317 lines
15 KiB
C++
317 lines
15 KiB
C++
/*
|
|
* PSA cipher driver entry points and associated auxiliary functions
|
|
*/
|
|
/*
|
|
* Copyright The Mbed TLS Contributors
|
|
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
|
*/
|
|
|
|
#ifndef PSA_CRYPTO_CIPHER_H
|
|
#define PSA_CRYPTO_CIPHER_H
|
|
|
|
#include <mbedtls/cipher.h>
|
|
#include <psa/crypto.h>
|
|
|
|
/** Get Mbed TLS cipher information given the cipher algorithm PSA identifier
|
|
* as well as the PSA type and size of the key to be used with the cipher
|
|
* algorithm.
|
|
*
|
|
* \param[in] alg PSA cipher algorithm identifier
|
|
* \param[in] key_type PSA key type
|
|
* \param[in,out] key_bits Size of the key in bits. The value provided in input
|
|
* might be updated if necessary.
|
|
* \param[out] mode Mbed TLS cipher mode
|
|
* \param[out] cipher_id Mbed TLS cipher algorithm identifier
|
|
*
|
|
* \return On success \c PSA_SUCCESS is returned and key_bits, mode and cipher_id
|
|
* are properly updated.
|
|
* \c PSA_ERROR_NOT_SUPPORTED is returned if the cipher algorithm is not
|
|
* supported.
|
|
*/
|
|
|
|
psa_status_t mbedtls_cipher_values_from_psa(psa_algorithm_t alg, psa_key_type_t key_type,
|
|
size_t *key_bits, mbedtls_cipher_mode_t *mode,
|
|
mbedtls_cipher_id_t *cipher_id);
|
|
|
|
#if defined(MBEDTLS_CIPHER_C)
|
|
/** Get Mbed TLS cipher information given the cipher algorithm PSA identifier
|
|
* as well as the PSA type and size of the key to be used with the cipher
|
|
* algorithm.
|
|
*
|
|
* \param alg PSA cipher algorithm identifier
|
|
* \param key_type PSA key type
|
|
* \param key_bits Size of the key in bits
|
|
* \param[out] cipher_id Mbed TLS cipher algorithm identifier
|
|
*
|
|
* \return The Mbed TLS cipher information of the cipher algorithm.
|
|
* \c NULL if the PSA cipher algorithm is not supported.
|
|
*/
|
|
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
|
|
psa_algorithm_t alg, psa_key_type_t key_type, size_t key_bits,
|
|
mbedtls_cipher_id_t *cipher_id);
|
|
#endif /* MBEDTLS_CIPHER_C */
|
|
|
|
/**
|
|
* \brief Set the key for a multipart symmetric encryption operation.
|
|
*
|
|
* \note The signature of this function is that of a PSA driver
|
|
* cipher_encrypt_setup entry point. This function behaves as a
|
|
* cipher_encrypt_setup entry point as defined in the PSA driver
|
|
* interface specification for transparent drivers.
|
|
*
|
|
* \param[in,out] operation The operation object to set up. It has been
|
|
* initialized as per the documentation for
|
|
* #psa_cipher_operation_t and not yet in use.
|
|
* \param[in] attributes The attributes of the key to use for the
|
|
* operation.
|
|
* \param[in] key_buffer The buffer containing the key context.
|
|
* \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
|
|
* \param[in] alg The cipher algorithm to compute
|
|
* (\c PSA_ALG_XXX value such that
|
|
* #PSA_ALG_IS_CIPHER(\p alg) is true).
|
|
*
|
|
* \retval #PSA_SUCCESS \emptydescription
|
|
* \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
|
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
|
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
|
|
*/
|
|
psa_status_t mbedtls_psa_cipher_encrypt_setup(
|
|
mbedtls_psa_cipher_operation_t *operation,
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
|
psa_algorithm_t alg);
|
|
|
|
/**
|
|
* \brief Set the key for a multipart symmetric decryption operation.
|
|
*
|
|
* \note The signature of this function is that of a PSA driver
|
|
* cipher_decrypt_setup entry point. This function behaves as a
|
|
* cipher_decrypt_setup entry point as defined in the PSA driver
|
|
* interface specification for transparent drivers.
|
|
*
|
|
* \param[in,out] operation The operation object to set up. It has been
|
|
* initialized as per the documentation for
|
|
* #psa_cipher_operation_t and not yet in use.
|
|
* \param[in] attributes The attributes of the key to use for the
|
|
* operation.
|
|
* \param[in] key_buffer The buffer containing the key context.
|
|
* \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
|
|
* \param[in] alg The cipher algorithm to compute
|
|
* (\c PSA_ALG_XXX value such that
|
|
* #PSA_ALG_IS_CIPHER(\p alg) is true).
