blob: a187796b202682360fe5470dfb4af5306cacca1c [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +00001/**
2 * \file aes.h
Paul Bakkere0ccd0a2009-01-04 16:27:10 +00003 *
Rose Zadik7f441272018-01-22 11:48:23 +00004 * \brief The Advanced Encryption Standard (AES) specifies a FIPS-approved
5 * cryptographic algorithm that can be used to protect electronic
6 * data.
7 *
8 * The AES algorithm is a symmetric block cipher that can
9 * encrypt and decrypt information. For more information, see
10 * <em>FIPS Publication 197: Advanced Encryption Standard</em> and
11 * <em>ISO/IEC 18033-2:2006: Information technology -- Security
12 * techniques -- Encryption algorithms -- Part 2: Asymmetric
13 * ciphers</em>.
Darryl Greena40a1012018-01-05 15:33:17 +000014 */
Bence Szépkúti4e9f7122020-06-05 13:02:18 +020015/*
Bence Szépkúti44bfbe32020-08-19 16:54:51 +020016 * Copyright The Mbed TLS Contributors
Bence Szépkúti4e9f7122020-06-05 13:02:18 +020017 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
18 *
19 * This file is provided under the Apache License 2.0, or the
20 * GNU General Public License v2.0 or later.
21 *
22 * **********
23 * Apache License 2.0:
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +020024 *
25 * Licensed under the Apache License, Version 2.0 (the "License"); you may
26 * not use this file except in compliance with the License.
27 * You may obtain a copy of the License at
28 *
29 * http://www.apache.org/licenses/LICENSE-2.0
30 *
31 * Unless required by applicable law or agreed to in writing, software
32 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
33 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
34 * See the License for the specific language governing permissions and
35 * limitations under the License.
Paul Bakkerb96f1542010-07-18 20:36:00 +000036 *
Bence Szépkúti4e9f7122020-06-05 13:02:18 +020037 * **********
38 *
39 * **********
40 * GNU General Public License v2.0 or later:
41 *
42 * This program is free software; you can redistribute it and/or modify
43 * it under the terms of the GNU General Public License as published by
44 * the Free Software Foundation; either version 2 of the License, or
45 * (at your option) any later version.
46 *
47 * This program is distributed in the hope that it will be useful,
48 * but WITHOUT ANY WARRANTY; without even the implied warranty of
49 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
50 * GNU General Public License for more details.
51 *
52 * You should have received a copy of the GNU General Public License along
53 * with this program; if not, write to the Free Software Foundation, Inc.,
54 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
55 *
56 * **********
Paul Bakker5121ce52009-01-03 21:22:43 +000057 */
Rose Zadik7f441272018-01-22 11:48:23 +000058
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020059#ifndef MBEDTLS_AES_H
60#define MBEDTLS_AES_H
Paul Bakker5121ce52009-01-03 21:22:43 +000061
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020062#if !defined(MBEDTLS_CONFIG_FILE)
Paul Bakker90995b52013-06-24 19:20:35 +020063#include "config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +020064#else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020065#include MBEDTLS_CONFIG_FILE
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +020066#endif
Paul Bakker90995b52013-06-24 19:20:35 +020067
Rich Evans00ab4702015-02-06 13:43:58 +000068#include <stddef.h>
Manuel Pégourié-Gonnardab229102015-04-15 11:53:16 +020069#include <stdint.h>
Paul Bakker5c2364c2012-10-01 14:41:15 +000070
Manuel Pégourié-Gonnard5b685652013-12-18 11:45:21 +010071/* padlock.c and aesni.c rely on these values! */
Rose Zadik7f441272018-01-22 11:48:23 +000072#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */
73#define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */
Paul Bakker5121ce52009-01-03 21:22:43 +000074
Andres Amaya Garciac5380642017-11-28 19:57:51 +000075/* Error codes in range 0x0020-0x0022 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020076#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
77#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
Paul Bakker2b222c82009-07-27 21:03:45 +000078
Gilles Peskine7ecab3d2018-01-26 17:56:38 +010079/* Error codes in range 0x0023-0x0025 */
Rose Zadik7f441272018-01-22 11:48:23 +000080#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */
Gilles Peskine7ecab3d2018-01-26 17:56:38 +010081#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */
Paul Bakker5121ce52009-01-03 21:22:43 +000082
Andres AGf5bf7182017-03-03 14:09:56 +000083#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
84 !defined(inline) && !defined(__cplusplus)
85#define inline __inline
86#endif
87
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020088#if !defined(MBEDTLS_AES_ALT)
Paul Bakker90995b52013-06-24 19:20:35 +020089// Regular implementation
90//
91
Paul Bakker407a0da2013-06-27 14:29:21 +020092#ifdef __cplusplus
93extern "C" {
94#endif
95
Paul Bakker5121ce52009-01-03 21:22:43 +000096/**
Rose Zadik7f441272018-01-22 11:48:23 +000097 * \brief The AES context-type definition.
