-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathaes_ccm.pas
375 lines (317 loc) · 15.1 KB
/
aes_ccm.pas
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
unit AES_CCM;
(*************************************************************************
DESCRIPTION : AES Counter with CBC-MAC (CCM) mode functions
REQUIREMENTS : TP5-7, D1-D7/D9-D10/D12, FPC, VP
EXTERNAL DATA : ---
MEMORY USAGE : ---
DISPLAY MODE : ---
REMARKS : - The IV and buf fields of the contexts are used for temporary buffers
- If verification fails, then plaintext is zero-filled
- Maximum header length is $FEFF
- Since CCM was designed for use in a packet processing
environment, there are no incremental functions. The ..Ex
functions can be used together with AES_Init_Encr to save
key setup overhead if the same key is used more than once.
REFERENCES : [1] RFC 3610, D. Whiting et al., Counter with CBC-MAC (CCM)
http://tools.ietf.org/html/rfc3610
[2] NIST Special Publication 800-38C, Recommendation for
Block Cipher Modes of Operation: The CCM Mode for
Authentication and Confidentiality
http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
Version Date Author Modification
------- -------- ------- ------------------------------------------
0.01 17.05.09 we Initial version
0.02 17.05.09 we Process full blocks, procedure IncCTR
0.03 17.05.09 we Remove adjustment of nLen
0.04 18.05.09 we Check static ranges and conditions, simplify ecoding of L in B0
0.05 18.05.09 we Check nLen
0.06 18.05.09 we Simplify encoding of l(m)
0.07 19.05.09 we Use ctx.IV, ctx.buf, ctx.bLen
0.08 19.05.09 we TP5-6
0.09 20.05.09 we Simplified functions
0.10 20.05.09 we If verification fails, ptp^ is zero-filled
0.11 21.05.09 we Special length check for BIT16
0.12 21.05.09 we ctx as var parameter in Ex functions
0.13 28.07.10 we Fix: Check ofs(dtp^) for 16 bit
**************************************************************************)
(*-------------------------------------------------------------------------
(C) Copyright 2009-2010 Wolfgang Ehrhardt
This software is provided 'as-is', without any express or implied warranty.
In no event will the authors be held liable for any damages arising from
the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not
claim that you wrote the original software. If you use this software in
a product, an acknowledgment in the product documentation would be
appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
----------------------------------------------------------------------------*)
{$i STD.INC}
interface
uses
BTypes, AES_Type, AES_Base, AES_Encr;
function AES_CCM_Enc_AuthEx(var ctx: TAESContext;
var tag: TAESBlock; tLen : word; {Tag & length in [4,6,8,19,12,14,16]}
{$ifdef CONST}const{$else}var{$endif} nonce; nLen: word; {nonce: address / length}
hdr: pointer; hLen: word; {header: address / length}
ptp: pointer; pLen: longint; {plaintext: address / length}
ctp: pointer {ciphertext: address}
): integer;
{$ifdef DLL} stdcall; {$endif}
{-CCM packet encrypt/authenticate without key setup}
function AES_CCM_Enc_Auth(var tag: TAESBlock; tLen : word; {Tag & length in [4,6,8,19,12,14,16]}
{$ifdef CONST}const{$else}var{$endif} Key; KBytes: word; {key and byte length of key}
{$ifdef CONST}const{$else}var{$endif} nonce; nLen: word; {nonce: address / length}
hdr: pointer; hLen: word; {header: address / length}
ptp: pointer; pLen: longint; {plaintext: address / length}
ctp: pointer {ciphertext: address}
): integer;
{$ifdef DLL} stdcall; {$endif}
{-All-in-one call for CCM packet encrypt/authenticate}
function AES_CCM_Dec_VeriEX(var ctx: TAESContext;
ptag: pointer; tLen : word; {Tag & length in [4,6,8,19,12,14,16]}
{$ifdef CONST}const{$else}var{$endif} nonce; nLen: word; {nonce: address / length}
hdr: pointer; hLen: word; {header: address / length}
ctp: pointer; cLen: longint; {ciphertext: address / length}
ptp: pointer {plaintext: address}
