TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m / b9309b69b76b04fcdfe331fbd96d1fc5e040f85a / . / interface / include / mbedtls / camellia.h
blob: 557f4725310228eaa716f59b22c8829b956babdf [file] [log] [blame]
Antonio de Angelis8bb98512024-01-16 14:13:36 +0000[diff] [blame]1/**
2 * \file camellia.h
3 *
4 * \brief Camellia block cipher
5 */
6/*
7 * Copyright The Mbed TLS Contributors
8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9 */
10#ifndef MBEDTLS_CAMELLIA_H
11#define MBEDTLS_CAMELLIA_H
12#include "mbedtls/private_access.h"
13
14#include "mbedtls/build_info.h"
15
16#include <stddef.h>
17#include <stdint.h>
18
19#include "mbedtls/platform_util.h"
20
21#define MBEDTLS_CAMELLIA_ENCRYPT 1
22#define MBEDTLS_CAMELLIA_DECRYPT 0
23
24/** Bad input data. */
25#define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024
26
27/** Invalid data input length. */
28#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026
29
30#ifdef __cplusplus
31extern "C" {
32#endif
33
34#if !defined(MBEDTLS_CAMELLIA_ALT)
35// Regular implementation
36//
37
38/**
39 * \brief CAMELLIA context structure
40 */
41typedef struct mbedtls_camellia_context {
42 int MBEDTLS_PRIVATE(nr); /*!< number of rounds */
43 uint32_t MBEDTLS_PRIVATE(rk)[68]; /*!< CAMELLIA round keys */
44}
45mbedtls_camellia_context;
46
47#else /* MBEDTLS_CAMELLIA_ALT */
48#include "camellia_alt.h"
49#endif /* MBEDTLS_CAMELLIA_ALT */
50
51/**
52 * \brief Initialize a CAMELLIA context.
53 *
54 * \param ctx The CAMELLIA context to be initialized.
55 * This must not be \c NULL.
56 */
57void mbedtls_camellia_init(mbedtls_camellia_context *ctx);
58
59/**
60 * \brief Clear a CAMELLIA context.
61 *
62 * \param ctx The CAMELLIA context to be cleared. This may be \c NULL,
63 * in which case this function returns immediately. If it is not
64 * \c NULL, it must be initialized.
65 */
66void mbedtls_camellia_free(mbedtls_camellia_context *ctx);
67
68/**
69 * \brief Perform a CAMELLIA key schedule operation for encryption.
70 *
71 * \param ctx The CAMELLIA context to use. This must be initialized.
72 * \param key The encryption key to use. This must be a readable buffer
73 * of size \p keybits Bits.
74 * \param keybits The length of \p key in Bits. This must be either \c 128,
75 * \c 192 or \c 256.
76 *
77 * \return \c 0 if successful.
78 * \return A negative error code on failure.
79 */
80int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,
81 const unsigned char *key,
82 unsigned int keybits);
83
84#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
85/**
86 * \brief Perform a CAMELLIA key schedule operation for decryption.
87 *
88 * \param ctx The CAMELLIA context to use. This must be initialized.
89 * \param key The decryption key. This must be a readable buffer
90 * of size \p keybits Bits.
91 * \param keybits The length of \p key in Bits. This must be either \c 128,
92 * \c 192 or \c 256.
93 *
94 * \return \c 0 if successful.
95 * \return A negative error code on failure.
96 */
97int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
98 const unsigned char *key,
99 unsigned int keybits);
100#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
101
102/**
103 * \brief Perform a CAMELLIA-ECB block encryption/decryption operation.
104 *
105 * \param ctx The CAMELLIA context to use. This must be initialized
106 * and bound to a key.
107 * \param mode The mode of operation. This must be either
108 * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
109 * \param input The input block. This must be a readable buffer
110 * of size \c 16 Bytes.
111 * \param output The output block. This must be a writable buffer
112 * of size \c 16 Bytes.
