1 /*
2 * Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.
3 * All rights reserved.
4 *
5 * LICENSE TERMS
6 *
7 * The free distribution and use of this software in both source and binary
8 * form is allowed (with or without changes) provided that:
9 *
10 * 1. distributions of this source code include the above copyright
11 * notice, this list of conditions and the following disclaimer;
12 *
13 * 2. distributions in binary form include the above copyright
14 * notice, this list of conditions and the following disclaimer
15 * in the documentation and/or other associated materials;
16 *
17 * 3. the copyright holder's name is not used to endorse products
18 * built using this software without specific written permission.
19 *
20 * DISCLAIMER
21 *
22 * This software is provided 'as is' with no explcit or implied warranties
23 * in respect of any properties, including, but not limited to, correctness
24 * and fitness for purpose.
25 */
26
27 /* Issue Date: 07/02/2002 */
28
29 #include "aesopt.h"
30
31 #if defined(FIXED_TABLES) || !defined(FF_TABLES)
32
33 /* finite field arithmetic operations */
34
35 #define f2(x) ((x<<1) ^ (((x>>7) & 1) * WPOLY))
36 #define f4(x) ((x<<2) ^ (((x>>6) & 1) * WPOLY) ^ (((x>>6) & 2) * WPOLY))
37 #define f8(x) ((x<<3) ^ (((x>>5) & 1) * WPOLY) ^ (((x>>5) & 2) * WPOLY) \
38 ^ (((x>>5) & 4) * WPOLY))
39 #define f3(x) (f2(x) ^ x)
40 #define f9(x) (f8(x) ^ x)
41 #define fb(x) (f8(x) ^ f2(x) ^ x)
42 #define fd(x) (f8(x) ^ f4(x) ^ x)
43 #define fe(x) (f8(x) ^ f4(x) ^ f2(x))
44
45 #endif
46
47 #if defined(FIXED_TABLES)
48
49 #define sb_data(w) \
50 w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\
51 w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\
52 w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\
53 w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\
54 w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\
55 w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\
56 w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\
57 w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\
58 w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\
59 w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\
60 w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\
61 w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\
62 w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\
63 w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\
64 w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\
65 w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\
66 w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\
67 w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\
68 w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\
69 w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\
70 w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\
