1 /** 2 * \file aes.h 3 * 4 * \brief This file contains AES definitions and functions. 5 * 6 * The Advanced Encryption Standard (AES) specifies a FIPS-approved 7 * cryptographic algorithm that can be used to protect electronic 8 * data. 9 * 10 * The AES algorithm is a symmetric block cipher that can 11 * encrypt and decrypt information. For more information, see 12 * <em>FIPS Publication 197: Advanced Encryption Standard</em> and 13 * <em>ISO/IEC 18033-2:2006: Information technology -- Security 14 * techniques -- Encryption algorithms -- Part 2: Asymmetric 15 * ciphers</em>. 16 * 17 * The AES-XTS block mode is standardized by NIST SP 800-38E 18 * <https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38e.pdf> 19 * and described in detail by IEEE P1619 20 * <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>. 21 */ 22 23 /* 24 * Copyright The Mbed TLS Contributors 25 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 26 */ 27 28 #ifndef MBEDTLS_AES_H 29 #define MBEDTLS_AES_H 30 31 #if !defined(MBEDTLS_CONFIG_FILE) 32 #include "mbedtls/config.h" 33 #else 34 #include MBEDTLS_CONFIG_FILE 35 #endif 36 #include "mbedtls/platform_util.h" 37 38 #include <stddef.h> 39 #include <stdint.h> 40 41 /* padlock.c and aesni.c rely on these values! */ 42 #define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ 43 #define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ 44 45 /* Error codes in range 0x0020-0x0022 */ 46 /** Invalid key length. */ 47 #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 48 /** Invalid data input length. */ 49 #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 50 51 /* Error codes in range 0x0021-0x0025 */ 52 /** Invalid input data. */ 53 #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 54 55 /* MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE is deprecated and should not be used. */ 56 /** Feature not available. For example, an unsupported AES key size. */ 57 #define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 58 59 /* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */ 60 /** AES hardware accelerator failed. */ 61 #define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 62 63 #if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \ 64 !defined(inline) && !defined(__cplusplus) 65 #define inline __inline 66 #endif 67 68 #ifdef __cplusplus 69 extern "C" { 70 #endif 71 72 #if !defined(MBEDTLS_AES_ALT) 73 // Regular implementation 74 // 75 76 /** 77 * \brief The AES context-type definition. 78 */ 79 typedef struct mbedtls_aes_context { 80 int nr; /*!< The number of rounds. */ 81 uint32_t *rk; /*!< AES round keys. */ 82 uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can 83 hold 32 extra Bytes, which can be used for 84 one of the following purposes: 85 <ul><li>Alignment if VIA padlock is 86 used.</li> 87 <li>Simplifying key expansion in the 256-bit 88 case by generating an extra round key. 89 </li></ul> */ 90 } 91 mbedtls_aes_context; 92 93 #if defined(MBEDTLS_CIPHER_MODE_XTS) 94 /** 95 * \brief The AES XTS context-type definition. 96 */ 97 typedef struct mbedtls_aes_xts_context { 98 mbedtls_aes_context crypt; /*!< The AES context to use for AES block 99 encryption or decryption. */ 100 mbedtls_aes_context tweak; /*!< The AES context used for tweak 101 computation. */ 102 } mbedtls_aes_xts_context; 103 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 104 105 #else /* MBEDTLS_AES_ALT */ 106 #include "aes_alt.h" 107 #endif /* MBEDTLS_AES_ALT */ 108 109 /** 110 * \brief This function initializes the specified AES context. 111 * 112 * It must be the first API called before using 113 * the context. 114 * 115 * \param ctx The AES context to initialize. This must not be \c NULL. 116 */ 117 void mbedtls_aes_init(mbedtls_aes_context *ctx); 118 119 /** 120 * \brief This function releases and clears the specified AES context. 121 * 122 * \param ctx The AES context to clear. 123 * If this is \c NULL, this function does nothing. 124 * Otherwise, the context must have been at least initialized. 125 */ 126 void mbedtls_aes_free(mbedtls_aes_context *ctx); 127 128 #if defined(MBEDTLS_CIPHER_MODE_XTS) 129 /** 130 * \brief This function initializes the specified AES XTS context. 131 * 132 * It must be the first API called before using 133 * the context. 