aes.h 29 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860
  1. /*!
  2. \ingroup AES
  3. \brief This function initializes an AES structure by setting the key and
  4. then setting the initialization vector.
  5. \return 0 On successfully setting key and initialization vector.
  6. \return BAD_FUNC_ARG Returned if key length is invalid.
  7. \param aes pointer to the AES structure to modify
  8. \param key 16, 24, or 32 byte secret key for encryption and decryption
  9. \param len length of the key passed in
  10. \param iv pointer to the initialization vector used to initialize the key
  11. \param dir Cipher direction. Set AES_ENCRYPTION to encrypt, or
  12. AES_DECRYPTION to decrypt.
  13. _Example_
  14. \code
  15. Aes enc;
  16. int ret = 0;
  17. byte key[] = { some 16, 24 or 32 byte key };
  18. byte iv[] = { some 16 byte iv };
  19. if (ret = wc_AesSetKey(&enc, key, AES_BLOCK_SIZE, iv,
  20. AES_ENCRYPTION) != 0) {
  21. // failed to set aes key
  22. }
  23. \endcode
  24. \sa wc_AesSetKeyDirect
  25. \sa wc_AesSetIV
  26. */
  27. WOLFSSL_API int wc_AesSetKey(Aes* aes, const byte* key, word32 len,
  28. const byte* iv, int dir);
  29. /*!
  30. \ingroup AES
  31. \brief This function sets the initialization vector for a
  32. particular AES object. The AES object should be initialized before
  33. calling this function.
  34. \return 0 On successfully setting initialization vector.
  35. \return BAD_FUNC_ARG Returned if AES pointer is NULL.
  36. \param aes pointer to the AES structure on which to set the
  37. initialization vector
  38. \param iv initialization vector used to initialize the AES structure.
  39. If the value is NULL, the default action initializes the iv to 0.
  40. _Example_
  41. \code
  42. Aes enc;
  43. // set enc key
  44. byte iv[] = { some 16 byte iv };
  45. if (ret = wc_AesSetIV(&enc, iv) != 0) {
  46. // failed to set aes iv
  47. }
  48. \endcode
  49. \sa wc_AesSetKeyDirect
  50. \sa wc_AesSetKey
  51. */
  52. WOLFSSL_API int wc_AesSetIV(Aes* aes, const byte* iv);
  53. /*!
  54. \ingroup AES
  55. \brief Encrypts a plaintext message from the input buffer in, and places
  56. the resulting cipher text in the output buffer out using cipher block
  57. chaining with AES. This function requires that the AES object has been
  58. initialized by calling AesSetKey before a message is able to be encrypted.
  59. This function assumes that the input message is AES block length aligned.
  60. PKCS#7 style padding should be added beforehand. This differs from the
  61. OpenSSL AES-CBC methods which add the padding for you. To make the wolfSSL
  62. function and equivalent OpenSSL functions interoperate, one should specify
  63. the -nopad option in the OpenSSL command line function so that it behaves
  64. like the wolfSSL AesCbcEncrypt method and does not add extra padding
  65. during encryption.
  66. \return 0 On successfully encrypting message.
  67. \return BAD_ALIGN_E: Returned on block align error
  68. \param aes pointer to the AES object used to encrypt data
  69. \param out pointer to the output buffer in which to store the ciphertext
  70. of the encrypted message
  71. \param in pointer to the input buffer containing message to be encrypted
  72. \param sz size of input message
  73. _Example_
  74. \code
  75. Aes enc;
  76. int ret = 0;
  77. // initialize enc with AesSetKey, using direction AES_ENCRYPTION
  78. byte msg[AES_BLOCK_SIZE * n]; // multiple of 16 bytes
  79. // fill msg with data
  80. byte cipher[AES_BLOCK_SIZE * n]; // Some multiple of 16 bytes
  81. if ((ret = wc_AesCbcEncrypt(&enc, cipher, message, sizeof(msg))) != 0 ) {
  82. // block align error
  83. }
  84. \endcode
  85. \sa wc_AesSetKey
  86. \sa wc_AesSetIV
  87. \sa wc_AesCbcDecrypt
  88. */
  89. WOLFSSL_API int wc_AesCbcEncrypt(Aes* aes, byte* out,
  90. const byte* in, word32 sz);
  91. /*!
