1 /** 2 * \file aes.h 3 * 4 * \brief This file contains AES definitions and functions. 5 * 6 * The Advanced Encryption Standard (AES) specifies a FIPS-approved 7 * cryptographic algorithm that can be used to protect electronic 8 * data. 9 * 10 * The AES algorithm is a symmetric block cipher that can 11 * encrypt and decrypt information. For more information, see 12 * <em>FIPS Publication 197: Advanced Encryption Standard</em> and 13 * <em>ISO/IEC 18033-2:2006: Information technology -- Security 14 * techniques -- Encryption algorithms -- Part 2: Asymmetric 15 * ciphers</em>. 16 * 17 * The AES-XTS block mode is standardized by NIST SP 800-38E 18 * <https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38e.pdf> 19 * and described in detail by IEEE P1619 20 * <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>. 21 */ 22 23 /* 24 * Copyright The Mbed TLS Contributors 25 * SPDX-License-Identifier: Apache-2.0 26 * 27 * Licensed under the Apache License, Version 2.0 (the "License"); you may 28 * not use this file except in compliance with the License. 29 * You may obtain a copy of the License at 30 * 31 * http://www.apache.org/licenses/LICENSE-2.0 32 * 33 * Unless required by applicable law or agreed to in writing, software 34 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 35 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 36 * See the License for the specific language governing permissions and 37 * limitations under the License. 38 */ 39 40 #ifndef MBEDTLS_AES_H 41 #define MBEDTLS_AES_H 42 #include "mbedtls/private_access.h" 43 44 #include "mbedtls/build_info.h" 45 #include "mbedtls/platform_util.h" 46 47 #include <stddef.h> 48 #include <stdint.h> 49 50 /* padlock.c and aesni.c rely on these values! */ 51 #define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ 52 #define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ 53 54 /* Error codes in range 0x0020-0x0022 */ 55 /** Invalid key length. */ 56 #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 57 /** Invalid data input length. */ 58 #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 59 60 /* Error codes in range 0x0021-0x0025 */ 61 /** Invalid input data. */ 62 #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 63 64 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 65 !defined(inline) && !defined(__cplusplus) 66 #define inline __inline 67 #endif 68 69 #ifdef __cplusplus 70 extern "C" { 71 #endif 72 73 #if !defined(MBEDTLS_AES_ALT) 74 // Regular implementation 75 // 76 77 /** 78 * \brief The AES context-type definition. 79 */ 80 typedef struct mbedtls_aes_context 81 { 82 int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */ 83 uint32_t *MBEDTLS_PRIVATE(rk); /*!< AES round keys. */ 84 uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can 85 hold 32 extra Bytes, which can be used for 86 one of the following purposes: 87 <ul><li>Alignment if VIA padlock is 88 used.</li> 89 <li>Simplifying key expansion in the 256-bit 90 case by generating an extra round key. 91 </li></ul> */ 92 } 93 mbedtls_aes_context; 94 95 #if defined(MBEDTLS_CIPHER_MODE_XTS) 96 /** 97 * \brief The AES XTS context-type definition. 98 */ 99 typedef struct mbedtls_aes_xts_context 100 { 101 mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block 102 encryption or decryption. */ 103 mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak 104 computation. */ 105 } mbedtls_aes_xts_context; 106 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 107 108 #else /* MBEDTLS_AES_ALT */ 109 #include "aes_alt.h" 110 #endif /* MBEDTLS_AES_ALT */ 111 112 /** 113 * \brief This function initializes the specified AES context. 114 * 115 * It must be the first API called before using 116 * the context. 117 * 118 * \param ctx The AES context to initialize. This must not be \c NULL. 119 */ 120 void mbedtls_aes_init( mbedtls_aes_context *ctx ); 121 122 /** 123 * \brief This function releases and clears the specified AES context. 124 * 125 * \param ctx The AES context to clear. 126 * If this is \c NULL, this function does nothing. 127 * Otherwise, the context must have been at least initialized. 128 */ 129 void mbedtls_aes_free( mbedtls_aes_context *ctx ); 130 131 #if defined(MBEDTLS_CIPHER_MODE_XTS) 132 /** 133 * \brief This function initializes the specified AES XTS context. 134 * 135 * It must be the first API called before using 136 * the context. 137 * 138 * \param ctx The AES XTS context to initialize. This must not be \c NULL. 139 */ 140 void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ); 141 142 /** 143 * \brief This function releases and clears the specified AES XTS context. 144 * 145 * \param ctx The AES XTS context to clear. 146 * If this is \c NULL, this function does nothing. 147 * Otherwise, the context must have been at least initialized. 148 */ 149 void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); 150 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 151 152 /** 153 * \brief This function sets the encryption key. 154 * 155 * \param ctx The AES context to which the key should be bound. 