53#if !defined(MBEDTLS_CONFIG_FILE)
56#include MBEDTLS_CONFIG_FILE
59#if defined(MBEDTLS_AES_C)
66#if defined(MBEDTLS_PADLOCK_C)
69#if defined(MBEDTLS_AESNI_C)
73#if defined(MBEDTLS_SELF_TEST)
74#if defined(MBEDTLS_PLATFORM_C)
78#define mbedtls_printf printf
82#if !defined(MBEDTLS_AES_ALT)
85#define AES_VALIDATE_RET( cond ) \
86 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA )
87#define AES_VALIDATE( cond ) \
88 MBEDTLS_INTERNAL_VALIDATE( cond )
94#define GET_UINT32_LE(n,b,i) \
96 (n) = ( (uint32_t) (b)[(i) ] ) \
97 | ( (uint32_t) (b)[(i) + 1] << 8 ) \
98 | ( (uint32_t) (b)[(i) + 2] << 16 ) \
99 | ( (uint32_t) (b)[(i) + 3] << 24 ); \
104#define PUT_UINT32_LE(n,b,i) \
106 (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
107 (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
108 (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
109 (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
113#if defined(MBEDTLS_PADLOCK_C) && \
114 ( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) )
115static int aes_padlock_ace = -1;
118#if defined(MBEDTLS_AES_ROM_TABLES)
122static const unsigned char FSb[256] =
124 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
125 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
126 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
127 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
128 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
129 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
130 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
131 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
132 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
133 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
134 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
135 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
136 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
137 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
138 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
139 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
140 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
141 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
142 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
143 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
144 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
145 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
146 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
147 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
148 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
149 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
150 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
151 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
152 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
153 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
154 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
155 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
163 V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \
164 V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \
165 V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \
166 V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \
167 V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \
168 V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \
169 V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \
170 V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \
171 V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \
172 V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \
173 V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \
174 V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \
175 V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \
176 V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \
177 V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \
178 V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \
179 V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \
180 V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \
181 V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \
182 V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \
183 V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \
184 V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \
185 V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \
186 V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \
187 V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \
188 V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \
189 V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \
190 V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \
191 V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \
192 V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \
193 V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \
194 V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \
195 V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \
196 V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \
197 V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \
198 V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \
199 V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \
200 V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \
201 V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \
202 V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \
203 V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \
204 V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \
205 V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \
206 V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \
207 V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \
208 V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \
209 V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \
210 V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \
211 V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \
212 V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \
213 V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \
214 V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \
215 V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \
216 V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \
217 V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \
218 V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \
219 V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \
220 V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \
221 V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \
222 V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \
223 V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \
224 V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \
225 V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \
226 V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C)
228#define V(a,b,c,d) 0x##a##b##c##d
232#if !defined(MBEDTLS_AES_FEWER_TABLES)
234#define V(a,b,c,d) 0x##b##c##d##a
238#define V(a,b,c,d) 0x##c##d##a##b
242#define V(a,b,c,d) 0x##d##a##b##c
253static const unsigned char RSb[256] =
255 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
256 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
257 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
258 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
259 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D,
260 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
261 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2,
262 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
263 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
264 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
265 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA,
266 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
267 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A,
268 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
269 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
270 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
271 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA,
272 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
273 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85,
274 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
275 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
276 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
277 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20,
278 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
279 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31,
280 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
281 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
282 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
283 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0,
284 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
285 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
286 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
294 V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \
295 V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \
296 V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \
297 V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \
298 V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \
299 V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \
300 V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \
301 V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \
302 V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \
303 V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \
304 V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \
305 V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \
306 V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \
307 V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \
308 V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \
309 V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \
310 V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \
311 V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \
312 V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \
313 V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \
314 V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \
315 V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \
316 V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \
317 V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \
318 V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \
319 V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \
320 V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \
321 V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \
322 V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \
323 V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \
324 V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \
325 V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \
326 V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \
327 V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \
328 V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \
329 V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \
330 V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \
331 V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \
332 V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \
333 V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \
334 V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \
335 V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \
336 V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \
337 V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \
338 V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \
339 V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \
340 V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \
341 V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \
342 V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \
343 V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \
344 V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \
345 V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \
346 V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \
347 V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \
348 V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \
349 V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \
350 V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \
351 V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \
352 V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \
353 V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \
354 V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \
355 V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \
356 V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \
357 V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
359#define V(a,b,c,d) 0x##a##b##c##d
363#if !defined(MBEDTLS_AES_FEWER_TABLES)
365#define V(a,b,c,d) 0x##b##c##d##a
369#define V(a,b,c,d) 0x##c##d##a##b
373#define V(a,b,c,d) 0x##d##a##b##c
386 0x00000001, 0x00000002, 0x00000004, 0x00000008,
387 0x00000010, 0x00000020, 0x00000040, 0x00000080,
388 0x0000001B, 0x00000036
396static unsigned char FSb[256];
398#if !defined(MBEDTLS_AES_FEWER_TABLES)
407static unsigned char RSb[256];
409#if !defined(MBEDTLS_AES_FEWER_TABLES)
423#define ROTL8(x) ( ( (x) << 8 ) & 0xFFFFFFFF ) | ( (x) >> 24 )
424#define XTIME(x) ( ( (x) << 1 ) ^ ( ( (x) & 0x80 ) ? 0x1B : 0x00 ) )
425#define MUL(x,y) ( ( (x) && (y) ) ? pow[(log[(x)]+log[(y)]) % 255] : 0 )
427static int aes_init_done = 0;
429static void aes_gen_tables(
void )
438 for(
i = 0,
x = 1;
i < 256;
i++ )
448 for(
i = 0,
x = 1;
i < 10;
i++ )
460 for(
i = 1;
i < 256;
i++ )
464 y =
x;
y = ( (
y << 1 ) | (
y >> 7 ) ) & 0xFF;
465 x ^=
y;
y = ( (
y << 1 ) | (
y >> 7 ) ) & 0xFF;
466 x ^=
y;
y = ( (
y << 1 ) | (
y >> 7 ) ) & 0xFF;
467 x ^=
y;
y = ( (
y << 1 ) | (
y >> 7 ) ) & 0xFF;
470 FSb[
i] = (
unsigned char)
x;
471 RSb[
x] = (
unsigned char)
i;
477 for(
i = 0;
i < 256;
i++ )
481 z = (
y ^
x ) & 0xFF;
488#if !defined(MBEDTLS_AES_FEWER_TABLES)
489 FT1[
i] = ROTL8( FT0[
i] );
490 FT2[
i] = ROTL8( FT1[
i] );
491 FT3[
i] = ROTL8( FT2[
i] );
501#if !defined(MBEDTLS_AES_FEWER_TABLES)
502 RT1[
i] = ROTL8( RT0[
i] );
503 RT2[
i] = ROTL8( RT1[
i] );
504 RT3[
i] = ROTL8( RT2[
i] );
513#if defined(MBEDTLS_AES_FEWER_TABLES)
515#define ROTL8(x) ( (uint32_t)( ( x ) << 8 ) + (uint32_t)( ( x ) >> 24 ) )
516#define ROTL16(x) ( (uint32_t)( ( x ) << 16 ) + (uint32_t)( ( x ) >> 16 ) )
517#define ROTL24(x) ( (uint32_t)( ( x ) << 24 ) + (uint32_t)( ( x ) >> 8 ) )
519#define AES_RT0(idx) RT0[idx]
520#define AES_RT1(idx) ROTL8( RT0[idx] )
521#define AES_RT2(idx) ROTL16( RT0[idx] )
522#define AES_RT3(idx) ROTL24( RT0[idx] )
524#define AES_FT0(idx) FT0[idx]
525#define AES_FT1(idx) ROTL8( FT0[idx] )
526#define AES_FT2(idx) ROTL16( FT0[idx] )
527#define AES_FT3(idx) ROTL24( FT0[idx] )
531#define AES_RT0(idx) RT0[idx]
532#define AES_RT1(idx) RT1[idx]
533#define AES_RT2(idx) RT2[idx]
534#define AES_RT3(idx) RT3[idx]
536#define AES_FT0(idx) FT0[idx]
537#define AES_FT1(idx) FT1[idx]
538#define AES_FT2(idx) FT2[idx]
539#define AES_FT3(idx) FT3[idx]
558#if defined(MBEDTLS_CIPHER_MODE_XTS)
580#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
582 unsigned int keybits )
587 AES_VALIDATE_RET(
ctx !=
NULL );
588 AES_VALIDATE_RET(
key !=
NULL );
592 case 128:
ctx->nr = 10;
break;
593 case 192:
ctx->nr = 12;
break;
594 case 256:
ctx->nr = 14;
break;
598#if !defined(MBEDTLS_AES_ROM_TABLES)
599 if( aes_init_done == 0 )
606#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
607 if( aes_padlock_ace == -1 )
608 aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
610 if( aes_padlock_ace )
611 ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16(
ctx->buf );
616#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
618 return( mbedtls_aesni_setkey_enc( (
unsigned char *)
ctx->rk,
key, keybits ) );
621 for(
i = 0;
i < ( keybits >> 5 );
i++ )
623 GET_UINT32_LE( RK[
i],
key,
i << 2 );
630 for(
i = 0;
i < 10;
i++, RK += 4 )
632 RK[4] = RK[0] ^ RCON[
i] ^
633 ( (
uint32_t) FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^
634 ( (
uint32_t) FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^
635 ( (
uint32_t) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^
636 ( (
uint32_t) FSb[ ( RK[3] ) & 0xFF ] << 24 );
638 RK[5] = RK[1] ^ RK[4];
639 RK[6] = RK[2] ^ RK[5];
640 RK[7] = RK[3] ^ RK[6];
646 for(
i = 0;
i < 8;
i++, RK += 6 )
648 RK[6] = RK[0] ^ RCON[
i] ^
649 ( (
uint32_t) FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^
650 ( (
uint32_t) FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^
651 ( (
uint32_t) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^
652 ( (
uint32_t) FSb[ ( RK[5] ) & 0xFF ] << 24 );
654 RK[7] = RK[1] ^ RK[6];
655 RK[8] = RK[2] ^ RK[7];
656 RK[9] = RK[3] ^ RK[8];
657 RK[10] = RK[4] ^ RK[9];
658 RK[11] = RK[5] ^ RK[10];
664 for(
i = 0;
i < 7;
i++, RK += 8 )
666 RK[8] = RK[0] ^ RCON[
i] ^
667 ( (
uint32_t) FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^
668 ( (
uint32_t) FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^
669 ( (
uint32_t) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^
670 ( (
uint32_t) FSb[ ( RK[7] ) & 0xFF ] << 24 );
672 RK[9] = RK[1] ^ RK[8];
673 RK[10] = RK[2] ^ RK[9];
674 RK[11] = RK[3] ^ RK[10];
677 ( (
uint32_t) FSb[ ( RK[11] ) & 0xFF ] ) ^
678 ( (
uint32_t) FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^
679 ( (
uint32_t) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^
680 ( (
uint32_t) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 );
682 RK[13] = RK[5] ^ RK[12];
683 RK[14] = RK[6] ^ RK[13];
684 RK[15] = RK[7] ^ RK[14];
696#if !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
698 unsigned int keybits )
705 AES_VALIDATE_RET(
ctx !=
NULL );
706 AES_VALIDATE_RET(
key !=
NULL );
710#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
711 if( aes_padlock_ace == -1 )
712 aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
714 if( aes_padlock_ace )
715 ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16(
ctx->buf );
726#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
729 mbedtls_aesni_inverse_key( (
unsigned char *)
ctx->rk,
730 (
const unsigned char *) cty.
rk,
ctx->nr );
735 SK = cty.
rk + cty.
