TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 480f7e7d5e5996f2bfd9a88aa2a043edae5c0354 / . / library / cipher.c
blob: b69d331060a803d6fc950de4dffab9b60e666e6b [file] [log] [blame]
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]1/**
2 * \file cipher.c
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]3 *
Manuel Pégourié-Gonnardb4fe3cb2015-01-22 16:11:05 +0000[diff] [blame]4 * \brief Generic cipher wrapper for mbed TLS
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]5 *
6 * \author Adriaan de Jong <dejong@fox-it.com>
7 *
Manuel Pégourié-Gonnarda658a402015-01-23 09:45:19 +0000[diff] [blame]8 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]9 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]10 * This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]11 *
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
16 *
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License along
23 * with this program; if not, write to the Free Software Foundation, Inc.,
24 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 */
26
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]27#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]28#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]29#else
30#include POLARSSL_CONFIG_FILE
31#endif
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]32
33#if defined(POLARSSL_CIPHER_C)
34
35#include "polarssl/cipher.h"
36#include "polarssl/cipher_wrap.h"
37
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]38#include <stdlib.h>
39#include <string.h>
40
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]41#if defined(POLARSSL_GCM_C)
42#include "polarssl/gcm.h"
43#endif
44
Manuel Pégourié-Gonnard41936952014-05-13 13:18:17 +0200[diff] [blame]45#if defined(POLARSSL_CCM_C)
46#include "polarssl/ccm.h"
47#endif
48
Manuel Pégourié-Gonnardb5e85882013-08-28 16:36:14 +0200[diff] [blame]49#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200[diff] [blame]50#define POLARSSL_CIPHER_MODE_STREAM
51#endif
52
Paul Bakker6edcd412013-10-29 15:22:54 +0100[diff] [blame]53#if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
54 !defined(EFI32)
Paul Bakkeraf5c85f2011-04-18 03:47:52 +0000[diff] [blame]55#define strcasecmp _stricmp
56#endif
57
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]58/* Implementation that should never be optimized out by the compiler */
59static void polarssl_zeroize( void *v, size_t n ) {
60 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
61}
62
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]63static int supported_init = 0;
Paul Bakker72f62662011-01-16 21:27:44 +0000[diff] [blame]64
65const int *cipher_list( void )
66{
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]67 const cipher_definition_t *def;
68 int *type;
69
70 if( ! supported_init )
71 {
72 def = cipher_definitions;
73 type = supported_ciphers;
74
75 while( def->type != 0 )
76 *type++ = (*def++).type;
77
78 *type = 0;
79
80 supported_init = 1;
81 }
82
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]83 return( supported_ciphers );
Paul Bakker72f62662011-01-16 21:27:44 +0000[diff] [blame]84}
85
Paul Bakkerec1b9842012-01-14 18:24:43 +0000[diff] [blame]86const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]87{
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]88 const cipher_definition_t *def;
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]89
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]90 for( def = cipher_definitions; def->info != NULL; def++ )
91 if( def->type == cipher_type )
92 return( def->info );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]93
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]94 return( NULL );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]95}
96
97const cipher_info_t *cipher_info_from_string( const char *cipher_name )
98{
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]99 const cipher_definition_t *def;
100
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]101 if( NULL == cipher_name )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]102 return( NULL );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]103
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]104 for( def = cipher_definitions; def->info != NULL; def++ )
105 if( ! strcasecmp( def->info->name, cipher_name ) )
106 return( def->info );
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]107
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]108 return( NULL );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]109}
110
Paul Bakkerf46b6952013-09-09 00:08:26 +0200[diff] [blame]111const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
112 int key_length,
113 const cipher_mode_t mode )
114{
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]115 const cipher_definition_t *def;
Paul Bakkerf46b6952013-09-09 00:08:26 +0200[diff] [blame]116
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]117 for( def = cipher_definitions; def->info != NULL; def++ )
118 if( def->info->base->cipher == cipher_id &&
119 def->info->key_length == (unsigned) key_length &&
120 def->info->mode == mode )
121 return( def->info );
Paul Bakkerf46b6952013-09-09 00:08:26 +0200[diff] [blame]122
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]123 return( NULL );
Paul Bakkerf46b6952013-09-09 00:08:26 +0200[diff] [blame]124}
125
Paul Bakker84bbeb52014-07-01 14:53:22 +0200[diff] [blame]126void cipher_init( cipher_context_t *ctx )
