takashi kadono / Mbed OS Nucleo_446

Dependencies:   ssd1331

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers aes.h Source File

aes.h

Go to the documentation of this file.
00001 /**
00002  * \file aes.h
00003  *
00004  * \brief   This file contains AES definitions and functions.
00005  *
00006  *          The Advanced Encryption Standard (AES) specifies a FIPS-approved
00007  *          cryptographic algorithm that can be used to protect electronic
00008  *          data.
00009  *
00010  *          The AES algorithm is a symmetric block cipher that can
00011  *          encrypt and decrypt information. For more information, see
00012  *          <em>FIPS Publication 197: Advanced Encryption Standard</em> and
00013  *          <em>ISO/IEC 18033-2:2006: Information technology -- Security
00014  *          techniques -- Encryption algorithms -- Part 2: Asymmetric
00015  *          ciphers</em>.
00016  *
00017  *          The AES-XTS block mode is standardized by NIST SP 800-38E
00018  *          <https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38e.pdf>
00019  *          and described in detail by IEEE P1619
00020  *          <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>.
00021  */
00022 
00023 /*  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
00024  *  SPDX-License-Identifier: Apache-2.0
00025  *
00026  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
00027  *  not use this file except in compliance with the License.
00028  *  You may obtain a copy of the License at
00029  *
00030  *  http://www.apache.org/licenses/LICENSE-2.0
00031  *
00032  *  Unless required by applicable law or agreed to in writing, software
00033  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
00034  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00035  *  See the License for the specific language governing permissions and
00036  *  limitations under the License.
00037  *
00038  *  This file is part of Mbed TLS (https://tls.mbed.org)
00039  */
00040 
00041 #ifndef MBEDTLS_AES_H
00042 #define MBEDTLS_AES_H
00043 
00044 #if !defined(MBEDTLS_CONFIG_FILE)
00045 #include "config.h"
00046 #else
00047 #include MBEDTLS_CONFIG_FILE
00048 #endif
00049 
00050 #include <stddef.h>
00051 #include <stdint.h>
00052 
00053 /* padlock.c and aesni.c rely on these values! */
00054 #define MBEDTLS_AES_ENCRYPT     1 /**< AES encryption. */
00055 #define MBEDTLS_AES_DECRYPT     0 /**< AES decryption. */
00056 
00057 /* Error codes in range 0x0020-0x0022 */
00058 #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH                -0x0020  /**< Invalid key length. */
00059 #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH              -0x0022  /**< Invalid data input length. */
00060 
00061 /* Error codes in range 0x0021-0x0025 */
00062 #define MBEDTLS_ERR_AES_BAD_INPUT_DATA                    -0x0021  /**< Invalid input data. */
00063 #define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE               -0x0023  /**< Feature not available. For example, an unsupported AES key size. */
00064 #define MBEDTLS_ERR_AES_HW_ACCEL_FAILED                   -0x0025  /**< AES hardware accelerator failed. */
00065 
00066 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
00067     !defined(inline) && !defined(__cplusplus)
00068 #define inline __inline
00069 #endif
00070 
00071 #ifdef __cplusplus
00072 extern "C" {
00073 #endif
00074 
00075 #if !defined(MBEDTLS_AES_ALT)
00076 // Regular implementation
00077 //
00078 
00079 /**
00080  * \brief The AES context-type definition.
00081  */
00082 typedef struct mbedtls_aes_context
00083 {
00084     int nr ;                     /*!< The number of rounds. */
00085     uint32_t *rk ;               /*!< AES round keys. */
00086     uint32_t buf [68];           /*!< Unaligned data buffer. This buffer can
00087                                      hold 32 extra Bytes, which can be used for
00088                                      one of the following purposes:
00089                                      <ul><li>Alignment if VIA padlock is
00090                                              used.</li>
00091                                      <li>Simplifying key expansion in the 256-bit
00092                                          case by generating an extra round key.
00093                                          </li></ul> */
00094 }
00095 mbedtls_aes_context;
00096 
00097 #if defined(MBEDTLS_CIPHER_MODE_XTS)
00098 /**
00099  * \brief The AES XTS context-type definition.
