ReactOS 0.4.15-dev-7942-gd23573b
cipher.c
Go to the documentation of this file.
1
51#if !defined(MBEDTLS_CONFIG_FILE)
52#include "mbedtls/config.h"
53#else
54#include MBEDTLS_CONFIG_FILE
55#endif
56
57#if defined(MBEDTLS_CIPHER_C)
58
59#include "mbedtls/cipher.h"
60#include "mbedtls/cipher_internal.h"
61#include "mbedtls/platform_util.h"
62
63#include <stdlib.h>
64#include <string.h>
65
66#if defined(MBEDTLS_CHACHAPOLY_C)
67#include "mbedtls/chachapoly.h"
68#endif
69
70#if defined(MBEDTLS_GCM_C)
71#include "mbedtls/gcm.h"
72#endif
73
74#if defined(MBEDTLS_CCM_C)
75#include "mbedtls/ccm.h"
76#endif
77
78#if defined(MBEDTLS_CHACHA20_C)
79#include "mbedtls/chacha20.h"
80#endif
81
82#if defined(MBEDTLS_CMAC_C)
83#include "mbedtls/cmac.h"
84#endif
85
86#if defined(MBEDTLS_PLATFORM_C)
87#include "mbedtls/platform.h"
88#else
89#define mbedtls_calloc calloc
90#define mbedtls_free free
91#endif
92
93#define CIPHER_VALIDATE_RET( cond ) \
94 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA )
95#define CIPHER_VALIDATE( cond ) \
96 MBEDTLS_INTERNAL_VALIDATE( cond )
97
98#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
99/* Compare the contents of two buffers in constant time.
100 * Returns 0 if the contents are bitwise identical, otherwise returns
101 * a non-zero value.
102 * This is currently only used by GCM and ChaCha20+Poly1305.
103 */
104static int mbedtls_constant_time_memcmp( const void *v1, const void *v2, size_t len )
105{
106 const unsigned char *p1 = (const unsigned char*) v1;
107 const unsigned char *p2 = (const unsigned char*) v2;
108 size_t i;
109 unsigned char diff;
110
111 for( diff = 0, i = 0; i < len; i++ )
112 diff |= p1[i] ^ p2[i];
113
114 return( (int)diff );
115}
116#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
117
118static int supported_init = 0;
119
120const int *mbedtls_cipher_list( void )
121{
122 const mbedtls_cipher_definition_t *def;
123 int *type;
124
125 if( ! supported_init )
126 {
127 def = mbedtls_cipher_definitions;
128 type = mbedtls_cipher_supported;
129
130 while( def->type != 0 )
131 *type++ = (*def++).type;
132
133 *type = 0;
134
135 supported_init = 1;
136 }
137
138 return( mbedtls_cipher_supported );
139}
140
141const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type )
142{
143 const mbedtls_cipher_definition_t *def;
144
145 for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
146 if( def->type == cipher_type )
147 return( def->info );
148
149 return( NULL );
150}
151
152const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name )
153{
154 const mbedtls_cipher_definition_t *def;
155
156 if( NULL == cipher_name )
157 return( NULL );
158
159 for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
160 if( ! strcmp( def->info->name, cipher_name ) )
161 return( def->info );
162
163 return( NULL );
164}
165
166const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
167 int key_bitlen,
168 const mbedtls_cipher_mode_t mode )
169{
170 const mbedtls_cipher_definition_t *def;
171
172 for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
173 if( def->info->base->cipher == cipher_id &&
174 def->info->key_bitlen == (unsigned) key_bitlen &&
175 def->info->mode == mode )
176 return( def->info );
177
178 return( NULL );
179}
180
181void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx )
182{
183 CIPHER_VALIDATE( ctx != NULL );
184 memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
185}
186
187void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
188{
189 if( ctx == NULL )
190 return;
191
192#if defined(MBEDTLS_CMAC_C)
193 if( ctx->cmac_ctx )
194 {
195 mbedtls_platform_zeroize( ctx->cmac_ctx,
196 sizeof( mbedtls_cmac_context_t ) );
197 mbedtls_free( ctx->cmac_ctx );
198 }
199#endif
200
201 if( ctx->cipher_ctx )
202 ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
203
204 mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
205}
206
207int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info )
208{
209 CIPHER_VALIDATE_RET( ctx != NULL );
210 if( cipher_info == NULL )
211 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
212
213 memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
214
215 if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
216 return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
217
218 ctx->cipher_info = cipher_info;
219
220#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
221 /*
222 * Ignore possible errors caused by a cipher mode that doesn't use padding
223 */
224#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
225 (void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_PKCS7 );
226#else
227 (void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_NONE );
228#endif
229#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
230
231 return( 0 );
232}
233
234int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
235 const unsigned char *key,
236 int key_bitlen,
237 const mbedtls_operation_t operation )
238{
239 CIPHER_VALIDATE_RET( ctx != NULL );
240 CIPHER_VALIDATE_RET( key != NULL );
241 CIPHER_VALIDATE_RET( operation == MBEDTLS_ENCRYPT ||
242 operation == MBEDTLS_DECRYPT );
243 if( ctx->cipher_info == NULL )
244 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
245
246 if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ) == 0 &&
247 (int) ctx->cipher_info->key_bitlen != key_bitlen )
