Lines Matching +full:- +full:e
2 * FIPS-197 compliant AES implementation
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
10 …src.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/…
11 * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
59 * This is a convenience shorthand macro to check if we need reverse S-box and
71 static int aes_padlock_ace = -1;
76 * Forward S-box
124 V(15, FA, FA, EF), V(EB, 59, 59, B2), V(C9, 47, 47, 8E), V(0B, F0, F0, FB), \
128 V(5A, 36, 36, 6C), V(41, 3F, 3F, 7E), V(02, F7, F7, F5), V(4F, CC, CC, 83), \
131 V(0C, 04, 04, 08), V(52, C7, C7, 95), V(65, 23, 23, 46), V(5E, C3, C3, 9D), \
133 V(09, 07, 07, 0E), V(36, 12, 12, 24), V(9B, 80, 80, 1B), V(3D, E2, E2, DF), \
134 V(26, EB, EB, CD), V(69, 27, 27, 4E), V(CD, B2, B2, 7F), V(9F, 75, 75, EA), \
135 V(1B, 09, 09, 12), V(9E, 83, 83, 1D), V(74, 2C, 2C, 58), V(2E, 1A, 1A, 34), \
136 V(2D, 1B, 1B, 36), V(B2, 6E, 6E, DC), V(EE, 5A, 5A, B4), V(FB, A0, A0, 5B), \
138 V(7B, 29, 29, 52), V(3E, E3, E3, DD), V(71, 2F, 2F, 5E), V(97, 84, 84, 13), \
150 V(30, 10, 10, 20), V(1A, FF, FF, E5), V(0E, F3, F3, FD), V(6D, D2, D2, BF), \
152 V(E1, 5F, 5F, BE), V(A2, 97, 97, 35), V(CC, 44, 44, 88), V(39, 17, 17, 2E), \
153 V(57, C4, C4, 93), V(F2, A7, A7, 55), V(82, 7E, 7E, FC), V(47, 3D, 3D, 7A), \
155 V(A0, 60, 60, C0), V(98, 81, 81, 19), V(D1, 4F, 4F, 9E), V(7F, DC, DC, A3), \
156 V(66, 22, 22, 44), V(7E, 2A, 2A, 54), V(AB, 90, 90, 3B), V(83, 88, 88, 0B), \
158 V(79, DE, DE, A7), V(E2, 5E, 5E, BC), V(1D, 0B, 0B, 16), V(76, DB, DB, AD), \
159 V(3B, E0, E0, DB), V(56, 32, 32, 64), V(4E, 3A, 3A, 74), V(1E, 0A, 0A, 14), \
161 V(5D, C2, C2, 9F), V(6E, D3, D3, BD), V(EF, AC, AC, 43), V(A6, 62, 62, C4), \
163 V(32, E7, E7, D5), V(43, C8, C8, 8B), V(59, 37, 37, 6E), V(B7, 6D, 6D, DA), \
164 V(8C, 8D, 8D, 01), V(64, D5, D5, B1), V(D2, 4E, 4E, 9C), V(E0, A9, A9, 49), \
166 V(AF, 65, 65, CA), V(8E, 7A, 7A, F4), V(E9, AE, AE, 47), V(18, 08, 08, 10), \
167 V(D5, BA, BA, 6F), V(88, 78, 78, F0), V(6F, 25, 25, 4A), V(72, 2E, 2E, 5C), \
169 V(23, E8, E8, CB), V(7C, DD, DD, A1), V(9C, 74, 74, E8), V(21, 1F, 1F, 3E), \
171 V(90, 70, 70, E0), V(42, 3E, 3E, 7C), V(C4, B5, B5, 71), V(AA, 66, 66, CC), \
172 V(D8, 48, 48, 90), V(05, 03, 03, 06), V(01, F6, F6, F7), V(12, 0E, 0E, 1C), \
174 V(91, 86, 86, 17), V(58, C1, C1, 99), V(27, 1D, 1D, 3A), V(B9, 9E, 9E, 27), \
176 V(BB, 69, 69, D2), V(70, D9, D9, A9), V(89, 8E, 8E, 07), V(A7, 94, 94, 33), \
177 V(B6, 9B, 9B, 2D), V(22, 1E, 1E, 3C), V(92, 87, 87, 15), V(20, E9, E9, C9), \
181 V(C3, 41, 41, 82), V(B0, 99, 99, 29), V(77, 2D, 2D, 5A), V(11, 0F, 0F, 1E), \
203 * Reverse S-box
246 V(50, A7, F4, 51), V(53, 65, 41, 7E), V(C3, A4, 17, 1A), V(96, 5E, 27, 3A), \
250 V(49, 5A, B1, DE), V(67, 1B, BA, 25), V(98, 0E, EA, 45), V(E1, C0, FE, 5D), \
