![]() |
mbed TLS
Version 2.8.0
SSL/TLS Library for the Embedded Space
|
Data Structures | |
struct | mbedtls_cipher_info_t |
Cipher information. More... | |
struct | mbedtls_cipher_context_t |
Generic cipher context. More... | |
Macros | |
#define | MBEDTLS_CIPHER_MODE_AEAD |
#define | MBEDTLS_CIPHER_MODE_WITH_PADDING |
#define | MBEDTLS_CIPHER_MODE_STREAM |
#define | MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 |
The selected feature is not available. More... | |
#define | MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 |
Bad input parameters. More... | |
#define | MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 |
Failed to allocate memory. More... | |
#define | MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 |
Input data contains invalid padding and is rejected. More... | |
#define | MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 |
Decryption of block requires a full block. More... | |
#define | MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 |
Authentication failed (for AEAD modes). More... | |
#define | MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 |
The context is invalid. More... | |
#define | MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400 |
Cipher hardware accelerator failed. More... | |
#define | MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 |
Cipher accepts IVs of variable length. More... | |
#define | MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 |
Cipher accepts keys of variable length. More... | |
#define | MBEDTLS_MAX_IV_LENGTH 16 |
Maximum length of any IV, in Bytes. More... | |
#define | MBEDTLS_MAX_BLOCK_LENGTH 16 |
Maximum block size of any cipher, in Bytes. More... | |
Enumerations | |
enum | mbedtls_cipher_id_t { MBEDTLS_CIPHER_ID_NONE = 0, MBEDTLS_CIPHER_ID_NULL, MBEDTLS_CIPHER_ID_AES, MBEDTLS_CIPHER_ID_DES, MBEDTLS_CIPHER_ID_3DES, MBEDTLS_CIPHER_ID_CAMELLIA, MBEDTLS_CIPHER_ID_BLOWFISH, MBEDTLS_CIPHER_ID_ARC4 } |
An enumeration of supported ciphers. More... | |
enum | mbedtls_cipher_type_t { MBEDTLS_CIPHER_NONE = 0, MBEDTLS_CIPHER_NULL, MBEDTLS_CIPHER_AES_128_ECB, MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB, MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_CIPHER_AES_192_CBC, MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_CIPHER_AES_128_CFB128, MBEDTLS_CIPHER_AES_192_CFB128, MBEDTLS_CIPHER_AES_256_CFB128, MBEDTLS_CIPHER_AES_128_CTR, MBEDTLS_CIPHER_AES_192_CTR, MBEDTLS_CIPHER_AES_256_CTR, MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_CIPHER_AES_192_GCM, MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_CIPHER_CAMELLIA_128_ECB, MBEDTLS_CIPHER_CAMELLIA_192_ECB, MBEDTLS_CIPHER_CAMELLIA_256_ECB, MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_CIPHER_CAMELLIA_192_CBC, MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_CIPHER_CAMELLIA_128_CFB128, MBEDTLS_CIPHER_CAMELLIA_192_CFB128, MBEDTLS_CIPHER_CAMELLIA_256_CFB128, MBEDTLS_CIPHER_CAMELLIA_128_CTR, MBEDTLS_CIPHER_CAMELLIA_192_CTR, MBEDTLS_CIPHER_CAMELLIA_256_CTR, MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_CIPHER_CAMELLIA_192_GCM, MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_CIPHER_DES_ECB, MBEDTLS_CIPHER_DES_CBC, MBEDTLS_CIPHER_DES_EDE_ECB, MBEDTLS_CIPHER_DES_EDE_CBC, MBEDTLS_CIPHER_DES_EDE3_ECB, MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_CIPHER_BLOWFISH_ECB, MBEDTLS_CIPHER_BLOWFISH_CBC, MBEDTLS_CIPHER_BLOWFISH_CFB64, MBEDTLS_CIPHER_BLOWFISH_CTR, MBEDTLS_CIPHER_ARC4_128, MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_CIPHER_AES_192_CCM, MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_CIPHER_CAMELLIA_128_CCM, MBEDTLS_CIPHER_CAMELLIA_192_CCM, MBEDTLS_CIPHER_CAMELLIA_256_CCM } |
An enumeration of supported (cipher, mode) pairs. More... | |
enum | mbedtls_cipher_mode_t { MBEDTLS_MODE_NONE = 0, MBEDTLS_MODE_ECB, MBEDTLS_MODE_CBC, MBEDTLS_MODE_CFB, MBEDTLS_MODE_OFB, MBEDTLS_MODE_CTR, MBEDTLS_MODE_GCM, MBEDTLS_MODE_STREAM, MBEDTLS_MODE_CCM } |