|
|
*
|
|
* \retval #PSA_SUCCESS \emptydescription
|
|
* \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
|
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
|
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
|
|
*/
|
|
psa_status_t mbedtls_psa_cipher_decrypt_setup(
|
|
mbedtls_psa_cipher_operation_t *operation,
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
|
psa_algorithm_t alg);
|
|
|
|
/** Set the IV for a symmetric encryption or decryption operation.
|
|
*
|
|
* This function sets the IV (initialization vector), nonce
|
|
* or initial counter value for the encryption or decryption operation.
|
|
*
|
|
* \note The signature of this function is that of a PSA driver
|
|
* cipher_set_iv entry point. This function behaves as a
|
|
* cipher_set_iv entry point as defined in the PSA driver
|
|
* interface specification for transparent drivers.
|
|
*
|
|
* \param[in,out] operation Active cipher operation.
|
|
* \param[in] iv Buffer containing the IV to use.
|
|
* \param[in] iv_length Size of the IV in bytes. It is guaranteed by
|
|
* the core to be less or equal to
|
|
* PSA_CIPHER_IV_MAX_SIZE.
|
|
*
|
|
* \retval #PSA_SUCCESS \emptydescription
|
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
|
* The size of \p iv is not acceptable for the chosen algorithm,
|
|
* or the chosen algorithm does not use an IV.
|
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
|
|
*/
|
|
psa_status_t mbedtls_psa_cipher_set_iv(
|
|
mbedtls_psa_cipher_operation_t *operation,
|
|
const uint8_t *iv, size_t iv_length);
|
|
|
|
/** Encrypt or decrypt a message fragment in an active cipher operation.
|
|
*
|
|
* \note The signature of this function is that of a PSA driver
|
|
* cipher_update entry point. This function behaves as a
|
|
* cipher_update entry point as defined in the PSA driver
|
|
* interface specification for transparent drivers.
|
|
*
|
|
* \param[in,out] operation Active cipher operation.
|
|
* \param[in] input Buffer containing the message fragment to
|
|
* encrypt or decrypt.
|
|
* \param[in] input_length Size of the \p input buffer in bytes.
|
|
* \param[out] output Buffer where the output is to be written.
|
|
* \param[in] output_size Size of the \p output buffer in bytes.
|
|
* \param[out] output_length On success, the number of bytes
|
|
* that make up the returned output.
|
|
*
|
|
* \retval #PSA_SUCCESS \emptydescription
|
|
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
|
* The size of the \p output buffer is too small.
|
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
|
|
*/
|
|
psa_status_t mbedtls_psa_cipher_update(
|
|
mbedtls_psa_cipher_operation_t *operation,
|
|
const uint8_t *input, size_t input_length,
|
|
uint8_t *output, size_t output_size, size_t *output_length);
|
|
|
|
/** Finish encrypting or decrypting a message in a cipher operation.
|
|
*
|
|
* \note The signature of this function is that of a PSA driver
|
|
* cipher_finish entry point. This function behaves as a
|
|
* cipher_finish entry point as defined in the PSA driver
|
|
* interface specification for transparent drivers.
|
|
*
|
|
* \param[in,out] operation Active cipher operation.
|
|
* \param[out] output Buffer where the output is to be written.
|
|
* \param[in] output_size Size of the \p output buffer in bytes.
|
|
* \param[out] output_length On success, the number of bytes
|
|
* that make up the returned output.
|
|
*
|
|
* \retval #PSA_SUCCESS \emptydescription
|
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
|
* The total input size passed to this operation is not valid for
|
|
* this particular algorithm. For example, the algorithm is a based
|
|
* on block cipher and requires a whole number of blocks, but the
|
|
* total input size is not a multiple of the block size.
|
|
* \retval #PSA_ERROR_INVALID_PADDING
|
|
* This is a decryption operation for an algorithm that includes
|
|
* padding, and the ciphertext does not contain valid padding.
|
|
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
|
* The size of the \p output buffer is too small.
|
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
|
|
*/
|
|
psa_status_t mbedtls_psa_cipher_finish(
|
|
mbedtls_psa_cipher_operation_t *operation,
|
|
uint8_t *output, size_t output_size, size_t *output_length);
|
|
|
|
/** Abort a cipher operation.
|
|
*
|
|
* Aborting an operation frees all associated resources except for the
|
|
* \p operation structure itself. Once aborted, the operation object
|
|
* can be reused for another operation.
|
|
*
|
|
* \note The signature of this function is that of a PSA driver
|
|
* cipher_abort entry point. This function behaves as a
|
|
* cipher_abort entry point as defined in the PSA driver
|
|
* interface specification for transparent drivers.
|
|
*
|
|
* \param[in,out] operation Initialized cipher operation.
