TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / refs/heads/mbedtls-2.0 / . / include / mbedtls / aes.h
blob: fb97c7b75fc5bdad59c5a0584384e7ccee1d4535 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/**
2 * \file aes.h
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]3 *
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000[diff] [blame]4 * \brief AES block cipher
Paul Bakker37ca75d2011-01-06 12:28:03 +0000[diff] [blame]5 *
Manuel Pégourié-Gonnarda658a402015-01-23 09:45:19 +0000[diff] [blame]6 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]7 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]8 * This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]9 *
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]23 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]24#ifndef MBEDTLS_AES_H
25#define MBEDTLS_AES_H
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]26
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]27#if !defined(MBEDTLS_CONFIG_FILE)
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]28#include "config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]29#else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]30#include MBEDTLS_CONFIG_FILE
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]31#endif
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]32
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]33#include <stddef.h>
Manuel Pégourié-Gonnardab229102015-04-15 11:53:16 +0200[diff] [blame]34#include <stdint.h>
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]35
Manuel Pégourié-Gonnard5b685652013-12-18 11:45:21 +0100[diff] [blame]36/* padlock.c and aesni.c rely on these values! */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]37#define MBEDTLS_AES_ENCRYPT 1
38#define MBEDTLS_AES_DECRYPT 0
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]39
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]40#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
41#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]42
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]43#if !defined(MBEDTLS_AES_ALT)
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]44// Regular implementation
45//
46
Paul Bakker407a0da2013-06-27 14:29:21 +0200[diff] [blame]47#ifdef __cplusplus
48extern "C" {
49#endif
50
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]51/**
52 * \brief AES context structure
Manuel Pégourié-Gonnard4a5b9952013-12-29 13:50:32 +0100[diff] [blame]53 *
54 * \note buf is able to hold 32 extra bytes, which can be used:
55 * - for alignment purposes if VIA padlock is used, and/or
56 * - to simplify key expansion in the 256-bit case by
57 * generating an extra round key
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]58 */
59typedef struct
60{
61 int nr; /*!< number of rounds */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]62 uint32_t *rk; /*!< AES round keys */
63 uint32_t buf[68]; /*!< unaligned data */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]64}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]65mbedtls_aes_context;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]66
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]67/**
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]68 * \brief Initialize AES context
69 *
70 * \param ctx AES context to be initialized
71 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]72void mbedtls_aes_init( mbedtls_aes_context *ctx );
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]73
74/**
75 * \brief Clear AES context
76 *
77 * \param ctx AES context to be cleared
78 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]79void mbedtls_aes_free( mbedtls_aes_context *ctx );
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]80
81/**
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]82 * \brief AES key schedule (encryption)
83 *
84 * \param ctx AES context to be initialized
85 * \param key encryption key
Manuel Pégourié-Gonnardb8186a52015-06-18 14:58:58 +0200[diff] [blame]86 * \param keybits must be 128, 192 or 256
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]87 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]88 * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]89 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]90int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
Manuel Pégourié-Gonnardb8186a52015-06-18 14:58:58 +0200[diff] [blame]91 unsigned int keybits );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]92
93/**
94 * \brief AES key schedule (decryption)
95 *
96 * \param ctx AES context to be initialized
97 * \param key decryption key
Manuel Pégourié-Gonnardb8186a52015-06-18 14:58:58 +0200[diff] [blame]98 * \param keybits must be 128, 192 or 256
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]99 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]100 * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]101 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]102int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
Manuel Pégourié-Gonnardb8186a52015-06-18 14:58:58 +0200[diff] [blame]103 unsigned int keybits );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]104
105/**
106 * \brief AES-ECB block encryption/decryption
107 *
108 * \param ctx AES context
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]109 * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]110 * \param input 16-byte input block
111 * \param output 16-byte output block
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]112 *
Paul Bakker27caa8a2010-03-21 15:43:59 +0000[diff] [blame]113 * \return 0 if successful
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]114 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]115int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]116 int mode,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]117 const unsigned char input[16],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]118 unsigned char output[16] );
119
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]120#if defined(MBEDTLS_CIPHER_MODE_CBC)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]121/**
122 * \brief AES-CBC buffer encryption/decryption
Paul Bakker4c067eb2009-05-17 10:25:19 +0000[diff] [blame]123 * Length should be a multiple of the block
124 * size (16 bytes)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]125 *
Manuel Pégourié-Gonnard2be147a2015-01-23 16:19:47 +0000[diff] [blame]126 * \note Upon exit, the content of the IV is updated so that you can
127 * call the function same function again on the following
128 * block(s) of data and get the same result as if it was
129 * encrypted in one call. This allows a "streaming" usage.
130 * If on the other hand you need to retain the contents of the
131 * IV, you should either save it manually or use the cipher
132 * module instead.
133 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]134 * \param ctx AES context
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]135 * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]136 * \param length length of the input data
137 * \param iv initialization vector (updated after use)
138 * \param input buffer holding the input data
139 * \param output buffer holding the output data
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]140 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]141 * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]142 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]143int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]144 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]145 size_t length,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]146 unsigned char iv[16],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]147 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]148 unsigned char *output );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]149#endif /* MBEDTLS_CIPHER_MODE_CBC */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]150
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]151#if defined(MBEDTLS_CIPHER_MODE_CFB)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]152/**
Paul Bakker4c067eb2009-05-17 10:25:19 +0000[diff] [blame]153 * \brief AES-CFB128 buffer encryption/decryption.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]154 *
Paul Bakkerca6f3e22011-10-06 13:11:08 +0000[diff] [blame]155 * Note: Due to the nature of CFB you should use the same key schedule for
156 * both encryption and decryption. So a context initialized with
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]157 * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
Paul Bakkerca6f3e22011-10-06 13:11:08 +0000[diff] [blame]158 *
Manuel Pégourié-Gonnard2be147a2015-01-23 16:19:47 +0000[diff] [blame]159 * \note Upon exit, the content of the IV is updated so that you can
160 * call the function same function again on the following
161 * block(s) of data and get the same result as if it was
162 * encrypted in one call. This allows a "streaming" usage.
