the CTR, CBC, and CCM modes of operation it can be used in.
AES is, specified by the NIST in in publication FIPS PUB 197,
availible at:
- * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf .
+* http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf .
The CBC and CTR modes of operation are specified by
NIST SP 800-38 A, available at:
- * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf .
+* http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf .
The CCM mode of operation is specified by NIST SP80-38 C, available at:
- * http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
+* http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
*********************************************************************/
/*************************** HEADER FILES ***************************/
// Do not output all encrypted blocks.
}
- memcpy(out, buf_out, AES_BLOCK_SIZE); // Only output the last block.
+ memcpy(out, buf_out, AES_BLOCK_SIZE); // Only output the last block.
return(TRUE);
}
}
aes_encrypt(iv_buf, out_buf, key, keysize);
- xor_buf(out_buf, &out[idx], in_len - idx); // Use the Most Significant bytes.
+ xor_buf(out_buf, &out[idx], in_len - idx); // Use the Most Significant bytes.
}
void aes_decrypt_ctr(const BYTE in[], size_t in_len, BYTE out[], const WORD key[], int keysize, const BYTE iv[])
*******************/
// out_len = payload_len + assoc_len
int aes_encrypt_ccm(const BYTE payload[], WORD payload_len, const BYTE assoc[], unsigned short assoc_len,
- const BYTE nonce[], unsigned short nonce_len, BYTE out[], WORD *out_len,
- WORD mac_len, const BYTE key_str[], int keysize)
+ const BYTE nonce[], unsigned short nonce_len, BYTE out[], WORD *out_len,
+ WORD mac_len, const BYTE key_str[], int keysize)
{
BYTE temp_iv[AES_BLOCK_SIZE], counter[AES_BLOCK_SIZE], mac[16], *buf;
int end_of_buf, payload_len_store_size;
WORD key[60];
if (mac_len != 4 && mac_len != 6 && mac_len != 8 && mac_len != 10 &&
- mac_len != 12 && mac_len != 14 && mac_len != 16)
+ mac_len != 12 && mac_len != 14 && mac_len != 16)
return(FALSE);
if (nonce_len < 7 || nonce_len > 13)
return(FALSE);
- if (assoc_len > 32768 /* = 2^15 */)
+ if (assoc_len > 32768 /* = 2^15 */)
return(FALSE);
- buf = (BYTE*)malloc(payload_len + assoc_len + 48 /*Round both payload and associated data up a block size and add an extra block.*/);
- if (! buf)
+ buf = (BYTE *)malloc(payload_len + assoc_len + 48 /*Round both payload and associated data up a block size and add an extra block.*/);
+ if (!buf)
return(FALSE);
// Prepare the key for usage.
// Encrypt the Payload with CTR mode with a counter starting at 1.
memcpy(temp_iv, counter, AES_BLOCK_SIZE);
- increment_iv(temp_iv, AES_BLOCK_SIZE - 1 - mac_len); // Last argument is the byte size of the counting portion of the counter block. /*BUG?*/
+ increment_iv(temp_iv, AES_BLOCK_SIZE - 1 - mac_len); // Last argument is the byte size of the counting portion of the counter block. /*BUG?*/
aes_encrypt_ctr(out, payload_len, out, key, keysize, temp_iv);
// Encrypt the MAC with CTR mode with a counter starting at 0.
// plaintext_len = ciphertext_len - mac_len
// Needs a flag for whether the MAC matches.
int aes_decrypt_ccm(const BYTE ciphertext[], WORD ciphertext_len, const BYTE assoc[], unsigned short assoc_len,
- const BYTE nonce[], unsigned short nonce_len, BYTE plaintext[], WORD *plaintext_len,
- WORD mac_len, int *mac_auth, const BYTE key_str[], int keysize)
+ const BYTE nonce[], unsigned short nonce_len, BYTE plaintext[], WORD *plaintext_len,
+ WORD mac_len, int *mac_auth, const BYTE key_str[], int keysize)
{
BYTE temp_iv[AES_BLOCK_SIZE], counter[AES_BLOCK_SIZE], mac[16], mac_buf[16], *buf;
int end_of_buf, plaintext_len_store_size;
if (ciphertext_len <= mac_len)
return(FALSE);
- buf = (BYTE*)malloc(assoc_len + ciphertext_len /*ciphertext_len = plaintext_len + mac_len*/ + 48);
- if (! buf)
+ buf = (BYTE *)malloc(assoc_len + ciphertext_len /*ciphertext_len = plaintext_len + mac_len*/ + 48);
+ if (!buf)
return(FALSE);
// Prepare the key for usage.
// Decrypt the Payload with CTR mode with a counter starting at 1.
memcpy(temp_iv, counter, AES_BLOCK_SIZE);
- increment_iv(temp_iv, AES_BLOCK_SIZE - 1 - mac_len); // (AES_BLOCK_SIZE - 1 - mac_len) is the byte size of the counting portion of the counter block.
