1 /** 2 * \file aes.h 3 * 4 * \brief This file contains AES definitions and functions. 5 * 6 * The Advanced Encryption Standard (AES) specifies a FIPS-approved 7 * cryptographic algorithm that can be used to protect electronic 8 * data. 9 * 10 * The AES algorithm is a symmetric block cipher that can 11 * encrypt and decrypt information. For more information, see 12 * <em>FIPS Publication 197: Advanced Encryption Standard</em> and 13 * <em>ISO/IEC 18033-2:2006: Information technology -- Security 14 * techniques -- Encryption algorithms -- Part 2: Asymmetric 15 * ciphers</em>. 16 * 17 * The AES-XTS block mode is standardized by NIST SP 800-38E 18 * <https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38e.pdf> 19 * and described in detail by IEEE P1619 20 * <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>. 21 */ 22 23 /* 24 * Copyright The Mbed TLS Contributors 25 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 26 * 27 * This file is provided under the Apache License 2.0, or the 28 * GNU General Public License v2.0 or later. 29 * 30 * ********** 31 * Apache License 2.0: 32 * 33 * Licensed under the Apache License, Version 2.0 (the "License"); you may 34 * not use this file except in compliance with the License. 35 * You may obtain a copy of the License at 36 * 37 * http://www.apache.org/licenses/LICENSE-2.0 38 * 39 * Unless required by applicable law or agreed to in writing, software 40 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 41 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 42 * See the License for the specific language governing permissions and 43 * limitations under the License. 44 * 45 * ********** 46 * 47 * ********** 48 * GNU General Public License v2.0 or later: 49 * 50 * This program is free software; you can redistribute it and/or modify 51 * it under the terms of the GNU General Public License as published by 52 * the Free Software Foundation; either version 2 of the License, or 53 * (at your option) any later version. 54 * 55 * This program is distributed in the hope that it will be useful, 56 * but WITHOUT ANY WARRANTY; without even the implied warranty of 57 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 58 * GNU General Public License for more details. 59 * 60 * You should have received a copy of the GNU General Public License along 61 * with this program; if not, write to the Free Software Foundation, Inc., 62 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 63 * 64 * ********** 65 */ 66 67 #ifndef MBEDTLS_AES_H 68 #define MBEDTLS_AES_H 69 70 #if !defined(MBEDTLS_CONFIG_FILE) 71 #include "config.h" 72 #else 73 #include MBEDTLS_CONFIG_FILE 74 #endif 75 76 #include <stddef.h> 77 #include <stdint.h> 78 79 /* padlock.c and aesni.c rely on these values! */ 80 #define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ 81 #define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ 82 83 /* Error codes in range 0x0020-0x0022 */ 84 /** Invalid key length. */ 85 #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 86 /** Invalid data input length. */ 87 #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 88 89 /* Error codes in range 0x0021-0x0025 */ 90 /** Invalid input data. */ 91 #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 92 93 /* MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE is deprecated and should not be used. */ 94 /** Feature not available. For example, an unsupported AES key size. */ 95 #define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 96 97 /* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */ 98 /** AES hardware accelerator failed. */ 99 #define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 100 101 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 102 !defined(inline) && !defined(__cplusplus) 103 #define inline __inline 104 #endif 105 106 #ifdef __cplusplus 107 extern "C" { 108 #endif 109 110 #if !defined(MBEDTLS_AES_ALT) 111 // Regular implementation 112 // 113 114 /** 115 * \brief The AES context-type definition. 116 */ 117 typedef struct mbedtls_aes_context 118 { 119 int nr; /*!< The number of rounds. */ 120 uint32_t *rk; /*!< AES round keys. */ 121 uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can 122 hold 32 extra Bytes, which can be used for 123 one of the following purposes: 124 <ul><li>Alignment if VIA padlock is 125 used.</li> 126 <li>Simplifying key expansion in the 256-bit 127 case by generating an extra round key. 128 </li></ul> */ 129 } 130 mbedtls_aes_context; 131 132 #if defined(MBEDTLS_CIPHER_MODE_XTS) 133 /** 134 * \brief The AES XTS context-type definition. 