Commit 8f3efffa by Enrico Pozzobon

Merge branch 'master'

parents b13825f4 be1cf907
...@@ -6,7 +6,7 @@ LFLAGS=-lm ...@@ -6,7 +6,7 @@ LFLAGS=-lm
all: gcm all: gcm
gcm: gcm.c genkat_aead.c aes.c cipher.c cipher_wrap.c platform_util.c gcm: gcm.c genkat_aead.c aes.c platform_util.c
$(CC) $(NISTGCCFLAGS) -o $@ $^ $(LFLAGS) $(CC) $(NISTGCCFLAGS) -o $@ $^ $(LFLAGS)
.PHONY: clean .PHONY: clean
...@@ -14,4 +14,5 @@ gcm: gcm.c genkat_aead.c aes.c cipher.c cipher_wrap.c platform_util.c ...@@ -14,4 +14,5 @@ gcm: gcm.c genkat_aead.c aes.c cipher.c cipher_wrap.c platform_util.c
clean: clean:
rm -rf *.o rm -rf *.o
rm -rf gcm rm -rf gcm
rm -rf LWC_*
...@@ -25,22 +25,14 @@ ...@@ -25,22 +25,14 @@
* http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
*/ */
#include "config.h"
#include "platform_util.h" #include "platform_util.h"
#if defined(MBEDTLS_AES_C)
#include <string.h> #include <string.h>
#include "aes.h" #include "aes.h"
#if defined(MBEDTLS_PADLOCK_C)
#include "mbedtls/padlock.h"
#endif
#if defined(MBEDTLS_AESNI_C)
#include "mbedtls/aesni.h"
#endif
#if !defined(MBEDTLS_AES_ALT) #define MBEDTLS_AES_ROM_TABLES
#define MBEDTLS_AES_FEWER_TABLES
/* Parameter validation macros based on platform_util.h */ /* Parameter validation macros based on platform_util.h */
#define AES_VALIDATE_RET( cond ) \ #define AES_VALIDATE_RET( cond ) \
...@@ -71,11 +63,6 @@ ...@@ -71,11 +63,6 @@
} }
#endif #endif
#if defined(MBEDTLS_PADLOCK_C) && \
( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) )
static int aes_padlock_ace = -1;
#endif
#if defined(MBEDTLS_AES_ROM_TABLES) #if defined(MBEDTLS_AES_ROM_TABLES)
/* /*
* Forward S-box * Forward S-box
...@@ -516,29 +503,9 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx ) ...@@ -516,29 +503,9 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx )
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) );
} }
#if defined(MBEDTLS_CIPHER_MODE_XTS)
void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx )
{
AES_VALIDATE( ctx != NULL );
mbedtls_aes_init( &ctx->crypt );
mbedtls_aes_init( &ctx->tweak );
}
void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx )
{
if( ctx == NULL )
return;
mbedtls_aes_free( &ctx->crypt );
mbedtls_aes_free( &ctx->tweak );
}
#endif /* MBEDTLS_CIPHER_MODE_XTS */
/* /*
* AES key schedule (encryption) * AES key schedule (encryption)
*/ */
#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits ) unsigned int keybits )
{ {
...@@ -564,21 +531,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, ...@@ -564,21 +531,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
} }
#endif #endif
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
if( aes_padlock_ace == -1 )
aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
if( aes_padlock_ace )
ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16( ctx->buf );
else
#endif
ctx->rk = RK = ctx->buf; ctx->rk = RK = ctx->buf;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) );
#endif
for( i = 0; i < ( keybits >> 5 ); i++ ) for( i = 0; i < ( keybits >> 5 ); i++ )
{ {
GET_UINT32_LE( RK[i], key, i << 2 ); GET_UINT32_LE( RK[i], key, i << 2 );
...@@ -649,12 +603,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, ...@@ -649,12 +603,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
return( 0 ); return( 0 );
} }
#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */
/* /*
* AES key schedule (decryption) * AES key schedule (decryption)
*/ */
#if !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits ) unsigned int keybits )
{ {
...@@ -668,14 +620,6 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, ...@@ -668,14 +620,6 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
mbedtls_aes_init( &cty ); mbedtls_aes_init( &cty );
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
if( aes_padlock_ace == -1 )
aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
if( aes_padlock_ace )
ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16( ctx->buf );
else
#endif
ctx->rk = RK = ctx->buf; ctx->rk = RK = ctx->buf;
/* Also checks keybits */ /* Also checks keybits */
...@@ -684,15 +628,6 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, ...@@ -684,15 +628,6 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
ctx->nr = cty.nr; ctx->nr = cty.nr;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
{
mbedtls_aesni_inverse_key( (unsigned char *) ctx->rk,
(const unsigned char *) cty.rk, ctx->nr );
goto exit;
}
#endif
SK = cty.rk + cty.nr * 4; SK = cty.rk + cty.nr * 4;
*RK++ = *SK++; *RK++ = *SK++;
...@@ -722,84 +657,6 @@ exit: ...@@ -722,84 +657,6 @@ exit:
return( ret ); return( ret );
} }
#if defined(MBEDTLS_CIPHER_MODE_XTS)
static int mbedtls_aes_xts_decode_keys( const unsigned char *key,
unsigned int keybits,
const unsigned char **key1,
unsigned int *key1bits,
const unsigned char **key2,
unsigned int *key2bits )
{
const unsigned int half_keybits = keybits / 2;
const unsigned int half_keybytes = half_keybits / 8;
switch( keybits )
{
case 256: break;
case 512: break;
default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
}
*key1bits = half_keybits;
*key2bits = half_keybits;
*key1 = &key[0];
*key2 = &key[half_keybytes];
return 0;
}
int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
const unsigned char *key,
unsigned int keybits)
{
int ret;
const unsigned char *key1, *key2;
unsigned int key1bits, key2bits;
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( key != NULL );
ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
&key2, &key2bits );
if( ret != 0 )
return( ret );
/* Set the tweak key. Always set tweak key for the encryption mode. */
ret = mbedtls_aes_setkey_enc( &ctx->tweak, key2, key2bits );
if( ret != 0 )
return( ret );
/* Set crypt key for encryption. */
return mbedtls_aes_setkey_enc( &ctx->crypt, key1, key1bits );
}
int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
const unsigned char *key,
unsigned int keybits)
{
int ret;
const unsigned char *key1, *key2;
unsigned int key1bits, key2bits;
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( key != NULL );
ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
&key2, &key2bits );
if( ret != 0 )
return( ret );
/* Set the tweak key. Always set tweak key for encryption. */
ret = mbedtls_aes_setkey_enc( &ctx->tweak, key2, key2bits );
if( ret != 0 )
return( ret );
/* Set crypt key for decryption. */
return mbedtls_aes_setkey_dec( &ctx->crypt, key1, key1bits );
}
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
do \ do \
...@@ -852,7 +709,6 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, ...@@ -852,7 +709,6 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
/* /*
* AES-ECB block encryption * AES-ECB block encryption
*/ */
#if !defined(MBEDTLS_AES_ENCRYPT_ALT)
int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
const unsigned char input[16], const unsigned char input[16],
unsigned char output[16] ) unsigned char output[16] )
...@@ -906,21 +762,10 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, ...@@ -906,21 +762,10 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
return( 0 ); return( 0 );
} }
#endif /* !MBEDTLS_AES_ENCRYPT_ALT */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] )
{
mbedtls_internal_aes_encrypt( ctx, input, output );
}
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
/* /*
* AES-ECB block decryption * AES-ECB block decryption
*/ */
#if !defined(MBEDTLS_AES_DECRYPT_ALT)
int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
const unsigned char input[16], const unsigned char input[16],
unsigned char output[16] ) unsigned char output[16] )
...@@ -974,16 +819,6 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, ...@@ -974,16 +819,6 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
return( 0 ); return( 0 );
} }
#endif /* !MBEDTLS_AES_DECRYPT_ALT */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] )
{
mbedtls_internal_aes_decrypt( ctx, input, output );
}
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
/* /*
* AES-ECB block encryption/decryption * AES-ECB block encryption/decryption
...@@ -999,460 +834,9 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, ...@@ -999,460 +834,9 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT || AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
mode == MBEDTLS_AES_DECRYPT ); mode == MBEDTLS_AES_DECRYPT );
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) );
#endif
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
if( aes_padlock_ace )
{
if( mbedtls_padlock_xcryptecb( ctx, mode, input, output ) == 0 )
return( 0 );
// If padlock data misaligned, we just fall back to
// unaccelerated mode
//
}
#endif
if( mode == MBEDTLS_AES_ENCRYPT ) if( mode == MBEDTLS_AES_ENCRYPT )
return( mbedtls_internal_aes_encrypt( ctx, input, output ) ); return( mbedtls_internal_aes_encrypt( ctx, input, output ) );
else else
return( mbedtls_internal_aes_decrypt( ctx, input, output ) ); return( mbedtls_internal_aes_decrypt( ctx, input, output ) );
} }
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/*
* AES-CBC buffer encryption/decryption
*/
int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output )
{
int i;
unsigned char temp[16];
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
mode == MBEDTLS_AES_DECRYPT );
AES_VALIDATE_RET( iv != NULL );
AES_VALIDATE_RET( input != NULL );
AES_VALIDATE_RET( output != NULL );
if( length % 16 )
return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
if( aes_padlock_ace )
{
if( mbedtls_padlock_xcryptcbc( ctx, mode, length, iv, input, output ) == 0 )
return( 0 );
// If padlock data misaligned, we just fall back to
// unaccelerated mode
//
}
#endif
if( mode == MBEDTLS_AES_DECRYPT )
{
while( length > 0 )
{
memcpy( temp, input, 16 );
mbedtls_aes_crypt_ecb( ctx, mode, input, output );
for( i = 0; i < 16; i++ )
output[i] = (unsigned char)( output[i] ^ iv[i] );
memcpy( iv, temp, 16 );
input += 16;
output += 16;
length -= 16;
}
}
else
{
while( length > 0 )
{
for( i = 0; i < 16; i++ )
output[i] = (unsigned char)( input[i] ^ iv[i] );
mbedtls_aes_crypt_ecb( ctx, mode, output, output );
memcpy( iv, output, 16 );
input += 16;
output += 16;
length -= 16;
}
}
return( 0 );
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/* Endianess with 64 bits values */
#ifndef GET_UINT64_LE
#define GET_UINT64_LE(n,b,i) \
{ \
(n) = ( (uint64_t) (b)[(i) + 7] << 56 ) \
| ( (uint64_t) (b)[(i) + 6] << 48 ) \
| ( (uint64_t) (b)[(i) + 5] << 40 ) \
| ( (uint64_t) (b)[(i) + 4] << 32 ) \
| ( (uint64_t) (b)[(i) + 3] << 24 ) \
| ( (uint64_t) (b)[(i) + 2] << 16 ) \
| ( (uint64_t) (b)[(i) + 1] << 8 ) \
| ( (uint64_t) (b)[(i) ] ); \
}
#endif
#ifndef PUT_UINT64_LE
#define PUT_UINT64_LE(n,b,i) \
{ \
(b)[(i) + 7] = (unsigned char) ( (n) >> 56 ); \
(b)[(i) + 6] = (unsigned char) ( (n) >> 48 ); \
(b)[(i) + 5] = (unsigned char) ( (n) >> 40 ); \
(b)[(i) + 4] = (unsigned char) ( (n) >> 32 ); \
(b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
(b)[(i) ] = (unsigned char) ( (n) ); \
}
#endif
typedef unsigned char mbedtls_be128[16];
/*
* GF(2^128) multiplication function
*
* This function multiplies a field element by x in the polynomial field
* representation. It uses 64-bit word operations to gain speed but compensates
* for machine endianess and hence works correctly on both big and little
* endian machines.
*/
static void mbedtls_gf128mul_x_ble( unsigned char r[16],
const unsigned char x[16] )
{
uint64_t a, b, ra, rb;
GET_UINT64_LE( a, x, 0 );
GET_UINT64_LE( b, x, 8 );
ra = ( a << 1 ) ^ 0x0087 >> ( 8 - ( ( b >> 63 ) << 3 ) );
rb = ( a >> 63 ) | ( b << 1 );
PUT_UINT64_LE( ra, r, 0 );
PUT_UINT64_LE( rb, r, 8 );
}
/*
* AES-XTS buffer encryption/decryption
*/
int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
int mode,
size_t length,
const unsigned char data_unit[16],
const unsigned char *input,
unsigned char *output )
{
int ret;
size_t blocks = length / 16;
size_t leftover = length % 16;
unsigned char tweak[16];
unsigned char prev_tweak[16];
unsigned char tmp[16];
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
mode == MBEDTLS_AES_DECRYPT );
AES_VALIDATE_RET( data_unit != NULL );
AES_VALIDATE_RET( input != NULL );
AES_VALIDATE_RET( output != NULL );
/* Data units must be at least 16 bytes long. */
if( length < 16 )
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
/* NIST SP 800-38E disallows data units larger than 2**20 blocks. */
if( length > ( 1 << 20 ) * 16 )
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
/* Compute the tweak. */
ret = mbedtls_aes_crypt_ecb( &ctx->tweak, MBEDTLS_AES_ENCRYPT,
data_unit, tweak );
if( ret != 0 )
return( ret );
while( blocks-- )
{
size_t i;
if( leftover && ( mode == MBEDTLS_AES_DECRYPT ) && blocks == 0 )
{
/* We are on the last block in a decrypt operation that has
* leftover bytes, so we need to use the next tweak for this block,
* and this tweak for the lefover bytes. Save the current tweak for
* the leftovers and then update the current tweak for use on this,
* the last full block. */
memcpy( prev_tweak, tweak, sizeof( tweak ) );
mbedtls_gf128mul_x_ble( tweak, tweak );
}
for( i = 0; i < 16; i++ )
tmp[i] = input[i] ^ tweak[i];
ret = mbedtls_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp );
if( ret != 0 )
return( ret );
for( i = 0; i < 16; i++ )
output[i] = tmp[i] ^ tweak[i];
/* Update the tweak for the next block. */
mbedtls_gf128mul_x_ble( tweak, tweak );
output += 16;
input += 16;
}
if( leftover )
{
/* If we are on the leftover bytes in a decrypt operation, we need to
* use the previous tweak for these bytes (as saved in prev_tweak). */
unsigned char *t = mode == MBEDTLS_AES_DECRYPT ? prev_tweak : tweak;
/* We are now on the final part of the data unit, which doesn't divide
* evenly by 16. It's time for ciphertext stealing. */
size_t i;
unsigned char *prev_output = output - 16;
/* Copy ciphertext bytes from the previous block to our output for each
* byte of cyphertext we won't steal. At the same time, copy the
* remainder of the input for this final round (since the loop bounds
* are the same). */
for( i = 0; i < leftover; i++ )
{
output[i] = prev_output[i];
tmp[i] = input[i] ^ t[i];
}
/* Copy ciphertext bytes from the previous block for input in this
* round. */
for( ; i < 16; i++ )
tmp[i] = prev_output[i] ^ t[i];
ret = mbedtls_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp );
if( ret != 0 )
return ret;
/* Write the result back to the previous block, overriding the previous
* output we copied. */
for( i = 0; i < 16; i++ )
prev_output[i] = tmp[i] ^ t[i];
}
return( 0 );
}
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
/*
* AES-CFB128 buffer encryption/decryption
*/
int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
int mode,
size_t length,
size_t *iv_off,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output )
{
int c;
size_t n;
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
mode == MBEDTLS_AES_DECRYPT );
AES_VALIDATE_RET( iv_off != NULL );
AES_VALIDATE_RET( iv != NULL );
AES_VALIDATE_RET( input != NULL );
AES_VALIDATE_RET( output != NULL );
n = *iv_off;
if( n > 15 )
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
if( mode == MBEDTLS_AES_DECRYPT )
{
while( length-- )
{
if( n == 0 )
mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
c = *input++;
*output++ = (unsigned char)( c ^ iv[n] );
iv[n] = (unsigned char) c;
n = ( n + 1 ) & 0x0F;
}
}
else
{
while( length-- )
{
if( n == 0 )
mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
n = ( n + 1 ) & 0x0F;
}
}
*iv_off = n;
return( 0 );
}
/*
* AES-CFB8 buffer encryption/decryption
*/
int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output )
{
unsigned char c;
unsigned char ov[17];
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
mode == MBEDTLS_AES_DECRYPT );
AES_VALIDATE_RET( iv != NULL );
AES_VALIDATE_RET( input != NULL );
AES_VALIDATE_RET( output != NULL );
while( length-- )
{
memcpy( ov, iv, 16 );
mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
if( mode == MBEDTLS_AES_DECRYPT )
ov[16] = *input;
c = *output++ = (unsigned char)( iv[0] ^ *input++ );
if( mode == MBEDTLS_AES_ENCRYPT )
ov[16] = c;
memcpy( iv, ov + 1, 16 );
}
return( 0 );
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
/*
* AES-OFB (Output Feedback Mode) buffer encryption/decryption
*/
int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
size_t length,
size_t *iv_off,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output )
{
int ret = 0;
size_t n;
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( iv_off != NULL );
AES_VALIDATE_RET( iv != NULL );
AES_VALIDATE_RET( input != NULL );
AES_VALIDATE_RET( output != NULL );
n = *iv_off;
if( n > 15 )
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
while( length-- )
{
if( n == 0 )
{
ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
if( ret != 0 )
goto exit;
}
*output++ = *input++ ^ iv[n];
n = ( n + 1 ) & 0x0F;
}
*iv_off = n;
exit:
return( ret );
}
#endif /* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
/*
* AES-CTR buffer encryption/decryption
*/
int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
size_t length,
size_t *nc_off,
unsigned char nonce_counter[16],
unsigned char stream_block[16],
const unsigned char *input,
unsigned char *output )
{
int c, i;
size_t n;
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( nc_off != NULL );
AES_VALIDATE_RET( nonce_counter != NULL );
AES_VALIDATE_RET( stream_block != NULL );
AES_VALIDATE_RET( input != NULL );
AES_VALIDATE_RET( output != NULL );
n = *nc_off;
if ( n > 0x0F )
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
while( length-- )
{
if( n == 0 ) {
mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
for( i = 16; i > 0; i-- )
if( ++nonce_counter[i - 1] != 0 )
break;
}
c = *input++;
*output++ = (unsigned char)( c ^ stream_block[n] );
n = ( n + 1 ) & 0x0F;
}
*nc_off = n;
return( 0 );
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#endif /* !MBEDTLS_AES_ALT */
#endif /* MBEDTLS_AES_C */
...@@ -41,8 +41,6 @@ ...@@ -41,8 +41,6 @@
#ifndef MBEDTLS_AES_H #ifndef MBEDTLS_AES_H
#define MBEDTLS_AES_H #define MBEDTLS_AES_H
#include "config.h"
#include <stddef.h> #include <stddef.h>
#include <stdint.h> #include <stdint.h>
...@@ -57,22 +55,10 @@ ...@@ -57,22 +55,10 @@
/* Error codes in range 0x0021-0x0025 */ /* Error codes in range 0x0021-0x0025 */
#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 /**< Invalid input data. */ #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 /**< Invalid input data. */
/* MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE is deprecated and should not be used. */
#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */
/* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#if !defined(MBEDTLS_AES_ALT)
// Regular implementation // Regular implementation
// //
...@@ -94,23 +80,6 @@ typedef struct mbedtls_aes_context ...@@ -94,23 +80,6 @@ typedef struct mbedtls_aes_context
} }
mbedtls_aes_context; mbedtls_aes_context;
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/**
* \brief The AES XTS context-type definition.
*/
typedef struct mbedtls_aes_xts_context
{
mbedtls_aes_context crypt; /*!< The AES context to use for AES block
encryption or decryption. */
mbedtls_aes_context tweak; /*!< The AES context used for tweak
computation. */
} mbedtls_aes_xts_context;
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#else /* MBEDTLS_AES_ALT */
#include "aes_alt.h"
#endif /* MBEDTLS_AES_ALT */
/** /**
* \brief This function initializes the specified AES context. * \brief This function initializes the specified AES context.
* *
...@@ -130,27 +99,6 @@ void mbedtls_aes_init( mbedtls_aes_context *ctx ); ...@@ -130,27 +99,6 @@ void mbedtls_aes_init( mbedtls_aes_context *ctx );
*/ */
void mbedtls_aes_free( mbedtls_aes_context *ctx ); void mbedtls_aes_free( mbedtls_aes_context *ctx );
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/**
* \brief This function initializes the specified AES XTS context.