): integer;
{$ifdef DLL} stdcall; {$endif}
{-CCM packet decrypt/verify without key setup. If ptag^ verification fails, ptp^ is zero-filled!}
function AES_CCM_Dec_Veri( ptag: pointer; tLen : word; {Tag & length in [4,6,8,19,12,14,16]}
{$ifdef CONST}const{$else}var{$endif} Key; KBytes: word; {key and byte length of key}
{$ifdef CONST}const{$else}var{$endif} nonce; nLen: word; {nonce: address / length}
hdr: pointer; hLen: word; {header: address / length}
ctp: pointer; cLen: longint; {ciphertext: address / length}
ptp: pointer {plaintext: address}
): integer;
{$ifdef DLL} stdcall; {$endif}
{-All-in-one CCM packet decrypt/verify. If ptag^ verification fails, ptp^ is zero-filled!}
implementation
{---------------------------------------------------------------------------}
function AES_CCM_Core(var ctx: TAESContext; enc_auth: boolean;
var tag: TAESBlock; tLen : word; {Tag & length in [4,6,8,19,12,14,16]}
pnonce: pointer; nLen: word; {nonce: address / length}
hdr: pointer; hLen: word; {header: address / length, hLen <$FF00}
stp: pointer; sLen: longint; {source text: address / length}
dtp: pointer {dest. text: address}
): integer;
{-CCM core routine. Encrypt or decrypt (depending on enc_auth) source text}
{ to dest. text and calculate the CCM tag. Key setup must be done from caller}
var
ecc: TAESBlock; {encrypted counter}
err: integer;
len: longint;
k, L: word;
b: byte;
pb: pByte;
procedure IncCTR(var CTR: TAESBlock);
{-Increment CTR[15]..CTR[16-L]}
var
j: integer;
begin
for j:=15 downto 16-L do begin
if CTR[j]=$FF then CTR[j] := 0
else begin
inc(CTR[j]);
exit;
end;
end;
end;
begin
{Check static ranges and conditions}
if (sLen>0) and ((stp=nil) or (dtp=nil)) then err := AES_Err_NIL_Pointer
else if odd(tLen) or (tLen<4) or (tLen>16) then err := AES_Err_CCM_Tag_length
else if (hLen>0) and (hdr=nil) then err := AES_Err_NIL_Pointer
else if hLen>=$FF00 then err := AES_Err_CCM_Hdr_length
else if (nLen<7) or (nLen>13) then err := AES_Err_CCM_Nonce_length
{$ifdef BIT16}
else if (ofs(stp^)+sLen>$FFFF) or (ofs(dtp^)+sLen>$FFFF) then err := AES_Err_CCM_Text_length
{$endif}
else err := 0;
AES_CCM_Core := err;
if err<>0 then exit;
{calculate L value = max(number of bytes needed for sLen, 15-nLen)}
len := sLen;
L := 0;
while len>0 do begin
inc(L);
len := len shr 8;
end;
if nLen+L > 15 then begin
AES_CCM_Core := AES_Err_CCM_Nonce_length;
exit;
end;
{Force nLen+L=15. Since nLen<=13, L is at least 2}
L := 15-nLen;
with ctx do begin
{compose B_0 = Flags | Nonce N | l(m)}
{octet 0: Flags = 64*HdrPresent | 8*((tLen-2) div 2 | (L-1)}
if hLen>0 then b := 64 else b := 0;
buf[0] := b or ((tLen-2) shl 2) or (L-1);
{octets 1..15-L is nonce}
pb := pnonce;
for k:=1 to 15-L do begin
buf[k] := pb^;
inc(Ptr2Inc(pb));
end;
{octets 16-L .. 15: l(m)}
len := sLen;
for k:=1 to L do begin
buf[16-k] := len and $FF;
len := len shr 8;
end;
AES_Encrypt(ctx, buf, buf);
{process header}
if hLen > 0 then begin
{octets 0..1: encoding of hLen. Note: since we allow max $FEFF bytes}
{only these two octets are used. Generally up to 10 octets are needed.}
buf[0] := buf[0] xor (hLen shr 8);
buf[1] := buf[1] xor (hLen and $FF);
{now append the hdr data}
blen:= 2;
pb := hdr;
for k:=1 to hLen do begin
if blen=16 then begin
AES_Encrypt(ctx, buf, buf);
blen := 0;
end;
buf[blen] := buf[blen] xor pb^;
inc(blen);
inc(Ptr2Inc(pb));
end;
if blen<>0 then AES_Encrypt(ctx, buf, buf);
end;
{setup the counter for source text processing}
pb := pnonce;
IV[0] := (L-1) and $FF;
for k:=1 to 15 do begin
if k<16-L then begin
IV[k] := pb^;
inc(Ptr2Inc(pb));
end
else IV[k] := 0;
end;
{process full source text blocks}
while sLen>=16 do begin
IncCTR(IV);
AES_Encrypt(ctx,IV,ecc);
if enc_auth then begin
AES_XorBlock(PAESBlock(stp)^, buf, buf);
AES_XorBlock(PAESBlock(stp)^, ecc, PAESBlock(dtp)^);
end
else begin
AES_XorBlock(PAESBlock(stp)^, ecc, PAESBlock(dtp)^);
