viff

changeset 1104:f12590662f93

Initialize constants in dedicated function. This works around a false positive reported by pyflakes. It became confused since the alog, log, and mul variables were explicitly deleted from the global scope when they were no longer needed. We now define there variables as local variables in the initialize function.
author Martin Geisler <mg@daimi.au.dk>
date Fri, 20 Feb 2009 09:58:24 +0100
parents 24ba1dae612d
children 1d5f01ddd720
files viff/test/rijndael.py
diffstat 1 files changed, 131 insertions(+), 141 deletions(-) [+]
line diff
     1.1 --- a/viff/test/rijndael.py	Thu Feb 19 16:16:46 2009 +0100
     1.2 +++ b/viff/test/rijndael.py	Fri Feb 20 09:58:24 2009 +0100
     1.3 @@ -36,109 +36,6 @@
     1.4  # [keysize][block_size]
     1.5  num_rounds = {16: {16: 10, 24: 12, 32: 14}, 24: {16: 12, 24: 12, 32: 14}, 32: {16: 14, 24: 14, 32: 14}}
     1.6  
     1.7 -A = [[1, 1, 1, 1, 1, 0, 0, 0],
     1.8 -     [0, 1, 1, 1, 1, 1, 0, 0],
     1.9 -     [0, 0, 1, 1, 1, 1, 1, 0],
    1.10 -     [0, 0, 0, 1, 1, 1, 1, 1],
    1.11 -     [1, 0, 0, 0, 1, 1, 1, 1],
    1.12 -     [1, 1, 0, 0, 0, 1, 1, 1],
    1.13 -     [1, 1, 1, 0, 0, 0, 1, 1],
    1.14 -     [1, 1, 1, 1, 0, 0, 0, 1]]
    1.15 -
    1.16 -# produce log and alog tables, needed for multiplying in the
    1.17 -# field GF(2^m) (generator = 3)
    1.18 -alog = [1]
    1.19 -for i in xrange(255):
    1.20 -    j = (alog[-1] << 1) ^ alog[-1]
    1.21 -    if j & 0x100 != 0:
    1.22 -        j ^= 0x11B
    1.23 -    alog.append(j)
    1.24 -
    1.25 -log = [0] * 256
    1.26 -for i in xrange(1, 255):
    1.27 -    log[alog[i]] = i
    1.28 -
    1.29 -# multiply two elements of GF(2^m)
    1.30 -def mul(a, b):
    1.31 -    if a == 0 or b == 0:
    1.32 -        return 0
    1.33 -    return alog[(log[a & 0xFF] + log[b & 0xFF]) % 255]
    1.34 -
    1.35 -# substitution box based on F^{-1}(x)
    1.36 -box = [[0] * 8 for i in xrange(256)]
    1.37 -box[1][7] = 1
    1.38 -for i in xrange(2, 256):
    1.39 -    j = alog[255 - log[i]]
    1.40 -    for t in xrange(8):
    1.41 -        box[i][t] = (j >> (7 - t)) & 0x01
    1.42 -
    1.43 -B = [0, 1, 1, 0, 0, 0, 1, 1]
    1.44 -
    1.45 -# affine transform:  box[i] <- B + A*box[i]
    1.46 -cox = [[0] * 8 for i in xrange(256)]
    1.47 -for i in xrange(256):
    1.48 -    for t in xrange(8):
    1.49 -        cox[i][t] = B[t]
    1.50 -        for j in xrange(8):
    1.51 -            cox[i][t] ^= A[t][j] * box[i][j]
    1.52 -
    1.53 -# S-boxes and inverse S-boxes
    1.54 -S =  [0] * 256
    1.55 -Si = [0] * 256
    1.56 -for i in xrange(256):
    1.57 -    S[i] = cox[i][0] << 7
    1.58 -    for t in xrange(1, 8):
    1.59 -        S[i] ^= cox[i][t] << (7-t)
    1.60 -    Si[S[i] & 0xFF] = i
    1.61 -
    1.62 -# T-boxes
    1.63 -G = [[2, 1, 1, 3],
    1.64 -    [3, 2, 1, 1],
    1.65 -    [1, 3, 2, 1],
    1.66 -    [1, 1, 3, 2]]
    1.67 -
    1.68 -AA = [[0] * 8 for i in xrange(4)]
    1.69 -
    1.70 -for i in xrange(4):
    1.71 -    for j in xrange(4):
    1.72 -        AA[i][j] = G[i][j]
    1.73 -        AA[i][i+4] = 1
    1.74 -
    1.75 -for i in xrange(4):
    1.76 -    pivot = AA[i][i]
    1.77 -    if pivot == 0:
    1.78 -        t = i + 1
    1.79 -        while AA[t][i] == 0 and t < 4:
    1.80 -            t += 1
    1.81 -            assert t != 4, 'G matrix must be invertible'
    1.82 -            for j in xrange(8):
    1.83 -                AA[i][j], AA[t][j] = AA[t][j], AA[i][j]
