[hmcfgusb] / aes.h

/*********************************************************************\r
* Filename:   aes.h\r
* Author:     Brad Conte (brad AT bradconte.com)\r
* Copyright:\r
* Disclaimer: This code is presented "as is" without any guarantees.\r
* Details:    Defines the API for the corresponding AES implementation.\r
*********************************************************************/\r
\r
#ifndef AES_H\r
#define AES_H\r
\r
/*************************** HEADER FILES ***************************/\r
#include <stddef.h>\r
\r
/****************************** MACROS ******************************/\r
#define AES_BLOCK_SIZE 16               // AES operates on 16 bytes at a time\r
\r
/**************************** DATA TYPES ****************************/\r
typedef unsigned char BYTE;            // 8-bit byte\r
typedef unsigned int WORD;             // 32-bit word, change to "long" for 16-bit machines\r
\r
/*********************** FUNCTION DECLARATIONS **********************/\r
///////////////////\r
// AES\r
///////////////////\r
// Key setup must be done before any AES en/de-cryption functions can be used.\r
void aes_key_setup(const BYTE key[],          // The key, must be 128, 192, or 256 bits\r
                   WORD w[],                  // Output key schedule to be used later\r
                   int keysize);              // Bit length of the key, 128, 192, or 256\r
\r
void aes_encrypt(const BYTE in[],             // 16 bytes of plaintext\r
                 BYTE out[],                  // 16 bytes of ciphertext\r
                 const WORD key[],            // From the key setup\r
                 int keysize);                // Bit length of the key, 128, 192, or 256\r
\r
void aes_decrypt(const BYTE in[],             // 16 bytes of ciphertext\r
                 BYTE out[],                  // 16 bytes of plaintext\r
                 const WORD key[],            // From the key setup\r
                 int keysize);                // Bit length of the key, 128, 192, or 256\r
\r
///////////////////\r
// AES - CBC\r
///////////////////\r
int aes_encrypt_cbc(const BYTE in[],          // Plaintext\r
                    size_t in_len,            // Must be a multiple of AES_BLOCK_SIZE\r
                    BYTE out[],               // Ciphertext, same length as plaintext\r
                    const WORD key[],         // From the key setup\r
                    int keysize,              // Bit length of the key, 128, 192, or 256\r
                    const BYTE iv[]);         // IV, must be AES_BLOCK_SIZE bytes long\r
\r
// Only output the CBC-MAC of the input.\r
int aes_encrypt_cbc_mac(const BYTE in[],      // plaintext\r
                        size_t in_len,        // Must be a multiple of AES_BLOCK_SIZE\r
                        BYTE out[],           // Output MAC\r
                        const WORD key[],     // From the key setup\r
                        int keysize,          // Bit length of the key, 128, 192, or 256\r
                        const BYTE iv[]);     // IV, must be AES_BLOCK_SIZE bytes long\r
\r
///////////////////\r
// AES - CTR\r
///////////////////\r
void increment_iv(BYTE iv[],                  // Must be a multiple of AES_BLOCK_SIZE\r
                  int counter_size);          // Bytes of the IV used for counting (low end)\r
\r
void aes_encrypt_ctr(const BYTE in[],         // Plaintext\r
                     size_t in_len,           // Any byte length\r
                     BYTE out[],              // Ciphertext, same length as plaintext\r
                     const WORD key[],        // From the key setup\r
                     int keysize,             // Bit length of the key, 128, 192, or 256\r
                     const BYTE iv[]);        // IV, must be AES_BLOCK_SIZE bytes long\r
\r
void aes_decrypt_ctr(const BYTE in[],         // Ciphertext\r
                     size_t in_len,           // Any byte length\r
                     BYTE out[],              // Plaintext, same length as ciphertext\r
                     const WORD key[],        // From the key setup\r
                     int keysize,             // Bit length of the key, 128, 192, or 256\r
                     const BYTE iv[]);        // IV, must be AES_BLOCK_SIZE bytes long\r
\r
///////////////////\r
// AES - CCM\r
///////////////////\r
// Returns True if the input parameters do not violate any constraint.\r
int aes_encrypt_ccm(const BYTE plaintext[],              // IN  - Plaintext.\r
                    WORD plaintext_len,                  // IN  - Plaintext length.\r
                    const BYTE associated_data[],        // IN  - Associated Data included in authentication, but not encryption.\r
