AES keyExpansion

CryptoSwift.xcodeproj/project.pbxproj

@@ -31,6 +31,7 @@
 		758F3F781992F6CE0014BBDA /* ByteExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 758F3F771992F6CE0014BBDA /* ByteExtension.swift */; };
 		7599C9C6199EA28700A3988B /* StringExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7599C9C5199EA28700A3988B /* StringExtension.swift */; };
 		759D481119B517BC005FF7FC /* BitExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 759D481019B517BC005FF7FC /* BitExtension.swift */; };
+		75A74B271A1FF6B2004419F1 /* AES.swift in Sources */ = {isa = PBXBuildFile; fileRef = 75A74B261A1FF6B2004419F1 /* AES.swift */; };
 		75B601EB197D6A6C0009B53D /* CryptoSwift.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 754BE45519693E190098E6F3 /* CryptoSwift.framework */; };
 		75D94E2419B60C08007CB2A4 /* Operators.swift in Sources */ = {isa = PBXBuildFile; fileRef = 75D94E2319B60C08007CB2A4 /* Operators.swift */; };
 		75D94E2619B60C4F007CB2A4 /* UInt32Extension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 75D94E2519B60C4F007CB2A4 /* UInt32Extension.swift */; };
@@ -131,6 +132,7 @@
 		758F3F771992F6CE0014BBDA /* ByteExtension.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ByteExtension.swift; sourceTree = "<group>"; };
 		7599C9C5199EA28700A3988B /* StringExtension.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = StringExtension.swift; sourceTree = "<group>"; };
 		759D481019B517BC005FF7FC /* BitExtension.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = BitExtension.swift; sourceTree = "<group>"; };
+		75A74B261A1FF6B2004419F1 /* AES.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AES.swift; sourceTree = "<group>"; };
 		75D94E2319B60C08007CB2A4 /* Operators.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Operators.swift; sourceTree = "<group>"; };
 		75D94E2519B60C4F007CB2A4 /* UInt32Extension.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = UInt32Extension.swift; sourceTree = "<group>"; };
 		75D94E2719B60DDE007CB2A4 /* UInt64Extension.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = UInt64Extension.swift; sourceTree = "<group>"; };
@@ -199,6 +201,7 @@
 				757EF7F419AAA82400586276 /* CRC.swift */,
 				75EB380019ABDD710002375A /* ChaCha20.swift */,
 				751C5C3C19B26B000094C75D /* Poly1305.swift */,
+				75A74B261A1FF6B2004419F1 /* AES.swift */,
 				759D481019B517BC005FF7FC /* BitExtension.swift */,
 				758F3F771992F6CE0014BBDA /* ByteExtension.swift */,
 				7547195019931802002FA5F1 /* IntExtension.swift */,
@@ -376,6 +379,7 @@
 				75D94E2419B60C08007CB2A4 /* Operators.swift in Sources */,
 				757EF7F519AAA82400586276 /* CRC.swift in Sources */,
 				75D94E2619B60C4F007CB2A4 /* UInt32Extension.swift in Sources */,
+				75A74B271A1FF6B2004419F1 /* AES.swift in Sources */,
 				755111E819B7B7DF00C2AD86 /* Authenticator.swift in Sources */,
 				754DD76E19A149AF00E52288 /* CryptoHashBase.swift in Sources */,
 				758C764119B61AE500653BC6 /* Generics.swift in Sources */,

