Hannes Tschofenig
Example program to test AES-GCM functionality. Used for a workshop
SSL/include/polarssl/aes.h@0:796d0f61a05b, 2018-09-27 (annotated)
- Committer:
- HannesTschofenig
- Date:
- Thu Sep 27 06:34:22 2018 +0000
- Revision:
- 0:796d0f61a05b
Example AES-GCM test program
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| HannesTschofenig | 0:796d0f61a05b | 1 | /** |
| HannesTschofenig | 0:796d0f61a05b | 2 | * \file aes.h |
| HannesTschofenig | 0:796d0f61a05b | 3 | * |
| HannesTschofenig | 0:796d0f61a05b | 4 | * \brief AES block cipher |
| HannesTschofenig | 0:796d0f61a05b | 5 | * |
| HannesTschofenig | 0:796d0f61a05b | 6 | * Copyright (C) 2006-2014, Brainspark B.V. |
| HannesTschofenig | 0:796d0f61a05b | 7 | * |
| HannesTschofenig | 0:796d0f61a05b | 8 | * This file is part of PolarSSL (http://www.polarssl.org) |
| HannesTschofenig | 0:796d0f61a05b | 9 | * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> |
| HannesTschofenig | 0:796d0f61a05b | 10 | * |
| HannesTschofenig | 0:796d0f61a05b | 11 | * All rights reserved. |
| HannesTschofenig | 0:796d0f61a05b | 12 | * |
| HannesTschofenig | 0:796d0f61a05b | 13 | * This program is free software; you can redistribute it and/or modify |
| HannesTschofenig | 0:796d0f61a05b | 14 | * it under the terms of the GNU General Public License as published by |
| HannesTschofenig | 0:796d0f61a05b | 15 | * the Free Software Foundation; either version 2 of the License, or |
| HannesTschofenig | 0:796d0f61a05b | 16 | * (at your option) any later version. |
| HannesTschofenig | 0:796d0f61a05b | 17 | * |
| HannesTschofenig | 0:796d0f61a05b | 18 | * This program is distributed in the hope that it will be useful, |
| HannesTschofenig | 0:796d0f61a05b | 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| HannesTschofenig | 0:796d0f61a05b | 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| HannesTschofenig | 0:796d0f61a05b | 21 | * GNU General Public License for more details. |
| HannesTschofenig | 0:796d0f61a05b | 22 | * |
| HannesTschofenig | 0:796d0f61a05b | 23 | * You should have received a copy of the GNU General Public License along |
| HannesTschofenig | 0:796d0f61a05b | 24 | * with this program; if not, write to the Free Software Foundation, Inc., |
| HannesTschofenig | 0:796d0f61a05b | 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| HannesTschofenig | 0:796d0f61a05b | 26 | */ |
| HannesTschofenig | 0:796d0f61a05b | 27 | #ifndef POLARSSL_AES_H |
| HannesTschofenig | 0:796d0f61a05b | 28 | #define POLARSSL_AES_H |
| HannesTschofenig | 0:796d0f61a05b | 29 | |
| HannesTschofenig | 0:796d0f61a05b | 30 | #if !defined(POLARSSL_CONFIG_FILE) |
| HannesTschofenig | 0:796d0f61a05b | 31 | #include "config.h" |
| HannesTschofenig | 0:796d0f61a05b | 32 | #else |
| HannesTschofenig | 0:796d0f61a05b | 33 | #include POLARSSL_CONFIG_FILE |
| HannesTschofenig | 0:796d0f61a05b | 34 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 35 | |
| HannesTschofenig | 0:796d0f61a05b | 36 | #include <string.h> |
| HannesTschofenig | 0:796d0f61a05b | 37 | |
| HannesTschofenig | 0:796d0f61a05b | 38 | #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32) |
| HannesTschofenig | 0:796d0f61a05b | 39 | #include <basetsd.h> |
| HannesTschofenig | 0:796d0f61a05b | 40 | typedef UINT32 uint32_t; |
| HannesTschofenig | 0:796d0f61a05b | 41 | #else |
| HannesTschofenig | 0:796d0f61a05b | 42 | #include <inttypes.h> |
| HannesTschofenig | 0:796d0f61a05b | 43 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 44 | |
| HannesTschofenig | 0:796d0f61a05b | 45 | /* padlock.c and aesni.c rely on these values! */ |
