Gitiles
Code Review Sign In
review.jami.net / jami-client-android / 7fd5d3d29abe692a50cec438dde7730afaeb2172 / . / jni / libzrtp / sources / cryptcommon / aeskey.c
blob: 10d3324cc527e2c85f83861c21ba5715a4c8e05c [file] [log] [blame]
Alexandre Lision7fd5d3d2013-12-04 13:06:40 -0500[diff] [blame^]1/*
2---------------------------------------------------------------------------
3Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.
4
5The redistribution and use of this software (with or without changes)
6is allowed without the payment of fees or royalties provided that:
7
8 source code distributions include the above copyright notice, this
9 list of conditions and the following disclaimer;
10
11 binary distributions include the above copyright notice, this list
12 of conditions and the following disclaimer in their documentation.
13
14This software is provided 'as is' with no explicit or implied warranties
15in respect of its operation, including, but not limited to, correctness
16and fitness for purpose.
17---------------------------------------------------------------------------
18Issue Date: 20/12/2007
19*/
20
21#include "aesopt.h"
22#include "aestab.h"
23
24/*
25#ifdef USE_VIA_ACE_IF_PRESENT
26# include "aes_via_ace.h"
27#endif
28*/
29
30#if defined(__cplusplus)
31extern "C"
32{
33#endif
34
35/* Initialise the key schedule from the user supplied key. The key
36 length can be specified in bytes, with legal values of 16, 24
37 and 32, or in bits, with legal values of 128, 192 and 256. These
38 values correspond with Nk values of 4, 6 and 8 respectively.
39
40 The following macros implement a single cycle in the key
41 schedule generation process. The number of cycles needed
42 for each cx->n_col and nk value is:
43
44 nk = 4 5 6 7 8
45 ------------------------------
46 cx->n_col = 4 10 9 8 7 7
47 cx->n_col = 5 14 11 10 9 9
48 cx->n_col = 6 19 15 12 11 11
49 cx->n_col = 7 21 19 16 13 14
50 cx->n_col = 8 29 23 19 17 14
51*/
52
53#if defined( REDUCE_CODE_SIZE )
54# define ls_box ls_sub
55 uint_32t ls_sub(const uint_32t t, const uint_32t n);
56# define inv_mcol im_sub
57 uint_32t im_sub(const uint_32t x);
58# ifdef ENC_KS_UNROLL
59# undef ENC_KS_UNROLL
60# endif
61# ifdef DEC_KS_UNROLL
62# undef DEC_KS_UNROLL
63# endif
64#endif
65
66#if (FUNCS_IN_C & ENC_KEYING_IN_C)
67
68#if defined(AES_128) || defined( AES_VAR )
69
70#define ke4(k,i) \
71{ k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; \
72 k[4*(i)+5] = ss[1] ^= ss[0]; \
73 k[4*(i)+6] = ss[2] ^= ss[1]; \
74 k[4*(i)+7] = ss[3] ^= ss[2]; \
75}
76
77AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1])
78{ uint_32t ss[4];
79
80 cx->ks[0] = ss[0] = word_in(key, 0);
81 cx->ks[1] = ss[1] = word_in(key, 1);
82 cx->ks[2] = ss[2] = word_in(key, 2);
83 cx->ks[3] = ss[3] = word_in(key, 3);
84
85#ifdef ENC_KS_UNROLL