                    unsigned short associated_data_len,  // IN  - Associated Data length in bytes.\r
                    const BYTE nonce[],                  // IN  - The Nonce to be used for encryption.\r
                    unsigned short nonce_len,            // IN  - Nonce length in bytes.\r
                    BYTE ciphertext[],                   // OUT - Ciphertext, a concatination of the plaintext and the MAC.\r
                    WORD *ciphertext_len,                // OUT - The length of the ciphertext, always plaintext_len + mac_len.\r
                    WORD mac_len,                        // IN  - The desired length of the MAC, must be 4, 6, 8, 10, 12, 14, or 16.\r
                    const BYTE key[],                    // IN  - The AES key for encryption.\r
                    int keysize);                        // IN  - The length of the key in bits. Valid values are 128, 192, 256.\r
\r
// Returns True if the input parameters do not violate any constraint.\r
// Use mac_auth to ensure decryption/validation was preformed correctly.\r
// If authentication does not succeed, the plaintext is zeroed out. To overwride\r
// this, call with mac_auth = NULL. The proper proceedure is to decrypt with\r
// authentication enabled (mac_auth != NULL) and make a second call to that\r
// ignores authentication explicitly if the first call failes.\r
int aes_decrypt_ccm(const BYTE ciphertext[],             // IN  - Ciphertext, the concatination of encrypted plaintext and MAC.\r
                    WORD ciphertext_len,                 // IN  - Ciphertext length in bytes.\r
                    const BYTE assoc[],                  // IN  - The Associated Data, required for authentication.\r
                    unsigned short assoc_len,            // IN  - Associated Data length in bytes.\r
                    const BYTE nonce[],                  // IN  - The Nonce to use for decryption, same one as for encryption.\r
                    unsigned short nonce_len,            // IN  - Nonce length in bytes.\r
                    BYTE plaintext[],                    // OUT - The plaintext that was decrypted. Will need to be large enough to hold ciphertext_len - mac_len.\r
                    WORD *plaintext_len,                 // OUT - Length in bytes of the output plaintext, always ciphertext_len - mac_len .\r
                    WORD mac_len,                        // IN  - The length of the MAC that was calculated.\r
                    int *mac_auth,                       // OUT - TRUE if authentication succeeded, FALSE if it did not. NULL pointer will ignore the authentication.\r
                    const BYTE key[],                    // IN  - The AES key for decryption.\r
                    int keysize);                        // IN  - The length of the key in BITS. Valid values are 128, 192, 256.\r
\r
///////////////////\r
// Test functions\r
///////////////////\r
int aes_test(void);\r
int aes_ecb_test(void);\r
int aes_cbc_test(void);\r
int aes_ctr_test(void);\r
int aes_ccm_test(void);\r
\r
#endif   // AES_H\r
Commit	Line	Data
ed571217 MG	1	/*********************************************************************\r
	2	* Filename: aes.h\r
	3	* Author: Brad Conte (brad AT bradconte.com)\r
	4	* Copyright:\r
	5	* Disclaimer: This code is presented "as is" without any guarantees.\r
	6	* Details: Defines the API for the corresponding AES implementation.\r
	7	*********************************************************************/\r
	8	\r
	9	#ifndef AES_H\r
	10	#define AES_H\r
	11	\r
	12	/************************* HEADER FILES *************************/\r
	13	#include <stddef.h>\r
	14	\r
	15	/**************************** MACROS ****************************/\r
	16	#define AES_BLOCK_SIZE 16 // AES operates on 16 bytes at a time\r
	17	\r
	18	/************************** DATA TYPES **************************/\r
	19	typedef unsigned char BYTE; // 8-bit byte\r
	20	typedef unsigned int WORD; // 32-bit word, change to "long" for 16-bit machines\r
	21	\r
	22	/********************* FUNCTION DECLARATIONS ********************/\r
	23	///////////////////\r
	24	// AES\r
	25	///////////////////\r
	26	// Key setup must be done before any AES en/de-cryption functions can be used.\r
	27	void aes_key_setup(const BYTE key[], // The key, must be 128, 192, or 256 bits\r
	28	WORD w[], // Output key schedule to be used later\r
	29	int keysize); // Bit length of the key, 128, 192, or 256\r
	30	\r
	31	void aes_encrypt(const BYTE in[], // 16 bytes of plaintext\r
	32	BYTE out[], // 16 bytes of ciphertext\r
	33	const WORD key[], // From the key setup\r
	34	int keysize); // Bit length of the key, 128, 192, or 256\r
	35	\r
	36	void aes_decrypt(const BYTE in[], // 16 bytes of ciphertext\r
	37	BYTE out[], // 16 bytes of plaintext\r
