Kenji Arai
/
mbed-os_TYBLE16
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
Embed:
(wiki syntax)
Show/hide line numbers
cipher.h
Go to the documentation of this file.
00001 /** 00002 * \file cipher.h 00003 * 00004 * \brief This file contains an abstraction interface for use with the cipher 00005 * primitives provided by the library. It provides a common interface to all of 00006 * the available cipher operations. 00007 * 00008 * \author Adriaan de Jong <dejong@fox-it.com> 00009 */ 00010 /* 00011 * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved 00012 * SPDX-License-Identifier: Apache-2.0 00013 * 00014 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00015 * not use this file except in compliance with the License. 00016 * You may obtain a copy of the License at 00017 * 00018 * http://www.apache.org/licenses/LICENSE-2.0 00019 * 00020 * Unless required by applicable law or agreed to in writing, software 00021 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00022 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00023 * See the License for the specific language governing permissions and 00024 * limitations under the License. 00025 * 00026 * This file is part of Mbed TLS (https://tls.mbed.org) 00027 */ 00028 00029 #ifndef MBEDTLS_CIPHER_H 00030 #define MBEDTLS_CIPHER_H 00031 00032 #if !defined(MBEDTLS_CONFIG_FILE) 00033 #include "mbedtls/config.h" 00034 #else 00035 #include MBEDTLS_CONFIG_FILE 00036 #endif 00037 00038 #include <stddef.h> 00039 #include "mbedtls/platform_util.h" 00040 00041 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 00042 #define MBEDTLS_CIPHER_MODE_AEAD 00043 #endif 00044 00045 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00046 #define MBEDTLS_CIPHER_MODE_WITH_PADDING 00047 #endif 00048 00049 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \ 00050 defined(MBEDTLS_CHACHA20_C) 00051 #define MBEDTLS_CIPHER_MODE_STREAM 00052 #endif 00053 00054 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 00055 !defined(inline) && !defined(__cplusplus) 00056 #define inline __inline 00057 #endif 00058 00059 #define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 /**< The selected feature is not available. */ 00060 #define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 /**< Bad input parameters. */ 00061 #define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 /**< Failed to allocate memory. */ 00062 #define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */ 00063 #define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */ 00064 #define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */ 00065 #define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid. For example, because it was freed. */ 00066 00067 /* MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED is deprecated and should not be used. */ 00068 #define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400 /**< Cipher hardware accelerator failed. */ 00069 00070 #define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length. */ 00071 #define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length. */ 00072 00073 #ifdef __cplusplus 00074 extern "C" { 00075 #endif 00076 00077 /** 00078 * \brief Supported cipher types. 00079 * 00080 * \warning RC4 and DES are considered weak ciphers and their use 00081 * constitutes a security risk. Arm recommends considering stronger 00082 * ciphers instead. 00083 */ 00084 typedef enum { 00085 MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID lists. */ 00086 MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */ 00087 MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */ 00088 MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */ 00089 MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */ 00090 MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */ 00091 MBEDTLS_CIPHER_ID_BLOWFISH, /**< The Blowfish cipher. */ 00092 MBEDTLS_CIPHER_ID_ARC4, /**< The RC4 cipher. */ 00093 MBEDTLS_CIPHER_ID_ARIA, /**< The Aria cipher. */ 00094 MBEDTLS_CIPHER_ID_CHACHA20, /**< The ChaCha20 cipher. */ 00095 } mbedtls_cipher_id_t; 00096 00097 /** 00098 * \brief Supported {cipher type, cipher mode} pairs. 00099 * 00100 * \warning RC4 and DES are considered weak ciphers and their use 00101 * constitutes a security risk. Arm recommends considering stronger 00102 * ciphers instead. 