1 /** 2 * \file aes.h 3 * 4 * \brief This file contains AES definitions and functions. 5 * 6 * The Advanced Encryption Standard (AES) specifies a FIPS-approved 7 * cryptographic algorithm that can be used to protect electronic 8 * data. 9 * 10 * The AES algorithm is a symmetric block cipher that can 11 * encrypt and decrypt information. For more information, see 12 * <em>FIPS Publication 197: Advanced Encryption Standard</em> and 13 * <em>ISO/IEC 18033-2:2006: Information technology -- Security 14 * techniques -- Encryption algorithms -- Part 2: Asymmetric 15 * ciphers</em>. 16 * 17 * The AES-XTS block mode is standardized by NIST SP 800-38E 18 * <https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38e.pdf> 19 * and described in detail by IEEE P1619 20 * <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>. 21 */ 22 23 /* 24 * Copyright The Mbed TLS Contributors 25 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 26 */ 27 28 #ifndef MBEDTLS_AES_H 29 #define MBEDTLS_AES_H 30 #include "mbedtls/private_access.h" 31 32 #include "mbedtls/build_info.h" 33 #include "mbedtls/platform_util.h" 34 35 #include <stddef.h> 36 #include <stdint.h> 37 38 /* padlock.c and aesni.c rely on these values! */ 39 #define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ 40 #define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ 41 42 /* Error codes in range 0x0020-0x0022 */ 43 /** Invalid key length. */ 44 #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 45 /** Invalid data input length. */ 46 #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 47 48 /* Error codes in range 0x0021-0x0025 */ 49 /** Invalid input data. */ 50 #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 51 52 #ifdef __cplusplus 53 extern "C" { 54 #endif 55 56 #if !defined(MBEDTLS_AES_ALT) 57 // Regular implementation 58 // 59 60 /** 61 * \brief The AES context-type definition. 62 */ 63 typedef struct mbedtls_aes_context { 64 int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */ 65 size_t MBEDTLS_PRIVATE(rk_offset); /*!< The offset in array elements to AES 66 round keys in the buffer. */ 67 #if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_PADLOCK_C) 68 uint32_t MBEDTLS_PRIVATE(buf)[44]; /*!< Aligned data buffer to hold 69 10 round keys for 128-bit case. */ 70 #else 71 uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can 72 hold 32 extra Bytes, which can be used for 73 one of the following purposes: 74 <ul><li>Alignment if VIA padlock is 75 used.</li> 76 <li>Simplifying key expansion in the 256-bit 77 case by generating an extra round key. 78 </li></ul> */ 79 #endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH && !MBEDTLS_PADLOCK_C */ 80 } 81 mbedtls_aes_context; 82 83 #if defined(MBEDTLS_CIPHER_MODE_XTS) 84 /** 85 * \brief The AES XTS context-type definition. 86 */ 87 typedef struct mbedtls_aes_xts_context { 88 mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block 89 encryption or decryption. */ 90 mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak 91 computation. */ 92 } mbedtls_aes_xts_context; 93 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 94 95 #else /* MBEDTLS_AES_ALT */ 96 #include "aes_alt.h" 97 #endif /* MBEDTLS_AES_ALT */ 98 99 /** 100 * \brief This function initializes the specified AES context. 101 * 102 * It must be the first API called before using 103 * the context. 104 * 105 * \param ctx The AES context to initialize. This must not be \c NULL. 106 */ 107 void mbedtls_aes_init(mbedtls_aes_context *ctx); 108 109 /** 110 * \brief This function releases and clears the specified AES context. 111 * 112 * \param ctx The AES context to clear. 113 * If this is \c NULL, this function does nothing. 114 * Otherwise, the context must have been at least initialized. 115 */ 116 void mbedtls_aes_free(mbedtls_aes_context *ctx); 117 118 #if defined(MBEDTLS_CIPHER_MODE_XTS) 119 /** 120 * \brief This function initializes the specified AES XTS context. 121 * 122 * It must be the first API called before using 123 * the context. 124 * 125 * \param ctx The AES XTS context to initialize. This must not be \c NULL. 126 */ 127 void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx); 128 129 /** 130 * \brief This function releases and clears the specified AES XTS context. 131 * 132 * \param ctx The AES XTS context to clear. 133 * If this is \c NULL, this function does nothing. 134 * Otherwise, the context must have been at least initialized. 135 */ 136 void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx); 137 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 138 139 /** 140 * \brief This function sets the encryption key. 141 * 142 * \param ctx The AES context to which the key should be bound. 143 * It must be initialized. 144 * \param key The encryption key. 145 * This must be a readable buffer of size \p keybits bits. 146 * \param keybits The size of data passed in bits. Valid options are: 147 * <ul><li>128 bits</li> 148 * <li>192 bits</li> 149 * <li>256 bits</li></ul> 150 * 151 * \return \c 0 on success. 