decke
/
drmdecrypt
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
DRM decrypting tool for Samsung TVs PVR
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
75 Commits
1 Branch
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
drmdecrypt/AESNI.c

AESNI.c 9.9KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280 
  1. /*

  2.  *  AESNI.c: AES using AES-NI instructions

  3.  *

  4.  * Written in 2013 by Sebastian Ramacher <sebastian@ramacher.at>

  5.  *

  6.  * ===================================================================

  7.  * The contents of this file are dedicated to the public domain.  To

  8.  * the extent that dedication to the public domain is not available,

  9.  * everyone is granted a worldwide, perpetual, royalty-free,

  10.  * non-exclusive license to exercise all rights associated with the

  11.  * contents of this file for any purpose whatsoever.

  12.  * No rights are reserved.

  13.  *

  14.  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,

  15.  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF

  16.  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND

  17.  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS

  18.  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN

  19.  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN

  20.  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

  21.  * SOFTWARE.

  22.  * ===================================================================

  23.  */

  24. 

  25. #include <wmmintrin.h>

  26. #include <stdlib.h>

  27. #include <string.h>

  28. #include <errno.h>

  29. #if defined(HAVE__ALIGNED_MALLOC)

  30. #include <malloc.h>

  31. #endif

  32. 

  33. #define MODULE_NAME _AESNI

  34. #define BLOCK_SIZE 16

  35. #define KEY_SIZE 0

  36. 

  37. #define MAXKC (256/32)

  38. #define MAXKB (256/8)

  39. #define MAXNR 14

  40. 

  41. typedef unsigned char u8;

  42. 

  43. typedef struct {

  44.     __m128i* ek;

  45.     __m128i* dk;

  46.     int rounds;

  47. } block_state;

  48. 

  49. /* Wrapper functions for malloc and free with memory alignment */

  50. #if defined(HAVE_ALIGNED_ALLOC) /* aligned_alloc is defined by C11 */

  51. # define aligned_malloc_wrapper aligned_alloc

  52. # define aligned_free_wrapper free

  53. #elif defined(HAVE_POSIX_MEMALIGN) /* posix_memalign is defined by POSIX */

  54. static void* aligned_malloc_wrapper(size_t alignment, size_t size)

  55. {

  56.     void* tmp = NULL;

  57.     int err = posix_memalign(&tmp, alignment, size);

  58.     if (err != 0) {

  59.         /* posix_memalign does NOT set errno on failure; the error is returned */

  60.         errno = err;

  61.         return NULL;

  62.     }

  63.     return tmp;

  64. }

  65. # define aligned_free_wrapper free

  66. #elif defined(HAVE__ALIGNED_MALLOC) /* _aligned_malloc is available on Windows */

  67. static void* aligned_malloc_wrapper(size_t alignment, size_t size)

  68. {

  69.     /* NB: _aligned_malloc takes its args in the opposite order from aligned_alloc */

  70.     return _aligned_malloc(size, alignment);

  71. }

  72. # define aligned_free_wrapper _aligned_free

  73. #else

  74. # error "No function to allocate/free aligned memory is available."

  75. #endif

  76. 

  77. /* Helper functions to expand keys */

  78. 

  79. static __m128i aes128_keyexpand(__m128i key)

  80. {

  81.     key = _mm_xor_si128(key, _mm_slli_si128(key, 4));

  82.     key = _mm_xor_si128(key, _mm_slli_si128(key, 4));

  83.     return _mm_xor_si128(key, _mm_slli_si128(key, 4));

  84. }

  85. 

  86. static __m128i aes192_keyexpand_2(__m128i key, __m128i key2)

  87. {

  88.     key = _mm_shuffle_epi32(key, 0xff);

  89.     key2 = _mm_xor_si128(key2, _mm_slli_si128(key2, 4));

  90.     return _mm_xor_si128(key, key2);

  91. }

  92. 

  93. #define KEYEXP128_H(K1, K2, I, S) _mm_xor_si128(aes128_keyexpand(K1), \

  94.     _mm_shuffle_epi32(_mm_aeskeygenassist_si128(K2, I), S))

  95. 

  96. #define KEYEXP128(K, I) KEYEXP128_H(K, K, I, 0xff)

  97. #define KEYEXP192(K1, K2, I) KEYEXP128_H(K1, K2, I, 0x55)

  98. #define KEYEXP192_2(K1, K2) aes192_keyexpand_2(K1, K2)

  99. #define KEYEXP256(K1, K2, I)  KEYEXP128_H(K1, K2, I, 0xff)

  100. #define KEYEXP256_2(K1, K2) KEYEXP128_H(K1, K2, 0x00, 0xaa)

  101. 