00100  */
00101 typedef struct mbedtls_aes_xts_context
00102 {
00103     mbedtls_aes_context crypt ; /*!< The AES context to use for AES block
00104                                         encryption or decryption. */
00105     mbedtls_aes_context tweak ; /*!< The AES context used for tweak
00106                                         computation. */
00107 } mbedtls_aes_xts_context;
00108 #endif /* MBEDTLS_CIPHER_MODE_XTS */
00109 
00110 #else  /* MBEDTLS_AES_ALT */
00111 #include "aes_alt.h"
00112 #endif /* MBEDTLS_AES_ALT */
00113 
00114 /**
00115  * \brief          This function initializes the specified AES context.
00116  *
00117  *                 It must be the first API called before using
00118  *                 the context.
00119  *
00120  * \param ctx      The AES context to initialize.
00121  */
00122 void mbedtls_aes_init( mbedtls_aes_context *ctx );
00123 
00124 /**
00125  * \brief          This function releases and clears the specified AES context.
00126  *
00127  * \param ctx      The AES context to clear.
00128  */
00129 void mbedtls_aes_free( mbedtls_aes_context *ctx );
00130 
00131 #if defined(MBEDTLS_CIPHER_MODE_XTS)
00132 /**
00133  * \brief          This function initializes the specified AES XTS context.
00134  *
00135  *                 It must be the first API called before using
00136  *                 the context.
00137  *
00138  * \param ctx      The AES XTS context to initialize.
00139  */
00140 void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx );
00141 
00142 /**
00143  * \brief          This function releases and clears the specified AES XTS context.
00144  *
00145  * \param ctx      The AES XTS context to clear.
00146  */
00147 void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx );
00148 #endif /* MBEDTLS_CIPHER_MODE_XTS */
00149 
00150 /**
00151  * \brief          This function sets the encryption key.
00152  *
00153  * \param ctx      The AES context to which the key should be bound.
00154  * \param key      The encryption key.
00155  * \param keybits  The size of data passed in bits. Valid options are:
00156  *                 <ul><li>128 bits</li>
00157  *                 <li>192 bits</li>
00158  *                 <li>256 bits</li></ul>
00159  *
00160  * \return         \c 0 on success.
00161  * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
00162  */
00163 int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
00164                     unsigned int keybits );
00165 
00166 /**
00167  * \brief          This function sets the decryption key.
00168  *
00169  * \param ctx      The AES context to which the key should be bound.
00170  * \param key      The decryption key.
00171  * \param keybits  The size of data passed. Valid options are:
00172  *                 <ul><li>128 bits</li>
00173  *                 <li>192 bits</li>
00174  *                 <li>256 bits</li></ul>
00175  *
00176  * \return         \c 0 on success.
00177  * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
00178  */
00179 int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
00180                     unsigned int keybits );
00181 
00182 #if defined(MBEDTLS_CIPHER_MODE_XTS)
00183 /**
00184  * \brief          This function prepares an XTS context for encryption and
00185  *                 sets the encryption key.
00186  *
00187  * \param ctx      The AES XTS context to which the key should be bound.
00188  * \param key      The encryption key. This is comprised of the XTS key1
00189  *                 concatenated with the XTS key2.
00190  * \param keybits  The size of \p key passed in bits. Valid options are:
00191  *                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
00192  *                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
00193  *
00194  * \return         \c 0 on success.
00195  * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
00196  */
00197 int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
00198                                 const unsigned char *key,
00199                                 unsigned int keybits );
00200 
00201 /**
00202  * \brief          This function prepares an XTS context for decryption and
00203  *                 sets the decryption key.
00204  *
00205  * \param ctx      The AES XTS context to which the key should be bound.
00206  * \param key      The decryption key. This is comprised of the XTS key1
00207  *                 concatenated with the XTS key2.
00208  * \param keybits  The size of \p key passed in bits. Valid options are:
00209  *                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
00210  *                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
00211  *
00212  * \return         \c 0 on success.
00213  * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
00214  */
00215 int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
00216                                 const unsigned char *key,
00217                                 unsigned int keybits );
00218 #endif /* MBEDTLS_CIPHER_MODE_XTS */
00219 
00220 /**
00221  * \brief          This function performs an AES single-block encryption or
00222  *                 decryption operation.
