aes: update to newest version

trezor · Aug 14, 2018 · d454a48 · d454a48
1 parent 5d62454
commit d454a48
Show file tree

Hide file tree

Showing 7 changed files with 72 additions and 248 deletions.
diff --git a/aes/aes.h b/aes/aes.h
@@ -15,7 +15,7 @@ This software is provided 'as is' with no explicit or implied warranties
 in respect of its operation, including, but not limited to, correctness
 and fitness for purpose.
 ---------------------------------------------------------------------------
-Issue Date: 20/12/2007
+Issue Date: 02/08/2018
 
  This file contains the definitions required to use AES in C. See aesopt.h
  for optimisation details.
@@ -25,32 +25,43 @@ Issue Date: 20/12/2007
 #define _AES_H
 
 #include <stdlib.h>
+#include <stdint.h>
 
-/*  This include is used to find 8 & 32 bit unsigned integer types  */
-#include "brg_types.h"
+#define VOID_RETURN         void
+#define INT_RETURN          int
+#define ALIGN_OFFSET(x,n)   (((intptr_t)(x)) & ((n) - 1))
+#define ALIGN_FLOOR(x,n)    ((uint8_t*)(x) - ( ((intptr_t)(x)) & ((n) - 1)))
+#define ALIGN_CEIL(x,n)     ((uint8_t*)(x) + (-((intptr_t)(x)) & ((n) - 1)))
 
 #if defined(__cplusplus)
 extern "C"
 {
 #endif
 
-// #define AES_128     /* if a fast 128 bit key scheduler is needed    */
-// #define AES_192     /* if a fast 192 bit key scheduler is needed    */
-#define AES_256     /* if a fast 256 bit key scheduler is needed    */
-// #define AES_VAR     /* if variable key size scheduler is needed     */
-#define AES_MODES   /* if support is needed for modes               */
+// #define AES_128     /* if a fast 128 bit key scheduler is needed     */
+// #define AES_192     /* if a fast 192 bit key scheduler is needed     */
+#define AES_256     /* if a fast 256 bit key scheduler is needed     */
+// #define AES_VAR     /* if variable key size scheduler is needed      */
+#if 1
+#  define AES_MODES /* if support is needed for modes in the C code  */
+#endif              /* (these will use AES_NI if it is present)      */
+#if 0               /* add this to make direct calls to the AES_NI   */
+#                   /* implemented CBC and CTR modes available       */
+#   define ADD_AESNI_MODE_CALLS
+#endif
 
-/* The following must also be set in assembler files if being used  */
+/* The following must also be set in assembler files if being used   */
 
-#define AES_ENCRYPT /* if support for encryption is needed          */
-#define AES_DECRYPT /* if support for decryption is needed          */
+#define AES_ENCRYPT /* if support for encryption is needed           */
+#define AES_DECRYPT /* if support for decryption is needed           */
 
-#define AES_BLOCK_SIZE  16  /* the AES block size in bytes          */
-#define N_COLS           4  /* the number of columns in the state   */
+#define AES_BLOCK_SIZE_P2  4  /* AES block size as a power of 2      */
+#define AES_BLOCK_SIZE    (1 << AES_BLOCK_SIZE_P2) /* AES block size */
+#define N_COLS             4  /* the number of columns in the state  */
 
-/* The key schedule length is 11, 13 or 15 16-byte blocks for 128,  */
-/* 192 or 256-bit keys respectively. That is 176, 208 or 240 bytes  */
-/* or 44, 52 or 60 32-bit words.                                    */
+/* The key schedule length is 11, 13 or 15 16-byte blocks for 128,   */
+/* 192 or 256-bit keys respectively. That is 176, 208 or 240 bytes   */
+/* or 44, 52 or 60 32-bit words.                                     */
 
 #if defined( AES_VAR ) || defined( AES_256 )
 #define KS_LENGTH       60
@@ -62,10 +73,10 @@ extern "C"
 
