mbed TLS v2.7.6
|
The generic cipher wrapper. More...
Go to the source code of this file.
Data Structures | |
struct | mbedtls_cipher_info_t |
struct | mbedtls_cipher_context_t |
Macros | |
#define | MBEDTLS_CIPHER_MODE_AEAD |
#define | MBEDTLS_CIPHER_MODE_WITH_PADDING |
#define | MBEDTLS_CIPHER_MODE_STREAM |
#define | MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 |
#define | MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 |
#define | MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 |
#define | MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 |
#define | MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 |
#define | MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 |
#define | MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 |
#define | MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400 |
#define | MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 |
#define | MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 |
#define | MBEDTLS_MAX_IV_LENGTH 16 |
#define | MBEDTLS_MAX_BLOCK_LENGTH 16 |
Typedefs | |
typedef struct mbedtls_cipher_base_t | mbedtls_cipher_base_t |
typedef struct mbedtls_cmac_context_t | mbedtls_cmac_context_t |
Functions | |
const int * | mbedtls_cipher_list (void) |
This function retrieves the list of ciphers supported by the generic cipher module. More... | |
const mbedtls_cipher_info_t * | mbedtls_cipher_info_from_string (const char *cipher_name) |
This function retrieves the cipher-information structure associated with the given cipher name. More... | |
const mbedtls_cipher_info_t * | mbedtls_cipher_info_from_type (const mbedtls_cipher_type_t cipher_type) |
This function retrieves the cipher-information structure associated with the given cipher type. More... | |
const mbedtls_cipher_info_t * | mbedtls_cipher_info_from_values (const mbedtls_cipher_id_t cipher_id, int key_bitlen, const mbedtls_cipher_mode_t mode) |
This function retrieves the cipher-information structure associated with the given cipher ID, key size and mode. More... | |
void | mbedtls_cipher_init (mbedtls_cipher_context_t *ctx) |
This function initializes a cipher_context as NONE. More... | |
void | mbedtls_cipher_free (mbedtls_cipher_context_t *ctx) |
This function frees and clears the cipher-specific context of ctx . Freeing ctx itself remains the responsibility of the caller. More... | |
int | mbedtls_cipher_setup (mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info) |
This function initializes and fills the cipher-context structure with the appropriate values. It also clears the structure. More... | |
static unsigned int | mbedtls_cipher_get_block_size (const mbedtls_cipher_context_t *ctx) |
This function returns the block size of the given cipher. More... | |
static mbedtls_cipher_mode_t | mbedtls_cipher_get_cipher_mode (const mbedtls_cipher_context_t *ctx) |
This function returns the mode of operation for the cipher. For example, MBEDTLS_MODE_CBC. More... | |
static int | mbedtls_cipher_get_iv_size (const mbedtls_cipher_context_t *ctx) |
This function returns the size of the IV or nonce of the cipher, in Bytes. More... | |
static mbedtls_cipher_type_t | mbedtls_cipher_get_type (const mbedtls_cipher_context_t *ctx) |
This function returns the type of the given cipher. More... | |
static const char * | mbedtls_cipher_get_name (const mbedtls_cipher_context_t *ctx) |
This function returns the name of the given cipher as a string. More... | |
static int | mbedtls_cipher_get_key_bitlen (const mbedtls_cipher_context_t *ctx) |
This function returns the key length of the cipher. More... | |
static mbedtls_operation_t | mbedtls_cipher_get_operation (const mbedtls_cipher_context_t *ctx) |
This function returns the operation of the given cipher. More... | |
int | mbedtls_cipher_setkey (mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation) |
This function sets the key to use with the given context. More... | |
int | mbedtls_cipher_set_padding_mode (mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode) |
This function sets the padding mode, for cipher modes that use padding. More... | |
int | mbedtls_cipher_set_iv (mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len) |
This function sets the initialization vector (IV) or nonce. More... | |
int | mbedtls_cipher_reset (mbedtls_cipher_context_t *ctx) |
This function resets the cipher state. More... | |
int | mbedtls_cipher_update_ad (mbedtls_cipher_context_t *ctx, const unsigned char *ad, size_t ad_len) |
