PolarSSL v1.3.9
cipher.c
Go to the documentation of this file.
1
30#if !defined(POLARSSL_CONFIG_FILE)
31#include "polarssl/config.h"
32#else
33#include POLARSSL_CONFIG_FILE
34#endif
35
36#if defined(POLARSSL_CIPHER_C)
37
38#include "polarssl/cipher.h"
39#include "polarssl/cipher_wrap.h"
40
41#if defined(POLARSSL_GCM_C)
42#include "polarssl/gcm.h"
43#endif
44
45#if defined(POLARSSL_CCM_C)
46#include "polarssl/ccm.h"
47#endif
48
49#include <stdlib.h>
50
51#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
52#define POLARSSL_CIPHER_MODE_STREAM
53#endif
54
55#if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
56 !defined(EFI32)
57#define strcasecmp _stricmp
58#endif
59
60/* Implementation that should never be optimized out by the compiler */
61static void polarssl_zeroize( void *v, size_t n ) {
62 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
63}
64
65static int supported_init = 0;
66
67const int *cipher_list( void )
68{
69 const cipher_definition_t *def;
70 int *type;
71
72 if( ! supported_init )
73 {
74 def = cipher_definitions;
75 type = supported_ciphers;
76
77 while( def->type != 0 )
78 *type++ = (*def++).type;
79
80 *type = 0;
81
82 supported_init = 1;
83 }
84
85 return( supported_ciphers );
86}
87
88const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
89{
90 const cipher_definition_t *def;
91
92 for( def = cipher_definitions; def->info != NULL; def++ )
93 if( def->type == cipher_type )
94 return( def->info );
95
96 return( NULL );
97}
98
99const cipher_info_t *cipher_info_from_string( const char *cipher_name )
100{
101 const cipher_definition_t *def;
102
103 if( NULL == cipher_name )
104 return( NULL );
105
106 for( def = cipher_definitions; def->info != NULL; def++ )
107 if( ! strcasecmp( def->info->name, cipher_name ) )
108 return( def->info );
109
110 return( NULL );
111}
112
113const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
114 int key_length,
115 const cipher_mode_t mode )
116{
117 const cipher_definition_t *def;
118
119 for( def = cipher_definitions; def->info != NULL; def++ )
120 if( def->info->base->cipher == cipher_id &&
121 def->info->key_length == (unsigned) key_length &&
122 def->info->mode == mode )
123 return( def->info );
124
125 return( NULL );
126}
127
128void cipher_init( cipher_context_t *ctx )
129{
130 memset( ctx, 0, sizeof( cipher_context_t ) );
131}
132
133void cipher_free( cipher_context_t *ctx )
134{
135 if( ctx == NULL )
136 return;
137
138 if( ctx->cipher_ctx )
139 ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
140
141 polarssl_zeroize( ctx, sizeof(cipher_context_t) );
142}
143
144int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
145{
146 if( NULL == cipher_info || NULL == ctx )
147 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
148
149 memset( ctx, 0, sizeof( cipher_context_t ) );
150
151 if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
152 return( POLARSSL_ERR_CIPHER_ALLOC_FAILED );
153
154 ctx->cipher_info = cipher_info;
155
156#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
157 /*
158 * Ignore possible errors caused by a cipher mode that doesn't use padding
159 */
160#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
161 (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_PKCS7 );
162#else
163 (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_NONE );
164#endif
165#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
166
167 return( 0 );
168}
169
170/* Deprecated, redirects to cipher_free() */
171int cipher_free_ctx( cipher_context_t *ctx )
172{
173 cipher_free( ctx );
174
175 return( 0 );
176}
177
178int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
179 int key_length, const operation_t operation )
180{
181 if( NULL == ctx || NULL == ctx->cipher_info )
182 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
183
184 if( ( ctx->cipher_info->flags & POLARSSL_CIPHER_VARIABLE_KEY_LEN ) == 0 &&
185 (int) ctx->cipher_info->key_length != key_length )
186 {
187 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
188 }
189
190 ctx->key_length = key_length;
191 ctx->operation = operation;
192
193 /*
194 * For CFB and CTR mode always use the encryption key schedule
195 */
196 if( POLARSSL_ENCRYPT == operation ||
197 POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
198 POLARSSL_MODE_CTR == ctx->cipher_info->mode )
199 {
200 return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
201 ctx->key_length );
202 }
203
204 if( POLARSSL_DECRYPT == operation )
205 return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
206 ctx->key_length );
207
208 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
209}
210
211int cipher_set_iv( cipher_context_t *ctx,
212 const unsigned char *iv, size_t iv_len )
213{
