psa_crypto_cipher.h 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306
  1. /*
  2. * PSA cipher driver entry points
  3. */
  4. /*
  5. * Copyright The Mbed TLS Contributors
  6. * SPDX-License-Identifier: Apache-2.0
  7. *
  8. * Licensed under the Apache License, Version 2.0 (the "License"); you may
  9. * not use this file except in compliance with the License.
  10. * You may obtain a copy of the License at
  11. *
  12. * http://www.apache.org/licenses/LICENSE-2.0
  13. *
  14. * Unless required by applicable law or agreed to in writing, software
  15. * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  16. * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17. * See the License for the specific language governing permissions and
  18. * limitations under the License.
  19. */
  20. #ifndef PSA_CRYPTO_CIPHER_H
  21. #define PSA_CRYPTO_CIPHER_H
  22. #include <mbedtls/cipher.h>
  23. #include <psa/crypto.h>
  24. /** Get Mbed TLS cipher information given the cipher algorithm PSA identifier
  25. * as well as the PSA type and size of the key to be used with the cipher
  26. * algorithm.
  27. *
  28. * \param alg PSA cipher algorithm identifier
  29. * \param key_type PSA key type
  30. * \param key_bits Size of the key in bits
  31. * \param[out] cipher_id Mbed TLS cipher algorithm identifier
  32. *
  33. * \return The Mbed TLS cipher information of the cipher algorithm.
  34. * \c NULL if the PSA cipher algorithm is not supported.
  35. */
  36. const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
  37. psa_algorithm_t alg, psa_key_type_t key_type, size_t key_bits,
  38. mbedtls_cipher_id_t *cipher_id );
  39. /**
  40. * \brief Set the key for a multipart symmetric encryption operation.
  41. *
  42. * \note The signature of this function is that of a PSA driver
  43. * cipher_encrypt_setup entry point. This function behaves as a
  44. * cipher_encrypt_setup entry point as defined in the PSA driver
  45. * interface specification for transparent drivers.
  46. *
  47. * \param[in,out] operation The operation object to set up. It has been
  48. * initialized as per the documentation for
  49. * #psa_cipher_operation_t and not yet in use.
  50. * \param[in] attributes The attributes of the key to use for the
  51. * operation.
  52. * \param[in] key_buffer The buffer containing the key context.
  53. * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
  54. * \param[in] alg The cipher algorithm to compute
  55. * (\c PSA_ALG_XXX value such that
  56. * #PSA_ALG_IS_CIPHER(\p alg) is true).
  57. *
  58. * \retval #PSA_SUCCESS
  59. * \retval #PSA_ERROR_NOT_SUPPORTED
  60. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  61. * \retval #PSA_ERROR_CORRUPTION_DETECTED
  62. */
  63. psa_status_t mbedtls_psa_cipher_encrypt_setup(
  64. mbedtls_psa_cipher_operation_t *operation,
  65. const psa_key_attributes_t *attributes,
  66. const uint8_t *key_buffer, size_t key_buffer_size,
  67. psa_algorithm_t alg );
  68. /**
  69. * \brief Set the key for a multipart symmetric decryption operation.
  70. *
  71. * \note The signature of this function is that of a PSA driver
  72. * cipher_decrypt_setup entry point. This function behaves as a
  73. * cipher_decrypt_setup entry point as defined in the PSA driver
  74. * interface specification for transparent drivers.
  75. *
  76. * \param[in,out] operation The operation object to set up. It has been
  77. * initialized as per the documentation for
  78. * #psa_cipher_operation_t and not yet in use.
  79. * \param[in] attributes The attributes of the key to use for the
  80. * operation.
  81. * \param[in] key_buffer The buffer containing the key context.
  82. * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
  83. * \param[in] alg The cipher algorithm to compute
  84. * (\c PSA_ALG_XXX value such that
  85. * #PSA_ALG_IS_CIPHER(\p alg) is true).
  86. *
  87. * \retval #PSA_SUCCESS
  88. * \retval #PSA_ERROR_NOT_SUPPORTED
  89. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  90. * \retval #PSA_ERROR_CORRUPTION_DETECTED
  91. */
  92. psa_status_t mbedtls_psa_cipher_decrypt_setup(
  93. mbedtls_psa_cipher_operation_t *operation,
  94. const psa_key_attributes_t *attributes,
  95. const uint8_t *key_buffer, size_t key_buffer_size,
  96. psa_algorithm_t alg );
  97. /** Set the IV for a symmetric encryption or decryption operation.