253 V(2D, 83, BE, D4), V(D3, 21, 74, 58), V(29, 69, E0, 49), V(44, C8, C9, 8E), \
254 V(6A, 89, C2, 75), V(78, 79, 8E, F4), V(6B, 3E, 58, 99), V(DD, 71, B9, 27), \
262 V(2B, 1C, CF, 8A), V(92, B4, 79, A7), V(F0, F2, 07, F3), V(A1, E2, 69, 4E), \
264 V(9D, 53, 2E, 34), V(A0, 55, F3, A2), V(32, E1, 8A, 05), V(75, EB, F6, A4), \
265 V(39, EC, 83, 0B), V(AA, EF, 60, 40), V(06, 9F, 71, 5E), V(51, 10, 6E, BD), \
266 V(F9, 8A, 21, 3E), V(3D, 06, DD, 96), V(AE, 05, 3E, DD), V(46, BD, E6, 4D), \
268 V(24, FB, 98, 19), V(97, E9, BD, D6), V(CC, 43, 40, 89), V(77, 9E, D9, 67), \
270 V(47, 0A, 7C, A1), V(E9, 0F, 42, 7C), V(C9, 1E, 84, F8), V(00, 00, 00, 00), \
271 V(83, 86, 80, 09), V(48, ED, 2B, 32), V(AC, 70, 11, 1E), V(4E, 72, 5A, 6C), \
272 V(FB, FF, 0E, FD), V(56, 38, 85, 0F), V(1E, D5, AE, 3D), V(27, 39, 2D, 36), \
273 V(64, D9, 0F, 0A), V(21, A6, 5C, 68), V(D1, 54, 5B, 9B), V(3A, 2E, 36, 24), \
274 V(B1, 67, 0A, 0C), V(0F, E7, 57, 93), V(D2, 96, EE, B4), V(9E, 91, 9B, 1B), \
277 V(0B, 0D, 09, 0E), V(AD, C7, 8B, F2), V(B9, A8, B6, 2D), V(C8, A9, 1E, 14), \
279 V(9F, 26, 01, F7), V(BC, F5, 72, 5C), V(C5, 3B, 66, 44), V(34, 7E, FB, 5B), \
283 V(4B, 2F, 9E, 1D), V(F3, 30, B2, DC), V(EC, 52, 86, 0D), V(D0, E3, C1, 77), \
286 V(C7, 4E, 49, 87), V(C1, D1, 38, D9), V(FE, A2, CA, 8C), V(36, 0B, D4, 98), \
287 V(CF, 81, F5, A6), V(28, DE, 7A, A5), V(26, 8E, B7, DA), V(A4, BF, AD, 3F), \
288 V(E4, 9D, 3A, 2C), V(0D, 92, 78, 50), V(9B, CC, 5F, 6A), V(62, 46, 7E, 54), \
289 V(C2, 13, 8D, F6), V(E8, B8, D8, 90), V(5E, F7, 39, 2E), V(F5, AF, C3, 82), \
291 V(3B, 99, AC, C8), V(A7, 7D, 18, 10), V(6E, 63, 9C, E8), V(7B, BB, 3B, DB), \
292 V(09, 78, 26, CD), V(F4, 18, 59, 6E), V(01, B7, 9A, EC), V(A8, 9A, 4F, 83), \
293 V(65, 6E, 95, E6), V(7E, E6, FF, AA), V(08, CF, BC, 21), V(E6, E8, 15, EF), \
296 V(37, BC, 4E, 74), V(A6, CA, 82, FC), V(B0, D0, 90, E0), V(15, D8, A7, 33), \
297 V(4A, 98, 04, F1), V(F7, DA, EC, 41), V(0E, 50, CD, 7F), V(2F, F6, 91, 17), \
299 V(E3, B5, D1, 9E), V(1B, 88, 6A, 4C), V(B8, 1F, 2C, C1), V(7F, 51, 65, 46), \
300 V(04, EA, 5E, 9D), V(5D, 35, 8C, 01), V(73, 74, 87, FA), V(2E, 41, 0B, FB), \
302 V(8C, 61, D7, 9A), V(7A, 0C, A1, 37), V(8E, 14, F8, 59), V(89, 3C, 13, EB), \
306 V(81, F3, AF, CA), V(3E, C4, 68, B9), V(2C, 34, 24, 38), V(5F, 40, A3, C2), \
343 * Forward S-box & tables
352 * Reverse S-box & tables
400 * generate the forward and reverse S-boxes in aes_gen_tables()
408 x = pow[255 - log[i]]; in aes_gen_tables()
509 mbedtls_aes_init(&ctx->crypt); in mbedtls_aes_xts_init()
510 mbedtls_aes_init(&ctx->tweak); in mbedtls_aes_xts_init()
519 mbedtls_aes_free(&ctx->crypt); in mbedtls_aes_xts_free()
520 mbedtls_aes_free(&ctx->tweak); in mbedtls_aes_xts_free()
527 * Note that the offset is in units of elements of buf, i.e. 32-bit words,
528 * i.e. an offset of 1 means 4 bytes and so on.