nr * 4;
742 for(
i =
ctx->nr - 1, SK -= 8;
i > 0;
i--, SK -= 8 )
744 for(
j = 0;
j < 4;
j++, SK++ )
746 *RK++ = AES_RT0( FSb[ ( *SK ) & 0xFF ] ) ^
747 AES_RT1( FSb[ ( *SK >> 8 ) & 0xFF ] ) ^
748 AES_RT2( FSb[ ( *SK >> 16 ) & 0xFF ] ) ^
749 AES_RT3( FSb[ ( *SK >> 24 ) & 0xFF ] );
765#if defined(MBEDTLS_CIPHER_MODE_XTS)
766static int mbedtls_aes_xts_decode_keys(
const unsigned char *
key,
767 unsigned int keybits,
768 const unsigned char **
key1,
769 unsigned int *key1bits,
770 const unsigned char **key2,
771 unsigned int *key2bits )
773 const unsigned int half_keybits = keybits / 2;
774 const unsigned int half_keybytes = half_keybits / 8;
783 *key1bits = half_keybits;
784 *key2bits = half_keybits;
786 *key2 = &
key[half_keybytes];
792 const unsigned char *
key,
793 unsigned int keybits)
796 const unsigned char *
key1, *key2;
797 unsigned int key1bits, key2bits;
799 AES_VALIDATE_RET(
ctx !=
NULL );
800 AES_VALIDATE_RET(
key !=
NULL );
802 ret = mbedtls_aes_xts_decode_keys(
key, keybits, &
key1, &key1bits,
817 const unsigned char *
key,
818 unsigned int keybits)
821 const unsigned char *
key1, *key2;
822 unsigned int key1bits, key2bits;
824 AES_VALIDATE_RET(
ctx !=
NULL );
825 AES_VALIDATE_RET(
key !=
NULL );
827 ret = mbedtls_aes_xts_decode_keys(
key, keybits, &
key1, &key1bits,
842#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
845 (X0) = *RK++ ^ AES_FT0( ( (Y0) ) & 0xFF ) ^ \
846 AES_FT1( ( (Y1) >> 8 ) & 0xFF ) ^ \
847 AES_FT2( ( (Y2) >> 16 ) & 0xFF ) ^ \
848 AES_FT3( ( (Y3) >> 24 ) & 0xFF ); \
850 (X1) = *RK++ ^ AES_FT0( ( (Y1) ) & 0xFF ) ^ \
851 AES_FT1( ( (Y2) >> 8 ) & 0xFF ) ^ \
852 AES_FT2( ( (Y3) >> 16 ) & 0xFF ) ^ \
853 AES_FT3( ( (Y0) >> 24 ) & 0xFF ); \
855 (X2) = *RK++ ^ AES_FT0( ( (Y2) ) & 0xFF ) ^ \
856 AES_FT1( ( (Y3) >> 8 ) & 0xFF ) ^ \
857 AES_FT2( ( (Y0) >> 16 ) & 0xFF ) ^ \
858 AES_FT3( ( (Y1) >> 24 ) & 0xFF ); \
860 (X3) = *RK++ ^ AES_FT0( ( (Y3) ) & 0xFF ) ^ \
861 AES_FT1( ( (Y0) >> 8 ) & 0xFF ) ^ \
862 AES_FT2( ( (Y1) >> 16 ) & 0xFF ) ^ \
863 AES_FT3( ( (Y2) >> 24 ) & 0xFF ); \
866#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
869 (X0) = *RK++ ^ AES_RT0( ( (Y0) ) & 0xFF ) ^ \
870 AES_RT1( ( (Y3) >> 8 ) & 0xFF ) ^ \
871 AES_RT2( ( (Y2) >> 16 ) & 0xFF ) ^ \
872 AES_RT3( ( (Y1) >> 24 ) & 0xFF ); \
874 (X1) = *RK++ ^ AES_RT0( ( (Y1) ) & 0xFF ) ^ \
875 AES_RT1( ( (Y0) >> 8 ) & 0xFF ) ^ \
876 AES_RT2( ( (Y3) >> 16 ) & 0xFF ) ^ \
877 AES_RT3( ( (Y2) >> 24 ) & 0xFF ); \
879 (X2) = *RK++ ^ AES_RT0( ( (Y2) ) & 0xFF ) ^ \
880 AES_RT1( ( (Y1) >> 8 ) & 0xFF ) ^ \
881 AES_RT2( ( (Y0) >> 16 ) & 0xFF ) ^ \
882 AES_RT3( ( (Y3) >> 24 ) & 0xFF ); \
884 (X3) = *RK++ ^ AES_RT0( ( (Y3) ) & 0xFF ) ^ \
885 AES_RT1( ( (Y2) >> 8 ) & 0xFF ) ^ \
886 AES_RT2( ( (Y1) >> 16 ) & 0xFF ) ^ \
887 AES_RT3( ( (Y0) >> 24 ) & 0xFF ); \
893#if !defined(MBEDTLS_AES_ENCRYPT_ALT)
895 const unsigned char input[16],
896 unsigned char output[16] )
906 GET_UINT32_LE(
t.X[0],
input, 0 );
t.X[0] ^= *RK++;
907 GET_UINT32_LE(
t.X[1],
input, 4 );
t.X[1] ^= *RK++;
908 GET_UINT32_LE(
t.X[2],
input, 8 );
t.X[2] ^= *RK++;
909 GET_UINT32_LE(
t.X[3],
input, 12 );
t.X[3] ^= *RK++;
911 for(
i = (
ctx->nr >> 1 ) - 1;
i > 0;
i-- )
913 AES_FROUND(
t.Y[0],
t.Y[1],
t.Y[2],
t.Y[3],
t.X[0],
t.X[1],
t.X[2],
t.X[3] );
914 AES_FROUND(
t.X[0],
t.X[1],
t.X[2],
t.X[3],
t.Y[0],
t.Y[1],
t.Y[2],
t.Y[3] );
917 AES_FROUND(
t.Y[0],
t.Y[1],
t.Y[2],
t.Y[3],
t.X[0],
t.X[1],
t.X[2],
t.X[3] );
920 ( (
uint32_t) FSb[ (
t.Y[0] ) & 0xFF ] ) ^
921 ( (
uint32_t) FSb[ (
t.Y[1] >> 8 ) & 0xFF ] << 8 ) ^
922 ( (
uint32_t) FSb[ (
t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^
923 ( (
uint32_t) FSb[ (
t.Y[3] >> 24 ) & 0xFF ] << 24 );
926 ( (
uint32_t) FSb[ (
t.Y[1] ) & 0xFF ] ) ^
927 ( (
uint32_t) FSb[ (
t.Y[2] >> 8 ) & 0xFF ] << 8 ) ^
928 ( (
uint32_t) FSb[ (
t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^
929 ( (
uint32_t) FSb[ (
t.Y[0] >> 24 ) & 0xFF ] << 24 );
932 ( (
uint32_t) FSb[ (
t.Y[2] ) & 0xFF ] ) ^
933 ( (
uint32_t) FSb[ (
t.Y[3] >> 8 ) & 0xFF ] << 8 ) ^
934 ( (
uint32_t) FSb[ (
t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^
935 ( (
uint32_t) FSb[ (
t.Y[1] >> 24 ) & 0xFF ] << 24 );
938 ( (
uint32_t) FSb[ (
t.Y[3] ) & 0xFF ] ) ^
939 ( (
uint32_t) FSb[ (
t.Y[0] >> 8 ) & 0xFF ] << 8 ) ^
940 ( (
uint32_t) FSb[ (
t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^
941 ( (
uint32_t) FSb[ (
t.Y[2] >> 24 ) & 0xFF ] << 24 );
943 PUT_UINT32_LE(
t.X[0], output, 0 );
944 PUT_UINT32_LE(
t.X[1], output, 4 );
945 PUT_UINT32_LE(
t.X[2], output, 8 );
946 PUT_UINT32_LE(
t.X[3], output, 12 );
954#if !defined(MBEDTLS_DEPRECATED_REMOVED)
956 const unsigned char input[16],
957 unsigned char output[16] )
966#if !defined(MBEDTLS_AES_DECRYPT_ALT)
968 const unsigned char input[16],
969 unsigned char output[16] )
979 GET_UINT32_LE(
t.X[0],
input, 0 );
t.X[0] ^= *RK++;
980 GET_UINT32_LE(
t.X[1],
input, 4 );
t.X[1] ^= *RK++;
981 GET_UINT32_LE(
t.X[2],
input, 8 );
t.X[2] ^= *RK++;
982 GET_UINT32_LE(
t.X[3],
input, 12 );
