[Cryptech-Commits] [staging/core/cipher/aes] 05/08: Adding Python models for AES as well as key expansion and rcon.

git at cryptech.is git at cryptech.is
Tue Mar 17 13:08:57 UTC 2015


This is an automated email from the git hooks/post-receive script.

paul at psgd.org pushed a commit to branch master
in repository staging/core/cipher/aes.

commit 964b1ec662ed439b0f56c8bc232a987fa20cd0e1
Author: Joachim Strömbergson <joachim at secworks.se>
Date:   Thu Nov 27 15:50:21 2014 +0100

    Adding Python models for AES as well as key expansion and rcon.
---
 src/model/python/aes.py         | 1057 +++++++++++++++++++++++++++++++++++++++
 src/model/python/aes_key_gen.py |  567 +++++++++++++++++++++
 src/model/python/rcon.py        |  585 ++++++++++++++++++++++
 3 files changed, 2209 insertions(+)

diff --git a/src/model/python/aes.py b/src/model/python/aes.py
new file mode 100755
index 0000000..582f2b4
--- /dev/null
+++ b/src/model/python/aes.py
@@ -0,0 +1,1057 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#=======================================================================
+#
+# aes.py
+# ------
+# Simple, pure Python, word based model of the AES cipher with
+# support for 128 and 256 bit keys.
+#
+#
+# Author: Joachim Strombergson
+# Copyright (c) 2014, SUNET
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or
+# without modification, are permitted provided that the following
+# conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+#=======================================================================
+
+#-------------------------------------------------------------------
+# Python module imports.
+#-------------------------------------------------------------------
+import sys
+
+
+#-------------------------------------------------------------------
+# Constants.
+#-------------------------------------------------------------------
+VERBOSE = True
+DUMP_VARS = True
+
+AES_128_ROUNDS = 10
+AES_256_ROUNDS = 14
+
+
+sbox = [0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
+        0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
+        0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
+        0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
+        0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
+        0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
+        0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
+        0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
+        0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
+        0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
+        0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
+        0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
+        0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
+        0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
+        0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
+        0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
+        0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
+        0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
+        0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
+        0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
+        0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
+        0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
+        0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
+        0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
+        0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
+        0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
+        0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
+        0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
+        0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
+        0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
+        0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
+        0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16]
+
+
+inv_sbox = [0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
+            0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
+            0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
+            0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
+            0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
+            0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
+            0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
+            0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
+            0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
+            0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
+            0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
+            0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
+            0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
+            0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
+            0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
+            0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
+            0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
+            0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
+            0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
+            0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
+            0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
+            0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
+            0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
+            0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
+            0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
+            0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
+            0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
+            0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
+            0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
+            0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
+            0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
+            0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d]
+
+
+#-------------------------------------------------------------------
+# print_bytekeys()
+#
+# Print a set of round keys given as an array of bytes.
+#-------------------------------------------------------------------
+def print_bytekeys(keys):
+    i = 0
+    print("Number of round keys: %d" % (int(len(keys) / 16)))
+    while i < (len(keys) - 1):
+        for j in range(16):
+            print("0x%02x " % keys[i + j], end="")
+        print("")
+        i += 16
+
+#-------------------------------------------------------------------
+# print_block()
+#
+# Print the given block as four 32 bit words.
+#-------------------------------------------------------------------
+def print_block(block):
+    (w0, w1, w2, w3) = block
+    print("0x%08x, 0x%08x, 0x%08x, 0x%08x" % (w0, w1, w2, w3))
+
+
+#-------------------------------------------------------------------
+# print_key()
+#
+# Print the given key as on or two sets of four 32 bit words.
+#-------------------------------------------------------------------
+def print_key(key):
+    if len(key) == 8:
+        (k0, k1, k2, k3, k4, k5, k6, k7) = key
+        print_block((k0, k1, k2, k3))
+        print_block((k4, k5, k6, k7))
+    else:
+        print_block(key)
+
+
+#-------------------------------------------------------------------
+# b2w()
+#
+# Create a word from the given bytes.
+#-------------------------------------------------------------------
+def b2w(b0, b1, b2, b3):
+    return (b0 << 24) + (b1 << 16) + (b2 << 8) + b3
+
+
+#-------------------------------------------------------------------
+# w2b()
+#
+# Extracts the bytes in a word.
+#-------------------------------------------------------------------
+def w2b(w):
+    b0 = w >> 24
+    b1 = w >> 16 & 0xff
+    b2 = w >> 8 & 0xff
+    b3 = w & 0xff
+
+    return (b0, b1, b2, b3)
+
+
+#-------------------------------------------------------------------
+# gm2()
+#
+# The specific Galois Multiplication by two for a given byte.
+#-------------------------------------------------------------------
+def gm2(b):
+    return ((b << 1) ^ (0x1b & ((b >> 7) * 0xff))) & 0xff
+
+
+#-------------------------------------------------------------------
+# gm3()
+#
+# The specific Galois Multiplication by three for a given byte.
+#-------------------------------------------------------------------
+def gm3(b):
+    return gm2(b) ^ b
+
+
+#-------------------------------------------------------------------
+# gm4()
+#
+# The specific Galois Multiplication by four for a given byte.
+#-------------------------------------------------------------------
+def gm4(b):
+    return gm2(gm2(b))
+
+
+#-------------------------------------------------------------------
+# gm8()
+#
+# The specific Galois Multiplication by eight for a given byte.
+#-------------------------------------------------------------------
+def gm8(b):
+    return gm2(gm4(b))
+
+
+#-------------------------------------------------------------------
+# gm09()
+#
+# The specific Galois Multiplication by nine for a given byte.
+#-------------------------------------------------------------------
+def gm09(b):
+    return gm8(b) ^ b
+
+
+#-------------------------------------------------------------------
+# gm11()
+#
+# The specific Galois Multiplication by 11 for a given byte.
+#-------------------------------------------------------------------
+def gm11(b):
+    return gm8(b) ^ gm2(b) ^ b
+
+
+#-------------------------------------------------------------------
+# gm13()
+#
+# The specific Galois Multiplication by 13 for a given byte.
+#-------------------------------------------------------------------
+def gm13(b):
+    return gm8(b) ^ gm4(b) ^ b
+
+
+#-------------------------------------------------------------------
+# gm14()
+#
+# The specific Galois Multiplication by 14 for a given byte.
+#-------------------------------------------------------------------
+def gm14(b):
+    return gm8(b) ^ gm4(b) ^ gm2(b)
+
+
+#-------------------------------------------------------------------
+# substw()
+#
+# Returns a 32-bit word in which each of the bytes in the
+# given 32-bit word has been used as lookup into the AES S-box.
+#-------------------------------------------------------------------
+def substw(w):
+    (b0, b1, b2, b3) = w2b(w)
+
+    s0 = sbox[b0]
+    s1 = sbox[b1]
+    s2 = sbox[b2]
+    s3 = sbox[b3]
+
+    res = b2w(s0, s1, s2, s3)
+
+    if VERBOSE:
+        print("Inside substw:")
+        print("b0 = 0x%02x, b1 = 0x%02x, b2 = 0x%02x, b3 = 0x%02x" %
+              (b0, b1, b2, b3))
+        print("s0 = 0x%02x, s1 = 0x%02x, s2 = 0x%02x, s3 = 0x%02x" %
+              (s0, s1, s2, s3))
+        print("res = 0x%08x" % (res))
+
+    return res
+
+
+#-------------------------------------------------------------------
+# inv_substw()
+#
+# Returns a 32-bit word in which each of the bytes in the
+# given 32-bit word has been used as lookup into
+# the inverse AES S-box.
+#-------------------------------------------------------------------
+def inv_substw(w):
+    (b0, b1, b2, b3) = w2b(w)
+
+    s0 = inv_sbox[b0]
+    s1 = inv_sbox[b1]
+    s2 = inv_sbox[b2]
+    s3 = inv_sbox[b3]
+
+    res = b2w(s0, s1, s2, s3)
+
+    if VERBOSE:
+        print("Inside inv_substw:")
+        print("b0 = 0x%02x, b1 = 0x%02x, b2 = 0x%02x, b3 = 0x%02x" %
+              (b0, b1, b2, b3))
+        print("s0 = 0x%02x, s1 = 0x%02x, s2 = 0x%02x, s3 = 0x%02x" %
+              (s0, s1, s2, s3))
+        print("res = 0x%08x" % (res))
+
+    return res
+
+
+#-------------------------------------------------------------------
+# rolx()
+#
+# Rotate the given 32 bit word x bits left.
+#-------------------------------------------------------------------
+def rolx(w, x):
+    return ((w << x) | (w >> (32 - x))) & 0xffffffff
+
+
+#-------------------------------------------------------------------
+# next_128bit_key()
+#
+# Generate the next four key words for aes-128 based on given
+# rcon and previous key words.
+#-------------------------------------------------------------------
+def next_128bit_key(prev_key, rcon):
+    (w0, w1, w2, w3) = prev_key
+
+    rol = rolx(w3, 8)
+    subst = substw(rol)
+    t = subst ^ (rcon << 24)
+
+    k0 = w0 ^ t
+    k1 = w1 ^ w0 ^ t
+    k2 = w2 ^ w1 ^ w0 ^ t
+    k3 = w3 ^ w2 ^ w1 ^ w0 ^ t
+
+    if VERBOSE:
+        print("Inside next 128bit key:")
+        print("w0 = 0x%08x, w1 = 0x%08x, w2 = 0x%08x, w3 = 0x%08x" %
+              (w0, w1, w2, w3))
+        print("rol = 0x%08x, subst = 0x%08x, rcon = 0x%02x, t = 0x%08x" %
+              (rol, subst, rcon, t))
+        print("k0 = 0x%08x, k1 = 0x%08x, k2 = 0x%08x, k3 = 0x%08x" %
+              (k0, k1, k2, k3))
+
+    return (k0, k1, k2, k3)
+
+
+#-------------------------------------------------------------------
+# key_gen128()
+#
+# Generating the keys for 128 bit keys.
+#-------------------------------------------------------------------
+def key_gen128(key):
+    print("Doing the 128 bit key expansion")
+
+    round_keys = []
+
+    round_keys.append(key)
+
+    for i in range(10):
+        round_keys.append(next_128bit_key(round_keys[i], get_rcon(i + 1)))
+
+    if VERBOSE:
+        print("Input key:")
+        print_block(key)
+        print("")
+
+        print("Generated keys:")
+        for k in round_keys:
+            print_block(k)
+        print("")
+
+    return round_keys
+
+
+#-------------------------------------------------------------------
+# next_256bit_key_a()
+#
+# Generate the next four key words for aes-256 using algorithm A
+# based on given rcon and the previous two keys.
