1 /** 2 * \file aes.h 3 * 4 * \brief This file contains AES definitions and functions. 5 * 6 * The Advanced Encryption Standard (AES) specifies a FIPS-approved 7 * cryptographic algorithm that can be used to protect electronic 8 * data. 9 * 10 * The AES algorithm is a symmetric block cipher that can 11 * encrypt and decrypt information. For more information, see 12 * <em>FIPS Publication 197: Advanced Encryption Standard</em> and 13 * <em>ISO/IEC 18033-2:2006: Information technology -- Security 14 * techniques -- Encryption algorithms -- Part 2: Asymmetric 15 * ciphers</em>. 16 * 17 * The AES-XTS block mode is standardized by NIST SP 800-38E 18 * <https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38e.pdf> 19 * and described in detail by IEEE P1619 20 * <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>. 21 */ 22 23 /* 24 * Copyright The Mbed TLS Contributors 25 * SPDX-License-Identifier: Apache-2.0 26 * 27 * Licensed under the Apache License, Version 2.0 (the "License"); you may 28 * not use this file except in compliance with the License. 29 * You may obtain a copy of the License at 30 * 31 * http://www.apache.org/licenses/LICENSE-2.0 32 * 33 * Unless required by applicable law or agreed to in writing, software 34 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 35 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 36 * See the License for the specific language governing permissions and 37 * limitations under the License. 38 */ 39 40 #ifndef MBEDTLS_AES_H 41 #define MBEDTLS_AES_H 42 #include "mbedtls/private_access.h" 43 44 #include "mbedtls/build_info.h" 45 #include "mbedtls/platform_util.h" 46 47 #include <stddef.h> 48 #include <stdint.h> 49 50 /* padlock.c and aesni.c rely on these values! */ 51 #define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ 52 #define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ 53 54 /* Error codes in range 0x0020-0x0022 */ 55 /** Invalid key length. */ 56 #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 57 /** Invalid data input length. */ 58 #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 59 60 /* Error codes in range 0x0021-0x0025 */ 61 /** Invalid input data. */ 62 #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 63 64 #ifdef __cplusplus 65 extern "C" { 66 #endif 67 68 #if !defined(MBEDTLS_AES_ALT) 69 // Regular implementation 70 // 71 72 /** 73 * \brief The AES context-type definition. 74 */ 75 typedef struct mbedtls_aes_context 76 { 77 int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */ 78 size_t MBEDTLS_PRIVATE(rk_offset); /*!< The offset in array elements to AES 79 round keys in the buffer. */ 80 uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can 81 hold 32 extra Bytes, which can be used for 82 one of the following purposes: 83 <ul><li>Alignment if VIA padlock is 84 used.</li> 85 <li>Simplifying key expansion in the 256-bit 86 case by generating an extra round key. 87 </li></ul> */ 88 } 89 mbedtls_aes_context; 90 91 #if defined(MBEDTLS_CIPHER_MODE_XTS) 92 /** 93 * \brief The AES XTS context-type definition. 94 */ 95 typedef struct mbedtls_aes_xts_context 96 { 97 mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block 98 encryption or decryption. */ 99 mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak 100 computation. */ 101 } mbedtls_aes_xts_context; 102 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 103 104 #else /* MBEDTLS_AES_ALT */ 105 #include "aes_alt.h" 106 #endif /* MBEDTLS_AES_ALT */ 107 108 /** 109 * \brief This function initializes the specified AES context. 110 * 111 * It must be the first API called before using 112 * the context. 113 * 114 * \param ctx The AES context to initialize. This must not be \c NULL. 115 */ 116 void mbedtls_aes_init( mbedtls_aes_context *ctx ); 117 118 /** 119 * \brief This function releases and clears the specified AES context. 120 * 121 * \param ctx The AES context to clear. 122 * If this is \c NULL, this function does nothing. 123 * Otherwise, the context must have been at least initialized. 124 */ 125 void mbedtls_aes_free( mbedtls_aes_context *ctx ); 126 127 #if defined(MBEDTLS_CIPHER_MODE_XTS) 128 /** 129 * \brief This function initializes the specified AES XTS context. 130 * 131 * It must be the first API called before using 132 * the context. 133 * 134 * \param ctx The AES XTS context to initialize. This must not be \c NULL. 135 */ 136 void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ); 137 138 /** 139 * \brief This function releases and clears the specified AES XTS context. 140 * 141 * \param ctx The AES XTS context to clear. 142 * If this is \c NULL, this function does nothing. 143 * Otherwise, the context must have been at least initialized. 144 */ 145 void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); 146 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 147 148 /** 149 * \brief This function sets the encryption key. 150 * 151 * \param ctx The AES context to which the key should be bound. 