| /* |
| * aes_tables.c |
| * |
| * generate tables for the AES cipher |
| * |
| * David A. McGrew |
| * Cisco Systems, Inc. |
| */ |
| /* |
| * |
| * Copyright(c) 2001-2006 Cisco Systems, Inc. |
| * All rights reserved. |
| * |
| * Redistribution and use in source and binary forms, with or without |
| * modification, are permitted provided that the following conditions |
| * are met: |
| * |
| * Redistributions of source code must retain the above copyright |
| * notice, this list of conditions and the following disclaimer. |
| * |
| * Redistributions in binary form must reproduce the above |
| * copyright notice, this list of conditions and the following |
| * disclaimer in the documentation and/or other materials provided |
| * with the distribution. |
| * |
| * Neither the name of the Cisco Systems, Inc. nor the names of its |
| * contributors may be used to endorse or promote products derived |
| * from this software without specific prior written permission. |
| * |
| * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
| * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
| * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |
| * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
| * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| * OF THE POSSIBILITY OF SUCH DAMAGE. |
| * |
| */ |
| |
| #include <stdio.h> |
| #include "gf2_8.h" |
| #include "crypto_math.h" |
| |
| |
| unsigned char aes_sbox[256]; |
| |
| unsigned char aes_inv_sbox[256]; |
| |
| uint32_t T0[256], T1[256], T2[256], T3[256], T4[256]; |
| |
| |
| #define AES_INVERSE_TEST 0 /* set to 1 to test forward/backwards aes */ |
| |
| /* functions for precomputing AES values */ |
| |
| /* |
| * A[] is the 8 x 8 binary matrix (represented as an array of columns, |
| * where each column is an octet) which defines the affine |
| * transformation used in the AES substitution table (Section |
| * 4.2.1 of the spec). |
| */ |
| |
| uint8_t A[8] = { 31, 62, 124, 248, 241, 227, 199, 143 }; |
| |
| /* |
| * b is the 8 bit vector (represented as an octet) used in the affine |
| * transform described above. |
| */ |
| |
| uint8_t b = 99; |
| |
| |
| void |
| aes_init_sbox(void) { |
| unsigned int i; |
| uint8_t x; |
| |
| for (i=0; i < 256; i++) { |
| x = gf2_8_compute_inverse((gf2_8)i); |
| x = A_times_x_plus_b(A, x, b); |
| aes_sbox[i] = x; |
| aes_inv_sbox[x] = i; |
| } |
| } |
| |
| void |
| aes_compute_tables(void) { |
| int i; |
| uint32_t x1, x2, x3; |
| v32_t tmp; |
| |
| /* initialize substitution table */ |
| aes_init_sbox(); |
| |
| /* combine sbox with linear operations to form 8-bit to 32-bit tables */ |
| for (i=0; i < 256; i++) { |
| x1 = aes_sbox[i]; |
| x2 = gf2_8_shift(x1); |
| x3 = x2 ^ x1; |
| |
| tmp.v8[0] = x2; |
| tmp.v8[1] = x1; |
| tmp.v8[2] = x1; |
| tmp.v8[3] = x3; |
| T0[i] = tmp.value; |
| |
| tmp.v8[0] = x3; |
| tmp.v8[1] = x2; |
| tmp.v8[2] = x1; |
| tmp.v8[3] = x1; |
| T1[i] = tmp.value; |
| |
| tmp.v8[0] = x1; |
| tmp.v8[1] = x3; |
| tmp.v8[2] = x2; |
| tmp.v8[3] = x1; |
| T2[i] = tmp.value; |
| |
| tmp.v8[0] = x1; |
| tmp.v8[1] = x1; |
| tmp.v8[2] = x3; |
| tmp.v8[3] = x2; |
| T3[i] = tmp.value; |
| |
| } |
| } |
| |
| |
| /* |
| * the tables U0, U1, U2, U3 implement the aes operations invSubBytes, |
| * invMixColumns, and invShiftRows |
| */ |
| |
| uint32_t U0[256], U1[256], U2[256], U3[256], U4[256]; |
| |
| extern uint8_t aes_inv_sbox[256]; |
| |
| void |
| aes_compute_inv_tables(void) { |
| int i; |
| uint8_t x, xe, x9, xd, xb; |
| v32_t tmp; |
| |
| /* combine sbox with linear operations to form 8-bit to 32-bit tables */ |
| for (i=0; i < 256; i++) { |
| x = aes_inv_sbox[i]; |
| |
| xe = gf2_8_multiply(0x0e, x); |
| x9 = gf2_8_multiply(0x09, x); |
| xd = gf2_8_multiply(0x0d, x); |
| xb = gf2_8_multiply(0x0b, x); |
| |
| tmp.v8[0] = xe; |
| tmp.v8[1] = x9; |
| tmp.v8[2] = xd; |
| tmp.v8[3] = xb; |