This function adds additional data for AEAD ciphers. Only supported with GCM. Must be called exactly once, after mbedtls_cipher_reset(). More... | |
int | mbedtls_cipher_update (mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen) |
The generic cipher update function. It encrypts or decrypts using the given cipher context. Writes as many block-sized blocks of data as possible to output. Any data that cannot be written immediately is either added to the next block, or flushed when mbedtls_cipher_finish() is called. Exception: For MBEDTLS_MODE_ECB, expects a single block in size. For example, 16 Bytes for AES. More... | |
int | mbedtls_cipher_finish (mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen) |
The generic cipher finalization function. If data still needs to be flushed from an incomplete block, the data contained in it is padded to the size of the last block, and written to the output buffer. More... | |
int | mbedtls_cipher_write_tag (mbedtls_cipher_context_t *ctx, unsigned char *tag, size_t tag_len) |
This function writes a tag for AEAD ciphers. Only supported with GCM. Must be called after mbedtls_cipher_finish(). More... | |
int | mbedtls_cipher_check_tag (mbedtls_cipher_context_t *ctx, const unsigned char *tag, size_t tag_len) |
This function checks the tag for AEAD ciphers. Only supported with GCM. Must be called after mbedtls_cipher_finish(). More... | |
int | mbedtls_cipher_crypt (mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen) |
The generic all-in-one encryption/decryption function, for all ciphers except AEAD constructs. More... | |
int | mbedtls_cipher_auth_encrypt (mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, unsigned char *tag, size_t tag_len) |
The generic autenticated encryption (AEAD) function. More... | |
int | mbedtls_cipher_auth_decrypt (mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, const unsigned char *tag, size_t tag_len) |
The generic autenticated decryption (AEAD) function. More... | |
The generic cipher wrapper.
Definition in file cipher.h.
#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 |
#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 |
#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 |
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 |
#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 |
#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 |
#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 |
#define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400 |
#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 |
#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 |
#define MBEDTLS_MAX_BLOCK_LENGTH 16 |
#define MBEDTLS_MAX_IV_LENGTH 16 |
typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t |
typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t |
anonymous enum |
enum mbedtls_cipher_id_t |
An enumeration of supported ciphers.
Enumerator | |
---|---|
MBEDTLS_CIPHER_ID_NONE | |
MBEDTLS_CIPHER_ID_NULL | |
MBEDTLS_CIPHER_ID_AES | |
MBEDTLS_CIPHER_ID_DES | |
MBEDTLS_CIPHER_ID_3DES | |
MBEDTLS_CIPHER_ID_CAMELLIA | |
MBEDTLS_CIPHER_ID_BLOWFISH | |
MBEDTLS_CIPHER_ID_ARC4 |
An enumeration of supported (cipher, mode) pairs.
enum mbedtls_operation_t |
int mbedtls_cipher_auth_decrypt | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | iv, | ||
size_t | iv_len, | ||
const unsigned char * | ad, | ||
size_t | ad_len, | ||
const unsigned char * | input, | ||
size_t | ilen, | ||
unsigned char * | output, | ||
size_t * | olen, | ||
const unsigned char * | tag, | ||
size_t | tag_len | ||
) |
The generic autenticated decryption (AEAD) function.
ctx | The generic cipher context. |
iv | The IV to use, or NONCE_COUNTER for CTR-mode ciphers. |
iv_len | The IV length for ciphers with variable-size IV. This parameter is discarded by ciphers with fixed-size IV. |
ad | The additional data to be authenticated. |
ad_len | The length of ad . |
input | The buffer holding the input data. |
ilen | The length of the input data. |
output | The buffer for the output data. Must be able to hold at least ilen . |
olen | The length of the output data, to be updated with the actual number of Bytes written. |
tag | The buffer holding the authentication tag. |
tag_len | The length of the authentication tag. |
0
on success, or MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic, or a cipher-specific error code on failure for any other reason.Referenced by mbedtls_cipher_get_operation().
