TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 9f5a3c4a0ae949fa8c0ca969e4af600bb0ed8555 / . / library / cipher.c
blob: 8d90a646b391b6e4eeded668e919559e0e73b8af [file] [log] [blame]
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]1/**
2 * \file cipher.c
3 *
4 * \brief Generic cipher wrapper for PolarSSL
5 *
6 * \author Adriaan de Jong <dejong@fox-it.com>
7 *
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]8 * Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]9 *
10 * This file is part of PolarSSL (http://www.polarssl.org)
11 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
12 *
13 * All rights reserved.
14 *
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License as published by
17 * the Free Software Foundation; either version 2 of the License, or
18 * (at your option) any later version.
19 *
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * You should have received a copy of the GNU General Public License along
26 * with this program; if not, write to the Free Software Foundation, Inc.,
27 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
28 */
29
30#include "polarssl/config.h"
31
32#if defined(POLARSSL_CIPHER_C)
33
34#include "polarssl/cipher.h"
35#include "polarssl/cipher_wrap.h"
36
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]37#if defined(POLARSSL_GCM_C)
38#include "polarssl/gcm.h"
39#endif
40
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]41#include <stdlib.h>
42
Manuel Pégourié-Gonnardb5e85882013-08-28 16:36:14 +0200[diff] [blame]43#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200[diff] [blame]44#define POLARSSL_CIPHER_MODE_STREAM
45#endif
46
Paul Bakkeraf5c85f2011-04-18 03:47:52 +0000[diff] [blame]47#if defined _MSC_VER && !defined strcasecmp
48#define strcasecmp _stricmp
49#endif
50
Paul Bakker72f62662011-01-16 21:27:44 +0000[diff] [blame]51static const int supported_ciphers[] = {
52
53#if defined(POLARSSL_AES_C)
54 POLARSSL_CIPHER_AES_128_CBC,
55 POLARSSL_CIPHER_AES_192_CBC,
56 POLARSSL_CIPHER_AES_256_CBC,
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]57
58#if defined(POLARSSL_CIPHER_MODE_CFB)
59 POLARSSL_CIPHER_AES_128_CFB128,
60 POLARSSL_CIPHER_AES_192_CFB128,
61 POLARSSL_CIPHER_AES_256_CFB128,
62#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
63
64#if defined(POLARSSL_CIPHER_MODE_CTR)
65 POLARSSL_CIPHER_AES_128_CTR,
66 POLARSSL_CIPHER_AES_192_CTR,
67 POLARSSL_CIPHER_AES_256_CTR,
68#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
69
Manuel Pégourié-Gonnard83f3fc02013-09-04 12:07:24 +0200[diff] [blame]70#if defined(POLARSSL_GCM_C)
71 POLARSSL_CIPHER_AES_128_GCM,
72 POLARSSL_CIPHER_AES_192_GCM,
73 POLARSSL_CIPHER_AES_256_GCM,
74#endif /* defined(POLARSSL_GCM_C) */
75
Paul Bakker72f62662011-01-16 21:27:44 +0000[diff] [blame]76#endif /* defined(POLARSSL_AES_C) */
77
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200[diff] [blame]78#if defined(POLARSSL_ARC4_C)
79 POLARSSL_CIPHER_ARC4_128,
80#endif
81
Paul Bakker72f62662011-01-16 21:27:44 +0000[diff] [blame]82#if defined(POLARSSL_CAMELLIA_C)
83 POLARSSL_CIPHER_CAMELLIA_128_CBC,
84 POLARSSL_CIPHER_CAMELLIA_192_CBC,
85 POLARSSL_CIPHER_CAMELLIA_256_CBC,
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]86
87#if defined(POLARSSL_CIPHER_MODE_CFB)
88 POLARSSL_CIPHER_CAMELLIA_128_CFB128,
89 POLARSSL_CIPHER_CAMELLIA_192_CFB128,
90 POLARSSL_CIPHER_CAMELLIA_256_CFB128,
91#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
92
93#if defined(POLARSSL_CIPHER_MODE_CTR)
94 POLARSSL_CIPHER_CAMELLIA_128_CTR,
95 POLARSSL_CIPHER_CAMELLIA_192_CTR,
96 POLARSSL_CIPHER_CAMELLIA_256_CTR,
97#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
98
Paul Bakker72f62662011-01-16 21:27:44 +0000[diff] [blame]99#endif /* defined(POLARSSL_CAMELLIA_C) */
100
101#if defined(POLARSSL_DES_C)
102 POLARSSL_CIPHER_DES_CBC,
103 POLARSSL_CIPHER_DES_EDE_CBC,
104 POLARSSL_CIPHER_DES_EDE3_CBC,
105#endif /* defined(POLARSSL_DES_C) */
106
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]107#if defined(POLARSSL_BLOWFISH_C)
108 POLARSSL_CIPHER_BLOWFISH_CBC,
109
110#if defined(POLARSSL_CIPHER_MODE_CFB)
111 POLARSSL_CIPHER_BLOWFISH_CFB64,
112#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
113
114#if defined(POLARSSL_CIPHER_MODE_CTR)
115 POLARSSL_CIPHER_BLOWFISH_CTR,
