TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / 83f3fc0d772d1137b225a9c9bacec084177f2e70 / . / library / cipher.c
blob: a014eca5ed8ac714ba289a8210f001651f2dea4c [file] [log] [blame]
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]1/**
2 * \file cipher.c
3 *
4 * \brief Generic cipher wrapper for PolarSSL
5 *
6 * \author Adriaan de Jong <dejong@fox-it.com>
7 *
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]8 * Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]9 *
10 * This file is part of PolarSSL (http://www.polarssl.org)
11 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
12 *
13 * All rights reserved.
14 *
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License as published by
17 * the Free Software Foundation; either version 2 of the License, or
18 * (at your option) any later version.
19 *
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * You should have received a copy of the GNU General Public License along
26 * with this program; if not, write to the Free Software Foundation, Inc.,
27 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
28 */
29
30#include "polarssl/config.h"
31
32#if defined(POLARSSL_CIPHER_C)
33
34#include "polarssl/cipher.h"
35#include "polarssl/cipher_wrap.h"
36
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]37#if defined(POLARSSL_GCM_C)
38#include "polarssl/gcm.h"
39#endif
40
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]41#include <stdlib.h>
42
Manuel Pégourié-Gonnardb5e85882013-08-28 16:36:14 +0200[diff] [blame]43#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200[diff] [blame]44#define POLARSSL_CIPHER_MODE_STREAM
45#endif
46
Paul Bakkeraf5c85f2011-04-18 03:47:52 +0000[diff] [blame]47#if defined _MSC_VER && !defined strcasecmp
48#define strcasecmp _stricmp
49#endif
50
Paul Bakker72f62662011-01-16 21:27:44 +0000[diff] [blame]51static const int supported_ciphers[] = {
52
53#if defined(POLARSSL_AES_C)
54 POLARSSL_CIPHER_AES_128_CBC,
55 POLARSSL_CIPHER_AES_192_CBC,
56 POLARSSL_CIPHER_AES_256_CBC,
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]57
58#if defined(POLARSSL_CIPHER_MODE_CFB)
59 POLARSSL_CIPHER_AES_128_CFB128,
60 POLARSSL_CIPHER_AES_192_CFB128,
61 POLARSSL_CIPHER_AES_256_CFB128,
62#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
63
64#if defined(POLARSSL_CIPHER_MODE_CTR)
65 POLARSSL_CIPHER_AES_128_CTR,
66 POLARSSL_CIPHER_AES_192_CTR,
67 POLARSSL_CIPHER_AES_256_CTR,
68#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
69
Manuel Pégourié-Gonnard83f3fc02013-09-04 12:07:24 +0200[diff] [blame^]70#if defined(POLARSSL_GCM_C)
71 POLARSSL_CIPHER_AES_128_GCM,
72 POLARSSL_CIPHER_AES_192_GCM,
73 POLARSSL_CIPHER_AES_256_GCM,
74#endif /* defined(POLARSSL_GCM_C) */
75
Paul Bakker72f62662011-01-16 21:27:44 +0000[diff] [blame]76#endif /* defined(POLARSSL_AES_C) */
77
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200[diff] [blame]78#if defined(POLARSSL_ARC4_C)
79 POLARSSL_CIPHER_ARC4_128,
80#endif
81
Paul Bakker72f62662011-01-16 21:27:44 +0000[diff] [blame]82#if defined(POLARSSL_CAMELLIA_C)
83 POLARSSL_CIPHER_CAMELLIA_128_CBC,
84 POLARSSL_CIPHER_CAMELLIA_192_CBC,
85 POLARSSL_CIPHER_CAMELLIA_256_CBC,
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]86
87#if defined(POLARSSL_CIPHER_MODE_CFB)
88 POLARSSL_CIPHER_CAMELLIA_128_CFB128,
89 POLARSSL_CIPHER_CAMELLIA_192_CFB128,
90 POLARSSL_CIPHER_CAMELLIA_256_CFB128,
91#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
92
93#if defined(POLARSSL_CIPHER_MODE_CTR)
94 POLARSSL_CIPHER_CAMELLIA_128_CTR,
95 POLARSSL_CIPHER_CAMELLIA_192_CTR,
96 POLARSSL_CIPHER_CAMELLIA_256_CTR,
97#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
98
Paul Bakker72f62662011-01-16 21:27:44 +0000[diff] [blame]99#endif /* defined(POLARSSL_CAMELLIA_C) */
100
101#if defined(POLARSSL_DES_C)
102 POLARSSL_CIPHER_DES_CBC,
103 POLARSSL_CIPHER_DES_EDE_CBC,
104 POLARSSL_CIPHER_DES_EDE3_CBC,
105#endif /* defined(POLARSSL_DES_C) */
106
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]107#if defined(POLARSSL_BLOWFISH_C)
108 POLARSSL_CIPHER_BLOWFISH_CBC,
109
110#if defined(POLARSSL_CIPHER_MODE_CFB)
111 POLARSSL_CIPHER_BLOWFISH_CFB64,
112#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
113
114#if defined(POLARSSL_CIPHER_MODE_CTR)
115 POLARSSL_CIPHER_BLOWFISH_CTR,
116#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
117
118#endif /* defined(POLARSSL_BLOWFISH_C) */
119
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]120#if defined(POLARSSL_CIPHER_NULL_CIPHER)
121 POLARSSL_CIPHER_NULL,
122#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
123
Paul Bakker72f62662011-01-16 21:27:44 +0000[diff] [blame]124 0
125};
126
127const int *cipher_list( void )
128{
129 return supported_ciphers;
130}
131
Paul Bakkerec1b9842012-01-14 18:24:43 +0000[diff] [blame]132const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]133{
134 /* Find static cipher information */
135 switch ( cipher_type )
136 {
137#if defined(POLARSSL_AES_C)
138 case POLARSSL_CIPHER_AES_128_CBC:
139 return &aes_128_cbc_info;
140 case POLARSSL_CIPHER_AES_192_CBC:
141 return &aes_192_cbc_info;
142 case POLARSSL_CIPHER_AES_256_CBC:
143 return &aes_256_cbc_info;
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]144
145#if defined(POLARSSL_CIPHER_MODE_CFB)
146 case POLARSSL_CIPHER_AES_128_CFB128:
147 return &aes_128_cfb128_info;
148 case POLARSSL_CIPHER_AES_192_CFB128:
149 return &aes_192_cfb128_info;
150 case POLARSSL_CIPHER_AES_256_CFB128:
151 return &aes_256_cfb128_info;
152#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
153
154#if defined(POLARSSL_CIPHER_MODE_CTR)
155 case POLARSSL_CIPHER_AES_128_CTR:
156 return &aes_128_ctr_info;
157 case POLARSSL_CIPHER_AES_192_CTR:
158 return &aes_192_ctr_info;
159 case POLARSSL_CIPHER_AES_256_CTR:
160 return &aes_256_ctr_info;
161#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
162
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]163#if defined(POLARSSL_GCM_C)
164 case POLARSSL_CIPHER_AES_128_GCM:
165 return &aes_128_gcm_info;
Manuel Pégourié-Gonnard83f3fc02013-09-04 12:07:24 +0200[diff] [blame^]166 case POLARSSL_CIPHER_AES_192_GCM:
167 return &aes_192_gcm_info;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]168 case POLARSSL_CIPHER_AES_256_GCM:
169 return &aes_256_gcm_info;
170#endif /* defined(POLARSSL_GCM_C) */
171
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]172#endif
173
174#if defined(POLARSSL_CAMELLIA_C)
175 case POLARSSL_CIPHER_CAMELLIA_128_CBC:
176 return &camellia_128_cbc_info;
177 case POLARSSL_CIPHER_CAMELLIA_192_CBC:
178 return &camellia_192_cbc_info;
179 case POLARSSL_CIPHER_CAMELLIA_256_CBC:
180 return &camellia_256_cbc_info;
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]181
182#if defined(POLARSSL_CIPHER_MODE_CFB)
183 case POLARSSL_CIPHER_CAMELLIA_128_CFB128:
184 return &camellia_128_cfb128_info;
185 case POLARSSL_CIPHER_CAMELLIA_192_CFB128:
186 return &camellia_192_cfb128_info;
187 case POLARSSL_CIPHER_CAMELLIA_256_CFB128:
188 return &camellia_256_cfb128_info;
189#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
190
191#if defined(POLARSSL_CIPHER_MODE_CTR)
192 case POLARSSL_CIPHER_CAMELLIA_128_CTR:
193 return &camellia_128_ctr_info;
194 case POLARSSL_CIPHER_CAMELLIA_192_CTR:
195 return &camellia_192_ctr_info;
196 case POLARSSL_CIPHER_CAMELLIA_256_CTR:
197 return &camellia_256_ctr_info;
198#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
199
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]200#endif
201
202#if defined(POLARSSL_DES_C)
203 case POLARSSL_CIPHER_DES_CBC:
204 return &des_cbc_info;
205 case POLARSSL_CIPHER_DES_EDE_CBC:
206 return &des_ede_cbc_info;
207 case POLARSSL_CIPHER_DES_EDE3_CBC:
208 return &des_ede3_cbc_info;
209#endif
210
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]211#if defined(POLARSSL_ARC4_C)
212 case POLARSSL_CIPHER_ARC4_128:
213 return &arc4_128_info;
214#endif
215
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]216#if defined(POLARSSL_BLOWFISH_C)
217 case POLARSSL_CIPHER_BLOWFISH_CBC:
218 return &blowfish_cbc_info;
219
220#if defined(POLARSSL_CIPHER_MODE_CFB)
221 case POLARSSL_CIPHER_BLOWFISH_CFB64:
222 return &blowfish_cfb64_info;
223#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
224
225#if defined(POLARSSL_CIPHER_MODE_CTR)
226 case POLARSSL_CIPHER_BLOWFISH_CTR:
227 return &blowfish_ctr_info;
228#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
229
230#endif
231
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]232#if defined(POLARSSL_CIPHER_NULL_CIPHER)
233 case POLARSSL_CIPHER_NULL:
234 return &null_cipher_info;
235#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
236
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]237 default:
238 return NULL;
239 }
240}
241
242const cipher_info_t *cipher_info_from_string( const char *cipher_name )
243{
244 if( NULL == cipher_name )
245 return NULL;
246
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]247 /* Get the appropriate cipher information */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]248#if defined(POLARSSL_CAMELLIA_C)
249 if( !strcasecmp( "CAMELLIA-128-CBC", cipher_name ) )
250 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CBC );
251 if( !strcasecmp( "CAMELLIA-192-CBC", cipher_name ) )
252 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CBC );
253 if( !strcasecmp( "CAMELLIA-256-CBC", cipher_name ) )
254 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CBC );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]255
256#if defined(POLARSSL_CIPHER_MODE_CFB)
257 if( !strcasecmp( "CAMELLIA-128-CFB128", cipher_name ) )
258 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CFB128 );
259 if( !strcasecmp( "CAMELLIA-192-CFB128", cipher_name ) )
260 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CFB128 );
261 if( !strcasecmp( "CAMELLIA-256-CFB128", cipher_name ) )
262 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CFB128 );
263#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
264
265#if defined(POLARSSL_CIPHER_MODE_CTR)
266 if( !strcasecmp( "CAMELLIA-128-CTR", cipher_name ) )
267 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CTR );
268 if( !strcasecmp( "CAMELLIA-192-CTR", cipher_name ) )
269 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CTR );
270 if( !strcasecmp( "CAMELLIA-256-CTR", cipher_name ) )
271 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CTR );
272#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]273#endif
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]274
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]275#if defined(POLARSSL_AES_C)
276 if( !strcasecmp( "AES-128-CBC", cipher_name ) )
277 return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CBC );
278 if( !strcasecmp( "AES-192-CBC", cipher_name ) )
279 return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CBC );
280 if( !strcasecmp( "AES-256-CBC", cipher_name ) )
281 return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CBC );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]282
283#if defined(POLARSSL_CIPHER_MODE_CFB)
284 if( !strcasecmp( "AES-128-CFB128", cipher_name ) )
285 return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CFB128 );
286 if( !strcasecmp( "AES-192-CFB128", cipher_name ) )
287 return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CFB128 );
288 if( !strcasecmp( "AES-256-CFB128", cipher_name ) )
289 return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CFB128 );
290#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
291
292#if defined(POLARSSL_CIPHER_MODE_CTR)
293 if( !strcasecmp( "AES-128-CTR", cipher_name ) )
294 return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CTR );
295 if( !strcasecmp( "AES-192-CTR", cipher_name ) )
296 return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CTR );
297 if( !strcasecmp( "AES-256-CTR", cipher_name ) )
298 return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CTR );
299#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]300
301#if defined(POLARSSL_GCM_C)
302 if( !strcasecmp( "AES-128-GCM", cipher_name ) )
303 return cipher_info_from_type( POLARSSL_CIPHER_AES_128_GCM );
Manuel Pégourié-Gonnard83f3fc02013-09-04 12:07:24 +0200[diff] [blame^]304 if( !strcasecmp( "AES-192-GCM", cipher_name ) )
305 return cipher_info_from_type( POLARSSL_CIPHER_AES_192_GCM );
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]306 if( !strcasecmp( "AES-256-GCM", cipher_name ) )
307 return cipher_info_from_type( POLARSSL_CIPHER_AES_256_GCM );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]308#endif
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]309#endif /* POLARSSL_AES_C */
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]310
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200[diff] [blame]311#if defined(POLARSSL_ARC4_C)
312 if( !strcasecmp( "ARC4-128", cipher_name ) )
313 return( cipher_info_from_type( POLARSSL_CIPHER_ARC4_128 ) );
314#endif
315
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]316#if defined(POLARSSL_DES_C)
317 if( !strcasecmp( "DES-CBC", cipher_name ) )
318 return cipher_info_from_type( POLARSSL_CIPHER_DES_CBC );
319 if( !strcasecmp( "DES-EDE-CBC", cipher_name ) )
320 return cipher_info_from_type( POLARSSL_CIPHER_DES_EDE_CBC );
321 if( !strcasecmp( "DES-EDE3-CBC", cipher_name ) )
322 return cipher_info_from_type( POLARSSL_CIPHER_DES_EDE3_CBC );
323#endif
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]324
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]325#if defined(POLARSSL_BLOWFISH_C)
326 if( !strcasecmp( "BLOWFISH-CBC", cipher_name ) )
327 return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CBC );
328
329#if defined(POLARSSL_CIPHER_MODE_CFB)
330 if( !strcasecmp( "BLOWFISH-CFB64", cipher_name ) )
331 return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CFB64 );
332#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
333
334#if defined(POLARSSL_CIPHER_MODE_CTR)
335 if( !strcasecmp( "BLOWFISH-CTR", cipher_name ) )
336 return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CTR );
337#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
338#endif
339
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]340#if defined(POLARSSL_CIPHER_NULL_CIPHER)
341 if( !strcasecmp( "NULL", cipher_name ) )
342 return cipher_info_from_type( POLARSSL_CIPHER_NULL );
343#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
344
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]345 return NULL;
346}
347
348int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
349{
350 if( NULL == cipher_info || NULL == ctx )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]351 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]352
Paul Bakker279432a2012-04-26 10:09:35 +0000[diff] [blame]353 memset( ctx, 0, sizeof( cipher_context_t ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]354
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]355 if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]356 return POLARSSL_ERR_CIPHER_ALLOC_FAILED;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]357
358 ctx->cipher_info = cipher_info;
359
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]360 /*
361 * Ignore possible errors caused by a cipher mode that doesn't use padding
362 */
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]363#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]364 (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_PKCS7 );
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]365#else
366 (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_NONE );
367#endif
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]368
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]369 return 0;
370}
371
372int cipher_free_ctx( cipher_context_t *ctx )
373{
374 if( ctx == NULL || ctx->cipher_info == NULL )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]375 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]376
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]377 ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]378
379 return 0;
380}
381
382int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
383 int key_length, const operation_t operation )
384{
385 if( NULL == ctx || NULL == ctx->cipher_info )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]386 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]387
388 ctx->key_length = key_length;
389 ctx->operation = operation;
390
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]391 /*
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]392 * For CFB and CTR mode always use the encryption key schedule
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]393 */
394 if( POLARSSL_ENCRYPT == operation ||
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]395 POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]396 POLARSSL_MODE_CTR == ctx->cipher_info->mode )
397 {
398 return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]399 ctx->key_length );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]400 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]401
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]402 if( POLARSSL_DECRYPT == operation )
403 return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]404 ctx->key_length );
405
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]406 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]407}
408
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]409int cipher_set_iv( cipher_context_t *ctx,
410 const unsigned char *iv, size_t iv_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]411{
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200[diff] [blame]412 size_t actual_iv_size;
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]413
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]414 if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]415 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]416
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200[diff] [blame]417 if( ctx->cipher_info->accepts_variable_iv_size )
418 actual_iv_size = iv_len;
419 else
420 actual_iv_size = ctx->cipher_info->iv_size;
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]421
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200[diff] [blame]422 memcpy( ctx->iv, iv, actual_iv_size );
423 ctx->iv_size = actual_iv_size;
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]424
425 return 0;
426}
427
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]428int cipher_reset( cipher_context_t *ctx )
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]429{
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]430 if( NULL == ctx || NULL == ctx->cipher_info )
431 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
432
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]433 ctx->unprocessed_len = 0;
434
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]435 return 0;
436}
437
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]438#if defined(POLARSSL_CIPHER_MODE_AEAD)
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]439int cipher_update_ad( cipher_context_t *ctx,
440 const unsigned char *ad, size_t ad_len )
441{
442 if( NULL == ctx || NULL == ctx->cipher_info )
443 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
444
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]445#if defined(POLARSSL_GCM_C)
446 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
447 {
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]448 /* Make sure we're called right after cipher_reset() */
449 if( ((gcm_context *) ctx->cipher_ctx)->len != 0 ||
450 ((gcm_context *) ctx->cipher_ctx)->add_len != 0 )
451 {
452 return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
453 }
454
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]455 return gcm_starts( ctx->cipher_ctx, ctx->operation,
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]456 ctx->iv, ctx->iv_size, ad, ad_len );
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]457 }
458#endif
459
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]460 return 0;
461}
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]462#endif /* POLARSSL_CIPHER_MODE_AEAD */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]463
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]464int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ilen,
465 unsigned char *output, size_t *olen )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]466{
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]467 int ret;
