Пример #1
0
void
rijndael_set_key(rijndael_ctx *ctx, const u_char *key, int bits)
{

	ctx->Nr = rijndaelKeySetupEnc(ctx->ek, key, bits);
	rijndaelKeySetupDec(ctx->dk, key, bits);
}
Пример #2
0
/* Perform AES block decryption, including key schedule setup */
void
BCMROMFN(aes_decrypt)(const size_t kl, const uint8 *K, const uint8 *ctxt, uint8 *ptxt)
{
	uint32 rk[4 * (AES_MAXROUNDS + 1)];
	rijndaelKeySetupDec(rk, K, (int)AES_KEY_BITLEN(kl));
	rijndaelDecrypt(rk, (int)AES_ROUNDS(kl), ctxt, ptxt);
}
Пример #3
0
void rijndaelSpeed(int keyBits) {
	int Nr, i;
	u32 rk[4*(MAXNR + 1)];
	u8 cipherKey[256/8], pt[16], ct[16];
	clock_t elapsed;
	float sec;

	memset(cipherKey, 0, sizeof(cipherKey));
	printf("================================\n");
	printf("Speed measurement for %d-bit keys:\n", keyBits);

	/*
	 * Encryption key setup timing:
	 */
	elapsed = -clock();
	for (i = 0; i < ITERATIONS; i++) {
		Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits);
	}
	elapsed += clock();
	sec = (float)elapsed/CLOCKS_PER_SEC;
	printf("Encryption key schedule: %.1f s, %.0f Mbit/s\n",
		sec, (float)ITERATIONS*128/sec/1000000);

	/*
	 * Encryption timing:
	 */
	elapsed = -clock();
	for (i = 0; i < ITERATIONS; i++) {
		rijndaelEncrypt(rk, Nr, pt, ct);
	}
	elapsed += clock();
	sec = (float)elapsed/CLOCKS_PER_SEC;
	printf("Encryption: %.1f s, %.0f Mbit/s\n",
		sec, (float)ITERATIONS*128/sec/1000000);

	/*
	 * Decryption key setup timing:
	 */
	elapsed = -clock();
	for (i = 0; i < ITERATIONS; i++) {
		Nr = rijndaelKeySetupDec(rk, cipherKey, keyBits);
	}
	elapsed += clock();
	sec = (float)elapsed/CLOCKS_PER_SEC;
	printf("Decryption key schedule: %.1f s, %.0f Mbit/s\n",
		sec, (float)ITERATIONS*128/sec/1000000);

	/*
	 * Decryption timing:
	 */
	elapsed = -clock();
	for (i = 0; i < ITERATIONS; i++) {
		rijndaelDecrypt(rk, Nr, pt, ct);
	}
	elapsed += clock();
	sec = (float)elapsed/CLOCKS_PER_SEC;
	printf("Decryption: %.1f s, %.0f Mbit/s\n",
		sec, (float)ITERATIONS*128/sec/1000000);

}
Пример #4
0
int
AES_set_decrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key)
{
    key->rounds = rijndaelKeySetupDec(key->key, userkey, bits);
    if (key->rounds == 0)
	return -1;
    return 0;
}
Пример #5
0
void * aes_decrypt_init(const u8 *key, size_t len)
{
	u32 *rk;
	if (len != 16)
		return NULL;
	rk = malloc(4 * 44);
	if (rk == NULL)
		return NULL;
	rijndaelKeySetupDec(rk, key);
	return rk;
}
Пример #6
0
CAMLprim value caml_aes_cook_decrypt_key(value key)
{
  CAMLparam1(key);
  value ckey = alloc_string(Cooked_key_size);
  int nr =
    rijndaelKeySetupDec((u32 *) String_val(ckey),
                        (const u8 *) String_val(key),
                        8 * string_length(key));
  Byte(ckey, Cooked_key_NR_offset) = nr;
  CAMLreturn(ckey);
}
Пример #7
0
void * aes_decrypt_init(const u8 *key, size_t len)
{
	u32 *rk;
	if (len != 16)
		return NULL;
	rk = os_zalloc(AES_PRIV_SIZE);
	if (rk == NULL)
		return NULL;
	rijndaelKeySetupDec(rk, key);
	return rk;
}
Пример #8
0
static int my_aes_create_key(KEYINSTANCE *aes_key,
                             enum encrypt_dir direction, const char *key,
                             int key_length)
{
    uint8 rkey[AES_KEY_LENGTH/8];	 /* The real key to be used for encryption */
    uint8 *rkey_end=rkey+AES_KEY_LENGTH/8; /* Real key boundary */
    uint8 *ptr;			/* Start of the real key*/
    const char *sptr;			/* Start of the working key */
    const char *key_end=key+key_length;	/* Working key boundary*/

