|
|
|
|
MaxArraySize : constant := 1_000;
DesMaxArraySize : constant := 800;
AESBlockSize : constant := 16; --| bytes
--|
--| AES related info:
--| Input data size for ECB and CBC modes must be an even multiple of this size.
--|
--| In CFB mode the very last block of a complete data stream is allowed to be
--| smaller than the cipher block size.
--|
--| A common block padding algorithm used in many standards is RFC 1423. The
--| CryptEncode module provides functions to pad an unpad data blocks using
--| this algorithm.
--|
--|
--| Errors returned from routines.
--|
NoError : constant := 0;
IncompatibleDataTypes : constant := 1;
InvalidCipherText : constant := 2;
InvalidKeyValue : constant := 3;
InvalidPlainText : constant := 4;
KeyNotSafe : constant := 5;
type ByteArrayType is array (1 .. MaxArraySize) of Unsigned.BYTE;
type DesByteKeyType is array (1 .. 8) of Unsigned.BYTE;
type DesByteArrayType is array (1 .. DesMaxArraySize) of Unsigned.BYTE;
type MethodType is (AsciiSet,
MixedOnly,
MixedSpace,
MixedSet,
UpperOnly,
UpperSpace,
UpperSet);
-- |
-- | AsciiSet - Set of all ASCII characters whose values range
-- | from 0 .. 255
-- |
-- | MixedOnly - Set of characters 'A' .. 'Z' and 'a' .. 'z'
-- |
-- | MixedSpace - Set of characters ' ', 'A' .. 'Z' and 'a' .. 'z'
-- |
-- | MixedSet - Set of characters ' ', '0' .. '9', 'A' .. 'Z' and
-- | 'a' .. 'z'
-- |
-- | UpperOnly - Set of characters from 'A' .. 'Z'
-- |
-- | UpperSpace - Set of characters from ' ' and 'A' .. 'Z'
-- |
-- | UpperSet - Set of characters from ' ', 'A' .. 'Z' and '0' .. '9'
-- |
type AES is private;
type Key128 is array (1 .. 16) of Unsigned.BYTE;
type Key192 is array (1 .. 24) of Unsigned.BYTE;
type Key256 is array (1 .. 32) of Unsigned.BYTE;
type AESByteArrayType is array (1 .. AESBlockSize) of ModSys.S_Natural8;
type AESDWordArrayType is array (1 .. (AESBlockSize / 4)) of ModSys.S_Natural;
type IVType is record
--|
--| initial vector for CBC and CFB modes
--|
TheBytes : AESByteArrayType := (others => 0);
TheDWords : AESDWordArrayType := (others => 0);
end record;
function KeyIsValid
(Key : in ByteArrayType;
Method : in MethodType) return boolean;
--*
-- KeyIsValid - Returns boolean value showing key validity.
--
--
-- KeyIsValid returns a BOOLEAN value reflecting where the key is
-- valid for the selected character set.
--
-- CALLING SEQUENCE -
--
-- KeyIsValid (Key, Method)
--
-- ENTRY -
--
-- Key : ByteArrayType
-- A key to be checked.
--
-- Method : MethodType
-- The character alphabet to use.
--
-- EXIT -
--
-- True - The key contains all valid characters.
-- FALSE - The key contains invalid characters.
--
-- EXAMPLE -
--
-- IF KeyIsValid (Key,
-- Method) THEN
--
procedure CeaserEncrypt
(Key : in ModSys.S_Natural;
Method : in MethodType;
DataSize : in ModSys.S_Natural;
Data : in out ByteArrayType;
Error : in out ModSys.S_Natural);
--*
-- CeaserEncrypt - Encryption using a Ceaser cipher.
--
--
-- Ceaser encrypts data using the Ceaser cipher encryption algorithm.
-- This is a very simple method and may be quite susceptible to
-- breaking although it is made slightly more difficult by the fact
-- that different alphabets are being used. This is because of the
-- various choices for Method. This is the simplest of the encyption
-- in this package. Be sure to check the Error as it can be set by
-- using the wrong key.
