TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 65fc6a886a8df5e850e60f5d408ee1985fcbd3aa / . / library / cipher.c
blob: 29c8bd0a6d17eeeb5bfc39691793acaf2cb99c5b [file] [log] [blame]
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]1/**
2 * \file cipher.c
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]3 *
Manuel Pégourié-Gonnardb4fe3cb2015-01-22 16:11:05 +0000[diff] [blame]4 * \brief Generic cipher wrapper for mbed TLS
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]5 *
6 * \author Adriaan de Jong <dejong@fox-it.com>
7 *
Manuel Pégourié-Gonnarda658a402015-01-23 09:45:19 +0000[diff] [blame]8 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]9 *
Manuel Pégourié-Gonnard085ab042015-01-23 11:06:27 +0000[diff] [blame]10 * This file is part of mbed TLS (https://www.polarssl.org)
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]11 *
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
16 *
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License along
23 * with this program; if not, write to the Free Software Foundation, Inc.,
24 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 */
26
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]27#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]28#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]29#else
30#include POLARSSL_CONFIG_FILE
31#endif
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]32
33#if defined(POLARSSL_CIPHER_C)
34
35#include "polarssl/cipher.h"
36#include "polarssl/cipher_wrap.h"
37
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]38#if defined(POLARSSL_GCM_C)
39#include "polarssl/gcm.h"
40#endif
41
Manuel Pégourié-Gonnard41936952014-05-13 13:18:17 +0200[diff] [blame]42#if defined(POLARSSL_CCM_C)
43#include "polarssl/ccm.h"
44#endif
45
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]46#include <stdlib.h>
47
Manuel Pégourié-Gonnardb5e85882013-08-28 16:36:14 +0200[diff] [blame]48#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200[diff] [blame]49#define POLARSSL_CIPHER_MODE_STREAM
50#endif
51
Paul Bakker6edcd412013-10-29 15:22:54 +0100[diff] [blame]52#if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
53 !defined(EFI32)
Paul Bakkeraf5c85f2011-04-18 03:47:52 +0000[diff] [blame]54#define strcasecmp _stricmp
55#endif
56
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]57/* Implementation that should never be optimized out by the compiler */
58static void polarssl_zeroize( void *v, size_t n ) {
59 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
60}
61
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]62static int supported_init = 0;
Paul Bakker72f62662011-01-16 21:27:44 +0000[diff] [blame]63
64const int *cipher_list( void )
65{
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]66 const cipher_definition_t *def;
67 int *type;
68
69 if( ! supported_init )
70 {
71 def = cipher_definitions;
72 type = supported_ciphers;
73
74 while( def->type != 0 )
75 *type++ = (*def++).type;
76
77 *type = 0;
78
79 supported_init = 1;
80 }
81
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]82 return( supported_ciphers );
Paul Bakker72f62662011-01-16 21:27:44 +0000[diff] [blame]83}
84
Paul Bakkerec1b9842012-01-14 18:24:43 +0000[diff] [blame]85const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]86{
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]87 const cipher_definition_t *def;
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]88
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]89 for( def = cipher_definitions; def->info != NULL; def++ )
90 if( def->type == cipher_type )
91 return( def->info );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]92
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]93 return( NULL );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]94}
95
96const cipher_info_t *cipher_info_from_string( const char *cipher_name )
97{
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]98 const cipher_definition_t *def;
99
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]100 if( NULL == cipher_name )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]101 return( NULL );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]102
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]103 for( def = cipher_definitions; def->info != NULL; def++ )
104 if( ! strcasecmp( def->info->name, cipher_name ) )
105 return( def->info );
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]106
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]107 return( NULL );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]108}
109
Paul Bakkerf46b6952013-09-09 00:08:26 +0200[diff] [blame]110const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
111 int key_length,
112 const cipher_mode_t mode )
113{
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]114 const cipher_definition_t *def;
Paul Bakkerf46b6952013-09-09 00:08:26 +0200[diff] [blame]115
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]116 for( def = cipher_definitions; def->info != NULL; def++ )
117 if( def->info->base->cipher == cipher_id &&
118 def->info->key_length == (unsigned) key_length &&
119 def->info->mode == mode )
120 return( def->info );
Paul Bakkerf46b6952013-09-09 00:08:26 +0200[diff] [blame]121
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]122 return( NULL );
Paul Bakkerf46b6952013-09-09 00:08:26 +0200[diff] [blame]123}
124
