aes.c

Go to the documentation of this file.

/*
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%                                                                             %
%                                                                             %
%                                                                             %
%                              AAA   EEEEE  SSSSS                             %
%                             A   A  E      SS                                %
%                             AAAAA  EEE     SSS                              %
%                             A   A  E         SS                             %
%                             A   A  EEEEE  SSSSS                             %
%                                                                             %
%                                                                             %
%         Wizard's Toolkit Advanced Encryption Standard Cipher Methods        %
%                                                                             %
%                               Software Design                               %
%                                 John Cristy                                 %
%                                 March 2003                                  %
%                                                                             %
%                                                                             %
%  Copyright 1999-2010 ImageMagick Studio LLC, a non-profit organization      %
%  dedicated to making software imaging solutions freely available.           %
%                                                                             %
%  You may not use this file except in compliance with the License.  You may  %
%  obtain a copy of the License at                                            %
%                                                                             %
%    http://www.wizards-toolkit.org/script/license.php                        %
%                                                                             %
%  Unless required by applicable law or agreed to in writing, software        %
%  distributed under the License is distributed on an "AS IS" BASIS,          %
%  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   %
%  See the License for the specific language governing permissions and        %
%  limitations under the License.                                             %
%                                                                             %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
%
*/

/*
  Include declarations.
*/
#include "wizard/studio.h"
#include "wizard/aes.h"
#include "wizard/exception.h"
#include "wizard/exception-private.h"
#include "wizard/memory_.h"

/*
  Typedef declarations.
*/
struct _AESInfo
{
  StringInfo
    *key;

  unsigned int
    blocksize,
    *encipher_key,
    *decipher_key;

  ssize_t
    rounds;

  time_t
    timestamp;

  size_t
    signature;
};

/*
  Define declarations.
*/
#define AESBlocksize 16

/*
  Global declarations.
*/
static unsigned char
  InverseLog[256] =
  {
      1,   3,   5,  15,  17,  51,  85, 255,  26,  46, 114, 150, 161, 248,
     19,  53,  95, 225,  56,  72, 216, 115, 149, 164, 247,   2,   6,  10,
     30,  34, 102, 170, 229,  52,  92, 228,  55,  89, 235,  38, 106, 190,
    217, 112, 144, 171, 230,  49,  83, 245,   4,  12,  20,  60,  68, 204,
     79, 209, 104, 184, 211, 110, 178, 205,  76, 212, 103, 169, 224,  59,
     77, 215,  98, 166, 241,   8,  24,  40, 120, 136, 131, 158, 185, 208,
    107, 189, 220, 127, 129, 152, 179, 206,  73, 219, 118, 154, 181, 196,
     87, 249,  16,  48,  80, 240,  11,  29,  39, 105, 187, 214,  97, 163,
    254,  25,  43, 125, 135, 146, 173, 236,  47, 113, 147, 174, 233,  32,
     96, 160, 251,  22,  58,  78, 210, 109, 183, 194,  93, 231,  50,  86,
    250,  21,  63,  65, 195,  94, 226,  61,  71, 201,  64, 192,  91, 237,
     44, 116, 156, 191, 218, 117, 159, 186, 213, 100, 172, 239,  42, 126,
    130, 157, 188, 223, 122, 142, 137, 128, 155, 182, 193,  88, 232,  35,
    101, 175, 234,  37, 111, 177, 200,  67, 197,  84, 252,  31,  33,  99,
    165, 244,   7,   9,  27,  45, 119, 153, 176, 203,  70, 202,  69, 207,
     74, 222, 121, 139, 134, 145, 168, 227,  62,  66, 198,  81, 243,  14,
     18,  54,  90, 238,  41, 123, 141, 140, 143, 138, 133, 148, 167, 242,
     13,  23,  57,  75, 221, 124, 132, 151, 162, 253,  28,  36, 108, 180,
    199,  82, 246,   1
  },
  Log[256] =
  {
      0,   0,  25,   1,  50,   2,  26, 198,  75, 199,  27, 104,  51, 238,
    223,   3, 100,   4, 224,  14,  52, 141, 129, 239,  76, 113,   8, 200,
    248, 105,  28, 193, 125, 194,  29, 181, 249, 185,  39, 106,  77, 228,
    166, 114, 154, 201,   9, 120, 101,  47, 138,   5,  33,  15, 225,  36,
     18, 240, 130,  69,  53, 147, 218, 142, 150, 143, 219, 189,  54, 208,
    206, 148,  19,  92, 210, 241,  64,  70, 131,  56, 102, 221, 253,  48,
    191,   6, 139,  98, 179,  37, 226, 152,  34, 136, 145,  16, 126, 110,
     72, 195, 163, 182,  30,  66,  58, 107,  40,  84, 250, 133,  61, 186,
     43, 121,  10,  21, 155, 159,  94, 202,  78, 212, 172, 229, 243, 115,
    167,  87, 175,  88, 168,  80, 244, 234, 214, 116,  79, 174, 233, 213,
    231, 230, 173, 232,  44, 215, 117, 122, 235,  22,  11, 245,  89, 203,
     95, 176, 156, 169,  81, 160, 127,  12, 246, 111,  23, 196,  73, 236,
    216,  67,  31,  45, 164, 118, 123, 183, 204, 187,  62,  90, 251,  96,
    177, 134,  59,  82, 161, 108, 170,  85,  41, 157, 151, 178, 135, 144,
     97, 190, 220, 252, 188, 149, 207, 205,  55,  63,  91, 209,  83,  57,
    132, 60,   65, 162, 109,  71,  20,  42, 158,  93,  86, 242, 211, 171,
     68,  17, 146, 217,  35,  32,  46, 137, 180, 124, 184,  38, 119, 153,
    227, 165, 103,  74, 237, 222, 197,  49, 254,  24,  13,  99, 140, 128,
    192, 247, 112,   7,
  },
  SBox[256] =
  {
     99, 124, 119, 123, 242, 107, 111, 197,  48,   1, 103,  43, 254, 215,
    171, 118, 202, 130, 201, 125, 250,  89,  71, 240, 173, 212, 162, 175,
    156, 164, 114, 192, 183, 253, 147,  38,  54,  63, 247, 204,  52, 165,
    229, 241, 113, 216,  49,  21,   4, 199,  35, 195,  24, 150,   5, 154,
      7,  18, 128, 226, 235,  39, 178, 117,   9, 131,  44,  26,  27, 110,
     90, 160,  82,  59, 214, 179,  41, 227,  47, 132,  83, 209,   0, 237,
     32, 252, 177,  91, 106, 203, 190,  57,  74,  76,  88, 207, 208, 239,
    170, 251,  67,  77,  51, 133,  69, 249,   2, 127,  80,  60, 159, 168,
     81, 163,  64, 143, 146, 157,  56, 245, 188, 182, 218,  33,  16, 255,
    243, 210, 205,  12,  19, 236,  95, 151,  68,  23, 196, 167, 126,  61,
    100,  93,  25, 115,  96, 129,  79, 220,  34,  42, 144, 136,  70, 238,
    184,  20, 222,  94,  11, 219, 224,  50,  58,  10,  73,   6,  36,  92,
    194, 211, 172,  98, 145, 149, 228, 121, 231, 200,  55, 109, 141, 213,
     78, 169, 108,  86, 244, 234, 101, 122, 174,   8, 186, 120,  37,  46,
     28, 166, 180, 198, 232, 221, 116,  31,  75, 189, 139, 138, 112,  62,
    181, 102,  72,   3, 246,  14,  97,  53,  87, 185, 134, 193,  29, 158,
    225, 248, 152,  17, 105, 217, 142, 148, 155,  30, 135, 233, 206,  85,
     40, 223, 140, 161, 137,  13, 191, 230,  66, 104,  65, 153,  45,  15,
    176,  84, 187, 22
  };

