make thead safe via context pram; remove padding as non working; opitmise abit
This commit is contained in:
247
aes.c
247
aes.c
@@ -44,23 +44,16 @@ NOTE: String length must be evenly divisible by 16byte (str_len % 16 == 0)
|
||||
/*****************************************************************************/
|
||||
// The number of columns comprising a state in AES. This is a constant in AES. Value=4
|
||||
#define Nb 4
|
||||
#define BLOCKLEN 16 //Block length in bytes AES is 128b block only
|
||||
|
||||
#if defined(AES256) && (AES256 == 1)
|
||||
#define Nk 8
|
||||
#define KEYLEN 32
|
||||
#define Nr 14
|
||||
#define keyExpSize 240
|
||||
#elif defined(AES192) && (AES192 == 1)
|
||||
#define Nk 6
|
||||
#define KEYLEN 24
|
||||
#define Nr 12
|
||||
#define keyExpSize 208
|
||||
#else
|
||||
#define Nk 4 // The number of 32 bit words in a key.
|
||||
#define KEYLEN 16 // Key length in bytes
|
||||
#define Nr 10 // The number of rounds in AES Cipher.
|
||||
#define keyExpSize 176
|
||||
#endif
|
||||
|
||||
// jcallan@github points out that declaring Multiply as a function
|
||||
@@ -71,23 +64,17 @@ NOTE: String length must be evenly divisible by 16byte (str_len % 16 == 0)
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
/*****************************************************************************/
|
||||
/* Private variables: */
|
||||
/*****************************************************************************/
|
||||
// state - array holding the intermediate results during decryption.
|
||||
typedef uint8_t state_t[4][4];
|
||||
static state_t* state;
|
||||
|
||||
// The array that stores the round keys.
|
||||
static uint8_t RoundKey[keyExpSize];
|
||||
|
||||
// The Key input to the AES Program
|
||||
static const uint8_t* Key;
|
||||
|
||||
#if defined(CBC) && CBC
|
||||
// Initial Vector used only for CBC mode
|
||||
static uint8_t* Iv;
|
||||
#endif
|
||||
|
||||
// The lookup-tables are marked const so they can be placed in read-only storage instead of RAM
|
||||
// The numbers below can be computed dynamically trading ROM for RAM -
|
||||
@@ -168,23 +155,30 @@ static const uint8_t Rcon[256] = {
|
||||
/*****************************************************************************/
|
||||
/* Private functions: */
|
||||
/*****************************************************************************/
|
||||
/*
|
||||
static uint8_t getSBoxValue(uint8_t num)
|
||||
{
|
||||
return sbox[num];
|
||||
}
|
||||
|
||||
*/
|
||||
#define getSBoxValue(num) (sbox[(num)])
|
||||
/*
|
||||
static uint8_t getSBoxInvert(uint8_t num)
|
||||
{
|
||||
return rsbox[num];
|
||||
}
|
||||
*/
|
||||
#define getSBoxInvert(num) (rsbox[(num)])
|
||||
|
||||
// This function produces Nb(Nr+1) round keys. The round keys are used in each round to decrypt the states.
|
||||
static void KeyExpansion(void)
|
||||
static void KeyExpansion(uint8_t* RoundKey,const uint8_t* Key)
|
||||
{
|
||||
uint32_t i, k;
|
||||
unsigned i, j, k;
|
||||
uint8_t tempa[4]; // Used for the column/row operations
|
||||
|
||||
// The first round key is the key itself.
|
||||
memcpy(RoundKey,Key,AES_keyExpSize);
|
||||
/*
|
||||
for (i = 0; i < Nk; ++i)
|
||||
{
|
||||
RoundKey[(i * 4) + 0] = Key[(i * 4) + 0];
|
||||
@@ -192,16 +186,17 @@ static void KeyExpansion(void)
|
||||
RoundKey[(i * 4) + 2] = Key[(i * 4) + 2];
|
||||
RoundKey[(i * 4) + 3] = Key[(i * 4) + 3];
|
||||
}
|
||||
*/
|
||||
|
||||
// All other round keys are found from the previous round keys.
