ReactOS  0.4.14-dev-552-g2fad488
aes.h File Reference

The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data. More...

#include "config.h"
#include <stddef.h>
#include <stdint.h>
Include dependency graph for aes.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  mbedtls_aes_context
 The AES context-type definition. More...
 

Macros

#define MBEDTLS_AES_ENCRYPT   1
 
#define MBEDTLS_AES_DECRYPT   0
 
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH   -0x0020
 
#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH   -0x0022
 
#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE   -0x0023
 
#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED   -0x0025
 
#define MBEDTLS_DEPRECATED
 

Functions

void mbedtls_aes_init (mbedtls_aes_context *ctx)
 This function initializes the specified AES context. More...
 
void mbedtls_aes_free (mbedtls_aes_context *ctx)
 This function releases and clears the specified AES context. More...
 
int mbedtls_aes_setkey_enc (mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits)
 This function sets the encryption key. More...
 
int mbedtls_aes_setkey_dec (mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits)
 This function sets the decryption key. More...
 
int mbedtls_aes_crypt_ecb (mbedtls_aes_context *ctx, int mode, const unsigned char input[16], unsigned char output[16])
 This function performs an AES single-block encryption or decryption operation. More...
 
int mbedtls_aes_crypt_cbc (mbedtls_aes_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
 This function performs an AES-CBC encryption or decryption operation on full blocks. More...
 
int mbedtls_aes_crypt_cfb128 (mbedtls_aes_context *ctx, int mode, size_t length, size_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output)
 This function performs an AES-CFB128 encryption or decryption operation. More...
 
int mbedtls_aes_crypt_cfb8 (mbedtls_aes_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
 This function performs an AES-CFB8 encryption or decryption operation. More...
 
int mbedtls_aes_crypt_ctr (mbedtls_aes_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], unsigned char stream_block[16], const unsigned char *input, unsigned char *output)
 This function performs an AES-CTR encryption or decryption operation. More...
 
int mbedtls_internal_aes_encrypt (mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16])
 Internal AES block encryption function. This is only exposed to allow overriding it using MBEDTLS_AES_ENCRYPT_ALT. More...
 
int mbedtls_internal_aes_decrypt (mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16])
 Internal AES block decryption function. This is only exposed to allow overriding it using see MBEDTLS_AES_DECRYPT_ALT. More...
 
MBEDTLS_DEPRECATED void mbedtls_aes_encrypt (mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16])
 Deprecated internal AES block encryption function without return value. More...
 
MBEDTLS_DEPRECATED void mbedtls_aes_decrypt (mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16])
 Deprecated internal AES block decryption function without return value. More...
 
int mbedtls_aes_self_test (int verbose)
 Checkup routine. More...
 

Detailed Description

The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data.

The AES algorithm is a symmetric block cipher that can encrypt and decrypt information. For more information, see FIPS Publication 197: Advanced Encryption Standard and ISO/IEC 18033-2:2006: Information technology – Security techniques – Encryption algorithms – Part 2: Asymmetric ciphers.

Definition in file aes.h.

Macro Definition Documentation

◆ MBEDTLS_AES_DECRYPT

#define MBEDTLS_AES_DECRYPT   0

AES decryption.

Definition at line 49 of file aes.h.

◆ MBEDTLS_AES_ENCRYPT

#define MBEDTLS_AES_ENCRYPT   1

AES encryption.

Definition at line 48 of file aes.h.

◆ MBEDTLS_DEPRECATED

#define MBEDTLS_DEPRECATED

Definition at line 363 of file aes.h.

◆ MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE

#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE   -0x0023

Feature not available. For example, an unsupported AES key size.

Definition at line 56 of file aes.h.

◆ MBEDTLS_ERR_AES_HW_ACCEL_FAILED

#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED   -0x0025

AES hardware accelerator failed.

Definition at line 57 of file aes.h.

◆ MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH

#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH   -0x0022

Invalid data input length.

Definition at line 53 of file aes.h.

◆ MBEDTLS_ERR_AES_INVALID_KEY_LENGTH

#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH   -0x0020

Invalid key length.

Definition at line 52 of file aes.h.

