sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-03 01:18:10 +03:00
Code

Remove redundant check and fallback for AES CMAC 128 as we now require GnuTLS 3.6.13

Browse Source 
This allows us to remove a lot of conditionally compiled code and so
know with more certainly that our tests are covering our code-paths.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Andrew Bartlett 2022-10-27 11:09:19 +13:00 committed by Andreas Schneider
parent 95c843de92
commit 11b3c6826d
13 changed files with 1 additions and 2668 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

329
lib/crypto/aes.c
View File

@ -1,329 +0,0 @@
/*
* Copyright (c) 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "replace.h"
#include "aes.h"
#ifdef SAMBA_RIJNDAEL
#include "rijndael-alg-fst.h"
#if defined(HAVE_AESNI_INTEL)
/*
* NB. HAVE_AESNI_INTEL is only defined if -lang-asm is
* available.
*/
static inline void __cpuid(unsigned int where[4], unsigned int leaf)
{
asm volatile("cpuid" :
"=a" (where[0]),
"=b" (where[1]),
"=c" (where[2]),
"=d" (where[3]): "a" (leaf));
}
/*
* has_intel_aes_instructions()
* return true if supports AES-NI and false if doesn't
*/
static bool has_intel_aes_instructions(void)
{
static int has_aes_instructions = -1;
unsigned int cpuid_results[4];
if (has_aes_instructions != -1) {
return (bool)has_aes_instructions;
}
__cpuid(cpuid_results, 1);
has_aes_instructions = !!(cpuid_results[2] & (1 << 25));
return (bool)has_aes_instructions;
}
/*
* Macro to ensure the AES key schedule starts on a 16 byte boundary.
*/
#define SET_ACC_CTX(k) \
do { \
(k)->u.aes_ni.acc_ctx = \
(struct crypto_aes_ctx *)(((unsigned long)(k)->u.aes_ni._acc_ctx + 15) & ~0xfUL); \
} while (0)
/*
* The next 4 functions call the Intel AES hardware implementations
* of:
*
* AES_set_encrypt_key()
* AES_set_decrypt_key()
* AES_encrypt()
* AES_decrypt()
*/
static int AES_set_encrypt_key_aesni(const unsigned char *userkey,
const int bits,
AES_KEY *key)
{
SET_ACC_CTX(key);
return aesni_set_key(key->u.aes_ni.acc_ctx, userkey, bits/8);
}
static int AES_set_decrypt_key_aesni(const unsigned char *userkey,
const int bits,
AES_KEY *key)
{
SET_ACC_CTX(key);
return aesni_set_key(key->u.aes_ni.acc_ctx, userkey, bits/8);
}
static void AES_encrypt_aesni(const unsigned char *in,
unsigned char *out,
const AES_KEY *key)
{
aesni_enc(key->u.aes_ni.acc_ctx, out, in);
}
static void AES_decrypt_aesni(const unsigned char *in,
unsigned char *out,
const AES_KEY *key)
{
aesni_dec(key->u.aes_ni.acc_ctx, out, in);
}
#else /* defined(HAVE_AESNI_INTEL) */
/*
* Dummy implementations if no Intel AES instructions present.
* Only has_intel_aes_instructions() will ever be called.
*/
static bool has_intel_aes_instructions(void)
{
return false;
}
static int AES_set_encrypt_key_aesni(const unsigned char *userkey,
const int bits,
AES_KEY *key)
{
return -1;
}
static int AES_set_decrypt_key_aesni(const unsigned char *userkey,
const int bits,
AES_KEY *key)
{
return -1;
}
static void AES_encrypt_aesni(const unsigned char *in,
unsigned char *out,
const AES_KEY *key)
{
abort();
}
static void AES_decrypt_aesni(const unsigned char *in,
unsigned char *out,
const AES_KEY *key)
{
abort();
}
#endif /* defined(HAVE_AENI_INTEL) */
/*
* The next 4 functions are the pure software implementations
* of:
*
* AES_set_encrypt_key()
* AES_set_decrypt_key()
* AES_encrypt()
* AES_decrypt()
*/
static int
AES_set_encrypt_key_rj(const unsigned char *userkey, const int bits, AES_KEY *key)
{
key->u.aes_rj.rounds = rijndaelKeySetupEnc(key->u.aes_rj.key, userkey, bits);
if (key->u.aes_rj.rounds == 0)
return -1;
return 0;
}
static int
AES_set_decrypt_key_rj(const unsigned char *userkey, const int bits, AES_KEY *key)
{
key->u.aes_rj.rounds = rijndaelKeySetupDec(key->u.aes_rj.key, userkey, bits);
if (key->u.aes_rj.rounds == 0)
return -1;
return 0;
}
static void
AES_encrypt_rj(const unsigned char *in, unsigned char *out, const AES_KEY *key)
{
rijndaelEncrypt(key->u.aes_rj.key, key->u.aes_rj.rounds, in, out);
}
static void
AES_decrypt_rj(const unsigned char *in, unsigned char *out, const AES_KEY *key)
{
rijndaelDecrypt(key->u.aes_rj.key, key->u.aes_rj.rounds, in, out);
}
/*
* The next 4 functions are the runtime switch for Intel AES hardware
* implementations of:
*
* AES_set_encrypt_key()
* AES_set_decrypt_key()
* AES_encrypt()
* AES_decrypt()
*
* If the hardware instructions don't exist, fall back to the software
* versions.
*/
int
AES_set_encrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key)
{
if (has_intel_aes_instructions()) {
return AES_set_encrypt_key_aesni(userkey, bits, key);
}
return AES_set_encrypt_key_rj(userkey, bits, key);
}
int
AES_set_decrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key)
{
if (has_intel_aes_instructions()) {
return AES_set_decrypt_key_aesni(userkey, bits, key);
}
return AES_set_decrypt_key_rj(userkey, bits, key);
}
void
AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
{
if (has_intel_aes_instructions()) {
AES_encrypt_aesni(in, out, key);
return;
}
AES_encrypt_rj(in, out, key);
}
void
AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
{
if (has_intel_aes_instructions()) {
AES_decrypt_aesni(in, out, key);
return;
}
AES_decrypt_rj(in, out, key);
}
#endif /* SAMBA_RIJNDAEL */
#ifdef SAMBA_AES_CBC_ENCRYPT
void
AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
unsigned long size, const AES_KEY *key,
unsigned char *iv, int forward_encrypt)
{
unsigned char tmp[AES_BLOCK_SIZE];
int i;
if (forward_encrypt) {
while (size >= AES_BLOCK_SIZE) {
for (i = 0; i < AES_BLOCK_SIZE; i++)
tmp[i] = in[i] ^ iv[i];
AES_encrypt(tmp, out, key);
memcpy(iv, out, AES_BLOCK_SIZE);
size -= AES_BLOCK_SIZE;
in += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE;
}
if (size) {
for (i = 0; i < size; i++)
tmp[i] = in[i] ^ iv[i];
for (i = size; i < AES_BLOCK_SIZE; i++)
tmp[i] = iv[i];
AES_encrypt(tmp, out, key);
memcpy(iv, out, AES_BLOCK_SIZE);
}
} else {
while (size >= AES_BLOCK_SIZE) {
memcpy(tmp, in, AES_BLOCK_SIZE);
AES_decrypt(tmp, out, key);
for (i = 0; i < AES_BLOCK_SIZE; i++)
out[i] ^= iv[i];
memcpy(iv, tmp, AES_BLOCK_SIZE);
size -= AES_BLOCK_SIZE;
in += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE;
}
if (size) {
memcpy(tmp, in, AES_BLOCK_SIZE);
AES_decrypt(tmp, out, key);
for (i = 0; i < size; i++)
out[i] ^= iv[i];
memcpy(iv, tmp, AES_BLOCK_SIZE);
}
}
}
#endif /* SAMBA_AES_CBC_ENCRYPT */
#ifdef SAMBA_AES_CFB8_ENCRYPT
void
AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
unsigned long size, const AES_KEY *key,
unsigned char *iv, int forward_encrypt)
{
int i;
for (i = 0; i < size; i++) {
unsigned char tmp[AES_BLOCK_SIZE + 1];
memcpy(tmp, iv, AES_BLOCK_SIZE);
AES_encrypt(iv, iv, key);
if (!forward_encrypt) {
tmp[AES_BLOCK_SIZE] = in[i];
}
out[i] = in[i] ^ iv[0];
if (forward_encrypt) {
tmp[AES_BLOCK_SIZE] = out[i];
}
memcpy(iv, &tmp[1], AES_BLOCK_SIZE);
}
}
#endif /* SAMBA_AES_CFB8_ENCRYPT */

