mbed TLS v3.1.0
|
Macros | |
#define | PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } } |
Typedefs | |
typedef struct psa_cipher_operation_s | psa_cipher_operation_t |
Functions | |
psa_status_t | psa_cipher_encrypt (mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length) |
psa_status_t | psa_cipher_decrypt (mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length) |
static psa_cipher_operation_t | psa_cipher_operation_init (void) |
psa_status_t | psa_cipher_encrypt_setup (psa_cipher_operation_t *operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg) |
psa_status_t | psa_cipher_decrypt_setup (psa_cipher_operation_t *operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg) |
psa_status_t | psa_cipher_generate_iv (psa_cipher_operation_t *operation, uint8_t *iv, size_t iv_size, size_t *iv_length) |
psa_status_t | psa_cipher_set_iv (psa_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length) |
psa_status_t | psa_cipher_update (psa_cipher_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length) |
psa_status_t | psa_cipher_finish (psa_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length) |
psa_status_t | psa_cipher_abort (psa_cipher_operation_t *operation) |
#define PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } } |
This macro returns a suitable initializer for a cipher operation object of type psa_cipher_operation_t.
Definition at line 119 of file crypto_struct.h.
Referenced by psa_cipher_operation_init().
typedef struct psa_cipher_operation_s psa_cipher_operation_t |
The type of the state data structure for multipart cipher operations.
Before calling any function on a cipher operation object, the application must initialize it by any of the following means:
This is an implementation-defined struct
. Applications should not make any assumptions about the content of this structure. Implementation details can change in future versions without notice.
psa_status_t psa_cipher_abort | ( | psa_cipher_operation_t * | operation | ) |
Abort a cipher operation.
Aborting an operation frees all associated resources except for the operation
structure itself. Once aborted, the operation object can be reused for another operation by calling psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup() again.
You may call this function any time after the operation object has been initialized as described in psa_cipher_operation_t.
In particular, calling psa_cipher_abort() after the operation has been terminated by a call to psa_cipher_abort() or psa_cipher_finish() is safe and has no effect.
[in,out] | operation | Initialized cipher operation. |
PSA_SUCCESS | |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |
psa_status_t psa_cipher_decrypt | ( | mbedtls_svc_key_id_t | key, |
psa_algorithm_t | alg, | ||
const uint8_t * | input, | ||
size_t | input_length, | ||
uint8_t * | output, | ||
size_t | output_size, | ||
size_t * | output_length | ||
) |
Decrypt a message using a symmetric cipher.
This function decrypts a message encrypted with a symmetric cipher.
key | Identifier of the key to use for the operation. It must remain valid until the operation terminates. It must allow the usage PSA_KEY_USAGE_DECRYPT. | |
alg | The cipher algorithm to compute (PSA_ALG_XXX value such that PSA_ALG_IS_CIPHER(alg ) is true). | |
[in] | input | Buffer containing the message to decrypt. This consists of the IV followed by the ciphertext proper. |
input_length | Size of the input buffer in bytes. | |
[out] | output | Buffer where the plaintext is to be written. |
output_size | Size of the output buffer in bytes. | |
[out] | output_length | On success, the number of bytes that make up the output. |
PSA_SUCCESS | Success. |
PSA_ERROR_INVALID_HANDLE | |
PSA_ERROR_NOT_PERMITTED | |
PSA_ERROR_INVALID_ARGUMENT | key is not compatible with alg . |
PSA_ERROR_NOT_SUPPORTED | alg is not supported or is not a cipher algorithm. |
PSA_ERROR_BUFFER_TOO_SMALL | |
PSA_ERROR_INSUFFICIENT_MEMORY | |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_STORAGE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |
psa_status_t psa_cipher_decrypt_setup | ( | psa_cipher_operation_t * | operation, |
mbedtls_svc_key_id_t | key, | ||
psa_algorithm_t | alg | ||
) |
Set the key for a multipart symmetric decryption operation.
The sequence of operations to decrypt a message with a symmetric cipher is as follows:
If an error occurs at any step after a call to psa_cipher_decrypt_setup(), the operation will need to be reset by a call to psa_cipher_abort(). The application may call psa_cipher_abort() at any time after the operation has been initialized.