t.X[3] ^= *RK++;
984 for(
i = (
ctx->nr >> 1 ) - 1;
i > 0;
i-- )
986 AES_RROUND(
t.Y[0],
t.Y[1],
t.Y[2],
t.Y[3],
t.X[0],
t.X[1],
t.X[2],
t.X[3] );
987 AES_RROUND(
t.X[0],
t.X[1],
t.X[2],
t.X[3],
t.Y[0],
t.Y[1],
t.Y[2],
t.Y[3] );
990 AES_RROUND(
t.Y[0],
t.Y[1],
t.Y[2],
t.Y[3],
t.X[0],
t.X[1],
t.X[2],
t.X[3] );
993 ( (
uint32_t) RSb[ (
t.Y[0] ) & 0xFF ] ) ^
994 ( (
uint32_t) RSb[ (
t.Y[3] >> 8 ) & 0xFF ] << 8 ) ^
995 ( (
uint32_t) RSb[ (
t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^
996 ( (
uint32_t) RSb[ (
t.Y[1] >> 24 ) & 0xFF ] << 24 );
999 ( (
uint32_t) RSb[ (
t.Y[1] ) & 0xFF ] ) ^
1000 ( (
uint32_t) RSb[ (
t.Y[0] >> 8 ) & 0xFF ] << 8 ) ^
1001 ( (
uint32_t) RSb[ (
t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^
1002 ( (
uint32_t) RSb[ (
t.Y[2] >> 24 ) & 0xFF ] << 24 );
1005 ( (
uint32_t) RSb[ (
t.Y[2] ) & 0xFF ] ) ^
1006 ( (
uint32_t) RSb[ (
t.Y[1] >> 8 ) & 0xFF ] << 8 ) ^
1007 ( (
uint32_t) RSb[ (
t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^
1008 ( (
uint32_t) RSb[ (
t.Y[3] >> 24 ) & 0xFF ] << 24 );
1011 ( (
uint32_t) RSb[ (
t.Y[3] ) & 0xFF ] ) ^
1012 ( (
uint32_t) RSb[ (
t.Y[2] >> 8 ) & 0xFF ] << 8 ) ^
1013 ( (
uint32_t) RSb[ (
t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^
1014 ( (
uint32_t) RSb[ (
t.Y[0] >> 24 ) & 0xFF ] << 24 );
1016 PUT_UINT32_LE(
t.X[0], output, 0 );
1017 PUT_UINT32_LE(
t.X[1], output, 4 );
1018 PUT_UINT32_LE(
t.X[2], output, 8 );
1019 PUT_UINT32_LE(
t.X[3], output, 12 );
1027#if !defined(MBEDTLS_DEPRECATED_REMOVED)
1029 const unsigned char input[16],
1030 unsigned char output[16] )
1041 const unsigned char input[16],
1042 unsigned char output[16] )
1044 AES_VALIDATE_RET(
ctx !=
NULL );
1046 AES_VALIDATE_RET( output !=
NULL );
1050#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
1052 return( mbedtls_aesni_crypt_ecb(
ctx,
mode,
input, output ) );
1055#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
1056 if( aes_padlock_ace )
1058 if( mbedtls_padlock_xcryptecb(
ctx,
mode,
input, output ) == 0 )
1073#if defined(MBEDTLS_CIPHER_MODE_CBC)
1080 unsigned char iv[16],
1081 const unsigned char *
input,
1082 unsigned char *output )
1085 unsigned char temp[16];
1087 AES_VALIDATE_RET(
ctx !=
NULL );
1090 AES_VALIDATE_RET( iv !=
NULL );
1092 AES_VALIDATE_RET( output !=
NULL );
1097#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
1098 if( aes_padlock_ace )
1116 for(
i = 0;
i < 16;
i++ )
1117 output[
i] = (
unsigned char)( output[
i] ^ iv[
i] );
1130 for(
i = 0;
i < 16;
i++ )
1131 output[
i] = (
unsigned char)(
input[
i] ^ iv[
i] );
1134 memcpy( iv, output, 16 );
1146#if defined(MBEDTLS_CIPHER_MODE_XTS)
1149#ifndef GET_UINT64_LE
1150#define GET_UINT64_LE(n,b,i) \
1152 (n) = ( (uint64_t) (b)[(i) + 7] << 56 ) \
1153 | ( (uint64_t) (b)[(i) + 6] << 48 ) \
1154 | ( (uint64_t) (b)[(i) + 5] << 40 ) \
1155 | ( (uint64_t) (b)[(i) + 4] << 32 ) \
1156 | ( (uint64_t) (b)[(i) + 3] << 24 ) \
1157 | ( (uint64_t) (b)[(i) + 2] << 16 ) \
1158 | ( (uint64_t) (b)[(i) + 1] << 8 ) \
1159 | ( (uint64_t) (b)[(i) ] ); \
1163#ifndef PUT_UINT64_LE
1164#define PUT_UINT64_LE(n,b,i) \
1166 (b)[(i) + 7] = (unsigned char) ( (n) >> 56 ); \
1167 (b)[(i) + 6] = (unsigned char) ( (n) >> 48 ); \
1168 (b)[(i) + 5] = (unsigned char) ( (n) >> 40 ); \
1169 (b)[(i) + 4] = (unsigned char) ( (n) >> 32 ); \
1170 (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
1171 (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
1172 (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
1173 (b)[(i) ] = (unsigned char) ( (n) ); \
1177typedef unsigned char mbedtls_be128[16];
1187static void mbedtls_gf128mul_x_ble(
unsigned char r[16],
1188 const unsigned char x[16] )
1192 GET_UINT64_LE(
a,
x, 0 );
1193 GET_UINT64_LE(
b,
x, 8 );
1195 ra = ( a << 1 ) ^ 0x0087 >> ( 8 - ( (
b >> 63 ) << 3 ) );
1196 rb = (
a >> 63 ) | (
b << 1 );
1198 PUT_UINT64_LE( ra,
r, 0 );
1199 PUT_UINT64_LE( rb,
r, 8 );
1208 const unsigned char data_unit[16],
1209 const unsigned char *
input,
1210 unsigned char *output )
1214 size_t leftover =
length % 16;
1215 unsigned char tweak[16];
1216 unsigned char prev_tweak[16];
1217 unsigned char tmp[16];
1219 AES_VALIDATE_RET(
ctx !=
NULL );
1222 AES_VALIDATE_RET( data_unit !=
NULL );
1224 AES_VALIDATE_RET( output !=
NULL );
1231 if(
length > ( 1 << 20 ) * 16 )
1251 memcpy( prev_tweak, tweak,
sizeof( tweak ) );
1252 mbedtls_gf128mul_x_ble( tweak, tweak );
1255 for(
i = 0;
i < 16;
i++ )
1262 for(
i = 0;
i < 16;
i++ )
1263 output[
i] = tmp[
i] ^ tweak[
i];
1266 mbedtls_gf128mul_x_ble( tweak, tweak );
1281 unsigned char *prev_output = output - 16;
1287 for(
i = 0;
i < leftover;
i++ )
1289 output[
i] = prev_output[
i];
1295 for( ;
i < 16;
i++ )
1296 tmp[
i] = prev_output[
i] ^
t[
i];
1304 for(
i = 0;
i < 16;
i++ )
1305 prev_output[
i] = tmp[
i] ^
t[
i];
1312#if defined(MBEDTLS_CIPHER_MODE_CFB)
1320 unsigned char iv[16],
1321 const unsigned char *
input,
1322 unsigned char *output )
1327 AES_VALIDATE_RET(
ctx !=
NULL );
1330 AES_VALIDATE_RET( iv_off !=
