mirrors/tiny-AES-c
1
0
Fork 0
mirror of https://github.com/kokke/tiny-AES-c synced 2024-11-22 05:21:52 +03:00
Code Issues Packages Projects Releases Wiki Activity

make thead safe via context pram; remove padding as non working; opitmise abit

Browse Source
This commit is contained in:
Stoian Ivanov 2017-12-05 03:06:57 +02:00
parent d234d31d18
commit 88f258872c
3 changed files with 163 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

247
aes.c
View File

@ -44,23 +44,16 @@ NOTE: String length must be evenly divisible by 16byte (str_len % 16 == 0)
/*****************************************************************************/
// The number of columns comprising a state in AES. This is a constant in AES. Value=4
#define Nb 4
#define BLOCKLEN 16 //Block length in bytes AES is 128b block only
#if defined(AES256) && (AES256 == 1)
#define Nk 8
#define KEYLEN 32
#define Nr 14
#define keyExpSize 240
#elif defined(AES192) && (AES192 == 1)
#define Nk 6
#define KEYLEN 24
#define Nr 12
#define keyExpSize 208
#else
#define Nk 4 // The number of 32 bit words in a key.
#define KEYLEN 16 // Key length in bytes
#define Nr 10 // The number of rounds in AES Cipher.
#define keyExpSize 176
#endif
// jcallan@github points out that declaring Multiply as a function
@ -71,23 +64,17 @@ NOTE: String length must be evenly divisible by 16byte (str_len % 16 == 0)
#endif
/*****************************************************************************/
/* Private variables: */
/*****************************************************************************/
// state - array holding the intermediate results during decryption.
typedef uint8_t state_t[4][4];
static state_t* state;
// The array that stores the round keys.
static uint8_t RoundKey[keyExpSize];
// The Key input to the AES Program
static const uint8_t* Key;
#if defined(CBC) && CBC
// Initial Vector used only for CBC mode
static uint8_t* Iv;
#endif
// The lookup-tables are marked const so they can be placed in read-only storage instead of RAM
// The numbers below can be computed dynamically trading ROM for RAM -
@ -168,23 +155,30 @@ static const uint8_t Rcon[256] = {
/*****************************************************************************/
/* Private functions: */
/*****************************************************************************/
/*
static uint8_t getSBoxValue(uint8_t num)
{
return sbox[num];
}
*/
#define getSBoxValue(num) (sbox[(num)])
/*
static uint8_t getSBoxInvert(uint8_t num)
{
return rsbox[num];
}
*/
#define getSBoxInvert(num) (rsbox[(num)])
// This function produces Nb(Nr+1) round keys. The round keys are used in each round to decrypt the states.
static void KeyExpansion(void)
static void KeyExpansion(uint8_t* RoundKey,const uint8_t* Key)
{
uint32_t i, k;
unsigned i, j, k;
uint8_t tempa[4]; // Used for the column/row operations
// The first round key is the key itself.
memcpy(RoundKey,Key,AES_keyExpSize);
/*
for (i = 0; i < Nk; ++i)
{
RoundKey[(i * 4) + 0] = Key[(i * 4) + 0];
@ -192,16 +186,17 @@ static void KeyExpansion(void)
RoundKey[(i * 4) + 2] = Key[(i * 4) + 2];
RoundKey[(i * 4) + 3] = Key[(i * 4) + 3];
}
*/
// All other round keys are found from the previous round keys.