541 if (aes_padlock_ace == -1) { in mbedtls_aes_rk_offset()
556 /* These implementations needs 16-byte alignment in mbedtls_aes_rk_offset()
562 return 4 - delta; // 16 bytes = 4 uint32_t in mbedtls_aes_rk_offset()
582 case 128: ctx->nr = 10; break; in mbedtls_aes_setkey_enc()
584 case 192: ctx->nr = 12; break; in mbedtls_aes_setkey_enc()
585 case 256: ctx->nr = 14; break; in mbedtls_aes_setkey_enc()
597 ctx->rk_offset = mbedtls_aes_rk_offset(ctx->buf); in mbedtls_aes_setkey_enc()
598 RK = ctx->buf + ctx->rk_offset; in mbedtls_aes_setkey_enc()
617 switch (ctx->nr) { in mbedtls_aes_setkey_enc()
700 ctx->rk_offset = mbedtls_aes_rk_offset(ctx->buf); in mbedtls_aes_setkey_dec()
701 RK = ctx->buf + ctx->rk_offset; in mbedtls_aes_setkey_dec()
708 ctx->nr = cty.nr; in mbedtls_aes_setkey_dec()
713 (const unsigned char *) (cty.buf + cty.rk_offset), ctx->nr); in mbedtls_aes_setkey_dec()
723 ctx->nr); in mbedtls_aes_setkey_dec()
735 SK -= 8; in mbedtls_aes_setkey_dec()
736 for (int i = ctx->nr - 1; i > 0; i--, SK -= 8) { in mbedtls_aes_setkey_dec()
797 ret = mbedtls_aes_setkey_enc(&ctx->tweak, key2, key2bits); in mbedtls_aes_xts_setkey_enc()
803 return mbedtls_aes_setkey_enc(&ctx->crypt, key1, key1bits); in mbedtls_aes_xts_setkey_enc()
821 ret = mbedtls_aes_setkey_enc(&ctx->tweak, key2, key2bits); in mbedtls_aes_xts_setkey_dec()
827 return mbedtls_aes_setkey_dec(&ctx->crypt, key1, key1bits); in mbedtls_aes_xts_setkey_dec()
880 * AES-ECB block encryption
888 uint32_t *RK = ctx->buf + ctx->rk_offset; in mbedtls_internal_aes_encrypt()
899 for (i = (ctx->nr >> 1) - 1; i > 0; i--) { in mbedtls_internal_aes_encrypt()
942 * AES-ECB block decryption
950 uint32_t *RK = ctx->buf + ctx->rk_offset; in mbedtls_internal_aes_decrypt()
961 for (i = (ctx->nr >> 1) - 1; i > 0; i--) { in mbedtls_internal_aes_decrypt()
1003 /* VIA Padlock and our intrinsics-based implementation of AESNI require
1004 * the round keys to be aligned on a 16-byte boundary. We take care of this
1007 * calls it might have a different alignment with respect to 16-byte memory.
