iPXE
|
AES algorithm. More...
#include <stdint.h>
#include <string.h>
#include <errno.h>
#include <assert.h>
#include <byteswap.h>
#include <ipxe/rotate.h>
#include <ipxe/crypto.h>
#include <ipxe/ecb.h>
#include <ipxe/cbc.h>
#include <ipxe/gcm.h>
#include <ipxe/aes.h>
Go to the source code of this file.
Data Structures | |
union | aes_table_entry |
A single AES lookup table entry. More... | |
struct | aes_table |
An AES lookup table. More... | |
Enumerations | |
enum | aes_stride { AES_STRIDE_SHIFTROWS = +5, AES_STRIDE_INVSHIFTROWS = -3 } |
AES strides. More... | |
Functions | |
FILE_LICENCE (GPL2_OR_LATER_OR_UBDL) | |
static uint32_t | aes_entry_column (const union aes_table_entry *entry, unsigned int column) |
Multiply [Inv]MixColumns matrix column by scalar multiplicand. More... | |
static uint32_t | aes_column (const struct aes_table *table, size_t stride, const union aes_matrix *in, size_t offset) |
Multiply [Inv]MixColumns matrix column by S-boxed input byte. More... | |
static uint32_t | aes_output (const struct aes_table *table, size_t stride, const union aes_matrix *in, const union aes_matrix *key, unsigned int column) |
Calculate intermediate round output column. More... | |
static void | aes_round (const struct aes_table *table, size_t stride, const union aes_matrix *in, union aes_matrix *out, const union aes_matrix *key) |
Perform a single intermediate round. More... | |
static void | aes_encrypt_rounds (union aes_matrix *in, union aes_matrix *out, const union aes_matrix *key, unsigned int rounds) |
Perform encryption intermediate rounds. More... | |
static void | aes_decrypt_rounds (union aes_matrix *in, union aes_matrix *out, const union aes_matrix *key, unsigned int rounds) |
Perform decryption intermediate rounds. More... | |
static void | aes_addroundkey (union aes_matrix *state, const union aes_matrix *key) |
Perform standalone AddRoundKey. More... | |
static void | aes_final (const struct aes_table *table, size_t stride, const union aes_matrix *in, union aes_matrix *out, const union aes_matrix *key) |
Perform final round. More... | |
static void | aes_encrypt (void *ctx, const void *src, void *dst, size_t len) |
Encrypt data. More... | |
static void | aes_decrypt (void *ctx, const void *src, void *dst, size_t len) |
Decrypt data. More... | |
static unsigned int | aes_double (unsigned int poly) |
Multiply a polynomial by (x) modulo (x^8 + x^4 + x^3 + x^2 + 1) in GF(2^8) More... | |
static void | aes_mixcolumns_entry (union aes_table_entry *entry) |
Fill in MixColumns lookup table entry. More... | |
static void | aes_invmixcolumns_entry (union aes_table_entry *entry) |
Fill in InvMixColumns lookup table entry. More... | |
static void | aes_generate (void) |
Generate AES lookup tables. More... | |
static uint32_t | aes_key_rotate (uint32_t column) |
Rotate key column. More... | |
static uint32_t | aes_key_sbox (uint32_t column) |
Apply S-box to key column. More... | |
static uint32_t | aes_key_rcon (uint32_t column, unsigned int rcon) |
Apply schedule round constant to key column. More... | |
static int | aes_setkey (void *ctx, const void *key, size_t keylen) |
Set key. More... | |
ECB_CIPHER (aes_ecb, aes_ecb_algorithm, aes_algorithm, struct aes_context, AES_BLOCKSIZE) | |
CBC_CIPHER (aes_cbc, aes_cbc_algorithm, aes_algorithm, struct aes_context, AES_BLOCKSIZE) | |
GCM_CIPHER (aes_gcm, aes_gcm_algorithm, aes_algorithm, struct aes_context, AES_BLOCKSIZE) | |
Variables | |
static struct aes_table | aes_mixcolumns |
AES MixColumns lookup table. More... | |
static struct aes_table | aes_invmixcolumns |
AES InvMixColumns lookup table. More... | |
struct cipher_algorithm | aes_algorithm |
Basic AES algorithm. More... | |
AES algorithm.
Definition in file aes.c.
enum aes_stride |
AES strides.
These are the strides (modulo 16) used to walk through the AES input state bytes in order of byte position after [Inv]ShiftRows.
Definition at line 49 of file aes.c.