/*
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%                                                                             %
%                                                                             %
%                                                                             %
%   A c q u i r e A E S I n f o                                               %
%                                                                             %
%                                                                             %
%                                                                             %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
%  AcquireAESInfo() allocate the AESInfo structure.
%
%  The format of the AcquireAESInfo method is:
%
%      AESInfo *AcquireAESInfo(void)
%
*/
WizardExport AESInfo *AcquireAESInfo(void)
{
  AESInfo
    *aes_info;

  aes_info=(AESInfo *) AcquireAlignedMemory(1,sizeof(*aes_info));
  if (aes_info == (AESInfo *) NULL)
    ThrowWizardFatalError(CipherDomain,MemoryError);
  (void) ResetWizardMemory(aes_info,0,sizeof(*aes_info));
  aes_info->blocksize=AESBlocksize;
  aes_info->key=AcquireStringInfo(32);
  aes_info->encipher_key=(unsigned int *) AcquireQuantumMemory(60UL,
    sizeof(*aes_info->encipher_key));
  aes_info->decipher_key=(unsigned int *) AcquireQuantumMemory(60UL,
    sizeof(*aes_info->decipher_key));
  if ((aes_info->key == (StringInfo *) NULL) ||
      (aes_info->encipher_key == (unsigned int *) NULL) ||
      (aes_info->decipher_key == (unsigned int *) NULL))
    ThrowWizardFatalError(CipherDomain,MemoryError);
  aes_info->timestamp=time((time_t *) NULL);
  aes_info->signature=WizardSignature;
  return(aes_info);
}

/*
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%                                                                             %
%                                                                             %
%                                                                             %
%   D e c i p h e r A E S B l o c k                                           %
%                                                                             %
%                                                                             %
%                                                                             %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
%  DecipherAESBlock() deciphers a single block of ciphertext to produce a block
%  of plaintext.
%
%  The format of the DecipherAESBlock method is:
%
%     void DecipherAES(AESInfo *aes_info,const unsigned char *ciphertext,
%       unsigned char *plaintext)
%
%  A description of each parameter follows:
%
%    o aes_info: The cipher context.
%
%    o ciphertext: The cipher text.
%
%    o plainttext: The plaint text.
%
*/

static inline void AddRoundKey(const unsigned int *ciphertext,
  const unsigned int *key,unsigned int *plaintext)
{
  register ssize_t
    i;

