AES Cipher header file for ANSI C Submissions Lawrence E. Bassham III Computer Security Division National Institute of Standards and Technology
This sample is to assist implementers developing to the Cryptographic API Profile for AES Candidate Algorithm Submissions. Please consult this document as a cross-reference.
ANY CHANGES, WHERE APPROPRIATE, TO INFORMATION PROVIDED IN THIS FILE MUST BE DOCUMENTED. CHANGES ARE ONLY APPROPRIATE WHERE SPECIFIED WITH THE STRING "CHANGE POSSIBLE". FUNCTION CALLS AND THEIR PARAMETERS CANNOT BE CHANGED. STRUCTURES CAN BE ALTERED TO ALLOW IMPLEMENTERS TO INCLUDE IMPLEMENTATION SPECIFIC INFORMATION.
Definition in file thig_aes.h.
#include <stdio.h>
#include "thig_platform.h"
Go to the source code of this file.
Data Structures | |
| struct | keyInstance |
| The structure for key information. More... | |
| struct | cipherInstance |
| The structure for cipher information. More... | |
Defines | |
| #define | DIR_ENCRYPT 0 |
| Are we encrpyting? | |
| #define | DIR_DECRYPT 1 |
| Are we decrpyting? | |
| #define | MODE_ECB 1 |
| Are we ciphering in ECB mode? | |
| #define | MODE_CBC 2 |
| Are we ciphering in CBC mode? | |
| #define | MODE_CFB1 3 |
| Are we ciphering in 1-bit CFB mode? | |
| #define | TRUE 1 |
| #define | FALSE 0 |
| #define | BAD_KEY_DIR -1 |
| Key direction is invalid (unknown value). | |
| #define | BAD_KEY_MAT -2 |
| Key material not of correct length. | |
| #define | BAD_KEY_INSTANCE -3 |
| Key passed is not valid. | |
| #define | BAD_CIPHER_MODE -4 |
| Params struct passed to cipherInit invalid. | |
| #define | BAD_CIPHER_STATE -5 |
| Cipher in wrong state (e.g., not initialized). | |
| #define | MAX_KEY_SIZE 64 |
| TWOFISH specific definitions # of ASCII chars needed to represent a key. | |
| #define | MAX_IV_SIZE 16 |
| # of bytes needed to represent an IV | |
| #define | BAD_INPUT_LEN -6 |
| inputLen not a multiple of block size | |
| #define | BAD_PARAMS -7 |
| invalid parameters | |
| #define | BAD_IV_MAT -8 |
| invalid IV text | |
| #define | BAD_ENDIAN -9 |
| incorrect endianness define | |
| #define | BAD_ALIGN32 -10 |
| incorrect 32-bit alignment | |
| #define | BLOCK_SIZE 128 |
| number of bits per block | |
| #define | MAX_ROUNDS 16 |
| max # rounds (for allocating subkey array) | |
| #define | ROUNDS_128 16 |
| default number of rounds for 128-bit keys | |
| #define | ROUNDS_192 16 |
| default number of rounds for 192-bit keys | |
| #define | ROUNDS_256 16 |
| default number of rounds for 256-bit keys | |
| #define | MAX_KEY_BITS 256 |
| max number of bits of key | |
| #define | MIN_KEY_BITS 128 |
| min number of bits of key (zero pad) | |
| #define | VALID_SIG 0x48534946 |
| initialization signature ('FISH') | |
| #define | MCT_OUTER 400 |
| MCT outer loop. | |
| #define | MCT_INNER 10000 |
| MCT inner loop. | |
| #define | REENTRANT 1 |
| nonzero forces reentrant code (slightly slower) | |
| #define | INPUT_WHITEN 0 |
| subkey array indices | |
| #define | OUTPUT_WHITEN ( INPUT_WHITEN + BLOCK_SIZE/32) |