00103 */ 00104 typedef enum { 00105 MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair lists. */ 00106 MBEDTLS_CIPHER_NULL, /**< The identity stream cipher. */ 00107 MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */ 00108 MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */ 00109 MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */ 00110 MBEDTLS_CIPHER_AES_128_CBC, /**< AES cipher with 128-bit CBC mode. */ 00111 MBEDTLS_CIPHER_AES_192_CBC, /**< AES cipher with 192-bit CBC mode. */ 00112 MBEDTLS_CIPHER_AES_256_CBC, /**< AES cipher with 256-bit CBC mode. */ 00113 MBEDTLS_CIPHER_AES_128_CFB128, /**< AES cipher with 128-bit CFB128 mode. */ 00114 MBEDTLS_CIPHER_AES_192_CFB128, /**< AES cipher with 192-bit CFB128 mode. */ 00115 MBEDTLS_CIPHER_AES_256_CFB128, /**< AES cipher with 256-bit CFB128 mode. */ 00116 MBEDTLS_CIPHER_AES_128_CTR, /**< AES cipher with 128-bit CTR mode. */ 00117 MBEDTLS_CIPHER_AES_192_CTR, /**< AES cipher with 192-bit CTR mode. */ 00118 MBEDTLS_CIPHER_AES_256_CTR, /**< AES cipher with 256-bit CTR mode. */ 00119 MBEDTLS_CIPHER_AES_128_GCM, /**< AES cipher with 128-bit GCM mode. */ 00120 MBEDTLS_CIPHER_AES_192_GCM, /**< AES cipher with 192-bit GCM mode. */ 00121 MBEDTLS_CIPHER_AES_256_GCM, /**< AES cipher with 256-bit GCM mode. */ 00122 MBEDTLS_CIPHER_CAMELLIA_128_ECB, /**< Camellia cipher with 128-bit ECB mode. */ 00123 MBEDTLS_CIPHER_CAMELLIA_192_ECB, /**< Camellia cipher with 192-bit ECB mode. */ 00124 MBEDTLS_CIPHER_CAMELLIA_256_ECB, /**< Camellia cipher with 256-bit ECB mode. */ 00125 MBEDTLS_CIPHER_CAMELLIA_128_CBC, /**< Camellia cipher with 128-bit CBC mode. */ 00126 MBEDTLS_CIPHER_CAMELLIA_192_CBC, /**< Camellia cipher with 192-bit CBC mode. */ 00127 MBEDTLS_CIPHER_CAMELLIA_256_CBC, /**< Camellia cipher with 256-bit CBC mode. */ 00128 MBEDTLS_CIPHER_CAMELLIA_128_CFB128, /**< Camellia cipher with 128-bit CFB128 mode. */ 00129 MBEDTLS_CIPHER_CAMELLIA_192_CFB128, /**< Camellia cipher with 192-bit CFB128 mode. */ 00130 MBEDTLS_CIPHER_CAMELLIA_256_CFB128, /**< Camellia cipher with 256-bit CFB128 mode. */ 00131 MBEDTLS_CIPHER_CAMELLIA_128_CTR, /**< Camellia cipher with 128-bit CTR mode. */ 00132 MBEDTLS_CIPHER_CAMELLIA_192_CTR, /**< Camellia cipher with 192-bit CTR mode. */ 00133 MBEDTLS_CIPHER_CAMELLIA_256_CTR, /**< Camellia cipher with 256-bit CTR mode. */ 00134 MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */ 00135 MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */ 00136 MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */ 00137 MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */ 00138 MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */ 00139 MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */ 00140 MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */ 00141 MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */ 00142 MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */ 00143 MBEDTLS_CIPHER_BLOWFISH_ECB, /**< Blowfish cipher with ECB mode. */ 00144 MBEDTLS_CIPHER_BLOWFISH_CBC, /**< Blowfish cipher with CBC mode. */ 00145 MBEDTLS_CIPHER_BLOWFISH_CFB64, /**< Blowfish cipher with CFB64 mode. */ 00146 MBEDTLS_CIPHER_BLOWFISH_CTR, /**< Blowfish cipher with CTR mode. */ 00147 MBEDTLS_CIPHER_ARC4_128, /**< RC4 cipher with 128-bit mode. */ 00148 MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */ 00149 MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */ 00150 MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */ 00151 MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode. */ 00152 MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode. */ 00153 MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode. */ 00154 MBEDTLS_CIPHER_ARIA_128_ECB, /**< Aria cipher with 128-bit key and ECB mode. */ 00155 MBEDTLS_CIPHER_ARIA_192_ECB, /**< Aria cipher with 192-bit key and ECB mode. */ 00156 MBEDTLS_CIPHER_ARIA_256_ECB, /**< Aria cipher with 256-bit key and ECB mode. */ 00157 MBEDTLS_CIPHER_ARIA_128_CBC, /**< Aria cipher with 128-bit key and CBC mode. */ 00158 MBEDTLS_CIPHER_ARIA_192_CBC, /**< Aria cipher with 192-bit key and CBC mode. */ 00159 MBEDTLS_CIPHER_ARIA_256_CBC, /**< Aria cipher with 256-bit key and CBC mode. */ 00160 MBEDTLS_CIPHER_ARIA_128_CFB128, /**< Aria cipher with 128-bit key and CFB-128 mode. */ 00161 MBEDTLS_CIPHER_ARIA_192_CFB128, /**< Aria cipher with 192-bit key and CFB-128 mode. */ 00162 MBEDTLS_CIPHER_ARIA_256_CFB128, /**< Aria cipher with 256-bit key and CFB-128 mode. */ 00163 MBEDTLS_CIPHER_ARIA_128_CTR, /**< Aria cipher with 128-bit key and CTR mode. */ 00164 MBEDTLS_CIPHER_ARIA_192_CTR, /**< Aria cipher with 192-bit key and CTR mode. */ 00165 MBEDTLS_CIPHER_ARIA_256_CTR, /**< Aria cipher with 256-bit key and CTR mode. */ 00166 MBEDTLS_CIPHER_ARIA_128_GCM, /**< Aria cipher with 128-bit key and GCM mode. */ 00167 MBEDTLS_CIPHER_ARIA_192_GCM, /**< Aria cipher with 192-bit key and GCM mode. */ 00168 MBEDTLS_CIPHER_ARIA_256_GCM, /**< Aria cipher with 256-bit key and GCM mode. */ 00169 MBEDTLS_CIPHER_ARIA_128_CCM, /**< Aria cipher with 128-bit key and CCM mode. */ 00170 MBEDTLS_CIPHER_ARIA_192_CCM, /**< Aria cipher with 192-bit key and CCM mode. */ 00171 MBEDTLS_CIPHER_ARIA_256_CCM, /**< Aria cipher with 256-bit key and CCM mode. */ 00172 MBEDTLS_CIPHER_AES_128_OFB, /**< AES 128-bit cipher in OFB mode. */ 00173 MBEDTLS_CIPHER_AES_192_OFB, /**< AES 192-bit cipher in OFB mode. */ 00174 MBEDTLS_CIPHER_AES_256_OFB, /**< AES 256-bit cipher in OFB mode. */ 00175 MBEDTLS_CIPHER_AES_128_XTS, /**< AES 128-bit cipher in XTS block mode. */ 00176 MBEDTLS_CIPHER_AES_256_XTS, /**< AES 