Switched AES library from FIPS to tiny-AES (#11)

* Added CBC mode chaining with PKCS7 padding

* Refactored tiny-AES-c and adjusted API

* Fixed interrupt flag initialization in xsrc

Author: kala13x

.gitignore

@@ -56,10 +56,15 @@ examples/files.copy
 examples/build/
 tools/build/
 build/
-.vscode/
 *.log
 
 # Debug files
 *.dmp
 *.stackdump
 vgcore.*
+
+# Editors and agents
+.claude/
+.cursor/
+.vscode/
+.idea/

README.md

@@ -31,7 +31,7 @@
 #### Cryptography:
 - [Implementation of various encrypt/decrypt algorithms](https://github.com/kala13x/libxutils/blob/main/src/crypt/crypt.h)
 - [Base64 and Base64Url encrypt/decrypt functions](https://github.com/kala13x/libxutils/blob/main/src/crypt/base64.h)
-- [AES based on FIPS-197 implementation by Christophe Devine](https://github.com/kala13x/libxutils/blob/main/src/crypt/aes.h)
+- [AES based on tiny-AES-c, added CBC mode with PKCS7 padding](https://github.com/kala13x/libxutils/blob/main/src/crypt/aes.h)
 - [Implementation of HMAC algorithm with SHA256 and MD5](https://github.com/kala13x/libxutils/blob/main/src/crypt/hmac.h)
 - [RSA implementation based on OpenSSL library](https://github.com/kala13x/libxutils/blob/main/src/crypt/rsa.h)
 - [Implementation of SHA256 calculations](https://github.com/kala13x/libxutils/blob/main/src/crypt/sha256.h)

src/crypt/aes.c

@@ -2,10 +2,12 @@
  *  @file libxutils/src/crypt/aes.h
  *
  *  This source is part of "libxutils" project
- *  2015-2020  Sun Dro (s.kalatoz@gmail.com)
+ *  2015-2025  Sun Dro (s.kalatoz@gmail.com)
  *
- * @brief Implementation of Advanced Encryption Standard
- * based on FIPS-197 implementation by Christophe Devine.
+ * @brief Implementation of AES encryption based on tiny-AES-c project,
+ * which was released under The Unlicense (public domain dedication).
+ *
+ * Modified: Refactored code, adjusted API, and added CBC mode with PKCS#7 padding.
  */
 
 #ifndef __XUTILS_AES_H__
@@ -19,22 +21,25 @@
 extern "C" {
 #endif
 
+#define XAES_RKEY_SIZE      240
 #define XAES_BLOCK_SIZE     16
-#define XAES_RKEY_SIZE      64
 
 typedef struct AESContext {
-    uint32_t encKeys[XAES_RKEY_SIZE];   /* Dncryption round keys */
-    uint32_t decKeys[XAES_RKEY_SIZE];   /* Decryption round keys */
+    uint8_t roundKey[XAES_RKEY_SIZE];   /* Encrypt/Decrypt round key */
     uint8_t IV[XAES_BLOCK_SIZE];        /* Initialization vector */
-    size_t nRounds;                     /* Number of rounds */
-} xaes_context_t;
-
-void XAES_SetKey(xaes_context_t *pCtx, const uint8_t *pKey, size_t nSize, const uint8_t *pIV);
-void XAES_EncryptBlock(xaes_context_t *pCtx, uint8_t output[XAES_BLOCK_SIZE], const uint8_t input[XAES_BLOCK_SIZE]);
-void XAES_DecryptBlock(xaes_context_t *pCtx, uint8_t output[XAES_BLOCK_SIZE], const uint8_t input[XAES_BLOCK_SIZE]);
-
-uint8_t* XAES_Encrypt(xaes_context_t *pCtx, const uint8_t *pInput, size_t *pLength);
-uint8_t* XAES_Decrypt(xaes_context_t *pCtx, const uint8_t *pInput, size_t *pLength);
+    uint8_t nSelfContainedIV;           /* Flag to indicate if IV is self-contained in data */
+    size_t nKeySize;                    /* Key size in bits */
+    uint8_t nNB;                        /* Number of columns (32-bit words) comprising the State */
+    uint8_t nNK;                        /* Number of 32-bit words comprising the Cipher Key */
+    uint8_t nNR;                        /* Number of rounds */
+} xaes_ctx_t;
+
+int XAES_SetKey(xaes_ctx_t *pCtx, const uint8_t *pKey, size_t nSize, const uint8_t *pIV, uint8_t nSelfContainedIV);
+void XAES_EncryptBlock(const xaes_ctx_t* pCtx, uint8_t* pBuffer);
+void XAES_DecryptBlock(const xaes_ctx_t* pCtx, uint8_t* pBuffer);
+
+uint8_t* XAES_Encrypt(xaes_ctx_t *pCtx, const uint8_t *pInput, size_t *pLength);
+uint8_t* XAES_Decrypt(xaes_ctx_t *pCtx, const uint8_t *pInput, size_t *pLength);
 