    1.84 -            pivot = AA[i][i]
    1.85 -    for j in xrange(8):
    1.86 -        if AA[i][j] != 0:
    1.87 -            AA[i][j] = alog[(255 + log[AA[i][j] & 0xFF] - log[pivot & 0xFF]) % 255]
    1.88 -    for t in xrange(4):
    1.89 -        if i != t:
    1.90 -            for j in xrange(i+1, 8):
    1.91 -                AA[t][j] ^= mul(AA[i][j], AA[t][i])
    1.92 -            AA[t][i] = 0
    1.93 -
    1.94 -iG = [[0] * 4 for i in xrange(4)]
    1.95 -
    1.96 -for i in xrange(4):
    1.97 -    for j in xrange(4):
    1.98 -        iG[i][j] = AA[i][j + 4]
    1.99 -
   1.100 -def mul4(a, bs):
   1.101 -    if a == 0:
   1.102 -        return 0
   1.103 -    r = 0
   1.104 -    for b in bs:
   1.105 -        r <<= 8
   1.106 -        if b != 0:
   1.107 -            r = r | mul(a, b)
   1.108 -    return r
   1.109 -
   1.110  T1 = []
   1.111  T2 = []
   1.112  T3 = []
   1.113 @@ -152,48 +49,141 @@
   1.114  U3 = []
   1.115  U4 = []
   1.116  
   1.117 -for t in xrange(256):
   1.118 -    s = S[t]
   1.119 -    T1.append(mul4(s, G[0]))
   1.120 -    T2.append(mul4(s, G[1]))
   1.121 -    T3.append(mul4(s, G[2]))
   1.122 -    T4.append(mul4(s, G[3]))
   1.123 +S =  [0] * 256
   1.124 +Si = [0] * 256
   1.125  
   1.126 -    s = Si[t]
   1.127 -    T5.append(mul4(s, iG[0]))
   1.128 -    T6.append(mul4(s, iG[1]))
   1.129 -    T7.append(mul4(s, iG[2]))
   1.130 -    T8.append(mul4(s, iG[3]))
   1.131 +rcon = [1]
   1.132  
   1.133 -    U1.append(mul4(t, iG[0]))
   1.134 -    U2.append(mul4(t, iG[1]))
   1.135 -    U3.append(mul4(t, iG[2]))
   1.136 -    U4.append(mul4(t, iG[3]))
   1.137 +def initialize():
   1.138 +    """Called once at module import to initialize constants defined above."""
   1.139  
   1.140 -# round constants
   1.141 -rcon = [1]
   1.142 -r = 1
   1.143 -for t in xrange(1, 30):
   1.144 -    r = mul(2, r)
   1.145 -    rcon.append(r)
   1.146 +    A = [[1, 1, 1, 1, 1, 0, 0, 0],
   1.147 +         [0, 1, 1, 1, 1, 1, 0, 0],
   1.148 +         [0, 0, 1, 1, 1, 1, 1, 0],
   1.149 +         [0, 0, 0, 1, 1, 1, 1, 1],
   1.150 +         [1, 0, 0, 0, 1, 1, 1, 1],
   1.151 +         [1, 1, 0, 0, 0, 1, 1, 1],
   1.152 +         [1, 1, 1, 0, 0, 0, 1, 1],
   1.153 +         [1, 1, 1, 1, 0, 0, 0, 1]]
   1.154  
   1.155 -del A
   1.156 -del AA
   1.157 -del pivot
   1.158 -del B
   1.159 -del G
   1.160 -del box
   1.161 -del log
   1.162 -del alog
   1.163 -del i
   1.164 -del j
   1.165 -del r
   1.166 -del s
   1.167 -del t
   1.168 -del mul
   1.169 -del mul4
   1.170 -del cox
   1.171 -del iG
   1.172 +    # produce log and alog tables, needed for multiplying in the
   1.173 +    # field GF(2^m) (generator = 3)
   1.174 +    alog = [1]
   1.175 +    for i in xrange(255):
   1.176 +        j = (alog[-1] << 1) ^ alog[-1]
   1.177 +        if j & 0x100 != 0:
   1.178 +            j ^= 0x11B
   1.179 +        alog.append(j)
   1.180 +
   1.181 +    log = [0] * 256
   1.182 +    for i in xrange(1, 255):
   1.183 +        log[alog[i]] = i
   1.184 +
   1.185 +    # multiply two elements of GF(2^m)
   1.186 +    def mul(a, b):
   1.187 +        if a == 0 or b == 0:
   1.188 +            return 0
   1.189 +        return alog[(log[a & 0xFF] + log[b & 0xFF]) % 255]
   1.190 +
   1.191 +    # substitution box based on F^{-1}(x)
   1.192 +    box = [[0] * 8 for i in xrange(256)]
   1.193 +    box[1][7] = 1
   1.194 +    for i in xrange(2, 256):