163 * If on the other hand you need to retain the contents of the
164 * IV, you should either save it manually or use the cipher
165 * module instead.
166 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]167 * \param ctx AES context
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]168 * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]169 * \param length length of the input data
170 * \param iv_off offset in IV (updated after use)
171 * \param iv initialization vector (updated after use)
172 * \param input buffer holding the input data
173 * \param output buffer holding the output data
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]174 *
Paul Bakker27caa8a2010-03-21 15:43:59 +0000[diff] [blame]175 * \return 0 if successful
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]176 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]177int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]178 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]179 size_t length,
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]180 size_t *iv_off,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]181 unsigned char iv[16],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]182 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]183 unsigned char *output );
184
Paul Bakker9a736322012-11-14 12:39:52 +0000[diff] [blame]185/**
Paul Bakker556efba2014-01-24 15:38:12 +0100[diff] [blame]186 * \brief AES-CFB8 buffer encryption/decryption.
187 *
188 * Note: Due to the nature of CFB you should use the same key schedule for
189 * both encryption and decryption. So a context initialized with
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]190 * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
Paul Bakker556efba2014-01-24 15:38:12 +0100[diff] [blame]191 *
Manuel Pégourié-Gonnard2be147a2015-01-23 16:19:47 +0000[diff] [blame]192 * \note Upon exit, the content of the IV is updated so that you can
193 * call the function same function again on the following
194 * block(s) of data and get the same result as if it was
195 * encrypted in one call. This allows a "streaming" usage.
196 * If on the other hand you need to retain the contents of the
197 * IV, you should either save it manually or use the cipher
198 * module instead.
199 *
Paul Bakker556efba2014-01-24 15:38:12 +0100[diff] [blame]200 * \param ctx AES context
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]201 * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
Paul Bakker556efba2014-01-24 15:38:12 +0100[diff] [blame]202 * \param length length of the input data
203 * \param iv initialization vector (updated after use)
204 * \param input buffer holding the input data
205 * \param output buffer holding the output data
206 *
207 * \return 0 if successful
208 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]209int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
Paul Bakker556efba2014-01-24 15:38:12 +0100[diff] [blame]210 int mode,
211 size_t length,
212 unsigned char iv[16],
213 const unsigned char *input,
214 unsigned char *output );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]215#endif /*MBEDTLS_CIPHER_MODE_CFB */
Paul Bakker556efba2014-01-24 15:38:12 +0100[diff] [blame]216
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]217#if defined(MBEDTLS_CIPHER_MODE_CTR)
Paul Bakker556efba2014-01-24 15:38:12 +0100[diff] [blame]218/**
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]219 * \brief AES-CTR buffer encryption/decryption
220 *
221 * Warning: You have to keep the maximum use of your counter in mind!
222 *
Paul Bakkerca6f3e22011-10-06 13:11:08 +0000[diff] [blame]223 * Note: Due to the nature of CTR you should use the same key schedule for
224 * both encryption and decryption. So a context initialized with
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]225 * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
Paul Bakkerca6f3e22011-10-06 13:11:08 +0000[diff] [blame]226 *
Paul Bakkerdcbfdcc2013-09-10 16:16:50 +0200[diff] [blame]227 * \param ctx AES context
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]228 * \param length The length of the data
229 * \param nc_off The offset in the current stream_block (for resuming
230 * within current cipher stream). The offset pointer to
231 * should be 0 at the start of a stream.
232 * \param nonce_counter The 128-bit nonce and counter.
233 * \param stream_block The saved stream-block for resuming. Is overwritten
234 * by the function.
235 * \param input The input data stream
236 * \param output The output data stream
237 *
238 * \return 0 if successful
239 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]240int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]241 size_t length,
242 size_t *nc_off,
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]243 unsigned char nonce_counter[16],
244 unsigned char stream_block[16],
245 const unsigned char *input,
246 unsigned char *output );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]247#endif /* MBEDTLS_CIPHER_MODE_CTR */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]248
Manuel Pégourié-Gonnard31993f22015-05-12 15:41:08 +0200[diff] [blame]249/**
250 * \brief Internal AES block encryption function
251 * (Only exposed to allow overriding it,
252 * see MBEDTLS_AES_ENCRYPT_ALT)
253 *
254 * \param ctx AES context
255 * \param input Plaintext block
256 * \param output Output (ciphertext) block
257 */
258void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
259 const unsigned char input[16],
260 unsigned char output[16] );
261
262/**
263 * \brief Internal AES block decryption function
264 * (Only exposed to allow overriding it,
265 * see MBEDTLS_AES_DECRYPT_ALT)
266 *
267 * \param ctx AES context
268 * \param input Ciphertext block
269 * \param output Output (plaintext) block
270 */
271void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
272 const unsigned char input[16],
273 unsigned char output[16] );
274
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]275#ifdef __cplusplus
276}
277#endif
278
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]279#else /* MBEDTLS_AES_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]280#include "aes_alt.h"
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]281#endif /* MBEDTLS_AES_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]282
283#ifdef __cplusplus
284extern "C" {
285#endif
286
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]287/**
288 * \brief Checkup routine
289 *
290 * \return 0 if successful, or 1 if the test failed
291 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]292int mbedtls_aes_self_test( int verbose );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]293
294#ifdef __cplusplus
295}
296#endif
297
298#endif /* aes.h */