135 */ 136 typedef struct mbedtls_aes_xts_context 137 { 138 mbedtls_aes_context crypt; /*!< The AES context to use for AES block 139 encryption or decryption. */ 140 mbedtls_aes_context tweak; /*!< The AES context used for tweak 141 computation. */ 142 } mbedtls_aes_xts_context; 143 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 144 145 #else /* MBEDTLS_AES_ALT */ 146 #include "aes_alt.h" 147 #endif /* MBEDTLS_AES_ALT */ 148 149 /** 150 * \brief This function initializes the specified AES context. 151 * 152 * It must be the first API called before using 153 * the context. 154 * 155 * \param ctx The AES context to initialize. This must not be \c NULL. 156 */ 157 void mbedtls_aes_init( mbedtls_aes_context *ctx ); 158 159 /** 160 * \brief This function releases and clears the specified AES context. 161 * 162 * \param ctx The AES context to clear. 163 * If this is \c NULL, this function does nothing. 164 * Otherwise, the context must have been at least initialized. 165 */ 166 void mbedtls_aes_free( mbedtls_aes_context *ctx ); 167 168 #if defined(MBEDTLS_CIPHER_MODE_XTS) 169 /** 170 * \brief This function initializes the specified AES XTS context. 171 * 172 * It must be the first API called before using 173 * the context. 174 * 175 * \param ctx The AES XTS context to initialize. This must not be \c NULL. 176 */ 177 void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ); 178 179 /** 180 * \brief This function releases and clears the specified AES XTS context. 181 * 182 * \param ctx The AES XTS context to clear. 183 * If this is \c NULL, this function does nothing. 184 * Otherwise, the context must have been at least initialized. 185 */ 186 void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); 187 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 188 189 /** 190 * \brief This function sets the encryption key. 191 * 192 * \param ctx The AES context to which the key should be bound. 193 * It must be initialized. 194 * \param key The encryption key. 195 * This must be a readable buffer of size \p keybits bits. 196 * \param keybits The size of data passed in bits. Valid options are: 197 * <ul><li>128 bits</li> 198 * <li>192 bits</li> 199 * <li>256 bits</li></ul> 200 * 201 * \return \c 0 on success. 202 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 203 */ 204 int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, 205 unsigned int keybits ); 206 207 /** 208 * \brief This function sets the decryption key. 209 * 210 * \param ctx The AES context to which the key should be bound. 211 * It must be initialized. 212 * \param key The decryption key. 213 * This must be a readable buffer of size \p keybits bits. 214 * \param keybits The size of data passed. Valid options are: 215 * <ul><li>128 bits</li> 216 * <li>192 bits</li> 217 * <li>256 bits</li></ul> 218 * 219 * \return \c 0 on success. 220 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 221 */ 222 int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, 223 unsigned int keybits ); 224 225 #if defined(MBEDTLS_CIPHER_MODE_XTS) 226 /** 227 * \brief This function prepares an XTS context for encryption and 228 * sets the encryption key. 229 * 230 * \param ctx The AES XTS context to which the key should be bound. 231 * It must be initialized. 232 * \param key The encryption key. This is comprised of the XTS key1 233 * concatenated with the XTS key2. 234 * This must be a readable buffer of size \p keybits bits. 235 * \param keybits The size of \p key passed in bits. Valid options are: 236 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 237 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 238 * 239 * \return \c 0 on success. 240 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 241 */ 242 int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, 243 const unsigned char *key, 244 unsigned int keybits ); 245 246 /** 247 * \brief This function prepares an XTS context for decryption and 248 * sets the decryption key. 249 * 250 * \param ctx The AES XTS context to which the key should be bound. 251 * It must be initialized. 252 * \param key The decryption key. This is comprised of the XTS key1 253 * concatenated with the XTS key2. 254 * This must be a readable buffer of size \p keybits bits. 255 * \param keybits The size of \p key passed in bits. Valid options are: 256 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 257 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 258 * 259 * \return \c 0 on success. 