*
* It must be the first API called before using
* the context.
*
* \param ctx The AES XTS context to initialize. This must not be \c NULL.
*/
void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx );
/**
* \brief This function releases and clears the specified AES XTS context.
*
* \param ctx The AES XTS context to clear.
* If this is \c NULL, this function does nothing.
* Otherwise, the context must have been at least initialized.
*/
void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx );
#endif /* MBEDTLS_CIPHER_MODE_XTS */
/** /**
* \brief This function sets the encryption key. * \brief This function sets the encryption key.
* *
...@@ -187,48 +135,6 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, ...@@ -187,48 +135,6 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits ); unsigned int keybits );
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/**
* \brief This function prepares an XTS context for encryption and
* sets the encryption key.
*
* \param ctx The AES XTS context to which the key should be bound.
* It must be initialized.
* \param key The encryption key. This is comprised of the XTS key1
* concatenated with the XTS key2.
* This must be a readable buffer of size \p keybits bits.
* \param keybits The size of \p key passed in bits. Valid options are:
* <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
* <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
const unsigned char *key,
unsigned int keybits );
/**
* \brief This function prepares an XTS context for decryption and
* sets the decryption key.
*
* \param ctx The AES XTS context to which the key should be bound.
* It must be initialized.
* \param key The decryption key. This is comprised of the XTS key1
* concatenated with the XTS key2.
* This must be a readable buffer of size \p keybits bits.
* \param keybits The size of \p key passed in bits. Valid options are:
* <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
* <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
const unsigned char *key,
unsigned int keybits );
#endif /* MBEDTLS_CIPHER_MODE_XTS */
/** /**
* \brief This function performs an AES single-block encryption or * \brief This function performs an AES single-block encryption or
* decryption operation. * decryption operation.
...@@ -257,333 +163,6 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, ...@@ -257,333 +163,6 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
const unsigned char input[16], const unsigned char input[16],
unsigned char output[16] ); unsigned char output[16] );
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
* \brief This function performs an AES-CBC encryption or decryption operation
* on full blocks.
*
* It performs the operation defined in the \p mode
* parameter (encrypt/decrypt), on the input data buffer defined in
* the \p input parameter.
*
* It can be called as many times as needed, until all the input
* data is processed. mbedtls_aes_init(), and either
* mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
* before the first call to this API with the same context.
*
* \note This function operates on full blocks, that is, the input size
* must be a multiple of the AES block size of \c 16 Bytes.
*
* \note Upon exit, the content of the IV is updated so that you can
* call the same function again on the next
* block(s) of data and get the same result as if it was
* encrypted in one call. This allows a "streaming" usage.
* If you need to retain the contents of the IV, you should
* either save it manually or use the cipher module instead.
*
*
* \param ctx The AES context to use for encryption or decryption.
* It must be initialized and bound to a key.
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
* #MBEDTLS_AES_DECRYPT.
* \param length The length of the input data in Bytes. This must be a
* multiple of the block size (\c 16 Bytes).
* \param iv Initialization vector (updated after use).
* It must be a readable and writeable buffer of \c 16 Bytes.
* \param input The buffer holding the input data.
* It must be readable and of size \p length Bytes.
* \param output The buffer holding the output data.
* It must be writeable and of size \p length Bytes.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
* on failure.
*/
int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/**
* \brief This function performs an AES-XTS encryption or decryption
* operation for an entire XTS data unit.
*
* AES-XTS encrypts or decrypts blocks based on their location as
* defined by a data unit number. The data unit number must be
* provided by \p data_unit.
*
* NIST SP 800-38E limits the maximum size of a data unit to 2^20
* AES blocks. If the data unit is larger than this, this function
* returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH.
*
* \param ctx The AES XTS context to use for AES XTS operations.
* It must be initialized and bound to a key.
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
* #MBEDTLS_AES_DECRYPT.
* \param length The length of a data unit in Bytes. This can be any
* length between 16 bytes and 2^24 bytes inclusive
* (between 1 and 2^20 block cipher blocks).
* \param data_unit The address of the data unit encoded as an array of 16
* bytes in little-endian format. For disk encryption, this
* is typically the index of the block device sector that
* contains the data.
* \param input The buffer holding the input data (which is an entire
* data unit). This function reads \p length Bytes from \p
* input.
* \param output The buffer holding the output data (which is an entire
* data unit). This function writes \p length Bytes to \p
* output.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is
* smaller than an AES block in size (16 Bytes) or if \p
* length is larger than 2^20 blocks (16 MiB).
*/
int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
int mode,
size_t length,
const unsigned char data_unit[16],
const unsigned char *input,
unsigned char *output );
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
/**
* \brief This function performs an AES-CFB128 encryption or decryption
* operation.
*
* It performs the operation defined in the \p mode
* parameter (encrypt or decrypt), on the input data buffer
* defined in the \p input parameter.
*
* For CFB, you must set up the context with mbedtls_aes_setkey_enc(),
* regardless of whether you are performing an encryption or decryption
* operation, that is, regardless of the \p mode parameter. This is
* because CFB mode uses the same key schedule for encryption and
* decryption.
*
* \note Upon exit, the content of the IV is updated so that you can
* call the same function again on the next
* block(s) of data and get the same result as if it was
* encrypted in one call. This allows a "streaming" usage.
* If you need to retain the contents of the
* IV, you must either save it manually or use the cipher
* module instead.
*
*
* \param ctx The AES context to use for encryption or decryption.
* It must be initialized and bound to a key.
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
* #MBEDTLS_AES_DECRYPT.
* \param length The length of the input data in Bytes.
* \param iv_off The offset in IV (updated after use).
* It must point to a valid \c size_t.
* \param iv The initialization vector (updated after use).
* It must be a readable and writeable buffer of \c 16 Bytes.
* \param input The buffer holding the input data.
* It must be readable and of size \p length Bytes.
* \param output The buffer holding the output data.
* It must be writeable and of size \p length Bytes.
*
* \return \c 0 on success.
*/
int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
int mode,
size_t length,
size_t *iv_off,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
/**
* \brief This function performs an AES-CFB8 encryption or decryption
* operation.
*
* It performs the operation defined in the \p mode
* parameter (encrypt/decrypt), on the input data buffer defined
* in the \p input parameter.
*
* Due to the nature of CFB, you must use the same key schedule for
* both encryption and decryption operations. Therefore, you must
* use the context initialized with mbedtls_aes_setkey_enc() for
* both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
*
* \note Upon exit, the content of the IV is updated so that you can
* call the same function again on the next
* block(s) of data and get the same result as if it was
* encrypted in one call. This allows a "streaming" usage.
* If you need to retain the contents of the
* IV, you should either save it manually or use the cipher
* module instead.
*
*
* \param ctx The AES context to use for encryption or decryption.
* It must be initialized and bound to a key.
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
* #MBEDTLS_AES_DECRYPT
* \param length The length of the input data.
* \param iv The initialization vector (updated after use).
* It must be a readable and writeable buffer of \c 16 Bytes.
* \param input The buffer holding the input data.
* It must be readable and of size \p length Bytes.
* \param output The buffer holding the output data.
* It must be writeable and of size \p length Bytes.
*
* \return \c 0 on success.
*/
int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
#endif /*MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
/**
* \brief This function performs an AES-OFB (Output Feedback Mode)
* encryption or decryption operation.
*
* For OFB, you must set up the context with
* mbedtls_aes_setkey_enc(), regardless of whether you are
* performing an encryption or decryption operation. This is
* because OFB mode uses the same key schedule for encryption and
* decryption.
*
* The OFB operation is identical for encryption or decryption,
* therefore no operation mode needs to be specified.
*
* \note Upon exit, the content of iv, the Initialisation Vector, is
* updated so that you can call the same function again on the next
* block(s) of data and get the same result as if it was encrypted
* in one call. This allows a "streaming" usage, by initialising
* iv_off to 0 before the first call, and preserving its value
* between calls.
*
* For non-streaming use, the iv should be initialised on each call
* to a unique value, and iv_off set to 0 on each call.
*
* If you need to retain the contents of the initialisation vector,
* you must either save it manually or use the cipher module
* instead.
*
* \warning For the OFB mode, the initialisation vector must be unique
* every encryption operation. Reuse of an initialisation vector
* will compromise security.
*
* \param ctx The AES context to use for encryption or decryption.
* It must be initialized and bound to a key.
* \param length The length of the input data.
* \param iv_off The offset in IV (updated after use).
* It must point to a valid \c size_t.
* \param iv The initialization vector (updated after use).
* It must be a readable and writeable buffer of \c 16 Bytes.
* \param input The buffer holding the input data.
* It must be readable and of size \p length Bytes.
* \param output The buffer holding the output data.
* It must be writeable and of size \p length Bytes.
*
* \return \c 0 on success.
*/
int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
size_t length,
size_t *iv_off,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
#endif /* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
/**
* \brief This function performs an AES-CTR encryption or decryption
* operation.
*
* This function performs the operation defined in the \p mode
* parameter (encrypt/decrypt), on the input data buffer
* defined in the \p input parameter.
*
* Due to the nature of CTR, you must use the same key schedule
* for both encryption and decryption operations. Therefore, you
* must use the context initialized with mbedtls_aes_setkey_enc()
* for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
*
* \warning You must never reuse a nonce value with the same key. Doing so
* would void the encryption for the two messages encrypted with
* the same nonce and key.
*
* There are two common strategies for managing nonces with CTR:
*
* 1. You can handle everything as a single message processed over
* successive calls to this function. In that case, you want to
* set \p nonce_counter and \p nc_off to 0 for the first call, and
* then preserve the values of \p nonce_counter, \p nc_off and \p
* stream_block across calls to this function as they will be
* updated by this function.
*
* With this strategy, you must not encrypt more than 2**128
* blocks of data with the same key.
*
* 2. You can encrypt separate messages by dividing the \p
* nonce_counter buffer in two areas: the first one used for a
* per-message nonce, handled by yourself, and the second one
* updated by this function internally.
*
* For example, you might reserve the first 12 bytes for the
* per-message nonce, and the last 4 bytes for internal use. In that
* case, before calling this function on a new message you need to
* set the first 12 bytes of \p nonce_counter to your chosen nonce
* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
* stream_block to be ignored). That way, you can encrypt at most
* 2**96 messages of up to 2**32 blocks each with the same key.
*
* The per-message nonce (or information sufficient to reconstruct
* it) needs to be communicated with the ciphertext and must be unique.
* The recommended way to ensure uniqueness is to use a message
* counter. An alternative is to generate random nonces, but this
* limits the number of messages that can be securely encrypted:
* for example, with 96-bit random nonces, you should not encrypt
* more than 2**32 messages with the same key.
*
* Note that for both stategies, sizes are measured in blocks and
* that an AES block is 16 bytes.
*
* \warning Upon return, \p stream_block contains sensitive data. Its
* content must not be written to insecure storage and should be
* securely discarded as soon as it's no longer needed.
*
* \param ctx The AES context to use for encryption or decryption.
* It must be initialized and bound to a key.
* \param length The length of the input data.
* \param nc_off The offset in the current \p stream_block, for
* resuming within the current cipher stream. The
* offset pointer should be 0 at the start of a stream.
* It must point to a valid \c size_t.
* \param nonce_counter The 128-bit nonce and counter.
* It must be a readable-writeable buffer of \c 16 Bytes.
* \param stream_block The saved stream block for resuming. This is
* overwritten by the function.
* It must be a readable-writeable buffer of \c 16 Bytes.
* \param input The buffer holding the input data.
* It must be readable and of size \p length Bytes.
* \param output The buffer holding the output data.
* It must be writeable and of size \p length Bytes.
*
* \return \c 0 on success.
*/
int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
size_t length,
size_t *nc_off,
unsigned char nonce_counter[16],
unsigned char stream_block[16],
const unsigned char *input,
unsigned char *output );
#endif /* MBEDTLS_CIPHER_MODE_CTR */
/** /**
* \brief Internal AES block encryption function. This is only * \brief Internal AES block encryption function. This is only
* exposed to allow overriding it using * exposed to allow overriding it using
...@@ -614,54 +193,6 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, ...@@ -614,54 +193,6 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
const unsigned char input[16], const unsigned char input[16],
unsigned char output[16] ); unsigned char output[16] );
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
#else
#define MBEDTLS_DEPRECATED
#endif
/**
* \brief Deprecated internal AES block encryption function
* without return value.
*
* \deprecated Superseded by mbedtls_internal_aes_encrypt()
*
* \param ctx The AES context to use for encryption.
* \param input Plaintext block.
* \param output Output (ciphertext) block.
*/
MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] );
/**
* \brief Deprecated internal AES block decryption function
* without return value.
*
* \deprecated Superseded by mbedtls_internal_aes_decrypt()
*
* \param ctx The AES context to use for decryption.
* \param input Ciphertext block.
* \param output Output (plaintext) block.
*/
MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] );
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
#if defined(MBEDTLS_SELF_TEST)
/**
* \brief Checkup routine.
*
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int mbedtls_aes_self_test( int verbose );
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus #ifdef __cplusplus
} }
......
/**
* \file cipher.c
*
* \brief Generic cipher wrapper for mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#include "config.h"
#include "platform_util.h"
#if defined(MBEDTLS_CIPHER_C)
#include "cipher.h"
#include "cipher_internal.h"
#include <stdlib.h>
#include <string.h>
#if defined(MBEDTLS_CHACHAPOLY_C)
#include "mbedtls/chachapoly.h"
#endif
#if defined(MBEDTLS_GCM_C)
#include "gcm.h"
#endif
#if defined(MBEDTLS_CCM_C)
#include "mbedtls/ccm.h"
#endif
#if defined(MBEDTLS_CHACHA20_C)
#include "mbedtls/chacha20.h"
#endif
#if defined(MBEDTLS_CMAC_C)
#include "mbedtls/cmac.h"
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_NIST_KW_C)
#include "mbedtls/nist_kw.h"
#endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#define CIPHER_VALIDATE_RET( cond ) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA )
#define CIPHER_VALIDATE( cond ) \
MBEDTLS_INTERNAL_VALIDATE( cond )
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
/* Compare the contents of two buffers in constant time.
* Returns 0 if the contents are bitwise identical, otherwise returns
* a non-zero value.
* This is currently only used by GCM and ChaCha20+Poly1305.
*/
static int mbedtls_constant_time_memcmp( const void *v1, const void *v2,
size_t len )
{
const unsigned char *p1 = (const unsigned char*) v1;
const unsigned char *p2 = (const unsigned char*) v2;
size_t i;
unsigned char diff;
for( diff = 0, i = 0; i < len; i++ )
diff |= p1[i] ^ p2[i];
return( (int)diff );
}
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
static int supported_init = 0;
const int *mbedtls_cipher_list( void )
{
const mbedtls_cipher_definition_t *def;
int *type;
if( ! supported_init )
{
def = mbedtls_cipher_definitions;
type = mbedtls_cipher_supported;
while( def->type != 0 )
*type++ = (*def++).type;
*type = 0;
supported_init = 1;
}
return( mbedtls_cipher_supported );
}
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type(
const mbedtls_cipher_type_t cipher_type )
{
const mbedtls_cipher_definition_t *def;
for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
if( def->type == cipher_type )
return( def->info );
return( NULL );
}
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string(
const char *cipher_name )
{
const mbedtls_cipher_definition_t *def;
if( NULL == cipher_name )
return( NULL );
for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
if( ! strcmp( def->info->name, cipher_name ) )
return( def->info );
return( NULL );
}
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values(
const mbedtls_cipher_id_t cipher_id,
int key_bitlen,
const mbedtls_cipher_mode_t mode )
{
const mbedtls_cipher_definition_t *def;
for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
if( def->info->base->cipher == cipher_id &&
def->info->key_bitlen == (unsigned) key_bitlen &&
def->info->mode == mode )
return( def->info );
return( NULL );
}
void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx )
{
CIPHER_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
}
void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
{
if( ctx == NULL )
return;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
if( ctx->cipher_ctx != NULL )
{
mbedtls_cipher_context_psa * const cipher_psa =
(mbedtls_cipher_context_psa *) ctx->cipher_ctx;
if( cipher_psa->slot_state == MBEDTLS_CIPHER_PSA_KEY_OWNED )
{
/* xxx_free() doesn't allow to return failures. */
(void) psa_destroy_key( cipher_psa->slot );
}
mbedtls_platform_zeroize( cipher_psa, sizeof( *cipher_psa ) );
mbedtls_free( cipher_psa );
}
mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
return;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_CMAC_C)
if( ctx->cmac_ctx )
{
mbedtls_platform_zeroize( ctx->cmac_ctx,
sizeof( mbedtls_cmac_context_t ) );
mbedtls_free( ctx->cmac_ctx );
}
#endif
if( ctx->cipher_ctx )
ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
}
int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info )
{
CIPHER_VALIDATE_RET( ctx != NULL );
if( cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
ctx->cipher_info = cipher_info;
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
/*
* Ignore possible errors caused by a cipher mode that doesn't use padding
*/
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
(void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_PKCS7 );
#else
(void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_NONE );
#endif
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
return( 0 );
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info,
size_t taglen )
{
psa_algorithm_t alg;
mbedtls_cipher_context_psa *cipher_psa;
if( NULL == cipher_info || NULL == ctx )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
/* Check that the underlying cipher mode and cipher type are
* supported by the underlying PSA Crypto implementation. */
alg = mbedtls_psa_translate_cipher_mode( cipher_info->mode, taglen );
if( alg == 0 )
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
if( mbedtls_psa_translate_cipher_type( cipher_info->type ) == 0 )
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
cipher_psa = mbedtls_calloc( 1, sizeof(mbedtls_cipher_context_psa ) );
if( cipher_psa == NULL )
return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
cipher_psa->alg = alg;
ctx->cipher_ctx = cipher_psa;
ctx->cipher_info = cipher_info;
ctx->psa_enabled = 1;
return( 0 );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
const unsigned char *key,
int key_bitlen,
const mbedtls_operation_t operation )
{
CIPHER_VALIDATE_RET( ctx != NULL );
CIPHER_VALIDATE_RET( key != NULL );
CIPHER_VALIDATE_RET( operation == MBEDTLS_ENCRYPT ||
operation == MBEDTLS_DECRYPT );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
mbedtls_cipher_context_psa * const cipher_psa =
(mbedtls_cipher_context_psa *) ctx->cipher_ctx;
size_t const key_bytelen = ( (size_t) key_bitlen + 7 ) / 8;
psa_status_t status;
psa_key_type_t key_type;
psa_key_usage_t key_usage;
psa_key_policy_t key_policy;
/* PSA Crypto API only accepts byte-aligned keys. */
if( key_bitlen % 8 != 0 )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
/* Don't allow keys to be set multiple times. */
if( cipher_psa->slot_state != MBEDTLS_CIPHER_PSA_KEY_UNSET )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
key_type = mbedtls_psa_translate_cipher_type(
ctx->cipher_info->type );
if( key_type == 0 )
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
/* Allocate a key slot to use. */
status = psa_allocate_key( &cipher_psa->slot );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
/* Indicate that we own the key slot and need to
* destroy it in mbedtls_cipher_free(). */
cipher_psa->slot_state = MBEDTLS_CIPHER_PSA_KEY_OWNED;
/* From that point on, the responsibility for destroying the
* key slot is on mbedtls_cipher_free(). This includes the case
* where the policy setup or key import below fail, as
* mbedtls_cipher_free() needs to be called in any case. */
/* Setup policy for the new key slot. */
key_policy = psa_key_policy_init();
/* Mbed TLS' cipher layer doesn't enforce the mode of operation
* (encrypt vs. decrypt): it is possible to setup a key for encryption
* and use it for AEAD decryption. Until tests relying on this
* are changed, allow any usage in PSA. */
/* key_usage = mbedtls_psa_translate_cipher_operation( operation ); */
key_usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
psa_key_policy_set_usage( &key_policy, key_usage, cipher_psa->alg );
status = psa_set_key_policy( cipher_psa->slot, &key_policy );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
/* Populate new key slot. */
status = psa_import_key( cipher_psa->slot,
key_type, key, key_bytelen );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
ctx->key_bitlen = key_bitlen;
ctx->operation = operation;
return( 0 );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ) == 0 &&
(int) ctx->cipher_info->key_bitlen != key_bitlen )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
ctx->key_bitlen = key_bitlen;
ctx->operation = operation;
/*
* For OFB, CFB and CTR mode always use the encryption key schedule
*/
if( MBEDTLS_ENCRYPT == operation ||
MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
MBEDTLS_MODE_CTR == ctx->cipher_info->mode )
{
return( ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
ctx->key_bitlen ) );
}
if( MBEDTLS_DECRYPT == operation )
return( ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
ctx->key_bitlen ) );
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
const unsigned char *iv,
size_t iv_len )
{
size_t actual_iv_size;
CIPHER_VALIDATE_RET( ctx != NULL );
CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* avoid buffer overflow in ctx->iv */
if( iv_len > MBEDTLS_MAX_IV_LENGTH )
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_IV_LEN ) != 0 )
actual_iv_size = iv_len;
else
{
actual_iv_size = ctx->cipher_info->iv_size;
/* avoid reading past the end of input buffer */
if( actual_iv_size > iv_len )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
#if defined(MBEDTLS_CHACHA20_C)
if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20 )
{
if ( 0 != mbedtls_chacha20_starts( (mbedtls_chacha20_context*)ctx->cipher_ctx,
iv,
0U ) ) /* Initial counter value */
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
}
#endif
if ( actual_iv_size != 0 )
{
memcpy( ctx->iv, iv, actual_iv_size );
ctx->iv_size = actual_iv_size;
}
return( 0 );
}
int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
{
CIPHER_VALIDATE_RET( ctx != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
/* We don't support resetting PSA-based
* cipher contexts, yet. */
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
ctx->unprocessed_len = 0;
return( 0 );
}
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len )
{
CIPHER_VALIDATE_RET( ctx != NULL );
CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
{
return( mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation,
ctx->iv, ctx->iv_size, ad, ad_len ) );
}
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
{
int result;
mbedtls_chachapoly_mode_t mode;
mode = ( ctx->operation == MBEDTLS_ENCRYPT )
? MBEDTLS_CHACHAPOLY_ENCRYPT
: MBEDTLS_CHACHAPOLY_DECRYPT;
result = mbedtls_chachapoly_starts( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
ctx->iv,
mode );
if ( result != 0 )
return( result );
return( mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
ad, ad_len ) );
}
#endif
return( 0 );
}
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
size_t ilen, unsigned char *output, size_t *olen )
{
int ret;
size_t block_size;
CIPHER_VALIDATE_RET( ctx != NULL );
CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
CIPHER_VALIDATE_RET( output != NULL );
CIPHER_VALIDATE_RET( olen != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
*olen = 0;
block_size = mbedtls_cipher_get_block_size( ctx );
if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB )
{
if( ilen != block_size )
return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
*olen = ilen;
if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx,
ctx->operation, input, output ) ) )
{
return( ret );
}
return( 0 );
}
#if defined(MBEDTLS_GCM_C)
if( ctx->cipher_info->mode == MBEDTLS_MODE_GCM )
{
*olen = ilen;
return( mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input,
output ) );
}
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
{
*olen = ilen;
return( mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
ilen, input, output ) );
}
#endif
if ( 0 == block_size )
{
return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
}
if( input == output &&
( ctx->unprocessed_len != 0 || ilen % block_size ) )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
if( ctx->cipher_info->mode == MBEDTLS_MODE_CBC )
{
size_t copy_len = 0;
/*
* If there is not enough data for a full block, cache it.
