--- /dev/null
+/**\r
+ * \file aria.h\r
+ *\r
+ * \brief ARIA block cipher\r
+ *\r
+ * The ARIA algorithm is a symmetric block cipher that can encrypt and\r
+ * decrypt information. It is defined by the Korean Agency for\r
+ * Technology and Standards (KATS) in <em>KS X 1213:2004</em> (in\r
+ * Korean, but see http://210.104.33.10/ARIA/index-e.html in English)\r
+ * and also described by the IETF in <em>RFC 5794</em>.\r
+ */\r
+/* Copyright (C) 2006-2018, ARM Limited, All Rights Reserved\r
+ * SPDX-License-Identifier: Apache-2.0\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may\r
+ * not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\r
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ *\r
+ * This file is part of mbed TLS (https://tls.mbed.org)\r
+ */\r
+\r
+#ifndef MBEDTLS_ARIA_H\r
+#define MBEDTLS_ARIA_H\r
+\r
+#if !defined(MBEDTLS_CONFIG_FILE)\r
+#include "config.h"\r
+#else\r
+#include MBEDTLS_CONFIG_FILE\r
+#endif\r
+\r
+#include <stddef.h>\r
+#include <stdint.h>\r
+\r
+#include "platform_util.h"\r
+\r
+#define MBEDTLS_ARIA_ENCRYPT 1 /**< ARIA encryption. */\r
+#define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */\r
+\r
+#define MBEDTLS_ARIA_BLOCKSIZE 16 /**< ARIA block size in bytes. */\r
+#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */\r
+#define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */\r
+\r
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)\r
+#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x005C )\r
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */\r
+#define MBEDTLS_ERR_ARIA_BAD_INPUT_DATA -0x005C /**< Bad input data. */\r
+\r
+#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */\r
+\r
+/* MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE is deprecated and should not be used.\r
+ */\r
+#define MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE -0x005A /**< Feature not available. For example, an unsupported ARIA key size. */\r
+\r
+/* MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED is deprecated and should not be used. */\r
+#define MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED -0x0058 /**< ARIA hardware accelerator failed. */\r
+\r
+#if !defined(MBEDTLS_ARIA_ALT)\r
+// Regular implementation\r
+//\r
+\r
+#ifdef __cplusplus\r
+extern "C" {\r
+#endif\r
+\r
+/**\r
+ * \brief The ARIA context-type definition.\r
+ */\r
+typedef struct mbedtls_aria_context\r
+{\r
+ unsigned char nr; /*!< The number of rounds (12, 14 or 16) */\r
+ /*! The ARIA round keys. */\r
+ uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];\r
+}\r
+mbedtls_aria_context;\r
+\r
+#else /* MBEDTLS_ARIA_ALT */\r
+#include "aria_alt.h"\r
+#endif /* MBEDTLS_ARIA_ALT */\r
+\r
+/**\r
+ * \brief This function initializes the specified ARIA context.\r
+ *\r
+ * It must be the first API called before using\r
+ * the context.\r
+ *\r
+ * \param ctx The ARIA context to initialize. This must not be \c NULL.\r
+ */\r
+void mbedtls_aria_init( mbedtls_aria_context *ctx );\r
+\r
+/**\r
+ * \brief This function releases and clears the specified ARIA context.\r
+ *\r
+ * \param ctx The ARIA context to clear. This may be \c NULL, in which\r
+ * case this function returns immediately. If it is not \c NULL,\r
+ * it must point to an initialized ARIA context.\r
+ */\r
+void mbedtls_aria_free( mbedtls_aria_context *ctx );\r
+\r
+/**\r
+ * \brief This function sets the encryption key.\r
+ *\r
+ * \param ctx The ARIA context to which the key should be bound.\r
+ * This must be initialized.\r
+ * \param key The encryption key. This must be a readable buffer\r
+ * of size \p keybits Bits.\r
+ * \param keybits The size of \p key in Bits. Valid options are:\r
+ * <ul><li>128 bits</li>\r
+ * <li>192 bits</li>\r
+ * <li>256 bits</li></ul>\r
+ *\r
+ * \return \c 0 on success.\r
+ * \return A negative error code on failure.\r
+ */\r
+int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,\r
+ const unsigned char *key,\r
+ unsigned int keybits );\r
+\r
+/**\r
+ * \brief This function sets the decryption key.\r
+ *\r
+ * \param ctx The ARIA context to which the key should be bound.\r
+ * This must be initialized.\r
+ * \param key The decryption key. This must be a readable buffer\r
+ * of size \p keybits Bits.\r
+ * \param keybits The size of data passed. Valid options are:\r
+ * <ul><li>128 bits</li>\r
+ * <li>192 bits</li>\r
+ * <li>256 bits</li></ul>\r
+ *\r
+ * \return \c 0 on success.\r
+ * \return A negative error code on failure.\r
+ */\r
+int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,\r
+ const unsigned char *key,\r
+ unsigned int keybits );\r
+\r
+/**\r
+ * \brief This function performs an ARIA single-block encryption or\r
+ * decryption operation.\r
+ *\r
+ * It performs encryption or decryption (depending on whether\r
+ * the key was set for encryption on decryption) on the input\r
