1 /** 2 * \file aes.h 3 * 4 * \brief This file contains AES definitions and functions. 5 * 6 * The Advanced Encryption Standard (AES) specifies a FIPS-approved 7 * cryptographic algorithm that can be used to protect electronic 8 * data. 9 * 10 * The AES algorithm is a symmetric block cipher that can 11 * encrypt and decrypt information. For more information, see 12 * <em>FIPS Publication 197: Advanced Encryption Standard</em> and 13 * <em>ISO/IEC 18033-2:2006: Information technology -- Security 14 * techniques -- Encryption algorithms -- Part 2: Asymmetric 15 * ciphers</em>. 16 * 17 * The AES-XTS block mode is standardized by NIST SP 800-38E 18 * <https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38e.pdf> 19 * and described in detail by IEEE P1619 20 * <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>. 21 */ 22 23 /* 24 * Copyright The Mbed TLS Contributors 25 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 26 */ 27 28 #ifndef MBEDTLS_AES_H 29 #define MBEDTLS_AES_H 30 #include "mbedtls/private_access.h" 31 32 #include "mbedtls/build_info.h" 33 #include "mbedtls/platform_util.h" 34 35 #include <stddef.h> 36 #include <stdint.h> 37 38 /* padlock.c and aesni.c rely on these values! */ 39 #define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ 40 #define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ 41 42 /* Error codes in range 0x0020-0x0022 */ 43 /** Invalid key length. */ 44 #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 45 /** Invalid data input length. */ 46 #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 47 48 /* Error codes in range 0x0021-0x0025 */ 49 /** Invalid input data. */ 50 #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 51 52 #ifdef __cplusplus 53 extern "C" { 54 #endif 55 56 #if !defined(MBEDTLS_AES_ALT) 57 // Regular implementation 58 // 59 60 /** 61 * \brief The AES context-type definition. 62 */ 63 typedef struct mbedtls_aes_context { 64 int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */ 65 size_t MBEDTLS_PRIVATE(rk_offset); /*!< The offset in array elements to AES 66 round keys in the buffer. */ 67 #if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_PADLOCK_C) 68 uint32_t MBEDTLS_PRIVATE(buf)[44]; /*!< Aligned data buffer to hold 69 10 round keys for 128-bit case. */ 70 #else 71 uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can 72 hold 32 extra Bytes, which can be used for 73 one of the following purposes: 74 <ul><li>Alignment if VIA padlock is 75 used.</li> 76 <li>Simplifying key expansion in the 256-bit 77 case by generating an extra round key. 78 </li></ul> */ 79 #endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH && !MBEDTLS_PADLOCK_C */ 80 } 81 mbedtls_aes_context; 82 83 #if defined(MBEDTLS_CIPHER_MODE_XTS) 84 /** 85 * \brief The AES XTS context-type definition. 86 */ 87 typedef struct mbedtls_aes_xts_context { 88 mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block 89 encryption or decryption. */ 90 mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak 91 computation. */ 92 } mbedtls_aes_xts_context; 93 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 94 95 #else /* MBEDTLS_AES_ALT */ 96 #include "aes_alt.h" 97 #endif /* MBEDTLS_AES_ALT */ 98 99 /** 100 * \brief This function initializes the specified AES context. 101 * 102 * It must be the first API called before using 103 * the context. 104 * 105 * \param ctx The AES context to initialize. This must not be \c NULL. 106 */ 107 void mbedtls_aes_init(mbedtls_aes_context *ctx); 108 109 /** 110 * \brief This function releases and clears the specified AES context. 111 * 112 * \param ctx The AES context to clear. 113 * If this is \c NULL, this function does nothing. 114 * Otherwise, the context must have been at least initialized. 115 */ 116 void mbedtls_aes_free(mbedtls_aes_context *ctx); 117 118 #if defined(MBEDTLS_CIPHER_MODE_XTS) 119 /** 120 * \brief This function initializes the specified AES XTS context. 121 * 122 * It must be the first API called before using 123 * the context. 124 * 125 * \param ctx The AES XTS context to initialize. This must not be \c NULL. 126 */ 127 void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx); 128 129 /** 130 * \brief This function releases and clears the specified AES XTS context. 131 * 132 * \param ctx The AES XTS context to clear. 133 * If this is \c NULL, this function does nothing. 134 * Otherwise, the context must have been at least initialized. 135 */ 136 void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx); 137 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 138 139 /** 140 * \brief This function sets the encryption key. 141 * 142 * \param ctx The AES context to which the key should be bound. 143 * It must be initialized. 