00223  *
00224  *                 It performs the operation defined in the \p mode parameter
00225  *                 (encrypt or decrypt), on the input data buffer defined in
00226  *                 the \p input parameter.
00227  *
00228  *                 mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or
00229  *                 mbedtls_aes_setkey_dec() must be called before the first
00230  *                 call to this API with the same context.
00231  *
00232  * \param ctx      The AES context to use for encryption or decryption.
00233  * \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
00234  *                 #MBEDTLS_AES_DECRYPT.
00235  * \param input    The 16-Byte buffer holding the input data.
00236  * \param output   The 16-Byte buffer holding the output data.
00237 
00238  * \return         \c 0 on success.
00239  */
00240 int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
00241                     int mode,
00242                     const unsigned char input[16],
00243                     unsigned char output[16] );
00244 
00245 #if defined(MBEDTLS_CIPHER_MODE_CBC)
00246 /**
00247  * \brief  This function performs an AES-CBC encryption or decryption operation
00248  *         on full blocks.
00249  *
00250  *         It performs the operation defined in the \p mode
00251  *         parameter (encrypt/decrypt), on the input data buffer defined in
00252  *         the \p input parameter.
00253  *
00254  *         It can be called as many times as needed, until all the input
00255  *         data is processed. mbedtls_aes_init(), and either
00256  *         mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
00257  *         before the first call to this API with the same context.
00258  *
00259  * \note   This function operates on aligned blocks, that is, the input size
00260  *         must be a multiple of the AES block size of 16 Bytes.
00261  *
00262  * \note   Upon exit, the content of the IV is updated so that you can
00263  *         call the same function again on the next
00264  *         block(s) of data and get the same result as if it was
00265  *         encrypted in one call. This allows a "streaming" usage.
00266  *         If you need to retain the contents of the IV, you should
00267  *         either save it manually or use the cipher module instead.
00268  *
00269  *
00270  * \param ctx      The AES context to use for encryption or decryption.
00271  * \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
00272  *                 #MBEDTLS_AES_DECRYPT.
00273  * \param length   The length of the input data in Bytes. This must be a
00274  *                 multiple of the block size (16 Bytes).
00275  * \param iv       Initialization vector (updated after use).
00276  * \param input    The buffer holding the input data.
00277  * \param output   The buffer holding the output data.
00278  *
00279  * \return         \c 0 on success.
00280  * \return         #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
00281  *                 on failure.
00282  */
00283 int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
00284                     int mode,
00285                     size_t length,
00286                     unsigned char iv[16],
00287                     const unsigned char *input,
00288                     unsigned char *output );
00289 #endif /* MBEDTLS_CIPHER_MODE_CBC */
00290 
00291 #if defined(MBEDTLS_CIPHER_MODE_XTS)
00292 /**
00293  * \brief      This function performs an AES-XTS encryption or decryption
00294  *             operation for an entire XTS data unit.
00295  *
00296  *             AES-XTS encrypts or decrypts blocks based on their location as
00297  *             defined by a data unit number. The data unit number must be
00298  *             provided by \p data_unit.
00299  *
00300  *             NIST SP 800-38E limits the maximum size of a data unit to 2^20
00301  *             AES blocks. If the data unit is larger than this, this function
00302  *             returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH.
00303  *
00304  * \param ctx          The AES XTS context to use for AES XTS operations.
00305  * \param mode         The AES operation: #MBEDTLS_AES_ENCRYPT or
00306  *                     #MBEDTLS_AES_DECRYPT.
00307  * \param length       The length of a data unit in bytes. This can be any
00308  *                     length between 16 bytes and 2^24 bytes inclusive
00309  *                     (between 1 and 2^20 block cipher blocks).
00310  * \param data_unit    The address of the data unit encoded as an array of 16
00311  *                     bytes in little-endian format. For disk encryption, this
00312  *                     is typically the index of the block device sector that
00313  *                     contains the data.
00314  * \param input        The buffer holding the input data (which is an entire
00315  *                     data unit). This function reads \p length bytes from \p
00316  *                     input.
