1 /* aes.h - TinyCrypt interface to an AES-128 implementation */
2 
3 /*
4  *  Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
5  *
6  *  Redistribution and use in source and binary forms, with or without
7  *  modification, are permitted provided that the following conditions are met:
8  *
9  *    - Redistributions of source code must retain the above copyright notice,
10  *     this list of conditions and the following disclaimer.
11  *
12  *    - Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  *    - Neither the name of Intel Corporation nor the names of its contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  *  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24  *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27  *  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28  *  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29  *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30  *  POSSIBILITY OF SUCH DAMAGE.
31  */
32 
33 /**
34  * @file
35  * @brief -- Interface to an AES-128 implementation.
36  *
37  *  Overview:   AES-128 is a NIST approved block cipher specified in
38  *              FIPS 197. Block ciphers are deterministic algorithms that
39  *              perform a transformation specified by a symmetric key in fixed-
40  *              length data sets, also called blocks.
41  *
42  *  Security:   AES-128 provides approximately 128 bits of security.
43  *
44  *  Usage:      1) call tc_aes128_set_encrypt/decrypt_key to set the key.
45  *
46  *              2) call tc_aes_encrypt/decrypt to process the data.
47  */
48 
49 #ifndef __BLE_MESH_TC_AES_H__
50 #define __BLE_MESH_TC_AES_H__
51 
52 #include <stdint.h>
53 
54 #ifdef __cplusplus
55 extern "C" {
56 #endif
57 
58 #define Nb (4)  /* number of columns (32-bit words) comprising the state */
59 #define Nk (4)  /* number of 32-bit words comprising the key */
60 #define Nr (10) /* number of rounds */
61 #define TC_AES_BLOCK_SIZE (Nb*Nk)
62 #define TC_AES_KEY_SIZE (Nb*Nk)
63 
64 typedef struct tc_aes_key_sched_struct {
65     unsigned int words[Nb * (Nr + 1)];
66 } *TCAesKeySched_t;
67 
68 /**
69  *  @brief Set AES-128 encryption key
70  *  Uses key k to initialize s
71  *  @return  returns TC_CRYPTO_SUCCESS (1)
72  *           returns TC_CRYPTO_FAIL (0) if: s == NULL or k == NULL
73  *  @note       This implementation skips the additional steps required for keys
74  *              larger than 128 bits, and must not be used for AES-192 or
75  *              AES-256 key schedule -- see FIPS 197 for details
76  *  @param      s IN/OUT -- initialized struct tc_aes_key_sched_struct
77  *  @param      k IN -- points to the AES key
78  */
79 int tc_aes128_set_encrypt_key(TCAesKeySched_t s, const uint8_t *k);
80 
81 /**
82  *  @brief AES-128 Encryption procedure
83  *  Encrypts contents of in buffer into out buffer under key;
84  *              schedule s
85  *  @note Assumes s was initialized by aes_set_encrypt_key;
86  *              out and in point to 16 byte buffers
87  *  @return  returns TC_CRYPTO_SUCCESS (1)
88  *           returns TC_CRYPTO_FAIL (0) if: out == NULL or in == NULL or s == NULL
89  *  @param out IN/OUT -- buffer to receive ciphertext block
90  *  @param in IN -- a plaintext block to encrypt
91  *  @param s IN -- initialized AES key schedule
92  */
93 int tc_aes_encrypt(uint8_t *out, const uint8_t *in,
94                    const TCAesKeySched_t s);
95 
96 /**
97  *  @brief Set the AES-128 decryption key
98  *  Uses key k to initialize s
99  *  @return returns TC_CRYPTO_SUCCESS (1)
100  *          returns TC_CRYPTO_FAIL (0) if: s == NULL or k == NULL
101  *  @note       This is the implementation of the straightforward inverse cipher
102  *              using the cipher documented in FIPS-197 figure 12, not the
103  *              equivalent inverse cipher presented in Figure 15
104  *  @warning    This routine skips the additional steps required for keys larger
105  *              than 128, and must not be used for AES-192 or AES-256 key
106  *              schedule -- see FIPS 197 for details
107  *  @param s  IN/OUT -- initialized struct tc_aes_key_sched_struct
108  *  @param k  IN -- points to the AES key
109  */
110 int tc_aes128_set_decrypt_key(TCAesKeySched_t s, const uint8_t *k);
111 
112 /**
113  *  @brief AES-128 Encryption procedure
114  *  Decrypts in buffer into out buffer under key schedule s
115  *  @return returns TC_CRYPTO_SUCCESS (1)
116  *          returns TC_CRYPTO_FAIL (0) if: out is NULL or in is NULL or s is NULL
117  *  @note   Assumes s was initialized by aes_set_encrypt_key
118  *          out and in point to 16 byte buffers
119  *  @param out IN/OUT -- buffer to receive ciphertext block
120  *  @param in IN -- a plaintext block to encrypt
121  *  @param s IN -- initialized AES key schedule
122  */
123 int tc_aes_decrypt(uint8_t *out, const uint8_t *in,
124                    const TCAesKeySched_t s);
125 
126 #ifdef __cplusplus
127 }
128 #endif
129 
130 #endif /* __BLE_MESH_TC_AES_H__ */
131