1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/freebl/rijndael_tables.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,213 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#include "stdio.h"
1.9 +#include "prtypes.h"
1.10 +#include "blapi.h"
1.11 +
1.12 +/*
1.13 + * what follows is code thrown together to generate the myriad of tables
1.14 + * used by Rijndael, the AES cipher.
1.15 + */
1.16 +
1.17 +
1.18 +#define WORD_LE(b0, b1, b2, b3) \
1.19 + (((b3) << 24) | ((b2) << 16) | ((b1) << 8) | b0)
1.20 +
1.21 +#define WORD_BE(b0, b1, b2, b3) \
1.22 + (((b0) << 24) | ((b1) << 16) | ((b2) << 8) | b3)
1.23 +
1.24 +static const PRUint8 __S[256] =
1.25 +{
1.26 + 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118,
1.27 +202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192,
1.28 +183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21,
1.29 + 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117,
1.30 + 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132,
1.31 + 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207,
1.32 +208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168,
1.33 + 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210,
1.34 +205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115,
1.35 + 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219,
1.36 +224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121,
1.37 +231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8,
1.38 +186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138,
1.39 +112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158,
1.40 +225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223,
1.41 +140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22,
1.42 +};
1.43 +
1.44 +static const PRUint8 __SInv[256] =
1.45 +{
1.46 + 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251,
1.47 +124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203,
1.48 + 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78,
1.49 + 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37,
1.50 +114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146,
1.51 +108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132,
1.52 +144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6,
1.53 +208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107,
1.54 + 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115,
1.55 +150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110,
1.56 + 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27,
1.57 +252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244,
1.58 + 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95,
1.59 + 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239,
1.60 +160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97,
1.61 + 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125
1.62 +};
1.63 +
1.64 +/* GF_MULTIPLY
1.65 + *
1.66 + * multiply two bytes represented in GF(2**8), mod (x**4 + 1)
1.67 + */
