1 /** 2 * \file aes.h 3 * 4 * \brief This file contains AES definitions and functions. 5 * 6 * The Advanced Encryption Standard (AES) specifies a FIPS-approved 7 * cryptographic algorithm that can be used to protect electronic 8 * data. 9 * 10 * The AES algorithm is a symmetric block cipher that can 11 * encrypt and decrypt information. For more information, see 12 * <em>FIPS Publication 197: Advanced Encryption Standard</em> and 13 * <em>ISO/IEC 18033-2:2006: Information technology -- Security 14 * techniques -- Encryption algorithms -- Part 2: Asymmetric 15 * ciphers</em>. 16 * 17 * The AES-XTS block mode is standardized by NIST SP 800-38E 18 * <https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38e.pdf> 19 * and described in detail by IEEE P1619 20 * <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>. 21 */ 22 23 /* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. 24 * SPDX-License-Identifier: Apache-2.0 25 * 26 * Licensed under the Apache License, Version 2.0 (the "License"); you may 27 * not use this file except in compliance with the License. 28 * You may obtain a copy of the License at 29 * 30 * http://www.apache.org/licenses/LICENSE-2.0 31 * 32 * Unless required by applicable law or agreed to in writing, software 33 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 34 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 35 * See the License for the specific language governing permissions and 36 * limitations under the License. 37 * 38 * This file is part of Mbed TLS (https://tls.mbed.org) 39 */ 40 41 #ifndef MBEDTLS_AES_H 42 #define MBEDTLS_AES_H 43 44 #if !defined(MBEDTLS_CONFIG_FILE) 45 #include "config.h" 46 #else 47 #include MBEDTLS_CONFIG_FILE 48 #endif 49 50 #include <stddef.h> 51 #include <stdint.h> 52 53 /* padlock.c and aesni.c rely on these values! */ 54 #define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ 55 #define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ 56 57 /* Error codes in range 0x0020-0x0022 */ 58 #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ 59 #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ 60 61 /* Error codes in range 0x0021-0x0025 */ 62 #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 /**< Invalid input data. */ 63 64 /* MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE is deprecated and should not be used. */ 65 #define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */ 66 67 /* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */ 68 #define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */ 69 70 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 71 !defined(inline) && !defined(__cplusplus) 72 #define inline __inline 73 #endif 74 75 #ifdef __cplusplus 76 extern "C" { 77 #endif 78 79 #if !defined(MBEDTLS_AES_ALT) 80 // Regular implementation 81 // 82 83 /** 84 * \brief The AES context-type definition. 85 */ 86 typedef struct mbedtls_aes_context 87 { 88 int nr; /*!< The number of rounds. */ 89 uint32_t *rk; /*!< AES round keys. */ 90 uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can 91 hold 32 extra Bytes, which can be used for 92 one of the following purposes: 93 <ul><li>Alignment if VIA padlock is 94 used.</li> 95 <li>Simplifying key expansion in the 256-bit 96 case by generating an extra round key. 97 </li></ul> */ 98 } 99 mbedtls_aes_context; 100 101 #if defined(MBEDTLS_CIPHER_MODE_XTS) 102 /** 103 * \brief The AES XTS context-type definition. 104 */ 105 typedef struct mbedtls_aes_xts_context 106 { 107 mbedtls_aes_context crypt; /*!< The AES context to use for AES block 108 encryption or decryption. */ 109 mbedtls_aes_context tweak; /*!< The AES context used for tweak 110 computation. */ 111 } mbedtls_aes_xts_context; 112 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 113 114 #else /* MBEDTLS_AES_ALT */ 115 #include "aes_alt.h" 116 #endif /* MBEDTLS_AES_ALT */ 117 118 /** 119 * \brief This function initializes the specified AES context. 120 * 121 * It must be the first API called before using 122 * the context. 123 * 124 * \param ctx The AES context to initialize. This must not be \c NULL. 125 */ 126 void mbedtls_aes_init( mbedtls_aes_context *ctx ); 127 128 /** 129 * \brief This function releases and clears the specified AES context. 130 * 131 * \param ctx The AES context to clear. 