Function Documentation

◆ mbedtls_aes_crypt_cbc()

int mbedtls_aes_crypt_cbc ( mbedtls_aes_context ctx,
int  mode,
size_t  length,
unsigned char  iv[16],
const unsigned char input,
unsigned char output 
)

This function performs an AES-CBC encryption or decryption operation on full blocks.

It performs the operation defined in the mode parameter (encrypt/decrypt), on the input data buffer defined in the input parameter.

It can be called as many times as needed, until all the input data is processed. mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called before the first call to this API with the same context.

Note
This function operates on aligned blocks, that is, the input size must be a multiple of the AES block size of 16 Bytes.
Upon exit, the content of the IV is updated so that you can call the same function again on the next block(s) of data and get the same result as if it was encrypted in one call. This allows a "streaming" usage. If you need to retain the contents of the IV, you should either save it manually or use the cipher module instead.
Parameters
ctxThe AES context to use for encryption or decryption.
modeThe AES operation: MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT.
lengthThe length of the input data in Bytes. This must be a multiple of the block size (16 Bytes).
ivInitialization vector (updated after use).
inputThe buffer holding the input data.
outputThe buffer holding the output data.
Returns
0 on success, or MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH on failure.

◆ mbedtls_aes_crypt_cfb128()

int mbedtls_aes_crypt_cfb128 ( mbedtls_aes_context ctx,
int  mode,
size_t  length,
size_t iv_off,
unsigned char  iv[16],
const unsigned char input,
unsigned char output 
)

This function performs an AES-CFB128 encryption or decryption operation.

It performs the operation defined in the mode parameter (encrypt or decrypt), on the input data buffer defined in the input parameter.

For CFB, you must set up the context with mbedtls_aes_setkey_enc(), regardless of whether you are performing an encryption or decryption operation, that is, regardless of the mode parameter. This is because CFB mode uses the same key schedule for encryption and decryption.

Note
Upon exit, the content of the IV is updated so that you can call the same function again on the next block(s) of data and get the same result as if it was encrypted in one call. This allows a "streaming" usage. If you need to retain the contents of the IV, you must either save it manually or use the cipher module instead.
Parameters
ctxThe AES context to use for encryption or decryption.
modeThe AES operation: MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT.
lengthThe length of the input data.
iv_offThe offset in IV (updated after use).
ivThe initialization vector (updated after use).
inputThe buffer holding the input data.
outputThe buffer holding the output data.
Returns
0 on success.

◆ mbedtls_aes_crypt_cfb8()

int mbedtls_aes_crypt_cfb8 ( mbedtls_aes_context ctx,
int  mode,
size_t  length,
unsigned char  iv[16],
const unsigned char input,
unsigned char output 
)

This function performs an AES-CFB8 encryption or decryption operation.

It performs the operation defined in the mode parameter (encrypt/decrypt), on the input data buffer defined in the input parameter.

Due to the nature of CFB, you must use the same key schedule for both encryption and decryption operations. Therefore, you must use the context initialized with mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.

Note
Upon exit, the content of the IV is updated so that you can call the same function again on the next block(s) of data and get the same result as if it was encrypted in one call. This allows a "streaming" usage. If you need to retain the contents of the IV, you should either save it manually or use the cipher module instead.
Parameters
ctxThe AES context to use for encryption or decryption.
modeThe AES operation: MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
lengthThe length of the input data.
ivThe initialization vector (updated after use).
inputThe buffer holding the input data.
outputThe buffer holding the output data.
Returns
0 on success.

◆ mbedtls_aes_crypt_ctr()

int mbedtls_aes_crypt_ctr ( mbedtls_aes_context ctx,
size_t  length,
size_t nc_off,
unsigned char  nonce_counter[16],
unsigned char  stream_block[16],
const unsigned char input,
unsigned char output 
)

This function performs an AES-CTR encryption or decryption operation.

This function performs the operation defined in the mode parameter (encrypt/decrypt), on the input data buffer defined in the input parameter.

Due to the nature of CTR, you must use the same key schedule for both encryption and decryption operations. Therefore, you must use the context initialized with mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.

Warning
You must keep the maximum use of your counter in mind.
Parameters
ctxThe AES context to use for encryption or decryption.
lengthThe length of the input data.
nc_offThe offset in the current stream_block, for resuming within the current cipher stream. The offset pointer should be 0 at the start of a stream.
nonce_counterThe 128-bit nonce and counter.
stream_blockThe saved stream block for resuming. This is overwritten by the function.
inputThe buffer holding the input data.
outputThe buffer holding the output data.
Returns
0 on success.

