third_party/srtp/tables/aes_tables.c

/*
 * aes_tables.c
 * 
 * generate tables for the AES cipher
 * 
 * David A. McGrew
 * Cisco Systems, Inc.
 */
/*
 *	
 * Copyright(c) 2001-2006 Cisco Systems, Inc.
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 
 *   Redistributions of source code must retain the above copyright
 *   notice, this list of conditions and the following disclaimer.
 * 
 *   Redistributions in binary form must reproduce the above
 *   copyright notice, this list of conditions and the following
 *   disclaimer in the documentation and/or other materials provided
 *   with the distribution.
 * 
 *   Neither the name of the Cisco Systems, Inc. nor the names of its
 *   contributors may be used to endorse or promote products derived
 *   from this software without specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */

#include <stdio.h>
#include "gf2_8.h"
#include "crypto_math.h"


unsigned char aes_sbox[256];

unsigned char aes_inv_sbox[256];

uint32_t T0[256], T1[256], T2[256], T3[256], T4[256]; 


#define AES_INVERSE_TEST 0  /* set to 1 to test forward/backwards aes */

/* functions for precomputing AES values */

/*
 * A[] is the 8 x 8 binary matrix (represented as an array of columns,
 * where each column is an octet) which defines the affine
 * transformation used in the AES substitution table (Section
 * 4.2.1 of the spec).
 */

uint8_t A[8] = { 31, 62, 124, 248, 241, 227, 199, 143 };

/*
 * b is the 8 bit vector (represented as an octet) used in the affine
 * transform described above.
 */

uint8_t b = 99;


void
aes_init_sbox(void) {
  unsigned int i;
  uint8_t x;
  
  for (i=0; i < 256; i++) {
    x = gf2_8_compute_inverse((gf2_8)i);
    x = A_times_x_plus_b(A, x, b);
    aes_sbox[i] = x;
    aes_inv_sbox[x] = i;
  }
}

void
aes_compute_tables(void) {
  int i;
  uint32_t x1, x2, x3;
  v32_t tmp;

  /* initialize substitution table */
  aes_init_sbox();

  /* combine sbox with linear operations to form 8-bit to 32-bit tables */
  for (i=0; i < 256; i++) {
    x1 = aes_sbox[i];
    x2 = gf2_8_shift(x1);
    x3 = x2 ^ x1;

    tmp.v8[0] = x2;
    tmp.v8[1] = x1;
    tmp.v8[2] = x1;
    tmp.v8[3] = x3;
    T0[i] = tmp.value;

    tmp.v8[0] = x3;
    tmp.v8[1] = x2;
    tmp.v8[2] = x1;
    tmp.v8[3] = x1;
    T1[i] = tmp.value;
     
    tmp.v8[0] = x1;
    tmp.v8[1] = x3;
    tmp.v8[2] = x2;
    tmp.v8[3] = x1;
    T2[i] = tmp.value;

    tmp.v8[0] = x1;
    tmp.v8[1] = x1;
    tmp.v8[2] = x3;
    tmp.v8[3] = x2;
    T3[i] = tmp.value;
     
  }
}


/*
 * the tables U0, U1, U2, U3 implement the aes operations invSubBytes,
 * invMixColumns, and invShiftRows 
 */

uint32_t U0[256], U1[256], U2[256], U3[256], U4[256];

extern uint8_t aes_inv_sbox[256];

void
aes_compute_inv_tables(void) {
  int i;
  uint8_t x, xe, x9, xd, xb;
  v32_t tmp;

  /* combine sbox with linear operations to form 8-bit to 32-bit tables */
  for (i=0; i < 256; i++) {
     x = aes_inv_sbox[i];

     xe = gf2_8_multiply(0x0e, x);     
     x9 = gf2_8_multiply(0x09, x);     
     xd = gf2_8_multiply(0x0d, x);     
     xb = gf2_8_multiply(0x0b, x);     

     tmp.v8[0] = xe;
     tmp.v8[1] = x9;
     tmp.v8[2] = xd;
     tmp.v8[3] = xb;
     U0[i] = tmp.value;

     tmp.v8[0] = xb;
     tmp.v8[1] = xe;
     tmp.v8[2] = x9;
     tmp.v8[3] = xd;
     U1[i] = tmp.value;
     
     tmp.v8[0] = xd;
     tmp.v8[1] = xb;
     tmp.v8[2] = xe;
     tmp.v8[3] = x9;
     U2[i] = tmp.value;

     tmp.v8[0] = x9;
     tmp.v8[1] = xd;
     tmp.v8[2] = xb;
     tmp.v8[3] = xe;
     U3[i] = tmp.value;

     tmp.v8[0] = tmp.v8[1] = tmp.v8[2] = tmp.v8[3] = x;
     U4[i] = tmp.value;
   }
}


