// GenerateDecryptionKeys creates a white-boxed version of AES with given key for decryption, with any non-determinism // generated by seed. Opts specifies what type of input and output masks we put on the construction and should be in // common.{IndependentMasks, SameMasks, MatchingMasks}. func GenerateDecryptionKeys(key, seed []byte, opts common.KeyGenerationOpts) (out Construction, inputMask, outputMask matrix.Matrix) { rs := random.NewSource("Chow Decryption", seed) constr := saes.Construction{key} roundKeys := constr.StretchedKey() // Last key needs to be unshifted for decryption to work right. constr.UnShiftRows(roundKeys[10]) skinny := func(pos int) table.Byte { return common.InvTBox{constr, 0x00, roundKeys[0][pos]} } wide := func(round, pos int) table.Word { if round == 0 { return table.ComposedToWord{ common.InvTBox{Constr: constr, KeyByte1: roundKeys[10][pos], KeyByte2: roundKeys[9][pos]}, common.InvTyiTable(pos % 4), } } else { return table.ComposedToWord{ common.InvTBox{Constr: constr, KeyByte2: roundKeys[9-round][pos]}, common.InvTyiTable(pos % 4), } } } generateKeys(&rs, opts, &out, &inputMask, &outputMask, common.UnShiftRows, skinny, wide) return }
// GenerateDecryptionKeys creates a white-boxed version of the AES key `key` for decryption, with any non-determinism // generated by `seed`. The `opts` argument works the same as above. func GenerateDecryptionKeys(key, seed []byte, opts KeyGenerationOpts) (out Construction, inputMask, outputMask matrix.Matrix) { constr := saes.Construction{key} roundKeys := constr.StretchedKey() // Last key needs to be unshifted for decryption to work right. constr.UnShiftRows(roundKeys[10]) skinny := func(pos int) table.Byte { return InvTBox{constr, 0x00, roundKeys[0][pos]} } wide := func(round, pos int) table.Word { if round == 0 { return table.ComposedToWord{ InvTBox{constr, roundKeys[10][pos], roundKeys[9][pos]}, InvTyiTable(pos % 4), } } else { return table.ComposedToWord{ InvTBox{constr, 0x00, roundKeys[9-round][pos]}, InvTyiTable(pos % 4), } } } generateKeys(seed, opts, &out, &inputMask, &outputMask, unshiftRows, skinny, wide) return }
func (sr shiftrows) Decode(in [16]byte) (out [16]byte) { constr := saes.Construction{} copy(out[:], in[:]) constr.UnShiftRows(out[:]) return }
// GenerateDecryptionKeys creates a white-boxed version of the AES key `key` for decryption, with any non-determinism // generated by `seed`. func GenerateDecryptionKeys(key, seed []byte, opts common.KeyGenerationOpts) (out Construction, inputMask, outputMask matrix.Matrix) { rs := random.NewSource("Xiao Decryption", seed) constr := saes.Construction{key} roundKeys := constr.StretchedKey() // Apply UnShiftRows to round keys 10. constr.UnShiftRows(roundKeys[10]) hidden := func(round, pos int) table.DoubleToWord { if round == 0 { return tBoxMixCol{ [2]table.Byte{ common.InvTBox{constr, roundKeys[10][pos+0], roundKeys[9][pos+0]}, common.InvTBox{constr, roundKeys[10][pos+1], roundKeys[9][pos+1]}, }, unMixColumns, sideFromPos(pos), } } else if 0 < round && round < 9 { return tBoxMixCol{ [2]table.Byte{ common.InvTBox{constr, 0x00, roundKeys[9-round][pos+0]}, common.InvTBox{constr, 0x00, roundKeys[9-round][pos+1]}, }, unMixColumns, sideFromPos(pos), } } else { return tBox{ [2]table.Byte{ common.InvTBox{constr, 0x00, roundKeys[0][pos+0]}, common.InvTBox{constr, 0x00, roundKeys[0][pos+1]}, }, sideFromPos(pos), } } } common.GenerateMasks(&rs, opts, &inputMask, &outputMask) generateRoundMaterial(&rs, &out, hidden) generateBarriers(&rs, &out, &inputMask, &outputMask, &unShiftRows) return out, inputMask, outputMask }