152 * It must be initialized. 153 * \param key The encryption key. 154 * This must be a readable buffer of size \p keybits bits. 155 * \param keybits The size of data passed in bits. Valid options are: 156 * <ul><li>128 bits</li> 157 * <li>192 bits</li> 158 * <li>256 bits</li></ul> 159 * 160 * \return \c 0 on success. 161 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 162 */ 163 MBEDTLS_CHECK_RETURN_TYPICAL 164 int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, 165 unsigned int keybits ); 166 167 /** 168 * \brief This function sets the decryption key. 169 * 170 * \param ctx The AES context to which the key should be bound. 171 * It must be initialized. 172 * \param key The decryption key. 173 * This must be a readable buffer of size \p keybits bits. 174 * \param keybits The size of data passed. Valid options are: 175 * <ul><li>128 bits</li> 176 * <li>192 bits</li> 177 * <li>256 bits</li></ul> 178 * 179 * \return \c 0 on success. 180 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 181 */ 182 MBEDTLS_CHECK_RETURN_TYPICAL 183 int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, 184 unsigned int keybits ); 185 186 #if defined(MBEDTLS_CIPHER_MODE_XTS) 187 /** 188 * \brief This function prepares an XTS context for encryption and 189 * sets the encryption key. 190 * 191 * \param ctx The AES XTS context to which the key should be bound. 192 * It must be initialized. 193 * \param key The encryption key. This is comprised of the XTS key1 194 * concatenated with the XTS key2. 195 * This must be a readable buffer of size \p keybits bits. 196 * \param keybits The size of \p key passed in bits. Valid options are: 197 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 198 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 199 * 200 * \return \c 0 on success. 201 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 202 */ 203 MBEDTLS_CHECK_RETURN_TYPICAL 204 int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, 205 const unsigned char *key, 206 unsigned int keybits ); 207 208 /** 209 * \brief This function prepares an XTS context for decryption and 210 * sets the decryption key. 211 * 212 * \param ctx The AES XTS context to which the key should be bound. 213 * It must be initialized. 214 * \param key The decryption key. This is comprised of the XTS key1 215 * concatenated with the XTS key2. 216 * This must be a readable buffer of size \p keybits bits. 217 * \param keybits The size of \p key passed in bits. Valid options are: 218 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 219 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 220 * 221 * \return \c 0 on success. 222 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 223 */ 224 MBEDTLS_CHECK_RETURN_TYPICAL 225 int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, 226 const unsigned char *key, 227 unsigned int keybits ); 228 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 229 230 /** 231 * \brief This function performs an AES single-block encryption or 232 * decryption operation. 233 * 234 * It performs the operation defined in the \p mode parameter 235 * (encrypt or decrypt), on the input data buffer defined in 236 * the \p input parameter. 237 * 238 * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or 239 * mbedtls_aes_setkey_dec() must be called before the first 240 * call to this API with the same context. 241 * 242 * \param ctx The AES context to use for encryption or decryption. 243 * It must be initialized and bound to a key. 244 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 245 * #MBEDTLS_AES_DECRYPT. 246 * \param input The buffer holding the input data. 247 * It must be readable and at least \c 16 Bytes long. 248 * \param output The buffer where the output data will be written. 249 * It must be writeable and at least \c 16 Bytes long. 250 251 * \return \c 0 on success. 252 */ 253 MBEDTLS_CHECK_RETURN_TYPICAL 254 int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, 255 int mode, 256 const unsigned char input[16], 257 unsigned char output[16] ); 258 259 #if defined(MBEDTLS_CIPHER_MODE_CBC) 260 /** 261 * \brief This function performs an AES-CBC encryption or decryption operation 262 * on full blocks. 263 * 264 * It performs the operation defined in the \p mode 265 * parameter (encrypt/decrypt), on the input data buffer defined in 266 * the \p input parameter. 267 * 268 * It can be called as many times as needed, until all the input 269 * data is processed. mbedtls_aes_init(), and either 270 * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called 271 * before the first call to this API with the same context. 272 * 273 * \note This function operates on full blocks, that is, the input size 274 * must be a multiple of the AES block size of \c 16 Bytes. 275 * 276 * \note Upon exit, the content of the IV is updated so that you can 277 * call the same function again on the next 278 * block(s) of data and get the same result as if it was 279 * encrypted in one call. This allows a "streaming" usage. 