86 ke4(cx->ks, 0); ke4(cx->ks, 1);
87 ke4(cx->ks, 2); ke4(cx->ks, 3);
88 ke4(cx->ks, 4); ke4(cx->ks, 5);
89 ke4(cx->ks, 6); ke4(cx->ks, 7);
90 ke4(cx->ks, 8);
91#else
92 { uint_32t i;
93 for(i = 0; i < 9; ++i)
94 ke4(cx->ks, i);
95 }
96#endif
97 ke4(cx->ks, 9);
98 cx->inf.l = 0;
99 cx->inf.b[0] = 10 * 16;
100
101#ifdef USE_VIA_ACE_IF_PRESENT
102 if(VIA_ACE_AVAILABLE)
103 cx->inf.b[1] = 0xff;
104#endif
105 return EXIT_SUCCESS;
106}
107
108#endif
109
110#if defined(AES_192) || defined( AES_VAR )
111
112#define kef6(k,i) \
113{ k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; \
114 k[6*(i)+ 7] = ss[1] ^= ss[0]; \
115 k[6*(i)+ 8] = ss[2] ^= ss[1]; \
116 k[6*(i)+ 9] = ss[3] ^= ss[2]; \
117}
118
119#define ke6(k,i) \
120{ kef6(k,i); \
121 k[6*(i)+10] = ss[4] ^= ss[3]; \
122 k[6*(i)+11] = ss[5] ^= ss[4]; \
123}
124
125AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1])
126{ uint_32t ss[6];
127
128 cx->ks[0] = ss[0] = word_in(key, 0);
129 cx->ks[1] = ss[1] = word_in(key, 1);
130 cx->ks[2] = ss[2] = word_in(key, 2);
131 cx->ks[3] = ss[3] = word_in(key, 3);
132 cx->ks[4] = ss[4] = word_in(key, 4);
133 cx->ks[5] = ss[5] = word_in(key, 5);
134
135#ifdef ENC_KS_UNROLL
136 ke6(cx->ks, 0); ke6(cx->ks, 1);
137 ke6(cx->ks, 2); ke6(cx->ks, 3);
138 ke6(cx->ks, 4); ke6(cx->ks, 5);
139 ke6(cx->ks, 6);
140#else
141 { uint_32t i;
142 for(i = 0; i < 7; ++i)
143 ke6(cx->ks, i);
144 }
145#endif
146 kef6(cx->ks, 7);
147 cx->inf.l = 0;
148 cx->inf.b[0] = 12 * 16;
149
150#ifdef USE_VIA_ACE_IF_PRESENT
151 if(VIA_ACE_AVAILABLE)
152 cx->inf.b[1] = 0xff;
153#endif
154 return EXIT_SUCCESS;
155}
156
157#endif
158
159#if defined(AES_256) || defined( AES_VAR )
160
161#define kef8(k,i) \
162{ k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; \
163 k[8*(i)+ 9] = ss[1] ^= ss[0]; \
164 k[8*(i)+10] = ss[2] ^= ss[1]; \
165 k[8*(i)+11] = ss[3] ^= ss[2]; \
166}
167
168#define ke8(k,i) \
169{ kef8(k,i); \
170 k[8*(i)+12] = ss[4] ^= ls_box(ss[3],0); \
171 k[8*(i)+13] = ss[5] ^= ss[4]; \
172 k[8*(i)+14] = ss[6] ^= ss[5]; \
173 k[8*(i)+15] = ss[7] ^= ss[6]; \
174}
175
176AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1])
177{ uint_32t ss[8];
178
179 cx->ks[0] = ss[0] = word_in(key, 0);
180 cx->ks[1] = ss[1] = word_in(key, 1);
181 cx->ks[2] = ss[2] = word_in(key, 2);
182 cx->ks[3] = ss[3] = word_in(key, 3);
183 cx->ks[4] = ss[4] = word_in(key, 4);
184 cx->ks[5] = ss[5] = word_in(key, 5);
185 cx->ks[6] = ss[6] = word_in(key, 6);
186 cx->ks[7] = ss[7] = word_in(key, 7);
187
188#ifdef ENC_KS_UNROLL
189 ke8(cx->ks, 0); ke8(cx->ks, 1);
190 ke8(cx->ks, 2); ke8(cx->ks, 3);
191 ke8(cx->ks, 4); ke8(cx->ks, 5);
192#else
193 { uint_32t i;
194 for(i = 0; i < 6; ++i)
195 ke8(cx->ks, i);
196 }
197#endif
198 kef8(cx->ks, 6);
199 cx->inf.l = 0;
200 cx->inf.b[0] = 14 * 16;
201
202#ifdef USE_VIA_ACE_IF_PRESENT
