aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aesopt.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aesopt.h')
-rw-r--r--src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aesopt.h955
1 files changed, 955 insertions, 0 deletions
diff --git a/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aesopt.h b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aesopt.h
new file mode 100644
index 0000000..9c0d842
--- /dev/null
+++ b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/aesopt.h
@@ -0,0 +1,955 @@
1/*
2 ---------------------------------------------------------------------------
3 Copyright (c) 2003, Dr Brian Gladman < >, Worcester, UK.
4 All rights reserved.
5
6 LICENSE TERMS
7
8 The free distribution and use of this software in both source and binary
9 form is allowed (with or without changes) provided that:
10
11 1. distributions of this source code include the above copyright
12 notice, this list of conditions and the following disclaimer;
13
14 2. distributions in binary form include the above copyright
15 notice, this list of conditions and the following disclaimer
16 in the documentation and/or other associated materials;
17
18 3. the copyright holder's name is not used to endorse products
19 built using this software without specific written permission.
20
21 ALTERNATIVELY, provided that this notice is retained in full, this product
22 may be distributed under the terms of the GNU General Public License (GPL),
23 in which case the provisions of the GPL apply INSTEAD OF those given above.
24
25 DISCLAIMER
26
27 This software is provided 'as is' with no explicit or implied warranties
28 in respect of its properties, including, but not limited to, correctness
29 and/or fitness for purpose.
30 ---------------------------------------------------------------------------
31 Issue Date: 26/08/2003
32
33 My thanks go to Dag Arne Osvik for devising the schemes used here for key
34 length derivation from the form of the key schedule
35
36 This file contains the compilation options for AES (Rijndael) and code
37 that is common across encryption, key scheduling and table generation.
38
39 OPERATION
40
41 These source code files implement the AES algorithm Rijndael designed by
42 Joan Daemen and Vincent Rijmen. This version is designed for the standard
43 block size of 16 bytes and for key sizes of 128, 192 and 256 bits (16, 24
44 and 32 bytes).
45
46 This version is designed for flexibility and speed using operations on
47 32-bit words rather than operations on bytes. It can be compiled with
48 either big or little endian internal byte order but is faster when the
49 native byte order for the processor is used.
50
51 THE CIPHER INTERFACE
52
53 The cipher interface is implemented as an array of bytes in which lower
54 AES bit sequence indexes map to higher numeric significance within bytes.
55
56 aes_08t (an unsigned 8-bit type)
57 aes_32t (an unsigned 32-bit type)
58 struct aes_encrypt_ctx (structure for the cipher encryption context)
59 struct aes_decrypt_ctx (structure for the cipher decryption context)
60 aes_rval the function return type
61
62 C subroutine calls:
63
64 aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1]);
65 aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1]);
66 aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1]);
67 aes_rval aes_encrypt(const void *in_blk,
68 void *out_blk, const aes_encrypt_ctx cx[1]);
69
70 aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1]);
71 aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1]);
72 aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1]);
73 aes_rval aes_decrypt(const void *in_blk,
74 void *out_blk, const aes_decrypt_ctx cx[1]);
75
76 IMPORTANT NOTE: If you are using this C interface with dynamic tables make sure that
77 you call genTabs() before AES is used so that the tables are initialised.
78
79 C++ aes class subroutines:
80
81 Class AESencrypt for encryption
82
83 Construtors:
84 AESencrypt(void)
85 AESencrypt(const void *in_key) - 128 bit key
86 Members:
87 void key128(const void *in_key)
88 void key192(const void *in_key)
89 void key256(const void *in_key)
90 void encrypt(const void *in_blk, void *out_blk) const
91
92 Class AESdecrypt for encryption
93 Construtors:
94 AESdecrypt(void)
95 AESdecrypt(const void *in_key) - 128 bit key
96 Members:
97 void key128(const void *in_key)
98 void key192(const void *in_key)
99 void key256(const void *in_key)
100 void decrypt(const void *in_blk, void *out_blk) const
101
102 COMPILATION
103
104 The files used to provide AES (Rijndael) are
105
106 a. aes.h for the definitions needed for use in C.
107 b. aescpp.h for the definitions needed for use in C++.
108 c. aesopt.h for setting compilation options (also includes common code).
109 d. aescrypt.c for encryption and decrytpion, or
110 e. aeskey.c for key scheduling.
111 f. aestab.c for table loading or generation.
112 g. aescrypt.asm for encryption and decryption using assembler code.
113 h. aescrypt.mmx.asm for encryption and decryption using MMX assembler.
114
115 To compile AES (Rijndael) for use in C code use aes.h and set the
116 defines here for the facilities you need (key lengths, encryption
117 and/or decryption). Do not define AES_DLL or AES_CPP. Set the options
118 for optimisations and table sizes here.
119
120 To compile AES (Rijndael) for use in in C++ code use aescpp.h but do
121 not define AES_DLL
122
123 To compile AES (Rijndael) in C as a Dynamic Link Library DLL) use
124 aes.h and include the AES_DLL define.
125
126 CONFIGURATION OPTIONS (here and in aes.h)
127
128 a. set AES_DLL in aes.h if AES (Rijndael) is to be compiled as a DLL
129 b. You may need to set PLATFORM_BYTE_ORDER to define the byte order.
130 c. If you want the code to run in a specific internal byte order, then
131 ALGORITHM_BYTE_ORDER must be set accordingly.
132 d. set other configuration options decribed below.
