]>
Commit | Line | Data |
---|---|---|
7c673cae FG |
1 | /********************************************************************** |
2 | Copyright(c) 2011-2016 Intel Corporation All rights reserved. | |
3 | ||
4 | Redistribution and use in source and binary forms, with or without | |
1e59de90 | 5 | modification, are permitted provided that the following conditions |
7c673cae FG |
6 | are met: |
7 | * Redistributions of source code must retain the above copyright | |
8 | notice, this list of conditions and the following disclaimer. | |
9 | * Redistributions in binary form must reproduce the above copyright | |
10 | notice, this list of conditions and the following disclaimer in | |
11 | the documentation and/or other materials provided with the | |
12 | distribution. | |
13 | * Neither the name of Intel Corporation nor the names of its | |
14 | contributors may be used to endorse or promote products derived | |
15 | from this software without specific prior written permission. | |
16 | ||
17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
18 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
19 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
20 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
21 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
22 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | |
23 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
25 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
28 | **********************************************************************/ | |
29 | ||
30 | ||
31 | #ifndef _AES_XTS_H | |
32 | #define _AES_XTS_H | |
33 | ||
34 | /** | |
35 | * @file aes_xts.h | |
36 | * @brief AES XTS encryption function prototypes. | |
37 | * | |
38 | * This defines the interface to optimized AES XTS functions | |
1e59de90 TL |
39 | * |
40 | * <b>Pre-expanded keys</b> | |
41 | * | |
42 | * For key encryption, pre-expanded keys are stored in the order that they will be | |
43 | * used. As an example, if Key[0] is the 128-bit initial key used for an AES-128 | |
44 | * encryption, the rest of the keys are stored as follows: | |
45 | * | |
46 | * <ul> | |
47 | * <li> Key[0] : Initial encryption key | |
48 | * <li> Key[1] : Round 1 encryption key | |
49 | * <li> Key[2] : Round 2 encryption key | |
50 | * <li> ... | |
51 | * <li> Key[10] : Round 10 encryption key | |
52 | * </ul> | |
53 | * | |
54 | * For decryption, the order of keys is reversed. However, we apply the | |
55 | * necessary aesimc instructions before storing the expanded keys. For the same key | |
56 | * used above, the pre-expanded keys will be stored as follows: | |
57 | * | |
58 | * <ul> | |
59 | * <li> Key[0] : Round 10 encryption key | |
60 | * <li> Key[1] : aesimc(Round 9 encryption key) | |
61 | * <li> Key[2] : aesimc(Round 8 encryption key) | |
62 | * <li> ... | |
63 | * <li> Key[9] : aesimc(Round 1 encryption key) | |
64 | * <li> Key[10] : Initial encryption key | |
65 | * </ul> | |
66 | * | |
67 | * <b>Note:</b> The expanded key decryption requires a decryption key only for the block | |
68 | * decryption step. The tweak step in the expanded key decryption requires the same expanded | |
69 | * encryption key that is used in the expanded key encryption. | |
70 | * | |
71 | * <b>Input and Output Buffers </b> | |
72 | * | |
73 | * The input and output buffers can be overlapping as long as the output buffer | |
74 | * pointer is not less than the input buffer pointer. If the two pointers are the | |
75 | * same, then encryption/decryption will occur in-place. | |
76 | * | |
77 | * <b>Data Length</b> | |
78 | * | |
79 | * <ul> | |
80 | * <li> The functions support data length of any bytes greater than or equal to 16 bytes. | |
81 | * <li> Data length is a 64-bit value, which makes the largest possible data length | |
82 | * 2^64 - 1 bytes. | |
83 | * <li> For data lengths from 0 to 15 bytes, the functions return without any error | |
84 | * codes, without reading or writing any data. | |
85 | * <li> The functions only support byte lengths, not bits. | |
86 | * </ul> | |
87 | * | |
88 | * <b>Initial Tweak</b> | |
89 | * | |
90 | * The functions accept a 128-bit initial tweak value. The user is responsible for | |
91 | * padding the initial tweak value to this length. | |
92 | * | |
93 | * <b>Data Alignment</b> | |
94 | * | |
95 | * The input and output buffers, keys, pre-expanded keys and initial tweak value | |
96 | * are not required to be aligned to 16 bytes, any alignment works. | |
97 | * | |
7c673cae FG |
98 | */ |
99 | ||
100 | #include <stdint.h> | |
101 | ||
102 | #ifdef __cplusplus | |
103 | extern "C" { | |
104 | #endif | |
