void eks_blowfish_setup(blowfish_context_t* ctx, int rounds, unsigned char* salt, unsigned char* key) { int i; int saltbytes = strlen((char*)salt); int keybytes = strlen((char*)key) + 1; for(i = 0; i < 4; i++) memcpy(ctx->sbox[i], ORIG_S[i], 256 * sizeof(int)); memcpy(ctx->pbox, ORIG_P, 18 * sizeof(int)); expand_key(ctx, salt, key, saltbytes, keybytes); for (i = 0; i < (1<<rounds); i++) { expand_key(ctx, (unsigned char*)"", key, 0, keybytes); expand_key(ctx, (unsigned char*)"", salt, 0, saltbytes); } }
void lnc_cast6_update(void *context, uint8_t *msg, uint8_t *key, int *status) { lnc_cast6_ctx_t *ctx = context; uint32_t int_key[8]; if(key) { free(ctx->Km); free(ctx->Kr); int_key[0] = key[ 0] << 24 | key[ 1] << 16 | key[ 2] << 8 | key[ 3]; int_key[1] = key[ 4] << 24 | key[ 5] << 16 | key[ 6] << 8 | key[ 7]; int_key[2] = key[ 8] << 24 | key[ 9] << 16 | key[10] << 8 | key[11]; int_key[3] = key[12] << 24 | key[13] << 16 | key[14] << 8 | key[15]; int_key[4] = key[16] << 24 | key[17] << 16 | key[18] << 8 | key[19]; int_key[5] = key[20] << 24 | key[21] << 16 | key[22] << 8 | key[23]; int_key[6] = key[24] << 24 | key[25] << 16 | key[26] << 8 | key[27]; int_key[7] = key[28] << 24 | key[29] << 16 | key[30] << 8 | key[31]; expand_key(ctx, int_key, status); } if(msg) { ctx->state[0] = msg[ 0] << 24 | msg[ 1] << 16 | msg[ 2] << 8 | msg[ 3]; ctx->state[1] = msg[ 4] << 24 | msg[ 5] << 16 | msg[ 6] << 8 | msg[ 7]; ctx->state[2] = msg[ 8] << 24 | msg[ 9] << 16 | msg[10] << 8 | msg[11]; ctx->state[3] = msg[12] << 24 | msg[13] << 16 | msg[14] << 8 | msg[15]; } }
void cryptonite_aes_generic_init(aes_key *key, uint8_t *origkey, uint8_t size) { int esz; switch (size) { case 16: key->nbr = 10; esz = 176; break; case 24: key->nbr = 12; esz = 208; break; case 32: key->nbr = 14; esz = 240; break; default: return; } expand_key(key->data, origkey, size, esz); return; }
static void key_states_scan_key(const char *key, KEY_REC *rec) { GSList *tmp, *out; if (strcmp(rec->info->id, "key") == 0) return; out = g_slist_append(NULL, g_string_new(NULL)); if (expand_key(key, &out)) { for (tmp = out; tmp != NULL; tmp = tmp->next) { GString *str = tmp->data; if (str->str[1] == '-' || str->str[1] == '\0') used_keys[(int)(unsigned char)str->str[0]] = 1; g_tree_insert(key_states, g_strdup(str->str), rec); } } expand_out_free(out); }
void AES::srtp_decode(BYTE* src, BYTE* dst, BYTE* key, BYTE* iv, int length){ LOG_MSG("AES::srtp_decode(%s, %s, %s, %s, %d)",src,dst,key,iv,length); BYTE counter[BLOCK_SIZE] = {0}; memcpy(counter, iv, BLOCK_SIZE); unsigned char round_key[ROUND_KEY_SIZE][BLOCK_SIZE]; expand_key(key,round_key); int i = 0, j = 0; for( ; i < length; i+=BLOCK_SIZE){ decode_block(counter, dst+i, round_key); xor_key(dst+i,dst+i,src+i); update_counter(counter); } BYTE last_block[BLOCK_SIZE]; decode_block(counter, last_block, round_key); for(i=i-BLOCK_SIZE; i < length; i++, j++){ dst[i] = last_block[j] ^ src[i]; } }
