From 200274e385ec4f81d017ade4c69e80e424949f26 Mon Sep 17 00:00:00 2001 From: Matteo Brichese Date: Mon, 5 Jun 2017 13:55:00 -0700 Subject: updated readme --- README.md | 2 +- tiny-AES128-C.files | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 tiny-AES128-C.files diff --git a/README.md b/README.md index c261b78..f9aa32f 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ I am using Mentor Graphics free ARM toolchain: This implementation is verified against the data in: -[National Institute of Standards and Technology Special Publication 800-38A 2001 ED](http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf) Appendix F: Example Vectors for Modes of Operation of the AES. +[National Institute of Standards and Technology Special Publication 800-38A 2001 ED](http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf) Appendix F: Example Vectors for Modes of Operation of the AES. All material in this repository is in the public domain. diff --git a/tiny-AES128-C.files b/tiny-AES128-C.files new file mode 100644 index 0000000..ae78f94 --- /dev/null +++ b/tiny-AES128-C.files @@ -0,0 +1,5 @@ +README.md +aes.c +aes.h +test.c +unlicense.txt -- cgit v1.2.3 From c26fb6a5ec330fd790808126f272cb2daa2a7617 Mon Sep 17 00:00:00 2001 From: Matteo Brichese Date: Mon, 5 Jun 2017 17:07:34 -0700 Subject: adding Key Expansion for AES192 and AES256 --- aes.c | 91 +++++++++++++++++++++++++++++++++++++------------------------------ aes.h | 10 +++----- 2 files changed, 55 insertions(+), 46 deletions(-) diff --git a/aes.c b/aes.c index d44d281..bb026fd 100644 --- a/aes.c +++ b/aes.c @@ -37,18 +37,28 @@ NOTE: String length must be evenly divisible by 16byte (str_len % 16 == 0) #include // CBC mode, for memset #include "aes.h" - /*****************************************************************************/ /* Defines: */ /*****************************************************************************/ // The number of columns comprising a state in AES. This is a constant in AES. Value=4 #define Nb 4 -// The number of 32 bit words in a key. -#define Nk 4 -// Key length in bytes [128 bit] -#define KEYLEN 16 -// The number of rounds in AES Cipher. -#define Nr 10 + +#ifdef AES256 + #define Nk 8 + #define KEYLEN 32 + #define Nr 14 + #define keyExpSize 240 +#elif defined(AES192) + #define Nk 6 + #define KEYLEN 24 + #define Nr 12 + #define keyExpSize 208 +#else + #define Nk 4 // The number of 32 bit words in a key. + #define KEYLEN 16 // Key length in bytes + #define Nr 10 // The number of rounds in AES Cipher. + #define keyExpSize 176 +#endif // jcallan@github points out that declaring Multiply as a function // reduces code size considerably with the Keil ARM compiler. @@ -66,7 +76,7 @@ typedef uint8_t state_t[4][4]; static state_t* state; // The array that stores the round keys. -static uint8_t RoundKey[176]; +static uint8_t RoundKey[keyExpSize]; // The Key input to the AES Program static const uint8_t* Key; @@ -116,27 +126,25 @@ static const uint8_t rsbox[256] = 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d }; - // The round constant word array, Rcon[i], contains the values given by // x to th e power (i-1) being powers of x (x is denoted as {02}) in the field GF(2^8) -// Note that i starts at 1, not 0). -static const uint8_t Rcon[255] = { - 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, - 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, - 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, - 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, - 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, - 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, - 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, - 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, - 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, - 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, - 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, - 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, - 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, - 