 #ifdef __cplusplus
 }

src/crypt/aes.h

@@ -196,8 +196,8 @@ uint8_t* XCrypt_AES(const uint8_t *pInput, size_t *pLength, const uint8_t *pKey,
     if (pInput == NULL || pKey == NULL || !nKeyLen ||
         pLength == NULL || !(*pLength)) return NULL;
 
-    xaes_context_t ctx;
-    XAES_SetKey(&ctx, pKey, nKeyLen, pIV);
+    xaes_ctx_t ctx;
+    XAES_SetKey(&ctx, pKey, nKeyLen, pIV, XFALSE);
     return XAES_Encrypt(&ctx, pInput, pLength);
 }
 
@@ -206,8 +206,8 @@ uint8_t* XDecrypt_AES(const uint8_t *pInput, size_t *pLength, const uint8_t *pKe
     if (pInput == NULL || pKey == NULL || !nKeyLen ||
         pLength == NULL || !(*pLength)) return NULL;
 
-    xaes_context_t ctx;
-    XAES_SetKey(&ctx, pKey, nKeyLen, pIV);
+    xaes_ctx_t ctx;
+    XAES_SetKey(&ctx, pKey, nKeyLen, pIV, XFALSE);
     return XAES_Decrypt(&ctx, pInput, pLength);
 }
 

src/crypt/crypt.c

@@ -405,6 +405,7 @@ void XSearch_ClearCb(xarray_data_t *pArrData)
 
 void XSearch_Init(xsearch_t *pSrcCtx, const char *pFileName)
 {
+    pSrcCtx->nInterrupted = XFALSE;
     pSrcCtx->pInterrupted = &pSrcCtx->nInterrupted;
     pSrcCtx->bInsensitive = XFALSE;
     pSrcCtx->bSearchLines = XFALSE;

src/sys/srch.c

@@ -26,7 +26,7 @@
 #define XCRYPT_VER_MIN      1
 #define XCRYPT_BUILD_NUM    25
 
-#define XAES_KEY_LENGTH     256
+#define XAES_KEY_SIZE       256
 #define XHEX_COLUMNS        16
 extern char *optarg;
 
@@ -501,9 +501,9 @@ static xbool_t XCrypt_ParseArgs(xcrypt_args_t *pArgs, int argc, char *argv[])
     {
 #ifdef _XUTILS_USE_SSL
         pArgs->nKeySize = xstrused(pArgs->sPair) ?
-            XRSA_KEY_SIZE : XAES_KEY_LENGTH;
+            XRSA_KEY_SIZE : XAES_KEY_SIZE;
 #else
-        pArgs->nKeySize = XAES_KEY_LENGTH;
+        pArgs->nKeySize = XAES_KEY_SIZE;
 #endif
     }