Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
lwc
/
compare
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Pipelines
Members
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
be1cf907
authored
Jul 26, 2019
by
Enrico Pozzobon
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Stripped down AES GCM
parent
fcb7d9c8
Hide whitespace changes
Inline
Side-by-side
Showing
12 changed files
with
25 additions
and
6135 deletions
+25
-6135
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/Makefile
+2
-1
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/aes.c
+2
-618
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/aes.h
+0
-469
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/cipher.c
+0
-1536
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/cipher.h
+0
-848
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/cipher_internal.h
+0
-149
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/cipher_wrap.c
+0
-2407
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/config.h
+0
-5
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/gcm.c
+21
-59
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/gcm.h
+0
-26
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/platform_util.c
+0
-12
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/platform_util.h
+0
-5
No files found.
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/Makefile
View file @
be1cf907
...
@@ -6,7 +6,7 @@ LFLAGS=-lm
...
@@ -6,7 +6,7 @@ LFLAGS=-lm
all
:
gcm
all
:
gcm
gcm
:
gcm.c genkat_aead.c aes.c
cipher.c cipher_wrap.c
platform_util.c
gcm
:
gcm.c genkat_aead.c aes.c platform_util.c
$(CC)
$(NISTGCCFLAGS)
-o
$@
$^
$(LFLAGS)
$(CC)
$(NISTGCCFLAGS)
-o
$@
$^
$(LFLAGS)
.PHONY
:
clean
.PHONY
:
clean
...
@@ -14,4 +14,5 @@ gcm: gcm.c genkat_aead.c aes.c cipher.c cipher_wrap.c platform_util.c
...
@@ -14,4 +14,5 @@ gcm: gcm.c genkat_aead.c aes.c cipher.c cipher_wrap.c platform_util.c
clean
:
clean
:
rm
-rf
*
.o
rm
-rf
*
.o
rm
-rf
gcm
rm
-rf
gcm
rm
-rf
LWC_
*
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/aes.c
View file @
be1cf907
...
@@ -25,22 +25,14 @@
...
@@ -25,22 +25,14 @@
* http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
* http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
*/
*/
#include "config.h"
#include "platform_util.h"
#include "platform_util.h"
#if defined(MBEDTLS_AES_C)
#include <string.h>
#include <string.h>
#include "aes.h"
#include "aes.h"
#if defined(MBEDTLS_PADLOCK_C)
#include "mbedtls/padlock.h"
#endif
#if defined(MBEDTLS_AESNI_C)
#include "mbedtls/aesni.h"
#endif
#if !defined(MBEDTLS_AES_ALT)
#define MBEDTLS_AES_ROM_TABLES
#define MBEDTLS_AES_FEWER_TABLES
/* Parameter validation macros based on platform_util.h */
/* Parameter validation macros based on platform_util.h */
#define AES_VALIDATE_RET( cond ) \
#define AES_VALIDATE_RET( cond ) \
...
@@ -71,11 +63,6 @@
...
@@ -71,11 +63,6 @@
}
}
#endif
#endif
#if defined(MBEDTLS_PADLOCK_C) && \
( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) )
static
int
aes_padlock_ace
=
-
1
;
#endif
#if defined(MBEDTLS_AES_ROM_TABLES)
#if defined(MBEDTLS_AES_ROM_TABLES)
/*
/*
* Forward S-box
* Forward S-box
...
@@ -516,29 +503,9 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx )
...
@@ -516,29 +503,9 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx )
mbedtls_platform_zeroize
(
ctx
,
sizeof
(
mbedtls_aes_context
)
);
mbedtls_platform_zeroize
(
ctx
,
sizeof
(
mbedtls_aes_context
)
);
}
}
#if defined(MBEDTLS_CIPHER_MODE_XTS)
void
mbedtls_aes_xts_init
(
mbedtls_aes_xts_context
*
ctx
)
{
AES_VALIDATE
(
ctx
!=
NULL
);
mbedtls_aes_init
(
&
ctx
->
crypt
);
mbedtls_aes_init
(
&
ctx
->
tweak
);
}
void
mbedtls_aes_xts_free
(
mbedtls_aes_xts_context
*
ctx
)
{
if
(
ctx
==
NULL
)
return
;
mbedtls_aes_free
(
&
ctx
->
crypt
);
mbedtls_aes_free
(
&
ctx
->
tweak
);
}
#endif
/* MBEDTLS_CIPHER_MODE_XTS */
/*
/*
* AES key schedule (encryption)
* AES key schedule (encryption)
*/
*/
#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
int
mbedtls_aes_setkey_enc
(
mbedtls_aes_context
*
ctx
,
const
unsigned
char
*
key
,
int
mbedtls_aes_setkey_enc
(
mbedtls_aes_context
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
keybits
)
unsigned
int
keybits
)
{
{
...
@@ -564,21 +531,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
...
@@ -564,21 +531,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
}
}
#endif
#endif
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
if
(
aes_padlock_ace
==
-
1
)
aes_padlock_ace
=
mbedtls_padlock_has_support
(
MBEDTLS_PADLOCK_ACE
);
if
(
aes_padlock_ace
)
ctx
->
rk
=
RK
=
MBEDTLS_PADLOCK_ALIGN16
(
ctx
->
buf
);
else
#endif
ctx
->
rk
=
RK
=
ctx
->
buf
;
ctx
->
rk
=
RK
=
ctx
->
buf
;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
if
(
mbedtls_aesni_has_support
(
MBEDTLS_AESNI_AES
)
)
return
(
mbedtls_aesni_setkey_enc
(
(
unsigned
char
*
)
ctx
->
rk
,
key
,
keybits
)
);
#endif
for
(
i
=
0
;
i
<
(
keybits
>>
5
);
i
++
)
for
(
i
=
0
;
i
<
(
keybits
>>
5
);
i
++
)
{
{
GET_UINT32_LE
(
RK
[
i
],
key
,
i
<<
2
);
GET_UINT32_LE
(
RK
[
i
],
key
,
i
<<
2
);
...
@@ -649,12 +603,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
...
@@ -649,12 +603,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
return
(
0
);
return
(
0
);
}
}
#endif
/* !MBEDTLS_AES_SETKEY_ENC_ALT */
/*
/*
* AES key schedule (decryption)
* AES key schedule (decryption)
*/
*/
#if !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
int
mbedtls_aes_setkey_dec
(
mbedtls_aes_context
*
ctx
,
const
unsigned
char
*
key
,
int
mbedtls_aes_setkey_dec
(
mbedtls_aes_context
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
keybits
)
unsigned
int
keybits
)
{
{
...
@@ -668,14 +620,6 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
...
@@ -668,14 +620,6 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
mbedtls_aes_init
(
&
cty
);
mbedtls_aes_init
(
&
cty
);
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
if
(
aes_padlock_ace
==
-
1
)
aes_padlock_ace
=
mbedtls_padlock_has_support
(
MBEDTLS_PADLOCK_ACE
);
if
(
aes_padlock_ace
)
ctx
->
rk
=
RK
=
MBEDTLS_PADLOCK_ALIGN16
(
ctx
->
buf
);
else
#endif
ctx
->
rk
=
RK
=
ctx
->
buf
;
ctx
->
rk
=
RK
=
ctx
->
buf
;
/* Also checks keybits */
/* Also checks keybits */
...
@@ -684,15 +628,6 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
...
@@ -684,15 +628,6 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
ctx
->
nr
=
cty
.
nr
;
ctx
->
nr
=
cty
.
nr
;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
if
(
mbedtls_aesni_has_support
(
MBEDTLS_AESNI_AES
)
)
{
mbedtls_aesni_inverse_key
(
(
unsigned
char
*
)
ctx
->
rk
,
(
const
unsigned
char
*
)
cty
.
rk
,
ctx
->
nr
);
goto
exit
;
}
#endif
SK
=
cty
.
rk
+
cty
.
nr
*
4
;
SK
=
cty
.
rk
+
cty
.
nr
*
4
;
*
RK
++
=
*
SK
++
;
*
RK
++
=
*
SK
++
;
...
@@ -722,84 +657,6 @@ exit:
...
@@ -722,84 +657,6 @@ exit:
return
(
ret
);
return
(
ret
);
}
}
#if defined(MBEDTLS_CIPHER_MODE_XTS)
static
int
mbedtls_aes_xts_decode_keys
(
const
unsigned
char
*
key
,
unsigned
int
keybits
,
const
unsigned
char
**
key1
,
unsigned
int
*
key1bits
,
const
unsigned
char
**
key2
,
unsigned
int
*
key2bits
)
{
const
unsigned
int
half_keybits
=
keybits
/
2
;
const
unsigned
int
half_keybytes
=
half_keybits
/
8
;
switch
(
keybits
)
{
case
256
:
break
;
case
512
:
break
;
default
:
return
(
MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
);
}
*
key1bits
=
half_keybits
;
*
key2bits
=
half_keybits
;
*
key1
=
&
key
[
0
];
*
key2
=
&
key
[
half_keybytes
];
return
0
;
}
int
mbedtls_aes_xts_setkey_enc
(
mbedtls_aes_xts_context
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
keybits
)
{
int
ret
;
const
unsigned
char
*
key1
,
*
key2
;
unsigned
int
key1bits
,
key2bits
;
AES_VALIDATE_RET
(
ctx
!=
NULL
);
AES_VALIDATE_RET
(
key
!=
NULL
);
ret
=
mbedtls_aes_xts_decode_keys
(
key
,
keybits
,
&
key1
,
&
key1bits
,
&
key2
,
&
key2bits
);
if
(
ret
!=
0
)
return
(
ret
);
/* Set the tweak key. Always set tweak key for the encryption mode. */
ret
=
mbedtls_aes_setkey_enc
(
&
ctx
->
tweak
,
key2
,
key2bits
);
if
(
ret
!=
0
)
return
(
ret
);
/* Set crypt key for encryption. */
return
mbedtls_aes_setkey_enc
(
&
ctx
->
crypt
,
key1
,
key1bits
);
}
int
mbedtls_aes_xts_setkey_dec
(
mbedtls_aes_xts_context
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
keybits
)
{
int
ret
;
const
unsigned
char
*
key1
,
*
key2
;
unsigned
int
key1bits
,
key2bits
;
AES_VALIDATE_RET
(
ctx
!=
NULL
);
AES_VALIDATE_RET
(
key
!=
NULL
);
ret
=
mbedtls_aes_xts_decode_keys
(
key
,
keybits
,
&
key1
,
&
key1bits
,
&
key2
,
&
key2bits
);
if
(
ret
!=
0
)
return
(
ret
);
/* Set the tweak key. Always set tweak key for encryption. */
ret
=
mbedtls_aes_setkey_enc
(
&
ctx
->
tweak
,
key2
,
key2bits
);
if
(
ret
!=
0
)
return
(
ret
);
/* Set crypt key for decryption. */
return
mbedtls_aes_setkey_dec
(
&
ctx
->
crypt
,
key1
,
key1bits
);
}
#endif
/* MBEDTLS_CIPHER_MODE_XTS */
#endif
/* !MBEDTLS_AES_SETKEY_DEC_ALT */
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
do \
do \
...
@@ -852,7 +709,6 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
...
@@ -852,7 +709,6 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
/*
/*
* AES-ECB block encryption
* AES-ECB block encryption
*/
*/
#if !defined(MBEDTLS_AES_ENCRYPT_ALT)
int
mbedtls_internal_aes_encrypt
(
mbedtls_aes_context
*
ctx
,
int
mbedtls_internal_aes_encrypt
(
mbedtls_aes_context
*
ctx
,
const
unsigned
char
input
[
16
],
const
unsigned
char
input
[
16
],
unsigned
char
output
[
16
]
)
unsigned
char
output
[
16
]
)
...
@@ -906,21 +762,10 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
...
@@ -906,21 +762,10 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
return
(
0
);
return
(
0
);
}
}
#endif
/* !MBEDTLS_AES_ENCRYPT_ALT */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void
mbedtls_aes_encrypt
(
mbedtls_aes_context
*
ctx
,
const
unsigned
char
input
[
16
],
unsigned
char
output
[
16
]
)
{
mbedtls_internal_aes_encrypt
(
ctx
,
input
,
output
);
}
#endif
/* !MBEDTLS_DEPRECATED_REMOVED */
/*
/*
* AES-ECB block decryption
* AES-ECB block decryption
*/
*/
#if !defined(MBEDTLS_AES_DECRYPT_ALT)
int
mbedtls_internal_aes_decrypt
(
mbedtls_aes_context
*
ctx
,
int
mbedtls_internal_aes_decrypt
(
mbedtls_aes_context
*
ctx
,
const
unsigned
char
input
[
16
],
const
unsigned
char
input
[
16
],
unsigned
char
output
[
16
]
)
unsigned
char
output
[
16
]
)
...
@@ -974,16 +819,6 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
...
@@ -974,16 +819,6 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
return
(
0
);
return
(
0
);
}
}
#endif
/* !MBEDTLS_AES_DECRYPT_ALT */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void
mbedtls_aes_decrypt
(
mbedtls_aes_context
*
ctx
,
const
unsigned
char
input
[
16
],
unsigned
char
output
[
16
]
)
{
mbedtls_internal_aes_decrypt
(
ctx
,
input
,
output
);
}
#endif
/* !MBEDTLS_DEPRECATED_REMOVED */
/*
/*
* AES-ECB block encryption/decryption
* AES-ECB block encryption/decryption
...
@@ -999,460 +834,9 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
...
@@ -999,460 +834,9 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
AES_VALIDATE_RET
(
mode
==
MBEDTLS_AES_ENCRYPT
||
AES_VALIDATE_RET
(
mode
==
MBEDTLS_AES_ENCRYPT
||
mode
==
MBEDTLS_AES_DECRYPT
);
mode
==
MBEDTLS_AES_DECRYPT
);
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
if
(
mbedtls_aesni_has_support
(
MBEDTLS_AESNI_AES
)
)
return
(
mbedtls_aesni_crypt_ecb
(
ctx
,
mode
,
input
,
output
)
);
#endif
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
if
(
aes_padlock_ace
)
{
if
(
mbedtls_padlock_xcryptecb
(
ctx
,
mode
,
input
,
output
)
==
0
)
return
(
0
);
// If padlock data misaligned, we just fall back to
// unaccelerated mode
//
}
#endif
if
(
mode
==
MBEDTLS_AES_ENCRYPT
)
if
(
mode
==
MBEDTLS_AES_ENCRYPT
)
return
(
mbedtls_internal_aes_encrypt
(
ctx
,
input
,
output
)
);
return
(
mbedtls_internal_aes_encrypt
(
ctx
,
input
,
output
)
);
else
else
return
(
mbedtls_internal_aes_decrypt
(
ctx
,
input
,
output
)
);
return
(
mbedtls_internal_aes_decrypt
(
ctx
,
input
,
output
)
);
}
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/*
* AES-CBC buffer encryption/decryption
*/
int
mbedtls_aes_crypt_cbc
(
mbedtls_aes_context
*
ctx
,
int
mode
,
size_t
length
,
unsigned
char
iv
[
16
],
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
int
i
;
unsigned
char
temp
[
16
];
AES_VALIDATE_RET
(
ctx
!=
NULL
);
AES_VALIDATE_RET
(
mode
==
MBEDTLS_AES_ENCRYPT
||
mode
==
MBEDTLS_AES_DECRYPT
);
AES_VALIDATE_RET
(
iv
!=
NULL
);
AES_VALIDATE_RET
(
input
!=
NULL
);
AES_VALIDATE_RET
(
output
!=
NULL
);
if
(
length
%
16
)
return
(
MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
);
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
if
(
aes_padlock_ace
)
{
if
(
mbedtls_padlock_xcryptcbc
(
ctx
,
mode
,
length
,
iv
,
input
,
output
)
==
0
)
return
(
0
);
// If padlock data misaligned, we just fall back to
// unaccelerated mode
//
}
#endif
if
(
mode
==
MBEDTLS_AES_DECRYPT
)
{
while
(
length
>
0
)
{
memcpy
(
temp
,
input
,
16
);
mbedtls_aes_crypt_ecb
(
ctx
,
mode
,
input
,
output
);
for
(
i
=
0
;
i
<
16
;
i
++
)
output
[
i
]
=
(
unsigned
char
)(
output
[
i
]
^
iv
[
i
]
);
memcpy
(
iv
,
temp
,
16
);
input
+=
16
;
output
+=
16
;
length
-=
16
;
}
}
else
{
while
(
length
>
0
)
{
for
(
i
=
0
;
i
<
16
;
i
++
)
output
[
i
]
=
(
unsigned
char
)(
input
[
i
]
^
iv
[
i
]
);
mbedtls_aes_crypt_ecb
(
ctx
,
mode
,
output
,
output
);
memcpy
(
iv
,
output
,
16
);
input
+=
16
;
output
+=
16
;
length
-=
16
;
}
}
return
(
0
);
}
#endif
/* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/* Endianess with 64 bits values */
#ifndef GET_UINT64_LE
#define GET_UINT64_LE(n,b,i) \
{ \
(n) = ( (uint64_t) (b)[(i) + 7] << 56 ) \
| ( (uint64_t) (b)[(i) + 6] << 48 ) \
| ( (uint64_t) (b)[(i) + 5] << 40 ) \
| ( (uint64_t) (b)[(i) + 4] << 32 ) \
| ( (uint64_t) (b)[(i) + 3] << 24 ) \
| ( (uint64_t) (b)[(i) + 2] << 16 ) \
| ( (uint64_t) (b)[(i) + 1] << 8 ) \
| ( (uint64_t) (b)[(i) ] ); \
}
#endif
#ifndef PUT_UINT64_LE
#define PUT_UINT64_LE(n,b,i) \
{ \
(b)[(i) + 7] = (unsigned char) ( (n) >> 56 ); \
(b)[(i) + 6] = (unsigned char) ( (n) >> 48 ); \
(b)[(i) + 5] = (unsigned char) ( (n) >> 40 ); \
(b)[(i) + 4] = (unsigned char) ( (n) >> 32 ); \
(b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
(b)[(i) ] = (unsigned char) ( (n) ); \
}
#endif
typedef
unsigned
char
mbedtls_be128
[
16
];
/*
* GF(2^128) multiplication function
*
* This function multiplies a field element by x in the polynomial field
* representation. It uses 64-bit word operations to gain speed but compensates
* for machine endianess and hence works correctly on both big and little
* endian machines.
*/
static
void
mbedtls_gf128mul_x_ble
(
unsigned
char
r
[
16
],
const
unsigned
char
x
[
16
]
)
{
uint64_t
a
,
b
,
ra
,
rb
;
GET_UINT64_LE
(
a
,
x
,
0
);
GET_UINT64_LE
(
b
,
x
,
8
);
ra
=
(
a
<<
1
)
^
0x0087
>>
(
8
-
(
(
b
>>
63
)
<<
3
)
);
rb
=
(
a
>>
63
)
|
(
b
<<
1
);
PUT_UINT64_LE
(
ra
,
r
,
0
);
PUT_UINT64_LE
(
rb
,
r
,
8
);
}
/*
* AES-XTS buffer encryption/decryption
*/
int
mbedtls_aes_crypt_xts
(
mbedtls_aes_xts_context
*
ctx
,
int
mode
,
size_t
length
,
const
unsigned
char
data_unit
[
16
],
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
int
ret
;
size_t
blocks
=
length
/
16
;
size_t
leftover
=
length
%
16
;
unsigned
char
tweak
[
16
];
unsigned
char
prev_tweak
[
16
];
unsigned
char
tmp
[
16
];
AES_VALIDATE_RET
(
ctx
!=
NULL
);
AES_VALIDATE_RET
(
mode
==
MBEDTLS_AES_ENCRYPT
||
mode
==
MBEDTLS_AES_DECRYPT
);
AES_VALIDATE_RET
(
data_unit
!=
NULL
);
AES_VALIDATE_RET
(
input
!=
NULL
);
AES_VALIDATE_RET
(
output
!=
NULL
);
/* Data units must be at least 16 bytes long. */
if
(
length
<
16
)
return
MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
;
/* NIST SP 800-38E disallows data units larger than 2**20 blocks. */
if
(
length
>
(
1
<<
20
)
*
16
)
return
MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
;
/* Compute the tweak. */
ret
=
mbedtls_aes_crypt_ecb
(
&
ctx
->
tweak
,
MBEDTLS_AES_ENCRYPT
,
data_unit
,
tweak
);
if
(
ret
!=
0
)
return
(
ret
);
while
(
blocks
--
)
{
size_t
i
;
if
(
leftover
&&
(
mode
==
MBEDTLS_AES_DECRYPT
)
&&
blocks
==
0
)
{
/* We are on the last block in a decrypt operation that has
* leftover bytes, so we need to use the next tweak for this block,
* and this tweak for the lefover bytes. Save the current tweak for
* the leftovers and then update the current tweak for use on this,
* the last full block. */
memcpy
(
prev_tweak
,
tweak
,
sizeof
(
tweak
)
);
mbedtls_gf128mul_x_ble
(
tweak
,
tweak
);
}
for
(
i
=
0
;
i
<
16
;
i
++
)
tmp
[
i
]
=
input
[
i
]
^
tweak
[
i
];
ret
=
mbedtls_aes_crypt_ecb
(
&
ctx
->
crypt
,
mode
,
tmp
,
tmp
);
if
(
ret
!=
0
)
return
(
ret
);
for
(
i
=
0
;
i
<
16
;
i
++
)
output
[
i
]
=
tmp
[
i
]
^
tweak
[
i
];
/* Update the tweak for the next block. */
mbedtls_gf128mul_x_ble
(
tweak
,
tweak
);
output
+=
16
;
input
+=
16
;
}
if
(
leftover
)
{
/* If we are on the leftover bytes in a decrypt operation, we need to
* use the previous tweak for these bytes (as saved in prev_tweak). */
unsigned
char
*
t
=
mode
==
MBEDTLS_AES_DECRYPT
?
prev_tweak
:
tweak
;
/* We are now on the final part of the data unit, which doesn't divide
* evenly by 16. It's time for ciphertext stealing. */
size_t
i
;
unsigned
char
*
prev_output
=
output
-
16
;
/* Copy ciphertext bytes from the previous block to our output for each
* byte of cyphertext we won't steal. At the same time, copy the
* remainder of the input for this final round (since the loop bounds
* are the same). */
for
(
i
=
0
;
i
<
leftover
;
i
++
)
{
output
[
i
]
=
prev_output
[
i
];
tmp
[
i
]
=
input
[
i
]
^
t
[
i
];
}
/* Copy ciphertext bytes from the previous block for input in this
* round. */
for
(
;
i
<
16
;
i
++
)
tmp
[
i
]
=
prev_output
[
i
]
^
t
[
i
];
ret
=
mbedtls_aes_crypt_ecb
(
&
ctx
->
crypt
,
mode
,
tmp
,
tmp
);
if
(
ret
!=
0
)
return
ret
;
/* Write the result back to the previous block, overriding the previous
* output we copied. */
for
(
i
=
0
;
i
<
16
;
i
++
)
prev_output
[
i
]
=
tmp
[
i
]
^
t
[
i
];
}
return
(
0
);
}
#endif
/* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
/*
* AES-CFB128 buffer encryption/decryption
*/
int
mbedtls_aes_crypt_cfb128
(
mbedtls_aes_context
*
ctx
,
int
mode
,
size_t
length
,
size_t
*
iv_off
,
unsigned
char
iv
[
16
],
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
int
c
;
size_t
n
;
AES_VALIDATE_RET
(
ctx
!=
NULL
);
AES_VALIDATE_RET
(
mode
==
MBEDTLS_AES_ENCRYPT
||
mode
==
MBEDTLS_AES_DECRYPT
);
AES_VALIDATE_RET
(
iv_off
!=
NULL
);
AES_VALIDATE_RET
(
iv
!=
NULL
);
AES_VALIDATE_RET
(
input
!=
NULL
);
AES_VALIDATE_RET
(
output
!=
NULL
);
n
=
*
iv_off
;
if
(
n
>
15
)
return
(
MBEDTLS_ERR_AES_BAD_INPUT_DATA
);
if
(
mode
==
MBEDTLS_AES_DECRYPT
)
{
while
(
length
--
)
{
if
(
n
==
0
)
mbedtls_aes_crypt_ecb
(
ctx
,
MBEDTLS_AES_ENCRYPT
,
iv
,
iv
);
c
=
*
input
++
;
*
output
++
=
(
unsigned
char
)(
c
^
iv
[
n
]
);
iv
[
n
]
=
(
unsigned
char
)
c
;
n
=
(
n
+
1
)
&
0x0F
;
}
}
else
{
while
(
length
--
)
{
if
(
n
==
0
)
mbedtls_aes_crypt_ecb
(
ctx
,
MBEDTLS_AES_ENCRYPT
,
iv
,
iv
);
iv
[
n
]
=
*
output
++
=
(
unsigned
char
)(
iv
[
n
]
^
*
input
++
);
n
=
(
n
+
1
)
&
0x0F
;
}
}
*
iv_off
=
n
;
return
(
0
);
}
/*
* AES-CFB8 buffer encryption/decryption
*/
int
mbedtls_aes_crypt_cfb8
(
mbedtls_aes_context
*
ctx
,
int
mode
,
size_t
length
,
unsigned
char
iv
[
16
],
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
unsigned
char
c
;
unsigned
char
ov
[
17
];
AES_VALIDATE_RET
(
ctx
!=
NULL
);
AES_VALIDATE_RET
(
mode
==
MBEDTLS_AES_ENCRYPT
||
mode
==
MBEDTLS_AES_DECRYPT
);
AES_VALIDATE_RET
(
iv
!=
NULL
);
AES_VALIDATE_RET
(
input
!=
NULL
);
AES_VALIDATE_RET
(
output
!=
NULL
);
while
(
length
--
)
{
memcpy
(
ov
,
iv
,
16
);
mbedtls_aes_crypt_ecb
(
ctx
,
MBEDTLS_AES_ENCRYPT
,
iv
,
iv
);
if
(
mode
==
MBEDTLS_AES_DECRYPT
)
ov
[
16
]
=
*
input
;
c
=
*
output
++
=
(
unsigned
char
)(
iv
[
0
]
^
*
input
++
);
if
(
mode
==
MBEDTLS_AES_ENCRYPT
)
ov
[
16
]
=
c
;
memcpy
(
iv
,
ov
+
1
,
16
);
}
return
(
0
);
}
#endif
/* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
/*
* AES-OFB (Output Feedback Mode) buffer encryption/decryption
*/
int
mbedtls_aes_crypt_ofb
(
mbedtls_aes_context
*
ctx
,
size_t
length
,
size_t
*
iv_off
,
unsigned
char
iv
[
16
],
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
int
ret
=
0
;
size_t
n
;
AES_VALIDATE_RET
(
ctx
!=
NULL
);
AES_VALIDATE_RET
(
iv_off
!=
NULL
);
AES_VALIDATE_RET
(
iv
!=
NULL
);
AES_VALIDATE_RET
(
input
!=
NULL
);
AES_VALIDATE_RET
(
output
!=
NULL
);
n
=
*
iv_off
;
if
(
n
>
15
)
return
(
MBEDTLS_ERR_AES_BAD_INPUT_DATA
);
while
(
length
--
)
{
if
(
n
==
0
)
{
ret
=
mbedtls_aes_crypt_ecb
(
ctx
,
MBEDTLS_AES_ENCRYPT
,
iv
,
iv
);
if
(
ret
!=
0
)
goto
exit
;
}
*
output
++
=
*
input
++
^
iv
[
n
];
n
=
(
n
+
1
)
&
0x0F
;
}
*
iv_off
=
n
;
exit:
return
(
ret
);
}
#endif
/* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
/*
* AES-CTR buffer encryption/decryption
*/
int
mbedtls_aes_crypt_ctr
(
mbedtls_aes_context
*
ctx
,
size_t
length
,
size_t
*
nc_off
,
unsigned
char
nonce_counter
[
16
],
unsigned
char
stream_block
[
16
],
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
int
c
,
i
;
size_t
n
;
AES_VALIDATE_RET
(
ctx
!=
NULL
);
AES_VALIDATE_RET
(
nc_off
!=
NULL
);
AES_VALIDATE_RET
(
nonce_counter
!=
NULL
);
AES_VALIDATE_RET
(
stream_block
!=
NULL
);
AES_VALIDATE_RET
(
input
!=
NULL
);
AES_VALIDATE_RET
(
output
!=
NULL
);
n
=
*
nc_off
;
if
(
n
>
0x0F
)
return
(
MBEDTLS_ERR_AES_BAD_INPUT_DATA
);
while
(
length
--
)
{
if
(
n
==
0
)
{
mbedtls_aes_crypt_ecb
(
ctx
,
MBEDTLS_AES_ENCRYPT
,
nonce_counter
,
stream_block
);
for
(
i
=
16
;
i
>
0
;
i
--
)
if
(
++
nonce_counter
[
i
-
1
]
!=
0
)
break
;
}
c
=
*
input
++
;
*
output
++
=
(
unsigned
char
)(
c
^
stream_block
[
n
]
);
n
=
(
n
+
1
)
&
0x0F
;
}
*
nc_off
=
n
;
return
(
0
);
}
#endif
/* MBEDTLS_CIPHER_MODE_CTR */
#endif
/* !MBEDTLS_AES_ALT */
#endif
/* MBEDTLS_AES_C */
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/aes.h
View file @
be1cf907
...
