|
|
|
|
CONST
MaxArraySize = 1000;
DesMaxArraySize = 800;
AESBlockSize = 16; (* bytes *)
(*
AES related info:
Input data size for ECB and CBC modes must be an even multiple of this size.
In CFB mode the very last block of a complete data stream is allowed to be
smaller than the cipher block size.
A common block padding algorithm used in many standards is RFC 1423. The
CryptEncode module provides functions to pad an unpad data blocks using
this algorithm.
*)
(* Errors returned from routines. *)
NoError = 0;
IncompatibleDataTypes = 1;
InvalidCipherText = 2;
InvalidKeyValue = 3;
InvalidPlainText = 4;
KeyNotSafe = 5;
TYPE
ByteArrayType = ARRAY [0 .. (MaxArraySize - 1)] OF CHAR;
DesByteKeyType = ARRAY [0 .. 7] OF CHAR;
DesByteArrayType = ARRAY [0 .. (DesMaxArraySize - 1)] OF CHAR;
MethodType = (AsciiSet,
MixedOnly,
MixedSpace,
MixedSet,
UpperOnly,
UpperSpace,
UpperSet);
(*
-- | AsciiSet - Set of all ASCII characters whose values range
-- | from 0 .. 255
-- |
-- | MixedOnly - Set of characters 'A' .. 'Z' and 'a' .. 'z'
-- |
-- | MixedSpace - Set of characters ' ', 'A' .. 'Z' and 'a' .. 'z'
-- |
-- | MixedSet - Set of characters ' ', '0' .. '9', 'A' .. 'Z' and
-- | 'a' .. 'z'
-- |
-- | UpperOnly - Set of characters from 'A' .. 'Z'
-- |
-- | UpperSpace - Set of characters from ' ' and 'A' .. 'Z'
-- |
-- | UpperSet - Set of characters from ' ', 'A' .. 'Z' and '0' .. '9'
*)
AES;
Key128 = ARRAY [0 .. 15] OF SYSTEM.BYTE;
Key192 = ARRAY [0 .. 23] OF SYSTEM.BYTE;
Key256 = ARRAY [0 .. 31] OF SYSTEM.BYTE;
IVType = RECORD
(* initial vector for CBC and CFB modes *)
TheBytes : ARRAY [0 .. AESBlockSize - 1] OF ModSys.CARD8;
TheDWords : ARRAY [0 .. (AESBlockSize / 4) - 1] OF ModSys.CARD32;
END;
PROCEDURE KeyIsValid
(CONST Key : ByteArrayType;
CONST Method : MethodType) : BOOLEAN;
(**
KeyIsValid - Returns boolean value showing key validity.
KeyIsValid returns a BOOLEAN value reflecting where the key is
valid for the selected character set.
CALLING SEQUENCE -
KeyIsValid (Key, Method)
ENTRY -
Key : ByteArrayType
A key to be checked.
Method : MethodType
The character alphabet to use.
EXIT -
True - The key contains all valid characters.
FALSE - The key contains invalid characters.
EXAMPLE -
IF KeyIsValid (Key,
Method) THEN
*)
PROCEDURE CeaserEncrypt
(CONST Key : CARDINAL;
CONST Method : MethodType;
CONST DataSize : CARDINAL;
VAR Data : ByteArrayType;
VAR Error : CARDINAL);
(**
CeaserEncrypt - Encryption using a Ceaser cipher.
Ceaser encrypts data using the Ceaser cipher encryption algorithm.
This is a very simple method and may be quite susceptible to
breaking although it is made slightly more difficult by the fact
that different alphabets are being used. This is because of the
various choices for Method. This is the simplest of the encyption
in this package. Be sure to check the Error as it can be set by
using the wrong key.
CALLING SEQUENCE -
CeaserEncrypt (Key, Method, DataSize, Data, Error)
ENTRY -
Key : CARDINAL
This number should be in the range of 1 .. 255.
Method : MethodType
The character alphabet to use.
DataSize : CARDINAL
The number of characters to encode in the array.
