mbed TLS v3.1.0
Macros | Functions
aria.h File Reference

ARIA block cipher. More...

#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
#include <stddef.h>
#include <stdint.h>
#include "mbedtls/platform_util.h"
#include "aria_alt.h"
Include dependency graph for aria.h:

Go to the source code of this file.

Macros

#define MBEDTLS_ARIA_ENCRYPT   1
 
#define MBEDTLS_ARIA_DECRYPT   0
 
#define MBEDTLS_ARIA_BLOCKSIZE   16
 
#define MBEDTLS_ARIA_MAX_ROUNDS   16
 
#define MBEDTLS_ARIA_MAX_KEYSIZE   32
 
#define MBEDTLS_ERR_ARIA_BAD_INPUT_DATA   -0x005C
 
#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH   -0x005E
 

Functions

void mbedtls_aria_init (mbedtls_aria_context *ctx)
 This function initializes the specified ARIA context. More...
 
void mbedtls_aria_free (mbedtls_aria_context *ctx)
 This function releases and clears the specified ARIA context. More...
 
int mbedtls_aria_setkey_enc (mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits)
 This function sets the encryption key. More...
 
int mbedtls_aria_setkey_dec (mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits)
 This function sets the decryption key. More...
 
int mbedtls_aria_crypt_ecb (mbedtls_aria_context *ctx, const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE], unsigned char output[MBEDTLS_ARIA_BLOCKSIZE])
 This function performs an ARIA single-block encryption or decryption operation. More...
 
int mbedtls_aria_crypt_cbc (mbedtls_aria_context *ctx, int mode, size_t length, unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], const unsigned char *input, unsigned char *output)
 This function performs an ARIA-CBC encryption or decryption operation on full blocks. More...
 
int mbedtls_aria_crypt_cfb128 (mbedtls_aria_context *ctx, int mode, size_t length, size_t *iv_off, unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], const unsigned char *input, unsigned char *output)
 This function performs an ARIA-CFB128 encryption or decryption operation. More...
 
int mbedtls_aria_crypt_ctr (mbedtls_aria_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE], unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE], const unsigned char *input, unsigned char *output)
 This function performs an ARIA-CTR encryption or decryption operation. More...
 
int mbedtls_aria_self_test (int verbose)
 Checkup routine. More...
 

Detailed Description

ARIA block cipher.

The ARIA algorithm is a symmetric block cipher that can encrypt and decrypt information. It is defined by the Korean Agency for Technology and Standards (KATS) in KS X 1213:2004 (in Korean, but see http://210.104.33.10/ARIA/index-e.html in English) and also described by the IETF in RFC 5794.

Definition in file aria.h.

Macro Definition Documentation

#define MBEDTLS_ARIA_BLOCKSIZE   16

ARIA block size in bytes.

Definition at line 43 of file aria.h.

#define MBEDTLS_ARIA_DECRYPT   0

ARIA decryption.

Definition at line 41 of file aria.h.

#define MBEDTLS_ARIA_ENCRYPT   1

ARIA encryption.

Definition at line 40 of file aria.h.

#define MBEDTLS_ARIA_MAX_KEYSIZE   32

Maximum size of an ARIA key in bytes.

Definition at line 45 of file aria.h.

#define MBEDTLS_ARIA_MAX_ROUNDS   16

Maxiumum number of rounds in ARIA.

Definition at line 44 of file aria.h.

#define MBEDTLS_ERR_ARIA_BAD_INPUT_DATA   -0x005C

Bad input data.

Definition at line 48 of file aria.h.

#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH   -0x005E

Invalid data input length.

Definition at line 51 of file aria.h.

Function Documentation

int mbedtls_aria_crypt_cbc ( mbedtls_aria_context *  ctx,
int  mode,
size_t  length,
unsigned char  iv[MBEDTLS_ARIA_BLOCKSIZE],
const unsigned char *  input,
unsigned char *  output 
)

This function performs an ARIA-CBC encryption or decryption operation on full blocks.

It performs the operation defined in the mode parameter (encrypt/decrypt), on the input data buffer defined in the input parameter.

