3 * Low-level stuff for all Rijndael block sizes
5 * (c) 2001 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of Catacomb.
12 * Catacomb is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU Library General Public License as
14 * published by the Free Software Foundation; either version 2 of the
15 * License, or (at your option) any later version.
17 * Catacomb is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU Library General Public License for more details.
22 * You should have received a copy of the GNU Library General Public
23 * License along with Catacomb; if not, write to the Free
24 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
28 /*----- Header files ------------------------------------------------------*/
35 #include <mLib/bits.h>
41 #include "rijndael-base.h"
43 /*----- Global variables --------------------------------------------------*/
45 const octet rijndael_keysz
[] = { KSZ_RANGE
, RIJNDAEL_KEYSZ
, 4, 32, 4 };
47 /*----- Main code ---------------------------------------------------------*/
49 /* --- @rijndael_setup@ --- *
51 * Arguments: @rijndael_ctx *k@ = pointer to context to initialize
52 * @unsigned nb@ = number of words in the block
53 * @const void *buf@ = pointer to buffer of key material
54 * @size_t sz@ = size of the key material
58 * Use: Low-level key-scheduling.
61 static void simple_setup(rijndael_ctx
*k
, unsigned nb
,
62 const void *buf
, unsigned nk
)
64 unsigned nr
= k
->nr
, nw
;
69 /* --- Fetch the first key words out --- */
72 for (i
= 0; i
< nk
; i
++) {
73 k
->w
[i
] = LOAD32_B(p
);
77 /* --- Expand this material to fill the rest of the table --- */
83 uint32 w
= k
->w
[i
- nk
];
86 w
^= SUB(S
, ww
, ww
, ww
, ww
) ^ (*p
++ << 24);
87 } else if (nk
> 6 && i
% nk
== 4)
88 w
^= SUB(S
, ww
, ww
, ww
, ww
);
94 /* --- Make the decryption keys --- */
100 k
->wi
[i
] = k
->w
[j
+ jj
++];
102 for (; i
< nw
- nb
; i
+= nb
) {
104 for (jj
= 0; jj
< nb
; jj
++) {
105 uint32 w
= k
->w
[j
+ jj
];
106 k
->wi
[i
+ jj
] = MIX(U
, w
, w
, w
, w
);
112 k
->wi
[i
] = k
->w
[j
+ jj
++];
115 CPU_DISPATCH(static, EMPTY
, void, setup
,
116 (rijndael_ctx
*k
, unsigned nb
, const void *buf
, unsigned nk
),
117 (k
, nb
, buf
, nk
), pick_setup
, simple_setup
)
119 #if CPUFAM_X86 || CPUFAM_AMD64
120 extern setup__functype rijndael_setup_x86ish_aesni
;
122 #if CPUFAM_ARMEL && HAVE_AS_ARMV8_CRYPTO
123 extern setup__functype rijndael_setup_arm_crypto
;
126 extern setup__functype rijndael_setup_arm64_crypto
;
129 static setup__functype
*pick_setup(void)
131 #if CPUFAM_X86 || CPUFAM_AMD64
132 DISPATCH_PICK_COND(rijndael_setup
, rijndael_setup_x86ish_aesni
,
133 cpu_feature_p(CPUFEAT_X86_AESNI
));
135 #if CPUFAM_ARMEL && HAVE_AS_ARMV8_CRYPTO
136 DISPATCH_PICK_COND(rijndael_setup
, rijndael_setup_arm_crypto
,
137 cpu_feature_p(CPUFEAT_ARM_AES
));
140 DISPATCH_PICK_COND(rijndael_setup
, rijndael_setup_arm64_crypto
,
141 cpu_feature_p(CPUFEAT_ARM_AES
));
143 DISPATCH_PICK_FALLBACK(rijndael_setup
, simple_setup
);
146 void rijndael_setup(rijndael_ctx
*k
, unsigned nb
, const void *buf
, size_t sz
)
150 /* --- Sort out the key size --- */
152 KSZ_ASSERT(rijndael
, sz
);
155 /* --- Select the number of rounds --- */
157 nr
= (nk
> nb ? nk
: nb
) + 6;
162 /* --- Do the main setup --- */
164 setup(k
, nb
, buf
, nk
);
167 /*----- That's all, folks -------------------------------------------------*/