EIC code displayed by LXR |
|
|
|
|||
File indexing completed on 2025-08-27 09:37:29
0001 /** 0002 * \file aes.h 0003 * 0004 * \brief This file contains AES definitions and functions. 0005 * 0006 * The Advanced Encryption Standard (AES) specifies a FIPS-approved 0007 * cryptographic algorithm that can be used to protect electronic 0008 * data. 0009 * 0010 * The AES algorithm is a symmetric block cipher that can 0011 * encrypt and decrypt information. For more information, see 0012 * <em>FIPS Publication 197: Advanced Encryption Standard</em> and 0013 * <em>ISO/IEC 18033-2:2006: Information technology -- Security 0014 * techniques -- Encryption algorithms -- Part 2: Asymmetric 0015 * ciphers</em>. 0016 * 0017 * The AES-XTS block mode is standardized by NIST SP 800-38E 0018 * <https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38e.pdf> 0019 * and described in detail by IEEE P1619 0020 * <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>. 0021 */ 0022 0023 /* 0024 * Copyright The Mbed TLS Contributors 0025 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 0026 */ 0027 0028 #ifndef MBEDTLS_AES_H 0029 #define MBEDTLS_AES_H 0030 #include "mbedtls/private_access.h" 0031 0032 #include "mbedtls/build_info.h" 0033 #include "mbedtls/platform_util.h" 0034 0035 #include <stddef.h> 0036 #include <stdint.h> 0037 0038 /* padlock.c and aesni.c rely on these values! */ 0039 #define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ 0040 #define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ 0041 0042 /* Error codes in range 0x0020-0x0022 */ 0043 /** Invalid key length. */ 0044 #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 0045 /** Invalid data input length. */ 0046 #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 0047 0048 /* Error codes in range 0x0021-0x0025 */ 0049 /** Invalid input data. */ 0050 #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 0051 0052 #ifdef __cplusplus 0053 extern "C" { 0054 #endif 0055 0056 #if !defined(MBEDTLS_AES_ALT) 0057 // Regular implementation 0058 // 0059 0060 /** 0061 * \brief The AES context-type definition. 0062 */ 0063 typedef struct mbedtls_aes_context { 0064 int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */ 0065 size_t MBEDTLS_PRIVATE(rk_offset); /*!< The offset in array elements to AES 0066 round keys in the buffer. */ 0067 #if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_PADLOCK_C) 0068 uint32_t MBEDTLS_PRIVATE(buf)[44]; /*!< Aligned data buffer to hold 0069 10 round keys for 128-bit case. */ 0070 #else 0071 uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can 0072 hold 32 extra Bytes, which can be used for 0073 one of the following purposes: 0074 <ul><li>Alignment if VIA padlock is 0075 used.</li> 0076 <li>Simplifying key expansion in the 256-bit 0077 case by generating an extra round key. 0078 </li></ul> */ 0079 #endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH && !MBEDTLS_PADLOCK_C */ 0080 } 0081 mbedtls_aes_context; 0082 0083 #if defined(MBEDTLS_CIPHER_MODE_XTS) 0084 /** 0085 * \brief The AES XTS context-type definition. 0086 */ 0087 typedef struct mbedtls_aes_xts_context { 0088 mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block 0089 encryption or decryption. */ 0090 mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak 0091 computation. */ 0092 } mbedtls_aes_xts_context; 0093 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 0094 0095 #else /* MBEDTLS_AES_ALT */ 0096 #include "aes_alt.h" 0097 #endif /* MBEDTLS_AES_ALT */ 0098 0099 /** 0100 * \brief This function initializes the specified AES context. 0101 * 0102 * It must be the first API called before using 0103 * the context. 0104 * 0105 * \param ctx The AES context to initialize. This must not be \c NULL. 0106 */ 0107 void mbedtls_aes_init(mbedtls_aes_context *ctx); 0108 0109 /** 0110 * \brief This function releases and clears the specified AES context. 0111 * 0112 * \param ctx The AES context to clear. 0113 * If this is \c NULL, this function does nothing. 0114 * Otherwise, the context must have been at least initialized. 0115 */ 0116 void mbedtls_aes_free(mbedtls_aes_context *ctx); 0117 0118 #if defined(MBEDTLS_CIPHER_MODE_XTS) 0119 /** 0120 * \brief This function initializes the specified AES XTS context. 