  /*
    Xor corresponding text input and round key input bytes.
  */
  for (i=0; i < 4; i++)
    plaintext[i]=key[i] ^ ciphertext[i];
}

static inline unsigned char ByteMultiply(const unsigned char alpha,
  const unsigned char beta)
{
  /*
    Byte multiply two elements of GF(2^m) (mix columns and inverse mix columns).
  */
  if ((alpha == 0) || (beta == 0))
    return(0);
  return(InverseLog[(Log[alpha]+Log[beta]) % 0xff]);
}

static inline unsigned int ByteSubTransform(unsigned int x,
  unsigned char *s_box)
{
  unsigned int
    key;

  /*
    Non-linear layer resists differential and linear cryptoanalysis attacks.
  */
  key=(s_box[x & 0xff]) | (s_box[(x >> 8) & 0xff] << 8) |
    (s_box[(x >> 16) & 0xff] << 16) | (s_box[(x >> 24) & 0xff] << 24);
  return(key);
}

static void FinalizeRoundKey(const unsigned int *ciphertext,
  const unsigned int *key,unsigned char *plaintext)
{
  register unsigned char
    *p;

  register unsigned int
    i,
    j;

  unsigned int
    value;

  /*
    The round key is XORed with the result of the mix-column transformation.
  */
  p=plaintext;
  for (i=0; i < 4; i++)
  {
    value=ciphertext[i] ^ key[i];
    for (j=0; j < 4; j++)
      *p++=(value >> (8*j)) & 0xff;
  }
  /*
    Reset registers.
  */
  value=0;
}

static void InitializeRoundKey(const unsigned char *ciphertext,
  const unsigned int *key,unsigned int *plaintext)
{
  register const unsigned char
    *p;

  register unsigned int
    i,
    j;

  unsigned int
    value;

  p=ciphertext;
  for (i=0; i < 4; i++)
  {
    value=0;
    for (j=0; j < 4; j++)
      value|=(*p++ << (8*j));
    plaintext[i]=key[i] ^ value;
  }
  /*
    Reset registers.
  */
  value=0;
}

static inline unsigned int RotateLeft(const unsigned int x)
{
  return(((x << 8) | ((x >> 24) & 0xff)));
}

WizardExport void DecipherAESBlock(AESInfo *aes_info,
  const unsigned char *ciphertext,unsigned char *plaintext)
{
  static int
    map[4][4] =
    {
      { 0, 1, 2, 3 },
      { 3, 0, 1, 2 },
      { 2, 3, 0, 1 },
      { 1, 2, 3, 0 }
    };

  static unsigned char
    InverseSBox[256] =
    {
       82,   9, 106, 213,  48,  54, 165,  56, 191,  64, 163, 158, 129, 243,
      215, 251, 124, 227,  57, 130, 155,  47, 255, 135,  52, 142,  67,  68,
      196, 222, 233, 203,  84, 123, 148,  50, 166, 194,  35,  61, 238,  76,
      149,  11,  66, 250, 195,  78,   8,  46, 161, 102,  40, 217,  36, 178,
      118,  91, 162,  73, 109, 139, 209,  37, 114, 248, 246, 100, 134, 104,
      152,  22, 212, 164,  92, 204,  93, 101, 182, 146, 108, 112,  72,  80,
      253, 237, 185, 218,  94,  21,  70,  87, 167, 141, 157, 132, 144, 216,
      171,   0, 140, 188, 211,  10, 247, 228,  88,   5, 184, 179,  69,   6,
      208,  44,  30, 143, 202,  63,  15,   2, 193, 175, 189,   3,   1,  19,
      138, 107,  58, 145,  17,  65,  79, 103, 220, 234, 151, 242, 207, 206,
      240, 180, 230, 115, 150, 172, 116,  34, 231, 173,  53, 133, 226, 249,
       55, 232,  28, 117, 223, 110,  71, 241,  26, 113,  29,  41, 197, 137,
      111, 183,  98,  14, 170,  24, 190,  27, 252,  86,  62,  75, 198, 210,
      121,  32, 154, 219, 192, 254, 120, 205,  90, 244,  31, 221, 168,  51,
      136,   7, 199,  49, 177,  18,  16,  89,  39, 128, 236,  95,  96,  81,
      127, 169,  25, 181,  74,  13,  45, 229, 122, 159, 147, 201, 156, 239,
      160, 224,  59,  77, 174,  42, 245, 176, 200, 235, 187,  60, 131,  83,
      153,  97,  23,  43,   4, 126, 186, 119, 214,  38, 225, 105,  20,  99,
       85,  33,  12, 125,
    };