|
||||
//i == Nk
|
||||
for (; i < Nb * (Nr + 1); ++i)
|
||||
for (i = Nk; i < Nb * (Nr + 1); ++i)
|
||||
{
|
||||
{
|
||||
tempa[0]=RoundKey[(i-1) * 4 + 0];
|
||||
tempa[1]=RoundKey[(i-1) * 4 + 1];
|
||||
tempa[2]=RoundKey[(i-1) * 4 + 2];
|
||||
tempa[3]=RoundKey[(i-1) * 4 + 3];
|
||||
k=(i-1) * 4;
|
||||
tempa[0]=RoundKey[k + 0];
|
||||
tempa[1]=RoundKey[k + 1];
|
||||
tempa[2]=RoundKey[k + 2];
|
||||
tempa[3]=RoundKey[k + 3];
|
||||
}
|
||||
|
||||
if (i % Nk == 0)
|
||||
@@ -243,16 +238,30 @@ static void KeyExpansion(void)
|
||||
}
|
||||
}
|
||||
#endif
|
||||
RoundKey[i * 4 + 0] = RoundKey[(i - Nk) * 4 + 0] ^ tempa[0];
|
||||
RoundKey[i * 4 + 1] = RoundKey[(i - Nk) * 4 + 1] ^ tempa[1];
|
||||
RoundKey[i * 4 + 2] = RoundKey[(i - Nk) * 4 + 2] ^ tempa[2];
|
||||
RoundKey[i * 4 + 3] = RoundKey[(i - Nk) * 4 + 3] ^ tempa[3];
|
||||
j=i * 4; k=(i - Nk) * 4;
|
||||
RoundKey[j + 0] = RoundKey[k + 0] ^ tempa[0];
|
||||
RoundKey[j + 1] = RoundKey[k + 1] ^ tempa[1];
|
||||
RoundKey[j + 2] = RoundKey[k + 2] ^ tempa[2];
|
||||
RoundKey[j + 3] = RoundKey[k + 3] ^ tempa[3];
|
||||
}
|
||||
}
|
||||
|
||||
void AES_init_ctx(struct AES_ctx *ctx,const uint8_t* key){
|
||||
KeyExpansion(ctx->RoundKey,key);
|
||||
}
|
||||
#if defined(CBC) && (CBC == 1)
|
||||
void AES_init_ctx_iv(struct AES_ctx *ctx,const uint8_t* key,const uint8_t* iv){
|
||||
KeyExpansion(ctx->RoundKey,key);
|
||||
memcpy (ctx->Iv,iv,AES_BLOCKLEN);
|
||||
}
|
||||
void AES_ctx_set_iv(struct AES_ctx *ctx,const uint8_t* iv) {
|
||||
memcpy (ctx->Iv,iv,AES_BLOCKLEN);
|
||||
}
|
||||
#endif
|
||||
|
||||
// This function adds the round key to state.
|
||||
// The round key is added to the state by an XOR function.
|
||||
static void AddRoundKey(uint8_t round)
|
||||
static void AddRoundKey(uint8_t round,state_t *state,uint8_t*RoundKey)
|
||||
{
|
||||
uint8_t i,j;
|
||||
for (i=0;i<4;++i)
|
||||
@@ -266,7 +275,7 @@ static void AddRoundKey(uint8_t round)
|
||||
|
||||
// The SubBytes Function Substitutes the values in the
|
||||
// state matrix with values in an S-box.
|
||||
static void SubBytes(void)
|
||||
static void SubBytes(state_t *state)
|
||||
{
|
||||
uint8_t i, j;
|
||||
for (i = 0; i < 4; ++i)
|
||||
@@ -281,7 +290,7 @@ static void SubBytes(void)
|
||||
// The ShiftRows() function shifts the rows in the state to the left.
|
||||
// Each row is shifted with different offset.
|
||||
// Offset = Row number. So the first row is not shifted.
|
||||
static void ShiftRows(void)
|
||||
static void ShiftRows(state_t *state)
|
||||
{
|
||||
uint8_t temp;
|
||||
|
||||
@@ -315,7 +324,7 @@ static uint8_t xtime(uint8_t x)
|
||||
}
|
||||
|
||||
// MixColumns function mixes the columns of the state matrix
|
||||
static void MixColumns(void)
|
||||
static void MixColumns(state_t *state)
|
||||
{
|
||||
uint8_t i;
|
||||
uint8_t Tmp,Tm,t;
|
||||
@@ -353,7 +362,7 @@ static uint8_t Multiply(uint8_t x, uint8_t y)
|
||||
// MixColumns function mixes the columns of the state matrix.