//i == Nk
for (; i < Nb * (Nr + 1); ++i)
for (i = Nk; i < Nb * (Nr + 1); ++i)
{
{
tempa[0]=RoundKey[(i-1) * 4 + 0];
tempa[1]=RoundKey[(i-1) * 4 + 1];
tempa[2]=RoundKey[(i-1) * 4 + 2];
tempa[3]=RoundKey[(i-1) * 4 + 3];
k=(i-1) * 4;
tempa[0]=RoundKey[k + 0];
tempa[1]=RoundKey[k + 1];
tempa[2]=RoundKey[k + 2];
tempa[3]=RoundKey[k + 3];
}
if (i % Nk == 0)
@ -243,16 +238,30 @@ static void KeyExpansion(void)
}
}
#endif
RoundKey[i * 4 + 0] = RoundKey[(i - Nk) * 4 + 0] ^ tempa[0];
RoundKey[i * 4 + 1] = RoundKey[(i - Nk) * 4 + 1] ^ tempa[1];
RoundKey[i * 4 + 2] = RoundKey[(i - Nk) * 4 + 2] ^ tempa[2];
RoundKey[i * 4 + 3] = RoundKey[(i - Nk) * 4 + 3] ^ tempa[3];
j=i * 4; k=(i - Nk) * 4;
RoundKey[j + 0] = RoundKey[k + 0] ^ tempa[0];
RoundKey[j + 1] = RoundKey[k + 1] ^ tempa[1];
RoundKey[j + 2] = RoundKey[k + 2] ^ tempa[2];
RoundKey[j + 3] = RoundKey[k + 3] ^ tempa[3];
}
}
void AES_init_ctx(struct AES_ctx *ctx,const uint8_t* key){
KeyExpansion(ctx->RoundKey,key);
}
#if defined(CBC) && (CBC == 1)
void AES_init_ctx_iv(struct AES_ctx *ctx,const uint8_t* key,const uint8_t* iv){
KeyExpansion(ctx->RoundKey,key);
memcpy (ctx->Iv,iv,AES_BLOCKLEN);
}
void AES_ctx_set_iv(struct AES_ctx *ctx,const uint8_t* iv) {
memcpy (ctx->Iv,iv,AES_BLOCKLEN);
}
#endif
// This function adds the round key to state.
// The round key is added to the state by an XOR function.
static void AddRoundKey(uint8_t round)
static void AddRoundKey(uint8_t round,state_t *state,uint8_t*RoundKey)
{
uint8_t i,j;
for (i=0;i<4;++i)
@ -266,7 +275,7 @@ static void AddRoundKey(uint8_t round)
// The SubBytes Function Substitutes the values in the
// state matrix with values in an S-box.
static void SubBytes(void)
static void SubBytes(state_t *state)
{
uint8_t i, j;
for (i = 0; i < 4; ++i)
@ -281,7 +290,7 @@ static void SubBytes(void)
// The ShiftRows() function shifts the rows in the state to the left.
// Each row is shifted with different offset.
// Offset = Row number. So the first row is not shifted.
static void ShiftRows(void)
static void ShiftRows(state_t *state)
{
uint8_t temp;
@ -315,7 +324,7 @@ static uint8_t xtime(uint8_t x)
}
// MixColumns function mixes the columns of the state matrix
static void MixColumns(void)
static void MixColumns(state_t *state)
{
uint8_t i;
uint8_t Tmp,Tm,t;
@ -353,7 +362,7 @@ static uint8_t Multiply(uint8_t x, uint8_t y)
// MixColumns function mixes the columns of the state matrix.
// The method used to multiply may be difficult to understand for the inexperienced.
// Please use the references to gain more information.
static void InvMixColumns(void)
static void InvMixColumns(state_t *state)
{
int i;
uint8_t a, b, c, d;
@ -374,7 +383,7 @@ static void InvMixColumns(void)
// The SubBytes Function Substitutes the values in the
// state matrix with values in an S-box.
static void InvSubBytes(void)
static void InvSubBytes(state_t *state)
{
uint8_t i,j;
for (i = 0; i < 4; ++i)
@ -386,7 +395,7 @@ static void InvSubBytes(void)
}
}
static void InvShiftRows(void)
static void InvShiftRows(state_t *state)
{
uint8_t temp;
@ -416,54 +425,54 @@ static void InvShiftRows(void)
// Cipher is the main function that encrypts the PlainText.
static void Cipher(void)
static void Cipher(state_t *state,uint8_t*RoundKey)
{
uint8_t round = 0;
// Add the First round key to the state before starting the rounds.
AddRoundKey(0);
AddRoundKey(0,state,RoundKey);
// There will be Nr rounds.
// The first Nr-1 rounds are identical.
// These Nr-1 rounds are executed in the loop below.
for (round = 1; round < Nr; ++round)
{
SubBytes();
ShiftRows();
MixColumns();
AddRoundKey(round);
SubBytes(state);
ShiftRows(state);
MixColumns(state);
AddRoundKey(round,state,RoundKey);
}
// The last round is given below.
// The MixColumns function is not here in the last round.