156 * It must be initialized. 157 * \param key The encryption key. 158 * This must be a readable buffer of size \p keybits bits. 159 * \param keybits The size of data passed in bits. Valid options are: 160 * <ul><li>128 bits</li> 161 * <li>192 bits</li> 162 * <li>256 bits</li></ul> 163 * 164 * \return \c 0 on success. 165 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 166 */ 167 MBEDTLS_CHECK_RETURN_TYPICAL 168 int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, 169 unsigned int keybits ); 170 171 /** 172 * \brief This function sets the decryption key. 173 * 174 * \param ctx The AES context to which the key should be bound. 175 * It must be initialized. 176 * \param key The decryption key. 177 * This must be a readable buffer of size \p keybits bits. 178 * \param keybits The size of data passed. Valid options are: 179 * <ul><li>128 bits</li> 180 * <li>192 bits</li> 181 * <li>256 bits</li></ul> 182 * 183 * \return \c 0 on success. 184 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 185 */ 186 MBEDTLS_CHECK_RETURN_TYPICAL 187 int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, 188 unsigned int keybits ); 189 190 #if defined(MBEDTLS_CIPHER_MODE_XTS) 191 /** 192 * \brief This function prepares an XTS context for encryption and 193 * sets the encryption key. 194 * 195 * \param ctx The AES XTS context to which the key should be bound. 196 * It must be initialized. 197 * \param key The encryption key. This is comprised of the XTS key1 198 * concatenated with the XTS key2. 199 * This must be a readable buffer of size \p keybits bits. 200 * \param keybits The size of \p key passed in bits. Valid options are: 201 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 202 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 203 * 204 * \return \c 0 on success. 205 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 206 */ 207 MBEDTLS_CHECK_RETURN_TYPICAL 208 int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, 209 const unsigned char *key, 210 unsigned int keybits ); 211 212 /** 213 * \brief This function prepares an XTS context for decryption and 214 * sets the decryption key. 215 * 216 * \param ctx The AES XTS context to which the key should be bound. 217 * It must be initialized. 218 * \param key The decryption key. This is comprised of the XTS key1 219 * concatenated with the XTS key2. 220 * This must be a readable buffer of size \p keybits bits. 221 * \param keybits The size of \p key passed in bits. Valid options are: 222 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 223 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 224 * 225 * \return \c 0 on success. 226 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 227 */ 228 MBEDTLS_CHECK_RETURN_TYPICAL 229 int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, 230 const unsigned char *key, 231 unsigned int keybits ); 232 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 233 234 /** 235 * \brief This function performs an AES single-block encryption or 236 * decryption operation. 237 * 238 * It performs the operation defined in the \p mode parameter 239 * (encrypt or decrypt), on the input data buffer defined in 240 * the \p input parameter. 241 * 242 * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or 243 * mbedtls_aes_setkey_dec() must be called before the first 244 * call to this API with the same context. 245 * 246 * \param ctx The AES context to use for encryption or decryption. 247 * It must be initialized and bound to a key. 248 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 249 * #MBEDTLS_AES_DECRYPT. 250 * \param input The buffer holding the input data. 251 * It must be readable and at least \c 16 Bytes long. 252 * \param output The buffer where the output data will be written. 253 * It must be writeable and at least \c 16 Bytes long. 254 255 * \return \c 0 on success. 256 */ 257 MBEDTLS_CHECK_RETURN_TYPICAL 258 int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, 259 int mode, 260 const unsigned char input[16], 261 unsigned char output[16] ); 262 263 #if defined(MBEDTLS_CIPHER_MODE_CBC) 264 /** 265 * \brief This function performs an AES-CBC encryption or decryption operation 266 * on full blocks. 267 * 268 * It performs the operation defined in the \p mode 269 * parameter (encrypt/decrypt), on the input data buffer defined in 270 * the \p input parameter. 271 * 272 * It can be called as many times as needed, until all the input 273 * data is processed. mbedtls_aes_init(), and either 274 * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called 275 * before the first call to this API with the same context. 276 * 277 * \note This function operates on full blocks, that is, the input size 278 * must be a multiple of the AES block size of \c 16 Bytes. 