  static unsigned int
    I[] =
    {
      0x50a7f451U, 0x5365417eU, 0xc3a4171aU, 0x965e273aU, 0xcb6bab3bU,
      0xf1459d1fU, 0xab58faacU, 0x9303e34bU, 0x55fa3020U, 0xf66d76adU,
      0x9176cc88U, 0x254c02f5U, 0xfcd7e54fU, 0xd7cb2ac5U, 0x80443526U,
      0x8fa362b5U, 0x495ab1deU, 0x671bba25U, 0x980eea45U, 0xe1c0fe5dU,
      0x02752fc3U, 0x12f04c81U, 0xa397468dU, 0xc6f9d36bU, 0xe75f8f03U,
      0x959c9215U, 0xeb7a6dbfU, 0xda595295U, 0x2d83bed4U, 0xd3217458U,
      0x2969e049U, 0x44c8c98eU, 0x6a89c275U, 0x78798ef4U, 0x6b3e5899U,
      0xdd71b927U, 0xb64fe1beU, 0x17ad88f0U, 0x66ac20c9U, 0xb43ace7dU,
      0x184adf63U, 0x82311ae5U, 0x60335197U, 0x457f5362U, 0xe07764b1U,
      0x84ae6bbbU, 0x1ca081feU, 0x942b08f9U, 0x58684870U, 0x19fd458fU,
      0x876cde94U, 0xb7f87b52U, 0x23d373abU, 0xe2024b72U, 0x578f1fe3U,
      0x2aab5566U, 0x0728ebb2U, 0x03c2b52fU, 0x9a7bc586U, 0xa50837d3U,
      0xf2872830U, 0xb2a5bf23U, 0xba6a0302U, 0x5c8216edU, 0x2b1ccf8aU,
      0x92b479a7U, 0xf0f207f3U, 0xa1e2694eU, 0xcdf4da65U, 0xd5be0506U,
      0x1f6234d1U, 0x8afea6c4U, 0x9d532e34U, 0xa055f3a2U, 0x32e18a05U,
      0x75ebf6a4U, 0x39ec830bU, 0xaaef6040U, 0x069f715eU, 0x51106ebdU,
      0xf98a213eU, 0x3d06dd96U, 0xae053eddU, 0x46bde64dU, 0xb58d5491U,
      0x055dc471U, 0x6fd40604U, 0xff155060U, 0x24fb9819U, 0x97e9bdd6U,
      0xcc434089U, 0x779ed967U, 0xbd42e8b0U, 0x888b8907U, 0x385b19e7U,
      0xdbeec879U, 0x470a7ca1U, 0xe90f427cU, 0xc91e84f8U, 0x00000000U,
      0x83868009U, 0x48ed2b32U, 0xac70111eU, 0x4e725a6cU, 0xfbff0efdU,
      0x5638850fU, 0x1ed5ae3dU, 0x27392d36U, 0x64d90f0aU, 0x21a65c68U,
      0xd1545b9bU, 0x3a2e3624U, 0xb1670a0cU, 0x0fe75793U, 0xd296eeb4U,
      0x9e919b1bU, 0x4fc5c080U, 0xa220dc61U, 0x694b775aU, 0x161a121cU,
      0x0aba93e2U, 0xe52aa0c0U, 0x43e0223cU, 0x1d171b12U, 0x0b0d090eU,
      0xadc78bf2U, 0xb9a8b62dU, 0xc8a91e14U, 0x8519f157U, 0x4c0775afU,
      0xbbdd99eeU, 0xfd607fa3U, 0x9f2601f7U, 0xbcf5725cU, 0xc53b6644U,
      0x347efb5bU, 0x7629438bU, 0xdcc623cbU, 0x68fcedb6U, 0x63f1e4b8U,
      0xcadc31d7U, 0x10856342U, 0x40229713U, 0x2011c684U, 0x7d244a85U,
      0xf83dbbd2U, 0x1132f9aeU, 0x6da129c7U, 0x4b2f9e1dU, 0xf330b2dcU,
      0xec52860dU, 0xd0e3c177U, 0x6c16b32bU, 0x99b970a9U, 0xfa489411U,
      0x2264e947U, 0xc48cfca8U, 0x1a3ff0a0U, 0xd82c7d56U, 0xef903322U,
      0xc74e4987U, 0xc1d138d9U, 0xfea2ca8cU, 0x360bd498U, 0xcf81f5a6U,
      0x28de7aa5U, 0x268eb7daU, 0xa4bfad3fU, 0xe49d3a2cU, 0x0d927850U,
      0x9bcc5f6aU, 0x62467e54U, 0xc2138df6U, 0xe8b8d890U, 0x5ef7392eU,
      0xf5afc382U, 0xbe805d9fU, 0x7c93d069U, 0xa92dd56fU, 0xb31225cfU,
      0x3b99acc8U, 0xa77d1810U, 0x6e639ce8U, 0x7bbb3bdbU, 0x097826cdU,
      0xf418596eU, 0x01b79aecU, 0xa89a4f83U, 0x656e95e6U, 0x7ee6ffaaU,
      0x08cfbc21U, 0xe6e815efU, 0xd99be7baU, 0xce366f4aU, 0xd4099feaU,
      0xd67cb029U, 0xafb2a431U, 0x31233f2aU, 0x3094a5c6U, 0xc066a235U,
      0x37bc4e74U, 0xa6ca82fcU, 0xb0d090e0U, 0x15d8a733U, 0x4a9804f1U,
      0xf7daec41U, 0x0e50cd7fU, 0x2ff69117U, 0x8dd64d76U, 0x4db0ef43U,
      0x544daaccU, 0xdf0496e4U, 0xe3b5d19eU, 0x1b886a4cU, 0xb81f2cc1U,
      0x7f516546U, 0x04ea5e9dU, 0x5d358c01U, 0x737487faU, 0x2e410bfbU,
      0x5a1d67b3U, 0x52d2db92U, 0x335610e9U, 0x1347d66dU, 0x8c61d79aU,
      0x7a0ca137U, 0x8e14f859U, 0x893c13ebU, 0xee27a9ceU, 0x35c961b7U,
      0xede51ce1U, 0x3cb1477aU, 0x59dfd29cU, 0x3f73f255U, 0x79ce1418U,
      0xbf37c773U, 0xeacdf753U, 0x5baafd5fU, 0x146f3ddfU, 0x86db4478U,
      0x81f3afcaU, 0x3ec468b9U, 0x2c342438U, 0x5f40a3c2U, 0x72c31d16U,
      0x0c25e2bcU, 0x8b493c28U, 0x41950dffU, 0x7101a839U, 0xdeb30c08U,
      0x9ce4b4d8U, 0x90c15664U, 0x6184cb7bU, 0x70b632d5U, 0x745c6c48U,
      0x4257b8d0U
    };

