AES: add public-domain AES implementation from Brad Conte
[hmcfgusb] / aes.h
1 /*********************************************************************
2 * Filename: aes.h
3 * Author: Brad Conte (brad AT bradconte.com)
4 * Copyright:
5 * Disclaimer: This code is presented "as is" without any guarantees.
6 * Details: Defines the API for the corresponding AES implementation.
7 *********************************************************************/
8
9 #ifndef AES_H
10 #define AES_H
11
12 /*************************** HEADER FILES ***************************/
13 #include <stddef.h>
14
15 /****************************** MACROS ******************************/
16 #define AES_BLOCK_SIZE 16 // AES operates on 16 bytes at a time
17
18 /**************************** DATA TYPES ****************************/
19 typedef unsigned char BYTE; // 8-bit byte
20 typedef unsigned int WORD; // 32-bit word, change to "long" for 16-bit machines
21
22 /*********************** FUNCTION DECLARATIONS **********************/
23 ///////////////////
24 // AES
25 ///////////////////
26 // Key setup must be done before any AES en/de-cryption functions can be used.
27 void aes_key_setup(const BYTE key[], // The key, must be 128, 192, or 256 bits
28 WORD w[], // Output key schedule to be used later
29 int keysize); // Bit length of the key, 128, 192, or 256
30
31 void aes_encrypt(const BYTE in[], // 16 bytes of plaintext
32 BYTE out[], // 16 bytes of ciphertext
33 const WORD key[], // From the key setup
34 int keysize); // Bit length of the key, 128, 192, or 256
35
36 void aes_decrypt(const BYTE in[], // 16 bytes of ciphertext
37 BYTE out[], // 16 bytes of plaintext
38 const WORD key[], // From the key setup
39 int keysize); // Bit length of the key, 128, 192, or 256
40
41 ///////////////////
42 // AES - CBC
43 ///////////////////
44 int aes_encrypt_cbc(const BYTE in[], // Plaintext
45 size_t in_len, // Must be a multiple of AES_BLOCK_SIZE
46 BYTE out[], // Ciphertext, same length as plaintext
47 const WORD key[], // From the key setup
48 int keysize, // Bit length of the key, 128, 192, or 256
49 const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long
50
51 // Only output the CBC-MAC of the input.
52 int aes_encrypt_cbc_mac(const BYTE in[], // plaintext
53 size_t in_len, // Must be a multiple of AES_BLOCK_SIZE
54 BYTE out[], // Output MAC
55 const WORD key[], // From the key setup
56 int keysize, // Bit length of the key, 128, 192, or 256
57 const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long
58
59 ///////////////////
60 // AES - CTR
61 ///////////////////
62 void increment_iv(BYTE iv[], // Must be a multiple of AES_BLOCK_SIZE
63 int counter_size); // Bytes of the IV used for counting (low end)
64
65 void aes_encrypt_ctr(const BYTE in[], // Plaintext
66 size_t in_len, // Any byte length
67 BYTE out[], // Ciphertext, same length as plaintext
68 const WORD key[], // From the key setup
69 int keysize, // Bit length of the key, 128, 192, or 256
70 const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long
71
72 void aes_decrypt_ctr(const BYTE in[], // Ciphertext
73 size_t in_len, // Any byte length
74 BYTE out[], // Plaintext, same length as ciphertext
75 const WORD key[], // From the key setup
76 int keysize, // Bit length of the key, 128, 192, or 256
77 const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long
78
79 ///////////////////
80 // AES - CCM
81 ///////////////////
82 // Returns True if the input parameters do not violate any constraint.
83 int aes_encrypt_ccm(const BYTE plaintext[], // IN - Plaintext.
84 WORD plaintext_len, // IN - Plaintext length.
85 const BYTE associated_data[], // IN - Associated Data included in authentication, but not encryption.
86 unsigned short associated_data_len, // IN - Associated Data length in bytes.
87 const BYTE nonce[], // IN - The Nonce to be used for encryption.
88 unsigned short nonce_len, // IN - Nonce length in bytes.
89 BYTE ciphertext[], // OUT - Ciphertext, a concatination of the plaintext and the MAC.
90 WORD *ciphertext_len, // OUT - The length of the ciphertext, always plaintext_len + mac_len.
91 WORD mac_len, // IN - The desired length of the MAC, must be 4, 6, 8, 10, 12, 14, or 16.
92 const BYTE key[], // IN - The AES key for encryption.
93 int keysize); // IN - The length of the key in bits. Valid values are 128, 192, 256.
94
95 // Returns True if the input parameters do not violate any constraint.
96 // Use mac_auth to ensure decryption/validation was preformed correctly.
97 // If authentication does not succeed, the plaintext is zeroed out. To overwride
98 // this, call with mac_auth = NULL. The proper proceedure is to decrypt with
99 // authentication enabled (mac_auth != NULL) and make a second call to that
100 // ignores authentication explicitly if the first call failes.
101 int aes_decrypt_ccm(const BYTE ciphertext[], // IN - Ciphertext, the concatination of encrypted plaintext and MAC.
102 WORD ciphertext_len, // IN - Ciphertext length in bytes.
103 const BYTE assoc[], // IN - The Associated Data, required for authentication.
104 unsigned short assoc_len, // IN - Associated Data length in bytes.
105 const BYTE nonce[], // IN - The Nonce to use for decryption, same one as for encryption.
106 unsigned short nonce_len, // IN - Nonce length in bytes.
107 BYTE plaintext[], // OUT - The plaintext that was decrypted. Will need to be large enough to hold ciphertext_len - mac_len.
108 WORD *plaintext_len, // OUT - Length in bytes of the output plaintext, always ciphertext_len - mac_len .
109 WORD mac_len, // IN - The length of the MAC that was calculated.
110 int *mac_auth, // OUT - TRUE if authentication succeeded, FALSE if it did not. NULL pointer will ignore the authentication.
111 const BYTE key[], // IN - The AES key for decryption.
112 int keysize); // IN - The length of the key in BITS. Valid values are 128, 192, 256.
113
114 ///////////////////
115 // Test functions
116 ///////////////////
117 int aes_test();
118 int aes_ecb_test();
119 int aes_cbc_test();
120 int aes_ctr_test();
121 int aes_ccm_test();
122
123 #endif // AES_H
Impressum, Datenschutz