cipher.h 26 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712
  1. /**
  2. * \file cipher.h
  3. *
  4. * \brief Generic cipher wrapper.
  5. *
  6. * \author Adriaan de Jong <dejong@fox-it.com>
  7. *
  8. * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
  9. * SPDX-License-Identifier: GPL-2.0
  10. *
  11. * This program is free software; you can redistribute it and/or modify
  12. * it under the terms of the GNU General Public License as published by
  13. * the Free Software Foundation; either version 2 of the License, or
  14. * (at your option) any later version.
  15. *
  16. * This program is distributed in the hope that it will be useful,
  17. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  19. * GNU General Public License for more details.
  20. *
  21. * You should have received a copy of the GNU General Public License along
  22. * with this program; if not, write to the Free Software Foundation, Inc.,
  23. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  24. *
  25. * This file is part of mbed TLS (https://tls.mbed.org)
  26. */
  27. #ifndef MBEDTLS_CIPHER_H
  28. #define MBEDTLS_CIPHER_H
  29. #if !defined(MBEDTLS_CONFIG_FILE)
  30. #include "config.h"
  31. #else
  32. #include MBEDTLS_CONFIG_FILE
  33. #endif
  34. #include <stddef.h>
  35. #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
  36. #define MBEDTLS_CIPHER_MODE_AEAD
  37. #endif
  38. #if defined(MBEDTLS_CIPHER_MODE_CBC)
  39. #define MBEDTLS_CIPHER_MODE_WITH_PADDING
  40. #endif
  41. #if defined(MBEDTLS_ARC4_C)
  42. #define MBEDTLS_CIPHER_MODE_STREAM
  43. #endif
  44. #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
  45. !defined(inline) && !defined(__cplusplus)
  46. #define inline __inline
  47. #endif
  48. #define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 /**< The selected feature is not available. */
  49. #define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 /**< Bad input parameters to function. */
  50. #define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 /**< Failed to allocate memory. */
  51. #define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */
  52. #define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */
  53. #define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */
  54. #define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid, eg because it was free()ed. */
  55. #define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length */
  56. #define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length */
  57. #ifdef __cplusplus
  58. extern "C" {
  59. #endif
  60. typedef enum {
  61. MBEDTLS_CIPHER_ID_NONE = 0,
  62. MBEDTLS_CIPHER_ID_NULL,
  63. MBEDTLS_CIPHER_ID_AES,
  64. MBEDTLS_CIPHER_ID_DES,
  65. MBEDTLS_CIPHER_ID_3DES,
  66. MBEDTLS_CIPHER_ID_CAMELLIA,
  67. MBEDTLS_CIPHER_ID_BLOWFISH,
  68. MBEDTLS_CIPHER_ID_ARC4,
  69. } mbedtls_cipher_id_t;
  70. typedef enum {
  71. MBEDTLS_CIPHER_NONE = 0,
  72. MBEDTLS_CIPHER_NULL,
  73. MBEDTLS_CIPHER_AES_128_ECB,
  74. MBEDTLS_CIPHER_AES_192_ECB,
  75. MBEDTLS_CIPHER_AES_256_ECB,
  76. MBEDTLS_CIPHER_AES_128_CBC,
  77. MBEDTLS_CIPHER_AES_192_CBC,
  78. MBEDTLS_CIPHER_AES_256_CBC,
  79. MBEDTLS_CIPHER_AES_128_CFB128,
  80. MBEDTLS_CIPHER_AES_192_CFB128,
  81. MBEDTLS_CIPHER_AES_256_CFB128,