105 | ||
106 | /** @brief XTS-AES-128 Encryption | |
107 | * @requires AES-NI | |
108 | */ | |
109 | ||
110 | void XTS_AES_128_enc( | |
111 | uint8_t *k2, //!< key used for tweaking, 16 bytes | |
112 | uint8_t *k1, //!< key used for encryption of tweaked plaintext, 16 bytes | |
113 | uint8_t *TW_initial, //!< initial tweak value, 16 bytes | |
114 | uint64_t N, //!< sector size, in bytes | |
115 | const uint8_t *pt, //!< plaintext sector input data | |
116 | uint8_t *ct //!< ciphertext sector output data | |
117 | ); | |
118 | ||
119 | /** @brief XTS-AES-128 Encryption with pre-expanded keys | |
120 | * @requires AES-NI | |
121 | */ | |
122 | ||
123 | void XTS_AES_128_enc_expanded_key( | |
124 | uint8_t *k2, //!< expanded key used for tweaking, 16*11 bytes | |
125 | uint8_t *k1, //!< expanded key used for encryption of tweaked plaintext, 16*11 bytes | |
126 | uint8_t *TW_initial, //!< initial tweak value, 16 bytes | |
127 | uint64_t N, //!< sector size, in bytes | |
128 | const uint8_t *pt, //!< plaintext sector input data | |
129 | uint8_t *ct //!< ciphertext sector output data | |
130 | ); | |
131 | ||
132 | /** @brief XTS-AES-128 Decryption | |
133 | * @requires AES-NI | |
134 | */ | |
135 | ||
136 | void XTS_AES_128_dec( | |
137 | uint8_t *k2, //!< key used for tweaking, 16 bytes | |
138 | uint8_t *k1, //!< key used for decryption of tweaked ciphertext, 16 bytes | |
139 | uint8_t *TW_initial, //!< initial tweak value, 16 bytes | |
140 | uint64_t N, //!< sector size, in bytes | |
141 | const uint8_t *ct, //!< ciphertext sector input data | |
142 | uint8_t *pt //!< plaintext sector output data | |
143 | ); | |
144 | ||
145 | /** @brief XTS-AES-128 Decryption with pre-expanded keys | |
146 | * @requires AES-NI | |
147 | */ | |
148 | ||
149 | void XTS_AES_128_dec_expanded_key( | |
150 | uint8_t *k2, //!< expanded key used for tweaking, 16*11 bytes - encryption key is used | |
151 | uint8_t *k1, //!< expanded decryption key used for decryption of tweaked ciphertext, 16*11 bytes | |
152 | uint8_t *TW_initial, //!< initial tweak value, 16 bytes | |
153 | uint64_t N, //!< sector size, in bytes | |
154 | const uint8_t *ct, //!< ciphertext sector input data | |
155 | uint8_t *pt //!< plaintext sector output data | |
156 | ); | |
157 | ||
158 | /** @brief XTS-AES-256 Encryption | |
159 | * @requires AES-NI | |
160 | */ | |
161 | ||
162 | void XTS_AES_256_enc( | |
163 | uint8_t *k2, //!< key used for tweaking, 16*2 bytes | |
164 | uint8_t *k1, //!< key used for encryption of tweaked plaintext, 16*2 bytes | |
165 | uint8_t *TW_initial, //!< initial tweak value, 16 bytes | |
166 | uint64_t N, //!< sector size, in bytes | |
167 | const uint8_t *pt, //!< plaintext sector input data | |
168 | uint8_t *ct //!< ciphertext sector output data | |
169 | ); | |
170 | ||
171 | /** @brief XTS-AES-256 Encryption with pre-expanded keys | |
172 | * @requires AES-NI | |
173 | */ | |
174 | ||
175 | void XTS_AES_256_enc_expanded_key( | |
176 | uint8_t *k2, //!< expanded key used for tweaking, 16*15 bytes | |
177 | uint8_t *k1, //!< expanded key used for encryption of tweaked plaintext, 16*15 bytes | |
178 | uint8_t *TW_initial, //!< initial tweak value, 16 bytes | |
179 | uint64_t N, //!< sector size, in bytes | |
180 | const uint8_t *pt, //!< plaintext sector input data | |
181 | uint8_t *ct //!< ciphertext sector output data | |
182 | ); | |
183 | ||
184 | /** @brief XTS-AES-256 Decryption | |
185 | * @requires AES-NI | |
186 | */ | |
187 | ||
188 | void XTS_AES_256_dec( | |
189 | uint8_t *k2, //!< key used for tweaking, 16*2 bytes | |
190 | uint8_t *k1, //!< key used for decryption of tweaked ciphertext, 16*2 bytes | |
191 | uint8_t *TW_initial, //!< initial tweak value, 16 bytes | |
192 | uint64_t N, //!< sector size, in bytes | |
193 | const uint8_t *ct, //!< ciphertext sector input data | |
194 | uint8_t *pt //!< plaintext sector output data | |
195 | ); | |
196 | ||
197 | /** @brief XTS-AES-256 Decryption with pre-expanded keys | |
198 | * @requires AES-NI | |
199 | */ | |
200 | ||
201 | void XTS_AES_256_dec_expanded_key( | |
202 | uint8_t *k2, //!< expanded key used for tweaking, 16*15 bytes - encryption key is used | |
203 | uint8_t *k1, //!< expanded decryption key used for decryption of tweaked ciphertext, 16*15 bytes | |
204 | uint8_t *TW_initial, //!< initial tweak value, 16 bytes | |
205 | uint64_t N, //!< sector size, in bytes | |
206 | const uint8_t *ct, //!< ciphertext sector input data | |
207 | uint8_t *pt //!< plaintext sector output data | |
208 | ); | |
209 | ||
210 | #ifdef __cplusplus | |
211 | } | |
212 | #endif | |
213 | ||
214 | #endif //_AES_XTS_H |