Add optional CTR_SEEK mode functions

- Extends upon the CTR mode by allowing for the user to provide
  an index of a block they want to encrypt/decrypt.
- Add function AES_CTR_xcrypt_block_at_position().
- Add function AES_CTR_xcrypt_block_at_position_extended().
- Should produce exactly the same output as CTR mode
  when used sequentially.
This commit is contained in:
mbenniston 2023-06-22 18:06:19 +01:00
parent f06ac37fc3
commit 36dcc1fa01
4 changed files with 176 additions and 4 deletions

77
aes.c
View File

@ -461,6 +461,42 @@ static void InvCipher(state_t* state, const uint8_t* RoundKey)
}
#endif // #if (defined(CBC) && CBC == 1) || (defined(ECB) && ECB == 1)
#if defined(CTR_SEEK) && (CTR_SEEK == 1)
// Adds two AES_BLOCKLEN sized numbers together
static void AddCounterBlock(const uint8_t* blkLeft, const uint8_t* blkRight, uint8_t* blkOut)
{
uint16_t carry;
int i;
carry = 0;
for (i = AES_BLOCKLEN - 1; i >= 0; --i)
{
uint16_t sum = carry + blkLeft[i] + blkRight[i];
blkOut[i] = sum & 0xFF;
carry = (sum >> 8) & 0xFF;
}
}
// Encodes a size_t into a buffer as little-endian
static void EncodeAsCounterBlock(size_t counter, uint8_t* block)
{
#define NUM_COUNTER_BYTES (sizeof(size_t) < AES_BLOCKLEN ? sizeof(size_t) : sizeof(size_t))
memset(block, 0, AES_BLOCKLEN);
for (int i = 0; i < NUM_COUNTER_BYTES; ++i)
{
int arrayIdx = (AES_BLOCKLEN - 1) - i;
int byteShift = i * 8;
size_t byteMask = (size_t)0xFF << byteShift;
block[arrayIdx] = ((counter & byteMask) >> byteShift) & 0xFF;
}
#undef NUM_COUNTER_BYTES
}
#endif // #if defined(CTR_SEEK) && (CTR_SEEK == 1)
/*****************************************************************************/
/* Public functions: */
/*****************************************************************************/
@ -570,3 +606,44 @@ void AES_CTR_xcrypt_buffer(struct AES_ctx* ctx, uint8_t* buf, size_t length)
#endif // #if defined(CTR) && (CTR == 1)
#if defined(CTR_SEEK) && (CTR_SEEK == 1)
// Applies the same encryption process as AES_CTR_xcrypt_buffer but to a single block from a
// specific position in the stream.
void AES_CTR_xcrypt_block_at_position(const struct AES_ctx* ctx, uint8_t* blkBuf, size_t blkIndex)
{
uint8_t buffer[AES_BLOCKLEN]; // holds block index, Iv at given index then the xor block
int i;
EncodeAsCounterBlock(blkIndex, buffer);
AddCounterBlock(buffer, ctx->Iv, buffer); // add index to Iv
Cipher((state_t*)buffer, ctx->RoundKey); // create xor'able block
for (i = 0; i < AES_BLOCKLEN; ++i)
{
blkBuf[i] = (blkBuf[i] ^ buffer[i]);
}
}
// Because AES_CTR_xcrypt_block_at_position uses size_t for the block index, this function is provided for
// indexing the full size of the stream using an array of bytes representing a little-endian integer which is the index.
void AES_CTR_xcrypt_block_at_position_extended(const struct AES_ctx* ctx, uint8_t* blkBuf, const uint8_t* blkIndexBuf)
{
uint8_t buffer[AES_BLOCKLEN]; // Iv at given index then the xor block
int i;
AddCounterBlock(blkIndexBuf, ctx->Iv, buffer); // add index to Iv
Cipher((state_t*)buffer, ctx->RoundKey); // create xor'able block
for (i = 0; i < AES_BLOCKLEN; ++i)
{
blkBuf[i] = (blkBuf[i] ^ buffer[i]);
}
}
#endif

