cipher.h File Reference
This file contains an abstraction interface for use with the cipher primitives provided by the library. It provides a common interface to all of the available cipher operations. More...
Include dependency graph for cipher.h:
This graph shows which files directly or indirectly include this file:
Go to the source code of this file.
Classes | |
| struct | mbedtls_cipher_info_t |
| struct | mbedtls_cipher_context_t |
Typedefs | |
| typedef struct mbedtls_cipher_base_t | mbedtls_cipher_base_t |
| typedef struct mbedtls_cmac_context_t | mbedtls_cmac_context_t |
| typedef struct mbedtls_cipher_info_t | mbedtls_cipher_info_t |
| typedef struct mbedtls_cipher_context_t | mbedtls_cipher_context_t |
Functions | |
| const int * | mbedtls_cipher_list (void) |
| This function retrieves the list of ciphers supported by the generic cipher module. | |
| const mbedtls_cipher_info_t * | mbedtls_cipher_info_from_string (const char *cipher_name) |
| This function retrieves the cipher-information structure associated with the given cipher name. | |
| const mbedtls_cipher_info_t * | mbedtls_cipher_info_from_type (const mbedtls_cipher_type_t cipher_type) |
| This function retrieves the cipher-information structure associated with the given cipher type. | |
| const mbedtls_cipher_info_t * | mbedtls_cipher_info_from_values (const mbedtls_cipher_id_t cipher_id, int key_bitlen, const mbedtls_cipher_mode_t mode) |
| This function retrieves the cipher-information structure associated with the given cipher ID, key size and mode. | |
| void | mbedtls_cipher_init (mbedtls_cipher_context_t *ctx) |
This function initializes a cipher_context as NONE. | |
| void | mbedtls_cipher_free (mbedtls_cipher_context_t *ctx) |
This function frees and clears the cipher-specific context of ctx. Freeing ctx itself remains the responsibility of the caller. | |
| int | mbedtls_cipher_setup (mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info) |
| This function initializes and fills the cipher-context structure with the appropriate values. It also clears the structure. | |
| static unsigned int | mbedtls_cipher_get_block_size (const mbedtls_cipher_context_t *ctx) |
| This function returns the block size of the given cipher. | |
| static mbedtls_cipher_mode_t | mbedtls_cipher_get_cipher_mode (const mbedtls_cipher_context_t *ctx) |
| This function returns the mode of operation for the cipher. For example, MBEDTLS_MODE_CBC. | |
| static int | mbedtls_cipher_get_iv_size (const mbedtls_cipher_context_t *ctx) |
| This function returns the size of the IV or nonce of the cipher, in Bytes. | |
| static mbedtls_cipher_type_t | mbedtls_cipher_get_type (const mbedtls_cipher_context_t *ctx) |
| This function returns the type of the given cipher. | |
| static const char * | mbedtls_cipher_get_name (const mbedtls_cipher_context_t *ctx) |
| This function returns the name of the given cipher as a string. | |
| static int | mbedtls_cipher_get_key_bitlen (const mbedtls_cipher_context_t *ctx) |
| This function returns the key length of the cipher. | |
| static mbedtls_operation_t | mbedtls_cipher_get_operation (const mbedtls_cipher_context_t *ctx) |
| This function returns the operation of the given cipher. | |
| int | mbedtls_cipher_setkey (mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation) |
| This function sets the key to use with the given context. | |
| int | mbedtls_cipher_set_padding_mode (mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode) |
| This function sets the padding mode, for cipher modes that use padding. | |
| int | mbedtls_cipher_set_iv (mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len) |
| This function sets the initialization vector (IV) or nonce. | |
| int | mbedtls_cipher_reset (mbedtls_cipher_context_t *ctx) |
| This function resets the cipher state. | |
| int | mbedtls_cipher_update_ad (mbedtls_cipher_context_t *ctx, const unsigned char *ad, size_t ad_len) |
| This function adds additional data for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called exactly once, after mbedtls_cipher_reset(). | |
| int | mbedtls_cipher_update (mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen) |