*/
if( ( ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding &&
ilen <= block_size - ctx->unprocessed_len ) ||
( ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding &&
ilen < block_size - ctx->unprocessed_len ) ||
( ctx->operation == MBEDTLS_ENCRYPT &&
ilen < block_size - ctx->unprocessed_len ) )
{
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
ilen );
ctx->unprocessed_len += ilen;
return( 0 );
}
/*
* Process cached data first
*/
if( 0 != ctx->unprocessed_len )
{
copy_len = block_size - ctx->unprocessed_len;
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
copy_len );
if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
ctx->operation, block_size, ctx->iv,
ctx->unprocessed_data, output ) ) )
{
return( ret );
}
*olen += block_size;
output += block_size;
ctx->unprocessed_len = 0;
input += copy_len;
ilen -= copy_len;
}
/*
* Cache final, incomplete block
*/
if( 0 != ilen )
{
if( 0 == block_size )
{
return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
}
/* Encryption: only cache partial blocks
* Decryption w/ padding: always keep at least one whole block
* Decryption w/o padding: only cache partial blocks
*/
copy_len = ilen % block_size;
if( copy_len == 0 &&
ctx->operation == MBEDTLS_DECRYPT &&
NULL != ctx->add_padding)
{
copy_len = block_size;
}
memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
copy_len );
ctx->unprocessed_len += copy_len;
ilen -= copy_len;
}
/*
* Process remaining full blocks
*/
if( ilen )
{
if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
ctx->operation, ilen, ctx->iv, input, output ) ) )
{
return( ret );
}
*olen += ilen;
}
return( 0 );
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
if( ctx->cipher_info->mode == MBEDTLS_MODE_CFB )
{
if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
input, output ) ) )
{
return( ret );
}
*olen = ilen;
return( 0 );
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
if( ctx->cipher_info->mode == MBEDTLS_MODE_OFB )
{
if( 0 != ( ret = ctx->cipher_info->base->ofb_func( ctx->cipher_ctx,
ilen, &ctx->unprocessed_len, ctx->iv, input, output ) ) )
{
return( ret );
}
*olen = ilen;
return( 0 );
}
#endif /* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
if( ctx->cipher_info->mode == MBEDTLS_MODE_CTR )
{
if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
ilen, &ctx->unprocessed_len, ctx->iv,
ctx->unprocessed_data, input, output ) ) )
{
return( ret );
}
*olen = ilen;
return( 0 );
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
if( ctx->cipher_info->mode == MBEDTLS_MODE_XTS )
{
if( ctx->unprocessed_len > 0 ) {
/* We can only process an entire data unit at a time. */
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
ret = ctx->cipher_info->base->xts_func( ctx->cipher_ctx,
ctx->operation, ilen, ctx->iv, input, output );
if( ret != 0 )
{
return( ret );
}
*olen = ilen;
return( 0 );
}
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
if( ctx->cipher_info->mode == MBEDTLS_MODE_STREAM )
{
if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
ilen, input, output ) ) )
{
return( ret );
}
*olen = ilen;
return( 0 );
}
#endif /* MBEDTLS_CIPHER_MODE_STREAM */
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
/*
* PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
*/
static void add_pkcs_padding( unsigned char *output, size_t output_len,
size_t data_len )
{
size_t padding_len = output_len - data_len;
unsigned char i;
for( i = 0; i < padding_len; i++ )
output[data_len + i] = (unsigned char) padding_len;
}
static int get_pkcs_padding( unsigned char *input, size_t input_len,
size_t *data_len )
{
size_t i, pad_idx;
unsigned char padding_len, bad = 0;
if( NULL == input || NULL == data_len )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
padding_len = input[input_len - 1];
*data_len = input_len - padding_len;
/* Avoid logical || since it results in a branch */
bad |= padding_len > input_len;
bad |= padding_len == 0;
/* The number of bytes checked must be independent of padding_len,
* so pick input_len, which is usually 8 or 16 (one block) */
pad_idx = input_len - padding_len;
for( i = 0; i < input_len; i++ )
bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx );
return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
}
#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
/*
* One and zeros padding: fill with 80 00 ... 00
*/
static void add_one_and_zeros_padding( unsigned char *output,
size_t output_len, size_t data_len )
{
size_t padding_len = output_len - data_len;
unsigned char i = 0;
output[data_len] = 0x80;
for( i = 1; i < padding_len; i++ )
output[data_len + i] = 0x00;
}
static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
size_t *data_len )
{
size_t i;
unsigned char done = 0, prev_done, bad;
if( NULL == input || NULL == data_len )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
bad = 0x80;
*data_len = 0;
for( i = input_len; i > 0; i-- )
{
prev_done = done;
done |= ( input[i - 1] != 0 );
*data_len |= ( i - 1 ) * ( done != prev_done );
bad ^= input[i - 1] * ( done != prev_done );
}
return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
}
#endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
/*
* Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
*/
static void add_zeros_and_len_padding( unsigned char *output,
size_t output_len, size_t data_len )
{
size_t padding_len = output_len - data_len;
unsigned char i = 0;
for( i = 1; i < padding_len; i++ )
output[data_len + i - 1] = 0x00;
output[output_len - 1] = (unsigned char) padding_len;
}
static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
size_t *data_len )
{
size_t i, pad_idx;
unsigned char padding_len, bad = 0;
if( NULL == input || NULL == data_len )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
padding_len = input[input_len - 1];
*data_len = input_len - padding_len;
/* Avoid logical || since it results in a branch */
bad |= padding_len > input_len;
bad |= padding_len == 0;
/* The number of bytes checked must be independent of padding_len */
pad_idx = input_len - padding_len;
for( i = 0; i < input_len - 1; i++ )
bad |= input[i] * ( i >= pad_idx );
return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
}
#endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
/*
* Zero padding: fill with 00 ... 00
*/
static void add_zeros_padding( unsigned char *output,
size_t output_len, size_t data_len )
{
size_t i;
for( i = data_len; i < output_len; i++ )
output[i] = 0x00;
}
static int get_zeros_padding( unsigned char *input, size_t input_len,
size_t *data_len )
{
size_t i;
unsigned char done = 0, prev_done;
if( NULL == input || NULL == data_len )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
*data_len = 0;
for( i = input_len; i > 0; i-- )
{
prev_done = done;
done |= ( input[i-1] != 0 );
*data_len |= i * ( done != prev_done );
}
return( 0 );
}
#endif /* MBEDTLS_CIPHER_PADDING_ZEROS */
/*
* No padding: don't pad :)
*
* There is no add_padding function (check for NULL in mbedtls_cipher_finish)
* but a trivial get_padding function
*/
static int get_no_padding( unsigned char *input, size_t input_len,
size_t *data_len )
{
if( NULL == input || NULL == data_len )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
*data_len = input_len;
return( 0 );
}
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
unsigned char *output, size_t *olen )
{
CIPHER_VALIDATE_RET( ctx != NULL );
CIPHER_VALIDATE_RET( output != NULL );
CIPHER_VALIDATE_RET( olen != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
*olen = 0;
if( MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
MBEDTLS_MODE_CTR == ctx->cipher_info->mode ||
MBEDTLS_MODE_GCM == ctx->cipher_info->mode ||
MBEDTLS_MODE_XTS == ctx->cipher_info->mode ||
MBEDTLS_MODE_STREAM == ctx->cipher_info->mode )
{
return( 0 );
}
if ( ( MBEDTLS_CIPHER_CHACHA20 == ctx->cipher_info->type ) ||
( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) )
{
return( 0 );
}
if( MBEDTLS_MODE_ECB == ctx->cipher_info->mode )
{
if( ctx->unprocessed_len != 0 )
return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
return( 0 );
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
if( MBEDTLS_MODE_CBC == ctx->cipher_info->mode )
{
int ret = 0;
if( MBEDTLS_ENCRYPT == ctx->operation )
{
/* check for 'no padding' mode */
if( NULL == ctx->add_padding )
{
if( 0 != ctx->unprocessed_len )
return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
return( 0 );
}
ctx->add_padding( ctx->unprocessed_data, mbedtls_cipher_get_iv_size( ctx ),
ctx->unprocessed_len );
}
else if( mbedtls_cipher_get_block_size( ctx ) != ctx->unprocessed_len )
{
/*
* For decrypt operations, expect a full block,
* or an empty block if no padding
*/
if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
return( 0 );
return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
}
/* cipher block */
if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv,
ctx->unprocessed_data, output ) ) )
{
return( ret );
}
/* Set output size for decryption */
if( MBEDTLS_DECRYPT == ctx->operation )
return( ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ),
olen ) );
/* Set output size for encryption */
*olen = mbedtls_cipher_get_block_size( ctx );
return( 0 );
}
#else
((void) output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
mbedtls_cipher_padding_t mode )
{
CIPHER_VALIDATE_RET( ctx != NULL );
if( NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
/* While PSA Crypto knows about CBC padding
* schemes, we currently don't make them
* accessible through the cipher layer. */
if( mode != MBEDTLS_PADDING_NONE )
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
return( 0 );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
switch( mode )
{
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
case MBEDTLS_PADDING_PKCS7:
ctx->add_padding = add_pkcs_padding;
ctx->get_padding = get_pkcs_padding;
break;
#endif
#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
case MBEDTLS_PADDING_ONE_AND_ZEROS:
ctx->add_padding = add_one_and_zeros_padding;
ctx->get_padding = get_one_and_zeros_padding;
break;
#endif
#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
case MBEDTLS_PADDING_ZEROS_AND_LEN:
ctx->add_padding = add_zeros_and_len_padding;
ctx->get_padding = get_zeros_and_len_padding;
break;
#endif
#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
case MBEDTLS_PADDING_ZEROS:
ctx->add_padding = add_zeros_padding;
ctx->get_padding = get_zeros_padding;
break;
#endif
case MBEDTLS_PADDING_NONE:
ctx->add_padding = NULL;
ctx->get_padding = get_no_padding;
break;
default:
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
return( 0 );
}
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
unsigned char *tag, size_t tag_len )
{
CIPHER_VALIDATE_RET( ctx != NULL );
CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if( MBEDTLS_ENCRYPT != ctx->operation )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
return( 0 );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
return( mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx,
tag, tag_len ) );
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
{
/* Don't allow truncated MAC for Poly1305 */
if ( tag_len != 16U )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
return( mbedtls_chachapoly_finish(
(mbedtls_chachapoly_context*) ctx->cipher_ctx, tag ) );
}
#endif
return( 0 );
}
int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
const unsigned char *tag, size_t tag_len )
{
unsigned char check_tag[16];
int ret;
CIPHER_VALIDATE_RET( ctx != NULL );
CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if( MBEDTLS_DECRYPT != ctx->operation )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
{
if( tag_len > sizeof( check_tag ) )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if( 0 != ( ret = mbedtls_gcm_finish(
(mbedtls_gcm_context *) ctx->cipher_ctx,
check_tag, tag_len ) ) )
{
return( ret );
}
/* Check the tag in "constant-time" */
if( mbedtls_constant_time_memcmp( tag, check_tag, tag_len ) != 0 )
return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
return( 0 );
}
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
{
/* Don't allow truncated MAC for Poly1305 */
if ( tag_len != sizeof( check_tag ) )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
ret = mbedtls_chachapoly_finish(
(mbedtls_chachapoly_context*) ctx->cipher_ctx, check_tag );
if ( ret != 0 )
{
return( ret );
}
/* Check the tag in "constant-time" */
if( mbedtls_constant_time_memcmp( tag, check_tag, tag_len ) != 0 )
return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
return( 0 );
}
#endif /* MBEDTLS_CHACHAPOLY_C */
return( 0 );
}
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
/*
* Packet-oriented wrapper for non-AEAD modes
*/
int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen )
{
int ret;
size_t finish_olen;
CIPHER_VALIDATE_RET( ctx != NULL );
CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
CIPHER_VALIDATE_RET( output != NULL );
CIPHER_VALIDATE_RET( olen != NULL );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
/* As in the non-PSA case, we don't check that
* a key has been set. If not, the key slot will
* still be in its default state of 0, which is
* guaranteed to be invalid, hence the PSA-call
* below will gracefully fail. */
mbedtls_cipher_context_psa * const cipher_psa =
(mbedtls_cipher_context_psa *) ctx->cipher_ctx;
psa_status_t status;
psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
size_t part_len;
if( ctx->operation == MBEDTLS_DECRYPT )
{
status = psa_cipher_decrypt_setup( &cipher_op,
cipher_psa->slot,
cipher_psa->alg );
}
else if( ctx->operation == MBEDTLS_ENCRYPT )
{
status = psa_cipher_encrypt_setup( &cipher_op,
cipher_psa->slot,
cipher_psa->alg );
}
else
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
/* In the following, we can immediately return on an error,
* because the PSA Crypto API guarantees that cipher operations
* are terminated by unsuccessful calls to psa_cipher_update(),
* and by any call to psa_cipher_finish(). */
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
status = psa_cipher_set_iv( &cipher_op, iv, iv_len );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
status = psa_cipher_update( &cipher_op,
input, ilen,
output, ilen, olen );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
status = psa_cipher_finish( &cipher_op,
output + *olen, ilen - *olen,
&part_len );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
*olen += part_len;
return( 0 );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = mbedtls_cipher_set_iv( ctx, iv, iv_len ) ) != 0 )
return( ret );
if( ( ret = mbedtls_cipher_reset( ctx ) ) != 0 )
return( ret );
if( ( ret = mbedtls_cipher_update( ctx, input, ilen,
output, olen ) ) != 0 )
return( ret );
if( ( ret = mbedtls_cipher_finish( ctx, output + *olen,
&finish_olen ) ) != 0 )
return( ret );
*olen += finish_olen;
return( 0 );
}
#if defined(MBEDTLS_CIPHER_MODE_AEAD)
/*
* Packet-oriented encryption for AEAD modes
*/
int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen,
unsigned char *tag, size_t tag_len )
{
CIPHER_VALIDATE_RET( ctx != NULL );
CIPHER_VALIDATE_RET( iv != NULL );
CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
CIPHER_VALIDATE_RET( output != NULL );
CIPHER_VALIDATE_RET( olen != NULL );
CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
/* As in the non-PSA case, we don't check that
* a key has been set. If not, the key slot will
* still be in its default state of 0, which is
* guaranteed to be invalid, hence the PSA-call
* below will gracefully fail. */
mbedtls_cipher_context_psa * const cipher_psa =
(mbedtls_cipher_context_psa *) ctx->cipher_ctx;
psa_status_t status;
/* PSA Crypto API always writes the authentication tag
* at the end of the encrypted message. */
if( tag != output + ilen )
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
status = psa_aead_encrypt( cipher_psa->slot,
cipher_psa->alg,
iv, iv_len,
ad, ad_len,
input, ilen,
output, ilen + tag_len, olen );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
*olen -= tag_len;
return( 0 );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
{
*olen = ilen;
return( mbedtls_gcm_crypt_and_tag( ctx->cipher_ctx, MBEDTLS_GCM_ENCRYPT,
ilen, iv, iv_len, ad, ad_len,
input, output, tag_len, tag ) );
}
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
{
*olen = ilen;
return( mbedtls_ccm_encrypt_and_tag( ctx->cipher_ctx, ilen,
iv, iv_len, ad, ad_len, input, output,
tag, tag_len ) );
}
#endif /* MBEDTLS_CCM_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
{
/* ChachaPoly has fixed length nonce and MAC (tag) */
if ( ( iv_len != ctx->cipher_info->iv_size ) ||
( tag_len != 16U ) )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
*olen = ilen;
return( mbedtls_chachapoly_encrypt_and_tag( ctx->cipher_ctx,
ilen, iv, ad, ad_len, input, output, tag ) );
}
#endif /* MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_NIST_KW_C)
if( MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
MBEDTLS_MODE_KWP == ctx->cipher_info->mode )
{
mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ?
MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
/* There is no iv, tag or ad associated with KW and KWP, these length should be 0 */
if( iv_len != 0 || tag_len != 0 || ad_len != 0 )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
return( mbedtls_nist_kw_wrap( ctx->cipher_ctx, mode, input, ilen, output, olen, SIZE_MAX ) );
}
#endif /* MBEDTLS_NIST_KW_C */
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
/*
* Packet-oriented decryption for AEAD modes
*/
int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen,
const unsigned char *tag, size_t tag_len )
{
CIPHER_VALIDATE_RET( ctx != NULL );
CIPHER_VALIDATE_RET( iv != NULL );
CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
CIPHER_VALIDATE_RET( output != NULL );
CIPHER_VALIDATE_RET( olen != NULL );
CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
/* As in the non-PSA case, we don't check that
* a key has been set. If not, the key slot will
* still be in its default state of 0, which is
* guaranteed to be invalid, hence the PSA-call
* below will gracefully fail. */
mbedtls_cipher_context_psa * const cipher_psa =
(mbedtls_cipher_context_psa *) ctx->cipher_ctx;
psa_status_t status;
/* PSA Crypto API always writes the authentication tag
* at the end of the encrypted message. */
if( tag != input + ilen )
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
status = psa_aead_decrypt( cipher_psa->slot,
cipher_psa->alg,
iv, iv_len,
ad, ad_len,
input, ilen + tag_len,
output, ilen, olen );
if( status == PSA_ERROR_INVALID_SIGNATURE )
return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
else if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
return( 0 );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
{
int ret;
*olen = ilen;
ret = mbedtls_gcm_auth_decrypt( ctx->cipher_ctx, ilen,
iv, iv_len, ad, ad_len,
tag, tag_len, input, output );
if( ret == MBEDTLS_ERR_GCM_AUTH_FAILED )
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
return( ret );
}
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
{
int ret;
*olen = ilen;
ret = mbedtls_ccm_auth_decrypt( ctx->cipher_ctx, ilen,
iv, iv_len, ad, ad_len,
input, output, tag, tag_len );
if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
return( ret );
}
#endif /* MBEDTLS_CCM_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
{
int ret;
/* ChachaPoly has fixed length nonce and MAC (tag) */
if ( ( iv_len != ctx->cipher_info->iv_size ) ||
( tag_len != 16U ) )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
*olen = ilen;
ret = mbedtls_chachapoly_auth_decrypt( ctx->cipher_ctx, ilen,
iv, ad, ad_len, tag, input, output );
if( ret == MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED )
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
return( ret );
}
#endif /* MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_NIST_KW_C)
if( MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
MBEDTLS_MODE_KWP == ctx->cipher_info->mode )
{
mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ?
MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
/* There is no iv, tag or ad associated with KW and KWP, these length should be 0 */
if( iv_len != 0 || tag_len != 0 || ad_len != 0 )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
return( mbedtls_nist_kw_unwrap( ctx->cipher_ctx, mode, input, ilen, output, olen, SIZE_MAX ) );
}
#endif /* MBEDTLS_NIST_KW_C */
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
#endif /* MBEDTLS_CIPHER_MODE_AEAD */
#endif /* MBEDTLS_CIPHER_C */
...@@ -29,183 +29,14 @@ ...@@ -29,183 +29,14 @@
#ifndef MBEDTLS_CIPHER_H #ifndef MBEDTLS_CIPHER_H
#define MBEDTLS_CIPHER_H #define MBEDTLS_CIPHER_H
#include "config.h"
#include "platform_util.h" #include "platform_util.h"
#include <stddef.h> #include <stddef.h>
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
#define MBEDTLS_CIPHER_MODE_AEAD
#endif
#if defined(MBEDTLS_CIPHER_MODE_CBC)
#define MBEDTLS_CIPHER_MODE_WITH_PADDING
#endif
#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
defined(MBEDTLS_CHACHA20_C)
#define MBEDTLS_CIPHER_MODE_STREAM
#endif
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 /**< The selected feature is not available. */
#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 /**< Bad input parameters. */
#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 /**< Failed to allocate memory. */
#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */
#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */
#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid. For example, because it was freed. */
/* MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400 /**< Cipher hardware accelerator failed. */
#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length. */
#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length. */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/**
* \brief Supported cipher types.
*
* \warning RC4 and DES are considered weak ciphers and their use
* constitutes a security risk. Arm recommends considering stronger
* ciphers instead.
*/
typedef enum {
MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID lists. */
MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */
MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */
MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */
MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */
MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
MBEDTLS_CIPHER_ID_BLOWFISH, /**< The Blowfish cipher. */
MBEDTLS_CIPHER_ID_ARC4, /**< The RC4 cipher. */
MBEDTLS_CIPHER_ID_ARIA, /**< The Aria cipher. */
MBEDTLS_CIPHER_ID_CHACHA20, /**< The ChaCha20 cipher. */
} mbedtls_cipher_id_t;
/**
* \brief Supported {cipher type, cipher mode} pairs.
*
* \warning RC4 and DES are considered weak ciphers and their use
* constitutes a security risk. Arm recommends considering stronger
* ciphers instead.
*/
typedef enum {
MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair lists. */
MBEDTLS_CIPHER_NULL, /**< The identity stream cipher. */
MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */
MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */
MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */
MBEDTLS_CIPHER_AES_128_CBC, /**< AES cipher with 128-bit CBC mode. */
MBEDTLS_CIPHER_AES_192_CBC, /**< AES cipher with 192-bit CBC mode. */
MBEDTLS_CIPHER_AES_256_CBC, /**< AES cipher with 256-bit CBC mode. */
MBEDTLS_CIPHER_AES_128_CFB128, /**< AES cipher with 128-bit CFB128 mode. */
MBEDTLS_CIPHER_AES_192_CFB128, /**< AES cipher with 192-bit CFB128 mode. */
MBEDTLS_CIPHER_AES_256_CFB128, /**< AES cipher with 256-bit CFB128 mode. */
MBEDTLS_CIPHER_AES_128_CTR, /**< AES cipher with 128-bit CTR mode. */
MBEDTLS_CIPHER_AES_192_CTR, /**< AES cipher with 192-bit CTR mode. */
MBEDTLS_CIPHER_AES_256_CTR, /**< AES cipher with 256-bit CTR mode. */
MBEDTLS_CIPHER_AES_128_GCM, /**< AES cipher with 128-bit GCM mode. */
MBEDTLS_CIPHER_AES_192_GCM, /**< AES cipher with 192-bit GCM mode. */
MBEDTLS_CIPHER_AES_256_GCM, /**< AES cipher with 256-bit GCM mode. */
MBEDTLS_CIPHER_CAMELLIA_128_ECB, /**< Camellia cipher with 128-bit ECB mode. */
MBEDTLS_CIPHER_CAMELLIA_192_ECB, /**< Camellia cipher with 192-bit ECB mode. */
MBEDTLS_CIPHER_CAMELLIA_256_ECB, /**< Camellia cipher with 256-bit ECB mode. */
MBEDTLS_CIPHER_CAMELLIA_128_CBC, /**< Camellia cipher with 128-bit CBC mode. */
MBEDTLS_CIPHER_CAMELLIA_192_CBC, /**< Camellia cipher with 192-bit CBC mode. */
MBEDTLS_CIPHER_CAMELLIA_256_CBC, /**< Camellia cipher with 256-bit CBC mode. */
MBEDTLS_CIPHER_CAMELLIA_128_CFB128, /**< Camellia cipher with 128-bit CFB128 mode. */
MBEDTLS_CIPHER_CAMELLIA_192_CFB128, /**< Camellia cipher with 192-bit CFB128 mode. */
MBEDTLS_CIPHER_CAMELLIA_256_CFB128, /**< Camellia cipher with 256-bit CFB128 mode. */
MBEDTLS_CIPHER_CAMELLIA_128_CTR, /**< Camellia cipher with 128-bit CTR mode. */
MBEDTLS_CIPHER_CAMELLIA_192_CTR, /**< Camellia cipher with 192-bit CTR mode. */
MBEDTLS_CIPHER_CAMELLIA_256_CTR, /**< Camellia cipher with 256-bit CTR mode. */
MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */
MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */
MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */
MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */
MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */
MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */
MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */
MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */
MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */
MBEDTLS_CIPHER_BLOWFISH_ECB, /**< Blowfish cipher with ECB mode. */
MBEDTLS_CIPHER_BLOWFISH_CBC, /**< Blowfish cipher with CBC mode. */
MBEDTLS_CIPHER_BLOWFISH_CFB64, /**< Blowfish cipher with CFB64 mode. */
MBEDTLS_CIPHER_BLOWFISH_CTR, /**< Blowfish cipher with CTR mode. */
MBEDTLS_CIPHER_ARC4_128, /**< RC4 cipher with 128-bit mode. */
MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */
MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */
MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */
MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode. */
MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode. */
MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode. */
MBEDTLS_CIPHER_ARIA_128_ECB, /**< Aria cipher with 128-bit key and ECB mode. */
MBEDTLS_CIPHER_ARIA_192_ECB, /**< Aria cipher with 192-bit key and ECB mode. */
MBEDTLS_CIPHER_ARIA_256_ECB, /**< Aria cipher with 256-bit key and ECB mode. */
MBEDTLS_CIPHER_ARIA_128_CBC, /**< Aria cipher with 128-bit key and CBC mode. */
MBEDTLS_CIPHER_ARIA_192_CBC, /**< Aria cipher with 192-bit key and CBC mode. */
MBEDTLS_CIPHER_ARIA_256_CBC, /**< Aria cipher with 256-bit key and CBC mode. */
MBEDTLS_CIPHER_ARIA_128_CFB128, /**< Aria cipher with 128-bit key and CFB-128 mode. */
MBEDTLS_CIPHER_ARIA_192_CFB128, /**< Aria cipher with 192-bit key and CFB-128 mode. */
MBEDTLS_CIPHER_ARIA_256_CFB128, /**< Aria cipher with 256-bit key and CFB-128 mode. */
MBEDTLS_CIPHER_ARIA_128_CTR, /**< Aria cipher with 128-bit key and CTR mode. */
MBEDTLS_CIPHER_ARIA_192_CTR, /**< Aria cipher with 192-bit key and CTR mode. */
MBEDTLS_CIPHER_ARIA_256_CTR, /**< Aria cipher with 256-bit key and CTR mode. */
MBEDTLS_CIPHER_ARIA_128_GCM, /**< Aria cipher with 128-bit key and GCM mode. */
MBEDTLS_CIPHER_ARIA_192_GCM, /**< Aria cipher with 192-bit key and GCM mode. */
MBEDTLS_CIPHER_ARIA_256_GCM, /**< Aria cipher with 256-bit key and GCM mode. */
MBEDTLS_CIPHER_ARIA_128_CCM, /**< Aria cipher with 128-bit key and CCM mode. */
MBEDTLS_CIPHER_ARIA_192_CCM, /**< Aria cipher with 192-bit key and CCM mode. */
MBEDTLS_CIPHER_ARIA_256_CCM, /**< Aria cipher with 256-bit key and CCM mode. */
MBEDTLS_CIPHER_AES_128_OFB, /**< AES 128-bit cipher in OFB mode. */
MBEDTLS_CIPHER_AES_192_OFB, /**< AES 192-bit cipher in OFB mode. */
MBEDTLS_CIPHER_AES_256_OFB, /**< AES 256-bit cipher in OFB mode. */
MBEDTLS_CIPHER_AES_128_XTS, /**< AES 128-bit cipher in XTS block mode. */
MBEDTLS_CIPHER_AES_256_XTS, /**< AES 256-bit cipher in XTS block mode. */
MBEDTLS_CIPHER_CHACHA20, /**< ChaCha20 stream cipher. */
MBEDTLS_CIPHER_CHACHA20_POLY1305, /**< ChaCha20-Poly1305 AEAD cipher. */
MBEDTLS_CIPHER_AES_128_KW, /**< AES cipher with 128-bit NIST KW mode. */
MBEDTLS_CIPHER_AES_192_KW, /**< AES cipher with 192-bit NIST KW mode. */
MBEDTLS_CIPHER_AES_256_KW, /**< AES cipher with 256-bit NIST KW mode. */
MBEDTLS_CIPHER_AES_128_KWP, /**< AES cipher with 128-bit NIST KWP mode. */
MBEDTLS_CIPHER_AES_192_KWP, /**< AES cipher with 192-bit NIST KWP mode. */
MBEDTLS_CIPHER_AES_256_KWP, /**< AES cipher with 256-bit NIST KWP mode. */
} mbedtls_cipher_type_t;
/** Supported cipher modes. */
typedef enum {
MBEDTLS_MODE_NONE = 0, /**< None. */
MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */
MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */
MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */
MBEDTLS_MODE_OFB, /**< The OFB cipher mode. */
MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */
MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */
MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */
MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */
MBEDTLS_MODE_XTS, /**< The XTS cipher mode. */
MBEDTLS_MODE_CHACHAPOLY, /**< The ChaCha-Poly cipher mode. */
MBEDTLS_MODE_KW, /**< The SP800-38F KW mode */
MBEDTLS_MODE_KWP, /**< The SP800-38F KWP mode */
} mbedtls_cipher_mode_t;
/** Supported cipher padding types. */
typedef enum {
MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */
MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding. */
MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding. */
MBEDTLS_PADDING_ZEROS, /**< Zero padding (not reversible). */
MBEDTLS_PADDING_NONE, /**< Never pad (full blocks only). */
} mbedtls_cipher_padding_t;
/** Type of operation. */ /** Type of operation. */
typedef enum { typedef enum {
MBEDTLS_OPERATION_NONE = -1, MBEDTLS_OPERATION_NONE = -1,
...@@ -213,83 +44,16 @@ typedef enum { ...@@ -213,83 +44,16 @@ typedef enum {
MBEDTLS_ENCRYPT, MBEDTLS_ENCRYPT,
} mbedtls_operation_t; } mbedtls_operation_t;
enum {
/** Undefined key length. */
MBEDTLS_KEY_LENGTH_NONE = 0,
/** Key length, in bits (including parity), for DES keys. */
MBEDTLS_KEY_LENGTH_DES = 64,
/** Key length in bits, including parity, for DES in two-key EDE. */
MBEDTLS_KEY_LENGTH_DES_EDE = 128,
/** Key length in bits, including parity, for DES in three-key EDE. */
MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
};
/** Maximum length of any IV, in Bytes. */ /** Maximum length of any IV, in Bytes. */
#define MBEDTLS_MAX_IV_LENGTH 16 #define MBEDTLS_MAX_IV_LENGTH 16
/** Maximum block size of any cipher, in Bytes. */ /** Maximum block size of any cipher, in Bytes. */
#define MBEDTLS_MAX_BLOCK_LENGTH 16 #define MBEDTLS_MAX_BLOCK_LENGTH 16
/** /**
* Base cipher information (opaque struct).
*/
typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t;
/**
* CMAC context (opaque struct).
*/
typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
/**
* Cipher information. Allows calling cipher functions
* in a generic way.
*/
typedef struct mbedtls_cipher_info_t
{
/** Full cipher identifier. For example,
* MBEDTLS_CIPHER_AES_256_CBC.
*/
mbedtls_cipher_type_t type;
/** The cipher mode. For example, MBEDTLS_MODE_CBC. */
mbedtls_cipher_mode_t mode;
/** The cipher key length, in bits. This is the
* default length for variable sized ciphers.
* Includes parity bits for ciphers like DES.
*/
unsigned int key_bitlen;
/** Name of the cipher. */
const char * name;
/** IV or nonce size, in Bytes.
* For ciphers that accept variable IV sizes,
* this is the recommended size.
*/
unsigned int iv_size;
/** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and
* MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the
* cipher supports variable IV or variable key sizes, respectively.
*/
int flags;
/** The block size, in Bytes. */
unsigned int block_size;
/** Struct for base cipher information and functions. */
const mbedtls_cipher_base_t *base;
} mbedtls_cipher_info_t;
/**
* Generic cipher context. * Generic cipher context.
*/ */
typedef struct mbedtls_cipher_context_t typedef struct mbedtls_cipher_context_t
{ {
/** Information about the associated cipher. */
const mbedtls_cipher_info_t *cipher_info;
/** Key length to use. */ /** Key length to use. */
int key_bitlen; int key_bitlen;
...@@ -298,623 +62,11 @@ typedef struct mbedtls_cipher_context_t ...@@ -298,623 +62,11 @@ typedef struct mbedtls_cipher_context_t
*/ */
mbedtls_operation_t operation; mbedtls_operation_t operation;
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
/** Padding functions to use, if relevant for
* the specific cipher mode.
*/
void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
#endif
/** Buffer for input that has not been processed yet. */
unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
/** Number of Bytes that have not been processed yet. */
size_t unprocessed_len;
/** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number
* for XTS-mode. */
unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
/** IV size in Bytes, for ciphers with variable-length IVs. */
size_t iv_size;
/** The cipher-specific context. */ /** The cipher-specific context. */
void *cipher_ctx; void *cipher_ctx;
#if defined(MBEDTLS_CMAC_C)
/** CMAC-specific context. */
mbedtls_cmac_context_t *cmac_ctx;
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/** Indicates whether the cipher operations should be performed
* by Mbed TLS' own crypto library or an external implementation
* of the PSA Crypto API.
* This is unset if the cipher context was established through
* mbedtls_cipher_setup(), and set if it was established through
* mbedtls_cipher_setup_psa().
*/
unsigned char psa_enabled;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
} mbedtls_cipher_context_t; } mbedtls_cipher_context_t;
/**
* \brief This function retrieves the list of ciphers supported
* by the generic cipher module.
*
* For any cipher identifier in the returned list, you can
* obtain the corresponding generic cipher information structure
* via mbedtls_cipher_info_from_type(), which can then be used
* to prepare a cipher context via mbedtls_cipher_setup().
*
*
* \return A statically-allocated array of cipher identifiers
* of type cipher_type_t. The last entry is zero.
*/
const int *mbedtls_cipher_list( void );
/**
* \brief This function retrieves the cipher-information
* structure associated with the given cipher name.
*
* \param cipher_name Name of the cipher to search for. This must not be
* \c NULL.
*
* \return The cipher information structure associated with the
* given \p cipher_name.
* \return \c NULL if the associated cipher information is not found.
*/
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
/**
* \brief This function retrieves the cipher-information
* structure associated with the given cipher type.
*
* \param cipher_type Type of the cipher to search for.
*
* \return The cipher information structure associated with the
* given \p cipher_type.
* \return \c NULL if the associated cipher information is not found.
*/
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
/**
* \brief This function retrieves the cipher-information
* structure associated with the given cipher ID,
* key size and mode.
*
* \param cipher_id The ID of the cipher to search for. For example,
* #MBEDTLS_CIPHER_ID_AES.
* \param key_bitlen The length of the key in bits.
* \param mode The cipher mode. For example, #MBEDTLS_MODE_CBC.
*
* \return The cipher information structure associated with the
* given \p cipher_id.
* \return \c NULL if the associated cipher information is not found.
*/
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
int key_bitlen,
const mbedtls_cipher_mode_t mode );
/**
* \brief This function initializes a \p cipher_context as NONE.
*
* \param ctx The context to be initialized. This must not be \c NULL.
*/
void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
/**
* \brief This function frees and clears the cipher-specific
* context of \p ctx. Freeing \p ctx itself remains the
* responsibility of the caller.
*
* \param ctx The context to be freed. If this is \c NULL, the
* function has no effect, otherwise this must point to an
* initialized context.
*/
void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
/**
* \brief This function initializes a cipher context for
* use with the given cipher primitive.
*
* \param ctx The context to initialize. This must be initialized.
* \param cipher_info The cipher to use.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
* \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
* cipher-specific context fails.
*
* \internal Currently, the function also clears the structure.
* In future versions, the caller will be required to call
* mbedtls_cipher_init() on the structure first.
*/
int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
* \brief This function initializes a cipher context for
* PSA-based use with the given cipher primitive.
*
* \note See #MBEDTLS_USE_PSA_CRYPTO for information on PSA.
*
* \param ctx The context to initialize. May not be \c NULL.
* \param cipher_info The cipher to use.
* \param taglen For AEAD ciphers, the length in bytes of the
* authentication tag to use. Subsequent uses of
* mbedtls_cipher_auth_encrypt() or
* mbedtls_cipher_auth_decrypt() must provide
* the same tag length.
* For non-AEAD ciphers, the value must be \c 0.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
* \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
* cipher-specific context fails.
*/
int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info,
size_t taglen );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/**
* \brief This function returns the block size of the given cipher.
*
* \param ctx The context of the cipher. This must be initialized.
*
* \return The block size of the underlying cipher.
* \return \c 0 if \p ctx has not been initialized.
*/
static inline unsigned int mbedtls_cipher_get_block_size(
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
if( ctx->cipher_info == NULL )
return 0;
return ctx->cipher_info->block_size;
}
/**
* \brief This function returns the mode of operation for
* the cipher. For example, MBEDTLS_MODE_CBC.
*
* \param ctx The context of the cipher. This must be initialized.
*
* \return The mode of operation.
* \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized.
*/
static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE );
if( ctx->cipher_info == NULL )
return MBEDTLS_MODE_NONE;
return ctx->cipher_info->mode;
}
/**
* \brief This function returns the size of the IV or nonce
* of the cipher, in Bytes.