248 {
249 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
250 }
251
252 ctx->key_bitlen = key_bitlen;
253 ctx->operation = operation;
254
255 /*
256 * For OFB, CFB and CTR mode always use the encryption key schedule
257 */
258 if( MBEDTLS_ENCRYPT == operation ||
259 MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
260 MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
261 MBEDTLS_MODE_CTR == ctx->cipher_info->mode )
262 {
263 return( ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
264 ctx->key_bitlen ) );
265 }
266
267 if( MBEDTLS_DECRYPT == operation )
268 return( ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
269 ctx->key_bitlen ) );
270
271 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
272}
273
274int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
275 const unsigned char *iv,
276 size_t iv_len )
277{
278 size_t actual_iv_size;
279
280 CIPHER_VALIDATE_RET( ctx != NULL );
281 CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
282 if( ctx->cipher_info == NULL )
283 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
284
285 /* avoid buffer overflow in ctx->iv */
286 if( iv_len > MBEDTLS_MAX_IV_LENGTH )
287 return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
288
289 if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_IV_LEN ) != 0 )
290 actual_iv_size = iv_len;
291 else
292 {
293 actual_iv_size = ctx->cipher_info->iv_size;
294
295 /* avoid reading past the end of input buffer */
296 if( actual_iv_size > iv_len )
297 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
298 }
299
300#if defined(MBEDTLS_CHACHA20_C)
301 if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20 )
302 {
303 if ( 0 != mbedtls_chacha20_starts( (mbedtls_chacha20_context*)ctx->cipher_ctx,
304 iv,
305 0U ) ) /* Initial counter value */
306 {
307 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
308 }
309 }
310#endif
311
312 if ( actual_iv_size != 0 )
313 {
314 memcpy( ctx->iv, iv, actual_iv_size );
315 ctx->iv_size = actual_iv_size;
316 }
317
318 return( 0 );
319}
320
321int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
322{
323 CIPHER_VALIDATE_RET( ctx != NULL );
324 if( ctx->cipher_info == NULL )
325 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
326
327 ctx->unprocessed_len = 0;
328
329 return( 0 );
330}
331
332#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
333int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
334 const unsigned char *ad, size_t ad_len )
335{
336 CIPHER_VALIDATE_RET( ctx != NULL );
337 CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
338 if( ctx->cipher_info == NULL )
339 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
340
341#if defined(MBEDTLS_GCM_C)
342 if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
343 {
344 return( mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation,
345 ctx->iv, ctx->iv_size, ad, ad_len ) );
346 }
347#endif
348
349#if defined(MBEDTLS_CHACHAPOLY_C)
350 if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
351 {
352 int result;
353 mbedtls_chachapoly_mode_t mode;
354
355 mode = ( ctx->operation == MBEDTLS_ENCRYPT )
356 ? MBEDTLS_CHACHAPOLY_ENCRYPT
357 : MBEDTLS_CHACHAPOLY_DECRYPT;
358
359 result = mbedtls_chachapoly_starts( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
360 ctx->iv,
361 mode );
362 if ( result != 0 )
363 return( result );
364
365 return( mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
366 ad, ad_len ) );
367 }
368#endif
369
370 return( 0 );
371}
372#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
373
374int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
375 size_t ilen, unsigned char *output, size_t *olen )
376{
377 int ret;
378 size_t block_size;
379
380 CIPHER_VALIDATE_RET( ctx != NULL );
381 CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
382 CIPHER_VALIDATE_RET( output != NULL );
383 CIPHER_VALIDATE_RET( olen != NULL );
384 if( ctx->cipher_info == NULL )
385 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
386
387 *olen = 0;
388 block_size = mbedtls_cipher_get_block_size( ctx );
389 if ( 0 == block_size )
390 {
391 return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
392 }
393
394 if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB )
395 {
396 if( ilen != block_size )
397 return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
398
399 *olen = ilen;
400
401 if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx,
402 ctx->operation, input, output ) ) )
403 {
404 return( ret );
405 }
406
407 return( 0 );
408 }
409
410#if defined(MBEDTLS_GCM_C)
411 if( ctx->cipher_info->mode == MBEDTLS_MODE_GCM )
412 {
413 *olen = ilen;
414 return( mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input,
415 output ) );
416 }
417#endif
418
419#if defined(MBEDTLS_CHACHAPOLY_C)
420 if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
421 {
422 *olen = ilen;
423 return( mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
424 ilen, input, output ) );
425 }
426#endif
427
428 if( input == output &&
429 ( ctx->unprocessed_len != 0 || ilen % block_size ) )
430 {
431 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
432 }
433
434#if defined(MBEDTLS_CIPHER_MODE_CBC)
435 if( ctx->cipher_info->mode == MBEDTLS_MODE_CBC )
436 {
437 size_t copy_len = 0;
438
439 /*
440 * If there is not enough data for a full block, cache it.