// Encrypt a single 128 bit block by a 128 bit key using AES // http://en.wikipedia.org/wiki/Advanced_Encryption_Standard void AES_Encrypt(unsigned char *data, unsigned char *key) { int i; // To count the rounds // Key expansion unsigned char keys[176]; expand_key(key,keys); // First Round xor_round_key(data,keys,0); // Middle rounds for(i=0; i<9; i++) { sub_bytes(data,16); shift_rows(data); mix_cols(data); xor_round_key(data, keys, i+1); } // Final Round sub_bytes(data,16); shift_rows(data); xor_round_key(data, keys, 10); }
// Decrypt a single 128 bit block by a 128 bit key using AES // http://en.wikipedia.org/wiki/Advanced_Encryption_Standard void AES_Decrypt(unsigned char *data, unsigned char *key) { int i; // To count the rounds // Key expansion unsigned char keys[176]; expand_key(key,keys); // Reverse the final Round xor_round_key(data,keys,10); shift_rows_inv(data); sub_bytes_inv(data, 16); // Reverse the middle rounds for (i=0; i<9; i++) { xor_round_key(data,keys,9-i); mix_cols_inv(data); shift_rows_inv(data); sub_bytes_inv(data, 16); } // Reverse the first Round xor_round_key(data, keys, 0); }
void *lnc_cast6_init(uint8_t *msg, uint8_t *key, int *status) { lnc_cast6_ctx_t *ctx = malloc(sizeof(lnc_cast6_ctx_t)); uint32_t int_key[8]; if(!ctx) { *status = LNC_ERR_MALLOC; return NULL; } int_key[0] = key[ 0] << 24 | key[ 1] << 16 | key[ 2] << 8 | key[ 3]; int_key[1] = key[ 4] << 24 | key[ 5] << 16 | key[ 6] << 8 | key[ 7]; int_key[2] = key[ 8] << 24 | key[ 9] << 16 | key[10] << 8 | key[11]; int_key[3] = key[12] << 24 | key[13] << 16 | key[14] << 8 | key[15]; int_key[4] = key[16] << 24 | key[17] << 16 | key[18] << 8 | key[19]; int_key[5] = key[20] << 24 | key[21] << 16 | key[22] << 8 | key[23]; int_key[6] = key[24] << 24 | key[25] << 16 | key[26] << 8 | key[27]; int_key[7] = key[28] << 24 | key[29] << 16 | key[30] << 8 | key[31]; expand_key(ctx, int_key, status); if(*status != LNC_OK) return NULL; if((ctx->state = malloc(4 * sizeof(uint32_t))) == NULL) { free(ctx->Km); free(ctx->Kr); *status = LNC_ERR_MALLOC; return NULL; } ctx->state[0] = msg[ 0] << 24 | msg[ 1] << 16 | msg[ 2] << 8 | msg[ 3]; ctx->state[1] = msg[ 4] << 24 | msg[ 5] << 16 | msg[ 6] << 8 | msg[ 7]; ctx->state[2] = msg[ 8] << 24 | msg[ 9] << 16 | msg[10] << 8 | msg[11]; ctx->state[3] = msg[12] << 24 | msg[13] << 16 | msg[14] << 8 | msg[15]; return ctx; }
int main(int argc, char **argv) { int i; int fd; char *map; struct stat sb; expand_key(); for(i = 1; i < argc ;i++) { // printf("File '%s'\n", argv[i]); fd = open(argv[i], O_RDONLY|O_NOFOLLOW|O_LARGEFILE); if(fd == -1) { perror("Cannot open file."); continue; } if(fstat(fd, &sb) == -1) { perror("Cannot get file size."); close(fd); continue; } printf("%s: (%lu MB) ", argv[i], sb.st_size / 1024 / 1024); fflush(stdout); map = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if(map == MAP_FAILED) { perror("Cannot map file."); close(fd); continue; } search(map, sb.st_size); munmap(map, sb.st_size); close(fd); } return 0; }
