ReactOS 0.4.16-dev-306-g647d351
|
This file contains an abstraction interface for use with the cipher primitives provided by the library. It provides a common interface to all of the available cipher operations. More...
Go to the source code of this file.
Classes | |
struct | mbedtls_cipher_info_t |
struct | mbedtls_cipher_context_t |
Typedefs | |
typedef struct mbedtls_cipher_base_t | mbedtls_cipher_base_t |
typedef struct mbedtls_cmac_context_t | mbedtls_cmac_context_t |
typedef struct mbedtls_cipher_info_t | mbedtls_cipher_info_t |
typedef struct mbedtls_cipher_context_t | mbedtls_cipher_context_t |
Functions | |
const int * | mbedtls_cipher_list (void) |
This function retrieves the list of ciphers supported by the generic cipher module. | |
const mbedtls_cipher_info_t * | mbedtls_cipher_info_from_string (const char *cipher_name) |
This function retrieves the cipher-information structure associated with the given cipher name. | |
const mbedtls_cipher_info_t * | mbedtls_cipher_info_from_type (const mbedtls_cipher_type_t cipher_type) |
This function retrieves the cipher-information structure associated with the given cipher type. | |
const mbedtls_cipher_info_t * | mbedtls_cipher_info_from_values (const mbedtls_cipher_id_t cipher_id, int key_bitlen, const mbedtls_cipher_mode_t mode) |
This function retrieves the cipher-information structure associated with the given cipher ID, key size and mode. | |
void | mbedtls_cipher_init (mbedtls_cipher_context_t *ctx) |
This function initializes a cipher_context as NONE. | |
void | mbedtls_cipher_free (mbedtls_cipher_context_t *ctx) |
This function frees and clears the cipher-specific context of ctx . Freeing ctx itself remains the responsibility of the caller. | |
int | mbedtls_cipher_setup (mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info) |
This function initializes and fills the cipher-context structure with the appropriate values. It also clears the structure. | |
static unsigned int | mbedtls_cipher_get_block_size (const mbedtls_cipher_context_t *ctx) |
This function returns the block size of the given cipher. | |
static mbedtls_cipher_mode_t | mbedtls_cipher_get_cipher_mode (const mbedtls_cipher_context_t *ctx) |
This function returns the mode of operation for the cipher. For example, MBEDTLS_MODE_CBC. | |
static int | mbedtls_cipher_get_iv_size (const mbedtls_cipher_context_t *ctx) |
This function returns the size of the IV or nonce of the cipher, in Bytes. | |
static mbedtls_cipher_type_t | mbedtls_cipher_get_type (const mbedtls_cipher_context_t *ctx) |
This function returns the type of the given cipher. | |
static const char * | mbedtls_cipher_get_name (const mbedtls_cipher_context_t *ctx) |
This function returns the name of the given cipher as a string. | |
static int | mbedtls_cipher_get_key_bitlen (const mbedtls_cipher_context_t *ctx) |
This function returns the key length of the cipher. | |
static mbedtls_operation_t | mbedtls_cipher_get_operation (const mbedtls_cipher_context_t *ctx) |
This function returns the operation of the given cipher. | |
int | mbedtls_cipher_setkey (mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation) |
This function sets the key to use with the given context. | |
int | mbedtls_cipher_set_padding_mode (mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode) |
This function sets the padding mode, for cipher modes that use padding. | |
int | mbedtls_cipher_set_iv (mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len) |
This function sets the initialization vector (IV) or nonce. | |
int | mbedtls_cipher_reset (mbedtls_cipher_context_t *ctx) |
This function resets the cipher state. | |
int | mbedtls_cipher_update_ad (mbedtls_cipher_context_t *ctx, const unsigned char *ad, size_t ad_len) |
This function adds additional data for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called exactly once, after mbedtls_cipher_reset(). | |
int | mbedtls_cipher_update (mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen) |
The generic cipher update function. It encrypts or decrypts using the given cipher context. Writes as many block-sized blocks of data as possible to output. Any data that cannot be written immediately is either added to the next block, or flushed when mbedtls_cipher_finish() is called. Exception: For MBEDTLS_MODE_ECB, expects a single block in size. For example, 16 Bytes for AES. | |
int | mbedtls_cipher_finish (mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen) |
The generic cipher finalization function. If data still needs to be flushed from an incomplete block, the data contained in it is padded to the size of the last block, and written to the output buffer. | |
int | mbedtls_cipher_write_tag (mbedtls_cipher_context_t *ctx, unsigned char *tag, size_t tag_len) |
This function writes a tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish(). | |
int | mbedtls_cipher_check_tag (mbedtls_cipher_context_t *ctx, const unsigned char *tag, size_t tag_len) |
This function checks the tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish(). | |
int | mbedtls_cipher_crypt (mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen) |
The generic all-in-one encryption/decryption function, for all ciphers except AEAD constructs. | |
int | mbedtls_cipher_auth_encrypt (mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, unsigned char *tag, size_t tag_len) |
The generic autenticated encryption (AEAD) function. | |
int | mbedtls_cipher_auth_decrypt (mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, const unsigned char *tag, size_t tag_len) |
The generic autenticated decryption (AEAD) function. | |
This file contains an abstraction interface for use with the cipher primitives provided by the library. It provides a common interface to all of the available cipher operations.
