Arduino base64 & AES128(CBC) 函示庫 – 單晶片 克服/避免 使用 C/C++動態配置記憶體功能的方法
Arduino base64 & AES128(CBC) 函示庫 – 單晶片 克服/避免 使用C/C++動態配置記憶體功能的方法
資料來源:
https://www.arduino.cc/reference/en/libraries/base64/
https://www.arduino.cc/reference/en/libraries/aeslib/
http://jashliao.eu/wordpress/2022/01/22/c-c-vs-php-aes128_ecb_pkcs5padding/ [純C使用動態配置記憶體]
GITHUB: https://github.com/jash-git/Jash-good-idea-20220101-001/tree/main/Arduino%20base64%20%26%20AES128(CBC)%20%E5%87%BD%E7%A4%BA%E5%BA%AB%20-%20%E5%96%AE%E6%99%B6%E7%89%87%20%E5%85%8B%E6%9C%8D%E9%81%BF%E5%85%8D%20%E4%BD%BF%E7%94%A8CC%2B%2B%E5%8B%95%E6%85%8B%E9%85%8D%E7%BD%AE%E8%A8%98%E6%86%B6%E9%AB%94%E5%8A%9F%E8%83%BD%E7%9A%84%E6%96%B9%E6%B3%95
Base64.h
/*
Copyright (C) 2016 Arturo Guadalupi. All right reserved.
This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
*/
#ifndef _BASE64_H
#define _BASE64_H
class Base64Class{
public:
int encode(char *output, char *input, int inputLength);
int decode(char * output, char * input, int inputLength);
int encodedLength(int plainLength);
int decodedLength(char * input, int inputLength);
private:
inline void fromA3ToA4(unsigned char * A4, unsigned char * A3);
inline void fromA4ToA3(unsigned char * A3, unsigned char * A4);
inline unsigned char lookupTable(char c);
};
extern Base64Class Base64;
#endif // _BASE64_H
Base64.cpp
/*
Copyright (C) 2016 Arturo Guadalupi. All right reserved.
This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
*/
#include "Base64.h"
#include <Arduino.h>
#if (defined(__AVR__))
#include <avr/pgmspace.h>
#else
#include <pgmspace.h>
#endif
const char PROGMEM _Base64AlphabetTable[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789+/";
int Base64Class::encode(char *output, char *input, int inputLength) {
int i = 0, j = 0;
int encodedLength = 0;
unsigned char A3[3];
unsigned char A4[4];
while(inputLength--) {
A3[i++] = *(input++);
if(i == 3) {
fromA3ToA4(A4, A3);
for(i = 0; i < 4; i++) {
output[encodedLength++] = pgm_read_byte(&_Base64AlphabetTable[A4[i]]);
}
i = 0;
}
}
if(i) {
for(j = i; j < 3; j++) {
A3[j] = '\0';
}
fromA3ToA4(A4, A3);
for(j = 0; j < i + 1; j++) {
output[encodedLength++] = pgm_read_byte(&_Base64AlphabetTable[A4[j]]);
}
while((i++ < 3)) {
output[encodedLength++] = '=';
}
}
output[encodedLength] = '\0';
return encodedLength;
}
int Base64Class::decode(char * output, char * input, int inputLength) {
int i = 0, j = 0;
int decodedLength = 0;
unsigned char A3[3];
unsigned char A4[4];
while (inputLength--) {
if(*input == '=') {
break;
}
A4[i++] = *(input++);
if (i == 4) {
for (i = 0; i <4; i++) {
A4[i] = lookupTable(A4[i]);
}
fromA4ToA3(A3,A4);
for (i = 0; i < 3; i++) {
output[decodedLength++] = A3[i];
}
i = 0;
}
}
if (i) {
for (j = i; j < 4; j++) {
A4[j] = '\0';
}
for (j = 0; j <4; j++) {
A4[j] = lookupTable(A4[j]);
}
fromA4ToA3(A3,A4);
for (j = 0; j < i - 1; j++) {
output[decodedLength++] = A3[j];
}
}
output[decodedLength] = '\0';
return decodedLength;
}
int Base64Class::encodedLength(int plainLength) {
int n = plainLength;
return (n + 2 - ((n + 2) % 3)) / 3 * 4;
}
int Base64Class::decodedLength(char * input, int inputLength) {
int i = 0;
int numEq = 0;
for(i = inputLength - 1; input[i] == '='; i--) {
numEq++;
}
return ((6 * inputLength) / 8) - numEq;
}
//Private utility functions
inline void Base64Class::fromA3ToA4(unsigned char * A4, unsigned char * A3) {
A4[0] = (A3[0] & 0xfc) >> 2;
A4[1] = ((A3[0] & 0x03) << 4) + ((A3[1] & 0xf0) >> 4);
A4[2] = ((A3[1] & 0x0f) << 2) + ((A3[2] & 0xc0) >> 6);
A4[3] = (A3[2] & 0x3f);
}
inline void Base64Class::fromA4ToA3(unsigned char * A3, unsigned char * A4) {
A3[0] = (A4[0] << 2) + ((A4[1] & 0x30) >> 4);
A3[1] = ((A4[1] & 0xf) << 4) + ((A4[2] & 0x3c) >> 2);
A3[2] = ((A4[2] & 0x3) << 6) + A4[3];
}
inline unsigned char Base64Class::lookupTable(char c) {
if(c >='A' && c <='Z') return c - 'A';
if(c >='a' && c <='z') return c - 71;
if(c >='0' && c <='9') return c + 4;
if(c == '+') return 62;
if(c == '/') return 63;
return -1;
}
Base64Class Base64;
Base64Encode.ino
/*
Base64 encode example
Encodes the text "Base64EncodeExample" to "QmFzZTY0RW5jb2RlRXhhbXBsZQA="
Created 04 May 2016
by Arturo Guadalupi
This example code is in the public domain.
*/
#include <Base64.h>
void setup()
{
// start serial port at 115200 bps:
Serial.begin(115200);
while (!Serial) {
; // wait for serial port to connect. Needed for native USB only
}
// encoding
char inputString[] = "Base64EncodeExample";
int inputStringLength = sizeof(inputString);
Serial.print("Input string is:\t");
Serial.println(inputString);
Serial.println();
int encodedLength = Base64.encodedLength(inputStringLength);
char encodedString[encodedLength];
Base64.encode(encodedString, inputString, inputStringLength);
Serial.print("Encoded string is:\t");
Serial.println(encodedString);
}
void loop() {
}
Base64Decode.ino
/*
Base64 decode example
Decodes the text "QmFzZTY0RGVjb2RlRXhhbXBsZQA=" to "Base64DecodeExample"
Created 04 May 2016
by Arturo Guadalupi
This example code is in the public domain.
*/
#include <Base64.h>
void setup()
{
// start serial port at 115200 bps:
Serial.begin(115200);
while (!Serial) {
; // wait for serial port to connect. Needed for native USB only
}
// encoding
char inputString[] = "QmFzZTY0RGVjb2RlRXhhbXBsZQA=";
int inputStringLength = sizeof(inputString);
Serial.print("Input string is:\t");
Serial.println(inputString);
Serial.println();
int decodedLength = Base64.decodedLength(inputString, inputStringLength);
char decodedString[decodedLength];
Base64.decode(decodedString, inputString, inputStringLength);
Serial.print("Decoded string is:\t");
Serial.println(decodedString);
}
void loop() {
}
———-
AES.h
#ifndef __AES_H__
#define __AES_H__
#include "AES_config.h"
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
1. source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
2. binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation;
3. the name of the copyright holder is not used to endorse products
built using this software without specific written permission.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue 09/09/2006
This is an AES implementation that uses only 8-bit byte operations on the
cipher state.
*/
/* code was modified by george spanos <spaniakos@gmail.com>
* 16/12/14
*/
typedef unsigned char byte;
enum class paddingMode {
CMS,
Bit,
ZeroLength,
Null,
Space,
Random,
Array
};
class AES
{
public:
/* The following calls are for a precomputed key schedule
NOTE: If the length_type used for the key length is an
unsigned 8-bit character, a key length of 256 bits must
be entered as a length in bytes (valid inputs are hence
128, 192, 16, 24 and 32).