| HannesTschofenig | 0:796d0f61a05b | 46 | #define AES_ENCRYPT 1 |
| HannesTschofenig | 0:796d0f61a05b | 47 | #define AES_DECRYPT 0 |
| HannesTschofenig | 0:796d0f61a05b | 48 | |
| HannesTschofenig | 0:796d0f61a05b | 49 | #define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ |
| HannesTschofenig | 0:796d0f61a05b | 50 | #define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ |
| HannesTschofenig | 0:796d0f61a05b | 51 | |
| HannesTschofenig | 0:796d0f61a05b | 52 | #if !defined(POLARSSL_AES_ALT) |
| HannesTschofenig | 0:796d0f61a05b | 53 | // Regular implementation |
| HannesTschofenig | 0:796d0f61a05b | 54 | // |
| HannesTschofenig | 0:796d0f61a05b | 55 | |
| HannesTschofenig | 0:796d0f61a05b | 56 | #ifdef __cplusplus |
| HannesTschofenig | 0:796d0f61a05b | 57 | extern "C" { |
| HannesTschofenig | 0:796d0f61a05b | 58 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 59 | |
| HannesTschofenig | 0:796d0f61a05b | 60 | /** |
| HannesTschofenig | 0:796d0f61a05b | 61 | * \brief AES context structure |
| HannesTschofenig | 0:796d0f61a05b | 62 | * |
| HannesTschofenig | 0:796d0f61a05b | 63 | * \note buf is able to hold 32 extra bytes, which can be used: |
| HannesTschofenig | 0:796d0f61a05b | 64 | * - for alignment purposes if VIA padlock is used, and/or |
| HannesTschofenig | 0:796d0f61a05b | 65 | * - to simplify key expansion in the 256-bit case by |
| HannesTschofenig | 0:796d0f61a05b | 66 | * generating an extra round key |
| HannesTschofenig | 0:796d0f61a05b | 67 | */ |
| HannesTschofenig | 0:796d0f61a05b | 68 | typedef struct |
| HannesTschofenig | 0:796d0f61a05b | 69 | { |
| HannesTschofenig | 0:796d0f61a05b | 70 | int nr; /*!< number of rounds */ |
| HannesTschofenig | 0:796d0f61a05b | 71 | uint32_t *rk; /*!< AES round keys */ |
| HannesTschofenig | 0:796d0f61a05b | 72 | uint32_t buf[68]; /*!< unaligned data */ |
| HannesTschofenig | 0:796d0f61a05b | 73 | } |
| HannesTschofenig | 0:796d0f61a05b | 74 | aes_context; |
| HannesTschofenig | 0:796d0f61a05b | 75 | |
| HannesTschofenig | 0:796d0f61a05b | 76 | /** |
| HannesTschofenig | 0:796d0f61a05b | 77 | * \brief AES key schedule (encryption) |
| HannesTschofenig | 0:796d0f61a05b | 78 | * |
| HannesTschofenig | 0:796d0f61a05b | 79 | * \param ctx AES context to be initialized |
| HannesTschofenig | 0:796d0f61a05b | 80 | * \param key encryption key |
| HannesTschofenig | 0:796d0f61a05b | 81 | * \param keysize must be 128, 192 or 256 |
| HannesTschofenig | 0:796d0f61a05b | 82 | * |
| HannesTschofenig | 0:796d0f61a05b | 83 | * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH |
| HannesTschofenig | 0:796d0f61a05b | 84 | */ |
| HannesTschofenig | 0:796d0f61a05b | 85 | int aes_setkey_enc( aes_context *ctx, const unsigned char *key, |
| HannesTschofenig | 0:796d0f61a05b | 86 | unsigned int keysize ); |
| HannesTschofenig | 0:796d0f61a05b | 87 | |
| HannesTschofenig | 0:796d0f61a05b | 88 | /** |
| HannesTschofenig | 0:796d0f61a05b | 89 | * \brief AES key schedule (decryption) |
| HannesTschofenig | 0:796d0f61a05b | 90 | * |
| HannesTschofenig | 0:796d0f61a05b | 91 | * \param ctx AES context to be initialized |
| HannesTschofenig | 0:796d0f61a05b | 92 | * \param key decryption key |
| HannesTschofenig | 0:796d0f61a05b | 93 | * \param keysize must be 128, 192 or 256 |
| HannesTschofenig | 0:796d0f61a05b | 94 | * |
| HannesTschofenig | 0:796d0f61a05b | 95 | * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH |
| HannesTschofenig | 0:796d0f61a05b | 96 | */ |
| HannesTschofenig | 0:796d0f61a05b | 97 | int aes_setkey_dec( aes_context *ctx, const unsigned char *key, |