  92. \ingroup AES
  93. \brief Decrypts a cipher from the input buffer in, and places the
  94. resulting plain text in the output buffer out using cipher block chaining
  95. with AES. This function requires that the AES structure has been
  96. initialized by calling AesSetKey before a message is able to be decrypted.
  97. This function assumes that the original message was AES block length
  98. aligned. This differs from the OpenSSL AES-CBC methods which do not
  99. require alignment as it adds PKCS#7 padding automatically. To make the
  100. wolfSSL function and equivalent OpenSSL functions interoperate, one
  101. should specify the -nopad option in the OpenSSL command line function
  102. so that it behaves like the wolfSSL AesCbcEncrypt method and does not
  103. create errors during decryption.
  104. \return 0 On successfully decrypting message.
  105. \return BAD_ALIGN_E Returned on block align error.
  106. \param aes pointer to the AES object used to decrypt data.
  107. \param out pointer to the output buffer in which to store the plain text
  108. of the decrypted message.
  109. \param in pointer to the input buffer containing cipher text to be
  110. decrypted.
  111. \param sz size of input message.
  112. _Example_
  113. \code
  114. Aes dec;
  115. int ret = 0;
  116. // initialize dec with AesSetKey, using direction AES_DECRYPTION
  117. byte cipher[AES_BLOCK_SIZE * n]; // some multiple of 16 bytes
  118. // fill cipher with cipher text
  119. byte plain [AES_BLOCK_SIZE * n];
  120. if ((ret = wc_AesCbcDecrypt(&dec, plain, cipher, sizeof(cipher))) != 0 ) {
  121. // block align error
  122. }
  123. \endcode
  124. \sa wc_AesSetKey
  125. \sa wc_AesCbcEncrypt
  126. */
  127. WOLFSSL_API int wc_AesCbcDecrypt(Aes* aes, byte* out,
  128. const byte* in, word32 sz);
  129. /*!
  130. \ingroup AES
  131. \brief Encrypts/Decrypts a message from the input buffer in, and places
  132. the resulting cipher text in the output buffer out using CTR mode with
  133. AES. This function is only enabled if WOLFSSL_AES_COUNTER is enabled at
  134. compile time. The AES structure should be initialized through AesSetKey
  135. before calling this function. Note that this function is used for both
  136. decryption and encryption. _NOTE:_ Regarding using same API for encryption
  137. and decryption. User should differentiate between Aes structures
  138. for encrypt/decrypt.
  139. \return int integer values corresponding to wolfSSL error or success
  140. status
  141. \param aes pointer to the AES object used to decrypt data
  142. \param out pointer to the output buffer in which to store the cipher
  143. text of the encrypted message
  144. \param in pointer to the input buffer containing plain text to be encrypted
  145. \param sz size of the input plain text
  146. _Example_
  147. \code
  148. Aes enc;
  149. Aes dec;
  150. // initialize enc and dec with AesSetKeyDirect, using direction
  151. AES_ENCRYPTION
  152. // since the underlying API only calls Encrypt and by default calling
  153. encrypt on
  154. // a cipher results in a decryption of the cipher
  155. byte msg[AES_BLOCK_SIZE * n]; //n being a positive integer making msg
  156. some multiple of 16 bytes
  157. // fill plain with message text
  158. byte cipher[AES_BLOCK_SIZE * n];
  159. byte decrypted[AES_BLOCK_SIZE * n];
  160. wc_AesCtrEncrypt(&enc, cipher, msg, sizeof(msg)); // encrypt plain
  161. wc_AesCtrEncrypt(&dec, decrypted, cipher, sizeof(cipher));
  162. // decrypt cipher text
  163. \endcode
  164. \sa wc_AesSetKey
  165. */
  166. WOLFSSL_API int wc_AesCtrEncrypt(Aes* aes, byte* out,
  167. const byte* in, word32 sz);
  168. /*!
