Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
aes.h
00001 /** 00002 * \file aes.h 00003 * 00004 * \brief This file contains AES definitions and functions. 00005 * 00006 * The Advanced Encryption Standard (AES) specifies a FIPS-approved 00007 * cryptographic algorithm that can be used to protect electronic 00008 * data. 00009 * 00010 * The AES algorithm is a symmetric block cipher that can 00011 * encrypt and decrypt information. For more information, see 00012 * <em>FIPS Publication 197: Advanced Encryption Standard</em> and 00013 * <em>ISO/IEC 18033-2:2006: Information technology -- Security 00014 * techniques -- Encryption algorithms -- Part 2: Asymmetric 00015 * ciphers</em>. 00016 * 00017 * The AES-XTS block mode is standardized by NIST SP 800-38E 00018 * <https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38e.pdf> 00019 * and described in detail by IEEE P1619 00020 * <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>. 00021 */ 00022 00023 /* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. 00024 * SPDX-License-Identifier: Apache-2.0 00025 * 00026 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00027 * not use this file except in compliance with the License. 00028 * You may obtain a copy of the License at 00029 * 00030 * http://www.apache.org/licenses/LICENSE-2.0 00031 * 00032 * Unless required by applicable law or agreed to in writing, software 00033 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00034 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00035 * See the License for the specific language governing permissions and 00036 * limitations under the License. 00037 * 00038 * This file is part of Mbed TLS (https://tls.mbed.org) 00039 */ 00040 00041 #ifndef MBEDTLS_AES_H 00042 #define MBEDTLS_AES_H 00043 00044 #if !defined(MBEDTLS_CONFIG_FILE) 00045 #include "mbedtls/config.h" 00046 #else 00047 #include MBEDTLS_CONFIG_FILE 00048 #endif 00049 00050 #include <stddef.h> 00051 #include <stdint.h> 00052 00053 /* padlock.c and aesni.c rely on these values! */ 00054 #define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ 00055 #define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ 00056 00057 /* Error codes in range 0x0020-0x0022 */ 00058 #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ 00059 #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ 00060 00061 /* Error codes in range 0x0021-0x0025 */ 00062 #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 /**< Invalid input data. */ 00063 00064 /* MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE is deprecated and should not be used. */ 00065 #define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */ 00066 00067 /* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */ 00068 #define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */ 00069 00070 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 00071 !defined(inline) && !defined(__cplusplus) 00072 #define inline __inline 00073 #endif 00074 00075 #ifdef __cplusplus 00076 extern "C" { 00077 #endif 00078 00079 #if !defined(MBEDTLS_AES_ALT) 00080 // Regular implementation 00081 // 00082 00083 /** 00084 * \brief The AES context-type definition. 00085 */ 00086 typedef struct mbedtls_aes_context 00087 { 00088 int nr ; /*!< The number of rounds. */ 00089 uint32_t *rk ; /*!< AES round keys. */ 00090 uint32_t buf [68]; /*!< Unaligned data buffer. This buffer can 00091 hold 32 extra Bytes, which can be used for 00092 one of the following purposes: 00093 <ul><li>Alignment if VIA padlock is 00094 used.</li> 00095 <li>Simplifying key expansion in the 256-bit 00096 case by generating an extra round key. 00097 </li></ul> */ 00098 } 00099 mbedtls_aes_context; 00100 00101 #if defined(MBEDTLS_CIPHER_MODE_XTS) 00102 /** 00103 * \brief The AES XTS context-type definition. 00104 */ 00105 typedef struct mbedtls_aes_xts_context 00106 { 00107 mbedtls_aes_context crypt ; /*!< The AES context to use for AES block 00108 encryption or decryption. */ 00109 mbedtls_aes_context tweak ; /*!< The AES context used for tweak 00110 computation. */ 00111 } mbedtls_aes_xts_context; 00112 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 00113 00114 #else /* MBEDTLS_AES_ALT */ 00115 #include "aes_alt.h" 00116 #endif /* MBEDTLS_AES_ALT */ 00117 00118 /** 00119 * \brief This function initializes the specified AES context. 00120 * 00121 * It must be the first API called before using 00122 * the context. 00123 * 00124 * \param ctx The AES context to initialize. This must not be \c NULL. 00125 */ 00126 void mbedtls_aes_init( mbedtls_aes_context *ctx ); 00127 00128 /** 00129 * \brief This function releases and clears the specified AES context. 