| #define | ROUND_SUBKEYS (OUTPUT_WHITEN + BLOCK_SIZE/32) |
| use 2 * (# rounds) | |
| #define | TOTAL_SUBKEYS (ROUND_SUBKEYS + 2*MAX_ROUNDS) |
| #define | TAB_DISABLE 0 |
| API to check table usage, for use in ECB_TBL KAT. | |
| #define | TAB_ENABLE 1 |
| #define | TAB_RESET 2 |
| #define | TAB_QUERY 3 |
| #define | TAB_MIN_QUERY 50 |
| #define | CONST |
| helpful C++ syntax sugar, NOP for ANSI C optimize block copies | |
| #define | Copy1(d, s, N) ((DWORD *)(d))[N] = ((DWORD *)(s))[N] |
| #define | BlockCopy(d, s) { Copy1(d,s,0);Copy1(d,s,1);Copy1(d,s,2);Copy1(d,s,3); } |
Typedefs | |
| typedef unsigned char | BYTE |
| typedef unsigned long | DWORD |
| typedef DWORD | fullSbox [4][256] |
Functions | |
| int | makeKey (keyInstance *key, BYTE direction, int keyLen, char *keyMaterial) |
| Function protoypes. | |
| int | cipherInit (cipherInstance *cipher, BYTE mode, char *IV) |
| int | blockEncrypt (cipherInstance *cipher, keyInstance *key, BYTE *input, int inputLen, BYTE *outBuffer) |
| int | blockDecrypt (cipherInstance *cipher, keyInstance *key, BYTE *input, int inputLen, BYTE *outBuffer) |
| int | reKey (keyInstance *key) |
| do key schedule using modified key.keyDwords | |
| int | TableOp (int op) |
| #define DIR_ENCRYPT 0 |
Are we encrpyting?
Definition at line 38 of file thig_aes.h.
Referenced by makeKey(), and thig_key_and_cipher_init().
| #define DIR_DECRYPT 1 |
| #define MODE_ECB 1 |
Are we ciphering in ECB mode?
Definition at line 40 of file thig_aes.h.
Referenced by blockDecrypt(), blockEncrypt(), and cipherInit().
| #define MODE_CBC 2 |
Are we ciphering in CBC mode?
Definition at line 41 of file thig_aes.h.
Referenced by blockDecrypt(), blockEncrypt(), and cipherInit().
| #define MODE_CFB1 3 |
Are we ciphering in 1-bit CFB mode?
Definition at line 42 of file thig_aes.h.
Referenced by blockDecrypt(), blockEncrypt(), and cipherInit().
| #define TRUE 1 |
Definition at line 44 of file thig_aes.h.
| #define FALSE 0 |
Definition at line 45 of file thig_aes.h.
| #define BAD_KEY_DIR -1 |
Key direction is invalid (unknown value).
Definition at line 47 of file thig_aes.h.
Referenced by makeKey().
| #define BAD_KEY_MAT -2 |
Key material not of correct length.
Definition at line 48 of file thig_aes.h.
Referenced by makeKey(), and ParseHexDword().
| #define BAD_KEY_INSTANCE -3 |
Key passed is not valid.
Definition at line 49 of file thig_aes.h.
Referenced by blockDecrypt(), blockEncrypt(), makeKey(), and reKey().
| #define BAD_CIPHER_MODE -4 |
Params struct passed to cipherInit invalid.
Definition at line 50 of file thig_aes.h.
Referenced by cipherInit().
| #define BAD_CIPHER_STATE -5 |
Cipher in wrong state (e.g., not initialized).
Definition at line 51 of file thig_aes.h.
Referenced by blockDecrypt(), and blockEncrypt().
| #define MAX_KEY_SIZE 64 |
TWOFISH specific definitions # of ASCII chars needed to represent a key.
Definition at line 55 of file thig_aes.h.
Referenced by makeKey().
| #define MAX_IV_SIZE 16 |
| #define BAD_INPUT_LEN -6 |
inputLen not a multiple of block size
Definition at line 57 of file thig_aes.h.
Referenced by blockDecrypt(), and blockEncrypt().
| #define BAD_PARAMS -7 |
| #define BAD_IV_MAT -8 |
| #define BAD_ENDIAN -9 |
incorrect endianness define
Definition at line 60 of file thig_aes.h.
Referenced by ParseHexDword().
| #define BAD_ALIGN32 -10 |
incorrect 32-bit alignment
Definition at line 61 of file thig_aes.h.
Referenced by blockDecrypt(), blockEncrypt(), cipherInit(), makeKey(), ParseHexDword(), and reKey().
| #define BLOCK_SIZE 128 |
number of bits per block
Definition at line 63 of file thig_aes.h.
Referenced by blockDecrypt(), blockEncrypt(), cipherInit(), and thig_key_and_cipher_init().
| #define MAX_ROUNDS 16 |
max # rounds (for allocating subkey array)
Definition at line 64 of file thig_aes.h.
Referenced by blockDecrypt(), and blockEncrypt().
| #define ROUNDS_128 16 |
| #define ROUNDS_192 16 |
| #define ROUNDS_256 16 |
| #define MAX_KEY_BITS 256 |
| #define MIN_KEY_BITS 128 |
min number of bits of key (zero pad)
Definition at line 69 of file thig_aes.h.
Referenced by reKey().
| #define VALID_SIG 0x48534946 |
initialization signature ('FISH')
Definition at line 70 of file thig_aes.h.
Referenced by blockDecrypt(), blockEncrypt(), cipherInit(), and makeKey().
| #define MCT_OUTER 400 |
| #define MCT_INNER 10000 |
| #define REENTRANT 1 |
| #define INPUT_WHITEN 0 |
subkey array indices
Definition at line 75 of file thig_aes.h.
Referenced by blockDecrypt(), and blockEncrypt().
| #define OUTPUT_WHITEN ( INPUT_WHITEN + BLOCK_SIZE/32) |
| #define ROUND_SUBKEYS (OUTPUT_WHITEN + BLOCK_SIZE/32) |
use 2 * (# rounds)
Definition at line 77 of file thig_aes.h.
Referenced by blockDecrypt(), blockEncrypt(), and reKey().
| #define TOTAL_SUBKEYS (ROUND_SUBKEYS + 2*MAX_ROUNDS) |
| #define TAB_DISABLE 0 |
API to check table usage, for use in ECB_TBL KAT.
Definition at line 149 of file thig_aes.h.
Referenced by TableOp().
| #define TAB_ENABLE 1 |
| #define TAB_RESET 2 |
| #define TAB_QUERY 3 |
| #define TAB_MIN_QUERY 50 |
| #define CONST |
helpful C++ syntax sugar, NOP for ANSI C optimize block copies
Definition at line 157 of file thig_aes.h.
Definition at line 160 of file thig_aes.h.
| #define BlockCopy | ( | d, | |||
| s | ) | { Copy1(d,s,0);Copy1(d,s,1);Copy1(d,s,2);Copy1(d,s,3); } |
Definition at line 161 of file thig_aes.h.
| typedef unsigned char BYTE |
Definition at line 85 of file thig_aes.h.
| typedef unsigned long DWORD |
Definition at line 86 of file thig_aes.h.
Definition at line 87 of file thig_aes.h.
| int makeKey | ( | keyInstance * | key, | |
| BYTE | direction, | |||
| int | keyLen, | |||
| char * | keyMaterial | |||
| ) |
| int cipherInit | ( | cipherInstance * | cipher, | |
| BYTE | mode, | |||
| char * | IV | |||
| ) |
Referenced by thig_key_and_cipher_init().
| int blockEncrypt | ( | cipherInstance * | cipher, | |
| keyInstance * | key, | |||
| BYTE * | input, | |||
| int | inputLen, | |||
| BYTE * | outBuffer | |||
| ) |
Referenced by blockDecrypt(), blockEncrypt(), and thig_encrypt().
| int blockDecrypt | ( | cipherInstance * | cipher, | |
| keyInstance * | key, | |||
| BYTE * | input, | |||
| int | inputLen, | |||
| BYTE * | outBuffer | |||
| ) |
Referenced by thig_decrypt().
| int reKey | ( | keyInstance * | key | ) |
do key schedule using modified key.keyDwords
Definition at line 303 of file thig_twofish2.c.