634
lib/crypto/aes.h
View File

@ -36,643 +36,9 @@
#ifndef LIB_CRYPTO_AES_H
#define LIB_CRYPTO_AES_H 1
#include "aesni.h"
#define SAMBA_RIJNDAEL 1
#define SAMBA_AES_CBC_ENCRYPT 1
#define SAMBA_AES_CFB8_ENCRYPT 1
#define SAMBA_AES_BLOCK_XOR 1
/* symbol renaming */
#define AES_set_encrypt_key samba_AES_set_encrypt_key
#define AES_set_decrypt_key samba_AES_decrypt_key
#define AES_encrypt samba_AES_encrypt
#define AES_decrypt samba_AES_decrypt
#define AES_cbc_encrypt samba_AES_cbc_encrypt
#define AES_cfb8_encrypt samba_AES_cfb8_encrypt
/*
*
*/
#define AES_BLOCK_SIZE 16
#define AES_MAXNR 14
#define AES_ENCRYPT 1
#define AES_DECRYPT 0
struct aes_key_rj {
uint32_t key[(AES_MAXNR+1)*4];
int rounds;
};
typedef struct aes_key {
union {
struct aes_key_rj aes_rj;
struct crypto_aesni_ctx aes_ni;
} u;
} AES_KEY;
#ifdef __cplusplus
extern "C" {
#endif
int AES_set_encrypt_key(const unsigned char *, const int, AES_KEY *);
int AES_set_decrypt_key(const unsigned char *, const int, AES_KEY *);
void AES_encrypt(const unsigned char *, unsigned char *, const AES_KEY *);
void AES_decrypt(const unsigned char *, unsigned char *, const AES_KEY *);
void AES_cbc_encrypt(const unsigned char *, unsigned char *,
const unsigned long, const AES_KEY *,
unsigned char *, int);
void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
unsigned long size, const AES_KEY *key,
unsigned char *iv, int forward_encrypt);
#define aes_cfb8_encrypt(in, out, size, key, iv, forward_encrypt) \
AES_cfb8_encrypt(in, out, size, key, iv, forward_encrypt)
#ifdef __cplusplus
}
#endif
#ifdef SAMBA_AES_BLOCK_XOR
static inline void aes_block_xor(const uint8_t in1[AES_BLOCK_SIZE],
const uint8_t in2[AES_BLOCK_SIZE],
uint8_t out[AES_BLOCK_SIZE])
{
#define __IS_ALIGN8(p) ((((uintptr_t)(p)) & 0x7) == 0)
#define __IS_ALIGNED(a,b,c) __IS_ALIGN8(\
((uintptr_t)(a)) | \
((uintptr_t)(b)) | \
((uintptr_t)(c)))
/* If everything is aligned we can optimize */
if (likely(__IS_ALIGNED(in1, in2, out))) {
#define __RO64(p) ((const uint64_t *)(p))
#define __RW64(p) ((uint64_t *)(p))
__RW64(out)[0] = __RO64(in1)[0] ^ __RO64(in2)[0];
__RW64(out)[1] = __RO64(in1)[1] ^ __RO64(in2)[1];
} else {
uint64_t i1[2];
uint64_t i2[2];
uint64_t o[2];
memcpy(i1, in1, AES_BLOCK_SIZE);
memcpy(i2, in2, AES_BLOCK_SIZE);
o[0] = i1[0] ^ i2[0];
o[1] = i1[1] ^ i2[1];
memcpy(out, o, AES_BLOCK_SIZE);
}
}
#endif /* SAMBA_AES_BLOCK_XOR */
static inline void aes_block_lshift(const uint8_t in[AES_BLOCK_SIZE],
uint8_t out[AES_BLOCK_SIZE])
{
static const struct aes_block_lshift_entry {
uint8_t lshift;
uint8_t overflow;
} aes_block_lshift_table[UINT8_MAX+1] = {
[0x00] = { .lshift = 0x00, .overflow = 0x00 },
[0x01] = { .lshift = 0x02, .overflow = 0x00 },
[0x02] = { .lshift = 0x04, .overflow = 0x00 },
[0x03] = { .lshift = 0x06, .overflow = 0x00 },
[0x04] = { .lshift = 0x08, .overflow = 0x00 },
[0x05] = { .lshift = 0x0a, .overflow = 0x00 },
[0x06] = { .lshift = 0x0c, .overflow = 0x00 },
[0x07] = { .lshift = 0x0e, .overflow = 0x00 },
[0x08] = { .lshift = 0x10, .overflow = 0x00 },
[0x09] = { .lshift = 0x12, .overflow = 0x00 },
[0x0a] = { .lshift = 0x14, .overflow = 0x00 },
[0x0b] = { .lshift = 0x16, .overflow = 0x00 },
[0x0c] = { .lshift = 0x18, .overflow = 0x00 },
[0x0d] = { .lshift = 0x1a, .overflow = 0x00 },
[0x0e] = { .lshift = 0x1c, .overflow = 0x00 },
[0x0f] = { .lshift = 0x1e, .overflow = 0x00 },
[0x10] = { .lshift = 0x20, .overflow = 0x00 },
[0x11] = { .lshift = 0x22, .overflow = 0x00 },
[0x12] = { .lshift = 0x24, .overflow = 0x00 },
[0x13] = { .lshift = 0x26, .overflow = 0x00 },
[0x14] = { .lshift = 0x28, .overflow = 0x00 },
[0x15] = { .lshift = 0x2a, .overflow = 0x00 },
[0x16] = { .lshift = 0x2c, .overflow = 0x00 },
[0x17] = { .lshift = 0x2e, .overflow = 0x00 },
[0x18] = { .lshift = 0x30, .overflow = 0x00 },
[0x19] = { .lshift = 0x32, .overflow = 0x00 },
[0x1a] = { .lshift = 0x34, .overflow = 0x00 },
[0x1b] = { .lshift = 0x36, .overflow = 0x00 },
[0x1c] = { .lshift = 0x38, .overflow = 0x00 },
[0x1d] = { .lshift = 0x3a, .overflow = 0x00 },
[0x1e] = { .lshift = 0x3c, .overflow = 0x00 },
[0x1f] = { .lshift = 0x3e, .overflow = 0x00 },
[0x20] = { .lshift = 0x40, .overflow = 0x00 },
[0x21] = { .lshift = 0x42, .overflow = 0x00 },
[0x22] = { .lshift = 0x44, .overflow = 0x00 },
[0x23] = { .lshift = 0x46, .overflow = 0x00 },
[0x24] = { .lshift = 0x48, .overflow = 0x00 },
[0x25] = { .lshift = 0x4a, .overflow = 0x00 },
[0x26] = { .lshift = 0x4c, .overflow = 0x00 },
[0x27] = { .lshift = 0x4e, .overflow = 0x00 },
[0x28] = { .lshift = 0x50, .overflow = 0x00 },
[0x29] = { .lshift = 0x52, .overflow = 0x00 },
[0x2a] = { .lshift = 0x54, .overflow = 0x00 },
[0x2b] = { .lshift = 0x56, .overflow = 0x00 },
[0x2c] = { .lshift = 0x58, .overflow = 0x00 },
[0x2d] = { .lshift = 0x5a, .overflow = 0x00 },
[0x2e] = { .lshift = 0x5c, .overflow = 0x00 },
[0x2f] = { .lshift = 0x5e, .overflow = 0x00 },
[0x30] = { .lshift = 0x60, .overflow = 0x00 },
[0x31] = { .lshift = 0x62, .overflow = 0x00 },
[0x32] = { .lshift = 0x64, .overflow = 0x00 },
[0x33] = { .lshift = 0x66, .overflow = 0x00 },
[0x34] = { .lshift = 0x68, .overflow = 0x00 },
[0x35] = { .lshift = 0x6a, .overflow = 0x00 },
[0x36] = { .lshift = 0x6c, .overflow = 0x00 },
[0x37] = { .lshift = 0x6e, .overflow = 0x00 },
[0x38] = { .lshift = 0x70, .overflow = 0x00 },
[0x39] = { .lshift = 0x72, .overflow = 0x00 },
[0x3a] = { .lshift = 0x74, .overflow = 0x00 },
[0x3b] = { .lshift = 0x76, .overflow = 0x00 },
[0x3c] = { .lshift = 0x78, .overflow = 0x00 },
