void HMAC_Base::UncheckedSetKey(const byte *userKey, unsigned int keylength)
{
AssertValidKeyLength(keylength);
Restart();
HashTransformation &hash = AccessHash();
unsigned int blockSize = hash.BlockSize();
if (!blockSize)
throw InvalidArgument("HMAC: can only be used with a block-based hash function");
if (keylength <= blockSize)
memcpy(AccessIpad(), userKey, keylength);
else
{
AccessHash().CalculateDigest(AccessIpad(), userKey, keylength);
keylength = hash.DigestSize();
}
assert(keylength <= blockSize);
memset(AccessIpad()+keylength, 0, blockSize-keylength);
for (unsigned int i=0; i<blockSize; i++)
{
AccessOpad()[i] = AccessIpad()[i] ^ OPAD;
AccessIpad()[i] ^= IPAD;
}
}
void ARC4_Base::UncheckedSetKey(const byte *key, unsigned int keyLen, const NameValuePairs ¶ms)
{
AssertValidKeyLength(keyLen);
m_x = 1;
m_y = 0;
unsigned int i;
for (i=0; i<256; i++)
m_state[i] = i;
unsigned int keyIndex = 0, stateIndex = 0;
for (i=0; i<256; i++)
{
unsigned int a = m_state[i];
stateIndex += key[keyIndex] + a;
stateIndex &= 0xff;
m_state[i] = m_state[stateIndex];
m_state[stateIndex] = a;
if (++keyIndex >= keyLen)
keyIndex = 0;
}
int discardBytes = params.GetIntValueWithDefault("DiscardBytes", GetDefaultDiscardBytes());
DiscardBytes(discardBytes);
}
void RC5::Base::UncheckedSetKey(const byte *k, unsigned int keylen, const NameValuePairs ¶ms)
{
AssertValidKeyLength(keylen);
r = GetRoundsAndThrowIfInvalid(params, this);
sTable.New(2*(r+1));
static const RC5_WORD MAGIC_P = 0xb7e15163L; // magic constant P for wordsize
static const RC5_WORD MAGIC_Q = 0x9e3779b9L; // magic constant Q for wordsize
static const int U=sizeof(RC5_WORD);
const unsigned int c = STDMAX((keylen+U-1)/U, 1U); // RC6 paper says c=1 if keylen==0
SecBlock<RC5_WORD> l(c);
GetUserKey(LITTLE_ENDIAN_ORDER, l.begin(), c, k, keylen);
sTable[0] = MAGIC_P;
for (unsigned j=1; j<sTable.size();j++)
sTable[j] = sTable[j-1] + MAGIC_Q;
RC5_WORD a=0, b=0;
const unsigned n = 3*STDMAX((unsigned int)sTable.size(), c);
for (unsigned h=0; h < n; h++)
{
a = sTable[h % sTable.size()] = rotlConstant<3>((sTable[h % sTable.size()] + a + b));
b = l[h % c] = rotlMod((l[h % c] + a + b), (a+b));
}
}
void Square::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs &)
{
AssertValidKeyLength(length);
static const word32 offset[ROUNDS] = {
0x01000000UL, 0x02000000UL, 0x04000000UL, 0x08000000UL,
0x10000000UL, 0x20000000UL, 0x40000000UL, 0x80000000UL,
};
GetUserKey(BIG_ENDIAN_ORDER, roundkeys[0], KEYLENGTH/4, userKey, KEYLENGTH);
