mbed TLS v3.1.0
|
This file contains an abstraction interface for use with the cipher primitives provided by the library. It provides a common interface to all of the available cipher operations. More...
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
#include <stddef.h>
#include "mbedtls/platform_util.h"
Go to the source code of this file.
Data Structures | |
struct | mbedtls_cipher_info_t |
struct | mbedtls_cipher_context_t |
Macros | |
#define | MBEDTLS_CIPHER_MODE_AEAD |
#define | MBEDTLS_CIPHER_MODE_WITH_PADDING |
#define | MBEDTLS_CIPHER_MODE_STREAM |
#define | MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 |
#define | MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 |
#define | MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 |
#define | MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 |
#define | MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 |
#define | MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 |
#define | MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 |
#define | MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 |
#define | MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 |
#define | MBEDTLS_MAX_IV_LENGTH 16 |
#define | MBEDTLS_MAX_BLOCK_LENGTH 16 |
#define | MBEDTLS_MAX_KEY_LENGTH 64 |
Typedefs | |
typedef struct mbedtls_cipher_base_t | mbedtls_cipher_base_t |
typedef struct mbedtls_cmac_context_t | mbedtls_cmac_context_t |
typedef struct mbedtls_cipher_info_t | mbedtls_cipher_info_t |
typedef struct mbedtls_cipher_context_t | mbedtls_cipher_context_t |
Functions | |
const int * | mbedtls_cipher_list (void) |
This function retrieves the list of ciphers supported by the generic cipher module. More... | |
const mbedtls_cipher_info_t * | mbedtls_cipher_info_from_string (const char *cipher_name) |
This function retrieves the cipher-information structure associated with the given cipher name. More... | |
const mbedtls_cipher_info_t * | mbedtls_cipher_info_from_type (const mbedtls_cipher_type_t cipher_type) |
This function retrieves the cipher-information structure associated with the given cipher type. More... | |
const mbedtls_cipher_info_t * | mbedtls_cipher_info_from_values (const mbedtls_cipher_id_t cipher_id, int key_bitlen, const mbedtls_cipher_mode_t mode) |
This function retrieves the cipher-information structure associated with the given cipher ID, key size and mode. More... | |
static mbedtls_cipher_type_t | mbedtls_cipher_info_get_type (const mbedtls_cipher_info_t *info) |
Retrieve the identifier for a cipher info structure. More... | |
static mbedtls_cipher_mode_t | mbedtls_cipher_info_get_mode (const mbedtls_cipher_info_t *info) |
Retrieve the operation mode for a cipher info structure. More... | |
static size_t | mbedtls_cipher_info_get_key_bitlen (const mbedtls_cipher_info_t *info) |
Retrieve the key size for a cipher info structure. More... | |
static const char * | mbedtls_cipher_info_get_name (const mbedtls_cipher_info_t *info) |
Retrieve the human-readable name for a cipher info structure. More... | |
static size_t | mbedtls_cipher_info_get_iv_size (const mbedtls_cipher_info_t *info) |
This function returns the size of the IV or nonce for the cipher info structure, in bytes. More... | |
static size_t | mbedtls_cipher_info_get_block_size (const mbedtls_cipher_info_t *info) |
This function returns the block size of the given cipher info structure in bytes. More... | |
static int | mbedtls_cipher_info_has_variable_key_bitlen (const mbedtls_cipher_info_t *info) |
This function returns a non-zero value if the key length for the given cipher is variable. More... | |
static int | mbedtls_cipher_info_has_variable_iv_size (const mbedtls_cipher_info_t *info) |
This function returns a non-zero value if the IV size for the given cipher is variable. More... | |
void | mbedtls_cipher_init (mbedtls_cipher_context_t *ctx) |
This function initializes a cipher_context as NONE. More... | |
void | mbedtls_cipher_free (mbedtls_cipher_context_t *ctx) |
This function frees and clears the cipher-specific context of ctx . Freeing ctx itself remains the responsibility of the caller. More... | |
int | mbedtls_cipher_setup (mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info) |
This function prepares a cipher context for use with the given cipher primitive. More... | |
int | mbedtls_cipher_setup_psa (mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info, size_t taglen) |