SubBytes();
ShiftRows();
AddRoundKey(Nr);
SubBytes(state);
ShiftRows(state);
AddRoundKey(Nr,state,RoundKey);
}
static void InvCipher(void)
static void InvCipher(state_t *state,uint8_t*RoundKey)
{
uint8_t round=0;
// Add the First round key to the state before starting the rounds.
AddRoundKey(Nr);
AddRoundKey(Nr,state,RoundKey);
// There will be Nr rounds.
// The first Nr-1 rounds are identical.
// These Nr-1 rounds are executed in the loop below.
for (round = (Nr - 1); round > 0; --round)
{
InvShiftRows();
InvSubBytes();
AddRoundKey(round);
InvMixColumns();
InvShiftRows(state);
InvSubBytes(state);
AddRoundKey(round,state,RoundKey);
InvMixColumns(state);
}
// The last round is given below.
// The MixColumns function is not here in the last round.
InvShiftRows();
InvSubBytes();
AddRoundKey(0);
InvShiftRows(state);
InvSubBytes(state);
AddRoundKey(0,state,RoundKey);
}
@ -473,30 +482,21 @@ static void InvCipher(void)
#if defined(ECB) && (ECB == 1)
void AES_ECB_encrypt(const uint8_t* input, const uint8_t* key, uint8_t* output, const uint32_t length)
void AES_ECB_encrypt(struct AES_ctx *ctx,const uint8_t* input, uint8_t* output)
{
// Copy input to output, and work in-memory on output
memcpy(output, input, length);
state = (state_t*)output;
Key = key;
KeyExpansion();
memcpy(output, input, AES_BLOCKLEN);
// The next function call encrypts the PlainText with the Key using AES algorithm.
Cipher();
Cipher((state_t*)output,ctx->RoundKey);
}
void AES_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, const uint32_t length)
void AES_ECB_decrypt(struct AES_ctx *ctx,const uint8_t* input, uint8_t *output)
{
// Copy input to output, and work in-memory on output
memcpy(output, input, length);
state = (state_t*)output;
// The KeyExpansion routine must be called before encryption.
Key = key;
KeyExpansion();
InvCipher();
memcpy(output, input, AES_BLOCKLEN);
InvCipher((state_t*)output,ctx->RoundKey);
}
@ -509,89 +509,46 @@ void AES_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output,
#if defined(CBC) && (CBC == 1)
static void XorWithIv(uint8_t* buf)
static void XorWithIv(uint8_t* buf,uint8_t*Iv)
{
uint8_t i;
for (i = 0; i < BLOCKLEN; ++i) //WAS for(i = 0; i < KEYLEN; ++i) but the block in AES is always 128bit so 16 bytes!
for (i = 0; i < AES_BLOCKLEN; ++i) //WAS for(i = 0; i < KEYLEN; ++i) but the block in AES is always 128bit so 16 bytes!
{
buf[i] ^= Iv[i];
}
}
void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv)
void AES_CBC_encrypt_buffer(struct AES_ctx *ctx,uint8_t* output, uint8_t* input, uint32_t length)
{
uintptr_t i;
uint8_t extra = length % BLOCKLEN; /* Remaining bytes in the last non-full block */
// Skip the key expansion if key is passed as 0
if (0 != key)
uint8_t *Iv=ctx->Iv;
memcpy(output, input, length);
for (i = 0; i < length; i += AES_BLOCKLEN)
{
Key = key;
KeyExpansion();
}
if (iv != 0)
{
Iv = (uint8_t*)iv;
}
for (i = 0; i < length; i += BLOCKLEN)
{
memcpy(output, input, BLOCKLEN);
XorWithIv(output);
state = (state_t*)output;
Cipher();
XorWithIv(output,Iv);
Cipher((state_t*)output,ctx->RoundKey);
Iv = output;
input += BLOCKLEN;
output += BLOCKLEN;
output += AES_BLOCKLEN;
//printf("Step %d - %d", i/16, i);
}
if (extra)
{
memcpy(output, input, extra);
memset((output + extra), 0, (BLOCKLEN - extra));
XorWithIv(output);
state = (state_t*)output;
Cipher();
}
//store Iv in ctx for next call
memcpy(ctx->Iv,Iv,AES_BLOCKLEN);
}
void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv)
void AES_CBC_decrypt_buffer(struct AES_ctx *ctx, uint8_t* output, uint8_t* input, uint32_t length)
