Gitiles
Code Review Sign In
192.168.1.100 / R306 / 1287788b29ff3df8561e18d63a3dc03b0ec2b272 / . / ap / lib / libwolfssl / install / include / wolfssl / wolfcrypt / aes.h
blob: 21908ac3c4c855ce67cf5d3d07bed78f814986f5 [file] [log] [blame]
yuezonghe824eb0c2024-06-27 02:32:26 -0700[diff] [blame]1/* aes.h
2 *
3 * Copyright (C) 2006-2021 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22/*!
23 \file wolfssl/wolfcrypt/aes.h
24*/
25/*
26
27DESCRIPTION
28This library provides the interfaces to the Advanced Encryption Standard (AES)
29for encrypting and decrypting data. AES is the standard known for a symmetric
30block cipher mechanism that uses n-bit binary string parameter key with 128-bits,
31192-bits, and 256-bits of key sizes.
32
33*/
34#ifndef WOLF_CRYPT_AES_H
35#define WOLF_CRYPT_AES_H
36
37#include <wolfssl/wolfcrypt/types.h>
38
39#ifndef NO_AES
40
41#if defined(HAVE_FIPS) && \
42 defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
43 #include <wolfssl/wolfcrypt/fips.h>
44#endif /* HAVE_FIPS_VERSION >= 2 */
45
46/* included for fips @wc_fips */
47#if defined(HAVE_FIPS) && \
48 (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
49#include <cyassl/ctaocrypt/aes.h>
50#if defined(CYASSL_AES_COUNTER) && !defined(WOLFSSL_AES_COUNTER)
51 #define WOLFSSL_AES_COUNTER
52#endif
53#if !defined(WOLFSSL_AES_DIRECT) && defined(CYASSL_AES_DIRECT)
54 #define WOLFSSL_AES_DIRECT
55#endif
56#endif
57
58#ifndef WC_NO_RNG
59 #include <wolfssl/wolfcrypt/random.h>
60#endif
61#ifdef STM32_CRYPTO
62 #include <wolfssl/wolfcrypt/port/st/stm32.h>
63#endif
64
65#ifdef WOLFSSL_IMXRT_DCP
66 #include "fsl_dcp.h"
67#endif
68
69#ifdef WOLFSSL_XILINX_CRYPT
70#include "xsecure_aes.h"
71#endif
72
73#if defined(WOLFSSL_AFALG) || defined(WOLFSSL_AFALG_XILINX_AES)
74/* included for struct msghdr */
75#include <wolfssl/wolfcrypt/port/af_alg/wc_afalg.h>
76#endif
77
78#if defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC)
79#include <wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h>
80#endif
81
82#ifdef WOLFSSL_SILABS_SE_ACCEL
83 #include <wolfssl/wolfcrypt/port/silabs/silabs_aes.h>
84#endif
85
86
87#if defined(HAVE_AESGCM) && !defined(WC_NO_RNG)
88 #include <wolfssl/wolfcrypt/random.h>
89#endif
90
91#if defined(WOLFSSL_CRYPTOCELL)
92 #include <wolfssl/wolfcrypt/port/arm/cryptoCell.h>
93#endif
94
95#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
96 defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)
97 #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
98#endif
99
100#ifdef __cplusplus
101 extern "C" {
102#endif
103
104#ifndef WOLFSSL_AES_KEY_SIZE_ENUM
105#define WOLFSSL_AES_KEY_SIZE_ENUM
106/* these are required for FIPS and non-FIPS */
107enum {
108 AES_128_KEY_SIZE = 16, /* for 128 bit */
109 AES_192_KEY_SIZE = 24, /* for 192 bit */
110 AES_256_KEY_SIZE = 32, /* for 256 bit */
111
112 AES_IV_SIZE = 16, /* always block size */
113};
114#endif
115
116/* avoid redefinition of structs */
117#if !defined(HAVE_FIPS) || \
118 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
119
120#ifdef WOLFSSL_ASYNC_CRYPT
121 #include <wolfssl/wolfcrypt/async.h>
122#endif
123
124enum {
