diff --git a/crypto/crypto.c b/crypto/crypto.c index 36eb0654b..509ffb02b 100644 --- a/crypto/crypto.c +++ b/crypto/crypto.c @@ -13,6 +13,7 @@ see ecryption-doc.txt for details */ #include +#include #include #include "..\src\Dialogs.h" #include "..\src\Helpers.h" @@ -39,18 +40,18 @@ BOOL masterKeyAvailable = FALSE; // information for the passphrase dialog box void ResetEncryption() { - masterKeyAvailable = FALSE; - hasMasterFileKey = FALSE; - hasBinFileKey = FALSE; - useMasterKey = FALSE; - useFileKey = FALSE; - memset(fileKey, 0, sizeof(fileKey)); - memset(masterKey, 0, sizeof(masterKey)); - memset(binFileKey, 0, sizeof(binFileKey)); - memset(unicodeFileKey, 0, sizeof(unicodeFileKey)); - memset(unicodeMasterKey, 0, sizeof(unicodeMasterKey)); - memset(masterFileKey, 0, sizeof(masterFileKey)); - memset(masterFileIV, 0, sizeof(masterFileIV)); + masterKeyAvailable = FALSE; + hasMasterFileKey = FALSE; + hasBinFileKey = FALSE; + useMasterKey = FALSE; + useFileKey = FALSE; + memset(fileKey, 0, sizeof(fileKey)); + memset(masterKey, 0, sizeof(masterKey)); + memset(binFileKey, 0, sizeof(binFileKey)); + memset(unicodeFileKey, 0, sizeof(unicodeFileKey)); + memset(unicodeMasterKey, 0, sizeof(unicodeMasterKey)); + memset(masterFileKey, 0, sizeof(masterFileKey)); + memset(masterFileIV, 0, sizeof(masterFileIV)); } //============================================================================= @@ -61,27 +62,26 @@ void ResetEncryption() // void unicodeStringCpy(char *dest, WCHAR *src, int destSize) { - int sidx = 0; - int didx = 0; - int destLim = destSize - 1; - while ((src[sidx] != 0) && (didx < destLim)) - { - WCHAR c = src[sidx++]; - char clow = (char)(c & 0xff); - if (clow != 0) { dest[didx++] = clow; } // ignore zeros in the low order part - if (((c & 0xff00) != 0) && (didx < destLim)) // ignore zeros in the high order part - { - dest[didx++] = (char)((c >> 8) & 0xff); + int sidx = 0; + int didx = 0; + int destLim = destSize - 1; + while ((src[sidx] != 0) && (didx < destLim)) { + WCHAR c = src[sidx++]; + char clow = (char)(c & 0xff); + if (clow != 0) { dest[didx++] = clow; } // ignore zeros in the low order part + if (((c & 0xff00) != 0) && (didx < destLim)) // ignore zeros in the high order part + { + dest[didx++] = (char)((c >> 8) & 0xff); + } } - } - dest[didx++] = (char)0; + dest[didx++] = (char)0; } //============================================================================= // helper function for set focus to editbox void SetDialogFocus(HWND hDlg, HWND hwndControl) { - PostMessage(hDlg, WM_NEXTDLGCTL, (WPARAM)hwndControl, TRUE); + PostMessage(hDlg, WM_NEXTDLGCTL, (WPARAM)hwndControl, TRUE); } @@ -92,106 +92,106 @@ void SetDialogFocus(HWND hDlg, HWND hwndControl) // caller (and hence the rest of the encryption) doesn't know unicode was involved. INT_PTR CALLBACK SetKeysDlgProc(HWND hDlg, UINT umsg, WPARAM wParam, LPARAM lParam) { - switch (umsg) - { + UNUSED(lParam); - case WM_INITDIALOG: - { - SetDlgItemText(hDlg, IDC_EDIT1, unicodeFileKey); - SetDlgItemText(hDlg, IDC_EDIT2, unicodeMasterKey); - ShowWindow(GetDlgItem(hDlg, IDC_CHECK3), hasMasterFileKey); - CheckDlgButton(hDlg, IDC_CHECK3, hasMasterFileKey ? BST_CHECKED : BST_UNCHECKED); - CheckDlgButton(hDlg, IDC_CHECK2, hasBinFileKey | useFileKey ? BST_CHECKED : BST_UNCHECKED); - CheckDlgButton(hDlg, IDC_CHECK1, useMasterKey ? BST_CHECKED : BST_UNCHECKED); - CenterDlgInParent(hDlg); - // Don't use: SetFocus( GetDlgItem( hDlg, IDC_EDIT1 ) ); - SetDialogFocus(hDlg, GetDlgItem(hDlg, IDC_EDIT1)); - } + switch (umsg) { - return TRUE; - break; - - case WM_COMMAND: - - switch (LOWORD(wParam)) + case WM_INITDIALOG: { - - case IDOK: - { - BOOL useMas = IsDlgButtonChecked(hDlg, IDC_CHECK1) == BST_CHECKED; - BOOL useFil = IsDlgButtonChecked(hDlg, IDC_CHECK2) == BST_CHECKED; - BOOL reuseMas = IsDlgButtonChecked(hDlg, IDC_CHECK3) == BST_CHECKED; - WCHAR newFileKey[WKEY_LEN] = { 0 }; - WCHAR newMasKey[WKEY_LEN] = { 0 }; - hasMasterFileKey &= reuseMas; - GetDlgItemText(hDlg, IDC_EDIT1, newFileKey, sizeof(newFileKey)); - GetDlgItemText(hDlg, IDC_EDIT2, newMasKey, sizeof(newMasKey)); - useFileKey = !((newFileKey[0] <= ' ') || !useFil); - useMasterKey = !((newMasKey[0] <= ' ') || !useMas); - //@@@lstrcpyn(fileKey, newFileKey, WKEY_LEN); - //@@@lstrcpyn(masterKey, newMasKey, WKEY_LEN); - memcpy(unicodeFileKey, newFileKey, sizeof(unicodeFileKey)); - memcpy(unicodeMasterKey, newMasKey, sizeof(unicodeMasterKey)); - unicodeStringCpy(fileKey, unicodeFileKey, sizeof(fileKey)); - unicodeStringCpy(masterKey, unicodeMasterKey, sizeof(masterKey)); - EndDialog(hDlg, IDOK); - return(TRUE); + SetDlgItemText(hDlg, IDC_EDIT1, unicodeFileKey); + SetDlgItemText(hDlg, IDC_EDIT2, unicodeMasterKey); + ShowWindow(GetDlgItem(hDlg, IDC_CHECK3), hasMasterFileKey); + CheckDlgButton(hDlg, IDC_CHECK3, hasMasterFileKey ? BST_CHECKED : BST_UNCHECKED); + CheckDlgButton(hDlg, IDC_CHECK2, (hasBinFileKey | useFileKey) ? BST_CHECKED : BST_UNCHECKED); + CheckDlgButton(hDlg, IDC_CHECK1, useMasterKey ? BST_CHECKED : BST_UNCHECKED); + CenterDlgInParent(hDlg); + // Don't use: SetFocus( GetDlgItem( hDlg, IDC_EDIT1 ) ); + SetDialogFocus(hDlg, GetDlgItem(hDlg, IDC_EDIT1)); } + return TRUE; break; - case IDC_EDIT1: - { - WCHAR newFileKey[WKEY_LEN] = { 0 }; - GetDlgItemText(hDlg, IDC_EDIT1, newFileKey, sizeof(newFileKey)); - CheckDlgButton(hDlg, IDC_CHECK2, (newFileKey[0] <= ' ') ? BST_UNCHECKED : BST_CHECKED); - } + case WM_COMMAND: - break; + switch (LOWORD(wParam)) { - case IDC_EDIT2: - { - WCHAR newMasKey[WKEY_LEN] = { 0 }; - GetDlgItemText(hDlg, IDC_EDIT2, newMasKey, sizeof(newMasKey)); - { - BOOL newuse = (newMasKey[0] > ' '); // no leading whitespace or empty passwords - CheckDlgButton(hDlg, IDC_CHECK1, newuse ? BST_CHECKED : BST_UNCHECKED); + case IDOK: + { + BOOL useMas = IsDlgButtonChecked(hDlg, IDC_CHECK1) == BST_CHECKED; + BOOL useFil = IsDlgButtonChecked(hDlg, IDC_CHECK2) == BST_CHECKED; + BOOL reuseMas = IsDlgButtonChecked(hDlg, IDC_CHECK3) == BST_CHECKED; + WCHAR newFileKey[WKEY_LEN] = { 0 }; + WCHAR newMasKey[WKEY_LEN] = { 0 }; + hasMasterFileKey &= reuseMas; + GetDlgItemText(hDlg, IDC_EDIT1, newFileKey, COUNTOF(newFileKey)); + GetDlgItemText(hDlg, IDC_EDIT2, newMasKey, COUNTOF(newMasKey)); + useFileKey = !((newFileKey[0] <= ' ') || !useFil); + useMasterKey = !((newMasKey[0] <= ' ') || !useMas); + //@@@lstrcpyn(fileKey, newFileKey, WKEY_LEN); + //@@@lstrcpyn(masterKey, newMasKey, WKEY_LEN); + memcpy(unicodeFileKey, newFileKey, sizeof(unicodeFileKey)); + memcpy(unicodeMasterKey, newMasKey, sizeof(unicodeMasterKey)); + unicodeStringCpy(fileKey, unicodeFileKey, sizeof(fileKey)); + unicodeStringCpy(masterKey, unicodeMasterKey, sizeof(masterKey)); + EndDialog(hDlg, IDOK); + return(TRUE); + } - if (newuse) { CheckDlgButton(hDlg, IDC_CHECK3, BST_UNCHECKED); } - } - } + break; - break; + case IDC_EDIT1: + { + WCHAR newFileKey[WKEY_LEN] = { 0 }; + GetDlgItemText(hDlg, IDC_EDIT1, newFileKey, COUNTOF(newFileKey)); + CheckDlgButton(hDlg, IDC_CHECK2, (newFileKey[0] <= ' ') ? BST_UNCHECKED : BST_CHECKED); + } - case IDC_CHECK3: // check reuse, uncheck set new and inverse - { - BOOL reuseMas = IsDlgButtonChecked(hDlg, IDC_CHECK3) == BST_CHECKED; + break; - if (reuseMas) { CheckDlgButton(hDlg, IDC_CHECK1, reuseMas ? BST_UNCHECKED : BST_CHECKED); } - } + case IDC_EDIT2: + { + WCHAR newMasKey[WKEY_LEN] = { 0 }; + GetDlgItemText(hDlg, IDC_EDIT2, newMasKey, COUNTOF(newMasKey)); + { + BOOL newuse = (newMasKey[0] > ' '); // no leading whitespace or empty passwords + CheckDlgButton(hDlg, IDC_CHECK1, newuse ? BST_CHECKED : BST_UNCHECKED); - break; + if (newuse) { CheckDlgButton(hDlg, IDC_CHECK3, BST_UNCHECKED); } + } + } - case IDC_CHECK1: - { - BOOL useMas = IsDlgButtonChecked(hDlg, IDC_CHECK1) == BST_CHECKED; + break; - if (useMas) { CheckDlgButton(hDlg, IDC_CHECK3, useMas ? BST_UNCHECKED : BST_CHECKED); } - } + case IDC_CHECK3: // check reuse, uncheck set new and inverse + { + BOOL reuseMas = IsDlgButtonChecked(hDlg, IDC_CHECK3) == BST_CHECKED; - break; + if (reuseMas) { CheckDlgButton(hDlg, IDC_CHECK1, reuseMas ? BST_UNCHECKED : BST_CHECKED); } + } - case IDCANCEL: - EndDialog(hDlg, IDCANCEL); - break; + break; + + case IDC_CHECK1: + { + BOOL useMas = IsDlgButtonChecked(hDlg, IDC_CHECK1) == BST_CHECKED; + + if (useMas) { CheckDlgButton(hDlg, IDC_CHECK3, useMas ? BST_UNCHECKED : BST_CHECKED); } + } + + break; + + case IDCANCEL: + EndDialog(hDlg, IDCANCEL); + break; + + } + + break; } - break; - - } - - return FALSE; + return FALSE; } // @@ -202,71 +202,68 @@ INT_PTR CALLBACK SetKeysDlgProc(HWND hDlg, UINT umsg, WPARAM wParam, LPARAM lPar // INT_PTR CALLBACK GetKeysDlgProc(HWND hDlg, UINT umsg, WPARAM wParam, LPARAM lParam) { + UNUSED(lParam); - switch (umsg) - { + switch (umsg) { - case WM_INITDIALOG: - { - int vis = masterKeyAvailable ? SW_SHOW : SW_HIDE; - ShowWindow(GetDlgItem(hDlg, IDC_STATICPW), vis); - ShowWindow(GetDlgItem(hDlg, IDC_CHECK3), vis); - //@@@SetDlgItemText( hDlg, IDC_EDIT3, fileKey ); - SetDlgItemText(hDlg, IDC_EDIT3, unicodeFileKey); - CheckDlgButton(hDlg, IDC_CHECK3, BST_UNCHECKED); - CenterDlgInParent(hDlg); - // Don't use: SetFocus( GetDlgItem( hDlg, IDC_EDIT3 ) ); - SetDialogFocus(hDlg, GetDlgItem(hDlg, IDC_EDIT3)); - } - - return TRUE; - break; - - case WM_COMMAND: - - switch (LOWORD(wParam)) + case WM_INITDIALOG: { - - case IDOK: - { - - BOOL useMas = (IsDlgButtonChecked(hDlg, IDC_CHECK3) == BST_CHECKED); - WCHAR newKey[WKEY_LEN] = L"\0"; - GetDlgItemText(hDlg, IDC_EDIT3, newKey, sizeof(newKey)); - - if (useMas) - { - //@@@lstrcpyn( masterKey, newKey, WKEY_LEN ); - memcpy(unicodeMasterKey, newKey, sizeof(unicodeMasterKey)); - unicodeStringCpy(masterKey, unicodeMasterKey, sizeof(masterKey)); - useFileKey = FALSE; - useMasterKey = TRUE; - } - else - { - //lstrcpyn( fileKey, newKey, WKEY_LEN ); - memcpy(unicodeFileKey, newKey, sizeof(unicodeFileKey)); - unicodeStringCpy(fileKey, unicodeFileKey, sizeof(fileKey)); - useFileKey = TRUE; - useMasterKey = FALSE; - } - - EndDialog(hDlg, IDOK); - - return(TRUE); - break; - } - - case IDCANCEL: - EndDialog(hDlg, IDCANCEL); - break; - + int vis = masterKeyAvailable ? SW_SHOW : SW_HIDE; + ShowWindow(GetDlgItem(hDlg, IDC_STATICPW), vis); + ShowWindow(GetDlgItem(hDlg, IDC_CHECK3), vis); + //@@@SetDlgItemText( hDlg, IDC_EDIT3, fileKey ); + SetDlgItemText(hDlg, IDC_EDIT3, unicodeFileKey); + CheckDlgButton(hDlg, IDC_CHECK3, BST_UNCHECKED); + CenterDlgInParent(hDlg); + // Don't use: SetFocus( GetDlgItem( hDlg, IDC_EDIT3 ) ); + SetDialogFocus(hDlg, GetDlgItem(hDlg, IDC_EDIT3)); } + return TRUE; break; - } - return FALSE; + case WM_COMMAND: + + switch (LOWORD(wParam)) { + + case IDOK: + { + + BOOL useMas = (IsDlgButtonChecked(hDlg, IDC_CHECK3) == BST_CHECKED); + WCHAR newKey[WKEY_LEN] = L"\0"; + GetDlgItemText(hDlg, IDC_EDIT3, newKey, COUNTOF(newKey)); + + if (useMas) { + //@@@lstrcpyn( masterKey, newKey, WKEY_LEN ); + memcpy(unicodeMasterKey, newKey, sizeof(unicodeMasterKey)); + unicodeStringCpy(masterKey, unicodeMasterKey, sizeof(masterKey)); + useFileKey = FALSE; + useMasterKey = TRUE; + } + else { + //lstrcpyn( fileKey, newKey, WKEY_LEN ); + memcpy(unicodeFileKey, newKey, sizeof(unicodeFileKey)); + unicodeStringCpy(fileKey, unicodeFileKey, sizeof(fileKey)); + useFileKey = TRUE; + useMasterKey = FALSE; + } + + EndDialog(hDlg, IDOK); + + return(TRUE); + break; + } + + case IDCANCEL: + EndDialog(hDlg, IDCANCEL); + break; + + } + + break; + } + + return FALSE; } @@ -274,16 +271,16 @@ INT_PTR CALLBACK GetKeysDlgProc(HWND hDlg, UINT umsg, WPARAM wParam, LPARAM lPar // set passphrases for output BOOL GetFileKey(HWND hwnd) { - return (IDOK == DialogBoxParam(g_hInstance, MAKEINTRESOURCE(IDD_PASSWORDS), - GetParent(hwnd), SetKeysDlgProc, (LPARAM)hwnd)); + return (IDOK == DialogBoxParam(g_hInstance, MAKEINTRESOURCE(IDD_PASSWORDS), + GetParent(hwnd), SetKeysDlgProc, (LPARAM)hwnd)); } // set passphrases for file being input BOOL ReadFileKey(HWND hwnd, BOOL master) { - masterKeyAvailable = master; - return (IDOK == DialogBoxParam(g_hInstance, MAKEINTRESOURCE(IDD_READPW), - GetParent(hwnd), GetKeysDlgProc, (LPARAM)hwnd)); + masterKeyAvailable = master; + return (IDOK == DialogBoxParam(g_hInstance, MAKEINTRESOURCE(IDD_READPW), + GetParent(hwnd), GetKeysDlgProc, (LPARAM)hwnd)); } @@ -291,238 +288,222 @@ BOOL ReadFileKey(HWND hwnd, BOOL master) // read the file data, decrypt if necessary, return the result as a new allocation BOOL ReadAndDecryptFile(HWND hwnd, HANDLE hFile, DWORD size, void** result, DWORD *resultlen) { - BOOL usedEncryption = FALSE; - HANDLE rawhandle = *result; // GlobalAlloc(GPTR, size); - char* rawdata = GlobalLock(rawhandle); - unsigned long readsize = 0; - BOOL bReadSuccess = ReadFile(hFile, rawdata, size, &readsize, NULL); + BOOL usedEncryption = FALSE; + HANDLE rawhandle = *result; + BYTE* rawdata = (BYTE*)GlobalLock(rawhandle); + unsigned long readsize = 0; + BOOL bReadSuccess = ReadFile(hFile, rawdata, size, &readsize, NULL); - // we read the file, check if it looks like our encryption format + // we read the file, check if it looks like our encryption format - if (bReadSuccess && (readsize > (PREAMBLE_SIZE + AES_MAX_IV_SIZE))) - { - long *ldata = (long*)rawdata; + if (bReadSuccess && (readsize > (PREAMBLE_SIZE + AES_MAX_IV_SIZE))) { + long *ldata = (long*)rawdata; - if (ldata[0] == PREAMBLE) - { - long scheme = ldata[1]; - unsigned long code_offset = PREAMBLE_SIZE + AES_MAX_IV_SIZE; + if (ldata && (ldata[0] == PREAMBLE)) { + long scheme = ldata[1]; + unsigned long code_offset = PREAMBLE_SIZE + AES_MAX_IV_SIZE; - switch (scheme) - { - case MASTERKEY_FORMAT: - code_offset += sizeof(masterFileKey) + sizeof(masterFileIV); - // save the encrypted file key and IV. They can be reused if the - // passphrases are not changed. - memcpy(masterFileIV, &rawdata[MASTER_KEY_OFFSET], sizeof(masterFileIV)); - memcpy(masterFileKey, &rawdata[MASTER_KEY_OFFSET + sizeof(masterFileIV)], sizeof(masterFileKey)); - hasMasterFileKey = TRUE; + switch (scheme) { + case MASTERKEY_FORMAT: + code_offset += sizeof(masterFileKey) + sizeof(masterFileIV); + // save the encrypted file key and IV. They can be reused if the + // passphrases are not changed. + memcpy(masterFileIV, &rawdata[MASTER_KEY_OFFSET], sizeof(masterFileIV)); + memcpy(masterFileKey, &rawdata[MASTER_KEY_OFFSET + sizeof(masterFileIV)], sizeof(masterFileKey)); + hasMasterFileKey = TRUE; - // fall through - case FILEKEY_FORMAT: - { - BOOL haveFileKey = ReadFileKey(hwnd, scheme == MASTERKEY_FORMAT); + // fall through + case FILEKEY_FORMAT: + { + BOOL haveFileKey = ReadFileKey(hwnd, scheme == MASTERKEY_FORMAT); - if (useFileKey) - { - // use the file key to decode - /*@@@ - char ansiKey[KEY_LEN+1]; - int len = WideCharToMultiByte( CP_ACP, WC_NO_BEST_FIT_CHARS, fileKey, -1, ansiKey, KEY_LEN, NULL, NULL ); - ansiKey[len] = '\0'; - AES_keygen( ansiKey, binFileKey ); // generate the encryption key from the passphrase - */ - AES_keygen(fileKey, binFileKey); // generate the encryption key from the passphrase - hasBinFileKey = TRUE; - } - else if ((scheme == MASTERKEY_FORMAT) && useMasterKey) - { // use the master key to recover the file key - BYTE binMasterKey[KEY_BYTES]; - AES_keyInstance masterdecode; - AES_cipherInstance mastercypher; - /*@@@ - char ansiKey[KEY_LEN+1]; - int len = WideCharToMultiByte( CP_ACP, WC_NO_BEST_FIT_CHARS, masterKey, -1, ansiKey, KEY_LEN, NULL, NULL ); - AES_keygen( ansiKey, binMasterKey ); - */ - AES_keygen(masterKey, binMasterKey); - AES_bin_setup(&masterdecode, AES_DIR_DECRYPT, KEY_BYTES * 8, binMasterKey); - AES_bin_cipherInit(&mastercypher, AES_MODE_CBC, masterFileIV); - AES_blockDecrypt(&mastercypher, &masterdecode, masterFileKey, sizeof(binFileKey), binFileKey); - hasBinFileKey = TRUE; - haveFileKey = TRUE; - useMasterKey = FALSE; - } + if (useFileKey) { + // use the file key to decode + /*@@@ + char ansiKey[KEY_LEN+1]; + int len = WideCharToMultiByte( CP_ACP, WC_NO_BEST_FIT_CHARS, fileKey, -1, ansiKey, KEY_LEN, NULL, NULL ); + ansiKey[len] = '\0'; + AES_keygen( ansiKey, binFileKey ); // generate the encryption key from the passphrase + */ + AES_keygen(fileKey, binFileKey); // generate the encryption key from the passphrase + hasBinFileKey = TRUE; + } + else if ((scheme == MASTERKEY_FORMAT) && useMasterKey) { // use the master key to recover the file key + BYTE binMasterKey[KEY_BYTES]; + AES_keyInstance masterdecode; + AES_cipherInstance mastercypher; + /*@@@ + char ansiKey[KEY_LEN+1]; + int len = WideCharToMultiByte( CP_ACP, WC_NO_BEST_FIT_CHARS, masterKey, -1, ansiKey, KEY_LEN, NULL, NULL ); + AES_keygen( ansiKey, binMasterKey ); + */ + AES_keygen(masterKey, binMasterKey); + AES_bin_setup(&masterdecode, AES_DIR_DECRYPT, KEY_BYTES * 8, binMasterKey); + AES_bin_cipherInit(&mastercypher, AES_MODE_CBC, masterFileIV); + AES_blockDecrypt(&mastercypher, &masterdecode, masterFileKey, sizeof(binFileKey), binFileKey); + hasBinFileKey = TRUE; + haveFileKey = TRUE; + useMasterKey = FALSE; + } - if (haveFileKey) - { - AES_keyInstance fileDecode; - AES_cipherInstance fileCypher; - AES_bin_setup(&fileDecode, AES_DIR_DECRYPT, KEY_BYTES * 8, binFileKey); - AES_bin_cipherInit(&fileCypher, AES_MODE_CBC, &rawdata[PREAMBLE_SIZE]); // IV is next - { // finally, decrypt the actual data - int nbb = BAD_CIPHER_STATE; - int nbp = BAD_CIPHER_STATE; - if ((readsize - code_offset) >= PAD_SLOP) { - nbb = AES_blockDecrypt(&fileCypher, &fileDecode, &rawdata[code_offset], readsize - code_offset - PAD_SLOP, rawdata); + if (haveFileKey) { + AES_keyInstance fileDecode; + AES_cipherInstance fileCypher; + AES_bin_setup(&fileDecode, AES_DIR_DECRYPT, KEY_BYTES * 8, binFileKey); + AES_bin_cipherInit(&fileCypher, AES_MODE_CBC, &rawdata[PREAMBLE_SIZE]); // IV is next + { // finally, decrypt the actual data + int nbb = BAD_CIPHER_STATE; + int nbp = BAD_CIPHER_STATE; + if ((readsize - code_offset) >= PAD_SLOP) { + nbb = AES_blockDecrypt(&fileCypher, &fileDecode, &rawdata[code_offset], readsize - code_offset - PAD_SLOP, rawdata); + } + if (nbb >= 0) { + nbp = AES_padDecrypt(&fileCypher, &fileDecode, &rawdata[code_offset + nbb], readsize - code_offset - nbb, rawdata + nbb); + } + if (nbp >= 0) { + int nb = nbb + nbp; + rawdata[nb] = (char)0; + rawdata[nb + 1] = (char)0; // two zeros in case it's multi-byte + *resultlen = (DWORD)nb; + bReadSuccess = TRUE; + } + else { + MsgBox(MBWARN, IDS_PASS_FAILURE); + *resultlen = 0; + bReadSuccess = FALSE; + } + } + usedEncryption = TRUE; + } + else { + // simulate read failure + MsgBox(MBWARN, IDS_NOPASS); + *resultlen = 0; + bReadSuccess = FALSE; + usedEncryption = FALSE; + } } - if (nbb >= 0) { - nbp = AES_padDecrypt(&fileCypher, &fileDecode, &rawdata[code_offset + nbb], readsize - code_offset - nbb, rawdata + nbb); - } - if (nbp >= 0) { - int nb = nbb + nbp; - rawdata[nb] = (char)0; - rawdata[nb + 1] = (char)0; // two zeros in case it's multi-byte - *resultlen = (DWORD)nb; - bReadSuccess = TRUE; - } - else { - MsgBox(MBWARN, IDS_PASS_FAILURE); - *resultlen = 0; - bReadSuccess = FALSE; - } - } - usedEncryption = TRUE; - } - else - { - // simulate read failure - MsgBox(MBWARN, IDS_NOPASS); - *resultlen = 0; - bReadSuccess = FALSE; - usedEncryption = FALSE; - } - } - break; + break; - default: BUG1("format %d not understood", scheme); - } + default: BUG1("format %d not understood", scheme); + } + } } - } - if (!usedEncryption) - { // here, the file is believed to be a straight text file - ResetEncryption(); - *resultlen = readsize; - } + if (!usedEncryption) { // here, the file is believed to be a straight text file + ResetEncryption(); + *resultlen = readsize; + } - GlobalUnlock(rawhandle); + GlobalUnlock(rawhandle); - //if ( !bReadSuccess ) - //{ - // GlobalFree( rawhandle ); - //} - - return(bReadSuccess); + return(bReadSuccess); } BOOL EncryptAndWriteFile(HWND hwnd, HANDLE hFile, BYTE *data, DWORD size, DWORD *written) { - static int sequence = 1; // sequence counter so each time is unique + UNUSED(hwnd); + static int sequence = 1; // sequence counter so each time is unique - if (useFileKey || hasMasterFileKey) - { - AES_keyInstance fileEncode; // encryption key for the file - AES_cipherInstance fileCypher; // cypher for the file, including the IV - DWORD PREAMBLE_written = 0; - BYTE precodedata[AES_MAX_IV_SIZE * 2 + KEY_BYTES * 2 + PREAMBLE_SIZE]; - long precode_size = AES_MAX_IV_SIZE + PREAMBLE_SIZE; //precode in standard file format - long *PREAMBLE_data = (long *)precodedata; - PREAMBLE_data[0] = PREAMBLE; - PREAMBLE_data[1] = FILEKEY_FORMAT; + if (useFileKey || hasMasterFileKey) { + AES_keyInstance fileEncode; // encryption key for the file + AES_cipherInstance fileCypher; // cypher for the file, including the IV + DWORD PREAMBLE_written = 0; + BYTE precodedata[AES_MAX_IV_SIZE * 2 + KEY_BYTES * 2 + PREAMBLE_SIZE]; + long precode_size = AES_MAX_IV_SIZE + PREAMBLE_SIZE; //precode in standard file format + long *PREAMBLE_data = (long *)precodedata; + PREAMBLE_data[0] = PREAMBLE; + PREAMBLE_data[1] = FILEKEY_FORMAT; - srand(sequence++ ^ (unsigned int)time(NULL)); - { - int i; for (i = 0; i < AES_MAX_IV_SIZE; i++) - { - precodedata[PREAMBLE_SIZE + i] = 0;//rand(); - } - } - - { - if (useFileKey) { - // generate the encryption key from the passphrase - /* @@@ - char ansiKey[KEY_LEN+1]; - int len = WideCharToMultiByte( CP_ACP, WC_NO_BEST_FIT_CHARS, fileKey, -1, ansiKey, KEY_LEN, NULL, NULL ); - ansiKey[len] = '\0'; - AES_keygen( ansiKey, binFileKey ); - */ - AES_keygen(fileKey, binFileKey); - hasBinFileKey = TRUE; - }; - - AES_bin_setup(&fileEncode, AES_DIR_ENCRYPT, KEY_BYTES * 8, binFileKey); - - AES_bin_cipherInit(&fileCypher, AES_MODE_CBC, &precodedata[PREAMBLE_SIZE]); - - if (useMasterKey && *masterKey) - { //setup with the master key and encrypt the file key. - //append the encrypted file key to the end of the PREAMBLE block - BYTE binMasterKey[KEY_BYTES]; - AES_keyInstance masterencode; - AES_cipherInstance mastercypher; - /* @@@ - char ansiKey[KEY_LEN+1]; - int len = WideCharToMultiByte( CP_ACP, WC_NO_BEST_FIT_CHARS, masterKey, -1, ansiKey, KEY_LEN, NULL, NULL ); - ansiKey[len] = '\0'; - AES_keygen( ansiKey, binMasterKey ); - */ - AES_keygen(masterKey, binMasterKey); - AES_bin_setup(&masterencode, AES_DIR_ENCRYPT, KEY_BYTES * 8, binMasterKey); - {// generate another IV for the master key - - int i; for (i = 0; i < sizeof(masterFileIV); i++) { masterFileIV[i] = rand(); } + srand(sequence++ ^ (unsigned int)time(NULL)); + { + int i; for (i = 0; i < AES_MAX_IV_SIZE; i++) { + precodedata[PREAMBLE_SIZE + i] = 0;//rand(); + } } - AES_bin_cipherInit(&mastercypher, AES_MODE_CBC, masterFileIV); + { + if (useFileKey) { + // generate the encryption key from the passphrase + /* @@@ + char ansiKey[KEY_LEN+1]; + int len = WideCharToMultiByte( CP_ACP, WC_NO_BEST_FIT_CHARS, fileKey, -1, ansiKey, KEY_LEN, NULL, NULL ); + ansiKey[len] = '\0'; + AES_keygen( ansiKey, binFileKey ); + */ + AES_keygen(fileKey, binFileKey); + hasBinFileKey = TRUE; + }; - AES_blockEncrypt(&mastercypher, &masterencode, binFileKey, sizeof(binFileKey), masterFileKey); - hasMasterFileKey = TRUE; - } + AES_bin_setup(&fileEncode, AES_DIR_ENCRYPT, KEY_BYTES * 8, binFileKey); - if (hasMasterFileKey) - {// copy the encrypted (new or recycled) into the output - memcpy(&precodedata[precode_size], masterFileIV, sizeof(masterFileIV)); - memcpy(&precodedata[precode_size + sizeof(masterFileIV)], masterFileKey, sizeof(masterFileKey)); - precode_size += sizeof(masterFileKey) + sizeof(masterFileIV); - PREAMBLE_data[1] = MASTERKEY_FORMAT; - } + AES_bin_cipherInit(&fileCypher, AES_MODE_CBC, &precodedata[PREAMBLE_SIZE]); - // write the PREAMBLE, punt if that failed - if (!WriteFile(hFile, precodedata, precode_size, &PREAMBLE_written, NULL)) - { - *written = PREAMBLE_written; - return(FALSE); - } + if (useMasterKey && *masterKey) { //setup with the master key and encrypt the file key. + //append the encrypted file key to the end of the PREAMBLE block + BYTE binMasterKey[KEY_BYTES]; + AES_keyInstance masterencode; + AES_cipherInstance mastercypher; + /* @@@ + char ansiKey[KEY_LEN+1]; + int len = WideCharToMultiByte( CP_ACP, WC_NO_BEST_FIT_CHARS, masterKey, -1, ansiKey, KEY_LEN, NULL, NULL ); + ansiKey[len] = '\0'; + AES_keygen( ansiKey, binMasterKey ); + */ + AES_keygen(masterKey, binMasterKey); + AES_bin_setup(&masterencode, AES_DIR_ENCRYPT, KEY_BYTES * 8, binMasterKey); + {// generate another IV for the master key + + int i; for (i = 0; i < sizeof(masterFileIV); i++) { masterFileIV[i] = (BYTE)(rand() & BYTE_MAX); } + } + + AES_bin_cipherInit(&mastercypher, AES_MODE_CBC, masterFileIV); + + AES_blockEncrypt(&mastercypher, &masterencode, binFileKey, sizeof(binFileKey), masterFileKey); + hasMasterFileKey = TRUE; + } + + if (hasMasterFileKey) {// copy the encrypted (new or recycled) into the output + memcpy(&precodedata[precode_size], masterFileIV, sizeof(masterFileIV)); + memcpy(&precodedata[precode_size + sizeof(masterFileIV)], masterFileKey, sizeof(masterFileKey)); + precode_size += sizeof(masterFileKey) + sizeof(masterFileIV); + PREAMBLE_data[1] = MASTERKEY_FORMAT; + } + + // write the PREAMBLE, punt if that failed + if (!WriteFile(hFile, precodedata, precode_size, &PREAMBLE_written, NULL)) { + *written = PREAMBLE_written; + return(FALSE); + } + } + + // now encrypt the main file + { + DWORD enclen_written = 0; + DWORD enclen = 0; + BOOL bWriteRes = FALSE; + + BYTE* encdata = (BYTE*)HeapAlloc(GetProcessHeap(), HEAP_GENERATE_EXCEPTIONS, size + PAD_SLOP); // add slop to the end for padding + if (!encdata) + return bWriteRes; + + if (size > PAD_SLOP) { enclen += AES_blockEncrypt(&fileCypher, &fileEncode, data, size - PAD_SLOP, encdata); } + + enclen += AES_padEncrypt(&fileCypher, &fileEncode, data + enclen, size - enclen, encdata + enclen); + + bWriteRes = WriteFile(hFile, encdata, enclen, &enclen_written, NULL); + + HeapFree(GetProcessHeap(), 0, encdata); // clean-up + + *written = PREAMBLE_written + enclen_written; // return the file size written + return(bWriteRes); // and the file ok status + } } - - // now encrypt the main file - { - HANDLE enchandle = GlobalAlloc(GPTR, size + PAD_SLOP); // add slop to the end for padding - BYTE *encdata = GlobalLock(enchandle); - BOOL writeOK = FALSE; - DWORD enclen_written = 0; - DWORD enclen = 0; - - if (size > PAD_SLOP) { enclen += AES_blockEncrypt(&fileCypher, &fileEncode, data, size - PAD_SLOP, encdata); } - - enclen += AES_padEncrypt(&fileCypher, &fileEncode, data + enclen, size - enclen, encdata + enclen); - - writeOK = WriteFile(hFile, encdata, enclen, &enclen_written, NULL); - - GlobalUnlock(enchandle); // clean up - GlobalFree(enchandle); - *written = PREAMBLE_written + enclen_written; // return the file size written - return(writeOK); // and the file ok status + else { + // not an encrypted file, write normally + BOOL bWriteSuccess = WriteFile(hFile, data, size, written, NULL); + return(bWriteSuccess); } - } - else - { - // not an encrypted file, write normally - BOOL bWriteSuccess = WriteFile(hFile, data, size, written, NULL); - return(bWriteSuccess); - } } diff --git a/crypto/crypto.h b/crypto/crypto.h index 3dba7dd3b..3f34a9977 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -10,9 +10,10 @@ #define FILEKEY_FORMAT 1 // next 4 bytes determine version/format #define MASTERKEY_FORMAT 2 // format with master key #define MASTER_KEY_OFFSET (PREAMBLE_SIZE+AES_MAX_IV_SIZE) +#define UNUSED(expr) (void)(expr) BOOL EncryptAndWriteFile(HWND hwnd, HANDLE hFile, BYTE *data, DWORD size, DWORD *written); BOOL ReadAndDecryptFile(HWND hwnd, HANDLE hFile, DWORD size, void **lpdata, DWORD *cbdata); -BOOL GetFileKey( HWND hwnd ); +BOOL GetFileKey(HWND hwnd); void ResetEncryption(); #endif diff --git a/crypto/notepadcrypt.c b/crypto/notepadcrypt.c index c6fccb2be..3b850c6fb 100644 --- a/crypto/notepadcrypt.c +++ b/crypto/notepadcrypt.c @@ -20,257 +20,250 @@ #define BLOCKSIZE (64 * 1024) // the optimal buffer size for sequential I/O on Windows NT/2k/XP typedef struct AES_file -{ FILE *file; - AES_cipherInstance cipher; - AES_keyInstance key; - BOOL encrypted; - BYTE buffer[BLOCKSIZE]; - long bytesleft; - long buffer_index; - long buffer_end; +{ + FILE *file; + AES_cipherInstance cipher; + AES_keyInstance key; + BOOL encrypted; + BYTE buffer[BLOCKSIZE]; + long bytesleft; + long buffer_index; + long buffer_end; } AES_file; void gen_iv(unsigned char *buf, int size) { - while(--size >= 0) buf[size] = size;//+= CM_random(); + while (--size >= 0) buf[size] = size;//+= CM_random(); } /* @func -open a file, possibly encrypted using notepad2 format, for reading and decryption. +open a file, possibly encrypted using notepad2 format, for reading and decryption. @rdesc 0 for success */ long ROpen_AES - (char * name, //@parm the file to open - AES_file * fp, //@parm the object to keep track of the open file - char *filekey, //@parm the file's passphrase, or an empty string, or NULL - char *masterkey//@parm the file's master passphrase, or an empty string, or NULL - ) +(char * name, //@parm the file to open + AES_file * fp, //@parm the object to keep track of the open file + char *filekey, //@parm the file's passphrase, or an empty string, or NULL + char *masterkey//@parm the file's master passphrase, or an empty string, or NULL +) { - FILE *file = NULL; - if (fopen_s(&file, name, "rb") != 0) { printf("File %s can't be opened\n", name); return(1); } - fp->file=file; - fp->buffer_index=0; - fp->buffer_end=0; - fp->bytesleft=0; - fp->encrypted=FALSE; - // get the file length - fseek(file,0,SEEK_END); - fp->bytesleft=ftell(file); - fseek(file,0,SEEK_SET); + FILE *file = NULL; + if (fopen_s(&file, name, "rb") != 0) { printf("File %s can't be opened\n", name); return(1); } + fp->file = file; + fp->buffer_index = 0; + fp->buffer_end = 0; + fp->bytesleft = 0; + fp->encrypted = FALSE; + // get the file length + fseek(file, 0, SEEK_END); + fp->bytesleft = ftell(file); + fseek(file, 0, SEEK_SET); - // read the maximum preable size, so we will have an even number of encrypted blocks - // left over if this is an encrypted file. - fp->buffer_end = (long)fread(fp->buffer,1,MASTER_KEY_OFFSET,fp->file); - fp->bytesleft -= fp->buffer_end; - if(fp->buffer_end>=MASTER_KEY_OFFSET) - { unsigned long *lbuf = (unsigned long *)&fp->buffer; - BYTE binFileKey[KEY_BYTES]; - BOOL hasFileKey=FALSE; + // read the maximum preable size, so we will have an even number of encrypted blocks + // left over if this is an encrypted file. + fp->buffer_end = (long)fread(fp->buffer, 1, MASTER_KEY_OFFSET, fp->file); + fp->bytesleft -= fp->buffer_end; + if (fp->buffer_end >= MASTER_KEY_OFFSET) { + unsigned long *lbuf = (unsigned long *)&fp->buffer; + BYTE binFileKey[KEY_BYTES]; + BOOL hasFileKey = FALSE; - //possibly encrypted - if(lbuf[0]==PREAMBLE) - { - switch(lbuf[1]) - { - default: - printf("File %s is encrypted with an unsupported format: %d",name,lbuf[1]); - fclose(file); - return(1); - case MASTERKEY_FORMAT: - // read the masterkey block - if(fread(fp->buffer+fp->buffer_end,1,KEY_BYTES+AES_MAX_IV_SIZE,fp->file) - !=(KEY_BYTES+AES_MAX_IV_SIZE)) - { fclose(fp->file); - return(2); // short file - } - fp->buffer_index = fp->buffer_end; - fp->bytesleft -= (KEY_BYTES+AES_MAX_IV_SIZE); + //possibly encrypted + if (lbuf[0] == PREAMBLE) { + switch (lbuf[1]) { + default: + printf("File %s is encrypted with an unsupported format: %d", name, lbuf[1]); + fclose(file); + return(1); + case MASTERKEY_FORMAT: + // read the masterkey block + if (fread(fp->buffer + fp->buffer_end, 1, KEY_BYTES + AES_MAX_IV_SIZE, fp->file) + != (KEY_BYTES + AES_MAX_IV_SIZE)) { + fclose(fp->file); + return(2); // short file + } + fp->buffer_index = fp->buffer_end; + fp->bytesleft -= (KEY_BYTES + AES_MAX_IV_SIZE); - if(masterkey && *masterkey) - { - BYTE binMasterKey[KEY_BYTES]; - AES_keygen(masterkey,binMasterKey); - AES_bin_setup(&fp->key,AES_DIR_DECRYPT,KEY_BYTES*8,binMasterKey); - AES_bin_cipherInit(&fp->cipher,AES_MODE_CBC,&fp->buffer[MASTER_KEY_OFFSET]); - AES_blockDecrypt(&fp->cipher,&fp->key,&fp->buffer[MASTER_KEY_OFFSET+AES_MAX_IV_SIZE],sizeof(binFileKey),binFileKey); - hasFileKey=TRUE; - } - else - if(filekey && *filekey) - { - AES_keygen(filekey,binFileKey); - fp->buffer_index=fp->buffer_end; - hasFileKey=TRUE; - } - break; - case FILEKEY_FORMAT: - if(filekey && *filekey) - { - AES_keygen(filekey,binFileKey); - fp->buffer_index=fp->buffer_end; - hasFileKey=TRUE; - } - break; + if (masterkey && *masterkey) { + BYTE binMasterKey[KEY_BYTES]; + AES_keygen(masterkey, binMasterKey); + AES_bin_setup(&fp->key, AES_DIR_DECRYPT, KEY_BYTES * 8, binMasterKey); + AES_bin_cipherInit(&fp->cipher, AES_MODE_CBC, &fp->buffer[MASTER_KEY_OFFSET]); + AES_blockDecrypt(&fp->cipher, &fp->key, &fp->buffer[MASTER_KEY_OFFSET + AES_MAX_IV_SIZE], sizeof(binFileKey), binFileKey); + hasFileKey = TRUE; + } + else + if (filekey && *filekey) { + AES_keygen(filekey, binFileKey); + fp->buffer_index = fp->buffer_end; + hasFileKey = TRUE; + } + break; + case FILEKEY_FORMAT: + if (filekey && *filekey) { + AES_keygen(filekey, binFileKey); + fp->buffer_index = fp->buffer_end; + hasFileKey = TRUE; + } + break; + } + if (hasFileKey) { + fp->encrypted = TRUE; + AES_bin_setup(&fp->key, AES_DIR_DECRYPT, KEY_BYTES * 8, binFileKey); + AES_bin_cipherInit(&fp->cipher, AES_MODE_CBC, &fp->buffer[PREAMBLE_SIZE]); + return(0); + } + printf("File %s is encrypted, but no suitable passphrase is available", + name); + fclose(file); + return(3); + } } - if(hasFileKey) - { fp->encrypted=TRUE; - AES_bin_setup(&fp->key,AES_DIR_DECRYPT,KEY_BYTES*8,binFileKey); - AES_bin_cipherInit(&fp->cipher,AES_MODE_CBC,&fp->buffer[PREAMBLE_SIZE]); - return(0); - } - printf("File %s is encrypted, but no suitable passphrase is available", - name); - fclose(file); - return(3); - } - } - return(0); // file is too short to be encrypted + return(0); // file is too short to be encrypted } /* @func encrypt infile to outfile, using filephrase to generate the key, and optionally using masterphrase as the master key */ -int encrypt(char *infile,char *outfile,char *filephrase,char *masterphrase) -{ int err=0; -FILE *in = NULL; -if (fopen_s(&in, infile, "rb") != 0) { printf("input file %s can't be opened\1", infile); err++; } - else - { - FILE *out = NULL; - if (fopen_s(&out, outfile, "wb") != 0) { printf("output file %s can't be opened\n", outfile); err++; } - else - { BYTE buffer[BLOCKSIZE]; - unsigned long preamble[] = { PREAMBLE, FILEKEY_FORMAT}; - BYTE iv[AES_MAX_IV_SIZE]; - BYTE filekey[KEY_BYTES]; - BOOL masterformat = masterphrase && *masterphrase; - AES_cipherInstance cipher; - AES_keyInstance key; +int encrypt(char *infile, char *outfile, char *filephrase, char *masterphrase) +{ + int err = 0; + FILE *in = NULL; + if (fopen_s(&in, infile, "rb") != 0) { printf("input file %s can't be opened\1", infile); err++; } + else { + FILE *out = NULL; + if (fopen_s(&out, outfile, "wb") != 0) { printf("output file %s can't be opened\n", outfile); err++; } + else { + BYTE buffer[BLOCKSIZE]; + unsigned long preamble[] = { PREAMBLE, FILEKEY_FORMAT }; + BYTE iv[AES_MAX_IV_SIZE]; + BYTE filekey[KEY_BYTES]; + BOOL masterformat = masterphrase && *masterphrase; + AES_cipherInstance cipher; + AES_keyInstance key; - if(masterformat) { preamble[1]=MASTERKEY_FORMAT; } + if (masterformat) { preamble[1] = MASTERKEY_FORMAT; } - gen_iv(iv,sizeof(iv)); // generate a random iv - AES_keygen(filephrase,filekey); // make key file passphrase - fwrite(preamble,1,sizeof(preamble),out); // write the preamble - fwrite(iv,1,sizeof(iv),out); // and the iv + gen_iv(iv, sizeof(iv)); // generate a random iv + AES_keygen(filephrase, filekey); // make key file passphrase + fwrite(preamble, 1, sizeof(preamble), out); // write the preamble + fwrite(iv, 1, sizeof(iv), out); // and the iv - AES_bin_setup(&key,AES_DIR_ENCRYPT,KEY_BYTES*8,filekey); // prepare the encryption - AES_bin_cipherInit(&cipher,AES_MODE_CBC,iv); + AES_bin_setup(&key, AES_DIR_ENCRYPT, KEY_BYTES * 8, filekey); // prepare the encryption + AES_bin_cipherInit(&cipher, AES_MODE_CBC, iv); - if(masterformat) - { // encrypt the file key with the masterkey and write it. - BYTE masteriv[AES_MAX_IV_SIZE]; - BYTE masterkey[KEY_BYTES]; - BYTE encfilekey[KEY_BYTES]; - AES_cipherInstance mastercipher; - AES_keyInstance mkey; - - AES_keygen(masterphrase,masterkey); // generate the master key - gen_iv(masteriv,sizeof(masteriv)); // and an iv for it - AES_bin_setup(&mkey,AES_DIR_ENCRYPT,KEY_BYTES*8,masterkey); - AES_bin_cipherInit(&mastercipher,AES_MODE_CBC,masteriv); - // encrypt the file key using the master key - AES_blockEncrypt(&mastercipher,&mkey,filekey,sizeof(filekey),encfilekey); - fwrite(masteriv,1,sizeof(masteriv),out); - fwrite(encfilekey,1,sizeof(encfilekey),out); + if (masterformat) { // encrypt the file key with the masterkey and write it. + BYTE masteriv[AES_MAX_IV_SIZE]; + BYTE masterkey[KEY_BYTES]; + BYTE encfilekey[KEY_BYTES]; + AES_cipherInstance mastercipher; + AES_keyInstance mkey; + + AES_keygen(masterphrase, masterkey); // generate the master key + gen_iv(masteriv, sizeof(masteriv)); // and an iv for it + AES_bin_setup(&mkey, AES_DIR_ENCRYPT, KEY_BYTES * 8, masterkey); + AES_bin_cipherInit(&mastercipher, AES_MODE_CBC, masteriv); + // encrypt the file key using the master key + AES_blockEncrypt(&mastercipher, &mkey, filekey, sizeof(filekey), encfilekey); + fwrite(masteriv, 1, sizeof(masteriv), out); + fwrite(encfilekey, 1, sizeof(encfilekey), out); + } + + // now encrypt and output the actual data + { + long bytesread = 0; + long bytesencrypted = 0; + do { + bytesread = (long)fread(buffer, 1, sizeof(buffer), in); + bytesencrypted = 0; + if (bytesread > 0) { + bytesencrypted = AES_blockEncrypt(&cipher, &key, buffer, bytesread, buffer); + fwrite(buffer, 1, bytesencrypted, out); + } + } while ((bytesread > 0) && (bytesencrypted == bytesread)); + // pad the last block + bytesencrypted = AES_padEncrypt(&cipher, &key, buffer + bytesencrypted, (bytesread - bytesencrypted), buffer); + fwrite(buffer, 1, bytesencrypted, out); + fclose(out); + } + } + fclose(in); } - - // now encrypt and output the actual data - { long bytesread=0; - long bytesencrypted=0; - do { - bytesread = (long)fread(buffer,1,sizeof(buffer),in); - bytesencrypted=0; - if(bytesread>0) - { bytesencrypted = AES_blockEncrypt(&cipher,&key,buffer,bytesread,buffer); - fwrite(buffer,1,bytesencrypted,out); - } - } while((bytesread>0)&&(bytesencrypted==bytesread)); - // pad the last block - bytesencrypted = AES_padEncrypt(&cipher,&key,buffer+bytesencrypted,(bytesread-bytesencrypted),buffer); - fwrite(buffer,1,bytesencrypted,out); - fclose(out); - } - } - fclose(in); - } - return(err); + return(err); } /* @func decrypt a file using filephrase or masterphrase. If the file has a master key and masterphrase is supplied, masterphrase is used. Otherwise filephrase. */ -int decrypt(char *infile,char *outfile,char *filephrase,char *masterphrase) -{ AES_file in; - int err=0; - if(0==ROpen_AES(infile,&in,filephrase,masterphrase)) - { - FILE *out = NULL; - if (fopen_s(&out, outfile, "wb") == 0) - { while(in.bytesleft > 0) - { if(in.buffer_index 0) { + if (in.buffer_index < in.buffer_end) { //write the data already available + fwrite(in.buffer + in.buffer_index, 1, in.buffer_end - in.buffer_index, out); + } + // read and decrypt some more data + { + long sizeread = (long)fread(in.buffer, 1, sizeof(in.buffer), in.file); + if (sizeread <= 0) { + printf("ran out of input data\n"); + in.bytesleft = 0; + err++; + } + AES_blockDecrypt(&in.cipher, &in.key, in.buffer, sizeread, in.buffer); + in.bytesleft -= sizeread; + in.buffer_index = 0; + in.buffer_end = sizeread; + } + } + // now we just have one buffer containing some padding + in.buffer_end -= in.buffer[in.buffer_end - 1]; + fwrite(in.buffer + in.buffer_index, 1, in.buffer_end - in.buffer_index, out); + fclose(out); + } + fclose(in.file); } - fclose(in.file); - } - return(err); + return(err); } int main(int argc, char *argv[]) -{ int err=0; - if(argc >= 4 ) - { long idx=1; +{ + int err = 0; + if (argc >= 4) { + long idx = 1; char *op = argv[idx++]; - char *infile = argv[idx++]; - char *outfile = argv[idx++]; - char *pass1 = argv[idx++]; - char *pass2 = (idx> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp ) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[5] = rk[1] ^ rk[4]; - rk[6] = rk[2] ^ rk[5]; - rk[7] = rk[3] ^ rk[6]; - if (++i == 10) { - return 10; - } - rk += 4; - } - } - rk[4] = GETU32(cipherKey + 16); - rk[5] = GETU32(cipherKey + 20); - if (keyBits == 192) { - for (;;) { - temp = rk[ 5]; - rk[ 6] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp ) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[ 7] = rk[ 1] ^ rk[ 6]; - rk[ 8] = rk[ 2] ^ rk[ 7]; - rk[ 9] = rk[ 3] ^ rk[ 8]; - if (++i == 8) { - return 12; - } - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; - rk += 6; - } - } - rk[6] = GETU32(cipherKey + 24); - rk[7] = GETU32(cipherKey + 28); - if (keyBits == 256) { + rk[0] = GETU32(cipherKey); + rk[1] = GETU32(cipherKey + 4); + rk[2] = GETU32(cipherKey + 8); + rk[3] = GETU32(cipherKey + 12); + if (keyBits == 128) { for (;;) { - temp = rk[ 7]; - rk[ 8] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp ) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[ 9] = rk[ 1] ^ rk[ 8]; - rk[10] = rk[ 2] ^ rk[ 9]; - rk[11] = rk[ 3] ^ rk[10]; - if (++i == 7) { - return 14; - } - temp = rk[11]; - rk[12] = rk[ 4] ^ - (Te4[(temp >> 24) ] & 0xff000000) ^ - (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(temp ) & 0xff] & 0x000000ff); - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; - - rk += 8; + temp = rk[3]; + rk[4] = rk[0] ^ + (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te4[(temp) & 0xff] & 0x0000ff00) ^ + (Te4[(temp >> 24)] & 0x000000ff) ^ + rcon[i]; + rk[5] = rk[1] ^ rk[4]; + rk[6] = rk[2] ^ rk[5]; + rk[7] = rk[3] ^ rk[6]; + if (++i == 10) { + return 10; + } + rk += 4; } - } - return 0; + } + rk[4] = GETU32(cipherKey + 16); + rk[5] = GETU32(cipherKey + 20); + if (keyBits == 192) { + for (;;) { + temp = rk[5]; + rk[6] = rk[0] ^ + (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te4[(temp) & 0xff] & 0x0000ff00) ^ + (Te4[(temp >> 24)] & 0x000000ff) ^ + rcon[i]; + rk[7] = rk[1] ^ rk[6]; + rk[8] = rk[2] ^ rk[7]; + rk[9] = rk[3] ^ rk[8]; + if (++i == 8) { + return 12; + } + rk[10] = rk[4] ^ rk[9]; + rk[11] = rk[5] ^ rk[10]; + rk += 6; + } + } + rk[6] = GETU32(cipherKey + 24); + rk[7] = GETU32(cipherKey + 28); + if (keyBits == 256) { + for (;;) { + temp = rk[7]; + rk[8] = rk[0] ^ + (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te4[(temp) & 0xff] & 0x0000ff00) ^ + (Te4[(temp >> 24)] & 0x000000ff) ^ + rcon[i]; + rk[9] = rk[1] ^ rk[8]; + rk[10] = rk[2] ^ rk[9]; + rk[11] = rk[3] ^ rk[10]; + if (++i == 7) { + return 14; + } + temp = rk[11]; + rk[12] = rk[4] ^ + (Te4[(temp >> 24)] & 0xff000000) ^ + (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(temp) & 0xff] & 0x000000ff); + rk[13] = rk[5] ^ rk[12]; + rk[14] = rk[6] ^ rk[13]; + rk[15] = rk[7] ^ rk[14]; + + rk += 8; + } + } + return 0; } /** @@ -813,312 +814,133 @@ int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBit * * @return the number of rounds for the given cipher key size. */ -int rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) { - int Nr, i, j; - u32 temp; +int rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) +{ + int Nr, i, j; + u32 temp; - /* expand the cipher key: */ - Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits); - /* invert the order of the round keys: */ - for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) { - temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; - temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; - temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; - temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; - } - /* apply the inverse MixColumn transform to all round keys but the first and the last: */ - for (i = 1; i < Nr; i++) { - rk += 4; - rk[0] = - Td0[Te4[(rk[0] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[0] ) & 0xff] & 0xff]; - rk[1] = - Td0[Te4[(rk[1] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[1] ) & 0xff] & 0xff]; - rk[2] = - Td0[Te4[(rk[2] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[2] ) & 0xff] & 0xff]; - rk[3] = - Td0[Te4[(rk[3] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[3] ) & 0xff] & 0xff]; - } - return Nr; + /* expand the cipher key: */ + Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits); + /* invert the order of the round keys: */ + for (i = 0, j = 4 * Nr; i < j; i += 4, j -= 4) { + temp = rk[i]; rk[i] = rk[j]; rk[j] = temp; + temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; + temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; + temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; + } + /* apply the inverse MixColumn transform to all round keys but the first and the last: */ + for (i = 1; i < Nr; i++) { + rk += 4; + rk[0] = + Td0[Te4[(rk[0] >> 24)] & 0xff] ^ + Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^ + Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^ + Td3[Te4[(rk[0]) & 0xff] & 0xff]; + rk[1] = + Td0[Te4[(rk[1] >> 24)] & 0xff] ^ + Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^ + Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^ + Td3[Te4[(rk[1]) & 0xff] & 0xff]; + rk[2] = + Td0[Te4[(rk[2] >> 24)] & 0xff] ^ + Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^ + Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^ + Td3[Te4[(rk[2]) & 0xff] & 0xff]; + rk[3] = + Td0[Te4[(rk[3] >> 24)] & 0xff] ^ + Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^ + Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^ + Td3[Te4[(rk[3]) & 0xff] & 0xff]; + } + return Nr; } -void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], u8 ct[16]) { - u32 s0, s1, s2, s3, t0, t1, t2, t3; +void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], u8 ct[16]) +{ + u32 s0, s1, s2, s3, t0, t1, t2, t3; #ifndef FULL_UNROLL int r; #endif /* ?FULL_UNROLL */ /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(pt ) ^ rk[0]; - s1 = GETU32(pt + 4) ^ rk[1]; - s2 = GETU32(pt + 8) ^ rk[2]; - s3 = GETU32(pt + 12) ^ rk[3]; + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(pt) ^ rk[0]; + s1 = GETU32(pt + 4) ^ rk[1]; + s2 = GETU32(pt + 8) ^ rk[2]; + s3 = GETU32(pt + 12) ^ rk[3]; #ifdef FULL_UNROLL /* round 1: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; - /* round 2: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[4]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[5]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[6]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[7]; + /* round 2: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[8]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[9]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; /* round 3: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; - /* round 4: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; + /* round 4: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; /* round 5: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; - /* round 6: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; + /* round 6: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; /* round 7: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; - /* round 8: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; + /* round 8: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; /* round 9: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; if (Nr > 10) { /* round 10: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43]; + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43]; /* round 11: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47]; if (Nr > 12) { /* round 12: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51]; + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51]; /* round 13: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55]; } } rk += Nr << 2; -#else /* !FULL_UNROLL */ - /* - * Nr - 1 full rounds: - */ - r = Nr >> 1; - for (;;) { - t0 = - Te0[(s0 >> 24) ] ^ - Te1[(s1 >> 16) & 0xff] ^ - Te2[(s2 >> 8) & 0xff] ^ - Te3[(s3 ) & 0xff] ^ - rk[4]; - t1 = - Te0[(s1 >> 24) ] ^ - Te1[(s2 >> 16) & 0xff] ^ - Te2[(s3 >> 8) & 0xff] ^ - Te3[(s0 ) & 0xff] ^ - rk[5]; - t2 = - Te0[(s2 >> 24) ] ^ - Te1[(s3 >> 16) & 0xff] ^ - Te2[(s0 >> 8) & 0xff] ^ - Te3[(s1 ) & 0xff] ^ - rk[6]; - t3 = - Te0[(s3 >> 24) ] ^ - Te1[(s0 >> 16) & 0xff] ^ - Te2[(s1 >> 8) & 0xff] ^ - Te3[(s2 ) & 0xff] ^ - rk[7]; - - rk += 8; - if (--r == 0) { - break; - } - - s0 = - Te0[(t0 >> 24) ] ^ - Te1[(t1 >> 16) & 0xff] ^ - Te2[(t2 >> 8) & 0xff] ^ - Te3[(t3 ) & 0xff] ^ - rk[0]; - s1 = - Te0[(t1 >> 24) ] ^ - Te1[(t2 >> 16) & 0xff] ^ - Te2[(t3 >> 8) & 0xff] ^ - Te3[(t0 ) & 0xff] ^ - rk[1]; - s2 = - Te0[(t2 >> 24) ] ^ - Te1[(t3 >> 16) & 0xff] ^ - Te2[(t0 >> 8) & 0xff] ^ - Te3[(t1 ) & 0xff] ^ - rk[2]; - s3 = - Te0[(t3 >> 24) ] ^ - Te1[(t0 >> 16) & 0xff] ^ - Te2[(t1 >> 8) & 0xff] ^ - Te3[(t2 ) & 0xff] ^ - rk[3]; - } -#endif /* ?FULL_UNROLL */ - /* - * apply last round and - * map cipher state to byte array block: - */ - s0 = - (Te4[(t0 >> 24) ] & 0xff000000) ^ - (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t3 ) & 0xff] & 0x000000ff) ^ - rk[0]; - PUTU32(ct , s0); - s1 = - (Te4[(t1 >> 24) ] & 0xff000000) ^ - (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t0 ) & 0xff] & 0x000000ff) ^ - rk[1]; - PUTU32(ct + 4, s1); - s2 = - (Te4[(t2 >> 24) ] & 0xff000000) ^ - (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t1 ) & 0xff] & 0x000000ff) ^ - rk[2]; - PUTU32(ct + 8, s2); - s3 = - (Te4[(t3 >> 24) ] & 0xff000000) ^ - (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t2 ) & 0xff] & 0x000000ff) ^ - rk[3]; - PUTU32(ct + 12, s3); -} - -void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 pt[16]) { - u32 s0, s1, s2, s3, t0, t1, t2, t3; -#ifndef FULL_UNROLL - int r; -#endif /* ?FULL_UNROLL */ - - /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(ct ) ^ rk[0]; - s1 = GETU32(ct + 4) ^ rk[1]; - s2 = GETU32(ct + 8) ^ rk[2]; - s3 = GETU32(ct + 12) ^ rk[3]; -#ifdef FULL_UNROLL - /* round 1: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7]; - /* round 2: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11]; - /* round 3: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15]; - /* round 4: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19]; - /* round 5: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23]; - /* round 6: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27]; - /* round 7: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31]; - /* round 8: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35]; - /* round 9: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39]; - if (Nr > 10) { - /* round 10: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43]; - /* round 11: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47]; - if (Nr > 12) { - /* round 12: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51]; - /* round 13: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55]; - } - } - rk += Nr << 2; #else /* !FULL_UNROLL */ /* * Nr - 1 full rounds: @@ -1126,28 +948,28 @@ void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 p r = Nr >> 1; for (;;) { t0 = - Td0[(s0 >> 24) ] ^ - Td1[(s3 >> 16) & 0xff] ^ - Td2[(s2 >> 8) & 0xff] ^ - Td3[(s1 ) & 0xff] ^ + Te0[(s0 >> 24)] ^ + Te1[(s1 >> 16) & 0xff] ^ + Te2[(s2 >> 8) & 0xff] ^ + Te3[(s3) & 0xff] ^ rk[4]; t1 = - Td0[(s1 >> 24) ] ^ - Td1[(s0 >> 16) & 0xff] ^ - Td2[(s3 >> 8) & 0xff] ^ - Td3[(s2 ) & 0xff] ^ + Te0[(s1 >> 24)] ^ + Te1[(s2 >> 16) & 0xff] ^ + Te2[(s3 >> 8) & 0xff] ^ + Te3[(s0) & 0xff] ^ rk[5]; t2 = - Td0[(s2 >> 24) ] ^ - Td1[(s1 >> 16) & 0xff] ^ - Td2[(s0 >> 8) & 0xff] ^ - Td3[(s3 ) & 0xff] ^ + Te0[(s2 >> 24)] ^ + Te1[(s3 >> 16) & 0xff] ^ + Te2[(s0 >> 8) & 0xff] ^ + Te3[(s1) & 0xff] ^ rk[6]; t3 = - Td0[(s3 >> 24) ] ^ - Td1[(s2 >> 16) & 0xff] ^ - Td2[(s1 >> 8) & 0xff] ^ - Td3[(s0 ) & 0xff] ^ + Te0[(s3 >> 24)] ^ + Te1[(s0 >> 16) & 0xff] ^ + Te2[(s1 >> 8) & 0xff] ^ + Te3[(s2) & 0xff] ^ rk[7]; rk += 8; @@ -1156,247 +978,431 @@ void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 p } s0 = - Td0[(t0 >> 24) ] ^ - Td1[(t3 >> 16) & 0xff] ^ - Td2[(t2 >> 8) & 0xff] ^ - Td3[(t1 ) & 0xff] ^ + Te0[(t0 >> 24)] ^ + Te1[(t1 >> 16) & 0xff] ^ + Te2[(t2 >> 8) & 0xff] ^ + Te3[(t3) & 0xff] ^ rk[0]; s1 = - Td0[(t1 >> 24) ] ^ - Td1[(t0 >> 16) & 0xff] ^ - Td2[(t3 >> 8) & 0xff] ^ - Td3[(t2 ) & 0xff] ^ + Te0[(t1 >> 24)] ^ + Te1[(t2 >> 16) & 0xff] ^ + Te2[(t3 >> 8) & 0xff] ^ + Te3[(t0) & 0xff] ^ rk[1]; s2 = - Td0[(t2 >> 24) ] ^ - Td1[(t1 >> 16) & 0xff] ^ - Td2[(t0 >> 8) & 0xff] ^ - Td3[(t3 ) & 0xff] ^ + Te0[(t2 >> 24)] ^ + Te1[(t3 >> 16) & 0xff] ^ + Te2[(t0 >> 8) & 0xff] ^ + Te3[(t1) & 0xff] ^ rk[2]; s3 = - Td0[(t3 >> 24) ] ^ - Td1[(t2 >> 16) & 0xff] ^ - Td2[(t1 >> 8) & 0xff] ^ - Td3[(t0 ) & 0xff] ^ + Te0[(t3 >> 24)] ^ + Te1[(t0 >> 16) & 0xff] ^ + Te2[(t1 >> 8) & 0xff] ^ + Te3[(t2) & 0xff] ^ rk[3]; } #endif /* ?FULL_UNROLL */ /* - * apply last round and - * map cipher state to byte array block: - */ - s0 = - (Td4[(t0 >> 24) ] & 0xff000000) ^ - (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t1 ) & 0xff] & 0x000000ff) ^ - rk[0]; - PUTU32(pt , s0); - s1 = - (Td4[(t1 >> 24) ] & 0xff000000) ^ - (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t2 ) & 0xff] & 0x000000ff) ^ - rk[1]; - PUTU32(pt + 4, s1); - s2 = - (Td4[(t2 >> 24) ] & 0xff000000) ^ - (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t3 ) & 0xff] & 0x000000ff) ^ - rk[2]; - PUTU32(pt + 8, s2); - s3 = - (Td4[(t3 >> 24) ] & 0xff000000) ^ - (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t0 ) & 0xff] & 0x000000ff) ^ - rk[3]; - PUTU32(pt + 12, s3); + * apply last round and + * map