This function initializes a cipher context for PSA-based use with the given cipher primitive. More... | |
static unsigned int | mbedtls_cipher_get_block_size (const mbedtls_cipher_context_t *ctx) |
This function returns the block size of the given cipher in bytes. More... | |
static mbedtls_cipher_mode_t | mbedtls_cipher_get_cipher_mode (const mbedtls_cipher_context_t *ctx) |
This function returns the mode of operation for the cipher. For example, MBEDTLS_MODE_CBC. More... | |
static int | mbedtls_cipher_get_iv_size (const mbedtls_cipher_context_t *ctx) |
This function returns the size of the IV or nonce of the cipher, in Bytes. More... | |
static mbedtls_cipher_type_t | mbedtls_cipher_get_type (const mbedtls_cipher_context_t *ctx) |
This function returns the type of the given cipher. More... | |
static const char * | mbedtls_cipher_get_name (const mbedtls_cipher_context_t *ctx) |
This function returns the name of the given cipher as a string. More... | |
static int | mbedtls_cipher_get_key_bitlen (const mbedtls_cipher_context_t *ctx) |
This function returns the key length of the cipher. More... | |
static mbedtls_operation_t | mbedtls_cipher_get_operation (const mbedtls_cipher_context_t *ctx) |
This function returns the operation of the given cipher. More... | |
int | mbedtls_cipher_setkey (mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation) |
This function sets the key to use with the given context. More... | |
int | mbedtls_cipher_set_padding_mode (mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode) |
This function sets the padding mode, for cipher modes that use padding. More... | |
int | mbedtls_cipher_set_iv (mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len) |
This function sets the initialization vector (IV) or nonce. More... | |
int | mbedtls_cipher_reset (mbedtls_cipher_context_t *ctx) |
This function resets the cipher state. More... | |
int | mbedtls_cipher_update_ad (mbedtls_cipher_context_t *ctx, const unsigned char *ad, size_t ad_len) |
This function adds additional data for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. More... | |
int | mbedtls_cipher_update (mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen) |
The generic cipher update function. It encrypts or decrypts using the given cipher context. Writes as many block-sized blocks of data as possible to output. Any data that cannot be written immediately is either added to the next block, or flushed when mbedtls_cipher_finish() is called. Exception: For MBEDTLS_MODE_ECB, expects a single block in size. For example, 16 Bytes for AES. More... | |
int | mbedtls_cipher_finish (mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen) |
The generic cipher finalization function. If data still needs to be flushed from an incomplete block, the data contained in it is padded to the size of the last block, and written to the output buffer. More... | |
int | mbedtls_cipher_write_tag (mbedtls_cipher_context_t *ctx, unsigned char *tag, size_t tag_len) |
This function writes a tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish(). More... | |
int | mbedtls_cipher_check_tag (mbedtls_cipher_context_t *ctx, const unsigned char *tag, size_t tag_len) |
This function checks the tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish(). More... | |
int | mbedtls_cipher_crypt (mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen) |
The generic all-in-one encryption/decryption function, for all ciphers except AEAD constructs. More... | |
int | mbedtls_cipher_auth_encrypt_ext (mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t output_len, size_t *olen, size_t tag_len) |
The authenticated encryption (AEAD/NIST_KW) function. More... | |
int | mbedtls_cipher_auth_decrypt_ext (mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t output_len, size_t *olen, size_t tag_len) |
The authenticated encryption (AEAD/NIST_KW) function. More... | |
This file contains an abstraction interface for use with the cipher primitives provided by the library. It provides a common interface to all of the available cipher operations.
Definition in file cipher.h.
#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 |
Cipher accepts IVs of variable length.
Definition at line 69 of file cipher.h.
Referenced by mbedtls_cipher_info_has_variable_iv_size().
#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 |
Cipher accepts keys of variable length.
Definition at line 70 of file cipher.h.
