Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
AES128 Counter Mode implementation in C#
// The MIT License (MIT)
// Copyright (c) 2014 Hans Wolff
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.Collections.Generic;
using System.Security.Cryptography;
public class Aes128CounterMode : SymmetricAlgorithm
{
private readonly byte[] _counter;
private readonly AesManaged _aes;
public Aes128CounterMode(byte[] counter)
{
if (counter == null) throw new ArgumentNullException("counter");
if (counter.Length != 16)
throw new ArgumentException(String.Format("Counter size must be same as block size (actual: {0}, expected: {1})",
counter.Length, 16));
_aes = new AesManaged
{
Mode = CipherMode.ECB,
Padding = PaddingMode.None
};
_counter = counter;
}
public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] ignoredParameter)
{
return new CounterModeCryptoTransform(_aes, rgbKey, _counter);
}
public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] ignoredParameter)
{
return new CounterModeCryptoTransform(_aes, rgbKey, _counter);
}
public override void GenerateKey()
{
_aes.GenerateKey();
}
public override void GenerateIV()
{
// IV not needed in Counter Mode
}
}
public class CounterModeCryptoTransform : ICryptoTransform
{
private readonly byte[] _counter;
private readonly ICryptoTransform _counterEncryptor;
private readonly Queue<byte> _xorMask = new Queue<byte>();
private readonly SymmetricAlgorithm _symmetricAlgorithm;
public CounterModeCryptoTransform(SymmetricAlgorithm symmetricAlgorithm, byte[] key, byte[] counter)
{
if (symmetricAlgorithm == null) throw new ArgumentNullException("symmetricAlgorithm");
if (key == null) throw new ArgumentNullException("key");
if (counter == null) throw new ArgumentNullException("counter");
if (counter.Length != symmetricAlgorithm.BlockSize / 8)
throw new ArgumentException(String.Format("Counter size must be same as block size (actual: {0}, expected: {1})",
counter.Length, symmetricAlgorithm.BlockSize / 8));
_symmetricAlgorithm = symmetricAlgorithm;
_counter = counter;
var zeroIv = new byte[_symmetricAlgorithm.BlockSize / 8];
_counterEncryptor = symmetricAlgorithm.CreateEncryptor(key, zeroIv);
}
public byte[] TransformFinalBlock(byte[] inputBuffer, int inputOffset, int inputCount)
{
var output = new byte[inputCount];
TransformBlock(inputBuffer, inputOffset, inputCount, output, 0);
return output;
}
public int TransformBlock(byte[] inputBuffer, int inputOffset, int inputCount, byte[] outputBuffer, int outputOffset)
{
for (var i = 0; i < inputCount; i++)
{
if (NeedMoreXorMaskBytes()) EncryptCounterThenIncrement();
var mask = _xorMask.Dequeue();
outputBuffer[outputOffset + i] = (byte)(inputBuffer[inputOffset + i] ^ mask);
}
return inputCount;
}
private bool NeedMoreXorMaskBytes()
{
return _xorMask.Count == 0;
}
private void EncryptCounterThenIncrement()
{
var counterModeBlock = new byte[_symmetricAlgorithm.BlockSize / 8];
_counterEncryptor.TransformBlock(_counter, 0, _counter.Length, counterModeBlock, 0);
IncrementCounter();
foreach (var b in counterModeBlock)
{
_xorMask.Enqueue(b);
}
}
private void IncrementCounter()
{
for (var i = _counter.Length - 1; i >= 0; i--)
{
if (++_counter[i] != 0)
break;
}
}
public int InputBlockSize { get { return _symmetricAlgorithm.BlockSize / 8; } }
public int OutputBlockSize { get { return _symmetricAlgorithm.BlockSize / 8; } }
public bool CanTransformMultipleBlocks { get { return true; } }
public bool CanReuseTransform { get { return false; } }
public void Dispose()
{
}
}
@ghost

This comment has been minimized.

Copy link

commented Oct 5, 2014

Any chance you can give a call-example (from a main of a console app.) of how to encrypt/decrypt a plain text with your code?
And how to use it if there is actually a random IV present?
Thanks

@nick-wellinghoff-sp

This comment has been minimized.

Copy link

commented Jan 6, 2015

This code does not work AT ALL. You don't even call the base constructor....

@masantiago

This comment has been minimized.

Copy link

commented Feb 14, 2015

Thank you very much! It works perfect. I've even compared it to openssl implementation and it yields the same result. Good job!

@anzun

This comment has been minimized.

Copy link

commented Oct 16, 2015

Hello, could you please give me a hint how to call the Aes128CounterMode?