00317  * \param output       The buffer holding the output data (which is an entire
00318  *                     data unit). This function writes \p length bytes to \p
00319  *                     output.
00320  *
00321  * \return             \c 0 on success.
00322  * \return             #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is
00323  *                     smaller than an AES block in size (16 bytes) or if \p
00324  *                     length is larger than 2^20 blocks (16 MiB).
00325  */
00326 int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
00327                            int mode,
00328                            size_t length,
00329                            const unsigned char data_unit[16],
00330                            const unsigned char *input,
00331                            unsigned char *output );
00332 #endif /* MBEDTLS_CIPHER_MODE_XTS */
00333 
00334 #if defined(MBEDTLS_CIPHER_MODE_CFB)
00335 /**
00336  * \brief This function performs an AES-CFB128 encryption or decryption
00337  *        operation.
00338  *
00339  *        It performs the operation defined in the \p mode
00340  *        parameter (encrypt or decrypt), on the input data buffer
00341  *        defined in the \p input parameter.
00342  *
00343  *        For CFB, you must set up the context with mbedtls_aes_setkey_enc(),
00344  *        regardless of whether you are performing an encryption or decryption
00345  *        operation, that is, regardless of the \p mode parameter. This is
00346  *        because CFB mode uses the same key schedule for encryption and
00347  *        decryption.
00348  *
00349  * \note  Upon exit, the content of the IV is updated so that you can
00350  *        call the same function again on the next
00351  *        block(s) of data and get the same result as if it was
00352  *        encrypted in one call. This allows a "streaming" usage.
00353  *        If you need to retain the contents of the
00354  *        IV, you must either save it manually or use the cipher
00355  *        module instead.
00356  *
00357  *
00358  * \param ctx      The AES context to use for encryption or decryption.
00359  * \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
00360  *                 #MBEDTLS_AES_DECRYPT.
00361  * \param length   The length of the input data.
00362  * \param iv_off   The offset in IV (updated after use).
00363  * \param iv       The initialization vector (updated after use).
00364  * \param input    The buffer holding the input data.
00365  * \param output   The buffer holding the output data.
00366  *
00367  * \return         \c 0 on success.
00368  */
00369 int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
00370                        int mode,
00371                        size_t length,
00372                        size_t *iv_off,
00373                        unsigned char iv[16],
00374                        const unsigned char *input,
00375                        unsigned char *output );
00376 
00377 /**
00378  * \brief This function performs an AES-CFB8 encryption or decryption
00379  *        operation.
00380  *
00381  *        It performs the operation defined in the \p mode
00382  *        parameter (encrypt/decrypt), on the input data buffer defined
00383  *        in the \p input parameter.
00384  *
00385  *        Due to the nature of CFB, you must use the same key schedule for
00386  *        both encryption and decryption operations. Therefore, you must
00387  *        use the context initialized with mbedtls_aes_setkey_enc() for
00388  *        both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
00389  *
00390  * \note  Upon exit, the content of the IV is updated so that you can
00391  *        call the same function again on the next
00392  *        block(s) of data and get the same result as if it was
00393  *        encrypted in one call. This allows a "streaming" usage.
00394  *        If you need to retain the contents of the
00395  *        IV, you should either save it manually or use the cipher
00396  *        module instead.
00397  *
00398  *
00399  * \param ctx      The AES context to use for encryption or decryption.
00400  * \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
00401  *                 #MBEDTLS_AES_DECRYPT
00402  * \param length   The length of the input data.
00403  * \param iv       The initialization vector (updated after use).
00404  * \param input    The buffer holding the input data.
00405  * \param output   The buffer holding the output data.
00406  *
00407  * \return         \c 0 on success.
00408  */
00409 int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
00410                     int mode,
00411                     size_t length,
00412                     unsigned char iv[16],
00413                     const unsigned char *input,
00414                     unsigned char *output );
00415 #endif /*MBEDTLS_CIPHER_MODE_CFB */
00416 
00417 #if defined(MBEDTLS_CIPHER_MODE_OFB)
00418 /**
00419  * \brief       This function performs an AES-OFB (Output Feedback Mode)
00420  *              encryption or decryption operation.
