/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* Copyright (C) 2017 National Security Research Institute. All Rights Reserved.
*
* Information for ARIA
* http://210.104.33.10/ARIA/index-e.html (English)
* http://seed.kisa.or.kr/ (Korean)
*
* Public domain version is distributed above.
*/
#include <openssl/e_os2.h>
#include "crypto/aria.h"
#include <assert.h>
#include <string.h>
#ifndef OPENSSL_SMALL_FOOTPRINT
/* Begin macro */
/* rotation */
#define rotl32(v, r) (((uint32_t)(v) << (r)) | ((uint32_t)(v) >> (32 - r)))
#define rotr32(v, r) (((uint32_t)(v) >> (r)) | ((uint32_t)(v) << (32 - r)))
#define bswap32(v) \
(((v) << 24) ^ ((v) >> 24) ^ \
(((v) & 0x0000ff00) << 8) ^ (((v) & 0x00ff0000) >> 8))
#define GET_U8_BE(X, Y) ((uint8_t)((X) >> ((3 - Y) * 8)))
#define GET_U32_BE(X, Y) ( \
((uint32_t)((const uint8_t *)(X))[Y * 4 ] << 24) ^ \
((uint32_t)((const uint8_t *)(X))[Y * 4 + 1] << 16) ^ \
((uint32_t)((const uint8_t *)(X))[Y * 4 + 2] << 8) ^ \
((uint32_t)((const uint8_t *)(X))[Y * 4 + 3] ) )
#define PUT_U32_BE(DEST, IDX, VAL) \
do { \
((uint8_t *)(DEST))[IDX * 4 ] = GET_U8_BE(VAL, 0); \
((uint8_t *)(DEST))[IDX * 4 + 1] = GET_U8_BE(VAL, 1); \
((uint8_t *)(DEST))[IDX * 4 + 2] = GET_U8_BE(VAL, 2); \
((uint8_t *)(DEST))[IDX * 4 + 3] = GET_U8_BE(VAL, 3); \
} while(0)
#define MAKE_U32(V0, V1, V2, V3) ( \
((uint32_t)((uint8_t)(V0)) << 24) | \
((uint32_t)((uint8_t)(V1)) << 16) | \
((uint32_t)((uint8_t)(V2)) << 8) | \
((uint32_t)((uint8_t)(V3)) ) )
/* End Macro*/
/* Key Constant
* 128bit : 0, 1, 2
* 192bit : 1, 2, 3(0)
* 256bit : 2, 3(0), 4(1)
*/
static const uint32_t Key_RC[5][4] = {
{ 0x517cc1b7, 0x27220a94, 0xfe13abe8, 0xfa9a6ee0 },
{ 0x6db14acc, 0x9e21c820, 0xff28b1d5, 0xef5de2b0 },
{ 0xdb92371d, 0x2126e970, 0x03249775, 0x04e8c90e },
{ 0x517cc1b7, 0x27220a94, 0xfe13abe8, 0xfa9a6ee0 },
{ 0x6db14acc, 0x9e21c820, 0xff28b1d5, 0xef5de2b0 }
};
/* 32bit expanded s-box */
static const uint32_t S1[256] = {
0x00636363, 0x007c7c7c, 0x00777777, 0x007b7b7b,
0x00f2f2f2, 0x006b6b6b, 0x006f6f6f, 0x00c5c5c5,
0x00303030, 0x00010101, 0x00676767, 0x002b2b2b,
0x00fefefe, 0x00d7d7d7, 0x00ababab, 0x00767676,
0x00cacaca, 0x00828282, 0x00c9c9c9, 0x007d7d7d,
0x00fafafa, 0x00595959, 0x00474747, 0x00f0f0f0,
0x00adadad, 0x00d4d4d4, 0x00a2a2a2, 0x00afafaf,
0x009c9c9c, 0x00a4a4a4, 0x00727272, 0x00c0c0c0,
0x00b7b7b7, 0x00fdfdfd, 0x00939393, 0x00262626,
0x00363636, 0x003f3f3f, 0x00f7f7f7, 0x00cccccc,
0x00343434, 0x00a5a5a5, 0x00e5e5e5, 0x00f1f1f1,
0x00717171, 0x00d8d8d8, 0x00313131, 0x00151515,
0x00040404, 0x00c7c7c7, 0x00232323, 0x00c3c3c3,
0x00181818, 0x00969696, 0x00050505, 0x009a9a9a,
0x00070707, 0x00121212, 0x00808080, 0x00e2e2e2,
0x00ebebeb, 0x00272727, 0x00b2b2b2, 0x00757575,
0x00090909, 0x00838383, 0x002c2c2c, 0x001a1a1a,
0x001b1b1b, 0x006e6e6e, 0x005a5a5a, 0x00a0a0a0,
0x00525252, 0x003b3b3b, 0x00d6d6d6, 0x00b3b3b3,
0x00292929,