@@ -41,8 +41,6 @@
...
@@ -41,8 +41,6 @@
#ifndef MBEDTLS_AES_H
#ifndef MBEDTLS_AES_H
#define MBEDTLS_AES_H
#define MBEDTLS_AES_H
#include "config.h"
#include <stddef.h>
#include <stddef.h>
#include <stdint.h>
#include <stdint.h>
...
@@ -57,22 +55,10 @@
...
@@ -57,22 +55,10 @@
/* Error codes in range 0x0021-0x0025 */
/* Error codes in range 0x0021-0x0025 */
#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021
/**< Invalid input data. */
#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021
/**< Invalid input data. */
/* MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE is deprecated and should not be used. */
#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023
/**< Feature not available. For example, an unsupported AES key size. */
/* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025
/**< AES hardware accelerator failed. */
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
#ifdef __cplusplus
#ifdef __cplusplus
extern
"C"
{
extern
"C"
{
#endif
#endif
#if !defined(MBEDTLS_AES_ALT)
// Regular implementation
// Regular implementation
//
//
...
@@ -94,23 +80,6 @@ typedef struct mbedtls_aes_context
...
@@ -94,23 +80,6 @@ typedef struct mbedtls_aes_context
}
}
mbedtls_aes_context
;
mbedtls_aes_context
;
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/**
* \brief The AES XTS context-type definition.
*/
typedef
struct
mbedtls_aes_xts_context
{
mbedtls_aes_context
crypt
;
/*!< The AES context to use for AES block
encryption or decryption. */
mbedtls_aes_context
tweak
;
/*!< The AES context used for tweak
computation. */
}
mbedtls_aes_xts_context
;
#endif
/* MBEDTLS_CIPHER_MODE_XTS */
#else
/* MBEDTLS_AES_ALT */
#include "aes_alt.h"
#endif
/* MBEDTLS_AES_ALT */
/**
/**
* \brief This function initializes the specified AES context.
* \brief This function initializes the specified AES context.
*
*
...
@@ -130,27 +99,6 @@ void mbedtls_aes_init( mbedtls_aes_context *ctx );
...
@@ -130,27 +99,6 @@ void mbedtls_aes_init( mbedtls_aes_context *ctx );
*/
*/
void
mbedtls_aes_free
(
mbedtls_aes_context
*
ctx
);
void
mbedtls_aes_free
(
mbedtls_aes_context
*
ctx
);
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/**
* \brief This function initializes the specified AES XTS context.
*
* It must be the first API called before using
* the context.
*
* \param ctx The AES XTS context to initialize. This must not be \c NULL.
*/
void
mbedtls_aes_xts_init
(
mbedtls_aes_xts_context
*
ctx
);
/**
* \brief This function releases and clears the specified AES XTS context.
*
* \param ctx The AES XTS context to clear.
* If this is \c NULL, this function does nothing.
* Otherwise, the context must have been at least initialized.
*/
void
mbedtls_aes_xts_free
(
mbedtls_aes_xts_context
*
ctx
);
#endif
/* MBEDTLS_CIPHER_MODE_XTS */
/**
/**
* \brief This function sets the encryption key.
* \brief This function sets the encryption key.
*
*
...
@@ -187,48 +135,6 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
...
@@ -187,48 +135,6 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
int
mbedtls_aes_setkey_dec
(
mbedtls_aes_context
*
ctx
,
const
unsigned
char
*
key
,
int
mbedtls_aes_setkey_dec
(
mbedtls_aes_context
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
keybits
);
unsigned
int
keybits
);
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/**
* \brief This function prepares an XTS context for encryption and
* sets the encryption key.
*
* \param ctx The AES XTS context to which the key should be bound.
* It must be initialized.
* \param key The encryption key. This is comprised of the XTS key1
* concatenated with the XTS key2.
* This must be a readable buffer of size \p keybits bits.
* \param keybits The size of \p key passed in bits. Valid options are:
* <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
* <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
int
mbedtls_aes_xts_setkey_enc
(
mbedtls_aes_xts_context
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
keybits
);
/**
* \brief This function prepares an XTS context for decryption and
* sets the decryption key.
*
* \param ctx The AES XTS context to which the key should be bound.
* It must be initialized.
* \param key The decryption key. This is comprised of the XTS key1
* concatenated with the XTS key2.
* This must be a readable buffer of size \p keybits bits.
* \param keybits The size of \p key passed in bits. Valid options are:
* <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
* <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
int
mbedtls_aes_xts_setkey_dec
(
mbedtls_aes_xts_context
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
keybits
);
#endif
/* MBEDTLS_CIPHER_MODE_XTS */
/**
/**
* \brief This function performs an AES single-block encryption or
* \brief This function performs an AES single-block encryption or
* decryption operation.
* decryption operation.
...
@@ -257,333 +163,6 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
...
@@ -257,333 +163,6 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
const
unsigned
char
input
[
16
],
const
unsigned
char
input
[
16
],
unsigned
char
output
[
16
]
);
unsigned
char
output
[
16
]
);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
* \brief This function performs an AES-CBC encryption or decryption operation
* on full blocks.
*
* It performs the operation defined in the \p mode
* parameter (encrypt/decrypt), on the input data buffer defined in
* the \p input parameter.
*
* It can be called as many times as needed, until all the input
* data is processed. mbedtls_aes_init(), and either
* mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
* before the first call to this API with the same context.
*
* \note This function operates on full blocks, that is, the input size
* must be a multiple of the AES block size of \c 16 Bytes.
*
* \note Upon exit, the content of the IV is updated so that you can
* call the same function again on the next
* block(s) of data and get the same result as if it was
* encrypted in one call. This allows a "streaming" usage.
* If you need to retain the contents of the IV, you should
* either save it manually or use the cipher module instead.
*
*
* \param ctx The AES context to use for encryption or decryption.
* It must be initialized and bound to a key.
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
* #MBEDTLS_AES_DECRYPT.
* \param length The length of the input data in Bytes. This must be a
* multiple of the block size (\c 16 Bytes).
* \param iv Initialization vector (updated after use).
* It must be a readable and writeable buffer of \c 16 Bytes.
* \param input The buffer holding the input data.
* It must be readable and of size \p length Bytes.
* \param output The buffer holding the output data.
* It must be writeable and of size \p length Bytes.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
* on failure.
*/
int
mbedtls_aes_crypt_cbc
(
mbedtls_aes_context
*
ctx
,
int
mode
,
size_t
length
,
unsigned
char
iv
[
16
],
const
unsigned
char
*
input
,
unsigned
char
*
output
);
#endif
/* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/**
* \brief This function performs an AES-XTS encryption or decryption
* operation for an entire XTS data unit.
*
* AES-XTS encrypts or decrypts blocks based on their location as
* defined by a data unit number. The data unit number must be
* provided by \p data_unit.
*
* NIST SP 800-38E limits the maximum size of a data unit to 2^20
* AES blocks. If the data unit is larger than this, this function
* returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH.
*
* \param ctx The AES XTS context to use for AES XTS operations.
* It must be initialized and bound to a key.
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
* #MBEDTLS_AES_DECRYPT.
* \param length The length of a data unit in Bytes. This can be any
* length between 16 bytes and 2^24 bytes inclusive
* (between 1 and 2^20 block cipher blocks).
* \param data_unit The address of the data unit encoded as an array of 16
* bytes in little-endian format. For disk encryption, this
* is typically the index of the block device sector that
* contains the data.
* \param input The buffer holding the input data (which is an entire
* data unit). This function reads \p length Bytes from \p
* input.
* \param output The buffer holding the output data (which is an entire
* data unit). This function writes \p length Bytes to \p
* output.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is
* smaller than an AES block in size (16 Bytes) or if \p
* length is larger than 2^20 blocks (16 MiB).
*/
int
mbedtls_aes_crypt_xts
(
mbedtls_aes_xts_context
*
ctx
,
int
mode
,
size_t
length
,
const
unsigned
char
data_unit
[
16
],
const
unsigned
char
*
input
,
unsigned
char
*
output
);
#endif
/* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
/**
* \brief This function performs an AES-CFB128 encryption or decryption
* operation.
*
* It performs the operation defined in the \p mode
* parameter (encrypt or decrypt), on the input data buffer
* defined in the \p input parameter.
*
* For CFB, you must set up the context with mbedtls_aes_setkey_enc(),
* regardless of whether you are performing an encryption or decryption
* operation, that is, regardless of the \p mode parameter. This is
* because CFB mode uses the same key schedule for encryption and
* decryption.
*
* \note Upon exit, the content of the IV is updated so that you can
* call the same function again on the next
* block(s) of data and get the same result as if it was
* encrypted in one call. This allows a "streaming" usage.
* If you need to retain the contents of the
* IV, you must either save it manually or use the cipher
* module instead.
*
*
* \param ctx The AES context to use for encryption or decryption.
* It must be initialized and bound to a key.
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
* #MBEDTLS_AES_DECRYPT.
* \param length The length of the input data in Bytes.
* \param iv_off The offset in IV (updated after use).
* It must point to a valid \c size_t.
* \param iv The initialization vector (updated after use).
* It must be a readable and writeable buffer of \c 16 Bytes.
* \param input The buffer holding the input data.
* It must be readable and of size \p length Bytes.
* \param output The buffer holding the output data.
* It must be writeable and of size \p length Bytes.
*
* \return \c 0 on success.
*/
int
mbedtls_aes_crypt_cfb128
(
mbedtls_aes_context
*
ctx
,
int
mode
,
size_t
length
,
size_t
*
iv_off
,
unsigned
char
iv
[
16
],
const
unsigned
char
*
input
,
unsigned
char
*
output
);
/**
* \brief This function performs an AES-CFB8 encryption or decryption
* operation.
*
* It performs the operation defined in the \p mode
* parameter (encrypt/decrypt), on the input data buffer defined
* in the \p input parameter.
*
* Due to the nature of CFB, you must use the same key schedule for
* both encryption and decryption operations. Therefore, you must
* use the context initialized with mbedtls_aes_setkey_enc() for
* both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
*
* \note Upon exit, the content of the IV is updated so that you can
* call the same function again on the next
* block(s) of data and get the same result as if it was
* encrypted in one call. This allows a "streaming" usage.
* If you need to retain the contents of the
* IV, you should either save it manually or use the cipher
* module instead.
*
*
* \param ctx The AES context to use for encryption or decryption.
* It must be initialized and bound to a key.
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
* #MBEDTLS_AES_DECRYPT
* \param length The length of the input data.
* \param iv The initialization vector (updated after use).
* It must be a readable and writeable buffer of \c 16 Bytes.
* \param input The buffer holding the input data.
* It must be readable and of size \p length Bytes.
* \param output The buffer holding the output data.
* It must be writeable and of size \p length Bytes.
*
* \return \c 0 on success.
*/
int
mbedtls_aes_crypt_cfb8
(
mbedtls_aes_context
*
ctx
,
int
mode
,
size_t
length
,
unsigned
char
iv
[
16
],
const
unsigned
char
*
input
,
unsigned
char
*
output
);
#endif
/*MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
/**
* \brief This function performs an AES-OFB (Output Feedback Mode)
* encryption or decryption operation.
*
* For OFB, you must set up the context with
* mbedtls_aes_setkey_enc(), regardless of whether you are
* performing an encryption or decryption operation. This is
* because OFB mode uses the same key schedule for encryption and
* decryption.
*
* The OFB operation is identical for encryption or decryption,
* therefore no operation mode needs to be specified.
*
* \note Upon exit, the content of iv, the Initialisation Vector, is
* updated so that you can call the same function again on the next
* block(s) of data and get the same result as if it was encrypted
* in one call. This allows a "streaming" usage, by initialising
* iv_off to 0 before the first call, and preserving its value
* between calls.
*
* For non-streaming use, the iv should be initialised on each call
* to a unique value, and iv_off set to 0 on each call.
*
* If you need to retain the contents of the initialisation vector,
* you must either save it manually or use the cipher module
* instead.
*
* \warning For the OFB mode, the initialisation vector must be unique
* every encryption operation. Reuse of an initialisation vector
* will compromise security.
*
* \param ctx The AES context to use for encryption or decryption.
* It must be initialized and bound to a key.
* \param length The length of the input data.
* \param iv_off The offset in IV (updated after use).
* It must point to a valid \c size_t.
* \param iv The initialization vector (updated after use).
* It must be a readable and writeable buffer of \c 16 Bytes.
* \param input The buffer holding the input data.
* It must be readable and of size \p length Bytes.
* \param output The buffer holding the output data.
* It must be writeable and of size \p length Bytes.
*
* \return \c 0 on success.
*/
int
mbedtls_aes_crypt_ofb
(
mbedtls_aes_context
*
ctx
,
size_t
length
,
size_t
*
iv_off
,
unsigned
char
iv
[
16
],
const
unsigned
char
*
input
,
unsigned
char
*
output
);
#endif
/* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
/**
* \brief This function performs an AES-CTR encryption or decryption
* operation.
*
* This function performs the operation defined in the \p mode
* parameter (encrypt/decrypt), on the input data buffer
* defined in the \p input parameter.
*
* Due to the nature of CTR, you must use the same key schedule
* for both encryption and decryption operations. Therefore, you
* must use the context initialized with mbedtls_aes_setkey_enc()
* for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
*
* \warning You must never reuse a nonce value with the same key. Doing so
* would void the encryption for the two messages encrypted with
* the same nonce and key.
*
* There are two common strategies for managing nonces with CTR:
*
* 1. You can handle everything as a single message processed over
* successive calls to this function. In that case, you want to
* set \p nonce_counter and \p nc_off to 0 for the first call, and
* then preserve the values of \p nonce_counter, \p nc_off and \p
* stream_block across calls to this function as they will be
* updated by this function.
*
* With this strategy, you must not encrypt more than 2**128
* blocks of data with the same key.
*
* 2. You can encrypt separate messages by dividing the \p
* nonce_counter buffer in two areas: the first one used for a
* per-message nonce, handled by yourself, and the second one
* updated by this function internally.
*
* For example, you might reserve the first 12 bytes for the
* per-message nonce, and the last 4 bytes for internal use. In that
* case, before calling this function on a new message you need to
* set the first 12 bytes of \p nonce_counter to your chosen nonce
* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
* stream_block to be ignored). That way, you can encrypt at most
* 2**96 messages of up to 2**32 blocks each with the same key.
*
* The per-message nonce (or information sufficient to reconstruct
* it) needs to be communicated with the ciphertext and must be unique.
* The recommended way to ensure uniqueness is to use a message
* counter. An alternative is to generate random nonces, but this
* limits the number of messages that can be securely encrypted:
* for example, with 96-bit random nonces, you should not encrypt
* more than 2**32 messages with the same key.
*
* Note that for both stategies, sizes are measured in blocks and
* that an AES block is 16 bytes.
*
* \warning Upon return, \p stream_block contains sensitive data. Its
* content must not be written to insecure storage and should be
* securely discarded as soon as it's no longer needed.
*
* \param ctx The AES context to use for encryption or decryption.
* It must be initialized and bound to a key.
* \param length The length of the input data.
* \param nc_off The offset in the current \p stream_block, for
* resuming within the current cipher stream. The
* offset pointer should be 0 at the start of a stream.
* It must point to a valid \c size_t.
* \param nonce_counter The 128-bit nonce and counter.
* It must be a readable-writeable buffer of \c 16 Bytes.
* \param stream_block The saved stream block for resuming. This is
* overwritten by the function.
* It must be a readable-writeable buffer of \c 16 Bytes.
* \param input The buffer holding the input data.
* It must be readable and of size \p length Bytes.
* \param output The buffer holding the output data.
* It must be writeable and of size \p length Bytes.
*
* \return \c 0 on success.
*/
int
mbedtls_aes_crypt_ctr
(
mbedtls_aes_context
*
ctx
,
size_t
length
,
size_t
*
nc_off
,
unsigned
char
nonce_counter
[
16
],
unsigned
char
stream_block
[
16
],
const
unsigned
char
*
input
,
unsigned
char
*
output
);
#endif
/* MBEDTLS_CIPHER_MODE_CTR */
/**
/**
* \brief Internal AES block encryption function. This is only
* \brief Internal AES block encryption function. This is only
* exposed to allow overriding it using
* exposed to allow overriding it using
...
@@ -614,54 +193,6 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
...
@@ -614,54 +193,6 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
const
unsigned
char
input
[
16
],
const
unsigned
char
input
[
16
],
unsigned
char
output
[
16
]
);
unsigned
char
output
[
16
]
);
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
#else
#define MBEDTLS_DEPRECATED
#endif
/**
* \brief Deprecated internal AES block encryption function
* without return value.
*
* \deprecated Superseded by mbedtls_internal_aes_encrypt()
*
* \param ctx The AES context to use for encryption.
* \param input Plaintext block.
* \param output Output (ciphertext) block.
*/
MBEDTLS_DEPRECATED
void
mbedtls_aes_encrypt
(
mbedtls_aes_context
*
ctx
,
const
unsigned
char
input
[
16
],
unsigned
char
output
[
16
]
);
/**
* \brief Deprecated internal AES block decryption function
* without return value.
*
* \deprecated Superseded by mbedtls_internal_aes_decrypt()
*
* \param ctx The AES context to use for decryption.
* \param input Ciphertext block.
* \param output Output (plaintext) block.
*/
MBEDTLS_DEPRECATED
void
mbedtls_aes_decrypt
(
mbedtls_aes_context
*
ctx
,
const
unsigned
char
input
[
16
],
unsigned
char
output
[
16
]
);
#undef MBEDTLS_DEPRECATED
#endif
/* !MBEDTLS_DEPRECATED_REMOVED */
#if defined(MBEDTLS_SELF_TEST)
/**
* \brief Checkup routine.
*
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int
mbedtls_aes_self_test
(
int
verbose
);
#endif
/* MBEDTLS_SELF_TEST */
#ifdef __cplusplus
#ifdef __cplusplus
}
}
...
...
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/cipher.c
deleted
100644 → 0
View file @
fcb7d9c8
/**
* \file cipher.c
*
* \brief Generic cipher wrapper for mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#include "config.h"
#include "platform_util.h"
#if defined(MBEDTLS_CIPHER_C)
#include "cipher.h"
#include "cipher_internal.h"
#include <stdlib.h>
#include <string.h>
#if defined(MBEDTLS_CHACHAPOLY_C)
#include "mbedtls/chachapoly.h"
#endif
#if defined(MBEDTLS_GCM_C)
#include "gcm.h"
#endif
#if defined(MBEDTLS_CCM_C)
#include "mbedtls/ccm.h"
#endif
#if defined(MBEDTLS_CHACHA20_C)
#include "mbedtls/chacha20.h"
#endif
#if defined(MBEDTLS_CMAC_C)
#include "mbedtls/cmac.h"
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
#endif
/* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_NIST_KW_C)
#include "mbedtls/nist_kw.h"
#endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#define CIPHER_VALIDATE_RET( cond ) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA )
#define CIPHER_VALIDATE( cond ) \
MBEDTLS_INTERNAL_VALIDATE( cond )
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
/* Compare the contents of two buffers in constant time.
* Returns 0 if the contents are bitwise identical, otherwise returns
* a non-zero value.
* This is currently only used by GCM and ChaCha20+Poly1305.
*/
static
int
mbedtls_constant_time_memcmp
(
const
void
*
v1
,
const
void
*
v2
,
size_t
len
)
{
const
unsigned
char
*
p1
=
(
const
unsigned
char
*
)
v1
;
const
unsigned
char
*
p2
=
(
const
unsigned
char
*
)
v2
;
size_t
i
;
unsigned
char
diff
;
for
(
diff
=
0
,
i
=
0
;
i
<
len
;
i
++
)
diff
|=
p1
[
i
]
^
p2
[
i
];
return
(
(
int
)
diff
);
}
#endif
/* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
static
int
supported_init
=
0
;
const
int
*
mbedtls_cipher_list
(
void
)
{
const
mbedtls_cipher_definition_t
*
def
;
int
*
type
;
if
(
!
supported_init
)
{
def
=
mbedtls_cipher_definitions
;
type
=
mbedtls_cipher_supported
;
while
(
def
->
type
!=
0
)
*
type
++
=
(
*
def
++
).
type
;
*
type
=
0
;
supported_init
=
1
;
}
return
(
mbedtls_cipher_supported
);
}
const
mbedtls_cipher_info_t
*
mbedtls_cipher_info_from_type
(
const
mbedtls_cipher_type_t
cipher_type
)
{
const
mbedtls_cipher_definition_t
*
def
;
for
(
def
=
mbedtls_cipher_definitions
;
def
->
info
!=
NULL
;
def
++
)
if
(
def
->
type
==
cipher_type
)
return
(
def
->
info
);
return
(
NULL
);
}
const
mbedtls_cipher_info_t
*
mbedtls_cipher_info_from_string
(
const
char
*
cipher_name
)
{
const
mbedtls_cipher_definition_t
*
def
;
if
(
NULL
==
cipher_name
)
return
(
NULL
);
for
(
def
=
mbedtls_cipher_definitions
;
def
->
info
!=
NULL
;
def
++
)
if
(
!
strcmp
(
def
->
info
->
name
,
cipher_name
)
)
return
(
def
->
info
);
return
(
NULL
);
}
const
mbedtls_cipher_info_t
*
mbedtls_cipher_info_from_values
(
const
mbedtls_cipher_id_t
cipher_id
,
int
key_bitlen
,
const
mbedtls_cipher_mode_t
mode
)
{
const
mbedtls_cipher_definition_t
*
def
;
for
(
def
=
mbedtls_cipher_definitions
;
def
->
info
!=
NULL
;
def
++
)
if
(
def
->
info
->
base
->
cipher
==
cipher_id
&&
def
->
info
->
key_bitlen
==
(
unsigned
)
key_bitlen
&&
def
->
info
->
mode
==
mode
)
return
(
def
->
info
);
return
(
NULL
);
}
void
mbedtls_cipher_init
(
mbedtls_cipher_context_t
*
ctx
)
{
CIPHER_VALIDATE
(
ctx
!=
NULL
);
memset
(
ctx
,
0
,
sizeof
(
mbedtls_cipher_context_t
)
);
}
void
mbedtls_cipher_free
(
mbedtls_cipher_context_t
*
ctx
)
{
if
(
ctx
==
NULL
)
return
;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if
(
ctx
->
psa_enabled
==
1
)
{
if
(
ctx
->
cipher_ctx
!=
NULL
)
{
mbedtls_cipher_context_psa
*
const
cipher_psa
=
(
mbedtls_cipher_context_psa
*
)
ctx
->
cipher_ctx
;
if
(
cipher_psa
->
slot_state
==
MBEDTLS_CIPHER_PSA_KEY_OWNED
)
{
/* xxx_free() doesn't allow to return failures. */
(
void
)
psa_destroy_key
(
cipher_psa
->
slot
);
}
mbedtls_platform_zeroize
(
cipher_psa
,
sizeof
(
*
cipher_psa
)
);
mbedtls_free
(
cipher_psa
);
}
mbedtls_platform_zeroize
(
ctx
,
sizeof
(
mbedtls_cipher_context_t
)
);
return
;
}
#endif
/* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_CMAC_C)
if
(
ctx
->
cmac_ctx
)
{
mbedtls_platform_zeroize
(
ctx
->
cmac_ctx
,
sizeof
(
mbedtls_cmac_context_t
)
);
mbedtls_free
(
ctx
->
cmac_ctx
);
}
#endif
if
(
ctx
->
cipher_ctx
)
ctx
->
cipher_info
->
base
->
ctx_free_func
(
ctx
->
cipher_ctx
);
mbedtls_platform_zeroize
(
ctx
,
sizeof
(
mbedtls_cipher_context_t
)
);
}
int
mbedtls_cipher_setup
(
mbedtls_cipher_context_t
*
ctx
,
const
mbedtls_cipher_info_t
*
cipher_info
)
{
CIPHER_VALIDATE_RET
(
ctx
!=
NULL
);
if
(
cipher_info
==
NULL
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
memset
(
ctx
,
0
,
sizeof
(
mbedtls_cipher_context_t
)
);
if
(
NULL
==
(
ctx
->
cipher_ctx
=
cipher_info
->
base
->
ctx_alloc_func
()
)
)
return
(
MBEDTLS_ERR_CIPHER_ALLOC_FAILED
);
ctx
->
cipher_info
=
cipher_info
;
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
/*
* Ignore possible errors caused by a cipher mode that doesn't use padding
*/
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
(
void
)
mbedtls_cipher_set_padding_mode
(
ctx
,
MBEDTLS_PADDING_PKCS7
);
#else
(
void
)
mbedtls_cipher_set_padding_mode
(
ctx
,
MBEDTLS_PADDING_NONE
);
#endif
#endif
/* MBEDTLS_CIPHER_MODE_WITH_PADDING */
return
(
0
);
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
int
mbedtls_cipher_setup_psa
(
mbedtls_cipher_context_t
*
ctx
,
const
mbedtls_cipher_info_t
*
cipher_info
,
size_t
taglen
)
{
psa_algorithm_t
alg
;
mbedtls_cipher_context_psa
*
cipher_psa
;
if
(
NULL
==
cipher_info
||
NULL
==
ctx
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
/* Check that the underlying cipher mode and cipher type are
* supported by the underlying PSA Crypto implementation. */
alg
=
mbedtls_psa_translate_cipher_mode
(
cipher_info
->
mode
,
taglen
);
if
(
alg
==
0
)
return
(
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
);
if
(
mbedtls_psa_translate_cipher_type
(
cipher_info
->
type
)
==
0
)
return
(
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
);
memset
(
ctx
,
0
,
sizeof
(
mbedtls_cipher_context_t
)
);
cipher_psa
=
mbedtls_calloc
(
1
,
sizeof
(
mbedtls_cipher_context_psa
)
);
if
(
cipher_psa
==
NULL
)
return
(
MBEDTLS_ERR_CIPHER_ALLOC_FAILED
);
cipher_psa
->
alg
=
alg
;
ctx
->
cipher_ctx
=
cipher_psa
;
ctx
->
cipher_info
=
cipher_info
;
ctx
->
psa_enabled
=
1
;
return
(
0
);
}
#endif
/* MBEDTLS_USE_PSA_CRYPTO */
int
mbedtls_cipher_setkey
(
mbedtls_cipher_context_t
*
ctx
,
const
unsigned
char
*
key
,
int
key_bitlen
,
const
mbedtls_operation_t
operation
)
{
CIPHER_VALIDATE_RET
(
ctx
!=
NULL
);
CIPHER_VALIDATE_RET
(
key
!=
NULL
);
CIPHER_VALIDATE_RET
(
operation
==
MBEDTLS_ENCRYPT
||
operation
==
MBEDTLS_DECRYPT
);
if
(
ctx
->
cipher_info
==
NULL
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if
(
ctx
->
psa_enabled
==
1
)
{
mbedtls_cipher_context_psa
*
const
cipher_psa
=
(
mbedtls_cipher_context_psa
*
)
ctx
->
cipher_ctx
;
size_t
const
key_bytelen
=
(
(
size_t
)
key_bitlen
+
7
)
/
8
;
psa_status_t
status
;
psa_key_type_t
key_type
;
psa_key_usage_t
key_usage
;
psa_key_policy_t
key_policy
;
/* PSA Crypto API only accepts byte-aligned keys. */
if
(
key_bitlen
%
8
!=
0
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
/* Don't allow keys to be set multiple times. */
if
(
cipher_psa
->
slot_state
!=
MBEDTLS_CIPHER_PSA_KEY_UNSET
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
key_type
=
mbedtls_psa_translate_cipher_type
(
ctx
->
cipher_info
->
type
);
if
(
key_type
==
0
)
return
(
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
);
/* Allocate a key slot to use. */
status
=
psa_allocate_key
(
&
cipher_psa
->
slot
);
if
(
status
!=
PSA_SUCCESS
)
return
(
MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED
);
/* Indicate that we own the key slot and need to
* destroy it in mbedtls_cipher_free(). */
cipher_psa
->
slot_state
=
MBEDTLS_CIPHER_PSA_KEY_OWNED
;
/* From that point on, the responsibility for destroying the
* key slot is on mbedtls_cipher_free(). This includes the case
* where the policy setup or key import below fail, as
* mbedtls_cipher_free() needs to be called in any case. */
/* Setup policy for the new key slot. */
key_policy
=
psa_key_policy_init
();
/* Mbed TLS' cipher layer doesn't enforce the mode of operation
* (encrypt vs. decrypt): it is possible to setup a key for encryption
* and use it for AEAD decryption. Until tests relying on this
* are changed, allow any usage in PSA. */
/* key_usage = mbedtls_psa_translate_cipher_operation( operation ); */
key_usage
=
PSA_KEY_USAGE_ENCRYPT
|
PSA_KEY_USAGE_DECRYPT
;
psa_key_policy_set_usage
(
&
key_policy
,
key_usage
,
cipher_psa
->
alg
);
status
=
psa_set_key_policy
(
cipher_psa
->
slot
,
&
key_policy
);
if
(
status
!=
PSA_SUCCESS
)
return
(
MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED
);
/* Populate new key slot. */
status
=
psa_import_key
(
cipher_psa
->
slot
,
key_type
,
key
,
key_bytelen
);
if
(
status
!=
PSA_SUCCESS
)
return
(
MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED
);
ctx
->
key_bitlen
=
key_bitlen
;
ctx
->
operation
=
operation
;
return
(
0
);
}
#endif
/* MBEDTLS_USE_PSA_CRYPTO */
if
(
(
ctx
->
cipher_info
->
flags
&
MBEDTLS_CIPHER_VARIABLE_KEY_LEN
)
==
0
&&
(
int
)
ctx
->
cipher_info
->
key_bitlen
!=
key_bitlen
)
{
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
}
ctx
->
key_bitlen
=
key_bitlen
;
ctx
->
operation
=
operation
;
/*
* For OFB, CFB and CTR mode always use the encryption key schedule
*/
if
(
MBEDTLS_ENCRYPT
==
operation
||
MBEDTLS_MODE_CFB
==
ctx
->
cipher_info
->
mode
||
MBEDTLS_MODE_OFB
==
ctx
->
cipher_info
->
mode
||
MBEDTLS_MODE_CTR
==
ctx
->
cipher_info
->
mode
)
{
return
(
ctx
->
cipher_info
->
base
->
setkey_enc_func
(
ctx
->
cipher_ctx
,
key
,
ctx
->
key_bitlen
)
);
}
if
(
MBEDTLS_DECRYPT
==
operation
)
return
(
ctx
->
cipher_info
->
base
->
setkey_dec_func
(
ctx
->
cipher_ctx
,
key
,
ctx
->
key_bitlen
)
);
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
}
int
mbedtls_cipher_set_iv
(
mbedtls_cipher_context_t
*
ctx
,
const
unsigned
char
*
iv
,
size_t
iv_len
)
{
size_t
actual_iv_size
;
CIPHER_VALIDATE_RET
(
ctx
!=
NULL
);
CIPHER_VALIDATE_RET
(
iv_len
==
0
||
iv
!=
NULL
);
if
(
ctx
->
cipher_info
==
NULL
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if
(
ctx
->
psa_enabled
==
1
)
{
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
return
(
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
);
}
#endif
/* MBEDTLS_USE_PSA_CRYPTO */
/* avoid buffer overflow in ctx->iv */
if
(
iv_len
>
MBEDTLS_MAX_IV_LENGTH
)
return
(
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
);
if
(
(
ctx
->
cipher_info
->
flags
&
MBEDTLS_CIPHER_VARIABLE_IV_LEN
)
!=
0
)
actual_iv_size
=
iv_len
;
else
{
actual_iv_size
=
ctx
->
cipher_info
->
iv_size
;
/* avoid reading past the end of input buffer */
if
(
actual_iv_size
>
iv_len
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
}
#if defined(MBEDTLS_CHACHA20_C)
if
(
ctx
->
cipher_info
->
type
==
MBEDTLS_CIPHER_CHACHA20
)
{
if
(
0
!=
mbedtls_chacha20_starts
(
(
mbedtls_chacha20_context
*
)
ctx
->
cipher_ctx
,
iv
,
0U
)
)
/* Initial counter value */
{
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
}
}
#endif
if
(
actual_iv_size
!=
0
)
{
memcpy
(
ctx
->
iv
,
iv
,
actual_iv_size
);
ctx
->
iv_size
=
actual_iv_size
;
}
return
(
0
);
}
int
mbedtls_cipher_reset
(
mbedtls_cipher_context_t
*
ctx
)
{
CIPHER_VALIDATE_RET
(
ctx
!=
NULL
);
if
(
ctx
->
cipher_info
==
NULL
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if
(
ctx
->
psa_enabled
==
1
)
{
/* We don't support resetting PSA-based
* cipher contexts, yet. */
return
(
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
);
}
#endif
/* MBEDTLS_USE_PSA_CRYPTO */
ctx
->
unprocessed_len
=
0
;
return
(
0
);
}
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
int
mbedtls_cipher_update_ad
(
mbedtls_cipher_context_t
*
ctx
,
const
unsigned
char
*
ad
,
size_t
ad_len
)
{
CIPHER_VALIDATE_RET
(
ctx
!=
NULL
);
CIPHER_VALIDATE_RET
(
ad_len
==
0
||
ad
!=
NULL
);
if
(
ctx
->
cipher_info
==
NULL
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if
(
ctx
->
psa_enabled
==
1
)
{
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
return
(
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
);
}
#endif
/* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
if
(
MBEDTLS_MODE_GCM
==
ctx
->
cipher_info
->
mode
)
{
return
(
mbedtls_gcm_starts
(
(
mbedtls_gcm_context
*
)
ctx
->
cipher_ctx
,
ctx
->
operation
,
ctx
->
iv
,
ctx
->
iv_size
,
ad
,
ad_len
)
);
}
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
if
(
MBEDTLS_CIPHER_CHACHA20_POLY1305
==
ctx
->
cipher_info
->
type
)
{
int
result
;
mbedtls_chachapoly_mode_t
mode
;
mode
=
(
ctx
->
operation
==
MBEDTLS_ENCRYPT
)
?