71 w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\
72 w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\
73 w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\
74 w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\
75 w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\
76 w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\
77 w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\
78 w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\
79 w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\
80 w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\
81 w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16)
82
83 #define isb_data(w) \
84 w(0x52), w(0x09), w(0x6a), w(0xd5), w(0x30), w(0x36), w(0xa5), w(0x38),\
85 w(0xbf), w(0x40), w(0xa3), w(0x9e), w(0x81), w(0xf3), w(0xd7), w(0xfb),\
86 w(0x7c), w(0xe3), w(0x39), w(0x82), w(0x9b), w(0x2f), w(0xff), w(0x87),\
87 w(0x34), w(0x8e), w(0x43), w(0x44), w(0xc4), w(0xde), w(0xe9), w(0xcb),\
88 w(0x54), w(0x7b), w(0x94), w(0x32), w(0xa6), w(0xc2), w(0x23), w(0x3d),\
89 w(0xee), w(0x4c), w(0x95), w(0x0b), w(0x42), w(0xfa), w(0xc3), w(0x4e),\
90 w(0x08), w(0x2e), w(0xa1), w(0x66), w(0x28), w(0xd9), w(0x24), w(0xb2),\
91 w(0x76), w(0x5b), w(0xa2), w(0x49), w(0x6d), w(0x8b), w(0xd1), w(0x25),\
92 w(0x72), w(0xf8), w(0xf6), w(0x64), w(0x86), w(0x68), w(0x98), w(0x16),\
93 w(0xd4), w(0xa4), w(0x5c), w(0xcc), w(0x5d), w(0x65), w(0xb6), w(0x92),\
94 w(0x6c), w(0x70), w(0x48), w(0x50), w(0xfd), w(0xed), w(0xb9), w(0xda),\
95 w(0x5e), w(0x15), w(0x46), w(0x57), w(0xa7), w(0x8d), w(0x9d), w(0x84),\
96 w(0x90), w(0xd8), w(0xab), w(0x00), w(0x8c), w(0xbc), w(0xd3), w(0x0a),\
97 w(0xf7), w(0xe4), w(0x58), w(0x05), w(0xb8), w(0xb3), w(0x45), w(0x06),\
98 w(0xd0), w(0x2c), w(0x1e), w(0x8f), w(0xca), w(0x3f), w(0x0f), w(0x02),\
99 w(0xc1), w(0xaf), w(0xbd), w(0x03), w(0x01), w(0x13), w(0x8a), w(0x6b),\
100 w(0x3a), w(0x91), w(0x11), w(0x41), w(0x4f), w(0x67), w(0xdc), w(0xea),\
101 w(0x97), w(0xf2), w(0xcf), w(0xce), w(0xf0), w(0xb4), w(0xe6), w(0x73),\
102 w(0x96), w(0xac), w(0x74), w(0x22), w(0xe7), w(0xad), w(0x35), w(0x85),\
103 w(0xe2), w(0xf9), w(0x37), w(0xe8), w(0x1c), w(0x75), w(0xdf), w(0x6e),\
104 w(0x47), w(0xf1), w(0x1a), w(0x71), w(0x1d), w(0x29), w(0xc5), w(0x89),\
105 w(0x6f), w(0xb7), w(0x62), w(0x0e), w(0xaa), w(0x18), w(0xbe), w(0x1b),\
106 w(0xfc), w(0x56), w(0x3e), w(0x4b), w(0xc6), w(0xd2), w(0x79), w(0x20),\
107 w(0x9a), w(0xdb), w(0xc0), w(0xfe), w(0x78), w(0xcd), w(0x5a), w(0xf4),\
108 w(0x1f), w(0xdd), w(0xa8), w(0x33), w(0x88), w(0x07), w(0xc7), w(0x31),\
109 w(0xb1), w(0x12), w(0x10), w(0x59), w(0x27), w(0x80), w(0xec), w(0x5f),\
110 w(0x60), w(0x51), w(0x7f), w(0xa9), w(0x19), w(0xb5), w(0x4a), w(0x0d),\
111 w(0x2d), w(0xe5), w(0x7a), w(0x9f), w(0x93), w(0xc9), w(0x9c), w(0xef),\
112 w(0xa0), w(0xe0), w(0x3b), w(0x4d), w(0xae), w(0x2a), w(0xf5), w(0xb0),\