Definition in file cipher.h.
#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 |
#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 |
#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 |
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 |
#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 |
#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 |
#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 |
#define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400 |
#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 |
#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 |
#define MBEDTLS_MAX_BLOCK_LENGTH 16 |
#define MBEDTLS_MAX_IV_LENGTH 16 |
Generic cipher context.
Cipher information. Allows calling cipher functions in a generic way.
anonymous enum |
Enumerator | |
---|---|
MBEDTLS_KEY_LENGTH_NONE | Undefined key length. |
MBEDTLS_KEY_LENGTH_DES | Key length, in bits (including parity), for DES keys. |
MBEDTLS_KEY_LENGTH_DES_EDE | Key length in bits, including parity, for DES in two-key EDE. |
MBEDTLS_KEY_LENGTH_DES_EDE3 | Key length in bits, including parity, for DES in three-key EDE. |
Definition at line 237 of file cipher.h.
Supported cipher types.
Supported cipher modes.
Definition at line 207 of file cipher.h.
Supported cipher padding types.
Supported {cipher type, cipher mode} pairs.
Definition at line 129 of file cipher.h.
Type of operation.
Enumerator | |
---|---|
MBEDTLS_OPERATION_NONE | |
MBEDTLS_DECRYPT | |
MBEDTLS_ENCRYPT |
Definition at line 231 of file cipher.h.
int mbedtls_cipher_auth_decrypt | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | iv, | ||
size_t | iv_len, | ||
const unsigned char * | ad, | ||
size_t | ad_len, | ||
const unsigned char * | input, | ||
size_t | ilen, | ||
unsigned char * | output, | ||
size_t * | olen, | ||
const unsigned char * | tag, | ||
size_t | tag_len | ||
) |
The generic autenticated decryption (AEAD) function.
ctx | The generic cipher context. This must be initialized and and bound to a key. |
iv | The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This must be a readable buffer of at least iv_len Bytes. |
iv_len | The IV length for ciphers with variable-size IV. This parameter is discarded by ciphers with fixed-size IV. |
ad | The additional data to be authenticated. This must be a readable buffer of at least ad_len Bytes. |
ad_len | The length of ad . |
input | The buffer holding the input data. This must be a readable buffer of at least ilen Bytes. |
ilen | The length of the input data. |
output | The buffer for the output data. This must be able to hold at least ilen Bytes. |
olen | The length of the output data, to be updated with the actual number of Bytes written. This must not be NULL . |
tag | The buffer holding the authentication tag. This must be a readable buffer of at least tag_len Bytes. |
tag_len | The length of the authentication tag. |
0
on success. int mbedtls_cipher_auth_encrypt | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | iv, | ||
size_t | iv_len, | ||
const unsigned char * | ad, | ||
size_t | ad_len, | ||
const unsigned char * | input, | ||
size_t | ilen, | ||
unsigned char * | output, | ||
size_t * | olen, | ||
unsigned char * | tag, | ||
size_t | tag_len | ||
) |
The generic autenticated encryption (AEAD) function.
