Lines Matching +full:- +full:w
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
10 * [1] http://210.104.33.10/ARIA/doc/ARIA-specification-e.pdf
29 * modify byte order: ( A B C D ) -> ( B A D C ), i.e. swap pairs of bytes
38 /* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
71 * modify byte order: ( A B C D ) -> ( C D A B ), i.e. rotate by 16 bits
80 * modify byte order: ( A B C D ) -> ( D C B A ), i.e. change endianness
106 * half of App. B.1 in [1] in terms of 4-byte operators P1, P2, P3 and P4.
136 * (sa, sb, sc, sd) = 256 8-bit S-Boxes (see below)
138 * By passing sb1, sb2, is1, is2 as S-Boxes you get SL1
139 * By passing is1, is2, sb1, sb2 as S-Boxes you get SL2
165 * S-Boxes
316 * Big endian 128-bit rotation: r = a ^ (b <<< n), used only in key setup.
318 * We chose to store bytes into 32-bit words in little-endian format (see
329 const uint8_t n2 = n1 ? 32 - n1 : 0; // reverse bit offset in aria_rot128()
359 uint32_t w[4][4], *w2; in mbedtls_aria_setkey_enc() local
366 w[0][0] = MBEDTLS_GET_UINT32_LE(key, 0); in mbedtls_aria_setkey_enc()
367 w[0][1] = MBEDTLS_GET_UINT32_LE(key, 4); in mbedtls_aria_setkey_enc()
368 w[0][2] = MBEDTLS_GET_UINT32_LE(key, 8); in mbedtls_aria_setkey_enc()
369 w[0][3] = MBEDTLS_GET_UINT32_LE(key, 12); in mbedtls_aria_setkey_enc()
371 memset(w[1], 0, 16); in mbedtls_aria_setkey_enc()
373 w[1][0] = MBEDTLS_GET_UINT32_LE(key, 16); // 192 bit key in mbedtls_aria_setkey_enc()
374 w[1][1] = MBEDTLS_GET_UINT32_LE(key, 20); in mbedtls_aria_setkey_enc()
377 w[1][2] = MBEDTLS_GET_UINT32_LE(key, 24); // 256 bit key in mbedtls_aria_setkey_enc()
378 w[1][3] = MBEDTLS_GET_UINT32_LE(key, 28); in mbedtls_aria_setkey_enc()
381 i = (keybits - 128) >> 6; // index: 0, 1, 2 in mbedtls_aria_setkey_enc()
382 ctx->nr = 12 + 2 * i; // no. rounds: 12, 14, 16 in mbedtls_aria_setkey_enc()
384 aria_fo_xor(w[1], w[0], rc[i], w[1]); // W1 = FO(W0, CK1) ^ KR in mbedtls_aria_setkey_enc()
386 aria_fe_xor(w[2], w[1], rc[i], w[0]); // W2 = FE(W1, CK2) ^ W0 in mbedtls_aria_setkey_enc()
388 aria_fo_xor(w[3], w[2], rc[i], w[1]); // W3 = FO(W2, CK3) ^ W1 in mbedtls_aria_setkey_enc()
391 w2 = w[(i + 1) & 3]; in mbedtls_aria_setkey_enc()
392 aria_rot128(ctx->rk[i], w[i], w2, 128 - 19); in mbedtls_aria_setkey_enc()
393 aria_rot128(ctx->rk[i + 4], w[i], w2, 128 - 31); in mbedtls_aria_setkey_enc()
394 aria_rot128(ctx->rk[i + 8], w[i], w2, 61); in mbedtls_aria_setkey_enc()
395 aria_rot128(ctx->rk[i + 12], w[i], w2, 31); in mbedtls_aria_setkey_enc()
397 aria_rot128(ctx->rk[16], w[0], w[1], 19); in mbedtls_aria_setkey_enc()
399 /* w holds enough info to reconstruct the round keys */ in mbedtls_aria_setkey_enc()
400 mbedtls_platform_zeroize(w, sizeof(w)); in mbedtls_aria_setkey_enc()
420 for (i = 0, j = ctx->nr; i < j; i++, j--) { in mbedtls_aria_setkey_dec()
422 uint32_t t = ctx->rk[i][k]; in mbedtls_aria_setkey_dec()
423 ctx->rk[i][k] = ctx->rk[j][k]; in mbedtls_aria_setkey_dec()