1.68 +PRUint8 gf_multiply(PRUint8 a, PRUint8 b)
1.69 +{
1.70 + PRUint8 res = 0;
1.71 + while (b > 0) {
1.72 + res = (b & 0x01) ? res ^ a : res;
1.73 + a = (a & 0x80) ? ((a << 1) ^ 0x1b) : (a << 1);
1.74 + b >>= 1;
1.75 + }
1.76 + return res;
1.77 +}
1.78 +
1.79 +void
1.80 +make_T_Table(char *table, const PRUint8 Sx[256], FILE *file,
1.81 + unsigned char m0, unsigned char m1,
1.82 + unsigned char m2, unsigned char m3)
1.83 +{
1.84 + PRUint32 Ti;
1.85 + int i;
1.86 + fprintf(file, "#ifdef IS_LITTLE_ENDIAN\n");
1.87 + fprintf(file, "static const PRUint32 _T%s[256] = \n{\n", table);
1.88 + for (i=0; i<256; i++) {
1.89 + Ti = WORD_LE( gf_multiply(Sx[i], m0),
1.90 + gf_multiply(Sx[i], m1),
1.91 + gf_multiply(Sx[i], m2),
1.92 + gf_multiply(Sx[i], m3) );
1.93 + if (Ti == 0)
1.94 + fprintf(file, "0x00000000%c%c", (i==255)?' ':',',
1.95 + (i%6==5)?'\n':' ');
1.96 + else
1.97 + fprintf(file, "%#.8x%c%c", Ti, (i==255)?' ':',',
1.98 + (i%6==5)?'\n':' ');
1.99 + }
1.100 + fprintf(file, "\n};\n");
1.101 + fprintf(file, "#else\n");
1.102 + fprintf(file, "static const PRUint32 _T%s[256] = \n{\n", table);
1.103 + for (i=0; i<256; i++) {
1.104 + Ti = WORD_BE( gf_multiply(Sx[i], m0),
1.105 + gf_multiply(Sx[i], m1),
1.106 + gf_multiply(Sx[i], m2),
1.107 + gf_multiply(Sx[i], m3) );
1.108 + if (Ti == 0)
1.109 + fprintf(file, "0x00000000%c%c", (i==255)?' ':',',
1.110 + (i%6==5)?'\n':' ');
1.111 + else
1.112 + fprintf(file, "%#.8x%c%c", Ti, (i==255)?' ':',',
1.113 + (i%6==5)?'\n':' ');
1.114 + }
1.115 + fprintf(file, "\n};\n");
1.116 + fprintf(file, "#endif\n\n");
1.117 +}
1.118 +
1.119 +void make_InvMixCol_Table(int num, FILE *file, PRUint8 m0, PRUint8 m1, PRUint8 m2, PRUint8 m3)
1.120 +{
1.121 + PRUint16 i;
1.122 + PRUint8 b0, b1, b2, b3;
1.123 + fprintf(file, "#ifdef IS_LITTLE_ENDIAN\n");
1.124 + fprintf(file, "static const PRUint32 _IMXC%d[256] = \n{\n", num);
1.125 + for (i=0; i<256; i++) {
1.126 + b0 = gf_multiply(i, m0);
1.127 + b1 = gf_multiply(i, m1);
1.128 + b2 = gf_multiply(i, m2);
1.129 + b3 = gf_multiply(i, m3);
1.130 + fprintf(file, "0x%.2x%.2x%.2x%.2x%c%c", b3, b2, b1, b0, (i==255)?' ':',', (i%6==5)?'\n':' ');
1.131 + }
1.132 + fprintf(file, "\n};\n");
1.133 + fprintf(file, "#else\n");
1.134 + fprintf(file, "static const PRUint32 _IMXC%d[256] = \n{\n", num);
1.135 + for (i=0; i<256; i++) {
1.136 + b0 = gf_multiply(i, m0);
1.137 + b1 = gf_multiply(i, m1);
1.138 + b2 = gf_multiply(i, m2);
1.139 + b3 = gf_multiply(i, m3);
1.140 + fprintf(file, "0x%.2x%.2x%.2x%.2x%c%c", b0, b1, b2, b3, (i==255)?' ':',', (i%6==5)?'\n':' ');
1.141 + }
1.142 + fprintf(file, "\n};\n");
1.143 + fprintf(file, "#endif\n\n");
1.144 +}
1.145 +
1.146 +int main()
1.147 +{
1.148 + int i, j;
1.149 + PRUint8 cur, last;
1.150 + PRUint32 tmp;
1.151 + FILE *optfile;
1.152 + optfile = fopen("rijndael32.tab", "w");
1.153 + /* output S, if there are no T tables */
1.154 + fprintf(optfile, "#ifndef RIJNDAEL_INCLUDE_TABLES\n");
1.155 + fprintf(optfile, "static const PRUint8 _S[256] = \n{\n");
