• Announcements

    • khawk

      Download the Game Design and Indie Game Marketing Freebook   07/19/17

      GameDev.net and CRC Press have teamed up to bring a free ebook of content curated from top titles published by CRC Press. The freebook, Practices of Game Design & Indie Game Marketing, includes chapters from The Art of Game Design: A Book of Lenses, A Practical Guide to Indie Game Marketing, and An Architectural Approach to Level Design. The GameDev.net FreeBook is relevant to game designers, developers, and those interested in learning more about the challenges in game development. We know game development can be a tough discipline and business, so we picked several chapters from CRC Press titles that we thought would be of interest to you, the GameDev.net audience, in your journey to design, develop, and market your next game. The free ebook is available through CRC Press by clicking here. The Curated Books The Art of Game Design: A Book of Lenses, Second Edition, by Jesse Schell Presents 100+ sets of questions, or different lenses, for viewing a game’s design, encompassing diverse fields such as psychology, architecture, music, film, software engineering, theme park design, mathematics, anthropology, and more. Written by one of the world's top game designers, this book describes the deepest and most fundamental principles of game design, demonstrating how tactics used in board, card, and athletic games also work in video games. It provides practical instruction on creating world-class games that will be played again and again. View it here. A Practical Guide to Indie Game Marketing, by Joel Dreskin Marketing is an essential but too frequently overlooked or minimized component of the release plan for indie games. A Practical Guide to Indie Game Marketing provides you with the tools needed to build visibility and sell your indie games. With special focus on those developers with small budgets and limited staff and resources, this book is packed with tangible recommendations and techniques that you can put to use immediately. As a seasoned professional of the indie game arena, author Joel Dreskin gives you insight into practical, real-world experiences of marketing numerous successful games and also provides stories of the failures. View it here. An Architectural Approach to Level Design This is one of the first books to integrate architectural and spatial design theory with the field of level design. The book presents architectural techniques and theories for level designers to use in their own work. It connects architecture and level design in different ways that address the practical elements of how designers construct space and the experiential elements of how and why humans interact with this space. Throughout the text, readers learn skills for spatial layout, evoking emotion through gamespaces, and creating better levels through architectural theory. View it here. Learn more and download the ebook by clicking here. Did you know? GameDev.net and CRC Press also recently teamed up to bring GDNet+ Members up to a 20% discount on all CRC Press books. Learn more about this and other benefits here.
Sign in to follow this  
Followers 0
Ectara

AES Encryption

6 posts in this topic

I took a class in all this cryptology nonsense just last year and failed miserably. Glad I could have been of assistance.

First

-3 AES Encryption

Edited by NewVoxel
-10

Share this post


Link to post
Share on other sites

I don't have any Rijndael at hand with me right now, but this is a working version of Rijndael and you can just add some stuff to get the expanded key.

That looks so different from my implementation that I don't know where to begin.

 

 

 


The expanded key material for encryption and decryption is the same afaik (unless there exists some strange variant that does not) so if your encryption routines work then it suggests your decryption routines are wrong. Perhaps you could post them so we can take a look.

My implementation, and the implementation I used as a reference, uses two key expansion functions per key size, one for encryption, one for decryption.

My 128 bit pair of functions are:

static void expandEncKey128(ui8 * k, ui8 * rc){
                k[0] ^= sbox[k[13]] ^ *rc;
                k[1] ^= sbox[k[14]];
                k[2] ^= sbox[k[15]];
                k[3] ^= sbox[k[12]];
                
                *rc = ((*rc << 1) ^ (((*rc >> 7) & 1) * 0x1bu));
                
                for(int i = 4; i < 16; i += 4){
                        k[i + 0] ^= k[i - 4];
                        k[i + 1] ^= k[i - 3];
                        k[i + 2] ^= k[i - 2];
                        k[i + 3] ^= k[i - 1];
                }
}

static void expandDecKey128(ui8 * k, ui8 * rc){
        for(int i = 12; i > 0; i -= 4){
                k[i + 0] ^= k[i - 4];
                k[i + 1] ^= k[i - 3];
                k[i + 2] ^= k[i - 2];
                k[i + 3] ^= k[i - 1];
        }
        
        *rc = (*rc >> 1) ^ ((*rc & 1u) * 0x8du);
        
        k[0] ^= sbox[k[13]] ^ *rc;
        k[1] ^= sbox[k[14]];
        k[2] ^= sbox[k[15]];
        k[3] ^= sbox[k[12]];
}

