1 /** 2 * \file aes.h 3 * 4 * \brief This file contains AES definitions and functions. 5 * 6 * The Advanced Encryption Standard (AES) specifies a FIPS-approved 7 * cryptographic algorithm that can be used to protect electronic 8 * data. 9 * 10 * The AES algorithm is a symmetric block cipher that can 11 * encrypt and decrypt information. For more information, see 12 * <em>FIPS Publication 197: Advanced Encryption Standard</em> and 13 * <em>ISO/IEC 18033-2:2006: Information technology -- Security 14 * techniques -- Encryption algorithms -- Part 2: Asymmetric 15 * ciphers</em>. 16 * 17 * The AES-XTS block mode is standardized by NIST SP 800-38E 18 * <https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38e.pdf> 19 * and described in detail by IEEE P1619 20 * <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>. 21 */ 22 23 /* 24 * Copyright The Mbed TLS Contributors 25 * SPDX-License-Identifier: Apache-2.0 26 * 27 * Licensed under the Apache License, Version 2.0 (the "License"); you may 28 * not use this file except in compliance with the License. 29 * You may obtain a copy of the License at 30 * 31 * http://www.apache.org/licenses/LICENSE-2.0 32 * 33 * Unless required by applicable law or agreed to in writing, software 34 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 35 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 36 * See the License for the specific language governing permissions and 37 * limitations under the License. 38 */ 39 40 #ifndef MBEDTLS_AES_H 41 #define MBEDTLS_AES_H 42 43 #if !defined(MBEDTLS_CONFIG_FILE) 44 #include "mbedtls/config.h" 45 #else 46 #include MBEDTLS_CONFIG_FILE 47 #endif 48 #include "mbedtls/platform_util.h" 49 50 #include <stddef.h> 51 #include <stdint.h> 52 53 /* padlock.c and aesni.c rely on these values! */ 54 #define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ 55 #define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ 56 57 /* Error codes in range 0x0020-0x0022 */ 58 /** Invalid key length. */ 59 #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 60 /** Invalid data input length. */ 61 #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 62 63 /* Error codes in range 0x0021-0x0025 */ 64 /** Invalid input data. */ 65 #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 66 67 /* MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE is deprecated and should not be used. */ 68 /** Feature not available. For example, an unsupported AES key size. */ 69 #define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 70 71 /* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */ 72 /** AES hardware accelerator failed. */ 73 #define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 74 75 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 76 !defined(inline) && !defined(__cplusplus) 77 #define inline __inline 78 #endif 79 80 #ifdef __cplusplus 81 extern "C" { 82 #endif 83 84 #if !defined(MBEDTLS_AES_ALT) 85 // Regular implementation 86 // 87 88 /** 89 * \brief The AES context-type definition. 90 */ 91 typedef struct mbedtls_aes_context 92 { 93 int nr; /*!< The number of rounds. */ 94 uint32_t *rk; /*!< AES round keys. */ 95 uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can 96 hold 32 extra Bytes, which can be used for 97 one of the following purposes: 98 <ul><li>Alignment if VIA padlock is 99 used.</li> 100 <li>Simplifying key expansion in the 256-bit 101 case by generating an extra round key. 102 </li></ul> */ 103 } 104 mbedtls_aes_context; 105 106 #if defined(MBEDTLS_CIPHER_MODE_XTS) 107 /** 108 * \brief The AES XTS context-type definition. 109 */ 110 typedef struct mbedtls_aes_xts_context 111 { 112 mbedtls_aes_context crypt; /*!< The AES context to use for AES block 113 encryption or decryption. */ 114 mbedtls_aes_context tweak; /*!< The AES context used for tweak 115 computation. */ 116 } mbedtls_aes_xts_context; 117 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 118 119 #else /* MBEDTLS_AES_ALT */ 120 #include "aes_alt.h" 121 #endif /* MBEDTLS_AES_ALT */ 122 123 /** 124 * \brief This function initializes the specified AES context. 125 * 126 * It must be the first API called before using 127 * the context. 128 * 129 * \param ctx The AES context to initialize. This must not be \c NULL. 130 */ 131 void mbedtls_aes_init( mbedtls_aes_context *ctx ); 132 133 /** 134 * \brief This function releases and clears the specified AES context. 