1 /** 2 * \file cipher_wrap.h 3 * 4 * \brief Cipher wrappers. 5 * 6 * \author Adriaan de Jong <dejong@fox-it.com> 7 */ 8 /* 9 * Copyright The Mbed TLS Contributors 10 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 11 */ 12 #ifndef MBEDTLS_CIPHER_WRAP_H 13 #define MBEDTLS_CIPHER_WRAP_H 14 15 #include "mbedtls/build_info.h" 16 17 #include "mbedtls/cipher.h" 18 19 #if defined(MBEDTLS_USE_PSA_CRYPTO) 20 #include "psa/crypto.h" 21 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 22 23 #ifdef __cplusplus 24 extern "C" { 25 #endif 26 27 /* Support for GCM either through Mbed TLS SW implementation or PSA */ 28 #if defined(MBEDTLS_GCM_C) || \ 29 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) 30 #define MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA 31 #endif 32 33 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)) || \ 34 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_KEY_TYPE_AES)) 35 #define MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA 36 #endif 37 38 #if defined(MBEDTLS_CCM_C) || \ 39 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) 40 #define MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA 41 #endif 42 43 #if (defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)) || \ 44 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_KEY_TYPE_AES)) 45 #define MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA 46 #endif 47 48 #if defined(MBEDTLS_CCM_C) || \ 49 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)) 50 #define MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA 51 #endif 52 53 #if (defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)) || \ 54 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && \ 55 defined(PSA_WANT_KEY_TYPE_AES)) 56 #define MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_AES_VIA_LEGACY_OR_USE_PSA 57 #endif 58 59 #if defined(MBEDTLS_CHACHAPOLY_C) || \ 60 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305)) 61 #define MBEDTLS_CIPHER_HAVE_CHACHAPOLY_VIA_LEGACY_OR_USE_PSA 62 #endif 63 64 #if defined(MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA) || \ 65 defined(MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA) || \ 66 defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA) || \ 67 defined(MBEDTLS_CIPHER_HAVE_CHACHAPOLY_VIA_LEGACY_OR_USE_PSA) 68 #define MBEDTLS_CIPHER_HAVE_SOME_AEAD_VIA_LEGACY_OR_USE_PSA 69 #endif 70 71 /** 72 * Base cipher information. The non-mode specific functions and values. 73 */ 74 struct mbedtls_cipher_base_t { 75 /** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */ 76 mbedtls_cipher_id_t cipher; 77 78 /** Encrypt using ECB */ 79 int (*ecb_func)(void *ctx, mbedtls_operation_t mode, 80 const unsigned char *input, unsigned char *output); 81 82 #if defined(MBEDTLS_CIPHER_MODE_CBC) 83 /** Encrypt using CBC */ 84 int (*cbc_func)(void *ctx, mbedtls_operation_t mode, size_t length, 85 unsigned char *iv, const unsigned char *input, 86 unsigned char *output); 87 #endif 88 89 #if defined(MBEDTLS_CIPHER_MODE_CFB) 90 /** Encrypt using CFB (Full length) */ 91 int (*cfb_func)(void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off, 92 unsigned char *iv, const unsigned char *input, 93 unsigned char *output); 94 #endif 95 96 #if defined(MBEDTLS_CIPHER_MODE_OFB) 97 /** Encrypt using OFB (Full length) */ 98 int (*ofb_func)(void *ctx, size_t length, size_t *iv_off, 99 unsigned char *iv, 100 const unsigned char *input, 101 unsigned char *output); 102 #endif 103 104 #if defined(MBEDTLS_CIPHER_MODE_CTR) 105 /** Encrypt using CTR */ 106 int (*ctr_func)(void *ctx, size_t length, size_t *nc_off, 107 unsigned char *nonce_counter, unsigned char *stream_block, 108 const unsigned char *input, unsigned char *output); 109 #endif 110 111 #if defined(MBEDTLS_CIPHER_MODE_XTS) 112 /** Encrypt or decrypt using XTS. */ 113 int (*xts_func)(void *ctx, mbedtls_operation_t mode, size_t length, 114 const unsigned char data_unit[16], 115 const unsigned char *input, unsigned char *output); 116 #endif 117 118 #if defined(MBEDTLS_CIPHER_MODE_STREAM) 119 /** Encrypt using STREAM */ 120 int (*stream_func)(void *ctx, size_t length, 121 const unsigned char *input, unsigned char *output); 122 #endif 123 124 /** Set key for encryption purposes */ 125 int (*setkey_enc_func)(void *ctx, const unsigned char *key, 126 unsigned int key_bitlen); 127 128 #if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) 129 /** Set key for decryption purposes */ 130 int (*setkey_dec_func)(void *ctx, const unsigned char *key, 131 unsigned int key_bitlen); 132 #endif 133 134 /** Allocate a new context */ 135 void * (*ctx_alloc_func)(void); 136 137 /** Free the given context */ 138 void (*ctx_free_func)(void *ctx); 139 140 }; 141 142 typedef struct { 143 mbedtls_cipher_type_t type; 144 const mbedtls_cipher_info_t *info; 145 } mbedtls_cipher_definition_t; 146 147 #if defined(MBEDTLS_USE_PSA_CRYPTO) 148 typedef enum { 149 MBEDTLS_CIPHER_PSA_KEY_UNSET = 0, 150 MBEDTLS_CIPHER_PSA_KEY_OWNED, /* Used for PSA-based cipher contexts which */ 151 /* use raw key material internally imported */ 152 /* as a volatile key, and which hence need */ 153 /* to destroy that key when the context is */ 154 /* freed. */ 155 MBEDTLS_CIPHER_PSA_KEY_NOT_OWNED, /* Used for PSA-based cipher contexts */ 156 /* which use a key provided by the */ 157 /* user, and which hence will not be */ 158 /* destroyed when the context is freed. */ 159 } mbedtls_cipher_psa_key_ownership; 160 161 typedef struct { 162 psa_algorithm_t alg; 163 mbedtls_svc_key_id_t slot; 164 mbedtls_cipher_psa_key_ownership slot_state; 165 } mbedtls_cipher_context_psa; 166 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 167 168 extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[]; 169 170 extern int mbedtls_cipher_supported[]; 171 172 extern const mbedtls_cipher_base_t *mbedtls_cipher_base_lookup_table[]; 173 174 #ifdef __cplusplus 175 } 176 #endif 177 178 #endif /* MBEDTLS_CIPHER_WRAP_H */ 179