132 * If this is \c NULL, this function does nothing. 133 * Otherwise, the context must have been at least initialized. 134 */ 135 void mbedtls_aes_free( mbedtls_aes_context *ctx ); 136 137 #if defined(MBEDTLS_CIPHER_MODE_XTS) 138 /** 139 * \brief This function initializes the specified AES XTS context. 140 * 141 * It must be the first API called before using 142 * the context. 143 * 144 * \param ctx The AES XTS context to initialize. This must not be \c NULL. 145 */ 146 void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ); 147 148 /** 149 * \brief This function releases and clears the specified AES XTS context. 150 * 151 * \param ctx The AES XTS context to clear. 152 * If this is \c NULL, this function does nothing. 153 * Otherwise, the context must have been at least initialized. 154 */ 155 void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); 156 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 157 158 /** 159 * \brief This function sets the encryption key. 160 * 161 * \param ctx The AES context to which the key should be bound. 162 * It must be initialized. 163 * \param key The encryption key. 164 * This must be a readable buffer of size \p keybits bits. 165 * \param keybits The size of data passed in bits. Valid options are: 166 * <ul><li>128 bits</li> 167 * <li>192 bits</li> 168 * <li>256 bits</li></ul> 169 * 170 * \return \c 0 on success. 171 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 172 */ 173 int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, 174 unsigned int keybits ); 175 176 /** 177 * \brief This function sets the decryption key. 178 * 179 * \param ctx The AES context to which the key should be bound. 180 * It must be initialized. 181 * \param key The decryption key. 182 * This must be a readable buffer of size \p keybits bits. 183 * \param keybits The size of data passed. Valid options are: 184 * <ul><li>128 bits</li> 185 * <li>192 bits</li> 186 * <li>256 bits</li></ul> 187 * 188 * \return \c 0 on success. 189 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 190 */ 191 int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, 192 unsigned int keybits ); 193 194 #if defined(MBEDTLS_CIPHER_MODE_XTS) 195 /** 196 * \brief This function prepares an XTS context for encryption and 197 * sets the encryption key. 198 * 199 * \param ctx The AES XTS context to which the key should be bound. 200 * It must be initialized. 201 * \param key The encryption key. This is comprised of the XTS key1 202 * concatenated with the XTS key2. 203 * This must be a readable buffer of size \p keybits bits. 204 * \param keybits The size of \p key passed in bits. Valid options are: 205 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 206 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 207 * 208 * \return \c 0 on success. 209 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 210 */ 211 int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, 212 const unsigned char *key, 213 unsigned int keybits ); 214 215 /** 216 * \brief This function prepares an XTS context for decryption and 217 * sets the decryption key. 218 * 219 * \param ctx The AES XTS context to which the key should be bound. 220 * It must be initialized. 221 * \param key The decryption key. This is comprised of the XTS key1 222 * concatenated with the XTS key2. 223 * This must be a readable buffer of size \p keybits bits. 224 * \param keybits The size of \p key passed in bits. Valid options are: 225 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 226 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 227 * 228 * \return \c 0 on success. 229 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 230 */ 231 int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, 232 const unsigned char *key, 233 unsigned int keybits ); 234 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 235 236 /** 237 * \brief This function performs an AES single-block encryption or 238 * decryption operation. 239 * 240 * It performs the operation defined in the \p mode parameter 241 * (encrypt or decrypt), on the input data buffer defined in 242 * the \p input parameter. 243 * 244 * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or 245 * mbedtls_aes_setkey_dec() must be called before the first 246 * call to this API with the same context. 