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]468 size_t copy_len = 0;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]469
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]470 *olen = 0;
471
472 if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]473 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]474 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]475 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]476
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]477 if( input == output &&
478 ( ctx->unprocessed_len != 0 || ilen % cipher_get_block_size( ctx ) ) )
479 {
480 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
481 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]482
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]483 if( ctx->cipher_info->mode == POLARSSL_MODE_CBC ||
484 ctx->cipher_info->mode == POLARSSL_MODE_GCM )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]485 {
486 /*
487 * If there is not enough data for a full block, cache it.
488 */
489 if( ( ctx->operation == POLARSSL_DECRYPT &&
490 ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) ||
491 ( ctx->operation == POLARSSL_ENCRYPT &&
492 ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) )
493 {
494 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
495 ilen );
496
497 ctx->unprocessed_len += ilen;
498 return 0;
499 }
500
501 /*
502 * Process cached data first
503 */
504 if( ctx->unprocessed_len != 0 )
505 {
506 copy_len = cipher_get_block_size( ctx ) - ctx->unprocessed_len;
507
508 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
509 copy_len );
510
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]511#if defined(POLARSSL_GCM_C)
512 if( ctx->cipher_info->mode == POLARSSL_MODE_GCM )
513 {
514 if( 0 != ( ret = gcm_update( ctx->cipher_ctx,
515 cipher_get_block_size( ctx ),
516 ctx->unprocessed_data, output ) ) )
517 {
518 return ret;
519 }
520 }
521 else
522#endif
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]523 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]524 ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]525 ctx->unprocessed_data, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]526 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]527 return ret;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]528 }
529
530 *olen += cipher_get_block_size( ctx );
531 output += cipher_get_block_size( ctx );
532 ctx->unprocessed_len = 0;
533
534 input += copy_len;
535 ilen -= copy_len;
536 }
537
538 /*
539 * Cache final, incomplete block
540 */
541 if( 0 != ilen )
542 {
543 copy_len = ilen % cipher_get_block_size( ctx );
544 if( copy_len == 0 && ctx->operation == POLARSSL_DECRYPT )
545 copy_len = cipher_get_block_size(ctx);
546
547 memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
548 copy_len );
549
550 ctx->unprocessed_len += copy_len;
551 ilen -= copy_len;
552 }
553
554 /*
555 * Process remaining full blocks
556 */
557 if( ilen )
558 {
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]559#if defined(POLARSSL_GCM_C)
560 if( ctx->cipher_info->mode == POLARSSL_MODE_GCM )
561 {
562 if( 0 != ( ret = gcm_update( ctx->cipher_ctx,
563 ilen, input, output ) ) )
564 {
565 return ret;
566 }
567 }
568 else
569#endif
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]570 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
571 ctx->operation, ilen, ctx->iv, input, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]572 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]573 return ret;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]574 }
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]575
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]576 *olen += ilen;
577 }
578
579 return 0;
580 }
581
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]582#if defined(POLARSSL_CIPHER_MODE_CFB)
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]583 if( ctx->cipher_info->mode == POLARSSL_MODE_CFB )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]584 {
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]585 if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]586 ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]587 input, output ) ) )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]588 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]589 return ret;
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]590 }
591
592 *olen = ilen;
593
594 return 0;
595 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]596#endif
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]597
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]598#if defined(POLARSSL_CIPHER_MODE_CTR)
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]599 if( ctx->cipher_info->mode == POLARSSL_MODE_CTR )
600 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]601 if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]602 ilen, &ctx->unprocessed_len, ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]603 ctx->unprocessed_data, input, output ) ) )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]604 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]605 return ret;
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]606 }
607
608 *olen = ilen;
609
610 return 0;
611 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]612#endif
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]613
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200[diff] [blame]614#if defined(POLARSSL_CIPHER_MODE_STREAM)
615 if( ctx->cipher_info->mode == POLARSSL_MODE_STREAM )
616 {
617 if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
618 ilen, input, output ) ) )
619 {
620 return ret;
621 }
622
623 *olen = ilen;
624
625 return 0;
626 }
627#endif
628
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]629 return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]630}
631
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]632#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]633/*
634 * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
635 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]636static void add_pkcs_padding( unsigned char *output, size_t output_len,
637 size_t data_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]638{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]639 size_t padding_len = output_len - data_len;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]640 unsigned char i = 0;
641
642 for( i = 0; i < padding_len; i++ )
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]643 output[data_len + i] = (unsigned char) padding_len;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]644}
645
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]646static int get_pkcs_padding( unsigned char *input, size_t input_len,
647 size_t *data_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]648{
Paul Bakkerec1b9842012-01-14 18:24:43 +0000[diff] [blame]649 unsigned int i, padding_len = 0;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]650
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]651 if( NULL == input || NULL == data_len )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]652 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]653
654 padding_len = input[input_len - 1];
655
Manuel Pégourié-Gonnardb7d24bc2013-07-26 10:58:48 +0200[diff] [blame]656 if( padding_len > input_len || padding_len == 0 )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]657 return POLARSSL_ERR_CIPHER_INVALID_PADDING;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]658
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]659 for( i = input_len - padding_len; i < input_len; i++ )
660 if( input[i] != padding_len )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]661 return POLARSSL_ERR_CIPHER_INVALID_PADDING;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]662
663 *data_len = input_len - padding_len;
664
665 return 0;
666}
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]667#endif /* POLARSSL_CIPHER_PADDING_PKCS7 */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]668
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]669#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]670/*
671 * One and zeros padding: fill with 80 00 ... 00
672 */
673static void add_one_and_zeros_padding( unsigned char *output,
674 size_t output_len, size_t data_len )
675{
676 size_t padding_len = output_len - data_len;
677 unsigned char i = 0;
678
679 output[data_len] = 0x80;
680 for( i = 1; i < padding_len; i++ )
681 output[data_len + i] = 0x00;
682}
683
684static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
685 size_t *data_len )
686{
687 unsigned char *p = input + input_len - 1;
688
689 if( NULL == input || NULL == data_len )
690 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
691
692 while( *p == 0x00 && p > input )
693 --p;
694
695 if( *p != 0x80 )
696 return POLARSSL_ERR_CIPHER_INVALID_PADDING;
697
698 *data_len = p - input;
699
700 return 0;
701}
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]702#endif /* POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS */
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]703
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]704#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]705/*
706 * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
707 */
708static void add_zeros_and_len_padding( unsigned char *output,
709 size_t output_len, size_t data_len )
710{
711 size_t padding_len = output_len - data_len;
712 unsigned char i = 0;
713
714 for( i = 1; i < padding_len; i++ )
715 output[data_len + i - 1] = 0x00;
716 output[output_len - 1] = (unsigned char) padding_len;
717}
718
719static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
720 size_t *data_len )
721{
722 unsigned int i, padding_len = 0;
723
724 if( NULL == input || NULL == data_len )
725 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
726
727 padding_len = input[input_len - 1];
728
729 if( padding_len > input_len || padding_len == 0 )
730 return POLARSSL_ERR_CIPHER_INVALID_PADDING;
731
732 for( i = input_len - padding_len; i < input_len - 1; i++ )
733 if( input[i] != 0x00 )
734 return POLARSSL_ERR_CIPHER_INVALID_PADDING;
735
736 *data_len = input_len - padding_len;
737
738 return 0;
739}
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]740#endif /* POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN */
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]741
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]742#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]743/*
744 * Zero padding: fill with 00 ... 00
745 */
746static void add_zeros_padding( unsigned char *output,
747 size_t output_len, size_t data_len )
748{
749 unsigned char i;
750
751 for( i = data_len; i < output_len; i++ )
752 output[i] = 0x00;
753}
754
755static int get_zeros_padding( unsigned char *input, size_t input_len,
756 size_t *data_len )
757{
758 unsigned char *p = input + input_len - 1;
759 if( NULL == input || NULL == data_len )
760 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
761
762 while( *p == 0x00 && p > input )
763 --p;
764
765 *data_len = *p == 0x00 ? 0 : p - input + 1;
766
767 return 0;
768}
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]769#endif /* POLARSSL_CIPHER_PADDING_ZEROS */
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]770
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]771/*
772 * No padding: don't pad :)
773 *
774 * There is no add_padding function (check for NULL in cipher_finish)
775 * but a trivial get_padding function
776 */
777static int get_no_padding( unsigned char *input, size_t input_len,
778 size_t *data_len )
779{
780 if( NULL == input || NULL == data_len )
781 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
782
783 *data_len = input_len;
784
785 return 0;
786}
787
Manuel Pégourié-Gonnard9241be72013-08-31 17:31:03 +0200[diff] [blame]788int cipher_finish( cipher_context_t *ctx,
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]789 unsigned char *output, size_t *olen )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]790{
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]791 int ret = 0;
792
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]793 if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]794 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]795
796 *olen = 0;
797
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]798 if( POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]799 POLARSSL_MODE_CTR == ctx->cipher_info->mode ||
Manuel Pégourié-Gonnardb5e85882013-08-28 16:36:14 +0200[diff] [blame]800 POLARSSL_MODE_STREAM == ctx->cipher_info->mode )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]801 {
802 return 0;
803 }
804
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]805#if defined(POLARSSL_GCM_C)
806 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
807 {
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]808 if( 0 != ( ret = gcm_update( ctx->cipher_ctx,
809 ctx->unprocessed_len, ctx->unprocessed_data,
810 output ) ) )
811 {
812 return( ret );
813 }
814
815 *olen += ctx->unprocessed_len;
816
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]817 return( 0 );
818 }
819#endif
820
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]821 if( POLARSSL_MODE_CBC == ctx->cipher_info->mode )
822 {
823 if( POLARSSL_ENCRYPT == ctx->operation )
824 {
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]825 /* check for 'no padding' mode */
826 if( NULL == ctx->add_padding )
827 {
828 if( 0 != ctx->unprocessed_len )
829 return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
830
831 return 0;
832 }
833
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]834 ctx->add_padding( ctx->unprocessed_data, cipher_get_iv_size( ctx ),
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]835 ctx->unprocessed_len );
836 }
837 else if ( cipher_get_block_size( ctx ) != ctx->unprocessed_len )
838 {
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]839 /*
840 * For decrypt operations, expect a full block,
841 * or an empty block if no padding
842 */
843 if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
844 return 0;
845
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]846 return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]847 }
848
849 /* cipher block */
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]850 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
851 ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
852 ctx->unprocessed_data, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]853 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]854 return ret;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]855 }
856
857 /* Set output size for decryption */
858 if( POLARSSL_DECRYPT == ctx->operation )
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]859 return ctx->get_padding( output, cipher_get_block_size( ctx ),
860 olen );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]861
862 /* Set output size for encryption */
863 *olen = cipher_get_block_size( ctx );
864 return 0;
865 }
866
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]867 return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]868}
869
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]870int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode )
871{
872 if( NULL == ctx ||
873 POLARSSL_MODE_CBC != ctx->cipher_info->mode )
874 {
875 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
876 }
877
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]878 switch( mode )
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]879 {
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]880#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]881 case POLARSSL_PADDING_PKCS7:
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]882 ctx->add_padding = add_pkcs_padding;
883 ctx->get_padding = get_pkcs_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]884 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]885#endif
886#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]887 case POLARSSL_PADDING_ONE_AND_ZEROS:
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]888 ctx->add_padding = add_one_and_zeros_padding;
889 ctx->get_padding = get_one_and_zeros_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]890 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]891#endif
892#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]893 case POLARSSL_PADDING_ZEROS_AND_LEN:
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]894 ctx->add_padding = add_zeros_and_len_padding;
895 ctx->get_padding = get_zeros_and_len_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]896 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]897#endif
898#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]899 case POLARSSL_PADDING_ZEROS:
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]900 ctx->add_padding = add_zeros_padding;
901 ctx->get_padding = get_zeros_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]902 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]903#endif
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]904 case POLARSSL_PADDING_NONE:
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]905 ctx->add_padding = NULL;
906 ctx->get_padding = get_no_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]907 break;
908
909 default:
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]910 return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]911 }
912
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]913 return 0;
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]914}
915
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]916#if defined(POLARSSL_CIPHER_MODE_AEAD)
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]917int cipher_write_tag( cipher_context_t *ctx,
918 unsigned char *tag, size_t tag_len )
919{
920 if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag )
921 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
922
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]923 if( POLARSSL_ENCRYPT != ctx->operation )
924 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
925
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]926#if defined(POLARSSL_GCM_C)
927 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
928 return gcm_finish( ctx->cipher_ctx, tag, tag_len );
929#endif
930
931 return 0;
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]932}
933
934int cipher_check_tag( cipher_context_t *ctx,
935 const unsigned char *tag, size_t tag_len )
936{
937 int ret;
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]938
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]939 if( NULL == ctx || NULL == ctx->cipher_info ||
940 POLARSSL_DECRYPT != ctx->operation )
941 {
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]942 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]943 }
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]944
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]945#if defined(POLARSSL_GCM_C)
946 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
947 {
948 unsigned char check_tag[16];
949 size_t i;
950 int diff;
951
952 if( tag_len > sizeof( check_tag ) )
953 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
954
955 if( 0 != ( ret = gcm_finish( ctx->cipher_ctx, check_tag, tag_len ) ) )
956 return( ret );
957
958 /* Check the tag in "constant-time" */
959 for( diff = 0, i = 0; i < tag_len; i++ )
960 diff |= tag[i] ^ check_tag[i];
961
962 if( diff != 0 )
963 return( POLARSSL_ERR_GCM_AUTH_FAILED );
964
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]965 return( 0 );
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]966 }
967#endif
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]968
969 return( 0 );
970}
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]971#endif /* POLARSSL_CIPHER_MODE_AEAD */
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]972
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]973#if defined(POLARSSL_SELF_TEST)
974
975#include <stdio.h>
976
977#define ASSERT(x) if (!(x)) { \
978 printf( "failed with %i at %s\n", value, (#x) ); \
979 return( 1 ); \
980}
981/*
982 * Checkup routine
983 */
984
985int cipher_self_test( int verbose )
986{
Paul Bakkerd61e7d92011-01-18 16:17:47 +0000[diff] [blame]987 ((void) verbose);
988
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]989 return( 0 );
990}
991
992#endif
993
994#endif