TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / d64359279d58ce509861604752a60f1d04e9d15b / . / library / cipher.c
blob: b4fca9a4dcfb5b9543126ddd45c299cb2591eeed [file] [log] [blame]
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]1/**
2 * \file cipher.c
3 *
4 * \brief Generic cipher wrapper for PolarSSL
5 *
6 * \author Adriaan de Jong <dejong@fox-it.com>
7 *
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]8 * Copyright (C) 2006-2012, Brainspark B.V.
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]9 *
10 * This file is part of PolarSSL (http://www.polarssl.org)
11 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
12 *
13 * All rights reserved.
14 *
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License as published by
17 * the Free Software Foundation; either version 2 of the License, or
18 * (at your option) any later version.
19 *
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * You should have received a copy of the GNU General Public License along
26 * with this program; if not, write to the Free Software Foundation, Inc.,
27 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
28 */
29
30#include "polarssl/config.h"
31
32#if defined(POLARSSL_CIPHER_C)
33
34#include "polarssl/cipher.h"
35#include "polarssl/cipher_wrap.h"
36
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]37#include <stdlib.h>
38
Paul Bakkeraf5c85f2011-04-18 03:47:52 +0000[diff] [blame]39#if defined _MSC_VER && !defined strcasecmp
40#define strcasecmp _stricmp
41#endif
42
Paul Bakker312da332014-06-13 17:20:13 +0200[diff] [blame]43/* Implementation that should never be optimized out by the compiler */
44static void polarssl_zeroize( void *v, size_t n ) {
45 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
46}
47
Paul Bakker72f62662011-01-16 21:27:44 +0000[diff] [blame]48static const int supported_ciphers[] = {
49
50#if defined(POLARSSL_AES_C)
51 POLARSSL_CIPHER_AES_128_CBC,
52 POLARSSL_CIPHER_AES_192_CBC,
53 POLARSSL_CIPHER_AES_256_CBC,
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]54
55#if defined(POLARSSL_CIPHER_MODE_CFB)
56 POLARSSL_CIPHER_AES_128_CFB128,
57 POLARSSL_CIPHER_AES_192_CFB128,
58 POLARSSL_CIPHER_AES_256_CFB128,
59#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
60
61#if defined(POLARSSL_CIPHER_MODE_CTR)
62 POLARSSL_CIPHER_AES_128_CTR,
63 POLARSSL_CIPHER_AES_192_CTR,
64 POLARSSL_CIPHER_AES_256_CTR,
65#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
66
Paul Bakker72f62662011-01-16 21:27:44 +0000[diff] [blame]67#endif /* defined(POLARSSL_AES_C) */
68
69#if defined(POLARSSL_CAMELLIA_C)
70 POLARSSL_CIPHER_CAMELLIA_128_CBC,
71 POLARSSL_CIPHER_CAMELLIA_192_CBC,
72 POLARSSL_CIPHER_CAMELLIA_256_CBC,
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]73
74#if defined(POLARSSL_CIPHER_MODE_CFB)
75 POLARSSL_CIPHER_CAMELLIA_128_CFB128,
76 POLARSSL_CIPHER_CAMELLIA_192_CFB128,
77 POLARSSL_CIPHER_CAMELLIA_256_CFB128,
78#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
79
80#if defined(POLARSSL_CIPHER_MODE_CTR)
81 POLARSSL_CIPHER_CAMELLIA_128_CTR,
82 POLARSSL_CIPHER_CAMELLIA_192_CTR,
83 POLARSSL_CIPHER_CAMELLIA_256_CTR,
84#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
85
Paul Bakker72f62662011-01-16 21:27:44 +0000[diff] [blame]86#endif /* defined(POLARSSL_CAMELLIA_C) */
87
88#if defined(POLARSSL_DES_C)
89 POLARSSL_CIPHER_DES_CBC,
90 POLARSSL_CIPHER_DES_EDE_CBC,
91 POLARSSL_CIPHER_DES_EDE3_CBC,
92#endif /* defined(POLARSSL_DES_C) */
93
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]94#if defined(POLARSSL_BLOWFISH_C)
95 POLARSSL_CIPHER_BLOWFISH_CBC,
96
97#if defined(POLARSSL_CIPHER_MODE_CFB)
98 POLARSSL_CIPHER_BLOWFISH_CFB64,
99#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
100
101#if defined(POLARSSL_CIPHER_MODE_CTR)
102 POLARSSL_CIPHER_BLOWFISH_CTR,
103#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
104
105#endif /* defined(POLARSSL_BLOWFISH_C) */
106
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]107#if defined(POLARSSL_CIPHER_NULL_CIPHER)
108 POLARSSL_CIPHER_NULL,
109#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
110
Paul Bakker72f62662011-01-16 21:27:44 +0000[diff] [blame]111 0
112};
113
114const int *cipher_list( void )
115{
116 return supported_ciphers;
117}
118
Paul Bakkerec1b9842012-01-14 18:24:43 +0000[diff] [blame]119const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]120{
121 /* Find static cipher information */
122 switch ( cipher_type )
123 {
124#if defined(POLARSSL_AES_C)
125 case POLARSSL_CIPHER_AES_128_CBC:
126 return &aes_128_cbc_info;
127 case POLARSSL_CIPHER_AES_192_CBC:
128 return &aes_192_cbc_info;
129 case POLARSSL_CIPHER_AES_256_CBC:
130 return &aes_256_cbc_info;
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]131
132#if defined(POLARSSL_CIPHER_MODE_CFB)
133 case POLARSSL_CIPHER_AES_128_CFB128:
134 return &aes_128_cfb128_info;
135 case POLARSSL_CIPHER_AES_192_CFB128:
136 return &aes_192_cfb128_info;