  169. \ingroup AES
  170. \brief This function is a one-block encrypt of the input block, in, into
  171. the output block, out. It uses the key and iv (initialization vector)
  172. of the provided AES structure, which should be initialized with
  173. wc_AesSetKey before calling this function. It is only enabled if the
  174. configure option WOLFSSL_AES_DIRECT is enabled. __Warning:__ In nearly all
  175. use cases ECB mode is considered to be less secure. Please avoid using ECB
  176. API’s directly whenever possible
  177. \param aes pointer to the AES object used to encrypt data
  178. \param out pointer to the output buffer in which to store the cipher
  179. text of the encrypted message
  180. \param in pointer to the input buffer containing plain text to be encrypted
  181. _Example_
  182. \code
  183. Aes enc;
  184. // initialize enc with AesSetKey, using direction AES_ENCRYPTION
  185. byte msg [AES_BLOCK_SIZE]; // 16 bytes
  186. // initialize msg with plain text to encrypt
  187. byte cipher[AES_BLOCK_SIZE];
  188. wc_AesEncryptDirect(&enc, cipher, msg);
  189. \endcode
  190. \sa wc_AesDecryptDirect
  191. \sa wc_AesSetKeyDirect
  192. */
  193. WOLFSSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in);
  194. /*!
  195. \ingroup AES
  196. \brief This function is a one-block decrypt of the input block, in, into
  197. the output block, out. It uses the key and iv (initialization vector) of
  198. the provided AES structure, which should be initialized with wc_AesSetKey
  199. before calling this function. It is only enabled if the configure option
  200. WOLFSSL_AES_DIRECT is enabled, and there is support for direct AES
  201. encryption on the system in question. __Warning:__ In nearly all use cases
  202. ECB mode is considered to be less secure. Please avoid using ECB API’s
  203. directly whenever possible
  204. \return none
  205. \param aes pointer to the AES object used to encrypt data
  206. \param out pointer to the output buffer in which to store the plain
  207. text of the decrypted cipher text
  208. \param in pointer to the input buffer containing cipher text to be
  209. decrypted
  210. _Example_
  211. \code
  212. Aes dec;
  213. // initialize enc with AesSetKey, using direction AES_DECRYPTION
  214. byte cipher [AES_BLOCK_SIZE]; // 16 bytes
  215. // initialize cipher with cipher text to decrypt
  216. byte msg[AES_BLOCK_SIZE];
  217. wc_AesDecryptDirect(&dec, msg, cipher);
  218. \endcode
  219. \sa wc_AesEncryptDirect
  220. \sa wc_AesSetKeyDirect
  221. */
  222. WOLFSSL_API void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in);
  223. /*!
  224. \ingroup AES
  225. \brief This function is used to set the AES keys for CTR mode with AES.
  226. It initializes an AES object with the given key, iv
  227. (initialization vector), and encryption dir (direction). It is only
  228. enabled if the configure option WOLFSSL_AES_DIRECT is enabled.
  229. Currently wc_AesSetKeyDirect uses wc_AesSetKey internally. __Warning:__ In
  230. nearly all use cases ECB mode is considered to be less secure. Please avoid
  231. using ECB API’s directly whenever possible
  232. \return 0 On successfully setting the key.
  233. \return BAD_FUNC_ARG Returned if the given key is an invalid length.
  234. \param aes pointer to the AES object used to encrypt data
  235. \param key 16, 24, or 32 byte secret key for encryption and decryption
  236. \param len length of the key passed in
  237. \param iv initialization vector used to initialize the key
  238. \param dir Cipher direction. Set AES_ENCRYPTION to encrypt, or
  239. AES_DECRYPTION to decrypt. (See enum in wolfssl/wolfcrypt/aes.h)
  240. (NOTE: If using wc_AesSetKeyDirect with Aes Counter mode (Stream cipher)
  241. only use AES_ENCRYPTION for both encrypting and decrypting)
  242. _Example_
  243. \code
  244. Aes enc;
  245. int ret = 0;
  246. byte key[] = { some 16, 24, or 32 byte key };
  247. byte iv[] = { some 16 byte iv };
  248. if (ret = wc_AesSetKeyDirect(&enc, key, sizeof(key), iv,
  249. AES_ENCRYPTION) != 0) {
  250. // failed to set aes key
  251. }
  252. \endcode
  253. \sa wc_AesEncryptDirect
  254. \sa wc_AesDecryptDirect
  255. \sa wc_AesSetKey
  256. */
  257. WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
  258. const byte* iv, int dir);
  259. /*!