*
* \param ctx The context of the cipher. This must be initialized.
*
* \return The recommended IV size if no IV has been set.
* \return \c 0 for ciphers not using an IV or a nonce.
* \return The actual size if an IV has been set.
*/
static inline int mbedtls_cipher_get_iv_size(
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
if( ctx->cipher_info == NULL )
return 0;
if( ctx->iv_size != 0 )
return (int) ctx->iv_size;
return (int) ctx->cipher_info->iv_size;
}
/**
* \brief This function returns the type of the given cipher.
*
* \param ctx The context of the cipher. This must be initialized.
*
* \return The type of the cipher.
* \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized.
*/
static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_CIPHER_NONE );
if( ctx->cipher_info == NULL )
return MBEDTLS_CIPHER_NONE;
return ctx->cipher_info->type;
}
/**
* \brief This function returns the name of the given cipher
* as a string.
*
* \param ctx The context of the cipher. This must be initialized.
*
* \return The name of the cipher.
* \return NULL if \p ctx has not been not initialized.
*/
static inline const char *mbedtls_cipher_get_name(
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
if( ctx->cipher_info == NULL )
return 0;
return ctx->cipher_info->name;
}
/**
* \brief This function returns the key length of the cipher.
*
* \param ctx The context of the cipher. This must be initialized.
*
* \return The key length of the cipher in bits.
* \return #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
* initialized.
*/
static inline int mbedtls_cipher_get_key_bitlen(
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
if( ctx->cipher_info == NULL )
return MBEDTLS_KEY_LENGTH_NONE;
return (int) ctx->cipher_info->key_bitlen;
}
/**
* \brief This function returns the operation of the given cipher.
*
* \param ctx The context of the cipher. This must be initialized.
*
* \return The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
* \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized.
*/
static inline mbedtls_operation_t mbedtls_cipher_get_operation(
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_OPERATION_NONE );
if( ctx->cipher_info == NULL )
return MBEDTLS_OPERATION_NONE;
return ctx->operation;
}
/**
* \brief This function sets the key to use with the given context.
*
* \param ctx The generic cipher context. This must be initialized and
* bound to a cipher information structure.
* \param key The key to use. This must be a readable buffer of at
* least \p key_bitlen Bits.
* \param key_bitlen The key length to use, in Bits.
* \param operation The operation that the key will be used for:
* #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
* \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
const unsigned char *key,
int key_bitlen,
const mbedtls_operation_t operation );
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
/**
* \brief This function sets the padding mode, for cipher modes
* that use padding.
*
* The default passing mode is PKCS7 padding.
*
* \param ctx The generic cipher context. This must be initialized and
* bound to a cipher information structure.
* \param mode The padding mode.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
* if the selected padding mode is not supported.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
* does not support padding.
*/
int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
mbedtls_cipher_padding_t mode );
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
/**
* \brief This function sets the initialization vector (IV)
* or nonce.
*
* \note Some ciphers do not use IVs nor nonce. For these
* ciphers, this function has no effect.
*
* \param ctx The generic cipher context. This must be initialized and
* bound to a cipher information structure.
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This
* must be a readable buffer of at least \p iv_len Bytes.
* \param iv_len The IV length for ciphers with variable-size IV.
* This parameter is discarded by ciphers with fixed-size IV.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
*/
int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
const unsigned char *iv,
size_t iv_len );
/**
* \brief This function resets the cipher state.
*
* \param ctx The generic cipher context. This must be initialized.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
*/
int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
/**
* \brief This function adds additional data for AEAD ciphers.
* Currently supported with GCM and ChaCha20+Poly1305.
* This must be called exactly once, after
* mbedtls_cipher_reset().
*
* \param ctx The generic cipher context. This must be initialized.
* \param ad The additional data to use. This must be a readable
* buffer of at least \p ad_len Bytes.
* \param ad_len The length of \p ad in Bytes.
*
* \return \c 0 on success.
* \return A specific error code on failure.
*/
int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len );
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
/**
* \brief The generic cipher update function. It encrypts or
* decrypts using the given cipher context. Writes as
* many block-sized blocks of data as possible to output.
* Any data that cannot be written immediately is either
* added to the next block, or flushed when
* mbedtls_cipher_finish() is called.
* Exception: For MBEDTLS_MODE_ECB, expects a single block
* in size. For example, 16 Bytes for AES.
*
* \note If the underlying cipher is used in GCM mode, all calls
* to this function, except for the last one before
* mbedtls_cipher_finish(), must have \p ilen as a
* multiple of the block size of the cipher.
*
* \param ctx The generic cipher context. This must be initialized and
* bound to a key.
* \param input The buffer holding the input data. This must be a
* readable buffer of at least \p ilen Bytes.
* \param ilen The length of the input data.
* \param output The buffer for the output data. This must be able to
* hold at least `ilen + block_size`. This must not be the
* same buffer as \p input.
* \param olen The length of the output data, to be updated with the
* actual number of Bytes written. This must not be
* \c NULL.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
* \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
* unsupported mode for a cipher.
* \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx,
const unsigned char *input,
size_t ilen, unsigned char *output,
size_t *olen );
/**
* \brief The generic cipher finalization function. If data still
* needs to be flushed from an incomplete block, the data
* contained in it is padded to the size of
* the last block, and written to the \p output buffer.
*
* \param ctx The generic cipher context. This must be initialized and
* bound to a key.
* \param output The buffer to write data to. This needs to be a writable
* buffer of at least \p block_size Bytes.
* \param olen The length of the data written to the \p output buffer.
* This may not be \c NULL.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
* \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
* expecting a full block but not receiving one.
* \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
* while decrypting.
* \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
unsigned char *output, size_t *olen );
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
/**
* \brief This function writes a tag for AEAD ciphers.
* Currently supported with GCM and ChaCha20+Poly1305.
* This must be called after mbedtls_cipher_finish().
*
* \param ctx The generic cipher context. This must be initialized,
* bound to a key, and have just completed a cipher
* operation through mbedtls_cipher_finish() the tag for
* which should be written.
* \param tag The buffer to write the tag to. This must be a writable
* buffer of at least \p tag_len Bytes.
* \param tag_len The length of the tag to write.
*
* \return \c 0 on success.
* \return A specific error code on failure.
*/
int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
unsigned char *tag, size_t tag_len );
/**
* \brief This function checks the tag for AEAD ciphers.
* Currently supported with GCM and ChaCha20+Poly1305.
* This must be called after mbedtls_cipher_finish().
*
* \param ctx The generic cipher context. This must be initialized.
* \param tag The buffer holding the tag. This must be a readable
* buffer of at least \p tag_len Bytes.
* \param tag_len The length of the tag to check.
*
* \return \c 0 on success.
* \return A specific error code on failure.
*/
int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
const unsigned char *tag, size_t tag_len );
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
/**
* \brief The generic all-in-one encryption/decryption function,
* for all ciphers except AEAD constructs.
*
* \param ctx The generic cipher context. This must be initialized.
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
* This must be a readable buffer of at least \p iv_len
* Bytes.
* \param iv_len The IV length for ciphers with variable-size IV.
* This parameter is discarded by ciphers with fixed-size
* IV.
* \param input The buffer holding the input data. This must be a
* readable buffer of at least \p ilen Bytes.
* \param ilen The length of the input data in Bytes.
* \param output The buffer for the output data. This must be able to
* hold at least `ilen + block_size`. This must not be the
* same buffer as \p input.
* \param olen The length of the output data, to be updated with the
* actual number of Bytes written. This must not be
* \c NULL.
*
* \note Some ciphers do not use IVs nor nonce. For these
* ciphers, use \p iv = NULL and \p iv_len = 0.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
* \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
* expecting a full block but not receiving one.
* \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
* while decrypting.
* \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen );
#if defined(MBEDTLS_CIPHER_MODE_AEAD)
/**
* \brief The generic autenticated encryption (AEAD) function.
*
* \param ctx The generic cipher context. This must be initialized and
* bound to a key.
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
* This must be a readable buffer of at least \p iv_len
* Bytes.
* \param iv_len The IV length for ciphers with variable-size IV.
* This parameter is discarded by ciphers with fixed-size IV.
* \param ad The additional data to authenticate. This must be a
* readable buffer of at least \p ad_len Bytes.
* \param ad_len The length of \p ad.
* \param input The buffer holding the input data. This must be a
* readable buffer of at least \p ilen Bytes.
* \param ilen The length of the input data.
* \param output The buffer for the output data. This must be able to
* hold at least \p ilen Bytes.
* \param olen The length of the output data, to be updated with the
* actual number of Bytes written. This must not be
* \c NULL.
* \param tag The buffer for the authentication tag. This must be a
* writable buffer of at least \p tag_len Bytes.
* \param tag_len The desired length of the authentication tag.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
* \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen,
unsigned char *tag, size_t tag_len );
/**
* \brief The generic autenticated decryption (AEAD) function.
*
* \note If the data is not authentic, then the output buffer
* is zeroed out to prevent the unauthentic plaintext being
* used, making this interface safer.
*
* \param ctx The generic cipher context. This must be initialized and
* and bound to a key.
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
* This must be a readable buffer of at least \p iv_len
* Bytes.
* \param iv_len The IV length for ciphers with variable-size IV.
* This parameter is discarded by ciphers with fixed-size IV.
* \param ad The additional data to be authenticated. This must be a
* readable buffer of at least \p ad_len Bytes.
* \param ad_len The length of \p ad.
* \param input The buffer holding the input data. This must be a
* readable buffer of at least \p ilen Bytes.
* \param ilen The length of the input data.
* \param output The buffer for the output data.
* This must be able to hold at least \p ilen Bytes.
* \param olen The length of the output data, to be updated with the
* actual number of Bytes written. This must not be
* \c NULL.
* \param tag The buffer holding the authentication tag. This must be
* a readable buffer of at least \p tag_len Bytes.
* \param tag_len The length of the authentication tag.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
* \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
* \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen,
const unsigned char *tag, size_t tag_len );
#endif /* MBEDTLS_CIPHER_MODE_AEAD */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
......
/**
* \file cipher_internal.h
*
* \brief Cipher wrappers.
*
* \author Adriaan de Jong <dejong@fox-it.com>
*/
/*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_CIPHER_WRAP_H
#define MBEDTLS_CIPHER_WRAP_H
#include "config.h"
#include "cipher.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#ifdef __cplusplus
extern "C" {
#endif
/**
* Base cipher information. The non-mode specific functions and values.
*/
struct mbedtls_cipher_base_t
{
/** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */
mbedtls_cipher_id_t cipher;
/** Encrypt using ECB */
int (*ecb_func)( void *ctx, mbedtls_operation_t mode,
const unsigned char *input, unsigned char *output );
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/** Encrypt using CBC */
int (*cbc_func)( void *ctx, mbedtls_operation_t mode, size_t length,
unsigned char *iv, const unsigned char *input,
unsigned char *output );
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
/** Encrypt using CFB (Full length) */
int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off,
unsigned char *iv, const unsigned char *input,
unsigned char *output );
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
/** Encrypt using OFB (Full length) */
int (*ofb_func)( void *ctx, size_t length, size_t *iv_off,
unsigned char *iv,
const unsigned char *input,
unsigned char *output );
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
/** Encrypt using CTR */
int (*ctr_func)( void *ctx, size_t length, size_t *nc_off,
unsigned char *nonce_counter, unsigned char *stream_block,
const unsigned char *input, unsigned char *output );
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/** Encrypt or decrypt using XTS. */
int (*xts_func)( void *ctx, mbedtls_operation_t mode, size_t length,
const unsigned char data_unit[16],
const unsigned char *input, unsigned char *output );
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
/** Encrypt using STREAM */
int (*stream_func)( void *ctx, size_t length,
const unsigned char *input, unsigned char *output );
#endif
/** Set key for encryption purposes */
int (*setkey_enc_func)( void *ctx, const unsigned char *key,
unsigned int key_bitlen );
/** Set key for decryption purposes */
int (*setkey_dec_func)( void *ctx, const unsigned char *key,
unsigned int key_bitlen);
/** Allocate a new context */
void * (*ctx_alloc_func)( void );
/** Free the given context */
void (*ctx_free_func)( void *ctx );
};
typedef struct
{
mbedtls_cipher_type_t type;
const mbedtls_cipher_info_t *info;
} mbedtls_cipher_definition_t;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
typedef enum
{
MBEDTLS_CIPHER_PSA_KEY_UNSET = 0,
MBEDTLS_CIPHER_PSA_KEY_OWNED, /* Used for PSA-based cipher contexts which */
/* use raw key material internally imported */
/* into a allocated key slot, and which */
/* hence need to destroy that key slot */
/* when they are no longer needed. */
MBEDTLS_CIPHER_PSA_KEY_NOT_OWNED, /* Used for PSA-based cipher contexts */
/* which use a key from a key slot */
/* provided by the user, and which */
/* hence should not be destroyed when */
/* the context is no longer needed. */
} mbedtls_cipher_psa_key_ownership;
typedef struct
{
psa_algorithm_t alg;
psa_key_handle_t slot;
mbedtls_cipher_psa_key_ownership slot_state;
} mbedtls_cipher_context_psa;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[];
extern int mbedtls_cipher_supported[];
#ifdef __cplusplus
}
#endif
#endif /* MBEDTLS_CIPHER_WRAP_H */
/**
* \file cipher_wrap.c
*
* \brief Generic cipher wrapper for mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#include "config.h"
#if defined(MBEDTLS_CIPHER_C)
#include "cipher_internal.h"
#if defined(MBEDTLS_CHACHAPOLY_C)
#include "mbedtls/chachapoly.h"
#endif
#if defined(MBEDTLS_AES_C)
#include "aes.h"
#endif
#if defined(MBEDTLS_ARC4_C)
#include "mbedtls/arc4.h"
#endif
#if defined(MBEDTLS_CAMELLIA_C)
#include "mbedtls/camellia.h"
#endif
#if defined(MBEDTLS_ARIA_C)
#include "mbedtls/aria.h"
#endif
#if defined(MBEDTLS_DES_C)
#include "mbedtls/des.h"
#endif
#if defined(MBEDTLS_BLOWFISH_C)
#include "mbedtls/blowfish.h"
#endif
#if defined(MBEDTLS_CHACHA20_C)
#include "mbedtls/chacha20.h"
#endif
#if defined(MBEDTLS_GCM_C)
#include "gcm.h"
#endif
#if defined(MBEDTLS_CCM_C)
#include "mbedtls/ccm.h"
#endif
#if defined(MBEDTLS_NIST_KW_C)
#include "mbedtls/nist_kw.h"
#endif
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
#include <string.h>
#endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#if defined(MBEDTLS_GCM_C)
/* shared by all GCM ciphers */
static void *gcm_ctx_alloc( void )
{
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_gcm_context ) );
if( ctx != NULL )
mbedtls_gcm_init( (mbedtls_gcm_context *) ctx );
return( ctx );
}
static void gcm_ctx_free( void *ctx )
{
mbedtls_gcm_free( ctx );
mbedtls_free( ctx );
}
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
/* shared by all CCM ciphers */
static void *ccm_ctx_alloc( void )
{
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ccm_context ) );
if( ctx != NULL )
mbedtls_ccm_init( (mbedtls_ccm_context *) ctx );
return( ctx );
}
static void ccm_ctx_free( void *ctx )
{
mbedtls_ccm_free( ctx );
mbedtls_free( ctx );
}
#endif /* MBEDTLS_CCM_C */
#if defined(MBEDTLS_AES_C)
static int aes_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
const unsigned char *input, unsigned char *output )
{
return mbedtls_aes_crypt_ecb( (mbedtls_aes_context *) ctx, operation, input, output );
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static int aes_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length,
unsigned char *iv, const unsigned char *input, unsigned char *output )
{
return mbedtls_aes_crypt_cbc( (mbedtls_aes_context *) ctx, operation, length, iv, input,
output );
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static int aes_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
