murmur/TT12-MCU
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

aes --ok

Browse Source
This commit is contained in:
murmur 2023-04-27 16:57:21 +08:00
parent 61205128e8
commit d8c20ce0b9
3 changed files with 1970 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1494
applications/aes/aes.c Normal file
View File

File diff suppressed because it is too large Load Diff

301
applications/aes/aes.h Normal file
View File

@ -0,0 +1,301 @@
/**
* \file aes.h
*
* \brief AES block cipher
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_AES_H
#define MBEDTLS_AES_H
//#define MBEDTLS_SELF_TEST
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_AES_ROM_TABLES
//#if !defined(MBEDTLS_CONFIG_FILE)
//#include "config.h"
//#else
//#include MBEDTLS_CONFIG_FILE
//#endif
#include <stddef.h>
#include <stdint.h>
/* padlock.c and aesni.c rely on these values! */
#define MBEDTLS_AES_ENCRYPT 1
#define MBEDTLS_AES_DECRYPT 0
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
#if !defined(MBEDTLS_AES_ALT)
// Regular implementation
//
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief AES context structure
*
* \note buf is able to hold 32 extra bytes, which can be used:
* - for alignment purposes if VIA padlock is used, and/or
* - to simplify key expansion in the 256-bit case by
* generating an extra round key
*/
typedef struct
{
int nr; /*!< number of rounds */
uint32_t *rk; /*!< AES round keys */
uint32_t buf[68]; /*!< unaligned data */
}
mbedtls_aes_context;
/**
* \brief Initialize AES context
*
* \param ctx AES context to be initialized
*/
void mbedtls_aes_init( mbedtls_aes_context *ctx );
/**
* \brief Clear AES context
*
* \param ctx AES context to be cleared
*/
void mbedtls_aes_free( mbedtls_aes_context *ctx );
/**
* \brief AES key schedule (encryption)
*
* \param ctx AES context to be initialized
* \param key encryption key
* \param keybits must be 128, 192 or 256
*
* \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
*/
int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits );
/**
* \brief AES key schedule (decryption)
*
* \param ctx AES context to be initialized
* \param key decryption key
* \param keybits must be 128, 192 or 256
*
* \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
*/
int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits );
/**
* \brief AES-ECB block encryption/decryption
*
* \param ctx AES context
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
* \param input 16-byte input block
* \param output 16-byte output block
*
* \return 0 if successful
*/
int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
int mode,
const unsigned char input[16],
unsigned char output[16] );
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
* \brief AES-CBC buffer encryption/decryption
* Length should be a multiple of the block
* size (16 bytes)
*
* \note Upon exit, the content of the IV is updated so that you can
* call the function same function again on the following
* block(s) of data and get the same result as if it was
* encrypted in one call. This allows a "streaming" usage.
* If on the other hand you need to retain the contents of the
* IV, you should either save it manually or use the cipher
* module instead.
*
* \param ctx AES context
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
* \param length length of the input data
* \param iv initialization vector (updated after use)
* \param input buffer holding the input data
* \param output buffer holding the output data
*
* \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
*/
int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
/**
* \brief AES-CFB128 buffer encryption/decryption.
*
* Note: Due to the nature of CFB you should use the same key schedule for
* both encryption and decryption. So a context initialized with
* mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
