|
1 /* |
|
2 * Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 #include "rijndaelimpl.h" |
|
20 #include "keys.h" |
|
21 |
|
22 #include "rijndaeltables.h" |
|
23 #include "../../../source/common/inlines.h" |
|
24 #include "pluginconfig.h" |
|
25 #include "symmetriccipherimpl.h" |
|
26 #include <cryptostrength.h> |
|
27 |
|
28 using namespace SoftwareCrypto; |
|
29 |
|
30 const TUint KAESKeyBytes128 = 16; |
|
31 const TUint KAESKeyBytes192 = 24; |
|
32 const TUint KAESKeyBytes256 = 32; |
|
33 const TUint KAESBlockBytes = 16; |
|
34 |
|
35 /* CRijndaelmpl*/ |
|
36 CRijndaelImpl::CRijndaelImpl( |
|
37 TUid aCryptoMode, |
|
38 TUid aOperationMode, |
|
39 TUid aPadding, |
|
40 TUid aImplementationUid) : |
|
41 CSymmetricBlockCipherImpl(KAESBlockBytes, aCryptoMode, aOperationMode, aPadding), |
|
42 iImplementationUid(aImplementationUid) |
|
43 { |
|
44 } |
|
45 |
|
46 CRijndaelImpl* CRijndaelImpl::NewL(const CKey& aKey, TUid aCryptoMode, TUid aOperationMode, |
|
47 TUid aPadding, TUid aImplementationUid) |
|
48 { |
|
49 CRijndaelImpl* self = CRijndaelImpl::NewLC(aKey, aCryptoMode, aOperationMode, |
|
50 aPadding, aImplementationUid); |
|
51 CleanupStack::Pop(self); |
|
52 return self; |
|
53 } |
|
54 |
|
55 CRijndaelImpl* CRijndaelImpl::NewLC(const CKey& aKey, TUid aCryptoMode, TUid aOperationMode, |
|
56 TUid aPadding, TUid aImplementationUid) |
|
57 { |
|
58 CRijndaelImpl* self = new(ELeave) CRijndaelImpl(aCryptoMode, aOperationMode, aPadding, |
|
59 aImplementationUid); |
|
60 CleanupStack::PushL(self); |
|
61 self->ConstructL(aKey); |
|
62 |
|
63 const TDesC8& keyContent = aKey.GetTDesC8L(KSymmetricKeyParameterUid); |
|
64 TCrypto::IsSymmetricWeakEnoughL(BytesToBits(keyContent.Size()) - keyContent.Size()); |
|
65 return self; |
|
66 } |
|
67 |
|
68 CRijndaelImpl::~CRijndaelImpl() |
|
69 { |
|
70 // make sure key information isn't visible to other processes if the |
|
71 // page is reused. |
|
72 Mem::FillZ(&iK, sizeof(iK)); |
|
73 } |
|
74 |
|
75 void CRijndaelImpl::ConstructL(const CKey& aKey) |
|
76 { |
|
77 CSymmetricBlockCipherImpl::ConstructL(aKey); |
|
78 SetKeySchedule(); |
|
79 } |
|
80 |
|
81 CExtendedCharacteristics* CRijndaelImpl::CreateExtendedCharacteristicsL() |
|
82 { |
|
83 // All Symbian software plug-ins have unlimited concurrency, cannot be reserved |