247 * 248 * \param ctx The AES context to use for encryption or decryption. 249 * It must be initialized and bound to a key. 250 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 251 * #MBEDTLS_AES_DECRYPT. 252 * \param input The buffer holding the input data. 253 * It must be readable and at least \c 16 Bytes long. 254 * \param output The buffer where the output data will be written. 255 * It must be writeable and at least \c 16 Bytes long. 256 257 * \return \c 0 on success. 258 */ 259 int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, 260 int mode, 261 const unsigned char input[16], 262 unsigned char output[16] ); 263 264 #if defined(MBEDTLS_CIPHER_MODE_CBC) 265 /** 266 * \brief This function performs an AES-CBC encryption or decryption operation 267 * on full blocks. 268 * 269 * It performs the operation defined in the \p mode 270 * parameter (encrypt/decrypt), on the input data buffer defined in 271 * the \p input parameter. 272 * 273 * It can be called as many times as needed, until all the input 274 * data is processed. mbedtls_aes_init(), and either 275 * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called 276 * before the first call to this API with the same context. 277 * 278 * \note This function operates on full blocks, that is, the input size 279 * must be a multiple of the AES block size of \c 16 Bytes. 280 * 281 * \note Upon exit, the content of the IV is updated so that you can 282 * call the same function again on the next 283 * block(s) of data and get the same result as if it was 284 * encrypted in one call. This allows a "streaming" usage. 285 * If you need to retain the contents of the IV, you should 286 * either save it manually or use the cipher module instead. 287 * 288 * 289 * \param ctx The AES context to use for encryption or decryption. 290 * It must be initialized and bound to a key. 291 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 292 * #MBEDTLS_AES_DECRYPT. 293 * \param length The length of the input data in Bytes. This must be a 294 * multiple of the block size (\c 16 Bytes). 295 * \param iv Initialization vector (updated after use). 296 * It must be a readable and writeable buffer of \c 16 Bytes. 297 * \param input The buffer holding the input data. 298 * It must be readable and of size \p length Bytes. 299 * \param output The buffer holding the output data. 300 * It must be writeable and of size \p length Bytes. 301 * 302 * \return \c 0 on success. 303 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH 304 * on failure. 305 */ 306 int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, 307 int mode, 308 size_t length, 309 unsigned char iv[16], 310 const unsigned char *input, 311 unsigned char *output ); 312 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 313 314 #if defined(MBEDTLS_CIPHER_MODE_XTS) 315 /** 316 * \brief This function performs an AES-XTS encryption or decryption 317 * operation for an entire XTS data unit. 318 * 319 * AES-XTS encrypts or decrypts blocks based on their location as 320 * defined by a data unit number. The data unit number must be 321 * provided by \p data_unit. 322 * 323 * NIST SP 800-38E limits the maximum size of a data unit to 2^20 324 * AES blocks. If the data unit is larger than this, this function 325 * returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH. 326 * 327 * \param ctx The AES XTS context to use for AES XTS operations. 328 * It must be initialized and bound to a key. 329 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 330 * #MBEDTLS_AES_DECRYPT. 331 * \param length The length of a data unit in Bytes. This can be any 332 * length between 16 bytes and 2^24 bytes inclusive 333 * (between 1 and 2^20 block cipher blocks). 334 * \param data_unit The address of the data unit encoded as an array of 16 335 * bytes in little-endian format. For disk encryption, this 336 * is typically the index of the block device sector that 337 * contains the data. 338 * \param input The buffer holding the input data (which is an entire 339 * data unit). This function reads \p length Bytes from \p 340 * input. 341 * \param output The buffer holding the output data (which is an entire 342 * data unit). This function writes \p length Bytes to \p 343 * output. 344 * 345 * \return \c 0 on success. 