134 * 135 * \param ctx The AES XTS context to initialize. This must not be \c NULL. 136 */ 137 void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx); 138 139 /** 140 * \brief This function releases and clears the specified AES XTS context. 141 * 142 * \param ctx The AES XTS context to clear. 143 * If this is \c NULL, this function does nothing. 144 * Otherwise, the context must have been at least initialized. 145 */ 146 void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx); 147 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 148 149 /** 150 * \brief This function sets the encryption key. 151 * 152 * \param ctx The AES context to which the key should be bound. 153 * It must be initialized. 154 * \param key The encryption key. 155 * This must be a readable buffer of size \p keybits bits. 156 * \param keybits The size of data passed in bits. Valid options are: 157 * <ul><li>128 bits</li> 158 * <li>192 bits</li> 159 * <li>256 bits</li></ul> 160 * 161 * \return \c 0 on success. 162 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 163 */ 164 MBEDTLS_CHECK_RETURN_TYPICAL 165 int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, 166 unsigned int keybits); 167 168 /** 169 * \brief This function sets the decryption key. 170 * 171 * \param ctx The AES context to which the key should be bound. 172 * It must be initialized. 173 * \param key The decryption key. 174 * This must be a readable buffer of size \p keybits bits. 175 * \param keybits The size of data passed. Valid options are: 176 * <ul><li>128 bits</li> 177 * <li>192 bits</li> 178 * <li>256 bits</li></ul> 179 * 180 * \return \c 0 on success. 181 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 182 */ 183 MBEDTLS_CHECK_RETURN_TYPICAL 184 int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, 185 unsigned int keybits); 186 187 #if defined(MBEDTLS_CIPHER_MODE_XTS) 188 /** 189 * \brief This function prepares an XTS context for encryption and 190 * sets the encryption key. 191 * 192 * \param ctx The AES XTS context to which the key should be bound. 193 * It must be initialized. 194 * \param key The encryption key. This is comprised of the XTS key1 195 * concatenated with the XTS key2. 196 * This must be a readable buffer of size \p keybits bits. 197 * \param keybits The size of \p key passed in bits. Valid options are: 198 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 199 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 200 * 201 * \return \c 0 on success. 202 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 203 */ 204 MBEDTLS_CHECK_RETURN_TYPICAL 205 int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx, 206 const unsigned char *key, 207 unsigned int keybits); 208 209 /** 210 * \brief This function prepares an XTS context for decryption and 211 * sets the decryption key. 212 * 213 * \param ctx The AES XTS context to which the key should be bound. 214 * It must be initialized. 215 * \param key The decryption key. This is comprised of the XTS key1 216 * concatenated with the XTS key2. 217 * This must be a readable buffer of size \p keybits bits. 218 * \param keybits The size of \p key passed in bits. Valid options are: 219 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 220 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 221 * 222 * \return \c 0 on success. 223 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 224 */ 225 MBEDTLS_CHECK_RETURN_TYPICAL 226 int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx, 227 const unsigned char *key, 228 unsigned int keybits); 229 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 230 231 /** 232 * \brief This function performs an AES single-block encryption or 233 * decryption operation. 234 * 235 * It performs the operation defined in the \p mode parameter 236 * (encrypt or decrypt), on the input data buffer defined in 237 * the \p input parameter. 238 * 239 * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or 240 * mbedtls_aes_setkey_dec() must be called before the first 241 * call to this API with the same context. 242 * 243 * \param ctx The AES context to use for encryption or decryption. 244 * It must be initialized and bound to a key. 245 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 246 * #MBEDTLS_AES_DECRYPT. 