+ * data buffer defined in the \p input parameter.\r
+ *\r
+ * mbedtls_aria_init(), and either mbedtls_aria_setkey_enc() or\r
+ * mbedtls_aria_setkey_dec() must be called before the first\r
+ * call to this API with the same context.\r
+ *\r
+ * \param ctx The ARIA context to use for encryption or decryption.\r
+ * This must be initialized and bound to a key.\r
+ * \param input The 16-Byte buffer holding the input data.\r
+ * \param output The 16-Byte buffer holding the output data.\r
+\r
+ * \return \c 0 on success.\r
+ * \return A negative error code on failure.\r
+ */\r
+int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,\r
+ const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],\r
+ unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] );\r
+\r
+#if defined(MBEDTLS_CIPHER_MODE_CBC)\r
+/**\r
+ * \brief This function performs an ARIA-CBC encryption or decryption operation\r
+ * on full blocks.\r
+ *\r
+ * It performs the operation defined in the \p mode\r
+ * parameter (encrypt/decrypt), on the input data buffer defined in\r
+ * the \p input parameter.\r
+ *\r
+ * It can be called as many times as needed, until all the input\r
+ * data is processed. mbedtls_aria_init(), and either\r
+ * mbedtls_aria_setkey_enc() or mbedtls_aria_setkey_dec() must be called\r
+ * before the first call to this API with the same context.\r
+ *\r
+ * \note This function operates on aligned blocks, that is, the input size\r
+ * must be a multiple of the ARIA block size of 16 Bytes.\r
+ *\r
+ * \note Upon exit, the content of the IV is updated so that you can\r
+ * call the same function again on the next\r
+ * block(s) of data and get the same result as if it was\r
+ * encrypted in one call. This allows a "streaming" usage.\r
+ * If you need to retain the contents of the IV, you should\r
+ * either save it manually or use the cipher module instead.\r
+ *\r
+ *\r
+ * \param ctx The ARIA context to use for encryption or decryption.\r
+ * This must be initialized and bound to a key.\r
+ * \param mode The mode of operation. This must be either\r
+ * #MBEDTLS_ARIA_ENCRYPT for encryption, or\r
+ * #MBEDTLS_ARIA_DECRYPT for decryption.\r
+ * \param length The length of the input data in Bytes. This must be a\r
+ * multiple of the block size (16 Bytes).\r
+ * \param iv Initialization vector (updated after use).\r
+ * This must be a readable buffer of size 16 Bytes.\r
+ * \param input The buffer holding the input data. This must\r
+ * be a readable buffer of length \p length Bytes.\r
+ * \param output The buffer holding the output data. This must\r
+ * be a writable buffer of length \p length Bytes.\r
+ *\r
+ * \return \c 0 on success.\r
+ * \return A negative error code on failure.\r
+ */\r
+int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,\r
+ int mode,\r
+ size_t length,\r
+ unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],\r
+ const unsigned char *input,\r
+ unsigned char *output );\r
+#endif /* MBEDTLS_CIPHER_MODE_CBC */\r
+\r
+#if defined(MBEDTLS_CIPHER_MODE_CFB)\r
+/**\r
+ * \brief This function performs an ARIA-CFB128 encryption or decryption\r
+ * operation.\r
+ *\r
+ * It performs the operation defined in the \p mode\r
+ * parameter (encrypt or decrypt), on the input data buffer\r
+ * defined in the \p input parameter.\r
+ *\r
+ * For CFB, you must set up the context with mbedtls_aria_setkey_enc(),\r
+ * regardless of whether you are performing an encryption or decryption\r
+ * operation, that is, regardless of the \p mode parameter. This is\r
+ * because CFB mode uses the same key schedule for encryption and\r
+ * decryption.\r
+ *\r
+ * \note Upon exit, the content of the IV is updated so that you can\r
+ * call the same function again on the next\r
+ * block(s) of data and get the same result as if it was\r
+ * encrypted in one call. This allows a "streaming" usage.\r
+ * If you need to retain the contents of the\r
+ * IV, you must either save it manually or use the cipher\r
+ * module instead.\r
+ *\r
+ *\r
+ * \param ctx The ARIA context to use for encryption or decryption.\r
+ * This must be initialized and bound to a key.\r
+ * \param mode The mode of operation. This must be either\r
+ * #MBEDTLS_ARIA_ENCRYPT for encryption, or\r
+ * #MBEDTLS_ARIA_DECRYPT for decryption.\r
+ * \param length The length of the input data \p input in Bytes.\r
+ * \param iv_off The offset in IV (updated after use).\r
+ * This must not be larger than 15.\r
+ * \param iv The initialization vector (updated after use).\r
+ * This must be a readable buffer of size 16 Bytes.\r
+ * \param input The buffer holding the input data. This must\r
+ * be a readable buffer of length \p length Bytes.\r
+ * \param output The buffer holding the output data. This must\r
+ * be a writable buffer of length \p length Bytes.\r
+ *\r
+ * \return \c 0 on success.\r