  register ssize_t
    i,
    j;

  unsigned int
    alpha,
    key[4],
    text[4];

  /*
    Decipher one block.
  */
  (void) memset(text,0,sizeof(text));
  InitializeRoundKey(ciphertext,aes_info->decipher_key+4*aes_info->rounds,text);
  for (i=aes_info->rounds-1; i > 0;  i--)
  {
    /*
      This linear mixing step undiffuses the bits over multiple rounds.
    */
    for (j=0; j < 4; j++)
      key[j]=I[text[j] & 0xff] ^
        RotateLeft(I[(text[map[1][j]] >> 8) & 0xff] ^
        RotateLeft(I[(text[map[2][j]] >> 16) & 0xff] ^
        RotateLeft(I[(text[map[3][j]] >> 24) & 0xff])));
    AddRoundKey(key,aes_info->decipher_key+4*i,text);
  }
  for (i=0; i < 4; i++)
  {
    alpha=(text[i] & 0x000000ff) | ((text[map[1][i]]) & 0x0000ff00) |
      ((text[map[2][i]]) & 0x00ff0000) | ((text[map[3][i]]) & 0xff000000);
    key[i]=ByteSubTransform(alpha,InverseSBox);
  }
  FinalizeRoundKey(key,aes_info->decipher_key,plaintext);
  /*
    Reset registers.
  */
  alpha=0;
  (void) ResetWizardMemory(key,0,sizeof(key));
  (void) ResetWizardMemory(text,0,sizeof(text));
}

/*
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%                                                                             %
%                                                                             %
%                                                                             %
%   D e s t r o y A E S I n f o                                               %
%                                                                             %
%                                                                             %
%                                                                             %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
%  DestroyAESInfo() zeros memory associated with the AESInfo structure.
%
%  The format of the DestroyAESInfo method is:
%
%      AESInfo *DestroyAESInfo(AESInfo *aes_info)
%
%  A description of each parameter follows:
%
%    o aes_info: The cipher context.
%
*/
WizardExport AESInfo *DestroyAESInfo(AESInfo *aes_info)
{
  (void) LogWizardEvent(TraceEvent,GetWizardModule(),"...");
  WizardAssert(CipherDomain,aes_info != (AESInfo *) NULL);
  WizardAssert(CipherDomain,aes_info->signature == WizardSignature);
  if (aes_info->decipher_key != (unsigned int *) NULL)
    aes_info->decipher_key=(unsigned int *)
      RelinquishWizardMemory(aes_info->decipher_key);
  if (aes_info->encipher_key != (unsigned int *) NULL)
    aes_info->encipher_key=(unsigned int *)
      RelinquishWizardMemory(aes_info->encipher_key);
  if (aes_info->key != (StringInfo *) NULL)
    aes_info->key=DestroyStringInfo(aes_info->key);
  aes_info->signature=(~WizardSignature);
  aes_info=(AESInfo *) RelinquishWizardMemory(aes_info);
  return(aes_info);
}