[0x3d] = { .lshift = 0x7a, .overflow = 0x00 },
[0x3e] = { .lshift = 0x7c, .overflow = 0x00 },
[0x3f] = { .lshift = 0x7e, .overflow = 0x00 },
[0x40] = { .lshift = 0x80, .overflow = 0x00 },
[0x41] = { .lshift = 0x82, .overflow = 0x00 },
[0x42] = { .lshift = 0x84, .overflow = 0x00 },
[0x43] = { .lshift = 0x86, .overflow = 0x00 },
[0x44] = { .lshift = 0x88, .overflow = 0x00 },
[0x45] = { .lshift = 0x8a, .overflow = 0x00 },
[0x46] = { .lshift = 0x8c, .overflow = 0x00 },
[0x47] = { .lshift = 0x8e, .overflow = 0x00 },
[0x48] = { .lshift = 0x90, .overflow = 0x00 },
[0x49] = { .lshift = 0x92, .overflow = 0x00 },
[0x4a] = { .lshift = 0x94, .overflow = 0x00 },
[0x4b] = { .lshift = 0x96, .overflow = 0x00 },
[0x4c] = { .lshift = 0x98, .overflow = 0x00 },
[0x4d] = { .lshift = 0x9a, .overflow = 0x00 },
[0x4e] = { .lshift = 0x9c, .overflow = 0x00 },
[0x4f] = { .lshift = 0x9e, .overflow = 0x00 },
[0x50] = { .lshift = 0xa0, .overflow = 0x00 },
[0x51] = { .lshift = 0xa2, .overflow = 0x00 },
[0x52] = { .lshift = 0xa4, .overflow = 0x00 },
[0x53] = { .lshift = 0xa6, .overflow = 0x00 },
[0x54] = { .lshift = 0xa8, .overflow = 0x00 },
[0x55] = { .lshift = 0xaa, .overflow = 0x00 },
[0x56] = { .lshift = 0xac, .overflow = 0x00 },
[0x57] = { .lshift = 0xae, .overflow = 0x00 },
[0x58] = { .lshift = 0xb0, .overflow = 0x00 },
[0x59] = { .lshift = 0xb2, .overflow = 0x00 },
[0x5a] = { .lshift = 0xb4, .overflow = 0x00 },
[0x5b] = { .lshift = 0xb6, .overflow = 0x00 },
[0x5c] = { .lshift = 0xb8, .overflow = 0x00 },
[0x5d] = { .lshift = 0xba, .overflow = 0x00 },
[0x5e] = { .lshift = 0xbc, .overflow = 0x00 },
[0x5f] = { .lshift = 0xbe, .overflow = 0x00 },
[0x60] = { .lshift = 0xc0, .overflow = 0x00 },
[0x61] = { .lshift = 0xc2, .overflow = 0x00 },
[0x62] = { .lshift = 0xc4, .overflow = 0x00 },
[0x63] = { .lshift = 0xc6, .overflow = 0x00 },
[0x64] = { .lshift = 0xc8, .overflow = 0x00 },
[0x65] = { .lshift = 0xca, .overflow = 0x00 },
[0x66] = { .lshift = 0xcc, .overflow = 0x00 },
[0x67] = { .lshift = 0xce, .overflow = 0x00 },
[0x68] = { .lshift = 0xd0, .overflow = 0x00 },
[0x69] = { .lshift = 0xd2, .overflow = 0x00 },
[0x6a] = { .lshift = 0xd4, .overflow = 0x00 },
[0x6b] = { .lshift = 0xd6, .overflow = 0x00 },
[0x6c] = { .lshift = 0xd8, .overflow = 0x00 },
[0x6d] = { .lshift = 0xda, .overflow = 0x00 },
[0x6e] = { .lshift = 0xdc, .overflow = 0x00 },
[0x6f] = { .lshift = 0xde, .overflow = 0x00 },
[0x70] = { .lshift = 0xe0, .overflow = 0x00 },
[0x71] = { .lshift = 0xe2, .overflow = 0x00 },
[0x72] = { .lshift = 0xe4, .overflow = 0x00 },
[0x73] = { .lshift = 0xe6, .overflow = 0x00 },
[0x74] = { .lshift = 0xe8, .overflow = 0x00 },
[0x75] = { .lshift = 0xea, .overflow = 0x00 },
[0x76] = { .lshift = 0xec, .overflow = 0x00 },
[0x77] = { .lshift = 0xee, .overflow = 0x00 },
[0x78] = { .lshift = 0xf0, .overflow = 0x00 },
[0x79] = { .lshift = 0xf2, .overflow = 0x00 },
[0x7a] = { .lshift = 0xf4, .overflow = 0x00 },
[0x7b] = { .lshift = 0xf6, .overflow = 0x00 },
[0x7c] = { .lshift = 0xf8, .overflow = 0x00 },
[0x7d] = { .lshift = 0xfa, .overflow = 0x00 },
[0x7e] = { .lshift = 0xfc, .overflow = 0x00 },
[0x7f] = { .lshift = 0xfe, .overflow = 0x00 },
[0x80] = { .lshift = 0x00, .overflow = 0x01 },
[0x81] = { .lshift = 0x02, .overflow = 0x01 },
[0x82] = { .lshift = 0x04, .overflow = 0x01 },
[0x83] = { .lshift = 0x06, .overflow = 0x01 },
[0x84] = { .lshift = 0x08, .overflow = 0x01 },
[0x85] = { .lshift = 0x0a, .overflow = 0x01 },
[0x86] = { .lshift = 0x0c, .overflow = 0x01 },
[0x87] = { .lshift = 0x0e, .overflow = 0x01 },
[0x88] = { .lshift = 0x10, .overflow = 0x01 },
[0x89] = { .lshift = 0x12, .overflow = 0x01 },
[0x8a] = { .lshift = 0x14, .overflow = 0x01 },
[0x8b] = { .lshift = 0x16, .overflow = 0x01 },
[0x8c] = { .lshift = 0x18, .overflow = 0x01 },
[0x8d] = { .lshift = 0x1a, .overflow = 0x01 },
[0x8e] = { .lshift = 0x1c, .overflow = 0x01 },
[0x8f] = { .lshift = 0x1e, .overflow = 0x01 },
[0x90] = { .lshift = 0x20, .overflow = 0x01 },
[0x91] = { .lshift = 0x22, .overflow = 0x01 },
[0x92] = { .lshift = 0x24, .overflow = 0x01 },
[0x93] = { .lshift = 0x26, .overflow = 0x01 },
[0x94] = { .lshift = 0x28, .overflow = 0x01 },
[0x95] = { .lshift = 0x2a, .overflow = 0x01 },
[0x96] = { .lshift = 0x2c, .overflow = 0x01 },
[0x97] = { .lshift = 0x2e, .overflow = 0x01 },
[0x98] = { .lshift = 0x30, .overflow = 0x01 },
[0x99] = { .lshift = 0x32, .overflow = 0x01 },
[0x9a] = { .lshift = 0x34, .overflow = 0x01 },
[0x9b] = { .lshift = 0x36, .overflow = 0x01 },
[0x9c] = { .lshift = 0x38, .overflow = 0x01 },
[0x9d] = { .lshift = 0x3a, .overflow = 0x01 },
[0x9e] = { .lshift = 0x3c, .overflow = 0x01 },
[0x9f] = { .lshift = 0x3e, .overflow = 0x01 },
[0xa0] = { .lshift = 0x40, .overflow = 0x01 },
[0xa1] = { .lshift = 0x42, .overflow = 0x01 },
[0xa2] = { .lshift = 0x44, .overflow = 0x01 },
[0xa3] = { .lshift = 0x46, .overflow = 0x01 },
[0xa4] = { .lshift = 0x48, .overflow = 0x01 },
[0xa5] = { .lshift = 0x4a, .overflow = 0x01 },
[0xa6] = { .lshift = 0x4c, .overflow = 0x01 },
[0xa7] = { .lshift = 0x4e, .overflow = 0x01 },
[0xa8] = { .lshift = 0x50, .overflow = 0x01 },
[0xa9] = { .lshift = 0x52, .overflow = 0x01 },
[0xaa] = { .lshift = 0x54, .overflow = 0x01 },
[0xab] = { .lshift = 0x56, .overflow = 0x01 },
[0xac] = { .lshift = 0x58, .overflow = 0x01 },
[0xad] = { .lshift = 0x5a, .overflow = 0x01 },
[0xae] = { .lshift = 0x5c, .overflow = 0x01 },
[0xaf] = { .lshift = 0x5e, .overflow = 0x01 },
[0xb0] = { .lshift = 0x60, .overflow = 0x01 },
