1 /** 2 * \file aes.h 3 * 4 * \brief This file contains AES definitions and functions. 5 * 6 * The Advanced Encryption Standard (AES) specifies a FIPS-approved 7 * cryptographic algorithm that can be used to protect electronic 8 * data. 9 * 10 * The AES algorithm is a symmetric block cipher that can 11 * encrypt and decrypt information. For more information, see 12 * <em>FIPS Publication 197: Advanced Encryption Standard</em> and 13 * <em>ISO/IEC 18033-2:2006: Information technology -- Security 14 * techniques -- Encryption algorithms -- Part 2: Asymmetric 15 * ciphers</em>. 16 * 17 * The AES-XTS block mode is standardized by NIST SP 800-38E 18 * <https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38e.pdf> 19 * and described in detail by IEEE P1619 20 * <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>. 21 */ 22 23 /* 24 * Copyright The Mbed TLS Contributors 25 * SPDX-License-Identifier: Apache-2.0 26 * 27 * Licensed under the Apache License, Version 2.0 (the "License"); you may 28 * not use this file except in compliance with the License. 29 * You may obtain a copy of the License at 30 * 31 * http://www.apache.org/licenses/LICENSE-2.0 32 * 33 * Unless required by applicable law or agreed to in writing, software 34 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 35 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 36 * See the License for the specific language governing permissions and 37 * limitations under the License. 38 */ 39 40 #ifndef MBEDTLS_AES_H 41 #define MBEDTLS_AES_H 42 43 #if !defined(MBEDTLS_CONFIG_FILE) 44 #include "mbedtls/config.h" 45 #else 46 #include MBEDTLS_CONFIG_FILE 47 #endif 48 49 #include <stddef.h> 50 #include <stdint.h> 51 52 /* padlock.c and aesni.c rely on these values! */ 53 #define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ 54 #define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ 55 56 /* Error codes in range 0x0020-0x0022 */ 57 #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ 58 #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ 59 60 /* Error codes in range 0x0021-0x0025 */ 61 #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 /**< Invalid input data. */ 62 63 /* MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE is deprecated and should not be used. */ 64 #define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */ 65 66 /* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */ 67 #define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */ 68 69 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 70 !defined(inline) && !defined(__cplusplus) 71 #define inline __inline 72 #endif 73 74 #ifdef __cplusplus 75 extern "C" { 76 #endif 77 78 #if !defined(MBEDTLS_AES_ALT) 79 // Regular implementation 80 // 81 82 /** 83 * \brief The AES context-type definition. 84 */ 85 typedef struct mbedtls_aes_context 86 { 87 int nr; /*!< The number of rounds. */ 88 uint32_t *rk; /*!< AES round keys. */ 89 uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can 90 hold 32 extra Bytes, which can be used for 91 one of the following purposes: 92 <ul><li>Alignment if VIA padlock is 93 used.</li> 94 <li>Simplifying key expansion in the 256-bit 95 case by generating an extra round key. 96 </li></ul> */ 97 } 98 mbedtls_aes_context; 99 100 #if defined(MBEDTLS_CIPHER_MODE_XTS) 101 /** 102 * \brief The AES XTS context-type definition. 103 */ 104 typedef struct mbedtls_aes_xts_context 105 { 106 mbedtls_aes_context crypt; /*!< The AES context to use for AES block 107 encryption or decryption. */ 108 mbedtls_aes_context tweak; /*!< The AES context used for tweak 109 computation. */ 110 } mbedtls_aes_xts_context; 111 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 112 113 #else /* MBEDTLS_AES_ALT */ 114 #include "aes_alt.h" 115 #endif /* MBEDTLS_AES_ALT */ 116 117 /** 118 * \brief This function initializes the specified AES context. 119 * 120 * It must be the first API called before using 121 * the context. 122 * 123 * \param ctx The AES context to initialize. This must not be \c NULL. 124 */ 125 void mbedtls_aes_init( mbedtls_aes_context *ctx ); 126 127 /** 128 * \brief This function releases and clears the specified AES context. 129 * 130 * \param ctx The AES context to clear. 131 * If this is \c NULL, this function does nothing. 