/*
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%                                                                             %
%                                                                             %
%                                                                             %
%   E n c i p h e r A E S B l o c k                                           %
%                                                                             %
%                                                                             %
%                                                                             %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
%  EncipherAESBlock() enciphers a single block of plaintext to produce a block
%  of ciphertext.
%
%  The format of the EncipherAESBlock method is:
%
%      void EncipherAES(AESInfo *aes_info,const unsigned char *plaintext,
%        unsigned char *ciphertext)
%
%  A description of each parameter follows:
%
%    o aes_info: The cipher context.
%
%    o plaintext: The plain text.
%
%    o ciphertext: The cipher text.
%
*/
WizardExport void EncipherAESBlock(AESInfo *aes_info,
  const unsigned char *plaintext,unsigned char *ciphertext)
{
  register ssize_t
    i,
    j;

  static int
    map[4][4] =
    {
      { 0, 1, 2, 3 },
      { 1, 2, 3, 0 },
      { 2, 3, 0, 1 },
      { 3, 0, 1, 2 }
    };

  static unsigned int
    D[] =
    {
      0xa56363c6U, 0x847c7cf8U, 0x997777eeU, 0x8d7b7bf6U, 0x0df2f2ffU,
      0xbd6b6bd6U, 0xb16f6fdeU, 0x54c5c591U, 0x50303060U, 0x03010102U,
      0xa96767ceU, 0x7d2b2b56U, 0x19fefee7U, 0x62d7d7b5U, 0xe6abab4dU,
      0x9a7676ecU, 0x45caca8fU, 0x9d82821fU, 0x40c9c989U, 0x877d7dfaU,
      0x15fafaefU, 0xeb5959b2U, 0xc947478eU, 0x0bf0f0fbU, 0xecadad41U,
      0x67d4d4b3U, 0xfda2a25fU, 0xeaafaf45U, 0xbf9c9c23U, 0xf7a4a453U,
      0x967272e4U, 0x5bc0c09bU, 0xc2b7b775U, 0x1cfdfde1U, 0xae93933dU,
      0x6a26264cU, 0x5a36366cU, 0x413f3f7eU, 0x02f7f7f5U, 0x4fcccc83U,
      0x5c343468U, 0xf4a5a551U, 0x34e5e5d1U, 0x08f1f1f9U, 0x937171e2U,
      0x73d8d8abU, 0x53313162U, 0x3f15152aU, 0x0c040408U, 0x52c7c795U,
      0x65232346U, 0x5ec3c39dU, 0x28181830U, 0xa1969637U, 0x0f05050aU,
      0xb59a9a2fU, 0x0907070eU, 0x36121224U, 0x9b80801bU, 0x3de2e2dfU,
      0x26ebebcdU, 0x6927274eU, 0xcdb2b27fU, 0x9f7575eaU, 0x1b090912U,
      0x9e83831dU, 0x742c2c58U, 0x2e1a1a34U, 0x2d1b1b36U, 0xb26e6edcU,
      0xee5a5ab4U, 0xfba0a05bU, 0xf65252a4U, 0x4d3b3b76U, 0x61d6d6b7U,
      0xceb3b37dU, 0x7b292952U, 0x3ee3e3ddU, 0x712f2f5eU, 0x97848413U,
      0xf55353a6U, 0x68d1d1b9U, 0x00000000U, 0x2cededc1U, 0x60202040U,
      0x1ffcfce3U, 0xc8b1b179U, 0xed5b5bb6U, 0xbe6a6ad4U, 0x46cbcb8dU,
      0xd9bebe67U, 0x4b393972U, 0xde4a4a94U, 0xd44c4c98U, 0xe85858b0U,
      0x4acfcf85U, 0x6bd0d0bbU, 0x2aefefc5U, 0xe5aaaa4fU, 0x16fbfbedU,
      0xc5434386U, 0xd74d4d9aU, 0x55333366U, 0x94858511U, 0xcf45458aU,
      0x10f9f9e9U, 0x06020204U, 0x817f7ffeU, 0xf05050a0U, 0x443c3c78U,
      0xba9f9f25U, 0xe3a8a84bU, 0xf35151a2U, 0xfea3a35dU, 0xc0404080U,
      0x8a8f8f05U, 0xad92923fU, 0xbc9d9d21U, 0x48383870U, 0x04f5f5f1U,
      0xdfbcbc63U, 0xc1b6b677U, 0x75dadaafU, 0x63212142U, 0x30101020U,
      0x1affffe5U, 0x0ef3f3fdU, 0x6dd2d2bfU, 0x4ccdcd81U, 0x140c0c18U,
      0x35131326U, 0x2fececc3U, 0xe15f5fbeU, 0xa2979735U, 0xcc444488U,
      0x3917172eU, 0x57c4c493U, 0xf2a7a755U, 0x827e7efcU, 0x473d3d7aU,
      0xac6464c8U, 0xe75d5dbaU, 0x2b191932U, 0x957373e6U, 0xa06060c0U,
      0x98818119U, 0xd14f4f9eU, 0x7fdcdca3U, 0x66222244U, 0x7e2a2a54U,
      0xab90903bU, 0x8388880bU, 0xca46468cU, 0x29eeeec7U, 0xd3b8b86bU,
      0x3c141428U, 0x79dedea7U, 0xe25e5ebcU, 0x1d0b0b16U, 0x76dbdbadU,
      0x3be0e0dbU, 0x56323264U, 0x4e3a3a74U, 0x1e0a0a14U, 0xdb494992U,
      0x0a06060cU, 0x6c242448U, 0xe45c5cb8U, 0x5dc2c29fU, 0x6ed3d3bdU,
      0xefacac43U, 0xa66262c4U, 0xa8919139U, 0xa4959531U, 0x37e4e4d3U,
      0x8b7979f2U, 0x32e7e7d5U, 0x43c8c88bU, 0x5937376eU, 0xb76d6ddaU,
      0x8c8d8d01U, 0x64d5d5b1U, 0xd24e4e9cU, 0xe0a9a949U, 0xb46c6cd8U,
      0xfa5656acU, 0x07f4f4f3U, 0x25eaeacfU, 0xaf6565caU, 0x8e7a7af4U,
      0xe9aeae47U, 0x18080810U, 0xd5baba6fU, 0x887878f0U, 0x6f25254aU,
      0x722e2e5cU, 0x241c1c38U, 0xf1a6a657U, 0xc7b4b473U, 0x51c6c697U,
      0x23e8e8cbU, 0x7cdddda1U, 0x9c7474e8U, 0x211f1f3eU, 0xdd4b4b96U,
      0xdcbdbd61U, 0x868b8b0dU, 0x858a8a0fU, 0x907070e0U, 0x423e3e7cU,
      0xc4b5b571U, 0xaa6666ccU, 0xd8484890U, 0x05030306U, 0x01f6f6f7U,
      0x120e0e1cU, 0xa36161c2U, 0x5f35356aU, 0xf95757aeU, 0xd0b9b969U,
      0x91868617U, 0x58c1c199U, 0x271d1d3aU, 0xb99e9e27U, 0x38e1e1d9U,
      0x13f8f8ebU, 0xb398982bU, 0x33111122U, 0xbb6969d2U, 0x70d9d9a9U,
      0x898e8e07U, 0xa7949433U, 0xb69b9b2dU, 0x221e1e3cU, 0x92878715U,
      0x20e9e9c9U, 0x49cece87U, 0xff5555aaU, 0x78282850U, 0x7adfdfa5U,
      0x8f8c8c03U, 0xf8a1a159U, 0x80898909U, 0x170d0d1aU, 0xdabfbf65U,
      0x31e6e6d7U, 0xc6424284U, 0xb86868d0U, 0xc3414182U, 0xb0999929U,
      0x772d2d5aU, 0x110f0f1eU, 0xcbb0b07bU, 0xfc5454a8U, 0xd6bbbb6dU,
      0x3a16162cU
    };

