Neil Thiessen / AES

A lightweight AES implementation with Cipher Block Chaining and Ciphertext Stealing.

Dependents:   AES_HelloWorld AES_ExtendedTests AESslave_modified_test AESslave_modified_test_27-9-2017 ... more

AES.cpp@0:6132f54fa9e9, 2015-09-04 (annotated)

Committer:
neilt6
Date:
Fri Sep 04 02:03:00 2015 +0000
Revision:
0:6132f54fa9e9
Child:
1:09347d4bc827
Initial commit

Who changed what in which revision?

UserRevisionLine numberNew contents of line
neilt6 0:6132f54fa9e9 1 /* AES Cipher Library
neilt6 0:6132f54fa9e9 2 * Copyright (c) 2015 Neil Thiessen
neilt6 0:6132f54fa9e9 3 *
neilt6 0:6132f54fa9e9 4 * Licensed under the Apache License, Version 2.0 (the "License");
neilt6 0:6132f54fa9e9 5 * you may not use this file except in compliance with the License.
neilt6 0:6132f54fa9e9 6 * You may obtain a copy of the License at
neilt6 0:6132f54fa9e9 7 *
neilt6 0:6132f54fa9e9 8 * http://www.apache.org/licenses/LICENSE-2.0
neilt6 0:6132f54fa9e9 9 *
neilt6 0:6132f54fa9e9 10 * Unless required by applicable law or agreed to in writing, software
neilt6 0:6132f54fa9e9 11 * distributed under the License is distributed on an "AS IS" BASIS,
neilt6 0:6132f54fa9e9 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
neilt6 0:6132f54fa9e9 13 * See the License for the specific language governing permissions and
neilt6 0:6132f54fa9e9 14 * limitations under the License.
neilt6 0:6132f54fa9e9 15 */
neilt6 0:6132f54fa9e9 16
neilt6 0:6132f54fa9e9 17 #include "AES.h"
neilt6 0:6132f54fa9e9 18
neilt6 0:6132f54fa9e9 19 const char AES::m_Sbox[256] = {
neilt6 0:6132f54fa9e9 20 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
neilt6 0:6132f54fa9e9 21 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
neilt6 0:6132f54fa9e9 22 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
neilt6 0:6132f54fa9e9 23 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
neilt6 0:6132f54fa9e9 24 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
neilt6 0:6132f54fa9e9 25 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
neilt6 0:6132f54fa9e9 26 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
neilt6 0:6132f54fa9e9 27 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
neilt6 0:6132f54fa9e9 28 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
neilt6 0:6132f54fa9e9 29 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
neilt6 0:6132f54fa9e9 30 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
neilt6 0:6132f54fa9e9 31 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
neilt6 0:6132f54fa9e9 32 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
neilt6 0:6132f54fa9e9 33 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
neilt6 0:6132f54fa9e9 34 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
neilt6 0:6132f54fa9e9 35 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
neilt6 0:6132f54fa9e9 36 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
neilt6 0:6132f54fa9e9 37 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
neilt6 0:6132f54fa9e9 38 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
neilt6 0:6132f54fa9e9 39 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
neilt6 0:6132f54fa9e9 40 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
neilt6 0:6132f54fa9e9 41 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