Paul Bakker84bbeb52014-07-01 14:53:22 +0200[diff] [blame]125void cipher_init( cipher_context_t *ctx )
126{
127 memset( ctx, 0, sizeof( cipher_context_t ) );
128}
129
130void cipher_free( cipher_context_t *ctx )
131{
132 if( ctx == NULL )
133 return;
134
135 if( ctx->cipher_ctx )
136 ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
137
138 polarssl_zeroize( ctx, sizeof(cipher_context_t) );
139}
140
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]141int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
142{
143 if( NULL == cipher_info || NULL == ctx )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]144 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]145
Paul Bakker279432a2012-04-26 10:09:35 +0000[diff] [blame]146 memset( ctx, 0, sizeof( cipher_context_t ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]147
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]148 if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]149 return( POLARSSL_ERR_CIPHER_ALLOC_FAILED );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]150
151 ctx->cipher_info = cipher_info;
152
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]153#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]154 /*
155 * Ignore possible errors caused by a cipher mode that doesn't use padding
156 */
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]157#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]158 (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_PKCS7 );
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]159#else
160 (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_NONE );
161#endif
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]162#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]163
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]164 return( 0 );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]165}
166
Paul Bakker84bbeb52014-07-01 14:53:22 +0200[diff] [blame]167/* Deprecated, redirects to cipher_free() */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]168int cipher_free_ctx( cipher_context_t *ctx )
169{
Paul Bakker84bbeb52014-07-01 14:53:22 +0200[diff] [blame]170 cipher_free( ctx );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]171
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]172 return( 0 );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]173}
174
175int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
176 int key_length, const operation_t operation )
177{
178 if( NULL == ctx || NULL == ctx->cipher_info )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]179 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]180
Manuel Pégourié-Gonnard398c57b2014-06-23 12:10:59 +0200[diff] [blame]181 if( ( ctx->cipher_info->flags & POLARSSL_CIPHER_VARIABLE_KEY_LEN ) == 0 &&
182 (int) ctx->cipher_info->key_length != key_length )
183 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]184 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard398c57b2014-06-23 12:10:59 +0200[diff] [blame]185 }
Manuel Pégourié-Gonnarddd0f57f2013-09-16 11:47:43 +0200[diff] [blame]186
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]187 ctx->key_length = key_length;
188 ctx->operation = operation;
189
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]190 /*
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]191 * For CFB and CTR mode always use the encryption key schedule
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]192 */
193 if( POLARSSL_ENCRYPT == operation ||
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]194 POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]195 POLARSSL_MODE_CTR == ctx->cipher_info->mode )
196 {
197 return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]198 ctx->key_length );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]199 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]200
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]201 if( POLARSSL_DECRYPT == operation )
202 return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]203 ctx->key_length );
204
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]205 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]206}
207
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]208int cipher_set_iv( cipher_context_t *ctx,
209 const unsigned char *iv, size_t iv_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]210{
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200[diff] [blame]211 size_t actual_iv_size;
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]212
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]213 if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]214 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]215
Manuel Pégourié-Gonnarde0dca4a2013-10-24 16:54:25 +0200[diff] [blame]216 /* avoid buffer overflow in ctx->iv */
217 if( iv_len > POLARSSL_MAX_IV_LENGTH )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]218 return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
Manuel Pégourié-Gonnarde0dca4a2013-10-24 16:54:25 +0200[diff] [blame]219
Manuel Pégourié-Gonnard81754a02014-06-23 11:33:18 +0200[diff] [blame]220 if( ( ctx->cipher_info->flags & POLARSSL_CIPHER_VARIABLE_IV_LEN ) != 0 )
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200[diff] [blame]221 actual_iv_size = iv_len;
222 else
Manuel Pégourié-Gonnarde0dca4a2013-10-24 16:54:25 +0200[diff] [blame]223 {
