mbed TLS v2.16.6
cipher.h
Go to the documentation of this file.
1 
10 /*
11  * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
12  * SPDX-License-Identifier: GPL-2.0
13  *
14  * This program is free software; you can redistribute it and/or modify
15  * it under the terms of the GNU General Public License as published by
16  * the Free Software Foundation; either version 2 of the License, or
17  * (at your option) any later version.
18  *
19  * This program is distributed in the hope that it will be useful,
20  * but WITHOUT ANY WARRANTY; without even the implied warranty of
21  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22  * GNU General Public License for more details.
23  *
24  * You should have received a copy of the GNU General Public License along
25  * with this program; if not, write to the Free Software Foundation, Inc.,
26  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
27  *
28  * This file is part of Mbed TLS (https://tls.mbed.org)
29  */
30 
31 #ifndef MBEDTLS_CIPHER_H
32 #define MBEDTLS_CIPHER_H
33 
34 #if !defined(MBEDTLS_CONFIG_FILE)
35 #include "config.h"
36 #else
37 #include MBEDTLS_CONFIG_FILE
38 #endif
39 
40 #include <stddef.h>
41 #include "platform_util.h"
42 
43 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
44 #define MBEDTLS_CIPHER_MODE_AEAD
45 #endif
46 
47 #if defined(MBEDTLS_CIPHER_MODE_CBC)
48 #define MBEDTLS_CIPHER_MODE_WITH_PADDING
49 #endif
50 
51 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
52  defined(MBEDTLS_CHACHA20_C)
53 #define MBEDTLS_CIPHER_MODE_STREAM
54 #endif
55 
56 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
57  !defined(inline) && !defined(__cplusplus)
58 #define inline __inline
59 #endif
60 
61 #define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080
62 #define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100
63 #define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180
64 #define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200
65 #define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280
66 #define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300
67 #define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380
69 /* MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED is deprecated and should not be used. */
70 #define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400
72 #define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01
73 #define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02
75 #ifdef __cplusplus
76 extern "C" {
77 #endif
78 
86 typedef enum {
98 
106 typedef enum {
182 
184 typedef enum {
197 
199 typedef enum {
206 
208 typedef enum {
213 
214 enum {
223 };
224 
226 #define MBEDTLS_MAX_IV_LENGTH 16
227 
228 #define MBEDTLS_MAX_BLOCK_LENGTH 16
229 
234 
239 
244 typedef struct mbedtls_cipher_info_t
245 {
250 
253 
258  unsigned int key_bitlen;
259 
261  const char * name;
262 
267  unsigned int iv_size;
268 
273  int flags;
274 
276  unsigned int block_size;
277 
280 
282 
287 {
290 
293 
298 
299 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
300 
303  void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
304  int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
305 #endif
306 
309 
312 
315  unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
316 
318  size_t iv_size;
319 
321  void *cipher_ctx;
322 
323 #if defined(MBEDTLS_CMAC_C)
324 
325  mbedtls_cmac_context_t *cmac_ctx;
326 #endif
328 
336 const int *mbedtls_cipher_list( void );
337 
349 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
350 
362 
378  int key_bitlen,
379  const mbedtls_cipher_mode_t mode );
380 
387 
398 
399 
419  const mbedtls_cipher_info_t *cipher_info );
420 
429 static inline unsigned int mbedtls_cipher_get_block_size(
430  const mbedtls_cipher_context_t *ctx )
431 {
432  MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
433  if( ctx->cipher_info == NULL )
434  return 0;
435 
436  return ctx->cipher_info->block_size;
437 }
438 
449  const mbedtls_cipher_context_t *ctx )
450 {
452  if( ctx->cipher_info == NULL )
453  return MBEDTLS_MODE_NONE;
454 
455  return ctx->cipher_info->mode;
456 }
457 
468 static inline int mbedtls_cipher_get_iv_size(