+#-------------------------------------------------------------------
+def next_256it_key_a(key0, key1, rcon):
+    (w0, w1, w2, w3) = key0
+    (w4, w5, w6, w7) = key1
+
+    sw = substw(rolx(w7, 8))
+    rw = (rcon << 24)
+    t = sw ^ rw
+
+    k0 = w0 ^ t
+    k1 = w1 ^ w0 ^ t
+    k2 = w2 ^ w1 ^ w0 ^ t
+    k3 = w3 ^ w2 ^ w1 ^ w0 ^ t
+
+    if (DUMP_VARS):
+        print("next_256bit_key_a:")
+        print("w0 = 0x%08x, w0 = 0x%08x, w0 = 0x%08x, w0 = 0x%08x" % (w0, w1, w2, w3))
+        print("w4 = 0x%08x, w5 = 0x%08x, w6 = 0x%08x, w7 = 0x%08x" % (w4, w5, w6, w7))
+        print("t = 0x%08x, sw = 0x%08x, rw = 0x%08x" % (t, sw, rw))
+        print("k0 = 0x%08x, k0 = 0x%08x, k0 = 0x%08x, k0 = 0x%08x" % (k0, k1, k2, k3))
+        print("")
+
+    return (k0, k1, k2, k3)
+
+
+#-------------------------------------------------------------------
+# next_256bit_key_b()
+#
+# Generate the next four key words for aes-256 using algorithm B
+# based on given previous eight keywords.
+#-------------------------------------------------------------------
+def next_256it_key_b(key0, key1):
+    (w0, w1, w2, w3) = key0
+    (w4, w5, w6, w7) = key1
+
+    t = substw(w7)
+
+    k0 = w0 ^ t
+    k1 = w1 ^ w0 ^ t
+    k2 = w2 ^ w1 ^ w0 ^ t
+    k3 = w3 ^ w2 ^ w1 ^ w0 ^ t
+
+    if (DUMP_VARS):
+        print("next_256bit_key_b:")
+        print("w0 = 0x%08x, w0 = 0x%08x, w0 = 0x%08x, w0 = 0x%08x" % (w0, w1, w2, w3))
+        print("w4 = 0x%08x, w5 = 0x%08x, w6 = 0x%08x, w7 = 0x%08x" % (w4, w5, w6, w7))
+        print("t = 0x%08x" % (t))
+        print("k0 = 0x%08x, k0 = 0x%08x, k0 = 0x%08x, k0 = 0x%08x" % (k0, k1, k2, k3))
+        print("")
+
+    return (k0, k1, k2, k3)
+
+
+#-------------------------------------------------------------------
+# key_gen256()
+#
+# Generating the keys for 256 bit keys.
+#-------------------------------------------------------------------
+def key_gen256(key):
+    round_keys = []
+    (k0, k1, k2, k3, k4, k5, k6, k7) = key
+
+    round_keys.append((k0, k1, k2, k3))
+    round_keys.append((k4, k5, k6, k7))
+
+    j = 1
+    for i in range(0, (AES_256_ROUNDS - 2), 2):
+        k = next_256it_key_a(round_keys[i], round_keys[i + 1], get_rcon(j))
+        round_keys.append(k)
+        k = next_256it_key_b(round_keys[i + 1], round_keys[i + 2])
+        round_keys.append(k)
+        j += 1
+
+    # One final key needs to be generated.
+    k = next_256it_key_a(round_keys[12], round_keys[13], get_rcon(7))
+    round_keys.append(k)
+
+    if VERBOSE:
+        print("Input key:")
+        print_block((k0, k1, k2, k3))
+        print_block((k4, k5, k6, k7))
+        print("")
+
+        print("Generated keys:")
+        for k in round_keys:
+            print_block(k)
+        print("")
+
+    return round_keys
+
+
+#-------------------------------------------------------------------
+# get_rcon()
+#
+# Function implementation of rcon. Calculates rcon for a
+# given round. This could be implemented as an iterator.
+#-------------------------------------------------------------------
+def get_rcon(round):
+    rcon = 0x8d
+
+    for i in range(0, round):
+        rcon = ((rcon << 1) ^ (0x11b & - (rcon >> 7))) & 0xff
+
+    return rcon
+
+
+#-------------------------------------------------------------------
+# addroundkey()
+#
+# AES AddRoundKey block operation.
+# Perform XOR combination of the given block and the given key.
+#-------------------------------------------------------------------
+def addroundkey(key, block):
+    (w0, w1, w2, w3) = block
+    (k0, k1, k2, k3) = key
+
+    res_block = (w0 ^ k0, w1 ^ k1, w2 ^ k2, w3 ^ k3)
+
+    if VERBOSE:
+        print("AddRoundKey key, block in and block out:")
+        print_block(key)
+        print_block(block)
+        print_block(res_block)
+        print("")
+
+    return res_block
+
+
+#-------------------------------------------------------------------
+# mixw()
+#
+# Perform bit mixing of the given words.
+#-------------------------------------------------------------------
+def mixw(w):
+    (b0, b1, b2, b3) = w2b(w)
+
+    mb0 = gm2(b0) ^ gm3(b1) ^ b2      ^ b3
+    mb1 = b0      ^ gm2(b1) ^ gm3(b2) ^ b3
+    mb2 = b0      ^ b1      ^ gm2(b2) ^ gm3(b3)
+    mb3 = gm3(b0) ^ b1      ^ b2      ^ gm2(b3)
+
+    return b2w(mb0, mb1, mb2, mb3)
+
+
+#-------------------------------------------------------------------
+# mixcolumns()
+#
+# AES MixColumns on the given block.
+#-------------------------------------------------------------------
+def mixcolumns(block):
+    (c0, c1, c2, c3) = block
+
+    mc0 = mixw(c0)
+    mc1 = mixw(c1)
+    mc2 = mixw(c2)
+    mc3 = mixw(c3)
+
+    res_block = (mc0, mc1, mc2, mc3)
+
+    if VERBOSE:
+        print("MixColumns block in and block out:")
+        print_block(block)
+        print_block(res_block)
+        print("")
+
+    return res_block
+
+
+#-------------------------------------------------------------------
+# subbytes()
+#
+# AES SubBytes operation on the given block.
+#-------------------------------------------------------------------
+def subbytes(block):
+    (w0, w1, w2, w3) = block
+
+    res_block = (substw(w0), substw(w1), substw(w2), substw(w3))
+
+    if VERBOSE:
+        print("SubBytes block in and block out:")
+        print_block(block)
+        print_block(res_block)
+        print("")
+
+    return res_block
+
+
+#-------------------------------------------------------------------
+# shiftrows()
+#
+# AES ShiftRows block operation.
+#-------------------------------------------------------------------
+def shiftrows(block):
+    (w0, w1, w2, w3) = block
+
+    c0 = w2b(w0)
+    c1 = w2b(w1)
+    c2 = w2b(w2)
+    c3 = w2b(w3)
+
+    ws0 = b2w(c0[0], c1[1],  c2[2],  c3[3])
+    ws1 = b2w(c1[0], c2[1],  c3[2],  c0[3])
+    ws2 = b2w(c2[0], c3[1],  c0[2],  c1[3])
+    ws3 = b2w(c3[0], c0[1],  c1[2],  c2[3])
+
+    res_block = (ws0, ws1, ws2, ws3)
+
+    if VERBOSE:
+        print("ShiftRows block in and block out:")
+        print_block(block)
+        print_block(res_block)
+        print("")
+
+    return res_block
+
+
+#-------------------------------------------------------------------
+# aes_encipher()
+#
+# Perform AES encipher operation for the given block using the
+# given key length.
+#-------------------------------------------------------------------
+def aes_encipher_block(key, block):
+    tmp_block = block[:]
+
+    # Get round keys based on the given key.
+    if len(key) == 4:
+        round_keys = key_gen128(key)
+        num_rounds = AES_128_ROUNDS
+    else:
+        round_keys = key_gen256(key)
+        num_rounds = AES_256_ROUNDS
+
+    # Init round
+    print("  Initial AddRoundKeys round.")
+    tmp_block4 = addroundkey(round_keys[0], block)
+
+    # Main rounds
+    for i in range(1 , (num_rounds)):
+        print("")
+        print("  Round %02d" % i)
+        print("  ---------")
+
+        tmp_block1 = subbytes(tmp_block4)
+        tmp_block2 = shiftrows(tmp_block1)
+        tmp_block3 = mixcolumns(tmp_block2)
+        tmp_block4 = addroundkey(round_keys[i], tmp_block3)
+
+
+    # Final round
+    print("  Final round.")
+    tmp_block1 = subbytes(tmp_block4)
+    tmp_block2 = shiftrows(tmp_block1)
+    tmp_block3 = addroundkey(round_keys[num_rounds], tmp_block2)
+
+    return tmp_block3
+
+
+#-------------------------------------------------------------------
+# inv_mixw()
+#
+# Perform inverse bit mixing of the given words.
+#-------------------------------------------------------------------
+def inv_mixw(w):
+    (b0, b1, b2, b3) = w2b(w)
+
+    mb0 = gm14(b0) ^ gm11(b1) ^ gm13(b2) ^ gm09(b3)
+    mb1 = gm09(b0) ^ gm14(b1) ^ gm11(b2) ^ gm13(b3)
+    mb2 = gm13(b0) ^ gm09(b1) ^ gm14(b2) ^ gm11(b3)
+    mb3 = gm11(b0) ^ gm13(b1) ^ gm09(b2) ^ gm14(b3)
+
+    return b2w(mb0, mb1, mb2, mb3)
+
+
+#-------------------------------------------------------------------
+# inv_mixcolumns()
+#
+# AES Inverse MixColumns on the given block.
+#-------------------------------------------------------------------
+def inv_mixcolumns(block):
+    (c0, c1, c2, c3) = block
+
+    mc0 = inv_mixw(c0)
+    mc1 = inv_mixw(c1)
+    mc2 = inv_mixw(c2)
+    mc3 = inv_mixw(c3)
+
+    res_block = (mc0, mc1, mc2, mc3)
+
+    if VERBOSE:
+        print("Inverse MixColumns block in and block out:")
+        print_block(block)
+        print_block(res_block)
+        print("")
+
+    return res_block
+
+
+#-------------------------------------------------------------------
+# inv_shiftrows()
+#
+# AES inverse ShiftRows block operation.
+#-------------------------------------------------------------------
+def inv_shiftrows(block):
+    (w0, w1, w2, w3) = block
+
+    c0 = w2b(w0)
+    c1 = w2b(w1)
+    c2 = w2b(w2)
+    c3 = w2b(w3)
+
+    ws0 = b2w(c0[0], c3[1],  c2[2],  c1[3])
+    ws1 = b2w(c1[0], c0[1],  c3[2],  c2[3])
+    ws2 = b2w(c2[0], c1[1],  c0[2],  c3[3])
+    ws3 = b2w(c3[0], c2[1],  c1[2],  c0[3])
+
+    res_block = (ws0, ws1, ws2, ws3)
+
+    if VERBOSE:
+        print("Inverse ShiftRows block in and block out:")
+        print_block(block)
+        print_block(res_block)
+        print("")
+
+    return res_block
+
+
+#-------------------------------------------------------------------
+# inv_subbytes()
+#
+# AES inverse SubBytes operation on the given block.
