Created
December 18, 2018 09:32
-
-
Save bingoohuang/100934dc8561417c6e71daefb43effc8 to your computer and use it in GitHub Desktop.
clang AES/CBC/PKCS5Padding benchmark test code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| This is an implementation of the AES algorithm, specifically ECB, CTR and CBC mode. | |
| Block size can be chosen in aes.h - available choices are AES128, AES192, AES256. | |
| The implementation is verified against the test vectors in: | |
| National Institute of Standards and Technology Special Publication 800-38A 2001 ED | |
| ECB-AES128 | |
| ---------- | |
| plain-text: | |
| 6bc1bee22e409f96e93d7e117393172a | |
| ae2d8a571e03ac9c9eb76fac45af8e51 | |
| 30c81c46a35ce411e5fbc1191a0a52ef | |
| f69f2445df4f9b17ad2b417be66c3710 | |
| key: | |
| 2b7e151628aed2a6abf7158809cf4f3c | |
| resulting cipher | |
| 3ad77bb40d7a3660a89ecaf32466ef97 | |
| f5d3d58503b9699de785895a96fdbaaf | |
| 43b1cd7f598ece23881b00e3ed030688 | |
| 7b0c785e27e8ad3f8223207104725dd4 | |
| NOTE: String length must be evenly divisible by 16byte (str_len % 16 == 0) | |
| You should pad the end of the string with zeros if this is not the case. | |
| For AES192/256 the key size is proportionally larger. | |
| */ | |
| /*****************************************************************************/ | |
| /* Includes: */ | |
| /*****************************************************************************/ | |
| #include <stdint.h> | |
| #include <string.h> // CBC mode, for memset | |
| #include "aes.h" | |
| /*****************************************************************************/ | |
| /* Defines: */ | |
| /*****************************************************************************/ | |
| // The number of columns comprising a state in AES. This is a constant in AES. Value=4 | |
| #define Nb 4 | |
| #if defined(AES256) && (AES256 == 1) | |
| #define Nk 8 | |
| #define Nr 14 | |
| #elif defined(AES192) && (AES192 == 1) | |
| #define Nk 6 | |
| #define Nr 12 | |
| #else | |
| #define Nk 4 // The number of 32 bit words in a key. | |
| #define Nr 10 // The number of rounds in AES Cipher. | |
| #endif | |
| // jcallan@github points out that declaring Multiply as a function | |
| // reduces code size considerably with the Keil ARM compiler. | |
| // See this link for more information: https://github.com/kokke/tiny-AES-C/pull/3 | |
| #ifndef MULTIPLY_AS_A_FUNCTION | |
| #define MULTIPLY_AS_A_FUNCTION 0 | |
| #endif | |
| /*****************************************************************************/ | |
| /* Private variables: */ | |
| /*****************************************************************************/ | |
| // state - array holding the intermediate results during decryption. | |
| typedef uint8_t state_t[4][4]; | |
| // The lookup-tables are marked const so they can be placed in read-only storage instead of RAM | |
| // The numbers below can be computed dynamically trading ROM for RAM - | |
| // This can be useful in (embedded) bootloader applications, where ROM is often limited. | |
| static const uint8_t sbox[256] = { | |
| //0 1 2 3 4 5 6 7 8 9 A B C D E F | |
| 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, | |
| 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, | |
| 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, | |
| 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, | |
| 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, | |
| 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, | |
| 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, | |
| 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, | |
| 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, | |
| 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, | |
| 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, | |
| 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, | |
| 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, | |
| 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, | |