Referenced by mbedtls_cipher_info_has_variable_key_bitlen().
#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 |
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 |
#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 |
#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 |
#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 |
#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 |
#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 |
#define MBEDTLS_MAX_BLOCK_LENGTH 16 |
#define MBEDTLS_MAX_IV_LENGTH 16 |
#define MBEDTLS_MAX_KEY_LENGTH 64 |
typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t |
typedef struct mbedtls_cipher_context_t mbedtls_cipher_context_t |
Generic cipher context.
typedef struct mbedtls_cipher_info_t mbedtls_cipher_info_t |
Cipher information. Allows calling cipher functions in a generic way.
typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t |
anonymous enum |
enum mbedtls_cipher_id_t |
Supported cipher types.
Supported cipher modes.
Supported {cipher type, cipher mode} pairs.
enum mbedtls_operation_t |
int mbedtls_cipher_auth_decrypt_ext | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | iv, | ||
size_t | iv_len, | ||
const unsigned char * | ad, | ||
size_t | ad_len, | ||
const unsigned char * | input, | ||
size_t | ilen, | ||
unsigned char * | output, | ||
size_t | output_len, | ||
size_t * | olen, | ||
size_t | tag_len | ||
) |
The authenticated encryption (AEAD/NIST_KW) function.
ctx | The generic cipher context. This must be initialized and bound to a key, with an AEAD algorithm or NIST_KW. |
iv | The nonce to use. This must be a readable buffer of at least iv_len Bytes and may be NULL if iv_len is 0 . |
iv_len | The length of the nonce. For AEAD ciphers, this must satisfy the constraints imposed by the cipher used. For NIST_KW, this must be 0 . |
ad | The additional data to authenticate. This must be a readable buffer of at least ad_len Bytes, and may be NULL is ad_len is 0 . |
ad_len | The length of ad . For NIST_KW, this must be 0 . |
input | The buffer holding the input data. This must be a readable buffer of at least ilen Bytes, and may be NULL if ilen is 0 . |
ilen | The length of the input data. For AEAD ciphers this must be at least tag_len . For NIST_KW this must be at least 8 . |
output | The buffer for the output data. This must be a writable buffer of at least output_len Bytes, and may be NULL if output_len is 0 . |
output_len | The length of the output buffer in Bytes. For AEAD ciphers, this must be at least ilen - tag_len . For NIST_KW, this must be at least ilen - 8. |
olen | This will be filled with the actual number of Bytes written to the output buffer. This must point to a writable object of type size_t . |
tag_len | The actual length of the authentication tag. For AEAD ciphers, this must match the constraints imposed by the cipher used, and in particular must not be 0 . For NIST_KW, this must be 0 . |
0
on success. int mbedtls_cipher_auth_encrypt_ext | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | iv, | ||
size_t | iv_len, | ||
const unsigned char * | ad, | ||
size_t | ad_len, | ||
const unsigned char * | input, | ||
size_t | ilen, | ||
unsigned char * | output, | ||
size_t | output_len, | ||
size_t * | olen, | ||
size_t | tag_len | ||
) |
The authenticated encryption (AEAD/NIST_KW) function.
ctx | The generic cipher context. This must be initialized and bound to a key, with an AEAD algorithm or NIST_KW. |
iv | The nonce to use. This must be a readable buffer of at least iv_len Bytes and may be NULL if iv_len is 0 . |
iv_len | The length of the nonce. For AEAD ciphers, this must satisfy the constraints imposed by the cipher used. For NIST_KW, this must be 0 . |
ad | The additional data to authenticate. This must be a readable buffer of at least ad_len Bytes, and may be NULL is ad_len is 0 . |
ad_len | The length of ad . For NIST_KW, this must be 0 . |
input | The buffer holding the input data. This must be a readable buffer of at least ilen Bytes, and may be NULL if ilen is 0 . |
ilen | The length of the input data. |
output | The buffer for the output data. This must be a writable buffer of at least output_len Bytes, and must not be NULL . |
output_len | The length of the output buffer in Bytes. For AEAD ciphers, this must be at least ilen + tag_len . For NIST_KW, this must be at least ilen + 8 (rounded up to a multiple of 8 if KWP is used); ilen + 15 is always a safe value. |
olen | This will be filled with the actual number of Bytes written to the output buffer. This must point to a writable object of type size_t . |
tag_len | The desired length of the authentication tag. For AEAD ciphers, this must match the constraints imposed by the cipher used, and in particular must not be 0 . For NIST_KW, this must be 0 . |
0
on success. int mbedtls_cipher_check_tag | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | tag, | ||
size_t | tag_len | ||
) |
This function checks the tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish().
