Example #1
0
void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
{
	u32 *rk = ctx;
	rijndaelEncrypt(ctx, rk[AES_PRIV_NR_POS], plain, crypt);
}
Example #2
0
int crypto_aead_encrypt(unsigned char *c,
       unsigned long long *clen,
       const unsigned char *m,
       unsigned long long mlen,
       const unsigned char *ad,
       unsigned long long adlen,
       const unsigned char *nsec,
       const unsigned char *npub,
       const unsigned char *k){   
      
	bst128 checksum;
	bst128 kappa;
	u32 rkey_enc[56];
	bst128 sin,sout;/*for single block enc and to process key*/
	u64 i,j;
	u64 blockmlen=(mlen/16); /*number of plain full blocks*/
	u64* mv=(u64*)m;
	u64* cv=(u64*)c;
	u64* kv=(u64*)k;
	u64* npubv=(u64*)npub;
	bst128 wout;
	bst128 initcounter;
	bst128 counter;
	
	
	
	(void) nsec; /*avoid warning*/
	initcounter.s[0]=npubv[0];
	initcounter.s[1]=npubv[1];/*initially holds nonce,later IC*/
	sin.s[0]=kv[0];
	sin.s[1]=kv[1];/*get user key*/
	rijndaelKeySetupEnc(rkey_enc,sin.b);/*expand user key   */
       
  /*=========get kappa======  */
  rijndaelEncrypt(rkey_enc,initcounter.b,kappa.b);
 
  
  
	 	  
/*=============get session rkeys and mask=====*/
	 
 initcounter=Obtain_sessionrkeys(kappa,rkey_enc);
 
 
 
 
 
 
/*===============================
              associated data 
=================================*/  

checksum=ProcessAD(adlen,ad,rkey_enc,kappa,initcounter);

  
 
/*===========================================
              ENCRYPT PLAINTEXT
==============================================  */

	counter=NADD64(kappa,initcounter);
	*clen=mlen+TAGLENGTH; 
	j=0;
	if(mlen>0){
		while(j<blockmlen){
			sin.s[0]=mv[2*j];
			sin.s[1]=mv[2*j+1];
			XOR128(checksum,sin);
			sout=TAES_ENCRYPT(sin,rkey_enc,counter);
			cv[2*j]=sout.s[0];
			cv[2*j+1]=sout.s[1];
			XORADD(checksum.s,sout,counter);
			counter=NADD64(counter,initcounter);
			j++;
		}/*endwhile. Now only a possible partial block exists */
		j=(j<<4);

		if(j<mlen){ /*last block is partial, then */  
			sout=PartialBlock(mlen,rkey_enc,j,m,c,1,initcounter,counter);
			XOR128(checksum,sout);
		}/*endif j<mlen  */
		
	}/*endif mlen>0, end encryption  */



/*=========================
             TAG
===========================*/



wout=TAG(checksum,adlen,mlen,rkey_enc,kappa);



for(i=0;i<TAGLENGTH;i++) c[mlen+i]=wout.b[i];



return 0;

}/*end AEAD encrypt*/
Example #3
0
int crypto_aead_decrypt(
    unsigned char *m,unsigned long long *mlen,
    unsigned char *nsec,
    const unsigned char *c,unsigned long long clen,
    const unsigned char *ad,unsigned long long adlen,
    const unsigned char *npub,
    const unsigned char *k){
	
	/* declaration of variables */
	bst128 checksum;
	bst128 kappa; 
	u32 rkey_enc[56];
	u32 rkey_dec[56];/* decryption round keys*/
	bst128 sin,sout;
	u64 i,j;
	u64* mv=(u64*)m;
	u64* cv=(u64*)c;
	u64* kv=(u64*)k;
	u64* npubv=(u64*)npub;
	bst128 wout;
	bst128 initcounter;
	bst128 counter;
	u64 kount=clen-TAGLENGTH;
	u64 blockclen=(kount/16);/*number of ciphertext full blocks,excluding tag*/
	
	(void) nsec; /*avoid warning*/
	if(clen<TAGLENGTH) return -1;
	
	initcounter.s[0]=npubv[0];
	initcounter.s[1]=npubv[1];/*initially holds pub msg number*/
	sin.s[0]=kv[0];
	sin.s[1]=kv[1];/*get user key*/
	rijndaelKeySetupEnc(rkey_enc,sin.b);/*expand user key   */

       
  /*=========get kappa======  */
  rijndaelEncrypt(rkey_enc,initcounter.b,kappa.b);
 

	 	  
/*=============get session rkeys and mask=====*/
	 
 initcounter=Obtain_sessionrkeys(kappa,rkey_enc);
  
