        state = _mm_aesdec_si128(state, _mm_aesimc_si128(ctx->key.sched[NR - 3]));
-        state = _mm_aesdec_si128(state, _mm_aesimc_si128(ctx->key.sched[NR - 4]));
-        state = _mm_aesdec_si128(state, _mm_aesimc_si128(ctx->key.sched[NR - 5]));
-        state = _mm_aesdec_si128(state, _mm_aesimc_si128(ctx->key.sched[NR - 6]));
-        state = _mm_aesdec_si128(state, _mm_aesimc_si128(ctx->key.sched[NR - 7]));
-        state = _mm_aesdec_si128(state, _mm_aesimc_si128(ctx->key.sched[NR - 8]));
-        state = _mm_aesdec_si128(state, _mm_aesimc_si128(ctx->key.sched[NR - 9]));
-
-		if (NR >= AES_192_NR) {
-			state = _mm_aesdec_si128(state, _mm_aesimc_si128(ctx->key.sched[NR - 10]));
-			state = _mm_aesdec_si128(state, _mm_aesimc_si128(ctx->key.sched[NR - 11]));
-
-			if (NR == AES_256_NR) {
-				state = _mm_aesdec_si128(state, _mm_aesimc_si128(ctx->key.sched[NR - 12]));
-				state = _mm_aesdec_si128(state, _mm_aesimc_si128(ctx->key.sched[NR - 13]));
-			}
-		}
-        
-        state = _mm_aesdeclast_si128(state, ctx->key.sched[0]);
+		state = aes_block_dec(state, &ctx->key, NR);
+
 		_mm_storeu_si128(&((__m128i*)out)[i], state);
 	}