On 7/27/23 00:03, Ard Biesheuvel wrote:
@@ -606,8 +606,7 @@ static const uint32_t AES_Te4[256] = {
0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
};
-
-static const uint32_t AES_Td0[256] = {
+const uint32_t AES_Td0[256] = {
Don't drop the blank line.
@@ -62,18 +39,21 @@ static inline target_ulong aes32_operation(target_ulong
shamt,
if (enc) {
so = AES_sbox[si];
if (mix) {
- mixed = aes_mixcolumn_byte(so, true);
+ mixed = AES_Te0[si];
} else {
mixed = so;
}
} else {
so = AES_isbox[si];
if (mix) {
- mixed = aes_mixcolumn_byte(so, false);
+ mixed = AES_Td0[si];
} else {
mixed = so;
}
}
+ if (!HOST_BIG_ENDIAN && mix) {
+ mixed = bswap32(mixed);
+ }
mixed = rol32(mixed, shamt);
Better as
if (enc) {
if (mix) {
mixed = be32_to_cpu(AES_Te0[si]);
} else {
mixed = AES_sbox[si];
}
} else {
...
}
mixed = rol32(mixed, shamt);
But thanks for the update -- I had ignored rv32 when doing the other AES bits.
r~
