Hi,
is it possible to use aes_encipher_block
for exactly one AES round like the AES-NI instruction __m128i _mm_aesenc_si128(__m128i a, __m128i RoundKey)
? [Link]
If I have to update a few lines in the component this would be totally fine.
From the documentation of the AES-NI instruction _mm_aesenc_si128
:
state := a
a[127:0] := ShiftRows(a[127:0])
a[127:0] := SubBytes(a[127:0])
a[127:0] := MixColumns(a[127:0])
dst[127:0] := a[127:0] XOR RoundKey[127:0]
The encipher component does exactly that, but also does the initial round key addition and the final round (without mixing). Is there a way to avoid the initial key addition? I tried to modify the code in this line so the round key does not get xor'd to the block, but it didn't get me the expected result. Is there something else I could do/might try?
Here is an example of a software AES-NI that I use to generate my expected values. [Link]. You can also see the expected values it produces as a comment in the gist.
After the first round (without key addition) with the following parameters:
block = 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
and
round_key = 06 84 70 4c e6 20 c0 0a b2 c5 fe f0 75 81 7b 9d
keylen = 0
I expect new_block to be: f7 11 dd 30 dc 93 f6 e3 ba 19 7d 87 6b ec a5 5a
The goal of all this is to use the aes_encipher_block component for a hardware implementation of Haraka.