441 */
442 if( ( ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding &&
443 ilen <= block_size - ctx->unprocessed_len ) ||
444 ( ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding &&
445 ilen < block_size - ctx->unprocessed_len ) ||
446 ( ctx->operation == MBEDTLS_ENCRYPT &&
447 ilen < block_size - ctx->unprocessed_len ) )
448 {
449 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
450 ilen );
451
452 ctx->unprocessed_len += ilen;
453 return( 0 );
454 }
455
456 /*
457 * Process cached data first
458 */
459 if( 0 != ctx->unprocessed_len )
460 {
461 copy_len = block_size - ctx->unprocessed_len;
462
463 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
464 copy_len );
465
466 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
467 ctx->operation, block_size, ctx->iv,
468 ctx->unprocessed_data, output ) ) )
469 {
470 return( ret );
471 }
472
473 *olen += block_size;
474 output += block_size;
475 ctx->unprocessed_len = 0;
476
477 input += copy_len;
478 ilen -= copy_len;
479 }
480
481 /*
482 * Cache final, incomplete block
483 */
484 if( 0 != ilen )
485 {
486 /* Encryption: only cache partial blocks
487 * Decryption w/ padding: always keep at least one whole block
488 * Decryption w/o padding: only cache partial blocks
489 */
490 copy_len = ilen % block_size;
491 if( copy_len == 0 &&
492 ctx->operation == MBEDTLS_DECRYPT &&
493 NULL != ctx->add_padding)
494 {
495 copy_len = block_size;
496 }
497
498 memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
499 copy_len );
500
501 ctx->unprocessed_len += copy_len;
502 ilen -= copy_len;
503 }
504
505 /*
506 * Process remaining full blocks
507 */
508 if( ilen )
509 {
510 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
511 ctx->operation, ilen, ctx->iv, input, output ) ) )
512 {
513 return( ret );
514 }
515
516 *olen += ilen;
517 }
518
519 return( 0 );
520 }
521#endif /* MBEDTLS_CIPHER_MODE_CBC */
522
523#if defined(MBEDTLS_CIPHER_MODE_CFB)
524 if( ctx->cipher_info->mode == MBEDTLS_MODE_CFB )
525 {
526 if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
527 ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
528 input, output ) ) )
529 {
530 return( ret );
531 }
532
533 *olen = ilen;
534
535 return( 0 );
536 }
537#endif /* MBEDTLS_CIPHER_MODE_CFB */
538
539#if defined(MBEDTLS_CIPHER_MODE_OFB)
540 if( ctx->cipher_info->mode == MBEDTLS_MODE_OFB )
541 {
542 if( 0 != ( ret = ctx->cipher_info->base->ofb_func( ctx->cipher_ctx,
543 ilen, &ctx->unprocessed_len, ctx->iv, input, output ) ) )
544 {
545 return( ret );
546 }
547
548 *olen = ilen;
549
550 return( 0 );
551 }
552#endif /* MBEDTLS_CIPHER_MODE_OFB */
553
554#if defined(MBEDTLS_CIPHER_MODE_CTR)
555 if( ctx->cipher_info->mode == MBEDTLS_MODE_CTR )
556 {
557 if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
558 ilen, &ctx->unprocessed_len, ctx->iv,
559 ctx->unprocessed_data, input, output ) ) )
560 {
561 return( ret );
562 }
563
564 *olen = ilen;
565
566 return( 0 );
567 }
568#endif /* MBEDTLS_CIPHER_MODE_CTR */
569
570#if defined(MBEDTLS_CIPHER_MODE_XTS)
571 if( ctx->cipher_info->mode == MBEDTLS_MODE_XTS )
572 {
573 if( ctx->unprocessed_len > 0 ) {
574 /* We can only process an entire data unit at a time. */
575 return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
576 }
577
578 ret = ctx->cipher_info->base->xts_func( ctx->cipher_ctx,
579 ctx->operation, ilen, ctx->iv, input, output );
580 if( ret != 0 )
581 {
582 return( ret );
583 }
584
585 *olen = ilen;
586
587 return( 0 );
588 }
589#endif /* MBEDTLS_CIPHER_MODE_XTS */
590
591#if defined(MBEDTLS_CIPHER_MODE_STREAM)
592 if( ctx->cipher_info->mode == MBEDTLS_MODE_STREAM )
593 {
594 if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
595 ilen, input, output ) ) )
596 {
597 return( ret );
598 }
599
600 *olen = ilen;
601
602 return( 0 );
603 }
604#endif /* MBEDTLS_CIPHER_MODE_STREAM */
605
606 return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
607}
608
609#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
610#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
611/*
612 * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
613 */
614static void add_pkcs_padding( unsigned char *output, size_t output_len,
615 size_t data_len )
616{
617 size_t padding_len = output_len - data_len;
618 unsigned char i;
619
620 for( i = 0; i < padding_len; i++ )
621 output[data_len + i] = (unsigned char) padding_len;
622}
623
624static int get_pkcs_padding( unsigned char *input, size_t input_len,
625 size_t *data_len )
626{
627 size_t i, pad_idx;
628 unsigned char padding_len, bad = 0;
629
630 if( NULL == input || NULL == data_len )
631 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
632
633 padding_len = input[input_len - 1];
634 *data_len = input_len - padding_len;
635
636 /* Avoid logical || since it results in a branch */
637 bad |= padding_len > input_len;
638 bad |= padding_len == 0;
639
640 /* The number of bytes checked must be independent of padding_len,
641 * so pick input_len, which is usually 8 or 16 (one block) */
642 pad_idx = input_len - padding_len;
643 for( i = 0; i < input_len; i++ )
644 bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx );
645
646 return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
647}
648#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
649
650#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
651/*
652 * One and zeros padding: fill with 80 00 ... 00
653 */
654static void add_one_and_zeros_padding( unsigned char *output,
655 size_t output_len, size_t data_len )
656{
657 size_t padding_len = output_len - data_len;
658 unsigned char i = 0;
659
660 output[data_len] = 0x80;
661 for( i = 1; i < padding_len; i++ )
662 output[data_len + i] = 0x00;
663}
664
665static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
666 size_t *data_len )
667{
668 size_t i;
669 unsigned char done = 0, prev_done, bad;
670
671 if( NULL == input || NULL == data_len )
672 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
673
674 bad = 0x80;
675 *data_len = 0;
676 for( i = input_len; i > 0; i-- )
677 {
678 prev_done = done;
679 done |= ( input[i - 1] != 0 );
680 *data_len |= ( i - 1 ) * ( done != prev_done );