neilt6 0:6132f54fa9e9 42 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
neilt6 0:6132f54fa9e9 43 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
neilt6 0:6132f54fa9e9 44 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
neilt6 0:6132f54fa9e9 45 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
neilt6 0:6132f54fa9e9 46 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
neilt6 0:6132f54fa9e9 47 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
neilt6 0:6132f54fa9e9 48 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
neilt6 0:6132f54fa9e9 49 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
neilt6 0:6132f54fa9e9 50 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
neilt6 0:6132f54fa9e9 51 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
neilt6 0:6132f54fa9e9 52 };
neilt6 0:6132f54fa9e9 53
neilt6 0:6132f54fa9e9 54 const char AES::m_InvSbox[256] = {
neilt6 0:6132f54fa9e9 55 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
neilt6 0:6132f54fa9e9 56 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
neilt6 0:6132f54fa9e9 57 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
neilt6 0:6132f54fa9e9 58 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
neilt6 0:6132f54fa9e9 59 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D,
neilt6 0:6132f54fa9e9 60 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
neilt6 0:6132f54fa9e9 61 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2,
neilt6 0:6132f54fa9e9 62 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
neilt6 0:6132f54fa9e9 63 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
neilt6 0:6132f54fa9e9 64 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
neilt6 0:6132f54fa9e9 65 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA,
neilt6 0:6132f54fa9e9 66 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
neilt6 0:6132f54fa9e9 67 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A,
neilt6 0:6132f54fa9e9 68 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
neilt6 0:6132f54fa9e9 69 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
neilt6 0:6132f54fa9e9 70 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
neilt6 0:6132f54fa9e9 71 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA,
neilt6 0:6132f54fa9e9 72 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
neilt6 0:6132f54fa9e9 73 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85,
neilt6 0:6132f54fa9e9 74 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
neilt6 0:6132f54fa9e9 75 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
neilt6 0:6132f54fa9e9 76 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
neilt6 0:6132f54fa9e9 77 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20,
neilt6 0:6132f54fa9e9 78 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
neilt6 0:6132f54fa9e9 79 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31,
neilt6 0:6132f54fa9e9 80 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
neilt6 0:6132f54fa9e9 81 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
neilt6 0:6132f54fa9e9 82 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
neilt6 0:6132f54fa9e9 83 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0,
neilt6 0:6132f54fa9e9 84 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
neilt6 0:6132f54fa9e9 85 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
