TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 37ff14062e3125f82177d3244736e5878c4ea534 / . / include / mbedtls / aes.h
blob: a36e825a2e68a7b26aa9448e1890ccfad73a4270 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/**
2 * \file aes.h
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]3 *
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000[diff] [blame]4 * \brief AES block cipher
Paul Bakker37ca75d2011-01-06 12:28:03 +0000[diff] [blame]5 *
Manuel Pégourié-Gonnard6fb81872015-07-27 11:11:48 +0200[diff] [blame]6 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame^]7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]20 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]21 * This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]22 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]23#ifndef MBEDTLS_AES_H
24#define MBEDTLS_AES_H
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]25
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]26#if !defined(MBEDTLS_CONFIG_FILE)
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]27#include "config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]28#else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]29#include MBEDTLS_CONFIG_FILE
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]30#endif
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]31
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]32#include <stddef.h>
Manuel Pégourié-Gonnardab229102015-04-15 11:53:16 +0200[diff] [blame]33#include <stdint.h>
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]34
Manuel Pégourié-Gonnard5b685652013-12-18 11:45:21 +0100[diff] [blame]35/* padlock.c and aesni.c rely on these values! */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]36#define MBEDTLS_AES_ENCRYPT 1
37#define MBEDTLS_AES_DECRYPT 0
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]38
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]39#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
40#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]41
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]42#if !defined(MBEDTLS_AES_ALT)
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]43// Regular implementation
44//
45
Paul Bakker407a0da2013-06-27 14:29:21 +0200[diff] [blame]46#ifdef __cplusplus
47extern "C" {
48#endif
49
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]50/**
51 * \brief AES context structure
Manuel Pégourié-Gonnard4a5b9952013-12-29 13:50:32 +0100[diff] [blame]52 *
53 * \note buf is able to hold 32 extra bytes, which can be used:
54 * - for alignment purposes if VIA padlock is used, and/or
55 * - to simplify key expansion in the 256-bit case by
56 * generating an extra round key
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]57 */
58typedef struct
59{
60 int nr; /*!< number of rounds */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]61 uint32_t *rk; /*!< AES round keys */
62 uint32_t buf[68]; /*!< unaligned data */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]63}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]64mbedtls_aes_context;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]65
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]66/**
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]67 * \brief Initialize AES context
68 *
69 * \param ctx AES context to be initialized
70 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]71void mbedtls_aes_init( mbedtls_aes_context *ctx );
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]72
73/**
74 * \brief Clear AES context
75 *
76 * \param ctx AES context to be cleared
77 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]78void mbedtls_aes_free( mbedtls_aes_context *ctx );
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]79
80/**
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]81 * \brief AES key schedule (encryption)
82 *
83 * \param ctx AES context to be initialized
84 * \param key encryption key
Manuel Pégourié-Gonnardb8186a52015-06-18 14:58:58 +0200[diff] [blame]85 * \param keybits must be 128, 192 or 256
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]86 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]87 * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]88 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]89int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
Manuel Pégourié-Gonnardb8186a52015-06-18 14:58:58 +0200[diff] [blame]90 unsigned int keybits );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]91
92/**
93 * \brief AES key schedule (decryption)
94 *
95 * \param ctx AES context to be initialized
96 * \param key decryption key
Manuel Pégourié-Gonnardb8186a52015-06-18 14:58:58 +0200[diff] [blame]97 * \param keybits must be 128, 192 or 256
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]98 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]99 * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]100 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]101int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
Manuel Pégourié-Gonnardb8186a52015-06-18 14:58:58 +0200[diff] [blame]102 unsigned int keybits );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]103
104/**
105 * \brief AES-ECB block encryption/decryption
106 *
107 * \param ctx AES context
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]108 * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]109 * \param input 16-byte input block
110 * \param output 16-byte output block
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]111 *
Paul Bakker27caa8a2010-03-21 15:43:59 +0000[diff] [blame]112 * \return 0 if successful
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]113 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]114int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]115 int mode,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]116 const unsigned char input[16],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]117 unsigned char output[16] );
118
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]119#if defined(MBEDTLS_CIPHER_MODE_CBC)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]120/**
121 * \brief AES-CBC buffer encryption/decryption
Paul Bakker4c067eb2009-05-17 10:25:19 +0000[diff] [blame]122 * Length should be a multiple of the block
123 * size (16 bytes)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]124 *
Manuel Pégourié-Gonnard2be147a2015-01-23 16:19:47 +0000[diff] [blame]125 * \note Upon exit, the content of the IV is updated so that you can
126 * call the function same function again on the following
127 * block(s) of data and get the same result as if it was
128 * encrypted in one call. This allows a "streaming" usage.
129 * If on the other hand you need to retain the contents of the
130 * IV, you should either save it manually or use the cipher
131 * module instead.
132 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]133 * \param ctx AES context
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]134 * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]135 * \param length length of the input data
136 * \param iv initialization vector (updated after use)
137 * \param input buffer holding the input data
138 * \param output buffer holding the output data
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]139 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]140 * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]141 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]142int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]143 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]144 size_t length,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]145 unsigned char iv[16],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]146 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]147 unsigned char *output );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]148#endif /* MBEDTLS_CIPHER_MODE_CBC */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]149
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]150#if defined(MBEDTLS_CIPHER_MODE_CFB)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]151/**
Paul Bakker4c067eb2009-05-17 10:25:19 +0000[diff] [blame]152 * \brief AES-CFB128 buffer encryption/decryption.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]153 *
Paul Bakkerca6f3e22011-10-06 13:11:08 +0000[diff] [blame]154 * Note: Due to the nature of CFB you should use the same key schedule for
155 * both encryption and decryption. So a context initialized with
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]156 * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
Paul Bakkerca6f3e22011-10-06 13:11:08 +0000[diff] [blame]157 *
Manuel Pégourié-Gonnard2be147a2015-01-23 16:19:47 +0000[diff] [blame]158 * \note Upon exit, the content of the IV is updated so that you can
159 * call the function same function again on the following
160 * block(s) of data and get the same result as if it was
161 * encrypted in one call. This allows a "streaming" usage.