| U0[i] = tmp.value; |
| |
| tmp.v8[0] = xb; |
| tmp.v8[1] = xe; |
| tmp.v8[2] = x9; |
| tmp.v8[3] = xd; |
| U1[i] = tmp.value; |
| |
| tmp.v8[0] = xd; |
| tmp.v8[1] = xb; |
| tmp.v8[2] = xe; |
| tmp.v8[3] = x9; |
| U2[i] = tmp.value; |
| |
| tmp.v8[0] = x9; |
| tmp.v8[1] = xd; |
| tmp.v8[2] = xb; |
| tmp.v8[3] = xe; |
| U3[i] = tmp.value; |
| |
| tmp.v8[0] = tmp.v8[1] = tmp.v8[2] = tmp.v8[3] = x; |
| U4[i] = tmp.value; |
| } |
| } |
| |
| |
| /* |
| * aes_test_inverse() returns err_status_ok if aes |
| * encryption and decryption are true inverses of each other, and |
| * returns err_status_algo_fail otherwise |
| */ |
| |
| #include "err.h" |
| |
| err_status_t |
| aes_test_inverse(void); |
| |
| #define TABLES_32BIT 1 |
| |
| #ifndef HIDE_AES_TABLES_MAIN |
| |
| int |
| main(void) { |
| int i; |
| |
| aes_init_sbox(); |
| aes_compute_inv_tables(); |
| |
| #if TABLES_32BIT |
| printf("uint32_t U0 = {"); |
| for (i=0; i < 256; i++) { |
| if ((i % 4) == 0) |
| printf("\n"); |
| printf("0x%0x, ", U0[i]); |
| } |
| printf("\n}\n"); |
| |
| printf("uint32_t U1 = {"); |
| for (i=0; i < 256; i++) { |
| if ((i % 4) == 0) |
| printf("\n"); |
| printf("0x%x, ", U1[i]); |
| } |
| printf("\n}\n"); |
| |
| printf("uint32_t U2 = {"); |
| for (i=0; i < 256; i++) { |
| if ((i % 4) == 0) |
| printf("\n"); |
| printf("0x%x, ", U2[i]); |
| } |
| printf("\n}\n"); |
| |
| printf("uint32_t U3 = {"); |
| for (i=0; i < 256; i++) { |
| if ((i % 4) == 0) |
| printf("\n"); |
| printf("0x%x, ", U3[i]); |
| } |
| printf("\n}\n"); |
| |
| printf("uint32_t U4 = {"); |
| for (i=0; i < 256; i++) { |
| if ((i % 4) == 0) |
| printf("\n"); |
| printf("0x%x, ", U4[i]); |
| } |
| printf("\n}\n"); |
| |
| #else |
| |
| printf("uint32_t U0 = {"); |
| for (i=0; i < 256; i++) { |
| if ((i % 4) == 0) |
| printf("\n"); |
| printf("0x%lx, ", U0[i]); |
| } |
| printf("\n}\n"); |
| |
| printf("uint32_t U1 = {"); |
| for (i=0; i < 256; i++) { |
| if ((i % 4) == 0) |
| printf("\n"); |
| printf("0x%lx, ", U1[i]); |
| } |
| printf("\n}\n"); |
| |
| printf("uint32_t U2 = {"); |
| for (i=0; i < 256; i++) { |
| if ((i % 4) == 0) |
| printf("\n"); |
| printf("0x%lx, ", U2[i]); |
| } |
| printf("\n}\n"); |
| |
| printf("uint32_t U3 = {"); |
| for (i=0; i < 256; i++) { |
| if ((i % 4) == 0) |
| printf("\n"); |
| printf("0x%lx, ", U3[i]); |
| } |
| printf("\n}\n"); |
| |
| printf("uint32_t U4 = {"); |
| for (i=0; i < 256; i++) { |
| if ((i % 4) == 0) |
| printf("\n"); |
| printf("0x%lx, ", U4[i]); |
| } |
| printf("\n}\n"); |
| |
| |
| #endif /* TABLES_32BIT */ |
| |
| |
| #if AES_INVERSE_TEST |
| /* |
| * test that aes_encrypt and aes_decrypt are actually |
| * inverses of each other |
| */ |
| |
| printf("aes inverse test: "); |
| if (aes_test_inverse() == err_status_ok) |
| printf("passed\n"); |
| else { |
| printf("failed\n"); |
| exit(1); |
| } |
| #endif |
| |
| return 0; |
| } |
| |
| #endif // HIDE_AES_TABLES_MAIN |
| |
| #if AES_INVERSE_TEST |
| |
| err_status_t |
| aes_test_inverse(void) { |
| v128_t x, y; |
| aes_expanded_key_t expanded_key, decrypt_key; |
| uint8_t plaintext[16] = { |
| 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, |
| 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff |
| }; |
| uint8_t key[16] = { |
| 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, |
| 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f |
| }; |
| v128_t k; |
| v128_set_to_zero(&x); |
| |
| v128_copy_octet_string(&k, key); |
| v128_copy_octet_string(&x, plaintext); |
| aes_expand_encryption_key(k, expanded_key); |
| aes_expand_decryption_key(k, decrypt_key); |
| aes_encrypt(&x, expanded_key); |
| aes_decrypt(&x, decrypt_key); |
| |
| /* compare to expected value then report */ |
| v128_copy_octet_string(&y, plaintext); |
| |
| if (v128_is_eq(&x, &y)) |
| return err_status_ok; |
| return err_status_algo_fail; |
| |
| } |
| |
| #endif |