NULL );
1331 AES_VALIDATE_RET( iv !=
NULL );
1333 AES_VALIDATE_RET( output !=
NULL );
1348 *output++ = (
unsigned char)(
c ^ iv[
n] );
1349 iv[
n] = (
unsigned char)
c;
1351 n = (
n + 1 ) & 0x0F;
1361 iv[
n] = *output++ = (
unsigned char)( iv[
n] ^ *
input++ );
1363 n = (
n + 1 ) & 0x0F;
1378 unsigned char iv[16],
1379 const unsigned char *
input,
1380 unsigned char *output )
1383 unsigned char ov[17];
1385 AES_VALIDATE_RET(
ctx !=
NULL );
1388 AES_VALIDATE_RET( iv !=
NULL );
1390 AES_VALIDATE_RET( output !=
NULL );
1399 c = *output++ = (
unsigned char)( iv[0] ^ *
input++ );
1404 memcpy( iv, ov + 1, 16 );
1411#if defined(MBEDTLS_CIPHER_MODE_OFB)
1418 unsigned char iv[16],
1419 const unsigned char *
input,
1420 unsigned char *output )
1425 AES_VALIDATE_RET(
ctx !=
NULL );
1426 AES_VALIDATE_RET( iv_off !=
NULL );
1427 AES_VALIDATE_RET( iv !=
NULL );
1429 AES_VALIDATE_RET( output !=
NULL );
1444 *output++ = *
input++ ^ iv[
n];
1446 n = (
n + 1 ) & 0x0F;
1456#if defined(MBEDTLS_CIPHER_MODE_CTR)
1463 unsigned char nonce_counter[16],
1464 unsigned char stream_block[16],
1465 const unsigned char *
input,
1466 unsigned char *output )
1471 AES_VALIDATE_RET(
ctx !=
NULL );
1472 AES_VALIDATE_RET( nc_off !=
NULL );
1473 AES_VALIDATE_RET( nonce_counter !=
NULL );
1474 AES_VALIDATE_RET( stream_block !=
NULL );
1476 AES_VALIDATE_RET( output !=
NULL );
1488 for(
i = 16;
i > 0;
i-- )
1489 if( ++nonce_counter[
i - 1] != 0 )
1493 *output++ = (
unsigned char)(
c ^ stream_block[
n] );
1495 n = (
n + 1 ) & 0x0F;
1506#if defined(MBEDTLS_SELF_TEST)
1512static const unsigned char aes_test_ecb_dec[3][16] =
1514 { 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58,
1515 0x33, 0x03, 0x91, 0x7E, 0x6B, 0xE9, 0xEB, 0xE0 },
1516 { 0x48, 0xE3, 0x1E, 0x9E, 0x25, 0x67, 0x18, 0xF2,
1517 0x92, 0x29, 0x31, 0x9C, 0x19, 0xF1, 0x5B, 0xA4 },
1518 { 0x05, 0x8C, 0xCF, 0xFD, 0xBB, 0xCB, 0x38, 0x2D,
1519 0x1F, 0x6F, 0x56, 0x58, 0x5D, 0x8A, 0x4A, 0xDE }
1522static const unsigned char aes_test_ecb_enc[3][16] =
1524 { 0xC3, 0x4C, 0x05, 0x2C, 0xC0, 0xDA, 0x8D, 0x73,
1525 0x45, 0x1A, 0xFE, 0x5F, 0x03, 0xBE, 0x29, 0x7F },
1526 { 0xF3, 0xF6, 0x75, 0x2A, 0xE8, 0xD7, 0x83, 0x11,
1527 0x38, 0xF0, 0x41, 0x56, 0x06, 0x31, 0xB1, 0x14 },
1528 { 0x8B, 0x79, 0xEE, 0xCC, 0x93, 0xA0, 0xEE, 0x5D,
1529 0xFF, 0x30, 0xB4, 0xEA, 0x21, 0x63, 0x6D, 0xA4 }
1532#if defined(MBEDTLS_CIPHER_MODE_CBC)
1533static const unsigned char aes_test_cbc_dec[3][16] =
1535 { 0xFA, 0xCA, 0x37, 0xE0, 0xB0, 0xC8, 0x53, 0x73,
1536 0xDF, 0x70, 0x6E, 0x73, 0xF7, 0xC9, 0xAF, 0x86 },
1537 { 0x5D, 0xF6, 0x78, 0xDD, 0x17, 0xBA, 0x4E, 0x75,
1538 0xB6, 0x17, 0x68, 0xC6, 0xAD, 0xEF, 0x7C, 0x7B },
1539 { 0x48, 0x04, 0xE1, 0x81, 0x8F, 0xE6, 0x29, 0x75,
1540 0x19, 0xA3, 0xE8, 0x8C, 0x57, 0x31, 0x04, 0x13 }
1543static const unsigned char aes_test_cbc_enc[3][16] =
1545 { 0x8A, 0x05, 0xFC, 0x5E, 0x09, 0x5A, 0xF4, 0x84,
1546 0x8A, 0x08, 0xD3, 0x28, 0xD3, 0x68, 0x8E, 0x3D },
1547 { 0x7B, 0xD9, 0x66, 0xD5, 0x3A, 0xD8, 0xC1, 0xBB,
1548 0x85, 0xD2, 0xAD, 0xFA, 0xE8, 0x7B, 0xB1, 0x04 },
1549 { 0xFE, 0x3C, 0x53, 0x65, 0x3E, 0x2F, 0x45, 0xB5,
1550 0x6F, 0xCD, 0x88, 0xB2, 0xCC, 0x89, 0x8F, 0xF0 }
1554#if defined(MBEDTLS_CIPHER_MODE_CFB)
1560static const unsigned char aes_test_cfb128_key[3][32] =
1562 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
1563 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C },
1564 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
1565 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
1566 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B },
1567 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
1568 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
1569 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
1570 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
1573static const unsigned char aes_test_cfb128_iv[16] =
1575 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1576 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
1579static const unsigned char aes_test_cfb128_pt[64] =
1581 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
1582 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
1583 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
1584 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51,
1585 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
1586 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF,
1587 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17,
1588 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10
1591static const unsigned char aes_test_cfb128_ct[3][64] =
1593 { 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20,
1594 0x33, 0x34, 0x49, 0xF8, 0xE8, 0x3C, 0xFB, 0x4A,
1595 0xC8, 0xA6, 0x45, 0x37, 0xA0, 0xB3, 0xA9, 0x3F,
1596 0xCD, 0xE3, 0xCD, 0xAD, 0x9F, 0x1C, 0xE5, 0x8B,
1597 0x26, 0x75, 0x1F, 0x67, 0xA3, 0xCB, 0xB1, 0x40,
1598 0xB1, 0x80, 0x8C, 0xF1, 0x87, 0xA4, 0xF4, 0xDF,
1599 0xC0, 0x4B, 0x05, 0x35, 0x7C, 0x5D, 0x1C, 0x0E,