469  const mbedtls_cipher_context_t *ctx )
470 {
471  MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
472  if( ctx->cipher_info == NULL )
473  return 0;
474 
475  if( ctx->iv_size != 0 )
476  return (int) ctx->iv_size;
477 
478  return (int) ctx->cipher_info->iv_size;
479 }
480 
490  const mbedtls_cipher_context_t *ctx )
491 {
493  ctx != NULL, MBEDTLS_CIPHER_NONE );
494  if( ctx->cipher_info == NULL )
495  return MBEDTLS_CIPHER_NONE;
496 
497  return ctx->cipher_info->type;
498 }
499 
509 static inline const char *mbedtls_cipher_get_name(
510  const mbedtls_cipher_context_t *ctx )
511 {
512  MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
513  if( ctx->cipher_info == NULL )
514  return 0;
515 
516  return ctx->cipher_info->name;
517 }
518 
529  const mbedtls_cipher_context_t *ctx )
530 {
532  ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
533  if( ctx->cipher_info == NULL )
535 
536  return (int) ctx->cipher_info->key_bitlen;
537 }
538 
548  const mbedtls_cipher_context_t *ctx )
549 {
551  ctx != NULL, MBEDTLS_OPERATION_NONE );
552  if( ctx->cipher_info == NULL )
553  return MBEDTLS_OPERATION_NONE;
554 
555  return ctx->operation;
556 }
557 
575  const unsigned char *key,
576  int key_bitlen,
577  const mbedtls_operation_t operation );
578 
579 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
580 
598 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
599 
619  const unsigned char *iv,
620  size_t iv_len );
621 
632 
633 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
634 
649  const unsigned char *ad, size_t ad_len );
650 #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
651 
686 int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
687  size_t ilen, unsigned char *output, size_t *olen );
688 
712  unsigned char *output, size_t *olen );
713 
714 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
715 
732  unsigned char *tag, size_t tag_len );
733 
748  const unsigned char *tag, size_t tag_len );
749 #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
750 
785  const unsigned char *iv, size_t iv_len,
786  const unsigned char *input, size_t ilen,
787  unsigned char *output, size_t *olen );
788 
789 #if defined(MBEDTLS_CIPHER_MODE_AEAD)
790 
821  const unsigned char *iv, size_t iv_len,
822  const unsigned char *ad, size_t ad_len,
823  const unsigned char *input, size_t ilen,
824  unsigned char *output, size_t *olen,
825  unsigned char *tag, size_t tag_len );
826 
863  const unsigned char *iv, size_t iv_len,
864  const unsigned char *ad, size_t ad_len,
865  const unsigned char *input, size_t ilen,
866  unsigned char *output, size_t *olen,
867  const unsigned char *tag, size_t tag_len );
868 #endif /* MBEDTLS_CIPHER_MODE_AEAD */
869 
870 #ifdef __cplusplus
871 }
872 #endif
873 
874 #endif /* MBEDTLS_CIPHER_H */
unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH]
Definition: cipher.h:308
mbedtls_operation_t
Definition: cipher.h:208
unsigned int iv_size
Definition: cipher.h:267
mbedtls_cipher_padding_t
Definition: cipher.h:199
static mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(const mbedtls_cipher_context_t *ctx)
This function returns the mode of operation for the cipher. For example, MBEDTLS_MODE_CBC.
Definition: cipher.h:448
int(* get_padding)(unsigned char *input, size_t ilen, size_t *data_len)
Definition: cipher.h:304
#define MBEDTLS_INTERNAL_VALIDATE_RET(cond, ret)
static unsigned int mbedtls_cipher_get_block_size(const mbedtls_cipher_context_t *ctx)
This function returns the block size of the given cipher.
Definition: cipher.h:429
mbedtls_cipher_mode_t
Definition: cipher.h:184
const mbedtls_cipher_info_t * mbedtls_cipher_info_from_string(const char *cipher_name)
This function retrieves the cipher-information structure associated with the given cipher name...
int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen)
The generic cipher finalization function. If data still needs to be flushed from an incomplete block...
int mbedtls_cipher_reset(mbedtls_cipher_context_t *ctx)
This function resets the cipher state.
static const char * mbedtls_cipher_get_name(const mbedtls_cipher_context_t *ctx)
This function returns the name of the given cipher as a string.
