Cyclic0007/micro-AES
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added a link to the ASCON repo

Browse Source
This commit is contained in:
polfosol
2023-11-12 15:02:12 +03:30
parent 691d859ff4
commit fd8027d8ba
5 changed files with 68 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@@ -2,7 +2,7 @@
**A minimalist ANSI-C compatible API for the AES encryption and block cipher modes**.
[![here](https://img.shields.io/badge/%C2%B5AES-white.png?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAFGklEQVR42r1XA5RjSxD9Wtu2bWX2e23btm3btm17Nxpmx8zYiK3XLzO/6vz0nuxb7yQ759xJ0l1V93Z1tX762r+cnJyCFoulJnxWART5Cvu8n+n+atLShJBlgCCi1WrtsbEpbHx8CnzXQZsUsAtEVef6sSzb12w1m6FfAXgIv/tgO8MwF+C3HuAL2Avxy3ySHIynEr1eyW7dKrB37ChlW7fOBuRQ2D084sjcuXwik8mA4AAEy099IbhXlVlV/POMzqPusb2HAAltNlsjaZo0Fdp0xSYVi3wc+DgEOCZ9bNS/QMc5wucHs+3apSLZZ9GmjZ5cveoDJBLwLQm+zcOTwxN/G/VbNiBnzvk5KGAFiDzRbWs3AbYBbCmKlEywr8zlx/QdJvfvSyA4gwRfiWx240Yk8gEB5ztt7kSJTHKdXA6jb6A1apUweg22N17S2AtsH3yMfCATEhIDAU1cEjuPF0tGjhSSceP49n/+CYE2O8fGjsJ1Zp2JErVZ1UYEgq4B5q25uUaEbQhMPwjo9kHqoTGcdOoU+F7gtm0zyNOnflh0IPAQFh6OlISERENtRL1n2727ZO2NtWJKJIwQRoHtn4AonHdsKzKhSDTEiUW+9wSgIfH2DuPMr46Ni0uCvgVcB6x0VqPJYni8eGpP9u8XlZteLgiJik4oiuRhaPcs+FkYFbXo0iIhtC/CGFwBe8iMGQJnATiv2P6ZlTKdvHz5LmMmiV84kLBIVGF6hUDozzKajRn4nQp44P8A0/8CBpSHK+CJvVOnIOfCIqmpGWBY6TP7xG/Eas2A1ZKFPno/LxyplZLlH5s/Jf+Y/Jn0NwLqQ2+wGPTgW4wrQGz/448op/RroS3zI7xcv5dQlMHoQ+bP548/Oh5XgJ0S4pRg0RUcVzABfzdf1lwMPne4IykGjTFY6c7zD20qwLYvIAKLj64Ext8/qvKMyv604KA/C7DLxtiU/HB+ZKIsEX//4UxeGBqi2ePHxbipOE0Bw/bv7/01AD+5Q7QxPjYkDsgJClhxbYUIC5hOF9RES/jN4xbSHPbECTEGyDXGjRMO3DuQ75hrncagUQBxiS/N4Wpa/bmFOdA/Kt/ofFko4M+NfwphCZ5Gjh8igPz9d/DeJ3u9kRyQHZAQEA/ZbfXjBJw/74UVT/cAPAExvisFMOzAgV7s8OHcYsXtWuEv9Y6iJ+CBpwd8IP1jXSqAPH7sj2se0nqdjYjA5Wp51zdvHt9jnYfQsflkmS1mPGoLuE5Au3YpMKI4CPqrw+cZ6dFDQjcsVWxEfJ5ReQwoYPC+wXzo34l2LhMAJCpiMOC2XN7h85bufriEeWt5QiQHkISshAyr1VrLtQIAZM0aPJg2OE7ChJTU2DTy4IHEpFKo6dYL6U+HKUqksV1bhKtWYWqXQxYKAYkJDxrcanc92uWF5Ihpp6bxoe+yWwSQmzd9YeQD8HbjG+sb3XJFSzGS0ttPwfEF4+HqlQoCy7pFgF0qjYe5rYPnBpIhqRPo5XM5xnSHAAuc+wxeQOC+z+ClkiPAqNAp5Dh69wiAjQangGRmKrpv7y4oMblEhLOAdqvb4eXzEsZziwAKMnq06Ib3Nf+qs6u+LTu1bDAV4CX1wnPfw+0CEHgTZqOjEyvP+v/SUWZKGbzjBX/3+w8rm0gkEfQt8DUgly550zo4zT8twWfc9/LTLOxjMzOziL9/5NeAzcjAa5UyWZEsg88AfBe64iVcAp/fX4ka+E4AlAH8lhve/wC9phuOb7e8lwAAAABJRU5ErkJggg==)](../../ "µAES") ![C](https://img.shields.io/badge/langauge-C-blue.svg) [![version](https://img.shields.io/badge/version-1.8.0-blue)](../../files/12339506/micro_aes-v1.8.0.zip "micro_aes-v1.8.0.zip") [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