| The generic cipher update function. It encrypts or decrypts using the given cipher context. Writes as many block-sized blocks of data as possible to output. Any data that cannot be written immediately is either added to the next block, or flushed when mbedtls_cipher_finish() is called. Exception: For MBEDTLS_MODE_ECB, expects a single block in size. For example, 16 Bytes for AES. | |
| int | mbedtls_cipher_finish (mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen) |
The generic cipher finalization function. If data still needs to be flushed from an incomplete block, the data contained in it is padded to the size of the last block, and written to the output buffer. | |
| int | mbedtls_cipher_write_tag (mbedtls_cipher_context_t *ctx, unsigned char *tag, size_t tag_len) |
| This function writes a tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish(). | |
| int | mbedtls_cipher_check_tag (mbedtls_cipher_context_t *ctx, const unsigned char *tag, size_t tag_len) |
| This function checks the tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish(). | |
| int | mbedtls_cipher_crypt (mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen) |
| The generic all-in-one encryption/decryption function, for all ciphers except AEAD constructs. | |
| int | mbedtls_cipher_auth_encrypt (mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, unsigned char *tag, size_t tag_len) |
| The generic autenticated encryption (AEAD) function. | |
| int | mbedtls_cipher_auth_decrypt (mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, const unsigned char *tag, size_t tag_len) |
| The generic autenticated decryption (AEAD) function. | |
Detailed Description
This file contains an abstraction interface for use with the cipher primitives provided by the library. It provides a common interface to all of the available cipher operations.
Definition in file cipher.h.
Macro Definition Documentation
◆ MBEDTLS_CIPHER_MODE_AEAD
◆ MBEDTLS_CIPHER_MODE_STREAM
◆ MBEDTLS_CIPHER_MODE_WITH_PADDING
◆ MBEDTLS_CIPHER_VARIABLE_IV_LEN
| #define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 |
◆ MBEDTLS_CIPHER_VARIABLE_KEY_LEN
| #define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 |
◆ MBEDTLS_ERR_CIPHER_ALLOC_FAILED
| #define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 |
◆ MBEDTLS_ERR_CIPHER_AUTH_FAILED
| #define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 |
◆ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
| #define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 |
◆ MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
| #define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 |
◆ MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
| #define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 |
◆ MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED
| #define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400 |
◆ MBEDTLS_ERR_CIPHER_INVALID_CONTEXT
| #define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 |
◆ MBEDTLS_ERR_CIPHER_INVALID_PADDING
| #define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 |
◆ MBEDTLS_MAX_BLOCK_LENGTH
| #define MBEDTLS_MAX_BLOCK_LENGTH 16 |
◆ MBEDTLS_MAX_IV_LENGTH
| #define MBEDTLS_MAX_IV_LENGTH 16 |
Typedef Documentation
◆ mbedtls_cipher_base_t
◆ mbedtls_cipher_context_t
Generic cipher context.
◆ mbedtls_cipher_info_t
Cipher information. Allows calling cipher functions in a generic way.
◆ mbedtls_cmac_context_t
Enumeration Type Documentation
◆ anonymous enum
| anonymous enum |
| Enumerator | |
|---|---|
| MBEDTLS_KEY_LENGTH_NONE | Undefined key length. |
| MBEDTLS_KEY_LENGTH_DES | Key length, in bits (including parity), for DES keys. |
| MBEDTLS_KEY_LENGTH_DES_EDE | Key length in bits, including parity, for DES in two-key EDE. |
| MBEDTLS_KEY_LENGTH_DES_EDE3 | Key length in bits, including parity, for DES in three-key EDE. |
Definition at line 237 of file cipher.h.
237 {
239 MBEDTLS_KEY_LENGTH_NONE = 0,
241 MBEDTLS_KEY_LENGTH_DES = 64,
243 MBEDTLS_KEY_LENGTH_DES_EDE = 128,
245 MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
246};
◆ mbedtls_cipher_id_t
Supported cipher types.
- Warning
- RC4 and DES are considered weak ciphers and their use constitutes a security risk. Arm recommends considering stronger ciphers instead.
◆ mbedtls_cipher_mode_t
Supported cipher modes.
Definition at line 207 of file cipher.h.