CryptoSwift/AES.swift

@@ -0,0 +1,143 @@
+//
+//  AES.swift
+//  CryptoSwift
+//
+//  Created by Marcin Krzyzanowski on 21/11/14.
+//  Copyright (c) 2014 Marcin Krzyzanowski. All rights reserved.
+//
+
+import Foundation
+
+public class AES {
+    
+    enum Variant:Int {
+        case aes128, aes192, aes256
+
+        var Nk:Int { // Nk words
+            let blocks = [4,6,8]
+            return blocks[self.rawValue]
+        }
+        
+        var Nb:Int { // Nb words
+            return 4
+        }
+        
+        var Nr:Int { // Nr
+            return Nk + 6
+        }
+    }
+    
+    let variant:Variant;
+    
+    private let sBox:[Byte] = [
+        0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, // 0
+        0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, // 1
+        0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, // 2
+        0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, // 3
+        0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, // 4
+        0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, // 5
+        0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, // 6
+        0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, // 7
+        0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, // 8
+        0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, // 9
+        0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, // a
+        0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, // b
+        0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, // c
+        0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, // d
+        0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, // e
+        0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16] // f
+    
+    // Parameters for Linear Congruence Generators
+    private let Rcon:[Byte] = [0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a,
+                               0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39,
+                               0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a,
+                               0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8,
+                               0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef,
+                               0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc,
+                               0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b,
+                               0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3,
+                               0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94,
+                               0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20,
+                               0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35,
+                               0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f,
+                               0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04,
+                               0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63,
+                               0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd,
+                               0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d]
+    
+    init?(key:NSData, iv:NSData, variant:Variant = Variant.aes256) {
+        self.variant = variant
+    }
+    
+    public init() {
+        self.variant = .aes256
+    }
+    
+    func encrypt(message:NSData) -> NSData? {
+        
+        return nil
+    }
+    
+    func decrypt(message:NSData) -> NSData? {
+        return nil
+    }
+    
+    public func keyExpansion(key: NSData) -> [Byte] {
+        
+        /*
+        * Function used in the Key Expansion routine that takes a four-byte
+        * input word and applies an S-box to each of the four bytes to
+        * produce an output word.
+        */
+        func subWord(word:[Byte]) -> [Byte] {
+            var result = word
+            for i in 0..<4 {
+                //result[i] = sBox[Int(16*((result[i] & 0xF0) &>> 4) + (result[i] & 0x0F))]
+                result[i] = sBox[Int(word[i])]
+            }
+            return result
+        }
+
+        //let w = NSMutableData(length: variant.Nb*(variant.Nr + 1) * 4)
+        var w:[Byte] = [Byte](count: 4 * variant.Nb * (variant.Nr + 1), repeatedValue: 0)
+        let keyBytes = key.bytes()
+        var i:Int = 0
+        while (i < variant.Nk) {
+            w[(4*i)+0] = keyBytes[(4*i)+0]
+            w[(4*i)+1] = keyBytes[(4*i)+1]
+            w[(4*i)+2] = keyBytes[(4*i)+2]
+            w[(4*i)+3] = keyBytes[(4*i)+3]
+            i++
+        }
+        
+        i = variant.Nk
+        while (i < variant.Nb * (variant.Nr + 1)) {
+            var tmp:[Byte] = [Byte](count: 4, repeatedValue: 0)
+            tmp[0] = w[4*(i-1)+0]
+            tmp[1] = w[4*(i-1)+1]
+            tmp[2] = w[4*(i-1)+2]
+            tmp[3] = w[4*(i-1)+3]
+            if ((i % variant.Nk) == 0) {
+                let rotWord = rotateLeft(UInt32.withBytes(tmp), 8).bytes(sizeof(UInt32)) // RotWord
+                tmp = subWord(rotWord)
+                tmp[0] = tmp[0] ^ Rcon[i/variant.Nk]
+            } else if (variant.Nk > 6 && (i % variant.Nk) == 4) {
+                tmp = subWord(tmp)
+            }
+
+            // xor array of bytes
+            w[4*i+0] = w[4*(i-variant.Nk)+0]^tmp[0];
+            w[4*i+1] = w[4*(i-variant.Nk)+1]^tmp[1];
+            w[4*i+2] = w[4*(i-variant.Nk)+2]^tmp[2];
+            w[4*i+3] = w[4*(i-variant.Nk)+3]^tmp[3];
+            
+            i++
+        }
+        return w;
+    }
+    
+    func cipher(input:[[Byte]], output:[[Byte]], w:[[Byte]]) {
+        //var state:[[Byte]] = [[Byte]](count: 4, repeatedValue: [Byte](count: variant.Nb, repeatedValue: 0))
+        var state = input
+    }
+}

CryptoSwift/Cipher.swift

@@ -10,20 +10,28 @@ import Foundation
 
 public enum Cipher {
     case ChaCha20(key: NSData, iv: NSData)
+    case AES(key: NSData, iv: NSData)
     
     public func encrypt(message: NSData) -> NSData? {
         switch (self) {
             case .ChaCha20(let key, let iv):
-                var chacha = CryptoSwift.ChaCha20(key: key, iv: iv);
+                var chacha = CryptoSwift.ChaCha20(key: key, iv: iv)
                 return chacha?.encrypt(message)
+            case .AES(let key, let iv):
+                var aes = CryptoSwift.AES(key: key, iv: iv)
+                return aes?.encrypt(message)
+            
         }
     }
     
     public func decrypt(message: NSData) -> NSData? {
         switch (self) {
-        case .ChaCha20(let key, let iv):
-            var chacha = CryptoSwift.ChaCha20(key: key, iv: iv);
-            return chacha?.decrypt(message)
+            case .ChaCha20(let key, let iv):
+                var chacha = CryptoSwift.ChaCha20(key: key, iv: iv);
+                return chacha?.decrypt(message)
+            case .AES(let key, let iv):
+                var aes = CryptoSwift.AES(key: key, iv: iv);
+                return aes?.decrypt(message)
         }
     }
 

