You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by GitBox <gi...@apache.org> on 2022/08/25 08:02:11 UTC
[GitHub] [incubator-nuttx] pkarashchenko commented on a diff in pull request #6920: support /dev/crypto for nuttx
pkarashchenko commented on code in PR #6920:
URL: https://github.com/apache/incubator-nuttx/pull/6920#discussion_r954635239
##########
crypto/aes.c:
##########
@@ -1,842 +1,1085 @@
/****************************************************************************
* crypto/aes.c
+ * $OpenBSD: aes.c,v 1.2 2020/07/22 13:54:30 tobhe Exp $
*
- * Copyright (C) 2011 Texas Instruments Incorporated - http://www.ti.com/
- * Extracted from the CC3000 Host Driver Implementation.
+ * Copyright (c) 2016 Thomas Pornin <po...@bolet.org>
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Modified for OpenBSD by Thomas Pornin and Mike Belopuhov.
*
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
*
- * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the
- * distribution.
- *
- * Neither the name of Texas Instruments Incorporated nor the names of
- * its contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
*
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
-#include <nuttx/config.h>
-
+#include <sys/types.h>
#include <stdint.h>
-#include <errno.h>
-
-#include <nuttx/crypto/aes.h>
+#include <string.h>
+#include <crypto/aes.h>
/****************************************************************************
- * Private Data
+ * Public Functions
****************************************************************************/
-/* Forward sbox */
-
-static const uint8_t g_sbox[256] =
+static inline void enc32le(void *dst, uint32_t x)
Review Comment:
```suggestion
static inline void enc32le(FAR void *dst, uint32_t x)
```
##########
crypto/aes.c:
##########
@@ -1,842 +1,1085 @@
/****************************************************************************
* crypto/aes.c
+ * $OpenBSD: aes.c,v 1.2 2020/07/22 13:54:30 tobhe Exp $
*
- * Copyright (C) 2011 Texas Instruments Incorporated - http://www.ti.com/
- * Extracted from the CC3000 Host Driver Implementation.
+ * Copyright (c) 2016 Thomas Pornin <po...@bolet.org>
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Modified for OpenBSD by Thomas Pornin and Mike Belopuhov.
*
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
*
- * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the
- * distribution.
- *
- * Neither the name of Texas Instruments Incorporated nor the names of
- * its contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
*
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
-#include <nuttx/config.h>
-
+#include <sys/types.h>
#include <stdint.h>
-#include <errno.h>
-
-#include <nuttx/crypto/aes.h>
+#include <string.h>
+#include <crypto/aes.h>
/****************************************************************************
- * Private Data
+ * Public Functions
****************************************************************************/
-/* Forward sbox */
-
-static const uint8_t g_sbox[256] =
+static inline void enc32le(void *dst, uint32_t x)
{
- /* 0 1 2 3 4 5 6 7 8 9
- * A B C D E F
- */
+ unsigned char *buf = dst;
- 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01,
- 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, /* 0 */
- 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4,
- 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, /* 1 */
- 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5,
- 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, /* 2 */
- 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12,
- 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, /* 3 */
- 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b,
- 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, /* 4 */
- 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb,
- 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, /* 5 */
- 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9,
- 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, /* 6 */
- 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6,
- 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, /* 7 */
- 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7,
- 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, /* 8 */
- 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee,
- 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, /* 9 */
- 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3,
- 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, /* A */
- 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56,
- 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, /* B */
- 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd,
- 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, /* C */
- 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35,
- 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, /* D */
- 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e,
- 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, /* E */
- 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99,
- 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 /* F */
-};
-
-/* Inverse sbox */
-
-static const uint8_t g_rsbox[256] =
-{
- 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40,
- 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
- 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e,
- 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
- 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c,
- 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
- 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b,
- 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
- 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4,
- 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
- 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15,
- 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
- 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4,
- 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
- 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf,
- 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
- 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2,
- 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
- 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9,
- 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
- 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7,
- 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
- 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb,
- 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
- 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12,
- 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
- 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5,
- 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
- 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb,
- 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
- 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69,
- 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
-};
-
-/* Round constant */
+ buf[0] = (unsigned char)x;
+ buf[1] = (unsigned char)(x >> 8);
+ buf[2] = (unsigned char)(x >> 16);
+ buf[3] = (unsigned char)(x >> 24);
+}
-static const uint8_t g_rcon[11] =
+static inline uint32_t dec32le(const void *src)
{
- 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36
-};
+ const unsigned char *buf = src;
-static struct aes_state_s g_aes_state;
-
-/****************************************************************************
- * Private Functions
- ****************************************************************************/
+ return (uint32_t)buf[0]
+ | ((uint32_t)buf[1] << 8)
+ | ((uint32_t)buf[2] << 16)
+ | ((uint32_t)buf[3] << 24);
+}
-/****************************************************************************
- * Name: expand_key
+/* This constant-time implementation is "bitsliced": the 128-bit state is
+ * split over eight 32-bit words q* in the following way:
*
- * Description:
- * Expend a 16 bytes key for AES128 implementation
+ * -- Input block consists in 16 bytes:
+ * a00 a10 a20 a30 a01 a11 a21 a31 a02 a12 a22 a32 a03 a13 a23 a33
+ * In the terminology of FIPS 197, this is a 4x4 matrix which is read
+ * column by column.
