Mbed TLS v2.28.7
cipher.h
Go to the documentation of this file.
1 
10 /*
11  * Copyright The Mbed TLS Contributors
12  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
13  */
14 
15 #ifndef MBEDTLS_CIPHER_H
16 #define MBEDTLS_CIPHER_H
17 
18 #if !defined(MBEDTLS_CONFIG_FILE)
19 #include "mbedtls/config.h"
20 #else
21 #include MBEDTLS_CONFIG_FILE
22 #endif
23 
24 #include <stddef.h>
25 #include "mbedtls/platform_util.h"
26 
27 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
28 #define MBEDTLS_CIPHER_MODE_AEAD
29 #endif
30 
31 #if defined(MBEDTLS_CIPHER_MODE_CBC)
32 #define MBEDTLS_CIPHER_MODE_WITH_PADDING
33 #endif
34 
35 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
36  defined(MBEDTLS_CHACHA20_C)
37 #define MBEDTLS_CIPHER_MODE_STREAM
38 #endif
39 
40 #if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \
41  !defined(inline) && !defined(__cplusplus)
42 #define inline __inline
43 #endif
44 
46 #define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080
47 
48 #define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100
49 
50 #define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180
51 
52 #define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200
53 
54 #define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280
55 
56 #define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300
57 
58 #define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380
59 
60 /* MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED is deprecated and should not be used. */
62 #define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400
63 
64 #define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01
65 #define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02
67 #ifdef __cplusplus
68 extern "C" {
69 #endif
70 
78 typedef enum {
90 
98 typedef enum {
180 
182 typedef enum {
197 
199 typedef enum {
206 
208 typedef enum {
213 
214 enum {
223 };
224 
226 /* This should ideally be derived automatically from list of ciphers.
227  * This should be kept in sync with MBEDTLS_SSL_MAX_IV_LENGTH defined
228  * in ssl_internal.h. */
229 #define MBEDTLS_MAX_IV_LENGTH 16
230 
232 /* This should ideally be derived automatically from list of ciphers.
233  * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
234  * in ssl_internal.h. */
235 #define MBEDTLS_MAX_BLOCK_LENGTH 16
236 
238 /* This should ideally be derived automatically from list of ciphers.
239  * For now, only check whether XTS is enabled which uses 64 Byte keys,
240  * and use 32 Bytes as an upper bound for the maximum key length otherwise.
241  * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
242  * in ssl_internal.h, which however deliberately ignores the case of XTS
243  * since the latter isn't used in SSL/TLS. */
244 #if defined(MBEDTLS_CIPHER_MODE_XTS)
245 #define MBEDTLS_MAX_KEY_LENGTH 64
246 #else
247 #define MBEDTLS_MAX_KEY_LENGTH 32
248 #endif /* MBEDTLS_CIPHER_MODE_XTS */
249 
254 
259 
264 typedef struct mbedtls_cipher_info_t {
269 
272 
277  unsigned int key_bitlen;
278 
280  const char *name;
281 
286  unsigned int iv_size;
287 
292  int flags;
293 
295  unsigned int block_size;
296 
299 
301 
305 typedef struct mbedtls_cipher_context_t {
308 
311 
316 
317 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
318 
321  void (*add_padding)(unsigned char *output, size_t olen, size_t data_len);
322  int (*get_padding)(unsigned char *input, size_t ilen, size_t *data_len);
323 #endif
324 
327 
330 
333  unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
334 
336  size_t iv_size;
337 
339  void *cipher_ctx;
340 
341 #if defined(MBEDTLS_CMAC_C)
342 
343  mbedtls_cmac_context_t *cmac_ctx;
344 #endif
345 
346 #if defined(MBEDTLS_USE_PSA_CRYPTO)
347 
354  unsigned char psa_enabled;
355 #endif /* MBEDTLS_USE_PSA_CRYPTO */
356 
358 
372 const int *mbedtls_cipher_list(void);
373 
385 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string(const char *cipher_name);
386 
398 
414  int key_bitlen,
415  const mbedtls_cipher_mode_t mode);
416 
423 
434 
435 
473  const mbedtls_cipher_info_t *cipher_info);
474 
475 #if defined(MBEDTLS_USE_PSA_CRYPTO)
476 
497 int mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx,
498  const mbedtls_cipher_info_t *cipher_info,
499  size_t taglen);
500 #endif /* MBEDTLS_USE_PSA_CRYPTO */
501 
510 static inline unsigned int mbedtls_cipher_get_block_size(
511  const mbedtls_cipher_context_t *ctx)
512 {
513  MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
514  if (ctx->cipher_info == NULL) {
515  return 0;
516  }
517 
518  return ctx->cipher_info->block_size;
519 }
520 
