[llvm-branch-commits] [llvm] Release/6.x (PR #68516)
via llvm-branch-commits
llvm-branch-commits at lists.llvm.org
Sun Oct 8 02:44:01 PDT 2023
https://github.com/aqnote0 created https://github.com/llvm/llvm-project/pull/68516
None
>From cd8badc51911ebdf6496f34b88903ac89f35fdb0 Mon Sep 17 00:00:00 2001
From: Peng Li <aqnote at qq.com>
Date: Thu, 16 Apr 2020 16:03:22 +0800
Subject: [PATCH 1/2] add ollvm:sub bcf fla
---
llvm/lib/Transforms/CMakeLists.txt | 1 +
llvm/lib/Transforms/IPO/LLVMBuild.txt | 2 +-
.../lib/Transforms/IPO/PassManagerBuilder.cpp | 51 +++++++++++++++++++
llvm/lib/Transforms/LLVMBuild.txt | 2 +-
4 files changed, 54 insertions(+), 2 deletions(-)
diff --git a/llvm/lib/Transforms/CMakeLists.txt b/llvm/lib/Transforms/CMakeLists.txt
index 67bdeb27212dc57..45c583a1df78340 100644
--- a/llvm/lib/Transforms/CMakeLists.txt
+++ b/llvm/lib/Transforms/CMakeLists.txt
@@ -7,3 +7,4 @@ add_subdirectory(Vectorize)
add_subdirectory(Hello)
add_subdirectory(ObjCARC)
add_subdirectory(Coroutines)
+add_subdirectory(Obfuscation)
diff --git a/llvm/lib/Transforms/IPO/LLVMBuild.txt b/llvm/lib/Transforms/IPO/LLVMBuild.txt
index a8b0f32fd785ec7..94451ebf4d1f5e0 100644
--- a/llvm/lib/Transforms/IPO/LLVMBuild.txt
+++ b/llvm/lib/Transforms/IPO/LLVMBuild.txt
@@ -20,4 +20,4 @@ type = Library
name = IPO
parent = Transforms
library_name = ipo
-required_libraries = Analysis BitReader BitWriter Core InstCombine IRReader Linker Object ProfileData Scalar Support TransformUtils Vectorize Instrumentation
+required_libraries = Analysis BitReader BitWriter Core InstCombine IRReader Linker Object ProfileData Scalar Support TransformUtils Vectorize Instrumentation Obfuscation
diff --git a/llvm/lib/Transforms/IPO/PassManagerBuilder.cpp b/llvm/lib/Transforms/IPO/PassManagerBuilder.cpp
index 3855e6245d8ebc4..a59235b957f6a92 100644
--- a/llvm/lib/Transforms/IPO/PassManagerBuilder.cpp
+++ b/llvm/lib/Transforms/IPO/PassManagerBuilder.cpp
@@ -39,6 +39,11 @@
#include "llvm/Transforms/Scalar/SimpleLoopUnswitch.h"
#include "llvm/Transforms/Vectorize.h"
+#include "llvm/Transforms/Obfuscation/BogusControlFlow.h"
+#include "llvm/Transforms/Obfuscation/Flattening.h"
+#include "llvm/Transforms/Obfuscation/Split.h"
+#include "llvm/Transforms/Obfuscation/Substitution.h"
+
using namespace llvm;
static cl::opt<bool>
@@ -144,6 +149,24 @@ static cl::opt<bool> EnableGVNSink(
"enable-gvn-sink", cl::init(false), cl::Hidden,
cl::desc("Enable the GVN sinking pass (default = off)"));
+///////////////////////////////
+// Obfuscation -- "Peng Li"<aqnote at qq.com>
+static cl::opt<bool> Flattening("fla", cl::init(false),
+ cl::desc("Enable the flattening pass"));
+
+static cl::opt<bool> BogusControlFlow("bcf", cl::init(false),
+ cl::desc("Enable bogus control flow"));
+
+static cl::opt<bool> Substitution("sub", cl::init(false),
+ cl::desc("Enable instruction substitutions"));
+
+static cl::opt<std::string> AesSeed("aesSeed", cl::init(""),
+ cl::desc("seed for the AES-CTR PRNG"));
+
+static cl::opt<bool> Split("split", cl::init(false),
+ cl::desc("Enable basic block splitting"));
+///////////////////////////////
+
PassManagerBuilder::PassManagerBuilder() {
OptLevel = 2;
SizeLevel = 0;
@@ -165,6 +188,16 @@ PassManagerBuilder::PassManagerBuilder() {
PrepareForThinLTO = EnablePrepareForThinLTO;
PerformThinLTO = false;
DivergentTarget = false;
+
+ ///////////////////////////////
+ // Obfuscation -- "Peng Li"<aqnote at qq.com>
+ // Initialization of the global cryptographically
+ // secure pseudo-random generator
+ if(!AesSeed.empty()) {
+ if(!llvm::cryptoutils->prng_seed(AesSeed.c_str()))
+ exit(1);
+ }
+ ///////////////////////////////
}
PassManagerBuilder::~PassManagerBuilder() {
@@ -398,6 +431,13 @@ void PassManagerBuilder::populateModulePassManager(
// Allow forcing function attributes as a debugging and tuning aid.
MPM.add(createForceFunctionAttrsLegacyPass());
+ ///////////////////////////////
+ // Obfuscation -- "Peng Li"<aqnote at qq.com>
+ MPM.add(createSplitBasicBlock(Split));
+ MPM.add(createBogus(BogusControlFlow));
+ MPM.add(createFlattening(Flattening));
+ ///////////////////////////////
+
// If all optimizations are disabled, just run the always-inline pass and,
// if enabled, the function merging pass.
if (OptLevel == 0) {
@@ -425,6 +465,12 @@ void PassManagerBuilder::populateModulePassManager(
MPM.add(createGlobalDCEPass());
}
+ ///////////////////////////////
+ // Obfuscation -- "Peng Li"<aqnote at qq.com>
+ MPM.add(createSubstitution(Substitution));
+ ///////////////////////////////
+
+
addExtensionsToPM(EP_EnabledOnOptLevel0, MPM);
// Rename anon globals to be able to export them in the summary.
@@ -685,6 +731,11 @@ void PassManagerBuilder::populateModulePassManager(
// Get rid of LCSSA nodes.
MPM.add(createInstructionSimplifierPass());
+ ///////////////////////////////
+ // Obfuscation -- "Peng Li"<aqnote at qq.com>
+ MPM.add(createSubstitution(Substitution));
+ ///////////////////////////////
+
// This hoists/decomposes div/rem ops. It should run after other sink/hoist
// passes to avoid re-sinking, but before SimplifyCFG because it can allow
// flattening of blocks.
diff --git a/llvm/lib/Transforms/LLVMBuild.txt b/llvm/lib/Transforms/LLVMBuild.txt
index 95482ad20225be8..cf119e5f6e02c84 100644
--- a/llvm/lib/Transforms/LLVMBuild.txt
+++ b/llvm/lib/Transforms/LLVMBuild.txt
@@ -16,7 +16,7 @@
;===------------------------------------------------------------------------===;
[common]
-subdirectories = Coroutines IPO InstCombine Instrumentation Scalar Utils Vectorize ObjCARC
+subdirectories = Coroutines IPO InstCombine Instrumentation Scalar Utils Vectorize ObjCARC Obfuscation
[component_0]
type = Group
>From 2ca6d944f9c2478487c94719a7771a513f68c3f7 Mon Sep 17 00:00:00 2001
From: Peng Li <aqnote at qq.com>
Date: Thu, 16 Apr 2020 16:03:38 +0800
Subject: [PATCH 2/2] add ollvm:sub bcf fla
---
build.sh | 19 +
checkout.sh | 5 +
.../Transforms/Obfuscation/BogusControlFlow.h | 49 +
.../llvm/Transforms/Obfuscation/CryptoUtils.h | 264 ++++
.../llvm/Transforms/Obfuscation/Flattening.h | 39 +
.../llvm/Transforms/Obfuscation/Split.h | 35 +
.../Transforms/Obfuscation/Substitution.h | 38 +
.../llvm/Transforms/Obfuscation/Utils.h | 15 +
.../Obfuscation/BogusControlFlow.cpp | 613 ++++++++++
.../lib/Transforms/Obfuscation/CMakeLists.txt | 10 +
.../Transforms/Obfuscation/CryptoUtils.cpp | 1087 +++++++++++++++++
.../lib/Transforms/Obfuscation/Flattening.cpp | 243 ++++
.../Obfuscation/LICENSE-OBFUSCATOR.TXT | 44 +
llvm/lib/Transforms/Obfuscation/LLVMBuild.txt | 23 +
llvm/lib/Transforms/Obfuscation/Makefile | 16 +
.../Obfuscation/SplitBasicBlocks.cpp | 144 +++
.../Transforms/Obfuscation/Substitution.cpp | 578 +++++++++
llvm/lib/Transforms/Obfuscation/Utils.cpp | 148 +++
18 files changed, 3370 insertions(+)
create mode 100755 build.sh
create mode 100755 checkout.sh
create mode 100644 llvm/include/llvm/Transforms/Obfuscation/BogusControlFlow.h
create mode 100644 llvm/include/llvm/Transforms/Obfuscation/CryptoUtils.h
create mode 100644 llvm/include/llvm/Transforms/Obfuscation/Flattening.h
create mode 100644 llvm/include/llvm/Transforms/Obfuscation/Split.h
create mode 100644 llvm/include/llvm/Transforms/Obfuscation/Substitution.h
create mode 100644 llvm/include/llvm/Transforms/Obfuscation/Utils.h
create mode 100644 llvm/lib/Transforms/Obfuscation/BogusControlFlow.cpp
create mode 100644 llvm/lib/Transforms/Obfuscation/CMakeLists.txt
create mode 100644 llvm/lib/Transforms/Obfuscation/CryptoUtils.cpp
create mode 100644 llvm/lib/Transforms/Obfuscation/Flattening.cpp
create mode 100644 llvm/lib/Transforms/Obfuscation/LICENSE-OBFUSCATOR.TXT
create mode 100644 llvm/lib/Transforms/Obfuscation/LLVMBuild.txt
create mode 100644 llvm/lib/Transforms/Obfuscation/Makefile
create mode 100644 llvm/lib/Transforms/Obfuscation/SplitBasicBlocks.cpp
create mode 100644 llvm/lib/Transforms/Obfuscation/Substitution.cpp
create mode 100644 llvm/lib/Transforms/Obfuscation/Utils.cpp
diff --git a/build.sh b/build.sh
new file mode 100755
index 000000000000000..a77a3db0493d8d4
--- /dev/null
+++ b/build.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+if [ ! -d build ]; then
+ mkdir build
+fi
+
+pushd build
+cmake -G "Unix Makefiles" \
+ -DCMAKE_INSTALL_PREFIX=/opt/aqnote/install/llvm/6.x \
+ -DCMAKE_BUILD_TYPE=Release \
+ -DLLVM_ENABLE_ASSERTIONS=On \
+ -DCLANG_DEFAULT_OPENMP_RUNTIME=libgomp \
+ -DLLVM_ENABLE_PROJECTS=clang \
+ ../llvm
+popd
+
+# make VERBOSE=1 -j6 -C build
+
+exit 0
diff --git a/checkout.sh b/checkout.sh
new file mode 100755
index 000000000000000..7ceefd1b3966db0
--- /dev/null
+++ b/checkout.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+git checkout tags/llvmorg-6.0.1 -b llvm-6.0.1
+
+exit 0
diff --git a/llvm/include/llvm/Transforms/Obfuscation/BogusControlFlow.h b/llvm/include/llvm/Transforms/Obfuscation/BogusControlFlow.h
new file mode 100644
index 000000000000000..f6c238833581786
--- /dev/null
+++ b/llvm/include/llvm/Transforms/Obfuscation/BogusControlFlow.h
@@ -0,0 +1,49 @@
+//===- BogusControlFlow.h - BogusControlFlow Obfuscation pass-------------------------===//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--------------------------------------------------------------------------------===//
+//
+// This file contains includes and defines for the bogusControlFlow pass
+//
+//===--------------------------------------------------------------------------------===//
+
+#ifndef _BOGUSCONTROLFLOW_H_
+#define _BOGUSCONTROLFLOW_H_
+
+
+// LLVM include
+#include "llvm/Pass.h"
+#include "llvm/IR/Module.h"
+#include "llvm/IR/Function.h"
+#include "llvm/IR/BasicBlock.h"
+#include "llvm/IR/Instructions.h"
+#include "llvm/IR/InstrTypes.h"
+#include "llvm/IR/Constants.h"
+#include "llvm/IR/Type.h"
+#include "llvm/ADT/Statistic.h"
+#include "llvm/IR/GlobalValue.h"
+#include "llvm/IR/LLVMContext.h"
+#include "llvm/Transforms/Utils/Cloning.h"
+#include "llvm/Transforms/Utils/BasicBlockUtils.h"
+#include "llvm/CodeGen/ISDOpcodes.h"
+#include "llvm/Support/raw_ostream.h"
+#include "llvm/Support/Debug.h"
+#include "llvm/Support/CommandLine.h"
+#include "llvm/Transforms/IPO.h"
+#include "llvm/Transforms/Obfuscation/CryptoUtils.h"
+#include <list>
+
+using namespace std;
+using namespace llvm;
+
+// Namespace
+namespace llvm {
+ Pass *createBogus ();
+ Pass *createBogus (bool flag);
+}
+#endif
+
diff --git a/llvm/include/llvm/Transforms/Obfuscation/CryptoUtils.h b/llvm/include/llvm/Transforms/Obfuscation/CryptoUtils.h
new file mode 100644
index 000000000000000..8b2426d8cc96c74
--- /dev/null
+++ b/llvm/include/llvm/Transforms/Obfuscation/CryptoUtils.h
@@ -0,0 +1,264 @@
+//===- CryptoUtils.h - Cryptographically Secure Pseudo-Random
+// Generator------------------===//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// This file contains includes and defines for the AES CTR PRNG
+// The AES implementation has been derived and adapted
+// from libtomcrypt (see http://libtom.org)
+// Created on: 22 juin 2012
+// Author(s): jrinaldini, pjunod
+//===----------------------------------------------------------------------===//
+
+#ifndef LLVM_CryptoUtils_H
+#define LLVM_CryptoUtils_H
+
+#include "llvm/Support/ManagedStatic.h"
+
+#include <stdint.h>
+#include <cstdio>
+#include <string>
+
+namespace llvm {
+
+class CryptoUtils;
+extern ManagedStatic<CryptoUtils> cryptoutils;
+
+#define BYTE(x, n) (((x) >> (8 * (n))) & 0xFF)
+
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
+ defined(INTEL_CC)
+
+#ifndef ENDIAN_LITTLE
+#define ENDIAN_LITTLE
+#endif
+#define ENDIAN_32BITWORD
+#define UNALIGNED
+
+#elif defined(__alpha)
+
+#ifndef ENDIAN_LITTLE
+#define ENDIAN_LITTLE
+#endif
+#define ENDIAN_64BITWORD
+
+#elif defined(__x86_64__)
+
+#ifndef ENDIAN_LITTLE
+#define ENDIAN_LITTLE
+#endif
+#define ENDIAN_64BITWORD
+#define UNALIGNED
+
+#elif(defined(__R5900) || defined(R5900) || defined(__R5900__)) && \
+ (defined(_mips) || defined(__mips__) || defined(mips))
+
+#ifndef ENDIAN_LITTLE
+#define ENDIAN_LITTLE
+#endif
+#define ENDIAN_64BITWORD
+
+#elif defined(__sparc)
+
+#ifndef ENDIAN_BIG
+#define ENDIAN_BIG
+#endif
+#if defined(__arch64__)
+#define ENDIAN_64BITWORD
+#else
+#define ENDIAN_32BITWORD
+#endif
+
+#endif
+
+#if defined(__BIG_ENDIAN__) || defined(_BIG_ENDIAN)
+#define ENDIAN_BIG
+#endif
+
+#if !defined(ENDIAN_BIG) && !defined(ENDIAN_LITTLE)
+#error \
+ "Unknown endianness of the compilation platform, check this header aes_encrypt.h"
+#endif
+
+#ifdef ENDIAN_LITTLE
+
+#define STORE32H(y, x) \
+ { \
+ (y)[0] = (uint8_t)(((x) >> 24) & 0xFF); \
+ (y)[1] = (uint8_t)(((x) >> 16) & 0xFF); \
+ (y)[2] = (uint8_t)(((x) >> 8) & 0xFF); \
+ (y)[3] = (uint8_t)(((x) >> 0) & 0xFF); \
+ }
+#define LOAD32H(x, y) \
+ { \
+ (x) = ((uint32_t)((y)[0] & 0xFF) << 24) | \
+ ((uint32_t)((y)[1] & 0xFF) << 16) | \
+ ((uint32_t)((y)[2] & 0xFF) << 8) | ((uint32_t)((y)[3] & 0xFF) << 0); \
+ }
+
+#define LOAD64H(x, y) \
+ { \
+ (x) = ((uint64_t)((y)[0] & 0xFF) << 56) | \
+ ((uint64_t)((y)[1] & 0xFF) << 48) | \
+ ((uint64_t)((y)[2] & 0xFF) << 40) | \
+ ((uint64_t)((y)[3] & 0xFF) << 32) | \
+ ((uint64_t)((y)[4] & 0xFF) << 24) | \
+ ((uint64_t)((y)[5] & 0xFF) << 16) | \
+ ((uint64_t)((y)[6] & 0xFF) << 8) | ((uint64_t)((y)[7] & 0xFF) << 0); \
+ }
+
+#define STORE64H(y, x) \
+ { \
+ (y)[0] = (uint8_t)(((x) >> 56) & 0xFF); \
+ (y)[1] = (uint8_t)(((x) >> 48) & 0xFF); \
+ (y)[2] = (uint8_t)(((x) >> 40) & 0xFF); \
+ (y)[3] = (uint8_t)(((x) >> 32) & 0xFF); \
+ (y)[4] = (uint8_t)(((x) >> 24) & 0xFF); \
+ (y)[5] = (uint8_t)(((x) >> 16) & 0xFF); \
+ (y)[6] = (uint8_t)(((x) >> 8) & 0xFF); \
+ (y)[7] = (uint8_t)(((x) >> 0) & 0xFF); \
+ }
+
+#endif /* ENDIAN_LITTLE */
+
+#ifdef ENDIAN_BIG
+
+#define STORE32H(y, x) \
+ { \
+ (y)[3] = (uint8_t)(((x) >> 24) & 0xFF); \
+ (y)[2] = (uint8_t)(((x) >> 16) & 0xFF); \
+ (y)[1] = (uint8_t)(((x) >> 8) & 0xFF); \
+ (y)[0] = (uint8_t)(((x) >> 0) & 0xFF); \
+ }
+#define STORE64H(y, x) \
+ { \
+ (y)[7] = (uint8_t)(((x) >> 56) & 0xFF); \
+ (y)[6] = (uint8_t)(((x) >> 48) & 0xFF); \
+ (y)[5] = (uint8_t)(((x) >> 40) & 0xFF); \
+ (y)[4] = (uint8_t)(((x) >> 32) & 0xFF); \
+ (y)[3] = (uint8_t)(((x) >> 24) & 0xFF); \
+ (y)[2] = (uint8_t)(((x) >> 16) & 0xFF); \
+ (y)[1] = (uint8_t)(((x) >> 8) & 0xFF); \
+ (y)[0] = (uint8_t)(((x) >> 0) & 0xFF); \
+ }
+#define LOAD32H(x, y) \
+ { \
+ (x) = ((uint32_t)((y)[3] & 0xFF) << 24) | \
+ ((uint32_t)((y)[2] & 0xFF) << 16) | \
+ ((uint32_t)((y)[1] & 0xFF) << 8) | ((uint32_t)((y)[0] & 0xFF) << 0); \
+}
+
+#define LOAD64H(x, y) \
+ { \
+ (x) = ((uint64_t)((y)[7] & 0xFF) << 56) | \
+ ((uint64_t)((y)[6] & 0xFF) << 48) | \
+ ((uint64_t)((y)[5] & 0xFF) << 40) | \
+ ((uint64_t)((y)[4] & 0xFF) << 32) | \
+ ((uint64_t)((y)[3] & 0xFF) << 24) | \
+ ((uint64_t)((y)[2] & 0xFF) << 16) | \
+ ((uint64_t)((y)[1] & 0xFF) << 8) | ((uint64_t)((y)[0] & 0xFF) << 0); \
+ }
+
+#endif /* ENDIAN_BIG */
+
+#define AES_TE0(x) AES_PRECOMP_TE0[(x)]
+#define AES_TE1(x) AES_PRECOMP_TE1[(x)]
+#define AES_TE2(x) AES_PRECOMP_TE2[(x)]
+#define AES_TE3(x) AES_PRECOMP_TE3[(x)]
+
+#define AES_TE4_0(x) AES_PRECOMP_TE4_0[(x)]
+#define AES_TE4_1(x) AES_PRECOMP_TE4_1[(x)]
+#define AES_TE4_2(x) AES_PRECOMP_TE4_2[(x)]
+#define AES_TE4_3(x) AES_PRECOMP_TE4_3[(x)]
+
+#define CryptoUtils_POOL_SIZE (0x1 << 17) // 2^17
+
+#define DUMP(x, l, s) \
+ fprintf(stderr, "%s :", (s)); \
+ for (int ii = 0; ii < (l); ii++) { \
+ fprintf(stderr, "%02hhX", *((x) + ii)); \
+ } \
+ fprintf(stderr, "\n");
+
+// SHA256
+/* Various logical functions */
+#define Ch(x, y, z) (z ^ (x &(y ^ z)))
+#define Maj(x, y, z) (((x | y) & z) | (x &y))
+#define S(x, n) RORc((x), (n))
+#define R1(x, n) (((x) & 0xFFFFFFFFUL) >> (n))
+#define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22))
+#define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25))
+#define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R1(x, 3))
+#define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R1(x, 10))
+#define MIN(x, y) (((x) < (y)) ? (x) : (y))
+
+#define RND(a, b, c, d, e, f, g, h, i, ki) \
+ t0 = h + Sigma1(e) + Ch(e, f, g) + ki + W[i]; \
+ t1 = Sigma0(a) + Maj(a, b, c); \
+ d += t0; \
+ h = t0 + t1;
+
+#define RORc(x, y) \
+ (((((unsigned long)(x) & 0xFFFFFFFFUL) >> (unsigned long)((y) & 31)) | \
+ ((unsigned long)(x) << (unsigned long)(32 - ((y) & 31)))) & \
+ 0xFFFFFFFFUL)
+
+class CryptoUtils {
+public:
+ CryptoUtils();
+ ~CryptoUtils();
+
+ char *get_seed();
+ void get_bytes(char *buffer, const int len);
+ char get_char();
+ bool prng_seed(const std::string seed);
+
+ // Returns a uniformly distributed 8-bit value
+ uint8_t get_uint8_t();
+ // Returns a uniformly distributed 32-bit value
+ uint32_t get_uint32_t();
+ // Returns an integer uniformly distributed on [0, max[
+ uint32_t get_range(const uint32_t max);
+ // Returns a uniformly distributed 64-bit value
+ uint64_t get_uint64_t();
+
+ // Scramble a 32-bit value depending on a 128-bit value
+ unsigned scramble32(const unsigned in, const char key[16]);
+
+ int sha256(const char *msg, unsigned char *hash);
+
+private:
+ uint32_t ks[44];
+ char key[16];
+ char ctr[16];
+ char pool[CryptoUtils_POOL_SIZE];
+ uint32_t idx;
+ std::string seed;
+ bool seeded;
+
+ typedef struct {
+ uint64_t length;
+ uint32_t state[8], curlen;
+ unsigned char buf[64];
+ } sha256_state;
+
+ void aes_compute_ks(uint32_t *ks, const char *k);
+ void aes_encrypt(char *out, const char *in, const uint32_t *ks);
+ bool prng_seed();
+ void inc_ctr();
+ void populate_pool();
+ int sha256_done(sha256_state *md, unsigned char *out);
+ int sha256_init(sha256_state *md);
+ static int sha256_compress(sha256_state *md, unsigned char *buf);
+ int sha256_process(sha256_state *md, const unsigned char *in,
+ unsigned long inlen);
+};
+}
+
+#endif // LLVM_CryptoUtils_H
+
diff --git a/llvm/include/llvm/Transforms/Obfuscation/Flattening.h b/llvm/include/llvm/Transforms/Obfuscation/Flattening.h
new file mode 100644
index 000000000000000..68e21af834ce644
--- /dev/null
+++ b/llvm/include/llvm/Transforms/Obfuscation/Flattening.h
@@ -0,0 +1,39 @@
+//===- FlatteningIncludes.h - Flattening Obfuscation pass------------------===//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// This file contains includes and defines for the flattening pass
+//
+//===----------------------------------------------------------------------===//
+
+#ifndef _FLATTENING_INCLUDES_
+#define _FLATTENING_INCLUDES_
+
+
+// LLVM include
+#include "llvm/Pass.h"
+#include "llvm/IR/Function.h"
+#include "llvm/ADT/Statistic.h"
+#include "llvm/Transforms/Utils/Local.h" // For DemoteRegToStack and DemotePHIToStack
+#include "llvm/Transforms/IPO.h"
+#include "llvm/Transforms/Scalar.h"
+#include "llvm/IR/Module.h"
+#include "llvm/Support/CommandLine.h"
+#include "llvm/Transforms/Obfuscation/CryptoUtils.h"
+#include "llvm/Transforms/Obfuscation/Utils.h"
+
+// Namespace
+using namespace std;
+
+namespace llvm {
+ Pass *createFlattening();
+ Pass *createFlattening(bool flag);
+}
+
+#endif
+
diff --git a/llvm/include/llvm/Transforms/Obfuscation/Split.h b/llvm/include/llvm/Transforms/Obfuscation/Split.h
new file mode 100644
index 000000000000000..0f85a124d3323e4
--- /dev/null
+++ b/llvm/include/llvm/Transforms/Obfuscation/Split.h
@@ -0,0 +1,35 @@
+//===- FlatteningIncludes.h - Flattening Obfuscation pass------------------===//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// This file contains includes and defines for the split basicblock pass
+//
+//===----------------------------------------------------------------------===//
+
+#ifndef _SPLIT_INCLUDES_
+#define _SPLIT_INCLUDES_
+
+
+// LLVM include
+#include "llvm/Pass.h"
+#include "llvm/IR/BasicBlock.h"
+#include "llvm/ADT/Statistic.h"
+#include "llvm/Transforms/Utils/Local.h" // For DemoteRegToStack and DemotePHIToStack
+#include "llvm/Transforms/IPO.h"
+#include "llvm/Transforms/Scalar.h"
+#include "llvm/IR/Module.h"
+#include "llvm/Support/CommandLine.h"
+#include "llvm/Transforms/Obfuscation/Utils.h"
+#include "llvm/Transforms/Obfuscation/CryptoUtils.h"
+
+// Namespace
+namespace llvm {
+ Pass *createSplitBasicBlock(bool flag);
+}
+#endif
+
diff --git a/llvm/include/llvm/Transforms/Obfuscation/Substitution.h b/llvm/include/llvm/Transforms/Obfuscation/Substitution.h
new file mode 100644
index 000000000000000..7d59e3301f307ef
--- /dev/null
+++ b/llvm/include/llvm/Transforms/Obfuscation/Substitution.h
@@ -0,0 +1,38 @@
+//===- SubstitutionIncludes.h - Substitution Obfuscation pass-------------------------===//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// This file contains includes and defines for the substitution pass
+//
+//===----------------------------------------------------------------------===//
+
+#ifndef _SUBSTITUTIONS_H_
+#define _SUBSTITUTIONS_H_
+
+
+// LLVM include
+#include "llvm/Pass.h"
+#include "llvm/IR/Function.h"
+#include "llvm/IR/Instructions.h"
+#include "llvm/ADT/Statistic.h"
+#include "llvm/Transforms/IPO.h"
+#include "llvm/IR/Module.h"
+#include "llvm/Support/CommandLine.h"
+#include "llvm/Transforms/Obfuscation/CryptoUtils.h"
+
+// Namespace
+using namespace llvm;
+using namespace std;
+
+namespace llvm {
+ Pass *createSubstitution ();
+ Pass *createSubstitution (bool flag);
+}
+
+#endif
+
diff --git a/llvm/include/llvm/Transforms/Obfuscation/Utils.h b/llvm/include/llvm/Transforms/Obfuscation/Utils.h
new file mode 100644
index 000000000000000..c25533e94704b4a
--- /dev/null
+++ b/llvm/include/llvm/Transforms/Obfuscation/Utils.h
@@ -0,0 +1,15 @@
+#ifndef __UTILS_OBF__
+#define __UTILS_OBF__
+
+#include "llvm/IR/Function.h"
+#include "llvm/IR/Instructions.h"
+#include "llvm/Transforms/Utils/Local.h" // For DemoteRegToStack and DemotePHIToStack
+#include <stdio.h>
+
+using namespace llvm;
+
+void fixStack(Function *f);
+std::string readAnnotate(Function *f);
+bool toObfuscate(bool flag, Function *f, std::string attribute);
+
+#endif
diff --git a/llvm/lib/Transforms/Obfuscation/BogusControlFlow.cpp b/llvm/lib/Transforms/Obfuscation/BogusControlFlow.cpp
new file mode 100644
index 000000000000000..fab897beb24160c
--- /dev/null
+++ b/llvm/lib/Transforms/Obfuscation/BogusControlFlow.cpp
@@ -0,0 +1,613 @@
+//===- BogusControlFlow.cpp - BogusControlFlow Obfuscation pass-------------------------===//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------------------===//
+//
+// This file implements BogusControlFlow's pass, inserting bogus control flow.