260 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 261 */ 262 int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, 263 const unsigned char *key, 264 unsigned int keybits ); 265 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 266 267 /** 268 * \brief This function performs an AES single-block encryption or 269 * decryption operation. 270 * 271 * It performs the operation defined in the \p mode parameter 272 * (encrypt or decrypt), on the input data buffer defined in 273 * the \p input parameter. 274 * 275 * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or 276 * mbedtls_aes_setkey_dec() must be called before the first 277 * call to this API with the same context. 278 * 279 * \param ctx The AES context to use for encryption or decryption. 280 * It must be initialized and bound to a key. 281 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 282 * #MBEDTLS_AES_DECRYPT. 283 * \param input The buffer holding the input data. 284 * It must be readable and at least \c 16 Bytes long. 285 * \param output The buffer where the output data will be written. 286 * It must be writeable and at least \c 16 Bytes long. 287 288 * \return \c 0 on success. 289 */ 290 int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, 291 int mode, 292 const unsigned char input[16], 293 unsigned char output[16] ); 294 295 #if defined(MBEDTLS_CIPHER_MODE_CBC) 296 /** 297 * \brief This function performs an AES-CBC encryption or decryption operation 298 * on full blocks. 299 * 300 * It performs the operation defined in the \p mode 301 * parameter (encrypt/decrypt), on the input data buffer defined in 302 * the \p input parameter. 303 * 304 * It can be called as many times as needed, until all the input 305 * data is processed. mbedtls_aes_init(), and either 306 * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called 307 * before the first call to this API with the same context. 308 * 309 * \note This function operates on full blocks, that is, the input size 310 * must be a multiple of the AES block size of \c 16 Bytes. 311 * 312 * \note Upon exit, the content of the IV is updated so that you can 313 * call the same function again on the next 314 * block(s) of data and get the same result as if it was 315 * encrypted in one call. This allows a "streaming" usage. 316 * If you need to retain the contents of the IV, you should 317 * either save it manually or use the cipher module instead. 318 * 319 * 320 * \param ctx The AES context to use for encryption or decryption. 321 * It must be initialized and bound to a key. 322 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 323 * #MBEDTLS_AES_DECRYPT. 324 * \param length The length of the input data in Bytes. This must be a 325 * multiple of the block size (\c 16 Bytes). 326 * \param iv Initialization vector (updated after use). 327 * It must be a readable and writeable buffer of \c 16 Bytes. 328 * \param input The buffer holding the input data. 329 * It must be readable and of size \p length Bytes. 330 * \param output The buffer holding the output data. 331 * It must be writeable and of size \p length Bytes. 332 * 333 * \return \c 0 on success. 334 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH 335 * on failure. 336 */ 337 int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, 338 int mode, 339 size_t length, 340 unsigned char iv[16], 341 const unsigned char *input, 342 unsigned char *output ); 343 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 344 345 #if defined(MBEDTLS_CIPHER_MODE_XTS) 346 /** 347 * \brief This function performs an AES-XTS encryption or decryption 348 * operation for an entire XTS data unit. 349 * 350 * AES-XTS encrypts or decrypts blocks based on their location as 351 * defined by a data unit number. The data unit number must be 352 * provided by \p data_unit. 353 * 354 * NIST SP 800-38E limits the maximum size of a data unit to 2^20 355 * AES blocks. If the data unit is larger than this, this function 356 * returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH. 357 * 358 * \param ctx The AES XTS context to use for AES XTS operations. 359 * It must be initialized and bound to a key. 360 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 361 * #MBEDTLS_AES_DECRYPT. 362 * \param length The length of a data unit in Bytes. This can be any 363 * length between 16 bytes and 2^24 bytes inclusive 364 * (between 1 and 2^20 block cipher blocks). 