0121 * 0122 * It must be the first API called before using 0123 * the context. 0124 * 0125 * \param ctx The AES XTS context to initialize. This must not be \c NULL. 0126 */ 0127 void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx); 0128 0129 /** 0130 * \brief This function releases and clears the specified AES XTS context. 0131 * 0132 * \param ctx The AES XTS context to clear. 0133 * If this is \c NULL, this function does nothing. 0134 * Otherwise, the context must have been at least initialized. 0135 */ 0136 void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx); 0137 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 0138 0139 /** 0140 * \brief This function sets the encryption key. 0141 * 0142 * \param ctx The AES context to which the key should be bound. 0143 * It must be initialized. 0144 * \param key The encryption key. 0145 * This must be a readable buffer of size \p keybits bits. 0146 * \param keybits The size of data passed in bits. Valid options are: 0147 * <ul><li>128 bits</li> 0148 * <li>192 bits</li> 0149 * <li>256 bits</li></ul> 0150 * 0151 * \return \c 0 on success. 0152 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 0153 */ 0154 MBEDTLS_CHECK_RETURN_TYPICAL 0155 int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, 0156 unsigned int keybits); 0157 0158 #if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) 0159 /** 0160 * \brief This function sets the decryption key. 0161 * 0162 * \param ctx The AES context to which the key should be bound. 0163 * It must be initialized. 0164 * \param key The decryption key. 0165 * This must be a readable buffer of size \p keybits bits. 0166 * \param keybits The size of data passed. Valid options are: 0167 * <ul><li>128 bits</li> 0168 * <li>192 bits</li> 0169 * <li>256 bits</li></ul> 0170 * 0171 * \return \c 0 on success. 0172 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 0173 */ 0174 MBEDTLS_CHECK_RETURN_TYPICAL 0175 int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, 0176 unsigned int keybits); 0177 #endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ 0178 0179 #if defined(MBEDTLS_CIPHER_MODE_XTS) 0180 /** 0181 * \brief This function prepares an XTS context for encryption and 0182 * sets the encryption key. 0183 * 0184 * \param ctx The AES XTS context to which the key should be bound. 0185 * It must be initialized. 0186 * \param key The encryption key. This is comprised of the XTS key1 0187 * concatenated with the XTS key2. 0188 * This must be a readable buffer of size \p keybits bits. 0189 * \param keybits The size of \p key passed in bits. Valid options are: 0190 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 0191 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 0192 * 0193 * \return \c 0 on success. 0194 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 0195 */ 0196 MBEDTLS_CHECK_RETURN_TYPICAL 0197 int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx, 0198 const unsigned char *key, 0199 unsigned int keybits); 0200 0201 /** 0202 * \brief This function prepares an XTS context for decryption and 0203 * sets the decryption key. 0204 * 0205 * \param ctx The AES XTS context to which the key should be bound. 0206 * It must be initialized. 0207 * \param key The decryption key. This is comprised of the XTS key1 0208 * concatenated with the XTS key2. 0209 * This must be a readable buffer of size \p keybits bits. 0210 * \param keybits The size of \p key passed in bits. Valid options are: 0211 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 0212 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 0213 * 0214 * \return \c 0 on success. 0215 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 0216 */ 0217 MBEDTLS_CHECK_RETURN_TYPICAL 0218 int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx, 0219 const unsigned char *key, 0220 unsigned int keybits); 0221 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 0222 0223 /** 0224 * \brief This function performs an AES single-block encryption or 0225 * decryption operation. 0226 * 0227 * It performs the operation defined in the \p mode parameter 0228 * (encrypt or decrypt), on the input data buffer defined in 0229 * the \p input parameter. 0230 * 0231 * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or 0232 * mbedtls_aes_setkey_dec() must be called before the first 0233 * call to this API with the same context. 