207 {
208 MBEDTLS_MODE_NONE = 0,
209 MBEDTLS_MODE_ECB,
210 MBEDTLS_MODE_CBC,
211 MBEDTLS_MODE_CFB,
212 MBEDTLS_MODE_OFB,
213 MBEDTLS_MODE_CTR,
214 MBEDTLS_MODE_GCM,
215 MBEDTLS_MODE_STREAM,
216 MBEDTLS_MODE_CCM,
217 MBEDTLS_MODE_XTS,
219} mbedtls_cipher_mode_t;
◆ mbedtls_cipher_padding_t
Supported cipher padding types.
◆ mbedtls_cipher_type_t
Supported {cipher type, cipher mode} pairs.
- Warning
- RC4 and DES are considered weak ciphers and their use constitutes a security risk. Arm recommends considering stronger ciphers instead.
Definition at line 129 of file cipher.h.
129 {
130 MBEDTLS_CIPHER_NONE = 0,
131 MBEDTLS_CIPHER_NULL,
204} mbedtls_cipher_type_t;
◆ mbedtls_operation_t
Type of operation.
| Enumerator | |
|---|---|
| MBEDTLS_OPERATION_NONE | |
| MBEDTLS_DECRYPT | |
| MBEDTLS_ENCRYPT | |
Definition at line 231 of file cipher.h.
231 {
232 MBEDTLS_OPERATION_NONE = -1,
233 MBEDTLS_DECRYPT = 0,
234 MBEDTLS_ENCRYPT,
235} mbedtls_operation_t;
Function Documentation
◆ mbedtls_cipher_auth_decrypt()
| int mbedtls_cipher_auth_decrypt | ( | mbedtls_cipher_context_t * | ctx, |
| const unsigned char * | iv, | ||
| size_t | iv_len, | ||
| const unsigned char * | ad, | ||
| size_t | ad_len, | ||
| const unsigned char * | input, | ||
| size_t | ilen, | ||
| unsigned char * | output, | ||
| size_t * | olen, | ||
| const unsigned char * | tag, | ||
| size_t | tag_len | ||
| ) |
The generic autenticated decryption (AEAD) function.
- Note
- If the data is not authentic, then the output buffer is zeroed out to prevent the unauthentic plaintext being used, making this interface safer.
- Parameters
-
ctx The generic cipher context. This must be initialized and and bound to a key. iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This must be a readable buffer of at least iv_lenBytes.iv_len The IV length for ciphers with variable-size IV. This parameter is discarded by ciphers with fixed-size IV. ad The additional data to be authenticated. This must be a readable buffer of at least ad_lenBytes.ad_len The length of ad.input The buffer holding the input data. This must be a readable buffer of at least ilenBytes.ilen The length of the input data. output The buffer for the output data. This must be able to hold at least ilenBytes.olen The length of the output data, to be updated with the actual number of Bytes written. This must not be NULL.tag The buffer holding the authentication tag. This must be a readable buffer of at least tag_lenBytes.tag_len The length of the authentication tag.
- Returns
0on success.- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter-verification failure.
- MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
- A cipher-specific error code on failure.
◆ mbedtls_cipher_auth_encrypt()
| int mbedtls_cipher_auth_encrypt | ( | mbedtls_cipher_context_t * | ctx, |
| const unsigned char * | iv, | ||
| size_t | iv_len, | ||
| const unsigned char * | ad, | ||
| size_t | ad_len, | ||
| const unsigned char * | input, | ||
| size_t | ilen, | ||
| unsigned char * | output, | ||
| size_t * | olen, | ||
| unsigned char * | tag, | ||
| size_t | tag_len | ||
| ) |
The generic autenticated encryption (AEAD) function.
- Parameters
-
ctx The generic cipher context. This must be initialized and bound to a key. iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This must be a readable buffer of at least iv_lenBytes.iv_len The IV length for ciphers with variable-size IV. This parameter is discarded by ciphers with fixed-size IV. ad The additional data to authenticate. This must be a readable buffer of at least ad_lenBytes.ad_len The length of ad.input The buffer holding the input data. This must be a readable buffer of at least ilenBytes.ilen The length of the input data. output The buffer for the output data. This must be able to hold at least ilenBytes.olen The length of the output data, to be updated with the actual number of Bytes written. This must not be NULL.tag The buffer for the authentication tag. This must be a writable buffer of at least tag_lenBytes.tag_len The desired length of the authentication tag.