|
84 // for exclusive use and are not CERTIFIED to be standards compliant. |
|
85 return CExtendedCharacteristics::NewL(KMaxTInt, EFalse); |
|
86 } |
|
87 |
|
88 const CExtendedCharacteristics* CRijndaelImpl::GetExtendedCharacteristicsL() |
|
89 { |
|
90 return CRijndaelImpl::CreateExtendedCharacteristicsL(); |
|
91 } |
|
92 |
|
93 TUid CRijndaelImpl::ImplementationUid() const |
|
94 { |
|
95 return iImplementationUid; |
|
96 } |
|
97 |
|
98 TBool CRijndaelImpl::IsValidKeyLength(TInt aKeyBytes) const |
|
99 { |
|
100 switch(aKeyBytes) |
|
101 { |
|
102 case KAESKeyBytes128: |
|
103 case KAESKeyBytes192: |
|
104 case KAESKeyBytes256: |
|
105 return ETrue; |
|
106 default: |
|
107 return EFalse; |
|
108 } |
|
109 } |
|
110 |
|
111 void CRijndaelImpl::SetKeySchedule() |
|
112 { |
|
113 iRounds = iKeyBytes/4 + 6; |
|
114 if (iCryptoMode.iUid == KCryptoModeEncrypt) |
|
115 { |
|
116 SetEncryptKeySchedule(*iKey, &iK[0]); |
|
117 } |
|
118 else |
|
119 { |
|
120 ASSERT(iCryptoMode.iUid == KCryptoModeDecrypt); |
|
121 SetDecryptKeySchedule(*iKey, &iK[0]); |
|
122 } |
|
123 } |
|
124 |
|
125 void CRijndaelImpl::TransformEncrypt( |
|
126 TUint8* aBuffer, |
|
127 TUint aNumBlocks) |
|
128 { |
|
129 for (TInt i = 0; i < aNumBlocks; ++i) |
|
130 { |
|
131 ModeEncryptStart(aBuffer); |
|
132 |
|
133 TUint32 s0, s1, s2, s3, t0, t1, t2, t3; |
|
134 const TUint32* rk = &iK[0]; |
|
135 |
|
136 /* |
|
137 * map byte array block to cipher state |
|
138 * and add initial round key: |
|
139 */ |
|
140 GetBlockBigEndian(aBuffer, s0, s1, s2, s3); |
|
141 s0 ^= rk[0]; |
|
142 s1 ^= rk[1]; |
|
143 s2 ^= rk[2]; |
|
144 s3 ^= rk[3]; |
|
145 /* |
|
146 * Nr - 1 full rounds: |
|
147 */ |
|
148 TUint r = iRounds >> 1; |
|
149 FOREVER |
|
150 { |
|
151 t0 = |
|
152 RIJNDAEL_TABLE::Te0[GETBYTE(s0, 3)] ^ |
|
153 RIJNDAEL_TABLE::Te1[GETBYTE(s1, 2)] ^ |
|
154 RIJNDAEL_TABLE::Te2[GETBYTE(s2, 1)] ^ |
|
155 RIJNDAEL_TABLE::Te3[GETBYTE(s3, 0)] ^ |
|
156 rk[4]; |
|
157 t1 = |
|
158 RIJNDAEL_TABLE::Te0[GETBYTE(s1, 3)] ^ |
|
159 RIJNDAEL_TABLE::Te1[GETBYTE(s2, 2)] ^ |
|
160 RIJNDAEL_TABLE::Te2[GETBYTE(s3, 1)] ^ |
|
161 RIJNDAEL_TABLE::Te3[GETBYTE(s0, 0)] ^ |
|
162 rk[5]; |
|
163 t2 = |
|
164 RIJNDAEL_TABLE::Te0[GETBYTE(s2, 3)] ^ |
|
165 RIJNDAEL_TABLE::Te1[GETBYTE(s3, 2)] ^ |
|