247 * \param input The buffer holding the input data. 248 * It must be readable and at least \c 16 Bytes long. 249 * \param output The buffer where the output data will be written. 250 * It must be writeable and at least \c 16 Bytes long. 251 252 * \return \c 0 on success. 253 */ 254 MBEDTLS_CHECK_RETURN_TYPICAL 255 int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, 256 int mode, 257 const unsigned char input[16], 258 unsigned char output[16]); 259 260 #if defined(MBEDTLS_CIPHER_MODE_CBC) 261 /** 262 * \brief This function performs an AES-CBC encryption or decryption operation 263 * on full blocks. 264 * 265 * It performs the operation defined in the \p mode 266 * parameter (encrypt/decrypt), on the input data buffer defined in 267 * the \p input parameter. 268 * 269 * It can be called as many times as needed, until all the input 270 * data is processed. mbedtls_aes_init(), and either 271 * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called 272 * before the first call to this API with the same context. 273 * 274 * \note This function operates on full blocks, that is, the input size 275 * must be a multiple of the AES block size of \c 16 Bytes. 276 * 277 * \note Upon exit, the content of the IV is updated so that you can 278 * call the same function again on the next 279 * block(s) of data and get the same result as if it was 280 * encrypted in one call. This allows a "streaming" usage. 281 * If you need to retain the contents of the IV, you should 282 * either save it manually or use the cipher module instead. 283 * 284 * 285 * \param ctx The AES context to use for encryption or decryption. 286 * It must be initialized and bound to a key. 287 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 288 * #MBEDTLS_AES_DECRYPT. 289 * \param length The length of the input data in Bytes. This must be a 290 * multiple of the block size (\c 16 Bytes). 291 * \param iv Initialization vector (updated after use). 292 * It must be a readable and writeable buffer of \c 16 Bytes. 293 * \param input The buffer holding the input data. 294 * It must be readable and of size \p length Bytes. 295 * \param output The buffer holding the output data. 296 * It must be writeable and of size \p length Bytes. 297 * 298 * \return \c 0 on success. 299 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH 300 * on failure. 301 */ 302 MBEDTLS_CHECK_RETURN_TYPICAL 303 int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, 304 int mode, 305 size_t length, 306 unsigned char iv[16], 307 const unsigned char *input, 308 unsigned char *output); 309 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 310 311 #if defined(MBEDTLS_CIPHER_MODE_XTS) 312 /** 313 * \brief This function performs an AES-XTS encryption or decryption 314 * operation for an entire XTS data unit. 315 * 316 * AES-XTS encrypts or decrypts blocks based on their location as 317 * defined by a data unit number. The data unit number must be 318 * provided by \p data_unit. 319 * 320 * NIST SP 800-38E limits the maximum size of a data unit to 2^20 321 * AES blocks. If the data unit is larger than this, this function 322 * returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH. 323 * 324 * \param ctx The AES XTS context to use for AES XTS operations. 325 * It must be initialized and bound to a key. 326 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 327 * #MBEDTLS_AES_DECRYPT. 328 * \param length The length of a data unit in Bytes. This can be any 329 * length between 16 bytes and 2^24 bytes inclusive 330 * (between 1 and 2^20 block cipher blocks). 331 * \param data_unit The address of the data unit encoded as an array of 16 332 * bytes in little-endian format. For disk encryption, this 333 * is typically the index of the block device sector that 334 * contains the data. 335 * \param input The buffer holding the input data (which is an entire 336 * data unit). This function reads \p length Bytes from \p 337 * input. 338 * \param output The buffer holding the output data (which is an entire 339 * data unit). This function writes \p length Bytes to \p 340 * output. 341 * 342 * \return \c 0 on success. 343 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is 344 * smaller than an AES block in size (16 Bytes) or if \p 345 * length is larger than 2^20 blocks (16 MiB). 