365 * \param data_unit The address of the data unit encoded as an array of 16 366 * bytes in little-endian format. For disk encryption, this 367 * is typically the index of the block device sector that 368 * contains the data. 369 * \param input The buffer holding the input data (which is an entire 370 * data unit). This function reads \p length Bytes from \p 371 * input. 372 * \param output The buffer holding the output data (which is an entire 373 * data unit). This function writes \p length Bytes to \p 374 * output. 375 * 376 * \return \c 0 on success. 377 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is 378 * smaller than an AES block in size (16 Bytes) or if \p 379 * length is larger than 2^20 blocks (16 MiB). 380 */ 381 int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, 382 int mode, 383 size_t length, 384 const unsigned char data_unit[16], 385 const unsigned char *input, 386 unsigned char *output ); 387 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 388 389 #if defined(MBEDTLS_CIPHER_MODE_CFB) 390 /** 391 * \brief This function performs an AES-CFB128 encryption or decryption 392 * operation. 393 * 394 * It performs the operation defined in the \p mode 395 * parameter (encrypt or decrypt), on the input data buffer 396 * defined in the \p input parameter. 397 * 398 * For CFB, you must set up the context with mbedtls_aes_setkey_enc(), 399 * regardless of whether you are performing an encryption or decryption 400 * operation, that is, regardless of the \p mode parameter. This is 401 * because CFB mode uses the same key schedule for encryption and 402 * decryption. 403 * 404 * \note Upon exit, the content of the IV is updated so that you can 405 * call the same function again on the next 406 * block(s) of data and get the same result as if it was 407 * encrypted in one call. This allows a "streaming" usage. 408 * If you need to retain the contents of the 409 * IV, you must either save it manually or use the cipher 410 * module instead. 411 * 412 * 413 * \param ctx The AES context to use for encryption or decryption. 414 * It must be initialized and bound to a key. 415 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 416 * #MBEDTLS_AES_DECRYPT. 417 * \param length The length of the input data in Bytes. 418 * \param iv_off The offset in IV (updated after use). 419 * It must point to a valid \c size_t. 420 * \param iv The initialization vector (updated after use). 421 * It must be a readable and writeable buffer of \c 16 Bytes. 422 * \param input The buffer holding the input data. 423 * It must be readable and of size \p length Bytes. 424 * \param output The buffer holding the output data. 425 * It must be writeable and of size \p length Bytes. 426 * 427 * \return \c 0 on success. 428 */ 429 int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, 430 int mode, 431 size_t length, 432 size_t *iv_off, 433 unsigned char iv[16], 434 const unsigned char *input, 435 unsigned char *output ); 436 437 /** 438 * \brief This function performs an AES-CFB8 encryption or decryption 439 * operation. 440 * 441 * It performs the operation defined in the \p mode 442 * parameter (encrypt/decrypt), on the input data buffer defined 443 * in the \p input parameter. 444 * 445 * Due to the nature of CFB, you must use the same key schedule for 446 * both encryption and decryption operations. Therefore, you must 447 * use the context initialized with mbedtls_aes_setkey_enc() for 448 * both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 449 * 450 * \note Upon exit, the content of the IV is updated so that you can 451 * call the same function again on the next 452 * block(s) of data and get the same result as if it was 453 * encrypted in one call. This allows a "streaming" usage. 454 * If you need to retain the contents of the 455 * IV, you should either save it manually or use the cipher 456 * module instead. 457 * 458 * 459 * \param ctx The AES context to use for encryption or decryption. 460 * It must be initialized and bound to a key. 461 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 462 * #MBEDTLS_AES_DECRYPT 463 * \param length The length of the input data. 464 * \param iv The initialization vector (updated after use). 465 * It must be a readable and writeable buffer of \c 16 Bytes. 466 * \param input The buffer holding the input data. 467 * It must be readable and of size \p length Bytes. 468 * \param output The buffer holding the output data. 469 * It must be writeable and of size \p length Bytes. 