OpenCore  1.0.4
OpenCore Bootloader
1.0.4
All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
Aes.c
Go to the documentation of this file.
1
65#include "CryptoInternal.h"
66
67//
68// The number of columns comprising a state in AES (Nb). This is a CONSTant in AES. Value=4
69// The number of 32 bit words in a key (Nk).
70// The number of rounds in AES Cipher (Nr).
71//
72
73#define Nb 4
74
75#if CONFIG_AES_KEY_SIZE == 32
76#define Nk 8
77#define Nr 14
78#elif CONFIG_AES_KEY_SIZE == 24
79#define Nk 6
80#define Nr 12
81#elif CONFIG_AES_KEY_SIZE == 16
82#define Nk 4
83#define Nr 10
84#endif
85
86//
87// state - array holding the intermediate results during decryption.
88//
89typedef UINT8 AES_INTERNAL_STATE[4][4];
90
91//
92// The lookup-tables are marked CONST so they can be placed in read-only storage instead of RAM
93// The numbers below can be computed dynamically trading ROM for RAM -
94// This can be useful in (embedded) bootloader applications, where ROM is often limited.
95//
96STATIC CONST UINT8 Sbox[256] = {
97 // 0 1 2 3 4 5 6 7 8 9 A B C D E F
98 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
99 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
100 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
101 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
102 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
103 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
104 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
105 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
106 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
107 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
108 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
109 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
110 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
111 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
112 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
113 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
114};
115
116STATIC CONST UINT8 RsBox[256] = {
117 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
118 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
119 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
120 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
121 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
122 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
123 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
124 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
125 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
126 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
127 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
128 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
129 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
130 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
131 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
132 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
133};
134
135//
136// The round CONSTant word array, Rcon[i], contains the values given by
137// x to the power (i-1) being powers of x (x is denoted as {02}) in the field GF(2^8)
138//
139STATIC CONST UINT8 Rcon[11] = {
140 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36
141};
142
143/*
144 * Jordan Goulder points out in PR #12 (https://github.com/kokke/tiny-AES-C/pull/12),
145 * that you can remove most of the elements in the Rcon array, because they are unused.
146 *
147 * From Wikipedia's article on the Rijndael key schedule @ https://en.wikipedia.org/wiki/Rijndael_key_schedule#Rcon
148 *
149 * "Only the first some of these CONSTants are actually used – up to rcon[10] for AES-128 (as 11 round keys are needed),
150 * up to rcon[8] for AES-192, up to rcon[7] for AES-256. rcon[0] is not used in AES algorithm."
151 */
152
153//
154// Private functions:
155//
156#define GetSboxValue(num) (Sbox[(num)])
157#define GetSBoxInvert(num) (RsBox[(num)])
158
159//
160// This function produces Nb(Nr+1) round keys. The round keys are used in each
161// round to decrypt the states.
162//
163STATIC
164VOID
166 OUT UINT8 *RoundKey,
167 IN CONST UINT8 *Key
168 )
169{
170 UINT32 Index, J, K;
171 //
172 // Used for the column/row operations
173 //
174 UINT8 TempA[4];
175
176 //
177 // The first round key is the key itself.
178 //
179 for (Index = 0; Index < Nk; ++Index) {
180 RoundKey[(Index * 4) + 0] = Key[(Index * 4) + 0];
181 RoundKey[(Index * 4) + 1] = Key[(Index * 4) + 1];
182 RoundKey[(Index * 4) + 2] = Key[(Index * 4) + 2];
183 RoundKey[(Index * 4) + 3] = Key[(Index * 4) + 3];
184 }
185
186 //
187 // All other round keys are found from the previous round keys.
188 //
189 for (Index = Nk; Index < Nb * (Nr + 1); ++Index) {
190 K = (Index - 1) * 4;
191 TempA[0] = RoundKey[K + 0];
192 TempA[1] = RoundKey[K + 1];
193 TempA[2] = RoundKey[K + 2];
194 TempA[3] = RoundKey[K + 3];
195
196 if (Index % Nk == 0) {
197 //
198 // This function shifts the 4 bytes in a word to the left once.
199 // [a0,a1,a2,a3] becomes [a1,a2,a3,a0]
200 //
201
202 //
203 // Function RotWord()
204 //
205 K = TempA[0];
206 TempA[0] = TempA[1];
207 TempA[1] = TempA[2];
208 TempA[2] = TempA[3];
209 TempA[3] = (UINT8)K;
210
211 //
212 // SubWord() is a function that takes a four-byte input word and
213 // applies the S-box to each of the four bytes to produce an output word.