531  const mbedtls_cipher_context_t *ctx)
532 {
534  if (ctx->cipher_info == NULL) {
535  return MBEDTLS_MODE_NONE;
536  }
537 
538  return ctx->cipher_info->mode;
539 }
540 
551 static inline int mbedtls_cipher_get_iv_size(
552  const mbedtls_cipher_context_t *ctx)
553 {
554  MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
555  if (ctx->cipher_info == NULL) {
556  return 0;
557  }
558 
559  if (ctx->iv_size != 0) {
560  return (int) ctx->iv_size;
561  }
562 
563  return (int) ctx->cipher_info->iv_size;
564 }
565 
575  const mbedtls_cipher_context_t *ctx)
576 {
578  ctx != NULL, MBEDTLS_CIPHER_NONE);
579  if (ctx->cipher_info == NULL) {
580  return MBEDTLS_CIPHER_NONE;
581  }
582 
583  return ctx->cipher_info->type;
584 }
585 
595 static inline const char *mbedtls_cipher_get_name(
596  const mbedtls_cipher_context_t *ctx)
597 {
598  MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
599  if (ctx->cipher_info == NULL) {
600  return 0;
601  }
602 
603  return ctx->cipher_info->name;
604 }
605 
616  const mbedtls_cipher_context_t *ctx)
617 {
619  ctx != NULL, MBEDTLS_KEY_LENGTH_NONE);
620  if (ctx->cipher_info == NULL) {
622  }
623 
624  return (int) ctx->cipher_info->key_bitlen;
625 }
626 
636  const mbedtls_cipher_context_t *ctx)
637 {
639  ctx != NULL, MBEDTLS_OPERATION_NONE);
640  if (ctx->cipher_info == NULL) {
641  return MBEDTLS_OPERATION_NONE;
642  }
643 
644  return ctx->operation;
645 }
646 
664  const unsigned char *key,
665  int key_bitlen,
666  const mbedtls_operation_t operation);
667 
668 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
669 
685 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
686 
706  const unsigned char *iv,
707  size_t iv_len);
708 
741 
742 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
743 
758  const unsigned char *ad, size_t ad_len);
759 #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
760 
796  const unsigned char *input,
797  size_t ilen, unsigned char *output,
798  size_t *olen);
799 
823  unsigned char *output, size_t *olen);
824 
825 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
826 
843  unsigned char *tag, size_t tag_len);
844 
859  const unsigned char *tag, size_t tag_len);
860 #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
861 
896  const unsigned char *iv, size_t iv_len,
897  const unsigned char *input, size_t ilen,
898  unsigned char *output, size_t *olen);
899 
900 #if defined(MBEDTLS_CIPHER_MODE_AEAD)
901 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
902 #if defined(MBEDTLS_DEPRECATED_WARNING)
903 #define MBEDTLS_DEPRECATED __attribute__((deprecated))
904 #else
905 #define MBEDTLS_DEPRECATED
906 #endif /* MBEDTLS_DEPRECATED_WARNING */
907 
955  const unsigned char *iv, size_t iv_len,
956  const unsigned char *ad, size_t ad_len,
957  const unsigned char *input, size_t ilen,
958  unsigned char *output, size_t *olen,
959  unsigned char *tag, size_t tag_len);
960 
1014  const unsigned char *iv, size_t iv_len,
1015  const unsigned char *ad, size_t ad_len,
1016  const unsigned char *input, size_t ilen,
1017  unsigned char *output, size_t *olen,
1018  const unsigned char *tag, size_t tag_len);
1019 #undef MBEDTLS_DEPRECATED
1020 #endif /* MBEDTLS_DEPRECATED_REMOVED */
1021 #endif /* MBEDTLS_CIPHER_MODE_AEAD */
1022 
1023 #if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
1024 
1069  const unsigned char *iv, size_t iv_len,
1070  const unsigned char *ad, size_t ad_len,
1071  const unsigned char *input, size_t ilen,
1072  unsigned char *output, size_t output_len,
1073  size_t *olen, size_t tag_len);
1074 
1125  const unsigned char *iv, size_t iv_len,
1126  const unsigned char *ad, size_t ad_len,
1127  const unsigned char *input, size_t ilen,
1128  unsigned char *output, size_t output_len,
1129  size_t *olen, size_t tag_len);
1130 #endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */
1131 #ifdef __cplusplus
1132 }
1133 #endif
1134 
1135 #endif /* MBEDTLS_CIPHER_H */
unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH]
Definition: cipher.h:326
mbedtls_operation_t
Definition: cipher.h:208
unsigned int iv_size
Definition: cipher.h:286
mbedtls_cipher_padding_t
Definition: cipher.h:199
static mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(const mbedtls_cipher_context_t *ctx)
This function returns the mode of operation for the cipher. For example, MBEDTLS_MODE_CBC.
Definition: cipher.h:530
#define MBEDTLS_INTERNAL_VALIDATE_RET(cond, ret)
Definition: platform_util.h:97
static unsigned int mbedtls_cipher_get_block_size(const mbedtls_cipher_context_t *ctx)
This function returns the block size of the given cipher.
