os/security/cryptoplugins/cryptospiplugins/source/softwarecrypto/rijndaelimpl.cpp
2 * Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies).
4 * This component and the accompanying materials are made available
5 * under the terms of the License "Eclipse Public License v1.0"
6 * which accompanies this distribution, and is available
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".
9 * Initial Contributors:
10 * Nokia Corporation - initial contribution.
19 #include "rijndaelimpl.h"
22 #include "rijndaeltables.h"
23 #include "common/inlines.h"
24 #include "pluginconfig.h"
25 #include "symmetriccipherimpl.h"
26 #include <cryptostrength.h>
28 using namespace SoftwareCrypto;
30 const TUint KAESKeyBytes128 = 16;
31 const TUint KAESKeyBytes192 = 24;
32 const TUint KAESKeyBytes256 = 32;
33 const TUint KAESBlockBytes = 16;
36 CRijndaelImpl::CRijndaelImpl(
40 CSymmetricBlockCipherImpl(KAESBlockBytes, aCryptoMode, aOperationMode, aPadding)
44 CRijndaelImpl* CRijndaelImpl::NewL(const CKey& aKey, TUid aCryptoMode, TUid aOperationMode, TUid aPadding)
46 CRijndaelImpl* self = CRijndaelImpl::NewLC(aKey, aCryptoMode, aOperationMode, aPadding);
47 CleanupStack::Pop(self);
51 CRijndaelImpl* CRijndaelImpl::NewLC(const CKey& aKey, TUid aCryptoMode, TUid aOperationMode, TUid aPadding)
53 CRijndaelImpl* self = new(ELeave) CRijndaelImpl(aCryptoMode, aOperationMode, aPadding);
54 CleanupStack::PushL(self);
55 self->ConstructL(aKey);
57 const TDesC8& keyContent = aKey.GetTDesC8L(KSymmetricKeyParameterUid);
58 TCrypto::IsSymmetricWeakEnoughL(BytesToBits(keyContent.Size()) - keyContent.Size());
62 CRijndaelImpl::~CRijndaelImpl()
64 // make sure key information isn't visible to other processes if the
66 Mem::FillZ(&iK, sizeof(iK));
69 void CRijndaelImpl::ConstructL(const CKey& aKey)
71 CSymmetricBlockCipherImpl::ConstructL(aKey);
75 CExtendedCharacteristics* CRijndaelImpl::CreateExtendedCharacteristicsL()
77 // All Symbian software plug-ins have unlimited concurrency, cannot be reserved
78 // for exclusive use and are not CERTIFIED to be standards compliant.
79 return CExtendedCharacteristics::NewL(KMaxTInt, EFalse);
82 const CExtendedCharacteristics* CRijndaelImpl::GetExtendedCharacteristicsL()
84 return CRijndaelImpl::CreateExtendedCharacteristicsL();
87 TUid CRijndaelImpl::ImplementationUid() const
89 return KCryptoPluginAesUid;
92 TBool CRijndaelImpl::IsValidKeyLength(TInt aKeyBytes) const