  82. MBEDTLS_CIPHER_AES_128_CTR,
  83. MBEDTLS_CIPHER_AES_192_CTR,
  84. MBEDTLS_CIPHER_AES_256_CTR,
  85. MBEDTLS_CIPHER_AES_128_GCM,
  86. MBEDTLS_CIPHER_AES_192_GCM,
  87. MBEDTLS_CIPHER_AES_256_GCM,
  88. MBEDTLS_CIPHER_CAMELLIA_128_ECB,
  89. MBEDTLS_CIPHER_CAMELLIA_192_ECB,
  90. MBEDTLS_CIPHER_CAMELLIA_256_ECB,
  91. MBEDTLS_CIPHER_CAMELLIA_128_CBC,
  92. MBEDTLS_CIPHER_CAMELLIA_192_CBC,
  93. MBEDTLS_CIPHER_CAMELLIA_256_CBC,
  94. MBEDTLS_CIPHER_CAMELLIA_128_CFB128,
  95. MBEDTLS_CIPHER_CAMELLIA_192_CFB128,
  96. MBEDTLS_CIPHER_CAMELLIA_256_CFB128,
  97. MBEDTLS_CIPHER_CAMELLIA_128_CTR,
  98. MBEDTLS_CIPHER_CAMELLIA_192_CTR,
  99. MBEDTLS_CIPHER_CAMELLIA_256_CTR,
  100. MBEDTLS_CIPHER_CAMELLIA_128_GCM,
  101. MBEDTLS_CIPHER_CAMELLIA_192_GCM,
  102. MBEDTLS_CIPHER_CAMELLIA_256_GCM,
  103. MBEDTLS_CIPHER_DES_ECB,
  104. MBEDTLS_CIPHER_DES_CBC,
  105. MBEDTLS_CIPHER_DES_EDE_ECB,
  106. MBEDTLS_CIPHER_DES_EDE_CBC,
  107. MBEDTLS_CIPHER_DES_EDE3_ECB,
  108. MBEDTLS_CIPHER_DES_EDE3_CBC,
  109. MBEDTLS_CIPHER_BLOWFISH_ECB,
  110. MBEDTLS_CIPHER_BLOWFISH_CBC,
  111. MBEDTLS_CIPHER_BLOWFISH_CFB64,
  112. MBEDTLS_CIPHER_BLOWFISH_CTR,
  113. MBEDTLS_CIPHER_ARC4_128,
  114. MBEDTLS_CIPHER_AES_128_CCM,
  115. MBEDTLS_CIPHER_AES_192_CCM,
  116. MBEDTLS_CIPHER_AES_256_CCM,
  117. MBEDTLS_CIPHER_CAMELLIA_128_CCM,
  118. MBEDTLS_CIPHER_CAMELLIA_192_CCM,
  119. MBEDTLS_CIPHER_CAMELLIA_256_CCM,
  120. } mbedtls_cipher_type_t;
  121. typedef enum {
  122. MBEDTLS_MODE_NONE = 0,
  123. MBEDTLS_MODE_ECB,
  124. MBEDTLS_MODE_CBC,
  125. MBEDTLS_MODE_CFB,
  126. MBEDTLS_MODE_OFB, /* Unused! */
  127. MBEDTLS_MODE_CTR,
  128. MBEDTLS_MODE_GCM,
  129. MBEDTLS_MODE_STREAM,
  130. MBEDTLS_MODE_CCM,
  131. } mbedtls_cipher_mode_t;
  132. typedef enum {
  133. MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default) */
  134. MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding */
  135. MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding */
  136. MBEDTLS_PADDING_ZEROS, /**< zero padding (not reversible!) */
  137. MBEDTLS_PADDING_NONE, /**< never pad (full blocks only) */
  138. } mbedtls_cipher_padding_t;
  139. typedef enum {
  140. MBEDTLS_OPERATION_NONE = -1,
  141. MBEDTLS_DECRYPT = 0,
  142. MBEDTLS_ENCRYPT,
  143. } mbedtls_operation_t;
  144. enum {
  145. /** Undefined key length */
  146. MBEDTLS_KEY_LENGTH_NONE = 0,
  147. /** Key length, in bits (including parity), for DES keys */
  148. MBEDTLS_KEY_LENGTH_DES = 64,
  149. /** Key length, in bits (including parity), for DES in two key EDE */
  150. MBEDTLS_KEY_LENGTH_DES_EDE = 128,
  151. /** Key length, in bits (including parity), for DES in three-key EDE */
  152. MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
  153. };
  154. /** Maximum length of any IV, in bytes */
  155. #define MBEDTLS_MAX_IV_LENGTH 16
  156. /** Maximum block size of any cipher, in bytes */
  157. #define MBEDTLS_MAX_BLOCK_LENGTH 16
  158. /**
  159. * Base cipher information (opaque struct).
  160. */
  161. typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t;
  162. /**
  163. * CMAC context (opaque struct).
  164. */
  165. typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
  166. /**
  167. * Cipher information. Allows cipher functions to be called in a generic way.