 #define AES_RETURN INT_RETURN
 
-/* the character array 'inf' in the following structures is used    */
-/* to hold AES context information. This AES code uses cx->inf.b[0] */
-/* to hold the number of rounds multiplied by 16. The other three   */
-/* elements can be used by code that implements additional modes    */
+/* the character array 'inf' in the following structures is used     */
+/* to hold AES context information. This AES code uses cx->inf.b[0]  */
+/* to hold the number of rounds multiplied by 16. The other three    */
+/* elements can be used by code that implements additional modes     */
 
 typedef union
 {   uint32_t l;

diff --git a/aes/aes_modes.c b/aes/aes_modes.c
@@ -136,7 +136,7 @@ AES_RETURN aes_mode_reset(aes_encrypt_ctx ctx[1])
 
 AES_RETURN aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
                     int len, const aes_encrypt_ctx ctx[1])
-{   int nb = len >> 4;
+{   int nb = len >> AES_BLOCK_SIZE_P2;
 
     if(len & (AES_BLOCK_SIZE - 1))
         return EXIT_FAILURE;
@@ -198,7 +198,7 @@ AES_RETURN aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
 
 AES_RETURN aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
                     int len, const aes_decrypt_ctx ctx[1])
-{   int nb = len >> 4;
+{   int nb = len >> AES_BLOCK_SIZE_P2;
 
     if(len & (AES_BLOCK_SIZE - 1))
         return EXIT_FAILURE;
@@ -260,7 +260,7 @@ AES_RETURN aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
 
 AES_RETURN aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
                     int len, unsigned char *iv, const aes_encrypt_ctx ctx[1])
-{   int nb = len >> 4;
+{   int nb = len >> AES_BLOCK_SIZE_P2;
 
     if(len & (AES_BLOCK_SIZE - 1))
         return EXIT_FAILURE;
@@ -358,7 +358,7 @@ AES_RETURN aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
 AES_RETURN aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf,
                     int len, unsigned char *iv, const aes_decrypt_ctx ctx[1])
 {   unsigned char tmp[AES_BLOCK_SIZE];
-    int nb = len >> 4;
+    int nb = len >> AES_BLOCK_SIZE_P2;
 
     if(len & (AES_BLOCK_SIZE - 1))
         return EXIT_FAILURE;
@@ -469,7 +469,7 @@ AES_RETURN aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
         b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
     }
 
-    if((nb = (len - cnt) >> 4) != 0)    /* process whole blocks */
+    if((nb = (len - cnt) >> AES_BLOCK_SIZE_P2) != 0)    /* process whole blocks */
     {
 #if defined( USE_VIA_ACE_IF_PRESENT )
 
@@ -597,7 +597,7 @@ AES_RETURN aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
         b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
     }
 
-    if((nb = (len - cnt) >> 4) != 0)    /* process whole blocks */
+    if((nb = (len - cnt) >> AES_BLOCK_SIZE_P2) != 0)    /* process whole blocks */
     {
 #if defined( USE_VIA_ACE_IF_PRESENT )
 
@@ -735,7 +735,7 @@ AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
         b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
     }
 
-    if((nb = (len - cnt) >> 4) != 0)   /* process whole blocks */
+    if((nb = (len - cnt) >> AES_BLOCK_SIZE_P2) != 0)   /* process whole blocks */
     {
 #if defined( USE_VIA_ACE_IF_PRESENT )
 
@@ -880,7 +880,7 @@ AES_RETURN aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf,
     {
         blen = (len > BFR_LENGTH ? BFR_LENGTH : len), len -= blen;
 
-        for(i = 0, ip = buf; i < (blen >> 4); ++i)
+        for(i = 0, ip = buf; i < (blen >> AES_BLOCK_SIZE_P2); ++i)
         {
             memcpy(ip, cbuf, AES_BLOCK_SIZE);
             ctr_inc(cbuf);

diff --git a/aes/aescrypt.c b/aes/aescrypt.c
@@ -55,7 +55,7 @@ extern "C"
    so we need to control this with the following VC++ pragmas
 */
 