[![this](https://img.shields.io/badge/%C2%B5AES-white.png?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAFGklEQVR42r1XA5RjSxD9Wtu2bWX2e23btm3btm17Nxpmx8zYiK3XLzO/6vz0nuxb7yQ759xJ0l1V93Z1tX762r+cnJyCFoulJnxWART5Cvu8n+n+atLShJBlgCCi1WrtsbEpbHx8CnzXQZsUsAtEVef6sSzb12w1m6FfAXgIv/tgO8MwF+C3HuAL2Avxy3ySHIynEr1eyW7dKrB37ChlW7fOBuRQ2D084sjcuXwik8mA4AAEy099IbhXlVlV/POMzqPusb2HAAltNlsjaZo0Fdp0xSYVi3wc+DgEOCZ9bNS/QMc5wucHs+3apSLZZ9GmjZ5cveoDJBLwLQm+zcOTwxN/G/VbNiBnzvk5KGAFiDzRbWs3AbYBbCmKlEywr8zlx/QdJvfvSyA4gwRfiWx240Yk8gEB5ztt7kSJTHKdXA6jb6A1apUweg22N17S2AtsH3yMfCATEhIDAU1cEjuPF0tGjhSSceP49n/+CYE2O8fGjsJ1Zp2JErVZ1UYEgq4B5q25uUaEbQhMPwjo9kHqoTGcdOoU+F7gtm0zyNOnflh0IPAQFh6OlISERENtRL1n2727ZO2NtWJKJIwQRoHtn4AonHdsKzKhSDTEiUW+9wSgIfH2DuPMr46Ni0uCvgVcB6x0VqPJYni8eGpP9u8XlZteLgiJik4oiuRhaPcs+FkYFbXo0iIhtC/CGFwBe8iMGQJnATiv2P6ZlTKdvHz5LmMmiV84kLBIVGF6hUDozzKajRn4nQp44P8A0/8CBpSHK+CJvVOnIOfCIqmpGWBY6TP7xG/Eas2A1ZKFPno/LxyplZLlH5s/Jf+Y/Jn0NwLqQ2+wGPTgW4wrQGz/448op/RroS3zI7xcv5dQlMHoQ+bP548/Oh5XgJ0S4pRg0RUcVzABfzdf1lwMPne4IykGjTFY6c7zD20qwLYvIAKLj64Ext8/qvKMyv604KA/C7DLxtiU/HB+ZKIsEX//4UxeGBqi2ePHxbipOE0Bw/bv7/01AD+5Q7QxPjYkDsgJClhxbYUIC5hOF9RES/jN4xbSHPbECTEGyDXGjRMO3DuQ75hrncagUQBxiS/N4Wpa/bmFOdA/Kt/ofFko4M+NfwphCZ5Gjh8igPz9d/DeJ3u9kRyQHZAQEA/ZbfXjBJw/74UVT/cAPAExvisFMOzAgV7s8OHcYsXtWuEv9Y6iJ+CBpwd8IP1jXSqAPH7sj2se0nqdjYjA5Wp51zdvHt9jnYfQsflkmS1mPGoLuE5Au3YpMKI4CPqrw+cZ6dFDQjcsVWxEfJ5ReQwoYPC+wXzo34l2LhMAJCpiMOC2XN7h85bufriEeWt5QiQHkISshAyr1VrLtQIAZM0aPJg2OE7ChJTU2DTy4IHEpFKo6dYL6U+HKUqksV1bhKtWYWqXQxYKAYkJDxrcanc92uWF5Ihpp6bxoe+yWwSQmzd9YeQD8HbjG+sb3XJFSzGS0ttPwfEF4+HqlQoCy7pFgF0qjYe5rYPnBpIhqRPo5XM5xnSHAAuc+wxeQOC+z+ClkiPAqNAp5Dh69wiAjQangGRmKrpv7y4oMblEhLOAdqvb4eXzEsZziwAKMnq06Ib3Nf+qs6u+LTu1bDAV4CX1wnPfw+0CEHgTZqOjEyvP+v/SUWZKGbzjBX/3+w8rm0gkEfQt8DUgly550zo4zT8twWfc9/LTLOxjMzOziL9/5NeAzcjAa5UyWZEsg88AfBe64iVcAp/fX4ka+E4AlAH8lhve/wC9phuOb7e8lwAAAABJRU5ErkJggg==)](../../ "µAES") ![C](https://img.shields.io/badge/langauge-C-blue.svg) [![version](https://img.shields.io/badge/version-1.8.1-blue)](../../files/13327811/micro_aes-v1.8.1.zip "micro_aes-v1.8.1.zip") [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
This is a highly flexible, small and portable implementation of most of the AES related algorithms.
