1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

280 lines
7.5 KiB
C
Raw Normal View History

/* Rijndael (AES) for GnuPG
* Copyright (C) 2000, 2001 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*******************************************************************
A version of rijndael.c modified by Brian Gladman to use his AES code
*/
#include <stdlib.h>
#include <string.h> /* for memcmp() */
#include "util.h"
#include "aes.h"
typedef struct
{ aes_encrypt_ctx ectx[1];
aes_decrypt_ctx dctx[1];
unsigned int klen;
unsigned int dkey;
} RIJNDAEL_context;
static const char *selftest(void);
static int tested = 0;
static void
burn_stack (int bytes)
{
char buf[64];
wipememory(buf,sizeof buf);
bytes -= sizeof buf;
if (bytes > 0)
burn_stack (bytes);
}
static int
rijndael_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen)
{ int rc;
if(!tested)
{ const char *tr;
tested = 1;
tr = selftest();
if(tr)
{
fprintf(stderr, "%s\n", tr );
return G10ERR_SELFTEST_FAILED;
}
}
ctx->klen = keylen;
ctx->dkey = 0;
rc = 0;
if(keylen == 16 || keylen == 24 || keylen == 32)
aes_encrypt_key(key, keylen, ctx->ectx);
else
rc = 1;
burn_stack ( 100 + 16*sizeof(int));
return rc;
}
static void
rijndael_encrypt (const RIJNDAEL_context *ctx, byte *b, const byte *a)
{
aes_encrypt(a, b, ctx->ectx);
burn_stack (16 + 2*sizeof(int));
}
static void
rijndael_decrypt (RIJNDAEL_context *ctx, byte *b, const byte *a)
{
if(!(ctx->dkey))
{
aes_decrypt_key((byte*)ctx->ectx, ctx->klen, ctx->dctx);
ctx->dkey = 1;
}
aes_decrypt(a, b, ctx->dctx);
burn_stack (16+2*sizeof(int));
}
/* Test a single encryption and decryption with each key size. */
static const char*
selftest (void)
{
RIJNDAEL_context ctx;
byte scratch[16];
/* The test vectors are from the AES supplied ones; more or less
* randomly taken from ecb_tbl.txt (I=42,81,14)
*/
static const byte plaintext[16] = {
0x01,0x4B,0xAF,0x22,0x78,0xA6,0x9D,0x33,
0x1D,0x51,0x80,0x10,0x36,0x43,0xE9,0x9A
};
static const byte key[16] = {
0xE8,0xE9,0xEA,0xEB,0xED,0xEE,0xEF,0xF0,
0xF2,0xF3,0xF4,0xF5,0xF7,0xF8,0xF9,0xFA
};
static const byte ciphertext[16] = {
0x67,0x43,0xC3,0xD1,0x51,0x9A,0xB4,0xF2,
0xCD,0x9A,0x78,0xAB,0x09,0xA5,0x11,0xBD
};
static const byte plaintext_192[16] = {
0x76,0x77,0x74,0x75,0xF1,0xF2,0xF3,0xF4,
0xF8,0xF9,0xE6,0xE7,0x77,0x70,0x71,0x72
};
static const byte key_192[24] = {
0x04,0x05,0x06,0x07,0x09,0x0A,0x0B,0x0C,
0x0E,0x0F,0x10,0x11,0x13,0x14,0x15,0x16,
0x18,0x19,0x1A,0x1B,0x1D,0x1E,0x1F,0x20
};
static const byte ciphertext_192[16] = {
0x5D,0x1E,0xF2,0x0D,0xCE,0xD6,0xBC,0xBC,
0x12,0x13,0x1A,0xC7,0xC5,0x47,0x88,0xAA
};
static const byte plaintext_256[16] = {
0x06,0x9A,0x00,0x7F,0xC7,0x6A,0x45,0x9F,
0x98,0xBA,0xF9,0x17,0xFE,0xDF,0x95,0x21
};
static const byte key_256[32] = {
0x08,0x09,0x0A,0x0B,0x0D,0x0E,0x0F,0x10,
0x12,0x13,0x14,0x15,0x17,0x18,0x19,0x1A,
0x1C,0x1D,0x1E,0x1F,0x21,0x22,0x23,0x24,
0x26,0x27,0x28,0x29,0x2B,0x2C,0x2D,0x2E
};
static const byte ciphertext_256[16] = {
0x08,0x0E,0x95,0x17,0xEB,0x16,0x77,0x71,
0x9A,0xCF,0x72,0x80,0x86,0x04,0x0A,0xE3
};
rijndael_setkey (&ctx, key, sizeof(key));
rijndael_encrypt (&ctx, scratch, plaintext);