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200[diff] [blame]224 actual_iv_size = ctx->cipher_info->iv_size;
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]225
Manuel Pégourié-Gonnarde0dca4a2013-10-24 16:54:25 +0200[diff] [blame]226 /* avoid reading past the end of input buffer */
227 if( actual_iv_size > iv_len )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]228 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnarde0dca4a2013-10-24 16:54:25 +0200[diff] [blame]229 }
230
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200[diff] [blame]231 memcpy( ctx->iv, iv, actual_iv_size );
232 ctx->iv_size = actual_iv_size;
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]233
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]234 return( 0 );
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]235}
236
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]237int cipher_reset( cipher_context_t *ctx )
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]238{
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]239 if( NULL == ctx || NULL == ctx->cipher_info )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]240 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]241
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]242 ctx->unprocessed_len = 0;
243
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]244 return( 0 );
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]245}
246
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]247#if defined(POLARSSL_GCM_C)
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]248int cipher_update_ad( cipher_context_t *ctx,
249 const unsigned char *ad, size_t ad_len )
250{
251 if( NULL == ctx || NULL == ctx->cipher_info )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]252 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]253
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]254 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
255 {
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200[diff] [blame]256 return gcm_starts( (gcm_context *) ctx->cipher_ctx, ctx->operation,
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]257 ctx->iv, ctx->iv_size, ad, ad_len );
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]258 }
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]259
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]260 return( 0 );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]261}
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]262#endif /* POLARSSL_GCM_C */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]263
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]264int cipher_update( cipher_context_t *ctx, const unsigned char *input,
265 size_t ilen, unsigned char *output, size_t *olen )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]266{
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]267 int ret;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]268
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]269 if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]270 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]271 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]272 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]273
Paul Bakker6c212762013-12-16 15:24:50 +0100[diff] [blame]274 *olen = 0;
275
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]276 if( ctx->cipher_info->mode == POLARSSL_MODE_ECB )
277 {
278 if( ilen != cipher_get_block_size( ctx ) )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]279 return( POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED );
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]280
281 *olen = ilen;
282
283 if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx,
284 ctx->operation, input, output ) ) )
285 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]286 return( ret );
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]287 }
288
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]289 return( 0 );
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]290 }
291
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200[diff] [blame]292#if defined(POLARSSL_GCM_C)
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]293 if( ctx->cipher_info->mode == POLARSSL_MODE_GCM )
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200[diff] [blame]294 {
295 *olen = ilen;
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200[diff] [blame]296 return gcm_update( (gcm_context *) ctx->cipher_ctx, ilen, input,
297 output );
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200[diff] [blame]298 }
299#endif
300
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]301 if( input == output &&
302 ( ctx->unprocessed_len != 0 || ilen % cipher_get_block_size( ctx ) ) )
303 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]304 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]305 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]306
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]307#if defined(POLARSSL_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200[diff] [blame]308 if( ctx->cipher_info->mode == POLARSSL_MODE_CBC )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]309 {
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]310 size_t copy_len = 0;
311
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]312 /*
313 * If there is not enough data for a full block, cache it.
