123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306 |
- /*
- * PSA cipher driver entry points
- */
- /*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- #ifndef PSA_CRYPTO_CIPHER_H
- #define PSA_CRYPTO_CIPHER_H
- #include <mbedtls/cipher.h>
- #include <psa/crypto.h>
- /** Get Mbed TLS cipher information given the cipher algorithm PSA identifier
- * as well as the PSA type and size of the key to be used with the cipher
- * algorithm.
- *
- * \param alg PSA cipher algorithm identifier
- * \param key_type PSA key type
- * \param key_bits Size of the key in bits
- * \param[out] cipher_id Mbed TLS cipher algorithm identifier
- *
- * \return The Mbed TLS cipher information of the cipher algorithm.
- * \c NULL if the PSA cipher algorithm is not supported.
- */
- const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
- psa_algorithm_t alg, psa_key_type_t key_type, size_t key_bits,
- mbedtls_cipher_id_t *cipher_id );
- /**
- * \brief Set the key for a multipart symmetric encryption operation.
- *
- * \note The signature of this function is that of a PSA driver
- * cipher_encrypt_setup entry point. This function behaves as a
- * cipher_encrypt_setup entry point as defined in the PSA driver
- * interface specification for transparent drivers.
- *
- * \param[in,out] operation The operation object to set up. It has been
- * initialized as per the documentation for
- * #psa_cipher_operation_t and not yet in use.
- * \param[in] attributes The attributes of the key to use for the
- * operation.
- * \param[in] key_buffer The buffer containing the key context.
- * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
- * \param[in] alg The cipher algorithm to compute
- * (\c PSA_ALG_XXX value such that
- * #PSA_ALG_IS_CIPHER(\p alg) is true).
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
- psa_status_t mbedtls_psa_cipher_encrypt_setup(
- mbedtls_psa_cipher_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg );
- /**
- * \brief Set the key for a multipart symmetric decryption operation.
- *
- * \note The signature of this function is that of a PSA driver
- * cipher_decrypt_setup entry point. This function behaves as a
- * cipher_decrypt_setup entry point as defined in the PSA driver
- * interface specification for transparent drivers.
- *
- * \param[in,out] operation The operation object to set up. It has been
- * initialized as per the documentation for
- * #psa_cipher_operation_t and not yet in use.
- * \param[in] attributes The attributes of the key to use for the
- * operation.
- * \param[in] key_buffer The buffer containing the key context.
- * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
- * \param[in] alg The cipher algorithm to compute
- * (\c PSA_ALG_XXX value such that
- * #PSA_ALG_IS_CIPHER(\p alg) is true).
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
- psa_status_t mbedtls_psa_cipher_decrypt_setup(
- mbedtls_psa_cipher_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg );
- /** Set the IV for a symmetric encryption or decryption operation.
- *
- * This function sets the IV (initialization vector), nonce
- * or initial counter value for the encryption or decryption operation.
- *
- * \note The signature of this function is that of a PSA driver
- * cipher_set_iv entry point. This function behaves as a
- * cipher_set_iv entry point as defined in the PSA driver
- * interface specification for transparent drivers.
- *
- * \param[in,out] operation Active cipher operation.
- * \param[in] iv Buffer containing the IV to use.
- * \param[in] iv_length Size of the IV in bytes. It is guaranteed by
- * the core to be less or equal to
- * PSA_CIPHER_IV_MAX_SIZE.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The size of \p iv is not acceptable for the chosen algorithm,
- * or the chosen algorithm does not use an IV.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- */
- psa_status_t mbedtls_psa_cipher_set_iv(
- mbedtls_psa_cipher_operation_t *operation,
- const uint8_t *iv, size_t iv_length );
- /** Encrypt or decrypt a message fragment in an active cipher operation.
- *
- * \note The signature of this function is that of a PSA driver
- * cipher_update entry point. This function behaves as a
- * cipher_update entry point as defined in the PSA driver
- * interface specification for transparent drivers.
- *
- * \param[in,out] operation Active cipher operation.
- * \param[in] input Buffer containing the message fragment to
- * encrypt or decrypt.
- * \param[in] input_length Size of the \p input buffer in bytes.
- * \param[out] output Buffer where the output is to be written.
- * \param[in] output_size Size of the \p output buffer in bytes.
- * \param[out] output_length On success, the number of bytes
- * that make up the returned output.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * The size of the \p output buffer is too small.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- */
- psa_status_t mbedtls_psa_cipher_update(
- mbedtls_psa_cipher_operation_t *operation,
- const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length );
- /** Finish encrypting or decrypting a message in a cipher operation.
- *
- * \note The signature of this function is that of a PSA driver
- * cipher_finish entry point. This function behaves as a
- * cipher_finish entry point as defined in the PSA driver
- * interface specification for transparent drivers.