@@ -10,7 +10,7 @@ This is a highly flexible, small and portable implementation of most of the AES
* <font size="4">Comprehensive</font> — supports all standard AES key sizes (128, 192 and 256 bits) along with almost every block-cipher mode.
All popular (and some unpopular) block ciphering modes of the AES are implemented in this library, such as [**_ECB_**, **_CBC_**, **_CFB_**, **_OFB_**, **_CTR_**](https://csrc.nist.gov/publications/detail/sp/800-38a/final "Described in NIST SP 800-38A"), [**_GCM_**](https://csrc.nist.gov/publications/detail/sp/800-38d/final "NIST SP 800-38D"), [**_CCM_**](https://csrc.nist.gov/publications/detail/sp/800-38c/final "NIST SP 800-38C"), [**_XTS_**](https://csrc.nist.gov/publications/detail/sp/800-38e/final "NIST SP 800-38E"), [**_KW_**](https://csrc.nist.gov/publications/detail/sp/800-38f/final "NIST SP 800-38F") [(_KWA_)](https://www.rfc-editor.org/rfc/rfc3394 "RFC-3394"), [**_OCB_**](https://www.rfc-editor.org/rfc/rfc7253.html "RFC-7253"), [**_EAX_**](../../files/10318260/eax.pdf "Bellare-Rogaway-Wagner paper. For more info, see wikipedia.") / [**_EAX'_**](../../files/10318265/eax-prime.pdf "It is theoretically broken and shouldn't be used. The ANSI C12.22 has not withdrawn it yet, so here we go."), [**_SIV_**](../../files/10318348/siv.pdf "You may also refer to the RFC-5297"), [**_GCM-SIV_**](https://www.rfc-editor.org/rfc/rfc8452.html "RFC-8452"), [**_FPE_** (**_FF1_** / **_FF3-1_**)](https://csrc.nist.gov/publications/detail/sp/800-38g/final "NIST SP 800-38G"), and furthermore, authentication APIs for [**_CMAC_**](https://csrc.nist.gov/publications/detail/sp/800-38b/final "NIST SP 800-38B") and [**_Poly1305-AES_**](../../files/10319003/poly1305.pdf "From D. J. Bernstein's website: cr.yp.to/mac.html").
All popular (and some unpopular) block ciphering modes of the AES are implemented in this library, such as [**_ECB_**, **_CBC_**, **_CFB_**, **_OFB_**, **_CTR_**](https://csrc.nist.gov/publications/detail/sp/800-38a/final "Described in NIST SP 800-38A"), [**_GCM_**](https://csrc.nist.gov/publications/detail/sp/800-38d/final "NIST SP 800-38D"), [**_CCM_**](https://csrc.nist.gov/publications/detail/sp/800-38c/final "NIST SP 800-38C"), [**_XTS_**](https://csrc.nist.gov/publications/detail/sp/800-38e/final "NIST SP 800-38E"), [**_KW_**](https://csrc.nist.gov/publications/detail/sp/800-38f/final "NIST SP 800-38F") [(_KWA_)](https://www.rfc-editor.org/rfc/rfc3394 "RFC-3394"), [**_OCB_**](https://www.rfc-editor.org/rfc/rfc7253.html "RFC-7253"), [**_EAX_**](../../files/10318260/eax.pdf "Bellare-Rogaway-Wagner paper. For more info, see wikipedia.") /[**_EAX'_**](../../files/10318265/eax-prime.pdf "It is theoretically broken and shouldn't be used. The ANSI C12.22 has not withdrawn it yet, so here we go."), [**_SIV_**](../../files/10318348/siv.pdf "You may also refer to the RFC-5297"), [**_GCM-SIV_**](https://www.rfc-editor.org/rfc/rfc8452.html "RFC-8452"), [**_FPE_** (**_FF1_** /**_FF3-1_**)](https://csrc.nist.gov/publications/detail/sp/800-38g/final "NIST SP 800-38G"), and furthermore, authentication APIs for [**_CMAC_**](https://csrc.nist.gov/publications/detail/sp/800-38b/final "NIST SP 800-38B") and [**_Poly1305-AES_**](../../files/10319003/poly1305.pdf "From D. J. Bernstein's website: cr.yp.to/mac.html").