ctx | The generic cipher context. This must be initialized. |
tag | The buffer holding the tag. This must be a readable buffer of at least tag_len Bytes. |
tag_len | The length of the tag to check. |
0
on success. int mbedtls_cipher_crypt | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | iv, | ||
size_t | iv_len, | ||
const unsigned char * | input, | ||
size_t | ilen, | ||
unsigned char * | output, | ||
size_t * | olen | ||
) |
The generic all-in-one encryption/decryption function, for all ciphers except AEAD constructs.
ctx | The generic cipher context. This must be initialized. |
iv | The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This must be a readable buffer of at least iv_len Bytes. |
iv_len | The IV length for ciphers with variable-size IV. This parameter is discarded by ciphers with fixed-size IV. |
input | The buffer holding the input data. This must be a readable buffer of at least ilen Bytes. |
ilen | The length of the input data in Bytes. |
output | The buffer for the output data. This must be able to hold at least ilen + block_size . This must not be the same buffer as input . |
olen | The length of the output data, to be updated with the actual number of Bytes written. This must not be NULL . |
iv
= NULL and iv_len
= 0.0
on success. int mbedtls_cipher_finish | ( | mbedtls_cipher_context_t * | ctx, |
unsigned char * | output, | ||
size_t * | olen | ||
) |
The generic cipher finalization function. If data still needs to be flushed from an incomplete block, the data contained in it is padded to the size of the last block, and written to the output
buffer.
ctx | The generic cipher context. This must be initialized and bound to a key. |
output | The buffer to write data to. This needs to be a writable buffer of at least block_size Bytes. |
olen | The length of the data written to the output buffer. This may not be NULL . |
0
on success. void mbedtls_cipher_free | ( | mbedtls_cipher_context_t * | ctx | ) |
This function frees and clears the cipher-specific context of ctx
. Freeing ctx
itself remains the responsibility of the caller.
ctx | The context to be freed. If this is NULL , the function has no effect, otherwise this must point to an initialized context. |
|
inlinestatic |
This function returns the block size of the given cipher in bytes.
ctx | The context of the cipher. |
1
if the cipher is a stream cipher. 0
if ctx
has not been initialized. Definition at line 669 of file cipher.h.
References MBEDTLS_INTERNAL_VALIDATE_RET.
|
inlinestatic |
This function returns the mode of operation for the cipher. For example, MBEDTLS_MODE_CBC.
ctx | The context of the cipher. This must be initialized. |
ctx
has not been initialized. Definition at line 688 of file cipher.h.
References MBEDTLS_INTERNAL_VALIDATE_RET, and MBEDTLS_MODE_NONE.
|
inlinestatic |
This function returns the size of the IV or nonce of the cipher, in Bytes.
ctx | The context of the cipher. This must be initialized. |
0
for ciphers not using an IV or a nonce. Definition at line 708 of file cipher.h.
References MBEDTLS_INTERNAL_VALIDATE_RET.
|
inlinestatic |
This function returns the key length of the cipher.
ctx | The context of the cipher. This must be initialized. |
has
not been initialized. Definition at line 768 of file cipher.h.
References MBEDTLS_INTERNAL_VALIDATE_RET, and MBEDTLS_KEY_LENGTH_NONE.
|
inlinestatic |
This function returns the name of the given cipher as a string.
ctx | The context of the cipher. This must be initialized. |
ctx
has not been not initialized. Definition at line 749 of file cipher.h.
