diff options
-rw-r--r-- | aes.c | 247 | ||||
-rw-r--r-- | aes.h | 52 | ||||
-rw-r--r-- | test.c | 29 |
3 files changed, 163 insertions, 165 deletions
@@ -44,23 +44,16 @@ NOTE: String length must be evenly divisible by 16byte (str_len % 16 == 0) /*****************************************************************************/ // The number of columns comprising a state in AES. This is a constant in AES. Value=4 #define Nb 4 -#define BLOCKLEN 16 //Block length in bytes AES is 128b block only #if defined(AES256) && (AES256 == 1) #define Nk 8 - #define KEYLEN 32 #define Nr 14 - #define keyExpSize 240 #elif defined(AES192) && (AES192 == 1) #define Nk 6 - #define KEYLEN 24 #define Nr 12 - #define keyExpSize 208 #else #define Nk 4 // The number of 32 bit words in a key. - #define KEYLEN 16 // Key length in bytes #define Nr 10 // The number of rounds in AES Cipher. - #define keyExpSize 176 #endif // jcallan@github points out that declaring Multiply as a function @@ -71,23 +64,17 @@ NOTE: String length must be evenly divisible by 16byte (str_len % 16 == 0) #endif + + + /*****************************************************************************/ /* Private variables: */ /*****************************************************************************/ // state - array holding the intermediate results during decryption. typedef uint8_t state_t[4][4]; -static state_t* state; -// The array that stores the round keys. -static uint8_t RoundKey[keyExpSize]; -// The Key input to the AES Program -static const uint8_t* Key; -#if defined(CBC) && CBC - // Initial Vector used only for CBC mode - static uint8_t* Iv; -#endif // The lookup-tables are marked const so they can be placed in read-only storage instead of RAM // The numbers below can be computed dynamically trading ROM for RAM - @@ -168,23 +155,30 @@ static const uint8_t Rcon[256] = { /*****************************************************************************/ /* Private functions: */ /*****************************************************************************/ +/* static uint8_t getSBoxValue(uint8_t num) { return sbox[num]; } - +*/ +#define getSBoxValue(num) (sbox[(num)]) +/* static uint8_t getSBoxInvert(uint8_t num) { return rsbox[num]; } +*/ +#define getSBoxInvert(num) (rsbox[(num)]) // This function produces Nb(Nr+1) round keys. The round keys are used in each round to decrypt the states. -static void KeyExpansion(void) +static void KeyExpansion(uint8_t* RoundKey,const uint8_t* Key) { - uint32_t i, k; + unsigned i, j, k; uint8_t tempa[4]; // Used for the column/row operations // The first round key is the key itself. + memcpy(RoundKey,Key,AES_keyExpSize); + /* for (i = 0; i < Nk; ++i) { RoundKey[(i * 4) + 0] = Key[(i * 4) + 0]; @@ -192,16 +186,17 @@ static void KeyExpansion(void) RoundKey[(i * 4) + 2] = Key[(i * 4) + 2]; RoundKey[(i * 4) + 3] = Key[(i * 4) + 3]; } + */ // All other round keys are found from the previous round keys. - //i == Nk - for (; i < Nb * (Nr + 1); ++i) + for (i = Nk; i < Nb * (Nr + 1); ++i) { { - tempa[0]=RoundKey[(i-1) * 4 + 0]; - tempa[1]=RoundKey[(i-1) * 4 + 1]; - tempa[2]=RoundKey[(i-1) * 4 + 2]; - tempa[3]=RoundKey[(i-1) * 4 + 3]; + k=(i-1) * 4; + tempa[0]=RoundKey[k + 0]; + tempa[1]=RoundKey[k + 1]; + tempa[2]=RoundKey[k + 2]; + tempa[3]=RoundKey[k + 3]; } if (i % Nk == 0) @@ -243,16 +238,30 @@ static void KeyExpansion(void) } } #endif - RoundKey[i * 4 + 0] = RoundKey[(i - Nk) * 4 + 0] ^ tempa[0]; - RoundKey[i * 4 + 1] = RoundKey[(i - Nk) * 4 + 1] ^ tempa[1]; - RoundKey[i * 4 + 2] = RoundKey[(i - Nk) * 4 + 2] ^ tempa[2]; - RoundKey[i * 4 + 3] = RoundKey[(i - Nk) * 4 + 3] ^ tempa[3]; + j=i * 4; k=(i - Nk) * 4; + RoundKey[j + 0] = RoundKey[k + 0] ^ tempa[0]; + RoundKey[j + 1] = RoundKey[k + 1] ^ tempa[1]; + RoundKey[j + 2] = RoundKey[k + 2] ^ tempa[2]; + RoundKey[j + 3] = RoundKey[k + 3] ^ tempa[3]; } } +void AES_init_ctx(struct AES_ctx *ctx,const uint8_t* key){ + KeyExpansion(ctx->RoundKey,key); +} +#if defined(CBC) && (CBC == 1) +void AES_init_ctx_iv(struct AES_ctx *ctx,const uint8_t* key,const uint8_t* iv){ + KeyExpansion(ctx->RoundKey,key); + memcpy (ctx->Iv,iv,AES_BLOCKLEN); +} +void AES_ctx_set_iv(struct AES_ctx *ctx,const uint8_t* iv) { + memcpy (ctx->Iv,iv,AES_BLOCKLEN); +} +#endif + // This function adds the round key to state. // The round key is added to the state by an XOR function. -static void AddRoundKey(uint8_t round) +static void AddRoundKey(uint8_t round,state_t *state,uint8_t*RoundKey) { uint8_t i,j; for (i=0;i<4;++i) @@ -266,7 +275,7 @@ static void AddRoundKey(uint8_t round) // The SubBytes Function Substitutes the values in the // state matrix with values in an S-box. -static void SubBytes(void) +static void SubBytes(state_t *state) { uint8_t i, j; for (i = 0; i < 4; ++i) @@ -281,7 +290,7 @@ static void SubBytes(void) // The ShiftRows() function shifts the rows in the state to the left. // Each row is shifted with different offset. // Offset = Row number. So the first row is not shifted. -static void ShiftRows(void) +static void ShiftRows(state_t *state) { uint8_t temp; @@ -315,7 +324,7 @@ static uint8_t xtime(uint8_t x) } // MixColumns function mixes the columns of the state matrix -static void MixColumns(void) +static void MixColumns(state_t *state) { uint8_t i; uint8_t Tmp,Tm,t; @@ -353,7 +362,7 @@ static uint8_t Multiply(uint8_t x, uint8_t y) // MixColumns function mixes the columns of the state matrix. // The method used to multiply may be difficult to understand for the inexperienced. // Please use the references to gain more information. -static void InvMixColumns(void) +static void InvMixColumns(state_t *state) { int i; uint8_t a, b, c, d; @@ -374,7 +383,7 @@ static void InvMixColumns(void) // The SubBytes Function Substitutes the values in the // state matrix with values in an S-box. -static void InvSubBytes(void) +static void InvSubBytes(state_t *state) { uint8_t i,j; for (i = 0; i < 4; ++i) @@ -386,7 +395,7 @@ static void InvSubBytes(void) } } -static void InvShiftRows(void) +static void InvShiftRows(state_t *state) { uint8_t temp; @@ -416,54 +425,54 @@ static void InvShiftRows(void) // Cipher is the main function that encrypts the PlainText. -static void Cipher(void) +static void Cipher(state_t *state,uint8_t*RoundKey) { uint8_t round = 0; // Add the First round key to the state before starting the rounds. - AddRoundKey(0); + AddRoundKey(0,state,RoundKey); // There will be Nr rounds. // The first Nr-1 rounds are identical. // These Nr-1 rounds are executed in the loop below. for (round = 1; round < Nr; ++round) { - SubBytes(); - ShiftRows(); - MixColumns(); - AddRoundKey(round); + SubBytes(state); + ShiftRows(state); + MixColumns(state); + AddRoundKey(round,state,RoundKey); } // The last round is given below. // The MixColumns function is not here in the last round. - SubBytes(); - ShiftRows(); - AddRoundKey(Nr); + SubBytes(state); + ShiftRows(state); + AddRoundKey(Nr,state,RoundKey); } -static void InvCipher(void) +static void InvCipher(state_t *state,uint8_t*RoundKey) { uint8_t