203 if(VIA_ACE_AVAILABLE)
204 cx->inf.b[1] = 0xff;
205#endif
206 return EXIT_SUCCESS;
207}
208
209#endif
210
211#if defined( AES_VAR )
212
213AES_RETURN aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1])
214{
215 switch(key_len)
216 {
217 case 16: case 128: return aes_encrypt_key128(key, cx);
218 case 24: case 192: return aes_encrypt_key192(key, cx);
219 case 32: case 256: return aes_encrypt_key256(key, cx);
220 default: return EXIT_FAILURE;
221 }
222}
223
224#endif
225
226#endif
227
228#if (FUNCS_IN_C & DEC_KEYING_IN_C)
229
230/* this is used to store the decryption round keys */
231/* in forward or reverse order */
232
233#ifdef AES_REV_DKS
234#define v(n,i) ((n) - (i) + 2 * ((i) & 3))
235#else
236#define v(n,i) (i)
237#endif
238
239#if DEC_ROUND == NO_TABLES
240#define ff(x) (x)
241#else
242#define ff(x) inv_mcol(x)
243#if defined( dec_imvars )
244#define d_vars dec_imvars
245#endif
246#endif
247
248#if defined(AES_128) || defined( AES_VAR )
249
250#define k4e(k,i) \
251{ k[v(40,(4*(i))+4)] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; \
252 k[v(40,(4*(i))+5)] = ss[1] ^= ss[0]; \
253 k[v(40,(4*(i))+6)] = ss[2] ^= ss[1]; \
254 k[v(40,(4*(i))+7)] = ss[3] ^= ss[2]; \
255}
256
257#if 1
258
259#define kdf4(k,i) \
260{ ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; \
261 ss[1] = ss[1] ^ ss[3]; \
262 ss[2] = ss[2] ^ ss[3]; \
263 ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; \
264 ss[i % 4] ^= ss[4]; \
265 ss[4] ^= k[v(40,(4*(i)))]; k[v(40,(4*(i))+4)] = ff(ss[4]); \
266 ss[4] ^= k[v(40,(4*(i))+1)]; k[v(40,(4*(i))+5)] = ff(ss[4]); \
267 ss[4] ^= k[v(40,(4*(i))+2)]; k[v(40,(4*(i))+6)] = ff(ss[4]); \
268 ss[4] ^= k[v(40,(4*(i))+3)]; k[v(40,(4*(i))+7)] = ff(ss[4]); \
269}
270
271#define kd4(k,i) \
272{ ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; \
273 ss[i % 4] ^= ss[4]; ss[4] = ff(ss[4]); \
274 k[v(40,(4*(i))+4)] = ss[4] ^= k[v(40,(4*(i)))]; \
275 k[v(40,(4*(i))+5)] = ss[4] ^= k[v(40,(4*(i))+1)]; \
276 k[v(40,(4*(i))+6)] = ss[4] ^= k[v(40,(4*(i))+2)]; \
277 k[v(40,(4*(i))+7)] = ss[4] ^= k[v(40,(4*(i))+3)]; \
278}
279
280#define kdl4(k,i) \
281{ ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
282 k[v(40,(4*(i))+4)] = (ss[0] ^= ss[1]) ^ ss[2] ^ ss[3]; \
283 k[v(40,(4*(i))+5)] = ss[1] ^ ss[3]; \
284 k[v(40,(4*(i))+6)] = ss[0]; \
285 k[v(40,(4*(i))+7)] = ss[1]; \
286}
287
288#else
289
290#define kdf4(k,i) \
291{ ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[v(40,(4*(i))+ 4)] = ff(ss[0]); \
292 ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ff(ss[1]); \
293 ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ff(ss[2]); \
294 ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ff(ss[3]); \
295}
296
297#define kd4(k,i) \
298{ ss[4] = ls_box(ss[3],3) ^ t_use(r,c)[i]; \
