ebs-cryptolib  0.2.0
Cryptography libraries repacked for convenience from AVR Crypto Lib
aes_dec.c
1 /* aes.c */
2 /*
3  This file is part of the AVR-Crypto-Lib.
4  Copyright (C) 2006-2015 Daniel Otte (bg@nerilex.org)
5 
6  This program is free software: you can redistribute it and/or modify
7  it under the terms of the GNU General Public License as published by
8  the Free Software Foundation, either version 3 of the License, or
9  (at your option) any later version.
10 
11  This program is distributed in the hope that it will be useful,
12  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  GNU General Public License for more details.
15 
16  You should have received a copy of the GNU General Public License
17  along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19 
20 #include <stdint.h>
21 #include <string.h>
22 #include "../gf256mul/gf256mul.h"
23 #include "aes.h"
24 #include "aes_invsbox.h"
25 #include "aes_dec.h"
26 
27 
28 // static
29 // void aes_invshiftrow(void *data, uint8_t shift){
30 // uint8_t tmp[4];
31 // tmp[0] = ((uint8_t*)data)[(4+0-shift)&3];
32 // tmp[1] = ((uint8_t*)data)[(4+1-shift)&3];
33 // tmp[2] = ((uint8_t*)data)[(4+2-shift)&3];
34 // tmp[3] = ((uint8_t*)data)[(4+3-shift)&3];
35 // memcpy(data, tmp, 4);
36 // }
37 
38 static
39 void aes_invshiftcol(void *data, uint8_t shift){
40  uint8_t tmp[4];
41  tmp[0] = ((uint8_t*)data)[ 0];
42  tmp[1] = ((uint8_t*)data)[ 4];
43  tmp[2] = ((uint8_t*)data)[ 8];
44  tmp[3] = ((uint8_t*)data)[12];
45  ((uint8_t*)data)[ 0] = tmp[(4-shift+0)&3];
46  ((uint8_t*)data)[ 4] = tmp[(4-shift+1)&3];
47  ((uint8_t*)data)[ 8] = tmp[(4-shift+2)&3];
48  ((uint8_t*)data)[12] = tmp[(4-shift+3)&3];
49 }
50 static
51 void aes_dec_round(aes_cipher_state_t *state, const aes_roundkey_t *k){
52  uint8_t tmp[16];
53  uint8_t i;
54  uint8_t t,u,v,w;
55  /* keyAdd */
56  for(i=0; i<16; ++i){
57  tmp[i] = state->s[i] ^ k->ks[i];
58  }
59  /* mixColums */
60  for(i=0; i<4; ++i){
61  t = tmp[4*i+3] ^ tmp[4*i+2];
62  u = tmp[4*i+1] ^ tmp[4*i+0];
63  v = t ^ u;
64  v = gf256mul(0x09, v, 0x1b);
65  w = v ^ gf256mul(0x04, tmp[4*i+2] ^ tmp[4*i+0], 0x1b);
66  v = v ^ gf256mul(0x04, tmp[4*i+3] ^ tmp[4*i+1], 0x1b);
67  state->s[4*i+3] = tmp[4*i+3] ^ v ^ gf256mul(0x02, tmp[4*i+0] ^ tmp[4*i+3], 0x1b);
68  state->s[4*i+2] = tmp[4*i+2] ^ w ^ gf256mul(0x02, t, 0x1b);
69  state->s[4*i+1] = tmp[4*i+1] ^ v ^ gf256mul(0x02, tmp[4*i+2] ^ tmp[4*i+1], 0x1b);
70  state->s[4*i+0] = tmp[4*i+0] ^ w ^ gf256mul(0x02, u, 0x1b);
71 
72  /*
73  state->s[4*i+0] =
74  gf256mul(0xe, tmp[4*i+0], 0x1b)
75  ^ gf256mul(0xb, tmp[4*i+1], 0x1b)