470 * 471 * \return \c 0 on success. 472 */ 473 int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, 474 int mode, 475 size_t length, 476 unsigned char iv[16], 477 const unsigned char *input, 478 unsigned char *output ); 479 #endif /*MBEDTLS_CIPHER_MODE_CFB */ 480 481 #if defined(MBEDTLS_CIPHER_MODE_OFB) 482 /** 483 * \brief This function performs an AES-OFB (Output Feedback Mode) 484 * encryption or decryption operation. 485 * 486 * For OFB, you must set up the context with 487 * mbedtls_aes_setkey_enc(), regardless of whether you are 488 * performing an encryption or decryption operation. This is 489 * because OFB mode uses the same key schedule for encryption and 490 * decryption. 491 * 492 * The OFB operation is identical for encryption or decryption, 493 * therefore no operation mode needs to be specified. 494 * 495 * \note Upon exit, the content of iv, the Initialisation Vector, is 496 * updated so that you can call the same function again on the next 497 * block(s) of data and get the same result as if it was encrypted 498 * in one call. This allows a "streaming" usage, by initialising 499 * iv_off to 0 before the first call, and preserving its value 500 * between calls. 501 * 502 * For non-streaming use, the iv should be initialised on each call 503 * to a unique value, and iv_off set to 0 on each call. 504 * 505 * If you need to retain the contents of the initialisation vector, 506 * you must either save it manually or use the cipher module 507 * instead. 508 * 509 * \warning For the OFB mode, the initialisation vector must be unique 510 * every encryption operation. Reuse of an initialisation vector 511 * will compromise security. 512 * 513 * \param ctx The AES context to use for encryption or decryption. 514 * It must be initialized and bound to a key. 515 * \param length The length of the input data. 516 * \param iv_off The offset in IV (updated after use). 517 * It must point to a valid \c size_t. 518 * \param iv The initialization vector (updated after use). 519 * It must be a readable and writeable buffer of \c 16 Bytes. 520 * \param input The buffer holding the input data. 521 * It must be readable and of size \p length Bytes. 522 * \param output The buffer holding the output data. 523 * It must be writeable and of size \p length Bytes. 524 * 525 * \return \c 0 on success. 526 */ 527 int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, 528 size_t length, 529 size_t *iv_off, 530 unsigned char iv[16], 531 const unsigned char *input, 532 unsigned char *output ); 533 534 #endif /* MBEDTLS_CIPHER_MODE_OFB */ 535 536 #if defined(MBEDTLS_CIPHER_MODE_CTR) 537 /** 538 * \brief This function performs an AES-CTR encryption or decryption 539 * operation. 540 * 541 * Due to the nature of CTR, you must use the same key schedule 542 * for both encryption and decryption operations. Therefore, you 543 * must use the context initialized with mbedtls_aes_setkey_enc() 544 * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 545 * 546 * \warning You must never reuse a nonce value with the same key. Doing so 547 * would void the encryption for the two messages encrypted with 548 * the same nonce and key. 549 * 550 * There are two common strategies for managing nonces with CTR: 551 * 552 * 1. You can handle everything as a single message processed over 553 * successive calls to this function. In that case, you want to 554 * set \p nonce_counter and \p nc_off to 0 for the first call, and 555 * then preserve the values of \p nonce_counter, \p nc_off and \p 556 * stream_block across calls to this function as they will be 557 * updated by this function. 558 * 559 * With this strategy, you must not encrypt more than 2**128 560 * blocks of data with the same key. 561 * 562 * 2. You can encrypt separate messages by dividing the \p 563 * nonce_counter buffer in two areas: the first one used for a 564 * per-message nonce, handled by yourself, and the second one 565 * updated by this function internally. 566 * 567 * For example, you might reserve the first 12 bytes for the 568 * per-message nonce, and the last 4 bytes for internal use. In that 569 * case, before calling this function on a new message you need to 570 * set the first 12 bytes of \p nonce_counter to your chosen nonce 571 * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p 572 * stream_block to be ignored). That way, you can encrypt at most 573 * 2**96 messages of up to 2**32 blocks each with the same key. 574 * 575 * The per-message nonce (or information sufficient to reconstruct 576 * it) needs to be communicated with the ciphertext and must be unique. 