int
aes_xcbc_mac_init(void *vctx, const u_int8_t *key, u_int16_t keylen)
{
u_int8_t k1seed[AES_BLOCKSIZE] = { 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 };
u_int8_t k2seed[AES_BLOCKSIZE] = { 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2 };
u_int8_t k3seed[AES_BLOCKSIZE] = { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 };
u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4];
aesxcbc_ctx *ctx;
u_int8_t k1[AES_BLOCKSIZE];
ctx = (aesxcbc_ctx *)vctx;
memset(ctx, 0, sizeof(aesxcbc_ctx));
if ((ctx->r_nr = rijndaelKeySetupEnc(r_ks, key, keylen * 8)) == 0)
return -1;
rijndaelEncrypt(r_ks, ctx->r_nr, k1seed, k1);
rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2);
rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3);
if (rijndaelKeySetupEnc(ctx->r_k1s, k1, AES_BLOCKSIZE * 8) == 0)
return -1;
if (rijndaelKeySetupEnc(ctx->r_k2s, ctx->k2, AES_BLOCKSIZE * 8) == 0)
return -1;
if (rijndaelKeySetupEnc(ctx->r_k3s, ctx->k3, AES_BLOCKSIZE * 8) == 0)
return -1;
return 0;
}
void rijndaelSpeed(int keyBits) {
int Nr, i;
u32 rk[4*(MAXNR + 1)];
u8 cipherKey[256/8], pt[16], ct[16];
clock_t elapsed;
float sec;
memset(cipherKey, 0, sizeof(cipherKey));
printf("================================\n");
printf("Speed measurement for %d-bit keys:\n", keyBits);
/*
* Encryption key setup timing:
*/
elapsed = -clock();
for (i = 0; i < ITERATIONS; i++) {
Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits);
}
elapsed += clock();
sec = (float)elapsed/CLOCKS_PER_SEC;
printf("Encryption key schedule: %.1f s, %.0f Mbit/s\n",
sec, (float)ITERATIONS*128/sec/1000000);
/*
* Encryption timing:
*/
elapsed = -clock();
for (i = 0; i < ITERATIONS; i++) {
rijndaelEncrypt(rk, Nr, pt, ct);
}
elapsed += clock();
sec = (float)elapsed/CLOCKS_PER_SEC;
printf("Encryption: %.1f s, %.0f Mbit/s\n",
sec, (float)ITERATIONS*128/sec/1000000);
/*
* Decryption key setup timing:
*/
elapsed = -clock();
for (i = 0; i < ITERATIONS; i++) {
Nr = rijndaelKeySetupDec(rk, cipherKey, keyBits);
}
elapsed += clock();
sec = (float)elapsed/CLOCKS_PER_SEC;
printf("Decryption key schedule: %.1f s, %.0f Mbit/s\n",
sec, (float)ITERATIONS*128/sec/1000000);
/*
* Decryption timing:
*/
elapsed = -clock();
for (i = 0; i < ITERATIONS; i++) {
rijndaelDecrypt(rk, Nr, pt, ct);
}
elapsed += clock();
sec = (float)elapsed/CLOCKS_PER_SEC;
printf("Decryption: %.1f s, %.0f Mbit/s\n",
sec, (float)ITERATIONS*128/sec/1000000);
}
void
rijndael_set_key(rijndael_ctx *ctx, const u_char *key, int bits)
{
ctx->Nr = rijndaelKeySetupEnc(ctx->ek, key, bits);
rijndaelKeySetupDec(ctx->dk, key, bits);
}
/**
* Expand the cipher key into the decryption key schedule.
*
* @return the number of rounds for the given cipher key size.
*/
void rijndaelKeySetupDec(u32 rk[/*44*/], const u8 cipherKey[])
{
int Nr = 10, i, j;
u32 temp;
/* expand the cipher key: */
rijndaelKeySetupEnc(rk, cipherKey);
/* invert the order of the round keys: */
for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) {
temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;
temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
}
/* apply the inverse MixColumn transform to all round keys but the
* first and the last: */
for (i = 1; i < Nr; i++) {
rk += 4;
for (j = 0; j < 4; j++) {
rk[j] = TD0_(TE4((rk[j] >> 24) )) ^
TD1_(TE4((rk[j] >> 16) & 0xff)) ^
TD2_(TE4((rk[j] >> 8) & 0xff)) ^
TD3_(TE4((rk[j] ) & 0xff));
}
}
}
main() {
static unsigned char key[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
static unsigned char pt[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
unsigned char ct[16];
int i;
for(i = 0; i< 16; i ++)
{
key[i] = (unsigned char)i;
}
printf("key: ");
print_hex_string(key,16);printf("\n");
/* first init rijndael for underlying key */
rijndaelKeySetupEnc(rek, (unsigned char *)key, 128);
for (i=0; i < 256; i++)
{
pt[0] = (unsigned char)i;
//print_hex_string(pt,16); printf("\n");
rijndaelEncrypt(rek, AES_ROUNDS, pt, ct);
print_hex_string(ct, 16); printf("\n");
}
}
bst128 Obtain_sessionrkeys(bst128 kappa,u32* rkey_enc){ /*rkey_enc must be 44+4*3 */
u32 tempkeys[44];
int i,j;
bst128 counter;
rijndaelKeySetupEnc(tempkeys,kappa.b);
/*keys 1,9 remain as they are */
for(i=0;i<4;i++){
rkey_enc[i]^=tempkeys[i+4];/*0 xor 1*/
for(j=2;j<9;j++){
rkey_enc[4*j+i]^=tempkeys[4*j+i];/*j xor j*/
}
counter.t[i]=tempkeys[36+i];/*9th rkey
we will use it not as key. */
rkey_enc[40+i]^=tempkeys[40+i];/*10 xor 10*/
}
/*above is normal key expansion.