1012 unsigned new_offset = mbedtls_aes_rk_offset(ctx->buf); in aes_maybe_realign()
1013 if (new_offset != ctx->rk_offset) { in aes_maybe_realign()
1014 memmove(ctx->buf + new_offset, // new address in aes_maybe_realign()
1015 ctx->buf + ctx->rk_offset, // current address in aes_maybe_realign()
1016 (ctx->nr + 1) * 16); // number of round keys * bytes per rk in aes_maybe_realign()
1017 ctx->rk_offset = new_offset; in aes_maybe_realign()
1022 * AES-ECB block encryption/decryption
1070 * AES-CBC buffer encryption/decryption
1125 length -= 16; in mbedtls_aes_crypt_cbc()
1139 length -= 16; in mbedtls_aes_crypt_cbc()
1158 * representation. It uses 64-bit word operations to gain speed but compensates
1173 ra = (a << 1) ^ 0x0087 >> (8 - ((b >> 63) << 3)); in mbedtls_gf128mul_x_ble()
1181 * AES-XTS buffer encryption/decryption
1184 * is a 3x performance improvement for gcc -Os, if we have hardware AES support.
1212 /* NIST SP 800-38E disallows data units larger than 2**20 blocks. */ in mbedtls_aes_crypt_xts()
1218 ret = mbedtls_aes_crypt_ecb(&ctx->tweak, MBEDTLS_AES_ENCRYPT, in mbedtls_aes_crypt_xts()
1224 while (blocks--) { in mbedtls_aes_crypt_xts()
1237 ret = mbedtls_aes_crypt_ecb(&ctx->crypt, mode, tmp, tmp); in mbedtls_aes_crypt_xts()
1259 unsigned char *prev_output = output - 16; in mbedtls_aes_crypt_xts()
1272 mbedtls_xor(tmp + i, prev_output + i, t + i, 16 - i); in mbedtls_aes_crypt_xts()
1274 ret = mbedtls_aes_crypt_ecb(&ctx->crypt, mode, tmp, tmp); in mbedtls_aes_crypt_xts()
1290 * AES-CFB128 buffer encryption/decryption
1315 while (length--) { in mbedtls_aes_crypt_cfb128()
1330 while (length--) { in mbedtls_aes_crypt_cfb128()
1352 * AES-CFB8 buffer encryption/decryption
1368 while (length--) { in mbedtls_aes_crypt_cfb8()
1396 * AES-OFB (Output Feedback Mode) buffer encryption/decryption
1414 while (length--) { in mbedtls_aes_crypt_ofb()
1435 * AES-CTR buffer encryption/decryption
1462 n -= offset; in mbedtls_aes_crypt_ctr()
1465 if (n > (length - i)) { in mbedtls_aes_crypt_ctr()
1466 n = (length - i); in mbedtls_aes_crypt_ctr()
1469 // offset might be non-zero for the last block, but in that case, we don't use it again in mbedtls_aes_crypt_ctr()
1490 * http://csrc.nist.gov/archive/aes/rijndael/rijndael-vals.zip
1546 * AES-CFB128 test vectors from:
1548 * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
1616 * AES-OFB test vectors from:
1618 * https://csrc.nist.gov/publications/detail/sp/800-38a/final
1686 * AES-CTR test vectors from:
1748 * AES-XTS test vectors from:
1875 mbedtls_printf(" AES note: built-in implementation.\n"); in mbedtls_aes_self_test()
1894 mbedtls_printf(" AES-ECB-%3u (%s): ", keybits, in mbedtls_aes_self_test()
1920 * AES-192 is an optional feature that may be unavailable when in mbedtls_aes_self_test()
1921 * there is an alternative underlying implementation i.e. when in mbedtls_aes_self_test()
1967 mbedtls_printf(" AES-CBC-%3u (%s): ", keybits, in mbedtls_aes_self_test()
1984 * AES-192 is an optional feature that may be unavailable when in mbedtls_aes_self_test()
1985 * there is an alternative underlying implementation i.e. when in mbedtls_aes_self_test()
2041 mbedtls_printf(" AES-CFB128-%3u (%s): ", keybits, in mbedtls_aes_self_test()
2051 * AES-192 is an optional feature that may be unavailable when in mbedtls_aes_self_test()
2052 * there is an alternative underlying implementation i.e. when in mbedtls_aes_self_test()
2105 mbedtls_printf(" AES-OFB-%3u (%s): ", keybits, in mbedtls_aes_self_test()
2115 * AES-192 is an optional feature that may be unavailable when in mbedtls_aes_self_test()
2116 * there is an alternative underlying implementation i.e. when in mbedtls_aes_self_test()
2168 mbedtls_printf(" AES-CTR-128 (%s): ", in mbedtls_aes_self_test()
2229 mbedtls_printf(" AES-XTS-128 (%s): ", in mbedtls_aes_self_test()