Reorganized aes_invert_key with new tables.

27344436 · Niels Möller · 8cf98222 · 27344436 · 27344436 · 27344436
Commit 27344436 authored Apr 14, 2012 by Niels Möller
--- a/ChangeLog
+++ b/ChangeLog
+2012-04-14  Niels Möller  <nisse@lysator.liu.se>
+
+	* aes-set-decrypt-key.c (gf2_log, gf2_exp): Deleted tables.
+	(mult, inv_mix_column): Deleted functions.
+	(mtable): New table.
+	(MIX_COLUMN): New macro.
+	(aes_invert_key): Use MIX_COLUMN and mtable.
+
+	* aesdata.c (compute_mtable): New table, for the inv mix column
+	operation in aes_invert_key.
+
 2012-04-13  Niels Möller  <nisse@lysator.liu.se>

 	* aes-set-encrypt-key.c (aes_set_encrypt_key): Use LE_READ_UINT32.

--- a/aes-set-decrypt-key.c
+++ b/aes-set-decrypt-key.c
@@ -31,108 +31,93 @@

 #include "aes-internal.h"

-/* Tables for computations in the AES GF2 field. */
-static const uint8_t gf2_log[0x100] =
-{
-  0x00,0x00,0x19,0x01,0x32,0x02,0x1a,0xc6,
-  0x4b,0xc7,0x1b,0x68,0x33,0xee,0xdf,0x03,
-  0x64,0x04,0xe0,0x0e,0x34,0x8d,0x81,0xef,
-  0x4c,0x71,0x08,0xc8,0xf8,0x69,0x1c,0xc1,
-  0x7d,0xc2,0x1d,0xb5,0xf9,0xb9,0x27,0x6a,
-  0x4d,0xe4,0xa6,0x72,0x9a,0xc9,0x09,0x78,
-  0x65,0x2f,0x8a,0x05,0x21,0x0f,0xe1,0x24,
-  0x12,0xf0,0x82,0x45,0x35,0x93,0xda,0x8e,
-  0x96,0x8f,0xdb,0xbd,0x36,0xd0,0xce,0x94,
-  0x13,0x5c,0xd2,0xf1,0x40,0x46,0x83,0x38,
-  0x66,0xdd,0xfd,0x30,0xbf,0x06,0x8b,0x62,
-  0xb3,0x25,0xe2,0x98,0x22,0x88,0x91,0x10,
-  0x7e,0x6e,0x48,0xc3,0xa3,0xb6,0x1e,0x42,
-  0x3a,0x6b,0x28,0x54,0xfa,0x85,0x3d,0xba,
-  0x2b,0x79,0x0a,0x15,0x9b,0x9f,0x5e,0xca,
-  0x4e,0xd4,0xac,0xe5,0xf3,0x73,0xa7,0x57,
-  0xaf,0x58,0xa8,0x50,0xf4,0xea,0xd6,0x74,
-  0x4f,0xae,0xe9,0xd5,0xe7,0xe6,0xad,0xe8,
-  0x2c,0xd7,0x75,0x7a,0xeb,0x16,0x0b,0xf5,
-  0x59,0xcb,0x5f,0xb0,0x9c,0xa9,0x51,0xa0,
-  0x7f,0x0c,0xf6,0x6f,0x17,0xc4,0x49,0xec,
-  0xd8,0x43,0x1f,0x2d,0xa4,0x76,0x7b,0xb7,
-  0xcc,0xbb,0x3e,0x5a,0xfb,0x60,0xb1,0x86,
-  0x3b,0x52,0xa1,0x6c,0xaa,0x55,0x29,0x9d,
-  0x97,0xb2,0x87,0x90,0x61,0xbe,0xdc,0xfc,
-  0xbc,0x95,0xcf,0xcd,0x37,0x3f,0x5b,0xd1,
-  0x53,0x39,0x84,0x3c,0x41,0xa2,0x6d,0x47,
-  0x14,0x2a,0x9e,0x5d,0x56,0xf2,0xd3,0xab,
-  0x44,0x11,0x92,0xd9,0x23,0x20,0x2e,0x89,
-  0xb4,0x7c,0xb8,0x26,0x77,0x99,0xe3,0xa5,
-  0x67,0x4a,0xed,0xde,0xc5,0x31,0xfe,0x18,
-  0x0d,0x63,0x8c,0x80,0xc0,0xf7,0x70,0x07,
-};
+#include "macros.h"