* <font size="4">All in one</font> — the whole implementation code is in a single C file with no external dependencies.
@@ -55,12 +55,14 @@ See the [main C](main.c) file which has some example codes demonstrating how to
* First, please keep in mind that most security experts strongly warn *against* implementing your own version of AES—or other ciphering algorithms; AND THEY ARE ABSOLUTELY RIGHT!
Everyone who is becoming familiar with cryptography, should first sign [Jeff Moser's](https://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html "A stick figure guide to AES") so-called "Foot Shooting Prevention Agreement". To save you a click and scroll, I have put a copy of it below (but please follow the link and read that article if you haven't).
Everyone who is becoming familiar with cryptography, should first sign [Jeff Moser's](https://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html "A stick figure guide to AES") so-called "Foot Shooting Prevention Agreement". It's a great article if you haven't read it yet. But to save you a click and scroll, I put a copy of the contract below.
With that in mind, I shall say that the main purpose of developing µAES was purely educational. I learned a lot during writing these codes and I hope that somebody, some day, would gain a bit of knowledge from it.
With that in mind, I shall say that the main purpose of developing µAES was purely educational. I learned a lot during writing these codes and hope that somebody, some day, would gain a bit of knowledge from it.
* The code is optimized for small embedded systems and 8-bit microcontrollers with limited amount of memory. So for stronger CPUs it is plausible to speed-up the code [by applying some simple changes](x86-improvements). If you are working with an 8-bit microcontroller, it is recommended to take a look at Nigel Jones' rather old article "[Efficient C Code for 8-bit Microcontrollers](https://barrgroup.com/embedded-systems/how-to/efficient-c-code)". It contains some highly useful tips to better program such systems.
* There are some standard encryption algorithms specifically designed for small embedded systems, that minimize the use of computational resources while maintaining a high level of security. The most prominent one is the ASCON cipher suite which recently got [approved by the NIST](https://csrc.nist.gov/Projects/lightweight-cryptography/finalists). I have created [another repository](../../../simple-ASCON "Simple ASCON") to implement those algorithms as well.
* For the sake of simplicity, it is often assumed that the input parameters of the functions are well defined, and the user knows what they're doing. As a result, a bunch of error checks are just skipped. Obviously, this is a naive and sometimes dangerous assumption. One must be aware that in a serious application, anything can be fed into the functions and they must take all the necessary precautions for erroneous parameters.
* µAES was originally influenced by [kokke's tiny-AES](https://github.com/kokke/tiny-AES-c) library, but I have made a handful of modifications to make it smaller and more efficient.