127{
128 memset( ctx, 0, sizeof( cipher_context_t ) );
129}
130
131void cipher_free( cipher_context_t *ctx )
132{
133 if( ctx == NULL )
134 return;
135
136 if( ctx->cipher_ctx )
137 ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
138
139 polarssl_zeroize( ctx, sizeof(cipher_context_t) );
140}
141
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]142int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
143{
144 if( NULL == cipher_info || NULL == ctx )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]145 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]146
Paul Bakker279432a2012-04-26 10:09:35 +0000[diff] [blame]147 memset( ctx, 0, sizeof( cipher_context_t ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]148
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]149 if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]150 return( POLARSSL_ERR_CIPHER_ALLOC_FAILED );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]151
152 ctx->cipher_info = cipher_info;
153
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]154#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]155 /*
156 * Ignore possible errors caused by a cipher mode that doesn't use padding
157 */
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]158#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]159 (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_PKCS7 );
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]160#else
161 (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_NONE );
162#endif
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]163#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]164
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]165 return( 0 );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]166}
167
Manuel Pégourié-Gonnardc70581c2015-03-23 13:58:27 +0100[diff] [blame]168#if ! defined(POLARSSL_DEPRECATED_REMOVED)
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]169int cipher_free_ctx( cipher_context_t *ctx )
170{
Paul Bakker84bbeb52014-07-01 14:53:22 +0200[diff] [blame]171 cipher_free( ctx );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]172
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]173 return( 0 );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]174}
Manuel Pégourié-Gonnardc70581c2015-03-23 13:58:27 +0100[diff] [blame]175#endif
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]176
177int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
178 int key_length, const operation_t operation )
179{
180 if( NULL == ctx || NULL == ctx->cipher_info )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]181 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]182
Manuel Pégourié-Gonnard398c57b2014-06-23 12:10:59 +0200[diff] [blame]183 if( ( ctx->cipher_info->flags & POLARSSL_CIPHER_VARIABLE_KEY_LEN ) == 0 &&
184 (int) ctx->cipher_info->key_length != key_length )
185 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]186 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard398c57b2014-06-23 12:10:59 +0200[diff] [blame]187 }
Manuel Pégourié-Gonnarddd0f57f2013-09-16 11:47:43 +0200[diff] [blame]188
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]189 ctx->key_length = key_length;
190 ctx->operation = operation;
191
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]192 /*
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]193 * For CFB and CTR mode always use the encryption key schedule
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]194 */
195 if( POLARSSL_ENCRYPT == operation ||
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]196 POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]197 POLARSSL_MODE_CTR == ctx->cipher_info->mode )
198 {
199 return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]200 ctx->key_length );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]201 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]202
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]203 if( POLARSSL_DECRYPT == operation )
204 return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]205 ctx->key_length );
206
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]207 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]208}
209
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]210int cipher_set_iv( cipher_context_t *ctx,
211 const unsigned char *iv, size_t iv_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]212{
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200[diff] [blame]213 size_t actual_iv_size;
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]214
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]215 if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]216 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]217
Manuel Pégourié-Gonnarde0dca4a2013-10-24 16:54:25 +0200[diff] [blame]218 /* avoid buffer overflow in ctx->iv */
219 if( iv_len > POLARSSL_MAX_IV_LENGTH )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]220 return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
Manuel Pégourié-Gonnarde0dca4a2013-10-24 16:54:25 +0200[diff] [blame]221
Manuel Pégourié-Gonnard81754a02014-06-23 11:33:18 +0200[diff] [blame]222 if( ( ctx->cipher_info->flags & POLARSSL_CIPHER_VARIABLE_IV_LEN ) != 0 )
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200[diff] [blame]223 actual_iv_size = iv_len;
224 else
Manuel Pégourié-Gonnarde0dca4a2013-10-24 16:54:25 +0200[diff] [blame]225 {