    bzero((char*) rkey,AES_KEY_LENGTH/8);      /* Set initial key  */

    for (ptr= rkey, sptr= key; sptr < key_end; ptr++,sptr++)
    {
        if (ptr == rkey_end)
            ptr= rkey;  /*  Just loop over tmp_key until we used all key */
        *ptr^= (uint8) *sptr;
    }
#ifdef AES_USE_KEY_BITS
    /*
     This block is intended to allow more weak encryption if application
     build with libmysqld needs to correspond to export regulations
     It should be never used in normal distribution as does not give
     any speed improvement.
     To get worse security define AES_USE_KEY_BITS to number of bits
     you want key to be. It should be divisible by 8

     WARNING: Changing this value results in changing of enryption for
     all key lengths  so altering this value will result in impossibility
     to decrypt data encrypted with previous value
    */
#define AES_USE_KEY_BYTES (AES_USE_KEY_BITS/8)
    /*
     To get weaker key we use first AES_USE_KEY_BYTES bytes of created key
     and cyclically copy them until we created all required key length
    */
    for (ptr= rkey+AES_USE_KEY_BYTES, sptr=rkey ; ptr < rkey_end;
            ptr++,sptr++)
    {
        if (sptr == rkey+AES_USE_KEY_BYTES)
            sptr=rkey;
        *ptr=*sptr;
    }
#endif
    if (direction == AES_DECRYPT)
        aes_key->nr = rijndaelKeySetupDec(aes_key->rk, rkey, AES_KEY_LENGTH);
    else
        aes_key->nr = rijndaelKeySetupEnc(aes_key->rk, rkey, AES_KEY_LENGTH);
    return 0;
}
Пример #9
0
void * aes_decrypt_init(const u8 *key, size_t len)
{
	u32 *rk;
	int res;
	rk = os_malloc(AES_PRIV_SIZE);
	if (rk == NULL)
		return NULL;
	res = rijndaelKeySetupDec(rk, key, len * 8);
	if (res < 0) {
		os_free(rk);
		return NULL;
	}
	rk[AES_PRIV_NR_POS] = res;
	return rk;
}
Пример #10
0
void
reg_proto_decrypt_data(BufferObj *cipherText, BufferObj *iv, BufferObj *encrKey,
	BufferObj *authKey, BufferObj *plainText)
{
	/*  10 rounds for cbc 128  = (10+1) * 4 uint32 */
	uint32 rk[44];
	uint8 outBuf[1024];
	int plaintext_len;

	TUTRACE((TUTRACE_ERR, "RPROTO: calling decryption\n"));
	rijndaelKeySetupDec(rk, encrKey->pBase, 128);
	plaintext_len = aes_cbc_decrypt_pad(rk, 16, iv->pBase, cipherText->m_dataLength,
		cipherText->pBase, outBuf, PAD_LEN_PADDING);
	buffobj_Append(plainText, plaintext_len, outBuf);
	buffobj_RewindLength(plainText, plainText->m_dataLength);
}
Пример #11
0
static void do_test(int keybits, u8 * key,
                    u8 plain[16], u8 cipher[16],
                    int testno1, int testno2)
{
  u32 ckey[4 * (MAXNR + 1)];
  u8 temp[16];
  int nr;
  int ok;

  nr = rijndaelKeySetupEnc(ckey, key, keybits);
  rijndaelEncrypt(ckey, nr, plain, temp);
  ok = memcmp(temp, cipher, 16) == 0;
  printf("Encryption test %d %s\n", testno1, ok ? "passed" : "FAILED");
  nr = rijndaelKeySetupDec(ckey, key, keybits);
  rijndaelDecrypt(ckey, nr, cipher, temp);
  ok = memcmp(temp, plain, 16) == 0;
  printf("Decryption test %d %s\n", testno2, ok ? "passed" : "FAILED");
}
Пример #12
0
double test_rijndael(const int keysize) {
    if (keysize != 128 && keysize != 192 && keysize != 256)
        return 0;
    clock_t start, end;
    int i, nr;
    u64 blocks = MB * 1e6 / RIJNDAEL_BLOCK_SIZE;
    blocks >>= 1;
    u32 rk[60];
    u8 mk[32];
    u8 a[16], b[16];
    