+// It adds bogus flow to a given basic block this way:
+//
+// Before :
+// entry
+// |
+// ______v______
+// | Original |
+// |_____________|
+// |
+// v
+// return
+//
+// After :
+// entry
+// |
+// ____v_____
+// |condition*| (false)
+// |__________|----+
+// (true)| |
+// | |
+// ______v______ |
+// +-->| Original* | |
+// | |_____________| (true)
+// | (false)| !-----------> return
+// | ______v______ |
+// | | Altered |<--!
+// | |_____________|
+// |__________|
+//
+// * The results of these terminator's branch's conditions are always true, but these predicates are
+// opacificated. For this, we declare two global values: x and y, and replace the FCMP_TRUE
+// predicate with (y < 10 || x * (x + 1) % 2 == 0) (this could be improved, as the global
+// values give a hint on where are the opaque predicates)
+//
+// The altered bloc is a copy of the original's one with junk instructions added accordingly to the
+// type of instructions we found in the bloc
+//
+// Each basic block of the function is choosen if a random number in the range [0,100] is smaller
+// than the choosen probability rate. The default value is 30. This value can be modify using
+// the option -boguscf-prob=[value]. Value must be an integer in the range [0, 100], otherwise
+// the default value is taken. Exemple: -boguscf -boguscf-prob=60
+//
+// The pass can also be loop many times on a function, including on the basic blocks added in
+// a previous loop. Be careful if you use a big probability number and choose to run the loop
+// many times wich may cause the pass to run for a very long time. The default value is one loop,
+// but you can change it with -boguscf-loop=[value]. Value must be an integer greater than 1,
+// otherwise the default value is taken. Exemple: -boguscf -boguscf-loop=2
+//
+//
+// Defined debug types:
+// - "gen" : general informations
+// - "opt" : concerning the given options (parameter)
+// - "cfg" : printing the various function's cfg before transformation
+// and after transformation if it has been modified, and all
+// the functions at end of the pass, after doFinalization.
+//
+// To use them all, simply use the -debug option.
+// To use only one of them, follow the pass' command by -debug-only=name.
+// Exemple, -boguscf -debug-only=cfg
+//
+//
+// Stats:
+// The following statistics will be printed if you use
+// the -stats command:
+//
+// a. Number of functions in this module
+// b. Number of times we run on each function
+// c. Initial number of basic blocks in this module
+// d. Number of modified basic blocks
+// e. Number of added basic blocks in this module
+// f. Final number of basic blocks in this module
+//
+// file : lib/Transforms/Obfuscation/BogusControlFlow.cpp
+// date : june 2012
+// version: 1.0
+// author : julie.michielin at gmail.com
+// modifications: pjunod, Rinaldini Julien
+// project: Obfuscator
+// option : -boguscf
+//
+//===----------------------------------------------------------------------------------===//
+
+#include "llvm/Transforms/Obfuscation/BogusControlFlow.h"
+#include "llvm/Transforms/Obfuscation/Utils.h"
+
+// Stats
+#define DEBUG_TYPE "BogusControlFlow"
+STATISTIC(NumFunction, "a. Number of functions in this module");
+STATISTIC(NumTimesOnFunctions, "b. Number of times we run on each function");
+STATISTIC(InitNumBasicBlocks, "c. Initial number of basic blocks in this module");
+STATISTIC(NumModifiedBasicBlocks, "d. Number of modified basic blocks");
+STATISTIC(NumAddedBasicBlocks, "e. Number of added basic blocks in this module");
+STATISTIC(FinalNumBasicBlocks, "f. Final number of basic blocks in this module");
+
+
+// Options for the pass
+const int defaultObfRate = 30, defaultObfTime = 1;
+
+static cl::opt<int>
+ObfProbRate("bcf_prob", cl::desc("Choose the probability [%] each basic blocks will be obfuscated by the -bcf pass"), cl::value_desc("probability rate"), cl::init(defaultObfRate), cl::Optional);
+
+static cl::opt<int>
+ObfTimes("bcf_loop", cl::desc("Choose how many time the -bcf pass loop on a function"), cl::value_desc("number of times"), cl::init(defaultObfTime), cl::Optional);
+
+namespace {
+ // bogus control flow (伪控制流) -- aqnote
+ struct BogusControlFlow : public FunctionPass { // 伪控制流 -- aqnote
+ static char ID; // Pass identification
+ bool flag;
+ BogusControlFlow() : FunctionPass(ID) {}
+ BogusControlFlow(bool flag) : FunctionPass(ID) {this->flag = flag; BogusControlFlow();}
+
+ /* runOnFunction
+ *
+ * Overwrite FunctionPass method to apply the transformation
+ * to the function. See header for more details.
+ */
+ virtual bool runOnFunction(Function &F){
+ // Check if the percentage is correct
+ if (ObfTimes <= 0) {
+ errs()<<"BogusControlFlow application number -bcf_loop=x must be x > 0";
+ return false;
+ }
+
+ // Check if the number of applications is correct
+ if ( !((ObfProbRate > 0) && (ObfProbRate <= 100)) ) {
+ errs()<<"BogusControlFlow application basic blocks percentage -bcf_prob=x must be 0 < x <= 100";
+ return false;
+ }
+ // If fla annotations
+ if(toObfuscate(flag,&F,"bcf")) {
+ bogus(F);
+ doF(*F.getParent());
+ return true;
+ }
+
+ return false;
+ } // end of runOnFunction()
+
+ void bogus(Function &F) {
+ // For statistics and debug
+ ++NumFunction;
+ int NumBasicBlocks = 0;
+ bool firstTime = true; // First time we do the loop in this function
+ bool hasBeenModified = false;
+ DEBUG_WITH_TYPE("opt", errs() << "bcf: Started on function " << F.getName() << "\n");
+ DEBUG_WITH_TYPE("opt", errs() << "bcf: Probability rate: "<< ObfProbRate<< "\n");
+ if(ObfProbRate < 0 || ObfProbRate > 100){
+ DEBUG_WITH_TYPE("opt", errs() << "bcf: Incorrect value,"
+ << " probability rate set to default value: "
+ << defaultObfRate <<" \n");
+ ObfProbRate = defaultObfRate;
+ }
+ DEBUG_WITH_TYPE("opt", errs() << "bcf: How many times: "<< ObfTimes<< "\n");
+ if(ObfTimes <= 0){
+ DEBUG_WITH_TYPE("opt", errs() << "bcf: Incorrect value,"
+ << " must be greater than 1. Set to default: "
+ << defaultObfTime <<" \n");
+ ObfTimes = defaultObfTime;
+ }
+ NumTimesOnFunctions = ObfTimes;
+ int NumObfTimes = ObfTimes;
+
+ // Real begining of the pass
+ // Loop for the number of time we run the pass on the function
+ do{
+ DEBUG_WITH_TYPE("cfg", errs() << "bcf: Function " << F.getName()
+ <<", before the pass:\n");
+ DEBUG_WITH_TYPE("cfg", F.viewCFG());
+ // Put all the function's block in a list
+ std::list<BasicBlock *> basicBlocks;
+ for (Function::iterator i=F.begin();i!=F.end();++i) {
+ basicBlocks.push_back(&*i);
+ }
+ DEBUG_WITH_TYPE("gen", errs() << "bcf: Iterating on the Function's Basic Blocks\n");
+
+ while(!basicBlocks.empty()){
+ NumBasicBlocks ++;
+ // Basic Blocks' selection
+ if((int)llvm::cryptoutils->get_range(100) <= ObfProbRate){
+ DEBUG_WITH_TYPE("opt", errs() << "bcf: Block "
+ << NumBasicBlocks <<" selected. \n");
+ hasBeenModified = true;
+ ++NumModifiedBasicBlocks;
+ NumAddedBasicBlocks += 3;
+ FinalNumBasicBlocks += 3;
+ // Add bogus flow to the given Basic Block (see description)
+ BasicBlock *basicBlock = basicBlocks.front();
+ addBogusFlow(basicBlock, F);
+ }
+ else{
+ DEBUG_WITH_TYPE("opt", errs() << "bcf: Block "
+ << NumBasicBlocks <<" not selected.\n");
+ }
+ // remove the block from the list
+ basicBlocks.pop_front();
+
+ if(firstTime){ // first time we iterate on this function
+ ++InitNumBasicBlocks;
+ ++FinalNumBasicBlocks;
+ }
+ } // end of while(!basicBlocks.empty())
+ DEBUG_WITH_TYPE("gen", errs() << "bcf: End of function " << F.getName() << "\n");
+ if(hasBeenModified){ // if the function has been modified
+ DEBUG_WITH_TYPE("cfg", errs() << "bcf: Function " << F.getName()
+ <<", after the pass: \n");
+ DEBUG_WITH_TYPE("cfg", F.viewCFG());
+ }
+ else{
+ DEBUG_WITH_TYPE("cfg", errs() << "bcf: Function's not been modified \n");
+ }
+ firstTime = false;
+ }while(--NumObfTimes > 0);
+ }
+
+ /* addBogusFlow
+ *
+ * Add bogus flow to a given basic block, according to the header's description
+ */
+ virtual void addBogusFlow(BasicBlock * basicBlock, Function &F){
+
+
+ // Split the block: first part with only the phi nodes and debug info and terminator
+ // created by splitBasicBlock. (-> No instruction)
+ // Second part with every instructions from the original block
+ // We do this way, so we don't have to adjust all the phi nodes, metadatas and so on
+ // for the first block. We have to let the phi nodes in the first part, because they
+ // actually are updated in the second part according to them.
+ BasicBlock::iterator i1 = basicBlock->begin();
+ if(basicBlock->getFirstNonPHIOrDbgOrLifetime())
+ i1 = (BasicBlock::iterator)basicBlock->getFirstNonPHIOrDbgOrLifetime();
+ Twine *var;
+ var = new Twine("originalBB");
+ BasicBlock *originalBB = basicBlock->splitBasicBlock(i1, *var);
+ DEBUG_WITH_TYPE("gen", errs() << "bcf: First and original basic blocks: ok\n");
+
+ // Creating the altered basic block on which the first basicBlock will jump
+ Twine * var3 = new Twine("alteredBB");
+ BasicBlock *alteredBB = createAlteredBasicBlock(originalBB, *var3, &F);
+ DEBUG_WITH_TYPE("gen", errs() << "bcf: Altered basic block: ok\n");
+
+ // Now that all the blocks are created,
+ // we modify the terminators to adjust the control flow.
+
+ alteredBB->getTerminator()->eraseFromParent();
+ basicBlock->getTerminator()->eraseFromParent();
+ DEBUG_WITH_TYPE("gen", errs() << "bcf: Terminator removed from the altered"
+ <<" and first basic blocks\n");
+
+ // Preparing a condition..
+ // For now, the condition is an always true comparaison between 2 float
+ // This will be complicated after the pass (in doFinalization())
+ Value * LHS = ConstantFP::get(Type::getFloatTy(F.getContext()), 1.0);
+ Value * RHS = ConstantFP::get(Type::getFloatTy(F.getContext()), 1.0);
+ DEBUG_WITH_TYPE("gen", errs() << "bcf: Value LHS and RHS created\n");
+
+
+ // The always true condition. End of the first block
+ Twine * var4 = new Twine("condition");
+ FCmpInst * condition = new FCmpInst(*basicBlock, FCmpInst::FCMP_TRUE , LHS, RHS, *var4);
+ DEBUG_WITH_TYPE("gen", errs() << "bcf: Always true condition created\n");
+
+ // Jump to the original basic block if the condition is true or
+ // to the altered block if false.
+ BranchInst::Create(originalBB, alteredBB, (Value *)condition, basicBlock);
+ DEBUG_WITH_TYPE("gen",
+ errs() << "bcf: Terminator instruction in first basic block: ok\n");
+
+ // The altered block loop back on the original one.
+ BranchInst::Create(originalBB, alteredBB);
+ DEBUG_WITH_TYPE("gen", errs() << "bcf: Terminator instruction in altered block: ok\n");
+
+
+ // The end of the originalBB is modified to give the impression that sometimes
+ // it continues in the loop, and sometimes it return the desired value
+ // (of course it's always true, so it always use the original terminator..
+ // but this will be obfuscated too;) )
+
+ // iterate on instruction just before the terminator of the originalBB
+ BasicBlock::iterator i = originalBB->end();
+
+ // Split at this point (we only want the terminator in the second part)
+ Twine * var5 = new Twine("originalBBpart2");
+ BasicBlock * originalBBpart2 = originalBB->splitBasicBlock(--i , *var5);
+ DEBUG_WITH_TYPE("gen", errs() << "bcf: Terminator part of the original basic block"
+ << " is isolated\n");
+ // the first part go either on the return statement or on the begining
+ // of the altered block.. So we erase the terminator created when splitting.
+ originalBB->getTerminator()->eraseFromParent();
+ // We add at the end a new always true condition
+ Twine * var6 = new Twine("condition2");
+ FCmpInst * condition2 = new FCmpInst(*originalBB, CmpInst::FCMP_TRUE , LHS, RHS, *var6);
+ BranchInst::Create(originalBBpart2, alteredBB, (Value *)condition2, originalBB);
+ DEBUG_WITH_TYPE("gen", errs() << "bcf: Terminator original basic block: ok\n");
+ DEBUG_WITH_TYPE("gen", errs() << "bcf: End of addBogusFlow().\n");
+
+ } // end of addBogusFlow()
+
+ /* createAlteredBasicBlock
+ *
+ * This function return a basic block similar to a given one.
+ * It's inserted just after the given basic block.
+ * The instructions are similar but junk instructions are added between
+ * the cloned one. The cloned instructions' phi nodes, metadatas, uses and
+ * debug locations are adjusted to fit in the cloned basic block and
+ * behave nicely.
+ */
+ virtual BasicBlock* createAlteredBasicBlock(BasicBlock * basicBlock,
+ const Twine & Name = "gen", Function * F = 0){
+ // Useful to remap the informations concerning instructions.
+ ValueToValueMapTy VMap;
+ BasicBlock * alteredBB = llvm::CloneBasicBlock (basicBlock, VMap, Name, F);
+ DEBUG_WITH_TYPE("gen", errs() << "bcf: Original basic block cloned\n");
+ // Remap operands.
+ BasicBlock::iterator ji = basicBlock->begin();
+ for (BasicBlock::iterator i = alteredBB->begin(), e = alteredBB->end() ; i != e; ++i){
+ // Loop over the operands of the instruction
+ for(User::op_iterator opi = i->op_begin (), ope = i->op_end(); opi != ope; ++opi){
+ // get the value for the operand
+ Value *v = MapValue(*opi, VMap, RF_None, 0);
+ if (v != 0){
+ *opi = v;
+ DEBUG_WITH_TYPE("gen", errs() << "bcf: Value's operand has been setted\n");
+ }
+ }
+ DEBUG_WITH_TYPE("gen", errs() << "bcf: Operands remapped\n");
+ // Remap phi nodes' incoming blocks.
+ if (PHINode *pn = dyn_cast<PHINode>(i)) {
+ for (unsigned j = 0, e = pn->getNumIncomingValues(); j != e; ++j) {
+ Value *v = MapValue(pn->getIncomingBlock(j), VMap, RF_None, 0);
+ if (v != 0){
+ pn->setIncomingBlock(j, cast<BasicBlock>(v));
+ }
+ }
+ }
+ DEBUG_WITH_TYPE("gen", errs() << "bcf: PHINodes remapped\n");
+ // Remap attached metadata.
+ SmallVector<std::pair<unsigned, MDNode *>, 4> MDs;
+ i->getAllMetadata(MDs);
+ DEBUG_WITH_TYPE("gen", errs() << "bcf: Metadatas remapped\n");
+ // important for compiling with DWARF, using option -g.