Supported cipher modes. More... | |
enum | mbedtls_cipher_padding_t { MBEDTLS_PADDING_PKCS7 = 0, MBEDTLS_PADDING_ONE_AND_ZEROS, MBEDTLS_PADDING_ZEROS_AND_LEN, MBEDTLS_PADDING_ZEROS, MBEDTLS_PADDING_NONE } |
Supported cipher padding types. More... | |
enum | mbedtls_operation_t { MBEDTLS_OPERATION_NONE = -1, MBEDTLS_DECRYPT = 0, MBEDTLS_ENCRYPT } |
Type of operation. More... | |
enum | { MBEDTLS_KEY_LENGTH_NONE = 0, MBEDTLS_KEY_LENGTH_DES = 64, MBEDTLS_KEY_LENGTH_DES_EDE = 128, MBEDTLS_KEY_LENGTH_DES_EDE3 = 192 } |
Functions | |
const int * | mbedtls_cipher_list (void) |
This function retrieves the list of ciphers supported by the generic cipher module. More... | |
const mbedtls_cipher_info_t * | mbedtls_cipher_info_from_string (const char *cipher_name) |
This function retrieves the cipher-information structure associated with the given cipher name. More... | |
const mbedtls_cipher_info_t * | mbedtls_cipher_info_from_type (const mbedtls_cipher_type_t cipher_type) |
This function retrieves the cipher-information structure associated with the given cipher type. More... | |
const mbedtls_cipher_info_t * | mbedtls_cipher_info_from_values (const mbedtls_cipher_id_t cipher_id, int key_bitlen, const mbedtls_cipher_mode_t mode) |
This function retrieves the cipher-information structure associated with the given cipher ID, key size and mode. More... | |
void | mbedtls_cipher_init (mbedtls_cipher_context_t *ctx) |
This function initializes a cipher_context as NONE. | |
void | mbedtls_cipher_free (mbedtls_cipher_context_t *ctx) |
This function frees and clears the cipher-specific context of ctx . More... | |
int | mbedtls_cipher_setup (mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info) |
This function initializes and fills the cipher-context structure with the appropriate values. More... | |
int | mbedtls_cipher_setkey (mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation) |
This function sets the key to use with the given context. More... | |
int | mbedtls_cipher_set_padding_mode (mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode) |
This function sets the padding mode, for cipher modes that use padding. More... | |
int | mbedtls_cipher_set_iv (mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len) |
This function sets the initialization vector (IV) or nonce. More... | |
int | mbedtls_cipher_reset (mbedtls_cipher_context_t *ctx) |
This function resets the cipher state. More... | |
int | mbedtls_cipher_update_ad (mbedtls_cipher_context_t *ctx, const unsigned char *ad, size_t ad_len) |
This function adds additional data for AEAD ciphers. More... | |
int | mbedtls_cipher_update (mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen) |
The generic cipher update function. More... | |
int | mbedtls_cipher_finish (mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen) |
The generic cipher finalization function. More... | |
int | mbedtls_cipher_write_tag (mbedtls_cipher_context_t *ctx, unsigned char *tag, size_t tag_len) |
This function writes a tag for AEAD ciphers. More... | |
int | mbedtls_cipher_check_tag (mbedtls_cipher_context_t *ctx, const unsigned char *tag, size_t tag_len) |
This function checks the tag for AEAD ciphers. More... | |
int | mbedtls_cipher_crypt (mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen) |
The generic all-in-one encryption/decryption function, for all ciphers except AEAD constructs. More... | |
int | mbedtls_cipher_auth_encrypt (mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, unsigned char *tag, size_t tag_len) |
The generic autenticated encryption (AEAD) function. More... | |
int | mbedtls_cipher_auth_decrypt (mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, const unsigned char *tag, size_t tag_len) |
The generic autenticated decryption (AEAD) function. More... | |
The generic cipher wrapper.