--
-- CALLING SEQUENCE -
--
-- CeaserEncrypt (Key, Method, DataSize, Data, Error)
--
-- ENTRY -
--
-- Key : Modsys.S_Natural
-- This number should be in the range of 1 .. 255.
--
-- Method : MethodType
-- The character alphabet to use.
--
-- DataSize : Modsys.S_Natural
-- The number of characters to encode in the array.
--
-- Data : ByteArrayType
-- The plain text array of data.
--
-- EXIT -
--
-- Data : ByteArrayType
-- The array with the first DataSize bytes encrypted.
--
-- Error : Modsys.S_Natural
-- 0 if no problem, set to one of the error codes if a problem.
--
-- EXAMPLE -
--
-- CeaserEncrypt (5,
-- AsciiSet,
-- 10,
-- MyData
-- Error);
--
-- if Error = 0 then
-- Display.DisplayMessage ("Encryption Complete",
-- FALSE);
-- else
-- Display.DisplayMessage ("Encryption Error",
-- FALSE);
-- end if;
--
procedure DesEncrypt
(Key : in DesByteKeyType;
DataSize : in out ModSys.S_Natural;
Data : in out DesByteArrayType;
Error : in out ModSys.S_Natural);
--*
-- DesEncrypt - Encryption using a DES cipher.
--
--
-- DesEncrypt encrypts data using the DES cipher encryption algorithm. This
-- is the encryption standard used by the National Security Agency for
-- un-classified data. This is a very strong method which is known to
-- be breakable only by trying all possible key combinations. This
-- method is much more complex than the Vernam encryption. Be sure
-- to check the Error as it can be set by using the wrong key.
--
-- CALLING SEQUENCE -
--
-- DesEncrypt (Key, DataSize, Data, Error)
--
-- ENTRY -
--
-- Key : DesByteKeyType
-- This is an array of bytes that hold the key values.
-- This key must be 8 bytes long.
--
-- DataSize : Modsys.S_Natural
-- The number of bytes in the array to encode. NOTE - the DES
-- algorithm requires a number of bytes evenly divisible by 8. If your
-- data does not end on an even 8 bytes the last few bytes will be null
-- filled, encoded and returned. In other words if you send in 5 bytes
-- then 3 additional bytes of null will be encoded and returned as a
-- full 8 bytes. The value of DataSize will also be returned as 8 to show
-- that. You MUST return those eight bytes later or the final set of 8
-- bytes of data cannot be decrypted.
--
-- Data : DesByteArrayType
-- The plain text array of data.
--
-- EXIT -
--
-- DataSize : Modsys.S_Natural
-- The number of bytes that are part of the encoded data.
--
-- Data : DesByteArrayType
-- The array with the first DataSize bytes encrypted.
--
-- Error : Modsys.S_Natural
-- 0 if no problem, set to one of the error codes if a problem.
--
-- EXAMPLE -
--
-- Key : DesByteKeyType := (others => 0);
-- Data : DesByteArrayType := (others => 0);
--
-- begin
-- Key(1) := character'pos ('T');
-- Key(2) := character'pos ('e');
-- Key(3) := character'pos ('s');
-- Key(4) := character'pos ('t');
-- Key(5) := character'pos ('K');
-- Key(6) := character'pos ('e');
-- Key(7) := character'pos ('y');
-- Key(8) := character'pos ('s');
--
-- Data(1) := character'pos ('M');
-- Data(2) := character'pos ('y');
-- Data(3) := character'pos ('D');
-- Data(4) := character'pos ('a');
-- Data(5) := character'pos ('t');
-- Data(6) := character'pos ('a');
--
-- DataSize := 6;
--
-- Crypto.DesEncrypt (Key,
-- DataSize,
-- Data,
-- Error);
--
-- if Error = 0 then
-- Display.DisplayMessage ("Encryption Complete",
-- FALSE);
-- else
-- Display.DisplayMessage ("Encryption Error",
-- FALSE);
-- end if;
--
procedure VernamEncrypt
(Key : in ByteArrayType;
DataSize : in ModSys.S_Natural;
Data : in out ByteArrayType;
Error : in out ModSys.S_Natural);
--*
-- VernamEncrypt - Encryption using a Vernam cipher.
