blob: 495bd51dffe13e6e72947b56c2d066dc33d7f448 [file] [log] [blame]
Paul Bakker8123e9d2011-01-06 15:37:30 +00001/**
2 * \file cipher.c
3 *
4 * \brief Generic cipher wrapper for PolarSSL
5 *
6 * \author Adriaan de Jong <dejong@fox-it.com>
7 *
Paul Bakker68884e32013-01-07 18:20:04 +01008 * Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakker8123e9d2011-01-06 15:37:30 +00009 *
10 * This file is part of PolarSSL (http://www.polarssl.org)
11 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
12 *
13 * All rights reserved.
14 *
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License as published by
17 * the Free Software Foundation; either version 2 of the License, or
18 * (at your option) any later version.
19 *
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * You should have received a copy of the GNU General Public License along
26 * with this program; if not, write to the Free Software Foundation, Inc.,
27 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
28 */
29
30#include "polarssl/config.h"
31
32#if defined(POLARSSL_CIPHER_C)
33
34#include "polarssl/cipher.h"
35#include "polarssl/cipher_wrap.h"
36
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +020037#if defined(POLARSSL_GCM_C)
38#include "polarssl/gcm.h"
39#endif
40
Paul Bakker8123e9d2011-01-06 15:37:30 +000041#include <stdlib.h>
42
Manuel Pégourié-Gonnardb5e85882013-08-28 16:36:14 +020043#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +020044#define POLARSSL_CIPHER_MODE_STREAM
45#endif
46
Paul Bakkeraf5c85f2011-04-18 03:47:52 +000047#if defined _MSC_VER && !defined strcasecmp
48#define strcasecmp _stricmp
49#endif
50
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +020051static int supported_init = 0;
Paul Bakker72f62662011-01-16 21:27:44 +000052
53const int *cipher_list( void )
54{
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +020055 const cipher_definition_t *def;
56 int *type;
57
58 if( ! supported_init )
59 {
60 def = cipher_definitions;
61 type = supported_ciphers;
62
63 while( def->type != 0 )
64 *type++ = (*def++).type;
65
66 *type = 0;
67
68 supported_init = 1;
69 }
70
Paul Bakker72f62662011-01-16 21:27:44 +000071 return supported_ciphers;
72}
73
Paul Bakkerec1b9842012-01-14 18:24:43 +000074const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
Paul Bakker8123e9d2011-01-06 15:37:30 +000075{
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +020076 const cipher_definition_t *def;
Paul Bakker5e0efa72013-09-08 23:04:04 +020077
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +020078 for( def = cipher_definitions; def->info != NULL; def++ )
79 if( def->type == cipher_type )
80 return( def->info );
Paul Bakker343a8702011-06-09 14:27:58 +000081
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +020082 return NULL;
Paul Bakker8123e9d2011-01-06 15:37:30 +000083}
84
85const cipher_info_t *cipher_info_from_string( const char *cipher_name )
86{
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +020087 const cipher_definition_t *def;
88
Paul Bakker8123e9d2011-01-06 15:37:30 +000089 if( NULL == cipher_name )
90 return NULL;
91
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +020092 for( def = cipher_definitions; def->info != NULL; def++ )
93 if( ! strcasecmp( def->info->name, cipher_name ) )
94 return( def->info );
Paul Bakkerfab5c822012-02-06 16:45:10 +000095
Paul Bakker8123e9d2011-01-06 15:37:30 +000096 return NULL;
97}
98
Paul Bakkerf46b6952013-09-09 00:08:26 +020099const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
100 int key_length,
101 const cipher_mode_t mode )
102{
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200103 const cipher_definition_t *def;
Paul Bakkerf46b6952013-09-09 00:08:26 +0200104
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200105 for( def = cipher_definitions; def->info != NULL; def++ )
106 if( def->info->base->cipher == cipher_id &&
107 def->info->key_length == (unsigned) key_length &&
108 def->info->mode == mode )
109 return( def->info );
Paul Bakkerf46b6952013-09-09 00:08:26 +0200110
111 return NULL;
112}
113
Paul Bakker8123e9d2011-01-06 15:37:30 +0000114int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
115{
116 if( NULL == cipher_info || NULL == ctx )
Paul Bakkerff61a782011-06-09 15:42:02 +0000117 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000118
Paul Bakker279432a2012-04-26 10:09:35 +0000119 memset( ctx, 0, sizeof( cipher_context_t ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000120
Paul Bakker343a8702011-06-09 14:27:58 +0000121 if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
Paul Bakkerff61a782011-06-09 15:42:02 +0000122 return POLARSSL_ERR_CIPHER_ALLOC_FAILED;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000123
124 ctx->cipher_info = cipher_info;
125
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200126#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200127 /*
128 * Ignore possible errors caused by a cipher mode that doesn't use padding
129 */
Paul Bakker48e93c82013-08-14 12:21:18 +0200130#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200131 (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_PKCS7 );
Paul Bakker48e93c82013-08-14 12:21:18 +0200132#else
133 (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_NONE );
134#endif
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200135#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200136
Paul Bakker8123e9d2011-01-06 15:37:30 +0000137 return 0;
138}
139
140int cipher_free_ctx( cipher_context_t *ctx )
141{
142 if( ctx == NULL || ctx->cipher_info == NULL )
Paul Bakkerff61a782011-06-09 15:42:02 +0000143 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000144
Paul Bakker343a8702011-06-09 14:27:58 +0000145 ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000146
147 return 0;
148}
149
150int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
151 int key_length, const operation_t operation )
152{
153 if( NULL == ctx || NULL == ctx->cipher_info )
Paul Bakkerff61a782011-06-09 15:42:02 +0000154 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000155
Manuel Pégourié-Gonnarddd0f57f2013-09-16 11:47:43 +0200156 if( (int) ctx->cipher_info->key_length != key_length )
157 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
158
Paul Bakker8123e9d2011-01-06 15:37:30 +0000159 ctx->key_length = key_length;
160 ctx->operation = operation;
161
Paul Bakker343a8702011-06-09 14:27:58 +0000162 /*
Paul Bakker6132d0a2012-07-04 17:10:40 +0000163 * For CFB and CTR mode always use the encryption key schedule
Paul Bakker343a8702011-06-09 14:27:58 +0000164 */
165 if( POLARSSL_ENCRYPT == operation ||
Paul Bakker6132d0a2012-07-04 17:10:40 +0000166 POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
Paul Bakker343a8702011-06-09 14:27:58 +0000167 POLARSSL_MODE_CTR == ctx->cipher_info->mode )
168 {
169 return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000170 ctx->key_length );
Paul Bakker343a8702011-06-09 14:27:58 +0000171 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000172
Paul Bakker343a8702011-06-09 14:27:58 +0000173 if( POLARSSL_DECRYPT == operation )
174 return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000175 ctx->key_length );
176
Paul Bakkerff61a782011-06-09 15:42:02 +0000177 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000178}
179
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200180int cipher_set_iv( cipher_context_t *ctx,
181 const unsigned char *iv, size_t iv_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000182{
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200183 size_t actual_iv_size;
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200184
Paul Bakker8123e9d2011-01-06 15:37:30 +0000185 if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
Paul Bakkerff61a782011-06-09 15:42:02 +0000186 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000187
Manuel Pégourié-Gonnarde0dca4a2013-10-24 16:54:25 +0200188 /* avoid buffer overflow in ctx->iv */
189 if( iv_len > POLARSSL_MAX_IV_LENGTH )
190 return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
191
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200192 if( ctx->cipher_info->accepts_variable_iv_size )
193 actual_iv_size = iv_len;
194 else
Manuel Pégourié-Gonnarde0dca4a2013-10-24 16:54:25 +0200195 {
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200196 actual_iv_size = ctx->cipher_info->iv_size;
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200197
