mbed TLS v2.2.0
cipher.h
Go to the documentation of this file.
1 
26 #ifndef MBEDTLS_CIPHER_H
27 #define MBEDTLS_CIPHER_H
28 
29 #if !defined(MBEDTLS_CONFIG_FILE)
30 #include "config.h"
31 #else
32 #include MBEDTLS_CONFIG_FILE
33 #endif
34 
35 #include <stddef.h>
36 
37 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
38 #define MBEDTLS_CIPHER_MODE_AEAD
39 #endif
40 
41 #if defined(MBEDTLS_CIPHER_MODE_CBC)
42 #define MBEDTLS_CIPHER_MODE_WITH_PADDING
43 #endif
44 
45 #if defined(MBEDTLS_ARC4_C)
46 #define MBEDTLS_CIPHER_MODE_STREAM
47 #endif
48 
49 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
50  !defined(inline) && !defined(__cplusplus)
51 #define inline __inline
52 #endif
53 
54 #define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080
55 #define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100
56 #define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180
57 #define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200
58 #define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280
59 #define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300
61 #define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01
62 #define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02
64 #ifdef __cplusplus
65 extern "C" {
66 #endif
67 
68 typedef enum {
69  MBEDTLS_CIPHER_ID_NONE = 0,
70  MBEDTLS_CIPHER_ID_NULL,
71  MBEDTLS_CIPHER_ID_AES,
72  MBEDTLS_CIPHER_ID_DES,
73  MBEDTLS_CIPHER_ID_3DES,
74  MBEDTLS_CIPHER_ID_CAMELLIA,
75  MBEDTLS_CIPHER_ID_BLOWFISH,
76  MBEDTLS_CIPHER_ID_ARC4,
77 } mbedtls_cipher_id_t;
78 
79 typedef enum {
80  MBEDTLS_CIPHER_NONE = 0,
81  MBEDTLS_CIPHER_NULL,
82  MBEDTLS_CIPHER_AES_128_ECB,
83  MBEDTLS_CIPHER_AES_192_ECB,
84  MBEDTLS_CIPHER_AES_256_ECB,
85  MBEDTLS_CIPHER_AES_128_CBC,
86  MBEDTLS_CIPHER_AES_192_CBC,
87  MBEDTLS_CIPHER_AES_256_CBC,
88  MBEDTLS_CIPHER_AES_128_CFB128,
89  MBEDTLS_CIPHER_AES_192_CFB128,
90  MBEDTLS_CIPHER_AES_256_CFB128,
91  MBEDTLS_CIPHER_AES_128_CTR,
92  MBEDTLS_CIPHER_AES_192_CTR,
93  MBEDTLS_CIPHER_AES_256_CTR,
94  MBEDTLS_CIPHER_AES_128_GCM,
95  MBEDTLS_CIPHER_AES_192_GCM,
96  MBEDTLS_CIPHER_AES_256_GCM,
97  MBEDTLS_CIPHER_CAMELLIA_128_ECB,
98  MBEDTLS_CIPHER_CAMELLIA_192_ECB,
99  MBEDTLS_CIPHER_CAMELLIA_256_ECB,
100  MBEDTLS_CIPHER_CAMELLIA_128_CBC,
101  MBEDTLS_CIPHER_CAMELLIA_192_CBC,
102  MBEDTLS_CIPHER_CAMELLIA_256_CBC,
103  MBEDTLS_CIPHER_CAMELLIA_128_CFB128,
104  MBEDTLS_CIPHER_CAMELLIA_192_CFB128,
105  MBEDTLS_CIPHER_CAMELLIA_256_CFB128,
106  MBEDTLS_CIPHER_CAMELLIA_128_CTR,
107  MBEDTLS_CIPHER_CAMELLIA_192_CTR,
108  MBEDTLS_CIPHER_CAMELLIA_256_CTR,
109  MBEDTLS_CIPHER_CAMELLIA_128_GCM,
110  MBEDTLS_CIPHER_CAMELLIA_192_GCM,
111  MBEDTLS_CIPHER_CAMELLIA_256_GCM,
112  MBEDTLS_CIPHER_DES_ECB,
113  MBEDTLS_CIPHER_DES_CBC,
114  MBEDTLS_CIPHER_DES_EDE_ECB,
115  MBEDTLS_CIPHER_DES_EDE_CBC,
116  MBEDTLS_CIPHER_DES_EDE3_ECB,
117  MBEDTLS_CIPHER_DES_EDE3_CBC,
118  MBEDTLS_CIPHER_BLOWFISH_ECB,
119  MBEDTLS_CIPHER_BLOWFISH_CBC,
120  MBEDTLS_CIPHER_BLOWFISH_CFB64,
121  MBEDTLS_CIPHER_BLOWFISH_CTR,
122  MBEDTLS_CIPHER_ARC4_128,
123  MBEDTLS_CIPHER_AES_128_CCM,
124  MBEDTLS_CIPHER_AES_192_CCM,
125  MBEDTLS_CIPHER_AES_256_CCM,
126  MBEDTLS_CIPHER_CAMELLIA_128_CCM,
127  MBEDTLS_CIPHER_CAMELLIA_192_CCM,
128  MBEDTLS_CIPHER_CAMELLIA_256_CCM,
129 } mbedtls_cipher_type_t;
130 
131 typedef enum {
132  MBEDTLS_MODE_NONE = 0,
133  MBEDTLS_MODE_ECB,
134  MBEDTLS_MODE_CBC,
135  MBEDTLS_MODE_CFB,
136  MBEDTLS_MODE_OFB, /* Unused! */
137  MBEDTLS_MODE_CTR,
138  MBEDTLS_MODE_GCM,
139  MBEDTLS_MODE_STREAM,
140  MBEDTLS_MODE_CCM,
141 } mbedtls_cipher_mode_t;
142 
143 typedef enum {
144  MBEDTLS_PADDING_PKCS7 = 0,
145  MBEDTLS_PADDING_ONE_AND_ZEROS,
146  MBEDTLS_PADDING_ZEROS_AND_LEN,
147  MBEDTLS_PADDING_ZEROS,
148  MBEDTLS_PADDING_NONE,
149 } mbedtls_cipher_padding_t;
150 
151 typedef enum {
152  MBEDTLS_OPERATION_NONE = -1,
153  MBEDTLS_DECRYPT = 0,
154  MBEDTLS_ENCRYPT,
155 } mbedtls_operation_t;
156 
157 enum {
159  MBEDTLS_KEY_LENGTH_NONE = 0,