144 * \param key The encryption key. 145 * This must be a readable buffer of size \p keybits bits. 146 * \param keybits The size of data passed in bits. Valid options are: 147 * <ul><li>128 bits</li> 148 * <li>192 bits</li> 149 * <li>256 bits</li></ul> 150 * 151 * \return \c 0 on success. 152 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 153 */ 154 MBEDTLS_CHECK_RETURN_TYPICAL 155 int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, 156 unsigned int keybits); 157 158 /** 159 * \brief This function sets the decryption key. 160 * 161 * \param ctx The AES context to which the key should be bound. 162 * It must be initialized. 163 * \param key The decryption key. 164 * This must be a readable buffer of size \p keybits bits. 165 * \param keybits The size of data passed. Valid options are: 166 * <ul><li>128 bits</li> 167 * <li>192 bits</li> 168 * <li>256 bits</li></ul> 169 * 170 * \return \c 0 on success. 171 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 172 */ 173 MBEDTLS_CHECK_RETURN_TYPICAL 174 int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, 175 unsigned int keybits); 176 177 #if defined(MBEDTLS_CIPHER_MODE_XTS) 178 /** 179 * \brief This function prepares an XTS context for encryption and 180 * sets the encryption key. 181 * 182 * \param ctx The AES XTS context to which the key should be bound. 183 * It must be initialized. 184 * \param key The encryption key. This is comprised of the XTS key1 185 * concatenated with the XTS key2. 186 * This must be a readable buffer of size \p keybits bits. 187 * \param keybits The size of \p key passed in bits. Valid options are: 188 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 189 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 190 * 191 * \return \c 0 on success. 192 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 193 */ 194 MBEDTLS_CHECK_RETURN_TYPICAL 195 int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx, 196 const unsigned char *key, 197 unsigned int keybits); 198 199 /** 200 * \brief This function prepares an XTS context for decryption and 201 * sets the decryption key. 202 * 203 * \param ctx The AES XTS context to which the key should be bound. 204 * It must be initialized. 205 * \param key The decryption key. This is comprised of the XTS key1 206 * concatenated with the XTS key2. 207 * This must be a readable buffer of size \p keybits bits. 208 * \param keybits The size of \p key passed in bits. Valid options are: 209 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 210 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 211 * 212 * \return \c 0 on success. 213 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 214 */ 215 MBEDTLS_CHECK_RETURN_TYPICAL 216 int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx, 217 const unsigned char *key, 218 unsigned int keybits); 219 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 220 221 /** 222 * \brief This function performs an AES single-block encryption or 223 * decryption operation. 224 * 225 * It performs the operation defined in the \p mode parameter 226 * (encrypt or decrypt), on the input data buffer defined in 227 * the \p input parameter. 228 * 229 * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or 230 * mbedtls_aes_setkey_dec() must be called before the first 231 * call to this API with the same context. 232 * 233 * \param ctx The AES context to use for encryption or decryption. 234 * It must be initialized and bound to a key. 235 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 236 * #MBEDTLS_AES_DECRYPT. 237 * \param input The buffer holding the input data. 238 * It must be readable and at least \c 16 Bytes long. 239 * \param output The buffer where the output data will be written. 240 * It must be writeable and at least \c 16 Bytes long. 241 242 * \return \c 0 on success. 243 */ 244 MBEDTLS_CHECK_RETURN_TYPICAL 245 int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, 246 int mode, 247 const unsigned char input[16], 248 unsigned char output[16]); 249 250 #if defined(MBEDTLS_CIPHER_MODE_CBC) 251 /** 252 * \brief This function performs an AES-CBC encryption or decryption operation 253 * on full blocks. 254 * 255 * It performs the operation defined in the \p mode 256 * parameter (encrypt/decrypt), on the input data buffer defined in 257 * the \p input parameter. 258 * 259 * It can be called as many times as needed, until all the input 260 * data is processed. mbedtls_aes_init(), and either 261 * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called 262 * before the first call to this API with the same context. 263 * 264 * \note This function operates on full blocks, that is, the input size 265 * must be a multiple of the AES block size of \c 16 Bytes. 266 * 267 * \note Upon exit, the content of the IV is updated so that you can 268 * call the same function again on the next 269 * block(s) of data and get the same result as if it was 270 * encrypted in one call. This allows a "streaming" usage. 