CryptoSwift/Utils.swift

@@ -8,6 +8,10 @@
 
 import Foundation
 
+func rotateLeft(v:UInt16, n:UInt16) -> UInt16 {
+    return ((v << n) & 0xFFFF) | (v >> (16 - n))
+}
+
 func rotateLeft(v:UInt32, n:UInt32) -> UInt32 {
     return ((v << n) & 0xFFFFFFFF) | (v >> (32 - n))
 }
@@ -16,6 +20,10 @@ func rotateLeft(x:UInt64, n:UInt64) -> UInt64 {
     return (x << n) | (x >> (64 - n))
 }
 
+func rotateRight(x:UInt16, n:UInt16) -> UInt16 {
+    return (x >> n) | (x << (16 - n))
+}
+
 func rotateRight(x:UInt32, n:UInt32) -> UInt32 {
     return (x >> n) | (x << (32 - n))
 }

CryptoSwiftTests/CipherTests.swift

@@ -20,6 +20,22 @@ class CipherTests: XCTestCase {
         super.tearDown()
     }
     
+    func testAES() {
+        // 256 bit key
+        var key:[Byte] = [Byte](count: 32, repeatedValue: 0)
+        for i:Byte in 0..<Byte(key.count) {
+            key[Int(i)] = i
+        }
+        
+        var input:[Byte] = [0x00, 0x11, 0x22, 0x33,
+            0x44, 0x55, 0x66, 0x77,
+            0x88, 0x99, 0xaa, 0xbb,
+            0xcc, 0xdd, 0xee, 0xff];
+        
+        let aes = AES() // 256
+        let w = aes.keyExpansion(NSData.withBytes(key))
+    }
+    
     func testPoly1305() {
         let key:[Byte] = [0xdd,0xde,0xdf,0xe0,0xe1,0xe2,0xe3,0xe4,0xe5,0xe6,0xe7,0xe8,0xe9,0xea,0xeb,0xec,0xed,0xee,0xef,0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,0xf8,0xf9,0xfa,0xfb,0xfc]
         let msg:[Byte] = [0x79,0x7a,0x7b,0x7c,0x7d,0x7e,0x7f,0x80,0x81,0x82,0x83,0x84,0x85,0x86,0x87,0x88,0x89,0x8a,0x8b,0x8c,0x8d,0x8e,0x8f,0x90,0x91,0x92,0x93,0x94,0x95,0x96,0x97,0x98,0x99,0x9a,0x9b,0x9c,0x9d,0x9e,0x9f,0xa0,0xa1,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7,0xa8,0xa9,0xaa,0xab,0xac,0xad,0xae,0xaf,0xb0,0xb1,0xb2,0xb3,0xb4,0xb5,0xb6,0xb7,0xb8,0xb9,0xba,0xbb,0xbc,0xbd,0xbe,0xbf,0xc0,0xc1]

CryptoSwiftTests/HashTests.swift

@@ -21,6 +21,20 @@ class CryptoSwiftTests: XCTestCase {
     
     func testMD5() {
         let data1:NSData = NSData(bytes: [0x31, 0x32, 0x33] as [Byte], length: 3) // "1", "2", "3"
+        if let hash = Hash.md5(data1).calculate() {
+            XCTAssertEqual(hash.hexString, "202CB962AC59075B964B07152D234B70", "MD5 calculation failed");
+        } else {
+            XCTAssert(false, "Missing result")
+        }
+        
+        var string:NSString = ""
+        var data:NSData = string.dataUsingEncoding(NSUTF8StringEncoding, allowLossyConversion: false)!
+        if let hashData = Hash.md5(data).calculate() {
+            XCTAssertEqual(hashData.hexString, "D41D8CD98F00B204E9800998ECF8427E", "MD5 calculation failed")
+        } else {
+            XCTAssert(false, "Missing result")
+        }
+        
         if let hash = data1.md5() {
             XCTAssertEqual(hash.hexString, "202CB962AC59075B964B07152D234B70", "MD5 calculation failed");
         }