File camellia.h
Camellia block cipher.
Defines
-
MBEDTLS_CAMELLIA_ENCRYPT
-
MBEDTLS_CAMELLIA_DECRYPT
-
MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA
Bad input data.
-
MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
Invalid data input length.
Typedefs
-
typedef struct mbedtls_camellia_context mbedtls_camellia_context
CAMELLIA context structure.
Functions
-
void mbedtls_camellia_init(mbedtls_camellia_context *ctx)
Initialize a CAMELLIA context.
- Parameters:
ctx – The CAMELLIA context to be initialized. This must not be
NULL
.
-
void mbedtls_camellia_free(mbedtls_camellia_context *ctx)
Clear a CAMELLIA context.
- Parameters:
ctx – The CAMELLIA context to be cleared. This may be
NULL
, in which case this function returns immediately. If it is notNULL
, it must be initialized.
-
int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits)
Perform a CAMELLIA key schedule operation for encryption.
- Parameters:
ctx – The CAMELLIA context to use. This must be initialized.
key – The encryption key to use. This must be a readable buffer of size
keybits
Bits.keybits – The length of
key
in Bits. This must be either128
,192
or256
.
- Returns:
0
if successful.- Returns:
A negative error code on failure.
-
int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx, int mode, const unsigned char input[16], unsigned char output[16])
Perform a CAMELLIA-ECB block encryption/decryption operation.
- Parameters:
ctx – The CAMELLIA context to use. This must be initialized and bound to a key.
mode – The mode of operation. This must be either MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT.
input – The input block. This must be a readable buffer of size
16
Bytes.output – The output block. This must be a writable buffer of size
16
Bytes.
- Returns:
0
if successful.- Returns:
A negative error code on failure.
-
int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
Perform a CAMELLIA-CBC buffer encryption/decryption operation.
Note
Upon exit, the content of the IV is updated so that you can call the function same function again on the following block(s) of data and get the same result as if it was encrypted in one call. This allows a “streaming” usage. If on the other hand you need to retain the contents of the IV, you should either save it manually or use the cipher module instead.
- Parameters:
ctx – The CAMELLIA context to use. This must be initialized and bound to a key.
mode – The mode of operation. This must be either MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT.
length – The length in Bytes of the input data
input
. This must be a multiple of16
Bytes.iv – The initialization vector. This must be a read/write buffer of length
16
Bytes. It is updated to allow streaming use as explained above.input – The buffer holding the input data. This must point to a readable buffer of length
length
Bytes.output – The buffer holding the output data. This must point to a writable buffer of length
length
Bytes.
- Returns:
0
if successful.- Returns:
A negative error code on failure.
-
int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx, int mode, size_t length, size_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output)
Perform a CAMELLIA-CFB128 buffer encryption/decryption operation.
Note
Due to the nature of CFB mode, you should use the same key for both encryption and decryption. In particular, calls to this function should be preceded by a key-schedule via mbedtls_camellia_setkey_enc() regardless of whether
mode
is MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT.Note
Upon exit, the content of the IV is updated so that you can call the function same function again on the following block(s) of data and get the same result as if it was encrypted in one call. This allows a “streaming” usage. If on the other hand you need to retain the contents of the IV, you should either save it manually or use the cipher module instead.
- Parameters:
ctx – The CAMELLIA context to use. This must be initialized and bound to a key.
mode – The mode of operation. This must be either MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT.
length – The length of the input data
input
. Any value is allowed.iv_off – The current offset in the IV. This must be smaller than
16
Bytes. It is updated after this call to allow the aforementioned streaming usage.iv – The initialization vector. This must be a read/write buffer of length
16
Bytes. It is updated after this call to allow the aforementioned streaming usage.input – The buffer holding the input data. This must be a readable buffer of size
length
Bytes.output – The buffer to hold the output data. This must be a writable buffer of length
length
Bytes.
- Returns:
0
if successful.- Returns:
A negative error code on failure.
-
int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], unsigned char stream_block[16], const unsigned char *input, unsigned char *output)
Perform a CAMELLIA-CTR buffer encryption/decryption operation.
*note Due to the nature of CTR mode, you should use the same key for both encryption and decryption. In particular, calls to this function should be preceded by a key-schedule via mbedtls_camellia_setkey_enc() regardless of whether the mode is MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT.
There are two common strategies for managing nonces with CTR:
You can handle everything as a single message processed over successive calls to this function. In that case, you want to set
nonce_counter
andnc_off
to 0 for the first call, and then preserve the values ofnonce_counter
,nc_off
andstream_block
across calls to this function as they will be updated by this function.
With this strategy, you must not encrypt more than 2**128 blocks of data with the same key.
You can encrypt separate messages by dividing the
nonce_counter
buffer in two areas: the first one used for a per-message nonce, handled by yourself, and the second one updated by this function internally.
For example, you might reserve the first
12
Bytes for the per-message nonce, and the last4
Bytes for internal use. In that case, before calling this function on a new message you need to set the first12
Bytes ofnonce_counter
to your chosen nonce value, the last four to0
, andnc_off
to0
(which will causestream_block
to be ignored). That way, you can encrypt at most2**96
messages of up to2**32
blocks each with the same key.The per-message nonce (or information sufficient to reconstruct it) needs to be communicated with the ciphertext and must be unique. The recommended way to ensure uniqueness is to use a message counter. An alternative is to generate random nonces, but this limits the number of messages that can be securely encrypted: for example, with 96-bit random nonces, you should not encrypt more than 2**32 messages with the same key.
Note that for both strategies, sizes are measured in blocks and that a CAMELLIA block is
16
Bytes.Warning
You must never reuse a nonce value with the same key. Doing so would void the encryption for the two messages encrypted with the same nonce and key.
Warning
Upon return,
stream_block
contains sensitive data. Its content must not be written to insecure storage and should be securely discarded as soon as it’s no longer needed.- Parameters:
ctx – The CAMELLIA context to use. This must be initialized and bound to a key.
length – The length of the input data
input
in Bytes. Any value is allowed.nc_off – The offset in the current
stream_block
(for resuming within current cipher stream). The offset pointer to should be0
at the start of a stream. It is updated at the end of this call.nonce_counter – The 128-bit nonce and counter. This must be a read/write buffer of length
16
Bytes.stream_block – The saved stream-block for resuming. This must be a read/write buffer of length
16
Bytes.input – The input data stream. This must be a readable buffer of size
length
Bytes.output – The output data stream. This must be a writable buffer of size
length
Bytes.
- Returns:
0
if successful.- Returns:
A negative error code on failure.
-
int mbedtls_camellia_self_test(int verbose)
Checkup routine.
- Returns:
0 if successful, or 1 if the test failed
-
struct mbedtls_camellia_context
- #include <camellia.h>
CAMELLIA context structure.