271 * If you need to retain the contents of the IV, you should 272 * either save it manually or use the cipher module instead. 273 * 274 * 275 * \param ctx The AES context to use for encryption or decryption. 276 * It must be initialized and bound to a key. 277 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 278 * #MBEDTLS_AES_DECRYPT. 279 * \param length The length of the input data in Bytes. This must be a 280 * multiple of the block size (\c 16 Bytes). 281 * \param iv Initialization vector (updated after use). 282 * It must be a readable and writeable buffer of \c 16 Bytes. 283 * \param input The buffer holding the input data. 284 * It must be readable and of size \p length Bytes. 285 * \param output The buffer holding the output data. 286 * It must be writeable and of size \p length Bytes. 287 * 288 * \return \c 0 on success. 289 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH 290 * on failure. 291 */ 292 MBEDTLS_CHECK_RETURN_TYPICAL 293 int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, 294 int mode, 295 size_t length, 296 unsigned char iv[16], 297 const unsigned char *input, 298 unsigned char *output); 299 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 300 301 #if defined(MBEDTLS_CIPHER_MODE_XTS) 302 /** 303 * \brief This function performs an AES-XTS encryption or decryption 304 * operation for an entire XTS data unit. 305 * 306 * AES-XTS encrypts or decrypts blocks based on their location as 307 * defined by a data unit number. The data unit number must be 308 * provided by \p data_unit. 309 * 310 * NIST SP 800-38E limits the maximum size of a data unit to 2^20 311 * AES blocks. If the data unit is larger than this, this function 312 * returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH. 313 * 314 * \param ctx The AES XTS context to use for AES XTS operations. 315 * It must be initialized and bound to a key. 316 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 317 * #MBEDTLS_AES_DECRYPT. 318 * \param length The length of a data unit in Bytes. This can be any 319 * length between 16 bytes and 2^24 bytes inclusive 320 * (between 1 and 2^20 block cipher blocks). 321 * \param data_unit The address of the data unit encoded as an array of 16 322 * bytes in little-endian format. For disk encryption, this 323 * is typically the index of the block device sector that 324 * contains the data. 325 * \param input The buffer holding the input data (which is an entire 326 * data unit). This function reads \p length Bytes from \p 327 * input. 328 * \param output The buffer holding the output data (which is an entire 329 * data unit). This function writes \p length Bytes to \p 330 * output. 331 * 332 * \return \c 0 on success. 333 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is 334 * smaller than an AES block in size (16 Bytes) or if \p 335 * length is larger than 2^20 blocks (16 MiB). 336 */ 337 MBEDTLS_CHECK_RETURN_TYPICAL 338 int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx, 339 int mode, 340 size_t length, 341 const unsigned char data_unit[16], 342 const unsigned char *input, 343 unsigned char *output); 344 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 345 346 #if defined(MBEDTLS_CIPHER_MODE_CFB) 347 /** 348 * \brief This function performs an AES-CFB128 encryption or decryption 349 * operation. 350 * 351 * It performs the operation defined in the \p mode 352 * parameter (encrypt or decrypt), on the input data buffer 353 * defined in the \p input parameter. 354 * 355 * For CFB, you must set up the context with mbedtls_aes_setkey_enc(), 356 * regardless of whether you are performing an encryption or decryption 357 * operation, that is, regardless of the \p mode parameter. This is 358 * because CFB mode uses the same key schedule for encryption and 359 * decryption. 360 * 361 * \note Upon exit, the content of the IV is updated so that you can 362 * call the same function again on the next 363 * block(s) of data and get the same result as if it was 364 * encrypted in one call. This allows a "streaming" usage. 365 * If you need to retain the contents of the 366 * IV, you must either save it manually or use the cipher 367 * module instead. 368 * 369 * 370 * \param ctx The AES context to use for encryption or decryption. 371 * It must be initialized and bound to a key. 372 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 373 * #MBEDTLS_AES_DECRYPT. 374 * \param length The length of the input data in Bytes. 375 * \param iv_off The offset in IV (updated after use). 376 * It must point to a valid \c size_t. 377 * \param iv The initialization vector (updated after use). 378 * It must be a readable and writeable buffer of \c 16 Bytes. 379 * \param input The buffer holding the input data. 380 * It must be readable and of size \p length Bytes. 381 * \param output The buffer holding the output data. 382 * It must be writeable and of size \p length Bytes. 383 * 384 * \return \c 0 on success. 