161  MBEDTLS_KEY_LENGTH_DES = 64,
163  MBEDTLS_KEY_LENGTH_DES_EDE = 128,
165  MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
166 };
167 
169 #define MBEDTLS_MAX_IV_LENGTH 16
170 
171 #define MBEDTLS_MAX_BLOCK_LENGTH 16
172 
176 typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t;
177 
181 typedef struct {
183  mbedtls_cipher_type_t type;
184 
186  mbedtls_cipher_mode_t mode;
187 
190  unsigned int key_bitlen;
191 
193  const char * name;
194 
197  unsigned int iv_size;
198 
200  int flags;
201 
203  unsigned int block_size;
204 
206  const mbedtls_cipher_base_t *base;
207 
208 } mbedtls_cipher_info_t;
209 
213 typedef struct {
215  const mbedtls_cipher_info_t *cipher_info;
216 
218  int key_bitlen;
219 
221  mbedtls_operation_t operation;
222 
223 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
224 
225  void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
226  int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
227 #endif
228 
230  unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
231 
233  size_t unprocessed_len;
234 
236  unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
237 
239  size_t iv_size;
240 
242  void *cipher_ctx;
243 } mbedtls_cipher_context_t;
244 
251 const int *mbedtls_cipher_list( void );
252 
262 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
263 
273 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
274 
287 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
288  int key_bitlen,
289  const mbedtls_cipher_mode_t mode );
290 
294 void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
295 
301 void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
302 
319 int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info );
320 
329 static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx )
330 {
331  if( NULL == ctx || NULL == ctx->cipher_info )
332  return 0;
333 
334  return ctx->cipher_info->block_size;
335 }
336 
346 static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx )
347 {
348  if( NULL == ctx || NULL == ctx->cipher_info )
349  return MBEDTLS_MODE_NONE;
350 
351  return ctx->cipher_info->mode;
352 }
353 
363 static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx )
364 {
365  if( NULL == ctx || NULL == ctx->cipher_info )
366  return 0;
367 
368  if( ctx->iv_size != 0 )
369  return (int) ctx->iv_size;
370 
371  return (int) ctx->cipher_info->iv_size;
372 }
373 
382 static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx )
383 {
384  if( NULL == ctx || NULL == ctx->cipher_info )
385  return MBEDTLS_CIPHER_NONE;
386 
387  return ctx->cipher_info->type;
388 }
389 
397 static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx )
398 {
399  if( NULL == ctx || NULL == ctx->cipher_info )
400  return 0;
401 
402  return ctx->cipher_info->name;
403 }
404 
414 static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx )
415 {
416  if( NULL == ctx || NULL == ctx->cipher_info )
417  return MBEDTLS_KEY_LENGTH_NONE;
418 
419  return (int) ctx->cipher_info->key_bitlen;
420 }
421 
431 static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx )
432 {
433  if( NULL == ctx || NULL == ctx->cipher_info )
434  return MBEDTLS_OPERATION_NONE;
435 
436  return ctx->operation;
437 }
438 
454 int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
455  int key_bitlen, const mbedtls_operation_t operation );
456 
457 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
458 
470 int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode );
471 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
472 
486 int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
487  const unsigned char *iv, size_t iv_len );
488 
497 int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
498 
499 #if defined(MBEDTLS_GCM_C)
500 
511 int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
512  const unsigned char *ad, size_t ad_len );
513 #endif /* MBEDTLS_GCM_C */
514 
544 int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
545  size_t ilen, unsigned char *output, size_t *olen );