6
main.c
View File

@@ -28,9 +28,7 @@ static const char
*ecbcipher = "af1893f0fbb09a43 7f6b0fd4f4977890 7bb85cccf1e9d2e3 ebe5bae935107868"
"c6d72cb2ca375c12 ce6b6b1141141fd0 d268d14db351d680 5aabb99427341da9",
*k_wrapped = "031D33264E15D332 68F24EC260743EDC E1C6C7DDEE725A93 6BA814915C6762D2";
#else /* ↓↓↓↓ zero-padded input */
*ecbcipher = "5d00c273f8b2607d a834632dcbb521f4 697dd4ab20bb0645 32a6545e24e33ae9"
"f545176111f93773 dbecd262841cf83b 10d145e71b772cf7 a12889cda84be795",
#else /* AES-128, sizeof key =16 */
#if CTS
*cbccipher = "65c48fdf9fbd6261 28f2d8bac3f71251 75e7f4821fda0263 70011632779d7403"
"c119ef461ac4e1bc 8a7e36bf92b3b3d1 7e9e2d298e154bc4 2d",
@@ -38,6 +36,8 @@ static const char
*cbccipher = "65c48fdf9fbd6261 28f2d8bac3f71251 75e7f4821fda0263 70011632779d7403"
"7e9e2d298e154bc4 2dc7a9bc419b915d c119ef461ac4e1bc 8a7e36bf92b3b3d1",
#endif
*ecbcipher = "5d00c273f8b2607d a834632dcbb521f4 697dd4ab20bb0645 32a6545e24e33ae9"
"f545176111f93773 dbecd262841cf83b 10d145e71b772cf7 a12889cda84be795",
*xtscipher = "10f9301a157bfceb 3eb9e7bd38500b7e 959e21ba3cc1179a d7f7d7d99460e695"
"5e8bcb177571c719 6de58ff28c381913 e7c82d0adfd90c45 ca",
*cfbcipher = "edab3105e673bc9e b9102539a9f457bc 245c14e1bff81b5b 4a4a147c988cb0a6"

84
micro_aes.c
View File

@@ -414,16 +414,16 @@ static void copyLNum( block_t block, size_t num, uint8_t pos )
#if CTR
/** increment the value of a 128-bit counter block, regarding its endian-ness */
static void incBlock( block_t block, uint8_t b )
static void incBlock( block_t block, const char big )
{
if (b) /* big-endian: inc the LSB, */
{ /* ..until no overflow */
for (b = LAST; !++block[b]; ) --b;
return;
}
while (!++block[b]) /* little-endian counter */
uint8_t i;
if (big) /* big-endian counter */
{
if (++b == 4) return;
for (i = LAST; !++block[i]; ) --i; /* increment the LSB, */
} /* ..until no overflow */
else
{
for (i = 0; !++block[i] && ++i < 4; );
}
}
#endif
@@ -558,10 +558,10 @@ static void xMac( const void* data, const size_t dataSize,
xorBlock( x, result ); /* M_next = mix(seed, M ^ X) */
mix( seed, result );
}
for (n = dataSize % BLOCKSIZE; n--; )
for (n = dataSize % BLOCKSIZE; n--; ) /* if any partial block left */
{
result[n] ^= x[n];
if (!n)
if (n == 0)
{
mix( seed, result );
}
@@ -581,9 +581,9 @@ static void cMac( const block_t D, const block_t Q,
xMac( data, dataSize - s, mac, &rijndaelEncrypt, mac );
if (s < BLOCKSIZE)
{
mac[s] ^= 0x80;
mac[s] ^= 0x80; /* pad( M; D, Q ) */
}
xorBlock( s < BLOCKSIZE ? Q : D, mac ); /* pad( M; D, Q ) */
xorBlock( s < BLOCKSIZE ? Q : D, mac );
xMac( e, s + !s, mac, &rijndaelEncrypt, mac );
}
@@ -676,7 +676,7 @@ char AES_ECB_decrypt( const uint8_t* key,
/* if padding is enabled, check whether the result is properly padded. error
* must be thrown if it's not. we skip this here and just check the size. */
return crtxtLen % BLOCKSIZE ? DECRYPTION_FAILURE : ENDED_IN_SUCCESS;
return crtxtLen % BLOCKSIZE ? DECRYPTION_FAILURE : NO_ERROR_RETURNED;
}
#endif /* ECB */
@@ -731,7 +731,7 @@ char AES_CBC_encrypt( const uint8_t* key, const block_t iVec,
rijndaelEncrypt( y, y );
}
BURN( RoundKey );
return ENDED_IN_SUCCESS;
return NO_ERROR_RETURNED;
}
/**
@@ -776,7 +776,7 @@ char AES_CBC_decrypt( const uint8_t* key, const block_t iVec,
BURN( RoundKey );
/* note: if padding was applied, check whether output is properly padded. */
return ENDED_IN_SUCCESS;
return NO_ERROR_RETURNED;
}
#endif /* CBC */
@@ -914,7 +914,7 @@ static void CTR_Cipher( const block_t iCtr, const char big,