round=0; // Add the First round key to the state before starting the rounds. - AddRoundKey(Nr); + AddRoundKey(Nr,state,RoundKey); // There will be Nr rounds. // The first Nr-1 rounds are identical. // These Nr-1 rounds are executed in the loop below. for (round = (Nr - 1); round > 0; --round) { - InvShiftRows(); - InvSubBytes(); - AddRoundKey(round); - InvMixColumns(); + InvShiftRows(state); + InvSubBytes(state); + AddRoundKey(round,state,RoundKey); + InvMixColumns(state); } // The last round is given below. // The MixColumns function is not here in the last round. - InvShiftRows(); - InvSubBytes(); - AddRoundKey(0); + InvShiftRows(state); + InvSubBytes(state); + AddRoundKey(0,state,RoundKey); } @@ -473,30 +482,21 @@ static void InvCipher(void) #if defined(ECB) && (ECB == 1) -void AES_ECB_encrypt(const uint8_t* input, const uint8_t* key, uint8_t* output, const uint32_t length) +void AES_ECB_encrypt(struct AES_ctx *ctx,const uint8_t* input, uint8_t* output) { // Copy input to output, and work in-memory on output - memcpy(output, input, length); - state = (state_t*)output; - - Key = key; - KeyExpansion(); + memcpy(output, input, AES_BLOCKLEN); // The next function call encrypts the PlainText with the Key using AES algorithm. - Cipher(); + Cipher((state_t*)output,ctx->RoundKey); } -void AES_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, const uint32_t length) +void AES_ECB_decrypt(struct AES_ctx *ctx,const uint8_t* input, uint8_t *output) { // Copy input to output, and work in-memory on output - memcpy(output, input, length); - state = (state_t*)output; - - // The KeyExpansion routine must be called before encryption. - Key = key; - KeyExpansion(); - - InvCipher(); + memcpy(output, input, AES_BLOCKLEN); + + InvCipher((state_t*)output,ctx->RoundKey); } @@ -509,89 +509,46 @@ void AES_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, #if defined(CBC) && (CBC == 1) -static void XorWithIv(uint8_t* buf) +static void XorWithIv(uint8_t* buf,uint8_t*Iv) { uint8_t i; - for (i = 0; i < BLOCKLEN; ++i) //WAS for(i = 0; i < KEYLEN; ++i) but the block in AES is always 128bit so 16 bytes! + for (i = 0; i < AES_BLOCKLEN; ++i) //WAS for(i = 0; i < KEYLEN; ++i) but the block in AES is always 128bit so 16 bytes! { buf[i] ^= Iv[i]; } } -void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv) +void AES_CBC_encrypt_buffer(struct AES_ctx *ctx,uint8_t* output, uint8_t* input, uint32_t length) { uintptr_t i; - uint8_t extra = length % BLOCKLEN; /* Remaining bytes in the last non-full block */ - - // Skip the key expansion if key is passed as 0 - if (0 != key) - { - Key = key; - KeyExpansion(); - } - - if (iv != 0) - { - Iv = (uint8_t*)iv; - } - - for (i = 0; i < length; i += BLOCKLEN) + uint8_t *Iv=ctx->Iv; + memcpy(output, input, length); + for (i = 0; i < length; i += AES_BLOCKLEN) { - memcpy(output, input, BLOCKLEN); - XorWithIv(output); - state = (state_t*)output; - Cipher(); + XorWithIv(output,Iv); + Cipher((state_t*)output,ctx->RoundKey); Iv = output; - input += BLOCKLEN; - output += BLOCKLEN; + output += AES_BLOCKLEN; //printf("Step %d - %d", i/16, i); } - - if (extra) - { - memcpy(output, input, extra); - memset((output + extra), 0, (BLOCKLEN - extra)); - XorWithIv(output); - state = (state_t*)output; - Cipher(); - } + //store Iv in ctx for next call + memcpy(ctx->Iv,Iv,AES_BLOCKLEN); } -void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv) +void AES_CBC_decrypt_buffer(struct AES_ctx *ctx, uint8_t* output, uint8_t* input, uint32_t