Add a compilation flag to enable precomputed lookup tables

.github/workflows/memcheck.yaml

@@ -7,6 +7,10 @@ jobs:
     name: Memcheck
     runs-on: ubuntu-latest
 
+    strategy:
+      matrix:
+        cmake_flags: ["", "-DUSE_INTRINSICS=ON", "-DUSE_ROM_TABLES=ON"]
+
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v3
@@ -19,7 +23,7 @@ jobs:
       - name: Configure and Build
         run: |
           mkdir build && cd build
-          cmake -DBUILD_TESTING=ON ../
+          cmake -DBUILD_TESTING=ON ${{ matrix.cmake_flags }} ../
           make
 
       - name: Run Memcheck
@@ -31,14 +35,18 @@ jobs:
     name: Sanitizers
     runs-on: ubuntu-latest
 
+    strategy:
+      matrix:
+        cmake_flags: ["", "-DUSE_INTRINSICS=ON", "-DUSE_ROM_TABLES=ON"]
+
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v3
 
       - name: Configure and Build with AddressSanitizer
         run: |
           mkdir build && cd build
-          cmake -DBUILD_TESTING=ON -DENABLE_ASAN=ON ../
+          cmake -DBUILD_TESTING=ON -DENABLE_ASAN=ON ${{ matrix.cmake_flags }} ../
           make
 
       - name: Run AddressSanitizer
@@ -50,7 +58,7 @@ jobs:
         run: |
           rm -rf build
           mkdir build && cd build
-          cmake -DBUILD_TESTING=ON -DENABLE_TSAN=ON ../
+          cmake -DBUILD_TESTING=ON -DENABLE_TSAN=ON ${{ matrix.cmake_flags }} ../
           make
 
       - name: Run ThreadSanitizer

.github/workflows/unit_tests.yaml

@@ -7,14 +7,18 @@ jobs:
     name: C unit tests
     runs-on: ubuntu-latest
 
+    strategy:
+      matrix:
+        cmake_flags: ["", "-DUSE_INTRINSICS=ON", "-DUSE_ROM_TABLES=ON"]
+
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v3
 
       - name: Configure and Build
         run: |
           mkdir build && cd build
-          cmake -DBUILD_TESTING=ON ../
+          cmake -DBUILD_TESTING=ON ${{ matrix.cmake_flags }} ../
           make
 
       - name: Run unit tests

CMakeLists.txt

@@ -3,6 +3,7 @@ project(AES_GCMSIV C CXX)
 
 option(USE_INTRINSICS "Enable hardware acceleration primitives" OFF)
 option(USE_NEON "Enable ARM Neon intrinsics flags" OFF)
+option(USE_ROM_TABLES "Enable precomputed AES lookup tables" OFF)
 
 option(BUILD_BENCHMARK "Build the benchmarking tree." OFF)
 option(BUILD_EXAMPLE "Build the example tree." OFF)

lib/CMakeLists.txt

@@ -25,26 +25,32 @@ set(SOURCES
     src/x86_64/polyval_x86_64.c
     )
 
-set(HEADERS
+set(HEADERS_PUBLIC
     include/aes_gcmsiv.h
+    )
+
+set(HEADERS
+    ${HEADERS_PUBLIC}
     include/common.h
     include/utils.h
     src/arm64/aes_arm64.h
     src/arm64/polyval_arm64.h
     src/generic/aes_generic.h
+    src/generic/aes_generic_tables.h
     src/generic/polyval_generic.h
     src/x86_64/aes_x86_64.h
     src/x86_64/polyval_x86_64.h
     )
 
 add_library(${TARGET_NAME} STATIC ${SOURCES} ${HEADERS})
 set_target_properties(${TARGET_NAME} PROPERTIES C_STANDARD 11)
-set_target_properties(${TARGET_NAME} PROPERTIES PUBLIC_HEADER ${HEADERS})
+set_target_properties(${TARGET_NAME} PROPERTIES PUBLIC_HEADER "${HEADERS_PUBLIC}")
 
 if(MSVC)
     target_compile_options(${TARGET_NAME}
         PRIVATE -Wall
         PRIVATE $<$<BOOL:${USE_INTRINSICS}>:-DUSE_INTRINSICS>
+        PRIVATE $<$<BOOL:${USE_ROM_TABLES}>:-DUSE_ROM_TABLES>
         )
 else()
     target_compile_options(${TARGET_NAME}
@@ -53,6 +59,7 @@ else()
         PUBLIC -Wmissing-include-dirs -Wfloat-equal -Wshadow -Wcast-align
         PRIVATE $<$<BOOL:${USE_INTRINSICS}>:-DUSE_INTRINSICS>
         PRIVATE $<$<BOOL:${USE_NEON}>:-march=armv8-a+crypto>
+        PRIVATE $<$<BOOL:${USE_ROM_TABLES}>:-DUSE_ROM_TABLES>
         )
 