681 bad ^= input[i - 1] * ( done != prev_done );
682 }
683
684 return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
685
686}
687#endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
688
689#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
690/*
691 * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
692 */
693static void add_zeros_and_len_padding( unsigned char *output,
694 size_t output_len, size_t data_len )
695{
696 size_t padding_len = output_len - data_len;
697 unsigned char i = 0;
698
699 for( i = 1; i < padding_len; i++ )
700 output[data_len + i - 1] = 0x00;
701 output[output_len - 1] = (unsigned char) padding_len;
702}
703
704static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
705 size_t *data_len )
706{
707 size_t i, pad_idx;
708 unsigned char padding_len, bad = 0;
709
710 if( NULL == input || NULL == data_len )
711 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
712
713 padding_len = input[input_len - 1];
714 *data_len = input_len - padding_len;
715
716 /* Avoid logical || since it results in a branch */
717 bad |= padding_len > input_len;
718 bad |= padding_len == 0;
719
720 /* The number of bytes checked must be independent of padding_len */
721 pad_idx = input_len - padding_len;
722 for( i = 0; i < input_len - 1; i++ )
723 bad |= input[i] * ( i >= pad_idx );
724
725 return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
726}
727#endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
728
729#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
730/*
731 * Zero padding: fill with 00 ... 00
732 */
733static void add_zeros_padding( unsigned char *output,
734 size_t output_len, size_t data_len )
735{
736 size_t i;
737
738 for( i = data_len; i < output_len; i++ )
739 output[i] = 0x00;
740}
741
742static int get_zeros_padding( unsigned char *input, size_t input_len,
743 size_t *data_len )
744{
745 size_t i;
746 unsigned char done = 0, prev_done;
747
748 if( NULL == input || NULL == data_len )
749 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
750
751 *data_len = 0;
752 for( i = input_len; i > 0; i-- )
753 {
754 prev_done = done;
755 done |= ( input[i-1] != 0 );
756 *data_len |= i * ( done != prev_done );
757 }
758
759 return( 0 );
760}
761#endif /* MBEDTLS_CIPHER_PADDING_ZEROS */
762
763/*
764 * No padding: don't pad :)
765 *
766 * There is no add_padding function (check for NULL in mbedtls_cipher_finish)
767 * but a trivial get_padding function
768 */
769static int get_no_padding( unsigned char *input, size_t input_len,
770 size_t *data_len )
771{
772 if( NULL == input || NULL == data_len )
773 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
774
775 *data_len = input_len;
776
777 return( 0 );
778}
779#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
780
781int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
782 unsigned char *output, size_t *olen )
783{
784 CIPHER_VALIDATE_RET( ctx != NULL );
785 CIPHER_VALIDATE_RET( output != NULL );
786 CIPHER_VALIDATE_RET( olen != NULL );
787 if( ctx->cipher_info == NULL )
788 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
789
790 *olen = 0;
791
792 if( MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
793 MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
794 MBEDTLS_MODE_CTR == ctx->cipher_info->mode ||
795 MBEDTLS_MODE_GCM == ctx->cipher_info->mode ||
796 MBEDTLS_MODE_XTS == ctx->cipher_info->mode ||
797 MBEDTLS_MODE_STREAM == ctx->cipher_info->mode )
798 {
799 return( 0 );
800 }
801
802 if ( ( MBEDTLS_CIPHER_CHACHA20 == ctx->cipher_info->type ) ||
803 ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) )
804 {
805 return( 0 );
806 }
807
808 if( MBEDTLS_MODE_ECB == ctx->cipher_info->mode )
809 {
810 if( ctx->unprocessed_len != 0 )
811 return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
812
813 return( 0 );
814 }
815
816#if defined(MBEDTLS_CIPHER_MODE_CBC)
817 if( MBEDTLS_MODE_CBC == ctx->cipher_info->mode )
818 {
819 int ret = 0;
820
821 if( MBEDTLS_ENCRYPT == ctx->operation )
822 {
823 /* check for 'no padding' mode */
824 if( NULL == ctx->add_padding )
825 {
826 if( 0 != ctx->unprocessed_len )
827 return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
828
829 return( 0 );
830 }
831
832 ctx->add_padding( ctx->unprocessed_data, mbedtls_cipher_get_iv_size( ctx ),
833 ctx->unprocessed_len );
834 }
835 else if( mbedtls_cipher_get_block_size( ctx ) != ctx->unprocessed_len )
836 {
837 /*
838 * For decrypt operations, expect a full block,
839 * or an empty block if no padding
840 */
841 if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
842 return( 0 );
843
844 return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
845 }
846
847 /* cipher block */
848 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
849 ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv,
850 ctx->unprocessed_data, output ) ) )
851 {
852 return( ret );
853 }
854
855 /* Set output size for decryption */
856 if( MBEDTLS_DECRYPT == ctx->operation )
857 return( ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ),
858 olen ) );
859
860 /* Set output size for encryption */
861 *olen = mbedtls_cipher_get_block_size( ctx );
862 return( 0 );
863 }
864#else
865 ((void) output);
866#endif /* MBEDTLS_CIPHER_MODE_CBC */
867
868 return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
869}
870
871#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
872int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
873 mbedtls_cipher_padding_t mode )
874{
875 CIPHER_VALIDATE_RET( ctx != NULL );
876
877 if( NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode )
878 {
879 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
880 }
881
882 switch( mode )
883 {
884#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
885 case MBEDTLS_PADDING_PKCS7:
886 ctx->add_padding = add_pkcs_padding;
887 ctx->get_padding = get_pkcs_padding;
888 break;
889#endif
890#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
891 case MBEDTLS_PADDING_ONE_AND_ZEROS:
892 ctx->add_padding = add_one_and_zeros_padding;
893 ctx->get_padding = get_one_and_zeros_padding;
894 break;
895#endif
896#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
897 case MBEDTLS_PADDING_ZEROS_AND_LEN:
898 ctx->add_padding = add_zeros_and_len_padding;
899 ctx->get_padding = get_zeros_and_len_padding;
900 break;
901#endif
902#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
903 case MBEDTLS_PADDING_ZEROS:
904 ctx->add_padding = add_zeros_padding;
905 ctx->get_padding = get_zeros_padding;
906 break;
907#endif
908 case MBEDTLS_PADDING_NONE:
909 ctx->add_padding = NULL;
910 ctx->get_padding = get_no_padding;
911 break;
912
913 default:
914 return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
915 }
916
917 return( 0 );
918}
919#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
920
921#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
922int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
923 unsigned char *tag, size_t tag_len )
924{
925 CIPHER_VALIDATE_RET( ctx != NULL );
926 CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
927 if( ctx->cipher_info == NULL )
928 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
929
930 if( MBEDTLS_ENCRYPT != ctx->operation )
931 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
932
933#if defined(MBEDTLS_GCM_C)
934 if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
935 return( mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx,
936 tag, tag_len ) );
937#endif
938
939#if defined(MBEDTLS_CHACHAPOLY_C)
940 if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
941 {
942 /* Don't allow truncated MAC for Poly1305 */
943 if ( tag_len != 16U )
944 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
945
946 return( mbedtls_chachapoly_finish( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
947 tag ) );
948 }
949#endif
950
951 return( 0 );
952}
953
954int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
955 const unsigned char *tag, size_t tag_len )
956{
957 unsigned char check_tag[16];
958 int ret;
959
960 CIPHER_VALIDATE_RET( ctx != NULL );
961 CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
962 if( ctx->cipher_info == NULL )
963 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
964
965 if( MBEDTLS_DECRYPT != ctx->operation )
966 {
967 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
968 }
969
970#if defined(MBEDTLS_GCM_C)
971 if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
972 {
973 if( tag_len > sizeof( check_tag ) )
974 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
975
976 if( 0 != ( ret = mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx,
977 check_tag, tag_len ) ) )
978 {
979 return( ret );
980 }
981
982 /* Check the tag in "constant-time" */
983 if( mbedtls_constant_time_memcmp( tag, check_tag, tag_len ) != 0 )
984 return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
985
986 return( 0 );
987 }
988#endif /* MBEDTLS_GCM_C */
989
990#if defined(MBEDTLS_CHACHAPOLY_C)
991 if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
992 {
993 /* Don't allow truncated MAC for Poly1305 */
994 if ( tag_len != sizeof( check_tag ) )
995 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
996
997 ret = mbedtls_chachapoly_finish( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
998 check_tag );
999 if ( ret != 0 )
1000 {
1001 return( ret );
1002 }
1003
1004 /* Check the tag in "constant-time" */
1005 if( mbedtls_constant_time_memcmp( tag, check_tag, tag_len ) != 0 )
1006 return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
1007
1008 return( 0 );
1009 }
1010#endif /* MBEDTLS_CHACHAPOLY_C */
1011
1012 return( 0 );
1013}
1014#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
1015
1016/*
1017 * Packet-oriented wrapper for non-AEAD modes
1018 */
1019int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
1020 const unsigned char *iv, size_t iv_len,
1021 const unsigned char *input, size_t ilen,
1022 unsigned char *output, size_t *olen )
1023{
1024 int ret;
1025 size_t finish_olen;
1026
1027 CIPHER_VALIDATE_RET( ctx != NULL );
1028 CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
1029 CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
1030 CIPHER_VALIDATE_RET( output != NULL );
1031 CIPHER_VALIDATE_RET( olen != NULL );
1032
1033 if( ( ret = mbedtls_cipher_set_iv( ctx, iv, iv_len ) ) != 0 )
1034 return( ret );
1035
1036 if( ( ret = mbedtls_cipher_reset( ctx ) ) != 0 )
1037 return( ret );
1038
1039 if( ( ret = mbedtls_cipher_update( ctx, input, ilen, output, olen ) ) != 0 )
1040 return( ret );
1041
1042 if( ( ret = mbedtls_cipher_finish( ctx, output + *olen, &finish_olen ) ) != 0 )
1043 return( ret );
1044
1045 *olen += finish_olen;
1046
1047 return( 0 );
1048}
1049
1050#if defined(MBEDTLS_CIPHER_MODE_AEAD)
1051/*
1052 * Packet-oriented encryption for AEAD modes
1053 */
1054int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
1055 const unsigned char *iv, size_t iv_len,
1056 const unsigned char *ad, size_t ad_len,
1057 const unsigned char *input, size_t ilen,
1058 unsigned char *output, size_t *olen,
1059 unsigned char *tag, size_t tag_len )
1060{
1061 CIPHER_VALIDATE_RET( ctx != NULL );
1062 CIPHER_VALIDATE_RET( iv != NULL );
1063 CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
1064 CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
1065 CIPHER_VALIDATE_RET( output != NULL );
1066 CIPHER_VALIDATE_RET( olen != NULL );
1067 CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
1068
1069#if defined(MBEDTLS_GCM_C)
1070 if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
1071 {
1072 *olen = ilen;
1073 return( mbedtls_gcm_crypt_and_tag( ctx->cipher_ctx, MBEDTLS_GCM_ENCRYPT, ilen,
1074 iv, iv_len, ad, ad_len, input, output,
1075 tag_len, tag ) );
1076 }
1077#endif /* MBEDTLS_GCM_C */
1078#if defined(MBEDTLS_CCM_C)
1079 if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
1080 {
1081 *olen = ilen;
1082 return( mbedtls_ccm_encrypt_and_tag( ctx->cipher_ctx, ilen,
1083 iv, iv_len, ad, ad_len, input, output,
1084 tag, tag_len ) );
1085 }
1086#endif /* MBEDTLS_CCM_C */
1087#if defined(MBEDTLS_CHACHAPOLY_C)
1088 if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
1089 {
1090 /* ChachaPoly has fixed length nonce and MAC (tag) */
1091 if ( ( iv_len != ctx->cipher_info->iv_size ) ||
1092 ( tag_len != 16U ) )
1093 {
1094 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
1095 }
1096
1097 *olen = ilen;