/* apply the key evolution function */
for (int i = 1; i < ROUNDS+1; i++)
{
roundkeys[i][0] = roundkeys[i-1][0] ^ rotlFixed(roundkeys[i-1][3], 8U) ^ offset[i-1];
roundkeys[i][1] = roundkeys[i-1][1] ^ roundkeys[i][0];
roundkeys[i][2] = roundkeys[i-1][2] ^ roundkeys[i][1];
roundkeys[i][3] = roundkeys[i-1][3] ^ roundkeys[i][2];
}
/* produce the round keys */
if (IsForwardTransformation())
{
for (int i = 0; i < ROUNDS; i++)
SquareTransform (roundkeys[i], roundkeys[i]);
}
else
{
for (int i = 0; i < ROUNDS/2; i++)
for (int j = 0; j < 4; j++)
std::swap(roundkeys[i][j], roundkeys[ROUNDS-i][j]);
SquareTransform (roundkeys[ROUNDS], roundkeys[ROUNDS]);
}
}
void Square::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs &)
{
AssertValidKeyLength(length);
static const word32 offset[ROUNDS] = {
0x01000000UL, 0x02000000UL, 0x04000000UL, 0x08000000UL,
0x10000000UL, 0x20000000UL, 0x40000000UL, 0x80000000UL,
};
GetUserKey(BIG_ENDIAN_ORDER, m_roundkeys.data(), KEYLENGTH/4, userKey, KEYLENGTH);
/* apply the key evolution function */
for (int i = 1; i < ROUNDS+1; i++)
{
roundkeys(i, 0) = roundkeys(i-1, 0) ^ rotlFixed(roundkeys(i-1, 3), 8U) ^ offset[i-1];
roundkeys(i, 1) = roundkeys(i-1, 1) ^ roundkeys(i, 0);
roundkeys(i, 2) = roundkeys(i-1, 2) ^ roundkeys(i, 1);
roundkeys(i, 3) = roundkeys(i-1, 3) ^ roundkeys(i, 2);
}
/* produce the round keys */
if (IsForwardTransformation())
{
for (int i = 0; i < ROUNDS; i++)
SquareTransform (roundkeys4(i), roundkeys4(i));
}
else
{
for (int i = 0; i < ROUNDS/2; i++)
for (int j = 0; j < 4; j++)
std::swap(roundkeys(i, j), roundkeys(ROUNDS-i, j));
SquareTransform (roundkeys4(ROUNDS), roundkeys4(ROUNDS));
}
}
void RC6::Base::UncheckedSetKey(CipherDir direction, const byte *k, unsigned int keylen, unsigned int rounds)
{
AssertValidKeyLength(keylen);
AssertValidRounds(rounds);
r = rounds;
sTable.New(2*(r+2));
static const RC6_WORD MAGIC_P = 0xb7e15163L; // magic constant P for wordsize
static const RC6_WORD MAGIC_Q = 0x9e3779b9L; // magic constant Q for wordsize
static const int U=sizeof(RC6_WORD);
const unsigned int c = STDMAX((keylen+U-1)/U, 1U); // RC6 paper says c=1 if keylen==0
SecBlock<RC6_WORD> l(c);
GetUserKey(LITTLE_ENDIAN_ORDER, l.begin(), c, k, keylen);
sTable[0] = MAGIC_P;
for (unsigned j=1; j<sTable.size();j++)
sTable[j] = sTable[j-1] + MAGIC_Q;
RC6_WORD a=0, b=0;
const unsigned n = 3*STDMAX((unsigned int)sTable.size(), c);
for (unsigned h=0; h < n; h++)
{