133*/
134
135#ifndef _AESOPT_H
136#define _AESOPT_H
137
138#include "aes.h"
139
140/* CONFIGURATION - USE OF DEFINES
141
142 Later in this section there are a number of defines that control the
143 operation of the code. In each section, the purpose of each define is
144 explained so that the relevant form can be included or excluded by
145 setting either 1's or 0's respectively on the branches of the related
146 #if clauses.
147*/
148
149/* BYTE ORDER IN 32-BIT WORDS
150
151 To obtain the highest speed on processors with 32-bit words, this code
152 needs to determine the byte order of the target machine. The following
153 block of code is an attempt to capture the most obvious ways in which
154 various environemnts define byte order. It may well fail, in which case
155 the definitions will need to be set by editing at the points marked
156 **** EDIT HERE IF NECESSARY **** below. My thanks to Peter Gutmann for
157 some of these defines (from cryptlib).
158*/
159
160#define BRG_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */
161#define BRG_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */
162
163#ifdef __BIG_ENDIAN__
164#define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN
165#else
166#define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN
167#endif
168
169/* SOME LOCAL DEFINITIONS */
170
171#define NO_TABLES 0
172#define ONE_TABLE 1
173#define FOUR_TABLES 4
174#define NONE 0
175#define PARTIAL 1
176#define FULL 2
177
178#define aes_sw32 Byteswap::byteswap
179
180/* 1. FUNCTIONS REQUIRED
181
182 This implementation provides subroutines for encryption, decryption
183 and for setting the three key lengths (separately) for encryption
184 and decryption. When the assembler code is not being used the following
185 definition blocks allow the selection of the routines that are to be
186 included in the compilation.
187*/
188#ifdef AES_ENCRYPT
189#define ENCRYPTION
190#define ENCRYPTION_KEY_SCHEDULE
191#endif
192
193#ifdef AES_DECRYPT
194#define DECRYPTION
195#define DECRYPTION_KEY_SCHEDULE
196#endif
197
198/* 2. ASSEMBLER SUPPORT
199
200 This define (which can be on the command line) enables the use of the
201 assembler code routines for encryption and decryption with the C code
202 only providing key scheduling
203*/
204#if 0
205#define AES_ASM
206#endif
207
208/* 3. BYTE ORDER WITHIN 32 BIT WORDS
209
210 The fundamental data processing units in Rijndael are 8-bit bytes. The
211 input, output and key input are all enumerated arrays of bytes in which
212 bytes are numbered starting at zero and increasing to one less than the
213 number of bytes in the array in question. This enumeration is only used
214 for naming bytes and does not imply any adjacency or order relationship
215 from one byte to another. When these inputs and outputs are considered
216 as bit sequences, bits 8*n to 8*n+7 of the bit sequence are mapped to
217 byte[n] with bit 8n+i in the sequence mapped to bit 7-i within the byte.
218 In this implementation bits are numbered from 0 to 7 starting at the
219 numerically least significant end of each byte (bit n represents 2^n).
220
221 However, Rijndael can be implemented more efficiently using 32-bit
222 words by packing bytes into words so that bytes 4*n to 4*n+3 are placed
223 into word[n]. While in principle these bytes can be assembled into words
224 in any positions, this implementation only supports the two formats in
225 which bytes in adjacent positions within words also have adjacent byte
226 numbers. This order is called big-endian if the lowest numbered bytes
227 in words have the highest numeric significance and little-endian if the
228 opposite applies.
229
230 This code can work in either order irrespective of the order used by the
231 machine on which it runs. Normally the internal byte order will be set
232 to the order of the processor on which the code is to be run but this
233 define can be used to reverse this in special situations
234
235 NOTE: Assembler code versions rely on PLATFORM_BYTE_ORDER being set
236*/
237#if 1 || defined(AES_ASM)
238#define ALGORITHM_BYTE_ORDER PLATFORM_BYTE_ORDER
239#elif 0
240#define ALGORITHM_BYTE_ORDER BRG_LITTLE_ENDIAN
241#elif 0
242#define ALGORITHM_BYTE_ORDER BRG_BIG_ENDIAN
243#else
244#error The algorithm byte order is not defined
245#endif
246
247/* 4. FAST INPUT/OUTPUT OPERATIONS.
248
249 On some machines it is possible to improve speed by transferring the
250 bytes in the input and output arrays to and from the internal 32-bit
251 variables by addressing these arrays as if they are arrays of 32-bit
252 words. On some machines this will always be possible but there may
253 be a large performance penalty if the byte arrays are not aligned on
254 the normal word boundaries. On other machines this technique will
255 lead to memory access errors when such 32-bit word accesses are not
256 properly aligned. The option SAFE_IO avoids such problems but will
257 often be slower on those machines that support misaligned access
258 (especially so if care is taken to align the input and output byte
259 arrays on 32-bit word boundaries). If SAFE_IO is not defined it is
260 assumed that access to byte arrays as if they are arrays of 32-bit
261 words will not cause problems when such accesses are misaligned.
262*/
263#if 1 && !defined(_MSC_VER)
264#define SAFE_IO
265#endif
266
267/* 5. LOOP UNROLLING
268
269 The code for encryption and decrytpion cycles through a number of rounds
270 that can be implemented either in a loop or by expanding the code into a
271 long sequence of instructions, the latter producing a larger program but
272 one that will often be much faster. The latter is called loop unrolling.