// Decrypt a single 128 bit block by a 128 bit key using AES // http://en.wikipedia.org/wiki/Advanced_Encryption_Standard void DecryptAES(byte *c, byte *key, byte *m) { int i; // To count the rounds // Key expansion byte keys[176]; expand_key(key,keys); // Reverse the final Round memcpy(m,c,16); xor_round_key(m,keys,10); shift_rows_inv(m); sub_bytes_inv(m, 16); // Reverse the middle rounds for (i=0; i<9; i++) { xor_round_key(m,keys,9-i); mix_cols_inv(m); shift_rows_inv(m); sub_bytes_inv(m, 16); } // Reverse the first Round xor_round_key(m, keys, 0); }
void *lnc_aes_init(uint8_t *msg, uint8_t *key, int *status) { lnc_aes_ctx_t *ctx = malloc(sizeof(lnc_aes_ctx_t)); uint32_t int_key[Nk]; int i; if(ctx == NULL) { *status = LNC_ERR_MALLOC; return NULL; } for(i = 0; i < Nk; i++) int_key[i] = key[i * 4] << 24 | key[i * 4 + 1] << 16 | key[i * 4 + 2] << 8 | key[i * 4 + 3]; ctx->expkey = expand_key(int_key, status); if(*status != LNC_OK) return NULL; ctx->state = mkstate(msg, status); return ctx; }
// Encrypt a single 128 bit block by a 128 bit key using AES // http://en.wikipedia.org/wiki/Advanced_Encryption_Standard void EncryptAES(byte *msg, byte *key, byte *c) { int i; // To count the rounds // Key expansion byte keys[176]; expand_key(key,keys); // First Round memcpy(c, msg, 16); xor_round_key(c,keys,0); // Middle rounds for(i=0; i<9; i++) { sub_bytes(c,16); shift_rows(c); mix_cols(c); xor_round_key(c, keys, i+1); } // Final Round sub_bytes(c,16); shift_rows(c); xor_round_key(c, keys, 10); }
void lnc_aes_update(void *context, uint8_t *msg, uint8_t *key, int *status) { lnc_aes_ctx_t *ctx = context; uint32_t int_key[Nk]; int i; *status = LNC_OK; if(key) { free(ctx->expkey); for(i = 0; i < Nk; i++) int_key[i] = key[i * 4] << 24 | key[i * 4 + 1] << 16 | key[i * 4 + 2] << 8 | key[i * 4 + 3]; ctx->expkey = expand_key(int_key, status); if(status != LNC_OK) return; } if(msg) { free(ctx->state); ctx->state = mkstate(msg, status); } }
int main() { SHA256_CTX md_ctx; AES_KEY key; _AES_CTX ctx; uint8_t buf[64], nb[32], enb[32]; int i, len; int nk = BITS >> 5, nr = 6 + nk, key_nb = (nr + 1) * AES_NB * 4; FILE *fp, *ofp; struct timeval tv_start, tv_end; for (len = 0; len < 64; len += 32) { SHA256_Init(&md_ctx); if (len == 0) { SHA256_Update(&md_ctx, KEY, strlen(KEY)); SHA256_Final(buf, &md_ctx); } else { SHA256_Update(&md_ctx, buf + len - 32, 32); SHA256_Update(&md_ctx, KEY, strlen(KEY)); SHA256_Final(buf + len, &md_ctx); } } AES_set_encrypt_key(buf, BITS, &key); hex_dump((uint8_t *)key.rd_key, key_nb); expand_key(&(ctx.key), buf, BITS); ctx.encrypt = _AES_ecb_encrypt; ctx.decrypt = _AES_ecb_decrypt; hex_dump(ctx.key.rd_key, key_nb); for (i = 0; i < 