mbed TLS v2.24.0
cipher.h
Go to the documentation of this file.
1 
10 /*
11  * Copyright The Mbed TLS Contributors
12  * SPDX-License-Identifier: Apache-2.0
13  *
14  * Licensed under the Apache License, Version 2.0 (the "License"); you may
15  * not use this file except in compliance with the License.
16  * You may obtain a copy of the License at
17  *
18  * http://www.apache.org/licenses/LICENSE-2.0
19  *
20  * Unless required by applicable law or agreed to in writing, software
21  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
22  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
23  * See the License for the specific language governing permissions and
24  * limitations under the License.
25  */
26 
27 #ifndef MBEDTLS_CIPHER_H
28 #define MBEDTLS_CIPHER_H
29 
30 #if !defined(MBEDTLS_CONFIG_FILE)
31 #include "mbedtls/config.h"
32 #else
33 #include MBEDTLS_CONFIG_FILE
34 #endif
35 
36 #include <stddef.h>
37 #include "mbedtls/platform_util.h"
38 
39 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
40 #define MBEDTLS_CIPHER_MODE_AEAD
41 #endif
42 
43 #if defined(MBEDTLS_CIPHER_MODE_CBC)
44 #define MBEDTLS_CIPHER_MODE_WITH_PADDING
45 #endif
46 
47 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
48  defined(MBEDTLS_CHACHA20_C)
49 #define MBEDTLS_CIPHER_MODE_STREAM
50 #endif
51 
52 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
53  !defined(inline) && !defined(__cplusplus)
54 #define inline __inline
55 #endif
56 
57 #define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080
58 #define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100
59 #define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180
60 #define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200
61 #define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280
62 #define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300
63 #define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380
65 /* MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED is deprecated and should not be used. */
66 #define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400
68 #define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01
69 #define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02
71 #ifdef __cplusplus
72 extern "C" {
73 #endif
74 
82 typedef enum {
94 
102 typedef enum {
184 
186 typedef enum {
201 
203 typedef enum {
210 
212 typedef enum {
217 
218 enum {
227 };
228 
230 #define MBEDTLS_MAX_IV_LENGTH 16
231 
232 #define MBEDTLS_MAX_BLOCK_LENGTH 16
233 
238 
243 
248 typedef struct mbedtls_cipher_info_t
249 {
254 
257 
262  unsigned int key_bitlen;
263 
265  const char * name;
266 
271  unsigned int iv_size;
272 
277  int flags;
278 
280  unsigned int block_size;
281 
284 
286 
291 {
294 
297 
302 
303 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
304 
307  void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
308  int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
309 #endif
310 
313 
316 
319  unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
320 
322  size_t iv_size;
323 
325  void *cipher_ctx;
326 
327 #if defined(MBEDTLS_CMAC_C)
328 
330 #endif
331 
332 #if defined(MBEDTLS_USE_PSA_CRYPTO)
333 
340  unsigned char psa_enabled;
341 #endif /* MBEDTLS_USE_PSA_CRYPTO */
342 
344 
358 const int *mbedtls_cipher_list( void );
359 
371 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
372 
384 
400  int key_bitlen,
401  const mbedtls_cipher_mode_t mode );
402 
409 
420 
421 
440  const mbedtls_cipher_info_t *cipher_info );
441 
442 #if defined(MBEDTLS_USE_PSA_CRYPTO)
443 
465  const mbedtls_cipher_info_t *cipher_info,
466  size_t taglen );
467 #endif /* MBEDTLS_USE_PSA_CRYPTO */
468 
477 static inline unsigned int mbedtls_cipher_get_block_size(
478  const mbedtls_cipher_context_t *ctx )
479 {
480  MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
481  if( ctx->cipher_info == NULL )
482  return 0;
483 
484  return ctx->cipher_info->block_size;
485 }
486 
497  const mbedtls_cipher_context_t *ctx )
498 {
500  if( ctx->cipher_info == NULL )
501  return MBEDTLS_MODE_NONE;
502 
503  return ctx->cipher_info->mode;
504 }
505 
516 static inline int mbedtls_cipher_get_iv_size(
517  const mbedtls_cipher_context_t *ctx )
518 {
519  MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
520  if( ctx->cipher_info == NULL )