	38	const WORD key[], // From the key setup\r
	39	int keysize); // Bit length of the key, 128, 192, or 256\r
	40	\r
	41	///////////////////\r
	42	// AES - CBC\r
	43	///////////////////\r
	44	int aes_encrypt_cbc(const BYTE in[], // Plaintext\r
	45	size_t in_len, // Must be a multiple of AES_BLOCK_SIZE\r
	46	BYTE out[], // Ciphertext, same length as plaintext\r
	47	const WORD key[], // From the key setup\r
	48	int keysize, // Bit length of the key, 128, 192, or 256\r
	49	const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long\r
	50	\r
	51	// Only output the CBC-MAC of the input.\r
	52	int aes_encrypt_cbc_mac(const BYTE in[], // plaintext\r
	53	size_t in_len, // Must be a multiple of AES_BLOCK_SIZE\r
	54	BYTE out[], // Output MAC\r
	55	const WORD key[], // From the key setup\r
	56	int keysize, // Bit length of the key, 128, 192, or 256\r
	57	const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long\r
	58	\r
	59	///////////////////\r
	60	// AES - CTR\r
	61	///////////////////\r
	62	void increment_iv(BYTE iv[], // Must be a multiple of AES_BLOCK_SIZE\r
	63	int counter_size); // Bytes of the IV used for counting (low end)\r
	64	\r
65	void aes_encrypt_ctr(const BYTE in[], // Plaintext\r
66	size_t in_len, // Any byte length\r
67	BYTE out[], // Ciphertext, same length as plaintext\r
68	const WORD key[], // From the key setup\r
69	int keysize, // Bit length of the key, 128, 192, or 256\r
70	const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long\r
71	\r
72	void aes_decrypt_ctr(const BYTE in[], // Ciphertext\r
73	size_t in_len, // Any byte length\r
74	BYTE out[], // Plaintext, same length as ciphertext\r
75	const WORD key[], // From the key setup\r
76	int keysize, // Bit length of the key, 128, 192, or 256\r
77	const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long\r
78	\r
79	///////////////////\r
80	// AES - CCM\r
81	///////////////////\r
82	// Returns True if the input parameters do not violate any constraint.\r
83	int aes_encrypt_ccm(const BYTE plaintext[], // IN - Plaintext.\r
84	WORD plaintext_len, // IN - Plaintext length.\r
85	const BYTE associated_data[], // IN - Associated Data included in authentication, but not encryption.\r
86	unsigned short associated_data_len, // IN - Associated Data length in bytes.\r
87	const BYTE nonce[], // IN - The Nonce to be used for encryption.\r
88	unsigned short nonce_len, // IN - Nonce length in bytes.\r
89	BYTE ciphertext[], // OUT - Ciphertext, a concatination of the plaintext and the MAC.\r
90	WORD *ciphertext_len, // OUT - The length of the ciphertext, always plaintext_len + mac_len.\r
91	WORD mac_len, // IN - The desired length of the MAC, must be 4, 6, 8, 10, 12, 14, or 16.\r
92	const BYTE key[], // IN - The AES key for encryption.\r
93	int keysize); // IN - The length of the key in bits. Valid values are 128, 192, 256.\r
94	\r
95	// Returns True if the input parameters do not violate any constraint.\r
96	// Use mac_auth to ensure decryption/validation was preformed correctly.\r
97	// If authentication does not succeed, the plaintext is zeroed out. To overwride\r
98	// this, call with mac_auth = NULL. The proper proceedure is to decrypt with\r
99	// authentication enabled (mac_auth != NULL) and make a second call to that\r
100	// ignores authentication explicitly if the first call failes.\r
101	int aes_decrypt_ccm(const BYTE ciphertext[], // IN - Ciphertext, the concatination of encrypted plaintext and MAC.\r
102	WORD ciphertext_len, // IN - Ciphertext length in bytes.\r
103	const BYTE assoc[], // IN - The Associated Data, required for authentication.\r
104	unsigned short assoc_len, // IN - Associated Data length in bytes.\r
105	const BYTE nonce[], // IN - The Nonce to use for decryption, same one as for encryption.\r
106	unsigned short nonce_len, // IN - Nonce length in bytes.\r
107	BYTE plaintext[], // OUT - The plaintext that was decrypted. Will need to be large enough to hold ciphertext_len - mac_len.\r
108	WORD *plaintext_len, // OUT - Length in bytes of the output plaintext, always ciphertext_len - mac_len .\r
109	WORD mac_len, // IN - The length of the MAC that was calculated.\r
110	int *mac_auth, // OUT - TRUE if authentication succeeded, FALSE if it did not. NULL pointer will ignore the authentication.\r
111	const BYTE key[], // IN - The AES key for decryption.\r
112	int keysize); // IN - The length of the key in BITS. Valid values are 128, 192, 256.\r
113	\r
114	///////////////////\r
115	// Test functions\r
116	///////////////////\r
5aa2bb3e FF	117	int aes_test(void);\r
	118	int aes_ecb_test(void);\r
	119	int aes_cbc_test(void);\r
	120	int aes_ctr_test(void);\r
	121	int aes_ccm_test(void);\r
ed571217 MG	122	\r
ed571217 MG	123	#endif // AES_H\r