385 */ 386 MBEDTLS_CHECK_RETURN_TYPICAL 387 int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx, 388 int mode, 389 size_t length, 390 size_t *iv_off, 391 unsigned char iv[16], 392 const unsigned char *input, 393 unsigned char *output); 394 395 /** 396 * \brief This function performs an AES-CFB8 encryption or decryption 397 * operation. 398 * 399 * It performs the operation defined in the \p mode 400 * parameter (encrypt/decrypt), on the input data buffer defined 401 * in the \p input parameter. 402 * 403 * Due to the nature of CFB, you must use the same key schedule for 404 * both encryption and decryption operations. Therefore, you must 405 * use the context initialized with mbedtls_aes_setkey_enc() for 406 * both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 407 * 408 * \note Upon exit, the content of the IV is updated so that you can 409 * call the same function again on the next 410 * block(s) of data and get the same result as if it was 411 * encrypted in one call. This allows a "streaming" usage. 412 * If you need to retain the contents of the 413 * IV, you should either save it manually or use the cipher 414 * module instead. 415 * 416 * 417 * \param ctx The AES context to use for encryption or decryption. 418 * It must be initialized and bound to a key. 419 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 420 * #MBEDTLS_AES_DECRYPT 421 * \param length The length of the input data. 422 * \param iv The initialization vector (updated after use). 423 * It must be a readable and writeable buffer of \c 16 Bytes. 424 * \param input The buffer holding the input data. 425 * It must be readable and of size \p length Bytes. 426 * \param output The buffer holding the output data. 427 * It must be writeable and of size \p length Bytes. 428 * 429 * \return \c 0 on success. 430 */ 431 MBEDTLS_CHECK_RETURN_TYPICAL 432 int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx, 433 int mode, 434 size_t length, 435 unsigned char iv[16], 436 const unsigned char *input, 437 unsigned char *output); 438 #endif /*MBEDTLS_CIPHER_MODE_CFB */ 439 440 #if defined(MBEDTLS_CIPHER_MODE_OFB) 441 /** 442 * \brief This function performs an AES-OFB (Output Feedback Mode) 443 * encryption or decryption operation. 444 * 445 * For OFB, you must set up the context with 446 * mbedtls_aes_setkey_enc(), regardless of whether you are 447 * performing an encryption or decryption operation. This is 448 * because OFB mode uses the same key schedule for encryption and 449 * decryption. 450 * 451 * The OFB operation is identical for encryption or decryption, 452 * therefore no operation mode needs to be specified. 453 * 454 * \note Upon exit, the content of iv, the Initialisation Vector, is 455 * updated so that you can call the same function again on the next 456 * block(s) of data and get the same result as if it was encrypted 457 * in one call. This allows a "streaming" usage, by initialising 458 * iv_off to 0 before the first call, and preserving its value 459 * between calls. 460 * 461 * For non-streaming use, the iv should be initialised on each call 462 * to a unique value, and iv_off set to 0 on each call. 463 * 464 * If you need to retain the contents of the initialisation vector, 465 * you must either save it manually or use the cipher module 466 * instead. 467 * 468 * \warning For the OFB mode, the initialisation vector must be unique 469 * every encryption operation. Reuse of an initialisation vector 470 * will compromise security. 471 * 472 * \param ctx The AES context to use for encryption or decryption. 473 * It must be initialized and bound to a key. 474 * \param length The length of the input data. 475 * \param iv_off The offset in IV (updated after use). 476 * It must point to a valid \c size_t. 477 * \param iv The initialization vector (updated after use). 478 * It must be a readable and writeable buffer of \c 16 Bytes. 479 * \param input The buffer holding the input data. 480 * It must be readable and of size \p length Bytes. 481 * \param output The buffer holding the output data. 482 * It must be writeable and of size \p length Bytes. 483 * 484 * \return \c 0 on success. 485 */ 486 MBEDTLS_CHECK_RETURN_TYPICAL 487 int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx, 488 size_t length, 489 size_t *iv_off, 490 unsigned char iv[16], 491 const unsigned char *input, 492 unsigned char *output); 493 494 #endif /* MBEDTLS_CIPHER_MODE_OFB */ 495 496 #if defined(MBEDTLS_CIPHER_MODE_CTR) 497 /** 498 * \brief This function performs an AES-CTR encryption or decryption 499 * operation. 