116#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
117
118#endif /* defined(POLARSSL_BLOWFISH_C) */
119
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]120#if defined(POLARSSL_CIPHER_NULL_CIPHER)
121 POLARSSL_CIPHER_NULL,
122#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
123
Paul Bakker72f62662011-01-16 21:27:44 +0000[diff] [blame]124 0
125};
126
127const int *cipher_list( void )
128{
129 return supported_ciphers;
130}
131
Paul Bakkerec1b9842012-01-14 18:24:43 +0000[diff] [blame]132const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]133{
134 /* Find static cipher information */
135 switch ( cipher_type )
136 {
137#if defined(POLARSSL_AES_C)
138 case POLARSSL_CIPHER_AES_128_CBC:
139 return &aes_128_cbc_info;
140 case POLARSSL_CIPHER_AES_192_CBC:
141 return &aes_192_cbc_info;
142 case POLARSSL_CIPHER_AES_256_CBC:
143 return &aes_256_cbc_info;
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]144
145#if defined(POLARSSL_CIPHER_MODE_CFB)
146 case POLARSSL_CIPHER_AES_128_CFB128:
147 return &aes_128_cfb128_info;
148 case POLARSSL_CIPHER_AES_192_CFB128:
149 return &aes_192_cfb128_info;
150 case POLARSSL_CIPHER_AES_256_CFB128:
151 return &aes_256_cfb128_info;
152#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
153
154#if defined(POLARSSL_CIPHER_MODE_CTR)
155 case POLARSSL_CIPHER_AES_128_CTR:
156 return &aes_128_ctr_info;
157 case POLARSSL_CIPHER_AES_192_CTR:
158 return &aes_192_ctr_info;
159 case POLARSSL_CIPHER_AES_256_CTR:
160 return &aes_256_ctr_info;
161#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
162
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]163#if defined(POLARSSL_GCM_C)
164 case POLARSSL_CIPHER_AES_128_GCM:
165 return &aes_128_gcm_info;
Manuel Pégourié-Gonnard83f3fc02013-09-04 12:07:24 +0200[diff] [blame]166 case POLARSSL_CIPHER_AES_192_GCM:
167 return &aes_192_gcm_info;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]168 case POLARSSL_CIPHER_AES_256_GCM:
169 return &aes_256_gcm_info;
170#endif /* defined(POLARSSL_GCM_C) */
171
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]172#endif
173
174#if defined(POLARSSL_CAMELLIA_C)
175 case POLARSSL_CIPHER_CAMELLIA_128_CBC:
176 return &camellia_128_cbc_info;
177 case POLARSSL_CIPHER_CAMELLIA_192_CBC:
178 return &camellia_192_cbc_info;
179 case POLARSSL_CIPHER_CAMELLIA_256_CBC:
180 return &camellia_256_cbc_info;
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]181
182#if defined(POLARSSL_CIPHER_MODE_CFB)
183 case POLARSSL_CIPHER_CAMELLIA_128_CFB128:
184 return &camellia_128_cfb128_info;
185 case POLARSSL_CIPHER_CAMELLIA_192_CFB128:
186 return &camellia_192_cfb128_info;
187 case POLARSSL_CIPHER_CAMELLIA_256_CFB128:
188 return &camellia_256_cfb128_info;
189#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
190
191#if defined(POLARSSL_CIPHER_MODE_CTR)
192 case POLARSSL_CIPHER_CAMELLIA_128_CTR:
193 return &camellia_128_ctr_info;
194 case POLARSSL_CIPHER_CAMELLIA_192_CTR:
195 return &camellia_192_ctr_info;
196 case POLARSSL_CIPHER_CAMELLIA_256_CTR:
197 return &camellia_256_ctr_info;
198#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
199
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]200#endif
201
202#if defined(POLARSSL_DES_C)
203 case POLARSSL_CIPHER_DES_CBC:
204 return &des_cbc_info;
205 case POLARSSL_CIPHER_DES_EDE_CBC:
206 return &des_ede_cbc_info;
207 case POLARSSL_CIPHER_DES_EDE3_CBC:
208 return &des_ede3_cbc_info;
209#endif
210
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]211#if defined(POLARSSL_ARC4_C)
212 case POLARSSL_CIPHER_ARC4_128:
213 return &arc4_128_info;
214#endif
215
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]216#if defined(POLARSSL_BLOWFISH_C)
217 case POLARSSL_CIPHER_BLOWFISH_CBC:
218 return &blowfish_cbc_info;
219
220#if defined(POLARSSL_CIPHER_MODE_CFB)
221 case POLARSSL_CIPHER_BLOWFISH_CFB64:
222 return &blowfish_cfb64_info;
223#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
224
225#if defined(POLARSSL_CIPHER_MODE_CTR)
226 case POLARSSL_CIPHER_BLOWFISH_CTR:
227 return &blowfish_ctr_info;
228#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
229
230#endif
231
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]232#if defined(POLARSSL_CIPHER_NULL_CIPHER)
233 case POLARSSL_CIPHER_NULL:
234 return &null_cipher_info;