neilt6 0:6132f54fa9e9 86 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
neilt6 0:6132f54fa9e9 87 };
neilt6 0:6132f54fa9e9 88
neilt6 0:6132f54fa9e9 89 const unsigned int AES::m_Rcon[10] = {
neilt6 0:6132f54fa9e9 90 0x01000000, 0x02000000, 0x04000000, 0x08000000,
neilt6 0:6132f54fa9e9 91 0x10000000, 0x20000000, 0x40000000, 0x80000000,
neilt6 0:6132f54fa9e9 92 0x1B000000, 0x36000000
neilt6 0:6132f54fa9e9 93 };
neilt6 0:6132f54fa9e9 94
neilt6 0:6132f54fa9e9 95 AES::AES()
neilt6 0:6132f54fa9e9 96 {
neilt6 0:6132f54fa9e9 97 //Initialize the member variables to default values
neilt6 0:6132f54fa9e9 98 m_CipherMode = MODE_ECB;
neilt6 0:6132f54fa9e9 99 m_Rounds = 0;
neilt6 0:6132f54fa9e9 100 clear();
neilt6 0:6132f54fa9e9 101 }
neilt6 0:6132f54fa9e9 102
neilt6 0:6132f54fa9e9 103 AES::AES(const char* key, KeySize keySize, CipherMode mode, const char* iv)
neilt6 0:6132f54fa9e9 104 {
neilt6 0:6132f54fa9e9 105 //Set up the cipher with the specified parameters
neilt6 0:6132f54fa9e9 106 setup(key, keySize, mode, iv);
neilt6 0:6132f54fa9e9 107 }
neilt6 0:6132f54fa9e9 108
neilt6 0:6132f54fa9e9 109 AES::~AES()
neilt6 0:6132f54fa9e9 110 {
neilt6 0:6132f54fa9e9 111 //Erase any sensitive information
neilt6 0:6132f54fa9e9 112 clear();
neilt6 0:6132f54fa9e9 113 }
neilt6 0:6132f54fa9e9 114
neilt6 0:6132f54fa9e9 115 void AES::setup(const char* key, KeySize keySize, CipherMode mode, const char* iv)
neilt6 0:6132f54fa9e9 116 {
neilt6 0:6132f54fa9e9 117 //Set the cipher mode
neilt6 0:6132f54fa9e9 118 m_CipherMode = mode;
neilt6 0:6132f54fa9e9 119
neilt6 0:6132f54fa9e9 120 //Determine the number of rounds from the key size
neilt6 0:6132f54fa9e9 121 m_Rounds = (int)keySize + 6;
neilt6 0:6132f54fa9e9 122
neilt6 0:6132f54fa9e9 123 //Check if the key pointer is NULL
neilt6 0:6132f54fa9e9 124 if (key == NULL) {
neilt6 0:6132f54fa9e9 125 //Set a blank key
neilt6 0:6132f54fa9e9 126 memset(m_Key, 0, sizeof(m_Key));
neilt6 0:6132f54fa9e9 127 } else {
neilt6 0:6132f54fa9e9 128 //Expand the key
neilt6 0:6132f54fa9e9 129 expandKey(key, keySize);
neilt6 0:6132f54fa9e9 130 }
neilt6 0:6132f54fa9e9 131
neilt6 0:6132f54fa9e9 132 //Check if the initialization vector pointer is NULL
neilt6 0:6132f54fa9e9 133 if (iv == NULL) {
neilt6 0:6132f54fa9e9 134 //Set a blank initialization vector
neilt6 0:6132f54fa9e9 135 memset(m_CarryVector, 0, 16);
neilt6 0:6132f54fa9e9 136 } else {
neilt6 0:6132f54fa9e9 137 //Copy the initialization vector to the carry vector
neilt6 0:6132f54fa9e9 138 memcpy(m_CarryVector, iv, 16);
neilt6 0:6132f54fa9e9 139 }
neilt6 0:6132f54fa9e9 140 }
neilt6 0:6132f54fa9e9 141
neilt6 0:6132f54fa9e9 142 void AES::encrypt(void* data, size_t length)
neilt6 0:6132f54fa9e9 143 {
neilt6 0:6132f54fa9e9 144 //Encrypt the specified data in-place
neilt6 0:6132f54fa9e9 145 encrypt(data, (char*)data, length);
neilt6 0:6132f54fa9e9 146 }
neilt6 0:6132f54fa9e9 147
neilt6 0:6132f54fa9e9 148 void AES::encrypt(const void* src, char* dest, size_t length)
neilt6 0:6132f54fa9e9 149 {
neilt6 0:6132f54fa9e9 150 //Convert the source pointer for byte access
neilt6 0:6132f54fa9e9 151 const char* srcBytes = (const char*)src;
neilt6 0:6132f54fa9e9 152
neilt6 0:6132f54fa9e9 153 //Check if the length is less than 1 block
neilt6 0:6132f54fa9e9 154 if (length > 0 && length < 16) {
neilt6 0:6132f54fa9e9 155 //Copy the partial source block to the state array