| HannesTschofenig | 0:796d0f61a05b | 98 | unsigned int keysize ); |
| HannesTschofenig | 0:796d0f61a05b | 99 | |
| HannesTschofenig | 0:796d0f61a05b | 100 | /** |
| HannesTschofenig | 0:796d0f61a05b | 101 | * \brief AES-ECB block encryption/decryption |
| HannesTschofenig | 0:796d0f61a05b | 102 | * |
| HannesTschofenig | 0:796d0f61a05b | 103 | * \param ctx AES context |
| HannesTschofenig | 0:796d0f61a05b | 104 | * \param mode AES_ENCRYPT or AES_DECRYPT |
| HannesTschofenig | 0:796d0f61a05b | 105 | * \param input 16-byte input block |
| HannesTschofenig | 0:796d0f61a05b | 106 | * \param output 16-byte output block |
| HannesTschofenig | 0:796d0f61a05b | 107 | * |
| HannesTschofenig | 0:796d0f61a05b | 108 | * \return 0 if successful |
| HannesTschofenig | 0:796d0f61a05b | 109 | */ |
| HannesTschofenig | 0:796d0f61a05b | 110 | int aes_crypt_ecb( aes_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 111 | int mode, |
| HannesTschofenig | 0:796d0f61a05b | 112 | const unsigned char input[16], |
| HannesTschofenig | 0:796d0f61a05b | 113 | unsigned char output[16] ); |
| HannesTschofenig | 0:796d0f61a05b | 114 | |
| HannesTschofenig | 0:796d0f61a05b | 115 | #if defined(POLARSSL_CIPHER_MODE_CBC) |
| HannesTschofenig | 0:796d0f61a05b | 116 | /** |
| HannesTschofenig | 0:796d0f61a05b | 117 | * \brief AES-CBC buffer encryption/decryption |
| HannesTschofenig | 0:796d0f61a05b | 118 | * Length should be a multiple of the block |
| HannesTschofenig | 0:796d0f61a05b | 119 | * size (16 bytes) |
| HannesTschofenig | 0:796d0f61a05b | 120 | * |
| HannesTschofenig | 0:796d0f61a05b | 121 | * \param ctx AES context |
| HannesTschofenig | 0:796d0f61a05b | 122 | * \param mode AES_ENCRYPT or AES_DECRYPT |
| HannesTschofenig | 0:796d0f61a05b | 123 | * \param length length of the input data |
| HannesTschofenig | 0:796d0f61a05b | 124 | * \param iv initialization vector (updated after use) |
| HannesTschofenig | 0:796d0f61a05b | 125 | * \param input buffer holding the input data |
| HannesTschofenig | 0:796d0f61a05b | 126 | * \param output buffer holding the output data |
| HannesTschofenig | 0:796d0f61a05b | 127 | * |
| HannesTschofenig | 0:796d0f61a05b | 128 | * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_INPUT_LENGTH |
| HannesTschofenig | 0:796d0f61a05b | 129 | */ |
| HannesTschofenig | 0:796d0f61a05b | 130 | int aes_crypt_cbc( aes_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 131 | int mode, |
| HannesTschofenig | 0:796d0f61a05b | 132 | size_t length, |
| HannesTschofenig | 0:796d0f61a05b | 133 | unsigned char iv[16], |
| HannesTschofenig | 0:796d0f61a05b | 134 | const unsigned char *input, |
| HannesTschofenig | 0:796d0f61a05b | 135 | unsigned char *output ); |
| HannesTschofenig | 0:796d0f61a05b | 136 | #endif /* POLARSSL_CIPHER_MODE_CBC */ |
| HannesTschofenig | 0:796d0f61a05b | 137 | |
| HannesTschofenig | 0:796d0f61a05b | 138 | #if defined(POLARSSL_CIPHER_MODE_CFB) |
| HannesTschofenig | 0:796d0f61a05b | 139 | /** |
| HannesTschofenig | 0:796d0f61a05b | 140 | * \brief AES-CFB128 buffer encryption/decryption. |
| HannesTschofenig | 0:796d0f61a05b | 141 | * |
| HannesTschofenig | 0:796d0f61a05b | 142 | * Note: Due to the nature of CFB you should use the same key schedule for |
| HannesTschofenig | 0:796d0f61a05b | 143 | * both encryption and decryption. So a context initialized with |
| HannesTschofenig | 0:796d0f61a05b | 144 | * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. |
| HannesTschofenig | 0:796d0f61a05b | 145 | * |
| HannesTschofenig | 0:796d0f61a05b | 146 | * \param ctx AES context |