125 AES_ENC_TYPE = WC_CIPHER_AES, /* cipher unique type */
126 AES_ENCRYPTION = 0,
127 AES_DECRYPTION = 1,
128
129 AES_BLOCK_SIZE = 16,
130
131 KEYWRAP_BLOCK_SIZE = 8,
132
133 GCM_NONCE_MAX_SZ = 16, /* wolfCrypt's maximum nonce size allowed. */
134 GCM_NONCE_MID_SZ = 12, /* The usual default nonce size for AES-GCM. */
135 GCM_NONCE_MIN_SZ = 8, /* wolfCrypt's minimum nonce size allowed. */
136 CCM_NONCE_MIN_SZ = 7,
137 CCM_NONCE_MAX_SZ = 13,
138 CTR_SZ = 4,
139 AES_IV_FIXED_SZ = 4,
140#ifdef WOLFSSL_AES_CFB
141 AES_CFB_MODE = 1,
142#endif
143#ifdef WOLFSSL_AES_OFB
144 AES_OFB_MODE = 2,
145#endif
146#ifdef WOLFSSL_AES_XTS
147 AES_XTS_MODE = 3,
148#endif
149
150#ifdef HAVE_PKCS11
151 AES_MAX_ID_LEN = 32,
152 AES_MAX_LABEL_LEN = 32,
153#endif
154};
155
156
157struct Aes {
158 /* AESNI needs key first, rounds 2nd, not sure why yet */
159 ALIGN16 word32 key[60];
160 word32 rounds;
161 int keylen;
162
163 ALIGN16 word32 reg[AES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
164 ALIGN16 word32 tmp[AES_BLOCK_SIZE / sizeof(word32)]; /* same */
165
166#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
167 word32 invokeCtr[2];
168 word32 nonceSz;
169#endif
170#ifdef HAVE_AESGCM
171 ALIGN16 byte H[AES_BLOCK_SIZE];
172#ifdef OPENSSL_EXTRA
173 word32 aadH[4]; /* additional authenticated data GHASH */
174 word32 aadLen; /* additional authenticated data len */
175#endif
176
177#ifdef GCM_TABLE
178 /* key-based fast multiplication table. */
179 ALIGN16 byte M0[256][AES_BLOCK_SIZE];
180#elif defined(GCM_TABLE_4BIT)
181 #if defined(BIG_ENDIAN_ORDER) || defined(WC_16BIT_CPU)
182 ALIGN16 byte M0[16][AES_BLOCK_SIZE];
183 #else
184 ALIGN16 byte M0[32][AES_BLOCK_SIZE];
185 #endif
186#endif /* GCM_TABLE */
187#ifdef HAVE_CAVIUM_OCTEON_SYNC
188 word32 y0;
189#endif
190#endif /* HAVE_AESGCM */
191#ifdef WOLFSSL_AESNI
192 byte use_aesni;
193#endif /* WOLFSSL_AESNI */
194#ifdef WOLF_CRYPTO_CB
195 int devId;
196 void* devCtx;
197#endif
198#ifdef HAVE_PKCS11
199 byte id[AES_MAX_ID_LEN];
200 int idLen;
201 char label[AES_MAX_LABEL_LEN];
202 int labelLen;
203#endif
204#ifdef WOLFSSL_ASYNC_CRYPT
205 WC_ASYNC_DEV asyncDev;
206#endif /* WOLFSSL_ASYNC_CRYPT */
207#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
208 defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
209 word32 left; /* unused bytes left from last call */
210#endif
211#ifdef WOLFSSL_XILINX_CRYPT
212 XSecure_Aes xilAes;
213 XCsuDma dma;
214 word32 key_init[8];
215 word32 kup;
216#endif
217#if defined(WOLFSSL_AFALG) || defined(WOLFSSL_AFALG_XILINX_AES)
218 int alFd; /* server socket to bind to */
219 int rdFd; /* socket to read from */
220 struct msghdr msg;
221 int dir; /* flag for encrpyt or decrypt */
222#ifdef WOLFSSL_AFALG_XILINX_AES
223 word32 msgBuf[CMSG_SPACE(4) + CMSG_SPACE(sizeof(struct af_alg_iv) +
224 GCM_NONCE_MID_SZ)];
225#endif
226#endif
227#if defined(WOLF_CRYPTO_CB) || (defined(WOLFSSL_DEVCRYPTO) && \
228 (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))) || \
229 (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES))
230 word32 devKey[AES_MAX_KEY_SIZE/WOLFSSL_BIT_SIZE/sizeof(word32)]; /* raw key */
231#ifdef HAVE_CAVIUM_OCTEON_SYNC