256-bit cipher in XTS block mode. */ 00177 MBEDTLS_CIPHER_CHACHA20, /**< ChaCha20 stream cipher. */ 00178 MBEDTLS_CIPHER_CHACHA20_POLY1305, /**< ChaCha20-Poly1305 AEAD cipher. */ 00179 MBEDTLS_CIPHER_AES_128_KW, /**< AES cipher with 128-bit NIST KW mode. */ 00180 MBEDTLS_CIPHER_AES_192_KW, /**< AES cipher with 192-bit NIST KW mode. */ 00181 MBEDTLS_CIPHER_AES_256_KW, /**< AES cipher with 256-bit NIST KW mode. */ 00182 MBEDTLS_CIPHER_AES_128_KWP, /**< AES cipher with 128-bit NIST KWP mode. */ 00183 MBEDTLS_CIPHER_AES_192_KWP, /**< AES cipher with 192-bit NIST KWP mode. */ 00184 MBEDTLS_CIPHER_AES_256_KWP, /**< AES cipher with 256-bit NIST KWP mode. */ 00185 } mbedtls_cipher_type_t; 00186 00187 /** Supported cipher modes. */ 00188 typedef enum { 00189 MBEDTLS_MODE_NONE = 0, /**< None. */ 00190 MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */ 00191 MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */ 00192 MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */ 00193 MBEDTLS_MODE_OFB, /**< The OFB cipher mode. */ 00194 MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */ 00195 MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */ 00196 MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */ 00197 MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */ 00198 MBEDTLS_MODE_XTS, /**< The XTS cipher mode. */ 00199 MBEDTLS_MODE_CHACHAPOLY, /**< The ChaCha-Poly cipher mode. */ 00200 MBEDTLS_MODE_KW, /**< The SP800-38F KW mode */ 00201 MBEDTLS_MODE_KWP, /**< The SP800-38F KWP mode */ 00202 } mbedtls_cipher_mode_t; 00203 00204 /** Supported cipher padding types. */ 00205 typedef enum { 00206 MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */ 00207 MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding. */ 00208 MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding. */ 00209 MBEDTLS_PADDING_ZEROS, /**< Zero padding (not reversible). */ 00210 MBEDTLS_PADDING_NONE, /**< Never pad (full blocks only). */ 00211 } mbedtls_cipher_padding_t; 00212 00213 /** Type of operation. */ 00214 typedef enum { 00215 MBEDTLS_OPERATION_NONE = -1, 00216 MBEDTLS_DECRYPT = 0, 00217 MBEDTLS_ENCRYPT, 00218 } mbedtls_operation_t; 00219 00220 enum { 00221 /** Undefined key length. */ 00222 MBEDTLS_KEY_LENGTH_NONE = 0, 00223 /** Key length, in bits (including parity), for DES keys. */ 00224 MBEDTLS_KEY_LENGTH_DES = 64, 00225 /** Key length in bits, including parity, for DES in two-key EDE. */ 00226 MBEDTLS_KEY_LENGTH_DES_EDE = 128, 00227 /** Key length in bits, including parity, for DES in three-key EDE. */ 00228 MBEDTLS_KEY_LENGTH_DES_EDE3 = 192, 00229 }; 00230 00231 /** Maximum length of any IV, in Bytes. */ 00232 #define MBEDTLS_MAX_IV_LENGTH 16 00233 /** Maximum block size of any cipher, in Bytes. */ 00234 #define MBEDTLS_MAX_BLOCK_LENGTH 16 00235 00236 /** 00237 * Base cipher information (opaque struct). 00238 */ 00239 typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t; 00240 00241 /** 00242 * CMAC context (opaque struct). 00243 */ 00244 typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t; 00245 00246 /** 00247 * Cipher information. Allows calling cipher functions 00248 * in a generic way. 00249 */ 00250 typedef struct mbedtls_cipher_info_t 00251 { 00252 /** Full cipher identifier. For example, 00253 * MBEDTLS_CIPHER_AES_256_CBC. 00254 */ 00255 mbedtls_cipher_type_t type; 00256 00257 /** The cipher mode. For example, MBEDTLS_MODE_CBC. */ 00258 mbedtls_cipher_mode_t mode; 00259 00260 /** The cipher key length, in bits. This is the 00261 * default length for variable sized ciphers. 00262 * Includes parity bits for ciphers like DES. 00263 */ 00264 unsigned int key_bitlen; 00265 00266 /** Name of the cipher. */ 00267 const char * name; 00268 00269 /** IV or nonce size, in Bytes. 00270 * For ciphers that accept variable IV sizes, 00271 * this is the recommended size. 00272 */ 00273 unsigned int iv_size; 00274 00275 /** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and 00276 * MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the 00277 * cipher supports variable IV or variable key sizes, respectively. 00278 */ 00279 int flags; 00280 00281 /** The block size, in Bytes. */ 00282 unsigned int block_size; 00283 00284 /** Struct for base cipher information and functions. */ 00285 const mbedtls_cipher_base_t *base; 00286 00287 } mbedtls_cipher_info_t; 00288 00289 /** 00290 * Generic cipher context. 