Aes128CounterMode aes128 = new Aes128CounterMode(Counter);
aes128.GenerateKey(); // this is not generating a key? is it?
aes128.GenerateIV();
byte[] byteKey = aes128.Key; // aes128.Key is Null
byte[] byteIV = aes128.IV;
aes128.CreateEncryptor(byteKey, byteIV);

@anzun

This comment has been minimized.

Copy link

commented Oct 16, 2015

2nd question: what has to be adjusted in the above code to create an Aes256CounterMode

@mochasoft

This comment has been minimized.

Copy link

commented Nov 5, 2015

try

Aes128CounterMode am;
ICryptoTransform ict;
am = new Aes128CounterMode(iv);
ict = am.CreateEncryptor(key, null);
ict.TransformBlock(input, 0, input.Length, result, 0);

Good job making the class. It works correct when accessing a Mac running as a SSH2 server.

@martinprikryl

This comment has been minimized.

Copy link

commented Jul 5, 2018

Despite some previous comments, the code works correctly.

For a compact standalone code based on this, see https://stackoverflow.com/q/6374437/850848#51188472

@10sa

This comment has been minimized.

Copy link

commented Apr 11, 2019

Is this apply CTR mode's 'nonce'? It seems be like not apply. If not apply nonce, This is code isn't safely.

nonce is working like 'Initialization Vector', This is provide Safety against pattern attacks.

@ramiz-shahid

This comment has been minimized.

Copy link

commented May 12, 2019

can you please give me example with data and key only ? i am confused with is counter now ?

@bronze1man

This comment has been minimized.

Copy link

commented Jun 5, 2019

As the class AesManaged no exist vs2017 and uwp environment, i wrote a new one that works on that environment, it may help me and others .
https://gist.github.com/bronze1man/68f88494c88eb3fc647c447b36138134

@bigphil2048

This comment has been minimized.

Copy link

commented Sep 12, 2019

Could you please assist. So far I've tried various code samples but yours seems to get the closest to the answer. I need to decrypt a received message to further use the information stored therein.

static string AesKey = "BF79381658C20F2886A280E3358F12EA"; static string AesIV = "2b2b2b2b2b2b2b2b2b2b2b2b2b2b2b2b"; static string EncText = "F85C9646B3E57B1F1F46"; static string ExpectedResult = "8000fd10000000002426";
I can get to the result using: [http://www.cryptogrium.com/aes-ctr.html]

With your code I'm getting this result: 3F-00-3F-10-00-00-00-00-24-26

Code to call this lib:
` static string DecryptStringFromBytes_AesCtr(byte[] cipherText, byte[] Key, byte[] IV)
{
string Result = "";

        try
        {
            using (Aes128CounterMode aesAlg = new Aes128CounterMode(IV))
            {

                ICryptoTransform decryptor = aesAlg.CreateDecryptor(Key, IV);

                using (MemoryStream msDecrypt = new MemoryStream(cipherText))
                {
                    using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
                    {
                        using (StreamReader srDecrypt = new StreamReader(csDecrypt))
                        {
                            Result = srDecrypt.ReadToEnd();
                        }
                    }
                }
            }
        }
        catch (Exception ex)
        {
            Result = "Error: " + ex.Message;
        }
        return Result;
    }

`

Code I'm using to build byte arrays from hex values:
` static byte[] HexValuesToBytes(string HexValues)
{
byte[] Result = new byte[HexValues.Length / 2];

        for (int i = 0; i < (HexValues.Length / 2); i++)
        {
            string tStr = HexValues.Substring(i * 2, 2);
            uint hval = Convert.ToUInt32(tStr, 16);
            Result[i] = Convert.ToByte(hval);
        }

        return Result;

    }

`
Any help will be appreciated.

Thanks
Philip

@lellis1936

This comment has been minimized.

Copy link

commented Oct 9, 2019

Been a while since the question was posted, but...

bigphil2048, the encryption class is working. Your problem is that you are trying to pass a CryptoStream (binary data) through a StreamReader. Not a good idea because there are code translations that happen which garble the result.

Instead of returning a string from your decryption you must return a byte array, e.g. replace

                       using (StreamReader srDecrypt = new StreamReader(csDecrypt))
                        {
                            Result = srDecrypt.ReadToEnd();
                        }

with

                         using (BinaryReader srDecrypt = new BinaryReader(csDecrypt))
                        {
                            Result = srDecrypt.ReadBytes(10);
                        }

(other coding changes are needed to make this compile, but you should get the drift)

@lellis1936

This comment has been minimized.

Copy link

commented Oct 17, 2019

The encryption/decryption speed can be about doubled by using some UNSAFE C# code (if acceptable in your project). I have code if anyone is interested.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.