Paul Bakker5121ce52009-01-03 21:22:43 +000098 */
99typedef struct
100{
Rose Zadik7f441272018-01-22 11:48:23 +0000101 int nr; /*!< The number of rounds. */
102 uint32_t *rk; /*!< AES round keys. */
103 uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can
104 hold 32 extra Bytes, which can be used for
105 one of the following purposes:
106 <ul><li>Alignment if VIA padlock is
107 used.</li>
108 <li>Simplifying key expansion in the 256-bit
109 case by generating an extra round key.
110 </li></ul> */
Paul Bakker5121ce52009-01-03 21:22:43 +0000111}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200112mbedtls_aes_context;
Paul Bakker5121ce52009-01-03 21:22:43 +0000113
Paul Bakker5121ce52009-01-03 21:22:43 +0000114/**
Rose Zadik7f441272018-01-22 11:48:23 +0000115 * \brief This function initializes the specified AES context.
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200116 *
Rose Zadik7f441272018-01-22 11:48:23 +0000117 * It must be the first API called before using
118 * the context.
119 *
120 * \param ctx The AES context to initialize.
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200121 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200122void mbedtls_aes_init( mbedtls_aes_context *ctx );
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200123
124/**
Rose Zadik7f441272018-01-22 11:48:23 +0000125 * \brief This function releases and clears the specified AES context.
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200126 *
Rose Zadik7f441272018-01-22 11:48:23 +0000127 * \param ctx The AES context to clear.
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200128 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200129void mbedtls_aes_free( mbedtls_aes_context *ctx );
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200130
131/**
Rose Zadik7f441272018-01-22 11:48:23 +0000132 * \brief This function sets the encryption key.
Paul Bakker5121ce52009-01-03 21:22:43 +0000133 *
Rose Zadik7f441272018-01-22 11:48:23 +0000134 * \param ctx The AES context to which the key should be bound.
135 * \param key The encryption key.
136 * \param keybits The size of data passed in bits. Valid options are:
137 * <ul><li>128 bits</li>
138 * <li>192 bits</li>
139 * <li>256 bits</li></ul>
Paul Bakker2b222c82009-07-27 21:03:45 +0000140 *
Rose Zadik7f441272018-01-22 11:48:23 +0000141 * \return \c 0 on success or #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
142 * on failure.
Paul Bakker5121ce52009-01-03 21:22:43 +0000143 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200144int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
Manuel Pégourié-Gonnardb8186a52015-06-18 14:58:58 +0200145 unsigned int keybits );
Paul Bakker5121ce52009-01-03 21:22:43 +0000146
147/**
Rose Zadik7f441272018-01-22 11:48:23 +0000148 * \brief This function sets the decryption key.
Paul Bakker5121ce52009-01-03 21:22:43 +0000149 *
Rose Zadik7f441272018-01-22 11:48:23 +0000150 * \param ctx The AES context to which the key should be bound.
151 * \param key The decryption key.