00291 */ 00292 typedef struct mbedtls_cipher_context_t 00293 { 00294 /** Information about the associated cipher. */ 00295 const mbedtls_cipher_info_t *cipher_info; 00296 00297 /** Key length to use. */ 00298 int key_bitlen; 00299 00300 /** Operation that the key of the context has been 00301 * initialized for. 00302 */ 00303 mbedtls_operation_t operation; 00304 00305 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 00306 /** Padding functions to use, if relevant for 00307 * the specific cipher mode. 00308 */ 00309 void (*add_padding)( unsigned char *output, size_t olen, size_t data_len ); 00310 int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len ); 00311 #endif 00312 00313 /** Buffer for input that has not been processed yet. */ 00314 unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH]; 00315 00316 /** Number of Bytes that have not been processed yet. */ 00317 size_t unprocessed_len; 00318 00319 /** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number 00320 * for XTS-mode. */ 00321 unsigned char iv[MBEDTLS_MAX_IV_LENGTH]; 00322 00323 /** IV size in Bytes, for ciphers with variable-length IVs. */ 00324 size_t iv_size; 00325 00326 /** The cipher-specific context. */ 00327 void *cipher_ctx; 00328 00329 #if defined(MBEDTLS_CMAC_C) 00330 /** CMAC-specific context. */ 00331 mbedtls_cmac_context_t *cmac_ctx; 00332 #endif 00333 00334 #if defined(MBEDTLS_USE_PSA_CRYPTO) 00335 /** Indicates whether the cipher operations should be performed 00336 * by Mbed TLS' own crypto library or an external implementation 00337 * of the PSA Crypto API. 00338 * This is unset if the cipher context was established through 00339 * mbedtls_cipher_setup(), and set if it was established through 00340 * mbedtls_cipher_setup_psa(). 00341 */ 00342 unsigned char psa_enabled; 00343 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 00344 00345 } mbedtls_cipher_context_t; 00346 00347 /** 00348 * \brief This function retrieves the list of ciphers supported 00349 * by the generic cipher module. 00350 * 00351 * For any cipher identifier in the returned list, you can 00352 * obtain the corresponding generic cipher information structure 00353 * via mbedtls_cipher_info_from_type(), which can then be used 00354 * to prepare a cipher context via mbedtls_cipher_setup(). 00355 * 00356 * 00357 * \return A statically-allocated array of cipher identifiers 00358 * of type cipher_type_t. The last entry is zero. 00359 */ 00360 const int *mbedtls_cipher_list( void ); 00361 00362 /** 00363 * \brief This function retrieves the cipher-information 00364 * structure associated with the given cipher name. 00365 * 00366 * \param cipher_name Name of the cipher to search for. This must not be 00367 * \c NULL. 00368 * 00369 * \return The cipher information structure associated with the 00370 * given \p cipher_name. 00371 * \return \c NULL if the associated cipher information is not found. 00372 */ 00373 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name ); 00374 00375 /** 00376 * \brief This function retrieves the cipher-information 00377 * structure associated with the given cipher type. 00378 * 00379 * \param cipher_type Type of the cipher to search for. 00380 * 00381 * \return The cipher information structure associated with the 00382 * given \p cipher_type. 00383 * \return \c NULL if the associated cipher information is not found. 00384 */ 00385 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type ); 00386 00387 /** 00388 * \brief This function retrieves the cipher-information 00389 * structure associated with the given cipher ID, 00390 * key size and mode. 00391 * 00392 * \param cipher_id The ID of the cipher to search for. For example, 00393 * #MBEDTLS_CIPHER_ID_AES. 00394 * \param key_bitlen The length of the key in bits. 00395 * \param mode The cipher mode. For example, #MBEDTLS_MODE_CBC. 00396 * 00397 * \return The cipher information structure associated with the 00398 * given \p cipher_id. 00399 * \return \c NULL if the associated cipher information is not found. 00400 */ 00401 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id, 00402 int key_bitlen, 00403 const mbedtls_cipher_mode_t mode ); 00404 00405 /** 00406 * \brief This function initializes a \p cipher_context as NONE. 00407 * 00408 * \param ctx The context to be initialized. This must not be \c NULL. 00409 */ 00410 void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx ); 00411 00412 /** 00413 * \brief This function frees and clears the cipher-specific 00414 * context of \p ctx. Freeing \p ctx itself remains the 00415 * responsibility of the caller. 00416 * 00417 * \param ctx The context to be freed. If this is \c NULL, the 00418 * function has no effect, otherwise this must point to an 00419 * initialized context. 00420 */ 00421 void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ); 00422 00423 00424 /** 00425 * \brief This function initializes a cipher context for 00426 * use with the given cipher primitive. 00427 * 00428 * \param ctx The context to initialize. This must be initialized. 00429 * \param cipher_info The cipher to use. 00430 * 00431 * \return \c 0 on success. 00432 * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on 00433 * parameter-verification failure. 00434 * \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the 00435 * cipher-specific context fails. 00436 * 00437 * \internal Currently, the function also clears the structure. 00438 * In future versions, the caller will be required to call 00439 * mbedtls_cipher_init() on the structure first. 