  260. \ingroup AES
  261. \brief This function is used to set the key for AES GCM
  262. (Galois/Counter Mode). It initializes an AES object with the
  263. given key. It is only enabled if the configure option
  264. HAVE_AESGCM is enabled at compile time.
  265. \return 0 On successfully setting the key.
  266. \return BAD_FUNC_ARG Returned if the given key is an invalid length.
  267. \param aes pointer to the AES object used to encrypt data
  268. \param key 16, 24, or 32 byte secret key for encryption and decryption
  269. \param len length of the key passed in
  270. _Example_
  271. \code
  272. Aes enc;
  273. int ret = 0;
  274. byte key[] = { some 16, 24,32 byte key };
  275. if (ret = wc_AesGcmSetKey(&enc, key, sizeof(key)) != 0) {
  276. // failed to set aes key
  277. }
  278. \endcode
  279. \sa wc_AesGcmEncrypt
  280. \sa wc_AesGcmDecrypt
  281. */
  282. WOLFSSL_API int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len);
  283. /*!
  284. \ingroup AES
  285. \brief This function encrypts the input message, held in the buffer in,
  286. and stores the resulting cipher text in the output buffer out. It
  287. requires a new iv (initialization vector) for each call to encrypt.
  288. It also encodes the input authentication vector, authIn, into the
  289. authentication tag, authTag.
  290. \return 0 On successfully encrypting the input message
  291. \param aes - pointer to the AES object used to encrypt data
  292. \param out pointer to the output buffer in which to store the cipher text
  293. \param in pointer to the input buffer holding the message to encrypt
  294. \param sz length of the input message to encrypt
  295. \param iv pointer to the buffer containing the initialization vector
  296. \param ivSz length of the initialization vector
  297. \param authTag pointer to the buffer in which to store the
  298. authentication tag
  299. \param authTagSz length of the desired authentication tag
  300. \param authIn pointer to the buffer containing the input
  301. authentication vector
  302. \param authInSz length of the input authentication vector
  303. _Example_
  304. \code
  305. Aes enc;
  306. // initialize aes structure by calling wc_AesGcmSetKey
  307. byte plain[AES_BLOCK_LENGTH * n]; //n being a positive integer
  308. making plain some multiple of 16 bytes
  309. // initialize plain with msg to encrypt
  310. byte cipher[sizeof(plain)];
  311. byte iv[] = // some 16 byte iv
  312. byte authTag[AUTH_TAG_LENGTH];
  313. byte authIn[] = // Authentication Vector
  314. wc_AesGcmEncrypt(&enc, cipher, plain, sizeof(cipher), iv, sizeof(iv),
  315. authTag, sizeof(authTag), authIn, sizeof(authIn));
  316. \endcode
  317. \sa wc_AesGcmSetKey
  318. \sa wc_AesGcmDecrypt
  319. */
  320. WOLFSSL_API int wc_AesGcmEncrypt(Aes* aes, byte* out,
  321. const byte* in, word32 sz,
  322. const byte* iv, word32 ivSz,
  323. byte* authTag, word32 authTagSz,
  324. const byte* authIn, word32 authInSz);
  325. /*!
  326. \ingroup AES
  327. \brief This function decrypts the input cipher text, held in the buffer
  328. in, and stores the resulting message text in the output buffer out.
  329. It also checks the input authentication vector, authIn, against the
  330. supplied authentication tag, authTag.
  331. \return 0 On successfully decrypting the input message
  332. \return AES_GCM_AUTH_E If the authentication tag does not match the
  333. supplied authentication code vector, authTag.