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, - 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, - 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb }; +static const uint8_t Rcon[256] = { + 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, + 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, + 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, + 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, + 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, + 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, + 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, + 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, + 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, + 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, + 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, + 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, + 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, + 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, + 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, + 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d }; /*****************************************************************************/ @@ -155,7 +163,7 @@ static uint8_t getSBoxInvert(uint8_t num) // This function produces Nb(Nr+1) round keys. The round keys are used in each round to decrypt the states. static void KeyExpansion(void) { - uint32_t i, j, k; + uint32_t i, k; uint8_t tempa[4]; // Used for the column/row operations // The first round key is the key itself. @@ -168,15 +176,19 @@ static void KeyExpansion(void) } // All other round keys are found from the previous round keys. - for(; (i < (Nb * (Nr + 1))); ++i) + //i == Nk + for(i = Nk; i < Nb * (Nr + 1); ++i) { - for(j = 0; j < 4; ++j) { - tempa[j]=RoundKey[(i-1) * 4 + j]; + tempa[0]=RoundKey[(i-1) * 4 + 0]; + tempa[1]=RoundKey[(i-1) * 4 + 1]; + tempa[2]=RoundKey[(i-1) * 4 + 2]; + tempa[3]=RoundKey[(i-1) * 4 + 3]; } + if (i % Nk == 0) { - // This function rotates the 4 bytes in a word to the left once. + // This function shifts the 4 bytes in a word to the left once. // [a0,a1,a2,a3] becomes [a1,a2,a3,a0] // Function RotWord() @@ -201,7 +213,8 @@ static void KeyExpansion(void) tempa[0] = tempa[0] ^ Rcon[i/Nk]; } - else if (Nk > 6 && i % Nk == 4) +#ifdef AES256 + if (i % Nk == 4) { // Function Subword() { @@ -211,6 +224,7 @@ static void KeyExpansion(void) tempa[3] = getSBoxValue(tempa[3]); } } +#endif RoundKey[i * 4 + 0] = RoundKey[(i - Nk) * 4 + 0] ^ tempa[0]; RoundKey[i * 4 + 1] = RoundKey[(i - Nk) * 4 + 1] ^ tempa[1]; RoundKey[i * 4 + 2] = RoundKey[(i - Nk) * 4 + 2] ^ tempa[2]; @@ -451,7 +465,7 @@ static void BlockCopy(uint8_t* output, const uint8_t* input) #if defined(ECB) && ECB -void AES128_ECB_encrypt(const uint8_t* input, const uint8_t* key, uint8_t* output) +void AES_ECB_encrypt(const uint8_t* input, const uint8_t* key, uint8_t* output) { // Copy input to output, and work in-memory on output BlockCopy(output, input); @@ -464,7 +478,7 @@ void AES128_ECB_encrypt(const uint8_t* input, const uint8_t* key, uint8_t* outpu Cipher(); } -void AES128_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output) +void AES_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output) { // Copy input to output, and work in-memory on output BlockCopy(output, input); @@ -496,7 +510,7 @@ static void XorWithIv(uint8_t* buf) } } -void AES128_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv) +void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv) { uintptr_t i; uint8_t remainders = length % KEYLEN; /* Remaining bytes in the last non-full block */ @@ -536,7 +550,7 @@ void AES128_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, } } -void AES128_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv) +void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv) { uintptr_t i; uint8_t remainders = length % KEYLEN; /* Remaining bytes in the last non-full block */ @@ -577,7 +591,4 @@ void AES128_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, } } - #endif // #if defined(CBC) && CBC - - diff --git a/aes.h b/aes.h index e86ab7f..b5be559 100644 --- a/aes.h +++ b/aes.h @@ -19,22 +19,20 @@ #endif - #if defined(ECB) && ECB -void AES128_ECB_encrypt(const uint8_t* input, const uint8_t* key, uint8_t *output); -void AES128_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output); +void AES_ECB_encrypt(const uint8_t* input, const uint8_t* key, uint8_t *output); +void AES_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output); #endif // #if defined(ECB) && ECB #if defined(CBC) && CBC -void AES128_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv); -void AES128_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv); +void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv); +void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv); #endif // #if defined(CBC) && CBC - #endif //_AES_H_ -- cgit v1.2.3 From 92c072c7480836ff661edce6f983eeea82559239 Mon Sep 17 00:00:00 2001 From: Matteo Brichese Date: Mon, 5 Jun 2017 17:11:58 -0700 Subject: updated readme --- README.md | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index f9aa32f..46fc00c 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,16 @@ -### Tiny AES128 in C +### Tiny AES in C This is a small and portable implementation of the AES128 ECB and CBC encryption algorithms written in C. The API is very simple and looks like this (I am using C99 ``-style annotated types): ```C -void AES128_ECB_encrypt(uint8_t* input, const uint8_t* key, uint8_t* output); -void AES128_ECB_decrypt(uint8_t* input, const uint8_t* key, uint8_t* output); -void AES128_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv); -void AES128_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv); +void AES_ECB_encrypt(uint8_t* input, const uint8_t* key, uint8_t* output); +void AES_ECB_decrypt(uint8_t* input, const uint8_t* key, uint8_t* output); +void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv); +void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv); ``` +You can choose to use the standard 128b key or 192 by defining AES192 or 256b by defining AES256 - beta You can choose to use one or both of the modes-of-operation, by defining the symbols CBC and ECB. See the header file for clarification. @@ -61,5 +62,3 @@ This implementation is verified against the data in: All material in this repository is in the public domain. - -I am a bit slow to react to pull requests and issues, but I have an ambition to go through all issues sometime in the future and release an API-stable version. -- cgit v1.2.3 From 15d884421e0ff476acb689d210ed1725074b7f3f Mon Sep 17 00:00:00 2001 From: Matteo Brichese Date: Mon, 5 Jun 2017 17:12:56 -0700 Subject: Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 46fc00c..54bfe1e 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ void AES_ECB_decrypt(uint8_t* input, const uint8_t* key, uint8_t* output); void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv); void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv); ``` -You can choose to use the standard 128b key or 192 by defining AES192 or 256b by defining AES256 - beta +You can choose to use the standard 128b key or 192b by defining AES192 or 256b by defining AES256 You can choose to use one or both of the modes-of-operation, by defining the symbols CBC and ECB. See the header file for clarification. -- cgit v1.2.3 From 8bd05297f7516830cbd332fed1097f812e1bb7cc Mon Sep 17 00:00:00 2001 From: Matteo Brichese Date: Mon, 5 Jun 2017 17:13:45 -0700 Subject: Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 54bfe1e..e9f6b1e 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ void AES_ECB_decrypt(uint8_t* input, const uint8_t* key, uint8_t* output); void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv); void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv); ``` -You can choose to use the standard 128b key or 192b by defining AES192 or 256b by defining AES256 +You can choose to use the standard 128b key or 192/256b by defining the symbols