+#-------------------------------------------------------------------
+def inv_subbytes(block):
+    (w0, w1, w2, w3) = block
+
+    res_block = (inv_substw(w0), inv_substw(w1), inv_substw(w2), inv_substw(w3))
+
+    if VERBOSE:
+        print("Inverse SubBytes block in and block out:")
+        print_block(block)
+        print_block(res_block)
+        print("")
+
+    return res_block
+
+
+#-------------------------------------------------------------------
+# aes_decipher()
+#
+# Perform AES decipher operation for the given block
+# using the given key length.
+#-------------------------------------------------------------------
+def aes_decipher_block(key, block):
+    tmp_block = block[:]
+
+    # Get round keys based on the given key.
+    if len(key) == 4:
+        round_keys = key_gen128(key)
+        num_rounds = AES_128_ROUNDS
+    else:
+        round_keys = key_gen256(key)
+        num_rounds = AES_256_ROUNDS
+
+    # Initial round
+    print("  Initial, partial round.")
+    tmp_block1 = addroundkey(round_keys[len(round_keys) - 1], tmp_block)
+    tmp_block2 = inv_shiftrows(tmp_block1)
+    tmp_block4 = inv_subbytes(tmp_block2)
+
+    # Main rounds
+    for i in range(1 , (num_rounds)):
+        print("")
+        print("  Round %02d" % i)
+        print("  ---------")
+
+        tmp_block1 = addroundkey(round_keys[(len(round_keys) - i - 1)], tmp_block4)
+        tmp_block2 = inv_mixcolumns(tmp_block1)
+        tmp_block3 = inv_shiftrows(tmp_block2)
+        tmp_block4 = inv_subbytes(tmp_block3)
+
+    # Final round
+    print("  Final AddRoundKeys round.")
+    res_block = addroundkey(round_keys[0], tmp_block4)
+
+    return res_block
+
+
+#-------------------------------------------------------------------
+# test_mixcolumns()
+#
+# Test the mixcolumns and inverse mixcolumns operations using
+# some simple test values.
+#-------------------------------------------------------------------
+def test_mixcolumns():
+    nist_aes128_key = (0x2b7e1516, 0x28aed2a6, 0xabf71588, 0x09cf4f3c)
+
+    print("Test of mixcolumns and inverse mixcolumns:")
+    mixresult = mixcolumns(nist_aes128_key)
+    inv_mixresult = inv_mixcolumns(mixresult)
+
+    print("Test of mixw ochi inv_mixw:")
+    testw = 0xdb135345
+    expw  = 0x8e4da1bc
+    mixresult = mixw(testw)
+    inv_mixresult = inv_mixw(mixresult)
+    print("Testword:   0x%08x" % testw)
+    print("expexted:   0x%08x" % expw)
+    print("mixword:    0x%08x" % mixresult)
+    print("invmixword: 0x%08x" % inv_mixresult)
+
+
+#-------------------------------------------------------------------
+# test_aes()
+#
+# Test the AES implementation with 128 and 256 bit keys.
+#-------------------------------------------------------------------
+def test_aes():
+    nist_aes128_key = (0x2b7e1516, 0x28aed2a6, 0xabf71588, 0x09cf4f3c)
+    nist_aes256_key = (0x603deb10, 0x15ca71be, 0x2b73aef0, 0x857d7781,
+                       0x1f352c07, 0x3b6108d7, 0x2d9810a3, 0x0914dff4)
+
+    nist_plaintext0 = (0x6bc1bee2, 0x2e409f96, 0xe93d7e11, 0x7393172a)
+    nist_plaintext1 = (0xae2d8a57, 0x1e03ac9c, 0x9eb76fac, 0x45af8e51)
+    nist_plaintext2 = (0x30c81c46, 0xa35ce411, 0xe5fbc119, 0x1a0a52ef)
+    nist_plaintext3 = (0xf69f2445, 0xdf4f9b17, 0xad2b417b, 0xe66c3710)
+
+    nist_exp128_0 = (0x3ad77bb4, 0x0d7a3660, 0xa89ecaf3, 0x2466ef97)
+    nist_exp128_1 = (0xf5d3d585, 0x03b9699d, 0xe785895a, 0x96fdbaaf)
+    nist_exp128_2 = (0x43b1cd7f, 0x598ece23, 0x881b00e3, 0xed030688)
+    nist_exp128_3 = (0x7b0c785e, 0x27e8ad3f, 0x82232071, 0x04725dd4)
+
+    nist_exp256_0 = (0xf3eed1bd, 0xb5d2a03c, 0x064b5a7e, 0x3db181f8)
+    nist_exp256_1 = (0x591ccb10, 0xd410ed26, 0xdc5ba74a, 0x31362870)
+    nist_exp256_2 = (0xb6ed21b9, 0x9ca6f4f9, 0xf153e7b1, 0xbeafed1d)
+    nist_exp256_3 = (0x23304b7a, 0x39f9f3ff, 0x067d8d8f, 0x9e24ecc7)
+
+
+    print("Doing block encryption.")
+    enc_result128_0 = aes_encipher_block(nist_aes128_key, nist_plaintext0)
+    enc_result128_1 = aes_encipher_block(nist_aes128_key, nist_plaintext1)
+    enc_result128_2 = aes_encipher_block(nist_aes128_key, nist_plaintext2)
+    enc_result128_3 = aes_encipher_block(nist_aes128_key, nist_plaintext3)
+
+    enc_result256_0 = aes_encipher_block(nist_aes256_key, nist_plaintext0)
+    enc_result256_1 = aes_encipher_block(nist_aes256_key, nist_plaintext1)
+    enc_result256_2 = aes_encipher_block(nist_aes256_key, nist_plaintext2)
+    enc_result256_3 = aes_encipher_block(nist_aes256_key, nist_plaintext3)
+
+    print("Doing block decryption.")
+    dec_result128_0 = aes_decipher_block(nist_aes128_key, nist_exp128_0)
+    dec_result128_1 = aes_decipher_block(nist_aes128_key, nist_exp128_1)
+    dec_result128_2 = aes_decipher_block(nist_aes128_key, nist_exp128_2)
+    dec_result128_3 = aes_decipher_block(nist_aes128_key, nist_exp128_3)
+
+    dec_result256_0 = aes_decipher_block(nist_aes256_key, nist_exp256_0)
+    dec_result256_1 = aes_decipher_block(nist_aes256_key, nist_exp256_1)
+    dec_result256_2 = aes_decipher_block(nist_aes256_key, nist_exp256_2)
+    dec_result256_3 = aes_decipher_block(nist_aes256_key, nist_exp256_3)
+
+
+    if VERBOSE:
+        print("   AES Encipher tests")
+        print("   ==================")
+
+        print("Test 0 for AES-128.")
+        print("Key:")
+        print_key(nist_aes128_key)
+        print("Block in:")
+        print_block(nist_plaintext0)
+        print("Expected block out:")
+        print_block(nist_exp128_0)
+        print("Got block out:")
+        print_block(enc_result128_0)
+        print("")
+
+        print("Test 1 for AES-128.")
+        print("Key:")
+        print_key(nist_aes128_key)
+        print("Block in:")
+        print_block(nist_plaintext1)
+        print("Expected block out:")
+        print_block(nist_exp128_1)
+        print("Got block out:")
+        print_block(enc_result128_1)
+        print("")
+
+        print("Test 2 for AES-128.")
+        print("Key:")
+        print_key(nist_aes128_key)
+        print("Block in:")
+        print_block(nist_plaintext2)
+        print("Expected block out:")
+        print_block(nist_exp128_2)
+        print("Got block out:")
+        print_block(enc_result128_2)
+        print("")
+
+        print("Test 3 for AES-128.")
+        print("Key:")
+        print_key(nist_aes128_key)
+        print("Block in:")
+        print_block(nist_plaintext3)
+        print("Expected block out:")
+        print_block(nist_exp128_3)
+        print("Got block out:")
+        print_block(enc_result128_3)
+        print("")
+
+
+        print("Test 0 for AES-256.")
+        print("Key:")
+        print_key(nist_aes256_key)
+        print("Block in:")
+        print_block(nist_plaintext0)
+        print("Expected block out:")
+        print_block(nist_exp256_0)
+        print("Got block out:")
+        print_block(enc_result256_0)
+        print("")
+
+        print("Test 1 for AES-256.")
+        print("Key:")
+        print_key(nist_aes256_key)
+        print("Block in:")
+        print_block(nist_plaintext1)
+        print("Expected block out:")
+        print_block(nist_exp256_1)
+        print("Got block out:")
+        print_block(enc_result256_1)
+        print("")
+
+        print("Test 2 for AES-256.")
+        print("Key:")
+        print_key(nist_aes256_key)
+        print("Block in:")
+        print_block(nist_plaintext2)
+        print("Expected block out:")
+        print_block(nist_exp256_2)
+        print("Got block out:")
+        print_block(enc_result256_2)
+        print("")
+
+        print("Test 3 for AES-256.")
+        print("Key:")
+        print_key(nist_aes256_key)
+        print("Block in:")
+        print_block(nist_plaintext3)
+        print("Expected block out:")
+        print_block(nist_exp256_3)
+        print("Got block out:")
+        print_block(enc_result256_3)
+        print("")
+
+        print("")
+        print("   AES Decipher tests")
+        print("   ==================")
+
+        print("Test 0 for AES-128.")
+        print("Key:")
+        print_key(nist_aes128_key)
+        print("Block in:")
+        print_block(nist_exp128_0)
+        print("Expected block out:")
+        print_block(nist_plaintext0)
+        print("Got block out:")
+        print_block(dec_result128_0)
+        print("")
+
+        print("Test 1 for AES-128.")
+        print("Key:")
+        print_key(nist_aes128_key)
+        print("Block in:")
+        print_block(nist_exp128_1)
+        print("Expected block out:")
+        print_block(nist_plaintext1)
+        print("Got block out:")
+        print_block(dec_result128_1)
+        print("")
+
+        print("Test 2 for AES-128.")
+        print("Key:")
+        print_key(nist_aes128_key)
+        print("Block in:")
+        print_block(nist_exp128_2)
+        print("Expected block out:")
+        print_block(nist_plaintext2)
+        print("Got block out:")
+        print_block(dec_result128_2)
+        print("")
+
+        print("Test 3 for AES-128.")