MBEDTLS_CHACHAPOLY_ENCRYPT
:
MBEDTLS_CHACHAPOLY_DECRYPT
;
result
=
mbedtls_chachapoly_starts
(
(
mbedtls_chachapoly_context
*
)
ctx
->
cipher_ctx
,
ctx
->
iv
,
mode
);
if
(
result
!=
0
)
return
(
result
);
return
(
mbedtls_chachapoly_update_aad
(
(
mbedtls_chachapoly_context
*
)
ctx
->
cipher_ctx
,
ad
,
ad_len
)
);
}
#endif
return
(
0
);
}
#endif
/* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
int
mbedtls_cipher_update
(
mbedtls_cipher_context_t
*
ctx
,
const
unsigned
char
*
input
,
size_t
ilen
,
unsigned
char
*
output
,
size_t
*
olen
)
{
int
ret
;
size_t
block_size
;
CIPHER_VALIDATE_RET
(
ctx
!=
NULL
);
CIPHER_VALIDATE_RET
(
ilen
==
0
||
input
!=
NULL
);
CIPHER_VALIDATE_RET
(
output
!=
NULL
);
CIPHER_VALIDATE_RET
(
olen
!=
NULL
);
if
(
ctx
->
cipher_info
==
NULL
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if
(
ctx
->
psa_enabled
==
1
)
{
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
return
(
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
);
}
#endif
/* MBEDTLS_USE_PSA_CRYPTO */
*
olen
=
0
;
block_size
=
mbedtls_cipher_get_block_size
(
ctx
);
if
(
ctx
->
cipher_info
->
mode
==
MBEDTLS_MODE_ECB
)
{
if
(
ilen
!=
block_size
)
return
(
MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
);
*
olen
=
ilen
;
if
(
0
!=
(
ret
=
ctx
->
cipher_info
->
base
->
ecb_func
(
ctx
->
cipher_ctx
,
ctx
->
operation
,
input
,
output
)
)
)
{
return
(
ret
);
}
return
(
0
);
}
#if defined(MBEDTLS_GCM_C)
if
(
ctx
->
cipher_info
->
mode
==
MBEDTLS_MODE_GCM
)
{
*
olen
=
ilen
;
return
(
mbedtls_gcm_update
(
(
mbedtls_gcm_context
*
)
ctx
->
cipher_ctx
,
ilen
,
input
,
output
)
);
}
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
if
(
ctx
->
cipher_info
->
type
==
MBEDTLS_CIPHER_CHACHA20_POLY1305
)
{
*
olen
=
ilen
;
return
(
mbedtls_chachapoly_update
(
(
mbedtls_chachapoly_context
*
)
ctx
->
cipher_ctx
,
ilen
,
input
,
output
)
);
}
#endif
if
(
0
==
block_size
)
{
return
(
MBEDTLS_ERR_CIPHER_INVALID_CONTEXT
);
}
if
(
input
==
output
&&
(
ctx
->
unprocessed_len
!=
0
||
ilen
%
block_size
)
)
{
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
if
(
ctx
->
cipher_info
->
mode
==
MBEDTLS_MODE_CBC
)
{
size_t
copy_len
=
0
;
/*
* If there is not enough data for a full block, cache it.
*/
if
(
(
ctx
->
operation
==
MBEDTLS_DECRYPT
&&
NULL
!=
ctx
->
add_padding
&&
ilen
<=
block_size
-
ctx
->
unprocessed_len
)
||
(
ctx
->
operation
==
MBEDTLS_DECRYPT
&&
NULL
==
ctx
->
add_padding
&&
ilen
<
block_size
-
ctx
->
unprocessed_len
)
||
(
ctx
->
operation
==
MBEDTLS_ENCRYPT
&&
ilen
<
block_size
-
ctx
->
unprocessed_len
)
)
{
memcpy
(
&
(
ctx
->
unprocessed_data
[
ctx
->
unprocessed_len
]
),
input
,
ilen
);
ctx
->
unprocessed_len
+=
ilen
;
return
(
0
);
}
/*
* Process cached data first
*/
if
(
0
!=
ctx
->
unprocessed_len
)
{
copy_len
=
block_size
-
ctx
->
unprocessed_len
;
memcpy
(
&
(
ctx
->
unprocessed_data
[
ctx
->
unprocessed_len
]
),
input
,
copy_len
);
if
(
0
!=
(
ret
=
ctx
->
cipher_info
->
base
->
cbc_func
(
ctx
->
cipher_ctx
,
ctx
->
operation
,
block_size
,
ctx
->
iv
,
ctx
->
unprocessed_data
,
output
)
)
)
{
return
(
ret
);
}
*
olen
+=
block_size
;
output
+=
block_size
;
ctx
->
unprocessed_len
=
0
;
input
+=
copy_len
;
ilen
-=
copy_len
;
}
/*
* Cache final, incomplete block
*/
if
(
0
!=
ilen
)
{
if
(
0
==
block_size
)
{
return
(
MBEDTLS_ERR_CIPHER_INVALID_CONTEXT
);
}
/* Encryption: only cache partial blocks
* Decryption w/ padding: always keep at least one whole block
* Decryption w/o padding: only cache partial blocks
*/
copy_len
=
ilen
%
block_size
;
if
(
copy_len
==
0
&&
ctx
->
operation
==
MBEDTLS_DECRYPT
&&
NULL
!=
ctx
->
add_padding
)
{
copy_len
=
block_size
;
}
memcpy
(
ctx
->
unprocessed_data
,
&
(
input
[
ilen
-
copy_len
]
),
copy_len
);
ctx
->
unprocessed_len
+=
copy_len
;
ilen
-=
copy_len
;
}
/*
* Process remaining full blocks
*/
if
(
ilen
)
{
if
(
0
!=
(
ret
=
ctx
->
cipher_info
->
base
->
cbc_func
(
ctx
->
cipher_ctx
,
ctx
->
operation
,
ilen
,
ctx
->
iv
,
input
,
output
)
)
)
{
return
(
ret
);
}
*
olen
+=
ilen
;
}
return
(
0
);
}
#endif
/* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
if
(
ctx
->
cipher_info
->
mode
==
MBEDTLS_MODE_CFB
)
{
if
(
0
!=
(
ret
=
ctx
->
cipher_info
->
base
->
cfb_func
(
ctx
->
cipher_ctx
,
ctx
->
operation
,
ilen
,
&
ctx
->
unprocessed_len
,
ctx
->
iv
,
input
,
output
)
)
)
{
return
(
ret
);
}
*
olen
=
ilen
;
return
(
0
);
}
#endif
/* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
if
(
ctx
->
cipher_info
->
mode
==
MBEDTLS_MODE_OFB
)
{
if
(
0
!=
(
ret
=
ctx
->
cipher_info
->
base
->
ofb_func
(
ctx
->
cipher_ctx
,
ilen
,
&
ctx
->
unprocessed_len
,
ctx
->
iv
,
input
,
output
)
)
)
{
return
(
ret
);
}
*
olen
=
ilen
;
return
(
0
);
}
#endif
/* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
if
(
ctx
->
cipher_info
->
mode
==
MBEDTLS_MODE_CTR
)
{
if
(
0
!=
(
ret
=
ctx
->
cipher_info
->
base
->
ctr_func
(
ctx
->
cipher_ctx
,
ilen
,
&
ctx
->
unprocessed_len
,
ctx
->
iv
,
ctx
->
unprocessed_data
,
input
,
output
)
)
)
{
return
(
ret
);
}
*
olen
=
ilen
;
return
(
0
);
}
#endif
/* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
if
(
ctx
->
cipher_info
->
mode
==
MBEDTLS_MODE_XTS
)
{
if
(
ctx
->
unprocessed_len
>
0
)
{
/* We can only process an entire data unit at a time. */
return
(
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
);
}
ret
=
ctx
->
cipher_info
->
base
->
xts_func
(
ctx
->
cipher_ctx
,
ctx
->
operation
,
ilen
,
ctx
->
iv
,
input
,
output
);
if
(
ret
!=
0
)
{
return
(
ret
);
}
*
olen
=
ilen
;
return
(
0
);
}
#endif
/* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
if
(
ctx
->
cipher_info
->
mode
==
MBEDTLS_MODE_STREAM
)
{
if
(
0
!=
(
ret
=
ctx
->
cipher_info
->
base
->
stream_func
(
ctx
->
cipher_ctx
,
ilen
,
input
,
output
)
)
)
{
return
(
ret
);
}
*
olen
=
ilen
;
return
(
0
);
}
#endif
/* MBEDTLS_CIPHER_MODE_STREAM */
return
(
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
);
}
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
/*
* PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
*/
static
void
add_pkcs_padding
(
unsigned
char
*
output
,
size_t
output_len
,
size_t
data_len
)
{
size_t
padding_len
=
output_len
-
data_len
;
unsigned
char
i
;
for
(
i
=
0
;
i
<
padding_len
;
i
++
)
output
[
data_len
+
i
]
=
(
unsigned
char
)
padding_len
;
}
static
int
get_pkcs_padding
(
unsigned
char
*
input
,
size_t
input_len
,
size_t
*
data_len
)
{
size_t
i
,
pad_idx
;
unsigned
char
padding_len
,
bad
=
0
;
if
(
NULL
==
input
||
NULL
==
data_len
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
padding_len
=
input
[
input_len
-
1
];
*
data_len
=
input_len
-
padding_len
;
/* Avoid logical || since it results in a branch */
bad
|=
padding_len
>
input_len
;
bad
|=
padding_len
==
0
;
/* The number of bytes checked must be independent of padding_len,
* so pick input_len, which is usually 8 or 16 (one block) */
pad_idx
=
input_len
-
padding_len
;
for
(
i
=
0
;
i
<
input_len
;
i
++
)
bad
|=
(
input
[
i
]
^
padding_len
)
*
(
i
>=
pad_idx
);
return
(
MBEDTLS_ERR_CIPHER_INVALID_PADDING
*
(
bad
!=
0
)
);
}
#endif
/* MBEDTLS_CIPHER_PADDING_PKCS7 */
#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
/*
* One and zeros padding: fill with 80 00 ... 00
*/
static
void
add_one_and_zeros_padding
(
unsigned
char
*
output
,
size_t
output_len
,
size_t
data_len
)
{
size_t
padding_len
=
output_len
-
data_len
;
unsigned
char
i
=
0
;
output
[
data_len
]
=
0x80
;
for
(
i
=
1
;
i
<
padding_len
;
i
++
)
output
[
data_len
+
i
]
=
0x00
;
}
static
int
get_one_and_zeros_padding
(
unsigned
char
*
input
,
size_t
input_len
,
size_t
*
data_len
)
{
size_t
i
;
unsigned
char
done
=
0
,
prev_done
,
bad
;
if
(
NULL
==
input
||
NULL
==
data_len
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
bad
=
0x80
;
*
data_len
=
0
;
for
(
i
=
input_len
;
i
>
0
;
i
--
)
{
prev_done
=
done
;
done
|=
(
input
[
i
-
1
]
!=
0
);
*
data_len
|=
(
i
-
1
)
*
(
done
!=
prev_done
);
bad
^=
input
[
i
-
1
]
*
(
done
!=
prev_done
);
}
return
(
MBEDTLS_ERR_CIPHER_INVALID_PADDING
*
(
bad
!=
0
)
);
}
#endif
/* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
/*
* Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
*/
static
void
add_zeros_and_len_padding
(
unsigned
char
*
output
,
size_t
output_len
,
size_t
data_len
)
{
size_t
padding_len
=
output_len
-
data_len
;
unsigned
char
i
=
0
;
for
(
i
=
1
;
i
<
padding_len
;
i
++
)
output
[
data_len
+
i
-
1
]
=
0x00
;
output
[
output_len
-
1
]
=
(
unsigned
char
)
padding_len
;
}
static
int
get_zeros_and_len_padding
(
unsigned
char
*
input
,
size_t
input_len
,
size_t
*
data_len
)
{
size_t
i
,
pad_idx
;
unsigned
char
padding_len
,
bad
=
0
;
if
(
NULL
==
input
||
NULL
==
data_len
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
padding_len
=
input
[
input_len
-
1
];
*
data_len
=
input_len
-
padding_len
;
/* Avoid logical || since it results in a branch */
bad
|=
padding_len
>
input_len
;
bad
|=
padding_len
==
0
;
/* The number of bytes checked must be independent of padding_len */
pad_idx
=
input_len
-
padding_len
;
for
(
i
=
0
;
i
<
input_len
-
1
;
i
++
)
bad
|=
input
[
i
]
*
(
i
>=
pad_idx
);
return
(
MBEDTLS_ERR_CIPHER_INVALID_PADDING
*
(
bad
!=
0
)
);
}
#endif
/* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
/*
* Zero padding: fill with 00 ... 00
*/
static
void
add_zeros_padding
(
unsigned
char
*
output
,
size_t
output_len
,
size_t
data_len
)
{
size_t
i
;
for
(
i
=
data_len
;
i
<
output_len
;
i
++
)
output
[
i
]
=
0x00
;
}
static
int
get_zeros_padding
(
unsigned
char
*
input
,
size_t
input_len
,
size_t
*
data_len
)
{
size_t
i
;
unsigned
char
done
=
0
,
prev_done
;
if
(
NULL
==
input
||
NULL
==
data_len
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
*
data_len
=
0
;
for
(
i
=
input_len
;
i
>
0
;
i
--
)
{
prev_done
=
done
;
done
|=
(
input
[
i
-
1
]
!=
0
);
*
data_len
|=
i
*
(
done
!=
prev_done
);
}
return
(
0
);
}
#endif
/* MBEDTLS_CIPHER_PADDING_ZEROS */
/*
* No padding: don't pad :)
*
* There is no add_padding function (check for NULL in mbedtls_cipher_finish)
* but a trivial get_padding function
*/
static
int
get_no_padding
(
unsigned
char
*
input
,
size_t
input_len
,
size_t
*
data_len
)
{
if
(
NULL
==
input
||
NULL
==
data_len
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
*
data_len
=
input_len
;
return
(
0
);
}
#endif
/* MBEDTLS_CIPHER_MODE_WITH_PADDING */
int
mbedtls_cipher_finish
(
mbedtls_cipher_context_t
*
ctx
,
unsigned
char
*
output
,
size_t
*
olen
)
{
CIPHER_VALIDATE_RET
(
ctx
!=
NULL
);
CIPHER_VALIDATE_RET
(
output
!=
NULL
);
CIPHER_VALIDATE_RET
(
olen
!=
NULL
);
if
(
ctx
->
cipher_info
==
NULL
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if
(
ctx
->
psa_enabled
==
1
)
{
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
return
(
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
);
}
#endif
/* MBEDTLS_USE_PSA_CRYPTO */
*
olen
=
0
;
if
(
MBEDTLS_MODE_CFB
==
ctx
->
cipher_info
->
mode
||
MBEDTLS_MODE_OFB
==
ctx
->
cipher_info
->
mode
||
MBEDTLS_MODE_CTR
==
ctx
->
cipher_info
->
mode
||
MBEDTLS_MODE_GCM
==
ctx
->
cipher_info
->
mode
||
MBEDTLS_MODE_XTS
==
ctx
->
cipher_info
->
mode
||
MBEDTLS_MODE_STREAM
==
ctx
->
cipher_info
->
mode
)
{
return
(
0
);
}
if
(
(
MBEDTLS_CIPHER_CHACHA20
==
ctx
->
cipher_info
->
type
)
||
(
MBEDTLS_CIPHER_CHACHA20_POLY1305
==
ctx
->
cipher_info
->
type
)
)
{
return
(
0
);
}
if
(
MBEDTLS_MODE_ECB
==
ctx
->
cipher_info
->
mode
)
{
if
(
ctx
->
unprocessed_len
!=
0
)
return
(
MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
);
return
(
0
);
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
if
(
MBEDTLS_MODE_CBC
==
ctx
->
cipher_info
->
mode
)
{
int
ret
=
0
;
if
(
MBEDTLS_ENCRYPT
==
ctx
->
operation
)
{
/* check for 'no padding' mode */
if
(
NULL
==
ctx
->
add_padding
)
{
if
(
0
!=
ctx
->
unprocessed_len
)
return
(
MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
);
return
(
0
);
}
ctx
->
add_padding
(
ctx
->
unprocessed_data
,
mbedtls_cipher_get_iv_size
(
ctx
),
ctx
->
unprocessed_len
);
}
else
if
(
mbedtls_cipher_get_block_size
(
ctx
)
!=
ctx
->
unprocessed_len
)
{
/*
* For decrypt operations, expect a full block,
* or an empty block if no padding
*/
if
(
NULL
==
ctx
->
add_padding
&&
0
==
ctx
->
unprocessed_len
)
return
(
0
);
return
(
MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
);
}
/* cipher block */
if
(
0
!=
(
ret
=
ctx
->
cipher_info
->
base
->
cbc_func
(
ctx
->
cipher_ctx
,
ctx
->
operation
,
mbedtls_cipher_get_block_size
(
ctx
),
ctx
->
iv
,
ctx
->
unprocessed_data
,
output
)
)
)
{
return
(
ret
);
}
/* Set output size for decryption */
if
(
MBEDTLS_DECRYPT
==
ctx
->
operation
)
return
(
ctx
->
get_padding
(
output
,
mbedtls_cipher_get_block_size
(
ctx
),
olen
)
);
/* Set output size for encryption */
*
olen
=
mbedtls_cipher_get_block_size
(
ctx
);
return
(
0
);
}
#else
((
void
)
output
);
#endif
/* MBEDTLS_CIPHER_MODE_CBC */
return
(
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
);
}
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
int
mbedtls_cipher_set_padding_mode
(
mbedtls_cipher_context_t
*
ctx
,
mbedtls_cipher_padding_t
mode
)
{
CIPHER_VALIDATE_RET
(
ctx
!=
NULL
);
if
(
NULL
==
ctx
->
cipher_info
||
MBEDTLS_MODE_CBC
!=
ctx
->
cipher_info
->
mode
)
{
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if
(
ctx
->
psa_enabled
==
1
)
{
/* While PSA Crypto knows about CBC padding
* schemes, we currently don't make them
* accessible through the cipher layer. */
if
(
mode
!=
MBEDTLS_PADDING_NONE
)
return
(
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
);
return
(
0
);
}
#endif
/* MBEDTLS_USE_PSA_CRYPTO */
switch
(
mode
)
{
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
case
MBEDTLS_PADDING_PKCS7
:
ctx
->
add_padding
=
add_pkcs_padding
;
ctx
->
get_padding
=
get_pkcs_padding
;
break
;
#endif
#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
case
MBEDTLS_PADDING_ONE_AND_ZEROS
:
ctx
->
add_padding
=
add_one_and_zeros_padding
;
ctx
->
get_padding
=
get_one_and_zeros_padding
;
break
;
#endif
#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
case
MBEDTLS_PADDING_ZEROS_AND_LEN
:
ctx
->
add_padding
=
add_zeros_and_len_padding
;
ctx
->
get_padding
=
get_zeros_and_len_padding
;
break
;
#endif
#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
case
MBEDTLS_PADDING_ZEROS
:
ctx
->
add_padding
=
add_zeros_padding
;
ctx
->
get_padding
=
get_zeros_padding
;
break
;
#endif
case
MBEDTLS_PADDING_NONE
:
ctx
->
add_padding
=
NULL
;
ctx
->
get_padding
=
get_no_padding
;
break
;
default:
return
(
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
);
}
return
(
0
);
}
#endif
/* MBEDTLS_CIPHER_MODE_WITH_PADDING */
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
int
mbedtls_cipher_write_tag
(
mbedtls_cipher_context_t
*
ctx
,
unsigned
char
*
tag
,
size_t
tag_len
)
{
CIPHER_VALIDATE_RET
(
ctx
!=
NULL
);
CIPHER_VALIDATE_RET
(
tag_len
==
0
||
tag
!=
NULL
);
if
(
ctx
->
cipher_info
==
NULL
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
if
(
MBEDTLS_ENCRYPT
!=
ctx
->
operation
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if
(
ctx
->
psa_enabled
==
1
)
{
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
return
(
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
);
return
(
0
);
}
#endif
/* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
if
(
MBEDTLS_MODE_GCM
==
ctx
->
cipher_info
->
mode
)
return
(
mbedtls_gcm_finish
(
(
mbedtls_gcm_context
*
)
ctx
->
cipher_ctx
,
tag
,
tag_len
)
);
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
if
(
MBEDTLS_CIPHER_CHACHA20_POLY1305
==
ctx
->
cipher_info
->
type
)
{
/* Don't allow truncated MAC for Poly1305 */
if
(
tag_len
!=
16U
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
return
(
mbedtls_chachapoly_finish
(
(
mbedtls_chachapoly_context
*
)
ctx
->
cipher_ctx
,
tag
)
);
}
#endif
return
(
0
);
}
int
mbedtls_cipher_check_tag
(
mbedtls_cipher_context_t
*
ctx
,
const
unsigned
char
*
tag
,
size_t
tag_len
)
{
unsigned
char
check_tag
[
16
];
int
ret
;
CIPHER_VALIDATE_RET
(
ctx
!=
NULL
);
CIPHER_VALIDATE_RET
(
tag_len
==
0
||
tag
!=
NULL
);
if
(
ctx
->
cipher_info
==
NULL
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
if
(
MBEDTLS_DECRYPT
!=
ctx
->
operation
)
{
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if
(
ctx
->
psa_enabled
==
1
)
{
/* While PSA Crypto has an API for multipart
* operations, we currently don't make it
* accessible through the cipher layer. */
return
(
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
);
}
#endif
/* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
if
(
MBEDTLS_MODE_GCM
==
ctx
->
cipher_info
->
mode
)
{
if
(
tag_len
>
sizeof
(
check_tag
)
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
if
(
0
!=
(
ret
=
mbedtls_gcm_finish
(
(
mbedtls_gcm_context
*
)
ctx
->
cipher_ctx
,
check_tag
,
tag_len
)
)
)
{
return
(
ret
);
}
/* Check the tag in "constant-time" */
if
(
mbedtls_constant_time_memcmp
(
tag
,
check_tag
,
tag_len
)
!=
0
)
return
(
MBEDTLS_ERR_CIPHER_AUTH_FAILED
);
return
(
0
);
}
#endif
/* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
if
(
MBEDTLS_CIPHER_CHACHA20_POLY1305
==
ctx
->
cipher_info
->
type
)
{
/* Don't allow truncated MAC for Poly1305 */
if
(
tag_len
!=
sizeof
(
check_tag
)
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
ret
=
mbedtls_chachapoly_finish
(
(
mbedtls_chachapoly_context
*
)
ctx
->
cipher_ctx
,
check_tag
);
if
(
ret
!=
0
)
{
return
(
ret
);
}
/* Check the tag in "constant-time" */
if
(
mbedtls_constant_time_memcmp
(
tag
,
check_tag
,
tag_len
)
!=
0
)
return
(
MBEDTLS_ERR_CIPHER_AUTH_FAILED
);
return
(
0
);
}
#endif
/* MBEDTLS_CHACHAPOLY_C */
return
(
0
);
}
#endif
/* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
/*
* Packet-oriented wrapper for non-AEAD modes
*/
int
mbedtls_cipher_crypt
(
mbedtls_cipher_context_t
*
ctx
,
const
unsigned
char
*
iv
,
size_t
iv_len
,
const
unsigned
char
*
input
,
size_t
ilen
,
unsigned
char
*
output
,
size_t
*
olen
)
{
int
ret
;
size_t
finish_olen
;
CIPHER_VALIDATE_RET
(
ctx
!=
NULL
);
CIPHER_VALIDATE_RET
(
iv_len
==
0
||
iv
!=
NULL
);
CIPHER_VALIDATE_RET
(
ilen
==
0
||
input
!=
NULL
);
CIPHER_VALIDATE_RET
(
output
!=
NULL
);
CIPHER_VALIDATE_RET
(
olen
!=
NULL
);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if
(
ctx
->
psa_enabled
==
1
)
{
/* As in the non-PSA case, we don't check that
* a key has been set. If not, the key slot will
* still be in its default state of 0, which is
* guaranteed to be invalid, hence the PSA-call
* below will gracefully fail. */
mbedtls_cipher_context_psa
*
const
cipher_psa
=
(
mbedtls_cipher_context_psa
*
)
ctx
->
cipher_ctx
;
psa_status_t
status
;
psa_cipher_operation_t
cipher_op
=
PSA_CIPHER_OPERATION_INIT
;
size_t
part_len
;
if
(
ctx
->
operation
==
MBEDTLS_DECRYPT
)
{
status
=
psa_cipher_decrypt_setup
(
&
cipher_op
,
cipher_psa
->
slot
,
cipher_psa
->
alg
);
}
else
if
(
ctx
->
operation
==
MBEDTLS_ENCRYPT
)
{
status
=
psa_cipher_encrypt_setup
(
&
cipher_op
,
cipher_psa
->
slot
,
cipher_psa
->
alg
);
}
else
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
/* In the following, we can immediately return on an error,
* because the PSA Crypto API guarantees that cipher operations
* are terminated by unsuccessful calls to psa_cipher_update(),
* and by any call to psa_cipher_finish(). */
if
(
status
!=
PSA_SUCCESS
)
return
(
MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED
);
status
=
psa_cipher_set_iv
(
&
cipher_op
,
iv
,
iv_len
);
if
(
status
!=
PSA_SUCCESS
)
return
(
MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED
);
status
=
psa_cipher_update
(
&
cipher_op
,
input
,
ilen
,
output
,
ilen
,
olen
);
if
(
status
!=
PSA_SUCCESS
)
return
(
MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED
);
status
=
psa_cipher_finish
(
&
cipher_op
,
output
+
*
olen
,
ilen
-
*
olen
,
&
part_len
);
if
(
status
!=
PSA_SUCCESS
)
return
(
MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED
);
*
olen
+=
part_len
;
return
(
0
);
}
#endif
/* MBEDTLS_USE_PSA_CRYPTO */
if
(
(
ret
=
mbedtls_cipher_set_iv
(
ctx
,
iv
,
iv_len
)
)
!=
0
)
return
(
ret
);
if
(
(
ret
=
mbedtls_cipher_reset
(
ctx
)
)
!=
0
)
return
(
ret
);
if
(
(
ret
=
mbedtls_cipher_update
(
ctx
,
input
,
ilen
,
output
,
olen
)
)
!=
0
)
return
(
ret
);
if
(
(
ret
=
mbedtls_cipher_finish
(
ctx
,
output
+
*
olen
,
&
finish_olen
)
)
!=
0
)
return
(
ret
);
*
olen
+=
finish_olen
;
return
(
0
);
}
#if defined(MBEDTLS_CIPHER_MODE_AEAD)
/*
* Packet-oriented encryption for AEAD modes
*/
int
mbedtls_cipher_auth_encrypt
(
mbedtls_cipher_context_t
*
ctx
,
const
unsigned
char
*
iv
,
size_t
iv_len
,
const
unsigned
char
*
ad
,
size_t
ad_len
,
const
unsigned
char
*
input
,
size_t
ilen
,
unsigned
char
*
output
,
size_t
*
olen
,
unsigned
char
*
tag
,
size_t
tag_len
)
{
CIPHER_VALIDATE_RET
(
ctx
!=
NULL
);
CIPHER_VALIDATE_RET
(
iv
!=
NULL
);
CIPHER_VALIDATE_RET
(
ad_len
==
0
||
ad
!=
NULL
);
CIPHER_VALIDATE_RET
(
ilen
==
0
||
input
!=
NULL
);
CIPHER_VALIDATE_RET
(
output
!=
NULL
);
CIPHER_VALIDATE_RET
(
olen
!=
NULL
);
CIPHER_VALIDATE_RET
(
tag_len
==
0
||
tag
!=
NULL
);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if
(
ctx
->
psa_enabled
==
1
)
{
/* As in the non-PSA case, we don't check that
* a key has been set. If not, the key slot will
* still be in its default state of 0, which is
* guaranteed to be invalid, hence the PSA-call
* below will gracefully fail. */
mbedtls_cipher_context_psa
*
const
cipher_psa
=
(
mbedtls_cipher_context_psa
*
)
ctx
->
cipher_ctx
;
psa_status_t
status
;
/* PSA Crypto API always writes the authentication tag
* at the end of the encrypted message. */
if
(
tag
!=
output
+
ilen
)
return
(
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
);
status
=
psa_aead_encrypt
(
cipher_psa
->
slot
,
cipher_psa
->
alg
,
iv
,
iv_len
,
ad
,
ad_len
,
input
,
ilen
,
output
,
ilen
+
tag_len
,
olen
);
if
(
status
!=
PSA_SUCCESS
)
return
(
MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED
);
*
olen
-=
tag_len
;
return
(
0
);
}
#endif
/* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
if
(
MBEDTLS_MODE_GCM
==
ctx
->
cipher_info
->
mode
)
{
*
olen
=
ilen
;
return
(
mbedtls_gcm_crypt_and_tag
(
ctx
->
cipher_ctx
,
MBEDTLS_GCM_ENCRYPT
,
ilen
,
iv
,
iv_len
,
ad
,
ad_len
,
input
,
output
,
tag_len
,
tag
)
);
}
#endif
/* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
if
(
MBEDTLS_MODE_CCM
==
ctx
->
cipher_info
->
mode
)
{
*
olen
=
ilen
;
return
(
mbedtls_ccm_encrypt_and_tag
(
ctx
->
cipher_ctx
,
ilen
,
iv
,
iv_len
,
ad
,
ad_len
,
input
,
output
,
tag
,
tag_len
)
);
}
#endif
/* MBEDTLS_CCM_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
if
(
MBEDTLS_CIPHER_CHACHA20_POLY1305
==
ctx
->
cipher_info
->
type
)
{
/* ChachaPoly has fixed length nonce and MAC (tag) */
if
(
(
iv_len
!=
ctx
->
cipher_info
->
iv_size
)
||
(
tag_len
!=
16U
)
)
{
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
}
*
olen
=
ilen
;
return
(
mbedtls_chachapoly_encrypt_and_tag
(
ctx
->
cipher_ctx
,
ilen
,
iv
,
ad
,
ad_len
,
input
,
output
,
tag
)
);
}
#endif
/* MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_NIST_KW_C)
if
(
MBEDTLS_MODE_KW
==
ctx
->
cipher_info
->
mode
||
MBEDTLS_MODE_KWP
==
ctx
->
cipher_info
->
mode
)
{
mbedtls_nist_kw_mode_t
mode
=
(
MBEDTLS_MODE_KW
==
ctx
->
cipher_info
->
mode
)
?