  unsigned int
    alpha,
    key[4],
    text[4];

  /*
    Encipher one block.
  */
  (void) memset(text,0,sizeof(text));
  InitializeRoundKey(plaintext,aes_info->encipher_key,text);
  for (i=1; i < aes_info->rounds; i++)
  {
    /*
      Linear mixing step: cause diffusion of the bits over multiple rounds.
    */
    for (j=0; j < 4; j++)
      key[j]=D[text[j] & 0xff] ^
        RotateLeft(D[(text[map[1][j]] >> 8) & 0xff] ^
        RotateLeft(D[(text[map[2][j]] >> 16) & 0xff] ^
        RotateLeft(D[(text[map[3][j]] >> 24) & 0xff])));
    AddRoundKey(key,aes_info->encipher_key+4*i,text);
  }
  for (i=0; i < 4; i++)
  {
    alpha=(text[i] & 0x000000ff) | ((text[map[1][i]]) & 0x0000ff00) |
      ((text[map[2][i]]) & 0x00ff0000) | ((text[map[3][i]]) & 0xff000000);
    key[i]=ByteSubTransform(alpha,SBox);
  }
  FinalizeRoundKey(key,aes_info->encipher_key+4*aes_info->rounds,ciphertext);
  /*
    Reset registers.
  */
  alpha=0;
  (void) ResetWizardMemory(key,0,sizeof(key));
  (void) ResetWizardMemory(text,0,sizeof(text));
}

/*
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%                                                                             %
%                                                                             %
%                                                                             %
%   G e t A E S B l o c k s i z e                                             %
%                                                                             %
%                                                                             %
%                                                                             %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
%  GetAESBlocksize() returns the AES blocksize.
%
%  The format of the GetAESBlocksize method is:
%
%      unsigned int *GetAESBlocksize(const AESInfo *aes_info)
%
%  A description of each parameter follows:
%
%    o aes_info: The aes info.
%
*/
WizardExport unsigned int GetAESBlocksize(const AESInfo *aes_info)
{
  (void) LogWizardEvent(TraceEvent,GetWizardModule(),"...");
  WizardAssert(CipherDomain,aes_info != (AESInfo *) NULL);
  WizardAssert(CipherDomain,aes_info->signature == WizardSignature);
  return(aes_info->blocksize);
}

