aes: add concrete instantiations of AES #77

- Creates a new specification functor that's generic over the key size
- Instantiates it for AES 128 and 256
- Adds one test vector; more to come!

Primitive/Symmetric/Cipher/Block/AES.cry

@@ -151,6 +151,7 @@ stateToMsg st = join (join (transpose st))
 aesEncrypt : ([128], [AESKeySize]) -> [128]
 aesEncrypt (pt, key) = aesEncryptWithKeySchedule pt (ExpandKey key)
 
+// AES encryption with a specified KeySchedule
 aesEncryptWithKeySchedule : [128] -> KeySchedule -> [128]
 aesEncryptWithKeySchedule pt (kInit, ks, kFinal) = stateToMsg (AESFinalRound (kFinal, rounds ! 0))
   where

Primitive/Symmetric/Cipher/Block/AES128.cry

@@ -0,0 +1,4 @@
+module Primitive::Symmetric::Cipher::Block::AES128 =
+    Primitive::Symmetric::Cipher::Block::AES_specification where
+    // This produces a key size of 128
+    type m = 0

Primitive/Symmetric/Cipher/Block/AES256.cry

@@ -0,0 +1,4 @@
+module Primitive::Symmetric::Cipher::Block::AES256 =
+    Primitive::Symmetric::Cipher::Block::AES_specification where
+    // This produces a key size of 256
+    type m = 2

Primitive/Symmetric/Cipher/Block/AES_specification.cry

@@ -0,0 +1,54 @@
+/*
+   Copyright (c) 2018 Galois, Inc.
+   www.cryptol.net
+
+   This provides the basic AES block cipher, abstracted over the key length.
+
+   It operates over 128-bit blocks. To use AES with any practical application,
+   use it with a mode of operation, like CTR or GCM-SIV.
+*/
+
+module Primitive::Symmetric::Cipher::Block::AES_specification where
+
+import `Primitive::Symmetric::Cipher::Block::AES::Algorithm as AES
+import `Primitive::Symmetric::Cipher::Block::AES::ExpandKey
+import Primitive::Symmetric::Cipher::Block::AES::TBox
+import Primitive::Symmetric::Cipher::Block::Cipher(Cipher)
+
+parameter
+   type m : #
+   type constraint (fin m, m <= 2)
+
+type AesKeySize = 64 * (m + 2)
+
+type EncKey n = AES::KeySchedule n
+type DecKey n = AES::KeySchedule n
+
+AES: Cipher AesKeySize 128
+AES = { encrypt key pt = encrypt key pt
+      , decrypt key ct = decrypt key ct
+      }
+
+encrypt : [AesKeySize] -> [128] -> [128]
+encrypt k = encryptWithSchedule (expandKeyEnc k)
+
+decrypt : [AesKeySize] -> [128] -> [128]
+decrypt k = decryptWithSchedule (expandKeyDec k)
+
+expandKeyEnc : [AesKeySize] -> EncKey m
+expandKeyEnc = expandKey`{Nk = AES::Nk m, Nr = AES::Nr m}
+
+encryptWithSchedule : EncKey m -> [128] -> [128]
+encryptWithSchedule = AES::encrypt params
+
+expandKeyDec : [AesKeySize] -> EncKey m
+expandKeyDec k = makeDecKey (expandKey`{Nk = AES::Nk m, Nr = AES::Nr m} k)
+
+// AES decryption with a specified KeySchedule
+decryptWithSchedule : DecKey m -> [128] -> [128]
+decryptWithSchedule = AES::decrypt params
+
+params = { encRound = AESRound, decRound = AESInvRound }
+
+property test k pt = decrypt k (encrypt k pt) == pt
+

Primitive/Symmetric/Cipher/Block/Tests/TestAES256.cry

@@ -0,0 +1,18 @@
+/**
+ * Test vectors for AES256
+ * I don't actually know where these are sourced from.
+ */
+import Primitive::Symmetric::Cipher::Block::AES256 as AES256
+
+property testsPass = and [ AES256::encrypt key msg == ct
+                     | msg <- pts | ct <- expected_cts]
+    where
+        key = 0x603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4
+        pts = [0x6bc1bee22e409f96e93d7e117393172a
+          ,0xae2d8a571e03ac9c9eb76fac45af8e51
+          ,0x30c81c46a35ce411e5fbc1191a0a52ef
+          ,0xf69f2445df4f9b17ad2b417be66c3710]
+        expected_cts = [0xf3eed1bdb5d2a03c064b5a7e3db181f8
+          ,0x591ccb10d410ed26dc5ba74a31362870
+          ,0xb6ed21b99ca6f4f9f153e7b1beafed1d
+          ,0x23304b7a39f9f3ff067d8d8f9e24ecc7]