| 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, | |
| 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 }; | |
| static const uint8_t rsbox[256] = { | |
| 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, | |
| 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, | |
| 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, | |
| 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, | |
| 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, | |
| 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, | |
| 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, | |
| 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, | |
| 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, | |
| 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, | |
| 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, | |
| 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, | |
| 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, | |
| 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, | |
| 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, | |
| 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d }; | |
| // The round constant word array, Rcon[i], contains the values given by | |
| // x to the power (i-1) being powers of x (x is denoted as {02}) in the field GF(2^8) | |
| static const uint8_t Rcon[11] = { | |
| 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36 }; | |
| /* | |
| * Jordan Goulder points out in PR #12 (https://github.com/kokke/tiny-AES-C/pull/12), | |
| * that you can remove most of the elements in the Rcon array, because they are unused. | |
| * | |
| * From Wikipedia's article on the Rijndael key schedule @ https://en.wikipedia.org/wiki/Rijndael_key_schedule#Rcon | |
| * | |
| * "Only the first some of these constants are actually used – up to rcon[10] for AES-128 (as 11 round keys are needed), | |
| * up to rcon[8] for AES-192, up to rcon[7] for AES-256. rcon[0] is not used in AES algorithm." | |
| */ | |
| /*****************************************************************************/ | |
| /* Private functions: */ | |
| /*****************************************************************************/ | |
| /* | |
| static uint8_t getSBoxValue(uint8_t num) | |
| { | |
| return sbox[num]; | |
| } | |
| */ | |
| #define getSBoxValue(num) (sbox[(num)]) | |
| /* | |
| static uint8_t getSBoxInvert(uint8_t num) | |
| { | |
| return rsbox[num]; | |
| } | |
| */ | |
| #define getSBoxInvert(num) (rsbox[(num)]) | |
| // This function produces Nb(Nr+1) round keys. The round keys are used in each round to decrypt the states. | |
| static void KeyExpansion(uint8_t* RoundKey, const uint8_t* Key) | |
| { | |
| unsigned i, j, k; | |
| uint8_t tempa[4]; // Used for the column/row operations | |
| // The first round key is the key itself. | |
| for (i = 0; i < Nk; ++i) | |
| { | |
| RoundKey[(i * 4) + 0] = Key[(i * 4) + 0]; | |
| RoundKey[(i * 4) + 1] = Key[(i * 4) + 1]; | |
| RoundKey[(i * 4) + 2] = Key[(i * 4) + 2]; | |
| RoundKey[(i * 4) + 3] = Key[(i * 4) + 3]; | |
| } | |
| // All other round keys are found from the previous round keys. | |
| for (i = Nk; i < Nb * (Nr + 1); ++i) | |
| { | |
| { | |
| k = (i - 1) * 4; | |
| tempa[0]=RoundKey[k + 0]; | |
| tempa[1]=RoundKey[k + 1]; | |
| tempa[2]=RoundKey[k + 2]; | |
| tempa[3]=RoundKey[k + 3]; | |
| } | |
| if (i % Nk == 0) | |
| { | |
| // This function shifts the 4 bytes in a word to the left once. | |
| // [a0,a1,a2,a3] becomes [a1,a2,a3,a0] | |
| // Function RotWord() | |
| { | |
| const uint8_t u8tmp = tempa[0]; | |
| tempa[0] = tempa[1]; | |
| tempa[1] = tempa[2]; | |
| tempa[2] = tempa[3]; | |
| tempa[3] = u8tmp; | |
| } | |
| // SubWord() is a function that takes a four-byte input word and | |
| // applies the S-box to each of the four bytes to produce an output word. | |
| // Function Subword() | |
| { | |
| tempa[0] = getSBoxValue(tempa[0]); | |
| tempa[1] = getSBoxValue(tempa[1]); | |
| tempa[2] = getSBoxValue(tempa[2]); | |
| tempa[3] = getSBoxValue(tempa[3]); | |
