AES GCM_AESGCM解密算法_AES-GCM_GCM_

#include "DHCryptlib.h" #include <stdlib.h> #include <stdio.h> #include <string.h> #if defined( __cplusplus ) extern "C" { #endif #define _MaxText_Length_ 1024 //最大加解密数据长度 mh_decl void xor_block_aligned( void *r, const void *p, const void *q ) { rep3_u4( f_xor, UNIT_PTR( r ), UNIT_PTR( p ), UNIT_PTR( q ), UNIT_VAL ); } gf_decl void gf_mulx1_lb( gf_t r, const gf_t x ) { gf_unit_t _tt; _tt = gf_tab[( UNIT_PTR( x )[3] >> 17 ) & MASK( 0x80 )]; rep2_d4( f1_lb, UNIT_PTR( r ), UNIT_PTR( x ) ); UNIT_PTR( r )[0] ^= _tt; } void init_4k_table( const gf_t g, gf_t4k_t t ) { int j, k; memset( t[0], 0, GF_BYTE_LEN ); memcpy( t[128], g, GF_BYTE_LEN ); for( j = 64; j >= 1; j >>= 1 ) gf_mulx1( mode )( t[j], t[j + j] ); for( j = 2; j < 256; j += j ) for( k = 1; k < j; ++k ) xor_block_aligned( t[j + k], t[j], t[k] ); } #define xor_4k( i, ap, t, r ) gf_mulx8( mode )( r ); xor_block_aligned( r, r, t[ap[GF_INDEX( i )]] ) # define ls_box( x, c ) four_tables( x, t_use( f, l ), vf1, rf2, c ) #define ke4( k, i ) \ { k[4*( i )+4] = ss[0] ^= ls_box( ss[3], 3 ) ^ t_use( r, c )[i]; \ k[4*( i )+5] = ss[1] ^= ss[0]; \ k[4*( i )+6] = ss[2] ^= ss[1]; \ k[4*( i )+7] = ss[3] ^= ss[2]; \ } #define v( n, i ) ( ( n ) - ( i ) + 2 * ( ( i ) & 3 ) ) #define k4e( k, i ) \ { k[v( 40, ( 4*( i ) )+4 )] = ss[0] ^= ls_box( ss[3], 3 ) ^ t_use( r, c )[i]; \ k[v( 40, ( 4*( i ) )+5 )] = ss[1] ^= ss[0]; \ k[v( 40, ( 4*( i ) )+6 )] = ss[2] ^= ss[1]; \ k[v( 40, ( 4*( i ) )+7 )] = ss[3] ^= ss[2]; \ } #define kdf4( k, i ) \ { ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; \ ss[1] = ss[1] ^ ss[3]; \ ss[2] = ss[2] ^ ss[3]; \ ss[4] = ls_box( ss[( i+3 ) % 4], 3 ) ^ t_use( r, c )[i]; \ ss[i % 4] ^= ss[4]; \ ss[4] ^= k[v( 40, ( 4*( i ) ) )]; k[v( 40, ( 4*( i ) )+4 )] = ff( ss[4] ); \ ss[4] ^= k[v( 40, ( 4*( i ) )+1 )]; k[v( 40, ( 4*( i ) )+5 )] = ff( ss[4] ); \ ss[4] ^= k[v( 40, ( 4*( i ) )+2 )]; k[v( 40, ( 4*( i ) )+6 )] = ff( ss[4] ); \ ss[4] ^= k[v( 40, ( 4*( i ) )+3 )]; k[v( 40, ( 4*( i ) )+7 )] = ff( ss[4] ); \ } #define kd4( k, i ) \ { ss[4] = ls_box( ss[( i+3 ) % 4], 3 ) ^ t_use( r, c )[i]; \ ss[i % 4] ^= ss[4]; ss[4] = ff( ss[4] ); \ k[v( 40, ( 4*( i ) )+4 )] = ss[4] ^= k[v( 40, ( 4*( i ) ) )]; \ k[v( 40, ( 4*( i ) )+5 )] = ss[4] ^= k[v( 40, ( 4*( i ) )+1 )]; \ k[v( 40, ( 4*( i ) )+6 )] = ss[4] ^= k[v( 40, ( 4*( i ) )+2 )]; \ k[v( 40, ( 4*( i ) )+7 )] = ss[4] ^= k[v( 40, ( 4*( i ) )+3 )]; \ } #define