314 */
315 if( ( ctx->operation == POLARSSL_DECRYPT &&
316 ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) ||
317 ( ctx->operation == POLARSSL_ENCRYPT &&
318 ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) )
319 {
320 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
321 ilen );
322
323 ctx->unprocessed_len += ilen;
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]324 return( 0 );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]325 }
326
327 /*
328 * Process cached data first
329 */
330 if( ctx->unprocessed_len != 0 )
331 {
332 copy_len = cipher_get_block_size( ctx ) - ctx->unprocessed_len;
333
334 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
335 copy_len );
336
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]337 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]338 ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]339 ctx->unprocessed_data, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]340 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]341 return( ret );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]342 }
343
344 *olen += cipher_get_block_size( ctx );
345 output += cipher_get_block_size( ctx );
346 ctx->unprocessed_len = 0;
347
348 input += copy_len;
349 ilen -= copy_len;
350 }
351
352 /*
353 * Cache final, incomplete block
354 */
355 if( 0 != ilen )
356 {
357 copy_len = ilen % cipher_get_block_size( ctx );
358 if( copy_len == 0 && ctx->operation == POLARSSL_DECRYPT )
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]359 copy_len = cipher_get_block_size( ctx );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]360
361 memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
362 copy_len );
363
364 ctx->unprocessed_len += copy_len;
365 ilen -= copy_len;
366 }
367
368 /*
369 * Process remaining full blocks
370 */
371 if( ilen )
372 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]373 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
374 ctx->operation, ilen, ctx->iv, input, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]375 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]376 return( ret );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]377 }
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]378
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]379 *olen += ilen;
380 }
381
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]382 return( 0 );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]383 }
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]384#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]385
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]386#if defined(POLARSSL_CIPHER_MODE_CFB)
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]387 if( ctx->cipher_info->mode == POLARSSL_MODE_CFB )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]388 {
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]389 if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]390 ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]391 input, output ) ) )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]392 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]393 return( ret );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]394 }
395
396 *olen = ilen;
397
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]398 return( 0 );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]399 }
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]400#endif /* POLARSSL_CIPHER_MODE_CFB */
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]401
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]402#if defined(POLARSSL_CIPHER_MODE_CTR)
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]403 if( ctx->cipher_info->mode == POLARSSL_MODE_CTR )
404 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]405 if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]406 ilen, &ctx->unprocessed_len, ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]407 ctx->unprocessed_data, input, output ) ) )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]408 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]409 return( ret );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]410 }
411
412 *olen = ilen;
413
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]414 return( 0 );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]415 }
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]416#endif /* POLARSSL_CIPHER_MODE_CTR */
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]417
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200[diff] [blame]418#if defined(POLARSSL_CIPHER_MODE_STREAM)
419 if( ctx->cipher_info->mode == POLARSSL_MODE_STREAM )
420 {
421 if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
422 ilen, input, output ) ) )
423 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]424 return( ret );
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200[diff] [blame]425 }
426
427 *olen = ilen;
428
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]429 return( 0 );
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200[diff] [blame]430 }
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]431#endif /* POLARSSL_CIPHER_MODE_STREAM */
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200[diff] [blame]432
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]433 return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]434}
435
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]436#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]437#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]438/*