struct mbedtls_cipher_info_t |
Cipher information.
Allows calling cipher functions in a generic way.
Data Fields | ||
---|---|---|
const mbedtls_cipher_base_t * | base | Struct for base cipher information and functions. |
unsigned int | block_size | The block size, in Bytes. |
int | flags |
Flags to set. For example, if the cipher supports variable IV sizes or variable key sizes. |
unsigned int | iv_size |
IV or nonce size, in Bytes. For ciphers that accept variable IV sizes, this is the recommended size. |
unsigned int | key_bitlen |
The cipher key length, in bits. This is the default length for variable sized ciphers. Includes parity bits for ciphers like DES. |
mbedtls_cipher_mode_t | mode |
The cipher mode. For example, MBEDTLS_MODE_CBC. |
const char * | name | Name of the cipher. |
mbedtls_cipher_type_t | type |
Full cipher identifier. For example, MBEDTLS_CIPHER_AES_256_CBC. |
#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 |
Cipher accepts IVs of variable length.
#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 |
Cipher accepts keys of variable length.
#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 |
Failed to allocate memory.
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 |
Authentication failed (for AEAD modes).
#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 |
Bad input parameters.
#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 |
The selected feature is not available.
#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 |
Decryption of block requires a full block.
#define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400 |
Cipher hardware accelerator failed.
#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 |
The context is invalid.
For example, because it was freed.
#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 |
Input data contains invalid padding and is rejected.
#define MBEDTLS_MAX_BLOCK_LENGTH 16 |
Maximum block size of any cipher, in Bytes.
#define MBEDTLS_MAX_IV_LENGTH 16 |
Maximum length of any IV, in Bytes.
anonymous enum |
enum mbedtls_cipher_id_t |
An enumeration of supported ciphers.
Supported cipher modes.
An enumeration of supported (cipher, mode) pairs.
enum mbedtls_operation_t |
Type of operation.
int mbedtls_cipher_auth_decrypt | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | iv, | ||
size_t | iv_len, | ||
const unsigned char * | ad, | ||
size_t | ad_len, | ||
const unsigned char * | input, | ||
size_t | ilen, | ||
unsigned char * | output, | ||
size_t * | olen, | ||
const unsigned char * | tag, | ||
size_t | tag_len | ||
) |
The generic autenticated decryption (AEAD) function.
ctx | The generic cipher context. |
iv | The IV to use, or NONCE_COUNTER for CTR-mode ciphers. |
iv_len | The IV length for ciphers with variable-size IV. This parameter is discarded by ciphers with fixed-size IV. |
ad | The additional data to be authenticated. |
ad_len | The length of ad . |
input | The buffer holding the input data. |
ilen | The length of the input data. |
output | The buffer for the output data. Must be able to hold at least ilen . |
olen | The length of the output data, to be updated with the actual number of Bytes written. |
tag | The buffer holding the authentication tag. |
tag_len | The length of the authentication tag. |
0
on success, or MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic, or a cipher-specific error code on failure for any other reason.int mbedtls_cipher_auth_encrypt | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | iv, | ||
size_t | iv_len, | ||
const unsigned char * | ad, | ||
size_t | ad_len, | ||
const unsigned char * | input, | ||
size_t | ilen, | ||
unsigned char * | output, | ||
size_t * | olen, | ||
unsigned char * | tag, | ||
size_t | tag_len | ||
) |
The generic autenticated encryption (AEAD) function.