Manuel Pégourié-Gonnarde0dca4a2013-10-24 16:54:25 +0200198 /* avoid reading past the end of input buffer */
199 if( actual_iv_size > iv_len )
200 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
201 }
202
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200203 memcpy( ctx->iv, iv, actual_iv_size );
204 ctx->iv_size = actual_iv_size;
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200205
206 return 0;
207}
208
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200209int cipher_reset( cipher_context_t *ctx )
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200210{
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200211 if( NULL == ctx || NULL == ctx->cipher_info )
212 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
213
Paul Bakker8123e9d2011-01-06 15:37:30 +0000214 ctx->unprocessed_len = 0;
215
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200216 return 0;
217}
218
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200219#if defined(POLARSSL_CIPHER_MODE_AEAD)
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200220int cipher_update_ad( cipher_context_t *ctx,
221 const unsigned char *ad, size_t ad_len )
222{
223 if( NULL == ctx || NULL == ctx->cipher_info )
224 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
225
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200226#if defined(POLARSSL_GCM_C)
227 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
228 {
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200229 return gcm_starts( (gcm_context *) ctx->cipher_ctx, ctx->operation,
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200230 ctx->iv, ctx->iv_size, ad, ad_len );
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200231 }
232#endif
233
Paul Bakker8123e9d2011-01-06 15:37:30 +0000234 return 0;
235}
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200236#endif /* POLARSSL_CIPHER_MODE_AEAD */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000237
Paul Bakker23986e52011-04-24 08:57:21 +0000238int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ilen,
239 unsigned char *output, size_t *olen )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000240{
Paul Bakkerff61a782011-06-09 15:42:02 +0000241 int ret;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000242
Paul Bakker68884e32013-01-07 18:20:04 +0100243 *olen = 0;
244
245 if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
Paul Bakkera885d682011-01-20 16:35:05 +0000246 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000247 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakkera885d682011-01-20 16:35:05 +0000248 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000249
Paul Bakker5e0efa72013-09-08 23:04:04 +0200250 if( ctx->cipher_info->mode == POLARSSL_MODE_ECB )
251 {
252 if( ilen != cipher_get_block_size( ctx ) )
253 return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
254
255 *olen = ilen;
256
257 if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx,
258 ctx->operation, input, output ) ) )
259 {
260 return ret;
261 }
262
263 return 0;
264 }
265
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200266#if defined(POLARSSL_GCM_C)
Paul Bakker5e0efa72013-09-08 23:04:04 +0200267 if( ctx->cipher_info->mode == POLARSSL_MODE_GCM )
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200268 {
269 *olen = ilen;
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200270 return gcm_update( (gcm_context *) ctx->cipher_ctx, ilen, input,
271 output );
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200272 }
273#endif
274
Paul Bakker68884e32013-01-07 18:20:04 +0100275 if( input == output &&
276 ( ctx->unprocessed_len != 0 || ilen % cipher_get_block_size( ctx ) ) )
277 {
278 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
279 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000280
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200281#if defined(POLARSSL_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200282 if( ctx->cipher_info->mode == POLARSSL_MODE_CBC )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000283 {
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200284 size_t copy_len = 0;
285
Paul Bakker8123e9d2011-01-06 15:37:30 +0000286 /*
287 * If there is not enough data for a full block, cache it.