232 int keySet;
233#endif
234#endif
235#if defined(WOLFSSL_DEVCRYPTO) && \
236 (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))
237 WC_CRYPTODEV ctx;
238#endif
239#if defined(WOLFSSL_CRYPTOCELL)
240 aes_context_t ctx;
241#endif
242#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
243 defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)
244 TSIP_AES_CTX ctx;
245#endif
246#if defined(WOLFSSL_IMXRT_DCP)
247 dcp_handle_t handle;
248#endif
249#if defined(WOLFSSL_SILABS_SE_ACCEL)
250 silabs_aes_t ctx;
251#endif
252 void* heap; /* memory hint to use */
253#ifdef WOLFSSL_AESGCM_STREAM
254#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_AESNI)
255 ALIGN16 byte streamData[5 * AES_BLOCK_SIZE];
256#else
257 byte* streamData;
258#endif
259 word32 aSz;
260 word32 cSz;
261 byte over;
262 byte aOver;
263 byte cOver;
264 byte gcmKeySet:1;
265 byte nonceSet:1;
266 byte ctrSet:1;
267#endif
268};
269
270#ifndef WC_AES_TYPE_DEFINED
271 typedef struct Aes Aes;
272 #define WC_AES_TYPE_DEFINED
273#endif
274
275#ifdef WOLFSSL_AES_XTS
276typedef struct XtsAes {
277 Aes aes;
278 Aes tweak;
279} XtsAes;
280#endif
281
282#ifdef HAVE_AESGCM
283typedef struct Gmac {
284 Aes aes;
285} Gmac;
286#endif /* HAVE_AESGCM */
287#endif /* HAVE_FIPS */
288
289
290/* Authenticate cipher function prototypes */
291typedef int (*wc_AesAuthEncryptFunc)(Aes* aes, byte* out,
292 const byte* in, word32 sz,
293 const byte* iv, word32 ivSz,
294 byte* authTag, word32 authTagSz,
295 const byte* authIn, word32 authInSz);
296typedef int (*wc_AesAuthDecryptFunc)(Aes* aes, byte* out,
297 const byte* in, word32 sz,
298 const byte* iv, word32 ivSz,
299 const byte* authTag, word32 authTagSz,
300 const byte* authIn, word32 authInSz);
301
302/* AES-CBC */
303WOLFSSL_API int wc_AesSetKey(Aes* aes, const byte* key, word32 len,
304 const byte* iv, int dir);
305WOLFSSL_API int wc_AesSetIV(Aes* aes, const byte* iv);
306
307#ifdef HAVE_AES_CBC
308WOLFSSL_API int wc_AesCbcEncrypt(Aes* aes, byte* out,
309 const byte* in, word32 sz);
310WOLFSSL_API int wc_AesCbcDecrypt(Aes* aes, byte* out,
311 const byte* in, word32 sz);
312#endif
313
314#ifdef WOLFSSL_AES_CFB
315WOLFSSL_API int wc_AesCfbEncrypt(Aes* aes, byte* out,
316 const byte* in, word32 sz);
317WOLFSSL_API int wc_AesCfb1Encrypt(Aes* aes, byte* out,
318 const byte* in, word32 sz);
319WOLFSSL_API int wc_AesCfb8Encrypt(Aes* aes, byte* out,
320 const byte* in, word32 sz);
321#ifdef HAVE_AES_DECRYPT
322WOLFSSL_API int wc_AesCfbDecrypt(Aes* aes, byte* out,
323 const byte* in, word32 sz);
324WOLFSSL_API int wc_AesCfb1Decrypt(Aes* aes, byte* out,
325 const byte* in, word32 sz);
326WOLFSSL_API int wc_AesCfb8Decrypt(Aes* aes, byte* out,
327 const byte* in, word32 sz);
328#endif /* HAVE_AES_DECRYPT */
329#endif /* WOLFSSL_AES_CFB */
330
331#ifdef WOLFSSL_AES_OFB
332WOLFSSL_API int wc_AesOfbEncrypt(Aes* aes, byte* out,
333 const byte* in, word32 sz);
334#ifdef HAVE_AES_DECRYPT
335WOLFSSL_API int wc_AesOfbDecrypt(Aes* aes, byte* out,
336 const byte* in, word32 sz);
337#endif /* HAVE_AES_DECRYPT */
338#endif /* WOLFSSL_AES_OFB */
339
340#ifdef HAVE_AES_ECB