*/
/** \fn AES()
* \brief AES constructor
*
* This function initialized an instance of AES.
*/
AES();
/** Set the cipher key for the pre-keyed version.
* @param key[] pointer to the key string.
* @param keylen Integer that indicates the length of the key.
* @note NOTE: If the length_type used for the key length is an unsigned 8-bit character,
* a key length of 256 bits must be entered as a length in bytes
* (valid inputs are hence 128, 192, 16, 24 and 32).
*
*/
byte set_key (const byte key[], uint16_t keylen) ;
/** clean up subkeys after use.
*
*/
void clean () ; // delete key schedule after use
/** copying and xoring utilities.
* @param *AESt byte pointer of the AEStination array.
* @param *src byte pointer of the source array.
* @param n byte, indicating the sizeof the bytes to be copied.
* @note this is an alternative for memcpy(void *s1,const void *s2, site_t n),
* i have not updated the function in the implementation yet, but it is considered a future plan.
*
*/
void copy_n_bytes (byte * AESt, const byte * src, byte n) ;
/** get a random number
* @Return random number
*
*/
uint8_t getrandom();
/** Encrypt a single block of 16 bytes .
* @param plain[N_BLOCK] Array of the plaintext.
* @param cipher[N_BLOCK] Array of the ciphertext.
* @note The N_BLOCK is defined in AES_config.h as,
* @code #define N_ROW 4
* #define N_COL 4
* #define N_BLOCK (N_ROW * N_COL)
* @endcode
* Changed to that will change the Block_size.
* @Return 0 if SUCCESS or -1 if FAILURE
*
*/
byte encrypt (const byte plain [N_BLOCK], byte cipher [N_BLOCK]) ;
/** CBC encrypt a number of blocks (input and return an IV).
*
* @param *plain Pointer, points to the plaintex.
* @param *cipher Pointer, points to the ciphertext that will be created.
* @param n_block integer, indicated the number of blocks to be ciphered.
* @param iv[N_BLOCK] byte Array that holds the IV (initialization vector).
* @Return 0 if SUCCESS or -1 if FAILURE
*
*/
byte cbc_encrypt (const byte * plain, byte * cipher, int n_block, byte iv [N_BLOCK]) ;
/** CBC encrypt a number of blocks (input and return an IV).
*
* @param *plain Pointer, points to the plaintex.
* @param *cipher Pointer, points to the ciphertext that will be created.
* @param n_block integer, indicated the number of blocks to be ciphered.
* @Return 0 if SUCCESS or -1 if FAILURE
*
*/
byte cbc_encrypt (const byte * plain, byte * cipher, int n_block) ;
/** Decrypt a single block of 16 bytes
* @param cipher[N_BLOCK] Array of the ciphertext.
* @param plain[N_BLOCK] Array of the plaintext.
* @note The N_BLOCK is defined in AES_config.h as,
* @code #define N_ROW 4
* #define N_COL 4
* #define N_BLOCK (N_ROW * N_COL)
* @endcode
* Changed to that will change the Block_size.
* @Return 0 if SUCCESS or -1 if FAILURE
*
*/
byte decrypt (const byte cipher [N_BLOCK], byte plain [N_BLOCK]) ;
/** CBC decrypt a number of blocks (input and return an IV)
*
* @param *cipher Pointer, points to the ciphertext that will be created.
* @param *plain Pointer, points to the plaintex.
* @param n_block integer, indicated the number of blocks to be ciphered.
* @param iv[N_BLOCK] byte Array that holds the IV (initialization vector).
* @Return 0 if SUCCESS or -1 if FAILURE
*
*/
byte cbc_decrypt (const byte * cipher, byte * plain, int n_block, byte iv [N_BLOCK]) ;
/** CBC decrypt a number of blocks (input and return an IV)
*
* @param *cipher Pointer, points to the ciphertext that will be created.
* @param *plain Pointer, points to the plaintex.
* @param n_block integer, indicated the number of blocks to be ciphered.
* @Return 0 if SUCCESS or -1 if FAILURE
*
*/
byte cbc_decrypt (const byte * cipher, byte * plain, int n_block) ;
/** Sets IV (initialization vector) and IVC (IV counter).
* This function changes the ivc and iv variables needed for AES.
*
* @param IVCl int or hex value of iv , ex. 0x0000000000000001
* @note example:
* @code unsigned long long int my_iv = 01234567; @endcode
*/
void set_IV(unsigned long long int IVCl);
/** increase the iv (initialization vector) and IVC (IV counter) by 1
*
* This function increased the VI by one step in order to have a different IV each time
*
*/
void iv_inc();
/** Getter method for size
*
* This function return the size
* @return an integer, that is the size of the of the padded plaintext,
* thus, the size of the ciphertext.
*/
int get_size();
/** Setter method for size
*
* This function sets the size of the plaintext+pad
*
*/
void set_size(int sizel);
/** Getter method for IV
*
* This function return the IV
* @param out byte pointer that gets the IV.
* @return none, the IV is writed to the out pointer.
*/
void get_IV(byte *out);
/** Calculates the size of the plaintext and the padding.
*
* Calculates the size of theplaintext with the padding
* and the size of the padding needed. Moreover it stores them in their class variables.
*
* @param p_size the size of the byte array ex sizeof(plaintext)
*/
void calc_size_n_pad(int p_size);
/** get_padded_len returns the size of the padded plaintext .
*
* Calculates the size of theplaintext with the padding
* and the size of the padding needed. Moreover it stores them in their class variables.
*
* @param p_size the size of the byte array ex sizeof(plaintext)
*/
int get_padded_len(int p_size);
/** get_unpadded_len returns the length of the plaintext.
*
* Calculates the length of the plaintext, padding removed
*
* @param in the array of the padded text
* @param p_size the size of the byte array ex sizeof(paddedtext)
*/
int get_unpadded_len(const byte *in , int p_size);
/** returns the number of padding characters.
*
* Calculates the size of the ciphertext and the number of padding characters
* given the length of the plaintext
*
* @param p_size the size of the byte array ex sizeof(plaintext)
*/
int get_pad_len(int p_size);
/** Pads the plaintext
*
* This function pads the plaintext and returns an char array with the
* plaintext and the padding in order for the plaintext to be compatible with
* 16bit size blocks required by AES
*
* @param in the string of the plaintext in a byte array
* @param out The string of the out array.
* @return no return, The padded plaintext is stored in the out pointer.
*/
void padPlaintext(const void* in,byte* out);
/** Check the if the padding is correct.
*
* This functions checks the padding of the plaintext.
*
* @param in the string of the plaintext in a byte array
* @param size the size of the string
* @return true if correct / false if not
*/
bool CheckPad(const byte* in,int size);
/** Sets the padding mode
*
* This function set the padding mode that will be used in the next encryption
* decryptiong calls
*
* @param mode, the selected padding mode
*/
void setPadMode(paddingMode mode);
/** Gets the current selected paddingmode
*
* This function returns the current selected paddingmode
*/
paddingMode getPadMode();
/** Prints the array given.
*
* This function prints the given array and pad,
* It is mainlly used for debugging purpuses or to output the string.
*
* @param output[] the string of the text in a byte array
* @param p_pad optional, used to print with out the padding characters
*/
void printArray(const byte output[],bool p_pad = true);
/** Prints the array given.
*
* This function prints the given array in Hexadecimal.
*
* @param output[] the string of the text in a byte array
* @param sizel the size of the array.
*/
void printArray(const byte output[],int sizel);
/** User friendly implementation of AES-CBC encryption.
*
* @param *plain pointer to the plaintext
* @param size_p size of the plaintext
* @param *cipher pointer to the ciphertext
* @param *key pointer to the key that will be used.
* @param bits bits of the encryption/decrpytion
* @param ivl[N_BLOCK] the initialization vector IV that will be used for encryption.
* @note The key will be stored in class variable.
