void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
{
u32 *rk = ctx;
rijndaelEncrypt(ctx, rk[AES_PRIV_NR_POS], plain, crypt);
}
int crypto_aead_encrypt(unsigned char *c,
unsigned long long *clen,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k){
bst128 checksum;
bst128 kappa;
u32 rkey_enc[56];
bst128 sin,sout;/*for single block enc and to process key*/
u64 i,j;
u64 blockmlen=(mlen/16); /*number of plain full blocks*/
u64* mv=(u64*)m;
u64* cv=(u64*)c;
u64* kv=(u64*)k;
u64* npubv=(u64*)npub;
bst128 wout;
bst128 initcounter;
bst128 counter;
(void) nsec; /*avoid warning*/
initcounter.s[0]=npubv[0];
initcounter.s[1]=npubv[1];/*initially holds nonce,later IC*/
sin.s[0]=kv[0];
sin.s[1]=kv[1];/*get user key*/
rijndaelKeySetupEnc(rkey_enc,sin.b);/*expand user key */
/*=========get kappa====== */
rijndaelEncrypt(rkey_enc,initcounter.b,kappa.b);
/*=============get session rkeys and mask=====*/
initcounter=Obtain_sessionrkeys(kappa,rkey_enc);
/*===============================
associated data
=================================*/
checksum=ProcessAD(adlen,ad,rkey_enc,kappa,initcounter);
/*===========================================
ENCRYPT PLAINTEXT
============================================== */
counter=NADD64(kappa,initcounter);
*clen=mlen+TAGLENGTH;
j=0;
if(mlen>0){
while(j<blockmlen){
sin.s[0]=mv[2*j];
sin.s[1]=mv[2*j+1];
XOR128(checksum,sin);
sout=TAES_ENCRYPT(sin,rkey_enc,counter);
cv[2*j]=sout.s[0];
cv[2*j+1]=sout.s[1];
XORADD(checksum.s,sout,counter);
counter=NADD64(counter,initcounter);
j++;
}/*endwhile. Now only a possible partial block exists */
j=(j<<4);
if(j<mlen){ /*last block is partial, then */
sout=PartialBlock(mlen,rkey_enc,j,m,c,1,initcounter,counter);
XOR128(checksum,sout);
}/*endif j<mlen */
}/*endif mlen>0, end encryption */
/*=========================
TAG
===========================*/
wout=TAG(checksum,adlen,mlen,rkey_enc,kappa);
for(i=0;i<TAGLENGTH;i++) c[mlen+i]=wout.b[i];
return 0;
}/*end AEAD encrypt*/
int crypto_aead_decrypt(
unsigned char *m,unsigned long long *mlen,
unsigned char *nsec,
const unsigned char *c,unsigned long long clen,
const unsigned char *ad,unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k){
/* declaration of variables */
bst128 checksum;
bst128 kappa;
u32 rkey_enc[56];
u32 rkey_dec[56];/* decryption round keys*/
bst128 sin,sout;
u64 i,j;
u64* mv=(u64*)m;
u64* cv=(u64*)c;
u64* kv=(u64*)k;
u64* npubv=(u64*)npub;
bst128 wout;
bst128 initcounter;
bst128 counter;
u64 kount=clen-TAGLENGTH;
u64 blockclen=(kount/16);/*number of ciphertext full blocks,excluding tag*/
(void) nsec; /*avoid warning*/
if(clen<TAGLENGTH) return -1;
initcounter.s[0]=npubv[0];
initcounter.s[1]=npubv[1];/*initially holds pub msg number*/
sin.s[0]=kv[0];
sin.s[1]=kv[1];/*get user key*/
rijndaelKeySetupEnc(rkey_enc,sin.b);/*expand user key */
/*=========get kappa====== */
rijndaelEncrypt(rkey_enc,initcounter.b,kappa.b);
/*=============get session rkeys and mask=====*/
initcounter=Obtain_sessionrkeys(kappa,rkey_enc);
/*===============================
associated data
=================================*/