439 * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
440 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]441static void add_pkcs_padding( unsigned char *output, size_t output_len,
442 size_t data_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]443{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]444 size_t padding_len = output_len - data_len;
Manuel Pégourié-Gonnardf8ab0692013-10-27 17:21:14 +0100[diff] [blame]445 unsigned char i;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]446
447 for( i = 0; i < padding_len; i++ )
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]448 output[data_len + i] = (unsigned char) padding_len;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]449}
450
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]451static int get_pkcs_padding( unsigned char *input, size_t input_len,
452 size_t *data_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]453{
Manuel Pégourié-Gonnardf8ab0692013-10-27 17:21:14 +0100[diff] [blame]454 size_t i, pad_idx;
455 unsigned char padding_len, bad = 0;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]456
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]457 if( NULL == input || NULL == data_len )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]458 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]459
460 padding_len = input[input_len - 1];
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]461 *data_len = input_len - padding_len;
462
Manuel Pégourié-Gonnardf8ab0692013-10-27 17:21:14 +0100[diff] [blame]463 /* Avoid logical || since it results in a branch */
464 bad |= padding_len > input_len;
465 bad |= padding_len == 0;
466
467 /* The number of bytes checked must be independent of padding_len,
468 * so pick input_len, which is usually 8 or 16 (one block) */
469 pad_idx = input_len - padding_len;
470 for( i = 0; i < input_len; i++ )
471 bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx );
472
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]473 return( POLARSSL_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]474}
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]475#endif /* POLARSSL_CIPHER_PADDING_PKCS7 */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]476
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]477#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]478/*
479 * One and zeros padding: fill with 80 00 ... 00
480 */
481static void add_one_and_zeros_padding( unsigned char *output,
482 size_t output_len, size_t data_len )
483{
484 size_t padding_len = output_len - data_len;
485 unsigned char i = 0;
486
487 output[data_len] = 0x80;
488 for( i = 1; i < padding_len; i++ )
489 output[data_len + i] = 0x00;
490}
491
492static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
493 size_t *data_len )
494{
Manuel Pégourié-Gonnard6c329902013-10-27 18:25:03 +0100[diff] [blame]495 size_t i;
496 unsigned char done = 0, prev_done, bad;
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]497
498 if( NULL == input || NULL == data_len )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]499 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]500
Manuel Pégourié-Gonnard6c329902013-10-27 18:25:03 +0100[diff] [blame]501 bad = 0xFF;
502 *data_len = 0;
503 for( i = input_len; i > 0; i-- )
504 {
505 prev_done = done;
506 done |= ( input[i-1] != 0 );
507 *data_len |= ( i - 1 ) * ( done != prev_done );
508 bad &= ( input[i-1] ^ 0x80 ) | ( done == prev_done );
509 }
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]510
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]511 return( POLARSSL_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]512
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]513}
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]514#endif /* POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS */
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]515
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]516#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]517/*
518 * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
519 */
520static void add_zeros_and_len_padding( unsigned char *output,
521 size_t output_len, size_t data_len )
522{
523 size_t padding_len = output_len - data_len;
524 unsigned char i = 0;
525
526 for( i = 1; i < padding_len; i++ )
527 output[data_len + i - 1] = 0x00;
528 output[output_len - 1] = (unsigned char) padding_len;
529}
530
531static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
532 size_t *data_len )
533{
Manuel Pégourié-Gonnardd17df512013-10-27 17:32:43 +0100[diff] [blame]534 size_t i, pad_idx;
535 unsigned char padding_len, bad = 0;
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]536
537 if( NULL == input || NULL == data_len )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]538 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]539
540 padding_len = input[input_len - 1];
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]541 *data_len = input_len - padding_len;
542
Manuel Pégourié-Gonnardd17df512013-10-27 17:32:43 +0100[diff] [blame]543 /* Avoid logical || since it results in a branch */
544 bad |= padding_len > input_len;
545 bad |= padding_len == 0;
546
547 /* The number of bytes checked must be independent of padding_len */
548 pad_idx = input_len - padding_len;
549 for( i = 0; i < input_len - 1; i++ )
550 bad |= input[i] * ( i >= pad_idx );
551