cipher state to byte array block: + */ + s0 = + (Te4[(t0 >> 24)] & 0xff000000) ^ + (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(t3) & 0xff] & 0x000000ff) ^ + rk[0]; + PUTU32(ct, s0); + s1 = + (Te4[(t1 >> 24)] & 0xff000000) ^ + (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(t0) & 0xff] & 0x000000ff) ^ + rk[1]; + PUTU32(ct + 4, s1); + s2 = + (Te4[(t2 >> 24)] & 0xff000000) ^ + (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(t1) & 0xff] & 0x000000ff) ^ + rk[2]; + PUTU32(ct + 8, s2); + s3 = + (Te4[(t3 >> 24)] & 0xff000000) ^ + (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(t2) & 0xff] & 0x000000ff) ^ + rk[3]; + PUTU32(ct + 12, s3); +} + +void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 pt[16]) +{ + u32 s0, s1, s2, s3, t0, t1, t2, t3; +#ifndef FULL_UNROLL + int r; +#endif /* ?FULL_UNROLL */ + + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(ct) ^ rk[0]; + s1 = GETU32(ct + 4) ^ rk[1]; + s2 = GETU32(ct + 8) ^ rk[2]; + s3 = GETU32(ct + 12) ^ rk[3]; +#ifdef FULL_UNROLL + /* round 1: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[4]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[5]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[6]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[7]; + /* round 2: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[8]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[9]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11]; + /* round 3: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15]; + /* round 4: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19]; + /* round 5: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23]; + /* round 6: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27]; + /* round 7: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31]; + /* round 8: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35]; + /* round 9: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39]; + if (Nr > 10) { + /* round 10: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43]; + /* round 11: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47]; + if (Nr > 12) { + /* round 12: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51]; + /* round 13: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55]; + } + } + rk += Nr << 2; +#else /* !FULL_UNROLL */ + /* + * Nr - 1 full rounds: + */ + r = Nr >> 1; + for (;;) { + t0 = + Td0[(s0 >> 24)] ^ + Td1[(s3 >> 16) & 0xff] ^ + Td2[(s2 >> 8) & 0xff] ^ + Td3[(s1) & 0xff] ^ + rk[4]; + t1 = + Td0[(s1 >> 24)] ^ + Td1[(s0 >> 16) & 0xff] ^ + Td2[(s3 >> 8) & 0xff] ^ + Td3[(s2) & 0xff] ^ + rk[5]; + t2 = + Td0[(s2 >> 24)] ^ + Td1[(s1 >> 16) & 0xff] ^ + Td2[(s0 >> 8) & 0xff] ^ + Td3[(s3) & 0xff] ^ + rk[6]; + t3 = + Td0[(s3 >> 24)] ^ + Td1[(s2 >> 16) & 0xff] ^ + Td2[(s1 >> 8) & 0xff] ^ + Td3[(s0) & 0xff] ^ + rk[7]; + + rk += 8; + if (--r == 0) { + break; + } + + s0 = + Td0[(t0 >> 24)] ^ + Td1[(t3 >> 16) & 0xff] ^ + Td2[(t2 >> 8) & 0xff] ^ + Td3[(t1) & 0xff] ^ + rk[0]; + s1 = + Td0[(t1 >> 24)] ^ + Td1[(t0 >> 16) & 0xff] ^ + Td2[(t3 >> 8) & 0xff] ^ + Td3[(t2) & 0xff] ^ + rk[1]; + s2 = + Td0[(t2 >> 24)] ^ + Td1[(t1 >> 16) & 0xff] ^ + Td2[(t0 >> 8) & 0xff] ^ + Td3[(t3) & 0xff] ^ + rk[2]; + s3 = + Td0[(t3 >> 24)] ^ + Td1[(t2 >> 16) & 0xff] ^ + Td2[(t1 >> 8) & 0xff] ^ + Td3[(t0) & 0xff] ^ + rk[3]; + } +#endif /* ?FULL_UNROLL */ + /* + * apply last round and + * map cipher state to byte array block: + */ + s0 = + (Td4[(t0 >> 24)] & 0xff000000) ^ + (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t1) & 0xff] & 0x000000ff) ^ + rk[0]; + PUTU32(pt, s0); + s1 = + (Td4[(t1 >> 24)] & 0xff000000) ^ + (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t2) & 0xff] & 0x000000ff) ^ + rk[1]; + PUTU32(pt + 4, s1); + s2 = + (Td4[(t2 >> 24)] & 0xff000000) ^ + (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t3) & 0xff] & 0x000000ff) ^ + rk[2]; + PUTU32(pt + 8, s2); + s3 = + (Td4[(t3 >> 24)] & 0xff000000) ^ + (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t0) & 0xff] & 0x000000ff) ^ + rk[3]; + PUTU32(pt + 12, s3); } #ifdef INTERMEDIATE_VALUE_KAT -void rijndaelEncryptRound(const u32 rk[/*4*(Nr + 1)*/], int Nr, u8 block[16], int rounds) { - int r; - u32 s0, s1, s2, s3, t0, t1, t2, t3; +void rijndaelEncryptRound(const u32 rk[/*4*(Nr + 1)*/], int Nr, u8 block[16], int rounds) +{ + int r; + u32 s0, s1, s2, s3, t0, t1, t2, t3; /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(block ) ^ rk[0]; - s1 = GETU32(block + 4) ^ rk[1]; - s2 = GETU32(block + 8) ^ rk[2]; - s3 = GETU32(block + 12) ^ rk[3]; + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(block) ^ rk[0]; + s1 = GETU32(block + 4) ^ rk[1]; + s2 = GETU32(block + 8) ^ rk[2]; + s3 = GETU32(block + 12) ^ rk[3]; rk += 4; /* - * Nr - 1 full rounds: - */ - for (r = (rounds < Nr ? rounds : Nr - 1); r > 0; r--) { - t0 = - Te0[(s0 >> 24) ] ^ - Te1[(s1 >> 16) & 0xff] ^ - Te2[(s2 >> 8) & 0xff] ^ - Te3[(s3 ) & 0xff] ^ - rk[0]; - t1 = - Te0[(s1 >> 24) ] ^ - Te1[(s2 >> 16) & 0xff] ^ - Te2[(s3 >> 8) & 0xff] ^ - Te3[(s0 ) & 0xff] ^ - rk[1]; - t2 = - Te0[(s2 >> 24) ] ^ - Te1[(s3 >> 16) & 0xff] ^ - Te2[(s0 >> 8) & 0xff] ^ - Te3[(s1 ) & 0xff] ^ - rk[2]; - t3 = - Te0[(s3 >> 24) ] ^ - Te1[(s0 >> 16) & 0xff] ^ - Te2[(s1 >> 8) & 0xff] ^ - Te3[(s2 ) & 0xff] ^ - rk[3]; + * Nr - 1 full rounds: + */ + for (r = (rounds < Nr ? rounds : Nr - 1); r > 0; r--) { + t0 = + Te0[(s0 >> 24)] ^ + Te1[(s1 >> 16) & 0xff] ^ + Te2[(s2 >> 8) & 0xff] ^ + Te3[(s3) & 0xff] ^ + rk[0]; + t1 = + Te0[(s1 >> 24)] ^ + Te1[(s2 >> 16) & 0xff] ^ + Te2[(s3 >> 8) & 0xff] ^ + Te3[(s0) & 0xff] ^ + rk[1]; + t2 = + Te0[(s2 >> 24)] ^ + Te1[(s3 >> 16) & 0xff] ^ + Te2[(s0 >> 8) & 0xff] ^ + Te3[(s1) & 0xff] ^ + rk[2]; + t3 = + Te0[(s3 >> 24)] ^ + Te1[(s0 >> 16) & 0xff] ^ + Te2[(s1 >> 8) & 0xff] ^ + Te3[(s2) & 0xff] ^ + rk[3]; - s0 = t0; - s1 = t1; - s2 = t2; - s3 = t3; - rk += 4; + s0 = t0; + s1 = t1; + s2 = t2; + s3 = t3; + rk += 4; } /* - * apply last round and - * map cipher state to byte array block: - */ - if (rounds == Nr) { - t0 = - (Te4[(s0 >> 24) ] & 0xff000000) ^ - (Te4[(s1 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(s2 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(s3 ) & 0xff] & 0x000000ff) ^ - rk[0]; - t1 = - (Te4[(s1 >> 24) ] & 0xff000000) ^ - (Te4[(s2 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(s3 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(s0 ) & 0xff] & 0x000000ff) ^ - rk[1]; - t2 = - (Te4[(s2 >> 24) ] & 0xff000000) ^ - (Te4[(s3 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(s0 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(s1 ) & 0xff] & 0x000000ff) ^ - rk[2]; - t3 = - (Te4[(s3 >> 24) ] & 0xff000000) ^ - (Te4[(s0 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(s1 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(s2 ) & 0xff] & 0x000000ff) ^ - rk[3]; - - s0 = t0; - s1 = t1; - s2 = t2; - s3 = t3; - } + * apply last round and + * map cipher state to byte array block: + */ + if (rounds == Nr) { + t0 = + (Te4[(s0 >> 24)] & 0xff000000) ^ + (Te4[(s1 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(s2 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(s3) & 0xff] & 0x000000ff) ^ + rk[0]; + t1 = + (Te4[(s1 >> 24)] & 0xff000000) ^ + (Te4[(s2 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(s3 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(s0) & 0xff] & 0x000000ff) ^ + rk[1]; + t2 = + (Te4[(s2 >> 24)] & 0xff000000) ^ + (Te4[(s3 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(s0 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(s1) & 0xff] & 0x000000ff) ^ + rk[2]; + t3 = + (Te4[(s3 >> 24)] & 0xff000000) ^ + (Te4[(s0 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(s1 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(s2) & 0xff] & 0x000000ff) ^ + rk[3]; - PUTU32(block , s0); - PUTU32(block + 4, s1); - PUTU32(block + 8, s2); - PUTU32(block + 12, s3); + s0 = t0; + s1 = t1; + s2 = t2; + s3 = t3; + } + + PUTU32(block, s0); + PUTU32(block + 4, s1); + PUTU32(block + 8, s2); + PUTU32(block + 12, s3); } -void rijndaelDecryptRound(const u32 rk[/*4*(Nr + 1)*/], int Nr, u8 block[16], int rounds) { - int r; - u32 s0, s1, s2, s3, t0, t1, t2, t3; +void rijndaelDecryptRound(const u32 rk[/*4*(Nr + 1)*/], int Nr, u8 block[16], int rounds) +{ + int r; + u32 s0, s1, s2, s3, t0, t1, t2, t3; /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(block ) ^ rk[0]; - s1 = GETU32(block + 4) ^ rk[1]; - s2 = GETU32(block + 8) ^ rk[2]; - s3 = GETU32(block + 12) ^ rk[3]; + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(block) ^ rk[0]; + s1 = GETU32(block + 4) ^ rk[1]; + s2 = GETU32(block + 8) ^ rk[2]; + s3 = GETU32(block + 12) ^ rk[3]; rk += 4; /* - * Nr - 1 full rounds: - */ - for (r = (rounds < Nr ? rounds : Nr) - 1; r > 0; r--) { - t0 = - Td0[(s0 >> 24) ] ^ - Td1[(s3 >> 16) & 0xff] ^ - Td2[(s2 >> 8) & 0xff] ^ - Td3[(s1 ) & 0xff] ^ - rk[0]; - t1 = - Td0[(s1 >> 24) ] ^ - Td1[(s0 >> 16) & 0xff] ^ - Td2[(s3 >> 8) & 0xff] ^ - Td3[(s2 ) & 0xff] ^ - rk[1]; - t2 = - Td0[(s2 >> 24) ] ^ - Td1[(s1 >> 16) & 0xff] ^ - Td2[(s0 >> 8) & 0xff] ^ - Td3[(s3 ) & 0xff] ^ - rk[2]; - t3 = - Td0[(s3 >> 24) ] ^ - Td1[(s2 >> 16) & 0xff] ^ - Td2[(s1 >> 8) & 0xff] ^ - Td3[(s0 ) & 0xff] ^ - rk[3]; + * Nr - 1 full rounds: + */ + for (r = (rounds < Nr ? rounds : Nr) - 1; r > 0; r--) { + t0 = + Td0[(s0 >> 24)] ^ + Td1[(s3 >> 16) & 0xff] ^ + Td2[(s2 >> 8) & 0xff] ^ + Td3[(s1) & 0xff] ^ + rk[0]; + t1 = + Td0[(s1 >> 24)] ^ + Td1[(s0 >> 16) & 0xff] ^ + Td2[(s3 >> 8) & 0xff] ^ + Td3[(s2) & 0xff] ^ + rk[1]; + t2 = + Td0[(s2 >> 24)] ^ + Td1[(s1 >> 16) & 0xff] ^ + Td2[(s0 >> 8) & 0xff] ^ + Td3[(s3) & 0xff] ^ + rk[2]; + t3 = + Td0[(s3 >> 24)] ^ + Td1[(s2 >> 16) & 0xff] ^ + Td2[(s1 >> 8) & 0xff] ^ + Td3[(s0) & 0xff] ^ + rk[3]; - s0 = t0; - s1 = t1; - s2 = t2; - s3 = t3; - rk += 4; + s0 = t0; + s1 = t1; + s2 = t2; + s3 = t3; + rk += 4; } /* - * complete the last round and - * map cipher state to byte array block: - */ - t0 = - (Td4[(s0 >> 24) ] & 0xff000000) ^ - (Td4[(s3 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(s2 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(s1 ) & 0xff] & 0x000000ff); - t1 = - (Td4[(s1 >> 24) ] & 0xff000000) ^ - (Td4[(s0 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(s3 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(s2 ) & 0xff] & 0x000000ff); - t2 = - (Td4[(s2 >> 24) ] & 0xff000000) ^ - (Td4[(s1 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(s0 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(s3 ) & 0xff] & 0x000000ff); - t3 = - (Td4[(s3 >> 24) ] & 0xff000000) ^ - (Td4[(s2 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(s1 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(s0 ) & 0xff] & 0x000000ff); + * complete the last round and + * map cipher state to byte array block: + */ + t0 = + (Td4[(s0 >> 24)] & 0xff000000) ^ + (Td4[(s3 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(s2 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(s1) & 0xff] & 0x000000ff); + t1 = + (Td4[(s1 >> 24)] & 0xff000000) ^ + (Td4[(s0 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(s3 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(s2) & 0xff] & 0x000000ff); + t2 = + (Td4[(s2 >> 24)] & 0xff000000) ^ + (Td4[(s1 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(s0 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(s3) & 0xff] & 0x000000ff); + t3 = + (Td4[(s3 >> 24)] & 0xff000000) ^ + (Td4[(s2 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(s1 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(s0) & 0xff] & 0x000000ff); - if (rounds == Nr) { - t0 ^= rk[0]; - t1 ^= rk[1]; - t2 ^= rk[2]; - t3 ^= rk[3]; - } + if (rounds == Nr) { + t0 ^= rk[0]; + t1 ^= rk[1]; + t2 ^= rk[2]; + t3 ^= rk[3]; + } - PUTU32(block , t0); - PUTU32(block + 4, t1); - PUTU32(block + 8, t2); - PUTU32(block + 12, t3); + PUTU32(block, t0); + PUTU32(block + 4, t1); + PUTU32(block + 8, t2); + PUTU32(block + 12, t3); } #endif /* INTERMEDIATE_VALUE_KAT */ diff --git a/crypto/rijndael-api-fst.c b/crypto/rijndael-api-fst.c index d108a442c..60a805a10 100644 --- a/crypto/rijndael-api-fst.c +++ b/crypto/rijndael-api-fst.c @@ -34,16 +34,16 @@ * Markus Friedl * John Skodon */ -/* @doc CRYPTO + /* @doc CRYPTO - None of the functinality has been changed, but some names and definitions - have been tweaked for compatibility with the local environment. + None of the functinality has been changed, but some names and definitions + have been tweaked for compatibility with the local environment. -*/ + */ #include -//#include "helpers.h" -//#include "appreg.h" -//#include "resource.h" + //#include "helpers.h" + //#include "appreg.h" + //#include "resource.h" #include #include "crypto.h" #include "sha-256.h" @@ -56,9 +56,9 @@ Overview: */ void AES_keygen(char *passphrase, //* @parm the ascii passphrase - BYTE key[32]) //* @parm the result key + BYTE key[32]) //* @parm the result key { - Sha256String(passphrase,key); + Sha256String(passphrase, key); } /* @func prepare an AES key for use. TheKey is a string of hex digits, @@ -68,75 +68,78 @@ void AES_keygen(char *passphrase, //* @parm the ascii passphrase Overview: */ int AES_setup - (AES_keyInstance *key, // @parm the to be initialized - AES_MODES direction, // @parm either or - int keyLen, // @parm the length of the key in bits (better be 256) - char *TheKey) // @parm the key itself, a hex string +(AES_keyInstance *key, // @parm the to be initialized + AES_MODES direction, // @parm