105 void CRijndaelImpl::SetKeySchedule()
107 iRounds = iKeyBytes/4 + 6;
108 if (iCryptoMode.iUid == KCryptoModeEncrypt)
110 SetEncryptKeySchedule(*iKey, &iK[0]);
114 ASSERT(iCryptoMode.iUid == KCryptoModeDecrypt);
115 SetDecryptKeySchedule(*iKey, &iK[0]);
119 void CRijndaelImpl::TransformEncrypt(
123 for (TInt i = 0; i < aNumBlocks; ++i)
125 ModeEncryptStart(aBuffer);
127 TUint32 s0, s1, s2, s3, t0, t1, t2, t3;
128 const TUint32* rk = &iK[0];
131 * map byte array block to cipher state
132 * and add initial round key:
134 GetBlockBigEndian(aBuffer, s0, s1, s2, s3);
140 * Nr - 1 full rounds:
142 TUint r = iRounds >> 1;
146 RIJNDAEL_TABLE::Te0[GETBYTE(s0, 3)] ^
147 RIJNDAEL_TABLE::Te1[GETBYTE(s1, 2)] ^
148 RIJNDAEL_TABLE::Te2[GETBYTE(s2, 1)] ^
149 RIJNDAEL_TABLE::Te3[GETBYTE(s3, 0)] ^
152 RIJNDAEL_TABLE::Te0[GETBYTE(s1, 3)] ^
153 RIJNDAEL_TABLE::Te1[GETBYTE(s2, 2)] ^
154 RIJNDAEL_TABLE::Te2[GETBYTE(s3, 1)] ^
155 RIJNDAEL_TABLE::Te3[GETBYTE(s0, 0)] ^
158 RIJNDAEL_TABLE::Te0[GETBYTE(s2, 3)] ^
159 RIJNDAEL_TABLE::Te1[GETBYTE(s3, 2)] ^
160 RIJNDAEL_TABLE::Te2[GETBYTE(s0, 1)] ^
161 RIJNDAEL_TABLE::Te3[GETBYTE(s1, 0)] ^
164 RIJNDAEL_TABLE::Te0[GETBYTE(s3, 3)] ^
165 RIJNDAEL_TABLE::Te1[GETBYTE(s0, 2)] ^
166 RIJNDAEL_TABLE::Te2[GETBYTE(s1, 1)] ^
167 RIJNDAEL_TABLE::Te3[GETBYTE(s2, 0)] ^
175 RIJNDAEL_TABLE::Te0[GETBYTE(t0, 3)] ^
176 RIJNDAEL_TABLE::Te1[GETBYTE(t1, 2)] ^
177 RIJNDAEL_TABLE::Te2[GETBYTE(t2, 1)] ^
178 RIJNDAEL_TABLE::Te3[GETBYTE(t3, 0)] ^
181 RIJNDAEL_TABLE::Te0[GETBYTE(t1, 3)] ^
182 RIJNDAEL_TABLE::Te1[GETBYTE(t2, 2)] ^
183 RIJNDAEL_TABLE::Te2[GETBYTE(t3, 1)] ^
184 RIJNDAEL_TABLE::Te3[GETBYTE(t0, 0)] ^
187 RIJNDAEL_TABLE::Te0[GETBYTE(t2, 3)] ^
188 RIJNDAEL_TABLE::Te1[GETBYTE(t3, 2)] ^
189 RIJNDAEL_TABLE::Te2[GETBYTE(t0, 1)] ^
190 RIJNDAEL_TABLE::Te3[GETBYTE(t1, 0)] ^
193 RIJNDAEL_TABLE::Te0[GETBYTE(t3, 3)] ^
194 RIJNDAEL_TABLE::Te1[GETBYTE(t0, 2)] ^
195 RIJNDAEL_TABLE::Te2[GETBYTE(t1, 1)] ^
196 RIJNDAEL_TABLE::Te3[GETBYTE(t2, 0)] ^
200 * apply last round and
201 * map cipher state to byte array block:
205 (RIJNDAEL_TABLE::Te4[GETBYTE(t0, 3)] & 0xff000000) ^
206 (RIJNDAEL_TABLE::Te4[GETBYTE(t1, 2)] & 0x00ff0000) ^
207 (RIJNDAEL_TABLE::Te4[GETBYTE(t2, 1)] & 0x0000ff00) ^
208 (RIJNDAEL_TABLE::Te4[GETBYTE(t3, 0)] & 0x000000ff) ^
211 (RIJNDAEL_TABLE::Te4[GETBYTE(t1, 3)] & 0xff000000) ^
212 (RIJNDAEL_TABLE::Te4[GETBYTE(t2, 2)] & 0x00ff0000) ^
213 (RIJNDAEL_TABLE::Te4[GETBYTE(t3, 1)] & 0x0000ff00) ^