  168. */
  169. typedef struct {
  170. /** Full cipher identifier (e.g. MBEDTLS_CIPHER_AES_256_CBC) */
  171. mbedtls_cipher_type_t type;
  172. /** Cipher mode (e.g. MBEDTLS_MODE_CBC) */
  173. mbedtls_cipher_mode_t mode;
  174. /** Cipher key length, in bits (default length for variable sized ciphers)
  175. * (Includes parity bits for ciphers like DES) */
  176. unsigned int key_bitlen;
  177. /** Name of the cipher */
  178. const char * name;
  179. /** IV/NONCE size, in bytes.
  180. * For cipher that accept many sizes: recommended size */
  181. unsigned int iv_size;
  182. /** Flags for variable IV size, variable key size, etc. */
  183. int flags;
  184. /** block size, in bytes */
  185. unsigned int block_size;
  186. /** Base cipher information and functions */
  187. const mbedtls_cipher_base_t *base;
  188. } mbedtls_cipher_info_t;
  189. /**
  190. * Generic cipher context.
  191. */
  192. typedef struct {
  193. /** Information about the associated cipher */
  194. const mbedtls_cipher_info_t *cipher_info;
  195. /** Key length to use */
  196. int key_bitlen;
  197. /** Operation that the context's key has been initialised for */
  198. mbedtls_operation_t operation;
  199. #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
  200. /** Padding functions to use, if relevant for cipher mode */
  201. void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
  202. int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
  203. #endif
  204. /** Buffer for data that hasn't been encrypted yet */
  205. unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
  206. /** Number of bytes that still need processing */
  207. size_t unprocessed_len;
  208. /** Current IV or NONCE_COUNTER for CTR-mode */
  209. unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
  210. /** IV size in bytes (for ciphers with variable-length IVs) */
  211. size_t iv_size;
  212. /** Cipher-specific context */
  213. void *cipher_ctx;
  214. #if defined(MBEDTLS_CMAC_C)
  215. /** CMAC Specific context */
  216. mbedtls_cmac_context_t *cmac_ctx;
  217. #endif
  218. } mbedtls_cipher_context_t;
  219. /**
  220. * \brief Returns the list of ciphers supported by the generic cipher module.
  221. *
  222. * \return a statically allocated array of ciphers, the last entry
  223. * is 0.
  224. */
  225. const int *mbedtls_cipher_list( void );
  226. /**
  227. * \brief Returns the cipher information structure associated
  228. * with the given cipher name.
  229. *
  230. * \param cipher_name Name of the cipher to search for.
  231. *
  232. * \return the cipher information structure associated with the
  233. * given cipher_name, or NULL if not found.
  234. */
  235. const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
  236. /**
  237. * \brief Returns the cipher information structure associated
  238. * with the given cipher type.
  239. *
  240. * \param cipher_type Type of the cipher to search for.
  241. *
  242. * \return the cipher information structure associated with the
  243. * given cipher_type, or NULL if not found.
  244. */
  245. const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
  246. /**
  247. * \brief Returns the cipher information structure associated
  248. * with the given cipher id, key size and mode.
  249. *
  250. * \param cipher_id Id of the cipher to search for
  251. * (e.g. MBEDTLS_CIPHER_ID_AES)
  252. * \param key_bitlen Length of the key in bits
  253. * \param mode Cipher mode (e.g. MBEDTLS_MODE_CBC)
  254. *
  255. * \return the cipher information structure associated with the
  256. * given cipher_type, or NULL if not found.
  257. */
  258. const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
  259. int key_bitlen,
  260. const mbedtls_cipher_mode_t mode );
  261. /**
  262. * \brief Initialize a cipher_context (as NONE)
  263. */
  264. void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
  265. /**
  266. * \brief Free and clear the cipher-specific context of ctx.
  267. * Freeing ctx itself remains the responsibility of the
  268. * caller.
  269. */
  270. void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
  271. /**
  272. * \brief Initialises and fills the cipher context structure with
  273. * the appropriate values.
  274. *
  275. * \note Currently also clears structure. In future versions you
  276. * will be required to call mbedtls_cipher_init() on the structure
  277. * first.
  278. *
  279. * \param ctx context to initialise. May not be NULL.
  280. * \param cipher_info cipher to use.
  281. *
  282. * \return 0 on success,
  283. * MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure,
  284. * MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
  285. * cipher-specific context failed.