[0xb1] = { .lshift = 0x62, .overflow = 0x01 },
[0xb2] = { .lshift = 0x64, .overflow = 0x01 },
[0xb3] = { .lshift = 0x66, .overflow = 0x01 },
[0xb4] = { .lshift = 0x68, .overflow = 0x01 },
[0xb5] = { .lshift = 0x6a, .overflow = 0x01 },
[0xb6] = { .lshift = 0x6c, .overflow = 0x01 },
[0xb7] = { .lshift = 0x6e, .overflow = 0x01 },
[0xb8] = { .lshift = 0x70, .overflow = 0x01 },
[0xb9] = { .lshift = 0x72, .overflow = 0x01 },
[0xba] = { .lshift = 0x74, .overflow = 0x01 },
[0xbb] = { .lshift = 0x76, .overflow = 0x01 },
[0xbc] = { .lshift = 0x78, .overflow = 0x01 },
[0xbd] = { .lshift = 0x7a, .overflow = 0x01 },
[0xbe] = { .lshift = 0x7c, .overflow = 0x01 },
[0xbf] = { .lshift = 0x7e, .overflow = 0x01 },
[0xc0] = { .lshift = 0x80, .overflow = 0x01 },
[0xc1] = { .lshift = 0x82, .overflow = 0x01 },
[0xc2] = { .lshift = 0x84, .overflow = 0x01 },
[0xc3] = { .lshift = 0x86, .overflow = 0x01 },
[0xc4] = { .lshift = 0x88, .overflow = 0x01 },
[0xc5] = { .lshift = 0x8a, .overflow = 0x01 },
[0xc6] = { .lshift = 0x8c, .overflow = 0x01 },
[0xc7] = { .lshift = 0x8e, .overflow = 0x01 },
[0xc8] = { .lshift = 0x90, .overflow = 0x01 },
[0xc9] = { .lshift = 0x92, .overflow = 0x01 },
[0xca] = { .lshift = 0x94, .overflow = 0x01 },
[0xcb] = { .lshift = 0x96, .overflow = 0x01 },
[0xcc] = { .lshift = 0x98, .overflow = 0x01 },
[0xcd] = { .lshift = 0x9a, .overflow = 0x01 },
[0xce] = { .lshift = 0x9c, .overflow = 0x01 },
[0xcf] = { .lshift = 0x9e, .overflow = 0x01 },
[0xd0] = { .lshift = 0xa0, .overflow = 0x01 },
[0xd1] = { .lshift = 0xa2, .overflow = 0x01 },
[0xd2] = { .lshift = 0xa4, .overflow = 0x01 },
[0xd3] = { .lshift = 0xa6, .overflow = 0x01 },
[0xd4] = { .lshift = 0xa8, .overflow = 0x01 },
[0xd5] = { .lshift = 0xaa, .overflow = 0x01 },
[0xd6] = { .lshift = 0xac, .overflow = 0x01 },
[0xd7] = { .lshift = 0xae, .overflow = 0x01 },
[0xd8] = { .lshift = 0xb0, .overflow = 0x01 },
[0xd9] = { .lshift = 0xb2, .overflow = 0x01 },
[0xda] = { .lshift = 0xb4, .overflow = 0x01 },
[0xdb] = { .lshift = 0xb6, .overflow = 0x01 },
[0xdc] = { .lshift = 0xb8, .overflow = 0x01 },
[0xdd] = { .lshift = 0xba, .overflow = 0x01 },
[0xde] = { .lshift = 0xbc, .overflow = 0x01 },
[0xdf] = { .lshift = 0xbe, .overflow = 0x01 },
[0xe0] = { .lshift = 0xc0, .overflow = 0x01 },
[0xe1] = { .lshift = 0xc2, .overflow = 0x01 },
[0xe2] = { .lshift = 0xc4, .overflow = 0x01 },
[0xe3] = { .lshift = 0xc6, .overflow = 0x01 },
[0xe4] = { .lshift = 0xc8, .overflow = 0x01 },
[0xe5] = { .lshift = 0xca, .overflow = 0x01 },
[0xe6] = { .lshift = 0xcc, .overflow = 0x01 },
[0xe7] = { .lshift = 0xce, .overflow = 0x01 },
[0xe8] = { .lshift = 0xd0, .overflow = 0x01 },
[0xe9] = { .lshift = 0xd2, .overflow = 0x01 },
[0xea] = { .lshift = 0xd4, .overflow = 0x01 },
[0xeb] = { .lshift = 0xd6, .overflow = 0x01 },
[0xec] = { .lshift = 0xd8, .overflow = 0x01 },
[0xed] = { .lshift = 0xda, .overflow = 0x01 },
[0xee] = { .lshift = 0xdc, .overflow = 0x01 },
[0xef] = { .lshift = 0xde, .overflow = 0x01 },
[0xf0] = { .lshift = 0xe0, .overflow = 0x01 },
[0xf1] = { .lshift = 0xe2, .overflow = 0x01 },
[0xf2] = { .lshift = 0xe4, .overflow = 0x01 },
[0xf3] = { .lshift = 0xe6, .overflow = 0x01 },
[0xf4] = { .lshift = 0xe8, .overflow = 0x01 },
[0xf5] = { .lshift = 0xea, .overflow = 0x01 },
[0xf6] = { .lshift = 0xec, .overflow = 0x01 },
[0xf7] = { .lshift = 0xee, .overflow = 0x01 },
[0xf8] = { .lshift = 0xf0, .overflow = 0x01 },
[0xf9] = { .lshift = 0xf2, .overflow = 0x01 },
[0xfa] = { .lshift = 0xf4, .overflow = 0x01 },
[0xfb] = { .lshift = 0xf6, .overflow = 0x01 },
[0xfc] = { .lshift = 0xf8, .overflow = 0x01 },
[0xfd] = { .lshift = 0xfa, .overflow = 0x01 },
[0xfe] = { .lshift = 0xfc, .overflow = 0x01 },
[0xff] = { .lshift = 0xfe, .overflow = 0x01 },
};
int8_t i;
uint8_t overflow = 0;
for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
const struct aes_block_lshift_entry *e = &aes_block_lshift_table[in[i]];
out[i] = e->lshift | overflow;
overflow = e->overflow;
}
}
static inline void aes_block_rshift(const uint8_t in[AES_BLOCK_SIZE],
uint8_t out[AES_BLOCK_SIZE])
{
static const struct aes_block_rshift_entry {
uint8_t rshift;
uint8_t overflow;
} aes_block_rshift_table[UINT8_MAX+1] = {
[0x00] = { .rshift = 0x00, .overflow = 0x00 },
[0x01] = { .rshift = 0x00, .overflow = 0x80 },
[0x02] = { .rshift = 0x01, .overflow = 0x00 },
[0x03] = { .rshift = 0x01, .overflow = 0x80 },
[0x04] = { .rshift = 0x02, .overflow = 0x00 },
[0x05] = { .rshift = 0x02, .overflow = 0x80 },
[0x06] = { .rshift = 0x03, .overflow = 0x00 },
[0x07] = { .rshift = 0x03, .overflow = 0x80 },
[0x08] = { .rshift = 0x04, .overflow = 0x00 },
[0x09] = { .rshift = 0x04, .overflow = 0x80 },
[0x0a] = { .rshift = 0x05, .overflow = 0x00 },
[0x0b] = { .rshift = 0x05, .overflow = 0x80 },
[0x0c] = { .rshift = 0x06, .overflow = 0x00 },
[0x0d] = { .rshift = 0x06, .overflow = 0x80 },
[0x0e] = { .rshift = 0x07, .overflow = 0x00 },
[0x0f] = { .rshift = 0x07, .overflow = 0x80 },
[0x10] = { .rshift = 0x08, .overflow = 0x00 },
[0x11] = { .rshift = 0x08, .overflow = 0x80 },
[0x12] = { .rshift = 0x09, .overflow = 0x00 },
[0x13] = { .rshift = 0x09, .overflow = 0x80 },
[0x14] = { .rshift = 0x0a, .overflow = 0x00 },
[0x15] = { .rshift = 0x0a, .overflow = 0x80 },
[0x16] = { .rshift = 0x0b, .overflow = 0x00 },
[0x17] = { .rshift = 0x0b, .overflow = 0x80 },
[0x18] = { .rshift = 0x0c, .overflow = 0x00 },
[0x19] = { .rshift = 0x0c, .overflow = 0x80 },
[0x1a] = { .rshift = 0x0d, .overflow = 0x00 },
[0x1b] = { .rshift = 0x0d, .overflow = 0x80 },