|
||||
// The method used to multiply may be difficult to understand for the inexperienced.
|
||||
// Please use the references to gain more information.
|
||||
static void InvMixColumns(void)
|
||||
static void InvMixColumns(state_t *state)
|
||||
{
|
||||
int i;
|
||||
uint8_t a, b, c, d;
|
||||
@@ -374,7 +383,7 @@ static void InvMixColumns(void)
|
||||
|
||||
// The SubBytes Function Substitutes the values in the
|
||||
// state matrix with values in an S-box.
|
||||
static void InvSubBytes(void)
|
||||
static void InvSubBytes(state_t *state)
|
||||
{
|
||||
uint8_t i,j;
|
||||
for (i = 0; i < 4; ++i)
|
||||
@@ -386,7 +395,7 @@ static void InvSubBytes(void)
|
||||
}
|
||||
}
|
||||
|
||||
static void InvShiftRows(void)
|
||||
static void InvShiftRows(state_t *state)
|
||||
{
|
||||
uint8_t temp;
|
||||
|
||||
@@ -416,54 +425,54 @@ static void InvShiftRows(void)
|
||||
|
||||
|
||||
// Cipher is the main function that encrypts the PlainText.
|
||||
static void Cipher(void)
|
||||
static void Cipher(state_t *state,uint8_t*RoundKey)
|
||||
{
|
||||
uint8_t round = 0;
|
||||
|
||||
// Add the First round key to the state before starting the rounds.
|
||||
AddRoundKey(0);
|
||||
AddRoundKey(0,state,RoundKey);
|
||||
|
||||
// There will be Nr rounds.
|
||||
// The first Nr-1 rounds are identical.
|
||||
// These Nr-1 rounds are executed in the loop below.
|
||||
for (round = 1; round < Nr; ++round)
|
||||
{
|
||||
SubBytes();
|
||||
ShiftRows();
|
||||
MixColumns();
|
||||
AddRoundKey(round);
|
||||
SubBytes(state);
|
||||
ShiftRows(state);
|
||||
MixColumns(state);
|
||||
AddRoundKey(round,state,RoundKey);
|
||||
}
|
||||
|
||||
// The last round is given below.
|
||||
// The MixColumns function is not here in the last round.
|
||||
SubBytes();
|
||||
ShiftRows();
|
||||
AddRoundKey(Nr);
|
||||
SubBytes(state);
|
||||
ShiftRows(state);
|
||||
AddRoundKey(Nr,state,RoundKey);
|
||||
}
|
||||
|
||||
static void InvCipher(void)
|
||||
static void InvCipher(state_t *state,uint8_t*RoundKey)
|
||||
{
|
||||
uint8_t round=0;
|
||||
|
||||
// Add the First round key to the state before starting the rounds.
|
||||
AddRoundKey(Nr);
|
||||
AddRoundKey(Nr,state,RoundKey);
|
||||
|
||||
// There will be Nr rounds.
|
||||
// The first Nr-1 rounds are identical.
|
||||
// These Nr-1 rounds are executed in the loop below.
|
||||
for (round = (Nr - 1); round > 0; --round)
|
||||
{
|
||||
InvShiftRows();
|
||||
InvSubBytes();
|
||||
AddRoundKey(round);
|
||||
InvMixColumns();
|
||||
InvShiftRows(state);
|
||||
InvSubBytes(state);
|
||||
AddRoundKey(round,state,RoundKey);
|
||||
InvMixColumns(state);
|
||||
}
|
||||
|
||||
// The last round is given below.
|
||||
// The MixColumns function is not here in the last round.