235#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
236
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]237 default:
238 return NULL;
239 }
240}
241
242const cipher_info_t *cipher_info_from_string( const char *cipher_name )
243{
244 if( NULL == cipher_name )
245 return NULL;
246
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]247 /* Get the appropriate cipher information */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]248#if defined(POLARSSL_CAMELLIA_C)
249 if( !strcasecmp( "CAMELLIA-128-CBC", cipher_name ) )
250 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CBC );
251 if( !strcasecmp( "CAMELLIA-192-CBC", cipher_name ) )
252 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CBC );
253 if( !strcasecmp( "CAMELLIA-256-CBC", cipher_name ) )
254 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CBC );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]255
256#if defined(POLARSSL_CIPHER_MODE_CFB)
257 if( !strcasecmp( "CAMELLIA-128-CFB128", cipher_name ) )
258 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CFB128 );
259 if( !strcasecmp( "CAMELLIA-192-CFB128", cipher_name ) )
260 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CFB128 );
261 if( !strcasecmp( "CAMELLIA-256-CFB128", cipher_name ) )
262 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CFB128 );
263#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
264
265#if defined(POLARSSL_CIPHER_MODE_CTR)
266 if( !strcasecmp( "CAMELLIA-128-CTR", cipher_name ) )
267 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CTR );
268 if( !strcasecmp( "CAMELLIA-192-CTR", cipher_name ) )
269 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CTR );
270 if( !strcasecmp( "CAMELLIA-256-CTR", cipher_name ) )
271 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CTR );
272#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]273#endif
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]274
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]275#if defined(POLARSSL_AES_C)
276 if( !strcasecmp( "AES-128-CBC", cipher_name ) )
277 return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CBC );
278 if( !strcasecmp( "AES-192-CBC", cipher_name ) )
279 return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CBC );
280 if( !strcasecmp( "AES-256-CBC", cipher_name ) )
281 return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CBC );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]282
283#if defined(POLARSSL_CIPHER_MODE_CFB)
284 if( !strcasecmp( "AES-128-CFB128", cipher_name ) )
285 return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CFB128 );
286 if( !strcasecmp( "AES-192-CFB128", cipher_name ) )
287 return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CFB128 );
288 if( !strcasecmp( "AES-256-CFB128", cipher_name ) )
289 return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CFB128 );
290#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
291
292#if defined(POLARSSL_CIPHER_MODE_CTR)
293 if( !strcasecmp( "AES-128-CTR", cipher_name ) )
294 return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CTR );
295 if( !strcasecmp( "AES-192-CTR", cipher_name ) )
296 return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CTR );
297 if( !strcasecmp( "AES-256-CTR", cipher_name ) )
298 return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CTR );
299#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]300
301#if defined(POLARSSL_GCM_C)
302 if( !strcasecmp( "AES-128-GCM", cipher_name ) )
303 return cipher_info_from_type( POLARSSL_CIPHER_AES_128_GCM );
Manuel Pégourié-Gonnard83f3fc02013-09-04 12:07:24 +0200[diff] [blame]304 if( !strcasecmp( "AES-192-GCM", cipher_name ) )
305 return cipher_info_from_type( POLARSSL_CIPHER_AES_192_GCM );
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]306 if( !strcasecmp( "AES-256-GCM", cipher_name ) )
307 return cipher_info_from_type( POLARSSL_CIPHER_AES_256_GCM );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]308#endif
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]309#endif /* POLARSSL_AES_C */
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]310
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200[diff] [blame]311#if defined(POLARSSL_ARC4_C)
312 if( !strcasecmp( "ARC4-128", cipher_name ) )
313 return( cipher_info_from_type( POLARSSL_CIPHER_ARC4_128 ) );
314#endif
315
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]316#if defined(POLARSSL_DES_C)
317 if( !strcasecmp( "DES-CBC", cipher_name ) )
318 return cipher_info_from_type( POLARSSL_CIPHER_DES_CBC );
319 if( !strcasecmp( "DES-EDE-CBC", cipher_name ) )
320 return cipher_info_from_type( POLARSSL_CIPHER_DES_EDE_CBC );
321 if( !strcasecmp( "DES-EDE3-CBC", cipher_name ) )
322 return cipher_info_from_type( POLARSSL_CIPHER_DES_EDE3_CBC );
323#endif
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]324
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]325#if defined(POLARSSL_BLOWFISH_C)
326 if( !strcasecmp( "BLOWFISH-CBC", cipher_name ) )
327 return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CBC );
328
329#if defined(POLARSSL_CIPHER_MODE_CFB)
330 if( !strcasecmp( "BLOWFISH-CFB64", cipher_name ) )
331 return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CFB64 );
332#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
333
334#if defined(POLARSSL_CIPHER_MODE_CTR)
335 if( !strcasecmp( "BLOWFISH-CTR", cipher_name ) )
336 return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CTR );
337#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
338#endif
339
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]340#if defined(POLARSSL_CIPHER_NULL_CIPHER)
341 if( !strcasecmp( "NULL", cipher_name ) )
342 return cipher_info_from_type( POLARSSL_CIPHER_NULL );
343#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
344
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]345 return NULL;
346}
347
348int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
349{
350 if( NULL == cipher_info || NULL == ctx )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]351 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]352
Paul Bakker279432a2012-04-26 10:09:35 +0000[diff] [blame]353 memset( ctx, 0, sizeof( cipher_context_t ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]354
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]355 if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]356 return POLARSSL_ERR_CIPHER_ALLOC_FAILED;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]357
358 ctx->cipher_info = cipher_info;
359
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]360 /*
361 * Ignore possible errors caused by a cipher mode that doesn't use padding
362 */
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]363#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]364 (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_PKCS7 );
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]365#else
366 (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_NONE );
367#endif
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]368
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]369 return 0;
370}
371
372int cipher_free_ctx( cipher_context_t *ctx )
373{
374 if( ctx == NULL || ctx->cipher_info == NULL )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]375 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]376
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]377 ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]378
379 return 0;
380}
381
382int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
383 int key_length, const operation_t operation )
384{
385 if( NULL == ctx || NULL == ctx->cipher_info )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]386 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]387
388 ctx->key_length = key_length;
389 ctx->operation = operation;
390
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]391 /*
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]392 * For CFB and CTR mode always use the encryption key schedule
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]393 */
394 if( POLARSSL_ENCRYPT == operation ||
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]395 POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]396 POLARSSL_MODE_CTR == ctx->cipher_info->mode )
397 {
398 return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]399 ctx->key_length );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]400 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]401
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]402 if( POLARSSL_DECRYPT == operation )