memcpy( output, input, dataSize ); /* do in-place en/decryption */
memcpy( c, iCtr, sizeof c );
if (big > 1) incBlock( c, 1 ); /* pre-increment for CCM/GCM */
if (big > 1) incBlock( c, big ); /* pre-increment for CCM/GCM */
for (y = output; n--; y += BLOCKSIZE)
{
@@ -1039,7 +1039,7 @@ char AES_XTS_encrypt( const uint8_t* keys, const uint8_t* tweak,
xorBlock( T, c );
}
BURN( RoundKey );
return ENDED_IN_SUCCESS;
return NO_ERROR_RETURNED;
}
/**
@@ -1077,7 +1077,7 @@ char AES_XTS_decrypt( const uint8_t* keys, const uint8_t* tweak,
xorBlock( T, p );
BURN( RoundKey );
return ENDED_IN_SUCCESS;
return NO_ERROR_RETURNED;
}
#endif /* XTS */
@@ -1193,7 +1193,7 @@ char AES_GCM_decrypt( const uint8_t* key, const uint8_t* nonce,
}
CTR_Cipher( iv, 2, crtxt, crtxtLen, pntxt );
BURN( RoundKey );
return ENDED_IN_SUCCESS;
return NO_ERROR_RETURNED;
}
#endif /* GCM */
@@ -1296,7 +1296,7 @@ char AES_CCM_decrypt( const uint8_t* key, const uint8_t* nonce,
SABOTAGE( pntxt, crtxtLen );
return AUTHENTICATION_FAILURE;
}
return ENDED_IN_SUCCESS;
return NO_ERROR_RETURNED;
}
#endif /* CCM */
@@ -1312,20 +1312,20 @@ static void S2V( const uint8_t* key,
const size_t aDataLen, const size_t ptextLen, block_t IV )
{
block_t K[2], Y;
uint8_t r = ptextLen % BLOCKSIZE, *D = K[0], *Q = K[1];
uint8_t r = ptextLen % BLOCKSIZE, *Q = K[1];
memset( *K, 0, BLOCKSIZE );
memset( IV, 0, BLOCKSIZE ); /* initialize/clear IV */
getSubkeys( &doubleBGF128, 1, key, D, Q );
rijndaelEncrypt( D, Y ); /* Y_0 = CMAC(zero block) */
getSubkeys( &doubleBGF128, 1, key, *K, Q );
rijndaelEncrypt( *K, Y ); /* Y_0 = CMAC(zero block) */
/* in case of multiple AAD units, each must be handled the same way as this.
* e.g. let aData be a 2D array and aDataLen a null-terminated one. then the
* following three lines starting with `if (aDataLen)` can be replaced by:
* for (i = 0; *aDataLen; ++i) { cMac( D, Q, aData[i], *aDataLen++, IV ); */
* for (i = 0; *aDataLen; ) { cMac( *K, Q, aData[i++], *aDataLen++, IV ); */
if (aDataLen)
{
cMac( D, Q, aData, aDataLen, IV );
cMac( *K, Q, aData, aDataLen, IV );
doubleBGF128( Y ); /* Y_$ = double( Y_{i-1} ) */
xorBlock( IV, Y ); /* Y_i = Y_$ ^ CMAC(AAD_i) */
memset( IV, 0, BLOCKSIZE );
@@ -1337,10 +1337,10 @@ static void S2V( const uint8_t* key,
}
if (r)
{
memset( D, 0, BLOCKSIZE );
memset( *K, 0, BLOCKSIZE );
}
xorBlock( Y, D + r );
cMac( D, D, pntxt, ptextLen - r, IV ); /* CMAC*( Y xor_end M ) */
xorBlock( Y, *K + r );
cMac( *K, *K, pntxt, ptextLen - r, IV ); /* CMAC*( Y xor_end M ) */
if (r)
{
cMac( NULL, Q, (const char*) pntxt + ptextLen - r, r, IV );
@@ -1402,7 +1402,7 @@ char AES_SIV_decrypt( const uint8_t* keys, const block_t iv,
SABOTAGE( pntxt, crtxtLen );
return AUTHENTICATION_FAILURE;
}
return ENDED_IN_SUCCESS;
return NO_ERROR_RETURNED;
}
#endif /* SIV */
@@ -1514,7 +1514,7 @@ char GCM_SIV_decrypt( const uint8_t* key, const uint8_t* nonce,
SABOTAGE( pntxt, crtxtLen );
return AUTHENTICATION_FAILURE;
}
return ENDED_IN_SUCCESS;
return NO_ERROR_RETURNED;
}
#endif /* GCM-SIV */
@@ -1640,22 +1640,22 @@ char AES_EAX_decrypt( const uint8_t* key, const uint8_t* nonce,
CTR_Cipher( mac, 1, crtxt, crtxtLen, pntxt );
BURN( RoundKey );
return ENDED_IN_SUCCESS;
return NO_ERROR_RETURNED;
}
#endif /* EAX */
/*----------------------------------------------------------------------------*\
OCB-AES (offset codebook mode): how to parallelize the algorithm
by independent calculation of the offset values
+ auxiliary functions along with the main API
OCB-AES (offset codebook mode): auxiliary functions and main API
+ demonstrating how to parallelize the algorithm by
