1 /** 2 * \file aes.h 3 * 4 * \brief This file contains AES definitions and functions. 5 * 6 * The Advanced Encryption Standard (AES) specifies a FIPS-approved 7 * cryptographic algorithm that can be used to protect electronic 8 * data. 9 * 10 * The AES algorithm is a symmetric block cipher that can 11 * encrypt and decrypt information. For more information, see 12 * <em>FIPS Publication 197: Advanced Encryption Standard</em> and 13 * <em>ISO/IEC 18033-2:2006: Information technology -- Security 14 * techniques -- Encryption algorithms -- Part 2: Asymmetric 15 * ciphers</em>. 16 * 17 * The AES-XTS block mode is standardized by NIST SP 800-38E 18 * <https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38e.pdf> 19 * and described in detail by IEEE P1619 20 * <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>. 21 */ 22 23 /* 24 * Copyright The Mbed TLS Contributors 25 * SPDX-License-Identifier: Apache-2.0 26 * 27 * Licensed under the Apache License, Version 2.0 (the "License"); you may 28 * not use this file except in compliance with the License. 29 * You may obtain a copy of the License at 30 * 31 * http://www.apache.org/licenses/LICENSE-2.0 32 * 33 * Unless required by applicable law or agreed to in writing, software 34 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 35 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 36 * See the License for the specific language governing permissions and 37 * limitations under the License. 38 */ 39 40 #ifndef MBEDTLS_AES_H 41 #define MBEDTLS_AES_H 42 #include "mbedtls/private_access.h" 43 44 #include "mbedtls/build_info.h" 45 #include "mbedtls/platform_util.h" 46 47 #include <stddef.h> 48 #include <stdint.h> 49 50 /* padlock.c and aesni.c rely on these values! */ 51 #define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ 52 #define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ 53 54 /* Error codes in range 0x0020-0x0022 */ 55 /** Invalid key length. */ 56 #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 57 /** Invalid data input length. */ 58 #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 59 60 /* Error codes in range 0x0021-0x0025 */ 61 /** Invalid input data. */ 62 #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 63 64 #ifdef __cplusplus 65 extern "C" { 66 #endif 67 68 #if !defined(MBEDTLS_AES_ALT) 69 // Regular implementation 70 // 71 72 /** 73 * \brief The AES context-type definition. 74 */ 75 typedef struct mbedtls_aes_context { 76 int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */ 77 size_t MBEDTLS_PRIVATE(rk_offset); /*!< The offset in array elements to AES 78 round keys in the buffer. */ 79 uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can 80 hold 32 extra Bytes, which can be used for 81 one of the following purposes: 82 <ul><li>Alignment if VIA padlock is 83 used.</li> 84 <li>Simplifying key expansion in the 256-bit 85 case by generating an extra round key. 86 </li></ul> */ 87 } 88 mbedtls_aes_context; 89 90 #if defined(MBEDTLS_CIPHER_MODE_XTS) 91 /** 92 * \brief The AES XTS context-type definition. 93 */ 94 typedef struct mbedtls_aes_xts_context { 95 mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block 96 encryption or decryption. */ 97 mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak 98 computation. */ 99 } mbedtls_aes_xts_context; 100 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 101 102 #else /* MBEDTLS_AES_ALT */ 103 #include "aes_alt.h" 104 #endif /* MBEDTLS_AES_ALT */ 105 106 /** 107 * \brief This function initializes the specified AES context. 108 * 109 * It must be the first API called before using 110 * the context. 111 * 112 * \param ctx The AES context to initialize. This must not be \c NULL. 113 */ 114 void mbedtls_aes_init(mbedtls_aes_context *ctx); 115 116 /** 117 * \brief This function releases and clears the specified AES context. 118 * 119 * \param ctx The AES context to clear. 120 * If this is \c NULL, this function does nothing. 121 * Otherwise, the context must have been at least initialized. 122 */ 123 void mbedtls_aes_free(mbedtls_aes_context *ctx); 124 125 #if defined(MBEDTLS_CIPHER_MODE_XTS) 126 /** 127 * \brief This function initializes the specified AES XTS context. 128 * 129 * It must be the first API called before using 130 * the context. 131 * 132 * \param ctx The AES XTS context to initialize. This must not be \c NULL. 133 */ 134 void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx); 135 136 /** 137 * \brief This function releases and clears the specified AES XTS context. 138 * 139 * \param ctx The AES XTS context to clear. 140 * If this is \c NULL, this function does nothing. 141 * Otherwise, the context must have been at least initialized. 142 */ 143 void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx); 144 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 145 146 /** 147 * \brief This function sets the encryption key. 148 * 149 * \param ctx The AES context to which the key should be bound. 