521  return 0;
522 
523  if( ctx->iv_size != 0 )
524  return (int) ctx->iv_size;
525 
526  return (int) ctx->cipher_info->iv_size;
527 }
528 
538  const mbedtls_cipher_context_t *ctx )
539 {
541  ctx != NULL, MBEDTLS_CIPHER_NONE );
542  if( ctx->cipher_info == NULL )
543  return MBEDTLS_CIPHER_NONE;
544 
545  return ctx->cipher_info->type;
546 }
547 
557 static inline const char *mbedtls_cipher_get_name(
558  const mbedtls_cipher_context_t *ctx )
559 {
560  MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
561  if( ctx->cipher_info == NULL )
562  return 0;
563 
564  return ctx->cipher_info->name;
565 }
566 
577  const mbedtls_cipher_context_t *ctx )
578 {
580  ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
581  if( ctx->cipher_info == NULL )
583 
584  return (int) ctx->cipher_info->key_bitlen;
585 }
586 
596  const mbedtls_cipher_context_t *ctx )
597 {
599  ctx != NULL, MBEDTLS_OPERATION_NONE );
600  if( ctx->cipher_info == NULL )
601  return MBEDTLS_OPERATION_NONE;
602 
603  return ctx->operation;
604 }
605 
623  const unsigned char *key,
624  int key_bitlen,
625  const mbedtls_operation_t operation );
626 
627 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
628 
646 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
647 
667  const unsigned char *iv,
668  size_t iv_len );
669 
680 
681 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
682 
697  const unsigned char *ad, size_t ad_len );
698 #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
699 
735  const unsigned char *input,
736  size_t ilen, unsigned char *output,
737  size_t *olen );
738 
762  unsigned char *output, size_t *olen );
763 
764 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
765 
782  unsigned char *tag, size_t tag_len );
783 
798  const unsigned char *tag, size_t tag_len );
799 #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
800 
835  const unsigned char *iv, size_t iv_len,
836  const unsigned char *input, size_t ilen,
837  unsigned char *output, size_t *olen );
838 
839 #if defined(MBEDTLS_CIPHER_MODE_AEAD)
840 
871  const unsigned char *iv, size_t iv_len,
872  const unsigned char *ad, size_t ad_len,
873  const unsigned char *input, size_t ilen,
874  unsigned char *output, size_t *olen,
875  unsigned char *tag, size_t tag_len );
876 
913  const unsigned char *iv, size_t iv_len,
914  const unsigned char *ad, size_t ad_len,
915  const unsigned char *input, size_t ilen,
916  unsigned char *output, size_t *olen,
917  const unsigned char *tag, size_t tag_len );
918 #endif /* MBEDTLS_CIPHER_MODE_AEAD */
919 
920 #ifdef __cplusplus
921 }
922 #endif
923 
924 #endif /* MBEDTLS_CIPHER_H */
unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH]
Definition: cipher.h:312
mbedtls_operation_t
Definition: cipher.h:212
unsigned int iv_size
Definition: cipher.h:271
mbedtls_cipher_padding_t
Definition: cipher.h:203
static mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(const mbedtls_cipher_context_t *ctx)
This function returns the mode of operation for the cipher. For example, MBEDTLS_MODE_CBC.
Definition: cipher.h:496
int(* get_padding)(unsigned char *input, size_t ilen, size_t *data_len)
Definition: cipher.h:308
#define MBEDTLS_INTERNAL_VALIDATE_RET(cond, ret)
Definition: platform_util.h:87
unsigned char psa_enabled
Definition: cipher.h:340
mbedtls_cmac_context_t * cmac_ctx
Definition: cipher.h:329
static unsigned int mbedtls_cipher_get_block_size(const mbedtls_cipher_context_t *ctx)
This function returns the block size of the given cipher.
Definition: cipher.h:477
int mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info, size_t taglen)
This function initializes a cipher context for PSA-based use with the given cipher primitive...
mbedtls_cipher_mode_t
Definition: cipher.h:186
const mbedtls_cipher_info_t * mbedtls_cipher_info_from_string(const char *cipher_name)
This function retrieves the cipher-information structure associated with the given cipher name...
int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen)
The generic cipher finalization function. If data still needs to be flushed from an incomplete block...
int mbedtls_cipher_reset(mbedtls_cipher_context_t *ctx)
This function resets the cipher state.
static const char * mbedtls_cipher_get_name(const mbedtls_cipher_context_t *ctx)
This function returns the name of the given cipher as a string.