546 
564 int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
565  unsigned char *output, size_t *olen );
566 
567 #if defined(MBEDTLS_GCM_C)
568 
579 int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
580  unsigned char *tag, size_t tag_len );
581 
593 int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
594  const unsigned char *tag, size_t tag_len );
595 #endif /* MBEDTLS_GCM_C */
596 
624 int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
625  const unsigned char *iv, size_t iv_len,
626  const unsigned char *input, size_t ilen,
627  unsigned char *output, size_t *olen );
628 
629 #if defined(MBEDTLS_CIPHER_MODE_AEAD)
630 
652 int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
653  const unsigned char *iv, size_t iv_len,
654  const unsigned char *ad, size_t ad_len,
655  const unsigned char *input, size_t ilen,
656  unsigned char *output, size_t *olen,
657  unsigned char *tag, size_t tag_len );
658 
686 int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
687  const unsigned char *iv, size_t iv_len,
688  const unsigned char *ad, size_t ad_len,
689  const unsigned char *input, size_t ilen,
690  unsigned char *output, size_t *olen,
691  const unsigned char *tag, size_t tag_len );
692 #endif /* MBEDTLS_CIPHER_MODE_AEAD */
693 
694 #ifdef __cplusplus
695 }
696 #endif
697 
698 #endif /* MBEDTLS_CIPHER_H */
mbedtls_operation_t
mbedtls_operation_t
Definition: cipher.h:151
mbedtls_cipher_info_t::iv_size
unsigned int iv_size
IV/NONCE size, in bytes.
Definition: cipher.h:197
MBEDTLS_KEY_LENGTH_DES_EDE
Key length, in bits (including parity), for DES in two key EDE.
Definition: cipher.h:163
mbedtls_cipher_padding_t
mbedtls_cipher_padding_t
Definition: cipher.h:143
MBEDTLS_PADDING_NONE
never pad (full blocks only)
Definition: cipher.h:148
mbedtls_cipher_get_cipher_mode
static mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(const mbedtls_cipher_context_t *ctx)
Returns the mode of operation for the cipher.
Definition: cipher.h:346
mbedtls_cipher_info_t::flags
int flags
Flags for variable IV size, variable key size, etc.
Definition: cipher.h:200
mbedtls_cipher_get_block_size
static unsigned int mbedtls_cipher_get_block_size(const mbedtls_cipher_context_t *ctx)
Returns the block size of the given cipher.
Definition: cipher.h:329
mbedtls_cipher_mode_t
mbedtls_cipher_mode_t
Definition: cipher.h:131
mbedtls_cipher_info_from_string
const mbedtls_cipher_info_t * mbedtls_cipher_info_from_string(const char *cipher_name)
Returns the cipher information structure associated with the given cipher name.
mbedtls_cipher_finish
int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen)
Generic cipher finalisation function.
mbedtls_cipher_context_t
Generic cipher context.
Definition: cipher.h:213
mbedtls_cipher_reset
int mbedtls_cipher_reset(mbedtls_cipher_context_t *ctx)
Finish preparation of the given context.
mbedtls_cipher_get_name
static const char * mbedtls_cipher_get_name(const mbedtls_cipher_context_t *ctx)
Returns the name of the given cipher, as a string.
Definition: cipher.h:397
config.h
Compatibility names (set of defines)
mbedtls_cipher_set_iv
int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len)
Set the initialization vector (IV) or nonce.
mbedtls_cipher_info_t
Cipher information.
Definition: cipher.h:181
mbedtls_cipher_info_t::mode
mbedtls_cipher_mode_t mode
Cipher mode (e.g.
Definition: cipher.h:186
mbedtls_cipher_update
int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
Generic cipher update function.
mbedtls_cipher_info_t::block_size
unsigned int block_size
block size, in bytes
Definition: cipher.h:203
mbedtls_cipher_base_t
Base cipher information.
Definition: cipher_internal.h:43
mbedtls_cipher_free
void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx)
Free and clear the cipher-specific context of ctx.
mbedtls_cipher_get_operation
static mbedtls_operation_t mbedtls_cipher_get_operation(const mbedtls_cipher_context_t *ctx)
Returns the operation of the given cipher.