150 * It must be initialized. 151 * \param key The encryption key. 152 * This must be a readable buffer of size \p keybits bits. 153 * \param keybits The size of data passed in bits. Valid options are: 154 * <ul><li>128 bits</li> 155 * <li>192 bits</li> 156 * <li>256 bits</li></ul> 157 * 158 * \return \c 0 on success. 159 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 160 */ 161 MBEDTLS_CHECK_RETURN_TYPICAL 162 int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, 163 unsigned int keybits); 164 165 /** 166 * \brief This function sets the decryption key. 167 * 168 * \param ctx The AES context to which the key should be bound. 169 * It must be initialized. 170 * \param key The decryption key. 171 * This must be a readable buffer of size \p keybits bits. 172 * \param keybits The size of data passed. Valid options are: 173 * <ul><li>128 bits</li> 174 * <li>192 bits</li> 175 * <li>256 bits</li></ul> 176 * 177 * \return \c 0 on success. 178 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 179 */ 180 MBEDTLS_CHECK_RETURN_TYPICAL 181 int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, 182 unsigned int keybits); 183 184 #if defined(MBEDTLS_CIPHER_MODE_XTS) 185 /** 186 * \brief This function prepares an XTS context for encryption and 187 * sets the encryption key. 188 * 189 * \param ctx The AES XTS context to which the key should be bound. 190 * It must be initialized. 191 * \param key The encryption key. This is comprised of the XTS key1 192 * concatenated with the XTS key2. 193 * This must be a readable buffer of size \p keybits bits. 194 * \param keybits The size of \p key passed in bits. Valid options are: 195 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 196 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 197 * 198 * \return \c 0 on success. 199 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 200 */ 201 MBEDTLS_CHECK_RETURN_TYPICAL 202 int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx, 203 const unsigned char *key, 204 unsigned int keybits); 205 206 /** 207 * \brief This function prepares an XTS context for decryption and 208 * sets the decryption key. 209 * 210 * \param ctx The AES XTS context to which the key should be bound. 211 * It must be initialized. 212 * \param key The decryption key. This is comprised of the XTS key1 213 * concatenated with the XTS key2. 214 * This must be a readable buffer of size \p keybits bits. 215 * \param keybits The size of \p key passed in bits. Valid options are: 216 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 217 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 218 * 219 * \return \c 0 on success. 220 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 221 */ 222 MBEDTLS_CHECK_RETURN_TYPICAL 223 int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx, 224 const unsigned char *key, 225 unsigned int keybits); 226 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 227 228 /** 229 * \brief This function performs an AES single-block encryption or 230 * decryption operation. 231 * 232 * It performs the operation defined in the \p mode parameter 233 * (encrypt or decrypt), on the input data buffer defined in 234 * the \p input parameter. 235 * 236 * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or 237 * mbedtls_aes_setkey_dec() must be called before the first 238 * call to this API with the same context. 239 * 240 * \param ctx The AES context to use for encryption or decryption. 241 * It must be initialized and bound to a key. 242 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 243 * #MBEDTLS_AES_DECRYPT. 244 * \param input The buffer holding the input data. 245 * It must be readable and at least \c 16 Bytes long. 246 * \param output The buffer where the output data will be written. 247 * It must be writeable and at least \c 16 Bytes long. 248 249 * \return \c 0 on success. 250 */ 251 MBEDTLS_CHECK_RETURN_TYPICAL 252 int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, 253 int mode, 254 const unsigned char input[16], 255 unsigned char output[16]); 256 257 #if defined(MBEDTLS_CIPHER_MODE_CBC) 258 /** 259 * \brief This function performs an AES-CBC encryption or decryption operation 260 * on full blocks. 261 * 262 * It performs the operation defined in the \p mode 263 * parameter (encrypt/decrypt), on the input data buffer defined in 264 * the \p input parameter. 265 * 266 * It can be called as many times as needed, until all the input 267 * data is processed. mbedtls_aes_init(), and either 268 * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called 269 * before the first call to this API with the same context. 270 * 271 * \note This function operates on full blocks, that is, the input size 272 * must be a multiple of the AES block size of \c 16 Bytes. 273 * 274 * \note Upon exit, the content of the IV is updated so that you can 275 * call the same function again on the next 276 * block(s) of data and get the same result as if it was 277 * encrypted in one call. This allows a "streaming" usage. 