Data : ByteArrayType
The plain text array of data.
EXIT -
Data : ByteArrayType
The array with the first DataSize bytes encrypted.
Error : CARDINAL
0 if no problem, set to one of the error codes if a problem.
EXAMPLE -
CeaserEncrypt (5,
AsciiSet,
10,
MyData
Error);
IF (Error = 0) THEN
Display.DisplayMessage ("Encryption Complete",
FALSE);
ELSE
Display.DisplayMessage ("Encryption Error",
FALSE);
END;
*)
PROCEDURE DesEncrypt
(CONST Key : DesByteKeyType;
VAR DataSize : CARDINAL;
VAR Data : DesByteArrayType;
VAR Error : CARDINAL);
(**
DesEncrypt - Encryption using a DES cipher.
DesEncrypt encrypts data using the DES cipher encryption algorithm. This
is the encryption standard used by the National Security Agency for
un-classified data. This is a very strong method which is known to
be breakable only by trying all possible key combinations. This
method is much more complex than the Vernam encryption. Be sure
to check the Error as it can be set by using the wrong key.
CALLING SEQUENCE -
DesEncrypt (Key, DataSize, Data, Error)
ENTRY -
Key : DesByteKeyType
This is an array of bytes that hold the key values.
This key must be 8 bytes long.
DataSize : CARDINAL
The number of bytes in the array to encode. NOTE - the DES
algorithm requires a number of bytes evenly divisible by 8. If your
data does not end on an even 8 bytes the last few bytes will be null
filled, encoded and returned. In other words if you send in 5 bytes
then 3 additional bytes of null will be encoded and returned as a
full 8 bytes. The value of DataSize will also be returned as 8 to show
that. You MUST return those eight bytes later or the final set of 8
bytes of data cannot be decrypted.
Data : DesByteArrayType
The plain text array of data.
EXIT -
DataSize : CARDINAL
The number of bytes that are part of the encoded data.
Data : DesByteArrayType
The array with the first DataSize bytes encrypted.
Error : CARDINAL
0 if no problem, set to one of the error codes if a problem.
EXAMPLE -
Key : DesByteKeyType;
Data : DesByteArrayType;
begin
Key := "TestKeys";
Data := "My Data to Encrypt";
DataSize := 18;
Crypto.DesEncrypt (Key,
DataSize,
Data,
Error);
IF (Error = 0) THEN
Display.DisplayMessage ("Encryption Complete",
FALSE);
ELSE
Display.DisplayMessage ("Encryption Error",
FALSE);
END;
*)
PROCEDURE VernamEncrypt
(CONST Key : ByteArrayType;
CONST DataSize : CARDINAL;
VAR Data : ByteArrayType;
VAR Error : CARDINAL);
(**
VernamEncrypt - Encryption using a Vernam cipher.
VernamEncrypt encrypts data using the Vernam cipher encryption algorithm.
This is a moderately strong method but may still be susceptible to
breaking. This method is more complex than the Vigenere encryption
but less complex than DES. Be sure to check the Error as it can be
set by using the wrong key.
CALLING SEQUENCE -
Vernam (Key, DataSize, Data, Error)
ENTRY -
Key : CARDINAL
This an array of bytes that hold the key values.
DataSize : CARDINAL
The number of bytes in the array to encode.
Data : ByteArrayType
The plain text array of data.
EXIT -
Data : ByteArrayType
The array with the first DataSize bytes encrypted.
Error : CARDINAL
0 if no problem, set to one of the error codes if a problem.
EXAMPLE -
Key : ByteArrayType;
MyData : ByteArrayType;
begin
Key := "TestKeys";
MyData := "Encode this";
Crypto.VernamEncrypt (Key,
DataSize,
MyData,
Error);
IF (Error = 0) THEN
Display.DisplayMessage ("Encryption Complete",
FALSE);
ELSE
Display.DisplayMessage ("Encryption Error",
FALSE);
END;
*)
PROCEDURE VigenereEncrypt
(CONST Key : ByteArrayType;
CONST Method : MethodType;
CONST DataSize : CARDINAL;
VAR Data : ByteArrayType;
VAR Error : CARDINAL);
(**
VigenereEncrypt - Encryption using a Vigenere cipher.