It can be called as many times as needed, until all the input data is processed. mbedtls_aria_init(), and either mbedtls_aria_setkey_enc() or mbedtls_aria_setkey_dec() must be called before the first call to this API with the same context.

Note
This function operates on aligned blocks, that is, the input size must be a multiple of the ARIA block size of 16 Bytes.
Upon exit, the content of the IV is updated so that you can call the same function again on the next block(s) of data and get the same result as if it was encrypted in one call. This allows a "streaming" usage. If you need to retain the contents of the IV, you should either save it manually or use the cipher module instead.
Parameters
ctxThe ARIA context to use for encryption or decryption. This must be initialized and bound to a key.
modeThe mode of operation. This must be either MBEDTLS_ARIA_ENCRYPT for encryption, or MBEDTLS_ARIA_DECRYPT for decryption.
lengthThe length of the input data in Bytes. This must be a multiple of the block size (16 Bytes).
ivInitialization vector (updated after use). This must be a readable buffer of size 16 Bytes.
inputThe buffer holding the input data. This must be a readable buffer of length length Bytes.
outputThe buffer holding the output data. This must be a writable buffer of length length Bytes.
Returns
0 on success.
A negative error code on failure.
int mbedtls_aria_crypt_cfb128 ( mbedtls_aria_context *  ctx,
int  mode,
size_t  length,
size_t *  iv_off,
unsigned char  iv[MBEDTLS_ARIA_BLOCKSIZE],
const unsigned char *  input,
unsigned char *  output 
)

This function performs an ARIA-CFB128 encryption or decryption operation.

It performs the operation defined in the mode parameter (encrypt or decrypt), on the input data buffer defined in the input parameter.

For CFB, you must set up the context with mbedtls_aria_setkey_enc(), regardless of whether you are performing an encryption or decryption operation, that is, regardless of the mode parameter. This is because CFB mode uses the same key schedule for encryption and decryption.

Note
Upon exit, the content of the IV is updated so that you can call the same function again on the next block(s) of data and get the same result as if it was encrypted in one call. This allows a "streaming" usage. If you need to retain the contents of the IV, you must either save it manually or use the cipher module instead.
Parameters
ctxThe ARIA context to use for encryption or decryption. This must be initialized and bound to a key.
modeThe mode of operation. This must be either MBEDTLS_ARIA_ENCRYPT for encryption, or MBEDTLS_ARIA_DECRYPT for decryption.
lengthThe length of the input data input in Bytes.
iv_offThe offset in IV (updated after use). This must not be larger than 15.
ivThe initialization vector (updated after use). This must be a readable buffer of size 16 Bytes.
inputThe buffer holding the input data. This must be a readable buffer of length length Bytes.
outputThe buffer holding the output data. This must be a writable buffer of length length Bytes.
Returns
0 on success.
A negative error code on failure.
int mbedtls_aria_crypt_ctr ( mbedtls_aria_context *  ctx,
size_t  length,
size_t *  nc_off,
unsigned char  nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
unsigned char  stream_block[MBEDTLS_ARIA_BLOCKSIZE],
const unsigned char *  input,
unsigned char *  output 
)

This function performs an ARIA-CTR encryption or decryption operation.

This function performs the operation defined in the mode parameter (encrypt/decrypt), on the input data buffer defined in the input parameter.

Due to the nature of CTR, you must use the same key schedule for both encryption and decryption operations. Therefore, you must use the context initialized with mbedtls_aria_setkey_enc() for both MBEDTLS_ARIA_ENCRYPT and MBEDTLS_ARIA_DECRYPT.

Warning
You must never reuse a nonce value with the same key. Doing so would void the encryption for the two messages encrypted with the same nonce and key.

There are two common strategies for managing nonces with CTR:

  1. You can handle everything as a single message processed over successive calls to this function. In that case, you want to set nonce_counter and nc_off to 0 for the first call, and then preserve the values of nonce_counter, nc_off and stream_block across calls to this function as they will be updated by this function.

With this strategy, you must not encrypt more than 2**128 blocks of data with the same key.

  1. You can encrypt separate messages by dividing the nonce_counter buffer in two areas: the first one used for a per-message nonce, handled by yourself, and the second one updated by this function internally.