152 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 153 */ 154 MBEDTLS_CHECK_RETURN_TYPICAL 155 int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, 156 unsigned int keybits); 157 158 #if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) 159 /** 160 * \brief This function sets the decryption key. 161 * 162 * \param ctx The AES context to which the key should be bound. 163 * It must be initialized. 164 * \param key The decryption key. 165 * This must be a readable buffer of size \p keybits bits. 166 * \param keybits The size of data passed. Valid options are: 167 * <ul><li>128 bits</li> 168 * <li>192 bits</li> 169 * <li>256 bits</li></ul> 170 * 171 * \return \c 0 on success. 172 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 173 */ 174 MBEDTLS_CHECK_RETURN_TYPICAL 175 int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, 176 unsigned int keybits); 177 #endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ 178 179 #if defined(MBEDTLS_CIPHER_MODE_XTS) 180 /** 181 * \brief This function prepares an XTS context for encryption and 182 * sets the encryption key. 183 * 184 * \param ctx The AES XTS context to which the key should be bound. 185 * It must be initialized. 186 * \param key The encryption key. This is comprised of the XTS key1 187 * concatenated with the XTS key2. 188 * This must be a readable buffer of size \p keybits bits. 189 * \param keybits The size of \p key passed in bits. Valid options are: 190 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 191 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 192 * 193 * \return \c 0 on success. 194 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 195 */ 196 MBEDTLS_CHECK_RETURN_TYPICAL 197 int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx, 198 const unsigned char *key, 199 unsigned int keybits); 200 201 /** 202 * \brief This function prepares an XTS context for decryption and 203 * sets the decryption key. 204 * 205 * \param ctx The AES XTS context to which the key should be bound. 206 * It must be initialized. 207 * \param key The decryption key. This is comprised of the XTS key1 208 * concatenated with the XTS key2. 209 * This must be a readable buffer of size \p keybits bits. 210 * \param keybits The size of \p key passed in bits. Valid options are: 211 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 212 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 213 * 214 * \return \c 0 on success. 215 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 216 */ 217 MBEDTLS_CHECK_RETURN_TYPICAL 218 int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx, 219 const unsigned char *key, 220 unsigned int keybits); 221 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 222 223 /** 224 * \brief This function performs an AES single-block encryption or 225 * decryption operation. 226 * 227 * It performs the operation defined in the \p mode parameter 228 * (encrypt or decrypt), on the input data buffer defined in 229 * the \p input parameter. 230 * 231 * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or 232 * mbedtls_aes_setkey_dec() must be called before the first 233 * call to this API with the same context. 234 * 235 * \param ctx The AES context to use for encryption or decryption. 236 * It must be initialized and bound to a key. 237 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 238 * #MBEDTLS_AES_DECRYPT. 239 * \param input The buffer holding the input data. 240 * It must be readable and at least \c 16 Bytes long. 241 * \param output The buffer where the output data will be written. 242 * It must be writeable and at least \c 16 Bytes long. 243 244 * \return \c 0 on success. 245 */ 246 MBEDTLS_CHECK_RETURN_TYPICAL 247 int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, 248 int mode, 249 const unsigned char input[16], 250 unsigned char output[16]); 251 252 #if defined(MBEDTLS_CIPHER_MODE_CBC) 253 /** 254 * \brief This function performs an AES-CBC encryption or decryption operation 255 * on full blocks. 256 * 257 * It performs the operation defined in the \p mode 258 * parameter (encrypt/decrypt), on the input data buffer defined in 259 * the \p input parameter. 260 * 261 * It can be called as many times as needed, until all the input 262 * data is processed. mbedtls_aes_init(), and either 263 * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called 264 * before the first call to this API with the same context. 265 * 266 * \note This function operates on full blocks, that is, the input size 267 * must be a multiple of the AES block size of \c 16 Bytes. 268 * 269 * \note Upon exit, the content of the IV is updated so that you can 270 * call the same function again on the next 271 * block(s) of data and get the same result as if it was 272 * encrypted in one call. This allows a "streaming" usage. 