30
aes.h
View File

@ -8,6 +8,7 @@
//
// CBC enables AES encryption in CBC-mode of operation.
// CTR enables encryption in counter-mode.
// CTR_SEEK enables out of order encryption in counter-mode
// ECB enables the basic ECB 16-byte block algorithm. All can be enabled simultaneously.
// The #ifndef-guard allows it to be configured before #include'ing or at compile time.
@ -23,6 +24,9 @@
#define CTR 1
#endif
#ifndef CTR_SEEK
#define CTR_SEEK 1
#endif
#define AES128 1
//#define AES192 1
@ -88,4 +92,30 @@ void AES_CTR_xcrypt_buffer(struct AES_ctx* ctx, uint8_t* buf, size_t length);
#endif // #if defined(CTR) && (CTR == 1)
#if defined(CTR_SEEK) && (CTR_SEEK == 1)
// Same function for encrypting as for decrypting.
// Similar to AES_CTR_xcrypt_buffer however can be used to encrypt/decrypt specific blocks without
// encrypt/decrypt the previous blocks beforehand.
// 'blkBuf' specifies which block should be encrypted/decrypted
// 'blkIndex' specifies the block to be encrypted/decrypted MUST be of size AES_BLOCKLEN
// Suggesting https://en.wikipedia.org/wiki/Padding_(cryptography)#PKCS7 for padding scheme
// NOTES: you need to set IV in ctx with AES_init_ctx_iv() or AES_ctx_set_iv().
// no IV should ever be reused with the same key.
// blkIndex allows for counters up to maximum size of size_t, for bigger indices use
// AES_CTR_xcrypt_block_at_position_extended().
void AES_CTR_xcrypt_block_at_position(const struct AES_ctx* ctx, uint8_t* blkBuf, size_t blkIndex);
// Same function for encrypting as for decrypting.
// Functions the same as AES_CTR_xcrypt_block_at_position however can be used with streams bigger than size_t
// 'blkIndexBuf' specifies the index of which block to be encrypted/decrypted MUST be of size AES_BLOCKLEN
// and encoded as little-endian.
// Suggesting https://en.wikipedia.org/wiki/Padding_(cryptography)#PKCS7 for padding scheme
// NOTES: you need to set IV in ctx with AES_init_ctx_iv() or AES_ctx_set_iv()
// no IV should ever be reused with the same key
void AES_CTR_xcrypt_block_at_position_extended(const struct AES_ctx* ctx, uint8_t* blkBuf, const uint8_t* blkIndexBuf);
#endif // #if defined(CTR_SEEK) && (CTR_SEEK == 1)
#endif // _AES_H_

View File

@ -33,6 +33,9 @@ class TinyAesCConan(ConanFile):
# enable encryption in counter-mode
"CTR": [True, False],
# enable encryption in counter-mode with seekable counter
"CTR_SEEK": [True, False],
}
options = _options_dict
@ -43,12 +46,13 @@ class TinyAesCConan(ConanFile):
"AES256": False,
"CBC": True,
"ECB": True,
"CTR": True
"CTR": True,
"CTR_SEEK": True
}
def configure(self):
if not self.options.CBC and not self.options.ECB and not self.options.CTR:
raise ConanException("Need to at least specify one of CBC, ECB or CTR modes")
raise ConanException("Need to at least specify one of CBC, ECB, CTR, CTR-SEEK modes")
if not self.options.AES128 and not self.options.AES192 and not self.options.AES256:
raise ConanException("Need to at least specify one of AES{128, 192, 256} modes")