length) { uintptr_t i; - uint8_t extra = length % BLOCKLEN; /* Remaining bytes in the last non-full block */ - - // Skip the key expansion if key is passed as 0 - if (0 != key) - { - Key = key; - KeyExpansion(); - } - - // If iv is passed as 0, we continue to encrypt without re-setting the Iv - if (iv != 0) - { - Iv = (uint8_t*)iv; - } - - for (i = 0; i < length; i += BLOCKLEN) + uint8_t *Iv=ctx->Iv; + memcpy(output, input, length); + for (i = 0; i < length; i += AES_BLOCKLEN) { - memcpy(output, input, BLOCKLEN); - state = (state_t*)output; - InvCipher(); - XorWithIv(output); - Iv = input; - input += BLOCKLEN; - output += BLOCKLEN; + InvCipher((state_t*)output,ctx->RoundKey); + XorWithIv(output,Iv); + Iv = input; //we DO need original input stored here + input += AES_BLOCKLEN; + output += AES_BLOCKLEN; } - if (extra) - { - memcpy(output, input, extra); - state = (state_t*)output; - InvCipher(); - } } #endif // #if defined(CBC) && (CBC == 1) @@ -601,38 +558,34 @@ void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co #if defined(CTR) && (CTR == 1) /* Symmetrical operation: same function for encrypting as for decrypting. Note any IV/nonce should never be reused with the same key */ -void AES_CTR_xcrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* nonce) +void AES_CTR_xcrypt_buffer(struct AES_ctx *ctx,uint8_t* output, uint8_t* input, uint32_t length) { - uint8_t buffer[BLOCKLEN], counter[BLOCKLEN]; - - memcpy(counter, nonce, BLOCKLEN); - Key = key; - KeyExpansion(); + uint8_t buffer[AES_BLOCKLEN]; int j; unsigned i; for (i = 0; i < length; ++i) { - if ((i & (BLOCKLEN - 1)) == 0) + if ((i & (AES_BLOCKLEN - 1)) == 0) //we need to regen xor compliment in buff { - memcpy(buffer, counter, BLOCKLEN); - state = (state_t*)buffer; - Cipher(); + + memcpy(buffer, ctx->Iv, AES_BLOCKLEN); + Cipher((state_t*)buffer,ctx->RoundKey); /* Increment counter and handle overflow */ - for (j = (BLOCKLEN - 1); j >= 0; --j) + for (j = (AES_BLOCKLEN - 1); j >= 0; --j) { - counter[j] += 1; + ctx->Iv[j] += 1; /* Break if no overflow, keep going otherwise */ - if (counter[j] != 0) + if (ctx->Iv[j] != 0) { break; } } } - output[i] = (input[i] ^ buffer[(i & (BLOCKLEN - 1))]); + output[i] = (input[i] ^ buffer[(i & (AES_BLOCKLEN - 1))]); } } @@ -28,26 +28,62 @@ //#define AES192 1 //#define AES256 1 -#if defined(ECB) && (ECB == 1) +#define AES_BLOCKLEN 16 //Block length in bytes AES is 128b block only + +#if defined(AES256) && (AES256 == 1) + #define AES_KEYLEN 32 + #define AES_keyExpSize 240 +#elif defined(AES192) && (AES192 == 1) + #define AES_KEYLEN 24 + #define AES_keyExpSize 208 +#else + #define AES_KEYLEN 16 // Key length in bytes + #define AES_keyExpSize 176 +#endif + +struct AES_ctx { + uint8_t RoundKey[AES_keyExpSize]; + #if (defined(CBC) && (CBC == 1)) || (defined(CTR) && (CTR == 1)) + uint8_t Iv[AES_BLOCKLEN]; + #endif +}; + +void AES_init_ctx(struct AES_ctx *ctx,const uint8_t* key); +#if defined(CBC) && (CBC == 1) +void AES_init_ctx_iv(struct AES_ctx *ctx,const uint8_t* key,const uint8_t* iv); +void AES_ctx_set_iv(struct AES_ctx *ctx,const uint8_t* iv); +#endif -void AES_ECB_encrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, const uint32_t length); -void AES_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, const uint32_t length); +#if defined(ECB) && (ECB == 1) +// buffer size is exactly AES_BLOCKLEN bytes; +// you need only AES_init_ctx as Iv is not used in ECB +// NB: ECB s considered insecure +void AES_ECB_encrypt(struct AES_ctx *ctx, const