a = sTable[h % sTable.size()] = rotlFixed((sTable[h % sTable.size()] + a + b), 3);
b = l[h % c] = rotlMod((l[h % c] + a + b), (a+b));
}
}
void HMAC_Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs &)
{
AssertValidKeyLength(keylength);
Restart();
HashTransformation &hash = AccessHash();
unsigned int blockSize = hash.BlockSize();
if (!blockSize)
throw InvalidArgument("HMAC: can only be used with a block-based hash function");
m_buf.resize(2*AccessHash().BlockSize() + AccessHash().DigestSize());
if (keylength <= blockSize)
memcpy(AccessIpad(), userKey, keylength);
else
{
AccessHash().CalculateDigest(AccessIpad(), userKey, keylength);
keylength = hash.DigestSize();
}
CRYPTOPP_ASSERT(keylength <= blockSize);
memset(AccessIpad()+keylength, 0, blockSize-keylength);
for (unsigned int i=0; i<blockSize; i++)
{
AccessOpad()[i] = AccessIpad()[i] ^ 0x5c;
AccessIpad()[i] ^= 0x36;
}
}
void GOST::Base::UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs &)
{
AssertValidKeyLength(length);
PrecalculateSTable();
GetUserKey(LITTLE_ENDIAN_ORDER, m_key.begin(), 8, userKey, KEYLENGTH);
}
void TTMAC_Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs &)
{
AssertValidKeyLength(keylength);
memcpy(m_key, userKey, KEYLENGTH);
CorrectEndianess(m_key, m_key, KEYLENGTH);
Init();
}
void CAST128::Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs &)
{
AssertValidKeyLength(keylength);
reduced = (keylength <= 10);
word32 X[4], Z[4];
GetUserKey(BIG_ENDIAN_ORDER, X, 4, userKey, keylength);
#define x(i) GETBYTE(X[i/4], 3-i%4)
#define z(i) GETBYTE(Z[i/4], 3-i%4)
unsigned int i;
for (i=0; i<=16; i+=16)
{
// this part is copied directly from RFC 2144 (with some search and replace) by Wei Dai
Z[0] = X[0] ^ S[4][x(0xD)] ^ S[5][x(0xF)] ^ S[6][x(0xC)] ^ S[7][x(0xE)] ^ S[6][x(0x8)];
Z[1] = X[2] ^ S[4][z(0x0)] ^ S[5][z(0x2)] ^ S[6][z(0x1)] ^ S[7][z(0x3)] ^ S[7][x(0xA)];
Z[2] = X[3] ^ S[4][z(0x7)] ^ S[5][z(0x6)] ^ S[6][z(0x5)] ^ S[7][z(0x4)] ^ S[4][x(0x9)];
Z[3] = X[1] ^ S[4][z(0xA)] ^ S[5][z(0x9)] ^ S[6][z(0xB)] ^ S[7][z(0x8)] ^ S[5][x(0xB)];
K[i+0] = S[4][z(0x8)] ^ S[5][z(0x9)] ^ S[6][z(0x7)] ^ S[7][z(0x6)] ^ S[4][z(0x2)];
K[i+1] = S[4][z(0xA)] ^ S[5][z(0xB)] ^ S[6][z(0x5)] ^ S[7][z(0x4)] ^ S[5][z(0x6)];
K[i+2] = S[4][z(0xC)] ^ S[5][z(0xD)] ^ S[6][z(0x3)] ^ S[7][z(0x2)] ^ S[6][z(0x9)];
K[i+3] = S[4][z(0xE)] ^ S[5][z(0xF)] ^ S[6][z(0x1)] ^ S[7][z(0x0)] ^ S[7][z(0xC)];
X[0] = Z[2] ^ S[4][z(0x5)] ^ S[5][z(0x7)] ^ S[6][z(0x4)] ^ S[7][z(0x6)] ^ S[6][z(0x0)];