MBEDTLS_KW_MODE_KW
:
MBEDTLS_KW_MODE_KWP
;
/* There is no iv, tag or ad associated with KW and KWP, these length should be 0 */
if
(
iv_len
!=
0
||
tag_len
!=
0
||
ad_len
!=
0
)
{
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
}
return
(
mbedtls_nist_kw_wrap
(
ctx
->
cipher_ctx
,
mode
,
input
,
ilen
,
output
,
olen
,
SIZE_MAX
)
);
}
#endif
/* MBEDTLS_NIST_KW_C */
return
(
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
);
}
/*
* Packet-oriented decryption for AEAD modes
*/
int
mbedtls_cipher_auth_decrypt
(
mbedtls_cipher_context_t
*
ctx
,
const
unsigned
char
*
iv
,
size_t
iv_len
,
const
unsigned
char
*
ad
,
size_t
ad_len
,
const
unsigned
char
*
input
,
size_t
ilen
,
unsigned
char
*
output
,
size_t
*
olen
,
const
unsigned
char
*
tag
,
size_t
tag_len
)
{
CIPHER_VALIDATE_RET
(
ctx
!=
NULL
);
CIPHER_VALIDATE_RET
(
iv
!=
NULL
);
CIPHER_VALIDATE_RET
(
ad_len
==
0
||
ad
!=
NULL
);
CIPHER_VALIDATE_RET
(
ilen
==
0
||
input
!=
NULL
);
CIPHER_VALIDATE_RET
(
output
!=
NULL
);
CIPHER_VALIDATE_RET
(
olen
!=
NULL
);
CIPHER_VALIDATE_RET
(
tag_len
==
0
||
tag
!=
NULL
);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if
(
ctx
->
psa_enabled
==
1
)
{
/* As in the non-PSA case, we don't check that
* a key has been set. If not, the key slot will
* still be in its default state of 0, which is
* guaranteed to be invalid, hence the PSA-call
* below will gracefully fail. */
mbedtls_cipher_context_psa
*
const
cipher_psa
=
(
mbedtls_cipher_context_psa
*
)
ctx
->
cipher_ctx
;
psa_status_t
status
;
/* PSA Crypto API always writes the authentication tag
* at the end of the encrypted message. */
if
(
tag
!=
input
+
ilen
)
return
(
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
);
status
=
psa_aead_decrypt
(
cipher_psa
->
slot
,
cipher_psa
->
alg
,
iv
,
iv_len
,
ad
,
ad_len
,
input
,
ilen
+
tag_len
,
output
,
ilen
,
olen
);
if
(
status
==
PSA_ERROR_INVALID_SIGNATURE
)
return
(
MBEDTLS_ERR_CIPHER_AUTH_FAILED
);
else
if
(
status
!=
PSA_SUCCESS
)
return
(
MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED
);
return
(
0
);
}
#endif
/* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
if
(
MBEDTLS_MODE_GCM
==
ctx
->
cipher_info
->
mode
)
{
int
ret
;
*
olen
=
ilen
;
ret
=
mbedtls_gcm_auth_decrypt
(
ctx
->
cipher_ctx
,
ilen
,
iv
,
iv_len
,
ad
,
ad_len
,
tag
,
tag_len
,
input
,
output
);
if
(
ret
==
MBEDTLS_ERR_GCM_AUTH_FAILED
)
ret
=
MBEDTLS_ERR_CIPHER_AUTH_FAILED
;
return
(
ret
);
}
#endif
/* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
if
(
MBEDTLS_MODE_CCM
==
ctx
->
cipher_info
->
mode
)
{
int
ret
;
*
olen
=
ilen
;
ret
=
mbedtls_ccm_auth_decrypt
(
ctx
->
cipher_ctx
,
ilen
,
iv
,
iv_len
,
ad
,
ad_len
,
input
,
output
,
tag
,
tag_len
);
if
(
ret
==
MBEDTLS_ERR_CCM_AUTH_FAILED
)
ret
=
MBEDTLS_ERR_CIPHER_AUTH_FAILED
;
return
(
ret
);
}
#endif
/* MBEDTLS_CCM_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
if
(
MBEDTLS_CIPHER_CHACHA20_POLY1305
==
ctx
->
cipher_info
->
type
)
{
int
ret
;
/* ChachaPoly has fixed length nonce and MAC (tag) */
if
(
(
iv_len
!=
ctx
->
cipher_info
->
iv_size
)
||
(
tag_len
!=
16U
)
)
{
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
}
*
olen
=
ilen
;
ret
=
mbedtls_chachapoly_auth_decrypt
(
ctx
->
cipher_ctx
,
ilen
,
iv
,
ad
,
ad_len
,
tag
,
input
,
output
);
if
(
ret
==
MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
)
ret
=
MBEDTLS_ERR_CIPHER_AUTH_FAILED
;
return
(
ret
);
}
#endif
/* MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_NIST_KW_C)
if
(
MBEDTLS_MODE_KW
==
ctx
->
cipher_info
->
mode
||
MBEDTLS_MODE_KWP
==
ctx
->
cipher_info
->
mode
)
{
mbedtls_nist_kw_mode_t
mode
=
(
MBEDTLS_MODE_KW
==
ctx
->
cipher_info
->
mode
)
?
MBEDTLS_KW_MODE_KW
:
MBEDTLS_KW_MODE_KWP
;
/* There is no iv, tag or ad associated with KW and KWP, these length should be 0 */
if
(
iv_len
!=
0
||
tag_len
!=
0
||
ad_len
!=
0
)
{
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
}
return
(
mbedtls_nist_kw_unwrap
(
ctx
->
cipher_ctx
,
mode
,
input
,
ilen
,
output
,
olen
,
SIZE_MAX
)
);
}
#endif
/* MBEDTLS_NIST_KW_C */
return
(
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
);
}
#endif
/* MBEDTLS_CIPHER_MODE_AEAD */
#endif
/* MBEDTLS_CIPHER_C */
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/cipher.h
View file @
be1cf907
...
@@ -29,183 +29,14 @@
...
@@ -29,183 +29,14 @@
#ifndef MBEDTLS_CIPHER_H
#ifndef MBEDTLS_CIPHER_H
#define MBEDTLS_CIPHER_H
#define MBEDTLS_CIPHER_H
#include "config.h"
#include "platform_util.h"
#include "platform_util.h"
#include <stddef.h>
#include <stddef.h>
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
#define MBEDTLS_CIPHER_MODE_AEAD
#endif
#if defined(MBEDTLS_CIPHER_MODE_CBC)
#define MBEDTLS_CIPHER_MODE_WITH_PADDING
#endif
#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
defined(MBEDTLS_CHACHA20_C)
#define MBEDTLS_CIPHER_MODE_STREAM
#endif
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080
/**< The selected feature is not available. */
#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100
/**< Bad input parameters. */
#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180
/**< Failed to allocate memory. */
#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200
/**< Input data contains invalid padding and is rejected. */
#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280
/**< Decryption of block requires a full block. */
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300
/**< Authentication failed (for AEAD modes). */
#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380
/**< The context is invalid. For example, because it was freed. */
/* MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400
/**< Cipher hardware accelerator failed. */
#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01
/**< Cipher accepts IVs of variable length. */
#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02
/**< Cipher accepts keys of variable length. */
#ifdef __cplusplus
#ifdef __cplusplus
extern
"C"
{
extern
"C"
{
#endif
#endif
/**
* \brief Supported cipher types.
*
* \warning RC4 and DES are considered weak ciphers and their use
* constitutes a security risk. Arm recommends considering stronger
* ciphers instead.
*/
typedef
enum
{
MBEDTLS_CIPHER_ID_NONE
=
0
,
/**< Placeholder to mark the end of cipher ID lists. */
MBEDTLS_CIPHER_ID_NULL
,
/**< The identity cipher, treated as a stream cipher. */
MBEDTLS_CIPHER_ID_AES
,
/**< The AES cipher. */
MBEDTLS_CIPHER_ID_DES
,
/**< The DES cipher. */
MBEDTLS_CIPHER_ID_3DES
,
/**< The Triple DES cipher. */
MBEDTLS_CIPHER_ID_CAMELLIA
,
/**< The Camellia cipher. */
MBEDTLS_CIPHER_ID_BLOWFISH
,
/**< The Blowfish cipher. */
MBEDTLS_CIPHER_ID_ARC4
,
/**< The RC4 cipher. */
MBEDTLS_CIPHER_ID_ARIA
,
/**< The Aria cipher. */
MBEDTLS_CIPHER_ID_CHACHA20
,
/**< The ChaCha20 cipher. */
}
mbedtls_cipher_id_t
;
/**
* \brief Supported {cipher type, cipher mode} pairs.
*
* \warning RC4 and DES are considered weak ciphers and their use
* constitutes a security risk. Arm recommends considering stronger
* ciphers instead.
*/
typedef
enum
{
MBEDTLS_CIPHER_NONE
=
0
,
/**< Placeholder to mark the end of cipher-pair lists. */
MBEDTLS_CIPHER_NULL
,
/**< The identity stream cipher. */
MBEDTLS_CIPHER_AES_128_ECB
,
/**< AES cipher with 128-bit ECB mode. */
MBEDTLS_CIPHER_AES_192_ECB
,
/**< AES cipher with 192-bit ECB mode. */
MBEDTLS_CIPHER_AES_256_ECB
,
/**< AES cipher with 256-bit ECB mode. */
MBEDTLS_CIPHER_AES_128_CBC
,
/**< AES cipher with 128-bit CBC mode. */
MBEDTLS_CIPHER_AES_192_CBC
,
/**< AES cipher with 192-bit CBC mode. */
MBEDTLS_CIPHER_AES_256_CBC
,
/**< AES cipher with 256-bit CBC mode. */
MBEDTLS_CIPHER_AES_128_CFB128
,
/**< AES cipher with 128-bit CFB128 mode. */
MBEDTLS_CIPHER_AES_192_CFB128
,
/**< AES cipher with 192-bit CFB128 mode. */
MBEDTLS_CIPHER_AES_256_CFB128
,
/**< AES cipher with 256-bit CFB128 mode. */
MBEDTLS_CIPHER_AES_128_CTR
,
/**< AES cipher with 128-bit CTR mode. */
MBEDTLS_CIPHER_AES_192_CTR
,
/**< AES cipher with 192-bit CTR mode. */
MBEDTLS_CIPHER_AES_256_CTR
,
/**< AES cipher with 256-bit CTR mode. */
MBEDTLS_CIPHER_AES_128_GCM
,
/**< AES cipher with 128-bit GCM mode. */
MBEDTLS_CIPHER_AES_192_GCM
,
/**< AES cipher with 192-bit GCM mode. */
MBEDTLS_CIPHER_AES_256_GCM
,
/**< AES cipher with 256-bit GCM mode. */
MBEDTLS_CIPHER_CAMELLIA_128_ECB
,
/**< Camellia cipher with 128-bit ECB mode. */
MBEDTLS_CIPHER_CAMELLIA_192_ECB
,
/**< Camellia cipher with 192-bit ECB mode. */
MBEDTLS_CIPHER_CAMELLIA_256_ECB
,
/**< Camellia cipher with 256-bit ECB mode. */
MBEDTLS_CIPHER_CAMELLIA_128_CBC
,
/**< Camellia cipher with 128-bit CBC mode. */
MBEDTLS_CIPHER_CAMELLIA_192_CBC
,
/**< Camellia cipher with 192-bit CBC mode. */
MBEDTLS_CIPHER_CAMELLIA_256_CBC
,
/**< Camellia cipher with 256-bit CBC mode. */
MBEDTLS_CIPHER_CAMELLIA_128_CFB128
,
/**< Camellia cipher with 128-bit CFB128 mode. */
MBEDTLS_CIPHER_CAMELLIA_192_CFB128
,
/**< Camellia cipher with 192-bit CFB128 mode. */
MBEDTLS_CIPHER_CAMELLIA_256_CFB128
,
/**< Camellia cipher with 256-bit CFB128 mode. */
MBEDTLS_CIPHER_CAMELLIA_128_CTR
,
/**< Camellia cipher with 128-bit CTR mode. */
MBEDTLS_CIPHER_CAMELLIA_192_CTR
,
/**< Camellia cipher with 192-bit CTR mode. */
MBEDTLS_CIPHER_CAMELLIA_256_CTR
,
/**< Camellia cipher with 256-bit CTR mode. */
MBEDTLS_CIPHER_CAMELLIA_128_GCM
,
/**< Camellia cipher with 128-bit GCM mode. */
MBEDTLS_CIPHER_CAMELLIA_192_GCM
,
/**< Camellia cipher with 192-bit GCM mode. */
MBEDTLS_CIPHER_CAMELLIA_256_GCM
,
/**< Camellia cipher with 256-bit GCM mode. */
MBEDTLS_CIPHER_DES_ECB
,
/**< DES cipher with ECB mode. */
MBEDTLS_CIPHER_DES_CBC
,
/**< DES cipher with CBC mode. */
MBEDTLS_CIPHER_DES_EDE_ECB
,
/**< DES cipher with EDE ECB mode. */
MBEDTLS_CIPHER_DES_EDE_CBC
,
/**< DES cipher with EDE CBC mode. */
MBEDTLS_CIPHER_DES_EDE3_ECB
,
/**< DES cipher with EDE3 ECB mode. */
MBEDTLS_CIPHER_DES_EDE3_CBC
,
/**< DES cipher with EDE3 CBC mode. */
MBEDTLS_CIPHER_BLOWFISH_ECB
,
/**< Blowfish cipher with ECB mode. */
MBEDTLS_CIPHER_BLOWFISH_CBC
,
/**< Blowfish cipher with CBC mode. */
MBEDTLS_CIPHER_BLOWFISH_CFB64
,
/**< Blowfish cipher with CFB64 mode. */
MBEDTLS_CIPHER_BLOWFISH_CTR
,
/**< Blowfish cipher with CTR mode. */
MBEDTLS_CIPHER_ARC4_128
,
/**< RC4 cipher with 128-bit mode. */
MBEDTLS_CIPHER_AES_128_CCM
,
/**< AES cipher with 128-bit CCM mode. */
MBEDTLS_CIPHER_AES_192_CCM
,
/**< AES cipher with 192-bit CCM mode. */
MBEDTLS_CIPHER_AES_256_CCM
,
/**< AES cipher with 256-bit CCM mode. */
MBEDTLS_CIPHER_CAMELLIA_128_CCM
,
/**< Camellia cipher with 128-bit CCM mode. */
MBEDTLS_CIPHER_CAMELLIA_192_CCM
,
/**< Camellia cipher with 192-bit CCM mode. */
MBEDTLS_CIPHER_CAMELLIA_256_CCM
,
/**< Camellia cipher with 256-bit CCM mode. */
MBEDTLS_CIPHER_ARIA_128_ECB
,
/**< Aria cipher with 128-bit key and ECB mode. */
MBEDTLS_CIPHER_ARIA_192_ECB
,
/**< Aria cipher with 192-bit key and ECB mode. */
MBEDTLS_CIPHER_ARIA_256_ECB
,
/**< Aria cipher with 256-bit key and ECB mode. */
MBEDTLS_CIPHER_ARIA_128_CBC
,
/**< Aria cipher with 128-bit key and CBC mode. */
MBEDTLS_CIPHER_ARIA_192_CBC
,
/**< Aria cipher with 192-bit key and CBC mode. */
MBEDTLS_CIPHER_ARIA_256_CBC
,
/**< Aria cipher with 256-bit key and CBC mode. */
MBEDTLS_CIPHER_ARIA_128_CFB128
,
/**< Aria cipher with 128-bit key and CFB-128 mode. */
MBEDTLS_CIPHER_ARIA_192_CFB128
,
/**< Aria cipher with 192-bit key and CFB-128 mode. */
MBEDTLS_CIPHER_ARIA_256_CFB128
,
/**< Aria cipher with 256-bit key and CFB-128 mode. */
MBEDTLS_CIPHER_ARIA_128_CTR
,
/**< Aria cipher with 128-bit key and CTR mode. */
MBEDTLS_CIPHER_ARIA_192_CTR
,
/**< Aria cipher with 192-bit key and CTR mode. */
MBEDTLS_CIPHER_ARIA_256_CTR
,
/**< Aria cipher with 256-bit key and CTR mode. */
MBEDTLS_CIPHER_ARIA_128_GCM
,
/**< Aria cipher with 128-bit key and GCM mode. */
MBEDTLS_CIPHER_ARIA_192_GCM
,
/**< Aria cipher with 192-bit key and GCM mode. */
MBEDTLS_CIPHER_ARIA_256_GCM
,
/**< Aria cipher with 256-bit key and GCM mode. */
MBEDTLS_CIPHER_ARIA_128_CCM
,
/**< Aria cipher with 128-bit key and CCM mode. */
MBEDTLS_CIPHER_ARIA_192_CCM
,
/**< Aria cipher with 192-bit key and CCM mode. */
MBEDTLS_CIPHER_ARIA_256_CCM
,
/**< Aria cipher with 256-bit key and CCM mode. */
MBEDTLS_CIPHER_AES_128_OFB
,
/**< AES 128-bit cipher in OFB mode. */
MBEDTLS_CIPHER_AES_192_OFB
,
/**< AES 192-bit cipher in OFB mode. */
MBEDTLS_CIPHER_AES_256_OFB
,
/**< AES 256-bit cipher in OFB mode. */
MBEDTLS_CIPHER_AES_128_XTS
,
/**< AES 128-bit cipher in XTS block mode. */
MBEDTLS_CIPHER_AES_256_XTS
,
/**< AES 256-bit cipher in XTS block mode. */
MBEDTLS_CIPHER_CHACHA20
,
/**< ChaCha20 stream cipher. */
MBEDTLS_CIPHER_CHACHA20_POLY1305
,
/**< ChaCha20-Poly1305 AEAD cipher. */
MBEDTLS_CIPHER_AES_128_KW
,
/**< AES cipher with 128-bit NIST KW mode. */
MBEDTLS_CIPHER_AES_192_KW
,
/**< AES cipher with 192-bit NIST KW mode. */
MBEDTLS_CIPHER_AES_256_KW
,
/**< AES cipher with 256-bit NIST KW mode. */
MBEDTLS_CIPHER_AES_128_KWP
,
/**< AES cipher with 128-bit NIST KWP mode. */
MBEDTLS_CIPHER_AES_192_KWP
,
/**< AES cipher with 192-bit NIST KWP mode. */
MBEDTLS_CIPHER_AES_256_KWP
,
/**< AES cipher with 256-bit NIST KWP mode. */
}
mbedtls_cipher_type_t
;
/** Supported cipher modes. */
typedef
enum
{
MBEDTLS_MODE_NONE
=
0
,
/**< None. */
MBEDTLS_MODE_ECB
,
/**< The ECB cipher mode. */
MBEDTLS_MODE_CBC
,
/**< The CBC cipher mode. */
MBEDTLS_MODE_CFB
,
/**< The CFB cipher mode. */
MBEDTLS_MODE_OFB
,
/**< The OFB cipher mode. */
MBEDTLS_MODE_CTR
,
/**< The CTR cipher mode. */
MBEDTLS_MODE_GCM
,
/**< The GCM cipher mode. */
MBEDTLS_MODE_STREAM
,
/**< The stream cipher mode. */
MBEDTLS_MODE_CCM
,
/**< The CCM cipher mode. */
MBEDTLS_MODE_XTS
,
/**< The XTS cipher mode. */
MBEDTLS_MODE_CHACHAPOLY
,
/**< The ChaCha-Poly cipher mode. */
MBEDTLS_MODE_KW
,
/**< The SP800-38F KW mode */
MBEDTLS_MODE_KWP
,
/**< The SP800-38F KWP mode */
}
mbedtls_cipher_mode_t
;
/** Supported cipher padding types. */
typedef
enum
{
MBEDTLS_PADDING_PKCS7
=
0
,
/**< PKCS7 padding (default). */
MBEDTLS_PADDING_ONE_AND_ZEROS
,
/**< ISO/IEC 7816-4 padding. */
MBEDTLS_PADDING_ZEROS_AND_LEN
,
/**< ANSI X.923 padding. */
MBEDTLS_PADDING_ZEROS
,
/**< Zero padding (not reversible). */
MBEDTLS_PADDING_NONE
,
/**< Never pad (full blocks only). */
}
mbedtls_cipher_padding_t
;
/** Type of operation. */
/** Type of operation. */
typedef
enum
{
typedef
enum
{
MBEDTLS_OPERATION_NONE
=
-
1
,
MBEDTLS_OPERATION_NONE
=
-
1
,
...
@@ -213,83 +44,16 @@ typedef enum {
...
@@ -213,83 +44,16 @@ typedef enum {
MBEDTLS_ENCRYPT
,
MBEDTLS_ENCRYPT
,
}
mbedtls_operation_t
;
}
mbedtls_operation_t
;
enum
{
/** Undefined key length. */
MBEDTLS_KEY_LENGTH_NONE
=
0
,
/** Key length, in bits (including parity), for DES keys. */
MBEDTLS_KEY_LENGTH_DES
=
64
,
/** Key length in bits, including parity, for DES in two-key EDE. */
MBEDTLS_KEY_LENGTH_DES_EDE
=
128
,
/** Key length in bits, including parity, for DES in three-key EDE. */
MBEDTLS_KEY_LENGTH_DES_EDE3
=
192
,
};
/** Maximum length of any IV, in Bytes. */
/** Maximum length of any IV, in Bytes. */
#define MBEDTLS_MAX_IV_LENGTH 16
#define MBEDTLS_MAX_IV_LENGTH 16
/** Maximum block size of any cipher, in Bytes. */
/** Maximum block size of any cipher, in Bytes. */
#define MBEDTLS_MAX_BLOCK_LENGTH 16
#define MBEDTLS_MAX_BLOCK_LENGTH 16
/**
/**
* Base cipher information (opaque struct).
*/
typedef
struct
mbedtls_cipher_base_t
mbedtls_cipher_base_t
;
/**
* CMAC context (opaque struct).
*/
typedef
struct
mbedtls_cmac_context_t
mbedtls_cmac_context_t
;
/**
* Cipher information. Allows calling cipher functions
* in a generic way.
*/
typedef
struct
mbedtls_cipher_info_t
{
/** Full cipher identifier. For example,
* MBEDTLS_CIPHER_AES_256_CBC.
*/
mbedtls_cipher_type_t
type
;
/** The cipher mode. For example, MBEDTLS_MODE_CBC. */
mbedtls_cipher_mode_t
mode
;
/** The cipher key length, in bits. This is the
* default length for variable sized ciphers.
* Includes parity bits for ciphers like DES.
*/
unsigned
int
key_bitlen
;
/** Name of the cipher. */
const
char
*
name
;
/** IV or nonce size, in Bytes.
* For ciphers that accept variable IV sizes,
* this is the recommended size.
*/
unsigned
int
iv_size
;
/** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and
* MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the
* cipher supports variable IV or variable key sizes, respectively.
*/
int
flags
;
/** The block size, in Bytes. */
unsigned
int
block_size
;
/** Struct for base cipher information and functions. */
const
mbedtls_cipher_base_t
*
base
;
}
mbedtls_cipher_info_t
;
/**
* Generic cipher context.
* Generic cipher context.
*/
*/
typedef
struct
mbedtls_cipher_context_t
typedef
struct
mbedtls_cipher_context_t
{
{
/** Information about the associated cipher. */
const
mbedtls_cipher_info_t
*
cipher_info
;
/** Key length to use. */
/** Key length to use. */
int
key_bitlen
;
int
key_bitlen
;
...
@@ -298,623 +62,11 @@ typedef struct mbedtls_cipher_context_t
...
@@ -298,623 +62,11 @@ typedef struct mbedtls_cipher_context_t
*/
*/
mbedtls_operation_t
operation
;
mbedtls_operation_t
operation
;
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
/** Padding functions to use, if relevant for
* the specific cipher mode.
*/
void
(
*
add_padding
)(
unsigned
char
*
output
,
size_t
olen
,
size_t
data_len
);
int
(
*
get_padding
)(
unsigned
char
*
input
,
size_t
ilen
,
size_t
*
data_len
);
#endif
/** Buffer for input that has not been processed yet. */
unsigned
char
unprocessed_data
[
MBEDTLS_MAX_BLOCK_LENGTH
];
/** Number of Bytes that have not been processed yet. */
size_t
unprocessed_len
;
/** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number
* for XTS-mode. */
unsigned
char
iv
[
MBEDTLS_MAX_IV_LENGTH
];
/** IV size in Bytes, for ciphers with variable-length IVs. */
size_t
iv_size
;
/** The cipher-specific context. */
/** The cipher-specific context. */
void
*
cipher_ctx
;
void
*
cipher_ctx
;
#if defined(MBEDTLS_CMAC_C)
/** CMAC-specific context. */
mbedtls_cmac_context_t
*
cmac_ctx
;
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/** Indicates whether the cipher operations should be performed
* by Mbed TLS' own crypto library or an external implementation
* of the PSA Crypto API.
* This is unset if the cipher context was established through
* mbedtls_cipher_setup(), and set if it was established through
* mbedtls_cipher_setup_psa().
*/
unsigned
char
psa_enabled
;
#endif
/* MBEDTLS_USE_PSA_CRYPTO */
}
mbedtls_cipher_context_t
;
}
mbedtls_cipher_context_t
;
/**
* \brief This function retrieves the list of ciphers supported
* by the generic cipher module.
*
* For any cipher identifier in the returned list, you can
* obtain the corresponding generic cipher information structure
* via mbedtls_cipher_info_from_type(), which can then be used
* to prepare a cipher context via mbedtls_cipher_setup().
*
*
* \return A statically-allocated array of cipher identifiers
* of type cipher_type_t. The last entry is zero.
*/
const
int
*
mbedtls_cipher_list
(
void
);
/**
* \brief This function retrieves the cipher-information
* structure associated with the given cipher name.
*
* \param cipher_name Name of the cipher to search for. This must not be
* \c NULL.
*
* \return The cipher information structure associated with the
* given \p cipher_name.
* \return \c NULL if the associated cipher information is not found.
*/
const
mbedtls_cipher_info_t
*
mbedtls_cipher_info_from_string
(
const
char
*
cipher_name
);
/**
* \brief This function retrieves the cipher-information
* structure associated with the given cipher type.
*
* \param cipher_type Type of the cipher to search for.
*
* \return The cipher information structure associated with the
* given \p cipher_type.
* \return \c NULL if the associated cipher information is not found.
*/
const
mbedtls_cipher_info_t
*
mbedtls_cipher_info_from_type
(
const
mbedtls_cipher_type_t
cipher_type
);
/**
* \brief This function retrieves the cipher-information
* structure associated with the given cipher ID,
* key size and mode.
*
* \param cipher_id The ID of the cipher to search for. For example,
* #MBEDTLS_CIPHER_ID_AES.
* \param key_bitlen The length of the key in bits.
* \param mode The cipher mode. For example, #MBEDTLS_MODE_CBC.
*
* \return The cipher information structure associated with the
* given \p cipher_id.
* \return \c NULL if the associated cipher information is not found.
*/
const
mbedtls_cipher_info_t
*
mbedtls_cipher_info_from_values
(
const
mbedtls_cipher_id_t
cipher_id
,
int
key_bitlen
,
const
mbedtls_cipher_mode_t
mode
);
/**
* \brief This function initializes a \p cipher_context as NONE.
*
* \param ctx The context to be initialized. This must not be \c NULL.
*/
void
mbedtls_cipher_init
(
mbedtls_cipher_context_t
*
ctx
);
/**
* \brief This function frees and clears the cipher-specific
* context of \p ctx. Freeing \p ctx itself remains the
* responsibility of the caller.
*
* \param ctx The context to be freed. If this is \c NULL, the
* function has no effect, otherwise this must point to an
* initialized context.
*/
void
mbedtls_cipher_free
(
mbedtls_cipher_context_t
*
ctx
);
/**
* \brief This function initializes a cipher context for
* use with the given cipher primitive.
*
* \param ctx The context to initialize. This must be initialized.
* \param cipher_info The cipher to use.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
* \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
* cipher-specific context fails.
*
* \internal Currently, the function also clears the structure.
* In future versions, the caller will be required to call
* mbedtls_cipher_init() on the structure first.
*/
int
mbedtls_cipher_setup
(
mbedtls_cipher_context_t
*
ctx
,
const
mbedtls_cipher_info_t
*
cipher_info
);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
* \brief This function initializes a cipher context for
* PSA-based use with the given cipher primitive.
*
* \note See #MBEDTLS_USE_PSA_CRYPTO for information on PSA.
*
* \param ctx The context to initialize. May not be \c NULL.
* \param cipher_info The cipher to use.
* \param taglen For AEAD ciphers, the length in bytes of the
* authentication tag to use. Subsequent uses of
* mbedtls_cipher_auth_encrypt() or
* mbedtls_cipher_auth_decrypt() must provide
* the same tag length.
* For non-AEAD ciphers, the value must be \c 0.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
* \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
* cipher-specific context fails.
*/
int
mbedtls_cipher_setup_psa
(
mbedtls_cipher_context_t
*
ctx
,
const
mbedtls_cipher_info_t
*
cipher_info
,
size_t
taglen
);
#endif
/* MBEDTLS_USE_PSA_CRYPTO */
/**
* \brief This function returns the block size of the given cipher.
*
* \param ctx The context of the cipher. This must be initialized.
*
* \return The block size of the underlying cipher.
* \return \c 0 if \p ctx has not been initialized.
*/
static
inline
unsigned
int
mbedtls_cipher_get_block_size
(
const
mbedtls_cipher_context_t
*
ctx
)
{
MBEDTLS_INTERNAL_VALIDATE_RET
(
ctx
!=
NULL
,
0
);
if
(
ctx
->
cipher_info
==
NULL
)
return
0
;
return
ctx
->
cipher_info
->
block_size
;
}
/**
* \brief This function returns the mode of operation for
* the cipher. For example, MBEDTLS_MODE_CBC.
*
* \param ctx The context of the cipher. This must be initialized.
*
* \return The mode of operation.
* \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized.
*/
static
inline
mbedtls_cipher_mode_t
mbedtls_cipher_get_cipher_mode
(
const
mbedtls_cipher_context_t
*
ctx
)
{
MBEDTLS_INTERNAL_VALIDATE_RET
(
ctx
!=
NULL
,
MBEDTLS_MODE_NONE
);
if
(
ctx
->
cipher_info
==
NULL
)
return
MBEDTLS_MODE_NONE
;
return
ctx
->
cipher_info
->
mode
;
}
/**
* \brief This function returns the size of the IV or nonce
* of the cipher, in Bytes.
*
* \param ctx The context of the cipher. This must be initialized.
*
* \return The recommended IV size if no IV has been set.
* \return \c 0 for ciphers not using an IV or a nonce.
* \return The actual size if an IV has been set.
*/
static
inline
int
mbedtls_cipher_get_iv_size
(
const
mbedtls_cipher_context_t
*
ctx
)
{
MBEDTLS_INTERNAL_VALIDATE_RET
(
ctx
!=
NULL
,
0
);
if
(
ctx
->
cipher_info
==
NULL
)
return
0
;
if
(
ctx
->
iv_size
!=
0
)
return
(
int
)
ctx
->
iv_size
;
return
(
int
)
ctx
->
cipher_info
->
iv_size
;
}
/**
* \brief This function returns the type of the given cipher.
*
* \param ctx The context of the cipher. This must be initialized.
*
* \return The type of the cipher.
* \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized.
*/
static
inline
mbedtls_cipher_type_t
mbedtls_cipher_get_type
(
const
mbedtls_cipher_context_t
*
ctx
)
{
MBEDTLS_INTERNAL_VALIDATE_RET
(
ctx
!=
NULL
,
MBEDTLS_CIPHER_NONE
);
if
(
ctx
->
cipher_info
==
NULL
)
return
MBEDTLS_CIPHER_NONE
;
return
ctx
->
cipher_info
->
type
;
}
/**
* \brief This function returns the name of the given cipher
* as a string.
*
* \param ctx The context of the cipher. This must be initialized.
*
* \return The name of the cipher.
* \return NULL if \p ctx has not been not initialized.
*/
static
inline
const
char
*
mbedtls_cipher_get_name
(
const
mbedtls_cipher_context_t
*
ctx
)
{
MBEDTLS_INTERNAL_VALIDATE_RET
(
ctx
!=
NULL
,
0
);
if
(
ctx
->
cipher_info
==
NULL
)
return
0
;
return
ctx
->
cipher_info
->
name
;
}
/**
* \brief This function returns the key length of the cipher.
*
* \param ctx The context of the cipher. This must be initialized.
*
* \return The key length of the cipher in bits.
* \return #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
* initialized.
*/
static
inline
int
mbedtls_cipher_get_key_bitlen
(
const
mbedtls_cipher_context_t
*
ctx
)
{
MBEDTLS_INTERNAL_VALIDATE_RET
(
ctx
!=
NULL
,
MBEDTLS_KEY_LENGTH_NONE
);
if
(
ctx
->
cipher_info
==
NULL
)
return
MBEDTLS_KEY_LENGTH_NONE
;
return
(
int
)
ctx
->
cipher_info
->
key_bitlen
;
}
/**
* \brief This function returns the operation of the given cipher.
*
* \param ctx The context of the cipher. This must be initialized.
*
* \return The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
* \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized.
*/
static
inline
mbedtls_operation_t
mbedtls_cipher_get_operation
(
const
mbedtls_cipher_context_t
*
ctx
)
{
MBEDTLS_INTERNAL_VALIDATE_RET
(
ctx
!=
NULL
,
MBEDTLS_OPERATION_NONE
);
if
(
ctx
->
cipher_info
==
NULL
)
return
MBEDTLS_OPERATION_NONE
;
return
ctx
->
operation
;
}
/**
* \brief This function sets the key to use with the given context.
*
* \param ctx The generic cipher context. This must be initialized and
* bound to a cipher information structure.
* \param key The key to use. This must be a readable buffer of at
* least \p key_bitlen Bits.
* \param key_bitlen The key length to use, in Bits.
* \param operation The operation that the key will be used for:
* #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
* \return A cipher-specific error code on failure.
*/
int
mbedtls_cipher_setkey
(
mbedtls_cipher_context_t
*
ctx
,
const
unsigned
char
*
key
,
int
key_bitlen
,
const
mbedtls_operation_t
operation
);
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
/**
* \brief This function sets the padding mode, for cipher modes
* that use padding.
*
* The default passing mode is PKCS7 padding.
*
* \param ctx The generic cipher context. This must be initialized and
* bound to a cipher information structure.
* \param mode The padding mode.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
* if the selected padding mode is not supported.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
* does not support padding.
*/
int
mbedtls_cipher_set_padding_mode
(
mbedtls_cipher_context_t
*
ctx
,
mbedtls_cipher_padding_t
mode
);
#endif
/* MBEDTLS_CIPHER_MODE_WITH_PADDING */
/**
* \brief This function sets the initialization vector (IV)
* or nonce.
*
* \note Some ciphers do not use IVs nor nonce. For these
* ciphers, this function has no effect.
*
* \param ctx The generic cipher context. This must be initialized and
* bound to a cipher information structure.
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This
* must be a readable buffer of at least \p iv_len Bytes.
* \param iv_len The IV length for ciphers with variable-size IV.
* This parameter is discarded by ciphers with fixed-size IV.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
*/
int
mbedtls_cipher_set_iv
(
mbedtls_cipher_context_t
*
ctx
,
const
unsigned
char
*
iv
,
size_t
iv_len
);
/**
* \brief This function resets the cipher state.
*
* \param ctx The generic cipher context. This must be initialized.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
*/
int
mbedtls_cipher_reset
(
mbedtls_cipher_context_t
*
ctx
);
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
/**
* \brief This function adds additional data for AEAD ciphers.
* Currently supported with GCM and ChaCha20+Poly1305.
* This must be called exactly once, after
* mbedtls_cipher_reset().
*
* \param ctx The generic cipher context. This must be initialized.
* \param ad The additional data to use. This must be a readable
* buffer of at least \p ad_len Bytes.
* \param ad_len The length of \p ad in Bytes.
*
* \return \c 0 on success.
* \return A specific error code on failure.
*/
int
mbedtls_cipher_update_ad
(
mbedtls_cipher_context_t
*
ctx
,
const
unsigned
char
*
ad
,
size_t
ad_len
);
#endif
/* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
/**
* \brief The generic cipher update function. It encrypts or
* decrypts using the given cipher context. Writes as
* many block-sized blocks of data as possible to output.
* Any data that cannot be written immediately is either
* added to the next block, or flushed when
* mbedtls_cipher_finish() is called.
* Exception: For MBEDTLS_MODE_ECB, expects a single block
* in size. For example, 16 Bytes for AES.
*
* \note If the underlying cipher is used in GCM mode, all calls
* to this function, except for the last one before
* mbedtls_cipher_finish(), must have \p ilen as a
* multiple of the block size of the cipher.
*
* \param ctx The generic cipher context. This must be initialized and
* bound to a key.
* \param input The buffer holding the input data. This must be a
* readable buffer of at least \p ilen Bytes.
* \param ilen The length of the input data.
* \param output The buffer for the output data. This must be able to
* hold at least `ilen + block_size`. This must not be the
* same buffer as \p input.
* \param olen The length of the output data, to be updated with the
* actual number of Bytes written. This must not be
* \c NULL.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
* \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
* unsupported mode for a cipher.
* \return A cipher-specific error code on failure.
*/
int
mbedtls_cipher_update
(
mbedtls_cipher_context_t
*
ctx
,
const
unsigned
char
*
input
,
size_t
ilen
,
unsigned
char
*
output
,
size_t
*
olen
);
/**
* \brief The generic cipher finalization function. If data still
* needs to be flushed from an incomplete block, the data
* contained in it is padded to the size of
* the last block, and written to the \p output buffer.
*
* \param ctx The generic cipher context. This must be initialized and
* bound to a key.
* \param output The buffer to write data to. This needs to be a writable
* buffer of at least \p block_size Bytes.
* \param olen The length of the data written to the \p output buffer.
* This may not be \c NULL.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
* \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
* expecting a full block but not receiving one.
* \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
* while decrypting.
* \return A cipher-specific error code on failure.
*/
int
mbedtls_cipher_finish
(
mbedtls_cipher_context_t
*
ctx
,
unsigned
char
*
output
,
size_t
*
olen
);
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
/**
* \brief This function writes a tag for AEAD ciphers.
* Currently supported with GCM and ChaCha20+Poly1305.
* This must be called after mbedtls_cipher_finish().
*
* \param ctx The generic cipher context. This must be initialized,
* bound to a key, and have just completed a cipher
* operation through mbedtls_cipher_finish() the tag for
* which should be written.
* \param tag The buffer to write the tag to. This must be a writable
* buffer of at least \p tag_len Bytes.
* \param tag_len The length of the tag to write.
*
* \return \c 0 on success.
* \return A specific error code on failure.
*/
int
mbedtls_cipher_write_tag
(
mbedtls_cipher_context_t
*
ctx
,
unsigned
char
*
tag
,
size_t
tag_len
);
/**
* \brief This function checks the tag for AEAD ciphers.
* Currently supported with GCM and ChaCha20+Poly1305.
* This must be called after mbedtls_cipher_finish().
*
* \param ctx The generic cipher context. This must be initialized.
* \param tag The buffer holding the tag. This must be a readable
* buffer of at least \p tag_len Bytes.
* \param tag_len The length of the tag to check.
*
* \return \c 0 on success.
* \return A specific error code on failure.
*/
int
mbedtls_cipher_check_tag
(
mbedtls_cipher_context_t
*
ctx
,
const
unsigned
char
*
tag
,
size_t
tag_len
);
#endif
/* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
/**
* \brief The generic all-in-one encryption/decryption function,
* for all ciphers except AEAD constructs.
*
* \param ctx The generic cipher context. This must be initialized.
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
* This must be a readable buffer of at least \p iv_len
* Bytes.
* \param iv_len The IV length for ciphers with variable-size IV.
* This parameter is discarded by ciphers with fixed-size
* IV.
* \param input The buffer holding the input data. This must be a
* readable buffer of at least \p ilen Bytes.
* \param ilen The length of the input data in Bytes.
* \param output The buffer for the output data. This must be able to
* hold at least `ilen + block_size`. This must not be the
* same buffer as \p input.
* \param olen The length of the output data, to be updated with the
* actual number of Bytes written. This must not be
* \c NULL.
*
* \note Some ciphers do not use IVs nor nonce. For these
* ciphers, use \p iv = NULL and \p iv_len = 0.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
* \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
* expecting a full block but not receiving one.
* \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
* while decrypting.
* \return A cipher-specific error code on failure.
*/
int
mbedtls_cipher_crypt
(
mbedtls_cipher_context_t
*
ctx
,
const
unsigned
char
*
iv
,
size_t
iv_len
,
const
unsigned
char
*
input
,
size_t
ilen
,
unsigned
char
*
output
,
size_t
*
olen
);
#if defined(MBEDTLS_CIPHER_MODE_AEAD)
/**
* \brief The generic autenticated encryption (AEAD) function.
*
* \param ctx The generic cipher context. This must be initialized and
* bound to a key.
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
* This must be a readable buffer of at least \p iv_len
* Bytes.
* \param iv_len The IV length for ciphers with variable-size IV.
* This parameter is discarded by ciphers with fixed-size IV.
* \param ad The additional data to authenticate. This must be a
* readable buffer of at least \p ad_len Bytes.
* \param ad_len The length of \p ad.
* \param input The buffer holding the input data. This must be a
* readable buffer of at least \p ilen Bytes.
* \param ilen The length of the input data.
* \param output The buffer for the output data. This must be able to
* hold at least \p ilen Bytes.
* \param olen The length of the output data, to be updated with the
* actual number of Bytes written. This must not be
* \c NULL.
* \param tag The buffer for the authentication tag. This must be a
* writable buffer of at least \p tag_len Bytes.
* \param tag_len The desired length of the authentication tag.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
* \return A cipher-specific error code on failure.
*/
int
mbedtls_cipher_auth_encrypt
(
mbedtls_cipher_context_t
*
ctx
,
const
unsigned
char
*
iv
,
size_t
iv_len
,
const
unsigned
char
*
ad
,
size_t
ad_len
,
const
unsigned
char
*
input
,
size_t
ilen
,
unsigned
char
*
output
,
size_t
*
olen
,
unsigned
char
*
tag
,
size_t
tag_len
);
/**
* \brief The generic autenticated decryption (AEAD) function.
*
* \note If the data is not authentic, then the output buffer
* is zeroed out to prevent the unauthentic plaintext being
* used, making this interface safer.
*
* \param ctx The generic cipher context. This must be initialized and
* and bound to a key.
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
* This must be a readable buffer of at least \p iv_len
* Bytes.
* \param iv_len The IV length for ciphers with variable-size IV.
* This parameter is discarded by ciphers with fixed-size IV.
* \param ad The additional data to be authenticated. This must be a
* readable buffer of at least \p ad_len Bytes.
* \param ad_len The length of \p ad.
* \param input The buffer holding the input data. This must be a
* readable buffer of at least \p ilen Bytes.
* \param ilen The length of the input data.
* \param output The buffer for the output data.
* This must be able to hold at least \p ilen Bytes.
* \param olen The length of the output data, to be updated with the
* actual number of Bytes written. This must not be
* \c NULL.
* \param tag The buffer holding the authentication tag. This must be
* a readable buffer of at least \p tag_len Bytes.
* \param tag_len The length of the authentication tag.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
* \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
* \return A cipher-specific error code on failure.
*/
int
mbedtls_cipher_auth_decrypt
(
mbedtls_cipher_context_t
*
ctx
,
const
unsigned
char
*
iv
,
size_t
iv_len
,
const
unsigned
char
*
ad
,
size_t
ad_len
,
const
unsigned
char
*
input
,
size_t
ilen
,
unsigned
char
*
output
,
size_t
*
olen
,
const
unsigned
char
*
tag
,
size_t
tag_len
);
#endif
/* MBEDTLS_CIPHER_MODE_AEAD */
#ifdef __cplusplus
#ifdef __cplusplus
}
}
#endif
#endif
...
...
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/cipher_internal.h
deleted
100644 → 0
View file @
fcb7d9c8
/**
* \file cipher_internal.h
*
* \brief Cipher wrappers.
*
* \author Adriaan de Jong <dejong@fox-it.com>
*/
/*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_CIPHER_WRAP_H
#define MBEDTLS_CIPHER_WRAP_H
#include "config.h"
#include "cipher.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#endif
/* MBEDTLS_USE_PSA_CRYPTO */
#ifdef __cplusplus
extern
"C"
{
#endif
/**
* Base cipher information. The non-mode specific functions and values.