+ * \return A negative error code on failure.\r
+ */\r
+int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,\r
+ int mode,\r
+ size_t length,\r
+ size_t *iv_off,\r
+ unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],\r
+ const unsigned char *input,\r
+ unsigned char *output );\r
+#endif /* MBEDTLS_CIPHER_MODE_CFB */\r
+\r
+#if defined(MBEDTLS_CIPHER_MODE_CTR)\r
+/**\r
+ * \brief This function performs an ARIA-CTR encryption or decryption\r
+ * operation.\r
+ *\r
+ * This function performs the operation defined in the \p mode\r
+ * parameter (encrypt/decrypt), on the input data buffer\r
+ * defined in the \p input parameter.\r
+ *\r
+ * Due to the nature of CTR, you must use the same key schedule\r
+ * for both encryption and decryption operations. Therefore, you\r
+ * must use the context initialized with mbedtls_aria_setkey_enc()\r
+ * for both #MBEDTLS_ARIA_ENCRYPT and #MBEDTLS_ARIA_DECRYPT.\r
+ *\r
+ * \warning You must never reuse a nonce value with the same key. Doing so\r
+ * would void the encryption for the two messages encrypted with\r
+ * the same nonce and key.\r
+ *\r
+ * There are two common strategies for managing nonces with CTR:\r
+ *\r
+ * 1. You can handle everything as a single message processed over\r
+ * successive calls to this function. In that case, you want to\r
+ * set \p nonce_counter and \p nc_off to 0 for the first call, and\r
+ * then preserve the values of \p nonce_counter, \p nc_off and \p\r
+ * stream_block across calls to this function as they will be\r
+ * updated by this function.\r
+ *\r
+ * With this strategy, you must not encrypt more than 2**128\r
+ * blocks of data with the same key.\r
+ *\r
+ * 2. You can encrypt separate messages by dividing the \p\r
+ * nonce_counter buffer in two areas: the first one used for a\r
+ * per-message nonce, handled by yourself, and the second one\r
+ * updated by this function internally.\r
+ *\r
+ * For example, you might reserve the first 12 bytes for the\r
+ * per-message nonce, and the last 4 bytes for internal use. In that\r
+ * case, before calling this function on a new message you need to\r
+ * set the first 12 bytes of \p nonce_counter to your chosen nonce\r
+ * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p\r
+ * stream_block to be ignored). That way, you can encrypt at most\r
+ * 2**96 messages of up to 2**32 blocks each with the same key.\r
+ *\r
+ * The per-message nonce (or information sufficient to reconstruct\r
+ * it) needs to be communicated with the ciphertext and must be unique.\r
+ * The recommended way to ensure uniqueness is to use a message\r
+ * counter. An alternative is to generate random nonces, but this\r
+ * limits the number of messages that can be securely encrypted:\r
+ * for example, with 96-bit random nonces, you should not encrypt\r
+ * more than 2**32 messages with the same key.\r
+ *\r
+ * Note that for both stategies, sizes are measured in blocks and\r
+ * that an ARIA block is 16 bytes.\r
+ *\r
+ * \warning Upon return, \p stream_block contains sensitive data. Its\r
+ * content must not be written to insecure storage and should be\r
+ * securely discarded as soon as it's no longer needed.\r
+ *\r
+ * \param ctx The ARIA context to use for encryption or decryption.\r
+ * This must be initialized and bound to a key.\r
+ * \param length The length of the input data \p input in Bytes.\r
+ * \param nc_off The offset in Bytes in the current \p stream_block,\r
+ * for resuming within the current cipher stream. The\r
+ * offset pointer should be \c 0 at the start of a\r
+ * stream. This must not be larger than \c 15 Bytes.\r
+ * \param nonce_counter The 128-bit nonce and counter. This must point to\r
+ * a read/write buffer of length \c 16 bytes.\r
+ * \param stream_block The saved stream block for resuming. This must\r
+ * point to a read/write buffer of length \c 16 bytes.\r
+ * This is overwritten by the function.\r
+ * \param input The buffer holding the input data. This must\r
+ * be a readable buffer of length \p length Bytes.\r
+ * \param output The buffer holding the output data. This must\r
+ * be a writable buffer of length \p length Bytes.\r
+ *\r
+ * \return \c 0 on success.\r
+ * \return A negative error code on failure.\r
+ */\r
+int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,\r
+ size_t length,\r
+ size_t *nc_off,\r
+ unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],\r
+ unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],\r
+ const unsigned char *input,\r
+ unsigned char *output );\r
+#endif /* MBEDTLS_CIPHER_MODE_CTR */\r
+\r
+#if defined(MBEDTLS_SELF_TEST)\r
+/**\r
+ * \brief Checkup routine.\r
+ *\r
+ * \return \c 0 on success, or \c 1 on failure.\r
+ */\r
+int mbedtls_aria_self_test( int verbose );\r
+#endif /* MBEDTLS_SELF_TEST */\r
+\r
+#ifdef __cplusplus\r
+}\r
+#endif\r
+\r
+#endif /* aria.h */\r