166 RIJNDAEL_TABLE::Te2[GETBYTE(s0, 1)] ^ |
|
167 RIJNDAEL_TABLE::Te3[GETBYTE(s1, 0)] ^ |
|
168 rk[6]; |
|
169 t3 = |
|
170 RIJNDAEL_TABLE::Te0[GETBYTE(s3, 3)] ^ |
|
171 RIJNDAEL_TABLE::Te1[GETBYTE(s0, 2)] ^ |
|
172 RIJNDAEL_TABLE::Te2[GETBYTE(s1, 1)] ^ |
|
173 RIJNDAEL_TABLE::Te3[GETBYTE(s2, 0)] ^ |
|
174 rk[7]; |
|
175 |
|
176 rk += 8; |
|
177 if (--r == 0) |
|
178 break; |
|
179 |
|
180 s0 = |
|
181 RIJNDAEL_TABLE::Te0[GETBYTE(t0, 3)] ^ |
|
182 RIJNDAEL_TABLE::Te1[GETBYTE(t1, 2)] ^ |
|
183 RIJNDAEL_TABLE::Te2[GETBYTE(t2, 1)] ^ |
|
184 RIJNDAEL_TABLE::Te3[GETBYTE(t3, 0)] ^ |
|
185 rk[0]; |
|
186 s1 = |
|
187 RIJNDAEL_TABLE::Te0[GETBYTE(t1, 3)] ^ |
|
188 RIJNDAEL_TABLE::Te1[GETBYTE(t2, 2)] ^ |
|
189 RIJNDAEL_TABLE::Te2[GETBYTE(t3, 1)] ^ |
|
190 RIJNDAEL_TABLE::Te3[GETBYTE(t0, 0)] ^ |
|
191 rk[1]; |
|
192 s2 = |
|
193 RIJNDAEL_TABLE::Te0[GETBYTE(t2, 3)] ^ |
|
194 RIJNDAEL_TABLE::Te1[GETBYTE(t3, 2)] ^ |
|
195 RIJNDAEL_TABLE::Te2[GETBYTE(t0, 1)] ^ |
|
196 RIJNDAEL_TABLE::Te3[GETBYTE(t1, 0)] ^ |
|
197 rk[2]; |
|
198 s3 = |
|
199 RIJNDAEL_TABLE::Te0[GETBYTE(t3, 3)] ^ |
|
200 RIJNDAEL_TABLE::Te1[GETBYTE(t0, 2)] ^ |
|
201 RIJNDAEL_TABLE::Te2[GETBYTE(t1, 1)] ^ |
|
202 RIJNDAEL_TABLE::Te3[GETBYTE(t2, 0)] ^ |
|
203 rk[3]; |
|
204 } |
|
205 /* |
|
206 * apply last round and |
|
207 * map cipher state to byte array block: |
|
208 */ |
|
209 |
|
210 s0 = |
|
211 (RIJNDAEL_TABLE::Te4[GETBYTE(t0, 3)] & 0xff000000) ^ |
|
212 (RIJNDAEL_TABLE::Te4[GETBYTE(t1, 2)] & 0x00ff0000) ^ |
|
213 (RIJNDAEL_TABLE::Te4[GETBYTE(t2, 1)] & 0x0000ff00) ^ |
|
214 (RIJNDAEL_TABLE::Te4[GETBYTE(t3, 0)] & 0x000000ff) ^ |
|
215 rk[0]; |
|
216 s1 = |
|
217 (RIJNDAEL_TABLE::Te4[GETBYTE(t1, 3)] & 0xff000000) ^ |
|
218 (RIJNDAEL_TABLE::Te4[GETBYTE(t2, 2)] & 0x00ff0000) ^ |
|
219 (RIJNDAEL_TABLE::Te4[GETBYTE(t3, 1)] & 0x0000ff00) ^ |
|
220 (RIJNDAEL_TABLE::Te4[GETBYTE(t0, 0)] & 0x000000ff) ^ |
|
221 rk[1]; |
|
222 s2 = |
|
223 (RIJNDAEL_TABLE::Te4[GETBYTE(t2, 3)] & 0xff000000) ^ |
|
224 (RIJNDAEL_TABLE::Te4[GETBYTE(t3, 2)] & 0x00ff0000) ^ |
|
225 (RIJNDAEL_TABLE::Te4[GETBYTE(t0, 1)] & 0x0000ff00) ^ |
|
226 (RIJNDAEL_TABLE::Te4[GETBYTE(t1, 0)] & 0x000000ff) ^ |
|
227 rk[2]; |
|
228 s3 = |
|
229 (RIJNDAEL_TABLE::Te4[GETBYTE(t3, 3)] & 0xff000000) ^ |
|
230 (RIJNDAEL_TABLE::Te4[GETBYTE(t0, 2)] & 0x00ff0000) ^ |
|