|
|
*
|
|
* \retval #PSA_SUCCESS \emptydescription
|
|
*/
|
|
psa_status_t mbedtls_psa_cipher_abort(mbedtls_psa_cipher_operation_t *operation);
|
|
|
|
/** Encrypt a message using a symmetric cipher.
|
|
*
|
|
* \note The signature of this function is that of a PSA driver
|
|
* cipher_encrypt entry point. This function behaves as a
|
|
* cipher_encrypt entry point as defined in the PSA driver
|
|
* interface specification for transparent drivers.
|
|
*
|
|
* \param[in] attributes The attributes of the key to use for the
|
|
* operation.
|
|
* \param[in] key_buffer The buffer containing the key context.
|
|
* \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
|
|
* \param[in] alg The cipher algorithm to compute
|
|
* (\c PSA_ALG_XXX value such that
|
|
* #PSA_ALG_IS_CIPHER(\p alg) is true).
|
|
* \param[in] iv Buffer containing the IV for encryption. The
|
|
* IV has been generated by the core.
|
|
* \param[in] iv_length Size of the \p iv in bytes.
|
|
* \param[in] input Buffer containing the message to encrypt.
|
|
* \param[in] input_length Size of the \p input buffer in bytes.
|
|
* \param[in,out] output Buffer where the output is to be written.
|
|
* \param[in] output_size Size of the \p output buffer in bytes.
|
|
* \param[out] output_length On success, the number of bytes that make up
|
|
* the returned output. Initialized to zero
|
|
* by the core.
|
|
*
|
|
* \retval #PSA_SUCCESS \emptydescription
|
|
* \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
|
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
|
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
|
|
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
|
* The size of the \p output buffer is too small.
|
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
|
* The size \p iv_length is not acceptable for the chosen algorithm,
|
|
* or the chosen algorithm does not use an IV.
|
|
* The total input size passed to this operation is not valid for
|
|
* this particular algorithm. For example, the algorithm is a based
|
|
* on block cipher and requires a whole number of blocks, but the
|
|
* total input size is not a multiple of the block size.
|
|
* \retval #PSA_ERROR_INVALID_PADDING
|
|
* This is a decryption operation for an algorithm that includes
|
|
* padding, and the ciphertext does not contain valid padding.
|
|
*/
|
|
psa_status_t mbedtls_psa_cipher_encrypt(const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer,
|
|
size_t key_buffer_size,
|
|
psa_algorithm_t alg,
|
|
const uint8_t *iv,
|
|
size_t iv_length,
|
|
const uint8_t *input,
|
|
size_t input_length,
|
|
uint8_t *output,
|
|
size_t output_size,
|
|
size_t *output_length);
|
|
|
|
/** Decrypt a message using a symmetric cipher.
|
|
*
|
|
* \note The signature of this function is that of a PSA driver
|
|
* cipher_decrypt entry point. This function behaves as a
|
|
* cipher_decrypt entry point as defined in the PSA driver
|
|
* interface specification for transparent drivers.
|
|
*
|
|
* \param[in] attributes The attributes of the key to use for the
|
|
* operation.
|
|
* \param[in] key_buffer The buffer containing the key context.
|
|
* \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
|
|
* \param[in] alg The cipher algorithm to compute
|
|
* (\c PSA_ALG_XXX value such that
|
|
* #PSA_ALG_IS_CIPHER(\p alg) is true).
|
|
* \param[in] input Buffer containing the iv and the ciphertext.
|
|
* \param[in] input_length Size of the \p input buffer in bytes.
|
|
* \param[out] output Buffer where the output is to be written.
|
|
* \param[in] output_size Size of the \p output buffer in bytes.
|
|
* \param[out] output_length On success, the number of bytes that make up
|
|
* the returned output. Initialized to zero
|
|
* by the core.
|
|
*
|
|
* \retval #PSA_SUCCESS \emptydescription
|
|
* \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
|
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
|
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
|
|
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
|
* The size of the \p output buffer is too small.
|
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
|
* The size of \p iv is not acceptable for the chosen algorithm,
|
|
* or the chosen algorithm does not use an IV.
|
|
* The total input size passed to this operation is not valid for
|
|
* this particular algorithm. For example, the algorithm is a based
|
|
* on block cipher and requires a whole number of blocks, but the
|
|
* total input size is not a multiple of the block size.
|
|
* \retval #PSA_ERROR_INVALID_PADDING
|
|
* This is a decryption operation for an algorithm that includes
|
|
* padding, and the ciphertext does not contain valid padding.
|
|
*/
|
|
psa_status_t mbedtls_psa_cipher_decrypt(const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer,
|
|
size_t key_buffer_size,
|
|
psa_algorithm_t alg,
|
|
const uint8_t *input,
|
|
size_t input_length,
|
|
uint8_t *output,
|
|
size_t output_size,
|
|
size_t *output_length);
|
|
|
|
#endif /* PSA_CRYPTO_CIPHER_H */
|