-#if defined( _MSC_VER ) && !defined( _WIN64 )
+#if defined( _MSC_VER ) && !defined( _WIN64 ) && !defined( __clang__ )
 #pragma optimize( "s", on )
 #endif
 
@@ -101,7 +101,7 @@ AES_RETURN aes_xi(encrypt)(const unsigned char *in, unsigned char *out, const ae
     dec_fmvars; /* declare variables for fwd_mcol() if needed */
 #endif
 
-	if(cx->inf.b[0] != 10 * 16 && cx->inf.b[0] != 12 * 16 && cx->inf.b[0] != 14 * 16)
+	if(cx->inf.b[0] != 10 * AES_BLOCK_SIZE && cx->inf.b[0] != 12 * AES_BLOCK_SIZE && cx->inf.b[0] != 14 * AES_BLOCK_SIZE)
 		return EXIT_FAILURE;
 
 	kp = cx->ks;
@@ -111,17 +111,17 @@ AES_RETURN aes_xi(encrypt)(const unsigned char *in, unsigned char *out, const ae
 
     switch(cx->inf.b[0])
     {
-    case 14 * 16:
+    case 14 * AES_BLOCK_SIZE:
         round(fwd_rnd,  b1, b0, kp + 1 * N_COLS);
         round(fwd_rnd,  b0, b1, kp + 2 * N_COLS);
         kp += 2 * N_COLS;
         //-fallthrough
-    case 12 * 16:
+    case 12 * AES_BLOCK_SIZE:
         round(fwd_rnd,  b1, b0, kp + 1 * N_COLS);
         round(fwd_rnd,  b0, b1, kp + 2 * N_COLS);
         kp += 2 * N_COLS;
         //-fallthrough
-    case 10 * 16:
+    case 10 * AES_BLOCK_SIZE:
         round(fwd_rnd,  b1, b0, kp + 1 * N_COLS);
         round(fwd_rnd,  b0, b1, kp + 2 * N_COLS);
         round(fwd_rnd,  b1, b0, kp + 3 * N_COLS);
@@ -175,7 +175,7 @@ AES_RETURN aes_xi(encrypt)(const unsigned char *in, unsigned char *out, const ae
    so we need to control this with the following VC++ pragmas
 */
 
-#if defined( _MSC_VER ) && !defined( _WIN64 )
+#if defined( _MSC_VER ) && !defined( _WIN64 ) && !defined( __clang__ )
 #pragma optimize( "t", on )
 #endif
 
@@ -236,7 +236,7 @@ AES_RETURN aes_xi(decrypt)(const unsigned char *in, unsigned char *out, const ae
 #endif
     const uint32_t *kp;
 
-	if(cx->inf.b[0] != 10 * 16 && cx->inf.b[0] != 12 * 16 && cx->inf.b[0] != 14 * 16)
+	if(cx->inf.b[0] != 10 * AES_BLOCK_SIZE && cx->inf.b[0] != 12 * AES_BLOCK_SIZE && cx->inf.b[0] != 14 * AES_BLOCK_SIZE)
 		return EXIT_FAILURE;
 
     kp = cx->ks + (key_ofs ? (cx->inf.b[0] >> 2) : 0);
@@ -247,15 +247,15 @@ AES_RETURN aes_xi(decrypt)(const unsigned char *in, unsigned char *out, const ae
     kp = cx->ks + (key_ofs ? 0 : (cx->inf.b[0] >> 2));
     switch(cx->inf.b[0])
     {
-    case 14 * 16:
+    case 14 * AES_BLOCK_SIZE:
         round(inv_rnd,  b1, b0, rnd_key(-13));
         round(inv_rnd,  b0, b1, rnd_key(-12));
         //-fallthrough
-    case 12 * 16:
+    case 12 * AES_BLOCK_SIZE:
         round(inv_rnd,  b1, b0, rnd_key(-11));
         round(inv_rnd,  b0, b1, rnd_key(-10));
         //-fallthrough
-    case 10 * 16:
+    case 10 * AES_BLOCK_SIZE:
         round(inv_rnd,  b1, b0, rnd_key(-9));
         round(inv_rnd,  b0, b1, rnd_key(-8));
         round(inv_rnd,  b1, b0, rnd_key(-7));

