1d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ==================================================================== 2d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. 3d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 4d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Redistribution and use in source and binary forms, with or without 5d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * modification, are permitted provided that the following conditions 6d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * are met: 7d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 8d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 1. Redistributions of source code must retain the above copyright 9d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer. 10d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 11d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 2. Redistributions in binary form must reproduce the above copyright 12d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer in 13d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the documentation and/or other materials provided with the 14d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * distribution. 15d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 16d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 3. All advertising materials mentioning features or use of this 17d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * software must display the following acknowledgment: 18d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes software developed by the OpenSSL Project 19d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 20d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 21d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 22d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * endorse or promote products derived from this software without 23d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * prior written permission. For written permission, please contact 24d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * openssl-core@openssl.org. 25d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 26d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 5. Products derived from this software may not be called "OpenSSL" 27d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * nor may "OpenSSL" appear in their names without prior written 28d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * permission of the OpenSSL Project. 29d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 30d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 6. Redistributions of any form whatsoever must retain the following 31d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * acknowledgment: 32d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes software developed by the OpenSSL Project 33d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 34d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 35d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 36d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 37d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 38d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 39d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 40d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 41d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 42d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 43d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 44d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 45d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 46d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OF THE POSSIBILITY OF SUCH DAMAGE. 47d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ==================================================================== */ 48d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 49d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#ifndef OPENSSL_HEADER_AES_H 50d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define OPENSSL_HEADER_AES_H 51d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 52d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/base.h> 53d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 54d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#if defined(__cplusplus) 55d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyextern "C" { 56d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#endif 57d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 58d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 59d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Raw AES functions. */ 60d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 61d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 62d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define AES_ENCRYPT 1 63d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define AES_DECRYPT 0 64d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 65d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* AES_MAXNR is the maximum number of AES rounds. */ 66d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define AES_MAXNR 14 67d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 68d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define AES_BLOCK_SIZE 16 69d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 70d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* aes_key_st should be an opaque type, but EVP requires that the size be 71d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * known. */ 72d9e397b599b13d642138480a28c14db7a136bf0Adam Langleystruct aes_key_st { 73d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint32_t rd_key[4 * (AES_MAXNR + 1)]; 74d9e397b599b13d642138480a28c14db7a136bf0Adam Langley unsigned rounds; 75d9e397b599b13d642138480a28c14db7a136bf0Adam Langley}; 76d9e397b599b13d642138480a28c14db7a136bf0Adam Langleytypedef struct aes_key_st AES_KEY; 77d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 78d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* AES_set_encrypt_key configures |aeskey| to encrypt with the |bits|-bit key, 79d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * |key|. 80d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 81d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * WARNING: unlike other OpenSSL functions, this returns zero on success and a 82d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * negative number on error. */ 83d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int AES_set_encrypt_key(const uint8_t *key, unsigned bits, 84d9e397b599b13d642138480a28c14db7a136bf0Adam Langley AES_KEY *aeskey); 85d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 86d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* AES_set_decrypt_key configures |aeskey| to decrypt with the |bits|-bit key, 87d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * |key|. 