*/
void do_aes_encrypt(const byte *plain,int size_p,byte *cipher,const byte *key,int bits, byte ivl [N_BLOCK]);
/** User friendly implementation of AES-CBC encryption.
*
* @param *plain pointer to the plaintext
* @param size_p size of the plaintext
* @param *cipher pointer to the ciphertext
* @param *key pointer to the key that will be used.
* @param bits bits of the encryption/decrpytion
* @note The key will be stored in class variable.
*/
void do_aes_encrypt(const byte *plain,int size_p,byte *cipher,const byte *key,int bits);
/** User friendly implementation of AES-CBC decryption.
*
* @param *cipher pointer to the ciphertext
* @param size_c size of the ciphertext
* @param *plain pointer to the plaintext
* @param *key pointer to the key that will be used.
* @param bits bits of the encryption/decrpytion
* @param ivl[N_BLOCK] the initialization vector IV that will be used for decryption.
* @note The key will be stored in class variable.
*/
int do_aes_decrypt(const byte *cipher,int size_c,byte *plain,const byte *key, int bits, byte ivl [N_BLOCK]);
/** User friendly implementation of AES-CBC decryption.
*
* @param *cipher pointer to the ciphertext
* @param size_c size of the ciphertext
* @param *plain pointer to the plaintext
* @param *key pointer to the key that will be used.
* @param bits bits of the encryption/decrpytion
* @note The key will be stored in class variable.
*/
int do_aes_decrypt(const byte *cipher,int size_c,byte *plain,const byte *key, int bits);
#if defined(AES_LINUX)
/**
* used in linux in order to retrieve the time in milliseconds.
*
* @return returns the milliseconds in a double format.
*/
double millis();
#endif
private:
byte round ;/**< holds the number of rounds to be used. */
paddingMode padmode;
byte key_sched [KEY_SCHEDULE_BYTES] ;/**< holds the pre-computed key for the encryption/decrpytion. */
unsigned long long int IVC;/**< holds the initialization vector counter in numerical format. */
byte iv[16];/**< holds the initialization vector that will be used in the cipher. */
int pad;/**< holds the size of the padding. */
int size;/**< hold the size of the plaintext to be ciphered */
#if defined(AES_LINUX)
timeval tv;/**< holds the time value on linux */
byte arr_pad[15];/**< holds the hexadecimal padding values on linux */
#else
byte arr_pad[15] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };/**< holds the hexadecimal padding values */
#endif
} ;
#endif
/**
* @example aes.ino
* <b>For Arduino</b><br>
* <b>Updated: spaniakos 2015 </b><br>
*
* This is an example of how to use AES in CBC mode easily.
* The text and keys can be either in HEX or String format.<br />
*/
/**
* @example aes.cpp
* <b>For Rasberry pi</b><br>
* <b>Updated: spaniakos 2015 </b><br>
*
* This is an example of how to use AES in CBC mode easily.
* The text and keys can be either in HEX or String format.<br />
*/
/**
* @example test_vectors.ino
* <b>For Arduino</b><br>
* <b>Updated: spaniakos 2015 </b><br>
*
* This is an example of monte carlo test vectors, in order to justify the effectiveness of the algorithm.<br />
* plus is a classical approach to the AES encryption library with out the easy to use add-on modifications.
*/
/**
* @example test_vectors.cpp
* <b>For Rasberry pi</b><br>
* <b>Updated: spaniakos 2015 </b><br>
*
* This is an example of monte carlo test vectors, in order to justify the effectiveness of the algorithm.<br />
* plus is a classical approach to the AES encryption library with out the easy to use add-on modifications.
*/
/**
* @mainpage AES library for Arduino and Raspberry pi.
*
* @section Goals design Goals
*
* This library is AESigned to be...
* @li Fast and efficient.
* @li Able to effectively encrypt and decrypt any size of string.
* @li Able to encrypt and decrypt using AES
* @li Able to encrypt and decrypt using AES-CBC
* @li Easy for the user to use in his programs.
*
* @section Acknowledgements Acknowledgements
* This is an AES library for the Arduino, based on tzikis's AES library, which you can find <a href= "https://github.com/tzikis/arduino">here:</a>.<br />
* Tzikis library was based on scottmac`s library, which you can find <a href="https://github.com/scottmac/arduino">here:</a><br />
*
* @section Installation Installation
* <h3>Arduino</h3>
* Create a folder named _AES_ in the _libraries_ folder inside your Arduino sketch folder. If the
* libraries folder doesn't exist, create it. Then copy everything inside. (re)launch the Arduino IDE.<br />
* You're done. Time for a mojito
*
* <h3>Raspberry pi</h3>
* <b>install</b><br /><br />
*
* sudo make install<br />
* cd examples_Rpi<br />
* make<br /><br />
*
* <b>What to do after changes to the library</b><br /><br />
* sudo make clean<br />
* sudo make install<br />
* cd examples_Rpi<br />
* make clean<br />
* make<br /><br />
* <b>What to do after changes to a sketch</b><br /><br />
* cd examples_Rpi<br />
* make <sketch><br /><br />
* or <br />
* make clean<br />
* make<br /><br /><br />
* <b>How to start a sketch</b><br /><br />
* cd examples_Rpi<br />
* sudo ./<sketch><br /><br />
*
* @section News News
*
* If issues are discovered with the documentation, please report them <a href="https://github.com/spaniakos/spaniakos.github.io/issues"> here</a>
* @section Useful Useful References
*
* Please refer to:
*
* @li <a href="http://spaniakos.github.io/AES/classAES.html"><b>AES</b> Class Documentation</a>
* @li <a href="https://github.com/spaniakos/AES/archive/master.zip"><b>Download</b></a>
* @li <a href="https://github.com/spaniakos/AES/"><b>Source Code</b></a>
* @li <a href="http://spaniakos.github.io/">All spaniakos Documentation Main Page</a>
*
* @section Board_Support Board Support
*
* Most standard Arduino based boards are supported:
* - Arduino
* - Intel Galileo support
* - Raspberry Pi Support
*
* - The library has not been tested to other boards, but it should suppport ATMega 328 based boards,Mega Boards,Arduino Due,ATTiny board
*/
AES.cpp
#include "AES.h"
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:
1. source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
2. binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation;
3. the name of the copyright holder is not used to endorse products
built using this software without specific written permission.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue 09/09/2006
This is an AES implementation that uses only 8-bit byte operations on the
cipher state (there are options to use 32-bit types if available).
The combination of mix columns and byte substitution used here is based on
that developed by Karl Malbrain. His contribution is acknowledged.
*/
/* This version derived by Mark Tillotson 2012-01-23, tidied up, slimmed down
and tailored to 8-bit microcontroller abilities and Arduino datatypes.
The s-box and inverse s-box were retained as tables (0.5kB PROGMEM) but all
the other transformations are coded to save table space. Many efficiency
improvments to the routines mix_sub_columns() and inv_mix_sub_columns()
(mainly common sub-expression elimination).
Only the routines with precalculated subkey schedule are retained (together
with set_key() - this does however mean each AES object takes 240 bytes of
RAM, alas)
The CBC routines side-effect the iv argument (so that successive calls work
together correctly).
All the encryption and decryption routines work with plain == cipher for
in-place encryption, note.