341WOLFSSL_API int wc_AesEcbEncrypt(Aes* aes, byte* out,
342 const byte* in, word32 sz);
343WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out,
344 const byte* in, word32 sz);
345#endif
346
347/* AES-CTR */
348#ifdef WOLFSSL_AES_COUNTER
349 WOLFSSL_API int wc_AesCtrEncrypt(Aes* aes, byte* out,
350 const byte* in, word32 sz);
351#endif
352/* AES-DIRECT */
353#if defined(WOLFSSL_AES_DIRECT)
354 WOLFSSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in);
355 WOLFSSL_API void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in);
356 WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
357 const byte* iv, int dir);
358#endif
359
360#ifdef HAVE_AESGCM
361#ifdef WOLFSSL_XILINX_CRYPT
362 WOLFSSL_API int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len,
363 word32 kup);
364#elif defined(WOLFSSL_AFALG_XILINX_AES)
365 WOLFSSL_LOCAL int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len,
366 word32 kup);
367#endif
368 WOLFSSL_API int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len);
369 WOLFSSL_API int wc_AesGcmEncrypt(Aes* aes, byte* out,
370 const byte* in, word32 sz,
371 const byte* iv, word32 ivSz,
372 byte* authTag, word32 authTagSz,
373 const byte* authIn, word32 authInSz);
374 WOLFSSL_API int wc_AesGcmDecrypt(Aes* aes, byte* out,
375 const byte* in, word32 sz,
376 const byte* iv, word32 ivSz,
377 const byte* authTag, word32 authTagSz,
378 const byte* authIn, word32 authInSz);
379#ifdef WOLFSSL_AESGCM_STREAM
380WOLFSSL_API int wc_AesGcmInit(Aes* aes, const byte* key, word32 len,
381 const byte* iv, word32 ivSz);
382
383WOLFSSL_API int wc_AesGcmEncryptInit(Aes* aes, const byte* key, word32 len,
384 const byte* iv, word32 ivSz);
385WOLFSSL_API int wc_AesGcmEncryptInit_ex(Aes* aes, const byte* key, word32 len,
386 byte* ivOut, word32 ivOutSz);
387WOLFSSL_API int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in,
388 word32 sz, const byte* authIn, word32 authInSz);
389WOLFSSL_API int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag,
390 word32 authTagSz);
391
392WOLFSSL_API int wc_AesGcmDecryptInit(Aes* aes, const byte* key, word32 len,
393 const byte* iv, word32 ivSz);
394WOLFSSL_API int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in,
395 word32 sz, const byte* authIn, word32 authInSz);
396WOLFSSL_API int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag,
397 word32 authTagSz);
398#endif
399
400#ifndef WC_NO_RNG
401 WOLFSSL_API int wc_AesGcmSetExtIV(Aes* aes, const byte* iv, word32 ivSz);
402 WOLFSSL_API int wc_AesGcmSetIV(Aes* aes, word32 ivSz,
403 const byte* ivFixed, word32 ivFixedSz,
404 WC_RNG* rng);
405 WOLFSSL_API int wc_AesGcmEncrypt_ex(Aes* aes, byte* out,
406 const byte* in, word32 sz,
407 byte* ivOut, word32 ivOutSz,
408 byte* authTag, word32 authTagSz,
409 const byte* authIn, word32 authInSz);
410#endif /* WC_NO_RNG */
411
412 WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len);
413 WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
414 const byte* authIn, word32 authInSz,
415 byte* authTag, word32 authTagSz);
416#ifndef WC_NO_RNG
417 WOLFSSL_API int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz,
418 const byte* authIn, word32 authInSz,