AES192 or AES256 You can choose to use one or both of the modes-of-operation, by defining the symbols CBC and ECB. See the header file for clarification. -- cgit v1.2.3 From c440a222f74bd806c805040dd08428655f9e625b Mon Sep 17 00:00:00 2001 From: Matteo Brichese Date: Mon, 5 Jun 2017 17:14:30 -0700 Subject: Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e9f6b1e..9788025 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ You can choose to use the standard 128b key or 192/256b by defining the symbols You can choose to use one or both of the modes-of-operation, by defining the symbols CBC and ECB. See the header file for clarification. -There is no built-in error checking or protection from out-of-bounds memory access errors as a result of malicious input. The two functions AES128_ECB_xxcrypt() do most of the work, and they expect inputs of 128 bit length. +There is no built-in error checking or protection from out-of-bounds memory access errors as a result of malicious input. The two functions AES_ECB_xxcrypt() do most of the work, and they expect inputs of 128 bit length. The module uses around 200 bytes of RAM and 2.5K ROM when compiled for ARM (~2K for Thumb but YMMV). -- cgit v1.2.3 From 52afbab204ff1560c6f5fce365dbc8bd0aa55759 Mon Sep 17 00:00:00 2001 From: Matteo Brichese Date: Mon, 5 Jun 2017 18:36:46 -0700 Subject: cleaning up --- aes.h | 2 ++ test.c | 23 +++++++++++------------ 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/aes.h b/aes.h index b5be559..9c5d786 100644 --- a/aes.h +++ b/aes.h @@ -18,6 +18,8 @@ #define ECB 1 #endif +#define AES128 + #if defined(ECB) && ECB diff --git a/test.c b/test.c index a95d52f..b15c223 100644 --- a/test.c +++ b/test.c @@ -25,7 +25,7 @@ int main(void) test_decrypt_ecb(); test_encrypt_ecb(); test_encrypt_ecb_verbose(); - + return 0; } @@ -74,7 +74,7 @@ static void test_encrypt_ecb_verbose(void) printf("ciphertext:\n"); for(i = 0; i < 4; ++i) { - AES128_ECB_encrypt(plain_text + (i*16), key, buf+(i*16)); + AES_ECB_encrypt(plain_text + (i*16), key, buf+(i*16), 16); phex(buf + (i*16)); } printf("\n"); @@ -88,7 +88,7 @@ static void test_encrypt_ecb(void) uint8_t out[] = {0x3a, 0xd7, 0x7b, 0xb4, 0x0d, 0x7a, 0x36, 0x60, 0xa8, 0x9e, 0xca, 0xf3, 0x24, 0x66, 0xef, 0x97}; uint8_t buffer[16]; - AES128_ECB_encrypt(in, key, buffer); + AES_ECB_encrypt(in, key, buffer, 16); printf("ECB decrypt: "); @@ -110,7 +110,7 @@ static void test_decrypt_cbc(void) uint8_t iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; uint8_t in[] = { 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46, 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d, 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee, 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2, - 0x73, 0xbe, 0xd6, 0xb8, 0xe3, 0xc1, 0x74, 0x3b, 0x71, 0x16, 0xe6, 0x9e, 0x22, 0x22, 0x95, 0x16, + 0x73, 0xbe, 0xd6, 0xb8, 0xe3, 0xc1, 0x74, 0x3b, 0x71, 0x16, 0xe6, 0x9e, 0x22, 0x22, 0x95, 0x16, 0x3f, 0xf1, 0xca, 0xa1, 0x68, 0x1f, 0xac, 0x09, 0x12, 0x0e, 0xca, 0x30, 0x75, 0x86, 0xe1, 0xa7 }; uint8_t out[] = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, @@ -118,10 +118,10 @@ static void test_decrypt_cbc(void) 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; uint8_t buffer[64]; - AES128_CBC_decrypt_buffer(buffer+0, in+0, 16, key, iv); - AES128_CBC_decrypt_buffer(buffer+16, in+16, 16, 0, 0); - AES128_CBC_decrypt_buffer(buffer+32, in+32, 16, 0, 0); - AES128_CBC_decrypt_buffer(buffer+48, in+48, 16, 0, 0); + AES_CBC_decrypt_buffer(buffer+0, in+0, 16, key, iv); + AES_CBC_decrypt_buffer(buffer+16, in+16, 16, 0, 0); + AES_CBC_decrypt_buffer(buffer+32, in+32, 16, 0, 0); + AES_CBC_decrypt_buffer(buffer+48, in+48, 16, 0, 0); printf("CBC decrypt: "); @@ -145,11 +145,11 @@ static void test_encrypt_cbc(void) 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; uint8_t out[] = { 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46, 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d, 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee, 