in locations 44-55 we will hold a copy of the round keys 1,5,9.
so we can change the ones in 1,5,9 and then restore them*/
for(i=0;i<4;i++){
rkey_enc[44+i]=rkey_enc[4+i];/*copy r1*/
rkey_enc[48+i]=rkey_enc[20+i];/*copy r5*/
rkey_enc[52+i]=rkey_enc[36+i];/*copy r9*/
}
/*now internal state in BE machine would be the same as the internal
state under LE machine in ref version, except for the counter.
Now we make odd the bytes a LE machine would when fixing it to be odd*/
counter.b[0]|=(unsigned char)(0x1U);
counter.b[8]|=(unsigned char)(0x1U);
return counter;
}
void
reg_proto_encrypt_data(BufferObj *plainText, BufferObj *encrKey, BufferObj *authKey,
BufferObj *cipherText, BufferObj *iv)
{
BufferObj *buf = buffobj_new();
uint8 ivBuf[SIZE_128_BITS];
/* 10 rounds for cbc 128 = (10+1) * 4 uint32 */
uint32 rk[44];
uint8 outBuf[1024];
int encrypt_len;
if (!buf)
return;
if (plainText->m_dataLength == 0) {
TUTRACE((TUTRACE_ERR, "Invalid parameters \n"));
buffobj_del(buf);
return;
}
/* Generate a random iv */
RAND_bytes(ivBuf, SIZE_128_BITS);
buffobj_Reset(iv);
buffobj_Append(iv, SIZE_128_BITS, ivBuf);
/* Now encrypt the plaintext and mac using the encryption key and IV. */
buffobj_Append(buf, plainText->m_dataLength, plainText->pBase);
TUTRACE((TUTRACE_ERR, "RPROTO: calling encryption of %d bytes\n", buf->m_dataLength));
rijndaelKeySetupEnc(rk, encrKey->pBase, 128);
encrypt_len = aes_cbc_encrypt_pad(rk, 16, ivBuf, buf->m_dataLength,
plainText->pBase, outBuf, PAD_LEN_PADDING);
buffobj_Append(cipherText, encrypt_len, outBuf);
buffobj_del(buf);
}
/* Perform AES block encryption, including key schedule setup */
void
BCMROMFN(aes_encrypt)(const size_t kl, const uint8 *K, const uint8 *ptxt, uint8 *ctxt)
{
uint32 rk[4 * (AES_MAXROUNDS + 1)];
rijndaelKeySetupEnc(rk, K, (int)AES_KEY_BITLEN(kl));
rijndaelEncrypt(rk, (int)AES_ROUNDS(kl), ptxt, ctxt);
}
main() {
static unsigned char key[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
static unsigned char pt[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
unsigned char ct[16];
unsigned int ct_bytes[256];
int i, j;
/* first init rijndael for underlying key */
rijndaelKeySetupEnc(rek, (unsigned char *)key, 128);
for (i=0; i < 256; i++)
{
pt[0] = (unsigned char)i;
rijndaelEncrypt(rek, AES_ROUNDS, pt, ct);
print_hex_string(ct, 16); printf("\n");
ct_bytes[i] = ct[0];
printf("CT 1,1: %i \n", ct[0]);
}
unsigned int sum = 0;
for (j=0; j < 256; j++)
{
//sum = sum ^ ct_bytes[j];
//printf("%i \n", sum);
}
}
int
AES_set_encrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key)
{
key->rounds = rijndaelKeySetupEnc(key->key, userkey, bits);
if (key->rounds == 0)
return -1;
return 0;
}
static void do_bench(int nblocks)
{
u32 ckey[4 * (MAXNR + 1)];
u8 temp[16];
int nr;
nr = rijndaelKeySetupEnc(ckey, (u8 *)"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", 128);
for (; nblocks > 0; nblocks--)
rijndaelEncrypt(ckey, nr, temp, temp);
}
main() {