135 * 136 * \param ctx The AES context to clear. 137 * If this is \c NULL, this function does nothing. 138 * Otherwise, the context must have been at least initialized. 139 */ 140 void mbedtls_aes_free( mbedtls_aes_context *ctx ); 141 142 #if defined(MBEDTLS_CIPHER_MODE_XTS) 143 /** 144 * \brief This function initializes the specified AES XTS context. 145 * 146 * It must be the first API called before using 147 * the context. 148 * 149 * \param ctx The AES XTS context to initialize. This must not be \c NULL. 150 */ 151 void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ); 152 153 /** 154 * \brief This function releases and clears the specified AES XTS context. 155 * 156 * \param ctx The AES XTS context to clear. 157 * If this is \c NULL, this function does nothing. 158 * Otherwise, the context must have been at least initialized. 159 */ 160 void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); 161 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 162 163 /** 164 * \brief This function sets the encryption key. 165 * 166 * \param ctx The AES context to which the key should be bound. 167 * It must be initialized. 168 * \param key The encryption key. 169 * This must be a readable buffer of size \p keybits bits. 170 * \param keybits The size of data passed in bits. Valid options are: 171 * <ul><li>128 bits</li> 172 * <li>192 bits</li> 173 * <li>256 bits</li></ul> 174 * 175 * \return \c 0 on success. 176 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 177 */ 178 MBEDTLS_CHECK_RETURN_TYPICAL 179 int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, 180 unsigned int keybits ); 181 182 /** 183 * \brief This function sets the decryption key. 184 * 185 * \param ctx The AES context to which the key should be bound. 186 * It must be initialized. 187 * \param key The decryption key. 188 * This must be a readable buffer of size \p keybits bits. 189 * \param keybits The size of data passed. Valid options are: 190 * <ul><li>128 bits</li> 191 * <li>192 bits</li> 192 * <li>256 bits</li></ul> 193 * 194 * \return \c 0 on success. 195 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 196 */ 197 MBEDTLS_CHECK_RETURN_TYPICAL 198 int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, 199 unsigned int keybits ); 200 201 #if defined(MBEDTLS_CIPHER_MODE_XTS) 202 /** 203 * \brief This function prepares an XTS context for encryption and 204 * sets the encryption key. 205 * 206 * \param ctx The AES XTS context to which the key should be bound. 207 * It must be initialized. 208 * \param key The encryption key. This is comprised of the XTS key1 209 * concatenated with the XTS key2. 210 * This must be a readable buffer of size \p keybits bits. 211 * \param keybits The size of \p key passed in bits. Valid options are: 212 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 213 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 214 * 215 * \return \c 0 on success. 216 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 217 */ 218 MBEDTLS_CHECK_RETURN_TYPICAL 219 int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, 220 const unsigned char *key, 221 unsigned int keybits ); 222 223 /** 224 * \brief This function prepares an XTS context for decryption and 225 * sets the decryption key. 226 * 227 * \param ctx The AES XTS context to which the key should be bound. 228 * It must be initialized. 229 * \param key The decryption key. This is comprised of the XTS key1 230 * concatenated with the XTS key2. 231 * This must be a readable buffer of size \p keybits bits. 232 * \param keybits The size of \p key passed in bits. Valid options are: 233 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 234 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 235 * 236 * \return \c 0 on success. 237 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 238 */ 239 MBEDTLS_CHECK_RETURN_TYPICAL 240 int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, 241 const unsigned char *key, 242 unsigned int keybits ); 243 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 244 245 /** 246 * \brief This function performs an AES single-block encryption or 247 * decryption operation. 248 * 249 * It performs the operation defined in the \p mode parameter 250 * (encrypt or decrypt), on the input data buffer defined in 251 * the \p input parameter. 