*/
struct
mbedtls_cipher_base_t
{
/** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */
mbedtls_cipher_id_t
cipher
;
/** Encrypt using ECB */
int
(
*
ecb_func
)(
void
*
ctx
,
mbedtls_operation_t
mode
,
const
unsigned
char
*
input
,
unsigned
char
*
output
);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/** Encrypt using CBC */
int
(
*
cbc_func
)(
void
*
ctx
,
mbedtls_operation_t
mode
,
size_t
length
,
unsigned
char
*
iv
,
const
unsigned
char
*
input
,
unsigned
char
*
output
);
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
/** Encrypt using CFB (Full length) */
int
(
*
cfb_func
)(
void
*
ctx
,
mbedtls_operation_t
mode
,
size_t
length
,
size_t
*
iv_off
,
unsigned
char
*
iv
,
const
unsigned
char
*
input
,
unsigned
char
*
output
);
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
/** Encrypt using OFB (Full length) */
int
(
*
ofb_func
)(
void
*
ctx
,
size_t
length
,
size_t
*
iv_off
,
unsigned
char
*
iv
,
const
unsigned
char
*
input
,
unsigned
char
*
output
);
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
/** Encrypt using CTR */
int
(
*
ctr_func
)(
void
*
ctx
,
size_t
length
,
size_t
*
nc_off
,
unsigned
char
*
nonce_counter
,
unsigned
char
*
stream_block
,
const
unsigned
char
*
input
,
unsigned
char
*
output
);
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/** Encrypt or decrypt using XTS. */
int
(
*
xts_func
)(
void
*
ctx
,
mbedtls_operation_t
mode
,
size_t
length
,
const
unsigned
char
data_unit
[
16
],
const
unsigned
char
*
input
,
unsigned
char
*
output
);
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
/** Encrypt using STREAM */
int
(
*
stream_func
)(
void
*
ctx
,
size_t
length
,
const
unsigned
char
*
input
,
unsigned
char
*
output
);
#endif
/** Set key for encryption purposes */
int
(
*
setkey_enc_func
)(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
);
/** Set key for decryption purposes */
int
(
*
setkey_dec_func
)(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
);
/** Allocate a new context */
void
*
(
*
ctx_alloc_func
)(
void
);
/** Free the given context */
void
(
*
ctx_free_func
)(
void
*
ctx
);
};
typedef
struct
{
mbedtls_cipher_type_t
type
;
const
mbedtls_cipher_info_t
*
info
;
}
mbedtls_cipher_definition_t
;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
typedef
enum
{
MBEDTLS_CIPHER_PSA_KEY_UNSET
=
0
,
MBEDTLS_CIPHER_PSA_KEY_OWNED
,
/* Used for PSA-based cipher contexts which */
/* use raw key material internally imported */
/* into a allocated key slot, and which */
/* hence need to destroy that key slot */
/* when they are no longer needed. */
MBEDTLS_CIPHER_PSA_KEY_NOT_OWNED
,
/* Used for PSA-based cipher contexts */
/* which use a key from a key slot */
/* provided by the user, and which */
/* hence should not be destroyed when */
/* the context is no longer needed. */
}
mbedtls_cipher_psa_key_ownership
;
typedef
struct
{
psa_algorithm_t
alg
;
psa_key_handle_t
slot
;
mbedtls_cipher_psa_key_ownership
slot_state
;
}
mbedtls_cipher_context_psa
;
#endif
/* MBEDTLS_USE_PSA_CRYPTO */
extern
const
mbedtls_cipher_definition_t
mbedtls_cipher_definitions
[];
extern
int
mbedtls_cipher_supported
[];
#ifdef __cplusplus
}
#endif
#endif
/* MBEDTLS_CIPHER_WRAP_H */
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/cipher_wrap.c
deleted
100644 → 0
View file @
fcb7d9c8
/**
* \file cipher_wrap.c
*
* \brief Generic cipher wrapper for mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#include "config.h"
#if defined(MBEDTLS_CIPHER_C)
#include "cipher_internal.h"
#if defined(MBEDTLS_CHACHAPOLY_C)
#include "mbedtls/chachapoly.h"
#endif
#if defined(MBEDTLS_AES_C)
#include "aes.h"
#endif
#if defined(MBEDTLS_ARC4_C)
#include "mbedtls/arc4.h"
#endif
#if defined(MBEDTLS_CAMELLIA_C)
#include "mbedtls/camellia.h"
#endif
#if defined(MBEDTLS_ARIA_C)
#include "mbedtls/aria.h"
#endif
#if defined(MBEDTLS_DES_C)
#include "mbedtls/des.h"
#endif
#if defined(MBEDTLS_BLOWFISH_C)
#include "mbedtls/blowfish.h"
#endif
#if defined(MBEDTLS_CHACHA20_C)
#include "mbedtls/chacha20.h"
#endif
#if defined(MBEDTLS_GCM_C)
#include "gcm.h"
#endif
#if defined(MBEDTLS_CCM_C)
#include "mbedtls/ccm.h"
#endif
#if defined(MBEDTLS_NIST_KW_C)
#include "mbedtls/nist_kw.h"
#endif
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
#include <string.h>
#endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#if defined(MBEDTLS_GCM_C)
/* shared by all GCM ciphers */
static
void
*
gcm_ctx_alloc
(
void
)
{
void
*
ctx
=
mbedtls_calloc
(
1
,
sizeof
(
mbedtls_gcm_context
)
);
if
(
ctx
!=
NULL
)
mbedtls_gcm_init
(
(
mbedtls_gcm_context
*
)
ctx
);
return
(
ctx
);
}
static
void
gcm_ctx_free
(
void
*
ctx
)
{
mbedtls_gcm_free
(
ctx
);
mbedtls_free
(
ctx
);
}
#endif
/* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
/* shared by all CCM ciphers */
static
void
*
ccm_ctx_alloc
(
void
)
{
void
*
ctx
=
mbedtls_calloc
(
1
,
sizeof
(
mbedtls_ccm_context
)
);
if
(
ctx
!=
NULL
)
mbedtls_ccm_init
(
(
mbedtls_ccm_context
*
)
ctx
);
return
(
ctx
);
}
static
void
ccm_ctx_free
(
void
*
ctx
)
{
mbedtls_ccm_free
(
ctx
);
mbedtls_free
(
ctx
);
}
#endif
/* MBEDTLS_CCM_C */
#if defined(MBEDTLS_AES_C)
static
int
aes_crypt_ecb_wrap
(
void
*
ctx
,
mbedtls_operation_t
operation
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
return
mbedtls_aes_crypt_ecb
(
(
mbedtls_aes_context
*
)
ctx
,
operation
,
input
,
output
);
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static
int
aes_crypt_cbc_wrap
(
void
*
ctx
,
mbedtls_operation_t
operation
,
size_t
length
,
unsigned
char
*
iv
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
return
mbedtls_aes_crypt_cbc
(
(
mbedtls_aes_context
*
)
ctx
,
operation
,
length
,
iv
,
input
,
output
);
}
#endif
/* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static
int
aes_crypt_cfb128_wrap
(
void
*
ctx
,
mbedtls_operation_t
operation
,
size_t
length
,
size_t
*
iv_off
,
unsigned
char
*
iv
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
return
mbedtls_aes_crypt_cfb128
(
(
mbedtls_aes_context
*
)
ctx
,
operation
,
length
,
iv_off
,
iv
,
input
,
output
);
}
#endif
/* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
static
int
aes_crypt_ofb_wrap
(
void
*
ctx
,
size_t
length
,
size_t
*
iv_off
,
unsigned
char
*
iv
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
return
mbedtls_aes_crypt_ofb
(
(
mbedtls_aes_context
*
)
ctx
,
length
,
iv_off
,
iv
,
input
,
output
);
}
#endif
/* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static
int
aes_crypt_ctr_wrap
(
void
*
ctx
,
size_t
length
,
size_t
*
nc_off
,
unsigned
char
*
nonce_counter
,
unsigned
char
*
stream_block
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
return
mbedtls_aes_crypt_ctr
(
(
mbedtls_aes_context
*
)
ctx
,
length
,
nc_off
,
nonce_counter
,
stream_block
,
input
,
output
);
}
#endif
/* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
static
int
aes_crypt_xts_wrap
(
void
*
ctx
,
mbedtls_operation_t
operation
,
size_t
length
,
const
unsigned
char
data_unit
[
16
],
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
mbedtls_aes_xts_context
*
xts_ctx
=
ctx
;
int
mode
;
switch
(
operation
)
{
case
MBEDTLS_ENCRYPT
:
mode
=
MBEDTLS_AES_ENCRYPT
;
break
;
case
MBEDTLS_DECRYPT
:
mode
=
MBEDTLS_AES_DECRYPT
;
break
;
default:
return
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
;
}
return
mbedtls_aes_crypt_xts
(
xts_ctx
,
mode
,
length
,
data_unit
,
input
,
output
);
}
#endif
/* MBEDTLS_CIPHER_MODE_XTS */
static
int
aes_setkey_dec_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
return
mbedtls_aes_setkey_dec
(
(
mbedtls_aes_context
*
)
ctx
,
key
,
key_bitlen
);
}
static
int
aes_setkey_enc_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
return
mbedtls_aes_setkey_enc
(
(
mbedtls_aes_context
*
)
ctx
,
key
,
key_bitlen
);
}
static
void
*
aes_ctx_alloc
(
void
)
{
mbedtls_aes_context
*
aes
=
mbedtls_calloc
(
1
,
sizeof
(
mbedtls_aes_context
)
);
if
(
aes
==
NULL
)
return
(
NULL
);
mbedtls_aes_init
(
aes
);
return
(
aes
);
}
static
void
aes_ctx_free
(
void
*
ctx
)
{
mbedtls_aes_free
(
(
mbedtls_aes_context
*
)
ctx
);
mbedtls_free
(
ctx
);
}
static
const
mbedtls_cipher_base_t
aes_info
=
{
MBEDTLS_CIPHER_ID_AES
,
aes_crypt_ecb_wrap
,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
aes_crypt_cbc_wrap
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
aes_crypt_cfb128_wrap
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
aes_crypt_ofb_wrap
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
aes_crypt_ctr_wrap
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL
,
#endif
aes_setkey_enc_wrap
,
aes_setkey_dec_wrap
,
aes_ctx_alloc
,
aes_ctx_free
};
static
const
mbedtls_cipher_info_t
aes_128_ecb_info
=
{
MBEDTLS_CIPHER_AES_128_ECB
,
MBEDTLS_MODE_ECB
,
128
,
"AES-128-ECB"
,
0
,
0
,
16
,
&
aes_info
};
static
const
mbedtls_cipher_info_t
aes_192_ecb_info
=
{
MBEDTLS_CIPHER_AES_192_ECB
,
MBEDTLS_MODE_ECB
,
192
,
"AES-192-ECB"
,
0
,
0
,
16
,
&
aes_info
};
static
const
mbedtls_cipher_info_t
aes_256_ecb_info
=
{
MBEDTLS_CIPHER_AES_256_ECB
,
MBEDTLS_MODE_ECB
,
256
,
"AES-256-ECB"
,
0
,
0
,
16
,
&
aes_info
};
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static
const
mbedtls_cipher_info_t
aes_128_cbc_info
=
{
MBEDTLS_CIPHER_AES_128_CBC
,
MBEDTLS_MODE_CBC
,
128
,
"AES-128-CBC"
,
16
,
0
,
16
,
&
aes_info
};
static
const
mbedtls_cipher_info_t
aes_192_cbc_info
=
{
MBEDTLS_CIPHER_AES_192_CBC
,
MBEDTLS_MODE_CBC
,
192
,
"AES-192-CBC"
,
16
,
0
,
16
,
&
aes_info
};
static
const
mbedtls_cipher_info_t
aes_256_cbc_info
=
{
MBEDTLS_CIPHER_AES_256_CBC
,
MBEDTLS_MODE_CBC
,
256
,
"AES-256-CBC"
,
16
,
0
,
16
,
&
aes_info
};
#endif
/* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static
const
mbedtls_cipher_info_t
aes_128_cfb128_info
=
{
MBEDTLS_CIPHER_AES_128_CFB128
,
MBEDTLS_MODE_CFB
,
128
,
"AES-128-CFB128"
,
16
,
0
,
16
,
&
aes_info
};
static
const
mbedtls_cipher_info_t
aes_192_cfb128_info
=
{
MBEDTLS_CIPHER_AES_192_CFB128
,
MBEDTLS_MODE_CFB
,
192
,
"AES-192-CFB128"
,
16
,
0
,
16
,
&
aes_info
};
static
const
mbedtls_cipher_info_t
aes_256_cfb128_info
=
{
MBEDTLS_CIPHER_AES_256_CFB128
,
MBEDTLS_MODE_CFB
,
256
,
"AES-256-CFB128"
,
16
,
0
,
16
,
&
aes_info
};
#endif
/* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
static
const
mbedtls_cipher_info_t
aes_128_ofb_info
=
{
MBEDTLS_CIPHER_AES_128_OFB
,
MBEDTLS_MODE_OFB
,
128
,
"AES-128-OFB"
,
16
,
0
,
16
,
&
aes_info
};
static
const
mbedtls_cipher_info_t
aes_192_ofb_info
=
{
MBEDTLS_CIPHER_AES_192_OFB
,
MBEDTLS_MODE_OFB
,
192
,
"AES-192-OFB"
,
16
,
0
,
16
,
&
aes_info
};
static
const
mbedtls_cipher_info_t
aes_256_ofb_info
=
{
MBEDTLS_CIPHER_AES_256_OFB
,
MBEDTLS_MODE_OFB
,
256
,
"AES-256-OFB"
,
16
,
0
,
16
,
&
aes_info
};
#endif
/* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static
const
mbedtls_cipher_info_t
aes_128_ctr_info
=
{
MBEDTLS_CIPHER_AES_128_CTR
,
MBEDTLS_MODE_CTR
,
128
,
"AES-128-CTR"
,
16
,
0
,
16
,
&
aes_info
};
static
const
mbedtls_cipher_info_t
aes_192_ctr_info
=
{
MBEDTLS_CIPHER_AES_192_CTR
,
MBEDTLS_MODE_CTR
,
192
,
"AES-192-CTR"
,
16
,
0
,
16
,
&
aes_info
};
static
const
mbedtls_cipher_info_t
aes_256_ctr_info
=
{
MBEDTLS_CIPHER_AES_256_CTR
,
MBEDTLS_MODE_CTR
,
256
,
"AES-256-CTR"
,
16
,
0
,
16
,
&
aes_info
};
#endif
/* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
static
int
xts_aes_setkey_enc_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
mbedtls_aes_xts_context
*
xts_ctx
=
ctx
;
return
(
mbedtls_aes_xts_setkey_enc
(
xts_ctx
,
key
,
key_bitlen
)
);
}
static
int
xts_aes_setkey_dec_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
mbedtls_aes_xts_context
*
xts_ctx
=
ctx
;
return
(
mbedtls_aes_xts_setkey_dec
(
xts_ctx
,
key
,
key_bitlen
)
);
}
static
void
*
xts_aes_ctx_alloc
(
void
)
{
mbedtls_aes_xts_context
*
xts_ctx
=
mbedtls_calloc
(
1
,
sizeof
(
*
xts_ctx
)
);
if
(
xts_ctx
!=
NULL
)
mbedtls_aes_xts_init
(
xts_ctx
);
return
(
xts_ctx
);
}
static
void
xts_aes_ctx_free
(
void
*
ctx
)
{
mbedtls_aes_xts_context
*
xts_ctx
=
ctx
;
if
(
xts_ctx
==
NULL
)
return
;
mbedtls_aes_xts_free
(
xts_ctx
);
mbedtls_free
(
xts_ctx
);
}
static
const
mbedtls_cipher_base_t
xts_aes_info
=
{
MBEDTLS_CIPHER_ID_AES
,
NULL
,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
aes_crypt_xts_wrap
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL
,
#endif
xts_aes_setkey_enc_wrap
,
xts_aes_setkey_dec_wrap
,
xts_aes_ctx_alloc
,
xts_aes_ctx_free
};
static
const
mbedtls_cipher_info_t
aes_128_xts_info
=
{
MBEDTLS_CIPHER_AES_128_XTS
,
MBEDTLS_MODE_XTS
,
256
,
"AES-128-XTS"
,
16
,
0
,
16
,
&
xts_aes_info
};
static
const
mbedtls_cipher_info_t
aes_256_xts_info
=
{
MBEDTLS_CIPHER_AES_256_XTS
,
MBEDTLS_MODE_XTS
,
512
,
"AES-256-XTS"
,
16
,
0
,
16
,
&
xts_aes_info
};
#endif
/* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_GCM_C)
static
int
gcm_aes_setkey_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
return
mbedtls_gcm_setkey
(
(
mbedtls_gcm_context
*
)
ctx
,
MBEDTLS_CIPHER_ID_AES
,
key
,
key_bitlen
);
}
static
const
mbedtls_cipher_base_t
gcm_aes_info
=
{
MBEDTLS_CIPHER_ID_AES
,
NULL
,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL
,
#endif
gcm_aes_setkey_wrap
,
gcm_aes_setkey_wrap
,
gcm_ctx_alloc
,
gcm_ctx_free
,
};
static
const
mbedtls_cipher_info_t
aes_128_gcm_info
=
{
MBEDTLS_CIPHER_AES_128_GCM
,
MBEDTLS_MODE_GCM
,
128
,
"AES-128-GCM"
,
12
,
MBEDTLS_CIPHER_VARIABLE_IV_LEN
,
16
,
&
gcm_aes_info
};
static
const
mbedtls_cipher_info_t
aes_192_gcm_info
=
{
MBEDTLS_CIPHER_AES_192_GCM
,
MBEDTLS_MODE_GCM
,
192
,
"AES-192-GCM"
,
12
,
MBEDTLS_CIPHER_VARIABLE_IV_LEN
,
16
,
&
gcm_aes_info
};
static
const
mbedtls_cipher_info_t
aes_256_gcm_info
=
{
MBEDTLS_CIPHER_AES_256_GCM
,
MBEDTLS_MODE_GCM
,
256
,
"AES-256-GCM"
,
12
,
MBEDTLS_CIPHER_VARIABLE_IV_LEN
,
16
,
&
gcm_aes_info
};
#endif
/* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
static
int
ccm_aes_setkey_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
return
mbedtls_ccm_setkey
(
(
mbedtls_ccm_context
*
)
ctx
,
MBEDTLS_CIPHER_ID_AES
,
key
,
key_bitlen
);
}
static
const
mbedtls_cipher_base_t
ccm_aes_info
=
{
MBEDTLS_CIPHER_ID_AES
,
NULL
,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL
,
#endif
ccm_aes_setkey_wrap
,
ccm_aes_setkey_wrap
,
ccm_ctx_alloc
,
ccm_ctx_free
,
};
static
const
mbedtls_cipher_info_t
aes_128_ccm_info
=
{
MBEDTLS_CIPHER_AES_128_CCM
,
MBEDTLS_MODE_CCM
,
128
,
"AES-128-CCM"
,
12
,
MBEDTLS_CIPHER_VARIABLE_IV_LEN
,
16
,
&
ccm_aes_info
};
static
const
mbedtls_cipher_info_t
aes_192_ccm_info
=
{
MBEDTLS_CIPHER_AES_192_CCM
,
MBEDTLS_MODE_CCM
,
192
,
"AES-192-CCM"
,
12
,
MBEDTLS_CIPHER_VARIABLE_IV_LEN
,
16
,
&
ccm_aes_info
};
static
const
mbedtls_cipher_info_t
aes_256_ccm_info
=
{
MBEDTLS_CIPHER_AES_256_CCM
,
MBEDTLS_MODE_CCM
,
256
,
"AES-256-CCM"
,
12
,
MBEDTLS_CIPHER_VARIABLE_IV_LEN
,
16
,
&
ccm_aes_info
};
#endif
/* MBEDTLS_CCM_C */
#endif
/* MBEDTLS_AES_C */
#if defined(MBEDTLS_CAMELLIA_C)
static
int
camellia_crypt_ecb_wrap
(
void
*
ctx
,
mbedtls_operation_t
operation
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
return
mbedtls_camellia_crypt_ecb
(
(
mbedtls_camellia_context
*
)
ctx
,
operation
,
input
,
output
);
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static
int
camellia_crypt_cbc_wrap
(
void
*
ctx
,
mbedtls_operation_t
operation
,
size_t
length
,
unsigned
char
*
iv
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
return
mbedtls_camellia_crypt_cbc
(
(
mbedtls_camellia_context
*
)
ctx
,
operation
,
length
,
iv
,
input
,
output
);
}
#endif
/* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static
int
camellia_crypt_cfb128_wrap
(
void
*
ctx
,
mbedtls_operation_t
operation
,
size_t
length
,
size_t
*
iv_off
,
unsigned
char
*
iv
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
return
mbedtls_camellia_crypt_cfb128
(
(
mbedtls_camellia_context
*
)
ctx
,
operation
,
length
,
iv_off
,
iv
,
input
,
output
);
}
#endif
/* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static
int
camellia_crypt_ctr_wrap
(
void
*
ctx
,
size_t
length
,
size_t
*
nc_off
,
unsigned
char
*
nonce_counter
,
unsigned
char
*
stream_block
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
return
mbedtls_camellia_crypt_ctr
(
(
mbedtls_camellia_context
*
)
ctx
,
length
,
nc_off
,
nonce_counter
,
stream_block
,
input
,
output
);
}
#endif
/* MBEDTLS_CIPHER_MODE_CTR */
static
int
camellia_setkey_dec_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
return
mbedtls_camellia_setkey_dec
(
(
mbedtls_camellia_context
*
)
ctx
,
key
,
key_bitlen
);
}
static
int
camellia_setkey_enc_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
return
mbedtls_camellia_setkey_enc
(
(
mbedtls_camellia_context
*
)
ctx
,
key
,
key_bitlen
);
}
static
void
*
camellia_ctx_alloc
(
void
)
{
mbedtls_camellia_context
*
ctx
;
ctx
=
mbedtls_calloc
(
1
,
sizeof
(
mbedtls_camellia_context
)
);
if
(
ctx
==
NULL
)
return
(
NULL
);
mbedtls_camellia_init
(
ctx
);
return
(
ctx
);
}
static
void
camellia_ctx_free
(
void
*
ctx
)
{
mbedtls_camellia_free
(
(
mbedtls_camellia_context
*
)
ctx
);
mbedtls_free
(
ctx
);
}
static
const
mbedtls_cipher_base_t
camellia_info
=
{
MBEDTLS_CIPHER_ID_CAMELLIA
,
camellia_crypt_ecb_wrap
,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
camellia_crypt_cbc_wrap
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
camellia_crypt_cfb128_wrap
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
camellia_crypt_ctr_wrap
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL
,
#endif
camellia_setkey_enc_wrap
,
camellia_setkey_dec_wrap
,
camellia_ctx_alloc
,
camellia_ctx_free
};
static
const
mbedtls_cipher_info_t
camellia_128_ecb_info
=
{
MBEDTLS_CIPHER_CAMELLIA_128_ECB
,
MBEDTLS_MODE_ECB
,
128
,
"CAMELLIA-128-ECB"
,
16
,
0
,
16
,
&
camellia_info
};
static
const
mbedtls_cipher_info_t
camellia_192_ecb_info
=
{
MBEDTLS_CIPHER_CAMELLIA_192_ECB
,
MBEDTLS_MODE_ECB
,
192
,
"CAMELLIA-192-ECB"
,
16
,
0
,
16
,
&
camellia_info
};
static
const
mbedtls_cipher_info_t
camellia_256_ecb_info
=
{
MBEDTLS_CIPHER_CAMELLIA_256_ECB
,
MBEDTLS_MODE_ECB
,
256
,
"CAMELLIA-256-ECB"
,
16
,
0
,
16
,
&
camellia_info
};
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static
const
mbedtls_cipher_info_t
camellia_128_cbc_info
=
{
MBEDTLS_CIPHER_CAMELLIA_128_CBC
,
MBEDTLS_MODE_CBC
,
128
,
"CAMELLIA-128-CBC"
,
16
,
0
,
16
,
&
camellia_info
};
static
const
mbedtls_cipher_info_t
camellia_192_cbc_info
=
{
MBEDTLS_CIPHER_CAMELLIA_192_CBC
,
MBEDTLS_MODE_CBC
,
192
,
"CAMELLIA-192-CBC"
,
16
,
0
,
16
,
&
camellia_info
};
static
const
mbedtls_cipher_info_t
camellia_256_cbc_info
=
{
MBEDTLS_CIPHER_CAMELLIA_256_CBC
,
MBEDTLS_MODE_CBC
,
256
,
"CAMELLIA-256-CBC"
,
16
,
0
,
16
,
&
camellia_info
};
#endif
/* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static
const
mbedtls_cipher_info_t
camellia_128_cfb128_info
=
{
MBEDTLS_CIPHER_CAMELLIA_128_CFB128
,
MBEDTLS_MODE_CFB
,
128
,
"CAMELLIA-128-CFB128"
,
16
,
0
,
16
,
&
camellia_info
};
static
const
mbedtls_cipher_info_t
camellia_192_cfb128_info
=
{
MBEDTLS_CIPHER_CAMELLIA_192_CFB128
,
MBEDTLS_MODE_CFB
,
192
,
"CAMELLIA-192-CFB128"
,
16
,
0
,
16
,
&
camellia_info
};
static
const
mbedtls_cipher_info_t
camellia_256_cfb128_info
=
{
MBEDTLS_CIPHER_CAMELLIA_256_CFB128
,
MBEDTLS_MODE_CFB
,
256
,
"CAMELLIA-256-CFB128"
,
16
,
0
,
16
,
&
camellia_info
};
#endif
/* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static
const
mbedtls_cipher_info_t
camellia_128_ctr_info
=
{
MBEDTLS_CIPHER_CAMELLIA_128_CTR
,
MBEDTLS_MODE_CTR
,
128
,
"CAMELLIA-128-CTR"
,
16
,
0
,
16
,
&
camellia_info
};
static
const
mbedtls_cipher_info_t
camellia_192_ctr_info
=
{
MBEDTLS_CIPHER_CAMELLIA_192_CTR
,
MBEDTLS_MODE_CTR
,
192
,
"CAMELLIA-192-CTR"
,
16
,
0
,
16
,
&
camellia_info
};
static
const
mbedtls_cipher_info_t
camellia_256_ctr_info
=
{
MBEDTLS_CIPHER_CAMELLIA_256_CTR
,
MBEDTLS_MODE_CTR
,
256
,
"CAMELLIA-256-CTR"
,
16
,
0
,
16
,
&
camellia_info
};
#endif
/* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_GCM_C)
static
int
gcm_camellia_setkey_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
return
mbedtls_gcm_setkey
(
(
mbedtls_gcm_context
*
)
ctx
,
MBEDTLS_CIPHER_ID_CAMELLIA
,
key
,
key_bitlen
);
}
static
const
mbedtls_cipher_base_t
gcm_camellia_info
=
{
MBEDTLS_CIPHER_ID_CAMELLIA
,
NULL
,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL
,
#endif
gcm_camellia_setkey_wrap
,
gcm_camellia_setkey_wrap
,
gcm_ctx_alloc
,
gcm_ctx_free
,
};
static
const
mbedtls_cipher_info_t
camellia_128_gcm_info
=
{
MBEDTLS_CIPHER_CAMELLIA_128_GCM
,
MBEDTLS_MODE_GCM
,
128
,
"CAMELLIA-128-GCM"
,
12
,
MBEDTLS_CIPHER_VARIABLE_IV_LEN
,
16
,
&
gcm_camellia_info
};
static
const
mbedtls_cipher_info_t
camellia_192_gcm_info
=
{
MBEDTLS_CIPHER_CAMELLIA_192_GCM
,
MBEDTLS_MODE_GCM
,
192
,
"CAMELLIA-192-GCM"
,
12
,
MBEDTLS_CIPHER_VARIABLE_IV_LEN
,
16
,
&
gcm_camellia_info
};
static
const
mbedtls_cipher_info_t
camellia_256_gcm_info
=
{
MBEDTLS_CIPHER_CAMELLIA_256_GCM
,
MBEDTLS_MODE_GCM
,
256
,
"CAMELLIA-256-GCM"
,
12
,
MBEDTLS_CIPHER_VARIABLE_IV_LEN
,
16
,
&
gcm_camellia_info
};
#endif
/* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
static
int
ccm_camellia_setkey_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
return
mbedtls_ccm_setkey
(
(
mbedtls_ccm_context
*
)
ctx
,
MBEDTLS_CIPHER_ID_CAMELLIA
,
key
,
key_bitlen
);
}
static
const
mbedtls_cipher_base_t
ccm_camellia_info
=
{
MBEDTLS_CIPHER_ID_CAMELLIA
,
NULL
,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL
,
#endif
ccm_camellia_setkey_wrap
,
ccm_camellia_setkey_wrap
,
ccm_ctx_alloc
,
ccm_ctx_free
,
};
static
const
mbedtls_cipher_info_t
camellia_128_ccm_info
=
{
MBEDTLS_CIPHER_CAMELLIA_128_CCM
,
MBEDTLS_MODE_CCM
,
128
,
"CAMELLIA-128-CCM"
,
12
,
MBEDTLS_CIPHER_VARIABLE_IV_LEN
,
16
,
&
ccm_camellia_info
};
static
const
mbedtls_cipher_info_t
camellia_192_ccm_info
=
{
MBEDTLS_CIPHER_CAMELLIA_192_CCM
,
MBEDTLS_MODE_CCM
,
192
,
"CAMELLIA-192-CCM"
,
12
,
MBEDTLS_CIPHER_VARIABLE_IV_LEN
,
16
,
&
ccm_camellia_info
};
static
const
mbedtls_cipher_info_t
camellia_256_ccm_info
=
{
MBEDTLS_CIPHER_CAMELLIA_256_CCM
,
MBEDTLS_MODE_CCM
,
256
,
"CAMELLIA-256-CCM"
,
12
,
MBEDTLS_CIPHER_VARIABLE_IV_LEN