00130 * 00131 * \param ctx The AES context to clear. 00132 * If this is \c NULL, this function does nothing. 00133 * Otherwise, the context must have been at least initialized. 00134 */ 00135 void mbedtls_aes_free( mbedtls_aes_context *ctx ); 00136 00137 #if defined(MBEDTLS_CIPHER_MODE_XTS) 00138 /** 00139 * \brief This function initializes the specified AES XTS context. 00140 * 00141 * It must be the first API called before using 00142 * the context. 00143 * 00144 * \param ctx The AES XTS context to initialize. This must not be \c NULL. 00145 */ 00146 void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ); 00147 00148 /** 00149 * \brief This function releases and clears the specified AES XTS context. 00150 * 00151 * \param ctx The AES XTS context to clear. 00152 * If this is \c NULL, this function does nothing. 00153 * Otherwise, the context must have been at least initialized. 00154 */ 00155 void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); 00156 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 00157 00158 /** 00159 * \brief This function sets the encryption key. 00160 * 00161 * \param ctx The AES context to which the key should be bound. 00162 * It must be initialized. 00163 * \param key The encryption key. 00164 * This must be a readable buffer of size \p keybits bits. 00165 * \param keybits The size of data passed in bits. Valid options are: 00166 * <ul><li>128 bits</li> 00167 * <li>192 bits</li> 00168 * <li>256 bits</li></ul> 00169 * 00170 * \return \c 0 on success. 00171 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 00172 */ 00173 int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, 00174 unsigned int keybits ); 00175 00176 /** 00177 * \brief This function sets the decryption key. 00178 * 00179 * \param ctx The AES context to which the key should be bound. 00180 * It must be initialized. 00181 * \param key The decryption key. 00182 * This must be a readable buffer of size \p keybits bits. 00183 * \param keybits The size of data passed. Valid options are: 00184 * <ul><li>128 bits</li> 00185 * <li>192 bits</li> 00186 * <li>256 bits</li></ul> 00187 * 00188 * \return \c 0 on success. 00189 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 00190 */ 00191 int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, 00192 unsigned int keybits ); 00193 00194 #if defined(MBEDTLS_CIPHER_MODE_XTS) 00195 /** 00196 * \brief This function prepares an XTS context for encryption and 00197 * sets the encryption key. 00198 * 00199 * \param ctx The AES XTS context to which the key should be bound. 00200 * It must be initialized. 00201 * \param key The encryption key. This is comprised of the XTS key1 00202 * concatenated with the XTS key2. 00203 * This must be a readable buffer of size \p keybits bits. 00204 * \param keybits The size of \p key passed in bits. Valid options are: 00205 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 00206 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 00207 * 00208 * \return \c 0 on success. 00209 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 00210 */ 00211 int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, 00212 const unsigned char *key, 00213 unsigned int keybits ); 00214 00215 /** 00216 * \brief This function prepares an XTS context for decryption and 00217 * sets the decryption key. 00218 * 00219 * \param ctx The AES XTS context to which the key should be bound. 00220 * It must be initialized. 00221 * \param key The decryption key. This is comprised of the XTS key1 00222 * concatenated with the XTS key2. 00223 * This must be a readable buffer of size \p keybits bits. 00224 * \param keybits The size of \p key passed in bits. Valid options are: 00225 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li> 00226 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul> 00227 * 00228 * \return \c 0 on success. 00229 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. 00230 */ 00231 int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, 00232 const unsigned char *key, 00233 unsigned int keybits ); 00234 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 00235 00236 /** 00237 * \brief This function performs an AES single-block encryption or 00238 * decryption operation. 00239 * 00240 * It performs the operation defined in the \p mode parameter 00241 * (encrypt or decrypt), on the input data buffer defined in 00242 * the \p input parameter. 