if (memcmp (scratch, ciphertext, sizeof (ciphertext)))
return "Rijndael-128 test encryption failed.";
rijndael_decrypt (&ctx, scratch, scratch);
if (memcmp (scratch, plaintext, sizeof (plaintext)))
return "Rijndael-128 test decryption failed.";
rijndael_setkey (&ctx, key_192, sizeof(key_192));
rijndael_encrypt (&ctx, scratch, plaintext_192);
if (memcmp (scratch, ciphertext_192, sizeof (ciphertext_192)))
return "Rijndael-192 test encryption failed.";
rijndael_decrypt (&ctx, scratch, scratch);
if (memcmp (scratch, plaintext_192, sizeof (plaintext_192)))
return "Rijndael-192 test decryption failed.";
rijndael_setkey (&ctx, key_256, sizeof(key_256));
rijndael_encrypt (&ctx, scratch, plaintext_256);
if (memcmp (scratch, ciphertext_256, sizeof (ciphertext_256)))
return "Rijndael-256 test encryption failed.";
rijndael_decrypt (&ctx, scratch, scratch);
if (memcmp (scratch, plaintext_256, sizeof (plaintext_256)))
return "Rijndael-256 test decryption failed.";
return NULL;
}
#ifdef IS_MODULE
static
#endif
const char *
rijndael_get_info (int algo, size_t *keylen,
size_t *blocksize, size_t *contextsize,
int (**r_setkey) (void *c, byte *key, unsigned keylen),
void (**r_encrypt) (void *c, byte *outbuf, byte *inbuf),
void (**r_decrypt) (void *c, byte *outbuf, byte *inbuf)
)
{
*keylen = algo==7? 128 : algo==8? 192 : 256;
*blocksize = 16;
*contextsize = sizeof (RIJNDAEL_context);
*(int (**)(RIJNDAEL_context*, const byte*, const unsigned))r_setkey
= rijndael_setkey;
*(void (**)(const RIJNDAEL_context*, byte*, const byte*))r_encrypt
= rijndael_encrypt;
*(void (**)(RIJNDAEL_context*, byte*, const byte*))r_decrypt
= rijndael_decrypt;
if( algo == 7 )
return "AES";
if (algo == 8)
return "AES192";
if (algo == 9)
return "AES256";
return NULL;
}
#ifdef IS_MODULE
static
const char * const gnupgext_version = "RIJNDAEL ($Revision$)";
static struct {
int class;
int version;
int value;
void (*func)(void);
} func_table[] = {
{ 20, 1, 0, (void*)rijndael_get_info },
{ 21, 1, 7 },
{ 21, 1, 8 },
{ 21, 1, 9 },
};
/****************
* Enumerate the names of the functions together with information about
* this function. Set sequence to an integer with a initial value of 0 and
* do not change it.
* If what is 0 all kind of functions are returned.
* Return values: class := class of function:
* 10 = message digest algorithm info function
* 11 = integer with available md algorithms
* 20 = cipher algorithm info function
* 21 = integer with available cipher algorithms
* 30 = public key algorithm info function
* 31 = integer with available pubkey algorithms
* version = interface version of the function/pointer
* (currently this is 1 for all functions)
*/
static
void *
gnupgext_enum_func ( int what, int *sequence, int *class, int *vers )
{
void *ret;
int i = *sequence;
do {
if ( i >= DIM(func_table) || i < 0 ) {
return NULL;
}
*class = func_table[i].class;
*vers = func_table[i].version;
switch( *class ) {
case 11:
case 21:
case 31:
ret = &func_table[i].value;
break;
default:
ret = func_table[i].func;
break;
}
i++;
} while ( what && what != *class );
*sequence = i;
return ret;
}
#endif