+ i->setDebugLoc(ji->getDebugLoc());
+ ji++;
+ DEBUG_WITH_TYPE("gen", errs() << "bcf: Debug information location setted\n");
+
+ } // The instructions' informations are now all correct
+
+ DEBUG_WITH_TYPE("gen", errs() << "bcf: The cloned basic block is now correct\n");
+ DEBUG_WITH_TYPE("gen",
+ errs() << "bcf: Starting to add junk code in the cloned bloc...\n");
+
+ // add random instruction in the middle of the bloc. This part can be improve
+ for (BasicBlock::iterator i = alteredBB->begin(), e = alteredBB->end() ; i != e; ++i){
+ // in the case we find binary operator, we modify slightly this part by randomly
+ // insert some instructions
+ if(i->isBinaryOp()){ // binary instructions
+ unsigned opcode = i->getOpcode();
+ BinaryOperator *op, *op1 = NULL;
+ Twine *var = new Twine("_");
+ // treat differently float or int
+ // Binary int
+ if(opcode == Instruction::Add || opcode == Instruction::Sub ||
+ opcode == Instruction::Mul || opcode == Instruction::UDiv ||
+ opcode == Instruction::SDiv || opcode == Instruction::URem ||
+ opcode == Instruction::SRem || opcode == Instruction::Shl ||
+ opcode == Instruction::LShr || opcode == Instruction::AShr ||
+ opcode == Instruction::And || opcode == Instruction::Or ||
+ opcode == Instruction::Xor){
+ for(int random = (int)llvm::cryptoutils->get_range(10); random < 10; ++random){
+ switch(llvm::cryptoutils->get_range(4)){ // to improve
+ case 0: //do nothing
+ break;
+ case 1: op = BinaryOperator::CreateNeg(i->getOperand(0),*var,&*i);
+ op1 = BinaryOperator::Create(Instruction::Add,op,
+ i->getOperand(1),"gen",&*i);
+ break;
+ case 2: op1 = BinaryOperator::Create(Instruction::Sub,
+ i->getOperand(0),
+ i->getOperand(1),*var,&*i);
+ op = BinaryOperator::Create(Instruction::Mul,op1,
+ i->getOperand(1),"gen",&*i);
+ break;
+ case 3: op = BinaryOperator::Create(Instruction::Shl,
+ i->getOperand(0),
+ i->getOperand(1),*var,&*i);
+ break;
+ }
+ }
+ }
+ // Binary float
+ if(opcode == Instruction::FAdd || opcode == Instruction::FSub ||
+ opcode == Instruction::FMul || opcode == Instruction::FDiv ||
+ opcode == Instruction::FRem){
+ for(int random = (int)llvm::cryptoutils->get_range(10); random < 10; ++random){
+ switch(llvm::cryptoutils->get_range(3)){ // can be improved
+ case 0: //do nothing
+ break;
+ case 1: op = BinaryOperator::CreateFNeg(i->getOperand(0),*var,&*i);
+ op1 = BinaryOperator::Create(Instruction::FAdd,op,
+ i->getOperand(1),"gen",&*i);
+ break;
+ case 2: op = BinaryOperator::Create(Instruction::FSub,
+ i->getOperand(0),
+ i->getOperand(1),*var,&*i);
+ op1 = BinaryOperator::Create(Instruction::FMul,op,
+ i->getOperand(1),"gen",&*i);
+ break;
+ }
+ }
+ }
+ if(opcode == Instruction::ICmp){ // Condition (with int)
+ ICmpInst *currentI = (ICmpInst*)(&i);
+ switch(llvm::cryptoutils->get_range(3)){ // must be improved
+ case 0: //do nothing
+ break;
+ case 1: currentI->swapOperands();
+ break;
+ case 2: // randomly change the predicate
+ switch(llvm::cryptoutils->get_range(10)){
+ case 0: currentI->setPredicate(ICmpInst::ICMP_EQ);
+ break; // equal
+ case 1: currentI->setPredicate(ICmpInst::ICMP_NE);
+ break; // not equal
+ case 2: currentI->setPredicate(ICmpInst::ICMP_UGT);
+ break; // unsigned greater than
+ case 3: currentI->setPredicate(ICmpInst::ICMP_UGE);
+ break; // unsigned greater or equal
+ case 4: currentI->setPredicate(ICmpInst::ICMP_ULT);
+ break; // unsigned less than
+ case 5: currentI->setPredicate(ICmpInst::ICMP_ULE);
+ break; // unsigned less or equal
+ case 6: currentI->setPredicate(ICmpInst::ICMP_SGT);
+ break; // signed greater than
+ case 7: currentI->setPredicate(ICmpInst::ICMP_SGE);
+ break; // signed greater or equal
+ case 8: currentI->setPredicate(ICmpInst::ICMP_SLT);
+ break; // signed less than
+ case 9: currentI->setPredicate(ICmpInst::ICMP_SLE);
+ break; // signed less or equal
+ }
+ break;
+ }
+
+ }
+ if(opcode == Instruction::FCmp){ // Conditions (with float)
+ FCmpInst *currentI = (FCmpInst*)(&i);
+ switch(llvm::cryptoutils->get_range(3)){ // must be improved
+ case 0: //do nothing
+ break;
+ case 1: currentI->swapOperands();
+ break;
+ case 2: // randomly change the predicate
+ switch(llvm::cryptoutils->get_range(10)){
+ case 0: currentI->setPredicate(FCmpInst::FCMP_OEQ);
+ break; // ordered and equal
+ case 1: currentI->setPredicate(FCmpInst::FCMP_ONE);
+ break; // ordered and operands are unequal
+ case 2: currentI->setPredicate(FCmpInst::FCMP_UGT);
+ break; // unordered or greater than
+ case 3: currentI->setPredicate(FCmpInst::FCMP_UGE);
+ break; // unordered, or greater than, or equal
+ case 4: currentI->setPredicate(FCmpInst::FCMP_ULT);
+ break; // unordered or less than
+ case 5: currentI->setPredicate(FCmpInst::FCMP_ULE);
+ break; // unordered, or less than, or equal
+ case 6: currentI->setPredicate(FCmpInst::FCMP_OGT);
+ break; // ordered and greater than
+ case 7: currentI->setPredicate(FCmpInst::FCMP_OGE);
+ break; // ordered and greater than or equal
+ case 8: currentI->setPredicate(FCmpInst::FCMP_OLT);
+ break; // ordered and less than
+ case 9: currentI->setPredicate(FCmpInst::FCMP_OLE);
+ break; // ordered or less than, or equal
+ }
+ break;
+ }
+ }
+ }
+ }
+ return alteredBB;
+ } // end of createAlteredBasicBlock()
+
+
+ /* doFinalization
+ *
+ * Overwrite FunctionPass method to apply the transformations to the whole module.
+ * This part obfuscate all the always true predicates of the module.
+ * More precisely, the condition which predicate is FCMP_TRUE.
+ * It also remove all the functions' basic blocks' and instructions' names.
+ */
+ bool doF(Module &M){
+ // In this part we extract all always-true predicate and replace them with opaque predicate:
+ // For this, we declare two global values: x and y, and replace the FCMP_TRUE predicate with
+ // (y < 10 || x * (x + 1) % 2 == 0)
+ // A better way to obfuscate the predicates would be welcome.
+ // In the meantime we will erase the name of the basic blocks, the instructions
+ // and the functions.
+ DEBUG_WITH_TYPE("gen", errs()<<"bcf: Starting doFinalization...\n");
+
+ // The global values
+ Twine * varX = new Twine("x");
+ Twine * varY = new Twine("y");
+ Value * x1 =ConstantInt::get(Type::getInt32Ty(M.getContext()), 0, false);
+ Value * y1 =ConstantInt::get(Type::getInt32Ty(M.getContext()), 0, false);
+
+ GlobalVariable * x = new GlobalVariable(M, Type::getInt32Ty(M.getContext()), false,
+ GlobalValue::CommonLinkage, (Constant * )x1,
+ *varX);
+ GlobalVariable * y = new GlobalVariable(M, Type::getInt32Ty(M.getContext()), false,
+ GlobalValue::CommonLinkage, (Constant * )y1,
+ *varY);
+
+
+ std::vector<Instruction*> toEdit, toDelete;
+ BinaryOperator *op,*op1 = NULL;
+ LoadInst * opX , * opY;
+ ICmpInst * condition, * condition2;
+ // Looking for the conditions and branches to transform
+ for(Module::iterator mi = M.begin(), me = M.end(); mi != me; ++mi){
+ for(Function::iterator fi = mi->begin(), fe = mi->end(); fi != fe; ++fi){
+ //fi->setName("");
+ TerminatorInst * tbb= fi->getTerminator();
+ if(tbb->getOpcode() == Instruction::Br){
+ BranchInst * br = (BranchInst *)(tbb);
+ if(br->isConditional()){
+ FCmpInst * cond = (FCmpInst *)br->getCondition();
+ unsigned opcode = cond->getOpcode();
+ if(opcode == Instruction::FCmp){
+ if (cond->getPredicate() == FCmpInst::FCMP_TRUE){
+ DEBUG_WITH_TYPE("gen",
+ errs()<<"bcf: an always true predicate !\n");
+ toDelete.push_back(cond); // The condition
+ toEdit.push_back(tbb); // The branch using the condition
+ }
+ }
+ }
+ }
+ /*
+ for (BasicBlock::iterator bi = fi->begin(), be = fi->end() ; bi != be; ++bi){
+ bi->setName(""); // setting the basic blocks' names
+ }
+ */
+ }
+ }
+ // Replacing all the branches we found
+ for(std::vector<Instruction*>::iterator i =toEdit.begin();i!=toEdit.end();++i){
+ //if y < 10 || x*(x+1) % 2 == 0
+ opX = new LoadInst ((Value *)x, "", (*i));
+ opY = new LoadInst ((Value *)y, "", (*i));
+
+ op = BinaryOperator::Create(Instruction::Sub, (Value *)opX,
+ ConstantInt::get(Type::getInt32Ty(M.getContext()), 1,
+ false), "", (*i));
+ op1 = BinaryOperator::Create(Instruction::Mul, (Value *)opX, op, "", (*i));
+ op = BinaryOperator::Create(Instruction::URem, op1,
+ ConstantInt::get(Type::getInt32Ty(M.getContext()), 2,
+ false), "", (*i));
+ condition = new ICmpInst((*i), ICmpInst::ICMP_EQ, op,
+ ConstantInt::get(Type::getInt32Ty(M.getContext()), 0,
+ false));
+ condition2 = new ICmpInst((*i), ICmpInst::ICMP_SLT, opY,
+ ConstantInt::get(Type::getInt32Ty(M.getContext()), 10,
+ false));
+ op1 = BinaryOperator::Create(Instruction::Or, (Value *)condition,
+ (Value *)condition2, "", (*i));
+
+ BranchInst::Create(((BranchInst*)*i)->getSuccessor(0),
+ ((BranchInst*)*i)->getSuccessor(1),(Value *) op1,
+ ((BranchInst*)*i)->getParent());
+ DEBUG_WITH_TYPE("gen", errs() << "bcf: Erase branch instruction:"
+ << *((BranchInst*)*i) << "\n");
+ (*i)->eraseFromParent(); // erase the branch
+ }
+ // Erase all the associated conditions we found
+ for(std::vector<Instruction*>::iterator i =toDelete.begin();i!=toDelete.end();++i){
+ DEBUG_WITH_TYPE("gen", errs() << "bcf: Erase condition instruction:"
+ << *((Instruction*)*i)<< "\n");
+ (*i)->eraseFromParent();
+ }
+
+ // Only for debug
+ DEBUG_WITH_TYPE("cfg",
+ errs() << "bcf: End of the pass, here are the graphs after doFinalization\n");
+ for(Module::iterator mi = M.begin(), me = M.end(); mi != me; ++mi){
+ DEBUG_WITH_TYPE("cfg", errs() << "bcf: Function " << mi->getName() <<"\n");
+ DEBUG_WITH_TYPE("cfg", mi->viewCFG());
+ }
+
+ return true;
+ } // end of doFinalization
+ }; // end of struct BogusControlFlow : public FunctionPass
+}
+
+char BogusControlFlow::ID = 0;
+static RegisterPass<BogusControlFlow> X("boguscf", "inserting bogus control flow");
+
+Pass *llvm::createBogus() {
+ return new BogusControlFlow();
+}
+
+Pass *llvm::createBogus(bool flag) {
+ return new BogusControlFlow(flag);
+}
diff --git a/llvm/lib/Transforms/Obfuscation/CMakeLists.txt b/llvm/lib/Transforms/Obfuscation/CMakeLists.txt
new file mode 100644
index 000000000000000..2336b3019b78296
--- /dev/null
+++ b/llvm/lib/Transforms/Obfuscation/CMakeLists.txt
@@ -0,0 +1,10 @@
+add_llvm_library(LLVMObfuscation
+ CryptoUtils.cpp
+ Substitution.cpp
+ BogusControlFlow.cpp
+ Utils.cpp
+ SplitBasicBlocks.cpp
+ Flattening.cpp
+ )
+
+add_dependencies(LLVMObfuscation intrinsics_gen)
diff --git a/llvm/lib/Transforms/Obfuscation/CryptoUtils.cpp b/llvm/lib/Transforms/Obfuscation/CryptoUtils.cpp
new file mode 100644
index 000000000000000..b4bdf9268928a6b
--- /dev/null
+++ b/llvm/lib/Transforms/Obfuscation/CryptoUtils.cpp
@@ -0,0 +1,1087 @@
+//===- CryptoUtils.cpp - AES-based Pseudo-Random Generator
+//------------------------===//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// This file implements an AES-CTR-based cryptographically secure
+// pseudo-random generator.
+//
+// Created on: June 22, 2012
+// Last modification: November 15, 2013
+// Author(s): jrinaldini, pjunod
+//
+//===----------------------------------------------------------------------===//
+
+#include "llvm/Support/ManagedStatic.h"
+#include "llvm/Support/ErrorHandling.h"
+#include "llvm/Support/raw_ostream.h"
+#include "llvm/Support/Debug.h"
+#include "llvm/IR/LLVMContext.h"
+#include "llvm/ADT/Twine.h"
+#include "llvm/ADT/Statistic.h"
+#include "llvm/Transforms/Obfuscation/CryptoUtils.h"
+
+#include <fstream>
+#include <string>
+#include <cstdlib>
+#include <cassert>
+#include <cstring>
+#include <cstdio>
+
+// Stats
+#define DEBUG_TYPE "CryptoUtils"
+STATISTIC(statsGetBytes, "a. Number of calls to get_bytes ()");
+STATISTIC(statsGetChar, "b. Number of calls to get_char ()");
+STATISTIC(statsGetUint8, "c. Number of calls to get_uint8_t ()");
+STATISTIC(statsGetUint32, "d. Number of calls to get_uint32_t ()");
+STATISTIC(statsGetUint64, "e. Number of calls to get_uint64_t ()");
+STATISTIC(statsGetRange, "f. Number of calls to get_range ()");
+STATISTIC(statsPopulate, "g. Number of calls to populate ()");
+STATISTIC(statsAESEncrypt, "h. Number of calls to aes_encrypt ()");
+
+using namespace llvm;
+
+namespace llvm {
+ManagedStatic<CryptoUtils> cryptoutils;
+}
+
+const uint32_t AES_RCON[10] = { 0x01000000UL, 0x02000000UL, 0x04000000UL,
+ 0x08000000UL, 0x10000000UL, 0x20000000UL,
+ 0x40000000UL, 0x80000000UL, 0x1b000000UL,
+ 0x36000000UL };
+
+const uint32_t AES_PRECOMP_TE0[256] = {
+ 0xc66363a5UL, 0xf87c7c84UL, 0xee777799UL, 0xf67b7b8dUL, 0xfff2f20dUL,
+ 0xd66b6bbdUL, 0xde6f6fb1UL, 0x91c5c554UL, 0x60303050UL, 0x02010103UL,
+ 0xce6767a9UL, 0x562b2b7dUL, 0xe7fefe19UL, 0xb5d7d762UL, 0x4dababe6UL,
+ 0xec76769aUL, 0x8fcaca45UL, 0x1f82829dUL, 0x89c9c940UL, 0xfa7d7d87UL,
+ 0xeffafa15UL, 0xb25959ebUL, 0x8e4747c9UL, 0xfbf0f00bUL, 0x41adadecUL,
+ 0xb3d4d467UL, 0x5fa2a2fdUL, 0x45afafeaUL, 0x239c9cbfUL, 0x53a4a4f7UL,
+ 0xe4727296UL, 0x9bc0c05bUL, 0x75b7b7c2UL, 0xe1fdfd1cUL, 0x3d9393aeUL,
+ 0x4c26266aUL, 0x6c36365aUL, 0x7e3f3f41UL, 0xf5f7f702UL, 0x83cccc4fUL,
+ 0x6834345cUL, 0x51a5a5f4UL, 0xd1e5e534UL, 0xf9f1f108UL, 0xe2717193UL,
+ 0xabd8d873UL, 0x62313153UL, 0x2a15153fUL, 0x0804040cUL, 0x95c7c752UL,
+ 0x46232365UL, 0x9dc3c35eUL, 0x30181828UL, 0x379696a1UL, 0x0a05050fUL,
+ 0x2f9a9ab5UL, 0x0e070709UL, 0x24121236UL, 0x1b80809bUL, 0xdfe2e23dUL,
+ 0xcdebeb26UL, 0x4e272769UL, 0x7fb2b2cdUL, 0xea75759fUL, 0x1209091bUL,
+ 0x1d83839eUL, 0x582c2c74UL, 0x341a1a2eUL, 0x361b1b2dUL, 0xdc6e6eb2UL,
+ 0xb45a5aeeUL, 0x5ba0a0fbUL, 0xa45252f6UL, 0x763b3b4dUL, 0xb7d6d661UL,
+ 0x7db3b3ceUL, 0x5229297bUL, 0xdde3e33eUL, 0x5e2f2f71UL, 0x13848497UL,
+ 0xa65353f5UL, 0xb9d1d168UL, 0x00000000UL, 0xc1eded2cUL, 0x40202060UL,
+ 0xe3fcfc1fUL, 0x79b1b1c8UL, 0xb65b5bedUL, 0xd46a6abeUL, 0x8dcbcb46UL,
+ 0x67bebed9UL, 0x7239394bUL, 0x944a4adeUL, 0x984c4cd4UL, 0xb05858e8UL,
+ 0x85cfcf4aUL, 0xbbd0d06bUL, 0xc5efef2aUL, 0x4faaaae5UL, 0xedfbfb16UL,
+ 0x864343c5UL, 0x9a4d4dd7UL, 0x66333355UL, 0x11858594UL, 0x8a4545cfUL,
+ 0xe9f9f910UL, 0x04020206UL, 0xfe7f7f81UL, 0xa05050f0UL, 0x783c3c44UL,
+ 0x259f9fbaUL, 0x4ba8a8e3UL, 0xa25151f3UL, 0x5da3a3feUL, 0x804040c0UL,
+ 0x058f8f8aUL, 0x3f9292adUL, 0x219d9dbcUL, 0x70383848UL, 0xf1f5f504UL,
+ 0x63bcbcdfUL, 0x77b6b6c1UL, 0xafdada75UL, 0x42212163UL, 0x20101030UL,
+ 0xe5ffff1aUL, 0xfdf3f30eUL, 0xbfd2d26dUL, 0x81cdcd4cUL, 0x180c0c14UL,
+ 0x26131335UL, 0xc3ecec2fUL, 0xbe5f5fe1UL, 0x359797a2UL, 0x884444ccUL,
+ 0x2e171739UL, 0x93c4c457UL, 0x55a7a7f2UL, 0xfc7e7e82UL, 0x7a3d3d47UL,