280 * If you need to retain the contents of the IV, you should 281 * either save it manually or use the cipher module instead. 282 * 283 * 284 * \param ctx The AES context to use for encryption or decryption. 285 * It must be initialized and bound to a key. 286 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 287 * #MBEDTLS_AES_DECRYPT. 288 * \param length The length of the input data in Bytes. This must be a 289 * multiple of the block size (\c 16 Bytes). 290 * \param iv Initialization vector (updated after use). 291 * It must be a readable and writeable buffer of \c 16 Bytes. 292 * \param input The buffer holding the input data. 293 * It must be readable and of size \p length Bytes. 294 * \param output The buffer holding the output data. 295 * It must be writeable and of size \p length Bytes. 296 * 297 * \return \c 0 on success. 298 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH 299 * on failure. 300 */ 301 MBEDTLS_CHECK_RETURN_TYPICAL 302 int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, 303 int mode, 304 size_t length, 305 unsigned char iv[16], 306 const unsigned char *input, 307 unsigned char *output ); 308 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 309 310 #if defined(MBEDTLS_CIPHER_MODE_XTS) 311 /** 312 * \brief This function performs an AES-XTS encryption or decryption 313 * operation for an entire XTS data unit. 314 * 315 * AES-XTS encrypts or decrypts blocks based on their location as 316 * defined by a data unit number. The data unit number must be 317 * provided by \p data_unit. 318 * 319 * NIST SP 800-38E limits the maximum size of a data unit to 2^20 320 * AES blocks. If the data unit is larger than this, this function 321 * returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH. 322 * 323 * \param ctx The AES XTS context to use for AES XTS operations. 324 * It must be initialized and bound to a key. 325 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 326 * #MBEDTLS_AES_DECRYPT. 327 * \param length The length of a data unit in Bytes. This can be any 328 * length between 16 bytes and 2^24 bytes inclusive 329 * (between 1 and 2^20 block cipher blocks). 330 * \param data_unit The address of the data unit encoded as an array of 16 331 * bytes in little-endian format. For disk encryption, this 332 * is typically the index of the block device sector that 333 * contains the data. 334 * \param input The buffer holding the input data (which is an entire 335 * data unit). This function reads \p length Bytes from \p 336 * input. 337 * \param output The buffer holding the output data (which is an entire 338 * data unit). This function writes \p length Bytes to \p 339 * output. 340 * 341 * \return \c 0 on success. 342 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is 343 * smaller than an AES block in size (16 Bytes) or if \p 344 * length is larger than 2^20 blocks (16 MiB). 345 */ 346 MBEDTLS_CHECK_RETURN_TYPICAL 347 int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, 348 int mode, 349 size_t length, 350 const unsigned char data_unit[16], 351 const unsigned char *input, 352 unsigned char *output ); 353 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 354 355 #if defined(MBEDTLS_CIPHER_MODE_CFB) 356 /** 357 * \brief This function performs an AES-CFB128 encryption or decryption 358 * operation. 359 * 360 * It performs the operation defined in the \p mode 361 * parameter (encrypt or decrypt), on the input data buffer 362 * defined in the \p input parameter. 363 * 364 * For CFB, you must set up the context with mbedtls_aes_setkey_enc(), 365 * regardless of whether you are performing an encryption or decryption 366 * operation, that is, regardless of the \p mode parameter. This is 367 * because CFB mode uses the same key schedule for encryption and 368 * decryption. 369 * 370 * \note Upon exit, the content of the IV is updated so that you can 371 * call the same function again on the next 372 * block(s) of data and get the same result as if it was 373 * encrypted in one call. This allows a "streaming" usage. 374 * If you need to retain the contents of the 375 * IV, you must either save it manually or use the cipher 376 * module instead. 377 * 378 * 379 * \param ctx The AES context to use for encryption or decryption. 380 * It must be initialized and bound to a key. 381 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 382 * #MBEDTLS_AES_DECRYPT. 383 * \param length The length of the input data in Bytes. 384 * \param iv_off The offset in IV (updated after use). 385 * It must point to a valid \c size_t. 386 * \param iv The initialization vector (updated after use). 387 * It must be a readable and writeable buffer of \c 16 Bytes. 388 * \param input The buffer holding the input data. 389 * It must be readable and of size \p length Bytes. 