| } | |
| tempa[0] = tempa[0] ^ Rcon[i/Nk]; | |
| } | |
| #if defined(AES256) && (AES256 == 1) | |
| if (i % Nk == 4) | |
| { | |
| // Function Subword() | |
| { | |
| tempa[0] = getSBoxValue(tempa[0]); | |
| tempa[1] = getSBoxValue(tempa[1]); | |
| tempa[2] = getSBoxValue(tempa[2]); | |
| tempa[3] = getSBoxValue(tempa[3]); | |
| } | |
| } | |
| #endif | |
| j = i * 4; k=(i - Nk) * 4; | |
| RoundKey[j + 0] = RoundKey[k + 0] ^ tempa[0]; | |
| RoundKey[j + 1] = RoundKey[k + 1] ^ tempa[1]; | |
| RoundKey[j + 2] = RoundKey[k + 2] ^ tempa[2]; | |
| RoundKey[j + 3] = RoundKey[k + 3] ^ tempa[3]; | |
| } | |
| } | |
| void AES_init_ctx(struct AES_ctx* ctx, const uint8_t* key) | |
| { | |
| KeyExpansion(ctx->RoundKey, key); | |
| } | |
| #if (defined(CBC) && (CBC == 1)) || (defined(CTR) && (CTR == 1)) | |
| void AES_init_ctx_iv(struct AES_ctx* ctx, const uint8_t* key, const uint8_t* iv) | |
| { | |
| KeyExpansion(ctx->RoundKey, key); | |
| memcpy (ctx->Iv, iv, AES_BLOCKLEN); | |
| } | |
| void AES_ctx_set_iv(struct AES_ctx* ctx, const uint8_t* iv) | |
| { | |
| memcpy (ctx->Iv, iv, AES_BLOCKLEN); | |
| } | |
| #endif | |
| // This function adds the round key to state. | |
| // The round key is added to the state by an XOR function. | |
| static void AddRoundKey(uint8_t round,state_t* state,uint8_t* RoundKey) | |
| { | |
| uint8_t i,j; | |
| for (i = 0; i < 4; ++i) | |
| { | |
| for (j = 0; j < 4; ++j) | |
| { | |
| (*state)[i][j] ^= RoundKey[(round * Nb * 4) + (i * Nb) + j]; | |
| } | |
| } | |
| } | |
| // The SubBytes Function Substitutes the values in the | |
| // state matrix with values in an S-box. | |
| static void SubBytes(state_t* state) | |
| { | |
| uint8_t i, j; | |
| for (i = 0; i < 4; ++i) | |
| { | |
| for (j = 0; j < 4; ++j) | |
| { | |
| (*state)[j][i] = getSBoxValue((*state)[j][i]); | |
| } | |
| } | |
| } | |
| // The ShiftRows() function shifts the rows in the state to the left. | |
| // Each row is shifted with different offset. | |
| // Offset = Row number. So the first row is not shifted. | |
| static void ShiftRows(state_t* state) | |
| { | |
| uint8_t temp; | |
| // Rotate first row 1 columns to left | |
| temp = (*state)[0][1]; | |
| (*state)[0][1] = (*state)[1][1]; | |
| (*state)[1][1] = (*state)[2][1]; | |
| (*state)[2][1] = (*state)[3][1]; | |
| (*state)[3][1] = temp; | |
| // Rotate second row 2 columns to left | |
| temp = (*state)[0][2]; | |
| (*state)[0][2] = (*state)[2][2]; | |
| (*state)[2][2] = temp; | |
| temp = (*state)[1][2]; | |
| (*state)[1][2] = (*state)[3][2]; | |
| (*state)[3][2] = temp; | |
| // Rotate third row 3 columns to left | |
| temp = (*state)[0][3]; | |
| (*state)[0][3] = (*state)[3][3]; | |
| (*state)[3][3] = (*state)[2][3]; | |
| (*state)[2][3] = (*state)[1][3]; | |
| (*state)[1][3] = temp; | |
| } | |
| static uint8_t xtime(uint8_t x) | |
| { | |
| return ((x<<1) ^ (((x>>7) & 1) * 0x1b)); | |
| } | |
| // MixColumns function mixes the columns of the state matrix | |
| static void MixColumns(state_t* state) | |
| { | |
| uint8_t i; | |
| uint8_t Tmp, Tm, t; | |
| for (i = 0; i < 4; ++i) | |
| { | |
| t = (*state)[i][0]; | |
| Tmp = (*state)[i][0] ^ (*state)[i][1] ^ (*state)[i][2] ^ (*state)[i][3] ; | |
| Tm = (*state)[i][0] ^ (*state)[i][1] ; Tm = xtime(Tm); (*state)[i][0] ^= Tm ^ Tmp ; | |
| Tm = (*state)[i][1] ^ (*state)[i][2] ; Tm = xtime(Tm); (*state)[i][1] ^= Tm ^ Tmp ; | |
| Tm = (*state)[i][2] ^ (*state)[i][3] ; Tm = xtime(Tm); (*state)[i][2] ^= Tm ^ Tmp ; | |
| Tm = (*state)[i][3] ^ t ; Tm = xtime(Tm); (*state)[i][3] ^= Tm ^ Tmp ; | |
| } | |
| } | |
| // Multiply is used to multiply numbers in the field GF(2^8) | |
| // Note: The last call to xtime() is unneeded, but often ends up generating a smaller binary | |
| // The compiler seems to be able to vectorize the operation better this way. | |
| // See https://github.com/kokke/tiny-AES-c/pull/34 | |
| #if MULTIPLY_AS_A_FUNCTION | |
| static uint8_t Multiply(uint8_t x, uint8_t y) | |
| { | |