+        print("Key:")
+        print_key(nist_aes128_key)
+        print("Block in:")
+        print_block(nist_exp128_3)
+        print("Expected block out:")
+        print_block(nist_plaintext3)
+        print("Got block out:")
+        print_block(dec_result128_3)
+        print("")
+
+        print("Test 0 for AES-256.")
+        print("Key:")
+        print_key(nist_aes256_key)
+        print("Block in:")
+        print_block(nist_exp256_0)
+        print("Expected block out:")
+        print_block(nist_plaintext0)
+        print("Got block out:")
+        print_block(dec_result256_0)
+        print("")
+
+        print("Test 1 for AES-256.")
+        print("Key:")
+        print_key(nist_aes256_key)
+        print("Block in:")
+        print_block(nist_exp256_1)
+        print("Expected block out:")
+        print_block(nist_plaintext1)
+        print("Got block out:")
+        print_block(dec_result256_1)
+        print("")
+
+        print("Test 2 for AES-256.")
+        print("Key:")
+        print_key(nist_aes256_key)
+        print("Block in:")
+        print_block(nist_exp256_2)
+        print("Expected block out:")
+        print_block(nist_plaintext2)
+        print("Got block out:")
+        print_block(dec_result256_2)
+        print("")
+
+        print("Test 3 for AES-256.")
+        print("Key:")
+        print_key(nist_aes256_key)
+        print("Block in:")
+        print_block(nist_exp256_3)
+        print("Expected block out:")
+        print_block(nist_plaintext3)
+        print("Got block out:")
+        print_block(dec_result256_3)
+        print("")
+
+
+#-------------------------------------------------------------------
+# main()
+#
+# If executed tests the ChaCha class using known test vectors.
+#-------------------------------------------------------------------
+def main():
+    print("Testing the AES cipher model")
+    print("============================")
+    print
+
+    # test_mixcolumns()
+    test_aes()
+
+
+#-------------------------------------------------------------------
+# __name__
+# Python thingy which allows the file to be run standalone as
+# well as parsed from within a Python interpreter.
+#-------------------------------------------------------------------
+if __name__=="__main__":
+    # Run the main function.
+    sys.exit(main())
+
+#=======================================================================
+# EOF aes_key_gen.py
+#=======================================================================
diff --git a/src/model/python/aes_key_gen.py b/src/model/python/aes_key_gen.py
new file mode 100755
index 0000000..54ff617
--- /dev/null
+++ b/src/model/python/aes_key_gen.py
@@ -0,0 +1,567 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#=======================================================================
+#
+# aes_key_gen.py
+# -------------
+# Simple, pure Python test model of the AES key generation.
+# This one is operating on 32 bit words. The key generation
+# supports 128 and 256 bit keys.
+#
+#
+# Author: Joachim Strombergson
+# Copyright (c) 2014, SUNET
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or
+# without modification, are permitted provided that the following
+# conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+#=======================================================================
+
+#-------------------------------------------------------------------
+# Python module imports.
+#-------------------------------------------------------------------
+import sys
+
+
+#-------------------------------------------------------------------
+# Constants.
+#-------------------------------------------------------------------
+VERBOSE = True
+
+DUMP_VARS = True
+
+AES_128_ROUNDS = 10
+AES_256_ROUNDS = 14
+
+
+sbox = [0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
+        0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
+        0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
+        0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
+        0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
+        0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
+        0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
+        0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
+        0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
+        0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
+        0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
+        0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
+        0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
+        0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
+        0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
+        0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
+        0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
+        0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
+        0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
+        0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
+        0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
+        0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
+        0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
+        0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
+        0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
+        0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
+        0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
+        0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
+        0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
+        0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
+        0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
+        0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16]
+
+
+#-------------------------------------------------------------------
+# substw()
+#
+# Returns a 32-bit word in which each of the bytes in the
+# given 32-bit word has been used as lookup into the AES S-box.
+#-------------------------------------------------------------------
+def substw(w):
+    b0 = w >> 24
+    b1 = w >> 16 & 0xff
+    b2 = w >> 8 & 0xff
+    b3 = w & 0xff
+
+    s0 = sbox[b0]
+    s1 = sbox[b1]
+    s2 = sbox[b2]
+    s3 = sbox[b3]
+
+    res = (s0 << 24) + (s1 << 16) + (s2 << 8) + s3
+
+    if VERBOSE:
+        print("Inside substw:")
+        print("b0 = 0x%02x, b1 = 0x%02x, b2 = 0x%02x, b3 = 0x%02x" %
+              (b0, b1, b2, b3))
+        print("s0 = 0x%02x, s1 = 0x%02x, s2 = 0x%02x, s3 = 0x%02x" %
+              (s0, s1, s2, s3))
+        print("res = 0x%08x" % (res))
+
+    return res
+
+
+#-------------------------------------------------------------------
+# rol8()
+#
+# Rotate the given 32 bit word 8 bits left.
+#-------------------------------------------------------------------
+def rol8(w):
+    return ((w << 8) | (w >> 24)) & 0xffffffff
+
+
+#-------------------------------------------------------------------
+# next_128bit_key()
+#
+# Generate the next four key words for aes-128 based on given
+# rcon and previous key words.
+#-------------------------------------------------------------------
+def next_128bit_key(prev_key, rcon):
+    (w0, w1, w2, w3) = prev_key
+
+    rol = rol8(w3)
+    subst = substw(rol)
+    t = subst ^ (rcon << 24)
+
+    k0 = w0 ^ t
+    k1 = w1 ^ w0 ^ t
+    k2 = w2 ^ w1 ^ w0 ^ t
+    k3 = w3 ^ w2 ^ w1 ^ w0 ^ t
+
+    if VERBOSE:
+        print("Inside next 128bit key:")
+        print("w0 = 0x%08x, w1 = 0x%08x, w2 = 0x%08x, w3 = 0x%08x" %
+              (w0, w1, w2, w3))
+        print("rol = 0x%08x, subst = 0x%08x, rcon = 0x%02x, t = 0x%08x" %
+              (rol, subst, rcon, t))
+        print("k0 = 0x%08x, k1 = 0x%08x, k2 = 0x%08x, k3 = 0x%08x" %
+              (k0, k1, k2, k3))
+
+    return (k0, k1, k2, k3)
+
+
+#-------------------------------------------------------------------
+# key_gen128()
+#
+# Generating the keys for 128 bit keys.
+#-------------------------------------------------------------------
+def key_gen128(key):
+    round_keys = []
+
+    round_keys.append(key)
+
+    round_keys.append(next_128bit_key(round_keys[0], get_rcon(1)))
+    round_keys.append(next_128bit_key(round_keys[1], get_rcon(2)))
+    round_keys.append(next_128bit_key(round_keys[2], get_rcon(3)))
+    round_keys.append(next_128bit_key(round_keys[3], get_rcon(4)))
+    round_keys.append(next_128bit_key(round_keys[4], get_rcon(5)))
+    round_keys.append(next_128bit_key(round_keys[5], get_rcon(6)))
+    round_keys.append(next_128bit_key(round_keys[6], get_rcon(7)))
+    round_keys.append(next_128bit_key(round_keys[7], get_rcon(8)))
+    round_keys.append(next_128bit_key(round_keys[8], get_rcon(9)))
+    round_keys.append(next_128bit_key(round_keys[9], get_rcon(10)))
+
+    return round_keys
+
+
+#-------------------------------------------------------------------
+# next_256bit_key_a()
+#
+# Generate the next four key words for aes-256 using algorithm A
+# based on given rcon and the previous two keys.
+#-------------------------------------------------------------------
+def next_256it_key_a(key0, key1, rcon):
+    (w0, w1, w2, w3) = key0
+    (w4, w5, w6, w7) = key1
+
+    sw = substw(rol8(w7))
+    rw = (rcon << 24)
+    t = sw ^ rw
+
+    k0 = w0 ^ t
+    k1 = w1 ^ w0 ^ t
+    k2 = w2 ^ w1 ^ w0 ^ t
+    k3 = w3 ^ w2 ^ w1 ^ w0 ^ t
+
+    if (DUMP_VARS):
+        print("next_256bit_key_a:")
+        print("w0 = 0x%08x, w0 = 0x%08x, w0 = 0x%08x, w0 = 0x%08x" % (w0, w1, w2, w3))
+        print("w4 = 0x%08x, w5 = 0x%08x, w6 = 0x%08x, w7 = 0x%08x" % (w4, w5, w6, w7))
+        print("t = 0x%08x, sw = 0x%08x, rw = 0x%08x" % (t, sw, rw))
+        print("k0 = 0x%08x, k0 = 0x%08x, k0 = 0x%08x, k0 = 0x%08x" % (k0, k1, k2, k3))
+        print("")
+
+    return (k0, k1, k2, k3)
+
+
+#-------------------------------------------------------------------
+# next_256bit_key_b()
+#
+# Generate the next four key words for aes-256 using algorithm B
+# based on given previous eight keywords.
+#-------------------------------------------------------------------
+def next_256it_key_b(key0, key1):
+    (w0, w1, w2, w3) = key0
+    (w4, w5, w6, w7) = key1
+
+    t = substw(w7)
+
+    k0 = w0 ^ t
+    k1 = w1 ^ w0 ^ t
+    k2 = w2 ^ w1 ^ w0 ^ t
+    k3 = w3 ^ w2 ^ w1 ^ w0 ^ t
+
+    if (DUMP_VARS):
+        print("next_256bit_key_b:")
+        print("w0 = 0x%08x, w0 = 0x%08x, w0 = 0x%08x, w0 = 0x%08x" % (w0, w1, w2, w3))
+        print("w4 = 0x%08x, w5 = 0x%08x, w6 = 0x%08x, w7 = 0x%08x" % (w4, w5, w6, w7))
+        print("t = 0x%08x" % (t))
+        print("k0 = 0x%08x, k0 = 0x%08x, k0 = 0x%08x, k0 = 0x%08x" % (k0, k1, k2, k3))
+        print("")
+
+    return (k0, k1, k2, k3)
+
+
+#-------------------------------------------------------------------
+# key_gen256()
+#
+# Generating the keys for 256 bit keys.
+#-------------------------------------------------------------------
+def key_gen256(key):
+    round_keys = []
+    (k0, k1, k2, k3, k4, k5, k6, k7) = key
+
+    round_keys.append((k0, k1, k2, k3))
+    round_keys.append((k4, k5, k6, k7))
+
+    j = 1
+    for i in range(0, (AES_256_ROUNDS - 2), 2):
+        k = next_256it_key_a(round_keys[i], round_keys[i + 1], get_rcon(j))
+        round_keys.append(k)
+        k = next_256it_key_b(round_keys[i + 1], round_keys[i + 2])
+        round_keys.append(k)
+        j += 1
+
+    # One final key needs to be generated.
+    k = next_256it_key_a(round_keys[12], round_keys[13], get_rcon(7))
+    round_keys.append(k)
+
+    return round_keys
+
+
+#-------------------------------------------------------------------
+# key_gen()
+#
+# The actual key generation.