403 return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]404 ctx->key_length );
405
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]406 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]407}
408
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]409int cipher_set_iv( cipher_context_t *ctx,
410 const unsigned char *iv, size_t iv_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]411{
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200[diff] [blame]412 size_t actual_iv_size;
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]413
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]414 if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]415 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]416
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200[diff] [blame]417 if( ctx->cipher_info->accepts_variable_iv_size )
418 actual_iv_size = iv_len;
419 else
420 actual_iv_size = ctx->cipher_info->iv_size;
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]421
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200[diff] [blame]422 memcpy( ctx->iv, iv, actual_iv_size );
423 ctx->iv_size = actual_iv_size;
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]424
425 return 0;
426}
427
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]428int cipher_reset( cipher_context_t *ctx )
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]429{
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]430 if( NULL == ctx || NULL == ctx->cipher_info )
431 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
432
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]433 ctx->unprocessed_len = 0;
434
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]435 return 0;
436}
437
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]438#if defined(POLARSSL_CIPHER_MODE_AEAD)
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]439int cipher_update_ad( cipher_context_t *ctx,
440 const unsigned char *ad, size_t ad_len )
441{
442 if( NULL == ctx || NULL == ctx->cipher_info )
443 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
444
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]445#if defined(POLARSSL_GCM_C)
446 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
447 {
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]448 return gcm_starts( ctx->cipher_ctx, ctx->operation,
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]449 ctx->iv, ctx->iv_size, ad, ad_len );
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]450 }
451#endif
452
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]453 return 0;
454}
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]455#endif /* POLARSSL_CIPHER_MODE_AEAD */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]456
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]457int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ilen,
458 unsigned char *output, size_t *olen )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]459{
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]460 int ret;
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]461 size_t copy_len = 0;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]462
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]463 *olen = 0;
464
465 if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]466 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]467 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]468 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]469
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200[diff] [blame]470#if defined(POLARSSL_GCM_C)
471 if( ctx->cipher_info->mode == POLARSSL_MODE_GCM)
472 {
473 *olen = ilen;
474 return gcm_update( ctx->cipher_ctx, ilen, input, output );
475 }
476#endif
477
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]478 if( input == output &&
479 ( ctx->unprocessed_len != 0 || ilen % cipher_get_block_size( ctx ) ) )
480 {
481 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
482 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]483
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200[diff] [blame]484 if( ctx->cipher_info->mode == POLARSSL_MODE_CBC )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]485 {
486 /*
487 * If there is not enough data for a full block, cache it.
488 */
489 if( ( ctx->operation == POLARSSL_DECRYPT &&
490 ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) ||
491 ( ctx->operation == POLARSSL_ENCRYPT &&
492 ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) )
493 {
494 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
495 ilen );
496
497 ctx->unprocessed_len += ilen;
498 return 0;
499 }
500
501 /*
502 * Process cached data first
503 */
504 if( ctx->unprocessed_len != 0 )
505 {
506 copy_len = cipher_get_block_size( ctx ) - ctx->unprocessed_len;
507
508 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
509 copy_len );
510
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]511 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]512 ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]513 ctx->unprocessed_data, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]514 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]515 return ret;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]516 }
517
518 *olen += cipher_get_block_size( ctx );
519 output += cipher_get_block_size( ctx );
520 ctx->unprocessed_len = 0;
521
522 input += copy_len;
523 ilen -= copy_len;
524 }
525
526 /*
527 * Cache final, incomplete block
528 */
529 if( 0 != ilen )
530 {
531 copy_len = ilen % cipher_get_block_size( ctx );
532 if( copy_len == 0 && ctx->operation == POLARSSL_DECRYPT )
533 copy_len = cipher_get_block_size(ctx);
534
535 memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
536 copy_len );
537
538 ctx->unprocessed_len += copy_len;
539 ilen -= copy_len;
540 }
541
542 /*
543 * Process remaining full blocks
544 */
545 if( ilen )
546 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]547 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
548 ctx->operation, ilen, ctx->iv, input, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]549 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]550 return ret;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]551 }
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]552
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]553 *olen += ilen;
554 }
555
556 return 0;
557 }
558
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]559#if defined(POLARSSL_CIPHER_MODE_CFB)
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]560 if( ctx->cipher_info->mode == POLARSSL_MODE_CFB )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]561 {
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]562 if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]563 ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]564 input, output ) ) )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]565 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]566 return ret;
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]567 }
568
569 *olen = ilen;
570
571 return 0;
572 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]573#endif
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]574
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]575#if defined(POLARSSL_CIPHER_MODE_CTR)
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]576 if( ctx->cipher_info->mode == POLARSSL_MODE_CTR )
577 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]578 if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]579 ilen, &ctx->unprocessed_len, ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]580 ctx->unprocessed_data, input, output ) ) )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]581 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]582 return ret;
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]583 }
584
585 *olen = ilen;
586
587 return 0;
588 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]589#endif
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]590
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200[diff] [blame]591#if defined(POLARSSL_CIPHER_MODE_STREAM)
592 if( ctx->cipher_info->mode == POLARSSL_MODE_STREAM )
593 {
594 if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
595 ilen, input, output ) ) )
596 {
597 return ret;
598 }
599
600 *olen = ilen;
601
602 return 0;
603 }
604#endif
605
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]606 return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]607}
608
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]609#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]610/*
611 * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
612 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]613static void add_pkcs_padding( unsigned char *output, size_t output_len,
614 size_t data_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]615{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]616 size_t padding_len = output_len - data_len;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]617 unsigned char i = 0;
618
619 for( i = 0; i < padding_len; i++ )
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]620 output[data_len + i] = (unsigned char) padding_len;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]621}
622
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]623static int get_pkcs_padding( unsigned char *input, size_t input_len,
624 size_t *data_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]625{
Paul Bakkerec1b9842012-01-14 18:24:43 +0000[diff] [blame]626 unsigned int i, padding_len = 0;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]627
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]628 if( NULL == input || NULL == data_len )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]629 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]630
631 padding_len = input[input_len - 1];
632
Manuel Pégourié-Gonnardb7d24bc2013-07-26 10:58:48 +0200[diff] [blame]633 if( padding_len > input_len || padding_len == 0 )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]634 return POLARSSL_ERR_CIPHER_INVALID_PADDING;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]635
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]636 for( i = input_len - padding_len; i < input_len; i++ )
637 if( input[i] != padding_len )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]638 return POLARSSL_ERR_CIPHER_INVALID_PADDING;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]639
