Ejemplo n.º 1
0
// GenerateEncryptionKeys creates a white-boxed version of AES with given key for encryption, with any non-determinism
// generated by seed. Opts specifies what type of input and output masks we put on the construction and should be in
// common.{IndependentMasks, SameMasks, MatchingMasks}.
func GenerateEncryptionKeys(key, seed []byte, opts common.KeyGenerationOpts) (out Construction, inputMask, outputMask matrix.Matrix) {
	rs := random.NewSource("Chow Encryption", seed)

	constr := saes.Construction{key}
	roundKeys := constr.StretchedKey()

	// Apply ShiftRows to round keys 0 to 9.
	for k := 0; k < 10; k++ {
		constr.ShiftRows(roundKeys[k])
	}

	skinny := func(pos int) table.Byte {
		return common.TBox{constr, roundKeys[9][pos], roundKeys[10][pos]}
	}

	wide := func(round, pos int) table.Word {
		return table.ComposedToWord{
			common.TBox{Constr: constr, KeyByte1: roundKeys[round][pos]},
			common.TyiTable(pos % 4),
		}
	}

	generateKeys(&rs, opts, &out, &inputMask, &outputMask, common.ShiftRows, skinny, wide)

	return
}
Ejemplo n.º 2
0
// GenerateDecryptionKeys creates a white-boxed version of AES with given key for decryption, with any non-determinism
// generated by seed. Opts specifies what type of input and output masks we put on the construction and should be in
// common.{IndependentMasks, SameMasks, MatchingMasks}.
func GenerateDecryptionKeys(key, seed []byte, opts common.KeyGenerationOpts) (out Construction, inputMask, outputMask matrix.Matrix) {
	rs := random.NewSource("Chow Decryption", seed)

	constr := saes.Construction{key}
	roundKeys := constr.StretchedKey()

	// Last key needs to be unshifted for decryption to work right.
	constr.UnShiftRows(roundKeys[10])

	skinny := func(pos int) table.Byte {
		return common.InvTBox{constr, 0x00, roundKeys[0][pos]}
	}

	wide := func(round, pos int) table.Word {
		if round == 0 {
			return table.ComposedToWord{
				common.InvTBox{Constr: constr, KeyByte1: roundKeys[10][pos], KeyByte2: roundKeys[9][pos]},
				common.InvTyiTable(pos % 4),
			}
		} else {
			return table.ComposedToWord{
				common.InvTBox{Constr: constr, KeyByte2: roundKeys[9-round][pos]},
				common.InvTyiTable(pos % 4),
			}
		}
	}

	generateKeys(&rs, opts, &out, &inputMask, &outputMask, common.UnShiftRows, skinny, wide)

	return
}
Ejemplo n.º 3
0
// GenerateDecryptionKeys creates a white-boxed version of the AES key `key` for decryption, with any non-determinism
// generated by `seed`.
func GenerateDecryptionKeys(key, seed []byte, opts common.KeyGenerationOpts) (out Construction, inputMask, outputMask matrix.Matrix) {
	rs := random.NewSource("Xiao Decryption", seed)

	constr := saes.Construction{key}
	roundKeys := constr.StretchedKey()

	// Apply UnShiftRows to round keys 10.
	constr.UnShiftRows(roundKeys[10])

	hidden := func(round, pos int) table.DoubleToWord {
		if round == 0 {
			return tBoxMixCol{
				[2]table.Byte{
					common.InvTBox{constr, roundKeys[10][pos+0], roundKeys[9][pos+0]},
					common.InvTBox{constr, roundKeys[10][pos+1], roundKeys[9][pos+1]},
				},
				unMixColumns,
				sideFromPos(pos),
			}
		} else if 0 < round && round < 9 {
			return tBoxMixCol{
				[2]table.Byte{
					common.InvTBox{constr, 0x00, roundKeys[9-round][pos+0]},
					common.InvTBox{constr, 0x00, roundKeys[9-round][pos+1]},
				},
				unMixColumns,
				sideFromPos(pos),
			}
		} else {
			return tBox{
				[2]table.Byte{
					common.InvTBox{constr, 0x00, roundKeys[0][pos+0]},
					common.InvTBox{constr, 0x00, roundKeys[0][pos+1]},
				},
				sideFromPos(pos),
			}
		}
	}

	common.GenerateMasks(&rs, opts, &inputMask, &outputMask)
	generateRoundMaterial(&rs, &out, hidden)
	generateBarriers(&rs, &out, &inputMask, &outputMask, &unShiftRows)

	return out, inputMask, outputMask
}
Ejemplo n.º 4
0
// GenerateKeys creates a white-boxed version of the AES key `key`, with any non-determinism generated by `seed`.
func GenerateKeys(key, seed []byte) (out Construction, inputMask, outputMask encoding.BlockAffine) {
	rs := random.NewSource("Ful Construction", seed)

	// Generate two completely random affine transformations, to be put on input and output of SPN.
	input, output := generateAffineMasks(&rs)