FILE *fp = fopen("output_fed_4rnds.txt","rw+");
char * line = NULL;
size_t len = 0;
ssize_t read = 0;
int j;
int count = 0;
static unsigned char key[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
while (read != -1)
{
for(j = 0; j<16; j++)
{
read = getline(&line,&len,fp);
key[j] = atoi(line);
}
count = count + 1;
if(count == 1537)
{
break;
}
static unsigned char pt[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
static unsigned char pt1[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
unsigned char ct[16];
unsigned char ct1[16];
int i;
/* first init rijndael for underlying key */
rijndaelKeySetupEnc(rek, (unsigned char *)key, 128);
// generating the plain text given to narrow down the keys - 0102030405060708090a0b0c0d0e0f00
for(i = 0; i< 16; i ++)
{
pt1[i] = (unsigned char)i+1;
}
pt1[15] = (unsigned char)0;
rijndaelEncrypt(rek,AES_ROUNDS, pt1, ct1);
// generating the integer value of the expected cipher text - 71fae486fafc990d4a44a21a7fac6b75
// and comparing it with the cipher text we got using current key
if(ct1[0] == 113 & ct1[1]==250 & ct1[2]==228 & ct1[3]==134 & ct1[4] == 250 & ct1[5] == 252 & ct1[6] == 153 & ct1[15] == 117)
{
print_hex_string(key,16); printf("\n");
}
}
fclose(fp);
}
CAMLprim value caml_aes_cook_encrypt_key(value key)
{
CAMLparam1(key);
value ckey = alloc_string(Cooked_key_size);
int nr =
rijndaelKeySetupEnc((u32 *) String_val(ckey),
(const u8 *) String_val(key),
8 * string_length(key));
Byte(ckey, Cooked_key_NR_offset) = nr;
CAMLreturn(ckey);
}
void * aes_encrypt_init(const u8 *key, size_t len)
{
u32 *rk;
if (len != 16)
return NULL;
rk = os_malloc(AES_PRIV_SIZE);
if (rk == NULL)
return NULL;
rijndaelKeySetupEnc(rk, key);
return rk;
}
static void noise_aesgcm_init_key
(NoiseCipherState *state, const uint8_t *key)
{
NoiseAESGCMState *st = (NoiseAESGCMState *)state;
/* Set the encryption key */
rijndaelKeySetupEnc(st->aes, key, 256);
/* Construct the hashing key by encrypting a block of zeroes */
memset(st->counter, 0, 16);
rijndaelEncrypt(st->aes, MAXNR, st->counter, st->hash);
ghash_reset(&(st->ghash), st->hash);
}
static int my_aes_create_key(KEYINSTANCE *aes_key,
enum encrypt_dir direction, const char *key,
int key_length)
{
uint8 rkey[AES_KEY_LENGTH/8]; /* The real key to be used for encryption */
uint8 *rkey_end=rkey+AES_KEY_LENGTH/8; /* Real key boundary */
uint8 *ptr; /* Start of the real key*/
const char *sptr; /* Start of the working key */
const char *key_end=key+key_length; /* Working key boundary*/
bzero((char*) rkey,AES_KEY_LENGTH/8); /* Set initial key */
for (ptr= rkey, sptr= key; sptr < key_end; ptr++,sptr++)
{
if (ptr == rkey_end)
ptr= rkey; /* Just loop over tmp_key until we used all key */
*ptr^= (uint8) *sptr;
}
#ifdef AES_USE_KEY_BITS
/*
This block is intended to allow more weak encryption if application
build with libmysqld needs to correspond to export regulations
It should be never used in normal distribution as does not give
any speed improvement.