273 * If you need to retain the contents of the IV, you should 274 * either save it manually or use the cipher module instead. 275 * 276 * 277 * \param ctx The AES context to use for encryption or decryption. 278 * It must be initialized and bound to a key. 279 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 280 * #MBEDTLS_AES_DECRYPT. 281 * \param length The length of the input data in Bytes. This must be a 282 * multiple of the block size (\c 16 Bytes). 283 * \param iv Initialization vector (updated after use). 284 * It must be a readable and writeable buffer of \c 16 Bytes. 285 * \param input The buffer holding the input data. 286 * It must be readable and of size \p length Bytes. 287 * \param output The buffer holding the output data. 288 * It must be writeable and of size \p length Bytes. 289 * 290 * \return \c 0 on success. 291 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH 292 * on failure. 293 */ 294 MBEDTLS_CHECK_RETURN_TYPICAL 295 int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, 296 int mode, 297 size_t length, 298 unsigned char iv[16], 299 const unsigned char *input, 300 unsigned char *output); 301 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 302 303 #if defined(MBEDTLS_CIPHER_MODE_XTS) 304 /** 305 * \brief This function performs an AES-XTS encryption or decryption 306 * operation for an entire XTS data unit. 307 * 308 * AES-XTS encrypts or decrypts blocks based on their location as 309 * defined by a data unit number. The data unit number must be 310 * provided by \p data_unit. 311 * 312 * NIST SP 800-38E limits the maximum size of a data unit to 2^20 313 * AES blocks. If the data unit is larger than this, this function 314 * returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH. 315 * 316 * \param ctx The AES XTS context to use for AES XTS operations. 317 * It must be initialized and bound to a key. 318 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 319 * #MBEDTLS_AES_DECRYPT. 320 * \param length The length of a data unit in Bytes. This can be any 321 * length between 16 bytes and 2^24 bytes inclusive 322 * (between 1 and 2^20 block cipher blocks). 323 * \param data_unit The address of the data unit encoded as an array of 16 324 * bytes in little-endian format. For disk encryption, this 325 * is typically the index of the block device sector that 326 * contains the data. 327 * \param input The buffer holding the input data (which is an entire 328 * data unit). This function reads \p length Bytes from \p 329 * input. 330 * \param output The buffer holding the output data (which is an entire 331 * data unit). This function writes \p length Bytes to \p 332 * output. 333 * 334 * \return \c 0 on success. 335 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is 336 * smaller than an AES block in size (16 Bytes) or if \p 337 * length is larger than 2^20 blocks (16 MiB). 338 */ 339 MBEDTLS_CHECK_RETURN_TYPICAL 340 int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx, 341 int mode, 342 size_t length, 343 const unsigned char data_unit[16], 344 const unsigned char *input, 345 unsigned char *output); 346 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 347 348 #if defined(MBEDTLS_CIPHER_MODE_CFB) 349 /** 350 * \brief This function performs an AES-CFB128 encryption or decryption 351 * operation. 352 * 353 * It performs the operation defined in the \p mode 354 * parameter (encrypt or decrypt), on the input data buffer 355 * defined in the \p input parameter. 356 * 357 * For CFB, you must set up the context with mbedtls_aes_setkey_enc(), 358 * regardless of whether you are performing an encryption or decryption 359 * operation, that is, regardless of the \p mode parameter. This is 360 * because CFB mode uses the same key schedule for encryption and 361 * decryption. 362 * 363 * \note Upon exit, the content of the IV is updated so that you can 364 * call the same function again on the next 365 * block(s) of data and get the same result as if it was 366 * encrypted in one call. This allows a "streaming" usage. 367 * If you need to retain the contents of the 368 * IV, you must either save it manually or use the cipher 369 * module instead. 370 * 371 * 372 * \param ctx The AES context to use for encryption or decryption. 373 * It must be initialized and bound to a key. 374 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 375 * #MBEDTLS_AES_DECRYPT. 376 * \param length The length of the input data in Bytes. 377 * \param iv_off The offset in IV (updated after use). 378 * It must point to a valid \c size_t. 379 * \param iv The initialization vector (updated after use). 380 * It must be a readable and writeable buffer of \c 16 Bytes. 381 * \param input The buffer holding the input data. 382 * It must be readable and of size \p length Bytes. 383 * \param output The buffer holding the output data. 384 * It must be writeable and of size \p length Bytes. 385 * 386 * \return \c 0 on success. 