diff --git a/aes/aeskey.c b/aes/aeskey.c
@@ -101,7 +101,7 @@ AES_RETURN aes_xi(encrypt_key128)(const unsigned char *key, aes_encrypt_ctx cx[1
 #endif
     ke4(cx->ks, 9);
     cx->inf.l = 0;
-    cx->inf.b[0] = 10 * 16;
+    cx->inf.b[0] = 10 * AES_BLOCK_SIZE;
 
 #ifdef USE_VIA_ACE_IF_PRESENT
     if(VIA_ACE_AVAILABLE)
@@ -150,7 +150,7 @@ AES_RETURN aes_xi(encrypt_key192)(const unsigned char *key, aes_encrypt_ctx cx[1
 #endif
     kef6(cx->ks, 7);
     cx->inf.l = 0;
-    cx->inf.b[0] = 12 * 16;
+    cx->inf.b[0] = 12 * AES_BLOCK_SIZE;
 
 #ifdef USE_VIA_ACE_IF_PRESENT
     if(VIA_ACE_AVAILABLE)
@@ -202,7 +202,7 @@ AES_RETURN aes_xi(encrypt_key256)(const unsigned char *key, aes_encrypt_ctx cx[1
 #endif
     kef8(cx->ks, 6);
     cx->inf.l = 0;
-    cx->inf.b[0] = 14 * 16;
+    cx->inf.b[0] = 14 * AES_BLOCK_SIZE;
 
 #ifdef USE_VIA_ACE_IF_PRESENT
     if(VIA_ACE_AVAILABLE)
@@ -329,7 +329,7 @@ AES_RETURN aes_xi(decrypt_key128)(const unsigned char *key, aes_decrypt_ctx cx[1
     }
 #endif
     cx->inf.l = 0;
-    cx->inf.b[0] = 10 * 16;
+    cx->inf.b[0] = 10 * AES_BLOCK_SIZE;
 
 #ifdef USE_VIA_ACE_IF_PRESENT
     if(VIA_ACE_AVAILABLE)
@@ -395,7 +395,6 @@ AES_RETURN aes_xi(decrypt_key192)(const unsigned char *key, aes_decrypt_ctx cx[1
 #ifdef DEC_KS_UNROLL
     ss[4] = word_in(key, 4);
     ss[5] = word_in(key, 5);
-
     cx->ks[v(48,(4))] = ff(ss[4]);
     cx->ks[v(48,(5))] = ff(ss[5]);
     kdf6(cx->ks, 0); kd6(cx->ks, 1);
@@ -417,7 +416,7 @@ AES_RETURN aes_xi(decrypt_key192)(const unsigned char *key, aes_decrypt_ctx cx[1
     }
 #endif
     cx->inf.l = 0;
-    cx->inf.b[0] = 12 * 16;
+    cx->inf.b[0] = 12 * AES_BLOCK_SIZE;
 
 #ifdef USE_VIA_ACE_IF_PRESENT
     if(VIA_ACE_AVAILABLE)
@@ -492,7 +491,6 @@ AES_RETURN aes_xi(decrypt_key256)(const unsigned char *key, aes_decrypt_ctx cx[1
     ss[5] = word_in(key, 5);
     ss[6] = word_in(key, 6);
     ss[7] = word_in(key, 7);
-
     cx->ks[v(56,(4))] = ff(ss[4]);
     cx->ks[v(56,(5))] = ff(ss[5]);
     cx->ks[v(56,(6))] = ff(ss[6]);
@@ -518,7 +516,7 @@ AES_RETURN aes_xi(decrypt_key256)(const unsigned char *key, aes_decrypt_ctx cx[1
     }
 #endif
     cx->inf.l = 0;
-    cx->inf.b[0] = 14 * 16;
+    cx->inf.b[0] = 14 * AES_BLOCK_SIZE;
 
