- Timestamp:
- Feb 7, 2019, 8:36:33 AM (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
asp3_tinet_ecnl_rx/trunk/wolfssl-3.12.2/wolfssl/wolfcrypt/aes.h
r337 r372 20 20 */ 21 21 22 /*! 23 \file wolfssl/wolfcrypt/aes.h 24 */ 25 22 26 23 27 #ifndef WOLF_CRYPT_AES_H … … 28 32 #ifndef NO_AES 29 33 34 #if defined(HAVE_FIPS) && \ 35 defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) 36 #include <wolfssl/wolfcrypt/fips.h> 37 #endif /* HAVE_FIPS_VERSION >= 2 */ 38 30 39 /* included for fips @wc_fips */ 31 #ifdef HAVE_FIPS 40 #if defined(HAVE_FIPS) && \ 41 (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) 32 42 #include <cyassl/ctaocrypt/aes.h> 33 43 #if defined(CYASSL_AES_COUNTER) && !defined(WOLFSSL_AES_COUNTER) … … 39 49 #endif 40 50 41 #ifndef HAVE_FIPS /* to avoid redefinition of macros */ 51 #ifndef WC_NO_RNG 52 #include <wolfssl/wolfcrypt/random.h> 53 #endif 54 #ifdef STM32_CRYPTO 55 #include <wolfssl/wolfcrypt/port/st/stm32.h> 56 #endif 42 57 43 58 #ifdef WOLFSSL_AESNI … … 49 64 #endif /* WOLFSSL_AESNI */ 50 65 66 51 67 #ifdef WOLFSSL_XILINX_CRYPT 52 68 #include "xsecure_aes.h" 53 69 #endif 54 70 55 #endif /* HAVE_FIPS */ 71 #ifdef WOLFSSL_AFALG 72 /* included for struct msghdr */ 73 #include <sys/socket.h> 74 #endif 75 76 #if defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC) 77 #include <wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h> 78 #endif 79 80 #if defined(HAVE_AESGCM) && !defined(WC_NO_RNG) 81 #include <wolfssl/wolfcrypt/random.h> 82 #endif 83 56 84 57 85 #ifdef __cplusplus … … 59 87 #endif 60 88 61 #ifndef HAVE_FIPS /* to avoid redefinition of structures */ 89 /* these are required for FIPS and non-FIPS */ 90 enum { 91 AES_128_KEY_SIZE = 16, /* for 128 bit */ 92 AES_192_KEY_SIZE = 24, /* for 192 bit */ 93 AES_256_KEY_SIZE = 32, /* for 256 bit */ 94 95 AES_IV_SIZE = 16, /* always block size */ 96 }; 97 98 99 /* avoid redefinition of structs */ 100 #if !defined(HAVE_FIPS) || \ 101 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) 62 102 63 103 #ifdef WOLFSSL_ASYNC_CRYPT … … 66 106 67 107 enum { 68 AES_ENC_TYPE = 1, /* cipher unique type */108 AES_ENC_TYPE = WC_CIPHER_AES, /* cipher unique type */ 69 109 AES_ENCRYPTION = 0, 70 110 AES_DECRYPTION = 1, 111 112 AES_BLOCK_SIZE = 16, 113 71 114 KEYWRAP_BLOCK_SIZE = 8, 72 AES_BLOCK_SIZE = 16 115 116 GCM_NONCE_MAX_SZ = 16, /* wolfCrypt's maximum nonce size allowed. */ 117 GCM_NONCE_MID_SZ = 12, /* The usual default nonce size for AES-GCM. */ 118 GCM_NONCE_MIN_SZ = 8, /* wolfCrypt's minimum nonce size allowed. */ 119 CCM_NONCE_MIN_SZ = 7, 120 CCM_NONCE_MAX_SZ = 13, 121 CTR_SZ = 4, 122 AES_IV_FIXED_SZ = 4, 123 124 #ifdef HAVE_PKCS11 125 AES_MAX_ID_LEN = 32, 126 #endif 73 127 }; 74 128 … … 83 137 ALIGN16 word32 tmp[AES_BLOCK_SIZE / sizeof(word32)]; /* same */ 84 138 139 #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) 140 word32 invokeCtr[2]; 141 word32 nonceSz; 142 #endif 85 143 #ifdef HAVE_AESGCM 86 144 ALIGN16 byte H[AES_BLOCK_SIZE]; … … 93 151 byte use_aesni; 94 152 #endif /* WOLFSSL_AESNI */ 153 #ifdef WOLF_CRYPTO_DEV 154 int devId; 155 #endif 156 #ifdef HAVE_PKCS11 157 byte id[AES_MAX_ID_LEN]; 158 int idLen; 159 #endif 95 160 #ifdef WOLFSSL_ASYNC_CRYPT 