| HannesTschofenig | 0:796d0f61a05b | 147 | * \param mode AES_ENCRYPT or AES_DECRYPT |
| HannesTschofenig | 0:796d0f61a05b | 148 | * \param length length of the input data |
| HannesTschofenig | 0:796d0f61a05b | 149 | * \param iv_off offset in IV (updated after use) |
| HannesTschofenig | 0:796d0f61a05b | 150 | * \param iv initialization vector (updated after use) |
| HannesTschofenig | 0:796d0f61a05b | 151 | * \param input buffer holding the input data |
| HannesTschofenig | 0:796d0f61a05b | 152 | * \param output buffer holding the output data |
| HannesTschofenig | 0:796d0f61a05b | 153 | * |
| HannesTschofenig | 0:796d0f61a05b | 154 | * \return 0 if successful |
| HannesTschofenig | 0:796d0f61a05b | 155 | */ |
| HannesTschofenig | 0:796d0f61a05b | 156 | int aes_crypt_cfb128( aes_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 157 | int mode, |
| HannesTschofenig | 0:796d0f61a05b | 158 | size_t length, |
| HannesTschofenig | 0:796d0f61a05b | 159 | size_t *iv_off, |
| HannesTschofenig | 0:796d0f61a05b | 160 | unsigned char iv[16], |
| HannesTschofenig | 0:796d0f61a05b | 161 | const unsigned char *input, |
| HannesTschofenig | 0:796d0f61a05b | 162 | unsigned char *output ); |
| HannesTschofenig | 0:796d0f61a05b | 163 | |
| HannesTschofenig | 0:796d0f61a05b | 164 | /** |
| HannesTschofenig | 0:796d0f61a05b | 165 | * \brief AES-CFB8 buffer encryption/decryption. |
| HannesTschofenig | 0:796d0f61a05b | 166 | * |
| HannesTschofenig | 0:796d0f61a05b | 167 | * Note: Due to the nature of CFB you should use the same key schedule for |
| HannesTschofenig | 0:796d0f61a05b | 168 | * both encryption and decryption. So a context initialized with |
| HannesTschofenig | 0:796d0f61a05b | 169 | * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. |
| HannesTschofenig | 0:796d0f61a05b | 170 | * |
| HannesTschofenig | 0:796d0f61a05b | 171 | * \param ctx AES context |
| HannesTschofenig | 0:796d0f61a05b | 172 | * \param mode AES_ENCRYPT or AES_DECRYPT |
| HannesTschofenig | 0:796d0f61a05b | 173 | * \param length length of the input data |
| HannesTschofenig | 0:796d0f61a05b | 174 | * \param iv initialization vector (updated after use) |
| HannesTschofenig | 0:796d0f61a05b | 175 | * \param input buffer holding the input data |
| HannesTschofenig | 0:796d0f61a05b | 176 | * \param output buffer holding the output data |
| HannesTschofenig | 0:796d0f61a05b | 177 | * |
| HannesTschofenig | 0:796d0f61a05b | 178 | * \return 0 if successful |
| HannesTschofenig | 0:796d0f61a05b | 179 | */ |
| HannesTschofenig | 0:796d0f61a05b | 180 | int aes_crypt_cfb8( aes_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 181 | int mode, |
| HannesTschofenig | 0:796d0f61a05b | 182 | size_t length, |
| HannesTschofenig | 0:796d0f61a05b | 183 | unsigned char iv[16], |
| HannesTschofenig | 0:796d0f61a05b | 184 | const unsigned char *input, |
| HannesTschofenig | 0:796d0f61a05b | 185 | unsigned char *output ); |
| HannesTschofenig | 0:796d0f61a05b | 186 | #endif /*POLARSSL_CIPHER_MODE_CFB */ |
| HannesTschofenig | 0:796d0f61a05b | 187 | |
| HannesTschofenig | 0:796d0f61a05b | 188 | #if defined(POLARSSL_CIPHER_MODE_CTR) |
| HannesTschofenig | 0:796d0f61a05b | 189 | /** |
| HannesTschofenig | 0:796d0f61a05b | 190 | * \brief AES-CTR buffer encryption/decryption |
| HannesTschofenig | 0:796d0f61a05b | 191 | * |
| HannesTschofenig | 0:796d0f61a05b | 192 | * Warning: You have to keep the maximum use of your counter in mind! |
| HannesTschofenig | 0:796d0f61a05b | 193 | * |