137 case POLARSSL_CIPHER_AES_256_CFB128:
138 return &aes_256_cfb128_info;
139#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
140
141#if defined(POLARSSL_CIPHER_MODE_CTR)
142 case POLARSSL_CIPHER_AES_128_CTR:
143 return &aes_128_ctr_info;
144 case POLARSSL_CIPHER_AES_192_CTR:
145 return &aes_192_ctr_info;
146 case POLARSSL_CIPHER_AES_256_CTR:
147 return &aes_256_ctr_info;
148#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
149
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]150#endif
151
152#if defined(POLARSSL_CAMELLIA_C)
153 case POLARSSL_CIPHER_CAMELLIA_128_CBC:
154 return &camellia_128_cbc_info;
155 case POLARSSL_CIPHER_CAMELLIA_192_CBC:
156 return &camellia_192_cbc_info;
157 case POLARSSL_CIPHER_CAMELLIA_256_CBC:
158 return &camellia_256_cbc_info;
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]159
160#if defined(POLARSSL_CIPHER_MODE_CFB)
161 case POLARSSL_CIPHER_CAMELLIA_128_CFB128:
162 return &camellia_128_cfb128_info;
163 case POLARSSL_CIPHER_CAMELLIA_192_CFB128:
164 return &camellia_192_cfb128_info;
165 case POLARSSL_CIPHER_CAMELLIA_256_CFB128:
166 return &camellia_256_cfb128_info;
167#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
168
169#if defined(POLARSSL_CIPHER_MODE_CTR)
170 case POLARSSL_CIPHER_CAMELLIA_128_CTR:
171 return &camellia_128_ctr_info;
172 case POLARSSL_CIPHER_CAMELLIA_192_CTR:
173 return &camellia_192_ctr_info;
174 case POLARSSL_CIPHER_CAMELLIA_256_CTR:
175 return &camellia_256_ctr_info;
176#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
177
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]178#endif
179
180#if defined(POLARSSL_DES_C)
181 case POLARSSL_CIPHER_DES_CBC:
182 return &des_cbc_info;
183 case POLARSSL_CIPHER_DES_EDE_CBC:
184 return &des_ede_cbc_info;
185 case POLARSSL_CIPHER_DES_EDE3_CBC:
186 return &des_ede3_cbc_info;
187#endif
188
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]189#if defined(POLARSSL_BLOWFISH_C)
190 case POLARSSL_CIPHER_BLOWFISH_CBC:
191 return &blowfish_cbc_info;
192
193#if defined(POLARSSL_CIPHER_MODE_CFB)
194 case POLARSSL_CIPHER_BLOWFISH_CFB64:
195 return &blowfish_cfb64_info;
196#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
197
198#if defined(POLARSSL_CIPHER_MODE_CTR)
199 case POLARSSL_CIPHER_BLOWFISH_CTR:
200 return &blowfish_ctr_info;
201#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
202
203#endif
204
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]205#if defined(POLARSSL_CIPHER_NULL_CIPHER)
206 case POLARSSL_CIPHER_NULL:
207 return &null_cipher_info;
208#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
209
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]210 default:
211 return NULL;
212 }
213}
214
215const cipher_info_t *cipher_info_from_string( const char *cipher_name )
216{
217 if( NULL == cipher_name )
218 return NULL;
219
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]220 /* Get the appropriate cipher information */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]221#if defined(POLARSSL_CAMELLIA_C)
222 if( !strcasecmp( "CAMELLIA-128-CBC", cipher_name ) )
223 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CBC );
224 if( !strcasecmp( "CAMELLIA-192-CBC", cipher_name ) )
225 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CBC );
226 if( !strcasecmp( "CAMELLIA-256-CBC", cipher_name ) )
227 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CBC );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]228
229#if defined(POLARSSL_CIPHER_MODE_CFB)
230 if( !strcasecmp( "CAMELLIA-128-CFB128", cipher_name ) )
231 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CFB128 );
232 if( !strcasecmp( "CAMELLIA-192-CFB128", cipher_name ) )
233 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CFB128 );
234 if( !strcasecmp( "CAMELLIA-256-CFB128", cipher_name ) )
235 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CFB128 );
236#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
237
238#if defined(POLARSSL_CIPHER_MODE_CTR)
239 if( !strcasecmp( "CAMELLIA-128-CTR", cipher_name ) )
240 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CTR );
241 if( !strcasecmp( "CAMELLIA-192-CTR", cipher_name ) )
242 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CTR );
243 if( !strcasecmp( "CAMELLIA-256-CTR", cipher_name ) )
244 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CTR );
245#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]246#endif
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]247
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]248#if defined(POLARSSL_AES_C)
249 if( !strcasecmp( "AES-128-CBC", cipher_name ) )
250 return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CBC );
251 if( !strcasecmp( "AES-192-CBC", cipher_name ) )
252 return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CBC );
253 if( !strcasecmp( "AES-256-CBC", cipher_name ) )
254 return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CBC );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]255