X[1] = Z[0] ^ S[4][x(0x0)] ^ S[5][x(0x2)] ^ S[6][x(0x1)] ^ S[7][x(0x3)] ^ S[7][z(0x2)];
X[2] = Z[1] ^ S[4][x(0x7)] ^ S[5][x(0x6)] ^ S[6][x(0x5)] ^ S[7][x(0x4)] ^ S[4][z(0x1)];
X[3] = Z[3] ^ S[4][x(0xA)] ^ S[5][x(0x9)] ^ S[6][x(0xB)] ^ S[7][x(0x8)] ^ S[5][z(0x3)];
K[i+4] = S[4][x(0x3)] ^ S[5][x(0x2)] ^ S[6][x(0xC)] ^ S[7][x(0xD)] ^ S[4][x(0x8)];
K[i+5] = S[4][x(0x1)] ^ S[5][x(0x0)] ^ S[6][x(0xE)] ^ S[7][x(0xF)] ^ S[5][x(0xD)];
K[i+6] = S[4][x(0x7)] ^ S[5][x(0x6)] ^ S[6][x(0x8)] ^ S[7][x(0x9)] ^ S[6][x(0x3)];
K[i+7] = S[4][x(0x5)] ^ S[5][x(0x4)] ^ S[6][x(0xA)] ^ S[7][x(0xB)] ^ S[7][x(0x7)];
Z[0] = X[0] ^ S[4][x(0xD)] ^ S[5][x(0xF)] ^ S[6][x(0xC)] ^ S[7][x(0xE)] ^ S[6][x(0x8)];
Z[1] = X[2] ^ S[4][z(0x0)] ^ S[5][z(0x2)] ^ S[6][z(0x1)] ^ S[7][z(0x3)] ^ S[7][x(0xA)];
Z[2] = X[3] ^ S[4][z(0x7)] ^ S[5][z(0x6)] ^ S[6][z(0x5)] ^ S[7][z(0x4)] ^ S[4][x(0x9)];
Z[3] = X[1] ^ S[4][z(0xA)] ^ S[5][z(0x9)] ^ S[6][z(0xB)] ^ S[7][z(0x8)] ^ S[5][x(0xB)];
K[i+8] = S[4][z(0x3)] ^ S[5][z(0x2)] ^ S[6][z(0xC)] ^ S[7][z(0xD)] ^ S[4][z(0x9)];
K[i+9] = S[4][z(0x1)] ^ S[5][z(0x0)] ^ S[6][z(0xE)] ^ S[7][z(0xF)] ^ S[5][z(0xC)];
K[i+10] = S[4][z(0x7)] ^ S[5][z(0x6)] ^ S[6][z(0x8)] ^ S[7][z(0x9)] ^ S[6][z(0x2)];
K[i+11] = S[4][z(0x5)] ^ S[5][z(0x4)] ^ S[6][z(0xA)] ^ S[7][z(0xB)] ^ S[7][z(0x6)];
X[0] = Z[2] ^ S[4][z(0x5)] ^ S[5][z(0x7)] ^ S[6][z(0x4)] ^ S[7][z(0x6)] ^ S[6][z(0x0)];
X[1] = Z[0] ^ S[4][x(0x0)] ^ S[5][x(0x2)] ^ S[6][x(0x1)] ^ S[7][x(0x3)] ^ S[7][z(0x2)];
X[2] = Z[1] ^ S[4][x(0x7)] ^ S[5][x(0x6)] ^ S[6][x(0x5)] ^ S[7][x(0x4)] ^ S[4][z(0x1)];
X[3] = Z[3] ^ S[4][x(0xA)] ^ S[5][x(0x9)] ^ S[6][x(0xB)] ^ S[7][x(0x8)] ^ S[5][z(0x3)];
K[i+12] = S[4][x(0x8)] ^ S[5][x(0x9)] ^ S[6][x(0x7)] ^ S[7][x(0x6)] ^ S[4][x(0x3)];
K[i+13] = S[4][x(0xA)] ^ S[5][x(0xB)] ^ S[6][x(0x5)] ^ S[7][x(0x4)] ^ S[5][x(0x7)];
K[i+14] = S[4][x(0xC)] ^ S[5][x(0xD)] ^ S[6][x(0x3)] ^ S[7][x(0x2)] ^ S[6][x(0x8)];
K[i+15] = S[4][x(0xE)] ^ S[5][x(0xF)] ^ S[6][x(0x1)] ^ S[7][x(0x0)] ^ S[7][x(0xD)];
}
for (i=16; i<32; i++)
K[i] &= 0x1f;
}
/**
* Preprocess a user key into a table to save an XOR at each F-table access.
*/
void SKIPJACK::Base::UncheckedSetKey(CipherDir dir, const byte *key, unsigned int length)
{
AssertValidKeyLength(length);
/* tab[i][c] = fTable[c ^ key[i]] */
int i;
for (i = 0; i < 10; i++) {
byte *t = tab[i], k = key[9-i];
int c;
for (c = 0; c < 256; c++) {
t[c] = fTable[c ^ k];
}
}
}
/**
* Preprocess a user key into a table to save an XOR at each F-table access.