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2, - 0x73, 0xbe, 0xd6, 0xb8, 0xe3, 0xc1, 0x74, 0x3b, 0x71, 0x16, 0xe6, 0x9e, 0x22, 0x22, 0x95, 0x16, + 0x73, 0xbe, 0xd6, 0xb8, 0xe3, 0xc1, 0x74, 0x3b, 0x71, 0x16, 0xe6, 0x9e, 0x22, 0x22, 0x95, 0x16, 0x3f, 0xf1, 0xca, 0xa1, 0x68, 0x1f, 0xac, 0x09, 0x12, 0x0e, 0xca, 0x30, 0x75, 0x86, 0xe1, 0xa7 }; uint8_t buffer[64]; - AES128_CBC_encrypt_buffer(buffer, in, 64, key, iv); + AES_CBC_encrypt_buffer(buffer, in, 64, key, iv); printf("CBC encrypt: "); @@ -171,7 +171,7 @@ static void test_decrypt_ecb(void) uint8_t out[] = {0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a}; uint8_t buffer[16]; - AES128_ECB_decrypt(in, key, buffer); + AES_ECB_decrypt(in, key, buffer, 16); printf("ECB decrypt: "); @@ -185,4 +185,3 @@ static void test_decrypt_ecb(void) } } - -- cgit v1.2.3 From 20894622729c9cfbde2fb1f6fcbfead473ef843b Mon Sep 17 00:00:00 2001 From: Matteo Brichese Date: Tue, 6 Jun 2017 11:10:33 -0700 Subject: adding aes256 aes192 options --- aes.c | 36 ++++++++-------------- aes.h | 7 ++--- test.c | 106 ++++++++++++++++++++++++++++++++++++++++++++++++++++------------- 3 files changed, 101 insertions(+), 48 deletions(-) diff --git a/aes.c b/aes.c index bb026fd..3171cdc 100644 --- a/aes.c +++ b/aes.c @@ -448,16 +448,6 @@ static void InvCipher(void) AddRoundKey(0); } -static void BlockCopy(uint8_t* output, const uint8_t* input) -{ - uint8_t i; - for (i=0;i Date: Tue, 6 Jun 2017 11:36:11 -0700 Subject: Encrypt CBC works --- aes.c | 40 ++++++++++++++++++++-------------------- aes.h | 2 +- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/aes.c b/aes.c index 3171cdc..6a2a531 100644 --- a/aes.c +++ b/aes.c @@ -503,9 +503,9 @@ static void XorWithIv(uint8_t* buf) void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv) { uintptr_t i; - uint8_t remainders = length % KEYLEN; /* Remaining bytes in the last non-full block */ + uint8_t extra = length % 16; /* Remaining bytes in the last non-full block */ - memcpy(output, input, KEYLEN); + memcpy(output, input, 16); state = (state_t*)output; // Skip the key expansion if key is passed as 0 @@ -520,21 +520,22 @@ void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co Iv = (uint8_t*)iv; } - for(i = 0; i < length-remainders; i += KEYLEN) + for(i = 0; i < length; i += 16) { XorWithIv(input); - memcpy(output, input, KEYLEN); + memcpy(output, input, 16); state = (state_t*)output; Cipher(); Iv = output; - input += KEYLEN; - output += KEYLEN; + input += 16; + output += 16; + //printf("Step %d - %d", i/16, i); } - if(remainders) + if(extra) { - memcpy(output, input, remainders); - //memset(output + remainders, 0, KEYLEN - remainders); /* add 0-padding */ + printf("NONO\n"); + memcpy(output, input, extra); state = (state_t*)output; Cipher(); } @@ -543,11 +544,11 @@ void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv) { uintptr_t i; - uint8_t remainders = length % KEYLEN; /* Remaining bytes in the last non-full block */ - - memcpy(output, input, KEYLEN); - state = (state_t*)output; + uint8_t extra = length % 16; /* Remaining bytes in the last non-full block */ + memcpy(output, input, 16); + state = (state_t*)output; + // Skip the key expansion if key is passed as 0 if(0 != key) { @@ -561,21 +562,20 @@ void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co Iv = (uint8_t*)iv; } - for(i = 0; i < length; i += KEYLEN) + for(i = 0; i < length; i += 16) { - memcpy(output, input, KEYLEN); + memcpy(output, input, 16); state = (state_t*)output; InvCipher(); XorWithIv(output); Iv = input; - input += KEYLEN; - output += KEYLEN; + input += 16; + output += 16; } - if(remainders) + if(extra) { - memcpy(output, input, KEYLEN); - memset(output+remainders, 0, KEYLEN - remainders); /* add 0-padding */ + memcpy(output, input, extra); state = (state_t*)output; InvCipher(); } diff --git a/aes.h b/aes.h index 1c8af6c..15b504e 100644 --- a/aes.h +++ b/aes.h @@ -18,7 +18,7 @@ #define ECB 1 #endif -#define AES256 +#define AES128 #if defined(ECB) && ECB -- cgit v1.2.3 From c1c5fb1974203abf974d6ad359f22dd64b203e45 