500 * 501 * Due to the nature of CTR, you must use the same key schedule 502 * for both encryption and decryption operations. Therefore, you 503 * must use the context initialized with mbedtls_aes_setkey_enc() 504 * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 505 * 506 * \warning You must never reuse a nonce value with the same key. Doing so 507 * would void the encryption for the two messages encrypted with 508 * the same nonce and key. 509 * 510 * There are two common strategies for managing nonces with CTR: 511 * 512 * 1. You can handle everything as a single message processed over 513 * successive calls to this function. In that case, you want to 514 * set \p nonce_counter and \p nc_off to 0 for the first call, and 515 * then preserve the values of \p nonce_counter, \p nc_off and \p 516 * stream_block across calls to this function as they will be 517 * updated by this function. 518 * 519 * With this strategy, you must not encrypt more than 2**128 520 * blocks of data with the same key. 521 * 522 * 2. You can encrypt separate messages by dividing the \p 523 * nonce_counter buffer in two areas: the first one used for a 524 * per-message nonce, handled by yourself, and the second one 525 * updated by this function internally. 526 * 527 * For example, you might reserve the first 12 bytes for the 528 * per-message nonce, and the last 4 bytes for internal use. In that 529 * case, before calling this function on a new message you need to 530 * set the first 12 bytes of \p nonce_counter to your chosen nonce 531 * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p 532 * stream_block to be ignored). That way, you can encrypt at most 533 * 2**96 messages of up to 2**32 blocks each with the same key. 534 * 535 * The per-message nonce (or information sufficient to reconstruct 536 * it) needs to be communicated with the ciphertext and must be unique. 537 * The recommended way to ensure uniqueness is to use a message 538 * counter. An alternative is to generate random nonces, but this 539 * limits the number of messages that can be securely encrypted: 540 * for example, with 96-bit random nonces, you should not encrypt 541 * more than 2**32 messages with the same key. 542 * 543 * Note that for both strategies, sizes are measured in blocks and 544 * that an AES block is 16 bytes. 545 * 546 * \warning Upon return, \p stream_block contains sensitive data. Its 547 * content must not be written to insecure storage and should be 548 * securely discarded as soon as it's no longer needed. 549 * 550 * \param ctx The AES context to use for encryption or decryption. 551 * It must be initialized and bound to a key. 552 * \param length The length of the input data. 553 * \param nc_off The offset in the current \p stream_block, for 554 * resuming within the current cipher stream. The 555 * offset pointer should be 0 at the start of a stream. 556 * It must point to a valid \c size_t. 557 * \param nonce_counter The 128-bit nonce and counter. 558 * It must be a readable-writeable buffer of \c 16 Bytes. 559 * \param stream_block The saved stream block for resuming. This is 560 * overwritten by the function. 561 * It must be a readable-writeable buffer of \c 16 Bytes. 562 * \param input The buffer holding the input data. 563 * It must be readable and of size \p length Bytes. 564 * \param output The buffer holding the output data. 565 * It must be writeable and of size \p length Bytes. 566 * 567 * \return \c 0 on success. 568 */ 569 MBEDTLS_CHECK_RETURN_TYPICAL 570 int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, 571 size_t length, 572 size_t *nc_off, 573 unsigned char nonce_counter[16], 574 unsigned char stream_block[16], 575 const unsigned char *input, 576 unsigned char *output); 577 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 578 579 /** 580 * \brief Internal AES block encryption function. This is only 581 * exposed to allow overriding it using 582 * \c MBEDTLS_AES_ENCRYPT_ALT. 583 * 584 * \param ctx The AES context to use for encryption. 585 * \param input The plaintext block. 586 * \param output The output (ciphertext) block. 587 * 588 * \return \c 0 on success. 589 */ 590 MBEDTLS_CHECK_RETURN_TYPICAL 591 int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, 592 const unsigned char input[16], 593 unsigned char output[16]); 594 595 /** 596 * \brief Internal AES block decryption function. This is only 597 * exposed to allow overriding it using see 598 * \c MBEDTLS_AES_DECRYPT_ALT. 599 * 600 * \param ctx The AES context to use for decryption. 601 * \param input The ciphertext block. 602 * \param output The output (plaintext) block. 603 * 604 * \return \c 0 on success. 605 */ 606 MBEDTLS_CHECK_RETURN_TYPICAL 607 int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, 608 const unsigned char input[16], 609 unsigned char output[16]); 610 611 #if defined(MBEDTLS_SELF_TEST) 612 /** 613 * \brief Checkup routine. 614 * 615 * \return \c 0 on success. 616 * \return \c 1 on failure. 617 */ 618 MBEDTLS_CHECK_RETURN_CRITICAL 619 int mbedtls_aes_self_test(int verbose); 620 621 #endif /* MBEDTLS_SELF_TEST */ 622 623 #ifdef __cplusplus 624 } 625 #endif 626 627 #endif /* aes.h */ 628