checksum=ProcessAD(adlen,ad,rkey_enc,kappa,initcounter);
/*==========================================================
DECRYPT CIPHERTEXT
=======================================================*/
counter=NADD64(kappa,initcounter);
*mlen=clen-TAGLENGTH;
j=0;
if(clen>TAGLENGTH){
/*obtain decryption keys*/
CONVERT2DECKEY(rkey_enc,rkey_dec);
while(j<blockclen){
sin.s[0]=cv[2*j];sin.s[1]=cv[2*j+1];
XORADD(checksum.s,sin,counter);
sout=TAES_DECRYPT(sin,rkey_dec,counter);
XOR128(checksum,sout);
mv[2*j]=sout.s[0];mv[2*j+1]=sout.s[1];
counter=NADD64(counter,initcounter);
j++;
}/*endwhile. */
j=(j<<4);
if(j<kount){ /*last block is partial, then */
sout=PartialBlock(kount,rkey_enc,j,c,m,0,initcounter,counter);
XOR128(checksum,sout);
}/*endif j */
}/*end decryption
==========================
VERIFY TAG
===========================*/
wout=TAG(checksum,adlen,kount,rkey_enc,kappa);
j=0;
/*to avoid side attacks and to try to fool the compiler into not optimizing too much*/
for(i=0;i<TAGLENGTH;i++) {
if(wout.b[i]!=c[kount+i]) j+=2;
else j++;
}
if(j>TAGLENGTH) return -1;
return 0;
}/* ===============END aead decrypt ========================*/
void
AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
{
rijndaelEncrypt(key->key, key->rounds, in, out);
}
int main() {
word8 rk[MAXROUNDS+1][4][MAXBC];
word8 k[4][MAXKC];
word8 a[4][MAXBC];
word8 a0[4][MAXBC];
roundkey rkk;
xword32 k1_32[MAXKC];
xword32 a1_32[MAXBC];
char* k1 = (char *)k1_32;
char* a1 = (char *)a1_32;
int seed = time(0);
int BC, KC, i, j, d, total=0;
/* for each combination of key size / block size, check encryption
and decryption of a random block */
printf("Random seed: %d\n", seed);
srand(seed);
for (KC=4; KC<=8; KC+=2)
for (BC=4; BC<=8; BC+=2) {
/* generate random key and block */
for (i=0; i<4; i++)
for (j=0; j<BC; j++)
a0[i][j] = a[i][j] = a1[j*4+i] = (word8) rand();
for (i=0; i<4; i++)
for (j=0; j<KC; j++)
k[i][j] = k1[j*4+i] = (word8) rand();
/* generate round keys */
rijndaelKeySched (k, KC*32, BC*32, rk);
xrijndaelKeySched (k1_32, KC*32, BC*32, &rkk);
/* encrypt */
rijndaelEncrypt (a, KC*32, BC*32, rk);
xrijndaelEncrypt (a1_32, &rkk);
/* test difference */
d = 0;
for (i=0; i<4; i++)
for (j=0; j<BC; j++)
if (a[i][j] != (word8) a1[j*4+i]) {
printf("BC=%d, KC=%d, ", BC, KC);
printf("Encryption: difference a[i][j]=%d, a1[j*4+i]=%d\n", a[i][j], a1[j*4+i]);
d++; total++;
}
if (d) printf("Encryption: %d differences\n", d);
/* decrypt */
rijndaelDecrypt (a, KC*32, BC*32, rk);
xrijndaelDecrypt (a1_32, &rkk);
/* test difference */
d = 0;
for (i=0; i<4; i++)
for (j=0; j<BC; j++)
if (a[i][j] != (word8) a1[j*4+i]) {
printf("BC=%d, KC=%d, ", BC, KC);
printf("Decryption: difference a[i][j]=%d, a1[j*4+i]=%d\n", a[i][j], a1[j*4+i]);
d++; total++;
}
if (d) printf("Decryption: %d differences\n", d);
/* test difference to original */
d = 0;
for (i=0; i<4; i++)
for (j=0; j<BC; j++)
if (a0[i][j] != (word8) a1[j*4+i]) {
printf("BC=%d, KC=%d, ", BC, KC);
printf("Inverse difference a0[i][j]=%d, a1[j*4+i]=%d\n", a0[i][j], a1[j*4+i]);
d++; total++;
}
if (d) printf("Inverse: %d differences\n", d);
}