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]552 return( POLARSSL_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]553}
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]554#endif /* POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN */
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]555
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]556#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]557/*
558 * Zero padding: fill with 00 ... 00
559 */
560static void add_zeros_padding( unsigned char *output,
561 size_t output_len, size_t data_len )
562{
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200[diff] [blame]563 size_t i;
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]564
565 for( i = data_len; i < output_len; i++ )
566 output[i] = 0x00;
567}
568
569static int get_zeros_padding( unsigned char *input, size_t input_len,
570 size_t *data_len )
571{
Manuel Pégourié-Gonnarde68bf172013-10-27 18:26:39 +0100[diff] [blame]572 size_t i;
573 unsigned char done = 0, prev_done;
574
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]575 if( NULL == input || NULL == data_len )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]576 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]577
Manuel Pégourié-Gonnarde68bf172013-10-27 18:26:39 +0100[diff] [blame]578 *data_len = 0;
579 for( i = input_len; i > 0; i-- )
580 {
581 prev_done = done;
582 done |= ( input[i-1] != 0 );
583 *data_len |= i * ( done != prev_done );
584 }
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]585
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]586 return( 0 );
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]587}
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]588#endif /* POLARSSL_CIPHER_PADDING_ZEROS */
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]589
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]590/*
591 * No padding: don't pad :)
592 *
593 * There is no add_padding function (check for NULL in cipher_finish)
594 * but a trivial get_padding function
595 */
596static int get_no_padding( unsigned char *input, size_t input_len,
597 size_t *data_len )
598{
599 if( NULL == input || NULL == data_len )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]600 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]601
602 *data_len = input_len;
603
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]604 return( 0 );
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]605}
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]606#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]607
Manuel Pégourié-Gonnard9241be72013-08-31 17:31:03 +0200[diff] [blame]608int cipher_finish( cipher_context_t *ctx,
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]609 unsigned char *output, size_t *olen )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]610{
611 if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]612 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]613
614 *olen = 0;
615
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]616 if( POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]617 POLARSSL_MODE_CTR == ctx->cipher_info->mode ||
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200[diff] [blame]618 POLARSSL_MODE_GCM == ctx->cipher_info->mode ||
Manuel Pégourié-Gonnardb5e85882013-08-28 16:36:14 +0200[diff] [blame]619 POLARSSL_MODE_STREAM == ctx->cipher_info->mode )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]620 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]621 return( 0 );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]622 }
623
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]624 if( POLARSSL_MODE_ECB == ctx->cipher_info->mode )
625 {
626 if( ctx->unprocessed_len != 0 )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]627 return( POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED );
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]628
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]629 return( 0 );
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]630 }
631
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]632#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]633 if( POLARSSL_MODE_CBC == ctx->cipher_info->mode )
634 {
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]635 int ret = 0;
636
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]637 if( POLARSSL_ENCRYPT == ctx->operation )
638 {
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]639 /* check for 'no padding' mode */
640 if( NULL == ctx->add_padding )
641 {
642 if( 0 != ctx->unprocessed_len )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]643 return( POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED );
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]644
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]645 return( 0 );
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]646 }
647
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]648 ctx->add_padding( ctx->unprocessed_data, cipher_get_iv_size( ctx ),
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]649 ctx->unprocessed_len );
650 }
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]651 else if( cipher_get_block_size( ctx ) != ctx->unprocessed_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]652 {
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]653 /*
654 * For decrypt operations, expect a full block,
655 * or an empty block if no padding
656 */
657 if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]658 return( 0 );