1098 return( mbedtls_chachapoly_encrypt_and_tag( ctx->cipher_ctx,
1099 ilen, iv, ad, ad_len, input, output, tag ) );
1100 }
1101#endif /* MBEDTLS_CHACHAPOLY_C */
1102
1103 return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
1104}
1105
1106/*
1107 * Packet-oriented decryption for AEAD modes
1108 */
1109int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
1110 const unsigned char *iv, size_t iv_len,
1111 const unsigned char *ad, size_t ad_len,
1112 const unsigned char *input, size_t ilen,
1113 unsigned char *output, size_t *olen,
1114 const unsigned char *tag, size_t tag_len )
1115{
1116 CIPHER_VALIDATE_RET( ctx != NULL );
1117 CIPHER_VALIDATE_RET( iv != NULL );
1118 CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
1119 CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
1120 CIPHER_VALIDATE_RET( output != NULL );
1121 CIPHER_VALIDATE_RET( olen != NULL );
1122 CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
1123
1124#if defined(MBEDTLS_GCM_C)
1125 if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
1126 {
1127 int ret;
1128
1129 *olen = ilen;
1130 ret = mbedtls_gcm_auth_decrypt( ctx->cipher_ctx, ilen,
1131 iv, iv_len, ad, ad_len,
1132 tag, tag_len, input, output );
1133
1134 if( ret == MBEDTLS_ERR_GCM_AUTH_FAILED )
1135 ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
1136
1137 return( ret );
1138 }
1139#endif /* MBEDTLS_GCM_C */
1140#if defined(MBEDTLS_CCM_C)
1141 if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
1142 {
1143 int ret;
1144
1145 *olen = ilen;
1146 ret = mbedtls_ccm_auth_decrypt( ctx->cipher_ctx, ilen,
1147 iv, iv_len, ad, ad_len,
1148 input, output, tag, tag_len );
1149
1150 if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
1151 ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
1152
1153 return( ret );
1154 }
1155#endif /* MBEDTLS_CCM_C */
1156#if defined(MBEDTLS_CHACHAPOLY_C)
1157 if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
1158 {
1159 int ret;
1160
1161 /* ChachaPoly has fixed length nonce and MAC (tag) */
1162 if ( ( iv_len != ctx->cipher_info->iv_size ) ||
1163 ( tag_len != 16U ) )
1164 {
1165 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
1166 }
1167
1168 *olen = ilen;
1169 ret = mbedtls_chachapoly_auth_decrypt( ctx->cipher_ctx, ilen,
1170 iv, ad, ad_len, tag, input, output );
1171
1172 if( ret == MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED )
1173 ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
1174
1175 return( ret );
1176 }
1177#endif /* MBEDTLS_CHACHAPOLY_C */
1178
1179 return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
1180}
1181#endif /* MBEDTLS_CIPHER_MODE_AEAD */
1182
1183#endif /* MBEDTLS_CIPHER_C */
strcmp
int strcmp(const char *String1, const char *String2)
Definition: utclib.c:469
operation
operation
Definition: copy.c:29
U
#define U(x)
Definition: wordpad.c:45
ccm.h
This file provides an API for the CCM authenticated encryption mode for block ciphers.
mbedtls_ccm_encrypt_and_tag
int mbedtls_ccm_encrypt_and_tag(mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, unsigned char *tag, size_t tag_len)
This function encrypts a buffer using CCM.
mbedtls_ccm_auth_decrypt
int mbedtls_ccm_auth_decrypt(mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, const unsigned char *tag, size_t tag_len)
This function performs a CCM authenticated decryption of a buffer.
MBEDTLS_ERR_CCM_AUTH_FAILED
#define MBEDTLS_ERR_CCM_AUTH_FAILED
Definition: ccm.h:86
chacha20.h
This file contains ChaCha20 definitions and functions.
mbedtls_chacha20_starts
int mbedtls_chacha20_starts(mbedtls_chacha20_context *ctx, const unsigned char nonce[12], uint32_t counter)
This function sets the nonce and initial counter value.
chachapoly.h
This file contains the AEAD-ChaCha20-Poly1305 definitions and functions.
mbedtls_chachapoly_finish
int mbedtls_chachapoly_finish(mbedtls_chachapoly_context *ctx, unsigned char mac[16])
This function finished the ChaCha20-Poly1305 operation and generates the MAC (authentication tag).
mbedtls_chachapoly_starts
int mbedtls_chachapoly_starts(mbedtls_chachapoly_context *ctx, const unsigned char nonce[12], mbedtls_chachapoly_mode_t mode)
This function starts a ChaCha20-Poly1305 encryption or decryption operation.
mbedtls_chachapoly_update
int mbedtls_chachapoly_update(mbedtls_chachapoly_context *ctx, size_t len, const unsigned char *input, unsigned char *output)
Thus function feeds data to be encrypted or decrypted into an on-going ChaCha20-Poly1305 operation.
mbedtls_chachapoly_encrypt_and_tag
int mbedtls_chachapoly_encrypt_and_tag(mbedtls_chachapoly_context *ctx, size_t length, const unsigned char nonce[12], const unsigned char *aad, size_t aad_len, const unsigned char *input, unsigned char *output, unsigned char tag[16])
This function performs a complete ChaCha20-Poly1305 authenticated encryption with the previously-set ...
MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
Definition: chachapoly.h:72
mbedtls_chachapoly_mode_t
mbedtls_chachapoly_mode_t
Definition: chachapoly.h:79
MBEDTLS_CHACHAPOLY_ENCRYPT
@ MBEDTLS_CHACHAPOLY_ENCRYPT
Definition: chachapoly.h:80
MBEDTLS_CHACHAPOLY_DECRYPT
@ MBEDTLS_CHACHAPOLY_DECRYPT
Definition: chachapoly.h:81
mbedtls_chachapoly_auth_decrypt
int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx, size_t length, const unsigned char nonce[12], const unsigned char *aad, size_t aad_len, const unsigned char tag[16], const unsigned char *input, unsigned char *output)
This function performs a complete ChaCha20-Poly1305 authenticated decryption with the previously-set ...
mbedtls_chachapoly_update_aad
int mbedtls_chachapoly_update_aad(mbedtls_chachapoly_context *ctx, const unsigned char *aad, size_t aad_len)
This function feeds additional data to be authenticated into an ongoing ChaCha20-Poly1305 operation.
cipher.h
This file contains an abstraction interface for use with the cipher primitives provided by the librar...
mbedtls_cipher_setup
int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info)
This function initializes and fills the cipher-context structure with the appropriate values....
mbedtls_cipher_type_t
mbedtls_cipher_type_t
Supported {cipher type, cipher mode} pairs.