| return (((y & 1) * x) ^ | |
| ((y>>1 & 1) * xtime(x)) ^ | |
| ((y>>2 & 1) * xtime(xtime(x))) ^ | |
| ((y>>3 & 1) * xtime(xtime(xtime(x)))) ^ | |
| ((y>>4 & 1) * xtime(xtime(xtime(xtime(x)))))); /* this last call to xtime() can be omitted */ | |
| } | |
| #else | |
| #define Multiply(x, y) \ | |
| ( ((y & 1) * x) ^ \ | |
| ((y>>1 & 1) * xtime(x)) ^ \ | |
| ((y>>2 & 1) * xtime(xtime(x))) ^ \ | |
| ((y>>3 & 1) * xtime(xtime(xtime(x)))) ^ \ | |
| ((y>>4 & 1) * xtime(xtime(xtime(xtime(x)))))) \ | |
| #endif | |
| // MixColumns function mixes the columns of the state matrix. | |
| // The method used to multiply may be difficult to understand for the inexperienced. | |
| // Please use the references to gain more information. | |
| static void InvMixColumns(state_t* state) | |
| { | |
| int i; | |
| uint8_t a, b, c, d; | |
| for (i = 0; i < 4; ++i) | |
| { | |
| a = (*state)[i][0]; | |
| b = (*state)[i][1]; | |
| c = (*state)[i][2]; | |
| d = (*state)[i][3]; | |
| (*state)[i][0] = Multiply(a, 0x0e) ^ Multiply(b, 0x0b) ^ Multiply(c, 0x0d) ^ Multiply(d, 0x09); | |
| (*state)[i][1] = Multiply(a, 0x09) ^ Multiply(b, 0x0e) ^ Multiply(c, 0x0b) ^ Multiply(d, 0x0d); | |
| (*state)[i][2] = Multiply(a, 0x0d) ^ Multiply(b, 0x09) ^ Multiply(c, 0x0e) ^ Multiply(d, 0x0b); | |
| (*state)[i][3] = Multiply(a, 0x0b) ^ Multiply(b, 0x0d) ^ Multiply(c, 0x09) ^ Multiply(d, 0x0e); | |
| } | |
| } | |
| // The SubBytes Function Substitutes the values in the | |
| // state matrix with values in an S-box. | |
| static void InvSubBytes(state_t* state) | |
| { | |
| uint8_t i, j; | |
| for (i = 0; i < 4; ++i) | |
| { | |
| for (j = 0; j < 4; ++j) | |
| { | |
| (*state)[j][i] = getSBoxInvert((*state)[j][i]); | |
| } | |
| } | |
| } | |
| static void InvShiftRows(state_t* state) | |
| { | |
| uint8_t temp; | |
| // Rotate first row 1 columns to right | |
| temp = (*state)[3][1]; | |
| (*state)[3][1] = (*state)[2][1]; | |
| (*state)[2][1] = (*state)[1][1]; | |
| (*state)[1][1] = (*state)[0][1]; | |
| (*state)[0][1] = temp; | |
| // Rotate second row 2 columns to right | |
| temp = (*state)[0][2]; | |
| (*state)[0][2] = (*state)[2][2]; | |
| (*state)[2][2] = temp; | |
| temp = (*state)[1][2]; | |
| (*state)[1][2] = (*state)[3][2]; | |
| (*state)[3][2] = temp; | |
| // Rotate third row 3 columns to right | |
| temp = (*state)[0][3]; | |
| (*state)[0][3] = (*state)[1][3]; | |
| (*state)[1][3] = (*state)[2][3]; | |
| (*state)[2][3] = (*state)[3][3]; | |
| (*state)[3][3] = temp; | |
| } | |
| // Cipher is the main function that encrypts the PlainText. | |
| static void Cipher(state_t* state, uint8_t* RoundKey) | |
| { | |
| uint8_t round = 0; | |
| // Add the First round key to the state before starting the rounds. | |
| AddRoundKey(0, state, RoundKey); | |
| // There will be Nr rounds. | |
| // The first Nr-1 rounds are identical. | |
| // These Nr-1 rounds are executed in the loop below. | |
| for (round = 1; round < Nr; ++round) | |
| { | |
| SubBytes(state); | |
| ShiftRows(state); | |
| MixColumns(state); | |
| AddRoundKey(round, state, RoundKey); | |
| } | |
| // The last round is given below. | |
| // The MixColumns function is not here in the last round. | |
| SubBytes(state); | |
| ShiftRows(state); | |
| AddRoundKey(Nr, state, RoundKey); | |
| } | |
| static void InvCipher(state_t* state,uint8_t* RoundKey) | |
| { | |
| uint8_t round = 0; | |
| // Add the First round key to the state before starting the rounds. | |
| AddRoundKey(Nr, state, RoundKey); | |
| // There will be Nr rounds. | |
| // The first Nr-1 rounds are identical. | |
| // These Nr-1 rounds are executed in the loop below. | |
| for (round = (Nr - 1); round > 0; --round) | |
| { | |
| InvShiftRows(state); | |
| InvSubBytes(state); | |
| AddRoundKey(round, state, RoundKey); | |
| InvMixColumns(state); | |
| } | |
| // The last round is given below. | |
| // The MixColumns function is not here in the last round. | |
| InvShiftRows(state); | |
| InvSubBytes(state); | |
| AddRoundKey(0, state, RoundKey); | |