  98. *
  99. * This function sets the IV (initialization vector), nonce
  100. * or initial counter value for the encryption or decryption operation.
  101. *
  102. * \note The signature of this function is that of a PSA driver
  103. * cipher_set_iv entry point. This function behaves as a
  104. * cipher_set_iv entry point as defined in the PSA driver
  105. * interface specification for transparent drivers.
  106. *
  107. * \param[in,out] operation Active cipher operation.
  108. * \param[in] iv Buffer containing the IV to use.
  109. * \param[in] iv_length Size of the IV in bytes. It is guaranteed by
  110. * the core to be less or equal to
  111. * PSA_CIPHER_IV_MAX_SIZE.
  112. *
  113. * \retval #PSA_SUCCESS
  114. * \retval #PSA_ERROR_INVALID_ARGUMENT
  115. * The size of \p iv is not acceptable for the chosen algorithm,
  116. * or the chosen algorithm does not use an IV.
  117. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  118. */
  119. psa_status_t mbedtls_psa_cipher_set_iv(
  120. mbedtls_psa_cipher_operation_t *operation,
  121. const uint8_t *iv, size_t iv_length );
  122. /** Encrypt or decrypt a message fragment in an active cipher operation.
  123. *
  124. * \note The signature of this function is that of a PSA driver
  125. * cipher_update entry point. This function behaves as a
  126. * cipher_update entry point as defined in the PSA driver
  127. * interface specification for transparent drivers.
  128. *
  129. * \param[in,out] operation Active cipher operation.
  130. * \param[in] input Buffer containing the message fragment to
  131. * encrypt or decrypt.
  132. * \param[in] input_length Size of the \p input buffer in bytes.
  133. * \param[out] output Buffer where the output is to be written.
  134. * \param[in] output_size Size of the \p output buffer in bytes.
  135. * \param[out] output_length On success, the number of bytes
  136. * that make up the returned output.
  137. *
  138. * \retval #PSA_SUCCESS
  139. * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  140. * The size of the \p output buffer is too small.
  141. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  142. */
  143. psa_status_t mbedtls_psa_cipher_update(
  144. mbedtls_psa_cipher_operation_t *operation,
  145. const uint8_t *input, size_t input_length,
  146. uint8_t *output, size_t output_size, size_t *output_length );
  147. /** Finish encrypting or decrypting a message in a cipher operation.
  148. *
  149. * \note The signature of this function is that of a PSA driver
  150. * cipher_finish entry point. This function behaves as a
  151. * cipher_finish entry point as defined in the PSA driver
  152. * interface specification for transparent drivers.
  153. *
  154. * \param[in,out] operation Active cipher operation.
  155. * \param[out] output Buffer where the output is to be written.
  156. * \param[in] output_size Size of the \p output buffer in bytes.
  157. * \param[out] output_length On success, the number of bytes
  158. * that make up the returned output.
  159. *
  160. * \retval #PSA_SUCCESS
  161. * \retval #PSA_ERROR_INVALID_ARGUMENT
  162. * The total input size passed to this operation is not valid for
  163. * this particular algorithm. For example, the algorithm is a based
  164. * on block cipher and requires a whole number of blocks, but the
  165. * total input size is not a multiple of the block size.
  166. * \retval #PSA_ERROR_INVALID_PADDING
  167. * This is a decryption operation for an algorithm that includes
  168. * padding, and the ciphertext does not contain valid padding.
  169. * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  170. * The size of the \p output buffer is too small.
  171. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  172. */
  173. psa_status_t mbedtls_psa_cipher_finish(
  174. mbedtls_psa_cipher_operation_t *operation,
  175. uint8_t *output, size_t output_size, size_t *output_length );
  176. /** Abort a cipher operation.
  177. *
  178. * Aborting an operation frees all associated resources except for the
  179. * \p operation structure itself. Once aborted, the operation object
  180. * can be reused for another operation.
  181. *
  182. * \note The signature of this function is that of a PSA driver
  183. * cipher_abort entry point. This function behaves as a
  184. * cipher_abort entry point as defined in the PSA driver
  185. * interface specification for transparent drivers.
  186. *
  187. * \param[in,out] operation Initialized cipher operation.
  188. *
  189. * \retval #PSA_SUCCESS
  190. */
  191. psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation );
  192. /** Encrypt a message using a symmetric cipher.
  193. *
  194. * \note The signature of this function is that of a PSA driver
  195. * cipher_encrypt entry point. This function behaves as a
  196. * cipher_encrypt entry point as defined in the PSA driver
  197. * interface specification for transparent drivers.