96 161 word32 asyncKey[AES_MAX_KEY_SIZE/8/sizeof(word32)]; /* raw key */ … … 98 163 WC_ASYNC_DEV asyncDev; 99 164 #endif /* WOLFSSL_ASYNC_CRYPT */ 100 #if def WOLFSSL_AES_COUNTER165 #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) 101 166 word32 left; /* unused bytes left from last call */ 102 167 #endif … … 106 171 word32 key_init[8]; 107 172 word32 kup; 173 #endif 174 #ifdef WOLFSSL_AFALG 175 int alFd; /* server socket to bind to */ 176 int rdFd; /* socket to read from */ 177 struct msghdr msg; 178 int dir; /* flag for encrpyt or decrypt */ 179 #endif 180 #if defined(WOLFSSL_DEVCRYPTO) && \ 181 (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC)) 182 word32 devKey[AES_MAX_KEY_SIZE/WOLFSSL_BIT_SIZE/sizeof(word32)]; /* raw key */ 183 WC_CRYPTODEV ctx; 108 184 #endif 109 185 void* heap; /* memory hint to use */ … … 141 217 const byte* iv, int dir); 142 218 WOLFSSL_API int wc_AesSetIV(Aes* aes, const byte* iv); 219 220 #ifdef HAVE_AES_CBC 143 221 WOLFSSL_API int wc_AesCbcEncrypt(Aes* aes, byte* out, 144 222 const byte* in, word32 sz); 145 223 WOLFSSL_API int wc_AesCbcDecrypt(Aes* aes, byte* out, 146 224 const byte* in, word32 sz); 225 #endif 226 227 #ifdef WOLFSSL_AES_CFB 228 WOLFSSL_API int wc_AesCfbEncrypt(Aes* aes, byte* out, 229 const byte* in, word32 sz); 230 #ifdef HAVE_AES_DECRYPT 231 WOLFSSL_API int wc_AesCfbDecrypt(Aes* aes, byte* out, 232 const byte* in, word32 sz); 233 #endif /* HAVE_AES_DECRYPT */ 234 #endif /* WOLFSSL_AES_CFB */ 147 235 148 236 #ifdef HAVE_AES_ECB … … 165 253 const byte* iv, int dir); 166 254 #endif 255 167 256 #ifdef HAVE_AESGCM 168 257 #ifdef WOLFSSL_XILINX_CRYPT … … 182 271 const byte* authIn, word32 authInSz); 183 272 273 #ifndef WC_NO_RNG 274 WOLFSSL_API int wc_AesGcmSetExtIV(Aes* aes, const byte* iv, word32 ivSz); 275 WOLFSSL_API int wc_AesGcmSetIV(Aes* aes, word32 ivSz, 276 const byte* ivFixed, word32 ivFixedSz, 277 WC_RNG* rng); 278 WOLFSSL_API int wc_AesGcmEncrypt_ex(Aes* aes, byte* out, 279 const byte* in, word32 sz, 280 byte* ivOut, word32 ivOutSz, 281 byte* authTag, word32 authTagSz, 282 const byte* authIn, word32 authInSz); 283 #endif /* WC_NO_RNG */ 284 184 285 WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len); 185 286 WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz, 186 287 const byte* authIn, word32 authInSz, 187 288 byte* authTag, word32 authTagSz); 289 #ifndef WC_NO_RNG 290 WOLFSSL_API int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz, 291 const byte* authIn, word32 authInSz, 292 byte* authTag, word32 authTagSz, WC_RNG* rng); 293 WOLFSSL_API int wc_GmacVerify(const byte* key, word32 keySz, 294 const byte* iv, word32 ivSz, 295 const byte* authIn, word32 authInSz, 296 const byte* authTag, word32 authTagSz); 297 #endif /* WC_NO_RNG */ 188 298 WOLFSSL_LOCAL void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c, 189 299 word32 cSz, byte* s, word32 sSz); … … 200 310 const byte* nonce, word32 nonceSz, 201 311 const byte* authTag, word32 authTagSz, 312 const byte* authIn, word32 authInSz); 313 WOLFSSL_API int wc_AesCcmSetNonce(Aes* aes, 314 const byte* nonce, word32 nonceSz); 315 WOLFSSL_API int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, 316 const byte* in, word32 sz, 317 byte* ivOut, word32 ivOutSz, 318 byte* authTag, word32 authTagSz, 202 319 const byte* authIn, word32 authInSz); 203 320 #endif /* HAVE_AESCCM */ … … 214 331 215 332 #ifdef WOLFSSL_AES_XTS 216 /*! 