aes.h (7589B)
1 /********************************************************************* 2 * Filename: aes.h 3 * Author: Brad Conte (brad AT bradconte.com) 4 * Copyright: 5 * Disclaimer: This code is presented "as is" without any guarantees. 6 * Details: Defines the API for the corresponding AES implementation. 7 *********************************************************************/ 8 9 #ifndef AES_H 10 #define AES_H 11 12 /*************************** HEADER FILES ***************************/ 13 #include <stddef.h> 14 15 /****************************** MACROS ******************************/ 16 #define AES_BLOCK_SIZE 16 // AES operates on 16 bytes at a time 17 18 /**************************** DATA TYPES ****************************/ 19 typedef unsigned char BYTE; // 8-bit byte 20 typedef unsigned int WORD; // 32-bit word, change to "long" for 16-bit machines 21 22 /*********************** FUNCTION DECLARATIONS **********************/ 23 /////////////////// 24 // AES 25 /////////////////// 26 // Key setup must be done before any AES en/de-cryption functions can be used. 27 void aes_key_setup(const BYTE key[], // The key, must be 128, 192, or 256 bits 28 WORD w[], // Output key schedule to be used later 29 int keysize); // Bit length of the key, 128, 192, or 256 30 31 void aes_encrypt(const BYTE in[], // 16 bytes of plaintext 32 BYTE out[], // 16 bytes of ciphertext 33 const WORD key[], // From the key setup 34 int keysize); // Bit length of the key, 128, 192, or 256 35 36 void aes_decrypt(const BYTE in[], // 16 bytes of ciphertext 37 BYTE out[], // 16 bytes of plaintext 38 const WORD key[], // From the key setup 39 int keysize); // Bit length of the key, 128, 192, or 256 40 41 /////////////////// 42 // AES - CBC 43 /////////////////// 44 int aes_encrypt_cbc(const BYTE in[], // Plaintext 45 size_t in_len, // Must be a multiple of AES_BLOCK_SIZE 46 BYTE out[], // Ciphertext, same length as plaintext 47 const WORD key[], // From the key setup 48 int keysize, // Bit length of the key, 128, 192, or 256 49 const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long 50 51 // Only output the CBC-MAC of the input. 52 int aes_encrypt_cbc_mac(const BYTE in[], // plaintext 53 size_t in_len, // Must be a multiple of AES_BLOCK_SIZE 54 BYTE out[], // Output MAC 55 const WORD key[], // From the key setup 56 int keysize, // Bit length of the key, 128, 192, or 256 57 const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long 58 59 /////////////////// 60 // AES - CTR 61 /////////////////// 62 void increment_iv(BYTE iv[], // Must be a multiple of AES_BLOCK_SIZE 63 int counter_size); // Bytes of the IV used for counting (low end) 64 65 void aes_encrypt_ctr(const BYTE in[], // Plaintext 66 size_t in_len, // Any byte length 67 BYTE out[], // Ciphertext, same length as plaintext 68 const WORD key[], // From the key setup 69 int keysize, // Bit length of the key, 128, 192, or 256 70 const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long 71 72 void aes_decrypt_ctr(const BYTE in[], // Ciphertext 73 size_t in_len, // Any byte length 74 BYTE out[], // Plaintext, same length as ciphertext 75 const WORD key[], // From the key setup 76 int keysize, // Bit length of the key, 128, 192, or 256 77 const BYTE iv[]); // IV, must be AES_BLOCK_SIZE bytes long 78 79 /////////////////// 80 // AES - CCM 81 /////////////////// 82 // Returns True if the input parameters do not violate any constraint. 83 int aes_encrypt_ccm(const BYTE plaintext[], // IN - Plaintext. 84 WORD plaintext_len, // IN - Plaintext length. 85 const BYTE associated_data[], // IN - Associated Data included in authentication, but not encryption. 86 unsigned short associated_data_len, // IN - Associated Data length in bytes. 87 const BYTE nonce[], // IN - The Nonce to be used for encryption. 88 unsigned short nonce_len, // IN - Nonce length in bytes. 89 BYTE ciphertext[], // OUT - Ciphertext, a concatination of the plaintext and the MAC. 90 WORD *ciphertext_len, // OUT - The length of the ciphertext, always plaintext_len + mac_len. 91 WORD mac_len, // IN - The desired length of the MAC, must be 4, 6, 8, 10, 12, 14, or 16. 92 const BYTE key[], // IN - The AES key for encryption. 93 int keysize); // IN - The length of the key in bits. Valid values are 128, 192, 256. 94 95 // Returns True if the input parameters do not violate any constraint. 96 // Use mac_auth to ensure decryption/validation was preformed correctly. 97 // If authentication does not succeed, the plaintext is zeroed out. To overwride 98 // this, call with mac_auth = NULL. The proper proceedure is to decrypt with 99 // authentication enabled (mac_auth != NULL) and make a second call to that 100 // ignores authentication explicitly if the first call failes. 101 int aes_decrypt_ccm(const BYTE ciphertext[], // IN - Ciphertext, the concatination of encrypted plaintext and MAC. 102 WORD ciphertext_len, // IN - Ciphertext length in bytes. 103 const BYTE assoc[], // IN - The Associated Data, required for authentication. 104 unsigned short assoc_len, // IN - Associated Data length in bytes. 105 const BYTE nonce[], // IN - The Nonce to use for decryption, same one as for encryption. 106 unsigned short nonce_len, // IN - Nonce length in bytes. 107 BYTE plaintext[], // OUT - The plaintext that was decrypted. Will need to be large enough to hold ciphertext_len - mac_len. 108 WORD *plaintext_len, // OUT - Length in bytes of the output plaintext, always ciphertext_len - mac_len . 109 WORD mac_len, // IN - The length of the MAC that was calculated. 110 int *mac_auth, // OUT - TRUE if authentication succeeded, FALSE if it did not. NULL pointer will ignore the authentication. 111 const BYTE key[], // IN - The AES key for decryption. 112 int keysize); // IN - The length of the key in BITS. Valid values are 128, 192, 256. 113 114 /////////////////// 115 // Test functions 116 /////////////////// 117 int aes_test(); 118 int aes_ecb_test(); 119 int aes_cbc_test(); 120 int aes_ctr_test(); 121 int aes_ccm_test(); 122 123 #endif // AES_H