independent calculation of the offset values
\*----------------------------------------------------------------------------*/
#if IMPLEMENT(OCB)
static block_t OCBsubkeys[4]; /* [L_$] [L_*] [Ktop] [Δ_n] */
/** Calculate the offset block (Δ_i) at a specified index, given the initial Δ_0
* and L$ blocks. This method has minimum memory usage, but it's clearly slow */
* and L$ blocks. This method has minimum memory usage, but it might be slow. */
static void getDelta( const count_t index, block_t delta )
{
size_t m, b = 1;
@@ -1807,7 +1807,7 @@ char AES_OCB_decrypt( const uint8_t* key, const uint8_t* nonce,
BURN( OCBsubkeys );
return AUTHENTICATION_FAILURE;
}
return ENDED_IN_SUCCESS;
return NO_ERROR_RETURNED;
}
#endif /* OCB */
@@ -1828,7 +1828,7 @@ char AES_OCB_decrypt( const uint8_t* key, const uint8_t* nonce,
char AES_KEY_wrap( const uint8_t* kek,
const uint8_t* secret, const size_t secretLen, uint8_t* wrapped )
{
size_t q, i = 0, n = secretLen / HB; /* number of semi-blocks */
size_t i, n = secretLen / HB; /* number of semi-blocks */
block_t A;
if (n < 2 || secretLen % HB) return ENCRYPTION_FAILURE;
@@ -1837,7 +1837,7 @@ char AES_KEY_wrap( const uint8_t* kek,
memcpy( wrapped + HB, secret, secretLen ); /* copy input to the output */
AES_SetKey( kek );
for (q = 6 * n; i < q; )
for (i = 0; i < 6 * n; )
{
uint8_t *r = wrapped + (i++ % n + 1) * HB;
memcpy( A + HB, r, HB );
@@ -1848,7 +1848,7 @@ char AES_KEY_wrap( const uint8_t* kek,
BURN( RoundKey );
memcpy( wrapped, A, HB );
return ENDED_IN_SUCCESS;
return NO_ERROR_RETURNED;
}
/**
@@ -1883,7 +1883,7 @@ char AES_KEY_unwrap( const uint8_t* kek,
for (n = 0; i < HB; ) n |= A[i++] ^ 0xA6; /* authenticate/error check */
return n ? AUTHENTICATION_FAILURE : ENDED_IN_SUCCESS;
return n ? AUTHENTICATION_FAILURE : NO_ERROR_RETURNED;
}
#endif /* KWA */
@@ -2315,7 +2315,7 @@ char AES_FPE_encrypt( const uint8_t* key, const uint8_t* tweak,
#endif
FPEfinalize( index, ptextLen, crtxt );
free( index );
return ENDED_IN_SUCCESS;
return NO_ERROR_RETURNED;
}
/**
@@ -2344,6 +2344,6 @@ char AES_FPE_decrypt( const uint8_t* key, const uint8_t* tweak,
#endif
FPEfinalize( index, crtxtLen, pntxt );
free( index );
return ENDED_IN_SUCCESS;
return NO_ERROR_RETURNED;
}
#endif /* FPE */

4
micro_aes.h
View File

@@ -2,7 +2,7 @@
==============================================================================
Name : micro_aes.h
Author : polfosol
Version : 9.9.8.4
Version : 10
Copyright : copyright © 2022 - polfosol
Description : μAES ™ is a minimalist all-in-one library for AES encryption
==============================================================================
@@ -459,7 +459,7 @@ The error codes and key length should be defined here for external references:
#define ENCRYPTION_FAILURE 0x1E
#define DECRYPTION_FAILURE 0x1D
#define AUTHENTICATION_FAILURE 0x1A
#define ENDED_IN_SUCCESS 0x00
#define NO_ERROR_RETURNED 0x00
#if (AES___ != 256) && (AES___ != 192)
#define AES_KEY_SIZE 16

30
micro_fpe.h
View File

@@ -2,7 +2,7 @@
==============================================================================
Name : micro_fpe.h
Author : polfosol
Version : 2.1.1.2
Version : 2.1.2.0
Copyright : copyright © 2022 - polfosol
Description : demonstrating some sample alphabets for the FPE mode of μAES ™
==============================================================================
@@ -24,16 +24,16 @@
* These strings are commonly used in ASCII-based alphabets. The declaration of
* an alphabet must be followed by its number of characters (RADIX).