1.156 + for (i=0; i<256; i++) {
1.157 + fprintf(optfile, "%3d%c%c", __S[i],(i==255)?' ':',',
1.158 + (i%16==15)?'\n':' ');
1.159 + }
1.160 + fprintf(optfile, "};\n#endif /* not RIJNDAEL_INCLUDE_TABLES */\n\n");
1.161 + /* output S**-1 */
1.162 + fprintf(optfile, "static const PRUint8 _SInv[256] = \n{\n");
1.163 + for (i=0; i<256; i++) {
1.164 + fprintf(optfile, "%3d%c%c", __SInv[i],(i==255)?' ':',',
1.165 + (i%16==15)?'\n':' ');
1.166 + }
1.167 + fprintf(optfile, "};\n\n");
1.168 + fprintf(optfile, "#ifdef RIJNDAEL_INCLUDE_TABLES\n");
1.169 + /* The 32-bit word tables for optimized implementation */
1.170 + /* T0 = [ S[a] * 02, S[a], S[a], S[a] * 03 ] */
1.171 + make_T_Table("0", __S, optfile, 0x02, 0x01, 0x01, 0x03);
1.172 + /* T1 = [ S[a] * 03, S[a] * 02, S[a], S[a] ] */
1.173 + make_T_Table("1", __S, optfile, 0x03, 0x02, 0x01, 0x01);
1.174 + /* T2 = [ S[a], S[a] * 03, S[a] * 02, S[a] ] */
1.175 + make_T_Table("2", __S, optfile, 0x01, 0x03, 0x02, 0x01);
1.176 + /* T3 = [ S[a], S[a], S[a] * 03, S[a] * 02 ] */
1.177 + make_T_Table("3", __S, optfile, 0x01, 0x01, 0x03, 0x02);
1.178 + /* TInv0 = [ Si[a] * 0E, Si[a] * 09, Si[a] * 0D, Si[a] * 0B ] */
1.179 + make_T_Table("Inv0", __SInv, optfile, 0x0e, 0x09, 0x0d, 0x0b);
1.180 + /* TInv1 = [ Si[a] * 0B, Si[a] * 0E, Si[a] * 09, Si[a] * 0D ] */
1.181 + make_T_Table("Inv1", __SInv, optfile, 0x0b, 0x0e, 0x09, 0x0d);
1.182 + /* TInv2 = [ Si[a] * 0D, Si[a] * 0B, Si[a] * 0E, Si[a] * 09 ] */
1.183 + make_T_Table("Inv2", __SInv, optfile, 0x0d, 0x0b, 0x0e, 0x09);
1.184 + /* TInv3 = [ Si[a] * 09, Si[a] * 0D, Si[a] * 0B, Si[a] * 0E ] */
1.185 + make_T_Table("Inv3", __SInv, optfile, 0x09, 0x0d, 0x0b, 0x0e);
1.186 + /* byte multiply tables for inverse key expansion (mimics InvMixColumn) */
1.187 + make_InvMixCol_Table(0, optfile, 0x0e, 0x09, 0x0d, 0x0b);
1.188 + make_InvMixCol_Table(1, optfile, 0x0b, 0x0E, 0x09, 0x0d);
1.189 + make_InvMixCol_Table(2, optfile, 0x0d, 0x0b, 0x0e, 0x09);
1.190 + make_InvMixCol_Table(3, optfile, 0x09, 0x0d, 0x0b, 0x0e);
1.191 + fprintf(optfile, "#endif /* RIJNDAEL_INCLUDE_TABLES */\n\n");
1.192 + /* round constants for key expansion */
1.193 + fprintf(optfile, "#ifdef IS_LITTLE_ENDIAN\n");
1.194 + fprintf(optfile, "static const PRUint32 Rcon[30] = {\n");
1.195 + cur = 0x01;
1.196 + for (i=0; i<30; i++) {
1.197 + fprintf(optfile, "%#.8x%c%c", WORD_LE(cur, 0, 0, 0),
1.198 + (i==29)?' ':',', (i%6==5)?'\n':' ');
1.199 + last = cur;
1.200 + cur = gf_multiply(last, 0x02);
1.201 + }
1.202 + fprintf(optfile, "};\n");
1.203 + fprintf(optfile, "#else\n");
1.204 + fprintf(optfile, "static const PRUint32 Rcon[30] = {\n");
1.205 + cur = 0x01;
1.206 + for (i=0; i<30; i++) {
1.207 + fprintf(optfile, "%#.8x%c%c", WORD_BE(cur, 0, 0, 0),
1.208 + (i==29)?' ':',', (i%6==5)?'\n':' ');
1.209 + last = cur;
1.210 + cur = gf_multiply(last, 0x02);
1.211 + }
1.212 + fprintf(optfile, "};\n");
1.213 + fprintf(optfile, "#endif\n\n");
1.214 + fclose(optfile);
1.215 + return 0;
1.216 +}