/*===============================
              associated data 
=================================*/   

checksum=ProcessAD(adlen,ad,rkey_enc,kappa,initcounter);


 /*==========================================================
                  DECRYPT CIPHERTEXT 
				  
=======================================================*/
	
	counter=NADD64(kappa,initcounter);
	*mlen=clen-TAGLENGTH;
	j=0;
	if(clen>TAGLENGTH){
		 /*obtain decryption keys*/
		CONVERT2DECKEY(rkey_enc,rkey_dec);
	
		while(j<blockclen){
			sin.s[0]=cv[2*j];sin.s[1]=cv[2*j+1];				
			XORADD(checksum.s,sin,counter);			
			sout=TAES_DECRYPT(sin,rkey_dec,counter);
			XOR128(checksum,sout);
			mv[2*j]=sout.s[0];mv[2*j+1]=sout.s[1];
			counter=NADD64(counter,initcounter);
			j++;
		}/*endwhile. */
		 
		j=(j<<4);
		 
		if(j<kount){ /*last block is partial, then */   
			sout=PartialBlock(kount,rkey_enc,j,c,m,0,initcounter,counter);
			XOR128(checksum,sout);
		}/*endif j  */
		  
		
    }/*end decryption  
	
	
	   ==========================
	          VERIFY TAG
	   ===========================*/

	
	
	

wout=TAG(checksum,adlen,kount,rkey_enc,kappa);

j=0;
/*to avoid side attacks and to try to fool the compiler into not optimizing too much*/
for(i=0;i<TAGLENGTH;i++) {
	if(wout.b[i]!=c[kount+i]) j+=2;
		else j++;
	}
	if(j>TAGLENGTH) return -1;
	


	return 0;
}/*  ===============END aead decrypt ========================*/
Example #4
0
void
AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
{
    rijndaelEncrypt(key->key, key->rounds, in, out);
}
Example #5
0
int main() {
  word8 rk[MAXROUNDS+1][4][MAXBC];
  word8 k[4][MAXKC];
  word8 a[4][MAXBC];
  word8 a0[4][MAXBC];
  roundkey rkk;
  xword32 k1_32[MAXKC];
  xword32 a1_32[MAXBC];
  char* k1 = (char *)k1_32;
  char* a1 = (char *)a1_32;

  int seed = time(0);
  int BC, KC, i, j, d, total=0;

  /* for each combination of key size / block size, check encryption
     and decryption of a random block */

  printf("Random seed: %d\n", seed);

  srand(seed);

  for (KC=4; KC<=8; KC+=2)
    for (BC=4; BC<=8; BC+=2) {

      /* generate random key and block */
      for (i=0; i<4; i++)
	for (j=0; j<BC; j++)
	  a0[i][j] = a[i][j] = a1[j*4+i] = (word8) rand();
	  
      for (i=0; i<4; i++)
	for (j=0; j<KC; j++)
	  k[i][j] = k1[j*4+i] = (word8) rand();

      /* generate round keys */
      rijndaelKeySched (k, KC*32, BC*32, rk);
      xrijndaelKeySched (k1_32, KC*32, BC*32, &rkk);
      
      /* encrypt */
      rijndaelEncrypt (a, KC*32, BC*32, rk);
      xrijndaelEncrypt (a1_32, &rkk);

      /* test difference */
      d = 0;
      for (i=0; i<4; i++)
	for (j=0; j<BC; j++)
	  if (a[i][j] != (word8) a1[j*4+i]) {
	    printf("BC=%d, KC=%d, ", BC, KC);
	    printf("Encryption: difference a[i][j]=%d, a1[j*4+i]=%d\n", a[i][j], a1[j*4+i]);
	    d++; total++;
	  }
      if (d) printf("Encryption: %d differences\n", d);

      /* decrypt */
      rijndaelDecrypt (a, KC*32, BC*32, rk);
      xrijndaelDecrypt (a1_32, &rkk);

      /* test difference */
      d = 0;
      for (i=0; i<4; i++)
	for (j=0; j<BC; j++)
	  if (a[i][j] != (word8) a1[j*4+i]) {
	    printf("BC=%d, KC=%d, ", BC, KC);
	    printf("Decryption: difference a[i][j]=%d, a1[j*4+i]=%d\n", a[i][j], a1[j*4+i]);
	    d++; total++;
	  }
      if (d) printf("Decryption: %d differences\n", d);