neilt6 0:6132f54fa9e9 156 memcpy(m_State, srcBytes, length);
neilt6 0:6132f54fa9e9 157
neilt6 0:6132f54fa9e9 158 //Pad the state array with zeroes
neilt6 0:6132f54fa9e9 159 memset(m_State + length, 0, 16 - length);
neilt6 0:6132f54fa9e9 160
neilt6 0:6132f54fa9e9 161 //Perform CBC pre-processing if necessary
neilt6 0:6132f54fa9e9 162 if (m_CipherMode == MODE_CBC) {
neilt6 0:6132f54fa9e9 163 //XOR the state array with the carry vector
neilt6 0:6132f54fa9e9 164 for (int i = 0; i < 16; i++)
neilt6 0:6132f54fa9e9 165 m_State[i] = m_State[i] ^ m_CarryVector[i];
neilt6 0:6132f54fa9e9 166 }
neilt6 0:6132f54fa9e9 167
neilt6 0:6132f54fa9e9 168 //Encrypt the state array
neilt6 0:6132f54fa9e9 169 aesEncrypt();
neilt6 0:6132f54fa9e9 170
neilt6 0:6132f54fa9e9 171 //Perform CBC post-processing if necessary
neilt6 0:6132f54fa9e9 172 if (m_CipherMode == MODE_CBC) {
neilt6 0:6132f54fa9e9 173 //Save the state array as the next carry vector
neilt6 0:6132f54fa9e9 174 memcpy(m_CarryVector, m_State, 16);
neilt6 0:6132f54fa9e9 175 }
neilt6 0:6132f54fa9e9 176
neilt6 0:6132f54fa9e9 177 //Copy the state array to the destination block
neilt6 0:6132f54fa9e9 178 memcpy(dest, m_State, 16);
neilt6 0:6132f54fa9e9 179 return;
neilt6 0:6132f54fa9e9 180 }
neilt6 0:6132f54fa9e9 181
neilt6 0:6132f54fa9e9 182 //Encrypt all of the data
neilt6 0:6132f54fa9e9 183 while (length > 0) {
neilt6 0:6132f54fa9e9 184 //Copy the next source block to the state array
neilt6 0:6132f54fa9e9 185 memcpy(m_State, srcBytes, 16);
neilt6 0:6132f54fa9e9 186 srcBytes += 16;
neilt6 0:6132f54fa9e9 187 length -= 16;
neilt6 0:6132f54fa9e9 188
neilt6 0:6132f54fa9e9 189 //Perform CBC pre-processing if necessary
neilt6 0:6132f54fa9e9 190 if (m_CipherMode == MODE_CBC) {
neilt6 0:6132f54fa9e9 191 //XOR the state array with the carry vector
neilt6 0:6132f54fa9e9 192 for (int i = 0; i < 16; i++)
neilt6 0:6132f54fa9e9 193 m_State[i] = m_State[i] ^ m_CarryVector[i];
neilt6 0:6132f54fa9e9 194 }
neilt6 0:6132f54fa9e9 195
neilt6 0:6132f54fa9e9 196 //Encrypt the state array
neilt6 0:6132f54fa9e9 197 aesEncrypt();
neilt6 0:6132f54fa9e9 198
neilt6 0:6132f54fa9e9 199 //Perform CBC post-processing if necessary
neilt6 0:6132f54fa9e9 200 if (m_CipherMode == MODE_CBC) {
neilt6 0:6132f54fa9e9 201 //Save the state array as the next carry vector
neilt6 0:6132f54fa9e9 202 memcpy(m_CarryVector, m_State, 16);
neilt6 0:6132f54fa9e9 203 }
neilt6 0:6132f54fa9e9 204
neilt6 0:6132f54fa9e9 205 //Perform ciphertext stealing if the next block is a partial block
neilt6 0:6132f54fa9e9 206 if (length > 0 && length < 16) {
neilt6 0:6132f54fa9e9 207 //Copy the last partial source block to a temporary buffer (in case of in-place encryption)
neilt6 0:6132f54fa9e9 208 char temp[length];
neilt6 0:6132f54fa9e9 209 memcpy(temp, srcBytes, length);
neilt6 0:6132f54fa9e9 210
neilt6 0:6132f54fa9e9 211 //Copy the leading bytes of the state array to the last partial destination block
neilt6 0:6132f54fa9e9 212 memcpy(dest + 16, m_State, length);
neilt6 0:6132f54fa9e9 213
neilt6 0:6132f54fa9e9 214 //Copy the temporary buffer to the state array
neilt6 0:6132f54fa9e9 215 memcpy(m_State, temp, length);
neilt6 0:6132f54fa9e9 216
neilt6 0:6132f54fa9e9 217 //Perform CBC processing if necessary
neilt6 0:6132f54fa9e9 218 if (m_CipherMode == MODE_CBC) {