113 w(0xc8), w(0xeb), w(0xbb), w(0x3c), w(0x83), w(0x53), w(0x99), w(0x61),\
114 w(0x17), w(0x2b), w(0x04), w(0x7e), w(0xba), w(0x77), w(0xd6), w(0x26),\
115 w(0xe1), w(0x69), w(0x14), w(0x63), w(0x55), w(0x21), w(0x0c), w(0x7d),
116
117 #define mm_data(w) \
118 w(0x00), w(0x01), w(0x02), w(0x03), w(0x04), w(0x05), w(0x06), w(0x07),\
119 w(0x08), w(0x09), w(0x0a), w(0x0b), w(0x0c), w(0x0d), w(0x0e), w(0x0f),\
120 w(0x10), w(0x11), w(0x12), w(0x13), w(0x14), w(0x15), w(0x16), w(0x17),\
121 w(0x18), w(0x19), w(0x1a), w(0x1b), w(0x1c), w(0x1d), w(0x1e), w(0x1f),\
122 w(0x20), w(0x21), w(0x22), w(0x23), w(0x24), w(0x25), w(0x26), w(0x27),\
123 w(0x28), w(0x29), w(0x2a), w(0x2b), w(0x2c), w(0x2d), w(0x2e), w(0x2f),\
124 w(0x30), w(0x31), w(0x32), w(0x33), w(0x34), w(0x35), w(0x36), w(0x37),\
125 w(0x38), w(0x39), w(0x3a), w(0x3b), w(0x3c), w(0x3d), w(0x3e), w(0x3f),\
126 w(0x40), w(0x41), w(0x42), w(0x43), w(0x44), w(0x45), w(0x46), w(0x47),\
127 w(0x48), w(0x49), w(0x4a), w(0x4b), w(0x4c), w(0x4d), w(0x4e), w(0x4f),\
128 w(0x50), w(0x51), w(0x52), w(0x53), w(0x54), w(0x55), w(0x56), w(0x57),\
129 w(0x58), w(0x59), w(0x5a), w(0x5b), w(0x5c), w(0x5d), w(0x5e), w(0x5f),\
130 w(0x60), w(0x61), w(0x62), w(0x63), w(0x64), w(0x65), w(0x66), w(0x67),\
131 w(0x68), w(0x69), w(0x6a), w(0x6b), w(0x6c), w(0x6d), w(0x6e), w(0x6f),\
132 w(0x70), w(0x71), w(0x72), w(0x73), w(0x74), w(0x75), w(0x76), w(0x77),\
133 w(0x78), w(0x79), w(0x7a), w(0x7b), w(0x7c), w(0x7d), w(0x7e), w(0x7f),\
134 w(0x80), w(0x81), w(0x82), w(0x83), w(0x84), w(0x85), w(0x86), w(0x87),\
135 w(0x88), w(0x89), w(0x8a), w(0x8b), w(0x8c), w(0x8d), w(0x8e), w(0x8f),\
136 w(0x90), w(0x91), w(0x92), w(0x93), w(0x94), w(0x95), w(0x96), w(0x97),\
137 w(0x98), w(0x99), w(0x9a), w(0x9b), w(0x9c), w(0x9d), w(0x9e), w(0x9f),\
138 w(0xa0), w(0xa1), w(0xa2), w(0xa3), w(0xa4), w(0xa5), w(0xa6), w(0xa7),\
139 w(0xa8), w(0xa9), w(0xaa), w(0xab), w(0xac), w(0xad), w(0xae), w(0xaf),\
140 w(0xb0), w(0xb1), w(0xb2), w(0xb3), w(0xb4), w(0xb5), w(0xb6), w(0xb7),\
141 w(0xb8), w(0xb9), w(0xba), w(0xbb), w(0xbc), w(0xbd), w(0xbe), w(0xbf),\
142 w(0xc0), w(0xc1), w(0xc2), w(0xc3), w(0xc4), w(0xc5), w(0xc6), w(0xc7),\
143 w(0xc8), w(0xc9), w(0xca), w(0xcb), w(0xcc), w(0xcd), w(0xce), w(0xcf),\
144 w(0xd0), w(0xd1), w(0xd2), w(0xd3), w(0xd4), w(0xd5), w(0xd6), w(0xd7),\
145 w(0xd8), w(0xd9), w(0xda), w(0xdb), w(0xdc), w(0xdd), w(0xde), w(0xdf),\
146 w(0xe0), w(0xe1), w(0xe2), w(0xe3), w(0xe4), w(0xe5), w(0xe6), w(0xe7),\
147 w(0xe8), w(0xe9), w(0xea), w(0xeb), w(0xec), w(0xed), w(0xee), w(0xef),\
148 w(0xf0), w(0xf1), w(0xf2), w(0xf3), w(0xf4), w(0xf5), w(0xf6), w(0xf7),\
149 w(0xf8), w(0xf9), w(0xfa), w(0xfb), w(0xfc), w(0xfd), w(0xfe), w(0xff)
150
151 #define h0(x) (x)
152
153 /* These defines are used to ensure tables are generated in the