Definition: cipher.h:431
mbedtls_cipher_list
const int * mbedtls_cipher_list(void)
Returns the list of ciphers supported by the generic cipher module.
MBEDTLS_PADDING_ZEROS_AND_LEN
ANSI X.923 padding.
Definition: cipher.h:146
mbedtls_cipher_get_key_bitlen
static int mbedtls_cipher_get_key_bitlen(const mbedtls_cipher_context_t *ctx)
Returns the key length of the cipher.
Definition: cipher.h:414
mbedtls_cipher_type_t
mbedtls_cipher_type_t
Definition: cipher.h:79
mbedtls_cipher_context_t::cipher_info
const mbedtls_cipher_info_t * cipher_info
Information about the associated cipher.
Definition: cipher.h:215
MBEDTLS_PADDING_ZEROS
zero padding (not reversible!)
Definition: cipher.h:147
mbedtls_cipher_info_from_values
const mbedtls_cipher_info_t * mbedtls_cipher_info_from_values(const mbedtls_cipher_id_t cipher_id, int key_bitlen, const mbedtls_cipher_mode_t mode)
Returns the cipher information structure associated with the given cipher id, key size and mode...
MBEDTLS_KEY_LENGTH_DES_EDE3
Key length, in bits (including parity), for DES in three-key EDE.
Definition: cipher.h:165
mbedtls_cipher_get_type
static mbedtls_cipher_type_t mbedtls_cipher_get_type(const mbedtls_cipher_context_t *ctx)
Returns the type of the given cipher.
Definition: cipher.h:382
MBEDTLS_KEY_LENGTH_NONE
Undefined key length.
Definition: cipher.h:159
mbedtls_cipher_context_t::cipher_ctx
void * cipher_ctx
Cipher-specific context.
Definition: cipher.h:242
MBEDTLS_PADDING_ONE_AND_ZEROS
ISO/IEC 7816-4 padding.
Definition: cipher.h:145
mbedtls_cipher_context_t::operation
mbedtls_operation_t operation
Operation that the context's key has been initialised for.
Definition: cipher.h:221
mbedtls_cipher_id_t
mbedtls_cipher_id_t
Definition: cipher.h:68
mbedtls_cipher_setkey
int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation)
Set the key to use with the given context.
MBEDTLS_MAX_IV_LENGTH
#define MBEDTLS_MAX_IV_LENGTH
Maximum length of any IV, in bytes.
Definition: cipher.h:169
mbedtls_cipher_context_t::unprocessed_len
size_t unprocessed_len
Number of bytes that still need processing.
Definition: cipher.h:233
mbedtls_cipher_info_t::name
const char * name
Name of the cipher.
Definition: cipher.h:193
MBEDTLS_PADDING_PKCS7
PKCS7 padding (default)
Definition: cipher.h:144
mbedtls_cipher_crypt
int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
Generic all-in-one encryption/decryption (for all ciphers except AEAD constructs).
mbedtls_cipher_context_t::key_bitlen
int key_bitlen
Key length to use.
Definition: cipher.h:218
mbedtls_cipher_init
void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx)
Initialize a cipher_context (as NONE)
mbedtls_cipher_setup
int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info)
Initialises and fills the cipher context structure with the appropriate values.
mbedtls_cipher_get_iv_size
static int mbedtls_cipher_get_iv_size(const mbedtls_cipher_context_t *ctx)
Returns the size of the cipher's IV/NONCE in bytes.
Definition: cipher.h:363
MBEDTLS_KEY_LENGTH_DES
Key length, in bits (including parity), for DES keys.
Definition: cipher.h:161
mbedtls_cipher_context_t::iv_size
size_t iv_size
IV size in bytes (for ciphers with variable-length IVs)
Definition: cipher.h:239
MBEDTLS_MAX_BLOCK_LENGTH
#define MBEDTLS_MAX_BLOCK_LENGTH
Maximum block size of any cipher, in bytes.
Definition: cipher.h:171
mbedtls_cipher_info_t::key_bitlen
unsigned int key_bitlen
Cipher key length, in bits (default length for variable sized ciphers) (Includes parity bits for ciph...
Definition: cipher.h:190
mbedtls_cipher_info_t::type
mbedtls_cipher_type_t type
Full cipher identifier (e.g.
Definition: cipher.h:183
mbedtls_cipher_info_from_type
const mbedtls_cipher_info_t * mbedtls_cipher_info_from_type(const mbedtls_cipher_type_t cipher_type)
Returns the cipher information structure associated with the given cipher type.
mbedtls_cipher_info_t::base
const mbedtls_cipher_base_t * base
Base cipher information and functions.
Definition: cipher.h:206
Generated on Thu Mar 9 2017 20:48:04 for mbed TLS v2.2.0 by   doxygen 1.8.10