00440 */ 00441 int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, 00442 const mbedtls_cipher_info_t *cipher_info ); 00443 00444 #if defined(MBEDTLS_USE_PSA_CRYPTO) 00445 /** 00446 * \brief This function initializes a cipher context for 00447 * PSA-based use with the given cipher primitive. 00448 * 00449 * \note See #MBEDTLS_USE_PSA_CRYPTO for information on PSA. 00450 * 00451 * \param ctx The context to initialize. May not be \c NULL. 00452 * \param cipher_info The cipher to use. 00453 * \param taglen For AEAD ciphers, the length in bytes of the 00454 * authentication tag to use. Subsequent uses of 00455 * mbedtls_cipher_auth_encrypt() or 00456 * mbedtls_cipher_auth_decrypt() must provide 00457 * the same tag length. 00458 * For non-AEAD ciphers, the value must be \c 0. 00459 * 00460 * \return \c 0 on success. 00461 * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on 00462 * parameter-verification failure. 00463 * \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the 00464 * cipher-specific context fails. 00465 */ 00466 int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx, 00467 const mbedtls_cipher_info_t *cipher_info, 00468 size_t taglen ); 00469 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 00470 00471 /** 00472 * \brief This function returns the block size of the given cipher. 00473 * 00474 * \param ctx The context of the cipher. This must be initialized. 00475 * 00476 * \return The block size of the underlying cipher. 00477 * \return \c 0 if \p ctx has not been initialized. 00478 */ 00479 static inline unsigned int mbedtls_cipher_get_block_size( 00480 const mbedtls_cipher_context_t *ctx ) 00481 { 00482 MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); 00483 if( ctx->cipher_info == NULL ) 00484 return 0; 00485 00486 return ctx->cipher_info->block_size; 00487 } 00488 00489 /** 00490 * \brief This function returns the mode of operation for 00491 * the cipher. For example, MBEDTLS_MODE_CBC. 00492 * 00493 * \param ctx The context of the cipher. This must be initialized. 00494 * 00495 * \return The mode of operation. 00496 * \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized. 00497 */ 00498 static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( 00499 const mbedtls_cipher_context_t *ctx ) 00500 { 00501 MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE ); 00502 if( ctx->cipher_info == NULL ) 00503 return MBEDTLS_MODE_NONE; 00504 00505 return ctx->cipher_info->mode; 00506 } 00507 00508 /** 00509 * \brief This function returns the size of the IV or nonce 00510 * of the cipher, in Bytes. 00511 * 00512 * \param ctx The context of the cipher. This must be initialized. 00513 * 00514 * \return The recommended IV size if no IV has been set. 00515 * \return \c 0 for ciphers not using an IV or a nonce. 00516 * \return The actual size if an IV has been set. 00517 */ 00518 static inline int mbedtls_cipher_get_iv_size( 00519 const mbedtls_cipher_context_t *ctx ) 00520 { 00521 MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); 00522 if( ctx->cipher_info == NULL ) 00523 return 0; 00524 00525 if( ctx->iv_size != 0 ) 00526 return (int) ctx->iv_size; 00527 00528 return (int) ctx->cipher_info->iv_size; 00529 } 00530 00531 /** 00532 * \brief This function returns the type of the given cipher. 00533 * 00534 * \param ctx The context of the cipher. This must be initialized. 00535 * 00536 * \return The type of the cipher. 00537 * \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized. 00538 */ 00539 static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( 00540 const mbedtls_cipher_context_t *ctx ) 00541 { 00542 MBEDTLS_INTERNAL_VALIDATE_RET( 00543 ctx != NULL, MBEDTLS_CIPHER_NONE ); 00544 if( ctx->cipher_info == NULL ) 00545 return MBEDTLS_CIPHER_NONE; 00546 00547 return ctx->cipher_info->type; 00548 } 00549 00550 /** 00551 * \brief This function returns the name of the given cipher 00552 * as a string. 00553 * 00554 * \param ctx The context of the cipher. This must be initialized. 00555 * 00556 * \return The name of the cipher. 00557 * \return NULL if \p ctx has not been not initialized. 00558 */ 00559 static inline const char *mbedtls_cipher_get_name( 00560 const mbedtls_cipher_context_t *ctx ) 00561 { 00562 MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); 00563 if( ctx->cipher_info == NULL ) 00564 return 0; 00565 00566 return ctx->cipher_info->name; 00567 } 00568 00569 /** 00570 * \brief This function returns the key length of the cipher. 00571 * 00572 * \param ctx The context of the cipher. This must be initialized. 00573 * 00574 * \return The key length of the cipher in bits. 00575 * \return #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been 00576 * initialized. 00577 */ 00578 static inline int mbedtls_cipher_get_key_bitlen( 00579 const mbedtls_cipher_context_t *ctx ) 00580 { 00581 MBEDTLS_INTERNAL_VALIDATE_RET( 00582 ctx != NULL, MBEDTLS_KEY_LENGTH_NONE ); 00583 if( ctx->cipher_info == NULL ) 00584 return MBEDTLS_KEY_LENGTH_NONE; 00585 00586 return (int) ctx->cipher_info->key_bitlen; 00587 } 00588 00589 /** 00590 * \brief This function returns the operation of the given cipher. 00591 * 00592 * \param ctx The context of the cipher. This must be initialized. 00593 * 00594 * \return The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT. 00595 * \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized. 00596 */ 00597 static inline mbedtls_operation_t mbedtls_cipher_get_operation( 00598 const mbedtls_cipher_context_t *ctx ) 00599 { 00600 MBEDTLS_INTERNAL_VALIDATE_RET( 00601 ctx != NULL, MBEDTLS_OPERATION_NONE ); 00602 if( ctx->cipher_info == NULL ) 00603 return MBEDTLS_OPERATION_NONE; 00604 00605 return ctx->operation; 00606 } 00607 00608 /** 00609 * \brief This function sets the key to use with the given context. 00610 * 00611 * \param ctx The generic cipher context. This must be initialized and 00612 * bound to a cipher information structure. 00613 * \param key The key to use. This must be a readable buffer of at 00614 * least \p key_bitlen Bits. 00615 * \param key_bitlen The key length to use, in Bits. 00616 * \param operation The operation that the key will be used for: 00617 * #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT. 00618 * 00619 * \return \c 0 on success. 00620 * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on 00621 * parameter-verification failure. 00622 * \return A cipher-specific error code on failure. 00623 */ 00624 int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, 00625 const unsigned char *key, 00626 int key_bitlen, 00627 const mbedtls_operation_t operation ); 00628 00629 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 00630 /** 00631 * \brief This function sets the padding mode, for cipher modes 00632 * that use padding. 00633 * 00634 * The default passing mode is PKCS7 padding. 00635 * 00636 * \param ctx The generic cipher context. This must be initialized and 00637 * bound to a cipher information structure. 00638 * \param mode The padding mode. 00639 * 00640 * \return \c 0 on success. 00641 * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE 00642 * if the selected padding mode is not supported. 00643 * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode 00644 * does not support padding. 00645 */ 00646 int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, 00647 mbedtls_cipher_padding_t mode ); 00648 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 00649 00650 /** 00651 * \brief This function sets the initialization vector (IV) 00652 * or nonce. 00653 * 00654 * \note Some ciphers do not use IVs nor nonce. For these 00655 * ciphers, this function has no effect. 00656 * 00657 * \param ctx The generic cipher context. This must be initialized and 00658 * bound to a cipher information structure. 00659 * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This 00660 * must be a readable buffer of at least \p iv_len Bytes. 00661 * \param iv_len The IV length for ciphers with variable-size IV. 00662 * This parameter is discarded by ciphers with fixed-size IV. 00663 * 00664 * \return \c 0 on success. 00665 * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on 00666 * parameter-verification failure. 00667 */ 00668 int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, 00669 const unsigned char *iv, 00670 size_t iv_len ); 00671 00672 /** 00673 * \brief This function resets the cipher state. 00674 * 00675 * \param ctx The generic cipher context. This must be initialized. 00676 * 00677 * \return \c 0 on success. 00678 * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on 00679 * parameter-verification failure. 00680 */ 00681 int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ); 00682 00683 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 00684 /** 00685 * \brief This function adds additional data for AEAD ciphers. 00686 * Currently supported with GCM and ChaCha20+Poly1305. 00687 * This must be called exactly once, after 00688 * mbedtls_cipher_reset(). 00689 * 00690 * \param ctx The generic cipher context. This must be initialized. 00691 * \param ad The additional data to use. This must be a readable 00692 * buffer of at least \p ad_len Bytes. 00693 * \param ad_len The length of \p ad in Bytes. 00694 * 00695 * \return \c 0 on success. 00696 * \return A specific error code on failure. 00697 */ 00698 int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, 00699 const unsigned char *ad, size_t ad_len ); 00700 #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */ 00701 00702 /** 00703 * \brief The generic cipher update function. It encrypts or 00704 * decrypts using the given cipher context. Writes as 00705 * many block-sized blocks of data as possible to output. 00706 * Any data that cannot be written immediately is either 00707 * added to the next block, or flushed when 00708 * mbedtls_cipher_finish() is called. 00709 * Exception: For MBEDTLS_MODE_ECB, expects a single block 00710 * in size. For example, 16 Bytes for AES. 00711 * 00712 * \note If the underlying cipher is used in GCM mode, all calls 00713 * to this function, except for the last one before 00714 * mbedtls_cipher_finish(), must have \p ilen as a 00715 * multiple of the block size of the cipher. 00716 * 00717 * \param ctx The generic cipher context. This must be initialized and 00718 * bound to a key. 00719 * \param input The buffer holding the input data. This must be a 00720 * readable buffer of at least \p ilen Bytes. 00721 * \param ilen The length of the input data. 00722 * \param output The buffer for the output data. This must be able to 00723 * hold at least `ilen + block_size`. This must not be the 00724 * same buffer as \p input. 00725 * \param olen The length of the output data, to be updated with the 00726 * actual number of Bytes written. This must not be 00727 * \c NULL. 00728 * 00729 * \return \c 0 on success. 00730 * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on 00731 * parameter-verification failure. 00732 * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an 00733 * unsupported mode for a cipher. 00734 * \return A cipher-specific error code on failure. 00735 */ 00736 int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, 00737 const unsigned char *input, 00738 size_t ilen, unsigned char *output, 00739 size_t *olen ); 00740 00741 /** 00742 * \brief The generic cipher finalization function. If data still 00743 * needs to be flushed from an incomplete block, the data 00744 * contained in it is padded to the size of 00745 * the last block, and written to the \p output buffer. 00746 * 00747 * \param ctx The generic cipher context. This must be initialized and 00748 * bound to a key. 00749 * \param output The buffer to write data to. This needs to be a writable 00750 * buffer of at least \p block_size Bytes. 00751 * \param olen The length of the data written to the \p output buffer. 00752 * This may not be \c NULL. 00753 * 00754 * \return \c 0 on success. 00755 * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on 00756 * parameter-verification failure. 00757 * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption 00758 * expecting a full block but not receiving one. 00759 * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding 00760 * while decrypting. 00761 * \return A cipher-specific error code on failure. 00762 */ 00763 int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, 00764 unsigned char *output, size_t *olen ); 00765 00766 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 00767 /** 00768 * \brief This function writes a tag for AEAD ciphers. 00769 * Currently supported with GCM and ChaCha20+Poly1305. 00770 * This must be called after mbedtls_cipher_finish(). 00771 * 00772 * \param ctx The generic cipher context. This must be initialized, 00773 * bound to a key, and have just completed a cipher 00774 * operation through mbedtls_cipher_finish() the tag for 00775 * which should be written. 00776 * \param tag The buffer to write the tag to. This must be a writable 00777 * buffer of at least \p tag_len Bytes. 00778 * \param tag_len The length of the tag to write. 00779 * 00780 * \return \c 0 on success. 00781 * \return A specific error code on failure. 00782 */ 00783 int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, 00784 unsigned char *tag, size_t tag_len ); 00785 00786 /** 00787 * \brief This function checks the tag for AEAD ciphers. 00788 * Currently supported with GCM and ChaCha20+Poly1305. 00789 * This must be called after mbedtls_cipher_finish(). 00790 * 00791 * \param ctx The generic cipher context. This must be initialized. 00792 * \param tag The buffer holding the tag. This must be a readable 00793 * buffer of at least \p tag_len Bytes. 00794 * \param tag_len The length of the tag to check. 00795 * 00796 * \return \c 0 on success. 00797 * \return A specific error code on failure. 00798 */ 00799 int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, 00800 const unsigned char *tag, size_t tag_len ); 00801 #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */ 00802 00803 /** 00804 * \brief The generic all-in-one encryption/decryption function, 00805 * for all ciphers except AEAD constructs. 00806 * 00807 * \param ctx The generic cipher context. This must be initialized. 00808 * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. 00809 * This must be a readable buffer of at least \p iv_len 00810 * Bytes. 00811 * \param iv_len The IV length for ciphers with variable-size IV. 00812 * This parameter is discarded by ciphers with fixed-size 00813 * IV. 00814 * \param input The buffer holding the input data. This must be a 00815 * readable buffer of at least \p ilen Bytes. 00816 * \param ilen The length of the input data in Bytes. 00817 * \param output The buffer for the output data. This must be able to 00818 * hold at least `ilen + block_size`. This must not be the 00819 * same buffer as \p input. 