uint8_t* input, uint8_t *output); +void AES_ECB_decrypt(struct AES_ctx *ctx, const uint8_t* input, uint8_t *output); #endif // #if defined(ECB) && (ECB == !) #if defined(CBC) && (CBC == 1) - -void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv); -void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv); +// buffer size MUST be mutile of AES_BLOCKLEN; +// We suggest https://en.wikipedia.org/wiki/Padding_(cryptography)#PKCS7 if you need one +// you need to set iv in ctx via AES_init_ctx_iv or AES_ctx_set_iv +// NB: no IV should ever be reused with the same key +void AES_CBC_encrypt_buffer(struct AES_ctx *ctx, uint8_t* output, uint8_t* input, uint32_t length); +void AES_CBC_decrypt_buffer(struct AES_ctx *ctx, uint8_t* output, uint8_t* input, uint32_t length); #endif // #if defined(CBC) && (CBC == 1) #if defined(CTR) && (CTR == 1) -/* Same function for encrypting as for decrypting. Note no IV/nonce should ever be reused with the same key */ -void AES_CTR_xcrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* nonce); +// Same function for encrypting as for decrypting. +// iv is incremented for every block, and usesd after encryption as xor compliment for output +// buffer size MUST be mutile of AES_BLOCKLEN; +// We suggest https://en.wikipedia.org/wiki/Padding_(cryptography)#PKCS7 if you need one +// you need to set iv in ctx via AES_init_ctx_iv or AES_ctx_set_iv +// NB: no IV should ever be reused with the same key +void AES_CTR_xcrypt_buffer(struct AES_ctx *ctx, uint8_t* output, uint8_t* input, uint32_t length); #endif // #if defined(CTR) && (CTR == 1) @@ -97,9 +97,11 @@ static void test_encrypt_ecb_verbose(void) // print the resulting cipher as 4 x 16 byte strings printf("ciphertext:\n"); + struct AES_ctx ctx; + AES_init_ctx(&ctx,key); for(i = 0; i < 4; ++i) { - AES_ECB_encrypt(plain_text + (i*16), key, buf+(i*16), 16); + AES_ECB_encrypt(&ctx,plain_text + (i*16), buf+(i*16)); phex(buf + (i*16)); } printf("\n"); @@ -124,7 +126,8 @@ static void test_encrypt_ecb(void) uint8_t in[] = {0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a}; uint8_t buffer[16]; - AES_ECB_encrypt(in, key, buffer, 16); + struct AES_ctx ctx; AES_init_ctx(&ctx,key); + AES_ECB_encrypt(&ctx,in, buffer); printf("ECB encrypt: "); @@ -167,8 +170,9 @@ static void test_decrypt_cbc(void) 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; uint8_t buffer[64]; - - AES_CBC_decrypt_buffer(buffer, in, 64, key, iv); + struct AES_ctx ctx; + AES_init_ctx_iv(&ctx,key,iv); + AES_CBC_decrypt_buffer(&ctx,buffer, in, 64); printf("CBC decrypt: "); @@ -211,8 +215,9 @@ static void test_encrypt_cbc(void) 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; uint8_t buffer[64]; - - AES_CBC_encrypt_buffer(buffer, in, 64, key, iv); + struct AES_ctx ctx; + AES_init_ctx_iv(&ctx,key,iv); + AES_CBC_encrypt_buffer(&ctx,buffer, in, 64); printf("CBC encrypt: "); @@ -266,8 +271,11 @@ static void test_xcrypt_ctr(const char* xcrypt) 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; uint8_t buffer[64]; - - AES_CTR_xcrypt_buffer(buffer, in, 64, key, iv); + + struct AES_ctx ctx; + AES_init_ctx_iv(&ctx,key,iv); + + AES_CTR_xcrypt_buffer(&ctx,buffer, in, 64); printf("CTR %s: ", xcrypt); @@ -299,8 +307,9 @@ static void test_decrypt_ecb(void) uint8_t out[] = {0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a}; uint8_t buffer[16]; - - AES_ECB_decrypt(in, key, buffer, 16); + struct AES_ctx ctx; + AES_init_ctx(&ctx,key); + AES_ECB_decrypt(&ctx,in, buffer); printf("ECB decrypt: "); |