+ 0xc86464acUL, 0xba5d5de7UL, 0x3219192bUL, 0xe6737395UL, 0xc06060a0UL,
+ 0x19818198UL, 0x9e4f4fd1UL, 0xa3dcdc7fUL, 0x44222266UL, 0x542a2a7eUL,
+ 0x3b9090abUL, 0x0b888883UL, 0x8c4646caUL, 0xc7eeee29UL, 0x6bb8b8d3UL,
+ 0x2814143cUL, 0xa7dede79UL, 0xbc5e5ee2UL, 0x160b0b1dUL, 0xaddbdb76UL,
+ 0xdbe0e03bUL, 0x64323256UL, 0x743a3a4eUL, 0x140a0a1eUL, 0x924949dbUL,
+ 0x0c06060aUL, 0x4824246cUL, 0xb85c5ce4UL, 0x9fc2c25dUL, 0xbdd3d36eUL,
+ 0x43acacefUL, 0xc46262a6UL, 0x399191a8UL, 0x319595a4UL, 0xd3e4e437UL,
+ 0xf279798bUL, 0xd5e7e732UL, 0x8bc8c843UL, 0x6e373759UL, 0xda6d6db7UL,
+ 0x018d8d8cUL, 0xb1d5d564UL, 0x9c4e4ed2UL, 0x49a9a9e0UL, 0xd86c6cb4UL,
+ 0xac5656faUL, 0xf3f4f407UL, 0xcfeaea25UL, 0xca6565afUL, 0xf47a7a8eUL,
+ 0x47aeaee9UL, 0x10080818UL, 0x6fbabad5UL, 0xf0787888UL, 0x4a25256fUL,
+ 0x5c2e2e72UL, 0x381c1c24UL, 0x57a6a6f1UL, 0x73b4b4c7UL, 0x97c6c651UL,
+ 0xcbe8e823UL, 0xa1dddd7cUL, 0xe874749cUL, 0x3e1f1f21UL, 0x964b4bddUL,
+ 0x61bdbddcUL, 0x0d8b8b86UL, 0x0f8a8a85UL, 0xe0707090UL, 0x7c3e3e42UL,
+ 0x71b5b5c4UL, 0xcc6666aaUL, 0x904848d8UL, 0x06030305UL, 0xf7f6f601UL,
+ 0x1c0e0e12UL, 0xc26161a3UL, 0x6a35355fUL, 0xae5757f9UL, 0x69b9b9d0UL,
+ 0x17868691UL, 0x99c1c158UL, 0x3a1d1d27UL, 0x279e9eb9UL, 0xd9e1e138UL,
+ 0xebf8f813UL, 0x2b9898b3UL, 0x22111133UL, 0xd26969bbUL, 0xa9d9d970UL,
+ 0x078e8e89UL, 0x339494a7UL, 0x2d9b9bb6UL, 0x3c1e1e22UL, 0x15878792UL,
+ 0xc9e9e920UL, 0x87cece49UL, 0xaa5555ffUL, 0x50282878UL, 0xa5dfdf7aUL,
+ 0x038c8c8fUL, 0x59a1a1f8UL, 0x09898980UL, 0x1a0d0d17UL, 0x65bfbfdaUL,
+ 0xd7e6e631UL, 0x844242c6UL, 0xd06868b8UL, 0x824141c3UL, 0x299999b0UL,
+ 0x5a2d2d77UL, 0x1e0f0f11UL, 0x7bb0b0cbUL, 0xa85454fcUL, 0x6dbbbbd6UL,
+ 0x2c16163aUL
+};
+
+const uint32_t AES_PRECOMP_TE1[256] = {
+ 0xa5c66363UL, 0x84f87c7cUL, 0x99ee7777UL, 0x8df67b7bUL, 0x0dfff2f2UL,
+ 0xbdd66b6bUL, 0xb1de6f6fUL, 0x5491c5c5UL, 0x50603030UL, 0x03020101UL,
+ 0xa9ce6767UL, 0x7d562b2bUL, 0x19e7fefeUL, 0x62b5d7d7UL, 0xe64dababUL,
+ 0x9aec7676UL, 0x458fcacaUL, 0x9d1f8282UL, 0x4089c9c9UL, 0x87fa7d7dUL,
+ 0x15effafaUL, 0xebb25959UL, 0xc98e4747UL, 0x0bfbf0f0UL, 0xec41adadUL,
+ 0x67b3d4d4UL, 0xfd5fa2a2UL, 0xea45afafUL, 0xbf239c9cUL, 0xf753a4a4UL,
+ 0x96e47272UL, 0x5b9bc0c0UL, 0xc275b7b7UL, 0x1ce1fdfdUL, 0xae3d9393UL,
+ 0x6a4c2626UL, 0x5a6c3636UL, 0x417e3f3fUL, 0x02f5f7f7UL, 0x4f83ccccUL,
+ 0x5c683434UL, 0xf451a5a5UL, 0x34d1e5e5UL, 0x08f9f1f1UL, 0x93e27171UL,
+ 0x73abd8d8UL, 0x53623131UL, 0x3f2a1515UL, 0x0c080404UL, 0x5295c7c7UL,
+ 0x65462323UL, 0x5e9dc3c3UL, 0x28301818UL, 0xa1379696UL, 0x0f0a0505UL,
+ 0xb52f9a9aUL, 0x090e0707UL, 0x36241212UL, 0x9b1b8080UL, 0x3ddfe2e2UL,
+ 0x26cdebebUL, 0x694e2727UL, 0xcd7fb2b2UL, 0x9fea7575UL, 0x1b120909UL,
+ 0x9e1d8383UL, 0x74582c2cUL, 0x2e341a1aUL, 0x2d361b1bUL, 0xb2dc6e6eUL,
+ 0xeeb45a5aUL, 0xfb5ba0a0UL, 0xf6a45252UL, 0x4d763b3bUL, 0x61b7d6d6UL,
+ 0xce7db3b3UL, 0x7b522929UL, 0x3edde3e3UL, 0x715e2f2fUL, 0x97138484UL,
+ 0xf5a65353UL, 0x68b9d1d1UL, 0x00000000UL, 0x2cc1ededUL, 0x60402020UL,
+ 0x1fe3fcfcUL, 0xc879b1b1UL, 0xedb65b5bUL, 0xbed46a6aUL, 0x468dcbcbUL,
+ 0xd967bebeUL, 0x4b723939UL, 0xde944a4aUL, 0xd4984c4cUL, 0xe8b05858UL,
+ 0x4a85cfcfUL, 0x6bbbd0d0UL, 0x2ac5efefUL, 0xe54faaaaUL, 0x16edfbfbUL,
+ 0xc5864343UL, 0xd79a4d4dUL, 0x55663333UL, 0x94118585UL, 0xcf8a4545UL,
+ 0x10e9f9f9UL, 0x06040202UL, 0x81fe7f7fUL, 0xf0a05050UL, 0x44783c3cUL,
+ 0xba259f9fUL, 0xe34ba8a8UL, 0xf3a25151UL, 0xfe5da3a3UL, 0xc0804040UL,
+ 0x8a058f8fUL, 0xad3f9292UL, 0xbc219d9dUL, 0x48703838UL, 0x04f1f5f5UL,
+ 0xdf63bcbcUL, 0xc177b6b6UL, 0x75afdadaUL, 0x63422121UL, 0x30201010UL,
+ 0x1ae5ffffUL, 0x0efdf3f3UL, 0x6dbfd2d2UL, 0x4c81cdcdUL, 0x14180c0cUL,
+ 0x35261313UL, 0x2fc3ececUL, 0xe1be5f5fUL, 0xa2359797UL, 0xcc884444UL,
+ 0x392e1717UL, 0x5793c4c4UL, 0xf255a7a7UL, 0x82fc7e7eUL, 0x477a3d3dUL,
+ 0xacc86464UL, 0xe7ba5d5dUL, 0x2b321919UL, 0x95e67373UL, 0xa0c06060UL,
+ 0x98198181UL, 0xd19e4f4fUL, 0x7fa3dcdcUL, 0x66442222UL, 0x7e542a2aUL,
+ 0xab3b9090UL, 0x830b8888UL, 0xca8c4646UL, 0x29c7eeeeUL, 0xd36bb8b8UL,
+ 0x3c281414UL, 0x79a7dedeUL, 0xe2bc5e5eUL, 0x1d160b0bUL, 0x76addbdbUL,
+ 0x3bdbe0e0UL, 0x56643232UL, 0x4e743a3aUL, 0x1e140a0aUL, 0xdb924949UL,
+ 0x0a0c0606UL, 0x6c482424UL, 0xe4b85c5cUL, 0x5d9fc2c2UL, 0x6ebdd3d3UL,
+ 0xef43acacUL, 0xa6c46262UL, 0xa8399191UL, 0xa4319595UL, 0x37d3e4e4UL,
+ 0x8bf27979UL, 0x32d5e7e7UL, 0x438bc8c8UL, 0x596e3737UL, 0xb7da6d6dUL,
+ 0x8c018d8dUL, 0x64b1d5d5UL, 0xd29c4e4eUL, 0xe049a9a9UL, 0xb4d86c6cUL,
+ 0xfaac5656UL, 0x07f3f4f4UL, 0x25cfeaeaUL, 0xafca6565UL, 0x8ef47a7aUL,
+ 0xe947aeaeUL, 0x18100808UL, 0xd56fbabaUL, 0x88f07878UL, 0x6f4a2525UL,
+ 0x725c2e2eUL, 0x24381c1cUL, 0xf157a6a6UL, 0xc773b4b4UL, 0x5197c6c6UL,
+ 0x23cbe8e8UL, 0x7ca1ddddUL, 0x9ce87474UL, 0x213e1f1fUL, 0xdd964b4bUL,
+ 0xdc61bdbdUL, 0x860d8b8bUL, 0x850f8a8aUL, 0x90e07070UL, 0x427c3e3eUL,
+ 0xc471b5b5UL, 0xaacc6666UL, 0xd8904848UL, 0x05060303UL, 0x01f7f6f6UL,
+ 0x121c0e0eUL, 0xa3c26161UL, 0x5f6a3535UL, 0xf9ae5757UL, 0xd069b9b9UL,
+ 0x91178686UL, 0x5899c1c1UL, 0x273a1d1dUL, 0xb9279e9eUL, 0x38d9e1e1UL,
+ 0x13ebf8f8UL, 0xb32b9898UL, 0x33221111UL, 0xbbd26969UL, 0x70a9d9d9UL,
+ 0x89078e8eUL, 0xa7339494UL, 0xb62d9b9bUL, 0x223c1e1eUL, 0x92158787UL,
+ 0x20c9e9e9UL, 0x4987ceceUL, 0xffaa5555UL, 0x78502828UL, 0x7aa5dfdfUL,
+ 0x8f038c8cUL, 0xf859a1a1UL, 0x80098989UL, 0x171a0d0dUL, 0xda65bfbfUL,
+ 0x31d7e6e6UL, 0xc6844242UL, 0xb8d06868UL, 0xc3824141UL, 0xb0299999UL,
+ 0x775a2d2dUL, 0x111e0f0fUL, 0xcb7bb0b0UL, 0xfca85454UL, 0xd66dbbbbUL,
+ 0x3a2c1616UL
+};
+
+const uint32_t AES_PRECOMP_TE2[256] = {
+ 0x63a5c663UL, 0x7c84f87cUL, 0x7799ee77UL, 0x7b8df67bUL, 0xf20dfff2UL,
+ 0x6bbdd66bUL, 0x6fb1de6fUL, 0xc55491c5UL, 0x30506030UL, 0x01030201UL,
+ 0x67a9ce67UL, 0x2b7d562bUL, 0xfe19e7feUL, 0xd762b5d7UL, 0xabe64dabUL,
+ 0x769aec76UL, 0xca458fcaUL, 0x829d1f82UL, 0xc94089c9UL, 0x7d87fa7dUL,
+ 0xfa15effaUL, 0x59ebb259UL, 0x47c98e47UL, 0xf00bfbf0UL, 0xadec41adUL,
+ 0xd467b3d4UL, 0xa2fd5fa2UL, 0xafea45afUL, 0x9cbf239cUL, 0xa4f753a4UL,
+ 0x7296e472UL, 0xc05b9bc0UL, 0xb7c275b7UL, 0xfd1ce1fdUL, 0x93ae3d93UL,
+ 0x266a4c26UL, 0x365a6c36UL, 0x3f417e3fUL, 0xf702f5f7UL, 0xcc4f83ccUL,
+ 0x345c6834UL, 0xa5f451a5UL, 0xe534d1e5UL, 0xf108f9f1UL, 0x7193e271UL,
+ 0xd873abd8UL, 0x31536231UL, 0x153f2a15UL, 0x040c0804UL, 0xc75295c7UL,
+ 0x23654623UL, 0xc35e9dc3UL, 0x18283018UL, 0x96a13796UL, 0x050f0a05UL,
+ 0x9ab52f9aUL, 0x07090e07UL, 0x12362412UL, 0x809b1b80UL, 0xe23ddfe2UL,
+ 0xeb26cdebUL, 0x27694e27UL, 0xb2cd7fb2UL, 0x759fea75UL, 0x091b1209UL,
+ 0x839e1d83UL, 0x2c74582cUL, 0x1a2e341aUL, 0x1b2d361bUL, 0x6eb2dc6eUL,
+ 0x5aeeb45aUL, 0xa0fb5ba0UL, 0x52f6a452UL, 0x3b4d763bUL, 0xd661b7d6UL,
+ 0xb3ce7db3UL, 0x297b5229UL, 0xe33edde3UL, 0x2f715e2fUL, 0x84971384UL,
+ 0x53f5a653UL, 0xd168b9d1UL, 0x00000000UL, 0xed2cc1edUL, 0x20604020UL,
+ 0xfc1fe3fcUL, 0xb1c879b1UL, 0x5bedb65bUL, 0x6abed46aUL, 0xcb468dcbUL,
+ 0xbed967beUL, 0x394b7239UL, 0x4ade944aUL, 0x4cd4984cUL, 0x58e8b058UL,
+ 0xcf4a85cfUL, 0xd06bbbd0UL, 0xef2ac5efUL, 0xaae54faaUL, 0xfb16edfbUL,
+ 0x43c58643UL, 0x4dd79a4dUL, 0x33556633UL, 0x85941185UL, 0x45cf8a45UL,
+ 0xf910e9f9UL, 0x02060402UL, 0x7f81fe7fUL, 0x50f0a050UL, 0x3c44783cUL,
+ 0x9fba259fUL, 0xa8e34ba8UL, 0x51f3a251UL, 0xa3fe5da3UL, 0x40c08040UL,
+ 0x8f8a058fUL, 0x92ad3f92UL, 0x9dbc219dUL, 0x38487038UL, 0xf504f1f5UL,
+ 0xbcdf63bcUL, 0xb6c177b6UL, 0xda75afdaUL, 0x21634221UL, 0x10302010UL,
+ 0xff1ae5ffUL, 0xf30efdf3UL, 0xd26dbfd2UL, 0xcd4c81cdUL, 0x0c14180cUL,
+ 0x13352613UL, 0xec2fc3ecUL, 0x5fe1be5fUL, 0x97a23597UL, 0x44cc8844UL,
+ 0x17392e17UL, 0xc45793c4UL, 0xa7f255a7UL, 0x7e82fc7eUL, 0x3d477a3dUL,
+ 0x64acc864UL, 0x5de7ba5dUL, 0x192b3219UL, 0x7395e673UL, 0x60a0c060UL,
+ 0x81981981UL, 0x4fd19e4fUL, 0xdc7fa3dcUL, 0x22664422UL, 0x2a7e542aUL,
+ 0x90ab3b90UL, 0x88830b88UL, 0x46ca8c46UL, 0xee29c7eeUL, 0xb8d36bb8UL,
+ 0x143c2814UL, 0xde79a7deUL, 0x5ee2bc5eUL, 0x0b1d160bUL, 0xdb76addbUL,
+ 0xe03bdbe0UL, 0x32566432UL, 0x3a4e743aUL, 0x0a1e140aUL, 0x49db9249UL,
+ 0x060a0c06UL, 0x246c4824UL, 0x5ce4b85cUL, 0xc25d9fc2UL, 0xd36ebdd3UL,
+ 0xacef43acUL, 0x62a6c462UL, 0x91a83991UL, 0x95a43195UL, 0xe437d3e4UL,
+ 0x798bf279UL, 0xe732d5e7UL, 0xc8438bc8UL, 0x37596e37UL, 0x6db7da6dUL,
+ 0x8d8c018dUL, 0xd564b1d5UL, 0x4ed29c4eUL, 0xa9e049a9UL, 0x6cb4d86cUL,
+ 0x56faac56UL, 0xf407f3f4UL, 0xea25cfeaUL, 0x65afca65UL, 0x7a8ef47aUL,
+ 0xaee947aeUL, 0x08181008UL, 0xbad56fbaUL, 0x7888f078UL, 0x256f4a25UL,
+ 0x2e725c2eUL, 0x1c24381cUL, 0xa6f157a6UL, 0xb4c773b4UL, 0xc65197c6UL,
+ 0xe823cbe8UL, 0xdd7ca1ddUL, 0x749ce874UL, 0x1f213e1fUL, 0x4bdd964bUL,
+ 0xbddc61bdUL, 0x8b860d8bUL, 0x8a850f8aUL, 0x7090e070UL, 0x3e427c3eUL,
+ 0xb5c471b5UL, 0x66aacc66UL, 0x48d89048UL, 0x03050603UL, 0xf601f7f6UL,
+ 0x0e121c0eUL, 0x61a3c261UL, 0x355f6a35UL, 0x57f9ae57UL, 0xb9d069b9UL,
+ 0x86911786UL, 0xc15899c1UL, 0x1d273a1dUL, 0x9eb9279eUL, 0xe138d9e1UL,
+ 0xf813ebf8UL, 0x98b32b98UL, 0x11332211UL, 0x69bbd269UL, 0xd970a9d9UL,
+ 0x8e89078eUL, 0x94a73394UL, 0x9bb62d9bUL, 0x1e223c1eUL, 0x87921587UL,
+ 0xe920c9e9UL, 0xce4987ceUL, 0x55ffaa55UL, 0x28785028UL, 0xdf7aa5dfUL,
+ 0x8c8f038cUL, 0xa1f859a1UL, 0x89800989UL, 0x0d171a0dUL, 0xbfda65bfUL,
+ 0xe631d7e6UL, 0x42c68442UL, 0x68b8d068UL, 0x41c38241UL, 0x99b02999UL,
+ 0x2d775a2dUL, 0x0f111e0fUL, 0xb0cb7bb0UL, 0x54fca854UL, 0xbbd66dbbUL,
+ 0x163a2c16UL
+};
+
+const uint32_t AES_PRECOMP_TE3[256] = {
+ 0x6363a5c6UL, 0x7c7c84f8UL, 0x777799eeUL, 0x7b7b8df6UL, 0xf2f20dffUL,
+ 0x6b6bbdd6UL, 0x6f6fb1deUL, 0xc5c55491UL, 0x30305060UL, 0x01010302UL,
+ 0x6767a9ceUL, 0x2b2b7d56UL, 0xfefe19e7UL, 0xd7d762b5UL, 0xababe64dUL,
+ 0x76769aecUL, 0xcaca458fUL, 0x82829d1fUL, 0xc9c94089UL, 0x7d7d87faUL,
+ 0xfafa15efUL, 0x5959ebb2UL, 0x4747c98eUL, 0xf0f00bfbUL, 0xadadec41UL,
+ 0xd4d467b3UL, 0xa2a2fd5fUL, 0xafafea45UL, 0x9c9cbf23UL, 0xa4a4f753UL,
+ 0x727296e4UL, 0xc0c05b9bUL, 0xb7b7c275UL, 0xfdfd1ce1UL, 0x9393ae3dUL,
+ 0x26266a4cUL, 0x36365a6cUL, 0x3f3f417eUL, 0xf7f702f5UL, 0xcccc4f83UL,
+ 0x34345c68UL, 0xa5a5f451UL, 0xe5e534d1UL, 0xf1f108f9UL, 0x717193e2UL,
+ 0xd8d873abUL, 0x31315362UL, 0x15153f2aUL, 0x04040c08UL, 0xc7c75295UL,
+ 0x23236546UL, 0xc3c35e9dUL, 0x18182830UL, 0x9696a137UL, 0x05050f0aUL,
+ 0x9a9ab52fUL, 0x0707090eUL, 0x12123624UL, 0x80809b1bUL, 0xe2e23ddfUL,
+ 0xebeb26cdUL, 0x2727694eUL, 0xb2b2cd7fUL, 0x75759feaUL, 0x09091b12UL,
+ 0x83839e1dUL, 0x2c2c7458UL, 0x1a1a2e34UL, 0x1b1b2d36UL, 0x6e6eb2dcUL,
+ 0x5a5aeeb4UL, 0xa0a0fb5bUL, 0x5252f6a4UL, 0x3b3b4d76UL, 0xd6d661b7UL,
+ 0xb3b3ce7dUL, 0x29297b52UL, 0xe3e33eddUL, 0x2f2f715eUL, 0x84849713UL,
+ 0x5353f5a6UL, 0xd1d168b9UL, 0x00000000UL, 0xeded2cc1UL, 0x20206040UL,
+ 0xfcfc1fe3UL, 0xb1b1c879UL, 0x5b5bedb6UL, 0x6a6abed4UL, 0xcbcb468dUL,
+ 0xbebed967UL, 0x39394b72UL, 0x4a4ade94UL, 0x4c4cd498UL, 0x5858e8b0UL,
+ 0xcfcf4a85UL, 0xd0d06bbbUL, 0xefef2ac5UL, 0xaaaae54fUL, 0xfbfb16edUL,
+ 0x4343c586UL, 0x4d4dd79aUL, 0x33335566UL, 0x85859411UL, 0x4545cf8aUL,
+ 0xf9f910e9UL, 0x02020604UL, 0x7f7f81feUL, 0x5050f0a0UL, 0x3c3c4478UL,
+ 0x9f9fba25UL, 0xa8a8e34bUL, 0x5151f3a2UL, 0xa3a3fe5dUL, 0x4040c080UL,
+ 0x8f8f8a05UL, 0x9292ad3fUL, 0x9d9dbc21UL, 0x38384870UL, 0xf5f504f1UL,
+ 0xbcbcdf63UL, 0xb6b6c177UL, 0xdada75afUL, 0x21216342UL, 0x10103020UL,
+ 0xffff1ae5UL, 0xf3f30efdUL, 0xd2d26dbfUL, 0xcdcd4c81UL, 0x0c0c1418UL,
+ 0x13133526UL, 0xecec2fc3UL, 0x5f5fe1beUL, 0x9797a235UL, 0x4444cc88UL,
+ 0x1717392eUL, 0xc4c45793UL, 0xa7a7f255UL, 0x7e7e82fcUL, 0x3d3d477aUL,
+ 0x6464acc8UL, 0x5d5de7baUL, 0x19192b32UL, 0x737395e6UL, 0x6060a0c0UL,
+ 0x81819819UL, 0x4f4fd19eUL, 0xdcdc7fa3UL, 0x22226644UL, 0x2a2a7e54UL,
+ 0x9090ab3bUL, 0x8888830bUL, 0x4646ca8cUL, 0xeeee29c7UL, 0xb8b8d36bUL,
+ 0x14143c28UL, 0xdede79a7UL, 0x5e5ee2bcUL, 0x0b0b1d16UL, 0xdbdb76adUL,
+ 0xe0e03bdbUL, 0x32325664UL, 0x3a3a4e74UL, 0x0a0a1e14UL, 0x4949db92UL,
+ 0x06060a0cUL, 0x24246c48UL, 0x5c5ce4b8UL, 0xc2c25d9fUL, 0xd3d36ebdUL,
+ 0xacacef43UL, 0x6262a6c4UL, 0x9191a839UL, 0x9595a431UL, 0xe4e437d3UL,
+ 0x79798bf2UL, 0xe7e732d5UL, 0xc8c8438bUL, 0x3737596eUL, 0x6d6db7daUL,
+ 0x8d8d8c01UL, 0xd5d564b1UL, 0x4e4ed29cUL, 0xa9a9e049UL, 0x6c6cb4d8UL,
+ 0x5656faacUL, 0xf4f407f3UL, 0xeaea25cfUL, 0x6565afcaUL, 0x7a7a8ef4UL,
+ 0xaeaee947UL, 0x08081810UL, 0xbabad56fUL, 0x787888f0UL, 0x25256f4aUL,
+ 0x2e2e725cUL, 0x1c1c2438UL, 0xa6a6f157UL, 0xb4b4c773UL, 0xc6c65197UL,
+ 0xe8e823cbUL, 0xdddd7ca1UL, 0x74749ce8UL, 0x1f1f213eUL, 0x4b4bdd96UL,
+ 0xbdbddc61UL, 0x8b8b860dUL, 0x8a8a850fUL, 0x707090e0UL, 0x3e3e427cUL,
+ 0xb5b5c471UL, 0x6666aaccUL, 0x4848d890UL, 0x03030506UL, 0xf6f601f7UL,
+ 0x0e0e121cUL, 0x6161a3c2UL, 0x35355f6aUL, 0x5757f9aeUL, 0xb9b9d069UL,
+ 0x86869117UL, 0xc1c15899UL, 0x1d1d273aUL, 0x9e9eb927UL, 0xe1e138d9UL,
+ 0xf8f813ebUL, 0x9898b32bUL, 0x11113322UL, 0x6969bbd2UL, 0xd9d970a9UL,
+ 0x8e8e8907UL, 0x9494a733UL, 0x9b9bb62dUL, 0x1e1e223cUL, 0x87879215UL,
+ 0xe9e920c9UL, 0xcece4987UL, 0x5555ffaaUL, 0x28287850UL, 0xdfdf7aa5UL,
+ 0x8c8c8f03UL, 0xa1a1f859UL, 0x89898009UL, 0x0d0d171aUL, 0xbfbfda65UL,
+ 0xe6e631d7UL, 0x4242c684UL, 0x6868b8d0UL, 0x4141c382UL, 0x9999b029UL,
+ 0x2d2d775aUL, 0x0f0f111eUL, 0xb0b0cb7bUL, 0x5454fca8UL, 0xbbbbd66dUL,
+ 0x16163a2cUL
+};
+
+const uint32_t AES_PRECOMP_TE4_0[256] = {
+ 0x00000063UL, 0x0000007cUL, 0x00000077UL, 0x0000007bUL, 0x000000f2UL,
+ 0x0000006bUL, 0x0000006fUL, 0x000000c5UL, 0x00000030UL, 0x00000001UL,
+ 0x00000067UL, 0x0000002bUL, 0x000000feUL, 0x000000d7UL, 0x000000abUL,
+ 0x00000076UL, 0x000000caUL, 0x00000082UL, 0x000000c9UL, 0x0000007dUL,
+ 0x000000faUL, 0x00000059UL, 0x00000047UL, 0x000000f0UL, 0x000000adUL,
+ 0x000000d4UL, 0x000000a2UL, 0x000000afUL, 0x0000009cUL, 0x000000a4UL,
+ 0x00000072UL, 0x000000c0UL, 0x000000b7UL, 0x000000fdUL, 0x00000093UL,
+ 0x00000026UL, 0x00000036UL, 0x0000003fUL, 0x000000f7UL, 0x000000ccUL,
+ 0x00000034UL, 0x000000a5UL, 0x000000e5UL, 0x000000f1UL, 0x00000071UL,
+ 0x000000d8UL, 0x00000031UL, 0x00000015UL, 0x00000004UL, 0x000000c7UL,
+ 0x00000023UL, 0x000000c3UL, 0x00000018UL, 0x00000096UL, 0x00000005UL,
+ 0x0000009aUL, 0x00000007UL, 0x00000012UL, 0x00000080UL, 0x000000e2UL,
+ 0x000000ebUL, 0x00000027UL, 0x000000b2UL, 0x00000075UL, 0x00000009UL,
+ 0x00000083UL, 0x0000002cUL, 0x0000001aUL, 0x0000001bUL, 0x0000006eUL,
+ 0x0000005aUL, 0x000000a0UL, 0x00000052UL, 0x0000003bUL, 0x000000d6UL,
+ 0x000000b3UL, 0x00000029UL, 0x000000e3UL, 0x0000002fUL, 0x00000084UL,
+ 0x00000053UL, 0x000000d1UL, 0x00000000UL, 0x000000edUL, 0x00000020UL,
+ 0x000000fcUL, 0x000000b1UL, 0x0000005bUL, 0x0000006aUL, 0x000000cbUL,
+ 0x000000beUL, 0x00000039UL, 0x0000004aUL, 0x0000004cUL, 0x00000058UL,