152 * \param keybits The size of data passed. Valid options are:
153 * <ul><li>128 bits</li>
154 * <li>192 bits</li>
155 * <li>256 bits</li></ul>
Paul Bakker2b222c82009-07-27 21:03:45 +0000156 *
Rose Zadik7f441272018-01-22 11:48:23 +0000157 * \return \c 0 on success, or #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
Paul Bakker5121ce52009-01-03 21:22:43 +0000158 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200159int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
Manuel Pégourié-Gonnardb8186a52015-06-18 14:58:58 +0200160 unsigned int keybits );
Paul Bakker5121ce52009-01-03 21:22:43 +0000161
162/**
Rose Zadik7f441272018-01-22 11:48:23 +0000163 * \brief This function performs an AES single-block encryption or
164 * decryption operation.
Paul Bakker5121ce52009-01-03 21:22:43 +0000165 *
Rose Zadik7f441272018-01-22 11:48:23 +0000166 * It performs the operation defined in the \p mode parameter
167 * (encrypt or decrypt), on the input data buffer defined in
168 * the \p input parameter.
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000169 *
Rose Zadik7f441272018-01-22 11:48:23 +0000170 * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or
171 * mbedtls_aes_setkey_dec() must be called before the first
172 * call to this API with the same context.
173 *
174 * \param ctx The AES context to use for encryption or decryption.
175 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
176 * #MBEDTLS_AES_DECRYPT.
177 * \param input The 16-Byte buffer holding the input data.
178 * \param output The 16-Byte buffer holding the output data.
179
180 * \return \c 0 on success.
Paul Bakker5121ce52009-01-03 21:22:43 +0000181 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200182int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000183 int mode,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000184 const unsigned char input[16],
Paul Bakker5121ce52009-01-03 21:22:43 +0000185 unsigned char output[16] );
186
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200187#if defined(MBEDTLS_CIPHER_MODE_CBC)
Paul Bakker5121ce52009-01-03 21:22:43 +0000188/**
Rose Zadik7f441272018-01-22 11:48:23 +0000189 * \brief This function performs an AES-CBC encryption or decryption operation
190 * on full blocks.
Paul Bakker5121ce52009-01-03 21:22:43 +0000191 *
Rose Zadik7f441272018-01-22 11:48:23 +0000192 * It performs the operation defined in the \p mode
193 * parameter (encrypt/decrypt), on the input data buffer defined in
194 * the \p input parameter.
Manuel Pégourié-Gonnard2be147a2015-01-23 16:19:47 +0000195 *
Rose Zadik7f441272018-01-22 11:48:23 +0000196 * It can be called as many times as needed, until all the input
197 * data is processed. mbedtls_aes_init(), and either
198 * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
199 * before the first call to this API with the same context.
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000200 *
Rose Zadik7f441272018-01-22 11:48:23 +0000201 * \note This function operates on aligned blocks, that is, the input size
202 * must be a multiple of the AES block size of 16 Bytes.
203 *
204 * \note Upon exit, the content of the IV is updated so that you can
205 * call the same function again on the next
206 * block(s) of data and get the same result as if it was
207 * encrypted in one call. This allows a "streaming" usage.
208 * If you need to retain the contents of the IV, you should
209 * either save it manually or use the cipher module instead.
210 *
211 *
212 * \param ctx The AES context to use for encryption or decryption.
213 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
214 * #MBEDTLS_AES_DECRYPT.
215 * \param length The length of the input data in Bytes. This must be a
216 * multiple of the block size (16 Bytes).
217 * \param iv Initialization vector (updated after use).
218 * \param input The buffer holding the input data.
219 * \param output The buffer holding the output data.
220 *
221 * \return \c 0 on success, or #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
222 * on failure.
Paul Bakker5121ce52009-01-03 21:22:43 +0000223 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200224int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000225 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000226 size_t length,
Paul Bakker5121ce52009-01-03 21:22:43 +0000227 unsigned char iv[16],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000228 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000229 unsigned char *output );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200230#endif /* MBEDTLS_CIPHER_MODE_CBC */
Paul Bakker5121ce52009-01-03 21:22:43 +0000231
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200232#if defined(MBEDTLS_CIPHER_MODE_CFB)
Paul Bakker5121ce52009-01-03 21:22:43 +0000233/**
Rose Zadik7f441272018-01-22 11:48:23 +0000234 * \brief This function performs an AES-CFB128 encryption or decryption
235 * operation.
