Kenji Arai
/
mbed-os_TYBLE16
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
Embed:
(wiki syntax)
Show/hide line numbers
camellia.h
Go to the documentation of this file.
00001 /** 00002 * \file camellia.h 00003 * 00004 * \brief Camellia block cipher 00005 */ 00006 /* 00007 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00008 * SPDX-License-Identifier: Apache-2.0 00009 * 00010 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00011 * not use this file except in compliance with the License. 00012 * You may obtain a copy of the License at 00013 * 00014 * http://www.apache.org/licenses/LICENSE-2.0 00015 * 00016 * Unless required by applicable law or agreed to in writing, software 00017 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00018 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00019 * See the License for the specific language governing permissions and 00020 * limitations under the License. 00021 * 00022 * This file is part of mbed TLS (https://tls.mbed.org) 00023 */ 00024 #ifndef MBEDTLS_CAMELLIA_H 00025 #define MBEDTLS_CAMELLIA_H 00026 00027 #if !defined(MBEDTLS_CONFIG_FILE) 00028 #include "mbedtls/config.h" 00029 #else 00030 #include MBEDTLS_CONFIG_FILE 00031 #endif 00032 00033 #include <stddef.h> 00034 #include <stdint.h> 00035 00036 #include "mbedtls/platform_util.h" 00037 00038 #define MBEDTLS_CAMELLIA_ENCRYPT 1 00039 #define MBEDTLS_CAMELLIA_DECRYPT 0 00040 00041 #if !defined(MBEDTLS_DEPRECATED_REMOVED) 00042 #define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0024 ) 00043 #endif /* !MBEDTLS_DEPRECATED_REMOVED */ 00044 #define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024 /**< Bad input data. */ 00045 00046 #define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */ 00047 00048 /* MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED is deprecated and should not be used. 00049 */ 00050 #define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /**< Camellia hardware accelerator failed. */ 00051 00052 #ifdef __cplusplus 00053 extern "C" { 00054 #endif 00055 00056 #if !defined(MBEDTLS_CAMELLIA_ALT) 00057 // Regular implementation 00058 // 00059 00060 /** 00061 * \brief CAMELLIA context structure 00062 */ 00063 typedef struct mbedtls_camellia_context 00064 { 00065 int nr ; /*!< number of rounds */ 00066 uint32_t rk [68]; /*!< CAMELLIA round keys */ 00067 } 00068 mbedtls_camellia_context; 00069 00070 #else /* MBEDTLS_CAMELLIA_ALT */ 00071 #include "camellia_alt.h" 00072 #endif /* MBEDTLS_CAMELLIA_ALT */ 00073 00074 /** 00075 * \brief Initialize a CAMELLIA context. 00076 * 00077 * \param ctx The CAMELLIA context to be initialized. 00078 * This must not be \c NULL. 00079 */ 00080 void mbedtls_camellia_init( mbedtls_camellia_context *ctx ); 00081 00082 /** 00083 * \brief Clear a CAMELLIA context. 00084 * 00085 * \param ctx The CAMELLIA context to be cleared. This may be \c NULL, 00086 * in which case this function returns immediately. If it is not 00087 * \c NULL, it must be initialized. 00088 */ 00089 void mbedtls_camellia_free( mbedtls_camellia_context *ctx ); 00090 00091 /** 00092 * \brief Perform a CAMELLIA key schedule operation for encryption. 00093 * 00094 * \param ctx The CAMELLIA context to use. This must be initialized. 00095 * \param key The encryption key to use. This must be a readable buffer 00096 * of size \p keybits Bits. 00097 * \param keybits The length of \p key in Bits. This must be either \c 128, 00098 * \c 192 or \c 256. 00099 * 00100 * \return \c 0 if successful. 00101 * \return A negative error code on failure. 00102 */ 00103 int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, 00104 const unsigned char *key, 00105 unsigned int keybits ); 00106 00107 /** 00108 * \brief Perform a CAMELLIA key schedule operation for decryption. 00109 * 00110 * \param ctx The CAMELLIA context to use. This must be initialized. 00111 * \param key The decryption key. This must be a readable buffer 00112 * of size \p keybits Bits. 00113 * \param keybits The length of \p key in Bits. This must be either \c 128, 00114 * \c 192 or \c 256. 00115 * 00116 * \return \c 0 if successful. 00117 * \return A negative error code on failure. 00118 */ 00119 int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, 00120 const unsigned char *key, 00121 unsigned int keybits ); 00122 00123 /** 00124 * \brief Perform a CAMELLIA-ECB block encryption/decryption operation. 00125 * 00126 * \param ctx The CAMELLIA context to use. This must be initialized 00127 * and bound to a key. 00128 * \param mode The mode of operation. This must be either 00129 * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. 