/*
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%                                                                             %
%                                                                             %
%                                                                             %
%   S e t A E S K e y                                                         %
%                                                                             %
%                                                                             %
%                                                                             %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
%  SetAESKey() sets the key for the AES cipher.  The key length is specified
%  in bits.  Valid values are 128, 192, or 256 requiring a key buffer length
%  in bytes of 16, 24, and 32 respectively.
%
%  The format of the SetAESKey method is:
%
%      SetAESKey(AESInfo *aes_info,const StringInfo *key)
%
%  A description of each parameter follows:
%
%    o aes_info: The cipher context.
%
%    o key: The key.
%
*/

static inline void InverseAddRoundKey(const unsigned int *alpha,
  unsigned int *beta)
{
  register unsigned int
    i,
    j;

  for (i=0; i < 4; i++)
  {
    beta[i]=0;
    for (j=0; j < 4; j++)
      beta[i]|=(ByteMultiply(0xe,(alpha[i] >> (8*j)) & 0xff) ^
        ByteMultiply(0xb,(alpha[i] >> (8*((j+1) % 4))) & 0xff) ^
        ByteMultiply(0xd,(alpha[i] >> (8*((j+2) % 4))) & 0xff) ^
        ByteMultiply(0x9,(alpha[i] >> (8*((j+3) % 4))) & 0xff)) << (8*j);
  }
}

static inline unsigned int XTime(unsigned char alpha)
{
  unsigned char
    beta;

  beta=(unsigned char) ((alpha & 0x80) != 0 ? 0x1b : 0);
  alpha<<=1;
  alpha^=beta;
  return(alpha);
}

static inline unsigned int RotateRight(const unsigned int x)
{
  return((x >> 8) | ((x & 0xff) << 24));
}

WizardExport void SetAESKey(AESInfo *aes_info,const StringInfo *key)
{
  ssize_t
    bytes,
    n;

  register ssize_t
    i;

  unsigned char
    *datum;

  unsigned int
    alpha,
    beta;

  /*
    Determine the number of rounds based on the number of bits in key.
  */
  (void) LogWizardEvent(TraceEvent,GetWizardModule(),"...");
  WizardAssert(CipherDomain,aes_info != (AESInfo *) NULL);
  WizardAssert(CipherDomain,aes_info->signature == WizardSignature);
  WizardAssert(CipherDomain,key != (StringInfo *) NULL);
  n=4;
  aes_info->rounds=10;
  if ((8*GetStringInfoLength(key)) >= 256)
    {
      n=8;
      aes_info->rounds=14;
    }
  else
    if ((8*GetStringInfoLength(key)) >= 192)
      {
        n=6;
        aes_info->rounds=12;
      }
  /*
    Generate crypt key.
  */
  datum=GetStringInfoDatum(aes_info->key);
  (void) ResetWizardMemory(datum,0,GetStringInfoLength(aes_info->key));
  (void) CopyWizardMemory(datum,GetStringInfoDatum(key),
    Min(GetStringInfoLength(key),GetStringInfoLength(aes_info->key)));
  for (i=0; i < n; i++)
    aes_info->encipher_key[i]=datum[4*i] | (datum[4*i+1] << 8) |
      (datum[4*i+2] << 16) | (datum[4*i+3] << 24);
  beta=1;
  bytes=(AESBlocksize/4)*(aes_info->rounds+1);
  for (i=n; i < bytes; i++)
  {
    alpha=aes_info->encipher_key[i-1];
    if ((i % n) == 0)
      {
        alpha=ByteSubTransform(RotateRight(alpha),SBox) ^ beta;
        beta=XTime((unsigned char) (beta & 0xff));
      }
    else
      if ((n > 6) && ((i % n) == 4))
        alpha=ByteSubTransform(alpha,SBox);
    aes_info->encipher_key[i]=aes_info->encipher_key[i-n] ^ alpha;
  }
  /*
    Generate deciphering key (in reverse order).
  */
  for (i=0; i < 4; i++)
  {
    aes_info->decipher_key[i]=aes_info->encipher_key[i];
    aes_info->decipher_key[bytes-4+i]=aes_info->encipher_key[bytes-4+i];
  }
  for (i=4; i < (bytes-4); i+=4)
    InverseAddRoundKey(aes_info->encipher_key+i,aes_info->decipher_key+i);
  /*
    Reset registers.
  */
  datum=GetStringInfoDatum(aes_info->key);
  (void) ResetWizardMemory(datum,0,GetStringInfoLength(aes_info->key));
  alpha=0;
  beta=0;
}