640 *data_len = input_len - padding_len;
641
642 return 0;
643}
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]644#endif /* POLARSSL_CIPHER_PADDING_PKCS7 */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]645
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]646#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]647/*
648 * One and zeros padding: fill with 80 00 ... 00
649 */
650static void add_one_and_zeros_padding( unsigned char *output,
651 size_t output_len, size_t data_len )
652{
653 size_t padding_len = output_len - data_len;
654 unsigned char i = 0;
655
656 output[data_len] = 0x80;
657 for( i = 1; i < padding_len; i++ )
658 output[data_len + i] = 0x00;
659}
660
661static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
662 size_t *data_len )
663{
664 unsigned char *p = input + input_len - 1;
665
666 if( NULL == input || NULL == data_len )
667 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
668
669 while( *p == 0x00 && p > input )
670 --p;
671
672 if( *p != 0x80 )
673 return POLARSSL_ERR_CIPHER_INVALID_PADDING;
674
675 *data_len = p - input;
676
677 return 0;
678}
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]679#endif /* POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS */
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]680
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]681#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]682/*
683 * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
684 */
685static void add_zeros_and_len_padding( unsigned char *output,
686 size_t output_len, size_t data_len )
687{
688 size_t padding_len = output_len - data_len;
689 unsigned char i = 0;
690
691 for( i = 1; i < padding_len; i++ )
692 output[data_len + i - 1] = 0x00;
693 output[output_len - 1] = (unsigned char) padding_len;
694}
695
696static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
697 size_t *data_len )
698{
699 unsigned int i, padding_len = 0;
700
701 if( NULL == input || NULL == data_len )
702 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
703
704 padding_len = input[input_len - 1];
705
706 if( padding_len > input_len || padding_len == 0 )
707 return POLARSSL_ERR_CIPHER_INVALID_PADDING;
708
709 for( i = input_len - padding_len; i < input_len - 1; i++ )
710 if( input[i] != 0x00 )
711 return POLARSSL_ERR_CIPHER_INVALID_PADDING;
712
713 *data_len = input_len - padding_len;
714
715 return 0;
716}
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]717#endif /* POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN */
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]718
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]719#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]720/*
721 * Zero padding: fill with 00 ... 00
722 */
723static void add_zeros_padding( unsigned char *output,
724 size_t output_len, size_t data_len )
725{
726 unsigned char i;
727
728 for( i = data_len; i < output_len; i++ )
729 output[i] = 0x00;
730}
731
732static int get_zeros_padding( unsigned char *input, size_t input_len,
733 size_t *data_len )
734{
735 unsigned char *p = input + input_len - 1;
736 if( NULL == input || NULL == data_len )
737 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
738
739 while( *p == 0x00 && p > input )
740 --p;
741
742 *data_len = *p == 0x00 ? 0 : p - input + 1;
743
744 return 0;
745}
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]746#endif /* POLARSSL_CIPHER_PADDING_ZEROS */
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]747
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]748/*
749 * No padding: don't pad :)
750 *
751 * There is no add_padding function (check for NULL in cipher_finish)
752 * but a trivial get_padding function
753 */
754static int get_no_padding( unsigned char *input, size_t input_len,
755 size_t *data_len )
756{
757 if( NULL == input || NULL == data_len )
758 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
759
760 *data_len = input_len;
761
762 return 0;
763}
764
Manuel Pégourié-Gonnard9241be72013-08-31 17:31:03 +0200[diff] [blame]765int cipher_finish( cipher_context_t *ctx,
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]766 unsigned char *output, size_t *olen )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]767{
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]768 int ret = 0;
769
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]770 if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]771 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]772
773 *olen = 0;
774
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]775 if( POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]776 POLARSSL_MODE_CTR == ctx->cipher_info->mode ||
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200[diff] [blame]777 POLARSSL_MODE_GCM == ctx->cipher_info->mode ||
Manuel Pégourié-Gonnardb5e85882013-08-28 16:36:14 +0200[diff] [blame]778 POLARSSL_MODE_STREAM == ctx->cipher_info->mode )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]779 {
780 return 0;
781 }
782
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]783 if( POLARSSL_MODE_CBC == ctx->cipher_info->mode )
784 {
785 if( POLARSSL_ENCRYPT == ctx->operation )
786 {
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]787 /* check for 'no padding' mode */
788 if( NULL == ctx->add_padding )
789 {
790 if( 0 != ctx->unprocessed_len )
791 return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
792
793 return 0;
794 }
795
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]796 ctx->add_padding( ctx->unprocessed_data, cipher_get_iv_size( ctx ),
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]797 ctx->unprocessed_len );
798 }
799 else if ( cipher_get_block_size( ctx ) != ctx->unprocessed_len )
800 {
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]801 /*
802 * For decrypt operations, expect a full block,
803 * or an empty block if no padding
804 */
805 if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
806 return 0;
807
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]808 return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]809 }