32; i++) nb[i] = '\0'; gettimeofday(&tv_start, NULL); for (i = 0; i < 1024; i++) AES_encrypt(nb, enb, &key); gettimeofday(&tv_end, NULL); print_elapsed_time(&tv_start, &tv_end); hex_dump(enb, 16); gettimeofday(&tv_start, NULL); for (i = 0; i < 1024; i++) ctx.encrypt(nb, enb, &ctx); gettimeofday(&tv_end, NULL); print_elapsed_time(&tv_start, &tv_end); hex_dump(enb, 16); for (i = 0; i < 32; i++) nb[i] = enb[i]; ctx.decrypt(nb, enb, &ctx); hex_dump(enb, 16); if ((fp = fopen("test.bin", "r")) == NULL) { fprintf(stderr, "File open failed\n"); exit(-1); } while (!feof(fp)) { if (fread(nb, 1, _AES_BLOCK_SIZE, fp) == 0) { fprintf(stderr, "Failed in call to fread()\n"); exit(-1); } } fseek(fp, 0, SEEK_SET); i = 0; gettimeofday(&tv_start, NULL); while (!feof(fp)) { ++i; if (fread(nb, 1, _AES_BLOCK_SIZE, fp) == 0) { fprintf(stderr, "Failed in call to fread()\n"); exit(-1); } AES_encrypt(nb, enb, &key); } gettimeofday(&tv_end, NULL); print_elapsed_time(&tv_start, &tv_end); printf("blocks = %d\n", i); fseek(fp, 0, SEEK_SET); i = 0; gettimeofday(&tv_start, NULL); while (!feof(fp)) { ++i; if (fread(nb, 1, _AES_BLOCK_SIZE, fp) == 0) { fprintf(stderr, "Failed in call to fread()\n"); exit(-1); } ctx.encrypt(nb, enb, &ctx); } gettimeofday(&tv_end, NULL); print_elapsed_time(&tv_start, &tv_end); printf("blocks = %d\n", i); fclose(fp); fp = fopen("test.enc", "r"); ofp = fopen("tmp.bin", "w"); ctx.encrypt = _AES_cbc_encrypt; ctx.decrypt = _AES_cbc_decrypt; memcpy(ctx.ivec, buf + 32, _AES_BLOCK_SIZE); while (!feof(fp)) { if (fread(nb, 1, _AES_BLOCK_SIZE, fp) == 0) { fprintf(stderr, "Failed in call to fread()\n"); exit(-1); } ctx.decrypt(nb, enb, &ctx); fwrite(enb, 1, _AES_BLOCK_SIZE, ofp); } fclose(fp); fclose(ofp); return 0; }
void test_decryption() { gf2matrix *mix_columns_mixing_bijection, *inv_mix_columns_mixing_bijection; tbox_mixing_bijections_t tbox_mixing_bijections, inv_tbox_mixing_bijections; gf2matrix *initial_encoding, *initial_decoding; gf2matrix *final_encoding, *final_decoding; tbox_t tbox; typeIA_t typeIAs; typeII_t typeIIs; typeIII_t typeIIIs; typeIB_t typeIBs; typeIV_IA_t typeIV_IAs; typeIV_IB_t typeIV_IBs; typeIV_II_round_t typeIV_IIs[NR - 1]; typeIV_III_round_t typeIV_IIIs[NR - 1]; uint32_t mixed_key_schedule[4 * (NR + 1)]; uint8_t key[KEY_SIZE] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c}; sboxes_8bit_t typeIA_input_sbox, typeIA_input_sbox_inv; sboxes_128bit_t typeIA_interim_sbox, typeIA_interim_sbox_inv; sboxes_8bit_t typeII_input_sbox[NR], typeII_input_sbox_inv[NR]; sboxes_32bit_t typeII_interim_sbox[NR - 1], typeII_interim_sbox_inv[NR - 1]; sboxes_8bit_t typeII_output_sbox[NR - 1], typeII_output_sbox_inv[NR - 1]; sboxes_32bit_t typeIII_interim_sbox[NR - 1], typeIII_interim_sbox_inv[NR - 1]; sboxes_128bit_t typeIB_interim_sbox, typeIB_interim_sbox_inv; sboxes_8bit_t typeIB_output_sbox, typeIB_output_sbox_inv; uint8_t state[4][4]; uint8_t