  334. \param aes pointer to the AES object used to encrypt data
  335. \param out pointer to the output buffer in which to store the message text
  336. \param in pointer to the input buffer holding the cipher text to decrypt
  337. \param sz length of the cipher text to decrypt
  338. \param iv pointer to the buffer containing the initialization vector
  339. \param ivSz length of the initialization vector
  340. \param authTag pointer to the buffer containing the authentication tag
  341. \param authTagSz length of the desired authentication tag
  342. \param authIn pointer to the buffer containing the input
  343. authentication vector
  344. \param authInSz length of the input authentication vector
  345. _Example_
  346. \code
  347. Aes enc; //can use the same struct as was passed to wc_AesGcmEncrypt
  348. // initialize aes structure by calling wc_AesGcmSetKey if not already done
  349. byte cipher[AES_BLOCK_LENGTH * n]; //n being a positive integer
  350. making cipher some multiple of 16 bytes
  351. // initialize cipher with cipher text to decrypt
  352. byte output[sizeof(cipher)];
  353. byte iv[] = // some 16 byte iv
  354. byte authTag[AUTH_TAG_LENGTH];
  355. byte authIn[] = // Authentication Vector
  356. wc_AesGcmDecrypt(&enc, output, cipher, sizeof(cipher), iv, sizeof(iv),
  357. authTag, sizeof(authTag), authIn, sizeof(authIn));
  358. \endcode
  359. \sa wc_AesGcmSetKey
  360. \sa wc_AesGcmEncrypt
  361. */
  362. WOLFSSL_API int wc_AesGcmDecrypt(Aes* aes, byte* out,
  363. const byte* in, word32 sz,
  364. const byte* iv, word32 ivSz,
  365. const byte* authTag, word32 authTagSz,
  366. const byte* authIn, word32 authInSz);
  367. /*!
  368. \ingroup AES
  369. \brief This function initializes and sets the key for a GMAC object
  370. to be used for Galois Message Authentication.
  371. \return 0 On successfully setting the key
  372. \return BAD_FUNC_ARG Returned if key length is invalid.
  373. \param gmac pointer to the gmac object used for authentication
  374. \param key 16, 24, or 32 byte secret key for authentication
  375. \param len length of the key
  376. _Example_
  377. \code
  378. Gmac gmac;
  379. key[] = { some 16, 24, or 32 byte length key };
  380. wc_GmacSetKey(&gmac, key, sizeof(key));
  381. \endcode
  382. \sa wc_GmacUpdate
  383. */
  384. WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len);
  385. /*!
  386. \ingroup AES
  387. \brief This function generates the Gmac hash of the authIn input and
  388. stores the result in the authTag buffer. After running wc_GmacUpdate,
  389. one should compare the generated authTag to a known authentication tag
  390. to verify the authenticity of a message.
  391. \return 0 On successfully computing the Gmac hash.
  392. \param gmac pointer to the gmac object used for authentication
  393. \param iv initialization vector used for the hash
  394. \param ivSz size of the initialization vector used
  395. \param authIn pointer to the buffer containing the authentication
  396. vector to verify
  397. \param authInSz size of the authentication vector
  398. \param authTag pointer to the output buffer in which to store the Gmac hash
  399. \param authTagSz the size of the output buffer used to store the Gmac hash
  400. _Example_
  401. \code
  402. Gmac gmac;
  403. key[] = { some 16, 24, or 32 byte length key };
  404. iv[] = { some 16 byte length iv };
  405. wc_GmacSetKey(&gmac, key, sizeof(key));
  406. authIn[] = { some 16 byte authentication input };
  407. tag[AES_BLOCK_SIZE]; // will store authentication code
  408. wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn), tag,
  409. sizeof(tag));
  410. \endcode
  411. \sa wc_GmacSetKey
  412. */
  413. WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
  414. const byte* authIn, word32 authInSz,
  415. byte* authTag, word32 authTagSz);
  416. /*!
  417. \ingroup AES
  418. \brief This function sets the key for an AES object using CCM
  419. (Counter with CBC-MAC). It takes a pointer to an AES structure and
  420. initializes it with supplied key.
  421. \return none
  422. \param aes aes structure in which to store the supplied key
  423. \param key 16, 24, or 32 byte secret key for encryption and decryption
  424. \param keySz size of the supplied key
  425. _Example_
  426. \code
  427. Aes enc;
  428. key[] = { some 16, 24, or 32 byte length key };
  429. wc_AesCcmSetKey(&aes, key, sizeof(key));
  430. \endcode
  431. \sa wc_AesCcmEncrypt
  432. \sa wc_AesCcmDecrypt
  433. */
  434. WOLFSSL_API int wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz);
  435. /*!