00243 * 00244 * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or 00245 * mbedtls_aes_setkey_dec() must be called before the first 00246 * call to this API with the same context. 00247 * 00248 * \param ctx The AES context to use for encryption or decryption. 00249 * It must be initialized and bound to a key. 00250 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 00251 * #MBEDTLS_AES_DECRYPT. 00252 * \param input The buffer holding the input data. 00253 * It must be readable and at least \c 16 Bytes long. 00254 * \param output The buffer where the output data will be written. 00255 * It must be writeable and at least \c 16 Bytes long. 00256 00257 * \return \c 0 on success. 00258 */ 00259 int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, 00260 int mode, 00261 const unsigned char input[16], 00262 unsigned char output[16] ); 00263 00264 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00265 /** 00266 * \brief This function performs an AES-CBC encryption or decryption operation 00267 * on full blocks. 00268 * 00269 * It performs the operation defined in the \p mode 00270 * parameter (encrypt/decrypt), on the input data buffer defined in 00271 * the \p input parameter. 00272 * 00273 * It can be called as many times as needed, until all the input 00274 * data is processed. mbedtls_aes_init(), and either 00275 * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called 00276 * before the first call to this API with the same context. 00277 * 00278 * \note This function operates on full blocks, that is, the input size 00279 * must be a multiple of the AES block size of \c 16 Bytes. 00280 * 00281 * \note Upon exit, the content of the IV is updated so that you can 00282 * call the same function again on the next 00283 * block(s) of data and get the same result as if it was 00284 * encrypted in one call. This allows a "streaming" usage. 00285 * If you need to retain the contents of the IV, you should 00286 * either save it manually or use the cipher module instead. 00287 * 00288 * 00289 * \param ctx The AES context to use for encryption or decryption. 00290 * It must be initialized and bound to a key. 00291 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 00292 * #MBEDTLS_AES_DECRYPT. 00293 * \param length The length of the input data in Bytes. This must be a 00294 * multiple of the block size (\c 16 Bytes). 00295 * \param iv Initialization vector (updated after use). 00296 * It must be a readable and writeable buffer of \c 16 Bytes. 00297 * \param input The buffer holding the input data. 00298 * It must be readable and of size \p length Bytes. 00299 * \param output The buffer holding the output data. 00300 * It must be writeable and of size \p length Bytes. 00301 * 00302 * \return \c 0 on success. 00303 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH 00304 * on failure. 00305 */ 00306 int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, 00307 int mode, 00308 size_t length, 00309 unsigned char iv[16], 00310 const unsigned char *input, 00311 unsigned char *output ); 00312 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 00313 00314 #if defined(MBEDTLS_CIPHER_MODE_XTS) 00315 /** 00316 * \brief This function performs an AES-XTS encryption or decryption 00317 * operation for an entire XTS data unit. 00318 * 00319 * AES-XTS encrypts or decrypts blocks based on their location as 00320 * defined by a data unit number. The data unit number must be 00321 * provided by \p data_unit. 00322 * 00323 * NIST SP 800-38E limits the maximum size of a data unit to 2^20 00324 * AES blocks. If the data unit is larger than this, this function 00325 * returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH. 00326 * 00327 * \param ctx The AES XTS context to use for AES XTS operations. 00328 * It must be initialized and bound to a key. 00329 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 00330 * #MBEDTLS_AES_DECRYPT. 00331 * \param length The length of a data unit in Bytes. This can be any 00332 * length between 16 bytes and 2^24 bytes inclusive 00333 * (between 1 and 2^20 block cipher blocks). 00334 * \param data_unit The address of the data unit encoded as an array of 16 00335 * bytes in little-endian format. For disk encryption, this 00336 * is typically the index of the block device sector that 00337 * contains the data. 00338 * \param input The buffer holding the input data (which is an entire 00339 * data unit). This function reads \p length Bytes from \p 00340 * input. 00341 * \param output The buffer holding the output data (which is an entire 00342 * data unit). This function writes \p length Bytes to \p 00343 * output. 00344 * 00345 * \return \c 0 on success. 