*/
/* functions for finite field multiplication in the AES Galois field */
/* code was modified by george spanos <spaniakos@gmail.com>
* 16/12/14
*/
// GF(2^8) stuff
#define WPOLY 0x011B
#define DPOLY 0x008D
static const byte s_fwd [0x100] PROGMEM =
{
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16,
} ;
static const byte s_inv [0x100] PROGMEM =
{
0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d,
} ;
// times 2 in the GF(2^8)
#define f2(x) ((x) & 0x80 ? (x << 1) ^ WPOLY : x << 1)
#define d2(x) (((x) >> 1) ^ ((x) & 1 ? DPOLY : 0))
static byte s_box (byte x)
{
#if defined(__x86_64)
return s_fwd[x];
#else
return pgm_read_byte (& s_fwd [x]) ;
#endif
}
// Inverse Sbox
static byte is_box (byte x)
{
#if defined(__x86_64)
return s_inv[x];
#else
return pgm_read_byte (& s_inv [x]) ;
#endif
}
static void xor_block (byte * d, const byte * s)
{
for (byte i = 0 ; i < N_BLOCK ; i += 4)
{
*d++ ^= *s++ ; // some unrolling
*d++ ^= *s++ ;
*d++ ^= *s++ ;
*d++ ^= *s++ ;
}
}
static void copy_and_key (byte * d, const byte * s, const byte * k)
{
for (byte i = 0 ; i < N_BLOCK ; i += 4)
{
*d++ = *s++ ^ *k++ ; // some unrolling
*d++ = *s++ ^ *k++ ;
*d++ = *s++ ^ *k++ ;
*d++ = *s++ ^ *k++ ;
}
}
// #define add_round_key(d, k) xor_block (d, k)
/* SUB ROW PHASE */
static void shift_sub_rows (byte st [N_BLOCK])
{
st [0] = s_box (st [0]) ; st [4] = s_box (st [4]) ;
st [8] = s_box (st [8]) ; st [12] = s_box (st [12]) ;
byte tt = st [1] ;
st [1] = s_box (st [5]) ; st [5] = s_box (st [9]) ;
st [9] = s_box (st [13]) ; st [13] = s_box (tt) ;
tt = st[2] ; st [2] = s_box (st [10]) ; st [10] = s_box (tt) ;
tt = st[6] ; st [6] = s_box (st [14]) ; st [14] = s_box (tt) ;
tt = st[15] ;
st [15] = s_box (st [11]) ; st [11] = s_box (st [7]) ;
st [7] = s_box (st [3]) ; st [3] = s_box (tt) ;
}
static void inv_shift_sub_rows (byte st[N_BLOCK])
{
st [0] = is_box (st[0]) ; st [4] = is_box (st [4]);
st [8] = is_box (st[8]) ; st [12] = is_box (st [12]);
byte tt = st[13] ;
st [13] = is_box (st [9]) ; st [9] = is_box (st [5]) ;
st [5] = is_box (st [1]) ; st [1] = is_box (tt) ;
tt = st [2] ; st [2] = is_box (st [10]) ; st [10] = is_box (tt) ;
tt = st [6] ; st [6] = is_box (st [14]) ; st [14] = is_box (tt) ;
tt = st [3] ;
st [3] = is_box (st [7]) ; st [7] = is_box (st [11]) ;
st [11] = is_box (st [15]) ; st [15] = is_box (tt) ;
}
/* SUB COLUMNS PHASE */
static void mix_sub_columns (byte dt[N_BLOCK], const byte st[N_BLOCK])
{
byte j = 5 ;
byte k = 10 ;
byte l = 15 ;
for (byte i = 0 ; i < N_BLOCK ; i += N_COL)
{
byte a = st [i] ;
byte b = st [j] ; j = (j+N_COL) & 15 ;
byte c = st [k] ; k = (k+N_COL) & 15 ;
byte d = st [l] ; l = (l+N_COL) & 15 ;
byte a1 = s_box (a), b1 = s_box (b), c1 = s_box (c), d1 = s_box (d) ;
byte a2 = f2(a1), b2 = f2(b1), c2 = f2(c1), d2 = f2(d1) ;
dt[i] = a2 ^ b2^b1 ^ c1 ^ d1 ;
dt[i+1] = a1 ^ b2 ^ c2^c1 ^ d1 ;
dt[i+2] = a1 ^ b1 ^ c2 ^ d2^d1 ;
dt[i+3] = a2^a1 ^ b1 ^ c1 ^ d2 ;
}
}
static void inv_mix_sub_columns (byte dt[N_BLOCK], const byte st[N_BLOCK])
{
for (byte i = 0 ; i < N_BLOCK ; i += N_COL)
{
byte a1 = st [i] ;
byte b1 = st [i+1] ;
byte c1 = st [i+2] ;
byte d1 = st [i+3] ;
byte a2 = f2(a1), b2 = f2(b1), c2 = f2(c1), d2 = f2(d1) ;
byte a4 = f2(a2), b4 = f2(b2), c4 = f2(c2), d4 = f2(d2) ;
byte a8 = f2(a4), b8 = f2(b4), c8 = f2(c4), d8 = f2(d4) ;
byte a9 = a8 ^ a1,b9 = b8 ^ b1,c9 = c8 ^ c1,d9 = d8 ^ d1 ;
byte ac = a8 ^ a4,bc = b8 ^ b4,cc = c8 ^ c4,dc = d8 ^ d4 ;
dt[i] = is_box (ac^a2 ^ b9^b2 ^ cc^c1 ^ d9) ;
dt[(i+5)&15] = is_box (a9 ^ bc^b2 ^ c9^c2 ^ dc^d1) ;
dt[(i+10)&15] = is_box (ac^a1 ^ b9 ^ cc^c2 ^ d9^d2) ;
dt[(i+15)&15] = is_box (a9^a2 ^ bc^b1 ^ c9 ^ dc^d2) ;
}
}
/******************************************************************************/
AES::AES(){
byte ar_iv[8] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
memcpy(iv,ar_iv,8);
memcpy(iv+8,ar_iv,8);
// make sure that the padding characters are outside the range of the base64 alphabet
// for none base64 encode message collisions can happen 🙁
arr_pad[0] = 0x82;
arr_pad[1] = 0x84;
arr_pad[2] = 0x88;
arr_pad[3] = 0x9f;
arr_pad[4] = 0x92;
arr_pad[5] = 0x94;
arr_pad[6] = 0x98;
arr_pad[7] = 0x9f;
arr_pad[8] = 0xa2;
arr_pad[9] = 0xa4;
arr_pad[10] = 0xa8;
arr_pad[11] = 0xaf;
arr_pad[12] = 0xb2;
arr_pad[13] = 0xb4;
arr_pad[14] = 0xb8;
// arr_pad[15] = 0xbf; // padding past end of array which has 15 elements
padmode = paddingMode::Array; // backwards compatibility
}
/******************************************************************************/
byte AES::set_key (const byte key [], uint16_t keylen)
{
byte hi ;
switch (keylen)
{
case 16:
case 128:
keylen = 16; // 10 rounds
round = 10 ;
break;
case 24:
case 192:
keylen = 24; // 12 rounds
round = 12 ;
break;
case 32:
case 256:
keylen = 32; // 14 rounds
round = 14 ;
break;
default:
round = 0;
return FAILURE;
}
hi = (round + 1) << 4 ;
copy_n_bytes (key_sched, key, keylen) ;
byte t[4] ;
byte next = keylen ;
for (byte cc = keylen, rc = 1 ; cc < hi ; cc += N_COL)
{
for (byte i = 0 ; i < N_COL ; i++)
t[i] = key_sched [cc-4+i] ;
if (cc == next)
{
next += keylen ;
byte ttt = t[0] ;
t[0] = s_box (t[1]) ^ rc ;
t[1] = s_box (t[2]) ;
t[2] = s_box (t[3]) ;
t[3] = s_box (ttt) ;
rc = f2 (rc) ;
}
else if (keylen == 32 && (cc & 31) == 16)
{
for (byte i = 0 ; i < 4 ; i++)
t[i] = s_box (t[i]) ;
}
byte tt = cc - keylen ;
for (byte i = 0 ; i < N_COL ; i++)
key_sched [cc + i] = key_sched [tt + i] ^ t[i] ;
}
return SUCCESS ;
}
/******************************************************************************/
void AES::clean ()
{
for (byte i = 0 ; i < KEY_SCHEDULE_BYTES ; i++)