+ 0x000000cfUL, 0x000000d0UL, 0x000000efUL, 0x000000aaUL, 0x000000fbUL,
+ 0x00000043UL, 0x0000004dUL, 0x00000033UL, 0x00000085UL, 0x00000045UL,
+ 0x000000f9UL, 0x00000002UL, 0x0000007fUL, 0x00000050UL, 0x0000003cUL,
+ 0x0000009fUL, 0x000000a8UL, 0x00000051UL, 0x000000a3UL, 0x00000040UL,
+ 0x0000008fUL, 0x00000092UL, 0x0000009dUL, 0x00000038UL, 0x000000f5UL,
+ 0x000000bcUL, 0x000000b6UL, 0x000000daUL, 0x00000021UL, 0x00000010UL,
+ 0x000000ffUL, 0x000000f3UL, 0x000000d2UL, 0x000000cdUL, 0x0000000cUL,
+ 0x00000013UL, 0x000000ecUL, 0x0000005fUL, 0x00000097UL, 0x00000044UL,
+ 0x00000017UL, 0x000000c4UL, 0x000000a7UL, 0x0000007eUL, 0x0000003dUL,
+ 0x00000064UL, 0x0000005dUL, 0x00000019UL, 0x00000073UL, 0x00000060UL,
+ 0x00000081UL, 0x0000004fUL, 0x000000dcUL, 0x00000022UL, 0x0000002aUL,
+ 0x00000090UL, 0x00000088UL, 0x00000046UL, 0x000000eeUL, 0x000000b8UL,
+ 0x00000014UL, 0x000000deUL, 0x0000005eUL, 0x0000000bUL, 0x000000dbUL,
+ 0x000000e0UL, 0x00000032UL, 0x0000003aUL, 0x0000000aUL, 0x00000049UL,
+ 0x00000006UL, 0x00000024UL, 0x0000005cUL, 0x000000c2UL, 0x000000d3UL,
+ 0x000000acUL, 0x00000062UL, 0x00000091UL, 0x00000095UL, 0x000000e4UL,
+ 0x00000079UL, 0x000000e7UL, 0x000000c8UL, 0x00000037UL, 0x0000006dUL,
+ 0x0000008dUL, 0x000000d5UL, 0x0000004eUL, 0x000000a9UL, 0x0000006cUL,
+ 0x00000056UL, 0x000000f4UL, 0x000000eaUL, 0x00000065UL, 0x0000007aUL,
+ 0x000000aeUL, 0x00000008UL, 0x000000baUL, 0x00000078UL, 0x00000025UL,
+ 0x0000002eUL, 0x0000001cUL, 0x000000a6UL, 0x000000b4UL, 0x000000c6UL,
+ 0x000000e8UL, 0x000000ddUL, 0x00000074UL, 0x0000001fUL, 0x0000004bUL,
+ 0x000000bdUL, 0x0000008bUL, 0x0000008aUL, 0x00000070UL, 0x0000003eUL,
+ 0x000000b5UL, 0x00000066UL, 0x00000048UL, 0x00000003UL, 0x000000f6UL,
+ 0x0000000eUL, 0x00000061UL, 0x00000035UL, 0x00000057UL, 0x000000b9UL,
+ 0x00000086UL, 0x000000c1UL, 0x0000001dUL, 0x0000009eUL, 0x000000e1UL,
+ 0x000000f8UL, 0x00000098UL, 0x00000011UL, 0x00000069UL, 0x000000d9UL,
+ 0x0000008eUL, 0x00000094UL, 0x0000009bUL, 0x0000001eUL, 0x00000087UL,
+ 0x000000e9UL, 0x000000ceUL, 0x00000055UL, 0x00000028UL, 0x000000dfUL,
+ 0x0000008cUL, 0x000000a1UL, 0x00000089UL, 0x0000000dUL, 0x000000bfUL,
+ 0x000000e6UL, 0x00000042UL, 0x00000068UL, 0x00000041UL, 0x00000099UL,
+ 0x0000002dUL, 0x0000000fUL, 0x000000b0UL, 0x00000054UL, 0x000000bbUL,
+ 0x00000016UL
+};
+
+const uint32_t AES_PRECOMP_TE4_1[256] = {
+ 0x00006300UL, 0x00007c00UL, 0x00007700UL, 0x00007b00UL, 0x0000f200UL,
+ 0x00006b00UL, 0x00006f00UL, 0x0000c500UL, 0x00003000UL, 0x00000100UL,
+ 0x00006700UL, 0x00002b00UL, 0x0000fe00UL, 0x0000d700UL, 0x0000ab00UL,
+ 0x00007600UL, 0x0000ca00UL, 0x00008200UL, 0x0000c900UL, 0x00007d00UL,
+ 0x0000fa00UL, 0x00005900UL, 0x00004700UL, 0x0000f000UL, 0x0000ad00UL,
+ 0x0000d400UL, 0x0000a200UL, 0x0000af00UL, 0x00009c00UL, 0x0000a400UL,
+ 0x00007200UL, 0x0000c000UL, 0x0000b700UL, 0x0000fd00UL, 0x00009300UL,
+ 0x00002600UL, 0x00003600UL, 0x00003f00UL, 0x0000f700UL, 0x0000cc00UL,
+ 0x00003400UL, 0x0000a500UL, 0x0000e500UL, 0x0000f100UL, 0x00007100UL,
+ 0x0000d800UL, 0x00003100UL, 0x00001500UL, 0x00000400UL, 0x0000c700UL,
+ 0x00002300UL, 0x0000c300UL, 0x00001800UL, 0x00009600UL, 0x00000500UL,
+ 0x00009a00UL, 0x00000700UL, 0x00001200UL, 0x00008000UL, 0x0000e200UL,
+ 0x0000eb00UL, 0x00002700UL, 0x0000b200UL, 0x00007500UL, 0x00000900UL,
+ 0x00008300UL, 0x00002c00UL, 0x00001a00UL, 0x00001b00UL, 0x00006e00UL,
+ 0x00005a00UL, 0x0000a000UL, 0x00005200UL, 0x00003b00UL, 0x0000d600UL,
+ 0x0000b300UL, 0x00002900UL, 0x0000e300UL, 0x00002f00UL, 0x00008400UL,
+ 0x00005300UL, 0x0000d100UL, 0x00000000UL, 0x0000ed00UL, 0x00002000UL,
+ 0x0000fc00UL, 0x0000b100UL, 0x00005b00UL, 0x00006a00UL, 0x0000cb00UL,
+ 0x0000be00UL, 0x00003900UL, 0x00004a00UL, 0x00004c00UL, 0x00005800UL,
+ 0x0000cf00UL, 0x0000d000UL, 0x0000ef00UL, 0x0000aa00UL, 0x0000fb00UL,
+ 0x00004300UL, 0x00004d00UL, 0x00003300UL, 0x00008500UL, 0x00004500UL,
+ 0x0000f900UL, 0x00000200UL, 0x00007f00UL, 0x00005000UL, 0x00003c00UL,
+ 0x00009f00UL, 0x0000a800UL, 0x00005100UL, 0x0000a300UL, 0x00004000UL,
+ 0x00008f00UL, 0x00009200UL, 0x00009d00UL, 0x00003800UL, 0x0000f500UL,
+ 0x0000bc00UL, 0x0000b600UL, 0x0000da00UL, 0x00002100UL, 0x00001000UL,
+ 0x0000ff00UL, 0x0000f300UL, 0x0000d200UL, 0x0000cd00UL, 0x00000c00UL,
+ 0x00001300UL, 0x0000ec00UL, 0x00005f00UL, 0x00009700UL, 0x00004400UL,
+ 0x00001700UL, 0x0000c400UL, 0x0000a700UL, 0x00007e00UL, 0x00003d00UL,
+ 0x00006400UL, 0x00005d00UL, 0x00001900UL, 0x00007300UL, 0x00006000UL,
+ 0x00008100UL, 0x00004f00UL, 0x0000dc00UL, 0x00002200UL, 0x00002a00UL,
+ 0x00009000UL, 0x00008800UL, 0x00004600UL, 0x0000ee00UL, 0x0000b800UL,
+ 0x00001400UL, 0x0000de00UL, 0x00005e00UL, 0x00000b00UL, 0x0000db00UL,
+ 0x0000e000UL, 0x00003200UL, 0x00003a00UL, 0x00000a00UL, 0x00004900UL,
+ 0x00000600UL, 0x00002400UL, 0x00005c00UL, 0x0000c200UL, 0x0000d300UL,
+ 0x0000ac00UL, 0x00006200UL, 0x00009100UL, 0x00009500UL, 0x0000e400UL,
+ 0x00007900UL, 0x0000e700UL, 0x0000c800UL, 0x00003700UL, 0x00006d00UL,
+ 0x00008d00UL, 0x0000d500UL, 0x00004e00UL, 0x0000a900UL, 0x00006c00UL,
+ 0x00005600UL, 0x0000f400UL, 0x0000ea00UL, 0x00006500UL, 0x00007a00UL,
+ 0x0000ae00UL, 0x00000800UL, 0x0000ba00UL, 0x00007800UL, 0x00002500UL,
+ 0x00002e00UL, 0x00001c00UL, 0x0000a600UL, 0x0000b400UL, 0x0000c600UL,
+ 0x0000e800UL, 0x0000dd00UL, 0x00007400UL, 0x00001f00UL, 0x00004b00UL,
+ 0x0000bd00UL, 0x00008b00UL, 0x00008a00UL, 0x00007000UL, 0x00003e00UL,
+ 0x0000b500UL, 0x00006600UL, 0x00004800UL, 0x00000300UL, 0x0000f600UL,
+ 0x00000e00UL, 0x00006100UL, 0x00003500UL, 0x00005700UL, 0x0000b900UL,
+ 0x00008600UL, 0x0000c100UL, 0x00001d00UL, 0x00009e00UL, 0x0000e100UL,
+ 0x0000f800UL, 0x00009800UL, 0x00001100UL, 0x00006900UL, 0x0000d900UL,
+ 0x00008e00UL, 0x00009400UL, 0x00009b00UL, 0x00001e00UL, 0x00008700UL,
+ 0x0000e900UL, 0x0000ce00UL, 0x00005500UL, 0x00002800UL, 0x0000df00UL,
+ 0x00008c00UL, 0x0000a100UL, 0x00008900UL, 0x00000d00UL, 0x0000bf00UL,
+ 0x0000e600UL, 0x00004200UL, 0x00006800UL, 0x00004100UL, 0x00009900UL,
+ 0x00002d00UL, 0x00000f00UL, 0x0000b000UL, 0x00005400UL, 0x0000bb00UL,
+ 0x00001600UL
+};
+
+const uint32_t AES_PRECOMP_TE4_2[256] = {
+ 0x00630000UL, 0x007c0000UL, 0x00770000UL, 0x007b0000UL, 0x00f20000UL,
+ 0x006b0000UL, 0x006f0000UL, 0x00c50000UL, 0x00300000UL, 0x00010000UL,
+ 0x00670000UL, 0x002b0000UL, 0x00fe0000UL, 0x00d70000UL, 0x00ab0000UL,
+ 0x00760000UL, 0x00ca0000UL, 0x00820000UL, 0x00c90000UL, 0x007d0000UL,
+ 0x00fa0000UL, 0x00590000UL, 0x00470000UL, 0x00f00000UL, 0x00ad0000UL,
+ 0x00d40000UL, 0x00a20000UL, 0x00af0000UL, 0x009c0000UL, 0x00a40000UL,
+ 0x00720000UL, 0x00c00000UL, 0x00b70000UL, 0x00fd0000UL, 0x00930000UL,
+ 0x00260000UL, 0x00360000UL, 0x003f0000UL, 0x00f70000UL, 0x00cc0000UL,
+ 0x00340000UL, 0x00a50000UL, 0x00e50000UL, 0x00f10000UL, 0x00710000UL,
+ 0x00d80000UL, 0x00310000UL, 0x00150000UL, 0x00040000UL, 0x00c70000UL,
+ 0x00230000UL, 0x00c30000UL, 0x00180000UL, 0x00960000UL, 0x00050000UL,
+ 0x009a0000UL, 0x00070000UL, 0x00120000UL, 0x00800000UL, 0x00e20000UL,
+ 0x00eb0000UL, 0x00270000UL, 0x00b20000UL, 0x00750000UL, 0x00090000UL,
+ 0x00830000UL, 0x002c0000UL, 0x001a0000UL, 0x001b0000UL, 0x006e0000UL,
+ 0x005a0000UL, 0x00a00000UL, 0x00520000UL, 0x003b0000UL, 0x00d60000UL,
+ 0x00b30000UL, 0x00290000UL, 0x00e30000UL, 0x002f0000UL, 0x00840000UL,
+ 0x00530000UL, 0x00d10000UL, 0x00000000UL, 0x00ed0000UL, 0x00200000UL,
+ 0x00fc0000UL, 0x00b10000UL, 0x005b0000UL, 0x006a0000UL, 0x00cb0000UL,
+ 0x00be0000UL, 0x00390000UL, 0x004a0000UL, 0x004c0000UL, 0x00580000UL,
+ 0x00cf0000UL, 0x00d00000UL, 0x00ef0000UL, 0x00aa0000UL, 0x00fb0000UL,
+ 0x00430000UL, 0x004d0000UL, 0x00330000UL, 0x00850000UL, 0x00450000UL,
+ 0x00f90000UL, 0x00020000UL, 0x007f0000UL, 0x00500000UL, 0x003c0000UL,
+ 0x009f0000UL, 0x00a80000UL, 0x00510000UL, 0x00a30000UL, 0x00400000UL,
+ 0x008f0000UL, 0x00920000UL, 0x009d0000UL, 0x00380000UL, 0x00f50000UL,
+ 0x00bc0000UL, 0x00b60000UL, 0x00da0000UL, 0x00210000UL, 0x00100000UL,
+ 0x00ff0000UL, 0x00f30000UL, 0x00d20000UL, 0x00cd0000UL, 0x000c0000UL,
+ 0x00130000UL, 0x00ec0000UL, 0x005f0000UL, 0x00970000UL, 0x00440000UL,
+ 0x00170000UL, 0x00c40000UL, 0x00a70000UL, 0x007e0000UL, 0x003d0000UL,
+ 0x00640000UL, 0x005d0000UL, 0x00190000UL, 0x00730000UL, 0x00600000UL,
+ 0x00810000UL, 0x004f0000UL, 0x00dc0000UL, 0x00220000UL, 0x002a0000UL,
+ 0x00900000UL, 0x00880000UL, 0x00460000UL, 0x00ee0000UL, 0x00b80000UL,
+ 0x00140000UL, 0x00de0000UL, 0x005e0000UL, 0x000b0000UL, 0x00db0000UL,
+ 0x00e00000UL, 0x00320000UL, 0x003a0000UL, 0x000a0000UL, 0x00490000UL,
+ 0x00060000UL, 0x00240000UL, 0x005c0000UL, 0x00c20000UL, 0x00d30000UL,
+ 0x00ac0000UL, 0x00620000UL, 0x00910000UL, 0x00950000UL, 0x00e40000UL,
+ 0x00790000UL, 0x00e70000UL, 0x00c80000UL, 0x00370000UL, 0x006d0000UL,
+ 0x008d0000UL, 0x00d50000UL, 0x004e0000UL, 0x00a90000UL, 0x006c0000UL,
+ 0x00560000UL, 0x00f40000UL, 0x00ea0000UL, 0x00650000UL, 0x007a0000UL,
+ 0x00ae0000UL, 0x00080000UL, 0x00ba0000UL, 0x00780000UL, 0x00250000UL,
+ 0x002e0000UL, 0x001c0000UL, 0x00a60000UL, 0x00b40000UL, 0x00c60000UL,
+ 0x00e80000UL, 0x00dd0000UL, 0x00740000UL, 0x001f0000UL, 0x004b0000UL,
+ 0x00bd0000UL, 0x008b0000UL, 0x008a0000UL, 0x00700000UL, 0x003e0000UL,
+ 0x00b50000UL, 0x00660000UL, 0x00480000UL, 0x00030000UL, 0x00f60000UL,
+ 0x000e0000UL, 0x00610000UL, 0x00350000UL, 0x00570000UL, 0x00b90000UL,
+ 0x00860000UL, 0x00c10000UL, 0x001d0000UL, 0x009e0000UL, 0x00e10000UL,
+ 0x00f80000UL, 0x00980000UL, 0x00110000UL, 0x00690000UL, 0x00d90000UL,
+ 0x008e0000UL, 0x00940000UL, 0x009b0000UL, 0x001e0000UL, 0x00870000UL,
+ 0x00e90000UL, 0x00ce0000UL, 0x00550000UL, 0x00280000UL, 0x00df0000UL,
+ 0x008c0000UL, 0x00a10000UL, 0x00890000UL, 0x000d0000UL, 0x00bf0000UL,
+ 0x00e60000UL, 0x00420000UL, 0x00680000UL, 0x00410000UL, 0x00990000UL,
+ 0x002d0000UL, 0x000f0000UL, 0x00b00000UL, 0x00540000UL, 0x00bb0000UL,
+ 0x00160000UL
+};
+
+const uint32_t AES_PRECOMP_TE4_3[256] = {
+ 0x63000000UL, 0x7c000000UL, 0x77000000UL, 0x7b000000UL, 0xf2000000UL,
+ 0x6b000000UL, 0x6f000000UL, 0xc5000000UL, 0x30000000UL, 0x01000000UL,
+ 0x67000000UL, 0x2b000000UL, 0xfe000000UL, 0xd7000000UL, 0xab000000UL,
+ 0x76000000UL, 0xca000000UL, 0x82000000UL, 0xc9000000UL, 0x7d000000UL,
+ 0xfa000000UL, 0x59000000UL, 0x47000000UL, 0xf0000000UL, 0xad000000UL,
+ 0xd4000000UL, 0xa2000000UL, 0xaf000000UL, 0x9c000000UL, 0xa4000000UL,
+ 0x72000000UL, 0xc0000000UL, 0xb7000000UL, 0xfd000000UL, 0x93000000UL,
+ 0x26000000UL, 0x36000000UL, 0x3f000000UL, 0xf7000000UL, 0xcc000000UL,
+ 0x34000000UL, 0xa5000000UL, 0xe5000000UL, 0xf1000000UL, 0x71000000UL,
+ 0xd8000000UL, 0x31000000UL, 0x15000000UL, 0x04000000UL, 0xc7000000UL,
+ 0x23000000UL, 0xc3000000UL, 0x18000000UL, 0x96000000UL, 0x05000000UL,
+ 0x9a000000UL, 0x07000000UL, 0x12000000UL, 0x80000000UL, 0xe2000000UL,
+ 0xeb000000UL, 0x27000000UL, 0xb2000000UL, 0x75000000UL, 0x09000000UL,
+ 0x83000000UL, 0x2c000000UL, 0x1a000000UL, 0x1b000000UL, 0x6e000000UL,
+ 0x5a000000UL, 0xa0000000UL, 0x52000000UL, 0x3b000000UL, 0xd6000000UL,
+ 0xb3000000UL, 0x29000000UL, 0xe3000000UL, 0x2f000000UL, 0x84000000UL,
+ 0x53000000UL, 0xd1000000UL, 0x00000000UL, 0xed000000UL, 0x20000000UL,
+ 0xfc000000UL, 0xb1000000UL, 0x5b000000UL, 0x6a000000UL, 0xcb000000UL,
+ 0xbe000000UL, 0x39000000UL, 0x4a000000UL, 0x4c000000UL, 0x58000000UL,
+ 0xcf000000UL, 0xd0000000UL, 0xef000000UL, 0xaa000000UL, 0xfb000000UL,
+ 0x43000000UL, 0x4d000000UL, 0x33000000UL, 0x85000000UL, 0x45000000UL,
+ 0xf9000000UL, 0x02000000UL, 0x7f000000UL, 0x50000000UL, 0x3c000000UL,
+ 0x9f000000UL, 0xa8000000UL, 0x51000000UL, 0xa3000000UL, 0x40000000UL,
+ 0x8f000000UL, 0x92000000UL, 0x9d000000UL, 0x38000000UL, 0xf5000000UL,
+ 0xbc000000UL, 0xb6000000UL, 0xda000000UL, 0x21000000UL, 0x10000000UL,
+ 0xff000000UL, 0xf3000000UL, 0xd2000000UL, 0xcd000000UL, 0x0c000000UL,
+ 0x13000000UL, 0xec000000UL, 0x5f000000UL, 0x97000000UL, 0x44000000UL,
+ 0x17000000UL, 0xc4000000UL, 0xa7000000UL, 0x7e000000UL, 0x3d000000UL,
+ 0x64000000UL, 0x5d000000UL, 0x19000000UL, 0x73000000UL, 0x60000000UL,
+ 0x81000000UL, 0x4f000000UL, 0xdc000000UL, 0x22000000UL, 0x2a000000UL,
+ 0x90000000UL, 0x88000000UL, 0x46000000UL, 0xee000000UL, 0xb8000000UL,
+ 0x14000000UL, 0xde000000UL, 0x5e000000UL, 0x0b000000UL, 0xdb000000UL,
+ 0xe0000000UL, 0x32000000UL, 0x3a000000UL, 0x0a000000UL, 0x49000000UL,
+ 0x06000000UL, 0x24000000UL, 0x5c000000UL, 0xc2000000UL, 0xd3000000UL,
+ 0xac000000UL, 0x62000000UL, 0x91000000UL, 0x95000000UL, 0xe4000000UL,
+ 0x79000000UL, 0xe7000000UL, 0xc8000000UL, 0x37000000UL, 0x6d000000UL,
+ 0x8d000000UL, 0xd5000000UL, 0x4e000000UL, 0xa9000000UL, 0x6c000000UL,
+ 0x56000000UL, 0xf4000000UL, 0xea000000UL, 0x65000000UL, 0x7a000000UL,
+ 0xae000000UL, 0x08000000UL, 0xba000000UL, 0x78000000UL, 0x25000000UL,
+ 0x2e000000UL, 0x1c000000UL, 0xa6000000UL, 0xb4000000UL, 0xc6000000UL,
+ 0xe8000000UL, 0xdd000000UL, 0x74000000UL, 0x1f000000UL, 0x4b000000UL,
+ 0xbd000000UL, 0x8b000000UL, 0x8a000000UL, 0x70000000UL, 0x3e000000UL,
+ 0xb5000000UL, 0x66000000UL, 0x48000000UL, 0x03000000UL, 0xf6000000UL,
+ 0x0e000000UL, 0x61000000UL, 0x35000000UL, 0x57000000UL, 0xb9000000UL,
+ 0x86000000UL, 0xc1000000UL, 0x1d000000UL, 0x9e000000UL, 0xe1000000UL,
+ 0xf8000000UL, 0x98000000UL, 0x11000000UL, 0x69000000UL, 0xd9000000UL,
+ 0x8e000000UL, 0x94000000UL, 0x9b000000UL, 0x1e000000UL, 0x87000000UL,
+ 0xe9000000UL, 0xce000000UL, 0x55000000UL, 0x28000000UL, 0xdf000000UL,
+ 0x8c000000UL, 0xa1000000UL, 0x89000000UL, 0x0d000000UL, 0xbf000000UL,
+ 0xe6000000UL, 0x42000000UL, 0x68000000UL, 0x41000000UL, 0x99000000UL,
+ 0x2d000000UL, 0x0f000000UL, 0xb0000000UL, 0x54000000UL, 0xbb000000UL,
+ 0x16000000UL
+};
+
+const uint32_t masks[32] = {
+ 0x80000000UL, 0x40000000UL, 0x20000000UL, 0x10000000UL, 0x08000000UL,
+ 0x04000000UL, 0x02000000UL, 0x01000000UL, 0x00800000UL, 0x00400000UL,
+ 0x00200000UL, 0x00100000UL, 0x00080000UL, 0x00040000UL, 0x00020000UL,
+ 0x00010000UL, 0x00008000UL, 0x00004000UL, 0x00002000UL, 0x00001000UL,
+ 0x00000800UL, 0x00000400UL, 0x00000200UL, 0x00000100UL, 0x00000080UL,
+ 0x00000040UL, 0x00000020UL, 0x00000010UL, 0x00000008UL, 0x00000004UL,
+ 0x00000002UL, 0x00000001UL
+};
+
+CryptoUtils::CryptoUtils() { seeded = false; }
+
+unsigned CryptoUtils::scramble32(const unsigned in, const char key[16]) {
+ assert(key != NULL && "CryptoUtils::scramble key=NULL");
+
+ unsigned tmpA, tmpB;
+
+ // Orr, Nathan or Adi can probably break it, but who cares?