◆ mbedtls_aes_crypt_ecb()

int mbedtls_aes_crypt_ecb ( mbedtls_aes_context ctx,
int  mode,
const unsigned char  input[16],
unsigned char  output[16] 
)

This function performs an AES single-block encryption or decryption operation.

It performs the operation defined in the mode parameter (encrypt or decrypt), on the input data buffer defined in the input parameter.

mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called before the first call to this API with the same context.

Parameters
ctxThe AES context to use for encryption or decryption.
modeThe AES operation: MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT.
inputThe 16-Byte buffer holding the input data.
outputThe 16-Byte buffer holding the output data.
Returns
0 on success.

◆ mbedtls_aes_decrypt()

MBEDTLS_DEPRECATED void mbedtls_aes_decrypt ( mbedtls_aes_context ctx,
const unsigned char  input[16],
unsigned char  output[16] 
)

Deprecated internal AES block decryption function without return value.

Deprecated:
Superseded by mbedtls_aes_decrypt_ext() in 2.5.0.
Parameters
ctxThe AES context to use for decryption.
inputCiphertext block.
outputOutput (plaintext) block.

◆ mbedtls_aes_encrypt()

MBEDTLS_DEPRECATED void mbedtls_aes_encrypt ( mbedtls_aes_context ctx,
const unsigned char  input[16],
unsigned char  output[16] 
)

Deprecated internal AES block encryption function without return value.

Deprecated:
Superseded by mbedtls_aes_encrypt_ext() in 2.5.0.
Parameters
ctxThe AES context to use for encryption.
inputPlaintext block.
outputOutput (ciphertext) block.

◆ mbedtls_aes_free()

void mbedtls_aes_free ( mbedtls_aes_context ctx)

This function releases and clears the specified AES context.

Parameters
ctxThe AES context to clear.

◆ mbedtls_aes_init()

void mbedtls_aes_init ( mbedtls_aes_context ctx)

This function initializes the specified AES context.

            It must be the first API called before using
            the context.
Parameters
ctxThe AES context to initialize.

◆ mbedtls_aes_self_test()

int mbedtls_aes_self_test ( int  verbose)

Checkup routine.

Returns
0 on success, or 1 on failure.

◆ mbedtls_aes_setkey_dec()

int mbedtls_aes_setkey_dec ( mbedtls_aes_context ctx,
const unsigned char key,
unsigned int  keybits 
)

This function sets the decryption key.

Parameters
ctxThe AES context to which the key should be bound.
keyThe decryption key.
keybitsThe size of data passed. Valid options are:
  • 128 bits
  • 192 bits
  • 256 bits
Returns
0 on success, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.

◆ mbedtls_aes_setkey_enc()

int mbedtls_aes_setkey_enc ( mbedtls_aes_context ctx,
const unsigned char key,
unsigned int  keybits 
)

This function sets the encryption key.

Parameters
ctxThe AES context to which the key should be bound.
keyThe encryption key.
keybitsThe size of data passed in bits. Valid options are:
  • 128 bits
  • 192 bits
  • 256 bits
Returns
0 on success or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.

◆ mbedtls_internal_aes_decrypt()

int mbedtls_internal_aes_decrypt ( mbedtls_aes_context ctx,
const unsigned char  input[16],
unsigned char  output[16] 
)

Internal AES block decryption function. This is only exposed to allow overriding it using see MBEDTLS_AES_DECRYPT_ALT.

Parameters
ctxThe AES context to use for decryption.
inputThe ciphertext block.
outputThe output (plaintext) block.
Returns
0 on success.

◆ mbedtls_internal_aes_encrypt()

int mbedtls_internal_aes_encrypt ( mbedtls_aes_context ctx,
const unsigned char  input[16],
unsigned char  output[16] 
)

Internal AES block encryption function. This is only exposed to allow overriding it using MBEDTLS_AES_ENCRYPT_ALT.

Parameters
ctxThe AES context to use for encryption.
inputThe plaintext block.
outputThe output (ciphertext) block.
Returns
0 on success.