00820 * \param olen The length of the output data, to be updated with the 00821 * actual number of Bytes written. This must not be 00822 * \c NULL. 00823 * 00824 * \note Some ciphers do not use IVs nor nonce. For these 00825 * ciphers, use \p iv = NULL and \p iv_len = 0. 00826 * 00827 * \return \c 0 on success. 00828 * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on 00829 * parameter-verification failure. 00830 * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption 00831 * expecting a full block but not receiving one. 00832 * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding 00833 * while decrypting. 00834 * \return A cipher-specific error code on failure. 00835 */ 00836 int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, 00837 const unsigned char *iv, size_t iv_len, 00838 const unsigned char *input, size_t ilen, 00839 unsigned char *output, size_t *olen ); 00840 00841 #if defined(MBEDTLS_CIPHER_MODE_AEAD) 00842 /** 00843 * \brief The generic autenticated encryption (AEAD) function. 00844 * 00845 * \param ctx The generic cipher context. This must be initialized and 00846 * bound to a key. 00847 * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. 00848 * This must be a readable buffer of at least \p iv_len 00849 * Bytes. 00850 * \param iv_len The IV length for ciphers with variable-size IV. 00851 * This parameter is discarded by ciphers with fixed-size IV. 00852 * \param ad The additional data to authenticate. This must be a 00853 * readable buffer of at least \p ad_len Bytes. 00854 * \param ad_len The length of \p ad. 00855 * \param input The buffer holding the input data. This must be a 00856 * readable buffer of at least \p ilen Bytes. 00857 * \param ilen The length of the input data. 00858 * \param output The buffer for the output data. This must be able to 00859 * hold at least \p ilen Bytes. 00860 * \param olen The length of the output data, to be updated with the 00861 * actual number of Bytes written. This must not be 00862 * \c NULL. 00863 * \param tag The buffer for the authentication tag. This must be a 00864 * writable buffer of at least \p tag_len Bytes. 00865 * \param tag_len The desired length of the authentication tag. 00866 * 00867 * \return \c 0 on success. 00868 * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on 00869 * parameter-verification failure. 00870 * \return A cipher-specific error code on failure. 00871 */ 00872 int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, 00873 const unsigned char *iv, size_t iv_len, 00874 const unsigned char *ad, size_t ad_len, 00875 const unsigned char *input, size_t ilen, 00876 unsigned char *output, size_t *olen, 00877 unsigned char *tag, size_t tag_len ); 00878 00879 /** 00880 * \brief The generic autenticated decryption (AEAD) function. 00881 * 00882 * \note If the data is not authentic, then the output buffer 00883 * is zeroed out to prevent the unauthentic plaintext being 00884 * used, making this interface safer. 00885 * 00886 * \param ctx The generic cipher context. This must be initialized and 00887 * and bound to a key. 00888 * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. 00889 * This must be a readable buffer of at least \p iv_len 00890 * Bytes. 00891 * \param iv_len The IV length for ciphers with variable-size IV. 00892 * This parameter is discarded by ciphers with fixed-size IV. 00893 * \param ad The additional data to be authenticated. This must be a 00894 * readable buffer of at least \p ad_len Bytes. 00895 * \param ad_len The length of \p ad. 00896 * \param input The buffer holding the input data. This must be a 00897 * readable buffer of at least \p ilen Bytes. 00898 * \param ilen The length of the input data. 00899 * \param output The buffer for the output data. 00900 * This must be able to hold at least \p ilen Bytes. 00901 * \param olen The length of the output data, to be updated with the 00902 * actual number of Bytes written. This must not be 00903 * \c NULL. 00904 * \param tag The buffer holding the authentication tag. This must be 00905 * a readable buffer of at least \p tag_len Bytes. 00906 * \param tag_len The length of the authentication tag. 00907 * 00908 * \return \c 0 on success. 00909 * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on 00910 * parameter-verification failure. 00911 * \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic. 00912 * \return A cipher-specific error code on failure. 00913 */ 00914 int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, 00915 const unsigned char *iv, size_t iv_len, 00916 const unsigned char *ad, size_t ad_len, 00917 const unsigned char *input, size_t ilen, 00918 unsigned char *output, size_t *olen, 00919 const unsigned char *tag, size_t tag_len ); 00920 #endif /* MBEDTLS_CIPHER_MODE_AEAD */ 00921 00922 #ifdef __cplusplus 00923 } 00924 #endif 00925 00926 #endif /* MBEDTLS_CIPHER_H */
Generated on Tue Jul 12 2022 13:54:07 by
1.7.2