To get worse security define AES_USE_KEY_BITS to number of bits
you want key to be. It should be divisible by 8
WARNING: Changing this value results in changing of enryption for
all key lengths so altering this value will result in impossibility
to decrypt data encrypted with previous value
*/
#define AES_USE_KEY_BYTES (AES_USE_KEY_BITS/8)
/*
To get weaker key we use first AES_USE_KEY_BYTES bytes of created key
and cyclically copy them until we created all required key length
*/
for (ptr= rkey+AES_USE_KEY_BYTES, sptr=rkey ; ptr < rkey_end;
ptr++,sptr++)
{
if (sptr == rkey+AES_USE_KEY_BYTES)
sptr=rkey;
*ptr=*sptr;
}
#endif
if (direction == AES_DECRYPT)
aes_key->nr = rijndaelKeySetupDec(aes_key->rk, rkey, AES_KEY_LENGTH);
else
aes_key->nr = rijndaelKeySetupEnc(aes_key->rk, rkey, AES_KEY_LENGTH);
return 0;
}
void * aes_encrypt_init(const u8 *key, size_t len)
{
u32 *rk;
int res;
rk = malloc(AES_PRIV_SIZE);
if (rk == NULL)
return NULL;
res = rijndaelKeySetupEnc(rk, key, len * 8);
if (res < 0) {
free(rk);
return NULL;
}
rk[AES_PRIV_NR_POS] = res;
return rk;
}
void validate_init()
{
for (int i = 0; i < AES_BLOCK_WORDS; i++) {
aes_input[i] = 0;
}
uint8_t key[AES_KEY_BYTES];
if (!random_bytes(key, AES_KEY_BYTES)) {
log_fatal("validate", "couldn't get random bytes");
}
if (rijndaelKeySetupEnc(aes_sched, key, AES_KEY_BYTES * 8) !=
AES_ROUNDS) {
log_fatal("validate", "couldn't initialize AES key");
}
inited = 1;
}
static void do_test(int keybits, u8 * key,
u8 plain[16], u8 cipher[16],
int testno1, int testno2)
{
u32 ckey[4 * (MAXNR + 1)];
u8 temp[16];
int nr;
int ok;
nr = rijndaelKeySetupEnc(ckey, key, keybits);
rijndaelEncrypt(ckey, nr, plain, temp);
ok = memcmp(temp, cipher, 16) == 0;
printf("Encryption test %d %s\n", testno1, ok ? "passed" : "FAILED");
nr = rijndaelKeySetupDec(ckey, key, keybits);
rijndaelDecrypt(ckey, nr, cipher, temp);
ok = memcmp(temp, plain, 16) == 0;
printf("Decryption test %d %s\n", testno2, ok ? "passed" : "FAILED");
}
int
aes_ctr_setkey(u_int8_t **sched, u_int8_t *key, int len)
{
struct aes_ctr_ctx *ctx;
if (len < AESCTR_NONCESIZE)
return -1;
*sched = kmalloc(sizeof(struct aes_ctr_ctx), M_CRYPTO_DATA,
M_WAITOK | M_ZERO);
ctx = (struct aes_ctr_ctx *)*sched;
ctx->ac_nr = rijndaelKeySetupEnc(ctx->ac_ek, (u_char *)key,
(len - AESCTR_NONCESIZE) * 8);
if (ctx->ac_nr == 0) {
aes_ctr_zerokey(sched);
return -1;
}
bcopy(key + len - AESCTR_NONCESIZE, ctx->ac_block, AESCTR_NONCESIZE);
return 0;
}
int
aes_ctr_setkey(u_int8_t **sched, const u_int8_t *key, int len)
{
struct aes_ctr_ctx *ctx;
if (len < AESCTR_NONCESIZE)
return EINVAL;
ctx = malloc(sizeof(struct aes_ctr_ctx), M_CRYPTO_DATA,
M_NOWAIT|M_ZERO);
if (!ctx)
return ENOMEM;
ctx->ac_nr = rijndaelKeySetupEnc(ctx->ac_ek, (const u_char *)key,
(len - AESCTR_NONCESIZE) * 8);
if (!ctx->ac_nr) { /* wrong key len */
aes_ctr_zerokey((u_int8_t **)&ctx);
return EINVAL;
}
memcpy(ctx->ac_block, key + len - AESCTR_NONCESIZE, AESCTR_NONCESIZE);
/* random start value for simple counter */
cprng_fast(&ctx->ivgenctx.lastiv, sizeof(ctx->ivgenctx.lastiv));
*sched = (void *)ctx;
return 0;
}
void AES_128_KEY_EXPANSION(bst128 userKey,u32 rk[]){
rijndaelKeySetupEnc(rk,userKey.b);
}
int crypto_aead_decrypt(
unsigned char *m,unsigned long long *mlen,
unsigned char *nsec,
const unsigned char *c,unsigned long long clen,
const unsigned char *ad,unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k){