346 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is 347 * smaller than an AES block in size (16 Bytes) or if \p 348 * length is larger than 2^20 blocks (16 MiB). 349 */ 350 int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, 351 int mode, 352 size_t length, 353 const unsigned char data_unit[16], 354 const unsigned char *input, 355 unsigned char *output ); 356 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 357 358 #if defined(MBEDTLS_CIPHER_MODE_CFB) 359 /** 360 * \brief This function performs an AES-CFB128 encryption or decryption 361 * operation. 362 * 363 * It performs the operation defined in the \p mode 364 * parameter (encrypt or decrypt), on the input data buffer 365 * defined in the \p input parameter. 366 * 367 * For CFB, you must set up the context with mbedtls_aes_setkey_enc(), 368 * regardless of whether you are performing an encryption or decryption 369 * operation, that is, regardless of the \p mode parameter. This is 370 * because CFB mode uses the same key schedule for encryption and 371 * decryption. 372 * 373 * \note Upon exit, the content of the IV is updated so that you can 374 * call the same function again on the next 375 * block(s) of data and get the same result as if it was 376 * encrypted in one call. This allows a "streaming" usage. 377 * If you need to retain the contents of the 378 * IV, you must either save it manually or use the cipher 379 * module instead. 380 * 381 * 382 * \param ctx The AES context to use for encryption or decryption. 383 * It must be initialized and bound to a key. 384 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 385 * #MBEDTLS_AES_DECRYPT. 386 * \param length The length of the input data in Bytes. 387 * \param iv_off The offset in IV (updated after use). 388 * It must point to a valid \c size_t. 389 * \param iv The initialization vector (updated after use). 390 * It must be a readable and writeable buffer of \c 16 Bytes. 391 * \param input The buffer holding the input data. 392 * It must be readable and of size \p length Bytes. 393 * \param output The buffer holding the output data. 394 * It must be writeable and of size \p length Bytes. 395 * 396 * \return \c 0 on success. 397 */ 398 int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, 399 int mode, 400 size_t length, 401 size_t *iv_off, 402 unsigned char iv[16], 403 const unsigned char *input, 404 unsigned char *output ); 405 406 /** 407 * \brief This function performs an AES-CFB8 encryption or decryption 408 * operation. 409 * 410 * It performs the operation defined in the \p mode 411 * parameter (encrypt/decrypt), on the input data buffer defined 412 * in the \p input parameter. 413 * 414 * Due to the nature of CFB, you must use the same key schedule for 415 * both encryption and decryption operations. Therefore, you must 416 * use the context initialized with mbedtls_aes_setkey_enc() for 417 * both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 418 * 419 * \note Upon exit, the content of the IV is updated so that you can 420 * call the same function again on the next 421 * block(s) of data and get the same result as if it was 422 * encrypted in one call. This allows a "streaming" usage. 423 * If you need to retain the contents of the 424 * IV, you should either save it manually or use the cipher 425 * module instead. 426 * 427 * 428 * \param ctx The AES context to use for encryption or decryption. 429 * It must be initialized and bound to a key. 430 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 431 * #MBEDTLS_AES_DECRYPT 432 * \param length The length of the input data. 433 * \param iv The initialization vector (updated after use). 434 * It must be a readable and writeable buffer of \c 16 Bytes. 435 * \param input The buffer holding the input data. 436 * It must be readable and of size \p length Bytes. 437 * \param output The buffer holding the output data. 438 * It must be writeable and of size \p length Bytes. 439 * 440 * \return \c 0 on success. 441 */ 442 int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, 443 int mode, 444 size_t length, 445 unsigned char iv[16], 446 const unsigned char *input, 447 unsigned char *output ); 448 #endif /*MBEDTLS_CIPHER_MODE_CFB */ 449 450 #if defined(MBEDTLS_CIPHER_MODE_OFB) 451 /** 452 * \brief This function performs an AES-OFB (Output Feedback Mode) 453 * encryption or decryption operation. 