214 size_t actual_iv_size;
215
216 if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
217 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
218
219 /* avoid buffer overflow in ctx->iv */
220 if( iv_len > POLARSSL_MAX_IV_LENGTH )
221 return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
222
223 if( ( ctx->cipher_info->flags & POLARSSL_CIPHER_VARIABLE_IV_LEN ) != 0 )
224 actual_iv_size = iv_len;
225 else
226 {
227 actual_iv_size = ctx->cipher_info->iv_size;
228
229 /* avoid reading past the end of input buffer */
230 if( actual_iv_size > iv_len )
231 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
232 }
233
234 memcpy( ctx->iv, iv, actual_iv_size );
235 ctx->iv_size = actual_iv_size;
236
237 return( 0 );
238}
239
240int cipher_reset( cipher_context_t *ctx )
241{
242 if( NULL == ctx || NULL == ctx->cipher_info )
243 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
244
245 ctx->unprocessed_len = 0;
246
247 return( 0 );
248}
249
250#if defined(POLARSSL_GCM_C)
251int cipher_update_ad( cipher_context_t *ctx,
252 const unsigned char *ad, size_t ad_len )
253{
254 if( NULL == ctx || NULL == ctx->cipher_info )
255 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
256
257 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
258 {
259 return gcm_starts( (gcm_context *) ctx->cipher_ctx, ctx->operation,
260 ctx->iv, ctx->iv_size, ad, ad_len );
261 }
262
263 return( 0 );
264}
265#endif /* POLARSSL_GCM_C */
266
267int cipher_update( cipher_context_t *ctx, const unsigned char *input,
268 size_t ilen, unsigned char *output, size_t *olen )
269{
270 int ret;
271
272 if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
273 {
274 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
275 }
276
277 *olen = 0;
278
279 if( ctx->cipher_info->mode == POLARSSL_MODE_ECB )
280 {
281 if( ilen != cipher_get_block_size( ctx ) )
282 return( POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED );
283
284 *olen = ilen;
285
286 if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx,
287 ctx->operation, input, output ) ) )
288 {
289 return( ret );
290 }
291
292 return( 0 );
293 }
294
295#if defined(POLARSSL_GCM_C)
296 if( ctx->cipher_info->mode == POLARSSL_MODE_GCM )
297 {
298 *olen = ilen;
299 return gcm_update( (gcm_context *) ctx->cipher_ctx, ilen, input,
300 output );
301 }
302#endif
303
304 if( input == output &&
305 ( ctx->unprocessed_len != 0 || ilen % cipher_get_block_size( ctx ) ) )
306 {
307 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
308 }
309
310#if defined(POLARSSL_CIPHER_MODE_CBC)
311 if( ctx->cipher_info->mode == POLARSSL_MODE_CBC )
312 {
313 size_t copy_len = 0;
314
315 /*
316 * If there is not enough data for a full block, cache it.
317 */
318 if( ( ctx->operation == POLARSSL_DECRYPT &&
319 ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) ||
320 ( ctx->operation == POLARSSL_ENCRYPT &&
321 ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) )
322 {
323 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
324 ilen );
325
326 ctx->unprocessed_len += ilen;
327 return( 0 );
328 }
329
330 /*
331 * Process cached data first
332 */
333 if( ctx->unprocessed_len != 0 )
334 {
335 copy_len = cipher_get_block_size( ctx ) - ctx->unprocessed_len;
336
337 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
338 copy_len );
339
340 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
341 ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
342 ctx->unprocessed_data, output ) ) )
343 {
344 return( ret );
345 }
346
347 *olen += cipher_get_block_size( ctx );
348 output += cipher_get_block_size( ctx );
349 ctx->unprocessed_len = 0;
350
351 input += copy_len;
352 ilen -= copy_len;
353 }
354
355 /*
356 * Cache final, incomplete block
357 */
358 if( 0 != ilen )
359 {
360 copy_len = ilen % cipher_get_block_size( ctx );
361 if( copy_len == 0 && ctx->operation == POLARSSL_DECRYPT )
362 copy_len = cipher_get_block_size( ctx );
363
364 memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
365 copy_len );
366
367 ctx->unprocessed_len += copy_len;
368 ilen -= copy_len;
369 }
370
371 /*
372 * Process remaining full blocks
373 */
374 if( ilen )
375 {
376 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
377 ctx->operation, ilen, ctx->iv, input, output ) ) )
378 {
379 return( ret );
380 }
381
382 *olen += ilen;
383 }
384
385 return( 0 );
386 }
387#endif /* POLARSSL_CIPHER_MODE_CBC */
388
389#if defined(POLARSSL_CIPHER_MODE_CFB)
390 if( ctx->cipher_info->mode == POLARSSL_MODE_CFB )
391 {
392 if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
393 ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
394 input, output ) ) )
395 {
396 return( ret );
397 }
398
399 *olen = ilen;
400
401 return( 0 );
402 }