After a successful call to psa_cipher_decrypt_setup(), the application must eventually terminate the operation. The following events terminate an operation:
[in,out] | operation | The operation object to set up. It must have been initialized as per the documentation for psa_cipher_operation_t and not yet in use. |
key | Identifier of the key to use for the operation. It must remain valid until the operation terminates. It must allow the usage PSA_KEY_USAGE_DECRYPT. | |
alg | The cipher algorithm to compute (PSA_ALG_XXX value such that PSA_ALG_IS_CIPHER(alg ) is true). |
PSA_SUCCESS | Success. |
PSA_ERROR_INVALID_HANDLE | |
PSA_ERROR_NOT_PERMITTED | |
PSA_ERROR_INVALID_ARGUMENT | key is not compatible with alg . |
PSA_ERROR_NOT_SUPPORTED | alg is not supported or is not a cipher algorithm. |
PSA_ERROR_INSUFFICIENT_MEMORY | |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_STORAGE_FAILURE | |
PSA_ERROR_BAD_STATE | The operation state is not valid (it must be inactive). |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |
psa_status_t psa_cipher_encrypt | ( | mbedtls_svc_key_id_t | key, |
psa_algorithm_t | alg, | ||
const uint8_t * | input, | ||
size_t | input_length, | ||
uint8_t * | output, | ||
size_t | output_size, | ||
size_t * | output_length | ||
) |
Encrypt a message using a symmetric cipher.
This function encrypts a message with a random IV (initialization vector). Use the multipart operation interface with a psa_cipher_operation_t object to provide other forms of IV.
key | Identifier of the key to use for the operation. It must allow the usage PSA_KEY_USAGE_ENCRYPT. | |
alg | The cipher algorithm to compute (PSA_ALG_XXX value such that PSA_ALG_IS_CIPHER(alg ) is true). | |
[in] | input | Buffer containing the message to encrypt. |
input_length | Size of the input buffer in bytes. | |
[out] | output | Buffer where the output is to be written. The output contains the IV followed by the ciphertext proper. |
output_size | Size of the output buffer in bytes. | |
[out] | output_length | On success, the number of bytes that make up the output. |
PSA_SUCCESS | Success. |
PSA_ERROR_INVALID_HANDLE | |
PSA_ERROR_NOT_PERMITTED | |
PSA_ERROR_INVALID_ARGUMENT | key is not compatible with alg . |
PSA_ERROR_NOT_SUPPORTED | alg is not supported or is not a cipher algorithm. |
PSA_ERROR_BUFFER_TOO_SMALL | |
PSA_ERROR_INSUFFICIENT_MEMORY | |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_STORAGE_FAILURE | |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |
psa_status_t psa_cipher_encrypt_setup | ( | psa_cipher_operation_t * | operation, |
mbedtls_svc_key_id_t | key, | ||
psa_algorithm_t | alg | ||
) |
Set the key for a multipart symmetric encryption operation.
The sequence of operations to encrypt a message with a symmetric cipher is as follows:
If an error occurs at any step after a call to psa_cipher_encrypt_setup(), the operation will need to be reset by a call to psa_cipher_abort(). The application may call psa_cipher_abort() at any time after the operation has been initialized.
After a successful call to psa_cipher_encrypt_setup(), the application must eventually terminate the operation. The following events terminate an operation:
[in,out] | operation | The operation object to set up. It must have been initialized as per the documentation for psa_cipher_operation_t and not yet in use. |
key | Identifier of the key to use for the operation. It must remain valid until the operation terminates. It must allow the usage PSA_KEY_USAGE_ENCRYPT. | |
alg | The cipher algorithm to compute (PSA_ALG_XXX value such that PSA_ALG_IS_CIPHER(alg ) is true). |
PSA_SUCCESS | Success. |
PSA_ERROR_INVALID_HANDLE | |
PSA_ERROR_NOT_PERMITTED | |
PSA_ERROR_INVALID_ARGUMENT | key is not compatible with alg . |
PSA_ERROR_NOT_SUPPORTED | alg is not supported or is not a cipher algorithm. |
PSA_ERROR_INSUFFICIENT_MEMORY | |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_STORAGE_FAILURE | |
PSA_ERROR_BAD_STATE | The operation state is not valid (it must be inactive). |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |
psa_status_t psa_cipher_finish | ( | psa_cipher_operation_t * | operation, |
uint8_t * | output, | ||
size_t | output_size, | ||
size_t * | output_length | ||
) |
Finish encrypting or decrypting a message in a cipher operation.
The application must call psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup() before calling this function. The choice of setup function determines whether this function encrypts or decrypts its input.
This function finishes the encryption or decryption of the message formed by concatenating the inputs passed to preceding calls to psa_cipher_update().
