diff options
Diffstat (limited to 'crypto/aria/aria.c')
| -rw-r--r-- | crypto/aria/aria.c | 325 |
1 files changed, 117 insertions, 208 deletions
diff --git a/crypto/aria/aria.c b/crypto/aria/aria.c index 84ddd00cd827..eed9214d4b18 100644 --- a/crypto/aria/aria.c +++ b/crypto/aria/aria.c @@ -32,30 +32,23 @@ #define rotl32(v, r) (((uint32_t)(v) << (r)) | ((uint32_t)(v) >> (32 - r))) #define rotr32(v, r) (((uint32_t)(v) >> (r)) | ((uint32_t)(v) << (32 - r))) -#define bswap32(v) \ - (((v) << 24) ^ ((v) >> 24) ^ \ - (((v) & 0x0000ff00) << 8) ^ (((v) & 0x00ff0000) >> 8)) +#define bswap32(v) \ + (((v) << 24) ^ ((v) >> 24) ^ (((v) & 0x0000ff00) << 8) ^ (((v) & 0x00ff0000) >> 8)) #define GET_U8_BE(X, Y) ((uint8_t)((X) >> ((3 - Y) * 8))) -#define GET_U32_BE(X, Y) ( \ - ((uint32_t)((const uint8_t *)(X))[Y * 4 ] << 24) ^ \ - ((uint32_t)((const uint8_t *)(X))[Y * 4 + 1] << 16) ^ \ - ((uint32_t)((const uint8_t *)(X))[Y * 4 + 2] << 8) ^ \ - ((uint32_t)((const uint8_t *)(X))[Y * 4 + 3] ) ) +#define GET_U32_BE(X, Y) ( \ + ((uint32_t)((const uint8_t *)(X))[Y * 4] << 24) ^ ((uint32_t)((const uint8_t *)(X))[Y * 4 + 1] << 16) ^ ((uint32_t)((const uint8_t *)(X))[Y * 4 + 2] << 8) ^ ((uint32_t)((const uint8_t *)(X))[Y * 4 + 3])) -#define PUT_U32_BE(DEST, IDX, VAL) \ - do { \ - ((uint8_t *)(DEST))[IDX * 4 ] = GET_U8_BE(VAL, 0); \ - ((uint8_t *)(DEST))[IDX * 4 + 1] = GET_U8_BE(VAL, 1); \ - ((uint8_t *)(DEST))[IDX * 4 + 2] = GET_U8_BE(VAL, 2); \ - ((uint8_t *)(DEST))[IDX * 4 + 3] = GET_U8_BE(VAL, 3); \ - } while(0) +#define PUT_U32_BE(DEST, IDX, VAL) \ + do { \ + ((uint8_t *)(DEST))[IDX * 4] = GET_U8_BE(VAL, 0); \ + ((uint8_t *)(DEST))[IDX * 4 + 1] = GET_U8_BE(VAL, 1); \ + ((uint8_t *)(DEST))[IDX * 4 + 2] = GET_U8_BE(VAL, 2); \ + ((uint8_t *)(DEST))[IDX * 4 + 3] = GET_U8_BE(VAL, 3); \ + } while (0) -#define MAKE_U32(V0, V1, V2, V3) ( \ - ((uint32_t)((uint8_t)(V0)) << 24) | \ - ((uint32_t)((uint8_t)(V1)) << 16) | \ - ((uint32_t)((uint8_t)(V2)) << 8) | \ - ((uint32_t)((uint8_t)(V3)) ) ) +#define MAKE_U32(V0, V1, V2, V3) ( \ + ((uint32_t)((uint8_t)(V0)) << 24) | ((uint32_t)((uint8_t)(V1)) << 16) | ((uint32_t)((uint8_t)(V2)) << 8) | ((uint32_t)((uint8_t)(V3)))) /* End Macro*/ @@ -342,75 +335,43 @@ static const uint32_t X2[256] = { }; /* Key XOR Layer */ -#define ARIA_ADD_ROUND_KEY(RK, T0, T1, T2, T3) \ - do { \ - (T0) ^= (RK)->u[0]; \ - (T1) ^= (RK)->u[1]; \ - (T2) ^= (RK)->u[2]; \ - (T3) ^= (RK)->u[3]; \ - } while(0) +#define ARIA_ADD_ROUND_KEY(RK, T0, T1, T2, T3) \ + do { \ + (T0) ^= (RK)->u[0]; \ + (T1) ^= (RK)->u[1]; \ + (T2) ^= (RK)->u[2]; \ + (T3) ^= (RK)->u[3]; \ + } while (0) /* S-Box Layer 1 + M */ -#define ARIA_SBOX_LAYER1_WITH_PRE_DIFF(T0, T1, T2, T3) \ - do { \ - (T0) = \ - S1[GET_U8_BE(T0, 0)] ^ \ - S2[GET_U8_BE(T0, 1)] ^ \ - X1[GET_U8_BE(T0, 2)] ^ \ - X2[GET_U8_BE(T0, 3)]; \ - (T1) = \ - S1[GET_U8_BE(T1, 0)] ^ \ - S2[GET_U8_BE(T1, 1)] ^ \ - X1[GET_U8_BE(T1, 2)] ^ \ - X2[GET_U8_BE(T1, 3)]; \ - (T2) = \ - S1[GET_U8_BE(T2, 0)] ^ \ - S2[GET_U8_BE(T2, 1)] ^ \ - X1[GET_U8_BE(T2, 2)] ^ \ - X2[GET_U8_BE(T2, 3)]; \ - (T3) = \ - S1[GET_U8_BE(T3, 0)] ^ \ - S2[GET_U8_BE(T3, 1)] ^ \ - X1[GET_U8_BE(T3, 2)] ^ \ - X2[GET_U8_BE(T3, 3)]; \ - } while(0) +#define ARIA_SBOX_LAYER1_WITH_PRE_DIFF(T0, T1, T2, T3) \ + do { \ + (T0) = S1[GET_U8_BE(T0, 0)] ^ S2[GET_U8_BE(T0, 1)] ^ X1[GET_U8_BE(T0, 2)] ^ X2[GET_U8_BE(T0, 3)]; \ + (T1) = S1[GET_U8_BE(T1, 0)] ^ S2[GET_U8_BE(T1, 1)] ^ X1[GET_U8_BE(T1, 2)] ^ X2[GET_U8_BE(T1, 3)]; \ + (T2) = S1[GET_U8_BE(T2, 0)] ^ S2[GET_U8_BE(T2, 1)] ^ X1[GET_U8_BE(T2, 2)] ^ X2[GET_U8_BE(T2, 3)]; \ + (T3) = S1[GET_U8_BE(T3, 0)] ^ S2[GET_U8_BE(T3, 1)] ^ X1[GET_U8_BE(T3, 2)] ^ X2[GET_U8_BE(T3, 3)]; \ + } while (0) /* S-Box Layer 2 + M */ -#define ARIA_SBOX_LAYER2_WITH_PRE_DIFF(T0, T1, T2, T3) \ - do { \ - (T0) = \ - X1[GET_U8_BE(T0, 0)] ^ \ - X2[GET_U8_BE(T0, 1)] ^ \ - S1[GET_U8_BE(T0, 2)] ^ \ - S2[GET_U8_BE(T0, 3)]; \ - (T1) = \ - X1[GET_U8_BE(T1, 0)] ^ \ - X2[GET_U8_BE(T1, 1)] ^ \ - S1[GET_U8_BE(T1, 2)] ^ \ - S2[GET_U8_BE(T1, 3)]; \ - (T2) = \ - X1[GET_U8_BE(T2, 0)] ^ \ - X2[GET_U8_BE(T2, 1)] ^ \ - S1[GET_U8_BE(T2, 2)] ^ \ - S2[GET_U8_BE(T2, 3)]; \ - (T3) = \ - X1[GET_U8_BE(T3, 0)] ^ \ - X2[GET_U8_BE(T3, 1)] ^ \ - S1[GET_U8_BE(T3, 2)] ^ \ - S2[GET_U8_BE(T3, 3)]; \ - } while(0) +#define ARIA_SBOX_LAYER2_WITH_PRE_DIFF(T0, T1, T2, T3) \ + do { \ + (T0) = X1[GET_U8_BE(T0, 0)] ^ X2[GET_U8_BE(T0, 1)] ^ S1[GET_U8_BE(T0, 2)] ^ S2[GET_U8_BE(T0, 3)]; \ + (T1) = X1[GET_U8_BE(T1, 0)] ^ X2[GET_U8_BE(T1, 1)] ^ S1[GET_U8_BE(T1, 2)] ^ S2[GET_U8_BE(T1, 3)]; \ + (T2) = X1[GET_U8_BE(T2, 0)] ^ X2[GET_U8_BE(T2, 1)] ^ S1[GET_U8_BE(T2, 2)] ^ S2[GET_U8_BE(T2, 3)]; \ + (T3) = X1[GET_U8_BE(T3, 0)] ^ X2[GET_U8_BE(T3, 1)] ^ S1[GET_U8_BE(T3, 2)] ^ S2[GET_U8_BE(T3, 3)]; \ + } while (0) /* Word-level diffusion */ -#define ARIA_DIFF_WORD(T0,T1,T2,T3) \ - do { \ - (T1) ^= (T2); \ - (T2) ^= (T3); \ - (T0) ^= (T1); \ - \ - (T3) ^= (T1); \ - (T2) ^= (T0); \ - (T1) ^= (T2); \ - } while(0) +#define ARIA_DIFF_WORD(T0, T1, T2, T3) \ + do { \ + (T1) ^= (T2); \ + (T2) ^= (T3); \ + (T0) ^= (T1); \ + \ + (T3) ^= (T1); \ + (T2) ^= (T0); \ + (T1) ^= (T2); \ + } while (0) /* Byte-level diffusion */ #define ARIA_DIFF_BYTE(T0, T1, T2, T3) \ @@ -418,7 +379,7 @@ static const uint32_t X2[256] = { (T1) = (((T1) << 8) & 0xff00ff00) ^ (((T1) >> 8) & 0x00ff00ff); \ (T2) = rotr32(T2, 16); \ (T3) = bswap32(T3); \ - } while(0) + } while (0) /* Odd round Substitution & Diffusion */ #define ARIA_SUBST_DIFF_ODD(T0, T1, T2, T3) \ @@ -427,7 +388,7 @@ static const uint32_t X2[256] = { ARIA_DIFF_WORD(T0, T1, T2, T3); \ ARIA_DIFF_BYTE(T0, T1, T2, T3); \ ARIA_DIFF_WORD(T0, T1, T2, T3); \ - } while(0) + } while (0) /* Even round Substitution & Diffusion */ #define ARIA_SUBST_DIFF_EVEN(T0, T1, T2, T3) \ @@ -436,40 +397,28 @@ static const uint32_t X2[256] = { ARIA_DIFF_WORD(T0, T1, T2, T3); \ ARIA_DIFF_BYTE(T2, T3, T0, T1); \ ARIA_DIFF_WORD(T0, T1, T2, T3); \ - } while(0) + } while (0) /* Q, R Macro expanded ARIA GSRK */ -#define _ARIA_GSRK(RK, X, Y, Q, R) \ - do { \ - (RK)->u[0] = \ - ((X)[0]) ^ \ - (((Y)[((Q) ) % 4]) >> (R)) ^ \ - (((Y)[((Q) + 3) % 4]) << (32 - (R))); \ - (RK)->u[1] = \ - ((X)[1]) ^ \ - (((Y)[((Q) + 1) % 4]) >> (R)) ^ \ - (((Y)[((Q) ) % 4]) << (32 - (R))); \ - (RK)->u[2] = \ - ((X)[2]) ^ \ - (((Y)[((Q) + 2) % 4]) >> (R)) ^ \ - (((Y)[((Q) + 1) % 4]) << (32 - (R))); \ - (RK)->u[3] = \ - ((X)[3]) ^ \ - (((Y)[((Q) + 3) % 4]) >> (R)) ^ \ - (((Y)[((Q) + 2) % 4]) << (32 - (R))); \ - } while(0) +#define _ARIA_GSRK(RK, X, Y, Q, R) \ + do { \ + (RK)->u[0] = ((X)[0]) ^ (((Y)[((Q)) % 4]) >> (R)) ^ (((Y)[((Q) + 3) % 4]) << (32 - (R))); \ + (RK)->u[1] = ((X)[1]) ^ (((Y)[((Q) + 1) % 4]) >> (R)) ^ (((Y)[((Q)) % 4]) << (32 - (R))); \ + (RK)->u[2] = ((X)[2]) ^ (((Y)[((Q) + 2) % 4]) >> (R)) ^ (((Y)[((Q) + 1) % 4]) << (32 - (R))); \ + (RK)->u[3] = ((X)[3]) ^ (((Y)[((Q) + 3) % 4]) >> (R)) ^ (((Y)[((Q) + 2) % 4]) << (32 - (R))); \ + } while (0) #define ARIA_GSRK(RK, X, Y, N) _ARIA_GSRK(RK, X, Y, 4 - ((N) / 32), (N) % 32) -#define ARIA_DEC_DIFF_BYTE(X, Y, TMP, TMP2) \ - do { \ - (TMP) = (X); \ - (TMP2) = rotr32((TMP), 8); \ - (Y) = (TMP2) ^ rotr32((TMP) ^ (TMP2), 16); \ - } while(0) +#define ARIA_DEC_DIFF_BYTE(X, Y, TMP, TMP2) \ + do { \ + (TMP) = (X); \ + (TMP2) = rotr32((TMP), 8); \ + (Y) = (TMP2) ^ rotr32((TMP) ^ (TMP2), 16); \ + } while (0) void ossl_aria_encrypt(const unsigned char *in, unsigned char *out, - const ARIA_KEY *key) + const ARIA_KEY *key) { register uint32_t reg0, reg1, reg2, reg3; int Nr; @@ -508,26 +457,10 @@ void ossl_aria_encrypt(const unsigned char *in, unsigned char *out, rk++; } - reg0 = rk->u[0] ^ MAKE_U32( - (uint8_t)(X1[GET_U8_BE(reg0, 0)] ), - (uint8_t)(X2[GET_U8_BE(reg0, 1)] >> 8), - (uint8_t)(S1[GET_U8_BE(reg0, 2)] ), - (uint8_t)(S2[GET_U8_BE(reg0, 3)] )); - reg1 = rk->u[1] ^ MAKE_U32( - (uint8_t)(X1[GET_U8_BE(reg1, 0)] ), - (uint8_t)(X2[GET_U8_BE(reg1, 1)] >> 8), - (uint8_t)(S1[GET_U8_BE(reg1, 2)] ), - (uint8_t)(S2[GET_U8_BE(reg1, 3)] )); - reg2 = rk->u[2] ^ MAKE_U32( - (uint8_t)(X1[GET_U8_BE(reg2, 0)] ), - (uint8_t)(X2[GET_U8_BE(reg2, 1)] >> 8), - (uint8_t)(S1[GET_U8_BE(reg2, 2)] ), - (uint8_t)(S2[GET_U8_BE(reg2, 3)] )); - reg3 = rk->u[3] ^ MAKE_U32( - (uint8_t)(X1[GET_U8_BE(reg3, 0)] ), - (uint8_t)(X2[GET_U8_BE(reg3, 1)] >> 8), - (uint8_t)(S1[GET_U8_BE(reg3, 2)] ), - (uint8_t)(S2[GET_U8_BE(reg3, 3)] )); + reg0 = rk->u[0] ^ MAKE_U32((uint8_t)(X1[GET_U8_BE(reg0, 0)]), (uint8_t)(X2[GET_U8_BE(reg0, 1)] >> 8), (uint8_t)(S1[GET_U8_BE(reg0, 2)]), (uint8_t)(S2[GET_U8_BE(reg0, 3)])); + reg1 = rk->u[1] ^ MAKE_U32((uint8_t)(X1[GET_U8_BE(reg1, 0)]), (uint8_t)(X2[GET_U8_BE(reg1, 1)] >> 8), (uint8_t)(S1[GET_U8_BE(reg1, 2)]), (uint8_t)(S2[GET_U8_BE(reg1, 3)])); + reg2 = rk->u[2] ^ MAKE_U32((uint8_t)(X1[GET_U8_BE(reg2, 0)]), (uint8_t)(X2[GET_U8_BE(reg2, 1)] >> 8), (uint8_t)(S1[GET_U8_BE(reg2, 2)]), (uint8_t)(S2[GET_U8_BE(reg2, 3)])); + reg3 = rk->u[3] ^ MAKE_U32((uint8_t)(X1[GET_U8_BE(reg3, 0)]), (uint8_t)(X2[GET_U8_BE(reg3, 1)] >> 8), (uint8_t)(S1[GET_U8_BE(reg3, 2)]), (uint8_t)(S2[GET_U8_BE(reg3, 3)])); PUT_U32_BE(out, 0, reg0); PUT_U32_BE(out, 1, reg1); @@ -536,7 +469,7 @@ void ossl_aria_encrypt(const unsigned char *in, unsigned char *out, } int ossl_aria_set_encrypt_key(const unsigned