+#-------------------------------------------------------------------
+def key_gen(key):
+    if VERBOSE:
+        print("Generating keys for AES-%d." % (len(key) * 32))
+
+    if (len(key) * 32) == 128:
+        return key_gen128(key)
+
+    else:
+        return key_gen256(key)
+
+
+#-------------------------------------------------------------------
+# get_rcon()
+#
+# Function implementation of rcon. Calculates rcon for a
+# given round. This could be implemented as an iterator.
+#-------------------------------------------------------------------
+def get_rcon(round):
+    rcon = 0x8d
+
+    for i in range(0, round):
+        rcon = ((rcon << 1) ^ (0x11b & - (rcon >> 7))) & 0xff
+
+    return rcon
+
+
+#-------------------------------------------------------------------
+# print_bytekeys()
+#
+# Print a set of round keys given as an array of bytes.
+#-------------------------------------------------------------------
+def print_bytekeys(keys):
+    i = 0
+    print("Number of round keys: %d" % (int(len(keys) / 16)))
+    while i < (len(keys) - 1):
+        for j in range(16):
+            print("0x%02x " % keys[i + j], end="")
+        print("")
+        i += 16
+
+
+#-------------------------------------------------------------------
+# test_rcon()
+#
+# Test of the rcon function.
+#-------------------------------------------------------------------
+def test_rcon():
+    print("Testing rcon:")
+    for i in range(20):
+        print("rcon %02d = 0x%02x" % (i, get_rcon(i)))
+
+
+#-------------------------------------------------------------------
+# test_key()
+#
+# Generate round keys for a given key and compare them to
+# the given expected round keys.
+#-------------------------------------------------------------------
+def test_key(key, expected):
+    if len(key) not in [4, 8]:
+        print("Error: Key is %d bits, not 128 or 256 bits" % (len(key) * 32))
+        return
+
+    generated = key_gen(key)
+
+    if VERBOSE:
+        for k in generated:
+            (w0, w1, w2, w3) = k
+            print("0x%08x, 0x%08x, 0x%08x, 0x%08x" %
+                  (w0, w1, w2, w3))
+
+    if (len(generated) != len(expected)):
+        print("Error: Incorrect number of keys generated.")
+        print("Expected number of round keys: %d" % len(expected))
+        print("Got number of round keys:      %d" % len(generated))
+
+    for i in range(len(generated)):
+        exp = expected[i]
+        got = generated[i]
+        if (exp != got):
+            print("Error: Error in round key %d." % i)
+            (e0, e1, e2, e3) = exp
+            (g0, g1, g2, g3) = got
+            print("Expected: 0x%08x 0x%08x 0x%08x 0x%08x"\
+                  % (e0, e1, e2, e3))
+            print("Got:      0x%08x 0x%08x 0x%08x 0x%08x"\
+                  % (g0, g1, g2, g3))
+        else:
+            print("Correct key generated.")
+
+
+#-------------------------------------------------------------------
+# test_key_expansion()
+#
+# Perform key expansion tests.
+# The test keys and expected round keys are taken from:
+# http://www.samiam.org/key-schedule.html
+#-------------------------------------------------------------------
+def test_key_expansion():
+    # 128 bit keys.
+    key128_1 = (0x00000000, 0x00000000, 0x00000000, 0x00000000)
+    exp128_1 = ((0x00000000, 0x00000000, 0x00000000, 0x00000000),
+                (0x62636363, 0x62636363, 0x62636363, 0x62636363),
+                (0x9b9898c9, 0xf9fbfbaa, 0x9b9898c9, 0xf9fbfbaa),
+                (0x90973450, 0x696ccffa, 0xf2f45733, 0x0b0fac99),
+                (0xee06da7b, 0x876a1581, 0x759e42b2, 0x7e91ee2b),
+                (0x7f2e2b88, 0xf8443e09, 0x8dda7cbb, 0xf34b9290),
+                (0xec614b85, 0x1425758c, 0x99ff0937, 0x6ab49ba7),
+                (0x21751787, 0x3550620b, 0xacaf6b3c, 0xc61bf09b),
+                (0x0ef90333, 0x3ba96138, 0x97060a04, 0x511dfa9f),
+                (0xb1d4d8e2, 0x8a7db9da, 0x1d7bb3de, 0x4c664941),
+                (0xb4ef5bcb, 0x3e92e211, 0x23e951cf, 0x6f8f188e))
+
+    key128_2 = (0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff)
+    exp128_2 = ((0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff),
+                (0xe8e9e9e9, 0x17161616, 0xe8e9e9e9, 0x17161616),
+                (0xadaeae19, 0xbab8b80f, 0x525151e6, 0x454747f0),
+                (0x090e2277, 0xb3b69a78, 0xe1e7cb9e, 0xa4a08c6e),
+                (0xe16abd3e, 0x52dc2746, 0xb33becd8, 0x179b60b6),
+                (0xe5baf3ce, 0xb766d488, 0x045d3850, 0x13c658e6),
+                (0x71d07db3, 0xc6b6a93b, 0xc2eb916b, 0xd12dc98d),
+                (0xe90d208d, 0x2fbb89b6, 0xed5018dd, 0x3c7dd150),
+                (0x96337366, 0xb988fad0, 0x54d8e20d, 0x68a5335d),
+                (0x8bf03f23, 0x3278c5f3, 0x66a027fe, 0x0e0514a3),
+                (0xd60a3588, 0xe472f07b, 0x82d2d785, 0x8cd7c326))
+
+    key128_3 = (0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f)
+    exp128_3 = ((0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f),
+                (0xd6aa74fd, 0xd2af72fa, 0xdaa678f1, 0xd6ab76fe),
+                (0xb692cf0b, 0x643dbdf1, 0xbe9bc500, 0x6830b3fe),
+                (0xb6ff744e, 0xd2c2c9bf, 0x6c590cbf, 0x0469bf41),
+                (0x47f7f7bc, 0x95353e03, 0xf96c32bc, 0xfd058dfd),
+                (0x3caaa3e8, 0xa99f9deb, 0x50f3af57, 0xadf622aa),
+                (0x5e390f7d, 0xf7a69296, 0xa7553dc1, 0x0aa31f6b),
+                (0x14f9701a, 0xe35fe28c, 0x440adf4d, 0x4ea9c026),
+                (0x47438735, 0xa41c65b9, 0xe016baf4, 0xaebf7ad2),
+                (0x549932d1, 0xf0855768, 0x1093ed9c, 0xbe2c974e),
+                (0x13111d7f, 0xe3944a17, 0xf307a78b, 0x4d2b30c5))
+
+    key128_4 = (0x6920e299, 0xa5202a6d, 0x656e6368, 0x69746f2a)
+    exp128_4 = ((0x6920e299, 0xa5202a6d, 0x656e6368, 0x69746f2a),
+                (0xfa880760, 0x5fa82d0d, 0x3ac64e65, 0x53b2214f),
+                (0xcf75838d, 0x90ddae80, 0xaa1be0e5, 0xf9a9c1aa),
+                (0x180d2f14, 0x88d08194, 0x22cb6171, 0xdb62a0db),
+                (0xbaed96ad, 0x323d1739, 0x10f67648, 0xcb94d693),
+                (0x881b4ab2, 0xba265d8b, 0xaad02bc3, 0x6144fd50),
+                (0xb34f195d, 0x096944d6, 0xa3b96f15, 0xc2fd9245),
+                (0xa7007778, 0xae6933ae, 0x0dd05cbb, 0xcf2dcefe),
+                (0xff8bccf2, 0x51e2ff5c, 0x5c32a3e7, 0x931f6d19),
+                (0x24b7182e, 0x7555e772, 0x29674495, 0xba78298c),
+                (0xae127cda, 0xdb479ba8, 0xf220df3d, 0x4858f6b1))
+
+    nist_aes128_key = (0x2b7e1516, 0x28aed2a6, 0xabf71588, 0x09cf4f3c)
+    exp_nist128_key = ((0x2b7e1516, 0x28aed2a6, 0xabf71588, 0x09cf4f3c),
+                       (0xa0fafe17, 0x88542cb1, 0x23a33939, 0x2a6c7605),
+                       (0xf2c295f2, 0x7a96b943, 0x5935807a, 0x7359f67f),
+                       (0x3d80477d, 0x4716fe3e, 0x1e237e44, 0x6d7a883b),
+                       (0xef44a541, 0xa8525b7f, 0xb671253b, 0xdb0bad00),
+                       (0xd4d1c6f8, 0x7c839d87, 0xcaf2b8bc, 0x11f915bc),
+                       (0x6d88a37a, 0x110b3efd, 0xdbf98641, 0xca0093fd),
+                       (0x4e54f70e, 0x5f5fc9f3, 0x84a64fb2, 0x4ea6dc4f),
+                       (0xead27321, 0xb58dbad2, 0x312bf560, 0x7f8d292f),
+                       (0xac7766f3, 0x19fadc21, 0x28d12941, 0x575c006e),
+                       (0xd014f9a8, 0xc9ee2589, 0xe13f0cc8, 0xb6630ca6))
+
+
+    # 256 bit keys.