*/
#define DECDIGIT "0123456789"
#define LCLETTER "abcdefghijklmnopqrstuvwxyz"
#define UCLETTER "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
#define HEXDIGIT DECDIGIT "ABCDEFabcdef"
#define DECIMALS "0123456789"
#define LLETTERS "abcdefghijklmnopqrstuvwxyz"
#define ULETTERS "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
#define HEXCHARS DECIMALS "ABCDEFabcdef"
/**
numbers
*/
#if CUSTOM_ALPHABET == 0
#define ALPHABET DECDIGIT
#define ALPHABET DECIMALS
#define RADIX 10
#endif
@@ -49,7 +49,7 @@
lowercase english words
*/
#if CUSTOM_ALPHABET == 2
#define ALPHABET LCLETTER
#define ALPHABET LLETTERS
#define RADIX 26
#endif
@@ -57,7 +57,7 @@
lowercase alphanumeric strings
*/
#if CUSTOM_ALPHABET == 3
#define ALPHABET DECDIGIT LCLETTER
#define ALPHABET DECIMALS LLETTERS
#define RADIX 36
#endif
@@ -65,7 +65,7 @@
the English alphabet
*/
#if CUSTOM_ALPHABET == 4
#define ALPHABET UCLETTER LCLETTER
#define ALPHABET ULETTERS LLETTERS
#define RADIX 52
#endif
@@ -73,7 +73,7 @@
base-64 encoded strings (RFC-4648), with no padding character
*/
#if CUSTOM_ALPHABET == 5
#define ALPHABET UCLETTER LCLETTER DECDIGIT "+/"
#define ALPHABET ULETTERS LLETTERS DECIMALS "+/"
#define RADIX 64
#endif
@@ -81,7 +81,7 @@
base-85 encoded strings (RFC-1924)
*/
#if CUSTOM_ALPHABET == 6
#define ALPHABET DECDIGIT UCLETTER LCLETTER "!#$%&()*+-;<=>?@^_`{|}~"
#define ALPHABET DECIMALS ULETTERS LLETTERS "!#$%&()*+-;<=>?@^_`{|}~"
#define RADIX 85
#endif
@@ -89,7 +89,7 @@
a character set with length 26, used by some test vectors
*/
#if CUSTOM_ALPHABET == 7
#define ALPHABET DECDIGIT "abcdefghijklmnop"
#define ALPHABET DECIMALS "abcdefghijklmnop"
#define RADIX 26
#endif
@@ -97,7 +97,7 @@
base-64 character set with DIFFERENT ORDERING, used by some test vectors
*/
#if CUSTOM_ALPHABET == 8
#define ALPHABET DECDIGIT UCLETTER LCLETTER "+/"
#define ALPHABET DECIMALS ULETTERS LLETTERS "+/"
#define RADIX 64
#endif
@@ -105,7 +105,7 @@
all printable ascii characters
*/
#if CUSTOM_ALPHABET == 9
#define ALPHABET " !\"#$%&\'()*+,-./"DECDIGIT":;<=>?@"UCLETTER"[\\]^_`"LCLETTER"{|}~"
#define ALPHABET " !\"#$%&\'()*+,-./"DECIMALS":;<=>?@"ULETTERS"[\\]^_`"LLETTERS"{|}~"
#define RADIX 95
#endif
@@ -146,7 +146,7 @@
* set it as a constant, or let it be calculated dynamically like this:
*/
#include <math.h>
#define LOGRDX (log( RADIX ) / log( 2 )) /* log2( RADIX ) if std=C99 */
#define LOGRDX (log( RADIX ) / log( 2 )) /* log2(RADIX) if std >= C99 */
#if FF_X == 3
#define MAXLEN (2 * (int) (96.000001 / LOGRDX))
#endif