   1.195 +        j = alog[255 - log[i]]
   1.196 +        for t in xrange(8):
   1.197 +            box[i][t] = (j >> (7 - t)) & 0x01
   1.198 +
   1.199 +    B = [0, 1, 1, 0, 0, 0, 1, 1]
   1.200 +
   1.201 +    # affine transform:  box[i] <- B + A*box[i]
   1.202 +    cox = [[0] * 8 for i in xrange(256)]
   1.203 +    for i in xrange(256):
   1.204 +        for t in xrange(8):
   1.205 +            cox[i][t] = B[t]
   1.206 +            for j in xrange(8):
   1.207 +                cox[i][t] ^= A[t][j] * box[i][j]
   1.208 +
   1.209 +    # S-boxes and inverse S-boxes
   1.210 +    for i in xrange(256):
   1.211 +        S[i] = cox[i][0] << 7
   1.212 +        for t in xrange(1, 8):
   1.213 +            S[i] ^= cox[i][t] << (7-t)
   1.214 +        Si[S[i] & 0xFF] = i
   1.215 +
   1.216 +    # T-boxes
   1.217 +    G = [[2, 1, 1, 3],
   1.218 +        [3, 2, 1, 1],
   1.219 +        [1, 3, 2, 1],
   1.220 +        [1, 1, 3, 2]]
   1.221 +
   1.222 +    AA = [[0] * 8 for i in xrange(4)]
   1.223 +
   1.224 +    for i in xrange(4):
   1.225 +        for j in xrange(4):
   1.226 +            AA[i][j] = G[i][j]
   1.227 +            AA[i][i+4] = 1
   1.228 +
   1.229 +    for i in xrange(4):
   1.230 +        pivot = AA[i][i]
   1.231 +        if pivot == 0:
   1.232 +            t = i + 1
   1.233 +            while AA[t][i] == 0 and t < 4:
   1.234 +                t += 1
   1.235 +                assert t != 4, 'G matrix must be invertible'
   1.236 +                for j in xrange(8):
   1.237 +                    AA[i][j], AA[t][j] = AA[t][j], AA[i][j]
   1.238 +                pivot = AA[i][i]
   1.239 +        for j in xrange(8):
   1.240 +            if AA[i][j] != 0:
   1.241 +                AA[i][j] = alog[(255 + log[AA[i][j] & 0xFF] - log[pivot & 0xFF]) % 255]
   1.242 +        for t in xrange(4):
   1.243 +            if i != t:
   1.244 +                for j in xrange(i+1, 8):
   1.245 +                    AA[t][j] ^= mul(AA[i][j], AA[t][i])
   1.246 +                AA[t][i] = 0
   1.247 +
   1.248 +    iG = [[0] * 4 for i in xrange(4)]
   1.249 +
   1.250 +    for i in xrange(4):
   1.251 +        for j in xrange(4):
   1.252 +            iG[i][j] = AA[i][j + 4]
   1.253 +
   1.254 +    def mul4(a, bs):
   1.255 +        if a == 0:
   1.256 +            return 0
   1.257 +        r = 0
   1.258 +        for b in bs:
   1.259 +            r <<= 8
   1.260 +            if b != 0:
   1.261 +                r = r | mul(a, b)
   1.262 +        return r
   1.263 +
   1.264 +    for t in xrange(256):
   1.265 +        s = S[t]
   1.266 +        T1.append(mul4(s, G[0]))
   1.267 +        T2.append(mul4(s, G[1]))
   1.268 +        T3.append(mul4(s, G[2]))
   1.269 +        T4.append(mul4(s, G[3]))
   1.270 +
   1.271 +        s = Si[t]
   1.272 +        T5.append(mul4(s, iG[0]))
   1.273 +        T6.append(mul4(s, iG[1]))
   1.274 +        T7.append(mul4(s, iG[2]))
   1.275 +        T8.append(mul4(s, iG[3]))
   1.276 +
   1.277 +        U1.append(mul4(t, iG[0]))
   1.278 +        U2.append(mul4(t, iG[1]))
   1.279 +        U3.append(mul4(t, iG[2]))
   1.280 +        U4.append(mul4(t, iG[3]))
   1.281 +
   1.282 +    # round constants
   1.283 +    r = 1
   1.284 +    for t in xrange(1, 30):
   1.285 +        r = mul(2, r)
   1.286 +        rcon.append(r)
   1.287 +
   1.288 +# initialize constants
   1.289 +initialize()
   1.290  
   1.291  class rijndael:
   1.292      def __init__(self, key, block_size = 16):