From 38333dc20fd97363d6e54260a5edeafe8a5adb1a Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Wed, 6 Dec 2006 17:56:03 +0000 Subject: [PATCH] rijndael: Make implementation big-endian. This makes very little difference to the performance, and makes GCM possible. (GCM is both-endian -- the field-element representation is little-endian and the counter is big-endian. This is obviously mad, but there you go.) --- rijndael-base.c | 6 +++--- rijndael-base.h | 8 ++++---- rijndael-mktab.c | 24 ++++++++++++------------ rijndael.h | 2 +- rijndael192.h | 2 +- rijndael256.h | 2 +- 6 files changed, 22 insertions(+), 22 deletions(-) diff --git a/rijndael-base.c b/rijndael-base.c index b2480c8..34881e3 100644 --- a/rijndael-base.c +++ b/rijndael-base.c @@ -90,7 +90,7 @@ void rijndael_setup(rijndael_ctx *k, unsigned nb, const void *buf, size_t sz) p = buf; for (i = 0; i < nk; i++) { - k->w[i] = LOAD32_L(p); + k->w[i] = LOAD32_B(p); p += 4; } @@ -102,8 +102,8 @@ void rijndael_setup(rijndael_ctx *k, unsigned nb, const void *buf, size_t sz) for (; i < nw; i++) { uint32 w = k->w[i - nk]; if (i % nk == 0) { - ww = ROR32(ww, 8); - w ^= SUB(S, ww, ww, ww, ww) ^ *p++; + ww = ROL32(ww, 8); + w ^= SUB(S, ww, ww, ww, ww) ^ (*p++ << 24); } else if (nk > 6 && i % nk == 4) w ^= SUB(S, ww, ww, ww, ww); else diff --git a/rijndael-base.h b/rijndael-base.h index 684dadb..f88b2f7 100644 --- a/rijndael-base.h +++ b/rijndael-base.h @@ -57,12 +57,12 @@ extern const octet rijndael_rcon[]; /*----- Handy macros ------------------------------------------------------*/ #define SUB(s, a, b, c, d) \ - (s[U8((a) >> 0)] << 0 | s[U8((b) >> 8)] << 8 | \ - s[U8((c) >> 16)] << 16 | s[U8((d) >> 24)] << 24) + (s[U8((a) >> 24)] << 24 | s[U8((b) >> 16)] << 16 | \ + s[U8((c) >> 8)] << 8 | s[U8((d) >> 0)] << 0) #define MIX(t, a, b, c, d) \ - (t[0][U8((a) >> 0)] ^ t[1][U8((b) >> 8)] ^ \ - t[2][U8((c) >> 16)] ^ t[3][U8((d) >> 24)]) + (t[0][U8((a) >> 24)] ^ t[1][U8((b) >> 16)] ^ \ + t[2][U8((c) >> 8)] ^ t[3][U8((d) >> 0)]) /*----- That's all, folks -------------------------------------------------*/ diff --git a/rijndael-mktab.c b/rijndael-mktab.c index 4360f20..1779709 100644 --- a/rijndael-mktab.c +++ b/rijndael-mktab.c @@ -161,11 +161,11 @@ static void tbox(void) a = s[i]; b = a << 1; if (b & 0x100) b ^= S_MOD; c = a ^ b; - w = (b << 0) | (a << 8) | (a << 16) | (c << 24); + w = (c << 0) | (a << 8) | (a << 16) | (b << 24); t[0][i] = w; - t[1][i] = ROL32(w, 8); - t[2][i] = ROL32(w, 16); - t[3][i] = ROL32(w, 24); + t[1][i] = ROR32(w, 8); + t[2][i] = ROR32(w, 16); + t[3][i] = ROR32(w, 24); /* --- Build a backwards t-box entry --- */ @@ -173,11 +173,11 @@ static void tbox(void) b = mul(si[i], 0x09, S_MOD); c = mul(si[i], 0x0d, S_MOD); d = mul(si[i], 0x0b, S_MOD); - w = (a << 0) | (b << 8) | (c << 16) | (d << 24); + w = (d << 0) | (c << 8) | (b << 16) | (a << 24); ti[0][i] = w; - ti[1][i] = ROL32(w, 8); - ti[2][i] = ROL32(w, 16); - ti[3][i] = ROL32(w, 24); + ti[1][i] = ROR32(w, 8); + ti[2][i] = ROR32(w, 16); + ti[3][i] = ROR32(w, 24); } } @@ -197,11 +197,11 @@ static void ubox(void) b = mul(i, 0x09, S_MOD); c = mul(i, 0x0d, S_MOD); d = mul(i, 0x0b, S_MOD); - w = (a << 0) | (b << 8) | (c << 16) | (d << 24); + w = (d << 0) | (c << 8) | (b << 16) | (a << 24); u[0][i] = w; - u[1][i] = ROL32(w, 8); - u[2][i] = ROL32(w, 16); - u[3][i] = ROL32(w, 24); + u[1][i] = ROR32(w, 8); + u[2][i] = ROR32(w, 16); + u[3][i] = ROR32(w, 24); } } diff --git a/rijndael.h b/rijndael.h index 6b772e2..8883be5 100644 --- a/rijndael.h +++ b/rijndael.h @@ -54,7 +54,7 @@ #define RIJNDAEL_BLKSZ 16 #define RIJNDAEL_KEYSZ 32 -#define RIJNDAEL_CLASS (N, L, 128) +#define RIJNDAEL_CLASS (N, B, 128) extern const octet rijndael_keysz[]; diff --git a/rijndael192.h b/rijndael192.h index 39f74c9..785aade 100644 --- a/rijndael192.h +++ b/rijndael192.h @@ -44,7 +44,7 @@ #define RIJNDAEL192_BLKSZ 24 #define RIJNDAEL192_KEYSZ 32 -#define RIJNDAEL192_CLASS (N, L, 192) +#define RIJNDAEL192_CLASS (N, B, 192) #define rijndael192_keysz rijndael_keysz diff --git a/rijndael256.h b/rijndael256.h index add26be..ecc6123 100644 --- a/rijndael256.h +++ b/rijndael256.h @@ -44,7 +44,7 @@ #define RIJNDAEL256_BLKSZ 32 #define RIJNDAEL256_KEYSZ 32 -#define RIJNDAEL256_CLASS (N, L, 256) +#define RIJNDAEL256_CLASS (N, B, 256) #define rijndael256_keysz rijndael_keysz -- 2.11.0