,
16
,
&
ccm_camellia_info
};
#endif
/* MBEDTLS_CCM_C */
#endif
/* MBEDTLS_CAMELLIA_C */
#if defined(MBEDTLS_ARIA_C)
static
int
aria_crypt_ecb_wrap
(
void
*
ctx
,
mbedtls_operation_t
operation
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
(
void
)
operation
;
return
mbedtls_aria_crypt_ecb
(
(
mbedtls_aria_context
*
)
ctx
,
input
,
output
);
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static
int
aria_crypt_cbc_wrap
(
void
*
ctx
,
mbedtls_operation_t
operation
,
size_t
length
,
unsigned
char
*
iv
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
return
mbedtls_aria_crypt_cbc
(
(
mbedtls_aria_context
*
)
ctx
,
operation
,
length
,
iv
,
input
,
output
);
}
#endif
/* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static
int
aria_crypt_cfb128_wrap
(
void
*
ctx
,
mbedtls_operation_t
operation
,
size_t
length
,
size_t
*
iv_off
,
unsigned
char
*
iv
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
return
mbedtls_aria_crypt_cfb128
(
(
mbedtls_aria_context
*
)
ctx
,
operation
,
length
,
iv_off
,
iv
,
input
,
output
);
}
#endif
/* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static
int
aria_crypt_ctr_wrap
(
void
*
ctx
,
size_t
length
,
size_t
*
nc_off
,
unsigned
char
*
nonce_counter
,
unsigned
char
*
stream_block
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
return
mbedtls_aria_crypt_ctr
(
(
mbedtls_aria_context
*
)
ctx
,
length
,
nc_off
,
nonce_counter
,
stream_block
,
input
,
output
);
}
#endif
/* MBEDTLS_CIPHER_MODE_CTR */
static
int
aria_setkey_dec_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
return
mbedtls_aria_setkey_dec
(
(
mbedtls_aria_context
*
)
ctx
,
key
,
key_bitlen
);
}
static
int
aria_setkey_enc_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
return
mbedtls_aria_setkey_enc
(
(
mbedtls_aria_context
*
)
ctx
,
key
,
key_bitlen
);
}
static
void
*
aria_ctx_alloc
(
void
)
{
mbedtls_aria_context
*
ctx
;
ctx
=
mbedtls_calloc
(
1
,
sizeof
(
mbedtls_aria_context
)
);
if
(
ctx
==
NULL
)
return
(
NULL
);
mbedtls_aria_init
(
ctx
);
return
(
ctx
);
}
static
void
aria_ctx_free
(
void
*
ctx
)
{
mbedtls_aria_free
(
(
mbedtls_aria_context
*
)
ctx
);
mbedtls_free
(
ctx
);
}
static
const
mbedtls_cipher_base_t
aria_info
=
{
MBEDTLS_CIPHER_ID_ARIA
,
aria_crypt_ecb_wrap
,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
aria_crypt_cbc_wrap
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
aria_crypt_cfb128_wrap
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
aria_crypt_ctr_wrap
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL
,
#endif
aria_setkey_enc_wrap
,
aria_setkey_dec_wrap
,
aria_ctx_alloc
,
aria_ctx_free
};
static
const
mbedtls_cipher_info_t
aria_128_ecb_info
=
{
MBEDTLS_CIPHER_ARIA_128_ECB
,
MBEDTLS_MODE_ECB
,
128
,
"ARIA-128-ECB"
,
16
,
0
,
16
,
&
aria_info
};
static
const
mbedtls_cipher_info_t
aria_192_ecb_info
=
{
MBEDTLS_CIPHER_ARIA_192_ECB
,
MBEDTLS_MODE_ECB
,
192
,
"ARIA-192-ECB"
,
16
,
0
,
16
,
&
aria_info
};
static
const
mbedtls_cipher_info_t
aria_256_ecb_info
=
{
MBEDTLS_CIPHER_ARIA_256_ECB
,
MBEDTLS_MODE_ECB
,
256
,
"ARIA-256-ECB"
,
16
,
0
,
16
,
&
aria_info
};
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static
const
mbedtls_cipher_info_t
aria_128_cbc_info
=
{
MBEDTLS_CIPHER_ARIA_128_CBC
,
MBEDTLS_MODE_CBC
,
128
,
"ARIA-128-CBC"
,
16
,
0
,
16
,
&
aria_info
};
static
const
mbedtls_cipher_info_t
aria_192_cbc_info
=
{
MBEDTLS_CIPHER_ARIA_192_CBC
,
MBEDTLS_MODE_CBC
,
192
,
"ARIA-192-CBC"
,
16
,
0
,
16
,
&
aria_info
};
static
const
mbedtls_cipher_info_t
aria_256_cbc_info
=
{
MBEDTLS_CIPHER_ARIA_256_CBC
,
MBEDTLS_MODE_CBC
,
256
,
"ARIA-256-CBC"
,
16
,
0
,
16
,
&
aria_info
};
#endif
/* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static
const
mbedtls_cipher_info_t
aria_128_cfb128_info
=
{
MBEDTLS_CIPHER_ARIA_128_CFB128
,
MBEDTLS_MODE_CFB
,
128
,
"ARIA-128-CFB128"
,
16
,
0
,
16
,
&
aria_info
};
static
const
mbedtls_cipher_info_t
aria_192_cfb128_info
=
{
MBEDTLS_CIPHER_ARIA_192_CFB128
,
MBEDTLS_MODE_CFB
,
192
,
"ARIA-192-CFB128"
,
16
,
0
,
16
,
&
aria_info
};
static
const
mbedtls_cipher_info_t
aria_256_cfb128_info
=
{
MBEDTLS_CIPHER_ARIA_256_CFB128
,
MBEDTLS_MODE_CFB
,
256
,
"ARIA-256-CFB128"
,
16
,
0
,
16
,
&
aria_info
};
#endif
/* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static
const
mbedtls_cipher_info_t
aria_128_ctr_info
=
{
MBEDTLS_CIPHER_ARIA_128_CTR
,
MBEDTLS_MODE_CTR
,
128
,
"ARIA-128-CTR"
,
16
,
0
,
16
,
&
aria_info
};
static
const
mbedtls_cipher_info_t
aria_192_ctr_info
=
{
MBEDTLS_CIPHER_ARIA_192_CTR
,
MBEDTLS_MODE_CTR
,
192
,
"ARIA-192-CTR"
,
16
,
0
,
16
,
&
aria_info
};
static
const
mbedtls_cipher_info_t
aria_256_ctr_info
=
{
MBEDTLS_CIPHER_ARIA_256_CTR
,
MBEDTLS_MODE_CTR
,
256
,
"ARIA-256-CTR"
,
16
,
0
,
16
,
&
aria_info
};
#endif
/* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_GCM_C)
static
int
gcm_aria_setkey_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
return
mbedtls_gcm_setkey
(
(
mbedtls_gcm_context
*
)
ctx
,
MBEDTLS_CIPHER_ID_ARIA
,
key
,
key_bitlen
);
}
static
const
mbedtls_cipher_base_t
gcm_aria_info
=
{
MBEDTLS_CIPHER_ID_ARIA
,
NULL
,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL
,
#endif
gcm_aria_setkey_wrap
,
gcm_aria_setkey_wrap
,
gcm_ctx_alloc
,
gcm_ctx_free
,
};
static
const
mbedtls_cipher_info_t
aria_128_gcm_info
=
{
MBEDTLS_CIPHER_ARIA_128_GCM
,
MBEDTLS_MODE_GCM
,
128
,
"ARIA-128-GCM"
,
12
,
MBEDTLS_CIPHER_VARIABLE_IV_LEN
,
16
,
&
gcm_aria_info
};
static
const
mbedtls_cipher_info_t
aria_192_gcm_info
=
{
MBEDTLS_CIPHER_ARIA_192_GCM
,
MBEDTLS_MODE_GCM
,
192
,
"ARIA-192-GCM"
,
12
,
MBEDTLS_CIPHER_VARIABLE_IV_LEN
,
16
,
&
gcm_aria_info
};
static
const
mbedtls_cipher_info_t
aria_256_gcm_info
=
{
MBEDTLS_CIPHER_ARIA_256_GCM
,
MBEDTLS_MODE_GCM
,
256
,
"ARIA-256-GCM"
,
12
,
MBEDTLS_CIPHER_VARIABLE_IV_LEN
,
16
,
&
gcm_aria_info
};
#endif
/* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
static
int
ccm_aria_setkey_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
return
mbedtls_ccm_setkey
(
(
mbedtls_ccm_context
*
)
ctx
,
MBEDTLS_CIPHER_ID_ARIA
,
key
,
key_bitlen
);
}
static
const
mbedtls_cipher_base_t
ccm_aria_info
=
{
MBEDTLS_CIPHER_ID_ARIA
,
NULL
,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL
,
#endif
ccm_aria_setkey_wrap
,
ccm_aria_setkey_wrap
,
ccm_ctx_alloc
,
ccm_ctx_free
,
};
static
const
mbedtls_cipher_info_t
aria_128_ccm_info
=
{
MBEDTLS_CIPHER_ARIA_128_CCM
,
MBEDTLS_MODE_CCM
,
128
,
"ARIA-128-CCM"
,
12
,
MBEDTLS_CIPHER_VARIABLE_IV_LEN
,
16
,
&
ccm_aria_info
};
static
const
mbedtls_cipher_info_t
aria_192_ccm_info
=
{
MBEDTLS_CIPHER_ARIA_192_CCM
,
MBEDTLS_MODE_CCM
,
192
,
"ARIA-192-CCM"
,
12
,
MBEDTLS_CIPHER_VARIABLE_IV_LEN
,
16
,
&
ccm_aria_info
};
static
const
mbedtls_cipher_info_t
aria_256_ccm_info
=
{
MBEDTLS_CIPHER_ARIA_256_CCM
,
MBEDTLS_MODE_CCM
,
256
,
"ARIA-256-CCM"
,
12
,
MBEDTLS_CIPHER_VARIABLE_IV_LEN
,
16
,
&
ccm_aria_info
};
#endif
/* MBEDTLS_CCM_C */
#endif
/* MBEDTLS_ARIA_C */
#if defined(MBEDTLS_DES_C)
static
int
des_crypt_ecb_wrap
(
void
*
ctx
,
mbedtls_operation_t
operation
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
((
void
)
operation
);
return
mbedtls_des_crypt_ecb
(
(
mbedtls_des_context
*
)
ctx
,
input
,
output
);
}
static
int
des3_crypt_ecb_wrap
(
void
*
ctx
,
mbedtls_operation_t
operation
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
((
void
)
operation
);
return
mbedtls_des3_crypt_ecb
(
(
mbedtls_des3_context
*
)
ctx
,
input
,
output
);
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static
int
des_crypt_cbc_wrap
(
void
*
ctx
,
mbedtls_operation_t
operation
,
size_t
length
,
unsigned
char
*
iv
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
return
mbedtls_des_crypt_cbc
(
(
mbedtls_des_context
*
)
ctx
,
operation
,
length
,
iv
,
input
,
output
);
}
#endif
/* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static
int
des3_crypt_cbc_wrap
(
void
*
ctx
,
mbedtls_operation_t
operation
,
size_t
length
,
unsigned
char
*
iv
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
return
mbedtls_des3_crypt_cbc
(
(
mbedtls_des3_context
*
)
ctx
,
operation
,
length
,
iv
,
input
,
output
);
}
#endif
/* MBEDTLS_CIPHER_MODE_CBC */
static
int
des_setkey_dec_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
((
void
)
key_bitlen
);
return
mbedtls_des_setkey_dec
(
(
mbedtls_des_context
*
)
ctx
,
key
);
}
static
int
des_setkey_enc_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
((
void
)
key_bitlen
);
return
mbedtls_des_setkey_enc
(
(
mbedtls_des_context
*
)
ctx
,
key
);
}
static
int
des3_set2key_dec_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
((
void
)
key_bitlen
);
return
mbedtls_des3_set2key_dec
(
(
mbedtls_des3_context
*
)
ctx
,
key
);
}
static
int
des3_set2key_enc_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
((
void
)
key_bitlen
);
return
mbedtls_des3_set2key_enc
(
(
mbedtls_des3_context
*
)
ctx
,
key
);
}
static
int
des3_set3key_dec_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
((
void
)
key_bitlen
);
return
mbedtls_des3_set3key_dec
(
(
mbedtls_des3_context
*
)
ctx
,
key
);
}
static
int
des3_set3key_enc_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
((
void
)
key_bitlen
);
return
mbedtls_des3_set3key_enc
(
(
mbedtls_des3_context
*
)
ctx
,
key
);
}
static
void
*
des_ctx_alloc
(
void
)
{
mbedtls_des_context
*
des
=
mbedtls_calloc
(
1
,
sizeof
(
mbedtls_des_context
)
);
if
(
des
==
NULL
)
return
(
NULL
);
mbedtls_des_init
(
des
);
return
(
des
);
}
static
void
des_ctx_free
(
void
*
ctx
)
{
mbedtls_des_free
(
(
mbedtls_des_context
*
)
ctx
);
mbedtls_free
(
ctx
);
}
static
void
*
des3_ctx_alloc
(
void
)
{
mbedtls_des3_context
*
des3
;
des3
=
mbedtls_calloc
(
1
,
sizeof
(
mbedtls_des3_context
)
);
if
(
des3
==
NULL
)
return
(
NULL
);
mbedtls_des3_init
(
des3
);
return
(
des3
);
}
static
void
des3_ctx_free
(
void
*
ctx
)
{
mbedtls_des3_free
(
(
mbedtls_des3_context
*
)
ctx
);
mbedtls_free
(
ctx
);
}
static
const
mbedtls_cipher_base_t
des_info
=
{
MBEDTLS_CIPHER_ID_DES
,
des_crypt_ecb_wrap
,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
des_crypt_cbc_wrap
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL
,
#endif
des_setkey_enc_wrap
,
des_setkey_dec_wrap
,
des_ctx_alloc
,
des_ctx_free
};
static
const
mbedtls_cipher_info_t
des_ecb_info
=
{
MBEDTLS_CIPHER_DES_ECB
,
MBEDTLS_MODE_ECB
,
MBEDTLS_KEY_LENGTH_DES
,
"DES-ECB"
,
8
,
0
,
8
,
&
des_info
};
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static
const
mbedtls_cipher_info_t
des_cbc_info
=
{
MBEDTLS_CIPHER_DES_CBC
,
MBEDTLS_MODE_CBC
,
MBEDTLS_KEY_LENGTH_DES
,
"DES-CBC"
,
8
,
0
,
8
,
&
des_info
};
#endif
/* MBEDTLS_CIPHER_MODE_CBC */
static
const
mbedtls_cipher_base_t
des_ede_info
=
{
MBEDTLS_CIPHER_ID_DES
,
des3_crypt_ecb_wrap
,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
des3_crypt_cbc_wrap
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL
,
#endif
des3_set2key_enc_wrap
,
des3_set2key_dec_wrap
,
des3_ctx_alloc
,
des3_ctx_free
};
static
const
mbedtls_cipher_info_t
des_ede_ecb_info
=
{
MBEDTLS_CIPHER_DES_EDE_ECB
,
MBEDTLS_MODE_ECB
,
MBEDTLS_KEY_LENGTH_DES_EDE
,
"DES-EDE-ECB"
,
8
,
0
,
8
,
&
des_ede_info
};
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static
const
mbedtls_cipher_info_t
des_ede_cbc_info
=
{
MBEDTLS_CIPHER_DES_EDE_CBC
,
MBEDTLS_MODE_CBC
,
MBEDTLS_KEY_LENGTH_DES_EDE
,
"DES-EDE-CBC"
,
8
,
0
,
8
,
&
des_ede_info
};
#endif
/* MBEDTLS_CIPHER_MODE_CBC */
static
const
mbedtls_cipher_base_t
des_ede3_info
=
{
MBEDTLS_CIPHER_ID_3DES
,
des3_crypt_ecb_wrap
,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
des3_crypt_cbc_wrap
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL
,
#endif
des3_set3key_enc_wrap
,
des3_set3key_dec_wrap
,
des3_ctx_alloc
,
des3_ctx_free
};
static
const
mbedtls_cipher_info_t
des_ede3_ecb_info
=
{
MBEDTLS_CIPHER_DES_EDE3_ECB
,
MBEDTLS_MODE_ECB
,
MBEDTLS_KEY_LENGTH_DES_EDE3
,
"DES-EDE3-ECB"
,
8
,
0
,
8
,
&
des_ede3_info
};
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static
const
mbedtls_cipher_info_t
des_ede3_cbc_info
=
{
MBEDTLS_CIPHER_DES_EDE3_CBC
,
MBEDTLS_MODE_CBC
,
MBEDTLS_KEY_LENGTH_DES_EDE3
,
"DES-EDE3-CBC"
,
8
,
0
,
8
,
&
des_ede3_info
};
#endif
/* MBEDTLS_CIPHER_MODE_CBC */
#endif
/* MBEDTLS_DES_C */
#if defined(MBEDTLS_BLOWFISH_C)
static
int
blowfish_crypt_ecb_wrap
(
void
*
ctx
,
mbedtls_operation_t
operation
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
return
mbedtls_blowfish_crypt_ecb
(
(
mbedtls_blowfish_context
*
)
ctx
,
operation
,
input
,
output
);
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static
int
blowfish_crypt_cbc_wrap
(
void
*
ctx
,
mbedtls_operation_t
operation
,
size_t
length
,
unsigned
char
*
iv
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
return
mbedtls_blowfish_crypt_cbc
(
(
mbedtls_blowfish_context
*
)
ctx
,
operation
,
length
,
iv
,
input
,
output
);
}
#endif
/* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static
int
blowfish_crypt_cfb64_wrap
(
void
*
ctx
,
mbedtls_operation_t
operation
,
size_t
length
,
size_t
*
iv_off
,
unsigned
char
*
iv
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
return
mbedtls_blowfish_crypt_cfb64
(
(
mbedtls_blowfish_context
*
)
ctx
,
operation
,
length
,
iv_off
,
iv
,
input
,
output
);
}
#endif
/* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static
int
blowfish_crypt_ctr_wrap
(
void
*
ctx
,
size_t
length
,
size_t
*
nc_off
,
unsigned
char
*
nonce_counter
,
unsigned
char
*
stream_block
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
return
mbedtls_blowfish_crypt_ctr
(
(
mbedtls_blowfish_context
*
)
ctx
,
length
,
nc_off
,
nonce_counter
,
stream_block
,
input
,
output
);
}
#endif
/* MBEDTLS_CIPHER_MODE_CTR */
static
int
blowfish_setkey_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
return
mbedtls_blowfish_setkey
(
(
mbedtls_blowfish_context
*
)
ctx
,
key
,
key_bitlen
);
}
static
void
*
blowfish_ctx_alloc
(
void
)
{
mbedtls_blowfish_context
*
ctx
;
ctx
=
mbedtls_calloc
(
1
,
sizeof
(
mbedtls_blowfish_context
)
);
if
(
ctx
==
NULL
)
return
(
NULL
);
mbedtls_blowfish_init
(
ctx
);
return
(
ctx
);
}
static
void
blowfish_ctx_free
(
void
*
ctx
)
{
mbedtls_blowfish_free
(
(
mbedtls_blowfish_context
*
)
ctx
);
mbedtls_free
(
ctx
);
}
static
const
mbedtls_cipher_base_t
blowfish_info
=
{
MBEDTLS_CIPHER_ID_BLOWFISH
,
blowfish_crypt_ecb_wrap
,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
blowfish_crypt_cbc_wrap
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
blowfish_crypt_cfb64_wrap
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
blowfish_crypt_ctr_wrap
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL
,
#endif
blowfish_setkey_wrap
,
blowfish_setkey_wrap
,
blowfish_ctx_alloc
,
blowfish_ctx_free
};
static
const
mbedtls_cipher_info_t
blowfish_ecb_info
=
{
MBEDTLS_CIPHER_BLOWFISH_ECB
,
MBEDTLS_MODE_ECB
,
128
,
"BLOWFISH-ECB"
,
8
,
MBEDTLS_CIPHER_VARIABLE_KEY_LEN
,
8
,
&
blowfish_info
};
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static
const
mbedtls_cipher_info_t
blowfish_cbc_info
=
{
MBEDTLS_CIPHER_BLOWFISH_CBC
,
MBEDTLS_MODE_CBC
,
128
,
"BLOWFISH-CBC"
,
8
,
MBEDTLS_CIPHER_VARIABLE_KEY_LEN
,
8
,
&
blowfish_info
};
#endif
/* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static
const
mbedtls_cipher_info_t
blowfish_cfb64_info
=
{
MBEDTLS_CIPHER_BLOWFISH_CFB64
,
MBEDTLS_MODE_CFB
,
128
,
"BLOWFISH-CFB64"
,
8
,
MBEDTLS_CIPHER_VARIABLE_KEY_LEN
,
8
,
&
blowfish_info
};
#endif
/* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static
const
mbedtls_cipher_info_t
blowfish_ctr_info
=
{
MBEDTLS_CIPHER_BLOWFISH_CTR
,
MBEDTLS_MODE_CTR
,
128
,
"BLOWFISH-CTR"
,
8
,
MBEDTLS_CIPHER_VARIABLE_KEY_LEN
,
8
,
&
blowfish_info
};
#endif
/* MBEDTLS_CIPHER_MODE_CTR */
#endif
/* MBEDTLS_BLOWFISH_C */
#if defined(MBEDTLS_ARC4_C)
static
int
arc4_crypt_stream_wrap
(
void
*
ctx
,
size_t
length
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
return
(
mbedtls_arc4_crypt
(
(
mbedtls_arc4_context
*
)
ctx
,
length
,
input
,
output
)
);
}
static
int
arc4_setkey_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
/* we get key_bitlen in bits, arc4 expects it in bytes */
if
(
key_bitlen
%
8
!=
0
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
mbedtls_arc4_setup
(
(
mbedtls_arc4_context
*
)
ctx
,
key
,
key_bitlen
/
8
);
return
(
0
);
}
static
void
*
arc4_ctx_alloc
(
void
)
{
mbedtls_arc4_context
*
ctx
;
ctx
=
mbedtls_calloc
(
1
,
sizeof
(
mbedtls_arc4_context
)
);
if
(
ctx
==
NULL
)
return
(
NULL
);
mbedtls_arc4_init
(
ctx
);
return
(
ctx
);
}
static
void
arc4_ctx_free
(
void
*
ctx
)
{
mbedtls_arc4_free
(
(
mbedtls_arc4_context
*
)
ctx
);
mbedtls_free
(
ctx
);
}
static
const
mbedtls_cipher_base_t
arc4_base_info
=
{
MBEDTLS_CIPHER_ID_ARC4
,
NULL
,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
arc4_crypt_stream_wrap
,
#endif
arc4_setkey_wrap
,
arc4_setkey_wrap
,
arc4_ctx_alloc
,
arc4_ctx_free
};
static
const
mbedtls_cipher_info_t
arc4_128_info
=
{
MBEDTLS_CIPHER_ARC4_128
,
MBEDTLS_MODE_STREAM
,
128
,
"ARC4-128"
,
0
,
0
,
1
,
&
arc4_base_info
};
#endif
/* MBEDTLS_ARC4_C */
#if defined(MBEDTLS_CHACHA20_C)
static
int
chacha20_setkey_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
if
(
key_bitlen
!=
256U
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
if
(
0
!=
mbedtls_chacha20_setkey
(
(
mbedtls_chacha20_context
*
)
ctx
,
key
)
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
return
(
0
);
}
static
int
chacha20_stream_wrap
(
void
*
ctx
,
size_t
length
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
int
ret
;
ret
=
mbedtls_chacha20_update
(
ctx
,
length
,
input
,
output
);
if
(
ret
==
MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
return
(
ret
);
}
static
void
*
chacha20_ctx_alloc
(
void
)
{
mbedtls_chacha20_context
*
ctx
;
ctx
=
mbedtls_calloc
(
1
,
sizeof
(
mbedtls_chacha20_context
)
);
if
(
ctx
==
NULL
)
return
(
NULL
);
mbedtls_chacha20_init
(
ctx
);
return
(
ctx
);
}
static
void
chacha20_ctx_free
(
void
*
ctx
)
{
mbedtls_chacha20_free
(
(
mbedtls_chacha20_context
*
)
ctx
);
mbedtls_free
(
ctx
);
}
static
const
mbedtls_cipher_base_t
chacha20_base_info
=
{
MBEDTLS_CIPHER_ID_CHACHA20
,
NULL
,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
chacha20_stream_wrap
,
#endif
chacha20_setkey_wrap
,
chacha20_setkey_wrap
,
chacha20_ctx_alloc
,
chacha20_ctx_free
};
static
const
mbedtls_cipher_info_t
chacha20_info
=
{
MBEDTLS_CIPHER_CHACHA20
,
MBEDTLS_MODE_STREAM
,
256
,
"CHACHA20"
,
12
,
0
,
1
,
&
chacha20_base_info
};
#endif
/* MBEDTLS_CHACHA20_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
static
int
chachapoly_setkey_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
if
(
key_bitlen
!=
256U
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
if
(
0
!=
mbedtls_chachapoly_setkey
(
(
mbedtls_chachapoly_context
*
)
ctx
,
key
)
)
return
(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
);
return
(
0
);
}
static
void
*
chachapoly_ctx_alloc
(
void
)
{
mbedtls_chachapoly_context
*
ctx
;
ctx
=
mbedtls_calloc
(
1
,
sizeof
(
mbedtls_chachapoly_context
)
);
if
(
ctx
==
NULL
)
return
(
NULL
);
mbedtls_chachapoly_init
(
ctx
);
return
(
ctx
);
}
static
void
chachapoly_ctx_free
(
void
*
ctx
)
{
mbedtls_chachapoly_free
(
(
mbedtls_chachapoly_context
*
)
ctx
);
mbedtls_free
(
ctx
);
}
static
const
mbedtls_cipher_base_t
chachapoly_base_info
=
{
MBEDTLS_CIPHER_ID_CHACHA20
,
NULL
,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL
,
#endif
chachapoly_setkey_wrap
,
chachapoly_setkey_wrap
,
chachapoly_ctx_alloc
,
chachapoly_ctx_free
};
static
const
mbedtls_cipher_info_t
chachapoly_info
=
{
MBEDTLS_CIPHER_CHACHA20_POLY1305
,
MBEDTLS_MODE_CHACHAPOLY
,
256
,
"CHACHA20-POLY1305"
,
12
,
0
,
1
,
&
chachapoly_base_info
};
#endif
/* MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
static
int
null_crypt_stream
(
void
*
ctx
,
size_t
length
,
const
unsigned
char
*
input
,
unsigned
char
*
output
)
{
((
void
)
ctx
);
memmove
(
output
,
input
,
length
);
return
(
0
);
}
static
int
null_setkey
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
((
void
)
ctx
);
((
void
)
key
);
((
void
)
key_bitlen
);
return
(
0
);
}
static
void
*
null_ctx_alloc
(
void
)
{
return
(
(
void
*
)
1
);
}
static
void
null_ctx_free
(
void
*
ctx
)
{
((
void
)
ctx
);
}
static
const
mbedtls_cipher_base_t
null_base_info
=
{
MBEDTLS_CIPHER_ID_NULL
,
NULL
,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
null_crypt_stream
,
#endif
null_setkey
,
null_setkey
,
null_ctx_alloc
,
null_ctx_free
};
static
const
mbedtls_cipher_info_t
null_cipher_info
=
{
MBEDTLS_CIPHER_NULL
,
MBEDTLS_MODE_STREAM
,
0
,
"NULL"
,
0
,
0
,
1
,
&
null_base_info
};
#endif
/* defined(MBEDTLS_CIPHER_NULL_CIPHER) */
#if defined(MBEDTLS_NIST_KW_C)
static
void
*
kw_ctx_alloc
(
void
)
{
void
*
ctx
=
mbedtls_calloc
(
1
,
sizeof
(
mbedtls_nist_kw_context
)
);
if
(
ctx
!=
NULL
)
mbedtls_nist_kw_init
(
(
mbedtls_nist_kw_context
*
)
ctx
);
return
(
ctx
);
}
static
void
kw_ctx_free
(
void
*
ctx
)
{
mbedtls_nist_kw_free
(
ctx
);
mbedtls_free
(
ctx
);
}
static
int
kw_aes_setkey_wrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
return
mbedtls_nist_kw_setkey
(
(
mbedtls_nist_kw_context
*
)
ctx
,
MBEDTLS_CIPHER_ID_AES
,
key
,
key_bitlen
,
1
);
}
static
int
kw_aes_setkey_unwrap
(
void
*
ctx
,
const
unsigned
char
*
key
,
unsigned
int
key_bitlen
)
{
return
mbedtls_nist_kw_setkey
(
(
mbedtls_nist_kw_context
*
)
ctx
,
MBEDTLS_CIPHER_ID_AES
,
key
,
key_bitlen
,
0
);
}
static
const
mbedtls_cipher_base_t
kw_aes_info
=
{
MBEDTLS_CIPHER_ID_AES
,
NULL
,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
NULL
,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL
,
#endif
kw_aes_setkey_wrap
,
kw_aes_setkey_unwrap
,
kw_ctx_alloc
,
kw_ctx_free
,
};
static
const
mbedtls_cipher_info_t
aes_128_nist_kw_info
=
{
MBEDTLS_CIPHER_AES_128_KW
,
MBEDTLS_MODE_KW
,
128
,
"AES-128-KW"
,
0
,
0
,
16
,
&
kw_aes_info
};
static
const
mbedtls_cipher_info_t
aes_192_nist_kw_info
=
{
MBEDTLS_CIPHER_AES_192_KW
,
MBEDTLS_MODE_KW
,
192
,
"AES-192-KW"
,
0
,
0
,
16
,
&
kw_aes_info
};
static
const
mbedtls_cipher_info_t
aes_256_nist_kw_info
=
{
MBEDTLS_CIPHER_AES_256_KW