ctx | The generic cipher context. This must be initialized and bound to a key. |
iv | The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This must be a readable buffer of at least iv_len Bytes. |
iv_len | The IV length for ciphers with variable-size IV. This parameter is discarded by ciphers with fixed-size IV. |
ad | The additional data to authenticate. This must be a readable buffer of at least ad_len Bytes. |
ad_len | The length of ad . |
input | The buffer holding the input data. This must be a readable buffer of at least ilen Bytes. |
ilen | The length of the input data. |
output | The buffer for the output data. This must be able to hold at least ilen Bytes. |
olen | The length of the output data, to be updated with the actual number of Bytes written. This must not be NULL . |
tag | The buffer for the authentication tag. This must be a writable buffer of at least tag_len Bytes. |
tag_len | The desired length of the authentication tag. |
0
on success. int mbedtls_cipher_check_tag | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | tag, | ||
size_t | tag_len | ||
) |
This function checks the tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish().
ctx | The generic cipher context. This must be initialized. |
tag | The buffer holding the tag. This must be a readable buffer of at least tag_len Bytes. |
tag_len | The length of the tag to check. |
0
on success. int mbedtls_cipher_crypt | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | iv, | ||
size_t | iv_len, | ||
const unsigned char * | input, | ||
size_t | ilen, | ||
unsigned char * | output, | ||
size_t * | olen | ||
) |
The generic all-in-one encryption/decryption function, for all ciphers except AEAD constructs.
ctx | The generic cipher context. This must be initialized. |
iv | The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This must be a readable buffer of at least iv_len Bytes. |
iv_len | The IV length for ciphers with variable-size IV. This parameter is discarded by ciphers with fixed-size IV. |
input | The buffer holding the input data. This must be a readable buffer of at least ilen Bytes. |
ilen | The length of the input data in Bytes. |
output | The buffer for the output data. This must be able to hold at least ilen + block_size . This must not be the same buffer as input . |
olen | The length of the output data, to be updated with the actual number of Bytes written. This must not be NULL . |
iv
= NULL and iv_len
= 0.0
on success. int mbedtls_cipher_finish | ( | mbedtls_cipher_context_t * | ctx, |
unsigned char * | output, | ||
size_t * | olen | ||
) |
The generic cipher finalization function. If data still needs to be flushed from an incomplete block, the data contained in it is padded to the size of the last block, and written to the output
buffer.
ctx | The generic cipher context. This must be initialized and bound to a key. |
output | The buffer to write data to. This needs to be a writable buffer of at least block_size Bytes. |
olen | The length of the data written to the output buffer. This may not be NULL . |
0
on success. void mbedtls_cipher_free | ( | mbedtls_cipher_context_t * | ctx | ) |
This function frees and clears the cipher-specific context of ctx
. Freeing ctx
itself remains the responsibility of the caller.
ctx | The context to be freed. If this is NULL , the function has no effect, otherwise this must point to an initialized context. |
|
inlinestatic |
This function returns the block size of the given cipher.
ctx | The context of the cipher. This must be initialized. |
0
if ctx
has not been initialized. Definition at line 452 of file cipher.h.
|
inlinestatic |
This function returns the mode of operation for the cipher. For example, MBEDTLS_MODE_CBC.
ctx | The context of the cipher. This must be initialized. |
ctx
has not been initialized. Definition at line 471 of file cipher.h.
|
inlinestatic |
|
inlinestatic |
This function returns the key length of the cipher.
ctx | The context of the cipher. This must be initialized. |
has
not been initialized. Definition at line 551 of file cipher.h.
|
inlinestatic |
|
inlinestatic |
This function returns the operation of the given cipher.
ctx | The context of the cipher. This must be initialized. |
ctx
has not been initialized. Definition at line 570 of file cipher.h.
|
inlinestatic |
This function returns the type of the given cipher.
ctx | The context of the cipher. This must be initialized. |
ctx
has not been initialized. Definition at line 512 of file cipher.h.
const mbedtls_cipher_info_t * mbedtls_cipher_info_from_string | ( | const char * | cipher_name | ) |
This function retrieves the cipher-information structure associated with the given cipher name.
cipher_name | Name of the cipher to search for. This must not be NULL . |
cipher_name
. NULL
if the associated cipher information is not found. const mbedtls_cipher_info_t * mbedtls_cipher_info_from_type | ( | const mbedtls_cipher_type_t | cipher_type | ) |
This function retrieves the cipher-information structure associated with the given cipher type.
