AES for the TI-89/90+ in C
The portable version compiles and runs without error on FreeBSD, OpenBSD, and Linux. The next step is for someone to port it to the TI platform with TIGCC.
It is a very simple (simple minded?), straight forward implementation of AES using CBC mode (Cipher Block Chaining) with a random IV (Initialization Vector), and produces FIPS compliant output. It is not suitable for real world usage, but only serves as an educational exercise.
It was originally written to take key sizes of 128bit, 192bit and 256bit. This working version is locked in at 256bits by using a SHA256 hash of the entered passphrase as the key. Additionally, the number of rounds per block is globally set to nr=14, and the number of 32-bit words making up the key is set to nk=8; 8 x 32 = 256. (See FIPS 197 Sec. 6.3)
STATUS
The program encrypts and decrypts files of any size using CBC mode AES with PKCS padding. The random IV is generated by using the OpenSSL random number generator. A 64Byte/512bit random number is generated and digested using SHA256. The first 16 Bytes of the hash are used as the IV. As such, you will need the OpenSSL libraries installed.
The purpose of hashing the 64Bytes of randomness is that software produced randomness is 'pseudorandom' and possibly contains mathematical structure that can tell an attacker something predictable about your generator. Because of this, it is important to use a 'safe', or cryptographically secure pseudorandom number generator. Hashing the random sequence 'smoothes out' any structure thereby increasing security. We say that the hash has higher entropy than the pseudorandom number sequence. This in turn has much higher entropy than a human-generated passphrase, which has a lot of structure, and thus low entropy.
The key is an SHA256 hash of the passphrase providing a 32byte/256bit key. Not only does this provide us with a fixed-length key--32Bytes/256bits--but it also, again, smoothes out the (very) low-entropy passphrase and gives us a realatively high-entropy key. The increased entropy helps improve the security of the encryption key.
The KeyExpanson and Cypher routines produce FIPS-197 compliant output as verified with a block-by-block comparison to the "APPENDIX A - KEY EXPANSION EXAMPLES", "APPENDIX B – CIPHER EXAMPLE", and "Appendix C – Example Vectors" in the FIPS 197 documentation (See tiAES-C/portable/src/keyutils.c and tiAES-C/portable/src/encr.c)
Recomended reading: Cryptography Engineering, by Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno.
Build Requirements
The portable version compiles cleanly with Clang 16.0.x on FreeBSD 14, Clang 13.0.x on OpenBSD 7.4, and GCC 11.4.x on some sort of Linux. It also compiles and runs in the Termux environment with Clang 19.1.x on Android.
The FreeBSD and OpenBSD base systems have all the required libraries, but you can optionally install:
- gmake
# pkg install gmake as root or, with sudo.
To compile, run:
$ gmake
Or you can use BSD make and run:
$ make -f makefile.bsd
On Debian/Ubuntu, install these packages:
- build-essential
- libssl-dev
- libbsd0
- libbsd-dev
# apt install build-essential libssl-dev libbsd0 libbsd-dev as root or with sudo.
To compile, run:
$ gmake
Using Sudo
If you are on Ubuntu (or what ever) with passwordless, unlimited sudo, that's bad practice. Edit your /etc/sudoers to require your password. Please.
Quotes from Michael W. Lucas' book Sudo Mastery, 2nd ed.:
"Broadly disabling sudo authentication is unwise. Yes, it's certainly convenient. Also, any intruder or application that gets a command prompt or access to your account also gains total access to all of your sudo privleges. If you're running a Linux variant that gives the first user full root access via sudo, then the rougue process will completely own your machine."
...
"Disabling sudo authentication is equivalent to deliberately implementing the Windows 95 security system."
As Lucas points out to anyone too young to remember: "Windows 95 had no security system."
(Quoted with author's permission.)