231 (RIJNDAEL_TABLE::Te4[GETBYTE(t1, 1)] & 0x0000ff00) ^ |
|
232 (RIJNDAEL_TABLE::Te4[GETBYTE(t2, 0)] & 0x000000ff) ^ |
|
233 rk[3]; |
|
234 |
|
235 PutBlockBigEndian(aBuffer, s0, s1, s2, s3); |
|
236 ModeEncryptEnd(aBuffer); |
|
237 aBuffer += KAESBlockBytes; |
|
238 } |
|
239 } |
|
240 |
|
241 void CRijndaelImpl::TransformDecrypt( |
|
242 TUint8* aBuffer, |
|
243 TUint aNumBlocks) |
|
244 { |
|
245 for (TInt i = 0; i < aNumBlocks; ++i) |
|
246 { |
|
247 ModeDecryptStart(aBuffer); |
|
248 |
|
249 TUint32 s0, s1, s2, s3, t0, t1, t2, t3; |
|
250 const TUint32* rk = &iK[0]; |
|
251 |
|
252 /* |
|
253 * map byte array block to cipher state |
|
254 * and add initial round key: |
|
255 */ |
|
256 GetBlockBigEndian(aBuffer, s0, s1, s2, s3); |
|
257 |
|
258 s0 ^= rk[0]; |
|
259 s1 ^= rk[1]; |
|
260 s2 ^= rk[2]; |
|
261 s3 ^= rk[3]; |
|
262 /* |
|
263 * Nr - 1 full rounds: |
|
264 */ |
|
265 TUint r = iRounds >> 1; |
|
266 FOREVER |
|
267 { |
|
268 t0 = |
|
269 RIJNDAEL_TABLE::Td0[GETBYTE(s0, 3)] ^ |
|
270 RIJNDAEL_TABLE::Td1[GETBYTE(s3, 2)] ^ |
|
271 RIJNDAEL_TABLE::Td2[GETBYTE(s2, 1)] ^ |
|
272 RIJNDAEL_TABLE::Td3[GETBYTE(s1, 0)] ^ |
|
273 rk[4]; |
|
274 t1 = |
|
275 RIJNDAEL_TABLE::Td0[GETBYTE(s1, 3)] ^ |
|
276 RIJNDAEL_TABLE::Td1[GETBYTE(s0, 2)] ^ |
|
277 RIJNDAEL_TABLE::Td2[GETBYTE(s3, 1)] ^ |
|
278 RIJNDAEL_TABLE::Td3[GETBYTE(s2, 0)] ^ |
|
279 rk[5]; |
|
280 t2 = |
|
281 RIJNDAEL_TABLE::Td0[GETBYTE(s2, 3)] ^ |
|
282 RIJNDAEL_TABLE::Td1[GETBYTE(s1, 2)] ^ |
|
283 RIJNDAEL_TABLE::Td2[GETBYTE(s0, 1)] ^ |
|
284 RIJNDAEL_TABLE::Td3[GETBYTE(s3, 0)] ^ |
|
285 rk[6]; |
|
286 t3 = |
|
287 RIJNDAEL_TABLE::Td0[GETBYTE(s3, 3)] ^ |
|
288 RIJNDAEL_TABLE::Td1[GETBYTE(s2, 2)] ^ |
|
289 RIJNDAEL_TABLE::Td2[GETBYTE(s1, 1)] ^ |
|
290 RIJNDAEL_TABLE::Td3[GETBYTE(s0, 0)] ^ |
|
291 rk[7]; |
|
292 |
|
293 rk += 8; |
|
294 if (--r == 0) |
|
295 break; |
|
296 |
|
297 s0 = |
|
298 RIJNDAEL_TABLE::Td0[GETBYTE(t0, 3)] ^ |
|
299 RIJNDAEL_TABLE::Td1[GETBYTE(t3, 2)] ^ |
|
300 RIJNDAEL_TABLE::Td2[GETBYTE(t2, 1)] ^ |
|
301 RIJNDAEL_TABLE::Td3[GETBYTE(t1, 0)] ^ |
|
302 rk[0]; |
|
303 s1 = |
|
304 RIJNDAEL_TABLE::Td0[GETBYTE(t1, 3)] ^ |
|
305 RIJNDAEL_TABLE::Td1[GETBYTE(t0, 2)] ^ |
|
306 RIJNDAEL_TABLE::Td2[GETBYTE(t3, 1)] ^ |
|
307 RIJNDAEL_TABLE::Td3[GETBYTE(t2, 0)] ^ |
|
308 rk[1]; |
|
309 s2 = |