| HannesTschofenig | 0:796d0f61a05b | 194 | * Note: Due to the nature of CTR you should use the same key schedule for |
| HannesTschofenig | 0:796d0f61a05b | 195 | * both encryption and decryption. So a context initialized with |
| HannesTschofenig | 0:796d0f61a05b | 196 | * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. |
| HannesTschofenig | 0:796d0f61a05b | 197 | * |
| HannesTschofenig | 0:796d0f61a05b | 198 | * \param ctx AES context |
| HannesTschofenig | 0:796d0f61a05b | 199 | * \param length The length of the data |
| HannesTschofenig | 0:796d0f61a05b | 200 | * \param nc_off The offset in the current stream_block (for resuming |
| HannesTschofenig | 0:796d0f61a05b | 201 | * within current cipher stream). The offset pointer to |
| HannesTschofenig | 0:796d0f61a05b | 202 | * should be 0 at the start of a stream. |
| HannesTschofenig | 0:796d0f61a05b | 203 | * \param nonce_counter The 128-bit nonce and counter. |
| HannesTschofenig | 0:796d0f61a05b | 204 | * \param stream_block The saved stream-block for resuming. Is overwritten |
| HannesTschofenig | 0:796d0f61a05b | 205 | * by the function. |
| HannesTschofenig | 0:796d0f61a05b | 206 | * \param input The input data stream |
| HannesTschofenig | 0:796d0f61a05b | 207 | * \param output The output data stream |
| HannesTschofenig | 0:796d0f61a05b | 208 | * |
| HannesTschofenig | 0:796d0f61a05b | 209 | * \return 0 if successful |
| HannesTschofenig | 0:796d0f61a05b | 210 | */ |
| HannesTschofenig | 0:796d0f61a05b | 211 | int aes_crypt_ctr( aes_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 212 | size_t length, |
| HannesTschofenig | 0:796d0f61a05b | 213 | size_t *nc_off, |
| HannesTschofenig | 0:796d0f61a05b | 214 | unsigned char nonce_counter[16], |
| HannesTschofenig | 0:796d0f61a05b | 215 | unsigned char stream_block[16], |
| HannesTschofenig | 0:796d0f61a05b | 216 | const unsigned char *input, |
| HannesTschofenig | 0:796d0f61a05b | 217 | unsigned char *output ); |
| HannesTschofenig | 0:796d0f61a05b | 218 | #endif /* POLARSSL_CIPHER_MODE_CTR */ |
| HannesTschofenig | 0:796d0f61a05b | 219 | |
| HannesTschofenig | 0:796d0f61a05b | 220 | #ifdef __cplusplus |
| HannesTschofenig | 0:796d0f61a05b | 221 | } |
| HannesTschofenig | 0:796d0f61a05b | 222 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 223 | |
| HannesTschofenig | 0:796d0f61a05b | 224 | #else /* POLARSSL_AES_ALT */ |
| HannesTschofenig | 0:796d0f61a05b | 225 | #include "aes_alt.h" |
| HannesTschofenig | 0:796d0f61a05b | 226 | #endif /* POLARSSL_AES_ALT */ |
| HannesTschofenig | 0:796d0f61a05b | 227 | |
| HannesTschofenig | 0:796d0f61a05b | 228 | #ifdef __cplusplus |
| HannesTschofenig | 0:796d0f61a05b | 229 | extern "C" { |
| HannesTschofenig | 0:796d0f61a05b | 230 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 231 | |
| HannesTschofenig | 0:796d0f61a05b | 232 | /** |
| HannesTschofenig | 0:796d0f61a05b | 233 | * \brief Checkup routine |
| HannesTschofenig | 0:796d0f61a05b | 234 | * |
| HannesTschofenig | 0:796d0f61a05b | 235 | * \return 0 if successful, or 1 if the test failed |
| HannesTschofenig | 0:796d0f61a05b | 236 | */ |
| HannesTschofenig | 0:796d0f61a05b | 237 | int aes_self_test( int verbose ); |
| HannesTschofenig | 0:796d0f61a05b | 238 | |
| HannesTschofenig | 0:796d0f61a05b | 239 | #ifdef __cplusplus |
| HannesTschofenig | 0:796d0f61a05b | 240 | } |
| HannesTschofenig | 0:796d0f61a05b | 241 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 242 | |
| HannesTschofenig | 0:796d0f61a05b | 243 | #endif /* aes.h */ |
| HannesTschofenig | 0:796d0f61a05b | 244 | |
| HannesTschofenig | 0:796d0f61a05b | 245 |