cipher_type | Type of the cipher to search for. |
cipher_type
. NULL
if the associated cipher information is not found. const mbedtls_cipher_info_t * mbedtls_cipher_info_from_values | ( | const mbedtls_cipher_id_t | cipher_id, |
int | key_bitlen, | ||
const mbedtls_cipher_mode_t | mode | ||
) |
This function retrieves the cipher-information structure associated with the given cipher ID, key size and mode.
cipher_id | The ID of the cipher to search for. For example, MBEDTLS_CIPHER_ID_AES. |
key_bitlen | The length of the key in bits. |
mode | The cipher mode. For example, MBEDTLS_MODE_CBC. |
cipher_id
. NULL
if the associated cipher information is not found. void mbedtls_cipher_init | ( | mbedtls_cipher_context_t * | ctx | ) |
int mbedtls_cipher_reset | ( | mbedtls_cipher_context_t * | ctx | ) |
This function resets the cipher state.
ctx | The generic cipher context. This must be initialized. |
0
on success. int mbedtls_cipher_set_iv | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | iv, | ||
size_t | iv_len | ||
) |
This function sets the initialization vector (IV) or nonce.
ctx | The generic cipher context. This must be initialized and bound to a cipher information structure. |
iv | The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This must be a readable buffer of at least iv_len Bytes. |
iv_len | The IV length for ciphers with variable-size IV. This parameter is discarded by ciphers with fixed-size IV. |
0
on success. int mbedtls_cipher_set_padding_mode | ( | mbedtls_cipher_context_t * | ctx, |
mbedtls_cipher_padding_t | mode | ||
) |
This function sets the padding mode, for cipher modes that use padding.
The default passing mode is PKCS7 padding.
ctx | The generic cipher context. This must be initialized and bound to a cipher information structure. |
mode | The padding mode. |
0
on success. int mbedtls_cipher_setkey | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | key, | ||
int | key_bitlen, | ||
const mbedtls_operation_t | operation | ||
) |
This function sets the key to use with the given context.
ctx | The generic cipher context. This must be initialized and bound to a cipher information structure. |
key | The key to use. This must be a readable buffer of at least key_bitlen Bits. |
key_bitlen | The key length to use, in Bits. |
operation | The operation that the key will be used for: MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT. |
0
on success. int mbedtls_cipher_setup | ( | mbedtls_cipher_context_t * | ctx, |
const mbedtls_cipher_info_t * | cipher_info | ||
) |
This function initializes and fills the cipher-context structure with the appropriate values. It also clears the structure.
ctx | The context to initialize. This must be initialized. |
cipher_info | The cipher to use. |
0
on success. int mbedtls_cipher_update | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | input, | ||
size_t | ilen, | ||
unsigned char * | output, | ||
size_t * | olen | ||
) |
The generic cipher update function. It encrypts or decrypts using the given cipher context. Writes as many block-sized blocks of data as possible to output. Any data that cannot be written immediately is either added to the next block, or flushed when mbedtls_cipher_finish() is called. Exception: For MBEDTLS_MODE_ECB, expects a single block in size. For example, 16 Bytes for AES.
ilen
as a multiple of the block size of the cipher.ctx | The generic cipher context. This must be initialized and bound to a key. |
input | The buffer holding the input data. This must be a readable buffer of at least ilen Bytes. |
ilen | The length of the input data. |
output | The buffer for the output data. This must be able to hold at least ilen + block_size . This must not be the same buffer as input . |
olen | The length of the output data, to be updated with the actual number of Bytes written. This must not be NULL . |
0
on success. int mbedtls_cipher_update_ad | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | ad, | ||
size_t | ad_len | ||
) |
This function adds additional data for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called exactly once, after mbedtls_cipher_reset().
ctx | The generic cipher context. This must be initialized. |
ad | The additional data to use. This must be a readable buffer of at least ad_len Bytes. |
ad_len | the Length of ad Bytes. |
0
on success. int mbedtls_cipher_write_tag | ( | mbedtls_cipher_context_t * | ctx, |
unsigned char * | tag, | ||
size_t | tag_len | ||
) |
This function writes a tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish().
ctx | The generic cipher context. This must be initialized, bound to a key, and have just completed a cipher operation through mbedtls_cipher_finish() the tag for which should be written. |
tag | The buffer to write the tag to. This must be a writable buffer of at least tag_len Bytes. |
tag_len | The length of the tag to write. |
0
on success.