76  ^ gf256mul(0xd, tmp[4*i+2], 0x1b)
77  ^ gf256mul(0x9, tmp[4*i+3], 0x1b);
78  state->s[4*i+1] =
79  gf256mul(0x9, tmp[4*i+0], 0x1b)
80  ^ gf256mul(0xe, tmp[4*i+1], 0x1b)
81  ^ gf256mul(0xb, tmp[4*i+2], 0x1b)
82  ^ gf256mul(0xd, tmp[4*i+3], 0x1b);
83  state->s[4*i+2] =
84  gf256mul(0xd, tmp[4*i+0], 0x1b)
85  ^ gf256mul(0x9, tmp[4*i+1], 0x1b)
86  ^ gf256mul(0xe, tmp[4*i+2], 0x1b)
87  ^ gf256mul(0xb, tmp[4*i+3], 0x1b);
88  state->s[4*i+3] =
89  gf256mul(0xb, tmp[4*i+0], 0x1b)
90  ^ gf256mul(0xd, tmp[4*i+1], 0x1b)
91  ^ gf256mul(0x9, tmp[4*i+2], 0x1b)
92  ^ gf256mul(0xe, tmp[4*i+3], 0x1b);
93  */
94  }
95  /* shiftRows */
96  aes_invshiftcol(state->s+1, 1);
97  aes_invshiftcol(state->s+2, 2);
98  aes_invshiftcol(state->s+3, 3);
99  /* subBytes */
100  for(i=0; i<16; ++i){
101  state->s[i] = ROMEM_READ_BYTE(aes_invsbox_T_p + state->s[i]);
102  }
103 }
104 
105 
106 static
107 void aes_dec_firstround(aes_cipher_state_t *state, const aes_roundkey_t *k){
108  uint8_t i;
109  /* keyAdd */
110  for(i=0; i<16; ++i){
111  state->s[i] ^= k->ks[i];
112  }
113  /* shiftRows */
114  aes_invshiftcol(state->s+1, 1);
115  aes_invshiftcol(state->s+2, 2);
116  aes_invshiftcol(state->s+3, 3);
117  /* subBytes */
118  for(i=0; i<16; ++i){
119  state->s[i] = ROMEM_READ_BYTE(aes_invsbox_T_p + state->s[i]);
120  }
121 }
122 
123 void aes_decrypt_core(aes_cipher_state_t *state, const aes_genctx_t *ks, uint8_t rounds){
124  uint8_t i;
125  aes_dec_firstround(state, &(ks->key[i=rounds]));
126  for(;rounds>1;--rounds){
127  --i;
128  aes_dec_round(state, &(ks->key[i]));
129  }
130  for(i=0; i<16; ++i){
131  state->s[i] ^= ks->key[0].ks[i];
132  }
133 }
134 
135 void aes128_dec(void *buffer, aes128_ctx_t *ctx){
136  aes_decrypt_core(buffer, (aes_genctx_t*)ctx, 10);
137 }
138 
139 void aes192_dec(void *buffer, aes192_ctx_t *ctx){
140  aes_decrypt_core(buffer, (aes_genctx_t*)ctx, 12);
141 }
142 
143 void aes256_dec(void *buffer, aes256_ctx_t *ctx){
144  aes_decrypt_core(buffer, (aes_genctx_t*)ctx, 14);
145 }
aes_dec.h
aes128_dec
void aes128_dec(void *buffer, aes128_ctx_t *ctx)
decrypt with 128 bit key.
Definition: aes_dec.c:135
aes256_dec
void aes256_dec(void *buffer, aes256_ctx_t *ctx)
decrypt with 256 bit key.
Definition: aes_dec.c:143
aes192_dec
void aes192_dec(void *buffer, aes192_ctx_t *ctx)
decrypt with 192 bit key.
Definition: aes_dec.c:139
aes_invsbox.h
aes128_ctx_t
Definition: aes_types.h:36
aes192_ctx_t
Definition: aes_types.h:40
aes256_ctx_t
Definition: aes_types.h:44
aes_cipher_state_t
Definition: aes_types.h:52
aes_genctx_t
Definition: aes_types.h:48
aes_roundkey_t
Definition: aes_types.h:32