403#endif /* POLARSSL_CIPHER_MODE_CFB */
404
405#if defined(POLARSSL_CIPHER_MODE_CTR)
406 if( ctx->cipher_info->mode == POLARSSL_MODE_CTR )
407 {
408 if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
409 ilen, &ctx->unprocessed_len, ctx->iv,
410 ctx->unprocessed_data, input, output ) ) )
411 {
412 return( ret );
413 }
414
415 *olen = ilen;
416
417 return( 0 );
418 }
419#endif /* POLARSSL_CIPHER_MODE_CTR */
420
421#if defined(POLARSSL_CIPHER_MODE_STREAM)
422 if( ctx->cipher_info->mode == POLARSSL_MODE_STREAM )
423 {
424 if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
425 ilen, input, output ) ) )
426 {
427 return( ret );
428 }
429
430 *olen = ilen;
431
432 return( 0 );
433 }
434#endif /* POLARSSL_CIPHER_MODE_STREAM */
435
436 return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
437}
438
439#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
440#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
441/*
442 * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
443 */
444static void add_pkcs_padding( unsigned char *output, size_t output_len,
445 size_t data_len )
446{
447 size_t padding_len = output_len - data_len;
448 unsigned char i;
449
450 for( i = 0; i < padding_len; i++ )
451 output[data_len + i] = (unsigned char) padding_len;
452}
453
454static int get_pkcs_padding( unsigned char *input, size_t input_len,
455 size_t *data_len )
456{
457 size_t i, pad_idx;
458 unsigned char padding_len, bad = 0;
459
460 if( NULL == input || NULL == data_len )
461 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
462
463 padding_len = input[input_len - 1];
464 *data_len = input_len - padding_len;
465
466 /* Avoid logical || since it results in a branch */
467 bad |= padding_len > input_len;
468 bad |= padding_len == 0;
469
470 /* The number of bytes checked must be independent of padding_len,
471 * so pick input_len, which is usually 8 or 16 (one block) */
472 pad_idx = input_len - padding_len;
473 for( i = 0; i < input_len; i++ )
474 bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx );
475
476 return( POLARSSL_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
477}
478#endif /* POLARSSL_CIPHER_PADDING_PKCS7 */
479
480#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
481/*
482 * One and zeros padding: fill with 80 00 ... 00
483 */
484static void add_one_and_zeros_padding( unsigned char *output,
485 size_t output_len, size_t data_len )
486{
487 size_t padding_len = output_len - data_len;
488 unsigned char i = 0;
489
490 output[data_len] = 0x80;
491 for( i = 1; i < padding_len; i++ )
492 output[data_len + i] = 0x00;
493}
494
495static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
496 size_t *data_len )
497{
498 size_t i;
499 unsigned char done = 0, prev_done, bad;
500
501 if( NULL == input || NULL == data_len )
502 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
503
504 bad = 0xFF;
505 *data_len = 0;
506 for( i = input_len; i > 0; i-- )
507 {
508 prev_done = done;
509 done |= ( input[i-1] != 0 );
510 *data_len |= ( i - 1 ) * ( done != prev_done );
511 bad &= ( input[i-1] ^ 0x80 ) | ( done == prev_done );
512 }
513
514 return( POLARSSL_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
515
516}
517#endif /* POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS */
518
519#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
520/*
521 * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
522 */
523static void add_zeros_and_len_padding( unsigned char *output,
524 size_t output_len, size_t data_len )
525{
526 size_t padding_len = output_len - data_len;
527 unsigned char i = 0;
528
529 for( i = 1; i < padding_len; i++ )
530 output[data_len + i - 1] = 0x00;
531 output[output_len - 1] = (unsigned char) padding_len;
532}
533
534static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
535 size_t *data_len )
536{
537 size_t i, pad_idx;
538 unsigned char padding_len, bad = 0;
539
540 if( NULL == input || NULL == data_len )
541 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
542
543 padding_len = input[input_len - 1];
544 *data_len = input_len - padding_len;
545
546 /* Avoid logical || since it results in a branch */
547 bad |= padding_len > input_len;
548 bad |= padding_len == 0;
549
550 /* The number of bytes checked must be independent of padding_len */
551 pad_idx = input_len - padding_len;
552 for( i = 0; i < input_len - 1; i++ )
553 bad |= input[i] * ( i >= pad_idx );
554
555 return( POLARSSL_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
556}
557#endif /* POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN */
558
559#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
560/*
561 * Zero padding: fill with 00 ... 00
562 */
563static void add_zeros_padding( unsigned char *output,
