Mbed TLS v2.28.5
cipher.h
Go to the documentation of this file.
1 
10 /*
11  * Copyright The Mbed TLS Contributors
12  * SPDX-License-Identifier: Apache-2.0
13  *
14  * Licensed under the Apache License, Version 2.0 (the "License"); you may
15  * not use this file except in compliance with the License.
16  * You may obtain a copy of the License at
17  *
18  * http://www.apache.org/licenses/LICENSE-2.0
19  *
20  * Unless required by applicable law or agreed to in writing, software
21  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
22  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
23  * See the License for the specific language governing permissions and
24  * limitations under the License.
25  */
26 
27 #ifndef MBEDTLS_CIPHER_H
28 #define MBEDTLS_CIPHER_H
29 
30 #if !defined(MBEDTLS_CONFIG_FILE)
31 #include "mbedtls/config.h"
32 #else
33 #include MBEDTLS_CONFIG_FILE
34 #endif
35 
36 #include <stddef.h>
37 #include "mbedtls/platform_util.h"
38 
39 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
40 #define MBEDTLS_CIPHER_MODE_AEAD
41 #endif
42 
43 #if defined(MBEDTLS_CIPHER_MODE_CBC)
44 #define MBEDTLS_CIPHER_MODE_WITH_PADDING
45 #endif
46 
47 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
48  defined(MBEDTLS_CHACHA20_C)
49 #define MBEDTLS_CIPHER_MODE_STREAM
50 #endif
51 
52 #if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \
53  !defined(inline) && !defined(__cplusplus)
54 #define inline __inline
55 #endif
56 
58 #define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080
59 
60 #define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100
61 
62 #define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180
63 
64 #define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200
65 
66 #define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280
67 
68 #define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300
69 
70 #define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380
71 
72 /* MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED is deprecated and should not be used. */
74 #define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400
75 
76 #define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01
77 #define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02
79 #ifdef __cplusplus
80 extern "C" {
81 #endif
82 
90 typedef enum {
102 
110 typedef enum {
192 
194 typedef enum {
209 
211 typedef enum {
218 
220 typedef enum {
225 
226 enum {
235 };
236 
238 /* This should ideally be derived automatically from list of ciphers.
239  * This should be kept in sync with MBEDTLS_SSL_MAX_IV_LENGTH defined
240  * in ssl_internal.h. */
241 #define MBEDTLS_MAX_IV_LENGTH 16
242 
244 /* This should ideally be derived automatically from list of ciphers.
245  * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
246  * in ssl_internal.h. */
247 #define MBEDTLS_MAX_BLOCK_LENGTH 16
248 
250 /* This should ideally be derived automatically from list of ciphers.
251  * For now, only check whether XTS is enabled which uses 64 Byte keys,
252  * and use 32 Bytes as an upper bound for the maximum key length otherwise.
253  * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
254  * in ssl_internal.h, which however deliberately ignores the case of XTS
255  * since the latter isn't used in SSL/TLS. */
256 #if defined(MBEDTLS_CIPHER_MODE_XTS)
257 #define MBEDTLS_MAX_KEY_LENGTH 64
258 #else
259 #define MBEDTLS_MAX_KEY_LENGTH 32
260 #endif /* MBEDTLS_CIPHER_MODE_XTS */
261 
266 
271 
276 typedef struct mbedtls_cipher_info_t {
281 
284 
289  unsigned int key_bitlen;
290 
292  const char *name;
293 
298  unsigned int iv_size;
299 
304  int flags;
305 
307  unsigned int block_size;
308 
311 
313 
317 typedef struct mbedtls_cipher_context_t {
320 
323 
328 
329 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
330 
333  void (*add_padding)(unsigned char *output, size_t olen, size_t data_len);
334  int (*get_padding)(unsigned char *input, size_t ilen, size_t *data_len);
335 #endif
336 
339 
342 
345  unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
346 
348  size_t iv_size;
349 
351  void *cipher_ctx;
352 
353 #if defined(MBEDTLS_CMAC_C)
354 
355  mbedtls_cmac_context_t *cmac_ctx;
356 #endif
357 
358 #if defined(MBEDTLS_USE_PSA_CRYPTO)
359 
366  unsigned char psa_enabled;
367 #endif /* MBEDTLS_USE_PSA_CRYPTO */
368 
370 
384 const int *mbedtls_cipher_list(void);
385 
397 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string(const char *cipher_name);
398 
410 
426  int key_bitlen,
427  const mbedtls_cipher_mode_t mode);
428 
435 
446 
447 
485  const mbedtls_cipher_info_t *cipher_info);
486 
487 #if defined(MBEDTLS_USE_PSA_CRYPTO)
488 
509 int mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx,
510  const mbedtls_cipher_info_t *cipher_info,
511  size_t taglen);
512 #endif /* MBEDTLS_USE_PSA_CRYPTO */
513 