FILE_LICENCE | ( | GPL2_OR_LATER_OR_UBDL | ) |
|
inlinestatic |
Multiply [Inv]MixColumns matrix column by scalar multiplicand.
entry | AES lookup table entry for scalar multiplicand |
column | [Inv]MixColumns matrix column index |
product | Product of matrix column with scalar multiplicand |
Definition at line 159 of file aes.c.
References __attribute__, aes_table_entry::byte, container_of, product, and typeof().
Referenced by aes_column().
|
inlinestatic |
Multiply [Inv]MixColumns matrix column by S-boxed input byte.
table | AES lookup table |
stride | AES row shift stride |
in | AES input state |
offset | Output byte offset (after [Inv]ShiftRows) |
product | Product of matrix column with S(input byte) |
Note that the specified offset is not the offset of the input byte; it is the offset of the output byte which corresponds to the input byte. This output byte offset is used to calculate both the input byte offset and to select the appropriate matric column.
With a compile-time constant offset, this function will optimise down to a single "movzbl" (to extract the input byte) and will generate a single x86 memory reference expression which can then be used directly within a single "xorl" instruction.
Definition at line 193 of file aes.c.
References aes_entry_column(), aes_table::entry, in, and offset.
Referenced by aes_output().
|
inlinestatic |
Calculate intermediate round output column.
table | AES lookup table |
stride | AES row shift stride |
in | AES input state |
key | AES round key |
column | Column index |
output | Output column value |
Definition at line 225 of file aes.c.
References aes_column(), in, key, and offset.
Referenced by aes_round().
|
inlinestatic |
Perform a single intermediate round.
table | AES lookup table |
stride | AES row shift stride |
in | AES input state |
out | AES output state |
key | AES round key |
Definition at line 251 of file aes.c.
References aes_output(), in, key, and out.
Referenced by aes_decrypt_rounds(), and aes_encrypt_rounds().
|
static |
Perform encryption intermediate rounds.
in | AES input state |
out | AES output state |
key | Round keys |
rounds | Number of rounds (must be odd) |
This function is deliberately marked as non-inlinable to ensure maximal availability of registers for GCC's register allocator, which has a tendency to otherwise spill performance-critical registers to the stack.
Definition at line 279 of file aes.c.
References aes_mixcolumns, aes_round(), AES_STRIDE_SHIFTROWS, in, key, out, and tmp.
Referenced by aes_encrypt().
|
static |
Perform decryption intermediate rounds.
in | AES input state |
out | AES output state |
key | Round keys |
rounds | Number of rounds (must be odd) |
As with aes_encrypt_rounds(), this function is deliberately marked as non-inlinable.
This function could potentially use the same binary code as is used for encryption. To compensate for the difference between ShiftRows and InvShiftRows, half of the input byte offsets would have to be modifiable at runtime (half by an offset of +4/-4, half by an offset of -4/+4 for ShiftRows/InvShiftRows). This can be accomplished in x86 assembly within the number of available registers, but GCC's register allocator struggles to do so, resulting in a significant performance decrease due to registers being spilled to the stack. We therefore use two separate but very similar binary functions based on the same C source.
Definition at line 320 of file aes.c.
References aes_invmixcolumns, aes_round(), AES_STRIDE_INVSHIFTROWS, in, key, out, and tmp.
Referenced by aes_decrypt(), and aes_setkey().
|
inlinestatic |
Perform standalone AddRoundKey.
state | AES state |
key | AES round key |
Definition at line 345 of file aes.c.
Referenced by aes_decrypt(), aes_encrypt(), and aes_final().
|
static |
Perform final round.
table | AES lookup table |
stride | AES row shift stride |
in | AES input state |
out | AES output state |
key | AES round key |
Definition at line 362 of file aes.c.
References aes_addroundkey(), aes_table_entry::byte, aes_table::entry, in, key, and out.
Referenced by aes_decrypt(), aes_encrypt(), and aes_setkey().
|
static |
Encrypt data.
ctx | Context |
src | Data to encrypt |
dst | Buffer for encrypted data |
len | Length of data |
Definition at line 398 of file aes.c.
References aes_addroundkey(), aes_encrypt_rounds(), aes_final(), aes_mixcolumns, AES_STRIDE_SHIFTROWS, assert(), buffer, ctx, aes_context::encrypt, in, aes_round_keys::key, len, memcpy(), out, aes_context::rounds, and src.
|
static |
Decrypt data.
ctx | Context |
src | Data to decrypt |
dst | Buffer for decrypted data |
len | Length of data |
Definition at line 434 of file aes.c.