454 * 455 * For OFB, you must set up the context with 456 * mbedtls_aes_setkey_enc(), regardless of whether you are 457 * performing an encryption or decryption operation. This is 458 * because OFB mode uses the same key schedule for encryption and 459 * decryption. 460 * 461 * The OFB operation is identical for encryption or decryption, 462 * therefore no operation mode needs to be specified. 463 * 464 * \note Upon exit, the content of iv, the Initialisation Vector, is 465 * updated so that you can call the same function again on the next 466 * block(s) of data and get the same result as if it was encrypted 467 * in one call. This allows a "streaming" usage, by initialising 468 * iv_off to 0 before the first call, and preserving its value 469 * between calls. 470 * 471 * For non-streaming use, the iv should be initialised on each call 472 * to a unique value, and iv_off set to 0 on each call. 473 * 474 * If you need to retain the contents of the initialisation vector, 475 * you must either save it manually or use the cipher module 476 * instead. 477 * 478 * \warning For the OFB mode, the initialisation vector must be unique 479 * every encryption operation. Reuse of an initialisation vector 480 * will compromise security. 481 * 482 * \param ctx The AES context to use for encryption or decryption. 483 * It must be initialized and bound to a key. 484 * \param length The length of the input data. 485 * \param iv_off The offset in IV (updated after use). 486 * It must point to a valid \c size_t. 487 * \param iv The initialization vector (updated after use). 488 * It must be a readable and writeable buffer of \c 16 Bytes. 489 * \param input The buffer holding the input data. 490 * It must be readable and of size \p length Bytes. 491 * \param output The buffer holding the output data. 492 * It must be writeable and of size \p length Bytes. 493 * 494 * \return \c 0 on success. 495 */ 496 int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, 497 size_t length, 498 size_t *iv_off, 499 unsigned char iv[16], 500 const unsigned char *input, 501 unsigned char *output ); 502 503 #endif /* MBEDTLS_CIPHER_MODE_OFB */ 504 505 #if defined(MBEDTLS_CIPHER_MODE_CTR) 506 /** 507 * \brief This function performs an AES-CTR encryption or decryption 508 * operation. 509 * 510 * This function performs the operation defined in the \p mode 511 * parameter (encrypt/decrypt), on the input data buffer 512 * defined in the \p input parameter. 513 * 514 * Due to the nature of CTR, you must use the same key schedule 515 * for both encryption and decryption operations. Therefore, you 516 * must use the context initialized with mbedtls_aes_setkey_enc() 517 * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 518 * 519 * \warning You must never reuse a nonce value with the same key. Doing so 520 * would void the encryption for the two messages encrypted with 521 * the same nonce and key. 522 * 523 * There are two common strategies for managing nonces with CTR: 524 * 525 * 1. You can handle everything as a single message processed over 526 * successive calls to this function. In that case, you want to 527 * set \p nonce_counter and \p nc_off to 0 for the first call, and 528 * then preserve the values of \p nonce_counter, \p nc_off and \p 529 * stream_block across calls to this function as they will be 530 * updated by this function. 531 * 532 * With this strategy, you must not encrypt more than 2**128 533 * blocks of data with the same key. 534 * 535 * 2. You can encrypt separate messages by dividing the \p 536 * nonce_counter buffer in two areas: the first one used for a 537 * per-message nonce, handled by yourself, and the second one 538 * updated by this function internally. 539 * 540 * For example, you might reserve the first 12 bytes for the 541 * per-message nonce, and the last 4 bytes for internal use. In that 542 * case, before calling this function on a new message you need to 543 * set the first 12 bytes of \p nonce_counter to your chosen nonce 544 * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p 545 * stream_block to be ignored). That way, you can encrypt at most 546 * 2**96 messages of up to 2**32 blocks each with the same key. 547 * 548 * The per-message nonce (or information sufficient to reconstruct 549 * it) needs to be communicated with the ciphertext and must be unique. 