key_sched [i] = 0 ;
round = 0 ;
}
/******************************************************************************/
void AES::copy_n_bytes (byte * d, const byte * s, byte nn)
{
while (nn >= 4)
{
*d++ = *s++ ; // some unrolling
*d++ = *s++ ;
*d++ = *s++ ;
*d++ = *s++ ;
nn -= 4 ;
}
while (nn--)
*d++ = *s++ ;
}
/******************************************************************************/
uint8_t AES::getrandom()
{
#ifdef __AVR__
srand (millis());
#else
#if defined(ESP8266) || defined(ESP32)
srand ((unsigned int)time(NULL));
#else
srand (millis());
#endif
#endif
uint8_t really_random = rand() % 255;
return really_random;
}
/******************************************************************************/
byte AES::encrypt (const byte plain [N_BLOCK], byte cipher [N_BLOCK])
{
if (round)
{
byte s1 [N_BLOCK], r ;
copy_and_key (s1, plain, (byte*) (key_sched)) ;
for (r = 1 ; r < round ; r++)
{
byte s2 [N_BLOCK] ;
mix_sub_columns (s2, s1) ;
copy_and_key (s1, s2, (byte*) (key_sched + r * N_BLOCK)) ;
}
shift_sub_rows (s1) ;
copy_and_key (cipher, s1, (byte*) (key_sched + r * N_BLOCK)) ;
}
else
return FAILURE ;
return SUCCESS ;
}
/******************************************************************************/
byte AES::cbc_encrypt (const byte * plain, byte * cipher, int n_block, byte iv [N_BLOCK])
{
while (n_block--)
{
xor_block (iv, plain) ;
if (encrypt (iv, iv) != SUCCESS)
return FAILURE ;
copy_n_bytes (cipher, iv, N_BLOCK) ;
plain += N_BLOCK ;
cipher += N_BLOCK ;
}
return SUCCESS ;
}
/******************************************************************************/
byte AES::cbc_encrypt (const byte * plain, byte * cipher, int n_block)
{
while (n_block--)
{
xor_block (iv, plain) ;
if (encrypt (iv, iv) != SUCCESS)
return FAILURE ;
copy_n_bytes (cipher, iv, N_BLOCK) ;
plain += N_BLOCK ;
cipher += N_BLOCK ;
}
return SUCCESS ;
}
/******************************************************************************/
byte AES::decrypt (const byte plain [N_BLOCK], byte cipher [N_BLOCK])
{
if (round)
{
byte s1 [N_BLOCK] ;
copy_and_key (s1, plain, (byte*) (key_sched + round * N_BLOCK)) ;
inv_shift_sub_rows (s1) ;
for (byte r = round ; --r ; )
{
byte s2 [N_BLOCK] ;
copy_and_key (s2, s1, (byte*) (key_sched + r * N_BLOCK)) ;
inv_mix_sub_columns (s1, s2) ;
}
copy_and_key (cipher, s1, (byte*) (key_sched)) ;
}
else
return FAILURE ;
return SUCCESS ;
}
/******************************************************************************/
byte AES::cbc_decrypt (const byte * cipher, byte * plain, int n_block, byte iv [N_BLOCK])
{
while (n_block--)
{
byte tmp [N_BLOCK] ;
copy_n_bytes (tmp, cipher, N_BLOCK) ;
if (decrypt (cipher, plain) != SUCCESS)
return FAILURE ;
xor_block (plain, iv) ;
copy_n_bytes (iv, tmp, N_BLOCK) ;
plain += N_BLOCK ;
cipher += N_BLOCK;
}
return SUCCESS ;
}
/******************************************************************************/
byte AES::cbc_decrypt (const byte * cipher, byte * plain, int n_block)
{
while (n_block--)
{
byte tmp [N_BLOCK] ;
copy_n_bytes (tmp, cipher, N_BLOCK) ;
if (decrypt (cipher, plain) != SUCCESS)
return FAILURE ;
xor_block (plain, iv) ;
copy_n_bytes (iv, tmp, N_BLOCK) ;
plain += N_BLOCK ;
cipher += N_BLOCK;
}
return SUCCESS ;
}
/*****************************************************************************/
void AES::set_IV(unsigned long long int IVCl){
memcpy(iv,&IVCl,8);
memcpy(iv+8,&IVCl+8,8);
IVC = IVCl;
}
/******************************************************************************/
void AES::iv_inc(){
IVC += 1;
memcpy(iv,&IVC,8);
memcpy(iv+8,&IVC+8,8);
}
/******************************************************************************/
int AES::get_size(){
return size;
}
/******************************************************************************/
void AES::set_size(int sizel){
size = sizel;
}
/******************************************************************************/
void AES::get_IV(byte *out){
memcpy(out,&IVC,8);
memcpy(out+8,&IVC+8,8);
}
/******************************************************************************
* Padding modes (https://medium.com/coinmonks/block-sizes-and-padding-in-crypto-5b6d2565370e)
* CMS (Cryptographic Message Syntax).
* This pads with the same value as the number of padding bytes.
* Defined in RFC 5652, PKCS#5, PKCS#7 (X.509 certificate) and RFC 1423 PEM.
* Bit.
* This pads with 0x80 (10000000) followed by zero (null) bytes. Defined in ANSI X.923 and ISO/IEC 9797–1.
* ZeroLength.
* This pads with zeros except for the last byte which is equal to the number (length) of padding bytes.
* Null.
* This pads will NULL bytes. This is only used with ASCII text.
* Space.
* This pads with spaces. This is only used with ASCII text.
* Random. (not implemented)
* This pads with random bytes with the last byte defined by the number of padding bytes.
* Array (backward compatibility for this library)
* This pads with the characters from the predefined arr_pad
*/
/// TODO:: How can we determine that the msg has beeen padded ?
/// any byte array can be a valid message to encrypt
/// so padding should be made reversable and padding should contain info over the padding length or
/// the reverse operation will not harm the content (see ascii mode)
/// Idea is to add pad block. So now we now that the last block in the message is a padding block.
/// info in this padding block can now be used to remove the padding on the previous block
/// of course if the 0x00 character is included in an ascii message it will be truncated anyhow
/// but for none ascii message this will not work.