217 \ingroup AES 218 219 \brief This is to help with setting keys to correct encrypt or decrypt type. 220 221 \note Is up to user to call wc_AesXtsFree on aes key when done. 222 223 \return 0 Success 224 225 \param aes AES keys for encrypt/decrypt process 226 \param key buffer holding aes key | tweak key 227 \param len length of key buffer in bytes. Should be twice that of key size. 228 i.e. 32 for a 16 byte key. 229 \param dir direction, either AES_ENCRYPTION or AES_DECRYPTION 230 \param heap heap hint to use for memory. Can be NULL 231 \param devId id to use with async crypto. Can be 0 232 233 _Example_ 234 \code 235 XtsAes aes; 236 237 if(wc_AesXtsSetKey(&aes, key, sizeof(key), AES_ENCRYPTION, NULL, 0) != 0) 238 { 239 // Handle error 240 } 241 wc_AesXtsFree(&aes); 242 \endcode 243 244 \sa wc_AesXtsEncrypt 245 \sa wc_AesXtsDecrypt 246 \sa wc_AesXtsFree 247 */ 333 248 334 WOLFSSL_API int wc_AesXtsSetKey(XtsAes* aes, const byte* key, 249 335 word32 len, int dir, void* heap, int devId); 250 336 251 252 /*!253 \ingroup AES254 255 \brief Same process as wc_AesXtsEncrypt but uses a word64 type as the tweak256 value instead of a byte array. This just converts the word64 to a257 byte array and calls wc_AesXtsEncrypt.258 259 \return 0 Success260 261 \param aes AES keys to use for block encrypt/decrypt262 \param out output buffer to hold cipher text263 \param in input plain text buffer to encrypt264 \param sz size of both out and in buffers265 \param sector value to use for tweak266 267 _Example_268 \code269 XtsAes aes;270 unsigned char plain[SIZE];271 unsigned char cipher[SIZE];272 word64 s = VALUE;273 274 //set up keys with AES_ENCRYPTION as dir275 276 if(wc_AesXtsEncryptSector(&aes, cipher, plain, SIZE, s) != 0)277 {278 // Handle error279 }280 wc_AesXtsFree(&aes);281 \endcode282 283 \sa wc_AesXtsEncrypt284 \sa wc_AesXtsDecrypt285 \sa wc_AesXtsSetKey286 \sa wc_AesXtsFree287 */288 337 WOLFSSL_API int wc_AesXtsEncryptSector(XtsAes* aes, byte* out, 289 338 const byte* in, word32 sz, word64 sector); 290 339 291 292 /*!293 \ingroup AES294 295 \brief Same process as wc_AesXtsDecrypt but uses a word64 type as the tweak296 value instead of a byte array. This just converts the word64 to a297 byte array.298 299 \return 0 Success300 301 \param aes AES keys to use for block encrypt/decrypt302 \param out output buffer to hold plain text303 \param in input cipher text buffer to decrypt304 \param sz size of both out and in buffers305 \param sector value to use for tweak306 307 _Example_308 \code309 XtsAes aes;310 unsigned char plain[SIZE];311 unsigned char cipher[SIZE];312 word64 s = VALUE;313 314 //set up aes key with AES_DECRYPTION as dir and tweak with AES_ENCRYPTION315 316 if(wc_AesXtsDecryptSector(&aes, plain, cipher, SIZE, s) != 0)317 {318 // Handle error319 }320 wc_AesXtsFree(&aes);321 \endcode322 323 \sa wc_AesXtsEncrypt324 \sa wc_AesXtsDecrypt325 \sa wc_AesXtsSetKey326 \sa wc_AesXtsFree327 */328 340 WOLFSSL_API int wc_AesXtsDecryptSector(XtsAes* aes, byte* out, 