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200[diff] [blame]226 actual_iv_size = ctx->cipher_info->iv_size;
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]227
Manuel Pégourié-Gonnarde0dca4a2013-10-24 16:54:25 +0200[diff] [blame]228 /* avoid reading past the end of input buffer */
229 if( actual_iv_size > iv_len )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]230 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnarde0dca4a2013-10-24 16:54:25 +0200[diff] [blame]231 }
232
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200[diff] [blame]233 memcpy( ctx->iv, iv, actual_iv_size );
234 ctx->iv_size = actual_iv_size;
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]235
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]236 return( 0 );
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]237}
238
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]239int cipher_reset( cipher_context_t *ctx )
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]240{
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]241 if( NULL == ctx || NULL == ctx->cipher_info )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]242 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]243
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]244 ctx->unprocessed_len = 0;
245
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]246 return( 0 );
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]247}
248
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]249#if defined(POLARSSL_GCM_C)
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]250int cipher_update_ad( cipher_context_t *ctx,
251 const unsigned char *ad, size_t ad_len )
252{
253 if( NULL == ctx || NULL == ctx->cipher_info )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]254 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]255
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]256 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
257 {
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200[diff] [blame]258 return gcm_starts( (gcm_context *) ctx->cipher_ctx, ctx->operation,
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]259 ctx->iv, ctx->iv_size, ad, ad_len );
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]260 }
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]261
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]262 return( 0 );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]263}
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]264#endif /* POLARSSL_GCM_C */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]265
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]266int cipher_update( cipher_context_t *ctx, const unsigned char *input,
267 size_t ilen, unsigned char *output, size_t *olen )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]268{
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]269 int ret;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]270
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]271 if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]272 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]273 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]274 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]275
Paul Bakker6c212762013-12-16 15:24:50 +0100[diff] [blame]276 *olen = 0;
277
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]278 if( ctx->cipher_info->mode == POLARSSL_MODE_ECB )
279 {
280 if( ilen != cipher_get_block_size( ctx ) )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]281 return( POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED );
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]282
283 *olen = ilen;
284
285 if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx,
286 ctx->operation, input, output ) ) )
287 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]288 return( ret );
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]289 }
290
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]291 return( 0 );
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]292 }
293
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200[diff] [blame]294#if defined(POLARSSL_GCM_C)
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]295 if( ctx->cipher_info->mode == POLARSSL_MODE_GCM )
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200[diff] [blame]296 {
297 *olen = ilen;
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200[diff] [blame]298 return gcm_update( (gcm_context *) ctx->cipher_ctx, ilen, input,
299 output );
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200[diff] [blame]300 }
301#endif
302
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]303 if( input == output &&
304 ( ctx->unprocessed_len != 0 || ilen % cipher_get_block_size( ctx ) ) )
305 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]306 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]307 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]308
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]309#if defined(POLARSSL_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200[diff] [blame]310 if( ctx->cipher_info->mode == POLARSSL_MODE_CBC )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]311 {
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]312 size_t copy_len = 0;
313
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]314 /*
315 * If there is not enough data for a full block, cache it.
316 */
317 if( ( ctx->operation == POLARSSL_DECRYPT &&
318 ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) ||
319 ( ctx->operation == POLARSSL_ENCRYPT &&
320 ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) )
321 {
322 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
323 ilen );
324
325 ctx->unprocessed_len += ilen;
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]326 return( 0 );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]327 }
328
329 /*
330 * Process cached data first
331 */
332 if( ctx->unprocessed_len != 0 )
333 {
334 copy_len = cipher_get_block_size( ctx ) - ctx->unprocessed_len;
335
336 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
337 copy_len );
338
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]339 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]340 ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]341 ctx->unprocessed_data, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]342 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]343 return( ret );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]344 }
345
346 *olen += cipher_get_block_size( ctx );
347 output += cipher_get_block_size( ctx );
348 ctx->unprocessed_len = 0;
349
350 input += copy_len;
351 ilen -= copy_len;
352 }
353
354 /*
355 * Cache final, incomplete block
356 */
357 if( 0 != ilen )
358 {
359 copy_len = ilen % cipher_get_block_size( ctx );
360 if( copy_len == 0 && ctx->operation == POLARSSL_DECRYPT )
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]361 copy_len = cipher_get_block_size( ctx );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]362
363 memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
364 copy_len );
365
366 ctx->unprocessed_len += copy_len;
367 ilen -= copy_len;
368 }
369
370 /*
371 * Process remaining full blocks
372 */
373 if( ilen )
374 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]375 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
376 ctx->operation, ilen, ctx->iv, input, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]377 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]378 return( ret );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]379 }
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]380
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]381 *olen += ilen;
382 }
383
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]384 return( 0 );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]385 }
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]386#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]387
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]388#if defined(POLARSSL_CIPHER_MODE_CFB)
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]389 if( ctx->cipher_info->mode == POLARSSL_MODE_CFB )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]390 {
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]391 if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]392 ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]393 input, output ) ) )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]394 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]395 return( ret );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]396 }
397
398 *olen = ilen;
399
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]400 return( 0 );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]401 }
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]402#endif /* POLARSSL_CIPHER_MODE_CFB */
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]403
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]404#if defined(POLARSSL_CIPHER_MODE_CTR)
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]405 if( ctx->cipher_info->mode == POLARSSL_MODE_CTR )
406 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]407 if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]408 ilen, &ctx->unprocessed_len, ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]409 ctx->unprocessed_data, input, output ) ) )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]410 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]411 return( ret );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]412 }
413
414 *olen = ilen;
415
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]416 return( 0 );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]417 }
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]418#endif /* POLARSSL_CIPHER_MODE_CTR */
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]419
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200[diff] [blame]420#if defined(POLARSSL_CIPHER_MODE_STREAM)
421 if( ctx->cipher_info->mode == POLARSSL_MODE_STREAM )
422 {
423 if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
424 ilen, input, output ) ) )
425 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]426 return( ret );
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200[diff] [blame]427 }
428
429 *olen = ilen;
430
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]431 return( 0 );
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200[diff] [blame]432 }
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]433#endif /* POLARSSL_CIPHER_MODE_STREAM */
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200[diff] [blame]434
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]435 return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]436}
437
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]438#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]439#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]440/*