References MBEDTLS_INTERNAL_VALIDATE_RET.
|
inlinestatic |
This function returns the operation of the given cipher.
ctx | The context of the cipher. This must be initialized. |
ctx
has not been initialized. Definition at line 787 of file cipher.h.
References MBEDTLS_INTERNAL_VALIDATE_RET, and MBEDTLS_OPERATION_NONE.
|
inlinestatic |
This function returns the type of the given cipher.
ctx | The context of the cipher. This must be initialized. |
ctx
has not been initialized. Definition at line 729 of file cipher.h.
References MBEDTLS_CIPHER_NONE, and MBEDTLS_INTERNAL_VALIDATE_RET.
const mbedtls_cipher_info_t* mbedtls_cipher_info_from_string | ( | const char * | cipher_name | ) |
This function retrieves the cipher-information structure associated with the given cipher name.
cipher_name | Name of the cipher to search for. This must not be NULL . |
cipher_name
. NULL
if the associated cipher information is not found. const mbedtls_cipher_info_t* mbedtls_cipher_info_from_type | ( | const mbedtls_cipher_type_t | cipher_type | ) |
This function retrieves the cipher-information structure associated with the given cipher type.
cipher_type | Type of the cipher to search for. |
cipher_type
. NULL
if the associated cipher information is not found. const mbedtls_cipher_info_t* mbedtls_cipher_info_from_values | ( | const mbedtls_cipher_id_t | cipher_id, |
int | key_bitlen, | ||
const mbedtls_cipher_mode_t | mode | ||
) |
This function retrieves the cipher-information structure associated with the given cipher ID, key size and mode.
cipher_id | The ID of the cipher to search for. For example, MBEDTLS_CIPHER_ID_AES. |
key_bitlen | The length of the key in bits. |
mode | The cipher mode. For example, MBEDTLS_MODE_CBC. |
cipher_id
. NULL
if the associated cipher information is not found.
|
inlinestatic |
|
inlinestatic |
|
inlinestatic |
Retrieve the key size for a cipher info structure.
[in] | info | The cipher info structure to query. This may be NULL . |
0
if info
is NULL
.
|
inlinestatic |
Retrieve the operation mode for a cipher info structure.
[in] | info | The cipher info structure to query. This may be NULL . |
MBEDTLS_MODE_xxx
). info
is NULL
. Definition at line 461 of file cipher.h.
References MBEDTLS_MODE_NONE.
|
inlinestatic |
|
inlinestatic |
Retrieve the identifier for a cipher info structure.
[in] | info | The cipher info structure to query. This may be NULL . |
MBEDTLS_CIPHER_xxx
). info
is NULL
. Definition at line 443 of file cipher.h.
References MBEDTLS_CIPHER_NONE.
|
inlinestatic |
This function returns a non-zero value if the IV size for the given cipher is variable.
info | The cipher info structure. This may be NULL . |
0
otherwise. 0
if the given pointer is NULL
. Definition at line 575 of file cipher.h.
References MBEDTLS_CIPHER_VARIABLE_IV_LEN.
|
inlinestatic |
This function returns a non-zero value if the key length for the given cipher is variable.
info | The cipher info structure. This may be NULL . |
0
otherwise. 0
if the given pointer is NULL
. Definition at line 557 of file cipher.h.
References MBEDTLS_CIPHER_VARIABLE_KEY_LEN.
void mbedtls_cipher_init | ( | mbedtls_cipher_context_t * | ctx | ) |
This function initializes a cipher_context
as NONE.
ctx | The context to be initialized. This must not be NULL . |
const int* mbedtls_cipher_list | ( | void | ) |
This function retrieves the list of ciphers supported by the generic cipher module.