Paul Bakker5121ce52009-01-03 21:22:43 +0000236 *
Rose Zadik7f441272018-01-22 11:48:23 +0000237 * It performs the operation defined in the \p mode
238 * parameter (encrypt or decrypt), on the input data buffer
239 * defined in the \p input parameter.
Paul Bakkerca6f3e22011-10-06 13:11:08 +0000240 *
Rose Zadik7f441272018-01-22 11:48:23 +0000241 * For CFB, you must set up the context with mbedtls_aes_setkey_enc(),
242 * regardless of whether you are performing an encryption or decryption
243 * operation, that is, regardless of the \p mode parameter. This is
244 * because CFB mode uses the same key schedule for encryption and
245 * decryption.
Manuel Pégourié-Gonnard2be147a2015-01-23 16:19:47 +0000246 *
Rose Zadik7f441272018-01-22 11:48:23 +0000247 * \note Upon exit, the content of the IV is updated so that you can
248 * call the same function again on the next
249 * block(s) of data and get the same result as if it was
250 * encrypted in one call. This allows a "streaming" usage.
251 * If you need to retain the contents of the
252 * IV, you must either save it manually or use the cipher
253 * module instead.
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000254 *
Rose Zadik7f441272018-01-22 11:48:23 +0000255 *
256 * \param ctx The AES context to use for encryption or decryption.
257 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
258 * #MBEDTLS_AES_DECRYPT.
259 * \param length The length of the input data.
260 * \param iv_off The offset in IV (updated after use).
261 * \param iv The initialization vector (updated after use).
262 * \param input The buffer holding the input data.
263 * \param output The buffer holding the output data.
264 *
265 * \return \c 0 on success.
Paul Bakker5121ce52009-01-03 21:22:43 +0000266 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200267int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000268 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000269 size_t length,
Paul Bakker1ef71df2011-06-09 14:14:58 +0000270 size_t *iv_off,
Paul Bakker5121ce52009-01-03 21:22:43 +0000271 unsigned char iv[16],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000272 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000273 unsigned char *output );
274
Paul Bakker9a736322012-11-14 12:39:52 +0000275/**
Rose Zadik7f441272018-01-22 11:48:23 +0000276 * \brief This function performs an AES-CFB8 encryption or decryption
277 * operation.
Paul Bakker556efba2014-01-24 15:38:12 +0100278 *
Rose Zadik7f441272018-01-22 11:48:23 +0000279 * It performs the operation defined in the \p mode
280 * parameter (encrypt/decrypt), on the input data buffer defined
281 * in the \p input parameter.
Paul Bakker556efba2014-01-24 15:38:12 +0100282 *
Rose Zadik7f441272018-01-22 11:48:23 +0000283 * Due to the nature of CFB, you must use the same key schedule for
284 * both encryption and decryption operations. Therefore, you must
285 * use the context initialized with mbedtls_aes_setkey_enc() for
286 * both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
Manuel Pégourié-Gonnard2be147a2015-01-23 16:19:47 +0000287 *
Rose Zadik7f441272018-01-22 11:48:23 +0000288 * \note Upon exit, the content of the IV is updated so that you can
289 * call the same function again on the next
290 * block(s) of data and get the same result as if it was
291 * encrypted in one call. This allows a "streaming" usage.
292 * If you need to retain the contents of the
293 * IV, you should either save it manually or use the cipher
294 * module instead.
Paul Bakker556efba2014-01-24 15:38:12 +0100295 *
Rose Zadik7f441272018-01-22 11:48:23 +0000296 *
297 * \param ctx The AES context to use for encryption or decryption.
298 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
299 * #MBEDTLS_AES_DECRYPT
300 * \param length The length of the input data.
301 * \param iv The initialization vector (updated after use).
302 * \param input The buffer holding the input data.
303 * \param output The buffer holding the output data.
304 *
305 * \return \c 0 on success.
Paul Bakker556efba2014-01-24 15:38:12 +0100306 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200307int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
Paul Bakker556efba2014-01-24 15:38:12 +0100308 int mode,
309 size_t length,
310 unsigned char iv[16],
311 const unsigned char *input,
312 unsigned char *output );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200313#endif /*MBEDTLS_CIPHER_MODE_CFB */
Paul Bakker556efba2014-01-24 15:38:12 +0100314
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200315#if defined(MBEDTLS_CIPHER_MODE_CTR)
Paul Bakker556efba2014-01-24 15:38:12 +0100316/**
Rose Zadik7f441272018-01-22 11:48:23 +0000317 * \brief This function performs an AES-CTR encryption or decryption
318 * operation.
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000319 *
Rose Zadik7f441272018-01-22 11:48:23 +0000320 * This function performs the operation defined in the \p mode
321 * parameter (encrypt/decrypt), on the input data buffer
322 * defined in the \p input parameter.
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000323 *
Rose Zadik7f441272018-01-22 11:48:23 +0000324 * Due to the nature of CTR, you must use the same key schedule
325 * for both encryption and decryption operations. Therefore, you
326 * must use the context initialized with mbedtls_aes_setkey_enc()
327 * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
Paul Bakkerca6f3e22011-10-06 13:11:08 +0000328 *
Rose Zadik7f441272018-01-22 11:48:23 +0000329 * \warning You must keep the maximum use of your counter in mind.
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000330 *
Rose Zadik7f441272018-01-22 11:48:23 +0000331 * \param ctx The AES context to use for encryption or decryption.
332 * \param length The length of the input data.
333 * \param nc_off The offset in the current \p stream_block, for
334 * resuming within the current cipher stream. The
335 * offset pointer should be 0 at the start of a stream.
336 * \param nonce_counter The 128-bit nonce and counter.
337 * \param stream_block The saved stream block for resuming. This is
338 * overwritten by the function.
339 * \param input The buffer holding the input data.
340 * \param output The buffer holding the output data.
341 *
342 * \return \c 0 on success.
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000343 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200344int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
Paul Bakker1ef71df2011-06-09 14:14:58 +0000345 size_t length,
346 size_t *nc_off,
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000347 unsigned char nonce_counter[16],
348 unsigned char stream_block[16],
349 const unsigned char *input,
350 unsigned char *output );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200351#endif /* MBEDTLS_CIPHER_MODE_CTR */
Paul Bakker90995b52013-06-24 19:20:35 +0200352
Manuel Pégourié-Gonnard31993f22015-05-12 15:41:08 +0200353/**
Rose Zadik7f441272018-01-22 11:48:23 +0000354 * \brief Internal AES block encryption function. This is only
355 * exposed to allow overriding it using
356 * \c MBEDTLS_AES_ENCRYPT_ALT.
Manuel Pégourié-Gonnard31993f22015-05-12 15:41:08 +0200357 *
Rose Zadik7f441272018-01-22 11:48:23 +0000358 * \param ctx The AES context to use for encryption.
359 * \param input The plaintext block.
360 * \param output The output (ciphertext) block.
Andres AGf5bf7182017-03-03 14:09:56 +0000361 *
Rose Zadik7f441272018-01-22 11:48:23 +0000362 * \return \c 0 on success.
Manuel Pégourié-Gonnard31993f22015-05-12 15:41:08 +0200363 */
Andres AGf5bf7182017-03-03 14:09:56 +0000364int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
365 const unsigned char input[16],
366 unsigned char output[16] );
Manuel Pégourié-Gonnard31993f22015-05-12 15:41:08 +0200367
368/**
Rose Zadik7f441272018-01-22 11:48:23 +0000369 * \brief Internal AES block decryption function. This is only
370 * exposed to allow overriding it using see
371 * \c MBEDTLS_AES_DECRYPT_ALT.