      /* test difference to original */
      d = 0;
      for (i=0; i<4; i++)
	for (j=0; j<BC; j++)
	  if (a0[i][j] != (word8) a1[j*4+i]) {
	    printf("BC=%d, KC=%d, ", BC, KC);
	    printf("Inverse difference a0[i][j]=%d, a1[j*4+i]=%d\n", a0[i][j], a1[j*4+i]);
	    d++; total++;
	  }
      if (d) printf("Inverse: %d differences\n", d);
    }         
  printf("Total: %d differences\n", total);

  if (total) {
    printf("The optimized Rijndael implementation does not agree with the reference implementation.\n");
    return 1;
  }

  printf("The optimized Rijndael implementation agrees with the reference implementation.\n");
  return 0;
}
Example #6
0
void
rijndael_encrypt(const rijndael_ctx *ctx, const u_char *src, u_char *dst)
{

	rijndaelEncrypt(ctx->ek, ctx->Nr, src, dst);
}
Example #7
0
void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
{
	rijndaelEncrypt(ctx, plain, crypt);
}
Example #8
0
main() {
    static unsigned char key[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
    static unsigned char pt[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
    unsigned char ct[16];
    unsigned char word[4][4];
    unsigned int answer[16];
    int line[4];
    int i, j, k, l, m, a,b,c,d;
    unsigned char possibleKeys[256];
    
    /* Inverse S-Box */
    unsigned char inv_s[256] = 
	{
    0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
    0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
    0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
    0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
    0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
    0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
    0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
    0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
    0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
    0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
    0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
    0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
    0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
    0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
    0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
    0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
	};
    
    /* Array to hold the ciphertext bytes from a run through with 1 key */
    unsigned char ct_byte[256];

	/* This loop Runs through all 16 bytes of key */
    for (i=0; i < 16; i++)
    {
		/* This loop runs through all 255 possible key entries at key byte i */
		for (j=0; j < 256; j++)
		{
			/* Used for the 0's pt 0's key implementation */
			if ((i == 0) && (j == 0))
			{
			//key[i] = j; 
    	
			/* first init rijndael for underlying key */
				rijndaelKeySetupEnc(rek, (unsigned char *)key, 128);  
    
			/* Testing all different plain text values */
			for (k=0; k < 256; k++)
			{
				/* Input 0-255 in the first byte of pt */
				pt[i] = (unsigned char)k;
				
				/* Run the Encryption */
				rijndaelEncrypt(rek, AES_ROUNDS, pt, ct);
				print_hex_string(ct, 16);  printf("\n");
			
				/* Pushing the end results back through AES */
				
				/* Invert last round of AES*/
				for (l=0; l < 4; l++)
				{
					invShiftRows(ct,l);
					ct = inv_s*ct;
				}
				
				/* Creating the rows/words of the ct */
				for (a = 0; a < 16; a++)
				{
					answer[a] = ct[a];
				}
				printf("%x",answer);
				for (l = 0; l < 4; l++)
				{
					//word[l] = answer ^ 0xff;
				}
				
				/* Key Expansion */
				for (l = 4; l < 20; l++)
				{
					if (l % 4 == 0)
					{
						w[l-4] = invRot(invSub(w[l]) ^ w[l-1] ^ RCON[l/4]);
					}
					else
					{
						w[l-4] = w[l] ^ w[l-1];
					}
				}
				
				/* Store each byte of the crypted output */
				ct_byte[k] = ct[i];
			}
		
			/* Checking if the ct index is balance => XOR all elements = 0*/
			unsigned char sum = 0;
			for (k=0; k < 256; k++)
			{
				printf("%i + %i", sum, ct_byte[k]);
				printf("\n");
				sum = sum ^ ct_byte[k];
			}
			printf("%i", sum);
			if (sum == 0)
			{
				possibleKeys[count] = j; 
				count++;
    		}
		}
	}
   }
}
Example #9
0
void aes128_calc_cyphertext(uint8_t key[16], uint8_t plaintext[16], uint8_t cyphertext[16]){
	uint32_t rk[RKLENGTH(KEYBITS)];
	int nrounds = rijndaelSetupEncrypt(rk, &key[0], KEYBITS);
	rijndaelEncrypt(rk, nrounds, plaintext, cyphertext);
}
Example #10
0
 virtual void do_block(data_type * data) override
 {
     rijndaelEncrypt(m_ctx.ek, m_ctx.Nr, data, data);
 }
Example #11
0
static void sm_c1(key_t k, key_t r, uint8_t preq[7], uint8_t pres[7], uint8_t iat, uint8_t rat, bd_addr_t ia, bd_addr_t ra, key_t c1){

