git.zerfleddert.de Git - hmcfgusb/blob - aes.h

   1 /*********************************************************************
   2 * Filename:   aes.h
   3 * Author:     Brad Conte (brad AT bradconte.com)
   4 * Copyright:
   5 * Disclaimer: This code is presented "as is" without any guarantees.
   6 * Details:    Defines the API for the corresponding AES implementation.
   7 *********************************************************************/
   8
   9 #ifndef AES_H
  10 #define AES_H
  11
  12 /*************************** HEADER FILES ***************************/
  13 #include <stddef.h>
  14
  15 /****************************** MACROS ******************************/
  16 #define AES_BLOCK_SIZE 16               // AES operates on 16 bytes at a time
  17
  18 /**************************** DATA TYPES ****************************/
  19 typedef unsigned char BYTE;            // 8-bit byte
  20 typedef unsigned int WORD;             // 32-bit word, change to "long" for 16-bit machines
  21
  22 /*********************** FUNCTION DECLARATIONS **********************/
  23 ///////////////////
  24 // AES
  25 ///////////////////
  26 // Key setup must be done before any AES en/de-cryption functions can be used.
  27 void aes_key_setup(const BYTE key[],          // The key, must be 128, 192, or 256 bits
  28                    WORD w[],                  // Output key schedule to be used later
  29                    int keysize);              // Bit length of the key, 128, 192, or 256
  30
  31 void aes_encrypt(const BYTE in[],             // 16 bytes of plaintext
  32                  BYTE out[],                  // 16 bytes of ciphertext
  33                  const WORD key[],            // From the key setup
  34                  int keysize);                // Bit length of the key, 128, 192, or 256
  35
  36 void aes_decrypt(const BYTE in[],             // 16 bytes of ciphertext
  37                  BYTE out[],                  // 16 bytes of plaintext
  38                  const WORD key[],            // From the key setup
  39                  int keysize);                // Bit length of the key, 128, 192, or 256
  40
  41 ///////////////////
  42 // AES - CBC
  43 ///////////////////
  44 int aes_encrypt_cbc(const BYTE in[],          // Plaintext
  45                     size_t in_len,            // Must be a multiple of AES_BLOCK_SIZE
  46                     BYTE out[],               // Ciphertext, same length as plaintext
  47                     const WORD key[],         // From the key setup
  48                     int keysize,              // Bit length of the key, 128, 192, or 256
  49                     const BYTE iv[]);         // IV, must be AES_BLOCK_SIZE bytes long
  50
  51 // Only output the CBC-MAC of the input.
  52 int aes_encrypt_cbc_mac(const BYTE in[],      // plaintext
  53                         size_t in_len,        // Must be a multiple of AES_BLOCK_SIZE
  54                         BYTE out[],           // Output MAC
  55                         const WORD key[],     // From the key setup
  56                         int keysize,          // Bit length of the key, 128, 192, or 256
  57                         const BYTE iv[]);     // IV, must be AES_BLOCK_SIZE bytes long
  58
  59 ///////////////////
  60 // AES - CTR
  61 ///////////////////
  62 void increment_iv(BYTE iv[],                  // Must be a multiple of AES_BLOCK_SIZE
  63                   int counter_size);          // Bytes of the IV used for counting (low end)
  64
  65 void aes_encrypt_ctr(const BYTE in[],         // Plaintext
  66                      size_t in_len,           // Any byte length
  67                      BYTE out[],              // Ciphertext, same length as plaintext
  68                      const WORD key[],        // From the key setup
  69                      int keysize,             // Bit length of the key, 128, 192, or 256
  70                      const BYTE iv[]);        // IV, must be AES_BLOCK_SIZE bytes long
  71
  72 void aes_decrypt_ctr(const BYTE in[],         // Ciphertext
  73                      size_t in_len,           // Any byte length
  74                      BYTE out[],              // Plaintext, same length as ciphertext
  75                      const WORD key[],        // From the key setup
  76                      int keysize,             // Bit length of the key, 128, 192, or 256
  77                      const BYTE iv[]);        // IV, must be AES_BLOCK_SIZE bytes long
  78
  79 ///////////////////
  80 // AES - CCM
  81 ///////////////////
  82 // Returns True if the input parameters do not violate any constraint.
  83 int aes_encrypt_ccm(const BYTE plaintext[],              // IN  - Plaintext.
  84                     WORD plaintext_len,                  // IN  - Plaintext length.
  85                     const BYTE associated_data[],        // IN  - Associated Data included in authentication, but not encryption.
  86                     unsigned short associated_data_len,  // IN  - Associated Data length in bytes.
  87                     const BYTE nonce[],                  // IN  - The Nonce to be used for encryption.
  88                     unsigned short nonce_len,            // IN  - Nonce length in bytes.
  89                     BYTE ciphertext[],                   // OUT - Ciphertext, a concatination of the plaintext and the MAC.
  90                     WORD *ciphertext_len,                // OUT - The length of the ciphertext, always plaintext_len + mac_len.
  91                     WORD mac_len,                        // IN  - The desired length of the MAC, must be 4, 6, 8, 10, 12, 14, or 16.
  92                     const BYTE key[],                    // IN  - The AES key for encryption.
  93                     int keysize);                        // IN  - The length of the key in bits. Valid values are 128, 192, 256.
  94
  95 // Returns True if the input parameters do not violate any constraint.
  96 // Use mac_auth to ensure decryption/validation was preformed correctly.
  97 // If authentication does not succeed, the plaintext is zeroed out. To overwride
  98 // this, call with mac_auth = NULL. The proper proceedure is to decrypt with
  99 // authentication enabled (mac_auth != NULL) and make a second call to that
 100 // ignores authentication explicitly if the first call failes.
 101 int aes_decrypt_ccm(const BYTE ciphertext[],             // IN  - Ciphertext, the concatination of encrypted plaintext and MAC.
 102                     WORD ciphertext_len,                 // IN  - Ciphertext length in bytes.
 103                     const BYTE assoc[],                  // IN  - The Associated Data, required for authentication.
 104                     unsigned short assoc_len,            // IN  - Associated Data length in bytes.
 105                     const BYTE nonce[],                  // IN  - The Nonce to use for decryption, same one as for encryption.
 106                     unsigned short nonce_len,            // IN  - Nonce length in bytes.
 107                     BYTE plaintext[],                    // OUT - The plaintext that was decrypted. Will need to be large enough to hold ciphertext_len - mac_len.
 108                     WORD *plaintext_len,                 // OUT - Length in bytes of the output plaintext, always ciphertext_len - mac_len .
 109                     WORD mac_len,                        // IN  - The length of the MAC that was calculated.
 110                     int *mac_auth,                       // OUT - TRUE if authentication succeeded, FALSE if it did not. NULL pointer will ignore the authentication.
 111                     const BYTE key[],                    // IN  - The AES key for decryption.
 112                     int keysize);                        // IN  - The length of the key in BITS. Valid values are 128, 192, 256.
 113
 114 ///////////////////
 115 // Test functions
 116 ///////////////////
 117 int aes_test();
 118 int aes_ecb_test();
 119 int aes_cbc_test();
 120 int aes_ctr_test();
 121 int aes_ccm_test();
 122
 123 #endif   // AES_H