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]659
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]660 return( POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]661 }
662
663 /* cipher block */
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]664 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
665 ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
666 ctx->unprocessed_data, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]667 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]668 return( ret );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]669 }
670
671 /* Set output size for decryption */
672 if( POLARSSL_DECRYPT == ctx->operation )
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]673 return ctx->get_padding( output, cipher_get_block_size( ctx ),
674 olen );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]675
676 /* Set output size for encryption */
677 *olen = cipher_get_block_size( ctx );
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]678 return( 0 );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]679 }
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]680#else
681 ((void) output);
682#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]683
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]684 return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]685}
686
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]687#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]688int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode )
689{
690 if( NULL == ctx ||
691 POLARSSL_MODE_CBC != ctx->cipher_info->mode )
692 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]693 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]694 }
695
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]696 switch( mode )
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]697 {
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]698#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]699 case POLARSSL_PADDING_PKCS7:
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]700 ctx->add_padding = add_pkcs_padding;
701 ctx->get_padding = get_pkcs_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]702 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]703#endif
704#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]705 case POLARSSL_PADDING_ONE_AND_ZEROS:
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]706 ctx->add_padding = add_one_and_zeros_padding;
707 ctx->get_padding = get_one_and_zeros_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]708 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]709#endif
710#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]711 case POLARSSL_PADDING_ZEROS_AND_LEN:
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]712 ctx->add_padding = add_zeros_and_len_padding;
713 ctx->get_padding = get_zeros_and_len_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]714 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]715#endif
716#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]717 case POLARSSL_PADDING_ZEROS:
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]718 ctx->add_padding = add_zeros_padding;
719 ctx->get_padding = get_zeros_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]720 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]721#endif
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]722 case POLARSSL_PADDING_NONE:
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]723 ctx->add_padding = NULL;
724 ctx->get_padding = get_no_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]725 break;
726
727 default:
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]728 return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]729 }
730
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]731 return( 0 );
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]732}
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]733#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]734
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]735#if defined(POLARSSL_GCM_C)
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]736int cipher_write_tag( cipher_context_t *ctx,
737 unsigned char *tag, size_t tag_len )
738{
739 if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]740 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]741
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]742 if( POLARSSL_ENCRYPT != ctx->operation )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]743 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]744
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]745 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200[diff] [blame]746 return gcm_finish( (gcm_context *) ctx->cipher_ctx, tag, tag_len );
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]747
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]748 return( 0 );
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]749}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]750
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]751int cipher_check_tag( cipher_context_t *ctx,
752 const unsigned char *tag, size_t tag_len )
753{
754 int ret;
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]755
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]756 if( NULL == ctx || NULL == ctx->cipher_info ||
757 POLARSSL_DECRYPT != ctx->operation )
758 {
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]759 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]760 }