279 * 280 * \note Upon exit, the content of the IV is updated so that you can 281 * call the same function again on the next 282 * block(s) of data and get the same result as if it was 283 * encrypted in one call. This allows a "streaming" usage. 284 * If you need to retain the contents of the IV, you should 285 * either save it manually or use the cipher module instead. 286 * 287 * 288 * \param ctx The AES context to use for encryption or decryption. 289 * It must be initialized and bound to a key. 290 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 291 * #MBEDTLS_AES_DECRYPT. 292 * \param length The length of the input data in Bytes. This must be a 293 * multiple of the block size (\c 16 Bytes). 294 * \param iv Initialization vector (updated after use). 295 * It must be a readable and writeable buffer of \c 16 Bytes. 296 * \param input The buffer holding the input data. 297 * It must be readable and of size \p length Bytes. 298 * \param output The buffer holding the output data. 299 * It must be writeable and of size \p length Bytes. 300 * 301 * \return \c 0 on success. 302 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH 303 * on failure. 304 */ 305 MBEDTLS_CHECK_RETURN_TYPICAL 306 int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, 307 int mode, 308 size_t length, 309 unsigned char iv[16], 310 const unsigned char *input, 311 unsigned char *output ); 312 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 313 314 #if defined(MBEDTLS_CIPHER_MODE_XTS) 315 /** 316 * \brief This function performs an AES-XTS encryption or decryption 317 * operation for an entire XTS data unit. 318 * 319 * AES-XTS encrypts or decrypts blocks based on their location as 320 * defined by a data unit number. The data unit number must be 321 * provided by \p data_unit. 322 * 323 * NIST SP 800-38E limits the maximum size of a data unit to 2^20 324 * AES blocks. If the data unit is larger than this, this function 325 * returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH. 326 * 327 * \param ctx The AES XTS context to use for AES XTS operations. 328 * It must be initialized and bound to a key. 329 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 330 * #MBEDTLS_AES_DECRYPT. 331 * \param length The length of a data unit in Bytes. This can be any 332 * length between 16 bytes and 2^24 bytes inclusive 333 * (between 1 and 2^20 block cipher blocks). 334 * \param data_unit The address of the data unit encoded as an array of 16 335 * bytes in little-endian format. For disk encryption, this 336 * is typically the index of the block device sector that 337 * contains the data. 338 * \param input The buffer holding the input data (which is an entire 339 * data unit). This function reads \p length Bytes from \p 340 * input. 341 * \param output The buffer holding the output data (which is an entire 342 * data unit). This function writes \p length Bytes to \p 343 * output. 344 * 345 * \return \c 0 on success. 346 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is 347 * smaller than an AES block in size (16 Bytes) or if \p 348 * length is larger than 2^20 blocks (16 MiB). 349 */ 350 MBEDTLS_CHECK_RETURN_TYPICAL 351 int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, 352 int mode, 353 size_t length, 354 const unsigned char data_unit[16], 355 const unsigned char *input, 356 unsigned char *output ); 357 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 358 359 #if defined(MBEDTLS_CIPHER_MODE_CFB) 360 /** 361 * \brief This function performs an AES-CFB128 encryption or decryption 362 * operation. 363 * 364 * It performs the operation defined in the \p mode 365 * parameter (encrypt or decrypt), on the input data buffer 366 * defined in the \p input parameter. 367 * 368 * For CFB, you must set up the context with mbedtls_aes_setkey_enc(), 369 * regardless of whether you are performing an encryption or decryption 370 * operation, that is, regardless of the \p mode parameter. This is 371 * because CFB mode uses the same key schedule for encryption and 372 * decryption. 373 * 374 * \note Upon exit, the content of the IV is updated so that you can 375 * call the same function again on the next 376 * block(s) of data and get the same result as if it was 377 * encrypted in one call. This allows a "streaming" usage. 378 * If you need to retain the contents of the 379 * IV, you must either save it manually or use the cipher 380 * module instead. 381 * 382 * 383 * \param ctx The AES context to use for encryption or decryption. 384 * It must be initialized and bound to a key. 385 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 386 * #MBEDTLS_AES_DECRYPT. 387 * \param length The length of the input data in Bytes. 388 * \param iv_off The offset in IV (updated after use). 389 * It must point to a valid \c size_t. 390 * \param iv The initialization vector (updated after use). 391 * It must be a readable and writeable buffer of \c 16 Bytes. 392 * \param input The buffer holding the input data. 393 * It must be readable and of size \p length Bytes. 