  286. */
  287. int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info );
  288. /**
  289. * \brief Returns the block size of the given cipher.
  290. *
  291. * \param ctx cipher's context. Must have been initialised.
  292. *
  293. * \return size of the cipher's blocks, or 0 if ctx has not been
  294. * initialised.
  295. */
  296. static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx )
  297. {
  298. if( NULL == ctx || NULL == ctx->cipher_info )
  299. return 0;
  300. return ctx->cipher_info->block_size;
  301. }
  302. /**
  303. * \brief Returns the mode of operation for the cipher.
  304. * (e.g. MBEDTLS_MODE_CBC)
  305. *
  306. * \param ctx cipher's context. Must have been initialised.
  307. *
  308. * \return mode of operation, or MBEDTLS_MODE_NONE if ctx
  309. * has not been initialised.
  310. */
  311. static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx )
  312. {
  313. if( NULL == ctx || NULL == ctx->cipher_info )
  314. return MBEDTLS_MODE_NONE;
  315. return ctx->cipher_info->mode;
  316. }
  317. /**
  318. * \brief Returns the size of the cipher's IV/NONCE in bytes.
  319. *
  320. * \param ctx cipher's context. Must have been initialised.
  321. *
  322. * \return If IV has not been set yet: (recommended) IV size
  323. * (0 for ciphers not using IV/NONCE).
  324. * If IV has already been set: actual size.
  325. */
  326. static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx )
  327. {
  328. if( NULL == ctx || NULL == ctx->cipher_info )
  329. return 0;
  330. if( ctx->iv_size != 0 )
  331. return (int) ctx->iv_size;
  332. return (int) ctx->cipher_info->iv_size;
  333. }
  334. /**
  335. * \brief Returns the type of the given cipher.
  336. *
  337. * \param ctx cipher's context. Must have been initialised.
  338. *
  339. * \return type of the cipher, or MBEDTLS_CIPHER_NONE if ctx has
  340. * not been initialised.
  341. */
  342. static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx )
  343. {
  344. if( NULL == ctx || NULL == ctx->cipher_info )
  345. return MBEDTLS_CIPHER_NONE;
  346. return ctx->cipher_info->type;
  347. }
  348. /**
  349. * \brief Returns the name of the given cipher, as a string.
  350. *
  351. * \param ctx cipher's context. Must have been initialised.
  352. *
  353. * \return name of the cipher, or NULL if ctx was not initialised.
  354. */
  355. static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx )
  356. {
  357. if( NULL == ctx || NULL == ctx->cipher_info )
  358. return 0;
  359. return ctx->cipher_info->name;
  360. }
  361. /**
  362. * \brief Returns the key length of the cipher.
  363. *
  364. * \param ctx cipher's context. Must have been initialised.
  365. *
  366. * \return cipher's key length, in bits, or
  367. * MBEDTLS_KEY_LENGTH_NONE if ctx has not been
  368. * initialised.
  369. */
  370. static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx )
  371. {
  372. if( NULL == ctx || NULL == ctx->cipher_info )
  373. return MBEDTLS_KEY_LENGTH_NONE;
  374. return (int) ctx->cipher_info->key_bitlen;
  375. }
  376. /**
  377. * \brief Returns the operation of the given cipher.
  378. *
  379. * \param ctx cipher's context. Must have been initialised.
  380. *
  381. * \return operation (MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT),
  382. * or MBEDTLS_OPERATION_NONE if ctx has not been
  383. * initialised.
  384. */
  385. static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx )
  386. {
  387. if( NULL == ctx || NULL == ctx->cipher_info )
  388. return MBEDTLS_OPERATION_NONE;
  389. return ctx->operation;
  390. }
  391. /**
  392. * \brief Set the key to use with the given context.
  393. *
  394. * \param ctx generic cipher context. May not be NULL. Must have been
  395. * initialised using cipher_context_from_type or
  396. * cipher_context_from_string.
  397. * \param key The key to use.
  398. * \param key_bitlen key length to use, in bits.
  399. * \param operation Operation that the key will be used for, either
  400. * MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT.
  401. *
  402. * \returns 0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
  403. * parameter verification fails or a cipher specific
  404. * error code.
  405. */
  406. int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
  407. int key_bitlen, const mbedtls_operation_t operation );
  408. #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
  409. /**
  410. * \brief Set padding mode, for cipher modes that use padding.