00346 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is 00347 * smaller than an AES block in size (16 Bytes) or if \p 00348 * length is larger than 2^20 blocks (16 MiB). 00349 */ 00350 int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, 00351 int mode, 00352 size_t length, 00353 const unsigned char data_unit[16], 00354 const unsigned char *input, 00355 unsigned char *output ); 00356 #endif /* MBEDTLS_CIPHER_MODE_XTS */ 00357 00358 #if defined(MBEDTLS_CIPHER_MODE_CFB) 00359 /** 00360 * \brief This function performs an AES-CFB128 encryption or decryption 00361 * operation. 00362 * 00363 * It performs the operation defined in the \p mode 00364 * parameter (encrypt or decrypt), on the input data buffer 00365 * defined in the \p input parameter. 00366 * 00367 * For CFB, you must set up the context with mbedtls_aes_setkey_enc(), 00368 * regardless of whether you are performing an encryption or decryption 00369 * operation, that is, regardless of the \p mode parameter. This is 00370 * because CFB mode uses the same key schedule for encryption and 00371 * decryption. 00372 * 00373 * \note Upon exit, the content of the IV is updated so that you can 00374 * call the same function again on the next 00375 * block(s) of data and get the same result as if it was 00376 * encrypted in one call. This allows a "streaming" usage. 00377 * If you need to retain the contents of the 00378 * IV, you must either save it manually or use the cipher 00379 * module instead. 00380 * 00381 * 00382 * \param ctx The AES context to use for encryption or decryption. 00383 * It must be initialized and bound to a key. 00384 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 00385 * #MBEDTLS_AES_DECRYPT. 00386 * \param length The length of the input data in Bytes. 00387 * \param iv_off The offset in IV (updated after use). 00388 * It must point to a valid \c size_t. 00389 * \param iv The initialization vector (updated after use). 00390 * It must be a readable and writeable buffer of \c 16 Bytes. 00391 * \param input The buffer holding the input data. 00392 * It must be readable and of size \p length Bytes. 00393 * \param output The buffer holding the output data. 00394 * It must be writeable and of size \p length Bytes. 00395 * 00396 * \return \c 0 on success. 00397 */ 00398 int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, 00399 int mode, 00400 size_t length, 00401 size_t *iv_off, 00402 unsigned char iv[16], 00403 const unsigned char *input, 00404 unsigned char *output ); 00405 00406 /** 00407 * \brief This function performs an AES-CFB8 encryption or decryption 00408 * operation. 00409 * 00410 * It performs the operation defined in the \p mode 00411 * parameter (encrypt/decrypt), on the input data buffer defined 00412 * in the \p input parameter. 00413 * 00414 * Due to the nature of CFB, you must use the same key schedule for 00415 * both encryption and decryption operations. Therefore, you must 00416 * use the context initialized with mbedtls_aes_setkey_enc() for 00417 * both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 00418 * 00419 * \note Upon exit, the content of the IV is updated so that you can 00420 * call the same function again on the next 00421 * block(s) of data and get the same result as if it was 00422 * encrypted in one call. This allows a "streaming" usage. 00423 * If you need to retain the contents of the 00424 * IV, you should either save it manually or use the cipher 00425 * module instead. 00426 * 00427 * 00428 * \param ctx The AES context to use for encryption or decryption. 00429 * It must be initialized and bound to a key. 00430 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or 00431 * #MBEDTLS_AES_DECRYPT 00432 * \param length The length of the input data. 00433 * \param iv The initialization vector (updated after use). 00434 * It must be a readable and writeable buffer of \c 16 Bytes. 00435 * \param input The buffer holding the input data. 00436 * It must be readable and of size \p length Bytes. 00437 * \param output The buffer holding the output data. 00438 * It must be writeable and of size \p length Bytes. 00439 * 00440 * \return \c 0 on success. 00441 */ 00442 int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, 00443 int mode, 00444 size_t length, 00445 unsigned char iv[16], 00446 const unsigned char *input, 00447 unsigned char *output ); 00448 #endif /*MBEDTLS_CIPHER_MODE_CFB */ 00449 00450 #if defined(MBEDTLS_CIPHER_MODE_OFB) 00451 /** 00452 * \brief This function performs an AES-OFB (Output Feedback Mode) 00453 * encryption or decryption operation. 