214 (RIJNDAEL_TABLE::Te4[GETBYTE(t0, 0)] & 0x000000ff) ^
217 (RIJNDAEL_TABLE::Te4[GETBYTE(t2, 3)] & 0xff000000) ^
218 (RIJNDAEL_TABLE::Te4[GETBYTE(t3, 2)] & 0x00ff0000) ^
219 (RIJNDAEL_TABLE::Te4[GETBYTE(t0, 1)] & 0x0000ff00) ^
220 (RIJNDAEL_TABLE::Te4[GETBYTE(t1, 0)] & 0x000000ff) ^
223 (RIJNDAEL_TABLE::Te4[GETBYTE(t3, 3)] & 0xff000000) ^
224 (RIJNDAEL_TABLE::Te4[GETBYTE(t0, 2)] & 0x00ff0000) ^
225 (RIJNDAEL_TABLE::Te4[GETBYTE(t1, 1)] & 0x0000ff00) ^
226 (RIJNDAEL_TABLE::Te4[GETBYTE(t2, 0)] & 0x000000ff) ^
229 PutBlockBigEndian(aBuffer, s0, s1, s2, s3);
230 ModeEncryptEnd(aBuffer);
231 aBuffer += KAESBlockBytes;
235 void CRijndaelImpl::TransformDecrypt(
239 for (TInt i = 0; i < aNumBlocks; ++i)
241 ModeDecryptStart(aBuffer);
243 TUint32 s0, s1, s2, s3, t0, t1, t2, t3;
244 const TUint32* rk = &iK[0];
247 * map byte array block to cipher state
248 * and add initial round key:
250 GetBlockBigEndian(aBuffer, s0, s1, s2, s3);
257 * Nr - 1 full rounds:
259 TUint r = iRounds >> 1;
263 RIJNDAEL_TABLE::Td0[GETBYTE(s0, 3)] ^
264 RIJNDAEL_TABLE::Td1[GETBYTE(s3, 2)] ^
265 RIJNDAEL_TABLE::Td2[GETBYTE(s2, 1)] ^
266 RIJNDAEL_TABLE::Td3[GETBYTE(s1, 0)] ^
269 RIJNDAEL_TABLE::Td0[GETBYTE(s1, 3)] ^
270 RIJNDAEL_TABLE::Td1[GETBYTE(s0, 2)] ^
271 RIJNDAEL_TABLE::Td2[GETBYTE(s3, 1)] ^
272 RIJNDAEL_TABLE::Td3[GETBYTE(s2, 0)] ^
275 RIJNDAEL_TABLE::Td0[GETBYTE(s2, 3)] ^
276 RIJNDAEL_TABLE::Td1[GETBYTE(s1, 2)] ^
277 RIJNDAEL_TABLE::Td2[GETBYTE(s0, 1)] ^
278 RIJNDAEL_TABLE::Td3[GETBYTE(s3, 0)] ^
281 RIJNDAEL_TABLE::Td0[GETBYTE(s3, 3)] ^
282 RIJNDAEL_TABLE::Td1[GETBYTE(s2, 2)] ^
283 RIJNDAEL_TABLE::Td2[GETBYTE(s1, 1)] ^
284 RIJNDAEL_TABLE::Td3[GETBYTE(s0, 0)] ^
292 RIJNDAEL_TABLE::Td0[GETBYTE(t0, 3)] ^
293 RIJNDAEL_TABLE::Td1[GETBYTE(t3, 2)] ^
294 RIJNDAEL_TABLE::Td2[GETBYTE(t2, 1)] ^
295 RIJNDAEL_TABLE::Td3[GETBYTE(t1, 0)] ^
298 RIJNDAEL_TABLE::Td0[GETBYTE(t1, 3)] ^
299 RIJNDAEL_TABLE::Td1[GETBYTE(t0, 2)] ^
300 RIJNDAEL_TABLE::Td2[GETBYTE(t3, 1)] ^
301 RIJNDAEL_TABLE::Td3[GETBYTE(t2, 0)] ^
304 RIJNDAEL_TABLE::Td0[GETBYTE(t2, 3)] ^
305 RIJNDAEL_TABLE::Td1[GETBYTE(t1, 2)] ^
306 RIJNDAEL_TABLE::Td2[GETBYTE(t0, 1)] ^
307 RIJNDAEL_TABLE::Td3[GETBYTE(t3, 0)] ^
310 RIJNDAEL_TABLE::Td0[GETBYTE(t3, 3)] ^
311 RIJNDAEL_TABLE::Td1[GETBYTE(t2, 2)] ^
312 RIJNDAEL_TABLE::Td2[GETBYTE(t1, 1)] ^
313 RIJNDAEL_TABLE::Td3[GETBYTE(t0, 0)] ^
317 * apply last round and
318 * map cipher state to byte array block:
321 (RIJNDAEL_TABLE::Td4[GETBYTE(t0, 3)] & 0xff000000) ^