Mon Sep 17 00:00:00 2001 From: Matteo Brichese Date: Tue, 6 Jun 2017 13:33:36 -0700 Subject: added AES192 and 256 --- aes.c | 30 +++++++++++++++--------------- aes.h | 2 +- test.c | 20 +++++++++++++------- 3 files changed, 29 insertions(+), 23 deletions(-) diff --git a/aes.c b/aes.c index 6a2a531..e58498f 100644 --- a/aes.c +++ b/aes.c @@ -42,6 +42,7 @@ NOTE: String length must be evenly divisible by 16byte (str_len % 16 == 0) /*****************************************************************************/ // The number of columns comprising a state in AES. This is a constant in AES. Value=4 #define Nb 4 +#define BLOCKLEN 16 //Block length in bytes AES is 128b block only #ifdef AES256 #define Nk 8 @@ -177,7 +178,7 @@ static void KeyExpansion(void) // All other round keys are found from the previous round keys. //i == Nk - for(i = Nk; i < Nb * (Nr + 1); ++i) + for(; i < Nb * (Nr + 1); ++i) { { tempa[0]=RoundKey[(i-1) * 4 + 0]; @@ -494,7 +495,7 @@ void AES_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, static void XorWithIv(uint8_t* buf) { uint8_t i; - for(i = 0; i < 16; ++i) //WAS for(i = 0; i < KEYLEN; ++i) but the block in AES is always 128bit so 16 bytes! + for(i = 0; i < BLOCKLEN; ++i) //WAS for(i = 0; i < KEYLEN; ++i) but the block in AES is always 128bit so 16 bytes! { buf[i] ^= Iv[i]; } @@ -503,9 +504,9 @@ static void XorWithIv(uint8_t* buf) void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv) { uintptr_t i; - uint8_t extra = length % 16; /* Remaining bytes in the last non-full block */ + uint8_t extra = length % BLOCKLEN; /* Remaining bytes in the last non-full block */ - memcpy(output, input, 16); + memcpy(output, input, BLOCKLEN); state = (state_t*)output; // Skip the key expansion if key is passed as 0 @@ -520,21 +521,20 @@ void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co Iv = (uint8_t*)iv; } - for(i = 0; i < length; i += 16) + for(i = 0; i < length; i += BLOCKLEN) { XorWithIv(input); - memcpy(output, input, 16); + memcpy(output, input, BLOCKLEN); state = (state_t*)output; Cipher(); Iv = output; - input += 16; - output += 16; + input += BLOCKLEN; + output += BLOCKLEN; //printf("Step %d - %d", i/16, i); } if(extra) { - printf("NONO\n"); memcpy(output, input, extra); state = (state_t*)output; Cipher(); @@ -544,9 +544,9 @@ void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv) { uintptr_t i; - uint8_t extra = length % 16; /* Remaining bytes in the last non-full block */ + uint8_t extra = length % BLOCKLEN; /* Remaining bytes in the last non-full block */ - memcpy(output, input, 16); + memcpy(output, input, BLOCKLEN); state = (state_t*)output; // Skip the key expansion if key is passed as 0 @@ -562,15 +562,15 @@ void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co Iv = (uint8_t*)iv; } - for(i = 0; i < length; i += 16) + for(i = 0; i < length; i += BLOCKLEN) { - memcpy(output, input, 16); + memcpy(output, input, BLOCKLEN); state = (state_t*)output; InvCipher(); XorWithIv(output); Iv = input; - input += 16; - output += 16; + input += BLOCKLEN; + output += BLOCKLEN; } if(extra) diff --git a/aes.h b/aes.h index 15b504e..624b4ab 100644 --- a/aes.h +++ b/aes.h @@ -6,7 +6,7 @@ // #define the macros below to 1/0 to enable/disable the mode of operation. // -// CBC enables AES128 encryption in CBC-mode of operation and handles 0-padding. +// CBC enables AES encryption in CBC-mode of operation. // ECB enables the basic ECB 16-byte block algorithm. Both can be enabled simultaneously. // The #ifndef-guard allows it to be configured before #include'ing or at compile time. diff --git a/test.c b/test.c index baf2219..8900e91 100644 --- a/test.c +++ b/test.c @@ -20,13 +20,18 @@ static void test_decrypt_cbc(void); int main(void) { + #ifdef AES128 - printf("\nAES128\n\n"); + printf("\nTesting AES128\n\n"); #elif defined(AES192) - printf("\nAES192\n\n"); + printf("\nTesting AES192\n\n"); #elif defined(AES256) - printf("\nAES256\n\n"); + printf("\nTesting AES256\n\n"); +#else + printf("You need to specify a symbol