+ increment_iv(temp_iv, AES_BLOCK_SIZE - 1 - mac_len); // (AES_BLOCK_SIZE - 1 - mac_len) is the byte size of the counting portion of the counter block.
aes_decrypt_ctr(plaintext, *plaintext_len, plaintext, key, keysize, temp_iv);
// Setting mac_auth to NULL disables the authentication check.
aes_encrypt_cbc_mac(buf, end_of_buf, mac_buf, key, keysize, temp_iv);
// Compare the calculated MAC against the MAC embedded in the ciphertext to see if they are the same.
- if (! memcmp(mac, mac_buf, mac_len)) {
+ if (!memcmp(mac, mac_buf, mac_len)) {
*mac_auth = TRUE;
}
else {
*end_of_buf += 2;
memcpy(&buf[*end_of_buf], assoc, assoc_len);
*end_of_buf += assoc_len;
- pad = AES_BLOCK_SIZE - (*end_of_buf % AES_BLOCK_SIZE); /*BUG?*/
+ pad = AES_BLOCK_SIZE - (*end_of_buf % AES_BLOCK_SIZE);/*BUG?*/
memset(&buf[*end_of_buf], 0, pad);
*end_of_buf += pad;
}
// "keysize" is the length in bits of "key", must be 128, 192, or 256.
void aes_key_setup(const BYTE key[], WORD w[], int keysize)
{
- int Nb=4,Nr,Nk,idx;
- WORD temp,Rcon[]={0x01000000,0x02000000,0x04000000,0x08000000,0x10000000,0x20000000,
- 0x40000000,0x80000000,0x1b000000,0x36000000,0x6c000000,0xd8000000,
- 0xab000000,0x4d000000,0x9a000000};
+ int Nb = 4,Nr,Nk,idx;
+ WORD temp,Rcon[] = {0x01000000,0x02000000,0x04000000,0x08000000,0x10000000,0x20000000,
+ 0x40000000,0x80000000,0x1b000000,0x36000000,0x6c000000,0xd8000000,
+ 0xab000000,0x4d000000,0x9a000000};
switch (keysize) {
- case 128: Nr = 10; Nk = 4; break;
- case 192: Nr = 12; Nk = 6; break;
- case 256: Nr = 14; Nk = 8; break;
- default: return;
+ case 128: Nr = 10; Nk = 4; break;
+ case 192: Nr = 12; Nk = 6; break;
+ case 256: Nr = 14; Nk = 8; break;
+ default: return;
}
- for (idx=0; idx < Nk; ++idx) {
+ for (idx = 0; idx < Nk; ++idx) {
w[idx] = ((key[4 * idx]) << 24) | ((key[4 * idx + 1]) << 16) |
- ((key[4 * idx + 2]) << 8) | ((key[4 * idx + 3]));
+ ((key[4 * idx + 2]) << 8) | ((key[4 * idx + 3]));
}
- for (idx = Nk; idx < Nb * (Nr+1); ++idx) {
+ for (idx = Nk; idx < Nb * (Nr + 1); ++idx) {
temp = w[idx - 1];
if ((idx % Nk) == 0)
- temp = SubWord(KE_ROTWORD(temp)) ^ Rcon[(idx-1)/Nk];
+ temp = SubWord(KE_ROTWORD(temp)) ^ Rcon[(idx - 1) / Nk];
else if (Nk > 6 && (idx % Nk) == 4)
temp = SubWord(temp);
- w[idx] = w[idx-Nk] ^ temp;
+ w[idx] = w[idx - Nk] ^ temp;
}
}
** AES DEBUGGING FUNCTIONS
*******************/
/*
-// This prints the "state" grid as a linear hex string.
-void print_state(BYTE state[][4])
-{
- int idx,idx2;
-
- for (idx=0; idx < 4; idx++)
- for (idx2=0; idx2 < 4; idx2++)
- printf("%02x",state[idx2][idx]);
- printf("\n");
-}
-
-// This prints the key (4 consecutive ints) used for a given round as a linear hex string.
-void print_rnd_key(WORD key[])
-{
- int idx;
-
- for (idx=0; idx < 4; idx++)
- printf("%08x",key[idx]);
- printf("\n");
-}
-*/
+ // This prints the "state" grid as a linear hex string.
+ void print_state(BYTE state[][4])
+ {
+ int idx,idx2;
+
+ for (idx=0; idx < 4; idx++)
+ for (idx2=0; idx2 < 4; idx2++)
+ printf("%02x",state[idx2][idx]);
+ printf("\n");
+ }
+
+ // This prints the key (4 consecutive ints) used for a given round as a linear hex string.
+ void print_rnd_key(WORD key[])
+ {
+ int idx;
+
+ for (idx=0; idx < 4; idx++)
+ printf("%08x",key[idx]);
+ printf("\n");
+ }
+ */