commit bd7528a5920740722b9ab2cb830b45adf21aabfe
author Valerio Setti <valerio.setti@nordicsemi.no> Thu Dec 14 09:36:03 2023 +0100
committer Valerio Setti <valerio.setti@nordicsemi.no> Thu Dec 14 18:08:14 2023 +0100
tree 922bae263fb0cca7d9c3ef33bcd433fe8a38f8c9
parent 4a5d57d2255d2b0d862cb006b6743fdb894f62b2

ccm/gcm: use BLOCK_CIPHER whenever possible

Prefer BLOCK_CIPHER instead of CIPHER_C whenever it's enabled.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

library/ccm.c

diff --git a/library/ccm.c b/library/ccm.c
index 6700dc7..392ceb8 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -23,7 +23,7 @@
 #include "mbedtls/error.h"
 #include "mbedtls/constant_time.h"
 
-#if !defined(MBEDTLS_CIPHER_C)
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
 #include "block_cipher_internal.h"
 #endif
 
@@ -56,7 +56,17 @@
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-#if defined(MBEDTLS_CIPHER_C)
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
+    mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
+
+    if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) {
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
+    }
+
+    if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) {
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
+    }
+#else
     const mbedtls_cipher_info_t *cipher_info;
 
     cipher_info = mbedtls_cipher_info_from_values(cipher, keybits,
@@ -79,16 +89,6 @@
                                      MBEDTLS_ENCRYPT)) != 0) {
         return ret;
     }
-#else
-    mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
-
-    if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) {
-        return MBEDTLS_ERR_CCM_BAD_INPUT;
-    }
-
-    if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) {
-        return MBEDTLS_ERR_CCM_BAD_INPUT;
-    }
 #endif
 
     return 0;
@@ -102,10 +102,10 @@
     if (ctx == NULL) {
         return;
     }
-#if defined(MBEDTLS_CIPHER_C)
-    mbedtls_cipher_free(&ctx->cipher_ctx);
-#else
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
     mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
+#else
+    mbedtls_cipher_free(&ctx->cipher_ctx);
 #endif
     mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ccm_context));
 }
@@ -128,11 +128,11 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char tmp_buf[16] = { 0 };
 
-#if defined(MBEDTLS_CIPHER_C)
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
+    ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->ctr, tmp_buf);
+#else
     size_t olen = 0;
     ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->ctr, 16, tmp_buf, &olen);
-#else
-    ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->ctr, tmp_buf);
 #endif
     if (ret != 0) {
         ctx->state |= CCM_STATE__ERROR;
@@ -158,7 +158,7 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
     size_t len_left;
-#if defined(MBEDTLS_CIPHER_C)
+#if !defined(MBEDTLS_BLOCK_CIPHER_C)
     size_t olen;
 #endif
 
@@ -206,10 +206,10 @@
     }
 
     /* Start CBC-MAC with first block*/
-#if defined(MBEDTLS_CIPHER_C)
-    ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
-#else
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
     ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y);
+#else
+    ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
 #endif
     if (ret != 0) {
         ctx->state |= CCM_STATE__ERROR;
@@ -292,7 +292,7 @@
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t use_len, offset;
-#if defined(MBEDTLS_CIPHER_C)
+#if !defined(MBEDTLS_BLOCK_CIPHER_C)
     size_t olen;
 #endif
 
@@ -334,10 +334,10 @@
             add += use_len;
 
             if (use_len + offset == 16 || ctx->processed == ctx->add_len) {
-#if defined(MBEDTLS_CIPHER_C)
-                ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
-#else
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
                 ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y);
+#else
+                ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
 #endif
                 if (ret != 0) {
                     ctx->state |= CCM_STATE__ERROR;
@@ -363,7 +363,7 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
     size_t use_len, offset;
-#if defined(MBEDTLS_CIPHER_C)
+#if !defined(MBEDTLS_BLOCK_CIPHER_C)
     size_t olen;
 #endif
 
@@ -403,10 +403,10 @@
             mbedtls_xor(ctx->y + offset, ctx->y + offset, input, use_len);
 
             if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) {
-#if defined(MBEDTLS_CIPHER_C)
-                ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
-#else
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
                 ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y);
+#else
+                ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
 #endif
                 if (ret != 0) {
                     ctx->state |= CCM_STATE__ERROR;
@@ -438,10 +438,10 @@
             memcpy(output, local_output, use_len);
 
             if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) {
-#if defined(MBEDTLS_CIPHER_C)
-                ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
-#else
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
                 ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y);
+#else
+                ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
 #endif
                 if (ret != 0) {
                     ctx->state |= CCM_STATE__ERROR;