299 ss[0] ^= ss[4]; ss[4] = ff(ss[4]); k[v(40,(4*(i))+ 4)] = ss[4] ^= k[v(40,(4*(i)))]; \
300 ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ss[4] ^= k[v(40,(4*(i))+ 1)]; \
301 ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ss[4] ^= k[v(40,(4*(i))+ 2)]; \
302 ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ss[4] ^= k[v(40,(4*(i))+ 3)]; \
303}
304
305#define kdl4(k,i) \
306{ ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[v(40,(4*(i))+ 4)] = ss[0]; \
307 ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ss[1]; \
308 ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ss[2]; \
309 ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ss[3]; \
310}
311
312#endif
313
314AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1])
315{ uint_32t ss[5];
316#if defined( d_vars )
317 d_vars;
318#endif
319 cx->ks[v(40,(0))] = ss[0] = word_in(key, 0);
320 cx->ks[v(40,(1))] = ss[1] = word_in(key, 1);
321 cx->ks[v(40,(2))] = ss[2] = word_in(key, 2);
322 cx->ks[v(40,(3))] = ss[3] = word_in(key, 3);
323
324#ifdef DEC_KS_UNROLL
325 kdf4(cx->ks, 0); kd4(cx->ks, 1);
326 kd4(cx->ks, 2); kd4(cx->ks, 3);
327 kd4(cx->ks, 4); kd4(cx->ks, 5);
328 kd4(cx->ks, 6); kd4(cx->ks, 7);
329 kd4(cx->ks, 8); kdl4(cx->ks, 9);
330#else
331 { uint_32t i;
332 for(i = 0; i < 10; ++i)
333 k4e(cx->ks, i);
334#if !(DEC_ROUND == NO_TABLES)
335 for(i = N_COLS; i < 10 * N_COLS; ++i)
336 cx->ks[i] = inv_mcol(cx->ks[i]);
337#endif
338 }
339#endif
340 cx->inf.l = 0;
341 cx->inf.b[0] = 10 * 16;
342
343#ifdef USE_VIA_ACE_IF_PRESENT
344 if(VIA_ACE_AVAILABLE)
345 cx->inf.b[1] = 0xff;
346#endif
347 return EXIT_SUCCESS;
348}
349
350#endif
351
352#if defined(AES_192) || defined( AES_VAR )
353
354#define k6ef(k,i) \
355{ k[v(48,(6*(i))+ 6)] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; \
356 k[v(48,(6*(i))+ 7)] = ss[1] ^= ss[0]; \
357 k[v(48,(6*(i))+ 8)] = ss[2] ^= ss[1]; \
358 k[v(48,(6*(i))+ 9)] = ss[3] ^= ss[2]; \
359}
360
361#define k6e(k,i) \
362{ k6ef(k,i); \
363 k[v(48,(6*(i))+10)] = ss[4] ^= ss[3]; \
364 k[v(48,(6*(i))+11)] = ss[5] ^= ss[4]; \
365}
366
367#define kdf6(k,i) \
368{ ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[v(48,(6*(i))+ 6)] = ff(ss[0]); \
369 ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ff(ss[1]); \
370 ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ff(ss[2]); \
371 ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ff(ss[3]); \
372 ss[4] ^= ss[3]; k[v(48,(6*(i))+10)] = ff(ss[4]); \
373 ss[5] ^= ss[4]; k[v(48,(6*(i))+11)] = ff(ss[5]); \
374}
375
376#define kd6(k,i) \
377{ ss[6] = ls_box(ss[5],3) ^ t_use(r,c)[i]; \
378 ss[0] ^= ss[6]; ss[6] = ff(ss[6]); k[v(48,(6*(i))+ 6)] = ss[6] ^= k[v(48,(6*(i)))]; \
379 ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ss[6] ^= k[v(48,(6*(i))+ 1)]; \
380 ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ss[6] ^= k[v(48,(6*(i))+ 2)]; \