550 * The recommended way to ensure uniqueness is to use a message 551 * counter. An alternative is to generate random nonces, but this 552 * limits the number of messages that can be securely encrypted: 553 * for example, with 96-bit random nonces, you should not encrypt 554 * more than 2**32 messages with the same key. 555 * 556 * Note that for both stategies, sizes are measured in blocks and 557 * that an AES block is 16 bytes. 558 * 559 * \warning Upon return, \p stream_block contains sensitive data. Its 560 * content must not be written to insecure storage and should be 561 * securely discarded as soon as it's no longer needed. 562 * 563 * \param ctx The AES context to use for encryption or decryption. 564 * It must be initialized and bound to a key. 565 * \param length The length of the input data. 566 * \param nc_off The offset in the current \p stream_block, for 567 * resuming within the current cipher stream. The 568 * offset pointer should be 0 at the start of a stream. 569 * It must point to a valid \c size_t. 570 * \param nonce_counter The 128-bit nonce and counter. 571 * It must be a readable-writeable buffer of \c 16 Bytes. 572 * \param stream_block The saved stream block for resuming. This is 573 * overwritten by the function. 574 * It must be a readable-writeable buffer of \c 16 Bytes. 575 * \param input The buffer holding the input data. 576 * It must be readable and of size \p length Bytes. 577 * \param output The buffer holding the output data. 578 * It must be writeable and of size \p length Bytes. 579 * 580 * \return \c 0 on success. 581 */ 582 int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, 583 size_t length, 584 size_t *nc_off, 585 unsigned char nonce_counter[16], 586 unsigned char stream_block[16], 587 const unsigned char *input, 588 unsigned char *output ); 589 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 590 591 /** 592 * \brief Internal AES block encryption function. This is only 593 * exposed to allow overriding it using 594 * \c MBEDTLS_AES_ENCRYPT_ALT. 595 * 596 * \param ctx The AES context to use for encryption. 597 * \param input The plaintext block. 598 * \param output The output (ciphertext) block. 599 * 600 * \return \c 0 on success. 601 */ 602 int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, 603 const unsigned char input[16], 604 unsigned char output[16] ); 605 606 /** 607 * \brief Internal AES block decryption function. This is only 608 * exposed to allow overriding it using see 609 * \c MBEDTLS_AES_DECRYPT_ALT. 610 * 611 * \param ctx The AES context to use for decryption. 612 * \param input The ciphertext block. 613 * \param output The output (plaintext) block. 614 * 615 * \return \c 0 on success. 616 */ 617 int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, 618 const unsigned char input[16], 619 unsigned char output[16] ); 620 621 #if !defined(MBEDTLS_DEPRECATED_REMOVED) 622 #if defined(MBEDTLS_DEPRECATED_WARNING) 623 #define MBEDTLS_DEPRECATED __attribute__((deprecated)) 624 #else 625 #define MBEDTLS_DEPRECATED 626 #endif 627 /** 628 * \brief Deprecated internal AES block encryption function 629 * without return value. 630 * 631 * \deprecated Superseded by mbedtls_internal_aes_encrypt() 632 * 633 * \param ctx The AES context to use for encryption. 634 * \param input Plaintext block. 635 * \param output Output (ciphertext) block. 636 */ 637 MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, 638 const unsigned char input[16], 639 unsigned char output[16] ); 640 641 /** 642 * \brief Deprecated internal AES block decryption function 643 * without return value. 644 * 645 * \deprecated Superseded by mbedtls_internal_aes_decrypt() 646 * 647 * \param ctx The AES context to use for decryption. 648 * \param input Ciphertext block. 649 * \param output Output (plaintext) block. 650 */ 651 MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, 652 const unsigned char input[16], 653 unsigned char output[16] ); 654 655 #undef MBEDTLS_DEPRECATED 656 #endif /* !MBEDTLS_DEPRECATED_REMOVED */ 657 658 /** 659 * \brief Checkup routine. 660 * 661 * \return \c 0 on success. 662 * \return \c 1 on failure. 663 */ 664 int mbedtls_aes_self_test( int verbose ); 665 666 #ifdef __cplusplus 667 } 668 #endif 669 670 #endif /* aes.h */ 671