versadac
1
versadac - Scalable Recorder Firmware
Main Page
Classes
Files
File List
File Members
core
encryption
AES.h
1
/* AES - Advanced Encryption Standard
2
3
source version 1.0, June, 2005
4
5
Copyright (C) 2000-2005 Chris Lomont
6
7
This software is provided 'as-is', without any express or implied
8
warranty. In no event will the author be held liable for any damages
9
arising from the use of this software.
10
11
Permission is granted to anyone to use this software for any purpose,
12
including commercial applications, and to alter it and redistribute it
13
freely, subject to the following restrictions:
14
15
1. The origin of this software must not be misrepresented; you must not
16
claim that you wrote the original software. If you use this software
17
in a product, an acknowledgment in the product documentation would be
18
appreciated but is not required.
19
2. Altered source versions must be plainly marked as such, and must not be
20
misrepresented as being the original software.
21
3. This notice may not be removed or altered from any source distribution.
22
23
Chris Lomont
24
chris@lomont.org
25
26
The AES Standard is maintained by NIST
27
http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
28
29
This legalese is patterned after the zlib compression library
30
*/
31
32
// headed to implement Advanced Encryption Standard - Rijndael2
33
#ifndef _AES_H
34
#define _AES_H
35
36
37
#define AES_BLOCK_LENGTH_BYTES 16
38
#define AES_BLOCK_LENGTH_BITS (AES_BLOCK_LENGTH_BYTES * 8)
39
40
/* USAGE:
41
1. Create a AES class (or more as necessary)
42
2. Call class method SetParameters
43
3. To encrypt, call method StartEncryption with the key, and then
44
call method Encrypt with enough space to store the proper size blocks.
45
4. To decrypt, call method StartDecryption with the key, and then
46
call method Decrypt with enough space to store the proper size blocks.
47
48
Alternatively, you can call EncryptBlock and DecryptBlock block to process blocksize
49
(default to 16 bytes) bytes at a time. It is recommended to use the Encrypt function
50
for multiple block encryption since it uses chaining modes that make the overall
51
stream much more secure than the default block based encryption, which by default would
52
be mode ECB.
53
54
EXAMPLE: want to encrypt 37 bytes of data with 192 bit key, which will use 3 16 byte blocks
55
AES aes;
56
aes.SetParameters(192);
57
aes.StartEncryption(key);
58
aes.Encrypt(data,output,3); // note data and output must be at least 48 bytes!
59
*/
60
61
// todo - replace all types with u1byte, u4byte, etc
62
63
class
AES
64
{
65
public
:
66
// the constructor - makes sure local things are initialized
67
// it if fails, throws the string "Tables failed to initialize"
68
AES
(
void
);
69
70
// multiple block encryption/decryption modes
71
// See http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
72
enum
BlockMode {
73
ECB = 0,
// Electronic CodeBook - each block independent, weak
74
CBC = 1
// Cipher Block Chaining - most secure
75
// todo - CFB = 2, // Cipher FeedBack - secure
76
// todo - OFB = 3, // Output FeedBack - secure
77
// todo - CTR = 4, // Counter - allows midstream decryption, somewhat secure
78
// todo - EAX = 5, - http://www.cs.berkeley.edu/~daw/papers/eprint-short-ae.pdf
79
// todo - GCM = 6, - http://www.cryptobarn.com/papers/gcm-spec.pdf
80
};
81
82
// block and key size are in bits, legal values are 128, 192, and 256 independently.
83
// NOTE: the AES standard only uses a blocksize of 128, so we default to that
84
void
SetParameters(
int
keylength,
int
blocklength = 128);
85
86
// call this before any encryption with the key to use
87
void
StartEncryption(
const
unsigned
char
* key);
88
// encrypt a single block (default 128 bits, or unsigned char[16]) of data
89
void
EncryptBlock(
const
unsigned
char
* datain,
unsigned
char
* dataout);
90
// Call this to encrypt any length data. Note the size is in BLOCKS, so you must
91
// have enough space in datain and dataout to accomodate this. Pad your data before
92
// calling, preferably using the padding methods listed below.
93
// Decryption must use the same mode as the encryption.
94
void
Encrypt(
const
unsigned
char
* datain,
unsigned
char
* dataout,
unsigned
int
numBlocks, BlockMode mode = CBC);
95
96
// call this before any decryption with the key to use
97
void
StartDecryption(
const
unsigned
char
* key);
98
// decrypt a single block (default 128 bits, or unsigned char[16]) of data
99
void
DecryptBlock(
const
unsigned
char
* datain,
unsigned
char
* dataout);
100
// Call this to decrypt any length data. Note the size is in BLOCKS, so you must
101
// have enough space in datain and dataout to accomodate this. Pad your data before
102
// calling, preferably using the padding methods listed below. You must know the desired
103
// length of the output data, since all the blocks are returned decrypted.
104
// Encryption must use the same mode as the decryption.
105
void
Decrypt(
const
unsigned
char
* datain,
unsigned
char
* dataout,
unsigned
int
numBlocks, BlockMode mode = CBC);
106
107
private
:
108
109
int
Nb,Nk;
// block and key length / 32, should be 4,6,or 8
110
int
Nr;
// number of rounds
111
112
unsigned
char
W[4*8*15];
// the expanded key
113
114
// Key expansion code - makes local copy
115
void
KeyExpansion(
const
unsigned
char
* key);
116
117
};
// class AES
118
119
120
/* PADDING:
121
The AES (Rijndael) encryption algorithm pads encrypted data to a multiple of 16 bytes by default.
122
Other blocksizes are similar. Methods:
123
1. RFC 1423 padding scheme:
124
Each padding byte is set to the number of padding bytes. If the data is already a multiple
125
of 16 bytes, 16 additional bytes are added, each having the value 0x10.
126
2. FIPS81 (Federal Information Processing Standards 81):
127
The last byte contains the number of padding bytes, including itself,
128
and the other padding bytes are set to random values.
129
3. Each padding byte is set to a random value. The decryptor must know how many bytes are in the original unencrypted data.
130
*/
131
132
/* TODO
133
The Encrypt() function is used to encrypt larger blocks of data. The block size has to be a multiple of the method's block size.
134
This function can operate in the following modes: ECB, CBC or CFB. ECB mode is not using chaining. If the same block is encrypted
135
twice with the same key, the resulting ciphertext blocks are the same. In CBC mode, a ciphertext block is obtained by first XORing
136
the plaintext block with the previous ciphertext block, and encrypting the resulting value. In CFB mode, a ciphertext block is
137
obtained by encrypting the previous ciphertext block and XORing the resulting value with the plaintext. The operation mode is
138
specified in the iMode parameter with ECB being the default value.
139
140
*/
141
142
#endif // _AES_H
143
// end - AES.h
AES
Definition:
AES.h:63
Generated on Wed Aug 19 2020 10:33:39 for versadac by
1.8.9.1