00454 * 00455 * For OFB, you must set up the context with 00456 * mbedtls_aes_setkey_enc(), regardless of whether you are 00457 * performing an encryption or decryption operation. This is 00458 * because OFB mode uses the same key schedule for encryption and 00459 * decryption. 00460 * 00461 * The OFB operation is identical for encryption or decryption, 00462 * therefore no operation mode needs to be specified. 00463 * 00464 * \note Upon exit, the content of iv, the Initialisation Vector, is 00465 * updated so that you can call the same function again on the next 00466 * block(s) of data and get the same result as if it was encrypted 00467 * in one call. This allows a "streaming" usage, by initialising 00468 * iv_off to 0 before the first call, and preserving its value 00469 * between calls. 00470 * 00471 * For non-streaming use, the iv should be initialised on each call 00472 * to a unique value, and iv_off set to 0 on each call. 00473 * 00474 * If you need to retain the contents of the initialisation vector, 00475 * you must either save it manually or use the cipher module 00476 * instead. 00477 * 00478 * \warning For the OFB mode, the initialisation vector must be unique 00479 * every encryption operation. Reuse of an initialisation vector 00480 * will compromise security. 00481 * 00482 * \param ctx The AES context to use for encryption or decryption. 00483 * It must be initialized and bound to a key. 00484 * \param length The length of the input data. 00485 * \param iv_off The offset in IV (updated after use). 00486 * It must point to a valid \c size_t. 00487 * \param iv The initialization vector (updated after use). 00488 * It must be a readable and writeable buffer of \c 16 Bytes. 00489 * \param input The buffer holding the input data. 00490 * It must be readable and of size \p length Bytes. 00491 * \param output The buffer holding the output data. 00492 * It must be writeable and of size \p length Bytes. 00493 * 00494 * \return \c 0 on success. 00495 */ 00496 int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, 00497 size_t length, 00498 size_t *iv_off, 00499 unsigned char iv[16], 00500 const unsigned char *input, 00501 unsigned char *output ); 00502 00503 #endif /* MBEDTLS_CIPHER_MODE_OFB */ 00504 00505 #if defined(MBEDTLS_CIPHER_MODE_CTR) 00506 /** 00507 * \brief This function performs an AES-CTR encryption or decryption 00508 * operation. 00509 * 00510 * This function performs the operation defined in the \p mode 00511 * parameter (encrypt/decrypt), on the input data buffer 00512 * defined in the \p input parameter. 00513 * 00514 * Due to the nature of CTR, you must use the same key schedule 00515 * for both encryption and decryption operations. Therefore, you 00516 * must use the context initialized with mbedtls_aes_setkey_enc() 00517 * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. 00518 * 00519 * \warning You must never reuse a nonce value with the same key. Doing so 00520 * would void the encryption for the two messages encrypted with 00521 * the same nonce and key. 00522 * 00523 * There are two common strategies for managing nonces with CTR: 00524 * 00525 * 1. You can handle everything as a single message processed over 00526 * successive calls to this function. In that case, you want to 00527 * set \p nonce_counter and \p nc_off to 0 for the first call, and 00528 * then preserve the values of \p nonce_counter, \p nc_off and \p 00529 * stream_block across calls to this function as they will be 00530 * updated by this function. 00531 * 00532 * With this strategy, you must not encrypt more than 2**128 00533 * blocks of data with the same key. 00534 * 00535 * 2. You can encrypt separate messages by dividing the \p 00536 * nonce_counter buffer in two areas: the first one used for a 00537 * per-message nonce, handled by yourself, and the second one 00538 * updated by this function internally. 00539 * 00540 * For example, you might reserve the first 12 bytes for the 00541 * per-message nonce, and the last 4 bytes for internal use. In that 00542 * case, before calling this function on a new message you need to 00543 * set the first 12 bytes of \p nonce_counter to your chosen nonce 00544 * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p 00545 * stream_block to be ignored). That way, you can encrypt at most 00546 * 2**96 messages of up to 2**32 blocks each with the same key. 00547 * 00548 * The per-message nonce (or information sufficient to reconstruct 00549 * it) needs to be communicated with the ciphertext and must be unique. 