/* -*-c-*-
*
- * $Id: rijndael-mktab.c,v 1.1 2000/06/17 11:56:07 mdw Exp $
+ * $Id: rijndael-mktab.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Build precomputed tables for the Rijndael block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rijndael-mktab.c,v $
- * Revision 1.1 2000/06/17 11:56:07 mdw
- * New cipher.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* --- @mul@ --- *
*
- * Arguments: @unsigned x, y@ = polynomials over %$\mathrm{GF}(2^8)$%
+ * Arguments: @unsigned x, y@ = polynomials over %$\gf{2^8}$%
* @unsigned m@ = modulus
*
* Returns: The product of two polynomials.
*
* Build the S-box.
*
- * This is built from multiplicative inversion in the group
- * %$\mathrm{GF}(2^8)[x]/p(x)$%, where %$p(x) = x^8 + x^4 + x^3 + x + 1$%,
- * followed by an affine transformation treating inputs as vectors over
- * %$\mathrm{GF}(2)$%. The result is a horrible function.
+ * This is built from inversion in the multiplicative group of
+ * %$\gf{2^8}[x]/(p(x))$%, where %$p(x) = x^8 + x^4 + x^3 + x + 1$%, followed
+ * by an affine transformation treating inputs as vectors over %$\gf{2}$%.
+ * The result is a horrible function.
*
* The inversion is done slightly sneakily, by building log and antilog
* tables. Let %$a$% be an element of the finite field. If the inverse of
a = s[i];
b = a << 1; if (b & 0x100) b ^= S_MOD;
c = a ^ b;
- w = (b << 0) | (a << 8) | (a << 16) | (c << 24);
+ w = (c << 0) | (a << 8) | (a << 16) | (b << 24);
t[0][i] = w;
- t[1][i] = ROL32(w, 8);
- t[2][i] = ROL32(w, 16);
- t[3][i] = ROL32(w, 24);
+ t[1][i] = ROR32(w, 8);
+ t[2][i] = ROR32(w, 16);
+ t[3][i] = ROR32(w, 24);
/* --- Build a backwards t-box entry --- */
b = mul(si[i], 0x09, S_MOD);
c = mul(si[i], 0x0d, S_MOD);
d = mul(si[i], 0x0b, S_MOD);
- w = (a << 0) | (b << 8) | (c << 16) | (d << 24);
+ w = (d << 0) | (c << 8) | (b << 16) | (a << 24);
ti[0][i] = w;
- ti[1][i] = ROL32(w, 8);
- ti[2][i] = ROL32(w, 16);
- ti[3][i] = ROL32(w, 24);
+ ti[1][i] = ROR32(w, 8);
+ ti[2][i] = ROR32(w, 16);
+ ti[3][i] = ROR32(w, 24);
}
}
b = mul(i, 0x09, S_MOD);
c = mul(i, 0x0d, S_MOD);
d = mul(i, 0x0b, S_MOD);
- w = (a << 0) | (b << 8) | (c << 16) | (d << 24);
+ w = (d << 0) | (c << 8) | (b << 16) | (a << 24);
u[0][i] = w;
- u[1][i] = ROL32(w, 8);
- u[2][i] = ROL32(w, 16);
- u[3][i] = ROL32(w, 24);
+ u[1][i] = ROR32(w, 8);
+ u[2][i] = ROR32(w, 16);
+ u[3][i] = ROR32(w, 24);
}
}
/* --- Round constants --- */
-void rcon(void)
+static void rcon(void)
{
unsigned r = 1;
int i;
{ ", stdout);
for (j = 0; j < 4; j++) {
for (i = 0; i < 256; i++) {
- printf("0x%08x", t[j][i]);
+ printf("0x%08lx", (unsigned long)t[j][i]);
if (i == 255) {
if (j == 3)
fputs(" } \\\n}\n\n", stdout);
{ ", stdout);
for (j = 0; j < 4; j++) {
for (i = 0; i < 256; i++) {
- printf("0x%08x", ti[j][i]);
+ printf("0x%08lx", (unsigned long)ti[j][i]);
if (i == 255) {
if (j == 3)
fputs(" } \\\n}\n\n", stdout);
{ ", stdout);
for (j = 0; j < 4; j++) {
for (i = 0; i < 256; i++) {
- printf("0x%08x", u[j][i]);
+ printf("0x%08lx", (unsigned long)u[j][i]);
if (i == 255) {
if (j == 3)
fputs(" } \\\n}\n\n", stdout);