+
+ // Round 1
+ tmpA = 0x0;
+ tmpA ^= AES_PRECOMP_TE0[((in >> 24) ^ key[0]) & 0xFF];
+ tmpA ^= AES_PRECOMP_TE1[((in >> 16) ^ key[1]) & 0xFF];
+ tmpA ^= AES_PRECOMP_TE2[((in >> 8) ^ key[2]) & 0xFF];
+ tmpA ^= AES_PRECOMP_TE3[((in >> 0) ^ key[3]) & 0xFF];
+
+ // Round 2
+ tmpB = 0x0;
+ tmpB ^= AES_PRECOMP_TE0[((tmpA >> 24) ^ key[4]) & 0xFF];
+ tmpB ^= AES_PRECOMP_TE1[((tmpA >> 16) ^ key[5]) & 0xFF];
+ tmpB ^= AES_PRECOMP_TE2[((tmpA >> 8) ^ key[6]) & 0xFF];
+ tmpB ^= AES_PRECOMP_TE3[((tmpA >> 0) ^ key[7]) & 0xFF];
+
+ // Round 3
+ tmpA = 0x0;
+ tmpA ^= AES_PRECOMP_TE0[((tmpB >> 24) ^ key[8]) & 0xFF];
+ tmpA ^= AES_PRECOMP_TE1[((tmpB >> 16) ^ key[9]) & 0xFF];
+ tmpA ^= AES_PRECOMP_TE2[((tmpB >> 8) ^ key[10]) & 0xFF];
+ tmpA ^= AES_PRECOMP_TE3[((tmpB >> 0) ^ key[11]) & 0xFF];
+
+ // Round 4
+ tmpB = 0x0;
+ tmpB ^= AES_PRECOMP_TE0[((tmpA >> 24) ^ key[12]) & 0xFF];
+ tmpB ^= AES_PRECOMP_TE1[((tmpA >> 16) ^ key[13]) & 0xFF];
+ tmpB ^= AES_PRECOMP_TE2[((tmpA >> 8) ^ key[14]) & 0xFF];
+ tmpB ^= AES_PRECOMP_TE3[((tmpA >> 0) ^ key[15]) & 0xFF];
+
+ LOAD32H(tmpA, key);
+
+ return tmpA ^ tmpB;
+}
+
+bool CryptoUtils::prng_seed(const std::string _seed) {
+ unsigned char s[16];
+ unsigned int i = 0;
+
+ /* We accept a prefix "0x" */
+ if (!(_seed.size() == 32 || _seed.size() == 34)) {
+ errs()<<"The AES-CTR PRNG seeding mechanism is expecting a 16-byte value "
+ "expressed in hexadecimal, like DEAD....BEEF\n";
+ return false;
+ }
+
+ seed = _seed;
+
+ if (_seed.size() == 34) {
+ // Assuming that the two first characters are "0x"
+ i = 2;
+ }
+
+
+ for (unsigned int j=0; i < _seed.size(); i += 2, j++) {
+ std::string byte = _seed.substr(i, 2);
+ s[j] = (unsigned char)(int)strtol(byte.c_str(), NULL, 16);
+ }
+
+ // _seed is defined to be the
+ // key initial value
+ memcpy(key, s, 16);
+ DEBUG_WITH_TYPE("cryptoutils", dbgs() << "CPNRG seeded with " << _seed << "\n");
+
+ // ctr is initialized to all-zeroes
+ memset(ctr, 0, 16);
+
+ // Once the seed is there, we compute the
+ // AES128 key-schedule
+ aes_compute_ks(ks, key);
+
+ seeded = true;
+
+ // We are now ready to fill the pool with
+ // cryptographically secure pseudo-random
+ // values.
+ populate_pool();
+ return true;
+}
+
+CryptoUtils::~CryptoUtils() {
+ // Some wiping work here
+ memset(key, 0, 16);
+ memset(ks, 0, 44 * sizeof(uint32_t));
+ memset(ctr, 0, 16);
+ memset(pool, 0, CryptoUtils_POOL_SIZE);
+
+ idx = 0;
+}
+
+void CryptoUtils::populate_pool() {
+
+ statsPopulate++;
+
+ for (int i = 0; i < CryptoUtils_POOL_SIZE; i += 16) {
+
+ // ctr += 1
+ inc_ctr();
+
+ // We then encrypt the counter
+ aes_encrypt(pool + i, ctr, ks);
+ }
+
+ // Reinitializing the index of the first
+ // available pseudo-random byte
+ idx = 0;
+}
+
+bool CryptoUtils::prng_seed() {
+
+#if defined(__linux__)
+ std::ifstream devrandom("/dev/urandom");
+#else
+ std::ifstream devrandom("/dev/random");
+#endif
+
+ if (devrandom) {
+
+ devrandom.read(key, 16);
+
+ if (devrandom.gcount() != 16) {
+ errs()<<"Cannot read enough bytes in /dev/random\n";
+ return false;
+ }
+
+ devrandom.close();
+ DEBUG_WITH_TYPE("cryptoutils", dbgs() << "cryptoutils seeded with /dev/random\n");
+
+ memset(ctr, 0, 16);
+
+ // Once the seed is there, we compute the
+ // AES128 key-schedule
+ aes_compute_ks(ks, key);
+
+ seeded = true;
+ } else {
+ errs()<<"Cannot open /dev/random\n";
+ return false;
+ }
+ return true;
+}
+
+void CryptoUtils::inc_ctr() {
+ uint64_t iseed;
+
+ LOAD64H(iseed, ctr + 8);
+ ++iseed;
+ STORE64H(ctr + 8, iseed);
+}
+
+char *CryptoUtils::get_seed() {
+
+ if (seeded) {
+ return key;
+ } else {
+ return NULL;
+ }
+}
+
+void CryptoUtils::get_bytes(char *buffer, const int len) {
+
+ int sofar = 0, available = 0;
+
+ assert(buffer != NULL && "CryptoUtils::get_bytes buffer=NULL");
+ assert(len > 0 && "CryptoUtils::get_bytes len <= 0");
+
+ statsGetBytes++;
+
+ if (len > 0) {
+
+ // If the PRNG is not seeded, it the very last time to do it !
+ if (!seeded) {
+ prng_seed();
+ populate_pool();
+ }
+
+ do {
+ if (idx + (len - sofar) >= CryptoUtils_POOL_SIZE) {
+ // We don't have enough bytes ready in the pool,
+ // so let's use the available ones and repopulate !
+ available = CryptoUtils_POOL_SIZE - idx;
+ memcpy(buffer + sofar, pool + idx, available);
+ sofar += available;
+ populate_pool();
+ } else {
+ memcpy(buffer + sofar, pool + idx, len - sofar);
+ idx += len - sofar;
+ // This will trigger a loop exit
+ sofar = len;
+ }
+ } while (sofar < (len - 1));
+ }
+}
+
+uint8_t CryptoUtils::get_uint8_t() {
+ char ret;
+
+ statsGetUint8++;
+
+ get_bytes(&ret, 1);
+
+ return (uint8_t)ret;
+}
+
+char CryptoUtils::get_char() {
+ char ret;
+
+ statsGetChar++;
+
+ get_bytes(&ret, 1);
+
+ return ret;
+}
+
+uint32_t CryptoUtils::get_uint32_t() {
+ char tmp[4];
+ uint32_t ret = 0;
+
+ statsGetUint32++;
+
+ get_bytes(tmp, 4);
+
+ LOAD32H(ret, tmp);
+
+ return ret;
+}
+
+uint64_t CryptoUtils::get_uint64_t() {
+ char tmp[8];
+ uint64_t ret = 0;
+
+ statsGetUint64++;
+
+ get_bytes(tmp, 8);
+
+ LOAD64H(ret, tmp);
+
+ return ret;
+}
+
+uint32_t CryptoUtils::get_range(const uint32_t max) {
+ uint32_t log, r, mask;
+
+ statsGetRange++;
+
+ if (max == 0) {
+ return 0;
+ } else {
+ // Computing the above power of two
+ log = 32;
+ int i = 0;
+ // This loop will terminate, as there is at least one
+ // bit set somewhere in max
+ while (!(max & masks[i++])) {
+ log -= 1;
+ }
+ mask = (0x1UL << log) - 1;
+
+ // This should loop two times in average
+ do {
+ r = get_uint32_t() & mask;
+ } while (r >= max);
+
+ return r;
+ }
+}
+
+void CryptoUtils::aes_compute_ks(uint32_t *ks, const char *k) {
+ int i;
+ uint32_t *p, tmp;
+
+ assert(ks != NULL);
+ assert(k != NULL);
+
+ LOAD32H(ks[0], k);
+ LOAD32H(ks[1], k + 4);
+ LOAD32H(ks[2], k + 8);
+ LOAD32H(ks[3], k + 12);
+
+ p = ks;
+ i = 0;
+ while (1) {
+ tmp = p[3];
+ tmp = ((AES_TE4_3(BYTE(tmp, 2))) ^ (AES_TE4_2(BYTE(tmp, 1))) ^
+ (AES_TE4_1(BYTE(tmp, 0))) ^ (AES_TE4_0(BYTE(tmp, 3))));
+
+ p[4] = p[0] ^ tmp ^ AES_RCON[i];
+ p[5] = p[1] ^ p[4];
+ p[6] = p[2] ^ p[5];
+ p[7] = p[3] ^ p[6];
+ if (++i == 10) {
+ break;
+ }
+ p += 4;
+ }
+}
+
+void CryptoUtils::aes_encrypt(char *out, const char *in, const uint32_t *ks) {
+ uint32_t state0 = 0, state1 = 0, state2 = 0, state3 = 0;
+ uint32_t tmp0, tmp1, tmp2, tmp3;
+ int i;
+ uint32_t r;
+
+ statsAESEncrypt++;
+
+ r = 0;
+ LOAD32H(state0, in + 0);
+ LOAD32H(state1, in + 4);
+ LOAD32H(state2, in + 8);
+ LOAD32H(state3, in + 12);
+
+ state0 ^= ks[r + 0];
+ state1 ^= ks[r + 1];
+ state2 ^= ks[r + 2];
+ state3 ^= ks[r + 3];
+
+ i = 0;
+ while (1) {
+ r += 4;
+
+ tmp0 = AES_TE0(BYTE(state0, 3)) ^ AES_TE1(BYTE(state1, 2)) ^
+ AES_TE2(BYTE(state2, 1)) ^ AES_TE3(BYTE(state3, 0)) ^ ks[r + 0];
+
+ tmp1 = AES_TE0(BYTE(state1, 3)) ^ AES_TE1(BYTE(state2, 2)) ^
+ AES_TE2(BYTE(state3, 1)) ^ AES_TE3(BYTE(state0, 0)) ^ ks[r + 1];
+
+ tmp2 = AES_TE0(BYTE(state2, 3)) ^ AES_TE1(BYTE(state3, 2)) ^
+ AES_TE2(BYTE(state0, 1)) ^ AES_TE3(BYTE(state1, 0)) ^ ks[r + 2];
+
+ tmp3 = AES_TE0(BYTE(state3, 3)) ^ AES_TE1(BYTE(state0, 2)) ^
+ AES_TE2(BYTE(state1, 1)) ^ AES_TE3(BYTE(state2, 0)) ^ ks[r + 3];
+
+ if (i == 8) {
+ break;
+ }
+ i++;
+ state0 = tmp0;
+ state1 = tmp1;
+ state2 = tmp2;
+ state3 = tmp3;
+ }
+
+ r += 4;
+ state0 = (AES_TE4_3(BYTE(tmp0, 3))) ^ (AES_TE4_2(BYTE(tmp1, 2))) ^
+ (AES_TE4_1(BYTE(tmp2, 1))) ^ (AES_TE4_0(BYTE(tmp3, 0))) ^ ks[r + 0];
+
+ state1 = (AES_TE4_3(BYTE(tmp1, 3))) ^ (AES_TE4_2(BYTE(tmp2, 2))) ^
+ (AES_TE4_1(BYTE(tmp3, 1))) ^ (AES_TE4_0(BYTE(tmp0, 0))) ^ ks[r + 1];
+
+ state2 = (AES_TE4_3(BYTE(tmp2, 3))) ^ (AES_TE4_2(BYTE(tmp3, 2))) ^
+ (AES_TE4_1(BYTE(tmp0, 1))) ^ (AES_TE4_0(BYTE(tmp1, 0))) ^ ks[r + 2];
+
+ state3 = (AES_TE4_3(BYTE(tmp3, 3))) ^ (AES_TE4_2(BYTE(tmp0, 2))) ^
+ (AES_TE4_1(BYTE(tmp1, 1))) ^ (AES_TE4_0(BYTE(tmp2, 0))) ^ ks[r + 3];
+
+ STORE32H(out + 0, state0);
+ STORE32H(out + 4, state1);
+ STORE32H(out + 8, state2);
+ STORE32H(out + 12, state3);
+}
+
+int CryptoUtils::sha256_process(sha256_state *md, const unsigned char *in,
+ unsigned long inlen) {
+ unsigned long n;
+ int err;
+ assert(md != NULL && "CryptoUtils::sha256_process md=NULL");
+ assert(in != NULL && "CryptoUtils::sha256_process in=NULL");
+
+ if (md->curlen > sizeof(md->buf)) {
+ return 1;
+ }
+ while (inlen > 0) {
+ if (md->curlen == 0 && inlen >= 64) {
+ if ((err = sha256_compress(md, (unsigned char *)in)) != 0) {
+ return err;
+ }
+ md->length += 64 * 8;
+ in += 64;
+ inlen -= 64;
+ } else {
+ n = MIN(inlen, (64 - md->curlen));
+ memcpy(md->buf + md->curlen, in, (size_t)n);
+ md->curlen += n;
+ in += n;
+ inlen -= n;
+ if (md->curlen == 64) {
+ if ((err = sha256_compress(md, md->buf)) != 0) {
+ return err;
+ }
+ md->length += 8 * 64;
+ md->curlen = 0;
+ }
+ }
+ }
+ return 0;
+}
+
+int CryptoUtils::sha256_compress(sha256_state *md, unsigned char *buf) {
+ uint32_t S[8], W[64], t0, t1;
+ int i;
+
+ /* copy state into S */
+ for (i = 0; i < 8; i++) {
+ S[i] = md->state[i];
+ }
+
+ /* copy the state into 512-bits into W[0..15] */
+ for (i = 0; i < 16; i++) {
+ LOAD32H(W[i], buf + (4 * i));
+ }
+
+ /* fill W[16..63] */
+ for (i = 16; i < 64; i++) {
+ W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16];
+ }
+
+ /* Compress */
+
+ RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], 0, 0x428a2f98);
+ RND(S[7], S[0], S[1], S[2], S[3], S[4], S[5], S[6], 1, 0x71374491);
+ RND(S[6], S[7], S[0], S[1], S[2], S[3], S[4], S[5], 2, 0xb5c0fbcf);
+ RND(S[5], S[6], S[7], S[0], S[1], S[2], S[3], S[4], 3, 0xe9b5dba5);
+ RND(S[4], S[5], S[6], S[7], S[0], S[1], S[2], S[3], 4, 0x3956c25b);
+ RND(S[3], S[4], S[5], S[6], S[7], S[0], S[1], S[2], 5, 0x59f111f1);
+ RND(S[2], S[3], S[4], S[5], S[6], S[7], S[0], S[1], 6, 0x923f82a4);
+ RND(S[1], S[2], S[3], S[4], S[5], S[6], S[7], S[0], 7, 0xab1c5ed5);
+ RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], 8, 0xd807aa98);
+ RND(S[7], S[0], S[1], S[2], S[3], S[4], S[5], S[6], 9, 0x12835b01);
+ RND(S[6], S[7], S[0], S[1], S[2], S[3], S[4], S[5], 10, 0x243185be);
+ RND(S[5], S[6], S[7], S[0], S[1], S[2], S[3], S[4], 11, 0x550c7dc3);
+ RND(S[4], S[5], S[6], S[7], S[0], S[1], S[2], S[3], 12, 0x72be5d74);
+ RND(S[3], S[4], S[5], S[6], S[7], S[0], S[1], S[2], 13, 0x80deb1fe);
+ RND(S[2], S[3], S[4], S[5], S[6], S[7], S[0], S[1], 14, 0x9bdc06a7);
+ RND(S[1], S[2], S[3], S[4], S[5], S[6], S[7], S[0], 15, 0xc19bf174);
+ RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], 16, 0xe49b69c1);
+ RND(S[7], S[0], S[1], S[2], S[3], S[4], S[5], S[6], 17, 0xefbe4786);
+ RND(S[6], S[7], S[0], S[1], S[2], S[3], S[4], S[5], 18, 0x0fc19dc6);
+ RND(S[5], S[6], S[7], S[0], S[1], S[2], S[3], S[4], 19, 0x240ca1cc);
+ RND(S[4], S[5], S[6], S[7], S[0], S[1], S[2], S[3], 20, 0x2de92c6f);
+ RND(S[3], S[4], S[5], S[6], S[7], S[0], S[1], S[2], 21, 0x4a7484aa);
+ RND(S[2], S[3], S[4], S[5], S[6], S[7], S[0], S[1], 22, 0x5cb0a9dc);
+ RND(S[1], S[2], S[3], S[4], S[5], S[6], S[7], S[0], 23, 0x76f988da);
+ RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], 24, 0x983e5152);
+ RND(S[7], S[0], S[1], S[2], S[3], S[4], S[5], S[6], 25, 0xa831c66d);
+ RND(S[6], S[7], S[0], S[1], S[2], S[3], S[4], S[5], 26, 0xb00327c8);
+ RND(S[5], S[6], S[7], S[0], S[1], S[2], S[3], S[4], 27, 0xbf597fc7);
+ RND(S[4], S[5], S[6], S[7], S[0], S[1], S[2], S[3], 28, 0xc6e00bf3);
+ RND(S[3], S[4], S[5], S[6], S[7], S[0], S[1], S[2], 29, 0xd5a79147);
+ RND(S[2], S[3], S[4], S[5], S[6], S[7], S[0], S[1], 30, 0x06ca6351);
+ RND(S[1], S[2], S[3], S[4], S[5], S[6], S[7], S[0], 31, 0x14292967);
+ RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], 32, 0x27b70a85);
+ RND(S[7], S[0], S[1], S[2], S[3], S[4], S[5], S[6], 33, 0x2e1b2138);
+ RND(S[6], S[7], S[0], S[1], S[2], S[3], S[4], S[5], 34, 0x4d2c6dfc);
+ RND(S[5], S[6], S[7], S[0], S[1], S[2], S[3], S[4], 35, 0x53380d13);
+ RND(S[4], S[5], S[6], S[7], S[0], S[1], S[2], S[3], 36, 0x650a7354);
+ RND(S[3], S[4], S[5], S[6], S[7], S[0], S[1], S[2], 37, 0x766a0abb);
+ RND(S[2], S[3], S[4], S[5], S[6], S[7], S[0], S[1], 38, 0x81c2c92e);
+ RND(S[1], S[2], S[3], S[4], S[5], S[6], S[7], S[0], 39, 0x92722c85);
+ RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], 40, 0xa2bfe8a1);
+ RND(S[7], S[0], S[1], S[2], S[3], S[4], S[5], S[6], 41, 0xa81a664b);
+ RND(S[6], S[7], S[0], S[1], S[2], S[3], S[4], S[5], 42, 0xc24b8b70);
+ RND(S[5], S[6], S[7], S[0], S[1], S[2], S[3], S[4], 43, 0xc76c51a3);
+ RND(S[4], S[5], S[6], S[7], S[0], S[1], S[2], S[3], 44, 0xd192e819);
+ RND(S[3], S[4], S[5], S[6], S[7], S[0], S[1], S[2], 45, 0xd6990624);
+ RND(S[2], S[3], S[4], S[5], S[6], S[7], S[0], S[1], 46, 0xf40e3585);
+ RND(S[1], S[2], S[3], S[4], S[5], S[6], S[7], S[0], 47, 0x106aa070);
+ RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], 48, 0x19a4c116);
+ RND(S[7], S[0], S[1], S[2], S[3], S[4], S[5], S[6], 49, 0x1e376c08);
+ RND(S[6], S[7], S[0], S[1], S[2], S[3], S[4], S[5], 50, 0x2748774c);
+ RND(S[5], S[6], S[7], S[0], S[1], S[2], S[3], S[4], 51, 0x34b0bcb5);
+ RND(S[4], S[5], S[6], S[7], S[0], S[1], S[2], S[3], 52, 0x391c0cb3);
+ RND(S[3], S[4], S[5], S[6], S[7], S[0], S[1], S[2], 53, 0x4ed8aa4a);
+ RND(S[2], S[3], S[4], S[5], S[6], S[7], S[0], S[1], 54, 0x5b9cca4f);
+ RND(S[1], S[2], S[3], S[4], S[5], S[6], S[7], S[0], 55, 0x682e6ff3);
+ RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], 56, 0x748f82ee);
+ RND(S[7], S[0], S[1], S[2], S[3], S[4], S[5], S[6], 57, 0x78a5636f);
+ RND(S[6], S[7], S[0], S[1], S[2], S[3], S[4], S[5], 58, 0x84c87814);
+ RND(S[5], S[6], S[7], S[0], S[1], S[2], S[3], S[4], 59, 0x8cc70208);
+ RND(S[4], S[5], S[6], S[7], S[0], S[1], S[2], S[3], 60, 0x90befffa);
+ RND(S[3], S[4], S[5], S[6], S[7], S[0], S[1], S[2], 61, 0xa4506ceb);
+ RND(S[2], S[3], S[4], S[5], S[6], S[7], S[0], S[1], 62, 0xbef9a3f7);
+ RND(S[1], S[2], S[3], S[4], S[5], S[6], S[7], S[0], 63, 0xc67178f2);
+
+ /* feedback */
+ for (i = 0; i < 8; i++) {
+ md->state[i] = md->state[i] + S[i];
+ }
+ return 0;
+}
+
+/**
+ Initialize the hash state
+ @param md The hash state you wish to initialize
+ @return CRYPT_OK if successful
+*/
+int CryptoUtils::sha256_init(sha256_state *md) {
+ assert(md != NULL && "CryptoUtils::sha256_init md=NULL");
+
+ md->curlen = 0;
+ md->length = 0;
+ md->state[0] = 0x6A09E667UL;
+ md->state[1] = 0xBB67AE85UL;
+ md->state[2] = 0x3C6EF372UL;
+ md->state[3] = 0xA54FF53AUL;
+ md->state[4] = 0x510E527FUL;
+ md->state[5] = 0x9B05688CUL;
+ md->state[6] = 0x1F83D9ABUL;
+ md->state[7] = 0x5BE0CD19UL;
+ return 0;
+}
+
+/**
+ Terminate the hash to get the digest
+ @param md The hash state
+ @param out [out] The destination of the hash (32 bytes)
+ @return CRYPT_OK if successful
+*/
+int CryptoUtils::sha256_done(sha256_state *md, unsigned char *out) {
+ int i;
+
+ assert(md != NULL && "CryptoUtils::sha256_done md=NULL");
+ assert(out != NULL && "CryptoUtils::sha256_done out=NULL");
+
+ if (md->curlen >= sizeof(md->buf)) {
+ return 1;
+ }
+
+ /* increase the length of the message */
+ md->length += md->curlen * 8;
+
+ /* append the '1' bit */
+ md->buf[md->curlen++] = (unsigned char)0x80;
+
+ /* if the length is currently above 56 bytes we append zeros
+ * then compress. Then we can fall back to padding zeros and length
+ * encoding like normal.