[0x1c] = { .rshift = 0x0e, .overflow = 0x00 },
[0x1d] = { .rshift = 0x0e, .overflow = 0x80 },
[0x1e] = { .rshift = 0x0f, .overflow = 0x00 },
[0x1f] = { .rshift = 0x0f, .overflow = 0x80 },
[0x20] = { .rshift = 0x10, .overflow = 0x00 },
[0x21] = { .rshift = 0x10, .overflow = 0x80 },
[0x22] = { .rshift = 0x11, .overflow = 0x00 },
[0x23] = { .rshift = 0x11, .overflow = 0x80 },
[0x24] = { .rshift = 0x12, .overflow = 0x00 },
[0x25] = { .rshift = 0x12, .overflow = 0x80 },
[0x26] = { .rshift = 0x13, .overflow = 0x00 },
[0x27] = { .rshift = 0x13, .overflow = 0x80 },
[0x28] = { .rshift = 0x14, .overflow = 0x00 },
[0x29] = { .rshift = 0x14, .overflow = 0x80 },
[0x2a] = { .rshift = 0x15, .overflow = 0x00 },
[0x2b] = { .rshift = 0x15, .overflow = 0x80 },
[0x2c] = { .rshift = 0x16, .overflow = 0x00 },
[0x2d] = { .rshift = 0x16, .overflow = 0x80 },
[0x2e] = { .rshift = 0x17, .overflow = 0x00 },
[0x2f] = { .rshift = 0x17, .overflow = 0x80 },
[0x30] = { .rshift = 0x18, .overflow = 0x00 },
[0x31] = { .rshift = 0x18, .overflow = 0x80 },
[0x32] = { .rshift = 0x19, .overflow = 0x00 },
[0x33] = { .rshift = 0x19, .overflow = 0x80 },
[0x34] = { .rshift = 0x1a, .overflow = 0x00 },
[0x35] = { .rshift = 0x1a, .overflow = 0x80 },
[0x36] = { .rshift = 0x1b, .overflow = 0x00 },
[0x37] = { .rshift = 0x1b, .overflow = 0x80 },
[0x38] = { .rshift = 0x1c, .overflow = 0x00 },
[0x39] = { .rshift = 0x1c, .overflow = 0x80 },
[0x3a] = { .rshift = 0x1d, .overflow = 0x00 },
[0x3b] = { .rshift = 0x1d, .overflow = 0x80 },
[0x3c] = { .rshift = 0x1e, .overflow = 0x00 },
[0x3d] = { .rshift = 0x1e, .overflow = 0x80 },
[0x3e] = { .rshift = 0x1f, .overflow = 0x00 },
[0x3f] = { .rshift = 0x1f, .overflow = 0x80 },
[0x40] = { .rshift = 0x20, .overflow = 0x00 },
[0x41] = { .rshift = 0x20, .overflow = 0x80 },
[0x42] = { .rshift = 0x21, .overflow = 0x00 },
[0x43] = { .rshift = 0x21, .overflow = 0x80 },
[0x44] = { .rshift = 0x22, .overflow = 0x00 },
[0x45] = { .rshift = 0x22, .overflow = 0x80 },
[0x46] = { .rshift = 0x23, .overflow = 0x00 },
[0x47] = { .rshift = 0x23, .overflow = 0x80 },
[0x48] = { .rshift = 0x24, .overflow = 0x00 },
[0x49] = { .rshift = 0x24, .overflow = 0x80 },
[0x4a] = { .rshift = 0x25, .overflow = 0x00 },
[0x4b] = { .rshift = 0x25, .overflow = 0x80 },
[0x4c] = { .rshift = 0x26, .overflow = 0x00 },
[0x4d] = { .rshift = 0x26, .overflow = 0x80 },
[0x4e] = { .rshift = 0x27, .overflow = 0x00 },
[0x4f] = { .rshift = 0x27, .overflow = 0x80 },
[0x50] = { .rshift = 0x28, .overflow = 0x00 },
[0x51] = { .rshift = 0x28, .overflow = 0x80 },
[0x52] = { .rshift = 0x29, .overflow = 0x00 },
[0x53] = { .rshift = 0x29, .overflow = 0x80 },
[0x54] = { .rshift = 0x2a, .overflow = 0x00 },
[0x55] = { .rshift = 0x2a, .overflow = 0x80 },
[0x56] = { .rshift = 0x2b, .overflow = 0x00 },
[0x57] = { .rshift = 0x2b, .overflow = 0x80 },
[0x58] = { .rshift = 0x2c, .overflow = 0x00 },
[0x59] = { .rshift = 0x2c, .overflow = 0x80 },
[0x5a] = { .rshift = 0x2d, .overflow = 0x00 },
[0x5b] = { .rshift = 0x2d, .overflow = 0x80 },
[0x5c] = { .rshift = 0x2e, .overflow = 0x00 },
[0x5d] = { .rshift = 0x2e, .overflow = 0x80 },
[0x5e] = { .rshift = 0x2f, .overflow = 0x00 },
[0x5f] = { .rshift = 0x2f, .overflow = 0x80 },
[0x60] = { .rshift = 0x30, .overflow = 0x00 },
[0x61] = { .rshift = 0x30, .overflow = 0x80 },
[0x62] = { .rshift = 0x31, .overflow = 0x00 },
[0x63] = { .rshift = 0x31, .overflow = 0x80 },
[0x64] = { .rshift = 0x32, .overflow = 0x00 },
[0x65] = { .rshift = 0x32, .overflow = 0x80 },
[0x66] = { .rshift = 0x33, .overflow = 0x00 },
[0x67] = { .rshift = 0x33, .overflow = 0x80 },
[0x68] = { .rshift = 0x34, .overflow = 0x00 },
[0x69] = { .rshift = 0x34, .overflow = 0x80 },
[0x6a] = { .rshift = 0x35, .overflow = 0x00 },
[0x6b] = { .rshift = 0x35, .overflow = 0x80 },
[0x6c] = { .rshift = 0x36, .overflow = 0x00 },
[0x6d] = { .rshift = 0x36, .overflow = 0x80 },
[0x6e] = { .rshift = 0x37, .overflow = 0x00 },
[0x6f] = { .rshift = 0x37, .overflow = 0x80 },
[0x70] = { .rshift = 0x38, .overflow = 0x00 },
[0x71] = { .rshift = 0x38, .overflow = 0x80 },
[0x72] = { .rshift = 0x39, .overflow = 0x00 },
[0x73] = { .rshift = 0x39, .overflow = 0x80 },
[0x74] = { .rshift = 0x3a, .overflow = 0x00 },
[0x75] = { .rshift = 0x3a, .overflow = 0x80 },
[0x76] = { .rshift = 0x3b, .overflow = 0x00 },
[0x77] = { .rshift = 0x3b, .overflow = 0x80 },
[0x78] = { .rshift = 0x3c, .overflow = 0x00 },
[0x79] = { .rshift = 0x3c, .overflow = 0x80 },
[0x7a] = { .rshift = 0x3d, .overflow = 0x00 },
[0x7b] = { .rshift = 0x3d, .overflow = 0x80 },
[0x7c] = { .rshift = 0x3e, .overflow = 0x00 },
[0x7d] = { .rshift = 0x3e, .overflow = 0x80 },
[0x7e] = { .rshift = 0x3f, .overflow = 0x00 },
[0x7f] = { .rshift = 0x3f, .overflow = 0x80 },
[0x80] = { .rshift = 0x40, .overflow = 0x00 },
[0x81] = { .rshift = 0x40, .overflow = 0x80 },
[0x82] = { .rshift = 0x41, .overflow = 0x00 },
[0x83] = { .rshift = 0x41, .overflow = 0x80 },
[0x84] = { .rshift = 0x42, .overflow = 0x00 },
[0x85] = { .rshift = 0x42, .overflow = 0x80 },
[0x86] = { .rshift = 0x43, .overflow = 0x00 },
[0x87] = { .rshift = 0x43, .overflow = 0x80 },
[0x88] = { .rshift = 0x44, .overflow = 0x00 },
[0x89] = { .rshift = 0x44, .overflow = 0x80 },
[0x8a] = { .rshift = 0x45, .overflow = 0x00 },
[0x8b] = { .rshift = 0x45, .overflow = 0x80 },
[0x8c] = { .rshift = 0x46, .overflow = 0x00 },
[0x8d] = { .rshift = 0x46, .overflow = 0x80 },
[0x8e] = { .rshift = 0x47, .overflow = 0x00 },
[0x8f] = { .rshift = 0x47, .overflow = 0x80 },
[0x90] = { .rshift = 0x48, .overflow = 0x00 },