kdl4( k, i ) \ { ss[4] = ls_box( ss[( i+3 ) % 4], 3 ) ^ t_use( r, c )[i]; ss[i % 4] ^= ss[4]; \ k[v( 40, ( 4*( i ) )+4 )] = ( ss[0] ^= ss[1] ) ^ ss[2] ^ ss[3]; \ k[v( 40, ( 4*( i ) )+5 )] = ss[1] ^ ss[3]; \ k[v( 40, ( 4*( i ) )+6 )] = ss[0]; \ k[v( 40, ( 4*( i ) )+7 )] = ss[1]; \ } AES_RETURN aes_encrypt_key128( const unsigned char *key, aes_encrypt_ctx cx[1] ) { uint_32t ss[4]; cx->ks[0] = ss[0] = word_in( key, 0 ); cx->ks[1] = ss[1] = word_in( key, 1 ); cx->ks[2] = ss[2] = word_in( key, 2 ); cx->ks[3] = ss[3] = word_in( key, 3 ); ke4( cx->ks, 0 ); ke4( cx->ks, 1 ); ke4( cx->ks, 2 ); ke4( cx->ks, 3 ); ke4( cx->ks, 4 ); ke4( cx->ks, 5 ); ke4( cx->ks, 6 ); ke4( cx->ks, 7 ); ke4( cx->ks, 8 ); ke4( cx->ks, 9 ); cx->inf.l = 0; cx->inf.b[0] = 10 * 16; cx->inf.b[1] = 0xff; return EXIT_SUCCESS; } //初始化key AES_RETURN aes_encrypt_key( const unsigned char *key, int key_len, aes_encrypt_ctx cx[1] ) { if ( key_len!=16&&key_len!=128 ) return EXIT_FAILURE; return aes_encrypt_key128( key, cx ); } # define s( x, c ) x[c] #define si( y, x, k, c ) ( s( y, c ) = word_in( x, c ) ^ ( k )[c] ) #define so( y, x, c ) word_out( y, c, s( x, c ) ) #define locals( y, x ) x[4], y[4] #define l_copy( y, x ) s( y, 0 ) = s( x, 0 ); s( y, 1 ) = s( x, 1 ); \ s( y, 2 ) = s( x, 2 ); s( y, 3 ) = s( x, 3 ); #define state_in( y, x, k ) si( y, x, k, 0 ); si( y, x, k, 1 ); si( y, x, k, 2 ); si( y, x, k, 3 ) #define state_out( y, x ) so( y, x, 0 ); so( y, x, 1 ); so( y, x, 2 ); so( y, x, 3 ) #define round( rm, y, x, k ) rm( y, x, k, 0 ); rm( y, x, k, 1 ); rm( y, x, k, 2 ); rm( y, x, k, 3 ) #define fwd_var( x, r, c )\ ( r == 0 ? ( c == 0 ? s( x, 0 ) : c == 1 ? s( x, 1 ) : c == 2 ? s( x, 2 ) : s( x, 3 ) )\ : r == 1 ? ( c == 0 ? s( x, 1 ) : c == 1 ? s( x, 2 ) : c == 2 ? s( x, 3 ) : s( x, 0 ) )\ : r == 2 ? ( c == 0 ? s( x, 2 ) : c == 1 ? s( x, 3 ) : c == 2 ? s( x, 0 ) : s( x, 1 ) )\ : ( c == 0 ? s( x, 3 ) : c == 1 ? s( x, 0 ) : c == 2 ? s( x, 1 ) : s( x, 2 ) ) ) #define fwd_rnd( y, x, k, c ) ( s( y, c ) = ( k )[c] ^ four_tables( x, t_use( f, n ), fwd_var, rf1, c ) ) #define fwd_lrnd( y, x, k, c ) ( s( y, c ) = ( k )[c] ^ four_tables( x, t_use( f, l ), fwd_var, rf1, c ) ) AES_RETURN aes_encrypt( const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1] ) { uint_32t locals( b0, b1 ); const uint_32t *kp; if ( cx->inf.b[0] != 10 * 16 && cx->inf.b[0] != 12 * 16 && cx->inf.b[0] != 14 * 16 ) return EXIT_FAILURE; kp = cx->ks; state_in( b0, in, kp ); switch( cx->inf.b[0] ) { case 14 * 16: round( fwd_rnd, b1, b0, kp + 1 * N_COLS ); round( fwd_rnd, b0, b1, kp + 2 * N_COLS ); kp += 2 * N_COLS; case 12 * 16: round( fwd_rnd, b1, b0, kp + 1 * N_COLS ); round( fwd_rnd, b0, b1, kp + 2 * N_COLS ); kp += 2 * N_COLS; case 10 * 16: round( fwd_rnd, b1, b0, kp + 1 * N_COLS ); round( fwd_rnd, b0, b1, kp + 2 * N_COLS ); round( fwd_rnd, b1, b0, kp + 3 * N_COLS ); round( fwd_rnd, b0, b1, kp + 4 * N_COLS ); round( fwd_rnd, b1, b0, kp + 5 * N_COLS ); round( fwd_rnd, b0, b1, kp + 6 * N_COLS ); round( fwd_rnd, b1, b0, kp + 7 * N_COLS ); round( fwd_rnd, b0, b1, kp + 8 * N_COLS ); round( fwd_rnd, b1, b0, kp + 9 * N_COLS ); round( fwd_lrnd, b0, b1, kp +10 * N_COLS ); } state_out( out, b0 ); return EXIT_SUCCESS; } #define inc_ctr( x ) { int i = BLOCK_SIZE; while( i-- > CTR_POS && !++( UI8_PTR( x )[i] ) ); } ret_type gcm_init_and_key( /* initialise mode and set key */ const unsigned char key[], /* the key value */ unsigned long key_len, /* and its length in bytes */ gcm_ctx ctx[1] ) /* the mode context */ { memset( ctx->ghash_h, 0, sizeof( ctx->ghash_h ) ); /* set the AES key */ aes_encrypt_key( key, key_len, ctx->aes ); /* compute E( 0 ) ( for the hash function ) */ aes_encrypt( UI8_PTR( ctx->ghash_h ), UI8_PTR( ctx->ghash_h ), ctx->aes ); #if defined( TABLES_4K ) init_4k_table( ctx->ghash_h, ctx->gf_t4k ); #endif return RETURN_GOOD; } mh_decl void copy_block_aligned( void *p, const void *q ) { rep2_u4( f_copy, UNIT_PTR( p ), UNIT_PTR( q ) ); } gf_decl void gf_mulx8_lb( gf_t x ) { gf_unit_t _tt; _tt = gf_tab[UNIT_PTR( x )[3] >> 24]; rep2_d4( f8_lb, UNIT_PTR( x ), UNIT_PTR( x ) ); UNIT_PTR( x )[0] ^= _tt; } #define xor_4k( i, ap, t, r ) gf_mulx8( mode )( r ); xor_block_aligned( r, r, t[ap[GF_INDEX( i )]] ) void gf_mul_4k( gf_t a, const gf_t4k_t t, gf_t r ) { uint_8t *ap = ( uint_8t* )a; memset( r, 0, GF_BYTE_LEN ); xor_4k( 15, ap, t, r ); xor_4k( 14, ap, t, r ); xor_4k( 13, ap, t, r ); xor_4k( 12, ap, t, r ); xor_4k( 11, ap, t, r ); xor_4k( 10, ap, t, r ); xor_4k( 9, ap, t, r ); xor_4k( 8, ap, t, r ); xor_4k( 7, ap, t, r ); xor_4k( 6, ap, t, r ); xor_4k( 5, ap, t, r ); xor_4k( 4, ap, t, r ); xor_4k( 3, ap, t, r ); xor_4k( 2, ap, t, r ); xor_4k( 1, ap, t, r ); xor_4k( 0, ap, t, r ); copy_block_aligned( a, r ); } void gf_mul_hh( gf_t a, gcm_ctx ctx[1] ) { gf_t scr; gf_mul_4k( a, ctx->gf_t4k, scr ); } ret_type gcm_init_message( /* initia