/* declaration of variables */
bst128 checksum;
bst128 kappa;
u32 rkey_enc[56];
u32 rkey_dec[56];/* decryption round keys*/
bst128 sin,sout;
u64 i,j;
u64* mv=(u64*)m;
u64* cv=(u64*)c;
u64* kv=(u64*)k;
u64* npubv=(u64*)npub;
bst128 wout;
bst128 initcounter;
bst128 counter;
u64 kount=clen-TAGLENGTH;
u64 blockclen=(kount/16);/*number of ciphertext full blocks,excluding tag*/
(void) nsec; /*avoid warning*/
if(clen<TAGLENGTH) return -1;
initcounter.s[0]=npubv[0];
initcounter.s[1]=npubv[1];/*initially holds pub msg number*/
sin.s[0]=kv[0];
sin.s[1]=kv[1];/*get user key*/
rijndaelKeySetupEnc(rkey_enc,sin.b);/*expand user key */
/*=========get kappa====== */
rijndaelEncrypt(rkey_enc,initcounter.b,kappa.b);
/*=============get session rkeys and mask=====*/
initcounter=Obtain_sessionrkeys(kappa,rkey_enc);
/*===============================
associated data
=================================*/
checksum=ProcessAD(adlen,ad,rkey_enc,kappa,initcounter);
/*==========================================================
DECRYPT CIPHERTEXT
=======================================================*/
counter=NADD64(kappa,initcounter);
*mlen=clen-TAGLENGTH;
j=0;
if(clen>TAGLENGTH){
/*obtain decryption keys*/
CONVERT2DECKEY(rkey_enc,rkey_dec);
while(j<blockclen){
sin.s[0]=cv[2*j];sin.s[1]=cv[2*j+1];
XORADD(checksum.s,sin,counter);
sout=TAES_DECRYPT(sin,rkey_dec,counter);
XOR128(checksum,sout);
mv[2*j]=sout.s[0];mv[2*j+1]=sout.s[1];
counter=NADD64(counter,initcounter);
j++;
}/*endwhile. */
j=(j<<4);
if(j<kount){ /*last block is partial, then */
sout=PartialBlock(kount,rkey_enc,j,c,m,0,initcounter,counter);
XOR128(checksum,sout);
}/*endif j */
}/*end decryption
==========================
VERIFY TAG
===========================*/
wout=TAG(checksum,adlen,kount,rkey_enc,kappa);
j=0;
/*to avoid side attacks and to try to fool the compiler into not optimizing too much*/
for(i=0;i<TAGLENGTH;i++) {
if(wout.b[i]!=c[kount+i]) j+=2;
else j++;
}
if(j>TAGLENGTH) return -1;
return 0;
}/* ===============END aead decrypt ========================*/
int crypto_aead_encrypt(unsigned char *c,
unsigned long long *clen,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k){
bst128 checksum;
bst128 kappa;
u32 rkey_enc[56];
bst128 sin,sout;/*for single block enc and to process key*/
u64 i,j;
u64 blockmlen=(mlen/16); /*number of plain full blocks*/
u64* mv=(u64*)m;
u64* cv=(u64*)c;
u64* kv=(u64*)k;
u64* npubv=(u64*)npub;
bst128 wout;
bst128 initcounter;
bst128 counter;
(void) nsec; /*avoid warning*/
initcounter.s[0]=npubv[0];
initcounter.s[1]=npubv[1];/*initially holds nonce,later IC*/
sin.s[0]=kv[0];
sin.s[1]=kv[1];/*get user key*/
rijndaelKeySetupEnc(rkey_enc,sin.b);/*expand user key */
/*=========get kappa====== */
rijndaelEncrypt(rkey_enc,initcounter.b,kappa.b);
/*=============get session rkeys and mask=====*/
initcounter=Obtain_sessionrkeys(kappa,rkey_enc);
/*===============================
associated data
=================================*/
checksum=ProcessAD(adlen,ad,rkey_enc,kappa,initcounter);
/*===========================================
ENCRYPT PLAINTEXT
============================================== */
counter=NADD64(kappa,initcounter);
*clen=mlen+TAGLENGTH;
j=0;
if(mlen>0){
while(j<blockmlen){
sin.s[0]=mv[2*j];
sin.s[1]=mv[2*j+1];
XOR128(checksum,sin);
sout=TAES_ENCRYPT(sin,rkey_enc,counter);
cv[2*j]=sout.s[0];
cv[2*j+1]=sout.s[1];