neilt6 0:6132f54fa9e9 219 //Pad the state array with zeroes
neilt6 0:6132f54fa9e9 220 memset(m_State + length, 0, 16 - length);
neilt6 0:6132f54fa9e9 221
neilt6 0:6132f54fa9e9 222 //XOR the state array with the carry vector
neilt6 0:6132f54fa9e9 223 for (int i = 0; i < 16; i++)
neilt6 0:6132f54fa9e9 224 m_State[i] = m_State[i] ^ m_CarryVector[i];
neilt6 0:6132f54fa9e9 225 }
neilt6 0:6132f54fa9e9 226
neilt6 0:6132f54fa9e9 227 //Encrypt the state array
neilt6 0:6132f54fa9e9 228 aesEncrypt();
neilt6 0:6132f54fa9e9 229 length = 0;
neilt6 0:6132f54fa9e9 230 }
neilt6 0:6132f54fa9e9 231
neilt6 0:6132f54fa9e9 232 //Copy the state array to the destination block
neilt6 0:6132f54fa9e9 233 memcpy(dest, m_State, 16);
neilt6 0:6132f54fa9e9 234 dest += 16;
neilt6 0:6132f54fa9e9 235 }
neilt6 0:6132f54fa9e9 236 }
neilt6 0:6132f54fa9e9 237
neilt6 0:6132f54fa9e9 238 void AES::decrypt(void* data, size_t length)
neilt6 0:6132f54fa9e9 239 {
neilt6 0:6132f54fa9e9 240 //Decrypt the specified data in-place
neilt6 0:6132f54fa9e9 241 decrypt((const char*)data, data, length);
neilt6 0:6132f54fa9e9 242 }
neilt6 0:6132f54fa9e9 243
neilt6 0:6132f54fa9e9 244 void AES::decrypt(const char* src, void* dest, size_t length)
neilt6 0:6132f54fa9e9 245 {
neilt6 0:6132f54fa9e9 246 //Convert the destination pointer for byte access
neilt6 0:6132f54fa9e9 247 char* destBytes = (char*)dest;
neilt6 0:6132f54fa9e9 248
neilt6 0:6132f54fa9e9 249 //Check if the length is less than 1 block
neilt6 0:6132f54fa9e9 250 if (length > 0 && length < 16) {
neilt6 0:6132f54fa9e9 251 //Copy the complete source block to the state array
neilt6 0:6132f54fa9e9 252 memcpy(m_State, src, 16);
neilt6 0:6132f54fa9e9 253
neilt6 0:6132f54fa9e9 254 //Decrypt the state array
neilt6 0:6132f54fa9e9 255 aesDecrypt();
neilt6 0:6132f54fa9e9 256
neilt6 0:6132f54fa9e9 257 //Perform CBC processing if necessary
neilt6 0:6132f54fa9e9 258 if (m_CipherMode == MODE_CBC) {
neilt6 0:6132f54fa9e9 259 //XOR the state array with the carry vector
neilt6 0:6132f54fa9e9 260 for (int i = 0; i < 16; i++)
neilt6 0:6132f54fa9e9 261 m_State[i] = m_State[i] ^ m_CarryVector[i];
neilt6 0:6132f54fa9e9 262
neilt6 0:6132f54fa9e9 263 //Save the source block as the next carry vector
neilt6 0:6132f54fa9e9 264 memcpy(m_CarryVector, src, 16);
neilt6 0:6132f54fa9e9 265 }
neilt6 0:6132f54fa9e9 266
neilt6 0:6132f54fa9e9 267 //Copy the leading bytes of the state array to the destination block
neilt6 0:6132f54fa9e9 268 memcpy(destBytes, m_State, length);
neilt6 0:6132f54fa9e9 269 return;
neilt6 0:6132f54fa9e9 270 }
neilt6 0:6132f54fa9e9 271
neilt6 0:6132f54fa9e9 272 //Encrypt all of the data
neilt6 0:6132f54fa9e9 273 while (length > 0) {
neilt6 0:6132f54fa9e9 274 //Copy the next source block to the state array
neilt6 0:6132f54fa9e9 275 memcpy(m_State, src, 16);
neilt6 0:6132f54fa9e9 276 src += 16;
neilt6 0:6132f54fa9e9 277 length -= 16;
neilt6 0:6132f54fa9e9 278
neilt6 0:6132f54fa9e9 279 //Decrypt the state array
neilt6 0:6132f54fa9e9 280 aesDecrypt();
neilt6 0:6132f54fa9e9 281
neilt6 0:6132f54fa9e9 282 //Reverse ciphertext stealing if the next block is a partial block
neilt6 0:6132f54fa9e9 283 if (length > 0 && length < 16) {
neilt6 0:6132f54fa9e9 284 //Perform CBC processing if necessary
neilt6 0:6132f54fa9e9 285 if (m_CipherMode == MODE_CBC) {
neilt6 0:6132f54fa9e9 286 //XOR the state array with the last partial source block
