static void bench_AES128_encrypt(void *data) {
const AES128_ctx *ctx = (const AES128_ctx *)data;
uint8_t scratch[16] = {0};
int i;
for (i = 0; i < 4000000 / 16; i++) {
AES128_encrypt(ctx, 1, scratch, scratch);
}
}
int main(void) {
int i;
int fail = 0;
for (i = 0; i < static_cast<int>(sizeof(ctaes_tests) / sizeof(ctaes_tests[0])); i++) {
unsigned char key[32], plain[16], cipher[16], ciphered[16], deciphered[16];
const ctaes_test* test = &ctaes_tests[i];
assert(test->keysize == 128 || test->keysize == 192 || test->keysize == 256);
from_hex(plain, 16, test->plain);
from_hex(cipher, 16, test->cipher);
switch (test->keysize) {
case 128: {
AES128_ctx ctx;
from_hex(key, 16, test->key);
AES128_init(&ctx, key);
AES128_encrypt(&ctx, 1, ciphered, plain);
AES128_decrypt(&ctx, 1, deciphered, cipher);
break;
}
case 192: {
AES192_ctx ctx;
from_hex(key, 24, test->key);
AES192_init(&ctx, key);
AES192_encrypt(&ctx, 1, ciphered, plain);
AES192_decrypt(&ctx, 1, deciphered, cipher);
break;
}
case 256: {
AES256_ctx ctx;
from_hex(key, 32, test->key);
AES256_init(&ctx, key);
AES256_encrypt(&ctx, 1, ciphered, plain);
AES256_decrypt(&ctx, 1, deciphered, cipher);
break;
}
}
if (memcmp(cipher, ciphered, 16)) {
fprintf(stderr, "E(key=\"%s\", plain=\"%s\") != \"%s\"\n", test->key, test->plain, test->cipher);
fail++;
}
if (memcmp(plain, deciphered, 16)) {
fprintf(stderr, "D(key=\"%s\", cipher=\"%s\") != \"%s\"\n", test->key, test->cipher, test->plain);
fail++;
}
}
if (fail == 0) {
fprintf(stderr, "All tests successful\n");
} else {
fprintf(stderr, "%i tests failed\n", fail);
}
return (fail != 0);
}
int crypto_aead_decrypt(
unsigned char *m,unsigned long long *mlen, // message
unsigned char *nsec, // not relavent to CLOC or SLIC
const unsigned char *c,unsigned long long clen, // ciphertext
const unsigned char *ad,unsigned long long adlen, // associated data
const unsigned char *npub, // nonce
const unsigned char *k // the master key
)
{
block estate, tstate, tmp; // encryption state, tag state, and temporary state
estate = SETZERO();
unsigned char ltag[16]; // local copy of temporary tag value
unsigned long long i, lastblocklen,j;
/* set ciphertext length */
*mlen = clen - CRYPTO_ABYTES;
/* generate round keys from master key */
AES128_KeyExpansion(k);
/* process the first (partial) block of ad */
load_partial_block(&estate, ad, (adlen>STATE_LEN)?STATE_LEN:adlen, ONE_ZERO_PADDING);
fix0(estate);
AES128_encrypt(estate, estate);
if((ad[0] & 0x80) || (adlen == 0)){
// appy h
h(estate);
}
else{
// do nothing
}
if(adlen > STATE_LEN){ // ad is of moer than one block
i = STATE_LEN;
/* process the middle ad blocks, excluding the first and last (partial) block */
while((i+STATE_LEN) < adlen)
{
tmp = LOAD(ad+i);
estate = XOR(estate, tmp);
AES128_encrypt(estate, estate);
i += STATE_LEN;
}
/* process the last (partial) ad block */
load_partial_block(&tmp, ad+i, adlen - i, ONE_ZERO_PADDING);
estate = XOR(estate, tmp);
AES128_encrypt(estate, estate);
}
/* process the nonce */
load_partial_block(&tmp, npub, CRYPTO_NPUBBYTES, PARAM_OZP);
estate = XOR(estate, tmp);
if((adlen % STATE_LEN) || (adlen == 0)){
/* apply f2 */
f2(estate);
}
else{
/* apply f1 */
f1(estate);
}
/* process ciphertext */
tstate = estate;
AES128_encrypt(estate, estate);
if(*mlen){
/* apply g2 to tag state */
g2(tstate);
}
else{
/* apply g1 to tag state */
g1(tstate);
}
AES128_encrypt(tstate, tstate);
i = 0;
/* process all the message except for the last message/ciphertext block */
while((i + STATE_LEN) < (*mlen)){
tmp = LOAD(c+i);
estate = XOR(estate, tmp);
STORE(m+i, estate);
tstate = XOR(tmp, tstate);
AES128_encrypt(tstate, tstate);
fix1(tmp);
print_state("after applying fix1\n", estate);
AES128_encrypt(tmp, estate);
i += STATE_LEN;
}
/* process the last block of the message/ciphetext */
lastblocklen = (*mlen) - i;
if(lastblocklen > 0){
load_partial_block(&tmp, c+i, lastblocklen, ZERO_APPEND);
estate = XOR(estate, tmp);
print_state("after xoring last partial message block\n", estate);
store_partial_block(m+i, estate, lastblocklen);
unsigned char shift_bytes = (STATE_LEN - (unsigned char)lastblocklen);
tmp = AND(SHR(_mm_set1_epi8(0xff), shift_bytes), tmp);
tstate = XOR(tstate, tmp);
/* add the one zero padding */
tstate = XOR(tstate, SHL(_mm_set_epi8(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0x80), lastblocklen));
if((*mlen) % STATE_LEN){
/* apply f2 */
f2(tstate);
}
else{
/* apply f1 */
f1(tstate);
}
AES128_encrypt(tstate, tstate);
}
/* compare tag and output message */
STORE(ltag, tstate);
for(j = 0; j < CRYPTO_ABYTES; j++){
if(ltag[j] != c[clen - CRYPTO_ABYTES + j])
return RETURN_TAG_NO_MATCH;
}
return RETURN_SUCCESS;
}
void AES128Encrypt::Encrypt(unsigned char ciphertext[16], const unsigned char plaintext[16]) const
{
AES128_encrypt(&ctx, 1, ciphertext, plaintext);
}