273 There are also potential speed advantages in expanding two iterations in
274 a loop with half the number of iterations, which is called partial loop
275 unrolling. The following options allow partial or full loop unrolling
276 to be set independently for encryption and decryption
277*/
278#if 1
279#define ENC_UNROLL FULL
280#elif 0
281#define ENC_UNROLL PARTIAL
282#else
283#define ENC_UNROLL NONE
284#endif
285
286#if 1
287#define DEC_UNROLL FULL
288#elif 0
289#define DEC_UNROLL PARTIAL
290#else
291#define DEC_UNROLL NONE
292#endif
293
294/* 6. FAST FINITE FIELD OPERATIONS
295
296 If this section is included, tables are used to provide faster finite
297 field arithmetic (this has no effect if FIXED_TABLES is defined).
298*/
299#if 0
300#define FF_TABLES
301#endif
302
303/* 7. INTERNAL STATE VARIABLE FORMAT
304
305 The internal state of Rijndael is stored in a number of local 32-bit
306 word varaibles which can be defined either as an array or as individual
307 names variables. Include this section if you want to store these local
308 varaibles in arrays. Otherwise individual local variables will be used.
309*/
310#if 1
311#define ARRAYS
312#endif
313
314/* In this implementation the columns of the state array are each held in
315 32-bit words. The state array can be held in various ways: in an array
316 of words, in a number of individual word variables or in a number of
317 processor registers. The following define maps a variable name x and
318 a column number c to the way the state array variable is to be held.
319 The first define below maps the state into an array x[c] whereas the
320 second form maps the state into a number of individual variables x0,
321 x1, etc. Another form could map individual state colums to machine
322 register names.
323*/
324
325#if defined(ARRAYS)
326#define s(x,c) x[c]
327#else
328#define s(x,c) x##c
329#endif
330
331/* 8. FIXED OR DYNAMIC TABLES
332
333 When this section is included the tables used by the code are compiled
334 statically into the binary file. Otherwise the subroutine gen_tabs()
335 must be called to compute them before the code is first used.
336*/
337#if 1
338#define FIXED_TABLES
339#define DO_TABLES
340#endif
341
342/* 9. TABLE ALIGNMENT
343
344 On some systems speed will be improved by aligning the AES large lookup
345 tables on particular boundaries. This define should be set to a power of
346 two giving the desired alignment. It can be left undefined if alignment
347 is not needed. This option is specific to the Microsft VC++ compiler -
348 it seems to sometimes cause trouble for the VC++ version 6 compiler.
349*/
350
351#if 0 && defined(_MSC_VER) && (_MSC_VER >= 1300)
352#define TABLE_ALIGN 64
353#endif
354
355/* 10. INTERNAL TABLE CONFIGURATION
356
357 This cipher proceeds by repeating in a number of cycles known as 'rounds'
358 which are implemented by a round function which can optionally be speeded
359 up using tables. The basic tables are each 256 32-bit words, with either
360 one or four tables being required for each round function depending on
361 how much speed is required. The encryption and decryption round functions
362 are different and the last encryption and decrytpion round functions are
363 different again making four different round functions in all.
364
365 This means that:
366 1. Normal encryption and decryption rounds can each use either 0, 1
367 or 4 tables and table spaces of 0, 1024 or 4096 bytes each.
368 2. The last encryption and decryption rounds can also use either 0, 1
369 or 4 tables and table spaces of 0, 1024 or 4096 bytes each.
370
371 Include or exclude the appropriate definitions below to set the number
372 of tables used by this implementation.
373*/
374
375#if 1 /* set tables for the normal encryption round */
376#define ENC_ROUND FOUR_TABLES
377#elif 0
378#define ENC_ROUND ONE_TABLE
379#else
380#define ENC_ROUND NO_TABLES
381#endif
382
383#if 1 /* set tables for the last encryption round */
384#define LAST_ENC_ROUND FOUR_TABLES
385#elif 0
386#define LAST_ENC_ROUND ONE_TABLE
387#else
388#define LAST_ENC_ROUND NO_TABLES
389#endif
390
391#if 1 /* set tables for the normal decryption round */
392#define DEC_ROUND FOUR_TABLES
393#elif 0
394#define DEC_ROUND ONE_TABLE
395#else
396#define DEC_ROUND NO_TABLES
397#endif
398
399#if 1 /* set tables for the last decryption round */
400#define LAST_DEC_ROUND FOUR_TABLES
401#elif 0
402#define LAST_DEC_ROUND ONE_TABLE
403#else
404#define LAST_DEC_ROUND NO_TABLES
405#endif
406
407/* The decryption key schedule can be speeded up with tables in the same
408 way that the round functions can. Include or exclude the following
409 defines to set this requirement.