{
uintptr_t i;
uint8_t extra = length % BLOCKLEN; /* Remaining bytes in the last non-full block */
// Skip the key expansion if key is passed as 0
if (0 != key)
uint8_t *Iv=ctx->Iv;
memcpy(output, input, length);
for (i = 0; i < length; i += AES_BLOCKLEN)
{
Key = key;
KeyExpansion();
InvCipher((state_t*)output,ctx->RoundKey);
XorWithIv(output,Iv);
Iv = input; //we DO need original input stored here
input += AES_BLOCKLEN;
output += AES_BLOCKLEN;
}
// If iv is passed as 0, we continue to encrypt without re-setting the Iv
if (iv != 0)
{
Iv = (uint8_t*)iv;
}
for (i = 0; i < length; i += BLOCKLEN)
{
memcpy(output, input, BLOCKLEN);
state = (state_t*)output;
InvCipher();
XorWithIv(output);
Iv = input;
input += BLOCKLEN;
output += BLOCKLEN;
}
if (extra)
{
memcpy(output, input, extra);
state = (state_t*)output;
InvCipher();
}
}
#endif // #if defined(CBC) && (CBC == 1)
@ -601,38 +558,34 @@ void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co
#if defined(CTR) && (CTR == 1)
/* Symmetrical operation: same function for encrypting as for decrypting. Note any IV/nonce should never be reused with the same key */
void AES_CTR_xcrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* nonce)
void AES_CTR_xcrypt_buffer(struct AES_ctx *ctx,uint8_t* output, uint8_t* input, uint32_t length)
{
uint8_t buffer[BLOCKLEN], counter[BLOCKLEN];
memcpy(counter, nonce, BLOCKLEN);
Key = key;
KeyExpansion();
uint8_t buffer[AES_BLOCKLEN];
int j;
unsigned i;
for (i = 0; i < length; ++i)
{
if ((i & (BLOCKLEN - 1)) == 0)
if ((i & (AES_BLOCKLEN - 1)) == 0) //we need to regen xor compliment in buff
{
memcpy(buffer, counter, BLOCKLEN);
state = (state_t*)buffer;
Cipher();
memcpy(buffer, ctx->Iv, AES_BLOCKLEN);
Cipher((state_t*)buffer,ctx->RoundKey);
/* Increment counter and handle overflow */
for (j = (BLOCKLEN - 1); j >= 0; --j)
for (j = (AES_BLOCKLEN - 1); j >= 0; --j)
{
counter[j] += 1;
ctx->Iv[j] += 1;
/* Break if no overflow, keep going otherwise */
if (counter[j] != 0)
if (ctx->Iv[j] != 0)
{
break;
}
}
}
output[i] = (input[i] ^ buffer[(i & (BLOCKLEN - 1))]);
output[i] = (input[i] ^ buffer[(i & (AES_BLOCKLEN - 1))]);
}
}

52
aes.h
View File

@ -28,26 +28,62 @@
//#define AES192 1
//#define AES256 1
#if defined(ECB) && (ECB == 1)
#define AES_BLOCKLEN 16 //Block length in bytes AES is 128b block only
void AES_ECB_encrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, const uint32_t length);
void AES_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, const uint32_t length);
#if defined(AES256) && (AES256 == 1)
#define AES_KEYLEN 32
#define AES_keyExpSize 240
#elif defined(AES192) && (AES192 == 1)
#define AES_KEYLEN 24
#define AES_keyExpSize 208
#else
#define AES_KEYLEN 16 // Key length in bytes
#define AES_keyExpSize 176
#endif
struct AES_ctx {
uint8_t RoundKey[AES_keyExpSize];
#if (defined(CBC) && (CBC == 1)) || (defined(CTR) && (CTR == 1))
uint8_t Iv[AES_BLOCKLEN];
#endif
};
void AES_init_ctx(struct AES_ctx *ctx,const uint8_t* key);
#if defined(CBC) && (CBC == 1)
void AES_init_ctx_iv(struct AES_ctx *ctx,const uint8_t* key,const uint8_t* iv);
void AES_ctx_set_iv(struct AES_ctx *ctx,const uint8_t* iv);
#endif
#if defined(ECB) && (ECB == 1)
// buffer size is exactly AES_BLOCKLEN bytes;
// you need only AES_init_ctx as Iv is not used in ECB
// NB: ECB s considered insecure
void AES_ECB_encrypt(struct AES_ctx *ctx, const uint8_t* input, uint8_t *output);
void AES_ECB_decrypt(struct AES_ctx *ctx, const uint8_t* input, uint8_t *output);
#endif // #if defined(ECB) && (ECB == !)
