Software APIs
aes.h
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 #ifndef OPENTITAN_SW_DEVICE_SCA_LIB_AES_H_
5 #define OPENTITAN_SW_DEVICE_SCA_LIB_AES_H_
6 
7 /**
8  * NOTE: The only intended use of this code is to serve as a PRNG for generating
9  * input data for SCA experiments and penetration testing.
10  * The library is not hardened against any type of attacks, and it should not be
11  * used for any purpose other than stated.
12  *
13  * During the SCA experiments, encryptions are verified on the host side by
14  * running the same encryption using PyCryptodome package and comparing the
15  * result.
16  *
17  * Implementation of round-functions is based on a transposed-state technique
18  * for 32-bit architecture presented in:
19  *
20  * [1] Bertoni et. al., Efficient Software Implementation of AES on 32-Bit
21  * Platforms, CHES 2002.
22  *
23  * https://link.springer.com/content/pdf/10.1007/3-540-36400-5_13.pdf
24  *
25  */
26 
27 #include <stddef.h>
28 #include <stdint.h>
29 
30 #include "sw/device/lib/base/memory.h"
31 
32 /**
33  * Encrypt one data block (16 Bytes) in ECB mode.
34  *
35  * @param plain_text Input block to enrypt
36  * @param round_keys All round keys (pre-computed)
37  * @param[out] cipher_text Encrypted output block
38  */
39 void aes_sw_encrypt_block(const uint8_t *plain_text, const uint32_t *round_keys,
40  uint8_t *cipher_text);
41 
42 /**
43  * Generate all round keys for AES-128 encryption.
44  * Store keys in a transposed-state form.
45  *
46  * @param[out] round_keys Round keys for all rounds
47  * @param key Encryption key
48  */
49 void aes_key_schedule(uint32_t *round_keys, const uint8_t *key);
50 
51 static const uint8_t kSbox[256] = {
52  0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
53  0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
54 
55  0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
56  0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
57 
58  0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
59  0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
60 
61  0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
62  0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
63 
64  0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
65  0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
66 
67  0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
68  0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
69 
70  0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
71  0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
72 
73  0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
74  0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
75 
76  0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
77  0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
78 
79  0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
80  0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
81 
82  0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
83  0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
84 
85  0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
86  0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
87 
88  0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
89  0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
90 
91  0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
92  0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
93 
94  0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
95  0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
96 
97  0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
98  0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16};
99 
100 static const uint8_t kMul2[256] = {
101  0x00, 0x02, 0x04, 0x06, 0x08, 0x0a, 0x0c, 0x0e,
102  0x10, 0x12, 0x14, 0x16, 0x18, 0x1a, 0x1c, 0x1e,
103 
104  0x20, 0x22, 0x24, 0x26, 0x28, 0x2a, 0x2c, 0x2e,
105  0x30, 0x32, 0x34, 0x36, 0x38, 0x3a, 0x3c, 0x3e,
106 
107  0x40, 0x42, 0x44, 0x46, 0x48, 0x4a, 0x4c, 0x4e,
108  0x50, 0x52, 0x54, 0x56, 0x58, 0x5a, 0x5c, 0x5e,
109 
110  0x60, 0x62, 0x64, 0x66, 0x68, 0x6a, 0x6c, 0x6e,
111  0x70, 0x72, 0x74, 0x76, 0x78, 0x7a, 0x7c, 0x7e,
112 
113  0x80, 0x82, 0x84, 0x86, 0x88, 0x8a, 0x8c, 0x8e,
114  0x90, 0x92, 0x94, 0x96, 0x98, 0x9a, 0x9c, 0x9e,
115 
116  0xa0, 0xa2, 0xa4, 0xa6, 0xa8, 0xaa, 0xac, 0xae,
117  0xb0, 0xb2, 0xb4, 0xb6, 0xb8, 0xba, 0xbc, 0xbe,
118 
119  0xc0, 0xc2, 0xc4, 0xc6, 0xc8, 0xca, 0xcc, 0xce,
120  0xd0, 0xd2, 0xd4, 0xd6, 0xd8, 0xda, 0xdc, 0xde,
121 
122  0xe0, 0xe2, 0xe4, 0xe6, 0xe8, 0xea, 0xec, 0xee,
123  0xf0, 0xf2, 0xf4, 0xf6, 0xf8, 0xfa, 0xfc, 0xfe,
124 
125  0x1b, 0x19, 0x1f, 0x1d, 0x13, 0x11, 0x17, 0x15,
126  0x0b, 0x09, 0x0f, 0x0d, 0x03, 0x01, 0x07, 0x05,
127 
128  0x3b, 0x39, 0x3f, 0x3d, 0x33, 0x31, 0x37, 0x35,
129  0x2b, 0x29, 0x2f, 0x2d, 0x23, 0x21, 0x27, 0x25,
130 
131  0x5b, 0x59, 0x5f, 0x5d, 0x53, 0x51, 0x57, 0x55,
132  0x4b, 0x49, 0x4f, 0x4d, 0x43, 0x41, 0x47, 0x45,
133 
134  0x7b, 0x79, 0x7f, 0x7d, 0x73, 0x71, 0x77, 0x75,
135  0x6b, 0x69, 0x6f, 0x6d, 0x63, 0x61, 0x67, 0x65,
136 
137  0x9b, 0x99, 0x9f, 0x9d, 0x93, 0x91, 0x97, 0x95,
138  0x8b, 0x89, 0x8f, 0x8d, 0x83, 0x81, 0x87, 0x85,
139 
140  0xbb, 0xb9, 0xbf, 0xbd, 0xb3, 0xb1, 0xb7, 0xb5,
141  0xab, 0xa9, 0xaf, 0xad, 0xa3, 0xa1, 0xa7, 0xa5,
142 
143  0xdb, 0xd9, 0xdf, 0xdd, 0xd3, 0xd1, 0xd7, 0xd5,
144  0xcb, 0xc9, 0xcf, 0xcd, 0xc3, 0xc1, 0xc7, 0xc5,
145 
146  0xfb, 0xf9, 0xff, 0xfd, 0xf3, 0xf1, 0xf7, 0xf5,
147  0xeb, 0xe9, 0xef, 0xed, 0xe3, 0xe1, 0xe7, 0xe5};
148 
149 #endif // OPENTITAN_SW_DEVICE_SCA_LIB_AES_H_
Return to OpenTitan Documentation