XORADD(checksum.s,sout,counter);
counter=NADD64(counter,initcounter);
j++;
}/*endwhile. Now only a possible partial block exists */
j=(j<<4);
if(j<mlen){ /*last block is partial, then */
sout=PartialBlock(mlen,rkey_enc,j,m,c,1,initcounter,counter);
XOR128(checksum,sout);
}/*endif j<mlen */
}/*endif mlen>0, end encryption */
/*=========================
TAG
===========================*/
wout=TAG(checksum,adlen,mlen,rkey_enc,kappa);
for(i=0;i<TAGLENGTH;i++) c[mlen+i]=wout.b[i];
return 0;
}/*end AEAD encrypt*/
virtual void do_prepare(const TaskData &) override
{
m_ctx.Nr = rijndaelKeySetupEnc(m_ctx.ek, m_key.data(), m_keylen*8);
}
void test_key_speed() {
clock_t start, end;
u64 f_key[84];
u32 aes_rk[60];
u8 mk[32];
int i;
double t;
printf("\n--------Testing key setup times: %d trials--------\n\n", KEY_SETUP_ITER);
// AES-128
start = clock();
for (i = 0; i < KEY_SETUP_ITER; i++)
rijndaelKeySetupEnc(aes_rk, mk, 128);
end = clock();
t = ((double)end - (double)start) / CLOCKS_PER_SEC / KEY_SETUP_ITER;
printf("AES-128 average key setup time: %lf nanoseconds\n", t * 1e9);
#ifdef CLOCK_FREQ
printf("%lf cycles %lf cycles/byte\n\n", CLOCK_FREQ * t, CLOCK_FREQ * t / (RIJNDAEL_BLOCK_SIZE * 11));
#endif
// AES-192
start = clock();
for (i = 0; i < KEY_SETUP_ITER; i++)
rijndaelKeySetupEnc(aes_rk, mk, 192);
end = clock();
t = ((double)end - (double)start) / CLOCKS_PER_SEC / KEY_SETUP_ITER;
printf("AES-192 average key setup time: %lf nanoseconds\n", t * 1e9);
#ifdef CLOCK_FREQ
printf("%lf cycles %lf cycles/byte\n\n", CLOCK_FREQ * t, CLOCK_FREQ * t / (RIJNDAEL_BLOCK_SIZE * 13));
#endif
// AES-256
start = clock();
for (i = 0; i < KEY_SETUP_ITER; i++)
rijndaelKeySetupEnc(aes_rk, mk, 256);
end = clock();
t = ((double)end - (double)start) / CLOCKS_PER_SEC / KEY_SETUP_ITER;
printf("AES-256 average key setup time: %lf nanoseconds\n", t * 1e9);
#ifdef CLOCK_FREQ
printf("%lf cycles %lf cycles/byte\n\n", CLOCK_FREQ * t, CLOCK_FREQ * t / (RIJNDAEL_BLOCK_SIZE * 15));
#endif
// FALCON
start = clock();
for (i = 0; i < KEY_SETUP_ITER; i++)
FALCON_KEY_INIT(f_key, mk, FORMAT_RAW, 256);
end = clock();
t = ((double)end - (double)start) / CLOCKS_PER_SEC / KEY_SETUP_ITER;
printf("%d-round FALCON average key setup time: %lf nanoseconds\n", NR, t * 1e9);
#ifdef CLOCK_FREQ
printf("%lf cycles %lf cycles/byte\n\n", CLOCK_FREQ * t, CLOCK_FREQ * t / (FALCON_BLOCK_SIZE * (NR + 1)));
#endif
}
main() {
static unsigned char key[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
static unsigned char pt[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
unsigned char ct[16];
unsigned char word[4][4];
unsigned int answer[16];
int line[4];
int i, j, k, l, m, a,b,c,d;
unsigned char possibleKeys[256];
/* Inverse S-Box */
unsigned char inv_s[256] =
{
0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
};
/* Array to hold the ciphertext bytes from a run through with 1 key */
unsigned char ct_byte[256];
/* This loop Runs through all 16 bytes of key */
for (i=0; i < 16; i++)
{
/* This loop runs through all 255 possible key entries at key byte i */
for (j=0; j < 256; j++)
{
/* Used for the 0's pt 0's key implementation */
if ((i == 0) && (j == 0))
{
//key[i] = j;
/* first init rijndael for underlying key */
rijndaelKeySetupEnc(rek, (unsigned char *)key, 128);
/* Testing all different plain text values */
for (k=0; k < 256; k++)
{
/* Input 0-255 in the first byte of pt */