*
* \note Upon exit, the content of the IV is updated so that you can
* call the function same function again on the following
* block(s) of data and get the same result as if it was
* encrypted in one call. This allows a "streaming" usage.
* If on the other hand you need to retain the contents of the
* IV, you should either save it manually or use the cipher
* module instead.
*
* \param ctx AES context
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
* \param length length of the input data
* \param iv_off offset in IV (updated after use)
* \param iv initialization vector (updated after use)
* \param input buffer holding the input data
* \param output buffer holding the output data
*
* \return 0 if successful
*/
int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
int mode,
size_t length,
size_t *iv_off,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
/**
* \brief AES-CFB8 buffer encryption/decryption.
*
* Note: Due to the nature of CFB you should use the same key schedule for
* both encryption and decryption. So a context initialized with
* mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
*
* \note Upon exit, the content of the IV is updated so that you can
* call the function same function again on the following
* block(s) of data and get the same result as if it was
* encrypted in one call. This allows a "streaming" usage.
* If on the other hand you need to retain the contents of the
* IV, you should either save it manually or use the cipher
* module instead.
*
* \param ctx AES context
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
* \param length length of the input data
* \param iv initialization vector (updated after use)
* \param input buffer holding the input data
* \param output buffer holding the output data
*
* \return 0 if successful
*/
int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
#endif /*MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
/**
* \brief AES-CTR buffer encryption/decryption
*
* Warning: You have to keep the maximum use of your counter in mind!
*
* Note: Due to the nature of CTR you should use the same key schedule for
* both encryption and decryption. So a context initialized with
* mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
*
* \param ctx AES context
* \param length The length of the data
* \param nc_off The offset in the current stream_block (for resuming
* within current cipher stream). The offset pointer to
* should be 0 at the start of a stream.
* \param nonce_counter The 128-bit nonce and counter.
* \param stream_block The saved stream-block for resuming. Is overwritten
* by the function.
* \param input The input data stream
* \param output The output data stream
*
* \return 0 if successful
*/
int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
size_t length,
size_t *nc_off,
unsigned char nonce_counter[16],
unsigned char stream_block[16],
const unsigned char *input,
unsigned char *output );
#endif /* MBEDTLS_CIPHER_MODE_CTR */
/**
* \brief Internal AES block encryption function
* (Only exposed to allow overriding it,
* see MBEDTLS_AES_ENCRYPT_ALT)
*
* \param ctx AES context
* \param input Plaintext block
* \param output Output (ciphertext) block
*/
void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] );
/**
* \brief Internal AES block decryption function
* (Only exposed to allow overriding it,
* see MBEDTLS_AES_DECRYPT_ALT)
*
* \param ctx AES context
* \param input Ciphertext block
* \param output Output (plaintext) block
*/
void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] );
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_AES_ALT */
#include "aes_alt.h"
#endif /* MBEDTLS_AES_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
*/
int mbedtls_aes_self_test( int verbose );
#ifdef __cplusplus
}
#endif
#endif /* aes.h */