419 byte* authTag, word32 authTagSz, WC_RNG* rng);
420 WOLFSSL_API int wc_GmacVerify(const byte* key, word32 keySz,
421 const byte* iv, word32 ivSz,
422 const byte* authIn, word32 authInSz,
423 const byte* authTag, word32 authTagSz);
424#endif /* WC_NO_RNG */
425 WOLFSSL_LOCAL void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c,
426 word32 cSz, byte* s, word32 sSz);
427#endif /* HAVE_AESGCM */
428#ifdef HAVE_AESCCM
429 WOLFSSL_LOCAL int wc_AesCcmCheckTagSize(int sz);
430 WOLFSSL_API int wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz);
431 WOLFSSL_API int wc_AesCcmEncrypt(Aes* aes, byte* out,
432 const byte* in, word32 inSz,
433 const byte* nonce, word32 nonceSz,
434 byte* authTag, word32 authTagSz,
435 const byte* authIn, word32 authInSz);
436 WOLFSSL_API int wc_AesCcmDecrypt(Aes* aes, byte* out,
437 const byte* in, word32 inSz,
438 const byte* nonce, word32 nonceSz,
439 const byte* authTag, word32 authTagSz,
440 const byte* authIn, word32 authInSz);
441 WOLFSSL_API int wc_AesCcmSetNonce(Aes* aes,
442 const byte* nonce, word32 nonceSz);
443 WOLFSSL_API int wc_AesCcmEncrypt_ex(Aes* aes, byte* out,
444 const byte* in, word32 sz,
445 byte* ivOut, word32 ivOutSz,
446 byte* authTag, word32 authTagSz,
447 const byte* authIn, word32 authInSz);
448#endif /* HAVE_AESCCM */
449#ifdef HAVE_AES_KEYWRAP
450 WOLFSSL_API int wc_AesKeyWrap(const byte* key, word32 keySz,
451 const byte* in, word32 inSz,
452 byte* out, word32 outSz,
453 const byte* iv);
454 WOLFSSL_API int wc_AesKeyWrap_ex(Aes *aes,
455 const byte* in, word32 inSz,
456 byte* out, word32 outSz,
457 const byte* iv);
458 WOLFSSL_API int wc_AesKeyUnWrap(const byte* key, word32 keySz,
459 const byte* in, word32 inSz,
460 byte* out, word32 outSz,
461 const byte* iv);
462 WOLFSSL_API int wc_AesKeyUnWrap_ex(Aes *aes,
463 const byte* in, word32 inSz,
464 byte* out, word32 outSz,
465 const byte* iv);
466#endif /* HAVE_AES_KEYWRAP */
467
468#ifdef WOLFSSL_AES_XTS
469
470WOLFSSL_API int wc_AesXtsSetKey(XtsAes* aes, const byte* key,
471 word32 len, int dir, void* heap, int devId);
472
473WOLFSSL_API int wc_AesXtsEncryptSector(XtsAes* aes, byte* out,
474 const byte* in, word32 sz, word64 sector);
475
476WOLFSSL_API int wc_AesXtsDecryptSector(XtsAes* aes, byte* out,
477 const byte* in, word32 sz, word64 sector);
478
479WOLFSSL_API int wc_AesXtsEncrypt(XtsAes* aes, byte* out,
480 const byte* in, word32 sz, const byte* i, word32 iSz);
481
482WOLFSSL_API int wc_AesXtsDecrypt(XtsAes* aes, byte* out,
483 const byte* in, word32 sz, const byte* i, word32 iSz);
484
485WOLFSSL_API int wc_AesXtsFree(XtsAes* aes);
486#endif
487
488WOLFSSL_API int wc_AesGetKeySize(Aes* aes, word32* keySize);
489
490WOLFSSL_API int wc_AesInit(Aes* aes, void* heap, int devId);
491#ifdef HAVE_PKCS11
492WOLFSSL_API int wc_AesInit_Id(Aes* aes, unsigned char* id, int len, void* heap,
493 int devId);
494WOLFSSL_API int wc_AesInit_Label(Aes* aes, const char* label, void* heap,
495 int devId);
496#endif
497WOLFSSL_API void wc_AesFree(Aes* aes);
498
499#ifdef __cplusplus
500 } /* extern "C" */
501#endif
502
503
504#endif /* NO_AES */
505#endif /* WOLF_CRYPT_AES_H */