00550 * The recommended way to ensure uniqueness is to use a message 00551 * counter. An alternative is to generate random nonces, but this 00552 * limits the number of messages that can be securely encrypted: 00553 * for example, with 96-bit random nonces, you should not encrypt 00554 * more than 2**32 messages with the same key. 00555 * 00556 * Note that for both stategies, sizes are measured in blocks and 00557 * that an AES block is 16 bytes. 00558 * 00559 * \warning Upon return, \p stream_block contains sensitive data. Its 00560 * content must not be written to insecure storage and should be 00561 * securely discarded as soon as it's no longer needed. 00562 * 00563 * \param ctx The AES context to use for encryption or decryption. 00564 * It must be initialized and bound to a key. 00565 * \param length The length of the input data. 00566 * \param nc_off The offset in the current \p stream_block, for 00567 * resuming within the current cipher stream. The 00568 * offset pointer should be 0 at the start of a stream. 00569 * It must point to a valid \c size_t. 00570 * \param nonce_counter The 128-bit nonce and counter. 00571 * It must be a readable-writeable buffer of \c 16 Bytes. 00572 * \param stream_block The saved stream block for resuming. This is 00573 * overwritten by the function. 00574 * It must be a readable-writeable buffer of \c 16 Bytes. 00575 * \param input The buffer holding the input data. 00576 * It must be readable and of size \p length Bytes. 00577 * \param output The buffer holding the output data. 00578 * It must be writeable and of size \p length Bytes. 00579 * 00580 * \return \c 0 on success. 00581 */ 00582 int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, 00583 size_t length, 00584 size_t *nc_off, 00585 unsigned char nonce_counter[16], 00586 unsigned char stream_block[16], 00587 const unsigned char *input, 00588 unsigned char *output ); 00589 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 00590 00591 /** 00592 * \brief Internal AES block encryption function. This is only 00593 * exposed to allow overriding it using 00594 * \c MBEDTLS_AES_ENCRYPT_ALT. 00595 * 00596 * \param ctx The AES context to use for encryption. 00597 * \param input The plaintext block. 00598 * \param output The output (ciphertext) block. 00599 * 00600 * \return \c 0 on success. 00601 */ 00602 int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, 00603 const unsigned char input[16], 00604 unsigned char output[16] ); 00605 00606 /** 00607 * \brief Internal AES block decryption function. This is only 00608 * exposed to allow overriding it using see 00609 * \c MBEDTLS_AES_DECRYPT_ALT. 00610 * 00611 * \param ctx The AES context to use for decryption. 00612 * \param input The ciphertext block. 00613 * \param output The output (plaintext) block. 00614 * 00615 * \return \c 0 on success. 00616 */ 00617 int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, 00618 const unsigned char input[16], 00619 unsigned char output[16] ); 00620 00621 #if !defined(MBEDTLS_DEPRECATED_REMOVED) 00622 #if defined(MBEDTLS_DEPRECATED_WARNING) 00623 #define MBEDTLS_DEPRECATED __attribute__((deprecated)) 00624 #else 00625 #define MBEDTLS_DEPRECATED 00626 #endif 00627 /** 00628 * \brief Deprecated internal AES block encryption function 00629 * without return value. 00630 * 00631 * \deprecated Superseded by mbedtls_internal_aes_encrypt() 00632 * 00633 * \param ctx The AES context to use for encryption. 00634 * \param input Plaintext block. 00635 * \param output Output (ciphertext) block. 00636 */ 00637 MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, 00638 const unsigned char input[16], 00639 unsigned char output[16] ); 00640 00641 /** 00642 * \brief Deprecated internal AES block decryption function 00643 * without return value. 00644 * 00645 * \deprecated Superseded by mbedtls_internal_aes_decrypt() 00646 * 00647 * \param ctx The AES context to use for decryption. 00648 * \param input Ciphertext block. 00649 * \param output Output (plaintext) block. 00650 */ 00651 MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, 00652 const unsigned char input[16], 00653 unsigned char output[16] ); 00654 00655 #undef MBEDTLS_DEPRECATED 00656 #endif /* !MBEDTLS_DEPRECATED_REMOVED */ 00657 00658 00659 #if defined(MBEDTLS_SELF_TEST) 00660 /** 00661 * \brief Checkup routine. 00662 * 00663 * \return \c 0 on success. 00664 * \return \c 1 on failure. 00665 */ 00666 int mbedtls_aes_self_test( int verbose ); 00667 00668 #endif /* MBEDTLS_SELF_TEST */ 00669 00670 #ifdef __cplusplus 00671 } 00672 #endif 00673 00674 #endif /* aes.h */
Generated on Tue Jul 12 2022 13:54:00 by