- Returns
0on success.- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter-verification failure.
- A cipher-specific error code on failure.
◆ mbedtls_cipher_check_tag()
| int mbedtls_cipher_check_tag | ( | mbedtls_cipher_context_t * | ctx, |
| const unsigned char * | tag, | ||
| size_t | tag_len | ||
| ) |
This function checks the tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish().
- Parameters
-
ctx The generic cipher context. This must be initialized. tag The buffer holding the tag. This must be a readable buffer of at least tag_lenBytes.tag_len The length of the tag to check.
- Returns
0on success.- A specific error code on failure.
◆ mbedtls_cipher_crypt()
| int mbedtls_cipher_crypt | ( | mbedtls_cipher_context_t * | ctx, |
| const unsigned char * | iv, | ||
| size_t | iv_len, | ||
| const unsigned char * | input, | ||
| size_t | ilen, | ||
| unsigned char * | output, | ||
| size_t * | olen | ||
| ) |
The generic all-in-one encryption/decryption function, for all ciphers except AEAD constructs.
- Parameters
-
ctx The generic cipher context. This must be initialized. iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This must be a readable buffer of at least iv_lenBytes.iv_len The IV length for ciphers with variable-size IV. This parameter is discarded by ciphers with fixed-size IV. input The buffer holding the input data. This must be a readable buffer of at least ilenBytes.ilen The length of the input data in Bytes. output The buffer for the output data. This must be able to hold at least ilen + block_size. This must not be the same buffer asinput.olen The length of the output data, to be updated with the actual number of Bytes written. This must not be NULL.
- Note
- Some ciphers do not use IVs nor nonce. For these ciphers, use
iv= NULL andiv_len= 0.
- Returns
0on success.- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter-verification failure.
- MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption expecting a full block but not receiving one.
- MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding while decrypting.
- A cipher-specific error code on failure.
◆ mbedtls_cipher_finish()
| int mbedtls_cipher_finish | ( | mbedtls_cipher_context_t * | ctx, |
| unsigned char * | output, | ||
| size_t * | olen | ||
| ) |
The generic cipher finalization function. If data still needs to be flushed from an incomplete block, the data contained in it is padded to the size of the last block, and written to the output buffer.
- Parameters
-
ctx The generic cipher context. This must be initialized and bound to a key. output The buffer to write data to. This needs to be a writable buffer of at least block_sizeBytes.olen The length of the data written to the outputbuffer. This may not beNULL.
- Returns
0on success.- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter-verification failure.
- MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption expecting a full block but not receiving one.
- MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding while decrypting.
- A cipher-specific error code on failure.
◆ mbedtls_cipher_free()
| void mbedtls_cipher_free | ( | mbedtls_cipher_context_t * | ctx | ) |
This function frees and clears the cipher-specific context of ctx. Freeing ctx itself remains the responsibility of the caller.
- Parameters
-
ctx The context to be freed. If this is NULL, the function has no effect, otherwise this must point to an initialized context.
◆ mbedtls_cipher_get_block_size()
|
inlinestatic |
This function returns the block size of the given cipher.
- Parameters
-
ctx The context of the cipher. This must be initialized.
- Returns
- The block size of the underlying cipher.
-
0ifctxhas not been initialized.
Definition at line 452 of file cipher.h.
454{
457 return 0;
458
460}
#define MBEDTLS_INTERNAL_VALIDATE_RET(cond, ret)
Definition: platform_util.h:136
Definition: dbghelp_private.h:571
◆ mbedtls_cipher_get_cipher_mode()
|
inlinestatic |
This function returns the mode of operation for the cipher. For example, MBEDTLS_MODE_CBC.
- Parameters
-
ctx The context of the cipher. This must be initialized.
- Returns
- The mode of operation.