0234 * 0235 * \param ctx The AES context to use for encryption or decryption. 0236 * It must be initialized and bound to a key. 0237 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 0238 * #MBEDTLS_AES_DECRYPT. 0239 * \param input The buffer holding the input data. 0240 * It must be readable and at least \c 16 Bytes long. 0241 * \param output The buffer where the output data will be written. 0242 * It must be writeable and at least \c 16 Bytes long. 0243 0244 * \return \c 0 on success. 0245 */ 0246 MBEDTLS_CHECK_RETURN_TYPICAL 0247 int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, 0248 int mode, 0249 const unsigned char input[16], 0250 unsigned char output[16]); 0251 0252 #if defined(MBEDTLS_CIPHER_MODE_CBC) 0253 /** 0254 * \brief This function performs an AES-CBC encryption or decryption operation 0255 * on full blocks. 0256 * 0257 * It performs the operation defined in the \p mode 0258 * parameter (encrypt/decrypt), on the input data buffer defined in 0259 * the \p input parameter. 0260 * 0261 * It can be called as many times as needed, until all the input 0262 * data is processed. mbedtls_aes_init(), and either 0263 * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called 0264 * before the first call to this API with the same context. 0265 * 0266 * \note This function operates on full blocks, that is, the input size 0267 * must be a multiple of the AES block size of \c 16 Bytes. 0268 * 0269 * \note Upon exit, the content of the IV is updated so that you can 0270 * call the same function again on the next 0271 * block(s) of data and get the same result as if it was 0272 * encrypted in one call. This allows a "streaming" usage. 0273 * If you need to retain the contents of the IV, you should 0274 * either save it manually or use the cipher module instead. 0275 * 0276 * 0277 * \param ctx The AES context to use for encryption or decryption. 0278 * It must be initialized and bound to a key. 0279 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 0280 * #MBEDTLS_AES_DECRYPT. 0281 * \param length The length of the input data in Bytes. This must be a 0282 * multiple of the block size (\c 16 Bytes). 0283 * \param iv Initialization vector (updated after use). 0284 * It must be a readable and writeable buffer of \c 16 Bytes. 0285 * \param input The buffer holding the input data. 0286 * It must be readable and of size \p length Bytes. 0287 * \param output The buffer holding the output data. 0288 * It must be writeable and of size \p length Bytes. 0289 * 0290 * \return \c 0 on success. 0291 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH 0292 * on failure. 0293 */ 0294 MBEDTLS_CHECK_RETURN_TYPICAL 0295 int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, 0296 int mode, 0297 size_t length, 0298 unsigned char iv[16], 0299 const unsigned char *input, 0300 unsigned char *output); 0301 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 0302 0303 #if defined(MBEDTLS_CIPHER_MODE_XTS) 0304 /** 0305 * \brief This function performs an AES-XTS encryption or decryption 0306 * operation for an entire XTS data unit. 0307 * 0308 * AES-XTS encrypts or decrypts blocks based on their location as 0309 * defined by a data unit number. The data unit number must be 0310 * provided by \p data_unit. 0311 * 0312 * NIST SP 800-38E limits the maximum size of a data unit to 2^20 0313 * AES blocks. If the data unit is larger than this, this function 0314 * returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH. 0315 * 0316 * \param ctx The AES XTS context to use for AES XTS operations. 0317 * It must be initialized and bound to a key. 0318 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 0319 * #MBEDTLS_AES_DECRYPT. 0320 * \param length The length of a data unit in Bytes. This can be any 0321 * length between 16 bytes and 2^24 bytes inclusive 0322 * (between 1 and 2^20 block cipher blocks). 0323 * \param data_unit The address of the data unit encoded as an array of 16 0324 * bytes in little-endian format. For disk encryption, this 0325 * is typically the index of the block device sector that 0326 * contains the data. 0327 * \param input The buffer holding the input data (which is an entire 0328 * data unit). This function reads \p length Bytes from \p 0329 * input. 