390 * \param output The buffer holding the output data. 391 * It must be writeable and of size \p length Bytes. 392 * 393 * \return \c 0 on success. 394 */ 395 MBEDTLS_CHECK_RETURN_TYPICAL 396 int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, 397 int mode, 398 size_t length, 399 size_t *iv_off, 400 unsigned char iv[16], 401 const unsigned char *input, 402 unsigned char *output ); 403 404 /** 405 * \brief This function performs an AES-CFB8 encryption or decryption 406 * operation. 407 * 408 * It performs the operation defined in the \p mode 409 * parameter (encrypt/decrypt), on the input data buffer defined 410 * in the \p input parameter. 411 * 412 * Due to the nature of CFB, you must use the same key schedule for 413 * both encryption and decryption operations. Therefore, you must 414 * use the context initialized with mbedtls_aes_setkey_enc() for 415 * both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 416 * 417 * \note Upon exit, the content of the IV is updated so that you can 418 * call the same function again on the next 419 * block(s) of data and get the same result as if it was 420 * encrypted in one call. This allows a "streaming" usage. 421 * If you need to retain the contents of the 422 * IV, you should either save it manually or use the cipher 423 * module instead. 424 * 425 * 426 * \param ctx The AES context to use for encryption or decryption. 427 * It must be initialized and bound to a key. 428 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 429 * #MBEDTLS_AES_DECRYPT 430 * \param length The length of the input data. 431 * \param iv The initialization vector (updated after use). 432 * It must be a readable and writeable buffer of \c 16 Bytes. 433 * \param input The buffer holding the input data. 434 * It must be readable and of size \p length Bytes. 435 * \param output The buffer holding the output data. 436 * It must be writeable and of size \p length Bytes. 437 * 438 * \return \c 0 on success. 439 */ 440 MBEDTLS_CHECK_RETURN_TYPICAL 441 int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, 442 int mode, 443 size_t length, 444 unsigned char iv[16], 445 const unsigned char *input, 446 unsigned char *output ); 447 #endif /*MBEDTLS_CIPHER_MODE_CFB */ 448 449 #if defined(MBEDTLS_CIPHER_MODE_OFB) 450 /** 451 * \brief This function performs an AES-OFB (Output Feedback Mode) 452 * encryption or decryption operation. 453 * 454 * For OFB, you must set up the context with 455 * mbedtls_aes_setkey_enc(), regardless of whether you are 456 * performing an encryption or decryption operation. This is 457 * because OFB mode uses the same key schedule for encryption and 458 * decryption. 459 * 460 * The OFB operation is identical for encryption or decryption, 461 * therefore no operation mode needs to be specified. 462 * 463 * \note Upon exit, the content of iv, the Initialisation Vector, is 464 * updated so that you can call the same function again on the next 465 * block(s) of data and get the same result as if it was encrypted 466 * in one call. This allows a "streaming" usage, by initialising 467 * iv_off to 0 before the first call, and preserving its value 468 * between calls. 469 * 470 * For non-streaming use, the iv should be initialised on each call 471 * to a unique value, and iv_off set to 0 on each call. 472 * 473 * If you need to retain the contents of the initialisation vector, 474 * you must either save it manually or use the cipher module 475 * instead. 476 * 477 * \warning For the OFB mode, the initialisation vector must be unique 478 * every encryption operation. Reuse of an initialisation vector 479 * will compromise security. 480 * 481 * \param ctx The AES context to use for encryption or decryption. 482 * It must be initialized and bound to a key. 483 * \param length The length of the input data. 484 * \param iv_off The offset in IV (updated after use). 485 * It must point to a valid \c size_t. 486 * \param iv The initialization vector (updated after use). 487 * It must be a readable and writeable buffer of \c 16 Bytes. 488 * \param input The buffer holding the input data. 489 * It must be readable and of size \p length Bytes. 490 * \param output The buffer holding the output data. 491 * It must be writeable and of size \p length Bytes. 492 * 493 * \return \c 0 on success. 494 */ 495 MBEDTLS_CHECK_RETURN_TYPICAL 496 int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, 497 size_t length, 498 size_t *iv_off, 499 unsigned char iv[16], 500 const unsigned char *input, 501 unsigned char *output ); 502 503 #endif /* MBEDTLS_CIPHER_MODE_OFB */ 504 505 #if defined(MBEDTLS_CIPHER_MODE_CTR) 506 /** 507 * \brief This function performs an AES-CTR encryption or decryption 508 * operation. 