printf("Total: %d differences\n", total);
if (total) {
printf("The optimized Rijndael implementation does not agree with the reference implementation.\n");
return 1;
}
printf("The optimized Rijndael implementation agrees with the reference implementation.\n");
return 0;
}
void
rijndael_encrypt(const rijndael_ctx *ctx, const u_char *src, u_char *dst)
{
rijndaelEncrypt(ctx->ek, ctx->Nr, src, dst);
}
void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
{
rijndaelEncrypt(ctx, plain, crypt);
}
main() {
static unsigned char key[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
static unsigned char pt[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
unsigned char ct[16];
unsigned char word[4][4];
unsigned int answer[16];
int line[4];
int i, j, k, l, m, a,b,c,d;
unsigned char possibleKeys[256];
/* Inverse S-Box */
unsigned char inv_s[256] =
{
0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
};
/* Array to hold the ciphertext bytes from a run through with 1 key */
unsigned char ct_byte[256];
/* This loop Runs through all 16 bytes of key */
for (i=0; i < 16; i++)
{
/* This loop runs through all 255 possible key entries at key byte i */
for (j=0; j < 256; j++)
{
/* Used for the 0's pt 0's key implementation */
if ((i == 0) && (j == 0))
{
//key[i] = j;
/* first init rijndael for underlying key */
rijndaelKeySetupEnc(rek, (unsigned char *)key, 128);
/* Testing all different plain text values */
for (k=0; k < 256; k++)
{
/* Input 0-255 in the first byte of pt */
pt[i] = (unsigned char)k;
/* Run the Encryption */
rijndaelEncrypt(rek, AES_ROUNDS, pt, ct);
print_hex_string(ct, 16); printf("\n");
/* Pushing the end results back through AES */
/* Invert last round of AES*/
for (l=0; l < 4; l++)
{
invShiftRows(ct,l);
ct = inv_s*ct;
}
/* Creating the rows/words of the ct */
for (a = 0; a < 16; a++)
{
answer[a] = ct[a];
}
printf("%x",answer);
for (l = 0; l < 4; l++)
{
//word[l] = answer ^ 0xff;
}
/* Key Expansion */
for (l = 4; l < 20; l++)
{
if (l % 4 == 0)
{
w[l-4] = invRot(invSub(w[l]) ^ w[l-1] ^ RCON[l/4]);
}
else
{
w[l-4] = w[l] ^ w[l-1];
}
}
/* Store each byte of the crypted output */
ct_byte[k] = ct[i];
}
/* Checking if the ct index is balance => XOR all elements = 0*/
unsigned char sum = 0;
for (k=0; k < 256; k++)
{
printf("%i + %i", sum, ct_byte[k]);
printf("\n");
sum = sum ^ ct_byte[k];
}
printf("%i", sum);
if (sum == 0)
{
possibleKeys[count] = j;
count++;
}
}
}
}
}
void aes128_calc_cyphertext(uint8_t key[16], uint8_t plaintext[16], uint8_t cyphertext[16]){
uint32_t rk[RKLENGTH(KEYBITS)];
int nrounds = rijndaelSetupEncrypt(rk, &key[0], KEYBITS);
rijndaelEncrypt(rk, nrounds, plaintext, cyphertext);
}
virtual void do_block(data_type * data) override
{
rijndaelEncrypt(m_ctx.ek, m_ctx.Nr, data, data);
}
static void sm_c1(key_t k, key_t r, uint8_t preq[7], uint8_t pres[7], uint8_t iat, uint8_t rat, bd_addr_t ia, bd_addr_t ra, key_t c1){
// p1 = pres || preq || rat’ || iat’
// "The octet of iat’ becomes the least significant octet of p1 and the most signifi-
// cant octet of pres becomes the most significant octet of p1.