0330 * \param output The buffer holding the output data (which is an entire 0331 * data unit). This function writes \p length Bytes to \p 0332 * output. 0333 * 0334 * \return \c 0 on success. 0335 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is 0336 * smaller than an AES block in size (16 Bytes) or if \p 0337 * length is larger than 2^20 blocks (16 MiB). 0338 */ 0339 MBEDTLS_CHECK_RETURN_TYPICAL 0340 int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx, 0341 int mode, 0342 size_t length, 0343 const unsigned char data_unit[16], 0344 const unsigned char *input, 0345 unsigned char *output); 0346 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 0347 0348 #if defined(MBEDTLS_CIPHER_MODE_CFB) 0349 /** 0350 * \brief This function performs an AES-CFB128 encryption or decryption 0351 * operation. 0352 * 0353 * It performs the operation defined in the \p mode 0354 * parameter (encrypt or decrypt), on the input data buffer 0355 * defined in the \p input parameter. 0356 * 0357 * For CFB, you must set up the context with mbedtls_aes_setkey_enc(), 0358 * regardless of whether you are performing an encryption or decryption 0359 * operation, that is, regardless of the \p mode parameter. This is 0360 * because CFB mode uses the same key schedule for encryption and 0361 * decryption. 0362 * 0363 * \note Upon exit, the content of the IV is updated so that you can 0364 * call the same function again on the next 0365 * block(s) of data and get the same result as if it was 0366 * encrypted in one call. This allows a "streaming" usage. 0367 * If you need to retain the contents of the 0368 * IV, you must either save it manually or use the cipher 0369 * module instead. 0370 * 0371 * 0372 * \param ctx The AES context to use for encryption or decryption. 0373 * It must be initialized and bound to a key. 0374 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 0375 * #MBEDTLS_AES_DECRYPT. 0376 * \param length The length of the input data in Bytes. 0377 * \param iv_off The offset in IV (updated after use). 0378 * It must point to a valid \c size_t. 0379 * \param iv The initialization vector (updated after use). 0380 * It must be a readable and writeable buffer of \c 16 Bytes. 0381 * \param input The buffer holding the input data. 0382 * It must be readable and of size \p length Bytes. 0383 * \param output The buffer holding the output data. 0384 * It must be writeable and of size \p length Bytes. 0385 * 0386 * \return \c 0 on success. 0387 */ 0388 MBEDTLS_CHECK_RETURN_TYPICAL 0389 int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx, 0390 int mode, 0391 size_t length, 0392 size_t *iv_off, 0393 unsigned char iv[16], 0394 const unsigned char *input, 0395 unsigned char *output); 0396 0397 /** 0398 * \brief This function performs an AES-CFB8 encryption or decryption 0399 * operation. 0400 * 0401 * It performs the operation defined in the \p mode 0402 * parameter (encrypt/decrypt), on the input data buffer defined 0403 * in the \p input parameter. 0404 * 0405 * Due to the nature of CFB, you must use the same key schedule for 0406 * both encryption and decryption operations. Therefore, you must 0407 * use the context initialized with mbedtls_aes_setkey_enc() for 0408 * both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 0409 * 0410 * \note Upon exit, the content of the IV is updated so that you can 0411 * call the same function again on the next 0412 * block(s) of data and get the same result as if it was 0413 * encrypted in one call. This allows a "streaming" usage. 0414 * If you need to retain the contents of the 0415 * IV, you should either save it manually or use the cipher 0416 * module instead. 0417 * 0418 * 0419 * \param ctx The AES context to use for encryption or decryption. 0420 * It must be initialized and bound to a key. 0421 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 0422 * #MBEDTLS_AES_DECRYPT 0423 * \param length The length of the input data. 0424 * \param iv The initialization vector (updated after use). 0425 * It must be a readable and writeable buffer of \c 16 Bytes. 0426 * \param input The buffer holding the input data. 0427 * It must be readable and of size \p length Bytes. 