441 * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
442 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]443static void add_pkcs_padding( unsigned char *output, size_t output_len,
444 size_t data_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]445{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]446 size_t padding_len = output_len - data_len;
Manuel Pégourié-Gonnardf8ab0692013-10-27 17:21:14 +0100[diff] [blame]447 unsigned char i;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]448
449 for( i = 0; i < padding_len; i++ )
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]450 output[data_len + i] = (unsigned char) padding_len;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]451}
452
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]453static int get_pkcs_padding( unsigned char *input, size_t input_len,
454 size_t *data_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]455{
Manuel Pégourié-Gonnardf8ab0692013-10-27 17:21:14 +0100[diff] [blame]456 size_t i, pad_idx;
457 unsigned char padding_len, bad = 0;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]458
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]459 if( NULL == input || NULL == data_len )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]460 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]461
462 padding_len = input[input_len - 1];
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]463 *data_len = input_len - padding_len;
464
Manuel Pégourié-Gonnardf8ab0692013-10-27 17:21:14 +0100[diff] [blame]465 /* Avoid logical || since it results in a branch */
466 bad |= padding_len > input_len;
467 bad |= padding_len == 0;
468
469 /* The number of bytes checked must be independent of padding_len,
470 * so pick input_len, which is usually 8 or 16 (one block) */
471 pad_idx = input_len - padding_len;
472 for( i = 0; i < input_len; i++ )
473 bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx );
474
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]475 return( POLARSSL_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]476}
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]477#endif /* POLARSSL_CIPHER_PADDING_PKCS7 */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]478
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]479#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]480/*
481 * One and zeros padding: fill with 80 00 ... 00
482 */
483static void add_one_and_zeros_padding( unsigned char *output,
484 size_t output_len, size_t data_len )
485{
486 size_t padding_len = output_len - data_len;
487 unsigned char i = 0;
488
489 output[data_len] = 0x80;
490 for( i = 1; i < padding_len; i++ )
491 output[data_len + i] = 0x00;
492}
493
494static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
495 size_t *data_len )
496{
Manuel Pégourié-Gonnard6c329902013-10-27 18:25:03 +0100[diff] [blame]497 size_t i;
498 unsigned char done = 0, prev_done, bad;
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]499
500 if( NULL == input || NULL == data_len )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]501 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]502
Manuel Pégourié-Gonnard6c329902013-10-27 18:25:03 +0100[diff] [blame]503 bad = 0xFF;
504 *data_len = 0;
505 for( i = input_len; i > 0; i-- )
506 {
507 prev_done = done;
508 done |= ( input[i-1] != 0 );
509 *data_len |= ( i - 1 ) * ( done != prev_done );
510 bad &= ( input[i-1] ^ 0x80 ) | ( done == prev_done );
511 }
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]512
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]513 return( POLARSSL_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]514
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]515}
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]516#endif /* POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS */
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]517
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]518#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]519/*
520 * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
521 */
522static void add_zeros_and_len_padding( unsigned char *output,
523 size_t output_len, size_t data_len )
524{
525 size_t padding_len = output_len - data_len;
526 unsigned char i = 0;
527
528 for( i = 1; i < padding_len; i++ )
529 output[data_len + i - 1] = 0x00;
530 output[output_len - 1] = (unsigned char) padding_len;
531}
532
533static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
534 size_t *data_len )
535{
Manuel Pégourié-Gonnardd17df512013-10-27 17:32:43 +0100[diff] [blame]536 size_t i, pad_idx;
537 unsigned char padding_len, bad = 0;
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]538
539 if( NULL == input || NULL == data_len )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]540 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]541
542 padding_len = input[input_len - 1];
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]543 *data_len = input_len - padding_len;
544
Manuel Pégourié-Gonnardd17df512013-10-27 17:32:43 +0100[diff] [blame]545 /* Avoid logical || since it results in a branch */
546 bad |= padding_len > input_len;
547 bad |= padding_len == 0;
548
549 /* The number of bytes checked must be independent of padding_len */
550 pad_idx = input_len - padding_len;
551 for( i = 0; i < input_len - 1; i++ )
552 bad |= input[i] * ( i >= pad_idx );
553