For any cipher identifier in the returned list, you can obtain the corresponding generic cipher information structure via mbedtls_cipher_info_from_type(), which can then be used to prepare a cipher context via mbedtls_cipher_setup().
int mbedtls_cipher_reset | ( | mbedtls_cipher_context_t * | ctx | ) |
This function resets the cipher state.
ctx | The generic cipher context. This must be bound to a key. |
0
on success. int mbedtls_cipher_set_iv | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | iv, | ||
size_t | iv_len | ||
) |
This function sets the initialization vector (IV) or nonce.
ctx | The generic cipher context. This must be initialized and bound to a cipher information structure. |
iv | The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This must be a readable buffer of at least iv_len Bytes. |
iv_len | The IV length for ciphers with variable-size IV. This parameter is discarded by ciphers with fixed-size IV. |
0
on success. int mbedtls_cipher_set_padding_mode | ( | mbedtls_cipher_context_t * | ctx, |
mbedtls_cipher_padding_t | mode | ||
) |
This function sets the padding mode, for cipher modes that use padding.
The default passing mode is PKCS7 padding.
ctx | The generic cipher context. This must be initialized and bound to a cipher information structure. |
mode | The padding mode. |
0
on success. int mbedtls_cipher_setkey | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | key, | ||
int | key_bitlen, | ||
const mbedtls_operation_t | operation | ||
) |
This function sets the key to use with the given context.
ctx | The generic cipher context. This must be initialized and bound to a cipher information structure. |
key | The key to use. This must be a readable buffer of at least key_bitlen Bits. |
key_bitlen | The key length to use, in Bits. |
operation | The operation that the key will be used for: MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT. |
0
on success. int mbedtls_cipher_setup | ( | mbedtls_cipher_context_t * | ctx, |
const mbedtls_cipher_info_t * | cipher_info | ||
) |
This function prepares a cipher context for use with the given cipher primitive.
ctx | The context to prepare. This must be initialized by a call to mbedtls_cipher_init() first. |
cipher_info | The cipher to use. |
0
on success. int mbedtls_cipher_setup_psa | ( | mbedtls_cipher_context_t * | ctx, |
const mbedtls_cipher_info_t * | cipher_info, | ||
size_t | taglen | ||
) |
This function initializes a cipher context for PSA-based use with the given cipher primitive.
ctx | The context to initialize. May not be NULL . |
cipher_info | The cipher to use. |
taglen | For AEAD ciphers, the length in bytes of the authentication tag to use. Subsequent uses of mbedtls_cipher_auth_encrypt_ext() or mbedtls_cipher_auth_decrypt_ext() must provide the same tag length. For non-AEAD ciphers, the value must be 0 . |
0
on success. int mbedtls_cipher_update | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | input, | ||
size_t | ilen, | ||
unsigned char * | output, | ||
size_t * | olen | ||
) |
The generic cipher update function. It encrypts or decrypts using the given cipher context. Writes as many block-sized blocks of data as possible to output. Any data that cannot be written immediately is either added to the next block, or flushed when mbedtls_cipher_finish() is called. Exception: For MBEDTLS_MODE_ECB, expects a single block in size. For example, 16 Bytes for AES.
ctx | The generic cipher context. This must be initialized and bound to a key. |
input | The buffer holding the input data. This must be a readable buffer of at least ilen Bytes. |
ilen | The length of the input data. |
output | The buffer for the output data. This must be able to hold at least ilen + block_size . This must not be the same buffer as input . |
olen | The length of the output data, to be updated with the actual number of Bytes written. This must not be NULL . |
0
on success. int mbedtls_cipher_update_ad | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | ad, | ||
size_t | ad_len | ||
) |
This function adds additional data for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305.
ctx | The generic cipher context. This must be initialized. |
ad | The additional data to use. This must be a readable buffer of at least ad_len Bytes. |
ad_len | The length of ad in Bytes. |
0
on success. int mbedtls_cipher_write_tag | ( | mbedtls_cipher_context_t * | ctx, |
unsigned char * | tag, | ||
size_t | tag_len | ||
) |
This function writes a tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish().
ctx | The generic cipher context. This must be initialized, bound to a key, and have just completed a cipher operation through mbedtls_cipher_finish() the tag for which should be written. |
tag | The buffer to write the tag to. This must be a writable buffer of at least tag_len Bytes. |
tag_len | The length of the tag to write. |
0
on success.