	// Steal key schedule logic from the standard AES construction.
	contr := saes.Construction{key}
	roundKeys := contr.StretchedKey()

	// Generate an SPN which has the input and output masks, but is otherwise un-obfuscated.
	out[0] = decomposition[0].compose(&blockAffine{
		linear:   matrix.GenerateIdentity(128),
		constant: matrix.Row(roundKeys[0]),
	}).compose(input)
	copy(out[1:5], decomposition[1:5])

	for i := 1; i < 10; i++ {
		out[4*i+0] = decomposition[0].compose(&blockAffine{
			linear:   round,
			constant: matrix.Row(roundKeys[i]).Add(subBytesConst),
		}).compose(out[4*i+0])
		copy(out[4*i+1:4*i+5], decomposition[1:5])
	}

	out[40] = output.compose(&blockAffine{
		linear:   lastRound,
		constant: matrix.Row(roundKeys[10]).Add(subBytesConst),
	}).compose(out[40])

	// Sample self-equivalences of the S-box layer and mix them into adjacent affine layers.
	label := make([]byte, 16)
	copy(label, []byte("Self-Eq"))
	r := rs.Stream(label)

	for i := 0; i < 40; i++ {
		a, bInv := generateSelfEquivalence(r, stateSize[i%4], compressSize[i%4])
		out[i] = a.compose(out[i])
		out[i+1] = out[i+1].compose(bInv)
	}

	return out, input.BlockAffine(), output.BlockAffine()
}
Ejemplo n.º 5
0
// GenerateKeys creates a white-boxed version of the AES key `key`, with any non-determinism generated by `seed`.
func GenerateKeys(key, seed []byte) (out Construction, inputMask, outputMask encoding.BlockAffine) {
	rs := random.NewSource("Toy Construction", seed)

	// Generate two completely random affine transformations, to be put on input and output of SPN.
	inputMask, outputMask = generateAffineMasks(&rs)

	// Steal key schedule logic from the standard AES construction.
	constr := saes.Construction{key}
	roundKeys := constr.StretchedKey()

	// Generate an SPN which has the input and output masks, but is otherwise un-obfuscated.
	out[0] = inputMask
	encoding.XOR(out[0].BlockAdditive[:], out[0].BlockAdditive[:], roundKeys[0])

	for i := 1; i < 10; i++ {
		out[i] = encoding.BlockAffine{
			BlockLinear:   encoding.BlockLinear{round, unRound},
			BlockAdditive: shiftRoundKey(roundKeys[i]),
		}
	}
	out[10] = encoding.BlockAffine{
		BlockLinear:   encoding.BlockLinear{lastRound, firstRound},
		BlockAdditive: shiftRoundKey(roundKeys[10]),
	}
	out[10], _ = encoding.DecomposeBlockAffine(encoding.ComposedBlocks{out[10], outputMask})

	// Sample a self-equivalences of the S-box layer and mix them into adjacent affine layers.
	label := make([]byte, 16)
	copy(label, []byte("Self-Eq"))
	r := rs.Stream(label)

	for i := 1; i < 11; i++ {
		a, bInv := generateSelfEquivalence(r)
		out[i-1], _ = encoding.DecomposeBlockAffine(encoding.ComposedBlocks{out[i-1], a})
		out[i], _ = encoding.DecomposeBlockAffine(encoding.ComposedBlocks{bInv, out[i]})
	}

	return
}
Ejemplo n.º 6
0
// GenerateEncryptionKeys creates a white-boxed version of the AES key `key` for encryption, with any non-determinism
// generated by `seed`.
func GenerateEncryptionKeys(key, seed []byte, opts common.KeyGenerationOpts) (out Construction, inputMask, outputMask matrix.Matrix) {
	rs := random.NewSource("Xiao Encryption", seed)

	constr := saes.Construction{key}
	roundKeys := constr.StretchedKey()

	// Apply ShiftRows to round keys 0 to 9.
	for k := 0; k < 10; k++ {
		constr.ShiftRows(roundKeys[k])
	}

	hidden := func(round, pos int) table.DoubleToWord {
		if round == 9 {
			return tBox{
				[2]table.Byte{
					common.TBox{constr, roundKeys[9][pos+0], roundKeys[10][pos+0]},
					common.TBox{constr, roundKeys[9][pos+1], roundKeys[10][pos+1]},
				},
				sideFromPos(pos),
			}
		} else {
			return tBoxMixCol{
				[2]table.Byte{
					common.TBox{constr, roundKeys[round][pos+0], 0x00},
					common.TBox{constr, roundKeys[round][pos+1], 0x00},
				},
				mixColumns,
				sideFromPos(pos),
			}
		}
	}

	common.GenerateMasks(&rs, opts, &inputMask, &outputMask)
	generateRoundMaterial(&rs, &out, hidden)
	generateBarriers(&rs, &out, &inputMask, &outputMask, &shiftRows)

	return out, inputMask, outputMask
}