For example, you might reserve the first 12 bytes for the per-message nonce, and the last 4 bytes for internal use. In that case, before calling this function on a new message you need to set the first 12 bytes of nonce_counter to your chosen nonce value, the last 4 to 0, and nc_off to 0 (which will cause stream_block to be ignored). That way, you can encrypt at most 2**96 messages of up to 2**32 blocks each with the same key.

The per-message nonce (or information sufficient to reconstruct it) needs to be communicated with the ciphertext and must be unique. The recommended way to ensure uniqueness is to use a message counter. An alternative is to generate random nonces, but this limits the number of messages that can be securely encrypted: for example, with 96-bit random nonces, you should not encrypt more than 2**32 messages with the same key.

Note that for both stategies, sizes are measured in blocks and that an ARIA block is 16 bytes.

Warning
Upon return, stream_block contains sensitive data. Its content must not be written to insecure storage and should be securely discarded as soon as it's no longer needed.
Parameters
ctxThe ARIA context to use for encryption or decryption. This must be initialized and bound to a key.
lengthThe length of the input data input in Bytes.
nc_offThe offset in Bytes in the current stream_block, for resuming within the current cipher stream. The offset pointer should be 0 at the start of a stream. This must not be larger than 15 Bytes.
nonce_counterThe 128-bit nonce and counter. This must point to a read/write buffer of length 16 bytes.
stream_blockThe saved stream block for resuming. This must point to a read/write buffer of length 16 bytes. This is overwritten by the function.
inputThe buffer holding the input data. This must be a readable buffer of length length Bytes.
outputThe buffer holding the output data. This must be a writable buffer of length length Bytes.
Returns
0 on success.
A negative error code on failure.
int mbedtls_aria_crypt_ecb ( mbedtls_aria_context *  ctx,
const unsigned char  input[MBEDTLS_ARIA_BLOCKSIZE],
unsigned char  output[MBEDTLS_ARIA_BLOCKSIZE] 
)

This function performs an ARIA single-block encryption or decryption operation.

It performs encryption or decryption (depending on whether the key was set for encryption on decryption) on the input data buffer defined in the input parameter.

mbedtls_aria_init(), and either mbedtls_aria_setkey_enc() or mbedtls_aria_setkey_dec() must be called before the first call to this API with the same context.

Parameters
ctxThe ARIA context to use for encryption or decryption. This must be initialized and bound to a key.
inputThe 16-Byte buffer holding the input data.
outputThe 16-Byte buffer holding the output data.
Returns
0 on success.
A negative error code on failure.
void mbedtls_aria_free ( mbedtls_aria_context *  ctx)

This function releases and clears the specified ARIA context.

Parameters
ctxThe ARIA context to clear. This may be NULL, in which case this function returns immediately. If it is not NULL, it must point to an initialized ARIA context.
void mbedtls_aria_init ( mbedtls_aria_context *  ctx)

This function initializes the specified ARIA context.

It must be the first API called before using the context.

Parameters
ctxThe ARIA context to initialize. This must not be NULL.
int mbedtls_aria_self_test ( int  verbose)

Checkup routine.

Returns
0 on success, or 1 on failure.
int mbedtls_aria_setkey_dec ( mbedtls_aria_context *  ctx,
const unsigned char *  key,
unsigned int  keybits 
)

This function sets the decryption key.

Parameters
ctxThe ARIA context to which the key should be bound. This must be initialized.
keyThe decryption key. This must be a readable buffer of size keybits Bits.
keybitsThe size of data passed. Valid options are:
  • 128 bits
  • 192 bits
  • 256 bits
Returns
0 on success.
A negative error code on failure.
int mbedtls_aria_setkey_enc ( mbedtls_aria_context *  ctx,
const unsigned char *  key,
unsigned int  keybits 
)

This function sets the encryption key.

Parameters
ctxThe ARIA context to which the key should be bound. This must be initialized.
keyThe encryption key. This must be a readable buffer of size keybits Bits.
keybitsThe size of key in Bits. Valid options are:
  • 128 bits
  • 192 bits
  • 256 bits
Returns
0 on success.
A negative error code on failure.