Definition: cipher.h:129
MBEDTLS_CIPHER_CHACHA20
@ MBEDTLS_CIPHER_CHACHA20
Definition: cipher.h:202
MBEDTLS_CIPHER_CHACHA20_POLY1305
@ MBEDTLS_CIPHER_CHACHA20_POLY1305
Definition: cipher.h:203
mbedtls_cipher_setkey
int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation)
This function sets the key to use with the given context.
MBEDTLS_ERR_CIPHER_INVALID_PADDING
#define MBEDTLS_ERR_CIPHER_INVALID_PADDING
Definition: cipher.h:87
mbedtls_cipher_crypt
int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
The generic all-in-one encryption/decryption function, for all ciphers except AEAD constructs.
mbedtls_cipher_reset
int mbedtls_cipher_reset(mbedtls_cipher_context_t *ctx)
This function resets the cipher state.
MBEDTLS_CIPHER_VARIABLE_IV_LEN
#define MBEDTLS_CIPHER_VARIABLE_IV_LEN
Definition: cipher.h:95
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
Definition: cipher.h:84
mbedtls_cipher_set_iv
int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len)
This function sets the initialization vector (IV) or nonce.
mbedtls_cipher_padding_t
mbedtls_cipher_padding_t
Definition: cipher.h:222
MBEDTLS_PADDING_ZEROS
@ MBEDTLS_PADDING_ZEROS
Definition: cipher.h:226
MBEDTLS_PADDING_ONE_AND_ZEROS
@ MBEDTLS_PADDING_ONE_AND_ZEROS
Definition: cipher.h:224
MBEDTLS_PADDING_PKCS7
@ MBEDTLS_PADDING_PKCS7
Definition: cipher.h:223
MBEDTLS_PADDING_ZEROS_AND_LEN
@ MBEDTLS_PADDING_ZEROS_AND_LEN
Definition: cipher.h:225
MBEDTLS_PADDING_NONE
@ MBEDTLS_PADDING_NONE
Definition: cipher.h:227
mbedtls_cipher_auth_encrypt
int mbedtls_cipher_auth_encrypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, unsigned char *tag, size_t tag_len)
The generic autenticated encryption (AEAD) function.
mbedtls_cipher_finish
int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen)
The generic cipher finalization function. If data still needs to be flushed from an incomplete block,...
MBEDTLS_ERR_CIPHER_AUTH_FAILED
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED
Definition: cipher.h:89
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
Definition: cipher.h:85
mbedtls_cipher_auth_decrypt
int mbedtls_cipher_auth_decrypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, const unsigned char *tag, size_t tag_len)
The generic autenticated decryption (AEAD) function.
mbedtls_cipher_info_from_values
const mbedtls_cipher_info_t * mbedtls_cipher_info_from_values(const mbedtls_cipher_id_t cipher_id, int key_bitlen, const mbedtls_cipher_mode_t mode)
This function retrieves the cipher-information structure associated with the given cipher ID,...
mbedtls_cipher_init
void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx)
This function initializes a cipher_context as NONE.
mbedtls_cipher_update_ad
int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx, const unsigned char *ad, size_t ad_len)
This function adds additional data for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly13...
MBEDTLS_CIPHER_VARIABLE_KEY_LEN
#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN
Definition: cipher.h:96
mbedtls_cipher_write_tag
int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx, unsigned char *tag, size_t tag_len)
This function writes a tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305....
mbedtls_cipher_free
void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx)
This function frees and clears the cipher-specific context of ctx. Freeing ctx itself remains the res...
mbedtls_cipher_get_iv_size
static int mbedtls_cipher_get_iv_size(const mbedtls_cipher_context_t *ctx)
This function returns the size of the IV or nonce of the cipher, in Bytes.
Definition: cipher.h:491
mbedtls_cipher_update
int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
The generic cipher update function. It encrypts or decrypts using the given cipher context....
mbedtls_cipher_get_block_size
static unsigned int mbedtls_cipher_get_block_size(const mbedtls_cipher_context_t *ctx)
This function returns the block size of the given cipher.
Definition: cipher.h:452
mbedtls_operation_t
mbedtls_operation_t
Definition: cipher.h:231
MBEDTLS_DECRYPT
@ MBEDTLS_DECRYPT
Definition: cipher.h:233
MBEDTLS_ENCRYPT
@ MBEDTLS_ENCRYPT
Definition: cipher.h:234
mbedtls_cipher_info_from_string
const mbedtls_cipher_info_t * mbedtls_cipher_info_from_string(const char *cipher_name)
This function retrieves the cipher-information structure associated with the given cipher name.
mbedtls_cipher_list
const int * mbedtls_cipher_list(void)
This function retrieves the list of ciphers supported by the generic cipher module.
