1/** 2 * \file cipher_wrap.h 3 * 4 * \brief Cipher wrappers. 5 * 6 * \author Adriaan de Jong <dejong@fox-it.com> 7 */ 8/* 9 * Copyright The Mbed TLS Contributors 10 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 11 */ 12#ifndef MBEDTLS_CIPHER_WRAP_H 13#define MBEDTLS_CIPHER_WRAP_H 14 15#include "mbedtls/build_info.h" 16 17#include "mbedtls/cipher.h" 18 19#if defined(MBEDTLS_USE_PSA_CRYPTO) 20#include "psa/crypto.h" 21#endif /* MBEDTLS_USE_PSA_CRYPTO */ 22 23#ifdef __cplusplus 24extern "C" { 25#endif 26 27/* Support for GCM either through Mbed TLS SW implementation or PSA */ 28#if defined(MBEDTLS_GCM_C) || \ 29 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) 30#define MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA 31#endif 32 33#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)) || \ 34 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_KEY_TYPE_AES)) 35#define MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA 36#endif 37 38#if defined(MBEDTLS_CCM_C) || \ 39 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) 40#define MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA 41#endif 42 43#if (defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)) || \ 44 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_KEY_TYPE_AES)) 45#define MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA 46#endif 47 48#if defined(MBEDTLS_CCM_C) || \ 49 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)) 50#define MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA 51#endif 52 53#if (defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)) || \ 54 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && \ 55 defined(PSA_WANT_KEY_TYPE_AES)) 56#define MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_AES_VIA_LEGACY_OR_USE_PSA 57#endif 58 59#if defined(MBEDTLS_CHACHAPOLY_C) || \ 60 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305)) 61#define MBEDTLS_CIPHER_HAVE_CHACHAPOLY_VIA_LEGACY_OR_USE_PSA 62#endif 63 64#if defined(MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA) || \ 65 defined(MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA) || \ 66 defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA) || \ 67 defined(MBEDTLS_CIPHER_HAVE_CHACHAPOLY_VIA_LEGACY_OR_USE_PSA) 68#define MBEDTLS_CIPHER_HAVE_SOME_AEAD_VIA_LEGACY_OR_USE_PSA 69#endif 70 71/** 72 * Base cipher information. The non-mode specific functions and values. 73 */ 74struct mbedtls_cipher_base_t { 75 /** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */ 76 mbedtls_cipher_id_t cipher; 77 78 /** Encrypt using ECB */ 79 int (*ecb_func)(void *ctx, mbedtls_operation_t mode, 80 const unsigned char *input, unsigned char *output); 81 82#if defined(MBEDTLS_CIPHER_MODE_CBC) 83 /** Encrypt using CBC */ 84 int (*cbc_func)(void *ctx, mbedtls_operation_t mode, size_t length, 85 unsigned char *iv, const unsigned char *input, 86 unsigned char *output); 87#endif 88 89#if defined(MBEDTLS_CIPHER_MODE_CFB) 90 /** Encrypt using CFB (Full length) */ 91 int (*cfb_func)(void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off, 92 unsigned char *iv, const unsigned char *input, 93 unsigned char *output); 94#endif 95 96#if defined(MBEDTLS_CIPHER_MODE_OFB) 97 /** Encrypt using OFB (Full length) */ 98 int (*ofb_func)(void *ctx, size_t length, size_t *iv_off, 99 unsigned char *iv, 100 const unsigned char *input, 101 unsigned char *output); 102#endif 103 104#if defined(MBEDTLS_CIPHER_MODE_CTR) 105 /** Encrypt using CTR */ 106 int (*ctr_func)(void *ctx, size_t length, size_t *nc_off, 107 unsigned char *nonce_counter, unsigned char *stream_block, 108 const unsigned char *input, unsigned char *output); 109#endif 110 111#if defined(MBEDTLS_CIPHER_MODE_XTS) 112 /** Encrypt or decrypt using XTS. */ 113 int (*xts_func)(void *ctx, mbedtls_operation_t mode, size_t length, 114 const unsigned char data_unit[16], 115 const unsigned char *input, unsigned char *output); 116#endif 117 118#if defined(MBEDTLS_CIPHER_MODE_STREAM) 119 /** Encrypt using STREAM */ 120 int (*stream_func)(void *ctx, size_t length, 121 const unsigned char *input, unsigned char *output); 122#endif 123 124 /** Set key for encryption purposes */ 125 int (*setkey_enc_func)(void *ctx, const unsigned char *key, 126 unsigned int key_bitlen); 127 128#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) 129 /** Set key for decryption purposes */ 130 int (*setkey_dec_func)(void *ctx, const unsigned char *key, 131 unsigned int key_bitlen); 132#endif 133 134 /** Allocate a new context */ 135 void * (*ctx_alloc_func)(void); 136 137 /** Free the given context */ 138 void (*ctx_free_func)(void *ctx); 139 140}; 141 142typedef struct { 143 mbedtls_cipher_type_t type; 144 const mbedtls_cipher_info_t *info; 145} mbedtls_cipher_definition_t; 146 147#if defined(MBEDTLS_USE_PSA_CRYPTO) 148typedef enum { 149 MBEDTLS_CIPHER_PSA_KEY_UNSET = 0, 150 MBEDTLS_CIPHER_PSA_KEY_OWNED, /* Used for PSA-based cipher contexts which */ 151 /* use raw key material internally imported */ 152 /* as a volatile key, and which hence need */ 153 /* to destroy that key when the context is */ 154 /* freed. */ 155 MBEDTLS_CIPHER_PSA_KEY_NOT_OWNED, /* Used for PSA-based cipher contexts */ 156 /* which use a key provided by the */ 157 /* user, and which hence will not be */ 158 /* destroyed when the context is freed. */ 159} mbedtls_cipher_psa_key_ownership; 160 161typedef struct { 162 psa_algorithm_t alg; 163 mbedtls_svc_key_id_t slot; 164 mbedtls_cipher_psa_key_ownership slot_state; 165} mbedtls_cipher_context_psa; 166#endif /* MBEDTLS_USE_PSA_CRYPTO */ 167 168extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[]; 169 170extern int mbedtls_cipher_supported[]; 171 172extern const mbedtls_cipher_base_t *mbedtls_cipher_base_lookup_table[]; 173 174#ifdef __cplusplus 175} 176#endif 177 178#endif /* MBEDTLS_CIPHER_WRAP_H */ 179