522 static inline unsigned int mbedtls_cipher_get_block_size(
523  const mbedtls_cipher_context_t *ctx)
524 {
525  MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
526  if (ctx->cipher_info == NULL) {
527  return 0;
528  }
529 
530  return ctx->cipher_info->block_size;
531 }
532 
543  const mbedtls_cipher_context_t *ctx)
544 {
546  if (ctx->cipher_info == NULL) {
547  return MBEDTLS_MODE_NONE;
548  }
549 
550  return ctx->cipher_info->mode;
551 }
552 
563 static inline int mbedtls_cipher_get_iv_size(
564  const mbedtls_cipher_context_t *ctx)
565 {
566  MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
567  if (ctx->cipher_info == NULL) {
568  return 0;
569  }
570 
571  if (ctx->iv_size != 0) {
572  return (int) ctx->iv_size;
573  }
574 
575  return (int) ctx->cipher_info->iv_size;
576 }
577 
587  const mbedtls_cipher_context_t *ctx)
588 {
590  ctx != NULL, MBEDTLS_CIPHER_NONE);
591  if (ctx->cipher_info == NULL) {
592  return MBEDTLS_CIPHER_NONE;
593  }
594 
595  return ctx->cipher_info->type;
596 }
597 
607 static inline const char *mbedtls_cipher_get_name(
608  const mbedtls_cipher_context_t *ctx)
609 {
610  MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
611  if (ctx->cipher_info == NULL) {
612  return 0;
613  }
614 
615  return ctx->cipher_info->name;
616 }
617 
628  const mbedtls_cipher_context_t *ctx)
629 {
631  ctx != NULL, MBEDTLS_KEY_LENGTH_NONE);
632  if (ctx->cipher_info == NULL) {
634  }
635 
636  return (int) ctx->cipher_info->key_bitlen;
637 }
638 
648  const mbedtls_cipher_context_t *ctx)
649 {
651  ctx != NULL, MBEDTLS_OPERATION_NONE);
652  if (ctx->cipher_info == NULL) {
653  return MBEDTLS_OPERATION_NONE;
654  }
655 
656  return ctx->operation;
657 }
658 
676  const unsigned char *key,
677  int key_bitlen,
678  const mbedtls_operation_t operation);
679 
680 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
681 
697 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
698 
718  const unsigned char *iv,
719  size_t iv_len);
720 
753 
754 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
755 
770  const unsigned char *ad, size_t ad_len);
771 #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
772 
808  const unsigned char *input,
809  size_t ilen, unsigned char *output,
810  size_t *olen);
811 
835  unsigned char *output, size_t *olen);
836 
837 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
838 
855  unsigned char *tag, size_t tag_len);
856 
871  const unsigned char *tag, size_t tag_len);
872 #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
873 
908  const unsigned char *iv, size_t iv_len,
909  const unsigned char *input, size_t ilen,
910  unsigned char *output, size_t *olen);
911 
912 #if defined(MBEDTLS_CIPHER_MODE_AEAD)
913 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
914 #if defined(MBEDTLS_DEPRECATED_WARNING)
915 #define MBEDTLS_DEPRECATED __attribute__((deprecated))
916 #else
917 #define MBEDTLS_DEPRECATED
918 #endif /* MBEDTLS_DEPRECATED_WARNING */
919 
967  const unsigned char *iv, size_t iv_len,
968  const unsigned char *ad, size_t ad_len,
969  const unsigned char *input, size_t ilen,
970  unsigned char *output, size_t *olen,
971  unsigned char *tag, size_t tag_len);
972 
1026  const unsigned char *iv, size_t iv_len,
1027  const unsigned char *ad, size_t ad_len,
1028  const unsigned char *input, size_t ilen,
1029  unsigned char *output, size_t *olen,
1030  const unsigned char *tag, size_t tag_len);
1031 #undef MBEDTLS_DEPRECATED
1032 #endif /* MBEDTLS_DEPRECATED_REMOVED */
1033 #endif /* MBEDTLS_CIPHER_MODE_AEAD */
1034 
1035 #if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
1036 
1081  const unsigned char *iv, size_t iv_len,
1082  const unsigned char *ad, size_t ad_len,
1083  const unsigned char *input, size_t ilen,
1084  unsigned char *output, size_t output_len,
1085  size_t *olen, size_t tag_len);
1086 
1137  const unsigned char *iv, size_t iv_len,
1138  const unsigned char *ad, size_t ad_len,
1139  const unsigned char *input, size_t ilen,
1140  unsigned char *output, size_t output_len,
1141  size_t *olen, size_t tag_len);
1142 #endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */
1143 #ifdef __cplusplus
1144 }
1145 #endif
1146 
1147 #endif /* MBEDTLS_CIPHER_H */
unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH]
Definition: cipher.h:338
mbedtls_operation_t
Definition: cipher.h:220
unsigned int iv_size
Definition: cipher.h:298
mbedtls_cipher_padding_t
Definition: cipher.h:211
static mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(const mbedtls_cipher_context_t *ctx)
This function returns the mode of operation for the cipher. For example, MBEDTLS_MODE_CBC.
Definition: cipher.h:542
#define MBEDTLS_INTERNAL_VALIDATE_RET(cond, ret)
static unsigned int mbedtls_cipher_get_block_size(const mbedtls_cipher_context_t *ctx)
This function returns the block size of the given cipher.