,
MBEDTLS_MODE_KW
,
256
,
"AES-256-KW"
,
0
,
0
,
16
,
&
kw_aes_info
};
static
const
mbedtls_cipher_info_t
aes_128_nist_kwp_info
=
{
MBEDTLS_CIPHER_AES_128_KWP
,
MBEDTLS_MODE_KWP
,
128
,
"AES-128-KWP"
,
0
,
0
,
16
,
&
kw_aes_info
};
static
const
mbedtls_cipher_info_t
aes_192_nist_kwp_info
=
{
MBEDTLS_CIPHER_AES_192_KWP
,
MBEDTLS_MODE_KWP
,
192
,
"AES-192-KWP"
,
0
,
0
,
16
,
&
kw_aes_info
};
static
const
mbedtls_cipher_info_t
aes_256_nist_kwp_info
=
{
MBEDTLS_CIPHER_AES_256_KWP
,
MBEDTLS_MODE_KWP
,
256
,
"AES-256-KWP"
,
0
,
0
,
16
,
&
kw_aes_info
};
#endif
/* MBEDTLS_NIST_KW_C */
const
mbedtls_cipher_definition_t
mbedtls_cipher_definitions
[]
=
{
#if defined(MBEDTLS_AES_C)
{
MBEDTLS_CIPHER_AES_128_ECB
,
&
aes_128_ecb_info
},
{
MBEDTLS_CIPHER_AES_192_ECB
,
&
aes_192_ecb_info
},
{
MBEDTLS_CIPHER_AES_256_ECB
,
&
aes_256_ecb_info
},
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{
MBEDTLS_CIPHER_AES_128_CBC
,
&
aes_128_cbc_info
},
{
MBEDTLS_CIPHER_AES_192_CBC
,
&
aes_192_cbc_info
},
{
MBEDTLS_CIPHER_AES_256_CBC
,
&
aes_256_cbc_info
},
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
{
MBEDTLS_CIPHER_AES_128_CFB128
,
&
aes_128_cfb128_info
},
{
MBEDTLS_CIPHER_AES_192_CFB128
,
&
aes_192_cfb128_info
},
{
MBEDTLS_CIPHER_AES_256_CFB128
,
&
aes_256_cfb128_info
},
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
{
MBEDTLS_CIPHER_AES_128_OFB
,
&
aes_128_ofb_info
},
{
MBEDTLS_CIPHER_AES_192_OFB
,
&
aes_192_ofb_info
},
{
MBEDTLS_CIPHER_AES_256_OFB
,
&
aes_256_ofb_info
},
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
{
MBEDTLS_CIPHER_AES_128_CTR
,
&
aes_128_ctr_info
},
{
MBEDTLS_CIPHER_AES_192_CTR
,
&
aes_192_ctr_info
},
{
MBEDTLS_CIPHER_AES_256_CTR
,
&
aes_256_ctr_info
},
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
{
MBEDTLS_CIPHER_AES_128_XTS
,
&
aes_128_xts_info
},
{
MBEDTLS_CIPHER_AES_256_XTS
,
&
aes_256_xts_info
},
#endif
#if defined(MBEDTLS_GCM_C)
{
MBEDTLS_CIPHER_AES_128_GCM
,
&
aes_128_gcm_info
},
{
MBEDTLS_CIPHER_AES_192_GCM
,
&
aes_192_gcm_info
},
{
MBEDTLS_CIPHER_AES_256_GCM
,
&
aes_256_gcm_info
},
#endif
#if defined(MBEDTLS_CCM_C)
{
MBEDTLS_CIPHER_AES_128_CCM
,
&
aes_128_ccm_info
},
{
MBEDTLS_CIPHER_AES_192_CCM
,
&
aes_192_ccm_info
},
{
MBEDTLS_CIPHER_AES_256_CCM
,
&
aes_256_ccm_info
},
#endif
#endif
/* MBEDTLS_AES_C */
#if defined(MBEDTLS_ARC4_C)
{
MBEDTLS_CIPHER_ARC4_128
,
&
arc4_128_info
},
#endif
#if defined(MBEDTLS_BLOWFISH_C)
{
MBEDTLS_CIPHER_BLOWFISH_ECB
,
&
blowfish_ecb_info
},
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{
MBEDTLS_CIPHER_BLOWFISH_CBC
,
&
blowfish_cbc_info
},
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
{
MBEDTLS_CIPHER_BLOWFISH_CFB64
,
&
blowfish_cfb64_info
},
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
{
MBEDTLS_CIPHER_BLOWFISH_CTR
,
&
blowfish_ctr_info
},
#endif
#endif
/* MBEDTLS_BLOWFISH_C */
#if defined(MBEDTLS_CAMELLIA_C)
{
MBEDTLS_CIPHER_CAMELLIA_128_ECB
,
&
camellia_128_ecb_info
},
{
MBEDTLS_CIPHER_CAMELLIA_192_ECB
,
&
camellia_192_ecb_info
},
{
MBEDTLS_CIPHER_CAMELLIA_256_ECB
,
&
camellia_256_ecb_info
},
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{
MBEDTLS_CIPHER_CAMELLIA_128_CBC
,
&
camellia_128_cbc_info
},
{
MBEDTLS_CIPHER_CAMELLIA_192_CBC
,
&
camellia_192_cbc_info
},
{
MBEDTLS_CIPHER_CAMELLIA_256_CBC
,
&
camellia_256_cbc_info
},
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
{
MBEDTLS_CIPHER_CAMELLIA_128_CFB128
,
&
camellia_128_cfb128_info
},
{
MBEDTLS_CIPHER_CAMELLIA_192_CFB128
,
&
camellia_192_cfb128_info
},
{
MBEDTLS_CIPHER_CAMELLIA_256_CFB128
,
&
camellia_256_cfb128_info
},
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
{
MBEDTLS_CIPHER_CAMELLIA_128_CTR
,
&
camellia_128_ctr_info
},
{
MBEDTLS_CIPHER_CAMELLIA_192_CTR
,
&
camellia_192_ctr_info
},
{
MBEDTLS_CIPHER_CAMELLIA_256_CTR
,
&
camellia_256_ctr_info
},
#endif
#if defined(MBEDTLS_GCM_C)
{
MBEDTLS_CIPHER_CAMELLIA_128_GCM
,
&
camellia_128_gcm_info
},
{
MBEDTLS_CIPHER_CAMELLIA_192_GCM
,
&
camellia_192_gcm_info
},
{
MBEDTLS_CIPHER_CAMELLIA_256_GCM
,
&
camellia_256_gcm_info
},
#endif
#if defined(MBEDTLS_CCM_C)
{
MBEDTLS_CIPHER_CAMELLIA_128_CCM
,
&
camellia_128_ccm_info
},
{
MBEDTLS_CIPHER_CAMELLIA_192_CCM
,
&
camellia_192_ccm_info
},
{
MBEDTLS_CIPHER_CAMELLIA_256_CCM
,
&
camellia_256_ccm_info
},
#endif
#endif
/* MBEDTLS_CAMELLIA_C */
#if defined(MBEDTLS_ARIA_C)
{
MBEDTLS_CIPHER_ARIA_128_ECB
,
&
aria_128_ecb_info
},
{
MBEDTLS_CIPHER_ARIA_192_ECB
,
&
aria_192_ecb_info
},
{
MBEDTLS_CIPHER_ARIA_256_ECB
,
&
aria_256_ecb_info
},
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{
MBEDTLS_CIPHER_ARIA_128_CBC
,
&
aria_128_cbc_info
},
{
MBEDTLS_CIPHER_ARIA_192_CBC
,
&
aria_192_cbc_info
},
{
MBEDTLS_CIPHER_ARIA_256_CBC
,
&
aria_256_cbc_info
},
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
{
MBEDTLS_CIPHER_ARIA_128_CFB128
,
&
aria_128_cfb128_info
},
{
MBEDTLS_CIPHER_ARIA_192_CFB128
,
&
aria_192_cfb128_info
},
{
MBEDTLS_CIPHER_ARIA_256_CFB128
,
&
aria_256_cfb128_info
},
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
{
MBEDTLS_CIPHER_ARIA_128_CTR
,
&
aria_128_ctr_info
},
{
MBEDTLS_CIPHER_ARIA_192_CTR
,
&
aria_192_ctr_info
},
{
MBEDTLS_CIPHER_ARIA_256_CTR
,
&
aria_256_ctr_info
},
#endif
#if defined(MBEDTLS_GCM_C)
{
MBEDTLS_CIPHER_ARIA_128_GCM
,
&
aria_128_gcm_info
},
{
MBEDTLS_CIPHER_ARIA_192_GCM
,
&
aria_192_gcm_info
},
{
MBEDTLS_CIPHER_ARIA_256_GCM
,
&
aria_256_gcm_info
},
#endif
#if defined(MBEDTLS_CCM_C)
{
MBEDTLS_CIPHER_ARIA_128_CCM
,
&
aria_128_ccm_info
},
{
MBEDTLS_CIPHER_ARIA_192_CCM
,
&
aria_192_ccm_info
},
{
MBEDTLS_CIPHER_ARIA_256_CCM
,
&
aria_256_ccm_info
},
#endif
#endif
/* MBEDTLS_ARIA_C */
#if defined(MBEDTLS_DES_C)
{
MBEDTLS_CIPHER_DES_ECB
,
&
des_ecb_info
},
{
MBEDTLS_CIPHER_DES_EDE_ECB
,
&
des_ede_ecb_info
},
{
MBEDTLS_CIPHER_DES_EDE3_ECB
,
&
des_ede3_ecb_info
},
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{
MBEDTLS_CIPHER_DES_CBC
,
&
des_cbc_info
},
{
MBEDTLS_CIPHER_DES_EDE_CBC
,
&
des_ede_cbc_info
},
{
MBEDTLS_CIPHER_DES_EDE3_CBC
,
&
des_ede3_cbc_info
},
#endif
#endif
/* MBEDTLS_DES_C */
#if defined(MBEDTLS_CHACHA20_C)
{
MBEDTLS_CIPHER_CHACHA20
,
&
chacha20_info
},
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
{
MBEDTLS_CIPHER_CHACHA20_POLY1305
,
&
chachapoly_info
},
#endif
#if defined(MBEDTLS_NIST_KW_C)
{
MBEDTLS_CIPHER_AES_128_KW
,
&
aes_128_nist_kw_info
},
{
MBEDTLS_CIPHER_AES_192_KW
,
&
aes_192_nist_kw_info
},
{
MBEDTLS_CIPHER_AES_256_KW
,
&
aes_256_nist_kw_info
},
{
MBEDTLS_CIPHER_AES_128_KWP
,
&
aes_128_nist_kwp_info
},
{
MBEDTLS_CIPHER_AES_192_KWP
,
&
aes_192_nist_kwp_info
},
{
MBEDTLS_CIPHER_AES_256_KWP
,
&
aes_256_nist_kwp_info
},
#endif
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
{
MBEDTLS_CIPHER_NULL
,
&
null_cipher_info
},
#endif
/* MBEDTLS_CIPHER_NULL_CIPHER */
{
MBEDTLS_CIPHER_NONE
,
NULL
}
};
#define NUM_CIPHERS ( sizeof(mbedtls_cipher_definitions) / \
sizeof(mbedtls_cipher_definitions[0]) )
int
mbedtls_cipher_supported
[
NUM_CIPHERS
];
#endif
/* MBEDTLS_CIPHER_C */
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/config.h
deleted
100644 → 0
View file @
fcb7d9c8
#pragma once
#undef MBEDTLS_SELF_TEST
#define MBEDTLS_GCM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_AES_C
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/gcm.c
View file @
be1cf907
...
@@ -29,23 +29,15 @@
...
@@ -29,23 +29,15 @@
* [MGV] 4.1, pp. 12-13, to enhance speed without using too much memory.
* [MGV] 4.1, pp. 12-13, to enhance speed without using too much memory.
*/
*/
#include "config.h"
#include "platform_util.h"
#include "platform_util.h"
#if defined(MBEDTLS_GCM_C)
#include "gcm.h"
#include "gcm.h"
#include "aes.h"
#include "api.h"
#include "api.h"
#include "crypto_aead.h"
#include "crypto_aead.h"
#include <string.h>
#include <string.h>
#if defined(MBEDTLS_AESNI_C)
#include "mbedtls/aesni.h"
#endif
#if !defined(MBEDTLS_GCM_ALT)
/* Parameter validation macros */
/* Parameter validation macros */
#define GCM_VALIDATE_RET( cond ) \
#define GCM_VALIDATE_RET( cond ) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_GCM_BAD_INPUT )
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_GCM_BAD_INPUT )
...
@@ -86,6 +78,9 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
...
@@ -86,6 +78,9 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
memset
(
ctx
,
0
,
sizeof
(
mbedtls_gcm_context
)
);
memset
(
ctx
,
0
,
sizeof
(
mbedtls_gcm_context
)
);
}
}
#define mbedtls_cipher_update(ctx, input, output) \
mbedtls_aes_crypt_ecb((ctx)->cipher_ctx, MBEDTLS_ENCRYPT, input, output)
/*
/*
* Encrypt function for NIST API
* Encrypt function for NIST API
*/
*/
...
@@ -100,6 +95,7 @@ int crypto_aead_encrypt(
...
@@ -100,6 +95,7 @@ int crypto_aead_encrypt(
{
{
(
void
)
nsec
;
(
void
)
nsec
;
mbedtls_gcm_context
ctx
;
mbedtls_gcm_context
ctx
;
mbedtls_aes_context
aes
;
int
ret
;
int
ret
;
unsigned
long
long
mask
=
15
;
unsigned
long
long
mask
=
15
;
unsigned
long
long
mlenp
=
(
mlen
+
mask
)
&
(
~
mask
);
unsigned
long
long
mlenp
=
(
mlen
+
mask
)
&
(
~
mask
);
...
@@ -107,9 +103,11 @@ int crypto_aead_encrypt(
...
@@ -107,9 +103,11 @@ int crypto_aead_encrypt(
*
clen
=
mlenp
+
CRYPTO_ABYTES
;
*
clen
=
mlenp
+
CRYPTO_ABYTES
;
mbedtls_gcm_init
(
&
ctx
);
mbedtls_gcm_init
(
&
ctx
);
ret
=
mbedtls_gcm_setkey
(
&
ctx
,
MBEDTLS_CIPHER_ID_AES
,
k
,
128
);
ctx
.
cipher_ctx
.
cipher_ctx
=
&
aes
;
ret
=
mbedtls_gcm_setkey
(
&
ctx
,
k
,
128
);
ret
=
mbedtls_gcm_crypt_and_tag
(
&
ctx
,
1
,
mlen
,
npub
,
12
,
ad
,
adlen
,
m
,
c
,
16
,
tag_buf
);
ret
=
mbedtls_gcm_crypt_and_tag
(
&
ctx
,
1
,
mlen
,
npub
,
12
,
ad
,
adlen
,
m
,
c
,
16
,
tag_buf
);
mbedtls_gcm_free
(
&
ctx
);
mbedtls_gcm_free
(
&
ctx
);
mbedtls_platform_zeroize
(
&
aes
,
sizeof
(
aes
)
);
memcpy
(
c
+
mlenp
,
tag_buf
,
CRYPTO_ABYTES
);
memcpy
(
c
+
mlenp
,
tag_buf
,
CRYPTO_ABYTES
);
return
ret
;
return
ret
;
}
}
...
@@ -125,6 +123,7 @@ int crypto_aead_decrypt(
...
@@ -125,6 +123,7 @@ int crypto_aead_decrypt(
{
{
(
void
)
nsec
;
(
void
)
nsec
;
mbedtls_gcm_context
ctx
;
mbedtls_gcm_context
ctx
;
mbedtls_aes_context
aes
;
int
ret
;
int
ret
;
unsigned
char
tag_buf
[
CRYPTO_ABYTES
];
unsigned
char
tag_buf
[
CRYPTO_ABYTES
];
...
@@ -133,9 +132,11 @@ int crypto_aead_decrypt(
...
@@ -133,9 +132,11 @@ int crypto_aead_decrypt(
*
mlen
=
clen
;
*
mlen
=
clen
;
mbedtls_gcm_init
(
&
ctx
);
mbedtls_gcm_init
(
&
ctx
);
ret
=
mbedtls_gcm_setkey
(
&
ctx
,
MBEDTLS_CIPHER_ID_AES
,
k
,
128
);
ctx
.
cipher_ctx
.
cipher_ctx
=
&
aes
;
ret
=
mbedtls_gcm_setkey
(
&
ctx
,
k
,
128
);
ret
=
mbedtls_gcm_auth_decrypt
(
&
ctx
,
clen
,
npub
,
12
,
ad
,
adlen
,
tag_buf
,
16
,
c
,
m
);
ret
=
mbedtls_gcm_auth_decrypt
(
&
ctx
,
clen
,
npub
,
12
,
ad
,
adlen
,
tag_buf
,
16
,
c
,
m
);
mbedtls_gcm_free
(
&
ctx
);
mbedtls_gcm_free
(
&
ctx
);
mbedtls_platform_zeroize
(
&
aes
,
sizeof
(
aes
)
);
return
ret
;
return
ret
;
...
@@ -155,10 +156,9 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
...
@@ -155,10 +156,9 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
uint64_t
hi
,
lo
;
uint64_t
hi
,
lo
;
uint64_t
vl
,
vh
;
uint64_t
vl
,
vh
;
unsigned
char
h
[
16
];
unsigned
char
h
[
16
];
size_t
olen
=
0
;
memset
(
h
,
0
,
16
);
memset
(
h
,
0
,
16
);
if
(
(
ret
=
mbedtls_cipher_update
(
&
ctx
->
cipher_ctx
,
h
,
16
,
h
,
&
olen
)
)
!=
0
)
if
(
(
ret
=
mbedtls_cipher_update
(
&
ctx
->
cipher_ctx
,
h
,
h
)
)
!=
0
)
return
(
ret
);
return
(
ret
);
/* pack h as two 64-bits ints, big-endian */
/* pack h as two 64-bits ints, big-endian */
...
@@ -174,12 +174,6 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
...
@@ -174,12 +174,6 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
ctx
->
HL
[
8
]
=
vl
;
ctx
->
HL
[
8
]
=
vl
;
ctx
->
HH
[
8
]
=
vh
;
ctx
->
HH
[
8
]
=
vh
;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
/* With CLMUL support, we need only h, not the rest of the table */
if
(
mbedtls_aesni_has_support
(
MBEDTLS_AESNI_CLMUL
)
)
return
(
0
);
#endif
/* 0 corresponds to 0 in GF(2^128) */
/* 0 corresponds to 0 in GF(2^128) */
ctx
->
HH
[
0
]
=
0
;
ctx
->
HH
[
0
]
=
0
;
ctx
->
HL
[
0
]
=
0
;
ctx
->
HL
[
0
]
=
0
;
...
@@ -210,32 +204,18 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
...
@@ -210,32 +204,18 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
}
}
int
mbedtls_gcm_setkey
(
mbedtls_gcm_context
*
ctx
,
int
mbedtls_gcm_setkey
(
mbedtls_gcm_context
*
ctx
,
mbedtls_cipher_id_t
cipher
,
const
unsigned
char
*
key
,
const
unsigned
char
*
key
,
unsigned
int
keybits
)
unsigned
int
keybits
)
{
{
int
ret
;
int
ret
;
const
mbedtls_cipher_info_t
*
cipher_info
;
GCM_VALIDATE_RET
(
ctx
!=
NULL
);
GCM_VALIDATE_RET
(
ctx
!=
NULL
);
GCM_VALIDATE_RET
(
key
!=
NULL
);
GCM_VALIDATE_RET
(
key
!=
NULL
);
GCM_VALIDATE_RET
(
keybits
==
128
||
keybits
==
192
||
keybits
==
256
);
GCM_VALIDATE_RET
(
keybits
==
128
||
keybits
==
192
||
keybits
==
256
);
cipher_info
=
mbedtls_cipher_info_from_values
(
cipher
,
keybits
,
ctx
->
cipher_ctx
.
key_bitlen
=
keybits
;
MBEDTLS_MODE_ECB
);
if
(
cipher_info
==
NULL
)
return
(
MBEDTLS_ERR_GCM_BAD_INPUT
);
if
(
cipher_info
->
block_size
!=
16
)
return
(
MBEDTLS_ERR_GCM_BAD_INPUT
);
mbedtls_cipher_free
(
&
ctx
->
cipher_ctx
);
if
(
(
ret
=
mbedtls_aes_setkey_enc
(
ctx
->
cipher_ctx
.
cipher_ctx
,
key
,
keybits
)
)
!=
0
)
if
(
(
ret
=
mbedtls_cipher_setup
(
&
ctx
->
cipher_ctx
,
cipher_info
)
)
!=
0
)
return
(
ret
);
if
(
(
ret
=
mbedtls_cipher_setkey
(
&
ctx
->
cipher_ctx
,
key
,
keybits
,
MBEDTLS_ENCRYPT
)
)
!=
0
)
{
{
return
(
ret
);
return
(
ret
);
}
}
...
@@ -270,20 +250,6 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
...
@@ -270,20 +250,6 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
unsigned
char
lo
,
hi
,
rem
;
unsigned
char
lo
,
hi
,
rem
;
uint64_t
zh
,
zl
;
uint64_t
zh
,
zl
;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
if
(
mbedtls_aesni_has_support
(
MBEDTLS_AESNI_CLMUL
)
)
{
unsigned
char
h
[
16
];
PUT_UINT32_BE
(
ctx
->
HH
[
8
]
>>
32
,
h
,
0
);
PUT_UINT32_BE
(
ctx
->
HH
[
8
],
h
,
4
);
PUT_UINT32_BE
(
ctx
->
HL
[
8
]
>>
32
,
h
,
8
);
PUT_UINT32_BE
(
ctx
->
HL
[
8
],
h
,
12
);
mbedtls_aesni_gcm_mult
(
output
,
x
,
h
);
return
;
}
#endif
/* MBEDTLS_AESNI_C && MBEDTLS_HAVE_X86_64 */
lo
=
x
[
15
]
&
0xf
;
lo
=
x
[
15
]
&
0xf
;
zh
=
ctx
->
HH
[
lo
];
zh
=
ctx
->
HH
[
lo
];
...
@@ -330,7 +296,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
...
@@ -330,7 +296,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
unsigned
char
work_buf
[
16
];
unsigned
char
work_buf
[
16
];
size_t
i
;
size_t
i
;
const
unsigned
char
*
p
;
const
unsigned
char
*
p
;
size_t
use_len
,
olen
=
0
;
size_t
use_len
;
GCM_VALIDATE_RET
(
ctx
!=
NULL
);
GCM_VALIDATE_RET
(
ctx
!=
NULL
);
GCM_VALIDATE_RET
(
iv
!=
NULL
);
GCM_VALIDATE_RET
(
iv
!=
NULL
);
...
@@ -382,8 +348,8 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
...
@@ -382,8 +348,8 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
gcm_mult
(
ctx
,
ctx
->
y
,
ctx
->
y
);
gcm_mult
(
ctx
,
ctx
->
y
,
ctx
->
y
);
}
}
if
(
(
ret
=
mbedtls_cipher_update
(
&
ctx
->
cipher_ctx
,
ctx
->
y
,
16
,
if
(
(
ret
=
mbedtls_cipher_update
(
&
ctx
->
cipher_ctx
,
ctx
->
y
,
ctx
->
base_ectr
,
&
olen
)
)
!=
0
)
ctx
->
base_ectr
)
)
!=
0
)
{
{
return
(
ret
);
return
(
ret
);
}
}
...
@@ -416,7 +382,7 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
...
@@ -416,7 +382,7 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
size_t
i
;
size_t
i
;
const
unsigned
char
*
p
;
const
unsigned
char
*
p
;
unsigned
char
*
out_p
=
output
;
unsigned
char
*
out_p
=
output
;
size_t
use_len
,
olen
=
0
;
size_t
use_len
;
GCM_VALIDATE_RET
(
ctx
!=
NULL
);
GCM_VALIDATE_RET
(
ctx
!=
NULL
);
GCM_VALIDATE_RET
(
length
==
0
||
input
!=
NULL
);
GCM_VALIDATE_RET
(
length
==
0
||
input
!=
NULL
);
...
@@ -444,8 +410,8 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
...
@@ -444,8 +410,8 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
if
(
++
ctx
->
y
[
i
-
1
]
!=
0
)
if
(
++
ctx
->
y
[
i
-
1
]
!=
0
)
break
;
break
;
if
(
(
ret
=
mbedtls_cipher_update
(
&
ctx
->
cipher_ctx
,
ctx
->
y
,
16
,
ectr
,
if
(
(
ret
=
mbedtls_cipher_update
(
&
ctx
->
cipher_ctx
,
ctx
->
y
,
ectr
&
olen
)
)
!=
0
)
)
)
!=
0
)
{
{
return
(
ret
);
return
(
ret
);
}
}
...
@@ -590,10 +556,6 @@ void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
...
@@ -590,10 +556,6 @@ void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
{
{
if
(
ctx
==
NULL
)
if
(
ctx
==
NULL
)
return
;
return
;
mbedtls_cipher_free
(
&
ctx
->
cipher_ctx
);
mbedtls_platform_zeroize
(
ctx
,
sizeof
(
mbedtls_gcm_context
)
);
mbedtls_platform_zeroize
(
ctx
,
sizeof
(
mbedtls_gcm_context
)
);
}
}
#endif
/* !MBEDTLS_GCM_ALT */
#endif
/* MBEDTLS_GCM_C */
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/gcm.h
View file @
be1cf907
...
@@ -33,8 +33,6 @@
...
@@ -33,8 +33,6 @@
#ifndef MBEDTLS_GCM_H
#ifndef MBEDTLS_GCM_H
#define MBEDTLS_GCM_H
#define MBEDTLS_GCM_H
#include "config.h"
#include "cipher.h"
#include "cipher.h"
#include <stdint.h>
#include <stdint.h>
...
@@ -43,18 +41,12 @@
...
@@ -43,18 +41,12 @@
#define MBEDTLS_GCM_DECRYPT 0
#define MBEDTLS_GCM_DECRYPT 0
#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012
/**< Authenticated decryption failed. */
#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012
/**< Authenticated decryption failed. */
/* MBEDTLS_ERR_GCM_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED -0x0013
/**< GCM hardware accelerator failed. */
#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014
/**< Bad input parameters to function. */
#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014
/**< Bad input parameters to function. */
#ifdef __cplusplus
#ifdef __cplusplus
extern
"C"
{
extern
"C"
{
#endif
#endif
#if !defined(MBEDTLS_GCM_ALT)
/**
/**
* \brief The GCM context structure.
* \brief The GCM context structure.
*/
*/
...
@@ -74,10 +66,6 @@ typedef struct mbedtls_gcm_context
...
@@ -74,10 +66,6 @@ typedef struct mbedtls_gcm_context
}
}
mbedtls_gcm_context
;
mbedtls_gcm_context
;
#else
/* !MBEDTLS_GCM_ALT */
#include "gcm_alt.h"
#endif
/* !MBEDTLS_GCM_ALT */
/**
/**
* \brief This function initializes the specified GCM context,
* \brief This function initializes the specified GCM context,
* to make references valid, and prepares the context
* to make references valid, and prepares the context
...
@@ -96,7 +84,6 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
...
@@ -96,7 +84,6 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
* cipher algorithm and a key.
* cipher algorithm and a key.
*
*
* \param ctx The GCM context. This must be initialized.
* \param ctx The GCM context. This must be initialized.
* \param cipher The 128-bit block cipher to use.
* \param key The encryption key. This must be a readable buffer of at
* \param key The encryption key. This must be a readable buffer of at
* least \p keybits bits.
* least \p keybits bits.
* \param keybits The key size in bits. Valid options are:
* \param keybits The key size in bits. Valid options are:
...
@@ -108,7 +95,6 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
...
@@ -108,7 +95,6 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
* \return A cipher-specific error code on failure.
* \return A cipher-specific error code on failure.
*/
*/
int
mbedtls_gcm_setkey
(
mbedtls_gcm_context
*
ctx
,
int
mbedtls_gcm_setkey
(
mbedtls_gcm_context
*
ctx
,
mbedtls_cipher_id_t
cipher
,
const
unsigned
char
*
key
,
const
unsigned
char
*
key
,
unsigned
int
keybits
);
unsigned
int
keybits
);
...
@@ -302,18 +288,6 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
...
@@ -302,18 +288,6 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
*/
*/
void
mbedtls_gcm_free
(
mbedtls_gcm_context
*
ctx
);
void
mbedtls_gcm_free
(
mbedtls_gcm_context
*
ctx
);
#if defined(MBEDTLS_SELF_TEST)
/**
* \brief The GCM checkup routine.
*
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int
mbedtls_gcm_self_test
(
int
verbose
);
#endif
/* MBEDTLS_SELF_TEST */
#ifdef __cplusplus
#ifdef __cplusplus
}
}
#endif
#endif
...
...
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/platform_util.c
View file @
be1cf907
...
@@ -20,22 +20,11 @@
...
@@ -20,22 +20,11 @@
* This file is part of Mbed TLS (https://tls.mbed.org)
* This file is part of Mbed TLS (https://tls.mbed.org)
*/
*/
/*
* Ensure gmtime_r is available even with -std=c99; must be defined before
* config.h, which pulls in glibc's features.h. Harmless on other platforms.
*/
#if !defined(_POSIX_C_SOURCE)
#define _POSIX_C_SOURCE 200112L
#endif
#include "config.h"
#include "platform_util.h"
#include "platform_util.h"
#include <stddef.h>
#include <stddef.h>
#include <string.h>
#include <string.h>
#if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
/*
/*
* This implementation should never be optimized out by the compiler
* This implementation should never be optimized out by the compiler
*
*
...
@@ -68,5 +57,4 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
...
@@ -68,5 +57,4 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
{
{
memset_func
(
buf
,
0
,
len
);
memset_func
(
buf
,
0
,
len
);
}
}
#endif
/* MBEDTLS_PLATFORM_ZEROIZE_ALT */
mbed_aes_gcm/Implementations/crypto_aead/aes128k96n/ref/platform_util.h
View file @
be1cf907
...
@@ -25,8 +25,6 @@
...
@@ -25,8 +25,6 @@
#ifndef MBEDTLS_PLATFORM_UTIL_H
#ifndef MBEDTLS_PLATFORM_UTIL_H
#define MBEDTLS_PLATFORM_UTIL_H
#define MBEDTLS_PLATFORM_UTIL_H
#include "config.h"
#include <stddef.h>
#include <stddef.h>
#ifdef __cplusplus
#ifdef __cplusplus
...
@@ -34,9 +32,6 @@ extern "C" {
...
@@ -34,9 +32,6 @@ extern "C" {
#endif
#endif
#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
#define MBEDTLS_PARAM_FAILED_ALT
/* Internal macros meant to be called only from within the library. */
/* Internal macros meant to be called only from within the library. */
#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 )
#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 )
#define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 )
#define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 )
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment