1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
/* wc_encrypt.h
*
* Copyright (C) 2006-2026 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*!
\file wolfssl/wolfcrypt/wc_encrypt.h
*/
#ifndef WOLF_CRYPT_ENCRYPT_H
#define WOLF_CRYPT_ENCRYPT_H
#include <wolfssl/wolfcrypt/types.h>
#ifndef NO_AES
#include <wolfssl/wolfcrypt/aes.h>
#endif
#ifdef HAVE_CHACHA
#include <wolfssl/wolfcrypt/chacha.h>
#endif
#ifndef NO_DES3
#include <wolfssl/wolfcrypt/des3.h>
#endif
#ifndef NO_RC4
#include <wolfssl/wolfcrypt/arc4.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
/* determine max cipher key size - cannot use enum values here, must be define,
* since WC_MAX_SYM_KEY_SIZE is used in if macro logic. */
#ifndef NO_AES
#define WC_MAX_SYM_KEY_SIZE (AES_MAX_KEY_SIZE/8)
#elif defined(HAVE_CHACHA)
#define WC_MAX_SYM_KEY_SIZE 32 /* CHACHA_MAX_KEY_SZ */
#elif !defined(NO_DES3)
#define WC_MAX_SYM_KEY_SIZE 24 /* DES3_KEY_SIZE */
#elif !defined(NO_RC4)
#define WC_MAX_SYM_KEY_SIZE 16 /* RC4_KEY_SIZE */
#else
#define WC_MAX_SYM_KEY_SIZE 32
#endif
#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION <= 2)) || (defined(HAVE_SELFTEST) && \
(!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)))
/* In FIPS cert 3389 and CAVP selftest v1 build, these enums are
* not in aes.h. Define them here outside the fips boundary.
*/
#ifndef GCM_NONCE_MID_SZ
/* The usual default nonce size for AES-GCM. */
#define GCM_NONCE_MID_SZ 12
#endif
#ifndef CCM_NONCE_MIN_SZ
#define CCM_NONCE_MIN_SZ 7
#endif
#endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
WOLFSSL_API int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
const byte* key, word32 keySz,
const byte* iv);
WOLFSSL_API int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
const byte* key, word32 keySz,
const byte* iv);
#endif /* !NO_AES */
#ifndef NO_DES3
WOLFSSL_API int wc_Des_CbcDecryptWithKey(byte* out,
const byte* in, word32 sz,
const byte* key, const byte* iv);
WOLFSSL_API int wc_Des_CbcEncryptWithKey(byte* out,
const byte* in, word32 sz,
const byte* key, const byte* iv);
WOLFSSL_API int wc_Des3_CbcEncryptWithKey(byte* out,
const byte* in, word32 sz,
const byte* key, const byte* iv);
WOLFSSL_API int wc_Des3_CbcDecryptWithKey(byte* out,
const byte* in, word32 sz,
const byte* key, const byte* iv);
#endif /* !NO_DES3 */
#ifdef WOLFSSL_ENCRYPTED_KEYS
struct EncryptedInfo;
WOLFSSL_API int wc_BufferKeyDecrypt(struct EncryptedInfo* info, byte* der, word32 derSz,
const byte* password, int passwordSz, int hashType);
WOLFSSL_API int wc_BufferKeyEncrypt(struct EncryptedInfo* info, byte* der, word32 derSz,
const byte* password, int passwordSz, int hashType);
#endif /* WOLFSSL_ENCRYPTED_KEYS */
#ifndef NO_PWDBASED
WOLFSSL_LOCAL int wc_CryptKey(const char* password, int passwordSz,
const byte* salt, int saltSz, int iterations, int id, byte* input,
int length, int version, byte* cbcIv, int enc, int shaOid);
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLF_CRYPT_ENCRYPT_H */