  102. /* Encryption key setup */

  103. static void aes_key_setup_enc(__m128i rk[], const u8* cipherKey, int keylen)

  104. {

  105.     switch (keylen) {

  106.         case 16:

  107.         {

  108.             /* 128 bit key setup */

  109.             rk[0] = _mm_loadu_si128((const __m128i*) cipherKey);

  110.             rk[1] = KEYEXP128(rk[0], 0x01);

  111.             rk[2] = KEYEXP128(rk[1], 0x02);

  112.             rk[3] = KEYEXP128(rk[2], 0x04);

  113.             rk[4] = KEYEXP128(rk[3], 0x08);

  114.             rk[5] = KEYEXP128(rk[4], 0x10);

  115.             rk[6] = KEYEXP128(rk[5], 0x20);

  116.             rk[7] = KEYEXP128(rk[6], 0x40);

  117.             rk[8] = KEYEXP128(rk[7], 0x80);

  118.             rk[9] = KEYEXP128(rk[8], 0x1B);

  119.             rk[10] = KEYEXP128(rk[9], 0x36);

  120.             break;

  121.         }

  122.         case 24:

  123.         {

  124.             /* 192 bit key setup */

  125.             __m128i temp[2];

  126.             rk[0] = _mm_loadu_si128((const __m128i*) cipherKey);

  127.             rk[1] = _mm_loadu_si128((const __m128i*) (cipherKey+16));

  128.             temp[0] = KEYEXP192(rk[0], rk[1], 0x01);

  129.             temp[1] = KEYEXP192_2(temp[0], rk[1]);

  130.             rk[1] = (__m128i)_mm_shuffle_pd((__m128d)rk[1], (__m128d)temp[0], 0);

  131.             rk[2] = (__m128i)_mm_shuffle_pd((__m128d)temp[0], (__m128d)temp[1], 1);

  132.             rk[3] = KEYEXP192(temp[0], temp[1], 0x02);

  133.             rk[4] = KEYEXP192_2(rk[3], temp[1]);

  134.             temp[0] = KEYEXP192(rk[3], rk[4], 0x04);

  135.             temp[1] = KEYEXP192_2(temp[0], rk[4]);

  136.             rk[4] = (__m128i)_mm_shuffle_pd((__m128d)rk[4], (__m128d)temp[0], 0);

  137.             rk[5] = (__m128i)_mm_shuffle_pd((__m128d)temp[0], (__m128d)temp[1], 1);

  138.             rk[6] = KEYEXP192(temp[0], temp[1], 0x08);

  139.             rk[7] = KEYEXP192_2(rk[6], temp[1]);

  140.             temp[0] = KEYEXP192(rk[6], rk[7], 0x10);

  141.             temp[1] = KEYEXP192_2(temp[0], rk[7]);

  142.             rk[7] = (__m128i)_mm_shuffle_pd((__m128d)rk[7], (__m128d)temp[0], 0);

  143.             rk[8] = (__m128i)_mm_shuffle_pd((__m128d)temp[0], (__m128d)temp[1], 1);

  144.             rk[9] = KEYEXP192(temp[0], temp[1], 0x20);

  145.             rk[10] = KEYEXP192_2(rk[9], temp[1]);

  146.             temp[0] = KEYEXP192(rk[9], rk[10], 0x40);

  147.             temp[1] = KEYEXP192_2(temp[0], rk[10]);

  148.             rk[10] = (__m128i)_mm_shuffle_pd((__m128d)rk[10], (__m128d) temp[0], 0);

  149.             rk[11] = (__m128i)_mm_shuffle_pd((__m128d)temp[0],(__m128d) temp[1], 1);

  150.             rk[12] = KEYEXP192(temp[0], temp[1], 0x80);

  151.             break;

  152.         }

  153.         case 32:

  154.         {

  155.             /* 256 bit key setup */

  156.             rk[0] = _mm_loadu_si128((const __m128i*) cipherKey);

  157.             rk[1] = _mm_loadu_si128((const __m128i*) (cipherKey+16));

  158.             rk[2] = KEYEXP256(rk[0], rk[1], 0x01);

  159.             rk[3] = KEYEXP256_2(rk[1], rk[2]);

  160.             rk[4] = KEYEXP256(rk[2], rk[3], 0x02);

  161.             rk[5] = KEYEXP256_2(rk[3], rk[4]);

  162.             rk[6] = KEYEXP256(rk[4], rk[5], 0x04);

  163.             rk[7] = KEYEXP256_2(rk[5], rk[6]);

  164.             rk[8] = KEYEXP256(rk[6], rk[7], 0x08);

  165.             rk[9] = KEYEXP256_2(rk[7], rk[8]);

  166.             rk[10] = KEYEXP256(rk[8], rk[9], 0x10);

  167.             rk[11] = KEYEXP256_2(rk[9], rk[10]);

  168.             rk[12] = KEYEXP256(rk[10], rk[11], 0x20);

  169.             rk[13] = KEYEXP256_2(rk[11], rk[12]);

  170.             rk[14] = KEYEXP256(rk[12], rk[13], 0x40);

  171.             break;

  172.         }

  173.     }

  174. }

  175. 