252 * 253 * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or 254 * mbedtls_aes_setkey_dec() must be called before the first 255 * call to this API with the same context. 256 * 257 * \param ctx The AES context to use for encryption or decryption. 258 * It must be initialized and bound to a key. 259 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 260 * #MBEDTLS_AES_DECRYPT. 261 * \param input The buffer holding the input data. 262 * It must be readable and at least \c 16 Bytes long. 263 * \param output The buffer where the output data will be written. 264 * It must be writeable and at least \c 16 Bytes long. 265 266 * \return \c 0 on success. 267 */ 268 MBEDTLS_CHECK_RETURN_TYPICAL 269 int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, 270 int mode, 271 const unsigned char input[16], 272 unsigned char output[16] ); 273 274 #if defined(MBEDTLS_CIPHER_MODE_CBC) 275 /** 276 * \brief This function performs an AES-CBC encryption or decryption operation 277 * on full blocks. 278 * 279 * It performs the operation defined in the \p mode 280 * parameter (encrypt/decrypt), on the input data buffer defined in 281 * the \p input parameter. 282 * 283 * It can be called as many times as needed, until all the input 284 * data is processed. mbedtls_aes_init(), and either 285 * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called 286 * before the first call to this API with the same context. 287 * 288 * \note This function operates on full blocks, that is, the input size 289 * must be a multiple of the AES block size of \c 16 Bytes. 290 * 291 * \note Upon exit, the content of the IV is updated so that you can 292 * call the same function again on the next 293 * block(s) of data and get the same result as if it was 294 * encrypted in one call. This allows a "streaming" usage. 295 * If you need to retain the contents of the IV, you should 296 * either save it manually or use the cipher module instead. 297 * 298 * 299 * \param ctx The AES context to use for encryption or decryption. 300 * It must be initialized and bound to a key. 301 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 302 * #MBEDTLS_AES_DECRYPT. 303 * \param length The length of the input data in Bytes. This must be a 304 * multiple of the block size (\c 16 Bytes). 305 * \param iv Initialization vector (updated after use). 306 * It must be a readable and writeable buffer of \c 16 Bytes. 307 * \param input The buffer holding the input data. 308 * It must be readable and of size \p length Bytes. 309 * \param output The buffer holding the output data. 310 * It must be writeable and of size \p length Bytes. 311 * 312 * \return \c 0 on success. 313 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH 314 * on failure. 315 */ 316 MBEDTLS_CHECK_RETURN_TYPICAL 317 int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, 318 int mode, 319 size_t length, 320 unsigned char iv[16], 321 const unsigned char *input, 322 unsigned char *output ); 323 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 324 325 #if defined(MBEDTLS_CIPHER_MODE_XTS) 326 /** 327 * \brief This function performs an AES-XTS encryption or decryption 328 * operation for an entire XTS data unit. 329 * 330 * AES-XTS encrypts or decrypts blocks based on their location as 331 * defined by a data unit number. The data unit number must be 332 * provided by \p data_unit. 333 * 334 * NIST SP 800-38E limits the maximum size of a data unit to 2^20 335 * AES blocks. If the data unit is larger than this, this function 336 * returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH. 337 * 338 * \param ctx The AES XTS context to use for AES XTS operations. 339 * It must be initialized and bound to a key. 340 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 341 * #MBEDTLS_AES_DECRYPT. 342 * \param length The length of a data unit in Bytes. This can be any 343 * length between 16 bytes and 2^24 bytes inclusive 344 * (between 1 and 2^20 block cipher blocks). 345 * \param data_unit The address of the data unit encoded as an array of 16 346 * bytes in little-endian format. For disk encryption, this 347 * is typically the index of the block device sector that 348 * contains the data. 349 * \param input The buffer holding the input data (which is an entire 350 * data unit). This function reads \p length Bytes from \p 351 * input. 352 * \param output The buffer holding the output data (which is an entire 353 * data unit). This function writes \p length Bytes to \p 354 * output. 