564 size_t output_len, size_t data_len )
565{
566 size_t i;
567
568 for( i = data_len; i < output_len; i++ )
569 output[i] = 0x00;
570}
571
572static int get_zeros_padding( unsigned char *input, size_t input_len,
573 size_t *data_len )
574{
575 size_t i;
576 unsigned char done = 0, prev_done;
577
578 if( NULL == input || NULL == data_len )
579 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
580
581 *data_len = 0;
582 for( i = input_len; i > 0; i-- )
583 {
584 prev_done = done;
585 done |= ( input[i-1] != 0 );
586 *data_len |= i * ( done != prev_done );
587 }
588
589 return( 0 );
590}
591#endif /* POLARSSL_CIPHER_PADDING_ZEROS */
592
593/*
594 * No padding: don't pad :)
595 *
596 * There is no add_padding function (check for NULL in cipher_finish)
597 * but a trivial get_padding function
598 */
599static int get_no_padding( unsigned char *input, size_t input_len,
600 size_t *data_len )
601{
602 if( NULL == input || NULL == data_len )
603 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
604
605 *data_len = input_len;
606
607 return( 0 );
608}
609#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
610
611int cipher_finish( cipher_context_t *ctx,
612 unsigned char *output, size_t *olen )
613{
614 if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
615 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
616
617 *olen = 0;
618
619 if( POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
620 POLARSSL_MODE_CTR == ctx->cipher_info->mode ||
621 POLARSSL_MODE_GCM == ctx->cipher_info->mode ||
622 POLARSSL_MODE_STREAM == ctx->cipher_info->mode )
623 {
624 return( 0 );
625 }
626
627 if( POLARSSL_MODE_ECB == ctx->cipher_info->mode )
628 {
629 if( ctx->unprocessed_len != 0 )
630 return( POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED );
631
632 return( 0 );
633 }
634
635#if defined(POLARSSL_CIPHER_MODE_CBC)
636 if( POLARSSL_MODE_CBC == ctx->cipher_info->mode )
637 {
638 int ret = 0;
639
640 if( POLARSSL_ENCRYPT == ctx->operation )
641 {
642 /* check for 'no padding' mode */
643 if( NULL == ctx->add_padding )
644 {
645 if( 0 != ctx->unprocessed_len )
646 return( POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED );
647
648 return( 0 );
649 }
650
651 ctx->add_padding( ctx->unprocessed_data, cipher_get_iv_size( ctx ),
652 ctx->unprocessed_len );
653 }
654 else if( cipher_get_block_size( ctx ) != ctx->unprocessed_len )
655 {
656 /*
657 * For decrypt operations, expect a full block,
658 * or an empty block if no padding
659 */
660 if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
661 return( 0 );
662
663 return( POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED );
664 }
665
666 /* cipher block */
667 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
668 ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
669 ctx->unprocessed_data, output ) ) )
670 {
671 return( ret );
672 }
673
674 /* Set output size for decryption */
675 if( POLARSSL_DECRYPT == ctx->operation )
676 return ctx->get_padding( output, cipher_get_block_size( ctx ),
677 olen );
678
679 /* Set output size for encryption */
680 *olen = cipher_get_block_size( ctx );
681 return( 0 );
682 }
683#else
684 ((void) output);
685#endif /* POLARSSL_CIPHER_MODE_CBC */
686
687 return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
688}
689
690#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
691int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode )
692{
693 if( NULL == ctx ||
694 POLARSSL_MODE_CBC != ctx->cipher_info->mode )
695 {
696 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
697 }
698
699 switch( mode )
700 {
701#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
702 case POLARSSL_PADDING_PKCS7:
703 ctx->add_padding = add_pkcs_padding;
704 ctx->get_padding = get_pkcs_padding;
705 break;
706#endif
707#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
708 case POLARSSL_PADDING_ONE_AND_ZEROS:
709 ctx->add_padding = add_one_and_zeros_padding;
710 ctx->get_padding = get_one_and_zeros_padding;
711 break;
712#endif
713#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
714 case POLARSSL_PADDING_ZEROS_AND_LEN:
715 ctx->add_padding = add_zeros_and_len_padding;
716 ctx->get_padding = get_zeros_and_len_padding;
717 break;
718#endif
719#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
720 case POLARSSL_PADDING_ZEROS:
721 ctx->add_padding = add_zeros_padding;
722 ctx->get_padding = get_zeros_padding;
723 break;
724#endif
725 case POLARSSL_PADDING_NONE:
726 ctx->add_padding = NULL;
727 ctx->get_padding = get_no_padding;
728 break;
729
730 default:
731 return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
732 }
733
734 return( 0 );
735}
736#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
