Fix AES code.

Update Rijndael source to v3.0

Add AES OIDs.

Change most references of Rijndael to AES.

Add new draft AES ciphersuites.

1 files changed, 80 insertions, 84 deletions

diff --git a/crypto/rijndael/README b/crypto/rijndael/README
index 6d6f19fa49..1118ccbad8 100755
--- a/crypto/rijndael/README
+++ b/crypto/rijndael/README
@@ -1,84 +1,80 @@
-Rijndael
-Joan Daemen
-
-Optimised ANSI C  v2.4
------------------------------------------------------------
-
-This archive contains the following files:
-
-Makefile:	A file that allows for easy compiling of the code with
-		Unix `make' (tested with GNU make).
-README: 	This file.
-boxes-fst.dat:	Tables that are needed by the reference implementation.
-		The tables implement the S-box and its inverse, and also
-		some temporary tables needed for multiplying in the finite
-		field GF(2^8).
-rijndael-alg-fst.c:
-rijndael-alg-fst.h:
-		Algorithm implementation.
-rijndael-api-fst.c:
-rijndael-api-fst.h:
-		Interface to the C API.
-rijndaeltest-fst.c:
-		Implementation of the KAT and MCT.
-table.128:
-table.192:
-table.256:
-		Files needed for the KAT (for the Table Known Answer Test).
-
-
-
-Instructions for the KAT and MCT software:
-
-1) Compile the C code and put the executable in the same directory as the
-   table.??? files.
-2) Run the executable. It generates all the tables in the NIST format.
-3) Compare the generated tables with the original provided tables, e.g.
-   in Unix, with `diff'. 
-4) The code is independent of the ENDIANness of the machine.
-   However, the code casts char pointers to int pointers.
-   On some platforms, this casting can cause problems. 
-   This will cause malfunctioning of the CBC Monte Carlo tests.
-   In this case, the compile parameter STRICT_ALIGN should be set to 1. 
-   (Of course this results in slower code.) 
-
-
-Changes with respect to v1.0 (= round 1 submission)
----------------------------------------------------
-
-1) Removed the parameter blockLen from makeKey() and cipherInit().
-   The parameter is still present in the structures keyInstance and
-   cipherInstance.
-2) Removed some calls to sscan().
-3) Corrected the CBC decryption Monte Carlo test code.
-4) Provided code for platforms with pointer alignment problems.
- 
-----------------------------------------------------------------------
-
-Changes from v2.0 (= round 2 submission)
-----------------------------------------
-
-Various bug fixes in CBC encryption and decryption mode.
-
-----------------------------------------------------------------------
-
-Changes from v2.2
------------------
-
---  Moved number of rounds to the keyInstance structure
-    to make implementation thread-safe
---  Functions used only to generate the Intermediate Value
-    Known Answer Test are now conditionally compiled
-    via #define INTERMEDIATE_VALUE_KAT
---  Further optimized for the default 128-bit block size
---  Fixed CBC decryption bug (chained IV was lost if input
-    and outBuffer were the same)
---  Added padding capability to CBC mode (allows encryption
-    of any number of octets, not only full blocks)
-
-----------------------------------------------------------------------
-
-Changes from v2.3
------------------
-
-Fixed a small bug in CBC mode.
+Optimised ANSI C code for the Rijndael cipher (now AES)
+
+Authors:
+    Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+    Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+    Paulo Barreto <paulo.barreto@terra.com.br>
+
+All code contained in this distributed is placed in the public domain.
+
+========================================================================
+
+Disclaimer:
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS 
+OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE 
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 
+BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 
+WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 
+OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, 
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+
+========================================================================
+
+Acknowledgements:
+
+We are deeply indebted to the following people for their bug reports,
+fixes, and improvement suggestions to the API implementation. Though we
+tried to list all contributions, we apologise in advance for any
+missing reference:
+
+Andrew Bales <Andrew.Bales@Honeywell.com>
+Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
+John Skodon <skodonj@webquill.com>
+
+========================================================================
+
+Description:
+
+This optimised implementation of Rijndael is noticeably faster than the
+previous versions on Intel processors under Win32 w/ MSVC 6.0.  On the
+same processor under Linux w/ gcc-2.95.2, the key setup is also
+considerably faster, but normal encryption/decryption is only marginally
+faster.
+
+To enable full loop unrolling for encryption/decryption, define the
+conditional compilation directive FULL_UNROLL.  This may help increase
+performance or not, depending on the platform.
+
+To compute the intermediate value tests, define the conditional
+compilation directive INTERMEDIATE_VALUE_KAT.  It may be worthwhile to
+define the TRACE_KAT_MCT directive too, which provides useful progress
+information during the generation of the KAT and MCT sets.
+
+========================================================================
+
+Contents:
+
+README                  This file
+rijndael-alg-fst.c      The algorithm implementation.
+rijndael-alg-fst.h      The corresponding header file.
+rijndael-api-fst.c      NIST's implementation.
+rijndael-api-fst.h      The corresponding header file.
+rijndael-test-fst.c     A simple program to generate test vectors.
+table.128               Data for the table tests and 128-bit keys.
+table.192               Data for the table tests and 192-bit keys.
+table.256               Data for the table tests and 256-bit keys.
+fips-test-vectors.txt   Key schedule and ciphertext intermediate values
+                        (reduced set proposed for FIPS inclusion).
+Makefile                A sample makefile; may need some changes,
+                        depending on the C compiler used.
+
+N.B. Both the API implementation and the provisional reduced set of
+test vectors are likely to change, according to NIST's final decision
+regarding modes of operation and the FIPS contents. They are therefore
+marked as "version 2.9" rather than "version 3.0".
+