214 //
215
216 //
217 // Function Subword()
218 //
219 TempA[0] = GetSboxValue (TempA[0]);
220 TempA[1] = GetSboxValue (TempA[1]);
221 TempA[2] = GetSboxValue (TempA[2]);
222 TempA[3] = GetSboxValue (TempA[3]);
223
224 TempA[0] = TempA[0] ^ Rcon[Index / Nk];
225 }
226
227 #if CONFIG_AES_KEY_SIZE == 32
228 if (Index % Nk == 4) {
229 //
230 // Function Subword()
231 //
232 TempA[0] = GetSboxValue (TempA[0]);
233 TempA[1] = GetSboxValue (TempA[1]);
234 TempA[2] = GetSboxValue (TempA[2]);
235 TempA[3] = GetSboxValue (TempA[3]);
236 }
237
238 #endif
239
240 J = Index * 4;
241 K = (Index - Nk) * 4;
242 RoundKey[J + 0] = RoundKey[K + 0] ^ TempA[0];
243 RoundKey[J + 1] = RoundKey[K + 1] ^ TempA[1];
244 RoundKey[J + 2] = RoundKey[K + 2] ^ TempA[2];
245 RoundKey[J + 3] = RoundKey[K + 3] ^ TempA[3];
246 }
247}
248
249VOID
251 OUT AES_CONTEXT *Context,
252 IN CONST UINT8 *Key,
253 IN CONST UINT8 *Iv
254 )
255{
256 KeyExpansion (Context->RoundKey, Key);
257 CopyMem (Context->Iv, Iv, AES_BLOCK_SIZE);
258}
259
260VOID
262 OUT AES_CONTEXT *Context,
263 IN CONST UINT8 *Iv
264 )
265{
266 CopyMem (Context->Iv, Iv, AES_BLOCK_SIZE);
267}
268
269//
270// This function adds the round key to state.
271// The round key is added to the state by an XOR function.
272//
273STATIC
274VOID
276 IN UINT8 Round,
277 IN OUT AES_INTERNAL_STATE *State,
278 IN CONST UINT8 *RoundKey
279 )
280{
281 UINT8 I, J;
282
283 for (I = 0; I < 4; ++I) {
284 for (J = 0; J < 4; ++J) {
285 (*State)[I][J] ^= RoundKey[(Round * Nb * 4) + (I * Nb) + J];
286 }
287 }
288}
289
290//
291// The SubBytes Function Substitutes the values in the
292// state matrix with values in an S-box.
293//
294STATIC
295VOID
297 IN OUT AES_INTERNAL_STATE *State
298 )
299{
300 UINT8 I, J;
301
302 for (I = 0; I < 4; ++I) {
303 for (J = 0; J < 4; ++J) {
304 (*State)[J][I] = GetSboxValue ((*State)[J][I]);
305 }
306 }
307}
308
309//
310// The ShiftRows() function shifts the rows in the state to the left.
311// Each row is shifted with different offset.
312// Offset = Row number. So the first row is not shifted.
313//
314STATIC
315VOID
317 IN OUT AES_INTERNAL_STATE *State
318 )
319{
320 UINT8 Temp;
321
322 //
323 // Rotate first row 1 columns to left
324 //
325 Temp = (*State)[0][1];
326 (*State)[0][1] = (*State)[1][1];
327 (*State)[1][1] = (*State)[2][1];
328 (*State)[2][1] = (*State)[3][1];
329 (*State)[3][1] = Temp;
330
331 //
332 // Rotate second row 2 columns to left
333 //
334 Temp = (*State)[0][2];
335 (*State)[0][2] = (*State)[2][2];
336 (*State)[2][2] = Temp;
337
338 Temp = (*State)[1][2];
339 (*State)[1][2] = (*State)[3][2];
340 (*State)[3][2] = Temp;
341
342 //
343 // Rotate third row 3 columns to left
344 //
345 Temp = (*State)[0][3];
346 (*State)[0][3] = (*State)[3][3];
347 (*State)[3][3] = (*State)[2][3];
348 (*State)[2][3] = (*State)[1][3];
349 (*State)[1][3] = Temp;
350}
351
352STATIC
353UINT8
355 IN UINT8 X
356 )
357{
358 return (UINT8)(((UINT32)X << 1u) ^ ((((UINT32)X >> 7u) & 1u) * 0x1bu));
359}
360
361//
362// MixColumns function mixes the columns of the state matrix
363//
364STATIC
365VOID
367 IN OUT AES_INTERNAL_STATE *State
368 )
369{
370 UINT8 I, Tmp, Tm, T;
371
372 for (I = 0; I < 4; ++I) {
373 T = (*State)[I][0];
374 Tmp = (UINT8)((UINT32)((*State)[I][0]) ^ (UINT32)((*State)[I][1])
375 ^ (UINT32)((*State)[I][2]) ^ (UINT32)((*State)[I][3]));
376 Tm = (*State)[I][0] ^ (*State)[I][1];
377 Tm = XTime (Tm);
378 (*State)[I][0] ^= Tm ^ Tmp;
379 Tm = (*State)[I][1] ^ (*State)[I][2];
380 Tm = XTime (Tm);
381 (*State)[I][1] ^= Tm ^ Tmp;
382 Tm = (*State)[I][2] ^ (*State)[I][3];
383 Tm = XTime (Tm);
384 (*State)[I][2] ^= Tm ^ Tmp;
385 Tm = (*State)[I][3] ^ T;
386 Tm = XTime (Tm);
387 (*State)[I][3] ^= Tm ^ Tmp;
388 }
389}
390
391//
392// Multiply is used to multiply numbers in the field GF(2^8)
393// Note: The last call to XTime() is unneeded, but often ends up generating a smaller binary
394// The compiler seems to be able to vectorize the operation better this way.