Vigenere encrypts data using the Vigenere cipher encryption algorithm.
This is a moderately simple method and may be susceptible to
breaking although it is made slightly more difficult by the fact
that different alphabets are being used. This is because of the
various choices for Method. This method is more complex than the
Ceaser encryption but less complex than the others. Be sure to check
the Error as it can be set by using the wrong key.
CALLING SEQUENCE -
Vigenere (Key, Method, DataSize, Data, Error)
ENTRY -
Key : CARDINAL
This an array of bytes that hold the key values.
Method : MethodType
The character alphabet to use.
DataSize : CARDINAL
The number of bytes in the array to encode.
Data : ByteArrayType
The plain text array of data.
EXIT -
Data : ByteArrayType
The array with the first DataSize bytes encrypted.
Error : CARDINAL
0 if no problem, set to one of the error codes if a problem.
EXAMPLE -
Key : ByteArrayType;
MyData : ByteArrayType;
begin
Key := "TestKeys";
MyData := "Encode this";
Crypto.VigenereEncrypt (Key,
Crypto.AsciiSet,
DataSize,
MyData,
Error);
IF (Error = 0) THEN
Display.DisplayMessage ("Encryption Complete",
FALSE);
ELSE
Display.DisplayMessage ("Encryption Error",
FALSE);
END;
*)
PROCEDURE CeaserDecrypt
(CONST Key : CARDINAL;
CONST Method : MethodType;
CONST DataSize : CARDINAL;
VAR Data : ByteArrayType;
VAR Error : CARDINAL);
(**
CeaserDecrypt - Decryption using a Ceaser cipher.
Ceaser Decrypts data using the Ceaser cipher Decryption algorithm.
This is a very simple method and may be quite susceptible to
breaking although it is made slightly more difficult by the fact
that different alphabets are being used. This is because of the
various choices for Method. This is the simplest of the encyption
in this package. Be sure to check the Error as it can be set by
using the wrong key.
CALLING SEQUENCE -
CeaserDecrypt (Key, Method, DataSize, Data, Error)
ENTRY -
Key : CARDINAL
This number should be in the range of 1 .. 255.
Method : MethodType
The character alphabet to use.
DataSize : CARDINAL
The number of characters to encode in the array.
Data : ByteArrayType
The plain text array of data.
EXIT -
Data : ByteArrayType
The array with the first DataSize bytes Decrypted.
Error : CARDINAL
0 if no problem, set to one of the error codes if a problem.
EXAMPLE -
CeaserDecrypt (5,
AsciiSet,
10,
MyData
Error);
IF (Error = 0) THEN
Display.DisplayMessage ("Decryption Complete",
FALSE);
ELSE
Display.DisplayMessage ("Decryption Error",
FALSE);
END;
*)
PROCEDURE DesDecrypt
(CONST Key : DesByteKeyType;
VAR DataSize : CARDINAL;
VAR Data : DesByteArrayType;
VAR Error : CARDINAL);
(**
DesDecrypt - Decryption using a DES cipher.
DesDecrypt Decrypts data using the DES cipher Decryption algorithm. This
is the Decryption standard used by the National Security Agency for
un-classified data. This is a very strong method which is known to
be breakable only by trying all possible key combinations. This
method is much more complex than the Vernam Decryption. Be sure
to check the Error as it can be set by using the wrong key.
CALLING SEQUENCE -
DesDecrypt (Key, DataSize, Data, Error)
ENTRY -
Key : DesByteKeyType
This is an array of bytes that hold the key values.
This key must be 8 bytes long.
DataSize : CARDINAL
The number of bytes in the array to encode. NOTE - the DES
algorithm requires a number of bytes evenly divisible by 8. If your
data does not end on an even 8 bytes the last few bytes will be null
filled, encoded and returned. In other words if you send in 5 bytes
then 3 additional bytes of null will be encoded and returned as a
full 8 bytes. The value of DataSize will also be returned as 8 to show
that. You MUST return those eight bytes later or the final set of 8
bytes of data cannot be decrypted.
Data : DesByteArrayType
The plain text array of data.
EXIT -
DataSize : CARDINAL
The number of bytes that are part of the encoded data.
Data : DesByteArrayType
The array with the first DataSize bytes Decrypted.
Error : CARDINAL
0 if no problem, set to one of the error codes if a problem.
EXAMPLE -
Crypto.DesDecrypt (Key,
DataSize,
Data,
Error);
IF (Error = 0) THEN
Display.DisplayMessage ("Decryption Complete",
FALSE);
ELSE
Display.DisplayMessage ("Decryption Error",
FALSE);
END;
*)
PROCEDURE VernamDecrypt
(CONST Key : ByteArrayType;
CONST DataSize : CARDINAL;
VAR Data : ByteArrayType;
VAR Error : CARDINAL);
(**
VernamDecrypt - Decryption using a Vernam cipher.
VernamDecrypt Decrypts data using the Vernam cipher Decryption algorithm.
This is a moderately strong method but may still be susceptible to
breaking. This method is more complex than the Vigenere Decryption
but less complex than DES. Be sure to check the Error as it can be
set by using the wrong key.
CALLING SEQUENCE -
Vernam (Key, DataSize, Data, Error)
ENTRY -
Key : CARDINAL
This an array of bytes that hold the key values.
DataSize : CARDINAL
The number of bytes in the array to encode.
Data : ByteArrayType
The plain text array of data.
EXIT -
Data : ByteArrayType
The array with the first DataSize bytes Decrypted.
Error : CARDINAL
0 if no problem, set to one of the error codes if a problem.
EXAMPLE -
Crypto.VernamDecrypt (Key,
DataSize,
MyData,
Error);
IF (Error = 0) THEN
Display.DisplayMessage ("Decryption Complete",
FALSE);
ELSE
Display.DisplayMessage ("Decryption Error",
FALSE);
END;
*)
PROCEDURE VigenereDecrypt
(CONST Key : ByteArrayType;
CONST Method : MethodType;
CONST DataSize : CARDINAL;
VAR Data : ByteArrayType;
VAR Error : CARDINAL);
(**
VigenereDecrypt - Decryption using a Vigenere cipher.
Vigenere Decrypts data using the Vigenere cipher Decryption algorithm.
This is a moderately simple method and may be susceptible to
breaking although it is made slightly more difficult by the fact
that different alphabets are being used. This is because of the
various choices for Method. This method is more complex than the
Ceaser Decryption but less complex than the others. Be sure to check
the Error as it can be set by using the wrong key.
CALLING SEQUENCE -
Vigenere (Key, Method, DataSize, Data, Error)
ENTRY -
Key : CARDINAL
This an array of bytes that hold the key values.
Method : MethodType
The character alphabet to use.
DataSize : CARDINAL
The number of bytes in the array to encode.
Data : ByteArrayType
The plain text array of data.
EXIT -
Data : ByteArrayType
The array with the first DataSize bytes Decrypted.
Error : CARDINAL
0 if no problem, set to one of the error codes if a problem.
EXAMPLE -
Crypto.VigenereDecrypt (Key,
Crypto.AsciiSet,
DataSize,
MyData,
Error);
IF (Error = 0) THEN
Display.DisplayMessage ("Decryption Complete",
FALSE);
ELSE
Display.DisplayMessage ("Decryption Error",
FALSE);
END;
*)
PROCEDURE AESCreate
(CONST Key : ARRAY OF SYSTEM.BYTE;
CONST keySize : CARDINAL) : AES;
(*
create a new AES encryption object with the given key.
keySize = the size in *bits* of the key.
must be either 128, 192 or 256 (bits).
key is the key data. it must have at least keySize/8 bytes of data.
failure is indicated by a NIL return value, otherwise
the return value is a valid AES object.
the returned object is ready to encrypt/decrypt data.
only one thread at a time can use an encryption object, except for ECB mode.