size_t length, size_t *iv_off, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
return mbedtls_aes_crypt_cfb128( (mbedtls_aes_context *) ctx, operation, length, iv_off, iv,
input, output );
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
static int aes_crypt_ofb_wrap( void *ctx, size_t length, size_t *iv_off,
unsigned char *iv, const unsigned char *input, unsigned char *output )
{
return mbedtls_aes_crypt_ofb( (mbedtls_aes_context *) ctx, length, iv_off,
iv, input, output );
}
#endif /* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static int aes_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
unsigned char *nonce_counter, unsigned char *stream_block,
const unsigned char *input, unsigned char *output )
{
return mbedtls_aes_crypt_ctr( (mbedtls_aes_context *) ctx, length, nc_off, nonce_counter,
stream_block, input, output );
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
static int aes_crypt_xts_wrap( void *ctx, mbedtls_operation_t operation,
size_t length,
const unsigned char data_unit[16],
const unsigned char *input,
unsigned char *output )
{
mbedtls_aes_xts_context *xts_ctx = ctx;
int mode;
switch( operation )
{
case MBEDTLS_ENCRYPT:
mode = MBEDTLS_AES_ENCRYPT;
break;
case MBEDTLS_DECRYPT:
mode = MBEDTLS_AES_DECRYPT;
break;
default:
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
return mbedtls_aes_crypt_xts( xts_ctx, mode, length,
data_unit, input, output );
}
#endif /* MBEDTLS_CIPHER_MODE_XTS */
static int aes_setkey_dec_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
return mbedtls_aes_setkey_dec( (mbedtls_aes_context *) ctx, key, key_bitlen );
}
static int aes_setkey_enc_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
return mbedtls_aes_setkey_enc( (mbedtls_aes_context *) ctx, key, key_bitlen );
}
static void * aes_ctx_alloc( void )
{
mbedtls_aes_context *aes = mbedtls_calloc( 1, sizeof( mbedtls_aes_context ) );
if( aes == NULL )
return( NULL );
mbedtls_aes_init( aes );
return( aes );
}
static void aes_ctx_free( void *ctx )
{
mbedtls_aes_free( (mbedtls_aes_context *) ctx );
mbedtls_free( ctx );
}
static const mbedtls_cipher_base_t aes_info = {
MBEDTLS_CIPHER_ID_AES,
aes_crypt_ecb_wrap,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
aes_crypt_cbc_wrap,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
aes_crypt_cfb128_wrap,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
aes_crypt_ofb_wrap,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
aes_crypt_ctr_wrap,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
aes_setkey_enc_wrap,
aes_setkey_dec_wrap,
aes_ctx_alloc,
aes_ctx_free
};
static const mbedtls_cipher_info_t aes_128_ecb_info = {
MBEDTLS_CIPHER_AES_128_ECB,
MBEDTLS_MODE_ECB,
128,
"AES-128-ECB",
0,
0,
16,
&aes_info
};
static const mbedtls_cipher_info_t aes_192_ecb_info = {
MBEDTLS_CIPHER_AES_192_ECB,
MBEDTLS_MODE_ECB,
192,
"AES-192-ECB",
0,
0,
16,
&aes_info
};
static const mbedtls_cipher_info_t aes_256_ecb_info = {
MBEDTLS_CIPHER_AES_256_ECB,
MBEDTLS_MODE_ECB,
256,
"AES-256-ECB",
0,
0,
16,
&aes_info
};
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static const mbedtls_cipher_info_t aes_128_cbc_info = {
MBEDTLS_CIPHER_AES_128_CBC,
MBEDTLS_MODE_CBC,
128,
"AES-128-CBC",
16,
0,
16,
&aes_info
};
static const mbedtls_cipher_info_t aes_192_cbc_info = {
MBEDTLS_CIPHER_AES_192_CBC,
MBEDTLS_MODE_CBC,
192,
"AES-192-CBC",
16,
0,
16,
&aes_info
};
static const mbedtls_cipher_info_t aes_256_cbc_info = {
MBEDTLS_CIPHER_AES_256_CBC,
MBEDTLS_MODE_CBC,
256,
"AES-256-CBC",
16,
0,
16,
&aes_info
};
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static const mbedtls_cipher_info_t aes_128_cfb128_info = {
MBEDTLS_CIPHER_AES_128_CFB128,
MBEDTLS_MODE_CFB,
128,
"AES-128-CFB128",
16,
0,
16,
&aes_info
};
static const mbedtls_cipher_info_t aes_192_cfb128_info = {
MBEDTLS_CIPHER_AES_192_CFB128,
MBEDTLS_MODE_CFB,
192,
"AES-192-CFB128",
16,
0,
16,
&aes_info
};
static const mbedtls_cipher_info_t aes_256_cfb128_info = {
MBEDTLS_CIPHER_AES_256_CFB128,
MBEDTLS_MODE_CFB,
256,
"AES-256-CFB128",
16,
0,
16,
&aes_info
};
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
static const mbedtls_cipher_info_t aes_128_ofb_info = {
MBEDTLS_CIPHER_AES_128_OFB,
MBEDTLS_MODE_OFB,
128,
"AES-128-OFB",
16,
0,
16,
&aes_info
};
static const mbedtls_cipher_info_t aes_192_ofb_info = {
MBEDTLS_CIPHER_AES_192_OFB,
MBEDTLS_MODE_OFB,
192,
"AES-192-OFB",
16,
0,
16,
&aes_info
};
static const mbedtls_cipher_info_t aes_256_ofb_info = {
MBEDTLS_CIPHER_AES_256_OFB,
MBEDTLS_MODE_OFB,
256,
"AES-256-OFB",
16,
0,
16,
&aes_info
};
#endif /* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static const mbedtls_cipher_info_t aes_128_ctr_info = {
MBEDTLS_CIPHER_AES_128_CTR,
MBEDTLS_MODE_CTR,
128,
"AES-128-CTR",
16,
0,
16,
&aes_info
};
static const mbedtls_cipher_info_t aes_192_ctr_info = {
MBEDTLS_CIPHER_AES_192_CTR,
MBEDTLS_MODE_CTR,
192,
"AES-192-CTR",
16,
0,
16,
&aes_info
};
static const mbedtls_cipher_info_t aes_256_ctr_info = {
MBEDTLS_CIPHER_AES_256_CTR,
MBEDTLS_MODE_CTR,
256,
"AES-256-CTR",
16,
0,
16,
&aes_info
};
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
static int xts_aes_setkey_enc_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
mbedtls_aes_xts_context *xts_ctx = ctx;
return( mbedtls_aes_xts_setkey_enc( xts_ctx, key, key_bitlen ) );
}
static int xts_aes_setkey_dec_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
mbedtls_aes_xts_context *xts_ctx = ctx;
return( mbedtls_aes_xts_setkey_dec( xts_ctx, key, key_bitlen ) );
}
static void *xts_aes_ctx_alloc( void )
{
mbedtls_aes_xts_context *xts_ctx = mbedtls_calloc( 1, sizeof( *xts_ctx ) );
if( xts_ctx != NULL )
mbedtls_aes_xts_init( xts_ctx );
return( xts_ctx );
}
static void xts_aes_ctx_free( void *ctx )
{
mbedtls_aes_xts_context *xts_ctx = ctx;
if( xts_ctx == NULL )
return;
mbedtls_aes_xts_free( xts_ctx );
mbedtls_free( xts_ctx );
}
static const mbedtls_cipher_base_t xts_aes_info = {
MBEDTLS_CIPHER_ID_AES,
NULL,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
aes_crypt_xts_wrap,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
xts_aes_setkey_enc_wrap,
xts_aes_setkey_dec_wrap,
xts_aes_ctx_alloc,
xts_aes_ctx_free
};
static const mbedtls_cipher_info_t aes_128_xts_info = {
MBEDTLS_CIPHER_AES_128_XTS,
MBEDTLS_MODE_XTS,
256,
"AES-128-XTS",
16,
0,
16,
&xts_aes_info
};
static const mbedtls_cipher_info_t aes_256_xts_info = {
MBEDTLS_CIPHER_AES_256_XTS,
MBEDTLS_MODE_XTS,
512,
"AES-256-XTS",
16,
0,
16,
&xts_aes_info
};
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_GCM_C)
static int gcm_aes_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
key, key_bitlen );
}
static const mbedtls_cipher_base_t gcm_aes_info = {
MBEDTLS_CIPHER_ID_AES,
NULL,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
gcm_aes_setkey_wrap,
gcm_aes_setkey_wrap,
gcm_ctx_alloc,
gcm_ctx_free,
};
static const mbedtls_cipher_info_t aes_128_gcm_info = {
MBEDTLS_CIPHER_AES_128_GCM,
MBEDTLS_MODE_GCM,
128,
"AES-128-GCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_aes_info
};
static const mbedtls_cipher_info_t aes_192_gcm_info = {
MBEDTLS_CIPHER_AES_192_GCM,
MBEDTLS_MODE_GCM,
192,
"AES-192-GCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_aes_info
};
static const mbedtls_cipher_info_t aes_256_gcm_info = {
MBEDTLS_CIPHER_AES_256_GCM,
MBEDTLS_MODE_GCM,
256,
"AES-256-GCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_aes_info
};
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
static int ccm_aes_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
key, key_bitlen );
}
static const mbedtls_cipher_base_t ccm_aes_info = {
MBEDTLS_CIPHER_ID_AES,
NULL,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
ccm_aes_setkey_wrap,
ccm_aes_setkey_wrap,
ccm_ctx_alloc,
ccm_ctx_free,
};
static const mbedtls_cipher_info_t aes_128_ccm_info = {
MBEDTLS_CIPHER_AES_128_CCM,
MBEDTLS_MODE_CCM,
128,
"AES-128-CCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_aes_info
};
static const mbedtls_cipher_info_t aes_192_ccm_info = {
MBEDTLS_CIPHER_AES_192_CCM,
MBEDTLS_MODE_CCM,
192,
"AES-192-CCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_aes_info
};
static const mbedtls_cipher_info_t aes_256_ccm_info = {
MBEDTLS_CIPHER_AES_256_CCM,
MBEDTLS_MODE_CCM,
256,
"AES-256-CCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_aes_info
};
#endif /* MBEDTLS_CCM_C */
#endif /* MBEDTLS_AES_C */
#if defined(MBEDTLS_CAMELLIA_C)
static int camellia_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
const unsigned char *input, unsigned char *output )
{
return mbedtls_camellia_crypt_ecb( (mbedtls_camellia_context *) ctx, operation, input,
output );
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static int camellia_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
size_t length, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
return mbedtls_camellia_crypt_cbc( (mbedtls_camellia_context *) ctx, operation, length, iv,
input, output );
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static int camellia_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
size_t length, size_t *iv_off, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
return mbedtls_camellia_crypt_cfb128( (mbedtls_camellia_context *) ctx, operation, length,
iv_off, iv, input, output );
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static int camellia_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
unsigned char *nonce_counter, unsigned char *stream_block,
const unsigned char *input, unsigned char *output )
{
return mbedtls_camellia_crypt_ctr( (mbedtls_camellia_context *) ctx, length, nc_off,
nonce_counter, stream_block, input, output );
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
static int camellia_setkey_dec_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
return mbedtls_camellia_setkey_dec( (mbedtls_camellia_context *) ctx, key, key_bitlen );
}
static int camellia_setkey_enc_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
return mbedtls_camellia_setkey_enc( (mbedtls_camellia_context *) ctx, key, key_bitlen );
}
static void * camellia_ctx_alloc( void )
{
mbedtls_camellia_context *ctx;
ctx = mbedtls_calloc( 1, sizeof( mbedtls_camellia_context ) );
if( ctx == NULL )
return( NULL );
mbedtls_camellia_init( ctx );
return( ctx );
}
static void camellia_ctx_free( void *ctx )
{
mbedtls_camellia_free( (mbedtls_camellia_context *) ctx );
mbedtls_free( ctx );
}
static const mbedtls_cipher_base_t camellia_info = {
MBEDTLS_CIPHER_ID_CAMELLIA,
camellia_crypt_ecb_wrap,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
camellia_crypt_cbc_wrap,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
camellia_crypt_cfb128_wrap,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
camellia_crypt_ctr_wrap,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
camellia_setkey_enc_wrap,
camellia_setkey_dec_wrap,
camellia_ctx_alloc,
camellia_ctx_free
};
static const mbedtls_cipher_info_t camellia_128_ecb_info = {
MBEDTLS_CIPHER_CAMELLIA_128_ECB,
MBEDTLS_MODE_ECB,
128,
"CAMELLIA-128-ECB",
16,
0,
16,
&camellia_info
};
static const mbedtls_cipher_info_t camellia_192_ecb_info = {
MBEDTLS_CIPHER_CAMELLIA_192_ECB,
MBEDTLS_MODE_ECB,
192,
"CAMELLIA-192-ECB",
16,
0,
16,
&camellia_info
};
static const mbedtls_cipher_info_t camellia_256_ecb_info = {
MBEDTLS_CIPHER_CAMELLIA_256_ECB,
MBEDTLS_MODE_ECB,
256,
"CAMELLIA-256-ECB",
16,
0,
16,
&camellia_info
};
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static const mbedtls_cipher_info_t camellia_128_cbc_info = {
MBEDTLS_CIPHER_CAMELLIA_128_CBC,
MBEDTLS_MODE_CBC,
128,
"CAMELLIA-128-CBC",
16,
0,
16,
&camellia_info
};
static const mbedtls_cipher_info_t camellia_192_cbc_info = {
MBEDTLS_CIPHER_CAMELLIA_192_CBC,
MBEDTLS_MODE_CBC,
192,
"CAMELLIA-192-CBC",
16,
0,
16,
&camellia_info
};
static const mbedtls_cipher_info_t camellia_256_cbc_info = {
MBEDTLS_CIPHER_CAMELLIA_256_CBC,
MBEDTLS_MODE_CBC,
256,
"CAMELLIA-256-CBC",
16,
0,
16,
&camellia_info
};
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static const mbedtls_cipher_info_t camellia_128_cfb128_info = {
MBEDTLS_CIPHER_CAMELLIA_128_CFB128,
MBEDTLS_MODE_CFB,
128,
"CAMELLIA-128-CFB128",
16,
0,
16,
&camellia_info
};
static const mbedtls_cipher_info_t camellia_192_cfb128_info = {
MBEDTLS_CIPHER_CAMELLIA_192_CFB128,
MBEDTLS_MODE_CFB,
192,
"CAMELLIA-192-CFB128",
16,
0,
16,
&camellia_info
};
static const mbedtls_cipher_info_t camellia_256_cfb128_info = {
MBEDTLS_CIPHER_CAMELLIA_256_CFB128,
MBEDTLS_MODE_CFB,
256,
"CAMELLIA-256-CFB128",
16,
0,
16,
&camellia_info
};
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static const mbedtls_cipher_info_t camellia_128_ctr_info = {
MBEDTLS_CIPHER_CAMELLIA_128_CTR,
MBEDTLS_MODE_CTR,
128,
"CAMELLIA-128-CTR",
16,
0,
16,
&camellia_info
};
static const mbedtls_cipher_info_t camellia_192_ctr_info = {
MBEDTLS_CIPHER_CAMELLIA_192_CTR,
MBEDTLS_MODE_CTR,
192,
"CAMELLIA-192-CTR",
16,
0,
16,
&camellia_info
};
static const mbedtls_cipher_info_t camellia_256_ctr_info = {
MBEDTLS_CIPHER_CAMELLIA_256_CTR,
MBEDTLS_MODE_CTR,
256,
"CAMELLIA-256-CTR",
16,
0,
16,
&camellia_info
};
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_GCM_C)
static int gcm_camellia_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA,
key, key_bitlen );
}
static const mbedtls_cipher_base_t gcm_camellia_info = {
MBEDTLS_CIPHER_ID_CAMELLIA,
NULL,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
gcm_camellia_setkey_wrap,
gcm_camellia_setkey_wrap,
gcm_ctx_alloc,
gcm_ctx_free,
};
static const mbedtls_cipher_info_t camellia_128_gcm_info = {
MBEDTLS_CIPHER_CAMELLIA_128_GCM,
MBEDTLS_MODE_GCM,
128,
"CAMELLIA-128-GCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_camellia_info
};
static const mbedtls_cipher_info_t camellia_192_gcm_info = {
MBEDTLS_CIPHER_CAMELLIA_192_GCM,
MBEDTLS_MODE_GCM,
192,
"CAMELLIA-192-GCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_camellia_info
};
static const mbedtls_cipher_info_t camellia_256_gcm_info = {
MBEDTLS_CIPHER_CAMELLIA_256_GCM,
MBEDTLS_MODE_GCM,
256,
"CAMELLIA-256-GCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_camellia_info
};
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
static int ccm_camellia_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA,
key, key_bitlen );
}
static const mbedtls_cipher_base_t ccm_camellia_info = {
MBEDTLS_CIPHER_ID_CAMELLIA,
NULL,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
ccm_camellia_setkey_wrap,
ccm_camellia_setkey_wrap,
ccm_ctx_alloc,
ccm_ctx_free,
};
static const mbedtls_cipher_info_t camellia_128_ccm_info = {
MBEDTLS_CIPHER_CAMELLIA_128_CCM,
MBEDTLS_MODE_CCM,
128,
"CAMELLIA-128-CCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_camellia_info
};
static const mbedtls_cipher_info_t camellia_192_ccm_info = {
MBEDTLS_CIPHER_CAMELLIA_192_CCM,
MBEDTLS_MODE_CCM,
192,
"CAMELLIA-192-CCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_camellia_info
};
static const mbedtls_cipher_info_t camellia_256_ccm_info = {
MBEDTLS_CIPHER_CAMELLIA_256_CCM,
MBEDTLS_MODE_CCM,
256,
"CAMELLIA-256-CCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_camellia_info
};
#endif /* MBEDTLS_CCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
#if defined(MBEDTLS_ARIA_C)
static int aria_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
const unsigned char *input, unsigned char *output )
{
(void) operation;
return mbedtls_aria_crypt_ecb( (mbedtls_aria_context *) ctx, input,
output );
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static int aria_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
size_t length, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
return mbedtls_aria_crypt_cbc( (mbedtls_aria_context *) ctx, operation, length, iv,
input, output );
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static int aria_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
size_t length, size_t *iv_off, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
return mbedtls_aria_crypt_cfb128( (mbedtls_aria_context *) ctx, operation, length,
iv_off, iv, input, output );
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static int aria_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
unsigned char *nonce_counter, unsigned char *stream_block,
const unsigned char *input, unsigned char *output )
{
return mbedtls_aria_crypt_ctr( (mbedtls_aria_context *) ctx, length, nc_off,
nonce_counter, stream_block, input, output );
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
static int aria_setkey_dec_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
return mbedtls_aria_setkey_dec( (mbedtls_aria_context *) ctx, key, key_bitlen );
}
static int aria_setkey_enc_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
return mbedtls_aria_setkey_enc( (mbedtls_aria_context *) ctx, key, key_bitlen );
}
static void * aria_ctx_alloc( void )
{
mbedtls_aria_context *ctx;
ctx = mbedtls_calloc( 1, sizeof( mbedtls_aria_context ) );
if( ctx == NULL )
return( NULL );
mbedtls_aria_init( ctx );
return( ctx );
}
static void aria_ctx_free( void *ctx )
{
mbedtls_aria_free( (mbedtls_aria_context *) ctx );
mbedtls_free( ctx );
}
static const mbedtls_cipher_base_t aria_info = {
MBEDTLS_CIPHER_ID_ARIA,
aria_crypt_ecb_wrap,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
aria_crypt_cbc_wrap,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
aria_crypt_cfb128_wrap,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
aria_crypt_ctr_wrap,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
aria_setkey_enc_wrap,
aria_setkey_dec_wrap,
aria_ctx_alloc,
aria_ctx_free
};
static const mbedtls_cipher_info_t aria_128_ecb_info = {
MBEDTLS_CIPHER_ARIA_128_ECB,
MBEDTLS_MODE_ECB,
128,
"ARIA-128-ECB",
16,
0,
16,
&aria_info
};
static const mbedtls_cipher_info_t aria_192_ecb_info = {
MBEDTLS_CIPHER_ARIA_192_ECB,
MBEDTLS_MODE_ECB,
192,
"ARIA-192-ECB",
16,
0,
16,
&aria_info
};
static const mbedtls_cipher_info_t aria_256_ecb_info = {
MBEDTLS_CIPHER_ARIA_256_ECB,
MBEDTLS_MODE_ECB,
256,
"ARIA-256-ECB",
16,
0,
16,
&aria_info
};
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static const mbedtls_cipher_info_t aria_128_cbc_info = {
MBEDTLS_CIPHER_ARIA_128_CBC,
MBEDTLS_MODE_CBC,
128,
"ARIA-128-CBC",
16,
0,
16,
&aria_info
};
static const mbedtls_cipher_info_t aria_192_cbc_info = {
MBEDTLS_CIPHER_ARIA_192_CBC,
MBEDTLS_MODE_CBC,
192,
"ARIA-192-CBC",
16,
0,
16,
&aria_info
};
static const mbedtls_cipher_info_t aria_256_cbc_info = {
MBEDTLS_CIPHER_ARIA_256_CBC,
MBEDTLS_MODE_CBC,
256,
"ARIA-256-CBC",
16,
0,
16,
&aria_info
};
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static const mbedtls_cipher_info_t aria_128_cfb128_info = {
MBEDTLS_CIPHER_ARIA_128_CFB128,
MBEDTLS_MODE_CFB,
128,
"ARIA-128-CFB128",