154 right format depending on the internal byte order required
155 */
156
157 #define w0(p) bytes2word(p, 0, 0, 0)
158 #define w1(p) bytes2word(0, p, 0, 0)
159 #define w2(p) bytes2word(0, 0, p, 0)
160 #define w3(p) bytes2word(0, 0, 0, p)
161
162 /* Number of elements required in this table for different
163 block and key lengths is:
164
165 Rcon Table key length (bytes)
166 Length 16 20 24 28 32
167 ---------------------
168 block 16 | 10 9 8 7 7
169 length 20 | 14 11 10 9 9
170 (bytes) 24 | 19 15 12 11 11
171 28 | 24 19 16 13 13
172 32 | 29 23 19 17 14
173
174 this table can be a table of bytes if the key schedule
175 code is adjusted accordingly
176 */
177
178 #define u0(p) bytes2word(f2(p), p, p, f3(p))
179 #define u1(p) bytes2word(f3(p), f2(p), p, p)
180 #define u2(p) bytes2word(p, f3(p), f2(p), p)
181 #define u3(p) bytes2word(p, p, f3(p), f2(p))
182
183 #define v0(p) bytes2word(fe(p), f9(p), fd(p), fb(p))
184 #define v1(p) bytes2word(fb(p), fe(p), f9(p), fd(p))
185 #define v2(p) bytes2word(fd(p), fb(p), fe(p), f9(p))
186 #define v3(p) bytes2word(f9(p), fd(p), fb(p), fe(p))
187
188 const uint32_t rcon_tab[29] =
189 {
190 w0(0x01), w0(0x02), w0(0x04), w0(0x08),
191 w0(0x10), w0(0x20), w0(0x40), w0(0x80),
192 w0(0x1b), w0(0x36), w0(0x6c), w0(0xd8),
193 w0(0xab), w0(0x4d), w0(0x9a), w0(0x2f),
194 w0(0x5e), w0(0xbc), w0(0x63), w0(0xc6),
195 w0(0x97), w0(0x35), w0(0x6a), w0(0xd4),
196 w0(0xb3), w0(0x7d), w0(0xfa), w0(0xef),
197 w0(0xc5)
198 };
199
200 #ifdef SBX_SET
201 const uint8_t s_box[256] = { sb_data(h0) };
202 #endif
203 #ifdef ISB_SET
204 const uint8_t inv_s_box[256] = { isb_data(h0) };
205 #endif
206
207 #ifdef FT1_SET
208 const uint32_t ft_tab[256] = { sb_data(u0) };
209 #endif
210 #ifdef FT4_SET
211 const uint32_t ft_tab[4][256] =
212 { { sb_data(u0) }, { sb_data(u1) }, { sb_data(u2) }, { sb_data(u3) } };
213 #endif
214
215 #ifdef FL1_SET
216 const uint32_t fl_tab[256] = { sb_data(w0) };
217 #endif
218 #ifdef FL4_SET
219 const uint32_t fl_tab[4][256] =
220 { { sb_data(w0) }, { sb_data(w1) }, { sb_data(w2) }, { sb_data(w3) } };
221 #endif
222
223 #ifdef IT1_SET
224 const uint32_t it_tab[256] = { isb_data(v0) };
225 #endif
226 #ifdef IT4_SET
227 const uint32_t it_tab[4][256] =
228 { { isb_data(v0) }, { isb_data(v1) }, { isb_data(v2) }, { isb_data(v3) } };
229 #endif
230
231 #ifdef IL1_SET
232 const uint32_t il_tab[256] = { isb_data(w0) };
233 #endif
234 #ifdef IL4_SET
235 const uint32_t il_tab[4][256] =
236 { { isb_data(w0) }, { isb_data(w1) }, { isb_data(w2) }, { isb_data(w3) } };
237 #endif
238
239 #ifdef LS1_SET
240 const uint32_t ls_tab[256] = { sb_data(w0) };
241 #endif
242 #ifdef LS4_SET
243 const uint32_t ls_tab[4][256] =
244 { { sb_data(w0) }, { sb_data(w1) }, { sb_data(w2) }, { sb_data(w3) } };
245 #endif
246
247 #ifdef IM1_SET
248 const uint32_t im_tab[256] = { mm_data(v0) };