410*/
411#if 1
412#define KEY_SCHED FOUR_TABLES
413#elif 0
414#define KEY_SCHED ONE_TABLE
415#else
416#define KEY_SCHED NO_TABLES
417#endif
418
419/* END OF CONFIGURATION OPTIONS */
420
421#define RC_LENGTH (5 * (AES_BLOCK_SIZE / 4 - 2))
422
423/* Disable or report errors on some combinations of options */
424
425#if ENC_ROUND == NO_TABLES && LAST_ENC_ROUND != NO_TABLES
426#undef LAST_ENC_ROUND
427#define LAST_ENC_ROUND NO_TABLES
428#elif ENC_ROUND == ONE_TABLE && LAST_ENC_ROUND == FOUR_TABLES
429#undef LAST_ENC_ROUND
430#define LAST_ENC_ROUND ONE_TABLE
431#endif
432
433#if ENC_ROUND == NO_TABLES && ENC_UNROLL != NONE
434#undef ENC_UNROLL
435#define ENC_UNROLL NONE
436#endif
437
438#if DEC_ROUND == NO_TABLES && LAST_DEC_ROUND != NO_TABLES
439#undef LAST_DEC_ROUND
440#define LAST_DEC_ROUND NO_TABLES
441#elif DEC_ROUND == ONE_TABLE && LAST_DEC_ROUND == FOUR_TABLES
442#undef LAST_DEC_ROUND
443#define LAST_DEC_ROUND ONE_TABLE
444#endif
445
446#if DEC_ROUND == NO_TABLES && DEC_UNROLL != NONE
447#undef DEC_UNROLL
448#define DEC_UNROLL NONE
449#endif
450
451/* upr(x,n): rotates bytes within words by n positions, moving bytes to
452 higher index positions with wrap around into low positions
453 ups(x,n): moves bytes by n positions to higher index positions in
454 words but without wrap around
455 bval(x,n): extracts a byte from a word
456
457 NOTE: The definitions given here are intended only for use with
458 unsigned variables and with shift counts that are compile
459 time constants
460*/
461
462#if (ALGORITHM_BYTE_ORDER == BRG_LITTLE_ENDIAN)
463#define upr(x,n) (((aes_32t)(x) << (8 * (n))) | ((aes_32t)(x) >> (32 - 8 * (n))))
464#define ups(x,n) ((aes_32t) (x) << (8 * (n)))
465#define bval(x,n) ((aes_08t)((x) >> (8 * (n))))
466#define bytes2word(b0, b1, b2, b3) \
467 (((aes_32t)(b3) << 24) | ((aes_32t)(b2) << 16) | ((aes_32t)(b1) << 8) | (b0))
468#endif
469
470#if (ALGORITHM_BYTE_ORDER == BRG_BIG_ENDIAN)
471#define upr(x,n) (((aes_32t)(x) >> (8 * (n))) | ((aes_32t)(x) << (32 - 8 * (n))))
472#define ups(x,n) ((aes_32t) (x) >> (8 * (n))))
473#define bval(x,n) ((aes_08t)((x) >> (24 - 8 * (n))))
474#define bytes2word(b0, b1, b2, b3) \
475 (((aes_32t)(b0) << 24) | ((aes_32t)(b1) << 16) | ((aes_32t)(b2) << 8) | (b3))
476#endif
477
478#if defined(SAFE_IO)
479
480#define word_in(x,c) bytes2word(((aes_08t*)(x)+4*c)[0], ((aes_08t*)(x)+4*c)[1], \
481 ((aes_08t*)(x)+4*c)[2], ((aes_08t*)(x)+4*c)[3])
482#define word_out(x,c,v) { ((aes_08t*)(x)+4*c)[0] = bval(v,0); ((aes_08t*)(x)+4*c)[1] = bval(v,1); \
483 ((aes_08t*)(x)+4*c)[2] = bval(v,2); ((aes_08t*)(x)+4*c)[3] = bval(v,3); }
484
485#elif (ALGORITHM_BYTE_ORDER == PLATFORM_BYTE_ORDER)
486
487#define word_in(x,c) (*((aes_32t*)(x)+(c)))
488#define word_out(x,c,v) (*((aes_32t*)(x)+(c)) = (v))
489
490#else
491
492#define word_in(x,c) aes_sw32(*((aes_32t*)(x)+(c)))
493#define word_out(x,c,v) (*((aes_32t*)(x)+(c)) = aes_sw32(v))
494
495#endif
496
497/* the finite field modular polynomial and elements */
498
499#define WPOLY 0x011b
500#define BPOLY 0x1b
501
502/* multiply four bytes in GF(2^8) by 'x' {02} in parallel */
503
504#define m1 0x80808080
505#define m2 0x7f7f7f7f
506#define gf_mulx(x) ((((x) & m2) << 1) ^ ((((x) & m1) >> 7) * BPOLY))
507
508/* The following defines provide alternative definitions of gf_mulx that might
509 give improved performance if a fast 32-bit multiply is not available. Note
510 that a temporary variable u needs to be defined where gf_mulx is used.
511
512#define gf_mulx(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6))
513#define m4 (0x01010101 * BPOLY)
514#define gf_mulx(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4)
515*/
516
517/* Work out which tables are needed for the different options */
518
519#ifdef AES_ASM
520#ifdef ENC_ROUND
521#undef ENC_ROUND
522#endif
523#define ENC_ROUND FOUR_TABLES
524#ifdef LAST_ENC_ROUND
525#undef LAST_ENC_ROUND
526#endif
527#define LAST_ENC_ROUND FOUR_TABLES
528#ifdef DEC_ROUND
529#undef DEC_ROUND
530#endif
531#define DEC_ROUND FOUR_TABLES
532#ifdef LAST_DEC_ROUND
533#undef LAST_DEC_ROUND
534#endif
535#define LAST_DEC_ROUND FOUR_TABLES