    start = clock();
    nr = rijndaelKeySetupDec(rk, mk, keysize);
    for (i = 0; i < blocks; i++) {
        rijndaelEncrypt(rk, nr, a, b);
        rijndaelEncrypt(rk, nr, b, a);
    }
    
    end = clock();
    return ((double)end - (double)start) / (double)CLOCKS_PER_SEC;
}
Пример #13
0
int
via_padlock_crypto_newsession(void *arg, uint32_t *sidp, struct cryptoini *cri)
{
	struct cryptoini *c;
	struct via_padlock_softc *sc = arg;
	struct via_padlock_session *ses = NULL;
	const struct swcr_auth_hash *axf;
	struct swcr_data *swd;
	int sesn, i, cw0;

	KASSERT(sc != NULL /*, ("via_padlock_crypto_freesession: null softc")*/);
	if (sc == NULL || sidp == NULL || cri == NULL)
		return (EINVAL);

	if (sc->sc_sessions == NULL) {
		ses = sc->sc_sessions = malloc(sizeof(*ses), M_DEVBUF,
		    M_NOWAIT);
		if (ses == NULL)
			return (ENOMEM);
		sesn = 0;
		sc->sc_nsessions = 1;
	} else {
		for (sesn = 0; sesn < sc->sc_nsessions; sesn++) {
			if (sc->sc_sessions[sesn].ses_used == 0) {
				ses = &sc->sc_sessions[sesn];
				break;
			}
		}

		if (ses == NULL) {
			sesn = sc->sc_nsessions;
			ses = malloc((sesn + 1) * sizeof(*ses), M_DEVBUF,
			    M_NOWAIT);
			if (ses == NULL)
				return (ENOMEM);
			memcpy(ses, sc->sc_sessions, sesn * sizeof(*ses));
			memset(sc->sc_sessions, 0, sesn * sizeof(*ses));
			free(sc->sc_sessions, M_DEVBUF);
			sc->sc_sessions = ses;
			ses = &sc->sc_sessions[sesn];
			sc->sc_nsessions++;
		}
	}

	memset(ses, 0, sizeof(*ses));
	ses->ses_used = 1;

	for (c = cri; c != NULL; c = c->cri_next) {
		switch (c->cri_alg) {
		case CRYPTO_AES_CBC:
			switch (c->cri_klen) {
			case 128:
				cw0 = C3_CRYPT_CWLO_KEY128;
				break;
			case 192:
				cw0 = C3_CRYPT_CWLO_KEY192;
				break;
			case 256:
				cw0 = C3_CRYPT_CWLO_KEY256;
				break;
			default:
				return (EINVAL);
			}
			cw0 |= C3_CRYPT_CWLO_ALG_AES |
				C3_CRYPT_CWLO_KEYGEN_SW |
				C3_CRYPT_CWLO_NORMAL;

#ifdef __NetBSD__
			rnd_extract_data(ses->ses_iv, sizeof(ses->ses_iv),
			    RND_EXTRACT_ANY);
#else
			get_random_bytes(ses->ses_iv, sizeof(ses->ses_iv));
#endif
			ses->ses_klen = c->cri_klen;
			ses->ses_cw0 = cw0;

			/* Build expanded keys for both directions */
			rijndaelKeySetupEnc(ses->ses_ekey, c->cri_key,
			    c->cri_klen);
			rijndaelKeySetupDec(ses->ses_dkey, c->cri_key,
			    c->cri_klen);
			for (i = 0; i < 4 * (RIJNDAEL_MAXNR + 1); i++) {
				ses->ses_ekey[i] = ntohl(ses->ses_ekey[i]);
				ses->ses_dkey[i] = ntohl(ses->ses_dkey[i]);
			}

			break;