00421  *
00422  *              For OFB, you must set up the context with
00423  *              mbedtls_aes_setkey_enc(), regardless of whether you are
00424  *              performing an encryption or decryption operation. This is
00425  *              because OFB mode uses the same key schedule for encryption and
00426  *              decryption.
00427  *
00428  *              The OFB operation is identical for encryption or decryption,
00429  *              therefore no operation mode needs to be specified.
00430  *
00431  * \note        Upon exit, the content of iv, the Initialisation Vector, is
00432  *              updated so that you can call the same function again on the next
00433  *              block(s) of data and get the same result as if it was encrypted
00434  *              in one call. This allows a "streaming" usage, by initialising
00435  *              iv_off to 0 before the first call, and preserving its value
00436  *              between calls.
00437  *
00438  *              For non-streaming use, the iv should be initialised on each call
00439  *              to a unique value, and iv_off set to 0 on each call.
00440  *
00441  *              If you need to retain the contents of the initialisation vector,
00442  *              you must either save it manually or use the cipher module
00443  *              instead.
00444  *
00445  * \warning     For the OFB mode, the initialisation vector must be unique
00446  *              every encryption operation. Reuse of an initialisation vector
00447  *              will compromise security.
00448  *
00449  * \param ctx      The AES context to use for encryption or decryption.
00450  * \param length   The length of the input data.
00451  * \param iv_off   The offset in IV (updated after use).
00452  * \param iv       The initialization vector (updated after use).
00453  * \param input    The buffer holding the input data.
00454  * \param output   The buffer holding the output data.
00455  *
00456  * \return         \c 0 on success.
00457  */
00458 int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
00459                        size_t length,
00460                        size_t *iv_off,
00461                        unsigned char iv[16],
00462                        const unsigned char *input,
00463                        unsigned char *output );
00464 
00465 #endif /* MBEDTLS_CIPHER_MODE_OFB */
00466 
00467 #if defined(MBEDTLS_CIPHER_MODE_CTR)
00468 /**
00469  * \brief      This function performs an AES-CTR encryption or decryption
00470  *             operation.
00471  *
00472  *             This function performs the operation defined in the \p mode
00473  *             parameter (encrypt/decrypt), on the input data buffer
00474  *             defined in the \p input parameter.
00475  *
00476  *             Due to the nature of CTR, you must use the same key schedule
00477  *             for both encryption and decryption operations. Therefore, you
00478  *             must use the context initialized with mbedtls_aes_setkey_enc()
00479  *             for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
00480  *
00481  * \warning    You must never reuse a nonce value with the same key. Doing so
00482  *             would void the encryption for the two messages encrypted with
00483  *             the same nonce and key.
00484  *
00485  *             There are two common strategies for managing nonces with CTR:
00486  *
00487  *             1. You can handle everything as a single message processed over
00488  *             successive calls to this function. In that case, you want to
00489  *             set \p nonce_counter and \p nc_off to 0 for the first call, and
00490  *             then preserve the values of \p nonce_counter, \p nc_off and \p
00491  *             stream_block across calls to this function as they will be
00492  *             updated by this function.
00493  *
00494  *             With this strategy, you must not encrypt more than 2**128
00495  *             blocks of data with the same key.
00496  *
00497  *             2. You can encrypt separate messages by dividing the \p
00498  *             nonce_counter buffer in two areas: the first one used for a
00499  *             per-message nonce, handled by yourself, and the second one
00500  *             updated by this function internally.
00501  *
00502  *             For example, you might reserve the first 12 bytes for the
00503  *             per-message nonce, and the last 4 bytes for internal use. In that
00504  *             case, before calling this function on a new message you need to
00505  *             set the first 12 bytes of \p nonce_counter to your chosen nonce
00506  *             value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
00507  *             stream_block to be ignored). That way, you can encrypt at most
00508  *             2**96 messages of up to 2**32 blocks each with the same key.
00509  *
00510  *             The per-message nonce (or information sufficient to reconstruct
00511  *             it) needs to be communicated with the ciphertext and must be unique.