536#ifdef KEY_SCHED
537#undef KEY_SCHED
538#define KEY_SCHED FOUR_TABLES
539#endif
540#endif
541
542#if defined(ENCRYPTION) || defined(AES_ASM)
543#if ENC_ROUND == ONE_TABLE
544#define FT1_SET
545#elif ENC_ROUND == FOUR_TABLES
546#define FT4_SET
547#else
548#define SBX_SET
549#endif
550#if LAST_ENC_ROUND == ONE_TABLE
551#define FL1_SET
552#elif LAST_ENC_ROUND == FOUR_TABLES
553#define FL4_SET
554#elif !defined(SBX_SET)
555#define SBX_SET
556#endif
557#endif
558
559#if defined(DECRYPTION) || defined(AES_ASM)
560#if DEC_ROUND == ONE_TABLE
561#define IT1_SET
562#elif DEC_ROUND == FOUR_TABLES
563#define IT4_SET
564#else
565#define ISB_SET
566#endif
567#if LAST_DEC_ROUND == ONE_TABLE
568#define IL1_SET
569#elif LAST_DEC_ROUND == FOUR_TABLES
570#define IL4_SET
571#elif !defined(ISB_SET)
572#define ISB_SET
573#endif
574#endif
575
576#if defined(ENCRYPTION_KEY_SCHEDULE) || defined(DECRYPTION_KEY_SCHEDULE)
577#if KEY_SCHED == ONE_TABLE
578#define LS1_SET
579#define IM1_SET
580#elif KEY_SCHED == FOUR_TABLES
581#define LS4_SET
582#define IM4_SET
583#elif !defined(SBX_SET)
584#define SBX_SET
585#endif
586#endif
587
588/* generic definitions of Rijndael macros that use tables */
589
590#define no_table(x,box,vf,rf,c) bytes2word( \
591 box[bval(vf(x,0,c),rf(0,c))], \
592 box[bval(vf(x,1,c),rf(1,c))], \
593 box[bval(vf(x,2,c),rf(2,c))], \
594 box[bval(vf(x,3,c),rf(3,c))])
595
596#define one_table(x,op,tab,vf,rf,c) \
597 ( tab[bval(vf(x,0,c),rf(0,c))] \
598 ^ op(tab[bval(vf(x,1,c),rf(1,c))],1) \
599 ^ op(tab[bval(vf(x,2,c),rf(2,c))],2) \
600 ^ op(tab[bval(vf(x,3,c),rf(3,c))],3))
601
602#define four_tables(x,tab,vf,rf,c) \
603 ( tab[0][bval(vf(x,0,c),rf(0,c))] \
604 ^ tab[1][bval(vf(x,1,c),rf(1,c))] \
605 ^ tab[2][bval(vf(x,2,c),rf(2,c))] \
606 ^ tab[3][bval(vf(x,3,c),rf(3,c))])
607
608#define vf1(x,r,c) (x)
609#define rf1(r,c) (r)
610#define rf2(r,c) ((8+r-c)&3)
611
612/* perform forward and inverse column mix operation on four bytes in long word x in */
613/* parallel. NOTE: x must be a simple variable, NOT an expression in these macros. */
614
615#if defined(FM4_SET) /* not currently used */
616#define fwd_mcol(x) four_tables(x,t_use(f,m),vf1,rf1,0)
617#elif defined(FM1_SET) /* not currently used */
618#define fwd_mcol(x) one_table(x,upr,t_use(f,m),vf1,rf1,0)
619#else
620#define dec_fmvars aes_32t g2
621#define fwd_mcol(x) (g2 = gf_mulx(x), g2 ^ upr((x) ^ g2, 3) ^ upr((x), 2) ^ upr((x), 1))
622#endif
623
624#if defined(IM4_SET)
625#define inv_mcol(x) four_tables(x,t_use(i,m),vf1,rf1,0)
626#elif defined(IM1_SET)
627#define inv_mcol(x) one_table(x,upr,t_use(i,m),vf1,rf1,0)
628#else
629#define dec_imvars aes_32t g2, g4, g9
630#define inv_mcol(x) (g2 = gf_mulx(x), g4 = gf_mulx(g2), g9 = (x) ^ gf_mulx(g4), g4 ^= g9, \
631 (x) ^ g2 ^ g4 ^ upr(g2 ^ g9, 3) ^ upr(g4, 2) ^ upr(g9, 1))
632#endif
633
634#if defined(FL4_SET)
635#define ls_box(x,c) four_tables(x,t_use(f,l),vf1,rf2,c)
636#elif defined(LS4_SET)
637#define ls_box(x,c) four_tables(x,t_use(l,s),vf1,rf2,c)
638#elif defined(FL1_SET)
639#define ls_box(x,c) one_table(x,upr,t_use(f,l),vf1,rf2,c)
640#elif defined(LS1_SET)
641#define ls_box(x,c) one_table(x,upr,t_use(l,s),vf1,rf2,c)
642#else
643#define ls_box(x,c) no_table(x,t_use(s,box),vf1,rf2,c)
644#endif
645
646/* If there are no global variables, the definitions here can be
647 used to put the AES tables in a structure so that a pointer
648 can then be added to the AES context to pass them to the AES
649 routines that need them. If this facility is used, the calling
650 program has to ensure that this pointer is managed appropriately.
651 In particular, the value of the t_dec(in,it) item in the table
652 structure must be set to zero in order to ensure that the tables
653 are initialised. In practice the three code sequences in aeskey.c
654 that control the calls to gen_tabs() and the gen_tabs() routine
655 itself will have to be changed for a specific implementation. If
656 global variables are available it will generally be preferable to
657 use them with the precomputed FIXED_TABLES option that uses static
658 global tables.
659
660 The following defines can be used to control the way the tables
661 are defined, initialised and used in embedded environments that
662 require special features for these purposes
663
664 the 't_dec' construction is used to declare fixed table arrays
665 the 't_set' construction is used to set fixed table values
666 the 't_use' construction is used to access fixed table values
667
668 256 byte tables:
669
670 t_xxx(s,box) => forward S box
671 t_xxx(i,box) => inverse S box
672
673 256 32-bit word OR 4 x 256 32-bit word tables:
674
675 t_xxx(f,n) => forward normal round
676 t_xxx(f,l) => forward last round
677 t_xxx(i,n) => inverse normal round
678 t_xxx(i,l) => inverse last round
679 t_xxx(l,s) => key schedule table
680 t_xxx(i,m) => key schedule table
681
682 Other variables and tables:
683
684 t_xxx(r,c) => the rcon table
685*/
686
687#define t_dec(m,n) t_##m##n
688#define t_set(m,n) t_##m##n
689#define t_use(m,n) t_##m##n
690
691#if defined(DO_TABLES) /* declare and instantiate tables */
692
693/* finite field arithmetic operations for table generation */
694
695#if defined(FIXED_TABLES) || !defined(FF_TABLES)
696
697#define f2(x) ((x<<1) ^ (((x>>7) & 1) * WPOLY))
698#define f4(x) ((x<<2) ^ (((x>>6) & 1) * WPOLY) ^ (((x>>6) & 2) * WPOLY))
699#define f8(x) ((x<<3) ^ (((x>>5) & 1) * WPOLY) ^ (((x>>5) & 2) * WPOLY) \
700 ^ (((x>>5) & 4) * WPOLY))
701#define f3(x) (f2(x) ^ x)
702#define f9(x) (f8(x) ^ x)
703#define fb(x) (f8(x) ^ f2(x) ^ x)
704#define fd(x) (f8(x) ^ f4(x) ^ x)
705#define fe(x) (f8(x) ^ f4(x) ^ f2(x))
706
707#else
708
709#define f2(x) ((x) ? pow[log[x] + 0x19] : 0)
710#define f3(x) ((x) ? pow[log[x] + 0x01] : 0)
711#define f9(x) ((x) ? pow[log[x] + 0xc7] : 0)
712#define fb(x) ((x) ? pow[log[x] + 0x68] : 0)
713#define fd(x) ((x) ? pow[log[x] + 0xee] : 0)
714#define fe(x) ((x) ? pow[log[x] + 0xdf] : 0)
715#define fi(x) ((x) ? pow[ 255 - log[x]] : 0)
716
717#endif
718
719#if defined(FIXED_TABLES) /* declare and set values for static tables */
720
721#define sb_data(w) \
722 w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\
723 w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\
724 w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\
725 w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\
726 w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\
727 w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\
728 w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\
729 w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\
730 w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\
731 w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\
732 w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\
733 w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\
734 w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\
735 w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\
736 w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\
737 w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\
738 w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\
739 w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\
740 w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\
741 w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\
742 w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\
743 w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\
744 w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\
745 w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\
746 w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\
747 w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\
748 w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\
749 w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\
750 w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\
751 w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\
752 w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\
753 w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16)
754
755#define isb_data(w) \
756 w(0x52), w(0x09), w(0x6a), w(0xd5), w(0x30), w(0x36), w(0xa5), w(0x38),\
757 w(0xbf), w(0x40), w(0xa3), w(0x9e), w(0x81), w(0xf3), w(0xd7), w(0xfb),\
758 w(0x7c), w(0xe3), w(0x39), w(0x82), w(0x9b), w(0x2f), w(0xff), w(0x87),\