387 */ 388 MBEDTLS_CHECK_RETURN_TYPICAL 389 int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx, 390 int mode, 391 size_t length, 392 size_t *iv_off, 393 unsigned char iv[16], 394 const unsigned char *input, 395 unsigned char *output); 396 397 /** 398 * \brief This function performs an AES-CFB8 encryption or decryption 399 * operation. 400 * 401 * It performs the operation defined in the \p mode 402 * parameter (encrypt/decrypt), on the input data buffer defined 403 * in the \p input parameter. 404 * 405 * Due to the nature of CFB, you must use the same key schedule for 406 * both encryption and decryption operations. Therefore, you must 407 * use the context initialized with mbedtls_aes_setkey_enc() for 408 * both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 409 * 410 * \note Upon exit, the content of the IV is updated so that you can 411 * call the same function again on the next 412 * block(s) of data and get the same result as if it was 413 * encrypted in one call. This allows a "streaming" usage. 414 * If you need to retain the contents of the 415 * IV, you should either save it manually or use the cipher 416 * module instead. 417 * 418 * 419 * \param ctx The AES context to use for encryption or decryption. 420 * It must be initialized and bound to a key. 421 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 422 * #MBEDTLS_AES_DECRYPT 423 * \param length The length of the input data. 424 * \param iv The initialization vector (updated after use). 425 * It must be a readable and writeable buffer of \c 16 Bytes. 426 * \param input The buffer holding the input data. 427 * It must be readable and of size \p length Bytes. 428 * \param output The buffer holding the output data. 429 * It must be writeable and of size \p length Bytes. 430 * 431 * \return \c 0 on success. 432 */ 433 MBEDTLS_CHECK_RETURN_TYPICAL 434 int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx, 435 int mode, 436 size_t length, 437 unsigned char iv[16], 438 const unsigned char *input, 439 unsigned char *output); 440 #endif /*MBEDTLS_CIPHER_MODE_CFB */ 441 442 #if defined(MBEDTLS_CIPHER_MODE_OFB) 443 /** 444 * \brief This function performs an AES-OFB (Output Feedback Mode) 445 * encryption or decryption operation. 446 * 447 * For OFB, you must set up the context with 448 * mbedtls_aes_setkey_enc(), regardless of whether you are 449 * performing an encryption or decryption operation. This is 450 * because OFB mode uses the same key schedule for encryption and 451 * decryption. 452 * 453 * The OFB operation is identical for encryption or decryption, 454 * therefore no operation mode needs to be specified. 455 * 456 * \note Upon exit, the content of iv, the Initialisation Vector, is 457 * updated so that you can call the same function again on the next 458 * block(s) of data and get the same result as if it was encrypted 459 * in one call. This allows a "streaming" usage, by initialising 460 * iv_off to 0 before the first call, and preserving its value 461 * between calls. 462 * 463 * For non-streaming use, the iv should be initialised on each call 464 * to a unique value, and iv_off set to 0 on each call. 465 * 466 * If you need to retain the contents of the initialisation vector, 467 * you must either save it manually or use the cipher module 468 * instead. 469 * 470 * \warning For the OFB mode, the initialisation vector must be unique 471 * every encryption operation. Reuse of an initialisation vector 472 * will compromise security. 473 * 474 * \param ctx The AES context to use for encryption or decryption. 475 * It must be initialized and bound to a key. 476 * \param length The length of the input data. 477 * \param iv_off The offset in IV (updated after use). 478 * It must point to a valid \c size_t. 479 * \param iv The initialization vector (updated after use). 480 * It must be a readable and writeable buffer of \c 16 Bytes. 481 * \param input The buffer holding the input data. 482 * It must be readable and of size \p length Bytes. 483 * \param output The buffer holding the output data. 484 * It must be writeable and of size \p length Bytes. 485 * 486 * \return \c 0 on success. 487 */ 488 MBEDTLS_CHECK_RETURN_TYPICAL 489 int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx, 490 size_t length, 491 size_t *iv_off, 492 unsigned char iv[16], 493 const unsigned char *input, 494 unsigned char *output); 495 496 #endif /* MBEDTLS_CIPHER_MODE_OFB */ 497 498 #if defined(MBEDTLS_CIPHER_MODE_CTR) 499 /** 500 * \brief This function performs an AES-CTR encryption or decryption 501 * operation. 502 * 503 * Due to the nature of CTR, you must use the same key schedule 504 * for both encryption and decryption operations. Therefore, you 505 * must use the context initialized with mbedtls_aes_setkey_enc() 506 * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 507 * 508 * \warning You must never reuse a nonce value with the same key. Doing so 509 * would void the encryption for the two messages encrypted with 510 * the same nonce and key. 511 * 512 * There are two common strategies for managing nonces with CTR: 513 * 514 * 1. You can handle everything as a single message processed over 515 * successive calls to this function. In that case, you want to 516 * set \p nonce_counter and \p nc_off to 0 for the first call, and 517 * then preserve the values of \p nonce_counter, \p nc_off and \p 518 * stream_block across calls to this function as they will be 519 * updated by this function. 520 * 521 * With this strategy, you must not encrypt more than 2**128 522 * blocks of data with the same key. 523 * 524 * 2. You can encrypt separate messages by dividing the \p 525 * nonce_counter buffer in two areas: the first one used for a 526 * per-message nonce, handled by yourself, and the second one 527 * updated by this function internally. 528 * 529 * For example, you might reserve the first 12 bytes for the 530 * per-message nonce, and the last 4 bytes for internal use. In that 531 * case, before calling this function on a new message you need to 532 * set the first 12 bytes of \p nonce_counter to your chosen nonce 533 * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p 534 * stream_block to be ignored). That way, you can encrypt at most 535 * 2**96 messages of up to 2**32 blocks each with the same key. 536 * 537 * The per-message nonce (or information sufficient to reconstruct 538 * it) needs to be communicated with the ciphertext and must be unique. 539 * The recommended way to ensure uniqueness is to use a message 540 * counter. An alternative is to generate random nonces, but this 541 * limits the number of messages that can be securely encrypted: 542 * for example, with 96-bit random nonces, you should not encrypt 543 * more than 2**32 messages with the same key. 544 * 545 * Note that for both strategies, sizes are measured in blocks and 546 * that an AES block is 16 bytes. 547 * 548 * \warning Upon return, \p stream_block contains sensitive data. Its 549 * content must not be written to insecure storage and should be 550 * securely discarded as soon as it's no longer needed. 551 * 552 * \param ctx The AES context to use for encryption or decryption. 553 * It must be initialized and bound to a key. 554 * \param length The length of the input data. 555 * \param nc_off The offset in the current \p stream_block, for 556 * resuming within the current cipher stream. The 557 * offset pointer should be 0 at the start of a stream. 558 * It must point to a valid \c size_t. 559 * \param nonce_counter The 128-bit nonce and counter. 560 * It must be a readable-writeable buffer of \c 16 Bytes. 561 * \param stream_block The saved stream block for resuming. This is 562 * overwritten by the function. 563 * It must be a readable-writeable buffer of \c 16 Bytes. 564 * \param input The buffer holding the input data. 565 * It must be readable and of size \p length Bytes. 566 * \param output The buffer holding the output data. 567 * It must be writeable and of size \p length Bytes. 568 * 569 * \return \c 0 on success. 570 */ 571 MBEDTLS_CHECK_RETURN_TYPICAL 572 int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, 573 size_t length, 574 size_t *nc_off, 575 unsigned char nonce_counter[16], 576 unsigned char stream_block[16], 577 const unsigned char *input, 578 unsigned char *output); 579 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 580 581 /** 582 * \brief Internal AES block encryption function. This is only 583 * exposed to allow overriding it using 584 * \c MBEDTLS_AES_ENCRYPT_ALT. 585 * 586 * \param ctx The AES context to use for encryption. 587 * \param input The plaintext block. 588 * \param output The output (ciphertext) block. 589 * 590 * \return \c 0 on success. 591 */ 592 MBEDTLS_CHECK_RETURN_TYPICAL 593 int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, 594 const unsigned char input[16], 595 unsigned char output[16]); 596 597 #if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) 598 /** 599 * \brief Internal AES block decryption function. This is only 600 * exposed to allow overriding it using see 601 * \c MBEDTLS_AES_DECRYPT_ALT. 602 * 603 * \param ctx The AES context to use for decryption. 604 * \param input The ciphertext block. 605 * \param output The output (plaintext) block. 606 * 607 * \return \c 0 on success. 608 */ 609 MBEDTLS_CHECK_RETURN_TYPICAL 610 int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, 611 const unsigned char input[16], 612 unsigned char output[16]); 613 #endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ 614 615 #if defined(MBEDTLS_SELF_TEST) 616 /** 617 * \brief Checkup routine. 618 * 619 * \return \c 0 on success. 620 * \return \c 1 on failure. 621 */ 622 MBEDTLS_CHECK_RETURN_CRITICAL 623 int mbedtls_aes_self_test(int verbose); 624 625 #endif /* MBEDTLS_SELF_TEST */ 626 627 #ifdef __cplusplus 628 } 629 #endif 630 631 #endif /* aes.h */ 632