// For example, if the 8-bit iat’ is 0x01, the 8-bit rat’ is 0x00, the 56-bit preq
// is 0x07071000000101 and the 56 bit pres is 0x05000800000302 then
// p1 is 0x05000800000302070710000001010001."
key_t p1_flipped;
swap56(pres, &p1_flipped[0]);
swap56(preq, &p1_flipped[7]);
p1_flipped[14] = rat;
p1_flipped[15] = iat;
printf("p1' "); hexdump(p1_flipped, 16);
// p2 = padding || ia || ra
// "The least significant octet of ra becomes the least significant octet of p2 and
// the most significant octet of padding becomes the most significant octet of p2.
// For example, if 48-bit ia is 0xA1A2A3A4A5A6 and the 48-bit ra is
// 0xB1B2B3B4B5B6 then p2 is 0x00000000A1A2A3A4A5A6B1B2B3B4B5B6.
key_t p2_flipped;
memset(p2_flipped, 0, 16);
memcpy(&p2_flipped[4], ia, 6);
memcpy(&p2_flipped[10], ra, 6);
printf("p2' "); hexdump(p2_flipped, 16);
// t1 = r xor p1
int i;
key_t t1_flipped;
for (i=0;i<16;i++){
t1_flipped[i] = r[15-i] ^ p1_flipped[i];
}
printf("t1' "); hexdump(t1_flipped, 16);
key_t tk_flipped;
swap128(sm_tk, tk_flipped);
printf("tk' "); hexdump(tk_flipped, 16);
// setup aes decryption
unsigned long rk[RKLENGTH(KEYBITS)];
int nrounds = rijndaelSetupEncrypt(rk, &tk_flipped[0], KEYBITS);
// t2 = e(k, r_xor_p1)
key_t t2_flipped;
rijndaelEncrypt(rk, nrounds, t1_flipped, t2_flipped);
printf("t2' "); hexdump(t2_flipped, 16);
key_t t3_flipped;
for (i=0;i<16;i++){
t3_flipped[i] = t2_flipped[i] ^ p2_flipped[i];
}
printf("t3' "); hexdump(t3_flipped, 16);
key_t c1_flipped;
rijndaelEncrypt(rk, nrounds, t3_flipped, c1_flipped);
printf("c1' "); hexdump(c1_flipped, 16);
swap128(c1_flipped, c1);
printf("c1: "); hexdump(c1, 16);
}
crypto_cstring aesEncrypt(const char *data, const unsigned long dataLength, const char* password, unsigned long passwordLength)
{
assert(passwordLength == AES_KEYBYTE);
int n = 0;
if (dataLength / AES_BLOCKBYTE == dataLength * 1.0 / AES_BLOCKBYTE) n = dataLength / AES_BLOCKBYTE;
else n = dataLength / AES_BLOCKBYTE + 1;
++n;
crypto_cstring answer;
answer.length = n * AES_BLOCKBYTE;
answer.context = malloc(sizeof(char) * (answer.length) + 100);
memcpy(answer.context, data, sizeof(char) * dataLength);
unsigned long longi;
for (longi = dataLength ; longi < (answer.length) ; ++longi) answer.context[longi] = '\0';
((uint64_t*) answer.context)[LENGTHPOSITION(answer.length)] = (uint64_t) dataLength;
int i;
unsigned long rk[RKLENGTH(AES_KEYBIT)];
unsigned char key[KEYLENGTH(AES_KEYBIT)];
for (i = 0; i < passwordLength; i++)
key[i] = password != 0 ? *password++ : 0;
int nrounds = rijndaelSetupEncrypt(rk, key, AES_KEYBIT);
int index = 0;
int lastIndex;
while (1)
{
lastIndex = index;
unsigned char plaintext[32];
unsigned char ciphertext[32];
int j;
for (j = 0; j < 16; j++)
{
if (index >= answer.length)
break;
plaintext[j] = answer.context[index++];
}
if (j == 0)
break;
for (; j < sizeof(plaintext); j++)
plaintext[j] = '\0';
rijndaelEncrypt(rk, nrounds, plaintext, ciphertext);
memcpy(answer.context + lastIndex, ciphertext, AES_BLOCKBYTE);
}
return answer;
}