759 w(0x34), w(0x8e), w(0x43), w(0x44), w(0xc4), w(0xde), w(0xe9), w(0xcb),\
760 w(0x54), w(0x7b), w(0x94), w(0x32), w(0xa6), w(0xc2), w(0x23), w(0x3d),\
761 w(0xee), w(0x4c), w(0x95), w(0x0b), w(0x42), w(0xfa), w(0xc3), w(0x4e),\
762 w(0x08), w(0x2e), w(0xa1), w(0x66), w(0x28), w(0xd9), w(0x24), w(0xb2),\
763 w(0x76), w(0x5b), w(0xa2), w(0x49), w(0x6d), w(0x8b), w(0xd1), w(0x25),\
764 w(0x72), w(0xf8), w(0xf6), w(0x64), w(0x86), w(0x68), w(0x98), w(0x16),\
765 w(0xd4), w(0xa4), w(0x5c), w(0xcc), w(0x5d), w(0x65), w(0xb6), w(0x92),\
766 w(0x6c), w(0x70), w(0x48), w(0x50), w(0xfd), w(0xed), w(0xb9), w(0xda),\
767 w(0x5e), w(0x15), w(0x46), w(0x57), w(0xa7), w(0x8d), w(0x9d), w(0x84),\
768 w(0x90), w(0xd8), w(0xab), w(0x00), w(0x8c), w(0xbc), w(0xd3), w(0x0a),\
769 w(0xf7), w(0xe4), w(0x58), w(0x05), w(0xb8), w(0xb3), w(0x45), w(0x06),\
770 w(0xd0), w(0x2c), w(0x1e), w(0x8f), w(0xca), w(0x3f), w(0x0f), w(0x02),\
771 w(0xc1), w(0xaf), w(0xbd), w(0x03), w(0x01), w(0x13), w(0x8a), w(0x6b),\
772 w(0x3a), w(0x91), w(0x11), w(0x41), w(0x4f), w(0x67), w(0xdc), w(0xea),\
773 w(0x97), w(0xf2), w(0xcf), w(0xce), w(0xf0), w(0xb4), w(0xe6), w(0x73),\
774 w(0x96), w(0xac), w(0x74), w(0x22), w(0xe7), w(0xad), w(0x35), w(0x85),\
775 w(0xe2), w(0xf9), w(0x37), w(0xe8), w(0x1c), w(0x75), w(0xdf), w(0x6e),\
776 w(0x47), w(0xf1), w(0x1a), w(0x71), w(0x1d), w(0x29), w(0xc5), w(0x89),\
777 w(0x6f), w(0xb7), w(0x62), w(0x0e), w(0xaa), w(0x18), w(0xbe), w(0x1b),\
778 w(0xfc), w(0x56), w(0x3e), w(0x4b), w(0xc6), w(0xd2), w(0x79), w(0x20),\
779 w(0x9a), w(0xdb), w(0xc0), w(0xfe), w(0x78), w(0xcd), w(0x5a), w(0xf4),\
780 w(0x1f), w(0xdd), w(0xa8), w(0x33), w(0x88), w(0x07), w(0xc7), w(0x31),\
781 w(0xb1), w(0x12), w(0x10), w(0x59), w(0x27), w(0x80), w(0xec), w(0x5f),\
782 w(0x60), w(0x51), w(0x7f), w(0xa9), w(0x19), w(0xb5), w(0x4a), w(0x0d),\
783 w(0x2d), w(0xe5), w(0x7a), w(0x9f), w(0x93), w(0xc9), w(0x9c), w(0xef),\
784 w(0xa0), w(0xe0), w(0x3b), w(0x4d), w(0xae), w(0x2a), w(0xf5), w(0xb0),\
785 w(0xc8), w(0xeb), w(0xbb), w(0x3c), w(0x83), w(0x53), w(0x99), w(0x61),\
786 w(0x17), w(0x2b), w(0x04), w(0x7e), w(0xba), w(0x77), w(0xd6), w(0x26),\
787 w(0xe1), w(0x69), w(0x14), w(0x63), w(0x55), w(0x21), w(0x0c), w(0x7d),
788
789#define mm_data(w) \
790 w(0x00), w(0x01), w(0x02), w(0x03), w(0x04), w(0x05), w(0x06), w(0x07),\
791 w(0x08), w(0x09), w(0x0a), w(0x0b), w(0x0c), w(0x0d), w(0x0e), w(0x0f),\
792 w(0x10), w(0x11), w(0x12), w(0x13), w(0x14), w(0x15), w(0x16), w(0x17),\
793 w(0x18), w(0x19), w(0x1a), w(0x1b), w(0x1c), w(0x1d), w(0x1e), w(0x1f),\
794 w(0x20), w(0x21), w(0x22), w(0x23), w(0x24), w(0x25), w(0x26), w(0x27),\
795 w(0x28), w(0x29), w(0x2a), w(0x2b), w(0x2c), w(0x2d), w(0x2e), w(0x2f),\
796 w(0x30), w(0x31), w(0x32), w(0x33), w(0x34), w(0x35), w(0x36), w(0x37),\
797 w(0x38), w(0x39), w(0x3a), w(0x3b), w(0x3c), w(0x3d), w(0x3e), w(0x3f),\
798 w(0x40), w(0x41), w(0x42), w(0x43), w(0x44), w(0x45), w(0x46), w(0x47),\
799 w(0x48), w(0x49), w(0x4a), w(0x4b), w(0x4c), w(0x4d), w(0x4e), w(0x4f),\
800 w(0x50), w(0x51), w(0x52), w(0x53), w(0x54), w(0x55), w(0x56), w(0x57),\
801 w(0x58), w(0x59), w(0x5a), w(0x5b), w(0x5c), w(0x5d), w(0x5e), w(0x5f),\
802 w(0x60), w(0x61), w(0x62), w(0x63), w(0x64), w(0x65), w(0x66), w(0x67),\
803 w(0x68), w(0x69), w(0x6a), w(0x6b), w(0x6c), w(0x6d), w(0x6e), w(0x6f),\
804 w(0x70), w(0x71), w(0x72), w(0x73), w(0x74), w(0x75), w(0x76), w(0x77),\
805 w(0x78), w(0x79), w(0x7a), w(0x7b), w(0x7c), w(0x7d), w(0x7e), w(0x7f),\
806 w(0x80), w(0x81), w(0x82), w(0x83), w(0x84), w(0x85), w(0x86), w(0x87),\
807 w(0x88), w(0x89), w(0x8a), w(0x8b), w(0x8c), w(0x8d), w(0x8e), w(0x8f),\
808 w(0x90), w(0x91), w(0x92), w(0x93), w(0x94), w(0x95), w(0x96), w(0x97),\
809 w(0x98), w(0x99), w(0x9a), w(0x9b), w(0x9c), w(0x9d), w(0x9e), w(0x9f),\
810 w(0xa0), w(0xa1), w(0xa2), w(0xa3), w(0xa4), w(0xa5), w(0xa6), w(0xa7),\
811 w(0xa8), w(0xa9), w(0xaa), w(0xab), w(0xac), w(0xad), w(0xae), w(0xaf),\
812 w(0xb0), w(0xb1), w(0xb2), w(0xb3), w(0xb4), w(0xb5), w(0xb6), w(0xb7),\
813 w(0xb8), w(0xb9), w(0xba), w(0xbb), w(0xbc), w(0xbd), w(0xbe), w(0xbf),\
814 w(0xc0), w(0xc1), w(0xc2), w(0xc3), w(0xc4), w(0xc5), w(0xc6), w(0xc7),\