256#if defined(POLARSSL_CIPHER_MODE_CFB)
257 if( !strcasecmp( "AES-128-CFB128", cipher_name ) )
258 return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CFB128 );
259 if( !strcasecmp( "AES-192-CFB128", cipher_name ) )
260 return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CFB128 );
261 if( !strcasecmp( "AES-256-CFB128", cipher_name ) )
262 return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CFB128 );
263#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
264
265#if defined(POLARSSL_CIPHER_MODE_CTR)
266 if( !strcasecmp( "AES-128-CTR", cipher_name ) )
267 return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CTR );
268 if( !strcasecmp( "AES-192-CTR", cipher_name ) )
269 return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CTR );
270 if( !strcasecmp( "AES-256-CTR", cipher_name ) )
271 return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CTR );
272#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]273#endif
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]274
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]275#if defined(POLARSSL_DES_C)
276 if( !strcasecmp( "DES-CBC", cipher_name ) )
277 return cipher_info_from_type( POLARSSL_CIPHER_DES_CBC );
278 if( !strcasecmp( "DES-EDE-CBC", cipher_name ) )
279 return cipher_info_from_type( POLARSSL_CIPHER_DES_EDE_CBC );
280 if( !strcasecmp( "DES-EDE3-CBC", cipher_name ) )
281 return cipher_info_from_type( POLARSSL_CIPHER_DES_EDE3_CBC );
282#endif
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]283
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]284#if defined(POLARSSL_BLOWFISH_C)
285 if( !strcasecmp( "BLOWFISH-CBC", cipher_name ) )
286 return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CBC );
287
288#if defined(POLARSSL_CIPHER_MODE_CFB)
289 if( !strcasecmp( "BLOWFISH-CFB64", cipher_name ) )
290 return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CFB64 );
291#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
292
293#if defined(POLARSSL_CIPHER_MODE_CTR)
294 if( !strcasecmp( "BLOWFISH-CTR", cipher_name ) )
295 return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CTR );
296#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
297#endif
298
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]299#if defined(POLARSSL_CIPHER_NULL_CIPHER)
300 if( !strcasecmp( "NULL", cipher_name ) )
301 return cipher_info_from_type( POLARSSL_CIPHER_NULL );
302#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
303
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]304 return NULL;
305}
306
307int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
308{
309 if( NULL == cipher_info || NULL == ctx )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]310 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]311
Paul Bakker279432a2012-04-26 10:09:35 +0000[diff] [blame]312 memset( ctx, 0, sizeof( cipher_context_t ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]313
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]314 if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]315 return POLARSSL_ERR_CIPHER_ALLOC_FAILED;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]316
317 ctx->cipher_info = cipher_info;
318
319 return 0;
320}
321
322int cipher_free_ctx( cipher_context_t *ctx )
323{
324 if( ctx == NULL || ctx->cipher_info == NULL )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]325 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]326
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]327 ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
Paul Bakker312da332014-06-13 17:20:13 +0200[diff] [blame]328 polarssl_zeroize( ctx, sizeof(cipher_context_t) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]329
330 return 0;
331}
332
333int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
334 int key_length, const operation_t operation )
335{
336 if( NULL == ctx || NULL == ctx->cipher_info )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]337 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]338
339 ctx->key_length = key_length;
340 ctx->operation = operation;
341
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]342#if defined(POLARSSL_CIPHER_NULL_CIPHER)
343 if( ctx->cipher_info->mode == POLARSSL_MODE_NULL )
344 return 0;
345#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
346
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]347 /*
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]348 * For CFB and CTR mode always use the encryption key schedule
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]349 */
350 if( POLARSSL_ENCRYPT == operation ||
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]351 POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]352 POLARSSL_MODE_CTR == ctx->cipher_info->mode )
353 {
354 return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]355 ctx->key_length );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]356 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]357