+    key256_1 = (0x00000000, 0x00000000, 0x00000000, 0x00000000,
+                0x00000000, 0x00000000, 0x00000000, 0x0000000)
+    exp256_1 = ((0x00000000, 0x00000000, 0x00000000, 0x00000000),
+                (0x00000000, 0x00000000, 0x00000000, 0x00000000),
+                (0x62636363, 0x62636363, 0x62636363, 0x62636363),
+                (0xaafbfbfb, 0xaafbfbfb, 0xaafbfbfb, 0xaafbfbfb),
+                (0x6f6c6ccf, 0x0d0f0fac, 0x6f6c6ccf, 0x0d0f0fac),
+                (0x7d8d8d6a, 0xd7767691, 0x7d8d8d6a, 0xd7767691),
+                (0x5354edc1, 0x5e5be26d, 0x31378ea2, 0x3c38810e),
+                (0x968a81c1, 0x41fcf750, 0x3c717a3a, 0xeb070cab),
+                (0x9eaa8f28, 0xc0f16d45, 0xf1c6e3e7, 0xcdfe62e9),
+                (0x2b312bdf, 0x6acddc8f, 0x56bca6b5, 0xbdbbaa1e),
+                (0x6406fd52, 0xa4f79017, 0x553173f0, 0x98cf1119),
+                (0x6dbba90b, 0x07767584, 0x51cad331, 0xec71792f),
+                (0xe7b0e89c, 0x4347788b, 0x16760b7b, 0x8eb91a62),
+                (0x74ed0ba1, 0x739b7e25, 0x2251ad14, 0xce20d43b),
+                (0x10f80a17, 0x53bf729c, 0x45c979e7, 0xcb706385))
+
+
+    key256_2 = (0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff,
+                0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff)
+    exp256_2 = ((0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff),
+                (0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff),
+                (0xe8e9e9e9, 0x17161616, 0xe8e9e9e9, 0x17161616),
+                (0x0fb8b8b8, 0xf0474747, 0x0fb8b8b8, 0xf0474747),
+                (0x4a494965, 0x5d5f5f73, 0xb5b6b69a, 0xa2a0a08c),
+                (0x355858dc, 0xc51f1f9b, 0xcaa7a723, 0x3ae0e064),
+                (0xafa80ae5, 0xf2f75596, 0x4741e30c, 0xe5e14380),
+                (0xeca04211, 0x29bf5d8a, 0xe318faa9, 0xd9f81acd),
+                (0xe60ab7d0, 0x14fde246, 0x53bc014a, 0xb65d42ca),
+                (0xa2ec6e65, 0x8b5333ef, 0x684bc946, 0xb1b3d38b),
+                (0x9b6c8a18, 0x8f91685e, 0xdc2d6914, 0x6a702bde),
+                (0xa0bd9f78, 0x2beeac97, 0x43a565d1, 0xf216b65a),
+                (0xfc223491, 0x73b35ccf, 0xaf9e35db, 0xc5ee1e05),
+                (0x0695ed13, 0x2d7b4184, 0x6ede2455, 0x9cc8920f),
+                (0x546d424f, 0x27de1e80, 0x88402b5b, 0x4dae355e))
+
+
+    key256_3 = (0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f,
+                0x10111213, 0x14151617, 0x18191a1b, 0x1c1d1e1f)
+    exp256_3 = ((0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f),
+                (0x10111213, 0x14151617, 0x18191a1b, 0x1c1d1e1f),
+                (0xa573c29f, 0xa176c498, 0xa97fce93, 0xa572c09c),
+                (0x1651a8cd, 0x0244beda, 0x1a5da4c1, 0x0640bade),
+                (0xae87dff0, 0x0ff11b68, 0xa68ed5fb, 0x03fc1567),
+                (0x6de1f148, 0x6fa54f92, 0x75f8eb53, 0x73b8518d),
+                (0xc656827f, 0xc9a79917, 0x6f294cec, 0x6cd5598b),
+                (0x3de23a75, 0x524775e7, 0x27bf9eb4, 0x5407cf39),
+                (0x0bdc905f, 0xc27b0948, 0xad5245a4, 0xc1871c2f),
+                (0x45f5a660, 0x17b2d387, 0x300d4d33, 0x640a820a),
+                (0x7ccff71c, 0xbeb4fe54, 0x13e6bbf0, 0xd261a7df),
+                (0xf01afafe, 0xe7a82979, 0xd7a5644a, 0xb3afe640),
+                (0x2541fe71, 0x9bf50025, 0x8813bbd5, 0x5a721c0a),
+                (0x4e5a6699, 0xa9f24fe0, 0x7e572baa, 0xcdf8cdea),
+                (0x24fc79cc, 0xbf0979e9, 0x371ac23c, 0x6d68de36))
+
+
+    nist_aes256_key = (0x603deb10, 0x15ca71be, 0x2b73aef0, 0x857d7781,
+                       0x1f352c07, 0x3b6108d7, 0x2d9810a3, 0x0914dff4)
+
+    exp_nist256_key = ((0x603deb10, 0x15ca71be, 0x2b73aef0, 0x857d7781),
+                       (0x1f352c07, 0x3b6108d7, 0x2d9810a3, 0x0914dff4),
+                       (0x9ba35411, 0x8e6925af, 0xa51a8b5f, 0x2067fcde),
+                       (0xa8b09c1a, 0x93d194cd, 0xbe49846e, 0xb75d5b9a),
+                       (0xd59aecb8, 0x5bf3c917, 0xfee94248, 0xde8ebe96),
+                       (0xb5a9328a, 0x2678a647, 0x98312229, 0x2f6c79b3),
+                       (0x812c81ad, 0xdadf48ba, 0x24360af2, 0xfab8b464),
+                       (0x98c5bfc9, 0xbebd198e, 0x268c3ba7, 0x09e04214),
+                       (0x68007bac, 0xb2df3316, 0x96e939e4, 0x6c518d80),
+                       (0xc814e204, 0x76a9fb8a, 0x5025c02d, 0x59c58239),
+                       (0xde136967, 0x6ccc5a71, 0xfa256395, 0x9674ee15),
+                       (0x5886ca5d, 0x2e2f31d7, 0x7e0af1fa, 0x27cf73c3),
+                       (0x749c47ab, 0x18501dda, 0xe2757e4f, 0x7401905a),
+                       (0xcafaaae3, 0xe4d59b34, 0x9adf6ace, 0xbd10190d),
+                       (0xfe4890d1, 0xe6188d0b, 0x046df344, 0x706c631e))
+
+    print("*** Test of 128 bit keys: ***")
+    test_key(key128_1, exp128_1)
+    test_key(key128_2, exp128_2)
+    test_key(key128_3, exp128_3)
+    test_key(key128_4, exp128_4)
+
+    print("The NIST 128 key:")
+    test_key(nist_aes128_key, exp_nist128_key)
+    print("")
+
+
+    print("*** Test of 256 bit keys: ***")
+    test_key(key256_1, exp256_1)
+    test_key(key256_2, exp256_2)
+    test_key(key256_3, exp256_3)
+
+    print("The NIST 256 key:")
+    test_key(nist_aes256_key, exp_nist256_key)
+    print("")
+
+    print("")
+
+
+#-------------------------------------------------------------------
+# main()
+#
+# If executed tests the ChaCha class using known test vectors.
+#-------------------------------------------------------------------
+def main():
+    print("Testing the AES key generation")
+    print("==============================")
+    print
+
+    test_key_expansion()
+
+
+#-------------------------------------------------------------------
+# __name__
+# Python thingy which allows the file to be run standalone as
+# well as parsed from within a Python interpreter.
+#-------------------------------------------------------------------
+if __name__=="__main__":
+    # Run the main function.
+    sys.exit(main())
+
+#=======================================================================
+# EOF aes_key_gen.py
+#=======================================================================
diff --git a/src/model/python/rcon.py b/src/model/python/rcon.py
new file mode 100644
index 0000000..ffc0140
--- /dev/null
+++ b/src/model/python/rcon.py
@@ -0,0 +1,585 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#=======================================================================
+#
+# aes_key_gen.py
+# -------------
+# Simple, pure Python test model of the AES key generation.
+#
+#
+# Author: Joachim Strombergson
+# Copyright (c) 2014, SUNET
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or
+# without modification, are permitted provided that the following
+# conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+#=======================================================================
+
+#-------------------------------------------------------------------
+# Python module imports.
+#-------------------------------------------------------------------
+import sys
+
+
+#-------------------------------------------------------------------
+# Constants.
+#-------------------------------------------------------------------
+VERBOSE = True
+
+AES_128_ROUNDS = 10
+AES_192_ROUNDS = 12
+AES_256_ROUNDS = 14
+
+
+sbox = [0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
+        0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
+        0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
+        0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
+        0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
+        0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
+        0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
+        0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
+        0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
+        0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
+        0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
+        0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
+        0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
+        0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
+        0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
+        0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
+        0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
+        0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
+        0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
+        0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
+        0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
+        0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
+        0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
+        0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
+        0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
+        0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
+        0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
+        0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
+        0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
+        0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
+        0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
+        0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16]
+
+
+#-------------------------------------------------------------------
+# substw()
+#
+# Returns a 32-bit word in which each of the bytes in the
+# given 32-bit word has been used as lookup into the AES S-box.
+#-------------------------------------------------------------------
+def substw(w):
+    b0 = w >> 24
+    b1 = w >> 16 & 0xff
+    b2 = w >> 8 & 0xff
+    b3 = w & 0xff
+
+    s0 = sbox[b0]
+    s1 = sbox[b1]
+    s2 = sbox[b2]
+    s3 = sbox[b3]
+
+    return (s0 << 24) + (s1 << 16) + (s2 << 8) + s3
+
+
+#-------------------------------------------------------------------
+# rol8()
+#
+# Rotate the given 32 bit word 8 bits left.
+#-------------------------------------------------------------------
+def rol8(w):
+    return ((w << 8) | (w >> 24)) & 0xffffffff
+
+
+#-------------------------------------------------------------------
+# next_words()
+#
+# Generate the next four key words based on given rcon and
+# previous key words.
+#-------------------------------------------------------------------
+def next_words(prev_words, rcon):
+    (prev_x0, prev_x1, prev_x2, prev_x3) = prev_words
+    tmp = substw(rol8(prev_x3)) ^ (rcon << 24)
+    x0 = prev_x0 ^ tmp
+    x1 = prev_x1 ^ x0
+    x2 = prev_x2 ^ x1
+    x3 = prev_x3 ^ x2
+    return (x0, x1, x2, x3)
+
+
+#-------------------------------------------------------------------
+# key_gen()
+#
+# The actual key generation.
+#-------------------------------------------------------------------
+def key_gen(key):
+    nr_rounds = {4:AES_128_ROUNDS, 6:AES_192_ROUNDS, 8:AES_256_ROUNDS}[len(key)]
+    if VERBOSE:
+        print("Generating keys for AES-%d." % (len(key) * 32))
+
+    round_keys = []
+    if nr_rounds == AES_128_ROUNDS:
+        round_keys.append(key)
+
+    elif nr_rounds == AES_192_ROUNDS:
+        (k0, k1, k2, k3, k4, k5) = key
+        round_keys.append((k0, k1, k2, k3))
+        rcon = ((0x8d << 1) ^ (0x11b & - (0x8d >> 7))) & 0xff
+        (x0, x1, x2, x3) = next_words((k0, k1, k2, k3), rcon)
+        round_keys.append((k4, k5, x2, x3))
+        nr_rounds -= 1
+
+    else:
+        # nr_rounds == AES_192_ROUNDS
+        (k0, k1, k2, k3, k4, k5, k6, k7) = key
+        round_keys.append((k0, k1, k2, k3))
+        round_keys.append((k4, k5, k6, k7))
+        nr_rounds -= 1
+
+    rcon = 0x8d
+
+    for i in range(0, nr_rounds):
+        rcon = ((rcon << 1) ^ (0x11b & - (rcon >> 7))) & 0xff
+        round_keys.append(next_words(round_keys[i], rcon))
+
+    return round_keys
+
+
+#-------------------------------------------------------------------
+# sam_rcon()
+#
+# Function implementation of rcon. Calculates rcon for a
+# given round. This could be implemented as an iterator
+#-------------------------------------------------------------------
+def sam_rcon(round):
+    rcon = 0x8d
+
+    for i in range(0, round):
+        rcon = ((rcon << 1) ^ (0x11b & - (rcon >> 7))) & 0xff
+
+    return rcon
+
+
+#-------------------------------------------------------------------
+# sam_schedule_core()
+#
+# Perform the rotate and SubBytes operation used in all schedules.