815 w(0xc8), w(0xc9), w(0xca), w(0xcb), w(0xcc), w(0xcd), w(0xce), w(0xcf),\
816 w(0xd0), w(0xd1), w(0xd2), w(0xd3), w(0xd4), w(0xd5), w(0xd6), w(0xd7),\
817 w(0xd8), w(0xd9), w(0xda), w(0xdb), w(0xdc), w(0xdd), w(0xde), w(0xdf),\
818 w(0xe0), w(0xe1), w(0xe2), w(0xe3), w(0xe4), w(0xe5), w(0xe6), w(0xe7),\
819 w(0xe8), w(0xe9), w(0xea), w(0xeb), w(0xec), w(0xed), w(0xee), w(0xef),\
820 w(0xf0), w(0xf1), w(0xf2), w(0xf3), w(0xf4), w(0xf5), w(0xf6), w(0xf7),\
821 w(0xf8), w(0xf9), w(0xfa), w(0xfb), w(0xfc), w(0xfd), w(0xfe), w(0xff)
822
823#define h0(x) (x)
824
825/* These defines are used to ensure tables are generated in the
826 right format depending on the internal byte order required
827*/
828
829#define w0(p) bytes2word(p, 0, 0, 0)
830#define w1(p) bytes2word(0, p, 0, 0)
831#define w2(p) bytes2word(0, 0, p, 0)
832#define w3(p) bytes2word(0, 0, 0, p)
833
834#define u0(p) bytes2word(f2(p), p, p, f3(p))
835#define u1(p) bytes2word(f3(p), f2(p), p, p)
836#define u2(p) bytes2word(p, f3(p), f2(p), p)
837#define u3(p) bytes2word(p, p, f3(p), f2(p))
838
839#define v0(p) bytes2word(fe(p), f9(p), fd(p), fb(p))
840#define v1(p) bytes2word(fb(p), fe(p), f9(p), fd(p))
841#define v2(p) bytes2word(fd(p), fb(p), fe(p), f9(p))
842#define v3(p) bytes2word(f9(p), fd(p), fb(p), fe(p))
843
844const aes_32t t_dec(r,c)[RC_LENGTH] =
845{
846 w0(0x01), w0(0x02), w0(0x04), w0(0x08), w0(0x10),
847 w0(0x20), w0(0x40), w0(0x80), w0(0x1b), w0(0x36)
848};
849
850#if defined(__BORLANDC__)
851 #define concat(s1, s2) s1##s2
852 #define d_1(t,n,b,v) const t n[256] = { b(concat(v,0)) }
853 #define d_4(t,n,b,v) const t n[4][256] = { { b(concat(v,0)) }, { b(concat(v,1)) }, { b(concat(v,2)) }, { b(concat(v,3)) } }
854#else
855 #define d_1(t,n,b,v) const t n[256] = { b(v##0) }
856 #define d_4(t,n,b,v) const t n[4][256] = { { b(v##0) }, { b(v##1) }, { b(v##2) }, { b(v##3) } }
857#endif
858
859#else /* declare and instantiate tables for dynamic value generation in in tab.c */
860
861aes_32t t_dec(r,c)[RC_LENGTH];
862
863#define d_1(t,n,b,v) t n[256]
864#define d_4(t,n,b,v) t n[4][256]
865
866#endif
867
868#else /* declare tables without instantiation */
869
870#if defined(FIXED_TABLES)
871
872extern const aes_32t t_dec(r,c)[RC_LENGTH];
873
874#if defined(_MSC_VER) && defined(TABLE_ALIGN)
875#define d_1(t,n,b,v) extern __declspec(align(TABLE_ALIGN)) const t n[256]
876#define d_4(t,n,b,v) extern __declspec(align(TABLE_ALIGN)) const t n[4][256]
877#else
878#define d_1(t,n,b,v) extern const t n[256]
879#define d_4(t,n,b,v) extern const t n[4][256]
880#endif
881#else
882
883extern aes_32t t_dec(r,c)[RC_LENGTH];
884
885#if defined(_MSC_VER) && defined(TABLE_ALIGN)
886#define d_1(t,n,b,v) extern __declspec(align(TABLE_ALIGN)) t n[256]
887#define d_4(t,n,b,v) extern __declspec(align(TABLE_ALIGN)) t n[4][256]
888#else
889#define d_1(t,n,b,v) extern t n[256]
890#define d_4(t,n,b,v) extern t n[4][256]
891#endif
892#endif
893
894#endif
895
896#ifdef SBX_SET
897 d_1(aes_08t, t_dec(s,box), sb_data, h);
898#endif
899#ifdef ISB_SET
900 d_1(aes_08t, t_dec(i,box), isb_data, h);
901#endif
902
903#ifdef FT1_SET
904 d_1(aes_32t, t_dec(f,n), sb_data, u);
905#endif
906#ifdef FT4_SET
907 d_4(aes_32t, t_dec(f,n), sb_data, u);
908#endif
909
910#ifdef FL1_SET
911 d_1(aes_32t, t_dec(f,l), sb_data, w);
912#endif
913#ifdef FL4_SET
914 d_4(aes_32t, t_dec(f,l), sb_data, w);
915#endif
916
917#ifdef IT1_SET
918 d_1(aes_32t, t_dec(i,n), isb_data, v);
919#endif
920#ifdef IT4_SET
921 d_4(aes_32t, t_dec(i,n), isb_data, v);
922#endif
923
924#ifdef IL1_SET
925 d_1(aes_32t, t_dec(i,l), isb_data, w);
926#endif
927#ifdef IL4_SET
928 d_4(aes_32t, t_dec(i,l), isb_data, w);
929#endif
930
931#ifdef LS1_SET
932#ifdef FL1_SET
933#undef LS1_SET
934#else
935 d_1(aes_32t, t_dec(l,s), sb_data, w);
936#endif
937#endif
938
939#ifdef LS4_SET
940#ifdef FL4_SET
941#undef LS4_SET
942#else
943 d_4(aes_32t, t_dec(l,s), sb_data, w);
944#endif
945#endif
946
947#ifdef IM1_SET
948 d_1(aes_32t, t_dec(i,m), mm_data, v);
949#endif
950#ifdef IM4_SET
951 d_4(aes_32t, t_dec(i,m), mm_data, v);
952#endif
953
954#endif
955
generated by cgit v1.1 at 2024-06-27 09:43:18 +0000