--
--
-- VernamEncrypt encrypts data using the Vernam cipher encryption algorithm.
-- This is a moderately strong method but may still be susceptible to
-- breaking. This method is more complex than the Vigenere encryption
-- but less complex than DES. Be sure to check the Error as it can be
-- set by using the wrong key.
--
-- CALLING SEQUENCE -
--
-- Vernam (Key, DataSize, Data, Error)
--
-- ENTRY -
--
-- Key : Modsys.S_Natural
-- This an array of bytes that hold the key values.
--
-- DataSize : Modsys.S_Natural
-- The number of bytes in the array to encode.
--
-- Data : ByteArrayType
-- The plain text array of data.
--
-- EXIT -
--
-- Data : ByteArrayType
-- The array with the first DataSize bytes encrypted.
--
-- Error : Modsys.S_Natural
-- 0 if no problem, set to one of the error codes if a problem.
--
-- EXAMPLE -
--
-- Key : ByteArrayType := (others => 0);
-- Data : ByteArrayType := (others => 0);
--
--
-- begin
-- Key(1) := character'pos ('T');
-- Key(2) := character'pos ('e');
-- Key(3) := character'pos ('s');
-- Key(4) := character'pos ('t');
-- Key(5) := character'pos ('K');
-- Key(6) := character'pos ('e');
-- Key(7) := character'pos ('y');
-- Key(8) := character'pos ('s');
--
-- Data(1) := character'pos ('M');
-- Data(2) := character'pos ('y');
-- Data(3) := character'pos ('D');
-- Data(4) := character'pos ('a');
-- Data(5) := character'pos ('t');
-- Data(6) := character'pos ('a');
--
-- DataSize := 6;
--
-- Crypto.VernamEncrypt (Key,
-- DataSize,
-- MyData,
-- Error);
--
-- if Error = 0 then
-- Display.DisplayMessage ("Encryption Complete",
-- FALSE);
-- else
-- Display.DisplayMessage ("Encryption Error",
-- FALSE);
-- end if;
--
procedure VigenereEncrypt
(Key : in ByteArrayType;
Method : in MethodType;
DataSize : in ModSys.S_Natural;
Data : in out ByteArrayType;
Error : in out ModSys.S_Natural);
--*
-- VigenereEncrypt - Encryption using a Vigenere cipher.
--
--
-- Vigenere encrypts data using the Vigenere cipher encryption algorithm.
-- This is a moderately simple method and may be susceptible to
-- breaking although it is made slightly more difficult by the fact
-- that different alphabets are being used. This is because of the
-- various choices for Method. This method is more complex than the
-- Ceaser encryption but less complex than the others. Be sure to check
-- the Error as it can be set by using the wrong key.
--
-- CALLING SEQUENCE -
--
-- Vigenere (Key, Method, DataSize, Data, Error)
--
-- ENTRY -
--
-- Key : Modsys.S_Natural
-- This an array of bytes that hold the key values.
--
-- Method : MethodType
-- The character alphabet to use.
--
-- DataSize : Modsys.S_Natural
-- The number of bytes in the array to encode.
--
-- Data : ByteArrayType
-- The plain text array of data.
--
-- EXIT -
--
-- Data : ByteArrayType
-- The array with the first DataSize bytes encrypted.
--
-- Error : Modsys.S_Natural
-- 0 if no problem, set to one of the error codes if a problem.