		/* Use hashing implementations from the cryptosoft code. */
		case CRYPTO_MD5_HMAC:
			axf = &swcr_auth_hash_hmac_md5;
			goto authcommon;
		case CRYPTO_MD5_HMAC_96:
			axf = &swcr_auth_hash_hmac_md5_96;
			goto authcommon;
		case CRYPTO_SHA1_HMAC:
			axf = &swcr_auth_hash_hmac_sha1;
			goto authcommon;
		case CRYPTO_SHA1_HMAC_96:
			axf = &swcr_auth_hash_hmac_sha1_96;
			goto authcommon;
		case CRYPTO_RIPEMD160_HMAC:
			axf = &swcr_auth_hash_hmac_ripemd_160;
			goto authcommon;
		case CRYPTO_RIPEMD160_HMAC_96:
			axf = &swcr_auth_hash_hmac_ripemd_160_96;
			goto authcommon;
		case CRYPTO_SHA2_HMAC:
			if (cri->cri_klen == 256)
				axf = &swcr_auth_hash_hmac_sha2_256;
			else if (cri->cri_klen == 384)
				axf = &swcr_auth_hash_hmac_sha2_384;
			else if (cri->cri_klen == 512)
				axf = &swcr_auth_hash_hmac_sha2_512;
			else {
				return EINVAL;
			}
		authcommon:
			MALLOC(swd, struct swcr_data *,
			    sizeof(struct swcr_data), M_CRYPTO_DATA,
			    M_NOWAIT);
			if (swd == NULL) {
				via_padlock_crypto_freesession(sc, sesn);
				return (ENOMEM);
			}
			memset(swd, 0, sizeof(struct swcr_data));
			ses->swd = swd;

			swd->sw_ictx = malloc(axf->auth_hash->ctxsize,
			    M_CRYPTO_DATA, M_NOWAIT);
			if (swd->sw_ictx == NULL) {
				via_padlock_crypto_freesession(sc, sesn);
				return (ENOMEM);
			}

			swd->sw_octx = malloc(axf->auth_hash->ctxsize,
			    M_CRYPTO_DATA, M_NOWAIT);
			if (swd->sw_octx == NULL) {
				via_padlock_crypto_freesession(sc, sesn);
				return (ENOMEM);
			}

			for (i = 0; i < c->cri_klen / 8; i++)
				c->cri_key[i] ^= HMAC_IPAD_VAL;

			axf->Init(swd->sw_ictx);
			axf->Update(swd->sw_ictx, c->cri_key, c->cri_klen / 8);
			axf->Update(swd->sw_ictx, hmac_ipad_buffer,
			    HMAC_BLOCK_LEN - (c->cri_klen / 8));

			for (i = 0; i < c->cri_klen / 8; i++)
				c->cri_key[i] ^= (HMAC_IPAD_VAL ^
				    HMAC_OPAD_VAL);

			axf->Init(swd->sw_octx);
			axf->Update(swd->sw_octx, c->cri_key, c->cri_klen / 8);
			axf->Update(swd->sw_octx, hmac_opad_buffer,
			    HMAC_BLOCK_LEN - (c->cri_klen / 8));

			for (i = 0; i < c->cri_klen / 8; i++)
				c->cri_key[i] ^= HMAC_OPAD_VAL;

			swd->sw_axf = axf;
			swd->sw_alg = c->cri_alg;

			break;
		default:
			return (EINVAL);
		}
	}

	*sidp = VIAC3_SID(0, sesn);
	return (0);
}
Пример #14
0
void tDecAES::m_init(nOperationModeAES opmode, const u8 key[], nKeyLengthAES keylen,
                     bool useFastASM)
{
    // Set fields.
    m_opmode = opmode;
    m_keylen = keylen;
    m_useASM = useFastASM;
    m_expandedKey = NULL;

    // Check the opmode.
    switch (opmode)
    {
        case kOpModeECB: break;
        case kOpModeCBC: break;
        default: throw eInvalidArgument("The opmode parameter is not valid!");
    }

    // Check the keylen.
    switch (keylen)
    {
        case k128bit: break;
        case k192bit: break;
        case k256bit: break;
        default: throw eInvalidArgument("The keylen parameter is not valid!");
    }

    // Fast ASM setup:
    if (m_useASM)
    {
        m_expandedKey = s_aligned_malloc(256, 16);
        switch (keylen)
        {
            case k128bit:
            {
                u8* key_copy = new u8[16];
                memcpy(key_copy, key, 16);
                iDecExpandKey128(key_copy, m_expandedKey);
                delete [] key_copy;
                break;
            }
            case k192bit:
            {
                u8* key_copy = new u8[24];
                memcpy(key_copy, key, 24);
                iDecExpandKey192(key_copy, m_expandedKey);
                delete [] key_copy;
                break;
            }
            case k256bit:
            {
                u8* key_copy = new u8[32];
                memcpy(key_copy, key, 32);
                iDecExpandKey256(key_copy, m_expandedKey);
                delete [] key_copy;
                break;
            }
            default: throw eInvalidArgument("The keylen parameter is not valid!");
        }
    }