  411. * (Default: PKCS7 padding.)
  412. *
  413. * \param ctx generic cipher context
  414. * \param mode padding mode
  415. *
  416. * \returns 0 on success, MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
  417. * if selected padding mode is not supported, or
  418. * MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
  419. * does not support padding.
  420. */
  421. int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode );
  422. #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
  423. /**
  424. * \brief Set the initialization vector (IV) or nonce
  425. *
  426. * \param ctx generic cipher context
  427. * \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
  428. * \param iv_len IV length for ciphers with variable-size IV;
  429. * discarded by ciphers with fixed-size IV.
  430. *
  431. * \returns 0 on success, or MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
  432. *
  433. * \note Some ciphers don't use IVs nor NONCE. For these
  434. * ciphers, this function has no effect.
  435. */
  436. int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
  437. const unsigned char *iv, size_t iv_len );
  438. /**
  439. * \brief Finish preparation of the given context
  440. *
  441. * \param ctx generic cipher context
  442. *
  443. * \returns 0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
  444. * if parameter verification fails.
  445. */
  446. int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
  447. #if defined(MBEDTLS_GCM_C)
  448. /**
  449. * \brief Add additional data (for AEAD ciphers).
  450. * Currently only supported with GCM.
  451. * Must be called exactly once, after mbedtls_cipher_reset().
  452. *
  453. * \param ctx generic cipher context
  454. * \param ad Additional data to use.
  455. * \param ad_len Length of ad.
  456. *
  457. * \return 0 on success, or a specific error code.
  458. */
  459. int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
  460. const unsigned char *ad, size_t ad_len );
  461. #endif /* MBEDTLS_GCM_C */
  462. /**
  463. * \brief Generic cipher update function. Encrypts/decrypts
  464. * using the given cipher context. Writes as many block
  465. * size'd blocks of data as possible to output. Any data
  466. * that cannot be written immediately will either be added
  467. * to the next block, or flushed when cipher_final is
  468. * called.
  469. * Exception: for MBEDTLS_MODE_ECB, expects single block
  470. * in size (e.g. 16 bytes for AES)
  471. *
  472. * \param ctx generic cipher context
  473. * \param input buffer holding the input data
  474. * \param ilen length of the input data
  475. * \param output buffer for the output data. Should be able to hold at
  476. * least ilen + block_size. Cannot be the same buffer as
  477. * input!
  478. * \param olen length of the output data, will be filled with the
  479. * actual number of bytes written.
  480. *
  481. * \returns 0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
  482. * parameter verification fails,
  483. * MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
  484. * unsupported mode for a cipher or a cipher specific
  485. * error code.
  486. *
  487. * \note If the underlying cipher is GCM, all calls to this
  488. * function, except the last one before mbedtls_cipher_finish(),
  489. * must have ilen a multiple of the block size.
  490. */
  491. int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
  492. size_t ilen, unsigned char *output, size_t *olen );
  493. /**
  494. * \brief Generic cipher finalisation function. If data still
  495. * needs to be flushed from an incomplete block, data
  496. * contained within it will be padded with the size of
  497. * the last block, and written to the output buffer.
  498. *
  499. * \param ctx Generic cipher context
  500. * \param output buffer to write data to. Needs block_size available.
  501. * \param olen length of the data written to the output buffer.
  502. *
  503. * \returns 0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
  504. * parameter verification fails,
  505. * MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
  506. * expected a full block but was not provided one,
  507. * MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
  508. * while decrypting or a cipher specific error code.
  509. */
  510. int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
  511. unsigned char *output, size_t *olen );
  512. #if defined(MBEDTLS_GCM_C)
  513. /**
  514. * \brief Write tag for AEAD ciphers.
  515. * Currently only supported with GCM.
  516. * Must be called after mbedtls_cipher_finish().
  517. *
  518. * \param ctx Generic cipher context
  519. * \param tag buffer to write the tag
  520. * \param tag_len Length of the tag to write
  521. *
  522. * \return 0 on success, or a specific error code.
  523. */
  524. int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
  525. unsigned char *tag, size_t tag_len );
  526. /**
  527. * \brief Check tag for AEAD ciphers.
  528. * Currently only supported with GCM.
  529. * Must be called after mbedtls_cipher_finish().