/// an additional block is only usefull if the padding block contains the number of padding characters
/// so not all possible padding modes can take advantage of this
/// if using NULL in ascii mode then the string will be ended anyway
/// if using SPACE, it can be that the trailing spaces are truncated. But this most often not an issue in ASCII mode
///
/// random padding can not be reversed
/// array padding is questionable to reverse
void AES::calc_size_n_pad(int p_size){
int s_of_p = p_size;//- 1; /// why this - 1 ??? is this removing the 0x\0 at the end of a string ? should not be the case for no string messages
switch (padmode){
case paddingMode::Array:
case paddingMode::Null:
case paddingMode::Space:
case paddingMode::Random:
if ( s_of_p % N_BLOCK == 0){ // OK in ASCII mode Space or Null padding or random padding
size = s_of_p;
}else{
size = s_of_p + (N_BLOCK-(s_of_p % N_BLOCK));
}
pad = size - s_of_p;
break;
case paddingMode::CMS:
case paddingMode::ZeroLength:
case paddingMode::Bit:
// additional block
size = p_size + N_BLOCK -(p_size % N_BLOCK);
pad = size - p_size;
break;
}
}
int AES::get_padded_len(int p_size){
calc_size_n_pad(p_size);
return size;
}
int AES::get_pad_len(int p_size){
calc_size_n_pad(p_size);
return pad;
}
/******************************************************************************/
void AES::padPlaintext(const void* in,byte* out)
{
memcpy(out,in,size);
for (int i = size-pad; i < size; i++){;
switch (padmode){
case paddingMode::CMS :
out[i] = pad;
break;
case paddingMode::Bit:
case paddingMode::ZeroLength:
case paddingMode::Null:
out[i] = 0x00;
break;
case paddingMode::Space:
out[i] = 0x20;
break;
case paddingMode::Array:
out[i] = arr_pad[pad - 1];
break;
case paddingMode::Random:
out[i] = getrandom();
}
}
if (padmode == paddingMode::Bit)
out[size-pad] = 0x80;
if (padmode == paddingMode::ZeroLength)
out[size-1] = pad;
}
/******************************************************************************/
int AES::get_unpadded_len(const byte* msg,int p_size)
{
byte pad_char = 0x00;
int i = 0;
switch (padmode)
{
case paddingMode::CMS:
case paddingMode::ZeroLength: //last byte contains pad length
return p_size - (int) msg[p_size-1];
break;
case paddingMode::Random:
return p_size;
break;
case paddingMode::Array:
for( i = 15; i > 0 && msg[p_size-1] !=arr_pad[i]; i--)
pad_char = arr_pad[i];
for ( i = p_size-1; ((i >=0) && (msg[i] == pad_char)); i--){
}
return i+1;
break;
case paddingMode::Space:
pad_char = 0x20;
for ( i = p_size-1; ((i >=0) && (msg[i] == pad_char)); i--){
}
return i+1;
break;
case paddingMode::Bit:
for ( i = p_size-1; ((i >=0) && (msg[i] == pad_char)); i--){
}
return i;
break;
default:
return p_size;
break;
}
}
/******************************************************************************/
void AES::setPadMode(paddingMode mode){
padmode = mode;
}
/******************************************************************************/
paddingMode AES::getPadMode(){
return padmode ;
}
/******************************************************************************/
/// TODO check different modes
bool AES::CheckPad(const byte* in,int lsize){
if (in[lsize-1] <= 0x0f){ //only block of less than 16 bytes are allowed
int lpad = (int)in[lsize-1];
for (int i = lsize - 1; i >= lsize-lpad; i--){
if (arr_pad[lpad - 1] != in[i]){
return false;
}
}
}else{
return true;
}
return true;
}
/******************************************************************************/
void AES::printArray(const byte output[],bool p_pad)
{
uint8_t i,j;
uint8_t loops = size/N_BLOCK;
uint8_t outp = N_BLOCK;
for (j = 0; j < loops; j += 1){
if (p_pad && (j == (loops - 1)) ) { outp = N_BLOCK - pad; }
for (i = 0; i < outp; i++)
{
printf("%c", output[j*N_BLOCK + i]);
}
}
printf("\n");
}
/******************************************************************************/
void AES::printArray(const byte output[],int sizel)
{
for (int i = 0; i < sizel; i++)
{
printf("%x", output[i]);
}
printf("\n");
}
/******************************************************************************/
void AES::do_aes_encrypt(const byte *plain,int size_p,byte *cipher, const byte *key, int bits, byte ivl [N_BLOCK]){
calc_size_n_pad(size_p);
byte plain_p[get_size()];
padPlaintext(plain,plain_p);
int blocks = get_size() / N_BLOCK;
set_key (key, bits) ;
cbc_encrypt (plain_p, cipher, blocks, ivl);
}
/******************************************************************************/
void AES::do_aes_encrypt(const byte *plain,int size_p,byte *cipher, const byte *key, int bits){
calc_size_n_pad(size_p);
byte plain_p[get_size()];
padPlaintext(plain,plain_p);
int blocks = get_size() / N_BLOCK;
set_key (key, bits) ;
cbc_encrypt (plain_p, cipher, blocks);
}
/******************************************************************************/
int AES::do_aes_decrypt(const byte *cipher,int size_c,byte *plain,const byte *key, int bits, byte ivl [N_BLOCK]){
set_size(size_c);
int blocks = size_c / N_BLOCK;
set_key (key, bits);
cbc_decrypt (cipher,plain, blocks, ivl);
return get_unpadded_len(plain,size_c);
}
/******************************************************************************/
int AES::do_aes_decrypt(const byte *cipher,int size_c,byte *plain,const byte *key, int bits){
set_size(size_c);
int blocks = size_c / N_BLOCK;
set_key (key, bits);
cbc_decrypt (cipher,plain, blocks);
return get_unpadded_len(plain,size_c);
}
/******************************************************************************/
#if defined(AES_LINUX)
double AES::millis(){
gettimeofday(&tv, NULL);
return (tv.tv_sec + 0.000001 * tv.tv_usec);
}
#endif
AES_config.h
/* code was modified by george spanos <spaniakos@gmail.com>
* 16/12/14
*/
#ifndef __AES_CONFIG_H__
#define __AES_CONFIG_H__
#if defined(__x86_64) || (defined(__linux) || defined(linux)) && !defined(__ARDUINO_X86__)
#define AES_LINUX
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/time.h>
#include <unistd.h>
#else
#include <Arduino.h>
#endif
#include <stdint.h>
#include <string.h>
#if defined(__ARDUINO_X86__) || (defined (__linux) || defined (linux))
#undef PROGMEM
#define PROGMEM __attribute__(( section(".progmem.data") ))
#define pgm_read_byte(p) (*(p))
typedef unsigned char byte;
#define printf_P printf
#define PSTR(x) (x)
#else
#if (defined(__AVR__))
#include <avr/pgmspace.h>
#else
#if !defined(__x86_64)
#include <pgmspace.h> // probably ESP's PGMSPACE, needs to be mocked for testing
#else
// disable the PROGMEM definition in test environment
#undef PROGMEM
#define PROGMEM
#endif
#endif
#endif
#define N_ROW 4
#define N_COL 4
#define N_BLOCK (N_ROW * N_COL)
#define N_MAX_ROUNDS 14
#define KEY_SCHEDULE_BYTES ((N_MAX_ROUNDS + 1) * N_BLOCK)
#define SUCCESS (0)
#define FAILURE (-1)
#endif
AESLib.h
#ifndef AESLib_h
#define AESLib_h
#define __STDC_WANT_LIB_EXT1__ 1
#include "AES.h"
#include "xbase64.h"
#ifndef __AVR__
#include <iomanip> // provides std::setfill and setw:: (only for intToHex debugging)
#include <sstream>
#include <cstdint>
#include <iostream>
#include <string>
#endif
#include <ctype.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#ifndef __x86_64
#include "Arduino.h"