  198. *
  199. * \param[in] attributes The attributes of the key to use for the
  200. * operation.
  201. * \param[in] key_buffer The buffer containing the key context.
  202. * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
  203. * \param[in] alg The cipher algorithm to compute
  204. * (\c PSA_ALG_XXX value such that
  205. * #PSA_ALG_IS_CIPHER(\p alg) is true).
  206. * \param[in] iv Buffer containing the IV for encryption. The
  207. * IV has been generated by the core.
  208. * \param[in] iv_length Size of the \p iv in bytes.
  209. * \param[in] input Buffer containing the message to encrypt.
  210. * \param[in] input_length Size of the \p input buffer in bytes.
  211. * \param[in,out] output Buffer where the output is to be written.
  212. * \param[in] output_size Size of the \p output buffer in bytes.
  213. * \param[out] output_length On success, the number of bytes that make up
  214. * the returned output. Initialized to zero
  215. * by the core.
  216. *
  217. * \retval #PSA_SUCCESS
  218. * \retval #PSA_ERROR_NOT_SUPPORTED
  219. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  220. * \retval #PSA_ERROR_CORRUPTION_DETECTED
  221. * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  222. * The size of the \p output buffer is too small.
  223. * \retval #PSA_ERROR_INVALID_ARGUMENT
  224. * The size \p iv_length is not acceptable for the chosen algorithm,
  225. * or the chosen algorithm does not use an IV.
  226. * The total input size passed to this operation is not valid for
  227. * this particular algorithm. For example, the algorithm is a based
  228. * on block cipher and requires a whole number of blocks, but the
  229. * total input size is not a multiple of the block size.
  230. * \retval #PSA_ERROR_INVALID_PADDING
  231. * This is a decryption operation for an algorithm that includes
  232. * padding, and the ciphertext does not contain valid padding.
  233. */
  234. psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
  235. const uint8_t *key_buffer,
  236. size_t key_buffer_size,
  237. psa_algorithm_t alg,
  238. const uint8_t *iv,
  239. size_t iv_length,
  240. const uint8_t *input,
  241. size_t input_length,
  242. uint8_t *output,
  243. size_t output_size,
  244. size_t *output_length );
  245. /** Decrypt a message using a symmetric cipher.
  246. *
  247. * \note The signature of this function is that of a PSA driver
  248. * cipher_decrypt entry point. This function behaves as a
  249. * cipher_decrypt entry point as defined in the PSA driver
  250. * interface specification for transparent drivers.
  251. *
  252. * \param[in] attributes The attributes of the key to use for the
  253. * operation.
  254. * \param[in] key_buffer The buffer containing the key context.
  255. * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
  256. * \param[in] alg The cipher algorithm to compute
  257. * (\c PSA_ALG_XXX value such that
  258. * #PSA_ALG_IS_CIPHER(\p alg) is true).
  259. * \param[in] input Buffer containing the iv and the ciphertext.
  260. * \param[in] input_length Size of the \p input buffer in bytes.
  261. * \param[out] output Buffer where the output is to be written.
  262. * \param[in] output_size Size of the \p output buffer in bytes.
  263. * \param[out] output_length On success, the number of bytes that make up
  264. * the returned output. Initialized to zero
  265. * by the core.
  266. *
  267. * \retval #PSA_SUCCESS
  268. * \retval #PSA_ERROR_NOT_SUPPORTED
  269. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  270. * \retval #PSA_ERROR_CORRUPTION_DETECTED
  271. * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  272. * The size of the \p output buffer is too small.
  273. * \retval #PSA_ERROR_INVALID_ARGUMENT
  274. * The size of \p iv is not acceptable for the chosen algorithm,
  275. * or the chosen algorithm does not use an IV.
  276. * The total input size passed to this operation is not valid for
  277. * this particular algorithm. For example, the algorithm is a based
  278. * on block cipher and requires a whole number of blocks, but the
  279. * total input size is not a multiple of the block size.
  280. * \retval #PSA_ERROR_INVALID_PADDING
  281. * This is a decryption operation for an algorithm that includes
  282. * padding, and the ciphertext does not contain valid padding.
  283. */
  284. psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes,
  285. const uint8_t *key_buffer,
  286. size_t key_buffer_size,
  287. psa_algorithm_t alg,
  288. const uint8_t *input,
  289. size_t input_length,
  290. uint8_t *output,
  291. size_t output_size,
  292. size_t *output_length );
  293. #endif /* PSA_CRYPTO_CIPHER_H */