249 #endif
250 #ifdef IM4_SET
251 const uint32_t im_tab[4][256] =
252 { { mm_data(v0) }, { mm_data(v1) }, { mm_data(v2) }, { mm_data(v3) } };
253 #endif
254
255 #else /* dynamic table generation */
256
257 uint8_t tab_init = 0;
258
259 #define const
260
261 uint32_t rcon_tab[RC_LENGTH];
262
263 #ifdef SBX_SET
264 uint8_t s_box[256];
265 #endif
266 #ifdef ISB_SET
267 uint8_t inv_s_box[256];
268 #endif
269
270 #ifdef FT1_SET
271 uint32_t ft_tab[256];
272 #endif
273 #ifdef FT4_SET
274 uint32_t ft_tab[4][256];
275 #endif
276
277 #ifdef FL1_SET
278 uint32_t fl_tab[256];
279 #endif
280 #ifdef FL4_SET
281 uint32_t fl_tab[4][256];
282 #endif
283
284 #ifdef IT1_SET
285 uint32_t it_tab[256];
286 #endif
287 #ifdef IT4_SET
288 uint32_t it_tab[4][256];
289 #endif
290
291 #ifdef IL1_SET
292 uint32_t il_tab[256];
293 #endif
294 #ifdef IL4_SET
295 uint32_t il_tab[4][256];
296 #endif
297
298 #ifdef LS1_SET
299 uint32_t ls_tab[256];
300 #endif
301 #ifdef LS4_SET
302 uint32_t ls_tab[4][256];
303 #endif
304
305 #ifdef IM1_SET
306 uint32_t im_tab[256];
307 #endif
308 #ifdef IM4_SET
309 uint32_t im_tab[4][256];
310 #endif
311
312 #if !defined(FF_TABLES)
313
314 /* Generate the tables for the dynamic table option
315
316 It will generally be sensible to use tables to compute finite
317 field multiplies and inverses but where memory is scarse this
318 code might sometimes be better. But it only has effect during
319 initialisation so its pretty unimportant in overall terms.
320 */
321
322 /* return 2 ^ (n - 1) where n is the bit number of the highest bit
323 set in x with x in the range 1 < x < 0x00000200. This form is
324 used so that locals within fi can be bytes rather than words
325 */
326
hibit(const uint32_t x)327 static uint8_t hibit(const uint32_t x)
328 { uint8_t r = (uint8_t)((x >> 1) | (x >> 2));
329
330 r |= (r >> 2);
331 r |= (r >> 4);
332 return (r + 1) >> 1;
333 }
334
335 /* return the inverse of the finite field element x */
336
fi(const uint8_t x)337 static uint8_t fi(const uint8_t x)
338 { uint8_t p1 = x, p2 = BPOLY, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0;
339
340 if(x < 2) return x;
341
342 for(;;)
343 {
344 if(!n1) return v1;
345
346 while(n2 >= n1)
347 {
348 n2 /= n1; p2 ^= p1 * n2; v2 ^= v1 * n2; n2 = hibit(p2);
349 }
350
351 if(!n2) return v2;
352
353 while(n1 >= n2)
354 {
355 n1 /= n2; p1 ^= p2 * n1; v1 ^= v2 * n1; n1 = hibit(p1);
356 }
357 }
358 }
359
360 #else
361
362 /* define the finite field multiplies required for Rijndael */
363
364 #define f2(x) ((x) ? pow[log[x] + 0x19] : 0)
365 #define f3(x) ((x) ? pow[log[x] + 0x01] : 0)
366 #define f9(x) ((x) ? pow[log[x] + 0xc7] : 0)
367 #define fb(x) ((x) ? pow[log[x] + 0x68] : 0)
368 #define fd(x) ((x) ? pow[log[x] + 0xee] : 0)
369 #define fe(x) ((x) ? pow[log[x] + 0xdf] : 0)
370 #define fi(x) ((x) ? pow[255 - log[x]]: 0)
371
372 #endif