  436. \ingroup AES
  437. \brief This function encrypts the input message, in, into the output
  438. buffer, out, using CCM (Counter with CBC-MAC). It subsequently
  439. calculates and stores the authorization tag, authTag, from the
  440. authIn input.
  441. \return none
  442. \param aes pointer to the AES object used to encrypt data
  443. \param out pointer to the output buffer in which to store the cipher text
  444. \param in pointer to the input buffer holding the message to encrypt
  445. \param sz length of the input message to encrypt
  446. \param nonce pointer to the buffer containing the nonce
  447. (number only used once)
  448. \param nonceSz length of the nonce
  449. \param authTag pointer to the buffer in which to store the
  450. authentication tag
  451. \param authTagSz length of the desired authentication tag
  452. \param authIn pointer to the buffer containing the input
  453. authentication vector
  454. \param authInSz length of the input authentication vector
  455. _Example_
  456. \code
  457. Aes enc;
  458. // initialize enc with wc_AesCcmSetKey
  459. nonce[] = { initialize nonce };
  460. plain[] = { some plain text message };
  461. cipher[sizeof(plain)];
  462. authIn[] = { some 16 byte authentication input };
  463. tag[AES_BLOCK_SIZE]; // will store authentication code
  464. wc_AesCcmEncrypt(&enc, cipher, plain, sizeof(plain), nonce, sizeof(nonce),
  465. tag, sizeof(tag), authIn, sizeof(authIn));
  466. \endcode
  467. \sa wc_AesCcmSetKey
  468. \sa wc_AesCcmDecrypt
  469. */
  470. WOLFSSL_API int wc_AesCcmEncrypt(Aes* aes, byte* out,
  471. const byte* in, word32 inSz,
  472. const byte* nonce, word32 nonceSz,
  473. byte* authTag, word32 authTagSz,
  474. const byte* authIn, word32 authInSz);
  475. /*!
  476. \ingroup AES
  477. \brief This function decrypts the input cipher text, in, into
  478. the output buffer, out, using CCM (Counter with CBC-MAC). It
  479. subsequently calculates the authorization tag, authTag, from the
  480. authIn input. If the authorization tag is invalid, it sets the
  481. output buffer to zero and returns the error: AES_CCM_AUTH_E.
  482. \return 0 On successfully decrypting the input message
  483. \return AES_CCM_AUTH_E If the authentication tag does not match the
  484. supplied authentication code vector, authTag.
  485. \param aes pointer to the AES object used to encrypt data
  486. \param out pointer to the output buffer in which to store the cipher text
  487. \param in pointer to the input buffer holding the message to encrypt
  488. \param sz length of the input cipher text to decrypt
  489. \param nonce pointer to the buffer containing the nonce
  490. (number only used once)
  491. \param nonceSz length of the nonce
  492. \param authTag pointer to the buffer in which to store the
  493. authentication tag
  494. \param authTagSz length of the desired authentication tag
  495. \param authIn pointer to the buffer containing the input
  496. authentication vector
  497. \param authInSz length of the input authentication vector
  498. _Example_
  499. \code
  500. Aes dec;
  501. // initialize dec with wc_AesCcmSetKey
  502. nonce[] = { initialize nonce };
  503. cipher[] = { encrypted message };
  504. plain[sizeof(cipher)];
  505. authIn[] = { some 16 byte authentication input };
  506. tag[AES_BLOCK_SIZE] = { authentication tag received for verification };
  507. int return = wc_AesCcmDecrypt(&dec, plain, cipher, sizeof(cipher),
  508. nonce, sizeof(nonce),tag, sizeof(tag), authIn, sizeof(authIn));
  509. if(return != 0) {
  510. // decrypt error, invalid authentication code
  511. }
  512. \endcode
  513. \sa wc_AesCcmSetKey
  514. \sa wc_AesCcmEncrypt
  515. */
  516. WOLFSSL_API int wc_AesCcmDecrypt(Aes* aes, byte* out,
  517. const byte* in, word32 inSz,
  518. const byte* nonce, word32 nonceSz,
  519. const byte* authTag, word32 authTagSz,
  520. const byte* authIn, word32 authInSz);
  521. /*!
  522. \ingroup AES
  523. \brief This is to help with setting keys to correct encrypt or
  524. decrypt type. It is up to user to call wc_AesXtsFree on aes key when done.
  525. \return 0 Success
  526. \param aes AES keys for encrypt/decrypt process
  527. \param key buffer holding aes key | tweak key
  528. \param len length of key buffer in bytes. Should be twice that of
  529. key size.
  530. i.e. 32 for a 16 byte key.
  531. \param dir direction, either AES_ENCRYPTION or AES_DECRYPTION
  532. \param heap heap hint to use for memory. Can be NULL
  533. \param devId id to use with async crypto. Can be 0
  534. _Example_
  535. \code
  536. XtsAes aes;
  537. if(wc_AesXtsSetKey(&aes, key, sizeof(key), AES_ENCRYPTION, NULL, 0) != 0)
  538. {
  539. // Handle error
  540. }
  541. wc_AesXtsFree(&aes);
  542. \endcode
  543. \sa wc_AesXtsEncrypt
  544. \sa wc_AesXtsDecrypt
  545. \sa wc_AesXtsFree
  546. */
  547. WOLFSSL_API int wc_AesXtsSetKey(XtsAes* aes, const byte* key,
  548. word32 len, int dir, void* heap, int devId);
  549. /*!
  550. \ingroup AES
  551. \brief Same process as wc_AesXtsEncrypt but uses a word64 type as the tweak
  552. value instead of a byte array. This just converts the word64 to a
  553. byte array and calls wc_AesXtsEncrypt.
  554. \return 0 Success
  555. \param aes AES keys to use for block encrypt/decrypt
  556. \param out output buffer to hold cipher text
  557. \param in input plain text buffer to encrypt
  558. \param sz size of both out and in buffers
  559. \param sector value to use for tweak
  560. _Example_
  561. \code
  562. XtsAes aes;
  563. unsigned char plain[SIZE];
  564. unsigned char cipher[SIZE];
  565. word64 s = VALUE;
  566. //set up keys with AES_ENCRYPTION as dir
  567. if(wc_AesXtsEncryptSector(&aes, cipher, plain, SIZE, s) != 0)
  568. {
  569. // Handle error
  570. }
  571. wc_AesXtsFree(&aes);
  572. \endcode
  573. \sa wc_AesXtsEncrypt
  574. \sa wc_AesXtsDecrypt
  575. \sa wc_AesXtsSetKey
  576. \sa wc_AesXtsFree
  577. */
  578. WOLFSSL_API int wc_AesXtsEncryptSector(XtsAes* aes, byte* out,
  579. const byte* in, word32 sz, word64 sector);
  580. /*!
  581. \ingroup AES
  582. \brief Same process as wc_AesXtsDecrypt but uses a word64 type as the tweak
  583. value instead of a byte array. This just converts the word64 to a
  584. byte array.
  585. \return 0 Success
  586. \param aes AES keys to use for block encrypt/decrypt
  587. \param out output buffer to hold plain text
  588. \param in input cipher text buffer to decrypt
  589. \param sz size of both out and in buffers
  590. \param sector value to use for tweak
  591. _Example_
  592. \code
  593. XtsAes aes;
  594. unsigned char plain[SIZE];
  595. unsigned char cipher[SIZE];
  596. word64 s = VALUE;
  597. //set up aes key with AES_DECRYPTION as dir and tweak with AES_ENCRYPTION
  598. if(wc_AesXtsDecryptSector(&aes, plain, cipher, SIZE, s) != 0)
  599. {
  600. // Handle error
  601. }
  602. wc_AesXtsFree(&aes);
  603. \endcode
  604. \sa wc_AesXtsEncrypt
  605. \sa wc_AesXtsDecrypt
  606. \sa wc_AesXtsSetKey
  607. \sa wc_AesXtsFree
  608. */
  609. WOLFSSL_API int wc_AesXtsDecryptSector(XtsAes* aes, byte* out,
  610. const byte* in, word32 sz, word64 sector);
  611. /*!
  612. \ingroup AES
  613. \brief AES with XTS mode. (XTS) XEX encryption with Tweak and cipher text
  614. Stealing.
  615. \return 0 Success
  616. \param aes AES keys to use for block encrypt/decrypt
  617. \param out output buffer to hold cipher text
  618. \param in input plain text buffer to encrypt
  619. \param sz size of both out and in buffers
  620. \param i value to use for tweak
  621. \param iSz size of i buffer, should always be AES_BLOCK_SIZE but having
  622. this input adds a sanity check on how the user calls the
  623. function.
  624. _Example_
  625. \code
  626. XtsAes aes;
  627. unsigned char plain[SIZE];
  628. unsigned char cipher[SIZE];
  629. unsigned char i[AES_BLOCK_SIZE];
  630. //set up key with AES_ENCRYPTION as dir
  631. if(wc_AesXtsEncrypt(&aes, cipher, plain, SIZE, i, sizeof(i)) != 0)
  632. {
  633. // Handle error
  634. }
  635. wc_AesXtsFree(&aes);
  636. \endcode
  637. \sa wc_AesXtsDecrypt
  638. \sa wc_AesXtsSetKey
  639. \sa wc_AesXtsFree
  640. */
  641. WOLFSSL_API int wc_AesXtsEncrypt(XtsAes* aes, byte* out,
  642. const byte* in, word32 sz, const byte* i, word32 iSz);
  643. /*!
  644. \ingroup AES
  645. \brief Same process as encryption but Aes key is AES_DECRYPTION type.
  646. \return 0 Success
  647. \param aes AES keys to use for block encrypt/decrypt
  648. \param out output buffer to hold plain text
  649. \param in input cipher text buffer to decrypt
  650. \param sz size of both out and in buffers
  651. \param i value to use for tweak
  652. \param iSz size of i buffer, should always be AES_BLOCK_SIZE but having
  653. this input adds a sanity check on how the user calls the
  654. function.
  655. _Example_
  656. \code
  657. XtsAes aes;
  658. unsigned char plain[SIZE];
  659. unsigned char cipher[SIZE];
  660. unsigned char i[AES_BLOCK_SIZE];
  661. //set up key with AES_DECRYPTION as dir and tweak with AES_ENCRYPTION
  662. if(wc_AesXtsDecrypt(&aes, plain, cipher, SIZE, i, sizeof(i)) != 0)
  663. {
  664. // Handle error
  665. }
  666. wc_AesXtsFree(&aes);
  667. \endcode
  668. \sa wc_AesXtsEncrypt
  669. \sa wc_AesXtsSetKey
  670. \sa wc_AesXtsFree
  671. */
  672. WOLFSSL_API int wc_AesXtsDecrypt(XtsAes* aes, byte* out,
  673. const byte* in, word32 sz, const byte* i, word32 iSz);
  674. /*!
  675. \ingroup AES
  676. \brief This is to free up any resources used by the XtsAes structure
  677. \return 0 Success
  678. \param aes AES keys to free
  679. _Example_
  680. \code
  681. XtsAes aes;
  682. if(wc_AesXtsSetKey(&aes, key, sizeof(key), AES_ENCRYPTION, NULL, 0) != 0)
  683. {
  684. // Handle error
  685. }
  686. wc_AesXtsFree(&aes);
  687. \endcode
  688. \sa wc_AesXtsEncrypt
  689. \sa wc_AesXtsDecrypt
  690. \sa wc_AesXtsSetKey
  691. */
  692. WOLFSSL_API int wc_AesXtsFree(XtsAes* aes);
  693. /*!
  694. \ingroup AES
  695. \brief Initialize Aes structure. Sets heap hint to be used and ID for use
  696. with async hardware
  697. \return 0 Success
  698. \param aes aes structure in to initialize
  699. \param heap heap hint to use for malloc / free if needed
  700. \param devId ID to use with async hardware
  701. _Example_
  702. \code
  703. Aes enc;
  704. void* hint = NULL;
  705. int devId = INVALID_DEVID; //if not using async INVALID_DEVID is default
  706. //heap hint could be set here if used
  707. wc_AesInit(&aes, hint, devId);
  708. \endcode
  709. \sa wc_AesSetKey
  710. \sa wc_AesSetIV
  711. */
  712. WOLFSSL_API int wc_AesInit(Aes*, void*, int);