737
738#if defined(POLARSSL_GCM_C)
739int cipher_write_tag( cipher_context_t *ctx,
740 unsigned char *tag, size_t tag_len )
741{
742 if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag )
743 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
744
745 if( POLARSSL_ENCRYPT != ctx->operation )
746 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
747
748 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
749 return gcm_finish( (gcm_context *) ctx->cipher_ctx, tag, tag_len );
750
751 return( 0 );
752}
753
754int cipher_check_tag( cipher_context_t *ctx,
755 const unsigned char *tag, size_t tag_len )
756{
757 int ret;
758
759 if( NULL == ctx || NULL == ctx->cipher_info ||
760 POLARSSL_DECRYPT != ctx->operation )
761 {
762 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
763 }
764
765 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
766 {
767 unsigned char check_tag[16];
768 size_t i;
769 int diff;
770
771 if( tag_len > sizeof( check_tag ) )
772 return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
773
774 if( 0 != ( ret = gcm_finish( (gcm_context *) ctx->cipher_ctx,
775 check_tag, tag_len ) ) )
776 {
777 return( ret );
778 }
779
780 /* Check the tag in "constant-time" */
781 for( diff = 0, i = 0; i < tag_len; i++ )
782 diff |= tag[i] ^ check_tag[i];
783
784 if( diff != 0 )
785 return( POLARSSL_ERR_CIPHER_AUTH_FAILED );
786
787 return( 0 );
788 }
789
790 return( 0 );
791}
792#endif /* POLARSSL_GCM_C */
793
794/*
795 * Packet-oriented wrapper for non-AEAD modes
796 */
797int cipher_crypt( cipher_context_t *ctx,
798 const unsigned char *iv, size_t iv_len,
799 const unsigned char *input, size_t ilen,
800 unsigned char *output, size_t *olen )
801{
802 int ret;
803 size_t finish_olen;
804
805 if( ( ret = cipher_set_iv( ctx, iv, iv_len ) ) != 0 )
806 return( ret );
807
808 if( ( ret = cipher_reset( ctx ) ) != 0 )
809 return( ret );
810
811 if( ( ret = cipher_update( ctx, input, ilen, output, olen ) ) != 0 )
812 return( ret );
813
814 if( ( ret = cipher_finish( ctx, output + *olen, &finish_olen ) ) != 0 )
815 return( ret );
816
817 *olen += finish_olen;
818
819 return( 0 );
820}
821
822#if defined(POLARSSL_CIPHER_MODE_AEAD)
823/*
824 * Packet-oriented encryption for AEAD modes
825 */
826int cipher_auth_encrypt( cipher_context_t *ctx,
827 const unsigned char *iv, size_t iv_len,
828 const unsigned char *ad, size_t ad_len,
829 const unsigned char *input, size_t ilen,
830 unsigned char *output, size_t *olen,
831 unsigned char *tag, size_t tag_len )
832{
833#if defined(POLARSSL_GCM_C)
834 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
835 {
836 *olen = ilen;
837 return( gcm_crypt_and_tag( ctx->cipher_ctx, GCM_ENCRYPT, ilen,
838 iv, iv_len, ad, ad_len, input, output,
839 tag_len, tag ) );
840 }
841#endif /* POLARSSL_GCM_C */
842#if defined(POLARSSL_CCM_C)
843 if( POLARSSL_MODE_CCM == ctx->cipher_info->mode )
844 {
845 *olen = ilen;
846 return( ccm_encrypt_and_tag( ctx->cipher_ctx, ilen,
847 iv, iv_len, ad, ad_len, input, output,
848 tag, tag_len ) );
849 }
850#endif /* POLARSSL_CCM_C */
851
852 return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
853}
854
855/*
856 * Packet-oriented decryption for AEAD modes
857 */
858int cipher_auth_decrypt( cipher_context_t *ctx,
859 const unsigned char *iv, size_t iv_len,
860 const unsigned char *ad, size_t ad_len,
861 const unsigned char *input, size_t ilen,
862 unsigned char *output, size_t *olen,
863 const unsigned char *tag, size_t tag_len )
864{
865#if defined(POLARSSL_GCM_C)
866 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
867 {
868 int ret;
869
870 *olen = ilen;
871 ret = gcm_auth_decrypt( ctx->cipher_ctx, ilen,
872 iv, iv_len, ad, ad_len,
873 tag, tag_len, input, output );
874
875 if( ret == POLARSSL_ERR_GCM_AUTH_FAILED )
876 ret = POLARSSL_ERR_CIPHER_AUTH_FAILED;
877
878 return( ret );
879 }
880#endif /* POLARSSL_GCM_C */
881#if defined(POLARSSL_CCM_C)
882 if( POLARSSL_MODE_CCM == ctx->cipher_info->mode )
883 {
884 int ret;
885
886 *olen = ilen;
887 ret = ccm_auth_decrypt( ctx->cipher_ctx, ilen,
888 iv, iv_len, ad, ad_len,
889 input, output, tag, tag_len );
890
891 if( ret == POLARSSL_ERR_CCM_AUTH_FAILED )
892 ret = POLARSSL_ERR_CIPHER_AUTH_FAILED;
893
894 return( ret );
895 }
896#endif /* POLARSSL_CCM_C */
897
898 return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
899}
900#endif /* POLARSSL_CIPHER_MODE_AEAD */
901
902
903#if defined(POLARSSL_SELF_TEST)
904
905/*
906 * Checkup routine
907 */
908int cipher_self_test( int verbose )
909{
910 ((void) verbose);
911
912 return( 0 );
913}
914
915#endif /* POLARSSL_SELF_TEST */
916
917#endif /* POLARSSL_CIPHER_C */
ccm.h
Counter with CBC-MAC (CCM) for 128-bit block ciphers.