+#-------------------------------------------------------------------
+def sam_schedule_core(word, i):
+    # Rotate one byte left
+    word = word[1 : 4] + [word[0]]
+
+    # Perform SubBytes on all bytes in the word.
+    for a in range(4):
+        word[a] = sbox[word[a]]
+
+    # XOR with rcon on the first byte
+    rcon = sam_rcon(i)
+    print("rcon = 0x%02x" % rcon)
+    word[0] = word[0] ^ rcon
+
+    return word
+
+
+#-------------------------------------------------------------------
+# sam_128_bit_key_expansion()
+#
+# Byte based key expansion for 128 bit keys by Sam Trenholme:
+# http://www.samiam.org/key-schedule.html
+#
+# the key here should be supplied as an array of bytes.
+# The array will be updated during processing.
+#-------------------------------------------------------------------
+def sam_128_bit_key_expansion(key):
+    t = [0] * 4
+    expkey = [0x0] * (11 * 16)
+    expkey[0:15] = key[:]
+
+    # c is 16 because the first sub-key is the user-supplied key
+    c = 16;
+    i = 1;
+
+    # We need 11 sets of sixteen bytes each for 128-bit mode
+    # 11 * 16 = 176
+    while (c < 176):
+        # Copy the temporary variable over from the last 4-byte block
+        for a in range(4):
+            t[a] = expkey[a + c - 4]
+
+        # Every four blocks (of four bytes), do a complex calculation */
+        if (c % 16 == 0):
+            t = sam_schedule_core(t, i)
+        i += 1
+
+        # New key is old key xored with the copied and possibly
+        # transformed word.
+        for a in range(4):
+            expkey[c] = expkey[c - 16] ^ t[a]
+        c += 1
+
+    return expkey
+
+
+#-------------------------------------------------------------------
+# sam_192_bit_key_expansion()
+#
+# Byte based key expansion for 192 bit keys by Sam Trenholme:
+# http://www.samiam.org/key-schedule.html
+#-------------------------------------------------------------------
+def sam_192_bit_key_expansion(key):
+    pass
+#void expand_key(unsigned char *key) {
+#        unsigned char t[4];
+#        unsigned char c = 24;
+#	unsigned char i = 1;
+#        unsigned char a;
+#        while(c < 208) {
+#                /* Copy the temporary variable over */
+#                for(a = 0; a < 4; a++)
+#                        t[a] = key[a + c - 4];
+#                /* Every six sets, do a complex calculation */
+#                if(c % 24 == 0) {
+#                        schedule_code(t,i);
+#			i++;
+#		}
+#                for(a = 0; a < 4; a++) {
+#                        key[c] = key[c - 24] ^ t[a];
+#                        c++;
+#                }
+#        }
+#}
+
+
+
+
+#-------------------------------------------------------------------
+# sam_256_bit_key_expansion()
+#
+# Byte based key expansion for 256 bit keys by Sam Trenholme:
+# http://www.samiam.org/key-schedule.html
+#-------------------------------------------------------------------
+def sam_256_bit_key_expansion(key):
+    pass
+#void expand_key(unsigned char *key) {
+#        unsigned char t[4];
+#        unsigned char c = 32;
+#	unsigned char i = 1;
+#        unsigned char a;
+#        while(c < 240) {
+#                /* Copy the temporary variable over */
+#                for(a = 0; a < 4; a++)
+#                        t[a] = key[a + c - 4];
+#                /* Every eight sets, do a complex calculation */
+#                if(c % 32 == 0) {
+#                        schedule_core(t,i);
+#			i++;
+#		}
+#                /* For 256-bit keys, we add an extra sbox to the
+#                 * calculation */
+#                if(c % 32 == 16) {
+#                        for(a = 0; a < 4; a++)
+#                                t[a] = sbox(t[a]);
+#                }
+#                for(a = 0; a < 4; a++) {
+#                        key[c] = key[c - 32] ^ t[a];
+#                        c++;
+#                }
+#        }
+#}
+
+
+#-------------------------------------------------------------------
+# print_bytekeys()
+#
+# Print a set of round keys given as an array of bytes.
+#-------------------------------------------------------------------
+def print_bytekeys(keys):
+    i = 0
+    print("Number of round keys: %d" % (int(len(keys) / 16)))
+    while i < (len(keys) - 1):
+        for j in range(16):
+            print("0x%02x " % keys[i + j], end="")
+        print("")
+        i += 16
+
+
+#-------------------------------------------------------------------
+# test_key()
+#
+# Generate round keys for a given key and compare them to
+# the given expected round keys.
+#-------------------------------------------------------------------
+def test_key(key, expected):
+    if len(key) not in [4, 6, 8]:
+        print("Error: Key is %d bits, not 128, 192 or 256 bits" % (len(key) * 32))
+        return
+
+    generated = key_gen(key)
+
+    if (len(generated) != len(expected)):
+        print("Error: Incorrect number of keys generated.")
+        print("Expected number of round keys: %d" % len(expected))
+        print("Got number of round keys:      %d" % len(generated))
+
+    for i in range(len(generated)):
+        exp = expected[i]
+        got = generated[i]
+        if (exp != got):
+            print("Error: Error in round key %d." % i)
+            (e0, e1, e2, e3) = exp
+            (g0, g1, g2, g3) = got
+            print("Expected: 0x%08x 0x%08x 0x%08x 0x%08x"\
+                  % (e0, e1, e2, e3))
+            print("Got:      0x%08x 0x%08x 0x%08x 0x%08x"\
+                  % (g0, g1, g2, g3))
+
+
+#-------------------------------------------------------------------
+# test_key_expansion()
+#
+# Perform key expansion tests.
+# The test keys and expected round keys are taken from:
+# http://www.samiam.org/key-schedule.html
+#-------------------------------------------------------------------
+def test_key_expansion():
+    # recon-test
+    print("rcon test:")
+    for i in range(20):
+        print("rcon %02d = 0x%02x" % (i, sam_rcon(i)))
+
+    # Test of sam-implementations.
+    sam_key128_1 = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]
+
+    my_expkey = sam_128_bit_key_expansion(sam_key128_1)
+    print_bytekeys(my_expkey)
+
+
+    # 128 bit keys.
+#    key128_1 = (0x00000000, 0x00000000, 0x00000000, 0x00000000)
+#    exp128_1 = ((0x00000000, 0x00000000, 0x00000000, 0x00000000),
+#                (0x62636363, 0x62636363, 0x62636363, 0x62636363),
+#                (0x9b9898c9, 0xf9fbfbaa, 0x9b9898c9, 0xf9fbfbaa),
+#                (0x90973450, 0x696ccffa, 0xf2f45733, 0x0b0fac99),
+#                (0xee06da7b, 0x876a1581, 0x759e42b2, 0x7e91ee2b),
+#                (0x7f2e2b88, 0xf8443e09, 0x8dda7cbb, 0xf34b9290),
+#                (0xec614b85, 0x1425758c, 0x99ff0937, 0x6ab49ba7),
+#                (0x21751787, 0x3550620b, 0xacaf6b3c, 0xc61bf09b),
+#                (0x0ef90333, 0x3ba96138, 0x97060a04, 0x511dfa9f),
+#                (0xb1d4d8e2, 0x8a7db9da, 0x1d7bb3de, 0x4c664941),
+#                (0xb4ef5bcb, 0x3e92e211, 0x23e951cf, 0x6f8f188e))
+#
+#    key128_2 = (0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff)
+#    exp128_2 = ((0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff),
+#                (0xe8e9e9e9, 0x17161616, 0xe8e9e9e9, 0x17161616),
+#                (0xadaeae19, 0xbab8b80f, 0x525151e6, 0x454747f0),
+#                (0x090e2277, 0xb3b69a78, 0xe1e7cb9e, 0xa4a08c6e),
+#                (0xe16abd3e, 0x52dc2746, 0xb33becd8, 0x179b60b6),
+#                (0xe5baf3ce, 0xb766d488, 0x045d3850, 0x13c658e6),
+#                (0x71d07db3, 0xc6b6a93b, 0xc2eb916b, 0xd12dc98d),
+#                (0xe90d208d, 0x2fbb89b6, 0xed5018dd, 0x3c7dd150),
+#                (0x96337366, 0xb988fad0, 0x54d8e20d, 0x68a5335d),
+#                (0x8bf03f23, 0x3278c5f3, 0x66a027fe, 0x0e0514a3),
+#                (0xd60a3588, 0xe472f07b, 0x82d2d785, 0x8cd7c326))
+#
+#    key128_3 = (0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f)
+#    exp128_3 = ((0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f),
+#                (0xd6aa74fd, 0xd2af72fa, 0xdaa678f1, 0xd6ab76fe),
+#                (0xb692cf0b, 0x643dbdf1, 0xbe9bc500, 0x6830b3fe),
+#                (0xb6ff744e, 0xd2c2c9bf, 0x6c590cbf, 0x0469bf41),
+#                (0x47f7f7bc, 0x95353e03, 0xf96c32bc, 0xfd058dfd),
+#                (0x3caaa3e8, 0xa99f9deb, 0x50f3af57, 0xadf622aa),
+#                (0x5e390f7d, 0xf7a69296, 0xa7553dc1, 0x0aa31f6b),
+#                (0x14f9701a, 0xe35fe28c, 0x440adf4d, 0x4ea9c026),
+#                (0x47438735, 0xa41c65b9, 0xe016baf4, 0xaebf7ad2),
+#                (0x549932d1, 0xf0855768, 0x1093ed9c, 0xbe2c974e),
+#                (0x13111d7f, 0xe3944a17, 0xf307a78b, 0x4d2b30c5))
+#
+#    key128_4 = (0x6920e299, 0xa5202a6d, 0x656e6368, 0x69746f2a)
+#    exp128_4 = ((0x6920e299, 0xa5202a6d, 0x656e6368, 0x69746f2a),
+#                (0xfa880760, 0x5fa82d0d, 0x3ac64e65, 0x53b2214f),
+#                (0xcf75838d, 0x90ddae80, 0xaa1be0e5, 0xf9a9c1aa),
+#                (0x180d2f14, 0x88d08194, 0x22cb6171, 0xdb62a0db),
+#                (0xbaed96ad, 0x323d1739, 0x10f67648, 0xcb94d693),
+#                (0x881b4ab2, 0xba265d8b, 0xaad02bc3, 0x6144fd50),
+#                (0xb34f195d, 0x096944d6, 0xa3b96f15, 0xc2fd9245),
+#                (0xa7007778, 0xae6933ae, 0x0dd05cbb, 0xcf2dcefe),
+#                (0xff8bccf2, 0x51e2ff5c, 0x5c32a3e7, 0x931f6d19),
+#                (0x24b7182e, 0x7555e772, 0x29674495, 0xba78298c),
+#                (0xae127cda, 0xdb479ba8, 0xf220df3d, 0x4858f6b1))
+#
+#    # 192 bit keys.