*
- * Input Parameters:
- * key AES128 key - 16 bytes
- * expanded_key expanded AES128 key
+ * -- Each byte is split into eight bits which are distributed over the
+ * eight words, at the same rank. Thus, for a byte x at rank k, bit 0
+ * (least significant) of x will be at rank k in q0 (if that bit is b,
+ * then it contributes "b << k" to the value of q0), bit 1 of x will be
+ * at rank k in q1, and so on.
*
- * Returned Value:
- * None
+ * -- Ranks given to bits are in "row order" and are either all even, or
+ * all odd. Two independent AES states are thus interleaved, one using
+ * the even ranks, the other the odd ranks. Row order means:
+ * a00 a01 a02 a03 a10 a11 a12 a13 a20 a21 a22 a23 a30 a31 a32 a33
*
- ****************************************************************************/
-
-static void expand_key(FAR uint8_t *expanded_key, FAR const uint8_t *key)
-{
- uint16_t buf1;
- uint16_t ii;
-
- for (ii = 0; ii < 16; ii++)
- {
- expanded_key[ii] = key[ii];
- }
-
- for (ii = 1; ii < 11; ii++)
- {
- buf1 = expanded_key[ii * 16 - 4];
- expanded_key[ii * 16 + 0] = g_sbox[expanded_key[ii *16 - 3]] ^
- expanded_key[(ii - 1) * 16 + 0] ^ g_rcon[ii];
-
- expanded_key[ii * 16 + 1] = g_sbox[expanded_key[ii *16 - 2]] ^
- expanded_key[(ii - 1) * 16 + 1];
-
- expanded_key[ii * 16 + 2] = g_sbox[expanded_key[ii *16 - 1]] ^
- expanded_key[(ii - 1) * 16 + 2];
-
- expanded_key[ii * 16 + 3] = g_sbox[buf1] ^
- expanded_key[(ii - 1) * 16 + 3];
+ * Converting input bytes from two AES blocks to bitslice representation
+ * is done in the following way:
+ * -- Decode first block into the four words q0 q2 q4 q6, in that order,
+ * using little-endian convention.
+ * -- Decode second block into the four words q1 q3 q5 q7, in that order,
+ * using little-endian convention.
+ * -- Call aes_ct_ortho().
+ *
+ * Converting back to bytes is done by using the reverse operations. Note
+ * that aes_ct_ortho() is its own inverse.
+ */
- expanded_key[ii * 16 + 4] = expanded_key[(ii - 1) * 16 + 4] ^
- expanded_key[ii * 16 + 0];
+/* The AES S-box, as a bitsliced constant-time version. The input array
+ * consists in eight 32-bit words; 32 S-box instances are computed in
+ * parallel. Bits 0 to 7 of each S-box input (bit 0 is least significant)
+ * are spread over the words 0 to 7, at the same rank.
+ */
- expanded_key[ii * 16 + 5] = expanded_key[(ii - 1) * 16 + 5] ^
- expanded_key[ii * 16 + 1];
+static void aes_ct_bitslice_sbox(uint32_t *q)
+{
+ /* This S-box implementation is a straightforward translation of
+ * the circuit described by Boyar and Peralta in "A new
+ * combinational logic minimization technique with applications
+ * to cryptology" (https://eprint.iacr.org/2009/191.pdf).
+ *
+ * Note that variables x* (input) and s* (output) are numbered
+ * in "reverse" order (x0 is the high bit, x7 is the low bit).
+ */
- expanded_key[ii * 16 + 6] = expanded_key[(ii - 1) * 16 + 6] ^
- expanded_key[ii * 16 + 2];
+ uint32_t x0;
+ uint32_t x1;
+ uint32_t x2;
+ uint32_t x3;
+ uint32_t x4;
+ uint32_t x5;
+ uint32_t x6;
+ uint32_t x7;
+ uint32_t y1;
+ uint32_t y2;
+ uint32_t y3;
+ uint32_t y4;
+ uint32_t y5;
+ uint32_t y6;
+ uint32_t y7;
+ uint32_t y8;
+ uint32_t y9;
+ uint32_t y10;
+ uint32_t y11;
+ uint32_t y12;
+ uint32_t y13;
+ uint32_t y14;
+ uint32_t y15;
+ uint32_t y16;
+ uint32_t y17;
+ uint32_t y18;
+ uint32_t y19;
+ uint32_t y20;
+ uint32_t y21;
+ uint32_t z0;
+ uint32_t z1;
+ uint32_t z2;
+ uint32_t z3;
+ uint32_t z4;
+ uint32_t z5;
+ uint32_t z6;
+ uint32_t z7;
+ uint32_t z8;
+ uint32_t z9;
+ uint32_t z10;
+ uint32_t z11;
+ uint32_t z12;
+ uint32_t z13;
+ uint32_t z14;
+ uint32_t z15;
+ uint32_t z16;
+ uint32_t z17;
+ uint32_t t0;
+ uint32_t t1;
+ uint32_t t2;
+ uint32_t t3;
+ uint32_t t4;
+ uint32_t t5;
+ uint32_t t6;
+ uint32_t t7;
+ uint32_t t8;
+ uint32_t t9;
+ uint32_t t10;
+ uint32_t t11;
+ uint32_t t12;
+ uint32_t t13;
+ uint32_t t14;
+ uint32_t t15;
+ uint32_t t16;
+ uint32_t t17;
+ uint32_t t18;
+ uint32_t t19;
+ uint32_t t20;
+ uint32_t t21;
+ uint32_t t22;
+ uint32_t t23;
+ uint32_t t24;
+ uint32_t t25;
+ uint32_t t26;
+ uint32_t t27;
+ uint32_t t28;
+ uint32_t t29;
+ uint32_t t30;
+ uint32_t t31;
+ uint32_t t32;
+ uint32_t t33;
+ uint32_t t34;
+ uint32_t t35;
+ uint32_t t36;
+ uint32_t t37;
+ uint32_t t38;
+ uint32_t t39;
+ uint32_t t40;
+ uint32_t t41;
+ uint32_t t42;
+ uint32_t t43;
+ uint32_t t44;
+ uint32_t t45;
+ uint32_t t46;
+ uint32_t t47;
+ uint32_t t48;
+ uint32_t t49;
+ uint32_t t50;
+ uint32_t t51;
+ uint32_t t52;
+ uint32_t t53;
+ uint32_t t54;
+ uint32_t t55;
+ uint32_t t56;
+ uint32_t t57;
+ uint32_t t58;
+ uint32_t t59;
+ uint32_t t60;
+ uint32_t t61;
+ uint32_t t62;
+ uint32_t t63;
+ uint32_t t64;
+ uint32_t t65;
+ uint32_t t66;
+ uint32_t t67;
+ uint32_t s0;
+ uint32_t s1;
+ uint32_t s2;
+ uint32_t s3;
+ uint32_t s4;
+ uint32_t s5;
+ uint32_t s6;
+ uint32_t s7;
Review Comment:
Wow... quite a significant stack usage as for tiny embedded device the targets to run NuttX
##########
crypto/aes.c:
##########
@@ -1,842 +1,1085 @@
/****************************************************************************
* crypto/aes.c
+ * $OpenBSD: aes.c,v 1.2 2020/07/22 13:54:30 tobhe Exp $
*
- * Copyright (C) 2011 Texas Instruments Incorporated - http://www.ti.com/
- * Extracted from the CC3000 Host Driver Implementation.
+ * Copyright (c) 2016 Thomas Pornin <po...@bolet.org>
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Modified for OpenBSD by Thomas Pornin and Mike Belopuhov.
*
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
*
- * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the
- * distribution.
- *
- * Neither the name of Texas Instruments Incorporated nor the names of
- * its contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
*
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
-#include <nuttx/config.h>
-
+#include <sys/types.h>
#include <stdint.h>
-#include <errno.h>
-
-#include <nuttx/crypto/aes.h>
+#include <string.h>
+#include <crypto/aes.h>
/****************************************************************************
- * Private Data
+ * Public Functions
****************************************************************************/
-/* Forward sbox */
-
-static const uint8_t g_sbox[256] =
+static inline void enc32le(void *dst, uint32_t x)
{
- /* 0 1 2 3 4 5 6 7 8 9
- * A B C D E F
- */
+ unsigned char *buf = dst;
- 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01,
- 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, /* 0 */
- 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4,
- 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, /* 1 */
- 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5,
- 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, /* 2 */
- 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12,
- 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, /* 3 */
- 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b,
- 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, /* 4 */
- 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb,
- 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, /* 5 */
- 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9,
- 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, /* 6 */
- 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6,
- 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, /* 7 */
- 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7,
- 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, /* 8 */
- 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee,
- 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, /* 9 */
- 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3,
- 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, /* A */
- 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56,
- 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, /* B */
- 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd,
- 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, /* C */
- 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35,
- 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, /* D */
- 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e,
- 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, /* E */
- 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99,
- 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 /* F */
-};
-
-/* Inverse sbox */
-
-static const uint8_t g_rsbox[256] =
-{
- 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40,
- 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
- 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e,
- 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
- 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c,
- 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
- 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b,
- 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
- 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4,
- 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
- 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15,
- 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
- 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4,
- 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
- 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf,
- 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
- 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2,
- 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
- 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9,
- 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
- 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7,
- 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
- 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb,
- 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
- 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12,
- 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
- 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5,
- 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
- 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb,
- 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
- 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69,
- 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
-};
-
-/* Round constant */
+ buf[0] = (unsigned char)x;
+ buf[1] = (unsigned char)(x >> 8);
+ buf[2] = (unsigned char)(x >> 16);
+ buf[3] = (unsigned char)(x >> 24);
+}
-static const uint8_t g_rcon[11] =
+static inline uint32_t dec32le(const void *src)
Review Comment:
```suggestion
static inline uint32_t dec32le(FAR const void *src)
```
##########
crypto/aes.c:
##########
@@ -1,842 +1,1085 @@
/****************************************************************************
* crypto/aes.c
+ * $OpenBSD: aes.c,v 1.2 2020/07/22 13:54:30 tobhe Exp $
*
- * Copyright (C) 2011 Texas Instruments Incorporated - http://www.ti.com/
- * Extracted from the CC3000 Host Driver Implementation.
+ * Copyright (c) 2016 Thomas Pornin <po...@bolet.org>
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Modified for OpenBSD by Thomas Pornin and Mike Belopuhov.
*
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
*
- * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the
- * distribution.
- *
- * Neither the name of Texas Instruments Incorporated nor the names of
- * its contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
*
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
-#include <nuttx/config.h>
-
+#include <sys/types.h>
#include <stdint.h>
-#include <errno.h>
-
-#include <nuttx/crypto/aes.h>
+#include <string.h>
+#include <crypto/aes.h>
/****************************************************************************
- * Private Data
+ * Public Functions
****************************************************************************/
-/* Forward sbox */
-
-static const uint8_t g_sbox[256] =
+static inline void enc32le(void *dst, uint32_t x)
{
- /* 0 1 2 3 4 5 6 7 8 9
- * A B C D E F
- */
+ unsigned char *buf = dst;
- 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01,
- 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, /* 0 */
- 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4,
- 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, /* 1 */
- 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5,
- 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, /* 2 */
- 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12,
- 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, /* 3 */
- 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b,
- 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, /* 4 */
- 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb,
- 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, /* 5 */
- 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9,
- 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, /* 6 */
- 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6,
- 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, /* 7 */
- 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7,
- 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, /* 8 */
- 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee,
- 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, /* 9 */
- 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3,
- 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, /* A */
- 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56,
- 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, /* B */
- 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd,
- 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, /* C */
- 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35,
- 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, /* D */
- 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e,
- 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, /* E */
- 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99,
- 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 /* F */
-};
-
-/* Inverse sbox */
-
-static const uint8_t g_rsbox[256] =
-{
- 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40,
- 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
- 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e,
- 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
- 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c,
- 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
- 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b,
- 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
- 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4,
- 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
- 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15,
- 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
- 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4,
- 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
- 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf,
- 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
- 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2,
- 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
- 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9,
- 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
- 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7,
- 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
- 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb,
- 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
- 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12,
- 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
- 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5,
- 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
- 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb,
- 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
- 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69,
- 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
-};
-
-/* Round constant */
+ buf[0] = (unsigned char)x;
+ buf[1] = (unsigned char)(x >> 8);
+ buf[2] = (unsigned char)(x >> 16);
+ buf[3] = (unsigned char)(x >> 24);
+}
-static const uint8_t g_rcon[11] =
+static inline uint32_t dec32le(const void *src)
{
- 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36
-};
+ const unsigned char *buf = src;
-static struct aes_state_s g_aes_state;
-
-/****************************************************************************
- * Private Functions
- ****************************************************************************/
+ return (uint32_t)buf[0]
+ | ((uint32_t)buf[1] << 8)
+ | ((uint32_t)buf[2] << 16)
+ | ((uint32_t)buf[3] << 24);
+}
-/****************************************************************************
- * Name: expand_key
+/* This constant-time implementation is "bitsliced": the 128-bit state is
+ * split over eight 32-bit words q* in the following way:
*
- * Description:
- * Expend a 16 bytes key for AES128 implementation
+ * -- Input block consists in 16 bytes:
+ * a00 a10 a20 a30 a01 a11 a21 a31 a02 a12 a22 a32 a03 a13 a23 a33
+ * In the terminology of FIPS 197, this is a 4x4 matrix which is read
+ * column by column.
*
- * Input Parameters:
- * key AES128 key - 16 bytes
- * expanded_key expanded AES128 key
+ * -- Each byte is split into eight bits which are distributed over the
+ * eight words, at the same rank. Thus, for a byte x at rank k, bit 0
+ * (least significant) of x will be at rank k in q0 (if that bit is b,
+ * then it contributes "b << k" to the value of q0), bit 1 of x will be
+ * at rank k in q1, and so on.
*
- * Returned Value:
- * None
+ * -- Ranks given to bits are in "row order" and are either all even, or
+ * all odd. Two independent AES states are thus interleaved, one using
+ * the even ranks, the other the odd ranks. Row order means:
+ * a00 a01 a02 a03 a10 a11 a12 a13 a20 a21 a22 a23 a30 a31 a32 a33
*
- ****************************************************************************/
-
-static void expand_key(FAR uint8_t *expanded_key, FAR const uint8_t *key)
-{
- uint16_t buf1;
- uint16_t ii;
-
- for (ii = 0; ii < 16; ii++)
- {
- expanded_key[ii] = key[ii];
- }
-
- for (ii = 1; ii < 11; ii++)
- {
- buf1 = expanded_key[ii * 16 - 4];
- expanded_key[ii * 16 + 0] = g_sbox[expanded_key[ii *16 - 3]] ^
- expanded_key[(ii - 1) * 16 + 0] ^ g_rcon[ii];
-
- expanded_key[ii * 16 + 1] = g_sbox[expanded_key[ii *16 - 2]] ^
- expanded_key[(ii - 1) * 16 + 1];
-
- expanded_key[ii * 16 + 2] = g_sbox[expanded_key[ii *16 - 1]] ^
- expanded_key[(ii - 1) * 16 + 2];
-
- expanded_key[ii * 16 + 3] = g_sbox[buf1] ^
- expanded_key[(ii - 1) * 16 + 3];
+ * Converting input bytes from two AES blocks to bitslice representation
+ * is done in the following way:
+ * -- Decode first block into the four words q0 q2 q4 q6, in that order,
+ * using little-endian convention.
+ * -- Decode second block into the four words q1 q3 q5 q7, in that order,
+ * using little-endian convention.
+ * -- Call aes_ct_ortho().
+ *
+ * Converting back to bytes is done by using the reverse operations. Note
+ * that aes_ct_ortho() is its own inverse.
+ */
- expanded_key[ii * 16 + 4] = expanded_key[(ii - 1) * 16 + 4] ^
- expanded_key[ii * 16 + 0];
+/* The AES S-box, as a bitsliced constant-time version. The input array
+ * consists in eight 32-bit words; 32 S-box instances are computed in
+ * parallel. Bits 0 to 7 of each S-box input (bit 0 is least significant)
+ * are spread over the words 0 to 7, at the same rank.
+ */
- expanded_key[ii * 16 + 5] = expanded_key[(ii - 1) * 16 + 5] ^
- expanded_key[ii * 16 + 1];
+static void aes_ct_bitslice_sbox(uint32_t *q)
Review Comment:
```suggestion
static void aes_ct_bitslice_sbox(FAR uint32_t *q)
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org