355 * 356 * \return \c 0 on success. 357 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is 358 * smaller than an AES block in size (16 Bytes) or if \p 359 * length is larger than 2^20 blocks (16 MiB). 360 */ 361 MBEDTLS_CHECK_RETURN_TYPICAL 362 int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, 363 int mode, 364 size_t length, 365 const unsigned char data_unit[16], 366 const unsigned char *input, 367 unsigned char *output ); 368 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 369 370 #if defined(MBEDTLS_CIPHER_MODE_CFB) 371 /** 372 * \brief This function performs an AES-CFB128 encryption or decryption 373 * operation. 374 * 375 * It performs the operation defined in the \p mode 376 * parameter (encrypt or decrypt), on the input data buffer 377 * defined in the \p input parameter. 378 * 379 * For CFB, you must set up the context with mbedtls_aes_setkey_enc(), 380 * regardless of whether you are performing an encryption or decryption 381 * operation, that is, regardless of the \p mode parameter. This is 382 * because CFB mode uses the same key schedule for encryption and 383 * decryption. 384 * 385 * \note Upon exit, the content of the IV is updated so that you can 386 * call the same function again on the next 387 * block(s) of data and get the same result as if it was 388 * encrypted in one call. This allows a "streaming" usage. 389 * If you need to retain the contents of the 390 * IV, you must either save it manually or use the cipher 391 * module instead. 392 * 393 * 394 * \param ctx The AES context to use for encryption or decryption. 395 * It must be initialized and bound to a key. 396 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 397 * #MBEDTLS_AES_DECRYPT. 398 * \param length The length of the input data in Bytes. 399 * \param iv_off The offset in IV (updated after use). 400 * It must point to a valid \c size_t. 401 * \param iv The initialization vector (updated after use). 402 * It must be a readable and writeable buffer of \c 16 Bytes. 403 * \param input The buffer holding the input data. 404 * It must be readable and of size \p length Bytes. 405 * \param output The buffer holding the output data. 406 * It must be writeable and of size \p length Bytes. 407 * 408 * \return \c 0 on success. 409 */ 410 MBEDTLS_CHECK_RETURN_TYPICAL 411 int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, 412 int mode, 413 size_t length, 414 size_t *iv_off, 415 unsigned char iv[16], 416 const unsigned char *input, 417 unsigned char *output ); 418 419 /** 420 * \brief This function performs an AES-CFB8 encryption or decryption 421 * operation. 422 * 423 * It performs the operation defined in the \p mode 424 * parameter (encrypt/decrypt), on the input data buffer defined 425 * in the \p input parameter. 426 * 427 * Due to the nature of CFB, you must use the same key schedule for 428 * both encryption and decryption operations. Therefore, you must 429 * use the context initialized with mbedtls_aes_setkey_enc() for 430 * both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 431 * 432 * \note Upon exit, the content of the IV is updated so that you can 433 * call the same function again on the next 434 * block(s) of data and get the same result as if it was 435 * encrypted in one call. This allows a "streaming" usage. 436 * If you need to retain the contents of the 437 * IV, you should either save it manually or use the cipher 438 * module instead. 439 * 440 * 441 * \param ctx The AES context to use for encryption or decryption. 442 * It must be initialized and bound to a key. 443 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 444 * #MBEDTLS_AES_DECRYPT 445 * \param length The length of the input data. 446 * \param iv The initialization vector (updated after use). 447 * It must be a readable and writeable buffer of \c 16 Bytes. 448 * \param input The buffer holding the input data. 449 * It must be readable and of size \p length Bytes. 450 * \param output The buffer holding the output data. 451 * It must be writeable and of size \p length Bytes. 452 * 453 * \return \c 0 on success. 454 */ 455 MBEDTLS_CHECK_RETURN_TYPICAL 456 int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, 457 int mode, 458 size_t length, 459 unsigned char iv[16], 460 const unsigned char *input, 461 unsigned char *output ); 462 #endif /*MBEDTLS_CIPHER_MODE_CFB */ 463 464 #if defined(MBEDTLS_CIPHER_MODE_OFB) 465 /** 466 * \brief This function performs an AES-OFB (Output Feedback Mode) 467 * encryption or decryption operation. 