+#    key192_1 = (0x00000000, 0x00000000, 0x00000000,
+#                0x00000000, 0x00000000, 0x00000000)
+#    exp192_1 = ((0x00000000, 0x00000000, 0x00000000, 0x00000000),
+#                (0x00000000, 0x00000000, 0x62636363, 0x62636363),
+#                (0x62636363, 0x62636363, 0x62636363, 0x62636363),
+#                (0x9b9898c9, 0xf9fbfbaa, 0x9b9898c9, 0xf9fbfbaa),
+#                (0x9b9898c9, 0xf9fbfbaa, 0x90973450, 0x696ccffa),
+#                (0xf2f45733, 0x0b0fac99, 0x90973450, 0x696ccffa),
+#                (0xc81d19a9, 0xa171d653, 0x53858160, 0x588a2df9),
+#                (0xc81d19a9, 0xa171d653, 0x7bebf49b, 0xda9a22c8),
+#                (0x891fa3a8, 0xd1958e51, 0x198897f8, 0xb8f941ab),
+#                (0xc26896f7, 0x18f2b43f, 0x91ed1797, 0x407899c6),
+#                (0x59f00e3e, 0xe1094f95, 0x83ecbc0f, 0x9b1e0830),
+#                (0x0af31fa7, 0x4a8b8661, 0x137b885f, 0xf272c7ca),
+#                (0x432ac886, 0xd834c0b6, 0xd2c7df11, 0x984c5970))
+#
+#    key192_2 = (0xffffffff, 0xffffffff, 0xffffffff,
+#                0xffffffff, 0xffffffff, 0xffffffff)
+#    exp192_2 = ((0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff),
+#                (0xffffffff, 0xffffffff, 0xe8e9e9e9, 0x17161616),
+#                (0xe8e9e9e9, 0x17161616, 0xe8e9e9e9, 0x17161616),
+#                (0xadaeae19, 0xbab8b80f, 0x525151e6, 0x454747f0),
+#                (0xadaeae19, 0xbab8b80f, 0xc5c2d8ed, 0x7f7a60e2),
+#                (0x2d2b3104, 0x686c76f4, 0xc5c2d8ed, 0x7f7a60e2),
+#                (0x1712403f, 0x686820dd, 0x454311d9, 0x2d2f672d),
+#                (0xe8edbfc0, 0x9797df22, 0x8f8cd3b7, 0xe7e4f36a),
+#                (0xa2a7e2b3, 0x8f88859e, 0x67653a5e, 0xf0f2e57c),
+#                (0x2655c33b, 0xc1b13051, 0x6316d2e2, 0xec9e577c),
+#                (0x8bfb6d22, 0x7b09885e, 0x67919b1a, 0xa620ab4b),
+#                (0xc53679a9, 0x29a82ed5, 0xa25343f7, 0xd95acba9),
+#                (0x598e482f, 0xffaee364, 0x3a989acd, 0x1330b418))
+#
+#    key192_3 = (0x00010203, 0x04050607, 0x08090a0b,
+#                0x0c0d0e0f, 0x10111213, 0x14151617)
+#    exp192_3 = ((0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f),
+#                (0x10111213, 0x14151617, 0x5846f2f9, 0x5c43f4fe),
+#                (0x544afef5, 0x5847f0fa, 0x4856e2e9, 0x5c43f4fe),
+#                (0x40f949b3, 0x1cbabd4d, 0x48f043b8, 0x10b7b342),
+#                (0x58e151ab, 0x04a2a555, 0x7effb541, 0x6245080c),
+#                (0x2ab54bb4, 0x3a02f8f6, 0x62e3a95d, 0x66410c08),
+#                (0xf5018572, 0x97448d7e, 0xbdf1c6ca, 0x87f33e3c),
+#                (0xe5109761, 0x83519b69, 0x34157c9e, 0xa351f1e0),
+#                (0x1ea0372a, 0x99530916, 0x7c439e77, 0xff12051e),
+#                (0xdd7e0e88, 0x7e2fff68, 0x608fc842, 0xf9dcc154),
+#                (0x859f5f23, 0x7a8d5a3d, 0xc0c02952, 0xbeefd63a),
+#                (0xde601e78, 0x27bcdf2c, 0xa223800f, 0xd8aeda32),
+#                (0xa4970a33, 0x1a78dc09, 0xc418c271, 0xe3a41d5d))
+#
+#    # 256 bit keys.
+#    key256_1 = (0x00000000, 0x00000000, 0x00000000, 0x00000000,
+#                0x00000000, 0x00000000, 0x00000000, 0x0000000)
+#    exp256_1 = ((0x00000000, 0x00000000, 0x00000000, 0x00000000),
+#                (0x00000000, 0x00000000, 0x00000000, 0x00000000),
+#                (0x62636363, 0x62636363, 0x62636363, 0x62636363),
+#                (0xaafbfbfb, 0xaafbfbfb, 0xaafbfbfb, 0xaafbfbfb),
+#                (0x6f6c6ccf, 0x0d0f0fac, 0x6f6c6ccf, 0x0d0f0fac),
+#                (0x7d8d8d6a, 0xd7767691, 0x7d8d8d6a, 0xd7767691),
+#                (0x5354edc1, 0x5e5be26d, 0x31378ea2, 0x3c38810e),
+#                (0x968a81c1, 0x41fcf750, 0x3c717a3a, 0xeb070cab),
+#                (0x9eaa8f28, 0xc0f16d45, 0xf1c6e3e7, 0xcdfe62e9),
+#                (0x2b312bdf, 0x6acddc8f, 0x56bca6b5, 0xbdbbaa1e),
+#                (0x6406fd52, 0xa4f79017, 0x553173f0, 0x98cf1119),
+#                (0x6dbba90b, 0x07767584, 0x51cad331, 0xec71792f),
+#                (0xe7b0e89c, 0x4347788b, 0x16760b7b, 0x8eb91a62),
+#                (0x74ed0ba1, 0x739b7e25, 0x2251ad14, 0xce20d43b),
+#                (0x10f80a17, 0x53bf729c, 0x45c979e7, 0xcb706385))
+#
+#    key256_2 = (0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff,
+#                0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff)
+#    exp256_2 = ((0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff),
+#                (0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff),
+#                (0xe8e9e9e9, 0x17161616, 0xe8e9e9e9, 0x17161616),
+#                (0x0fb8b8b8, 0xf0474747, 0x0fb8b8b8, 0xf0474747),
+#                (0x4a494965, 0x5d5f5f73, 0xb5b6b69a, 0xa2a0a08c),
+#                (0x355858dc, 0xc51f1f9b, 0xcaa7a723, 0x3ae0e064),
+#                (0xafa80ae5, 0xf2f75596, 0x4741e30c, 0xe5e14380),
+#                (0xeca04211, 0x29bf5d8a, 0xe318faa9, 0xd9f81acd),
+#                (0xe60ab7d0, 0x14fde246, 0x53bc014a, 0xb65d42ca),
+#                (0xa2ec6e65, 0x8b5333ef, 0x684bc946, 0xb1b3d38b),
+#                (0x9b6c8a18, 0x8f91685e, 0xdc2d6914, 0x6a702bde),
+#                (0xa0bd9f78, 0x2beeac97, 0x43a565d1, 0xf216b65a),
+#                (0xfc223491, 0x73b35ccf, 0xaf9e35db, 0xc5ee1e05),
+#                (0x0695ed13, 0x2d7b4184, 0x6ede2455, 0x9cc8920f),
+#                (0x546d424f, 0x27de1e80, 0x88402b5b, 0x4dae355e))
+#
+#    key256_3 = (0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f,
+#                0x10111213, 0x14151617, 0x18191a1b, 0x1c1d1e1f)
+#    exp256_3 = ((0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f),
+#                (0x10111213, 0x14151617, 0x18191a1b, 0x1c1d1e1f),
+#                (0xa573c29f, 0xa176c498, 0xa97fce93, 0xa572c09c),
+#                (0x1651a8cd, 0x0244beda, 0x1a5da4c1, 0x0640bade),
+#                (0xae87dff0, 0x0ff11b68, 0xa68ed5fb, 0x03fc1567),
+#                (0x6de1f148, 0x6fa54f92, 0x75f8eb53, 0x73b8518d),
+#                (0xc656827f, 0xc9a79917, 0x6f294cec, 0x6cd5598b),
+#                (0x3de23a75, 0x524775e7, 0x27bf9eb4, 0x5407cf39),
+#                (0x0bdc905f, 0xc27b0948, 0xad5245a4, 0xc1871c2f),
+#                (0x45f5a660, 0x17b2d387, 0x300d4d33, 0x640a820a),
+#                (0x7ccff71c, 0xbeb4fe54, 0x13e6bbf0, 0xd261a7df),
+#                (0xf01afafe, 0xe7a82979, 0xd7a5644a, 0xb3afe640),
+#                (0x2541fe71, 0x9bf50025, 0x8813bbd5, 0x5a721c0a),
+#                (0x4e5a6699, 0xa9f24fe0, 0x7e572baa, 0xcdf8cdea),
+#                (0x24fc79cc, 0xbf0979e9, 0x371ac23c, 0x6d68de36))
+#
+#    print("*** Test of 128 bit keys: ***")
+#    test_key(key128_1, exp128_1)
+#    test_key(key128_2, exp128_2)
+#    test_key(key128_3, exp128_3)
+#    test_key(key128_4, exp128_4)
+#    print("")
+#
+#    print("*** Test of 192 bit keys: ***")
+#    test_key(key192_1, exp192_1)
+#    test_key(key192_2, exp192_2)
+#    test_key(key192_3, exp192_3)
+#    print("")
+#
+#    print("*** Test of 256 bit keys: ***")
+#    test_key(key256_1, exp256_1)
+#    test_key(key256_2, exp256_2)
+#    test_key(key256_3, exp256_3)
+#    print("")
+
+
+#-------------------------------------------------------------------
+# main()
+#
+# If executed tests the ChaCha class using known test vectors.
+#-------------------------------------------------------------------
+def main():
+    print("Testing the AES key generation")
+    print("==============================")
+    print
+
+    test_key_expansion()
+
+
+#-------------------------------------------------------------------
+# __name__
+# Python thingy which allows the file to be run standalone as
+# well as parsed from within a Python interpreter.
+#-------------------------------------------------------------------
+if __name__=="__main__":
+    # Run the main function.
+    sys.exit(main())
+
+#=======================================================================
+# EOF aes_key_gen.py
+#=======================================================================



More information about the Commits mailing list