char *userKey, const int bits, - ARIA_KEY *key) + ARIA_KEY *key) { register uint32_t reg0, reg1, reg2, reg3; uint32_t w0[4], w1[4], w2[4], w3[4]; @@ -574,12 +507,10 @@ int ossl_aria_set_encrypt_key(const unsigned char *userKey, const int bits, if (bits > 192) { w1[2] = GET_U32_BE(userKey, 6); w1[3] = GET_U32_BE(userKey, 7); - } - else { + } else { w1[2] = w1[3] = 0; } - } - else { + } else { w1[0] = w1[1] = w1[2] = w1[3] = 0; } @@ -668,7 +599,7 @@ int ossl_aria_set_encrypt_key(const unsigned char *userKey, const int bits, } int ossl_aria_set_decrypt_key(const unsigned char *userKey, const int bits, - ARIA_KEY *key) + ARIA_KEY *key) { ARIA_u128 *rk_head; ARIA_u128 *rk_tail; @@ -893,20 +824,14 @@ static const unsigned char sb4[256] = { 0xf7, 0x4c, 0x11, 0x33, 0x03, 0xa2, 0xac, 0x60 }; -static const ARIA_u128 c1 = {{ - 0x51, 0x7c, 0xc1, 0xb7, 0x27, 0x22, 0x0a, 0x94, - 0xfe, 0x13, 0xab, 0xe8, 0xfa, 0x9a, 0x6e, 0xe0 -}}; +static const ARIA_u128 c1 = { { 0x51, 0x7c, 0xc1, 0xb7, 0x27, 0x22, 0x0a, 0x94, + 0xfe, 0x13, 0xab, 0xe8, 0xfa, 0x9a, 0x6e, 0xe0 } }; -static const ARIA_u128 c2 = {{ - 0x6d, 0xb1, 0x4a, 0xcc, 0x9e, 0x21, 0xc8, 0x20, - 0xff, 0x28, 0xb1, 0xd5, 0xef, 0x5d, 0xe2, 0xb0 -}}; +static const ARIA_u128 c2 = { { 0x6d, 0xb1, 0x4a, 0xcc, 0x9e, 0x21, 0xc8, 0x20, + 0xff, 0x28, 0xb1, 0xd5, 0xef, 0x5d, 0xe2, 0xb0 } }; -static const ARIA_u128 c3 = {{ - 0xdb, 0x92, 0x37, 0x1d, 0x21, 0x26, 0xe9, 0x70, - 0x03, 0x24, 0x97, 0x75, 0x04, 0xe8, 0xc9, 0x0e -}}; +static const ARIA_u128 c3 = { { 0xdb, 0x92, 0x37, 0x1d, 0x21, 0x26, 0xe9, 0x70, + 0x03, 0x24, 0x97, 0x75, 0x04, 0xe8, 0xc9, 0x0e } }; /* * Exclusive or two 128 bit values into the result. @@ -925,7 +850,7 @@ static void xor128(ARIA_c128 o, const ARIA_c128 x, const ARIA_u128 *y) * It is safe for the output to overlap either input. */ static ossl_inline void rotnr(unsigned int n, ARIA_u128 *o, - const ARIA_u128 *xor, const ARIA_u128 *z) + const ARIA_u128 *xor, const ARIA_u128 *z) { const unsigned int bytes = n / 8, bits = n % 8; unsigned int i; @@ -934,9 +859,7 @@ static ossl_inline void rotnr(unsigned int n, ARIA_u128 *o, for (i = 0; i < ARIA_BLOCK_SIZE; i++) t.c[(i + bytes) % ARIA_BLOCK_SIZE] = z->c[i]; for (i = 0; i < ARIA_BLOCK_SIZE; i++) - o->c[i] = ((t.c[i] >> bits) | - (t.c[i ? i - 1 : ARIA_BLOCK_SIZE - 