468 * 469 * For OFB, you must set up the context with 470 * mbedtls_aes_setkey_enc(), regardless of whether you are 471 * performing an encryption or decryption operation. This is 472 * because OFB mode uses the same key schedule for encryption and 473 * decryption. 474 * 475 * The OFB operation is identical for encryption or decryption, 476 * therefore no operation mode needs to be specified. 477 * 478 * \note Upon exit, the content of iv, the Initialisation Vector, is 479 * updated so that you can call the same function again on the next 480 * block(s) of data and get the same result as if it was encrypted 481 * in one call. This allows a "streaming" usage, by initialising 482 * iv_off to 0 before the first call, and preserving its value 483 * between calls. 484 * 485 * For non-streaming use, the iv should be initialised on each call 486 * to a unique value, and iv_off set to 0 on each call. 487 * 488 * If you need to retain the contents of the initialisation vector, 489 * you must either save it manually or use the cipher module 490 * instead. 491 * 492 * \warning For the OFB mode, the initialisation vector must be unique 493 * every encryption operation. Reuse of an initialisation vector 494 * will compromise security. 495 * 496 * \param ctx The AES context to use for encryption or decryption. 497 * It must be initialized and bound to a key. 498 * \param length The length of the input data. 499 * \param iv_off The offset in IV (updated after use). 500 * It must point to a valid \c size_t. 501 * \param iv The initialization vector (updated after use). 502 * It must be a readable and writeable buffer of \c 16 Bytes. 503 * \param input The buffer holding the input data. 504 * It must be readable and of size \p length Bytes. 505 * \param output The buffer holding the output data. 506 * It must be writeable and of size \p length Bytes. 507 * 508 * \return \c 0 on success. 509 */ 510 MBEDTLS_CHECK_RETURN_TYPICAL 511 int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, 512 size_t length, 513 size_t *iv_off, 514 unsigned char iv[16], 515 const unsigned char *input, 516 unsigned char *output ); 517 518 #endif /* MBEDTLS_CIPHER_MODE_OFB */ 519 520 #if defined(MBEDTLS_CIPHER_MODE_CTR) 521 /** 522 * \brief This function performs an AES-CTR encryption or decryption 523 * operation. 524 * 525 * Due to the nature of CTR, you must use the same key schedule 526 * for both encryption and decryption operations. Therefore, you 527 * must use the context initialized with mbedtls_aes_setkey_enc() 528 * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 529 * 530 * \warning You must never reuse a nonce value with the same key. Doing so 531 * would void the encryption for the two messages encrypted with 532 * the same nonce and key. 533 * 534 * There are two common strategies for managing nonces with CTR: 535 * 536 * 1. You can handle everything as a single message processed over 537 * successive calls to this function. In that case, you want to 538 * set \p nonce_counter and \p nc_off to 0 for the first call, and 539 * then preserve the values of \p nonce_counter, \p nc_off and \p 540 * stream_block across calls to this function as they will be 541 * updated by this function. 542 * 543 * With this strategy, you must not encrypt more than 2**128 544 * blocks of data with the same key. 545 * 546 * 2. You can encrypt separate messages by dividing the \p 547 * nonce_counter buffer in two areas: the first one used for a 548 * per-message nonce, handled by yourself, and the second one 549 * updated by this function internally. 550 * 551 * For example, you might reserve the first 12 bytes for the 552 * per-message nonce, and the last 4 bytes for internal use. In that 553 * case, before calling this function on a new message you need to 554 * set the first 12 bytes of \p nonce_counter to your chosen nonce 555 * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p 556 * stream_block to be ignored). That way, you can encrypt at most 557 * 2**96 messages of up to 2**32 blocks each with the same key. 558 * 559 * The per-message nonce (or information sufficient to reconstruct 560 * it) needs to be communicated with the ciphertext and must be unique. 