322 (RIJNDAEL_TABLE::Td4[GETBYTE(t3, 2)] & 0x00ff0000) ^
323 (RIJNDAEL_TABLE::Td4[GETBYTE(t2, 1)] & 0x0000ff00) ^
324 (RIJNDAEL_TABLE::Td4[GETBYTE(t1, 0)] & 0x000000ff) ^
327 (RIJNDAEL_TABLE::Td4[GETBYTE(t1, 3)] & 0xff000000) ^
328 (RIJNDAEL_TABLE::Td4[GETBYTE(t0, 2)] & 0x00ff0000) ^
329 (RIJNDAEL_TABLE::Td4[GETBYTE(t3, 1)] & 0x0000ff00) ^
330 (RIJNDAEL_TABLE::Td4[GETBYTE(t2, 0)] & 0x000000ff) ^
333 (RIJNDAEL_TABLE::Td4[GETBYTE(t2, 3)] & 0xff000000) ^
334 (RIJNDAEL_TABLE::Td4[GETBYTE(t1, 2)] & 0x00ff0000) ^
335 (RIJNDAEL_TABLE::Td4[GETBYTE(t0, 1)] & 0x0000ff00) ^
336 (RIJNDAEL_TABLE::Td4[GETBYTE(t3, 0)] & 0x000000ff) ^
339 (RIJNDAEL_TABLE::Td4[GETBYTE(t3, 3)] & 0xff000000) ^
340 (RIJNDAEL_TABLE::Td4[GETBYTE(t2, 2)] & 0x00ff0000) ^
341 (RIJNDAEL_TABLE::Td4[GETBYTE(t1, 1)] & 0x0000ff00) ^
342 (RIJNDAEL_TABLE::Td4[GETBYTE(t0, 0)] & 0x000000ff) ^
344 PutBlockBigEndian(aBuffer, s0, s1, s2, s3);
345 ModeDecryptEnd(aBuffer);
346 aBuffer += KAESBlockBytes;
350 void CRijndaelImpl::SetEncryptKeySchedule(const TDesC8& aKey, TUint32* aKeySchedule)
352 TUint keySize = aKey.Length();
354 TUint32* rk = aKeySchedule;
358 GetUserKeyBigEndian(rk, keySize/4, &aKey[0], keySize);
362 case (KAESKeyBytes128):
368 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 2)] & 0xff000000) ^
369 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 1)] & 0x00ff0000) ^
370 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 0)] & 0x0000ff00) ^
371 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 3)] & 0x000000ff) ^
372 RIJNDAEL_TABLE::rcon[i];
373 rk[5] = rk[1] ^ rk[4];
374 rk[6] = rk[2] ^ rk[5];
375 rk[7] = rk[3] ^ rk[6];
383 case (KAESKeyBytes192):
389 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 2)] & 0xff000000) ^
390 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 1)] & 0x00ff0000) ^
391 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 0)] & 0x0000ff00) ^
392 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 3)] & 0x000000ff) ^
393 RIJNDAEL_TABLE::rcon[i];
394 rk[ 7] = rk[ 1] ^ rk[ 6];
395 rk[ 8] = rk[ 2] ^ rk[ 7];
396 rk[ 9] = rk[ 3] ^ rk[ 8];
399 rk[10] = rk[ 4] ^ rk[ 9];
400 rk[11] = rk[ 5] ^ rk[10];
406 case (KAESKeyBytes256):
412 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 2)] & 0xff000000) ^
413 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 1)] & 0x00ff0000) ^
414 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 0)] & 0x0000ff00) ^