1600 0xEA, 0xC4, 0xC6, 0x6F, 0x9F, 0xF7, 0xF2, 0xE6 },
1601 { 0xCD, 0xC8, 0x0D, 0x6F, 0xDD, 0xF1, 0x8C, 0xAB,
1602 0x34, 0xC2, 0x59, 0x09, 0xC9, 0x9A, 0x41, 0x74,
1603 0x67, 0xCE, 0x7F, 0x7F, 0x81, 0x17, 0x36, 0x21,
1604 0x96, 0x1A, 0x2B, 0x70, 0x17, 0x1D, 0x3D, 0x7A,
1605 0x2E, 0x1E, 0x8A, 0x1D, 0xD5, 0x9B, 0x88, 0xB1,
1606 0xC8, 0xE6, 0x0F, 0xED, 0x1E, 0xFA, 0xC4, 0xC9,
1607 0xC0, 0x5F, 0x9F, 0x9C, 0xA9, 0x83, 0x4F, 0xA0,
1608 0x42, 0xAE, 0x8F, 0xBA, 0x58, 0x4B, 0x09, 0xFF },
1609 { 0xDC, 0x7E, 0x84, 0xBF, 0xDA, 0x79, 0x16, 0x4B,
1610 0x7E, 0xCD, 0x84, 0x86, 0x98, 0x5D, 0x38, 0x60,
1611 0x39, 0xFF, 0xED, 0x14, 0x3B, 0x28, 0xB1, 0xC8,
1612 0x32, 0x11, 0x3C, 0x63, 0x31, 0xE5, 0x40, 0x7B,
1613 0xDF, 0x10, 0x13, 0x24, 0x15, 0xE5, 0x4B, 0x92,
1614 0xA1, 0x3E, 0xD0, 0xA8, 0x26, 0x7A, 0xE2, 0xF9,
1615 0x75, 0xA3, 0x85, 0x74, 0x1A, 0xB9, 0xCE, 0xF8,
1616 0x20, 0x31, 0x62, 0x3D, 0x55, 0xB1, 0xE4, 0x71 }
1620#if defined(MBEDTLS_CIPHER_MODE_OFB)
1626static const unsigned char aes_test_ofb_key[3][32] =
1628 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
1629 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C },
1630 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
1631 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
1632 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B },
1633 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
1634 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
1635 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
1636 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
1639static const unsigned char aes_test_ofb_iv[16] =
1641 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1642 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
1645static const unsigned char aes_test_ofb_pt[64] =
1647 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
1648 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
1649 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
1650 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51,
1651 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
1652 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF,
1653 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17,
1654 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10
1657static const unsigned char aes_test_ofb_ct[3][64] =
1659 { 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20,
1660 0x33, 0x34, 0x49, 0xF8, 0xE8, 0x3C, 0xFB, 0x4A,
1661 0x77, 0x89, 0x50, 0x8d, 0x16, 0x91, 0x8f, 0x03,
1662 0xf5, 0x3c, 0x52, 0xda, 0xc5, 0x4e, 0xd8, 0x25,
1663 0x97, 0x40, 0x05, 0x1e, 0x9c, 0x5f, 0xec, 0xf6,
1664 0x43, 0x44, 0xf7, 0xa8, 0x22, 0x60, 0xed, 0xcc,
1665 0x30, 0x4c, 0x65, 0x28, 0xf6, 0x59, 0xc7, 0x78,
1666 0x66, 0xa5, 0x10, 0xd9, 0xc1, 0xd6, 0xae, 0x5e },
1667 { 0xCD, 0xC8, 0x0D, 0x6F, 0xDD, 0xF1, 0x8C, 0xAB,
1668 0x34, 0xC2, 0x59, 0x09, 0xC9, 0x9A, 0x41, 0x74,
1669 0xfc, 0xc2, 0x8b, 0x8d, 0x4c, 0x63, 0x83, 0x7c,
1670 0x09, 0xe8, 0x17, 0x00, 0xc1, 0x10, 0x04, 0x01,
1671 0x8d, 0x9a, 0x9a, 0xea, 0xc0, 0xf6, 0x59, 0x6f,
1672 0x55, 0x9c, 0x6d, 0x4d, 0xaf, 0x59, 0xa5, 0xf2,
1673 0x6d, 0x9f, 0x20, 0x08, 0x57, 0xca, 0x6c, 0x3e,
1674 0x9c, 0xac, 0x52, 0x4b, 0xd9, 0xac, 0xc9, 0x2a },
1675 { 0xDC, 0x7E, 0x84, 0xBF, 0xDA, 0x79, 0x16, 0x4B,
1676 0x7E, 0xCD, 0x84, 0x86, 0x98, 0x5D, 0x38, 0x60,
1677 0x4f, 0xeb, 0xdc, 0x67, 0x40, 0xd2, 0x0b, 0x3a,
1678 0xc8, 0x8f, 0x6a, 0xd8, 0x2a, 0x4f, 0xb0, 0x8d,
1679 0x71, 0xab, 0x47, 0xa0, 0x86, 0xe8, 0x6e, 0xed,
1680 0xf3, 0x9d, 0x1c, 0x5b, 0xba, 0x97, 0xc4, 0x08,
1681 0x01, 0x26, 0x14, 0x1d, 0x67, 0xf3, 0x7b, 0xe8,
1682 0x53, 0x8f, 0x5a, 0x8b, 0xe7, 0x40, 0xe4, 0x84 }
1686#if defined(MBEDTLS_CIPHER_MODE_CTR)
1693static const unsigned char aes_test_ctr_key[3][16] =
1695 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
1696 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
1697 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
1698 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
1699 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
1700 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
1703static const unsigned char aes_test_ctr_nonce_counter[3][16] =
1705 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
1706 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
1707 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
1708 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
1709 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
1710 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
1713static const unsigned char aes_test_ctr_pt[3][48] =
1715 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
1716 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
1718 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1719 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
1720 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1721 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
1723 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1724 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