  176. /* Decryption key setup */

  177. static void aes_key_setup_dec(__m128i dk[], const __m128i ek[], int rounds)

  178. {

  179. 	int i;

  180.     dk[rounds] = ek[0];

  181.     for (i = 1; i < rounds; ++i) {

  182.         dk[rounds - i] = _mm_aesimc_si128(ek[i]);

  183.     }

  184.     dk[0] = ek[rounds];

  185. }

  186. 

  187. void block_init_aesni(block_state* self, unsigned char* key, int keylen)

  188. {

  189.     int nr = 0;

  190.     switch (keylen) {

  191.         case 16: nr = 10; break;

  192.         case 24: nr = 12; break;

  193.         case 32: nr = 14; break;

  194.         default:

  195.             return;

  196.     }

  197. 

  198.     /* ensure that self->ek and self->dk are aligned to 16 byte boundaries */

  199.     void* tek = aligned_malloc_wrapper(16, (nr + 1) * sizeof(__m128i));

  200.     void* tdk = aligned_malloc_wrapper(16, (nr + 1) * sizeof(__m128i));

  201.     if (!tek || !tdk) {

  202.         aligned_free_wrapper(tek);

  203.         aligned_free_wrapper(tdk);

  204.         return;

  205.     }

  206. 

  207.     self->ek = tek;

  208.     self->dk = tdk;

  209. 

  210.     self->rounds = nr;

  211.     aes_key_setup_enc(self->ek, key, keylen);

  212.     aes_key_setup_dec(self->dk, self->ek, nr);

  213. }

  214. 

  215. void block_finalize_aesni(block_state* self)

  216. {

  217.     /* overwrite contents of ek and dk */

  218.     memset(self->ek, 0, (self->rounds + 1) * sizeof(__m128i));

  219.     memset(self->dk, 0, (self->rounds + 1) * sizeof(__m128i));

  220. 

  221.     aligned_free_wrapper(self->ek);

  222.     aligned_free_wrapper(self->dk);

  223. }

  224. 

  225. void block_encrypt_aesni(block_state* self, const u8* in, u8* out)

  226. {

  227.     __m128i m = _mm_loadu_si128((const __m128i*) in);

  228.     /* first 9 rounds */

  229.     m = _mm_xor_si128(m, self->ek[0]);

  230.     m = _mm_aesenc_si128(m, self->ek[1]);

  231.     m = _mm_aesenc_si128(m, self->ek[2]);

  232.     m = _mm_aesenc_si128(m, self->ek[3]);

  233.     m = _mm_aesenc_si128(m, self->ek[4]);

  234.     m = _mm_aesenc_si128(m, self->ek[5]);

  235.     m = _mm_aesenc_si128(m, self->ek[6]);

  236.     m = _mm_aesenc_si128(m, self->ek[7]);

  237.     m = _mm_aesenc_si128(m, self->ek[8]);

  238.     m = _mm_aesenc_si128(m, self->ek[9]);

  239.     if (self->rounds != 10) {

  240.         /* two additional rounds for AES-192/256 */

  241.         m = _mm_aesenc_si128(m, self->ek[10]);

  242.         m = _mm_aesenc_si128(m, self->ek[11]);

  243.         if (self->rounds == 14) {

  244.             /* another two additional rounds for AES-256 */

  245.             m = _mm_aesenc_si128(m, self->ek[12]);

  246.             m = _mm_aesenc_si128(m, self->ek[13]);

  247.         }

  248.     }

  249.     m = _mm_aesenclast_si128(m, self->ek[self->rounds]);

  250.     _mm_storeu_si128((__m128i*) out, m);

  251. }

  252. 

  253. void block_decrypt_aesni(block_state* self, const u8* in, u8* out)

  254. {

  255.     __m128i m = _mm_loadu_si128((const __m128i*) in);

  256.     /* first 9 rounds */

  257.     m = _mm_xor_si128(m, self->dk[0]);

  258.     m = _mm_aesdec_si128(m, self->dk[1]);

  259.     m = _mm_aesdec_si128(m, self->dk[2]);

  260.     m = _mm_aesdec_si128(m, self->dk[3]);

  261.     m = _mm_aesdec_si128(m, self->dk[4]);

  262.     m = _mm_aesdec_si128(m, self->dk[5]);

  263.     m = _mm_aesdec_si128(m, self->dk[6]);

  264.     m = _mm_aesdec_si128(m, self->dk[7]);

  265.     m = _mm_aesdec_si128(m, self->dk[8]);

  266.     m = _mm_aesdec_si128(m, self->dk[9]);

  267.     if (self->rounds != 10) {

  268.         /* two additional rounds for AES-192/256 */

  269.         m = _mm_aesdec_si128(m, self->dk[10]);

  270.         m = _mm_aesdec_si128(m, self->dk[11]);

  271.         if (self->rounds == 14) {

  272.             /* another two additional rounds for AES-256 */

  273.             m = _mm_aesdec_si128(m, self->dk[12]);

  274.             m = _mm_aesdec_si128(m, self->dk[13]);

  275.         }

  276.     }

  277.     m = _mm_aesdeclast_si128(m, self->dk[self->rounds]);

  278.     _mm_storeu_si128((__m128i*) out, m);

  279. }