-static const uint8_t gf2_exp[0x100] =
+/* NOTE: We don't include rotated versions of the table. */
+static const uint32_t mtable[0x100] =
 {
-  0x01,0x03,0x05,0x0f,0x11,0x33,0x55,0xff,
-  0x1a,0x2e,0x72,0x96,0xa1,0xf8,0x13,0x35,
-  0x5f,0xe1,0x38,0x48,0xd8,0x73,0x95,0xa4,
-  0xf7,0x02,0x06,0x0a,0x1e,0x22,0x66,0xaa,
-  0xe5,0x34,0x5c,0xe4,0x37,0x59,0xeb,0x26,
-  0x6a,0xbe,0xd9,0x70,0x90,0xab,0xe6,0x31,
-  0x53,0xf5,0x04,0x0c,0x14,0x3c,0x44,0xcc,
-  0x4f,0xd1,0x68,0xb8,0xd3,0x6e,0xb2,0xcd,
-  0x4c,0xd4,0x67,0xa9,0xe0,0x3b,0x4d,0xd7,
-  0x62,0xa6,0xf1,0x08,0x18,0x28,0x78,0x88,
-  0x83,0x9e,0xb9,0xd0,0x6b,0xbd,0xdc,0x7f,
-  0x81,0x98,0xb3,0xce,0x49,0xdb,0x76,0x9a,
-  0xb5,0xc4,0x57,0xf9,0x10,0x30,0x50,0xf0,
-  0x0b,0x1d,0x27,0x69,0xbb,0xd6,0x61,0xa3,
-  0xfe,0x19,0x2b,0x7d,0x87,0x92,0xad,0xec,
-  0x2f,0x71,0x93,0xae,0xe9,0x20,0x60,0xa0,
-  0xfb,0x16,0x3a,0x4e,0xd2,0x6d,0xb7,0xc2,
-  0x5d,0xe7,0x32,0x56,0xfa,0x15,0x3f,0x41,
-  0xc3,0x5e,0xe2,0x3d,0x47,0xc9,0x40,0xc0,
-  0x5b,0xed,0x2c,0x74,0x9c,0xbf,0xda,0x75,
-  0x9f,0xba,0xd5,0x64,0xac,0xef,0x2a,0x7e,
-  0x82,0x9d,0xbc,0xdf,0x7a,0x8e,0x89,0x80,
-  0x9b,0xb6,0xc1,0x58,0xe8,0x23,0x65,0xaf,
-  0xea,0x25,0x6f,0xb1,0xc8,0x43,0xc5,0x54,
-  0xfc,0x1f,0x21,0x63,0xa5,0xf4,0x07,0x09,
-  0x1b,0x2d,0x77,0x99,0xb0,0xcb,0x46,0xca,
-  0x45,0xcf,0x4a,0xde,0x79,0x8b,0x86,0x91,
-  0xa8,0xe3,0x3e,0x42,0xc6,0x51,0xf3,0x0e,
-  0x12,0x36,0x5a,0xee,0x29,0x7b,0x8d,0x8c,
-  0x8f,0x8a,0x85,0x94,0xa7,0xf2,0x0d,0x17,
-  0x39,0x4b,0xdd,0x7c,0x84,0x97,0xa2,0xfd,
-  0x1c,0x24,0x6c,0xb4,0xc7,0x52,0xf6,0x01,
+  0x00000000,0x0b0d090e,0x161a121c,0x1d171b12,
+  0x2c342438,0x27392d36,0x3a2e3624,0x31233f2a,
+  0x58684870,0x5365417e,0x4e725a6c,0x457f5362,
+  0x745c6c48,0x7f516546,0x62467e54,0x694b775a,
+  0xb0d090e0,0xbbdd99ee,0xa6ca82fc,0xadc78bf2,
+  0x9ce4b4d8,0x97e9bdd6,0x8afea6c4,0x81f3afca,
+  0xe8b8d890,0xe3b5d19e,0xfea2ca8c,0xf5afc382,
+  0xc48cfca8,0xcf81f5a6,0xd296eeb4,0xd99be7ba,
+  0x7bbb3bdb,0x70b632d5,0x6da129c7,0x66ac20c9,
+  0x578f1fe3,0x5c8216ed,0x41950dff,0x4a9804f1,
+  0x23d373ab,0x28de7aa5,0x35c961b7,0x3ec468b9,
+  0x0fe75793,0x04ea5e9d,0x19fd458f,0x12f04c81,
+  0xcb6bab3b,0xc066a235,0xdd71b927,0xd67cb029,
+  0xe75f8f03,0xec52860d,0xf1459d1f,0xfa489411,
+  0x9303e34b,0x980eea45,0x8519f157,0x8e14f859,
+  0xbf37c773,0xb43ace7d,0xa92dd56f,0xa220dc61,
+  0xf66d76ad,0xfd607fa3,0xe07764b1,0xeb7a6dbf,
+  0xda595295,0xd1545b9b,0xcc434089,0xc74e4987,
+  0xae053edd,0xa50837d3,0xb81f2cc1,0xb31225cf,
+  0x82311ae5,0x893c13eb,0x942b08f9,0x9f2601f7,
+  0x46bde64d,0x4db0ef43,0x50a7f451,0x5baafd5f,
+  0x6a89c275,0x6184cb7b,0x7c93d069,0x779ed967,
+  0x1ed5ae3d,0x15d8a733,0x08cfbc21,0x03c2b52f,
+  0x32e18a05,0x39ec830b,0x24fb9819,0x2ff69117,
+  0x8dd64d76,0x86db4478,0x9bcc5f6a,0x90c15664,
+  0xa1e2694e,0xaaef6040,0xb7f87b52,0xbcf5725c,
+  0xd5be0506,0xdeb30c08,0xc3a4171a,0xc8a91e14,
+  0xf98a213e,0xf2872830,0xef903322,0xe49d3a2c,
+  0x3d06dd96,0x360bd498,0x2b1ccf8a,0x2011c684,
+  0x1132f9ae,0x1a3ff0a0,0x0728ebb2,0x0c25e2bc,
+  0x656e95e6,0x6e639ce8,0x737487fa,0x78798ef4,
+  0x495ab1de,0x4257b8d0,0x5f40a3c2,0x544daacc,
+  0xf7daec41,0xfcd7e54f,0xe1c0fe5d,0xeacdf753,
+  0xdbeec879,0xd0e3c177,0xcdf4da65,0xc6f9d36b,
+  0xafb2a431,0xa4bfad3f,0xb9a8b62d,0xb2a5bf23,
+  0x83868009,0x888b8907,0x959c9215,0x9e919b1b,
+  0x470a7ca1,0x4c0775af,0x51106ebd,0x5a1d67b3,
+  0x6b3e5899,0x60335197,0x7d244a85,0x7629438b,
+  0x1f6234d1,0x146f3ddf,0x097826cd,0x02752fc3,
+  0x335610e9,0x385b19e7,0x254c02f5,0x2e410bfb,
+  0x8c61d79a,0x876cde94,0x9a7bc586,0x9176cc88,
+  0xa055f3a2,0xab58faac,0xb64fe1be,0xbd42e8b0,
+  0xd4099fea,0xdf0496e4,0xc2138df6,0xc91e84f8,
+  0xf83dbbd2,0xf330b2dc,0xee27a9ce,0xe52aa0c0,
+  0x3cb1477a,0x37bc4e74,0x2aab5566,0x21a65c68,
+  0x10856342,0x1b886a4c,0x069f715e,0x0d927850,
+  0x64d90f0a,0x6fd40604,0x72c31d16,0x79ce1418,
+  0x48ed2b32,0x43e0223c,0x5ef7392e,0x55fa3020,
+  0x01b79aec,0x0aba93e2,0x17ad88f0,0x1ca081fe,
+  0x2d83bed4,0x268eb7da,0x3b99acc8,0x3094a5c6,
+  0x59dfd29c,0x52d2db92,0x4fc5c080,0x44c8c98e,
+  0x75ebf6a4,0x7ee6ffaa,0x63f1e4b8,0x68fcedb6,
+  0xb1670a0c,0xba6a0302,0xa77d1810,0xac70111e,
+  0x9d532e34,0x965e273a,0x8b493c28,0x80443526,
+  0xe90f427c,0xe2024b72,0xff155060,0xf418596e,
+  0xc53b6644,0xce366f4a,0xd3217458,0xd82c7d56,
+  0x7a0ca137,0x7101a839,0x6c16b32b,0x671bba25,
+  0x5638850f,0x5d358c01,0x40229713,0x4b2f9e1d,
+  0x2264e947,0x2969e049,0x347efb5b,0x3f73f255,
+  0x0e50cd7f,0x055dc471,0x184adf63,0x1347d66d,
+  0xcadc31d7,0xc1d138d9,0xdcc623cb,0xd7cb2ac5,
+  0xe6e815ef,0xede51ce1,0xf0f207f3,0xfbff0efd,
+  0x92b479a7,0x99b970a9,0x84ae6bbb,0x8fa362b5,
+  0xbe805d9f,0xb58d5491,0xa89a4f83,0xa397468d,
 };

-static unsigned
-mult(unsigned a, unsigned b)
-{
-  return (a && b) ? gf2_exp[ (gf2_log[a] + gf2_log[b]) % 255] : 0;
-}
-
-static void
-inv_mix_column(uint32_t *a)
-{
-  uint8_t c[4][4];
-  unsigned i, j;
-	
-  for (j = 0; j < 4; j++)
-    {
-      for(i = 0; i < 4; i++)
-	{
-	  c[j][i] = mult(0xe, (a[j] >> i*8) & 0xff)
-	    ^ mult(0xb, (a[j] >> ((i+1)%4)*8) & 0xff)
-	    ^ mult(0xd, (a[j] >> ((i+2)%4)*8) & 0xff)
-	    ^ mult(0x9, (a[j] >> ((i+3)%4)*8) & 0xff);
-	}
-    }
-  for (i = 0; i < 4; i++)
-    {
-      a[i] = 0;
-      for(j = 0; j < 4; j++)
-	a[i] |= c[i][j] << (j*8);
-    }
-}
+#define MIX_COLUMN(T, key) do { \
+    uint32_t _k, _nk, _t;	\
+    _k = (key);			\
+    _nk = T[_k & 0xff];		\
+    _k >>= 8;			\
+    _t = T[_k & 0xff];		\
+    _nk ^= ROTL32(8, _t);	\
+    _k >>= 8;			\
+    _t = T[_k & 0xff];		\
+    _nk ^= ROTL32(16, _t);	\
+    _k >>= 8;			\
+    _t = T[_k & 0xff];		\
+    _nk ^= ROTL32(24, _t);	\
+    (key) = _nk;		\
+  } while(0)
+  

 #define SWAP(a, b) \
 do { uint32_t t_swap = (a); (a) = (b); (b) = t_swap; } while(0)
@@ -170,8 +155,8 @@ aes_invert_key(struct aes_ctx *dst,
    }

  /* Transform all subkeys but the first and last. */
-  for (i = 4; i < 4 * nrounds; i += 4)
-    inv_mix_column(dst->keys + i);
+  for (i = 4; i < 4 * nrounds; i++)
+    MIX_COLUMN (mtable, dst->keys[i]);
 }

 void

--- a/aesdata.c
+++ b/aesdata.c
@@ -28,6 +28,7 @@ uint8_t gf2_exp[0x100];

 uint32_t dtable[4][0x100];
 uint32_t itable[4][0x100];
+uint32_t mtable[4][0x100];

 static unsigned
 xtime(unsigned x)
@@ -137,6 +138,24 @@ compute_itable(void)
    }
 }

+/* Used for key inversion, inverse mix column. No sbox. */
+static void
+compute_mtable(void)
+{
+  unsigned i;
+  for (i = 0; i<0x100; i++)
+    {
+      unsigned j;
+      uint32_t t = ( (mult(i, 0xb) << 24)
+		   | (mult(i, 0xd) << 16)
+		   | (mult(i, 0x9) << 8)
+		   | (mult(i, 0xe) ));
+      
+      for (j = 0; j<4; j++, t = (t << 8) | (t >> 24))
+	mtable[j][i] = t;
+    }
+}
+
 static void
 display_byte_table(const char *name, uint8_t *table)
 {
@@ -200,7 +219,10 @@ main(int argc, char **argv)

      compute_itable();
      display_table("itable", itable);
-  
+
+      compute_mtable();
+      display_table("mtable", mtable);
+
      return 0;
    }
  else if (argc == 2)