Details | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
8796 | turbocat | 1 | /********************************************************************* |
2 | * Filename: aes.h |
||
3 | * Author: Brad Conte (brad AT bradconte.com) |
||
4 | * Copyright: |
||
5 | * Disclaimer: This code is presented "as is" without any guarantees. |
||
6 | * Details: Defines the API for the corresponding AES implementation. |
||
7 | *********************************************************************/ |
||
8 | |||
9 | #ifndef AES_H |
||
10 | #define AES_H |
||
11 | |||
12 | /*************************** HEADER FILES ***************************/ |
||
13 | #include |
||
14 | |||
15 | /****************************** MACROS ******************************/ |
||
16 | #define AES_BLOCK_SIZE 16 // AES operates on 16 bytes at a time |
||
17 | |||
18 | /**************************** DATA TYPES ****************************/ |
||
19 | typedef unsigned char BYTE; // 8-bit byte |
||
20 | typedef unsigned int WORD; // 32-bit word, change to "long" for 16-bit machines |
||
21 | |||
22 | /*********************** FUNCTION DECLARATIONS **********************/ |
||
23 | /////////////////// |
||
24 | // AES |
||
25 | /////////////////// |
||
26 | // Key setup must be done before any AES en/de-cryption functions can be used. |
||
27 | void aes_key_setup(const BYTE key[], // The key, must be 128, 192, or 256 bits |
||
28 | WORD w[], // Output key schedule to be used later |
||
29 | int keysize); // Bit length of the key, 128, 192, or 256 |
||
30 | |||
31 | void aes_encrypt(const BYTE in[], // 16 bytes of plaintext |
||
32 | BYTE out[], // 16 bytes of ciphertext |
||
33 | const WORD key[], // From the key setup |
||
34 | int keysize); // Bit length of the key, 128, 192, or 256 |
||
35 | |||
36 | void aes_decrypt(const BYTE in[], // 16 bytes of ciphertext |
||
37 | BYTE out[], // 16 bytes of plaintext |
||
38 | const WORD key[], // From the key setup |
||
39 | int keysize); // Bit length of the key, 128, 192, or 256 |
||
40 | |||
41 | /////////////////// |
||
42 | // AES - CBC |
||
43 | /////////////////// |
||
44 | int aes_encrypt_cbc(const BYTE in[], // Plaintext |
||
45 | size_t in_len, // Must be a multiple of AES_BLOCK_SIZE |
||
46 | BYTE out[], // Ciphertext, same length as plaintext |
||
47 | const WORD key[], // From the key setup |
||
48 | int keysize, // Bit length of the key, 128, 192, or 256 |
||
49 | const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long |
||
50 | |||
51 | // Only output the CBC-MAC of the input. |
||
52 | int aes_encrypt_cbc_mac(const BYTE in[], // plaintext |
||
53 | size_t in_len, // Must be a multiple of AES_BLOCK_SIZE |
||
54 | BYTE out[], // Output MAC |
||
55 | const WORD key[], // From the key setup |
||
56 | int keysize, // Bit length of the key, 128, 192, or 256 |
||
57 | const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long |
||
58 | |||
59 | /////////////////// |
||
60 | // AES - CTR |
||
61 | /////////////////// |
||
62 | void increment_iv(BYTE iv[], // Must be a multiple of AES_BLOCK_SIZE |
||
63 | int counter_size); // Bytes of the IV used for counting (low end) |
||
64 | |||
65 | void aes_encrypt_ctr(const BYTE in[], // Plaintext |
||
66 | size_t in_len, // Any byte length |
||
67 | BYTE out[], // Ciphertext, same length as plaintext |
||
68 | const WORD key[], // From the key setup |
||
69 | int keysize, // Bit length of the key, 128, 192, or 256 |
||
70 | const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long |
||
71 | |||
72 | void aes_decrypt_ctr(const BYTE in[], // Ciphertext |
||
73 | size_t in_len, // Any byte length |
||
74 | BYTE out[], // Plaintext, same length as ciphertext |
||
75 | const WORD key[], // From the key setup |
||
76 | int keysize, // Bit length of the key, 128, 192, or 256 |
||
77 | const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long |
||
78 | |||
79 | /////////////////// |
||
80 | // AES - CCM |
||
81 | /////////////////// |
||
82 | // Returns True if the input parameters do not violate any constraint. |
||
83 | int aes_encrypt_ccm(const BYTE plaintext[], // IN - Plaintext. |
||
84 | WORD plaintext_len, // IN - Plaintext length. |
||
85 | const BYTE associated_data[], // IN - Associated Data included in authentication, but not encryption. |
||
86 | unsigned short associated_data_len, // IN - Associated Data length in bytes. |
||
87 | const BYTE nonce[], // IN - The Nonce to be used for encryption. |
||
88 | unsigned short nonce_len, // IN - Nonce length in bytes. |
||
89 | BYTE ciphertext[], // OUT - Ciphertext, a concatination of the plaintext and the MAC. |
||
90 | WORD *ciphertext_len, // OUT - The length of the ciphertext, always plaintext_len + mac_len. |
||
91 | WORD mac_len, // IN - The desired length of the MAC, must be 4, 6, 8, 10, 12, 14, or 16. |
||
92 | const BYTE key[], // IN - The AES key for encryption. |
||
93 | int keysize); // IN - The length of the key in bits. Valid values are 128, 192, 256. |
||
94 | |||
95 | // Returns True if the input parameters do not violate any constraint. |
||
96 | // Use mac_auth to ensure decryption/validation was preformed correctly. |
||
97 | // If authentication does not succeed, the plaintext is zeroed out. To overwride |
||
98 | // this, call with mac_auth = NULL. The proper proceedure is to decrypt with |
||
99 | // authentication enabled (mac_auth != NULL) and make a second call to that |
||
100 | // ignores authentication explicitly if the first call failes. |
||
101 | int aes_decrypt_ccm(const BYTE ciphertext[], // IN - Ciphertext, the concatination of encrypted plaintext and MAC. |
||
102 | WORD ciphertext_len, // IN - Ciphertext length in bytes. |
||
103 | const BYTE assoc[], // IN - The Associated Data, required for authentication. |
||
104 | unsigned short assoc_len, // IN - Associated Data length in bytes. |
||
105 | const BYTE nonce[], // IN - The Nonce to use for decryption, same one as for encryption. |
||
106 | unsigned short nonce_len, // IN - Nonce length in bytes. |
||
107 | BYTE plaintext[], // OUT - The plaintext that was decrypted. Will need to be large enough to hold ciphertext_len - mac_len. |
||
108 | WORD *plaintext_len, // OUT - Length in bytes of the output plaintext, always ciphertext_len - mac_len . |
||
109 | WORD mac_len, // IN - The length of the MAC that was calculated. |
||
110 | int *mac_auth, // OUT - TRUE if authentication succeeded, FALSE if it did not. NULL pointer will ignore the authentication. |
||
111 | const BYTE key[], // IN - The AES key for decryption. |
||
112 | int keysize); // IN - The length of the key in BITS. Valid values are 128, 192, 256. |
||
113 | |||
114 | /////////////////// |
||
115 | // Test functions |
||
116 | /////////////////// |
||
117 | int aes_test(); |
||
118 | int aes_ecb_test(); |
||
119 | int aes_cbc_test(); |
||
120 | int aes_ctr_test(); |
||
121 | int aes_ccm_test(); |
||
122 | |||
123 | #endif // AES_H |