--
-- EXAMPLE -
--
-- Key : ByteArrayType := (others => 0);
-- Data : ByteArrayType := (others => 0);
--
--
-- begin
-- Key(1) := character'pos ('T');
-- Key(2) := character'pos ('e');
-- Key(3) := character'pos ('s');
-- Key(4) := character'pos ('t');
-- Key(5) := character'pos ('K');
-- Key(6) := character'pos ('e');
-- Key(7) := character'pos ('y');
-- Key(8) := character'pos ('s');
--
-- Data(1) := character'pos ('M');
-- Data(2) := character'pos ('y');
-- Data(3) := character'pos ('D');
-- Data(4) := character'pos ('a');
-- Data(5) := character'pos ('t');
-- Data(6) := character'pos ('a');
--
-- DataSize := 6;
--
-- Crypto.VigenereEncrypt (Key,
-- Crypto.AsciiSet,
-- DataSize,
-- MyData,
-- Error);
--
-- if Error = 0 then
-- Display.DisplayMessage ("Encryption Complete",
-- FALSE);
-- else
-- Display.DisplayMessage ("Encryption Error",
-- FALSE);
-- end if;
--
procedure CeaserDecrypt
(Key : in ModSys.S_Natural;
Method : in MethodType;
DataSize : in ModSys.S_Natural;
Data : in out ByteArrayType;
Error : in out ModSys.S_Natural);
--*
-- CeaserDecrypt - Decryption using a Ceaser cipher.
--
--
-- Ceaser Decrypts data using the Ceaser cipher Decryption algorithm.
-- This is a very simple method and may be quite susceptible to
-- breaking although it is made slightly more difficult by the fact
-- that different alphabets are being used. This is because of the
-- various choices for Method. This is the simplest of the encyption
-- in this package. Be sure to check the Error as it can be set by
-- using the wrong key.
--
-- CALLING SEQUENCE -
--
-- CeaserDecrypt (Key, Method, DataSize, Data, Error)
--
-- ENTRY -
--
-- Key : Modsys.S_Natural
-- This number should be in the range of 1 .. 255.
--
-- Method : MethodType
-- The character alphabet to use.
--
-- DataSize : Modsys.S_Natural
-- The number of characters to encode in the array.
--
-- Data : ByteArrayType
-- The plain text array of data.
--
-- EXIT -
--
-- Data : ByteArrayType
-- The array with the first DataSize bytes Decrypted.
--
-- Error : Modsys.S_Natural
-- 0 if no problem, set to one of the error codes if a problem.
--
-- EXAMPLE -
--
-- CeaserDecrypt (5,
-- AsciiSet,
-- 10,
-- MyData
-- Error);
--
-- if Error = 0 then
-- Display.DisplayMessage ("Decryption Complete",
-- FALSE);
-- else
-- Display.DisplayMessage ("Decryption Error",
-- FALSE);
-- end if;
--
procedure DesDecrypt
(Key : in DesByteKeyType;
DataSize : in out ModSys.S_Natural;
Data : in out DesByteArrayType;
Error : in out ModSys.S_Natural);
--*
-- DesDecrypt - Decryption using a DES cipher.
--
--
-- DesDecrypt Decrypts data using the DES cipher Decryption algorithm. This
-- is the Decryption standard used by the National Security Agency for
-- un-classified data. This is a very strong method which is known to
-- be breakable only by trying all possible key combinations. This
-- method is much more complex than the Vernam Decryption. Be sure
-- to check the Error as it can be set by using the wrong key.
--
-- CALLING SEQUENCE -
--
-- DesDecrypt (Key, DataSize, Data, Error)
--
-- ENTRY -
--
-- Key : DesByteKeyType
-- This is an array of bytes that hold the key values.
-- This key must be 8 bytes long.
--
-- DataSize : Modsys.S_Natural
-- The number of bytes in the array to encode. NOTE - the DES
-- algorithm requires a number of bytes evenly divisible by 8. If your
-- data does not end on an even 8 bytes the last few bytes will be null
-- filled, encoded and returned. In other words if you send in 5 bytes
-- then 3 additional bytes of null will be encoded and returned as a
-- full 8 bytes. The value of DataSize will also be returned as 8 to show
-- that. You MUST return those eight bytes later or the final set of 8
-- bytes of data cannot be decrypted.
--
-- Data : DesByteArrayType
-- The plain text array of data.
--
-- EXIT -
--
-- DataSize : Modsys.S_Natural
-- The number of bytes that are part of the encoded data.
--
-- Data : DesByteArrayType
-- The array with the first DataSize bytes Decrypted.