*/
void SKIPJACK::Base::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &)
{
AssertValidKeyLength(length);
/* tab[i][c] = fTable[c ^ key[i]] */
int i;
for (i = 0; i < 10; i++) {
byte *t = tab+i*256, k = key[9-i];
int c;
for (c = 0; c < 256; c++) {
t[c] = fTable[c ^ k];
}
}
}
void SHACAL2::Base::UncheckedSetKey(const byte *userKey, unsigned int keylen, const NameValuePairs &)
{
AssertValidKeyLength(keylen);
word32 *rk = m_key;
unsigned int i;
GetUserKey(BIG_ENDIAN_ORDER, rk, m_key.size(), userKey, keylen);
for (i = 0; i < 48; i++, rk++)
{
rk[16] = rk[0] + s0(rk[1]) + rk[9] + s1(rk[14]);
rk[0] += K[i];
}
for (i = 48; i < 64; i++, rk++)
{
rk[0] += K[i];
}
}
void Serpent::Base::UncheckedSetKey(const byte *userKey, unsigned int keylen, const NameValuePairs &)
{
AssertValidKeyLength(keylen);
word32 *k = m_key;
GetUserKey(LITTLE_ENDIAN_ORDER, k, 8, userKey, keylen);
if (keylen < 32)
k[keylen/4] |= word32(1) << ((keylen%4)*8);
k += 8;
word32 t = k[-1];
signed int i;
for (i = 0; i < 132; ++i)
k[i] = t = rotlFixed(k[i-8] ^ k[i-5] ^ k[i-3] ^ t ^ 0x9e3779b9 ^ i, 11);
k -= 20;
#define LK(r, a, b, c, d, e) {\
a = k[(8-r)*4 + 0]; \
b = k[(8-r)*4 + 1]; \
c = k[(8-r)*4 + 2]; \
d = k[(8-r)*4 + 3];}
#define SK(r, a, b, c, d, e) {\
k[(8-r)*4 + 4] = a; \
k[(8-r)*4 + 5] = b; \
k[(8-r)*4 + 6] = c; \
k[(8-r)*4 + 7] = d;} \
word32 a,b,c,d,e;
for (i=0; i<4; i++)
{
afterS2(LK); afterS2(S3); afterS3(SK);
afterS1(LK); afterS1(S2); afterS2(SK);
afterS0(LK); afterS0(S1); afterS1(SK);
beforeS0(LK); beforeS0(S0); afterS0(SK);
k += 8*4;
afterS6(LK); afterS6(S7); afterS7(SK);
afterS5(LK); afterS5(S6); afterS6(SK);
afterS4(LK); afterS4(S5); afterS5(SK);
afterS3(LK); afterS3(S4); afterS4(SK);
}
afterS2(LK); afterS2(S3); afterS3(SK);
}
void RC2::Base::UncheckedSetKey(const byte *key, unsigned int keyLen, const NameValuePairs ¶ms)
{
AssertValidKeyLength(keyLen);
int effectiveLen = params.GetIntValueWithDefault(Name::EffectiveKeyLength(), DEFAULT_EFFECTIVE_KEYLENGTH);
if (effectiveLen > MAX_EFFECTIVE_KEYLENGTH)
throw InvalidArgument("RC2: effective key length parameter exceeds maximum");
static const unsigned char PITABLE[256] = {
217,120,249,196, 25,221,181,237, 40,233,253,121, 74,160,216,157,
198,126, 55,131, 43,118, 83,142, 98, 76,100,136, 68,139,251,162,
23,154, 89,245,135,179, 79, 19, 97, 69,109,141, 9,129,125, 50,
189,143, 64,235,134,183,123, 11,240,149, 33, 34, 92,107, 78,130,
84,214,101,147,206, 96,178, 28,115, 86,192, 20,167,140,241,220,
18,117,202, 31, 59,190,228,209, 66, 61,212, 48,163, 60,182, 38,