|
310 RIJNDAEL_TABLE::Td0[GETBYTE(t2, 3)] ^ |
|
311 RIJNDAEL_TABLE::Td1[GETBYTE(t1, 2)] ^ |
|
312 RIJNDAEL_TABLE::Td2[GETBYTE(t0, 1)] ^ |
|
313 RIJNDAEL_TABLE::Td3[GETBYTE(t3, 0)] ^ |
|
314 rk[2]; |
|
315 s3 = |
|
316 RIJNDAEL_TABLE::Td0[GETBYTE(t3, 3)] ^ |
|
317 RIJNDAEL_TABLE::Td1[GETBYTE(t2, 2)] ^ |
|
318 RIJNDAEL_TABLE::Td2[GETBYTE(t1, 1)] ^ |
|
319 RIJNDAEL_TABLE::Td3[GETBYTE(t0, 0)] ^ |
|
320 rk[3]; |
|
321 } |
|
322 /* |
|
323 * apply last round and |
|
324 * map cipher state to byte array block: |
|
325 */ |
|
326 s0 = |
|
327 (RIJNDAEL_TABLE::Td4[GETBYTE(t0, 3)] & 0xff000000) ^ |
|
328 (RIJNDAEL_TABLE::Td4[GETBYTE(t3, 2)] & 0x00ff0000) ^ |
|
329 (RIJNDAEL_TABLE::Td4[GETBYTE(t2, 1)] & 0x0000ff00) ^ |
|
330 (RIJNDAEL_TABLE::Td4[GETBYTE(t1, 0)] & 0x000000ff) ^ |
|
331 rk[0]; |
|
332 s1 = |
|
333 (RIJNDAEL_TABLE::Td4[GETBYTE(t1, 3)] & 0xff000000) ^ |
|
334 (RIJNDAEL_TABLE::Td4[GETBYTE(t0, 2)] & 0x00ff0000) ^ |
|
335 (RIJNDAEL_TABLE::Td4[GETBYTE(t3, 1)] & 0x0000ff00) ^ |
|
336 (RIJNDAEL_TABLE::Td4[GETBYTE(t2, 0)] & 0x000000ff) ^ |
|
337 rk[1]; |
|
338 s2 = |
|
339 (RIJNDAEL_TABLE::Td4[GETBYTE(t2, 3)] & 0xff000000) ^ |
|
340 (RIJNDAEL_TABLE::Td4[GETBYTE(t1, 2)] & 0x00ff0000) ^ |
|
341 (RIJNDAEL_TABLE::Td4[GETBYTE(t0, 1)] & 0x0000ff00) ^ |
|
342 (RIJNDAEL_TABLE::Td4[GETBYTE(t3, 0)] & 0x000000ff) ^ |
|
343 rk[2]; |
|
344 s3 = |
|
345 (RIJNDAEL_TABLE::Td4[GETBYTE(t3, 3)] & 0xff000000) ^ |
|
346 (RIJNDAEL_TABLE::Td4[GETBYTE(t2, 2)] & 0x00ff0000) ^ |
|
347 (RIJNDAEL_TABLE::Td4[GETBYTE(t1, 1)] & 0x0000ff00) ^ |
|
348 (RIJNDAEL_TABLE::Td4[GETBYTE(t0, 0)] & 0x000000ff) ^ |
|
349 rk[3]; |
|
350 PutBlockBigEndian(aBuffer, s0, s1, s2, s3); |
|
351 ModeDecryptEnd(aBuffer); |
|
352 aBuffer += KAESBlockBytes; |
|
353 } |
|
354 } |
|
355 |
|
356 void CRijndaelImpl::SetEncryptKeySchedule(const TDesC8& aKey, TUint32* aKeySchedule) |
|
357 { |
|
358 TUint keySize = aKey.Length(); |
|
359 TUint32 temp; |
|
360 TUint32* rk = aKeySchedule; |
|
361 |
|
362 TUint i = 0; |
|
363 |
|
364 GetUserKeyBigEndian(rk, keySize/4, &aKey[0], keySize); |
|
365 |
|
366 switch(keySize) |
|
367 { |
|
368 case (KAESKeyBytes128): |
|
369 { |
|
370 FOREVER |
|
371 { |
|
372 temp = rk[3]; |
|
373 rk[4] = rk[0] ^ |
|
374 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 2)] & 0xff000000) ^ |