When this function returns successfuly, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling psa_cipher_abort().
[in,out] | operation | Active cipher operation. |
[out] | output | Buffer where the output is to be written. |
output_size | Size of the output buffer in bytes. | |
[out] | output_length | On success, the number of bytes that make up the returned output. |
PSA_SUCCESS | Success. |
PSA_ERROR_INVALID_ARGUMENT | The total input size passed to this operation is not valid for this particular algorithm. For example, the algorithm is a based on block cipher and requires a whole number of blocks, but the total input size is not a multiple of the block size. |
PSA_ERROR_INVALID_PADDING | This is a decryption operation for an algorithm that includes padding, and the ciphertext does not contain valid padding. |
PSA_ERROR_BAD_STATE | The operation state is not valid (it must be active, with an IV set if required for the algorithm). |
PSA_ERROR_BUFFER_TOO_SMALL | The size of the output buffer is too small. |
PSA_ERROR_INSUFFICIENT_MEMORY | |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_STORAGE_FAILURE | |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |
psa_status_t psa_cipher_generate_iv | ( | psa_cipher_operation_t * | operation, |
uint8_t * | iv, | ||
size_t | iv_size, | ||
size_t * | iv_length | ||
) |
Generate an IV for a symmetric encryption operation.
This function generates a random IV (initialization vector), nonce or initial counter value for the encryption operation as appropriate for the chosen algorithm, key type and key size.
The application must call psa_cipher_encrypt_setup() before calling this function.
If this function returns an error status, the operation enters an error state and must be aborted by calling psa_cipher_abort().
[in,out] | operation | Active cipher operation. |
[out] | iv | Buffer where the generated IV is to be written. |
iv_size | Size of the iv buffer in bytes. | |
[out] | iv_length | On success, the number of bytes of the generated IV. |
PSA_SUCCESS | Success. |
PSA_ERROR_BAD_STATE | The operation state is not valid (it must be active, with no IV set). |
PSA_ERROR_BUFFER_TOO_SMALL | The size of the iv buffer is too small. |
PSA_ERROR_INSUFFICIENT_MEMORY | |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_STORAGE_FAILURE | |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |
|
static |
Return an initial value for a cipher operation object.
psa_status_t psa_cipher_set_iv | ( | psa_cipher_operation_t * | operation, |
const uint8_t * | iv, | ||
size_t | iv_length | ||
) |
Set the IV for a symmetric encryption or decryption operation.
This function sets the IV (initialization vector), nonce or initial counter value for the encryption or decryption operation.
The application must call psa_cipher_encrypt_setup() before calling this function.
If this function returns an error status, the operation enters an error state and must be aborted by calling psa_cipher_abort().
[in,out] | operation | Active cipher operation. |
[in] | iv | Buffer containing the IV to use. |
iv_length | Size of the IV in bytes. |
PSA_SUCCESS | Success. |
PSA_ERROR_BAD_STATE | The operation state is not valid (it must be an active cipher encrypt operation, with no IV set). |
PSA_ERROR_INVALID_ARGUMENT | The size of iv is not acceptable for the chosen algorithm, or the chosen algorithm does not use an IV. |
PSA_ERROR_INSUFFICIENT_MEMORY | |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_STORAGE_FAILURE | |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |
psa_status_t psa_cipher_update | ( | psa_cipher_operation_t * | operation, |
const uint8_t * | input, | ||
size_t | input_length, | ||
uint8_t * | output, | ||
size_t | output_size, | ||
size_t * | output_length | ||
) |
Encrypt or decrypt a message fragment in an active cipher operation.
Before calling this function, you must:
If this function returns an error status, the operation enters an error state and must be aborted by calling psa_cipher_abort().
[in,out] | operation | Active cipher operation. |
[in] | input | Buffer containing the message fragment to encrypt or decrypt. |
input_length | Size of the input buffer in bytes. | |
[out] | output | Buffer where the output is to be written. |
output_size | Size of the output buffer in bytes. | |
[out] | output_length | On success, the number of bytes that make up the returned output. |
PSA_SUCCESS | Success. |
PSA_ERROR_BAD_STATE | The operation state is not valid (it must be active, with an IV set if required for the algorithm). |
PSA_ERROR_BUFFER_TOO_SMALL | The size of the output buffer is too small. |
PSA_ERROR_INSUFFICIENT_MEMORY | |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_STORAGE_FAILURE | |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |