lib/rijndael-api-fst.h

   1 /* rijndael-api-fst.h --- Rijndael cipher implementation.
   2  * Copyright (C) 2005, 2009-2024 Free Software Foundation, Inc.
   3  *
   4  * This file is free software: you can redistribute it and/or modify
   5  * it under the terms of the GNU Lesser General Public License as
   6  * published by the Free Software Foundation; either version 2.1 of the
   7  * License, or (at your option) any later version.
   8  *
   9  * This file is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  * GNU Lesser General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Lesser General Public License
  15  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  16  *
  17  */
  18
  19 /* Adapted for gnulib by Simon Josefsson. */
  20
  21 /**
  22  * rijndael-api-fst.h
  23  *
  24  * @version 2.9 (December 2000)
  25  *
  26  * Optimised ANSI C code for the Rijndael cipher (now AES)
  27  *
  28  * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
  29  * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
  30  * @author Paulo Barreto <paulo.barreto@terra.com.br>
  31  *
  32  * This code is hereby placed in the public domain.
  33  *
  34  * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
  35  * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  36  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  37  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
  38  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  39  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  40  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
  41  * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
  42  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
  43  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
  44  * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  45  *
  46  * Acknowledgements:
  47  *
  48  * We are deeply indebted to the following people for their bug reports,
  49  * fixes, and improvement suggestions to this implementation. Though we
  50  * tried to list all contributions, we apologise in advance for any
  51  * missing reference.
  52  *
  53  * Andrew Bales <Andrew.Bales@Honeywell.com>
  54  * Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
  55  * John Skodon <skodonj@webquill.com>
  56  */
  57
  58 #ifndef __RIJNDAEL_API_FST_H
  59 #define __RIJNDAEL_API_FST_H
  60
  61 #include "rijndael-alg-fst.h"
  62
  63 #include <stdio.h>
  64
  65 /* Default number of bits in a cipher block */
  66 #define RIJNDAEL_BITSPERBLOCK 128
  67
  68 /* Number of ASCII char's needed to represent a key */
  69 #define RIJNDAEL_MAX_KEY_SIZE 64
  70
  71 /* Number bytes needed to represent an IV  */
  72 #define RIJNDAEL_MAX_IV_SIZE 16
  73
  74 typedef enum
  75 {
  76   /*  Key direction is invalid, e.g., unknown value */
  77   RIJNDAEL_BAD_KEY_DIR = -1,
  78   /*  Key material not of correct length */
  79   RIJNDAEL_BAD_KEY_MAT = -2,
  80   /*  Key passed is not valid */
  81   RIJNDAEL_BAD_KEY_INSTANCE = -3,
  82   /*  Params struct passed to cipherInit invalid */
  83   RIJNDAEL_BAD_CIPHER_MODE = -4,
  84   /*  Cipher in wrong state (e.g., not initialized) */
  85   RIJNDAEL_BAD_CIPHER_STATE = -5,
  86   RIJNDAEL_BAD_BLOCK_LENGTH = -6,
  87   RIJNDAEL_BAD_CIPHER_INSTANCE = -7,
  88   /*  Data contents are invalid, e.g., invalid padding */
  89   RIJNDAEL_BAD_DATA = -8,
  90   /*  Unknown error */
  91   RIJNDAEL_BAD_OTHER = -9
  92 } rijndael_rc;
  93
  94 typedef enum
  95 {
  96   RIJNDAEL_DIR_ENCRYPT = 0,     /*  Are we encrypting?  */
  97   RIJNDAEL_DIR_DECRYPT = 1      /*  Are we decrypting?  */
  98 } rijndael_direction;
  99
 100 typedef enum
 101 {
 102   RIJNDAEL_MODE_ECB = 1,        /*  Are we ciphering in ECB mode?   */
 103   RIJNDAEL_MODE_CBC = 2,        /*  Are we ciphering in CBC mode?   */
 104   RIJNDAEL_MODE_CFB1 = 3        /*  Are we ciphering in 1-bit CFB mode? */
 105 } rijndael_mode;
 106
 107 /*  The structure for key information */
 108 typedef struct
 109 {
 110   /* Key used for encrypting or decrypting? */
 111   rijndael_direction direction;
 112   /* Length of the key  */
 113   size_t keyLen;
 114   /* Raw key data in ASCII, e.g., user input or KAT values */
 115   char keyMaterial[RIJNDAEL_MAX_KEY_SIZE + 1];
 116   /* key-length-dependent number of rounds */
 117   int Nr;
 118   /* key schedule */
 119   uint32_t rk[4 * (RIJNDAEL_MAXNR + 1)];
 120   /* CFB1 key schedule (encryption only) */
 121   uint32_t ek[4 * (RIJNDAEL_MAXNR + 1)];
 122 } rijndaelKeyInstance;
 123
 124 /*  The structure for cipher information */
 125 typedef struct
 126 {                               /* changed order of the components */
 127   rijndael_mode mode;           /* MODE_ECB, MODE_CBC, or MODE_CFB1 */
 128   /* A possible Initialization Vector for ciphering */
 129   char IV[RIJNDAEL_MAX_IV_SIZE];
 130 } rijndaelCipherInstance;
 131
 132 /*  Function prototypes  */
 133
 134 /* Create KEY, for encryption or decryption depending on DIRECTION,
 135    from KEYMATERIAL, a hex string, of KEYLEN size.  KEYLEN should be
 136    128, 192 or 256. Returns 0 on success, or an error code. */
 137 extern rijndael_rc
 138 rijndaelMakeKey (rijndaelKeyInstance *key, rijndael_direction direction,
 139                  size_t keyLen, const char *keyMaterial);
 140
 141 /* Initialize cipher state CIPHER for encryption MODE (e.g.,
 142    RIJNDAEL_MODE_CBC) with initialization vector IV, a hex string of
 143    2*RIJNDAEL_MAX_IV_SIZE length.  IV may be NULL for modes that do
 144    not need an IV (i.e., RIJNDAEL_MODE_ECB).  */
 145 extern rijndael_rc
 146 rijndaelCipherInit (rijndaelCipherInstance *cipher,
 147                     rijndael_mode mode, const char *IV);
 148
 149 /* Encrypt data in INPUT, of INPUTLEN/8 bytes length, placing the
 150    output in the pre-allocated OUTBUFFER which must hold at least
 151    INPUTLEN/8 bytes of data.  The CIPHER is used as state, and must be
 152    initialized with rijndaelCipherInit before calling this function.
 153    The encryption KEY must be initialized with rijndaelMakeKey before
 154    calling this function.  Return the number of bits written, or a
 155    negative rijndael_rc error code. */
 156 extern int
 157 rijndaelBlockEncrypt (rijndaelCipherInstance *cipher,
 158                       const rijndaelKeyInstance *key,
 159                       const char *input, size_t inputLen,
 160                       char *restrict outBuffer);
 161
 162 /* Encrypt data in INPUT, of INPUTOCTETS bytes length, placing the
 163    output in the pre-allocated OUTBUFFER which must hold at least
 164    INPUTOCTETS aligned to the next block size boundary.
 165    Ciphertext-Stealing as described in RFC 2040 is used to encrypt
 166    partial blocks.  The CIPHER is used as state, and must be
 167    initialized with rijndaelCipherInit before calling this function.
 168    The encryption KEY must be initialized with rijndaelMakeKey before
 169    calling this function.  Return the number of bits written, or a
 170    negative rijndael_rc error code. */
 171 extern int
 172 rijndaelPadEncrypt (rijndaelCipherInstance *cipher,
 173                     const rijndaelKeyInstance *key,
 174                     const char *input, size_t inputOctets,
 175                     char *restrict outBuffer);
 176
 177 /* Decrypt data in INPUT, of INPUTLEN/8 bytes length, placing the
 178    output in the pre-allocated OUTBUFFER which must hold at least
 179    INPUTLEN/8 bytes of data.  The CIPHER is used as state, and must be
 180    initialized with rijndaelCipherInit before calling this function.
 181    The encryption KEY must be initialized with rijndaelMakeKey before
 182    calling this function.  Return the number of bits written, or a
 183    negative rijndael_rc error code. */
 184 extern int
 185 rijndaelBlockDecrypt (rijndaelCipherInstance *cipher,
 186                       const rijndaelKeyInstance *key,
 187                       const char *input, size_t inputLen,
 188                       char *restrict outBuffer);
 189
 190 /* Decrypt data in INPUT, of INPUTOCTETS bytes length, placing the
 191    output in the pre-allocated OUTBUFFER which must hold at least
 192    INPUTOCTETS aligned to the next block size boundary.
 193    Ciphertext-Stealing as described in RFC 2040 is used to encrypt
 194    partial blocks.  The CIPHER is used as state, and must be
 195    initialized with rijndaelCipherInit before calling this function.
 196    The encryption KEY must be initialized with rijndaelMakeKey before
 197    calling this function.  Return the number of bits written, or a
 198    negative rijndael_rc error code. */
 199 extern int
 200 rijndaelPadDecrypt (rijndaelCipherInstance *cipher,
 201                     const rijndaelKeyInstance *key,
 202                     const char *input, size_t inputOctets,
 203                     char *restrict outBuffer);
 204
 205 #endif /* __RIJNDAEL_API_FST_H */