162 * If on the other hand you need to retain the contents of the
163 * IV, you should either save it manually or use the cipher
164 * module instead.
165 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]166 * \param ctx AES context
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]167 * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]168 * \param length length of the input data
169 * \param iv_off offset in IV (updated after use)
170 * \param iv initialization vector (updated after use)
171 * \param input buffer holding the input data
172 * \param output buffer holding the output data
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]173 *
Paul Bakker27caa8a2010-03-21 15:43:59 +0000[diff] [blame]174 * \return 0 if successful
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]175 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]176int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]177 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]178 size_t length,
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]179 size_t *iv_off,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]180 unsigned char iv[16],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]181 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]182 unsigned char *output );
183
Paul Bakker9a736322012-11-14 12:39:52 +0000[diff] [blame]184/**
Paul Bakker556efba2014-01-24 15:38:12 +0100[diff] [blame]185 * \brief AES-CFB8 buffer encryption/decryption.
186 *
187 * Note: Due to the nature of CFB you should use the same key schedule for
188 * both encryption and decryption. So a context initialized with
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]189 * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
Paul Bakker556efba2014-01-24 15:38:12 +0100[diff] [blame]190 *
Manuel Pégourié-Gonnard2be147a2015-01-23 16:19:47 +0000[diff] [blame]191 * \note Upon exit, the content of the IV is updated so that you can
192 * call the function same function again on the following
193 * block(s) of data and get the same result as if it was
194 * encrypted in one call. This allows a "streaming" usage.
195 * If on the other hand you need to retain the contents of the
196 * IV, you should either save it manually or use the cipher
197 * module instead.
198 *
Paul Bakker556efba2014-01-24 15:38:12 +0100[diff] [blame]199 * \param ctx AES context
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]200 * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
Paul Bakker556efba2014-01-24 15:38:12 +0100[diff] [blame]201 * \param length length of the input data
202 * \param iv initialization vector (updated after use)
203 * \param input buffer holding the input data
204 * \param output buffer holding the output data
205 *
206 * \return 0 if successful
207 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]208int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
Paul Bakker556efba2014-01-24 15:38:12 +0100[diff] [blame]209 int mode,
210 size_t length,
211 unsigned char iv[16],
212 const unsigned char *input,
213 unsigned char *output );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]214#endif /*MBEDTLS_CIPHER_MODE_CFB */
Paul Bakker556efba2014-01-24 15:38:12 +0100[diff] [blame]215
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]216#if defined(MBEDTLS_CIPHER_MODE_CTR)
Paul Bakker556efba2014-01-24 15:38:12 +0100[diff] [blame]217/**
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]218 * \brief AES-CTR buffer encryption/decryption
219 *
220 * Warning: You have to keep the maximum use of your counter in mind!
221 *
Paul Bakkerca6f3e22011-10-06 13:11:08 +0000[diff] [blame]222 * Note: Due to the nature of CTR you should use the same key schedule for
223 * both encryption and decryption. So a context initialized with
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]224 * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
Paul Bakkerca6f3e22011-10-06 13:11:08 +0000[diff] [blame]225 *
Paul Bakkerdcbfdcc2013-09-10 16:16:50 +0200[diff] [blame]226 * \param ctx AES context
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]227 * \param length The length of the data
228 * \param nc_off The offset in the current stream_block (for resuming
229 * within current cipher stream). The offset pointer to
230 * should be 0 at the start of a stream.
231 * \param nonce_counter The 128-bit nonce and counter.
232 * \param stream_block The saved stream-block for resuming. Is overwritten
233 * by the function.
234 * \param input The input data stream
235 * \param output The output data stream
236 *
237 * \return 0 if successful
238 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]239int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]240 size_t length,
241 size_t *nc_off,
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]242 unsigned char nonce_counter[16],
243 unsigned char stream_block[16],
244 const unsigned char *input,
245 unsigned char *output );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]246#endif /* MBEDTLS_CIPHER_MODE_CTR */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]247
Manuel Pégourié-Gonnard31993f22015-05-12 15:41:08 +0200[diff] [blame]248/**
249 * \brief Internal AES block encryption function
250 * (Only exposed to allow overriding it,
251 * see MBEDTLS_AES_ENCRYPT_ALT)
252 *
253 * \param ctx AES context
254 * \param input Plaintext block
255 * \param output Output (ciphertext) block
256 */
257void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
258 const unsigned char input[16],
259 unsigned char output[16] );
260
261/**
262 * \brief Internal AES block decryption function
263 * (Only exposed to allow overriding it,
264 * see MBEDTLS_AES_DECRYPT_ALT)
265 *
266 * \param ctx AES context
267 * \param input Ciphertext block
268 * \param output Output (plaintext) block
269 */
270void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
271 const unsigned char input[16],
272 unsigned char output[16] );
273
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]274#ifdef __cplusplus
275}
276#endif
277
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]278#else /* MBEDTLS_AES_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]279#include "aes_alt.h"
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]280#endif /* MBEDTLS_AES_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]281
282#ifdef __cplusplus
283extern "C" {
284#endif
285
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]286/**
287 * \brief Checkup routine
288 *
289 * \return 0 if successful, or 1 if the test failed
290 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]291int mbedtls_aes_self_test( int verbose );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]292
293#ifdef __cplusplus
294}
295#endif
296
297#endif /* aes.h */