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]554 return( POLARSSL_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]555}
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]556#endif /* POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN */
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]557
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]558#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]559/*
560 * Zero padding: fill with 00 ... 00
561 */
562static void add_zeros_padding( unsigned char *output,
563 size_t output_len, size_t data_len )
564{
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200[diff] [blame]565 size_t i;
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]566
567 for( i = data_len; i < output_len; i++ )
568 output[i] = 0x00;
569}
570
571static int get_zeros_padding( unsigned char *input, size_t input_len,
572 size_t *data_len )
573{
Manuel Pégourié-Gonnarde68bf172013-10-27 18:26:39 +0100[diff] [blame]574 size_t i;
575 unsigned char done = 0, prev_done;
576
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]577 if( NULL == input || NULL == data_len )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]578 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]579
Manuel Pégourié-Gonnarde68bf172013-10-27 18:26:39 +0100[diff] [blame]580 *data_len = 0;
581 for( i = input_len; i > 0; i-- )
582 {
583 prev_done = done;
584 done |= ( input[i-1] != 0 );
585 *data_len |= i * ( done != prev_done );
586 }
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]587
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]588 return( 0 );
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]589}
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]590#endif /* POLARSSL_CIPHER_PADDING_ZEROS */
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]591
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]592/*
593 * No padding: don't pad :)
594 *
595 * There is no add_padding function (check for NULL in cipher_finish)
596 * but a trivial get_padding function
597 */
598static int get_no_padding( unsigned char *input, size_t input_len,
599 size_t *data_len )
600{
601 if( NULL == input || NULL == data_len )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]602 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]603
604 *data_len = input_len;
605
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]606 return( 0 );
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]607}
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]608#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]609
Manuel Pégourié-Gonnard9241be72013-08-31 17:31:03 +0200[diff] [blame]610int cipher_finish( cipher_context_t *ctx,
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]611 unsigned char *output, size_t *olen )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]612{
613 if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]614 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]615
616 *olen = 0;
617
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]618 if( POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]619 POLARSSL_MODE_CTR == ctx->cipher_info->mode ||
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200[diff] [blame]620 POLARSSL_MODE_GCM == ctx->cipher_info->mode ||
Manuel Pégourié-Gonnardb5e85882013-08-28 16:36:14 +0200[diff] [blame]621 POLARSSL_MODE_STREAM == ctx->cipher_info->mode )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]622 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]623 return( 0 );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]624 }
625
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]626 if( POLARSSL_MODE_ECB == ctx->cipher_info->mode )
627 {
628 if( ctx->unprocessed_len != 0 )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]629 return( POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED );
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]630
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]631 return( 0 );
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]632 }
633
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]634#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]635 if( POLARSSL_MODE_CBC == ctx->cipher_info->mode )
636 {
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]637 int ret = 0;
638
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]639 if( POLARSSL_ENCRYPT == ctx->operation )
640 {
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]641 /* check for 'no padding' mode */
642 if( NULL == ctx->add_padding )
643 {
644 if( 0 != ctx->unprocessed_len )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]645 return( POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED );
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]646
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]647 return( 0 );
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]648 }
649
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]650 ctx->add_padding( ctx->unprocessed_data, cipher_get_iv_size( ctx ),
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]651 ctx->unprocessed_len );
652 }
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]653 else if( cipher_get_block_size( ctx ) != ctx->unprocessed_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]654 {
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]655 /*
656 * For decrypt operations, expect a full block,
657 * or an empty block if no padding
658 */
659 if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]660 return( 0 );