| } | |
| /*****************************************************************************/ | |
| /* Public functions: */ | |
| /*****************************************************************************/ | |
| #if defined(ECB) && (ECB == 1) | |
| void AES_ECB_encrypt(struct AES_ctx *ctx, uint8_t* buf) | |
| { | |
| // The next function call encrypts the PlainText with the Key using AES algorithm. | |
| Cipher((state_t*)buf, ctx->RoundKey); | |
| } | |
| void AES_ECB_decrypt(struct AES_ctx* ctx, uint8_t* buf) | |
| { | |
| // The next function call decrypts the PlainText with the Key using AES algorithm. | |
| InvCipher((state_t*)buf, ctx->RoundKey); | |
| } | |
| #endif // #if defined(ECB) && (ECB == 1) | |
| #if defined(CBC) && (CBC == 1) | |
| static void XorWithIv(uint8_t* buf, uint8_t* Iv) | |
| { | |
| uint8_t i; | |
| for (i = 0; i < AES_BLOCKLEN; ++i) // The block in AES is always 128bit no matter the key size | |
| { | |
| buf[i] ^= Iv[i]; | |
| } | |
| } | |
| void AES_CBC_encrypt_buffer(struct AES_ctx *ctx,uint8_t* buf, uint32_t length) | |
| { | |
| uintptr_t i; | |
| uint8_t *Iv = ctx->Iv; | |
| for (i = 0; i < length; i += AES_BLOCKLEN) | |
| { | |
| XorWithIv(buf, Iv); | |
| Cipher((state_t*)buf, ctx->RoundKey); | |
| Iv = buf; | |
| buf += AES_BLOCKLEN; | |
| //printf("Step %d - %d", i/16, i); | |
| } | |
| /* store Iv in ctx for next call */ | |
| memcpy(ctx->Iv, Iv, AES_BLOCKLEN); | |
| } | |
| void AES_CBC_decrypt_buffer(struct AES_ctx* ctx, uint8_t* buf, uint32_t length) | |
| { | |
| uintptr_t i; | |
| uint8_t storeNextIv[AES_BLOCKLEN]; | |
| for (i = 0; i < length; i += AES_BLOCKLEN) | |
| { | |
| memcpy(storeNextIv, buf, AES_BLOCKLEN); | |
| InvCipher((state_t*)buf, ctx->RoundKey); | |
| XorWithIv(buf, ctx->Iv); | |
| memcpy(ctx->Iv, storeNextIv, AES_BLOCKLEN); | |
| buf += AES_BLOCKLEN; | |
| } | |
| } | |
| #endif // #if defined(CBC) && (CBC == 1) | |
| #if defined(CTR) && (CTR == 1) | |
| /* Symmetrical operation: same function for encrypting as for decrypting. Note any IV/nonce should never be reused with the same key */ | |
| void AES_CTR_xcrypt_buffer(struct AES_ctx* ctx, uint8_t* buf, uint32_t length) | |
| { | |
| uint8_t buffer[AES_BLOCKLEN]; | |
| unsigned i; | |
| int bi; | |
| for (i = 0, bi = AES_BLOCKLEN; i < length; ++i, ++bi) | |
| { | |
| if (bi == AES_BLOCKLEN) /* we need to regen xor compliment in buffer */ | |
| { | |
| memcpy(buffer, ctx->Iv, AES_BLOCKLEN); | |
| Cipher((state_t*)buffer,ctx->RoundKey); | |
| /* Increment Iv and handle overflow */ | |
| for (bi = (AES_BLOCKLEN - 1); bi >= 0; --bi) | |
| { | |
| /* inc will owerflow */ | |
| if (ctx->Iv[bi] == 255) | |
| { | |
| ctx->Iv[bi] = 0; | |
| continue; | |
| } | |
| ctx->Iv[bi] += 1; | |
| break; | |
| } | |
| bi = 0; | |
| } | |
| buf[i] = (buf[i] ^ buffer[bi]); | |
| } | |
| } | |
| #endif // #if defined(CTR) && (CTR == 1) | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #ifndef _AES_H_ | |
| #define _AES_H_ | |
| #include <stdint.h> | |
| // #define the macros below to 1/0 to enable/disable the mode of operation. | |
| // | |
| // CBC enables AES encryption in CBC-mode of operation. | |
| // CTR enables encryption in counter-mode. | |
| // ECB enables the basic ECB 16-byte block algorithm. All can be enabled simultaneously. | |
| // The #ifndef-guard allows it to be configured before #include'ing or at compile time. | |
| #ifndef CBC | |
| #define CBC 1 | |
| #endif | |
| #ifndef ECB | |
| #define ECB 1 | |
| #endif | |
| #ifndef CTR | |
| #define CTR 1 | |
| #endif | |
| #define AES128 1 | |
| //#define AES192 1 | |
| //#define AES256 1 | |
| #define AES_BLOCKLEN 16 //Block length in bytes AES is 128b block only | |
| #if defined(AES256) && (AES256 == 1) | |
| #define AES_KEYLEN 32 | |
| #define AES_keyExpSize 240 | |
| #elif defined(AES192) && (AES192 == 1) | |
| #define AES_KEYLEN 24 | |
| #define AES_keyExpSize 208 | |
| #else | |
| #define AES_KEYLEN 16 // Key length in bytes | |
| #define AES_keyExpSize 176 | |
| #endif | |
| struct AES_ctx | |
| { | |
| uint8_t RoundKey[AES_keyExpSize]; | |
| #if (defined(CBC) && (CBC == 1)) || (defined(CTR) && (CTR == 1)) | |
| uint8_t Iv[AES_BLOCKLEN]; | |
| #endif | |
| }; | |
| void AES_init_ctx(struct AES_ctx* ctx, const uint8_t* key); | |
| #if (defined(CBC) && (CBC == 1)) || (defined(CTR) && (CTR == 1)) | |
| void AES_init_ctx_iv(struct AES_ctx* ctx, const uint8_t* key, const uint8_t* iv); | |
| void AES_ctx_set_iv(struct AES_ctx* ctx, const uint8_t* iv); | |
| #endif | |
| #if defined(ECB) && (ECB == 1) | |
| // buffer size is exactly AES_BLOCKLEN bytes; | |
| // you need only AES_init_ctx as IV is not used in ECB | |
| // NB: ECB is considered insecure for most uses | |
| void AES_ECB_encrypt(struct AES_ctx* ctx, uint8_t* buf); | |
| void AES_ECB_decrypt(struct AES_ctx* ctx, uint8_t* buf); | |
| #endif // #if defined(ECB) && (ECB == !) | |
| #if defined(CBC) && (CBC == 1) | |
| // buffer size MUST be mutile of AES_BLOCKLEN; | |
| // Suggest https://en.wikipedia.org/wiki/Padding_(cryptography)#PKCS7 for padding scheme | |
| // NOTES: you need to set IV in ctx via AES_init_ctx_iv() or AES_ctx_set_iv() | |
| // no IV should ever be reused with the same key | |
| void AES_CBC_encrypt_buffer(struct AES_ctx* ctx, uint8_t* buf, uint32_t length); | |
| void AES_CBC_decrypt_buffer(struct AES_ctx* ctx, uint8_t* buf, uint32_t length); | |
| #endif // #if defined(CBC) && (CBC == 1) | |
| #if defined(CTR) && (CTR == 1) | |
| // Same function for encrypting as for decrypting. | |
| // IV is incremented for every block, and used after encryption as XOR-compliment for output | |
| // Suggesting https://en.wikipedia.org/wiki/Padding_(cryptography)#PKCS7 for padding scheme | |
| // NOTES: you need to set IV in ctx with AES_init_ctx_iv() or AES_ctx_set_iv() | |
| // no IV should ever be reused with the same key | |
| void AES_CTR_xcrypt_buffer(struct AES_ctx* ctx, uint8_t* buf, uint32_t length); | |
| #endif // #if defined(CTR) && (CTR == 1) | |
| #endif //_AES_H_ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Base64 encoder/decoder. Originally Apache file ap_base64.c | |
| */ | |
| #include <string.h> | |
| #include "base64.h" | |
| /* aaaack but it's fast and const should make it shared text page. */ | |
| static const unsigned char pr2six[256] = | |
| { | |
| /* ASCII table */ | |
| 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, | |
| 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, | |
| 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 62, 64, 64, 64, 63, | |
| 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 64, 64, 64, 64, 64, 64, | |
| 64, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, | |
| 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 64, 64, 64, 64, 64, | |
| 64, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, | |
| 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 64, 64, 64, 64, 64, | |
| 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, | |
| 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, | |
| 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, | |
| 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, | |
| 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, | |
| 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, | |
| 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, | |
| 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64 | |
| }; | |
| int Base64decode_len(const char *bufcoded) { | |
| int nbytesdecoded; | |
| register const unsigned char *bufin; | |
| register int nprbytes; | |
| bufin = (const unsigned char *) bufcoded; | |
| while (pr2six[*(bufin++)] <= 63); | |
| nprbytes = (bufin - (const unsigned char *) bufcoded) - 1; | |
| nbytesdecoded = ((nprbytes + 3) / 4) * 3; | |
| return nbytesdecoded + 1; | |
| } | |
| int Base64decode(char *bufplain, const char *bufcoded) { | |
| int nbytesdecoded; | |
| register const unsigned char *bufin; | |
| register unsigned char *bufout; | |
| register int nprbytes; | |
| bufin = (const unsigned char *) bufcoded; | |
| while (pr2six[*(bufin++)] <= 63); | |
| nprbytes = (bufin - (const unsigned char *) bufcoded) - 1; | |
| nbytesdecoded = ((nprbytes + 3) / 4) * 3; | |
| bufout = (unsigned char *) bufplain; | |
| bufin = (const unsigned char *) bufcoded; | |
| while (nprbytes > 4) { | |
| *(bufout++) = | |
| (unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4); | |
| *(bufout++) = | |
| (unsigned char) (pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2); | |
| *(bufout++) = | |
| (unsigned char) (pr2six[bufin[2]] << 6 | pr2six[bufin[3]]); | |
| bufin += 4; | |
| nprbytes -= 4; | |
| } | |
| /* Note: (nprbytes == 1) would be an error, so just ingore that case */ | |
| if (nprbytes > 1) { | |
| *(bufout++) = | |
| (unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4); | |
| } | |
| if (nprbytes > 2) { | |
| *(bufout++) = | |
| (unsigned char) (pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2); | |
| } | |
| if (nprbytes > 3) { | |
| *(bufout++) = | |
| (unsigned char) (pr2six[bufin[2]] << 6 | pr2six[bufin[3]]); | |
| } | |
| *(bufout++) = '\0'; | |
| nbytesdecoded -= (4 - nprbytes) & 3; | |
| return nbytesdecoded; | |
| } | |
| static const char basis_64[] = | |
| "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; | |
| int Base64encode_len(int len) { | |
| return ((len + 2) / 3 * 4) + 1; | |
| } | |
| int Base64encode(char *encoded, const char *string, int len) { | |
| int i; | |
| char *p; | |
| p = encoded; | |
| for (i = 0; i < len - 2; i += 3) { | |
| *p++ = basis_64[(string[i] >> 2) & 0x3F]; | |
| *p++ = basis_64[((string[i] & 0x3) << 4) | | |
| ((int) (string[i + 1] & 0xF0) >> 4)]; | |
| *p++ = basis_64[((string[i + 1] & 0xF) << 2) | | |
| ((int) (string[i + 2] & 0xC0) >> 6)]; | |
| *p++ = basis_64[string[i + 2] & 0x3F]; | |
| } | |
| if (i < len) { | |
| *p++ = basis_64[(string[i] >> 2) & 0x3F]; | |
| if (i == (len - 1)) { | |
| *p++ = basis_64[((string[i] & 0x3) << 4)]; | |
| *p++ = '='; | |
| } else { | |
| *p++ = basis_64[((string[i] & 0x3) << 4) | | |
| ((int) (string[i + 1] & 0xF0) >> 4)]; | |
| *p++ = basis_64[((string[i + 1] & 0xF) << 2)]; | |
| } | |
| *p++ = '='; | |
| } | |
| *p++ = '\0'; | |
| return p - encoded; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #ifndef _BASE64_H_ | |
| #define _BASE64_H_ | |
| #ifdef __cplusplus | |
| extern "C" { | |
| #endif | |
| int Base64encode_len(int len); | |
| int Base64encode(char *coded_dst, const char *plain_src, int len_plain_src); | |
| int Base64decode_len(const char *coded_src); | |
| int Base64decode(char *plain_dst, const char *coded_src); | |
| #ifdef __cplusplus | |
| } | |
| #endif | |
| #endif //_BASE64_H_ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <string.h> | |
| #include <stdint.h> | |
| #include <stdlib.h> | |
| #include <sys/time.h> | |
| #define CBC 1 | |
| #include "aes.h" | |
| #include "base64.h" | |
| #include "pkcs7_padding.h" | |
| static const uint8_t *key = "B31F2A75FBF94099"; | |
| static const uint8_t *iv = "1234567890123456"; | |
| static const unsigned char *base_src = "GyICyfqhJyFFvxpSkYMRaCECDDoteRkdAuEluGxPesfBlWOoYjmhRWJbpNUzXzESSpXXtgbqGEqjGPcPKkXrPeeMbZIBWRXVNHMM"; | |
| int intlen(int i) { | |
| char str[10]; | |
| sprintf(str, "%d", i); | |
| return strlen(str); | |
| } | |
| int times_run(int times) { | |
| size_t base_src_len = strlen(base_src); | |
| int modulus = 16; | |
| for (int i = 0; i < times; ++i) { | |
| size_t src_len = base_src_len + intlen(i); | |
| int src_size = src_len + modulus - (src_len % modulus); | |
| unsigned char *src = malloc(src_size); | |
| sprintf(src, "%s%d", base_src, i); | |
| // printf("SRC:%s\n", src); | |
| pkcs7_padding_pad_buffer(src, src_len, src_size, modulus); | |
| struct AES_ctx ctx1; | |
| AES_init_ctx_iv(&ctx1, key, iv); | |
| AES_CBC_encrypt_buffer(&ctx1, src, src_size); | |
| char *b = malloc(Base64encode_len(src_size)); | |
| Base64encode(b, src, src_size); | |
| // printf("AES:%s\n", b); | |
| int decode_len = Base64decode_len(b); | |
| char *decode = malloc(decode_len); | |
| int nbytes_decoded = Base64decode(decode, b); | |
| free(b); | |
| struct AES_ctx ctx; | |
| AES_init_ctx_iv(&ctx, key, iv); | |
| AES_CBC_decrypt_buffer(&ctx, decode, nbytes_decoded); | |
| size_t data_length = pkcs7_padding_data_length(decode, nbytes_decoded, modulus); | |
| decode[data_length] = 0; | |
| sprintf(src, "%s%d", base_src, i); | |
| if (strcmp(src, decode) != 0) { | |
| printf("failed!"); | |
| exit(-1); | |
| } | |
| free(src); | |
| free(decode); | |
| } | |
| } | |
| const int TIMES = 100000; | |
| int main() { | |
| struct timeval start, end; | |
| gettimeofday(&start, NULL); | |
| times_run(TIMES); | |
| gettimeofday(&end, NULL); | |
| long start_millis = start.tv_sec * 1000 + start.tv_usec / 1000; | |
| long end_millis = end.tv_sec * 1000 + end.tv_usec / 1000; | |
| printf("%ld-%ld\n", start_millis, end_millis); | |
| long millis = end_millis - start_millis; | |
| printf("cost %ld times/millis\n", TIMES / millis); | |
| } | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "pkcs7_padding.h" | |
| int pkcs7_padding_pad_buffer(uint8_t *buffer, size_t data_length, size_t buffer_size, uint8_t modulus) { | |
| uint8_t pad_byte = modulus - (data_length % modulus); | |
| if (data_length + pad_byte > buffer_size) { | |
| return -pad_byte; | |
| } | |
| for (int i = 0; i < pad_byte; i++) { | |
| buffer[data_length + i] = pad_byte; | |
| } | |
| return pad_byte; | |
| } | |
| int pkcs7_padding_valid(uint8_t *buffer, size_t data_length, size_t buffer_size, uint8_t modulus) { | |
| uint8_t expected_pad_byte = modulus - (data_length % modulus); | |
| if (data_length + expected_pad_byte > buffer_size) { | |
| return 0; | |
| } | |
| for (int i = 0; i < expected_pad_byte; i++) { | |
| if (buffer[data_length + i] != expected_pad_byte) { | |
| return 0; | |
| } | |
| } | |
| return 1; | |
| } | |
| size_t pkcs7_padding_data_length(uint8_t *buffer, size_t buffer_size, uint8_t modulus) { | |
| /* test for valid buffer size */ | |
| if (buffer_size % modulus != 0 || | |
| buffer_size < modulus) { | |
| return 0; | |
| } | |
| uint8_t padding_value; | |
| padding_value = buffer[buffer_size - 1]; | |
| /* test for valid padding value */ | |
| if (padding_value < 1 || padding_value > modulus) { | |
| return 0; | |
| } | |
| /* buffer must be at least padding_value + 1 in size */ | |
| if (buffer_size < padding_value + 1) { | |
| return 0; | |
| } | |
| uint8_t count = 1; | |
| buffer_size--; | |
| for (; count < padding_value; count++) { | |
| buffer_size--; | |
| if (buffer[buffer_size] != padding_value) { | |
| return 0; | |
| } | |
| } | |
| return buffer_size; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #ifndef _PKCS7_PADDING_H_ | |
| #define _PKCS7_PADDING_H_ | |
| #include <stdint.h> | |
| #include <stddef.h> | |
| /* Pad a buffer with bytes as defined in PKCS#7 | |
| * Returns the number of pad bytes added, or zero if | |
| * the buffer size is not large enough to hold the correctly padded data | |
| */ | |
| int pkcs7_padding_pad_buffer( uint8_t *buffer, size_t data_length, size_t buffer_size, uint8_t modulus ); | |
| int pkcs7_padding_valid( uint8_t *buffer, size_t data_length, size_t buffer_size, uint8_t modulus ); | |
| /* Given a block of pkcs7 padded data, return the actual data length in the block based on the padding applied. | |
| * buffer_size must be a multiple of modulus | |
| * last byte 'x' in buffer must be between 1 and modulus | |
| * buffer_size must be at least x + 1 in size | |
| * last 'x' bytes in buffer must be same as 'x' | |
| * returned size will be buffer_size - 'x' | |
| */ | |
| size_t pkcs7_padding_data_length( uint8_t * buffer, size_t buffer_size, uint8_t modulus ); | |
| #endif |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
bingoo@bingodeMacBook-Pro ~/C/clang_aes_benchmark> gcc -O *.c
bingoo@bingodeMacBook-Pro ~/C/clang_aes_benchmark> ./a.out
1545125680667-1545125681152
cost 206 times/millis