On 6/29/23 12:21, Ard Biesheuvel wrote:
+/* AES ShiftRows, for complete unrolling. */
+enum {
+ AES_SH_0 = 0x0,
+ AES_SH_1 = 0x5,
+ AES_SH_2 = 0xa,
+ AES_SH_3 = 0xf,
+ AES_SH_4 = 0x4,
+ AES_SH_5 = 0x9,
+ AES_SH_6 = 0xe,
+ AES_SH_7 = 0x3,
+ AES_SH_8 = 0x8,
+ AES_SH_9 = 0xd,
+ AES_SH_A = 0x2,
+ AES_SH_B = 0x7,
+ AES_SH_C = 0xc,
+ AES_SH_D = 0x1,
+ AES_SH_E = 0x6,
+ AES_SH_F = 0xb,
+};
+
We might simplify this further by doing
#define AES_SH(n) (((n) * 5) % 16)
#define AES_ISH(n) (((n) * 13) % 16)
Thanks. I should have noticed, but
s'_{r,c} = s_{r,(c+r)%4}
didn't make an impression and I assumed the table was non-regular.
r~