ccm_auth_decrypt
int ccm_auth_decrypt(ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, const unsigned char *tag, size_t tag_len)
CCM buffer authenticated decryption.
ccm_encrypt_and_tag
int ccm_encrypt_and_tag(ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, unsigned char *tag, size_t tag_len)
CCM buffer encryption.
POLARSSL_ERR_CCM_AUTH_FAILED
#define POLARSSL_ERR_CCM_AUTH_FAILED
Authenticated decryption failed.
Definition: ccm.h:33
cipher.h
Generic cipher wrapper.
cipher_get_iv_size
static int cipher_get_iv_size(const cipher_context_t *ctx)
Returns the size of the cipher's IV/NONCE in bytes.
Definition: cipher.h:418
cipher_reset
int cipher_reset(cipher_context_t *ctx)
Finish preparation of the given context.
POLARSSL_ERR_CIPHER_AUTH_FAILED
#define POLARSSL_ERR_CIPHER_AUTH_FAILED
Authentication failed (for AEAD modes).
Definition: cipher.h:62
cipher_finish
int cipher_finish(cipher_context_t *ctx, unsigned char *output, size_t *olen)
Generic cipher finalisation function.
cipher_auth_encrypt
int cipher_auth_encrypt(cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, unsigned char *tag, size_t tag_len)
Generic autenticated encryption (AEAD ciphers).
cipher_id_t
cipher_id_t
Definition: cipher.h:71
POLARSSL_CIPHER_VARIABLE_KEY_LEN
#define POLARSSL_CIPHER_VARIABLE_KEY_LEN
Cipher accepts keys of variable length.
Definition: cipher.h:65
cipher_write_tag
int cipher_write_tag(cipher_context_t *ctx, unsigned char *tag, size_t tag_len)
Write tag for AEAD ciphers.
cipher_update_ad
int cipher_update_ad(cipher_context_t *ctx, const unsigned char *ad, size_t ad_len)
Add additional data (for AEAD ciphers).
cipher_init
void cipher_init(cipher_context_t *ctx)
Initialize a cipher_context (as NONE)
POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
#define POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
Bad input parameters to function.
Definition: cipher.h:58
operation_t
operation_t
Definition: cipher.h:154
POLARSSL_ENCRYPT
@ POLARSSL_ENCRYPT
Definition: cipher.h:157
POLARSSL_DECRYPT
@ POLARSSL_DECRYPT
Definition: cipher.h:156
cipher_setkey
int cipher_setkey(cipher_context_t *ctx, const unsigned char *key, int key_length, const operation_t operation)
Set the key to use with the given context.
cipher_type_t
cipher_type_t
Definition: cipher.h:82
cipher_info_from_type
const cipher_info_t * cipher_info_from_type(const cipher_type_t cipher_type)
Returns the cipher information structure associated with the given cipher type.
POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE
#define POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE
The selected feature is not available.
Definition: cipher.h:57
POLARSSL_ERR_CIPHER_INVALID_PADDING
#define POLARSSL_ERR_CIPHER_INVALID_PADDING
Input data contains invalid padding and is rejected.
Definition: cipher.h:60
cipher_list
const int * cipher_list(void)
Returns the list of ciphers supported by the generic cipher module.
cipher_check_tag
int cipher_check_tag(cipher_context_t *ctx, const unsigned char *tag, size_t tag_len)
Check tag for AEAD ciphers.
cipher_crypt
int cipher_crypt(cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
Generic all-in-one encryption/decryption (for all ciphers except AEAD constructs).
POLARSSL_ERR_CIPHER_ALLOC_FAILED
#define POLARSSL_ERR_CIPHER_ALLOC_FAILED
Failed to allocate memory.
Definition: cipher.h:59
cipher_set_padding_mode
int cipher_set_padding_mode(cipher_context_t *ctx, cipher_padding_t mode)
Set padding mode, for cipher modes that use padding.
cipher_set_iv
int cipher_set_iv(cipher_context_t *ctx, const unsigned char *iv, size_t iv_len)
Set the initialization vector (IV) or nonce.
cipher_get_block_size
static unsigned int cipher_get_block_size(const cipher_context_t *ctx)
Returns the block size of the given cipher.