|
||||
InvShiftRows();
|
||||
InvSubBytes();
|
||||
AddRoundKey(0);
|
||||
InvShiftRows(state);
|
||||
InvSubBytes(state);
|
||||
AddRoundKey(0,state,RoundKey);
|
||||
}
|
||||
|
||||
|
||||
@@ -473,30 +482,21 @@ static void InvCipher(void)
|
||||
#if defined(ECB) && (ECB == 1)
|
||||
|
||||
|
||||
void AES_ECB_encrypt(const uint8_t* input, const uint8_t* key, uint8_t* output, const uint32_t length)
|
||||
void AES_ECB_encrypt(struct AES_ctx *ctx,const uint8_t* input, uint8_t* output)
|
||||
{
|
||||
// Copy input to output, and work in-memory on output
|
||||
memcpy(output, input, length);
|
||||
state = (state_t*)output;
|
||||
|
||||
Key = key;
|
||||
KeyExpansion();
|
||||
memcpy(output, input, AES_BLOCKLEN);
|
||||
|
||||
// The next function call encrypts the PlainText with the Key using AES algorithm.
|
||||
Cipher();
|
||||
Cipher((state_t*)output,ctx->RoundKey);
|
||||
}
|
||||
|
||||
void AES_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, const uint32_t length)
|
||||
void AES_ECB_decrypt(struct AES_ctx *ctx,const uint8_t* input, uint8_t *output)
|
||||
{
|
||||
// Copy input to output, and work in-memory on output
|
||||
memcpy(output, input, length);
|
||||
state = (state_t*)output;
|
||||
|
||||
// The KeyExpansion routine must be called before encryption.
|
||||
Key = key;
|
||||
KeyExpansion();
|
||||
|
||||
InvCipher();
|
||||
memcpy(output, input, AES_BLOCKLEN);
|
||||
|
||||
InvCipher((state_t*)output,ctx->RoundKey);
|
||||
}
|
||||
|
||||
|
||||
@@ -509,89 +509,46 @@ void AES_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output,
|
||||
#if defined(CBC) && (CBC == 1)
|
||||
|
||||
|
||||
static void XorWithIv(uint8_t* buf)
|
||||
static void XorWithIv(uint8_t* buf,uint8_t*Iv)
|
||||
{
|
||||
uint8_t i;
|
||||
for (i = 0; i < BLOCKLEN; ++i) //WAS for(i = 0; i < KEYLEN; ++i) but the block in AES is always 128bit so 16 bytes!
|
||||
for (i = 0; i < AES_BLOCKLEN; ++i) //WAS for(i = 0; i < KEYLEN; ++i) but the block in AES is always 128bit so 16 bytes!
|
||||
{
|
||||
buf[i] ^= Iv[i];
|
||||
}
|
||||
}
|
||||
|
||||
void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv)
|
||||
void AES_CBC_encrypt_buffer(struct AES_ctx *ctx,uint8_t* output, uint8_t* input, uint32_t length)
|
||||
{
|
||||
uintptr_t i;
|
||||
uint8_t extra = length % BLOCKLEN; /* Remaining bytes in the last non-full block */
|
||||
|
||||
// Skip the key expansion if key is passed as 0
|
||||
if (0 != key)
|
||||
uint8_t *Iv=ctx->Iv;
|
||||
memcpy(output, input, length);
|
||||
for (i = 0; i < length; i += AES_BLOCKLEN)
|
||||
{
|
||||
Key = key;
|
||||
KeyExpansion();
|
||||
}
|
||||
|
||||
if (iv != 0)
|
||||
{
|
||||
Iv = (uint8_t*)iv;
|
||||
}
|
||||
|
||||
for (i = 0; i < length; i += BLOCKLEN)
|
||||
{
|
||||
memcpy(output, input, BLOCKLEN);
|
||||
XorWithIv(output);
|
||||
state = (state_t*)output;
|
||||
Cipher();
|
||||
XorWithIv(output,Iv);
|
||||
Cipher((state_t*)output,ctx->RoundKey);
|
||||
Iv = output;
|
||||
input += BLOCKLEN;
|
||||
output += BLOCKLEN;
|
||||
output += AES_BLOCKLEN;
|
||||
//printf("Step %d - %d", i/16, i);
|
||||
}
|
||||
|
||||
if (extra)
|
||||
{
|
||||
memcpy(output, input, extra);
|
||||