pt[i] = (unsigned char)k;
/* Run the Encryption */
rijndaelEncrypt(rek, AES_ROUNDS, pt, ct);
print_hex_string(ct, 16); printf("\n");
/* Pushing the end results back through AES */
/* Invert last round of AES*/
for (l=0; l < 4; l++)
{
invShiftRows(ct,l);
ct = inv_s*ct;
}
/* Creating the rows/words of the ct */
for (a = 0; a < 16; a++)
{
answer[a] = ct[a];
}
printf("%x",answer);
for (l = 0; l < 4; l++)
{
//word[l] = answer ^ 0xff;
}
/* Key Expansion */
for (l = 4; l < 20; l++)
{
if (l % 4 == 0)
{
w[l-4] = invRot(invSub(w[l]) ^ w[l-1] ^ RCON[l/4]);
}
else
{
w[l-4] = w[l] ^ w[l-1];
}
}
/* Store each byte of the crypted output */
ct_byte[k] = ct[i];
}
/* Checking if the ct index is balance => XOR all elements = 0*/
unsigned char sum = 0;
for (k=0; k < 256; k++)
{
printf("%i + %i", sum, ct_byte[k]);
printf("\n");
sum = sum ^ ct_byte[k];
}
printf("%i", sum);
if (sum == 0)
{
possibleKeys[count] = j;
count++;
}
}
}
}
}
int
via_padlock_crypto_newsession(void *arg, uint32_t *sidp, struct cryptoini *cri)
{
struct cryptoini *c;
struct via_padlock_softc *sc = arg;
struct via_padlock_session *ses = NULL;
const struct swcr_auth_hash *axf;
struct swcr_data *swd;
int sesn, i, cw0;
KASSERT(sc != NULL /*, ("via_padlock_crypto_freesession: null softc")*/);
if (sc == NULL || sidp == NULL || cri == NULL)
return (EINVAL);
if (sc->sc_sessions == NULL) {
ses = sc->sc_sessions = malloc(sizeof(*ses), M_DEVBUF,
M_NOWAIT);
if (ses == NULL)
return (ENOMEM);
sesn = 0;
sc->sc_nsessions = 1;
} else {
for (sesn = 0; sesn < sc->sc_nsessions; sesn++) {
if (sc->sc_sessions[sesn].ses_used == 0) {
ses = &sc->sc_sessions[sesn];
break;
}
}
if (ses == NULL) {
sesn = sc->sc_nsessions;
ses = malloc((sesn + 1) * sizeof(*ses), M_DEVBUF,
M_NOWAIT);
if (ses == NULL)
return (ENOMEM);
memcpy(ses, sc->sc_sessions, sesn * sizeof(*ses));
memset(sc->sc_sessions, 0, sesn * sizeof(*ses));
free(sc->sc_sessions, M_DEVBUF);
sc->sc_sessions = ses;
ses = &sc->sc_sessions[sesn];
sc->sc_nsessions++;
}
}
memset(ses, 0, sizeof(*ses));
ses->ses_used = 1;
for (c = cri; c != NULL; c = c->cri_next) {
switch (c->cri_alg) {
case CRYPTO_AES_CBC:
switch (c->cri_klen) {
case 128:
cw0 = C3_CRYPT_CWLO_KEY128;
break;
case 192:
cw0 = C3_CRYPT_CWLO_KEY192;
break;
case 256:
cw0 = C3_CRYPT_CWLO_KEY256;
break;
default:
return (EINVAL);
}
cw0 |= C3_CRYPT_CWLO_ALG_AES |
C3_CRYPT_CWLO_KEYGEN_SW |
C3_CRYPT_CWLO_NORMAL;
#ifdef __NetBSD__
rnd_extract_data(ses->ses_iv, sizeof(ses->ses_iv),
RND_EXTRACT_ANY);
#else
get_random_bytes(ses->ses_iv, sizeof(ses->ses_iv));
#endif
ses->ses_klen = c->cri_klen;
ses->ses_cw0 = cw0;
/* Build expanded keys for both directions */
rijndaelKeySetupEnc(ses->ses_ekey, c->cri_key,
c->cri_klen);
rijndaelKeySetupDec(ses->ses_dkey, c->cri_key,
c->cri_klen);
for (i = 0; i < 4 * (RIJNDAEL_MAXNR + 1); i++) {
ses->ses_ekey[i] = ntohl(ses->ses_ekey[i]);
ses->ses_dkey[i] = ntohl(ses->ses_dkey[i]);
}
break;
/* Use hashing implementations from the cryptosoft code. */
case CRYPTO_MD5_HMAC:
axf = &swcr_auth_hash_hmac_md5;
goto authcommon;
case CRYPTO_MD5_HMAC_96:
axf = &swcr_auth_hash_hmac_md5_96;
goto authcommon;
case CRYPTO_SHA1_HMAC:
axf = &swcr_auth_hash_hmac_sha1;
goto authcommon;
case CRYPTO_SHA1_HMAC_96:
axf = &swcr_auth_hash_hmac_sha1_96;
goto authcommon;
case CRYPTO_RIPEMD160_HMAC:
axf = &swcr_auth_hash_hmac_ripemd_160;
goto authcommon;
case CRYPTO_RIPEMD160_HMAC_96:
axf = &swcr_auth_hash_hmac_ripemd_160_96;
