kjkim
/
BSOne.SFC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
BSOne.SFC/Tocsg.Lib/VCL/EncLib/AES/aes_ccm.pas

378 lines
15 KiB
Plaintext
Raw Blame History

unit AES_CCM;
(*************************************************************************
DESCRIPTION : AES Counter with CBC-MAC (CCM) mode functions
REQUIREMENTS : TP5-7, D1-D7/D9-D12/D17-D18, FPC, VP, WDOSX
EXTERNAL DATA : ---
MEMORY USAGE : ---
DISPLAY MODE : ---
REMARKS : - The IV and buf fields of the contexts are used for temporary buffers
- Tag compare is constant time but if verification fails,
then plaintext is zero-filled
- Maximum header length is $FEFF
- Since CCM was designed for use in a packet processing
environment, there are no incremental functions. The ..Ex
functions can be used together with AES_Init_Encr to save
key setup overhead if the same key is used more than once.
REFERENCES : [1] RFC 3610, D. Whiting et al., Counter with CBC-MAC (CCM)
http://tools.ietf.org/html/rfc3610
[2] NIST Special Publication 800-38C, Recommendation for
Block Cipher Modes of Operation: The CCM Mode for
Authentication and Confidentiality
http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
Version Date Author Modification
------- -------- ------- ------------------------------------------
0.01 17.05.09 we Initial version
0.02 17.05.09 we Process full blocks, procedure IncCTR
0.03 17.05.09 we Remove adjustment of nLen
0.04 18.05.09 we Check static ranges and conditions, simplify ecoding of L in B0
0.05 18.05.09 we Check nLen
0.06 18.05.09 we Simplify encoding of l(m)
0.07 19.05.09 we Use ctx.IV, ctx.buf, ctx.bLen
0.08 19.05.09 we TP5-6
0.09 20.05.09 we Simplified functions
0.10 20.05.09 we If verification fails, ptp^ is zero-filled
0.11 21.05.09 we Special length check for BIT16
0.12 21.05.09 we ctx as var parameter in Ex functions
0.13 28.07.10 we Fix: Check ofs(dtp^) for 16 bit
0.14 31.08.15 we constant time compare in AES_CCM_Dec_VeriEX
**************************************************************************)
(*-------------------------------------------------------------------------
(C) Copyright 2009-2015 Wolfgang Ehrhardt
This software is provided 'as-is', without any express or implied warranty.
In no event will the authors be held liable for any damages arising from
the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not
claim that you wrote the original software. If you use this software in
a product, an acknowledgment in the product documentation would be
appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
----------------------------------------------------------------------------*)
{$i STD.INC}
interface
uses
BTypes, AES_Type, AES_Base, AES_Encr;
function AES_CCM_Enc_AuthEx(var ctx: TAESContext;
var tag: TAESBlock; tLen : word; {Tag & length in [4,6,8,19,12,14,16]}
{$ifdef CONST}const{$else}var{$endif} nonce; nLen: word; {nonce: address / length}
hdr: pointer; hLen: word; {header: address / length}
ptp: pointer; pLen: longint; {plaintext: address / length}
ctp: pointer {ciphertext: address}
): integer;
{$ifdef DLL} stdcall; {$endif}
{-CCM packet encrypt/authenticate without key setup}
function AES_CCM_Enc_Auth(var tag: TAESBlock; tLen : word; {Tag & length in [4,6,8,19,12,14,16]}
{$ifdef CONST}const{$else}var{$endif} Key; KBytes: word; {key and byte length of key}
{$ifdef CONST}const{$else}var{$endif} nonce; nLen: word; {nonce: address / length}
hdr: pointer; hLen: word; {header: address / length}
ptp: pointer; pLen: longint; {plaintext: address / length}
ctp: pointer {ciphertext: address}
): integer;
{$ifdef DLL} stdcall; {$endif}
{-All-in-one call for CCM packet encrypt/authenticate}
function AES_CCM_Dec_VeriEX(var ctx: TAESContext;
ptag: pointer; tLen : word; {Tag & length in [4,6,8,19,12,14,16]}
{$ifdef CONST}const{$else}var{$endif} nonce; nLen: word; {nonce: address / length}
hdr: pointer; hLen: word; {header: address / length}
ctp: pointer; cLen: longint; {ciphertext: address / length}