They combine a lot of steps into few operations; my implementation is byte-oriented, if it isn't obvious. From my perspective, these are inverses of each other. The (obfuscated) encryption routine looks like this:


                
                static ui8 gfXTime(ui8 x){
                        return ((x << 1) ^ (((x >> 7) & 1) * 0x1bu));
                }
                
                static ui8 rconInv(ui8 rc){
                        return (rc >> 1) ^ ((rc & 1u) * 0x8du);
                }
                
                /*
                 * 0  4  8  12
                 * 1  5  9  13
                 * 2  6  10 14
                 * 3  7  11 15
                 */
                
                static void subBytes(ui8 * a){
                        for(int i = 16; i--;)
                                a[i] = sbox[a[i]];
                }
                
                static void subBytesInv(ui8 * a){
                        for(int i = 16; i--;)
                                a[i] = sboxInv[a[i]];
                }
                
                static void addRoundKey(ui8 * a, ui8 * key){
                        for(int i = 16; i--;)
                                a[i] ^= key[i];
                }
                
                static void addRoundKeyCopy(ui8 * buf, ui8 * key, ui8 * copyKey){
                        for(int i = 16; i--;){
                                copyKey[i] = key[i];
                                buf[i] ^= key[i];
                                copyKey[i + 16] = key[i + 16];
                        }
                }
                
                static void shiftRows(ui8 * a){
                        unsigned int t1, t2;
                        
                        /* 1 -> 13 -> 9 -> 5 -> 1 */
                        t1 = a[1];
                        a[1] = a[5];
                        a[5] = a[9];
                        a[9] = a[13];
                        a[13] = t1;
                        
                        /* 2 -> 10 -> 2 */
                        t1 = a[10];
                        a[10] = a[2];
                        a[2] = t1;
                        
                        /* 3 -> 7 -> 11 -> 15 -> 3 */
                        t2 = a[3];
                        a[3] = a[15];
                        a[15] = a[11];
                        a[11] = a[7];
                        a[7] = t2;
                        
                        /* 14 -> 6 -> 14 */
                        t2 = a[6];
                        a[6] = a[14];
                        a[14] = t2;
                }
                
                static void shiftRowsInv(ui8 * a){
                        unsigned int t1, t2;
                        
                        /* 1 <- 13 <- 9 <- 5 <- 1 */
                        t1 = a[1];
                        a[1] = a[13];
                        a[13] = a[9];
                        a[9] = a[5];
                        a[5] = t1;
                        
                        /* 2 <- 10 <- 2 */
                        t1 = a[2];
                        a[2] = a[10];
                        a[10] = t1;
                        
                        /* 3 <- 7 <- 11 <- 15 <- 3 */
                        t2 = a[3];
                        a[3] = a[7];
                        a[7] = a[11];
                        a[11] = a[15];
                        a[15] = t2;
                        
                        /* 6 <- 14 <- 6 */
                        t2 = a[6];
                        a[6] = a[14];
                        a[14] = t2;
                }
                
                static void mixColumns(ui8 * r){
                        ui8 a[4];
                        ui8 b[4];
                        
                        for(int i = 0; i < 16; i += 4){
                                a[0] = r[i];
                                a[1] = r[i + 1];
                                a[2] = r[i + 2];
                                a[3] = r[i + 3];
                                
                                b[0] = gfXTime(r[i]);
                                b[1] = gfXTime(r[i + 1]);
                                b[2] = gfXTime(r[i + 2]);
                                b[3] = gfXTime(r[i + 3]);
                                
                                r[i] = b[0] ^ a[3] ^ a[2] ^ b[1] ^ a[1];
                                r[i + 1] = b[1] ^ a[0] ^ a[3] ^ b[2] ^ a[2];
                                r[i + 2] = b[2] ^ a[1] ^ a[0] ^ b[3] ^ a[3];
                                r[i + 3] = b[3] ^ a[2] ^ a[1] ^ b[0] ^ a[0];
                        }
                }
                
                static void mixColumnsInv(ui8 * r){
                        ui32 a, b, c, d, e, x, y, z;
                        
                        for(int i = 0; i < 16; i += 4){
                                a = r[i];
                                b = r[i + 1];
                                c = r[i + 2];
                                d = r[i + 3];
                                
                                e = a ^ b ^ c ^ d;
                                z = gfXTime(e);
                                x = e ^ gfXTime(gfXTime(z ^ a ^ c));  y = e ^ gfXTime(gfXTime(z ^ b ^ d));
                                