395// See https://github.com/kokke/tiny-AES-c/pull/34
396//
397#define Multiply(x, y) \
398 ( (((y) & 1u) * (x)) ^ \
399 (((y)>>1u & 1u) * XTime(x)) ^ \
400 (((y)>>2u & 1u) * XTime(XTime(x))) ^ \
401 (((y)>>3u & 1u) * XTime(XTime(XTime(x)))) ^ \
402 (((y)>>4u & 1u) * XTime(XTime(XTime(XTime(x)))))) \
403
404//
405// MixColumns function mixes the columns of the state matrix.
406// The method used to multiply may be difficult to understand for the inexperienced.
407// Please use the references to gain more information.
408//
409STATIC
410VOID
412 IN OUT AES_INTERNAL_STATE *State
413 )
414{
415 UINT8 I, A, B, C, D;
416
417 for (I = 0; I < 4; ++I) {
418 A = (*State)[I][0];
419 B = (*State)[I][1];
420 C = (*State)[I][2];
421 D = (*State)[I][3];
422
423 (*State)[I][0] = (UINT8)((UINT32)Multiply (A, 0x0eu) ^ (UINT32)Multiply (B, 0x0bu)
424 ^ (UINT32)Multiply (C, 0x0du) ^ (UINT32)Multiply (D, 0x09u));
425 (*State)[I][1] = (UINT8)((UINT32)Multiply (A, 0x09u) ^ (UINT32)Multiply (B, 0x0eu)
426 ^ (UINT32)Multiply (C, 0x0bu) ^ (UINT32)Multiply (D, 0x0du));
427 (*State)[I][2] = (UINT8)((UINT32)Multiply (A, 0x0du) ^ (UINT32)Multiply (B, 0x09u)
428 ^ (UINT32)Multiply (C, 0x0eu) ^ (UINT32)Multiply (D, 0x0bu));
429 (*State)[I][3] = (UINT8)((UINT32)Multiply (A, 0x0bu) ^ (UINT32)Multiply (B, 0x0du)
430 ^ (UINT32)Multiply (C, 0x09u) ^ (UINT32)Multiply (D, 0x0eu));
431 }
432}
433
434//
435// The SubBytes Function Substitutes the values in the
436// state matrix with values in an S-box.
437//
438STATIC
439VOID
441 IN OUT AES_INTERNAL_STATE *State
442 )
443{
444 UINT8 I, J;
445
446 for (I = 0; I < 4; ++I) {
447 for (J = 0; J < 4; ++J) {
448 (*State)[J][I] = GetSBoxInvert ((*State)[J][I]);
449 }
450 }
451}
452
453STATIC
454VOID
456 IN OUT AES_INTERNAL_STATE *State
457 )
458{
459 UINT8 Temp;
460
461 //
462 // Rotate first row 1 columns to right
463 //
464 Temp = (*State)[3][1];
465 (*State)[3][1] = (*State)[2][1];
466 (*State)[2][1] = (*State)[1][1];
467 (*State)[1][1] = (*State)[0][1];
468 (*State)[0][1] = Temp;
469
470 //
471 // Rotate second row 2 columns to right
472 //
473 Temp = (*State)[0][2];
474 (*State)[0][2] = (*State)[2][2];
475 (*State)[2][2] = Temp;
476
477 Temp = (*State)[1][2];
478 (*State)[1][2] = (*State)[3][2];
479 (*State)[3][2] = Temp;
480
481 //
482 // Rotate third row 3 columns to right
483 //
484 Temp = (*State)[0][3];
485 (*State)[0][3] = (*State)[1][3];
486 (*State)[1][3] = (*State)[2][3];
487 (*State)[2][3] = (*State)[3][3];
488 (*State)[3][3] = Temp;
489}
490
491//
492// Cipher is the main function that encrypts the PlainText.