[0x91] = { .rshift = 0x48, .overflow = 0x80 },
[0x92] = { .rshift = 0x49, .overflow = 0x00 },
[0x93] = { .rshift = 0x49, .overflow = 0x80 },
[0x94] = { .rshift = 0x4a, .overflow = 0x00 },
[0x95] = { .rshift = 0x4a, .overflow = 0x80 },
[0x96] = { .rshift = 0x4b, .overflow = 0x00 },
[0x97] = { .rshift = 0x4b, .overflow = 0x80 },
[0x98] = { .rshift = 0x4c, .overflow = 0x00 },
[0x99] = { .rshift = 0x4c, .overflow = 0x80 },
[0x9a] = { .rshift = 0x4d, .overflow = 0x00 },
[0x9b] = { .rshift = 0x4d, .overflow = 0x80 },
[0x9c] = { .rshift = 0x4e, .overflow = 0x00 },
[0x9d] = { .rshift = 0x4e, .overflow = 0x80 },
[0x9e] = { .rshift = 0x4f, .overflow = 0x00 },
[0x9f] = { .rshift = 0x4f, .overflow = 0x80 },
[0xa0] = { .rshift = 0x50, .overflow = 0x00 },
[0xa1] = { .rshift = 0x50, .overflow = 0x80 },
[0xa2] = { .rshift = 0x51, .overflow = 0x00 },
[0xa3] = { .rshift = 0x51, .overflow = 0x80 },
[0xa4] = { .rshift = 0x52, .overflow = 0x00 },
[0xa5] = { .rshift = 0x52, .overflow = 0x80 },
[0xa6] = { .rshift = 0x53, .overflow = 0x00 },
[0xa7] = { .rshift = 0x53, .overflow = 0x80 },
[0xa8] = { .rshift = 0x54, .overflow = 0x00 },
[0xa9] = { .rshift = 0x54, .overflow = 0x80 },
[0xaa] = { .rshift = 0x55, .overflow = 0x00 },
[0xab] = { .rshift = 0x55, .overflow = 0x80 },
[0xac] = { .rshift = 0x56, .overflow = 0x00 },
[0xad] = { .rshift = 0x56, .overflow = 0x80 },
[0xae] = { .rshift = 0x57, .overflow = 0x00 },
[0xaf] = { .rshift = 0x57, .overflow = 0x80 },
[0xb0] = { .rshift = 0x58, .overflow = 0x00 },
[0xb1] = { .rshift = 0x58, .overflow = 0x80 },
[0xb2] = { .rshift = 0x59, .overflow = 0x00 },
[0xb3] = { .rshift = 0x59, .overflow = 0x80 },
[0xb4] = { .rshift = 0x5a, .overflow = 0x00 },
[0xb5] = { .rshift = 0x5a, .overflow = 0x80 },
[0xb6] = { .rshift = 0x5b, .overflow = 0x00 },
[0xb7] = { .rshift = 0x5b, .overflow = 0x80 },
[0xb8] = { .rshift = 0x5c, .overflow = 0x00 },
[0xb9] = { .rshift = 0x5c, .overflow = 0x80 },
[0xba] = { .rshift = 0x5d, .overflow = 0x00 },
[0xbb] = { .rshift = 0x5d, .overflow = 0x80 },
[0xbc] = { .rshift = 0x5e, .overflow = 0x00 },
[0xbd] = { .rshift = 0x5e, .overflow = 0x80 },
[0xbe] = { .rshift = 0x5f, .overflow = 0x00 },
[0xbf] = { .rshift = 0x5f, .overflow = 0x80 },
[0xc0] = { .rshift = 0x60, .overflow = 0x00 },
[0xc1] = { .rshift = 0x60, .overflow = 0x80 },
[0xc2] = { .rshift = 0x61, .overflow = 0x00 },
[0xc3] = { .rshift = 0x61, .overflow = 0x80 },
[0xc4] = { .rshift = 0x62, .overflow = 0x00 },
[0xc5] = { .rshift = 0x62, .overflow = 0x80 },
[0xc6] = { .rshift = 0x63, .overflow = 0x00 },
[0xc7] = { .rshift = 0x63, .overflow = 0x80 },
[0xc8] = { .rshift = 0x64, .overflow = 0x00 },
[0xc9] = { .rshift = 0x64, .overflow = 0x80 },
[0xca] = { .rshift = 0x65, .overflow = 0x00 },
[0xcb] = { .rshift = 0x65, .overflow = 0x80 },
[0xcc] = { .rshift = 0x66, .overflow = 0x00 },
[0xcd] = { .rshift = 0x66, .overflow = 0x80 },
[0xce] = { .rshift = 0x67, .overflow = 0x00 },
[0xcf] = { .rshift = 0x67, .overflow = 0x80 },
[0xd0] = { .rshift = 0x68, .overflow = 0x00 },
[0xd1] = { .rshift = 0x68, .overflow = 0x80 },
[0xd2] = { .rshift = 0x69, .overflow = 0x00 },
[0xd3] = { .rshift = 0x69, .overflow = 0x80 },
[0xd4] = { .rshift = 0x6a, .overflow = 0x00 },
[0xd5] = { .rshift = 0x6a, .overflow = 0x80 },
[0xd6] = { .rshift = 0x6b, .overflow = 0x00 },
[0xd7] = { .rshift = 0x6b, .overflow = 0x80 },
[0xd8] = { .rshift = 0x6c, .overflow = 0x00 },
[0xd9] = { .rshift = 0x6c, .overflow = 0x80 },
[0xda] = { .rshift = 0x6d, .overflow = 0x00 },
[0xdb] = { .rshift = 0x6d, .overflow = 0x80 },
[0xdc] = { .rshift = 0x6e, .overflow = 0x00 },
[0xdd] = { .rshift = 0x6e, .overflow = 0x80 },
[0xde] = { .rshift = 0x6f, .overflow = 0x00 },
[0xdf] = { .rshift = 0x6f, .overflow = 0x80 },
[0xe0] = { .rshift = 0x70, .overflow = 0x00 },
[0xe1] = { .rshift = 0x70, .overflow = 0x80 },
[0xe2] = { .rshift = 0x71, .overflow = 0x00 },
[0xe3] = { .rshift = 0x71, .overflow = 0x80 },
[0xe4] = { .rshift = 0x72, .overflow = 0x00 },
[0xe5] = { .rshift = 0x72, .overflow = 0x80 },
[0xe6] = { .rshift = 0x73, .overflow = 0x00 },
[0xe7] = { .rshift = 0x73, .overflow = 0x80 },
[0xe8] = { .rshift = 0x74, .overflow = 0x00 },
[0xe9] = { .rshift = 0x74, .overflow = 0x80 },
[0xea] = { .rshift = 0x75, .overflow = 0x00 },
[0xeb] = { .rshift = 0x75, .overflow = 0x80 },
[0xec] = { .rshift = 0x76, .overflow = 0x00 },
[0xed] = { .rshift = 0x76, .overflow = 0x80 },
[0xee] = { .rshift = 0x77, .overflow = 0x00 },
[0xef] = { .rshift = 0x77, .overflow = 0x80 },
[0xf0] = { .rshift = 0x78, .overflow = 0x00 },
[0xf1] = { .rshift = 0x78, .overflow = 0x80 },
[0xf2] = { .rshift = 0x79, .overflow = 0x00 },
[0xf3] = { .rshift = 0x79, .overflow = 0x80 },
[0xf4] = { .rshift = 0x7a, .overflow = 0x00 },
[0xf5] = { .rshift = 0x7a, .overflow = 0x80 },
[0xf6] = { .rshift = 0x7b, .overflow = 0x00 },
[0xf7] = { .rshift = 0x7b, .overflow = 0x80 },
[0xf8] = { .rshift = 0x7c, .overflow = 0x00 },
[0xf9] = { .rshift = 0x7c, .overflow = 0x80 },
[0xfa] = { .rshift = 0x7d, .overflow = 0x00 },
[0xfb] = { .rshift = 0x7d, .overflow = 0x80 },
[0xfc] = { .rshift = 0x7e, .overflow = 0x00 },
[0xfd] = { .rshift = 0x7e, .overflow = 0x80 },
[0xfe] = { .rshift = 0x7f, .overflow = 0x00 },
[0xff] = { .rshift = 0x7f, .overflow = 0x80 },
};
uint8_t i;
uint8_t overflow = 0;
for (i = 0; i < AES_BLOCK_SIZE; i++) {
const struct aes_block_rshift_entry *e = &aes_block_rshift_table[in[i]];
out[i] = e->rshift | overflow;
overflow = e->overflow;
}
}
#endif /* LIB_CRYPTO_AES_H */