111,191, 14,218, 70,105, 7, 87, 39,242, 29,155,188,148, 67, 3,
248, 17,199,246,144,239, 62,231, 6,195,213, 47,200,102, 30,215,
8,232,234,222,128, 82,238,247,132,170,114,172, 53, 77,106, 42,
150, 26,210,113, 90, 21, 73,116, 75,159,208, 94, 4, 24,164,236,
194,224, 65,110, 15, 81,203,204, 36,145,175, 80,161,244,112, 57,
153,124, 58,133, 35,184,180,122,252, 2, 54, 91, 37, 85,151, 49,
45, 93,250,152,227,138,146,174, 5,223, 41, 16,103,108,186,201,
211, 0,230,207,225,158,168, 44, 99, 22, 1, 63, 88,226,137,169,
13, 56, 52, 27,171, 51,255,176,187, 72, 12, 95,185,177,205, 46,
197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173};
SecByteBlock L(128);
memcpy(L, key, keyLen);
int i;
for (i=keyLen; i<128; i++)
L[i] = PITABLE[(L[i-1] + L[i-keyLen]) & 255];
unsigned int T8 = (effectiveLen+7) / 8;
byte TM = byte((int)255 >> ((8-(effectiveLen%8))%8));
L[128-T8] = PITABLE[L[128-T8] & TM];
for (i=127-T8; i>=0; i--)
L[i] = PITABLE[L[i+1] ^ L[i+T8]];
for (i=0; i<64; i++)
K[i] = L[2*i] + (L[2*i+1] << 8);
}
void CAST256::Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs &)
{
AssertValidKeyLength(keylength);
word32 kappa[8];
GetUserKey(BIG_ENDIAN_ORDER, kappa, 8, userKey, keylength);
for(int i=0; i<12; ++i)
{
Omega(2*i,kappa);
Omega(2*i+1,kappa);
K[8*i]=kappa[0] & 31;
K[8*i+1]=kappa[2] & 31;
K[8*i+2]=kappa[4] & 31;
K[8*i+3]=kappa[6] & 31;
K[8*i+4]=kappa[7];
K[8*i+5]=kappa[5];
K[8*i+6]=kappa[3];
K[8*i+7]=kappa[1];
}
if (!IsForwardTransformation())
{
for(int j=0; j<6; ++j)
{
for(int i=0; i<4; ++i)
{
int i1=8*j+i;
int i2=8*(11-j)+i;
assert(i1<i2);
std::swap(K[i1],K[i2]);
std::swap(K[i1+4],K[i2+4]);
}
}
}
memset(kappa, 0, sizeof(kappa));
}
void SHARK::Base::UncheckedSetKey(CipherDir dir, const byte *key, unsigned int keyLen, unsigned int rounds)
{
AssertValidKeyLength(keyLen);
AssertValidRounds(rounds);
m_rounds = rounds;
m_roundKeys.New(m_rounds+1);
// concatenate key enought times to fill a
for (unsigned int i=0; i<(m_rounds+1)*8; i++)
((byte *)m_roundKeys.begin())[i] = key[i%keyLen];
SHARK::Encryption e;
e.InitForKeySetup();
byte IV[8] = {0,0,0,0,0,0,0,0};
CFB_Mode_ExternalCipher::Encryption cfb(e, IV);
cfb.ProcessString((byte *)m_roundKeys.begin(), (m_rounds+1)*8);
ConditionalByteReverse(BIG_ENDIAN_ORDER, m_roundKeys.begin(), m_roundKeys.begin(), (m_rounds+1)*8);
m_roundKeys[m_rounds] = SHARKTransform(m_roundKeys[m_rounds]);
if (dir == DECRYPTION)
{
unsigned int i;
// transform encryption round keys into decryption round keys
for (i=0; i<m_rounds/2; i++)
std::swap(m_roundKeys[i], m_roundKeys[m_rounds-i]);
