1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
// Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions
// are met:
//
// 1. Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
//
// THIS SOFTWARE IS PROVIDED BY THE AUTHORS “AS IS” AND ANY EXPRESS OR
// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
// GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
// WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
// THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package aes_ct64
add_round_key :: proc "contextless" (q: ^[8]u64, sk: []u64) #no_bounds_check {
ensure_contextless(len(sk) >= 8, "aes/ct64: invalid round key size")
q[0] ~= sk[0]
q[1] ~= sk[1]
q[2] ~= sk[2]
q[3] ~= sk[3]
q[4] ~= sk[4]
q[5] ~= sk[5]
q[6] ~= sk[6]
q[7] ~= sk[7]
}
shift_rows :: proc "contextless" (q: ^[8]u64) {
for x, i in q {
q[i] =
(x & 0x000000000000FFFF) |
((x & 0x00000000FFF00000) >> 4) |
((x & 0x00000000000F0000) << 12) |
((x & 0x0000FF0000000000) >> 8) |
((x & 0x000000FF00000000) << 8) |
((x & 0xF000000000000000) >> 12) |
((x & 0x0FFF000000000000) << 4)
}
}
mix_columns :: proc "contextless" (q: ^[8]u64) {
q0 := q[0]
q1 := q[1]
q2 := q[2]
q3 := q[3]
q4 := q[4]
q5 := q[5]
q6 := q[6]
q7 := q[7]
r0 := (q0 >> 16) | (q0 << 48)
r1 := (q1 >> 16) | (q1 << 48)
r2 := (q2 >> 16) | (q2 << 48)
r3 := (q3 >> 16) | (q3 << 48)
r4 := (q4 >> 16) | (q4 << 48)
r5 := (q5 >> 16) | (q5 << 48)
r6 := (q6 >> 16) | (q6 << 48)
r7 := (q7 >> 16) | (q7 << 48)
q[0] = q7 ~ r7 ~ r0 ~ rotr32(q0 ~ r0)
q[1] = q0 ~ r0 ~ q7 ~ r7 ~ r1 ~ rotr32(q1 ~ r1)
q[2] = q1 ~ r1 ~ r2 ~ rotr32(q2 ~ r2)
q[3] = q2 ~ r2 ~ q7 ~ r7 ~ r3 ~ rotr32(q3 ~ r3)
q[4] = q3 ~ r3 ~ q7 ~ r7 ~ r4 ~ rotr32(q4 ~ r4)
q[5] = q4 ~ r4 ~ r5 ~ rotr32(q5 ~ r5)
q[6] = q5 ~ r5 ~ r6 ~ rotr32(q6 ~ r6)
q[7] = q6 ~ r6 ~ r7 ~ rotr32(q7 ~ r7)
}
@(private)
_encrypt :: proc "contextless" (q: ^[8]u64, skey: []u64, num_rounds: int) {
add_round_key(q, skey)
for u in 1 ..< num_rounds {
sub_bytes(q)
shift_rows(q)
mix_columns(q)
add_round_key(q, skey[u << 3:])
}
sub_bytes(q)
shift_rows(q)
add_round_key(q, skey[num_rounds << 3:])
}
|
