ccm/gcm: use BLOCK_CIPHER whenever possible
Prefer BLOCK_CIPHER instead of CIPHER_C whenever it's enabled.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index 8bf8c32..018db64 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -40,7 +40,7 @@
#include "mbedtls/cipher.h"
-#if !defined(MBEDTLS_CIPHER_C)
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
#include "mbedtls/block_cipher.h"
#endif
@@ -84,10 +84,10 @@
#MBEDTLS_CCM_DECRYPT or
#MBEDTLS_CCM_STAR_ENCRYPT or
#MBEDTLS_CCM_STAR_DECRYPT. */
-#if defined(MBEDTLS_CIPHER_C)
- mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
-#else
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
mbedtls_block_cipher_context_t MBEDTLS_PRIVATE(block_cipher_ctx); /*!< The cipher context used. */
+#else
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
#endif
int MBEDTLS_PRIVATE(state); /*!< Working value holding context's
state. Used for chunked data input */
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index 3925f68..631b392 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -24,7 +24,7 @@
#include "mbedtls/cipher.h"
-#if !defined(MBEDTLS_CIPHER_C)
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
#include "mbedtls/block_cipher.h"
#endif
@@ -50,10 +50,10 @@
* \brief The GCM context structure.
*/
typedef struct mbedtls_gcm_context {
-#if defined(MBEDTLS_CIPHER_C)
- mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
-#else
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
mbedtls_block_cipher_context_t MBEDTLS_PRIVATE(block_cipher_ctx); /*!< The cipher context used. */
+#else
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
#endif
uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */
uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */
diff --git a/library/ccm.c b/library/ccm.c
index 6700dc7..392ceb8 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -23,7 +23,7 @@
#include "mbedtls/error.h"
#include "mbedtls/constant_time.h"
-#if !defined(MBEDTLS_CIPHER_C)
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
#include "block_cipher_internal.h"
#endif
@@ -56,7 +56,17 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-#if defined(MBEDTLS_CIPHER_C)
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
+ mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
+
+ if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) {
+ return MBEDTLS_ERR_CCM_BAD_INPUT;
+ }
+
+ if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) {
+ return MBEDTLS_ERR_CCM_BAD_INPUT;
+ }
+#else
const mbedtls_cipher_info_t *cipher_info;
cipher_info = mbedtls_cipher_info_from_values(cipher, keybits,
@@ -79,16 +89,6 @@
MBEDTLS_ENCRYPT)) != 0) {
return ret;
}
-#else
- mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
-
- if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) {
- return MBEDTLS_ERR_CCM_BAD_INPUT;
- }
-
- if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) {
- return MBEDTLS_ERR_CCM_BAD_INPUT;
- }
#endif
return 0;
@@ -102,10 +102,10 @@
if (ctx == NULL) {
return;
}
-#if defined(MBEDTLS_CIPHER_C)
- mbedtls_cipher_free(&ctx->cipher_ctx);
-#else
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
+#else
+ mbedtls_cipher_free(&ctx->cipher_ctx);
#endif
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ccm_context));
}
@@ -128,11 +128,11 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char tmp_buf[16] = { 0 };
-#if defined(MBEDTLS_CIPHER_C)
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
+ ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->ctr, tmp_buf);
+#else
size_t olen = 0;
ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->ctr, 16, tmp_buf, &olen);
-#else
- ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->ctr, tmp_buf);
#endif
if (ret != 0) {
ctx->state |= CCM_STATE__ERROR;
@@ -158,7 +158,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char i;
size_t len_left;
-#if defined(MBEDTLS_CIPHER_C)
+#if !defined(MBEDTLS_BLOCK_CIPHER_C)
size_t olen;
#endif
@@ -206,10 +206,10 @@
}
/* Start CBC-MAC with first block*/
-#if defined(MBEDTLS_CIPHER_C)
- ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
-#else
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y);
+#else
+ ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
#endif
if (ret != 0) {
ctx->state |= CCM_STATE__ERROR;