394 * \param output The buffer holding the output data. 395 * It must be writeable and of size \p length Bytes. 396 * 397 * \return \c 0 on success. 398 */ 399 MBEDTLS_CHECK_RETURN_TYPICAL 400 int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, 401 int mode, 402 size_t length, 403 size_t *iv_off, 404 unsigned char iv[16], 405 const unsigned char *input, 406 unsigned char *output ); 407 408 /** 409 * \brief This function performs an AES-CFB8 encryption or decryption 410 * operation. 411 * 412 * It performs the operation defined in the \p mode 413 * parameter (encrypt/decrypt), on the input data buffer defined 414 * in the \p input parameter. 415 * 416 * Due to the nature of CFB, you must use the same key schedule for 417 * both encryption and decryption operations. Therefore, you must 418 * use the context initialized with mbedtls_aes_setkey_enc() for 419 * both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 420 * 421 * \note Upon exit, the content of the IV is updated so that you can 422 * call the same function again on the next 423 * block(s) of data and get the same result as if it was 424 * encrypted in one call. This allows a "streaming" usage. 425 * If you need to retain the contents of the 426 * IV, you should either save it manually or use the cipher 427 * module instead. 428 * 429 * 430 * \param ctx The AES context to use for encryption or decryption. 431 * It must be initialized and bound to a key. 432 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 433 * #MBEDTLS_AES_DECRYPT 434 * \param length The length of the input data. 435 * \param iv The initialization vector (updated after use). 436 * It must be a readable and writeable buffer of \c 16 Bytes. 437 * \param input The buffer holding the input data. 438 * It must be readable and of size \p length Bytes. 439 * \param output The buffer holding the output data. 440 * It must be writeable and of size \p length Bytes. 441 * 442 * \return \c 0 on success. 443 */ 444 MBEDTLS_CHECK_RETURN_TYPICAL 445 int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, 446 int mode, 447 size_t length, 448 unsigned char iv[16], 449 const unsigned char *input, 450 unsigned char *output ); 451 #endif /*MBEDTLS_CIPHER_MODE_CFB */ 452 453 #if defined(MBEDTLS_CIPHER_MODE_OFB) 454 /** 455 * \brief This function performs an AES-OFB (Output Feedback Mode) 456 * encryption or decryption operation. 457 * 458 * For OFB, you must set up the context with 459 * mbedtls_aes_setkey_enc(), regardless of whether you are 460 * performing an encryption or decryption operation. This is 461 * because OFB mode uses the same key schedule for encryption and 462 * decryption. 463 * 464 * The OFB operation is identical for encryption or decryption, 465 * therefore no operation mode needs to be specified. 466 * 467 * \note Upon exit, the content of iv, the Initialisation Vector, is 468 * updated so that you can call the same function again on the next 469 * block(s) of data and get the same result as if it was encrypted 470 * in one call. This allows a "streaming" usage, by initialising 471 * iv_off to 0 before the first call, and preserving its value 472 * between calls. 473 * 474 * For non-streaming use, the iv should be initialised on each call 475 * to a unique value, and iv_off set to 0 on each call. 476 * 477 * If you need to retain the contents of the initialisation vector, 478 * you must either save it manually or use the cipher module 479 * instead. 480 * 481 * \warning For the OFB mode, the initialisation vector must be unique 482 * every encryption operation. Reuse of an initialisation vector 483 * will compromise security. 484 * 485 * \param ctx The AES context to use for encryption or decryption. 486 * It must be initialized and bound to a key. 487 * \param length The length of the input data. 488 * \param iv_off The offset in IV (updated after use). 489 * It must point to a valid \c size_t. 490 * \param iv The initialization vector (updated after use). 491 * It must be a readable and writeable buffer of \c 16 Bytes. 492 * \param input The buffer holding the input data. 493 * It must be readable and of size \p length Bytes. 494 * \param output The buffer holding the output data. 495 * It must be writeable and of size \p length Bytes. 496 * 497 * \return \c 0 on success. 498 */ 499 MBEDTLS_CHECK_RETURN_TYPICAL 500 int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, 501 size_t length, 502 size_t *iv_off, 503 unsigned char iv[16], 504 const unsigned char *input, 505 unsigned char *output ); 506 507 #endif /* MBEDTLS_CIPHER_MODE_OFB */ 508 509 #if defined(MBEDTLS_CIPHER_MODE_CTR) 510 /** 511 * \brief This function performs an AES-CTR encryption or decryption 512 * operation. 