in[16]; uint8_t out[16], out2[16]; _4bit_strip32_t strips32; _4bit_strip128_t strips128; int round, row, col, i; int tries = 3; for (; tries != 0; --tries) { randomize_key(key); make_block_invertible_matrix_pair(&mix_columns_mixing_bijection, &inv_mix_columns_mixing_bijection, 32); /* mix_columns_mixing_bijection = make_identity_matrix(32); */ /* inv_mix_columns_mixing_bijection = make_identity_matrix(32); */ make_tbox_mixing_bijections(tbox_mixing_bijections, inv_tbox_mixing_bijections); /* make_identity_tbox_mixing_bijections(tbox_mixing_bijections); */ /* make_identity_tbox_mixing_bijections(inv_tbox_mixing_bijections); */ make_block_invertible_matrix_pair(&initial_encoding, &initial_decoding, 128); /* initial_encoding = make_identity_matrix(128); */ /* initial_decoding = make_identity_matrix(128); */ make_block_invertible_matrix_pair(&final_encoding, &final_decoding, 128); /* final_encoding = make_identity_matrix(128); */ /* final_decoding = make_identity_matrix(128); */ expand_key(key, SBox, mixed_key_schedule, 4); mix_expanded_key(mixed_key_schedule); make_inv_tbox(tbox, ISBox, mixed_key_schedule, tbox_mixing_bijections); make_sbox_pair_8(typeIA_input_sbox, typeIA_input_sbox_inv); /* make_identity_sboxes8(typeIA_input_sbox); */ /* make_identity_sboxes8(typeIA_input_sbox_inv); */ make_sbox_pair_128(typeIA_interim_sbox, typeIA_interim_sbox_inv); /* make_identity_sboxes128(typeIA_interim_sbox); */ /* make_identity_sboxes128(typeIA_interim_sbox_inv); */ make_rounds_sbox_pair_8(typeII_input_sbox, typeII_input_sbox_inv, NR); /* for(i =0; i < NR; ++i) { */ /* make_identity_sboxes8(typeII_input_sbox[i]); */ /* make_identity_sboxes8(typeII_input_sbox_inv[i]); */ /* } */ make_rounds_sbox_pair_32(typeII_interim_sbox, typeII_interim_sbox_inv, NR - 1); /* for(i =0; i < NR-1; ++i) { */ /* make_identity_sboxes32(typeII_interim_sbox[i]); */ /* make_identity_sboxes32(typeII_interim_sbox_inv[i]); */ /* } */ make_rounds_sbox_pair_8(typeII_output_sbox, typeII_output_sbox_inv, NR - 1); /* for(i =0; i < NR-1; ++i) { */ /* make_identity_sboxes8(typeII_output_sbox[i]); */ /* make_identity_sboxes8(typeII_output_sbox_inv[i]); */ /* } */ make_rounds_sbox_pair_32(typeIII_interim_sbox, typeIII_interim_sbox_inv, NR - 1); /* for(i =0; i < NR-1; ++i) { */ /* make_identity_sboxes32(typeIII_interim_sbox[i]); */ /* make_identity_sboxes32(typeIII_interim_sbox_inv[i]); */ /* } */ make_sbox_pair_128(typeIB_interim_sbox, typeIB_interim_sbox_inv); /* make_identity_sboxes128(typeIB_interim_sbox); */ /* make_identity_sboxes128(typeIB_interim_sbox_inv); */ make_sbox_pair_8(typeIB_output_sbox, typeIB_output_sbox_inv); /* make_identity_sboxes8(typeIB_output_sbox); */ /* make_identity_sboxes8(typeIB_output_sbox_inv); */ make_typeIA(typeIAs, inv_tbox_mixing_bijections[NR - 1], initial_decoding, typeIA_input_sbox_inv, typeIA_interim_sbox); make_typeIV_IA(typeIV_IAs, typeIA_interim_sbox_inv, typeII_input_sbox[NR - 1], typeII_input_sbox_inv[NR-1]); make_inv_typeII(typeIIs, tbox, mix_columns_mixing_bijection, &typeII_input_sbox_inv[1], typeII_interim_sbox); make_typeIV_II(typeIV_IIs, typeII_interim_sbox_inv, typeII_output_sbox, typeII_output_sbox_inv); make_typeIII(typeIIIs, inv_mix_columns_mixing_bijection, inv_tbox_mixing_bijections, typeII_output_sbox_inv, typeIII_interim_sbox); make_typeIV_III(typeIV_IIIs, typeIII_interim_sbox_inv, typeII_input_sbox, typeII_input_sbox_inv); make_inv_typeIB(typeIBs, tbox[0], final_encoding, typeII_input_sbox_inv[0], typeIB_interim_sbox); make_typeIV_IB(typeIV_IBs, typeIB_interim_sbox_inv, typeIB_output_sbox, typeIB_output_sbox_inv); for (i = 0; i < 16; ++i) { in[i] = rand(); } dump_hex("input: ", in, 16); printf("White-box inverse cipher:\n"); do_input(state, in, initial_encoding, typeIA_input_sbox); dump_state("State before ", state); do_typeIA(strips128, state, typeIAs); do_typeIV_IA(state, strips128, typeIV_IAs); for (round = NR - 2; round != -1; --round) { printf("round %d: ", round + 2); dump_state("", state); inv_shift_rows(state); do_typeII(strips32, state, typeIIs[round]); do_typeIV_II(state, strips32, typeIV_IIs[round]); do_typeIII(strips32, state, typeIIIs[round]); do_typeIV_III(state, strips32, typeIV_IIIs[round]); } inv_shift_rows(state); dump_state("rounds 1 and 0: ", state); do_typeIB(strips128, state, typeIBs); do_typeIV_IB(state, strips128, typeIV_IBs); do_output(out, state, final_decoding, typeIB_output_sbox_inv); printf("Original AES Equivalent Inverse Cipher on same input using same key:\n"); eqv_decipher(in, out2, ISBox, mixed_key_schedule); dump_hex("WB Output ", out, 16); dump_hex("AES Output ", out2, 16); ASSERT(memcmp(out, out2, 16) == 0); free_matrix(mix_columns_mixing_bijection); free_matrix(inv_mix_columns_mixing_bijection); free_tbox_mixing_bijections(tbox_mixing_bijections); free_tbox_mixing_bijections(inv_tbox_mixing_bijections); free_matrix(final_decoding); free_matrix(final_encoding); free_matrix(initial_decoding); free_matrix(initial_encoding); } }
static int expand_combo(const char *start, const char *end, GSList **out, int *limit) { KEY_REC *rec; KEYINFO_REC *info; GSList *tmp, *tmp2, *list, *copy, *newout; char *str, *p; if ((*limit)-- < 0) { return FALSE; } if (start == end) { /* single key */ expand_out_char(*out, *start); return TRUE; } info = key_info_find("key"); if (info == NULL) return FALSE; /* get list of all key combos that generate the named combo.. */ list = NULL; str = g_strndup(start, (int) (end-start)+1); for (tmp = info->keys; tmp != NULL; tmp = tmp->next) { KEY_REC *rec = tmp->data; if (g_strcmp0(rec->data, str) == 0) list = g_slist_append(list, rec); } if (list == NULL) { /* unknown keycombo - add it as-is, maybe the GUI will feed it to us as such */ for (p = str; *p != '\0'; p++) expand_out_char(*out, *p); g_free(str); return TRUE; } g_free(str); if (list->next == NULL) { /* only one way to generate the combo, good */ rec = list->data; g_slist_free(list); return expand_key(rec->key, out, limit); } /* multiple ways to generate the combo - we'll need to include all of them in output */ newout = NULL; for (tmp = list->next; tmp != NULL; tmp = tmp->next) { KEY_REC *rec = tmp->data; copy = NULL; for (tmp2 = *out; tmp2 != NULL; tmp2 = tmp2->next) { GString *str = tmp2->data; copy = g_slist_append(copy, g_string_new(str->str)); } if (!expand_key(rec->key, ©, limit)) { if (*limit < 0) { return FALSE; } /* illegal key combo, remove from list */ expand_out_free(copy); } else { newout = g_slist_concat(newout, copy); } } rec = list->data; g_slist_free(list); if (!expand_key(rec->key, out, limit)) { if (*limit < 0) { return FALSE; } /* illegal key combo, remove from list */ expand_out_free(*out); } *out = g_slist_concat(*out, newout); return *out != NULL; }
std::string master_conn::combineKeys(int keyServer){ return expand_key(std::to_string(keyServer ^ my_rand)); }
void AES_encrypt_block(const uint8_t* key, const uint8_t* in, uint8_t* out) { int j, nrounds; union { uint8_t b[16]; uint32_t w[4]; } rd_state; uint32_t expanded_key[11 * 4]; uint32_t* expkey = &expanded_key[0]; expand_key( key, expanded_key ); memcpy( &rd_state, in, 16 ); // xor with initial key rd_state.w[0] ^= *expkey++; rd_state.w[1] ^= *expkey++; rd_state.w[2] ^= *expkey++; rd_state.w[3] ^= *expkey++; nrounds = 10; do { uint8_t tmp; // bytesub && shiftrow // 1st rd_state.b[0] = sbox_e[rd_state.b[0]]; rd_state.b[4] = sbox_e[rd_state.b[4]]; rd_state.b[8] = sbox_e[rd_state.b[8]]; rd_state.b[12] = sbox_e[rd_state.b[12]]; // 2nd tmp = rd_state.b[1]; rd_state.b[1] = sbox_e[rd_state.b[5]]; rd_state.b[5] = sbox_e[rd_state.b[9]]; rd_state.b[9] = sbox_e[rd_state.b[13]]; rd_state.b[13] = sbox_e[tmp]; // 3th tmp = rd_state.b[2]; rd_state.b[2] = sbox_e[rd_state.b[10]]; rd_state.b[10] = sbox_e[tmp]; tmp = rd_state.b[6]; rd_state.b[6] = sbox_e[rd_state.b[14]]; rd_state.b[14] = sbox_e[tmp]; // 4th tmp = rd_state.b[3]; rd_state.b[3] = sbox_e[rd_state.b[15]]; rd_state.b[15] = sbox_e[rd_state.b[11]]; rd_state.b[11] = sbox_e[rd_state.b[7]]; rd_state.b[7] = sbox_e[tmp]; // mixcolumn except for last round if( --nrounds ) { for( j = 0; j < 16; j += 4 ) { uint8_t tmp = rd_state.b[j+0] ^ rd_state.b[j+1] ^ rd_state.b[j+2] ^ rd_state.b[j+3]; rd_state.b[j+0] ^= xtime( rd_state.b[j+0] ^ rd_state.b[j+1] ) ^ tmp; rd_state.b[j+1] ^= xtime( rd_state.b[j+1] ^ rd_state.b[j+2] ) ^ tmp; rd_state.b[j+2] ^= xtime( rd_state.b[j+2] ^ rd_state.b[j+3] ) ^ tmp; rd_state.b[j+3] = rd_state.b[j+0] ^ rd_state.b[j+1] ^ rd_state.b[j+2] ^ tmp; } } rd_state.w[0] ^= *expkey++; rd_state.w[1] ^= *expkey++; rd_state.w[2] ^= *expkey++; rd_state.w[3] ^= *expkey++; } while( nrounds ); memcpy( out, &rd_state, 16 ); }