381 ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[6] ^= k[v(48,(6*(i))+ 3)]; \
382 ss[4] ^= ss[3]; k[v(48,(6*(i))+10)] = ss[6] ^= k[v(48,(6*(i))+ 4)]; \
383 ss[5] ^= ss[4]; k[v(48,(6*(i))+11)] = ss[6] ^= k[v(48,(6*(i))+ 5)]; \
384}
385
386#define kdl6(k,i) \
387{ ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[v(48,(6*(i))+ 6)] = ss[0]; \
388 ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ss[1]; \
389 ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ss[2]; \
390 ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[3]; \
391}
392
393AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1])
394{ uint_32t ss[7];
395#if defined( d_vars )
396 d_vars;
397#endif
398 cx->ks[v(48,(0))] = ss[0] = word_in(key, 0);
399 cx->ks[v(48,(1))] = ss[1] = word_in(key, 1);
400 cx->ks[v(48,(2))] = ss[2] = word_in(key, 2);
401 cx->ks[v(48,(3))] = ss[3] = word_in(key, 3);
402
403#ifdef DEC_KS_UNROLL
404 cx->ks[v(48,(4))] = ff(ss[4] = word_in(key, 4));
405 cx->ks[v(48,(5))] = ff(ss[5] = word_in(key, 5));
406 kdf6(cx->ks, 0); kd6(cx->ks, 1);
407 kd6(cx->ks, 2); kd6(cx->ks, 3);
408 kd6(cx->ks, 4); kd6(cx->ks, 5);
409 kd6(cx->ks, 6); kdl6(cx->ks, 7);
410#else
411 cx->ks[v(48,(4))] = ss[4] = word_in(key, 4);
412 cx->ks[v(48,(5))] = ss[5] = word_in(key, 5);
413 { uint_32t i;
414
415 for(i = 0; i < 7; ++i)
416 k6e(cx->ks, i);
417 k6ef(cx->ks, 7);
418#if !(DEC_ROUND == NO_TABLES)
419 for(i = N_COLS; i < 12 * N_COLS; ++i)
420 cx->ks[i] = inv_mcol(cx->ks[i]);
421#endif
422 }
423#endif
424 cx->inf.l = 0;
425 cx->inf.b[0] = 12 * 16;
426
427#ifdef USE_VIA_ACE_IF_PRESENT
428 if(VIA_ACE_AVAILABLE)
429 cx->inf.b[1] = 0xff;
430#endif
431 return EXIT_SUCCESS;
432}
433
434#endif
435
436#if defined(AES_256) || defined( AES_VAR )
437
438#define k8ef(k,i) \
439{ k[v(56,(8*(i))+ 8)] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; \
440 k[v(56,(8*(i))+ 9)] = ss[1] ^= ss[0]; \
441 k[v(56,(8*(i))+10)] = ss[2] ^= ss[1]; \
442 k[v(56,(8*(i))+11)] = ss[3] ^= ss[2]; \
443}
444
445#define k8e(k,i) \
446{ k8ef(k,i); \
447 k[v(56,(8*(i))+12)] = ss[4] ^= ls_box(ss[3],0); \
448 k[v(56,(8*(i))+13)] = ss[5] ^= ss[4]; \
449 k[v(56,(8*(i))+14)] = ss[6] ^= ss[5]; \
450 k[v(56,(8*(i))+15)] = ss[7] ^= ss[6]; \
451}
452
453#define kdf8(k,i) \
454{ ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[v(56,(8*(i))+ 8)] = ff(ss[0]); \
455 ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ff(ss[1]); \
456 ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ff(ss[2]); \
457 ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ff(ss[3]); \
458 ss[4] ^= ls_box(ss[3],0); k[v(56,(8*(i))+12)] = ff(ss[4]); \
459 ss[5] ^= ss[4]; k[v(56,(8*(i))+13)] = ff(ss[5]); \
460 ss[6] ^= ss[5]; k[v(56,(8*(i))+14)] = ff(ss[6]); \
461 ss[7] ^= ss[6]; k[v(56,(8*(i))+15)] = ff(ss[7]); \
462}
463
464#define kd8(k,i) \