513 * 514 * Due to the nature of CTR, you must use the same key schedule 515 * for both encryption and decryption operations. Therefore, you 516 * must use the context initialized with mbedtls_aes_setkey_enc() 517 * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 518 * 519 * \warning You must never reuse a nonce value with the same key. Doing so 520 * would void the encryption for the two messages encrypted with 521 * the same nonce and key. 522 * 523 * There are two common strategies for managing nonces with CTR: 524 * 525 * 1. You can handle everything as a single message processed over 526 * successive calls to this function. In that case, you want to 527 * set \p nonce_counter and \p nc_off to 0 for the first call, and 528 * then preserve the values of \p nonce_counter, \p nc_off and \p 529 * stream_block across calls to this function as they will be 530 * updated by this function. 531 * 532 * With this strategy, you must not encrypt more than 2**128 533 * blocks of data with the same key. 534 * 535 * 2. You can encrypt separate messages by dividing the \p 536 * nonce_counter buffer in two areas: the first one used for a 537 * per-message nonce, handled by yourself, and the second one 538 * updated by this function internally. 539 * 540 * For example, you might reserve the first 12 bytes for the 541 * per-message nonce, and the last 4 bytes for internal use. In that 542 * case, before calling this function on a new message you need to 543 * set the first 12 bytes of \p nonce_counter to your chosen nonce 544 * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p 545 * stream_block to be ignored). That way, you can encrypt at most 546 * 2**96 messages of up to 2**32 blocks each with the same key. 547 * 548 * The per-message nonce (or information sufficient to reconstruct 549 * it) needs to be communicated with the ciphertext and must be unique. 550 * The recommended way to ensure uniqueness is to use a message 551 * counter. An alternative is to generate random nonces, but this 552 * limits the number of messages that can be securely encrypted: 553 * for example, with 96-bit random nonces, you should not encrypt 554 * more than 2**32 messages with the same key. 555 * 556 * Note that for both stategies, sizes are measured in blocks and 557 * that an AES block is 16 bytes. 558 * 559 * \warning Upon return, \p stream_block contains sensitive data. Its 560 * content must not be written to insecure storage and should be 561 * securely discarded as soon as it's no longer needed. 562 * 563 * \param ctx The AES context to use for encryption or decryption. 564 * It must be initialized and bound to a key. 565 * \param length The length of the input data. 566 * \param nc_off The offset in the current \p stream_block, for 567 * resuming within the current cipher stream. The 568 * offset pointer should be 0 at the start of a stream. 569 * It must point to a valid \c size_t. 570 * \param nonce_counter The 128-bit nonce and counter. 571 * It must be a readable-writeable buffer of \c 16 Bytes. 572 * \param stream_block The saved stream block for resuming. This is 573 * overwritten by the function. 574 * It must be a readable-writeable buffer of \c 16 Bytes. 575 * \param input The buffer holding the input data. 576 * It must be readable and of size \p length Bytes. 577 * \param output The buffer holding the output data. 578 * It must be writeable and of size \p length Bytes. 579 * 580 * \return \c 0 on success. 581 */ 582 MBEDTLS_CHECK_RETURN_TYPICAL 583 int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, 584 size_t length, 585 size_t *nc_off, 586 unsigned char nonce_counter[16], 587 unsigned char stream_block[16], 588 const unsigned char *input, 589 unsigned char *output ); 590 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 591 592 /** 593 * \brief Internal AES block encryption function. This is only 594 * exposed to allow overriding it using 595 * \c MBEDTLS_AES_ENCRYPT_ALT. 596 * 597 * \param ctx The AES context to use for encryption. 598 * \param input The plaintext block. 599 * \param output The output (ciphertext) block. 600 * 601 * \return \c 0 on success. 602 */ 603 MBEDTLS_CHECK_RETURN_TYPICAL 604 int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, 605 const unsigned char input[16], 606 unsigned char output[16] ); 607 608 /** 609 * \brief Internal AES block decryption function. This is only 610 * exposed to allow overriding it using see 611 * \c MBEDTLS_AES_DECRYPT_ALT. 612 * 613 * \param ctx The AES context to use for decryption. 614 * \param input The ciphertext block. 615 * \param output The output (plaintext) block. 616 * 617 * \return \c 0 on success. 618 */ 619 MBEDTLS_CHECK_RETURN_TYPICAL 620 int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, 621 const unsigned char input[16], 622 unsigned char output[16] ); 623 624 #if defined(MBEDTLS_SELF_TEST) 625 /** 626 * \brief Checkup routine. 627 * 628 * \return \c 0 on success. 629 * \return \c 1 on failure. 630 */ 631 MBEDTLS_CHECK_RETURN_CRITICAL 632 int mbedtls_aes_self_test( int verbose ); 633 634 #endif /* MBEDTLS_SELF_TEST */ 635 636 #ifdef __cplusplus 637 } 638 #endif 639 640 #endif /* aes.h */ 641