288 */
289 if( ( ctx->operation == POLARSSL_DECRYPT &&
290 ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) ||
291 ( ctx->operation == POLARSSL_ENCRYPT &&
292 ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) )
293 {
294 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
295 ilen );
296
297 ctx->unprocessed_len += ilen;
298 return 0;
299 }
300
301 /*
302 * Process cached data first
303 */
304 if( ctx->unprocessed_len != 0 )
305 {
306 copy_len = cipher_get_block_size( ctx ) - ctx->unprocessed_len;
307
308 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
309 copy_len );
310
Paul Bakkerff61a782011-06-09 15:42:02 +0000311 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000312 ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000313 ctx->unprocessed_data, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000314 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000315 return ret;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000316 }
317
318 *olen += cipher_get_block_size( ctx );
319 output += cipher_get_block_size( ctx );
320 ctx->unprocessed_len = 0;
321
322 input += copy_len;
323 ilen -= copy_len;
324 }
325
326 /*
327 * Cache final, incomplete block
328 */
329 if( 0 != ilen )
330 {
331 copy_len = ilen % cipher_get_block_size( ctx );
332 if( copy_len == 0 && ctx->operation == POLARSSL_DECRYPT )
333 copy_len = cipher_get_block_size(ctx);
334
335 memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
336 copy_len );
337
338 ctx->unprocessed_len += copy_len;
339 ilen -= copy_len;
340 }
341
342 /*
343 * Process remaining full blocks
344 */
345 if( ilen )
346 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000347 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
348 ctx->operation, ilen, ctx->iv, input, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000349 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000350 return ret;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000351 }
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200352
Paul Bakker8123e9d2011-01-06 15:37:30 +0000353 *olen += ilen;
354 }
355
356 return 0;
357 }
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200358#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000359
Paul Bakker68884e32013-01-07 18:20:04 +0100360#if defined(POLARSSL_CIPHER_MODE_CFB)
Paul Bakker6132d0a2012-07-04 17:10:40 +0000361 if( ctx->cipher_info->mode == POLARSSL_MODE_CFB )
Paul Bakker343a8702011-06-09 14:27:58 +0000362 {
Paul Bakker6132d0a2012-07-04 17:10:40 +0000363 if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
Paul Bakker343a8702011-06-09 14:27:58 +0000364 ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000365 input, output ) ) )
Paul Bakker343a8702011-06-09 14:27:58 +0000366 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000367 return ret;
Paul Bakker343a8702011-06-09 14:27:58 +0000368 }
369
370 *olen = ilen;
371
372 return 0;
373 }
Paul Bakker68884e32013-01-07 18:20:04 +0100374#endif
Paul Bakker343a8702011-06-09 14:27:58 +0000375
Paul Bakker68884e32013-01-07 18:20:04 +0100376#if defined(POLARSSL_CIPHER_MODE_CTR)
Paul Bakker343a8702011-06-09 14:27:58 +0000377 if( ctx->cipher_info->mode == POLARSSL_MODE_CTR )
378 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000379 if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
Paul Bakker343a8702011-06-09 14:27:58 +0000380 ilen, &ctx->unprocessed_len, ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000381 ctx->unprocessed_data, input, output ) ) )
Paul Bakker343a8702011-06-09 14:27:58 +0000382 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000383 return ret;
Paul Bakker343a8702011-06-09 14:27:58 +0000384 }
385
386 *olen = ilen;
387
388 return 0;
389 }
Paul Bakker68884e32013-01-07 18:20:04 +0100390#endif
Paul Bakker343a8702011-06-09 14:27:58 +0000391
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200392#if defined(POLARSSL_CIPHER_MODE_STREAM)
393 if( ctx->cipher_info->mode == POLARSSL_MODE_STREAM )
394 {
395 if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
396 ilen, input, output ) ) )
397 {
398 return ret;
399 }
400
401 *olen = ilen;
402
403 return 0;
404 }
405#endif
406
Paul Bakkerff61a782011-06-09 15:42:02 +0000407 return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000408}
409
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200410#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
Paul Bakker48e93c82013-08-14 12:21:18 +0200411#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200412/*
413 * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
414 */
Paul Bakker23986e52011-04-24 08:57:21 +0000415static void add_pkcs_padding( unsigned char *output, size_t output_len,
416 size_t data_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000417{
Paul Bakker23986e52011-04-24 08:57:21 +0000418 size_t padding_len = output_len - data_len;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000419 unsigned char i = 0;
420
421 for( i = 0; i < padding_len; i++ )
Paul Bakker23986e52011-04-24 08:57:21 +0000422 output[data_len + i] = (unsigned char) padding_len;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000423}
424
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200425static int get_pkcs_padding( unsigned char *input, size_t input_len,
426 size_t *data_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000427{
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200428 size_t i, padding_len = 0;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000429
Paul Bakkera885d682011-01-20 16:35:05 +0000430 if( NULL == input || NULL == data_len )
Paul Bakkerff61a782011-06-09 15:42:02 +0000431 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000432
433 padding_len = input[input_len - 1];
434
Manuel Pégourié-Gonnardb7d24bc2013-07-26 10:58:48 +0200435 if( padding_len > input_len || padding_len == 0 )
Paul Bakkerff61a782011-06-09 15:42:02 +0000436 return POLARSSL_ERR_CIPHER_INVALID_PADDING;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000437
Paul Bakkera885d682011-01-20 16:35:05 +0000438 for( i = input_len - padding_len; i < input_len; i++ )
439 if( input[i] != padding_len )
Paul Bakkerff61a782011-06-09 15:42:02 +0000440 return POLARSSL_ERR_CIPHER_INVALID_PADDING;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000441
442 *data_len = input_len - padding_len;
443
444 return 0;
445}
Paul Bakker48e93c82013-08-14 12:21:18 +0200446#endif /* POLARSSL_CIPHER_PADDING_PKCS7 */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000447
Paul Bakker48e93c82013-08-14 12:21:18 +0200448#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200449/*
450 * One and zeros padding: fill with 80 00 ... 00
451 */
452static void add_one_and_zeros_padding( unsigned char *output,
453 size_t output_len, size_t data_len )
454{
455 size_t padding_len = output_len - data_len;
456 unsigned char i = 0;
457
458 output[data_len] = 0x80;
459 for( i = 1; i < padding_len; i++ )
460 output[data_len + i] = 0x00;
461}
462
463static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
464 size_t *data_len )
465{
466 unsigned char *p = input + input_len - 1;
467
468 if( NULL == input || NULL == data_len )
469 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
470
471 while( *p == 0x00 && p > input )
472 --p;
473
474 if( *p != 0x80 )
475 return POLARSSL_ERR_CIPHER_INVALID_PADDING;
476
477 *data_len = p - input;
478
479 return 0;
480}
Paul Bakker48e93c82013-08-14 12:21:18 +0200481#endif /* POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS */
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200482
Paul Bakker48e93c82013-08-14 12:21:18 +0200483#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200484/*
485 * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
486 */
487static void add_zeros_and_len_padding( unsigned char *output,
488 size_t output_len, size_t data_len )
489{
490 size_t padding_len = output_len - data_len;
491 unsigned char i = 0;
492
493 for( i = 1; i < padding_len; i++ )
494 output[data_len + i - 1] = 0x00;
495 output[output_len - 1] = (unsigned char) padding_len;
496}
497
498static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
499 size_t *data_len )
500{
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200501 size_t i, padding_len = 0;
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200502
503 if( NULL == input || NULL == data_len )
504 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
505
506 padding_len = input[input_len - 1];
507
508 if( padding_len > input_len || padding_len == 0 )
509 return POLARSSL_ERR_CIPHER_INVALID_PADDING;
510
511 for( i = input_len - padding_len; i < input_len - 1; i++ )
512 if( input[i] != 0x00 )
513 return POLARSSL_ERR_CIPHER_INVALID_PADDING;
514
515 *data_len = input_len - padding_len;
516
517 return 0;
518}
Paul Bakker48e93c82013-08-14 12:21:18 +0200519#endif /* POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN */
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200520
Paul Bakker48e93c82013-08-14 12:21:18 +0200521#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200522/*
523 * Zero padding: fill with 00 ... 00
524 */
525static void add_zeros_padding( unsigned char *output,
526 size_t output_len, size_t data_len )
527{
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200528 size_t i;
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200529
530 for( i = data_len; i < output_len; i++ )
531 output[i] = 0x00;
532}
533
534static int get_zeros_padding( unsigned char *input, size_t input_len,
535 size_t *data_len )
536{
537 unsigned char *p = input + input_len - 1;
538 if( NULL == input || NULL == data_len )
539 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
540
541 while( *p == 0x00 && p > input )
542 --p;
543
544 *data_len = *p == 0x00 ? 0 : p - input + 1;
545
546 return 0;
547}
Paul Bakker48e93c82013-08-14 12:21:18 +0200548#endif /* POLARSSL_CIPHER_PADDING_ZEROS */
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200549
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200550/*
551 * No padding: don't pad :)
552 *
553 * There is no add_padding function (check for NULL in cipher_finish)
554 * but a trivial get_padding function
555 */
556static int get_no_padding( unsigned char *input, size_t input_len,
557 size_t *data_len )
558{
559 if( NULL == input || NULL == data_len )
560 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
561
562 *data_len = input_len;
563
564 return 0;
565}
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200566#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200567
Manuel Pégourié-Gonnard9241be72013-08-31 17:31:03 +0200568int cipher_finish( cipher_context_t *ctx,
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200569 unsigned char *output, size_t *olen )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000570{
571 if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
Paul Bakkerff61a782011-06-09 15:42:02 +0000572 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000573
574 *olen = 0;
575
Paul Bakker6132d0a2012-07-04 17:10:40 +0000576 if( POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
Paul Bakkerfab5c822012-02-06 16:45:10 +0000577 POLARSSL_MODE_CTR == ctx->cipher_info->mode ||
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200578 POLARSSL_MODE_GCM == ctx->cipher_info->mode ||
Manuel Pégourié-Gonnardb5e85882013-08-28 16:36:14 +0200579 POLARSSL_MODE_STREAM == ctx->cipher_info->mode )
Paul Bakker343a8702011-06-09 14:27:58 +0000580 {
581 return 0;
582 }
583
Paul Bakker5e0efa72013-09-08 23:04:04 +0200584 if( POLARSSL_MODE_ECB == ctx->cipher_info->mode )
585 {
586 if( ctx->unprocessed_len != 0 )
587 return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
588
589 return 0;
590 }
591
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200592#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker8123e9d2011-01-06 15:37:30 +0000593 if( POLARSSL_MODE_CBC == ctx->cipher_info->mode )
594 {
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200595 int ret = 0;
596
Paul Bakker8123e9d2011-01-06 15:37:30 +0000597 if( POLARSSL_ENCRYPT == ctx->operation )
598 {
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200599 /* check for 'no padding' mode */
600 if( NULL == ctx->add_padding )
601 {
602 if( 0 != ctx->unprocessed_len )
603 return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
604
605 return 0;
606 }
607
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200608 ctx->add_padding( ctx->unprocessed_data, cipher_get_iv_size( ctx ),
Paul Bakker8123e9d2011-01-06 15:37:30 +0000609 ctx->unprocessed_len );
610 }
611 else if ( cipher_get_block_size( ctx ) != ctx->unprocessed_len )
612 {
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200613 /*
614 * For decrypt operations, expect a full block,
615 * or an empty block if no padding
616 */
617 if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
618 return 0;
619
Paul Bakkerff61a782011-06-09 15:42:02 +0000620 return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000621 }
622
623 /* cipher block */
Paul Bakkerff61a782011-06-09 15:42:02 +0000624 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
625 ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
626 ctx->unprocessed_data, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000627 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000628 return ret;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000629 }
630
631 /* Set output size for decryption */
632 if( POLARSSL_DECRYPT == ctx->operation )
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200633 return ctx->get_padding( output, cipher_get_block_size( ctx ),
634 olen );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000635
636 /* Set output size for encryption */
637 *olen = cipher_get_block_size( ctx );
638 return 0;
639 }
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200640#else
641 ((void) output);
642#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000643
Paul Bakkerff61a782011-06-09 15:42:02 +0000644 return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000645}
646
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200647#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200648int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode )
649{
650 if( NULL == ctx ||
651 POLARSSL_MODE_CBC != ctx->cipher_info->mode )
652 {
653 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
654 }
655
Paul Bakker1a45d912013-08-14 12:04:26 +0200656 switch( mode )
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200657 {
Paul Bakker48e93c82013-08-14 12:21:18 +0200658#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
Paul Bakker1a45d912013-08-14 12:04:26 +0200659 case POLARSSL_PADDING_PKCS7:
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200660 ctx->add_padding = add_pkcs_padding;
661 ctx->get_padding = get_pkcs_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200662 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200663#endif
664#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
Paul Bakker1a45d912013-08-14 12:04:26 +0200665 case POLARSSL_PADDING_ONE_AND_ZEROS:
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200666 ctx->add_padding = add_one_and_zeros_padding;
667 ctx->get_padding = get_one_and_zeros_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200668 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200669#endif
670#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
Paul Bakker1a45d912013-08-14 12:04:26 +0200671 case POLARSSL_PADDING_ZEROS_AND_LEN:
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200672 ctx->add_padding = add_zeros_and_len_padding;
673 ctx->get_padding = get_zeros_and_len_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200674 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200675#endif
676#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
Paul Bakker1a45d912013-08-14 12:04:26 +0200677 case POLARSSL_PADDING_ZEROS:
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200678 ctx->add_padding = add_zeros_padding;
679 ctx->get_padding = get_zeros_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200680 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200681#endif
Paul Bakker1a45d912013-08-14 12:04:26 +0200682 case POLARSSL_PADDING_NONE:
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200683 ctx->add_padding = NULL;
684 ctx->get_padding = get_no_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200685 break;
686
687 default:
Paul Bakker48e93c82013-08-14 12:21:18 +0200688 return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200689 }
690
Paul Bakker1a45d912013-08-14 12:04:26 +0200691 return 0;
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200692}
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200693#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200694
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200695#if defined(POLARSSL_CIPHER_MODE_AEAD)
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200696int cipher_write_tag( cipher_context_t *ctx,
697 unsigned char *tag, size_t tag_len )
698{
699 if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag )
700 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
701
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200702 if( POLARSSL_ENCRYPT != ctx->operation )
703 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
704
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200705#if defined(POLARSSL_GCM_C)
706 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200707 return gcm_finish( (gcm_context *) ctx->cipher_ctx, tag, tag_len );
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200708#endif
709
710 return 0;
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200711}
712
713int cipher_check_tag( cipher_context_t *ctx,
714 const unsigned char *tag, size_t tag_len )
715{
716 int ret;
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200717
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200718 if( NULL == ctx || NULL == ctx->cipher_info ||
719 POLARSSL_DECRYPT != ctx->operation )
720 {
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200721 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200722 }
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200723
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200724#if defined(POLARSSL_GCM_C)
725 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
726 {
727 unsigned char check_tag[16];
728 size_t i;
729 int diff;
730
731 if( tag_len > sizeof( check_tag ) )
732 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
733
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200734 if( 0 != ( ret = gcm_finish( (gcm_context *) ctx->cipher_ctx,
735 check_tag, tag_len ) ) )
736 {
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200737 return( ret );
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200738 }
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200739
740 /* Check the tag in "constant-time" */
741 for( diff = 0, i = 0; i < tag_len; i++ )
742 diff |= tag[i] ^ check_tag[i];
743
744 if( diff != 0 )
Manuel Pégourié-Gonnard4fee79b2013-09-19 18:09:14 +0200745 return( POLARSSL_ERR_CIPHER_AUTH_FAILED );
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200746
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200747 return( 0 );
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200748 }
749#endif
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200750
751 return( 0 );
752}
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200753#endif /* POLARSSL_CIPHER_MODE_AEAD */
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200754
Paul Bakker8123e9d2011-01-06 15:37:30 +0000755#if defined(POLARSSL_SELF_TEST)
756
757#include <stdio.h>
758
759#define ASSERT(x) if (!(x)) { \
760 printf( "failed with %i at %s\n", value, (#x) ); \
761 return( 1 ); \
762}
763/*
764 * Checkup routine
765 */
766
767int cipher_self_test( int verbose )
768{
Paul Bakkerd61e7d92011-01-18 16:17:47 +0000769 ((void) verbose);
770
Paul Bakker8123e9d2011-01-06 15:37:30 +0000771 return( 0 );
772}
773
774#endif
775
776#endif