16,
0,
16,
&aria_info
};
static const mbedtls_cipher_info_t aria_192_cfb128_info = {
MBEDTLS_CIPHER_ARIA_192_CFB128,
MBEDTLS_MODE_CFB,
192,
"ARIA-192-CFB128",
16,
0,
16,
&aria_info
};
static const mbedtls_cipher_info_t aria_256_cfb128_info = {
MBEDTLS_CIPHER_ARIA_256_CFB128,
MBEDTLS_MODE_CFB,
256,
"ARIA-256-CFB128",
16,
0,
16,
&aria_info
};
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static const mbedtls_cipher_info_t aria_128_ctr_info = {
MBEDTLS_CIPHER_ARIA_128_CTR,
MBEDTLS_MODE_CTR,
128,
"ARIA-128-CTR",
16,
0,
16,
&aria_info
};
static const mbedtls_cipher_info_t aria_192_ctr_info = {
MBEDTLS_CIPHER_ARIA_192_CTR,
MBEDTLS_MODE_CTR,
192,
"ARIA-192-CTR",
16,
0,
16,
&aria_info
};
static const mbedtls_cipher_info_t aria_256_ctr_info = {
MBEDTLS_CIPHER_ARIA_256_CTR,
MBEDTLS_MODE_CTR,
256,
"ARIA-256-CTR",
16,
0,
16,
&aria_info
};
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_GCM_C)
static int gcm_aria_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA,
key, key_bitlen );
}
static const mbedtls_cipher_base_t gcm_aria_info = {
MBEDTLS_CIPHER_ID_ARIA,
NULL,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
gcm_aria_setkey_wrap,
gcm_aria_setkey_wrap,
gcm_ctx_alloc,
gcm_ctx_free,
};
static const mbedtls_cipher_info_t aria_128_gcm_info = {
MBEDTLS_CIPHER_ARIA_128_GCM,
MBEDTLS_MODE_GCM,
128,
"ARIA-128-GCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_aria_info
};
static const mbedtls_cipher_info_t aria_192_gcm_info = {
MBEDTLS_CIPHER_ARIA_192_GCM,
MBEDTLS_MODE_GCM,
192,
"ARIA-192-GCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_aria_info
};
static const mbedtls_cipher_info_t aria_256_gcm_info = {
MBEDTLS_CIPHER_ARIA_256_GCM,
MBEDTLS_MODE_GCM,
256,
"ARIA-256-GCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_aria_info
};
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
static int ccm_aria_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA,
key, key_bitlen );
}
static const mbedtls_cipher_base_t ccm_aria_info = {
MBEDTLS_CIPHER_ID_ARIA,
NULL,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
ccm_aria_setkey_wrap,
ccm_aria_setkey_wrap,
ccm_ctx_alloc,
ccm_ctx_free,
};
static const mbedtls_cipher_info_t aria_128_ccm_info = {
MBEDTLS_CIPHER_ARIA_128_CCM,
MBEDTLS_MODE_CCM,
128,
"ARIA-128-CCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_aria_info
};
static const mbedtls_cipher_info_t aria_192_ccm_info = {
MBEDTLS_CIPHER_ARIA_192_CCM,
MBEDTLS_MODE_CCM,
192,
"ARIA-192-CCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_aria_info
};
static const mbedtls_cipher_info_t aria_256_ccm_info = {
MBEDTLS_CIPHER_ARIA_256_CCM,
MBEDTLS_MODE_CCM,
256,
"ARIA-256-CCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_aria_info
};
#endif /* MBEDTLS_CCM_C */
#endif /* MBEDTLS_ARIA_C */
#if defined(MBEDTLS_DES_C)
static int des_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
const unsigned char *input, unsigned char *output )
{
((void) operation);
return mbedtls_des_crypt_ecb( (mbedtls_des_context *) ctx, input, output );
}
static int des3_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
const unsigned char *input, unsigned char *output )
{
((void) operation);
return mbedtls_des3_crypt_ecb( (mbedtls_des3_context *) ctx, input, output );
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static int des_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length,
unsigned char *iv, const unsigned char *input, unsigned char *output )
{
return mbedtls_des_crypt_cbc( (mbedtls_des_context *) ctx, operation, length, iv, input,
output );
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static int des3_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length,
unsigned char *iv, const unsigned char *input, unsigned char *output )
{
return mbedtls_des3_crypt_cbc( (mbedtls_des3_context *) ctx, operation, length, iv, input,
output );
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
static int des_setkey_dec_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
((void) key_bitlen);
return mbedtls_des_setkey_dec( (mbedtls_des_context *) ctx, key );
}
static int des_setkey_enc_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
((void) key_bitlen);
return mbedtls_des_setkey_enc( (mbedtls_des_context *) ctx, key );
}
static int des3_set2key_dec_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
((void) key_bitlen);
return mbedtls_des3_set2key_dec( (mbedtls_des3_context *) ctx, key );
}
static int des3_set2key_enc_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
((void) key_bitlen);
return mbedtls_des3_set2key_enc( (mbedtls_des3_context *) ctx, key );
}
static int des3_set3key_dec_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
((void) key_bitlen);
return mbedtls_des3_set3key_dec( (mbedtls_des3_context *) ctx, key );
}
static int des3_set3key_enc_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
((void) key_bitlen);
return mbedtls_des3_set3key_enc( (mbedtls_des3_context *) ctx, key );
}
static void * des_ctx_alloc( void )
{
mbedtls_des_context *des = mbedtls_calloc( 1, sizeof( mbedtls_des_context ) );
if( des == NULL )
return( NULL );
mbedtls_des_init( des );
return( des );
}
static void des_ctx_free( void *ctx )
{
mbedtls_des_free( (mbedtls_des_context *) ctx );
mbedtls_free( ctx );
}
static void * des3_ctx_alloc( void )
{
mbedtls_des3_context *des3;
des3 = mbedtls_calloc( 1, sizeof( mbedtls_des3_context ) );
if( des3 == NULL )
return( NULL );
mbedtls_des3_init( des3 );
return( des3 );
}
static void des3_ctx_free( void *ctx )
{
mbedtls_des3_free( (mbedtls_des3_context *) ctx );
mbedtls_free( ctx );
}
static const mbedtls_cipher_base_t des_info = {
MBEDTLS_CIPHER_ID_DES,
des_crypt_ecb_wrap,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
des_crypt_cbc_wrap,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
des_setkey_enc_wrap,
des_setkey_dec_wrap,
des_ctx_alloc,
des_ctx_free
};
static const mbedtls_cipher_info_t des_ecb_info = {
MBEDTLS_CIPHER_DES_ECB,
MBEDTLS_MODE_ECB,
MBEDTLS_KEY_LENGTH_DES,
"DES-ECB",
8,
0,
8,
&des_info
};
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static const mbedtls_cipher_info_t des_cbc_info = {
MBEDTLS_CIPHER_DES_CBC,
MBEDTLS_MODE_CBC,
MBEDTLS_KEY_LENGTH_DES,
"DES-CBC",
8,
0,
8,
&des_info
};
#endif /* MBEDTLS_CIPHER_MODE_CBC */
static const mbedtls_cipher_base_t des_ede_info = {
MBEDTLS_CIPHER_ID_DES,
des3_crypt_ecb_wrap,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
des3_crypt_cbc_wrap,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
des3_set2key_enc_wrap,
des3_set2key_dec_wrap,
des3_ctx_alloc,
des3_ctx_free
};
static const mbedtls_cipher_info_t des_ede_ecb_info = {
MBEDTLS_CIPHER_DES_EDE_ECB,
MBEDTLS_MODE_ECB,
MBEDTLS_KEY_LENGTH_DES_EDE,
"DES-EDE-ECB",
8,
0,
8,
&des_ede_info
};
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static const mbedtls_cipher_info_t des_ede_cbc_info = {
MBEDTLS_CIPHER_DES_EDE_CBC,
MBEDTLS_MODE_CBC,
MBEDTLS_KEY_LENGTH_DES_EDE,
"DES-EDE-CBC",
8,
0,
8,
&des_ede_info
};
#endif /* MBEDTLS_CIPHER_MODE_CBC */
static const mbedtls_cipher_base_t des_ede3_info = {
MBEDTLS_CIPHER_ID_3DES,
des3_crypt_ecb_wrap,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
des3_crypt_cbc_wrap,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
des3_set3key_enc_wrap,
des3_set3key_dec_wrap,
des3_ctx_alloc,
des3_ctx_free
};
static const mbedtls_cipher_info_t des_ede3_ecb_info = {
MBEDTLS_CIPHER_DES_EDE3_ECB,
MBEDTLS_MODE_ECB,
MBEDTLS_KEY_LENGTH_DES_EDE3,
"DES-EDE3-ECB",
8,
0,
8,
&des_ede3_info
};
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static const mbedtls_cipher_info_t des_ede3_cbc_info = {
MBEDTLS_CIPHER_DES_EDE3_CBC,
MBEDTLS_MODE_CBC,
MBEDTLS_KEY_LENGTH_DES_EDE3,
"DES-EDE3-CBC",
8,
0,
8,
&des_ede3_info
};
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#endif /* MBEDTLS_DES_C */
#if defined(MBEDTLS_BLOWFISH_C)
static int blowfish_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
const unsigned char *input, unsigned char *output )
{
return mbedtls_blowfish_crypt_ecb( (mbedtls_blowfish_context *) ctx, operation, input,
output );
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static int blowfish_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
size_t length, unsigned char *iv, const unsigned char *input,
unsigned char *output )
{
return mbedtls_blowfish_crypt_cbc( (mbedtls_blowfish_context *) ctx, operation, length, iv,
input, output );
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static int blowfish_crypt_cfb64_wrap( void *ctx, mbedtls_operation_t operation,
size_t length, size_t *iv_off, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
return mbedtls_blowfish_crypt_cfb64( (mbedtls_blowfish_context *) ctx, operation, length,
iv_off, iv, input, output );
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static int blowfish_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
unsigned char *nonce_counter, unsigned char *stream_block,
const unsigned char *input, unsigned char *output )
{
return mbedtls_blowfish_crypt_ctr( (mbedtls_blowfish_context *) ctx, length, nc_off,
nonce_counter, stream_block, input, output );
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
static int blowfish_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
return mbedtls_blowfish_setkey( (mbedtls_blowfish_context *) ctx, key, key_bitlen );
}
static void * blowfish_ctx_alloc( void )
{
mbedtls_blowfish_context *ctx;
ctx = mbedtls_calloc( 1, sizeof( mbedtls_blowfish_context ) );
if( ctx == NULL )
return( NULL );
mbedtls_blowfish_init( ctx );
return( ctx );
}
static void blowfish_ctx_free( void *ctx )
{
mbedtls_blowfish_free( (mbedtls_blowfish_context *) ctx );
mbedtls_free( ctx );
}
static const mbedtls_cipher_base_t blowfish_info = {
MBEDTLS_CIPHER_ID_BLOWFISH,
blowfish_crypt_ecb_wrap,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
blowfish_crypt_cbc_wrap,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
blowfish_crypt_cfb64_wrap,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
blowfish_crypt_ctr_wrap,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
blowfish_setkey_wrap,
blowfish_setkey_wrap,
blowfish_ctx_alloc,
blowfish_ctx_free
};
static const mbedtls_cipher_info_t blowfish_ecb_info = {
MBEDTLS_CIPHER_BLOWFISH_ECB,
MBEDTLS_MODE_ECB,
128,
"BLOWFISH-ECB",
8,
MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
8,
&blowfish_info
};
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static const mbedtls_cipher_info_t blowfish_cbc_info = {
MBEDTLS_CIPHER_BLOWFISH_CBC,
MBEDTLS_MODE_CBC,
128,
"BLOWFISH-CBC",
8,
MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
8,
&blowfish_info
};
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static const mbedtls_cipher_info_t blowfish_cfb64_info = {
MBEDTLS_CIPHER_BLOWFISH_CFB64,
MBEDTLS_MODE_CFB,
128,
"BLOWFISH-CFB64",
8,
MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
8,
&blowfish_info
};
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static const mbedtls_cipher_info_t blowfish_ctr_info = {
MBEDTLS_CIPHER_BLOWFISH_CTR,
MBEDTLS_MODE_CTR,
128,
"BLOWFISH-CTR",
8,
MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
8,
&blowfish_info
};
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#endif /* MBEDTLS_BLOWFISH_C */
#if defined(MBEDTLS_ARC4_C)
static int arc4_crypt_stream_wrap( void *ctx, size_t length,
const unsigned char *input,
unsigned char *output )
{
return( mbedtls_arc4_crypt( (mbedtls_arc4_context *) ctx, length, input, output ) );
}
static int arc4_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
/* we get key_bitlen in bits, arc4 expects it in bytes */
if( key_bitlen % 8 != 0 )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
mbedtls_arc4_setup( (mbedtls_arc4_context *) ctx, key, key_bitlen / 8 );
return( 0 );
}
static void * arc4_ctx_alloc( void )
{
mbedtls_arc4_context *ctx;
ctx = mbedtls_calloc( 1, sizeof( mbedtls_arc4_context ) );
if( ctx == NULL )
return( NULL );
mbedtls_arc4_init( ctx );
return( ctx );
}
static void arc4_ctx_free( void *ctx )
{
mbedtls_arc4_free( (mbedtls_arc4_context *) ctx );
mbedtls_free( ctx );
}
static const mbedtls_cipher_base_t arc4_base_info = {
MBEDTLS_CIPHER_ID_ARC4,
NULL,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
arc4_crypt_stream_wrap,
#endif
arc4_setkey_wrap,
arc4_setkey_wrap,
arc4_ctx_alloc,
arc4_ctx_free
};
static const mbedtls_cipher_info_t arc4_128_info = {
MBEDTLS_CIPHER_ARC4_128,
MBEDTLS_MODE_STREAM,
128,
"ARC4-128",
0,
0,
1,
&arc4_base_info
};
#endif /* MBEDTLS_ARC4_C */
#if defined(MBEDTLS_CHACHA20_C)
static int chacha20_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
if( key_bitlen != 256U )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if ( 0 != mbedtls_chacha20_setkey( (mbedtls_chacha20_context*)ctx, key ) )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
return( 0 );
}
static int chacha20_stream_wrap( void *ctx, size_t length,
const unsigned char *input,
unsigned char *output )
{
int ret;
ret = mbedtls_chacha20_update( ctx, length, input, output );
if( ret == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
return( ret );
}
static void * chacha20_ctx_alloc( void )
{
mbedtls_chacha20_context *ctx;
ctx = mbedtls_calloc( 1, sizeof( mbedtls_chacha20_context ) );
if( ctx == NULL )
return( NULL );
mbedtls_chacha20_init( ctx );
return( ctx );
}
static void chacha20_ctx_free( void *ctx )
{
mbedtls_chacha20_free( (mbedtls_chacha20_context *) ctx );
mbedtls_free( ctx );
}
static const mbedtls_cipher_base_t chacha20_base_info = {
MBEDTLS_CIPHER_ID_CHACHA20,
NULL,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
chacha20_stream_wrap,
#endif
chacha20_setkey_wrap,
chacha20_setkey_wrap,
chacha20_ctx_alloc,
chacha20_ctx_free
};
static const mbedtls_cipher_info_t chacha20_info = {
MBEDTLS_CIPHER_CHACHA20,
MBEDTLS_MODE_STREAM,
256,
"CHACHA20",
12,
0,
1,
&chacha20_base_info
};
#endif /* MBEDTLS_CHACHA20_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
static int chachapoly_setkey_wrap( void *ctx,
const unsigned char *key,
unsigned int key_bitlen )
{
if( key_bitlen != 256U )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if ( 0 != mbedtls_chachapoly_setkey( (mbedtls_chachapoly_context*)ctx, key ) )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
return( 0 );
}
static void * chachapoly_ctx_alloc( void )
{
mbedtls_chachapoly_context *ctx;
ctx = mbedtls_calloc( 1, sizeof( mbedtls_chachapoly_context ) );
if( ctx == NULL )
return( NULL );
mbedtls_chachapoly_init( ctx );
return( ctx );
}
static void chachapoly_ctx_free( void *ctx )
{
mbedtls_chachapoly_free( (mbedtls_chachapoly_context *) ctx );
mbedtls_free( ctx );
}
static const mbedtls_cipher_base_t chachapoly_base_info = {
MBEDTLS_CIPHER_ID_CHACHA20,
NULL,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
chachapoly_setkey_wrap,
chachapoly_setkey_wrap,
chachapoly_ctx_alloc,
chachapoly_ctx_free
};
static const mbedtls_cipher_info_t chachapoly_info = {
MBEDTLS_CIPHER_CHACHA20_POLY1305,
MBEDTLS_MODE_CHACHAPOLY,
256,
"CHACHA20-POLY1305",
12,
0,
1,
&chachapoly_base_info
};
#endif /* MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
static int null_crypt_stream( void *ctx, size_t length,
const unsigned char *input,
unsigned char *output )
{
((void) ctx);
memmove( output, input, length );
return( 0 );
}
static int null_setkey( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
((void) ctx);
((void) key);
((void) key_bitlen);
return( 0 );
}
static void * null_ctx_alloc( void )
{
return( (void *) 1 );
}
static void null_ctx_free( void *ctx )
{
((void) ctx);
}
static const mbedtls_cipher_base_t null_base_info = {
MBEDTLS_CIPHER_ID_NULL,
NULL,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
null_crypt_stream,
#endif
null_setkey,
null_setkey,
null_ctx_alloc,
null_ctx_free
};
static const mbedtls_cipher_info_t null_cipher_info = {
MBEDTLS_CIPHER_NULL,
MBEDTLS_MODE_STREAM,
0,
"NULL",
0,
0,
1,
&null_base_info
};
#endif /* defined(MBEDTLS_CIPHER_NULL_CIPHER) */
#if defined(MBEDTLS_NIST_KW_C)
static void *kw_ctx_alloc( void )
{
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_nist_kw_context ) );
if( ctx != NULL )
mbedtls_nist_kw_init( (mbedtls_nist_kw_context *) ctx );
return( ctx );
}
static void kw_ctx_free( void *ctx )
{
mbedtls_nist_kw_free( ctx );
mbedtls_free( ctx );
}
static int kw_aes_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
return mbedtls_nist_kw_setkey( (mbedtls_nist_kw_context *) ctx,
MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 1 );
}
static int kw_aes_setkey_unwrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
return mbedtls_nist_kw_setkey( (mbedtls_nist_kw_context *) ctx,
MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 0 );
}
static const mbedtls_cipher_base_t kw_aes_info = {
MBEDTLS_CIPHER_ID_AES,
NULL,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
kw_aes_setkey_wrap,
kw_aes_setkey_unwrap,
kw_ctx_alloc,
kw_ctx_free,
};
static const mbedtls_cipher_info_t aes_128_nist_kw_info = {
MBEDTLS_CIPHER_AES_128_KW,
MBEDTLS_MODE_KW,
128,
"AES-128-KW",
0,
0,
16,
&kw_aes_info
};
static const mbedtls_cipher_info_t aes_192_nist_kw_info = {
MBEDTLS_CIPHER_AES_192_KW,
MBEDTLS_MODE_KW,
192,
"AES-192-KW",
0,
0,
16,
&kw_aes_info
};
static const mbedtls_cipher_info_t aes_256_nist_kw_info = {
MBEDTLS_CIPHER_AES_256_KW,
MBEDTLS_MODE_KW,
256,
"AES-256-KW",
0,
0,
16,
&kw_aes_info
};
static const mbedtls_cipher_info_t aes_128_nist_kwp_info = {
MBEDTLS_CIPHER_AES_128_KWP,
MBEDTLS_MODE_KWP,
128,
"AES-128-KWP",
0,
0,
16,
&kw_aes_info
};
static const mbedtls_cipher_info_t aes_192_nist_kwp_info = {
MBEDTLS_CIPHER_AES_192_KWP,
MBEDTLS_MODE_KWP,
192,
"AES-192-KWP",
0,
0,
16,
&kw_aes_info
};
static const mbedtls_cipher_info_t aes_256_nist_kwp_info = {
MBEDTLS_CIPHER_AES_256_KWP,
MBEDTLS_MODE_KWP,
256,
"AES-256-KWP",
0,
0,
16,
&kw_aes_info
};
#endif /* MBEDTLS_NIST_KW_C */
const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
{
#if defined(MBEDTLS_AES_C)
{ MBEDTLS_CIPHER_AES_128_ECB, &aes_128_ecb_info },
{ MBEDTLS_CIPHER_AES_192_ECB, &aes_192_ecb_info },
{ MBEDTLS_CIPHER_AES_256_ECB, &aes_256_ecb_info },
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_CIPHER_AES_128_CBC, &aes_128_cbc_info },
{ MBEDTLS_CIPHER_AES_192_CBC, &aes_192_cbc_info },
{ MBEDTLS_CIPHER_AES_256_CBC, &aes_256_cbc_info },
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
{ MBEDTLS_CIPHER_AES_128_CFB128, &aes_128_cfb128_info },
{ MBEDTLS_CIPHER_AES_192_CFB128, &aes_192_cfb128_info },
{ MBEDTLS_CIPHER_AES_256_CFB128, &aes_256_cfb128_info },
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
{ MBEDTLS_CIPHER_AES_128_OFB, &aes_128_ofb_info },
{ MBEDTLS_CIPHER_AES_192_OFB, &aes_192_ofb_info },
{ MBEDTLS_CIPHER_AES_256_OFB, &aes_256_ofb_info },
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