329 341 const byte* in, word32 sz, word64 sector); 330 342 331 332 /*!333 \ingroup AES334 335 \brief AES with XTS mode. (XTS) XEX encryption with Tweak and cipher text336 Stealing.337 338 \return 0 Success339 340 \param aes AES keys to use for block encrypt/decrypt341 \param out output buffer to hold cipher text342 \param in input plain text buffer to encrypt343 \param sz size of both out and in buffers344 \param i value to use for tweak345 \param iSz size of i buffer, should always be AES_BLOCK_SIZE but having346 this input adds a sanity check on how the user calls the347 function.348 349 _Example_350 \code351 XtsAes aes;352 unsigned char plain[SIZE];353 unsigned char cipher[SIZE];354 unsigned char i[AES_BLOCK_SIZE];355 356 //set up key with AES_ENCRYPTION as dir357 358 if(wc_AesXtsEncrypt(&aes, cipher, plain, SIZE, i, sizeof(i)) != 0)359 {360 // Handle error361 }362 wc_AesXtsFree(&aes);363 \endcode364 365 \sa wc_AesXtsDecrypt366 \sa wc_AesXtsSetKey367 \sa wc_AesXtsFree368 */369 343 WOLFSSL_API int wc_AesXtsEncrypt(XtsAes* aes, byte* out, 370 344 const byte* in, word32 sz, const byte* i, word32 iSz); 371 345 372 373 /*!374 \ingroup AES375 376 \brief Same process as encryption but Aes key is AES_DECRYPTION type.377 378 \return 0 Success379 380 \param aes AES keys to use for block encrypt/decrypt381 \param out output buffer to hold plain text382 \param in input cipher text buffer to decrypt383 \param sz size of both out and in buffers384 \param i value to use for tweak385 \param iSz size of i buffer, should always be AES_BLOCK_SIZE but having386 this input adds a sanity check on how the user calls the387 function.388 _Example_389 \code390 XtsAes aes;391 unsigned char plain[SIZE];392 unsigned char cipher[SIZE];393 unsigned char i[AES_BLOCK_SIZE];394 395 //set up key with AES_DECRYPTION as dir and tweak with AES_ENCRYPTION396 397 if(wc_AesXtsDecrypt(&aes, plain, cipher, SIZE, i, sizeof(i)) != 0)398 {399 // Handle error400 }401 wc_AesXtsFree(&aes);402 \endcode403 404 \sa wc_AesXtsEncrypt405 \sa wc_AesXtsSetKey406 \sa wc_AesXtsFree407 */408 346 WOLFSSL_API int wc_AesXtsDecrypt(XtsAes* aes, byte* out, 409 347 const byte* in, word32 sz, const byte* i, word32 iSz); 410 348 411 412 /*!413 \ingroup AES414 415 \brief This is to free up any resources used by the XtsAes structure416 417 \return 0 Success418 419 \param aes AES keys to free420 421 _Example_422 \code423 XtsAes aes;424 425 if(wc_AesXtsSetKey(&aes, key, sizeof(key), AES_ENCRYPTION, NULL, 0) != 0)426 {427 // Handle error428 }429 wc_AesXtsFree(&aes);430 \endcode431 432 \sa wc_AesXtsEncrypt433 \sa wc_AesXtsDecrypt434 \sa wc_AesXtsSetKey435 */436 349 WOLFSSL_API int wc_AesXtsFree(XtsAes* aes); 437 350 #endif … … 439 352 WOLFSSL_API int wc_AesGetKeySize(Aes* aes, word32* keySize); 440 353 441 WOLFSSL_API int wc_AesInit(Aes*, void*, int); 442 WOLFSSL_API void wc_AesFree(Aes*); 354 WOLFSSL_API int wc_AesInit(Aes* aes, void* heap, int devId); 355 #ifdef HAVE_PKCS11 356 WOLFSSL_API int wc_AesInit_Id(Aes* aes, unsigned char* id, int len, void* heap, 357 int devId); 358 #endif 359 WOLFSSL_API void wc_AesFree(Aes* aes); 443 360 444 361 #ifdef __cplusplus
Note:
See TracChangeset
for help on using the changeset viewer.