goto authcommon;
case CRYPTO_SHA2_HMAC:
if (cri->cri_klen == 256)
axf = &swcr_auth_hash_hmac_sha2_256;
else if (cri->cri_klen == 384)
axf = &swcr_auth_hash_hmac_sha2_384;
else if (cri->cri_klen == 512)
axf = &swcr_auth_hash_hmac_sha2_512;
else {
return EINVAL;
}
authcommon:
MALLOC(swd, struct swcr_data *,
sizeof(struct swcr_data), M_CRYPTO_DATA,
M_NOWAIT);
if (swd == NULL) {
via_padlock_crypto_freesession(sc, sesn);
return (ENOMEM);
}
memset(swd, 0, sizeof(struct swcr_data));
ses->swd = swd;
swd->sw_ictx = malloc(axf->auth_hash->ctxsize,
M_CRYPTO_DATA, M_NOWAIT);
if (swd->sw_ictx == NULL) {
via_padlock_crypto_freesession(sc, sesn);
return (ENOMEM);
}
swd->sw_octx = malloc(axf->auth_hash->ctxsize,
M_CRYPTO_DATA, M_NOWAIT);
if (swd->sw_octx == NULL) {
via_padlock_crypto_freesession(sc, sesn);
return (ENOMEM);
}
for (i = 0; i < c->cri_klen / 8; i++)
c->cri_key[i] ^= HMAC_IPAD_VAL;
axf->Init(swd->sw_ictx);
axf->Update(swd->sw_ictx, c->cri_key, c->cri_klen / 8);
axf->Update(swd->sw_ictx, hmac_ipad_buffer,
HMAC_BLOCK_LEN - (c->cri_klen / 8));
for (i = 0; i < c->cri_klen / 8; i++)
c->cri_key[i] ^= (HMAC_IPAD_VAL ^
HMAC_OPAD_VAL);
axf->Init(swd->sw_octx);
axf->Update(swd->sw_octx, c->cri_key, c->cri_klen / 8);
axf->Update(swd->sw_octx, hmac_opad_buffer,
HMAC_BLOCK_LEN - (c->cri_klen / 8));
for (i = 0; i < c->cri_klen / 8; i++)
c->cri_key[i] ^= HMAC_OPAD_VAL;
swd->sw_axf = axf;
swd->sw_alg = c->cri_alg;
break;
default:
return (EINVAL);
}
}
*sidp = VIAC3_SID(0, sesn);
return (0);
}
/* aes_wrap: perform AES-based keywrap function defined in RFC3394
* return 0 on success, 1 on error
* input is il bytes
* output is (il+8) bytes
*/
int
BCMROMFN(aes_wrap)(size_t kl, uint8 *key, size_t il, uint8 *input, uint8 *output)
{
uint32 rk[4*(AES_MAXROUNDS+1)];
uint8 A[AES_BLOCK_SZ];
uint8 R[AKW_MAX_WRAP_LEN];
uint8 B[AES_BLOCK_SZ];
int n = (int)(il/AKW_BLOCK_LEN), i, j, k;
/* validate kl (must be valid AES key length) */
if ((kl != 16) && (kl != 24) && (kl != 32)) {
dbg(("aes_wrap: invlaid key length %lu\n", (unsigned long)kl));
return (1);
}
if (il > AKW_MAX_WRAP_LEN) {
dbg(("aes_wrap: input length %lu too large\n", (unsigned long)il));
return (1);
}
if (il % AKW_BLOCK_LEN) {
dbg(("aes_wrap: input length %lu must be a multiple of block length\n",
(unsigned long)il));
return (1);
}
dbg((" Input:\n"));
dbg((" KEK: "));
for (k = 0; k < (int)kl; k++)
dbg(("%02X", key[k]));
dbg(("\n Key Data: "));
for (k = 0; k < (int)il; k++)
dbg(("%02X", input[k]));
dbg(("\n\n Wrap: \n"));
rijndaelKeySetupEnc(rk, key, (int)AES_KEY_BITLEN(kl));
/* Set A = IV */
memcpy(A, aeskeywrapIV, AKW_BLOCK_LEN);
/* For i = 1 to n */
/* R[i] = P[i] */
memcpy(R, input, il);
/* For j = 0 to 5 */
for (j = 0; j < 6; j++) {
/* For i = 1 to n */
for (i = 0; i < n; i++) {
dbg(("\n %d\n", (n*j)+i+1));
pinter(" In ", A, il, R);
/* B = AES(K, A | R[i]) */
memcpy(&A[AKW_BLOCK_LEN], &R[i*AKW_BLOCK_LEN], AKW_BLOCK_LEN);
aes_block_encrypt((int)AES_ROUNDS(kl), rk, A, B);
/* R[i] = LSB(64, B) */
memcpy(&R[i*AKW_BLOCK_LEN], &B[AKW_BLOCK_LEN], AKW_BLOCK_LEN);
/* A = MSB(64, B) ^ t where t = (n*j)+i */
memcpy(&A[0], &B[0], AKW_BLOCK_LEN);
pinter(" Enc ", A, il, R);
A[AKW_BLOCK_LEN-1] ^= ((n*j)+i+1);
pinter(" XorT ", A, il, R);
}
}
/* Set C[0] = A */
memcpy(output, A, AKW_BLOCK_LEN);
/* For i = 1 to n */
/* C[i] = R[i] */
memcpy(&output[AKW_BLOCK_LEN], R, il);
return (0);
}