ptp: pointer {plaintext: address}
): integer;
{$ifdef DLL} stdcall; {$endif}
{-CCM packet decrypt/verify without key setup. If ptag^ verification fails, ptp^ is zero-filled!}
function AES_CCM_Dec_Veri( ptag: pointer; tLen : word; {Tag & length in [4,6,8,19,12,14,16]}
{$ifdef CONST}const{$else}var{$endif} Key; KBytes: word; {key and byte length of key}
{$ifdef CONST}const{$else}var{$endif} nonce; nLen: word; {nonce: address / length}
hdr: pointer; hLen: word; {header: address / length}
ctp: pointer; cLen: longint; {ciphertext: address / length}
ptp: pointer {plaintext: address}
): integer;
{$ifdef DLL} stdcall; {$endif}
{-All-in-one CCM packet decrypt/verify. If ptag^ verification fails, ptp^ is zero-filled!}
implementation
{---------------------------------------------------------------------------}
function AES_CCM_Core(var ctx: TAESContext; enc_auth: boolean;
var tag: TAESBlock; tLen : word; {Tag & length in [4,6,8,19,12,14,16]}
pnonce: pointer; nLen: word; {nonce: address / length}
hdr: pointer; hLen: word; {header: address / length, hLen <$FF00}
stp: pointer; sLen: longint; {source text: address / length}
dtp: pointer {dest. text: address}
): integer;
{-CCM core routine. Encrypt or decrypt (depending on enc_auth) source text}
{ to dest. text and calculate the CCM tag. Key setup must be done from caller}
var
ecc: TAESBlock; {encrypted counter}
err: integer;
len: longint;
k, L: word;
b: byte;
pb: pByte;
procedure IncCTR(var CTR: TAESBlock);
{-Increment CTR[15]..CTR[16-L]}
var
j: integer;
begin
for j:=15 downto 16-L do begin
if CTR[j]=$FF then CTR[j] := 0
else begin
inc(CTR[j]);
exit;
end;
end;
end;
begin
{Check static ranges and conditions}
if (sLen>0) and ((stp=nil) or (dtp=nil)) then err := AES_Err_NIL_Pointer
else if odd(tLen) or (tLen<4) or (tLen>16) then err := AES_Err_CCM_Tag_length
else if (hLen>0) and (hdr=nil) then err := AES_Err_NIL_Pointer
else if hLen>=$FF00 then err := AES_Err_CCM_Hdr_length
else if (nLen<7) or (nLen>13) then err := AES_Err_CCM_Nonce_length
{$ifdef BIT16}
else if (ofs(stp^)+sLen>$FFFF) or (ofs(dtp^)+sLen>$FFFF) then err := AES_Err_CCM_Text_length
{$endif}
else err := 0;
AES_CCM_Core := err;
if err<>0 then exit;
{calculate L value = max(number of bytes needed for sLen, 15-nLen)}
len := sLen;
L := 0;
while len>0 do begin
inc(L);
len := len shr 8;
end;
if nLen+L > 15 then begin
AES_CCM_Core := AES_Err_CCM_Nonce_length;
exit;
end;
{Force nLen+L=15. Since nLen<=13, L is at least 2}
L := 15-nLen;
with ctx do begin
{compose B_0 = Flags | Nonce N | l(m)}
{octet 0: Flags = 64*HdrPresent | 8*((tLen-2) div 2 | (L-1)}
if hLen>0 then b := 64 else b := 0;
buf[0] := b or ((tLen-2) shl 2) or (L-1);
{octets 1..15-L is nonce}
pb := pnonce;
for k:=1 to 15-L do begin
buf[k] := pb^;
inc(Ptr2Inc(pb));
end;
{octets 16-L .. 15: l(m)}
len := sLen;
for k:=1 to L do begin
buf[16-k] := len and $FF;
len := len shr 8;
end;
AES_Encrypt(ctx, buf, buf);
{process header}
if hLen > 0 then begin
{octets 0..1: encoding of hLen. Note: since we allow max $FEFF bytes}
{only these two octets are used. Generally up to 10 octets are needed.}
buf[0] := buf[0] xor (hLen shr 8);
buf[1] := buf[1] xor (hLen and $FF);
{now append the hdr data}
blen:= 2;
pb := hdr;
for k:=1 to hLen do begin
if blen=16 then begin
AES_Encrypt(ctx, buf, buf);
blen := 0;
end;
buf[blen] := buf[blen] xor pb^;
inc(blen);
inc(Ptr2Inc(pb));
end;
if blen<>0 then AES_Encrypt(ctx, buf, buf);
end;
{setup the counter for source text processing}
pb := pnonce;
IV[0] := (L-1) and $FF;
for k:=1 to 15 do begin
if k<16-L then begin
IV[k] := pb^;
inc(Ptr2Inc(pb));
end
else IV[k] := 0;
end;
{process full source text blocks}
while sLen>=16 do begin
IncCTR(IV);
AES_Encrypt(ctx,IV,ecc);
if enc_auth then begin
AES_XorBlock(PAESBlock(stp)^, buf, buf);
AES_XorBlock(PAESBlock(stp)^, ecc, PAESBlock(dtp)^);
end
else begin
AES_XorBlock(PAESBlock(stp)^, ecc, PAESBlock(dtp)^);
AES_XorBlock(PAESBlock(dtp)^, buf, buf);
end;
AES_Encrypt(ctx, buf, buf);