Definition: cipher.h:384
cipher_free_ctx
int cipher_free_ctx(cipher_context_t *ctx)
Free the cipher-specific context of ctx.
cipher_padding_t
cipher_padding_t
Definition: cipher.h:146
POLARSSL_PADDING_ONE_AND_ZEROS
@ POLARSSL_PADDING_ONE_AND_ZEROS
ISO/IEC 7816-4 padding
Definition: cipher.h:148
POLARSSL_PADDING_PKCS7
@ POLARSSL_PADDING_PKCS7
PKCS7 padding (default)
Definition: cipher.h:147
POLARSSL_PADDING_ZEROS_AND_LEN
@ POLARSSL_PADDING_ZEROS_AND_LEN
ANSI X.923 padding
Definition: cipher.h:149
POLARSSL_PADDING_NONE
@ POLARSSL_PADDING_NONE
never pad (full blocks only)
Definition: cipher.h:151
POLARSSL_PADDING_ZEROS
@ POLARSSL_PADDING_ZEROS
zero padding (not reversible!)
Definition: cipher.h:150
cipher_info_from_string
const cipher_info_t * cipher_info_from_string(const char *cipher_name)
Returns the cipher information structure associated with the given cipher name.
cipher_auth_decrypt
int cipher_auth_decrypt(cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, const unsigned char *tag, size_t tag_len)
Generic autenticated decryption (AEAD ciphers).
cipher_init_ctx
int cipher_init_ctx(cipher_context_t *ctx, const cipher_info_t *cipher_info)
Initialises and fills the cipher context structure with the appropriate values.
POLARSSL_MAX_IV_LENGTH
#define POLARSSL_MAX_IV_LENGTH
Maximum length of any IV, in bytes.
Definition: cipher.h:172
POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED
#define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED
Decryption of block requires a full block.
Definition: cipher.h:61
cipher_self_test
int cipher_self_test(int verbose)
Checkup routine.
POLARSSL_CIPHER_VARIABLE_IV_LEN
#define POLARSSL_CIPHER_VARIABLE_IV_LEN
Cipher accepts IVs of variable length.
Definition: cipher.h:64
cipher_free
void cipher_free(cipher_context_t *ctx)
Free and clear the cipher-specific context of ctx.
cipher_mode_t
cipher_mode_t
Definition: cipher.h:134
POLARSSL_MODE_GCM
@ POLARSSL_MODE_GCM
Definition: cipher.h:141
POLARSSL_MODE_CTR
@ POLARSSL_MODE_CTR
Definition: cipher.h:140
POLARSSL_MODE_ECB
@ POLARSSL_MODE_ECB
Definition: cipher.h:136
POLARSSL_MODE_CBC
@ POLARSSL_MODE_CBC
Definition: cipher.h:137
POLARSSL_MODE_CCM
@ POLARSSL_MODE_CCM
Definition: cipher.h:143
POLARSSL_MODE_STREAM
@ POLARSSL_MODE_STREAM
Definition: cipher.h:142
POLARSSL_MODE_CFB
@ POLARSSL_MODE_CFB
Definition: cipher.h:138
cipher_update
int cipher_update(cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
Generic cipher update function.
cipher_info_from_values
const cipher_info_t * cipher_info_from_values(const cipher_id_t cipher_id, int key_length, const cipher_mode_t mode)
Returns the cipher information structure associated with the given cipher id, key size and mode.
cipher_wrap.h
Cipher wrappers.
supported_ciphers
int supported_ciphers[]
cipher_definitions
const cipher_definition_t cipher_definitions[]
config.h
Configuration options (set of defines)
gcm.h
Galois/Counter mode for 128-bit block ciphers.
gcm_starts
int gcm_starts(gcm_context *ctx, int mode, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len)
Generic GCM stream start function.
POLARSSL_ERR_GCM_AUTH_FAILED
#define POLARSSL_ERR_GCM_AUTH_FAILED
Authenticated decryption failed.
Definition: gcm.h:43
gcm_auth_decrypt
int gcm_auth_decrypt(gcm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *tag, size_t tag_len, const unsigned char *input, unsigned char *output)
GCM buffer authenticated decryption using a block cipher.
gcm_finish
int gcm_finish(gcm_context *ctx, unsigned char *tag, size_t tag_len)
Generic GCM finalisation function.
