/* -*-c-*-
*
- * $Id: rijndael-mktab.c,v 1.1 2000/06/17 11:56:07 mdw Exp $
+ * $Id: rijndael-mktab.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Build precomputed tables for the Rijndael block cipher
*
* (c) 2000 Straylight/Edgeware
*/
-/*----- Licensing notice --------------------------------------------------*
+/*----- Licensing notice --------------------------------------------------*
*
* This file is part of Catacomb.
*
* it under the terms of the GNU Library General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
- *
+ *
* Catacomb is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Library General Public License for more details.
- *
+ *
* You should have received a copy of the GNU Library General Public
* License along with Catacomb; if not, write to the Free
* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rijndael-mktab.c,v $
- * Revision 1.1 2000/06/17 11:56:07 mdw
- * New cipher.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* --- @mul@ --- *
*
- * Arguments: @unsigned x, y@ = polynomials over %$\mathrm{GF}(2^8)$%
+ * Arguments: @unsigned x, y@ = polynomials over %$\gf{2^8}$%
* @unsigned m@ = modulus
*
* Returns: The product of two polynomials.
*
* Build the S-box.
*
- * This is built from multiplicative inversion in the group
- * %$\mathrm{GF}(2^8)[x]/p(x)$%, where %$p(x) = x^8 + x^4 + x^3 + x + 1$%,
- * followed by an affine transformation treating inputs as vectors over
- * %$\mathrm{GF}(2)$%. The result is a horrible function.
+ * This is built from inversion in the multiplicative group of
+ * %$\gf{2^8}[x]/(p(x))$%, where %$p(x) = x^8 + x^4 + x^3 + x + 1$%, followed
+ * by an affine transformation treating inputs as vectors over %$\gf{2}$%.
+ * The result is a horrible function.
*
* The inversion is done slightly sneakily, by building log and antilog
* tables. Let %$a$% be an element of the finite field. If the inverse of
* %$a$% is %$a^{-1}$%, then %$\log a a^{-1} = 0$%. Hence
* %$\log a = -\log a^{-1}$%. This saves fiddling about with Euclidean
- * algorithm.
+ * algorithm.
*/
#define S_MOD 0x11b
a = s[i];
b = a << 1; if (b & 0x100) b ^= S_MOD;
c = a ^ b;
- w = (b << 0) | (a << 8) | (a << 16) | (c << 24);
+ w = (c << 0) | (a << 8) | (a << 16) | (b << 24);
t[0][i] = w;
- t[1][i] = ROL32(w, 8);
- t[2][i] = ROL32(w, 16);
- t[3][i] = ROL32(w, 24);
+ t[1][i] = ROR32(w, 8);
+ t[2][i] = ROR32(w, 16);
+ t[3][i] = ROR32(w, 24);
/* --- Build a backwards t-box entry --- */
b = mul(si[i], 0x09, S_MOD);
c = mul(si[i], 0x0d, S_MOD);
d = mul(si[i], 0x0b, S_MOD);
- w = (a << 0) | (b << 8) | (c << 16) | (d << 24);
+ w = (d << 0) | (c << 8) | (b << 16) | (a << 24);
ti[0][i] = w;
- ti[1][i] = ROL32(w, 8);
- ti[2][i] = ROL32(w, 16);
- ti[3][i] = ROL32(w, 24);
+ ti[1][i] = ROR32(w, 8);
+ ti[2][i] = ROR32(w, 16);
+ ti[3][i] = ROR32(w, 24);
}
}
b = mul(i, 0x09, S_MOD);
c = mul(i, 0x0d, S_MOD);
d = mul(i, 0x0b, S_MOD);
- w = (a << 0) | (b << 8) | (c << 16) | (d << 24);
+ w = (d << 0) | (c << 8) | (b << 16) | (a << 24);
u[0][i] = w;
- u[1][i] = ROL32(w, 8);
- u[2][i] = ROL32(w, 16);
- u[3][i] = ROL32(w, 24);
+ u[1][i] = ROR32(w, 8);
+ u[2][i] = ROR32(w, 16);
+ u[3][i] = ROR32(w, 24);
}
}
/* --- Round constants --- */
-void rcon(void)
+static void rcon(void)
{
unsigned r = 1;
int i;
{ ", stdout);
for (j = 0; j < 4; j++) {
for (i = 0; i < 256; i++) {
- printf("0x%08x", t[j][i]);
+ printf("0x%08lx", (unsigned long)t[j][i]);
if (i == 255) {
if (j == 3)
fputs(" } \\\n}\n\n", stdout);
\\\n\
{ ", stdout);
} else if (i % 4 == 3)
- fputs(", \\\n ", stdout);
+ fputs(", \\\n ", stdout);
else
fputs(", ", stdout);
}
- }
+ }
fputs("\
#define RIJNDAEL_TI { \\\n\
{ ", stdout);
for (j = 0; j < 4; j++) {
for (i = 0; i < 256; i++) {
- printf("0x%08x", ti[j][i]);
+ printf("0x%08lx", (unsigned long)ti[j][i]);
if (i == 255) {
if (j == 3)
fputs(" } \\\n}\n\n", stdout);
\\\n\
{ ", stdout);
} else if (i % 4 == 3)
- fputs(", \\\n ", stdout);
+ fputs(", \\\n ", stdout);
else
fputs(", ", stdout);
}
{ ", stdout);
for (j = 0; j < 4; j++) {
for (i = 0; i < 256; i++) {
- printf("0x%08x", u[j][i]);
+ printf("0x%08lx", (unsigned long)u[j][i]);
if (i == 255) {
if (j == 3)
fputs(" } \\\n}\n\n", stdout);
\\\n\
{ ", stdout);
} else if (i % 4 == 3)
- fputs(", \\\n ", stdout);
+ fputs(", \\\n ", stdout);
else
fputs(", ", stdout);
}
- }
+ }
/* --- Round constants --- */
fputs(", \\\n ", stdout);
else
fputs(", ", stdout);
- }
+ }
/* --- Done --- */
projects / u / mdw / catacomb / blobdiff