00512  *             The recommended way to ensure uniqueness is to use a message
00513  *             counter. An alternative is to generate random nonces, but this
00514  *             limits the number of messages that can be securely encrypted:
00515  *             for example, with 96-bit random nonces, you should not encrypt
00516  *             more than 2**32 messages with the same key.
00517  *
00518  *             Note that for both stategies, sizes are measured in blocks and
00519  *             that an AES block is 16 bytes.
00520  *
00521  * \warning    Upon return, \p stream_block contains sensitive data. Its
00522  *             content must not be written to insecure storage and should be
00523  *             securely discarded as soon as it's no longer needed.
00524  *
00525  * \param ctx              The AES context to use for encryption or decryption.
00526  * \param length           The length of the input data.
00527  * \param nc_off           The offset in the current \p stream_block, for
00528  *                         resuming within the current cipher stream. The
00529  *                         offset pointer should be 0 at the start of a stream.
00530  * \param nonce_counter    The 128-bit nonce and counter.
00531  * \param stream_block     The saved stream block for resuming. This is
00532  *                         overwritten by the function.
00533  * \param input            The buffer holding the input data.
00534  * \param output           The buffer holding the output data.
00535  *
00536  * \return                 \c 0 on success.
00537  */
00538 int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
00539                        size_t length,
00540                        size_t *nc_off,
00541                        unsigned char nonce_counter[16],
00542                        unsigned char stream_block[16],
00543                        const unsigned char *input,
00544                        unsigned char *output );
00545 #endif /* MBEDTLS_CIPHER_MODE_CTR */
00546 
00547 /**
00548  * \brief           Internal AES block encryption function. This is only
00549  *                  exposed to allow overriding it using
00550  *                  \c MBEDTLS_AES_ENCRYPT_ALT.
00551  *
00552  * \param ctx       The AES context to use for encryption.
00553  * \param input     The plaintext block.
00554  * \param output    The output (ciphertext) block.
00555  *
00556  * \return          \c 0 on success.
00557  */
00558 int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
00559                                   const unsigned char input[16],
00560                                   unsigned char output[16] );
00561 
00562 /**
00563  * \brief           Internal AES block decryption function. This is only
00564  *                  exposed to allow overriding it using see
00565  *                  \c MBEDTLS_AES_DECRYPT_ALT.
00566  *
00567  * \param ctx       The AES context to use for decryption.
00568  * \param input     The ciphertext block.
00569  * \param output    The output (plaintext) block.
00570  *
00571  * \return          \c 0 on success.
00572  */
00573 int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
00574                                   const unsigned char input[16],
00575                                   unsigned char output[16] );
00576 
00577 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
00578 #if defined(MBEDTLS_DEPRECATED_WARNING)
00579 #define MBEDTLS_DEPRECATED      __attribute__((deprecated))
00580 #else
00581 #define MBEDTLS_DEPRECATED
00582 #endif
00583 /**
00584  * \brief           Deprecated internal AES block encryption function
00585  *                  without return value.
00586  *
00587  * \deprecated      Superseded by mbedtls_aes_encrypt_ext() in 2.5.0.
00588  *
00589  * \param ctx       The AES context to use for encryption.
00590  * \param input     Plaintext block.
00591  * \param output    Output (ciphertext) block.
00592  */
00593 MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
00594                                              const unsigned char input[16],
00595                                              unsigned char output[16] );
00596 
00597 /**
00598  * \brief           Deprecated internal AES block decryption function
00599  *                  without return value.
00600  *
00601  * \deprecated      Superseded by mbedtls_aes_decrypt_ext() in 2.5.0.
00602  *
00603  * \param ctx       The AES context to use for decryption.
00604  * \param input     Ciphertext block.
00605  * \param output    Output (plaintext) block.
00606  */
00607 MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
00608                                              const unsigned char input[16],
00609                                              unsigned char output[16] );
00610 
00611 #undef MBEDTLS_DEPRECATED
00612 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
00613 
00614 /**
00615  * \brief          Checkup routine.
00616  *
00617  * \return         \c 0 on success.
00618  * \return         \c 1 on failure.
00619  */
00620 int mbedtls_aes_self_test( int verbose );
00621 
00622 #ifdef __cplusplus
00623 }
00624 #endif
00625 
00626 #endif /* aes.h */