346 */ 347 MBEDTLS_CHECK_RETURN_TYPICAL 348 int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx, 349 int mode, 350 size_t length, 351 const unsigned char data_unit[16], 352 const unsigned char *input, 353 unsigned char *output); 354 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 355 356 #if defined(MBEDTLS_CIPHER_MODE_CFB) 357 /** 358 * \brief This function performs an AES-CFB128 encryption or decryption 359 * operation. 360 * 361 * It performs the operation defined in the \p mode 362 * parameter (encrypt or decrypt), on the input data buffer 363 * defined in the \p input parameter. 364 * 365 * For CFB, you must set up the context with mbedtls_aes_setkey_enc(), 366 * regardless of whether you are performing an encryption or decryption 367 * operation, that is, regardless of the \p mode parameter. This is 368 * because CFB mode uses the same key schedule for encryption and 369 * decryption. 370 * 371 * \note Upon exit, the content of the IV is updated so that you can 372 * call the same function again on the next 373 * block(s) of data and get the same result as if it was 374 * encrypted in one call. This allows a "streaming" usage. 375 * If you need to retain the contents of the 376 * IV, you must either save it manually or use the cipher 377 * module instead. 378 * 379 * 380 * \param ctx The AES context to use for encryption or decryption. 381 * It must be initialized and bound to a key. 382 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 383 * #MBEDTLS_AES_DECRYPT. 384 * \param length The length of the input data in Bytes. 385 * \param iv_off The offset in IV (updated after use). 386 * It must point to a valid \c size_t. 387 * \param iv The initialization vector (updated after use). 388 * It must be a readable and writeable buffer of \c 16 Bytes. 389 * \param input The buffer holding the input data. 390 * It must be readable and of size \p length Bytes. 391 * \param output The buffer holding the output data. 392 * It must be writeable and of size \p length Bytes. 393 * 394 * \return \c 0 on success. 395 */ 396 MBEDTLS_CHECK_RETURN_TYPICAL 397 int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx, 398 int mode, 399 size_t length, 400 size_t *iv_off, 401 unsigned char iv[16], 402 const unsigned char *input, 403 unsigned char *output); 404 405 /** 406 * \brief This function performs an AES-CFB8 encryption or decryption 407 * operation. 408 * 409 * It performs the operation defined in the \p mode 410 * parameter (encrypt/decrypt), on the input data buffer defined 411 * in the \p input parameter. 412 * 413 * Due to the nature of CFB, you must use the same key schedule for 414 * both encryption and decryption operations. Therefore, you must 415 * use the context initialized with mbedtls_aes_setkey_enc() for 416 * both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 417 * 418 * \note Upon exit, the content of the IV is updated so that you can 419 * call the same function again on the next 420 * block(s) of data and get the same result as if it was 421 * encrypted in one call. This allows a "streaming" usage. 422 * If you need to retain the contents of the 423 * IV, you should either save it manually or use the cipher 424 * module instead. 425 * 426 * 427 * \param ctx The AES context to use for encryption or decryption. 428 * It must be initialized and bound to a key. 429 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 430 * #MBEDTLS_AES_DECRYPT 431 * \param length The length of the input data. 432 * \param iv The initialization vector (updated after use). 433 * It must be a readable and writeable buffer of \c 16 Bytes. 434 * \param input The buffer holding the input data. 435 * It must be readable and of size \p length Bytes. 436 * \param output The buffer holding the output data. 437 * It must be writeable and of size \p length Bytes. 438 * 439 * \return \c 0 on success. 440 */ 441 MBEDTLS_CHECK_RETURN_TYPICAL 442 int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx, 443 int mode, 444 size_t length, 445 unsigned char iv[16], 446 const unsigned char *input, 447 unsigned char *output); 448 #endif /*MBEDTLS_CIPHER_MODE_CFB */ 449 450 #if defined(MBEDTLS_CIPHER_MODE_OFB) 451 /** 452 * \brief This function performs an AES-OFB (Output Feedback Mode) 453 * encryption or decryption operation. 454 * 455 * For OFB, you must set up the context with 456 * mbedtls_aes_setkey_enc(), regardless of whether you are 457 * performing an encryption or decryption operation. This is 458 * because OFB mode uses the same key schedule for encryption and 459 * decryption. 460 * 461 * The OFB operation is identical for encryption or decryption, 462 * therefore no operation mode needs to be specified. 463 * 464 * \note Upon exit, the content of iv, the Initialisation Vector, is 465 * updated so that you can call the same function again on the next 466 * block(s) of data and get the same result as if it was encrypted 467 * in one call. This allows a "streaming" usage, by initialising 468 * iv_off to 0 before the first call, and preserving its value 469 * between calls. 470 * 471 * For non-streaming use, the iv should be initialised on each call 472 * to a unique value, and iv_off set to 0 on each call. 473 * 474 * If you need to retain the contents of the initialisation vector, 475 * you must either save it manually or use the cipher module 476 * instead. 477 * 478 * \warning For the OFB mode, the initialisation vector must be unique 479 * every encryption operation. Reuse of an initialisation vector 480 * will compromise security. 481 * 482 * \param ctx The AES context to use for encryption or decryption. 483 * It must be initialized and bound to a key. 484 * \param length The length of the input data. 485 * \param iv_off The offset in IV (updated after use). 486 * It must point to a valid \c size_t. 487 * \param iv The initialization vector (updated after use). 488 * It must be a readable and writeable buffer of \c 16 Bytes. 489 * \param input The buffer holding the input data. 490 * It must be readable and of size \p length Bytes. 491 * \param output The buffer holding the output data. 492 * It must be writeable and of size \p length Bytes. 493 * 494 * \return \c 0 on success. 495 */ 496 MBEDTLS_CHECK_RETURN_TYPICAL 497 int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx, 498 size_t length, 499 size_t *iv_off, 500 unsigned char iv[16], 501 const unsigned char *input, 502 unsigned char *output); 503 504 #endif /* MBEDTLS_CIPHER_MODE_OFB */ 505 506 #if defined(MBEDTLS_CIPHER_MODE_CTR) 507 /** 508 * \brief This function performs an AES-CTR encryption or decryption 509 * operation. 510 * 511 * Due to the nature of CTR, you must use the same key schedule 512 * for both encryption and decryption operations. Therefore, you 513 * must use the context initialized with mbedtls_aes_setkey_enc() 514 * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 515 * 516 * \warning You must never reuse a nonce value with the same key. Doing so 517 * would void the encryption for the two messages encrypted with 518 * the same nonce and key. 519 * 520 * There are two common strategies for managing nonces with CTR: 521 * 522 * 1. You can handle everything as a single message processed over 523 * successive calls to this function. In that case, you want to 524 * set \p nonce_counter and \p nc_off to 0 for the first call, and 525 * then preserve the values of \p nonce_counter, \p nc_off and \p 526 * stream_block across calls to this function as they will be 527 * updated by this function. 528 * 529 * With this strategy, you must not encrypt more than 2**128 530 * blocks of data with the same key. 531 * 532 * 2. You can encrypt separate messages by dividing the \p 533 * nonce_counter buffer in two areas: the first one used for a 534 * per-message nonce, handled by yourself, and the second one 535 * updated by this function internally. 536 * 537 * For example, you might reserve the first 12 bytes for the 538 * per-message nonce, and the last 4 bytes for internal use. In that 539 * case, before calling this function on a new message you need to 540 * set the first 12 bytes of \p nonce_counter to your chosen nonce 541 * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p 542 * stream_block to be ignored). That way, you can encrypt at most 543 * 2**96 messages of up to 2**32 blocks each with the same key. 544 * 545 * The per-message nonce (or information sufficient to reconstruct 546 * it) needs to be communicated with the ciphertext and must be unique. 547 * The recommended way to ensure uniqueness is to use a message 548 * counter. An alternative is to generate random nonces, but this 549 * limits the number of messages that can be securely encrypted: 550 * for example, with 96-bit random nonces, you should not encrypt 551 * more than 2**32 messages with the same key. 552 * 553 * Note that for both strategies, sizes are measured in blocks and 554 * that an AES block is 16 bytes. 555 * 556 * \warning Upon return, \p stream_block contains sensitive data. Its 557 * content must not be written to insecure storage and should be 558 * securely discarded as soon as it's no longer needed. 559 * 560 * \param ctx The AES context to use for encryption or decryption. 561 * It must be initialized and bound to a key. 562 * \param length The length of the input data. 563 * \param nc_off The offset in the current \p stream_block, for 564 * resuming within the current cipher stream. The 565 * offset pointer should be 0 at the start of a stream. 566 * It must point to a valid \c size_t. 567 * \param nonce_counter The 128-bit nonce and counter. 568 * It must be a readable-writeable buffer of \c 16 Bytes. 569 * \param stream_block The saved stream block for resuming. This is 570 * overwritten by the function. 571 * It must be a readable-writeable buffer of \c 16 Bytes. 572 * \param input The buffer holding the input data. 573 * It must be readable and of size \p length Bytes. 574 * \param output The buffer holding the output data. 575 * It must be writeable and of size \p length Bytes. 576 * 577 * \return \c 0 on success. 578 */ 579 MBEDTLS_CHECK_RETURN_TYPICAL 580 int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, 581 size_t length, 582 size_t *nc_off, 583 unsigned char nonce_counter[16], 584 unsigned char stream_block[16], 585 const unsigned char *input, 586 unsigned char *output); 587 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 588 589 /** 590 * \brief Internal AES block encryption function. This is only 591 * exposed to allow overriding it using 592 * \c MBEDTLS_AES_ENCRYPT_ALT. 593 * 594 * \param ctx The AES context to use for encryption. 595 * \param input The plaintext block. 596 * \param output The output (ciphertext) block. 597 * 598 * \return \c 0 on success. 599 */ 600 MBEDTLS_CHECK_RETURN_TYPICAL 601 int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, 602 const unsigned char input[16], 603 unsigned char output[16]); 604 605 /** 606 * \brief Internal AES block decryption function. This is only 607 * exposed to allow overriding it using see 608 * \c MBEDTLS_AES_DECRYPT_ALT. 609 * 610 * \param ctx The AES context to use for decryption. 611 * \param input The ciphertext block. 612 * \param output The output (plaintext) block. 613 * 614 * \return \c 0 on success. 615 */ 616 MBEDTLS_CHECK_RETURN_TYPICAL 617 int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, 618 const unsigned char input[16], 619 unsigned char output[16]); 620 621 #if !defined(MBEDTLS_DEPRECATED_REMOVED) 622 #if defined(MBEDTLS_DEPRECATED_WARNING) 623 #define MBEDTLS_DEPRECATED __attribute__((deprecated)) 624 #else 625 #define MBEDTLS_DEPRECATED 626 #endif 627 /** 628 * \brief Deprecated internal AES block encryption function 629 * without return value. 630 * 631 * \deprecated Superseded by mbedtls_internal_aes_encrypt() 632 * 633 * \param ctx The AES context to use for encryption. 634 * \param input Plaintext block. 635 * \param output Output (ciphertext) block. 636 */ 637 MBEDTLS_DEPRECATED void mbedtls_aes_encrypt(mbedtls_aes_context *ctx, 638 const unsigned char input[16], 639 unsigned char output[16]); 640 641 /** 642 * \brief Deprecated internal AES block decryption function 643 * without return value. 644 * 645 * \deprecated Superseded by mbedtls_internal_aes_decrypt() 646 * 647 * \param ctx The AES context to use for decryption. 648 * \param input Ciphertext block. 649 * \param output Output (plaintext) block. 650 */ 651 MBEDTLS_DEPRECATED void mbedtls_aes_decrypt(mbedtls_aes_context *ctx, 652 const unsigned char input[16], 653 unsigned char output[16]); 654 655 #undef MBEDTLS_DEPRECATED 656 #endif /* !MBEDTLS_DEPRECATED_REMOVED */ 657 658 659 #if defined(MBEDTLS_SELF_TEST) 660 /** 661 * \brief Checkup routine. 662 * 663 * \return \c 0 on success. 664 * \return \c 1 on failure. 665 */ 666 MBEDTLS_CHECK_RETURN_CRITICAL 667 int mbedtls_aes_self_test(int verbose); 668 669 #endif /* MBEDTLS_SELF_TEST */ 670 671 #ifdef __cplusplus 672 } 673 #endif 674 675 #endif /* aes.h */ 676