for (i=1; i<m_rounds; i++)
m_roundKeys[i] = SHARKTransform(m_roundKeys[i]);
}
#ifdef IS_LITTLE_ENDIAN
m_roundKeys[0] = ByteReverse(m_roundKeys[0]);
m_roundKeys[m_rounds] = ByteReverse(m_roundKeys[m_rounds]);
#endif
}
void Serpent::Base::UncheckedSetKey(const byte *userKey, unsigned int keylen, const NameValuePairs &)
{
AssertValidKeyLength(keylen);
Serpent_KeySchedule(m_key, 32, userKey, keylen);
}
void Rijndael::Base::UncheckedSetKey(CipherDir dir, const byte *userKey, unsigned int keylen)
{
AssertValidKeyLength(keylen);
m_rounds = keylen/4 + 6;
m_key.New(4*(m_rounds+1));
word32 temp, *rk = m_key;
const word32 *rc = rcon;
unsigned int i=0;
GetUserKey(BIG_ENDIAN_ORDER, rk, keylen/4, userKey, keylen);
while (true)
{
temp = rk[keylen/4-1];
rk[keylen/4] = rk[0] ^
(word32(Se[GETBYTE(temp, 2)]) << 24) ^
(word32(Se[GETBYTE(temp, 1)]) << 16) ^
(word32(Se[GETBYTE(temp, 0)]) << 8) ^
Se[GETBYTE(temp, 3)] ^
*(rc++);
rk[keylen/4+1] = rk[1] ^ rk[keylen/4];
rk[keylen/4+2] = rk[2] ^ rk[keylen/4+1];
rk[keylen/4+3] = rk[3] ^ rk[keylen/4+2];
if (rk + keylen/4 + 4 == m_key.end())
break;
if (keylen == 24)
{
rk[10] = rk[ 4] ^ rk[ 9];
rk[11] = rk[ 5] ^ rk[10];
}
else if (keylen == 32)
{
temp = rk[11];
rk[12] = rk[ 4] ^
(word32(Se[GETBYTE(temp, 3)]) << 24) ^
(word32(Se[GETBYTE(temp, 2)]) << 16) ^
(word32(Se[GETBYTE(temp, 1)]) << 8) ^
Se[GETBYTE(temp, 0)];
rk[13] = rk[ 5] ^ rk[12];
rk[14] = rk[ 6] ^ rk[13];
rk[15] = rk[ 7] ^ rk[14];
}
rk += keylen/4;
}
if (dir == DECRYPTION)
{
unsigned int i, j;
rk = m_key;
/* invert the order of the round keys: */
for (i = 0, j = 4*m_rounds; i < j; i += 4, j -= 4) {
temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;
temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
}
/* apply the inverse MixColumn transform to all round keys but the first and the last: */
for (i = 1; i < m_rounds; i++) {
rk += 4;
rk[0] =
Td0[Se[GETBYTE(rk[0], 3)]] ^
Td1[Se[GETBYTE(rk[0], 2)]] ^
Td2[Se[GETBYTE(rk[0], 1)]] ^
Td3[Se[GETBYTE(rk[0], 0)]];
rk[1] =
Td0[Se[GETBYTE(rk[1], 3)]] ^
Td1[Se[GETBYTE(rk[1], 2)]] ^
Td2[Se[GETBYTE(rk[1], 1)]] ^
Td3[Se[GETBYTE(rk[1], 0)]];
rk[2] =
Td0[Se[GETBYTE(rk[2], 3)]] ^
Td1[Se[GETBYTE(rk[2], 2)]] ^
Td2[Se[GETBYTE(rk[2], 1)]] ^
Td3[Se[GETBYTE(rk[2], 0)]];
rk[3] =
Td0[Se[GETBYTE(rk[3], 3)]] ^
Td1[Se[GETBYTE(rk[3], 2)]] ^
Td2[Se[GETBYTE(rk[3], 1)]] ^
Td3[Se[GETBYTE(rk[3], 0)]];
}
}
ConditionalByteReverse(BIG_ENDIAN_ORDER, m_key.begin(), m_key.begin(), 16);
ConditionalByteReverse(BIG_ENDIAN_ORDER, m_key + m_rounds*4, m_key + m_rounds*4, 16);
}