1725 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1726 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
1727 0x20, 0x21, 0x22, 0x23 }
1730static const unsigned char aes_test_ctr_ct[3][48] =
1732 { 0xE4, 0x09, 0x5D, 0x4F, 0xB7, 0xA7, 0xB3, 0x79,
1733 0x2D, 0x61, 0x75, 0xA3, 0x26, 0x13, 0x11, 0xB8 },
1734 { 0x51, 0x04, 0xA1, 0x06, 0x16, 0x8A, 0x72, 0xD9,
1735 0x79, 0x0D, 0x41, 0xEE, 0x8E, 0xDA, 0xD3, 0x88,
1736 0xEB, 0x2E, 0x1E, 0xFC, 0x46, 0xDA, 0x57, 0xC8,
1737 0xFC, 0xE6, 0x30, 0xDF, 0x91, 0x41, 0xBE, 0x28 },
1738 { 0xC1, 0xCF, 0x48, 0xA8, 0x9F, 0x2F, 0xFD, 0xD9,
1739 0xCF, 0x46, 0x52, 0xE9, 0xEF, 0xDB, 0x72, 0xD7,
1740 0x45, 0x40, 0xA4, 0x2B, 0xDE, 0x6D, 0x78, 0x36,
1741 0xD5, 0x9A, 0x5C, 0xEA, 0xAE, 0xF3, 0x10, 0x53,
1742 0x25, 0xB2, 0x07, 0x2F }
1745static const int aes_test_ctr_len[3] =
1749#if defined(MBEDTLS_CIPHER_MODE_XTS)
1757static const unsigned char aes_test_xts_key[][32] =
1759 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1760 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1761 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1762 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1763 { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
1764 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
1765 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
1766 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 },
1767 { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
1768 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1769 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
1770 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 },
1773static const unsigned char aes_test_xts_pt32[][32] =
1775 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1776 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1777 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1778 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1779 { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
1780 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
1781 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
1782 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 },
1783 { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
1784 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
1785 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
1786 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 },
1789static const unsigned char aes_test_xts_ct32[][32] =
1791 { 0x91, 0x7c, 0xf6, 0x9e, 0xbd, 0x68, 0xb2, 0xec,
1792 0x9b, 0x9f, 0xe9, 0xa3, 0xea, 0xdd, 0xa6, 0x92,
1793 0xcd, 0x43, 0xd2, 0xf5, 0x95, 0x98, 0xed, 0x85,
1794 0x8c, 0x02, 0xc2, 0x65, 0x2f, 0xbf, 0x92, 0x2e },
1795 { 0xc4, 0x54, 0x18, 0x5e, 0x6a, 0x16, 0x93, 0x6e,
1796 0x39, 0x33, 0x40, 0x38, 0xac, 0xef, 0x83, 0x8b,
1797 0xfb, 0x18, 0x6f, 0xff, 0x74, 0x80, 0xad, 0xc4,
1798 0x28, 0x93, 0x82, 0xec, 0xd6, 0xd3, 0x94, 0xf0 },
1799 { 0xaf, 0x85, 0x33, 0x6b, 0x59, 0x7a, 0xfc, 0x1a,
1800 0x90, 0x0b, 0x2e, 0xb2, 0x1e, 0xc9, 0x49, 0xd2,
1801 0x92, 0xdf, 0x4c, 0x04, 0x7e, 0x0b, 0x21, 0x53,
1802 0x21, 0x86, 0xa5, 0x97, 0x1a, 0x22, 0x7a, 0x89 },
1805static const unsigned char aes_test_xts_data_unit[][16] =
1807 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1808 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1809 { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00,
1810 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1811 { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00,
1812 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1820int mbedtls_aes_self_test(
int verbose )
1823 unsigned int keybits;
1824 unsigned char key[32];
1825 unsigned char buf[64];
1826 const unsigned char *aes_tests;
1827#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB)
1828 unsigned char iv[16];
1830#if defined(MBEDTLS_CIPHER_MODE_CBC)
1831 unsigned char prv[16];
1833#if defined(MBEDTLS_CIPHER_MODE_CTR) || defined(MBEDTLS_CIPHER_MODE_CFB) || \
1834 defined(MBEDTLS_CIPHER_MODE_OFB)
1837#if defined(MBEDTLS_CIPHER_MODE_CTR) || defined(MBEDTLS_CIPHER_MODE_XTS)
1840#if defined(MBEDTLS_CIPHER_MODE_CTR)
1841 unsigned char nonce_counter[16];
1842 unsigned char stream_block[16];
1852 for(
i = 0;
i < 6;
i++ )
1855 keybits = 128 +
u * 64;
1867 aes_tests = aes_test_ecb_dec[
u];
1872 aes_tests = aes_test_ecb_enc[
u];
1890 for(
j = 0;
j < 10000;
j++ )
1910#if defined(MBEDTLS_CIPHER_MODE_CBC)
1914 for(
i = 0;
i < 6;
i++ )
1917 keybits = 128 +
u * 64;
1931 aes_tests = aes_test_cbc_dec[
u];
1936 aes_tests = aes_test_cbc_enc[
u];
1954 for(
j = 0;
j < 10000;
j++ )
1958 unsigned char tmp[16];
1985#if defined(MBEDTLS_CIPHER_MODE_CFB)
1989 for(
i = 0;
i < 6;
i++ )
1992 keybits = 128 +
u * 64;
1999 memcpy( iv, aes_test_cfb128_iv, 16 );
2000 memcpy(
key, aes_test_cfb128_key[
u], keybits / 8 );
2022 aes_tests = aes_test_cfb128_pt;
2027 aes_tests = aes_test_cfb128_ct[
u];
2048#if defined(MBEDTLS_CIPHER_MODE_OFB)
2052 for(
i = 0;
i < 6;
i++ )
2055 keybits = 128 +
u * 64;