between AES128, AES192 or AES256. Exiting"); + return 0; #endif + test_encrypt_cbc(); test_decrypt_cbc(); test_decrypt_ecb(); @@ -151,12 +156,13 @@ static void test_decrypt_cbc(void) 0x39, 0xf2, 0x33, 0x69, 0xa9, 0xd9, 0xba, 0xcf, 0xa5, 0x30, 0xe2, 0x63, 0x04, 0x23, 0x14, 0x61, 0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc, 0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b }; #endif - uint8_t iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; + uint8_t iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; uint8_t out[] = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, - 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, - 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, + 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, + 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; uint8_t buffer[64]; + uint8_t buffer2[64]; AES_CBC_decrypt_buffer(buffer, in, 64, key, iv); -- cgit v1.2.3 From ebef7abf98f48e816d58e78b698e3c58af119a7d Mon Sep 17 00:00:00 2001 From: Matteo Brichese Date: Tue, 6 Jun 2017 13:37:28 -0700 Subject: fix --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9788025..374a02c 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ ### Tiny AES in C -This is a small and portable implementation of the AES128 ECB and CBC encryption algorithms written in C. +This is a small and portable implementation of the AES ECB and CBC encryption algorithms written in C. The API is very simple and looks like this (I am using C99 ``-style annotated types): -- cgit v1.2.3 From 265d6bce6b62eba3b60e99a3dd8bac0f52d6dfe1 Mon Sep 17 00:00:00 2001 From: Matteo Brichese Date: Tue, 6 Jun 2017 13:51:50 -0700 Subject: removing unused buffer --- test.c | 1 - 1 file changed, 1 deletion(-) diff --git a/test.c b/test.c index 8900e91..8908773 100644 --- a/test.c +++ b/test.c @@ -162,7 +162,6 @@ static void test_decrypt_cbc(void) 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; uint8_t buffer[64]; - uint8_t buffer2[64]; AES_CBC_decrypt_buffer(buffer, in, 64, key, iv); -- cgit v1.2.3 From 00f1f9218f9618475532507c48628ee540841f4d Mon Sep 17 00:00:00 2001 From: Matteo Brichese Date: Fri, 7 Jul 2017 15:21:08 -0700 Subject: removed unecessary blockcopy --- aes.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/aes.c b/aes.c index e58498f..66dc4f6 100644 --- a/aes.c +++ b/aes.c @@ -506,8 +506,8 @@ void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co uintptr_t i; uint8_t extra = length % BLOCKLEN; /* Remaining bytes in the last non-full block */ - memcpy(output, input, BLOCKLEN); - state = (state_t*)output; + //memcpy(output, input, BLOCKLEN); + //state = (state_t*)output; // Skip the key expansion if key is passed as 0 if(0 != key) @@ -546,8 +546,8 @@ void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co uintptr_t i; uint8_t extra = length % BLOCKLEN; /* Remaining bytes in the last non-full block */ - memcpy(output, input, BLOCKLEN); - state = (state_t*)output; + //memcpy(output, input, BLOCKLEN); + //state = (state_t*)output; // Skip the key expansion if key is passed as 0 if(0 != key) -- cgit v1.2.3 From 85278d01f6203ba17aff6f596714ae1c1d61cc47 Mon Sep 17 00:00:00 2001 From: Matteo Brichese Date: Fri, 7 Jul 2017 15:21:15 -0700 Subject: removed unecessary blockcopy --- aes.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/aes.c b/aes.c index 66dc4f6..0bafcb0 100644 --- a/aes.c +++ b/aes.c @@ -506,9 +506,6 @@ void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co uintptr_t i; uint8_t extra = length % BLOCKLEN; /* Remaining bytes in the last non-full block */ - //memcpy(output, input, BLOCKLEN); - //state = (state_t*)output; - // Skip the key expansion if key is passed as 0 if(0 != key) { @@ -546,9 +543,6 @@ void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co uintptr_t i; uint8_t extra = length % BLOCKLEN; /* Remaining bytes in the last non-full block */ - //memcpy(output, input, BLOCKLEN); - //state = (state_t*)output; - // Skip the key expansion if key is passed as 0 if(0 != key) { -- cgit v1.2.3