 #ifdef USE_VIA_ACE_IF_PRESENT
     if(VIA_ACE_AVAILABLE)

diff --git a/aes/aesopt.h b/aes/aesopt.h
@@ -64,7 +64,7 @@ Issue Date: 20/12/2007
 
      Class AESencrypt  for encryption
 
-      Construtors:
+      Constructors:
           AESencrypt(void)
           AESencrypt(const unsigned char *key) - 128 bit key
       Members:
@@ -74,7 +74,7 @@ Issue Date: 20/12/2007
           AES_RETURN encrypt(const unsigned char *in, unsigned char *out) const
 
       Class AESdecrypt  for encryption
-      Construtors:
+      Constructors:
           AESdecrypt(void)
           AESdecrypt(const unsigned char *key) - 128 bit key
       Members:
@@ -165,16 +165,21 @@ Issue Date: 20/12/2007
 
 /*  2. Intel AES AND VIA ACE SUPPORT */
 
-#if defined( __GNUC__ ) && defined( __i386__ ) \
+#if defined( __GNUC__ ) && defined( __i386__ ) && !defined(__BEOS__)  \
  || defined( _WIN32 ) && defined( _M_IX86 ) && !(defined( _WIN64 ) \
  || defined( _WIN32_WCE ) || defined( _MSC_VER ) && ( _MSC_VER <= 800 ))
 #  define VIA_ACE_POSSIBLE
 #endif
 
-#if (defined( _WIN64 ) && defined( _MSC_VER )) \
- || (defined( __GNUC__ ) && defined( __x86_64__ )) \
- && !(defined( INTEL_AES_POSSIBLE ))
-#  define INTEL_AES_POSSIBLE
+/* AESNI is supported by all Windows x64 compilers, but for Linux/GCC
+   we have to test for SSE 2, SSE 3, and AES to before enabling it; */
+#if !defined( INTEL_AES_POSSIBLE )
+#  if defined( _WIN64 ) && defined( _MSC_VER ) \
+   || defined( __GNUC__ ) && defined( __x86_64__ ) && \
+	  defined( __SSE2__ ) && defined( __SSE3__ ) && \
+	  defined( __AES__ )
+#    define INTEL_AES_POSSIBLE
+#  endif
 #endif
 
 /*  Define this option if support for the Intel AESNI is required
@@ -184,10 +189,11 @@ Issue Date: 20/12/2007
 	AESNI uses a decryption key schedule with the first decryption
 	round key at the high end of the key scedule with the following
 	round keys at lower positions in memory.  So AES_REV_DKS must NOT
-	be defined when AESNI will be used.  ALthough it is unlikely that
+	be defined when AESNI will be used.  Although it is unlikely that
 	assembler code will be used with an AESNI build, if it is then
 	AES_REV_DKS must NOT be defined when the assembler files are
-	built
+	built (the definition of USE_INTEL_AES_IF_PRESENT in the assembler
+	code files must match that here if they are used). 
 */
 
 #if 0 && defined( INTEL_AES_POSSIBLE ) && !defined( USE_INTEL_AES_IF_PRESENT )

diff --git a/aes/aestst.h b/aes/aestst.h
@@ -78,8 +78,8 @@ Issue Date: 20/12/2007
 #define do_enc(a,b,c,d) f_enc_blk(a, b, c)
 #define do_dec(a,b,c,d) f_dec_blk(a, b, c)
 #else
-#define do_enc(a,b,c,d) f_ecb_enc(a, b, c, AES_BLOCK_SIZE)
-#define do_dec(a,b,c,d) f_ecb_dec(a, b, c, AES_BLOCK_SIZE)
+#define do_enc(a,b,c,d) f_ecb_enc(a, b, c, 1)
+#define do_dec(a,b,c,d) f_ecb_dec(a, b, c, 1)
 #endif
 
 #endif