{ MBEDTLS_CIPHER_AES_128_CTR, &aes_128_ctr_info },
{ MBEDTLS_CIPHER_AES_192_CTR, &aes_192_ctr_info },
{ MBEDTLS_CIPHER_AES_256_CTR, &aes_256_ctr_info },
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
{ MBEDTLS_CIPHER_AES_128_XTS, &aes_128_xts_info },
{ MBEDTLS_CIPHER_AES_256_XTS, &aes_256_xts_info },
#endif
#if defined(MBEDTLS_GCM_C)
{ MBEDTLS_CIPHER_AES_128_GCM, &aes_128_gcm_info },
{ MBEDTLS_CIPHER_AES_192_GCM, &aes_192_gcm_info },
{ MBEDTLS_CIPHER_AES_256_GCM, &aes_256_gcm_info },
#endif
#if defined(MBEDTLS_CCM_C)
{ MBEDTLS_CIPHER_AES_128_CCM, &aes_128_ccm_info },
{ MBEDTLS_CIPHER_AES_192_CCM, &aes_192_ccm_info },
{ MBEDTLS_CIPHER_AES_256_CCM, &aes_256_ccm_info },
#endif
#endif /* MBEDTLS_AES_C */
#if defined(MBEDTLS_ARC4_C)
{ MBEDTLS_CIPHER_ARC4_128, &arc4_128_info },
#endif
#if defined(MBEDTLS_BLOWFISH_C)
{ MBEDTLS_CIPHER_BLOWFISH_ECB, &blowfish_ecb_info },
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_CIPHER_BLOWFISH_CBC, &blowfish_cbc_info },
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
{ MBEDTLS_CIPHER_BLOWFISH_CFB64, &blowfish_cfb64_info },
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
{ MBEDTLS_CIPHER_BLOWFISH_CTR, &blowfish_ctr_info },
#endif
#endif /* MBEDTLS_BLOWFISH_C */
#if defined(MBEDTLS_CAMELLIA_C)
{ MBEDTLS_CIPHER_CAMELLIA_128_ECB, &camellia_128_ecb_info },
{ MBEDTLS_CIPHER_CAMELLIA_192_ECB, &camellia_192_ecb_info },
{ MBEDTLS_CIPHER_CAMELLIA_256_ECB, &camellia_256_ecb_info },
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_CIPHER_CAMELLIA_128_CBC, &camellia_128_cbc_info },
{ MBEDTLS_CIPHER_CAMELLIA_192_CBC, &camellia_192_cbc_info },
{ MBEDTLS_CIPHER_CAMELLIA_256_CBC, &camellia_256_cbc_info },
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
{ MBEDTLS_CIPHER_CAMELLIA_128_CFB128, &camellia_128_cfb128_info },
{ MBEDTLS_CIPHER_CAMELLIA_192_CFB128, &camellia_192_cfb128_info },
{ MBEDTLS_CIPHER_CAMELLIA_256_CFB128, &camellia_256_cfb128_info },
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
{ MBEDTLS_CIPHER_CAMELLIA_128_CTR, &camellia_128_ctr_info },
{ MBEDTLS_CIPHER_CAMELLIA_192_CTR, &camellia_192_ctr_info },
{ MBEDTLS_CIPHER_CAMELLIA_256_CTR, &camellia_256_ctr_info },
#endif
#if defined(MBEDTLS_GCM_C)
{ MBEDTLS_CIPHER_CAMELLIA_128_GCM, &camellia_128_gcm_info },
{ MBEDTLS_CIPHER_CAMELLIA_192_GCM, &camellia_192_gcm_info },
{ MBEDTLS_CIPHER_CAMELLIA_256_GCM, &camellia_256_gcm_info },
#endif
#if defined(MBEDTLS_CCM_C)
{ MBEDTLS_CIPHER_CAMELLIA_128_CCM, &camellia_128_ccm_info },
{ MBEDTLS_CIPHER_CAMELLIA_192_CCM, &camellia_192_ccm_info },
{ MBEDTLS_CIPHER_CAMELLIA_256_CCM, &camellia_256_ccm_info },
#endif
#endif /* MBEDTLS_CAMELLIA_C */
#if defined(MBEDTLS_ARIA_C)
{ MBEDTLS_CIPHER_ARIA_128_ECB, &aria_128_ecb_info },
{ MBEDTLS_CIPHER_ARIA_192_ECB, &aria_192_ecb_info },
{ MBEDTLS_CIPHER_ARIA_256_ECB, &aria_256_ecb_info },
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_CIPHER_ARIA_128_CBC, &aria_128_cbc_info },
{ MBEDTLS_CIPHER_ARIA_192_CBC, &aria_192_cbc_info },
{ MBEDTLS_CIPHER_ARIA_256_CBC, &aria_256_cbc_info },
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
{ MBEDTLS_CIPHER_ARIA_128_CFB128, &aria_128_cfb128_info },
{ MBEDTLS_CIPHER_ARIA_192_CFB128, &aria_192_cfb128_info },
{ MBEDTLS_CIPHER_ARIA_256_CFB128, &aria_256_cfb128_info },
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
{ MBEDTLS_CIPHER_ARIA_128_CTR, &aria_128_ctr_info },
{ MBEDTLS_CIPHER_ARIA_192_CTR, &aria_192_ctr_info },
{ MBEDTLS_CIPHER_ARIA_256_CTR, &aria_256_ctr_info },
#endif
#if defined(MBEDTLS_GCM_C)
{ MBEDTLS_CIPHER_ARIA_128_GCM, &aria_128_gcm_info },
{ MBEDTLS_CIPHER_ARIA_192_GCM, &aria_192_gcm_info },
{ MBEDTLS_CIPHER_ARIA_256_GCM, &aria_256_gcm_info },
#endif
#if defined(MBEDTLS_CCM_C)
{ MBEDTLS_CIPHER_ARIA_128_CCM, &aria_128_ccm_info },
{ MBEDTLS_CIPHER_ARIA_192_CCM, &aria_192_ccm_info },
{ MBEDTLS_CIPHER_ARIA_256_CCM, &aria_256_ccm_info },
#endif
#endif /* MBEDTLS_ARIA_C */
#if defined(MBEDTLS_DES_C)
{ MBEDTLS_CIPHER_DES_ECB, &des_ecb_info },
{ MBEDTLS_CIPHER_DES_EDE_ECB, &des_ede_ecb_info },
{ MBEDTLS_CIPHER_DES_EDE3_ECB, &des_ede3_ecb_info },
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_CIPHER_DES_CBC, &des_cbc_info },
{ MBEDTLS_CIPHER_DES_EDE_CBC, &des_ede_cbc_info },
{ MBEDTLS_CIPHER_DES_EDE3_CBC, &des_ede3_cbc_info },
#endif
#endif /* MBEDTLS_DES_C */
#if defined(MBEDTLS_CHACHA20_C)
{ MBEDTLS_CIPHER_CHACHA20, &chacha20_info },
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
{ MBEDTLS_CIPHER_CHACHA20_POLY1305, &chachapoly_info },
#endif
#if defined(MBEDTLS_NIST_KW_C)
{ MBEDTLS_CIPHER_AES_128_KW, &aes_128_nist_kw_info },
{ MBEDTLS_CIPHER_AES_192_KW, &aes_192_nist_kw_info },
{ MBEDTLS_CIPHER_AES_256_KW, &aes_256_nist_kw_info },
{ MBEDTLS_CIPHER_AES_128_KWP, &aes_128_nist_kwp_info },
{ MBEDTLS_CIPHER_AES_192_KWP, &aes_192_nist_kwp_info },
{ MBEDTLS_CIPHER_AES_256_KWP, &aes_256_nist_kwp_info },
#endif
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
{ MBEDTLS_CIPHER_NULL, &null_cipher_info },
#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
{ MBEDTLS_CIPHER_NONE, NULL }
};
#define NUM_CIPHERS ( sizeof(mbedtls_cipher_definitions) / \
sizeof(mbedtls_cipher_definitions[0]) )
int mbedtls_cipher_supported[NUM_CIPHERS];
#endif /* MBEDTLS_CIPHER_C */
#pragma once
#undef MBEDTLS_SELF_TEST
#define MBEDTLS_GCM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_AES_C
...@@ -29,23 +29,15 @@ ...@@ -29,23 +29,15 @@
* [MGV] 4.1, pp. 12-13, to enhance speed without using too much memory. * [MGV] 4.1, pp. 12-13, to enhance speed without using too much memory.
*/ */
#include "config.h"
#include "platform_util.h" #include "platform_util.h"
#if defined(MBEDTLS_GCM_C)
#include "gcm.h" #include "gcm.h"
#include "aes.h"
#include "api.h" #include "api.h"
#include "crypto_aead.h" #include "crypto_aead.h"
#include <string.h> #include <string.h>
#if defined(MBEDTLS_AESNI_C)
#include "mbedtls/aesni.h"
#endif
#if !defined(MBEDTLS_GCM_ALT)
/* Parameter validation macros */ /* Parameter validation macros */
#define GCM_VALIDATE_RET( cond ) \ #define GCM_VALIDATE_RET( cond ) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_GCM_BAD_INPUT ) MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_GCM_BAD_INPUT )
...@@ -86,6 +78,9 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx ) ...@@ -86,6 +78,9 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
memset( ctx, 0, sizeof( mbedtls_gcm_context ) ); memset( ctx, 0, sizeof( mbedtls_gcm_context ) );
} }
#define mbedtls_cipher_update(ctx, input, output) \
mbedtls_aes_crypt_ecb((ctx)->cipher_ctx, MBEDTLS_ENCRYPT, input, output)
/* /*
* Encrypt function for NIST API * Encrypt function for NIST API
*/ */
...@@ -100,6 +95,7 @@ int crypto_aead_encrypt( ...@@ -100,6 +95,7 @@ int crypto_aead_encrypt(
{ {
(void) nsec; (void) nsec;
mbedtls_gcm_context ctx; mbedtls_gcm_context ctx;
mbedtls_aes_context aes;
int ret; int ret;
unsigned long long mask = 15; unsigned long long mask = 15;
unsigned long long mlenp = (mlen + mask) & (~mask); unsigned long long mlenp = (mlen + mask) & (~mask);
...@@ -107,9 +103,11 @@ int crypto_aead_encrypt( ...@@ -107,9 +103,11 @@ int crypto_aead_encrypt(
*clen = mlenp + CRYPTO_ABYTES; *clen = mlenp + CRYPTO_ABYTES;
mbedtls_gcm_init( &ctx ); mbedtls_gcm_init( &ctx );
ret = mbedtls_gcm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, k, 128); ctx.cipher_ctx.cipher_ctx = &aes;
ret = mbedtls_gcm_setkey( &ctx, k, 128);
ret = mbedtls_gcm_crypt_and_tag( &ctx, 1, mlen, npub, 12, ad, adlen, m, c, 16, tag_buf ); ret = mbedtls_gcm_crypt_and_tag( &ctx, 1, mlen, npub, 12, ad, adlen, m, c, 16, tag_buf );
mbedtls_gcm_free( &ctx ); mbedtls_gcm_free( &ctx );
mbedtls_platform_zeroize( &aes, sizeof( aes ) );
memcpy(c + mlenp, tag_buf, CRYPTO_ABYTES); memcpy(c + mlenp, tag_buf, CRYPTO_ABYTES);
return ret; return ret;
} }
...@@ -125,6 +123,7 @@ int crypto_aead_decrypt( ...@@ -125,6 +123,7 @@ int crypto_aead_decrypt(
{ {
(void) nsec; (void) nsec;
mbedtls_gcm_context ctx; mbedtls_gcm_context ctx;
mbedtls_aes_context aes;
int ret; int ret;
unsigned char tag_buf[CRYPTO_ABYTES]; unsigned char tag_buf[CRYPTO_ABYTES];
...@@ -133,9 +132,11 @@ int crypto_aead_decrypt( ...@@ -133,9 +132,11 @@ int crypto_aead_decrypt(
*mlen = clen; *mlen = clen;
mbedtls_gcm_init( &ctx ); mbedtls_gcm_init( &ctx );
ret = mbedtls_gcm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, k, 128); ctx.cipher_ctx.cipher_ctx = &aes;
ret = mbedtls_gcm_setkey( &ctx, k, 128);
ret = mbedtls_gcm_auth_decrypt( &ctx, clen, npub, 12, ad, adlen, tag_buf, 16, c, m); ret = mbedtls_gcm_auth_decrypt( &ctx, clen, npub, 12, ad, adlen, tag_buf, 16, c, m);
mbedtls_gcm_free( &ctx ); mbedtls_gcm_free( &ctx );
mbedtls_platform_zeroize( &aes, sizeof( aes ) );
return ret; return ret;
...@@ -155,10 +156,9 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx ) ...@@ -155,10 +156,9 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
uint64_t hi, lo; uint64_t hi, lo;
uint64_t vl, vh; uint64_t vl, vh;
unsigned char h[16]; unsigned char h[16];
size_t olen = 0;
memset( h, 0, 16 ); memset( h, 0, 16 );
if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, h, 16, h, &olen ) ) != 0 ) if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, h, h ) ) != 0 )
return( ret ); return( ret );
/* pack h as two 64-bits ints, big-endian */ /* pack h as two 64-bits ints, big-endian */
...@@ -174,12 +174,6 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx ) ...@@ -174,12 +174,6 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
ctx->HL[8] = vl; ctx->HL[8] = vl;
ctx->HH[8] = vh; ctx->HH[8] = vh;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
/* With CLMUL support, we need only h, not the rest of the table */
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) )
return( 0 );
#endif
/* 0 corresponds to 0 in GF(2^128) */ /* 0 corresponds to 0 in GF(2^128) */
ctx->HH[0] = 0; ctx->HH[0] = 0;
ctx->HL[0] = 0; ctx->HL[0] = 0;
...@@ -210,32 +204,18 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx ) ...@@ -210,32 +204,18 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
} }
int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
mbedtls_cipher_id_t cipher,
const unsigned char *key, const unsigned char *key,
unsigned int keybits ) unsigned int keybits )
{ {
int ret; int ret;
const mbedtls_cipher_info_t *cipher_info;
GCM_VALIDATE_RET( ctx != NULL ); GCM_VALIDATE_RET( ctx != NULL );
GCM_VALIDATE_RET( key != NULL ); GCM_VALIDATE_RET( key != NULL );
GCM_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 ); GCM_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 );
cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, ctx->cipher_ctx.key_bitlen = keybits;
MBEDTLS_MODE_ECB );
if( cipher_info == NULL )
return( MBEDTLS_ERR_GCM_BAD_INPUT );
if( cipher_info->block_size != 16 )
return( MBEDTLS_ERR_GCM_BAD_INPUT );
mbedtls_cipher_free( &ctx->cipher_ctx ); if( ( ret = mbedtls_aes_setkey_enc( ctx->cipher_ctx.cipher_ctx, key, keybits ) ) != 0)
if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
return( ret );
if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
MBEDTLS_ENCRYPT ) ) != 0 )
{ {
return( ret ); return( ret );
} }
...@@ -270,20 +250,6 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16], ...@@ -270,20 +250,6 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
unsigned char lo, hi, rem; unsigned char lo, hi, rem;
uint64_t zh, zl; uint64_t zh, zl;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) ) {
unsigned char h[16];
PUT_UINT32_BE( ctx->HH[8] >> 32, h, 0 );
PUT_UINT32_BE( ctx->HH[8], h, 4 );
PUT_UINT32_BE( ctx->HL[8] >> 32, h, 8 );
PUT_UINT32_BE( ctx->HL[8], h, 12 );
mbedtls_aesni_gcm_mult( output, x, h );
return;
}
#endif /* MBEDTLS_AESNI_C && MBEDTLS_HAVE_X86_64 */
lo = x[15] & 0xf; lo = x[15] & 0xf;
zh = ctx->HH[lo]; zh = ctx->HH[lo];
...@@ -330,7 +296,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, ...@@ -330,7 +296,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
unsigned char work_buf[16]; unsigned char work_buf[16];
size_t i; size_t i;
const unsigned char *p; const unsigned char *p;
size_t use_len, olen = 0; size_t use_len;
GCM_VALIDATE_RET( ctx != NULL ); GCM_VALIDATE_RET( ctx != NULL );
GCM_VALIDATE_RET( iv != NULL ); GCM_VALIDATE_RET( iv != NULL );
...@@ -382,8 +348,8 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, ...@@ -382,8 +348,8 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
gcm_mult( ctx, ctx->y, ctx->y ); gcm_mult( ctx, ctx->y, ctx->y );
} }
if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y,
ctx->base_ectr, &olen ) ) != 0 ) ctx->base_ectr ) ) != 0 )
{ {
return( ret ); return( ret );
} }
...@@ -416,7 +382,7 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, ...@@ -416,7 +382,7 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
size_t i; size_t i;
const unsigned char *p; const unsigned char *p;
unsigned char *out_p = output; unsigned char *out_p = output;
size_t use_len, olen = 0; size_t use_len;
GCM_VALIDATE_RET( ctx != NULL ); GCM_VALIDATE_RET( ctx != NULL );
GCM_VALIDATE_RET( length == 0 || input != NULL ); GCM_VALIDATE_RET( length == 0 || input != NULL );
...@@ -444,8 +410,8 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, ...@@ -444,8 +410,8 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
if( ++ctx->y[i - 1] != 0 ) if( ++ctx->y[i - 1] != 0 )
break; break;
if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ectr, if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, ectr
&olen ) ) != 0 ) ) ) != 0 )
{ {
return( ret ); return( ret );
} }
...@@ -590,10 +556,6 @@ void mbedtls_gcm_free( mbedtls_gcm_context *ctx ) ...@@ -590,10 +556,6 @@ void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
{ {
if( ctx == NULL ) if( ctx == NULL )
return; return;
mbedtls_cipher_free( &ctx->cipher_ctx );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
} }
#endif /* !MBEDTLS_GCM_ALT */
#endif /* MBEDTLS_GCM_C */
...@@ -33,8 +33,6 @@ ...@@ -33,8 +33,6 @@
#ifndef MBEDTLS_GCM_H #ifndef MBEDTLS_GCM_H
#define MBEDTLS_GCM_H #define MBEDTLS_GCM_H
#include "config.h"
#include "cipher.h" #include "cipher.h"
#include <stdint.h> #include <stdint.h>
...@@ -43,18 +41,12 @@ ...@@ -43,18 +41,12 @@
#define MBEDTLS_GCM_DECRYPT 0 #define MBEDTLS_GCM_DECRYPT 0
#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 /**< Authenticated decryption failed. */ #define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 /**< Authenticated decryption failed. */
/* MBEDTLS_ERR_GCM_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED -0x0013 /**< GCM hardware accelerator failed. */
#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#if !defined(MBEDTLS_GCM_ALT)
/** /**
* \brief The GCM context structure. * \brief The GCM context structure.
*/ */
...@@ -74,10 +66,6 @@ typedef struct mbedtls_gcm_context ...@@ -74,10 +66,6 @@ typedef struct mbedtls_gcm_context
} }
mbedtls_gcm_context; mbedtls_gcm_context;
#else /* !MBEDTLS_GCM_ALT */
#include "gcm_alt.h"
#endif /* !MBEDTLS_GCM_ALT */
/** /**
* \brief This function initializes the specified GCM context, * \brief This function initializes the specified GCM context,
* to make references valid, and prepares the context * to make references valid, and prepares the context
...@@ -96,7 +84,6 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx ); ...@@ -96,7 +84,6 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
* cipher algorithm and a key. * cipher algorithm and a key.
* *
* \param ctx The GCM context. This must be initialized. * \param ctx The GCM context. This must be initialized.
* \param cipher The 128-bit block cipher to use.
* \param key The encryption key. This must be a readable buffer of at * \param key The encryption key. This must be a readable buffer of at
* least \p keybits bits. * least \p keybits bits.
* \param keybits The key size in bits. Valid options are: * \param keybits The key size in bits. Valid options are:
...@@ -108,7 +95,6 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx ); ...@@ -108,7 +95,6 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
* \return A cipher-specific error code on failure. * \return A cipher-specific error code on failure.
*/ */
int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
mbedtls_cipher_id_t cipher,
const unsigned char *key, const unsigned char *key,
unsigned int keybits ); unsigned int keybits );
...@@ -302,18 +288,6 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, ...@@ -302,18 +288,6 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
*/ */
void mbedtls_gcm_free( mbedtls_gcm_context *ctx ); void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
#if defined(MBEDTLS_SELF_TEST)
/**
* \brief The GCM checkup routine.
*
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int mbedtls_gcm_self_test( int verbose );
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
......
...@@ -20,22 +20,11 @@ ...@@ -20,22 +20,11 @@
* This file is part of Mbed TLS (https://tls.mbed.org) * This file is part of Mbed TLS (https://tls.mbed.org)
*/ */
/*
* Ensure gmtime_r is available even with -std=c99; must be defined before
* config.h, which pulls in glibc's features.h. Harmless on other platforms.
*/
#if !defined(_POSIX_C_SOURCE)
#define _POSIX_C_SOURCE 200112L
#endif
#include "config.h"
#include "platform_util.h" #include "platform_util.h"
#include <stddef.h> #include <stddef.h>
#include <string.h> #include <string.h>
#if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
/* /*
* This implementation should never be optimized out by the compiler * This implementation should never be optimized out by the compiler
* *
...@@ -68,5 +57,4 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) ...@@ -68,5 +57,4 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
{ {
memset_func( buf, 0, len ); memset_func( buf, 0, len );
} }
#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
...@@ -25,8 +25,6 @@ ...@@ -25,8 +25,6 @@
#ifndef MBEDTLS_PLATFORM_UTIL_H #ifndef MBEDTLS_PLATFORM_UTIL_H
#define MBEDTLS_PLATFORM_UTIL_H #define MBEDTLS_PLATFORM_UTIL_H
#include "config.h"
#include <stddef.h> #include <stddef.h>
#ifdef __cplusplus #ifdef __cplusplus
...@@ -34,9 +32,6 @@ extern "C" { ...@@ -34,9 +32,6 @@ extern "C" {
#endif #endif
#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
#define MBEDTLS_PARAM_FAILED_ALT
/* Internal macros meant to be called only from within the library. */ /* Internal macros meant to be called only from within the library. */
#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) #define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 )
#define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 ) #define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 )
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment