Lines Matching +full:- +full:y
2 * FIPS-197 compliant AES implementation
5 * SPDX-License-Identifier: Apache-2.0
11 * http://www.apache.org/licenses/LICENSE-2.0
23 * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
62 static int aes_padlock_ace = -1;
67 * Forward S-box
198 * Reverse S-box
341 * Forward S-box & tables
352 * Reverse S-box & tables
372 #define MUL(x,y) ( ( (x) && (y) ) ? pow[(log[(x)]+log[(y)]) % 255] : 0 ) argument
378 int i, x, y, z; in aes_gen_tables() local
402 * generate the forward and reverse S-boxes in aes_gen_tables()
409 x = pow[255 - log[i]]; in aes_gen_tables()
411 y = x; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) ); in aes_gen_tables()
412 x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) ); in aes_gen_tables()
413 x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) ); in aes_gen_tables()
414 x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) ); in aes_gen_tables()
415 x ^= y ^ 0x63; in aes_gen_tables()
427 y = MBEDTLS_BYTE_0( XTIME( x ) ); in aes_gen_tables()
428 z = MBEDTLS_BYTE_0( y ^ x ); in aes_gen_tables()
430 FT0[i] = ( (uint32_t) y ) ^ in aes_gen_tables()
510 mbedtls_aes_init( &ctx->crypt ); in mbedtls_aes_xts_init()
511 mbedtls_aes_init( &ctx->tweak ); in mbedtls_aes_xts_init()
519 mbedtls_aes_free( &ctx->crypt ); in mbedtls_aes_xts_free()
520 mbedtls_aes_free( &ctx->tweak ); in mbedtls_aes_xts_free()
539 case 128: ctx->nr = 10; break; in mbedtls_aes_setkey_enc()
540 case 192: ctx->nr = 12; break; in mbedtls_aes_setkey_enc()
541 case 256: ctx->nr = 14; break; in mbedtls_aes_setkey_enc()
554 if( aes_padlock_ace == -1 ) in mbedtls_aes_setkey_enc()
558 ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16( ctx->buf ); in mbedtls_aes_setkey_enc()
561 ctx->rk = RK = ctx->buf; in mbedtls_aes_setkey_enc()
565 return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) ); in mbedtls_aes_setkey_enc()
573 switch( ctx->nr ) in mbedtls_aes_setkey_enc()
658 if( aes_padlock_ace == -1 ) in mbedtls_aes_setkey_dec()
662 ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16( ctx->buf ); in mbedtls_aes_setkey_dec()
665 ctx->rk = RK = ctx->buf; in mbedtls_aes_setkey_dec()
671 ctx->nr = cty.nr; in mbedtls_aes_setkey_dec()
676 mbedtls_aesni_inverse_key( (unsigned char *) ctx->rk, in mbedtls_aes_setkey_dec()
677 (const unsigned char *) cty.rk, ctx->nr ); in mbedtls_aes_setkey_dec()
689 for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 ) in mbedtls_aes_setkey_dec()
755 ret = mbedtls_aes_setkey_enc( &ctx->tweak, key2, key2bits ); in mbedtls_aes_xts_setkey_enc()
760 return mbedtls_aes_setkey_enc( &ctx->crypt, key1, key1bits ); in mbedtls_aes_xts_setkey_enc()
780 ret = mbedtls_aes_setkey_enc( &ctx->tweak, key2, key2bits ); in mbedtls_aes_xts_setkey_dec()
785 return mbedtls_aes_setkey_dec( &ctx->crypt, key1, key1bits ); in mbedtls_aes_xts_setkey_dec()
838 * AES-ECB block encryption
846 uint32_t *RK = ctx->rk; in mbedtls_internal_aes_encrypt()
850 uint32_t Y[4]; in mbedtls_internal_aes_encrypt() member
858 for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- ) in mbedtls_internal_aes_encrypt()
860 AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); in mbedtls_internal_aes_encrypt()
861 AES_FROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] ); in mbedtls_internal_aes_encrypt()
864 AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); in mbedtls_internal_aes_encrypt()
867 ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[0] ) ] ) ^ in mbedtls_internal_aes_encrypt()
868 ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] << 8 ) ^ in mbedtls_internal_aes_encrypt()
869 ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^ in mbedtls_internal_aes_encrypt()
870 ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 ); in mbedtls_internal_aes_encrypt()
873 ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[1] ) ] ) ^ in mbedtls_internal_aes_encrypt()
874 ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] << 8 ) ^ in mbedtls_internal_aes_encrypt()
875 ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^ in mbedtls_internal_aes_encrypt()
876 ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 ); in mbedtls_internal_aes_encrypt()
879 ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[2] ) ] ) ^ in mbedtls_internal_aes_encrypt()
880 ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] << 8 ) ^ in mbedtls_internal_aes_encrypt()
881 ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^ in mbedtls_internal_aes_encrypt()
882 ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 ); in mbedtls_internal_aes_encrypt()
885 ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[3] ) ] ) ^ in mbedtls_internal_aes_encrypt()
886 ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] << 8 ) ^ in mbedtls_internal_aes_encrypt()
887 ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^ in mbedtls_internal_aes_encrypt()
888 ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 ); in mbedtls_internal_aes_encrypt()
911 * AES-ECB block decryption
919 uint32_t *RK = ctx->rk; in mbedtls_internal_aes_decrypt()
923 uint32_t Y[4]; in mbedtls_internal_aes_decrypt() member
931 for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- ) in mbedtls_internal_aes_decrypt()
933 AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); in mbedtls_internal_aes_decrypt()
934 AES_RROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] ); in mbedtls_internal_aes_decrypt()
937 AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); in mbedtls_internal_aes_decrypt()
940 ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[0] ) ] ) ^ in mbedtls_internal_aes_decrypt()
941 ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] << 8 ) ^ in mbedtls_internal_aes_decrypt()
942 ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^ in mbedtls_internal_aes_decrypt()
943 ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 ); in mbedtls_internal_aes_decrypt()
946 ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[1] ) ] ) ^ in mbedtls_internal_aes_decrypt()
947 ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] << 8 ) ^ in mbedtls_internal_aes_decrypt()
948 ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^ in mbedtls_internal_aes_decrypt()
949 ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 ); in mbedtls_internal_aes_decrypt()
952 ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[2] ) ] ) ^ in mbedtls_internal_aes_decrypt()
953 ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] << 8 ) ^ in mbedtls_internal_aes_decrypt()
954 ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^ in mbedtls_internal_aes_decrypt()
955 ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 ); in mbedtls_internal_aes_decrypt()
958 ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[3] ) ] ) ^ in mbedtls_internal_aes_decrypt()
959 ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] << 8 ) ^ in mbedtls_internal_aes_decrypt()
960 ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^ in mbedtls_internal_aes_decrypt()
961 ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 ); in mbedtls_internal_aes_decrypt()
984 * AES-ECB block encryption/decryption
1022 * AES-CBC buffer encryption/decryption
1073 length -= 16; in mbedtls_aes_crypt_cbc()
1090 length -= 16; in mbedtls_aes_crypt_cbc()
1108 * representation. It uses 64-bit word operations to gain speed but compensates
1120 ra = ( a << 1 ) ^ 0x0087 >> ( 8 - ( ( b >> 63 ) << 3 ) ); in mbedtls_gf128mul_x_ble()
1128 * AES-XTS buffer encryption/decryption
1155 /* NIST SP 800-38E disallows data units larger than 2**20 blocks. */ in mbedtls_aes_crypt_xts()
1160 ret = mbedtls_aes_crypt_ecb( &ctx->tweak, MBEDTLS_AES_ENCRYPT, in mbedtls_aes_crypt_xts()
1165 while( blocks-- ) in mbedtls_aes_crypt_xts()
1183 ret = mbedtls_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp ); in mbedtls_aes_crypt_xts()
1206 unsigned char *prev_output = output - 16; in mbedtls_aes_crypt_xts()
1223 ret = mbedtls_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp ); in mbedtls_aes_crypt_xts()
1239 * AES-CFB128 buffer encryption/decryption
1268 while( length-- ) in mbedtls_aes_crypt_cfb128()
1286 while( length-- ) in mbedtls_aes_crypt_cfb128()
1309 * AES-CFB8 buffer encryption/decryption
1328 while( length-- ) in mbedtls_aes_crypt_cfb8()
1354 * AES-OFB (Output Feedback Mode) buffer encryption/decryption
1377 while( length-- ) in mbedtls_aes_crypt_ofb()
1399 * AES-CTR buffer encryption/decryption
1425 while( length-- ) in mbedtls_aes_crypt_ctr()
1432 for( i = 16; i > 0; i-- ) in mbedtls_aes_crypt_ctr()
1433 if( ++nonce_counter[i - 1] != 0 ) in mbedtls_aes_crypt_ctr()
1456 * http://csrc.nist.gov/archive/aes/rijndael/rijndael-vals.zip
1502 * AES-CFB128 test vectors from:
1504 * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
1568 * AES-OFB test vectors from:
1570 * https://csrc.nist.gov/publications/detail/sp/800-38a/final
1634 * AES-CTR test vectors from:
1697 * AES-XTS test vectors from:
1805 mbedtls_printf( " AES-ECB-%3u (%s): ", keybits, in mbedtls_aes_self_test()
1822 * AES-192 is an optional feature that may be unavailable when in mbedtls_aes_self_test()
1867 mbedtls_printf( " AES-CBC-%3u (%s): ", keybits, in mbedtls_aes_self_test()
1886 * AES-192 is an optional feature that may be unavailable when in mbedtls_aes_self_test()
1942 mbedtls_printf( " AES-CFB128-%3u (%s): ", keybits, in mbedtls_aes_self_test()
1951 * AES-192 is an optional feature that may be unavailable when in mbedtls_aes_self_test()
2005 mbedtls_printf( " AES-OFB-%3u (%s): ", keybits, in mbedtls_aes_self_test()
2014 * AES-192 is an optional feature that may be unavailable when in mbedtls_aes_self_test()
2067 mbedtls_printf( " AES-CTR-128 (%s): ", in mbedtls_aes_self_test()
2127 mbedtls_printf( " AES-XTS-128 (%s): ", in mbedtls_aes_self_test()