int mbedtls_cipher_auth_encrypt | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | iv, | ||
size_t | iv_len, | ||
const unsigned char * | ad, | ||
size_t | ad_len, | ||
const unsigned char * | input, | ||
size_t | ilen, | ||
unsigned char * | output, | ||
size_t * | olen, | ||
unsigned char * | tag, | ||
size_t | tag_len | ||
) |
The generic autenticated encryption (AEAD) function.
ctx | The generic cipher context. |
iv | The IV to use, or NONCE_COUNTER for CTR-mode ciphers. |
iv_len | The IV length for ciphers with variable-size IV. This parameter is discarded by ciphers with fixed-size IV. |
ad | The additional data to authenticate. |
ad_len | The length of ad . |
input | The buffer holding the input data. |
ilen | The length of the input data. |
output | The buffer for the output data. Must be able to hold at least ilen . |
olen | The length of the output data, to be updated with the actual number of Bytes written. |
tag | The buffer for the authentication tag. |
tag_len | The desired length of the authentication tag. |
0
on success, or MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or a cipher-specific error code. Referenced by mbedtls_cipher_get_operation().
int mbedtls_cipher_check_tag | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | tag, | ||
size_t | tag_len | ||
) |
This function checks the tag for AEAD ciphers. Only supported with GCM. Must be called after mbedtls_cipher_finish().
ctx | The generic cipher context. |
tag | The buffer holding the tag. |
tag_len | The length of the tag to check. |
0
on success, or a specific error code on failure. Referenced by mbedtls_cipher_get_operation().
int mbedtls_cipher_crypt | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | iv, | ||
size_t | iv_len, | ||
const unsigned char * | input, | ||
size_t | ilen, | ||
unsigned char * | output, | ||
size_t * | olen | ||
) |
The generic all-in-one encryption/decryption function, for all ciphers except AEAD constructs.
ctx | The generic cipher context. |
iv | The IV to use, or NONCE_COUNTER for CTR-mode ciphers. |
iv_len | The IV length for ciphers with variable-size IV. This parameter is discarded by ciphers with fixed-size IV. |
input | The buffer holding the input data. |
ilen | The length of the input data. |
output | The buffer for the output data. Must be able to hold at least ilen + block_size. Must not be the same buffer as input. |
olen | The length of the output data, to be updated with the actual number of Bytes written. |
iv
= NULL and iv_len
= 0.0
on success, or MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption expected a full block but was not provided one, or MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding while decrypting, or a cipher-specific error code on failure for any other reason. Referenced by mbedtls_cipher_get_operation().
int mbedtls_cipher_finish | ( | mbedtls_cipher_context_t * | ctx, |
unsigned char * | output, | ||
size_t * | olen | ||
) |
The generic cipher finalization function. If data still needs to be flushed from an incomplete block, the data contained in it is padded to the size of the last block, and written to the output
buffer.
ctx | The generic cipher context. |
output | The buffer to write data to. Needs block_size available. |
olen | The length of the data written to the output buffer. |
0
on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if parameter verification fails, MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption expected a full block but was not provided one, MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding while decrypting, or a cipher-specific error code on failure for any other reason. Referenced by mbedtls_cipher_get_operation().
void mbedtls_cipher_free | ( | mbedtls_cipher_context_t * | ctx | ) |
This function frees and clears the cipher-specific context of ctx
. Freeing ctx
itself remains the responsibility of the caller.
|
inlinestatic |
This function returns the block size of the given cipher.
ctx | The context of the cipher. Must be initialized. |
ctx
has not been initialized. Definition at line 374 of file cipher.h.
References mbedtls_cipher_info_t::block_size, and mbedtls_cipher_context_t::cipher_info.
|
inlinestatic |
This function returns the mode of operation for the cipher. For example, MBEDTLS_MODE_CBC.
ctx | The context of the cipher. Must be initialized. |
ctx
has not been initialized. Definition at line 391 of file cipher.h.
References mbedtls_cipher_context_t::cipher_info, MBEDTLS_MODE_NONE, and mbedtls_cipher_info_t::mode.
|
inlinestatic |
This function returns the size of the IV or nonce of the cipher, in Bytes.
ctx | The context of the cipher. Must be initialized. |
Definition at line 409 of file cipher.h.
References mbedtls_cipher_context_t::cipher_info, mbedtls_cipher_info_t::iv_size, and mbedtls_cipher_context_t::iv_size.
|
inlinestatic |
This function returns the key length of the cipher.
ctx | The context of the cipher. Must be initialized. |
has
not been initialized. Definition at line 462 of file cipher.h.
References mbedtls_cipher_context_t::cipher_info, mbedtls_cipher_info_t::key_bitlen, and MBEDTLS_KEY_LENGTH_NONE.
|
inlinestatic |
This function returns the name of the given cipher as a string.
ctx | The context of the cipher. Must be initialized. |
ctx
has not been not initialized. Definition at line 445 of file cipher.h.
References mbedtls_cipher_context_t::cipher_info, and mbedtls_cipher_info_t::name.
|
inlinestatic |
This function returns the operation of the given cipher.
ctx | The context of the cipher. Must be initialized. |
ctx
has not been initialized. Definition at line 479 of file cipher.h.
References mbedtls_cipher_context_t::cipher_info, mbedtls_cipher_auth_decrypt(), mbedtls_cipher_auth_encrypt(), mbedtls_cipher_check_tag(), mbedtls_cipher_crypt(), mbedtls_cipher_finish(), mbedtls_cipher_reset(), mbedtls_cipher_set_iv(), mbedtls_cipher_set_padding_mode(), mbedtls_cipher_setkey(), mbedtls_cipher_update(), mbedtls_cipher_update_ad(), mbedtls_cipher_write_tag(), MBEDTLS_OPERATION_NONE, and mbedtls_cipher_context_t::operation.
|
inlinestatic |
This function returns the type of the given cipher.
ctx | The context of the cipher. Must be initialized. |
ctx
has not been initialized. Definition at line 428 of file cipher.h.
References mbedtls_cipher_context_t::cipher_info, MBEDTLS_CIPHER_NONE, and mbedtls_cipher_info_t::type.
const mbedtls_cipher_info_t* mbedtls_cipher_info_from_string | ( | const char * | cipher_name | ) |
This function retrieves the cipher-information structure associated with the given cipher name.
cipher_name | Name of the cipher to search for. |
cipher_name
, or NULL if not found. const mbedtls_cipher_info_t* mbedtls_cipher_info_from_type | ( | const mbedtls_cipher_type_t | cipher_type | ) |
This function retrieves the cipher-information structure associated with the given cipher type.
cipher_type | Type of the cipher to search for. |
cipher_type
, or NULL if not found. const mbedtls_cipher_info_t* mbedtls_cipher_info_from_values | ( | const mbedtls_cipher_id_t | cipher_id, |
int | key_bitlen, | ||
const mbedtls_cipher_mode_t | mode | ||
) |
This function retrieves the cipher-information structure associated with the given cipher ID, key size and mode.
cipher_id | The ID of the cipher to search for. For example, MBEDTLS_CIPHER_ID_AES. |
key_bitlen | The length of the key in bits. |
mode | The cipher mode. For example, MBEDTLS_MODE_CBC. |
cipher_id
, or NULL if not found. void mbedtls_cipher_init | ( | mbedtls_cipher_context_t * | ctx | ) |
This function initializes a cipher_context
as NONE.
const int* mbedtls_cipher_list | ( | void | ) |
This function retrieves the list of ciphers supported by the generic cipher module.
int mbedtls_cipher_reset | ( | mbedtls_cipher_context_t * | ctx | ) |
This function resets the cipher state.