ctx | The generic cipher context. |
iv | The IV to use, or NONCE_COUNTER for CTR-mode ciphers. |
iv_len | The IV length for ciphers with variable-size IV. This parameter is discarded by ciphers with fixed-size IV. |
ad | The additional data to authenticate. |
ad_len | The length of ad . |
input | The buffer holding the input data. |
ilen | The length of the input data. |
output | The buffer for the output data. Must be able to hold at least ilen . |
olen | The length of the output data, to be updated with the actual number of Bytes written. |
tag | The buffer for the authentication tag. |
tag_len | The desired length of the authentication tag. |
0
on success, or MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or a cipher-specific error code. int mbedtls_cipher_check_tag | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | tag, | ||
size_t | tag_len | ||
) |
This function checks the tag for AEAD ciphers.
Only supported with GCM. Must be called after mbedtls_cipher_finish().
ctx | The generic cipher context. |
tag | The buffer holding the tag. |
tag_len | The length of the tag to check. |
0
on success, or a specific error code on failure. int mbedtls_cipher_crypt | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | iv, | ||
size_t | iv_len, | ||
const unsigned char * | input, | ||
size_t | ilen, | ||
unsigned char * | output, | ||
size_t * | olen | ||
) |
The generic all-in-one encryption/decryption function, for all ciphers except AEAD constructs.
ctx | The generic cipher context. |
iv | The IV to use, or NONCE_COUNTER for CTR-mode ciphers. |
iv_len | The IV length for ciphers with variable-size IV. This parameter is discarded by ciphers with fixed-size IV. |
input | The buffer holding the input data. |
ilen | The length of the input data. |
output | The buffer for the output data. Must be able to hold at least ilen + block_size. Must not be the same buffer as input. |
olen | The length of the output data, to be updated with the actual number of Bytes written. |
iv
= NULL and iv_len
= 0.0
on success, or MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption expected a full block but was not provided one, or MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding while decrypting, or a cipher-specific error code on failure for any other reason. int mbedtls_cipher_finish | ( | mbedtls_cipher_context_t * | ctx, |
unsigned char * | output, | ||
size_t * | olen | ||
) |
The generic cipher finalization function.
If data still needs to be flushed from an incomplete block, the data contained in it is padded to the size of the last block, and written to the output
buffer.
ctx | The generic cipher context. |
output | The buffer to write data to. Needs block_size available. |
olen | The length of the data written to the output buffer. |
0
on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if parameter verification fails, MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption expected a full block but was not provided one, MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding while decrypting, or a cipher-specific error code on failure for any other reason. void mbedtls_cipher_free | ( | mbedtls_cipher_context_t * | ctx | ) |
This function frees and clears the cipher-specific context of ctx
.
Freeing ctx
itself remains the responsibility of the caller.
const mbedtls_cipher_info_t* mbedtls_cipher_info_from_string | ( | const char * | cipher_name | ) |
This function retrieves the cipher-information structure associated with the given cipher name.
cipher_name | Name of the cipher to search for. |
cipher_name
, or NULL if not found. const mbedtls_cipher_info_t* mbedtls_cipher_info_from_type | ( | const mbedtls_cipher_type_t | cipher_type | ) |
This function retrieves the cipher-information structure associated with the given cipher type.
cipher_type | Type of the cipher to search for. |
cipher_type
, or NULL if not found. const mbedtls_cipher_info_t* mbedtls_cipher_info_from_values | ( | const mbedtls_cipher_id_t | cipher_id, |
int | key_bitlen, | ||
const mbedtls_cipher_mode_t | mode | ||
) |
This function retrieves the cipher-information structure associated with the given cipher ID, key size and mode.
cipher_id | The ID of the cipher to search for. For example, #MBEDTLS_CIPHER_ID_AES. |
key_bitlen | The length of the key in bits. |
mode | The cipher mode. For example, #MBEDTLS_MODE_CBC. |
cipher_id
, or NULL if not found. const int* mbedtls_cipher_list | ( | void | ) |
This function retrieves the list of ciphers supported by the generic cipher module.
