1 | /*********************************************************************
|
2 | * Filename: aes.h
|
3 | * Author: Brad Conte (brad AT bradconte.com)
|
4 | * Copyright:
|
5 | * Disclaimer: This code is presented "as is" without any guarantees.
|
6 | * Details: Defines the API for the corresponding AES implementation.
|
7 | *********************************************************************/
|
8 |
|
9 | #ifndef AES_H
|
10 | #define AES_H
|
11 |
|
12 | /*************************** HEADER FILES ***************************/
|
13 | #include <stddef.h>
|
14 |
|
15 | /****************************** MACROS ******************************/
|
16 | #define AES_BLOCK_SIZE 16 // AES operates on 16 bytes at a time
|
17 |
|
18 | /**************************** DATA TYPES ****************************/
|
19 | typedef unsigned char BYTE; // 8-bit byte
|
20 | typedef unsigned int WORD; // 32-bit word, change to "long" for 16-bit machines
|
21 |
|
22 | /*********************** FUNCTION DECLARATIONS **********************/
|
23 | ///////////////////
|
24 | // AES
|
25 | ///////////////////
|
26 | // Key setup must be done before any AES en/de-cryption functions can be used.
|
27 | void aes_key_setup(const BYTE key[], // The key, must be 128, 192, or 256 bits
|
28 | WORD w[], // Output key schedule to be used later
|
29 | int keysize); // Bit length of the key, 128, 192, or 256
|
30 |
|
31 | void aes_encrypt(const BYTE in[], // 16 bytes of plaintext
|
32 | BYTE out[], // 16 bytes of ciphertext
|
33 | const WORD key[], // From the key setup
|
34 | int keysize); // Bit length of the key, 128, 192, or 256
|
35 |
|
36 | void aes_decrypt(const BYTE in[], // 16 bytes of ciphertext
|
37 | BYTE out[], // 16 bytes of plaintext
|
38 | const WORD key[], // From the key setup
|
39 | int keysize); // Bit length of the key, 128, 192, or 256
|
40 |
|
41 | ///////////////////
|
42 | // AES - CBC
|
43 | ///////////////////
|
44 | int aes_encrypt_cbc(const BYTE in[], // Plaintext
|
45 | size_t in_len, // Must be a multiple of AES_BLOCK_SIZE
|
46 | BYTE out[], // Ciphertext, same length as plaintext
|
47 | const WORD key[], // From the key setup
|
48 | int keysize, // Bit length of the key, 128, 192, or 256
|
49 | const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long
|
50 |
|
51 | // Only output the CBC-MAC of the input.
|
52 | int aes_encrypt_cbc_mac(const BYTE in[], // plaintext
|
53 | size_t in_len, // Must be a multiple of AES_BLOCK_SIZE
|
54 | BYTE out[], // Output MAC
|
55 | const WORD key[], // From the key setup
|
56 | int keysize, // Bit length of the key, 128, 192, or 256
|
57 | const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long
|
58 |
|
59 | ///////////////////
|
60 | // AES - CTR
|
61 | ///////////////////
|
62 | void increment_iv(BYTE iv[], // Must be a multiple of AES_BLOCK_SIZE
|
63 | int counter_size); // Bytes of the IV used for counting (low end)
|
64 |
|
65 | void aes_encrypt_ctr(const BYTE in[], // Plaintext
|
66 | size_t in_len, // Any byte length
|
67 | BYTE out[], // Ciphertext, same length as plaintext
|
68 | const WORD key[], // From the key setup
|
69 | int keysize, // Bit length of the key, 128, 192, or 256
|
70 | const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long
|
71 |
|
72 | void aes_decrypt_ctr(const BYTE in[], // Ciphertext
|
73 | size_t in_len, // Any byte length
|
74 | BYTE out[], // Plaintext, same length as ciphertext
|
75 | const WORD key[], // From the key setup
|
76 | int keysize, // Bit length of the key, 128, 192, or 256
|
77 | const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long
|
78 |
|
79 | ///////////////////
|
80 | // AES - CCM
|
81 | ///////////////////
|
82 | // Returns True if the input parameters do not violate any constraint.
|
83 | int aes_encrypt_ccm(const BYTE plaintext[], // IN - Plaintext.
|
84 | WORD plaintext_len, // IN - Plaintext length.
|
85 | const BYTE associated_data[], // IN - Associated Data included in authentication, but not encryption.
|
86 | unsigned short associated_data_len, // IN - Associated Data length in bytes.
|
87 | const BYTE nonce[], // IN - The Nonce to be used for encryption.
|
88 | unsigned short nonce_len, // IN - Nonce length in bytes.
|
89 | BYTE ciphertext[], // OUT - Ciphertext, a concatination of the plaintext and the MAC.
|
90 | WORD *ciphertext_len, // OUT - The length of the ciphertext, always plaintext_len + mac_len.
|
91 | WORD mac_len, // IN - The desired length of the MAC, must be 4, 6, 8, 10, 12, 14, or 16.
|
92 | const BYTE key[], // IN - The AES key for encryption.
|
93 | int keysize); // IN - The length of the key in bits. Valid values are 128, 192, 256.
|
94 |
|
95 | // Returns True if the input parameters do not violate any constraint.
|
96 | // Use mac_auth to ensure decryption/validation was preformed correctly.
|
97 | // If authentication does not succeed, the plaintext is zeroed out. To overwride
|
98 | // this, call with mac_auth = NULL. The proper proceedure is to decrypt with
|
99 | // authentication enabled (mac_auth != NULL) and make a second call to that
|
100 | // ignores authentication explicitly if the first call failes.
|
101 | int aes_decrypt_ccm(const BYTE ciphertext[], // IN - Ciphertext, the concatination of encrypted plaintext and MAC.
|
102 | WORD ciphertext_len, // IN - Ciphertext length in bytes.
|
103 | const BYTE assoc[], // IN - The Associated Data, required for authentication.
|
104 | unsigned short assoc_len, // IN - Associated Data length in bytes.
|
105 | const BYTE nonce[], // IN - The Nonce to use for decryption, same one as for encryption.
|
106 | unsigned short nonce_len, // IN - Nonce length in bytes.
|
107 | BYTE plaintext[], // OUT - The plaintext that was decrypted. Will need to be large enough to hold ciphertext_len - mac_len.
|
108 | WORD *plaintext_len, // OUT - Length in bytes of the output plaintext, always ciphertext_len - mac_len .
|
109 | WORD mac_len, // IN - The length of the MAC that was calculated.
|
110 | int *mac_auth, // OUT - TRUE if authentication succeeded, FALSE if it did not. NULL pointer will ignore the authentication.
|
111 | const BYTE key[], // IN - The AES key for decryption.
|
112 | int keysize); // IN - The length of the key in BITS. Valid values are 128, 192, 256.
|
113 |
|
114 | ///////////////////
|
115 | // Test functions
|
116 | ///////////////////
|
117 | int aes_test();
|
118 | int aes_ecb_test();
|
119 | int aes_cbc_test();
|
120 | int aes_ctr_test();
|
121 | int aes_ccm_test();
|
122 |
|
123 | #endif // AES_H
|
124 | |