ce188d4d |
1 | /*********************************************************************\r |
2 | * Filename: aes.h\r |
3 | * Author: Brad Conte (brad AT bradconte.com)\r |
4 | * Copyright:\r |
5 | * Disclaimer: This code is presented "as is" without any guarantees.\r |
6 | * Details: Defines the API for the corresponding AES implementation.\r |
7 | *********************************************************************/\r |
8 | \r |
9 | #ifndef AES_H\r |
10 | #define AES_H\r |
11 | \r |
12 | /*************************** HEADER FILES ***************************/\r |
13 | #include <stddef.h>\r |
14 | \r |
15 | /****************************** MACROS ******************************/\r |
16 | #define AES_BLOCK_SIZE 16 // AES operates on 16 bytes at a time\r |
17 | \r |
18 | /**************************** DATA TYPES ****************************/\r |
19 | typedef unsigned char BYTE; // 8-bit byte\r |
20 | typedef unsigned int WORD; // 32-bit word, change to "long" for 16-bit machines\r |
21 | \r |
22 | /*********************** FUNCTION DECLARATIONS **********************/\r |
23 | ///////////////////\r |
24 | // AES\r |
25 | ///////////////////\r |
26 | // Key setup must be done before any AES en/de-cryption functions can be used.\r |
27 | void aes_key_setup(const BYTE key[], // The key, must be 128, 192, or 256 bits\r |
28 | WORD w[], // Output key schedule to be used later\r |
29 | int keysize); // Bit length of the key, 128, 192, or 256\r |
30 | \r |
31 | void aes_encrypt(const BYTE in[], // 16 bytes of plaintext\r |
32 | BYTE out[], // 16 bytes of ciphertext\r |
33 | const WORD key[], // From the key setup\r |
34 | int keysize); // Bit length of the key, 128, 192, or 256\r |
35 | \r |
36 | void aes_decrypt(const BYTE in[], // 16 bytes of ciphertext\r |
37 | BYTE out[], // 16 bytes of plaintext\r |
38 | const WORD key[], // From the key setup\r |
39 | int keysize); // Bit length of the key, 128, 192, or 256\r |
40 | \r |
41 | ///////////////////\r |
42 | // AES - CBC\r |
43 | ///////////////////\r |
44 | int aes_encrypt_cbc(const BYTE in[], // Plaintext\r |
45 | size_t in_len, // Must be a multiple of AES_BLOCK_SIZE\r |
46 | BYTE out[], // Ciphertext, same length as plaintext\r |
47 | const WORD key[], // From the key setup\r |
48 | int keysize, // Bit length of the key, 128, 192, or 256\r |
49 | const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long\r |
50 | \r |
51 | // Only output the CBC-MAC of the input.\r |
52 | int aes_encrypt_cbc_mac(const BYTE in[], // plaintext\r |
53 | size_t in_len, // Must be a multiple of AES_BLOCK_SIZE\r |
54 | BYTE out[], // Output MAC\r |
55 | const WORD key[], // From the key setup\r |
56 | int keysize, // Bit length of the key, 128, 192, or 256\r |
57 | const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long\r |
58 | \r |
59 | ///////////////////\r |
60 | // AES - CTR\r |
61 | ///////////////////\r |
62 | void increment_iv(BYTE iv[], // Must be a multiple of AES_BLOCK_SIZE\r |
63 | int counter_size); // Bytes of the IV used for counting (low end)\r |
64 | \r |
65 | void aes_encrypt_ctr(const BYTE in[], // Plaintext\r |
66 | size_t in_len, // Any byte length\r |
67 | BYTE out[], // Ciphertext, same length as plaintext\r |
68 | const WORD key[], // From the key setup\r |
69 | int keysize, // Bit length of the key, 128, 192, or 256\r |
70 | const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long\r |
71 | \r |
72 | void aes_decrypt_ctr(const BYTE in[], // Ciphertext\r |
73 | size_t in_len, // Any byte length\r |
74 | BYTE out[], // Plaintext, same length as ciphertext\r |
75 | const WORD key[], // From the key setup\r |
76 | int keysize, // Bit length of the key, 128, 192, or 256\r |
77 | const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long\r |
78 | \r |
79 | ///////////////////\r |
80 | // AES - CCM\r |
81 | ///////////////////\r |
82 | // Returns True if the input parameters do not violate any constraint.\r |
83 | int aes_encrypt_ccm(const BYTE plaintext[], // IN - Plaintext.\r |
84 | WORD plaintext_len, // IN - Plaintext length.\r |
85 | const BYTE associated_data[], // IN - Associated Data included in authentication, but not encryption.\r |
86 | unsigned short associated_data_len, // IN - Associated Data length in bytes.\r |
87 | const BYTE nonce[], // IN - The Nonce to be used for encryption.\r |
88 | unsigned short nonce_len, // IN - Nonce length in bytes.\r |
89 | BYTE ciphertext[], // OUT - Ciphertext, a concatination of the plaintext and the MAC.\r |
90 | WORD *ciphertext_len, // OUT - The length of the ciphertext, always plaintext_len + mac_len.\r |
91 | WORD mac_len, // IN - The desired length of the MAC, must be 4, 6, 8, 10, 12, 14, or 16.\r |
92 | const BYTE key[], // IN - The AES key for encryption.\r |
93 | int keysize); // IN - The length of the key in bits. Valid values are 128, 192, 256.\r |
94 | \r |
95 | // Returns True if the input parameters do not violate any constraint.\r |
96 | // Use mac_auth to ensure decryption/validation was preformed correctly.\r |
97 | // If authentication does not succeed, the plaintext is zeroed out. To overwride\r |
98 | // this, call with mac_auth = NULL. The proper proceedure is to decrypt with\r |
99 | // authentication enabled (mac_auth != NULL) and make a second call to that\r |
100 | // ignores authentication explicitly if the first call failes.\r |
101 | int aes_decrypt_ccm(const BYTE ciphertext[], // IN - Ciphertext, the concatination of encrypted plaintext and MAC.\r |
102 | WORD ciphertext_len, // IN - Ciphertext length in bytes.\r |
103 | const BYTE assoc[], // IN - The Associated Data, required for authentication.\r |
104 | unsigned short assoc_len, // IN - Associated Data length in bytes.\r |
105 | const BYTE nonce[], // IN - The Nonce to use for decryption, same one as for encryption.\r |
106 | unsigned short nonce_len, // IN - Nonce length in bytes.\r |
107 | BYTE plaintext[], // OUT - The plaintext that was decrypted. Will need to be large enough to hold ciphertext_len - mac_len.\r |
108 | WORD *plaintext_len, // OUT - Length in bytes of the output plaintext, always ciphertext_len - mac_len .\r |
109 | WORD mac_len, // IN - The length of the MAC that was calculated.\r |
110 | int *mac_auth, // OUT - TRUE if authentication succeeded, FALSE if it did not. NULL pointer will ignore the authentication.\r |
111 | const BYTE key[], // IN - The AES key for decryption.\r |
112 | int keysize); // IN - The length of the key in BITS. Valid values are 128, 192, 256.\r |
113 | \r |
114 | ///////////////////\r |
115 | // Test functions\r |
116 | ///////////////////\r |
117 | int aes_test();\r |
118 | int aes_ecb_test();\r |
119 | int aes_cbc_test();\r |
120 | int aes_ctr_test();\r |
121 | int aes_ccm_test();\r |
122 | \r |
123 | #endif // AES_H\r |