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]761
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]762 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
763 {
764 unsigned char check_tag[16];
765 size_t i;
766 int diff;
767
768 if( tag_len > sizeof( check_tag ) )
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]769 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]770
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200[diff] [blame]771 if( 0 != ( ret = gcm_finish( (gcm_context *) ctx->cipher_ctx,
772 check_tag, tag_len ) ) )
773 {
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]774 return( ret );
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200[diff] [blame]775 }
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]776
777 /* Check the tag in "constant-time" */
778 for( diff = 0, i = 0; i < tag_len; i++ )
779 diff |= tag[i] ^ check_tag[i];
780
781 if( diff != 0 )
Manuel Pégourié-Gonnard4fee79b2013-09-19 18:09:14 +0200[diff] [blame]782 return( POLARSSL_ERR_CIPHER_AUTH_FAILED );
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]783
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]784 return( 0 );
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]785 }
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]786
787 return( 0 );
788}
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]789#endif /* POLARSSL_GCM_C */
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]790
Manuel Pégourié-Gonnard3c1d1502014-05-12 13:46:08 +0200[diff] [blame]791/*
792 * Packet-oriented wrapper for non-AEAD modes
793 */
794int cipher_crypt( cipher_context_t *ctx,
795 const unsigned char *iv, size_t iv_len,
796 const unsigned char *input, size_t ilen,
797 unsigned char *output, size_t *olen )
798{
799 int ret;
800 size_t finish_olen;
801
802 if( ( ret = cipher_set_iv( ctx, iv, iv_len ) ) != 0 )
803 return( ret );
804
805 if( ( ret = cipher_reset( ctx ) ) != 0 )
806 return( ret );
807
808 if( ( ret = cipher_update( ctx, input, ilen, output, olen ) ) != 0 )
809 return( ret );
810
811 if( ( ret = cipher_finish( ctx, output + *olen, &finish_olen ) ) != 0 )
812 return( ret );
813
814 *olen += finish_olen;
815
816 return( 0 );
817}
818
Manuel Pégourié-Gonnard4562ffe2014-05-13 12:19:29 +0200[diff] [blame]819#if defined(POLARSSL_CIPHER_MODE_AEAD)
820/*
821 * Packet-oriented encryption for AEAD modes
822 */
823int cipher_auth_encrypt( cipher_context_t *ctx,
824 const unsigned char *iv, size_t iv_len,
825 const unsigned char *ad, size_t ad_len,
826 const unsigned char *input, size_t ilen,
827 unsigned char *output, size_t *olen,
828 unsigned char *tag, size_t tag_len )
829{
830#if defined(POLARSSL_GCM_C)
831 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
832 {
833 *olen = ilen;
834 return( gcm_crypt_and_tag( ctx->cipher_ctx, GCM_ENCRYPT, ilen,
835 iv, iv_len, ad, ad_len, input, output,
836 tag_len, tag ) );
837 }
Manuel Pégourié-Gonnard41936952014-05-13 13:18:17 +0200[diff] [blame]838#endif /* POLARSSL_GCM_C */
839#if defined(POLARSSL_CCM_C)
840 if( POLARSSL_MODE_CCM == ctx->cipher_info->mode )
841 {
842 *olen = ilen;
843 return( ccm_encrypt_and_tag( ctx->cipher_ctx, ilen,
844 iv, iv_len, ad, ad_len, input, output,
845 tag, tag_len ) );
846 }
847#endif /* POLARSSL_CCM_C */
Manuel Pégourié-Gonnard4562ffe2014-05-13 12:19:29 +0200[diff] [blame]848
849 return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
850}
851
852/*
853 * Packet-oriented decryption for AEAD modes
854 */
855int cipher_auth_decrypt( cipher_context_t *ctx,
856 const unsigned char *iv, size_t iv_len,
857 const unsigned char *ad, size_t ad_len,
858 const unsigned char *input, size_t ilen,
859 unsigned char *output, size_t *olen,
860 const unsigned char *tag, size_t tag_len )
861{
862#if defined(POLARSSL_GCM_C)
863 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
864 {
865 int ret;
866
867 *olen = ilen;
868 ret = gcm_auth_decrypt( ctx->cipher_ctx, ilen,
869 iv, iv_len, ad, ad_len,
870 tag, tag_len, input, output );
871
872 if( ret == POLARSSL_ERR_GCM_AUTH_FAILED )
873 ret = POLARSSL_ERR_CIPHER_AUTH_FAILED;
874
875 return( ret );
876 }
Manuel Pégourié-Gonnard41936952014-05-13 13:18:17 +0200[diff] [blame]877#endif /* POLARSSL_GCM_C */
878#if defined(POLARSSL_CCM_C)
879 if( POLARSSL_MODE_CCM == ctx->cipher_info->mode )
880 {
881 int ret;
882
883 *olen = ilen;
884 ret = ccm_auth_decrypt( ctx->cipher_ctx, ilen,
885 iv, iv_len, ad, ad_len,
886 input, output, tag, tag_len );
887
888 if( ret == POLARSSL_ERR_CCM_AUTH_FAILED )
889 ret = POLARSSL_ERR_CIPHER_AUTH_FAILED;
890
891 return( ret );
892 }
893#endif /* POLARSSL_CCM_C */
Manuel Pégourié-Gonnard4562ffe2014-05-13 12:19:29 +0200[diff] [blame]894
895 return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
896}
897#endif /* POLARSSL_CIPHER_MODE_AEAD */
898
899
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]900#if defined(POLARSSL_SELF_TEST)
901
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]902/*
903 * Checkup routine
904 */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]905int cipher_self_test( int verbose )
906{
Paul Bakkerd61e7d92011-01-18 16:17:47 +0000[diff] [blame]907 ((void) verbose);
908
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]909 return( 0 );
910}
911
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]912#endif /* POLARSSL_SELF_TEST */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]913
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]914#endif /* POLARSSL_CIPHER_C */