65
test.c
View File

@ -3,10 +3,11 @@
#include <stdint.h>
// Enable ECB, CTR and CBC mode. Note this can be done before including aes.h or at compile-time.
// E.g. with GCC by using the -D flag: gcc -c aes.c -DCBC=0 -DCTR=1 -DECB=1
// E.g. with GCC by using the -D flag: gcc -c aes.c -DCBC=0 -DCTR=1 -DECB=1 -DCTR_SEEK=1
#define CBC 1
#define CTR 1
#define ECB 1
#define CTR_SEEK 1
#include "aes.h"
@ -19,6 +20,8 @@ static int test_decrypt_ctr(void);
static int test_encrypt_ecb(void);
static int test_decrypt_ecb(void);
static void test_encrypt_ecb_verbose(void);
static int test_encrypt_ctr_at_position(void);
static int test_decrypt_ctr_at_position(void);
int main(void)
@ -38,7 +41,8 @@ int main(void)
exit = test_encrypt_cbc() + test_decrypt_cbc() +
test_encrypt_ctr() + test_decrypt_ctr() +
test_decrypt_ecb() + test_encrypt_ecb();
test_decrypt_ecb() + test_encrypt_ecb() +
test_encrypt_ctr_at_position() + test_decrypt_ctr_at_position();
test_encrypt_ecb_verbose();
return exit;
@ -313,4 +317,61 @@ static int test_decrypt_ecb(void)
}
}
static int test_xcrypt_ctr_at_position(const char* xcrypt)
{
#if defined(AES256)
uint8_t key[32] = { 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 };
uint8_t in[64] = { 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5, 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28,
0xf4, 0x43, 0xe3, 0xca, 0x4d, 0x62, 0xb5, 0x9a, 0xca, 0x84, 0xe9, 0x90, 0xca, 0xca, 0xf5, 0xc5,
0x2b, 0x09, 0x30, 0xda, 0xa2, 0x3d, 0xe9, 0x4c, 0xe8, 0x70, 0x17, 0xba, 0x2d, 0x84, 0x98, 0x8d,
0xdf, 0xc9, 0xc5, 0x8d, 0xb6, 0x7a, 0xad, 0xa6, 0x13, 0xc2, 0xdd, 0x08, 0x45, 0x79, 0x41, 0xa6 };
#elif defined(AES192)
uint8_t key[24] = { 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b };
uint8_t in[64] = { 0x1a, 0xbc, 0x93, 0x24, 0x17, 0x52, 0x1c, 0xa2, 0x4f, 0x2b, 0x04, 0x59, 0xfe, 0x7e, 0x6e, 0x0b,
0x09, 0x03, 0x39, 0xec, 0x0a, 0xa6, 0xfa, 0xef, 0xd5, 0xcc, 0xc2, 0xc6, 0xf4, 0xce, 0x8e, 0x94,
0x1e, 0x36, 0xb2, 0x6b, 0xd1, 0xeb, 0xc6, 0x70, 0xd1, 0xbd, 0x1d, 0x66, 0x56, 0x20, 0xab, 0xf7,
0x4f, 0x78, 0xa7, 0xf6, 0xd2, 0x98, 0x09, 0x58, 0x5a, 0x97, 0xda, 0xec, 0x58, 0xc6, 0xb0, 0x50 };
#elif defined(AES128)
uint8_t key[16] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c };
uint8_t in[64] = { 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26, 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce,
0x98, 0x06, 0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff, 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff,
0x5a, 0xe4, 0xdf, 0x3e, 0xdb, 0xd5, 0xd3, 0x5e, 0x5b, 0x4f, 0x09, 0x02, 0x0d, 0xb0, 0x3e, 0xab,
0x1e, 0x03, 0x1d, 0xda, 0x2f, 0xbe, 0x03, 0xd1, 0x79, 0x21, 0x70, 0xa0, 0xf3, 0x00, 0x9c, 0xee };
#endif
uint8_t iv[16] = { 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff };
uint8_t out[64] = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 };
struct AES_ctx ctx;
AES_init_ctx_iv(&ctx, key, iv);
// input can be processed out of order
AES_CTR_xcrypt_block_at_position(&ctx, in + AES_BLOCKLEN * 3, 3);
AES_CTR_xcrypt_block_at_position(&ctx, in, 0);
AES_CTR_xcrypt_block_at_position(&ctx, in + AES_BLOCKLEN * 2, 2);
AES_CTR_xcrypt_block_at_position(&ctx, in + AES_BLOCKLEN, 1);
printf("CTR-SEEK %s: ", xcrypt);
if (0 == memcmp((char *) out, (char *) in, 64)) {
printf("SUCCESS!\n");
return(0);
} else {
printf("FAILURE!\n");
return(1);
}
}
static int test_encrypt_ctr_at_position(void)
{
return test_xcrypt_ctr_at_position("encrypt");
}
static int test_decrypt_ctr_at_position(void)
{
return test_xcrypt_ctr_at_position("decrypt");
}