Rizin
unix-like reverse engineering framework and cli tools
aesdata.c
Go to the documentation of this file.
1 // SPDX-FileCopyrightText: 2002 Niels Möller
2 // SPDX-License-Identifier: LGPL-3.0-only
3 
4 #include <assert.h>
5 #include <stdlib.h>
6 #include <stdio.h>
7 #include <string.h>
8 
9 #if 1
10 # define BYTE_FORMAT "0x%02x"
11 # define BYTE_COLUMNS 8
12 #else
13 # define BYTE_FORMAT "%3d"
14 # define BYTE_COLUMNS 0x10
15 #endif
16 
17 #define WORD_FORMAT "0x%08lx"
18 #define WORD_COLUMNS 4
19 
20 unsigned char sbox[0x100];
21 unsigned char isbox[0x100];
22 
23 unsigned char gf2_log[0x100];
24 unsigned char gf2_exp[0x100];
25 
26 unsigned long dtable[4][0x100];
27 unsigned long itable[4][0x100];
28 unsigned long mtable[4][0x100];
29 
30 static unsigned
31 xtime(unsigned x)
32 {
33  assert (x < 0x100);
34 
35  x <<= 1;
36  if (x & 0x100)
37  x ^= 0x11b;
38 
39  assert (x < 0x100);
40 
41  return x;
42 }
43 
44 /* Computes the exponentiatiom and logarithm tables for GF_2, to the
45  * base x+1 (0x03). The unit element is 1 (0x01).*/
46 static void
47 compute_log(void)
48 {
49  unsigned i = 0;
50  unsigned x = 1;
51 
52  memset(gf2_log, 0, 0x100);
53 
54  for (i = 0; i < 0x100; i++, x = x ^ xtime(x))
55  {
56  gf2_exp[i] = x;
57  gf2_log[x] = i;
58  }
59  /* Invalid. */
60  gf2_log[0] = 0;
61  /* The loop above sets gf2_log[1] = 0xff, which is correct,
62  * but gf2_log[1] = 0 is nicer. */
63  gf2_log[1] = 0;
64 }
65 
66 static unsigned
67 mult(unsigned a, unsigned b)
68 {
69  return (a && b) ? gf2_exp[ (gf2_log[a] + gf2_log[b]) % 255] : 0;
70 }
71 
72 static unsigned
73 invert(unsigned x)
74 {
75  return x ? gf2_exp[0xff - gf2_log[x]] : 0;
76 }
77 
78 static unsigned
79 affine(unsigned x)
80 {
81  return 0xff &
82  (0x63^x^(x>>4)^(x<<4)^(x>>5)^(x<<3)^(x>>6)^(x<<2)^(x>>7)^(x<<1));
83 }
84 
85 static void
86 compute_sbox(void)
87 {
88  unsigned i;
89  for (i = 0; i<0x100; i++)
90  {
91  sbox[i] = affine(invert(i));
92  isbox[sbox[i]] = i;
93  }
94 }
95 
96 /* Generate little endian tables, i.e. the first row of the AES state
97  * arrays occupies the least significant byte of the words.
98  *
99  * The sbox values are multiplied with the column of GF2 coefficients
100  * of the polynomial 03 x^3 + x^2 + x + 02. */
101 static void
102 compute_dtable(void)
103 {
104  unsigned i;
105  for (i = 0; i<0x100; i++)
106  {
107  unsigned s = sbox[i];
108  unsigned j;
109  unsigned long t =( ( (s ^ xtime(s)) << 24)
110  | (s << 16) | (s << 8)
111  | xtime(s) );
112 
113  for (j = 0; j<4; j++, t = (t << 8) | (t >> 24))
114  dtable[j][i] = t;
115  }
116 }
117 
118 /* The inverse sbox values are multiplied with the column of GF2 coefficients
119  * of the polynomial inverse 0b x^3 + 0d x^2 + 09 x + 0e. */
120 static void
121 compute_itable(void)
122 {
123  unsigned i;
124  for (i = 0; i<0x100; i++)
125  {
126  unsigned s = isbox[i];
127  unsigned j;
128  unsigned long t = ( (mult(s, 0xb) << 24)
129  | (mult(s, 0xd) << 16)
130  | (mult(s, 0x9) << 8)
131  | (mult(s, 0xe) ));
132 
133  for (j = 0; j<4; j++, t = (t << 8) | (t >> 24))
134  itable[j][i] = t;
135  }
136 }
137 
138 /* Used for key inversion, inverse mix column. No sbox. */
139 static void
140 compute_mtable(void)
141 {
142  unsigned i;
143  for (i = 0; i<0x100; i++)
144  {
145  unsigned j;
146  unsigned long t = ( (mult(i, 0xb) << 24)
147  | (mult(i, 0xd) << 16)
148  | (mult(i, 0x9) << 8)
149  | (mult(i, 0xe) ));
150 
151  for (j = 0; j<4; j++, t = (t << 8) | (t >> 24))
152  mtable[j][i] = t;
153  }
154 }
155 
156 static void
157 display_byte_table(const char *name, unsigned char *table)
158 {
159  unsigned i, j;
160 
161  printf("uint8_t %s[0x100] =\n{", name);
162 
163  for (i = 0; i<0x100; i+= BYTE_COLUMNS)
164  {
165  printf("\n ");
166  for (j = 0; j<BYTE_COLUMNS; j++)
167  printf(BYTE_FORMAT ",", table[i + j]);
168  }
169 
170  printf("\n};\n\n");
171 }
172 
173 static void
174 display_table(const char *name, unsigned long table[][0x100])
175 {
176  unsigned i, j, k;
177 
178  printf("uint32_t %s[4][0x100] =\n{\n ", name);
179 
180  for (k = 0; k<4; k++)
181  {
182  printf("{ ");
183  for (i = 0; i<0x100; i+= WORD_COLUMNS)
184  {
185  printf("\n ");
186  for (j = 0; j<WORD_COLUMNS; j++)
187  printf(WORD_FORMAT ",", table[k][i + j]);
188  }
189  printf("\n },");
190  }
191  printf("\n};\n\n");
192 }
193 
194 static void
195 display_polynomial(const unsigned *p)
196 {
197  printf("(%x x^3 + %x x^2 + %x x + %x)",
198  p[3], p[2], p[1], p[0]);
199 }
200 
201 int
202 main(int argc, char **argv)
203 {
204  compute_log();
205  if (argc == 1)
206  {
207  display_byte_table("gf2_log", gf2_log);
208  display_byte_table("gf2_exp", gf2_exp);
209 
210  compute_sbox();
211  display_byte_table("sbox", sbox);
212  display_byte_table("isbox", isbox);
213 
214  compute_dtable();
215  display_table("dtable", dtable);
216 
217  compute_itable();
218  display_table("itable", itable);
219 
220  compute_mtable();
221  display_table("mtable", mtable);
222 
223  return 0;
224  }
225  else if (argc == 2)
226  {
227  unsigned a;
228  for (a = 1; a<0x100; a++)
229  {
230  unsigned a1 = invert(a);
231  unsigned b;
232  unsigned u;
233  if (a1 == 0)
234  printf("invert(%x) = 0 !\n", a);
235 
236  u = mult(a, a1);
237  if (u != 1)
238  printf("invert(%x) = %x; product = %x\n",
239  a, a1, u);
240 
241  for (b = 1; b<0x100; b++)
242  {
243  unsigned b1 = invert(b);
244  unsigned c = mult(a, b);
245 
246  if (c == 0)
247  printf("%x x %x = 0\n", a, b);
248 
249  u = mult(c, a1);
250  if (u != b)
251  printf("%x x %x = %x, invert(%x) = %x, %x x %x = %x\n",
252  a, b, c, a, a1, c, a1, u);
253 
254  u = mult(c, b1);
255  if (u != a)
256  printf("%x x %x = %x, invert(%x) = %x, %x x %x = %x\n",
257  a, b, c, b, b1, c, b1, u);
258  }
259  }
260  return 0;
261  }
262  else if (argc == 4)
263  {
264  unsigned a, b, c;
265  int op = argv[2][0];
266  a = strtoul(argv[1], NULL, 16);
267  b = strtoul(argv[3], NULL, 16);
268  switch (op)
269  {
270  case '+':
271  c = a ^ b;
272  break;
273  case '*':
274  case 'x':
275  c = mult(a,b);
276  break;
277  case '/':
278  c = mult(a, invert(b));
279  break;
280  default:
281  return 1;
282  }
283  printf("%x %c %x = %x\n", a, op, b, c);
284  return 0;
285  }
286 #if 0
287  else if (argc == 5)
288  {
289  /* Compute gcd(a, x^4+1) */
290  unsigned d[4];
291  unsigned u[4];
292 
293  for (i = 0; i<4; i++)
294  a[i] = strtoul(argv[1+i], NULL, 16);
295  }
296 #endif
297  else if (argc == 9)
298  {
299  unsigned a[4];
300  unsigned b[4];
301  unsigned c[4];
302  unsigned i;
303  for (i = 0; i<4; i++)
304  {
305  a[i] = strtoul(argv[1+i], NULL, 16);
306  b[i] = strtoul(argv[5+i], NULL, 16);
307  }
308 
309  c[0] = mult(a[0],b[0])^mult(a[3],b[1])^mult(a[2],b[2])^mult(a[1],b[3]);
310  c[1] = mult(a[1],b[0])^mult(a[0],b[1])^mult(a[3],b[2])^mult(a[2],b[3]);
311  c[2] = mult(a[2],b[0])^mult(a[1],b[1])^mult(a[0],b[2])^mult(a[3],b[3]);
312  c[3] = mult(a[3],b[0])^mult(a[2],b[1])^mult(a[1],b[2])^mult(a[0],b[3]);
313 
314  display_polynomial(a); printf(" * "); display_polynomial(b);
315  printf(" = "); display_polynomial(c); printf("\n");
316  }
317  return 1;
318 }
WORD_FORMAT
#define WORD_FORMAT
Definition: aesdata.c:17
invert
static unsigned invert(unsigned x)
Definition: aesdata.c:73
WORD_COLUMNS
#define WORD_COLUMNS
Definition: aesdata.c:18
compute_itable
static void compute_itable(void)
Definition: aesdata.c:121
gf2_exp
unsigned char gf2_exp[0x100]
Definition: aesdata.c:24
affine
static unsigned affine(unsigned x)
Definition: aesdata.c:79
main
int main(int argc, char **argv)
Definition: aesdata.c:202
gf2_log
unsigned char gf2_log[0x100]
Definition: aesdata.c:23
BYTE_COLUMNS
#define BYTE_COLUMNS
Definition: aesdata.c:11
itable
unsigned long itable[4][0x100]
Definition: aesdata.c:27
display_polynomial
static void display_polynomial(const unsigned *p)
Definition: aesdata.c:195
mult
static unsigned mult(unsigned a, unsigned b)
Definition: aesdata.c:67
BYTE_FORMAT
#define BYTE_FORMAT
Definition: aesdata.c:10
compute_log
static void compute_log(void)
Definition: aesdata.c:47
dtable
unsigned long dtable[4][0x100]
Definition: aesdata.c:26
compute_sbox
static void compute_sbox(void)
Definition: aesdata.c:86
compute_dtable
static void compute_dtable(void)
Definition: aesdata.c:102
xtime
static unsigned xtime(unsigned x)
Definition: aesdata.c:31
isbox
unsigned char isbox[0x100]
Definition: aesdata.c:21
compute_mtable
static void compute_mtable(void)
Definition: aesdata.c:140
mtable
unsigned long mtable[4][0x100]
Definition: aesdata.c:28
display_table
static void display_table(const char *name, unsigned long table[][0x100])
Definition: aesdata.c:174
display_byte_table
static void display_byte_table(const char *name, unsigned char *table)
Definition: aesdata.c:157
i
lzma_index ** i
Definition: index.h:629
NULL
#define NULL
Definition: cris-opc.c:27
printf
_Use_decl_annotations_ int __cdecl printf(const char *const _Format,...)
Definition: cs_driver.c:93
k
const char * k
Definition: dsignal.c:11
memset
return memset(p, 0, total)
p
void * p
Definition: libc.cpp:67
argv
static static fork const void static count static fd const char const char static newpath char char argv
Definition: sflib.h:40
assert
assert(limit<=UINT32_MAX/2)
x
int x
Definition: mipsasm.c:20
s
static RzSocket * s
Definition: rtr.c:28
d
#define d(i)
Definition: sha256.c:44
b
#define b(i)
Definition: sha256.c:42
c
#define c(i)
Definition: sha256.c:43
a
#define a(i)
Definition: sha256.c:41
name
Definition: z80asm.h:102
op
Definition: dis.c:32