References aes_addroundkey(), aes_decrypt_rounds(), aes_final(), aes_invmixcolumns, AES_STRIDE_INVSHIFTROWS, assert(), buffer, ctx, aes_context::decrypt, in, aes_round_keys::key, len, memcpy(), out, aes_context::rounds, and src.
|
static |
Multiply a polynomial by (x) modulo (x^8 + x^4 + x^3 + x^2 + 1) in GF(2^8)
poly | Polynomial to be multiplied |
result | Result |
Definition at line 468 of file aes.c.
Referenced by aes_generate(), aes_invmixcolumns_entry(), aes_mixcolumns_entry(), and aes_setkey().
|
static |
Fill in MixColumns lookup table entry.
entry | AES lookup table entry for scalar multiplicand |
The MixColumns lookup table vector multiplier is {1,1,1,3,2,1,1,3}.
Definition at line 493 of file aes.c.
References aes_double(), and aes_table_entry::byte.
Referenced by aes_generate().
|
static |
Fill in InvMixColumns lookup table entry.
entry | AES lookup table entry for scalar multiplicand |
The InvMixColumns lookup table vector multiplier is {1,9,13,11,14,9,13,11}.
Definition at line 522 of file aes.c.
References aes_double(), and aes_table_entry::byte.
Referenced by aes_generate().
|
static |
Generate AES lookup tables.
Definition at line 572 of file aes.c.
References aes_double(), aes_invmixcolumns, aes_invmixcolumns_entry(), aes_mixcolumns, aes_mixcolumns_entry(), aes_table_entry::byte, and aes_table::entry.
Referenced by aes_setkey().
Rotate key column.
column | Key column |
column | Updated key column |
Definition at line 634 of file aes.c.
References __BYTE_ORDER, __LITTLE_ENDIAN, rol32(), and ror32().
Referenced by aes_setkey().
Apply S-box to key column.
column | Key column |
column | Updated key column |
Definition at line 646 of file aes.c.
References aes_mixcolumns, aes_table_entry::byte, aes_table::entry, and rol32().
Referenced by aes_setkey().
Apply schedule round constant to key column.
column | Key column |
rcon | Round constant |
column | Updated key column |
Definition at line 667 of file aes.c.
References __BYTE_ORDER, and __LITTLE_ENDIAN.
Referenced by aes_setkey().
|
static |
Set key.
ctx | Context |
key | Key |
keylen | Key length |
rc | Return status code |
Definition at line 681 of file aes.c.
References aes_decrypt_rounds(), aes_double(), aes_final(), aes_generate(), aes_key_rcon(), aes_key_rotate(), aes_key_sbox(), aes_mixcolumns, AES_STRIDE_SHIFTROWS, aes_table_entry::byte, aes_matrix::column, ctx, DBGC, DBGC2, DBGC2_HDA, aes_context::decrypt, EINVAL, aes_context::encrypt, end, aes_table::entry, aes_round_keys::key, key, memcpy(), memset(), next, offset, aes_context::rounds, and tmp.
ECB_CIPHER | ( | aes_ecb | , |
aes_ecb_algorithm | , | ||
aes_algorithm | , | ||
struct aes_context | , | ||
AES_BLOCKSIZE | |||
) |
CBC_CIPHER | ( | aes_cbc | , |
aes_cbc_algorithm | , | ||
aes_algorithm | , | ||
struct aes_context | , | ||
AES_BLOCKSIZE | |||
) |
GCM_CIPHER | ( | aes_gcm | , |
aes_gcm_algorithm | , | ||
aes_algorithm | , | ||
struct aes_context | , | ||
AES_BLOCKSIZE | |||
) |
|
static |
AES MixColumns lookup table.
Definition at line 146 of file aes.c.
Referenced by aes_encrypt(), aes_encrypt_rounds(), aes_generate(), aes_key_sbox(), and aes_setkey().
|
static |
AES InvMixColumns lookup table.
Definition at line 149 of file aes.c.
Referenced by aes_decrypt(), aes_decrypt_rounds(), and aes_generate().
struct cipher_algorithm aes_algorithm |
Basic AES algorithm.
Definition at line 783 of file aes.c.
Referenced by aes_unwrap(), aes_wrap(), ccmp_cbc_mac(), ccmp_ctr_xor(), ccmp_feed_cbc_mac(), and ccmp_init().