- *
- * \param[in,out] operation Active cipher operation.
- * \param[out] output Buffer where the output is to be written.
- * \param[in] output_size Size of the \p output buffer in bytes.
- * \param[out] output_length On success, the number of bytes
- * that make up the returned output.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The total input size passed to this operation is not valid for
- * this particular algorithm. For example, the algorithm is a based
- * on block cipher and requires a whole number of blocks, but the
- * total input size is not a multiple of the block size.
- * \retval #PSA_ERROR_INVALID_PADDING
- * This is a decryption operation for an algorithm that includes
- * padding, and the ciphertext does not contain valid padding.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * The size of the \p output buffer is too small.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- */
- psa_status_t mbedtls_psa_cipher_finish(
- mbedtls_psa_cipher_operation_t *operation,
- uint8_t *output, size_t output_size, size_t *output_length );
- /** Abort a cipher operation.
- *
- * Aborting an operation frees all associated resources except for the
- * \p operation structure itself. Once aborted, the operation object
- * can be reused for another operation.
- *
- * \note The signature of this function is that of a PSA driver
- * cipher_abort entry point. This function behaves as a
- * cipher_abort entry point as defined in the PSA driver
- * interface specification for transparent drivers.
- *
- * \param[in,out] operation Initialized cipher operation.
- *
- * \retval #PSA_SUCCESS
- */
- psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation );
- /** Encrypt a message using a symmetric cipher.
- *
- * \note The signature of this function is that of a PSA driver
- * cipher_encrypt entry point. This function behaves as a
- * cipher_encrypt entry point as defined in the PSA driver
- * interface specification for transparent drivers.
- *
- * \param[in] attributes The attributes of the key to use for the
- * operation.
- * \param[in] key_buffer The buffer containing the key context.
- * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
- * \param[in] alg The cipher algorithm to compute
- * (\c PSA_ALG_XXX value such that
- * #PSA_ALG_IS_CIPHER(\p alg) is true).
- * \param[in] iv Buffer containing the IV for encryption. The
- * IV has been generated by the core.
- * \param[in] iv_length Size of the \p iv in bytes.
- * \param[in] input Buffer containing the message to encrypt.
- * \param[in] input_length Size of the \p input buffer in bytes.
- * \param[in,out] output Buffer where the output is to be written.
- * \param[in] output_size Size of the \p output buffer in bytes.
- * \param[out] output_length On success, the number of bytes that make up
- * the returned output. Initialized to zero
- * by the core.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * The size of the \p output buffer is too small.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The size \p iv_length is not acceptable for the chosen algorithm,
- * or the chosen algorithm does not use an IV.
- * The total input size passed to this operation is not valid for
- * this particular algorithm. For example, the algorithm is a based
- * on block cipher and requires a whole number of blocks, but the
- * total input size is not a multiple of the block size.
- * \retval #PSA_ERROR_INVALID_PADDING
- * This is a decryption operation for an algorithm that includes
- * padding, and the ciphertext does not contain valid padding.
- */
- psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *iv,
- size_t iv_length,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length );
- /** Decrypt a message using a symmetric cipher.
- *
- * \note The signature of this function is that of a PSA driver
- * cipher_decrypt entry point. This function behaves as a
- * cipher_decrypt entry point as defined in the PSA driver
- * interface specification for transparent drivers.
- *
- * \param[in] attributes The attributes of the key to use for the
- * operation.
- * \param[in] key_buffer The buffer containing the key context.
- * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
- * \param[in] alg The cipher algorithm to compute
- * (\c PSA_ALG_XXX value such that
- * #PSA_ALG_IS_CIPHER(\p alg) is true).
- * \param[in] input Buffer containing the iv and the ciphertext.
- * \param[in] input_length Size of the \p input buffer in bytes.
- * \param[out] output Buffer where the output is to be written.
- * \param[in] output_size Size of the \p output buffer in bytes.
- * \param[out] output_length On success, the number of bytes that make up
- * the returned output. Initialized to zero
- * by the core.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * The size of the \p output buffer is too small.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The size of \p iv is not acceptable for the chosen algorithm,
- * or the chosen algorithm does not use an IV.
- * The total input size passed to this operation is not valid for
- * this particular algorithm. For example, the algorithm is a based
- * on block cipher and requires a whole number of blocks, but the
- * total input size is not a multiple of the block size.
- * \retval #PSA_ERROR_INVALID_PADDING
- * This is a decryption operation for an algorithm that includes
- * padding, and the ciphertext does not contain valid padding.
- */
- psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length );
- #endif /* PSA_CRYPTO_CIPHER_H */
|