aes_ipsec.c

Sample files for creating an IPSec layer in Minix OS

/* Implementation of aes_bc.h*/
/* This file has the implementation of AES-CBC and 
 * AES-CFB to encrypt/decrypt a given file
 */

#include <stdio.h>

#include "aes.h"
#include "aes_ipsec.h"
#include "string.h"

#define		AES_BC_ENCRYPT	0
#define		AES_BC_DECRYPT	1
#define		AES_BC_CBC		0
#define		AES_BC_CFB		1

/*Global Variables*/
unsigned char chInitialVector[16];
unsigned char chSecretKey[16];
unsigned char chChainLink[16];
unsigned char chNumPad;
int nKeySize;
aes_context aescntxt;				/*Defined in aes.h*/

typedef void (*t_pfn_chain)(unsigned char[], unsigned char[]);

void aesbc_set_init_vect(unsigned char chInitVect[16])
{
	int i;
	unsigned char chTemp;
	
	for(i=0;i<16;i++){
		chTemp	=	chInitVect[i];
		chInitialVector[i]=chTemp;
		chChainLink[i]=chTemp;
		chChainLink[i]=chTemp;
	}
}

void aesbc_set_key(int nKeySizeInBits, unsigned char chKey[32])
{
	int nKeySizeInBytes;
	int i;
	
	if(!(nKeySizeInBits==128||nKeySizeInBits==192||nKeySizeInBits==256))
		return;

	nKeySizeInBytes = nKeySizeInBits / 8;
	nKeySize = nKeySizeInBits;
	
	for(i=0;i<nKeySizeInBytes;i++)
		chSecretKey[i]=chKey[i];

	aes_set_key(&aescntxt, chKey, nKeySizeInBits);
}

/* This function does block encryption 
 * for AES-CBC
 */
void aesbc_cbc_en_block(unsigned char chPlainText[16], unsigned char chCrypt[16])
{
	int i;

	for(i=0;i<16;i++)
		chPlainText[i] ^= chChainLink[i];

	aes_encrypt(&aescntxt, chPlainText, chCrypt);

	for(i=0;i<16;i++)
		chChainLink[i] = chCrypt[i];
	
}

/* This function does block encryption for
 * AES-CFB
 */
void aesbc_cfb_en_block(unsigned char chPlainText[16], unsigned char chCrypt[16])
{
	int i;

	aes_encrypt(&aescntxt, chChainLink, chCrypt);

	for(i=0;i<16;i++){
		chCrypt[i] ^= chPlainText[i];
		chChainLink[i] = chCrypt[i];
	}
}

/* This function does block 
 * encryption for AES-CBC
 */
void aesbc_cbc_de_block(unsigned char chCrypt[16], unsigned char chPlainText[16])
{
	int i;

	aes_decrypt(&aescntxt, chCrypt, chPlainText);

	for(i=0;i<16;i++){
		chPlainText[i] ^= chChainLink[i];
		chChainLink[i] = chCrypt[i];
	}
}

/* This function does block 
 * decryption for AES-CFB
 */
void aesbc_cfb_de_block(unsigned char chCrypt[16], unsigned char chPlainText[16])
{
	int i;

	aes_encrypt(&aescntxt, chChainLink, chPlainText);

	for(i=0;i<16;i++){
		chPlainText[i] ^= chCrypt[i];
		chChainLink[i] = chCrypt[i];
	}
}


/* String Operation to be used in IPsec
 * All the input input & output string
 * lengths are multiple of the block 
 * size. Hence, we don't carry out any 
 * padding.
 */ 
 
/* This is a common function called by other
 * file encryption / decryption functions
 * to carry out their operation
 */ 
int aes_bc_str_com(char* pchInput, char* pchOutput, int nPTLen, int nEnDe, int nChainMode)
{
	long lNumBlocks;

	int nNumPads;
	int nBlockCount;

	char* pchIP;
	char* pchOP;

	unsigned char chInput[16];
	unsigned char chOutput[16];

	t_pfn_chain pfn_aes_bc_chain[2][2];

	pfn_aes_bc_chain[0][0] = &aesbc_cbc_en_block;
	pfn_aes_bc_chain[0][1] = &aesbc_cbc_de_block;
	pfn_aes_bc_chain[1][0] = &aesbc_cfb_en_block;
	pfn_aes_bc_chain[1][1] = &aesbc_cfb_de_block;

	nNumPads	= nPTLen % 16;
	lNumBlocks	= (long)nPTLen / (long)16;
	
	if((lNumBlocks==0 && nNumPads==0) ||( nNumPads!=0)){
		/*Return because the plaintext in empty or 
		 * needs padding
		 */
		return 3;
	}

	pchIP = pchInput;
	pchOP = pchOutput;

	if(nEnDe == AES_BC_ENCRYPT)
	{
		memcpy(pchOP, &chInitialVector[0], 16);
		pchOP += 16;
	}
	else if(nEnDe = AES_BC_DECRYPT)
	{
		memcpy(chInitialVector, pchIP, 16);
		lNumBlocks--;
		pchIP += 16;
	}
	else
		return -1;

	aesbc_set_init_vect(chInitialVector);
	aesbc_set_key(nKeySize, chSecretKey);

 	for(nBlockCount=0;nBlockCount<lNumBlocks;nBlockCount++)
	{
		memcpy(chInput, pchIP, 16);
		(*pfn_aes_bc_chain[nChainMode][nEnDe])(chInput, chOutput);
		memcpy(pchOP, chOutput, 16);
		pchOP += 16;
		pchIP += 16;
	}

	return 0;
}


int aesbc_str_cbc_encrypt(char* pchInput, char* pchOutput, int nInputLen)
{
	return aes_bc_str_com(pchInput, pchOutput, nInputLen, AES_BC_ENCRYPT, AES_BC_CBC);
}
int aesbc_str_cbc_decrypt(char* pchInput, char* pchOutput, int nInputLen)
{
	return aes_bc_str_com(pchInput, pchOutput, nInputLen, AES_BC_DECRYPT, AES_BC_CBC);
}

int aesbc_str_cfb_encrypt(char* pchInput, char* pchOutput, int nInputLen)
{
	return aes_bc_str_com(pchInput, pchOutput, nInputLen, AES_BC_ENCRYPT, AES_BC_CFB);
}
int aesbc_str_cfb_decrypt(char* pchInput, char* pchOutput, int nInputLen)
{
	return aes_bc_str_com(pchInput, pchOutput, nInputLen, AES_BC_DECRYPT, AES_BC_CFB);
}

/*End of String Operation for IPSec*/