424 ctx->rk[j][k] = t; in mbedtls_aria_setkey_dec()
429 for (i = 1; i < ctx->nr; i++) { in mbedtls_aria_setkey_dec()
430 aria_a(&ctx->rk[i][0], &ctx->rk[i][1], in mbedtls_aria_setkey_dec()
431 &ctx->rk[i][2], &ctx->rk[i][3]); in mbedtls_aria_setkey_dec()
456 a ^= ctx->rk[i][0]; in mbedtls_aria_crypt_ecb()
457 b ^= ctx->rk[i][1]; in mbedtls_aria_crypt_ecb()
458 c ^= ctx->rk[i][2]; in mbedtls_aria_crypt_ecb()
459 d ^= ctx->rk[i][3]; in mbedtls_aria_crypt_ecb()
465 a ^= ctx->rk[i][0]; in mbedtls_aria_crypt_ecb()
466 b ^= ctx->rk[i][1]; in mbedtls_aria_crypt_ecb()
467 c ^= ctx->rk[i][2]; in mbedtls_aria_crypt_ecb()
468 d ^= ctx->rk[i][3]; in mbedtls_aria_crypt_ecb()
472 if (i >= ctx->nr) { in mbedtls_aria_crypt_ecb()
479 a ^= ctx->rk[i][0]; in mbedtls_aria_crypt_ecb()
480 b ^= ctx->rk[i][1]; in mbedtls_aria_crypt_ecb()
481 c ^= ctx->rk[i][2]; in mbedtls_aria_crypt_ecb()
482 d ^= ctx->rk[i][3]; in mbedtls_aria_crypt_ecb()
510 * ARIA-CBC buffer encryption/decryption
540 length -= MBEDTLS_ARIA_BLOCKSIZE; in mbedtls_aria_crypt_cbc()
551 length -= MBEDTLS_ARIA_BLOCKSIZE; in mbedtls_aria_crypt_cbc()
561 * ARIA-CFB128 buffer encryption/decryption
587 while (length--) { in mbedtls_aria_crypt_cfb128()
599 while (length--) { in mbedtls_aria_crypt_cfb128()
618 * ARIA-CTR buffer encryption/decryption
638 while (length--) { in mbedtls_aria_crypt_ctr()
643 for (i = MBEDTLS_ARIA_BLOCKSIZE; i > 0; i--) { in mbedtls_aria_crypt_ctr()
644 if (++nonce_counter[i - 1] != 0) { in mbedtls_aria_crypt_ctr()
693 * http://210.104.33.10/ARIA/doc/ARIA-testvector-e.pdf
727 { 0x49, 0xd6, 0x18, 0x60, 0xb1, 0x49, 0x09, 0x10, // 128-bit key
733 { 0xaf, 0xe6, 0xcf, 0x23, 0x97, 0x4b, 0x53, 0x3c, // 192-bit key
739 { 0x52, 0x3a, 0x8a, 0x80, 0x6a, 0xe6, 0x21, 0xf1, // 256-bit key
751 { 0x37, 0x20, 0xe5, 0x3b, 0xa7, 0xd6, 0x15, 0x38, // 128-bit key
757 { 0x41, 0x71, 0xf7, 0x19, 0x2b, 0xf4, 0x49, 0x54, // 192-bit key
763 { 0x26, 0x83, 0x47, 0x05, 0xb0, 0xf2, 0xc0, 0xe2, // 256-bit key
775 { 0xac, 0x5d, 0x7d, 0xe8, 0x05, 0xa0, 0xbf, 0x1c, // 128-bit key
781 { 0x08, 0x62, 0x5c, 0xa8, 0xfe, 0x56, 0x9c, 0x19, // 192-bit key
787 { 0x30, 0x02, 0x6c, 0x32, 0x96, 0x66, 0x14, 0x17, // 256-bit key
836 mbedtls_printf(" ARIA-ECB-%d (enc): ", 128 + 64 * i); in mbedtls_aria_self_test()
846 mbedtls_printf(" ARIA-ECB-%d (dec): ", 128 + 64 * i); in mbedtls_aria_self_test()
871 mbedtls_printf(" ARIA-CBC-%d (enc): ", 128 + 64 * i); in mbedtls_aria_self_test()
883 mbedtls_printf(" ARIA-CBC-%d (dec): ", 128 + 64 * i); in mbedtls_aria_self_test()
902 mbedtls_printf(" ARIA-CFB-%d (enc): ", 128 + 64 * i); in mbedtls_aria_self_test()
914 mbedtls_printf(" ARIA-CFB-%d (dec): ", 128 + 64 * i); in mbedtls_aria_self_test()
933 mbedtls_printf(" ARIA-CTR-%d (enc): ", 128 + 64 * i); in mbedtls_aria_self_test()
945 mbedtls_printf(" ARIA-CTR-%d (dec): ", 128 + 64 * i); in mbedtls_aria_self_test()