Definition: cipher.h:557
Configuration options (set of defines)
int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len)
This function sets the initialization vector (IV) or nonce.
int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode)
This function sets the padding mode, for cipher modes that use padding.
mbedtls_cipher_mode_t mode
Definition: cipher.h:256
int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
The generic cipher update function. It encrypts or decrypts using the given cipher context...
unsigned int block_size
Definition: cipher.h:280
void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx)
This function frees and clears the cipher-specific context of ctx. Freeing ctx itself remains the res...
static mbedtls_operation_t mbedtls_cipher_get_operation(const mbedtls_cipher_context_t *ctx)
This function returns the operation of the given cipher.
Definition: cipher.h:595
const int * mbedtls_cipher_list(void)
This function retrieves the list of ciphers supported by the generic cipher module.
static int mbedtls_cipher_get_key_bitlen(const mbedtls_cipher_context_t *ctx)
This function returns the key length of the cipher.
Definition: cipher.h:576
mbedtls_cipher_type_t
Supported {cipher type, cipher mode} pairs.
Definition: cipher.h:102
struct mbedtls_cipher_info_t mbedtls_cipher_info_t
Common and shared functions used by multiple modules in the Mbed TLS library.
const mbedtls_cipher_info_t * cipher_info
Definition: cipher.h:293
struct mbedtls_cipher_base_t mbedtls_cipher_base_t
Definition: cipher.h:237
const mbedtls_cipher_info_t * mbedtls_cipher_info_from_values(const mbedtls_cipher_id_t cipher_id, int key_bitlen, const mbedtls_cipher_mode_t mode)
This function retrieves the cipher-information structure associated with the given cipher ID...
static mbedtls_cipher_type_t mbedtls_cipher_get_type(const mbedtls_cipher_context_t *ctx)
This function returns the type of the given cipher.
Definition: cipher.h:537
mbedtls_operation_t operation
Definition: cipher.h:301
mbedtls_cipher_id_t
Supported cipher types.
Definition: cipher.h:82
unsigned char iv[MBEDTLS_MAX_IV_LENGTH]
Definition: cipher.h:319
int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation)
This function sets the key to use with the given context.
#define MBEDTLS_MAX_IV_LENGTH
Definition: cipher.h:230
int mbedtls_cipher_auth_decrypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, const unsigned char *tag, size_t tag_len)
The generic autenticated decryption (AEAD) function.
const char * name
Definition: cipher.h:265
int mbedtls_cipher_auth_encrypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, unsigned char *tag, size_t tag_len)
The generic autenticated encryption (AEAD) function.
int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
The generic all-in-one encryption/decryption function, for all ciphers except AEAD constructs...
struct mbedtls_cmac_context_t mbedtls_cmac_context_t
Definition: cipher.h:242
void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx)
This function initializes a cipher_context as NONE.
int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx, const unsigned char *ad, size_t ad_len)
This function adds additional data for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly13...
int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info)
This function initializes a cipher context for use with the given cipher primitive.
int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx, const unsigned char *tag, size_t tag_len)
This function checks the tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish().
static int mbedtls_cipher_get_iv_size(const mbedtls_cipher_context_t *ctx)
This function returns the size of the IV or nonce of the cipher, in Bytes.
Definition: cipher.h:516
struct mbedtls_cipher_context_t mbedtls_cipher_context_t
void(* add_padding)(unsigned char *output, size_t olen, size_t data_len)
Definition: cipher.h:307
int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx, unsigned char *tag, size_t tag_len)
This function writes a tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish().
#define MBEDTLS_MAX_BLOCK_LENGTH
Definition: cipher.h:232
unsigned int key_bitlen
Definition: cipher.h:262
mbedtls_cipher_type_t type
Definition: cipher.h:253
const mbedtls_cipher_info_t * mbedtls_cipher_info_from_type(const mbedtls_cipher_type_t cipher_type)
This function retrieves the cipher-information structure associated with the given cipher type...
const mbedtls_cipher_base_t * base
Definition: cipher.h:283