810
811 /* cipher block */
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]812 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
813 ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
814 ctx->unprocessed_data, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]815 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]816 return ret;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]817 }
818
819 /* Set output size for decryption */
820 if( POLARSSL_DECRYPT == ctx->operation )
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]821 return ctx->get_padding( output, cipher_get_block_size( ctx ),
822 olen );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]823
824 /* Set output size for encryption */
825 *olen = cipher_get_block_size( ctx );
826 return 0;
827 }
828
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]829 return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]830}
831
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]832int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode )
833{
834 if( NULL == ctx ||
835 POLARSSL_MODE_CBC != ctx->cipher_info->mode )
836 {
837 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
838 }
839
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]840 switch( mode )
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]841 {
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]842#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]843 case POLARSSL_PADDING_PKCS7:
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]844 ctx->add_padding = add_pkcs_padding;
845 ctx->get_padding = get_pkcs_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]846 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]847#endif
848#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]849 case POLARSSL_PADDING_ONE_AND_ZEROS:
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]850 ctx->add_padding = add_one_and_zeros_padding;
851 ctx->get_padding = get_one_and_zeros_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]852 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]853#endif
854#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]855 case POLARSSL_PADDING_ZEROS_AND_LEN:
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]856 ctx->add_padding = add_zeros_and_len_padding;
857 ctx->get_padding = get_zeros_and_len_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]858 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]859#endif
860#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]861 case POLARSSL_PADDING_ZEROS:
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]862 ctx->add_padding = add_zeros_padding;
863 ctx->get_padding = get_zeros_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]864 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]865#endif
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]866 case POLARSSL_PADDING_NONE:
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]867 ctx->add_padding = NULL;
868 ctx->get_padding = get_no_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]869 break;
870
871 default:
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]872 return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]873 }
874
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]875 return 0;
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]876}
877
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]878#if defined(POLARSSL_CIPHER_MODE_AEAD)
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]879int cipher_write_tag( cipher_context_t *ctx,
880 unsigned char *tag, size_t tag_len )
881{
882 if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag )
883 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
884
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]885 if( POLARSSL_ENCRYPT != ctx->operation )
886 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
887
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]888#if defined(POLARSSL_GCM_C)
889 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
890 return gcm_finish( ctx->cipher_ctx, tag, tag_len );
891#endif
892
893 return 0;
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]894}
895
896int cipher_check_tag( cipher_context_t *ctx,
897 const unsigned char *tag, size_t tag_len )
898{
899 int ret;
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]900
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]901 if( NULL == ctx || NULL == ctx->cipher_info ||
902 POLARSSL_DECRYPT != ctx->operation )
903 {
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]904 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]905 }
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]906
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]907#if defined(POLARSSL_GCM_C)
908 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
909 {
910 unsigned char check_tag[16];
911 size_t i;
912 int diff;
913
914 if( tag_len > sizeof( check_tag ) )
915 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
916
917 if( 0 != ( ret = gcm_finish( ctx->cipher_ctx, check_tag, tag_len ) ) )
918 return( ret );
919
920 /* Check the tag in "constant-time" */
921 for( diff = 0, i = 0; i < tag_len; i++ )
922 diff |= tag[i] ^ check_tag[i];
923
924 if( diff != 0 )
925 return( POLARSSL_ERR_GCM_AUTH_FAILED );
926
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]927 return( 0 );
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]928 }
929#endif
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]930
931 return( 0 );
932}
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]933#endif /* POLARSSL_CIPHER_MODE_AEAD */
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]934
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]935#if defined(POLARSSL_SELF_TEST)
936
937#include <stdio.h>
938
939#define ASSERT(x) if (!(x)) { \
940 printf( "failed with %i at %s\n", value, (#x) ); \
941 return( 1 ); \
942}
943/*
944 * Checkup routine
945 */
946
947int cipher_self_test( int verbose )
948{
Paul Bakkerd61e7d92011-01-18 16:17:47 +0000[diff] [blame]949 ((void) verbose);
950
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]951 return( 0 );
952}
953
954#endif
955
956#endif