neilt6 0:6132f54fa9e9 287 for (int i = 0; i < length; i++)
neilt6 0:6132f54fa9e9 288 m_State[i] = m_State[i] ^ src[i];
neilt6 0:6132f54fa9e9 289 }
neilt6 0:6132f54fa9e9 290
neilt6 0:6132f54fa9e9 291 //Copy the last partial source block to a temporary buffer (in case of in-place decryption)
neilt6 0:6132f54fa9e9 292 char temp[length];
neilt6 0:6132f54fa9e9 293 memcpy(temp, src, length);
neilt6 0:6132f54fa9e9 294
neilt6 0:6132f54fa9e9 295 //Copy the leading bytes of the state array to the last partial destination block
neilt6 0:6132f54fa9e9 296 memcpy(destBytes + 16, m_State, length);
neilt6 0:6132f54fa9e9 297
neilt6 0:6132f54fa9e9 298 //Copy the temporary buffer to the state array
neilt6 0:6132f54fa9e9 299 memcpy(m_State, temp, length);
neilt6 0:6132f54fa9e9 300
neilt6 0:6132f54fa9e9 301 //Decrypt the state array
neilt6 0:6132f54fa9e9 302 aesDecrypt();
neilt6 0:6132f54fa9e9 303 length = 0;
neilt6 0:6132f54fa9e9 304 }
neilt6 0:6132f54fa9e9 305
neilt6 0:6132f54fa9e9 306 //Perform CBC processing if necessary
neilt6 0:6132f54fa9e9 307 if (m_CipherMode == MODE_CBC) {
neilt6 0:6132f54fa9e9 308 //XOR the state array with the carry vector
neilt6 0:6132f54fa9e9 309 for (int i = 0; i < 16; i++)
neilt6 0:6132f54fa9e9 310 m_State[i] = m_State[i] ^ m_CarryVector[i];
neilt6 0:6132f54fa9e9 311
neilt6 0:6132f54fa9e9 312 //Save the source block as the next carry vector
neilt6 0:6132f54fa9e9 313 memcpy(m_CarryVector, src - 16, 16);
neilt6 0:6132f54fa9e9 314 }
neilt6 0:6132f54fa9e9 315
neilt6 0:6132f54fa9e9 316 //Copy the state array to the destination block
neilt6 0:6132f54fa9e9 317 memcpy(destBytes, m_State, 16);
neilt6 0:6132f54fa9e9 318 destBytes += 16;
neilt6 0:6132f54fa9e9 319 }
neilt6 0:6132f54fa9e9 320 }
neilt6 0:6132f54fa9e9 321
neilt6 0:6132f54fa9e9 322 void AES::clear()
neilt6 0:6132f54fa9e9 323 {
neilt6 0:6132f54fa9e9 324 //Erase the key, state array, and carry vector
neilt6 0:6132f54fa9e9 325 memset(m_Key, 0, sizeof(m_Key));
neilt6 0:6132f54fa9e9 326 memset(m_State, 0, sizeof(m_State));
neilt6 0:6132f54fa9e9 327 memset(m_CarryVector, 0, sizeof(m_CarryVector));
neilt6 0:6132f54fa9e9 328 }
neilt6 0:6132f54fa9e9 329
neilt6 0:6132f54fa9e9 330 void AES::aesEncrypt()
neilt6 0:6132f54fa9e9 331 {
neilt6 0:6132f54fa9e9 332 addRoundKey(0);
neilt6 0:6132f54fa9e9 333 for (int r = 1; r < m_Rounds; r++) {
neilt6 0:6132f54fa9e9 334 subBytes();
neilt6 0:6132f54fa9e9 335 shiftRows();
neilt6 0:6132f54fa9e9 336 mixColumns();
neilt6 0:6132f54fa9e9 337 addRoundKey(r);
neilt6 0:6132f54fa9e9 338 }
neilt6 0:6132f54fa9e9 339 subBytes();
neilt6 0:6132f54fa9e9 340 shiftRows();
neilt6 0:6132f54fa9e9 341 addRoundKey(m_Rounds);
neilt6 0:6132f54fa9e9 342 }
neilt6 0:6132f54fa9e9 343
neilt6 0:6132f54fa9e9 344 void AES::aesDecrypt()
neilt6 0:6132f54fa9e9 345 {
neilt6 0:6132f54fa9e9 346 addRoundKey(m_Rounds);
neilt6 0:6132f54fa9e9 347 for (int r = m_Rounds - 1; r > 0; r--) {
neilt6 0:6132f54fa9e9 348 invShiftRows();
neilt6 0:6132f54fa9e9 349 invSubBytes();
neilt6 0:6132f54fa9e9 350 addRoundKey(r);
neilt6 0:6132f54fa9e9 351 invMixColumns();
neilt6 0:6132f54fa9e9 352 }
neilt6 0:6132f54fa9e9 353 invShiftRows();
neilt6 0:6132f54fa9e9 354 invSubBytes();
neilt6 0:6132f54fa9e9 355 addRoundKey(0);
neilt6 0:6132f54fa9e9 356 }
neilt6 0:6132f54fa9e9 357
neilt6 0:6132f54fa9e9 358 void AES::expandKey(const char* key, int nk)