113 *
114 * \return \c 0 if successful.
115 * \return A negative error code on failure.
116 */
117int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx,
118 int mode,
119 const unsigned char input[16],
120 unsigned char output[16]);
121
122#if defined(MBEDTLS_CIPHER_MODE_CBC)
123/**
124 * \brief Perform a CAMELLIA-CBC buffer encryption/decryption operation.
125 *
126 * \note Upon exit, the content of the IV is updated so that you can
127 * call the function same function again on the following
128 * block(s) of data and get the same result as if it was
129 * encrypted in one call. This allows a "streaming" usage.
130 * If on the other hand you need to retain the contents of the
131 * IV, you should either save it manually or use the cipher
132 * module instead.
133 *
134 * \param ctx The CAMELLIA context to use. This must be initialized
135 * and bound to a key.
136 * \param mode The mode of operation. This must be either
137 * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
138 * \param length The length in Bytes of the input data \p input.
139 * This must be a multiple of \c 16 Bytes.
140 * \param iv The initialization vector. This must be a read/write buffer
141 * of length \c 16 Bytes. It is updated to allow streaming
142 * use as explained above.
143 * \param input The buffer holding the input data. This must point to a
144 * readable buffer of length \p length Bytes.
145 * \param output The buffer holding the output data. This must point to a
146 * writable buffer of length \p length Bytes.
147 *
148 * \return \c 0 if successful.
149 * \return A negative error code on failure.
150 */
151int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx,
152 int mode,
153 size_t length,
154 unsigned char iv[16],
155 const unsigned char *input,
156 unsigned char *output);
157#endif /* MBEDTLS_CIPHER_MODE_CBC */
158
159#if defined(MBEDTLS_CIPHER_MODE_CFB)
160/**
161 * \brief Perform a CAMELLIA-CFB128 buffer encryption/decryption
162 * operation.
163 *
164 * \note Due to the nature of CFB mode, you should use the same
165 * key for both encryption and decryption. In particular, calls
166 * to this function should be preceded by a key-schedule via
167 * mbedtls_camellia_setkey_enc() regardless of whether \p mode
168 * is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
169 *
170 * \note Upon exit, the content of the IV is updated so that you can
171 * call the function same function again on the following
172 * block(s) of data and get the same result as if it was
173 * encrypted in one call. This allows a "streaming" usage.
174 * If on the other hand you need to retain the contents of the
175 * IV, you should either save it manually or use the cipher
176 * module instead.
177 *
178 * \param ctx The CAMELLIA context to use. This must be initialized
179 * and bound to a key.
180 * \param mode The mode of operation. This must be either
181 * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
182 * \param length The length of the input data \p input. Any value is allowed.
183 * \param iv_off The current offset in the IV. This must be smaller
184 * than \c 16 Bytes. It is updated after this call to allow
185 * the aforementioned streaming usage.
186 * \param iv The initialization vector. This must be a read/write buffer
187 * of length \c 16 Bytes. It is updated after this call to
188 * allow the aforementioned streaming usage.
189 * \param input The buffer holding the input data. This must be a readable
190 * buffer of size \p length Bytes.
191 * \param output The buffer to hold the output data. This must be a writable
192 * buffer of length \p length Bytes.
193 *
194 * \return \c 0 if successful.
195 * \return A negative error code on failure.
196 */
197int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx,
198 int mode,
199 size_t length,
200 size_t *iv_off,
201 unsigned char iv[16],
202 const unsigned char *input,
203 unsigned char *output);
204#endif /* MBEDTLS_CIPHER_MODE_CFB */
205
206#if defined(MBEDTLS_CIPHER_MODE_CTR)
207/**
208 * \brief Perform a CAMELLIA-CTR buffer encryption/decryption operation.