278 * If you need to retain the contents of the IV, you should 279 * either save it manually or use the cipher module instead. 280 * 281 * 282 * \param ctx The AES context to use for encryption or decryption. 283 * It must be initialized and bound to a key. 284 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 285 * #MBEDTLS_AES_DECRYPT. 286 * \param length The length of the input data in Bytes. This must be a 287 * multiple of the block size (\c 16 Bytes). 288 * \param iv Initialization vector (updated after use). 289 * It must be a readable and writeable buffer of \c 16 Bytes. 290 * \param input The buffer holding the input data. 291 * It must be readable and of size \p length Bytes. 292 * \param output The buffer holding the output data. 293 * It must be writeable and of size \p length Bytes. 294 * 295 * \return \c 0 on success. 296 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH 297 * on failure. 298 */ 299 MBEDTLS_CHECK_RETURN_TYPICAL 300 int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, 301 int mode, 302 size_t length, 303 unsigned char iv[16], 304 const unsigned char *input, 305 unsigned char *output); 306 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 307 308 #if defined(MBEDTLS_CIPHER_MODE_XTS) 309 /** 310 * \brief This function performs an AES-XTS encryption or decryption 311 * operation for an entire XTS data unit. 312 * 313 * AES-XTS encrypts or decrypts blocks based on their location as 314 * defined by a data unit number. The data unit number must be 315 * provided by \p data_unit. 316 * 317 * NIST SP 800-38E limits the maximum size of a data unit to 2^20 318 * AES blocks. If the data unit is larger than this, this function 319 * returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH. 320 * 321 * \param ctx The AES XTS context to use for AES XTS operations. 322 * It must be initialized and bound to a key. 323 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 324 * #MBEDTLS_AES_DECRYPT. 325 * \param length The length of a data unit in Bytes. This can be any 326 * length between 16 bytes and 2^24 bytes inclusive 327 * (between 1 and 2^20 block cipher blocks). 328 * \param data_unit The address of the data unit encoded as an array of 16 329 * bytes in little-endian format. For disk encryption, this 330 * is typically the index of the block device sector that 331 * contains the data. 332 * \param input The buffer holding the input data (which is an entire 333 * data unit). This function reads \p length Bytes from \p 334 * input. 335 * \param output The buffer holding the output data (which is an entire 336 * data unit). This function writes \p length Bytes to \p 337 * output. 338 * 339 * \return \c 0 on success. 340 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is 341 * smaller than an AES block in size (16 Bytes) or if \p 342 * length is larger than 2^20 blocks (16 MiB). 343 */ 344 MBEDTLS_CHECK_RETURN_TYPICAL 345 int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx, 346 int mode, 347 size_t length, 348 const unsigned char data_unit[16], 349 const unsigned char *input, 350 unsigned char *output); 351 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 352 353 #if defined(MBEDTLS_CIPHER_MODE_CFB) 354 /** 355 * \brief This function performs an AES-CFB128 encryption or decryption 356 * operation. 357 * 358 * It performs the operation defined in the \p mode 359 * parameter (encrypt or decrypt), on the input data buffer 360 * defined in the \p input parameter. 361 * 362 * For CFB, you must set up the context with mbedtls_aes_setkey_enc(), 363 * regardless of whether you are performing an encryption or decryption 364 * operation, that is, regardless of the \p mode parameter. This is 365 * because CFB mode uses the same key schedule for encryption and 366 * decryption. 367 * 368 * \note Upon exit, the content of the IV is updated so that you can 369 * call the same function again on the next 370 * block(s) of data and get the same result as if it was 371 * encrypted in one call. This allows a "streaming" usage. 372 * If you need to retain the contents of the 373 * IV, you must either save it manually or use the cipher 374 * module instead. 375 * 376 * 377 * \param ctx The AES context to use for encryption or decryption. 378 * It must be initialized and bound to a key. 379 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 380 * #MBEDTLS_AES_DECRYPT. 381 * \param length The length of the input data in Bytes. 382 * \param iv_off The offset in IV (updated after use). 383 * It must point to a valid \c size_t. 384 * \param iv The initialization vector (updated after use). 385 * It must be a readable and writeable buffer of \c 16 Bytes. 386 * \param input The buffer holding the input data. 387 * It must be readable and of size \p length Bytes. 388 * \param output The buffer holding the output data. 389 * It must be writeable and of size \p length Bytes. 390 * 391 * \return \c 0 on success. 392 */ 393 MBEDTLS_CHECK_RETURN_TYPICAL 394 int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx, 395 int mode, 396 size_t length, 397 size_t *iv_off, 398 unsigned char iv[16], 399 const unsigned char *input, 400 unsigned char *output); 401 402 /** 403 * \brief This function performs an AES-CFB8 encryption or decryption 404 * operation. 405 * 406 * It performs the operation defined in the \p mode 407 * parameter (encrypt/decrypt), on the input data buffer defined 408 * in the \p input parameter. 409 * 410 * Due to the nature of CFB, you must use the same key schedule for 411 * both encryption and decryption operations. Therefore, you must 412 * use the context initialized with mbedtls_aes_setkey_enc() for 413 * both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 414 * 415 * \note Upon exit, the content of the IV is updated so that you can 416 * call the same function again on the next 417 * block(s) of data and get the same result as if it was 418 * encrypted in one call. This allows a "streaming" usage. 419 * If you need to retain the contents of the 420 * IV, you should either save it manually or use the cipher 421 * module instead. 422 * 423 * 424 * \param ctx The AES context to use for encryption or decryption. 425 * It must be initialized and bound to a key. 426 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 427 * #MBEDTLS_AES_DECRYPT 428 * \param length The length of the input data. 429 * \param iv The initialization vector (updated after use). 430 * It must be a readable and writeable buffer of \c 16 Bytes. 431 * \param input The buffer holding the input data. 432 * It must be readable and of size \p length Bytes. 433 * \param output The buffer holding the output data. 434 * It must be writeable and of size \p length Bytes. 435 * 436 * \return \c 0 on success. 437 */ 438 MBEDTLS_CHECK_RETURN_TYPICAL 439 int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx, 440 int mode, 441 size_t length, 442 unsigned char iv[16], 443 const unsigned char *input, 444 unsigned char *output); 445 #endif /*MBEDTLS_CIPHER_MODE_CFB */ 446 447 #if defined(MBEDTLS_CIPHER_MODE_OFB) 448 /** 449 * \brief This function performs an AES-OFB (Output Feedback Mode) 450 * encryption or decryption operation. 451 * 452 * For OFB, you must set up the context with 453 * mbedtls_aes_setkey_enc(), regardless of whether you are 454 * performing an encryption or decryption operation. This is 455 * because OFB mode uses the same key schedule for encryption and 456 * decryption. 457 * 458 * The OFB operation is identical for encryption or decryption, 459 * therefore no operation mode needs to be specified. 460 * 461 * \note Upon exit, the content of iv, the Initialisation Vector, is 462 * updated so that you can call the same function again on the next 463 * block(s) of data and get the same result as if it was encrypted 464 * in one call. This allows a "streaming" usage, by initialising 465 * iv_off to 0 before the first call, and preserving its value 466 * between calls. 467 * 468 * For non-streaming use, the iv should be initialised on each call 469 * to a unique value, and iv_off set to 0 on each call. 470 * 471 * If you need to retain the contents of the initialisation vector, 472 * you must either save it manually or use the cipher module 473 * instead. 474 * 475 * \warning For the OFB mode, the initialisation vector must be unique 476 * every encryption operation. Reuse of an initialisation vector 477 * will compromise security. 478 * 479 * \param ctx The AES context to use for encryption or decryption. 480 * It must be initialized and bound to a key. 481 * \param length The length of the input data. 482 * \param iv_off The offset in IV (updated after use). 483 * It must point to a valid \c size_t. 484 * \param iv The initialization vector (updated after use). 485 * It must be a readable and writeable buffer of \c 16 Bytes. 486 * \param input The buffer holding the input data. 487 * It must be readable and of size \p length Bytes. 488 * \param output The buffer holding the output data. 489 * It must be writeable and of size \p length Bytes. 490 * 491 * \return \c 0 on success. 492 */ 493 MBEDTLS_CHECK_RETURN_TYPICAL 494 int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx, 495 size_t length, 496 size_t *iv_off, 497 unsigned char iv[16], 498 const unsigned char *input, 499 unsigned char *output); 500 501 #endif /* MBEDTLS_CIPHER_MODE_OFB */ 502 503 #if defined(MBEDTLS_CIPHER_MODE_CTR) 504 /** 505 * \brief This function performs an AES-CTR encryption or decryption 506 * operation. 