MBEDTLS_ERR_CIPHER_ALLOC_FAILED
#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED
Definition: cipher.h:86
MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
Definition: cipher.h:88
mbedtls_cipher_check_tag
int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx, const unsigned char *tag, size_t tag_len)
This function checks the tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305....
mbedtls_cipher_mode_t
mbedtls_cipher_mode_t
Definition: cipher.h:207
MBEDTLS_MODE_ECB
@ MBEDTLS_MODE_ECB
Definition: cipher.h:209
MBEDTLS_MODE_CCM
@ MBEDTLS_MODE_CCM
Definition: cipher.h:216
MBEDTLS_MODE_STREAM
@ MBEDTLS_MODE_STREAM
Definition: cipher.h:215
MBEDTLS_MODE_CFB
@ MBEDTLS_MODE_CFB
Definition: cipher.h:211
MBEDTLS_MODE_CTR
@ MBEDTLS_MODE_CTR
Definition: cipher.h:213
MBEDTLS_MODE_GCM
@ MBEDTLS_MODE_GCM
Definition: cipher.h:214
MBEDTLS_MODE_CBC
@ MBEDTLS_MODE_CBC
Definition: cipher.h:210
MBEDTLS_MODE_OFB
@ MBEDTLS_MODE_OFB
Definition: cipher.h:212
MBEDTLS_MODE_XTS
@ MBEDTLS_MODE_XTS
Definition: cipher.h:217
MBEDTLS_MAX_IV_LENGTH
#define MBEDTLS_MAX_IV_LENGTH
Definition: cipher.h:249
MBEDTLS_ERR_CIPHER_INVALID_CONTEXT
#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT
Definition: cipher.h:90
mbedtls_cipher_id_t
mbedtls_cipher_id_t
Supported cipher types.
Definition: cipher.h:109
mbedtls_cipher_set_padding_mode
int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode)
This function sets the padding mode, for cipher modes that use padding.
cipher_internal.h
Cipher wrappers.
mbedtls_cipher_definitions
const mbedtls_cipher_definition_t mbedtls_cipher_definitions[]
mbedtls_cipher_supported
int mbedtls_cipher_supported[]
cmac.h
This file contains CMAC definitions and functions.
NULL
#define NULL
Definition: types.h:112
char
unsigned char
Definition: typeof.h:29
gcm.h
This file contains GCM definitions and functions.
MBEDTLS_GCM_ENCRYPT
#define MBEDTLS_GCM_ENCRYPT
Definition: gcm.h:71
mbedtls_gcm_starts
int mbedtls_gcm_starts(mbedtls_gcm_context *ctx, int mode, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len)
This function starts a GCM encryption or decryption operation.
mbedtls_gcm_crypt_and_tag
int mbedtls_gcm_crypt_and_tag(mbedtls_gcm_context *ctx, int mode, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, size_t tag_len, unsigned char *tag)
This function performs GCM encryption or decryption of a buffer.
mbedtls_gcm_finish
int mbedtls_gcm_finish(mbedtls_gcm_context *ctx, unsigned char *tag, size_t tag_len)
This function finishes the GCM operation and generates the authentication tag.
MBEDTLS_ERR_GCM_AUTH_FAILED
#define MBEDTLS_ERR_GCM_AUTH_FAILED
Definition: gcm.h:74
mbedtls_gcm_update
int mbedtls_gcm_update(mbedtls_gcm_context *ctx, size_t length, const unsigned char *input, unsigned char *output)
This function feeds an input buffer into an ongoing GCM encryption or decryption operation.
mbedtls_gcm_auth_decrypt
int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *tag, size_t tag_len, const unsigned char *input, unsigned char *output)
This function performs a GCM authenticated decryption of a buffer.
type
GLuint GLuint GLsizei GLenum type
Definition: gl.h:1545
mode
GLenum mode
Definition: glext.h:6217
len
GLenum GLsizei len
Definition: glext.h:6722
v1
GLfloat GLfloat v1
Definition: glext.h:6062
input
GLenum GLenum GLenum input
Definition: glext.h:9031
v2
GLfloat GLfloat GLfloat v2
Definition: glext.h:6063
result
GLuint64EXT * result
Definition: glext.h:11304
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
block_size
static DWORD block_size(DWORD block)
Definition: jsutils.c:66
memcpy
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
mbedtls_platform_zeroize
void mbedtls_platform_zeroize(void *buf, size_t len)
Securely zeroize a buffer.
Definition: platform_util.c:98
platform_util.h
Common and shared functions used by multiple modules in the Mbed TLS library.
mbedtls_cipher_info_from_type
#define mbedtls_cipher_info_from_type
Definition: schannel_mbedtls_lazyload.h:171
config.h
Configuration options (set of defines)
platform.h
This file contains the definitions and functions of the Mbed TLS platform abstraction layer.
mbedtls_free
#define mbedtls_free
Definition: platform.h:168
memset
#define memset(x, y, z)
Definition: compat.h:39
key
Definition: copy.c:22
mbedtls_chacha20_context
Definition: chacha20.h:88
mbedtls_chachapoly_context
Definition: chachapoly.h:90
mbedtls_cipher_base_t::cipher
mbedtls_cipher_id_t cipher
Definition: cipher_internal.h:72
mbedtls_cipher_base_t::ctx_alloc_func
void *(* ctx_alloc_func)(void)
Definition: cipher_internal.h:129
mbedtls_cipher_context_t
Definition: cipher.h:310
mbedtls_cipher_definition_t
Definition: cipher_internal.h:137
mbedtls_cipher_definition_t::type
mbedtls_cipher_type_t type
Definition: cipher_internal.h:138
mbedtls_cipher_definition_t::info
const mbedtls_cipher_info_t * info
Definition: cipher_internal.h:139
mbedtls_cipher_info_t
Definition: cipher.h:268
mbedtls_cipher_info_t::key_bitlen
unsigned int key_bitlen
Definition: cipher.h:281
mbedtls_cipher_info_t::mode
mbedtls_cipher_mode_t mode
Definition: cipher.h:275
mbedtls_cipher_info_t::name
const char * name
Definition: cipher.h:284
mbedtls_cipher_info_t::base
const mbedtls_cipher_base_t * base
Definition: cipher.h:302
mbedtls_cmac_context_t
Definition: cmac.h:86
mbedtls_gcm_context
The GCM context structure.
Definition: gcm.h:91
tag
Definition: ecma_167.h:138
ret
int ret
Definition: wcstombs-tests.c:31