0428 * \param output The buffer holding the output data. 0429 * It must be writeable and of size \p length Bytes. 0430 * 0431 * \return \c 0 on success. 0432 */ 0433 MBEDTLS_CHECK_RETURN_TYPICAL 0434 int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx, 0435 int mode, 0436 size_t length, 0437 unsigned char iv[16], 0438 const unsigned char *input, 0439 unsigned char *output); 0440 #endif /*MBEDTLS_CIPHER_MODE_CFB */ 0441 0442 #if defined(MBEDTLS_CIPHER_MODE_OFB) 0443 /** 0444 * \brief This function performs an AES-OFB (Output Feedback Mode) 0445 * encryption or decryption operation. 0446 * 0447 * For OFB, you must set up the context with 0448 * mbedtls_aes_setkey_enc(), regardless of whether you are 0449 * performing an encryption or decryption operation. This is 0450 * because OFB mode uses the same key schedule for encryption and 0451 * decryption. 0452 * 0453 * The OFB operation is identical for encryption or decryption, 0454 * therefore no operation mode needs to be specified. 0455 * 0456 * \note Upon exit, the content of iv, the Initialisation Vector, is 0457 * updated so that you can call the same function again on the next 0458 * block(s) of data and get the same result as if it was encrypted 0459 * in one call. This allows a "streaming" usage, by initialising 0460 * iv_off to 0 before the first call, and preserving its value 0461 * between calls. 0462 * 0463 * For non-streaming use, the iv should be initialised on each call 0464 * to a unique value, and iv_off set to 0 on each call. 0465 * 0466 * If you need to retain the contents of the initialisation vector, 0467 * you must either save it manually or use the cipher module 0468 * instead. 0469 * 0470 * \warning For the OFB mode, the initialisation vector must be unique 0471 * every encryption operation. Reuse of an initialisation vector 0472 * will compromise security. 0473 * 0474 * \param ctx The AES context to use for encryption or decryption. 0475 * It must be initialized and bound to a key. 0476 * \param length The length of the input data. 0477 * \param iv_off The offset in IV (updated after use). 0478 * It must point to a valid \c size_t. 0479 * \param iv The initialization vector (updated after use). 0480 * It must be a readable and writeable buffer of \c 16 Bytes. 0481 * \param input The buffer holding the input data. 0482 * It must be readable and of size \p length Bytes. 0483 * \param output The buffer holding the output data. 0484 * It must be writeable and of size \p length Bytes. 0485 * 0486 * \return \c 0 on success. 0487 */ 0488 MBEDTLS_CHECK_RETURN_TYPICAL 0489 int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx, 0490 size_t length, 0491 size_t *iv_off, 0492 unsigned char iv[16], 0493 const unsigned char *input, 0494 unsigned char *output); 0495 0496 #endif /* MBEDTLS_CIPHER_MODE_OFB */ 0497 0498 #if defined(MBEDTLS_CIPHER_MODE_CTR) 0499 /** 0500 * \brief This function performs an AES-CTR encryption or decryption 0501 * operation. 0502 * 0503 * Due to the nature of CTR, you must use the same key schedule 0504 * for both encryption and decryption operations. Therefore, you 0505 * must use the context initialized with mbedtls_aes_setkey_enc() 0506 * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 0507 * 0508 * \warning You must never reuse a nonce value with the same key. Doing so 0509 * would void the encryption for the two messages encrypted with 0510 * the same nonce and key. 0511 * 0512 * There are two common strategies for managing nonces with CTR: 0513 * 0514 * 1. You can handle everything as a single message processed over 0515 * successive calls to this function. In that case, you want to 0516 * set \p nonce_counter and \p nc_off to 0 for the first call, and 0517 * then preserve the values of \p nonce_counter, \p nc_off and \p 0518 * stream_block across calls to this function as they will be 0519 * updated by this function. 0520 * 0521 * With this strategy, you must not encrypt more than 2**128 0522 * blocks of data with the same key. 0523 * 0524 * 2. You can encrypt separate messages by dividing the \p 0525 * nonce_counter buffer in two areas: the first one used for a 0526 * per-message nonce, handled by yourself, and the second one 0527 * updated by this function internally. 