*)
PROCEDURE AESDestroy
(VAR crypt : AES);
(* destroy a previously created encryption object *)
PROCEDURE AESResetIV
(CONST crypt : AES;
CONST iv : IVType);
(*
reset the encryption engine with the specific IV.
you only need use this call with the CBC and CFB encryption routines.
you must reset the IV before you encrypt/decrypt each unique
data stream.
*)
PROCEDURE AESEncryptECB
(CONST crypt : AES;
CONST input : SYSTEM.ADDRESS;
CONST output : SYSTEM.ADDRESS;
CONST amount : CARDINAL);
PROCEDURE AESEncryptCBC
(CONST crypt : AES;
CONST input : SYSTEM.ADDRESS;
CONST output : SYSTEM.ADDRESS;
CONST amount : CARDINAL);
PROCEDURE AESEncryptCFB
(CONST crypt : AES;
CONST input : SYSTEM.ADDRESS;
CONST output : SYSTEM.ADDRESS;
CONST amount : CARDINAL);
(*
encrypt a block of data of size amount.
you can encrypt a large data stream in multiple smaller pieces using this call.
you can pass the same variable to both input and output should you so desire.
this procedure expects the buffers have a minimum of 4-byte alignment.
amount must be an even multiple of the block size.
ECB = Electronic code book.
C[IntVal] := Encrypt (P[IntVal])
CBC = cipher block chaining.
C[IntVal] := Encrypt (C[i-1] BXOR P[IntVal])
You must have setup an IV via ResetIV to use CBC.
CFB = cipher feedback.
C[IntVal] := Encrypt (C[i-1]) BXOR P[IntVal]
You must have setup an IV via ResetIV to use CFB.
In CFB mode the data stream does not need to be an even multiple of
the block size. the very last "block" in the stream can be a partial block.
if you are processing a large stream in multiple smaller pieces (buffers),
all buffers must be an even multiple, except the very last one.
*)
PROCEDURE AESDecryptECB
(CONST crypt : AES;
CONST input : SYSTEM.ADDRESS;
CONST output : SYSTEM.ADDRESS;
CONST amount : CARDINAL);
PROCEDURE AESDecryptCBC
(CONST crypt : AES;
CONST input : SYSTEM.ADDRESS;
CONST output : SYSTEM.ADDRESS;
CONST amount : CARDINAL);
PROCEDURE AESDecryptCFB
(CONST crypt : AES;
CONST input : SYSTEM.ADDRESS;
CONST output : SYSTEM.ADDRESS;
CONST amount : CARDINAL);
(*
decrypt a block of data of size amount.
you can decrypt a large data stream in multiple smaller pieces using this call.
you can pass the same variable to both input and output should you so desire.
this procedure expects the buffers have a minimum of 4-byte alignment.
amount must be an even multiple of the block size.
ECB = Electronic code book.
P[IntVal] := Decrypt (C[IntVal])
CBC = cipher block chaining.
P[IntVal] := Decrypt (C[IntVal]) BXOR C[i-1]
You must have setup an IV via ResetIV to use CBC.
CFB = cipher feedback.
P[IntVal] := Encrypt (C[i-1]) BXOR C[IntVal]
You must have setup an IV via ResetIV to use CFB.
In CFB mode the data stream does not need to be an even multiple of
the block size. the very last "block" in the stream can be a partial block.
if you are processing a large stream in multiple smaller pieces (buffers),
all buffers must be an even multiple, except the very last one.
*)
PROCEDURE AESSelfTest
() : BOOLEAN;
(*
returns TRUE if the implemented algorithm properly operates.
this call is only useful when porting this code to some other processor/compiler.
*)
Send mail to
warren.merrill@inl.gov
with questions or comments about this web site.
Copyright © 1989-2006 Battelle Energy Alliance