00130 * \param input The input block. This must be a readable buffer 00131 * of size \c 16 Bytes. 00132 * \param output The output block. This must be a writable buffer 00133 * of size \c 16 Bytes. 00134 * 00135 * \return \c 0 if successful. 00136 * \return A negative error code on failure. 00137 */ 00138 int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, 00139 int mode, 00140 const unsigned char input[16], 00141 unsigned char output[16] ); 00142 00143 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00144 /** 00145 * \brief Perform a CAMELLIA-CBC buffer encryption/decryption operation. 00146 * 00147 * \note Upon exit, the content of the IV is updated so that you can 00148 * call the function same function again on the following 00149 * block(s) of data and get the same result as if it was 00150 * encrypted in one call. This allows a "streaming" usage. 00151 * If on the other hand you need to retain the contents of the 00152 * IV, you should either save it manually or use the cipher 00153 * module instead. 00154 * 00155 * \param ctx The CAMELLIA context to use. This must be initialized 00156 * and bound to a key. 00157 * \param mode The mode of operation. This must be either 00158 * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. 00159 * \param length The length in Bytes of the input data \p input. 00160 * This must be a multiple of \c 16 Bytes. 00161 * \param iv The initialization vector. This must be a read/write buffer 00162 * of length \c 16 Bytes. It is updated to allow streaming 00163 * use as explained above. 00164 * \param input The buffer holding the input data. This must point to a 00165 * readable buffer of length \p length Bytes. 00166 * \param output The buffer holding the output data. This must point to a 00167 * writable buffer of length \p length Bytes. 00168 * 00169 * \return \c 0 if successful. 00170 * \return A negative error code on failure. 00171 */ 00172 int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, 00173 int mode, 00174 size_t length, 00175 unsigned char iv[16], 00176 const unsigned char *input, 00177 unsigned char *output ); 00178 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 00179 00180 #if defined(MBEDTLS_CIPHER_MODE_CFB) 00181 /** 00182 * \brief Perform a CAMELLIA-CFB128 buffer encryption/decryption 00183 * operation. 00184 * 00185 * \note Due to the nature of CFB mode, you should use the same 00186 * key for both encryption and decryption. In particular, calls 00187 * to this function should be preceded by a key-schedule via 00188 * mbedtls_camellia_setkey_enc() regardless of whether \p mode 00189 * is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. 00190 * 00191 * \note Upon exit, the content of the IV is updated so that you can 00192 * call the function same function again on the following 00193 * block(s) of data and get the same result as if it was 00194 * encrypted in one call. This allows a "streaming" usage. 00195 * If on the other hand you need to retain the contents of the 00196 * IV, you should either save it manually or use the cipher 00197 * module instead. 00198 * 00199 * \param ctx The CAMELLIA context to use. This must be initialized 00200 * and bound to a key. 00201 * \param mode The mode of operation. This must be either 00202 * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. 00203 * \param length The length of the input data \p input. Any value is allowed. 00204 * \param iv_off The current offset in the IV. This must be smaller 00205 * than \c 16 Bytes. It is updated after this call to allow 00206 * the aforementioned streaming usage. 00207 * \param iv The initialization vector. This must be a read/write buffer 00208 * of length \c 16 Bytes. It is updated after this call to 00209 * allow the aforementioned streaming usage. 00210 * \param input The buffer holding the input data. This must be a readable 00211 * buffer of size \p length Bytes. 00212 * \param output The buffer to hold the output data. This must be a writable 00213 * buffer of length \p length Bytes. 00214 * 00215 * \return \c 0 if successful. 00216 * \return A negative error code on failure. 00217 */ 00218 int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, 00219 int mode, 00220 size_t length, 00221 size_t *iv_off, 00222 unsigned char iv[16], 00223 const unsigned char *input, 00224 unsigned char *output ); 00225 #endif /* MBEDTLS_CIPHER_MODE_CFB */ 00226 00227 #if defined(MBEDTLS_CIPHER_MODE_CTR) 00228 /** 00229 * \brief Perform a CAMELLIA-CTR buffer encryption/decryption operation. 