415 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 3)] & 0x000000ff) ^
416 RIJNDAEL_TABLE::rcon[i];
417 rk[ 9] = rk[ 1] ^ rk[ 8];
418 rk[10] = rk[ 2] ^ rk[ 9];
419 rk[11] = rk[ 3] ^ rk[10];
424 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 3)] & 0xff000000) ^
425 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 2)] & 0x00ff0000) ^
426 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 1)] & 0x0000ff00) ^
427 (RIJNDAEL_TABLE::Te4[GETBYTE(temp, 0)] & 0x000000ff);
428 rk[13] = rk[ 5] ^ rk[12];
429 rk[14] = rk[ 6] ^ rk[13];
430 rk[15] = rk[ 7] ^ rk[14];
438 assert(0); // Shouldn't get here, keeps compiler happy
442 void CRijndaelImpl::SetDecryptKeySchedule(const TDesC8& aKey, TUint32* aKeySchedule)
444 SetEncryptKeySchedule(aKey, aKeySchedule);
447 TUint32* rk = aKeySchedule;
450 // invert the order of the round keys
451 for (i = 0, j = 4*iRounds; i < j; i += 4, j -= 4)
453 temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;
454 temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
455 temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
456 temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
459 // apply the inverse MixColumn transform to all round keys but the first and the last
460 for (i = 1; i < iRounds; i++)
464 RIJNDAEL_TABLE::Td0[RIJNDAEL_TABLE::Te4[GETBYTE(rk[0], 3)] & 0xff] ^
465 RIJNDAEL_TABLE::Td1[RIJNDAEL_TABLE::Te4[GETBYTE(rk[0], 2)] & 0xff] ^
466 RIJNDAEL_TABLE::Td2[RIJNDAEL_TABLE::Te4[GETBYTE(rk[0], 1)] & 0xff] ^
467 RIJNDAEL_TABLE::Td3[RIJNDAEL_TABLE::Te4[GETBYTE(rk[0], 0)] & 0xff];
469 RIJNDAEL_TABLE::Td0[RIJNDAEL_TABLE::Te4[GETBYTE(rk[1], 3)] & 0xff] ^
470 RIJNDAEL_TABLE::Td1[RIJNDAEL_TABLE::Te4[GETBYTE(rk[1], 2)] & 0xff] ^
471 RIJNDAEL_TABLE::Td2[RIJNDAEL_TABLE::Te4[GETBYTE(rk[1], 1)] & 0xff] ^
472 RIJNDAEL_TABLE::Td3[RIJNDAEL_TABLE::Te4[GETBYTE(rk[1], 0)] & 0xff];
474 RIJNDAEL_TABLE::Td0[RIJNDAEL_TABLE::Te4[GETBYTE(rk[2], 3)] & 0xff] ^
475 RIJNDAEL_TABLE::Td1[RIJNDAEL_TABLE::Te4[GETBYTE(rk[2], 2)] & 0xff] ^
476 RIJNDAEL_TABLE::Td2[RIJNDAEL_TABLE::Te4[GETBYTE(rk[2], 1)] & 0xff] ^
477 RIJNDAEL_TABLE::Td3[RIJNDAEL_TABLE::Te4[GETBYTE(rk[2], 0)] & 0xff];
479 RIJNDAEL_TABLE::Td0[RIJNDAEL_TABLE::Te4[GETBYTE(rk[3], 3)] & 0xff] ^
480 RIJNDAEL_TABLE::Td1[RIJNDAEL_TABLE::Te4[GETBYTE(rk[3], 2)] & 0xff] ^
481 RIJNDAEL_TABLE::Td2[RIJNDAEL_TABLE::Te4[GETBYTE(rk[3], 1)] & 0xff] ^
482 RIJNDAEL_TABLE::Td3[RIJNDAEL_TABLE::Te4[GETBYTE(rk[3], 0)] & 0xff];