465{ ss[8] = ls_box(ss[7],3) ^ t_use(r,c)[i]; \
466 ss[0] ^= ss[8]; ss[8] = ff(ss[8]); k[v(56,(8*(i))+ 8)] = ss[8] ^= k[v(56,(8*(i)))]; \
467 ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ss[8] ^= k[v(56,(8*(i))+ 1)]; \
468 ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ss[8] ^= k[v(56,(8*(i))+ 2)]; \
469 ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[8] ^= k[v(56,(8*(i))+ 3)]; \
470 ss[8] = ls_box(ss[3],0); \
471 ss[4] ^= ss[8]; ss[8] = ff(ss[8]); k[v(56,(8*(i))+12)] = ss[8] ^= k[v(56,(8*(i))+ 4)]; \
472 ss[5] ^= ss[4]; k[v(56,(8*(i))+13)] = ss[8] ^= k[v(56,(8*(i))+ 5)]; \
473 ss[6] ^= ss[5]; k[v(56,(8*(i))+14)] = ss[8] ^= k[v(56,(8*(i))+ 6)]; \
474 ss[7] ^= ss[6]; k[v(56,(8*(i))+15)] = ss[8] ^= k[v(56,(8*(i))+ 7)]; \
475}
476
477#define kdl8(k,i) \
478{ ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[v(56,(8*(i))+ 8)] = ss[0]; \
479 ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ss[1]; \
480 ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ss[2]; \
481 ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[3]; \
482}
483
484AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1])
485{ uint_32t ss[9];
486#if defined( d_vars )
487 d_vars;
488#endif
489 cx->ks[v(56,(0))] = ss[0] = word_in(key, 0);
490 cx->ks[v(56,(1))] = ss[1] = word_in(key, 1);
491 cx->ks[v(56,(2))] = ss[2] = word_in(key, 2);
492 cx->ks[v(56,(3))] = ss[3] = word_in(key, 3);
493
494#ifdef DEC_KS_UNROLL
495 cx->ks[v(56,(4))] = ff(ss[4] = word_in(key, 4));
496 cx->ks[v(56,(5))] = ff(ss[5] = word_in(key, 5));
497 cx->ks[v(56,(6))] = ff(ss[6] = word_in(key, 6));
498 cx->ks[v(56,(7))] = ff(ss[7] = word_in(key, 7));
499 kdf8(cx->ks, 0); kd8(cx->ks, 1);
500 kd8(cx->ks, 2); kd8(cx->ks, 3);
501 kd8(cx->ks, 4); kd8(cx->ks, 5);
502 kdl8(cx->ks, 6);
503#else
504 cx->ks[v(56,(4))] = ss[4] = word_in(key, 4);
505 cx->ks[v(56,(5))] = ss[5] = word_in(key, 5);
506 cx->ks[v(56,(6))] = ss[6] = word_in(key, 6);
507 cx->ks[v(56,(7))] = ss[7] = word_in(key, 7);
508 { uint_32t i;
509
510 for(i = 0; i < 6; ++i)
511 k8e(cx->ks, i);
512 k8ef(cx->ks, 6);
513#if !(DEC_ROUND == NO_TABLES)
514 for(i = N_COLS; i < 14 * N_COLS; ++i)
515 cx->ks[i] = inv_mcol(cx->ks[i]);
516#endif
517 }
518#endif
519 cx->inf.l = 0;
520 cx->inf.b[0] = 14 * 16;
521
522#ifdef USE_VIA_ACE_IF_PRESENT
523 if(VIA_ACE_AVAILABLE)
524 cx->inf.b[1] = 0xff;
525#endif
526 return EXIT_SUCCESS;
527}
528
529#endif
530
531#if defined( AES_VAR )
532
533AES_RETURN aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1])
534{
535 switch(key_len)
536 {
537 case 16: case 128: return aes_decrypt_key128(key, cx);
538 case 24: case 192: return aes_decrypt_key192(key, cx);
539 case 32: case 256: return aes_decrypt_key256(key, cx);
540 default: return EXIT_FAILURE;
541 }
542}
543
544#endif
545
546#endif
547
548#if defined(__cplusplus)
549}
550#endif