Definition: cipher.h:510
mbedtls_cipher_mode_t
Definition: cipher.h:182
const mbedtls_cipher_info_t * mbedtls_cipher_info_from_string(const char *cipher_name)
This function retrieves the cipher-information structure associated with the given cipher name...
int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen)
The generic cipher finalization function. If data still needs to be flushed from an incomplete block...
void(* add_padding)(unsigned char *output, size_t olen, size_t data_len)
Definition: cipher.h:321
int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t output_len, size_t *olen, size_t tag_len)
The authenticated encryption (AEAD/NIST_KW) function.
int mbedtls_cipher_reset(mbedtls_cipher_context_t *ctx)
This function resets the cipher state.
static const char * mbedtls_cipher_get_name(const mbedtls_cipher_context_t *ctx)
This function returns the name of the given cipher as a string.
Definition: cipher.h:595
Configuration options (set of defines)
int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len)
This function sets the initialization vector (IV) or nonce.
int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode)
This function sets the padding mode, for cipher modes that use padding.
mbedtls_cipher_mode_t mode
Definition: cipher.h:271
int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
The generic cipher update function. It encrypts or decrypts using the given cipher context...
unsigned int block_size
Definition: cipher.h:295
void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx)
This function frees and clears the cipher-specific context of ctx. Freeing ctx itself remains the res...
static mbedtls_operation_t mbedtls_cipher_get_operation(const mbedtls_cipher_context_t *ctx)
This function returns the operation of the given cipher.
Definition: cipher.h:635
const int * mbedtls_cipher_list(void)
This function retrieves the list of ciphers supported by the generic cipher module.
static int mbedtls_cipher_get_key_bitlen(const mbedtls_cipher_context_t *ctx)
This function returns the key length of the cipher.
Definition: cipher.h:615
mbedtls_cipher_type_t
Supported {cipher type, cipher mode} pairs.
Definition: cipher.h:98
struct mbedtls_cipher_info_t mbedtls_cipher_info_t
Common and shared functions used by multiple modules in the Mbed TLS library.
const mbedtls_cipher_info_t * cipher_info
Definition: cipher.h:307
struct mbedtls_cipher_base_t mbedtls_cipher_base_t
Definition: cipher.h:253
const mbedtls_cipher_info_t * mbedtls_cipher_info_from_values(const mbedtls_cipher_id_t cipher_id, int key_bitlen, const mbedtls_cipher_mode_t mode)
This function retrieves the cipher-information structure associated with the given cipher ID...
int MBEDTLS_DEPRECATED mbedtls_cipher_auth_encrypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, unsigned char *tag, size_t tag_len)
The generic authenticated encryption (AEAD) function.
static mbedtls_cipher_type_t mbedtls_cipher_get_type(const mbedtls_cipher_context_t *ctx)
This function returns the type of the given cipher.
Definition: cipher.h:574
int(* get_padding)(unsigned char *input, size_t ilen, size_t *data_len)
Definition: cipher.h:322
#define MBEDTLS_DEPRECATED
Definition: cipher.h:905
mbedtls_operation_t operation
Definition: cipher.h:315
mbedtls_cipher_id_t
Supported cipher types.
Definition: cipher.h:78
unsigned char iv[MBEDTLS_MAX_IV_LENGTH]
Definition: cipher.h:333
int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation)
This function sets the key to use with the given context.
int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t output_len, size_t *olen, size_t tag_len)
The authenticated encryption (AEAD/NIST_KW) function.
#define MBEDTLS_MAX_IV_LENGTH
Definition: cipher.h:229
const char * name
Definition: cipher.h:280
int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
The generic all-in-one encryption/decryption function, for all ciphers except AEAD constructs...
void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx)
This function initializes a ctx as NONE.
int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx, const unsigned char *ad, size_t ad_len)
This function adds additional data for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly13...
int MBEDTLS_DEPRECATED mbedtls_cipher_auth_decrypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, const unsigned char *tag, size_t tag_len)
The generic authenticated decryption (AEAD) function.
int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info)
This function prepares a cipher context for use with the given cipher primitive.
int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx, const unsigned char *tag, size_t tag_len)
This function checks the tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish().
static int mbedtls_cipher_get_iv_size(const mbedtls_cipher_context_t *ctx)
This function returns the size of the IV or nonce of the cipher, in Bytes.
Definition: cipher.h:551
struct mbedtls_cipher_context_t mbedtls_cipher_context_t
int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx, unsigned char *tag, size_t tag_len)
This function writes a tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish().
#define MBEDTLS_MAX_BLOCK_LENGTH
Definition: cipher.h:235
unsigned int key_bitlen
Definition: cipher.h:277
mbedtls_cipher_type_t type
Definition: cipher.h:268
const mbedtls_cipher_info_t * mbedtls_cipher_info_from_type(const mbedtls_cipher_type_t cipher_type)
This function retrieves the cipher-information structure associated with the given cipher type...
const mbedtls_cipher_base_t * base
Definition: cipher.h:298