GCM_ENCRYPT
#define GCM_ENCRYPT
Definition: gcm.h:40
gcm_update
int gcm_update(gcm_context *ctx, size_t length, const unsigned char *input, unsigned char *output)
Generic GCM update function.
gcm_crypt_and_tag
int gcm_crypt_and_tag(gcm_context *ctx, int mode, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, size_t tag_len, unsigned char *tag)
GCM buffer encryption/decryption using a block cipher.
cipher_base_t::cbc_func
int(* cbc_func)(void *ctx, operation_t mode, size_t length, unsigned char *iv, const unsigned char *input, unsigned char *output)
Encrypt using CBC.
Definition: cipher.h:189
cipher_base_t::setkey_enc_func
int(* setkey_enc_func)(void *ctx, const unsigned char *key, unsigned int key_length)
Set key for encryption purposes.
Definition: cipher.h:208
cipher_base_t::stream_func
int(* stream_func)(void *ctx, size_t length, const unsigned char *input, unsigned char *output)
Encrypt using STREAM.
Definition: cipher.h:204
cipher_base_t::ctr_func
int(* ctr_func)(void *ctx, size_t length, size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block, const unsigned char *input, unsigned char *output)
Encrypt using CTR.
Definition: cipher.h:199
cipher_base_t::cipher
cipher_id_t cipher
Base Cipher type (e.g.
Definition: cipher.h:182
cipher_base_t::ctx_alloc_func
void *(* ctx_alloc_func)(void)
Allocate a new context.
Definition: cipher.h:216
cipher_base_t::setkey_dec_func
int(* setkey_dec_func)(void *ctx, const unsigned char *key, unsigned int key_length)
Set key for decryption purposes.
Definition: cipher.h:212
cipher_base_t::ecb_func
int(* ecb_func)(void *ctx, operation_t mode, const unsigned char *input, unsigned char *output)
Encrypt using ECB.
Definition: cipher.h:185
cipher_base_t::ctx_free_func
void(* ctx_free_func)(void *ctx)
Free the given context.
Definition: cipher.h:219
cipher_base_t::cfb_func
int(* cfb_func)(void *ctx, operation_t mode, size_t length, size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output)
Encrypt using CFB (Full length)
Definition: cipher.h:194
cipher_context_t
Generic cipher context.
Definition: cipher.h:258
cipher_context_t::iv_size
size_t iv_size
IV size in bytes (for ciphers with variable-length IVs)
Definition: cipher.h:282
cipher_context_t::add_padding
void(* add_padding)(unsigned char *output, size_t olen, size_t data_len)
Padding functions to use, if relevant for cipher mode.
Definition: cipher.h:269
cipher_context_t::get_padding
int(* get_padding)(unsigned char *input, size_t ilen, size_t *data_len)
Definition: cipher.h:270
cipher_context_t::operation
operation_t operation
Operation that the context's key has been initialised for.
Definition: cipher.h:266
cipher_context_t::unprocessed_len
size_t unprocessed_len
Number of bytes that still need processing.
Definition: cipher.h:276
cipher_context_t::cipher_info
const cipher_info_t * cipher_info
Information about the associated cipher.
Definition: cipher.h:260
cipher_context_t::unprocessed_data
unsigned char unprocessed_data[POLARSSL_MAX_BLOCK_LENGTH]
Buffer for data that hasn't been encrypted yet.
Definition: cipher.h:273
cipher_context_t::key_length
int key_length
Key length to use.
Definition: cipher.h:263
cipher_context_t::iv
unsigned char iv[POLARSSL_MAX_IV_LENGTH]
Current IV or NONCE_COUNTER for CTR-mode.
Definition: cipher.h:279
cipher_context_t::cipher_ctx
void * cipher_ctx
Cipher-specific context.
Definition: cipher.h:285
cipher_definition_t
Definition: cipher_wrap.h:44
cipher_definition_t::info
const cipher_info_t * info
Definition: cipher_wrap.h:46
cipher_definition_t::type
cipher_type_t type
Definition: cipher_wrap.h:45
cipher_info_t
Cipher information.
Definition: cipher.h:226
cipher_info_t::base
const cipher_base_t * base
Base cipher information and functions.
Definition: cipher.h:251
cipher_info_t::key_length
unsigned int key_length
Cipher key length, in bits (default length for variable sized ciphers) (Includes parity bits for ciph...
Definition: cipher.h:235
cipher_info_t::mode
cipher_mode_t mode
Cipher mode (e.g.
Definition: cipher.h:231
cipher_info_t::name
const char * name
Name of the cipher.
Definition: cipher.h:238
cipher_info_t::flags
int flags
Flags for variable IV size, variable key size, etc.
Definition: cipher.h:245
cipher_info_t::iv_size
unsigned int iv_size
IV/NONCE size, in bytes.
Definition: cipher.h:242
gcm_context
GCM context structure.
Definition: gcm.h:53
Generated on Sat Jul 2 2022 03:36:39 for PolarSSL v1.3.9 by doxygen 1.9.3