-
MBEDTLS_MODE_NONE if
ctxhas not been initialized.
Definition at line 471 of file cipher.h.
473{
477
479}
◆ mbedtls_cipher_get_iv_size()
|
inlinestatic |
◆ mbedtls_cipher_get_key_bitlen()
|
inlinestatic |
This function returns the key length of the cipher.
- Parameters
-
ctx The context of the cipher. This must be initialized.
- Returns
- The key length of the cipher in bits.
-
MBEDTLS_KEY_LENGTH_NONE if ctx
hasnot been initialized.
Definition at line 551 of file cipher.h.
553{
558
560}
◆ mbedtls_cipher_get_name()
|
inlinestatic |
◆ mbedtls_cipher_get_operation()
|
inlinestatic |
This function returns the operation of the given cipher.
- Parameters
-
ctx The context of the cipher. This must be initialized.
- Returns
- The type of operation: MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT.
-
MBEDTLS_OPERATION_NONE if
ctxhas not been initialized.
Definition at line 570 of file cipher.h.
572{
577
579}
◆ mbedtls_cipher_get_type()
|
inlinestatic |
This function returns the type of the given cipher.
- Parameters
-
ctx The context of the cipher. This must be initialized.
- Returns
- The type of the cipher.
-
MBEDTLS_CIPHER_NONE if
ctxhas not been initialized.
Definition at line 512 of file cipher.h.
514{
519
521}
◆ mbedtls_cipher_info_from_string()
| const mbedtls_cipher_info_t * mbedtls_cipher_info_from_string | ( | const char * | cipher_name | ) |
This function retrieves the cipher-information structure associated with the given cipher name.
- Parameters
-
cipher_name Name of the cipher to search for. This must not be NULL.
- Returns
- The cipher information structure associated with the given
cipher_name. -
NULLif the associated cipher information is not found.
◆ mbedtls_cipher_info_from_type()
| const mbedtls_cipher_info_t * mbedtls_cipher_info_from_type | ( | const mbedtls_cipher_type_t | cipher_type | ) |
This function retrieves the cipher-information structure associated with the given cipher type.
- Parameters
-
cipher_type Type of the cipher to search for.
- Returns
- The cipher information structure associated with the given
cipher_type. -
NULLif the associated cipher information is not found.
◆ mbedtls_cipher_info_from_values()
| const mbedtls_cipher_info_t * mbedtls_cipher_info_from_values | ( | const mbedtls_cipher_id_t | cipher_id, |
| int | key_bitlen, | ||
| const mbedtls_cipher_mode_t | mode | ||
| ) |
This function retrieves the cipher-information structure associated with the given cipher ID, key size and mode.
- Parameters
-
cipher_id The ID of the cipher to search for. For example, MBEDTLS_CIPHER_ID_AES. key_bitlen The length of the key in bits. mode The cipher mode. For example, MBEDTLS_MODE_CBC.
- Returns
- The cipher information structure associated with the given
cipher_id. -
NULLif the associated cipher information is not found.
◆ mbedtls_cipher_init()
| void mbedtls_cipher_init | ( | mbedtls_cipher_context_t * | ctx | ) |
◆ mbedtls_cipher_list()
◆ mbedtls_cipher_reset()
| int mbedtls_cipher_reset | ( | mbedtls_cipher_context_t * | ctx | ) |
This function resets the cipher state.
- Parameters
-
ctx The generic cipher context. This must be initialized.
- Returns
0on success.- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter-verification failure.
◆ mbedtls_cipher_set_iv()
| int mbedtls_cipher_set_iv | ( | mbedtls_cipher_context_t * | ctx, |
| const unsigned char * | iv, | ||
| size_t | iv_len | ||
| ) |
This function sets the initialization vector (IV) or nonce.
- Note
- Some ciphers do not use IVs nor nonce. For these ciphers, this function has no effect.
- Parameters
-
ctx The generic cipher context. This must be initialized and bound to a cipher information structure. iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This must be a readable buffer of at least iv_lenBytes.iv_len The IV length for ciphers with variable-size IV. This parameter is discarded by ciphers with fixed-size IV.
- Returns
0on success.- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter-verification failure.