577 * The recommended way to ensure uniqueness is to use a message 578 * counter. An alternative is to generate random nonces, but this 579 * limits the number of messages that can be securely encrypted: 580 * for example, with 96-bit random nonces, you should not encrypt 581 * more than 2**32 messages with the same key. 582 * 583 * Note that for both stategies, sizes are measured in blocks and 584 * that an AES block is 16 bytes. 585 * 586 * \warning Upon return, \p stream_block contains sensitive data. Its 587 * content must not be written to insecure storage and should be 588 * securely discarded as soon as it's no longer needed. 589 * 590 * \param ctx The AES context to use for encryption or decryption. 591 * It must be initialized and bound to a key. 592 * \param length The length of the input data. 593 * \param nc_off The offset in the current \p stream_block, for 594 * resuming within the current cipher stream. The 595 * offset pointer should be 0 at the start of a stream. 596 * It must point to a valid \c size_t. 597 * \param nonce_counter The 128-bit nonce and counter. 598 * It must be a readable-writeable buffer of \c 16 Bytes. 599 * \param stream_block The saved stream block for resuming. This is 600 * overwritten by the function. 601 * It must be a readable-writeable buffer of \c 16 Bytes. 602 * \param input The buffer holding the input data. 603 * It must be readable and of size \p length Bytes. 604 * \param output The buffer holding the output data. 605 * It must be writeable and of size \p length Bytes. 606 * 607 * \return \c 0 on success. 608 */ 609 int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, 610 size_t length, 611 size_t *nc_off, 612 unsigned char nonce_counter[16], 613 unsigned char stream_block[16], 614 const unsigned char *input, 615 unsigned char *output ); 616 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 617 618 /** 619 * \brief Internal AES block encryption function. This is only 620 * exposed to allow overriding it using 621 * \c MBEDTLS_AES_ENCRYPT_ALT. 622 * 623 * \param ctx The AES context to use for encryption. 624 * \param input The plaintext block. 625 * \param output The output (ciphertext) block. 626 * 627 * \return \c 0 on success. 628 */ 629 int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, 630 const unsigned char input[16], 631 unsigned char output[16] ); 632 633 /** 634 * \brief Internal AES block decryption function. This is only 635 * exposed to allow overriding it using see 636 * \c MBEDTLS_AES_DECRYPT_ALT. 637 * 638 * \param ctx The AES context to use for decryption. 639 * \param input The ciphertext block. 640 * \param output The output (plaintext) block. 641 * 642 * \return \c 0 on success. 643 */ 644 int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, 645 const unsigned char input[16], 646 unsigned char output[16] ); 647 648 #if !defined(MBEDTLS_DEPRECATED_REMOVED) 649 #if defined(MBEDTLS_DEPRECATED_WARNING) 650 #define MBEDTLS_DEPRECATED __attribute__((deprecated)) 651 #else 652 #define MBEDTLS_DEPRECATED 653 #endif 654 /** 655 * \brief Deprecated internal AES block encryption function 656 * without return value. 657 * 658 * \deprecated Superseded by mbedtls_internal_aes_encrypt() 659 * 660 * \param ctx The AES context to use for encryption. 661 * \param input Plaintext block. 662 * \param output Output (ciphertext) block. 663 */ 664 MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, 665 const unsigned char input[16], 666 unsigned char output[16] ); 667 668 /** 669 * \brief Deprecated internal AES block decryption function 670 * without return value. 671 * 672 * \deprecated Superseded by mbedtls_internal_aes_decrypt() 673 * 674 * \param ctx The AES context to use for decryption. 675 * \param input Ciphertext block. 676 * \param output Output (plaintext) block. 677 */ 678 MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, 679 const unsigned char input[16], 680 unsigned char output[16] ); 681 682 #undef MBEDTLS_DEPRECATED 683 #endif /* !MBEDTLS_DEPRECATED_REMOVED */ 684 685 686 #if defined(MBEDTLS_SELF_TEST) 687 /** 688 * \brief Checkup routine. 689 * 690 * \return \c 0 on success. 691 * \return \c 1 on failure. 692 */ 693 int mbedtls_aes_self_test( int verbose ); 694 695 #endif /* MBEDTLS_SELF_TEST */ 696 697 #ifdef __cplusplus 698 } 699 #endif 700 701 #endif /* aes.h */ 702