#define debug(format, ...) if (Serial) Serial.printf ( format, __VA_ARGS__)
#define dumpHex(arr, count) if (Serial) { for(int kkk =0;kkk< count;kkk++) \
Serial.printf ("%x " ,arr[kkk]); \
Serial.printf ("\n"); \
}
#define dump(arr, count) if (Serial) { for(int kkk =0;kkk< count;kkk++) \
Serial.printf ("%s," ,arr[kkk]); \
Serial.printf ("\n"); \
}
//#define AES_DEBUG
#endif
class AESLib
{
public:
void gen_iv(byte *iv);
int get_cipher_length(int msg_len);
int get_cipher64_length(int msg_len);
void set_paddingmode(paddingMode mode);
paddingMode get_paddingmode();
uint16_t encrypt64(const char * input, uint16_t input_length, char * output, const byte key[],int bits, byte my_iv[]); // base64 encode, encrypt and base64 encode again; will deprecate
uint16_t encrypt(const byte input[], uint16_t input_length, char * output, const byte key[],int bits, byte my_iv[]); // base64 encode and encrypt; should encode on output only (if)
uint16_t decrypt64(char * input, uint16_t input_length, char * output, const byte key[],int bits, byte my_iv[]); // decode, decrypt and decode
uint16_t decrypt(byte input[], uint16_t input_length, char * output, const byte key[], int bits, byte my_iv[]); // decrypts and decodes (expects encoded)
#ifndef __AVR__
std::string intToHex(uint8_t intValue);
#endif
#ifndef __x86_64
String decrypt(String msg, byte key[],int bits, byte my_iv[]) __attribute__((deprecated)); // decode, decrypt, decode and return as String
String encrypt(String msg, byte key[], int bits, byte my_iv[]) __attribute__((deprecated)); // encode, encrypt, encode and return as String
#endif
uint8_t getrnd();
private:
void clean();
AES aes;
};
#endif // AESLib_h
AESLib.cpp
#include "AESLib.h"
#ifndef __AVR__
std::string AESLib::intToHex(uint8_t intValue) {
std::string hexStr;
std::stringstream sstream;
sstream << std::setfill ('0') << std::setw(2)
<< std::hex << (int)intValue;
hexStr = sstream.str();
sstream.clear();
return hexStr;
}
#endif
uint8_t AESLib::getrnd()
{
return aes.getrandom();
}
void AESLib::gen_iv(uint8_t * iv) {
for (int i = 0 ; i < N_BLOCK ; i++ ) {
iv[i]= getrnd();
}
}
void AESLib::set_paddingmode(paddingMode mode){
aes.setPadMode(mode);
}
paddingMode AESLib::get_paddingmode(){
return aes.getPadMode();
}
int AESLib::get_cipher_length(int msglen){
return aes.get_padded_len(msglen);
}
int AESLib::get_cipher64_length(int msglen){
return base64_enc_len(aes.get_padded_len(base64_enc_len(msglen)));
}
void AESLib::clean() {
aes.clean();
}
//
// Basic de/encryption for char* and byte[] of known length
//
/* Returns message encrypted only to be used as byte array. TODO: Refactor to byte[] */
uint16_t AESLib::encrypt(const byte input[], uint16_t input_length, char * output, const byte key[], int bits, byte my_iv[]) {
aes.set_key(key, bits);
aes.do_aes_encrypt((byte *)input, input_length, (byte*)output, key, bits, my_iv);
uint16_t enc_len = aes.get_size();
uint16_t base64_len = base64_enc_len(input_length);
char b64data[base64_len];
// Note: arg order is base64_encode(output, input);
base64_len = base64_encode(b64data, (char*)output, enc_len);
memcpy(output, b64data, base64_len);
/*
#ifdef AES_DEBUG
printf("[AESLib::encrypt] Encoded %u bytes = ", base64_len);
for (uint8_t pos = 0; pos < base64_len; pos++) {
if (pos < base64_len) {
printf("%c", output[pos]);
}
}
#endif
*/
#ifndef __x86_64
#ifdef AES_DEBUG
Serial.printf("[AESLib::encrypt] Encoded %u bytes = ", base64_len);
for (uint8_t pos = 0; pos < base64_len; pos++) {
if (pos < base64_len) {
Serial.printf("%c", output[pos]);
}
}
Serial.println("");
#endif
#endif
return base64_len;
}
/* Returns byte array decoded and decrypted. TODO: Refactor to byte[] */
uint16_t AESLib::decrypt(byte input[], uint16_t input_length, char * plain, const byte key[], int bits, byte my_iv[]) {
int dec_len = aes.do_aes_decrypt((byte *)input, input_length, (byte *)plain, key, bits, (byte *)my_iv);
#ifndef __x86_64
#ifndef __AVR__
#ifdef AES_DEBUG
Serial.printf("[AESLib::decrypt] Decrypted bytes = ");
for (uint8_t pos = 0; pos < dec_len; pos++) {
Serial.printf("%s ", intToHex(plain[pos]).c_str());
}
Serial.printf("\n");
#endif
#endif
#endif
return dec_len;
}
//
// Deprecated de/encryption for Arduino Strings
//
#ifndef __x86_64
//
// Encryption with added base64 layer on input, seems useless with known lengths.
// Will probably deprecate soon as well to keep the wrapper as slim as possible.
//
/* Returns message encrypted and base64 encoded to be used as string. */
uint16_t AESLib::encrypt64(const char * msg, uint16_t msgLen, char * output, const byte key[],int bits, byte my_iv[]) {
aes.set_key(key, bits);
char b64data[base64_enc_len(msgLen)+1]; // should add 1 character to accomodate the 0x\0 ending character
// thanks to this, method can consume byte[] and not just char* (!)
int b64len = base64_encode(b64data, msg, msgLen);
int paddedLen = aes.get_padded_len(b64len);
byte cipher[paddedLen];
aes.do_aes_encrypt((byte *)b64data, b64len, cipher, key, bits, my_iv);
// only this method can return b64
uint16_t encrypted_length = aes.get_size();
base64_encode(output, (char *)cipher, aes.get_size() );
return encrypted_length;
}
/* Suggested size for the plaintext buffer is 1/2 length of `msg`. Refactor! */
uint16_t AESLib::decrypt64(char * msg, uint16_t msgLen, char * plain, const byte key[],int bits, byte my_iv[]) {
#ifdef AES_DEBUG
Serial.println("[decrypt64] decrypting message: ");
#endif
aes.set_key(key, bits);
#ifdef AES_DEBUG
Serial.print("[decrypt64] msgLen (strlen msg): "); Serial.println(msgLen);
#endif
// decoded base64 takes some space, but less than original...
// it should therefore never overfill when reusing the msg-text buffer
int b64len = base64_decode(msg, msg, msgLen);
// decrypting will keep the message length
#ifdef AES_DEBUG
Serial.print("[decrypt64] base64_decode allocating decrypt buffer len: "); Serial.println(b64len);
#endif
byte out[b64len]; // unfortunately this needs to fit to stack... that's hard limit for chunk
#ifdef AES_DEBUG
// Serial.print("[decrypt64] Clearing-out buffer to allow safe strlen (zero-in-the-middle will still fail)...");
#endif
if (b64len > 0) {
// void * memset ( void * ptr, int value, size_t num );
memset( out, 0x00, b64len );
}
#ifdef AES_DEBUG
#ifdef ESP8266
Serial.print("[decrypt64] free heap: "); Serial.println(ESP.getFreeHeap());
#endif
#endif
int b64_len = aes.do_aes_decrypt((byte *)msg, b64len, (byte*)out, key, bits, (byte *)my_iv);
// ToWI: 2021-01-22: Check the padding length, negative value means deciphering error and cause ESP restarts due to stack smashing error
if (b64_len < 0)
return 0;
out[b64_len+1] = 0;
#ifdef AES_DEBUG
Serial.print("[decrypt64] aes_decrypt length before b64-decode: "); Serial.println(b64_len);
#endif
// calculate required output length
uint16_t outLen = base64_dec_len((char*)out, b64_len);
#ifdef AES_DEBUG
Serial.print("[decrypt64] expected base64_dec_len after b64-decode: "); Serial.println(outLen);
#endif
// decode buffer to output plain-text, output buffer will never overfill...
outLen = base64_decode(plain, (char *)out, b64_len);
// plain[outLen+1] = 0; // trailing zero for safety?