373
374 /* The forward and inverse affine transformations used in the S-box */
375
376 #define fwd_affine(x) \
377 (w = (uint32_t)x, w ^= (w<<1)^(w<<2)^(w<<3)^(w<<4), 0x63^(uint8_t)(w^(w>>8)))
378
379 #define inv_affine(x) \
380 (w = (uint32_t)x, w = (w<<1)^(w<<3)^(w<<6), 0x05^(uint8_t)(w^(w>>8)))
381
gen_tabs(void)382 void gen_tabs(void)
383 { uint32_t i, w;
384
385 #if defined(FF_TABLES)
386
387 uint8_t pow[512], log[256];
388
389 /* log and power tables for GF(2^8) finite field with
390 WPOLY as modular polynomial - the simplest primitive
391 root is 0x03, used here to generate the tables
392 */
393
394 i = 0; w = 1;
395 do
396 {
397 pow[i] = (uint8_t)w;
398 pow[i + 255] = (uint8_t)w;
399 log[w] = (uint8_t)i++;
400 w ^= (w << 1) ^ (w & 0x80 ? WPOLY : 0);
401 }
402 while (w != 1);
403
404 #endif
405
406 for(i = 0, w = 1; i < RC_LENGTH; ++i)
407 {
408 rcon_tab[i] = bytes2word(w, 0, 0, 0);
409 w = f2(w);
410 }
411
412 for(i = 0; i < 256; ++i)
413 { uint8_t b;
414
415 b = fwd_affine(fi((uint8_t)i));
416 w = bytes2word(f2(b), b, b, f3(b));
417
418 #ifdef SBX_SET
419 s_box[i] = b;
420 #endif
421
422 #ifdef FT1_SET /* tables for a normal encryption round */
423 ft_tab[i] = w;
424 #endif
425 #ifdef FT4_SET
426 ft_tab[0][i] = w;
427 ft_tab[1][i] = upr(w,1);
428 ft_tab[2][i] = upr(w,2);
429 ft_tab[3][i] = upr(w,3);
430 #endif
431 w = bytes2word(b, 0, 0, 0);
432
433 #ifdef FL1_SET /* tables for last encryption round (may also */
434 fl_tab[i] = w; /* be used in the key schedule) */
435 #endif
436 #ifdef FL4_SET
437 fl_tab[0][i] = w;
438 fl_tab[1][i] = upr(w,1);
439 fl_tab[2][i] = upr(w,2);
440 fl_tab[3][i] = upr(w,3);
441 #endif
442
443 #ifdef LS1_SET /* table for key schedule if fl_tab above is */
444 ls_tab[i] = w; /* not of the required form */
445 #endif
446 #ifdef LS4_SET
447 ls_tab[0][i] = w;
448 ls_tab[1][i] = upr(w,1);
449 ls_tab[2][i] = upr(w,2);
450 ls_tab[3][i] = upr(w,3);
451 #endif
452
453 b = fi(inv_affine((uint8_t)i));
454 w = bytes2word(fe(b), f9(b), fd(b), fb(b));
455
456 #ifdef IM1_SET /* tables for the inverse mix column operation */
457 im_tab[b] = w;
458 #endif
459 #ifdef IM4_SET
460 im_tab[0][b] = w;
461 im_tab[1][b] = upr(w,1);
462 im_tab[2][b] = upr(w,2);
463 im_tab[3][b] = upr(w,3);
464 #endif
465
466 #ifdef ISB_SET
467 inv_s_box[i] = b;
468 #endif
469 #ifdef IT1_SET /* tables for a normal decryption round */
470 it_tab[i] = w;
471 #endif
472 #ifdef IT4_SET
473 it_tab[0][i] = w;
474 it_tab[1][i] = upr(w,1);
475 it_tab[2][i] = upr(w,2);
476 it_tab[3][i] = upr(w,3);
477 #endif
478 w = bytes2word(b, 0, 0, 0);
479 #ifdef IL1_SET /* tables for last decryption round */
480 il_tab[i] = w;
481 #endif
482 #ifdef IL4_SET
483 il_tab[0][i] = w;
484 il_tab[1][i] = upr(w,1);
485 il_tab[2][i] = upr(w,2);
486 il_tab[3][i] = upr(w,3);
487 #endif
488 }
489
490 tab_init = 1;
491 }
492
493 #endif
494