1 /* aes.h - TinyCrypt interface to an AES-128 implementation */ 2 3 /* 4 * Copyright (C) 2017 by Intel Corporation, All Rights Reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are met: 8 * 9 * - Redistributions of source code must retain the above copyright notice, 10 * this list of conditions and the following disclaimer. 11 * 12 * - Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * - Neither the name of Intel Corporation nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 /** 34 * @file 35 * @brief -- Interface to an AES-128 implementation. 36 * 37 * Overview: AES-128 is a NIST approved block cipher specified in 38 * FIPS 197. Block ciphers are deterministic algorithms that 39 * perform a transformation specified by a symmetric key in fixed- 40 * length data sets, also called blocks. 41 * 42 * Security: AES-128 provides approximately 128 bits of security. 43 * 44 * Usage: 1) call tc_aes128_set_encrypt/decrypt_key to set the key. 45 * 46 * 2) call tc_aes_encrypt/decrypt to process the data. 47 */ 48 49 #ifndef __BLE_MESH_TC_AES_H__ 50 #define __BLE_MESH_TC_AES_H__ 51 52 #include <stdint.h> 53 54 #ifdef __cplusplus 55 extern "C" { 56 #endif 57 58 #define Nb (4) /* number of columns (32-bit words) comprising the state */ 59 #define Nk (4) /* number of 32-bit words comprising the key */ 60 #define Nr (10) /* number of rounds */ 61 #define TC_AES_BLOCK_SIZE (Nb*Nk) 62 #define TC_AES_KEY_SIZE (Nb*Nk) 63 64 typedef struct tc_aes_key_sched_struct { 65 unsigned int words[Nb * (Nr + 1)]; 66 } *TCAesKeySched_t; 67 68 /** 69 * @brief Set AES-128 encryption key 70 * Uses key k to initialize s 71 * @return returns TC_CRYPTO_SUCCESS (1) 72 * returns TC_CRYPTO_FAIL (0) if: s == NULL or k == NULL 73 * @note This implementation skips the additional steps required for keys 74 * larger than 128 bits, and must not be used for AES-192 or 75 * AES-256 key schedule -- see FIPS 197 for details 76 * @param s IN/OUT -- initialized struct tc_aes_key_sched_struct 77 * @param k IN -- points to the AES key 78 */ 79 int tc_aes128_set_encrypt_key(TCAesKeySched_t s, const uint8_t *k); 80 81 /** 82 * @brief AES-128 Encryption procedure 83 * Encrypts contents of in buffer into out buffer under key; 84 * schedule s 85 * @note Assumes s was initialized by aes_set_encrypt_key; 86 * out and in point to 16 byte buffers 87 * @return returns TC_CRYPTO_SUCCESS (1) 88 * returns TC_CRYPTO_FAIL (0) if: out == NULL or in == NULL or s == NULL 89 * @param out IN/OUT -- buffer to receive ciphertext block 90 * @param in IN -- a plaintext block to encrypt 91 * @param s IN -- initialized AES key schedule 92 */ 93 int tc_aes_encrypt(uint8_t *out, const uint8_t *in, 94 const TCAesKeySched_t s); 95 96 /** 97 * @brief Set the AES-128 decryption key 98 * Uses key k to initialize s 99 * @return returns TC_CRYPTO_SUCCESS (1) 100 * returns TC_CRYPTO_FAIL (0) if: s == NULL or k == NULL 101 * @note This is the implementation of the straightforward inverse cipher 102 * using the cipher documented in FIPS-197 figure 12, not the 103 * equivalent inverse cipher presented in Figure 15 104 * @warning This routine skips the additional steps required for keys larger 105 * than 128, and must not be used for AES-192 or AES-256 key 106 * schedule -- see FIPS 197 for details 107 * @param s IN/OUT -- initialized struct tc_aes_key_sched_struct 108 * @param k IN -- points to the AES key 109 */ 110 int tc_aes128_set_decrypt_key(TCAesKeySched_t s, const uint8_t *k); 111 112 /** 113 * @brief AES-128 Encryption procedure 114 * Decrypts in buffer into out buffer under key schedule s 115 * @return returns TC_CRYPTO_SUCCESS (1) 116 * returns TC_CRYPTO_FAIL (0) if: out is NULL or in is NULL or s is NULL 117 * @note Assumes s was initialized by aes_set_encrypt_key 118 * out and in point to 16 byte buffers 119 * @param out IN/OUT -- buffer to receive ciphertext block 120 * @param in IN -- a plaintext block to encrypt 121 * @param s IN -- initialized AES key schedule 122 */ 123 int tc_aes_decrypt(uint8_t *out, const uint8_t *in, 124 const TCAesKeySched_t s); 125 126 #ifdef __cplusplus 127 } 128 #endif 129 130 #endif /* __BLE_MESH_TC_AES_H__ */ 131