--
-- Error : Modsys.S_Natural
-- 0 if no problem, set to one of the error codes if a problem.
--
-- EXAMPLE -
--
-- DataSize := 18;
--
-- Crypto.DesDecrypt (Key,
-- DataSize,
-- Data,
-- Error);
--
-- if Error = 0 then
-- Display.DisplayMessage ("Decryption Complete",
-- FALSE);
-- else
-- Display.DisplayMessage ("Decryption Error",
-- FALSE);
-- end if;
--
procedure VernamDecrypt
(Key : in ByteArrayType;
DataSize : in ModSys.S_Natural;
Data : in out ByteArrayType;
Error : in out ModSys.S_Natural);
--*
-- VernamDecrypt - Decryption using a Vernam cipher.
--
--
-- VernamDecrypt Decrypts data using the Vernam cipher Decryption algorithm.
-- This is a moderately strong method but may still be susceptible to
-- breaking. This method is more complex than the Vigenere Decryption
-- but less complex than DES. Be sure to check the Error as it can be
-- set by using the wrong key.
--
-- CALLING SEQUENCE -
--
-- Vernam (Key, DataSize, Data, Error)
--
-- ENTRY -
--
-- Key : Modsys.S_Natural
-- This an array of bytes that hold the key values.
--
-- DataSize : Modsys.S_Natural
-- The number of bytes in the array to encode.
--
-- Data : ByteArrayType
-- The plain text array of data.
--
-- EXIT -
--
-- Data : ByteArrayType
-- The array with the first DataSize bytes Decrypted.
--
-- Error : Modsys.S_Natural
-- 0 if no problem, set to one of the error codes if a problem.
--
-- EXAMPLE -
--
-- Crypto.VernamDecrypt (Key,
-- DataSize,
-- MyData,
-- Error);
--
-- if Error = 0 then
-- Display.DisplayMessage ("Decryption Complete",
-- FALSE);
-- else
-- Display.DisplayMessage ("Decryption Error",
-- FALSE);
-- end if;
--
procedure VigenereDecrypt
(Key : in ByteArrayType;
Method : in MethodType;
DataSize : in ModSys.S_Natural;
Data : in out ByteArrayType;
Error : in out ModSys.S_Natural);
--*
-- VigenereDecrypt - Decryption using a Vigenere cipher.
--
--
-- Vigenere Decrypts data using the Vigenere cipher Decryption algorithm.
-- This is a moderately simple method and may be susceptible to
-- breaking although it is made slightly more difficult by the fact
-- that different alphabets are being used. This is because of the
-- various choices for Method. This method is more complex than the
-- Ceaser Decryption but less complex than the others. Be sure to check
-- the Error as it can be set by using the wrong key.
--
-- CALLING SEQUENCE -
--
-- Vigenere (Key, Method, DataSize, Data, Error)
--
-- ENTRY -
--
-- Key : Modsys.S_Natural
-- This an array of bytes that hold the key values.
--
-- Method : MethodType
-- The character alphabet to use.
--
-- DataSize : Modsys.S_Natural
-- The number of bytes in the array to encode.
--
-- Data : ByteArrayType
-- The plain text array of data.
--
-- EXIT -
--
-- Data : ByteArrayType
-- The array with the first DataSize bytes Decrypted.
--
-- Error : Modsys.S_Natural
-- 0 if no problem, set to one of the error codes if a problem.
--
-- EXAMPLE -
--
-- Crypto.VigenereDecrypt (Key,
-- Crypto.AsciiSet,
-- DataSize,
-- MyData,
-- Error);
--
-- if Error = 0 then
-- Display.DisplayMessage ("Decryption Complete",
-- FALSE);
-- else
-- Display.DisplayMessage ("Decryption Error",
-- FALSE);
-- end if;
--
function AESCreate
(Key : in ModSys.Byte_U_Array;
keySize : in ModSys.S_Natural) return AES;
--*
-- AESCreate - Create a new AES encryption object with the given key.
--
-- keySize = the size in *bits* of the key.