507 * 508 * Due to the nature of CTR, you must use the same key schedule 509 * for both encryption and decryption operations. Therefore, you 510 * must use the context initialized with mbedtls_aes_setkey_enc() 511 * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 512 * 513 * \warning You must never reuse a nonce value with the same key. Doing so 514 * would void the encryption for the two messages encrypted with 515 * the same nonce and key. 516 * 517 * There are two common strategies for managing nonces with CTR: 518 * 519 * 1. You can handle everything as a single message processed over 520 * successive calls to this function. In that case, you want to 521 * set \p nonce_counter and \p nc_off to 0 for the first call, and 522 * then preserve the values of \p nonce_counter, \p nc_off and \p 523 * stream_block across calls to this function as they will be 524 * updated by this function. 525 * 526 * With this strategy, you must not encrypt more than 2**128 527 * blocks of data with the same key. 528 * 529 * 2. You can encrypt separate messages by dividing the \p 530 * nonce_counter buffer in two areas: the first one used for a 531 * per-message nonce, handled by yourself, and the second one 532 * updated by this function internally. 533 * 534 * For example, you might reserve the first 12 bytes for the 535 * per-message nonce, and the last 4 bytes for internal use. In that 536 * case, before calling this function on a new message you need to 537 * set the first 12 bytes of \p nonce_counter to your chosen nonce 538 * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p 539 * stream_block to be ignored). That way, you can encrypt at most 540 * 2**96 messages of up to 2**32 blocks each with the same key. 541 * 542 * The per-message nonce (or information sufficient to reconstruct 543 * it) needs to be communicated with the ciphertext and must be unique. 544 * The recommended way to ensure uniqueness is to use a message 545 * counter. An alternative is to generate random nonces, but this 546 * limits the number of messages that can be securely encrypted: 547 * for example, with 96-bit random nonces, you should not encrypt 548 * more than 2**32 messages with the same key. 549 * 550 * Note that for both strategies, sizes are measured in blocks and 551 * that an AES block is 16 bytes. 552 * 553 * \warning Upon return, \p stream_block contains sensitive data. Its 554 * content must not be written to insecure storage and should be 555 * securely discarded as soon as it's no longer needed. 556 * 557 * \param ctx The AES context to use for encryption or decryption. 558 * It must be initialized and bound to a key. 559 * \param length The length of the input data. 560 * \param nc_off The offset in the current \p stream_block, for 561 * resuming within the current cipher stream. The 562 * offset pointer should be 0 at the start of a stream. 563 * It must point to a valid \c size_t. 564 * \param nonce_counter The 128-bit nonce and counter. 565 * It must be a readable-writeable buffer of \c 16 Bytes. 566 * \param stream_block The saved stream block for resuming. This is 567 * overwritten by the function. 568 * It must be a readable-writeable buffer of \c 16 Bytes. 569 * \param input The buffer holding the input data. 570 * It must be readable and of size \p length Bytes. 571 * \param output The buffer holding the output data. 572 * It must be writeable and of size \p length Bytes. 573 * 574 * \return \c 0 on success. 575 */ 576 MBEDTLS_CHECK_RETURN_TYPICAL 577 int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, 578 size_t length, 579 size_t *nc_off, 580 unsigned char nonce_counter[16], 581 unsigned char stream_block[16], 582 const unsigned char *input, 583 unsigned char *output); 584 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 585 586 /** 587 * \brief Internal AES block encryption function. This is only 588 * exposed to allow overriding it using 589 * \c MBEDTLS_AES_ENCRYPT_ALT. 590 * 591 * \param ctx The AES context to use for encryption. 592 * \param input The plaintext block. 593 * \param output The output (ciphertext) block. 594 * 595 * \return \c 0 on success. 596 */ 597 MBEDTLS_CHECK_RETURN_TYPICAL 598 int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, 599 const unsigned char input[16], 600 unsigned char output[16]); 601 602 /** 603 * \brief Internal AES block decryption function. This is only 604 * exposed to allow overriding it using see 605 * \c MBEDTLS_AES_DECRYPT_ALT. 606 * 607 * \param ctx The AES context to use for decryption. 608 * \param input The ciphertext block. 609 * \param output The output (plaintext) block. 610 * 611 * \return \c 0 on success. 612 */ 613 MBEDTLS_CHECK_RETURN_TYPICAL 614 int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, 615 const unsigned char input[16], 616 unsigned char output[16]); 617 618 #if defined(MBEDTLS_SELF_TEST) 619 /** 620 * \brief Checkup routine. 621 * 622 * \return \c 0 on success. 623 * \return \c 1 on failure. 624 */ 625 MBEDTLS_CHECK_RETURN_CRITICAL 626 int mbedtls_aes_self_test(int verbose); 627 628 #endif /* MBEDTLS_SELF_TEST */ 629 630 #ifdef __cplusplus 631 } 632 #endif 633 634 #endif /* aes.h */ 635