either or + int keyLen, // @parm the length of the key in bits (better be 256) + char *TheKey) // @parm the key itself, a hex string { - int i; - char *keyMat; - u8 cipherKey[MAXKB]; + int i; + char *keyMat; + u8 cipherKey[MAXKB]; - if (TheKey != NULL) { - //strncpy(key->TheKey, TheKey, keyLen/4); - memcpy_s(key->TheKey, AES_MAX_KEY_SIZE, TheKey, keyLen / 4); - } + if (TheKey != NULL) { + //strncpy(key->TheKey, TheKey, keyLen/4); + memcpy_s(key->TheKey, AES_MAX_KEY_SIZE, TheKey, keyLen / 4); + } - /* initialize key schedule: */ - keyMat = key->TheKey; - for (i = 0; i < keyLen/8; i++) { - int t, v; + /* initialize key schedule: */ + keyMat = key->TheKey; + for (i = 0; i < keyLen / 8; i++) { + int t, v; - t = *keyMat++; - if ((t >= '0') && (t <= '9')) v = (t - '0') << 4; - else if ((t >= 'a') && (t <= 'f')) v = (t - 'a' + 10) << 4; - else if ((t >= 'A') && (t <= 'F')) v = (t - 'A' + 10) << 4; - else return BAD_KEY_MAT; + t = *keyMat++; + if ((t >= '0') && (t <= '9')) v = (t - '0') << 4; + else if ((t >= 'a') && (t <= 'f')) v = (t - 'a' + 10) << 4; + else if ((t >= 'A') && (t <= 'F')) v = (t - 'A' + 10) << 4; + else return BAD_KEY_MAT; - t = *keyMat++; - if ((t >= '0') && (t <= '9')) v ^= (t - '0'); - else if ((t >= 'a') && (t <= 'f')) v ^= (t - 'a' + 10); - else if ((t >= 'A') && (t <= 'F')) v ^= (t - 'A' + 10); - else return BAD_KEY_MAT; + t = *keyMat++; + if ((t >= '0') && (t <= '9')) v ^= (t - '0'); + else if ((t >= 'a') && (t <= 'f')) v ^= (t - 'a' + 10); + else if ((t >= 'A') && (t <= 'F')) v ^= (t - 'A' + 10); + else return BAD_KEY_MAT; - cipherKey[i] = (u8)v; - } - return(AES_bin_setup(key,direction,keyLen,cipherKey)); + cipherKey[i] = (u8)v; + } + return(AES_bin_setup(key, direction, keyLen, cipherKey)); } /* @func - lower level version of where the key is already + lower level version of where the key is already converted to binary. */ -int AES_bin_setup - (AES_keyInstance *key, // @parm the to be initialized - AES_MODES direction, // @parm either or - int keyLen, // @parm the length of the key in bits (better be 256) - BYTE *cipherKey) // @parm the key itself, keyLen/8 bytes +int AES_bin_setup +(AES_keyInstance *key, // @parm the to be initialized + AES_MODES direction, // @parm either or + int keyLen, // @parm the length of the key in bits (better be 256) + BYTE *cipherKey) // @parm the key itself, keyLen/8 bytes { - if (key == NULL) { - return BAD_KEY_INSTANCE; - } + if (key == NULL) { + return BAD_KEY_INSTANCE; + } - if ((direction == AES_DIR_ENCRYPT) || (direction == AES_DIR_DECRYPT)) { - key->direction = direction; - } else { - return BAD_KEY_DIR; - } + if ((direction == AES_DIR_ENCRYPT) || (direction == AES_DIR_DECRYPT)) { + key->direction = direction; + } + else { + return BAD_KEY_DIR; + } - if ((keyLen == 128) || (keyLen == 192) || (keyLen == 256)) { - key->keyLen = keyLen; - } else { - return BAD_KEY_MAT; - } + if ((keyLen == 128) || (keyLen == 192) || (keyLen == 256)) { + key->keyLen = keyLen; + } + else { + return BAD_KEY_MAT; + } - if (direction == AES_DIR_ENCRYPT) { - key->Nr = rijndaelKeySetupEnc(key->rk, cipherKey, keyLen); - } else { - key->Nr = rijndaelKeySetupDec(key->rk, cipherKey, keyLen); - } - rijndaelKeySetupEnc(key->ek, cipherKey, keyLen); - return TRUE; + if (direction == AES_DIR_ENCRYPT) { + key->Nr = rijndaelKeySetupEnc(key->rk, cipherKey, keyLen); + } + else { + key->Nr = rijndaelKeySetupDec(key->rk, cipherKey, keyLen); + } + rijndaelKeySetupEnc(key->ek, cipherKey, keyLen); + return TRUE; } /* @func @@ -146,22 +149,23 @@ int AES_bin_setup Overview: */ int AES_bin_cipherInit - (AES_cipherInstance *cipher, //@parm the to be set up - AES_MODES mode, //@parm the to use, is recommended - BYTE *IV) //@parm the IV, any 16 bytes +(AES_cipherInstance *cipher, //@parm the to be set up + AES_MODES mode, //@parm the to use, is recommended + BYTE *IV) //@parm the IV, any 16 bytes { - if ((mode == AES_MODE_ECB) || (mode == AES_MODE_CBC) || (mode == AES_MODE_CFB1)) { - cipher->mode = mode; - } else { - return BAD_CIPHER_MODE; - } - if(IV!=NULL) - { - memcpy(cipher->IV,IV,AES_MAX_IV_SIZE); - } else { - memset(cipher->IV, 0, AES_MAX_IV_SIZE); - } - return TRUE; + if ((mode == AES_MODE_ECB) || (mode == AES_MODE_CBC) || (mode == AES_MODE_CFB1)) { + cipher->mode = mode; + } + else { + return BAD_CIPHER_MODE; + } + if (IV != NULL) { + memcpy(cipher->IV, IV, AES_MAX_IV_SIZE); + } + else { + memset(cipher->IV, 0, AES_MAX_IV_SIZE); + } + return TRUE; } /* @func @@ -171,38 +175,40 @@ int AES_bin_cipherInit Overview: */ int AES_cipherInit - (AES_cipherInstance *cipher, //@parm the to be set up - AES_MODES mode, //@parm the to use, is recommended - char *IV) //@parm the IV, ascii hex to define 16 bytes +(AES_cipherInstance *cipher, //@parm the to be set up + AES_MODES mode, //@parm the to use, is recommended + char *IV) //@parm the IV, ascii hex to define 16 bytes { - if ((mode == AES_MODE_ECB) || (mode == AES_MODE_CBC) || (mode == AES_MODE_CFB1)) { - cipher->mode = mode; - } else { - return BAD_CIPHER_MODE; - } - if (IV != NULL) { - int i; - for (i = 0; i < AES_MAX_IV_SIZE; i++) { - int t, j; - - t = IV[2*i]; - if ((t >= '0') && (t <= '9')) j = (t - '0') << 4; - else if ((t >= 'a') && (t <= 'f')) j = (t - 'a' + 10) << 4; - else if ((t >= 'A') && (t <= 'F')) j = (t - 'A' + 10) << 4; - else return BAD_CIPHER_INSTANCE; - - t = IV[2*i+1]; - if ((t >= '0') && (t <= '9')) j ^= (t - '0'); - else if ((t >= 'a') && (t <= 'f')) j ^= (t - 'a' + 10); - else if ((t >= 'A') && (t <= 'F')) j ^= (t - 'A' + 10); - else return BAD_CIPHER_INSTANCE; - - cipher->IV[i] = (u8)j; + if ((mode == AES_MODE_ECB) || (mode == AES_MODE_CBC) || (mode == AES_MODE_CFB1)) { + cipher->mode = mode; } - } else { - memset(cipher->IV, 0, AES_MAX_IV_SIZE); - } - return TRUE; + else { + return BAD_CIPHER_MODE; + } + if (IV != NULL) { + int i; + for (i = 0; i < AES_MAX_IV_SIZE; i++) { + int t, j; + + t = IV[2 * i]; + if ((t >= '0') && (t <= '9')) j = (t - '0') << 4; + else if ((t >= 'a') && (t <= 'f')) j = (t - 'a' + 10) << 4; + else if ((t >= 'A') && (t <= 'F')) j = (t - 'A' + 10) << 4; + else return BAD_CIPHER_INSTANCE; + + t = IV[2 * i + 1]; + if ((t >= '0') && (t <= '9')) j ^= (t - '0'); + else if ((t >= 'a') && (t <= 'f')) j ^= (t - 'a' + 10); + else if ((t >= 'A') && (t <= 'F')) j ^= (t - 'A' + 10); + else return BAD_CIPHER_INSTANCE; + + cipher->IV[i] = (u8)j; + } + } + else { + memset(cipher->IV, 0, AES_MAX_IV_SIZE); + } + return TRUE; } /* @func Encrypt a block of data, using the provided key and cipher. The block @@ -214,61 +220,61 @@ int AES_cipherInit @rdesc number of bytes encrypted */ int AES_blockEncrypt - (AES_cipherInstance *cipher, //@parm the current - AES_keyInstance *key, //@parm the current - BYTE *input, // @parm the input data - int inputLen, // @parm the size of the input data - BYTE *outBuffer) //@parm a buffer to receive the encrypted data +(AES_cipherInstance *cipher, //@parm the current + AES_keyInstance *key, //@parm the current + BYTE *input, // @parm the input data + int inputLen, // @parm the size of the input data + BYTE *outBuffer) //@parm a buffer to receive the encrypted data { - int i, k, t, numBlocks; - u8 block[16], *iv; + int i, k, t, numBlocks; + u8 block[16], *iv; - if (cipher == NULL || - key == NULL || - key->direction == AES_DIR_DECRYPT) { - return BAD_CIPHER_STATE; - } - if (input == NULL || inputLen <= 0) { - return 0; /* nothing to do */ - } - - numBlocks = inputLen/16; - - switch (cipher->mode) { - case AES_MODE_ECB: - for (i = numBlocks; i > 0; i--) { - rijndaelEncrypt(key->rk, key->Nr, input, outBuffer); - input += 16; - outBuffer += 16; + if (cipher == NULL || + key == NULL || + key->direction == AES_DIR_DECRYPT) { + return BAD_CIPHER_STATE; } - break; - - case AES_MODE_CBC: - iv = cipher->IV; - for (i = numBlocks; i > 0; i--) { - ((u32*)block)[0] = ((u32*)input)[0] ^ ((u32*)iv)[0]; - ((u32*)block)[1] = ((u32*)input)[1] ^ ((u32*)iv)[1]; - ((u32*)block)[2] = ((u32*)input)[2] ^ ((u32*)iv)[2]; - ((u32*)block)[3] = ((u32*)input)[3] ^ ((u32*)iv)[3]; - rijndaelEncrypt(key->rk, key->Nr, block, outBuffer); - iv = outBuffer; - input += 16; - outBuffer += 16; + if (input == NULL || inputLen <= 0) { + return 0; /* nothing to do */ } - // copy the iv for proper chaining to the next block - if (numBlocks > 0) - memcpy(cipher->IV,outBuffer-AES_MAX_IV_SIZE,AES_MAX_IV_SIZE); - break; + + numBlocks = inputLen / 16; + + switch (cipher->mode) { + case AES_MODE_ECB: + for (i = numBlocks; i > 0; i--) { + rijndaelEncrypt(key->rk, key->Nr, input, outBuffer); + input += 16; + outBuffer += 16; + } + break; + + case AES_MODE_CBC: + iv = cipher->IV; + for (i = numBlocks; i > 0; i--) { + ((u32*)block)[0] = ((u32*)input)[0] ^ ((u32*)iv)[0]; + ((u32*)block)[1] = ((u32*)input)[1] ^ ((u32*)iv)[1]; + ((u32*)block)[2] = ((u32*)input)[2] ^ ((u32*)iv)[2]; + ((u32*)block)[3] = ((u32*)input)[3] ^ ((u32*)iv)[3]; + rijndaelEncrypt(key->rk, key->Nr, block, outBuffer); + iv = outBuffer; + input += 16; + outBuffer += 16; + } + // copy the iv for proper chaining to the next block + if (numBlocks > 0) + memcpy(cipher->IV, outBuffer - AES_MAX_IV_SIZE, AES_MAX_IV_SIZE); + break; case AES_MODE_CFB1: - iv = cipher->IV; + iv = cipher->IV; for (i = numBlocks; i > 0; i--) { - memcpy(outBuffer, input, 16); + memcpy(outBuffer, input, 16); for (k = 0; k < 128; k++) { - rijndaelEncrypt(key->ek, key->Nr, iv, block); + rijndaelEncrypt(key->ek, key->Nr, iv, block); outBuffer[k >> 3] ^= (block[0] & 0x80U) >> (k & 7); for (t = 0; t < 15; t++) { - iv[t] = (iv[t] << 1) | (iv[t + 1] >> 7); + iv[t] = (iv[t] << 1) | (iv[t + 1] >> 7); } iv[15] = (iv[15] << 1) | ((outBuffer[k >> 3] >> (7 - (k & 7))) & 1); } @@ -277,11 +283,11 @@ int AES_blockEncrypt } break; - default: - return BAD_CIPHER_STATE; - } + default: + return BAD_CIPHER_STATE; + } - return 16*numBlocks; + return 16 * numBlocks; } /* @func @@ -290,7 +296,7 @@ int AES_blockEncrypt multiple blocks, all but the last should be multiples of 16 in size and be encrypted using . This last block will be padded to fill out the block, or if the original was already a multiple of 16, a - full 16 bytes of padding will be added. Conventional use is to always + full 16 bytes of padding will be added. Conventional use is to always provide at least one pad byte. If the original file was a multiple of 16, supply a block of 16 pad bytes so the decrypted data can be exactly the size of the encrypted data. In CBC mode, the cipher IV is updated to be ready @@ -299,74 +305,74 @@ int AES_blockEncrypt @rdesc length in octets (not bits) of the encrypted output buffer. */ int AES_padEncrypt - (AES_cipherInstance *cipher, //@parm the current - AES_keyInstance *key, //@parm the current - BYTE *input, // @parm the input data - int inputOctets, // @parm the size of the input data - BYTE *outBuffer) //@parm a buffer to receive the encrypted data +(AES_cipherInstance *cipher, //@parm the current + AES_keyInstance *key, //@parm the current + BYTE *input, // @parm the input data + int inputOctets, // @parm the size of the input data + BYTE *outBuffer) //@parm a buffer to receive the encrypted data { - int i, numBlocks, padLen; - u8 block[16], *iv; + int i, numBlocks, padLen; + u8 block[16], *iv; - if (cipher == NULL || - key == NULL || - key->direction == AES_DIR_DECRYPT) { - return BAD_CIPHER_STATE; - } - if (input == NULL || inputOctets < 0) { - return 0; /* nothing to do */ - } - - numBlocks = inputOctets/16; - - switch (cipher->mode) { - case AES_MODE_ECB: - for (i = numBlocks; i > 0; i--) { - rijndaelEncrypt(key->rk, key->Nr, input, outBuffer); - input += 16; - outBuffer += 16; + if (cipher == NULL || + key == NULL || + key->direction == AES_DIR_DECRYPT) { + return BAD_CIPHER_STATE; } - padLen = 16 - (inputOctets - 16*numBlocks); - if((padLen <= 0) || (padLen > 16)) - { BUG1("Padding must be 1-16, is %d",padLen); - } - memcpy(block, input, 16 - padLen); - memset(block + 16 - padLen, padLen, padLen); - rijndaelEncrypt(key->rk, key->Nr, block, outBuffer); - break; - - case AES_MODE_CBC: - iv = cipher->IV; - for (i = numBlocks; i > 0; i--) { - ((u32*)block)[0] = ((u32*)input)[0] ^ ((u32*)iv)[0]; - ((u32*)block)[1] = ((u32*)input)[1] ^ ((u32*)iv)[1]; - ((u32*)block)[2] = ((u32*)input)[2] ^ ((u32*)iv)[2]; - ((u32*)block)[3] = ((u32*)input)[3] ^ ((u32*)iv)[3]; - rijndaelEncrypt(key->rk, key->Nr, block, outBuffer); - iv = outBuffer; - input += 16; - outBuffer += 16; + if (input == NULL || inputOctets < 0) { + return 0; /* nothing to do */ } - padLen = 16 - (inputOctets - 16*numBlocks); - if((padLen <= 0) || (padLen > 16)) - { BUG1("Padding must be 1-16, is %d",padLen); - } - for (i = 0; i < 16 - padLen; i++) { - block[i] = input[i] ^ iv[i]; - } - for (i = 16 - padLen; i < 16; i++) { - block[i] = (BYTE)padLen ^ iv[i]; - } - rijndaelEncrypt(key->rk, key->Nr, block, outBuffer); - // set for chaining to the next block, even though there will normally not be one - memcpy(cipher->IV,outBuffer,AES_MAX_IV_SIZE); - break; - default: - return BAD_CIPHER_STATE; - } + numBlocks = inputOctets / 16; - return 16*(numBlocks + 1); + switch (cipher->mode) { + case AES_MODE_ECB: + for (i = numBlocks; i > 0; i--) { + rijndaelEncrypt(key->rk, key->Nr, input, outBuffer); + input += 16; + outBuffer += 16; + } + padLen = 16 - (inputOctets - 16 * numBlocks); + if ((padLen <= 0) || (padLen > 16)) { + BUG1("Padding must be 1-16, is %d", padLen); + } + memcpy(block, input, 16 - padLen); + memset(block + 16 - padLen, padLen, padLen); + rijndaelEncrypt(key->rk, key->Nr, block, outBuffer); + break; + + case AES_MODE_CBC: + iv = cipher->IV; + for (i = numBlocks; i > 0; i--) { + ((u32*)block)[0] = ((u32*)input)[0] ^ ((u32*)iv)[0]; + ((u32*)block)[1] = ((u32*)input)[1] ^ ((u32*)iv)[1]; + ((u32*)block)[2] = ((u32*)input)[2] ^ ((u32*)iv)[2]; + ((u32*)block)[3] = ((u32*)input)[3] ^ ((u32*)iv)[3]; + rijndaelEncrypt(key->rk, key->Nr, block, outBuffer); + iv = outBuffer; + input += 16; + outBuffer += 16; + } + padLen = 16 - (inputOctets - 16 * numBlocks); + if ((padLen <= 0) || (padLen > 16)) { + BUG1("Padding must be 1-16, is %d", padLen); + } + for (i = 0; i < 16 - padLen; i++) { + block[i] = input[i] ^ iv[i]; + } + for (i = 16 - padLen; (0 <= i) && (i < 16); i++) { + block[i] = (BYTE)padLen ^ iv[i]; + } + rijndaelEncrypt(key->rk, key->Nr, block, outBuffer); + // set for chaining to the next block, even though there will normally not be one + memcpy(cipher->IV, outBuffer, AES_MAX_IV_SIZE); + break; + + default: + return BAD_CIPHER_STATE; + } + + return 16 * (numBlocks + 1); } /* @func Decrypt a block of data using the supplied key and cipher. The block @@ -377,59 +383,59 @@ next block. @rdesc the number of bytes decrypted */ int AES_blockDecrypt - (AES_cipherInstance *cipher, //@parm the current - AES_keyInstance *key, //@parm the current - BYTE *input, //@parm the input encrypted data - int inputLen, //@parm the size of the input - BYTE *outBuffer) //@parm a buffer to receive the decrypted buffer -{ int lim=32; - int i, k, t, numBlocks; - u8 block[16], *iv; +(AES_cipherInstance *cipher, //@parm the current + AES_keyInstance *key, //@parm the current + BYTE *input, //@parm the input encrypted data + int inputLen, //@parm the size of the input + BYTE *outBuffer) //@parm a buffer to receive the decrypted buffer +{ + //int lim = 32; + int i, k, t, numBlocks; + u8 block[16], *iv; - if (cipher == NULL || - key == NULL || - cipher->mode != AES_MODE_CFB1 && key->direction == AES_DIR_ENCRYPT) { - return BAD_CIPHER_STATE; - } - if (input == NULL || inputLen <= 0) { - return 0; /* nothing to do */ - } - - numBlocks = inputLen/16; - - switch (cipher->mode) { - case AES_MODE_ECB: - for (i = numBlocks; i > 0; i--) { - rijndaelDecrypt(key->rk, key->Nr, input, outBuffer); - input += 16; - outBuffer += 16; + if (cipher == NULL || + key == NULL || + cipher->mode != AES_MODE_CFB1 && key->direction == AES_DIR_ENCRYPT) { + return BAD_CIPHER_STATE; } - break; - - case AES_MODE_CBC: - iv = cipher->IV; - for (i = numBlocks; i > 0; i--) - { - rijndaelDecrypt(key->rk, key->Nr, input, block); - ((u32*)block)[0] ^= ((u32*)iv)[0]; - ((u32*)block)[1] ^= ((u32*)iv)[1]; - ((u32*)block)[2] ^= ((u32*)iv)[2]; - ((u32*)block)[3] ^= ((u32*)iv)[3]; - memcpy(cipher->IV, input, 16); - memcpy(outBuffer, block, 16); - input += 16; - outBuffer += 16; + if (input == NULL || inputLen <= 0) { + return 0; /* nothing to do */ } - break; + + numBlocks = inputLen / 16; + + switch (cipher->mode) { + case AES_MODE_ECB: + for (i = numBlocks; i > 0; i--) { + rijndaelDecrypt(key->rk, key->Nr, input, outBuffer); + input += 16; + outBuffer += 16; + } + break; + + case AES_MODE_CBC: + iv = cipher->IV; + for (i = numBlocks; i > 0; i--) { + rijndaelDecrypt(key->rk, key->Nr, input, block); + ((u32*)block)[0] ^= ((u32*)iv)[0]; + ((u32*)block)[1] ^= ((u32*)iv)[1]; + ((u32*)block)[2] ^= ((u32*)iv)[2]; + ((u32*)block)[3] ^= ((u32*)iv)[3]; + memcpy(cipher->IV, input, 16); + memcpy(outBuffer, block, 16); + input += 16; + outBuffer += 16; + } + break; case AES_MODE_CFB1: - iv = cipher->IV; + iv = cipher->IV; for (i = numBlocks; i > 0; i--) { - memcpy(outBuffer, input, 16); + memcpy(outBuffer, input, 16); for (k = 0; k < 128; k++) { - rijndaelEncrypt(key->ek, key->Nr, iv, block); + rijndaelEncrypt(key->ek, key->Nr, iv, block); for (t = 0; t < 15; t++) { - iv[t] = (iv[t] << 1) | (iv[t + 1] >> 7); + iv[t] = (iv[t] << 1) | (iv[t + 1] >> 7); } iv[15] = (iv[15] << 1) | ((input[k >> 3] >> (7 - (k & 7))) & 1); outBuffer[k >> 3] ^= (block[0] & 0x80U) >> (k & 7); @@ -439,15 +445,15 @@ int AES_blockDecrypt } break; - default: - return BAD_CIPHER_STATE; - } + default: + return BAD_CIPHER_STATE; + } - return 16*numBlocks; + return 16 * numBlocks; } /* @func Decrypt a block of data using the supplied key and cipher. The block -must be a multiple of 16 bytes, and should be padded in the manner of +must be a multiple of 16 bytes, and should be padded in the manner of the trailing bytes mod 16 are ignored. In CBC mode, the IV is updated to be ready to decrypt the next block, even thought there normally will not be any more blocks. @@ -456,88 +462,88 @@ thought there normally will not be any more blocks. */ int AES_padDecrypt - (AES_cipherInstance *cipher, //@parm the current - AES_keyInstance *key, //@parm the current - BYTE *input, //@parm the input encrypted data - int inputOctets, //@parm the size of the input - BYTE *outBuffer) //@parm a buffer to receive the decrypted buffer +(AES_cipherInstance *cipher, //@parm the current + AES_keyInstance *key, //@parm the current + BYTE *input, //@parm the input encrypted data + int inputOctets, //@parm the size of the input + BYTE *outBuffer) //@parm a buffer to receive the decrypted buffer { - int i, numBlocks, padLen; - u8 block[16]; + int i, numBlocks, padLen; + u8 block[16]; - if (cipher == NULL || - key == NULL || - key->direction == AES_DIR_ENCRYPT) { - return BAD_CIPHER_STATE; - } - if (input == NULL || inputOctets <= 0) { - return 0; /* nothing to do */ - } - if (inputOctets % 16 != 0) { - return BAD_DATA; - } - - numBlocks = inputOctets/16; - - switch (cipher->mode) { - case AES_MODE_ECB: - /* all blocks but last */ - for (i = numBlocks - 1; i > 0; i--) { - rijndaelDecrypt(key->rk, key->Nr, input, outBuffer); - input += 16; - outBuffer += 16; + if (cipher == NULL || + key == NULL || + key->direction == AES_DIR_ENCRYPT) { + return BAD_CIPHER_STATE; } - /* last block */ - rijndaelDecrypt(key->rk, key->Nr, input, block); - padLen = block[15]; - if (padLen >= 16) { - return BAD_DATA; + if (input == NULL || inputOctets <= 0) { + return 0; /* nothing to do */ } - for (i = 16 - padLen; i < 16; i++) { - if (block[i] != padLen) { + if (inputOctets % 16 != 0) { return BAD_DATA; - } } - memcpy(outBuffer, block, 16 - padLen); - break; - case AES_MODE_CBC: - /* all blocks but last */ - for (i = numBlocks - 1; i > 0; i--) { - rijndaelDecrypt(key->rk, key->Nr, input, block); - ((u32*)block)[0] ^= ((u32*)cipher->IV)[0]; - ((u32*)block)[1] ^= ((u32*)cipher->IV)[1]; - ((u32*)block)[2] ^= ((u32*)cipher->IV)[2]; - ((u32*)block)[3] ^= ((u32*)cipher->IV)[3]; - memcpy(cipher->IV, input, 16); - memcpy(outBuffer, block, 16); - input += 16; - outBuffer += 16; - } - /* last block */ - rijndaelDecrypt(key->rk, key->Nr, input, block); - ((u32*)block)[0] ^= ((u32*)cipher->IV)[0]; - ((u32*)block)[1] ^= ((u32*)cipher->IV)[1]; - ((u32*)block)[2] ^= ((u32*)cipher->IV)[2]; - ((u32*)block)[3] ^= ((u32*)cipher->IV)[3]; - memcpy(cipher->IV, input, 16); - padLen = block[15]; - if (padLen <= 0 || padLen > 16) { - return BAD_DATA; - } - for (i = 16 - padLen; i < 16; i++) { - if (block[i] != padLen) { - return BAD_DATA; - } - } - memcpy(outBuffer, block, 16 - padLen); - break; + numBlocks = inputOctets / 16; - default: - return BAD_CIPHER_STATE; - } + switch (cipher->mode) { + case AES_MODE_ECB: + /* all blocks but last */ + for (i = numBlocks - 1; i > 0; i--) { + rijndaelDecrypt(key->rk, key->Nr, input, outBuffer); + input += 16; + outBuffer += 16; + } + /* last block */ + rijndaelDecrypt(key->rk, key->Nr, input, block); + padLen = block[15]; + if (padLen >= 16) { + return BAD_DATA; + } + for (i = 16 - padLen; i < 16; i++) { + if (block[i] != padLen) { + return BAD_DATA; + } + } + memcpy(outBuffer, block, 16 - padLen); + break; - return 16*numBlocks - padLen; + case AES_MODE_CBC: + /* all blocks but last */ + for (i = numBlocks - 1; i > 0; i--) { + rijndaelDecrypt(key->rk, key->Nr, input, block); + ((u32*)block)[0] ^= ((u32*)cipher->IV)[0]; + ((u32*)block)[1] ^= ((u32*)cipher->IV)[1]; + ((u32*)block)[2] ^= ((u32*)cipher->IV)[2]; + ((u32*)block)[3] ^= ((u32*)cipher->IV)[3]; + memcpy(cipher->IV, input, 16); + memcpy(outBuffer, block, 16); + input += 16; + outBuffer += 16; + } + /* last block */ + rijndaelDecrypt(key->rk, key->Nr, input, block); + ((u32*)block)[0] ^= ((u32*)cipher->IV)[0]; + ((u32*)block)[1] ^= ((u32*)cipher->IV)[1]; + ((u32*)block)[2] ^= ((u32*)cipher->IV)[2]; + ((u32*)block)[3] ^= ((u32*)cipher->IV)[3]; + memcpy(cipher->IV, input, 16); + padLen = block[15]; + if (padLen <= 0 || padLen > 16) { + return BAD_DATA; + } + for (i = 16 - padLen; i < 16; i++) { + if (block[i] != padLen) { + return BAD_DATA; + } + } + memcpy(outBuffer, block, 16 - padLen); + break; + + default: + return BAD_CIPHER_STATE; + } + + return 16 * numBlocks - padLen; } #ifdef INTERMEDIATE_VALUE_KAT @@ -552,30 +558,31 @@ int AES_padDecrypt * BAD_CIPHER_STATE - cipher in bad state (e.g., not initialized) */ int cipherUpdateRounds(AES_cipherInstance *cipher, AES_keyInstance *key, - BYTE *input, int inputLen, BYTE *outBuffer, int rounds) { - u8 block[16]; + BYTE *input, int inputLen, BYTE *outBuffer, int rounds) +{ + u8 block[16]; - if (cipher == NULL || key == NULL) { - return BAD_CIPHER_STATE; - } + if (cipher == NULL || key == NULL) { + return BAD_CIPHER_STATE; + } - memcpy(block, input, 16); + memcpy(block, input, 16); - switch (key->direction) { - case AES_DIR_ENCRYPT: - rijndaelEncryptRound(key->rk, key->Nr, block, rounds); - break; + switch (key->direction) { + case AES_DIR_ENCRYPT: + rijndaelEncryptRound(key->rk, key->Nr, block, rounds); + break; - case AES_DIR_DECRYPT: - rijndaelDecryptRound(key->rk, key->Nr, block, rounds); - break; + case AES_DIR_DECRYPT: + rijndaelDecryptRound(key->rk, key->Nr, block, rounds); + break; - default: - return BAD_KEY_DIR; - } + default: + return BAD_KEY_DIR; + } - memcpy(outBuffer, block, 16); + memcpy(outBuffer, block, 16); - return TRUE; + return TRUE; } #endif /* INTERMEDIATE_VALUE_KAT */ diff --git a/crypto/sha-256.c b/crypto/sha-256.c index 154a7810b..96f462b48 100644 --- a/crypto/sha-256.c +++ b/crypto/sha-256.c @@ -18,30 +18,31 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -/* @doc CRYPTO -*/ + /* @doc CRYPTO + */ #include #include "sha-256.h" -/* @func -Convert a string of arbitrary bytes to hex with a trailing null. -Overview: - */ + /* @func + Convert a string of arbitrary bytes to hex with a trailing null. + Overview: + */ #include void Hexify - (const unsigned char *src, // @parm the source byte string - long len, // @parm the length of the source - char *dest, // @parm the destination ascii-hex - long destlen) // @parm the available length of the destination -{ long n=0,sn=0; - static char HexDigits [] = "0123456789abcdef"; - while(sn> 4]; } - if(n> 4]; } + if (n < destlen) { dest[n++] = HexDigits[ch & 0x0f]; } + } + if (n < destlen) { dest[n++] = (unsigned char)0; } + else { perror("Hexify: dest buffer too small"); } } #define GET_UINT32(n,b,i) \ @@ -60,11 +61,11 @@ void Hexify (b)[(i) + 3] = (uint8) ( (n) ); \ } /* @func -initialize a sha256 structure +initialize a sha256 structure Overview: */ void sha256_starts - ( sha256_context *ctx ) /* @parm the */ +(sha256_context *ctx) /* @parm the */ { ctx->total[0] = 0; ctx->total[1] = 0; @@ -79,27 +80,27 @@ void sha256_starts ctx->state[7] = 0x5BE0CD19; } -void sha256_process( sha256_context *ctx, uint8 data[64] ) +void sha256_process(sha256_context *ctx, const uint8 data[64]) { uint32 temp1, temp2, W[64]; uint32 A, B, C, D, E, F, G, H; - GET_UINT32( W[0], data, 0 ); - GET_UINT32( W[1], data, 4 ); - GET_UINT32( W[2], data, 8 ); - GET_UINT32( W[3], data, 12 ); - GET_UINT32( W[4], data, 16 ); - GET_UINT32( W[5], data, 20 ); - GET_UINT32( W[6], data, 24 ); - GET_UINT32( W[7], data, 28 ); - GET_UINT32( W[8], data, 32 ); - GET_UINT32( W[9], data, 36 ); - GET_UINT32( W[10], data, 40 ); - GET_UINT32( W[11], data, 44 ); - GET_UINT32( W[12], data, 48 ); - GET_UINT32( W[13], data, 52 ); - GET_UINT32( W[14], data, 56 ); - GET_UINT32( W[15], data, 60 ); + GET_UINT32(W[0], data, 0); + GET_UINT32(W[1], data, 4); + GET_UINT32(W[2], data, 8); + GET_UINT32(W[3], data, 12); + GET_UINT32(W[4], data, 16); + GET_UINT32(W[5], data, 20); + GET_UINT32(W[6], data, 24); + GET_UINT32(W[7], data, 28); + GET_UINT32(W[8], data, 32); + GET_UINT32(W[9], data, 36); + GET_UINT32(W[10], data, 40); + GET_UINT32(W[11], data, 44); + GET_UINT32(W[12], data, 48); + GET_UINT32(W[13], data, 52); + GET_UINT32(W[14], data, 56); + GET_UINT32(W[15], data, 60); #define SHR(x,n) ((x & 0xFFFFFFFF) >> n) #define ROTR(x,n) (SHR(x,n) | (x << (32 - n))) @@ -135,70 +136,70 @@ void sha256_process( sha256_context *ctx, uint8 data[64] ) G = ctx->state[6]; H = ctx->state[7]; - P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 ); - P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 ); - P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF ); - P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 ); - P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B ); - P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 ); - P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 ); - P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 ); - P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 ); - P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 ); - P( G, H, A, B, C, D, E, F, W[10], 0x243185BE ); - P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 ); - P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 ); - P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE ); - P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 ); - P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 ); - P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 ); - P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 ); - P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 ); - P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC ); - P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F ); - P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA ); - P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC ); - P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA ); - P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 ); - P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D ); - P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 ); - P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 ); - P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 ); - P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 ); - P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 ); - P( B, C, D, E, F, G, H, A, R(31), 0x14292967 ); - P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 ); - P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 ); - P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC ); - P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 ); - P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 ); - P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB ); - P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E ); - P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 ); - P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 ); - P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B ); - P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 ); - P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 ); - P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 ); - P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 ); - P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 ); - P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 ); - P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 ); - P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 ); - P( G, H, A, B, C, D, E, F, R(50), 0x2748774C ); - P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 ); - P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 ); - P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A ); - P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F ); - P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 ); - P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE ); - P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F ); - P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 ); - P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 ); - P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA ); - P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB ); - P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 ); - P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 ); + P(A, B, C, D, E, F, G, H, W[0], 0x428A2F98); + P(H, A, B, C, D, E, F, G, W[1], 0x71374491); + P(G, H, A, B, C, D, E, F, W[2], 0xB5C0FBCF); + P(F, G, H, A, B, C, D, E, W[3], 0xE9B5DBA5); + P(E, F, G, H, A, B, C, D, W[4], 0x3956C25B); + P(D, E, F, G, H, A, B, C, W[5], 0x59F111F1); + P(C, D, E, F, G, H, A, B, W[6], 0x923F82A4); + P(B, C, D, E, F, G, H, A, W[7], 0xAB1C5ED5); + P(A, B, C, D, E, F, G, H, W[8], 0xD807AA98); + P(H, A, B, C, D, E, F, G, W[9], 0x12835B01); + P(G, H, A, B, C, D, E, F, W[10], 0x243185BE); + P(F, G, H, A, B, C, D, E, W[11], 0x550C7DC3); + P(E, F, G, H, A, B, C, D, W[12], 0x72BE5D74); + P(D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE); + P(C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7); + P(B, C, D, E, F, G, H, A, W[15], 0xC19BF174); + P(A, B, C, D, E, F, G, H, R(16), 0xE49B69C1); + P(H, A, B, C, D, E, F, G, R(17), 0xEFBE4786); + P(G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6); + P(F, G, H, A, B, C, D, E, R(19), 0x240CA1CC); + P(E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F); + P(D, E, F, G, H, A, B, C, R(21), 0x4A7484AA); + P(C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC); + P(B, C, D, E, F, G, H, A, R(23), 0x76F988DA); + P(A, B, C, D, E, F, G, H, R(24), 0x983E5152); + P(H, A, B, C, D, E, F, G, R(25), 0xA831C66D); + P(G, H, A, B, C, D, E, F, R(26), 0xB00327C8); + P(F, G, H, A, B, C, D, E, R(27), 0xBF597FC7); + P(E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3); + P(D, E, F, G, H, A, B, C, R(29), 0xD5A79147); + P(C, D, E, F, G, H, A, B, R(30), 0x06CA6351); + P(B, C, D, E, F, G, H, A, R(31), 0x14292967); + P(A, B, C, D, E, F, G, H, R(32), 0x27B70A85); + P(H, A, B, C, D, E, F, G, R(33), 0x2E1B2138); + P(G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC); + P(F, G, H, A, B, C, D, E, R(35), 0x53380D13); + P(E, F, G, H, A, B, C, D, R(36), 0x650A7354); + P(D, E, F, G, H, A, B, C, R(37), 0x766A0ABB); + P(C, D, E, F, G, H, A, B, R(38), 0x81C2C92E); + P(B, C, D, E, F, G, H, A, R(39), 0x92722C85); + P(A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1); + P(H, A, B, C, D, E, F, G, R(41), 0xA81A664B); + P(G, H, A, B, C, D, E, F, R(42), 0xC24B8B70); + P(F, G, H, A, B, C, D, E, R(43), 0xC76C51A3); + P(E, F, G, H, A, B, C, D, R(44), 0xD192E819); + P(D, E, F, G, H, A, B, C, R(45), 0xD6990624); + P(C, D, E, F, G, H, A, B, R(46), 0xF40E3585); + P(B, C, D, E, F, G, H, A, R(47), 0x106AA070); + P(A, B, C, D, E, F, G, H, R(48), 0x19A4C116); + P(H, A, B, C, D, E, F, G, R(49), 0x1E376C08); + P(G, H, A, B, C, D, E, F, R(50), 0x2748774C); + P(F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5); + P(E, F, G, H, A, B, C, D, R(52), 0x391C0CB3); + P(D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A); + P(C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F); + P(B, C, D, E, F, G, H, A, R(55), 0x682E6FF3); + P(A, B, C, D, E, F, G, H, R(56), 0x748F82EE); + P(H, A, B, C, D, E, F, G, R(57), 0x78A5636F); + P(G, H, A, B, C, D, E, F, R(58), 0x84C87814); + P(F, G, H, A, B, C, D, E, R(59), 0x8CC70208); + P(E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA); + P(D, E, F, G, H, A, B, C, R(61), 0xA4506CEB); + P(C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7); + P(B, C, D, E, F, G, H, A, R(63), 0xC67178F2); ctx->state[0] += A; ctx->state[1] += B; @@ -215,13 +216,13 @@ add some more input bits to a Overview: */ void sha256_update - ( sha256_context *ctx, /* @parm the */ - uint8 *input, /* @parm the input to add */ - uint32 length ) /* @parm the length of the input */ +(sha256_context *ctx, /* @parm the */ + const uint8 *input, /* @parm the input to add */ + uint32 length) /* @parm the length of the input */ { uint32 left, fill; - if( ! length ) return; + if (!length) return; left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -229,30 +230,27 @@ void sha256_update ctx->total[0] += length; ctx->total[0] &= 0xFFFFFFFF; - if( ctx->total[0] < length ) + if (ctx->total[0] < length) ctx->total[1]++; - if( left && length >= fill ) - { - memcpy( (void *) (ctx->buffer + left), - (void *) input, fill ); - sha256_process( ctx, ctx->buffer ); + if (left && length >= fill) { + memcpy((void *)(ctx->buffer + left), + (void *)input, fill); + sha256_process(ctx, ctx->buffer); length -= fill; - input += fill; + input += fill; left = 0; } - while( length >= 64 ) - { - sha256_process( ctx, input ); + while (length >= 64) { + sha256_process(ctx, input); length -= 64; - input += 64; + input += 64; } - if( length ) - { - memcpy( (void *) (ctx->buffer + left), - (void *) input, length ); + if (length) { + memcpy((void *)(ctx->buffer + left), + (void *)input, length); } } @@ -268,60 +266,63 @@ finish a sha256 calculation and store the result Overview: */ void sha256_finish - ( sha256_context *ctx, //@parm the - uint8 digest[32] ) //@parm the result +(sha256_context *ctx, //@parm the + uint8 digest[32]) //@parm the result { uint32 last, padn; uint32 high, low; uint8 msglen[8]; - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); + high = (ctx->total[0] >> 29) + | (ctx->total[1] << 3); + low = (ctx->total[0] << 3); - PUT_UINT32( high, msglen, 0 ); - PUT_UINT32( low, msglen, 4 ); + PUT_UINT32(high, msglen, 0); + PUT_UINT32(low, msglen, 4); last = ctx->total[0] & 0x3F; - padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); + padn = (last < 56) ? (56 - last) : (120 - last); - sha256_update( ctx, sha256_padding, padn ); - sha256_update( ctx, msglen, 8 ); + sha256_update(ctx, sha256_padding, padn); + sha256_update(ctx, msglen, 8); - PUT_UINT32( ctx->state[0], digest, 0 ); - PUT_UINT32( ctx->state[1], digest, 4 ); - PUT_UINT32( ctx->state[2], digest, 8 ); - PUT_UINT32( ctx->state[3], digest, 12 ); - PUT_UINT32( ctx->state[4], digest, 16 ); - PUT_UINT32( ctx->state[5], digest, 20 ); - PUT_UINT32( ctx->state[6], digest, 24 ); - PUT_UINT32( ctx->state[7], digest, 28 ); + PUT_UINT32(ctx->state[0], digest, 0); + PUT_UINT32(ctx->state[1], digest, 4); + PUT_UINT32(ctx->state[2], digest, 8); + PUT_UINT32(ctx->state[3], digest, 12); + PUT_UINT32(ctx->state[4], digest, 16); + PUT_UINT32(ctx->state[5], digest, 20); + PUT_UINT32(ctx->state[6], digest, 24); + PUT_UINT32(ctx->state[7], digest, 28); } -/* @func +/* @func Convert a MD5 digest to a 32 char hex string (plus trailing null). This function is intended to be used to armor digests as ordinary ascii for transmission in character oriented contexts. Overview: */ +#if 0 void SHA256String( - unsigned char Digest[32], /* @parm the MD5 Digest */ - char HexDigest[65]) /* @parm the hex string (output) */ + unsigned char Digest[32], /* @parm the MD5 Digest */ + char HexDigest[65]) /* @parm the hex string (output) */ { } +#endif + /* @func this is the short form to generate a binary hash from an ascii string Overview: */ void Sha256String - (char *str, //@parm the string to hash - unsigned char output[32]) //@parm the result hash +(const char *str, //@parm the string to hash + unsigned char output[32]) //@parm the result hash { sha256_context ctx; - sha256_starts(&ctx); - sha256_update(&ctx, str,(long)strlen(str)); - sha256_finish(&ctx,output); + sha256_starts(&ctx); + sha256_update(&ctx, (const unsigned char*)str, (unsigned long)strlen(str)); + sha256_finish(&ctx, output); } /* @func @@ -329,9 +330,10 @@ this is the short form to generate a hex hash from an ascii string Overview: */ void Sha256HexString - (char *str, //@parm the input string - char output[65]) //@parm the output string -{ unsigned char temp[32]; - Sha256String(str,temp); - Hexify(temp,32,output,65); -} +(const char *str, //@parm the input string + unsigned char output[65]) //@parm the output string +{ + unsigned char temp[32]; + Sha256String(str, temp); + Hexify(temp, 32, output, 65); +} diff --git a/crypto/sha-256.h b/crypto/sha-256.h index 46a0f6623..5e4c69694 100644 --- a/crypto/sha-256.h +++ b/crypto/sha-256.h @@ -26,11 +26,11 @@ typedef struct } sha256_context; -void sha256_starts( sha256_context *ctx ); -void sha256_update( sha256_context *ctx, uint8 *input, uint32 length ); -void sha256_finish( sha256_context *ctx, uint8 digest[32] ); +void sha256_starts(sha256_context *ctx); +void sha256_update(sha256_context *ctx, const uint8 *input, uint32 length); +void sha256_finish(sha256_context *ctx, uint8 digest[32]); -void Sha256String(char *str,unsigned char output[32]); -void Sha256HexString(char *str,char output[65]); +void Sha256String(const char *str, unsigned char output[32]); +void Sha256HexString(const char *str, unsigned char output[65]); #endif /* sha256.h */ diff --git a/scintilla/cppcheck.suppress b/scintilla/cppcheck.suppress index 95fe6c4aa..3e2818499 100644 --- a/scintilla/cppcheck.suppress +++ b/scintilla/cppcheck.suppress @@ -11,7 +11,12 @@ noExplicitConstructor // cppcheck does not understand private methods can be called from static methods unusedPrivateFunction:scintilla/win32/PlatWin.cxx +// The performance cost of by-value passing is often small and using a reference decreases +// code legibility. +passedByValue + // Suppress most lexer warnings since the lexers are maintained by others +redundantCondition:scintilla/lexers/LexA68k.cxx useInitializationList:scintilla/lexers/LexAsm.cxx useInitializationList:scintilla/lexers/LexBasic.cxx uninitMemberVar:scintilla/lexers/LexBash.cxx @@ -30,6 +35,7 @@ variableScope:scintilla/lexers/LexNimrod.cxx variableScope:scintilla/lexers/LexNsis.cxx variableScope:scintilla/lexers/LexOpal.cxx variableScope:scintilla/lexers/LexPB.cxx +variableScope:scintilla/lexers/LexProgress.cxx variableScope:scintilla/lexers/LexRuby.cxx uninitMemberVar:scintilla/lexers/LexRuby.cxx variableScope:scintilla/lexers/LexSpecman.cxx diff --git a/scintilla/doc/ScintillaToDo.html b/scintilla/doc/ScintillaToDo.html index 2995001b0..8ff64bc4b 100644 --- a/scintilla/doc/ScintillaToDo.html +++ b/scintilla/doc/ScintillaToDo.html @@ -31,7 +31,7 @@

Issues can be reported on the Bug Tracker - and features requested on the Feature Request Tracker. + and features requested on the Feature Request Tracker.

Scintilla Bugs diff --git a/scintilla/version.txt b/scintilla/version.txt index 526204c86..5b0cffbc0 100644 --- a/scintilla/version.txt +++ b/scintilla/version.txt @@ -1 +1 @@ -367 +370