Definition: cipher.h:522
mbedtls_cipher_mode_t
Definition: cipher.h:194
const mbedtls_cipher_info_t * mbedtls_cipher_info_from_string(const char *cipher_name)
This function retrieves the cipher-information structure associated with the given cipher name...
int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen)
The generic cipher finalization function. If data still needs to be flushed from an incomplete block...
void(* add_padding)(unsigned char *output, size_t olen, size_t data_len)
Definition: cipher.h:333
int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t output_len, size_t *olen, size_t tag_len)
The authenticated encryption (AEAD/NIST_KW) function.
int mbedtls_cipher_reset(mbedtls_cipher_context_t *ctx)
This function resets the cipher state.
static const char * mbedtls_cipher_get_name(const mbedtls_cipher_context_t *ctx)
This function returns the name of the given cipher as a string.
Definition: cipher.h:607
Configuration options (set of defines)
int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len)
This function sets the initialization vector (IV) or nonce.
int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode)
This function sets the padding mode, for cipher modes that use padding.
mbedtls_cipher_mode_t mode
Definition: cipher.h:283
int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
The generic cipher update function. It encrypts or decrypts using the given cipher context...
unsigned int block_size
Definition: cipher.h:307
void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx)
This function frees and clears the cipher-specific context of ctx. Freeing ctx itself remains the res...
static mbedtls_operation_t mbedtls_cipher_get_operation(const mbedtls_cipher_context_t *ctx)
This function returns the operation of the given cipher.
Definition: cipher.h:647
const int * mbedtls_cipher_list(void)
This function retrieves the list of ciphers supported by the generic cipher module.
static int mbedtls_cipher_get_key_bitlen(const mbedtls_cipher_context_t *ctx)
This function returns the key length of the cipher.
Definition: cipher.h:627
mbedtls_cipher_type_t
Supported {cipher type, cipher mode} pairs.
Definition: cipher.h:110
struct mbedtls_cipher_info_t mbedtls_cipher_info_t
Common and shared functions used by multiple modules in the Mbed TLS library.
const mbedtls_cipher_info_t * cipher_info
Definition: cipher.h:319
struct mbedtls_cipher_base_t mbedtls_cipher_base_t
Definition: cipher.h:265
const mbedtls_cipher_info_t * mbedtls_cipher_info_from_values(const mbedtls_cipher_id_t cipher_id, int key_bitlen, const mbedtls_cipher_mode_t mode)
This function retrieves the cipher-information structure associated with the given cipher ID...
int MBEDTLS_DEPRECATED mbedtls_cipher_auth_encrypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, unsigned char *tag, size_t tag_len)
The generic authenticated encryption (AEAD) function.
static mbedtls_cipher_type_t mbedtls_cipher_get_type(const mbedtls_cipher_context_t *ctx)
This function returns the type of the given cipher.
Definition: cipher.h:586
int(* get_padding)(unsigned char *input, size_t ilen, size_t *data_len)
Definition: cipher.h:334
#define MBEDTLS_DEPRECATED
Definition: cipher.h:917
mbedtls_operation_t operation
Definition: cipher.h:327
mbedtls_cipher_id_t
Supported cipher types.
Definition: cipher.h:90
unsigned char iv[MBEDTLS_MAX_IV_LENGTH]
Definition: cipher.h:345
int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation)
This function sets the key to use with the given context.
int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t output_len, size_t *olen, size_t tag_len)
The authenticated encryption (AEAD/NIST_KW) function.
#define MBEDTLS_MAX_IV_LENGTH
Definition: cipher.h:241
const char * name
Definition: cipher.h:292
int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
The generic all-in-one encryption/decryption function, for all ciphers except AEAD constructs...
void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx)
This function initializes a ctx as NONE.
int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx, const unsigned char *ad, size_t ad_len)
This function adds additional data for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly13...
int MBEDTLS_DEPRECATED mbedtls_cipher_auth_decrypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, const unsigned char *tag, size_t tag_len)
The generic authenticated decryption (AEAD) function.
int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info)
This function prepares a cipher context for use with the given cipher primitive.
int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx, const unsigned char *tag, size_t tag_len)
This function checks the tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish().
static int mbedtls_cipher_get_iv_size(const mbedtls_cipher_context_t *ctx)
This function returns the size of the IV or nonce of the cipher, in Bytes.
Definition: cipher.h:563
struct mbedtls_cipher_context_t mbedtls_cipher_context_t
int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx, unsigned char *tag, size_t tag_len)
This function writes a tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish().
#define MBEDTLS_MAX_BLOCK_LENGTH
Definition: cipher.h:247
unsigned int key_bitlen
Definition: cipher.h:289
mbedtls_cipher_type_t type
Definition: cipher.h:280
const mbedtls_cipher_info_t * mbedtls_cipher_info_from_type(const mbedtls_cipher_type_t cipher_type)
This function retrieves the cipher-information structure associated with the given cipher type...
const mbedtls_cipher_base_t * base
Definition: cipher.h:310