inc(Ptr2Inc(stp), AESBLKSIZE);
inc(Ptr2Inc(dtp), AESBLKSIZE);
dec(sLen, AESBLKSIZE);
end;
if sLen>0 then begin
{handle remaining bytes of source text}
IncCTR(IV);
AES_Encrypt(ctx, IV, ecc);
for k:=0 to word(sLen-1) do begin
if enc_auth then begin
b := pByte(stp)^;
pByte(dtp)^ := b xor ecc[k];
end
else begin
b := pByte(stp)^ xor ecc[k];
pByte(dtp)^ := b;
end;
buf[k] := buf[k] xor b;
inc(Ptr2Inc(stp));
inc(Ptr2Inc(dtp));
end;
AES_Encrypt(ctx, buf, buf);
end;
{setup counter for the tag (zero the count)}
for k:=15 downto 16-L do IV[k] := 0;
AES_Encrypt(ctx, IV, ecc);
{store the TAG}
AES_XorBlock(buf, ecc, tag);
end;
end;
{---------------------------------------------------------------------------}
function AES_CCM_Enc_AuthEx(var ctx: TAESContext;
var tag: TAESBlock; tLen : word; {Tag & length in [4,6,8,19,12,14,16]}
{$ifdef CONST}const{$else}var{$endif} nonce; nLen: word; {nonce: address / length}
hdr: pointer; hLen: word; {header: address / length}
ptp: pointer; pLen: longint; {plaintext: address / length}
ctp: pointer {ciphertext: address}
): integer;
{-CCM packet encrypt/authenticate without key setup}
begin
AES_CCM_Enc_AuthEx := AES_CCM_Core(ctx,true,tag,tLen,@nonce,nLen,hdr,hLen,ptp,pLen,ctp);
end;
{---------------------------------------------------------------------------}
function AES_CCM_Enc_Auth(var tag: TAESBlock; tLen : word; {Tag & length in [4,6,8,19,12,14,16]}
{$ifdef CONST}const{$else}var{$endif} Key; KBytes: word;{key and byte length of key}
{$ifdef CONST}const{$else}var{$endif} nonce; nLen: word; {nonce: address / length}
hdr: pointer; hLen: word; {header: address / length}
ptp: pointer; pLen: longint; {plaintext: address / length}
ctp: pointer {ciphertext: address}
): integer;
{-All-in-one call for CCM packet encrypt/authenticate}
var
ctx: TAESContext;
err: integer;
begin
err := AES_Init_Encr(Key, KBytes*8, ctx);
if err<>0 then AES_CCM_Enc_Auth := err
else AES_CCM_Enc_Auth := AES_CCM_Core(ctx,true,tag,tLen,@nonce,nLen,hdr,hLen,ptp,pLen,ctp);
fillchar(ctx, sizeof(ctx), 0);
end;
{---------------------------------------------------------------------------}
function AES_CCM_Dec_VeriEX(var ctx: TAESContext;
ptag: pointer; tLen : word; {Tag & length in [4,6,8,19,12,14,16]}
{$ifdef CONST}const{$else}var{$endif} nonce; nLen: word; {nonce: address / length}
hdr: pointer; hLen: word; {header: address / length}
ctp: pointer; cLen: longint; {ciphertext: address / length}
ptp: pointer {plaintext: address}
): integer;
{-CCM packet decrypt/verify without key setup. If ptag^ verification fails, ptp^ is zero-filled!}
var
tag: TAESBlock;
err,i: integer;
diff: byte;
begin
err := AES_CCM_Core(ctx,false,tag,tLen,@nonce,nLen,hdr,hLen,ctp,cLen,ptp);
if err=0 then begin
diff := 0;
for i:=0 to pred(tLen) do begin
diff := diff or (pByte(ptag)^ xor tag[i]);
inc(Ptr2Inc(ptag));
end;
err := (((integer(diff)-1) shr 8) and 1)-1; {0 compare, -1 otherwise}
err := err and AES_Err_CCM_Verify_Tag;
end;
fillchar(tag, sizeof(tag),0);
AES_CCM_Dec_VeriEx := err;
if err<>0 then fillchar(ptp^, cLen, 0);
end;
{---------------------------------------------------------------------------}
function AES_CCM_Dec_Veri( ptag: pointer; tLen : word; {Tag & length in [4,6,8,19,12,14,16]}
{$ifdef CONST}const{$else}var{$endif} Key; KBytes: word;{key and byte length of key}
{$ifdef CONST}const{$else}var{$endif} nonce; nLen: word; {nonce: address / length}
hdr: pointer; hLen: word; {header: address / length}
ctp: pointer; cLen: longint; {ciphertext: address / length}
ptp: pointer {plaintext: address}
): integer;
{-All-in-one CCM packet decrypt/verify. If ptag^ verification fails, ptp^ is zero-filled!}
var
ctx: TAESContext;
err: integer;
begin
err := AES_Init_Encr(Key, KBytes*8, ctx);
if err<>0 then AES_CCM_Dec_Veri := err
else AES_CCM_Dec_Veri := AES_CCM_Dec_VeriEX(ctx,ptag,tLen,nonce,nLen,hdr,hLen,ctp,cLen,ptp);
fillchar(ctx, sizeof(ctx), 0);
end;
end.
Reference in New Issue View Git Blame Copy Permalink