memset((output + extra), 0, (BLOCKLEN - extra));
|
||||
XorWithIv(output);
|
||||
state = (state_t*)output;
|
||||
Cipher();
|
||||
}
|
||||
//store Iv in ctx for next call
|
||||
memcpy(ctx->Iv,Iv,AES_BLOCKLEN);
|
||||
}
|
||||
|
||||
void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv)
|
||||
void AES_CBC_decrypt_buffer(struct AES_ctx *ctx, uint8_t* output, uint8_t* input, uint32_t length)
|
||||
{
|
||||
uintptr_t i;
|
||||
uint8_t extra = length % BLOCKLEN; /* Remaining bytes in the last non-full block */
|
||||
|
||||
// Skip the key expansion if key is passed as 0
|
||||
if (0 != key)
|
||||
uint8_t *Iv=ctx->Iv;
|
||||
memcpy(output, input, length);
|
||||
for (i = 0; i < length; i += AES_BLOCKLEN)
|
||||
{
|
||||
Key = key;
|
||||
KeyExpansion();
|
||||
InvCipher((state_t*)output,ctx->RoundKey);
|
||||
XorWithIv(output,Iv);
|
||||
Iv = input; //we DO need original input stored here
|
||||
input += AES_BLOCKLEN;
|
||||
output += AES_BLOCKLEN;
|
||||
}
|
||||
|
||||
// If iv is passed as 0, we continue to encrypt without re-setting the Iv
|
||||
if (iv != 0)
|
||||
{
|
||||
Iv = (uint8_t*)iv;
|
||||
}
|
||||
|
||||
for (i = 0; i < length; i += BLOCKLEN)
|
||||
{
|
||||
memcpy(output, input, BLOCKLEN);
|
||||
state = (state_t*)output;
|
||||
InvCipher();
|
||||
XorWithIv(output);
|
||||
Iv = input;
|
||||
input += BLOCKLEN;
|
||||
output += BLOCKLEN;
|
||||
}
|
||||
|
||||
if (extra)
|
||||
{
|
||||
memcpy(output, input, extra);
|
||||
state = (state_t*)output;
|
||||
InvCipher();
|
||||
}
|
||||
}
|
||||
|
||||
#endif // #if defined(CBC) && (CBC == 1)
|
||||
@@ -601,38 +558,34 @@ void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co
|
||||
#if defined(CTR) && (CTR == 1)
|
||||
|
||||
/* Symmetrical operation: same function for encrypting as for decrypting. Note any IV/nonce should never be reused with the same key */
|
||||
void AES_CTR_xcrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* nonce)
|
||||
void AES_CTR_xcrypt_buffer(struct AES_ctx *ctx,uint8_t* output, uint8_t* input, uint32_t length)
|
||||
{
|
||||
uint8_t buffer[BLOCKLEN], counter[BLOCKLEN];
|
||||
|
||||
memcpy(counter, nonce, BLOCKLEN);
|
||||
Key = key;
|
||||
KeyExpansion();
|
||||
uint8_t buffer[AES_BLOCKLEN];
|
||||
|
||||
int j;
|
||||
unsigned i;
|
||||
for (i = 0; i < length; ++i)
|
||||
{
|
||||
if ((i & (BLOCKLEN - 1)) == 0)
|
||||
if ((i & (AES_BLOCKLEN - 1)) == 0) //we need to regen xor compliment in buff
|
||||
{
|
||||
memcpy(buffer, counter, BLOCKLEN);
|
||||
state = (state_t*)buffer;
|
||||
Cipher();
|
||||
|
||||
memcpy(buffer, ctx->Iv, AES_BLOCKLEN);
|
||||
Cipher((state_t*)buffer,ctx->RoundKey);
|
||||
|
||||
/* Increment counter and handle overflow */
|
||||
for (j = (BLOCKLEN - 1); j >= 0; --j)
|
||||
for (j = (AES_BLOCKLEN - 1); j >= 0; --j)
|
||||
{
|
||||
counter[j] += 1;
|
||||
ctx->Iv[j] += 1;
|
||||
|
||||
/* Break if no overflow, keep going otherwise */
|
||||
if (counter[j] != 0)
|
||||
if (ctx->Iv[j] != 0)
|
||||
{
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
output[i] = (input[i] ^ buffer[(i & (BLOCKLEN - 1))]);
|
||||
output[i] = (input[i] ^ buffer[(i & (AES_BLOCKLEN - 1))]);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user