Manuel Pégourié-Gonnard31993f22015-05-12 15:41:08 +0200372 *
Rose Zadik7f441272018-01-22 11:48:23 +0000373 * \param ctx The AES context to use for decryption.
374 * \param input The ciphertext block.
375 * \param output The output (plaintext) block.
Andres AGf5bf7182017-03-03 14:09:56 +0000376 *
Rose Zadik7f441272018-01-22 11:48:23 +0000377 * \return \c 0 on success.
Manuel Pégourié-Gonnard31993f22015-05-12 15:41:08 +0200378 */
Andres AGf5bf7182017-03-03 14:09:56 +0000379int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
380 const unsigned char input[16],
381 unsigned char output[16] );
382
383#if !defined(MBEDTLS_DEPRECATED_REMOVED)
384#if defined(MBEDTLS_DEPRECATED_WARNING)
385#define MBEDTLS_DEPRECATED __attribute__((deprecated))
386#else
387#define MBEDTLS_DEPRECATED
388#endif
389/**
Hanno Beckerca1cdb22017-07-20 09:50:59 +0100390 * \brief Deprecated internal AES block encryption function
391 * without return value.
Andres AGf5bf7182017-03-03 14:09:56 +0000392 *
Rose Zadik7f441272018-01-22 11:48:23 +0000393 * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0.
Andres AGf5bf7182017-03-03 14:09:56 +0000394 *
Rose Zadik7f441272018-01-22 11:48:23 +0000395 * \param ctx The AES context to use for encryption.
396 * \param input Plaintext block.
397 * \param output Output (ciphertext) block.
Andres AGf5bf7182017-03-03 14:09:56 +0000398 */
Hanno Beckerbedc2052017-06-26 12:46:56 +0100399MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
400 const unsigned char input[16],
401 unsigned char output[16] );
Andres AGf5bf7182017-03-03 14:09:56 +0000402
403/**
Hanno Beckerca1cdb22017-07-20 09:50:59 +0100404 * \brief Deprecated internal AES block decryption function
405 * without return value.
Andres AGf5bf7182017-03-03 14:09:56 +0000406 *
Rose Zadik7f441272018-01-22 11:48:23 +0000407 * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0.
Andres AGf5bf7182017-03-03 14:09:56 +0000408 *
Rose Zadik7f441272018-01-22 11:48:23 +0000409 * \param ctx The AES context to use for decryption.
410 * \param input Ciphertext block.
411 * \param output Output (plaintext) block.
Andres AGf5bf7182017-03-03 14:09:56 +0000412 */
Hanno Beckerbedc2052017-06-26 12:46:56 +0100413MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
414 const unsigned char input[16],
415 unsigned char output[16] );
Andres AGf5bf7182017-03-03 14:09:56 +0000416
417#undef MBEDTLS_DEPRECATED
418#endif /* !MBEDTLS_DEPRECATED_REMOVED */
Manuel Pégourié-Gonnard31993f22015-05-12 15:41:08 +0200419
Paul Bakker90995b52013-06-24 19:20:35 +0200420#ifdef __cplusplus
421}
422#endif
423
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200424#else /* MBEDTLS_AES_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200425#include "aes_alt.h"
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200426#endif /* MBEDTLS_AES_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200427
428#ifdef __cplusplus
429extern "C" {
430#endif
431
Paul Bakker5121ce52009-01-03 21:22:43 +0000432/**
Rose Zadik7f441272018-01-22 11:48:23 +0000433 * \brief Checkup routine.
Paul Bakker5121ce52009-01-03 21:22:43 +0000434 *
Rose Zadik7f441272018-01-22 11:48:23 +0000435 * \return \c 0 on success, or \c 1 on failure.
Paul Bakker5121ce52009-01-03 21:22:43 +0000436 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200437int mbedtls_aes_self_test( int verbose );
Paul Bakker5121ce52009-01-03 21:22:43 +0000438
439#ifdef __cplusplus
440}
441#endif
442
443#endif /* aes.h */