  530. *
  531. * \param ctx Generic cipher context
  532. * \param tag Buffer holding the tag
  533. * \param tag_len Length of the tag to check
  534. *
  535. * \return 0 on success, or a specific error code.
  536. */
  537. int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
  538. const unsigned char *tag, size_t tag_len );
  539. #endif /* MBEDTLS_GCM_C */
  540. /**
  541. * \brief Generic all-in-one encryption/decryption
  542. * (for all ciphers except AEAD constructs).
  543. *
  544. * \param ctx generic cipher context
  545. * \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
  546. * \param iv_len IV length for ciphers with variable-size IV;
  547. * discarded by ciphers with fixed-size IV.
  548. * \param input buffer holding the input data
  549. * \param ilen length of the input data
  550. * \param output buffer for the output data. Should be able to hold at
  551. * least ilen + block_size. Cannot be the same buffer as
  552. * input!
  553. * \param olen length of the output data, will be filled with the
  554. * actual number of bytes written.
  555. *
  556. * \note Some ciphers don't use IVs nor NONCE. For these
  557. * ciphers, use iv = NULL and iv_len = 0.
  558. *
  559. * \returns 0 on success, or
  560. * MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
  561. * MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
  562. * expected a full block but was not provided one, or
  563. * MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
  564. * while decrypting, or
  565. * a cipher specific error code.
  566. */
  567. int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
  568. const unsigned char *iv, size_t iv_len,
  569. const unsigned char *input, size_t ilen,
  570. unsigned char *output, size_t *olen );
  571. #if defined(MBEDTLS_CIPHER_MODE_AEAD)
  572. /**
  573. * \brief Generic autenticated encryption (AEAD ciphers).
  574. *
  575. * \param ctx generic cipher context
  576. * \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
  577. * \param iv_len IV length for ciphers with variable-size IV;
  578. * discarded by ciphers with fixed-size IV.
  579. * \param ad Additional data to authenticate.
  580. * \param ad_len Length of ad.
  581. * \param input buffer holding the input data
  582. * \param ilen length of the input data
  583. * \param output buffer for the output data.
  584. * Should be able to hold at least ilen.
  585. * \param olen length of the output data, will be filled with the
  586. * actual number of bytes written.
  587. * \param tag buffer for the authentication tag
  588. * \param tag_len desired tag length
  589. *
  590. * \returns 0 on success, or
  591. * MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
  592. * a cipher specific error code.
  593. */
  594. int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
  595. const unsigned char *iv, size_t iv_len,
  596. const unsigned char *ad, size_t ad_len,
  597. const unsigned char *input, size_t ilen,
  598. unsigned char *output, size_t *olen,
  599. unsigned char *tag, size_t tag_len );
  600. /**
  601. * \brief Generic autenticated decryption (AEAD ciphers).
  602. *
  603. * \param ctx generic cipher context
  604. * \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
  605. * \param iv_len IV length for ciphers with variable-size IV;
  606. * discarded by ciphers with fixed-size IV.
  607. * \param ad Additional data to be authenticated.
  608. * \param ad_len Length of ad.
  609. * \param input buffer holding the input data
  610. * \param ilen length of the input data
  611. * \param output buffer for the output data.
  612. * Should be able to hold at least ilen.
  613. * \param olen length of the output data, will be filled with the
  614. * actual number of bytes written.
  615. * \param tag buffer holding the authentication tag
  616. * \param tag_len length of the authentication tag
  617. *
  618. * \returns 0 on success, or
  619. * MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
  620. * MBEDTLS_ERR_CIPHER_AUTH_FAILED if data isn't authentic,
  621. * or a cipher specific error code.
  622. *
  623. * \note If the data is not authentic, then the output buffer
  624. * is zeroed out to prevent the unauthentic plaintext to
  625. * be used by mistake, making this interface safer.
  626. */
  627. int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
  628. const unsigned char *iv, size_t iv_len,
  629. const unsigned char *ad, size_t ad_len,
  630. const unsigned char *input, size_t ilen,
  631. unsigned char *output, size_t *olen,
  632. const unsigned char *tag, size_t tag_len );
  633. #endif /* MBEDTLS_CIPHER_MODE_AEAD */
  634. #ifdef __cplusplus
  635. }
  636. #endif
  637. #endif /* MBEDTLS_CIPHER_H */