Software APIs
aes.h
Go to the documentation of this file.
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_AES_H_
6 #define OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_AES_H_
7 
8 #include "datatypes.h"
9 
10 /**
11  * @file
12  * @brief AES operations for the OpenTitan cryptography library.
13  */
14 
15 #ifdef __cplusplus
16 extern "C" {
17 #endif // __cplusplus
18 
19 /**
20  * Enum to define AES mode of operation.
21  *
22  * Values are hardened.
23  */
24 typedef enum otcrypto_aes_mode {
25  // AES ECB mode (electronic codebook mode).
26  kOtcryptoAesModeEcb = 0x533,
27  // AES CBC mode (cipher block chaining mode).
28  kOtcryptoAesModeCbc = 0x45d,
29  // AES CFB mode (cipher feedback mode).
30  kOtcryptoAesModeCfb = 0xcd2,
31  // AES OFB mode (output feedback mode).
32  kOtcryptoAesModeOfb = 0x39a,
33  // AES CTR mode (counter mode).
34  kOtcryptoAesModeCtr = 0xd2c,
35 } otcrypto_aes_mode_t;
36 
37 /**
38  * Enum to define AES operation to be performed.
39  *
40  * Values are hardened.
41  */
42 typedef enum otcrypto_aes_operation {
43  // AES operation mode encrypt.
44  kOtcryptoAesOperationEncrypt = 0x2b6,
45  // AES operation mode decrypt.
46  kOtcryptoAesOperationDecrypt = 0x5f0,
47 } otcrypto_aes_operation_t;
48 
49 /**
50  * Enum to define padding scheme for AES data.
51  *
52  * Values are hardened.
53  */
54 typedef enum otcrypto_aes_padding {
55  // Pads with value same as the number of padding bytes.
56  kOtcryptoAesPaddingPkcs7 = 0xe7f,
57  // Pads with 0x80 (10000000), followed by zero bytes.
58  kOtcryptoAesPaddingIso9797M2 = 0xfac,
59  // Add no padding.
60  kOtcryptoAesPaddingNull = 0x8ce,
61 } otcrypto_aes_padding_t;
62 
63 /**
64  * Get the number of blocks needed for the plaintext length and padding mode.
65  *
66  * This returns the size of the padded plaintext, which is the same as the
67  * ciphertext size. Returns `kOtcryptoStatusValueBadArgs` if the padding mode
68  * and length are incompatible (for instance, if the padding mode is "no
69  * padding" but the input length is not a multiple of the AES block size).
70  *
71  * @param plaintext_len Plaintext data length in bytes.
72  * @param aes_padding Padding scheme to be used for the data.
73  * @return Size of the padded input or ciphertext.
74  * @return Result of the operation.
75  */
76 otcrypto_status_t otcrypto_aes_padded_plaintext_length(
77  size_t plaintext_len, otcrypto_aes_padding_t aes_padding,
78  size_t *padded_len);
79 
80 /**
81  * Performs the AES operation.
82  *
83  * The input data in the `cipher_input` is first padded using the
84  * `aes_padding` scheme and the output is copied to `cipher_output`.
85  *
86  * The caller should allocate space for the `cipher_output` buffer, which is
87  * given in bytes by `otcrypto_aes_padded_plaintext_length`, and set the number
88  * of bytes allocated in the `len` field of the output. If the user-set length
89  * and the expected length do not match, an error message will be returned.
90  *
91  * Note that, during decryption, the padding mode is ignored. This function
92  * will NOT check the padding or return an error if the padding is invalid,
93  * since doing so could expose a padding oracle (especially in CBC mode).
94  *
95  * @param key Pointer to the blinded key struct with key shares.
96  * @param iv Initialization vector, used for CBC, CFB, OFB, CTR modes. May be
97  * NULL if mode is ECB.
98  * @param aes_mode Required AES mode of operation.
99  * @param aes_operation Required AES operation (encrypt or decrypt).
100  * @param cipher_input Input data to be ciphered.
101  * @param aes_padding Padding scheme to be used for the data.
102  * @param[out] cipher_output Output data after cipher operation.
103  * @return The result of the cipher operation.
104  */
105 otcrypto_status_t otcrypto_aes(const otcrypto_blinded_key_t *key,
106  otcrypto_word32_buf_t iv,
107  otcrypto_aes_mode_t aes_mode,
108  otcrypto_aes_operation_t aes_operation,
109  otcrypto_const_byte_buf_t cipher_input,
110  otcrypto_aes_padding_t aes_padding,
111  otcrypto_byte_buf_t cipher_output);
112 
113 #ifdef __cplusplus
114 } // extern "C"
115 #endif // __cplusplus
116 
117 #endif // OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_AES_H_
Return to OpenTitan Documentation