493//
494STATIC
495VOID
497 IN OUT AES_INTERNAL_STATE *State,
498 IN CONST UINT8 *RoundKey
499 )
500{
501 UINT8 Round;
502
503 //
504 // Add the First round key to the state before starting the rounds.
505 //
506 AddRoundKey (0, State, RoundKey);
507
508 //
509 // There will be Nr rounds.
510 // The first Nr-1 rounds are identical.
511 // These Nr-1 rounds are executed in the loop below.
512 //
513 for (Round = 1; Round < Nr; ++Round) {
514 SubBytes (State);
515 ShiftRows (State);
516 MixColumns (State);
517 AddRoundKey (Round, State, RoundKey);
518 }
519
520 //
521 // The last round is given below.
522 // The MixColumns function is not here in the last round.
523 //
524 SubBytes (State);
525 ShiftRows (State);
526 AddRoundKey (Nr, State, RoundKey);
527}
528
529STATIC
530VOID
532 IN OUT AES_INTERNAL_STATE *State,
533 IN CONST UINT8 *RoundKey
534 )
535{
536 UINT8 Round;
537
538 //
539 // Add the First round key to the state before starting the rounds.
540 //
541 AddRoundKey (Nr, State, RoundKey);
542
543 //
544 // There will be Nr rounds.
545 // The first Nr-1 rounds are identical.
546 // These Nr-1 rounds are executed in the loop below.
547 //
548 for (Round = (Nr - 1); Round > 0; --Round) {
549 InvShiftRows (State);
550 InvSubBytes (State);
551 AddRoundKey (Round, State, RoundKey);
552 InvMixColumns (State);
553 }
554
555 //
556 // The last round is given below.
557 // The MixColumns function is not here in the last round.
558 //
559 InvShiftRows (State);
560 InvSubBytes (State);
561 AddRoundKey (0, State, RoundKey);
562}
563
564STATIC
565VOID
567 IN OUT UINT8 *Buf,
568 IN CONST UINT8 *Iv
569 )
570{
571 UINT8 I;
572
573 //
574 // The block in AES is always 128bit no matter the key size
575 //
576 for (I = 0; I < AES_BLOCK_SIZE; ++I) {
577 Buf[I] ^= Iv[I];
578 }
579}
580
581//
582// Public functions
583//
584
585VOID
587 IN OUT AES_CONTEXT *Context,
588 IN OUT UINT8 *Data,
589 IN UINT32 Len
590 )
591{
592 UINT32 I;
593 UINT8 *Iv;
594
595 Iv = Context->Iv;
596
597 for (I = 0; I < Len; I += AES_BLOCK_SIZE) {
598 XorWithIv (Data, Iv);
599 Cipher ((AES_INTERNAL_STATE *)Data, Context->RoundKey);
600 Iv = Data;
601 Data += AES_BLOCK_SIZE;
602 }
603
604 //
605 // Store Iv in Context for next call
606 //
607 CopyMem (Context->Iv, Iv, AES_BLOCK_SIZE);
608}
609
610VOID
612 IN OUT AES_CONTEXT *Context,
613 IN OUT UINT8 *Data,
614 IN UINT32 Len
615 )
616{
617 UINT32 I;
618 UINT8 StoreNextIv[AES_BLOCK_SIZE];
619
620 for (I = 0; I < Len; I += AES_BLOCK_SIZE) {
621 CopyMem (StoreNextIv, Data, AES_BLOCK_SIZE);
622 InvCipher ((AES_INTERNAL_STATE *)Data, Context->RoundKey);
623 XorWithIv (Data, Context->Iv);
624 CopyMem (Context->Iv, StoreNextIv, AES_BLOCK_SIZE);
625 Data += AES_BLOCK_SIZE;
626 }
627}
628
629//
630// Symmetrical operation: same function for encrypting as for decrypting.