                                r[i] ^= x ^ gfXTime(a ^ b);
                                r[i + 1] ^= y ^ gfXTime(b ^ c);
                                r[i + 2] ^= x ^ gfXTime(c ^ d);
                                r[i + 3] ^= y ^ gfXTime(d ^ a);
                        }
                }
void encrypt(ui8 * out, const ui8 * in){
        ui8 state[16];
        
        for(sizeType i = 16; i--;)
                state[i] = in[i];
        
        ui8 rcon = 1;
        
        addRoundKeyCopy(state, encryptKey_, key_);
        
        for(sizeType i = 1; i < 10; ++i){
                subBytes(state);
                shiftRows(state);
                mixColumns(state);
                
                expandEncKey(key_, &rcon);
                addRoundKey(state, key_);
                
                subBytes(state);
                shiftRows(state);
                
                expandEncKey(key_, &rcon);
                addRoundKey(state, key_);
                
                for(sizeType i = 16; i--;)
                        out[i] = state[i];
        }
        
        for(sizeType i = 16; i--;)
                state[i] = 0;
}

This  encryption method produces results that align with published test vectors. However, this decryption does not work, whether it is this decryption function doesn't work, or the key expansion doesn't work, or something.

void decrypt(void * out, const void * in){
        ui8 state[16];
        
        for(sizeType i = 16; i--;)
                state[i] = in[i];
        
        ui8 rcon = 0x6c;
        
        addRoundKeyCopy(state, decryptKey_, key_);
        
        for(sizeType i = 1; i < 10; ++i){
                shiftRowsInv(state);
                subBytesInv(state);
                
                expandDecKey(key_, &rcon);
                addRoundKey(state, key_);
                
                mixColumnsInv(state);
        }
        
        shiftRowsInv(state);
        subBytesInv(state);
        
        addRoundKey(state, key_);
        
        for(sizeType i = 16; i--;)
                out[i] = state[i];
        
        for(sizeType i = 16; i--;)
                state[i] = 0;
}

encryptKey_ and decryptKey_ are both initialized to the bytes of the key by the caller.

Edited by Ectara
0

Share this post


Link to post
Share on other sites

Interestingly, the 256 bit decryption works, with a similar pair of key expansion functions, with a quirk: the decryption key is expanded seven times using the encryption key expansion function after the state is set up, before any data is processed. I have no idea why it is necessary to work, but it doesn't work without it. If I use one expansion function and key sequence for both, decryption fails.

Edited by Ectara
1

Share this post


Link to post
Share on other sites

The expanded key material for encryption and decryption is the same afaik (unless there exists some strange variant that does not) so if your encryption routines work then it suggests your decryption routines are wrong. Perhaps you could post them so we can take a look.

This had me thinking, and I tried to reconcile it by having both encryption and decryption routines use the same expansion sequence, to no avail. My last post is of interest:

 

Interestingly, the 256 bit decryption works, with a similar pair of key expansion functions, with a quirk: the decryption key is expanded seven times using the encryption key expansion function after the state is set up, before any data is processed. I have no idea why it is necessary to work, but it doesn't work without it. If I use one expansion function and key sequence for both, decryption fails.

Seven just so happens to be the number of times that the key is expanded (see below for the linear coefficients of the production of round keys). After much experimentation, it turns out that the encryption expansion raises the rcon value's exponent, and manipulates the bytes in a specific sequence, and the decryption expansion lowers the rcon value's exponent, and performs the inverse manipulation. The purpose of using the encryption expansion routine on the decryption key at the start is to "advance" the key expansion sequence to the point where it would have ended after encryption, and "move backward" from that "endpoint" as it decrypts, traversing the sequence in reverse. This is all a consequence of the low-resource design, by not expanding the entire sequence at once, taking almost an entire kilobyte in the process.

 

I managed to get it all working. There were various bugs here and there, which I managed to find after learning its ins and outs through experimentation. There's somewhat of a fencepost error in the code posted above: there should be one more key expansion before the final round key addition. 256bit mode generates two round keys per expansion, and 192bit mode generates 1.5 round keys per expansion, so 128bit was the only one that needed that last expansion; I noticed that the decryption key was expanded once less than the encryption key, after many exhaustive tests. There were several errors in the 192bit encryption and decryption that I solved, encryption first, but that's done with, too.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0