0528 * 0529 * For example, you might reserve the first 12 bytes for the 0530 * per-message nonce, and the last 4 bytes for internal use. In that 0531 * case, before calling this function on a new message you need to 0532 * set the first 12 bytes of \p nonce_counter to your chosen nonce 0533 * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p 0534 * stream_block to be ignored). That way, you can encrypt at most 0535 * 2**96 messages of up to 2**32 blocks each with the same key. 0536 * 0537 * The per-message nonce (or information sufficient to reconstruct 0538 * it) needs to be communicated with the ciphertext and must be unique. 0539 * The recommended way to ensure uniqueness is to use a message 0540 * counter. An alternative is to generate random nonces, but this 0541 * limits the number of messages that can be securely encrypted: 0542 * for example, with 96-bit random nonces, you should not encrypt 0543 * more than 2**32 messages with the same key. 0544 * 0545 * Note that for both strategies, sizes are measured in blocks and 0546 * that an AES block is 16 bytes. 0547 * 0548 * \warning Upon return, \p stream_block contains sensitive data. Its 0549 * content must not be written to insecure storage and should be 0550 * securely discarded as soon as it's no longer needed. 0551 * 0552 * \param ctx The AES context to use for encryption or decryption. 0553 * It must be initialized and bound to a key. 0554 * \param length The length of the input data. 0555 * \param nc_off The offset in the current \p stream_block, for 0556 * resuming within the current cipher stream. The 0557 * offset pointer should be 0 at the start of a stream. 0558 * It must point to a valid \c size_t. 0559 * \param nonce_counter The 128-bit nonce and counter. 0560 * It must be a readable-writeable buffer of \c 16 Bytes. 0561 * \param stream_block The saved stream block for resuming. This is 0562 * overwritten by the function. 0563 * It must be a readable-writeable buffer of \c 16 Bytes. 0564 * \param input The buffer holding the input data. 0565 * It must be readable and of size \p length Bytes. 0566 * \param output The buffer holding the output data. 0567 * It must be writeable and of size \p length Bytes. 0568 * 0569 * \return \c 0 on success. 0570 */ 0571 MBEDTLS_CHECK_RETURN_TYPICAL 0572 int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, 0573 size_t length, 0574 size_t *nc_off, 0575 unsigned char nonce_counter[16], 0576 unsigned char stream_block[16], 0577 const unsigned char *input, 0578 unsigned char *output); 0579 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 0580 0581 /** 0582 * \brief Internal AES block encryption function. This is only 0583 * exposed to allow overriding it using 0584 * \c MBEDTLS_AES_ENCRYPT_ALT. 0585 * 0586 * \param ctx The AES context to use for encryption. 0587 * \param input The plaintext block. 0588 * \param output The output (ciphertext) block. 0589 * 0590 * \return \c 0 on success. 0591 */ 0592 MBEDTLS_CHECK_RETURN_TYPICAL 0593 int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, 0594 const unsigned char input[16], 0595 unsigned char output[16]); 0596 0597 #if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) 0598 /** 0599 * \brief Internal AES block decryption function. This is only 0600 * exposed to allow overriding it using see 0601 * \c MBEDTLS_AES_DECRYPT_ALT. 0602 * 0603 * \param ctx The AES context to use for decryption. 0604 * \param input The ciphertext block. 0605 * \param output The output (plaintext) block. 0606 * 0607 * \return \c 0 on success. 0608 */ 0609 MBEDTLS_CHECK_RETURN_TYPICAL 0610 int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, 0611 const unsigned char input[16], 0612 unsigned char output[16]); 0613 #endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ 0614 0615 #if defined(MBEDTLS_SELF_TEST) 0616 /** 0617 * \brief Checkup routine. 0618 * 0619 * \return \c 0 on success. 0620 * \return \c 1 on failure. 0621 */ 0622 MBEDTLS_CHECK_RETURN_CRITICAL 0623 int mbedtls_aes_self_test(int verbose); 0624 0625 #endif /* MBEDTLS_SELF_TEST */ 0626 0627 #ifdef __cplusplus 0628 } 0629 #endif 0630 0631 #endif /* aes.h */
| [ Source navigation ] | [ Diff markup ] | [ Identifier search ] | [ general search ] |
|
This page was automatically generated by the 2.3.7 LXR engine. The LXR team |
|