◆ mbedtls_cipher_set_padding_mode()
| int mbedtls_cipher_set_padding_mode | ( | mbedtls_cipher_context_t * | ctx, |
| mbedtls_cipher_padding_t | mode | ||
| ) |
This function sets the padding mode, for cipher modes that use padding.
The default passing mode is PKCS7 padding.
- Parameters
-
ctx The generic cipher context. This must be initialized and bound to a cipher information structure. mode The padding mode.
- Returns
0on success.- MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE if the selected padding mode is not supported.
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode does not support padding.
◆ mbedtls_cipher_setkey()
| int mbedtls_cipher_setkey | ( | mbedtls_cipher_context_t * | ctx, |
| const unsigned char * | key, | ||
| int | key_bitlen, | ||
| const mbedtls_operation_t | operation | ||
| ) |
This function sets the key to use with the given context.
- Parameters
-
ctx The generic cipher context. This must be initialized and bound to a cipher information structure. key The key to use. This must be a readable buffer of at least key_bitlenBits.key_bitlen The key length to use, in Bits. operation The operation that the key will be used for: MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT.
- Returns
0on success.- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter-verification failure.
- A cipher-specific error code on failure.
◆ mbedtls_cipher_setup()
| int mbedtls_cipher_setup | ( | mbedtls_cipher_context_t * | ctx, |
| const mbedtls_cipher_info_t * | cipher_info | ||
| ) |
This function initializes and fills the cipher-context structure with the appropriate values. It also clears the structure.
- Parameters
-
ctx The context to initialize. This must be initialized. cipher_info The cipher to use.
- Returns
0on success.- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter-verification failure.
- MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the cipher-specific context fails.
◆ mbedtls_cipher_update()
| int mbedtls_cipher_update | ( | mbedtls_cipher_context_t * | ctx, |
| const unsigned char * | input, | ||
| size_t | ilen, | ||
| unsigned char * | output, | ||
| size_t * | olen | ||
| ) |
The generic cipher update function. It encrypts or decrypts using the given cipher context. Writes as many block-sized blocks of data as possible to output. Any data that cannot be written immediately is either added to the next block, or flushed when mbedtls_cipher_finish() is called. Exception: For MBEDTLS_MODE_ECB, expects a single block in size. For example, 16 Bytes for AES.
- Note
- If the underlying cipher is used in GCM mode, all calls to this function, except for the last one before mbedtls_cipher_finish(), must have
ilenas a multiple of the block size of the cipher.
- Parameters
-
ctx The generic cipher context. This must be initialized and bound to a key. input The buffer holding the input data. This must be a readable buffer of at least ilenBytes.ilen The length of the input data. output The buffer for the output data. This must be able to hold at least ilen + block_size. This must not be the same buffer asinput.olen The length of the output data, to be updated with the actual number of Bytes written. This must not be NULL.
- Returns
0on success.- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter-verification failure.
- MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an unsupported mode for a cipher.
- A cipher-specific error code on failure.
◆ mbedtls_cipher_update_ad()
| int mbedtls_cipher_update_ad | ( | mbedtls_cipher_context_t * | ctx, |
| const unsigned char * | ad, | ||
| size_t | ad_len | ||
| ) |
This function adds additional data for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called exactly once, after mbedtls_cipher_reset().
- Parameters
-
ctx The generic cipher context. This must be initialized. ad The additional data to use. This must be a readable buffer of at least ad_lenBytes.ad_len the Length of adBytes.
- Returns
0on success.- A specific error code on failure.
◆ mbedtls_cipher_write_tag()
| int mbedtls_cipher_write_tag | ( | mbedtls_cipher_context_t * | ctx, |
| unsigned char * | tag, | ||
| size_t | tag_len | ||
| ) |
This function writes a tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish().
- Parameters
-
ctx The generic cipher context. This must be initialized, bound to a key, and have just completed a cipher operation through mbedtls_cipher_finish() the tag for which should be written. tag The buffer to write the tag to. This must be a writable buffer of at least tag_lenBytes.tag_len The length of the tag to write.
- Returns
0on success.- A specific error code on failure.