1] << (8 - bits))) ^ - xor->c[i]; + o->c[i] = ((t.c[i] >> bits) | (t.c[i ? i - 1 : ARIA_BLOCK_SIZE - 1] << (8 - bits))) ^ xor->c[i]; } /* @@ -992,7 +915,7 @@ static void sl1(ARIA_u128 *o, const ARIA_u128 *x, const ARIA_u128 *y) { unsigned int i; for (i = 0; i < ARIA_BLOCK_SIZE; i += 4) { - o->c[i ] = sb1[x->c[i ] ^ y->c[i ]]; + o->c[i] = sb1[x->c[i] ^ y->c[i]]; o->c[i + 1] = sb2[x->c[i + 1] ^ y->c[i + 1]]; o->c[i + 2] = sb3[x->c[i + 2] ^ y->c[i + 2]]; o->c[i + 3] = sb4[x->c[i + 3] ^ y->c[i + 3]]; @@ -1007,7 +930,7 @@ static void sl2(ARIA_c128 o, const ARIA_u128 *x, const ARIA_u128 *y) { unsigned int i; for (i = 0; i < ARIA_BLOCK_SIZE; i += 4) { - o[i ] = sb3[x->c[i ] ^ y->c[i ]]; + o[i] = sb3[x->c[i] ^ y->c[i]]; o[i + 1] = sb4[x->c[i + 1] ^ y->c[i + 1]]; o[i + 2] = sb1[x->c[i + 2] ^ y->c[i + 2]]; o[i + 3] = sb2[x->c[i + 3] ^ y->c[i + 3]]; @@ -1020,38 +943,22 @@ static void sl2(ARIA_c128 o, const ARIA_u128 *x, const ARIA_u128 *y) */ static void a(ARIA_u128 *y, const ARIA_u128 *x) { - y->c[ 0] = x->c[ 3] ^ x->c[ 4] ^ x->c[ 6] ^ x->c[ 8] ^ - x->c[ 9] ^ x->c[13] ^ x->c[14]; - y->c[ 1] = x->c[ 2] ^ x->c[ 5] ^ x->c[ 7] ^ x->c[ 8] ^ - x->c[ 9] ^ x->c[12] ^ x->c[15]; - y->c[ 2] = x->c[ 1] ^ x->c[ 4] ^ x->c[ 6] ^ x->c[10] ^ - x->c[11] ^ x->c[12] ^ x->c[15]; - y->c[ 3] = x->c[ 0] ^ x->c[ 5] ^ x->c[ 7] ^ x->c[10] ^ - x->c[11] ^ x->c[13] ^ x->c[14]; - y->c[ 4] = x->c[ 0] ^ x->c[ 2] ^ x->c[ 5] ^ x->c[ 8] ^ - x->c[11] ^ x->c[14] ^ x->c[15]; - y->c[ 5] = x->c[ 1] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 9] ^ - x->c[10] ^ x->c[14] ^ x->c[15]; - y->c[ 6] = x->c[ 0] ^ x->c[ 2] ^ x->c[ 7] ^ x->c[ 9] ^ - x->c[10] ^ x->c[12] ^ x->c[13]; - y->c[ 7] = x->c[ 1] ^ x->c[ 3] ^ x->c[ 6] ^ x->c[ 8] ^ - x->c[11] ^ x->c[12] ^ x->c[13]; - y->c[ 8] = x->c[ 0] ^ x->c[ 1] ^ x->c[ 4] ^ x->c[ 7] ^ - x->c[10] ^ x->c[13] ^ x->c[15]; - y->c[ 9] = x->c[ 0] ^ x->c[ 1] ^ x->c[ 5] ^ x->c[ 6] ^ - x->c[11] ^ x->c[12] ^ x->c[14]; - y->c[10] = x->c[ 2] ^ x->c[ 3] ^ x->c[ 5] ^ x->c[ 6] ^ - x->c[ 8] ^ x->c[13] ^ x->c[15]; - y->c[11] = x->c[ 2] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 7] ^ - x->c[ 9] ^ x->c[12] ^ x->c[14]; - y->c[12] = x->c[ 1] ^ x->c[ 2] ^ x->c[ 6] ^ x->c[ 7] ^ - x->c[ 9] ^ x->c[11] ^ x->c[12]; - y->c[13] = x->c[ 0] ^ x->c[ 3] ^ x->c[ 6] ^ x->c[ 7] ^ - x->c[ 8] ^ x->c[10] ^ x->c[13]; - y->c[14] = x->c[ 0] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 5] ^ - x->c[ 9] ^ x->c[11] ^ x->c[14]; - y->c[15] = x->c[ 1] ^ x->c[ 2] ^ x->c[ 4] ^ x->c[ 5] ^ - x->c[ 8] ^ x->c[10] ^ x->c[15]; + y->c[0] = x->c[3] ^ x->c[4] ^ x->c[6] ^ x->c[8] ^ x->c[9] ^ x->c[13] ^ x->c[14]; + y->c[1] = x->c[2] ^ x->c[5] ^ x->c[7] ^ x->c[8] ^ x->c[9] ^ x->c[12] ^ x->c[15]; + y->c[2] = x->c[1] ^ x->c[4] ^ x->c[6] ^ x->c[10] ^ x->c[11] ^ x->c[12] ^ x->c[15]; + y->c[3] = x->c[0] ^ x->c[5] ^ x->c[7] ^ x->c[10] ^ x->c[11] ^ x->c[13] ^ x->c[14]; + y->c[4] = x->c[0] ^ x->c[2] ^ x->c[5] ^ x->c[8] ^ x->c[11] ^ x->c[14] ^ x->c[15]; + y->c[5] = x->c[1] ^ x->c[3] ^ x->c[4] ^ x->c[9] ^ x->c[10] ^ x->c[14] ^ x->c[15]; + y->c[6] = x->c[0] ^ x->c[2] ^ x->c[7] ^ x->c[9] ^ x->c[10] ^ x->c[12] ^ x->c[13]; + y->c[7] = x->c[1] ^ x->c[3] ^ x->c[6] ^ x->c[8] ^ x->c[11] ^ x->c[12] ^ x->c[13]; + y->c[8] = x->c[0] ^ x->c[1] ^ x->c[4] ^ x->c[7] ^ x->c[10] ^ x->c[13] ^ x->c[15]; + y->c[9] = x->c[0] ^ x->c[1] ^ x->c[5] ^ x->c[6] ^ x->c[11] ^ x->c[12] ^ x->c[14]; + y->c[10] = x->c[2] ^ x->c[3] ^ x->c[5] ^ x->c[6] ^ x->c[8] ^ x->c[13] ^ x->c[15]; + y->c[11] = x->c[2] ^ x->c[3] ^ x->c[4] ^ x->c[7] ^ x->c[9] ^ x->c[12] ^ x->c[14]; + y->c[12] = x->c[1] ^ x->c[2] ^ x->c[6] ^ x->c[7] ^ x->c[9] ^ x->c[11] ^ x->c[12]; + y->c[13] = x->c[0] ^ x->c[3] ^ x->c[6] ^ x->c[7] ^ x->c[8] ^ x->c[10] ^ x->c[13]; + y->c[14] = x->c[0] ^ x->c[3] ^ x->c[4] ^ x->c[5] ^ x->c[9] ^ x->c[11] ^ x->c[14]; + y->c[15] = x->c[1] ^ x->c[2] ^ x->c[4] ^ x->c[5] ^ x->c[8] ^ x->c[10] ^ x->c[15]; } /* @@ -1060,7 +967,7 @@ static void a(ARIA_u128 *y, const ARIA_u128 *x) * It is safe for the input and output to overlap. */ static ossl_inline void FO(ARIA_u128 *o, const ARIA_u128 *d, - const ARIA_u128 *rk) + const ARIA_u128 *rk) { ARIA_u128 y; @@ -1074,7 +981,7 @@ static ossl_inline void FO(ARIA_u128 *o, const ARIA_u128 *d, * It is safe for the input and output to overlap. */ static ossl_inline void FE(ARIA_u128 *o, const ARIA_u128 *d, - const ARIA_u128 *rk) + const ARIA_u128 *rk) { ARIA_u128 y; @@ -1087,7 +994,7 @@ static ossl_inline void FE(ARIA_u128 *o, const ARIA_u128 *d, * in and out can overlap */ static void do_encrypt(unsigned char *o, const unsigned char *pin, - unsigned int rounds, const ARIA_u128 *keys) + unsigned