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]358 if( POLARSSL_DECRYPT == operation )
359 return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]360 ctx->key_length );
361
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]362 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]363}
364
365int cipher_reset( cipher_context_t *ctx, const unsigned char *iv )
366{
367 if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]368 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]369
370 ctx->unprocessed_len = 0;
371
372 memcpy( ctx->iv, iv, cipher_get_iv_size( ctx ) );
373
374 return 0;
375}
376
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]377int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ilen,
378 unsigned char *output, size_t *olen )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]379{
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]380 int ret;
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]381 size_t copy_len = 0;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]382
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]383 if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ||
384 input == output )
385 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]386 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]387 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]388
389 *olen = 0;
390
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]391#if defined(POLARSSL_CIPHER_NULL_CIPHER)
392 if( ctx->cipher_info->mode == POLARSSL_MODE_NULL )
393 {
394 memcpy( output, input, ilen );
395 *olen = ilen;
396 return 0;
397 }
398#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
399
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]400 if( ctx->cipher_info->mode == POLARSSL_MODE_CBC )
401 {
402 /*
403 * If there is not enough data for a full block, cache it.
404 */
405 if( ( ctx->operation == POLARSSL_DECRYPT &&
406 ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) ||
407 ( ctx->operation == POLARSSL_ENCRYPT &&
408 ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) )
409 {
410 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
411 ilen );
412
413 ctx->unprocessed_len += ilen;
414 return 0;
415 }
416
417 /*
418 * Process cached data first
419 */
420 if( ctx->unprocessed_len != 0 )
421 {
422 copy_len = cipher_get_block_size( ctx ) - ctx->unprocessed_len;
423
424 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
425 copy_len );
426
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]427 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]428 ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]429 ctx->unprocessed_data, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]430 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]431 return ret;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]432 }
433
434 *olen += cipher_get_block_size( ctx );
435 output += cipher_get_block_size( ctx );
436 ctx->unprocessed_len = 0;
437
438 input += copy_len;
439 ilen -= copy_len;
440 }
441
442 /*
443 * Cache final, incomplete block
444 */
445 if( 0 != ilen )
446 {
447 copy_len = ilen % cipher_get_block_size( ctx );
448 if( copy_len == 0 && ctx->operation == POLARSSL_DECRYPT )
449 copy_len = cipher_get_block_size(ctx);
450
451 memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
452 copy_len );
453
454 ctx->unprocessed_len += copy_len;
455 ilen -= copy_len;
456 }
457
458 /*
459 * Process remaining full blocks
460 */
461 if( ilen )
462 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]463 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
464 ctx->operation, ilen, ctx->iv, input, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]465 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]466 return ret;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]467 }
468 *olen += ilen;
469 }
470
471 return 0;
472 }
473
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]474 if( ctx->cipher_info->mode == POLARSSL_MODE_CFB )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]475 {
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]476 if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]477 ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]478 input, output ) ) )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]479 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]480 return ret;
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]481 }
482
483 *olen = ilen;
484
485 return 0;
486 }
487
488 if( ctx->cipher_info->mode == POLARSSL_MODE_CTR )
489 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]490 if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]491 ilen, &ctx->unprocessed_len, ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]492 ctx->unprocessed_data, input, output ) ) )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]493 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]494 return ret;