@@ -292,7 +292,7 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t use_len, offset;
-#if defined(MBEDTLS_CIPHER_C)
+#if !defined(MBEDTLS_BLOCK_CIPHER_C)
size_t olen;
#endif
@@ -334,10 +334,10 @@
add += use_len;
if (use_len + offset == 16 || ctx->processed == ctx->add_len) {
-#if defined(MBEDTLS_CIPHER_C)
- ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
-#else
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y);
+#else
+ ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
#endif
if (ret != 0) {
ctx->state |= CCM_STATE__ERROR;
@@ -363,7 +363,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char i;
size_t use_len, offset;
-#if defined(MBEDTLS_CIPHER_C)
+#if !defined(MBEDTLS_BLOCK_CIPHER_C)
size_t olen;
#endif
@@ -403,10 +403,10 @@
mbedtls_xor(ctx->y + offset, ctx->y + offset, input, use_len);
if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) {
-#if defined(MBEDTLS_CIPHER_C)
- ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
-#else
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y);
+#else
+ ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
#endif
if (ret != 0) {
ctx->state |= CCM_STATE__ERROR;
@@ -438,10 +438,10 @@
memcpy(output, local_output, use_len);
if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) {
-#if defined(MBEDTLS_CIPHER_C)
- ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
-#else
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y);
+#else
+ ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
#endif
if (ret != 0) {
ctx->state |= CCM_STATE__ERROR;
diff --git a/library/gcm.c b/library/gcm.c
index 8181ec8..ac6b945 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -25,7 +25,7 @@
#include "mbedtls/error.h"
#include "mbedtls/constant_time.h"
-#if !defined(MBEDTLS_CIPHER_C)
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
#include "block_cipher_internal.h"
#endif
@@ -66,11 +66,11 @@
memset(h, 0, 16);
-#if defined(MBEDTLS_CIPHER_C)
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
+ ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, h, h);
+#else
size_t olen = 0;
ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen);
-#else
- ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, h, h);
#endif
if (ret != 0) {
return ret;
@@ -139,7 +139,17 @@
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
-#if defined(MBEDTLS_CIPHER_C)
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
+ mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
+
+ if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) {
+ return ret;
+ }
+
+ if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) {
+ return ret;
+ }
+#else
const mbedtls_cipher_info_t *cipher_info;
cipher_info = mbedtls_cipher_info_from_values(cipher, keybits,
@@ -162,16 +172,6 @@
MBEDTLS_ENCRYPT)) != 0) {
return ret;
}
-#else
- mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
-
- if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) {
- return ret;
- }
-
- if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) {
- return ret;
- }
#endif
if ((ret = gcm_gen_table(ctx)) != 0) {
@@ -277,7 +277,7 @@
const unsigned char *p;
size_t use_len;
uint64_t iv_bits;
-#if defined(MBEDTLS_CIPHER_C)
+#if !defined(MBEDTLS_BLOCK_CIPHER_C)
size_t olen = 0;
#endif
@@ -320,10 +320,10 @@
}
-#if defined(MBEDTLS_CIPHER_C)
- ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr, &olen);
-#else
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->base_ectr);
+#else
+ ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr, &olen);
#endif
if (ret != 0) {
return ret;
@@ -419,11 +419,11 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-#if defined(MBEDTLS_CIPHER_C)
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
+ ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ectr);
+#else
size_t olen = 0;
ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr, &olen);
-#else
- ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ectr);
#endif
if (ret != 0) {
mbedtls_platform_zeroize(ectr, 16);
@@ -649,10 +649,10 @@
if (ctx == NULL) {
return;
}
-#if defined(MBEDTLS_CIPHER_C)
- mbedtls_cipher_free(&ctx->cipher_ctx);
-#else
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
+#else
+ mbedtls_cipher_free(&ctx->cipher_ctx);
#endif
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_gcm_context));
}