561 * The recommended way to ensure uniqueness is to use a message 562 * counter. An alternative is to generate random nonces, but this 563 * limits the number of messages that can be securely encrypted: 564 * for example, with 96-bit random nonces, you should not encrypt 565 * more than 2**32 messages with the same key. 566 * 567 * Note that for both strategies, sizes are measured in blocks and 568 * that an AES block is 16 bytes. 569 * 570 * \warning Upon return, \p stream_block contains sensitive data. Its 571 * content must not be written to insecure storage and should be 572 * securely discarded as soon as it's no longer needed. 573 * 574 * \param ctx The AES context to use for encryption or decryption. 575 * It must be initialized and bound to a key. 576 * \param length The length of the input data. 577 * \param nc_off The offset in the current \p stream_block, for 578 * resuming within the current cipher stream. The 579 * offset pointer should be 0 at the start of a stream. 580 * It must point to a valid \c size_t. 581 * \param nonce_counter The 128-bit nonce and counter. 582 * It must be a readable-writeable buffer of \c 16 Bytes. 583 * \param stream_block The saved stream block for resuming. This is 584 * overwritten by the function. 585 * It must be a readable-writeable buffer of \c 16 Bytes. 586 * \param input The buffer holding the input data. 587 * It must be readable and of size \p length Bytes. 588 * \param output The buffer holding the output data. 589 * It must be writeable and of size \p length Bytes. 590 * 591 * \return \c 0 on success. 592 */ 593 MBEDTLS_CHECK_RETURN_TYPICAL 594 int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, 595 size_t length, 596 size_t *nc_off, 597 unsigned char nonce_counter[16], 598 unsigned char stream_block[16], 599 const unsigned char *input, 600 unsigned char *output ); 601 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 602 603 /** 604 * \brief Internal AES block encryption function. This is only 605 * exposed to allow overriding it using 606 * \c MBEDTLS_AES_ENCRYPT_ALT. 607 * 608 * \param ctx The AES context to use for encryption. 609 * \param input The plaintext block. 610 * \param output The output (ciphertext) block. 611 * 612 * \return \c 0 on success. 613 */ 614 MBEDTLS_CHECK_RETURN_TYPICAL 615 int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, 616 const unsigned char input[16], 617 unsigned char output[16] ); 618 619 /** 620 * \brief Internal AES block decryption function. This is only 621 * exposed to allow overriding it using see 622 * \c MBEDTLS_AES_DECRYPT_ALT. 623 * 624 * \param ctx The AES context to use for decryption. 625 * \param input The ciphertext block. 626 * \param output The output (plaintext) block. 627 * 628 * \return \c 0 on success. 629 */ 630 MBEDTLS_CHECK_RETURN_TYPICAL 631 int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, 632 const unsigned char input[16], 633 unsigned char output[16] ); 634 635 #if !defined(MBEDTLS_DEPRECATED_REMOVED) 636 #if defined(MBEDTLS_DEPRECATED_WARNING) 637 #define MBEDTLS_DEPRECATED __attribute__((deprecated)) 638 #else 639 #define MBEDTLS_DEPRECATED 640 #endif 641 /** 642 * \brief Deprecated internal AES block encryption function 643 * without return value. 644 * 645 * \deprecated Superseded by mbedtls_internal_aes_encrypt() 646 * 647 * \param ctx The AES context to use for encryption. 648 * \param input Plaintext block. 649 * \param output Output (ciphertext) block. 650 */ 651 MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, 652 const unsigned char input[16], 653 unsigned char output[16] ); 654 655 /** 656 * \brief Deprecated internal AES block decryption function 657 * without return value. 658 * 659 * \deprecated Superseded by mbedtls_internal_aes_decrypt() 660 * 661 * \param ctx The AES context to use for decryption. 662 * \param input Ciphertext block. 663 * \param output Output (plaintext) block. 664 */ 665 MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, 666 const unsigned char input[16], 667 unsigned char output[16] ); 668 669 #undef MBEDTLS_DEPRECATED 670 #endif /* !MBEDTLS_DEPRECATED_REMOVED */ 671 672 673 #if defined(MBEDTLS_SELF_TEST) 674 /** 675 * \brief Checkup routine. 676 * 677 * \return \c 0 on success. 678 * \return \c 1 on failure. 679 */ 680 MBEDTLS_CHECK_RETURN_CRITICAL 681 int mbedtls_aes_self_test( int verbose ); 682 683 #endif /* MBEDTLS_SELF_TEST */ 684 685 #ifdef __cplusplus 686 } 687 #endif 688 689 #endif /* aes.h */ 690