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]495 }
496
497 *olen = ilen;
498
499 return 0;
500 }
501
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]502 return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]503}
504
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]505static void add_pkcs_padding( unsigned char *output, size_t output_len,
506 size_t data_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]507{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]508 size_t padding_len = output_len - data_len;
Paul Bakkere46b1772014-07-07 14:04:00 +0200[diff] [blame]509 unsigned char i;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]510
511 for( i = 0; i < padding_len; i++ )
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]512 output[data_len + i] = (unsigned char) padding_len;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]513}
514
Paul Bakkerec1b9842012-01-14 18:24:43 +0000[diff] [blame]515static int get_pkcs_padding( unsigned char *input, unsigned int input_len,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]516 size_t *data_len)
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]517{
Paul Bakkere46b1772014-07-07 14:04:00 +0200[diff] [blame]518 unsigned int i, pad_idx;
519 unsigned char padding_len, bad = 0;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]520
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]521 if( NULL == input || NULL == data_len )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]522 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]523
524 padding_len = input[input_len - 1];
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]525 *data_len = input_len - padding_len;
526
Paul Bakkere46b1772014-07-07 14:04:00 +0200[diff] [blame]527 /* Avoid logical || since it results in a branch */
528 bad |= padding_len > input_len;
529 bad |= padding_len == 0;
530
531 /* The number of bytes checked must be independent of padding_len,
532 * so pick input_len, which is usually 8 or 16 (one block) */
533 pad_idx = input_len - padding_len;
534 for( i = 0; i < input_len; i++ )
535 bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx );
536
537 return POLARSSL_ERR_CIPHER_INVALID_PADDING * (bad != 0);
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]538}
539
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]540int cipher_finish( cipher_context_t *ctx, unsigned char *output, size_t *olen)
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]541{
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]542 int ret = 0;
543
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]544 if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]545 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]546
547 *olen = 0;
548
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]549 if( POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]550 POLARSSL_MODE_CTR == ctx->cipher_info->mode ||
551 POLARSSL_MODE_NULL == ctx->cipher_info->mode )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]552 {
553 return 0;
554 }
555
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]556 if( POLARSSL_MODE_CBC == ctx->cipher_info->mode )
557 {
558 if( POLARSSL_ENCRYPT == ctx->operation )
559 {
560 add_pkcs_padding( ctx->unprocessed_data, cipher_get_iv_size( ctx ),
561 ctx->unprocessed_len );
562 }
563 else if ( cipher_get_block_size( ctx ) != ctx->unprocessed_len )
564 {
565 /* For decrypt operations, expect a full block */
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]566 return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]567 }
568
569 /* cipher block */
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]570 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
571 ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
572 ctx->unprocessed_data, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]573 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]574 return ret;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]575 }
576
577 /* Set output size for decryption */
578 if( POLARSSL_DECRYPT == ctx->operation )
579 return get_pkcs_padding( output, cipher_get_block_size( ctx ), olen );
580
581 /* Set output size for encryption */
582 *olen = cipher_get_block_size( ctx );
583 return 0;
584 }
585
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]586 return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]587}
588
589#if defined(POLARSSL_SELF_TEST)
590
591#include <stdio.h>
592
593#define ASSERT(x) if (!(x)) { \
594 printf( "failed with %i at %s\n", value, (#x) ); \
595 return( 1 ); \
596}
597/*
598 * Checkup routine
599 */
600
601int cipher_self_test( int verbose )
602{
Paul Bakkerd61e7d92011-01-18 16:17:47 +0000[diff] [blame]603 ((void) verbose);
604
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]605 return( 0 );
606}
607
608#endif
609
610#endif