ArduinoLibs
 All Classes Files Functions Variables Typedefs Enumerations Enumerator Friends Groups Pages
AES128.cpp
1 /*
2  * Copyright (C) 2015,2018 Southern Storm Software, Pty Ltd.
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining a
5  * copy of this software and associated documentation files (the "Software"),
6  * to deal in the Software without restriction, including without limitation
7  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8  * and/or sell copies of the Software, and to permit persons to whom the
9  * Software is furnished to do so, subject to the following conditions:
10  *
11  * The above copyright notice and this permission notice shall be included
12  * in all copies or substantial portions of the Software.
13  *
14  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15  * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
19  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
20  * DEALINGS IN THE SOFTWARE.
21  */
22 
23 #include "AES.h"
24 #include "Crypto.h"
25 #include <string.h>
26 
41 {
42  rounds = 10;
43  schedule = sched;
44 }
45 
46 AES128::~AES128()
47 {
48  clean(sched);
49 }
50 
55 size_t AES128::keySize() const
56 {
57  return 16;
58 }
59 
60 bool AES128::setKey(const uint8_t *key, size_t len)
61 {
62  if (len != 16)
63  return false;
64 
65  // Copy the key itself into the first 16 bytes of the schedule.
66  uint8_t *schedule = sched;
67  memcpy(schedule, key, 16);
68 
69  // Expand the key schedule until we have 176 bytes of expanded key.
70  uint8_t iteration = 1;
71  uint8_t n = 16;
72  uint8_t w = 4;
73  while (n < 176) {
74  if (w == 4) {
75  // Every 16 bytes (4 words) we need to apply the key schedule core.
76  keyScheduleCore(schedule + 16, schedule + 12, iteration);
77  schedule[16] ^= schedule[0];
78  schedule[17] ^= schedule[1];
79  schedule[18] ^= schedule[2];
80  schedule[19] ^= schedule[3];
81  ++iteration;
82  w = 0;
83  } else {
84  // Otherwise just XOR the word with the one 16 bytes previous.
85  schedule[16] = schedule[12] ^ schedule[0];
86  schedule[17] = schedule[13] ^ schedule[1];
87  schedule[18] = schedule[14] ^ schedule[2];
88  schedule[19] = schedule[15] ^ schedule[3];
89  }
90 
91  // Advance to the next word in the schedule.
92  schedule += 4;
93  n += 4;
94  ++w;
95  }
96 
97  return true;
98 }
99 
125 // Helper macros.
126 #define KCORE(n) \
127  do { \
128  AESCommon::keyScheduleCore(temp, schedule + 12, (n)); \
129  schedule[0] ^= temp[0]; \
130  schedule[1] ^= temp[1]; \
131  schedule[2] ^= temp[2]; \
132  schedule[3] ^= temp[3]; \
133  } while (0)
134 #define KXOR(a, b) \
135  do { \
136  schedule[(a) * 4] ^= schedule[(b) * 4]; \
137  schedule[(a) * 4 + 1] ^= schedule[(b) * 4 + 1]; \
138  schedule[(a) * 4 + 2] ^= schedule[(b) * 4 + 2]; \
139  schedule[(a) * 4 + 3] ^= schedule[(b) * 4 + 3]; \
140  } while (0)
141 
151 {
152 }
153 
154 AESTiny128::~AESTiny128()
155 {
156  clean(schedule);
157 }
158 
163 size_t AESTiny128::blockSize() const
164 {
165  return 16;
166 }
167 
172 size_t AESTiny128::keySize() const
173 {
174  return 16;
175 }
176 
177 bool AESTiny128::setKey(const uint8_t *key, size_t len)
178 {
179  if (len == 16) {
180  // Make a copy of the key - it will be expanded in encryptBlock().
181  memcpy(schedule, key, 16);
182  return true;
183  }
184  return false;
185 }
186 
187 void AESTiny128::encryptBlock(uint8_t *output, const uint8_t *input)
188 {
189  uint8_t schedule[16];
190  uint8_t posn;
191  uint8_t round;
192  uint8_t state1[16];
193  uint8_t state2[16];
194  uint8_t temp[4];
195 
196  // Start with the key in the schedule buffer.
197  memcpy(schedule, this->schedule, 16);
198 
199  // Copy the input into the state and XOR with the key schedule.
200  for (posn = 0; posn < 16; ++posn)
201  state1[posn] = input[posn] ^ schedule[posn];
202 
203  // Perform the first 9 rounds of the cipher.
204  for (round = 1; round <= 9; ++round) {
205  // Expand the next 16 bytes of the key schedule.
206  KCORE(round);
207  KXOR(1, 0);
208  KXOR(2, 1);
209  KXOR(3, 2);
210 
211  // Encrypt using the key schedule.
212  AESCommon::subBytesAndShiftRows(state2, state1);
213  AESCommon::mixColumn(state1, state2);
214  AESCommon::mixColumn(state1 + 4, state2 + 4);
215  AESCommon::mixColumn(state1 + 8, state2 + 8);
216  AESCommon::mixColumn(state1 + 12, state2 + 12);
217  for (posn = 0; posn < 16; ++posn)
218  state1[posn] ^= schedule[posn];
219  }
220 
221  // Expand the final 16 bytes of the key schedule.