00230 * 00231 * *note Due to the nature of CTR mode, you should use the same 00232 * key for both encryption and decryption. In particular, calls 00233 * to this function should be preceded by a key-schedule via 00234 * mbedtls_camellia_setkey_enc() regardless of whether \p mode 00235 * is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT. 00236 * 00237 * \warning You must never reuse a nonce value with the same key. Doing so 00238 * would void the encryption for the two messages encrypted with 00239 * the same nonce and key. 00240 * 00241 * There are two common strategies for managing nonces with CTR: 00242 * 00243 * 1. You can handle everything as a single message processed over 00244 * successive calls to this function. In that case, you want to 00245 * set \p nonce_counter and \p nc_off to 0 for the first call, and 00246 * then preserve the values of \p nonce_counter, \p nc_off and \p 00247 * stream_block across calls to this function as they will be 00248 * updated by this function. 00249 * 00250 * With this strategy, you must not encrypt more than 2**128 00251 * blocks of data with the same key. 00252 * 00253 * 2. You can encrypt separate messages by dividing the \p 00254 * nonce_counter buffer in two areas: the first one used for a 00255 * per-message nonce, handled by yourself, and the second one 00256 * updated by this function internally. 00257 * 00258 * For example, you might reserve the first \c 12 Bytes for the 00259 * per-message nonce, and the last \c 4 Bytes for internal use. 00260 * In that case, before calling this function on a new message you 00261 * need to set the first \c 12 Bytes of \p nonce_counter to your 00262 * chosen nonce value, the last four to \c 0, and \p nc_off to \c 0 00263 * (which will cause \p stream_block to be ignored). That way, you 00264 * can encrypt at most \c 2**96 messages of up to \c 2**32 blocks 00265 * each with the same key. 00266 * 00267 * The per-message nonce (or information sufficient to reconstruct 00268 * it) needs to be communicated with the ciphertext and must be 00269 * unique. The recommended way to ensure uniqueness is to use a 00270 * message counter. An alternative is to generate random nonces, 00271 * but this limits the number of messages that can be securely 00272 * encrypted: for example, with 96-bit random nonces, you should 00273 * not encrypt more than 2**32 messages with the same key. 00274 * 00275 * Note that for both stategies, sizes are measured in blocks and 00276 * that a CAMELLIA block is \c 16 Bytes. 00277 * 00278 * \warning Upon return, \p stream_block contains sensitive data. Its 00279 * content must not be written to insecure storage and should be 00280 * securely discarded as soon as it's no longer needed. 00281 * 00282 * \param ctx The CAMELLIA context to use. This must be initialized 00283 * and bound to a key. 00284 * \param length The length of the input data \p input in Bytes. 00285 * Any value is allowed. 00286 * \param nc_off The offset in the current \p stream_block (for resuming 00287 * within current cipher stream). The offset pointer to 00288 * should be \c 0 at the start of a stream. It is updated 00289 * at the end of this call. 00290 * \param nonce_counter The 128-bit nonce and counter. This must be a read/write 00291 * buffer of length \c 16 Bytes. 00292 * \param stream_block The saved stream-block for resuming. This must be a 00293 * read/write buffer of length \c 16 Bytes. 00294 * \param input The input data stream. This must be a readable buffer of 00295 * size \p length Bytes. 00296 * \param output The output data stream. This must be a writable buffer 00297 * of size \p length Bytes. 00298 * 00299 * \return \c 0 if successful. 00300 * \return A negative error code on failure. 00301 */ 00302 int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx, 00303 size_t length, 00304 size_t *nc_off, 00305 unsigned char nonce_counter[16], 00306 unsigned char stream_block[16], 00307 const unsigned char *input, 00308 unsigned char *output ); 00309 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 00310 00311 #if defined(MBEDTLS_SELF_TEST) 00312 00313 /** 00314 * \brief Checkup routine 00315 * 00316 * \return 0 if successful, or 1 if the test failed 00317 */ 00318 int mbedtls_camellia_self_test( int verbose ); 00319 00320 #endif /* MBEDTLS_SELF_TEST */ 00321 00322 #ifdef __cplusplus 00323 } 00324 #endif 00325 00326 #endif /* camellia.h */
Generated on Tue Jul 12 2022 13:54:04 by
1.7.2