509 * 510 * Due to the nature of CTR, you must use the same key schedule 511 * for both encryption and decryption operations. Therefore, you 512 * must use the context initialized with mbedtls_aes_setkey_enc() 513 * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 514 * 515 * \warning You must never reuse a nonce value with the same key. Doing so 516 * would void the encryption for the two messages encrypted with 517 * the same nonce and key. 518 * 519 * There are two common strategies for managing nonces with CTR: 520 * 521 * 1. You can handle everything as a single message processed over 522 * successive calls to this function. In that case, you want to 523 * set \p nonce_counter and \p nc_off to 0 for the first call, and 524 * then preserve the values of \p nonce_counter, \p nc_off and \p 525 * stream_block across calls to this function as they will be 526 * updated by this function. 527 * 528 * With this strategy, you must not encrypt more than 2**128 529 * blocks of data with the same key. 530 * 531 * 2. You can encrypt separate messages by dividing the \p 532 * nonce_counter buffer in two areas: the first one used for a 533 * per-message nonce, handled by yourself, and the second one 534 * updated by this function internally. 535 * 536 * For example, you might reserve the first 12 bytes for the 537 * per-message nonce, and the last 4 bytes for internal use. In that 538 * case, before calling this function on a new message you need to 539 * set the first 12 bytes of \p nonce_counter to your chosen nonce 540 * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p 541 * stream_block to be ignored). That way, you can encrypt at most 542 * 2**96 messages of up to 2**32 blocks each with the same key. 543 * 544 * The per-message nonce (or information sufficient to reconstruct 545 * it) needs to be communicated with the ciphertext and must be unique. 546 * The recommended way to ensure uniqueness is to use a message 547 * counter. An alternative is to generate random nonces, but this 548 * limits the number of messages that can be securely encrypted: 549 * for example, with 96-bit random nonces, you should not encrypt 550 * more than 2**32 messages with the same key. 551 * 552 * Note that for both strategies, sizes are measured in blocks and 553 * that an AES block is 16 bytes. 554 * 555 * \warning Upon return, \p stream_block contains sensitive data. Its 556 * content must not be written to insecure storage and should be 557 * securely discarded as soon as it's no longer needed. 558 * 559 * \param ctx The AES context to use for encryption or decryption. 560 * It must be initialized and bound to a key. 561 * \param length The length of the input data. 562 * \param nc_off The offset in the current \p stream_block, for 563 * resuming within the current cipher stream. The 564 * offset pointer should be 0 at the start of a stream. 565 * It must point to a valid \c size_t. 566 * \param nonce_counter The 128-bit nonce and counter. 567 * It must be a readable-writeable buffer of \c 16 Bytes. 568 * \param stream_block The saved stream block for resuming. This is 569 * overwritten by the function. 570 * It must be a readable-writeable buffer of \c 16 Bytes. 571 * \param input The buffer holding the input data. 572 * It must be readable and of size \p length Bytes. 573 * \param output The buffer holding the output data. 574 * It must be writeable and of size \p length Bytes. 575 * 576 * \return \c 0 on success. 577 */ 578 MBEDTLS_CHECK_RETURN_TYPICAL 579 int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, 580 size_t length, 581 size_t *nc_off, 582 unsigned char nonce_counter[16], 583 unsigned char stream_block[16], 584 const unsigned char *input, 585 unsigned char *output ); 586 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 587 588 /** 589 * \brief Internal AES block encryption function. This is only 590 * exposed to allow overriding it using 591 * \c MBEDTLS_AES_ENCRYPT_ALT. 592 * 593 * \param ctx The AES context to use for encryption. 594 * \param input The plaintext block. 595 * \param output The output (ciphertext) block. 596 * 597 * \return \c 0 on success. 598 */ 599 MBEDTLS_CHECK_RETURN_TYPICAL 600 int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, 601 const unsigned char input[16], 602 unsigned char output[16] ); 603 604 /** 605 * \brief Internal AES block decryption function. This is only 606 * exposed to allow overriding it using see 607 * \c MBEDTLS_AES_DECRYPT_ALT. 608 * 609 * \param ctx The AES context to use for decryption. 610 * \param input The ciphertext block. 611 * \param output The output (plaintext) block. 612 * 613 * \return \c 0 on success. 614 */ 615 MBEDTLS_CHECK_RETURN_TYPICAL 616 int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, 617 const unsigned char input[16], 618 unsigned char output[16] ); 619 620 #if defined(MBEDTLS_SELF_TEST) 621 /** 622 * \brief Checkup routine. 623 * 624 * \return \c 0 on success. 625 * \return \c 1 on failure. 626 */ 627 MBEDTLS_CHECK_RETURN_CRITICAL 628 int mbedtls_aes_self_test( int verbose ); 629 630 #endif /* MBEDTLS_SELF_TEST */ 631 632 #ifdef __cplusplus 633 } 634 #endif 635 636 #endif /* aes.h */ 637