88d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 89d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * WARNING: unlike other OpenSSL functions, this returns zero on success and a 90d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * negative number on error. */ 91d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int AES_set_decrypt_key(const uint8_t *key, unsigned bits, 92d9e397b599b13d642138480a28c14db7a136bf0Adam Langley AES_KEY *aeskey); 93d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 94d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* AES_encrypt encrypts a single block from |in| to |out| with |key|. The |in| 95d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * and |out| pointers may overlap. */ 96d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT void AES_encrypt(const uint8_t *in, uint8_t *out, 97d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const AES_KEY *key); 98d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 99d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* AES_decrypt decrypts a single block from |in| to |out| with |key|. The |in| 100d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * and |out| pointers may overlap. */ 101d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT void AES_decrypt(const uint8_t *in, uint8_t *out, 102d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const AES_KEY *key); 103d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 104d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 105d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Block cipher modes. */ 106d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 107d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* AES_ctr128_encrypt encrypts (or decrypts, it's the same in CTR mode) |len| 108d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * bytes from |in| to |out|. The |num| parameter must be set to zero on the 109d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * first call and |ivec| will be incremented. */ 110d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out, 111d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t len, const AES_KEY *key, 112d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t ivec[AES_BLOCK_SIZE], 113d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t ecount_buf[AES_BLOCK_SIZE], 114d9e397b599b13d642138480a28c14db7a136bf0Adam Langley unsigned int *num); 115d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 116d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* AES_ecb_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) a single, 117d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 16 byte block from |in| to |out|. */ 118d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT void AES_ecb_encrypt(const uint8_t *in, uint8_t *out, 119d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const AES_KEY *key, const int enc); 120d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 121d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* AES_cbc_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) |len| 122d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * bytes from |in| to |out|. The length must be a multiple of the block size. */ 123d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT void AES_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, 124d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const AES_KEY *key, uint8_t *ivec, 125d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const int enc); 126d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 127b8494591d1b1a143f3b192d845c238bbf3bc629dKenny Root/* AES_ofb128_encrypt encrypts (or decrypts, it's the same in OFB mode) |len| 128d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * bytes from |in| to |out|. The |num| parameter must be set to zero on the 129d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * first call. */ 130d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT void AES_ofb128_encrypt(const uint8_t *in, uint8_t *out, 131d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t len, const AES_KEY *key, 132d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t *ivec, int *num); 133d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 134d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* AES_cfb128_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) |len| 135d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * bytes from |in| to |out|. The |num| parameter must be set to zero on the 136d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * first call. */ 137d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT void AES_cfb128_encrypt(const uint8_t *in, uint8_t *out, 138d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t len, const AES_KEY *key, 139d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t *ivec, int *num, int enc); 140d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 141d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 142bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven Valdez/* AES key wrap. 143f40f42df67fffec64967b000e4fdad4b435611a5Adam Langley * 144bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven Valdez * These functions implement AES Key Wrap mode, as defined in RFC 3394. They 145bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven Valdez * should never be used except to interoperate with existing systems that use 146bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven Valdez * this mode. */ 147bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven Valdez 148bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven Valdez/* AES_wrap_key performs AES key wrap on |in| which must be a multiple of 8 149bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven Valdez * bytes. |iv| must point to an 8 byte value or be NULL to use the default IV. 150bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven Valdez * |key| must have been configured for encryption. On success, it writes 151bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven Valdez * |in_len| + 8 bytes to |out| and returns |in_len| + 8. Otherwise, it returns 152bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven Valdez * -1. */ 153bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven ValdezOPENSSL_EXPORT int AES_wrap_key(const AES_KEY *key, const uint8_t *iv, 154bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven Valdez uint8_t *out, const uint8_t *in, size_t in_len); 155bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven Valdez 156bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven Valdez/* AES_unwrap_key performs AES key unwrap on |in| which must be a multiple of 8 157bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven Valdez * bytes. |iv| must point to an 8 byte value or be NULL to use the default IV. 158bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven Valdez * |key| must have been configured for decryption. On success, it writes 159bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven Valdez * |in_len| - 8 bytes to |out| and returns |in_len| - 8. Otherwise, it returns 160bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven Valdez * -1. */ 161bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven ValdezOPENSSL_EXPORT int AES_unwrap_key(const AES_KEY *key, const uint8_t *iv, 162bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven Valdez uint8_t *out, const uint8_t *in, 163bb1ceac29bc7a18b94e3da78057dc41aa7071784Steven Valdez size_t in_len); 164f40f42df67fffec64967b000e4fdad4b435611a5Adam Langley 165f40f42df67fffec64967b000e4fdad4b435611a5Adam Langley 166d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#if defined(__cplusplus) 167d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} /* extern C */ 168d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#endif 169d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 170d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#endif /* OPENSSL_HEADER_AES_H */ 171