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]661
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]662 return( POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]663 }
664
665 /* cipher block */
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]666 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
667 ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
668 ctx->unprocessed_data, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]669 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]670 return( ret );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]671 }
672
673 /* Set output size for decryption */
674 if( POLARSSL_DECRYPT == ctx->operation )
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]675 return ctx->get_padding( output, cipher_get_block_size( ctx ),
676 olen );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]677
678 /* Set output size for encryption */
679 *olen = cipher_get_block_size( ctx );
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]680 return( 0 );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]681 }
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]682#else
683 ((void) output);
684#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]685
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]686 return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]687}
688
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]689#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]690int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode )
691{
692 if( NULL == ctx ||
693 POLARSSL_MODE_CBC != ctx->cipher_info->mode )
694 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]695 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]696 }
697
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]698 switch( mode )
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]699 {
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]700#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]701 case POLARSSL_PADDING_PKCS7:
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]702 ctx->add_padding = add_pkcs_padding;
703 ctx->get_padding = get_pkcs_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]704 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]705#endif
706#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]707 case POLARSSL_PADDING_ONE_AND_ZEROS:
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]708 ctx->add_padding = add_one_and_zeros_padding;
709 ctx->get_padding = get_one_and_zeros_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]710 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]711#endif
712#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]713 case POLARSSL_PADDING_ZEROS_AND_LEN:
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]714 ctx->add_padding = add_zeros_and_len_padding;
715 ctx->get_padding = get_zeros_and_len_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]716 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]717#endif
718#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]719 case POLARSSL_PADDING_ZEROS:
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]720 ctx->add_padding = add_zeros_padding;
721 ctx->get_padding = get_zeros_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]722 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]723#endif
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]724 case POLARSSL_PADDING_NONE:
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]725 ctx->add_padding = NULL;
726 ctx->get_padding = get_no_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]727 break;
728
729 default:
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]730 return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]731 }
732
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]733 return( 0 );
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]734}
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]735#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]736
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]737#if defined(POLARSSL_GCM_C)
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]738int cipher_write_tag( cipher_context_t *ctx,
739 unsigned char *tag, size_t tag_len )
740{
741 if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]742 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]743
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]744 if( POLARSSL_ENCRYPT != ctx->operation )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]745 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]746
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]747 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200[diff] [blame]748 return gcm_finish( (gcm_context *) ctx->cipher_ctx, tag, tag_len );
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]749
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]750 return( 0 );
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]751}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]752
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]753int cipher_check_tag( cipher_context_t *ctx,
754 const unsigned char *tag, size_t tag_len )
755{
756 int ret;
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]757
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]758 if( NULL == ctx || NULL == ctx->cipher_info ||
759 POLARSSL_DECRYPT != ctx->operation )
760 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]761 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]762 }
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]763
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]764 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
765 {
766 unsigned char check_tag[16];
767 size_t i;
768 int diff;
769
770 if( tag_len > sizeof( check_tag ) )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]771 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]772
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200[diff] [blame]773 if( 0 != ( ret = gcm_finish( (gcm_context *) ctx->cipher_ctx,
774 check_tag, tag_len ) ) )
775 {
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]776 return( ret );
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200[diff] [blame]777 }
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]778
779 /* Check the tag in "constant-time" */
780 for( diff = 0, i = 0; i < tag_len; i++ )
781 diff |= tag[i] ^ check_tag[i];
782
783 if( diff != 0 )
Manuel Pégourié-Gonnard4fee79b2013-09-19 18:09:14 +0200[diff] [blame]784 return( POLARSSL_ERR_CIPHER_AUTH_FAILED );
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]785
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]786 return( 0 );
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]787 }
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]788
789 return( 0 );
790}
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]791#endif /* POLARSSL_GCM_C */
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]792
Manuel Pégourié-Gonnard3c1d1502014-05-12 13:46:08 +0200[diff] [blame]793/*
794 * Packet-oriented wrapper for non-AEAD modes
795 */
796int cipher_crypt( cipher_context_t *ctx,
797 const unsigned char *iv, size_t iv_len,
798 const unsigned char *input, size_t ilen,
799 unsigned char *output, size_t *olen )
800{
801 int ret;
802 size_t finish_olen;
803
804 if( ( ret = cipher_set_iv( ctx, iv, iv_len ) ) != 0 )
805 return( ret );
806
807 if( ( ret = cipher_reset( ctx ) ) != 0 )
808 return( ret );
809
810 if( ( ret = cipher_update( ctx, input, ilen, output, olen ) ) != 0 )
811 return( ret );
812
813 if( ( ret = cipher_finish( ctx, output + *olen, &finish_olen ) ) != 0 )
814 return( ret );
815
816 *olen += finish_olen;
817
818 return( 0 );
819}
820
Manuel Pégourié-Gonnard4562ffe2014-05-13 12:19:29 +0200[diff] [blame]821#if defined(POLARSSL_CIPHER_MODE_AEAD)
822/*
823 * Packet-oriented encryption for AEAD modes
824 */
825int cipher_auth_encrypt( cipher_context_t *ctx,
826 const unsigned char *iv, size_t iv_len,
827 const unsigned char *ad, size_t ad_len,
828 const unsigned char *input, size_t ilen,
829 unsigned char *output, size_t *olen,
830 unsigned char *tag, size_t tag_len )
831{
832#if defined(POLARSSL_GCM_C)
833 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
834 {
835 *olen = ilen;
836 return( gcm_crypt_and_tag( ctx->cipher_ctx, GCM_ENCRYPT, ilen,
837 iv, iv_len, ad, ad_len, input, output,
838 tag_len, tag ) );
839 }
Manuel Pégourié-Gonnard41936952014-05-13 13:18:17 +0200[diff] [blame]840#endif /* POLARSSL_GCM_C */
841#if defined(POLARSSL_CCM_C)
842 if( POLARSSL_MODE_CCM == ctx->cipher_info->mode )
843 {
844 *olen = ilen;
845 return( ccm_encrypt_and_tag( ctx->cipher_ctx, ilen,
846 iv, iv_len, ad, ad_len, input, output,
847 tag, tag_len ) );
848 }
849#endif /* POLARSSL_CCM_C */
Manuel Pégourié-Gonnard4562ffe2014-05-13 12:19:29 +0200[diff] [blame]850
851 return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
852}
853
854/*
855 * Packet-oriented decryption for AEAD modes
856 */
857int cipher_auth_decrypt( cipher_context_t *ctx,
858 const unsigned char *iv, size_t iv_len,
859 const unsigned char *ad, size_t ad_len,
860 const unsigned char *input, size_t ilen,
861 unsigned char *output, size_t *olen,
862 const unsigned char *tag, size_t tag_len )
863{
864#if defined(POLARSSL_GCM_C)
865 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
866 {
867 int ret;
868
869 *olen = ilen;
870 ret = gcm_auth_decrypt( ctx->cipher_ctx, ilen,
871 iv, iv_len, ad, ad_len,
872 tag, tag_len, input, output );
873
874 if( ret == POLARSSL_ERR_GCM_AUTH_FAILED )
875 ret = POLARSSL_ERR_CIPHER_AUTH_FAILED;
876
877 return( ret );
878 }
Manuel Pégourié-Gonnard41936952014-05-13 13:18:17 +0200[diff] [blame]879#endif /* POLARSSL_GCM_C */
880#if defined(POLARSSL_CCM_C)
881 if( POLARSSL_MODE_CCM == ctx->cipher_info->mode )
882 {
883 int ret;
884
885 *olen = ilen;
886 ret = ccm_auth_decrypt( ctx->cipher_ctx, ilen,
887 iv, iv_len, ad, ad_len,
888 input, output, tag, tag_len );
889
890 if( ret == POLARSSL_ERR_CCM_AUTH_FAILED )
891 ret = POLARSSL_ERR_CIPHER_AUTH_FAILED;
892
893 return( ret );
894 }
895#endif /* POLARSSL_CCM_C */
Manuel Pégourié-Gonnard4562ffe2014-05-13 12:19:29 +0200[diff] [blame]896
897 return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
898}
899#endif /* POLARSSL_CIPHER_MODE_AEAD */
900
901
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]902#if defined(POLARSSL_SELF_TEST)
903
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]904/*
905 * Checkup routine
906 */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]907int cipher_self_test( int verbose )
908{
Paul Bakkerd61e7d92011-01-18 16:17:47 +0000[diff] [blame]909 ((void) verbose);
910
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]911 return( 0 );
912}
913
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]914#endif /* POLARSSL_SELF_TEST */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]915
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]916#endif /* POLARSSL_CIPHER_C */