132 * Otherwise, the context must have been at least initialized. 133 */ 134 void mbedtls_aes_free( mbedtls_aes_context *ctx ); 135 136 #if defined(MBEDTLS_CIPHER_MODE_XTS) 137 /** 138 * \brief This function initializes the specified AES XTS context. 139 * 140 * It must be the first API called before using 141 * the context. 142 * 143 * \param ctx The AES XTS context to initialize. This must not be \c NULL. 144 */ 145 void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ); 146 147 /** 148 * \brief This function releases and clears the specified AES XTS context. 149 * 150 * \param ctx The AES XTS context to clear. 151 * If this is \c NULL, this function does nothing. 152 * Otherwise, the context must have been at least initialized. 153 */ 154 void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); 155 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 156 157 /** 158 * \brief This function sets the encryption key. 159 * 160 * \param ctx The AES context to which the key should be bound. 161 * It must be initialized. 162 * \param key The encryption key. 163 * This must be a readable buffer of size \p keybits bits. 164 * \param keybits The size of data passed in bits. Valid options are: 165 * <ul><li>128 bits</li> 166 * <li>192 bits</li> 167 * <li>256 bits</li></ul> 168 * 169 * \return \c 0 on success. 170 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 171 */ 172 int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, 173 unsigned int keybits ); 174 175 /** 176 * \brief This function sets the decryption key. 177 * 178 * \param ctx The AES context to which the key should be bound. 179 * It must be initialized. 180 * \param key The decryption key. 181 * This must be a readable buffer of size \p keybits bits. 182 * \param keybits The size of data passed. Valid options are: 183 * <ul><li>128 bits</li> 184 * <li>192 bits</li> 185 * <li>256 bits</li></ul> 186 * 187 * \return \c 0 on success. 188 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 189 */ 190 int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, 191 unsigned int keybits ); 192 193 #if defined(MBEDTLS_CIPHER_MODE_XTS) 194 /** 195 * \brief This function prepares an XTS context for encryption and 196 * sets the encryption key. 197 * 198 * \param ctx The AES XTS context to which the key should be bound. 199 * It must be initialized. 200 * \param key The encryption key. This is comprised of the XTS key1 201 * concatenated with the XTS key2. 202 * This must be a readable buffer of size \p keybits bits. 203 * \param keybits The size of \p key passed in bits. Valid options are: 204 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 205 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 206 * 207 * \return \c 0 on success. 208 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 209 */ 210 int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, 211 const unsigned char *key, 212 unsigned int keybits ); 213 214 /** 215 * \brief This function prepares an XTS context for decryption and 216 * sets the decryption key. 217 * 218 * \param ctx The AES XTS context to which the key should be bound. 219 * It must be initialized. 220 * \param key The decryption key. This is comprised of the XTS key1 221 * concatenated with the XTS key2. 222 * This must be a readable buffer of size \p keybits bits. 223 * \param keybits The size of \p key passed in bits. Valid options are: 224 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 225 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 226 * 227 * \return \c 0 on success. 228 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 229 */ 230 int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, 231 const unsigned char *key, 232 unsigned int keybits ); 233 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 234 235 /** 236 * \brief This function performs an AES single-block encryption or 237 * decryption operation. 238 * 239 * It performs the operation defined in the \p mode parameter 240 * (encrypt or decrypt), on the input data buffer defined in 241 * the \p input parameter. 242 * 243 * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or 244 * mbedtls_aes_setkey_dec() must be called before the first 245 * call to this API with the same context. 246 * 247 * \param ctx The AES context to use for encryption or decryption. 248 * It must be initialized and bound to a key. 249 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 250 * #MBEDTLS_AES_DECRYPT. 251 * \param input The buffer holding the input data. 252 * It must be readable and at least \c 16 Bytes long. 253 * \param output The buffer where the output data will be written. 254 * It must be writeable and at least \c 16 Bytes long. 255 256 * \return \c 0 on success. 257 */ 258 int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, 259 int mode, 260 const unsigned char input[16], 261 unsigned char output[16] ); 262 263 #if defined(MBEDTLS_CIPHER_MODE_CBC) 264 /** 265 * \brief This function performs an AES-CBC encryption or decryption operation 266 * on full blocks. 267 * 268 * It performs the operation defined in the \p mode 269 * parameter (encrypt/decrypt), on the input data buffer defined in 270 * the \p input parameter. 271 * 272 * It can be called as many times as needed, until all the input 273 * data is processed. mbedtls_aes_init(), and either 274 * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called 275 * before the first call to this API with the same context. 276 * 277 * \note This function operates on full blocks, that is, the input size 278 * must be a multiple of the AES block size of \c 16 Bytes. 279 * 280 * \note Upon exit, the content of the IV is updated so that you can 281 * call the same function again on the next 282 * block(s) of data and get the same result as if it was 283 * encrypted in one call. This allows a "streaming" usage. 284 * If you need to retain the contents of the IV, you should 285 * either save it manually or use the cipher module instead. 286 * 287 * 288 * \param ctx The AES context to use for encryption or decryption. 289 * It must be initialized and bound to a key. 290 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 291 * #MBEDTLS_AES_DECRYPT. 292 * \param length The length of the input data in Bytes. This must be a 293 * multiple of the block size (\c 16 Bytes). 294 * \param iv Initialization vector (updated after use). 295 * It must be a readable and writeable buffer of \c 16 Bytes. 296 * \param input The buffer holding the input data. 297 * It must be readable and of size \p length Bytes. 298 * \param output The buffer holding the output data. 299 * It must be writeable and of size \p length Bytes. 300 * 301 * \return \c 0 on success. 302 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH 303 * on failure. 304 */ 305 int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, 306 int mode, 307 size_t length, 308 unsigned char iv[16], 309 const unsigned char *input, 310 unsigned char *output ); 311 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 312 313 #if defined(MBEDTLS_CIPHER_MODE_XTS) 314 /** 315 * \brief This function performs an AES-XTS encryption or decryption 316 * operation for an entire XTS data unit. 317 * 318 * AES-XTS encrypts or decrypts blocks based on their location as 319 * defined by a data unit number. The data unit number must be 320 * provided by \p data_unit. 321 * 322 * NIST SP 800-38E limits the maximum size of a data unit to 2^20 323 * AES blocks. If the data unit is larger than this, this function 324 * returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH. 325 * 326 * \param ctx The AES XTS context to use for AES XTS operations. 327 * It must be initialized and bound to a key. 328 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 329 * #MBEDTLS_AES_DECRYPT. 330 * \param length The length of a data unit in Bytes. This can be any 331 * length between 16 bytes and 2^24 bytes inclusive 332 * (between 1 and 2^20 block cipher blocks). 333 * \param data_unit The address of the data unit encoded as an array of 16 334 * bytes in little-endian format. For disk encryption, this 335 * is typically the index of the block device sector that 336 * contains the data. 337 * \param input The buffer holding the input data (which is an entire 338 * data unit). This function reads \p length Bytes from \p 339 * input. 340 * \param output The buffer holding the output data (which is an entire 341 * data unit). This function writes \p length Bytes to \p 342 * output. 343 * 344 * \return \c 0 on success. 345 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is 346 * smaller than an AES block in size (16 Bytes) or if \p 347 * length is larger than 2^20 blocks (16 MiB). 348 */ 349 int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, 350 int mode, 351 size_t length, 352 const unsigned char data_unit[16], 353 const unsigned char *input, 354 unsigned char *output ); 355 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 356 357 #if defined(MBEDTLS_CIPHER_MODE_CFB) 358 /** 359 * \brief This function performs an AES-CFB128 encryption or decryption 360 * operation. 361 * 362 * It performs the operation defined in the \p mode 363 * parameter (encrypt or decrypt), on the input data buffer 364 * defined in the \p input parameter. 365 * 366 * For CFB, you must set up the context with mbedtls_aes_setkey_enc(), 367 * regardless of whether you are performing an encryption or decryption 368 * operation, that is, regardless of the \p mode parameter. This is 369 * because CFB mode uses the same key schedule for encryption and 370 * decryption. 371 * 372 * \note Upon exit, the content of the IV is updated so that you can 373 * call the same function again on the next 374 * block(s) of data and get the same result as if it was 375 * encrypted in one call. This allows a "streaming" usage. 376 * If you need to retain the contents of the 377 * IV, you must either save it manually or use the cipher 378 * module instead. 379 * 380 * 381 * \param ctx The AES context to use for encryption or decryption. 382 * It must be initialized and bound to a key. 383 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 384 * #MBEDTLS_AES_DECRYPT. 385 * \param length The length of the input data in Bytes. 386 * \param iv_off The offset in IV (updated after use). 387 * It must point to a valid \c size_t. 388 * \param iv The initialization vector (updated after use). 389 * It must be a readable and writeable buffer of \c 16 Bytes. 390 * \param input The buffer holding the input data. 391 * It must be readable and of size \p length Bytes. 392 * \param output The buffer holding the output data. 393 * It must be writeable and of size \p length Bytes. 394 * 395 * \return \c 0 on success. 396 */ 397 int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, 398 int mode, 399 size_t length, 400 size_t *iv_off, 401 unsigned char iv[16], 402 const unsigned char *input, 403 unsigned char *output ); 404 405 /** 406 * \brief This function performs an AES-CFB8 encryption or decryption 407 * operation. 408 * 409 * It performs the operation defined in the \p mode 410 * parameter (encrypt/decrypt), on the input data buffer defined 411 * in the \p input parameter. 412 * 413 * Due to the nature of CFB, you must use the same key schedule for 414 * both encryption and decryption operations. Therefore, you must 415 * use the context initialized with mbedtls_aes_setkey_enc() for 416 * both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 417 * 418 * \note Upon exit, the content of the IV is updated so that you can 419 * call the same function again on the next 420 * block(s) of data and get the same result as if it was 421 * encrypted in one call. This allows a "streaming" usage. 422 * If you need to retain the contents of the 423 * IV, you should either save it manually or use the cipher 424 * module instead. 425 * 426 * 427 * \param ctx The AES context to use for encryption or decryption. 428 * It must be initialized and bound to a key. 429 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 430 * #MBEDTLS_AES_DECRYPT 431 * \param length The length of the input data. 432 * \param iv The initialization vector (updated after use). 433 * It must be a readable and writeable buffer of \c 16 Bytes. 434 * \param input The buffer holding the input data. 435 * It must be readable and of size \p length Bytes. 436 * \param output The buffer holding the output data. 437 * It must be writeable and of size \p length Bytes. 438 * 439 * \return \c 0 on success. 440 */ 441 int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, 442 int mode, 443 size_t length, 444 unsigned char iv[16], 445 const unsigned char *input, 446 unsigned char *output ); 447 #endif /*MBEDTLS_CIPHER_MODE_CFB */ 448 449 #if defined(MBEDTLS_CIPHER_MODE_OFB) 450 /** 451 * \brief This function performs an AES-OFB (Output Feedback Mode) 452 * encryption or decryption operation. 453 * 454 * For OFB, you must set up the context with 455 * mbedtls_aes_setkey_enc(), regardless of whether you are 456 * performing an encryption or decryption operation. This is 457 * because OFB mode uses the same key schedule for encryption and 458 * decryption. 459 * 460 * The OFB operation is identical for encryption or decryption, 461 * therefore no operation mode needs to be specified. 462 * 463 * \note Upon exit, the content of iv, the Initialisation Vector, is 464 * updated so that you can call the same function again on the next 465 * block(s) of data and get the same result as if it was encrypted 466 * in one call. This allows a "streaming" usage, by initialising 467 * iv_off to 0 before the first call, and preserving its value 468 * between calls. 469 * 470 * For non-streaming use, the iv should be initialised on each call 471 * to a unique value, and iv_off set to 0 on each call. 472 * 473 * If you need to retain the contents of the initialisation vector, 474 * you must either save it manually or use the cipher module 475 * instead. 476 * 477 * \warning For the OFB mode, the initialisation vector must be unique 478 * every encryption operation. Reuse of an initialisation vector 479 * will compromise security. 480 * 481 * \param ctx The AES context to use for encryption or decryption. 482 * It must be initialized and bound to a key. 483 * \param length The length of the input data. 484 * \param iv_off The offset in IV (updated after use). 485 * It must point to a valid \c size_t. 486 * \param iv The initialization vector (updated after use). 487 * It must be a readable and writeable buffer of \c 16 Bytes. 488 * \param input The buffer holding the input data. 489 * It must be readable and of size \p length Bytes. 490 * \param output The buffer holding the output data. 491 * It must be writeable and of size \p length Bytes. 492 * 493 * \return \c 0 on success. 494 */ 495 int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, 496 size_t length, 497 size_t *iv_off, 498 unsigned char iv[16], 499 const unsigned char *input, 500 unsigned char *output ); 501 502 #endif /* MBEDTLS_CIPHER_MODE_OFB */ 503 504 #if defined(MBEDTLS_CIPHER_MODE_CTR) 505 /** 506 * \brief This function performs an AES-CTR encryption or decryption 507 * operation. 508 * 509 * This function performs the operation defined in the \p mode 510 * parameter (encrypt/decrypt), on the input data buffer 511 * defined in the \p input parameter. 512 * 513 * Due to the nature of CTR, you must use the same key schedule 514 * for both encryption and decryption operations. Therefore, you 515 * must use the context initialized with mbedtls_aes_setkey_enc() 516 * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 517 * 518 * \warning You must never reuse a nonce value with the same key. Doing so 519 * would void the encryption for the two messages encrypted with 520 * the same nonce and key. 521 * 522 * There are two common strategies for managing nonces with CTR: 523 * 524 * 1. You can handle everything as a single message processed over 525 * successive calls to this function. In that case, you want to 526 * set \p nonce_counter and \p nc_off to 0 for the first call, and 527 * then preserve the values of \p nonce_counter, \p nc_off and \p 528 * stream_block across calls to this function as they will be 529 * updated by this function. 530 * 531 * With this strategy, you must not encrypt more than 2**128 532 * blocks of data with the same key. 533 * 534 * 2. You can encrypt separate messages by dividing the \p 535 * nonce_counter buffer in two areas: the first one used for a 536 * per-message nonce, handled by yourself, and the second one 537 * updated by this function internally. 538 * 539 * For example, you might reserve the first 12 bytes for the 540 * per-message nonce, and the last 4 bytes for internal use. In that 541 * case, before calling this function on a new message you need to 542 * set the first 12 bytes of \p nonce_counter to your chosen nonce 543 * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p 544 * stream_block to be ignored). That way, you can encrypt at most 545 * 2**96 messages of up to 2**32 blocks each with the same key. 546 * 547 * The per-message nonce (or information sufficient to reconstruct 548 * it) needs to be communicated with the ciphertext and must be unique. 549 * The recommended way to ensure uniqueness is to use a message 550 * counter. An alternative is to generate random nonces, but this 551 * limits the number of messages that can be securely encrypted: 552 * for example, with 96-bit random nonces, you should not encrypt 553 * more than 2**32 messages with the same key. 554 * 555 * Note that for both stategies, sizes are measured in blocks and 556 * that an AES block is 16 bytes. 557 * 558 * \warning Upon return, \p stream_block contains sensitive data. Its 559 * content must not be written to insecure storage and should be 560 * securely discarded as soon as it's no longer needed. 561 * 562 * \param ctx The AES context to use for encryption or decryption. 563 * It must be initialized and bound to a key. 564 * \param length The length of the input data. 565 * \param nc_off The offset in the current \p stream_block, for 566 * resuming within the current cipher stream. The 567 * offset pointer should be 0 at the start of a stream. 568 * It must point to a valid \c size_t. 569 * \param nonce_counter The 128-bit nonce and counter. 570 * It must be a readable-writeable buffer of \c 16 Bytes. 571 * \param stream_block The saved stream block for resuming. This is 572 * overwritten by the function. 573 * It must be a readable-writeable buffer of \c 16 Bytes. 574 * \param input The buffer holding the input data. 575 * It must be readable and of size \p length Bytes. 576 * \param output The buffer holding the output data. 577 * It must be writeable and of size \p length Bytes. 578 * 579 * \return \c 0 on success. 580 */ 581 int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, 582 size_t length, 583 size_t *nc_off, 584 unsigned char nonce_counter[16], 585 unsigned char stream_block[16], 586 const unsigned char *input, 587 unsigned char *output ); 588 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 589 590 /** 591 * \brief Internal AES block encryption function. This is only 592 * exposed to allow overriding it using 593 * \c MBEDTLS_AES_ENCRYPT_ALT. 594 * 595 * \param ctx The AES context to use for encryption. 596 * \param input The plaintext block. 597 * \param output The output (ciphertext) block. 598 * 599 * \return \c 0 on success. 600 */ 601 int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, 602 const unsigned char input[16], 603 unsigned char output[16] ); 604 605 /** 606 * \brief Internal AES block decryption function. This is only 607 * exposed to allow overriding it using see 608 * \c MBEDTLS_AES_DECRYPT_ALT. 609 * 610 * \param ctx The AES context to use for decryption. 611 * \param input The ciphertext block. 612 * \param output The output (plaintext) block. 613 * 614 * \return \c 0 on success. 615 */ 616 int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, 617 const unsigned char input[16], 618 unsigned char output[16] ); 619 620 #if !defined(MBEDTLS_DEPRECATED_REMOVED) 621 #if defined(MBEDTLS_DEPRECATED_WARNING) 622 #define MBEDTLS_DEPRECATED __attribute__((deprecated)) 623 #else 624 #define MBEDTLS_DEPRECATED 625 #endif 626 /** 627 * \brief Deprecated internal AES block encryption function 628 * without return value. 629 * 630 * \deprecated Superseded by mbedtls_internal_aes_encrypt() 631 * 632 * \param ctx The AES context to use for encryption. 633 * \param input Plaintext block. 634 * \param output Output (ciphertext) block. 635 */ 636 MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, 637 const unsigned char input[16], 638 unsigned char output[16] ); 639 640 /** 641 * \brief Deprecated internal AES block decryption function 642 * without return value. 643 * 644 * \deprecated Superseded by mbedtls_internal_aes_decrypt() 645 * 646 * \param ctx The AES context to use for decryption. 647 * \param input Ciphertext block. 648 * \param output Output (plaintext) block. 649 */ 650 MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, 651 const unsigned char input[16], 652 unsigned char output[16] ); 653 654 #undef MBEDTLS_DEPRECATED 655 #endif /* !MBEDTLS_DEPRECATED_REMOVED */ 656 657 658 #if defined(MBEDTLS_SELF_TEST) 659 /** 660 * \brief Checkup routine. 661 * 662 * \return \c 0 on success. 663 * \return \c 1 on failure. 664 */ 665 int mbedtls_aes_self_test( int verbose ); 666 667 #endif /* MBEDTLS_SELF_TEST */ 668 669 #ifdef __cplusplus 670 } 671 #endif 672 673 #endif /* aes.h */ 674