631// Note any IV/nonce should never be reused with the same key
632//
633VOID
635 IN OUT AES_CONTEXT *Context,
636 IN OUT UINT8 *Data,
637 IN UINT32 Len
638 )
639{
640 UINT8 Buffer[AES_BLOCK_SIZE];
641 UINT32 I;
642 INT32 Bi;
643
644 for (I = 0, Bi = AES_BLOCK_SIZE; I < Len; ++I, ++Bi) {
645 //
646 // We need to regen xor compliment in buffer
647 //
648 if (Bi == AES_BLOCK_SIZE) {
649 CopyMem (Buffer, Context->Iv, AES_BLOCK_SIZE);
650 Cipher ((AES_INTERNAL_STATE *)Buffer, Context->RoundKey);
651
652 //
653 // Increment Iv and handle overflow
654 //
655 for (Bi = (AES_BLOCK_SIZE - 1); Bi >= 0; --Bi) {
656 //
657 // Inc will owerflow
658 //
659 if (Context->Iv[Bi] == 255) {
660 Context->Iv[Bi] = 0;
661 continue;
662 }
663
664 Context->Iv[Bi] += 1;
665 break;
666 }
667
668 Bi = 0;
669 }
670
671 Data[I] = (Data[I] ^ Buffer[Bi]);
672 }
673}
UINT8 AES_INTERNAL_STATE[4][4]
Definition Aes.c:89
STATIC VOID MixColumns(IN OUT AES_INTERNAL_STATE *State)
Definition Aes.c:366
STATIC VOID Cipher(IN OUT AES_INTERNAL_STATE *State, IN CONST UINT8 *RoundKey)
Definition Aes.c:496
STATIC VOID SubBytes(IN OUT AES_INTERNAL_STATE *State)
Definition Aes.c:296
#define Nb
Definition Aes.c:73
VOID AesCbcEncryptBuffer(IN OUT AES_CONTEXT *Context, IN OUT UINT8 *Data, IN UINT32 Len)
Definition Aes.c:586
STATIC CONST UINT8 Sbox[256]
Definition Aes.c:96
VOID AesCtrXcryptBuffer(IN OUT AES_CONTEXT *Context, IN OUT UINT8 *Data, IN UINT32 Len)
Definition Aes.c:634
#define GetSboxValue(num)
Definition Aes.c:156
STATIC VOID AddRoundKey(IN UINT8 Round, IN OUT AES_INTERNAL_STATE *State, IN CONST UINT8 *RoundKey)
Definition Aes.c:275
STATIC VOID InvShiftRows(IN OUT AES_INTERNAL_STATE *State)
Definition Aes.c:455
STATIC VOID XorWithIv(IN OUT UINT8 *Buf, IN CONST UINT8 *Iv)
Definition Aes.c:566
VOID AesSetCtxIv(OUT AES_CONTEXT *Context, IN CONST UINT8 *Iv)
Definition Aes.c:261
VOID AesCbcDecryptBuffer(IN OUT AES_CONTEXT *Context, IN OUT UINT8 *Data, IN UINT32 Len)
Definition Aes.c:611
STATIC VOID ShiftRows(IN OUT AES_INTERNAL_STATE *State)
Definition Aes.c:316
#define Multiply(x, y)
Definition Aes.c:397
VOID AesInitCtxIv(OUT AES_CONTEXT *Context, IN CONST UINT8 *Key, IN CONST UINT8 *Iv)
Definition Aes.c:250
STATIC CONST UINT8 Rcon[11]
Definition Aes.c:139
STATIC UINT8 XTime(IN UINT8 X)
Definition Aes.c:354
STATIC VOID KeyExpansion(OUT UINT8 *RoundKey, IN CONST UINT8 *Key)
Definition Aes.c:165
STATIC CONST UINT8 RsBox[256]
Definition Aes.c:116
STATIC VOID InvSubBytes(IN OUT AES_INTERNAL_STATE *State)
Definition Aes.c:440
STATIC VOID InvMixColumns(IN OUT AES_INTERNAL_STATE *State)
Definition Aes.c:411
STATIC VOID InvCipher(IN OUT AES_INTERNAL_STATE *State, IN CONST UINT8 *RoundKey)
Definition Aes.c:531
#define GetSBoxInvert(num)
Definition Aes.c:157
#define I(X, Y, Z)
Definition Md5.c:37
#define AES_BLOCK_SIZE
Definition OcCryptoLib.h:61
OC_TYPING_BUFFER_ENTRY Buffer[OC_TYPING_BUFFER_SIZE]
Definition OcTypingLib.h:42
VOID *EFIAPI CopyMem(OUT VOID *DestinationBuffer, IN CONST VOID *SourceBuffer, IN UINTN Length)
#define Len
Definition deflate.h:82