-- must be either 128, 192 or 256 (bits).
--
-- key is the key data. it must have at least keySize/8 bytes of data.
--
-- failure is indicated by a NIL return value, otherwise
-- the return value is a valid AES object.
--
-- the returned object is ready to encrypt/decrypt data.
--
-- only one thread at a time can use an encryption object, except for ECB mode.
--
procedure AESDestroy
(crypt : in out AES);
--*
-- AESDestroy - destroy a previously created encryption object.
--
procedure AESResetIV
(crypt : in AES;
iv : in IVType);
--*
-- AESResetIV - Reset the encryption engine.
--
-- Reset the encryption engine with the specific IV.
-- you only need use this call with the CBC and CFB encryption routines.
-- you must reset the IV before you encrypt/decrypt each unique
-- data stream.
--
procedure AESEncryptECB
(crypt : in AES;
input : in System.Address;
output : in System.Address;
amount : in ModSys.S_Natural);
procedure AESEncryptCBC
(crypt : in AES;
input : in System.Address;
output : in System.Address;
amount : in ModSys.S_Natural);
procedure AESEncryptCFB
(crypt : in AES;
input : in System.Address;
output : in System.Address;
amount : in ModSys.S_Natural);
--*
-- AESEncryptCFB - Encry a block.
--
-- Encrypt a block of data of size amount.
-- you can encrypt a large data stream in multiple smaller pieces using this call.
-- you can pass the same variable to both input and output should you so desire.
-- this procedure expects the buffers have a minimum of 4-byte alignment.
-- amount must be an even multiple of the block size.
--
-- ECB = Electronic code book.
-- C[i] := Encrypt(P[i])
-- CBC = cipher block chaining.
-- C[i] := Encrypt(C[i-1] BXOR P[i])
-- You must have setup an IV via ResetIV to use CBC.
-- CFB = cipher feedback.
-- C[i] := Encrypt(C[i-1]) BXOR P[i]
-- You must have setup an IV via ResetIV to use CFB.
-- In CFB mode the data stream does not need to be an even multiple of
-- the block size. the very last "block" in the stream can be a partial block.
-- if you are processing a large stream in multiple smaller pieces (buffers),
-- all buffers must be an even multiple, except the very last one.
--
procedure AESDecryptECB
(crypt : in AES;
input : in System.Address;
output : in System.Address;
amount : in ModSys.S_Natural);
procedure AESDecryptCBC
(crypt : in AES;
input : in System.Address;
output : in System.Address;
amount : in ModSys.S_Natural);
procedure AESDecryptCFB
(crypt : in AES;
input : in System.Address;
output : in System.Address;
amount : in ModSys.S_Natural);
--*
-- AESDecryptCFB - Decrypt a block.
--
-- Decrypt a block of data of size amount.
-- you can decrypt a large data stream in multiple smaller pieces using this call.
-- you can pass the same variable to both input and output should you so desire.
-- this procedure expects the buffers have a minimum of 4-byte alignment.
-- amount must be an even multiple of the block size.
--
-- ECB = Electronic code book.
-- P[i] := Decrypt(C[i])
-- CBC = cipher block chaining.
-- P[i] := Decrypt(C[i]) BXOR C[i-1]
-- You must have setup an IV via ResetIV to use CBC.
-- CFB = cipher feedback.
-- P[i] := Encrypt(C[i-1]) BXOR C[i]
-- You must have setup an IV via ResetIV to use CFB.
-- In CFB mode the data stream does not need to be an even multiple of
-- the block size. the very last "block" in the stream can be a partial block.
-- if you are processing a large stream in multiple smaller pieces (buffers),
-- all buffers must be an even multiple, except the very last one.
--
function AESSelfTest return boolean; --* -- AESSelfTest - Tests if the algorithm works properly. -- -- Returns TRUE if the implemented algorithm properly operates. -- this call is only useful when porting this code to some other processor/compiler. --
Send mail to
warren.merrill@inl.gov
with questions or comments about this web site.
Copyright © 1989-2006 Battelle Energy Alliance