Written in Miva version 3.57 (http://www.miva.com).
Save this file as MvAES.mv in your MivaDocumentRoot.
Uncomment the MvEXIT at the top of this file before uploading to the web.
(Doing so will ensure this library is only avaliable by MvDOing from scripts
stored on your domain)
Brian R. Bullock
brian@wwwebweaver.com
http://wwwebweaver.com/func_junc/functions.html
Released to the public domain Jan. 10, 2001
###############################################################################
This software is published as publicly available, unrestricted encryption
source code under the US Dept. of Commerce - Bureau of Export Administration's
special exception for "TECHNOLOGY AND SOFTWARE -- UNRESTRICTED (TSU)" as
described in sections 740.13(e), 734.3(b)(3) and 734.7 of the Export
Administration Regulations. (http://w3.access.gpo.gov/bxa/ear/ear_data.html)
###############################################################################
In Jan. 1997 the US National Institute of Standards and Technology (NIST)
started a worldwide competition, involving some of the world's leading
cryptographers, to develop a new encryption algorithm which would "allow
e-commerce to flourish safely".
In Oct. 2000 the Rijndael (pronounced Rhine-doll) encryption algorithm was
selected as the winner and by June 2001 should be named as the Advanced
Encryption Standard (AES). See the AES home page at
http://csrc.nist.gov/encryption/aes/ for the current AES status.
Since Miva is mostly used by e-commerce developers I thought this would make a
useful new tool in the public Miva toolbox by helping to protect your customer's
private information from malicious mischief.
This software was written using the authors' (Joan Daemen and Vincent Rijmen)
original algorithm specification (http://www.esat.kuleuven.ac.be/~rijmen/rijndael/)
along with a very helpful comment from Mr. Brian Gladman
(http://fp.gladman.plus.com/cryptography_technology/index.htm) on the sci.crypt
newsgroup.
Of course any bugs are mine and if you find one I would appreciate a note
describing it.
The Rijndael algorithm allows any combination of 128 bit, 192 bit and 256 bit
secret key and data block. I've chosen to implement 192 bit (24 byte) secret
keys and data blocks because using a 24 character long data block allows me to
encrypt credit card numbers, social security numbers, registration numbers,
and most other private consumer data with a single pass.
This software will also handle data strings longer than 24 characters by
splitting the data into 24 character blocks and encrypting each block separately
but each block or partial block takes the same amount of time to encrypt
[or decrypt]. That means if it takes one second to encrypt one 24 character block
then encrypting 25 characters will take two seconds because the 25th character
rolls over into the second block. Thus my desire to encrypt and decrypt using
only one pass.
Rijndael was designed to operate on the set of integers from 0 to 255 inclusive
which of course maps to the Ascii character set. Here is an overview of what
happens when you encrypt and decrypt data:
Lets say you need to encrypt the Ascii string ABCDE and you already have a
secret key so you MvDO the encrypt() function with those PARAMETERS (see below
for full function usage notes).
First encrypt() converts each character in the string to its Ascii value lpad()ed
to three places with zero [ie: ABCDE = 065066067068069].
Next encrypt() rpad()s the string with spaces [032] until its 24 characters long
or, since each character is three digits long, a string that is 72 digits long.
Those 24 three digit numbers are then loaded into a 4 by 6 array, the secret key
is expanded into eleven unique 4 by 6 arrays and the data transformations
[ add_key(), byte_sub(), shift_row() and mix_column() ] are applied to the data
array eleven times, each time using a different unique key array.
And finally the encrypted data is output as a 72 digit string (24 three digit
numbers in a row).
Okay, now lets decrypt that string by MvDOing the decrypt() function using the
same secret key and the 72 digit encrypted string as the PARAMETERS.
First decrypt() copies the 24 three digit numbers that make up the 72 digit
encrypted data string into a 4 by 6 array then expands the secret key into the
same eleven unique 4 by 6 arrays used to encrypt() the data.
Next decrypt() applies the inverse data transformations, eleven times, in the
reverse order of encrypt() using the unique key arrays, also in reverse order.
And finally decrypt() converts the three digit numbers in the data array into a
24 character Ascii string which is output after being rtrim()ed to remove any
trailing spaces added by encrypt().
-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Function Usage Notes
-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Function Name: make_key()
Parameters: None
Sample code :
Function Return value: 72 digit string comprised of 24 pseudo-random three digit
integers.
(ie: 227030199083108138111032105058088097111188030213103156044197010008106122)
Any 72 digits may be used as a secret key IF THEY ARE FORMATTED CORRECTLY. To
be a valid key it must be formed from 24 three digit integers whose value is
between 000 and 255 inclusive.
You could use the built-in random(255) function but the numbers it produces may
not be extremely random. On the other hand this encryption algorithm was designed
to produce strings that are very, very hard to distinguish from truly random
strings even when using advanced cryptanalysis tools.
So the make_key function uses random(255) to produce two correctly formatted 72
digit strings then, using one as the data string and one the secret key, it
encrypts the two strings to produce a third string which is MvFUNCRETURNed to
the calling script.
_______________________________________________________________________________
Function Name: encrypt()
Parameters: key_in : A secret key previously created by make_key().
text_in : The Ascii string to be encrypted.
Sample code :
Function Return value: The encrypted data in the form of a 72 digit string (or
multiple of 72 digits) comprised of pseudo-random three digit integers whose
value is between 000 and 255 inclusive.
Ie: 106111119038212221023001241234222060055066234211163159060179169011042036.
If this function returns "null' then an error occured and the error message will
be stored in the "MvAES_Error" global variable.
The encrypted string is returned in this form rather than as an Ascii character
string because it may contain any of the 256 possible Ascii characters and not
all of the Ascii characters may be sent through email or stored in flatfiles or
databases.
_______________________________________________________________________________
Function Name: decrypt()
Parameters: key_in : The secret key used to encrypt the string "text_in" below.
text_in : The encrypted data string produced by encrypt().
Sample code :
Function Return value: The decrypted Ascii character string. If this function
returns "null' then an error occured and the error message will be stored in
the "MvAES_Error" global variable.
Note that you MUST use the same secret key to decrypt the data as was used to
encrypt the data. If even one digit is different then none of the data will be
correctly decrypted.
-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Start Demo HTML
-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
MvAES.mv (Miva Advanced Encryption Standard Library)
See the source code for documentation
This software is published as publicly available, unrestricted encryption source code
under the US Dept. of Commerce - Bureau of Export Administration's special exception
for "TECHNOLOGY AND SOFTWARE -- UNRESTRICTED (TSU)" as described in sections
740.13(e), 734.3(b)(3) and 734.7 of the Export Administration Regulations.
(http://w3.access.gpo.gov/bxa/ear/ear_data.html)
Brian R. Bullock
brian@wwwebweaver.com
http://wwwebweaver.com/func_junc/functions.html
Released to the public domain Jan. 10, 2001
-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
End Demo HTML
-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-