2062 memcpy( iv, aes_test_ofb_iv, 16 );
2063 memcpy(
key, aes_test_ofb_key[
u], keybits / 8 );
2085 aes_tests = aes_test_ofb_pt;
2090 aes_tests = aes_test_ofb_ct[
u];
2111#if defined(MBEDTLS_CIPHER_MODE_CTR)
2115 for(
i = 0;
i < 6;
i++ )
2124 memcpy( nonce_counter, aes_test_ctr_nonce_counter[
u], 16 );
2131 len = aes_test_ctr_len[
u];
2136 aes_tests = aes_test_ctr_pt[
u];
2141 aes_tests = aes_test_ctr_ct[
u];
2145 stream_block,
buf,
buf );
2163#if defined(MBEDTLS_CIPHER_MODE_XTS)
2166 sizeof(aes_test_xts_key) /
sizeof(*aes_test_xts_key);
2176 const unsigned char *data_unit;
2186 data_unit = aes_test_xts_data_unit[
u];
2188 len =
sizeof( *aes_test_xts_ct32 );
2196 aes_tests = aes_test_xts_pt32[
u];
2204 aes_tests = aes_test_xts_ct32[
u];
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
struct _ACPI_EFI_RUNTIME_SERVICES * RT
This file contains AES definitions and functions.
int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, int mode, const unsigned char input[16], unsigned char output[16])
This function performs an AES single-block encryption or decryption operation.
int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits)
This function sets the decryption key.
void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx)
This function initializes the specified AES XTS context.
int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx, size_t length, size_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output)
This function performs an AES-OFB (Output Feedback Mode) encryption or decryption operation.
int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
This function performs an AES-CBC encryption or decryption operation on full blocks.
int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], unsigned char stream_block[16], const unsigned char *input, unsigned char *output)
This function performs an AES-CTR encryption or decryption operation.
int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx, const unsigned char *key, unsigned int keybits)
This function prepares an XTS context for decryption and sets the decryption key.
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx, int mode, size_t length, const unsigned char data_unit[16], const unsigned char *input, unsigned char *output)
This function performs an AES-XTS encryption or decryption operation for an entire XTS data unit.
int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16])
Internal AES block encryption function. This is only exposed to allow overriding it using MBEDTLS_AES...
#define MBEDTLS_ERR_AES_BAD_INPUT_DATA
void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx)
This function releases and clears the specified AES XTS context.
int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx, int mode, size_t length, size_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output)
This function performs an AES-CFB128 encryption or decryption operation.
int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
This function performs an AES-CFB8 encryption or decryption operation.
void mbedtls_aes_init(mbedtls_aes_context *ctx)
This function initializes the specified AES context.
MBEDTLS_DEPRECATED void mbedtls_aes_decrypt(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16])
Deprecated internal AES block decryption function without return value.
#define MBEDTLS_AES_DECRYPT
#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
#define MBEDTLS_AES_ENCRYPT
int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits)
This function sets the encryption key.
void mbedtls_aes_free(mbedtls_aes_context *ctx)
This function releases and clears the specified AES context.
MBEDTLS_DEPRECATED void mbedtls_aes_encrypt(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16])
Deprecated internal AES block encryption function without return value.
int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16])
Internal AES block decryption function. This is only exposed to allow overriding it using see MBEDTLS...
int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx, const unsigned char *key, unsigned int keybits)
This function prepares an XTS context for encryption and sets the encryption key.
AES-NI for hardware AES acceleration on some Intel processors.
#define MBEDTLS_AESNI_AES
double pow(double x, double y)
GLint GLint GLint GLint GLint x
GLint GLint GLint GLint GLint GLint y
GLdouble GLdouble GLdouble r
GLboolean GLboolean GLboolean b
GLenum GLuint GLenum GLsizei const GLchar * buf
GLuint GLsizei GLsizei * length
GLuint64EXT GLuint GLuint GLenum GLenum GLuint GLuint GLenum GLuint GLuint key1
GLboolean GLboolean GLboolean GLboolean a
GLenum GLenum GLenum input
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble * u
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
#define memcpy(s1, s2, n)
VIA PadLock ACE for HW encryption/decryption supported by some processors.
Configuration options (set of defines)
The AES context-type definition.
The AES XTS context-type definition.