Definition: cipher.h:509
Configuration options (set of defines)
int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len)
This function sets the initialization vector (IV) or nonce.
int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode)
This function sets the padding mode, for cipher modes that use padding.
mbedtls_cipher_mode_t mode
Definition: cipher.h:252
int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
The generic cipher update function. It encrypts or decrypts using the given cipher context...
unsigned int block_size
Definition: cipher.h:276
void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx)
This function frees and clears the cipher-specific context of ctx. Freeing ctx itself remains the res...
static mbedtls_operation_t mbedtls_cipher_get_operation(const mbedtls_cipher_context_t *ctx)
This function returns the operation of the given cipher.
Definition: cipher.h:547
const int * mbedtls_cipher_list(void)
This function retrieves the list of ciphers supported by the generic cipher module.
static int mbedtls_cipher_get_key_bitlen(const mbedtls_cipher_context_t *ctx)
This function returns the key length of the cipher.
Definition: cipher.h:528
mbedtls_cipher_type_t
Supported {cipher type, cipher mode} pairs.
Definition: cipher.h:106
struct mbedtls_cipher_info_t mbedtls_cipher_info_t
Common and shared functions used by multiple modules in the Mbed TLS library.
const mbedtls_cipher_info_t * cipher_info
Definition: cipher.h:289
struct mbedtls_cipher_base_t mbedtls_cipher_base_t
Definition: cipher.h:233
const mbedtls_cipher_info_t * mbedtls_cipher_info_from_values(const mbedtls_cipher_id_t cipher_id, int key_bitlen, const mbedtls_cipher_mode_t mode)
This function retrieves the cipher-information structure associated with the given cipher ID...
static mbedtls_cipher_type_t mbedtls_cipher_get_type(const mbedtls_cipher_context_t *ctx)
This function returns the type of the given cipher.
Definition: cipher.h:489
mbedtls_operation_t operation
Definition: cipher.h:297
mbedtls_cipher_id_t
Supported cipher types.
Definition: cipher.h:86
unsigned char iv[MBEDTLS_MAX_IV_LENGTH]
Definition: cipher.h:315
int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation)
This function sets the key to use with the given context.
#define MBEDTLS_MAX_IV_LENGTH
Definition: cipher.h:226
int mbedtls_cipher_auth_decrypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, const unsigned char *tag, size_t tag_len)
The generic autenticated decryption (AEAD) function.
const char * name
Definition: cipher.h:261
int mbedtls_cipher_auth_encrypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, unsigned char *tag, size_t tag_len)
The generic autenticated encryption (AEAD) function.
int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
The generic all-in-one encryption/decryption function, for all ciphers except AEAD constructs...
void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx)
This function initializes a cipher_context as NONE.
int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx, const unsigned char *ad, size_t ad_len)
This function adds additional data for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly13...
int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info)
This function initializes and fills the cipher-context structure with the appropriate values...
int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx, const unsigned char *tag, size_t tag_len)
This function checks the tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish().
static int mbedtls_cipher_get_iv_size(const mbedtls_cipher_context_t *ctx)
This function returns the size of the IV or nonce of the cipher, in Bytes.
Definition: cipher.h:468
struct mbedtls_cipher_context_t mbedtls_cipher_context_t
void(* add_padding)(unsigned char *output, size_t olen, size_t data_len)
Definition: cipher.h:303
int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx, unsigned char *tag, size_t tag_len)
This function writes a tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish().
#define MBEDTLS_MAX_BLOCK_LENGTH
Definition: cipher.h:228
unsigned int key_bitlen
Definition: cipher.h:258
mbedtls_cipher_type_t type
Definition: cipher.h:249
const mbedtls_cipher_info_t * mbedtls_cipher_info_from_type(const mbedtls_cipher_type_t cipher_type)
This function retrieves the cipher-information structure associated with the given cipher type...
const mbedtls_cipher_base_t * base
Definition: cipher.h:279