int rounds, const ARIA_u128 *keys) { ARIA_u128 p; unsigned int i; @@ -1107,20 +1014,19 @@ static void do_encrypt(unsigned char *o, const unsigned char *pin, * in and out can overlap */ void ossl_aria_encrypt(const unsigned char *in, unsigned char *out, - const ARIA_KEY *key) + const ARIA_KEY *key) { assert(in != NULL && out != NULL && key != NULL); do_encrypt(out, in, key->rounds, key->rd_key); } - /* * Expand the cipher key into the encryption key schedule. * We short circuit execution of the last two * or four rotations based on the key size. */ int ossl_aria_set_encrypt_key(const unsigned char *userKey, const int bits, - ARIA_KEY *key) + ARIA_KEY *key) { const ARIA_u128 *ck1, *ck2, *ck3; ARIA_u128 kr, w0, w1, w2, w3; @@ -1157,22 +1063,25 @@ int ossl_aria_set_encrypt_key(const unsigned char *userKey, const int bits, break; } - FO(&w3, &w0, ck1); xor128(w1.c, w3.c, &kr); - FE(&w3, &w1, ck2); xor128(w2.c, w3.c, &w0); - FO(&kr, &w2, ck3); xor128(w3.c, kr.c, &w1); + FO(&w3, &w0, ck1); + xor128(w1.c, w3.c, &kr); + FE(&w3, &w1, ck2); + xor128(w2.c, w3.c, &w0); + FO(&kr, &w2, ck3); + xor128(w3.c, kr.c, &w1); - rot19r(&key->rd_key[ 0], &w0, &w1); - rot19r(&key->rd_key[ 1], &w1, &w2); - rot19r(&key->rd_key[ 2], &w2, &w3); - rot19r(&key->rd_key[ 3], &w3, &w0); + rot19r(&key->rd_key[0], &w0, &w1); + rot19r(&key->rd_key[1], &w1, &w2); + rot19r(&key->rd_key[2], &w2, &w3); + rot19r(&key->rd_key[3], &w3, &w0); - rot31r(&key->rd_key[ 4], &w0, &w1); - rot31r(&key->rd_key[ 5], &w1, &w2); - rot31r(&key->rd_key[ 6], &w2, &w3); - rot31r(&key->rd_key[ 7], &w3, &w0); + rot31r(&key->rd_key[4], &w0, &w1); + rot31r(&key->rd_key[5], &w1, &w2); + rot31r(&key->rd_key[6], &w2, &w3); + rot31r(&key->rd_key[7], &w3, &w0); - rot61l(&key->rd_key[ 8], &w0, &w1); - rot61l(&key->rd_key[ 9], &w1, &w2); + rot61l(&key->rd_key[8], &w0, &w1); + rot61l(&key->rd_key[9], &w1, &w2); rot61l(&key->rd_key[10], &w2, &w3); rot61l(&key->rd_key[11], &w3, &w0); @@ -1193,7 +1102,7 @@ int ossl_aria_set_encrypt_key(const unsigned char *userKey, const int bits, * Expand the cipher key into the decryption key schedule. */ int ossl_aria_set_decrypt_key(const unsigned char *userKey, const int bits, - ARIA_KEY *key) + ARIA_KEY *key) { ARIA_KEY ek; const int r = ossl_aria_set_encrypt_key(userKey, bits, &ek); |