|
375 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 1)] & 0x00ff0000) ^ |
|
376 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 0)] & 0x0000ff00) ^ |
|
377 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 3)] & 0x000000ff) ^ |
|
378 RIJNDAEL_TABLE::rcon[i]; |
|
379 rk[5] = rk[1] ^ rk[4]; |
|
380 rk[6] = rk[2] ^ rk[5]; |
|
381 rk[7] = rk[3] ^ rk[6]; |
|
382 if (++i == 10) |
|
383 break; |
|
384 rk += 4; |
|
385 } |
|
386 } |
|
387 break; |
|
388 |
|
389 case (KAESKeyBytes192): |
|
390 { |
|
391 FOREVER |
|
392 { |
|
393 temp = rk[ 5]; |
|
394 rk[ 6] = rk[ 0] ^ |
|
395 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 2)] & 0xff000000) ^ |
|
396 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 1)] & 0x00ff0000) ^ |
|
397 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 0)] & 0x0000ff00) ^ |
|
398 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 3)] & 0x000000ff) ^ |
|
399 RIJNDAEL_TABLE::rcon[i]; |
|
400 rk[ 7] = rk[ 1] ^ rk[ 6]; |
|
401 rk[ 8] = rk[ 2] ^ rk[ 7]; |
|
402 rk[ 9] = rk[ 3] ^ rk[ 8]; |
|
403 if (++i == 8) |
|
404 break; |
|
405 rk[10] = rk[ 4] ^ rk[ 9]; |
|
406 rk[11] = rk[ 5] ^ rk[10]; |
|
407 rk += 6; |
|
408 } |
|
409 } |
|
410 break; |
|
411 |
|
412 case (KAESKeyBytes256): |
|
413 { |
|
414 FOREVER |
|
415 { |
|
416 temp = rk[ 7]; |
|
417 rk[ 8] = rk[ 0] ^ |
|
418 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 2)] & 0xff000000) ^ |
|
419 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 1)] & 0x00ff0000) ^ |
|
420 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 0)] & 0x0000ff00) ^ |
|
421 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 3)] & 0x000000ff) ^ |
|
422 RIJNDAEL_TABLE::rcon[i]; |
|
423 rk[ 9] = rk[ 1] ^ rk[ 8]; |
|
424 rk[10] = rk[ 2] ^ rk[ 9]; |
|
425 rk[11] = rk[ 3] ^ rk[10]; |
|
426 if (++i == 7) |
|
427 break; |
|
428 temp = rk[11]; |
|
429 rk[12] = rk[ 4] ^ |
|
430 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 3)] & 0xff000000) ^ |
|
431 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 2)] & 0x00ff0000) ^ |
|
432 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 1)] & 0x0000ff00) ^ |
|
433 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 0)] & 0x000000ff); |
|
434 rk[13] = rk[ 5] ^ rk[12]; |
|
435 rk[14] = rk[ 6] ^ rk[13]; |
|
436 rk[15] = rk[ 7] ^ rk[14]; |