    // Fallback setup:
    else
    {
        int keybits;
        int expectedNr;
        switch (keylen)
        {
            case k128bit: keybits = 128; expectedNr = 10; break;
            case k192bit: keybits = 192; expectedNr = 12; break;
            case k256bit: keybits = 256; expectedNr = 14; break;
            default: throw eInvalidArgument("The keylen parameter is not valid!");
        }
        m_Nr = rijndaelKeySetupDec(m_rk, key, keybits);
        if (m_Nr != expectedNr)
            throw eImpossiblePath();
    }
}
Пример #15
0
/* aes_unwrap: perform AES-based key unwrap function defined in RFC3394,
 *	return 0 on success, 1 on error
 *	input is il bytes
 *	output is (il-8) bytes
 */
int
BCMROMFN(aes_unwrap)(size_t kl, uint8 *key, size_t il, uint8 *input, uint8 *output)
{
	uint32 rk[4*(AES_MAXROUNDS+1)];
	uint8 A[AES_BLOCK_SZ];
	uint8 R[AKW_MAX_WRAP_LEN + AKW_BLOCK_LEN];
	uint8 B[AES_BLOCK_SZ];
	size_t ol = il - AKW_BLOCK_LEN;
	int n = (int)(ol/AKW_BLOCK_LEN), i, j, k;

	/* validate kl (must be valid AES key length)  */
	if ((kl != 16) && (kl != 24) && (kl != 32)) {
		dbg(("aes_wrap: invlaid key length %lu\n", (unsigned long)kl));
		return (1);
	}
	if (il > (AKW_MAX_WRAP_LEN + AKW_BLOCK_LEN)) {
		dbg(("aes_unwrap: input length %lu too large\n", (unsigned long)il));
		return (1);
	}
	if (il % AKW_BLOCK_LEN) {
		dbg(("aes_unwrap: input length %lu must be a multiple of block length\n",
		     (unsigned long)il));
		return (1);
	}

	dbg(("   Input:\n"));
	dbg(("   KEK:        "));
	for (k = 0; k < (int)kl; k++)
		dbg(("%02X", key[k]));
	dbg(("\n   Data:       "));
	for (k = 0; k < (int)il; k++)
		dbg(("%02X", input[k]));
	dbg(("\n\n   Unwrap: \n"));

	rijndaelKeySetupDec(rk, key, (int)AES_KEY_BITLEN(kl));

	/* Set A = C[0] */
	memcpy(A, input, AKW_BLOCK_LEN);

	/* For i = 1 to n */
	/*	R[i] = C[i] */
	memcpy(R, &input[AKW_BLOCK_LEN], ol);

	/* For j = 5 to 0 */
	for (j = 5; j >= 0; j--) {
		/* For i = n to 1 */
		for (i = n - 1; i >= 0; i--) {
			dbg(("\n   %d\n", (n*j)+i+1));
			pinter("   In   ", A, ol, R);

			/* B = AES - 1 (K, (A ^ t) | R[i]) where t = n * j + i */
			A[AKW_BLOCK_LEN - 1] ^= ((n*j)+i+1);
			pinter("   XorT ", A, ol, R);

			memcpy(&A[AKW_BLOCK_LEN], &R[i*AKW_BLOCK_LEN], AKW_BLOCK_LEN);
			aes_block_decrypt((int)AES_ROUNDS(kl), rk, A, B);

			/* A = MSB(64, B) */
			memcpy(&A[0], &B[0], AKW_BLOCK_LEN);

			/* R[i] = LSB(64, B) */
			memcpy(&R[i*AKW_BLOCK_LEN], &B[AKW_BLOCK_LEN], AKW_BLOCK_LEN);
			pinter("   Dec  ", A, ol, R);
		}
	}
	if (!memcmp(A, aeskeywrapIV, AKW_BLOCK_LEN)) {
		/* For i = 1 to n */
		/*	P[i] = R[i] */
		memcpy(&output[0], R, ol);
		return 0;
	} else {
		dbg(("aes_unwrap: IV mismatch in unwrapped data\n"));
		return 1;
	}
}