AES_XorBlock(PAESBlock(dtp)^, buf, buf);
end;
AES_Encrypt(ctx, buf, buf);
inc(Ptr2Inc(stp), AESBLKSIZE);
inc(Ptr2Inc(dtp), AESBLKSIZE);
dec(sLen, AESBLKSIZE);
end;
if sLen>0 then begin
{handle remaining bytes of source text}
IncCTR(IV);
AES_Encrypt(ctx, IV, ecc);
for k:=0 to word(sLen-1) do begin
if enc_auth then begin
b := pByte(stp)^;
pByte(dtp)^ := b xor ecc[k];
end
else begin
b := pByte(stp)^ xor ecc[k];
pByte(dtp)^ := b;
end;
buf[k] := buf[k] xor b;
inc(Ptr2Inc(stp));
inc(Ptr2Inc(dtp));
end;
AES_Encrypt(ctx, buf, buf);
end;
{setup counter for the tag (zero the count)}
for k:=15 downto 16-L do IV[k] := 0;
AES_Encrypt(ctx, IV, ecc);
{store the TAG}
AES_XorBlock(buf, ecc, tag);
end;
end;
{---------------------------------------------------------------------------}
function AES_CCM_Enc_AuthEx(var ctx: TAESContext;
var tag: TAESBlock; tLen : word; {Tag & length in [4,6,8,19,12,14,16]}
{$ifdef CONST}const{$else}var{$endif} nonce; nLen: word; {nonce: address / length}
hdr: pointer; hLen: word; {header: address / length}
ptp: pointer; pLen: longint; {plaintext: address / length}
ctp: pointer {ciphertext: address}
): integer;
{-CCM packet encrypt/authenticate without key setup}
begin
AES_CCM_Enc_AuthEx := AES_CCM_Core(ctx,true,tag,tLen,@nonce,nLen,hdr,hLen,ptp,pLen,ctp);
end;
{---------------------------------------------------------------------------}
function AES_CCM_Enc_Auth(var tag: TAESBlock; tLen : word; {Tag & length in [4,6,8,19,12,14,16]}
{$ifdef CONST}const{$else}var{$endif} Key; KBytes: word;{key and byte length of key}
{$ifdef CONST}const{$else}var{$endif} nonce; nLen: word; {nonce: address / length}
hdr: pointer; hLen: word; {header: address / length}
ptp: pointer; pLen: longint; {plaintext: address / length}
ctp: pointer {ciphertext: address}
): integer;
{-All-in-one call for CCM packet encrypt/authenticate}
var
ctx: TAESContext;
err: integer;
begin
err := AES_Init_Encr(Key, KBytes*8, ctx);
if err<>0 then AES_CCM_Enc_Auth := err
else AES_CCM_Enc_Auth := AES_CCM_Core(ctx,true,tag,tLen,@nonce,nLen,hdr,hLen,ptp,pLen,ctp);
fillchar(ctx, sizeof(ctx), 0);
end;
{---------------------------------------------------------------------------}
function AES_CCM_Dec_VeriEX(var ctx: TAESContext;
ptag: pointer; tLen : word; {Tag & length in [4,6,8,19,12,14,16]}
{$ifdef CONST}const{$else}var{$endif} nonce; nLen: word; {nonce: address / length}
hdr: pointer; hLen: word; {header: address / length}
ctp: pointer; cLen: longint; {ciphertext: address / length}
ptp: pointer {plaintext: address}
): integer;
{-CCM packet decrypt/verify without key setup. If ptag^ verification fails, ptp^ is zero-filled!}
var
tag: TAESBlock;
err,i: integer;
begin
err := AES_CCM_Core(ctx,false,tag,tLen,@nonce,nLen,hdr,hLen,ctp,cLen,ptp);
if err=0 then begin
for i:=0 to pred(tLen) do begin
if tag[i]<>pByte(ptag)^ then begin
AES_CCM_Dec_VeriEx := AES_Err_CCM_Verify_Tag;
fillchar(ptp^, cLen, 0);
fillchar(tag, sizeof(tag),0);
exit;
end;
inc(Ptr2Inc(ptag));
end;
end;
fillchar(tag, sizeof(tag),0);
AES_CCM_Dec_VeriEx := 0;
end;
{---------------------------------------------------------------------------}
function AES_CCM_Dec_Veri( ptag: pointer; tLen : word; {Tag & length in [4,6,8,19,12,14,16]}
{$ifdef CONST}const{$else}var{$endif} Key; KBytes: word;{key and byte length of key}
{$ifdef CONST}const{$else}var{$endif} nonce; nLen: word; {nonce: address / length}
hdr: pointer; hLen: word; {header: address / length}
ctp: pointer; cLen: longint; {ciphertext: address / length}
ptp: pointer {plaintext: address}
): integer;
{-All-in-one CCM packet decrypt/verify. If ptag^ verification fails, ptp^ is zero-filled!}
var
ctx: TAESContext;
err: integer;
begin
err := AES_Init_Encr(Key, KBytes*8, ctx);
if err<>0 then AES_CCM_Dec_Veri := err
else AES_CCM_Dec_Veri := AES_CCM_Dec_VeriEX(ctx,ptag,tLen,nonce,nLen,hdr,hLen,ctp,cLen,ptp);
fillchar(ctx, sizeof(ctx), 0);
end;
end.