209 *
210 * *note Due to the nature of CTR mode, you should use the same
211 * key for both encryption and decryption. In particular, calls
212 * to this function should be preceded by a key-schedule via
213 * mbedtls_camellia_setkey_enc() regardless of whether the mode
214 * is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
215 *
216 * \warning You must never reuse a nonce value with the same key. Doing so
217 * would void the encryption for the two messages encrypted with
218 * the same nonce and key.
219 *
220 * There are two common strategies for managing nonces with CTR:
221 *
222 * 1. You can handle everything as a single message processed over
223 * successive calls to this function. In that case, you want to
224 * set \p nonce_counter and \p nc_off to 0 for the first call, and
225 * then preserve the values of \p nonce_counter, \p nc_off and \p
226 * stream_block across calls to this function as they will be
227 * updated by this function.
228 *
229 * With this strategy, you must not encrypt more than 2**128
230 * blocks of data with the same key.
231 *
232 * 2. You can encrypt separate messages by dividing the \p
233 * nonce_counter buffer in two areas: the first one used for a
234 * per-message nonce, handled by yourself, and the second one
235 * updated by this function internally.
236 *
237 * For example, you might reserve the first \c 12 Bytes for the
238 * per-message nonce, and the last \c 4 Bytes for internal use.
239 * In that case, before calling this function on a new message you
240 * need to set the first \c 12 Bytes of \p nonce_counter to your
241 * chosen nonce value, the last four to \c 0, and \p nc_off to \c 0
242 * (which will cause \p stream_block to be ignored). That way, you
243 * can encrypt at most \c 2**96 messages of up to \c 2**32 blocks
244 * each with the same key.
245 *
246 * The per-message nonce (or information sufficient to reconstruct
247 * it) needs to be communicated with the ciphertext and must be
248 * unique. The recommended way to ensure uniqueness is to use a
249 * message counter. An alternative is to generate random nonces,
250 * but this limits the number of messages that can be securely
251 * encrypted: for example, with 96-bit random nonces, you should
252 * not encrypt more than 2**32 messages with the same key.
253 *
254 * Note that for both strategies, sizes are measured in blocks and
255 * that a CAMELLIA block is \c 16 Bytes.
256 *
257 * \warning Upon return, \p stream_block contains sensitive data. Its
258 * content must not be written to insecure storage and should be
259 * securely discarded as soon as it's no longer needed.
260 *
261 * \param ctx The CAMELLIA context to use. This must be initialized
262 * and bound to a key.
263 * \param length The length of the input data \p input in Bytes.
264 * Any value is allowed.
265 * \param nc_off The offset in the current \p stream_block (for resuming
266 * within current cipher stream). The offset pointer to
267 * should be \c 0 at the start of a stream. It is updated
268 * at the end of this call.
269 * \param nonce_counter The 128-bit nonce and counter. This must be a read/write
270 * buffer of length \c 16 Bytes.
271 * \param stream_block The saved stream-block for resuming. This must be a
272 * read/write buffer of length \c 16 Bytes.
273 * \param input The input data stream. This must be a readable buffer of
274 * size \p length Bytes.
275 * \param output The output data stream. This must be a writable buffer
276 * of size \p length Bytes.
277 *
278 * \return \c 0 if successful.
279 * \return A negative error code on failure.
280 */
281int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx,
282 size_t length,
283 size_t *nc_off,
284 unsigned char nonce_counter[16],
285 unsigned char stream_block[16],
286 const unsigned char *input,
287 unsigned char *output);
288#endif /* MBEDTLS_CIPHER_MODE_CTR */
289
290#if defined(MBEDTLS_SELF_TEST)
291
292/**
293 * \brief Checkup routine
294 *
295 * \return 0 if successful, or 1 if the test failed
296 */
297int mbedtls_camellia_self_test(int verbose);
298
299#endif /* MBEDTLS_SELF_TEST */
300
301#ifdef __cplusplus
302}
303#endif
304
305#endif /* camellia.h */