+ */
+ if (md->curlen > 56) {
+ while (md->curlen < 64) {
+ md->buf[md->curlen++] = (unsigned char)0;
+ }
+ sha256_compress(md, md->buf);
+ md->curlen = 0;
+ }
+
+ /* pad upto 56 bytes of zeroes */
+ while (md->curlen < 56) {
+ md->buf[md->curlen++] = (unsigned char)0;
+ }
+
+ /* store length */
+ STORE64H(md->buf + 56, md->length);
+ sha256_compress(md, md->buf);
+
+ /* copy output */
+ for (i = 0; i < 8; i++) {
+ STORE32H(out + (4 * i), md->state[i]);
+ }
+ return 0;
+}
+
+int CryptoUtils::sha256(const char *msg, unsigned char *hash) {
+ unsigned char tmp[32];
+ sha256_state md;
+
+ sha256_init(&md);
+ sha256_process(&md, (const unsigned char *)msg,
+ (unsigned long)strlen((const char *)msg));
+ sha256_done(&md, tmp);
+
+ memcpy(hash, tmp, 32);
+ return 0;
+}
diff --git a/llvm/lib/Transforms/Obfuscation/Flattening.cpp b/llvm/lib/Transforms/Obfuscation/Flattening.cpp
new file mode 100644
index 000000000000000..e470b3c27efb3cc
--- /dev/null
+++ b/llvm/lib/Transforms/Obfuscation/Flattening.cpp
@@ -0,0 +1,243 @@
+//===- Flattening.cpp - Flattening Obfuscation pass------------------------===//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// This file implements the flattening pass
+//
+//===----------------------------------------------------------------------===//
+
+#include "llvm/Transforms/Obfuscation/Flattening.h"
+#include "llvm/Transforms/Obfuscation/CryptoUtils.h"
+#include "llvm/Transforms/Scalar.h"
+
+#define DEBUG_TYPE "flattening"
+
+using namespace llvm;
+
+// Stats
+STATISTIC(Flattened, "Functions flattened");
+
+namespace {
+// control flow flattening (控制流展平) -- aqnote
+struct Flattening : public FunctionPass {
+ static char ID; // Pass identification, replacement for typeid
+ bool flag;
+
+ Flattening() : FunctionPass(ID) {}
+ Flattening(bool flag) : FunctionPass(ID) { this->flag = flag; }
+
+ bool runOnFunction(Function &F);
+ bool flatten(Function *f);
+};
+} // namespace
+
+char Flattening::ID = 0;
+static RegisterPass<Flattening> X("flattening", "Call graph flattening");
+Pass *llvm::createFlattening(bool flag) { return new Flattening(flag); }
+
+bool Flattening::runOnFunction(Function &F) {
+ Function *tmp = &F;
+ // Do we obfuscate
+ if (toObfuscate(flag, tmp, "fla")) {
+ if (flatten(tmp)) {
+ ++Flattened;
+ }
+ }
+
+ return false;
+}
+
+bool Flattening::flatten(Function *f) {
+ vector<BasicBlock *> origBB;
+ BasicBlock *loopEntry;
+ BasicBlock *loopEnd;
+ LoadInst *load;
+ SwitchInst *switchI;
+ AllocaInst *switchVar;
+
+ // SCRAMBLER
+ char scrambling_key[16];
+ llvm::cryptoutils->get_bytes(scrambling_key, 16);
+ // END OF SCRAMBLER
+
+ // Lower switch
+ FunctionPass *lower = createLowerSwitchPass();
+ lower->runOnFunction(*f);
+
+ // Save all original BB
+ for (Function::iterator i = f->begin(); i != f->end(); ++i) {
+ BasicBlock *tmp = &*i;
+ origBB.push_back(tmp);
+
+ BasicBlock *bb = &*i;
+ if (isa<InvokeInst>(bb->getTerminator())) {
+ return false;
+ }
+ }
+
+ // Nothing to flatten
+ if (origBB.size() <= 1) {
+ return false;
+ }
+
+ // Remove first BB
+ origBB.erase(origBB.begin());
+
+ // Get a pointer on the first BB
+ Function::iterator tmp = f->begin(); //++tmp;
+ BasicBlock *insert = &*tmp;
+
+ // If main begin with an if
+ BranchInst *br = NULL;
+ if (isa<BranchInst>(insert->getTerminator())) {
+ br = cast<BranchInst>(insert->getTerminator());
+ }
+
+ if ((br != NULL && br->isConditional()) ||
+ insert->getTerminator()->getNumSuccessors() > 1) {
+ BasicBlock::iterator i = insert->end();
+ --i;
+
+ if (insert->size() > 1) {
+ --i;
+ }
+
+ BasicBlock *tmpBB = insert->splitBasicBlock(i, "first");
+ origBB.insert(origBB.begin(), tmpBB);
+ }
+
+ // Remove jump
+ insert->getTerminator()->eraseFromParent();
+
+ // Create switch variable and set as it
+ switchVar =
+ new AllocaInst(Type::getInt32Ty(f->getContext()), 0, "switchVar", insert);
+ new StoreInst(
+ ConstantInt::get(Type::getInt32Ty(f->getContext()),
+ llvm::cryptoutils->scramble32(0, scrambling_key)),
+ switchVar, insert);
+
+ // Create main loop
+ loopEntry = BasicBlock::Create(f->getContext(), "loopEntry", f, insert);
+ loopEnd = BasicBlock::Create(f->getContext(), "loopEnd", f, insert);
+
+ load = new LoadInst(switchVar, "switchVar", loopEntry);
+
+ // Move first BB on top
+ insert->moveBefore(loopEntry);
+ BranchInst::Create(loopEntry, insert);
+
+ // loopEnd jump to loopEntry
+ BranchInst::Create(loopEntry, loopEnd);
+
+ BasicBlock *swDefault =
+ BasicBlock::Create(f->getContext(), "switchDefault", f, loopEnd);
+ BranchInst::Create(loopEnd, swDefault);
+
+ // Create switch instruction itself and set condition
+ switchI = SwitchInst::Create(&*f->begin(), swDefault, 0, loopEntry);
+ switchI->setCondition(load);
+
+ // Remove branch jump from 1st BB and make a jump to the while
+ f->begin()->getTerminator()->eraseFromParent();
+
+ BranchInst::Create(loopEntry, &*f->begin());
+
+ // Put all BB in the switch
+ for (vector<BasicBlock *>::iterator b = origBB.begin(); b != origBB.end();
+ ++b) {
+ BasicBlock *i = *b;
+ ConstantInt *numCase = NULL;
+
+ // Move the BB inside the switch (only visual, no code logic)
+ i->moveBefore(loopEnd);
+
+ // Add case to switch
+ numCase = cast<ConstantInt>(ConstantInt::get(
+ switchI->getCondition()->getType(),
+ llvm::cryptoutils->scramble32(switchI->getNumCases(), scrambling_key)));
+ switchI->addCase(numCase, i);
+ }
+
+ // Recalculate switchVar
+ for (vector<BasicBlock *>::iterator b = origBB.begin(); b != origBB.end();
+ ++b) {
+ BasicBlock *i = *b;
+ ConstantInt *numCase = NULL;
+
+ // Ret BB
+ if (i->getTerminator()->getNumSuccessors() == 0) {
+ continue;
+ }
+
+ // If it's a non-conditional jump
+ if (i->getTerminator()->getNumSuccessors() == 1) {
+ // Get successor and delete terminator
+ BasicBlock *succ = i->getTerminator()->getSuccessor(0);
+ i->getTerminator()->eraseFromParent();
+
+ // Get next case
+ numCase = switchI->findCaseDest(succ);
+
+ // If next case == default case (switchDefault)
+ if (numCase == NULL) {
+ numCase = cast<ConstantInt>(
+ ConstantInt::get(switchI->getCondition()->getType(),
+ llvm::cryptoutils->scramble32(
+ switchI->getNumCases() - 1, scrambling_key)));
+ }
+
+ // Update switchVar and jump to the end of loop
+ new StoreInst(numCase, load->getPointerOperand(), i);
+ BranchInst::Create(loopEnd, i);
+ continue;
+ }
+
+ // If it's a conditional jump
+ if (i->getTerminator()->getNumSuccessors() == 2) {
+ // Get next cases
+ ConstantInt *numCaseTrue =
+ switchI->findCaseDest(i->getTerminator()->getSuccessor(0));
+ ConstantInt *numCaseFalse =
+ switchI->findCaseDest(i->getTerminator()->getSuccessor(1));
+
+ // Check if next case == default case (switchDefault)
+ if (numCaseTrue == NULL) {
+ numCaseTrue = cast<ConstantInt>(
+ ConstantInt::get(switchI->getCondition()->getType(),
+ llvm::cryptoutils->scramble32(
+ switchI->getNumCases() - 1, scrambling_key)));
+ }
+
+ if (numCaseFalse == NULL) {
+ numCaseFalse = cast<ConstantInt>(
+ ConstantInt::get(switchI->getCondition()->getType(),
+ llvm::cryptoutils->scramble32(
+ switchI->getNumCases() - 1, scrambling_key)));
+ }
+
+ // Create a SelectInst
+ BranchInst *br = cast<BranchInst>(i->getTerminator());
+ SelectInst *sel =
+ SelectInst::Create(br->getCondition(), numCaseTrue, numCaseFalse, "",
+ i->getTerminator());
+
+ // Erase terminator
+ i->getTerminator()->eraseFromParent();
+
+ // Update switchVar and jump to the end of loop
+ new StoreInst(sel, load->getPointerOperand(), i);
+ BranchInst::Create(loopEnd, i);
+ continue;
+ }
+ }
+
+ fixStack(f);
+
+ return true;
+}
diff --git a/llvm/lib/Transforms/Obfuscation/LICENSE-OBFUSCATOR.TXT b/llvm/lib/Transforms/Obfuscation/LICENSE-OBFUSCATOR.TXT
new file mode 100644
index 000000000000000..ea86a85bf6f216a
--- /dev/null
+++ b/llvm/lib/Transforms/Obfuscation/LICENSE-OBFUSCATOR.TXT
@@ -0,0 +1,44 @@
+==============================================================================
+Obfuscator-LLVM Release License
+==============================================================================
+University of Illinois/NCSA
+Open Source License
+
+Copyright (c) 2014 Haute Ecole d'Ingénierie et de Gestion du Canton de Vaud (HEIG-VD). All rights reserved.
+
+Developed by:
+
+ Obfuscator-LLVM Team
+
+ Haute-Ecole d'Ingénierie et de Gestion du Canton de Vaud (HEIG-VD), a part
+ of the University of Applied Sciences and Arts Western Switzerland (HES-SO)
+
+ http://o-llvm.org
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal with
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+ * Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimers.
+
+ * Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimers in the
+ documentation and/or other materials provided with the distribution.
+
+ * Neither the names of the Obfuscator-LLVM Team, the Haute Ecole d'Ingénierie
+ et de Gestion du Canton de Vaud (HEIG-VD), the University of Applied Sciences
+ and Arts Western Switzerland (HES-SO) nor the names of its contributors
+ may be used to endorse or promote products derived from this Software
+ without specific prior written permission.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE
+SOFTWARE.
diff --git a/llvm/lib/Transforms/Obfuscation/LLVMBuild.txt b/llvm/lib/Transforms/Obfuscation/LLVMBuild.txt
new file mode 100644
index 000000000000000..2be958758326e6d
--- /dev/null
+++ b/llvm/lib/Transforms/Obfuscation/LLVMBuild.txt
@@ -0,0 +1,23 @@
+;===- ./lib/Transforms/Scalar/LLVMBuild.txt --------------------*- Conf -*--===;
+;
+; The LLVM Compiler Infrastructure
+;
+; This file is distributed under the University of Illinois Open Source
+; License. See LICENSE.TXT for details.
+;
+;===------------------------------------------------------------------------===;
+;
+; This is an LLVMBuild description file for the components in this subdirectory.
+;
+; For more information on the LLVMBuild system, please see:
+;
+; http://llvm.org/docs/LLVMBuild.html
+;
+;===------------------------------------------------------------------------===;
+
+[component_0]
+type = Library
+name = Obfuscation
+parent = Transforms
+library_name = Obfuscation
+
diff --git a/llvm/lib/Transforms/Obfuscation/Makefile b/llvm/lib/Transforms/Obfuscation/Makefile
new file mode 100644
index 000000000000000..7fa1ec0d789c1dc
--- /dev/null
+++ b/llvm/lib/Transforms/Obfuscation/Makefile
@@ -0,0 +1,16 @@
+##===- lib/Transforms/Obfuscation/Makefile -----------------*- Makefile -*-===##
+#
+# The LLVM Compiler Infrastructure
+#
+# This file is distributed under the University of Illinois Open Source
+# License. See LICENSE.TXT for details.
+#
+##===----------------------------------------------------------------------===##
+
+LEVEL = ../../..
+LIBRARYNAME = LLVMObfuscation
+#LOADABLE_MODULE = 1
+BUILD_ARCHIVE = 1
+
+include $(LEVEL)/Makefile.common
+
diff --git a/llvm/lib/Transforms/Obfuscation/SplitBasicBlocks.cpp b/llvm/lib/Transforms/Obfuscation/SplitBasicBlocks.cpp
new file mode 100644
index 000000000000000..796521c85dc04eb
--- /dev/null
+++ b/llvm/lib/Transforms/Obfuscation/SplitBasicBlocks.cpp
@@ -0,0 +1,144 @@
+//===- SplitBasicBlock.cpp - SplitBasicBlokc Obfuscation pass--------------===//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// This file implements the split basic block pass
+//
+//===----------------------------------------------------------------------===//
+
+#include "llvm/Transforms/Obfuscation/Split.h"
+#include "llvm/Transforms/Obfuscation/Utils.h"
+#include "llvm/Transforms/Obfuscation/CryptoUtils.h"
+
+#define DEBUG_TYPE "split"
+
+using namespace llvm;
+using namespace std;
+
+// Stats
+STATISTIC(Split, "Basicblock splitted");
+
+static cl::opt<int> SplitNum("split_num", cl::init(2),
+ cl::desc("Split <split_num> time each BB"));
+
+namespace {
+struct SplitBasicBlock : public FunctionPass {
+ static char ID; // Pass identification, replacement for typeid
+ bool flag;
+
+ SplitBasicBlock() : FunctionPass(ID) {}
+ SplitBasicBlock(bool flag) : FunctionPass(ID) {
+
+ this->flag = flag;
+ }
+
+ bool runOnFunction(Function &F);
+ void split(Function *f);
+
+ bool containsPHI(BasicBlock *b);
+ void shuffle(std::vector<int> &vec);
+};
+}
+
+char SplitBasicBlock::ID = 0;
+static RegisterPass<SplitBasicBlock> X("splitbbl", "BasicBlock splitting");
+
+Pass *llvm::createSplitBasicBlock(bool flag) {
+ return new SplitBasicBlock(flag);
+}
+
+bool SplitBasicBlock::runOnFunction(Function &F) {
+ // Check if the number of applications is correct
+ if (!((SplitNum > 1) && (SplitNum <= 10))) {
+ errs()<<"Split application basic block percentage\
+ -split_num=x must be 1 < x <= 10";
+ return false;
+ }
+
+ Function *tmp = &F;
+
+ // Do we obfuscate
+ if (toObfuscate(flag, tmp, "split")) {
+ split(tmp);
+ ++Split;
+ }
+
+ return false;
+}
+
+void SplitBasicBlock::split(Function *f) {
+ std::vector<BasicBlock *> origBB;
+ int splitN = SplitNum;
+
+ // Save all basic blocks
+ for (Function::iterator I = f->begin(), IE = f->end(); I != IE; ++I) {
+ origBB.push_back(&*I);
+ }
+
+ for (std::vector<BasicBlock *>::iterator I = origBB.begin(),
+ IE = origBB.end();
+ I != IE; ++I) {
+ BasicBlock *curr = *I;
+
+ // No need to split a 1 inst bb
+ // Or ones containing a PHI node
+ if (curr->size() < 2 || containsPHI(curr)) {
+ continue;
+ }
+
+ // Check splitN and current BB size
+ if ((size_t)splitN > curr->size()) {
+ splitN = curr->size() - 1;
+ }
+
+ // Generate splits point
+ std::vector<int> test;
+ for (unsigned i = 1; i < curr->size(); ++i) {
+ test.push_back(i);
+ }
+
+ // Shuffle
+ if (test.size() != 1) {
+ shuffle(test);
+ std::sort(test.begin(), test.begin() + splitN);
+ }
+
+ // Split
+ BasicBlock::iterator it = curr->begin();
+ BasicBlock *toSplit = curr;
+ int last = 0;
+ for (int i = 0; i < splitN; ++i) {
+ for (int j = 0; j < test[i] - last; ++j) {
+ ++it;
+ }
+ last = test[i];
+ if(toSplit->size() < 2)
+ continue;
+ toSplit = toSplit->splitBasicBlock(it, toSplit->getName() + ".split");
+ }
+
+ ++Split;
+ }
+}
+
+bool SplitBasicBlock::containsPHI(BasicBlock *b) {
+ for (BasicBlock::iterator I = b->begin(), IE = b->end(); I != IE; ++I) {
+ if (isa<PHINode>(I)) {
+ return true;
+ }
+ }
+ return false;
+}
+
+void SplitBasicBlock::shuffle(std::vector<int> &vec) {
+ int n = vec.size();
+ for (int i = n - 1; i > 0; --i) {
+ std::swap(vec[i], vec[cryptoutils->get_uint32_t() % (i + 1)]);
+ }
+}
+
diff --git a/llvm/lib/Transforms/Obfuscation/Substitution.cpp b/llvm/lib/Transforms/Obfuscation/Substitution.cpp
new file mode 100644
index 000000000000000..f96c84daf2e625d
--- /dev/null
+++ b/llvm/lib/Transforms/Obfuscation/Substitution.cpp
@@ -0,0 +1,578 @@
+//===- Substitution.cpp - Substitution Obfuscation
+// pass-------------------------===//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// This file implements operators substitution's pass
+//
+//===----------------------------------------------------------------------===//
+
+#include "llvm/Transforms/Obfuscation/Substitution.h"
+#include "llvm/IR/LLVMContext.h"
+#include "llvm/Support/raw_ostream.h"
+#include "llvm/Transforms/Obfuscation/Utils.h"
+#include "llvm/IR/Intrinsics.h"
+
+#define DEBUG_TYPE "substitution"
+
+#define NUMBER_ADD_SUBST 4
+#define NUMBER_SUB_SUBST 3
+#define NUMBER_AND_SUBST 2
+#define NUMBER_OR_SUBST 2
+#define NUMBER_XOR_SUBST 2
+
+static cl::opt<int>
+ObfTimes("sub_loop",
+ cl::desc("Choose how many time the -sub pass loops on a function"),
+ cl::value_desc("number of times"), cl::init(1), cl::Optional);
+
+
+// Stats
+STATISTIC(Add, "Add substitued");
+STATISTIC(Sub, "Sub substitued");
+// STATISTIC(Mul, "Mul substitued");
+// STATISTIC(Div, "Div substitued");
+// STATISTIC(Rem, "Rem substitued");
+// STATISTIC(Shi, "Shift substitued");
+STATISTIC(And, "And substitued");
+STATISTIC(Or, "Or substitued");
+STATISTIC(Xor, "Xor substitued");
+
+namespace {
+
+// instruction substitution (指令替换) -- aqnote
+struct Substitution : public FunctionPass {
+ static char ID; // Pass identification, replacement for typeid
+ void (Substitution::*funcAdd[NUMBER_ADD_SUBST])(BinaryOperator *bo);
+ void (Substitution::*funcSub[NUMBER_SUB_SUBST])(BinaryOperator *bo);
+ void (Substitution::*funcAnd[NUMBER_AND_SUBST])(BinaryOperator *bo);
+ void (Substitution::*funcOr[NUMBER_OR_SUBST])(BinaryOperator *bo);
+ void (Substitution::*funcXor[NUMBER_XOR_SUBST])(BinaryOperator *bo);
+ bool flag;
+
+ Substitution() : FunctionPass(ID) {}
+
+ Substitution(bool flag) : FunctionPass(ID) {
+ this->flag = flag;
+ funcAdd[0] = &Substitution::addNeg;
+ funcAdd[1] = &Substitution::addDoubleNeg;
+ funcAdd[2] = &Substitution::addRand;
+ funcAdd[3] = &Substitution::addRand2;
+
+ funcSub[0] = &Substitution::subNeg;
+ funcSub[1] = &Substitution::subRand;
+ funcSub[2] = &Substitution::subRand2;
+
+ funcAnd[0] = &Substitution::andSubstitution;
+ funcAnd[1] = &Substitution::andSubstitutionRand;
+
+ funcOr[0] = &Substitution::orSubstitution;
+ funcOr[1] = &Substitution::orSubstitutionRand;
+
+ funcXor[0] = &Substitution::xorSubstitution;
+ funcXor[1] = &Substitution::xorSubstitutionRand;
+ }
+
+ bool runOnFunction(Function &F);
+ bool substitute(Function *f);
+
+ void addNeg(BinaryOperator *bo);
+ void addDoubleNeg(BinaryOperator *bo);
+ void addRand(BinaryOperator *bo);
+ void addRand2(BinaryOperator *bo);
+
+ void subNeg(BinaryOperator *bo);
+ void subRand(BinaryOperator *bo);
+ void subRand2(BinaryOperator *bo);
+
+ void andSubstitution(BinaryOperator *bo);
+ void andSubstitutionRand(BinaryOperator *bo);
+
+ void orSubstitution(BinaryOperator *bo);
+ void orSubstitutionRand(BinaryOperator *bo);
+
+ void xorSubstitution(BinaryOperator *bo);
+ void xorSubstitutionRand(BinaryOperator *bo);
+};
+}
+
+char Substitution::ID = 0;
+static RegisterPass<Substitution> X("substitution", "operators substitution");
+Pass *llvm::createSubstitution(bool flag) { return new Substitution(flag); }
+
+bool Substitution::runOnFunction(Function &F) {
+ // Check if the percentage is correct
+ if (ObfTimes <= 0) {
+ errs()<<"Substitution application number -sub_loop=x must be x > 0";
+ return false;
+ }
+
+ Function *tmp = &F;
+ // Do we obfuscate
+ if (toObfuscate(flag, tmp, "sub")) {
+ substitute(tmp);
+ return true;
+ }
+
+ return false;
+}
+
+bool Substitution::substitute(Function *f) {
+ Function *tmp = f;
+