121
lib/crypto/aes_cmac_128.c
View File

@ -1,121 +0,0 @@
/*
AES-CMAC-128 (rfc 4493)
Copyright (C) Stefan Metzmacher 2012
Copyright (C) Jeremy Allison 2012
Copyright (C) Michael Adam 2012
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "replace.h"
#include "lib/crypto/aes.h"
#include "lib/crypto/aes_cmac_128.h"
static const uint8_t const_Zero[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
static const uint8_t const_Rb[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87
};
#define _MSB(x) (((x)[0] & 0x80)?1:0)
void aes_cmac_128_init(struct aes_cmac_128_context *ctx,
const uint8_t K[AES_BLOCK_SIZE])
{
ZERO_STRUCTP(ctx);
AES_set_encrypt_key(K, 128, &ctx->aes_key);
/* step 1 - generate subkeys k1 and k2 */
AES_encrypt(const_Zero, ctx->L, &ctx->aes_key);
if (_MSB(ctx->L) == 0) {
aes_block_lshift(ctx->L, ctx->K1);
} else {
aes_block_lshift(ctx->L, ctx->tmp);
aes_block_xor(ctx->tmp, const_Rb, ctx->K1);
}
if (_MSB(ctx->K1) == 0) {
aes_block_lshift(ctx->K1, ctx->K2);
} else {
aes_block_lshift(ctx->K1, ctx->tmp);
aes_block_xor(ctx->tmp, const_Rb, ctx->K2);
}
}
void aes_cmac_128_update(struct aes_cmac_128_context *ctx,
const uint8_t *msg, size_t msg_len)
{
/*
* check if we expand the block
*/
if (ctx->last_len < AES_BLOCK_SIZE) {
size_t len = MIN(AES_BLOCK_SIZE - ctx->last_len, msg_len);
if (len > 0) {
memcpy(&ctx->last[ctx->last_len], msg, len);
msg += len;
msg_len -= len;
ctx->last_len += len;
}
}
if (msg_len == 0) {
/* if it is still the last block, we are done */
return;
}
/*
* now checksum everything but the last block
*/
aes_block_xor(ctx->X, ctx->last, ctx->Y);
AES_encrypt(ctx->Y, ctx->X, &ctx->aes_key);
while (msg_len > AES_BLOCK_SIZE) {
aes_block_xor(ctx->X, msg, ctx->Y);
AES_encrypt(ctx->Y, ctx->X, &ctx->aes_key);
msg += AES_BLOCK_SIZE;
msg_len -= AES_BLOCK_SIZE;
}
/*
* copy the last block, it will be processed in
* aes_cmac_128_final().
*/
ZERO_STRUCT(ctx->last);
memcpy(ctx->last, msg, msg_len);
ctx->last_len = msg_len;
}
void aes_cmac_128_final(struct aes_cmac_128_context *ctx,
uint8_t T[AES_BLOCK_SIZE])
{
if (ctx->last_len < AES_BLOCK_SIZE) {
ctx->last[ctx->last_len] = 0x80;
aes_block_xor(ctx->last, ctx->K2, ctx->tmp);
} else {
aes_block_xor(ctx->last, ctx->K1, ctx->tmp);
}
aes_block_xor(ctx->tmp, ctx->X, ctx->Y);
AES_encrypt(ctx->Y, T, &ctx->aes_key);
ZERO_STRUCTP(ctx);
}

47
lib/crypto/aes_cmac_128.h
View File

@ -1,47 +0,0 @@
/*
AES-CMAC-128 (rfc 4493)
Copyright (C) Stefan Metzmacher 2012
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef LIB_CRYPTO_AES_CMAC_128_H
#define LIB_CRYPTO_AES_CMAC_128_H
struct aes_cmac_128_context {
AES_KEY aes_key;
uint64_t __align;
uint8_t K1[AES_BLOCK_SIZE];
uint8_t K2[AES_BLOCK_SIZE];
uint8_t L[AES_BLOCK_SIZE];
uint8_t X[AES_BLOCK_SIZE];
uint8_t Y[AES_BLOCK_SIZE];
uint8_t tmp[AES_BLOCK_SIZE];
uint8_t last[AES_BLOCK_SIZE];
size_t last_len;
};
void aes_cmac_128_init(struct aes_cmac_128_context *ctx,
const uint8_t K[AES_BLOCK_SIZE]);
void aes_cmac_128_update(struct aes_cmac_128_context *ctx,
const uint8_t *_msg, size_t _msg_len);
void aes_cmac_128_final(struct aes_cmac_128_context *ctx,
uint8_t T[AES_BLOCK_SIZE]);
#endif /* LIB_CRYPTO_AES_CMAC_128_H */

119
lib/crypto/aes_cmac_128_test.c
View File

@ -1,119 +0,0 @@
/*
AES-CMAC-128 tests
Copyright (C) Stefan Metzmacher 2012
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "replace.h"
#include "../lib/util/samba_util.h"
#include "lib/crypto/aes.h"
#include "lib/crypto/aes_cmac_128.h"
struct torture_context;
bool torture_local_crypto_aes_cmac_128(struct torture_context *torture);
/*
This uses the test values from rfc 4493
*/
bool torture_local_crypto_aes_cmac_128(struct torture_context *torture)
{
bool ret = true;
uint32_t i;
DATA_BLOB key;
struct {
DATA_BLOB data;
DATA_BLOB cmac;
} testarray[5];
TALLOC_CTX *tctx = talloc_new(torture);
if (!tctx) { return false; };
key = strhex_to_data_blob(tctx, "2b7e151628aed2a6abf7158809cf4f3c");
testarray[0].data = data_blob_null;
testarray[0].cmac = strhex_to_data_blob(tctx,
"bb1d6929e95937287fa37d129b756746");
testarray[1].data = strhex_to_data_blob(tctx,
"6bc1bee22e409f96e93d7e117393172a");
testarray[1].cmac = strhex_to_data_blob(tctx,
"070a16b46b4d4144f79bdd9dd04a287c");
testarray[2].data = strhex_to_data_blob(tctx,
"6bc1bee22e409f96e93d7e117393172a"
"ae2d8a571e03ac9c9eb76fac45af8e51"
"30c81c46a35ce411");
testarray[2].cmac = strhex_to_data_blob(tctx,
"dfa66747de9ae63030ca32611497c827");
testarray[3].data = strhex_to_data_blob(tctx,
"6bc1bee22e409f96e93d7e117393172a"
"ae2d8a571e03ac9c9eb76fac45af8e51"
"30c81c46a35ce411e5fbc1191a0a52ef"
"f69f2445df4f9b17ad2b417be66c3710");
testarray[3].cmac = strhex_to_data_blob(tctx,
"51f0bebf7e3b9d92fc49741779363cfe");
ZERO_STRUCT(testarray[4]);
for (i=0; testarray[i].cmac.length != 0; i++) {
struct aes_cmac_128_context ctx;
uint8_t cmac[AES_BLOCK_SIZE];
int e;
aes_cmac_128_init(&ctx, key.data);
aes_cmac_128_update(&ctx,
testarray[i].data.data,
testarray[i].data.length);
aes_cmac_128_final(&ctx, cmac);
e = memcmp(testarray[i].cmac.data, cmac, sizeof(cmac));
if (e != 0) {
printf("aes_cmac_128 test[%u]: failed\n", i);
dump_data(0, key.data, key.length);
dump_data(0, testarray[i].data.data, testarray[i].data.length);
dump_data(0, testarray[i].cmac.data, testarray[i].cmac.length);
dump_data(0, cmac, sizeof(cmac));
ret = false;
}
}
for (i=0; testarray[i].cmac.length != 0; i++) {
struct aes_cmac_128_context ctx;
uint8_t cmac[AES_BLOCK_SIZE];
int e;
size_t j;
aes_cmac_128_init(&ctx, key.data);
for (j=0; j < testarray[i].data.length; j++) {
aes_cmac_128_update(&ctx, NULL, 0);
aes_cmac_128_update(&ctx,
&testarray[i].data.data[j],
1);
aes_cmac_128_update(&ctx, NULL, 0);
}
aes_cmac_128_final(&ctx, cmac);
e = memcmp(testarray[i].cmac.data, cmac, sizeof(cmac));
if (e != 0) {
printf("aes_cmac_128 chunked test[%u]: failed\n", i);
dump_data(0, key.data, key.length);
dump_data(0, testarray[i].data.data, testarray[i].data.length);
dump_data(0, testarray[i].cmac.data, testarray[i].cmac.length);
dump_data(0, cmac, sizeof(cmac));
ret = false;
}
}
talloc_free(tctx);
return ret;
}