    // p1 = pres || preq || rat’ || iat’
    // "The octet of iat’ becomes the least significant octet of p1 and the most signifi-
    // cant octet of pres becomes the most significant octet of p1.
    // For example, if the 8-bit iat’ is 0x01, the 8-bit rat’ is 0x00, the 56-bit preq
    // is 0x07071000000101 and the 56 bit pres is 0x05000800000302 then
    // p1 is 0x05000800000302070710000001010001."
    
    key_t p1_flipped;
    swap56(pres, &p1_flipped[0]);
    swap56(preq, &p1_flipped[7]);
    p1_flipped[14] = rat;
    p1_flipped[15] = iat;
    printf("p1' "); hexdump(p1_flipped, 16);
    
    // p2 = padding || ia || ra
    // "The least significant octet of ra becomes the least significant octet of p2 and
    // the most significant octet of padding becomes the most significant octet of p2.
    // For example, if 48-bit ia is 0xA1A2A3A4A5A6 and the 48-bit ra is
    // 0xB1B2B3B4B5B6 then p2 is 0x00000000A1A2A3A4A5A6B1B2B3B4B5B6.
    
    key_t p2_flipped;
    memset(p2_flipped, 0, 16);
    memcpy(&p2_flipped[4],  ia, 6);
    memcpy(&p2_flipped[10], ra, 6);
    printf("p2' "); hexdump(p2_flipped, 16);
    
    // t1 = r xor p1
    int i;
    key_t t1_flipped;
    for (i=0;i<16;i++){
        t1_flipped[i] = r[15-i] ^ p1_flipped[i];
    }
    printf("t1' "); hexdump(t1_flipped, 16);
    
    key_t tk_flipped;
    swap128(sm_tk, tk_flipped);
    printf("tk' "); hexdump(tk_flipped, 16);
    
    // setup aes decryption
    unsigned long rk[RKLENGTH(KEYBITS)];
    int nrounds = rijndaelSetupEncrypt(rk, &tk_flipped[0], KEYBITS);
    
    // t2 = e(k, r_xor_p1)
    key_t t2_flipped;
    rijndaelEncrypt(rk, nrounds, t1_flipped, t2_flipped);
    
    printf("t2' "); hexdump(t2_flipped, 16);
    
    key_t t3_flipped;
    for (i=0;i<16;i++){
        t3_flipped[i] = t2_flipped[i] ^ p2_flipped[i];
    }
    printf("t3' "); hexdump(t3_flipped, 16);
    
    key_t c1_flipped;
    rijndaelEncrypt(rk, nrounds, t3_flipped, c1_flipped);
    
    printf("c1' "); hexdump(c1_flipped, 16);
    
    swap128(c1_flipped, c1);
    
    printf("c1: "); hexdump(c1, 16);
}
Example #12
0
crypto_cstring aesEncrypt(const char *data, const unsigned long dataLength, const char* password, unsigned long passwordLength)
{
    assert(passwordLength == AES_KEYBYTE);
    
    int n = 0;
    
    if (dataLength / AES_BLOCKBYTE == dataLength * 1.0 / AES_BLOCKBYTE) n = dataLength / AES_BLOCKBYTE;
    else n = dataLength / AES_BLOCKBYTE + 1;
    
    ++n;
    
    crypto_cstring answer;
    
    answer.length = n * AES_BLOCKBYTE;
    
    answer.context = malloc(sizeof(char) * (answer.length) + 100);
    
    memcpy(answer.context, data, sizeof(char) * dataLength);

    unsigned long longi;
    
    for (longi = dataLength ; longi < (answer.length) ; ++longi) answer.context[longi] = '\0';
    
    ((uint64_t*) answer.context)[LENGTHPOSITION(answer.length)] = (uint64_t) dataLength;
    
    int i;

    unsigned long rk[RKLENGTH(AES_KEYBIT)];
	unsigned char key[KEYLENGTH(AES_KEYBIT)];
    
	for (i = 0; i < passwordLength; i++)
		key[i] = password != 0 ? *password++ : 0;
	
	int nrounds = rijndaelSetupEncrypt(rk, key, AES_KEYBIT);
	
    int index = 0;
    int lastIndex;

	
	while (1)
	{
        lastIndex = index;
		unsigned char plaintext[32];
		unsigned char ciphertext[32];
		int j;
		for (j = 0; j < 16; j++)
		{
			if (index >= answer.length)
				break;
			
			plaintext[j] = answer.context[index++];
		}
		if (j == 0)
			break;
		for (; j < sizeof(plaintext); j++)
			plaintext[j] = '\0';
		
		rijndaelEncrypt(rk, nrounds, plaintext, ciphertext);
        memcpy(answer.context + lastIndex, ciphertext, AES_BLOCKBYTE);
	}
    
    return answer;
}