neilt6 0:6132f54fa9e9 359 {
neilt6 0:6132f54fa9e9 360 unsigned int temp;
neilt6 0:6132f54fa9e9 361 int i = 0;
neilt6 0:6132f54fa9e9 362
neilt6 0:6132f54fa9e9 363 while(i < nk) {
neilt6 0:6132f54fa9e9 364 m_Key[i] = (key[4*i] << 24) + (key[4*i+1] << 16) + (key[4*i+2] << 8) + key[4*i+3];
neilt6 0:6132f54fa9e9 365 i++;
neilt6 0:6132f54fa9e9 366 }
neilt6 0:6132f54fa9e9 367 i = nk;
neilt6 0:6132f54fa9e9 368 while(i < 4*(m_Rounds+1)) {
neilt6 0:6132f54fa9e9 369 temp = m_Key[i-1];
neilt6 0:6132f54fa9e9 370 if(i % nk == 0)
neilt6 0:6132f54fa9e9 371 temp = subWord(rotWord(temp)) ^ m_Rcon[i/nk-1];
neilt6 0:6132f54fa9e9 372 else if(nk > 6 && i % nk == 4)
neilt6 0:6132f54fa9e9 373 temp = subWord(temp);
neilt6 0:6132f54fa9e9 374 m_Key[i] = m_Key[i-nk] ^ temp;
neilt6 0:6132f54fa9e9 375 i++;
neilt6 0:6132f54fa9e9 376 }
neilt6 0:6132f54fa9e9 377 }
neilt6 0:6132f54fa9e9 378
neilt6 0:6132f54fa9e9 379 unsigned int AES::rotWord(unsigned int w)
neilt6 0:6132f54fa9e9 380 {
neilt6 0:6132f54fa9e9 381 return (w << 8) + (w >> 24);
neilt6 0:6132f54fa9e9 382 }
neilt6 0:6132f54fa9e9 383
neilt6 0:6132f54fa9e9 384 unsigned int AES::invRotWord(unsigned int w)
neilt6 0:6132f54fa9e9 385 {
neilt6 0:6132f54fa9e9 386 return (w >> 8) + (w << 24);
neilt6 0:6132f54fa9e9 387 }
neilt6 0:6132f54fa9e9 388
neilt6 0:6132f54fa9e9 389 unsigned int AES::subWord(unsigned int w)
neilt6 0:6132f54fa9e9 390 {
neilt6 0:6132f54fa9e9 391 unsigned int out = 0;
neilt6 0:6132f54fa9e9 392 for(int i = 0; i < 4; ++i) {
neilt6 0:6132f54fa9e9 393 char temp = (w & 0xFF);
neilt6 0:6132f54fa9e9 394 out |= (m_Sbox[temp] << (8*i));
neilt6 0:6132f54fa9e9 395 w = (w >> 8);
neilt6 0:6132f54fa9e9 396 }
neilt6 0:6132f54fa9e9 397 return out;
neilt6 0:6132f54fa9e9 398 }
neilt6 0:6132f54fa9e9 399
neilt6 0:6132f54fa9e9 400 void AES::subBytes()
neilt6 0:6132f54fa9e9 401 {
neilt6 0:6132f54fa9e9 402 for(int i = 0; i < 16; ++i)
neilt6 0:6132f54fa9e9 403 m_State[i] = m_Sbox[m_State[i]];
neilt6 0:6132f54fa9e9 404 }
neilt6 0:6132f54fa9e9 405
neilt6 0:6132f54fa9e9 406 void AES::invSubBytes()
neilt6 0:6132f54fa9e9 407 {
neilt6 0:6132f54fa9e9 408 for(int i = 0; i < 16; ++i)
neilt6 0:6132f54fa9e9 409 m_State[i] = m_InvSbox[m_State[i]];
neilt6 0:6132f54fa9e9 410 }
neilt6 0:6132f54fa9e9 411
neilt6 0:6132f54fa9e9 412 void AES::shiftRows()
neilt6 0:6132f54fa9e9 413 {
neilt6 0:6132f54fa9e9 414 for(int r = 0; r < 4; ++r) {
neilt6 0:6132f54fa9e9 415 unsigned int temp = (m_State[r] << 24) + (m_State[r+4] << 16) + (m_State[r+8] << 8) + m_State[r+12];
neilt6 0:6132f54fa9e9 416 int i = r;
neilt6 0:6132f54fa9e9 417 while(i > 0) {
neilt6 0:6132f54fa9e9 418 temp = rotWord(temp);
neilt6 0:6132f54fa9e9 419 --i;
neilt6 0:6132f54fa9e9 420 }
neilt6 0:6132f54fa9e9 421 m_State[r] = temp >> 24;
neilt6 0:6132f54fa9e9 422 m_State[r+4] = temp >> 16;
neilt6 0:6132f54fa9e9 423 m_State[r+8] = temp >> 8;
neilt6 0:6132f54fa9e9 424 m_State[r+12] = temp;
neilt6 0:6132f54fa9e9 425 }
neilt6 0:6132f54fa9e9 426 }
neilt6 0:6132f54fa9e9 427
neilt6 0:6132f54fa9e9 428 void AES::invShiftRows()
neilt6 0:6132f54fa9e9 429 {
neilt6 0:6132f54fa9e9 430 for(int r = 0; r < 4; ++r) {
neilt6 0:6132f54fa9e9 431 unsigned int temp = (m_State[r] << 24) + (m_State[r+4] << 16) + (m_State[r+8] << 8) + m_State[r+12];
neilt6 0:6132f54fa9e9 432 int i = r;
neilt6 0:6132f54fa9e9 433 while(i > 0) {