67
lib/crypto/aes_test.h
View File

@ -1,67 +0,0 @@
#ifndef LIB_CRYPTO_AES_TEST_H
#define LIB_CRYPTO_AES_TEST_H
struct aes_mode_testvector {
DATA_BLOB K;
DATA_BLOB N;
DATA_BLOB A;
DATA_BLOB P;
DATA_BLOB C;
DATA_BLOB T;
const char *mode;
bool aes_cmac_128;
bool aes_ccm_128;
bool aes_gcm_128;
const char *location;
};
#define AES_MODE_TESTVECTOR(_mode, _k, _n, _a, _p, _c, _t) \
{ \
.K = strhex_to_data_blob(tctx, _k), \
.N = strhex_to_data_blob(tctx, _n), \
.A = strhex_to_data_blob(tctx, _a), \
.P = strhex_to_data_blob(tctx, _p), \
.C = strhex_to_data_blob(tctx, _c), \
.T = strhex_to_data_blob(tctx, _t), \
._mode = true, \
.mode = #_mode, \
.location = __location__, \
}
#define aes_mode_testvector_debug(tv, P, C, T) \
_aes_mode_testvector_debug(tv, P, C, T, __location__)
static inline void _aes_mode_testvector_debug(const struct aes_mode_testvector *tv,
const DATA_BLOB *P,
const DATA_BLOB *C,
const DATA_BLOB *T,
const char *location)
{
printf("location: %s\n", location);
printf("TEST: %s\n", tv->location);
printf("MODE: %s\n", tv->mode);
printf("K\n");
dump_data(0, tv->K.data, tv->K.length);
printf("N\n");
dump_data(0, tv->N.data, tv->N.length);
printf("A\n");
dump_data(0, tv->A.data, tv->A.length);
printf("P\n");
dump_data(0, tv->P.data, tv->P.length);
if (P) {
printf("PV\n");
dump_data(0, P->data, P->length);
}
printf("C\n");
dump_data(0, tv->C.data, tv->C.length);
if (C) {
printf("CV\n");
dump_data(0, C->data, C->length);
}
printf("T\n");
dump_data(0, tv->T.data, tv->T.length);
if (T) {
printf("TV\n");
dump_data(0, T->data, T->length);
}
}
#endif /* LIB_CRYPTO_AES_TEST_H */

66
lib/crypto/aesni.h
View File

@ -1,66 +0,0 @@
/*
* Copyright (C) 2008, Intel Corp.
* Author: Huang Ying <ying.huang@intel.com>
* Vinodh Gopal <vinodh.gopal@intel.com>
* Kahraman Akdemir
*
* Ported x86_64 version to x86:
* Author: Mathias Krause <minipli@googlemail.com>
*
* Modified for use in Samba by Justin Maggard <jmaggard@netgear.com>
* and Jeremy Allison <jra@samba.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*/
#ifndef LIB_CRYPTO_AESNI_H
#define LIB_CRYPTO_AESNI_H 1
#if defined(HAVE_AESNI_INTEL)
#define AES_MAX_KEYLENGTH (15 * 16)
#define AES_MAX_KEYLENGTH_U32 (AES_MAX_KEYLENGTH / sizeof(uint32_t))
/*
* Please ensure that the first two fields are 16-byte aligned
* relative to the start of the structure, i.e., don't move them!
*/
struct crypto_aes_ctx {
uint32_t key_enc[AES_MAX_KEYLENGTH_U32];
uint32_t key_dec[AES_MAX_KEYLENGTH_U32];
uint32_t key_length;
};
struct crypto_aesni_ctx {
uint8_t _acc_ctx[sizeof(struct crypto_aes_ctx) + 16];
struct crypto_aes_ctx *acc_ctx;
};
/*
* These next 4 functions are actually implemented
* in the assembly language file:
* third_party/aesni-intel/aesni-intel_asm.c
*/
int aesni_set_key(struct crypto_aes_ctx *ctx,
const uint8_t *in_key,
unsigned int key_len);
void aesni_enc(struct crypto_aes_ctx *ctx, uint8_t *dst, const uint8_t *src);
void aesni_dec(struct crypto_aes_ctx *ctx, uint8_t *dst, const uint8_t *src);
#else /* #if defined(HAVE_AESNI_INTEL) */
/*
* We need a dummy definition of struct crypto_aesni_ctx to allow compiles.
*/
struct crypto_aesni_ctx {
int dummy;
};
#endif /* #if defined(HAVE_AESNI_INTEL) */
#endif /* LIB_CRYPTO_AESNI_H */

1
lib/crypto/crypto.h
View File

@ -22,6 +22,5 @@
#include "../lib/crypto/md4.h"
#include "../lib/crypto/aes.h"
#include "../lib/crypto/aes_cmac_128.h"
#endif /* _SAMBA_CRYPTO_H_ */

1223
lib/crypto/rijndael-alg-fst.c
View File

File diff suppressed because it is too large Load Diff

21
lib/crypto/wscript
View File

@ -19,38 +19,19 @@ def build(bld):
''',
deps="gnutls samba-errors")
bld.SAMBA_SUBSYSTEM("LIBCRYPTO_AES",
source='aes.c rijndael-alg-fst.c',
deps='talloc',
enabled=not bld.CONFIG_SET('HAVE_GNUTLS_AES_CMAC'))
bld.SAMBA_SUBSYSTEM('LIBCRYPTO_AES_CMAC',
source='aes_cmac_128.c',
deps='talloc',
enabled=not bld.CONFIG_SET('HAVE_GNUTLS_AES_CMAC'))
bld.SAMBA_SUBSYSTEM('LIBCRYPTO',
source='''
md4.c
''',
deps='''
talloc
LIBCRYPTO_AES
LIBCRYPTO_AES_CMAC
''' + extra_deps)
bld.SAMBA_SUBSYSTEM('TORTURE_LIBCRYPTO_AES_CMAC',
source='aes_cmac_128_test.c',
autoproto='aes_cmac_test_proto.h',
deps='talloc',
enabled=not bld.CONFIG_SET('HAVE_GNUTLS_AES_CMAC'))
''')
bld.SAMBA_SUBSYSTEM('TORTURE_LIBCRYPTO',
source='md4test.c',
autoproto='test_proto.h',
deps='''
LIBCRYPTO
TORTURE_LIBCRYPTO_AES_CMAC
''')
bld.SAMBA_PYTHON('python_crypto',

30
libcli/smb/smb2_signing.c
View File

@ -27,11 +27,6 @@
#include "../lib/crypto/crypto.h"
#include "lib/util/iov_buf.h"
#ifndef HAVE_GNUTLS_AES_CMAC
#include "lib/crypto/aes.h"
#include "lib/crypto/aes_cmac_128.h"
#endif
#include "lib/crypto/gnutls_helpers.h"
void smb2_signing_derivations_fill_const_stack(struct smb2_signing_derivations *ds,
@ -514,33 +509,8 @@ static NTSTATUS smb2_signing_calc_signature(struct smb2_signing_key *signing_key
} break;
case SMB2_SIGNING_AES128_CMAC:
#ifdef HAVE_GNUTLS_AES_CMAC
hmac_algo = GNUTLS_MAC_AES_CMAC_128;
break;
#else /* NOT HAVE_GNUTLS_AES_CMAC */
{
struct aes_cmac_128_context ctx;
uint8_t key[AES_BLOCK_SIZE] = {0};
memcpy(key,
signing_key->blob.data,
MIN(signing_key->blob.length, 16));
aes_cmac_128_init(&ctx, key);
aes_cmac_128_update(&ctx, hdr, SMB2_HDR_SIGNATURE);
aes_cmac_128_update(&ctx, zero_sig, 16);
for (i=1; i < count; i++) {
aes_cmac_128_update(&ctx,
(const uint8_t *)vector[i].iov_base,
vector[i].iov_len);
}
aes_cmac_128_final(&ctx, signature);
ZERO_ARRAY(key);
return NT_STATUS_OK;
} break;
#endif
case SMB2_SIGNING_HMAC_SHA256:
hmac_algo = GNUTLS_MAC_SHA256;
break;

7
source4/torture/local/local.c
View File

@ -23,9 +23,6 @@
#include "torture/ndr/proto.h"
#include "torture/auth/proto.h"
#include "../lib/crypto/test_proto.h"
#ifndef HAVE_GNUTLS_AES_CMAC
#include "../lib/crypto/aes_cmac_test_proto.h"
#endif
#include "lib/registry/tests/proto.h"
#include "lib/replace/replace-testsuite.h"
@ -93,10 +90,6 @@ NTSTATUS torture_local_init(TALLOC_CTX *ctx)
torture_suite_add_simple_test(suite,
"crypto.md4", torture_local_crypto_md4);
#ifndef HAVE_GNUTLS_AES_CMAC
torture_suite_add_simple_test(suite, "crypto.aes_cmac_128",
torture_local_crypto_aes_cmac_128);
#endif
for (i = 0; suite_generators[i]; i++)
torture_suite_add_suite(suite,

4
wscript_configure_system_gnutls
View File

@ -64,7 +64,3 @@ conf.CHECK_CODE(fragment,
msg='Checking for gnutls fips mode support')
del os.environ['GNUTLS_FORCE_FIPS_MODE']
if conf.CHECK_VALUEOF('GNUTLS_MAC_AES_CMAC_128', headers='gnutls/gnutls.h', lib='gnutls'):
conf.DEFINE('HAVE_GNUTLS_AES_CMAC', 1)
else:
Logs.warn('No gnutls support for AES CMAC')