+ // Loop for the number of time we run the pass on the function
+ int times = ObfTimes;
+ do {
+ for (Function::iterator bb = tmp->begin(); bb != tmp->end(); ++bb) {
+ for (BasicBlock::iterator inst = bb->begin(); inst != bb->end(); ++inst) {
+ if (inst->isBinaryOp()) {
+ switch (inst->getOpcode()) {
+ case BinaryOperator::Add:
+ // case BinaryOperator::FAdd:
+ // Substitute with random add operation
+ (this->*funcAdd[llvm::cryptoutils->get_range(NUMBER_ADD_SUBST)])(
+ cast<BinaryOperator>(inst));
+ ++Add;
+ break;
+ case BinaryOperator::Sub:
+ // case BinaryOperator::FSub:
+ // Substitute with random sub operation
+ (this->*funcSub[llvm::cryptoutils->get_range(NUMBER_SUB_SUBST)])(
+ cast<BinaryOperator>(inst));
+ ++Sub;
+ break;
+ case BinaryOperator::Mul:
+ case BinaryOperator::FMul:
+ //++Mul;
+ break;
+ case BinaryOperator::UDiv:
+ case BinaryOperator::SDiv:
+ case BinaryOperator::FDiv:
+ //++Div;
+ break;
+ case BinaryOperator::URem:
+ case BinaryOperator::SRem:
+ case BinaryOperator::FRem:
+ //++Rem;
+ break;
+ case Instruction::Shl:
+ //++Shi;
+ break;
+ case Instruction::LShr:
+ //++Shi;
+ break;
+ case Instruction::AShr:
+ //++Shi;
+ break;
+ case Instruction::And:
+ (this->*
+ funcAnd[llvm::cryptoutils->get_range(2)])(cast<BinaryOperator>(inst));
+ ++And;
+ break;
+ case Instruction::Or:
+ (this->*
+ funcOr[llvm::cryptoutils->get_range(2)])(cast<BinaryOperator>(inst));
+ ++Or;
+ break;
+ case Instruction::Xor:
+ (this->*
+ funcXor[llvm::cryptoutils->get_range(2)])(cast<BinaryOperator>(inst));
+ ++Xor;
+ break;
+ default:
+ break;
+ } // End switch
+ } // End isBinaryOp
+ } // End for basickblock
+ } // End for Function
+ } while (--times > 0); // for times
+ return false;
+}
+
+// Implementation of a = b - (-c)
+void Substitution::addNeg(BinaryOperator *bo) {
+ BinaryOperator *op = NULL;
+
+ // Create sub
+ if (bo->getOpcode() == Instruction::Add) {
+ op = BinaryOperator::CreateNeg(bo->getOperand(1), "", bo);
+ op =
+ BinaryOperator::Create(Instruction::Sub, bo->getOperand(0), op, "", bo);
+
+ // Check signed wrap
+ //op->setHasNoSignedWrap(bo->hasNoSignedWrap());
+ //op->setHasNoUnsignedWrap(bo->hasNoUnsignedWrap());
+
+ bo->replaceAllUsesWith(op);
+ }/* else {
+ op = BinaryOperator::CreateFNeg(bo->getOperand(1), "", bo);
+ op = BinaryOperator::Create(Instruction::FSub, bo->getOperand(0), op, "",
+ bo);
+ }*/
+}
+
+// Implementation of a = -(-b + (-c))
+void Substitution::addDoubleNeg(BinaryOperator *bo) {
+ BinaryOperator *op, *op2 = NULL;
+
+ if (bo->getOpcode() == Instruction::Add) {
+ op = BinaryOperator::CreateNeg(bo->getOperand(0), "", bo);
+ op2 = BinaryOperator::CreateNeg(bo->getOperand(1), "", bo);
+ op = BinaryOperator::Create(Instruction::Add, op, op2, "", bo);
+ op = BinaryOperator::CreateNeg(op, "", bo);
+
+ // Check signed wrap
+ //op->setHasNoSignedWrap(bo->hasNoSignedWrap());
+ //op->setHasNoUnsignedWrap(bo->hasNoUnsignedWrap());
+ } else {
+ op = BinaryOperator::CreateFNeg(bo->getOperand(0), "", bo);
+ op2 = BinaryOperator::CreateFNeg(bo->getOperand(1), "", bo);
+ op = BinaryOperator::Create(Instruction::FAdd, op, op2, "", bo);
+ op = BinaryOperator::CreateFNeg(op, "", bo);
+ }
+
+ bo->replaceAllUsesWith(op);
+}
+
+// Implementation of r = rand (); a = b + r; a = a + c; a = a - r
+void Substitution::addRand(BinaryOperator *bo) {
+ BinaryOperator *op = NULL;
+
+ if (bo->getOpcode() == Instruction::Add) {
+ Type *ty = bo->getType();
+ ConstantInt *co =
+ (ConstantInt *)ConstantInt::get(ty, llvm::cryptoutils->get_uint64_t());
+ op =
+ BinaryOperator::Create(Instruction::Add, bo->getOperand(0), co, "", bo);
+ op =
+ BinaryOperator::Create(Instruction::Add, op, bo->getOperand(1), "", bo);
+ op = BinaryOperator::Create(Instruction::Sub, op, co, "", bo);
+
+ // Check signed wrap
+ //op->setHasNoSignedWrap(bo->hasNoSignedWrap());
+ //op->setHasNoUnsignedWrap(bo->hasNoUnsignedWrap());
+
+ bo->replaceAllUsesWith(op);
+ }
+ /* else {
+ Type *ty = bo->getType();
+ ConstantFP *co =
+ (ConstantFP*)ConstantFP::get(ty,(float)llvm::cryptoutils->get_uint64_t());
+ op = BinaryOperator::Create(Instruction::FAdd,bo->getOperand(0),co,"",bo);
+ op = BinaryOperator::Create(Instruction::FAdd,op,bo->getOperand(1),"",bo);
+ op = BinaryOperator::Create(Instruction::FSub,op,co,"",bo);
+ } */
+}
+
+// Implementation of r = rand (); a = b - r; a = a + b; a = a + r
+void Substitution::addRand2(BinaryOperator *bo) {
+ BinaryOperator *op = NULL;
+
+ if (bo->getOpcode() == Instruction::Add) {
+ Type *ty = bo->getType();
+ ConstantInt *co =
+ (ConstantInt *)ConstantInt::get(ty, llvm::cryptoutils->get_uint64_t());
+ op =
+ BinaryOperator::Create(Instruction::Sub, bo->getOperand(0), co, "", bo);
+ op =
+ BinaryOperator::Create(Instruction::Add, op, bo->getOperand(1), "", bo);
+ op = BinaryOperator::Create(Instruction::Add, op, co, "", bo);
+
+ // Check signed wrap
+ //op->setHasNoSignedWrap(bo->hasNoSignedWrap());
+ //op->setHasNoUnsignedWrap(bo->hasNoUnsignedWrap());
+
+ bo->replaceAllUsesWith(op);
+ }
+ /* else {
+ Type *ty = bo->getType();
+ ConstantFP *co =
+ (ConstantFP*)ConstantFP::get(ty,(float)llvm::cryptoutils->get_uint64_t());
+ op = BinaryOperator::Create(Instruction::FAdd,bo->getOperand(0),co,"",bo);
+ op = BinaryOperator::Create(Instruction::FAdd,op,bo->getOperand(1),"",bo);
+ op = BinaryOperator::Create(Instruction::FSub,op,co,"",bo);
+ } */
+}
+
+// Implementation of a = b + (-c)
+void Substitution::subNeg(BinaryOperator *bo) {
+ BinaryOperator *op = NULL;
+
+ if (bo->getOpcode() == Instruction::Sub) {
+ op = BinaryOperator::CreateNeg(bo->getOperand(1), "", bo);
+ op =
+ BinaryOperator::Create(Instruction::Add, bo->getOperand(0), op, "", bo);
+
+ // Check signed wrap
+ //op->setHasNoSignedWrap(bo->hasNoSignedWrap());
+ //op->setHasNoUnsignedWrap(bo->hasNoUnsignedWrap());
+ } else {
+ op = BinaryOperator::CreateFNeg(bo->getOperand(1), "", bo);
+ op = BinaryOperator::Create(Instruction::FAdd, bo->getOperand(0), op, "",
+ bo);
+ }
+
+ bo->replaceAllUsesWith(op);
+}
+
+// Implementation of r = rand (); a = b + r; a = a - c; a = a - r
+void Substitution::subRand(BinaryOperator *bo) {
+ BinaryOperator *op = NULL;
+
+ if (bo->getOpcode() == Instruction::Sub) {
+ Type *ty = bo->getType();
+ ConstantInt *co =
+ (ConstantInt *)ConstantInt::get(ty, llvm::cryptoutils->get_uint64_t());
+ op =
+ BinaryOperator::Create(Instruction::Add, bo->getOperand(0), co, "", bo);
+ op =
+ BinaryOperator::Create(Instruction::Sub, op, bo->getOperand(1), "", bo);
+ op = BinaryOperator::Create(Instruction::Sub, op, co, "", bo);
+
+ // Check signed wrap
+ //op->setHasNoSignedWrap(bo->hasNoSignedWrap());
+ //op->setHasNoUnsignedWrap(bo->hasNoUnsignedWrap());
+
+ bo->replaceAllUsesWith(op);
+ }
+ /* else {
+ Type *ty = bo->getType();
+ ConstantFP *co =
+ (ConstantFP*)ConstantFP::get(ty,(float)llvm::cryptoutils->get_uint64_t());
+ op = BinaryOperator::Create(Instruction::FAdd,bo->getOperand(0),co,"",bo);
+ op = BinaryOperator::Create(Instruction::FSub,op,bo->getOperand(1),"",bo);
+ op = BinaryOperator::Create(Instruction::FSub,op,co,"",bo);
+ } */
+}
+
+// Implementation of r = rand (); a = b - r; a = a - c; a = a + r
+void Substitution::subRand2(BinaryOperator *bo) {
+ BinaryOperator *op = NULL;
+
+ if (bo->getOpcode() == Instruction::Sub) {
+ Type *ty = bo->getType();
+ ConstantInt *co =
+ (ConstantInt *)ConstantInt::get(ty, llvm::cryptoutils->get_uint64_t());
+ op =
+ BinaryOperator::Create(Instruction::Sub, bo->getOperand(0), co, "", bo);
+ op =
+ BinaryOperator::Create(Instruction::Sub, op, bo->getOperand(1), "", bo);
+ op = BinaryOperator::Create(Instruction::Add, op, co, "", bo);
+
+ // Check signed wrap
+ //op->setHasNoSignedWrap(bo->hasNoSignedWrap());
+ //op->setHasNoUnsignedWrap(bo->hasNoUnsignedWrap());
+
+ bo->replaceAllUsesWith(op);
+ }
+ /* else {
+ Type *ty = bo->getType();
+ ConstantFP *co =
+ (ConstantFP*)ConstantFP::get(ty,(float)llvm::cryptoutils->get_uint64_t());
+ op = BinaryOperator::Create(Instruction::FSub,bo->getOperand(0),co,"",bo);
+ op = BinaryOperator::Create(Instruction::FSub,op,bo->getOperand(1),"",bo);
+ op = BinaryOperator::Create(Instruction::FAdd,op,co,"",bo);
+ } */
+}
+
+// Implementation of a = b & c => a = (b^~c)& b
+void Substitution::andSubstitution(BinaryOperator *bo) {
+ BinaryOperator *op = NULL;
+
+ // Create NOT on second operand => ~c
+ op = BinaryOperator::CreateNot(bo->getOperand(1), "", bo);
+
+ // Create XOR => (b^~c)
+ BinaryOperator *op1 =
+ BinaryOperator::Create(Instruction::Xor, bo->getOperand(0), op, "", bo);
+
+ // Create AND => (b^~c) & b
+ op = BinaryOperator::Create(Instruction::And, op1, bo->getOperand(0), "", bo);
+ bo->replaceAllUsesWith(op);
+}
+
+// Implementation of a = a && b <=> !(!a | !b) && (r | !r)
+void Substitution::andSubstitutionRand(BinaryOperator *bo) {
+ // Copy of the BinaryOperator type to create the random number with the
+ // same type of the operands
+ Type *ty = bo->getType();
+
+ // r (Random number)
+ ConstantInt *co =
+ (ConstantInt *)ConstantInt::get(ty, llvm::cryptoutils->get_uint64_t());
+
+ // !a
+ BinaryOperator *op = BinaryOperator::CreateNot(bo->getOperand(0), "", bo);
+
+ // !b
+ BinaryOperator *op1 = BinaryOperator::CreateNot(bo->getOperand(1), "", bo);
+
+ // !r
+ BinaryOperator *opr = BinaryOperator::CreateNot(co, "", bo);
+
+ // (!a | !b)
+ BinaryOperator *opa =
+ BinaryOperator::Create(Instruction::Or, op, op1, "", bo);
+
+ // (r | !r)
+ opr = BinaryOperator::Create(Instruction::Or, co, opr, "", bo);
+
+ // !(!a | !b)
+ op = BinaryOperator::CreateNot(opa, "", bo);
+
+ // !(!a | !b) && (r | !r)
+ op = BinaryOperator::Create(Instruction::And, op, opr, "", bo);
+
+ // We replace all the old AND operators with the new one transformed
+ bo->replaceAllUsesWith(op);
+}
+
+// Implementation of a = b | c => a = (b & c) | (b ^ c)
+void Substitution::orSubstitutionRand(BinaryOperator *bo) {
+
+ Type *ty = bo->getType();
+ ConstantInt *co =
+ (ConstantInt *)ConstantInt::get(ty, llvm::cryptoutils->get_uint64_t());
+
+ // !a
+ BinaryOperator *op = BinaryOperator::CreateNot(bo->getOperand(0), "", bo);
+
+ // !b
+ BinaryOperator *op1 = BinaryOperator::CreateNot(bo->getOperand(1), "", bo);
+
+ // !r
+ BinaryOperator *op2 = BinaryOperator::CreateNot(co, "", bo);
+
+ // !a && r
+ BinaryOperator *op3 =
+ BinaryOperator::Create(Instruction::And, op, co, "", bo);
+
+ // a && !r
+ BinaryOperator *op4 =
+ BinaryOperator::Create(Instruction::And, bo->getOperand(0), op2, "", bo);
+
+ // !b && r
+ BinaryOperator *op5 =
+ BinaryOperator::Create(Instruction::And, op1, co, "", bo);
+
+ // b && !r
+ BinaryOperator *op6 =
+ BinaryOperator::Create(Instruction::And, bo->getOperand(1), op2, "", bo);
+
+ // (!a && r) || (a && !r)
+ op3 = BinaryOperator::Create(Instruction::Or, op3, op4, "", bo);
+
+ // (!b && r) ||(b && !r)
+ op4 = BinaryOperator::Create(Instruction::Or, op5, op6, "", bo);
+
+ // (!a && r) || (a && !r) ^ (!b && r) ||(b && !r)
+ op5 = BinaryOperator::Create(Instruction::Xor, op3, op4, "", bo);
+
+ // !a || !b
+ op3 = BinaryOperator::Create(Instruction::Or, op, op1, "", bo);
+
+ // !(!a || !b)
+ op3 = BinaryOperator::CreateNot(op3, "", bo);
+
+ // r || !r
+ op4 = BinaryOperator::Create(Instruction::Or, co, op2, "", bo);
+
+ // !(!a || !b) && (r || !r)
+ op4 = BinaryOperator::Create(Instruction::And, op3, op4, "", bo);
+
+ // [(!a && r) || (a && !r) ^ (!b && r) ||(b && !r) ] || [!(!a || !b) && (r ||
+ // !r)]
+ op = BinaryOperator::Create(Instruction::Or, op5, op4, "", bo);
+ bo->replaceAllUsesWith(op);
+}
+
+void Substitution::orSubstitution(BinaryOperator *bo) {
+ BinaryOperator *op = NULL;
+
+ // Creating first operand (b & c)
+ op = BinaryOperator::Create(Instruction::And, bo->getOperand(0),
+ bo->getOperand(1), "", bo);
+
+ // Creating second operand (b ^ c)
+ BinaryOperator *op1 = BinaryOperator::Create(
+ Instruction::Xor, bo->getOperand(0), bo->getOperand(1), "", bo);
+
+ // final op
+ op = BinaryOperator::Create(Instruction::Or, op, op1, "", bo);
+ bo->replaceAllUsesWith(op);
+}
+
+// Implementation of a = a ~ b => a = (!a && b) || (a && !b)
+void Substitution::xorSubstitution(BinaryOperator *bo) {
+ BinaryOperator *op = NULL;
+
+ // Create NOT on first operand
+ op = BinaryOperator::CreateNot(bo->getOperand(0), "", bo); // !a
+
+ // Create AND
+ op = BinaryOperator::Create(Instruction::And, bo->getOperand(1), op, "",
+ bo); // !a && b
+
+ // Create NOT on second operand
+ BinaryOperator *op1 =
+ BinaryOperator::CreateNot(bo->getOperand(1), "", bo); // !b
+
+ // Create AND
+ op1 = BinaryOperator::Create(Instruction::And, bo->getOperand(0), op1, "",
+ bo); // a && !b
+
+ // Create OR
+ op = BinaryOperator::Create(Instruction::Or, op, op1, "",
+ bo); // (!a && b) || (a && !b)
+ bo->replaceAllUsesWith(op);
+}
+
+// implementation of a = a ^ b <=> (a ^ r) ^ (b ^ r) <=> (!a && r || a && !r) ^
+// (!b && r || b && !r)
+// note : r is a random number
+void Substitution::xorSubstitutionRand(BinaryOperator *bo) {
+ BinaryOperator *op = NULL;
+
+ Type *ty = bo->getType();
+ ConstantInt *co =
+ (ConstantInt *)ConstantInt::get(ty, llvm::cryptoutils->get_uint64_t());
+
+ // !a
+ op = BinaryOperator::CreateNot(bo->getOperand(0), "", bo);
+
+ // !a && r
+ op = BinaryOperator::Create(Instruction::And, co, op, "", bo);
+
+ // !r
+ BinaryOperator *opr = BinaryOperator::CreateNot(co, "", bo);
+
+ // a && !r
+ BinaryOperator *op1 =
+ BinaryOperator::Create(Instruction::And, bo->getOperand(0), opr, "", bo);
+
+ // !b
+ BinaryOperator *op2 = BinaryOperator::CreateNot(bo->getOperand(1), "", bo);
+
+ // !b && r
+ op2 = BinaryOperator::Create(Instruction::And, op2, co, "", bo);
+
+ // b && !r
+ BinaryOperator *op3 =
+ BinaryOperator::Create(Instruction::And, bo->getOperand(1), opr, "", bo);
+
+ // (!a && r) || (a && !r)
+ op = BinaryOperator::Create(Instruction::Or, op, op1, "", bo);
+
+ // (!b && r) || (b && !r)
+ op1 = BinaryOperator::Create(Instruction::Or, op2, op3, "", bo);
+
+ // (!a && r) || (a && !r) ^ (!b && r) || (b && !r)
+ op = BinaryOperator::Create(Instruction::Xor, op, op1, "", bo);
+ bo->replaceAllUsesWith(op);
+}
+
diff --git a/llvm/lib/Transforms/Obfuscation/Utils.cpp b/llvm/lib/Transforms/Obfuscation/Utils.cpp
new file mode 100644
index 000000000000000..3801e3497bc4ba8
--- /dev/null
+++ b/llvm/lib/Transforms/Obfuscation/Utils.cpp
@@ -0,0 +1,148 @@
+#include "llvm/Transforms/Obfuscation/Utils.h"
+#include "llvm/Support/raw_ostream.h"
+#include <sstream>
+#include "llvm/IR/Module.h"
+
+// Shamefully borrowed from ../Scalar/RegToMem.cpp :(
+bool valueEscapes(Instruction *Inst) {
+ BasicBlock *BB = Inst->getParent();
+ for (Value::use_iterator UI = Inst->use_begin(), E = Inst->use_end(); UI != E;
+ ++UI) {
+ Instruction *I = cast<Instruction>(*UI);
+ if (I->getParent() != BB || isa<PHINode>(I)) {
+ return true;
+ }
+ }
+ return false;
+}
+
+void fixStack(Function *f) {
+ // Try to remove phi node and demote reg to stack
+ std::vector<PHINode *> tmpPhi;
+ std::vector<Instruction *> tmpReg;
+ BasicBlock *bbEntry = &*f->begin();
+
+ do {
+ tmpPhi.clear();
+ tmpReg.clear();
+
+ for (Function::iterator i = f->begin(); i != f->end(); ++i) {
+
+ for (BasicBlock::iterator j = i->begin(); j != i->end(); ++j) {
+
+ if (isa<PHINode>(j)) {
+ PHINode *phi = cast<PHINode>(j);
+ tmpPhi.push_back(phi);
+ continue;
+ }
+ if (!(isa<AllocaInst>(j) && j->getParent() == bbEntry) &&
+ (valueEscapes(&*j) || j->isUsedOutsideOfBlock(&*i))) {
+ tmpReg.push_back(&*j);
+ continue;
+ }
+ }
+ }
+ for (unsigned int i = 0; i != tmpReg.size(); ++i) {
+ DemoteRegToStack(*tmpReg.at(i), f->begin()->getTerminator());
+ }
+
+ for (unsigned int i = 0; i != tmpPhi.size(); ++i) {
+ DemotePHIToStack(tmpPhi.at(i), f->begin()->getTerminator());
+ }
+
+ } while (tmpReg.size() != 0 || tmpPhi.size() != 0);
+}
+
+std::string readAnnotate(Function *f) {
+ std::string annotation = "";
+
+ // Get annotation variable
+ GlobalVariable *glob =
+ f->getParent()->getGlobalVariable("llvm.global.annotations");
+
+ if (glob != NULL) {
+ // Get the array
+ if (ConstantArray *ca = dyn_cast<ConstantArray>(glob->getInitializer())) {
+ for (unsigned i = 0; i < ca->getNumOperands(); ++i) {
+ // Get the struct
+ if (ConstantStruct *structAn =
+ dyn_cast<ConstantStruct>(ca->getOperand(i))) {
+ if (ConstantExpr *expr =
+ dyn_cast<ConstantExpr>(structAn->getOperand(0))) {
+ // If it's a bitcast we can check if the annotation is concerning
+ // the current function
+ if (expr->getOpcode() == Instruction::BitCast &&
+ expr->getOperand(0) == f) {
+ ConstantExpr *note = cast<ConstantExpr>(structAn->getOperand(1));
+ // If it's a GetElementPtr, that means we found the variable
+ // containing the annotations
+ if (note->getOpcode() == Instruction::GetElementPtr) {
+ if (GlobalVariable *annoteStr =
+ dyn_cast<GlobalVariable>(note->getOperand(0))) {
+ if (ConstantDataSequential *data =
+ dyn_cast<ConstantDataSequential>(
+ annoteStr->getInitializer())) {
+ if (data->isString()) {
+ annotation += data->getAsString().lower() + " ";
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ return annotation;
+}
+
+bool toObfuscate(bool flag, Function *f, std::string attribute) {
+ std::string attr = attribute;
+ std::string attrNo = "no" + attr;
+
+ // Check if declaration
+ if (f->isDeclaration()) {
+ return false;
+ }
+
+ // Check external linkage
+ if(f->hasAvailableExternallyLinkage() != 0) {
+ return false;
+ }
+
+ // We have to check the nofla flag first
+ // Because .find("fla") is true for a string like "fla" or
+ // "nofla"
+ if (readAnnotate(f).find(attrNo) != std::string::npos) {
+ return false;
+ }
+
+ // If fla annotations
+ if (readAnnotate(f).find(attr) != std::string::npos) {
+ return true;
+ }
+
+ // If fla flag is set
+ if (flag == true) {
+ /* Check if the number of applications is correct
+ if (!((Percentage > 0) && (Percentage <= 100))) {
+ LLVMContext &ctx = llvm::getGlobalContext();
+ ctx.emitError(Twine("Flattening application function\
+ percentage -perFLA=x must be 0 < x <= 100"));
+ }
+ // Check name
+ else if (func.size() != 0 && func.find(f->getName()) != std::string::npos) {
+ return true;
+ }
+
+ if ((((int)llvm::cryptoutils->get_range(100))) < Percentage) {
+ return true;
+ }
+ */
+ return true;
+ }
+
+ return false;
+}
+
More information about the llvm-branch-commits
mailing list