     # Set sanitizers flags

lib/README.md

@@ -33,6 +33,8 @@ cmake ..
 make
 ```
 
+#### Hardware acceleration
+
 It is possible to enable architecture-specific hardware acceleration for some cryptographic operations, by enabling intrinsics support during the configuration step.
 
 1. The first way to achieve it is to set the flag `-DTARGET_PLATFORM=${ARCH}` value during the configuration.
@@ -56,6 +58,11 @@ In this case, it is not needed to set any additional flags during the configurat
 
 More information on supported targets and feature detection can be found in [Supported platforms](#supported-platforms).
 
+#### Precomputed lookup tables
+
+The build can be configured to use precomputed lookup tables, rather than tables generated at runtime, in order to reduce the size of the `.data` segment.
+To achieve it, CMake needs to be passed the flag `-DUSE_ROM_TABLES=ON` during the configuration.
+
 ### Building with SwiftPM
 
 Alternatively to CMake, a [`Package.swift`](../Package.swift) file is also provided at the root of the project to facilitate building with SwiftPM.
@@ -81,6 +88,8 @@ To build the project using other build systems, the following directories and fi
 It might be possible to directly add the `-DUSE_INTRINSICS` flag to the compiler options to enable hardware accelerated code.
 Depending on the compiler and its version, it might be able to have intrinsics feature flags enabled automatically.
 
+It is also possible to directly pass the `-DUSE_ROM_TABLES` flag to the compiler options to enable precomputed lookup tables.
+
 ## Supported platforms
 
 This library is developed with the intent of being available for a wide range of CPU architectures and operating systems.

lib/include/common.h

@@ -47,6 +47,11 @@
 
 #endif /* USE_INTRINSICS */
 
+// Use const lookup tables
+#ifdef USE_ROM_TABLES
+#define AES_GENERIC_ROM_TABLES
+#endif /* USE_ROM_TABLES */
+
 // AES and Polyval constants
 #define AES_BLOCK_SIZE 16
 #define POLYVAL_SIZE   16

lib/src/generic/aes_generic.c

@@ -38,6 +38,12 @@
 
 #include "utils.h"
 
+#ifdef AES_GENERIC_ROM_TABLES
+
+#include "aes_generic_tables.h"
+
+#else
+
 // Forward S-box & tables
 static uint8_t FSb[256];
 static uint32_t FT0[256];
@@ -48,6 +54,11 @@ static uint32_t FT3[256];
 // Round constants
 static uint32_t RCON[10];
 
+static int aes_generic_gen_tables_is_init = 0;
+static void aes_generic_gen_tables(void);
+
+#endif /* AES_GENERIC_ROM_TABLES */
+
 // Tables generation code
 #define ROTL8(x)     (((x) << 8) & 0xFFFFFFFF) | ((x) >> 24)
 #define XTIME(x)     (((x) << 1) ^ (((x)&0x80) ? 0x1B : 0x00))
@@ -73,8 +84,6 @@ static uint32_t RCON[10];
                AES_FT2(((Y1) >> 16) & 0xFF) ^ AES_FT3(((Y2) >> 24) & 0xFF);                        \
     } while (0)
 
-static void aes_generic_gen_tables(void);
-
 void aes_generic_init(struct aes_generic *ctx)
 {
     if (NULL == ctx) {
@@ -96,7 +105,6 @@ void aes_generic_free(struct aes_generic *ctx)
 // AES key schedule (encryption)
 aes_gcmsiv_status_t aes_generic_set_key(struct aes_generic *ctx, const uint8_t *key, size_t key_sz)
 {
-    static int is_init = 0;
     unsigned int i;
     uint32_t *RK;
 
@@ -118,10 +126,12 @@ aes_gcmsiv_status_t aes_generic_set_key(struct aes_generic *ctx, const uint8_t *
         return AES_GCMSIV_INVALID_KEY_SIZE;
     }
 
-    if (is_init == 0) {
+#ifndef AES_GENERIC_ROM_TABLES
+    if (aes_generic_gen_tables_is_init == 0) {
         aes_generic_gen_tables();
-        is_init = 1;
+        aes_generic_gen_tables_is_init = 1;
     }
+#endif /* AES_GENERIC_ROM_TABLES */
 
     ctx->rk = RK = ctx->buf;
 
@@ -280,6 +290,8 @@ aes_gcmsiv_status_t aes_generic_ctr(struct aes_generic *ctx,
     return AES_GCMSIV_SUCCESS;
 }
 
+#ifndef AES_GENERIC_ROM_TABLES
+
 void aes_generic_gen_tables(void)
 {
     int i, x, y, z;
@@ -330,3 +342,5 @@ void aes_generic_gen_tables(void)
         FT3[i] = ROTL8(FT2[i]);
     }
 }
+
+#endif /* AES_GENERIC_ROM_TABLES */