222  KCORE(10);
223  KXOR(1, 0);
224  KXOR(2, 1);
225  KXOR(3, 2);
226 
227  // Perform the final round.
228  AESCommon::subBytesAndShiftRows(state2, state1);
229  for (posn = 0; posn < 16; ++posn)
230  output[posn] = state2[posn] ^ schedule[posn];
231 }
232 
233 void AESTiny128::decryptBlock(uint8_t *output, const uint8_t *input)
234 {
235  // Decryption is not supported by AESTiny128.
236 }
237 
239 {
240  clean(schedule);
241 }
242 
270 {
271 }
272 
273 AESSmall128::~AESSmall128()
274 {
275  clean(reverse);
276 }
277 
278 bool AESSmall128::setKey(const uint8_t *key, size_t len)
279 {
280  uint8_t *schedule;
281  uint8_t round;
282  uint8_t temp[4];
283 
284  // Set the encryption key first.
285  if (!AESTiny128::setKey(key, len))
286  return false;
287 
288  // Expand the key schedule up to the last round which gives
289  // us the round keys to use for the final two rounds. We can
290  // then work backwards from there in decryptBlock().
291  schedule = reverse;
292  memcpy(schedule, key, 16);
293  for (round = 1; round <= 10; ++round) {
294  KCORE(round);
295  KXOR(1, 0);
296  KXOR(2, 1);
297  KXOR(3, 2);
298  }
299 
300  // Key is ready to go.
301  return true;
302 }
303 
304 void AESSmall128::decryptBlock(uint8_t *output, const uint8_t *input)
305 {
306  uint8_t schedule[16];
307  uint8_t round;
308  uint8_t posn;
309  uint8_t state1[16];
310  uint8_t state2[16];
311  uint8_t temp[4];
312 
313  // Start with the end of the decryption schedule.
314  memcpy(schedule, reverse, 16);
315 
316  // Copy the input into the state and reverse the final round.
317  for (posn = 0; posn < 16; ++posn)
318  state1[posn] = input[posn] ^ schedule[posn];
319  AESCommon::inverseShiftRowsAndSubBytes(state2, state1);
320  KXOR(3, 2);
321  KXOR(2, 1);
322  KXOR(1, 0);
323  KCORE(10);
324 
325  // Perform the next 9 rounds of the decryption process.
326  for (round = 9; round >= 1; --round) {
327  // Decrypt using the key schedule.
328  for (posn = 0; posn < 16; ++posn)
329  state2[posn] ^= schedule[posn];
330  AESCommon::inverseMixColumn(state1, state2);
331  AESCommon::inverseMixColumn(state1 + 4, state2 + 4);
332  AESCommon::inverseMixColumn(state1 + 8, state2 + 8);
333  AESCommon::inverseMixColumn(state1 + 12, state2 + 12);
334  AESCommon::inverseShiftRowsAndSubBytes(state2, state1);
335 
336  // Expand the next 16 bytes of the key schedule in reverse.
337  KXOR(3, 2);
338  KXOR(2, 1);
339  KXOR(1, 0);
340  KCORE(round);
341  }
342 
343  // Reverse the initial round and create the output words.
344  for (posn = 0; posn < 16; ++posn)
345  output[posn] = state2[posn] ^ schedule[posn];
346 }
347 
349 {
350  clean(reverse);
352 }
size_t keySize() const
Size of a 128-bit AES key in bytes.
Definition: AES128.cpp:172
void clear()
Clears all security-sensitive state from this block cipher.
Definition: AES128.cpp:238
void decryptBlock(uint8_t *output, const uint8_t *input)
Decrypts a single block using this cipher.
Definition: AES128.cpp:304
void encryptBlock(uint8_t *output, const uint8_t *input)
Encrypts a single block using this cipher.
Definition: AES128.cpp:187
size_t keySize() const
Size of a 128-bit AES key in bytes.
Definition: AES128.cpp:55
void decryptBlock(uint8_t *output, const uint8_t *input)
Decrypts a single block using this cipher.
Definition: AES128.cpp:233
void clear()
Clears all security-sensitive state from this block cipher.
Definition: AES128.cpp:348
bool setKey(const uint8_t *key, size_t len)
Sets the key to use for future encryption and decryption operations.
Definition: AES128.cpp:60
size_t blockSize() const
Size of an AES block in bytes.
Definition: AES128.cpp:163
AESTiny128()
Constructs an AES 128-bit block cipher with no initial key.
Definition: AES128.cpp:150
bool setKey(const uint8_t *key, size_t len)
Sets the key to use for future encryption and decryption operations.
Definition: AES128.cpp:177
AES128()
Constructs an AES 128-bit block cipher with no initial key.
Definition: AES128.cpp:40
bool setKey(const uint8_t *key, size_t len)
Sets the key to use for future encryption and decryption operations.
Definition: AES128.cpp:278
AESSmall128()
Constructs an AES 128-bit block cipher with no initial key.
Definition: AES128.cpp:269