|
437 |
|
438 rk += 8; |
|
439 } |
|
440 } |
|
441 break; |
|
442 |
|
443 default: |
|
444 assert(0); // Shouldn't get here, keeps compiler happy |
|
445 } |
|
446 } |
|
447 |
|
448 void CRijndaelImpl::SetDecryptKeySchedule(const TDesC8& aKey, TUint32* aKeySchedule) |
|
449 { |
|
450 SetEncryptKeySchedule(aKey, aKeySchedule); |
|
451 |
|
452 TUint i, j; |
|
453 TUint32* rk = aKeySchedule; |
|
454 TUint32 temp; |
|
455 |
|
456 // invert the order of the round keys |
|
457 for (i = 0, j = 4*iRounds; i < j; i += 4, j -= 4) |
|
458 { |
|
459 temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; |
|
460 temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; |
|
461 temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; |
|
462 temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; |
|
463 } |
|
464 |
|
465 // apply the inverse MixColumn transform to all round keys but the first and the last |
|
466 for (i = 1; i < iRounds; i++) |
|
467 { |
|
468 rk += 4; |
|
469 rk[0] = |
|
470 RIJNDAEL_TABLE::Td0[RIJNDAEL_TABLE::Te4[GETBYTE(rk[0], 3)] & 0xff] ^ |
|
471 RIJNDAEL_TABLE::Td1[RIJNDAEL_TABLE::Te4[GETBYTE(rk[0], 2)] & 0xff] ^ |
|
472 RIJNDAEL_TABLE::Td2[RIJNDAEL_TABLE::Te4[GETBYTE(rk[0], 1)] & 0xff] ^ |
|
473 RIJNDAEL_TABLE::Td3[RIJNDAEL_TABLE::Te4[GETBYTE(rk[0], 0)] & 0xff]; |
|
474 rk[1] = |
|
475 RIJNDAEL_TABLE::Td0[RIJNDAEL_TABLE::Te4[GETBYTE(rk[1], 3)] & 0xff] ^ |
|
476 RIJNDAEL_TABLE::Td1[RIJNDAEL_TABLE::Te4[GETBYTE(rk[1], 2)] & 0xff] ^ |
|
477 RIJNDAEL_TABLE::Td2[RIJNDAEL_TABLE::Te4[GETBYTE(rk[1], 1)] & 0xff] ^ |
|
478 RIJNDAEL_TABLE::Td3[RIJNDAEL_TABLE::Te4[GETBYTE(rk[1], 0)] & 0xff]; |
|
479 rk[2] = |
|
480 RIJNDAEL_TABLE::Td0[RIJNDAEL_TABLE::Te4[GETBYTE(rk[2], 3)] & 0xff] ^ |
|
481 RIJNDAEL_TABLE::Td1[RIJNDAEL_TABLE::Te4[GETBYTE(rk[2], 2)] & 0xff] ^ |
|
482 RIJNDAEL_TABLE::Td2[RIJNDAEL_TABLE::Te4[GETBYTE(rk[2], 1)] & 0xff] ^ |
|
483 RIJNDAEL_TABLE::Td3[RIJNDAEL_TABLE::Te4[GETBYTE(rk[2], 0)] & 0xff]; |
|
484 rk[3] = |
|
485 RIJNDAEL_TABLE::Td0[RIJNDAEL_TABLE::Te4[GETBYTE(rk[3], 3)] & 0xff] ^ |
|
486 RIJNDAEL_TABLE::Td1[RIJNDAEL_TABLE::Te4[GETBYTE(rk[3], 2)] & 0xff] ^ |
|
487 RIJNDAEL_TABLE::Td2[RIJNDAEL_TABLE::Te4[GETBYTE(rk[3], 1)] & 0xff] ^ |
|
488 RIJNDAEL_TABLE::Td3[RIJNDAEL_TABLE::Te4[GETBYTE(rk[3], 0)] & 0xff]; |
|
489 } |
|
490 } |