#ifdef AES_DEBUG
Serial.print("[decrypt64] base64_decode->outLen = "); Serial.println(outLen);
#endif
return outLen;
}
#endif
xbase64.h
/* * Copyright (c) 2013 Adam Rudd. * See LICENSE for more information */ #ifndef _BASE64_H #define _BASE64_H /* b64_alphabet: * Description: Base64 alphabet table, a mapping between integers * and base64 digits * Notes: This is an extern here but is defined in Base64.c */ extern const char b64_alphabet[]; /* base64_encode: * Description: * Encode a string of characters as base64 * Parameters: * output: the output buffer for the encoding, stores the encoded string * input: the input buffer for the encoding, stores the binary to be encoded * inputLen: the length of the input buffer, in bytes * Return value: * Returns the length of the encoded string * Requirements: * 1. output must not be null or empty * 2. input must not be null * 3. inputLen must be greater than or equal to 0 */ int base64_encode(char *output, const char *input, int inputLen); /* base64_decode: * Description: * Decode a base64 encoded string into bytes * Parameters: * output: the output buffer for the decoding, * stores the decoded binary * input: the input buffer for the decoding, * stores the base64 string to be decoded * inputLen: the length of the input buffer, in bytes * Return value: * Returns the length of the decoded string * Requirements: * 1. output must not be null or empty * 2. input must not be null * 3. inputLen must be greater than or equal to 0 */ int base64_decode(char *output, const char *input, int inputLen); /* base64_enc_len: * Description: * Returns the length of a base64 encoded string whose decoded * form is inputLen bytes long * Parameters: * inputLen: the length of the decoded string * Return value: * The length of a base64 encoded string whose decoded form * is inputLen bytes long * Requirements: * None */ int base64_enc_len(int inputLen); /* base64_dec_len: * Description: * Returns the length of the decoded form of a * base64 encoded string * Parameters: * input: the base64 encoded string to be measured * inputLen: the length of the base64 encoded string * Return value: * Returns the length of the decoded form of a * base64 encoded string * Requirements: * 1. input must not be null * 2. input must be greater than or equal to zero */ int base64_dec_len(const char *input, int inputLen); #endif // _BASE64_H
xbase64.cpp
#include "xbase64.h"
#if (defined(__AVR__))
#include <avr/pgmspace.h>
#else
#if !defined(__x86_64)
#include <pgmspace.h>
#else
#undef PROGMEM
#define PROGMEM
#endif
#endif
const char PROGMEM b64_alphabet[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789+/";
/* 'Private' declarations */
inline void a3_to_a4(unsigned char * a4, const unsigned char * a3);
inline void a4_to_a3(unsigned char * a3, const unsigned char * a4);
inline unsigned char b64_lookup(char c);
int base64_encode(char *output, const char *input, int inputLen) {
int i = 0, j = 0;
int encLen = 0;
unsigned char a3[3];
unsigned char a4[4];
while(inputLen--) {
a3[i++] = *(input++);
if(i == 3) {
a3_to_a4(a4, a3);
for(i = 0; i < 4; i++) {
#if !defined(__x86_64)
output[encLen++] = pgm_read_byte(&b64_alphabet[a4[i]]);
#else
output[encLen++] = b64_alphabet[a4[i]];
#endif
}
i = 0;
}
}
if(i) {
for(j = i; j < 3; j++) {
a3[j] = '\0';
}
a3_to_a4(a4, a3);
for(j = 0; j < i + 1; j++) {
#if !defined(__x86_64)
output[encLen++] = pgm_read_byte(&b64_alphabet[a4[j]]);
#else
output[encLen++] = b64_alphabet[a4[j]];
#endif
}
while((i++ < 3)) {
output[encLen++] = '=';
}
}
output[encLen] = '\0';
return encLen;
}
int base64_decode(char * output, const char * input, int inputLen) {
int i = 0, j = 0;
int decLen = 0;
unsigned char a3[3];
unsigned char a4[4];
while (inputLen--) {
if(*input == '=') {
break;
}
a4[i++] = *(input++);
if (i == 4) {
for (i = 0; i <4; i++) {
a4[i] = b64_lookup(a4[i]);
}
a4_to_a3(a3,a4);
for (i = 0; i < 3; i++) {
output[decLen++] = a3[i];
}
i = 0;
}
}
if (i) {
for (j = i; j < 4; j++) {
a4[j] = '\0';
}
for (j = 0; j <4; j++) {
a4[j] = b64_lookup(a4[j]);
}
a4_to_a3(a3,a4);
for (j = 0; j < i - 1; j++) {
output[decLen++] = a3[j];
}
}
output[decLen] = '\0';
return decLen;
}
int base64_enc_len(int plainLen) {
int n = plainLen;
return (n + 2 - ((n + 2) % 3)) / 3 * 4;
}
int base64_dec_len(const char * input, int inputLen) {
int i = 0;
int numEq = 0;
for(i = inputLen - 1; input[i] == '='; i--) {
numEq++;
}
return ((6 * inputLen) / 8) - numEq;
}
inline void a3_to_a4(unsigned char * a4, const unsigned char * a3) {
a4[0] = (a3[0] & 0xfc) >> 2;
a4[1] = ((a3[0] & 0x03) << 4) + ((a3[1] & 0xf0) >> 4);
a4[2] = ((a3[1] & 0x0f) << 2) + ((a3[2] & 0xc0) >> 6);
a4[3] = (a3[2] & 0x3f);
}
inline void a4_to_a3(unsigned char * a3, const unsigned char * a4) {
a3[0] = (a4[0] << 2) + ((a4[1] & 0x30) >> 4);
a3[1] = ((a4[1] & 0xf) << 4) + ((a4[2] & 0x3c) >> 2);
a3[2] = ((a4[2] & 0x3) << 6) + a4[3];
}
inline unsigned char b64_lookup(char c) {
if(c >='A' && c <='Z') return c - 'A';
if(c >='a' && c <='z') return c - 71;
if(c >='0' && c <='9') return c + 4;
if(c == '+') return 62;
if(c == '/') return 63;
return -1;
}
simple.ino
/* Simple buffer example for low-memory conditions (Arduino) */
#include "AESLib.h"
#define BAUD 9600
AESLib aesLib;
#define INPUT_BUFFER_LIMIT (128 + 1) // designed for Arduino UNO, not stress-tested anymore (this works with readBuffer[129])
unsigned char cleartext[INPUT_BUFFER_LIMIT] = {0}; // THIS IS INPUT BUFFER (FOR TEXT)
unsigned char ciphertext[2*INPUT_BUFFER_LIMIT] = {0}; // THIS IS OUTPUT BUFFER (FOR BASE64-ENCODED ENCRYPTED DATA)
unsigned char readBuffer[18] = "username:password";
// AES Encryption Key (same as in node-js example)
byte aes_key[] = { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C };
// General initialization vector (same as in node-js example) (you must use your own IV's in production for full security!!!)
byte aes_iv[N_BLOCK] = { 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA };
// Generate IV (once)
void aes_init() {
aesLib.gen_iv(aes_iv);
aesLib.set_paddingmode((paddingMode)0);
}
uint16_t encrypt_to_ciphertext(char * msg, uint16_t msgLen, byte iv[]) {
Serial.println("Calling encrypt (string)...");
// aesLib.get_cipher64_length(msgLen);
int cipherlength = aesLib.encrypt((byte*)msg, msgLen, (char*)ciphertext, aes_key, sizeof(aes_key), iv);
// uint16_t encrypt(byte input[], uint16_t input_length, char * output, byte key[],int bits, byte my_iv[]);
return cipherlength;
}
uint16_t decrypt_to_cleartext(byte msg[], uint16_t msgLen, byte iv[]) {
Serial.print("Calling decrypt...; ");
uint16_t dec_bytes = aesLib.decrypt(msg, msgLen, (char*)cleartext, aes_key, sizeof(aes_key), iv);
Serial.print("Decrypted bytes: "); Serial.println(dec_bytes);
return dec_bytes;
}
void setup() {
Serial.begin(BAUD);
Serial.setTimeout(60000);
delay(2000);
aes_init(); // generate random IV, should be called only once? causes crash if repeated...
}
/* non-blocking wait function */
void wait(unsigned long milliseconds) {
unsigned long timeout = millis() + milliseconds;
while (millis() < timeout) {
yield();
}
}
unsigned long loopcount = 0;
// Working IV buffer: Will be updated after encryption to follow up on next block.
// But we don't want/need that in this test, so we'll copy this over with enc_iv_to/enc_iv_from
// in each loop to keep the test at IV iteration 1. We could go further, but we'll get back to that later when needed.
// General initialization vector (same as in node-js example) (you must use your own IV's in production for full security!!!)
byte enc_iv[N_BLOCK] = { 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA };
byte enc_iv_to[N_BLOCK] = { 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA };
byte enc_iv_from[N_BLOCK] = { 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA };
void loop() {
Serial.print("readBuffer length: "); Serial.println(sizeof(readBuffer));
// must not exceed INPUT_BUFFER_LIMIT bytes; may contain a newline
sprintf((char*)cleartext, "%s", readBuffer);
// Encrypt
// iv_block gets written to, provide own fresh copy... so each iteration of encryption will be the same.
uint16_t msgLen = sizeof(readBuffer);
memcpy(enc_iv, enc_iv_to, sizeof(enc_iv_to));
uint16_t encLen = encrypt_to_ciphertext((char*)cleartext, msgLen, enc_iv);
Serial.print("Encrypted length = "); Serial.println(encLen );
Serial.println("Encrypted. Decrypting..."); Serial.println(encLen ); Serial.flush();
memcpy(enc_iv, enc_iv_from, sizeof(enc_iv_from));
uint16_t decLen = decrypt_to_cleartext(ciphertext, encLen , enc_iv);
Serial.print("Decrypted cleartext of length: "); Serial.println(decLen);
Serial.print("Decrypted cleartext:\n"); Serial.println((char*)cleartext);
if (strcmp((char*)readBuffer, (char*)cleartext) == 0) {
Serial.println("Decrypted correctly.");
} else {
Serial.println("Decryption test failed.");
}
Serial.println("---");
}