175
applications/cryp.c Normal file
View File

@ -0,0 +1,175 @@
/*
* Copyright (c) 2006-2021, RT-Thread Development Team
*
* SPDX-License-Identifier: Apache-2.0
*
* Change Logs:
* Date Author Notes
* 2023-04-24 murmur the first version
*/
#include <aes/aes.h>
#include <rtthread.h>
//#include <dfs_posix.h>
#include <dfs_file.h>
#define LOG_TAG "aes"
#define LOG_LVL LOG_LVL_DBG
#include <ulog.h>
#ifndef KEY_LEN
#define KEY_LEN 32//密钥长度
#endif
int aes_128_cbc_pkcs7(rt_uint8_t *data, rt_uint16_t len, rt_uint8_t *dout)
{
// 工作模式 CBC ,填充模式 PKCS7不同语言要保持一致。
// PKCS7规则是长度不够时缺几位补几个几长度够时也要补
// key长度由KEY_LEN定义默认32位
// iv取密钥前16位
// 已多平台验证
unsigned char key[KEY_LEN];
rt_memset(key, 0x00, KEY_LEN); //初始化密钥填充0x00
rt_strcpy(key, "Cssc722.Cssc722.Cssc722.."); //写入密钥
unsigned char iv[16];
rt_memcpy(iv, key, 16); //取密钥前16为偏移量
rt_uint16_t m = len / 16;
rt_uint8_t n = len % 16;
rt_uint16_t cnt = (m + 1) * 16;
rt_uint8_t *pbuff = rt_malloc(cnt); //分配内存
// rt_kprintf("%d -- %d %d new len is %d.\n", len,m,n,cnt);
rt_memcpy(pbuff, data, len); //data -> buff
rt_memset(pbuff + len, (16 - n), 16 - n); //按PKCS7规则填充
// for (size_t i = 0; i < (m + 1) * 16; i++)
// {
// rt_kprintf("0x%02X ", p_key[i]);
// }
unsigned char edata[cnt];//输出buff
mbedtls_aes_context ctx; //创建结构体
mbedtls_aes_init(&ctx); //初始化
int rst = mbedtls_aes_setkey_enc(&ctx, key, KEY_LEN * 8); //设置密钥
// rt_kprintf("--%d\n", rst);
rst = mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_ENCRYPT, (m + 1) * 16, iv, pbuff, edata); //加密
// rt_kprintf("--%d\n", rst);
mbedtls_aes_free(&ctx); //释放结构体
rt_memcpy(dout, edata, cnt);
rt_free(pbuff); //释放内存
// for (rt_uint16_t i = 0; i < cnt; i++)
// {
// rt_kprintf("0x%02X ", edata[i]);
// }
// rt_kprintf("\n---DONE.---\n");
return cnt;
}
void aes_string_test(int argc, char **argv)
{
rt_uint8_t data[128];
size_t len;
if (argc == 1)
{
len=aes_128_cbc_pkcs7("Test String", strlen("Test String"), data);
}
else if (argc == 2)
{
len=aes_128_cbc_pkcs7(argv[1], strlen(argv[1]), data);
}
for (size_t var = 0; var < len; ++var) {
rt_kprintf("0x%02X ", data[var]);
}
rt_kprintf("\n---DONE.---\n");
}
void aes_file(const char *fin, const char *fout)
{
rt_uint8_t *buffer = RT_NULL, *outbuffer = RT_NULL;
int fd_in = -1, fd_out = -1;
fd_in = open(fin, O_RDONLY, 0);
if (fd_in < 0)
{
LOG_E("open the input file : %s error!\n", fin);
goto _exit;
}
fd_out = open(fout, O_WRONLY | O_CREAT | O_TRUNC, 0);
if (fd_out < 0)
{
LOG_E("open the output file : %s error!\n", fout);
goto _exit;
}
rt_uint16_t file_size = lseek(fd_in, 0, SEEK_END);
lseek(fd_in, 0, SEEK_SET);
buffer = (rt_uint8_t *) malloc(file_size);
outbuffer = (rt_uint8_t *) malloc(file_size + 16); //加密后最大大16字节
if (!buffer || !outbuffer)
{
LOG_E("No memory for AES!\n");
goto _exit;
}
read(fd_in, buffer, file_size);
size_t len = aes_128_cbc_pkcs7(buffer, file_size, outbuffer);
write(fd_out, outbuffer, len);
LOG_I("AESed to %s done. File size from %d bytes to %d.\n", fout,file_size, len);
// goto _exit;
_exit: if (buffer)
{
rt_free(buffer);
}
if (outbuffer)
{
rt_free(outbuffer);
}
if (fd_in >= 0)
{
close(fd_in);
}
if (fd_out >= 0)
{
close(fd_out);
}
return RT_EOK;
}
void aes_file_test(int argc, char **argv)
{
if (argc == 3)
{
aes_file(argv[1], argv[2]);
}
else
{
rt_kprintf("Usage:\n");
rt_kprintf("aes_file_test [input_file] [output_file] \"input_file\" to \"output_file\" \n");
}
}
#include <finsh.h>
/* 导出到自动初始化 */
MSH_CMD_EXPORT(aes_string_test, 使AES-256crypt string using AES-256.);
MSH_CMD_EXPORT(aes_file_test, 使AES-256crypt file using AES-256.);