// GenerateDecryptionKeys creates a white-boxed version of the AES key `key` for decryption, with any non-determinism
// generated by `seed`. The `opts` argument works the same as above.
func GenerateDecryptionKeys(key, seed []byte, opts common.KeyGenerationOpts) (out Construction, inputMask, outputMask matrix.Matrix) {
rs := common.NewRandomSource("Chow Decryption", seed)
constr := saes.Construction{key}
roundKeys := constr.StretchedKey()
// Last key needs to be unshifted for decryption to work right.
constr.UnShiftRows(roundKeys[10])
skinny := func(pos int) table.Byte {
return common.InvTBox{constr, 0x00, roundKeys[0][pos]}
}
wide := func(round, pos int) table.Word {
if round == 0 {
return table.ComposedToWord{
common.InvTBox{constr, roundKeys[10][pos], roundKeys[9][pos]},
common.InvTyiTable(pos % 4),
}
} else {
return table.ComposedToWord{
common.InvTBox{constr, 0x00, roundKeys[9-round][pos]},
common.InvTyiTable(pos % 4),
}
}
}
generateKeys(&rs, opts, &out, &inputMask, &outputMask, common.UnShiftRows, skinny, wide)
return
}
// GenerateEncryptionKeys creates a white-boxed version of the AES key `key` for encryption, with any non-determinism
// generated by `seed`. The `opts` specifies what type of input and output masks we put on the construction and should
// be either IndependentMasks, SameMasks, or MatchingMasks.
func GenerateEncryptionKeys(key, seed []byte, opts common.KeyGenerationOpts) (out Construction, inputMask, outputMask matrix.Matrix) {
rs := common.NewRandomSource("Chow Encryption", seed)
constr := saes.Construction{key}
roundKeys := constr.StretchedKey()
// Apply ShiftRows to round keys 0 to 9.
for k := 0; k < 10; k++ {
constr.ShiftRows(roundKeys[k])
}
skinny := func(pos int) table.Byte {
return common.TBox{constr, roundKeys[9][pos], roundKeys[10][pos]}
}
wide := func(round, pos int) table.Word {
return table.ComposedToWord{
common.TBox{constr, roundKeys[round][pos], 0x00},
common.TyiTable(pos % 4),
}
}
generateKeys(&rs, opts, &out, &inputMask, &outputMask, common.ShiftRows, skinny, wide)
return
}
// GenerateDecryptionKeys creates a white-boxed version of the AES key `key` for decryption, with any non-determinism
// generated by `seed`.
func GenerateDecryptionKeys(key, seed []byte, opts common.KeyGenerationOpts) (out Construction, inputMask, outputMask matrix.Matrix) {
rs := common.NewRandomSource("Xiao Decryption", seed)
constr := saes.Construction{key}
roundKeys := constr.StretchedKey()
// Apply UnShiftRows to round keys 10.
constr.UnShiftRows(roundKeys[10])
hidden := func(round, pos int) table.DoubleToWord {
if round == 0 {
return TBoxMixCol{
[2]table.Byte{
common.InvTBox{constr, roundKeys[10][pos+0], roundKeys[9][pos+0]},
common.InvTBox{constr, roundKeys[10][pos+1], roundKeys[9][pos+1]},
},
UnMixColumns,
SideFromPos(pos),
}
} else if 0 < round && round < 9 {
return TBoxMixCol{
[2]table.Byte{
common.InvTBox{constr, 0x00, roundKeys[9-round][pos+0]},
common.InvTBox{constr, 0x00, roundKeys[9-round][pos+1]},
},
UnMixColumns,
SideFromPos(pos),
}
} else {
return TBox{
[2]table.Byte{
common.InvTBox{constr, 0x00, roundKeys[0][pos+0]},
common.InvTBox{constr, 0x00, roundKeys[0][pos+1]},
},
SideFromPos(pos),
}
}
}
common.GenerateMasks(&rs, opts, &inputMask, &outputMask)
generateRoundMaterial(&rs, &out, hidden)
generateBarriers(&rs, &out, &inputMask, &outputMask, &UnShiftRows)
return out, inputMask, outputMask
}
// GenerateEncryptionKeys creates a white-boxed version of the AES key `key` for encryption, with any non-determinism
// generated by `seed`.
func GenerateEncryptionKeys(key, seed []byte, opts common.KeyGenerationOpts) (out Construction, inputMask, outputMask matrix.Matrix) {
rs := common.NewRandomSource("Xiao Encryption", seed)
constr := saes.Construction{key}
roundKeys := constr.StretchedKey()
// Apply ShiftRows to round keys 0 to 9.
for k := 0; k < 10; k++ {
constr.ShiftRows(roundKeys[k])
}
hidden := func(round, pos int) table.DoubleToWord {
if round == 9 {
return TBox{
[2]table.Byte{
common.TBox{constr, roundKeys[9][pos+0], roundKeys[10][pos+0]},
common.TBox{constr, roundKeys[9][pos+1], roundKeys[10][pos+1]},
},
SideFromPos(pos),
}
} else {
return TBoxMixCol{
[2]table.Byte{
common.TBox{constr, roundKeys[round][pos+0], 0x00},
common.TBox{constr, roundKeys[round][pos+1], 0x00},
},
MixColumns,
SideFromPos(pos),
}
}
}
common.GenerateMasks(&rs, opts, &inputMask, &outputMask)
generateRoundMaterial(&rs, &out, hidden)
generateBarriers(&rs, &out, &inputMask, &outputMask, &ShiftRows)
return out, inputMask, outputMask
}