/*
 * aes_test_inverse() returns err_status_ok if aes
 * encryption and decryption are true inverses of each other, and
 * returns err_status_algo_fail otherwise
 */

#include "err.h"

err_status_t
aes_test_inverse(void);

#define TABLES_32BIT 1

int
main(void) {
  int i;

  aes_init_sbox();
  aes_compute_inv_tables();

#if TABLES_32BIT
  printf("uint32_t U0 = {");
  for (i=0; i < 256; i++) {
    if ((i % 4) == 0)
      printf("\n");
    printf("0x%0x, ", U0[i]);
  }
  printf("\n}\n");

 printf("uint32_t U1 = {");
  for (i=0; i < 256; i++) {
    if ((i % 4) == 0)
      printf("\n");
    printf("0x%x, ", U1[i]);
  }
  printf("\n}\n");

 printf("uint32_t U2 = {");
  for (i=0; i < 256; i++) {
    if ((i % 4) == 0)
      printf("\n");
    printf("0x%x, ", U2[i]);
  }
  printf("\n}\n");

 printf("uint32_t U3 = {");
  for (i=0; i < 256; i++) {
    if ((i % 4) == 0)
      printf("\n");
    printf("0x%x, ", U3[i]);
  }
  printf("\n}\n");

 printf("uint32_t U4 = {");
 for (i=0; i < 256; i++) {
    if ((i % 4) == 0)
      printf("\n");
    printf("0x%x, ", U4[i]);
  }
  printf("\n}\n");

#else

  printf("uint32_t U0 = {");
  for (i=0; i < 256; i++) {
    if ((i % 4) == 0)
      printf("\n");
    printf("0x%lx, ", U0[i]);
  }
  printf("\n}\n");

 printf("uint32_t U1 = {");
  for (i=0; i < 256; i++) {
    if ((i % 4) == 0)
      printf("\n");
    printf("0x%lx, ", U1[i]);
  }
  printf("\n}\n");

 printf("uint32_t U2 = {");
  for (i=0; i < 256; i++) {
    if ((i % 4) == 0)
      printf("\n");
    printf("0x%lx, ", U2[i]);
  }
  printf("\n}\n");

 printf("uint32_t U3 = {");
  for (i=0; i < 256; i++) {
    if ((i % 4) == 0)
      printf("\n");
    printf("0x%lx, ", U3[i]);
  }
  printf("\n}\n");

 printf("uint32_t U4 = {");
 for (i=0; i < 256; i++) {
    if ((i % 4) == 0)
      printf("\n");
    printf("0x%lx, ", U4[i]);
  }
  printf("\n}\n");


#endif /* TABLES_32BIT */


#if AES_INVERSE_TEST
  /* 
   * test that aes_encrypt and aes_decrypt are actually
   * inverses of each other 
   */
    
  printf("aes inverse test: ");
  if (aes_test_inverse() == err_status_ok)
    printf("passed\n");
  else {
    printf("failed\n");
    exit(1);
  }
#endif
  
  return 0;
}

#if AES_INVERSE_TEST

err_status_t
aes_test_inverse(void) {
  v128_t x, y;
  aes_expanded_key_t expanded_key, decrypt_key;
  uint8_t plaintext[16] = {
    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
    0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 
  };
  uint8_t key[16] = {
    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 
    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
  };
  v128_t k;
  v128_set_to_zero(&x);
  
  v128_copy_octet_string(&k, key);
  v128_copy_octet_string(&x, plaintext);
  aes_expand_encryption_key(k, expanded_key);
  aes_expand_decryption_key(k, decrypt_key);
  aes_encrypt(&x, expanded_key);
  aes_decrypt(&x, decrypt_key);
  
  /* compare to expected value then report */
  v128_copy_octet_string(&y, plaintext);

  if (v128_is_eq(&x, &y))
    return err_status_ok;
  return err_status_algo_fail;
  
}
 
#endif