neilt6 0:6132f54fa9e9 434 temp = invRotWord(temp);
neilt6 0:6132f54fa9e9 435 --i;
neilt6 0:6132f54fa9e9 436 }
neilt6 0:6132f54fa9e9 437 m_State[r] = temp >> 24;
neilt6 0:6132f54fa9e9 438 m_State[r+4] = temp >> 16;
neilt6 0:6132f54fa9e9 439 m_State[r+8] = temp >> 8;
neilt6 0:6132f54fa9e9 440 m_State[r+12] = temp;
neilt6 0:6132f54fa9e9 441 }
neilt6 0:6132f54fa9e9 442 }
neilt6 0:6132f54fa9e9 443
neilt6 0:6132f54fa9e9 444 char AES::gmul(char a, char b)
neilt6 0:6132f54fa9e9 445 {
neilt6 0:6132f54fa9e9 446 char p = 0;
neilt6 0:6132f54fa9e9 447 char counter;
neilt6 0:6132f54fa9e9 448 char carry;
neilt6 0:6132f54fa9e9 449 for (counter = 0; counter < 8; counter++) {
neilt6 0:6132f54fa9e9 450 if (b & 1)
neilt6 0:6132f54fa9e9 451 p ^= a;
neilt6 0:6132f54fa9e9 452 carry = (a & 0x80);
neilt6 0:6132f54fa9e9 453 a <<= 1;
neilt6 0:6132f54fa9e9 454 if (carry)
neilt6 0:6132f54fa9e9 455 a ^= 0x001B;
neilt6 0:6132f54fa9e9 456 b >>= 1;
neilt6 0:6132f54fa9e9 457 }
neilt6 0:6132f54fa9e9 458 return p;
neilt6 0:6132f54fa9e9 459 }
neilt6 0:6132f54fa9e9 460
neilt6 0:6132f54fa9e9 461 void AES::mul(char* r)
neilt6 0:6132f54fa9e9 462 {
neilt6 0:6132f54fa9e9 463 char tmp[4] = {};
neilt6 0:6132f54fa9e9 464 memcpy(tmp, r, 4);
neilt6 0:6132f54fa9e9 465 r[0] = gmul(tmp[0],2) ^ gmul(tmp[1],3) ^ tmp[2] ^ tmp[3];
neilt6 0:6132f54fa9e9 466 r[1] = tmp[0] ^ gmul(tmp[1],2) ^ gmul(tmp[2],3) ^ tmp[3];
neilt6 0:6132f54fa9e9 467 r[2] = tmp[0] ^ tmp[1] ^ gmul(tmp[2],2) ^ gmul(tmp[3],3);
neilt6 0:6132f54fa9e9 468 r[3] = gmul(tmp[0],3) ^ tmp[1] ^ tmp[2] ^ gmul(tmp[3],2);
neilt6 0:6132f54fa9e9 469 }
neilt6 0:6132f54fa9e9 470
neilt6 0:6132f54fa9e9 471 void AES::invMul(char* r)
neilt6 0:6132f54fa9e9 472 {
neilt6 0:6132f54fa9e9 473 char tmp[4] = {};
neilt6 0:6132f54fa9e9 474 memcpy(tmp, r, 4);
neilt6 0:6132f54fa9e9 475 r[0] = gmul(tmp[0],0x0e) ^ gmul(tmp[1],0x0b) ^ gmul(tmp[2],0x0d) ^ gmul(tmp[3],9);
neilt6 0:6132f54fa9e9 476 r[1] = gmul(tmp[0],9) ^ gmul(tmp[1],0x0e) ^ gmul(tmp[2],0x0b) ^ gmul(tmp[3],0x0d);
neilt6 0:6132f54fa9e9 477 r[2] = gmul(tmp[0],0x0d) ^ gmul(tmp[1],9) ^ gmul(tmp[2],0x0e) ^ gmul(tmp[3],0x0b);
neilt6 0:6132f54fa9e9 478 r[3] = gmul(tmp[0],0x0b) ^ gmul(tmp[1],0x0d) ^ gmul(tmp[2],9) ^ gmul(tmp[3],0x0e);
neilt6 0:6132f54fa9e9 479 }
neilt6 0:6132f54fa9e9 480
neilt6 0:6132f54fa9e9 481 void AES::mixColumns()
neilt6 0:6132f54fa9e9 482 {
neilt6 0:6132f54fa9e9 483 for(int c = 0; c < 4; ++c)
neilt6 0:6132f54fa9e9 484 mul(&m_State[4*c]);
neilt6 0:6132f54fa9e9 485 }
neilt6 0:6132f54fa9e9 486
neilt6 0:6132f54fa9e9 487 void AES::invMixColumns()
neilt6 0:6132f54fa9e9 488 {
neilt6 0:6132f54fa9e9 489 for(int c = 0; c < 4; ++c)
neilt6 0:6132f54fa9e9 490 invMul(&m_State[4*c]);
neilt6 0:6132f54fa9e9 491 }
neilt6 0:6132f54fa9e9 492
neilt6 0:6132f54fa9e9 493 void AES::addRoundKey(int round)
neilt6 0:6132f54fa9e9 494 {
neilt6 0:6132f54fa9e9 495 for(int c = 0; c < 4; ++c) {
neilt6 0:6132f54fa9e9 496 unsigned int temp = (m_State[4*c] << 24) + (m_State[4*c+1] << 16) + (m_State[4*c+2] << 8) + m_State[4*c+3];
neilt6 0:6132f54fa9e9 497 temp ^= m_Key[round*4+c];
neilt6 0:6132f54fa9e9 498 m_State[4*c] = temp >> 24;
neilt6 0:6132f54fa9e9 499 m_State[4*c+1] = temp >> 16;
neilt6 0:6132f54fa9e9 500 m_State[4*c+2] = temp >> 8;
neilt6 0:6132f54fa9e9 501 m_State[4*c+3] = temp;
neilt6 0:6132f54fa9e9 502 }
neilt6 0:6132f54fa9e9 503 }