ctx | The generic cipher context. |
0
on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if parameter verification fails. Referenced by mbedtls_cipher_get_operation().
int mbedtls_cipher_set_iv | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | iv, | ||
size_t | iv_len | ||
) |
This function sets the initialization vector (IV) or nonce.
ctx | The generic cipher context. |
iv | The IV to use, or NONCE_COUNTER for CTR-mode ciphers. |
iv_len | The IV length for ciphers with variable-size IV. This parameter is discarded by ciphers with fixed-size IV. |
0
on success, or MBEDTLS_ERR_CIPHER_BAD_INPUT_DATAReferenced by mbedtls_cipher_get_operation().
int mbedtls_cipher_set_padding_mode | ( | mbedtls_cipher_context_t * | ctx, |
mbedtls_cipher_padding_t | mode | ||
) |
This function sets the padding mode, for cipher modes that use padding.
The default passing mode is PKCS7 padding.
ctx | The generic cipher context. |
mode | The padding mode. |
0
on success, MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE if the selected padding mode is not supported, or MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode does not support padding. Referenced by mbedtls_cipher_get_operation().
int mbedtls_cipher_setkey | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | key, | ||
int | key_bitlen, | ||
const mbedtls_operation_t | operation | ||
) |
This function sets the key to use with the given context.
ctx | The generic cipher context. May not be NULL. Must have been initialized using mbedtls_cipher_info_from_type() or mbedtls_cipher_info_from_string(). |
key | The key to use. |
key_bitlen | The key length to use, in bits. |
operation | The operation that the key will be used for: MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT. |
0
on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if parameter verification fails, or a cipher-specific error code. Referenced by mbedtls_cipher_get_operation().
int mbedtls_cipher_setup | ( | mbedtls_cipher_context_t * | ctx, |
const mbedtls_cipher_info_t * | cipher_info | ||
) |
This function initializes and fills the cipher-context structure with the appropriate values. It also clears the structure.
ctx | The context to initialize. May not be NULL. |
cipher_info | The cipher to use. |
0
on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure, MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the cipher-specific context failed. int mbedtls_cipher_update | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | input, | ||
size_t | ilen, | ||
unsigned char * | output, | ||
size_t * | olen | ||
) |
The generic cipher update function. It encrypts or decrypts using the given cipher context. Writes as many block-sized blocks of data as possible to output. Any data that cannot be written immediately is either added to the next block, or flushed when mbedtls_cipher_finish() is called. Exception: For MBEDTLS_MODE_ECB, expects a single block in size. For example, 16 Bytes for AES.
ctx | The generic cipher context. |
input | The buffer holding the input data. |
ilen | The length of the input data. |
output | The buffer for the output data. Must be able to hold at least ilen + block_size. Must not be the same buffer as input. |
olen | The length of the output data, to be updated with the actual number of Bytes written. |
0
on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if parameter verification fails, MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an unsupported mode for a cipher, or a cipher-specific error code.ilen
as a multiple of the block_size. Referenced by mbedtls_cipher_get_operation().
int mbedtls_cipher_update_ad | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | ad, | ||
size_t | ad_len | ||
) |
This function adds additional data for AEAD ciphers. Only supported with GCM. Must be called exactly once, after mbedtls_cipher_reset().
ctx | The generic cipher context. |
ad | The additional data to use. |
ad_len | the Length of ad . |
0
on success, or a specific error code on failure. Referenced by mbedtls_cipher_get_operation().
int mbedtls_cipher_write_tag | ( | mbedtls_cipher_context_t * | ctx, |
unsigned char * | tag, | ||
size_t | tag_len | ||
) |
This function writes a tag for AEAD ciphers. Only supported with GCM. Must be called after mbedtls_cipher_finish().
ctx | The generic cipher context. |
tag | The buffer to write the tag to. |
tag_len | The length of the tag to write. |
0
on success, or a specific error code on failure. Referenced by mbedtls_cipher_get_operation().