#if defined(CBC) && (CBC == 1)
void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv);
void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv);
// buffer size MUST be mutile of AES_BLOCKLEN;
// We suggest https://en.wikipedia.org/wiki/Padding_(cryptography)#PKCS7 if you need one
// you need to set iv in ctx via AES_init_ctx_iv or AES_ctx_set_iv
// NB: no IV should ever be reused with the same key
void AES_CBC_encrypt_buffer(struct AES_ctx *ctx, uint8_t* output, uint8_t* input, uint32_t length);
void AES_CBC_decrypt_buffer(struct AES_ctx *ctx, uint8_t* output, uint8_t* input, uint32_t length);
#endif // #if defined(CBC) && (CBC == 1)
#if defined(CTR) && (CTR == 1)
/* Same function for encrypting as for decrypting. Note no IV/nonce should ever be reused with the same key */
void AES_CTR_xcrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* nonce);
// Same function for encrypting as for decrypting.
// iv is incremented for every block, and usesd after encryption as xor compliment for output
// buffer size MUST be mutile of AES_BLOCKLEN;
// We suggest https://en.wikipedia.org/wiki/Padding_(cryptography)#PKCS7 if you need one
// you need to set iv in ctx via AES_init_ctx_iv or AES_ctx_set_iv
// NB: no IV should ever be reused with the same key
void AES_CTR_xcrypt_buffer(struct AES_ctx *ctx, uint8_t* output, uint8_t* input, uint32_t length);
#endif // #if defined(CTR) && (CTR == 1)

29
test.c
View File

@ -97,9 +97,11 @@ static void test_encrypt_ecb_verbose(void)
// print the resulting cipher as 4 x 16 byte strings
printf("ciphertext:\n");
struct AES_ctx ctx;
AES_init_ctx(&ctx,key);
for(i = 0; i < 4; ++i)
{
AES_ECB_encrypt(plain_text + (i*16), key, buf+(i*16), 16);
AES_ECB_encrypt(&ctx,plain_text + (i*16), buf+(i*16));
phex(buf + (i*16));
}
printf("\n");
@ -124,7 +126,8 @@ static void test_encrypt_ecb(void)
uint8_t in[] = {0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a};
uint8_t buffer[16];
AES_ECB_encrypt(in, key, buffer, 16);
struct AES_ctx ctx; AES_init_ctx(&ctx,key);
AES_ECB_encrypt(&ctx,in, buffer);
printf("ECB encrypt: ");
@ -167,8 +170,9 @@ static void test_decrypt_cbc(void)
0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 };
uint8_t buffer[64];
AES_CBC_decrypt_buffer(buffer, in, 64, key, iv);
struct AES_ctx ctx;
AES_init_ctx_iv(&ctx,key,iv);
AES_CBC_decrypt_buffer(&ctx,buffer, in, 64);
printf("CBC decrypt: ");
@ -211,8 +215,9 @@ static void test_encrypt_cbc(void)
0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 };
uint8_t buffer[64];
AES_CBC_encrypt_buffer(buffer, in, 64, key, iv);
struct AES_ctx ctx;
AES_init_ctx_iv(&ctx,key,iv);
AES_CBC_encrypt_buffer(&ctx,buffer, in, 64);
printf("CBC encrypt: ");
@ -266,8 +271,11 @@ static void test_xcrypt_ctr(const char* xcrypt)
0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 };
uint8_t buffer[64];
AES_CTR_xcrypt_buffer(buffer, in, 64, key, iv);
struct AES_ctx ctx;
AES_init_ctx_iv(&ctx,key,iv);
AES_CTR_xcrypt_buffer(&ctx,buffer, in, 64);
printf("CTR %s: ", xcrypt);
@ -299,8 +307,9 @@ static void test_decrypt_ecb(void)
uint8_t out[] = {0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a};
uint8_t buffer[16];
AES_ECB_decrypt(in, key, buffer, 16);
struct AES_ctx ctx;
AES_init_ctx(&ctx,key);
AES_ECB_decrypt(&ctx,in, buffer);
printf("ECB decrypt: ");