int mbedtls_cipher_reset | ( | mbedtls_cipher_context_t * | ctx | ) |
This function resets the cipher state.
ctx | The generic cipher context. |
0
on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if parameter verification fails. int mbedtls_cipher_set_iv | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | iv, | ||
size_t | iv_len | ||
) |
This function sets the initialization vector (IV) or nonce.
ctx | The generic cipher context. |
iv | The IV to use, or NONCE_COUNTER for CTR-mode ciphers. |
iv_len | The IV length for ciphers with variable-size IV. This parameter is discarded by ciphers with fixed-size IV. |
0
on success, or MBEDTLS_ERR_CIPHER_BAD_INPUT_DATAint mbedtls_cipher_set_padding_mode | ( | mbedtls_cipher_context_t * | ctx, |
mbedtls_cipher_padding_t | mode | ||
) |
This function sets the padding mode, for cipher modes that use padding.
The default passing mode is PKCS7 padding.
ctx | The generic cipher context. |
mode | The padding mode. |
0
on success, MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE if the selected padding mode is not supported, or MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode does not support padding. int mbedtls_cipher_setkey | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | key, | ||
int | key_bitlen, | ||
const mbedtls_operation_t | operation | ||
) |
This function sets the key to use with the given context.
ctx | The generic cipher context. May not be NULL. Must have been initialized using mbedtls_cipher_info_from_type() or mbedtls_cipher_info_from_string(). |
key | The key to use. |
key_bitlen | The key length to use, in bits. |
operation | The operation that the key will be used for: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT. |
0
on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if parameter verification fails, or a cipher-specific error code. int mbedtls_cipher_setup | ( | mbedtls_cipher_context_t * | ctx, |
const mbedtls_cipher_info_t * | cipher_info | ||
) |
This function initializes and fills the cipher-context structure with the appropriate values.
It also clears the structure.
ctx | The context to initialize. May not be NULL. |
cipher_info | The cipher to use. |
0
on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure, MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the cipher-specific context failed. int mbedtls_cipher_update | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | input, | ||
size_t | ilen, | ||
unsigned char * | output, | ||
size_t * | olen | ||
) |
The generic cipher update function.
It encrypts or decrypts using the given cipher context. Writes as many block-sized blocks of data as possible to output. Any data that cannot be written immediately is either added to the next block, or flushed when mbedtls_cipher_finish() is called. Exception: For MBEDTLS_MODE_ECB, expects a single block in size. For example, 16 Bytes for AES.
ctx | The generic cipher context. |
input | The buffer holding the input data. |
ilen | The length of the input data. |
output | The buffer for the output data. Must be able to hold at least ilen + block_size. Must not be the same buffer as input. |
olen | The length of the output data, to be updated with the actual number of Bytes written. |
0
on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if parameter verification fails, MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an unsupported mode for a cipher, or a cipher-specific error code.ilen
as a multiple of the block_size. int mbedtls_cipher_update_ad | ( | mbedtls_cipher_context_t * | ctx, |
const unsigned char * | ad, | ||
size_t | ad_len | ||
) |
This function adds additional data for AEAD ciphers.
Only supported with GCM. Must be called exactly once, after mbedtls_cipher_reset().
ctx | The generic cipher context. |
ad | The additional data to use. |
ad_len | the Length of ad . |
0
on success, or a specific error code on failure. int mbedtls_cipher_write_tag | ( | mbedtls_cipher_context_t * | ctx, |
unsigned char * | tag, | ||
size_t | tag_len | ||
) |
This function writes a tag for AEAD ciphers.
Only supported with GCM. Must be called after mbedtls_cipher_finish().
ctx | The generic cipher context. |
tag | The buffer to write the tag to. |
tag_len | The length of the tag to write. |
0
on success, or a specific error code on failure.