References BAD_ALIGN32, BAD_KEY_INSTANCE, DebugDumpKey, f32(), keyInstance::keyLen, MAX_KEY_BITS, MIN_KEY_BITS, keyInstance::numRounds, ROL, ROUND_SUBKEYS, RS_MDS_Encode(), SK_BUMP, SK_ROTL, SK_STEP, TOTAL_SUBKEYS, and TRUE.
Referenced by makeKey(), and thig_key_and_cipher_init().
00304 { 00305 int i,k64Cnt; 00306 int keyLen = key->keyLen; 00307 int subkeyCnt = ROUND_SUBKEYS + 2*key->numRounds; 00308 DWORD A,B; 00309 DWORD k32e[MAX_KEY_BITS/64],k32o[MAX_KEY_BITS/64]; /* even/odd key dwords */ 00310 00311 #if VALIDATE_PARMS 00312 #if ALIGN32 00313 if ((((int)key) & 3) || (((int)key->key32) & 3)) 00314 return BAD_ALIGN32; 00315 #endif 00316 if ((key->keyLen % 64) || (key->keyLen < MIN_KEY_BITS)) 00317 return BAD_KEY_INSTANCE; 00318 if (subkeyCnt > TOTAL_SUBKEYS) 00319 return BAD_KEY_INSTANCE; 00320 #endif 00321 00322 k64Cnt=(keyLen+63)/64; /* round up to next multiple of 64 bits */ 00323 for (i=0;i<k64Cnt;i++) 00324 { /* split into even/odd key dwords */ 00325 k32e[i]=key->key32[2*i ]; 00326 k32o[i]=key->key32[2*i+1]; 00327 /* compute S-box keys using (12,8) Reed-Solomon code over GF(256) */ 00328 key->sboxKeys[k64Cnt-1-i]=RS_MDS_Encode(k32e[i],k32o[i]); /* reverse order */ 00329 } 00330 00331 for (i=0;i<subkeyCnt/2;i++) /* compute round subkeys for PHT */ 00332 { 00333 A = f32(i*SK_STEP ,k32e,keyLen); /* A uses even key dwords */ 00334 B = f32(i*SK_STEP+SK_BUMP,k32o,keyLen); /* B uses odd key dwords */ 00335 B = ROL(B,8); 00336 key->subKeys[2*i ] = A+ B; /* combine with a PHT */ 00337 key->subKeys[2*i+1] = ROL(A+2*B,SK_ROTL); 00338 } 00339 00340 DebugDumpKey(key); 00341 00342 return TRUE; 00343 }
| int TableOp | ( | int | op | ) |
Definition at line 83 of file thig_twofish2.c.
References ALL_USED, FALSE, TAB_DISABLE, TAB_ENABLE, TAB_MIN_QUERY, TAB_QUERY, TAB_RESET, tabEnable, tabUsed, and TRUE.
00084 { 00085 static int queryCnt=0; 00086 int i; 00087 switch (op) 00088 { 00089 case TAB_DISABLE: 00090 tabEnable=0; 00091 break; 00092 case TAB_ENABLE: 00093 tabEnable=1; 00094 break; 00095 case TAB_RESET: 00096 queryCnt=0; 00097 for (i=0;i<256;i++) 00098 tabUsed[i]=0; 00099 break; 00100 case TAB_QUERY: 00101 queryCnt++; 00102 for (i=0;i<256;i++) 00103 if (tabUsed[i] != ALL_USED) 00104 return FALSE; 00105 if (queryCnt < TAB_MIN_QUERY) /* do a certain minimum number */ 00106 return FALSE; 00107 break; 00108 } 00109 return TRUE; 00110 }
1.5.2